;; Generated with r2dumpbin (https://github.com/mytbk/r2dumpbin)
;; f va @ 0xfffa0000
;; f fcn1 @ 0xfffb00f4
;; f fcn2 @ 0xfffb7fee
;; f fcn3 @ 0xfffb014c
;; f fcn4 @ 0xfffb7ea0
;; f fcn5 @ 0xfffb7ecd
;; f fcn6 @ 0xfffd2c4f

bits 32
extern mrc_printk
global mrc_entry

mrc_entry:
pushad
mov ebx, esp
mov eax, dword [ebx + 0x24]
mov esp, 0xff800000
push ebx
push eax
mov al, 1
out 0x80, al
cld
call fcn_fffa0024  ; call 0xfffa0024
pop ecx
pop ebx
mov esp, ebx
mov dword [ebx + 0x1c], eax
mov al, 2
out 0x80, al
popad
ret

fcn_fffa0024:
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x4c
mov eax, dword [ebp + 8]
mov eax, dword [eax]
cmp eax, 0x16
je short loc_fffa0050  ; je 0xfffa0050
push edx
push 0x16
push eax
push ref_fffd6246  ; push 0xfffd6246
call mrc_printk  ; call 0xfffb8212
add esp, 0x10
or eax, 0xffffffff
jmp near loc_fffa1e90  ; jmp 0xfffa1e90

loc_fffa0050:
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0xca]
mov dword [0xff7d0274], eax
push eax
push eax
push 0x270
push 0xff7d0004
call fcn_fffb067f  ; call 0xfffb067f
mov eax, dword [ebp + 8]
add esp, 0x10
mov dword [0xff7d0004], 0xfeaddeaf
mov dword [0xff7d0084], eax
cmp dword [eax + 8], 3
jne short loc_fffa00af  ; jne 0xfffa00af
cmp dword [eax + 0x8f6], 0
je short loc_fffa00af  ; je 0xfffa00af
sub esp, 0xc
push ref_fffd626a  ; push 0xfffd626a
call mrc_printk  ; call 0xfffb8212
add esp, 0x10
mov dword [0xff7d0080], 0x11
jmp short loc_fffa00b9  ; jmp 0xfffa00b9

loc_fffa00af:
mov dword [0xff7d0080], 6

loc_fffa00b9:
mov dword [0xff7d008c], ref_fffd68ac  ; mov dword [0xff7d008c], 0xfffd68ac
mov dword [0xff7d0178], 1
mov dword [0xff7d0028], fcn_fffc5b5d  ; mov dword [0xff7d0028], 0xfffc5b5d
mov dword [0xff7d0030], fcn_fffa5cc0  ; mov dword [0xff7d0030], 0xfffa5cc0
mov dword [0xff7d0034], fcn_fffa5cb1  ; mov dword [0xff7d0034], 0xfffa5cb1
mov dword [0xff7d0038], fcn_fffb00f4  ; mov dword [0xff7d0038], 0xfffb00f4
mov dword [0xff7d003c], fcn_fffb7fee  ; mov dword [0xff7d003c], 0xfffb7fee
mov dword [0xff7d002c], fcn_fffb014c  ; mov dword [0xff7d002c], 0xfffb014c
mov dword [0xff7d0020], fcn_fffc5aaf  ; mov dword [0xff7d0020], 0xfffc5aaf
mov dword [0xff7d0054], fcn_fffb6341  ; mov dword [0xff7d0054], 0xfffb6341
mov dword [0xff7d0058], fcn_fffb01f8  ; mov dword [0xff7d0058], 0xfffb01f8
mov dword [0xff7d007c], fcn_fffa5caa  ; mov dword [0xff7d007c], 0xfffa5caa
mov dword [0xff7d0278], 0xff7d0008
mov dword [0xff7d0000], 0xff7d0278
call fcn_fffb0201  ; call 0xfffb0201
sub esp, 0xc
mov eax, dword [eax]
push 0
call dword [eax + 0x74]  ; ucall
mov edx, dword [0xff7d0278]
add esp, 0x10
mov dword [edx + 0x60], ref_fffd6388  ; mov dword [edx + 0x60], 0xfffd6388
cmp eax, 0x80000014
je short loc_fffa017b  ; je 0xfffa017b
sub esp, 0xc
push ref_fffd637c  ; push 0xfffd637c
call fcn_fffb0585  ; call 0xfffb0585
add esp, 0x10

loc_fffa017b:
sub esp, 0xc
push ref_fffd627a  ; push 0xfffd627a
call mrc_printk  ; call 0xfffb8212
mov esi, dword [0xff7d0084]
call fcn_fffb91ff  ; call 0xfffb91ff
mov dword [esp], 0x5ac
mov dword [ebp - 0x2c], eax
call fcn_fffb8e87  ; call 0xfffb8e87
add esp, 0x10
mov ebx, eax
test eax, eax
je loc_fffa0f05  ; je 0xfffa0f05
sub esp, 0xc
push 0xc
call fcn_fffb8e87  ; call 0xfffb8e87
add esp, 0x10
mov dword [ebp - 0x38], eax
test eax, eax
je loc_fffa0f05  ; je 0xfffa0f05
mov dword [eax], 0x80000010
xor edi, edi
mov dword [eax + 4], ref_fffd6880  ; mov dword [eax + 4], 0xfffd6880
mov dword [eax + 8], ebx
mov byte [ebx], 0xc
mov byte [ebx + 1], 0
mov dword [ebx + 4], 0xfed1c000
mov eax, dword [esi + 0x2a]
mov word [ebx + 8], ax
mov eax, dword [esi + 0x2e]
mov byte [ebx + 0xc], 0
mov byte [ebx + 0x37e], 0
mov byte [ebx + 0x370], 1
mov word [ebx + 0xa], ax
mov byte [ebx + 0x1da], 1
mov byte [ebx + 0x386], 1
mov ax, word [esi + 0x18]
or byte [ebx + 0x45e], 1
or byte [ebx + 0x49e], 0x80
and byte [ebx + 0x486], 0xfe
or byte [ebx + 0x412], 0xf
mov word [ebx + 0x388], ax
mov byte [ebx + 0x3a], 0
mov byte [ebx + 0x496], 1
mov byte [ebx + 0x497], 1
mov byte [ebx + 0x498], 1
mov byte [ebx + 0x499], 1
mov byte [ebx + 0x49a], 1
mov byte [ebx + 0x49b], 1
mov byte [ebx + 0x49c], 1
mov byte [ebx + 0x49d], 1
or byte [ebx + 0x419], 0xc0
or byte [ebx + 0x41e], 2
or byte [ebx + 0x424], 0x40
mov byte [ebx + 0x43c], 1

loc_fffa0294:
call fcn_fffb91ff  ; call 0xfffb91ff
cmp eax, 1
je short loc_fffa02a9  ; je 0xfffa02a9
cmp eax, 2
sete al
shl eax, 2
jmp short loc_fffa02ab  ; jmp 0xfffa02ab

loc_fffa02a9:
mov al, 6

loc_fffa02ab:
movzx eax, al
cmp edi, eax
jae short loc_fffa02c0  ; jae 0xfffa02c0
imul eax, edi, 0x12
inc edi
or byte [ebx + eax + 0x1e1], 0x40
jmp short loc_fffa0294  ; jmp 0xfffa0294

loc_fffa02c0:
mov al, byte [ebx + 0x436]
xor edx, edx
and byte [ebx + 0x426], 0xfe
or byte [ebx + 0x432], 7
or eax, 3
and eax, 0xfffffffb
mov word [ebx + 0x43a], 0
mov byte [ebx + 0x436], al
mov byte [ebx + 0x1a8], 1

loc_fffa02f2:
mov dword [ebp - 0x30], edx
call fcn_fffb93ca  ; call 0xfffb93ca
mov edx, dword [ebp - 0x30]
cmp dl, al
jae short loc_fffa032a  ; jae 0xfffa032a
movzx eax, dl
imul eax, eax, 0x2c
add eax, ebx
mov cl, byte [eax + 0x46]
mov byte [eax + 0x4f], dl
mov byte [eax + 0x50], dl
inc edx
mov byte [eax + 0x56], 4
or ecx, 5
and ecx, 0x7f
mov byte [eax + 0x57], 3
mov byte [eax + 0x4e], 0
mov byte [eax + 0x46], cl
jmp short loc_fffa02f2  ; jmp 0xfffa02f2

loc_fffa032a:
or byte [ebx + 0x17a], 8
sub esp, 0xc
and byte [ebx + 0x1aa], 0xfe
mov byte [ebx + 0x1a6], 0
mov byte [ebx + 0x1a7], 0
mov byte [ebx + 0x1a9], 1
push 0xc
call fcn_fffb8e87  ; call 0xfffb8e87
add esp, 0x10
test eax, eax
je short loc_fffa037e  ; je 0xfffa037e
sub esp, 0xc
mov dword [eax], 0x80000010
mov dword [eax + 4], ref_fffd63e8  ; mov dword [eax + 4], 0xfffd63e8
mov dword [eax + 8], ref_fffd6490  ; mov dword [eax + 8], 0xfffd6490
push eax
call fcn_fffb0585  ; call 0xfffb0585
add esp, 0x10

loc_fffa037e:
mov dword [ebx + 0x1db], 1
xor edi, edi

loc_fffa038a:
call fcn_fffb91ff  ; call 0xfffb91ff
cmp eax, 1
je short loc_fffa03a1  ; je 0xfffa03a1
cmp eax, 2
jne loc_fffa042d  ; jne 0xfffa042d
mov al, 4
jmp short loc_fffa03a3  ; jmp 0xfffa03a3

loc_fffa03a1:
mov al, 6

loc_fffa03a3:
mov ecx, edi
cmp cl, al
jae loc_fffa042d  ; jae 0xfffa042d
mov eax, edi
inc edi
movzx eax, al
imul eax, eax, 0x12
add eax, ebx
mov cl, byte [eax + 0x1e1]
lea edx, [eax + 0x1da]
mov byte [eax + 0x1df], 0x71
mov byte [eax + 0x1e0], 0x1f
mov byte [eax + 0x1e4], 1
and ecx, 0xffffffc0
or ecx, 0x27
mov byte [eax + 0x1e1], cl
mov byte [eax + 0x1e6], 1
mov byte [eax + 0x1e8], 1
mov byte [eax + 0x1e3], 0
mov byte [eax + 0x1e5], 0
mov byte [eax + 0x1e7], 0
mov byte [eax + 0x1e9], 0
mov byte [eax + 0x1ea], 0
mov byte [eax + 0x1eb], 0
mov byte [eax + 0x1ec], 0
and byte [edx + 0x13], 0xf0
jmp near loc_fffa038a  ; jmp 0xfffa038a

loc_fffa042d:
mov al, byte [ebx + 0x24c]
mov byte [ebx + 0x24b], 0x7e
mov byte [ebx + 0x253], 0
mov byte [ebx + 0x255], 1
or eax, 0x1e
and eax, 0xfffffffe
mov byte [ebx + 0x24c], al
lea eax, [ebx + 0x38e]
mov byte [ebx + 0x254], 0
mov dword [ebx + 0x24f], 0
mov byte [ebx + 0x257], 0
mov byte [ebx + 0x258], 0
mov byte [ebx + 0x259], 0
mov byte [ebx + 0x25a], 0
mov byte [ebx + 0x25b], 0x64
mov byte [ebx + 0x38d], 4
push edi
xor edi, edi
push 4
push ref_fffd648c  ; push 0xfffd648c
push eax
call fcn_fffb01dc  ; call 0xfffb01dc
mov word [ebx + 0x36], 0x8086
mov word [ebx + 0x38], 0x7270
mov byte [ebx + 0x3b], 0
mov byte [ebx + 0x360], 2
mov byte [ebx + 0x361], 0
mov byte [ebx + 0x362], 1
mov byte [ebx + 0x35c], 1
mov byte [ebx + 0x35d], 0xf0
mov byte [ebx + 0x35e], 0x1f
mov byte [ebx + 0x35f], 0
mov eax, dword [esi + 0xc]
mov word [ebx + 0x22], 0xd000
mov word [ebx + 0x24], 0x10
mov byte [ebx + 0x11], al
mov eax, dword [esi + 0x32]
mov dword [ebx + 0x1e], 0x10000
mov byte [ebx + 0x18], 2
mov byte [ebx + 0x19], 6
mov dword [ebx + 0x1a], eax
mov esi, dword [0xff7d0084]
mov byte [ebx + 0x371], 0
mov word [ebx + 0x374], 0x12c
mov byte [ebx + 0x372], 1
mov byte [ebx + 0x373], 0
call fcn_fffb91ff  ; call 0xfffb91ff
mov dword [ebp - 0x30], eax
mov eax, dword [0xff7d0084]
mov eax, dword [eax + 0x14]
add eax, 0xf8002
mov dword [esp], eax
call fcn_fffb3e49  ; call 0xfffb3e49
add esp, 0x10
mov byte [ebx + 0x284], 0
mov byte [ebx + 0x28c], 0
mov byte [ebx + 0x295], 1
mov byte [ebx + 0x294], 1
mov byte [ebx + 0x297], 0
mov ecx, eax
mov byte [ebx + 0x296], 1

loc_fffa057d:
mov dword [ebp - 0x34], ecx
call fcn_fffb9393  ; call 0xfffb9393
mov ecx, dword [ebp - 0x34]
movzx eax, al
cmp edi, eax
jae short loc_fffa059a  ; jae 0xfffa059a
mov byte [ebx + edi + 0x298], 0
inc edi
jmp short loc_fffa057d  ; jmp 0xfffa057d

loc_fffa059a:
xor edi, edi

loc_fffa059c:
mov dword [ebp - 0x34], ecx
call fcn_fffb936a  ; call 0xfffb936a
mov ecx, dword [ebp - 0x34]
movzx eax, al
cmp edi, eax
jae short loc_fffa05b9  ; jae 0xfffa05b9
mov byte [ebx + edi + 0x2a6], 0
inc edi
jmp short loc_fffa059c  ; jmp 0xfffa059c

loc_fffa05b9:
mov byte [ebx + 0x2ac], 0
mov byte [ebx + 0x285], 0
mov byte [ebx + 0x28d], 0
mov byte [ebx + 0x339], 0
mov byte [ebx + 0x338], 1
mov al, byte [esi + 0x5c]
mov byte [ebx + 0x2b0], al
mov al, byte [esi + 0x61]
mov byte [ebx + 0x2b8], al
mov al, byte [esi + 0x66]
mov byte [ebx + 0x2c0], al
mov al, byte [esi + 0x6b]
mov byte [ebx + 0x2c8], al
mov al, byte [esi + 0x70]
mov byte [ebx + 0x2d0], al
mov al, byte [esi + 0x75]
mov byte [ebx + 0x2d8], al
mov al, byte [esi + 0x7a]
mov byte [ebx + 0x2e0], al
mov al, byte [esi + 0x7f]
mov byte [ebx + 0x2e8], al
mov al, byte [esi + 0x84]
mov byte [ebx + 0x2f0], al
mov al, byte [esi + 0x89]
mov byte [ebx + 0x2f8], al
mov al, byte [esi + 0x8e]
mov byte [ebx + 0x300], al
mov al, byte [esi + 0x93]
mov byte [ebx + 0x308], al
mov al, byte [esi + 0x98]
mov byte [ebx + 0x310], al
mov al, byte [esi + 0x9d]
mov byte [ebx + 0x318], al
mov al, byte [esi + 0xa0]
mov byte [ebx + 0x320], al
mov al, byte [esi + 0xa3]
mov byte [ebx + 0x324], al
mov al, byte [esi + 0xa6]
mov byte [ebx + 0x328], al
mov al, byte [esi + 0xa9]
mov byte [ebx + 0x32c], al
mov al, byte [esi + 0xac]
mov byte [ebx + 0x330], al
mov al, byte [esi + 0xaf]
mov byte [ebx + 0x334], al
mov al, byte [esi + 0x5d]
mov byte [ebx + 0x2b1], al
mov al, byte [esi + 0x62]
mov byte [ebx + 0x2b9], al
mov al, byte [esi + 0x67]
mov byte [ebx + 0x2c1], al
mov al, byte [esi + 0x6c]
mov byte [ebx + 0x2c9], al
mov al, byte [esi + 0x71]
mov byte [ebx + 0x2d1], al
mov al, byte [esi + 0x76]
mov byte [ebx + 0x2d9], al
mov al, byte [esi + 0x7b]
mov byte [ebx + 0x2e1], al
mov al, byte [esi + 0x80]
mov byte [ebx + 0x2e9], al
mov al, byte [esi + 0x85]
mov byte [ebx + 0x2f1], al
mov al, byte [esi + 0x8a]
mov byte [ebx + 0x2f9], al
mov al, byte [esi + 0x8f]
mov byte [ebx + 0x301], al
mov al, byte [esi + 0x94]
mov byte [ebx + 0x309], al
mov al, byte [esi + 0x99]
mov byte [ebx + 0x311], al
mov al, byte [esi + 0x9e]
mov byte [ebx + 0x319], al
mov al, byte [esi + 0xa1]
mov byte [ebx + 0x321], al
mov al, byte [esi + 0xa4]
mov byte [ebx + 0x325], al
mov al, byte [esi + 0xa7]
mov byte [ebx + 0x329], al
mov al, byte [esi + 0xaa]
mov byte [ebx + 0x32d], al
mov al, byte [esi + 0xad]
mov byte [ebx + 0x331], al
mov al, byte [esi + 0xb0]
mov byte [ebx + 0x335], al
mov ax, word [esi + 0x5a]
mov word [ebx + 0x2b4], ax
mov ax, word [esi + 0x5f]
mov word [ebx + 0x2bc], ax
mov ax, word [esi + 0x64]
mov word [ebx + 0x2c4], ax
mov ax, word [esi + 0x69]
mov word [ebx + 0x2cc], ax
mov ax, word [esi + 0x6e]
mov word [ebx + 0x2d4], ax
mov ax, word [esi + 0x73]
mov word [ebx + 0x2dc], ax
mov ax, word [esi + 0x78]
mov word [ebx + 0x2e4], ax
mov ax, word [esi + 0x7d]
mov word [ebx + 0x2ec], ax
mov ax, word [esi + 0x82]
mov word [ebx + 0x2f4], ax
mov ax, word [esi + 0x87]
mov word [ebx + 0x2fc], ax
mov ax, word [esi + 0x8c]
mov word [ebx + 0x304], ax
mov ax, word [esi + 0x91]
mov word [ebx + 0x30c], ax
mov ax, word [esi + 0x96]
mov word [ebx + 0x314], ax
mov ax, word [esi + 0x9b]
mov word [ebx + 0x31c], ax
mov al, byte [esi + 0xa2]
mov byte [ebx + 0x322], al
mov al, byte [esi + 0xa5]
mov byte [ebx + 0x326], al
mov al, byte [esi + 0xa8]
mov byte [ebx + 0x32a], al
mov al, byte [esi + 0xab]
mov byte [ebx + 0x32e], al
mov al, byte [esi + 0xae]
mov byte [ebx + 0x332], al
mov al, byte [esi + 0xb1]
mov byte [ebx + 0x336], al
mov al, byte [esi + 0x5e]
mov byte [ebx + 0x2b6], al
mov al, byte [esi + 0x63]
mov byte [ebx + 0x2be], al
mov al, byte [esi + 0x68]
mov byte [ebx + 0x2c6], al
mov al, byte [esi + 0x6d]
mov byte [ebx + 0x2ce], al
mov al, byte [esi + 0x72]
mov byte [ebx + 0x2d6], al
mov al, byte [esi + 0x77]
mov byte [ebx + 0x2de], al
mov al, byte [esi + 0x7c]
cmp dword [ebp - 0x30], 1
mov byte [ebx + 0x2e6], al
mov al, byte [esi + 0x81]
mov byte [ebx + 0x2ee], al
mov al, byte [esi + 0x86]
mov byte [ebx + 0x2f6], al
mov al, byte [esi + 0x8b]
mov byte [ebx + 0x2fe], al
mov al, byte [esi + 0x90]
mov byte [ebx + 0x306], al
mov al, byte [esi + 0x95]
mov byte [ebx + 0x30e], al
mov al, byte [esi + 0x9a]
mov byte [ebx + 0x316], al
mov al, byte [esi + 0x9f]
mov byte [ebx + 0x31e], al
jne loc_fffa0a97  ; jne 0xfffa0a97
mov eax, ecx
and al, 0x7d
cmp ax, 0x8c44
je short loc_fffa093e  ; je 0xfffa093e
cmp cx, 0x8c4c
sete dl
cmp cx, 0x8c4a
sete al
or dl, al
je short loc_fffa0948  ; je 0xfffa0948

loc_fffa093e:
lea edi, [ebx + 0x2b3]
xor edx, edx
jmp short loc_fffa09a6  ; jmp 0xfffa09a6

loc_fffa0948:
cmp cx, 0x8c50
sete dl
cmp cx, 0x8c4e
sete al
or dl, al
jne short loc_fffa093e  ; jne 0xfffa093e
cmp cx, 0x8c42
sete dl
cmp cx, 0x8c5c
sete al
or dl, al
jne short loc_fffa093e  ; jne 0xfffa093e
cmp cx, 0x8cc2
jne short loc_fffa09bf  ; jne 0xfffa09bf
jmp short loc_fffa093e  ; jmp 0xfffa093e

loc_fffa0979:
cmp byte [edi + 3], 1
sbb eax, eax
not eax
add eax, 4
cmp byte [edi + 3], 0
mov byte [edi - 1], al
jne short loc_fffa09ba  ; jne 0xfffa09ba
mov ax, word [edi + 1]
cmp ax, 0x7f
jbe short loc_fffa09ba  ; jbe 0xfffa09ba
cmp ax, 0x130
sbb eax, eax
add eax, 4
mov byte [edi], al

loc_fffa09a2:
inc edx
add edi, 8

loc_fffa09a6:
mov dword [ebp - 0x30], edx
call fcn_fffb9393  ; call 0xfffb9393
mov edx, dword [ebp - 0x30]
movzx eax, al
cmp edx, eax
jb short loc_fffa0979  ; jb 0xfffa0979
jmp short loc_fffa0a0e  ; jmp 0xfffa0a0e

loc_fffa09ba:
mov byte [edi], 2
jmp short loc_fffa09a2  ; jmp 0xfffa09a2

loc_fffa09bf:
cmp cx, 0x8c4f
sete dl
cmp cx, 0x8c49
sete al
or dl, al
jne short loc_fffa0a2d  ; jne 0xfffa0a2d
cmp cx, 0x8c41
sete dl
cmp cx, 0x8c4b
sete al
or dl, al
jne short loc_fffa0a2d  ; jne 0xfffa0a2d
lea eax, [ecx + 0x63bf]
cmp ax, 6
jbe short loc_fffa0a2d  ; jbe 0xfffa0a2d
cmp cx, 0x8cc5
sete dl
cmp cx, 0x8cc3
sete al
or dl, al
jne short loc_fffa0a2d  ; jne 0xfffa0a2d
cmp cx, 0x8cc1
je short loc_fffa0a2d  ; je 0xfffa0a2d

loc_fffa0a0e:
cmp dword [esi + 0x10], 0
je loc_fffa0be7  ; je 0xfffa0be7
mov byte [ebx + 0x284], 1
xor edi, edi
mov byte [ebx + 0x297], 1
jmp near loc_fffa0ba9  ; jmp 0xfffa0ba9

loc_fffa0a2d:
lea edi, [ebx + 0x2b3]
xor edx, edx
jmp short loc_fffa0a49  ; jmp 0xfffa0a49

loc_fffa0a37:
mov al, byte [edi + 3]
cmp al, 5
jne short loc_fffa0a5d  ; jne 0xfffa0a5d
mov byte [edi - 1], 5

loc_fffa0a42:
mov byte [edi], 2

loc_fffa0a45:
inc edx
add edi, 8

loc_fffa0a49:
mov dword [ebp - 0x30], edx
call fcn_fffb9393  ; call 0xfffb9393
mov edx, dword [ebp - 0x30]
movzx eax, al
cmp edx, eax
jb short loc_fffa0a37  ; jb 0xfffa0a37
jmp short loc_fffa0a0e  ; jmp 0xfffa0a0e

loc_fffa0a5d:
cmp al, 2
jne short loc_fffa0a67  ; jne 0xfffa0a67
mov byte [edi - 1], 4
jmp short loc_fffa0a7c  ; jmp 0xfffa0a7c

loc_fffa0a67:
cmp word [edi + 1], 0x70
sbb ecx, ecx
add ecx, 6
mov byte [edi - 1], cl
cmp al, 5
je short loc_fffa0a42  ; je 0xfffa0a42
cmp al, 2
jne short loc_fffa0a88  ; jne 0xfffa0a88

loc_fffa0a7c:
cmp word [edi + 1], 0x50
sbb eax, eax
add eax, 2
jmp short loc_fffa0a93  ; jmp 0xfffa0a93

loc_fffa0a88:
cmp word [edi + 1], 0x100
sbb eax, eax
add eax, 3

loc_fffa0a93:
mov byte [edi], al
jmp short loc_fffa0a45  ; jmp 0xfffa0a45

loc_fffa0a97:
cmp dword [ebp - 0x30], 2
jne loc_fffa0a0e  ; jne 0xfffa0a0e
lea eax, [ecx + 0x63bf]
mov word [ebp - 0x3c], ax
lea eax, [ecx + 0x633f]
lea edi, [ebx + 0x2b3]
mov dword [ebp - 0x30], 0
mov word [ebp - 0x40], ax

loc_fffa0ac2:
mov dword [ebp - 0x34], ecx
call fcn_fffb9393  ; call 0xfffb9393
mov ecx, dword [ebp - 0x34]
movzx eax, al
cmp dword [ebp - 0x30], eax
jae loc_fffa0a0e  ; jae 0xfffa0a0e
cmp word [ebp - 0x3c], 6
ja short loc_fffa0b0f  ; ja 0xfffa0b0f
mov al, byte [edi + 3]
mov dl, al
cmp al, 3
mov byte [ebp - 0x34], al
sete al
test dl, dl
sete dl
or al, dl
je short loc_fffa0b02  ; je 0xfffa0b02
cmp word [edi + 1], 0x70
sbb eax, eax
add eax, 6
jmp short loc_fffa0b0c  ; jmp 0xfffa0b0c

loc_fffa0b02:
cmp byte [ebp - 0x34], 2
setne al
add eax, 4

loc_fffa0b0c:
mov byte [edi - 1], al

loc_fffa0b0f:
cmp word [ebp - 0x40], 2
setbe dl
cmp cx, 0x9cc5
sete al
or dl, al
jne short loc_fffa0b5c  ; jne 0xfffa0b5c
lea eax, [ecx + 0x633a]
cmp ax, 1
setbe dl
cmp cx, 0x9cc9
sete al
or dl, al
jne short loc_fffa0b5c  ; jne 0xfffa0b5c
cmp cx, 0x9cc8
sete dl
cmp cx, 0x9cc4
sete al
or dl, al
jne short loc_fffa0b5c  ; jne 0xfffa0b5c
lea eax, [ecx + 0x6336]
cmp ax, 1
ja short loc_fffa0b60  ; ja 0xfffa0b60

loc_fffa0b5c:
mov byte [edi - 1], 6

loc_fffa0b60:
mov al, byte [edi + 3]
cmp al, 3
sete dl
test al, al
mov byte [ebp - 0x34], al
sete al
or al, dl
jne short loc_fffa0b7a  ; jne 0xfffa0b7a
cmp byte [ebp - 0x34], 7
jne short loc_fffa0b87  ; jne 0xfffa0b87

loc_fffa0b7a:
cmp word [edi + 1], 0x100
sbb eax, eax
add eax, 3
jmp short loc_fffa0b97  ; jmp 0xfffa0b97

loc_fffa0b87:
cmp byte [ebp - 0x34], 2
jne short loc_fffa0b9b  ; jne 0xfffa0b9b
cmp word [edi + 1], 0x50
sbb eax, eax
add eax, 2

loc_fffa0b97:
mov byte [edi], al
jmp short loc_fffa0b9e  ; jmp 0xfffa0b9e

loc_fffa0b9b:
mov byte [edi], 2

loc_fffa0b9e:
inc dword [ebp - 0x30]
add edi, 8
jmp near loc_fffa0ac2  ; jmp 0xfffa0ac2

loc_fffa0ba9:
call fcn_fffb9393  ; call 0xfffb9393
movzx eax, al
cmp edi, eax
jae short loc_fffa0bc0  ; jae 0xfffa0bc0
mov byte [ebx + edi + 0x298], 1
inc edi
jmp short loc_fffa0ba9  ; jmp 0xfffa0ba9

loc_fffa0bc0:
mov byte [ebx + 0x299], 0
xor edi, edi

loc_fffa0bc9:
call fcn_fffb936a  ; call 0xfffb936a
movzx eax, al
cmp edi, eax
jae short loc_fffa0be0  ; jae 0xfffa0be0
mov byte [ebx + edi + 0x2a6], 1
inc edi
jmp short loc_fffa0bc9  ; jmp 0xfffa0bc9

loc_fffa0be0:
mov byte [ebx + 0x2a7], 0

loc_fffa0be7:
xor edi, edi

loc_fffa0be9:
call fcn_fffb936a  ; call 0xfffb936a
movzx eax, al
cmp edi, eax
jae loc_fffa0cc3  ; jae 0xfffa0cc3
mov dl, byte [esi + edi + 0xb2]
mov al, byte [ebx + edi*8 + 0x580]
test dl, dl
je short loc_fffa0c17  ; je 0xfffa0c17
mov byte [ebx + edi*8 + 0x57c], dl
or eax, 1
jmp short loc_fffa0c22  ; jmp 0xfffa0c22

loc_fffa0c17:
mov byte [ebx + edi*8 + 0x57c], 0
and eax, 0xfffffffe

loc_fffa0c22:
mov byte [ebx + edi*8 + 0x580], al
mov dl, byte [esi + edi + 0xb8]
mov al, byte [ebx + edi*8 + 0x580]
test dl, dl
je short loc_fffa0c47  ; je 0xfffa0c47
mov byte [ebx + edi*8 + 0x57d], dl
or eax, 2
jmp short loc_fffa0c52  ; jmp 0xfffa0c52

loc_fffa0c47:
mov byte [ebx + edi*8 + 0x57d], 0
and eax, 0xfffffffd

loc_fffa0c52:
mov byte [ebx + edi*8 + 0x580], al
mov dl, byte [esi + edi + 0xbe]
mov al, byte [ebx + edi*8 + 0x580]
test dl, dl
je short loc_fffa0c77  ; je 0xfffa0c77
mov byte [ebx + edi*8 + 0x57e], dl
or eax, 4
jmp short loc_fffa0c82  ; jmp 0xfffa0c82

loc_fffa0c77:
mov byte [ebx + edi*8 + 0x57e], 0
and eax, 0xfffffffb

loc_fffa0c82:
mov byte [ebx + edi*8 + 0x580], al
mov dl, byte [esi + edi + 0xc4]
mov al, byte [ebx + edi*8 + 0x580]
test dl, dl
je short loc_fffa0cab  ; je 0xfffa0cab
lea edx, [edx + edx + 1]
or eax, 8
mov byte [ebx + edi*8 + 0x57f], dl
jmp short loc_fffa0cb6  ; jmp 0xfffa0cb6

loc_fffa0cab:
mov byte [ebx + edi*8 + 0x57f], 0
and eax, 0xfffffff7

loc_fffa0cb6:
mov byte [ebx + edi*8 + 0x580], al
inc edi
jmp near loc_fffa0be9  ; jmp 0xfffa0be9

loc_fffa0cc3:
mov al, byte [ebx + 0x40e]
or eax, 3
and eax, 0xffffffc3
mov byte [ebx + 0x40e], al
xor eax, eax

loc_fffa0cd7:
and byte [ebx + eax*8 + 0x554], 0xfc
mov word [ebx + eax*8 + 0x558], 0
mov word [ebx + eax*8 + 0x55a], 0
inc eax
cmp eax, 5
jne short loc_fffa0cd7  ; jne 0xfffa0cd7
mov al, byte [ebx + 0x46a]
xor edx, edx
mov byte [ebx + 0x364], 1
mov dword [ebx + 0x368], 0xfed00000
mov byte [ebx + 0x36c], 1
and eax, 0xffffffb0
or eax, 0x49
mov byte [ebx + 0x365], 0xf0
mov byte [ebx + 0x366], 0xf
mov byte [ebx + 0x367], 0
mov byte [ebx + 0x476], 1
mov dword [ebx + 0x47e], 0
mov dword [ebx + 0x47a], 1
mov byte [ebx + 0x46a], al
mov byte [ebx + 0x37f], 0
mov byte [ebx + 0x256], 1

loc_fffa0d63:
mov dword [ebp - 0x30], edx
call fcn_fffb93ca  ; call 0xfffb93ca
mov edx, dword [ebp - 0x30]
cmp dl, al
jae short loc_fffa0d80  ; jae 0xfffa0d80
movzx eax, dl
inc edx
imul eax, eax, 0x2c
mov byte [ebx + eax + 0x58], 1
jmp short loc_fffa0d63  ; jmp 0xfffa0d63

loc_fffa0d80:
and byte [ebx + 0x45e], 0xf7
xor edx, edx

loc_fffa0d89:
mov dword [ebp - 0x30], edx
call fcn_fffb93ca  ; call 0xfffb93ca
mov edx, dword [ebp - 0x30]
cmp dl, al
jae short loc_fffa0dfa  ; jae 0xfffa0dfa
cmp dword [ebp - 0x2c], 2
movzx eax, dl
jne short loc_fffa0db6  ; jne 0xfffa0db6
imul eax, eax, 0x2c
lea eax, [ebx + eax + 0x50]
mov word [eax + 0xa], 0x1003
mov word [eax + 0xc], 0x1003
jmp short loc_fffa0dcf  ; jmp 0xfffa0dcf

loc_fffa0db6:
cmp dword [ebp - 0x2c], 1
jne short loc_fffa0dcf  ; jne 0xfffa0dcf
imul eax, eax, 0x2c
lea eax, [ebx + eax + 0x50]
mov word [eax + 0xa], 0x846
mov word [eax + 0xc], 0x846

loc_fffa0dcf:
movzx eax, dl
inc edx
imul eax, eax, 0x2c
add eax, ebx
mov byte [eax + 0x59], 0
mov byte [eax + 0x5e], 2
mov byte [eax + 0x5f], 2
mov word [eax + 0x60], 0x3c
mov byte [eax + 0x62], 2
mov byte [eax + 0x63], 2
mov word [eax + 0x64], 0x3c
jmp short loc_fffa0d89  ; jmp 0xfffa0d89

loc_fffa0dfa:
mov al, byte [ebx + 0x446]
or byte [ebx + 0x442], 7
and byte [ebx + 0x45e], 0xf9
and eax, 0xffffffcc
or eax, 0xc
mov byte [ebx + 0x446], al
mov al, byte [ebx + 0x486]
mov dword [ebx + 0x44a], 0
mov dword [ebx + 0x44e], 2
mov dword [ebx + 0x452], 4
and eax, 1
or eax, 0x32
mov byte [ebx + 0x486], al
mov al, byte [ebx + 0x49e]
mov dword [ebx + 0x456], 3
mov dword [ebx + 0x45a], 3
mov byte [ebx + 0x462], 4
or eax, 1
and eax, 0xffffffbd
mov byte [ebx + 0x49e], al
xor eax, eax
mov byte [ebx + 0x10], 0xdd

loc_fffa0e7d:
mov dword [ebx + eax*4 + 0x1ba], 0
inc eax
cmp eax, 8
jne short loc_fffa0e7d  ; jne 0xfffa0e7d
cmp dword [ebp - 0x2c], 2
lea eax, [ebx + 0x4de]
lea esi, [ebx + 0x527]
jne short loc_fffa0ec8  ; jne 0xfffa0ec8
mov byte [ebx + 0x526], 5
push ecx
push 0x28
push ref_fffd6464  ; push 0xfffd6464
push eax
call fcn_fffb01dc  ; call 0xfffb01dc
add esp, 0xc
mov byte [ebx + 0x553], 9
push 0x24
push ref_fffd6440  ; push 0xfffd6440
jmp short loc_fffa0eee  ; jmp 0xfffa0eee

loc_fffa0ec8:
mov byte [ebx + 0x526], 6
push edx
push 0x30
push ref_fffd6410  ; push 0xfffd6410
push eax
call fcn_fffb01dc  ; call 0xfffb01dc
add esp, 0xc
mov byte [ebx + 0x553], 6
push 0x18
push ref_fffd63f8  ; push 0xfffd63f8

loc_fffa0eee:
push esi
call fcn_fffb01dc  ; call 0xfffb01dc
add esp, 0x10
sub esp, 0xc
push dword [ebp - 0x38]
call fcn_fffb0585  ; call 0xfffb0585
add esp, 0x10

loc_fffa0f05:
sub esp, 0xc
push 0x15
call fcn_fffb8e87  ; call 0xfffb8e87
add esp, 0x10
mov edi, eax
test eax, eax
je loc_fffa10b8  ; je 0xfffa10b8
sub esp, 0xc
push 0xc
call fcn_fffb8e87  ; call 0xfffb8e87
add esp, 0x10
mov dword [ebp - 0x2c], eax
test eax, eax
je loc_fffa10b8  ; je 0xfffa10b8
sub esp, 0xc
push 5
call fcn_fffb8e87  ; call 0xfffb8e87
add esp, 0x10
test eax, eax
mov dword [ebp - 0x34], eax
je loc_fffa10b8  ; je 0xfffa10b8
sub esp, 0xc
push 0xc
call fcn_fffb8e87  ; call 0xfffb8e87
add esp, 0x10
test eax, eax
mov dword [ebp - 0x30], eax
je loc_fffa10b8  ; je 0xfffa10b8
sub esp, 0xc
push 0x1d
call fcn_fffb8e87  ; call 0xfffb8e87
add esp, 0x10
mov ebx, eax
test eax, eax
je loc_fffa10b8  ; je 0xfffa10b8
sub esp, 0xc
push 0x13
call fcn_fffb8e87  ; call 0xfffb8e87
add esp, 0x10
mov esi, eax
test eax, eax
je loc_fffa10b8  ; je 0xfffa10b8
mov edx, dword [ebp - 0x34]
mov ecx, dword [ebp - 0x30]
mov byte [edi], 0xa
mov dword [edi + 1], edx
mov dword [edi + 9], ecx
mov dword [ecx], 0
mov eax, dword [edi + 9]
mov dword [eax + 4], 0
mov dword [edi + 5], ebx
mov dword [edi + 0xd], esi
mov dword [edi + 0x11], edi
mov byte [edx + 3], 0x3f
mov byte [edx + 4], 0x3f
mov byte [edx + 2], 0
mov byte [edx], 0x62
mov byte [ebx + 6], 0
mov byte [ebx + 7], 0
mov byte [ebx + 8], 0
mov byte [ebx + 9], 0
mov byte [ebx + 1], 0
mov word [ebx + 2], 0
mov byte [ebx + 4], 0
mov byte [ebx + 5], 0
mov byte [ebx], 0
mov word [ebx + 0x11], 0x200
mov byte [ebx + 0x13], 0
mov word [ebx + 0x14], 0
mov byte [ebx + 0xa], 0
mov byte [ebx + 0xb], 1
mov byte [ebx + 0xc], 0
mov byte [ebx + 0xd], 1
call fcn_fffa67af  ; call 0xfffa67af
cmp eax, 0x40650
jne short loc_fffa103c  ; jne 0xfffa103c

loc_fffa101a:
mov byte [ebx + 0xe], 1
call fcn_fffa67af  ; call 0xfffa67af
mov byte [ebx + 0x10], 0
mov byte [ebx + 0x16], 1
cmp eax, 0x306d0
setne al
lea eax, [eax + eax*4 + 0x6a]
mov byte [ebx + 0xf], al
jmp short loc_fffa1048  ; jmp 0xfffa1048

loc_fffa103c:
call fcn_fffa67af  ; call 0xfffa67af
cmp eax, 0x306d0
je short loc_fffa101a  ; je 0xfffa101a

loc_fffa1048:
mov eax, dword [ebp - 0x2c]
sub esp, 0xc
mov byte [ebx + 0x17], 0x14
mov byte [ebx + 0x18], 5
mov byte [ebx + 0x19], 1
mov byte [ebx + 0x1a], 0
mov byte [ebx + 0x1b], 0
mov byte [ebx + 0x1c], 0
mov word [esi], 0
mov word [esi + 2], 0
mov word [esi + 4], 0
mov word [esi + 6], 0
mov word [esi + 8], 0
mov word [esi + 0xa], 0
mov word [esi + 0xc], 0
mov word [esi + 0xe], 0
mov word [esi + 0x10], 0
mov byte [esi + 0x12], 0
mov dword [eax], 0x80000010
mov dword [eax + 4], ref_fffd68bc  ; mov dword [eax + 4], 0xfffd68bc
mov dword [eax + 8], edi
push eax
call fcn_fffb0585  ; call 0xfffb0585
add esp, 0x10

loc_fffa10b8:
sub esp, 0xc
push 2
call fcn_fffb8e87  ; call 0xfffb8e87
add esp, 0x10
mov ebx, eax
test eax, eax
je short loc_fffa10fb  ; je 0xfffa10fb
sub esp, 0xc
push 0xc
call fcn_fffb8e87  ; call 0xfffb8e87
add esp, 0x10
test eax, eax
je short loc_fffa10fb  ; je 0xfffa10fb
sub esp, 0xc
mov dword [eax], 0x80000010
mov dword [eax + 4], ref_fffd63d8  ; mov dword [eax + 4], 0xfffd63d8
mov byte [ebx], 1
mov dword [eax + 8], ebx
push eax
call fcn_fffb0585  ; call 0xfffb0585
add esp, 0x10

loc_fffa10fb:
sub esp, 0xc
mov esi, dword [0xff7d0084]
push 0x27
call fcn_fffb8e87  ; call 0xfffb8e87
add esp, 0x10
mov dword [ebp - 0x2c], eax
test eax, eax
je loc_fffa19f5  ; je 0xfffa19f5
sub esp, 0xc
push 0xc
call fcn_fffb8e87  ; call 0xfffb8e87
add esp, 0x10
mov dword [ebp - 0x30], eax
test eax, eax
je loc_fffa19f5  ; je 0xfffa19f5
sub esp, 0xc
push 0x36
call fcn_fffb8e87  ; call 0xfffb8e87
add esp, 0x10
mov dword [ebp - 0x3c], eax
test eax, eax
je loc_fffa19f5  ; je 0xfffa19f5
sub esp, 0xc
push 0xd
call fcn_fffb8e87  ; call 0xfffb8e87
add esp, 0x10
mov dword [ebp - 0x40], eax
test eax, eax
je loc_fffa19f5  ; je 0xfffa19f5
sub esp, 0xc
push 0x102
call fcn_fffb8e87  ; call 0xfffb8e87
add esp, 0x10
mov ebx, eax
test eax, eax
je loc_fffa19f5  ; je 0xfffa19f5
sub esp, 0xc
push 0xdc
call fcn_fffb8e87  ; call 0xfffb8e87
add esp, 0x10
mov edi, eax
test eax, eax
je loc_fffa19f5  ; je 0xfffa19f5
sub esp, 0xc
push 0x6b
call fcn_fffb8e87  ; call 0xfffb8e87
add esp, 0x10
test eax, eax
mov dword [ebp - 0x54], eax
je loc_fffa19f5  ; je 0xfffa19f5
sub esp, 0xc
push 5
call fcn_fffb8e87  ; call 0xfffb8e87
add esp, 0x10
mov dword [ebp - 0x44], eax
test eax, eax
je loc_fffa19f5  ; je 0xfffa19f5
sub esp, 0xc
push 0x11
call fcn_fffb8e87  ; call 0xfffb8e87
add esp, 0x10
test eax, eax
mov dword [ebp - 0x50], eax
je loc_fffa19f5  ; je 0xfffa19f5
lea eax, [esi + 0xce]
mov dword [edi + 0xd0], eax
lea eax, [esi + 0x8ce]
mov dword [edi + 0xd4], eax
lea eax, [esi + 0x8e6]
mov dword [edi + 0xd8], eax
push eax
push 0
push 0x27
push dword [ebp - 0x2c]
call fcn_fffb01ac  ; call 0xfffb01ac
mov eax, dword [ebp - 0x30]
mov ecx, dword [ebp - 0x2c]
mov dword [eax], 0x80000010
mov dword [eax + 8], ecx
mov dword [eax + 4], ref_fffd6918  ; mov dword [eax + 4], 0xfffd6918
mov byte [ecx], 0x13
call fcn_fffa67af  ; call 0xfffa67af
add esp, 0x10
mov edx, dword [ebp - 0x50]
cmp eax, 0x306d0
sete cl
cmp eax, 0x40670
mov dword [ebp - 0x38], eax
sete al
mov byte [ebp - 0x34], al
or al, cl
mov byte [ebp - 0x48], cl
mov ecx, dword [ebp - 0x54]
mov byte [ebp - 0x49], al
je short loc_fffa127a  ; je 0xfffa127a
mov eax, dword [0xff7d0084]
sub esp, 0xc
mov dword [ebp - 0x54], edx
mov dword [ebp - 0x50], ecx
mov eax, dword [eax + 0x14]
add eax, 0x10002
push eax
call fcn_fffb3e49  ; call 0xfffb3e49
mov edx, dword [ebp - 0x54]
add esp, 0x10
mov ecx, dword [ebp - 0x50]

loc_fffa127a:
mov al, byte [esi + 0x42]
mov dword [ebp - 0x54], edx
mov edx, dword [ebp - 0x3c]
mov dword [ebp - 0x50], ecx
mov ecx, dword [ebp - 0x2c]
cmp byte [ebp - 0x49], 1
mov byte [edx], al
mov al, byte [esi + 0x43]
mov byte [edx + 1], al
mov al, byte [esi + 0x44]
mov byte [edx + 2], al
mov al, byte [esi + 0x45]
mov dword [edx + 4], 0xfed10000
mov dword [edx + 8], 0xfed18000
mov dword [edx + 0xc], 0xfed19000
mov byte [edx + 3], al
mov dword [edx + 0x22], 0xfed80000
mov eax, dword [esi + 0x14]
mov dword [edx + 0x10], eax
movzx eax, word [esi + 0x18]
mov dword [edx + 0x14], eax
mov eax, dword [esi + 0x36]
mov dword [edx + 0x2b], 0x400000
mov dword [edx + 0x18], 0xfed84000
mov word [edx + 0x26], 0
mov dword [edx + 0x1c], eax
mov eax, dword [esi + 4]
mov byte [edx + 0x20], al
sbb eax, eax
mov dword [ecx + 1], edx
mov edx, dword [ebp - 0x40]
add eax, 3
mov word [edx + 2], ax
mov byte [edx + 4], 1
mov byte [edx + 5], 1
mov byte [edx + 6], 0
mov byte [edx + 7], 1
mov byte [edx + 0xc], 1
mov eax, dword [esi + 0x22]
mov word [edx], 0x800
mov dword [edx + 8], eax
mov dword [ecx + 5], edx
mov byte [ebx], 0
mov eax, dword [esi + 0x4e]
mov byte [ebx + 3], 1
mov dword [ebx + 4], 0
mov byte [ebx + 0x10], 0
mov word [ebx + 1], ax
mov byte [ebx + 0x11], 1
mov byte [ebx + 0x5d], 0xff
mov byte [ebx + 0x5e], 0x80
mov byte [ebx + 0x5f], 1
mov byte [ebx + 0x60], 1
mov byte [ebx + 0x61], 1
mov byte [ebx + 0x62], 7
mov byte [ebx + 0x63], 0
mov byte [ebx + 0xcf], 1
mov byte [ebx + 0xfe], 0
mov byte [ebx + 0xff], 0xe
mov byte [ebx + 0x100], 0
mov byte [ebx + 0xc2], 1
mov byte [ebx + 0xc3], 1
mov byte [ebx + 0xf2], 0
mov byte [ebx + 0x24], 1
mov byte [ebx + 0x25], 0
mov byte [ebx + 0x26], 0
mov byte [ebx + 0x27], 0
mov byte [ebx + 0x28], 0
mov eax, dword [esi + 0x3a]
mov byte [ebx + 0x2a], al
mov eax, dword [esi + 0x3e]
cmp dword [ebp - 0x38], 0x40650
mov byte [ebx + 0x6d], 2
mov ecx, dword [ebp - 0x50]
mov word [ebx + 0x6e], 0x30ce
mov edx, dword [ebp - 0x54]
mov byte [ebx + 0x2b], al
sete al
or al, byte [ebp - 0x48]
mov byte [ebx + 0x70], 1
mov byte [ebx + 0x71], 0
mov byte [ebx + 0x72], 0
mov byte [ebx + 0x73], 0
mov byte [ebx + 0x74], 1
mov byte [ebp - 0x3c], al
jne short loc_fffa13e1  ; jne 0xfffa13e1
cmp byte [ebp - 0x34], 0
je short loc_fffa13e5  ; je 0xfffa13e5

loc_fffa13e1:
mov byte [ebx + 0x75], 0

loc_fffa13e5:
mov al, byte [esi + 0x46]
mov byte [ebx + 0x77], 1
mov byte [ebx + 0x78], 0
mov byte [ebx + 0x79], 0
mov byte [ebx + 0x76], al
mov byte [ebx + 0x7a], 3
mov byte [ebx + 0x7b], 0
mov byte [ebx + 0x7c], 0
mov byte [ebx + 0x7d], 0
mov byte [ebx + 0x7e], 0
mov byte [ebx + 0x7f], 0
mov byte [ebx + 0x80], 0
mov word [ebx + 0x81], 0
mov byte [ebx + 0x83], 0
mov byte [ebx + 0x84], 0
mov byte [ebx + 0x85], 0
mov word [ebx + 0x86], 0
mov byte [ebx + 0x88], 0xff
mov byte [ebx + 0x89], 0xff
mov byte [ebx + 0x8a], 0xff
mov byte [ebx + 0x8b], 0xff
mov byte [ebx + 0x8c], 0xff
mov byte [ebx + 0x8d], 0xff
mov byte [ebx + 0x8e], 0xff
mov byte [ebx + 0x8f], 0xff
mov byte [ebx + 0x90], 0xff
mov byte [ebx + 0x91], 0xff
mov byte [ebx + 0x92], 0xff
mov byte [ebx + 0x93], 0xff
mov byte [ebx + 0x94], 0xff
mov byte [ebx + 0x95], 0xff
mov byte [ebx + 0x96], 0xff
mov byte [ebx + 0x97], 0xff
mov byte [ebx + 0x98], 0
mov byte [ebx + 0x99], 0
mov byte [ebx + 0x9a], 0
mov byte [ebx + 0x9b], 0
mov byte [ebx + 0x9c], 0
mov byte [ebx + 0x9d], 0
mov byte [ebx + 0x9e], 0
mov byte [ebx + 0x9f], 0
mov byte [ebx + 0xa0], 0
mov byte [ebx + 0xa1], 0
mov byte [ebx + 0xa2], 0
mov byte [ebx + 0xa3], 0
mov byte [ebx + 0xa4], 0
mov byte [ebx + 0xa5], 0
mov byte [ebx + 0xa6], 0
mov byte [ebx + 0xa7], 0
mov byte [ebx + 0xa8], 0
mov byte [ebx + 0xa9], 0
mov byte [ebx + 0xaa], 0
mov byte [ebx + 0xab], 0
cmp dword [esi + 0x52], 0
mov word [ebx + 0xad], 0x200
mov byte [ebx + 0xaf], 0
sete byte [ebx + 0xac]
cmp byte [ebp - 0x3c], 0
mov byte [ebx + 0xb0], 0x30
jne short loc_fffa1567  ; jne 0xfffa1567
cmp byte [ebp - 0x34], 0
je short loc_fffa1575  ; je 0xfffa1575

loc_fffa1567:
mov byte [ebx + 0xb1], 1
mov byte [ebx + 0xb2], 0x40

loc_fffa1575:
mov byte [ebx + 0x101], 0xff
mov byte [ebx + 0x2e], 1
mov byte [ebx + 0x2f], 0
mov byte [ebx + 0x30], 4
mov byte [ebx + 0x31], 0xc
mov byte [ebx + 0x6b], 0
mov byte [ebx + 0x32], 0
mov byte [ebx + 0x33], 1
mov byte [ebx + 0x34], 1
mov byte [ebx + 0x35], 1
mov byte [ebx + 0x36], 1
mov byte [ebx + 0x37], 0
mov byte [ebx + 0x38], 1
mov byte [ebx + 0x39], 1
mov byte [ebx + 0x3a], 1
mov byte [ebx + 0x3b], 0
mov byte [ebx + 0x3c], 1
mov byte [ebx + 0x3e], 1
mov byte [ebx + 0x3f], 0
mov byte [ebx + 0x40], 1
mov byte [ebx + 0x41], 1
mov byte [ebx + 0x42], 1
mov byte [ebx + 0x5c], 1
mov byte [ebx + 0x43], 1
mov byte [ebx + 0x44], 1
mov byte [ebx + 0x47], 1
mov byte [ebx + 0x48], 1
mov byte [ebx + 0x49], 1
mov byte [ebx + 0x4a], 0
mov byte [ebx + 0x4b], 0
mov byte [ebx + 0x58], 0
mov byte [ebx + 0x59], 0
mov byte [ebx + 0x5a], 1
mov byte [ebx + 0x6a], 1
mov byte [ebx + 0xc5], 1
mov byte [ebx + 0xce], 1
cmp dword [esi + 0x56], 0
mov byte [ebx + 0xd0], 1
mov byte [ebx + 0x2c], 1
sete byte [ebx + 0xfd]
cmp byte [ebp - 0x3c], 0
mov byte [ebx + 0x55], 0
mov byte [ebx + 0x56], 1
mov word [ebx + 0x4c], 0
mov dword [ebx + 0x4e], 0
mov byte [ebx + 0x53], 2
mov byte [ebx + 0x54], 0
mov dword [ebx + 0x64], 0x5f5e100
mov byte [ebx + 0xc4], 0
mov byte [ebx + 0x5b], 1
mov byte [ebx + 0xf3], 1
mov byte [ebx + 0xc7], 0
mov al, byte [esi + 0x4a]
mov byte [ebx + 0x57], al
jne short loc_fffa1673  ; jne 0xfffa1673
cmp byte [ebp - 0x34], 0
jmp short loc_fffa167a  ; jmp 0xfffa167a

loc_fffa1673:
cmp dword [ebp - 0x38], 0x40650

loc_fffa167a:
je short loc_fffa16fb  ; je 0xfffa16fb
mov byte [ebx + 0xfc], 0
mov byte [ebx + 0xd1], 0
mov dword [ebx + 0xd2], 0
mov dword [ebx + 0xd6], 0
mov dword [ebx + 0xda], 0
mov dword [ebx + 0xde], 0
mov dword [ebx + 0xe2], 0
mov dword [ebx + 0xe6], 0
mov dword [ebx + 0xea], 0
mov dword [ebx + 0xee], 0
mov byte [ebx + 0xf4], 1
mov dword [ebx + 0xf5], 0x320
mov word [ebx + 0xf9], 0x118
mov byte [ebx + 0xfb], 7

loc_fffa16fb:
mov eax, dword [0xff7d0084]
sub esp, 0xc
mov dword [ebp - 0x40], edx
mov dword [ebp - 0x3c], ecx
mov eax, dword [eax + 0x14]
add eax, 2
push eax
call fcn_fffb3e49  ; call 0xfffb3e49
add esp, 0x10
mov edx, dword [ebp - 0x40]
mov dword [ebp - 0x38], 1
cmp ax, 0xa04
sete cl
cmp ax, 0xc04
mov word [ebp - 0x34], ax
sete al
or cl, al
mov ecx, dword [ebp - 0x3c]
jne short loc_fffa1766  ; jne 0xfffa1766
cmp word [ebp - 0x34], 0xa0c
sete al
cmp word [ebp - 0x34], 0xd04
sete byte [ebp - 0x3c]
or al, byte [ebp - 0x3c]
jne short loc_fffa1766  ; jne 0xfffa1766
mov eax, dword [ebp - 0x34]
and eax, 0xffffffef
cmp ax, 0x1604
sete al
movzx eax, al
mov dword [ebp - 0x38], eax

loc_fffa1766:
mov al, byte [ebp - 0x38]
mov word [ebx + 0xc8], 0xcf8
mov word [ebx + 0xca], 0xcfc
mov byte [ebx + 0xcc], 0xaa
mov byte [ebx + 0xc6], al
mov dword [edi], fcn_fffa5ba3  ; mov dword [edi], 0xfffa5ba3
mov dword [edi + 4], fcn_fffb00a0  ; mov dword [edi + 4], 0xfffb00a0
mov dword [edi + 8], fcn_fffb00dc  ; mov dword [edi + 8], 0xfffb00dc
mov dword [edi + 0xc], fcn_fffa5b97  ; mov dword [edi + 0xc], 0xfffa5b97
mov dword [edi + 0x10], fcn_fffb00b9  ; mov dword [edi + 0x10], 0xfffb00b9
mov dword [edi + 0x14], fcn_fffb0086  ; mov dword [edi + 0x14], 0xfffb0086
mov dword [edi + 0x18], fcn_fffb3e25  ; mov dword [edi + 0x18], 0xfffb3e25
mov dword [edi + 0x1c], fcn_fffb3e49  ; mov dword [edi + 0x1c], 0xfffb3e49
mov dword [edi + 0x20], fcn_fffb3fc4  ; mov dword [edi + 0x20], 0xfffb3fc4
mov dword [edi + 0x24], fcn_fffb401c  ; mov dword [edi + 0x24], 0xfffb401c
mov dword [edi + 0x28], fcn_fffb3e2f  ; mov dword [edi + 0x28], 0xfffb3e2f
mov dword [edi + 0x2c], fcn_fffb3fa0  ; mov dword [edi + 0x2c], 0xfffb3fa0
mov dword [edi + 0x30], fcn_fffb3ffa  ; mov dword [edi + 0x30], 0xfffb3ffa
mov dword [edi + 0x34], fcn_fffa5bfe  ; mov dword [edi + 0x34], 0xfffa5bfe
mov dword [edi + 0x38], fcn_fffb028b  ; mov dword [edi + 0x38], 0xfffb028b
mov dword [edi + 0x3c], fcn_fffb045c  ; mov dword [edi + 0x3c], 0xfffb045c
mov dword [edi + 0x40], fcn_fffb02af  ; mov dword [edi + 0x40], 0xfffb02af
mov dword [edi + 0x44], fcn_fffb0481  ; mov dword [edi + 0x44], 0xfffb0481
mov dword [edi + 0x48], fcn_fffc375d  ; mov dword [edi + 0x48], 0xfffc375d
mov dword [edi + 0x4c], fcn_fffc3739  ; mov dword [edi + 0x4c], 0xfffc3739
mov dword [edi + 0x50], fcn_fffb3e6d  ; mov dword [edi + 0x50], 0xfffb3e6d
mov dword [edi + 0x54], fcn_fffb7ea0  ; mov dword [edi + 0x54], 0xfffb7ea0
mov dword [edi + 0x58], fcn_fffb01dc  ; mov dword [edi + 0x58], 0xfffb01dc
mov dword [edi + 0x5c], fcn_fffb01ac  ; mov dword [edi + 0x5c], 0xfffb01ac
mov dword [edi + 0x60], fcn_fffa5c5d  ; mov dword [edi + 0x60], 0xfffa5c5d
mov dword [edi + 0x64], fcn_fffa5c45  ; mov dword [edi + 0x64], 0xfffa5c45
mov dword [edi + 0x68], fcn_fffb01d3  ; mov dword [edi + 0x68], 0xfffb01d3
mov dword [edi + 0x6c], fcn_fffb01ca  ; mov dword [edi + 0x6c], 0xfffb01ca
mov dword [edi + 0x70], fcn_fffa5cd2  ; mov dword [edi + 0x70], 0xfffa5cd2
mov eax, dword [ebp - 0x2c]
mov dword [edi + 0x74], fcn_fffb01a3  ; mov dword [edi + 0x74], 0xfffb01a3
mov dword [edi + 0x78], fcn_fffb03bb  ; mov dword [edi + 0x78], 0xfffb03bb
mov dword [edi + 0x7c], fcn_fffb0108  ; mov dword [edi + 0x7c], 0xfffb0108
mov dword [edi + 0x80], fcn_fffb8075  ; mov dword [edi + 0x80], 0xfffb8075
mov dword [edi + 0x84], fcn_fffb9af0  ; mov dword [edi + 0x84], 0xfffb9af0
mov dword [edi + 0x88], fcn_fffa5bf7  ; mov dword [edi + 0x88], 0xfffa5bf7
mov dword [edi + 0x8c], fcn_fffa5bef  ; mov dword [edi + 0x8c], 0xfffa5bef
mov dword [edi + 0x90], fcn_fffa5bc6  ; mov dword [edi + 0x90], 0xfffa5bc6
mov dword [edi + 0x94], fcn_fffb8fa9  ; mov dword [edi + 0x94], 0xfffb8fa9
mov dword [edi + 0x98], fcn_fffb0139  ; mov dword [edi + 0x98], 0xfffb0139
mov dword [edi + 0x9c], fcn_fffb4041  ; mov dword [edi + 0x9c], 0xfffb4041
mov dword [edi + 0xa0], fcn_fffa5bbc  ; mov dword [edi + 0xa0], 0xfffa5bbc
mov dword [edi + 0xa4], fcn_fffa5bac  ; mov dword [edi + 0xa4], 0xfffa5bac
mov dword [edi + 0xa8], fcn_fffb013e  ; mov dword [edi + 0xa8], 0xfffb013e
mov dword [eax + 9], ebx
mov dword [eax + 0x1e], edi
xor eax, eax
mov byte [ecx], 0
mov byte [ecx + 1], 1
mov byte [ecx + 2], 1
mov byte [ecx + 3], 1
mov byte [ecx + 4], 0
mov byte [ecx + 5], 0
mov byte [ecx + 6], 0
mov byte [ecx + 7], 0
mov byte [ecx + 0x5c], 0xff
mov byte [ecx + 0x61], 0
mov byte [ecx + 0x5d], 0xff
mov byte [ecx + 0x62], 0
mov byte [ecx + 0x5e], 0xff
mov byte [ecx + 0x63], 0
mov byte [ecx + 8], 1
mov byte [ecx + 0x39], 0
mov byte [ecx + 0x40], 2
mov byte [ecx + 0x5f], 0
mov byte [ecx + 0x60], 0
mov byte [ecx + 0x64], 2
mov word [ecx + 0x65], 0x2710
mov word [ecx + 0x67], 2
mov byte [ecx + 0x69], 2
mov byte [ecx + 0x6a], 2
mov byte [ecx + 0x3b], 1
mov byte [ecx + 0x48], 0
mov word [ecx + 0x3c], 0x3e8
mov byte [ecx + 0x3f], 0xf
mov byte [ecx + 0x42], 0x14
mov word [ecx + 0x50], 1

loc_fffa195f:
mov byte [ecx + eax + 9], 8
mov byte [ecx + eax + 0x19], 7
mov byte [ecx + eax + 0x29], 2
inc eax
cmp eax, 0x10
jne short loc_fffa195f  ; jne 0xfffa195f
mov eax, dword [ebp - 0x44]
mov byte [ecx + 0x49], 0
mov byte [eax], 0
xor eax, eax
mov byte [ecx + 0x52], 0
mov byte [ecx + 0x53], 0

loc_fffa1988:
mov byte [ecx + eax + 0x54], 8
inc eax
cmp eax, 8
jne short loc_fffa1988  ; jne 0xfffa1988
mov eax, dword [ebp - 0x2c]
sub esp, 0xc
mov dword [ecx + 0x44], 0
mov dword [eax + 0xd], ecx
mov ecx, eax
mov word [edx], 0
mov word [edx + 2], 0
mov word [edx + 4], 0
mov word [edx + 6], 0
mov word [edx + 8], 0
mov byte [edx + 0xa], 0
mov byte [edx + 0xb], 0
mov word [edx + 0xc], 0
mov word [edx + 0xe], 0
mov byte [edx + 0x10], 0
mov dword [eax + 0x11], edx
mov byte [eax + 0x22], 0
mov eax, dword [esi + 0x8f6]
mov dword [ecx + 0x15], eax
push dword [ebp - 0x30]
call fcn_fffb0585  ; call 0xfffb0585
add esp, 0x10

loc_fffa19f5:
sub esp, 0xc
push ref_fffd628f  ; push 0xfffd628f
call mrc_printk  ; call 0xfffb8212
mov dword [esp], ref_fffd6890  ; mov dword [esp], 0xfffd6890
call fcn_fffb0585  ; call 0xfffb0585
mov dword [esp], 0x20
call fcn_fffb8e87  ; call 0xfffb8e87
add esp, 0x10
mov ebx, eax
test eax, eax
je short loc_fffa1a7d  ; je 0xfffa1a7d
mov dword [eax + 0x14], fcn_fffb4acb  ; mov dword [eax + 0x14], 0xfffb4acb
sub esp, 0xc
mov dword [eax + 0xc], 0x53524549
mov dword [eax + 0x10], 0
mov eax, dword [0xff7d0084]
mov eax, dword [eax + 0x14]
lea edx, [eax + 0xf8000]
add eax, 0xf80f0
mov dword [ebx + 0x1c], edx
push eax
call fcn_fffb3fc4  ; call 0xfffb3fc4
mov dword [ebx], 0x80000010
mov dword [ebx + 4], ref_fffd689c  ; mov dword [ebx + 4], 0xfffd689c
and eax, 0xffffc000
mov dword [ebx + 0x18], eax
lea eax, [ebx + 0x14]
mov dword [ebx + 8], eax
mov dword [esp], ebx
call fcn_fffb0585  ; call 0xfffb0585
add esp, 0x10

loc_fffa1a7d:
push ebx
push ebx
lea eax, [ebp - 0x1c]
push eax
push 0x11b
call fcn_fffb05b9  ; call 0xfffb05b9
add esp, 0x10
test eax, eax
jns short loc_fffa1a9b  ; jns 0xfffa1a9b
mov dword [ebp - 0x1c], 0

loc_fffa1a9b:
mov ebx, dword [ebp - 0x1c]
test ebx, ebx
je loc_fffa1b4c  ; je 0xfffa1b4c
mov edx, ebx
mov eax, 0xff7d0278
call fcn_fffb04af  ; call 0xfffb04af
mov eax, dword [0xff7d0084]
sub esp, 0xc
mov edi, dword [eax + 0x14]
mov eax, dword [ebx + 8]
lea esi, [edi + 0xfb020]
push esi
mov dword [ebp - 0x2c], eax
call fcn_fffb3fc4  ; call 0xfffb3fc4
pop edx
pop ecx
and eax, 0xffe0
or eax, dword [ebp - 0x2c]
push eax
push esi
call fcn_fffb3ffa  ; call 0xfffb3ffa
mov al, byte [edi + 0xfb004]
or eax, 1
mov byte [edi + 0xfb004], al
mov al, byte [edi + 0xfb040]
or eax, 0x10
mov byte [edi + 0xfb040], al
mov al, byte [edi + 0xfb040]
or eax, 8
mov byte [edi + 0xfb040], al
mov al, byte [edi + 0xfb040]
and eax, 0xfffffff9
or eax, 1
mov byte [edi + 0xfb040], al
pop esi
pop edi
push 0xff
push 0
call fcn_fffb4a42  ; call 0xfffb4a42
lea eax, [ebx + 0xc]
add ebx, 0x38
mov dword [esp], eax
call fcn_fffb0585  ; call 0xfffb0585
call fcn_fffb0201  ; call 0xfffb0201
pop edx
pop ecx
mov edx, dword [eax]
push ebx
push eax
call dword [edx + 0x24]  ; ucall
add esp, 0x10

loc_fffa1b4c:
sub esp, 0xc
mov esi, ref_fffd68cc  ; mov esi, 0xfffd68cc
push ref_fffd62c7  ; push 0xfffd62c7
call mrc_printk  ; call 0xfffb8212
lea eax, [ebp - 0x24]
push eax
push 0
push 0
push ref_fffd6918  ; push 0xfffd6918
call fcn_fffb020b  ; call 0xfffb020b
add esp, 0x1c
mov ebx, dword [ebp - 0x24]
lea eax, [ebp - 0x20]
push eax
push 0x73
push 4
call fcn_fffb0564  ; call 0xfffb0564
mov eax, dword [ebp - 0x20]
mov ecx, 4
lea edi, [eax + 8]
add eax, 0x18
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
pop edx
pop ecx
push 8
push eax
call fcn_fffb067f  ; call 0xfffb067f
mov eax, dword [ebp - 0x20]
pop esi
pop edi
add eax, 0x20
push 8
push eax
call fcn_fffb067f  ; call 0xfffb067f
pop eax
mov eax, dword [ebp - 0x20]
pop edx
add eax, 0x29
push 0x21
push eax
call fcn_fffb067f  ; call 0xfffb067f
mov eax, dword [ebp - 0x20]
add esp, 0x10
mov byte [eax + 0x28], 0
mov byte [eax + 0x71], 0
cmp byte [ebx], 1
jbe short loc_fffa1bdb  ; jbe 0xfffa1bdb
mov edx, dword [ebx + 0xd]
mov dl, byte [edx + 0x49]
mov byte [eax + 0x4a], dl
jmp short loc_fffa1bdf  ; jmp 0xfffa1bdf

loc_fffa1bdb:
mov byte [eax + 0x4a], 0

loc_fffa1bdf:
mov edx, dword [ebx + 5]
mov dl, byte [edx + 7]
mov byte [eax + 0x72], dl
lea eax, [ebp - 0x1c]
push eax
push 0
push 0
push ref_fffd68bc  ; push 0xfffd68bc
call fcn_fffb020b  ; call 0xfffb020b
mov eax, dword [ebp - 0x1c]
add esp, 0x10
mov edx, dword [eax + 9]
cmp dword [edx + 4], 0
je short loc_fffa1c32  ; je 0xfffa1c32
mov ebx, dword [ebp - 0x20]
mov byte [ebx + 0x18], 1
mov edx, dword [eax + 1]
cmp byte [edx], 0
jns short loc_fffa1c32  ; jns 0xfffa1c32
push ecx
push 0x14
mov eax, dword [eax + 9]
mov eax, dword [eax + 4]
push dword [eax + 0x1c]
push dword [eax + 0x18]
call fcn_fffb01ca  ; call 0xfffb01ca
add esp, 0x10
mov byte [ebx + 0x19], al

loc_fffa1c32:
mov eax, dword [ebp - 0x20]
mov byte [eax + 0x20], 2
mov edx, dword [ebp - 0x1c]
mov ecx, dword [edx + 1]
test byte [ecx], 0x10
je short loc_fffa1c52  ; je 0xfffa1c52
mov edx, dword [edx + 9]
mov edx, dword [edx]
mov dl, byte [edx + 0x301]
mov byte [eax + 0x21], dl

loc_fffa1c52:
sub esp, 0xc
push ref_fffd68dc  ; push 0xfffd68dc
call fcn_fffb0585  ; call 0xfffb0585
mov dword [esp], ref_fffd62a6  ; mov dword [esp], 0xfffd62a6
call mrc_printk  ; call 0xfffb8212
mov dword [esp], 0x19
call fcn_fffb8e87  ; call 0xfffb8e87
add esp, 0x10
mov ebx, eax
test eax, eax
je short loc_fffa1cf3  ; je 0xfffa1cf3
mov dword [eax], 0x4943524d
lea eax, [eax + 0x14]
mov dword [eax - 0x10], 0x80000020
lea esi, [ebx + 4]
mov dword [eax - 8], fcn_fffcdaba  ; mov dword [eax - 8], 0xfffcdaba
mov dword [eax - 4], 0
mov byte [eax + 4], 0
mov dword [eax], 0
push eax
push 0
push 0
push ref_fffd68f8  ; push 0xfffd68f8
call fcn_fffb020b  ; call 0xfffb020b
mov eax, dword [ebx + 0x14]
add esp, 0x10
test eax, eax
je short loc_fffa1ce2  ; je 0xfffa1ce2
test byte [eax + 1], 1
je short loc_fffa1ce2  ; je 0xfffa1ce2
mov dword [ebx + 8], ref_fffd68e8  ; mov dword [ebx + 8], 0xfffd68e8
call fcn_fffb0201  ; call 0xfffb0201
push edx
push edx
mov edx, dword [eax]
push esi
push eax
call dword [edx + 0x24]  ; ucall
add esp, 0x10

loc_fffa1ce2:
push edi
push 0
push esi
push 0xff7d0278
call fcn_fffcdaba  ; call 0xfffcdaba
add esp, 0x10

loc_fffa1cf3:
call fcn_fffb059d  ; call 0xfffb059d
push ebx
push ebx
push eax
push ref_fffd6908  ; push 0xfffd6908
call fcn_fffc5baf  ; call 0xfffc5baf
add esp, 0x10
mov esi, eax
test eax, eax
jne short loc_fffa1d2a  ; jne 0xfffa1d2a
mov eax, dword [ebp + 8]
mov dword [eax + 0x906], 0
mov dword [eax + 0x902], 0
jmp near loc_fffa1e7e  ; jmp 0xfffa1e7e

loc_fffa1d2a:
mov eax, dword [eax + 0x20]
mov ecx, dword [ebp + 8]
mov byte [ebp - 0x2c], 0
mov dword [ecx + 0x906], eax
lea eax, [esi + 0x20]
mov dword [ecx + 0x902], eax
mov byte [ecx + 0x90a], 0
mov eax, dword [esi + 0x245c]
mov dword [ebp - 0x34], eax
lea eax, [esi + 0x1092]
mov dword [ebp - 0x38], eax

loc_fffa1d5c:
mov al, byte [ebp - 0x2c]
mov dword [ebp - 0x30], 0
add eax, eax
mov byte [ebp - 0x3c], al
mov eax, dword [ebp - 0x38]
lea edi, [eax + 0x25d]
mov ecx, eax

loc_fffa1d76:
mov edx, dword [ebp - 0x30]
mov al, byte [ebp - 0x3c]
mov byte [ebp - 0x44], dl
add eax, edx
cmp dword [ecx], 2
mov byte [ebp - 0x40], al
jne loc_fffa1e54  ; jne 0xfffa1e54
mov eax, dword [ebp + 8]
mov edx, dword [ebp + 8]
movzx eax, byte [eax + 0x90a]
imul eax, eax, 0x28
lea eax, [edx + eax + 0x900]
mov edx, dword [esi + 0x2499]
mov dword [ebp - 0x48], eax
lea ebx, [eax + 0xb]
cmp edx, 2
je short loc_fffa1dce  ; je 0xfffa1dce
cmp edx, 3
je short loc_fffa1dd6  ; je 0xfffa1dd6
dec edx
mov eax, 0xff
mov edx, 0x18
cmove eax, edx
mov word [ebx + 4], ax
jmp short loc_fffa1ddc  ; jmp 0xfffa1ddc

loc_fffa1dce:
mov word [ebx + 4], 0x1a
jmp short loc_fffa1ddc  ; jmp 0xfffa1ddc

loc_fffa1dd6:
mov word [ebx + 4], 0x1d

loc_fffa1ddc:
mov eax, dword [esi + 0x1837]
mov edx, dword [ebp - 0x48]
mov dword [ebp - 0x48], ecx
mov word [ebx + 6], ax
mov eax, dword [ecx + 0xe1]
mov dword [edx + 0xb], eax
mov al, byte [ecx + 0xed]
mov byte [ebx + 8], al
mov al, byte [ebp - 0x2c]
mov byte [ebx + 9], al
mov al, byte [ebp - 0x44]
mov byte [ebx + 0xa], al
mov al, byte [ebp - 0x40]
mov byte [ebx + 0xb], al
lea eax, [ebx + 0x11]
push ecx
push 0x12
push edi
push eax
mov eax, dword [ebp - 0x34]
call dword [eax + 0x58]  ; ucall
add esp, 0xc
push 4
lea eax, [edi - 6]
push eax
lea eax, [ebx + 0xc]
push eax
mov eax, dword [ebp - 0x34]
call dword [eax + 0x58]  ; ucall
mov ax, word [edi - 0xb]
add esp, 0x10
mov ecx, dword [ebp - 0x48]
mov word [ebx + 0x24], ax
mov al, byte [edi - 0xd]
mov byte [ebx + 0x26], al
mov al, byte [edi - 0xc]
mov byte [ebx + 0x27], al
mov eax, dword [ebp + 8]
inc byte [eax + 0x90a]

loc_fffa1e54:
inc dword [ebp - 0x30]
add ecx, 0x128
add edi, 0x21
cmp dword [ebp - 0x30], 2
jne loc_fffa1d76  ; jne 0xfffa1d76
inc byte [ebp - 0x2c]
add dword [ebp - 0x38], 0x433
cmp byte [ebp - 0x2c], 2
jne loc_fffa1d5c  ; jne 0xfffa1d5c

loc_fffa1e7e:
sub esp, 0xc
push ref_fffd62bb  ; push 0xfffd62bb
call mrc_printk  ; call 0xfffb8212
add esp, 0x10
xor eax, eax

loc_fffa1e90:
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa1e98:
push ebp
mov ebp, esp
push edi
push esi
mov esi, edx
push ebx
sub esp, 0x6214
push 0x5ee5
lea edi, [ebp - 0x5efd]
push edi
mov dword [ebp - 0x6208], ecx
mov dword [ebp - 0x6204], eax
call fcn_fffb067f  ; call 0xfffb067f
pop ebx
pop eax
lea ebx, [ebp - 0x60c8]
push 0x1cb
push ebx
call fcn_fffb067f  ; call 0xfffb067f
lea eax, [ebp - 0x6174]
mov dword [ebp - 0x3ab9], eax
mov eax, dword [ref_fffd3578]  ; mov eax, dword [0xfffd3578]
lea edx, [ebp - 0x61c1]
mov dword [ebp - 0x20], ebx
mov dword [ebp - 0x60c4], edx
mov dword [ebp - 0x6200], edx
mov dword [ebp - 0x5efd], eax
lea eax, [ebp - 0x61ec]
push eax
push 0
push 0
push ref_fffd6918  ; push 0xfffd6918
mov dword [ebp - 0x60c8], 0x1cb
mov dword [ebp - 0x5ef9], 0x5ee5
mov dword [ebp - 0x5ef5], 0x1866
mov dword [ebp - 0x468f], 0xbde
mov dword [ebp - 0x3ab1], 0x3a91
call fcn_fffb020b  ; call 0xfffb020b
mov eax, dword [ebp - 0x61ec]
add esp, 0x20
mov edx, dword [ebp - 0x3ab9]
mov ecx, dword [eax + 9]
mov ebx, dword [eax + 0x1e]
mov dword [ebp - 0x61fc], edx
mov dword [ebx + 0xac], fcn_fffc8b09  ; mov dword [ebx + 0xac], 0xfffc8b09
mov dword [ebx + 0xb0], fcn_fffce35b  ; mov dword [ebx + 0xb0], 0xfffce35b
mov dword [ebx + 0xb4], fcn_fffb1612  ; mov dword [ebx + 0xb4], 0xfffb1612
mov dword [ebx + 0xb8], fcn_fffc3ac8  ; mov dword [ebx + 0xb8], 0xfffc3ac8
mov dword [ebx + 0xbc], fcn_fffcd268  ; mov dword [ebx + 0xbc], 0xfffcd268
mov dword [ebx + 0xc0], fcn_fffb15dc  ; mov dword [ebx + 0xc0], 0xfffb15dc
mov dword [ebx + 0xc4], fcn_fffabc7a  ; mov dword [ebx + 0xc4], 0xfffabc7a
mov dword [ebx + 0xc8], fcn_fffcce33  ; mov dword [ebx + 0xc8], 0xfffcce33
mov dword [ebx + 0xcc], fcn_fffab79d  ; mov dword [ebx + 0xcc], 0xfffab79d
mov dword [ebp - 0x3ae2], eax
mov ax, word [ecx + 0xc8]
mov word [ebp - 0x3ae6], ax
mov ax, word [ecx + 0xca]
mov word [ebp - 0x3ae4], ax
call fcn_fffa67af  ; call 0xfffa67af
sub esp, 0xc
lea ecx, [ebp - 0x61c8]
push ecx
lea ecx, [ebp - 0x61cc]
push ecx
lea ecx, [ebp - 0x61d0]
push ecx
mov dword [ebp - 0x3aeb], eax
lea eax, [ebp - 0x61d4]
push eax
push 1
call fcn_fffd2bc2  ; call 0xfffd2bc2
add esp, 0x1c
mov eax, dword [ebp - 0x61d4]
push 0xac
push ebx
push dword [ebp - 0x61fc]
and eax, 0xf
mov byte [ebp - 0x3ae7], al
call dword [ebx + 0x58]  ; ucall
mov edx, dword [ebp - 0x6200]
add esp, 0xc
push 0x4d
push ref_fffd3528  ; push 0xfffd3528
push edx
call dword [ebp - 0x611c]  ; ucall
call fcn_fffb0201  ; call 0xfffb0201
pop edx
pop ecx
lea ecx, [ebp - 0x61e4]
mov edx, dword [eax]
push ecx
push eax
call dword [edx + 0x28]  ; ucall
add esp, 0x10
cmp dword [ebp - 0x61e4], 0x11
je short loc_fffa20b0  ; je 0xfffa20b0
lea eax, [ebp - 0x61e8]
push ecx
push eax
push 0x5efe
push 4
call fcn_fffb0564  ; call 0xfffb0564
add esp, 0x10
test eax, eax
js short loc_fffa20ba  ; js 0xfffa20ba
mov ebx, dword [ebp - 0x61e8]
push eax
push 0x10
push ref_fffd6908  ; push 0xfffd6908
lea eax, [ebx + 8]
add ebx, 0x18
push eax
call fcn_fffb01dc  ; call 0xfffb01dc
pop eax
pop edx
push 0x5ee6
push ebx
call fcn_fffb067f  ; call 0xfffb067f
add esp, 0x10
jmp short loc_fffa20ba  ; jmp 0xfffa20ba

loc_fffa20b0:
mov dword [ebp - 0x61e8], 0

loc_fffa20ba:
mov eax, dword [ebp - 0x61ec]
mov edx, dword [eax + 9]
mov eax, 5
cmp byte [edx + 0x55], 0
jne short loc_fffa20d2  ; jne 0xfffa20d2
movzx eax, byte [edx + 0x2d]

loc_fffa20d2:
mov edx, dword [ebp - 0x61e4]
mov dword [ebp - 0x45ff], eax
mov dword [ebp - 0x4603], esi
cmp edx, 0x11
je short loc_fffa20f4  ; je 0xfffa20f4
mov eax, dword [ebp - 0x61e8]
add eax, 0x18
jmp short loc_fffa20f6  ; jmp 0xfffa20f6

loc_fffa20f4:
xor eax, eax

loc_fffa20f6:
push ecx
push ecx
push 0xdd00
push edi
mov dword [ebp - 0x460b], eax
xor eax, eax
cmp edx, 0x11
mov edx, 0xfbe8
cmovne eax, edx
mov dword [ebp - 0x4607], eax
call dword [ebp - 0x60e0]  ; ucall
lea edx, [ebp - 0x61c8]
mov edi, dword [ebp - 0x3ab9]
mov dword [esp], edx
lea edx, [ebp - 0x61cc]
push edx
lea edx, [ebp - 0x61d0]
push edx
lea eax, [ebp - 0x61d4]
push eax
push 1
mov byte [ebp - 0x61ed], 0
call fcn_fffd2bc2  ; call 0xfffd2bc2
add esp, 0x20
test byte [ebp - 0x61cc], 0x40
je loc_fffa21f6  ; je 0xfffa21f6
mov edx, cr4
mov eax, edx
or eax, 0x4000
mov cr4, eax
xor eax, eax
mov ebx, eax
getsec
mov cr4, edx
test al, 1
je short loc_fffa21f6  ; je 0xfffa21f6
sub esp, 0xc
push 0x2e7
call dword [edi + 0xa0]  ; ucall
add esp, 0x10
test al, 6
je short loc_fffa21f6  ; je 0xfffa21f6
lea eax, [ebp - 0x61d8]
mov ebx, 0x2ee
push eax
push 0
push 0
push ref_fffd6348  ; push 0xfffd6348
call fcn_fffb020b  ; call 0xfffb020b
add esp, 0x10

loc_fffa21ab:
mov eax, dword [esi]
mov eax, dword [eax + 0x60]
push 0
push 0xfed40000
push eax
push esi
call dword [eax + 0x30]  ; ucall
add esp, 0x10
cmp al, 0xff
je short loc_fffa21e3  ; je 0xfffa21e3
test al, al
js loc_fffa2ade  ; js 0xfffa2ade
mov eax, dword [ebp - 0x61d8]
push edx
push 0x3e8
push eax
push esi
call dword [eax + 4]  ; ucall
add esp, 0x10
dec bx
jne short loc_fffa21ab  ; jne 0xfffa21ab

loc_fffa21e3:
push ebx
push 0
push 0
push 0x2e6
call dword [edi + 0xa4]  ; ucall
add esp, 0x10

loc_fffa21f6:
cmp dword [ebp - 0x61e4], 0x11
mov dword [ebp - 0x6200], 2
je short loc_fffa2254  ; je 0xfffa2254
mov ebx, dword [ebp - 0x3ab9]
push 0xa0
push 0
push 0x1f
push 0
call dword [ebx + 0x48]  ; ucall
pop edx
pop ecx
push eax
movzx eax, word [ebp - 0x3ae6]
push eax
call dword [ebx + 0x14]  ; ucall
movzx eax, word [ebp - 0x3ae4]
mov dword [esp], eax
call dword [ebx + 8]  ; ucall
add esp, 0x10
shr eax, 0x10
and eax, 0xa0
cmp eax, 0xa0
sete al
movzx eax, al
mov dword [ebp - 0x6200], eax

loc_fffa2254:
mov eax, dword [ebp - 0x3aeb]
cmp eax, 0x40650
jne short loc_fffa226d  ; jne 0xfffa226d
mov dword [ebp - 0x4676], 0x40650
jmp short loc_fffa229b  ; jmp 0xfffa229b

loc_fffa226d:
cmp eax, 0x306c0
jne short loc_fffa228a  ; jne 0xfffa228a
mov dword [ebp - 0x4676], 0x306c0
mov dword [ebp - 0x4672], 0
jmp short loc_fffa2301  ; jmp 0xfffa2301

loc_fffa228a:
cmp eax, 0x40660
jne short loc_fffa22b4  ; jne 0xfffa22b4
mov dword [ebp - 0x4676], 0x40660

loc_fffa229b:
mov dword [ebp - 0x4672], 0
mov dword [ebp - 0x467a], 1
jmp near loc_fffa2346  ; jmp 0xfffa2346

loc_fffa22b4:
cmp eax, 0x306d0
jne short loc_fffa2319  ; jne 0xfffa2319
mov al, byte [ebp - 0x3ae7]
mov dword [ebp - 0x4676], 0x306d0
mov dword [ebp - 0x4672], 1
cmp al, 3
je short loc_fffa2301  ; je 0xfffa2301
cmp al, 4
jne short loc_fffa230d  ; jne 0xfffa230d
mov eax, dword [0xff7d0084]
sub esp, 0xc
mov eax, dword [eax + 0x14]
add eax, 8
push eax
call fcn_fffb3fc4  ; call 0xfffb3fc4
add esp, 0x10
and eax, 0xf
cmp eax, 9
sbb eax, eax
add eax, 5
jmp short loc_fffa2340  ; jmp 0xfffa2340

loc_fffa2301:
mov dword [ebp - 0x467a], 3
jmp short loc_fffa2346  ; jmp 0xfffa2346

loc_fffa230d:
mov dword [ebp - 0x467a], 5
jmp short loc_fffa2346  ; jmp 0xfffa2346

loc_fffa2319:
cmp eax, 0x40670
jne short loc_fffa2346  ; jne 0xfffa2346
xor eax, eax
cmp byte [ebp - 0x3ae7], 0
mov dword [ebp - 0x4676], 0x40670
mov dword [ebp - 0x4672], 1
setne al

loc_fffa2340:
mov dword [ebp - 0x467a], eax

loc_fffa2346:
mov eax, dword [ebp - 0x6208]
mov dword [ebp - 0x61d4], 0
mov eax, dword [eax + 0x14]
test eax, eax
jne short loc_fffa236e  ; jne 0xfffa236e

loc_fffa235d:
mov eax, dword [ebp - 0x61ec]
xor ebx, ebx
mov edi, dword [eax + 0x15]
test edi, edi
jne short loc_fffa239a  ; jne 0xfffa239a
jmp short loc_fffa23cd  ; jmp 0xfffa23cd

loc_fffa236e:
test byte [eax + 1], 1
je short loc_fffa235d  ; je 0xfffa235d
lea eax, [ebp - 0x61d4]
push eax
push 0
push 0
push ref_fffd68e8  ; push 0xfffd68e8
call fcn_fffb020b  ; call 0xfffb020b
add esp, 0x10
test eax, eax
je short loc_fffa235d  ; je 0xfffa235d

loc_fffa2390:
mov eax, 0x8000000e
jmp near loc_fffa2b3b  ; jmp 0xfffa2b3b

loc_fffa239a:
cmp dword [ebp - 0x61e4], 4
je short loc_fffa23cd  ; je 0xfffa23cd
lea eax, [edi + 8]
mov edx, 0x185e
call fcn_fffc3cb8  ; call 0xfffc3cb8
cmp eax, dword [edi + 4]
jne short loc_fffa23cd  ; jne 0xfffa23cd
push eax
mov eax, dword [esi]
mov bl, 1
push 0x1866
push edi
lea edx, [ebp - 0x5ef5]
push edx
call dword [eax + 0x50]  ; ucall
add esp, 0x10

loc_fffa23cd:
cmp dword [ebp - 0x61e4], 0x11
jne short loc_fffa23da  ; jne 0xfffa23da
test bl, bl
je short loc_fffa2390  ; je 0xfffa2390

loc_fffa23da:
lea eax, [ebp - 0x61e0]
push eax
push 0
push 0
push ref_fffd636c  ; push 0xfffd636c
call fcn_fffb020b  ; call 0xfffb020b
mov eax, dword [ebp - 0x6200]
add esp, 0x10
dec eax
cmp eax, 1
jbe short loc_fffa2425  ; jbe 0xfffa2425
push eax
lea eax, [ebp - 0x61ed]
push eax
mov eax, dword [ebp - 0x61e0]
push dword [ebp - 0x6204]
push esi
call dword [eax + 5]  ; ucall
add esp, 0x10
mov al, 0
cmp byte [ebp - 0x61ed], 1
cmove ebx, eax

loc_fffa2425:
mov eax, dword [ebp - 0x6200]
dec eax
cmp eax, 1
jbe short loc_fffa2466  ; jbe 0xfffa2466
dec bl
jne loc_fffa2aeb  ; jne 0xfffa2aeb
mov edx, dword [ebp - 0x61ec]
mov eax, dword [edx + 9]
cmp byte [eax + 0x56], 0
je loc_fffa2aeb  ; je 0xfffa2aeb
xor ecx, ecx
lea eax, [ebp - 0x5efd]
call fcn_fffb8de9  ; call 0xfffb8de9
test al, al
jne loc_fffa2aeb  ; jne 0xfffa2aeb
jmp near loc_fffa2b10  ; jmp 0xfffa2b10

loc_fffa2466:
mov edx, dword [ebp - 0x61ec]
mov eax, dword [edx + 1]
mov eax, dword [eax + 4]
mov dword [ebp - 0x4638], eax
test bl, bl
je loc_fffa2aeb  ; je 0xfffa2aeb
mov edi, dword [ebp - 0x6200]
lea eax, [ebp - 0x5efd]
mov ecx, edi
call fcn_fffb8de9  ; call 0xfffb8de9
dec al
je loc_fffa2aeb  ; je 0xfffa2aeb
dec edi
mov dword [ebp - 0x61fc], 2
jne short loc_fffa24ca  ; jne 0xfffa24ca
mov edx, 0x5d10
lea eax, [ebp - 0x5efd]
call fcn_fffb333d  ; call 0xfffb333d
or edx, eax
je loc_fffa2aeb  ; je 0xfffa2aeb
mov dword [ebp - 0x61fc], 1

loc_fffa24ca:
cmp dword [ebp - 0x4676], 0x306d0
jne short loc_fffa24fe  ; jne 0xfffa24fe
mov eax, dword [0xff7d0084]
sub esp, 0xc
mov eax, dword [eax + 0x14]
add eax, 8
push eax
call fcn_fffb3fc4  ; call 0xfffb3fc4
add esp, 0x10
and eax, 0xf
cmp eax, 7
ja short loc_fffa24fe  ; ja 0xfffa24fe
mov byte [ebp - 0x4610], 1
jmp short loc_fffa2505  ; jmp 0xfffa2505

loc_fffa24fe:
mov byte [ebp - 0x4610], 0

loc_fffa2505:
mov bl, byte [ebp - 0x4610]
call fcn_fffb059d  ; call 0xfffb059d
push edi
push edi
push eax
push ref_fffd68cc  ; push 0xfffd68cc
call fcn_fffc5baf  ; call 0xfffc5baf
add esp, 0x10
test eax, eax
je short loc_fffa2540  ; je 0xfffa2540
movzx edi, byte [eax + 0x19]
xor edx, edx
cmp byte [eax + 0x18], 1
movzx ecx, byte [eax + 0x21]
cmove edx, edi
cmp byte [eax + 0x20], 1
cmove edx, ecx
add ecx, edi
jmp short loc_fffa2544  ; jmp 0xfffa2544

loc_fffa2540:
xor edx, edx
xor ecx, ecx

loc_fffa2544:
cmp bl, 1
sbb cl, 0xff
test cl, cl
je short loc_fffa255d  ; je 0xfffa255d
movzx ecx, cl
mov dword [ebp - 0x4618], ecx
mov dword [ebp - 0x4614], edx

loc_fffa255d:
push ebx
mov edx, dword [ebp - 0x61fc]
push dword [ebp - 0x3aeb]
push dword [ebp - 0x61ec]
mov eax, dword [ebp - 0x61e4]
lea ecx, [ebp - 0x5efd]
push esi
call fcn_fffb0688  ; call 0xfffb0688
add esp, 0x10
mov dword [ebp - 0x4628], 0
mov dword [ebp - 0x4652], eax
mov eax, dword [ebp - 0x61d4]
test eax, eax
je short loc_fffa25be  ; je 0xfffa25be
cmp dword [ebp - 0x61e4], 0x11
je short loc_fffa25be  ; je 0xfffa25be
sub esp, 0xc
push eax
call dword [eax + 1]  ; ucall
add esp, 0x10
cmp eax, 2
jne short loc_fffa25be  ; jne 0xfffa25be
mov byte [ebp - 0x3af6], 1

loc_fffa25be:
push ecx
mov eax, dword [ebp - 0x61e0]
push ecx
push dword [ebp - 0x6204]
push esi
call dword [eax + 1]  ; ucall
add esp, 0x10
mov dword [ebp - 0x4628], eax

loc_fffa25d9:
cmp dword [ebp - 0x4652], 0
jne short loc_fffa2643  ; jne 0xfffa2643
mov ebx, dword [ebp - 0x3ab9]
push 0xa0
push 0
push 0x1f
push 0
call dword [ebx + 0x48]  ; ucall
mov edi, eax
pop eax
movzx eax, word [ebp - 0x3ae6]
pop edx
push edi
push eax
call dword [ebx + 0x14]  ; ucall
movzx eax, word [ebp - 0x3ae4]
mov dword [esp], eax
call dword [ebx + 8]  ; ucall
movzx edx, word [ebp - 0x3ae6]
pop ecx
mov dword [ebp - 0x6208], eax
pop eax
push edi
push edx
call dword [ebx + 0x14]  ; ucall
pop eax
mov eax, dword [ebp - 0x6208]
pop edx
and eax, 0xff7f0000
push eax
movzx eax, word [ebp - 0x3ae4]
push eax
call dword [ebx + 0x14]  ; ucall
add esp, 0x10

loc_fffa2643:
mov eax, dword [ebp - 0x3ab9]
mov ebx, 1
push edi
push 4
mov ecx, eax
mov dword [ebp - 0x620c], eax
mov eax, dword [ebp - 0x4652]
mov dword [ebp - 0x2814], eax
mov eax, dword [ebp - 0x4672]
lea eax, [eax*4 + ref_fffd3520]  ; lea eax, [eax*4 - 0x2cae0]
push eax
lea eax, [ebp - 0x282d]
push eax
mov eax, ecx
call dword [eax + 0x58]  ; ucall
add esp, 0x10
mov dl, 1
mov word [ebp - 0x6208], 0

loc_fffa268d:
mov eax, dword [ebp - 0x6208]
cmp ax, 0x41
lea ecx, [eax - 0x2300]
setbe al
mov word [ebp - 0x620e], cx
test al, dl
je loc_fffa27b5  ; je 0xfffa27b5
movzx eax, word [ebp - 0x6208]
mov dl, 1
imul eax, eax, 0xc
cmp dword [eax + ref_fffd55c8], 0  ; cmp dword [eax - 0x2aa38], 0
mov dword [ebp - 0x6214], eax
lea edi, [eax + ref_fffd55c8]  ; lea edi, [eax - 0x2aa38]
je loc_fffa27a9  ; je 0xfffa27a9
mov al, byte [edi + 0xb]
cmp byte [ebp - 0x465f], al
jae loc_fffa27a9  ; jae 0xfffa27a9
mov eax, dword [ebp - 0x465e]
test eax, eax
jne short loc_fffa26f3  ; jne 0xfffa26f3
test byte [edi + 0xa], 0x10
jmp short loc_fffa26fe  ; jmp 0xfffa26fe

loc_fffa26f3:
dec eax
jne loc_fffa27a9  ; jne 0xfffa27a9
test byte [edi + 0xa], 0x20

loc_fffa26fe:
je loc_fffa27a9  ; je 0xfffa27a9
mov eax, dword [ebp - 0x2814]
cmp eax, 2
jne short loc_fffa2715  ; jne 0xfffa2715
test byte [edi + 0xa], 8
jmp short loc_fffa2729  ; jmp 0xfffa2729

loc_fffa2715:
cmp eax, 3
jne short loc_fffa2720  ; jne 0xfffa2720
test byte [edi + 0xa], 2
jmp short loc_fffa2729  ; jmp 0xfffa2729

loc_fffa2720:
cmp eax, 1
jne short loc_fffa272f  ; jne 0xfffa272f
test byte [edi + 0xa], 4

loc_fffa2729:
jne short loc_fffa273b  ; jne 0xfffa273b
mov dl, 1
jmp short loc_fffa27a9  ; jmp 0xfffa27a9

loc_fffa272f:
mov dl, 1
test eax, eax
jne short loc_fffa27a9  ; jne 0xfffa27a9
test byte [edi + 0xa], 1
je short loc_fffa27a9  ; je 0xfffa27a9

loc_fffa273b:
mov edx, dword [edi + 6]
cmp edx, 0x44
jbe short loc_fffa2796  ; jbe 0xfffa2796

loc_fffa2743:
mov eax, dword [edi + 4]
mov edi, dword [ebp - 0x620c]
push ebx
push ebx
cmp ax, 0xffff
cmove ax, word [ebp - 0x620e]
movzx eax, ax
push eax
lea eax, [ebp - 0x5efd]
push eax
call dword [edi + 0x94]  ; ucall
mov eax, edi
call dword [eax + 0x54]  ; ucall
lea eax, [ebp - 0x5efd]
mov dword [esp], eax
mov eax, dword [ebp - 0x6214]
call dword [eax + ref_fffd55c8]  ; ucall: call dword [eax - 0x2aa38]
mov ebx, eax
mov eax, edi
call dword [eax + 0x54]  ; ucall
add esp, 0x10
test ebx, ebx
sete dl
jmp short loc_fffa27a9  ; jmp 0xfffa27a9

loc_fffa2796:
xor ecx, ecx
lea eax, [ebp - 0x5efd]
call fcn_fffc3b02  ; call 0xfffc3b02
mov dl, 1
test eax, eax
je short loc_fffa2743  ; je 0xfffa2743

loc_fffa27a9:
inc word [ebp - 0x6208]
jmp near loc_fffa268d  ; jmp 0xfffa268d

loc_fffa27b5:
push ecx
push ecx
push ebx
lea eax, [ebp - 0x5efd]
push eax
call dword [ebp - 0x60cc]  ; ucall
add esp, 0x10
cmp ebx, 0x17
je loc_fffa28c9  ; je 0xfffa28c9
ja short loc_fffa27e5  ; ja 0xfffa27e5
test ebx, ebx
je loc_fffa2940  ; je 0xfffa2940
cmp ebx, 0x16
je short loc_fffa2852  ; je 0xfffa2852
jmp near loc_fffa2917  ; jmp 0xfffa2917

loc_fffa27e5:
cmp ebx, 0x18
je loc_fffa2883  ; je 0xfffa2883
cmp ebx, 0x1c
jne loc_fffa2917  ; jne 0xfffa2917
push eax
push eax
push 0x3a91
lea eax, [ebp - 0x3ab1]
push eax
call fcn_fffb067f  ; call 0xfffb067f
pop eax
pop edx
lea eax, [ebp - 0x60c8]
push 0x1cb
push eax
call fcn_fffb067f  ; call 0xfffb067f
lea eax, [ebp - 0x61c1]
add esp, 0x10
mov dword [ebp - 0x3ab1], 0x3a91
mov dword [ebp - 0x60c8], 0x1cb
mov dword [ebp - 0x60c4], eax
mov byte [ebp - 0x3a6d], 1
inc byte [ebp - 0x465f]
jmp near loc_fffa2940  ; jmp 0xfffa2940

loc_fffa2852:
sub esp, 0xc
push 0
lea ecx, [ebp - 0x61ee]
lea edx, [ebp - 0x61d8]
lea eax, [ebp - 0x5efd]
call fcn_fffa7762  ; call 0xfffa7762
mov al, byte [ebp - 0x2815]
add esp, 0x10
cmp byte [ebp - 0x61ee], al
jae loc_fffa2917  ; jae 0xfffa2917

loc_fffa2883:
cmp dword [ebp - 0x4652], 3
jne short loc_fffa28b8  ; jne 0xfffa28b8
push eax
mov eax, dword [ebp - 0x61e4]
xor edx, edx
push dword [ebp - 0x3aeb]
push dword [ebp - 0x61ec]
lea ecx, [ebp - 0x5efd]
push esi
call fcn_fffb0688  ; call 0xfffb0688
add esp, 0x10
mov dword [ebp - 0x4652], eax
jmp short loc_fffa28c2  ; jmp 0xfffa28c2

loc_fffa28b8:
mov dword [ebp - 0x4652], 0

loc_fffa28c2:
mov ebx, 0x18
jmp short loc_fffa2940  ; jmp 0xfffa2940

loc_fffa28c9:
sub esp, 0xc
mov eax, dword [ebp - 0x61e0]
push dword [ebp - 0x4628]
push dword [ebp - 0x27cb]
push 1
push dword [ebp - 0x6204]
push esi
call dword [eax + 9]  ; ucall
add esp, 0x18
push 0xddfe
lea eax, [ebp - 0x5efd]
push eax
call dword [ebp - 0x60e0]  ; ucall
mov eax, dword [esi]
pop ebx
pop edi
push 0
push 0
push 0
push 0x51009
push 2
push esi
call dword [eax + 0x58]  ; ucall
add esp, 0x20

loc_fffa2917:
sub esp, 0xc
mov ebx, dword [ebp - 0x6168]
push 0x80
call dword [ebp - 0x6174]  ; ucall
pop edx
pop ecx
or eax, 0xffffff80
movzx eax, al
push eax
push 0x80
call ebx
jmp near loc_fffa2b33  ; jmp 0xfffa2b33

loc_fffa2940:
and ebx, 0xfffffffb
cmp ebx, 0x18
je loc_fffa25d9  ; je 0xfffa25d9
mov eax, dword [ebp - 0x61d4]
test eax, eax
jne short loc_fffa295a  ; jne 0xfffa295a

loc_fffa2956:
xor edi, edi
jmp short loc_fffa296d  ; jmp 0xfffa296d

loc_fffa295a:
sub esp, 0xc
push eax
call dword [eax + 1]  ; ucall
add esp, 0x10
test eax, eax
je short loc_fffa2956  ; je 0xfffa2956
mov edi, 0xffffff80

loc_fffa296d:
cmp dword [ebp - 0x61fc], 0
sete bl
cmp byte [ebp - 0x6200], 1
sete al
test bl, al
je short loc_fffa298b  ; je 0xfffa298b
and edi, 0xfffffff0
or edi, 3

loc_fffa298b:
cmp dword [ebp - 0x4628], 0x20
ja short loc_fffa29d8  ; ja 0xfffa29d8
mov eax, dword [0xff7d0084]
sub esp, 0xc
mov eax, dword [eax + 0x14]
add eax, 0xb0010
push eax
call fcn_fffb3fc4  ; call 0xfffb3fc4
add esp, 0x10
inc eax
je short loc_fffa29d8  ; je 0xfffa29d8
sub esp, 0xc
mov eax, edi
push dword [ebp - 0x4628]
movzx edi, al
push dword [ebp - 0x27cb]
mov eax, dword [ebp - 0x61e0]
push edi
push dword [ebp - 0x6204]
push esi
call dword [eax + 9]  ; ucall
add esp, 0x20

loc_fffa29d8:
mov eax, dword [ebp - 0x61d4]
test eax, eax
je short loc_fffa2a2d  ; je 0xfffa2a2d
mov edx, dword [ebp - 0x61ec]
mov edx, dword [edx + 9]
cmp byte [edx + 0x56], 0
je short loc_fffa2a2d  ; je 0xfffa2a2d
sub esp, 0xc
push eax
call dword [eax + 1]  ; ucall
add esp, 0x10
cmp eax, 2
jne short loc_fffa2a2d  ; jne 0xfffa2a2d
cmp dword [ebp - 0x4652], 3
je short loc_fffa2a2d  ; je 0xfffa2a2d
lea eax, [ebp - 0x61dc]
push eax
push 0
push 0
push ref_fffd689c  ; push 0xfffd689c
call fcn_fffb020b  ; call 0xfffb020b
mov eax, dword [ebp - 0x61dc]
pop ecx
pop edi
push 3
push eax
call dword [eax]  ; ucall
jmp short loc_fffa2a44  ; jmp 0xfffa2a44

loc_fffa2a2d:
mov eax, dword [ebp - 0x61d4]
test eax, eax
je short loc_fffa2a47  ; je 0xfffa2a47
push edx
push edx
lea edx, [ebp - 0x61e4]
push edx
push eax
call dword [eax + 5]  ; ucall

loc_fffa2a44:
add esp, 0x10

loc_fffa2a47:
cmp dword [ebp - 0x61e4], 0x11
je short loc_fffa2ac6  ; je 0xfffa2ac6
cmp dword [ebp - 0x61fc], 3
sete al
or al, bl
je short loc_fffa2a88  ; je 0xfffa2a88
xor eax, eax

loc_fffa2a60:
cmp eax, 0x1000
je short loc_fffa2a6c  ; je 0xfffa2a6c
mov byte [eax], al
inc eax
jmp short loc_fffa2a60  ; jmp 0xfffa2a60

loc_fffa2a6c:
mov edx, 0x14

loc_fffa2a71:
xor eax, eax

loc_fffa2a73:
cmp eax, 0x1000
je short loc_fffa2a85  ; je 0xfffa2a85
cmp byte [eax], al
jne loc_fffa2b1f  ; jne 0xfffa2b1f
inc eax
jmp short loc_fffa2a73  ; jmp 0xfffa2a73

loc_fffa2a85:
dec edx
jne short loc_fffa2a71  ; jne 0xfffa2a71

loc_fffa2a88:
push ebx
mov eax, dword [esi]
mov esi, dword [ebp - 0x61e8]
lea edx, [ebp - 0x5efd]
push 0x5ee5
push edx
lea edx, [esi + 0x18]
push edx
mov dword [ebp - 0x3a9d], 0
call dword [eax + 0x50]  ; ucall
mov eax, dword [ebp - 0x61e8]
pop esi
pop edi
add eax, 0x5efd
push 1
push eax
call fcn_fffb067f  ; call 0xfffb067f
add esp, 0x10

loc_fffa2ac6:
push ecx
push ecx
push 0x55
lea eax, [ebp - 0x5efd]
push eax
call dword [ebp - 0x60e0]  ; ucall
add esp, 0x10
xor eax, eax
jmp short loc_fffa2b3b  ; jmp 0xfffa2b3b

loc_fffa2ade:
test al, 1
je loc_fffa21f6  ; je 0xfffa21f6
jmp near loc_fffa21e3  ; jmp 0xfffa21e3

loc_fffa2aeb:
push edx
push edx
push 0x1866
lea eax, [ebp - 0x5ef5]
push eax
call fcn_fffb067f  ; call 0xfffb067f
add esp, 0x10
mov dword [ebp - 0x61fc], 0
jmp near loc_fffa24ca  ; jmp 0xfffa24ca

loc_fffa2b10:
mov dword [ebp - 0x61fc], 3
jmp near loc_fffa24ca  ; jmp 0xfffa24ca

loc_fffa2b1f:
push eax
push eax
push 0xd5
lea eax, [ebp - 0x5efd]
push eax
call dword [ebp - 0x60e0]  ; ucall

loc_fffa2b33:
add esp, 0x10
mov eax, 0x80000007

loc_fffa2b3b:
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa2b43:  ; not directly referenced
push ebp
mov ecx, 9
mov ebp, esp
push edi
push esi
mov esi, ref_fffd3580  ; mov esi, 0xfffd3580
push ebx
sub esp, 0x100
mov eax, dword [ebp + 8]
lea edi, [ebp - 0x31]
mov byte [ebp - 0x45], 0x40
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
mov eax, dword [eax + 0x5edd]
mov byte [ebp - 0x44], 0x60
mov byte [ebp - 0x43], 0x40
mov byte [ebp - 0x42], 0x40
mov dword [ebp - 0x70], eax
mov eax, dword [ebp + 8]
mov byte [ebp - 0x41], 0x40
mov byte [ebp - 0x40], 0x19
mov byte [ebp - 0x3f], 0x32
mov ebx, dword [eax + 0x2444]
mov eax, dword [eax + 0x18a7]
mov byte [ebp - 0x3e], 0x14
mov byte [ebp - 0x3d], 0x14
mov byte [ebp - 0x3c], 0x19
mov esi, eax
mov byte [ebp - 0x51], 0x2e
mov byte [ebp - 0x50], 0x46
mov byte [ebp - 0x4f], 0x46
mov byte [ebp - 0x4e], 0x2e
mov byte [ebp - 0x3b], 0x21
mov byte [ebp - 0x3a], 0x32
mov byte [ebp - 0x39], 0x14
mov byte [ebp - 0x38], 0x14
mov byte [ebp - 0x37], 0x1d
mov byte [ebp - 0x4d], 0x3b
mov byte [ebp - 0x4c], 0x35
mov byte [ebp - 0x4b], 0x35
mov byte [ebp - 0x4a], 0x35
mov dword [ebp - 0x88], eax
mov eax, dword [ebp + 8]
mov ecx, dword [ebp + 8]
mov eax, dword [eax + 0x1887]
mov edi, eax
mov dword [ebp - 0x8c], eax
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x1883]
mov dword [ebp - 0xe8], eax
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x188b]
mov dword [ebp - 0x80], eax
mov eax, dword [ecx + esi*4 + 0x3736]
mov dword [ebp - 0x7c], eax
movzx eax, byte [ecx + 0x2409]
mov dword [ebp - 0x90], eax
mov al, byte [ecx + 0x3749]
push 0
push 2
mov byte [ebp - 0xec], al
lea eax, [ebp - 0x5a]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 5
lea eax, [ebp - 0x3b]
push eax
lea eax, [ebp - 0x36]
push eax
call dword [ebx + 0x58]  ; ucall
add esp, 0xc
push 4
lea eax, [ebp - 0x4d]
push eax
lea eax, [ebp - 0x49]
push eax
call dword [ebx + 0x58]  ; ucall
mov eax, dword [ebp + 8]
mov ebx, dword [eax + 0x2444]
mov esi, dword [ebx + 0x14]
push 0
push 0
push 0
push 0
call dword [ebx + 0x48]  ; ucall
add esp, 0x18
push eax
mov eax, dword [ebp + 8]
movzx eax, word [eax + 0x2417]
push eax
call esi
mov eax, dword [ebp + 8]
movzx eax, word [eax + 0x2419]
mov dword [esp], eax
call dword [ebx + 8]  ; ucall
mov esi, dword [ebp + 8]
mov ebx, dword [esi + 0x2444]
shr eax, 0x10
mov word [esi + 0x3753], ax
mov esi, dword [ebx + 0x14]
push 8
push 0
push 0
push 0
call dword [ebx + 0x48]  ; ucall
add esp, 0x18
push eax
mov eax, dword [ebp + 8]
movzx eax, word [eax + 0x2417]
push eax
call esi
mov eax, dword [ebp + 8]
movzx eax, word [eax + 0x2419]
mov dword [esp], eax
call dword [ebx + 8]  ; ucall
mov esi, dword [ebp + 8]
add esp, 0x10
cmp edi, 0x40660
sete dl
cmp edi, 0x306c0
mov byte [esi + 0x3755], al
sete al
or dl, al
mov byte [ebp - 0x82], dl
je short loc_fffa2d40  ; je 0xfffa2d40

loc_fffa2cfc:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x3757], 2
jne short loc_fffa2d32  ; jne 0xfffa2d32
imul eax, dword [ebp - 0x88], 0x2e
mov edi, dword [ebp + 8]
lea eax, [edi + eax + 0x3757]
mov cx, word [eax + 0xa]
movzx ebx, word [eax + 0xc]
movzx edx, cx
sub edx, ebx
cmp edx, 4
jle short loc_fffa2d32  ; jle 0xfffa2d32
sub ecx, 4
mov word [eax + 0xc], cx

loc_fffa2d32:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x4b1a], 2
je short loc_fffa2d61  ; je 0xfffa2d61
jmp short loc_fffa2d4c  ; jmp 0xfffa2d4c

loc_fffa2d40:  ; not directly referenced
cmp dword [ebp - 0x8c], 0x40670
je short loc_fffa2cfc  ; je 0xfffa2cfc

loc_fffa2d4c:  ; not directly referenced
mov eax, dword [ebp + 8]
xor ecx, ecx
mov edx, 0x3c
call fcn_fffc3b02  ; call 0xfffc3b02
test eax, eax
je short loc_fffa2d8d  ; je 0xfffa2d8d
jmp short loc_fffa2dda  ; jmp 0xfffa2dda

loc_fffa2d61:  ; not directly referenced
imul eax, dword [ebp - 0x88], 0x2e
mov edi, dword [ebp + 8]
lea eax, [edi + eax + 0x4b1a]
mov cx, word [eax + 0xa]
movzx ebx, word [eax + 0xc]
movzx edx, cx
sub edx, ebx
cmp edx, 4
jle short loc_fffa2d4c  ; jle 0xfffa2d4c
sub ecx, 4
mov word [eax + 0xc], cx
jmp short loc_fffa2d4c  ; jmp 0xfffa2d4c

loc_fffa2d8d:  ; not directly referenced
mov eax, dword [ebp + 8]
sub esp, 0xc
lea ecx, [ebp - 0x5b]
lea edx, [ebp - 0x28]
mov edi, dword [eax + 0x2444]
lea eax, [ebp - 0x58]
push eax
mov eax, dword [ebp + 8]
call fcn_fffa7762  ; call 0xfffa7762
add esp, 0x10
test eax, eax
je loc_fffa2e6c  ; je 0xfffa2e6c
mov edi, dword [ebp + 8]
mov dword [edi + 0x36d8], eax
mov eax, dword [ebp - 0x28]
mov dword [edi + 0x36e0], eax
mov eax, dword [ebp - 0x58]
mov dword [edi + 0x36e4], eax
mov al, byte [ebp - 0x5b]
mov byte [edi + 0x36e8], al

loc_fffa2dda:  ; not directly referenced
mov eax, dword [ebp + 8]
xor ecx, ecx
mov edx, 0x3d
call fcn_fffc3b02  ; call 0xfffc3b02
mov eax, dword [ebp + 8]
xor edx, edx
mov ecx, 0x7d0
mov edi, dword [ebp + 8]
mov eax, dword [eax + 0x36e0]
div ecx
mov word [edi + 0x248a], ax
mov eax, dword [edi + 0x2481]
cmp eax, 3
sete bl
cmp eax, 2
mov dword [ebp - 0xf0], eax
sete al
movzx edi, bl
cmp dword [ebp - 0x8c], 0x40650
movzx eax, al
mov byte [ebp - 0xdc], bl
mov dword [ebp - 0xe0], eax
sete bl
cmp dword [ebp - 0x80], 1
mov dword [ebp - 0x78], edi
mov byte [ebp - 0x81], bl
sete al
mov byte [ebp - 0x6c], al
or al, bl
mov byte [ebp - 0x84], al
jne loc_fffa3001  ; jne 0xfffa3001
mov dword [ebp - 0x98], 0
jmp near loc_fffa306d  ; jmp 0xfffa306d

loc_fffa2e6c:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x36e9], 0
jne loc_fffa2f89  ; jne 0xfffa2f89
cmp dword [eax + 0x18a7], 1
jne short loc_fffa2e9d  ; jne 0xfffa2e9d
mov al, byte [eax + 0x1876]
test al, al
je short loc_fffa2e9d  ; je 0xfffa2e9d
mov esi, dword [ebp + 8]
mov byte [esi + 0x36e8], al
jmp near loc_fffa2f89  ; jmp 0xfffa2f89

loc_fffa2e9d:  ; not directly referenced
mov esi, dword [ebp + 8]
mov eax, dword [ebp + 8]
mov dword [ebp - 0x74], 0x3e8
mov esi, dword [esi + 0x36d8]
mov eax, dword [eax + 0x187b]
mov dword [ebp - 0x6c], esi
mov esi, dword [ebp + 8]
mov ecx, dword [esi + 0x5edd]
mov esi, dword [esi + 0x2444]
test eax, eax
je short loc_fffa2ed8  ; je 0xfffa2ed8
mov ebx, 0x186a0
xor edx, edx
div ebx
mov dword [ebp - 0x74], eax

loc_fffa2ed8:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x1887], 0x306d0
jne short loc_fffa2f32  ; jne 0xfffa2f32
cmp dword [eax + 0x1883], 4
jbe short loc_fffa2f32  ; jbe 0xfffa2f32
cmp byte [eax + 0x2442], 1
jne short loc_fffa2f32  ; jne 0xfffa2f32
cmp dword [eax + 0x1877], 2
jne short loc_fffa2f32  ; jne 0xfffa2f32
cmp dword [ebp - 0x6c], 0x640
jne short loc_fffa2f32  ; jne 0xfffa2f32
mov eax, dword [ecx + 0x1c6]
test eax, eax
je short loc_fffa2f32  ; je 0xfffa2f32
cmp byte [ecx + 0x1ca], 0
jne short loc_fffa2f25  ; jne 0xfffa2f25
cmp eax, 0x63f
jbe short loc_fffa2f32  ; jbe 0xfffa2f32

loc_fffa2f25:  ; not directly referenced
mov eax, dword [ebp + 8]
mov dword [eax + 0x36e4], 1

loc_fffa2f32:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ebx, 0x30d40
cmp dword [eax + 0x36e4], 1
mov eax, 0x411ab
cmovne ebx, eax
xor edx, edx
push eax
mov eax, dword [ebp - 0x6c]
push 0x3b9aca00
push edx
push eax
call dword [esi + 0x70]  ; ucall
mov ecx, dword [ebp - 0x74]
mov dword [esp], 0
imul ecx, ebx
xor ebx, ebx
push ebx
push ecx
push edx
push eax
call dword [esi + 0x74]  ; ucall
mov ecx, 0x3e8
xor edx, edx
mov esi, dword [ebp + 8]
add esp, 0x20
add eax, 0x1f4
div ecx
mov byte [esi + 0x36e8], al

loc_fffa2f89:  ; not directly referenced
mov eax, dword [ebp + 8]
mov bl, byte [eax + 0x36e8]
lea eax, [ebx - 3]
cmp al, 0xc
jbe short loc_fffa2fa3  ; jbe 0xfffa2fa3

loc_fffa2f99:  ; not directly referenced
mov edx, 0x16
jmp near loc_fffa5b6f  ; jmp 0xfffa5b6f

loc_fffa2fa3:  ; not directly referenced
mov eax, dword [ebp + 8]
and ebx, 0xf
mov edx, 0x5e00
cmp dword [eax + 0x36e4], 0
setne al
movzx eax, al
shl eax, 4
or ebx, eax
mov eax, dword [ebp + 8]
or ebx, 0x80000000
mov ecx, ebx
call fcn_fffb3381  ; call 0xfffb3381
call dword [edi + 0x54]  ; ucall
lea esi, [eax + 0x2710]

loc_fffa2fd9:  ; not directly referenced
shr ebx, 0x18
test bl, bl
jns loc_fffa5af9  ; jns 0xfffa5af9
call dword [edi + 0x54]  ; ucall
cmp edx, 0
ja short loc_fffa2f99  ; ja 0xfffa2f99
cmp eax, esi
jae short loc_fffa2f99  ; jae 0xfffa2f99
mov eax, dword [ebp + 8]
mov edx, 0x5e00
call fcn_fffb331f  ; call 0xfffb331f
mov ebx, eax
jmp short loc_fffa2fd9  ; jmp 0xfffa2fd9

loc_fffa3001:  ; not directly referenced
xor ecx, ecx
cmp dword [ebp - 0x90], 0
sete cl
shl ecx, 0xa
cmp dword [ebp - 0x78], 0
je short loc_fffa3039  ; je 0xfffa3039
mov eax, dword [ebp + 8]
or ch, 8
mov al, byte [eax + 0x240c]
mov edx, eax
and edx, 0xf
shr al, 4
shl edx, 0xc
and eax, 0xf
shl eax, 0x10
or ecx, edx
or ecx, eax
jmp short loc_fffa304b  ; jmp 0xfffa304b

loc_fffa3039:  ; not directly referenced
mov edi, dword [ebp - 0xe0]
mov eax, ecx
or eax, 0x100000
test edi, edi
cmovne ecx, eax

loc_fffa304b:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 0x2008
call fcn_fffb3381  ; call 0xfffb3381
xor eax, eax
cmp dword [ebp - 0x8c], 0x40670
setne al
mov dword [ebp - 0x98], eax

loc_fffa306d:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 0x5034
movzx ecx, byte [eax + 0x36d0]
movzx eax, byte [eax + 0x36d1]
shl ecx, 0x18
shl eax, 0x10
or ecx, eax
mov eax, dword [ebp + 8]
movzx eax, byte [eax + 0x36d3]
or ecx, eax
mov eax, dword [ebp + 8]
movzx eax, byte [eax + 0x36d2]
shl eax, 8
or ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
cmp dword [ebp - 0x7c], 0x546
ja short loc_fffa30cb  ; ja 0xfffa30cb
cmp dword [ebp - 0x7c], 0x4e2
mov byte [ebp - 0x74], 0
setbe byte [ebp - 0xd8]
jmp short loc_fffa30d6  ; jmp 0xfffa30d6

loc_fffa30cb:  ; not directly referenced
mov byte [ebp - 0xd8], 0
mov byte [ebp - 0x74], 1

loc_fffa30d6:  ; not directly referenced
cmp byte [ebp - 0x6c], 0
je short loc_fffa30ff  ; je 0xfffa30ff
mov edi, dword [ebp + 8]
xor eax, eax
cmp byte [edi + 0x240f], 0
je short loc_fffa30f6  ; je 0xfffa30f6
xor eax, eax
cmp dword [ebp - 0x7c], 0x5db
setbe al

loc_fffa30f6:  ; not directly referenced
mov edi, dword [ebp - 0x70]
mov byte [edi + 0x1c5], al

loc_fffa30ff:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 0x3918
call fcn_fffb331f  ; call 0xfffb331f
mov edi, dword [ebp + 8]
mov dl, byte [edi + 0x36e8]
and eax, 3
cmp dword [edi + 0x36e4], 1
sbb ecx, ecx
and ecx, 0xfffffffe
add ecx, 6
sub edx, ecx
mov cl, 4
cmp dl, 4
cmovle ecx, edx
xor edx, edx
test cl, cl
cmovns edx, ecx
cmp byte [ebp - 0x81], 0
je short loc_fffa3161  ; je 0xfffa3161
movzx ebx, byte [ebp - 0x74]
cmp dl, 2
mov cl, 2
cmovle ecx, edx
movzx eax, al
movsx ecx, cl
lea ebx, [ebx + ebx*2]
add ecx, ebx
mov al, byte [eax + ecx*4 + ref_fffd35c4]  ; mov al, byte [eax + ecx*4 - 0x2ca3c]
jmp short loc_fffa317d  ; jmp 0xfffa317d

loc_fffa3161:  ; not directly referenced
cmp byte [ebp - 0x6c], 0
jne short loc_fffa3185  ; jne 0xfffa3185
movzx ecx, byte [ebp - 0x74]
movsx edx, dl
movzx eax, al
lea ecx, [ecx + ecx*4]
add edx, ecx
mov al, byte [eax + edx*4 + ref_fffd359c]  ; mov al, byte [eax + edx*4 - 0x2ca64]

loc_fffa317d:  ; not directly referenced
mov byte [ebp - 0xc8], al
jmp short loc_fffa318c  ; jmp 0xfffa318c

loc_fffa3185:  ; not directly referenced
mov byte [ebp - 0xc8], 4

loc_fffa318c:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x3757], 2
jne short loc_fffa31ad  ; jne 0xfffa31ad
imul eax, dword [ebp - 0x88], 0x2e
mov edi, dword [ebp + 8]
mov ax, word [edi + eax + 0x3761]
mov byte [ebp - 0x5a], al

loc_fffa31ad:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x4b1a], 2
jne short loc_fffa31ce  ; jne 0xfffa31ce
imul eax, dword [ebp - 0x88], 0x2e
mov edi, dword [ebp + 8]
mov ax, word [edi + eax + 0x4b24]
mov byte [ebp - 0x59], al

loc_fffa31ce:  ; not directly referenced
mov eax, dword [ebp + 8]
xor esi, esi
mov byte [ebp - 0x83], 0
lea edi, [eax + 0x381b]
add eax, 0x1eaa
mov dword [ebp - 0xe4], eax

loc_fffa31eb:  ; not directly referenced
cmp dword [edi - 0xc4], 2
jne loc_fffa3375  ; jne 0xfffa3375
cmp dword [edi - 4], 2
mov ecx, esi
mov ebx, dword [ebp + 8]
sete al
add byte [ebp - 0x83], al
mov eax, 1
shl eax, cl
or byte [ebx + 0x248f], al
mov al, byte [edi]
or byte [ebx + 0x248e], al
mov cl, byte [edi]
and ecx, 0xf
cmp dword [ebp - 0x78], 0
je short loc_fffa3244  ; je 0xfffa3244
mov ebx, dword [ebp - 0xe4]
xor ecx, ecx
cmp byte [ebx - 1], 0
setne cl
mov eax, ecx
or eax, 2
cmp byte [ebx], 0
cmovne ecx, eax

loc_fffa3244:  ; not directly referenced
mov eax, dword [ebp + 8]
lea ebx, [esi + 0x18]
shl ebx, 8
mov edx, ebx
call fcn_fffb3381  ; call 0xfffb3381
movzx eax, byte [edi]
and eax, 0xf
cmp byte [ebp - 0x81], 0
mov ecx, eax
je short loc_fffa327f  ; je 0xfffa327f
cmp dword [ebp - 0x78], 0
je short loc_fffa327a  ; je 0xfffa327a
mov edx, dword [ebp + 8]
or ecx, 0x20
cmp byte [edx + 0x240a], 0
jne short loc_fffa327f  ; jne 0xfffa327f

loc_fffa327a:  ; not directly referenced
or eax, 0x30
mov ecx, eax

loc_fffa327f:  ; not directly referenced
cmp byte [ebp - 0xec], 0
sete al
and al, byte [ebp - 0x6c]
mov byte [ebp - 0xf4], al
je short loc_fffa3297  ; je 0xfffa3297
or ecx, 0x40

loc_fffa3297:  ; not directly referenced
lea eax, [ebx - 0x1800]
mov dword [ebp - 0xf8], eax
mov eax, dword [ebp + 8]
lea edx, [ebx + 0x420]
call fcn_fffb3381  ; call 0xfffb3381
mov dl, byte [edi]
mov ebx, edx
and ebx, 0xf
cmp dword [ebp - 0x78], 0
je loc_fffa3346  ; je 0xfffa3346
mov eax, dword [ebp + 8]
lea ecx, [esi*4]
xor ebx, ebx
mov dword [ebp - 0xa8], 0
movzx eax, byte [eax + 0x240c]
sar eax, cl
movzx ecx, dl
and eax, 0xf
mov dword [ebp - 0xfc], ecx

loc_fffa32ed:  ; not directly referenced
mov cl, byte [ebp - 0xa8]
mov edx, dword [ebp - 0xfc]
sar edx, cl
xor ecx, ecx
mov dword [ebp - 0x94], edx
and dword [ebp - 0x94], 1

loc_fffa330a:  ; not directly referenced
mov edx, eax
shr edx, cl
and edx, 1
cmp edx, dword [ebp - 0xa8]
jne short loc_fffa332e  ; jne 0xfffa332e
cmp dword [ebp - 0x94], 0
je short loc_fffa332e  ; je 0xfffa332e
mov edx, 1
shl edx, cl
or ebx, edx
and ebx, 0xf

loc_fffa332e:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffa330a  ; jne 0xfffa330a
inc dword [ebp - 0xa8]
cmp dword [ebp - 0xa8], 4
jne short loc_fffa32ed  ; jne 0xfffa32ed
and ebx, 0xf

loc_fffa3346:  ; not directly referenced
mov cl, byte [ebp - 0xf4]
mov eax, ebx
or eax, 0x40
mov edx, dword [ebp - 0xf8]
test cl, cl
cmovne ebx, eax
mov eax, dword [ebp + 8]
add edx, 0x1220
mov ecx, ebx
and ebx, 0xf
call fcn_fffb3381  ; call 0xfffb3381
mov byte [edi + 0xfce], bl

loc_fffa3375:  ; not directly referenced
inc esi
add edi, 0x13c3
add dword [ebp - 0xe4], 0x54a
cmp esi, 2
jne loc_fffa31eb  ; jne 0xfffa31eb
cmp dword [ebp - 0x80], 1
mov ebx, 0x3620
sbb eax, eax
xor edi, edi
mov dword [ebp - 0xa8], eax
and byte [ebp - 0xa8], 0xfa
add byte [ebp - 0xa8], 7
mov eax, dword [ebp - 0xa8]
and eax, 0x1f
mov dword [ebp - 0xec], eax

loc_fffa33bf:  ; not directly referenced
mov eax, dword [ebp + 8]
movzx eax, byte [eax + 0x248e]
bt eax, edi
jb short loc_fffa33dc  ; jb 0xfffa33dc

loc_fffa33ce:  ; not directly referenced
inc edi
add ebx, 4
cmp edi, 4
jne short loc_fffa33bf  ; jne 0xfffa33bf
jmp near loc_fffa34d3  ; jmp 0xfffa34d3

loc_fffa33dc:  ; not directly referenced
mov ecx, dword [ebp - 0xec]
lea edx, [ebx - 0x20]
mov eax, dword [ebp + 8]
shl ecx, 0xf
or ecx, 0x2004040
call fcn_fffb38b3  ; call 0xfffb38b3
mov eax, dword [ebp + 8]
lea edx, [ebx - 0x10]
mov ecx, 0x88888888
call fcn_fffb38b3  ; call 0xfffb38b3
mov eax, dword [ebp + 8]
mov edx, ebx
cmp byte [ebp - 0x6c], 1
sbb esi, esi
and esi, 0xf00000
add esi, 0x2c08060
mov ecx, esi
call fcn_fffb38b3  ; call 0xfffb38b3
mov eax, dword [ebp + 8]
lea edx, [ebx + 0x10]
mov ecx, 0x88888888
shr esi, 0x14
and esi, 0x3f
call fcn_fffb38b3  ; call 0xfffb38b3
mov ecx, dword [ebp + 8]
imul eax, edi, 0x12
lea edx, [edi + edi*8]
mov byte [ebp - 0xe4], 2
lea eax, [ecx + eax + 0x3757]
lea edx, [ecx + edx + 0x3757]
mov dword [ebp - 0x94], eax

loc_fffa345e:  ; not directly referenced
xor eax, eax

loc_fffa3460:  ; not directly referenced
mov ecx, dword [ebp - 0x94]
mov word [ecx + eax*2 + 0x169], 0x60
mov word [ecx + eax*2 + 0x121], 0x40
mov ecx, esi
mov byte [edx + eax + 0x24d], cl
mov ecx, dword [ebp - 0x94]
mov word [ecx + eax*2 + 0x1b1], 0x40
mov cl, byte [ebp - 0xa8]
mov byte [edx + eax + 0x104a], 0x20
mov byte [edx + eax + 0x106e], 0x20
mov byte [edx + eax + 0x1026], cl
inc eax
cmp eax, 9
jne short loc_fffa3460  ; jne 0xfffa3460
add dword [ebp - 0x94], 0x13c3
add edx, 0x13c3
dec byte [ebp - 0xe4]
jne short loc_fffa345e  ; jne 0xfffa345e
jmp near loc_fffa33ce  ; jmp 0xfffa33ce

loc_fffa34d3:  ; not directly referenced
mov eax, dword [ebp + 8]
xor ecx, ecx
mov edx, 0x3648
call fcn_fffb38b3  ; call 0xfffb38b3
mov eax, dword [ebp + 8]
mov edx, 0x88888888
call fcn_fffac864  ; call 0xfffac864
mov eax, dword [ebp + 8]
mov edx, 0x3670
cmp dword [eax + 0x188b], 1
mov eax, 0x367c
cmove edx, eax
mov eax, dword [ebp + 8]
xor ecx, ecx
call fcn_fffb38b3  ; call 0xfffb38b3
mov eax, dword [ebp + 8]
mov edx, 0x365c
cmp dword [eax + 0x188b], 1
mov eax, 0x3668
cmove edx, eax
mov eax, dword [ebp + 8]
xor ecx, ecx
call fcn_fffb38b3  ; call 0xfffb38b3
mov al, byte [ebp - 0x74]
and eax, 1
mov edi, eax
mov byte [ebp - 0x94], al
mov al, byte [ebp - 0x98]
and edi, 1
shl edi, 0x13
and eax, 1
mov byte [ebp - 0xe4], al
and eax, 1
shl eax, 0x1a
or edi, eax
cmp dword [ebp - 0x78], 0
je short loc_fffa3580  ; je 0xfffa3580
mov bl, byte [ebp - 0x84]
or edi, 0x10000000
mov eax, edi
or eax, 0x80000000
test bl, bl
cmovne edi, eax
or edi, 0x40000000

loc_fffa3580:  ; not directly referenced
mov bl, byte [ebp - 0x82]
mov eax, edi
mov edx, 0x3674
or ah, 1
test bl, bl
cmovne edi, eax
mov eax, dword [ebp + 8]
mov ecx, edi
cmp dword [eax + 0x188b], 1
mov eax, 0x3680
cmove edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb38b3  ; call 0xfffb38b3
mov eax, dword [ebp + 8]
cmp byte [eax + 0x190a], 1
mov eax, dword [ebp - 0xc8]
sbb esi, esi
not esi
and eax, 7
and esi, 0x40
shl eax, 0xa
or esi, eax
or esi, 0x7efc010
cmp dword [ebp - 0x78], 0
je short loc_fffa35f4  ; je 0xfffa35f4
cmp byte [ebp - 0x6c], 0
je short loc_fffa35f4  ; je 0xfffa35f4
mov eax, dword [ebp + 8]
movzx eax, byte [eax + 0x1922]
and eax, 7
shl eax, 0x1b
or esi, eax

loc_fffa35f4:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 0x3660
mov ecx, esi
cmp dword [eax + 0x188b], 1
mov eax, 0x366c
cmove edx, eax
mov eax, dword [ebp + 8]
xor ebx, ebx
call fcn_fffb38b3  ; call 0xfffb38b3
cmp byte [ebp - 0x81], 0
je short loc_fffa3632  ; je 0xfffa3632
cmp dword [ebp - 0x78], 1
sbb ebx, ebx
and ebx, 0xfffffe80
add ebx, 0x3f180

loc_fffa3632:  ; not directly referenced
cmp byte [ebp - 0x6c], 0
je short loc_fffa3692  ; je 0xfffa3692
mov eax, ebx
mov ecx, dword [ebp - 0x70]
and eax, 0xe3fc01ff
or eax, 0x3f000
mov ebx, eax
or eax, 0x10000000
or ebx, 0x12400000
cmp byte [ecx + 0x1c5], 0
mov ecx, dword [ebp + 8]
cmove ebx, eax
mov eax, ebx
or eax, 0x80000
cmp byte [ecx + 0x240d], 0
cmovne ebx, eax
cmp dword [ebp - 0x78], 0
je short loc_fffa3680  ; je 0xfffa3680
or ebx, 0x180
jmp short loc_fffa3692  ; jmp 0xfffa3692

loc_fffa3680:  ; not directly referenced
mov ecx, dword [ebp - 0xe0]
mov eax, ebx
or eax, 0x300000
test ecx, ecx
cmovne ebx, eax

loc_fffa3692:  ; not directly referenced
mov eax, dword [ebp - 0x70]
mov dword [ebp - 0x74], 0
add eax, 0x1c
mov dword [ebp - 0xc8], eax

loc_fffa36a5:  ; not directly referenced
imul eax, dword [ebp - 0x74], 0x13c3
mov ecx, dword [ebp + 8]
cmp dword [ecx + eax + 0x3757], 2
je short loc_fffa36d1  ; je 0xfffa36d1

loc_fffa36b9:  ; not directly referenced
inc dword [ebp - 0x74]
add dword [ebp - 0xc8], 0xcc
cmp dword [ebp - 0x74], 2
jne short loc_fffa36a5  ; jne 0xfffa36a5
jmp near loc_fffa3791  ; jmp 0xfffa3791

loc_fffa36d1:  ; not directly referenced
mov eax, dword [ebp - 0xc8]
mov byte [ebp - 0xa8], 0
mov dword [eax], edi
mov eax, dword [ebp - 0x74]
movzx eax, byte [ebp + eax - 0x5a]
lea eax, [eax + eax - 6]
movzx eax, al
mov dword [ebp - 0xf4], eax

loc_fffa36f5:  ; not directly referenced
mov ecx, dword [ebp + 8]
mov al, byte [ebp - 0xa8]
cmp al, byte [ecx + 0x2489]
jae short loc_fffa36b9  ; jae 0xfffa36b9
movzx eax, byte [ebp - 0xa8]
and ebx, 0xffffffe0
mov edx, dword [ebp - 0xc8]
mov ecx, eax
lea eax, [edx + eax*4]
mov edx, dword [ebp - 0x74]
mov dword [eax + 0x54], 0
mov dword [eax + 0x78], 0
mov dword [ebp - 0xec], eax
mov dword [eax + 4], esi
mov eax, dword [ebp + 8]
mov dword [ebp - 0x98], ecx
call fcn_fffa71bc  ; call 0xfffa71bc
mov ecx, dword [ebp - 0x98]
mov dword [ebp - 0xe0], eax
movzx eax, byte [ebp + ecx - 0x31]
mov ecx, dword [ebp + 8]
imul eax, dword [ebp - 0xf4]
movzx ecx, byte [ecx + 0x2489]
cdq
idiv ecx
mov edx, dword [ebp - 0xe0]
and eax, 0x1f
or ebx, eax
mov eax, dword [ebp + 8]
mov ecx, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp - 0xec]
inc byte [ebp - 0xa8]
mov dword [eax + 0x28], ebx
jmp near loc_fffa36f5  ; jmp 0xfffa36f5

loc_fffa3791:  ; not directly referenced
mov edi, dword [ebp - 0x7c]
mov eax, edi
movzx ebx, di
sub ax, 0x3b6
mov word [ebp - 0xc8], ax
movzx eax, ax
mov dword [ebp - 0xec], eax
imul eax, eax, 0xc0
cdq
idiv ebx
sub eax, 0x14
mov word [ebp - 0xf4], ax
movzx eax, ax
add eax, 0x4d8140
cmp byte [ebp - 0x81], 0
mov dword [ebp - 0x74], eax
je short loc_fffa37e3  ; je 0xfffa37e3
mov ecx, eax
mov eax, dword [ebp + 8]
mov edx, 0x366c
call fcn_fffb38b3  ; call 0xfffb38b3

loc_fffa37e3:  ; not directly referenced
cmp byte [ebp - 0x82], 0
je short loc_fffa37fc  ; je 0xfffa37fc
mov ecx, dword [ebp - 0x74]
mov edx, 0x306c
mov eax, dword [ebp + 8]
call fcn_fffb38b3  ; call 0xfffb38b3

loc_fffa37fc:  ; not directly referenced
cmp byte [ebp - 0x6c], 0
je short loc_fffa3846  ; je 0xfffa3846
mov ecx, dword [ebp - 0x74]
mov eax, dword [ebp - 0x8c]
and ch, 0x3f
cmp eax, 0x306d0
je short loc_fffa3830  ; je 0xfffa3830
cmp dword [ebp - 0xe8], 0
setne dl
cmp eax, 0x40670
sete al
test dl, al
jne short loc_fffa3830  ; jne 0xfffa3830
or ch, 0x40
jmp short loc_fffa3833  ; jmp 0xfffa3833

loc_fffa3830:  ; not directly referenced
or ch, 0x50

loc_fffa3833:  ; not directly referenced
mov dword [ebp - 0x74], ecx
mov eax, dword [ebp + 8]
mov edx, 0x3678
mov ecx, dword [ebp - 0x74]
call fcn_fffb38b3  ; call 0xfffb38b3

loc_fffa3846:  ; not directly referenced
mov eax, dword [ebp - 0x74]
mov edx, 0x3a24
mov esi, ref_fffd358c  ; mov esi, 0xfffd358c
shl ebx, 7
lea edi, [ebp - 0x28]
mov ecx, eax
mov dword [ebp - 0xfc], eax
mov eax, dword [ebp + 8]
call fcn_fffb38b3  ; call 0xfffb38b3
mov eax, dword [ebp + 8]
mov ecx, 4
mov byte [ebp - 0xa8], 0
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
xor esi, esi
movzx eax, word [eax + 0x1904]
imul eax, eax, 0x2ee00
cdq
idiv ebx
sub ax, 0x3e8
mov word [ebp - 0xe8], ax
mov eax, 0x3e8

loc_fffa389c:  ; not directly referenced
mov edi, dword [ebp - 0xe8]
mov ebx, esi
xor edx, edx
sub di, word [ebp + esi*2 - 0x28]
mov byte [ebp - 0xe0], bl
mov ebx, eax
mov byte [ebp - 0x98], cl
mov word [ebp - 0xf8], di

loc_fffa38c0:  ; not directly referenced
mov eax, dword [ebp - 0xf8]
mov cl, dl
sub ax, word [ebp + edx*2 - 0x28]
mov edi, eax
sar di, 0xf
xor eax, edi
sub eax, edi
cmp bx, ax
jg short loc_fffa38e6  ; jg 0xfffa38e6
mov cl, byte [ebp - 0x98]
mov eax, ebx
jmp short loc_fffa38f2  ; jmp 0xfffa38f2

loc_fffa38e6:  ; not directly referenced
mov bl, byte [ebp - 0xe0]
mov byte [ebp - 0xa8], bl

loc_fffa38f2:  ; not directly referenced
inc edx
cmp edx, 8
je short loc_fffa3902  ; je 0xfffa3902
mov byte [ebp - 0x98], cl
mov ebx, eax
jmp short loc_fffa38c0  ; jmp 0xfffa38c0

loc_fffa3902:  ; not directly referenced
inc esi
cmp esi, 8
jne short loc_fffa389c  ; jne 0xfffa389c
xor eax, eax
cmp byte [ebp - 0x6c], 0
je short loc_fffa3919  ; je 0xfffa3919
mov ax, 0xb40
xor edx, edx
div dword [ebp - 0x7c]

loc_fffa3919:  ; not directly referenced
cmp byte [ebp - 0x81], 0
je short loc_fffa3930  ; je 0xfffa3930
mov edx, eax
shl edx, 0x12
lea edi, [edx + 0x2051c]
mov dword [ebp - 0x74], edi

loc_fffa3930:  ; not directly referenced
cmp byte [ebp - 0x82], 0
jne short loc_fffa3943  ; jne 0xfffa3943
cmp byte [ebp - 0x6c], 0
je loc_fffa39ca  ; je 0xfffa39ca

loc_fffa3943:  ; not directly referenced
mov edi, dword [ebp - 0xa8]
shl eax, 0x12
lea ecx, [ecx + edi*8]
movzx ecx, cl
shl ecx, 0xc
add ecx, eax
cmp byte [ebp - 0x6c], 0
je short loc_fffa39c1  ; je 0xfffa39c1
xor eax, eax
xor ebx, ebx
xor esi, esi

loc_fffa3963:  ; not directly referenced
mov edi, dword [ebp + 8]
cmp dword [edi + eax + 0x1973], 0
jne short loc_fffa397c  ; jne 0xfffa397c
cmp byte [edi + eax + 0x1be9], 1
adc bl, 0
inc esi

loc_fffa397c:  ; not directly referenced
mov edi, dword [ebp + 8]
cmp dword [edi + eax + 0x1bea], 0
jne short loc_fffa3995  ; jne 0xfffa3995
cmp byte [edi + eax + 0x1e60], 1
adc bl, 0
inc esi

loc_fffa3995:  ; not directly referenced
add eax, 0x54a
cmp eax, 0xa94
jne short loc_fffa3963  ; jne 0xfffa3963
mov eax, esi
cmp al, bl
sete al
or eax, dword [ebp - 0xdc]
cmp al, 1
sbb edx, edx
and edx, 4
lea eax, [edx + ecx + 0x518]
mov dword [ebp - 0x74], eax
jmp short loc_fffa39ce  ; jmp 0xfffa39ce

loc_fffa39c1:  ; not directly referenced
lea eax, [ecx + 0x53f]
mov dword [ebp - 0x74], eax

loc_fffa39ca:  ; not directly referenced
xor ebx, ebx
xor esi, esi

loc_fffa39ce:  ; not directly referenced
cmp byte [ebp - 0x81], 0
je short loc_fffa39e7  ; je 0xfffa39e7
mov ecx, dword [ebp - 0x74]
mov edx, 0xf68
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa39e7:  ; not directly referenced
cmp byte [ebp - 0x82], 0
je short loc_fffa3a00  ; je 0xfffa3a00
mov ecx, dword [ebp - 0x74]
mov edx, 0xf6c
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa3a00:  ; not directly referenced
cmp byte [ebp - 0x6c], 0
je short loc_fffa3a16  ; je 0xfffa3a16
mov ecx, dword [ebp - 0x74]
mov edx, 0xf74
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa3a16:  ; not directly referenced
mov eax, dword [ebp - 0x94]
mov cl, 3
and eax, 1
shl eax, 0x1a
or eax, 0xe00000
cmp byte [ebp - 0x6c], 0
je short loc_fffa3a41  ; je 0xfffa3a41
mov ecx, esi
cmp cl, bl
sete cl
or ecx, dword [ebp - 0xdc]
neg ecx
add ecx, 3

loc_fffa3a41:  ; not directly referenced
mov ebx, ecx
mov edx, 0x3678
and ebx, 3
shl ebx, 0x18
or ebx, eax
mov eax, dword [ebp + 8]
mov ecx, ebx
cmp dword [eax + 0x188b], 1
mov eax, 0x3684
cmove edx, eax
mov eax, dword [ebp + 8]
xor edi, edi
call fcn_fffb38b3  ; call 0xfffb38b3
mov eax, dword [ebp - 0x70]
mov dword [eax + 0x14], ebx
mov ebx, dword [ebp + 8]
mov dword [ebp - 0x74], eax
mov eax, dword [ebp - 0x94]
and eax, 1
mov dword [ebp - 0xdc], eax

loc_fffa3a89:  ; not directly referenced
cmp dword [ebx + 0x3757], 2
jne loc_fffa3cba  ; jne 0xfffa3cba
mov eax, dword [ebp - 0xdc]
lea edx, [edi + 0x1810]
mov ecx, dword [ebp - 0x78]
shl eax, 0x1b
mov esi, eax
or eax, 0x10
or esi, 0x20000010
test ecx, ecx
mov cl, byte [ebp - 0x6c]
cmove esi, eax
mov eax, esi
and eax, 0x7fffffff
test cl, cl
cmovne esi, eax
mov eax, dword [ebp + 8]
mov ecx, esi
call fcn_fffb3381  ; call 0xfffb3381
cmp byte [ebp - 0x6c], 0
mov dword [ebp - 0xa8], esi
je short loc_fffa3ae9  ; je 0xfffa3ae9
and esi, 0x7fffffbf
mov dword [ebp - 0xa8], esi

loc_fffa3ae9:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp byte [eax + 0x190a], 0
je short loc_fffa3b05  ; je 0xfffa3b05
or dword [ebp - 0xa8], 0x10000000
or esi, 0x10000000

loc_fffa3b05:  ; not directly referenced
or esi, 0x18000
cmp dword [ebp - 0x80], 1
lea edx, [edi + 0x320c]
setne al
and esi, 0xffff9fff
mov byte [ebp - 0x98], al
and eax, 1
shl eax, 0xd
or esi, eax
mov eax, dword [ebp + 8]
mov ecx, esi
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, dword [ebp - 0x74]
lea edx, [edi + 0x121c]
mov al, byte [ebp - 0x98]
mov byte [ecx + 0xd0], al
mov eax, dword [ebp + 8]
mov ecx, esi
and ecx, 0xffe1bfff
or ecx, 0x120000
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp - 0xa8]
lea edx, [edi + 0x1c1c]
mov esi, dword [ebp - 0x80]
and eax, 0xffe1ffff
or eax, 0x20000
mov ecx, eax
or eax, 0x100000
or ecx, 0x40100000
test esi, esi
cmove eax, ecx
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
lea edx, [edi + 0x3208]
cmp byte [ebp - 0x84], 0
je short loc_fffa3bb4  ; je 0xfffa3bb4
mov eax, dword [ebp + 8]
mov ecx, 0xc183060
call fcn_fffb3381  ; call 0xfffb3381
jmp short loc_fffa3bca  ; jmp 0xfffa3bca

loc_fffa3bb4:  ; not directly referenced
cmp byte [ebp - 0x82], 0
je short loc_fffa3bca  ; je 0xfffa3bca
mov eax, dword [ebp + 8]
mov ecx, 0x60
call fcn_fffb335b  ; call 0xfffb335b

loc_fffa3bca:  ; not directly referenced
mov eax, dword [ebp + 8]
lea edx, [edi + 0x1208]
mov ecx, 0xc183060
mov dword [ebx + 0x3870], 0x60
mov dword [ebx + 0x3868], 0x60
mov dword [ebx + 0x3874], 0x60
mov dword [ebx + 0x386c], 0x60
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
lea edx, [edi + 0x3418]
mov ecx, 0x8102040
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
lea edx, [edi + 0x180c]
mov ecx, 0x8102040
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
xor ecx, ecx
mov byte [ebx + 0x3998], 0x40
lea edx, [edi + 0x3204]
mov byte [ebx + 0x399c], 0x40
mov byte [ebx + 0x3999], 0x40
mov byte [ebx + 0x399d], 0x40
mov byte [ebx + 0x399a], 0x40
mov byte [ebx + 0x399e], 0x40
mov byte [ebx + 0x399b], 0x40
mov byte [ebx + 0x399f], 0x40
call fcn_fffb3381  ; call 0xfffb3381
cmp byte [ebp - 0x6c], 0
je short loc_fffa3c89  ; je 0xfffa3c89
mov eax, dword [ebp + 8]
lea edx, [edi + 0x1204]
xor ecx, ecx
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa3c89:  ; not directly referenced
mov esi, dword [ebp - 0x74]
lea edx, [edi + 0x3414]
xor ecx, ecx
mov eax, dword [ebp + 8]
mov dword [esi + 0x68], 0
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
lea edx, [edi + 0x1808]
mov dword [esi + 0x6c], 0
xor ecx, ecx
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa3cba:  ; not directly referenced
add edi, 0x100
add ebx, 0x13c3
add dword [ebp - 0x74], 0xcc
cmp edi, 0x200
jne loc_fffa3a89  ; jne 0xfffa3a89
mov al, byte [ebp - 0xe4]
mov edi, dword [ebp - 0x70]
shl eax, 3
cmp byte [ebp - 0x83], 0
mov dword [edi + 0xc], 0
mov byte [edi + 0xc], al
je short loc_fffa3d08  ; je 0xfffa3d08
mov eax, dword [ebp + 8]
cmp dword [eax + 0x187f], 1
jne short loc_fffa3d08  ; jne 0xfffa3d08
mov byte [ebp - 0x35], 0x3c

loc_fffa3d08:  ; not directly referenced
cmp dword [ebp - 0x8c], 0x306d0
mov bl, byte [ebp - 0x81]
sete al
or bl, al
je short loc_fffa3d3b  ; je 0xfffa3d3b
mov eax, dword [ebp - 0x70]
mov byte [ebp - 0x40], 0x28
mov byte [ebp - 0x36], 0x28
mov byte [ebp - 0x3c], 0x28
cmp byte [eax + 0x1c5], 0
je short loc_fffa3d3b  ; je 0xfffa3d3b
mov byte [ebp - 0x35], 0x20

loc_fffa3d3b:  ; not directly referenced
mov edi, 0xc
xor ebx, ebx

loc_fffa3d42:  ; not directly referenced
movzx ecx, byte [ebp + ebx - 0x40]
movzx edx, byte [ebp + ebx - 0x36]
movzx eax, byte [ebp + ebx - 0x45]
mov esi, ecx
sub esi, edx
add ecx, edx
imul eax, esi
add ecx, ecx
cdq
idiv ecx
cmp bl, 1
jne short loc_fffa3da5  ; jne 0xfffa3da5
mov esi, dword [ebp - 0x70]
cmp ax, 0xfff0
mov ecx, 0xfffffff0
cmovge ecx, eax
mov edx, 0xf
cmp cx, 0xf
cmovle edx, ecx
mov al, byte [esi + 0xd]
mov ecx, edx
and ecx, 1
shl ecx, 7
shr dx, 1
and eax, 0x7f
and edx, 0xf
or eax, ecx
mov byte [esi + 0xd], al
mov al, byte [esi + 0xe]
and eax, 0xfffffff0
or eax, edx
mov byte [esi + 0xe], al
jmp short loc_fffa3de2  ; jmp 0xfffa3de2

loc_fffa3da5:  ; not directly referenced
cmp ax, 0xfff8
mov esi, 0xfffffff8
cmovl eax, esi
mov esi, 7
cmp ax, 7
cmovg eax, esi
test bl, bl
jne short loc_fffa3dd7  ; jne 0xfffa3dd7
mov esi, dword [ebp - 0x70]
and eax, 0xf
shl eax, 3
mov dl, byte [esi + 0xd]
and edx, 0xffffff87
or edx, eax
mov byte [esi + 0xd], dl
jmp short loc_fffa3de2  ; jmp 0xfffa3de2

loc_fffa3dd7:  ; not directly referenced
mov esi, dword [ebp - 0x70]
cwde
mov ecx, edi
shl eax, cl
or dword [esi + 0xc], eax

loc_fffa3de2:  ; not directly referenced
inc ebx
add edi, 4
cmp ebx, 5
jne loc_fffa3d42  ; jne 0xfffa3d42
mov eax, dword [ebp - 0x70]
mov edx, 0x3a14
mov ecx, dword [eax + 0xc]
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
mov ebx, dword [ebp - 0x94]
and ebx, 1
shl ebx, 0x19
and ebx, 0xfeffffff
cmp byte [ebp - 0x6c], 0
je short loc_fffa3e2e  ; je 0xfffa3e2e
mov eax, dword [ebp - 0xd8]
or ebx, 0x20000000
and eax, 1
shl eax, 0x1a
or ebx, eax

loc_fffa3e2e:  ; not directly referenced
imul eax, dword [ebp - 0x88], 0x2e
add eax, dword [ebp + 8]
cmp word [eax + 0x375f], 2
jne short loc_fffa3e70  ; jne 0xfffa3e70

loc_fffa3e42:  ; not directly referenced
mov eax, 1
mov edx, 2

loc_fffa3e4c:  ; not directly referenced
imul ecx, dword [ebp - 0x88], 0x2e
add ecx, dword [ebp + 8]
mov word [ecx + 0x375f], dx
lea edx, [eax + 1]
dec eax
mov word [ecx + 0x4b22], dx
jne short loc_fffa3e83  ; jne 0xfffa3e83
mov byte [ebp - 0x48], 0x59
jmp short loc_fffa3e83  ; jmp 0xfffa3e83

loc_fffa3e70:  ; not directly referenced
cmp word [eax + 0x4b22], 2
je short loc_fffa3e42  ; je 0xfffa3e42
xor eax, eax
mov edx, 1
jmp short loc_fffa3e4c  ; jmp 0xfffa3e4c

loc_fffa3e83:  ; not directly referenced
cmp dword [ebp - 0x78], 0
je short loc_fffa3e8d  ; je 0xfffa3e8d
mov byte [ebp - 0x48], 0x3f

loc_fffa3e8d:  ; not directly referenced
mov eax, dword [ebp + 8]
xor esi, esi
mov edi, 5
movzx eax, word [eax + 0x248a]
mov dword [ebp - 0x74], eax

loc_fffa3ea1:  ; not directly referenced
mov al, byte [ebp + esi - 0x49]
movzx ecx, al
shr al, 1
movzx eax, al
add eax, dword [ebp - 0x74]
mov byte [ebp - 0x78], cl
cdq
idiv ecx
lea ecx, [esi + esi*4]
cmp ax, 4
cmovbe eax, edi
cmp ax, 0x10
ja short loc_fffa3ecf  ; ja 0xfffa3ecf
mov dl, byte [ebp - 0x78]
cmp dl, byte [ebp + esi - 0x51]
jae short loc_fffa3ed8  ; jae 0xfffa3ed8

loc_fffa3ecf:  ; not directly referenced
shr ax, 1
movzx eax, ax
dec eax
jmp short loc_fffa3ede  ; jmp 0xfffa3ede

loc_fffa3ed8:  ; not directly referenced
movzx eax, ax
add eax, 0xf

loc_fffa3ede:  ; not directly referenced
shl eax, cl
inc esi
add ebx, eax
cmp esi, 4
jne short loc_fffa3ea1  ; jne 0xfffa3ea1
mov eax, dword [ebp + 8]
mov ecx, ebx
mov edx, 0x3a18
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp - 0x70]
xor ecx, ecx
cmp dword [ebp - 0x80], 0
mov dword [eax + 0x10], ebx
jne loc_fffa3fc2  ; jne 0xfffa3fc2
mov esi, dword [ebp - 0xc8]
mov eax, esi
lea ecx, [eax + 0x18]
movzx ecx, cx
imul eax, ecx, 0x64
sub ecx, 0xf
cdq
idiv ecx
call fcn_fffb38ee  ; call 0xfffb38ee
mov edi, dword [ebp + 8]
movzx ebx, word [edi + 0x248a]
movzx edi, word [edi + 0x1902]
movzx ecx, ax
imul ecx, ecx, 0x7d0
imul ebx, ebx, 0x7d0
mov eax, ebx
cdq
idiv ecx
movzx ecx, ax
mov eax, ecx
add ecx, 0x3e8
shl eax, 7
cdq
idiv ecx
mov ecx, edi
sub ecx, esi
sub ecx, 0x18
movzx ecx, cx
mov dword [ebp - 0x74], eax
imul eax, ecx, 0x64
sub ecx, 0xf
cdq
idiv ecx
call fcn_fffb38ee  ; call 0xfffb38ee
mov esi, eax
mov eax, 0x7080
cdq
movzx esi, si
idiv edi
imul esi, esi, 0x7d0
mov ecx, eax
mov eax, ebx
cdq
and ecx, 0x1f
idiv esi
shl ecx, 0xc
or ecx, 0x80000
movzx ebx, ax
mov eax, 0x1f400
add ebx, 0x3e8
cdq
idiv ebx
mov edx, dword [ebp - 0x74]
and eax, 0x3f
shl eax, 6
and edx, 0x3f
or ecx, eax
or ecx, edx
jmp near loc_fffa406f  ; jmp 0xfffa406f

loc_fffa3fc2:  ; not directly referenced
cmp byte [ebp - 0x6c], 0
je loc_fffa406f  ; je 0xfffa406f
mov eax, dword [ebp - 0x70]
cmp byte [eax + 0x1c5], 0
je short loc_fffa3fe7  ; je 0xfffa3fe7
mov eax, dword [ebp + 8]
mov ecx, 1
xor edx, edx
call fcn_fffb7663  ; call 0xfffb7663

loc_fffa3fe7:  ; not directly referenced
mov eax, dword [ebp + 8]
mov esi, 0x7f
movzx ecx, word [eax + 0x248a]
mov eax, 0xafc8
cdq
idiv ecx
mov ecx, 0x64
mov ebx, eax
mov eax, dword [ebp + 8]
movzx eax, word [eax + 0x1902]
sub eax, dword [ebp - 0xec]
cdq
idiv ecx
xor edx, edx
mov edi, eax
mov eax, dword [ebp - 0xc8]
div cx
movzx ecx, ax
mov eax, ecx
shr eax, 1
cmp dword [ebp - 0x7c], 0x547
cmovae ecx, eax
xor edx, edx
mov eax, ebx
div ecx
cmp eax, 0x7f
cmova eax, esi
xor edx, edx
mov ecx, eax
mov eax, ebx
div edi
and ecx, 0x7f
shl ecx, 0x11
cmp eax, 0x7f
cmovbe esi, eax
mov eax, dword [ebp - 0xfc]
or ecx, 0x27c0
and esi, 0x7f
shl esi, 0x18
or ecx, esi
and eax, 0x3f
or ecx, eax

loc_fffa406f:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 0x3a1c
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
mov edx, 0x2008
call fcn_fffb331f  ; call 0xfffb331f
mov edi, dword [ebp - 0x70]
mov edx, 0x2008
and eax, 0xfffffc20
or eax, 0x316
mov ecx, eax
mov dword [edi + 0x18], eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
xor ecx, ecx
mov edx, 0x2000
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
xor ecx, ecx
mov edx, 0x2004
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
mov edx, 0x42a0
movzx ecx, byte [eax + 0x381b]
call fcn_fffb335b  ; call 0xfffb335b
mov eax, dword [ebp + 8]
mov edx, 0x46a0
movzx ecx, byte [eax + 0x4bde]
call fcn_fffb335b  ; call 0xfffb335b
mov eax, dword [ebp + 8]
mov edx, 0x3a20
call fcn_fffb331f  ; call 0xfffb331f
mov ecx, 0x115
mov edx, 0x5f08
mov ebx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
mov edx, 0x96
call fcn_fffa82f9  ; call 0xfffa82f9
cmp dword [ebp - 0x80], 0
jne loc_fffa4264  ; jne 0xfffa4264
mov eax, dword [ebp + 8]
mov edx, 0x3644
and ebx, 0xf8ffffff
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x3644
and eax, 0x8fffffff
or eax, 0x20000000
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffb38b3  ; call 0xfffb38b3
mov eax, dword [ebp + 8]
mov edx, 0x3700
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x3700
and eax, 0xf8ffffff
or eax, 0x2000000
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffb38b3  ; call 0xfffb38b3
mov eax, dword [ebp + 8]
mov edx, 0x3810
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x3810
and eax, 0xf8ffffff
or eax, 0x2000000
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffb38b3  ; call 0xfffb38b3
mov eax, dword [ebp + 8]
mov edx, 0x3904
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x3904
and eax, 0xfc7fffff
or eax, 0x1000000
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffb38b3  ; call 0xfffb38b3
mov eax, dword [ebp + 8]
mov edx, 0x3a04
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x3a04
and eax, 0x8fffffff
or eax, 0x20000000
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
mov edx, 0x3a08
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x3a08
and eax, 0xf8ffffff
or eax, 0x2000000
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
mov edx, 0x3a0c
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x3a0c
and eax, 0xf0ffffff
or eax, 0x2000000
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
mov edx, 0x3a10
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x3a10
and eax, 0xf87fffff
or eax, 0x1000000
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
or ebx, 0x2000000
jmp short loc_fffa428c  ; jmp 0xfffa428c

loc_fffa4264:  ; not directly referenced
cmp byte [ebp - 0x6c], 0
je short loc_fffa428c  ; je 0xfffa428c
mov eax, dword [ebp - 0xf0]
sub eax, 2
cmp eax, 2
sbb eax, eax
and ebx, 0xf8ffffff
and eax, 4
add eax, 2
and eax, 6
shl eax, 0x18
or ebx, eax

loc_fffa428c:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ecx, ebx
mov edx, 0x3a20
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp - 0x70]
mov edx, 0x2008
mov ecx, dword [eax + 0x18]
mov eax, dword [ebp + 8]
or ecx, 0x20
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
mov edx, 0x3a04
call fcn_fffb331f  ; call 0xfffb331f
cmp dword [ebp - 0x80], 0
jne short loc_fffa42ce  ; jne 0xfffa42ce
mov ecx, eax
shr ecx, 9
and ecx, 0x3f
jmp short loc_fffa42db  ; jmp 0xfffa42db

loc_fffa42ce:  ; not directly referenced
cmp byte [ebp - 0x6c], 0
je short loc_fffa42e0  ; je 0xfffa42e0
mov edi, eax
shr edi, 0x1a
mov ecx, edi

loc_fffa42db:  ; not directly referenced
and eax, 0x3f
jmp short loc_fffa42e4  ; jmp 0xfffa42e4

loc_fffa42e0:  ; not directly referenced
xor eax, eax
xor ecx, ecx

loc_fffa42e4:  ; not directly referenced
mov edi, dword [ebp - 0x70]
sub ecx, eax
mov eax, ecx
and eax, 0x3f
shl eax, 4
mov edx, dword [edi + 0xc]
and edx, 0xfffffc0f
or edx, eax
mov ecx, edx
or ch, 4
cmp byte [ebp - 0x6c], 0
je short loc_fffa4320  ; je 0xfffa4320
mov ecx, edx
xor eax, eax
or ecx, 0x404
cmp dword [ebp - 0x7c], 0x546
seta al
and ecx, 0xfffffffe
or ecx, eax

loc_fffa4320:  ; not directly referenced
mov eax, dword [ebp - 0x70]
mov edx, 0x3a14
mov dword [eax + 0xc], ecx
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
cmp byte [ebp - 0x6c], 0
je loc_fffa4589  ; je 0xfffa4589
mov eax, dword [ebp + 8]
mov edx, 0x3658
mov ecx, 0x80000000
mov esi, 0xc0
cmp dword [eax + 0x188b], 1
mov eax, 0x3664
cmove edx, eax
mov eax, dword [ebp + 8]
xor ebx, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
mov ecx, 0x2000000
mov edx, 0x3824
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
mov ecx, 0x2000000
mov edx, 0x3914
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
mov ecx, 0x2000000
mov edx, 0x3724
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
xor ecx, ecx
mov edx, 0x3688
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa43ad:  ; not directly referenced
mov eax, ebx
mov edi, esi
and eax, 7
and edi, 0xffff0fff
shl eax, 0xd
mov edx, 0xd8c
or edi, eax
mov eax, dword [ebp + 8]
mov ecx, edi
mov esi, edi
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, edi
mov edx, 0xc8c
cmp dword [ebp - 0x90], 0
je short loc_fffa43e5  ; je 0xfffa43e5
mov edx, 0x58c

loc_fffa43e5:  ; not directly referenced
mov eax, dword [ebp + 8]
inc ebx
and ebx, 7
call fcn_fffb3381  ; call 0xfffb3381
cmp bl, 6
jne short loc_fffa43ad  ; jne 0xfffa43ad
and edi, 0xfffffe0f
xor ebx, ebx
mov esi, edi
or esi, 0x80

loc_fffa4406:  ; not directly referenced
mov eax, ebx
mov edi, esi
and eax, 7
and edi, 0xffff0fff
shl eax, 0xd
or edi, eax
cmp dword [ebp - 0x90], 0
mov esi, edi
mov ecx, edi
jne short loc_fffa443b  ; jne 0xfffa443b
mov eax, dword [ebp + 8]
mov edx, 0x58c
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, edi
mov edx, 0x48c
jmp short loc_fffa444f  ; jmp 0xfffa444f

loc_fffa443b:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 0x98c
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, edi
mov edx, 0x18c

loc_fffa444f:  ; not directly referenced
mov eax, dword [ebp + 8]
inc ebx
and ebx, 7
call fcn_fffb3381  ; call 0xfffb3381
cmp bl, 6
jne short loc_fffa4406  ; jne 0xfffa4406
mov ebx, edi
and edi, 0xffffe60f
mov esi, edi
xor edi, edi
shr ebx, 0x10
or esi, 0x40
and ebx, 1

loc_fffa4475:  ; not directly referenced
mov eax, edi
and esi, 0xffff0fff
and eax, 7
shl eax, 0xd
mov dword [ebp - 0x6c], esi
or dword [ebp - 0x6c], eax
mov esi, dword [ebp - 0x6c]
cmp dword [ebp - 0x90], 0
mov ecx, esi
jne short loc_fffa44ad  ; jne 0xfffa44ad
mov eax, dword [ebp + 8]
mov edx, 0x78c
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, esi
mov edx, 0x68c
jmp short loc_fffa44c1  ; jmp 0xfffa44c1

loc_fffa44ad:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 0xb8c
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, esi
mov edx, 0x38c

loc_fffa44c1:  ; not directly referenced
mov eax, dword [ebp + 8]
inc edi
and edi, 7
call fcn_fffb3381  ; call 0xfffb3381
mov eax, edi
cmp al, 6
jne short loc_fffa4475  ; jne 0xfffa4475
mov eax, dword [ebp - 0x6c]
mov ecx, dword [ebp + 8]
shr eax, 0x10
and eax, 1
cmp al, 1
mov eax, 0x10000
sbb bl, 0xff
xor esi, esi
cmp byte [ecx + 0x2410], 0
cmovne esi, eax
cmp dword [ebp - 0x90], 0
mov edi, esi
mov ecx, esi
jne short loc_fffa4518  ; jne 0xfffa4518
mov eax, dword [ebp + 8]
mov edx, 0x38c
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, esi
mov edx, 0x88c
jmp short loc_fffa452c  ; jmp 0xfffa452c

loc_fffa4518:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 0xa8c
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, esi
mov edx, 0x48c

loc_fffa452c:  ; not directly referenced
mov eax, dword [ebp + 8]
shr esi, 0x10
call fcn_fffb3381  ; call 0xfffb3381
mov eax, esi
mov edx, 0x3920
and eax, 1
mov ecx, edi
cmp al, 1
mov eax, dword [ebp + 8]
sbb bl, 0xff
call fcn_fffb3381  ; call 0xfffb3381
mov eax, edi
shr eax, 0x10
add bl, al
setne dl
cmp word [ebp - 0xf4], 0xf
setbe al
test dl, al
je short loc_fffa4589  ; je 0xfffa4589
mov eax, dword [ebp + 8]
mov edx, 0x78
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x3678
and eax, 0xffffffc0
lea ecx, [eax + 0x10]
mov eax, dword [ebp + 8]
call fcn_fffb38b3  ; call 0xfffb38b3

loc_fffa4589:  ; not directly referenced
mov eax, dword [ebp - 0x7c]
cmp eax, 0x4b0
je short loc_fffa459d  ; je 0xfffa459d
cmp eax, 0x546
sete cl
jmp short loc_fffa45b1  ; jmp 0xfffa45b1

loc_fffa459d:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x2481], 2
sete cl
lea ecx, [ecx*4 + 3]

loc_fffa45b1:  ; not directly referenced
mov eax, dword [ebp + 8]
and ecx, 7
mov edx, 0x58a4
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
mov dword [ebp - 0x6c], 0
mov eax, dword [eax + 0x2481]
mov dword [ebp - 0x80], eax
mov eax, dword [ebp + 8]
add eax, 0x3757
mov dword [ebp - 0x88], eax
mov dword [ebp - 0x70], eax
mov eax, dword [ebp + 8]
add eax, 0x244c
mov dword [ebp - 0x78], eax

loc_fffa45f0:  ; not directly referenced
mov eax, dword [ebp - 0x70]
cmp dword [eax], 2
jne loc_fffa505e  ; jne 0xfffa505e
mov edi, dword [ebp + 8]
imul eax, dword [ebp - 0x6c], 0xcc
mov edx, dword [edi + 0x5edd]
lea eax, [edx + eax + 0x1c]
imul edx, dword [edi + 0x18a7], 0x2e
mov edi, dword [ebp - 0x70]
lea edx, [edi + edx + 4]
movzx ebx, word [edx + 8]
movzx ecx, word [edx + 0x26]
mov dword [eax + 0x9c], 0
lea edi, [ebx + ecx + 4]
mov cx, word [edx + 0x10]
mov bl, 0x1f
mov esi, ecx
and esi, 0x1f
cmp cx, 0x1f
mov cl, byte [eax + 0x9c]
cmova esi, ebx
and ecx, 0xffffffe0
or ecx, esi
mov byte [eax + 0x9c], cl
movzx esi, byte [edx + 0x1a]
and esi, 0x1f
cmp word [edx + 0x1a], 0x1f
cmovbe ebx, esi
and ecx, 0x1f
mov esi, ebx
shl esi, 5
or ecx, esi
mov byte [eax + 0x9c], cl
mov cl, byte [eax + 0x9d]
shr bl, 3
and ecx, 0xfffffffc
or ecx, ebx
mov bl, 0x3f
mov byte [eax + 0x9d], cl
movzx esi, byte [edx + 0xc]
and esi, 0x3f
cmp word [edx + 0xc], 0x3f
cmovbe ebx, esi
and ecx, 3
shl ebx, 2
mov esi, 0xf
or ecx, ebx
mov byte [eax + 0x9d], cl
mov cx, word [edx + 0x24]
mov bl, cl
and ebx, 0xf
cmp cx, 0xf
cmova ebx, esi
mov ecx, 0x3f
cmp edi, 0x3f
cmovbe ecx, edi
mov edi, ecx
shl edi, 4
or ebx, edi
mov byte [eax + 0x9e], bl
mov bl, byte [eax + 0x9f]
shr ecx, 4
and ecx, 3
and ebx, 0xfffffffc
or ebx, ecx
mov byte [eax + 0x9f], bl
mov di, word [edx + 0x1e]
mov ecx, edi
and ecx, 0xf
cmp di, 0xf
mov edi, dword [ebp + 8]
cmovbe esi, ecx
and ebx, 0xffffffc3
shl esi, 2
or ebx, esi
mov byte [eax + 0x9f], bl
cmp dword [edi + 0x2481], 3
jne short loc_fffa473a  ; jne 0xfffa473a
movzx esi, word [edx + 0x1a]
movzx ecx, word [edx + 0x1c]
sub ecx, esi
mov esi, 3
cmp ecx, 3
cmovg ecx, esi
and ebx, 0x3f
shl ecx, 6
or ebx, ecx
mov byte [eax + 0x9f], bl

loc_fffa473a:  ; not directly referenced
mov edi, dword [ebp + 8]
cmp dword [edi + 0x2481], 2
jne short loc_fffa476c  ; jne 0xfffa476c
mov cx, word [edx + 0x22]
mov dl, 0xf
mov bl, cl
and ebx, 0xf
cmp cx, 0xf
mov cl, byte [eax + 0x9f]
cmovbe edx, ebx
shl edx, 2
and ecx, 0xffffffc3
or ecx, edx
mov byte [eax + 0x9f], cl

loc_fffa476c:  ; not directly referenced
mov esi, dword [ebp - 0x6c]
mov ecx, dword [eax + 0x9c]
mov eax, dword [ebp + 8]
mov edi, esi
add edi, 0x10
shl edi, 0xa
mov edx, edi
call fcn_fffb3381  ; call 0xfffb3381
imul eax, esi, 0xcc
mov esi, dword [ebp + 8]
mov edx, dword [esi + 0x5edd]
lea ecx, [edx + eax + 0x1c]
imul eax, dword [esi + 0x18a7], 0x2e
mov esi, dword [ebp - 0x70]
lea ebx, [esi + eax + 4]
mov esi, 0x1f
movzx eax, word [ebx + 6]
mov dword [ebp - 0x7c], eax
movzx eax, word [ebx + 8]
sub dword [ebp - 0x7c], eax
mov eax, dword [ebp + 8]
cmp dword [eax + 0x2481], 2
mov dword [ecx + 0xac], 0
mov dx, word [ebx + 8]
sete byte [ebp - 0x90]
mov al, dl
and eax, 0x1f
cmp dx, 0x1f
cmova eax, esi
mov byte [ebp - 0x81], al
mov dl, al
shl eax, 5
mov byte [ebp - 0x8c], al
mov al, byte [ecx + 0xac]
mov byte [ebp - 0x74], al
mov al, byte [ebp - 0x8c]
and byte [ebp - 0x74], 0x1f
or byte [ebp - 0x74], al
mov al, byte [ebp - 0x74]
mov byte [ecx + 0xac], al
mov al, dl
shr al, 3
mov dl, al
mov al, byte [ecx + 0xad]
and eax, 0xfffffffc
or eax, edx
mov byte [ecx + 0xad], al
mov dl, byte [ebx + 6]
and edx, 0x1f
cmp word [ebx + 6], 0x1f
cmovbe esi, edx
mov dl, byte [ebp - 0x74]
and eax, 0xffffffc3
and edx, 0xffffffe0
or edx, esi
mov esi, dword [ebp - 0x90]
mov byte [ecx + 0xac], dl
lea edx, [esi*8 + 4]
mov esi, dword [ebp - 0x7c]
and edx, 0xc
or eax, edx
mov edx, 7
or eax, 0x10
cmp esi, 7
cmovbe edx, esi
and eax, 0x3f
mov esi, edx
shl esi, 6
or eax, esi
mov byte [ecx + 0xad], al
mov al, byte [ecx + 0xae]
shr edx, 2
and edx, 1
and eax, 0xfffffffe
or eax, edx
mov byte [ecx + 0xae], al
mov eax, dword [ebp + 8]
cmp dword [eax + 0x2481], 3
jne loc_fffa496e  ; jne 0xfffa496e
cmp byte [eax + 0x240a], 0
je short loc_fffa48b7  ; je 0xfffa48b7
or byte [ecx + 0xaf], 2

loc_fffa48b7:  ; not directly referenced
mov dl, byte [ebp - 0x81]
mov al, byte [ecx + 0xac]
add edx, 0x1f
and edx, 0x1f
and eax, 0x1f
mov esi, edx
shl esi, 5
or eax, esi
mov byte [ecx + 0xac], al
mov al, byte [ecx + 0xad]
shr dl, 3
and eax, 0xfffffff0
or eax, edx
xor edx, edx
or eax, 8
mov byte [ecx + 0xad], al
mov eax, dword [ebp + 8]
movzx esi, word [ebx + 8]
movzx eax, word [eax + 0x248a]
dec esi
add eax, eax
mov ebx, eax
add eax, 0xdab
div ebx
mov dword [ebp - 0x74], ebx
mov bl, byte [ecx + 0xae]
sub esi, eax
mov eax, 7
cmp esi, 7
cmova esi, eax
xor edx, edx
mov eax, esi
and ebx, 7
shl eax, 6
mov byte [ebp - 0x7c], al
mov al, byte [ecx + 0xaf]
shr esi, 2
and esi, 1
and eax, 0xfffffffe
or eax, esi
mov byte [ecx + 0xaf], al
mov esi, dword [ebp - 0x74]
lea eax, [esi + 0x6d5]
div esi
mov esi, 7
inc eax
cmp eax, 7
cmova eax, esi
or ebx, dword [ebp - 0x7c]
and eax, 7
shl eax, 3
or ebx, eax
mov byte [ecx + 0xae], bl

loc_fffa496e:  ; not directly referenced
lea eax, [edi - 0x4000]
mov ecx, dword [ecx + 0xac]
mov dword [ebp - 0x74], eax
lea eax, [edi + 0x14]
mov edx, eax
mov dword [ebp - 0x7c], eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
mov esi, dword [ebp + 8]
mov edi, dword [ebp - 0x6c]
mov edx, dword [esi + 0x5edd]
imul eax, edi, 0xcc
imul ecx, dword [esi + 0x18a7], 0x2e
lea eax, [edx + eax + 0x1c]
imul edx, edi, 0x13c3
mov edi, dword [ebp - 0x78]
lea edx, [ecx + edx + 0x1300]
lea ecx, [edi + edx + 0xf]
mov edx, dword [esi + 0x2481]
mov dword [eax + 0xa0], 0
mov ebx, dword [esi + 0x36d8]
cmp edx, 3
jne short loc_fffa49f0  ; jne 0xfffa49f0
mov dl, 4
cmp ebx, 0x42b
jbe short loc_fffa4a26  ; jbe 0xfffa4a26
cmp ebx, 0x536
sbb edx, edx
add edx, 6
jmp short loc_fffa4a26  ; jmp 0xfffa4a26

loc_fffa49f0:  ; not directly referenced
mov edx, 3
cmp ebx, 0x42b
jbe short loc_fffa4a26  ; jbe 0xfffa4a26
mov dl, 4
cmp ebx, 0x640
jbe short loc_fffa4a26  ; jbe 0xfffa4a26
mov dl, 5
cmp ebx, 0x74b
jbe short loc_fffa4a26  ; jbe 0xfffa4a26
mov dl, 6
cmp ebx, 0x960
jbe short loc_fffa4a26  ; jbe 0xfffa4a26
cmp ebx, 0xaf1
sbb edx, edx
add edx, 8

loc_fffa4a26:  ; not directly referenced
cmp edx, 0xf
mov ebx, 0xf
mov edi, dword [ebp + 8]
cmovbe ebx, edx
mov dl, byte [eax + 0xa0]
and ebx, 0xf
and edx, 0xfffffff0
or edx, ebx
mov byte [eax + 0xa0], dl
mov dl, byte [eax + 0xa3]
cmp dword [edi + 0x2481], 3
jne short loc_fffa4a5c  ; jne 0xfffa4a5c
and edx, 0x3f
jmp short loc_fffa4a5f  ; jmp 0xfffa4a5f

loc_fffa4a5c:  ; not directly referenced
or edx, 0xffffffc0

loc_fffa4a5f:  ; not directly referenced
mov byte [eax + 0xa3], dl
mov dx, word [ecx + 0xa]
mov bl, 0xff
mov edi, dword [ebp + 8]
cmp dx, 0xff
cmovbe ebx, edx
mov dl, byte [eax + 0xa0]
mov esi, ebx
shl esi, 4
shr bl, 4
and edx, 0xf
or edx, esi
mov byte [eax + 0xa0], dl
mov dl, byte [eax + 0xa1]
and edx, 0xffffff80
or edx, ebx
xor ebx, ebx
or edx, 0x40
mov byte [eax + 0xa1], dl
cmp dword [edi + 0x2481], 3
sete bl
and edx, 0x7f
add ebx, 6
and ebx, 0xf
mov esi, ebx
and esi, 1
shl esi, 7
or edx, esi
mov byte [eax + 0xa1], dl
mov dl, bl
shr dl, 1
mov esi, edx
mov dl, byte [eax + 0xa2]
shl ebx, 3
and edx, 0xffffff80
or edx, esi
or edx, ebx
mov ebx, 0x1f
mov byte [eax + 0xa2], dl
movzx ecx, word [ecx + 6]
add ecx, 5
cmp ecx, 0x1f
cmova ecx, ebx
and edx, 0x7f
mov ebx, ecx
and ebx, 1
shl ebx, 7
or edx, ebx
mov byte [eax + 0xa2], dl
mov dl, byte [eax + 0xa3]
shr ecx, 1
and ecx, 0xf
and edx, 0xfffffff0
or edx, ecx
or edx, 0x20
mov byte [eax + 0xa3], dl
mov ecx, dword [eax + 0xa0]
mov eax, dword [ebp - 0x74]
lea edx, [eax + 0x4004]
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
mov edi, dword [ebp - 0x6c]
mov esi, dword [ebp + 8]
imul eax, edi, 0xcc
mov edx, dword [esi + 0x5edd]
lea ebx, [edx + eax + 0x1c]
imul edx, dword [esi + 0x18a7], 0x2e
imul eax, edi, 0x13c3
mov edi, dword [ebp - 0x78]
lea eax, [edx + eax + 0x1300]
lea eax, [edi + eax + 0xf]
mov edi, dword [esi + 0x2481]
mov dword [ebx + 0xa4], 0
cmp edi, 2
jne short loc_fffa4b85  ; jne 0xfffa4b85
movzx edx, word [eax + 0x2c]
jmp short loc_fffa4b89  ; jmp 0xfffa4b89

loc_fffa4b85:  ; not directly referenced
movzx edx, word [eax + 0x28]

loc_fffa4b89:  ; not directly referenced
movzx ecx, word [eax + 8]
lea edx, [edx + ecx + 6]
mov ecx, 0x3f
cmp edx, 0x3f
cmova edx, ecx
mov cl, dl
mov dl, byte [ebx + 0xa4]
and ecx, 0x3f
and edx, 0xffffffc0
or edx, ecx
mov byte [ebx + 0xa4], dl
movzx edx, word [eax + 8]
movzx ecx, word [eax + 6]
cmp edi, 3
je short loc_fffa4bc6  ; je 0xfffa4bc6
sub edx, ecx
add edx, 7
jmp short loc_fffa4bcb  ; jmp 0xfffa4bcb

loc_fffa4bc6:  ; not directly referenced
mov edx, 8

loc_fffa4bcb:  ; not directly referenced
cmp edx, 0xf
mov ecx, 0xf
cmovbe ecx, edx
mov dl, byte [ebx + 0xa4]
and ecx, 0xf
mov esi, ecx
shl esi, 6
and edx, 0x3f
or edx, esi
mov byte [ebx + 0xa4], dl
mov dl, cl
shr dl, 2
shl ecx, 2
or edx, ecx
mov byte [ebx + 0xa5], dl
mov edx, 7
or byte [ebx + 0xa6], 1
cmp edi, 3
jne short loc_fffa4c22  ; jne 0xfffa4c22
mov edi, dword [ebp + 8]
cmp byte [edi + 0x240a], 1
sbb edx, edx
and edx, 0xfffffffe
add edx, 9

loc_fffa4c22:  ; not directly referenced
cmp edx, 0xf
mov ecx, 0xf
cmovbe ecx, edx
mov dl, byte [ebx + 0xa6]
and ecx, 0xf
lea edi, [ecx + ecx]
mov esi, ecx
shl esi, 5
and edx, 1
or edx, edi
or edx, esi
mov byte [ebx + 0xa6], dl
mov dl, byte [ebx + 0xa7]
shr cl, 3
and edx, 0xfffffffe
or edx, ecx
mov byte [ebx + 0xa7], dl
movzx ecx, word [eax + 0x26]
movzx eax, word [eax + 8]
lea eax, [ecx + eax + 4]
mov ecx, 0x3f
cmp eax, 0x3f
cmova eax, ecx
and edx, 0xffffff81
and eax, 0x3f
add eax, eax
or edx, eax
mov eax, dword [ebp + 8]
mov byte [ebx + 0xa7], dl
mov edx, dword [ebp - 0x7c]
call fcn_fffb331f  ; call 0xfffb331f
mov edi, dword [ebp - 0x74]
mov dword [ebx + 0xac], eax
movzx edx, byte [ebx + 0xad]
shr al, 5
movzx eax, al
and edx, 3
shl edx, 3
or edx, eax
mov al, byte [ebx + 0xa7]
cmp edx, 5
setg dl
shl edx, 7
and eax, 0x7f
or eax, edx
mov byte [ebx + 0xa7], al
mov eax, dword [ebp + 8]
lea edx, [edi + 0x4008]
mov ecx, dword [ebx + 0xa4]
call fcn_fffb3381  ; call 0xfffb3381
mov al, byte [ebx + 0xa7]
shr al, 7
movzx eax, al
inc eax
and eax, 3
mov ebx, eax
mov ecx, eax
shl ebx, 4
shl ecx, 6
lea edx, [eax*4]
or ecx, ebx
or ecx, edx
or ecx, eax
mov eax, dword [ebp + 8]
lea edx, [edi + 0x40d0]
call fcn_fffb335b  ; call 0xfffb335b
mov edi, dword [ebp - 0x6c]
mov esi, dword [ebp + 8]
imul eax, edi, 0xcc
mov edx, dword [esi + 0x5edd]
lea ecx, [edx + eax + 0x1c]
imul edx, dword [esi + 0x18a7], 0x2e
imul eax, edi, 0x13c3
mov edi, dword [ebp - 0x78]
lea eax, [edx + eax + 0x1300]
lea esi, [edi + eax + 0xf]
mov eax, dword [ebp + 8]
mov edi, dword [eax + 0x2481]
mov dword [ecx + 0xa8], 0
mov edx, dword [eax + 0x36d8]
mov eax, 0xa
cmp edx, 0x320
jbe short loc_fffa4dc7  ; jbe 0xfffa4dc7
mov al, 0xd
cmp edx, 0x42b
jbe short loc_fffa4dc7  ; jbe 0xfffa4dc7
mov al, 0x10
cmp edx, 0x535
jbe short loc_fffa4dc7  ; jbe 0xfffa4dc7
mov al, 0x14
cmp edx, 0x640
jbe short loc_fffa4dc7  ; jbe 0xfffa4dc7
mov al, 0x17
cmp edx, 0x74b
jbe short loc_fffa4dc7  ; jbe 0xfffa4dc7
mov al, 0x1a
cmp edx, 0x855
jbe short loc_fffa4dc7  ; jbe 0xfffa4dc7
mov al, 0x1d
cmp edx, 0x960
jbe short loc_fffa4dc7  ; jbe 0xfffa4dc7
mov al, 0x20
cmp edx, 0xa6b
jbe short loc_fffa4dc7  ; jbe 0xfffa4dc7
mov al, 0x22
cmp edx, 0xaf0
jbe short loc_fffa4dc7  ; jbe 0xfffa4dc7
cmp edx, 0xbb9
sbb eax, eax
and eax, 0xfffffffd
add eax, 0x27

loc_fffa4dc7:  ; not directly referenced
cmp eax, 0x3f
mov edx, 0x3f
cmovbe edx, eax
mov al, byte [ecx + 0xa8]
and edx, 0x3f
and eax, 0xffffffc0
or eax, edx
mov byte [ecx + 0xa8], al
mov eax, dword [ebp + 8]
mov edx, dword [eax + 0x36d8]
cmp edi, 3
jne short loc_fffa4e01  ; jne 0xfffa4e01
cmp edx, 0x536
sbb eax, eax
add eax, 6
jmp short loc_fffa4e28  ; jmp 0xfffa4e28

loc_fffa4e01:  ; not directly referenced
cmp edi, 2
jne short loc_fffa4e1d  ; jne 0xfffa4e1d
mov eax, 5
cmp edx, 0x640
jbe short loc_fffa4e28  ; jbe 0xfffa4e28
mov al, 6
cmp edx, 0x74b
jbe short loc_fffa4e28  ; jbe 0xfffa4e28

loc_fffa4e1d:  ; not directly referenced
cmp edx, 0x856
sbb eax, eax
add eax, 8

loc_fffa4e28:  ; not directly referenced
cmp eax, 0xf
mov edx, 0xf
cmovbe edx, eax
mov al, byte [ecx + 0xa8]
mov bl, dl
shl ebx, 6
shr edx, 2
and eax, 0x3f
and edx, 3
or eax, ebx
mov byte [ecx + 0xa8], al
mov al, byte [ecx + 0xa9]
and eax, 0xfffffffc
or eax, edx
mov byte [ecx + 0xa9], al
mov eax, dword [ebp + 8]
mov edx, dword [eax + 0x36d8]
mov eax, 4
cmp edx, 0x320
jbe short loc_fffa4ec7  ; jbe 0xfffa4ec7
mov al, 5
cmp edx, 0x42b
jbe short loc_fffa4ec7  ; jbe 0xfffa4ec7
mov al, 6
cmp edx, 0x535
jbe short loc_fffa4ec7  ; jbe 0xfffa4ec7
mov al, 7
cmp edx, 0x640
jbe short loc_fffa4ec7  ; jbe 0xfffa4ec7
mov al, 8
cmp edx, 0x74b
jbe short loc_fffa4ec7  ; jbe 0xfffa4ec7
mov al, 0xa
cmp edx, 0x855
jbe short loc_fffa4ec7  ; jbe 0xfffa4ec7
mov al, 0xb
cmp edx, 0x960
jbe short loc_fffa4ec7  ; jbe 0xfffa4ec7
mov al, 0xc
cmp edx, 0xaf0
jbe short loc_fffa4ec7  ; jbe 0xfffa4ec7
cmp edx, 0xbb9
sbb eax, eax
add eax, 0xe

loc_fffa4ec7:  ; not directly referenced
cmp eax, 0xf
mov edx, 0xf
cmovbe edx, eax
mov al, byte [ecx + 0xa9]
and edx, 0xf
shl edx, 2
and eax, 0xffffffc3
or eax, edx
mov byte [ecx + 0xa9], al
movzx eax, word [esi + 8]
movzx ebx, word [esi + 6]
mov esi, dword [ebp + 8]
sub ebx, eax
cmp dword [esi + 0x36d8], 0x536
lea eax, [ebx + 8]
movzx esi, word [esi + 0x248a]
lea edx, [ebx + 7]
cmovb eax, edx
cmp edi, 3
jne short loc_fffa4f25  ; jne 0xfffa4f25
add esi, esi
xor edx, edx
lea eax, [esi + 0x157b]
div esi
lea eax, [ebx + eax + 6]

loc_fffa4f25:  ; not directly referenced
cmp eax, 0x1f
mov edx, 0x1f
cmovbe edx, eax
mov al, byte [ecx + 0xa9]
and edx, 0x1f
mov bl, dl
shl ebx, 6
and eax, 0x3f
or eax, ebx
mov byte [ecx + 0xa9], al
mov al, dl
lea ebx, [edx*8]
shr al, 2
or eax, ebx
mov byte [ecx + 0xaa], al
mov al, byte [ecx + 0xab]
and eax, 0xffffffe0
or eax, edx
mov byte [ecx + 0xab], al
mov eax, dword [ebp - 0x74]
mov ecx, dword [ecx + 0xa8]
lea edx, [eax + 0x400c]
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
cmp dword [ebp - 0x80], 2
jne loc_fffa505e  ; jne 0xfffa505e
mov edi, dword [ebp + 8]
imul eax, dword [ebp - 0x6c], 0xcc
mov edx, dword [edi + 0x5edd]
lea eax, [edx + eax + 0x1c]
imul edx, dword [edi + 0x18a7], 0x2e
mov edi, dword [ebp - 0x70]
lea ecx, [edi + edx + 4]
mov edi, dword [ebp + 8]
mov dl, 4
mov ebx, dword [edi + 0x36d8]
cmp ebx, 0x535
jbe short loc_fffa4fd9  ; jbe 0xfffa4fd9
mov dl, 5
cmp ebx, 0x74b
jbe short loc_fffa4fd9  ; jbe 0xfffa4fd9
cmp ebx, 0x961
sbb edx, edx
add edx, 7

loc_fffa4fd9:  ; not directly referenced
and edx, 0xf
mov bl, dl
shl ebx, 4
or ebx, edx
mov dword [eax + 0xb0], 0
mov dl, byte [eax + 0xb1]
mov byte [eax + 0xb0], bl
mov bx, word [ecx + 0x2a]
add bl, byte [ecx + 8]
and edx, 0xffffffc0
add ebx, 6
and ebx, 0x3f
or edx, ebx
mov byte [eax + 0xb1], dl
mov bx, word [ecx + 0x20]
mov cl, 0xf
mov esi, ebx
and esi, 0xf
cmp bx, 0xf
cmovbe ecx, esi
and edx, 0x3f
mov bl, cl
shl ebx, 6
or edx, ebx
mov byte [eax + 0xb1], dl
mov dl, byte [eax + 0xb2]
shr cl, 2
and edx, 0xfffffffc
or edx, ecx
mov byte [eax + 0xb2], dl
mov edx, dword [ebp - 0x74]
mov ecx, dword [eax + 0xb0]
mov eax, dword [ebp + 8]
add edx, 0x4018
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa505e:  ; not directly referenced
inc dword [ebp - 0x6c]
add dword [ebp - 0x70], 0x13c3
cmp dword [ebp - 0x6c], 2
jne loc_fffa45f0  ; jne 0xfffa45f0
mov eax, dword [ebp + 8]
mov edi, dword [ebp + 8]
mov edx, dword [eax + 0x5edd]
xor eax, eax
cmp byte [edi + 0x381b], 0
je short loc_fffa5093  ; je 0xfffa5093
cmp dword [edi + 0x3817], 2
sete al

loc_fffa5093:  ; not directly referenced
mov edi, dword [ebp + 8]
cmp byte [edi + 0x4bde], 0
je short loc_fffa50ae  ; je 0xfffa50ae
mov cl, al
or ecx, 2
cmp dword [edi + 0x4bda], 2
cmove eax, ecx

loc_fffa50ae:  ; not directly referenced
lea edi, [edx + 0xbc]
movzx eax, al
mov dword [ebp - 0x70], edi
mov edi, dword [ebp + 8]
mov dword [ebp - 0x6c], 0
mov dword [ebp - 0x74], eax
add edi, 0x4ae7

loc_fffa50cd:  ; not directly referenced
mov eax, dword [ebp - 0x74]
mov esi, dword [ebp - 0x6c]
bt eax, esi
jae loc_fffa5241  ; jae 0xfffa5241
mov eax, dword [edi - 0x144]
movzx ebx, byte [edi - 0x12cc]
cmp eax, 3
sete cl
cmp eax, 8
sete dl
xor eax, eax
or cl, dl
je short loc_fffa5113  ; je 0xfffa5113
mov eax, dword [ebp - 0xb8]
mov al, byte [edi - 0x128]
mov word [ebp - 0xb8], ax
mov eax, 1

loc_fffa5113:  ; not directly referenced
mov edx, dword [edi - 0x1c]
cmp edx, 8
sete cl
cmp edx, 3
sete dl
or cl, dl
jne short loc_fffa512f  ; jne 0xfffa512f
mov esi, 6
test eax, eax
je short loc_fffa5162  ; je 0xfffa5162

loc_fffa512f:  ; not directly referenced
mov al, byte [edi]
mov ecx, dword [ebp - 0xb8]
mov ch, al
mov word [ebp - 0xb8], cx
mov al, cl
cmp cl, 5
je short loc_fffa5154  ; je 0xfffa5154
movzx edx, ch
mov esi, 6
cmp dl, 5
jne short loc_fffa5162  ; jne 0xfffa5162

loc_fffa5154:  ; not directly referenced
mov ecx, dword [ebp - 0xb8]
cmp ch, al
setne al
lea esi, [eax + 6]

loc_fffa5162:  ; not directly referenced
sub esp, 0xc
mov eax, esi
mov edx, dword [ebp - 0x6c]
push ebx
movsx eax, al
push 1
xor ecx, ecx
push 1
push eax
mov eax, dword [ebp + 8]
push 8
call fcn_fffb4652  ; call 0xfffb4652
mov eax, esi
add esp, 0x20
cmp al, 7
jne loc_fffa5241  ; jne 0xfffa5241
mov eax, dword [ebp - 0x70]
sub esp, 0xc
mov edx, dword [ebp - 0x6c]
mov esi, dword [eax]
push ebx
push 1
push 1
mov ecx, esi
shr ecx, 0xf
mov eax, ecx
xor ecx, ecx
and eax, 0xf
inc eax
push eax
mov eax, dword [ebp + 8]
push 0
shr esi, 0x13
and esi, 0xf
call fcn_fffb4652  ; call 0xfffb4652
add esp, 0x14
mov edx, dword [ebp - 0x6c]
push ebx
xor ecx, ecx
push 1
push 1
lea eax, [esi + 1]
push eax
mov eax, dword [ebp + 8]
push 1
call fcn_fffb4652  ; call 0xfffb4652
mov eax, dword [ebp - 0x70]
add esp, 0x14
mov edx, dword [ebp - 0x6c]
xor ecx, ecx
mov esi, dword [eax + 8]
push ebx
push 1
push 1
mov eax, esi
shr eax, 0x13
and eax, 0x1f
inc eax
push eax
mov eax, dword [ebp + 8]
push 4
call fcn_fffb4652  ; call 0xfffb4652
add esp, 0x14
mov eax, esi
push ebx
mov edx, dword [ebp - 0x6c]
xor ecx, ecx
shr eax, 0x18
push 1
and eax, 0x1f
push 1
inc eax
push eax
mov eax, dword [ebp + 8]
push 5
shr esi, 0xe
and esi, 0x1f
call fcn_fffb4652  ; call 0xfffb4652
add esp, 0x14
mov edx, dword [ebp - 0x6c]
push ebx
xor ecx, ecx
push 1
push 1
lea eax, [esi + 1]
push eax
mov eax, dword [ebp + 8]
push 0xe
call fcn_fffb4652  ; call 0xfffb4652
add esp, 0x20

loc_fffa5241:  ; not directly referenced
inc dword [ebp - 0x6c]
add edi, 0x13c3
add dword [ebp - 0x70], 0xcc
cmp dword [ebp - 0x6c], 2
jne loc_fffa50cd  ; jne 0xfffa50cd
mov edi, 0x4290
mov dword [ebp - 0x6c], 0

loc_fffa5267:  ; not directly referenced
imul eax, dword [ebp - 0x6c], 0x13c3
mov esi, dword [ebp + 8]
cmp dword [esi + eax + 0x3757], 2
jne loc_fffa556a  ; jne 0xfffa556a
mov edx, dword [ebp - 0x6c]
mov eax, esi
call fcn_fffb3431  ; call 0xfffb3431
mov eax, dword [ebp + 8]
mov ebx, dword [eax + 0x36d8]
mov eax, dword [eax + 0x188b]
mov dword [ebp - 0x70], eax
mov eax, dword [ebp + 8]
mov ecx, dword [eax + 0x2481]
cmp ecx, 3
jne short loc_fffa52bc  ; jne 0xfffa52bc
movzx esi, word [eax + 0x248a]
mov eax, 0x57e40
cdq
add esi, esi
idiv esi
jmp short loc_fffa530d  ; jmp 0xfffa530d

loc_fffa52bc:  ; not directly referenced
cmp ecx, 2
je short loc_fffa5308  ; je 0xfffa5308
mov eax, 0x100
cmp ebx, 0x640
jbe short loc_fffa530d  ; jbe 0xfffa530d
mov al, 0x2b
cmp ebx, 0x74b
jbe short loc_fffa5315  ; jbe 0xfffa5315
mov al, 0x56
cmp ebx, 0x855
jbe short loc_fffa5315  ; jbe 0xfffa5315
mov al, 0x80
cmp ebx, 0x960
jbe short loc_fffa5315  ; jbe 0xfffa5315
mov al, 0xab
cmp ebx, 0xa6b
jbe short loc_fffa5315  ; jbe 0xfffa5315
cmp ebx, 0xb76
sbb eax, eax
and eax, 0xffffffd6
add eax, 0x200
jmp short loc_fffa5315  ; jmp 0xfffa5315

loc_fffa5308:  ; not directly referenced
mov eax, 0x200

loc_fffa530d:  ; not directly referenced
cmp ebx, 0x320
jbe short loc_fffa537a  ; jbe 0xfffa537a

loc_fffa5315:  ; not directly referenced
cmp ebx, 0x42b
jbe short loc_fffa5381  ; jbe 0xfffa5381
cmp ebx, 0x535
jbe loc_fffa5b40  ; jbe 0xfffa5b40
cmp ebx, 0x640
jbe loc_fffa5b47  ; jbe 0xfffa5b47
cmp ebx, 0x74b
jbe loc_fffa5b4e  ; jbe 0xfffa5b4e
cmp ebx, 0x855
jbe loc_fffa5b55  ; jbe 0xfffa5b55
cmp ebx, 0x960
jbe loc_fffa5b5c  ; jbe 0xfffa5b5c
mov edx, 0xe
cmp ebx, 0xaf0
jbe loc_fffa53fb  ; jbe 0xfffa53fb
cmp ebx, 0xbb9
sbb edx, edx
add edx, 0x10
jmp near loc_fffa53fb  ; jmp 0xfffa53fb

loc_fffa537a:  ; not directly referenced
mov edx, 4
jmp short loc_fffa5386  ; jmp 0xfffa5386

loc_fffa5381:  ; not directly referenced
mov edx, 6

loc_fffa5386:  ; not directly referenced
cmp ecx, 2
je short loc_fffa5400  ; je 0xfffa5400
mov esi, 0xc
cmp ebx, 0x42b
jbe short loc_fffa5405  ; jbe 0xfffa5405

loc_fffa5398:  ; not directly referenced
mov esi, 0xc
cmp ebx, 0x640
jbe short loc_fffa5405  ; jbe 0xfffa5405
mov si, 0xe
cmp ebx, 0x74b
jbe short loc_fffa5405  ; jbe 0xfffa5405
mov si, 0x10
cmp ebx, 0x855
jbe short loc_fffa5405  ; jbe 0xfffa5405
mov si, 0x12
cmp ebx, 0x960
jbe short loc_fffa5405  ; jbe 0xfffa5405

loc_fffa53c9:  ; not directly referenced
mov esi, 0x14
cmp ebx, 0xa6b
jbe short loc_fffa5405  ; jbe 0xfffa5405
mov si, 0x15
cmp ebx, 0xaf0
jbe short loc_fffa5405  ; jbe 0xfffa5405
mov si, 0x16
cmp ebx, 0xb75
jbe short loc_fffa5405  ; jbe 0xfffa5405
cmp ebx, 0xbb9
sbb esi, esi
add esi, 0x18
jmp short loc_fffa5405  ; jmp 0xfffa5405

loc_fffa53fb:  ; not directly referenced
cmp ecx, 2
jne short loc_fffa53c9  ; jne 0xfffa53c9

loc_fffa5400:  ; not directly referenced
mov esi, 0x18

loc_fffa5405:  ; not directly referenced
cmp edx, 0xf
mov ecx, 0xf
cmova edx, ecx
mov ebx, 0x3ff
and edx, 0xf
shl edx, 0xc
cmp eax, 0x3ff
cmovbe ebx, eax
or dh, 2
and ebx, 0x3ff
shl ebx, 0x10
or edx, ebx
cmp dword [ebp - 0x70], 0
jne short loc_fffa5445  ; jne 0xfffa5445
sub esi, 8
cmp esi, 0xf
cmovbe ecx, esi
shl ecx, 0x1c
jmp short loc_fffa5454  ; jmp 0xfffa5454

loc_fffa5445:  ; not directly referenced
inc esi
mov ecx, 0x1f
cmp esi, 0x1f
cmovbe ecx, esi
shl ecx, 0x1b

loc_fffa5454:  ; not directly referenced
mov eax, dword [ebp + 8]
or ecx, edx
lea edx, [edi + 0x14]
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
xor ecx, ecx
mov eax, dword [eax + 0x188b]
mov dword [ebp - 0x70], eax
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x1887]
mov dword [ebp - 0x74], eax
mov eax, dword [ebp + 8]
mov esi, dword [eax + 0x2481]
mov edx, dword [eax + 0x36d8]
cmp esi, 3
jne short loc_fffa54a2  ; jne 0xfffa54a2
movzx ebx, word [eax + 0x248a]
mov eax, 0x15f90
cdq
add ebx, ebx
idiv ebx
jmp short loc_fffa54ec  ; jmp 0xfffa54ec

loc_fffa54a2:  ; not directly referenced
mov eax, 0x80
cmp esi, 2
je short loc_fffa54ec  ; je 0xfffa54ec
mov al, 0x40
cmp edx, 0x640
jbe short loc_fffa54ec  ; jbe 0xfffa54ec
mov al, 0x4b
cmp edx, 0x74b
jbe short loc_fffa54ec  ; jbe 0xfffa54ec
mov al, 0x56
cmp edx, 0x855
jbe short loc_fffa54ec  ; jbe 0xfffa54ec
mov al, 0x60
cmp edx, 0x960
jbe short loc_fffa54ec  ; jbe 0xfffa54ec
mov al, 0x6b
cmp edx, 0xa6b
jbe short loc_fffa54ec  ; jbe 0xfffa54ec
cmp edx, 0xb76
sbb eax, eax
and eax, 0xfffffff6
sub eax, 0xffffff80

loc_fffa54ec:  ; not directly referenced
cmp dword [ebp - 0x70], 1
sete dl
cmp dword [ebp - 0x74], 0x40650
sete bl
or dl, bl
je short loc_fffa552a  ; je 0xfffa552a
cmp esi, 3
mov edx, 0x100
mov ecx, 0x80
cmove ecx, edx
cmp eax, 0x3ff
mov dx, 0x3ff
cmovbe edx, eax
and edx, 0x3ff
shl edx, 0xa
or ecx, edx
jmp short loc_fffa553b  ; jmp 0xfffa553b

loc_fffa552a:  ; not directly referenced
mov edx, 0xff
cmp eax, 0xff
mov cl, 0x80
cmovbe edx, eax
mov ch, dl

loc_fffa553b:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, edi
lea ebx, [edi + 4]
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
mov edx, ebx
call fcn_fffb331f  ; call 0xfffb331f
mov edx, ebx
mov ecx, eax
mov eax, dword [ebp + 8]
mov cl, 0xff
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
mov edx, ebx
call fcn_fffb331f  ; call 0xfffb331f

loc_fffa556a:  ; not directly referenced
inc dword [ebp - 0x6c]
add edi, 0x400
cmp dword [ebp - 0x6c], 2
jne loc_fffa5267  ; jne 0xfffa5267
mov eax, dword [ebp + 8]
mov ecx, 0x100000
mov esi, dword [eax + 0x1887]
cmp dword [eax + 0x2481], 3
mov edi, dword [eax + 0x188b]
sete al
cmp esi, 0x306d0
sete bl
cmp esi, 0x40650
sete dl
or bl, dl
jne short loc_fffa55be  ; jne 0xfffa55be
cmp esi, 0x40670
sete dl
test dl, al
je short loc_fffa55df  ; je 0xfffa55df

loc_fffa55be:  ; not directly referenced
mov ecx, 0x102000
test al, al
je short loc_fffa55df  ; je 0xfffa55df
mov eax, dword [ebp + 8]
cmp byte [eax + 0x240a], 1
sbb ecx, ecx
and ecx, 0x2000
add ecx, 0x4100000

loc_fffa55df:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 0x4c20
call fcn_fffb38b3  ; call 0xfffb38b3
mov eax, dword [ebp + 8]
mov ecx, 0x553c3038
mov edx, 0x4f8c
call fcn_fffb38b3  ; call 0xfffb38b3
mov eax, dword [ebp + 8]
cmp dword [eax + 0x2481], 3
je short loc_fffa5613  ; je 0xfffa5613

loc_fffa560a:  ; not directly referenced
dec edi
jne loc_fffa56bc  ; jne 0xfffa56bc
jmp short loc_fffa566b  ; jmp 0xfffa566b

loc_fffa5613:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x3757], 2
jne short loc_fffa563e  ; jne 0xfffa563e
mov edx, 0x4010
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x4010
and eax, 0xfffffff0
or eax, 7
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa563e:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x4b1a], 2
jne short loc_fffa560a  ; jne 0xfffa560a
mov edx, 0x4410
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x4410
and eax, 0xfffffff0
or eax, 7
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
jmp short loc_fffa560a  ; jmp 0xfffa560a

loc_fffa566b:  ; not directly referenced
mov edi, dword [ebp + 8]
xor edx, edx
mov ecx, 0x1ffff
cmp dword [edi + 0x191c], 0x1ffff
cmovbe ecx, dword [edi + 0x191c]
mov dx, word [edi + 0x1920]
and ecx, 0x1ffff
cmp byte [edi + 0x191b], 0
mov eax, ecx
je short loc_fffa56a8  ; je 0xfffa56a8
mov ecx, edx
or ecx, 0x80000000
mov edx, ecx

loc_fffa56a8:  ; not directly referenced
push ecx
push ecx
push edx
mov edx, 0x5028
push eax
mov eax, dword [ebp + 8]
call fcn_fffb3506  ; call 0xfffb3506
add esp, 0x10

loc_fffa56bc:  ; not directly referenced
mov eax, dword [ebp + 8]
xor ecx, ecx
mov edx, 0x3f
xor esi, esi
xor edi, edi
call fcn_fffc3b02  ; call 0xfffc3b02
mov eax, dword [ebp + 8]
lea ecx, [ebp - 0x20]
mov edx, dword [ebp - 0x88]
mov eax, dword [eax + 0x188b]
mov dword [ebp - 0x70], eax
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x2481]
mov dword [ebp - 0x74], eax
lea eax, [ebp - 0x28]

loc_fffa56f3:  ; not directly referenced
mov dword [eax], 0
cmp dword [edx], 2
jne short loc_fffa5720  ; jne 0xfffa5720
cmp dword [edx + 0x1173], 2
jne short loc_fffa570f  ; jne 0xfffa570f
mov ebx, dword [edx + 0x1254]
mov dword [eax], ebx

loc_fffa570f:  ; not directly referenced
cmp dword [edx + 0x129b], 2
jne short loc_fffa5720  ; jne 0xfffa5720
mov ebx, dword [edx + 0x137c]
add dword [eax], ebx

loc_fffa5720:  ; not directly referenced
add eax, 4
add edx, 0x13c3
cmp eax, ecx
jne short loc_fffa56f3  ; jne 0xfffa56f3
mov eax, dword [ebp + 8]
mov al, byte [eax + 0x248e]
mov byte [ebp - 0x78], al
mov eax, dword [ebp - 0x24]
mov ebx, eax
mov dword [ebp - 0x6c], eax
mov eax, dword [ebp - 0x28]
cmp ebx, eax
ja short loc_fffa5766  ; ja 0xfffa5766
mov eax, dword [ebp + 8]
mov ebx, 4
mov dword [eax + 0x381c], 0
mov dword [eax + 0x4bdf], 1
jmp short loc_fffa5785  ; jmp 0xfffa5785

loc_fffa5766:  ; not directly referenced
mov ecx, dword [ebp + 8]
mov ebx, 1
mov dword [ebp - 0x6c], eax
mov dword [ecx + 0x381c], 1
mov dword [ecx + 0x4bdf], 0

loc_fffa5785:  ; not directly referenced
mov eax, dword [ebp - 0x6c]
mov edx, 0xff
shr eax, 8
cmp dword [ebp - 0x70], 0
jne short loc_fffa57b7  ; jne 0xfffa57b7
cmp eax, 0xff
mov esi, edx
cmovbe esi, eax
add eax, eax
cmp eax, 0xff
cmova eax, edx
movzx eax, al
shl eax, 0x10
shl esi, 0x18
or esi, eax
jmp short loc_fffa57c5  ; jmp 0xfffa57c5

loc_fffa57b7:  ; not directly referenced
cmp eax, 0xff
cmovbe edx, eax
mov eax, esi
mov al, dl
mov esi, eax

loc_fffa57c5:  ; not directly referenced
and ebx, 0xfffffbcf
mov ecx, ebx
mov ebx, dword [ebp - 0x74]
cmp ebx, 3
sete dl
or ecx, 0x20
mov eax, edx
and eax, 1
shl eax, 0xa
or ecx, eax
xor eax, eax
cmp ebx, 2
sete al
and ch, 0xf7
shl eax, 0xb
or ecx, eax
mov eax, dword [ebp + 8]
mov ebx, ecx
mov al, byte [eax + 0x1917]
test al, al
je loc_fffa58c3  ; je 0xfffa58c3
cmp dword [ebp - 0x70], 0
jne short loc_fffa5851  ; jne 0xfffa5851
mov edx, dword [ebp + 8]
mov edi, 0x3fff
mov eax, dword [ebp + 8]
mov dl, byte [edx + 0x191a]
cmp word [eax + 0x1918], 0x3fff
cmovbe di, word [eax + 0x1918]
mov al, 3
mov byte [ebp - 0x70], dl
mov edx, dword [ebp + 8]
and edi, 0x3fff
cmp byte [edx + 0x191a], 3
mov dl, byte [ebp - 0x70]
cmovbe eax, edx
and eax, 3
shl eax, 0x15
jmp short loc_fffa58bb  ; jmp 0xfffa58bb

loc_fffa5851:  ; not directly referenced
cmp al, 2
jne short loc_fffa5878  ; jne 0xfffa5878
test dl, dl
je short loc_fffa5871  ; je 0xfffa5871
mov al, byte [ebp - 0x78]
cmp al, 4
sete dl
dec al
sete al
or dl, al
je short loc_fffa5871  ; je 0xfffa5871
mov edi, 0xd030c0
jmp short loc_fffa58c3  ; jmp 0xfffa58c3

loc_fffa5871:  ; not directly referenced
mov edi, 0x9030ce
jmp short loc_fffa58c3  ; jmp 0xfffa58c3

loc_fffa5878:  ; not directly referenced
mov edx, dword [ebp + 8]
mov edi, 0x3fff
mov eax, dword [ebp + 8]
mov dl, byte [edx + 0x191a]
cmp word [eax + 0x1918], 0x3fff
cmovbe di, word [eax + 0x1918]
mov al, 7
mov byte [ebp - 0x70], dl
mov edx, dword [ebp + 8]
and edi, 0x3fff
cmp byte [edx + 0x191a], 7
mov dl, byte [ebp - 0x70]
cmovbe eax, edx
and eax, 7
shl eax, 0x14

loc_fffa58bb:  ; not directly referenced
or edi, 0x800000
or edi, eax

loc_fffa58c3:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp byte [eax + 0x2402], 0
je short loc_fffa5907  ; je 0xfffa5907
mov eax, dword [ebp - 0x24]
cmp dword [ebp - 0x28], eax
jne short loc_fffa58fd  ; jne 0xfffa58fd
mov eax, dword [ebp - 0x6c]
mov ebx, ecx
or edi, 0x800000
or ebx, 0x40
and ebx, 0xfffffc7f
call fcn_fffb396b  ; call 0xfffb396b
sub eax, 9
and eax, 7
shl eax, 7
or ebx, eax
jmp short loc_fffa5907  ; jmp 0xfffa5907

loc_fffa58fd:  ; not directly referenced
mov eax, dword [ebp + 8]
mov byte [eax + 0x2402], 0

loc_fffa5907:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ecx, edi
mov edx, 0x5024
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
mov ecx, ebx
mov edx, 0x5000
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
mov ecx, esi
mov edx, 0x5014
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
mov dword [ebp - 0x6c], 0x5004
lea ebx, [eax + 0x48ca]

loc_fffa5944:  ; not directly referenced
cmp dword [ebx - 0x1173], 2
mov esi, ebx
jne loc_fffa5ade  ; jne 0xfffa5ade
xor edx, edx
cmp dword [ebx], 2
jne short loc_fffa5960  ; jne 0xfffa5960
mov edx, dword [ebx + 0xe1]

loc_fffa5960:  ; not directly referenced
cmp dword [ebx + 0x128], 2
lea eax, [ebx + 0x128]
jne short loc_fffa5977  ; jne 0xfffa5977
cmp dword [ebx + 0x209], edx
ja short loc_fffa597d  ; ja 0xfffa597d

loc_fffa5977:  ; not directly referenced
mov edi, eax
xor ecx, ecx
jmp short loc_fffa5986  ; jmp 0xfffa5986

loc_fffa597d:  ; not directly referenced
mov ecx, 0x10000
mov edi, ebx
mov esi, eax

loc_fffa5986:  ; not directly referenced
mov al, byte [esi + 0xed]
mov byte [ebp - 0x70], al
test al, al
je short loc_fffa59d5  ; je 0xfffa59d5
cmp dword [esi], 2
jne short loc_fffa59d5  ; jne 0xfffa59d5
mov eax, dword [esi + 0xe1]
mov edx, 0xff
shr eax, 8
cmp eax, 0xff
cmova eax, edx
xor edx, edx
cmp byte [ebp - 0x70], 1
mov cl, al
setne dl
and ecx, 0xfff5ffff
shl edx, 0x11
xor eax, eax
cmp byte [esi + 0xf1], 0x10
sete al
or ecx, edx
shl eax, 0x13
or ecx, eax

loc_fffa59d5:  ; not directly referenced
mov al, byte [edi + 0xed]
mov byte [ebp - 0x70], al
test al, al
je short loc_fffa5a24  ; je 0xfffa5a24
cmp dword [edi], 2
jne short loc_fffa5a24  ; jne 0xfffa5a24
mov eax, dword [edi + 0xe1]
mov edx, 0xff
shr eax, 8
cmp eax, 0xff
cmova eax, edx
mov ch, al
xor eax, eax
cmp byte [ebp - 0x70], 1
setne al
and ecx, 0xffebffff
shl eax, 0x12
xor edx, edx
cmp byte [edi + 0xf1], 0x10
sete dl
or ecx, eax
shl edx, 0x14
or ecx, edx

loc_fffa5a24:  ; not directly referenced
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x1887]
cmp eax, 0x306d0
sete dl
cmp eax, 0x40650
sete al
or dl, al
je short loc_fffa5a51  ; je 0xfffa5a51
lea eax, [ecx + ecx]
and ecx, 0xffefffff
and eax, 0x100000
or ecx, eax

loc_fffa5a51:  ; not directly referenced
mov edi, dword [ebp + 8]
mov eax, ecx
or eax, 0x200000
mov edx, dword [ebp - 0x6c]
cmp byte [edi + 0x1908], 0
cmovne ecx, eax
mov eax, ecx
or eax, 0x400000
cmp byte [edi + 0x1909], 0
cmovne ecx, eax
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
cmp dword [eax + 0x2481], 3
jne short loc_fffa5ade  ; jne 0xfffa5ade
cmp dword [eax + 0x1887], 0x40650
jne short loc_fffa5aad  ; jne 0xfffa5aad
xor ecx, ecx
cmp byte [esi + 0xf1], 0x20
sete cl
lea ecx, [ecx + ecx*2 + 0x200d00]
jmp short loc_fffa5aca  ; jmp 0xfffa5aca

loc_fffa5aad:  ; not directly referenced
mov al, byte [esi + 0xf1]
mov ecx, 0x401a00
cmp al, 0x10
jne short loc_fffa5ac0  ; jne 0xfffa5ac0
mov cl, 5
jmp short loc_fffa5aca  ; jmp 0xfffa5aca

loc_fffa5ac0:  ; not directly referenced
cmp al, 0x20
mov eax, 0x401a0a
cmove ecx, eax

loc_fffa5aca:  ; not directly referenced
mov edx, dword [ebp - 0x6c]
mov eax, dword [ebp + 8]
shl edx, 8
sub edx, 0x4fc1f0
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa5ade:  ; not directly referenced
add dword [ebp - 0x6c], 4
add ebx, 0x13c3
cmp dword [ebp - 0x6c], 0x500c
jne loc_fffa5944  ; jne 0xfffa5944
xor edx, edx
jmp short loc_fffa5b6f  ; jmp 0xfffa5b6f

loc_fffa5af9:  ; not directly referenced
mov eax, dword [ebp + 8]
call fcn_fffa67d6  ; call 0xfffa67d6
mov edx, 0x12
test eax, eax
jne short loc_fffa5b6f  ; jne 0xfffa5b6f
sub esp, 0xc
lea eax, [ebp - 0x58]
push eax
mov eax, dword [ebp + 8]
lea edx, [ebp - 0x28]
lea ecx, [ebp - 0x5b]
call fcn_fffa7762  ; call 0xfffa7762
mov edi, dword [ebp + 8]
add esp, 0x10
mov edx, 0x16
mov dword [edi + 0x36d8], eax
mov al, byte [edi + 0x36e8]
cmp byte [ebp - 0x5b], al
jne short loc_fffa5b6f  ; jne 0xfffa5b6f
jmp near loc_fffa2dda  ; jmp 0xfffa2dda

loc_fffa5b40:  ; not directly referenced
mov edx, 7
jmp short loc_fffa5b61  ; jmp 0xfffa5b61

loc_fffa5b47:  ; not directly referenced
mov edx, 8
jmp short loc_fffa5b61  ; jmp 0xfffa5b61

loc_fffa5b4e:  ; not directly referenced
mov edx, 0xa
jmp short loc_fffa5b61  ; jmp 0xfffa5b61

loc_fffa5b55:  ; not directly referenced
mov edx, 0xb
jmp short loc_fffa5b61  ; jmp 0xfffa5b61

loc_fffa5b5c:  ; not directly referenced
mov edx, 0xc

loc_fffa5b61:  ; not directly referenced
cmp ecx, 2
jne loc_fffa5398  ; jne 0xfffa5398
jmp near loc_fffa5400  ; jmp 0xfffa5400

loc_fffa5b6f:  ; not directly referenced
lea esp, [ebp - 0xc]
mov eax, edx
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa5b79:  ; not directly referenced
push ebp
mov eax, 0x80000003
mov ebp, esp
pop ebp
ret

fcn_fffa5b83:  ; not directly referenced
push ebp
mov eax, 0x80000003
mov ebp, esp
pop ebp
ret

fcn_fffa5b8d:  ; not directly referenced
push ebp
mov eax, 0x80000003
mov ebp, esp
pop ebp
ret

fcn_fffa5b97:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0xc]
mov edx, dword [ebp + 8]
out dx, al
pop ebp
ret

fcn_fffa5ba3:  ; not directly referenced
push ebp
mov ebp, esp
mov edx, dword [ebp + 8]
in al, dx
pop ebp
ret

fcn_fffa5bac:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0xc]
mov edx, dword [ebp + 0x10]
mov ecx, dword [ebp + 8]
wrmsr
pop ebp
ret

fcn_fffa5bbc:  ; not directly referenced
push ebp
mov ebp, esp
mov ecx, dword [ebp + 8]
rdmsr
pop ebp
ret

fcn_fffa5bc6:  ; not directly referenced
push ebp
mov ebp, esp
sub esp, 8
mov eax, dword [ebp + 8]
cmp dword [ebp + 0xc], 0x41
mov edx, dword [eax + 0x241b]
mov edx, dword [edx + 0x1e]
jne short loc_fffa5beb  ; jne 0xfffa5beb
sub esp, 0xc
push eax
call dword [edx + 0xcc]  ; ucall
add esp, 0x10

loc_fffa5beb:  ; not directly referenced
xor eax, eax
leave
ret

fcn_fffa5bef:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x14]
pop ebp
ret

fcn_fffa5bf7:  ; not directly referenced
push ebp
xor eax, eax
mov ebp, esp
pop ebp
ret

fcn_fffa5bfe:  ; not directly referenced
push ebp
mov ebp, esp
push edi
sub esp, 0x1c
mov eax, dword [ebp + 0xc]
mov dword [ebp - 0x10], 0
mov dword [ebp - 0xc], 0
mov dword [ebp - 0x20], eax
mov eax, dword [ebp + 0x10]
mov dword [ebp - 0x1c], eax
mov eax, dword [ebp + 8]
mov dword [ebp - 0x14], eax
movq qword [ebp - 0x10], mm0
mov edi, dword [ebp - 0x14]
movq mm0, qword [ebp - 0x20]
movq qword [edi], mm0
movq mm0, qword [ebp - 0x10]
emms
mov eax, dword [ebp - 0x20]
mov edx, dword [ebp - 0x1c]
add esp, 0x1c
pop edi
pop ebp
ret

fcn_fffa5c45:  ; not directly referenced
push ebp
xor edx, edx
mov ebp, esp
mov eax, dword [ebp + 8]
mov ecx, dword [ebp + 0x10]

loc_fffa5c50:  ; not directly referenced
cmp edx, dword [ebp + 0xc]
je short loc_fffa5c5b  ; je 0xfffa5c5b
mov dword [eax + edx*4], ecx
inc edx
jmp short loc_fffa5c50  ; jmp 0xfffa5c50

loc_fffa5c5b:  ; not directly referenced
pop ebp
ret

fcn_fffa5c5d:  ; not directly referenced
push ebp
xor edx, edx
mov ebp, esp
mov eax, dword [ebp + 8]
mov ecx, dword [ebp + 0x10]

loc_fffa5c68:  ; not directly referenced
cmp edx, dword [ebp + 0xc]
je short loc_fffa5c74  ; je 0xfffa5c74
mov word [eax + edx*2], cx
inc edx
jmp short loc_fffa5c68  ; jmp 0xfffa5c68

loc_fffa5c74:  ; not directly referenced
pop ebp
ret

fcn_fffa5c76:
push ebp
mov ebp, esp
push esi
mov esi, dword [ebp + 0x10]
push ebx
mov ebx, dword [ebp + 0xc]
add esi, ebx

loc_fffa5c83:
cmp ebx, esi
je short loc_fffa5ca0  ; je 0xfffa5ca0
mov eax, dword [0xff7d0274]
inc ebx
movzx edx, byte [ebx - 1]
test eax, eax
je short loc_fffa5c83  ; je 0xfffa5c83
sub esp, 0xc
push edx
call eax
add esp, 0x10
jmp short loc_fffa5c83  ; jmp 0xfffa5c83

loc_fffa5ca0:
lea esp, [ebp - 8]
or eax, 0xffffffff
pop ebx
pop esi
pop ebp
ret

fcn_fffa5caa:  ; not directly referenced
push ebp
xor eax, eax
mov ebp, esp
pop ebp
ret

fcn_fffa5cb1:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0xc]
pop ebp
mov dword [0xff7d0080], eax
xor eax, eax
ret

fcn_fffa5cc0:  ; not directly referenced
push ebp
mov edx, dword [0xff7d0080]
mov ebp, esp
mov eax, dword [ebp + 0xc]
mov dword [eax], edx
xor eax, eax
pop ebp
ret

fcn_fffa5cd2:  ; not directly referenced
push ebp
mov ebp, esp
pop ebp
jmp near loc_fffd2c64  ; jmp 0xfffd2c64

fcn_fffa5cdb:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x600
mov edi, dword [ebp + 0x18]
mov ebx, dword [ebp + 0x14]
mov dword [ebp - 0x5c0], ecx
mov ecx, dword [ebp + 0xc]
mov dword [ebp - 0x5ac], edx
mov esi, dword [ebp + 8]
mov dword [ebp - 0x600], edi
mov edi, dword [ebp + 0x20]
mov byte [ebp - 0x5b0], bl
mov dword [ebp - 0x5ec], ecx
mov byte [ebp - 0x5e0], cl
mov dword [ebp - 0x5f0], edi
mov edi, dword [eax + 0x2444]
lea eax, [ebp - 0x590]
push 1
push 5
push eax
mov dword [ebp - 0x5bc], edi
call dword [edi + 0x64]  ; ucall
add esp, 0xc
push 1
push 5
lea eax, [ebp - 0x57c]
push eax
call dword [edi + 0x64]  ; ucall
add esp, 0xc
push 0xffffffffffffffff
push 5
lea eax, [ebp - 0x568]
push eax
call dword [edi + 0x64]  ; ucall
add esp, 0xc
push 0
push 5
lea eax, [ebp - 0x554]
push eax
call dword [edi + 0x64]  ; ucall
add esp, 0xc
push 0
push 5
lea eax, [ebp - 0x540]
push eax
call dword [edi + 0x64]  ; ucall
add esp, 0xc
push 0
push 5
lea eax, [ebp - 0x52c]
push eax
call dword [edi + 0x64]  ; ucall
add esp, 0xc
push 0
push 5
lea eax, [ebp - 0x59a]
push eax
call dword [edi + 0x60]  ; ucall
add esp, 0xc
push 0
push 0x500
lea eax, [ebp - 0x518]
push eax
call dword [edi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0x50a
push dword [ebp - 0x5ac]
call dword [edi + 0x5c]  ; ucall
mov edi, dword [ebp - 0x5b0]
mov al, 1
mov dword [ebp - 0x5b8], 0
mov byte [ebp - 0x5d9], 0
add esp, 0x10
test bl, bl
cmove edi, eax
xor ebx, ebx
mov eax, edi
mov byte [ebp - 0x5b0], al
shr al, 1
mov byte [ebp - 0x5d4], al
mov eax, esi
movzx eax, al
mov dword [ebp - 0x5fc], eax
movsx eax, byte [ebp - 0x5e0]
mov dword [ebp - 0x5d0], eax
add eax, 0x7fffffff
mov dword [ebp - 0x604], eax

loc_fffa5e1d:  ; not directly referenced
movzx eax, byte [ebp - 0x5b0]
mov ecx, dword [ebp - 0x5c0]
mov dword [ebp - 0x5c8], 0
movzx esi, al
mov dword [ebp - 0x5d8], esi
mov esi, dword [ebp + 0x1c]
imul ax, word [esi + ebx*2]
mov esi, dword [ebp + 0x10]
movzx edx, byte [esi + ebx]
mov esi, dword [ebp - 0x5b8]
imul eax, edx
mov word [ebp + ebx*2 - 0x59a], ax
mov eax, esi
add eax, esi
add eax, ecx
mov dword [ebp - 0x5f4], eax
mov eax, dword [ebp - 0x604]
add eax, esi
add eax, eax
add eax, ecx
mov ecx, ebx
mov dword [ebp - 0x5f8], eax
shl ecx, 6

loc_fffa5e80:  ; not directly referenced
mov esi, dword [ebp - 0x5c8]
mov eax, esi
mov byte [ebp - 0x5e8], al
movzx eax, al
cmp eax, dword [ebp - 0x5d0]
jge loc_fffa5fe3  ; jge 0xfffa5fe3
mov esi, dword [ebp + 0x10]
cmp byte [esi + ebx], 0
jne short loc_fffa5ec4  ; jne 0xfffa5ec4
lea edx, [ecx + eax]
mov dword [ebp + edx*4 - 0x518], 1
mov dword [ebp + ebx*4 - 0x568], 1
jmp near loc_fffa5fb3  ; jmp 0xfffa5fb3

loc_fffa5ec4:  ; not directly referenced
mov dl, byte [ebp - 0x5e8]
lea edi, [ecx + eax]
mov dword [ebp - 0x5c4], edi
cmp dl, 1
adc byte [ebp - 0x5d9], 0
sub edx, dword [ebp - 0x5d4]
mov esi, edx

loc_fffa5ee5:  ; not directly referenced
mov dl, byte [ebp - 0x5d4]
sub edx, dword [ebp - 0x5e8]
mov edi, edx
add edi, esi
mov edx, edi
cmp dl, byte [ebp - 0x5b0]
jae short loc_fffa5f55  ; jae 0xfffa5f55
mov edx, esi
test dl, dl
jns short loc_fffa5f0d  ; jns 0xfffa5f0d
mov edi, dword [ebp - 0x5f4]
jmp short loc_fffa5f1d  ; jmp 0xfffa5f1d

loc_fffa5f0d:  ; not directly referenced
mov edx, esi
cmp dl, byte [ebp - 0x5e0]
jl short loc_fffa5f22  ; jl 0xfffa5f22
mov edi, dword [ebp - 0x5f8]

loc_fffa5f1d:  ; not directly referenced
movzx edi, word [edi]
jmp short loc_fffa5f45  ; jmp 0xfffa5f45

loc_fffa5f22:  ; not directly referenced
mov edx, esi
movsx edi, dl
cmp eax, edi
jne short loc_fffa5f35  ; jne 0xfffa5f35
mov edi, dword [ebp - 0x5b8]
add edi, eax
jmp short loc_fffa5f3b  ; jmp 0xfffa5f3b

loc_fffa5f35:  ; not directly referenced
add edi, dword [ebp - 0x5b8]

loc_fffa5f3b:  ; not directly referenced
mov edx, dword [ebp - 0x5c0]
movzx edi, word [edx + edi*2]

loc_fffa5f45:  ; not directly referenced
mov edx, dword [ebp - 0x5c4]
inc esi
add dword [ebp + edx*4 - 0x518], edi
jmp short loc_fffa5ee5  ; jmp 0xfffa5ee5

loc_fffa5f55:  ; not directly referenced
lea edx, [ecx + eax]
mov edx, dword [ebp + edx*4 - 0x518]
cmp dword [ebp + ebx*4 - 0x590], edx
jae short loc_fffa5f6f  ; jae 0xfffa5f6f
mov dword [ebp + ebx*4 - 0x590], edx

loc_fffa5f6f:  ; not directly referenced
cmp dword [ebp + ebx*4 - 0x568], edx
jbe short loc_fffa5f89  ; jbe 0xfffa5f89
lea esi, [ecx + eax]
mov esi, dword [ebp + esi*4 - 0x518]
mov dword [ebp + ebx*4 - 0x568], esi

loc_fffa5f89:  ; not directly referenced
movzx esi, byte [ebp - 0x5c8]
mov edi, dword [ebp - 0x5c0]
add esi, dword [ebp - 0x5b8]
movzx esi, word [edi + esi*2]
imul esi, dword [ebp - 0x5d8]
sub edx, esi
imul edx, edx
add dword [ebp + ebx*4 - 0x540], edx

loc_fffa5fb3:  ; not directly referenced
imul edx, ebx, 0x29
movzx edi, byte [ebp - 0x5b0]
inc dword [ebp - 0x5c8]
lea esi, [eax + edx + 0x74]
add eax, ecx
mov eax, dword [ebp + eax*4 - 0x518]
xor edx, edx
div edi
mov edi, dword [ebp - 0x5ac]
mov dword [edi + esi*4 + 6], eax
jmp near loc_fffa5e80  ; jmp 0xfffa5e80

loc_fffa5fe3:  ; not directly referenced
mov eax, dword [ebp + 0x10]
mov al, byte [eax + ebx]
mov byte [ebp - 0x5c8], al
test al, al
je loc_fffa616b  ; je 0xfffa616b
mov edx, dword [ebp + ebx*4 - 0x590]
mov ecx, dword [ebp + ebx*4 - 0x568]
mov eax, edx
sub eax, ecx
add ecx, edx
imul eax, eax, 0x4e20
xor edx, edx
div ecx
xor edx, edx
mov dword [ebp - 0x5c4], eax
mov dword [ebp + ebx*4 - 0x554], eax
mov eax, dword [ebp + ebx*4 - 0x540]
div dword [ebp - 0x5d0]
test eax, eax
jne short loc_fffa6042  ; jne 0xfffa6042
mov dword [ebp + ebx*4 - 0x540], 0
jmp short loc_fffa60b1  ; jmp 0xfffa60b1

loc_fffa6042:  ; not directly referenced
imul eax, eax, 0x64
xor esi, esi
call fcn_fffb38ee  ; call 0xfffb38ee
mov ecx, eax
mov eax, 1
shr ecx, 1

loc_fffa6055:  ; not directly referenced
cmp ecx, 0x64
jbe short loc_fffa6080  ; jbe 0xfffa6080
imul eax, eax, 0xa9e
mov edi, 0xa
xor edx, edx
sub ecx, 0x64
div edi
test esi, esi
je short loc_fffa6079  ; je 0xfffa6079
mov esi, 0x64
xor edx, edx
div esi

loc_fffa6079:  ; not directly referenced
mov esi, 1
jmp short loc_fffa6055  ; jmp 0xfffa6055

loc_fffa6080:  ; not directly referenced
lea edx, [ecx*8 + 0x384]
imul edx, ecx
mov ecx, 0x3e8
add edx, 0x18a88
imul edx, eax
mov eax, edx
xor edx, edx
div ecx
test esi, esi
je short loc_fffa60aa  ; je 0xfffa60aa
mov cx, 0x64
xor edx, edx
div ecx

loc_fffa60aa:  ; not directly referenced
mov dword [ebp + ebx*4 - 0x540], eax

loc_fffa60b1:  ; not directly referenced
mov ecx, dword [ebp + ebx*4 - 0x590]
xor edx, edx
mov edi, dword [ebp + ebx*4 - 0x568]
imul eax, dword [ebp + ebx*4 - 0x540], 0xc8
lea esi, [edi + ecx]
div esi
mov esi, eax
mov dword [ebp + ebx*4 - 0x540], eax
imul eax, dword [ebp - 0x5c4], 0x3e8
test esi, esi
je short loc_fffa60ec  ; je 0xfffa60ec
xor edx, edx
div esi

loc_fffa60ec:  ; not directly referenced
mov edx, dword [ebp - 0x5ac]
mov dword [ebp + ebx*4 - 0x52c], eax
mov al, byte [ebp - 0x5c8]
mov dword [ebp + ebx*4 - 0x57c], ecx
mov byte [edx + ebx + 3], al
mov eax, dword [ebp - 0x5c4]
mov dword [edx + ebx*4 + 0x1c], esi
movzx esi, byte [ebp - 0x5b0]
mov dword [edx + ebx*4 + 8], eax
mov eax, dword [ebp + ebx*4 - 0x52c]
mov dword [edx + ebx*4 + 0x30], eax
mov eax, ecx
xor edx, edx
sub ecx, edi
div esi
mov edx, dword [ebp - 0x5ac]
mov dword [edx + ebx*4 + 0x44], eax
mov eax, edi
xor edx, edx
div esi
mov edx, dword [ebp - 0x5ac]
mov esi, dword [ebp + 0x10]
mov dword [edx + ebx*4 + 0x58], eax
movzx eax, cx
movzx esi, byte [esi + ebx]
cdq
idiv dword [ebp - 0x5d8]
cdq
idiv esi
mov edx, dword [ebp - 0x5ac]
mov word [edx + ebx*2 + 0x6c], ax

loc_fffa616b:  ; not directly referenced
mov eax, dword [ebp - 0x5fc]
inc ebx
add dword [ebp - 0x5b8], eax
cmp ebx, 5
jne loc_fffa5e1d  ; jne 0xfffa5e1d
mov eax, 5

loc_fffa6186:  ; not directly referenced
dec eax
je short loc_fffa61b3  ; je 0xfffa61b3
xor edx, edx

loc_fffa618b:  ; not directly referenced
movzx ecx, dl
cmp ecx, eax
jge short loc_fffa6186  ; jge 0xfffa6186
shl ecx, 2
lea esi, [ebp - 0x57c]
add esi, ecx
lea ecx, [ebp + ecx - 0x578]
mov ebx, dword [esi]
mov edi, dword [ecx]
cmp ebx, edi
jae short loc_fffa61b0  ; jae 0xfffa61b0
mov dword [esi], edi
mov dword [ecx], ebx

loc_fffa61b0:  ; not directly referenced
inc edx
jmp short loc_fffa618b  ; jmp 0xfffa618b

loc_fffa61b3:  ; not directly referenced
mov esi, dword [ebp - 0x56c]
xor edi, edi
xor ebx, ebx

loc_fffa61bd:  ; not directly referenced
cmp edi, 4
je short loc_fffa61cb  ; je 0xfffa61cb
mov eax, dword [ebp + edi*4 - 0x57c]
jmp short loc_fffa61cd  ; jmp 0xfffa61cd

loc_fffa61cb:  ; not directly referenced
mov eax, esi

loc_fffa61cd:  ; not directly referenced
call fcn_fffb396b  ; call 0xfffb396b
inc edi
add ebx, eax
cmp edi, 5
jne short loc_fffa61bd  ; jne 0xfffa61bd
add ebx, 0xb
cmp bl, 0x40
ja short loc_fffa6207  ; ja 0xfffa6207

loc_fffa61e2:  ; not directly referenced
mov al, byte [ebp - 0x5ec]
cmp byte [ebp - 0x600], 0
mov byte [ebp - 0x5c8], 0
mov byte [ebp - 0x5c0], al
je loc_fffa62a2  ; je 0xfffa62a2
jmp near loc_fffa62cd  ; jmp 0xfffa62cd

loc_fffa6207:  ; not directly referenced
movzx ecx, byte [ebp - 0x5d9]
movzx ebx, bl
lea eax, [ecx + ebx - 0x41]
xor ebx, ebx
cdq
idiv ecx
mov edx, 1
movzx eax, al
lea ecx, [eax - 1]
shl edx, cl
mov dword [ebp - 0x5b0], eax
movzx eax, dl

loc_fffa6230:  ; not directly referenced
mov edx, dword [ebp + ebx*4 - 0x590]
mov esi, dword [ebp - 0x5b0]
add edx, eax
mov ecx, esi
mov esi, ebx
shr edx, cl
mov dword [ebp + ebx*4 - 0x590], edx
movzx edx, word [ebp + ebx*2 - 0x59a]
shl esi, 6
mov dword [ebp - 0x5b8], esi
add edx, eax
sar edx, cl
mov word [ebp + ebx*2 - 0x59a], dx
xor edx, edx

loc_fffa626b:  ; not directly referenced
movzx edi, dl
cmp edi, dword [ebp - 0x5d0]
jge short loc_fffa6297  ; jge 0xfffa6297
add edi, dword [ebp - 0x5b8]
inc edx
mov cl, byte [ebp - 0x5b0]
mov esi, dword [ebp + edi*4 - 0x518]
add esi, eax
shr esi, cl
mov dword [ebp + edi*4 - 0x518], esi
jmp short loc_fffa626b  ; jmp 0xfffa626b

loc_fffa6297:  ; not directly referenced
inc ebx
cmp ebx, 5
jne short loc_fffa6230  ; jne 0xfffa6230
jmp near loc_fffa61e2  ; jmp 0xfffa61e2

loc_fffa62a2:  ; not directly referenced
mov eax, dword [ebp - 0x5d8]
cmp dword [ebp - 0x5d0], eax
jle short loc_fffa62cd  ; jle 0xfffa62cd
cmp byte [ebp - 0x5d4], 0
je short loc_fffa62cd  ; je 0xfffa62cd
mov al, byte [ebp - 0x5ec]
mov byte [ebp - 0x5c8], 1
dec eax
mov byte [ebp - 0x5c0], al

loc_fffa62cd:  ; not directly referenced
mov al, byte [ebp - 0x5c8]
xor esi, esi
xor edi, edi
mov byte [ebp - 0x5b0], 0
mov dword [ebp - 0x5b8], 0xffffffff
mov dword [ebp - 0x5b4], 0xffffffff
mov byte [ebp - 0x5c4], al

loc_fffa62f8:  ; not directly referenced
mov al, byte [ebp - 0x5c0]
mov cl, byte [ebp - 0x5c4]
cmp cl, al
jae loc_fffa64ae  ; jae 0xfffa64ae
movzx eax, cl
xor ebx, ebx
lea eax, [ebp + eax*4 - 0x518]
mov dword [ebp - 0x5d8], eax
mov dword [ebp - 0x5e8], 0
mov dword [ebp - 0x5e4], 0
mov dword [ebp - 0x5d4], 0xffffffff

loc_fffa633c:  ; not directly referenced
mov eax, dword [ebp + 0x10]
mov byte [ebp - 0x5ec], bl
cmp byte [eax + ebx], 0
je loc_fffa640d  ; je 0xfffa640d
mov ecx, dword [ebp - 0x5d8]
mov eax, ebx
shl eax, 8
mov dword [ebp - 0x5e0], eax
mov dword [ebp - 0x5d0], 1
mov eax, dword [ecx + eax]
mov ecx, dword [ebp - 0x5d4]
mov dword [ebp - 0x5cc], 0
cmp ecx, eax
cmovbe eax, ecx
xor ecx, ecx
mov dword [ebp - 0x5d4], eax

loc_fffa638a:  ; not directly referenced
mov eax, dword [ebp + 0x10]
cmp byte [eax + ecx], 0
je short loc_fffa63d3  ; je 0xfffa63d3
cmp byte [ebp - 0x5ec], cl
je short loc_fffa63d3  ; je 0xfffa63d3
push eax
mov eax, dword [ebp - 0x5bc]
push dword [ebp + ecx*4 - 0x590]
push dword [ebp - 0x5cc]
push dword [ebp - 0x5d0]
mov dword [ebp - 0x5f4], ecx
call dword [eax + 0x70]  ; ucall
mov ecx, dword [ebp - 0x5f4]
add esp, 0x10
mov dword [ebp - 0x5d0], eax
mov dword [ebp - 0x5cc], edx

loc_fffa63d3:  ; not directly referenced
inc ecx
cmp ecx, 5
jne short loc_fffa638a  ; jne 0xfffa638a
mov ecx, dword [ebp - 0x5e0]
push eax
mov eax, dword [ebp - 0x5d8]
push dword [eax + ecx]
mov eax, dword [ebp - 0x5bc]
push dword [ebp - 0x5cc]
push dword [ebp - 0x5d0]
call dword [eax + 0x70]  ; ucall
add dword [ebp - 0x5e8], eax
adc dword [ebp - 0x5e4], edx
add esp, 0x10

loc_fffa640d:  ; not directly referenced
inc ebx
cmp ebx, 5
jne loc_fffa633c  ; jne 0xfffa633c
mov eax, 1
xor edx, edx
xor ebx, ebx

loc_fffa6420:  ; not directly referenced
cmp bl, byte [ebp - 0x5d9]
je short loc_fffa6440  ; je 0xfffa6440
push ecx
inc ebx
push dword [ebp - 0x5d4]
push edx
push eax
mov eax, dword [ebp - 0x5bc]
call dword [eax + 0x70]  ; ucall
add esp, 0x10
jmp short loc_fffa6420  ; jmp 0xfffa6420

loc_fffa6440:  ; not directly referenced
mov ecx, dword [ebp - 0x5e8]
mov ebx, dword [ebp - 0x5e4]
add ecx, eax
adc ebx, edx
cmp dword [ebp - 0x5b4], ebx
jb short loc_fffa646e  ; jb 0xfffa646e
ja short loc_fffa6462  ; ja 0xfffa6462
cmp dword [ebp - 0x5b8], ecx
jbe short loc_fffa646e  ; jbe 0xfffa646e

loc_fffa6462:  ; not directly referenced
mov dword [ebp - 0x5b8], ecx
mov dword [ebp - 0x5b4], ebx

loc_fffa646e:  ; not directly referenced
cmp ebx, edi
ja short loc_fffa6478  ; ja 0xfffa6478
jb short loc_fffa6488  ; jb 0xfffa6488
cmp ecx, esi
jbe short loc_fffa6488  ; jbe 0xfffa6488

loc_fffa6478:  ; not directly referenced
mov al, byte [ebp - 0x5c4]
mov esi, ecx
mov edi, ebx
mov byte [ebp - 0x5b0], al

loc_fffa6488:  ; not directly referenced
movzx eax, byte [ebp - 0x5c4]
mov edx, dword [ebp - 0x5ac]
inc byte [ebp - 0x5c4]
mov dword [edx + eax*8 + 0x8e], ecx
mov dword [edx + eax*8 + 0x92], ebx
jmp near loc_fffa62f8  ; jmp 0xfffa62f8

loc_fffa64ae:  ; not directly referenced
mov ebx, dword [ebp - 0x5bc]
mov eax, dword [ebx + 0x74]
push edx
mov edx, edi
push 0x7d0
mov dword [ebp - 0x5c4], eax
mov eax, esi
sub eax, dword [ebp - 0x5b8]
sbb edx, dword [ebp - 0x5b4]
push edx
push eax
call dword [ebx + 0x70]  ; ucall
mov ecx, dword [ebp - 0x5b8]
mov ebx, dword [ebp - 0x5b4]
mov dword [esp], 0
add ecx, esi
adc ebx, edi
add ecx, 1
adc ebx, 0
push ebx
push ecx
push edx
push eax
mov eax, dword [ebp - 0x5c4]
call eax
mov ebx, dword [ebp - 0x5ac]
add esp, 0x20
movzx ecx, byte [ebp - 0x5b0]
mov dword [ebx + 0x7e], esi
mov word [ebx], cx
mov ecx, dword [ebp - 0x5b8]
mov dword [ebx + 0x76], eax
mov eax, ebx
mov dword [ebx + 0x7a], edx
mov dword [ebx + 0x82], edi
mov ebx, dword [ebp - 0x5b4]
mov dword [eax + 0x86], ecx
mov dword [eax + 0x8a], ebx
mov eax, dword [ebp - 0x5f0]
test al, al
je loc_fffa6604  ; je 0xfffa6604
movzx ebx, byte [ebp - 0x5b0]
movsx eax, al
jns short loc_fffa656c  ; jns 0xfffa656c
movzx edx, byte [ebp - 0x5c8]
add ebx, eax
mov esi, 1
cmp ebx, edx
cmovl ebx, edx
jmp short loc_fffa6593  ; jmp 0xfffa6593

loc_fffa656c:  ; not directly referenced
movzx edx, byte [ebp - 0x5c0]
add ebx, eax
cmp ebx, edx
jl short loc_fffa6582  ; jl 0xfffa6582
mov bl, byte [ebp - 0x5c0]
dec ebx
jmp short loc_fffa658e  ; jmp 0xfffa658e

loc_fffa6582:  ; not directly referenced
mov bl, byte [ebp - 0x5f0]
add ebx, dword [ebp - 0x5b0]

loc_fffa658e:  ; not directly referenced
mov esi, 0xffffffff

loc_fffa6593:  ; not directly referenced
mov ecx, dword [ebp - 0x5ac]
push eax
movzx eax, byte [ebp - 0x5b0]
mov edi, dword [ebp - 0x5bc]
push 0x5a
push dword [ecx + eax*8 + 0x92]
push dword [ecx + eax*8 + 0x8e]
call dword [edi + 0x70]  ; ucall
mov dword [esp], 0
push 0
push 0x64
push edx
push eax
call dword [edi + 0x74]  ; ucall
add esp, 0x20

loc_fffa65cd:  ; not directly referenced
cmp bl, byte [ebp - 0x5b0]
je short loc_fffa65ef  ; je 0xfffa65ef
mov edi, dword [ebp - 0x5ac]
movzx ecx, bl
add ecx, 0x10
cmp dword [edi + ecx*8 + 0x12], edx
jb short loc_fffa6600  ; jb 0xfffa6600
ja short loc_fffa65ef  ; ja 0xfffa65ef
cmp dword [edi + ecx*8 + 0xe], eax
jbe short loc_fffa6600  ; jbe 0xfffa6600

loc_fffa65ef:  ; not directly referenced
mov eax, dword [ebp - 0x5ac]
sub ebx, dword [ebp - 0x5b0]
mov byte [eax + 2], bl
jmp short loc_fffa6604  ; jmp 0xfffa6604

loc_fffa6600:  ; not directly referenced
add ebx, esi
jmp short loc_fffa65cd  ; jmp 0xfffa65cd

loc_fffa6604:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa660c:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
xor esi, esi
push ebx
sub esp, 0x1c
mov dword [ebp - 0x20], eax
add eax, 0x3757
mov dword [ebp - 0x28], edx
mov dword [ebp - 0x1c], eax

loc_fffa6625:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
cmp dword [eax], 2
je short loc_fffa664a  ; je 0xfffa664a

loc_fffa662d:  ; not directly referenced
add esi, 0x400
add dword [ebp - 0x1c], 0x13c3
cmp esi, 0x800
jne short loc_fffa6625  ; jne 0xfffa6625
add esp, 0x1c
pop ebx
pop esi
pop edi
pop ebp
ret

loc_fffa664a:  ; not directly referenced
mov edi, dword [ebp - 0x28]
lea eax, [esi + 0x4060]
mov dword [ebp - 0x24], eax
lea ebx, [esi + 0x4054]
sub edi, esi

loc_fffa665e:  ; not directly referenced
mov ecx, dword [edi + ebx - 0x4054]
mov edx, ebx
mov eax, dword [ebp - 0x20]
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, dword [edi + ebx - 0x4054]
lea edx, [ebx - 0xc]
mov eax, dword [ebp - 0x20]
add ebx, 4
call fcn_fffb3381  ; call 0xfffb3381
cmp ebx, dword [ebp - 0x24]
jne short loc_fffa665e  ; jne 0xfffa665e
jmp short loc_fffa662d  ; jmp 0xfffa662d

fcn_fffa668b:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x10
mov dword [ebp - 0x18], eax
cmp cl, 5
ja short loc_fffa66ae  ; ja 0xfffa66ae
cmp cl, 4
jae short loc_fffa66c8  ; jae 0xfffa66c8
lea eax, [ecx - 1]
cmp al, 1
ja loc_fffa67a2  ; ja 0xfffa67a2
jmp short loc_fffa66c8  ; jmp 0xfffa66c8

loc_fffa66ae:  ; not directly referenced
cmp cl, 0x10
jb loc_fffa67a2  ; jb 0xfffa67a2
cmp cl, 0x11
jbe short loc_fffa66cf  ; jbe 0xfffa66cf
lea eax, [ecx - 0x20]
cmp al, 1
jbe short loc_fffa66cf  ; jbe 0xfffa66cf
jmp near loc_fffa67a2  ; jmp 0xfffa67a2

loc_fffa66c8:  ; not directly referenced
mov edi, 0xa
jmp short loc_fffa66d4  ; jmp 0xfffa66d4

loc_fffa66cf:  ; not directly referenced
mov edi, 7

loc_fffa66d4:  ; not directly referenced
xor ebx, ebx
cmp cl, 0x21
ja short loc_fffa66e1  ; ja 0xfffa66e1
mov bl, byte [ecx + ref_fffd58e0]  ; mov bl, byte [ecx - 0x2a720]

loc_fffa66e1:  ; not directly referenced
cmp bl, 7
mov al, 7
cmovbe eax, ebx
xor ebx, ebx
movzx esi, al
mov eax, dword [ebp - 0x18]
imul esi, esi, 0x240
add eax, 0x3757
mov dword [ebp - 0x10], eax
mov eax, edi
add esi, edx
movzx eax, al
mov dword [ebp - 0x1c], eax

loc_fffa6709:  ; not directly referenced
mov eax, dword [ebp - 0x10]
cmp dword [eax], 2
jne short loc_fffa678b  ; jne 0xfffa678b
mov byte [ebp - 0x11], 0

loc_fffa6715:  ; not directly referenced
mov edi, dword [ebp - 0x18]
movzx eax, byte [ebp - 0x11]
cmp al, byte [edi + 0x2489]
jae short loc_fffa6767  ; jae 0xfffa6767
add eax, ebx
xor ecx, ecx
lea eax, [esi + eax*8]

loc_fffa672b:  ; not directly referenced
mov edi, dword [ebp - 0x10]
mov edx, 1
shl edx, cl
test byte [edi + 0xc4], dl
je short loc_fffa675c  ; je 0xfffa675c
imul edx, ecx, 0x90
mov edi, dword [eax + edx]
cmp dword [esi + ebx*8], edi
jbe short loc_fffa674e  ; jbe 0xfffa674e
mov dword [esi + ebx*8], edi

loc_fffa674e:  ; not directly referenced
mov edx, dword [eax + edx + 4]
cmp dword [esi + ebx*8 + 4], edx
jbe short loc_fffa675c  ; jbe 0xfffa675c
mov dword [esi + ebx*8 + 4], edx

loc_fffa675c:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffa672b  ; jne 0xfffa672b
inc byte [ebp - 0x11]
jmp short loc_fffa6715  ; jmp 0xfffa6715

loc_fffa6767:  ; not directly referenced
mov edi, dword [ebp - 0x1c]
mov ecx, 0xa
xor edx, edx
mov eax, dword [esi + ebx*8]
imul eax, edi
div ecx
xor edx, edx
mov dword [esi + ebx*8], eax
mov eax, dword [esi + ebx*8 + 4]
imul eax, edi
div ecx
mov dword [esi + ebx*8 + 4], eax

loc_fffa678b:  ; not directly referenced
add ebx, 9
add dword [ebp - 0x10], 0x13c3
cmp ebx, 0x12
jne loc_fffa6709  ; jne 0xfffa6709
xor eax, eax
jmp short loc_fffa67a7  ; jmp 0xfffa67a7

loc_fffa67a2:  ; not directly referenced
mov eax, 2

loc_fffa67a7:  ; not directly referenced
add esp, 0x10
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa67af:
push ebp
mov ebp, esp
sub esp, 0x24
lea edx, [ebp - 0xc]
push edx
lea edx, [ebp - 0x10]
push edx
lea edx, [ebp - 0x14]
push edx
lea eax, [ebp - 0x18]
push eax
push 1
call fcn_fffd2bc2  ; call 0xfffd2bc2
mov eax, dword [ebp - 0x18]
leave
and eax, 0xfff0ff0
ret

fcn_fffa67d6:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
sub esp, 0xc
mov ebx, dword [eax + 0x2444]
call dword [ebx + 0x54]  ; ucall
lea edi, [eax + 0x2710]

loc_fffa67f0:  ; not directly referenced
mov edx, 0x5084
mov eax, esi
call fcn_fffb331f  ; call 0xfffb331f
test eax, 0x10000
jne short loc_fffa6811  ; jne 0xfffa6811
call dword [ebx + 0x54]  ; ucall
cmp edi, eax
ja short loc_fffa67f0  ; ja 0xfffa67f0
mov eax, 0x12
jmp short loc_fffa6813  ; jmp 0xfffa6813

loc_fffa6811:  ; not directly referenced
xor eax, eax

loc_fffa6813:  ; not directly referenced
add esp, 0xc
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa681b:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
mov esi, ecx
push ebx
sub esp, 0x3c
mov ebx, dword [eax + 0x2444]
mov dword [ebp - 0x30], edx
call dword [ebx + 0x54]  ; ucall
lea ecx, [eax + 0x2710]
push eax
push 0
push 4
push dword [ebp + 0xc]
mov dword [ebp - 0x34], ecx
call dword [ebx + 0x5c]  ; ucall
mov eax, dword [ebp - 0x30]
add esp, 0x10
shl eax, 0xa
mov dword [ebp - 0x38], eax
add eax, 0x4214
mov dword [ebp - 0x2c], eax

loc_fffa685c:  ; not directly referenced
mov edx, dword [ebp - 0x2c]
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov edx, eax
shr edx, 0x18
test dl, dl
jns short loc_fffa6881  ; jns 0xfffa6881
call dword [ebx + 0x54]  ; ucall
cmp dword [ebp - 0x34], eax
ja short loc_fffa685c  ; ja 0xfffa685c

loc_fffa6877:  ; not directly referenced
mov eax, 0x12
jmp near loc_fffa6990  ; jmp 0xfffa6990

loc_fffa6881:  ; not directly referenced
mov al, byte [ebp + 8]
and esi, 3
mov edx, dword [ebp - 0x2c]
shl esi, 0x10
and eax, 0xfff000ff
mov ecx, eax
mov eax, edi
or ecx, esi
or ecx, 0x80000000
call fcn_fffb3381  ; call 0xfffb3381
call dword [ebx + 0x54]  ; ucall
lea esi, [eax + 0x2710]

loc_fffa68ac:  ; not directly referenced
mov edx, dword [ebp - 0x2c]
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
shr eax, 0x18
test al, al
jns short loc_fffa68c6  ; jns 0xfffa68c6
call dword [ebx + 0x54]  ; ucall
cmp esi, eax
ja short loc_fffa68ac  ; ja 0xfffa68ac
jmp short loc_fffa6877  ; jmp 0xfffa6877

loc_fffa68c6:  ; not directly referenced
mov esi, dword [ebp - 0x30]
mov edx, dword [ebp - 0x38]
imul eax, esi, 0x54a
add edx, 0x4218
imul esi, esi, 0x13c3
lea eax, [edi + eax + 0x196b]
mov dword [ebp - 0x2c], eax
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
xor edx, edx
mov dword [ebp - 0x3c], esi
mov dword [ebp - 0x1c], eax
xor eax, eax

loc_fffa68f9:  ; not directly referenced
mov ecx, dword [ebp - 0x3c]
cmp byte [edi + ecx + 0x49bb], 0x20
je short loc_fffa6917  ; je 0xfffa6917

loc_fffa6906:  ; not directly referenced
movzx esi, byte [edi + 0x2489]
lea ebx, [eax + eax]
mov dword [ebp - 0x30], esi
xor esi, esi
jmp short loc_fffa6939  ; jmp 0xfffa6939

loc_fffa6917:  ; not directly referenced
test al, 1
je short loc_fffa6906  ; je 0xfffa6906
mov ebx, dword [ebp + 0xc]
mov esi, edx
mov cl, byte [ebx + eax - 1]
mov byte [ebx + eax], cl
jmp short loc_fffa6981  ; jmp 0xfffa6981

loc_fffa6929:  ; not directly referenced
mov ecx, dword [ebp - 0x2c]
movzx ecx, byte [ecx + esi + 0x4f6]
cmp ebx, ecx
je short loc_fffa6940  ; je 0xfffa6940
inc esi

loc_fffa6939:  ; not directly referenced
cmp esi, dword [ebp - 0x30]
jb short loc_fffa6929  ; jb 0xfffa6929
mov esi, edx

loc_fffa6940:  ; not directly referenced
mov ebx, eax
xor edx, edx
shl ebx, 4
mov dword [ebp - 0x38], ebx
movzx ebx, byte [ebp + eax - 0x1c]
mov dword [ebp - 0x30], ebx
mov ebx, dword [ebp - 0x2c]
lea ecx, [ebx + esi*8]
mov dword [ebp - 0x34], ecx

loc_fffa695b:  ; not directly referenced
mov ebx, dword [ebp - 0x30]
mov cl, dl
sar ebx, cl
mov ecx, dword [ebp - 0x34]
and ebx, 1
movzx ecx, byte [ecx + edx + 0x4fe]
inc edx
sub ecx, dword [ebp - 0x38]
shl ebx, cl
mov ecx, dword [ebp + 0xc]
or byte [ecx + eax], bl
cmp edx, 8
jne short loc_fffa695b  ; jne 0xfffa695b

loc_fffa6981:  ; not directly referenced
inc eax
cmp eax, 4
je short loc_fffa698e  ; je 0xfffa698e
mov edx, esi
jmp near loc_fffa68f9  ; jmp 0xfffa68f9

loc_fffa698e:  ; not directly referenced
xor al, al

loc_fffa6990:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa6998:  ; not directly referenced
imul edx, edx, 0x13c3
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea edx, [eax + edx + 0x3757]
push ebx
mov ebx, eax
mov eax, dword [edx + 0xc0]
cmp eax, 1
je short loc_fffa69ff  ; je 0xfffa69ff
cmp eax, 2
jne short loc_fffa6a33  ; jne 0xfffa6a33
mov cl, byte [edx + 0x1260]
cmp cl, 1
jne short loc_fffa69d9  ; jne 0xfffa69d9
mov al, byte [edx + 0x1388]
cmp al, 1
je short loc_fffa6a1f  ; je 0xfffa6a1f
cmp al, 2
jne short loc_fffa6a33  ; jne 0xfffa6a33
jmp short loc_fffa6a3a  ; jmp 0xfffa6a3a

loc_fffa69d9:  ; not directly referenced
xor eax, eax
cmp cl, 2
jne loc_fffa6b7b  ; jne 0xfffa6b7b
mov dl, byte [edx + 0x1388]
cmp dl, 1
je short loc_fffa6a41  ; je 0xfffa6a41
cmp dl, 2
jne loc_fffa6b7b  ; jne 0xfffa6b7b
mov ecx, 5
jmp short loc_fffa6a24  ; jmp 0xfffa6a24

loc_fffa69ff:  ; not directly referenced
mov al, byte [edx + 0x1260]
cmp al, 1
je short loc_fffa6a48  ; je 0xfffa6a48
mov dl, byte [edx + 0x1388]
cmp dl, 1
je short loc_fffa6a48  ; je 0xfffa6a48
cmp al, 2
je short loc_fffa6a4c  ; je 0xfffa6a4c
cmp dl, 2
jne short loc_fffa6a33  ; jne 0xfffa6a33
jmp short loc_fffa6a4c  ; jmp 0xfffa6a4c

loc_fffa6a1f:  ; not directly referenced
mov ecx, 2

loc_fffa6a24:  ; not directly referenced
cmp dword [ebx + 0x187f], 6
mov edx, dword [ebx + 0x1887]
jbe short loc_fffa6a53  ; jbe 0xfffa6a53

loc_fffa6a33:  ; not directly referenced
xor eax, eax
jmp near loc_fffa6b7b  ; jmp 0xfffa6b7b

loc_fffa6a3a:  ; not directly referenced
mov ecx, 3
jmp short loc_fffa6a24  ; jmp 0xfffa6a24

loc_fffa6a41:  ; not directly referenced
mov ecx, 4
jmp short loc_fffa6a24  ; jmp 0xfffa6a24

loc_fffa6a48:  ; not directly referenced
xor ecx, ecx
jmp short loc_fffa6a24  ; jmp 0xfffa6a24

loc_fffa6a4c:  ; not directly referenced
mov ecx, 1
jmp short loc_fffa6a24  ; jmp 0xfffa6a24

loc_fffa6a53:  ; not directly referenced
mov eax, dword [ebx + 0x187f]
jmp dword [eax*4 + ref_fffd35dc]  ; ujmp: jmp dword [eax*4 - 0x2ca24]

loc_fffa6a60:  ; not directly referenced
cmp edx, 0x40660
sete bl
cmp edx, 0x306c0
sete al
or bl, al
jne short loc_fffa6a84  ; jne 0xfffa6a84
xor eax, eax
cmp edx, 0x40670
jne loc_fffa6b7b  ; jne 0xfffa6b7b

loc_fffa6a84:  ; not directly referenced
imul esi, esi, 6
add ecx, esi
lea eax, [ecx + ecx + ref_fffd368c]  ; lea eax, [ecx + ecx - 0x2c974]
jmp near loc_fffa6b7b  ; jmp 0xfffa6b7b

loc_fffa6a95:  ; not directly referenced
cmp edx, 0x306d0
sete bl
cmp edx, 0x40650
sete al
or bl, al
je short loc_fffa6ac0  ; je 0xfffa6ac0
cmp ecx, 1
ja short loc_fffa6a33  ; ja 0xfffa6a33
add esi, esi
add ecx, esi
lea eax, [ecx + ecx + ref_fffd3684]  ; lea eax, [ecx + ecx - 0x2c97c]
jmp near loc_fffa6b7b  ; jmp 0xfffa6b7b

loc_fffa6ac0:  ; not directly referenced
cmp edx, 0x40660
sete bl
cmp edx, 0x306c0
sete al
or bl, al
jne short loc_fffa6ae4  ; jne 0xfffa6ae4
xor eax, eax
cmp edx, 0x40670
jne loc_fffa6b7b  ; jne 0xfffa6b7b

loc_fffa6ae4:  ; not directly referenced
imul esi, esi, 6
add ecx, esi
lea eax, [ecx + ecx + ref_fffd366c]  ; lea eax, [ecx + ecx - 0x2c994]
jmp near loc_fffa6b7b  ; jmp 0xfffa6b7b

loc_fffa6af5:  ; not directly referenced
cmp edx, 0x40660
sete bl
cmp edx, 0x306c0
sete al
or bl, al
jne short loc_fffa6b15  ; jne 0xfffa6b15
xor eax, eax
cmp edx, 0x40670
jne short loc_fffa6b7b  ; jne 0xfffa6b7b

loc_fffa6b15:  ; not directly referenced
imul esi, esi, 6
add ecx, esi
lea eax, [ecx + ecx + ref_fffd3654]  ; lea eax, [ecx + ecx - 0x2c9ac]
jmp short loc_fffa6b7b  ; jmp 0xfffa6b7b

loc_fffa6b23:  ; not directly referenced
cmp edx, 0x306d0
sete bl
cmp edx, 0x40650
sete al
or bl, al
je short loc_fffa6b4f  ; je 0xfffa6b4f
cmp ecx, 1
ja loc_fffa6a33  ; ja 0xfffa6a33
add esi, esi
add ecx, esi
lea eax, [ecx + ecx + ref_fffd36bc]  ; lea eax, [ecx + ecx - 0x2c944]
jmp short loc_fffa6b7b  ; jmp 0xfffa6b7b

loc_fffa6b4f:  ; not directly referenced
cmp edx, 0x40660
sete bl
cmp edx, 0x306c0
sete al
or bl, al
jne short loc_fffa6b6f  ; jne 0xfffa6b6f
xor eax, eax
cmp edx, 0x40670
jne short loc_fffa6b7b  ; jne 0xfffa6b7b

loc_fffa6b6f:  ; not directly referenced
imul esi, esi, 6
add ecx, esi
lea eax, [ecx + ecx + ref_fffd36a4]  ; lea eax, [ecx + ecx - 0x2c95c]

loc_fffa6b7b:  ; not directly referenced
pop ebx
pop esi
pop ebp
ret

fcn_fffa6b7f:  ; not directly referenced
push ebp
mov ebp, esp
push esi
push ebx
test cl, cl
je short loc_fffa6ba6  ; je 0xfffa6ba6
cmp cl, 0x3c
je short loc_fffa6baa  ; je 0xfffa6baa
cmp cl, 0x78
je short loc_fffa6bb0  ; je 0xfffa6bb0
cmp cl, 0x28
je short loc_fffa6bb6  ; je 0xfffa6bb6
cmp cl, 0x14
je short loc_fffa6bbe  ; je 0xfffa6bbe
cmp cl, 0x1e
mov cl, 1
setne bl
jmp short loc_fffa6bba  ; jmp 0xfffa6bba

loc_fffa6ba6:  ; not directly referenced
xor ecx, ecx
jmp short loc_fffa6bc0  ; jmp 0xfffa6bc0

loc_fffa6baa:  ; not directly referenced
xor ecx, ecx
xor ebx, ebx
jmp short loc_fffa6bba  ; jmp 0xfffa6bba

loc_fffa6bb0:  ; not directly referenced
xor ecx, ecx
mov bl, 1
jmp short loc_fffa6bc2  ; jmp 0xfffa6bc2

loc_fffa6bb6:  ; not directly referenced
xor ecx, ecx
mov bl, 1

loc_fffa6bba:  ; not directly referenced
mov dl, 1
jmp short loc_fffa6bc4  ; jmp 0xfffa6bc4

loc_fffa6bbe:  ; not directly referenced
mov cl, 1

loc_fffa6bc0:  ; not directly referenced
xor ebx, ebx

loc_fffa6bc2:  ; not directly referenced
xor edx, edx

loc_fffa6bc4:  ; not directly referenced
and edx, 1
and ebx, 1
lea esi, [edx*4]
mov edx, dword [ebp + 8]
and ecx, 1
shl ebx, 6
shl ecx, 9
and edx, 0xffffffbb
or edx, esi
or edx, ebx
and dh, 0xfd
or edx, ecx
pop ebx
mov word [eax], dx
pop esi
pop ebp
ret

fcn_fffa6bf0:  ; not directly referenced
imul edx, edx, 0x13c3
push ebp
mov ebp, esp
lea edx, [eax + edx + 0x3757]
mov cl, byte [edx + 0x1260]
cmp cl, 1
je short loc_fffa6c2f  ; je 0xfffa6c2f
mov dl, byte [edx + 0x1388]
cmp dl, 1
je short loc_fffa6c2f  ; je 0xfffa6c2f
cmp cl, 2
je short loc_fffa6c33  ; je 0xfffa6c33
cmp dl, 2
jne short loc_fffa6c2b  ; jne 0xfffa6c2b
jmp short loc_fffa6c33  ; jmp 0xfffa6c33

loc_fffa6c22:  ; not directly referenced
cmp eax, 5
je short loc_fffa6c4e  ; je 0xfffa6c4e
test eax, eax
je short loc_fffa6c4e  ; je 0xfffa6c4e

loc_fffa6c2b:  ; not directly referenced
xor eax, eax
jmp short loc_fffa6c57  ; jmp 0xfffa6c57

loc_fffa6c2f:  ; not directly referenced
xor edx, edx
jmp short loc_fffa6c38  ; jmp 0xfffa6c38

loc_fffa6c33:  ; not directly referenced
mov edx, 1

loc_fffa6c38:  ; not directly referenced
mov eax, dword [eax + 0x187f]
cmp eax, 2
jne short loc_fffa6c22  ; jne 0xfffa6c22
lea edx, [edx + edx*2]
lea eax, [edx + ref_fffd363c]  ; lea eax, [edx - 0x2c9c4]
jmp short loc_fffa6c57  ; jmp 0xfffa6c57

loc_fffa6c4e:  ; not directly referenced
lea edx, [edx + edx*2]
lea eax, [edx + ref_fffd3648]  ; lea eax, [edx - 0x2c9b8]

loc_fffa6c57:  ; not directly referenced
pop ebp
ret

fcn_fffa6c59:  ; not directly referenced
push ebp
mov ebp, esp
cmp cl, 0x3c
je short loc_fffa6c8d  ; je 0xfffa6c8d
ja short loc_fffa6c76  ; ja 0xfffa6c76
cmp cl, 0x28
je short loc_fffa6c91  ; je 0xfffa6c91
mov dl, 5
cmp cl, 0x30
je short loc_fffa6c97  ; je 0xfffa6c97
mov dl, 7
cmp cl, 0x22
jmp short loc_fffa6c87  ; jmp 0xfffa6c87

loc_fffa6c76:  ; not directly referenced
cmp cl, 0x78
je short loc_fffa6c95  ; je 0xfffa6c95
mov dl, 4
cmp cl, 0xf0
je short loc_fffa6c97  ; je 0xfffa6c97
mov dl, 6
cmp cl, 0x50

loc_fffa6c87:  ; not directly referenced
je short loc_fffa6c97  ; je 0xfffa6c97
xor edx, edx
jmp short loc_fffa6c97  ; jmp 0xfffa6c97

loc_fffa6c8d:  ; not directly referenced
mov dl, 1
jmp short loc_fffa6c97  ; jmp 0xfffa6c97

loc_fffa6c91:  ; not directly referenced
mov dl, 3
jmp short loc_fffa6c97  ; jmp 0xfffa6c97

loc_fffa6c95:  ; not directly referenced
mov dl, 2

loc_fffa6c97:  ; not directly referenced
mov ecx, dword [ebp + 8]
and edx, 7
shl edx, 6
pop ebp
and cx, 0xfe3f
or ecx, edx
mov word [eax], cx
ret

fcn_fffa6cac:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov esi, dword [eax + 0x1887]
movsx ebx, dl
mov edi, dword [eax + 0x5edd]
cmp esi, 0x306d0
sete al
cmp esi, 0x40650
sete cl
or eax, ecx
cmp al, 1
sbb ecx, ecx
and ecx, 0xffffffce
add ecx, 0x64
cmp byte [edi + 0x1c5], 0
jne short loc_fffa6cfb  ; jne 0xfffa6cfb
movzx eax, cl
add ebx, 0x30
imul eax, eax, 0x60
movzx ecx, cl
cdq
idiv ebx
sub eax, ecx
jmp short loc_fffa6d0a  ; jmp 0xfffa6d0a

loc_fffa6cfb:  ; not directly referenced
mov eax, 0x3200
lea ecx, [ebx + 0x20]
cdq
idiv ecx
sub ax, 0xc8

loc_fffa6d0a:  ; not directly referenced
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa6d0f:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
movzx esi, word [ebp + 0x10]
mov dword [ebp - 0x10], edx
mov edx, dword [eax + 0x18a7]
mov dword [ebp - 0x38], ecx
mov dword [ebp - 0x30], esi
add esi, 0xf
mov ecx, dword [eax + edx*4 + 0x3736]
movzx eax, word [ebp + 0xc]
mov dword [ebp - 0x14], esi
mov ebx, eax
imul eax, esi
mov dword [ebp - 0x28], ebx
add ebx, esi
cdq
idiv ebx
mov edi, eax
mov eax, ecx
shr ax, 1
movzx eax, ax
mov edx, eax
movzx eax, byte [ebp + 8]
mov dword [ebp - 0x20], edx
add eax, 0xf
mov dword [ebp - 0x24], eax
lea ebx, [edi + eax]
mov eax, edx
xor edx, edx
mov esi, dword [ebp - 0x24]
div ebx
movzx ebx, cx
mov ecx, ebx
mov dword [ebp - 0x18], ebx
xor edx, edx
imul esi, eax
mov dword [ebp - 0x34], eax
sub ecx, esi
lea eax, [ecx + ecx]
sub eax, ebx
mov ebx, 0x3e8
imul eax, eax
imul esi, esi
div ebx
mov bx, 0x2710
xor edx, edx
imul eax, eax, 0xd2f0
div ebx
mov bx, 0x64
xor edx, edx
div ebx
xor edx, edx
mov ebx, eax
imul eax, edi, 0x3e8
add edi, 0x1e
div edi
mov edi, 0x3e8
xor edx, edx
imul ebx, eax
mov eax, ebx
mov ebx, ecx
div edi
mov edi, ecx
imul edi, ecx
mov dword [ebp - 0x1c], eax
mov eax, edi
mov edi, dword [ebp - 0x28]
add eax, esi
mov esi, edi
add esi, edi
imul edi, esi, 0x64
xor edx, edx
mov esi, dword [ebp - 0x10]
sub ebx, dword [ebp - 0x20]
div edi
xor edx, edx
mov edi, 0x64
mov dword [ebp - 0x2c], eax
mov dword [esi], eax
mov eax, ebx
mov esi, dword [ebp - 0x30]
div dword [ebp - 0x14]
mov ebx, dword [ebp - 0x18]
imul edx, eax, 0xf
imul eax, eax
sub ecx, edx
mov edx, esi
add edx, esi
sub ebx, ecx
imul esi, edx, 0x64
xor edx, edx
imul eax, eax, 0xf
imul ebx, ebx
imul ecx, ecx
mov dword [ebp - 0x28], esi
mov esi, 0x64
div esi
mov esi, eax
mov eax, dword [ebp - 0x34]
mov edx, eax
imul edx, eax
mov eax, dword [ebp - 0x24]
imul eax, edx
xor edx, edx
div edi
xor edx, edx
add esi, eax
lea eax, [ebx + ecx]
div dword [ebp - 0x28]
add esi, eax
mov ebx, esi
mov esi, dword [ebp - 0x10]
mov dword [ebp - 0x30], ebx
mov edx, dword [ebp - 0x14]
mov dword [esi + 4], ebx
movzx ebx, word [ebp + 0x14]
lea edi, [ebx + 0xf]
mov ecx, edi
imul edi, edx
mov dword [ebp - 0x34], ecx
add ecx, edx
mov eax, edi
movzx edi, word [ebp - 0x38]
cdq
idiv ecx
xor edx, edx
lea ecx, [eax + edi]
mov esi, eax
mov eax, dword [ebp - 0x20]
div ecx
mov ecx, dword [ebp - 0x18]
mov edx, eax
imul edx, edi
imul eax, eax
sub ecx, edx
imul eax, edi
mov edi, 0x64
xor edx, edx
div edi
mov di, 0x3e8
xor edx, edx
mov dword [ebp - 0x24], eax
lea eax, [ecx + ecx]
sub eax, dword [ebp - 0x18]
imul eax, eax
div edi
mov di, 0x2710
xor edx, edx
imul eax, eax, 0xd2f0
div edi
mov di, 0x64
xor edx, edx
div edi
xor edx, edx
mov edi, eax
imul eax, esi, 0x3e8
add esi, 0x1e
div esi
mov esi, 0x3e8
xor edx, edx
imul edi, eax
mov eax, edi
mov edi, dword [ebp - 0x24]
div esi
mov esi, dword [ebp - 0x10]
xor edx, edx
mov dword [esi + 8], edi
mov esi, ecx
mov edi, ecx
sub esi, dword [ebp - 0x20]
mov dword [ebp - 0x20], esi
mov dword [ebp - 0x38], eax
mov eax, esi
div dword [ebp - 0x34]
mov edx, dword [ebp - 0x18]
mov esi, eax
imul eax, eax, 0xf
imul esi, esi
sub edi, eax
sub edx, edi
mov eax, edx
imul eax, edx
xor edx, edx
imul edi, edi
add eax, edi
lea edi, [ebx + ebx]
mov ebx, 0x64
imul edi, edi, 0x64
div edi
mov edi, eax
imul eax, esi, 0xf
xor edx, edx
div ebx
xor edx, edx
lea esi, [edi + eax]
mov eax, dword [ebp - 0x20]
mov edi, dword [ebp - 0x10]
div dword [ebp - 0x14]
mov edx, dword [ebp - 0x18]
mov dword [edi + 0x10], esi
mov ebx, eax
imul eax, eax, 0xf
imul ebx, ebx
sub ecx, eax
sub edx, ecx
mov eax, edx
imul eax, edx
xor edx, edx
imul ecx, ecx
add eax, ecx
div dword [ebp - 0x28]
xor edx, edx
mov ecx, eax
imul eax, ebx, 0xf
mov ebx, 0x64
div ebx
mov edx, dword [ebp - 0x1c]
mov dword [edi + 0x14], edx
add ecx, eax
mov eax, dword [ebp - 0x38]
mov dword [edi + 0xc], ecx
add ecx, esi
mov dword [edi + 0x18], eax
mov edi, dword [ebp - 0x30]
mov esi, eax
add edi, edx
mov edx, ecx
mov ecx, dword [ebp - 0x24]
mov dword [ebp - 0x14], edx
add ecx, eax
mov ebx, ecx
lea edx, [ecx + edx]
mov ecx, dword [ebp - 0x2c]
imul edx, edx, 0x28
imul ebx, ebx, 0x28
lea eax, [edi + ecx]
mov ecx, 0x64
imul eax, eax, 0x3c
add eax, edx
xor edx, edx
div cx
mov edx, dword [ebp - 0x10]
mov word [edx + 0x34], ax
imul edx, esi, 0x28
mov esi, 0x64
imul eax, dword [ebp - 0x1c], 0x3c
add eax, edx
xor edx, edx
div esi
mov esi, dword [ebp - 0x10]
imul dx, word [ebp - 0x2c], 0x3c
mov dword [esi + 0x1c], eax
lea eax, [ebx + edx]
xor edx, edx
div cx
mov ebx, esi
xor edx, edx
imul edi, edi, 0x3c
mov word [esi + 0x30], ax
imul si, word [ebp - 0x14], 0x28
lea eax, [esi + edi]
div cx
mov word [ebx + 0x32], ax
add esp, 0x2c
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa6ff5:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
movzx esi, cl
push ebx
sub esp, 0xa4
mov al, byte [ebp + 8]
mov byte [ebp - 0x97], dl
mov byte [ebp - 0xa3], cl
mov dword [ebp - 0x94], 0
mov byte [ebp - 0xa4], al
mov al, byte [ebp + 0xc]
mov bl, al
mov byte [ebp - 0xa5], al
lea eax, [ecx - 1]
mov byte [ebp - 0x98], al
movzx eax, dl
mov dword [ebp - 0x9c], eax
lea eax, [eax + esi - 1]
cdq
idiv esi
dec eax
mov byte [ebp - 0x96], al
movzx eax, bl
dec eax
mov dword [ebp - 0xb0], eax

loc_fffa705a:  ; not directly referenced
mov al, byte [ebp - 0x97]
cmp byte [ebp - 0x94], al
jae loc_fffa718b  ; jae 0xfffa718b
mov edx, dword [ebp - 0x94]
mov ecx, dword [ebp - 0xb0]
mov dword [ebp - 0x90], 0
movzx eax, dl
div byte [ebp - 0xa3]
imul cx, word [edi + edx*2]
movzx ebx, ah
mov byte [ebp - 0xa1], al
mov al, bl
dec eax
mov byte [ebp - 0xa6], al
movzx eax, byte [ebp - 0x96]
mov byte [ebp - 0x95], bl
mov dword [ebp - 0xac], eax

loc_fffa70b5:  ; not directly referenced
mov al, byte [ebp - 0x95]
xor ebx, ebx
or al, byte [ebp - 0x90]
je short loc_fffa70d1  ; je 0xfffa70d1
mov bl, byte [ebp - 0xa6]
add ebx, dword [ebp - 0x90]

loc_fffa70d1:  ; not directly referenced
mov al, byte [ebp - 0xa4]
cmp bl, al
setb dl
cmp byte [ebp - 0x95], al
setb al
test dl, al
mov al, byte [ebp - 0x95]
cmovne ebx, eax
mov al, byte [ebp - 0x98]
cmp bl, al
cmova ebx, eax
mov al, byte [ebp - 0xa1]
lea edx, [eax - 1]
add eax, 2
mov byte [ebp - 0xa2], al
movzx eax, bl
mov dword [ebp - 0xa0], eax

loc_fffa7116:  ; not directly referenced
xor eax, eax
test dl, dl
cmovns eax, edx
movsx ebx, al
cmp ebx, dword [ebp - 0xac]
mov bl, byte [ebp - 0x96]
cmovg eax, ebx
movsx ebx, al
imul ebx, esi
add ebx, dword [ebp - 0xa0]
cmp dword [ebp - 0x9c], ebx
setle bl
inc edx
sub eax, ebx
movsx eax, al
imul eax, esi
add eax, dword [ebp - 0xa0]
add cx, word [edi + eax*2]
cmp dl, byte [ebp - 0xa2]
jne short loc_fffa7116  ; jne 0xfffa7116
inc dword [ebp - 0x90]
cmp dword [ebp - 0x90], 3
jne loc_fffa70b5  ; jne 0xfffa70b5
mov eax, dword [ebp - 0x94]
inc dword [ebp - 0x94]
mov word [ebp + eax*2 - 0x8c], cx
jmp near loc_fffa705a  ; jmp 0xfffa705a

loc_fffa718b:  ; not directly referenced
movzx ebx, byte [ebp - 0xa5]
xor ecx, ecx
add ebx, 8

loc_fffa7197:  ; not directly referenced
cmp byte [ebp - 0x97], cl
jbe short loc_fffa71b1  ; jbe 0xfffa71b1
movzx eax, word [ebp + ecx*2 - 0x8c]
cdq
idiv ebx
mov word [edi + ecx*2], ax
inc ecx
jmp short loc_fffa7197  ; jmp 0xfffa7197

loc_fffa71b1:  ; not directly referenced
add esp, 0xa4
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa71bc:  ; not directly referenced
push ebp
mov ebp, esp
push ebx
mov ebx, 0x3664
cmp dl, 1
ja short loc_fffa71e7  ; ja 0xfffa71e7
cmp cl, 8
movzx edx, dl
jbe short loc_fffa71dd  ; jbe 0xfffa71dd
shl edx, 8
lea ebx, [edx + 0x3064]
jmp short loc_fffa71e7  ; jmp 0xfffa71e7

loc_fffa71dd:  ; not directly referenced
shl edx, 8
shl ecx, 9
lea ebx, [edx + ecx + 0x64]

loc_fffa71e7:  ; not directly referenced
cmp dword [eax + 0x188b], 1
lea edx, [ebx + 0xc]
cmove ebx, edx
mov eax, ebx
pop ebx
pop ebp
ret

fcn_fffa71f9:  ; not directly referenced
push ebp
mov ebp, esp
push ebx
mov ebx, 0x3660
cmp dl, 1
ja short loc_fffa7224  ; ja 0xfffa7224
cmp cl, 8
movzx edx, dl
jbe short loc_fffa721a  ; jbe 0xfffa721a
shl edx, 8
lea ebx, [edx + 0x3060]
jmp short loc_fffa7224  ; jmp 0xfffa7224

loc_fffa721a:  ; not directly referenced
shl edx, 8
shl ecx, 9
lea ebx, [edx + ecx + 0x60]

loc_fffa7224:  ; not directly referenced
cmp dword [eax + 0x188b], 1
lea edx, [ebx + 0xc]
cmove ebx, edx
mov eax, ebx
pop ebx
pop ebp
ret

fcn_fffa7236:  ; not directly referenced
push ebp
mov ebp, esp
push ebx
mov ebx, 0x3674
cmp dl, 1
ja short loc_fffa7261  ; ja 0xfffa7261
cmp cl, 8
movzx edx, dl
jbe short loc_fffa7257  ; jbe 0xfffa7257
shl edx, 8
lea ebx, [edx + 0x3074]
jmp short loc_fffa7261  ; jmp 0xfffa7261

loc_fffa7257:  ; not directly referenced
shl edx, 8
shl ecx, 9
lea ebx, [edx + ecx + 0x74]

loc_fffa7261:  ; not directly referenced
cmp dword [eax + 0x188b], 1
lea edx, [ebx + 0xc]
cmove ebx, edx
mov eax, ebx
pop ebx
pop ebp
ret

fcn_fffa7273:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
mov eax, edx
sub esp, 0x2c
mov edi, dword [ebp + 0x10]
movzx eax, al
mov dword [ebp - 0x1c], edx
mov edx, dword [ebp + 0xc]
mov dword [ebp - 0x20], ecx
mov bl, byte [ebp + 8]
mov dword [ebp - 0x24], edi
mov edi, dword [ebp + 0x14]
cmp edx, 1
mov dword [ebp - 0x28], edi
mov edi, dword [ebp + 0x18]
mov dword [ebp - 0x2c], edi
mov edi, dword [esi + 0x2444]
je short loc_fffa72ba  ; je 0xfffa72ba
cmp edx, 2
jne short loc_fffa72ff  ; jne 0xfffa72ff
lea edx, [eax*8 + 0x48f8]
jmp short loc_fffa72c1  ; jmp 0xfffa72c1

loc_fffa72ba:  ; not directly referenced
lea edx, [eax*8 + 0x48d8]

loc_fffa72c1:  ; not directly referenced
mov eax, esi
call fcn_fffb333d  ; call 0xfffb333d
xor ecx, ecx
push eax
and edx, 0x7000000
push 0x38
push edx
push ecx
call dword [edi + 0x6c]  ; ucall
mov ebx, eax
mov eax, dword [ebp - 0x1c]
movzx ebx, bl
lea edx, [eax*4 + 0x4930]
mov eax, esi
call fcn_fffb331f  ; call 0xfffb331f
lea ecx, [ebx*4]
add esp, 0x10
shr eax, cl
mov bl, al
and ebx, 3

loc_fffa72ff:  ; not directly referenced
cmp dword [ebp - 0x20], 0
mov ecx, 0xff
movzx edx, byte [ebp - 0x1c]
jne short loc_fffa7312  ; jne 0xfffa7312
movzx ecx, byte [ebp - 0x24]

loc_fffa7312:  ; not directly referenced
mov eax, esi
and ebx, 3
call fcn_fffa7236  ; call 0xfffa7236
shl ebx, 0x16
mov edi, eax
mov edx, eax
mov eax, esi
call fcn_fffb331f  ; call 0xfffb331f
mov ecx, dword [ebp - 0x28]
mov edx, dword [ebp - 0x2c]
lea esp, [ebp - 0xc]
and ecx, 1
shl ecx, 0x14
and edx, 1
and eax, 0xffcfffff
shl edx, 0x15
or eax, ecx
or eax, edx
mov edx, edi
and eax, 0xff3fffff
or eax, ebx
mov ecx, eax
mov eax, esi
pop ebx
pop esi
pop edi
pop ebp
jmp near fcn_fffb3381  ; jmp 0xfffb3381

fcn_fffa735e:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
movzx esi, dl
push ebx
sub esp, 0x1c
mov ebx, dword [ebp + 8]
mov dword [ebp - 0x1c], eax
mov eax, dword [ebp + 0xc]
imul edx, esi, 0x13c3
mov dword [ebp - 0x20], esi
mov dword [ebp - 0x24], ebx
movzx esi, bl
movzx ebx, cl
cmp al, 3
lea edi, [edi + edx + 0x3757]
jne short loc_fffa7397  ; jne 0xfffa7397
mov ecx, dword [ebp + 0x10]
jmp short loc_fffa740a  ; jmp 0xfffa740a

loc_fffa7397:  ; not directly referenced
test al, al
jne short loc_fffa73a0  ; jne 0xfffa73a0
mov edx, dword [ebp + 0x10]
jmp short loc_fffa73af  ; jmp 0xfffa73af

loc_fffa73a0:  ; not directly referenced
lea edx, [ebx + ebx*8]
lea edx, [edx + esi + 0xb0]
mov dx, word [edi + edx*2 + 9]

loc_fffa73af:  ; not directly referenced
and dx, 0x1ff
and edx, 0x1ff
mov dword [ebp - 0x28], edx
cmp al, 1
jne short loc_fffa73c6  ; jne 0xfffa73c6
mov edx, dword [ebp + 0x10]
jmp short loc_fffa73d9  ; jmp 0xfffa73d9

loc_fffa73c6:  ; not directly referenced
movzx edx, byte [ebp - 0x24]
lea ecx, [ecx + ecx*8]
lea edx, [edx + ecx + 0x90]
mov dx, word [edi + edx*2 + 1]

loc_fffa73d9:  ; not directly referenced
and dx, 0x1ff
and edx, 0x1ff
shl edx, 9
or edx, dword [ebp - 0x28]
cmp al, 2
jne short loc_fffa73f3  ; jne 0xfffa73f3
mov cl, byte [ebp + 0x10]
jmp short loc_fffa73ff  ; jmp 0xfffa73ff

loc_fffa73f3:  ; not directly referenced
lea eax, [ebx + ebx*8]
add edi, eax
mov cl, byte [edi + esi + 0x24d]

loc_fffa73ff:  ; not directly referenced
and ecx, 0x3f
and ecx, 0x3f
shl ecx, 0x14
or ecx, edx

loc_fffa740a:  ; not directly referenced
mov edi, dword [ebp - 0x20]
mov eax, edi
shl eax, 8
lea edx, [eax + ebx*4 + 0x20]
mov eax, esi
shl eax, 9
add edx, eax
mov eax, dword [ebp - 0x1c]
call fcn_fffb3381  ; call 0xfffb3381
sub esp, 0xc
mov eax, dword [ebp - 0x1c]
push 1
mov edx, edi
push 0
xor ecx, ecx
push esi
push 0
push ebx
call fcn_fffa7273  ; call 0xfffa7273
add esp, 0x20
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa7447:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
sub esp, 0x2c
mov edi, dword [ebp + 0x10]
mov ebx, dword [ebp + 0xc]
mov dword [ebp - 0x28], eax
mov eax, dword [ebp + 8]
mov dword [ebp - 0x1c], edi
movzx edi, dl
imul edx, edi, 0x13c3
mov dword [ebp - 0x20], ebx
mov dword [ebp - 0x30], edi
lea esi, [esi + edx + 0x3757]
test bl, bl
jne short loc_fffa7480  ; jne 0xfffa7480
mov ebx, dword [ebp - 0x1c]
jmp short loc_fffa7492  ; jmp 0xfffa7492

loc_fffa7480:  ; not directly referenced
movzx ebx, al
lea edx, [ecx + ecx*8]
lea edx, [ebx + edx + 0xd8]
mov bx, word [esi + edx*2 + 1]

loc_fffa7492:  ; not directly referenced
mov edx, dword [ebp - 0x20]
and bx, 0x1ff
movzx edi, al
and ebx, 0x1ff
mov dword [ebp - 0x2c], edi
cmp dl, 5
sete byte [ebp - 0x31]
and edx, 0xfffffffb
dec dl
jne short loc_fffa74b9  ; jne 0xfffa74b9
mov dl, byte [ebp - 0x1c]
jmp short loc_fffa74c8  ; jmp 0xfffa74c8

loc_fffa74b9:  ; not directly referenced
mov edi, dword [ebp - 0x2c]
lea edx, [ecx + ecx*8]
add edx, esi
mov dl, byte [edx + edi + 0x104a]

loc_fffa74c8:  ; not directly referenced
and edx, 0x3f
movzx edi, al
and edx, 0x3f
shl edx, 9
or edx, ebx
movzx ebx, cl
cmp byte [ebp - 0x20], 2
jne short loc_fffa74e4  ; jne 0xfffa74e4
mov al, byte [ebp - 0x1c]
jmp short loc_fffa74f0  ; jmp 0xfffa74f0

loc_fffa74e4:  ; not directly referenced
lea eax, [ebx + ebx*8]
add eax, esi
mov al, byte [eax + edi + 0x1026]

loc_fffa74f0:  ; not directly referenced
and eax, 0x1f
and eax, 0x1f
mov dword [ebp - 0x24], eax
mov al, byte [ebp - 0x31]
shl dword [ebp - 0x24], 0xf
or dword [ebp - 0x24], edx
cmp byte [ebp - 0x20], 3
sete dl
or al, dl
je short loc_fffa7513  ; je 0xfffa7513
mov dl, byte [ebp - 0x1c]
jmp short loc_fffa751f  ; jmp 0xfffa751f

loc_fffa7513:  ; not directly referenced
lea ecx, [ecx + ecx*8]
add ecx, esi
mov dl, byte [ecx + edi + 0x106e]

loc_fffa751f:  ; not directly referenced
and edx, 0x3f
and edx, 0x3f
shl edx, 0x14
or edx, dword [ebp - 0x24]
cmp byte [ebp - 0x20], 4
jne short loc_fffa7536  ; jne 0xfffa7536
mov cl, byte [ebp - 0x1c]
jmp short loc_fffa753d  ; jmp 0xfffa753d

loc_fffa7536:  ; not directly referenced
mov cl, byte [esi + edi + 0x101d]

loc_fffa753d:  ; not directly referenced
mov edi, dword [ebp - 0x30]
and ecx, 0x3f
mov esi, dword [ebp - 0x2c]
shl ecx, 0x1a
or ecx, edx
mov eax, edi
shl eax, 6
mov edx, eax
mov eax, esi
add edx, ebx
shl eax, 7
add edx, eax
mov eax, dword [ebp - 0x28]
shl edx, 2
call fcn_fffb3381  ; call 0xfffb3381
sub esp, 0xc
mov eax, dword [ebp - 0x28]
push 0
mov edx, edi
push 1
xor ecx, ecx
push esi
push 0
push ebx
call fcn_fffa7273  ; call 0xfffa7273
add esp, 0x20
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa7588:  ; not directly referenced
push ebp
mov ebp, esp
push ebx
mov ebx, 0x3658
cmp dl, 1
ja short loc_fffa75b3  ; ja 0xfffa75b3
cmp cl, 8
movzx edx, dl
jbe short loc_fffa75a9  ; jbe 0xfffa75a9
shl edx, 8
lea ebx, [edx + 0x3058]
jmp short loc_fffa75b3  ; jmp 0xfffa75b3

loc_fffa75a9:  ; not directly referenced
shl edx, 8
shl ecx, 9
lea ebx, [edx + ecx + 0x58]

loc_fffa75b3:  ; not directly referenced
cmp dword [eax + 0x188b], 1
lea edx, [ebx + 0xc]
cmove ebx, edx
mov eax, ebx
pop ebx
pop ebp
ret

fcn_fffa75c5:  ; not directly referenced
push ebp
mov ebp, esp
push ebx
mov ebx, 0x3654
cmp dl, 1
ja short loc_fffa75f0  ; ja 0xfffa75f0
cmp cl, 8
movzx edx, dl
jbe short loc_fffa75e6  ; jbe 0xfffa75e6
shl edx, 8
lea ebx, [edx + 0x3054]
jmp short loc_fffa75f0  ; jmp 0xfffa75f0

loc_fffa75e6:  ; not directly referenced
shl edx, 8
shl ecx, 9
lea ebx, [edx + ecx + 0x54]

loc_fffa75f0:  ; not directly referenced
cmp dword [eax + 0x188b], 1
lea edx, [ebx + 0xc]
cmove ebx, edx
mov eax, ebx
pop ebx
pop ebp
ret

fcn_fffa7602:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x2444]
mov dword [ebp - 0x30], eax
mov eax, dword [ebp + 8]
cmp dword [eax + 0x2481], 2
lea edi, [eax + 0x3757]
jne short loc_fffa7687  ; jne 0xfffa7687
xor esi, esi

loc_fffa762b:  ; not directly referenced
xor ebx, ebx

loc_fffa762d:  ; not directly referenced
push edx
push 0
push 4
lea eax, [ebp - 0x20]
push eax
mov eax, dword [ebp - 0x30]
call dword [eax + 0x5c]  ; ucall
mov ax, word [edi + ebx*2 + 0x126b]
mov ecx, ebx
mov edx, esi
mov word [ebp - 0x20], ax
mov ax, word [edi + ebx*2 + 0x1283]
inc ebx
mov word [ebp - 0x1e], ax
mov eax, dword [ebp + 8]
call fcn_fffa75c5  ; call 0xfffa75c5
mov ecx, dword [ebp - 0x20]
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
add esp, 0x10
cmp ebx, 7
jne short loc_fffa762d  ; jne 0xfffa762d
inc esi
add edi, 0x13c3
cmp esi, 2
jne short loc_fffa762b  ; jne 0xfffa762b
jmp near loc_fffa7758  ; jmp 0xfffa7758

loc_fffa7687:  ; not directly referenced
mov dword [ebp - 0x38], edi
xor edi, edi

loc_fffa768c:  ; not directly referenced
mov dword [ebp - 0x2c], 0

loc_fffa7693:  ; not directly referenced
mov ebx, dword [ebp - 0x2c]
xor edx, edx
mov al, bl
and eax, 1
movzx esi, al
lea ecx, [esi + 1]
mov byte [ebp - 0x31], al
push eax
mov eax, 8
div ecx
push 0
lea edx, [ebp - 0x20]
push eax
push edx
mov edx, dword [ebp - 0x30]
call dword [edx + 0x5c]  ; ucall
mov al, bl
mov ecx, ebx
shr al, 1
mov edx, edi
movzx ebx, al
mov byte [ebp - 0x32], al
imul ebx, ebx, 0x128
imul eax, esi, 0x18
add esi, 2
add ebx, eax
add ebx, dword [ebp - 0x38]
mov ax, word [ebx + 0x126b]
mov word [ebp - 0x20], ax
mov ax, word [ebx + 0x126d]
mov word [ebp - 0x1e], ax
mov eax, dword [ebp + 8]
call fcn_fffa75c5  ; call 0xfffa75c5
mov ecx, dword [ebp - 0x20]
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
mov ax, word [ebx + 0x126f]
add esp, 0x10
cmp byte [ebp - 0x31], 0
mov word [ebp + esi*2 - 0x20], ax
je short loc_fffa773a  ; je 0xfffa773a
mov cl, byte [ebp - 0x32]
mov edx, edi
mov eax, dword [ebp + 8]
add ecx, 4
movzx ecx, cl
call fcn_fffa75c5  ; call 0xfffa75c5
mov ecx, dword [ebp - 0x1c]
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa773a:  ; not directly referenced
inc dword [ebp - 0x2c]
cmp dword [ebp - 0x2c], 4
jne loc_fffa7693  ; jne 0xfffa7693
inc edi
add dword [ebp - 0x38], 0x13c3
cmp edi, 2
jne loc_fffa768c  ; jne 0xfffa768c

loc_fffa7758:  ; not directly referenced
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa7762:
push ebp
mov ebp, esp
push edi
mov edi, edx
push esi
mov edx, 0x5e00
push ebx
mov ebx, eax
sub esp, 0x1c
mov eax, dword [ebp + 8]
mov esi, ecx
mov dword [ebp - 0x24], eax
mov eax, ebx
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x5e04
mov dword [ebp - 0x1c], eax
mov eax, ebx
call fcn_fffb331f  ; call 0xfffb331f
mov edx, eax
mov dword [ebp - 0x20], eax
test edi, edi
je short loc_fffa77bc  ; je 0xfffa77bc
mov ecx, dword [ebp - 0x1c]
sub esp, 0xc
and edx, 0xf
push dword [ebx + 0x187b]
mov eax, ebx
shr ecx, 4
and ecx, 0xf
call fcn_fffb3a68  ; call 0xfffb3a68
add esp, 0x10
mov dword [edi], eax

loc_fffa77bc:
test esi, esi
je short loc_fffa77c8  ; je 0xfffa77c8
mov al, byte [ebp - 0x20]
and eax, 0xf
mov byte [esi], al

loc_fffa77c8:
mov esi, dword [ebp - 0x24]
test esi, esi
je short loc_fffa77da  ; je 0xfffa77da
mov eax, dword [ebp - 0x1c]
shr eax, 4
and eax, 0xf
mov dword [esi], eax

loc_fffa77da:
mov eax, dword [ebx + 0x187b]
mov ecx, dword [ebp - 0x1c]
mov edx, dword [ebp - 0x20]
mov dword [ebp + 8], eax
lea esp, [ebp - 0xc]
mov eax, ebx
pop ebx
pop esi
and edx, 0xf
pop edi
pop ebp
shr ecx, 4
and ecx, 0xf
jmp near fcn_fffb3d18  ; jmp 0xfffb3d18

fcn_fffa7800:  ; not directly referenced
push ebp
xor edx, edx
mov ebp, esp
push edi
push esi
xor esi, esi
push ebx
xor ebx, ebx
sub esp, 0x98
mov edi, dword [ebp + 8]
push 0
lea ecx, [ebp - 0x45]
mov eax, edi
call fcn_fffa7762  ; call 0xfffa7762
lea eax, [edi + 0x2407]
add esp, 0x10
mov dword [ebp - 0x58], 0
mov dword [ebp - 0x50], 0
mov dword [ebp - 0x68], 0
mov dword [ebp - 0x64], 0
mov dword [ebp - 0x80], 0
mov byte [ebp - 0x79], 0
mov dword [ebp - 0x94], eax

loc_fffa7857:  ; not directly referenced
lea eax, [esi - 2]
cmp eax, 1
ja short loc_fffa7875  ; ja 0xfffa7875
cmp byte [edi + 0x374a], 0
je loc_fffa7d0c  ; je 0xfffa7d0c
mov dword [ebp - 0x70], 0
jmp short loc_fffa7890  ; jmp 0xfffa7890

loc_fffa7875:  ; not directly referenced
mov dword [ebp - 0x70], 0
cmp esi, 1
jne short loc_fffa7890  ; jne 0xfffa7890
xor eax, eax
cmp dword [edi + 0x18a7], 1
sete al
mov dword [ebp - 0x70], eax

loc_fffa7890:  ; not directly referenced
mov al, byte [ebp - 0x45]
lea ecx, [edi + esi*8 + 0x3757]
mov dword [ebp - 0x78], ecx
mov dword [ebp + esi*4 - 0x38], 0xffffffff
mov dword [ebp + esi*4 - 0x28], 0
mov byte [ebp - 0x7a], al
lea eax, [edi + 0x49c0]
mov dword [ebp - 0x88], eax
lea eax, [edi + 0x1973]
mov dword [ebp - 0x74], eax
imul eax, esi, 0x2e
mov dword [ebp - 0x60], 0x12
mov dword [ebp - 0x5c], 4
mov dword [ebp - 0x84], eax
imul eax, esi, 0x23
lea ecx, [eax + 0x18b]
add eax, 0xbb
mov dword [ebp - 0x8c], ecx
mov dword [ebp - 0x90], eax

loc_fffa78f6:  ; not directly referenced
mov eax, dword [ebp - 0x88]
mov ecx, dword [ebp - 0x74]
mov dword [ebp - 0x6c], 0
mov dword [ebp - 0x54], eax

loc_fffa7909:  ; not directly referenced
mov eax, dword [ebp - 0x54]
cmp dword [eax - 0xf6], 2
jne loc_fffa7ae1  ; jne 0xfffa7ae1
mov ebx, dword [ebp - 0x84]
mov edx, dword [ebp - 0x78]
mov ebx, dword [eax + ebx - 0xf2]
mov eax, dword [ebp - 0x6c]
mov edx, dword [edx + eax + 0xc9]
mov dword [ebp - 0x64], edx
mov edx, dword [ebp - 0x78]
mov edx, dword [edx + eax + 0xcd]
mov dword [ebp - 0x68], edx
cmp esi, 1
je loc_fffa79fe  ; je 0xfffa79fe
jb loc_fffa7a25  ; jb 0xfffa7a25
cmp esi, 3
ja loc_fffa7a25  ; ja 0xfffa7a25
mov eax, dword [ebp - 0x54]
cmp esi, 2
mov al, byte [eax]
jne short loc_fffa7975  ; jne 0xfffa7975
test al, 1
jne short loc_fffa7984  ; jne 0xfffa7984
mov dword [ebp - 0x4c], 0
jmp near loc_fffa7ab2  ; jmp 0xfffa7ab2

loc_fffa7975:  ; not directly referenced
mov dword [ebp - 0x4c], 0
test al, 2
je loc_fffa7ab2  ; je 0xfffa7ab2

loc_fffa7984:  ; not directly referenced
mov eax, dword [ebp - 0x54]
mov eax, dword [eax - 0x21]
and eax, 0xfffffffd
dec eax
jne short loc_fffa79a8  ; jne 0xfffa79a8
mov eax, dword [ebp - 0x90]
mov dword [ebp - 0x60], 0x12
mov dword [ebp - 0x5c], 4
add eax, ecx
jmp short loc_fffa79be  ; jmp 0xfffa79be

loc_fffa79a8:  ; not directly referenced
mov eax, dword [ebp - 0x8c]
mov dword [ebp - 0x60], 0x18
mov dword [ebp - 0x5c], 7
add eax, ecx

loc_fffa79be:  ; not directly referenced
movzx edx, byte [eax + 2]
mov dword [ebp - 0x50], 0
mov dword [ebp - 0x58], edx
mov edx, dword [ebp - 0x54]
cmp byte [edx + 1], 0x13
jne short loc_fffa79dc  ; jne 0xfffa79dc
movsx edx, byte [eax + 0x1b]
mov dword [ebp - 0x50], edx

loc_fffa79dc:  ; not directly referenced
mov ax, word [eax + 3]
and eax, 0x7fff
mov dword [ebp - 0x4c], eax
xor eax, eax
test ebx, ebx
je loc_fffa7aa5  ; je 0xfffa7aa5
mov eax, dword [ebp - 0x64]
imul eax, dword [ebp - 0x58]
jmp near loc_fffa7a94  ; jmp 0xfffa7a94

loc_fffa79fe:  ; not directly referenced
movzx edx, word [ecx + 0x24e]
test dx, dx
je short loc_fffa7a25  ; je 0xfffa7a25
mov eax, dword [ebp - 0x24]
mov dword [ebp - 0x4c], 0xffffffff
mov byte [ebp - 0x79], 1
cmp edx, eax
cmovae eax, edx
mov dword [ebp - 0x24], eax
jmp near loc_fffa7ab2  ; jmp 0xfffa7ab2

loc_fffa7a25:  ; not directly referenced
mov eax, dword [ebp - 0x54]
mov eax, dword [eax - 0x21]
and eax, 0xfffffffd
dec eax
jne short loc_fffa7a5b  ; jne 0xfffa7a5b
movzx eax, byte [ecx + 0x58]
mov dword [ebp - 0x60], 0x12
mov dword [ebp - 0x5c], 4
mov dword [ebp - 0x58], eax
movsx eax, byte [ecx + 0x6b]
mov dword [ebp - 0x50], eax
mov ax, word [ecx + 0x56]
and eax, 0x7fff
mov dword [ebp - 0x4c], eax
jmp short loc_fffa7a87  ; jmp 0xfffa7a87

loc_fffa7a5b:  ; not directly referenced
movzx eax, byte [ecx + 0x60]
mov dword [ebp - 0x60], 0x18
mov dword [ebp - 0x5c], 7
mov dword [ebp - 0x58], eax
movsx eax, byte [ecx + 0xc3]
mov dword [ebp - 0x50], eax
mov eax, dword [ecx + 0x5c]
mov dword [ebp - 0x4c], eax
and dword [ebp - 0x4c], 0x3ffff

loc_fffa7a87:  ; not directly referenced
xor eax, eax
test ebx, ebx
je short loc_fffa7aa5  ; je 0xfffa7aa5
mov eax, dword [ebp - 0x58]
imul eax, dword [ebp - 0x64]

loc_fffa7a94:  ; not directly referenced
lea edx, [ebx + eax - 1]
mov eax, dword [ebp - 0x68]
imul eax, dword [ebp - 0x50]
add eax, edx
xor edx, edx
div ebx

loc_fffa7aa5:  ; not directly referenced
mov edx, dword [ebp + esi*4 - 0x28]
cmp eax, edx
cmovb eax, edx
mov dword [ebp + esi*4 - 0x28], eax

loc_fffa7ab2:  ; not directly referenced
cmp dword [edi + 0x1872], 0x535
jbe short loc_fffa7aca  ; jbe 0xfffa7aca
cmp dword [edi + 0x36d4], 0x535
ja short loc_fffa7ada  ; ja 0xfffa7ada

loc_fffa7aca:  ; not directly referenced
cmp byte [ebp - 0x7a], 5
mov eax, 0xffff
cmova eax, dword [ebp - 0x4c]
mov dword [ebp - 0x4c], eax

loc_fffa7ada:  ; not directly referenced
mov eax, dword [ebp - 0x4c]
and dword [ebp + esi*4 - 0x38], eax

loc_fffa7ae1:  ; not directly referenced
add dword [ebp - 0x6c], 0x20
add ecx, 0x277
add dword [ebp - 0x54], 0x128
cmp dword [ebp - 0x6c], 0x40
jne loc_fffa7909  ; jne 0xfffa7909
add dword [ebp - 0x74], 0x54a
mov eax, dword [ebp - 0x94]
add dword [ebp - 0x88], 0x13c3
add dword [ebp - 0x78], 0x13c3
cmp dword [ebp - 0x74], eax
jne loc_fffa78f6  ; jne 0xfffa78f6
cmp esi, 1
seta cl
test ebx, ebx
sete al
mov byte [ebp - 0x4c], cl
test cl, al
jne loc_fffa7d0a  ; jne 0xfffa7d0a
mov eax, dword [edi + 0x36e4]
lea ecx, [ebp - 0x44]
mov edx, ebx
mov byte [ebp + esi - 0x3c], 0
call fcn_fffb3dc3  ; call 0xfffb3dc3
cmp byte [ebp - 0x4c], 0
je short loc_fffa7b92  ; je 0xfffa7b92
cmp dword [edi + 0x36e4], 0
jne short loc_fffa7b92  ; jne 0xfffa7b92
cmp byte [edi + 0x247f], 0
je short loc_fffa7b92  ; je 0xfffa7b92
lea ecx, [ebp - 0x40]
mov edx, ebx
mov eax, 1
call fcn_fffb3dc3  ; call 0xfffb3dc3
mov eax, dword [ebp - 0x40]
cmp eax, dword [ebp - 0x44]
jle short loc_fffa7b92  ; jle 0xfffa7b92
mov dword [ebp - 0x44], eax
cmp dword [edi + 0x18a7], esi
jne short loc_fffa7b92  ; jne 0xfffa7b92
mov dword [edi + 0x36e4], 1

loc_fffa7b92:  ; not directly referenced
mov al, byte [ebp - 0x70]
mov byte [ebp - 0x4c], al
mov eax, dword [ebp - 0x64]
imul eax, dword [ebp - 0x58]
mov dword [ebp - 0x54], eax
mov eax, dword [ebp - 0x50]
imul eax, dword [ebp - 0x68]
mov dword [ebp - 0x6c], eax
mov eax, dword [ebp - 0x84]
add eax, edi
mov dword [ebp - 0x70], eax

loc_fffa7bb7:  ; not directly referenced
cmp byte [ebp + esi - 0x3c], 0
jne loc_fffa7c79  ; jne 0xfffa7c79
mov edx, dword [ebp + esi*4 - 0x28]
cmp edx, dword [ebp - 0x60]
ja loc_fffa7c79  ; ja 0xfffa7c79
cmp byte [ebp - 0x4c], 0
jne short loc_fffa7bf3  ; jne 0xfffa7bf3
mov ecx, dword [ebp + esi*4 - 0x38]
mov eax, edx
sub eax, dword [ebp - 0x5c]
bt ecx, eax
jae loc_fffa7c6f  ; jae 0xfffa7c6f
mov eax, ebx
imul eax, edx
cmp eax, 0x1312d00
ja short loc_fffa7c6f  ; ja 0xfffa7c6f

loc_fffa7bf3:  ; not directly referenced
mov byte [ebp + esi - 0x3c], 1
cmp esi, dword [edi + 0x18a7]
jne short loc_fffa7c0d  ; jne 0xfffa7c0d
mov dword [edi + 0x36e0], ebx
mov dword [ebp - 0x80], 1

loc_fffa7c0d:  ; not directly referenced
mov eax, dword [ebp - 0x70]
xor ecx, ecx

loc_fffa7c12:  ; not directly referenced
cmp dword [edi + ecx + 0x48ca], 2
jne short loc_fffa7c36  ; jne 0xfffa7c36
mov word [eax + 0x48d4], dx
mov word [eax + 0x3761], dx
mov dword [eax + 0x48ce], ebx
mov dword [eax + 0x375b], ebx

loc_fffa7c36:  ; not directly referenced
cmp dword [edi + ecx + 0x49f2], 2
jne short loc_fffa7c5a  ; jne 0xfffa7c5a
mov word [eax + 0x49fc], dx
mov word [eax + 0x3761], dx
mov dword [eax + 0x49f6], ebx
mov dword [eax + 0x375b], ebx

loc_fffa7c5a:  ; not directly referenced
add ecx, 0x13c3
add eax, 0x13c3
cmp ecx, 0x2786
jne short loc_fffa7c12  ; jne 0xfffa7c12
jmp short loc_fffa7c79  ; jmp 0xfffa7c79

loc_fffa7c6f:  ; not directly referenced
inc edx
mov dword [ebp + esi*4 - 0x28], edx
jmp near loc_fffa7bb7  ; jmp 0xfffa7bb7

loc_fffa7c79:  ; not directly referenced
cmp byte [ebp + esi - 0x3c], 0
jne loc_fffa7d0c  ; jne 0xfffa7d0c
cmp byte [ebp - 0x4c], 0
je short loc_fffa7c99  ; je 0xfffa7c99
cmp byte [edi + 0x1876], 0
jne short loc_fffa7d0c  ; jne 0xfffa7d0c
cmp byte [ebp - 0x79], 1
je short loc_fffa7d0c  ; je 0xfffa7d0c

loc_fffa7c99:  ; not directly referenced
mov eax, dword [ebp - 0x44]

loc_fffa7c9c:  ; not directly referenced
dec eax
test eax, eax
jle short loc_fffa7d05  ; jle 0xfffa7d05
lea edx, [eax + eax*8]
mov dl, byte [edx + ref_fffd3804]  ; mov dl, byte [edx - 0x2c7fc]
cmp dl, 3
jne short loc_fffa7ce1  ; jne 0xfffa7ce1

loc_fffa7caf:  ; not directly referenced
mov dword [ebp - 0x44], eax
lea eax, [eax + eax*8]
mov ebx, dword [eax + ref_fffd37fc]  ; mov ebx, dword [eax - 0x2c804]
lea ecx, [ebp - 0x44]
mov eax, dword [edi + 0x36e4]
mov edx, ebx
call fcn_fffb3dc3  ; call 0xfffb3dc3
xor eax, eax
test ebx, ebx
je short loc_fffa7cff  ; je 0xfffa7cff
mov eax, dword [ebp - 0x54]
xor edx, edx
lea eax, [ebx + eax - 1]
add eax, dword [ebp - 0x6c]
div ebx
jmp short loc_fffa7cff  ; jmp 0xfffa7cff

loc_fffa7ce1:  ; not directly referenced
cmp dl, 1
jne short loc_fffa7cef  ; jne 0xfffa7cef
cmp dword [edi + 0x36e4], 0
jmp short loc_fffa7cfb  ; jmp 0xfffa7cfb

loc_fffa7cef:  ; not directly referenced
cmp dl, 2
jne short loc_fffa7c9c  ; jne 0xfffa7c9c
cmp dword [edi + 0x36e4], 1

loc_fffa7cfb:  ; not directly referenced
jne short loc_fffa7c9c  ; jne 0xfffa7c9c
jmp short loc_fffa7caf  ; jmp 0xfffa7caf

loc_fffa7cff:  ; not directly referenced
mov dword [ebp + esi*4 - 0x28], eax
jmp short loc_fffa7d3a  ; jmp 0xfffa7d3a

loc_fffa7d05:  ; not directly referenced
mov dword [ebp - 0x44], eax
jmp short loc_fffa7d3a  ; jmp 0xfffa7d3a

loc_fffa7d0a:  ; not directly referenced
xor ebx, ebx

loc_fffa7d0c:  ; not directly referenced
inc esi
cmp esi, 4
jne loc_fffa7857  ; jne 0xfffa7857
mov edx, dword [edi + 0x36e0]
xor ecx, ecx
mov eax, dword [edi + 0x36e4]
call fcn_fffb3dc3  ; call 0xfffb3dc3
mov dword [edi + 0x36d8], eax
mov eax, dword [ebp - 0x80]
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

loc_fffa7d3a:  ; not directly referenced
cmp dword [ebp - 0x44], 0
jg loc_fffa7bb7  ; jg 0xfffa7bb7
jmp short loc_fffa7d0c  ; jmp 0xfffa7d0c

fcn_fffa7d46:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x14
cmp cl, 0x20
mov dword [ebp - 0x14], eax
mov al, byte [ebp + 8]
sete bl
cmp cl, 0x10
mov byte [ebp - 0xd], al
sete al
or bl, al
jne short loc_fffa7d7c  ; jne 0xfffa7d7c
cmp cl, 0x21
sete bl
cmp cl, 0x11
sete al
or bl, al
je loc_fffa7e10  ; je 0xfffa7e10

loc_fffa7d7c:  ; not directly referenced
xor ebx, ebx
cmp cl, 0x21
ja short loc_fffa7d8a  ; ja 0xfffa7d8a
movzx ebx, byte [ecx + ref_fffd58e0]  ; movzx ebx, byte [ecx - 0x2a720]

loc_fffa7d8a:  ; not directly referenced
cmp bl, 7
mov eax, 7
cmovbe eax, ebx
xor ebx, ebx
imul eax, eax, 0x240
lea edi, [edx + eax]
movzx eax, byte [ebp - 0xd]
imul eax, eax, 0x12
mov dword [ebp - 0x20], eax

loc_fffa7daa:  ; not directly referenced
imul eax, ebx, 0x13c3
mov esi, dword [ebp - 0x14]
cmp dword [esi + eax + 0x3757], 2
je short loc_fffa7dc5  ; je 0xfffa7dc5

loc_fffa7dbd:  ; not directly referenced
inc ebx
cmp ebx, 2
je short loc_fffa7e10  ; je 0xfffa7e10
jmp short loc_fffa7daa  ; jmp 0xfffa7daa

loc_fffa7dc5:  ; not directly referenced
lea eax, [ebx + ebx*8]
add eax, dword [ebp - 0x20]
mov byte [ebp - 0xd], 0
mov dword [ebp - 0x1c], eax

loc_fffa7dd2:  ; not directly referenced
mov esi, dword [ebp - 0x14]
mov al, byte [ebp - 0xd]
cmp al, byte [esi + 0x2489]
jae short loc_fffa7dbd  ; jae 0xfffa7dbd
movzx ecx, byte [ebp - 0xd]
mov esi, 0xa
xor edx, edx
add ecx, dword [ebp - 0x1c]
inc byte [ebp - 0xd]
lea eax, [edi + ecx*8]
mov dword [ebp - 0x18], eax
imul eax, dword [edi + ecx*8], 0xf
div esi
xor edx, edx
mov dword [edi + ecx*8], eax
mov ecx, dword [ebp - 0x18]
imul eax, dword [ecx + 4], 0xf
div esi
mov dword [ecx + 4], eax
jmp short loc_fffa7dd2  ; jmp 0xfffa7dd2

loc_fffa7e10:  ; not directly referenced
add esp, 0x14
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa7e1a:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x28
mov bl, byte [ebp + 0xc]
mov dword [ebp - 0x24], eax
movzx eax, byte [ebp + 8]
mov byte [ebp - 0x1b], bl
cmp cl, 0xd
ja short loc_fffa7e4d  ; ja 0xfffa7e4d
cmp cl, 0xb
jae short loc_fffa7e68  ; jae 0xfffa7e68
cmp cl, 2
jbe short loc_fffa7e68  ; jbe 0xfffa7e68
lea ebx, [ecx - 4]
cmp bl, 1
ja loc_fffa7f7f  ; ja 0xfffa7f7f
jmp short loc_fffa7e68  ; jmp 0xfffa7e68

loc_fffa7e4d:  ; not directly referenced
cmp cl, 0x10
jb loc_fffa7f7f  ; jb 0xfffa7f7f
cmp cl, 0x11
jbe short loc_fffa7e6e  ; jbe 0xfffa7e6e
lea ebx, [ecx - 0x20]
cmp bl, 1
jbe short loc_fffa7e6e  ; jbe 0xfffa7e6e
jmp near loc_fffa7f7f  ; jmp 0xfffa7f7f

loc_fffa7e68:  ; not directly referenced
mov byte [ebp - 0x1a], 0xa
jmp short loc_fffa7e72  ; jmp 0xfffa7e72

loc_fffa7e6e:  ; not directly referenced
mov byte [ebp - 0x1a], 7

loc_fffa7e72:  ; not directly referenced
xor ebx, ebx
cmp cl, 0x21
ja short loc_fffa7e80  ; ja 0xfffa7e80
movzx ebx, byte [ecx + ref_fffd58e0]  ; movzx ebx, byte [ecx - 0x2a720]

loc_fffa7e80:  ; not directly referenced
cmp bl, 7
mov ecx, 7
mov esi, dword [ebp - 0x24]
cmovbe ecx, ebx
imul ecx, ecx, 0x240
imul eax, eax, 0x12
add esi, 0x3757
mov dword [ebp - 0x14], esi
lea edi, [edx + ecx]
mov dword [ebp - 0x18], 0
mov dword [ebp - 0x34], eax

loc_fffa7ead:  ; not directly referenced
mov eax, dword [ebp - 0x14]
cmp dword [eax], 2
je short loc_fffa7ecc  ; je 0xfffa7ecc

loc_fffa7eb5:  ; not directly referenced
inc dword [ebp - 0x18]
add dword [ebp - 0x14], 0x13c3
cmp dword [ebp - 0x18], 2
jne short loc_fffa7ead  ; jne 0xfffa7ead
xor eax, eax
jmp near loc_fffa7f84  ; jmp 0xfffa7f84

loc_fffa7ecc:  ; not directly referenced
imul eax, dword [ebp - 0x18], 9
mov esi, dword [ebp - 0x34]
mov byte [ebp - 0x19], 0
mov dword [ebp - 0x2c], eax
add esi, eax
movzx eax, byte [ebp - 0x1a]
mov dword [ebp - 0x28], esi
mov dword [ebp - 0x30], eax

loc_fffa7ee6:  ; not directly referenced
mov edx, dword [ebp - 0x24]
mov al, byte [ebp - 0x19]
cmp al, byte [edx + 0x2489]
jae short loc_fffa7eb5  ; jae 0xfffa7eb5
movzx esi, al
mov edx, dword [ebp - 0x2c]
xor ecx, ecx
mov eax, dword [ebp - 0x28]
add edx, esi
add eax, esi
lea ebx, [edi + eax*8]
lea edx, [edi + edx*8]
mov dword [ebp - 0x10], ebx
mov ebx, eax
mov dword [ebp - 0x20], edx

loc_fffa7f11:  ; not directly referenced
mov eax, dword [ebp - 0x14]
mov edx, 1
shl edx, cl
and dl, byte [eax + 0xc4]
test byte [ebp - 0x1b], dl
je short loc_fffa7f4c  ; je 0xfffa7f4c
imul edx, ecx, 0x90
mov eax, dword [ebp - 0x20]
mov eax, dword [eax + edx]
cmp dword [edi + ebx*8], eax
jbe short loc_fffa7f3a  ; jbe 0xfffa7f3a
mov dword [edi + ebx*8], eax

loc_fffa7f3a:  ; not directly referenced
mov eax, dword [ebp - 0x20]
mov edx, dword [eax + edx + 4]
mov eax, dword [ebp - 0x10]
cmp dword [eax + 4], edx
jbe short loc_fffa7f4c  ; jbe 0xfffa7f4c
mov dword [eax + 4], edx

loc_fffa7f4c:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffa7f11  ; jne 0xfffa7f11
add esi, dword [ebp - 0x28]
mov cl, 0xa
mov ebx, dword [ebp - 0x30]
xor edx, edx
inc byte [ebp - 0x19]
mov eax, dword [edi + esi*8]
imul eax, ebx
div ecx
xor edx, edx
mov dword [edi + esi*8], eax
mov esi, dword [ebp - 0x10]
mov eax, ebx
imul eax, dword [esi + 4]
div ecx
mov dword [esi + 4], eax
jmp near loc_fffa7ee6  ; jmp 0xfffa7ee6

loc_fffa7f7f:  ; not directly referenced
mov eax, 2

loc_fffa7f84:  ; not directly referenced
add esp, 0x28
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa7f8c:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
push ebx
sub esp, 0x6c
movzx eax, byte [ebp + 8]
mov dword [ebp - 0x4c], edx
mov edx, dword [ebp + 0xc]
mov dword [ebp - 0x50], ecx
mov byte [ebp - 0x3c], 0xaa
mov byte [ebp - 0x3b], 0xc0
mov word [ebp - 0x58], dx
mov byte [ebp - 0x3a], 0xcc
mov byte [ebp - 0x39], 0xf0
mov dword [ebp - 0x54], 0
mov word [ebp - 0x6e], ax

loc_fffa7fc3:  ; not directly referenced
mov eax, dword [ebp - 0x54]
mov bx, word [ebp - 0x6e]
mov word [ebp - 0x68], ax
cmp ax, bx
jae loc_fffa814b  ; jae 0xfffa814b
mov eax, dword [ebp - 0x50]
xor ecx, ecx
or eax, dword [ebp - 0x4c]
mov dword [ebp - 0x6c], eax

loc_fffa7fe2:  ; not directly referenced
mov esi, 1
mov ebx, dword [ebp - 0x4c]
mov al, 1
shl esi, cl
test dword [ebp - 0x50], esi
setne dl
and ebx, esi
setne byte [ebp - 0x56]
test byte [ebp - 0x56], dl
jne short loc_fffa8015  ; jne 0xfffa8015
test ebx, ebx
sete bl
xor eax, eax
test bl, dl
jne short loc_fffa8015  ; jne 0xfffa8015
and esi, dword [ebp - 0x6c]
cmp esi, 1
sbb eax, eax
add eax, 3

loc_fffa8015:  ; not directly referenced
movzx eax, al
mov al, byte [ebp + eax - 0x3c]
mov byte [ebp + ecx - 0x38], al
inc ecx
cmp ecx, 0x20
jne short loc_fffa7fe2  ; jne 0xfffa7fe2
mov eax, dword [ebp - 0x68]
xor esi, esi
add eax, dword [ebp - 0x58]
mov word [ebp - 0x56], ax

loc_fffa8032:  ; not directly referenced
mov ecx, esi
mov eax, 1
shl eax, cl
xor ebx, ebx
mov dword [ebp - 0x68], eax
xor ecx, ecx
mov edx, 1

loc_fffa8047:  ; not directly referenced
mov al, byte [ebp - 0x68]
test byte [ebp + ecx - 0x38], al
je short loc_fffa8056  ; je 0xfffa8056
mov eax, edx
shl eax, cl
or ebx, eax

loc_fffa8056:  ; not directly referenced
inc ecx
cmp ecx, 0x20
jne short loc_fffa8047  ; jne 0xfffa8047
cmp dword [edi + 0x3757], 2
lea eax, [esi + 0x10000]
mov dword [ebp - 0x68], eax
jne short loc_fffa80c1  ; jne 0xfffa80c1
mov ecx, ebx
mov edx, 0x42dc
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, ebx
mov edx, 0x42e0
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, dword [ebp - 0x68]
mov edx, 0x42d4
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
mov ax, word [ebp - 0x56]
mov ecx, 0xfff
mov edx, 0x42d0
cmp ax, 0xfff
cmovbe ecx, eax
mov eax, edi
and ecx, 0xfff
or ecx, 0x8000000
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa80c1:  ; not directly referenced
cmp dword [edi + 0x4b1a], 2
jne short loc_fffa811d  ; jne 0xfffa811d
mov ecx, ebx
mov edx, 0x46dc
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, ebx
mov edx, 0x46e0
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, dword [ebp - 0x68]
mov edx, 0x46d4
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
mov ax, word [ebp - 0x56]
mov ecx, 0xfff
mov edx, 0x46d0
cmp ax, 0xfff
cmovbe ecx, eax
mov eax, edi
and ecx, 0xfff
or ecx, 0x8000000
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa811d:  ; not directly referenced
inc esi
cmp esi, 8
jne loc_fffa8032  ; jne 0xfffa8032
mov ebx, dword [ebp - 0x50]
mov esi, dword [ebp - 0x4c]
add dword [ebp - 0x50], ebx
add dword [ebp - 0x4c], esi
mov eax, ebx
shr eax, 0x1f
or dword [ebp - 0x50], eax
mov eax, esi
shr eax, 0x1f
inc dword [ebp - 0x54]
or dword [ebp - 0x4c], eax
jmp near loc_fffa7fc3  ; jmp 0xfffa7fc3

loc_fffa814b:  ; not directly referenced
cmp dword [edi + 0x3757], 2
jne short loc_fffa8162  ; jne 0xfffa8162
xor ecx, ecx
mov edx, 0x42d4
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa8162:  ; not directly referenced
cmp dword [edi + 0x4b1a], 2
jne short loc_fffa8179  ; jne 0xfffa8179
xor ecx, ecx
mov edx, 0x46d4
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa8179:  ; not directly referenced
add esp, 0x6c
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa8181:  ; not directly referenced
push ebp
mov ebp, esp
push edi
xor edi, edi
push esi
push ebx
mov ebx, eax
sub esp, 0x2c
mov eax, dword [ebp + 0xc]
mov dword [ebp - 0x2c], edx
mov dword [ebp - 0x30], ecx
mov word [ebp - 0x22], ax
movzx eax, byte [ebp + 8]
mov dword [ebp - 0x34], eax

loc_fffa81a2:  ; not directly referenced
mov dword [ebp - 0x20], 1
mov ecx, edi
mov esi, 0x46dc
shl dword [ebp - 0x20], cl

loc_fffa81b3:  ; not directly referenced
lea eax, [esi*8 - 0x236e0]
xor ecx, ecx
mov dword [ebp - 0x28], eax
mov dword [ebp - 0x1c], 0

loc_fffa81c6:  ; not directly referenced
mov eax, dword [ebp - 0x28]
add eax, ecx
cdq
idiv dword [ebp - 0x34]
mov eax, dword [ebp - 0x30]
movzx edx, dl
movzx eax, byte [eax + edx]
mov edx, dword [ebp - 0x2c]
movzx eax, byte [edx + eax]
test dword [ebp - 0x20], eax
je short loc_fffa81ef  ; je 0xfffa81ef
mov eax, 1
shl eax, cl
or dword [ebp - 0x1c], eax

loc_fffa81ef:  ; not directly referenced
inc ecx
cmp ecx, 0x20
jne short loc_fffa81c6  ; jne 0xfffa81c6
cmp dword [ebx + 0x3757], 2
jne short loc_fffa820e  ; jne 0xfffa820e
mov ecx, dword [ebp - 0x1c]
lea edx, [esi - 0x400]
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa820e:  ; not directly referenced
cmp dword [ebx + 0x4b1a], 2
jne short loc_fffa8223  ; jne 0xfffa8223
mov ecx, dword [ebp - 0x1c]
mov edx, esi
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa8223:  ; not directly referenced
add esi, 4
cmp esi, 0x46e4
jne short loc_fffa81b3  ; jne 0xfffa81b3
cmp dword [ebx + 0x3757], 2
lea esi, [edi + 0x10000]
jne short loc_fffa8273  ; jne 0xfffa8273
mov ecx, esi
mov edx, 0x42d4
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov ax, word [ebp - 0x22]
mov ecx, 0xfff
mov edx, 0x42d0
cmp ax, 0xfff
cmovbe ecx, eax
mov eax, ebx
and ecx, 0xfff
or ecx, 0x8000000
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa8273:  ; not directly referenced
cmp dword [ebx + 0x4b1a], 2
jne short loc_fffa82b2  ; jne 0xfffa82b2
mov ecx, esi
mov edx, 0x46d4
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov ax, word [ebp - 0x22]
mov ecx, 0xfff
mov edx, 0x46d0
cmp ax, 0xfff
cmovbe ecx, eax
mov eax, ebx
and ecx, 0xfff
or ecx, 0x8000000
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa82b2:  ; not directly referenced
inc edi
cmp edi, 8
jne loc_fffa81a2  ; jne 0xfffa81a2
cmp dword [ebx + 0x3757], 2
jne short loc_fffa82d3  ; jne 0xfffa82d3
xor ecx, ecx
mov edx, 0x42d4
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa82d3:  ; not directly referenced
cmp dword [ebx + 0x4b1a], 2
jne short loc_fffa82f1  ; jne 0xfffa82f1
add esp, 0x2c
mov eax, ebx
pop ebx
xor ecx, ecx
pop esi
mov edx, 0x46d4
pop edi
pop ebp
jmp near fcn_fffb3381  ; jmp 0xfffb3381

loc_fffa82f1:  ; not directly referenced
add esp, 0x2c
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa82f9:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
push ebx
sub esp, 0x2c
mov ebx, dword [eax + 0x2444]
cmp edx, 0x4a
ja short loc_fffa8318  ; ja 0xfffa8318
lea ebx, [edx + 1]
xor esi, esi
shr ebx, 1
jmp short loc_fffa8359  ; jmp 0xfffa8359

loc_fffa8318:  ; not directly referenced
mov edi, dword [eax + 0x18d1]
sub esp, 0xc
mov dword [ebp - 0x2c], edx
add edi, 0xf0
push edi
call dword [ebx + 0x20]  ; ucall
mov edx, dword [ebp - 0x2c]
add esp, 0x10
add edx, eax
mov esi, eax
mov dword [ebp - 0x1c], edx

loc_fffa833b:  ; not directly referenced
sub esp, 0xc
push edi
call dword [ebx + 0x20]  ; ucall
mov edx, dword [ebp - 0x1c]
add esp, 0x10
cmp edx, esi
ja short loc_fffa8350  ; ja 0xfffa8350
cmp eax, esi
jae short loc_fffa833b  ; jae 0xfffa833b

loc_fffa8350:  ; not directly referenced
mov edx, dword [ebp - 0x1c]
cmp eax, edx
jae short loc_fffa836f  ; jae 0xfffa836f
jmp short loc_fffa833b  ; jmp 0xfffa833b

loc_fffa8359:  ; not directly referenced
cmp esi, ebx
je short loc_fffa836f  ; je 0xfffa836f
mov edx, 0x4ce0
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
inc esi
mov dword [ebp - 0x1c], eax
jmp short loc_fffa8359  ; jmp 0xfffa8359

loc_fffa836f:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa8377:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
push ebx
sub esp, 0x2c
mov eax, dword [ebp + 8]
mov dword [ebp - 0x20], edx
mov dword [ebp - 0x30], eax
mov byte [ebp - 0x31], al
mov eax, dword [edi + 0x5edd]
mov dword [ebp - 0x1c], eax
mov ebx, dword [eax + 0xc]
mov esi, dword [eax + 0x10]
cmp dl, 8
ja loc_fffa84b9  ; ja 0xfffa84b9
jmp dword [edx*4 + ref_fffd35f8]  ; ujmp: jmp dword [edx*4 - 0x2ca08]

loc_fffa83ad:  ; not directly referenced
and ecx, 0x1f
and ebx, 0xfff07bff
shl ecx, 0xf
jmp short loc_fffa83c4  ; jmp 0xfffa83c4

loc_fffa83bb:  ; not directly referenced
and ecx, 0xf
and bh, 0x87
shl ecx, 0xb

loc_fffa83c4:  ; not directly referenced
or ebx, ecx
jmp near loc_fffa84b9  ; jmp 0xfffa84b9

loc_fffa83cb:  ; not directly referenced
and ecx, 0xf
and ebx, 0xf00fffff
mov eax, ecx
shl eax, 0x14
shl ecx, 0x18
or ebx, eax
jmp short loc_fffa83c4  ; jmp 0xfffa83c4

loc_fffa83e0:  ; not directly referenced
shl ecx, 0x1c
and ebx, 0xfffffff
jmp short loc_fffa83c4  ; jmp 0xfffa83c4

loc_fffa83eb:  ; not directly referenced
mov eax, ecx
and esi, 0xffffffe0
and eax, 0xf
and ecx, 0x10
jmp short loc_fffa8440  ; jmp 0xfffa8440

loc_fffa83f8:  ; not directly referenced
mov eax, ecx
and esi, 0xfffffc1f
and eax, 0xf
mov edx, eax
shl edx, 5
shr ecx, 4
mov dword [ebp - 0x24], edx
and ecx, 1
or esi, dword [ebp - 0x24]
mov edx, ecx
shl edx, 9
shl eax, 0xa
or esi, edx
and esi, 0xffff83ff
shl ecx, 0xe
jmp short loc_fffa8440  ; jmp 0xfffa8440

loc_fffa8429:  ; not directly referenced
mov eax, ecx
and esi, 0xfff07fff
and eax, 0xf
shl ecx, 0xf
shl eax, 0xf
and ecx, 0x80000

loc_fffa8440:  ; not directly referenced
or esi, eax
or esi, ecx
jmp short loc_fffa84b9  ; jmp 0xfffa84b9

loc_fffa8446:  ; not directly referenced
and ecx, 1
and ebx, 0xfffffff7
lea eax, [ecx*8]
or ebx, eax
mov eax, dword [ebp - 0x1c]
shl ecx, 0x1a
mov dword [ebp - 0x28], 0
mov dword [ebp - 0x38], ecx
add eax, 0x1c
mov dword [ebp - 0x2c], eax

loc_fffa846b:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
mov ecx, 0xff
mov edx, dword [ebp - 0x28]
mov eax, dword [eax]
mov dword [ebp - 0x24], eax
mov eax, dword [ebp - 0x38]
and dword [ebp - 0x24], 0xfbffffff
or dword [ebp - 0x24], eax
mov eax, edi
call fcn_fffa7236  ; call 0xfffa7236
mov ecx, dword [ebp - 0x24]
mov edx, eax
mov eax, edi
call fcn_fffb38b3  ; call 0xfffb38b3
cmp byte [ebp - 0x31], 0
je short loc_fffa84a9  ; je 0xfffa84a9
mov eax, dword [ebp - 0x2c]
mov ecx, dword [ebp - 0x24]
mov dword [eax], ecx

loc_fffa84a9:  ; not directly referenced
inc dword [ebp - 0x28]
add dword [ebp - 0x2c], 0xcc
cmp dword [ebp - 0x28], 2
jne short loc_fffa846b  ; jne 0xfffa846b

loc_fffa84b9:  ; not directly referenced
mov ecx, ebx
mov edx, 0x3a14
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, esi
mov edx, 0x3a18
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
cmp byte [ebp - 0x30], 0
je short loc_fffa84e4  ; je 0xfffa84e4
mov eax, dword [ebp - 0x1c]
mov dword [eax + 0xc], ebx
mov dword [eax + 0x10], esi

loc_fffa84e4:  ; not directly referenced
mov ecx, 0x115
mov edx, 0x5f08
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
mov edx, 0x78
mov eax, edi
call fcn_fffa82f9  ; call 0xfffa82f9
cmp byte [ebp - 0x20], 0
jne loc_fffa85ce  ; jne 0xfffa85ce
mov edx, 0x3a04
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
and eax, 0x3f
lea edx, [eax - 0x10]
cmp dl, 0x20
jbe loc_fffa85e4  ; jbe 0xfffa85e4
mov edx, ebx
and ebx, 0xfffffff7
or edx, 8
cmp al, 0xf
mov eax, dword [ebp - 0x1c]
cmovbe ebx, edx
mov dword [ebp - 0x20], 0
lea esi, [eax + 0x1c]
mov eax, ebx
shr eax, 3
and eax, 1
mov byte [ebp - 0x24], al
shl eax, 2
mov byte [ebp - 0x28], al

loc_fffa8551:  ; not directly referenced
mov al, byte [esi + 3]
mov ecx, 0xff
add esi, 0xcc
mov edx, dword [ebp - 0x20]
and eax, 0xfffffffb
or eax, dword [ebp - 0x28]
mov byte [esi - 0xc9], al
mov eax, edi
call fcn_fffa7236  ; call 0xfffa7236
mov ecx, dword [esi - 0xcc]
mov edx, eax
mov eax, edi
call fcn_fffb38b3  ; call 0xfffb38b3
inc dword [ebp - 0x20]
cmp dword [ebp - 0x20], 2
jne short loc_fffa8551  ; jne 0xfffa8551
mov ecx, ebx
mov eax, edi
mov edx, 0x3a14
call fcn_fffb3381  ; call 0xfffb3381
mov esi, dword [ebp - 0x1c]
mov ecx, 0x115
mov dl, byte [ebp - 0x24]
mov al, byte [esi + 0xc]
shl edx, 3
and eax, 0xfffffff7
or eax, edx
mov edx, 0x5f08
mov byte [esi + 0xc], al
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
mov edx, 0x78
mov eax, edi
call fcn_fffa82f9  ; call 0xfffa82f9
jmp short loc_fffa85e4  ; jmp 0xfffa85e4

loc_fffa85ce:  ; not directly referenced
mov al, byte [ebp - 0x20]
dec eax
cmp al, 7
ja loc_fffa86b0  ; ja 0xfffa86b0
movzx eax, al
jmp dword [eax*4 + ref_fffd361c]  ; ujmp: jmp dword [eax*4 - 0x2c9e4]

loc_fffa85e4:  ; not directly referenced
mov edx, 0x3a04
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov esi, eax
and esi, 0x3f
cmp dword [edi + 0x188b], 0
jne short loc_fffa8606  ; jne 0xfffa8606
shr eax, 9
and eax, 0x3f
jmp short loc_fffa8609  ; jmp 0xfffa8609

loc_fffa8606:  ; not directly referenced
shr eax, 0x1a

loc_fffa8609:  ; not directly referenced
mov edx, esi
and ebx, 0xfffffc0f
sub eax, edx
mov edx, 0x3a14
and eax, 0x3f
shl eax, 4
or ebx, eax
mov eax, edi
or bh, 4
mov ecx, ebx
call fcn_fffb3381  ; call 0xfffb3381
cmp byte [ebp - 0x30], 0
je short loc_fffa8638  ; je 0xfffa8638
mov eax, dword [ebp - 0x1c]
mov dword [eax + 0xc], ebx

loc_fffa8638:  ; not directly referenced
mov eax, esi
movzx esi, al
jmp short loc_fffa86b2  ; jmp 0xfffa86b2

loc_fffa863f:  ; not directly referenced
mov edx, 0x3a00
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov dl, al
and edx, 0x3f
cmp dword [edi + 0x188b], 0
jne short loc_fffa865e  ; jne 0xfffa865e
shr eax, 0x1a
jmp short loc_fffa8661  ; jmp 0xfffa8661

loc_fffa865e:  ; not directly referenced
shr eax, 0x14

loc_fffa8661:  ; not directly referenced
and eax, 0x1f
movzx edx, dl
cmp byte [ebp - 0x20], 1
movzx esi, al
cmove esi, edx
jmp short loc_fffa86b2  ; jmp 0xfffa86b2

loc_fffa8673:  ; not directly referenced
mov edx, 0x3a08
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov esi, eax
and esi, 0x3f
shr eax, 0xc
cmp byte [ebp - 0x20], 2
jne short loc_fffa86b2  ; jne 0xfffa86b2
jmp short loc_fffa86a9  ; jmp 0xfffa86a9

loc_fffa868f:  ; not directly referenced
mov edx, 0x3a10
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov esi, eax
and esi, 0x1f
cmp byte [ebp - 0x20], 4
jne short loc_fffa86b2  ; jne 0xfffa86b2
shr eax, 0xb

loc_fffa86a9:  ; not directly referenced
mov esi, eax
and esi, 0x3f
jmp short loc_fffa86b2  ; jmp 0xfffa86b2

loc_fffa86b0:  ; not directly referenced
xor esi, esi

loc_fffa86b2:  ; not directly referenced
add esp, 0x2c
mov eax, esi
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa86bc:  ; not directly referenced
push ebp
mov ecx, 0x10200
mov ebp, esp
push ebx
mov ebx, eax
push edx
mov edx, 0x5060
call fcn_fffb3381  ; call 0xfffb3381
mov eax, ebx
mov edx, 0xf
pop ecx
pop ebx
pop ebp
jmp near fcn_fffa82f9  ; jmp 0xfffa82f9

fcn_fffa86e1:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, edx
push esi
mov esi, eax
mov eax, edx
shl eax, 0xa
add eax, 0x429c
push ebx
mov edx, eax
sub esp, 0x1c
mov dword [ebp - 0x1c], eax
mov eax, esi
mov dword [ebp - 0x20], ecx
imul edi, edi, 0x13c3
call fcn_fffb331f  ; call 0xfffb331f
mov ecx, dword [ebp - 0x20]
mov ebx, eax
imul eax, ecx, 0x128
and ebx, 0xfffff8c0
lea eax, [eax + edi + 0x48b0]
lea edx, [esi + eax + 0x1a]
cmp byte [edx + 0xcf], 1
jne short loc_fffa874b  ; jne 0xfffa874b
mov edi, ebx
mov eax, 1
shl eax, cl
and bl, 0x3f
shr edi, 6
or edi, eax
and edi, 3
shl edi, 6
or ebx, edi

loc_fffa874b:  ; not directly referenced
and byte [ebp + 8], 0x3f
or ebx, dword [ebp + 8]
cmp byte [edx + 0xce], 1
jne short loc_fffa8774  ; jne 0xfffa8774
mov edx, ebx
mov eax, 1
shl eax, cl
and bh, 0x3f
shr edx, 0xe
or edx, eax
and edx, 3
shl edx, 0xe
or ebx, edx

loc_fffa8774:  ; not directly referenced
mov edx, dword [ebp - 0x1c]
mov ecx, ebx
mov eax, esi
call fcn_fffb3381  ; call 0xfffb3381
add esp, 0x1c
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa8788:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x3c
mov eax, dword [ebp + 8]
mov esi, dword [eax + 0x188b]
mov ebx, dword [eax + 0x18a7]
mov al, byte [eax + 0x36ca]
test esi, esi
sete cl
test al, al
sete dl
test cl, dl
jne loc_fffa8a07  ; jne 0xfffa8a07
dec esi
sete dl
dec al
sete al
test dl, al
jne loc_fffa8a07  ; jne 0xfffa8a07
mov eax, dword [ebp + 8]
mov dword [ebp - 0x2c], 0
lea edi, [eax + 0x3757]
imul eax, ebx, 0x2e
mov dword [ebp - 0x38], eax

loc_fffa87df:  ; not directly referenced
cmp dword [edi], 2
jne loc_fffa89f4  ; jne 0xfffa89f4
mov eax, dword [ebp - 0x38]
mov ecx, dword [ebp - 0x2c]
mov byte [ebp - 0x1c], 0
mov byte [ebp - 0x1b], 2
cmp word [edi + eax + 8], 2
mov byte [ebp - 0x1a], 3
mov byte [ebp - 0x19], 2
sete al
movzx eax, al
add eax, eax
mov byte [ebp - 0x31], al
mov eax, dword [ebp + 8]
mov edx, dword [eax + 0x5edd]
imul eax, ecx, 0xcc
lea ebx, [edx + eax + 0x1c]
mov eax, dword [ebp + 8]
mov esi, dword [eax + 0x18a7]
mov eax, ecx
shl eax, 0xa
lea ecx, [eax + 0x4004]
mov dword [ebp - 0x30], eax
mov eax, dword [ebp + 8]
mov edx, ecx
mov dword [ebp - 0x48], ecx
imul esi, esi, 0x2e
call fcn_fffb331f  ; call 0xfffb331f
add esi, edi
mov dword [ebx + 0xa0], eax
movzx eax, word [esi + 8]
mov dl, byte [ebp + eax - 0x1d]
mov al, byte [ebx + 0xa3]
shl edx, 6
and eax, 0x3f
or eax, edx
mov edx, dword [ebp - 0x48]
mov byte [ebx + 0xa3], al
mov eax, dword [ebp + 8]
mov ecx, dword [ebx + 0xa0]
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp - 0x30]
add eax, 0x400c
mov edx, eax
mov dword [ebp - 0x48], eax
mov eax, dword [ebp + 8]
call fcn_fffb331f  ; call 0xfffb331f
mov dword [ebx + 0xa8], eax
mov ax, word [esi + 8]
mov esi, dword [ebp + 8]
mov ecx, dword [esi + 0x2481]
mov edx, dword [esi + 0x36d8]
cmp ecx, 3
jne short loc_fffa88be  ; jne 0xfffa88be
cmp edx, 0x536
sbb eax, eax
add eax, 6
jmp short loc_fffa8908  ; jmp 0xfffa8908

loc_fffa88be:  ; not directly referenced
cmp ecx, 2
jne short loc_fffa88dc  ; jne 0xfffa88dc
mov eax, 5
cmp edx, 0x640
jbe short loc_fffa8908  ; jbe 0xfffa8908
mov al, 6
cmp edx, 0x74b
jbe short loc_fffa8908  ; jbe 0xfffa8908
jmp short loc_fffa88fd  ; jmp 0xfffa88fd

loc_fffa88dc:  ; not directly referenced
cmp edx, 0x640
ja short loc_fffa88ec  ; ja 0xfffa88ec
movzx eax, al
add eax, 4
jmp short loc_fffa8908  ; jmp 0xfffa8908

loc_fffa88ec:  ; not directly referenced
cmp edx, 0x74b
ja short loc_fffa88fd  ; ja 0xfffa88fd
cmp al, 3
sbb eax, eax
add eax, 7
jmp short loc_fffa8908  ; jmp 0xfffa8908

loc_fffa88fd:  ; not directly referenced
cmp edx, 0x856
sbb eax, eax
add eax, 8

loc_fffa8908:  ; not directly referenced
cmp eax, 0xf
mov edx, 0xf
cmovbe edx, eax
mov al, byte [ebx + 0xa8]
xor esi, esi
mov cl, dl
shl ecx, 6
shr edx, 2
and eax, 0x3f
and edx, 3
or eax, ecx
mov byte [ebx + 0xa8], al
mov al, byte [ebx + 0xa9]
and eax, 0xfffffffc
or eax, edx
mov byte [ebx + 0xa9], al
mov ecx, dword [ebx + 0xa8]
xor ebx, ebx
mov edx, dword [ebp - 0x48]
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
mov al, byte [ebp - 0x31]
xor ecx, ecx
mov dl, byte [edi + 0xc4]
mov byte [ebp - 0x48], 0
sub eax, 4
test dl, 1
je short loc_fffa897d  ; je 0xfffa897d
mov cl, al
add cl, byte [edi + 0x1015]
mov byte [edi + 0x1015], cl
and ecx, 0x7f

loc_fffa897d:  ; not directly referenced
and dl, 2
je short loc_fffa8995  ; je 0xfffa8995
mov dl, al
add dl, byte [edi + 0x1016]
mov esi, edx
mov byte [edi + 0x1016], dl
and esi, 0x7f

loc_fffa8995:  ; not directly referenced
mov dl, byte [edi + 0xc4]
test dl, 4
je short loc_fffa89b1  ; je 0xfffa89b1
mov bl, al
add bl, byte [edi + 0x1017]
mov byte [edi + 0x1017], bl
and ebx, 0x7f

loc_fffa89b1:  ; not directly referenced
and dl, 8
je short loc_fffa89c8  ; je 0xfffa89c8
add al, byte [edi + 0x1018]
mov byte [edi + 0x1018], al
and eax, 0x7f
mov byte [ebp - 0x48], al

loc_fffa89c8:  ; not directly referenced
mov eax, dword [ebp - 0x48]
and esi, 0x7f
and ecx, 0x7f
shl esi, 8
and ebx, 0x7f
mov edx, dword [ebp - 0x30]
shl ebx, 0x10
or ecx, esi
or ecx, ebx
shl eax, 0x18
or ecx, eax
mov eax, dword [ebp + 8]
add edx, 0x4024
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa89f4:  ; not directly referenced
inc dword [ebp - 0x2c]
add edi, 0x13c3
cmp dword [ebp - 0x2c], 2
jne loc_fffa87df  ; jne 0xfffa87df

loc_fffa8a07:  ; not directly referenced
add esp, 0x3c
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa8a11:  ; not directly referenced
push ebp
mov ecx, 4
mov ebp, esp
push edi
push esi
mov esi, ref_fffd36c4  ; mov esi, 0xfffd36c4
push ebx
sub esp, 0x6c
mov ebx, dword [ebp + 8]
lea edi, [ebp - 0x54]
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov byte [ebp - 0x5d], 0
mov eax, dword [ebx + 0x2444]
mov dword [ebp - 0x5c], 0
mov dword [ebp - 0x64], eax
lea eax, [ebx + 0x381b]

loc_fffa8a46:  ; not directly referenced
mov cl, byte [eax]
mov byte [ebp - 0x5e], cl
and cl, 1
jne short loc_fffa8ab4  ; jne 0xfffa8ab4

loc_fffa8a50:  ; not directly referenced
test byte [ebp - 0x5e], 4
je loc_fffa8b07  ; je 0xfffa8b07
movzx edx, word [eax + 0x12c0]
mov ecx, 1
imul edx, dword [eax + 0x12bc]
movzx edi, byte [eax + 0x12c6]
movzx esi, byte [eax + 0x12c5]
shr edx, 0x14
cmp byte [eax + 0x12c6], 0
cmovne ecx, edi
movzx edi, byte [eax + 0x12c8]
imul edi, esi
imul edi, edx
movzx edx, byte [eax + 0x12ca]
imul edi, ecx
movzx edx, word [ebp + edx*2 - 0x54]
cmp edx, edi
mov edx, 1
cmove edx, dword [ebp - 0x5c]
mov dword [ebp - 0x5c], edx
jmp short loc_fffa8b07  ; jmp 0xfffa8b07

loc_fffa8ab4:  ; not directly referenced
movzx edx, word [eax + 0x1198]
imul edx, dword [eax + 0x1194]
movzx ecx, byte [eax + 0x119e]
movzx esi, byte [eax + 0x119d]
shr edx, 0x14
test cl, cl
jne short loc_fffa8adc  ; jne 0xfffa8adc
mov ecx, 1

loc_fffa8adc:  ; not directly referenced
movzx edi, byte [eax + 0x11a0]
imul esi, edi
imul esi, edx
movzx edx, byte [eax + 0x11a2]
imul esi, ecx
movzx edx, word [ebp + edx*2 - 0x54]
cmp edx, esi
je loc_fffa8a50  ; je 0xfffa8a50
mov dword [ebp - 0x5c], 1

loc_fffa8b07:  ; not directly referenced
inc byte [ebp - 0x5d]
add eax, 0x13c3
cmp byte [ebp - 0x5d], 2
jne loc_fffa8a46  ; jne 0xfffa8a46
cmp dword [ebp - 0x5c], 1
je loc_fffa8c87  ; je 0xfffa8c87
push edx
push 0
push 0x2c
lea eax, [ebp - 0x44]
push eax
mov eax, dword [ebp - 0x64]
call dword [eax + 0x5c]  ; ucall
add esp, 0x10
cmp byte [ebx + 0x3749], 1
mov dword [ebp - 0x58], 1
je short loc_fffa8b49  ; je 0xfffa8b49

loc_fffa8b45:  ; not directly referenced
xor esi, esi
jmp short loc_fffa8ba3  ; jmp 0xfffa8ba3

loc_fffa8b49:  ; not directly referenced
cmp dword [ebx + 0x3757], 2
jne short loc_fffa8b75  ; jne 0xfffa8b75
mov edx, 0x5004
mov eax, ebx
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x5004
mov ecx, eax
mov dword [ebp - 0x68], eax
and ecx, 0xfcffffff
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa8b75:  ; not directly referenced
cmp dword [ebx + 0x4b1a], 2
jne short loc_fffa8b45  ; jne 0xfffa8b45
mov edx, 0x5008
mov eax, ebx
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x5008
mov ecx, eax
mov dword [ebp - 0x6c], eax
and ecx, 0xfcffffff
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
jmp short loc_fffa8b45  ; jmp 0xfffa8b45

loc_fffa8ba3:  ; not directly referenced
movzx eax, byte [ebx + 0x248e]
bt eax, esi
jb short loc_fffa8bbb  ; jb 0xfffa8bbb

loc_fffa8baf:  ; not directly referenced
add esi, 2
cmp esi, 4
jne short loc_fffa8ba3  ; jne 0xfffa8ba3
xor edi, edi
jmp short loc_fffa8c0a  ; jmp 0xfffa8c0a

loc_fffa8bbb:  ; not directly referenced
push eax
mov ecx, esi
push eax
mov edi, 1
lea eax, [ebp - 0x58]
push eax
mov eax, ebx
push 0
lea edx, [ebp - 0x44]
call fcn_fffad0c1  ; call 0xfffad0c1
mov ecx, esi
xor edx, edx
shl edi, cl
mov eax, ebx
mov ecx, edi
call fcn_fffad317  ; call 0xfffad317
mov ecx, edi
mov edx, 1
mov byte [ebp - 0x5c], al
mov eax, ebx
call fcn_fffad317  ; call 0xfffad317
or eax, dword [ebp - 0x5c]
movzx edx, al
mov eax, ebx
call fcn_fffb33a7  ; call 0xfffb33a7
add esp, 0x10
mov edi, eax
test eax, eax
je short loc_fffa8baf  ; je 0xfffa8baf

loc_fffa8c0a:  ; not directly referenced
cmp byte [ebx + 0x3749], 1
jne short loc_fffa8c43  ; jne 0xfffa8c43
cmp dword [ebx + 0x3757], 2
jne short loc_fffa8c2b  ; jne 0xfffa8c2b
mov ecx, dword [ebp - 0x68]
mov edx, 0x5004
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa8c2b:  ; not directly referenced
cmp dword [ebx + 0x4b1a], 2
jne short loc_fffa8c43  ; jne 0xfffa8c43
mov ecx, dword [ebp - 0x6c]
mov edx, 0x5008
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa8c43:  ; not directly referenced
mov edx, 0x3c
mov eax, ebx
call fcn_fffa82f9  ; call 0xfffa82f9
cmp dword [ebx + 0x3757], 2
jne short loc_fffa8c69  ; jne 0xfffa8c69
mov ecx, 0x3000
mov edx, 0x48a8
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa8c69:  ; not directly referenced
cmp dword [ebx + 0x4b1a], 2
jne short loc_fffa8c83  ; jne 0xfffa8c83
mov ecx, 0x3000
mov edx, 0x48b0
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa8c83:  ; not directly referenced
test edi, edi
je short loc_fffa8c91  ; je 0xfffa8c91

loc_fffa8c87:  ; not directly referenced
mov dword [ebx + 0x374b], 1

loc_fffa8c91:  ; not directly referenced
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa8c9b:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x3c
mov edi, dword [ebp + 8]
mov eax, dword [edi + 0x2444]
cmp byte [edi + 0x190d], 0
mov edx, dword [edi + 0x18a7]
mov esi, dword [edi + 0x2481]
mov dword [ebp - 0x30], eax
je loc_fffa9196  ; je 0xfffa9196
cmp esi, 3
sete al
mov byte [ebp - 0x2c], al
movzx eax, al
mov dword [ebp - 0x38], eax
mov eax, dword [edi + 0x36cc]
test eax, eax
je loc_fffa8e37  ; je 0xfffa8e37
dec eax
jne loc_fffa9196  ; jne 0xfffa9196
movzx ebx, byte [edi + 0x2480]
test ebx, ebx
sete al
or al, byte [ebp - 0x2c]
je short loc_fffa8d6f  ; je 0xfffa8d6f
mov ecx, dword [ebp - 0x30]
xor eax, eax
cmp dword [edi + 0x188b], 1
mov edx, dword [ecx + 0x80]
sete al
mov esi, eax
lea esi, [esi + esi + 0x18]
lea eax, [eax + eax + 0x17]
test edx, edx
je short loc_fffa8d6f  ; je 0xfffa8d6f
lea ecx, [ebp - 0x20]
push ecx
lea ecx, [ebp - 0x1c]
push ecx
push eax
push 1
call edx
mov al, byte [ebp - 0x19]
add esp, 0x10
test al, al
js short loc_fffa8d6f  ; js 0xfffa8d6f
or eax, 0xffffff80
mov byte [ebp - 0x19], al
mov al, byte [ebp - 0x1c]
or eax, 1
cmp dword [edi + 0x2481], 3
mov byte [ebp - 0x1c], al
jne short loc_fffa8d59  ; jne 0xfffa8d59
and eax, 0xfffffff1
or eax, 8
mov byte [ebp - 0x1c], al

loc_fffa8d59:  ; not directly referenced
lea eax, [ebp - 0x20]
push eax
mov eax, dword [ebp - 0x30]
push dword [ebp - 0x1c]
push esi
push 1
call dword [eax + 0x84]  ; ucall
add esp, 0x10

loc_fffa8d6f:  ; not directly referenced
cmp ebx, 1
mov edx, 0x64
mov eax, 0x32
cmove edx, eax
cmp dword [ebp - 0x38], 1
jne short loc_fffa8da6  ; jne 0xfffa8da6
mov edx, 0x5880
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x5880
and al, 0x7f
mov ecx, eax
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
mov edx, 0x61

loc_fffa8da6:  ; not directly referenced
mov cl, byte [ebp - 0x2c]
dec ebx
sete al
or cl, al
je loc_fffa9196  ; je 0xfffa9196
movzx eax, dx
xor esi, esi
lea ebx, [edi + 0x4a08]
mov dword [ebp - 0x2c], eax

loc_fffa8dc3:  ; not directly referenced
cmp dword [ebx - 0x12b1], 2
jne short loc_fffa8e1c  ; jne 0xfffa8e1c
movzx eax, word [ebx - 0x129b]
mov ecx, 0x64
imul eax, dword [ebp - 0x2c]
cdq
idiv ecx
cmp dword [ebx - 0x13e], 2
mov word [ebx - 0x129b], ax
jne short loc_fffa8e04  ; jne 0xfffa8e04
movzx eax, word [ebx - 0x128]
imul eax, dword [ebp - 0x2c]
cdq
idiv ecx
mov word [ebx - 0x128], ax

loc_fffa8e04:  ; not directly referenced
cmp dword [ebx - 0x16], 2
jne short loc_fffa8e1c  ; jne 0xfffa8e1c
movzx eax, word [ebx]
mov ecx, 0x64
imul eax, dword [ebp - 0x2c]
cdq
idiv ecx
mov word [ebx], ax

loc_fffa8e1c:  ; not directly referenced
mov edx, esi
mov eax, edi
inc esi
add ebx, 0x13c3
call fcn_fffb3431  ; call 0xfffb3431
cmp esi, 2
je loc_fffa9196  ; je 0xfffa9196
jmp short loc_fffa8dc3  ; jmp 0xfffa8dc3

loc_fffa8e37:  ; not directly referenced
cmp dword [edi + 0x36e9], 0
je short loc_fffa8e4d  ; je 0xfffa8e4d
cmp byte [edi + 0x1916], 0
jne loc_fffa9196  ; jne 0xfffa9196

loc_fffa8e4d:  ; not directly referenced
test byte [edi + 0x36cb], 0xf7
je loc_fffa9196  ; je 0xfffa9196
cmp dword [edi + 0x3757], 2
mov dword [ebp - 0x40], 0
mov dword [ebp - 0x44], 0
mov dword [ebp - 0x34], 0
je short loc_fffa8e8c  ; je 0xfffa8e8c
cmp dword [edi + 0x4b1a], 2
mov eax, 1
jne loc_fffa8f2c  ; jne 0xfffa8f2c
jmp short loc_fffa8e8e  ; jmp 0xfffa8e8e

loc_fffa8e8c:  ; not directly referenced
xor eax, eax

loc_fffa8e8e:  ; not directly referenced
imul eax, eax, 0x13c3
lea ecx, [edi + eax + 0x3757]
imul eax, edx, 0x2e
lea eax, [ecx + eax + 4]
movzx ecx, word [eax + 0x1a]
movzx edx, word [eax + 0x10]
movzx eax, word [eax + 0xc]
lea edx, [ecx + edx + 1]
mov cl, 0x7f
mov bl, dl
and ebx, 0x7f
cmp edx, 0x7f
cmovbe ecx, ebx
mov ebx, 0xa
imul eax, eax, 0xf
xor edx, edx
and ecx, 0x7f
div ebx
mov bl, 0x7f
cmp dl, 1
mov edx, 0x4e44
sbb eax, 0xffffffff
cmp eax, 0x7f
cmovbe ebx, eax
mov eax, edi
and ebx, 0x7f
shl ecx, 8
or ecx, ebx
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa8ef0:  ; not directly referenced
mov eax, dword [ebp - 0x30]
call dword [eax + 0x7c]  ; ucall
mov ebx, eax
xor ax, ax
call fcn_fffb38d9  ; call 0xfffb38d9
mov dl, al
movzx eax, bx
mov dword [ebp - 0x2c], edx
call fcn_fffb38d9  ; call 0xfffb38d9
mov edx, dword [ebp - 0x2c]
test al, al
sete al
test dl, dl
sete dl
or al, dl
jne short loc_fffa8ef0  ; jne 0xfffa8ef0
mov ecx, ebx
mov edx, 0x2bb8
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa8f2c:  ; not directly referenced
cmp esi, 2
je loc_fffa9196  ; je 0xfffa9196
mov ecx, dword [edi + 0x1912]
mov eax, 0x800
mov dl, 0xb

loc_fffa8f42:  ; not directly referenced
movzx ebx, dl
cmp ebx, ecx
lea eax, [eax + eax]
jae short loc_fffa8f4f  ; jae 0xfffa8f4f
inc edx
jmp short loc_fffa8f42  ; jmp 0xfffa8f42

loc_fffa8f4f:  ; not directly referenced
call fcn_fffb396b  ; call 0xfffb396b
mov byte [ebp - 0x2c], 0x11
sub byte [ebp - 0x2c], al
movzx eax, byte [ebp - 0x2c]
mov word [ebp - 0x48], ax

loc_fffa8f63:  ; not directly referenced
mov eax, dword [ebp - 0x30]
xor ebx, ebx
mov esi, 1
call dword [eax + 0x7c]  ; ucall
xor edx, edx
mov dword [ebp - 0x3c], eax

loc_fffa8f75:  ; not directly referenced
mov cl, dl
cmp bx, word [ebp - 0x48]
je short loc_fffa8f95  ; je 0xfffa8f95
mov eax, esi
shl eax, cl
mov ecx, dword [ebp - 0x3c]
and ecx, eax
cmp ecx, 1
sbb bx, 0xffff
inc edx
cmp edx, 0x10
jne short loc_fffa8f75  ; jne 0xfffa8f75
mov cl, 0x10

loc_fffa8f95:  ; not directly referenced
mov ebx, 1
shl ebx, cl
dec ebx
and ebx, dword [ebp - 0x3c]
movzx eax, bx
call fcn_fffb38d9  ; call 0xfffb38d9
cmp al, byte [ebp - 0x2c]
jne short loc_fffa8f63  ; jne 0xfffa8f63
mov edx, ebx
xor esi, esi
mov word [ebp - 0x40], bx
not edx

loc_fffa8fb7:  ; not directly referenced
mov ecx, esi
mov eax, 0xfffffffe
rol eax, cl
and eax, edx
movzx ecx, ax
mov edx, eax
mov word [ebp - 0x30], ax
mov eax, ecx
mov dword [ebp - 0x48], edx
mov dword [ebp - 0x3c], ecx
call fcn_fffb38d9  ; call 0xfffb38d9
mov ecx, dword [ebp - 0x3c]
mov edx, dword [ebp - 0x48]
cmp al, byte [ebp - 0x2c]
jne short loc_fffa900b  ; jne 0xfffa900b

loc_fffa8fe3:  ; not directly referenced
shl ecx, 0x10
mov eax, edi
mov edx, ecx
movzx ecx, word [ebp - 0x40]
xor esi, esi
or ebx, dword [ebp - 0x30]
or ecx, edx
mov edx, 0x4e38
mov word [ebp - 0x3c], bx
not ebx
call fcn_fffb3381  ; call 0xfffb3381
mov word [ebp - 0x30], bx
jmp short loc_fffa9019  ; jmp 0xfffa9019

loc_fffa900b:  ; not directly referenced
inc esi
cmp esi, 0x10
jne short loc_fffa8fb7  ; jne 0xfffa8fb7
jmp short loc_fffa8fe3  ; jmp 0xfffa8fe3

loc_fffa9013:  ; not directly referenced
inc esi
cmp esi, 0x10
je short loc_fffa9038  ; je 0xfffa9038

loc_fffa9019:  ; not directly referenced
mov ebx, dword [ebp - 0x30]
mov edx, 0xfffffffe
mov ecx, esi
rol edx, cl
and ebx, edx
movzx eax, bx
mov word [ebp - 0x30], ax
call fcn_fffb38d9  ; call 0xfffb38d9
cmp al, byte [ebp - 0x2c]
jne short loc_fffa9013  ; jne 0xfffa9013

loc_fffa9038:  ; not directly referenced
mov word [ebp - 0x44], bx
xor esi, esi
or ebx, dword [ebp - 0x3c]
not ebx
jmp short loc_fffa9056  ; jmp 0xfffa9056

loc_fffa9045:  ; not directly referenced
mov ecx, esi
mov eax, 0xfffffffe
rol eax, cl
inc esi
and ebx, eax
cmp esi, 0x10
je short loc_fffa9063  ; je 0xfffa9063

loc_fffa9056:  ; not directly referenced
movzx eax, bx
call fcn_fffb38d9  ; call 0xfffb38d9
cmp al, byte [ebp - 0x2c]
jne short loc_fffa9045  ; jne 0xfffa9045

loc_fffa9063:  ; not directly referenced
movzx ecx, word [ebp - 0x44]
shl ebx, 0x10
mov edx, 0x4e3c
mov eax, edi
or ecx, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov dword [ebp - 0x2c], 0

loc_fffa907f:  ; not directly referenced
imul esi, dword [ebp - 0x2c], 0x13c3
cmp dword [edi + esi + 0x3757], 2
jne loc_fffa9189  ; jne 0xfffa9189
xor ebx, ebx
test byte [edi + esi + 0x381b], 1
je short loc_fffa90f5  ; je 0xfffa90f5
cmp dword [ebp - 0x38], 0
jne short loc_fffa90c7  ; jne 0xfffa90c7
imul eax, dword [ebp - 0x2c], 0x54a
mov ax, word [edi + eax + 0x1a4f]
cmp ax, 0xce00
sete bl
cmp ax, 0xfe02
sete al
or ebx, eax
jmp short loc_fffa90f5  ; jmp 0xfffa90f5

loc_fffa90c7:  ; not directly referenced
push edx
xor ecx, ecx
push edx
mov edx, dword [ebp - 0x2c]
lea eax, [ebp - 0x1c]
push eax
mov eax, edi
push 5
call fcn_fffa681b  ; call 0xfffa681b
lea eax, [ebp - 0x1c]
add esp, 0x10
mov cl, 1

loc_fffa90e3:  ; not directly referenced
mov dl, byte [eax]
and edx, 0xfffffffd
dec dl
cmove ebx, ecx
inc eax
lea edx, [ebp - 0x18]
cmp eax, edx
jne short loc_fffa90e3  ; jne 0xfffa90e3

loc_fffa90f5:  ; not directly referenced
test byte [edi + esi + 0x381b], 4
je short loc_fffa915f  ; je 0xfffa915f
cmp dword [ebp - 0x38], 0
je short loc_fffa913b  ; je 0xfffa913b
mov edx, dword [ebp - 0x2c]
mov ecx, 2
push eax
push eax
lea eax, [ebp - 0x1c]
push eax
mov eax, edi
push 5
call fcn_fffa681b  ; call 0xfffa681b
lea eax, [ebp - 0x1c]
add esp, 0x10
lea ecx, [ebp - 0x18]

loc_fffa9125:  ; not directly referenced
mov dl, byte [eax]
mov esi, ebx
or esi, 2
and edx, 0xfffffffd
dec dl
cmove ebx, esi
inc eax
cmp eax, ecx
jne short loc_fffa9125  ; jne 0xfffa9125
jmp short loc_fffa915f  ; jmp 0xfffa915f

loc_fffa913b:  ; not directly referenced
imul eax, dword [ebp - 0x2c], 0x54a
mov ax, word [edi + eax + 0x1cc6]
cmp ax, 0xfe02
sete dl
cmp ax, 0xce00
sete al
or dl, al
je short loc_fffa915f  ; je 0xfffa915f
or ebx, 2

loc_fffa915f:  ; not directly referenced
and dword [ebp - 0x34], 0xffffff9f
and ebx, 3
shl ebx, 5
mov edx, dword [ebp - 0x2c]
mov eax, edi
or dword [ebp - 0x34], ebx
or dword [ebp - 0x34], 0x80000000
mov ecx, dword [ebp - 0x34]
shl edx, 0xa
add edx, 0x4240
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa9189:  ; not directly referenced
inc dword [ebp - 0x2c]
cmp dword [ebp - 0x2c], 2
jne loc_fffa907f  ; jne 0xfffa907f

loc_fffa9196:  ; not directly referenced
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa91a0:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x6c
mov ebx, dword [ebp + 8]
mov dword [ebp - 0x68], 0
mov dword [ebp - 0x4c], 0
mov dword [ebp - 0x60], 0
mov eax, dword [ebx + 0x2481]
mov dword [ebp - 0x58], eax
mov eax, dword [ebx + 0x1887]
mov dword [ebp - 0x6c], eax
mov eax, dword [ebx + 0x188b]
mov dword [ebp - 0x5c], eax
lea eax, [ebx + 0x3757]
mov dword [ebp - 0x50], eax
mov eax, dword [ebx + 0x5edd]
lea esi, [eax + 0x1c]

loc_fffa91ee:  ; not directly referenced
mov eax, dword [ebp - 0x50]
cmp dword [eax], 2
jne loc_fffa93c2  ; jne 0xfffa93c2
cmp dword [ebp - 0x5c], 1
jne short loc_fffa9231  ; jne 0xfffa9231
mov dl, byte [esi + 3]
mov ecx, 0xff
mov al, dl
and edx, 0xffffffbf
mov byte [esi + 3], dl
mov edx, dword [ebp - 0x4c]
shr al, 6
and eax, 1
mov byte [esi + 0xcb], al
mov eax, ebx
call fcn_fffa7236  ; call 0xfffa7236
mov ecx, dword [esi]
mov edx, eax
mov eax, ebx
call fcn_fffb38b3  ; call 0xfffb38b3

loc_fffa9231:  ; not directly referenced
cmp dword [ebp - 0x58], 3
je loc_fffa9385  ; je 0xfffa9385
mov eax, dword [ebp - 0x50]
mov dword [ebp - 0x54], 0
mov dword [ebp - 0x64], eax

loc_fffa9248:  ; not directly referenced
mov ecx, dword [ebp - 0x54]
mov eax, 1
mov dl, cl
shl eax, cl
mov ecx, dword [ebp - 0x50]
test byte [ecx + 0xc4], al
jne short loc_fffa9271  ; jne 0xfffa9271

loc_fffa925f:  ; not directly referenced
inc dword [ebp - 0x54]
add dword [ebp - 0x64], 9
cmp dword [ebp - 0x54], 4
jne short loc_fffa9248  ; jne 0xfffa9248
jmp near loc_fffa92f6  ; jmp 0xfffa92f6

loc_fffa9271:  ; not directly referenced
cmp dword [ebp - 0x58], 2
sete cl
cmp dword [ebp - 0x6c], 0x306d0
sete al
test cl, al
je short loc_fffa925f  ; je 0xfffa925f
mov eax, edx
shr dl, 1
and eax, 1
movzx edx, dl
imul eax, eax, 0x18
imul edx, edx, 0x128
add edx, eax
mov eax, dword [ebp - 0x50]
test word [eax + edx + 0x126f], 0x600
je short loc_fffa925f  ; je 0xfffa925f
xor edi, edi

loc_fffa92ac:  ; not directly referenced
mov eax, dword [ebp - 0x64]
mov edx, dword [ebp - 0x4c]
mov byte [eax + edi + 0x24d], 0x3f
mov eax, ebx
push ecx
mov ecx, dword [ebp - 0x54]
push 0x3f
push 2
push edi
call fcn_fffa735e  ; call 0xfffa735e
mov ecx, edi
mov eax, ebx
or byte [esi + edi*4 + 0x2a], 0x80
mov edx, dword [ebp - 0x4c]
call fcn_fffa71bc  ; call 0xfffa71bc
mov ecx, dword [esi + edi*4 + 0x28]
inc edi
mov edx, eax
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
add esp, 0x10
cmp edi, 9
jne short loc_fffa92ac  ; jne 0xfffa92ac
jmp near loc_fffa925f  ; jmp 0xfffa925f

loc_fffa92f6:  ; not directly referenced
cmp dword [ebp - 0x5c], 1
jne loc_fffa9385  ; jne 0xfffa9385
cmp dword [ebp - 0x68], 0
jne short loc_fffa9385  ; jne 0xfffa9385
mov eax, dword [esi + 0x28]
mov edx, 0x3a28
mov edi, eax
mov dword [ebp - 0x68], eax
mov eax, ebx
call fcn_fffb331f  ; call 0xfffb331f
mov ecx, edi
mov edx, edi
shr ecx, 0x15
and ecx, 1
shr edx, 0x15
and edx, 2
and eax, 0xfffffffc
or eax, ecx
or eax, edx
mov edx, edi
mov edi, dword [ebp - 0x60]
shr edx, 9
and eax, 0xff01ffff
and edx, 0xe0000
or eax, edx
mov edx, 0x3a28
or eax, 0x800000
cmp dword [ebp - 0x58], 2
mov ecx, eax
cmove edi, dword [ebp - 0x5c]
mov eax, ebx
mov dword [ebp - 0x60], edi
call fcn_fffb3381  ; call 0xfffb3381
test edi, edi
je short loc_fffa9385  ; je 0xfffa9385
mov edx, 0x5f09
mov eax, ebx
mov ecx, 1
call fcn_fffb335b  ; call 0xfffb335b
mov edx, 0x96
mov eax, ebx
call fcn_fffa82f9  ; call 0xfffa82f9

loc_fffa9385:  ; not directly referenced
cmp byte [ebx + 0x3749], 1
jne short loc_fffa93c2  ; jne 0xfffa93c2
mov eax, dword [ebp - 0x4c]
lea edi, [eax*4 + 0x5004]
mov eax, ebx
mov edx, edi
call fcn_fffb331f  ; call 0xfffb331f
mov edx, edi
and eax, 0xfcffffff
or eax, 0x1000000
mov ecx, eax
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov edx, 0x3c
mov eax, ebx
call fcn_fffa82f9  ; call 0xfffa82f9

loc_fffa93c2:  ; not directly referenced
inc dword [ebp - 0x4c]
add esi, 0xcc
add dword [ebp - 0x50], 0x13c3
cmp dword [ebp - 0x4c], 2
jne loc_fffa91ee  ; jne 0xfffa91ee
lea edi, [ebp - 0x3c]
mov esi, ref_fffd36d4  ; mov esi, 0xfffd36d4
mov ecx, 9
mov eax, ebx
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea edi, [ebp - 0x48]
mov esi, ref_fffd36f8  ; mov esi, 0xfffd36f8
mov cl, 3
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov ecx, 0x1010101
mov esi, 8
push edx
push edx
xor edx, edx
push 0
push 8
call fcn_fffa7f8c  ; call 0xfffa7f8c
lea edi, [ebp - 0x3c]
add esp, 0x10

loc_fffa9416:  ; not directly referenced
push eax
mov ecx, 0x41041041
push eax
mov eax, ebx
push esi
add esi, 6
push 6
mov edx, dword [edi]
add edi, 4
call fcn_fffa7f8c  ; call 0xfffa7f8c
add esp, 0x10
cmp esi, 0x3e
jne short loc_fffa9416  ; jne 0xfffa9416
lea edx, [ebp - 0x48]
mov eax, ebx
call fcn_fffa660c  ; call 0xfffa660c
cmp dword [ebx + 0x3757], 2
jne short loc_fffa945b  ; jne 0xfffa945b
mov ecx, 0xa010102
mov edx, 0x4078
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa945b:  ; not directly referenced
cmp dword [ebx + 0x4b1a], 2
jne short loc_fffa9475  ; jne 0xfffa9475
mov ecx, 0xa010102
mov edx, 0x4478
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa9475:  ; not directly referenced
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa947f:  ; not directly referenced
push ebp
mov ebp, esp
push edi
movzx edi, dl
push esi
push ebx
sub esp, 0x4c
mov esi, dword [ebp + 0x14]
mov byte [ebp - 0x27], cl
mov cl, byte [ebp + 8]
mov ebx, dword [ebp + 0xc]
mov byte [ebp - 0x26], dl
mov edx, 0x4c31
mov dword [ebp - 0x38], esi
imul esi, edi, 0x13c3
mov byte [ebp - 0x48], cl
xor ecx, ecx
mov dword [ebp - 0x20], edi
mov byte [ebp - 0x34], bl
lea edi, [eax + esi + 0x3757]
mov dword [ebp - 0x1c], eax
call fcn_fffb335b  ; call 0xfffb335b
cmp byte [edi + 0x1241], 1
sete al
mov dl, al
mov cl, al
mov eax, dword [ebp - 0x20]
or edx, 2
cmp byte [edi + 0x1369], 1
cmove ecx, edx
shl eax, 0xa
mov edi, ecx
lea edx, [eax + 0x41bc]
xor ecx, ecx
mov dword [ebp - 0x2c], eax
mov eax, dword [ebp - 0x1c]
call fcn_fffb335b  ; call 0xfffb335b
mov eax, ebx
and eax, 1
lea edx, [eax + eax]
mov al, bl
and eax, 2
and ebx, 4
shr al, 1
or eax, ebx
or eax, edx
mov ebx, eax
movzx eax, byte [ebp - 0x34]
add esi, dword [ebp - 0x1c]
shl ebx, 0x18
mov dword [ebp - 0x30], ebx
mov dword [ebp - 0x24], 0
mov byte [ebp - 0x25], 0
mov dword [ebp - 0x4c], esi
mov dword [ebp - 0x34], eax

loc_fffa952e:  ; not directly referenced
mov cl, byte [ebp - 0x24]
mov ebx, 1
mov esi, dword [ebp - 0x4c]
shl ebx, cl
mov al, bl
and al, byte [esi + 0x381b]
test byte [ebp - 0x27], al
je loc_fffa95d6  ; je 0xfffa95d6
mov ecx, dword [ebp - 0x34]
xor edx, edx
mov esi, dword [ebp + 0x10]
and ecx, 0xf
shl ecx, 0x18
mov eax, ecx
mov cl, byte [ebp - 0x24]
shr cl, 1
movzx ecx, cl
mov si, word [esi + ecx*2]
mov ax, si
test byte [ebp - 0x24], 1
je short loc_fffa9597  ; je 0xfffa9597
inc ecx
test ecx, edi
je short loc_fffa9597  ; je 0xfffa9597
mov edx, esi
and ax, 0x150
and dx, 0xfe07
and esi, 0xa8
shr ax, 1
add esi, esi
or eax, edx
or eax, esi
movzx eax, ax
add eax, dword [ebp - 0x30]
cdq

loc_fffa9597:  ; not directly referenced
mov esi, dword [ebp - 0x48]
mov ecx, edx
not ebx
or ecx, 0xf000000
and ebx, 0xf
and ch, 0xf0
and esi, 0xf
shl esi, 8
or ecx, esi
and ecx, 0xfffffff0
or ecx, ebx
mov ebx, dword [ebp - 0x2c]
mov edx, ecx
push ecx
push ecx
push edx
push eax
mov eax, dword [ebp - 0x1c]
lea ecx, [ebx + 0x41c0]
mov edx, ecx
call fcn_fffb3506  ; call 0xfffb3506
add esp, 0x10
inc byte [ebp - 0x25]

loc_fffa95d6:  ; not directly referenced
inc dword [ebp - 0x24]
cmp dword [ebp - 0x24], 4
jne loc_fffa952e  ; jne 0xfffa952e
cmp byte [ebp - 0x25], 0
jne short loc_fffa95f3  ; jne 0xfffa95f3

loc_fffa95e9:  ; not directly referenced
mov eax, 1
jmp near loc_fffa96c3  ; jmp 0xfffa96c3

loc_fffa95f3:  ; not directly referenced
mov edi, dword [ebp - 0x38]
mov cl, 3
mov edx, dword [ebp - 0x2c]
mov ebx, edi
mov eax, edi
mov edi, dword [ebp - 0x1c]
add edx, 0x419c
and eax, 7
test bl, bl
cmovne ecx, eax
mov al, byte [ebp - 0x25]
and ecx, 7
dec eax
and eax, 7
shl eax, 0x10
or ecx, eax
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp - 0x20]
lea ebx, [eax*8 + 0x48a8]
mov eax, edi
mov edx, ebx
call fcn_fffb331f  ; call 0xfffb331f
mov edx, ebx
mov dword [ebp - 0x1c], edi
mov ecx, eax
mov esi, eax
and ch, 0xc7
mov eax, edi
or ch, 0x20
call fcn_fffb3381  ; call 0xfffb3381
mov edx, dword [ebp - 0x20]
mov ecx, 5
mov eax, dword [ebp - 0x1c]
lea edi, [edx*4 + 0x48b8]
mov edx, edi
call fcn_fffb335b  ; call 0xfffb335b

loc_fffa9668:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
mov edx, 0x4804
call fcn_fffb331f  ; call 0xfffb331f
cmp byte [ebp - 0x26], 0
jne short loc_fffa968e  ; jne 0xfffa968e
test al, 1
jne loc_fffa95e9  ; jne 0xfffa95e9
shr eax, 0x10
and eax, 1
xor eax, 1
jmp short loc_fffa96a1  ; jmp 0xfffa96a1

loc_fffa968e:  ; not directly referenced
test al, 2
jne loc_fffa95e9  ; jne 0xfffa95e9
shr eax, 0x10
shr al, 1
xor eax, 1
and eax, 1

loc_fffa96a1:  ; not directly referenced
test al, al
jne short loc_fffa9668  ; jne 0xfffa9668
mov edx, edi
mov edi, dword [ebp - 0x1c]
mov ecx, 4
mov eax, edi
call fcn_fffb335b  ; call 0xfffb335b
mov eax, edi
mov ecx, esi
mov edx, ebx
call fcn_fffb3381  ; call 0xfffb3381
xor eax, eax

loc_fffa96c3:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa96cb:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
mov esi, dword [ebp + 8]
mov ebx, dword [ebp + 0xc]
cmp cl, 3
ja short loc_fffa96eb  ; ja 0xfffa96eb
mov word [ebp - 0x1c], bx
mov word [ebp - 0x1a], 0
jmp short loc_fffa96f5  ; jmp 0xfffa96f5

loc_fffa96eb:  ; not directly referenced
mov word [ebp - 0x1c], 0
mov word [ebp - 0x1a], bx

loc_fffa96f5:  ; not directly referenced
cmp dword [eax + 0x2481], 2
movzx edi, dl
mov edx, esi
movzx ecx, cl
push 0
movzx esi, dl
sete bl
mov dword [ebp - 0x2c], edi
lea edi, [ebp - 0x1c]
mov edx, dword [ebp - 0x2c]
push edi
shl ebx, 3
push esi
movzx ebx, bl
push ebx
call fcn_fffa947f  ; call 0xfffa947f
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa972b:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0xe0
mov esi, dword [ebp + 8]
mov edi, dword [ebp + 0x14]
mov byte [ebp - 0x9f], cl
mov ebx, dword [ebp + 0x10]
mov dword [ebp - 0x80], eax
mov eax, dword [ebp + 0xc]
mov ecx, esi
mov dword [ebp - 0xd8], esi
mov esi, ref_fffd3704  ; mov esi, 0xfffd3704
mov dword [ebp - 0xac], edi
mov dword [ebp - 0xb8], edx
mov byte [ebp - 0xdc], dl
mov edx, edi
mov byte [ebp - 0xc8], cl
lea edi, [ebp - 0x50]
mov ecx, 3
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea edi, [ebp - 0x38]
mov esi, ref_fffd3710  ; mov esi, 0xfffd3710
mov dword [ebp - 0x88], eax
mov byte [ebp - 0xa0], al
mov byte [ebp - 0x9d], dl
mov word [ebp - 0x7c], bx
mov word [ebp - 0x60], 0
mov word [ebp - 0x5e], 2
mov cl, 4
mov word [ebp - 0x5c], 1
mov word [ebp - 0x5a], 3
mov word [ebp - 0x64], 0
mov word [ebp - 0x62], 2
mov byte [ebp - 0x6a], 1
mov byte [ebp - 0x69], 2
mov byte [ebp - 0x68], 3
mov byte [ebp - 0x67], 0
mov byte [ebp - 0x66], 2
mov byte [ebp - 0x65], 3
movzx edx, byte [ebp - 0xb8]
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov edi, dword [ebp - 0x80]
imul eax, edx, 0x13c3
mov dword [ebp - 0x84], edx
mov esi, dword [edi + 0x5edd]
lea eax, [edi + eax + 0x3757]
mov dword [ebp - 0xa8], eax
imul eax, edx, 0xcc
mov ecx, esi
mov dword [ebp - 0xa4], esi
mov esi, dword [edi + 0x2444]
lea edx, [ecx + eax + 0x1c]
mov dword [ebp - 0x9c], edx
mov edx, dword [edi + 0x188b]
lea eax, [ebp - 0x50]
push 0xc
push eax
lea eax, [ebp - 0x44]
push eax
mov dword [ebp - 0x98], edx
call dword [esi + 0x58]  ; ucall
add esp, 0xc
push 8
lea eax, [ebp - 0x60]
push eax
lea eax, [ebp - 0x58]
push eax
call dword [esi + 0x58]  ; ucall
mov eax, dword [edi + 0x2481]
add esp, 0xc
xor edx, edx
push 0x10
cmp eax, 3
sete dl
mov dword [ebp - 0xb4], edx
xor edx, edx
cmp eax, 2
lea eax, [ebp - 0x38]
sete dl
push eax
lea eax, [ebp - 0x28]
mov dword [ebp - 0xb0], edx
push eax
call dword [esi + 0x58]  ; ucall
mov ecx, dword [ebp - 0x88]
add esp, 0x10
cmp cl, 3
sete al
cmp cl, 1
setbe dl
or dl, al
jne short loc_fffa98ac  ; jne 0xfffa98ac
mov edx, ecx
cmp cl, 0x11
sete cl
cmp dl, 2
sete dl
or cl, dl
je loc_fffa995e  ; je 0xfffa995e

loc_fffa98ac:  ; not directly referenced
mov ecx, dword [ebp - 0x88]
cmp cl, 1
sbb esi, esi
and esi, 0x10
add esi, 0xf
cmp cl, 1
sbb edx, edx
and edx, 0xfffffff0
sub edx, 0x10
cmp bx, si
jg short loc_fffa98d5  ; jg 0xfffa98d5
cmp dx, bx
mov esi, ebx
cmovge esi, edx

loc_fffa98d5:  ; not directly referenced
mov ebx, dword [ebp - 0x9c]
movzx ecx, byte [ebp - 0xd8]
cmp byte [ebp - 0x88], 0
lea edi, [ebx + ecx*4]
mov ebx, dword [edi + 0x78]
jne loc_fffaa406  ; jne 0xfffaa406
mov eax, esi
and ebx, 0xfffff000
and eax, 0x3f
mov edx, eax
or ebx, eax
shl edx, 6
or ebx, edx

loc_fffa9909:  ; not directly referenced
cmp byte [ebp - 0xb8], 1
mov edx, 0x365c
jbe loc_fffaa459  ; jbe 0xfffaa459

loc_fffa991b:  ; not directly referenced
mov ecx, dword [ebp - 0x80]
lea eax, [edx + 0xc]
cmp dword [ecx + 0x188b], 1
mov ecx, ebx
cmove edx, eax
mov eax, dword [ebp - 0x80]
call fcn_fffb3381  ; call 0xfffb3381
cmp byte [ebp - 0xac], 0
je short loc_fffa9941  ; je 0xfffa9941
mov dword [edi + 0x78], ebx

loc_fffa9941:  ; not directly referenced
mov eax, dword [ebp - 0xa4]
mov edx, 0x2008
mov ecx, dword [eax + 0x18]
mov eax, dword [ebp - 0x80]
or ecx, 0x20
call fcn_fffb3381  ; call 0xfffb3381
mov word [ebp - 0x7c], si

loc_fffa995e:  ; not directly referenced
mov eax, dword [ebp - 0x88]
cmp al, 0x11
sete cl
sub eax, 4
cmp al, 1
setbe al
or al, cl
mov byte [ebp - 0x9e], cl
je loc_fffa9b92  ; je 0xfffa9b92
mov eax, dword [ebp - 0xa8]
xor edi, edi
lea esi, [eax + 0x24d]
imul eax, dword [ebp - 0x84], 0x13c3
add eax, dword [ebp - 0x80]
mov dword [ebp - 0xe4], eax
movzx eax, byte [ebp - 0x9f]
mov dword [ebp - 0xe8], eax

loc_fffa99ad:  ; not directly referenced
mov ebx, dword [ebp - 0xe4]
mov eax, 1
mov ecx, edi
shl eax, cl
test byte [ebx + 0x381b], al
je loc_fffa9b85  ; je 0xfffa9b85
mov eax, dword [ebp - 0xe8]
bt eax, edi
jae loc_fffa9b85  ; jae 0xfffa9b85
cmp byte [ebp - 0xa0], 4
jne loc_fffa9a7c  ; jne 0xfffa9a7c
cmp dword [ebp - 0x98], 0
jne short loc_fffa99fe  ; jne 0xfffa99fe
mov ebx, dword [ebp - 0x7c]
mov eax, 0xb
cmp bx, 0xb
cmovle eax, ebx
jmp short loc_fffa9a21  ; jmp 0xfffa9a21

loc_fffa99fe:  ; not directly referenced
cmp dword [ebp - 0x98], 1
jne short loc_fffa9a25  ; jne 0xfffa9a25
mov ecx, dword [ebp - 0x7c]
mov eax, 0xf
cmp cx, 0xf
cmovle eax, ecx
mov ecx, eax
or eax, 0x10
test byte [esi], 0x10
cmove eax, ecx

loc_fffa9a21:  ; not directly referenced
mov word [ebp - 0x7c], ax

loc_fffa9a25:  ; not directly referenced
mov ebx, dword [ebp - 0x7c]
mov eax, 0
mov ecx, edi
push edx
mov edx, dword [ebp - 0x84]
test bx, bx
cmovns eax, ebx
movzx ebx, byte [ebp - 0xc8]
mov word [ebp - 0x7c], ax
or eax, 0x30
mov word [ebp - 0xe0], ax
cwde
push eax
mov eax, dword [ebp - 0x80]
push 2
push ebx
call fcn_fffa735e  ; call 0xfffa735e
add esp, 0x10
cmp byte [ebp - 0x9d], 0
je loc_fffa9b85  ; je 0xfffa9b85
mov al, byte [ebp - 0xe0]
mov byte [esi + ebx], al
jmp near loc_fffa9b85  ; jmp 0xfffa9b85

loc_fffa9a7c:  ; not directly referenced
cmp byte [ebp - 0xa0], 5
jne loc_fffa9b3e  ; jne 0xfffa9b3e
cmp dword [ebp - 0x98], 0
jne short loc_fffa9ac9  ; jne 0xfffa9ac9
cmp word [ebp - 0x7c], 0x13
jg short loc_fffa9aad  ; jg 0xfffa9aad
mov ecx, dword [ebp - 0x7c]
mov eax, 0
test cx, cx
cmovns eax, ecx
mov word [ebp - 0x7c], ax
jmp short loc_fffa9ab3  ; jmp 0xfffa9ab3

loc_fffa9aad:  ; not directly referenced
mov word [ebp - 0x7c], 0x13

loc_fffa9ab3:  ; not directly referenced
mov eax, dword [ebp - 0x7c]
mov ecx, 5
mov edx, eax
sar dx, 0xf
idiv cx
lea ebx, [edx + eax*8]
jmp short loc_fffa9afe  ; jmp 0xfffa9afe

loc_fffa9ac9:  ; not directly referenced
xor ebx, ebx
cmp dword [ebp - 0x98], 1
jne short loc_fffa9afe  ; jne 0xfffa9afe
mov eax, dword [ebp - 0x7c]
test ax, ax
jle short loc_fffa9afe  ; jle 0xfffa9afe
movsx ebx, ax
mov eax, 0x10
cmp bx, 0x10
cmovle eax, ebx
mov word [ebp - 0x7c], ax
dec eax
mov ebx, eax
and eax, 3
sar ebx, 2
add eax, eax
lea ebx, [eax + ebx*8 + 1]

loc_fffa9afe:  ; not directly referenced
push eax
movzx eax, bl
mov edx, dword [ebp - 0x84]
push eax
movzx eax, byte [ebp - 0xc8]
mov ecx, edi
push 2
push eax
mov dword [ebp - 0xe0], eax
mov eax, dword [ebp - 0x80]
call fcn_fffa7447  ; call 0xfffa7447
add esp, 0x10
cmp byte [ebp - 0x9d], 0
je short loc_fffa9b85  ; je 0xfffa9b85
mov eax, dword [ebp - 0xe0]
mov byte [esi + eax + 0xdd9], bl
jmp short loc_fffa9b85  ; jmp 0xfffa9b85

loc_fffa9b3e:  ; not directly referenced
cmp byte [ebp - 0x9e], 0
je short loc_fffa9b85  ; je 0xfffa9b85
movzx ebx, byte [ebp - 0xc8]
mov ecx, edi
push eax
mov edx, dword [ebp - 0x84]
mov eax, dword [ebp - 0x80]
push 0
push 0xff
push ebx
call fcn_fffa735e  ; call 0xfffa735e
add esp, 0xc
mov edx, dword [ebp - 0x84]
mov eax, dword [ebp - 0x80]
mov ecx, edi
push 0
push 0xff
push ebx
call fcn_fffa7447  ; call 0xfffa7447
add esp, 0x10

loc_fffa9b85:  ; not directly referenced
inc edi
add esi, 9
cmp edi, 4
jne loc_fffa99ad  ; jne 0xfffa99ad

loc_fffa9b92:  ; not directly referenced
cmp byte [ebp - 0x88], 6
mov cl, byte [ebp - 0x9e]
sete al
or cl, al
je loc_fffa9cf1  ; je 0xfffa9cf1
cmp dword [ebp - 0x98], 1
jne short loc_fffa9bc0  ; jne 0xfffa9bc0
cmp word [ebp - 0x7c], 0x3f
jg loc_fffaa48b  ; jg 0xfffaa48b
jmp short loc_fffa9bcb  ; jmp 0xfffa9bcb

loc_fffa9bc0:  ; not directly referenced
cmp word [ebp - 0x7c], 7
jg loc_fffaa496  ; jg 0xfffaa496

loc_fffa9bcb:  ; not directly referenced
mov edi, dword [ebp - 0x7c]
mov edx, 0
test di, di
cmovns edx, edi
mov word [ebp - 0x7c], dx

loc_fffa9bdd:  ; not directly referenced
movzx edi, byte [ebp - 0xd8]
mov ecx, dword [ebp - 0x9c]
mov dword [ebp - 0xc8], edi
lea edi, [ecx + edi*4]
mov ebx, dword [edi + 4]
mov esi, dword [edi + 0x28]
test al, al
je short loc_fffa9c3a  ; je 0xfffa9c3a
cmp dword [ebp - 0x98], 1
jne short loc_fffa9c2c  ; jne 0xfffa9c2c
mov ecx, dword [ebp - 0x7c]
and bh, 0xe3
and esi, 0xe3ffffff
mov eax, ecx
sar ax, 3
and eax, 7
shl eax, 0xa
or ebx, eax
mov eax, ecx
and eax, 7
shl eax, 0x1a
or esi, eax
jmp short loc_fffa9c3a  ; jmp 0xfffa9c3a

loc_fffa9c2c:  ; not directly referenced
mov eax, dword [ebp - 0x7c]
and bh, 0xe3
and eax, 7
shl eax, 0xa
or ebx, eax

loc_fffa9c3a:  ; not directly referenced
mov ecx, dword [ebp - 0xc8]
mov edx, dword [ebp - 0x84]
mov eax, dword [ebp - 0x80]
call fcn_fffa71f9  ; call 0xfffa71f9
mov ecx, ebx
mov edx, eax
mov eax, dword [ebp - 0x80]
call fcn_fffb3381  ; call 0xfffb3381
cmp dword [ebp - 0x98], 1
jne short loc_fffa9c83  ; jne 0xfffa9c83
mov ecx, dword [ebp - 0xc8]
mov edx, dword [ebp - 0x84]
mov eax, dword [ebp - 0x80]
call fcn_fffa71bc  ; call 0xfffa71bc
mov ecx, esi
mov edx, eax
mov eax, dword [ebp - 0x80]
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa9c83:  ; not directly referenced
cmp byte [ebp - 0xac], 0
je short loc_fffa9cf1  ; je 0xfffa9cf1
cmp dword [ebp - 0x98], 1
mov dword [edi + 4], ebx
jne short loc_fffa9cf1  ; jne 0xfffa9cf1
mov ebx, dword [ebp - 0x80]
mov edx, 0x3a28
mov dword [edi + 0x28], esi
mov eax, ebx
call fcn_fffb331f  ; call 0xfffb331f
movzx ecx, byte [ebx + 0x2489]
xor edx, edx
mov esi, eax
xor eax, eax

loc_fffa9cb7:  ; not directly referenced
cmp cl, dl
jbe short loc_fffa9cd0  ; jbe 0xfffa9cd0
mov edi, dword [ebp - 0x9c]
mov bl, byte [edi + edx*4 + 0x2b]
inc edx
shr bl, 2
and ebx, 7
add eax, ebx
jmp short loc_fffa9cb7  ; jmp 0xfffa9cb7

loc_fffa9cd0:  ; not directly referenced
xor edx, edx
and esi, 0xfff1ffff
div ecx
mov ecx, esi
mov edx, 0x3a28
and eax, 7
shl eax, 0x11
or ecx, eax
mov eax, dword [ebp - 0x80]
call fcn_fffb3381  ; call 0xfffb3381

loc_fffa9cf1:  ; not directly referenced
cmp byte [ebp - 0x88], 9
je short loc_fffa9d10  ; je 0xfffa9d10

loc_fffa9cfa:  ; not directly referenced
mov al, byte [ebp - 0x88]
sub eax, 7
cmp al, 1
ja loc_fffa9f84  ; ja 0xfffa9f84
jmp near loc_fffa9fa3  ; jmp 0xfffa9fa3

loc_fffa9d10:  ; not directly referenced
cmp dword [ebp - 0xb4], 0
je loc_fffa9ddc  ; je 0xfffa9ddc
mov edi, dword [ebp - 0x7c]
mov al, 2
mov ecx, edi
mov ebx, edi
cmp cl, 2
cmovbe eax, ebx
xor ebx, ebx
imul edx, dword [ebp - 0x84], 0x13c3
movzx eax, al
add edx, dword [ebp - 0x80]
mov dword [ebp - 0xc8], eax
mov dword [ebp - 0x98], edx

loc_fffa9d4a:  ; not directly referenced
mov esi, dword [ebp - 0x98]
mov eax, 1
mov cl, bl
mov dl, bl
shl eax, cl
test byte [esi + 0x381b], al
je short loc_fffa9dcd  ; je 0xfffa9dcd
test byte [ebp - 0x9f], al
je short loc_fffa9dcd  ; je 0xfffa9dcd
mov eax, edx
mov edi, dword [ebp - 0xa8]
shr dl, 1
and eax, 1
movzx edx, dl
imul edx, edx, 0x128
imul eax, eax, 0x18
lea eax, [eax + edx + 0x1260]
movzx edx, byte [ebp - 0xdc]
lea edi, [edi + eax + 0xb]
mov eax, dword [ebp - 0xc8]
movzx esi, byte [ebp + eax - 0x6a]
mov ax, word [edi + 6]
push ecx
mov ecx, ebx
push 0
and eax, 0xfffffff0
or esi, eax
movzx eax, si
push eax
mov eax, dword [ebp - 0x80]
push 3
call fcn_fffacb43  ; call 0xfffacb43
add esp, 0x10
cmp byte [ebp - 0x9d], 0
je short loc_fffa9dcd  ; je 0xfffa9dcd
mov word [edi + 6], si

loc_fffa9dcd:  ; not directly referenced
inc ebx
cmp ebx, 4
jne loc_fffa9d4a  ; jne 0xfffa9d4a
jmp near loc_fffa9cfa  ; jmp 0xfffa9cfa

loc_fffa9ddc:  ; not directly referenced
cmp dword [ebp - 0xb0], 1
mov dword [ebp - 0x98], 0
sbb ebx, ebx
xor eax, eax
and ebx, 0xffffffe4
sub ebx, 7
cmp byte [ebp - 0x7c], 0
setne al
mov ax, word [ebp + eax*2 - 0x64]
mov word [ebp - 0xc8], ax
imul eax, dword [ebp - 0x84], 0x13c3
add eax, dword [ebp - 0x80]
mov dword [ebp - 0xd8], eax

loc_fffa9e1d:  ; not directly referenced
mov edi, dword [ebp - 0x98]
mov eax, 1
mov ecx, edi
mov edx, edi
shl eax, cl
mov ecx, dword [ebp - 0xd8]
test byte [ecx + 0x381b], al
je short loc_fffa9e9c  ; je 0xfffa9e9c
test byte [ebp - 0x9f], al
je short loc_fffa9e9c  ; je 0xfffa9e9c
mov ecx, edx
mov esi, dword [ebp - 0xa8]
shr dl, 1
and ecx, 1
movzx edx, dl
imul ecx, ecx, 0x18
imul edx, edx, 0x128
lea edx, [ecx + edx + 0x1260]
mov ecx, eax
mov eax, dword [ebp - 0x80]
lea edi, [esi + edx + 0xb]
mov esi, ebx
and si, word [edi + 2]
or esi, dword [ebp - 0xc8]
push edx
push edx
movzx edx, si
push edx
mov edx, dword [ebp - 0x84]
push 1
call fcn_fffa96cb  ; call 0xfffa96cb
add esp, 0x10
cmp byte [ebp - 0x9d], 0
je short loc_fffa9e9c  ; je 0xfffa9e9c
mov word [edi + 2], si

loc_fffa9e9c:  ; not directly referenced
inc dword [ebp - 0x98]
cmp dword [ebp - 0x98], 4
jne loc_fffa9e1d  ; jne 0xfffa9e1d
jmp near loc_fffa9cfa  ; jmp 0xfffa9cfa

loc_fffa9eb4:  ; not directly referenced
mov esi, dword [ebp - 0xb0]
mov dword [ebp - 0xb4], 0
cmp esi, 1
sbb eax, eax
mov dword [ebp - 0xd8], eax
add eax, 3
and word [ebp - 0xd8], 0x4bc
sub word [ebp - 0xd8], 0x701
cmp esi, 1
mov esi, dword [ebp - 0x7c]
sbb ebx, ebx
mov dword [ebp - 0xc8], ebx
mov dword [ebp - 0x98], ebx
and byte [ebp - 0xc8], 0xfe
and byte [ebp - 0x98], 0xfa
mov edx, esi
sar dx, 4
mov ecx, esi
add byte [ebp - 0xc8], 7
add byte [ebp - 0x98], 8
cmp byte [ebp - 0x88], 7
cmovne edx, ecx
cmp al, dl
cmova eax, edx
movzx eax, al
mov dword [ebp - 0xdc], eax
imul eax, dword [ebp - 0x84], 0x13c3
add eax, dword [ebp - 0x80]
mov dword [ebp - 0xe0], eax
mov eax, esi
and eax, 0xf
mov byte [ebp - 0xe4], al

loc_fffa9f52:  ; not directly referenced
mov edi, dword [ebp - 0xb4]
mov ebx, 1
mov esi, dword [ebp - 0xe0]
mov ecx, edi
mov eax, edi
shl ebx, cl
test byte [esi + 0x381b], bl
jne loc_fffaa063  ; jne 0xfffaa063

loc_fffa9f75:  ; not directly referenced
inc dword [ebp - 0xb4]
cmp dword [ebp - 0xb4], 4
jne short loc_fffa9f52  ; jne 0xfffa9f52

loc_fffa9f84:  ; not directly referenced
mov al, byte [ebp - 0x88]
sub eax, 0xa
cmp al, 1
setbe al
or al, byte [ebp - 0x9e]
jne loc_fffaa151  ; jne 0xfffaa151
jmp near loc_fffaa258  ; jmp 0xfffaa258

loc_fffa9fa3:  ; not directly referenced
cmp dword [ebp - 0xb4], 0
je loc_fffa9eb4  ; je 0xfffa9eb4
mov ebx, dword [ebp - 0x7c]
mov al, 2
cmp bl, 2
cmovbe eax, ebx
xor ebx, ebx
imul esi, dword [ebp - 0x84], 0x13c3
movzx eax, al
add esi, dword [ebp - 0x80]
mov dword [ebp - 0x84], eax
mov dword [ebp - 0x7c], esi

loc_fffa9fd6:  ; not directly referenced
mov edi, dword [ebp - 0x7c]
mov eax, 1
mov cl, bl
mov dl, bl
shl eax, cl
test byte [edi + 0x381b], al
je short loc_fffaa054  ; je 0xfffaa054
test byte [ebp - 0x9f], al
je short loc_fffaa054  ; je 0xfffaa054
mov al, bl
and edx, 1
mov ecx, dword [ebp - 0xa8]
shr al, 1
mov esi, dword [ebp - 0x84]
movzx eax, al
imul edx, edx, 0x18
imul eax, eax, 0x128
movzx esi, byte [ebp + esi - 0x67]
add eax, edx
movzx edx, byte [ebp - 0xdc]
lea edi, [ecx + eax + 0x1260]
mov ax, word [edi + 0x19]
push ecx
mov ecx, ebx
push 0
and eax, 0xfffffffc
or esi, eax
movzx eax, si
push eax
mov eax, dword [ebp - 0x80]
push 0xb
call fcn_fffacb43  ; call 0xfffacb43
add esp, 0x10
cmp byte [ebp - 0x9d], 0
je short loc_fffaa054  ; je 0xfffaa054
mov word [edi + 0x19], si

loc_fffaa054:  ; not directly referenced
inc ebx
cmp ebx, 4
jne loc_fffa9fd6  ; jne 0xfffa9fd6
jmp near loc_fffaa4a1  ; jmp 0xfffaa4a1

loc_fffaa063:  ; not directly referenced
test byte [ebp - 0x9f], bl
je loc_fffa9f75  ; je 0xfffa9f75
mov edx, eax
mov edi, dword [ebp - 0xa8]
mov ecx, ebx
shr al, 1
and edx, 1
movzx eax, al
imul edx, edx, 0x18
imul eax, eax, 0x128
lea eax, [edx + eax + 0x1260]
lea edi, [edi + eax + 0xb]
mov eax, dword [ebp - 0xdc]
mov si, word [ebp + eax*2 - 0x58]
mov ax, word [edi + 4]
push edx
push edx
mov edx, dword [ebp - 0x84]
shl esi, 9
and ah, 0xf9
or esi, eax
movzx eax, si
push eax
mov eax, dword [ebp - 0x80]
push 2
call fcn_fffa96cb  ; call 0xfffa96cb
add esp, 0x10
cmp byte [ebp - 0x9d], 0
je short loc_fffaa0d2  ; je 0xfffaa0d2
mov word [edi + 4], si

loc_fffaa0d2:  ; not directly referenced
cmp byte [ebp - 0xa0], 8
je loc_fffa9f75  ; je 0xfffa9f75
mov esi, dword [ebp - 0xc8]
mov al, byte [ebp - 0xe4]
mov ecx, esi
cmp cl, al
cmova esi, eax
cmp dword [ebp - 0xb0], 0
mov eax, esi
movzx eax, al
je short loc_fffaa107  ; je 0xfffaa107
movzx eax, word [ebp + eax*2 - 0x28]
jmp short loc_fffaa10c  ; jmp 0xfffaa10c

loc_fffaa107:  ; not directly referenced
movzx eax, word [ebp + eax*2 - 0x44]

loc_fffaa10c:  ; not directly referenced
mov cl, byte [ebp - 0x98]
mov esi, dword [ebp - 0xd8]
and si, word [edi + 2]
mov edx, dword [ebp - 0x84]
shl eax, cl
mov ecx, ebx
or esi, eax
push eax
push eax
movzx eax, si
push eax
mov eax, dword [ebp - 0x80]
push 1
call fcn_fffa96cb  ; call 0xfffa96cb
add esp, 0x10
cmp byte [ebp - 0x9d], 0
je loc_fffa9f75  ; je 0xfffa9f75
mov word [edi + 2], si
jmp near loc_fffa9f75  ; jmp 0xfffa9f75

loc_fffaa151:  ; not directly referenced
mov ecx, dword [ebp - 0x88]
cmp cl, 0xb
sete al
movzx edi, al
setne al
movzx eax, al
lea edi, [edi*8 + 7]
lea eax, [eax*8 - 0x10]
cmp word [ebp - 0x7c], di
jg short loc_fffaa183  ; jg 0xfffaa183
mov edi, dword [ebp - 0x7c]
cmp ax, di
cmovge edi, eax

loc_fffaa183:  ; not directly referenced
mov eax, dword [ebp - 0x9c]
cmp byte [ebp - 0x88], 0xa
mov ebx, dword [eax + 0x4c]
mov esi, dword [eax + 0x50]
jne short loc_fffaa1b9  ; jne 0xfffaa1b9
mov eax, edi
and ebx, 0xfffe01ff
and eax, 0xf
and esi, 0xfffe01ff
mov edx, eax
shl edx, 9
shl eax, 0xd
or ebx, edx
or ebx, eax
or esi, edx
jmp short loc_fffaa1cf  ; jmp 0xfffaa1cf

loc_fffaa1b9:  ; not directly referenced
cmp byte [ebp - 0x88], 0xb
jne short loc_fffaa1d1  ; jne 0xfffaa1d1
mov eax, edi
and ebx, 0xffffffe0
and eax, 0x1f
and esi, 0xffffffe0
or ebx, eax

loc_fffaa1cf:  ; not directly referenced
or esi, eax

loc_fffaa1d1:  ; not directly referenced
cmp byte [ebp - 0xac], 0
je short loc_fffaa1e6  ; je 0xfffaa1e6
mov eax, dword [ebp - 0x9c]
mov dword [eax + 0x4c], ebx
mov dword [eax + 0x50], esi

loc_fffaa1e6:  ; not directly referenced
mov eax, dword [ebp - 0x84]
mov ecx, ebx
shl eax, 8
lea edx, [eax + 0x1404]
mov dword [ebp - 0x7c], eax
mov eax, dword [ebp - 0x80]
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp - 0x7c]
mov ecx, ebx
lea edx, [eax + 0x1a04]
mov eax, dword [ebp - 0x80]
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp - 0x7c]
mov ecx, ebx
mov ebx, dword [ebp - 0x80]
lea edx, [eax + 0x1204]
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp - 0x7c]
mov ecx, esi
lea edx, [eax + 0x3414]
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp - 0xa4]
mov edx, 0x2008
mov ecx, dword [eax + 0x18]
mov eax, ebx
or ecx, 0x20
call fcn_fffb3381  ; call 0xfffb3381
mov word [ebp - 0x7c], di

loc_fffaa258:  ; not directly referenced
cmp byte [ebp - 0x88], 0xf
mov al, byte [ebp - 0x9e]
sete dl
or al, dl
je loc_fffaa332  ; je 0xfffaa332
mov ecx, dword [ebp - 0x7c]
mov eax, 0xfffffff8
mov ebx, 7
cmp cx, 0xfff8
cmovge eax, ecx
cmp ax, 7
cmovg eax, ebx
mov word [ebp - 0x7c], ax
mov eax, dword [ebp - 0xa4]
mov ebx, dword [eax + 0xc]
test dl, dl
je short loc_fffaa2e6  ; je 0xfffaa2e6
cmp byte [ebp - 0xb8], 1
jne short loc_fffaa2ce  ; jne 0xfffaa2ce
mov eax, dword [ebp - 0x80]
cmp dword [eax + 0x3757], 2
jne short loc_fffaa2ce  ; jne 0xfffaa2ce
mov edx, 0x3a14
call fcn_fffb331f  ; call 0xfffb331f
mov esi, dword [ebp - 0x7c]
shr eax, 0x14
and eax, 0xf
cmp si, ax
cmovge eax, esi
mov word [ebp - 0x7c], ax

loc_fffaa2ce:  ; not directly referenced
mov eax, dword [ebp - 0x7c]
and ebx, 0xf00fffff
and eax, 0xf
mov edx, eax
shl edx, 0x14
shl eax, 0x18
or ebx, edx
or ebx, eax

loc_fffaa2e6:  ; not directly referenced
cmp byte [ebp - 0xac], 0
je short loc_fffaa2f8  ; je 0xfffaa2f8
mov eax, dword [ebp - 0xa4]
mov dword [eax + 0xc], ebx

loc_fffaa2f8:  ; not directly referenced
mov edi, dword [ebp - 0x80]
mov ecx, ebx
mov edx, 0x3a14
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
mov edx, 0x5f08
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x5f08
or ah, 1
mov ecx, eax
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
mov edx, 0x78
mov eax, edi
call fcn_fffa82f9  ; call 0xfffa82f9

loc_fffaa332:  ; not directly referenced
cmp byte [ebp - 0x88], 0xc
mov cl, byte [ebp - 0x9e]
sete al
or cl, al
je loc_fffaa4a1  ; je 0xfffaa4a1
test al, al
je short loc_fffaa356  ; je 0xfffaa356
mov bl, byte [ebp - 0x7c]
and ebx, 3
jmp short loc_fffaa362  ; jmp 0xfffaa362

loc_fffaa356:  ; not directly referenced
mov eax, dword [ebp - 0x9c]
mov bl, byte [eax + 0xb4]

loc_fffaa362:  ; not directly referenced
cmp byte [ebp - 0xac], 0
je short loc_fffaa377  ; je 0xfffaa377
mov eax, dword [ebp - 0x9c]
mov byte [eax + 0xb4], bl

loc_fffaa377:  ; not directly referenced
mov esi, dword [ebp - 0x84]
and ebx, 3
mov eax, dword [ebp - 0x80]
shl ebx, 0xd
shl esi, 8
lea edi, [esi + 0x140c]
mov edx, edi
call fcn_fffb331f  ; call 0xfffb331f
mov edx, edi
lea edi, [esi + 0x1a0c]
add esi, 0x121c
and ah, 0x9f
or eax, ebx
mov ecx, eax
mov eax, dword [ebp - 0x80]
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp - 0x80]
mov edx, edi
call fcn_fffb331f  ; call 0xfffb331f
mov edx, edi
mov edi, dword [ebp - 0x80]
and ah, 0x9f
or eax, ebx
mov ecx, eax
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
mov edx, esi
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov edx, esi
and ah, 0x9f
or eax, ebx
mov ecx, eax
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp - 0xa4]
mov edx, 0x2008
mov ecx, dword [eax + 0x18]
mov eax, edi
or ecx, 0x20
call fcn_fffb3381  ; call 0xfffb3381
jmp near loc_fffaa4a1  ; jmp 0xfffaa4a1

loc_fffaa406:  ; not directly referenced
cmp byte [ebp - 0x88], 1
jne short loc_fffaa426  ; jne 0xfffaa426
mov eax, esi
and ebx, 0xffc00fff
and eax, 0x1f
mov edx, eax
shl edx, 0xc
shl eax, 0x11
or ebx, edx
jmp short loc_fffaa452  ; jmp 0xfffaa452

loc_fffaa426:  ; not directly referenced
test al, al
je short loc_fffaa43a  ; je 0xfffaa43a
mov eax, esi
and ebx, 0xf83fffff
and eax, 0x1f
shl eax, 0x16
jmp short loc_fffaa452  ; jmp 0xfffaa452

loc_fffaa43a:  ; not directly referenced
cmp byte [ebp - 0x88], 2
jne loc_fffa9909  ; jne 0xfffa9909
mov eax, esi
and ebx, 0x7ffffff
shl eax, 0x1b

loc_fffaa452:  ; not directly referenced
or ebx, eax
jmp near loc_fffa9909  ; jmp 0xfffa9909

loc_fffaa459:  ; not directly referenced
cmp byte [ebp - 0xd8], 8
jbe short loc_fffaa476  ; jbe 0xfffaa476
mov edx, dword [ebp - 0x84]
shl edx, 8
add edx, 0x305c
jmp near loc_fffa991b  ; jmp 0xfffa991b

loc_fffaa476:  ; not directly referenced
mov eax, dword [ebp - 0x84]
shl ecx, 9
shl eax, 8
lea edx, [eax + ecx + 0x5c]
jmp near loc_fffa991b  ; jmp 0xfffa991b

loc_fffaa48b:  ; not directly referenced
mov word [ebp - 0x7c], 0x3f
jmp near loc_fffa9bdd  ; jmp 0xfffa9bdd

loc_fffaa496:  ; not directly referenced
mov word [ebp - 0x7c], 7
jmp near loc_fffa9bdd  ; jmp 0xfffa9bdd

loc_fffaa4a1:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffaa4a9:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
xor esi, esi
push ebx
mov ebx, eax
sub esp, 0x2c
mov edi, dword [eax + 0x2444]
call dword [edi + 0x54]  ; ucall
add eax, 0x2710
mov dword [ebp - 0x2c], eax

loc_fffaa4c7:  ; not directly referenced
imul eax, esi, 0x13c3
mov dword [ebp + esi*4 - 0x28], 0
cmp dword [ebx + eax + 0x3757], 2
jne short loc_fffaa531  ; jne 0xfffaa531
cmp dword [ebx + 0x188b], 0
je short loc_fffaa531  ; je 0xfffaa531
xor ecx, ecx
mov edx, esi
mov eax, ebx
call fcn_fffa7236  ; call 0xfffa7236
mov edx, eax
mov eax, ebx
call fcn_fffb331f  ; call 0xfffb331f
mov dword [ebp + esi*4 - 0x20], eax
test eax, 0x1000000
je short loc_fffaa531  ; je 0xfffaa531
and eax, 0xfeffffff
mov ecx, 0xff
mov dword [ebp - 0x30], eax
mov edx, esi
mov eax, ebx
mov dword [ebp + esi*4 - 0x28], 1
call fcn_fffa7236  ; call 0xfffa7236
mov ecx, dword [ebp - 0x30]
mov edx, eax
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381

loc_fffaa531:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffaa4c7  ; jne 0xfffaa4c7
mov edx, 0x5030
mov eax, ebx
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x5030
or eax, 0x800000
mov ecx, eax
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381

loc_fffaa556:  ; not directly referenced
mov edx, 0x5030
mov eax, ebx
call fcn_fffb331f  ; call 0xfffb331f
shr eax, 0x10
test al, al
jns short loc_fffaa578  ; jns 0xfffaa578
call dword [edi + 0x54]  ; ucall
cmp dword [ebp - 0x2c], eax
ja short loc_fffaa556  ; ja 0xfffaa556
mov edi, 1
jmp short loc_fffaa57a  ; jmp 0xfffaa57a

loc_fffaa578:  ; not directly referenced
xor edi, edi

loc_fffaa57a:  ; not directly referenced
xor esi, esi

loc_fffaa57c:  ; not directly referenced
cmp dword [ebp + esi*4 - 0x28], 0
je short loc_fffaa59e  ; je 0xfffaa59e
mov ecx, 0xff
mov edx, esi
mov eax, ebx
call fcn_fffa7236  ; call 0xfffa7236
mov ecx, dword [ebp + esi*4 - 0x20]
mov edx, eax
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381

loc_fffaa59e:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffaa57c  ; jne 0xfffaa57c
mov eax, edi
add esp, 0x2c
neg eax
pop ebx
and eax, 0x12
pop esi
pop edi
pop ebp
ret

fcn_fffaa5b3:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
push ebx
add esp, 0xffffff80
mov al, byte [ebp + 0xc]
mov ebx, dword [edi + 0x2444]
push 1
mov esi, dword [edi + 0x5edd]
push 8
mov byte [ebp - 0x6a], al
mov eax, dword [edi + 0x188b]
mov dword [ebp - 0x64], edx
mov dword [ebp - 0x54], ecx
mov byte [ebp - 0x50], dl
mov dword [ebp - 0x78], eax
lea eax, [ebp - 0x38]
push eax
mov byte [ebp - 0x4e], cl
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 8
lea eax, [ebp - 0x30]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 9
push 8
lea eax, [ebp - 0x28]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 2
lea eax, [ebp - 0x20]
push eax
call dword [ebx + 0x64]  ; ucall
add esp, 0x10
cmp byte [ebp - 0x54], 1
jne short loc_fffaa648  ; jne 0xfffaa648
mov byte [ebp - 0x35], 0xa
mov byte [ebp - 0x36], 0x13
mov byte [ebp - 0x37], 0x19
mov byte [ebp - 0x38], 0x19
mov byte [ebp - 0x2d], 0xa
mov byte [ebp - 0x2e], 0xa
mov byte [ebp - 0x25], 0x3f
mov byte [ebp - 0x26], 0x3f
jmp near loc_fffaa6d0  ; jmp 0xfffaa6d0

loc_fffaa648:  ; not directly referenced
mov eax, dword [ebp - 0x54]
cmp al, 2
je short loc_fffaa6ca  ; je 0xfffaa6ca
cmp al, 5
jne short loc_fffaa659  ; jne 0xfffaa659

loc_fffaa653:  ; not directly referenced
mov byte [ebp - 0x4d], 8
jmp short loc_fffaa6d4  ; jmp 0xfffaa6d4

loc_fffaa659:  ; not directly referenced
mov eax, dword [ebp - 0x54]
cmp al, 6
je short loc_fffaa6d0  ; je 0xfffaa6d0
cmp al, 9
jne short loc_fffaa68b  ; jne 0xfffaa68b
mov ebx, dword [ebp - 0x64]
movzx eax, bl
and bl, 1
je short loc_fffaa678  ; je 0xfffaa678
mov edx, dword [esi + 0xbc]
mov dword [ebp - 0x20], edx

loc_fffaa678:  ; not directly referenced
mov byte [ebp - 0x4d], 2
test al, 2
je short loc_fffaa6d4  ; je 0xfffaa6d4
mov eax, dword [esi + 0x188]
mov dword [ebp - 0x1c], eax
jmp short loc_fffaa6d4  ; jmp 0xfffaa6d4

loc_fffaa68b:  ; not directly referenced
cmp byte [ebp - 0x54], 0xa
mov byte [ebp - 0x4d], 1
jne short loc_fffaa6d4  ; jne 0xfffaa6d4
mov eax, dword [ebp - 0x64]
movzx edx, al
test al, 1
je short loc_fffaa6b1  ; je 0xfffaa6b1
mov eax, dword [esi + 0xbc]
mov dword [ebp - 0x20], eax
shr eax, 0xf
and eax, 0xf
mov byte [ebp - 0x3a], al

loc_fffaa6b1:  ; not directly referenced
and dl, 2
je short loc_fffaa653  ; je 0xfffaa653
mov eax, dword [esi + 0x188]
mov dword [ebp - 0x1c], eax
shr eax, 0xf
and eax, 0xf
mov byte [ebp - 0x39], al
jmp short loc_fffaa653  ; jmp 0xfffaa653

loc_fffaa6ca:  ; not directly referenced
mov byte [ebp - 0x4d], 7
jmp short loc_fffaa6d4  ; jmp 0xfffaa6d4

loc_fffaa6d0:  ; not directly referenced
mov byte [ebp - 0x4d], 4

loc_fffaa6d4:  ; not directly referenced
movzx eax, byte [ebp - 0x50]
mov dword [ebp - 0x4c], 0
mov byte [ebp - 0x69], 0
mov dword [ebp - 0x68], eax
movzx eax, byte [ebp - 0x4d]
mov dword [ebp - 0x80], eax

loc_fffaa6ed:  ; not directly referenced
mov ebx, dword [ebp - 0x4c]
mov byte [ebp - 0x4f], bl
mov bl, byte [ebp + ebx - 0x38]
movzx eax, bl
dec eax
call fcn_fffb396b  ; call 0xfffb396b
cmp bl, 0x1f
jbe short loc_fffaa74e  ; jbe 0xfffaa74e
mov ebx, dword [ebp - 0x4c]
mov byte [ebp + ebx - 0x38], al

loc_fffaa70c:  ; not directly referenced
mov cl, byte [ebp - 0x4f]
mov dword [ebp - 0x58], 0x4004
mov dword [ebp - 0x60], 0x4917
mov al, cl
shl eax, 4
add eax, ecx
cmp cl, 4
movzx eax, al
mov dword [ebp - 0x7c], eax
sbb eax, eax
xor ebx, ebx
and eax, 0x1f
mov dword [ebp - 0x70], eax
mov al, cl
and eax, 3
mov byte [ebp - 0x6b], al
add eax, 4
or dword [ebp - 0x70], 0x80
mov byte [ebp - 0x6c], al
jmp short loc_fffaa75a  ; jmp 0xfffaa75a

loc_fffaa74e:  ; not directly referenced
mov eax, dword [ebp - 0x4c]
add ebx, 0x20
mov byte [ebp + eax - 0x38], bl
jmp short loc_fffaa70c  ; jmp 0xfffaa70c

loc_fffaa75a:  ; not directly referenced
mov eax, dword [ebp - 0x68]
bt eax, ebx
jae loc_fffaa916  ; jae 0xfffaa916
mov eax, dword [ebp - 0x58]
lea edx, [eax + 0x94]
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
shr eax, 0xc
and eax, 1
cmp byte [ebp - 0x4e], 1
mov byte [ebp - 0x69], al
jne short loc_fffaa7f5  ; jne 0xfffaa7f5
mov edx, dword [ebp - 0x4c]
mov dword [ebp - 0x5c], ebx
movzx ecx, byte [ebp + edx - 0x30]
movzx eax, byte [ebp + edx - 0x28]
mov dl, byte [ebp + edx - 0x38]
and ecx, 0x3f
and eax, 0x3f
shl eax, 0x10
mov ebx, edx
shl ecx, 8
and ebx, 0x1f
or ecx, eax
mov eax, dword [ebp - 0x58]
shr dl, 5
or ecx, ebx
and edx, 1
shl edx, 5
or ecx, edx
lea edx, [eax + 0x1fc]
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
mov edx, dword [ebp - 0x4c]
mov eax, 1
mov ecx, dword [ebp + 8]
mov ebx, dword [ebp - 0x5c]
movzx ecx, byte [ecx + edx]
lea edx, [ebx*4 + 0x4980]
shl eax, cl
cmp dword [ebp - 0x78], 1
lea ecx, [edx + 0x20]
cmove edx, ecx
mov ecx, eax
jmp near loc_fffaa892  ; jmp 0xfffaa892

loc_fffaa7f5:  ; not directly referenced
cmp byte [ebp - 0x4e], 2
jne short loc_fffaa815  ; jne 0xfffaa815
sub esp, 0xc
mov ecx, dword [ebp - 0x80]
mov edx, ebx
push dword [ebp - 0x4c]
mov eax, edi
call fcn_fffaca06  ; call 0xfffaca06
add esp, 0x10
jmp near loc_fffaa916  ; jmp 0xfffaa916

loc_fffaa815:  ; not directly referenced
mov al, byte [ebp - 0x4e]
sub eax, 5
cmp al, 1
ja short loc_fffaa89b  ; ja 0xfffaa89b
mov eax, dword [ebp - 0x60]
mov ecx, dword [ebp - 0x7c]
lea edx, [eax - 0x6c]
mov eax, edi
call fcn_fffb335b  ; call 0xfffb335b
cmp byte [ebp - 0x4e], 5
jne short loc_fffaa84e  ; jne 0xfffaa84e
mov cl, byte [ebp - 0x4f]
cmp cl, 7
setne al
test cl, cl
setne cl
movzx ecx, cl
mov dword [ebp - 0x5c], ecx
and dword [ebp - 0x5c], eax
jmp short loc_fffaa85a  ; jmp 0xfffaa85a

loc_fffaa84e:  ; not directly referenced
xor eax, eax
test byte [ebp - 0x4f], 0xfd
setne al
mov dword [ebp - 0x5c], eax

loc_fffaa85a:  ; not directly referenced
mov edx, dword [ebp - 0x60]
mov eax, edx
sub eax, 7
mov dword [ebp - 0x74], eax
mov al, byte [ebp - 0x5c]
lea ecx, [eax - 0x80]
mov eax, edi
movzx ecx, cl
call fcn_fffb335b  ; call 0xfffb335b
mov edx, dword [ebp - 0x74]
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov ecx, dword [ebp - 0x5c]
mov edx, dword [ebp - 0x74]
sub ecx, 0xffffff80
shl ecx, 0xc
and eax, 0xfff00fff
or ecx, eax

loc_fffaa892:  ; not directly referenced
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
jmp short loc_fffaa916  ; jmp 0xfffaa916

loc_fffaa89b:  ; not directly referenced
cmp byte [ebp - 0x4e], 9
jne short loc_fffaa8c6  ; jne 0xfffaa8c6
cmp byte [ebp - 0x4f], 1
mov al, byte [ebp + ebx*4 - 0x1f]
sbb edx, edx
add edx, 5
and edx, 7
and eax, 0xffffff8f
shl edx, 4
or eax, edx
mov edx, dword [ebp - 0x58]
mov byte [ebp + ebx*4 - 0x1f], al
mov ecx, dword [ebp + ebx*4 - 0x20]
jmp short loc_fffaa892  ; jmp 0xfffaa892

loc_fffaa8c6:  ; not directly referenced
cmp byte [ebp - 0x4e], 0xa
jne short loc_fffaa916  ; jne 0xfffaa916
mov dl, byte [ebp - 0x6c]
mov al, byte [ebp + ebx*4 - 0x1f]
and edx, 7
shl edx, 4
and eax, 0xffffff8f
or eax, edx
mov byte [ebp + ebx*4 - 0x1f], al
mov al, byte [ebp - 0x6b]
add al, byte [ebp + ebx - 0x3a]
mov ecx, dword [ebp + ebx*4 - 0x20]
and eax, 0xf
shl eax, 0xf
and ecx, 0xfff87fff
or ecx, eax
mov eax, edi
mov dword [ebp + ebx*4 - 0x20], ecx
mov edx, dword [ebp - 0x58]
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, dword [ebp - 0x70]
mov eax, edi
mov edx, dword [ebp - 0x60]
call fcn_fffb335b  ; call 0xfffb335b

loc_fffaa916:  ; not directly referenced
inc ebx
add dword [ebp - 0x60], 8
add dword [ebp - 0x58], 0x400
cmp ebx, 2
jne loc_fffaa75a  ; jne 0xfffaa75a
mov eax, edi
call fcn_fffaa4a9  ; call 0xfffaa4a9
mov ecx, 1
cmp byte [ebp - 0x4f], 0
sete dl
cmp byte [ebp - 0x6a], 0
setne al
test dl, al
mov eax, 5
cmovne ecx, eax
mov edx, 0x4800
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381

loc_fffaa95b:  ; not directly referenced
mov edx, 0x4804
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov cl, byte [ebp - 0x50]
mov edx, eax
mov ebx, eax
shr edx, 0x10
shr eax, 0x10
and edx, 2
and eax, 1
or eax, edx
and eax, ecx
cmp al, cl
jne short loc_fffaa95b  ; jne 0xfffaa95b
mov edx, ebx
mov al, bl
and edx, 2
and eax, 1
or eax, edx
test cl, al
je short loc_fffaa998  ; je 0xfffaa998
cmp byte [ebp - 0x69], 0
jne short loc_fffaa9e1  ; jne 0xfffaa9e1

loc_fffaa998:  ; not directly referenced
inc dword [ebp - 0x4c]
mov al, byte [ebp - 0x4c]
cmp byte [ebp - 0x4d], al
ja loc_fffaa6ed  ; ja 0xfffaa6ed
mov al, byte [ebp - 0x54]
sub eax, 9
cmp al, 1
ja short loc_fffaa9e1  ; ja 0xfffaa9e1
test byte [ebp - 0x68], 1
je short loc_fffaa9c9  ; je 0xfffaa9c9
mov ecx, dword [esi + 0xbc]
mov edx, 0x4004
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381

loc_fffaa9c9:  ; not directly referenced
test byte [ebp - 0x68], 2
je short loc_fffaa9e1  ; je 0xfffaa9e1
mov ecx, dword [esi + 0x188]
mov edx, 0x4404
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381

loc_fffaa9e1:  ; not directly referenced
mov al, byte [ebp - 0x64]
lea esp, [ebp - 0xc]
and eax, ebx
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffaa9ee:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
lea esi, [eax + 0x3757]
mov dword [ebp - 0x2c], eax
mov eax, dword [eax + 0x5edd]
mov byte [ebp - 0x1f], dl
mov dword [ebp - 0x28], esi
mov dword [ebp - 0x24], 0
mov dword [ebp - 0x1c], eax
add eax, 0x1c
mov dword [ebp - 0x30], eax
movzx eax, dl
mov dword [ebp - 0x34], eax

loc_fffaaa22:  ; not directly referenced
mov eax, dword [ebp - 0x28]
cmp dword [eax], 2
je short loc_fffaaa49  ; je 0xfffaaa49

loc_fffaaa2a:  ; not directly referenced
inc dword [ebp - 0x24]
add dword [ebp - 0x28], 0x13c3
add dword [ebp - 0x30], 0xcc
cmp dword [ebp - 0x24], 2
jne short loc_fffaaa22  ; jne 0xfffaaa22
add esp, 0x2c
pop ebx
pop esi
pop edi
pop ebp
ret

loc_fffaaa49:  ; not directly referenced
mov byte [ebp - 0x1c], 0

loc_fffaaa4d:  ; not directly referenced
mov esi, dword [ebp - 0x2c]
mov cl, byte [ebp - 0x1c]
cmp cl, byte [esi + 0x2489]
jae short loc_fffaaa2a  ; jae 0xfffaaa2a
mov esi, dword [ebp - 0x28]
movzx edx, cl
mov ebx, 0x200
xor ecx, ecx
mov word [ebp - 0x1e], 0
mov al, byte [esi + 0xc4]
lea esi, [esi + edx*2]

loc_fffaaa77:  ; not directly referenced
mov edi, 1
shl edi, cl
mov edx, edi
test al, dl
je short loc_fffaaaa3  ; je 0xfffaaaa3
imul edi, ecx, 0x12
mov dx, word [ebp - 0x1e]
movzx edi, word [esi + edi + 0x1b1]
cmp dx, di
cmovb edx, edi
cmp bx, di
mov word [ebp - 0x1e], dx
cmova ebx, edi

loc_fffaaaa3:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffaaa77  ; jne 0xfffaaa77
mov eax, dword [ebp - 0x2c]
mov dx, word [ebp - 0x1e]
movzx ecx, word [eax + 0x248a]
mov eax, 0x13880
shr dx, 6
lea edi, [edx + 1]
xor edx, edx
movzx edi, di
div ecx
mov edx, 0x80
mov ecx, dword [ebp - 0x34]
cmp eax, 0x7f
cmova edx, eax
mov al, 6
sub ebx, edx
mov dl, 0xfc
shr ebx, 6
sub bl, byte [ebp - 0x1f]
cmp bl, 6
cmovle eax, ebx
mov ebx, 7
cmp al, 0xfc
cmovge edx, eax
movsx eax, dl
sub edi, eax
lea eax, [edi + ecx - 1]
movzx ecx, byte [ebp - 0x1c]
mov edi, dword [ebp - 0x30]
cmp eax, 7
cmovle ebx, eax
and edx, 0xf
mov esi, edx
shl edx, 5
lea edi, [edi + ecx*4]
mov byte [ebp - 0x1e], dl
mov dl, byte [edi + 5]
and edx, 0x1f
or dl, byte [ebp - 0x1e]
mov byte [edi + 5], dl
mov edx, esi
shr dl, 3
mov byte [ebp - 0x1e], dl
xor edx, edx
test ebx, ebx
cmovns edx, ebx
mov bl, dl
and ebx, 7
lea edx, [ebx + ebx]
or dl, byte [ebp - 0x1e]
shl esi, 4
or edx, esi
mov esi, dword [ebp - 0x2c]
mov byte [edi + 6], dl
mov dl, byte [edi + 7]
mov eax, esi
and edx, 0xfffffff8
or edx, ebx
mov byte [edi + 7], dl
mov edx, dword [ebp - 0x24]
call fcn_fffa71f9  ; call 0xfffa71f9
mov ecx, dword [edi + 4]
mov edx, eax
mov eax, esi
call fcn_fffb3381  ; call 0xfffb3381
inc byte [ebp - 0x1c]
jmp near loc_fffaaa4d  ; jmp 0xfffaaa4d

fcn_fffaab72:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, edx
push esi
push ebx
mov ebx, eax
sub esp, 0xc
mov eax, dword [eax + 0x5edd]
mov esi, dword [ebx + 0x1887]
mov dword [ebp - 0x14], edx
mov dword [ebp - 0x10], ecx
mov edx, dword [eax + 4]
xor eax, eax

loc_fffaab96:  ; not directly referenced
lea ecx, [edx + eax]
mov dword [ebp - 0x18], ecx
mov ecx, edi
cmp cl, byte [edx + eax]
jne short loc_fffaabb0  ; jne 0xfffaabb0
mov eax, dword [ebp - 0x10]
mov edi, dword [ebp - 0x18]
mov ax, word [edi + eax*2 + 1]
jmp short loc_fffaabba  ; jmp 0xfffaabba

loc_fffaabb0:  ; not directly referenced
add eax, 7
cmp eax, 0x4d
jne short loc_fffaab96  ; jne 0xfffaab96
xor al, al

loc_fffaabba:  ; not directly referenced
cmp esi, 0x306d0
sete cl
cmp esi, 0x40650
sete dl
or cl, dl
je short loc_fffaac15  ; je 0xfffaac15
cmp dword [ebx + 0x2481], 1
jne short loc_fffaac15  ; jne 0xfffaac15
cmp byte [ebp - 0x14], 5
sete cl
cmp byte [ebp - 0x10], 2
setne dl
test cl, dl
je short loc_fffaac15  ; je 0xfffaac15
cmp dword [ebx + 0x3757], 2
jne short loc_fffaabfd  ; jne 0xfffaabfd
cmp byte [ebx + 0x49bf], 5
je short loc_fffaac0f  ; je 0xfffaac0f

loc_fffaabfd:  ; not directly referenced
cmp dword [ebx + 0x4b1a], 2
jne short loc_fffaac4e  ; jne 0xfffaac4e
cmp byte [ebx + 0x5d82], 5
jne short loc_fffaac4e  ; jne 0xfffaac4e

loc_fffaac0f:  ; not directly referenced
add ax, 0xc8
jmp short loc_fffaac4e  ; jmp 0xfffaac4e

loc_fffaac15:  ; not directly referenced
cmp dword [ebx + 0x188b], 1
jne short loc_fffaac4e  ; jne 0xfffaac4e
cmp dword [ebx + 0x2481], 1
jne short loc_fffaac4e  ; jne 0xfffaac4e
mov edi, dword [ebp - 0x10]
cmp byte [ebp - 0x14], 0xc
mov ebx, edi
sete cl
cmp bl, 2
setne dl
test cl, dl
je short loc_fffaac4e  ; je 0xfffaac4e
dec bl
mov edx, 0x78
mov ecx, 0x50
cmovne edx, ecx
add eax, edx

loc_fffaac4e:  ; not directly referenced
add esp, 0xc
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffaac56:  ; not directly referenced
push ebp
mov ecx, 3
mov ebp, esp
push edi
push esi
mov esi, ref_fffd3720  ; mov esi, 0xfffd3720
push ebx
mov ebx, eax
sub esp, 0xc0
lea edi, [ebp - 0x80]
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea edi, [ebp - 0x74]
mov esi, ref_fffd372c  ; mov esi, 0xfffd372c
mov dword [ebp - 0x8c], eax
mov cl, 3
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea edi, [ebp - 0x68]
mov esi, ref_fffd3738  ; mov esi, 0xfffd3738
mov cl, 3
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea edi, [ebp - 0x5c]
mov esi, ref_fffd3744  ; mov esi, 0xfffd3744
mov cl, 3
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea edi, [ebp - 0x50]
mov esi, ref_fffd3750  ; mov esi, 0xfffd3750
mov cl, 3
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea edi, [ebp - 0x44]
mov esi, ref_fffd375c  ; mov esi, 0xfffd375c
mov cl, 3
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov edi, dword [eax + 0x5edd]
mov edx, edi
mov dword [ebp - 0x9c], edi
mov edi, dword [eax + 0x2444]
mov al, byte [eax + 0x2489]
mov esi, edi
mov dword [ebp - 0xa0], edi
movzx edi, byte [ebx + 0x248f]
mov byte [ebp - 0x95], al
mov eax, edx
push 0
add eax, 0x1bc
push 8
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
mov edx, 0x3a1c
mov eax, ebx
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x3a1c
mov ecx, eax
mov esi, eax
and ecx, 0xfffe003f
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov edx, 0x5f08
mov eax, ebx
mov dword [ebp - 0x8c], ebx
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x5f08
mov ebx, eax
mov eax, dword [ebp - 0x8c]
or bh, 1
mov ecx, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp - 0x8c]
mov edx, 0x78
call fcn_fffa82f9  ; call 0xfffa82f9
mov eax, dword [ebp - 0x8c]
mov edx, 0x3a00
call fcn_fffb331f  ; call 0xfffb331f
mov ecx, esi
mov esi, dword [ebp - 0x8c]
mov dword [ebp - 0x94], eax
mov eax, dword [ebp - 0x8c]
shr dword [ebp - 0x94], 0xf
and dword [ebp - 0x94], 0x1f
mov ax, word [eax + 0x1904]
shr ax, 7
movzx edx, ax
mov eax, esi
mov dword [ebp - 0xa8], edx
mov edx, 0x3a1c
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, ebx
mov edx, 0x5f08
mov eax, esi
call fcn_fffb3381  ; call 0xfffb3381
mov edx, 0x78
mov eax, esi
call fcn_fffa82f9  ; call 0xfffa82f9
mov edx, 0x2008
mov eax, esi
call fcn_fffb331f  ; call 0xfffb331f
add esp, 0x10
test ah, 4
mov eax, edi
je short loc_fffaade0  ; je 0xfffaade0
cmp al, 3
je short loc_fffaadf4  ; je 0xfffaadf4
lea eax, [ebp - 0x74]
mov edx, eax
lea eax, [ebp - 0x68]
jmp short loc_fffaadec  ; jmp 0xfffaadec

loc_fffaade0:  ; not directly referenced
cmp al, 3
je short loc_fffaadf9  ; je 0xfffaadf9
lea eax, [ebp - 0x50]
mov edx, eax
lea eax, [ebp - 0x44]

loc_fffaadec:  ; not directly referenced
and edi, 1
cmovne eax, edx
jmp short loc_fffaadfc  ; jmp 0xfffaadfc

loc_fffaadf4:  ; not directly referenced
lea eax, [ebp - 0x80]
jmp short loc_fffaadfc  ; jmp 0xfffaadfc

loc_fffaadf9:  ; not directly referenced
lea eax, [ebp - 0x5c]

loc_fffaadfc:  ; not directly referenced
mov dword [ebp - 0x90], eax
mov eax, dword [ebp - 0x9c]
xor edi, edi
add eax, 0x1c
mov dword [ebp - 0xa4], eax
mov esi, eax

loc_fffaae15:  ; not directly referenced
imul eax, edi, 0x13c3
mov edx, dword [ebp - 0x8c]
xor ebx, ebx
cmp dword [edx + eax + 0x3757], 2
jne short loc_fffaae8f  ; jne 0xfffaae8f

loc_fffaae2d:  ; not directly referenced
cmp byte [ebp - 0x95], bl
jbe short loc_fffaae69  ; jbe 0xfffaae69
or byte [esi + ebx*4 + 0x28], 0x20
mov ecx, ebx
mov eax, dword [esi + ebx*4 + 0x28]
mov edx, edi
inc ebx
mov dword [ebp - 0xac], eax
mov eax, dword [ebp - 0x8c]
call fcn_fffa71bc  ; call 0xfffa71bc
mov ecx, dword [ebp - 0xac]
mov edx, eax
mov eax, dword [ebp - 0x8c]
call fcn_fffb3381  ; call 0xfffb3381
jmp short loc_fffaae2d  ; jmp 0xfffaae2d

loc_fffaae69:  ; not directly referenced
mov eax, dword [ebp - 0x8c]
mov ecx, 0xff
mov edx, edi
mov ebx, dword [esi]
call fcn_fffa7236  ; call 0xfffa7236
or bh, 1
mov ecx, ebx
mov edx, eax
mov eax, dword [ebp - 0x8c]
call fcn_fffb38b3  ; call 0xfffb38b3

loc_fffaae8f:  ; not directly referenced
inc edi
add esi, 0xcc
cmp edi, 2
jne loc_fffaae15  ; jne 0xfffaae15
mov eax, dword [ebp - 0x90]
lea ebx, [ebp - 0x38]
inc eax
mov dword [ebp - 0xbc], eax
mov esi, eax

loc_fffaaeb1:  ; not directly referenced
mov edi, dword [ebp - 0x8c]
add ebx, 4
add esi, 3
movzx edx, byte [esi - 4]
movzx ecx, byte [esi - 3]
mov eax, edi
call fcn_fffa7588  ; call 0xfffa7588
mov edx, eax
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov dword [ebx - 4], eax
lea eax, [ebp - 0x28]
cmp ebx, eax
jne short loc_fffaaeb1  ; jne 0xfffaaeb1
imul eax, dword [ebp - 0x94], 0x1f0
mov ecx, 0x3e8
imul eax, dword [ebp - 0xa8]
xor edx, edx
mov byte [ebp - 0xa8], 1
div ecx
lea edi, [eax + 0x14a]
add eax, 0x226
mov dword [ebp - 0xb8], eax
mov eax, dword [ebp - 0x9c]
mov dword [ebp - 0xb4], edi
add eax, 0x1bd
mov dword [ebp - 0xac], eax

loc_fffaaf28:  ; not directly referenced
mov eax, dword [ebp - 0xa4]
xor ebx, ebx
mov dword [ebp - 0x94], eax
mov eax, dword [ebp - 0xa8]
and eax, 7
mov dword [ebp - 0x9c], eax

loc_fffaaf45:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edi, dword [ebp - 0x8c]
cmp dword [edi + eax + 0x3757], 2
je short loc_fffaaf7a  ; je 0xfffaaf7a

loc_fffaaf5b:  ; not directly referenced
inc ebx
add dword [ebp - 0x94], 0xcc
cmp ebx, 2
jne short loc_fffaaf45  ; jne 0xfffaaf45
mov dword [ebp - 0x94], 0
jmp near loc_fffab14f  ; jmp 0xfffab14f

loc_fffaaf7a:  ; not directly referenced
xor esi, esi

loc_fffaaf7c:  ; not directly referenced
mov eax, esi
cmp byte [ebp - 0x95], al
jbe short loc_fffaaf5b  ; jbe 0xfffaaf5b
mov eax, dword [ebp - 0x94]
mov ecx, esi
mov edx, ebx
mov edi, dword [eax + esi*4 + 4]
inc esi
mov eax, dword [ebp - 0x9c]
and edi, 0xffffe3ff
shl eax, 0xa
or edi, eax
mov eax, dword [ebp - 0x8c]
call fcn_fffa71f9  ; call 0xfffa71f9
mov ecx, edi
mov edx, eax
mov eax, dword [ebp - 0x8c]
call fcn_fffb3381  ; call 0xfffb3381
jmp short loc_fffaaf7c  ; jmp 0xfffaaf7c

loc_fffaafc2:  ; not directly referenced
imul eax, edi, 0x13c3
mov edx, dword [ebp - 0x8c]
cmp dword [edx + eax + 0x3757], 2
je loc_fffab18d  ; je 0xfffab18d

loc_fffaafdc:  ; not directly referenced
inc edi
add dword [ebp - 0x9c], 0xcc
cmp edi, 2
jne short loc_fffaafc2  ; jne 0xfffaafc2
mov byte [ebp - 0x9c], 0

loc_fffaaff3:  ; not directly referenced
mov esi, dword [ebp - 0x9c]
lea edi, [ebp - 0x28]
mov ebx, dword [ebp - 0x90]
and esi, 1
shl esi, 0x1d
or esi, 0x2000000

loc_fffab00e:  ; not directly referenced
movzx eax, byte [ebx + 2]
and esi, 0xefffffff
movzx ecx, byte [ebx + 1]
movzx edx, byte [ebx]
and eax, 1
shl eax, 0x1c
or esi, eax
mov eax, dword [ebp - 0x8c]
call fcn_fffa7588  ; call 0xfffa7588
mov ecx, esi
mov edx, eax
mov eax, dword [ebp - 0x8c]
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp - 0xa0]
call dword [eax + 0x54]  ; ucall
add eax, 0x3e8
mov dword [ebp - 0xb0], eax

loc_fffab055:  ; not directly referenced
mov esi, dword [ebp - 0x8c]
movzx edx, byte [ebx]
movzx ecx, byte [ebx + 1]
mov eax, esi
call fcn_fffa7588  ; call 0xfffa7588
mov edx, eax
mov eax, esi
call fcn_fffb331f  ; call 0xfffb331f
mov esi, eax
test eax, 0x40000000
jne loc_fffab1d2  ; jne 0xfffab1d2
mov eax, dword [ebp - 0xa0]
call dword [eax + 0x54]  ; ucall
cmp dword [ebp - 0xb0], eax
ja short loc_fffab055  ; ja 0xfffab055

loc_fffab090:  ; not directly referenced
movzx ecx, byte [ebx + 1]
add edi, 4
add ebx, 3
movzx edx, byte [ebx - 3]
mov eax, dword [ebp - 0x8c]
call fcn_fffa7588  ; call 0xfffa7588
xor ecx, ecx
mov edx, eax
mov eax, dword [ebp - 0x8c]
call fcn_fffb3381  ; call 0xfffb3381
lea eax, [ebp - 0x18]
cmp edi, eax
jne loc_fffab00e  ; jne 0xfffab00e
inc byte [ebp - 0x9c]
cmp byte [ebp - 0x9c], 2
jne loc_fffaaff3  ; jne 0xfffaaff3
mov ecx, dword [ebp - 0x28]
mov ebx, dword [ebp - 0x1c]
mov edx, dword [ebp - 0x20]
mov eax, dword [ebp - 0x24]
mov esi, ecx
cmp ebx, ecx
cmovbe esi, ebx
cmp esi, edx
cmova esi, edx
cmp ebx, ecx
cmovae ecx, ebx
cmp ecx, edx
cmovae edx, ecx
cmp edx, eax
cmovb edx, eax
cmp esi, eax
cmovbe eax, esi
cmp dword [ebp - 0xb4], eax
jbe short loc_fffab11f  ; jbe 0xfffab11f
mov cl, byte [ebp - 0x94]
mov eax, 1
mov edi, dword [ebp - 0xac]
shl eax, cl
or byte [edi], al

loc_fffab11f:  ; not directly referenced
cmp dword [ebp - 0xb8], edx
jae short loc_fffab13c  ; jae 0xfffab13c
mov cl, byte [ebp - 0x94]
mov eax, 1
mov edi, dword [ebp - 0xac]
shl eax, cl
or byte [edi], al

loc_fffab13c:  ; not directly referenced
inc dword [ebp - 0x94]
cmp dword [ebp - 0x94], 8
je loc_fffab1f0  ; je 0xfffab1f0

loc_fffab14f:  ; not directly referenced
push eax
xor edi, edi
push 0
push 4
lea eax, [ebp - 0x28]
push eax
mov eax, dword [ebp - 0xa0]
call dword [eax + 0x64]  ; ucall
mov eax, dword [ebp - 0xa4]
add esp, 0x10
mov dword [ebp - 0x9c], eax
mov eax, dword [ebp - 0x94]
and eax, 7
mov dword [ebp - 0xb0], eax
shl dword [ebp - 0xb0], 0x1a
jmp near loc_fffaafc2  ; jmp 0xfffaafc2

loc_fffab18d:  ; not directly referenced
xor ebx, ebx

loc_fffab18f:  ; not directly referenced
cmp byte [ebp - 0x95], bl
jbe loc_fffaafdc  ; jbe 0xfffaafdc
mov eax, dword [ebp - 0x9c]
mov ecx, ebx
mov edx, edi
mov esi, dword [eax + ebx*4 + 0x28]
inc ebx
mov eax, dword [ebp - 0x8c]
and esi, 0xe3ffffff
call fcn_fffa71bc  ; call 0xfffa71bc
or esi, dword [ebp - 0xb0]
mov ecx, esi
mov edx, eax
mov eax, dword [ebp - 0x8c]
call fcn_fffb3381  ; call 0xfffb3381
jmp short loc_fffab18f  ; jmp 0xfffab18f

loc_fffab1d2:  ; not directly referenced
shr eax, 0xf
and eax, 0x3ff
add eax, dword [edi]
cmp byte [ebp - 0x9c], 1
jne loc_fffab2df  ; jne 0xfffab2df
shr eax, 1
jmp near loc_fffab2df  ; jmp 0xfffab2df

loc_fffab1f0:  ; not directly referenced
inc byte [ebp - 0xa8]
inc dword [ebp - 0xac]
and byte [ebp - 0xa8], 7
jne loc_fffaaf28  ; jne 0xfffaaf28
mov esi, dword [ebp - 0xa4]
xor edi, edi

loc_fffab211:  ; not directly referenced
imul eax, edi, 0x13c3
mov ecx, dword [ebp - 0x8c]
xor ebx, ebx
cmp dword [ecx + eax + 0x3757], 2
jne short loc_fffab296  ; jne 0xfffab296

loc_fffab229:  ; not directly referenced
cmp byte [ebp - 0x95], bl
jbe short loc_fffab277  ; jbe 0xfffab277
mov eax, dword [ebp - 0x8c]
mov ecx, ebx
mov edx, edi
call fcn_fffa71f9  ; call 0xfffa71f9
mov ecx, dword [esi + ebx*4 + 4]
mov edx, eax
mov dword [ebp - 0x90], eax
mov eax, dword [ebp - 0x8c]
call fcn_fffb3381  ; call 0xfffb3381
mov edx, dword [ebp - 0x90]
and byte [esi + ebx*4 + 0x28], 0xdf
mov ecx, dword [esi + ebx*4 + 0x28]
inc ebx
mov eax, dword [ebp - 0x8c]
add edx, 4
call fcn_fffb3381  ; call 0xfffb3381
jmp short loc_fffab229  ; jmp 0xfffab229

loc_fffab277:  ; not directly referenced
mov ebx, dword [ebp - 0x8c]
mov ecx, 0xff
mov edx, edi
mov eax, ebx
call fcn_fffa7236  ; call 0xfffa7236
mov ecx, dword [esi]
mov edx, eax
mov eax, ebx
call fcn_fffb38b3  ; call 0xfffb38b3

loc_fffab296:  ; not directly referenced
inc edi
add esi, 0xcc
cmp edi, 2
jne loc_fffab211  ; jne 0xfffab211
mov esi, dword [ebp - 0xbc]
lea ebx, [ebp - 0x38]

loc_fffab2af:  ; not directly referenced
mov edi, dword [ebp - 0x8c]
add ebx, 4
add esi, 3
movzx ecx, byte [esi - 3]
movzx edx, byte [esi - 4]
mov eax, edi
call fcn_fffa7588  ; call 0xfffa7588
mov ecx, dword [ebx - 4]
mov edx, eax
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
lea eax, [ebp - 0x28]
cmp ebx, eax
jne short loc_fffab2af  ; jne 0xfffab2af
jmp short loc_fffab2e6  ; jmp 0xfffab2e6

loc_fffab2df:  ; not directly referenced
mov dword [edi], eax
jmp near loc_fffab090  ; jmp 0xfffab090

loc_fffab2e6:  ; not directly referenced
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffab2f0:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
mov ebx, dword [ebp + 8]
mov eax, dword [ebx + 0x18a7]
mov esi, dword [ebx + 0x2444]
mov edi, dword [ebx + 0x18c1]
mov dword [ebp - 0x2c], eax
mov eax, dword [ebx + 0x188b]
push 0xe4
push 0
push 0
push 0
mov dword [ebp - 0x30], eax
call dword [esi + 0x4c]  ; ucall
add edi, eax
mov dword [esp], edi
add edi, 4
call dword [esi + 0x20]  ; ucall
mov dword [esp], edi
mov dword [ebp - 0x1c], eax
call dword [esi + 0x20]  ; ucall
mov edx, dword [ebp - 0x1c]
mov edi, dword [ebx + 0x18c1]
mov dword [ebx + 0x10], edx
mov dword [ebx + 0x14], eax
push 0x54
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
add esp, 0x14
add edi, eax
push edi
call dword [esi + 0x20]  ; ucall
mov edx, dword [ebp - 0x1c]
add esp, 0x10
movzx ecx, dh
test cl, 8
jne short loc_fffab38b  ; jne 0xfffab38b
test al, 0x10
je short loc_fffab38b  ; je 0xfffab38b
mov eax, dword [ebx + 0x188f]
mov dword [ebx + 0x246e], eax
mov eax, dword [ebx + 0x1893]
mov dword [ebx + 0x2472], eax
jmp short loc_fffab39f  ; jmp 0xfffab39f

loc_fffab38b:  ; not directly referenced
mov dword [ebx + 0x246e], 0
mov dword [ebx + 0x2472], 0

loc_fffab39f:  ; not directly referenced
mov eax, edx
shr eax, 0x13
and eax, 3
cmp eax, 1
je short loc_fffab3c8  ; je 0xfffab3c8
cmp eax, 2
je short loc_fffab3d4  ; je 0xfffab3d4
cmp eax, 1
sbb eax, eax
and eax, 0x3e00
add eax, 0x200
mov dword [ebx + 0x2485], eax
jmp short loc_fffab3de  ; jmp 0xfffab3de

loc_fffab3c8:  ; not directly referenced
mov dword [ebx + 0x2485], 0x2000
jmp short loc_fffab3de  ; jmp 0xfffab3de

loc_fffab3d4:  ; not directly referenced
mov dword [ebx + 0x2485], 0x800

loc_fffab3de:  ; not directly referenced
mov eax, ecx
shl eax, 0x1b
mov dword [ebp - 0x20], eax
mov eax, ecx
shl eax, 0x19
sar dword [ebp - 0x20], 0x1f
add dword [ebp - 0x20], 2
mov dword [ebp - 0x1c], eax
sar dword [ebp - 0x1c], 0x1f
add dword [ebp - 0x1c], 2
cmp byte [ebx + 0x241f], 1
je short loc_fffab42d  ; je 0xfffab42d
mov eax, dword [ebx + 0x1887]
cmp eax, 0x306d0
sete cl
cmp eax, 0x40650
sete al
or cl, al
mov eax, 1
cmove eax, dword [ebp - 0x1c]
mov dword [ebp - 0x1c], eax
jmp short loc_fffab434  ; jmp 0xfffab434

loc_fffab42d:  ; not directly referenced
mov dword [ebp - 0x1c], 1

loc_fffab434:  ; not directly referenced
mov eax, edx
shr eax, 0x10
and eax, 2
cmp al, 1
sbb eax, eax
mov dword [ebp - 0x24], eax
mov eax, edx
shr eax, 0x18
add word [ebp - 0x24], 2
and eax, 1
mov dword [ebp - 0x34], eax
je short loc_fffab463  ; je 0xfffab463
mov byte [ebx + 0x3749], 1
mov edi, 1
jmp short loc_fffab47b  ; jmp 0xfffab47b

loc_fffab463:  ; not directly referenced
xor eax, eax
and edx, 0x2000000
jne short loc_fffab479  ; jne 0xfffab479
xor eax, eax
cmp byte [ebx + 0x3749], 0
setne al

loc_fffab479:  ; not directly referenced
mov edi, eax

loc_fffab47b:  ; not directly referenced
imul esi, dword [ebp - 0x2c], 0x2e
lea eax, [ebx + 0x736c]
lea ecx, [ebx + 0x4be6]
mov dword [ebp - 0x28], eax

loc_fffab48e:  ; not directly referenced
cmp dword [ecx - 0x148f], 2
je short loc_fffab4da  ; je 0xfffab4da

loc_fffab497:  ; not directly referenced
add ecx, 0x13c3
cmp ecx, dword [ebp - 0x28]
jne short loc_fffab48e  ; jne 0xfffab48e
cmp byte [ebx + 0x3749], 1
mov edi, 2
mov dword [ebx + 0x3712], 0
mov dword [ebp - 0x24], 0
sete al
xor esi, esi
add eax, 8
xor ecx, ecx
mov byte [ebx + 0x2489], al
lea eax, [ebx + 0x3813]
jmp near loc_fffab5d3  ; jmp 0xfffab5d3

loc_fffab4da:  ; not directly referenced
cmp word [ebp - 0x24], 2
je short loc_fffab507  ; je 0xfffab507
cmp dword [ebx + 0x18a7], 0
jne short loc_fffab526  ; jne 0xfffab526
mov eax, dword [ebx + 0x36d8]
cmp eax, 0x74b
ja short loc_fffab507  ; ja 0xfffab507
cmp dword [ecx - 0x13cf], 1
jbe short loc_fffab526  ; jbe 0xfffab526
cmp eax, 0x534
jbe short loc_fffab526  ; jbe 0xfffab526

loc_fffab507:  ; not directly referenced
cmp word [ecx + esi - 0x1487], 2
mov eax, 2
cmovae ax, word [ecx + esi - 0x1487]
mov word [ecx + esi - 0x1487], ax

loc_fffab526:  ; not directly referenced
lea eax, [ecx - 0x250]

loc_fffab52c:  ; not directly referenced
cmp dword [eax - 0xcc], 2
jne short loc_fffab583  ; jne 0xfffab583
mov dx, word [ecx + esi - 0x1487]
mov word [eax + esi - 0xc4], dx
cmp edi, 1
jne short loc_fffab572  ; jne 0xfffab572
mov dl, byte [eax]
test dl, dl
jne short loc_fffab562  ; jne 0xfffab562
cmp dword [ebp - 0x34], 1
jne short loc_fffab575  ; jne 0xfffab575
mov dword [eax - 0xcc], 1
jmp short loc_fffab583  ; jmp 0xfffab583

loc_fffab562:  ; not directly referenced
dec dl
jne short loc_fffab575  ; jne 0xfffab575
mov byte [eax], 1
mov dword [eax + 0x11], 9
jmp short loc_fffab583  ; jmp 0xfffab583

loc_fffab572:  ; not directly referenced
mov byte [eax], 0

loc_fffab575:  ; not directly referenced
mov dword [eax + 0x11], 8
mov byte [ebx + 0x3749], 0

loc_fffab583:  ; not directly referenced
add eax, 0x128
cmp eax, ecx
jne short loc_fffab52c  ; jne 0xfffab52c
jmp near loc_fffab497  ; jmp 0xfffab497

loc_fffab591:  ; not directly referenced
xor edx, edx
cmp dword [eax + 0x10b7], 2
jne short loc_fffab5a2  ; jne 0xfffab5a2
mov edx, dword [eax + 0x1198]

loc_fffab5a2:  ; not directly referenced
cmp dword [eax + 0x11df], 2
jne short loc_fffab5b1  ; jne 0xfffab5b1
add edx, dword [eax + 0x12c0]

loc_fffab5b1:  ; not directly referenced
mov dword [eax], edx
cmp edx, dword [ebp - 0x24]
jbe short loc_fffab5de  ; jbe 0xfffab5de
mov edi, dword [eax + 4]
mov ecx, esi
mov dword [ebp - 0x24], edx

loc_fffab5c0:  ; not directly referenced
mov edx, dword [eax]
inc esi
add eax, 0x13c3
add dword [ebx + 0x3712], edx
cmp esi, 2
je short loc_fffab5fb  ; je 0xfffab5fb

loc_fffab5d3:  ; not directly referenced
cmp dword [eax - 0xbc], 2
jne short loc_fffab5c0  ; jne 0xfffab5c0
jmp short loc_fffab591  ; jmp 0xfffab591

loc_fffab5de:  ; not directly referenced
sete byte [ebp - 0x28]
cmp dword [ebp - 0x1c], 1
sete dl
test byte [ebp - 0x28], dl
je short loc_fffab5c0  ; je 0xfffab5c0
mov edx, dword [eax + 4]
cmp edx, edi
jae short loc_fffab5c0  ; jae 0xfffab5c0
mov edi, edx
mov ecx, esi
jmp short loc_fffab5c0  ; jmp 0xfffab5c0

loc_fffab5fb:  ; not directly referenced
cmp dword [ebp - 0x20], 1
je short loc_fffab60d  ; je 0xfffab60d

loc_fffab601:  ; not directly referenced
cmp dword [ebp - 0x1c], 1
jne loc_fffab69d  ; jne 0xfffab69d
jmp short loc_fffab685  ; jmp 0xfffab685

loc_fffab60d:  ; not directly referenced
lea eax, [ebx + 0x3757]
xor edx, edx

loc_fffab615:  ; not directly referenced
mov esi, dword [eax]
cmp edx, ecx
je short loc_fffab675  ; je 0xfffab675
cmp esi, 2
jne short loc_fffab675  ; jne 0xfffab675
cmp dword [eax + 0x1173], 2
mov dword [eax], 1
mov byte [eax + 0xc4], 0
jne short loc_fffab651  ; jne 0xfffab651
mov dword [eax + 0x1173], 1
mov byte [eax + 0x1260], 0
mov dword [eax + 0x1254], 0

loc_fffab651:  ; not directly referenced
cmp dword [eax + 0x129b], 2
jne short loc_fffab675  ; jne 0xfffab675
mov dword [eax + 0x129b], 1
mov byte [eax + 0x1388], 0
mov dword [eax + 0x137c], 0

loc_fffab675:  ; not directly referenced
inc edx
add eax, 0x13c3
cmp edx, 2
jne short loc_fffab615  ; jne 0xfffab615
jmp near loc_fffab601  ; jmp 0xfffab601

loc_fffab685:  ; not directly referenced
xor eax, eax

loc_fffab687:  ; not directly referenced
cmp dword [ebx + eax + 0x3757], 2
je short loc_fffab6ab  ; je 0xfffab6ab

loc_fffab691:  ; not directly referenced
add eax, 0x13c3
cmp eax, 0x2786
jne short loc_fffab687  ; jne 0xfffab687

loc_fffab69d:  ; not directly referenced
cmp byte [ebx + 0x190d], 0
jne short loc_fffab6e0  ; jne 0xfffab6e0
jmp near loc_fffab793  ; jmp 0xfffab793

loc_fffab6ab:  ; not directly referenced
mov edx, dword [ebx + eax + 0x48ca]
xor ecx, ecx
cmp edx, 2
jne short loc_fffab6c0  ; jne 0xfffab6c0
mov ecx, dword [ebx + eax + 0x49ab]

loc_fffab6c0:  ; not directly referenced
cmp dword [ebx + eax + 0x49f2], 2
jne short loc_fffab691  ; jne 0xfffab691
cmp dword [ebx + eax + 0x4ad3], ecx
ja short loc_fffab715  ; ja 0xfffab715
mov dword [ebx + eax + 0x49f2], 1
jmp short loc_fffab691  ; jmp 0xfffab691

loc_fffab6e0:  ; not directly referenced
mov eax, dword [ebx + 0x190e]
mov dword [ebx + 0x36cc], eax
test eax, eax
jne short loc_fffab72e  ; jne 0xfffab72e
cmp dword [ebp - 0x30], 0
jne short loc_fffab700  ; jne 0xfffab700
mov dword [ebx + 0x36cc], 1

loc_fffab700:  ; not directly referenced
cmp byte [ebx + 0x36cb], 0
jne short loc_fffab72e  ; jne 0xfffab72e
mov dword [ebx + 0x36cc], 1
jmp short loc_fffab72e  ; jmp 0xfffab72e

loc_fffab715:  ; not directly referenced
cmp edx, 2
jne loc_fffab691  ; jne 0xfffab691
mov dword [ebx + eax + 0x48ca], 1
jmp near loc_fffab691  ; jmp 0xfffab691

loc_fffab72e:  ; not directly referenced
cmp dword [ebx + 0x36cc], 1
jne short loc_fffab793  ; jne 0xfffab793
cmp dword [ebx + 0x374f], 2
mov byte [ebx + 0x2480], 1
jne short loc_fffab793  ; jne 0xfffab793
lea eax, [ebx + 0x3757]
lea edx, [ebx + 0x5edd]

loc_fffab753:  ; not directly referenced
cmp dword [eax], 2
jne short loc_fffab78a  ; jne 0xfffab78a
cmp dword [eax + 0x1173], 2
jne short loc_fffab771  ; jne 0xfffab771
cmp byte [eax + 0x1243], 0
jne short loc_fffab771  ; jne 0xfffab771
mov byte [ebx + 0x2480], 0

loc_fffab771:  ; not directly referenced
cmp dword [eax + 0x129b], 2
jne short loc_fffab78a  ; jne 0xfffab78a
cmp byte [eax + 0x136b], 0
jne short loc_fffab78a  ; jne 0xfffab78a
mov byte [ebx + 0x2480], 0

loc_fffab78a:  ; not directly referenced
add eax, 0x13c3
cmp eax, edx
jne short loc_fffab753  ; jne 0xfffab753

loc_fffab793:  ; not directly referenced
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffab79d:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x1c
mov ebx, dword [ebp + 8]
mov eax, dword [ebx + 0x2481]
cmp byte [ebx + 0x192b], 0
mov dword [ebp - 0x1c], eax
je short loc_fffab7ed  ; je 0xfffab7ed
movzx ecx, byte [ebx + 0x192c]
mov edx, 0x5884
mov eax, ebx
and ecx, 7
call fcn_fffb3381  ; call 0xfffb3381
mov al, byte [ebx + 0x192e]
xor ecx, ecx
mov cl, byte [ebx + 0x192d]
mov edx, 0x5888
mov ch, al
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381

loc_fffab7ed:  ; not directly referenced
movzx ecx, byte [ebx + 0x1935]
movzx edx, byte [ebx + 0x1936]
movzx eax, byte [ebx + 0x1937]
movzx esi, byte [ebx + 0x192f]
and ecx, 3
and edx, 0x1f
shl edx, 0x11
and eax, 1
shl ecx, 0x16
or ecx, edx
movzx edx, word [ebx + 0x1938]
shl eax, 0xf
or ecx, eax
movzx eax, byte [ebx + 0x1930]
shl esi, 0x1f
and edx, 0x7fff
or ecx, edx
movzx edx, byte [ebx + 0x1931]
and eax, 3
shl eax, 0x16
or esi, eax
movzx eax, byte [ebx + 0x1932]
and edx, 0x1f
shl edx, 0x11
or esi, edx
movzx edx, word [ebx + 0x1933]
and eax, 1
shl eax, 0xf
or esi, eax
mov eax, ebx
and edx, 0x7fff
or esi, edx
mov edx, 0x58e0
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, esi
mov edx, 0x58e4
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov al, byte [ebx + 0x193b]
xor ecx, ecx
mov edx, 0x5890
mov ch, al
mov cl, byte [ebx + 0x193a]
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov al, byte [ebx + 0x193d]
xor ecx, ecx
mov edx, 0x5894
mov ch, al
mov cl, byte [ebx + 0x193c]
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov al, byte [ebx + 0x193f]
xor ecx, ecx
mov edx, 0x5898
mov ch, al
mov cl, byte [ebx + 0x193e]
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov al, byte [ebx + 0x1941]
xor ecx, ecx
mov edx, 0x589c
mov ch, al
mov cl, byte [ebx + 0x1940]
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov al, byte [ebx + 0x1943]
xor ecx, ecx
mov edx, 0x58d0
mov ch, al
mov cl, byte [ebx + 0x1942]
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov al, byte [ebx + 0x1945]
xor ecx, ecx
mov edx, 0x58d4
xor esi, esi
mov ch, al
mov cl, byte [ebx + 0x1944]
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov al, byte [ebx + 0x1947]
xor ecx, ecx
mov edx, 0x58d8
mov ch, al
mov cl, byte [ebx + 0x1946]
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov al, byte [ebx + 0x1949]
xor ecx, ecx
mov edx, 0x58dc
mov ch, al
mov cl, byte [ebx + 0x1948]
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381

loc_fffab969:  ; not directly referenced
imul eax, esi, 0x13c3
cmp dword [ebx + eax + 0x3757], 2
jne loc_fffaba7c  ; jne 0xfffaba7c
cmp byte [ebx + 0x192b], 0
je loc_fffaba3c  ; je 0xfffaba3c
movzx ecx, byte [ebx + esi*2 + 0x194b]
mov edi, esi
movzx eax, byte [ebx + esi*2 + 0x194a]
shl edi, 0xa
lea edx, [edi + 0x42ec]
and ecx, 0x3f
and eax, 0x3f
shl ecx, 8
or ecx, eax
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
movzx ecx, byte [ebx + esi*2 + 0x194f]
lea edx, [edi + 0x42f0]
movzx eax, byte [ebx + esi*2 + 0x194e]
and ecx, 0x3f
and eax, 0x3f
shl ecx, 8
or ecx, eax
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov al, byte [ebx + esi*2 + 0x1953]
xor ecx, ecx
lea edx, [edi + 0x42f4]
mov ch, al
mov cl, byte [ebx + esi*2 + 0x1952]
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov al, byte [ebx + esi*2 + 0x1957]
xor ecx, ecx
lea edx, [edi + 0x42f8]
mov ch, al
mov cl, byte [ebx + esi*2 + 0x1956]
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov al, byte [ebx + esi*2 + 0x195b]
xor ecx, ecx
lea edx, [edi + 0x42fc]
mov ch, al
mov cl, byte [ebx + esi*2 + 0x195a]
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381

loc_fffaba3c:  ; not directly referenced
cmp dword [ebp - 0x1c], 3
jne short loc_fffaba57  ; jne 0xfffaba57
movzx ecx, byte [ebx + 0x1963]
and ecx, 1
shl ecx, 8
mov cl, byte [ebx + 0x1964]
jmp short loc_fffaba6a  ; jmp 0xfffaba6a

loc_fffaba57:  ; not directly referenced
movzx ecx, byte [ebx + 0x1961]
and ecx, 1
shl ecx, 8
mov cl, byte [ebx + 0x1962]

loc_fffaba6a:  ; not directly referenced
mov edx, esi
mov eax, ebx
shl edx, 0xa
add edx, 0x4328
call fcn_fffb3381  ; call 0xfffb3381

loc_fffaba7c:  ; not directly referenced
inc esi
cmp esi, 2
jne loc_fffab969  ; jne 0xfffab969
movzx ecx, byte [ebx + 0x195e]
mov edx, 0x5060
mov eax, ebx
and ecx, 1
shl ecx, 0x10
mov cx, word [ebx + 0x195f]
call fcn_fffb3381  ; call 0xfffb3381
mov edx, 0x5880
mov eax, ebx
call fcn_fffb331f  ; call 0xfffb331f
movzx ecx, byte [ebx + 0x1925]
movzx edx, byte [ebx + 0x1924]
and ecx, 1
and edx, 1
and eax, 0xfffffffc
add edx, edx
or eax, ecx
movzx ecx, byte [ebx + 0x1928]
or eax, edx
movzx edx, byte [ebx + 0x1923]
and eax, 0xffffffe3
and ecx, 3
and edx, 1
shl edx, 4
shl ecx, 2
or eax, edx
or eax, ecx
cmp dword [ebp - 0x1c], 3
jne short loc_fffabb2f  ; jne 0xfffabb2f
movzx edx, byte [ebx + 0x1927]
and eax, 0xffffffbf
and edx, 1
shl edx, 6
or eax, edx
cmp byte [ebx + 0x190d], 0
mov ecx, eax
je short loc_fffabb1c  ; je 0xfffabb1c
cmp dword [ebx + 0x36cc], 1
je short loc_fffabb43  ; je 0xfffabb43

loc_fffabb1c:  ; not directly referenced
xor edx, edx
cmp byte [ebx + 0x1929], 0
sete dl
and al, 0x7f
shl edx, 7
jmp short loc_fffabb3f  ; jmp 0xfffabb3f

loc_fffabb2f:  ; not directly referenced
movzx edx, byte [ebx + 0x1926]
and eax, 0xffffffbf
and edx, 1
shl edx, 6

loc_fffabb3f:  ; not directly referenced
mov ecx, eax
or ecx, edx

loc_fffabb43:  ; not directly referenced
add esp, 0x1c
mov eax, ebx
pop ebx
mov edx, 0x5880
pop esi
pop edi
pop ebp
jmp near fcn_fffb3381  ; jmp 0xfffb3381

fcn_fffabb56:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
movzx esi, dl
push ebx
sub esp, 0x2c
mov bl, byte [ebp + 0xc]
mov dword [ebp - 0x20], eax
imul eax, esi, 0x13c3
mov dword [ebp - 0x24], esi
mov byte [ebp - 0x19], 0
mov byte [ebp - 0x1a], bl
mov bl, byte [ebp + 0x10]
lea eax, [edi + eax + 0x3757]
mov dword [ebp - 0x28], eax
lea eax, [ecx + ecx*8]
mov dword [ebp - 0x2c], ecx
mov byte [ebp - 0x31], bl
mov dword [ebp - 0x30], eax

loc_fffabb93:  ; not directly referenced
mov edi, dword [ebp - 0x20]
mov al, byte [ebp - 0x19]
cmp al, byte [edi + 0x2489]
jae loc_fffabc72  ; jae 0xfffabc72
mov al, byte [ebp - 0x19]
mov esi, dword [ebp + 8]
movzx edi, al
bt esi, eax
jae loc_fffabc6a  ; jae 0xfffabc6a
mov eax, dword [ebp - 0x30]
lea ebx, [edi + eax]
movsx ax, byte [ebp - 0x1a]
add ebx, ebx
add ebx, dword [ebp - 0x28]
mov word [ebp - 0x1c], ax
add ax, word [ebx + 0x1b1]
js short loc_fffabbe2  ; js 0xfffabbe2
mov esi, 0x1ff
cmp ax, 0x1ff
cmovbe esi, eax
jmp short loc_fffabbe4  ; jmp 0xfffabbe4

loc_fffabbe2:  ; not directly referenced
xor esi, esi

loc_fffabbe4:  ; not directly referenced
push eax
movzx eax, si
mov ecx, dword [ebp - 0x2c]
push eax
mov edx, dword [ebp - 0x24]
mov eax, dword [ebp - 0x20]
push 0
push edi
call fcn_fffa7447  ; call 0xfffa7447
mov eax, dword [ebp - 0x28]
add esp, 0xc
add eax, dword [ebp - 0x30]
mov ecx, dword [ebp - 0x1c]
movzx eax, byte [edi + eax + 0x24d]
mov edx, ecx
add dx, word [ebx + 0x121]
add cx, word [ebx + 0x169]
and eax, 0x3f
shl eax, 0x14
and edx, 0x1ff
shl edx, 9
and ecx, 0x1ff
or eax, edx
mov edx, dword [ebp - 0x24]
or eax, ecx
mov ecx, dword [ebp - 0x2c]
push eax
mov eax, dword [ebp - 0x20]
push 3
push edi
call fcn_fffa735e  ; call 0xfffa735e
add esp, 0x10
cmp byte [ebp - 0x31], 0
je short loc_fffabc6a  ; je 0xfffabc6a
mov eax, dword [ebp - 0x1c]
add word [ebx + 0x121], ax
add word [ebx + 0x169], ax
mov word [ebx + 0x1b1], si

loc_fffabc6a:  ; not directly referenced
inc byte [ebp - 0x19]
jmp near loc_fffabb93  ; jmp 0xfffabb93

loc_fffabc72:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffabc7a:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x3c
mov eax, dword [ebp + 8]
mov ebx, dword [ebp + 0x18]
mov edx, dword [ebp + 0x10]
mov edi, eax
mov dword [ebp - 0x1c], eax
mov eax, dword [ebp + 0x1c]
mov byte [ebp - 0x26], bl
mov dword [ebp - 0x24], eax
mov eax, dword [ebp + 0x20]
mov esi, eax
mov dword [ebp - 0x30], eax
mov al, byte [ebp + 0x14]
mov byte [ebp - 0x34], al
mov eax, esi
mov byte [ebp - 0x25], al
movzx eax, byte [ebp + 0xc]
mov dword [ebp - 0x20], eax
imul eax, eax, 0x13c3
cmp dword [edi + 0x2481], 3
sete cl
lea esi, [edi + eax + 0x3757]
mov dword [ebp - 0x2c], ecx
test dl, dl
je short loc_fffabd29  ; je 0xfffabd29
mov ecx, dword [ebp - 0x24]
mov edi, 0x7f
cmp ecx, 0x7f
cmovg ecx, edi
xor eax, eax
test ecx, ecx
cmovns eax, ecx
cmp dl, 2
je loc_fffabecf  ; je 0xfffabecf
ja short loc_fffabd01  ; ja 0xfffabd01
dec dl
je loc_fffabe8e  ; je 0xfffabe8e
jmp near loc_fffac0bd  ; jmp 0xfffac0bd

loc_fffabd01:  ; not directly referenced
cmp dl, 3
je loc_fffabf6c  ; je 0xfffabf6c
cmp dl, 4
jne loc_fffac0bd  ; jne 0xfffac0bd
cmp eax, 0x7f
cmovg eax, edi
movzx edi, byte [ebp - 0x34]
xor edx, edx
xor ebx, ebx
mov dword [ebp - 0x24], edi
jmp near loc_fffabfd0  ; jmp 0xfffabfd0

loc_fffabd29:  ; not directly referenced
cmp dword [ebp - 0x2c], 0
je loc_fffabdfc  ; je 0xfffabdfc
mov ecx, dword [ebp - 0x1c]
xor ebx, ebx
xor edi, edi
imul edx, dword [ebp - 0x20], 0x54a
add eax, ecx
add edx, ecx
mov dword [ebp - 0x34], edx
mov dword [ebp - 0x3c], eax

loc_fffabd4b:  ; not directly referenced
movzx edx, byte [ebp - 0x26]
imul eax, ebx, 7
bt edx, ebx
mov dword [ebp - 0x2c], eax
movzx eax, byte [esi + ebx + 0x241]
jae loc_fffabde9  ; jae 0xfffabde9
add eax, dword [ebp - 0x24]
mov ecx, 0x80
cdq
idiv ecx
test dl, dl
lea eax, [edx - 0x80]
cmovns eax, edx
cmp byte [ebp - 0x25], 0
je short loc_fffabd86  ; je 0xfffabd86
mov byte [esi + ebx + 0x241], al

loc_fffabd86:  ; not directly referenced
mov cl, byte [ebp - 0x2c]
movsx eax, al
mov dword [ebp - 0x2c], 0
shl eax, cl
add edi, eax
mov eax, dword [ebp - 0x34]
movzx eax, byte [eax + ebx + 0x1ea9]
mov dword [ebp - 0x30], eax
movzx eax, byte [ebp - 0x25]
mov dword [ebp - 0x38], eax

loc_fffabdac:  ; not directly referenced
mov cl, byte [ebp - 0x2c]
mov eax, 1
shl eax, cl
mov ecx, dword [ebp - 0x3c]
test byte [ecx + 0x381b], al
je short loc_fffabdde  ; je 0xfffabdde
movsx eax, byte [ebp - 0x24]
push edx
mov ecx, dword [ebp - 0x2c]
push dword [ebp - 0x38]
mov edx, dword [ebp - 0x20]
push eax
mov eax, dword [ebp - 0x1c]
push dword [ebp - 0x30]
call fcn_fffabb56  ; call 0xfffabb56
add esp, 0x10

loc_fffabdde:  ; not directly referenced
inc dword [ebp - 0x2c]
cmp dword [ebp - 0x2c], 4
jne short loc_fffabdac  ; jne 0xfffabdac
jmp short loc_fffabdf0  ; jmp 0xfffabdf0

loc_fffabde9:  ; not directly referenced
mov cl, byte [ebp - 0x2c]
shl eax, cl
add edi, eax

loc_fffabdf0:  ; not directly referenced
inc ebx
cmp ebx, 2
jne loc_fffabd4b  ; jne 0xfffabd4b
jmp short loc_fffabe7b  ; jmp 0xfffabe7b

loc_fffabdfc:  ; not directly referenced
movzx eax, byte [ebp - 0x34]
xor ebx, ebx
xor edi, edi
mov dword [ebp - 0x30], eax
movzx eax, byte [ebp - 0x25]
mov dword [ebp - 0x34], eax

loc_fffabe0e:  ; not directly referenced
mov edx, dword [ebp - 0x30]
imul eax, ebx, 7
bt edx, ebx
mov dword [ebp - 0x2c], eax
movzx eax, byte [esi + ebx + 0x241]
jae short loc_fffabe6e  ; jae 0xfffabe6e
add eax, dword [ebp - 0x24]
mov ecx, 0x80
cdq
idiv ecx
test dl, dl
lea eax, [edx - 0x80]
cmovns eax, edx
cmp byte [ebp - 0x25], 0
je short loc_fffabe44  ; je 0xfffabe44
mov byte [esi + ebx + 0x241], al

loc_fffabe44:  ; not directly referenced
mov cl, byte [ebp - 0x2c]
movsx eax, al
mov edx, dword [ebp - 0x20]
shl eax, cl
mov ecx, ebx
add edi, eax
push eax
movsx eax, byte [ebp - 0x24]
push dword [ebp - 0x34]
push eax
mov eax, dword [ebp - 0x1c]
push 0x1ff
call fcn_fffabb56  ; call 0xfffabb56
add esp, 0x10
jmp short loc_fffabe75  ; jmp 0xfffabe75

loc_fffabe6e:  ; not directly referenced
mov cl, byte [ebp - 0x2c]
shl eax, cl
add edi, eax

loc_fffabe75:  ; not directly referenced
inc ebx
cmp ebx, 4
jne short loc_fffabe0e  ; jne 0xfffabe0e

loc_fffabe7b:  ; not directly referenced
mov edx, dword [ebp - 0x20]
mov ecx, edi
shl edx, 8
add edx, 0x180c
jmp near loc_fffac0ae  ; jmp 0xfffac0ae

loc_fffabe8e:  ; not directly referenced
cmp eax, 0x7f
mov edx, dword [ebp - 0x20]
cmovle edi, eax
mov eax, edi
and eax, 0x7f
mov ecx, eax
shl ecx, 7
or ecx, eax
mov eax, dword [ebp - 0x1c]
shl edx, 8
add edx, 0x1408
call fcn_fffb3381  ; call 0xfffb3381
cmp byte [ebp - 0x30], 0
je loc_fffac0bd  ; je 0xfffac0bd
mov dword [esi + 0x119], edi
mov dword [esi + 0x11d], edi
jmp near loc_fffac0bd  ; jmp 0xfffac0bd

loc_fffabecf:  ; not directly referenced
cmp eax, 0x7f
cmovle edi, eax
cmp dword [ebp - 0x2c], 0
je short loc_fffabf0f  ; je 0xfffabf0f
mov eax, edi
test bl, 1
jne short loc_fffabee8  ; jne 0xfffabee8
mov al, byte [esi + 0x111]

loc_fffabee8:  ; not directly referenced
and eax, 0x7f
and eax, 0x7f
and bl, 2
jne short loc_fffabefa  ; jne 0xfffabefa
movzx edi, byte [esi + 0x115]

loc_fffabefa:  ; not directly referenced
and edi, 0x7f
mov ebx, edi
and ebx, 0x7f
shl ebx, 7
or ebx, eax
cmp byte [ebp - 0x30], 0
jne short loc_fffabf43  ; jne 0xfffabf43
jmp short loc_fffabf59  ; jmp 0xfffabf59

loc_fffabf0f:  ; not directly referenced
mov eax, edi
mov edx, dword [ebp - 0x20]
and eax, 0x7f
mov ebx, eax
shl ebx, 7
or ebx, eax
mov eax, dword [ebp - 0x1c]
shl edx, 8
mov ecx, ebx
add edx, 0x1208
call fcn_fffb3381  ; call 0xfffb3381
cmp byte [ebp - 0x30], 0
je short loc_fffabf59  ; je 0xfffabf59
mov dword [esi + 0x109], edi
mov dword [esi + 0x10d], edi

loc_fffabf43:  ; not directly referenced
mov eax, ebx
and eax, 0x7f
mov dword [esi + 0x111], eax
mov eax, ebx
shr eax, 7
mov dword [esi + 0x115], eax

loc_fffabf59:  ; not directly referenced
mov edx, dword [ebp - 0x20]
mov ecx, ebx
shl edx, 8
add edx, 0x1a08
jmp near loc_fffac0ae  ; jmp 0xfffac0ae

loc_fffabf6c:  ; not directly referenced
cmp eax, 0x7f
mov edx, dword [ebp - 0x20]
cmovle edi, eax
mov eax, edi
and eax, 0x7f
mov ecx, eax
shl ecx, 7
or ecx, eax
mov eax, dword [ebp - 0x1c]
shl edx, 8
add edx, 0x1208
call fcn_fffb3381  ; call 0xfffb3381
cmp byte [ebp - 0x30], 0
je loc_fffac0bd  ; je 0xfffac0bd
mov dword [esi + 0x109], edi
mov dword [esi + 0x10d], edi
jmp near loc_fffac0bd  ; jmp 0xfffac0bd

loc_fffabfad:  ; not directly referenced
imul ecx, edx, 7
mov edi, eax
shl edi, cl
add ebx, edi
cmp byte [ebp - 0x25], 0
je short loc_fffabfca  ; je 0xfffabfca
mov byte [esi + edx + 0x245], al
mov byte [esi + edx + 0x249], al

loc_fffabfca:  ; not directly referenced
inc edx
cmp edx, 4
je short loc_fffabfe9  ; je 0xfffabfe9

loc_fffabfd0:  ; not directly referenced
mov edi, dword [ebp - 0x24]
bt edi, edx
jb short loc_fffabfad  ; jb 0xfffabfad
movzx edi, byte [esi + edx + 0x245]
imul ecx, edx, 7
shl edi, cl
add ebx, edi
jmp short loc_fffabfca  ; jmp 0xfffabfca

loc_fffabfe9:  ; not directly referenced
cmp dword [ebp - 0x2c], 0
je short loc_fffac010  ; je 0xfffac010
mov eax, dword [ebp - 0x1c]
cmp byte [eax + 0x240a], 0
je short loc_fffac010  ; je 0xfffac010
movzx eax, byte [esi + 0x245]
and ebx, 0xffe03fff
and eax, 0x7f
shl eax, 0xe
or ebx, eax

loc_fffac010:  ; not directly referenced
mov eax, dword [ebp - 0x20]
mov ecx, ebx
shl eax, 8
mov dword [ebp - 0x24], eax
lea edx, [eax + 0x1c18]
mov eax, dword [ebp - 0x1c]
call fcn_fffb3381  ; call 0xfffb3381
cmp dword [ebp - 0x2c], 0
je short loc_fffac09d  ; je 0xfffac09d
mov eax, dword [ebp - 0x1c]
xor edi, edi
mov ecx, dword [ebp - 0x20]
mov dword [ebp - 0x20], 0
movzx ebx, byte [eax + 0x240c]
shl ecx, 2
sar ebx, cl
and ebx, 0xf

loc_fffac04d:  ; not directly referenced
xor edx, edx

loc_fffac04f:  ; not directly referenced
mov cl, dl
mov eax, ebx
shr eax, cl
mov ecx, eax
and ecx, 1
cmp ecx, edi
jne short loc_fffac06e  ; jne 0xfffac06e
movzx eax, byte [esi + edi + 0x249]
imul ecx, edx, 7
shl eax, cl
add dword [ebp - 0x20], eax

loc_fffac06e:  ; not directly referenced
inc edx
cmp edx, 4
jne short loc_fffac04f  ; jne 0xfffac04f
inc edi
cmp edi, 4
jne short loc_fffac04d  ; jne 0xfffac04d
mov eax, dword [ebp - 0x20]
mov ecx, eax
mov edx, eax
shr ecx, 0xe
and eax, 0xffe03fff
shr edx, 0x15
and ecx, 0x7f
and edx, 0x7f
mov ebx, eax
add edx, ecx
shr edx, 1
shl edx, 0xe
or ebx, edx

loc_fffac09d:  ; not directly referenced
mov edx, dword [ebp - 0x24]
and ebx, 0xf01fffff
mov ecx, ebx
add edx, 0x1218

loc_fffac0ae:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
jmp near fcn_fffb3381  ; jmp 0xfffb3381

loc_fffac0bd:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffac0c5:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
mov ebx, dword [ebp + 8]
mov eax, dword [ebx + 0x5edd]
mov edi, dword [ebx + 0x2444]
mov esi, dword [ebx + 0x36e4]
mov dword [ebp - 0x2c], eax
mov eax, dword [ebx + 0x188b]
mov dword [ebp - 0x20], esi
cmp eax, 1
mov dword [ebp - 0x1c], eax
mov eax, dword [ebx + 0x18c1]
sbb esi, esi
push 0xe4
and esi, 0xfffffdeb
push 0
add esi, 0xc80
push 0
push 0
mov dword [ebp - 0x24], eax
call dword [edi + 0x4c]  ; ucall
mov edx, dword [ebp - 0x24]
lea ecx, [eax + edx]
mov dword [esp], ecx
mov dword [ebp - 0x28], ecx
call dword [edi + 0x20]  ; ucall
mov ecx, dword [ebp - 0x28]
add ecx, 4
mov dword [esp], ecx
mov dword [ebp - 0x24], eax
call dword [edi + 0x20]  ; ucall
add esp, 0x10
test byte [ebp - 0x24], 8
setne cl
movzx edi, cl
mov dword [ebp - 0x24], edi
mov edi, dword [ebx + 0x1872]
mov edx, eax
shr eax, 4
mov byte [ebp - 0x2d], cl
mov cl, al
mov eax, dword [ebx + 0x1877]
shr edx, 0x15
and ecx, 7
dec edi
cmp edi, 0x7ffffffd
cmovbe esi, dword [ebx + 0x1872]
mov dword [ebx + 0x36e4], eax
mov dword [ebx + 0x36d4], esi
and edx, 7
je short loc_fffac18e  ; je 0xfffac18e
cmp eax, 2
jne short loc_fffac198  ; jne 0xfffac198
cmp dword [ebp - 0x1c], 0
jne short loc_fffac198  ; jne 0xfffac198

loc_fffac18e:  ; not directly referenced
mov dword [ebx + 0x36e4], 0

loc_fffac198:  ; not directly referenced
cmp dword [ebp - 0x24], 0
mov edi, dword [ebx + 0x36e4]
je short loc_fffac1bd  ; je 0xfffac1bd
test edx, edx
je short loc_fffac1f5  ; je 0xfffac1f5
mov byte [ebx + 0x247f], 1
mov edx, 7
mov dword [ebp - 0x28], 0
jmp short loc_fffac1c9  ; jmp 0xfffac1c9

loc_fffac1bd:  ; not directly referenced
movzx eax, cl
xor esi, esi
mov dword [ebp - 0x28], eax
test edx, edx
je short loc_fffac1e5  ; je 0xfffac1e5

loc_fffac1c9:  ; not directly referenced
sub esp, 0xc
add edx, 6
push 0x5f5e100
mov ecx, 1
mov eax, ebx
call fcn_fffb3d18  ; call 0xfffb3d18
add esp, 0x10
mov esi, eax

loc_fffac1e5:  ; not directly referenced
mov eax, dword [ebp - 0x28]
test eax, eax
je short loc_fffac1f7  ; je 0xfffac1f7
mov edx, 0xb
sub edx, eax
jmp short loc_fffac1fc  ; jmp 0xfffac1fc

loc_fffac1f5:  ; not directly referenced
xor esi, esi

loc_fffac1f7:  ; not directly referenced
mov edx, 0xa

loc_fffac1fc:  ; not directly referenced
sub esp, 0xc
xor ecx, ecx
push 0x5f5e100
mov eax, ebx
call fcn_fffb3d18  ; call 0xfffb3d18
mov ecx, dword [ebp - 0x2c]
add esp, 0x10
mov dl, byte [ebp - 0x2d]
mov dword [ecx + 0x1c6], esi
mov byte [ecx + 0x1ca], dl
cmp dword [ebx + 0x18a7], 0
je short loc_fffac247  ; je 0xfffac247
cmp dword [ebp - 0x24], 0
je short loc_fffac239  ; je 0xfffac239
cmp edi, 1
cmove eax, esi
jmp short loc_fffac249  ; jmp 0xfffac249

loc_fffac239:  ; not directly referenced
xor edi, edi
cmp esi, eax
jbe short loc_fffac249  ; jbe 0xfffac249
mov eax, esi
mov di, 1
jmp short loc_fffac249  ; jmp 0xfffac249

loc_fffac247:  ; not directly referenced
xor edi, edi

loc_fffac249:  ; not directly referenced
cmp eax, dword [ebx + 0x36d4]
jae short loc_fffac26c  ; jae 0xfffac26c
cmp dword [ebx + 0x1877], 2
mov dword [ebx + 0x36d4], eax
je short loc_fffac266  ; je 0xfffac266
cmp dword [ebp - 0x1c], 0
jne short loc_fffac26c  ; jne 0xfffac26c

loc_fffac266:  ; not directly referenced
mov dword [ebx + 0x36e4], edi

loc_fffac26c:  ; not directly referenced
cmp dword [ebp - 0x20], 1
jne short loc_fffac290  ; jne 0xfffac290
cmp dword [ebx + 0x1877], 2
jne short loc_fffac290  ; jne 0xfffac290
cmp dword [ebx + 0x1887], 0x306d0
jne short loc_fffac290  ; jne 0xfffac290
cmp dword [ebx + 0x1883], 4
ja short loc_fffac299  ; ja 0xfffac299

loc_fffac290:  ; not directly referenced
cmp dword [ebx + 0x36e4], 2
jne short loc_fffac2a2  ; jne 0xfffac2a2

loc_fffac299:  ; not directly referenced
mov eax, dword [ebp - 0x20]
mov dword [ebx + 0x36e4], eax

loc_fffac2a2:  ; not directly referenced
mov ecx, dword [ebx + 0x36d4]
mov edx, ref_fffd37fc  ; mov edx, 0xfffd37fc
xor eax, eax

loc_fffac2af:  ; not directly referenced
add edx, 9
cmp ecx, dword [edx - 5]
jne short loc_fffac2c2  ; jne 0xfffac2c2
lea eax, [eax + eax*8]
mov eax, dword [eax + ref_fffd37fc]  ; mov eax, dword [eax - 0x2c804]
jmp short loc_fffac2cd  ; jmp 0xfffac2cd

loc_fffac2c2:  ; not directly referenced
inc eax
cmp eax, 0x15
jne short loc_fffac2af  ; jne 0xfffac2af
mov eax, 0x2625a0

loc_fffac2cd:  ; not directly referenced
mov dword [ebx + 0x36dc], eax
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffac2dd:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x9c
mov eax, dword [ebp + 8]
mov dword [ebp - 0x88], 0
mov dword [ebp - 0x94], 0
mov dword [ebp - 0x90], 0
mov byte [eax + 0x36cb], 8
add eax, 0x1973
mov dword [ebp - 0x9c], eax
mov eax, dword [ebp + 8]
mov dword [ebp - 0x7c], 0x17
mov dword [ebp - 0x80], eax

loc_fffac329:  ; not directly referenced
mov eax, dword [ebp - 0x80]
xor ebx, ebx
add eax, 0x3757
mov dword [ebp - 0x8c], eax
mov eax, dword [ebp - 0x9c]
mov dword [ebp - 0x84], eax
mov dword [ebp - 0x98], eax
mov eax, dword [ebp - 0x88]
add eax, 0x48ca
mov dword [ebp - 0xa0], eax

loc_fffac35c:  ; not directly referenced
mov eax, dword [ebp - 0x98]
cmp dword [eax], 1
ja loc_fffac4fa  ; ja 0xfffac4fa
mov eax, dword [ebp - 0x84]
mov esi, ref_fffd3768  ; mov esi, 0xfffd3768
mov ecx, 0xd
lea edi, [ebp - 0x78]
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea edi, [eax + 0x48]
mov eax, dword [ebp - 0xa0]
lea esi, [eax + ebx]
mov eax, dword [ebp - 0x80]
add esi, dword [ebp + 8]
mov dword [eax + ebx + 0x48ca], 3
xor eax, eax

loc_fffac39f:  ; not directly referenced
inc eax
cmp byte [edi + eax - 1], 0
je short loc_fffac3b0  ; je 0xfffac3b0
xor edx, edx
mov eax, 1
jmp short loc_fffac3bc  ; jmp 0xfffac3bc

loc_fffac3b0:  ; not directly referenced
cmp eax, 0x200
jne short loc_fffac39f  ; jne 0xfffac39f
jmp near loc_fffac4fa  ; jmp 0xfffac4fa

loc_fffac3bc:  ; not directly referenced
cmp dl, 0xc
setbe cl
test cl, al
je short loc_fffac3e8  ; je 0xfffac3e8
push eax
movzx eax, dl
push esi
push edi
push dword [ebp + 8]
mov dword [ebp - 0xa4], edx
call dword [ebp + eax*4 - 0x78]  ; ucall
mov edx, dword [ebp - 0xa4]
add esp, 0x10
inc edx
and eax, 1
jmp short loc_fffac3bc  ; jmp 0xfffac3bc

loc_fffac3e8:  ; not directly referenced
test eax, eax
mov eax, dword [ebp - 0x80]
jne short loc_fffac3ff  ; jne 0xfffac3ff
mov dword [eax + ebx + 0x48ca], 1
jmp near loc_fffac4fa  ; jmp 0xfffac4fa

loc_fffac3ff:  ; not directly referenced
mov dword [eax + ebx + 0x48ca], 2
mov eax, dword [ebp - 0x84]
mov al, byte [eax + 0x4a]
cmp al, 0xf1
sete cl
cmp al, 0xb
sete dl
or cl, dl
je short loc_fffac433  ; je 0xfffac433
mov eax, dword [ebp - 0x84]
mov edx, 0xb
add eax, 0xbd
jmp short loc_fffac44d  ; jmp 0xfffac44d

loc_fffac433:  ; not directly referenced
cmp al, 0xc
jne short loc_fffac449  ; jne 0xfffac449
mov eax, dword [ebp - 0x84]
mov edx, 9
add eax, 0x188
jmp short loc_fffac44d  ; jmp 0xfffac44d

loc_fffac449:  ; not directly referenced
xor edx, edx
xor eax, eax

loc_fffac44d:  ; not directly referenced
mov edi, dword [ebp - 0x88]
lea ecx, [edi + ebx + 0x49b5]
add ecx, dword [ebp + 8]
call fcn_fffb3d76  ; call 0xfffb3d76
mov eax, dword [ebp - 0x84]
cmp dword [eax], 1
jne short loc_fffac47b  ; jne 0xfffac47b
mov eax, dword [ebp - 0x80]
mov dword [eax + ebx + 0x48ca], 1

loc_fffac47b:  ; not directly referenced
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x2481]
test eax, eax
jne short loc_fffac4a0  ; jne 0xfffac4a0
mov eax, dword [ebp - 0x8c]
mov edi, dword [ebp + 8]
mov eax, dword [eax + ebx + 0x1248]
mov dword [edi + 0x2481], eax
jmp short loc_fffac4b9  ; jmp 0xfffac4b9

loc_fffac4a0:  ; not directly referenced
mov esi, dword [ebp - 0x8c]
cmp eax, dword [esi + ebx + 0x1248]
mov eax, 0x1a
cmove eax, dword [ebp - 0x7c]
mov dword [ebp - 0x7c], eax

loc_fffac4b9:  ; not directly referenced
cmp dword [ebp - 0x90], 0
mov eax, dword [ebp - 0x8c]
jne short loc_fffac4d7  ; jne 0xfffac4d7
mov eax, dword [eax + ebx + 0x124c]
mov dword [ebp - 0x90], eax
jmp short loc_fffac4ea  ; jmp 0xfffac4ea

loc_fffac4d7:  ; not directly referenced
mov edi, dword [ebp - 0x90]
cmp edi, dword [eax + ebx + 0x124c]
jne loc_fffac65a  ; jne 0xfffac65a

loc_fffac4ea:  ; not directly referenced
cmp dword [ebp - 0x7c], 0x1a
je loc_fffac683  ; je 0xfffac683
inc dword [ebp - 0x94]

loc_fffac4fa:  ; not directly referenced
add ebx, 0x128
add dword [ebp - 0x98], 0x277
add dword [ebp - 0x84], 0x277
cmp ebx, 0x250
jne loc_fffac35c  ; jne 0xfffac35c
add dword [ebp - 0x88], 0x13c3
add dword [ebp - 0x9c], 0x54a
add dword [ebp - 0x80], 0x13c3
cmp dword [ebp - 0x88], 0x2786
jne loc_fffac329  ; jne 0xfffac329
cmp dword [ebp - 0x94], 0
je loc_fffac683  ; je 0xfffac683
lea edi, [ebp - 0x78]
mov esi, ref_fffd379c  ; mov esi, 0xfffd379c
mov ecx, 0x18
xor ebx, ebx
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov eax, 1

loc_fffac56e:  ; not directly referenced
cmp bl, 0x17
setbe dl
test dl, al
je short loc_fffac58e  ; je 0xfffac58e
sub esp, 0xc
movzx eax, bl
push dword [ebp + 8]
inc ebx
call dword [ebp + eax*4 - 0x78]  ; ucall
add esp, 0x10
and eax, 1
jmp short loc_fffac56e  ; jmp 0xfffac56e

loc_fffac58e:  ; not directly referenced
test eax, eax
je loc_fffac683  ; je 0xfffac683
mov eax, dword [ebp + 8]
mov esi, dword [ebp + 8]
mov byte [eax + 0x3749], 1
add eax, 0x48ca
add esi, 0x7050

loc_fffac5ae:  ; not directly referenced
mov edx, eax
xor ecx, ecx

loc_fffac5b2:  ; not directly referenced
mov edi, dword [edx]
lea ebx, [edi - 1]
cmp ebx, 1
ja short loc_fffac5c2  ; ja 0xfffac5c2
inc dword [eax - 0x10b3]

loc_fffac5c2:  ; not directly referenced
cmp dword [edx], 2
jne short loc_fffac618  ; jne 0xfffac618
mov bl, byte [edx + 0xed]
cmp bl, 1
je short loc_fffac5dd  ; je 0xfffac5dd
cmp bl, 2
sete bl
lea ebx, [ebx + ebx*2]
jmp short loc_fffac5df  ; jmp 0xfffac5df

loc_fffac5dd:  ; not directly referenced
mov bl, 1

loc_fffac5df:  ; not directly referenced
mov edi, dword [ebp + 8]
movzx ebx, bl
shl ebx, cl
or byte [eax - 0x10af], bl
mov bl, byte [edx + 0xcc]
and byte [edi + 0x3749], bl
mov bl, byte [edi + 0x36cb]
movzx edi, byte [edx + 0xf4]
cmp byte [edx + 0xf4], bl
cmovbe ebx, edi
mov edi, dword [ebp + 8]
mov byte [edi + 0x36cb], bl

loc_fffac618:  ; not directly referenced
add ecx, 2
add edx, 0x128
cmp ecx, 4
jne short loc_fffac5b2  ; jne 0xfffac5b2
cmp dword [eax - 0x10b3], 0
je short loc_fffac64b  ; je 0xfffac64b
cmp byte [eax - 0x10af], 0
je short loc_fffac64b  ; je 0xfffac64b
mov ecx, dword [ebp + 8]
inc byte [ecx + 0x3756]
mov dword [eax - 0x1173], 2

loc_fffac64b:  ; not directly referenced
add eax, 0x13c3
cmp eax, esi
jne loc_fffac5ae  ; jne 0xfffac5ae
jmp short loc_fffac663  ; jmp 0xfffac663

loc_fffac65a:  ; not directly referenced
mov dword [ebp - 0x7c], 0x1a
jmp short loc_fffac683  ; jmp 0xfffac683

loc_fffac663:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp byte [eax + 0x3756], 0
je short loc_fffac683  ; je 0xfffac683
mov eax, dword [ebp + 8]
mov dword [ebp - 0x7c], 0
mov dword [eax + 0x374f], 2

loc_fffac683:  ; not directly referenced
mov eax, dword [ebp - 0x7c]
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffac68e:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
movzx ebx, dl
sub esp, 0x2c
mov eax, dword [ebp + 0x10]
imul edx, ebx, 0x13c3
cmp dword [ebp + 8], 0
mov byte [ebp - 0x20], cl
mov dword [ebp - 0x2c], eax
mov cl, al
lea eax, [esi + edx + 0x3757]
mov dword [ebp - 0x1c], eax
je short loc_fffac6c6  ; je 0xfffac6c6
mov al, byte [eax + 0xc4]
mov byte [ebp - 0x20], al

loc_fffac6c6:  ; not directly referenced
cmp dword [esi + 0x2481], 3
sete byte [ebp - 0x24]
xor edi, edi
imul edx, ebx, 0x13c3
lea eax, [esi + edx]
mov dword [ebp - 0x30], eax
movzx eax, cl
mov dword [ebp - 0x28], eax

loc_fffac6e5:  ; not directly referenced
mov eax, dword [ebp - 0x30]
mov edx, 1
mov ecx, edi
shl edx, cl
test byte [eax + 0x381b], dl
je short loc_fffac754  ; je 0xfffac754
mov al, byte [ebp - 0x24]
cmp dword [ebp + 8], 0
setne cl
xor eax, 1
test cl, al
je short loc_fffac727  ; je 0xfffac727
push eax
push dword [ebp - 0x28]
push dword [ebp + 0xc]
mov dword [ebp - 0x34], edx
push edx
push edx
push 0
push ebx
push esi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20
mov edx, dword [ebp - 0x34]
jmp short loc_fffac732  ; jmp 0xfffac732

loc_fffac727:  ; not directly referenced
cmp dword [ebp + 8], 0
jne short loc_fffac732  ; jne 0xfffac732
test byte [ebp - 0x20], dl
je short loc_fffac754  ; je 0xfffac754

loc_fffac732:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
push ecx
push dword [ebp - 0x28]
movzx ecx, byte [eax + edi + 0x245]
add ecx, dword [ebp + 0xc]
push ecx
push 1
push edx
push 4
push ebx
push esi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20

loc_fffac754:  ; not directly referenced
inc edi
cmp edi, 4
jne short loc_fffac6e5  ; jne 0xfffac6e5
movzx edi, byte [ebp - 0x2c]
mov ecx, dword [ebp - 0x1c]
push edx
mov edx, dword [ebp + 0xc]
movzx eax, byte [ebp - 0x20]
push edi
add edx, dword [ecx + 0x111]
mov dword [ebp - 0x20], eax
push edx
push 1
push eax
push 2
push ebx
push esi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20
cmp byte [ebp - 0x24], 0
je loc_fffac83c  ; je 0xfffac83c
imul edx, ebx, 0x54a
xor eax, eax
lea ecx, [edx + 0xf0]
mov dword [ebp - 0x24], ecx

loc_fffac79e:  ; not directly referenced
cmp al, 1
setbe cl
cmp dword [ebp + 8], 0
setne dl
test cl, dl
je short loc_fffac7eb  ; je 0xfffac7eb
mov ecx, dword [ebp - 0x24]
movzx edx, al
lea edx, [esi + edx + 0x186e]
cmp byte [edx + ecx + 0x54b], 0
je short loc_fffac7e8  ; je 0xfffac7e8
push ecx
mov edx, 1
push edi
mov cl, al
push dword [ebp + 0xc]
shl edx, cl
mov dword [ebp - 0x28], eax
push edx
push 0
push 0
push ebx
push esi
call fcn_fffabc7a  ; call 0xfffabc7a
mov eax, dword [ebp - 0x28]
add esp, 0x20

loc_fffac7e8:  ; not directly referenced
inc eax
jmp short loc_fffac79e  ; jmp 0xfffac79e

loc_fffac7eb:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
push edx
mov edx, dword [ebp + 0xc]
push edi
add edx, dword [eax + 0x109]
push edx
push 1
push dword [ebp - 0x20]
push 3
push ebx
push esi
call fcn_fffabc7a  ; call 0xfffabc7a
mov eax, dword [ebp - 0x1c]
add esp, 0x1c
mov edx, dword [ebp + 0xc]
push edi
add edx, dword [eax + 0x115]
push edx
push 2
push dword [ebp - 0x20]
push 2
push ebx
push esi
call fcn_fffabc7a  ; call 0xfffabc7a
mov eax, dword [ebp - 0x1c]
add esp, 0x1c
mov edx, dword [ebp + 0xc]
push edi
add edx, dword [eax + 0x11d]
push edx
push 2
jmp short loc_fffac84d  ; jmp 0xfffac84d

loc_fffac83c:  ; not directly referenced
push eax
mov eax, dword [ebp - 0x1c]
mov edx, dword [ebp + 0xc]
push edi
add edx, dword [eax + 0x119]
push edx
push 1

loc_fffac84d:  ; not directly referenced
push dword [ebp - 0x20]
push 1
push ebx
push esi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffac864:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
push ebx
sub esp, 0x1c
mov eax, dword [eax + 0x188b]
mov dword [ebp - 0x20], edx
cmp eax, 1
je short loc_fffac890  ; je 0xfffac890
sbb ebx, ebx
mov esi, 0
mov byte [ebp - 0x1a], 1
and ebx, 0x364c
jmp short loc_fffac89e  ; jmp 0xfffac89e

loc_fffac890:  ; not directly referenced
mov byte [ebp - 0x1a], 4
mov esi, 4
mov ebx, 0x3650

loc_fffac89e:  ; not directly referenced
mov byte [ebp - 0x19], 0

loc_fffac8a2:  ; not directly referenced
mov ecx, dword [ebp - 0x20]
mov edx, ebx
mov eax, edi
add ebx, esi
call fcn_fffb38b3  ; call 0xfffb38b3
mov al, byte [ebp - 0x1a]
inc byte [ebp - 0x19]
cmp byte [ebp - 0x19], al
jb short loc_fffac8a2  ; jb 0xfffac8a2
add esp, 0x1c
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffac8c3:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, edx
push esi
mov esi, eax
push ebx
sub esp, 0x2c
mov eax, dword [ebp + 8]
mov ebx, dword [esi + 0x2444]
shl edi, 0xa
mov dword [ebp - 0x20], ecx
add edi, 0x4214
mov dword [ebp - 0x24], eax
mov eax, dword [ebp + 0xc]
mov dword [ebp - 0x28], eax
mov eax, dword [ebp + 0x10]
mov dword [ebp - 0x2c], eax
call dword [ebx + 0x54]  ; ucall
add eax, 0x2710
mov dword [ebp - 0x1c], eax

loc_fffac8ff:  ; not directly referenced
mov edx, edi
mov eax, esi
call fcn_fffb331f  ; call 0xfffb331f
shr eax, 0x18
test al, al
jns short loc_fffac91e  ; jns 0xfffac91e
call dword [ebx + 0x54]  ; ucall
cmp dword [ebp - 0x1c], eax
ja short loc_fffac8ff  ; ja 0xfffac8ff

loc_fffac917:  ; not directly referenced
mov eax, 0x12
jmp short loc_fffac97e  ; jmp 0xfffac97e

loc_fffac91e:  ; not directly referenced
mov ecx, dword [ebp - 0x28]
mov edx, edi
mov eax, dword [ebp - 0x24]
shl ecx, 0xd
and ax, 0x1fff
or ecx, eax
mov eax, dword [ebp - 0x20]
movzx ecx, cx
and eax, 3
shl eax, 0x10
or ecx, eax
mov eax, dword [ebp - 0x2c]
and eax, 0x1ff
shl eax, 0x15
or ecx, eax
mov eax, esi
or ecx, 0x80100000
call fcn_fffb3381  ; call 0xfffb3381
call dword [ebx + 0x54]  ; ucall
add eax, 0x2710
mov dword [ebp - 0x1c], eax

loc_fffac962:  ; not directly referenced
mov edx, edi
mov eax, esi
call fcn_fffb331f  ; call 0xfffb331f
shr eax, 0x18
test al, al
jns short loc_fffac97c  ; jns 0xfffac97c
call dword [ebx + 0x54]  ; ucall
cmp dword [ebp - 0x1c], eax
ja short loc_fffac962  ; ja 0xfffac962
jmp short loc_fffac917  ; jmp 0xfffac917

loc_fffac97c:  ; not directly referenced
xor eax, eax

loc_fffac97e:  ; not directly referenced
add esp, 0x2c
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffac986:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
push ebx
mov ebx, dword [ebp + 8]
cmp ecx, edx
ja short loc_fffac99e  ; ja 0xfffac99e
inc edi
inc dword [ebx + 0xc]
imul eax, edi, 0xa
jmp short loc_fffaca01  ; jmp 0xfffaca01

loc_fffac99e:  ; not directly referenced
mov esi, ecx
sub esi, edx
cmp ecx, 6
ja short loc_fffac9cc  ; ja 0xfffac9cc
imul edi, eax, 0xa
mov eax, 7
sub eax, ecx
xor edx, edx
imul eax, eax, 0xa
mov ecx, 0xa
inc dword [ebx + 8]
div esi
cmp eax, 0xa
cmovbe ecx, eax
lea eax, [edi + ecx + 0x14]
jmp short loc_fffaca01  ; jmp 0xfffaca01

loc_fffac9cc:  ; not directly referenced
cmp edx, 7
ja short loc_fffac9e9  ; ja 0xfffac9e9
inc dword [ebx + 4]
test esi, esi
je short loc_fffac9eb  ; je 0xfffac9eb
mov eax, 7
inc edi
sub eax, edx
xor edx, edx
imul eax, eax, 0xa
div esi
jmp short loc_fffac9fc  ; jmp 0xfffac9fc

loc_fffac9e9:  ; not directly referenced
inc dword [ebx]

loc_fffac9eb:  ; not directly referenced
cmp esi, edx
cmovb esi, edx
xor eax, eax
test esi, esi
je short loc_fffaca01  ; je 0xfffaca01
mov al, 0x46
xor edx, edx
div esi

loc_fffac9fc:  ; not directly referenced
imul edi, edi, 0xa
add eax, edi

loc_fffaca01:  ; not directly referenced
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffaca06:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, edx
sub esp, 0x2c
mov esi, dword [eax + 0x2444]
mov byte [ebp - 0x1b], cl
mov cl, byte [ebp + 8]
shl ebx, 0xa
lea edx, [ebx + 0x41bc]
mov dword [ebp - 0x20], eax
mov dword [ebp - 0x28], esi
mov byte [ebp - 0x1c], cl
xor ecx, ecx
call fcn_fffb335b  ; call 0xfffb335b
lea eax, [ebx + 0x41c0]
mov byte [ebp - 0x19], 0
mov dword [ebp - 0x34], eax

loc_fffaca43:  ; not directly referenced
mov cl, byte [ebp - 0x19]
xor esi, esi
xor edi, edi
mov dword [ebp - 0x2c], 0
mov al, cl
and eax, 1
mov byte [ebp - 0x1a], al
mov al, cl
xor ecx, ecx
shr al, 1
and eax, 1
mov dword [ebp - 0x30], eax

loc_fffaca65:  ; not directly referenced
movzx eax, cl
div byte [ebp - 0x1b]
movzx edx, ah
lea eax, [ecx + 0x15]
cmp cl, 0x12
ja short loc_fffaca7f  ; ja 0xfffaca7f
lea eax, [ecx + 8]
cmp cl, 0x10
cmovb eax, ecx

loc_fffaca7f:  ; not directly referenced
cmp dl, byte [ebp - 0x1c]
movzx eax, al
mov edx, dword [ebp - 0x28]
mov dword [ebp - 0x38], ecx
mov edx, dword [edx + 0x68]
mov dword [ebp - 0x24], edx
jne short loc_fffaca9f  ; jne 0xfffaca9f
push ecx
xor edx, edx
push eax
movzx eax, byte [ebp - 0x1a]
push edx
push eax
jmp short loc_fffacaa7  ; jmp 0xfffacaa7

loc_fffaca9f:  ; not directly referenced
push edx
push eax
push dword [ebp - 0x2c]
push dword [ebp - 0x30]

loc_fffacaa7:  ; not directly referenced
mov eax, dword [ebp - 0x24]
call eax
mov ecx, dword [ebp - 0x38]
add esp, 0x10
inc ecx
or eax, esi
or edx, edi
mov esi, eax
mov edi, edx
cmp cl, 0x16
jne short loc_fffaca65  ; jne 0xfffaca65
push eax
push eax
mov eax, dword [ebp - 0x20]
push edx
mov edx, dword [ebp - 0x34]
push esi
call fcn_fffb3506  ; call 0xfffb3506
add esp, 0x10
inc byte [ebp - 0x19]
cmp byte [ebp - 0x19], 8
jne loc_fffaca43  ; jne 0xfffaca43
mov edi, dword [ebp - 0x20]
lea edx, [ebx + 0x41a0]
mov ecx, 0x222
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
lea edx, [ebx + 0x41b0]
mov eax, edi
mov ecx, 0x6010102
call fcn_fffb3381  ; call 0xfffb3381
lea edx, [ebx + 0x41a4]
mov eax, edi
mov ecx, 0xea1
call fcn_fffb3381  ; call 0xfffb3381
lea edx, [ebx + 0x41a8]
mov eax, edi
mov ecx, 0xbeef
call fcn_fffb3381  ; call 0xfffb3381
lea esp, [ebp - 0xc]
mov eax, edi
lea edx, [ebx + 0x41ac]
mov ecx, 0xdead
pop ebx
pop esi
pop edi
pop ebp
jmp near fcn_fffb3381  ; jmp 0xfffb3381

fcn_fffacb43:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, edx
push esi
mov esi, eax
push ebx
sub esp, 0x1c
mov ebx, dword [eax + 0x2444]
mov dword [ebp - 0x20], ecx
shl edi, 0xa
add edi, 0x4214
call dword [ebx + 0x54]  ; ucall
add eax, 0x2710
mov dword [ebp - 0x1c], eax

loc_fffacb6d:  ; not directly referenced
mov edx, edi
mov eax, esi
call fcn_fffb331f  ; call 0xfffb331f
mov ecx, eax
shr eax, 0x18
test al, al
jns short loc_fffacb8e  ; jns 0xfffacb8e
call dword [ebx + 0x54]  ; ucall
cmp dword [ebp - 0x1c], eax
ja short loc_fffacb6d  ; ja 0xfffacb6d

loc_fffacb87:  ; not directly referenced
mov eax, 0x12
jmp short loc_fffacbec  ; jmp 0xfffacbec

loc_fffacb8e:  ; not directly referenced
mov cl, byte [ebp + 8]
mov ch, byte [ebp + 0xc]
mov edx, dword [ebp + 0x10]
mov eax, dword [ebp - 0x20]
or ecx, 0x40000
and edx, 1
and ecx, 0xfff4ffff
shl edx, 0x13
and eax, 3
shl eax, 0x10
or ecx, edx
or ecx, eax
mov edx, edi
or ecx, 0x80000000
mov eax, esi
call fcn_fffb3381  ; call 0xfffb3381
call dword [ebx + 0x54]  ; ucall
add eax, 0x2710
mov dword [ebp - 0x1c], eax

loc_fffacbd0:  ; not directly referenced
mov edx, edi
mov eax, esi
call fcn_fffb331f  ; call 0xfffb331f
shr eax, 0x18
test al, al
jns short loc_fffacbea  ; jns 0xfffacbea
call dword [ebx + 0x54]  ; ucall
cmp dword [ebp - 0x1c], eax
ja short loc_fffacbd0  ; ja 0xfffacbd0
jmp short loc_fffacb87  ; jmp 0xfffacb87

loc_fffacbea:  ; not directly referenced
xor eax, eax

loc_fffacbec:  ; not directly referenced
add esp, 0x1c
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffacbf4:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x1c
mov edi, dword [ebp + 8]
cmp dword [edi + 0x2481], 3
jne short loc_fffacc80  ; jne 0xfffacc80
cmp byte [edi + 0x240a], 0
je short loc_fffacc80  ; je 0xfffacc80
movzx eax, byte [edi + 0x240b]
test al, al
je short loc_fffacc80  ; je 0xfffacc80
mov edx, 3
cmp ax, 3
cmova eax, edx
mov word [ebp - 0x1e], ax
lea ebx, [edi + 0x49d0]
mov dword [ebp - 0x1c], 0

loc_fffacc3a:  ; not directly referenced
cmp dword [ebx - 0x1279], 2
jne short loc_fffacc71  ; jne 0xfffacc71
test byte [ebx - 0x11b5], 1
je short loc_fffacc71  ; je 0xfffacc71
mov si, word [ebx]
xor ecx, ecx
push eax
mov edx, dword [ebp - 0x1c]
push 0
and esi, 0xfffffffc
or si, word [ebp - 0x1e]
movzx eax, si
push eax
mov eax, edi
push 0xb
call fcn_fffacb43  ; call 0xfffacb43
add esp, 0x10
mov word [ebx], si

loc_fffacc71:  ; not directly referenced
inc dword [ebp - 0x1c]
add ebx, 0x13c3
cmp dword [ebp - 0x1c], 2
jne short loc_fffacc3a  ; jne 0xfffacc3a

loc_fffacc80:  ; not directly referenced
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffacc8a:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, ecx
sub esp, 0x4c
mov edi, dword [ebp + 8]
mov esi, dword [ebp + 0x18]
mov ecx, dword [eax + 0x2444]
mov dword [ebp - 0x1c], eax
mov eax, dword [eax + 0x1887]
mov dword [ebp - 0x44], edi
mov edi, dword [ebp + 0xc]
mov dword [ebp - 0x34], esi
mov esi, dword [ebp + 0x1c]
mov dword [ebp - 0x28], edx
mov dword [ebp - 0x24], ecx
mov dword [ebp - 0x30], edi
mov edi, dword [ebp + 0x10]
mov dword [ebp - 0x20], edi
mov edi, dword [ebp + 0x14]
mov dword [ebp - 0x40], edi
mov edi, dword [ebp + 0x20]
cmp eax, 0x306d0
je short loc_fffaccec  ; je 0xfffaccec
cmp eax, 0x40670
je short loc_fffaccec  ; je 0xfffaccec
mov dword [ebp - 0x2c], 0x7f8
mov dword [ebp - 0x38], 0xff
jmp short loc_fffaccfa  ; jmp 0xfffaccfa

loc_fffaccec:  ; not directly referenced
mov dword [ebp - 0x2c], 0xff8
mov dword [ebp - 0x38], 0x1ff

loc_fffaccfa:  ; not directly referenced
test ebx, ebx
je short loc_fffacd72  ; je 0xfffacd72
mov dword [ebp - 0x4c], esi
push esi
push 0x20
movzx edx, word [ebx]
movzx eax, word [ebx + 2]
shl edx, 0x18
shl eax, 0x10
add eax, edx
cdq
push edx
push eax
mov eax, dword [ebp - 0x24]
call dword [eax + 0x68]  ; ucall
add esp, 0xc
mov ecx, dword [ebp - 0x24]
push 0x18
mov esi, eax
movzx eax, word [ebx + 4]
mov dword [ebp - 0x48], edx
xor edx, edx
push edx
push eax
call dword [ecx + 0x68]  ; ucall
movzx ebx, word [ebx + 6]
pop ecx
pop ecx
and edx, dword [ebp - 0x38]
mov dword [ebp - 0x3c], ebx
mov ebx, dword [ebp - 0x2c]
and dword [ebp - 0x3c], ebx
or dword [ebp - 0x3c], esi
and eax, 0xff000000
mov esi, dword [ebp - 0x3c]
or esi, eax
mov eax, dword [ebp - 0x48]
or eax, edx
push eax
mov eax, dword [ebp - 0x28]
push esi
lea edx, [eax*8 + 0x48d8]
mov eax, dword [ebp - 0x1c]
call fcn_fffb3506  ; call 0xfffb3506
mov esi, dword [ebp - 0x4c]
add esp, 0x10

loc_fffacd72:  ; not directly referenced
mov eax, dword [ebp - 0x44]
test eax, eax
je short loc_fffacde9  ; je 0xfffacde9
push edx
mov ebx, dword [ebp - 0x24]
push 0x20
movzx edx, word [eax]
mov dword [ebp - 0x44], esi
mov esi, eax
movzx eax, word [eax + 2]
shl edx, 0x18
shl eax, 0x10
add eax, edx
cdq
push edx
push eax
call dword [ebx + 0x68]  ; ucall
add esp, 0xc
mov ecx, dword [ebp - 0x24]
push 0x18
mov ebx, eax
movzx eax, word [esi + 4]
mov dword [ebp - 0x3c], edx
xor edx, edx
push edx
push eax
call dword [ecx + 0x68]  ; ucall
pop ecx
pop ecx
movzx ecx, word [esi + 6]
and edx, dword [ebp - 0x38]
and eax, 0xff000000
mov esi, ecx
mov ecx, dword [ebp - 0x2c]
and esi, ecx
or esi, ebx
or esi, eax
mov eax, dword [ebp - 0x3c]
or eax, edx
push eax
mov eax, dword [ebp - 0x28]
push esi
lea edx, [eax*8 + 0x48e8]
mov eax, dword [ebp - 0x1c]
call fcn_fffb3506  ; call 0xfffb3506
mov esi, dword [ebp - 0x44]
add esp, 0x10

loc_fffacde9:  ; not directly referenced
cmp dword [ebp - 0x30], 0
setne bl
cmp dword [ebp - 0x34], 0
setne al
mov byte [ebp - 0x2c], al
or al, bl
jne short loc_ffface10  ; jne 0xffface10
test esi, esi
setne dl
test edi, edi
setne al
or dl, al
je loc_fffacf4a  ; je 0xfffacf4a

loc_ffface10:  ; not directly referenced
mov ecx, dword [ebp - 0x28]
xor eax, eax
cmp dword [ebp - 0x30], 0
lea ecx, [ecx*4 + 0x4908]
mov dword [ebp - 0x24], ecx
sete cl
cmp dword [ebp - 0x34], 0
sete dl
or cl, dl
jne short loc_ffface75  ; jne 0xffface75
test esi, esi
sete cl
test edi, edi
sete dl
or cl, dl
jne short loc_ffface75  ; jne 0xffface75

loc_ffface3f:  ; not directly referenced
mov ebx, dword [ebp - 0x30]
and eax, 0xfffffff0
movzx edx, byte [ebx + 3]
movzx ecx, byte [ebx + 2]
and edx, 3
and ecx, 3
or eax, edx
movzx edx, byte [ebx + 1]
shl ecx, 2
or eax, ecx
movzx ecx, byte [ebx]
and al, 0xf
and edx, 3
shl edx, 4
and ecx, 3
or eax, edx
shl ecx, 6
or eax, ecx
jmp short loc_ffface84  ; jmp 0xffface84

loc_ffface75:  ; not directly referenced
mov edx, dword [ebp - 0x24]
mov eax, dword [ebp - 0x1c]
call fcn_fffb331f  ; call 0xfffb331f
test bl, bl
jne short loc_ffface3f  ; jne 0xffface3f

loc_ffface84:  ; not directly referenced
cmp byte [ebp - 0x2c], 0
je short loc_fffacec6  ; je 0xfffacec6
mov ebx, dword [ebp - 0x34]
and eax, 0xfcffffff
movzx ecx, byte [ebx + 3]
movzx edx, byte [ebx + 2]
and ecx, 1
shl ecx, 0x18
and edx, 1
shl edx, 0x19
or eax, ecx
movzx ecx, byte [ebx]
or eax, edx
movzx edx, byte [ebx + 1]
and eax, 0xf3ffffff
and ecx, 1
and edx, 1
shl edx, 0x1a
shl ecx, 0x1b
or eax, edx
or eax, ecx

loc_fffacec6:  ; not directly referenced
test esi, esi
je short loc_fffacf00  ; je 0xfffacf00
movzx ecx, byte [esi + 3]
and eax, 0xcfffffff
movzx edx, byte [esi + 2]
and ecx, 1
shl ecx, 0x1c
and edx, 1
shl edx, 0x1d
or eax, ecx
movzx ecx, byte [esi]
or eax, edx
movzx edx, byte [esi + 1]
and eax, 0x3fffffff
shl ecx, 0x1f
and edx, 1
shl edx, 0x1e
or eax, edx
or eax, ecx

loc_fffacf00:  ; not directly referenced
test edi, edi
je short loc_fffacf3d  ; je 0xfffacf3d
movzx ecx, byte [edi + 3]
and eax, 0xffcf1fff
movzx edx, byte [edi + 2]
and ecx, 1
shl ecx, 0x14
and edx, 1
shl edx, 0x15
or eax, ecx
movzx ecx, byte [edi]
or eax, edx
movzx edx, byte [edi + 1]
and eax, 0xff3f1fff
and ecx, 1
and edx, 1
shl edx, 0x16
shl ecx, 0x17
or eax, edx
or eax, ecx

loc_fffacf3d:  ; not directly referenced
mov ecx, eax
mov edx, dword [ebp - 0x24]
mov eax, dword [ebp - 0x1c]
call fcn_fffb3381  ; call 0xfffb3381

loc_fffacf4a:  ; not directly referenced
mov edx, dword [ebp - 0x40]
cmp dword [ebp - 0x20], 0
setne cl
test edx, edx
setne al
mov byte [ebp - 0x24], al
or al, cl
je loc_fffad0b9  ; je 0xfffad0b9
mov eax, dword [ebp - 0x28]
xor esi, esi
xor ebx, ebx
cmp dword [ebp - 0x20], 0
lea edi, [eax*8 + 0x4910]
sete al
test edx, edx
sete dl
or al, dl
jne short loc_fffacf97  ; jne 0xfffacf97

loc_fffacf82:  ; not directly referenced
mov eax, dword [ebp - 0x20]
mov eax, dword [eax]
cmp eax, 0x1f
jbe short loc_fffacfb5  ; jbe 0xfffacfb5
dec eax
call fcn_fffb396b  ; call 0xfffb396b
movzx eax, al
jmp short loc_fffacfb8  ; jmp 0xfffacfb8

loc_fffacf97:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
mov edx, edi
mov dword [ebp - 0x28], ecx
call fcn_fffb333d  ; call 0xfffb333d
mov ecx, dword [ebp - 0x28]
mov esi, eax
mov ebx, edx
test cl, cl
je loc_fffad064  ; je 0xfffad064
jmp short loc_fffacf82  ; jmp 0xfffacf82

loc_fffacfb5:  ; not directly referenced
sub eax, 0xffffff80

loc_fffacfb8:  ; not directly referenced
mov edx, eax
and ebx, 0x60ffffff
and edx, 0x1f
shl edx, 0x18
shr eax, 7
or ebx, edx
shl eax, 0x1f
or ebx, eax
mov eax, dword [ebp - 0x20]
mov edx, dword [eax + 4]
lea eax, [edx + 0x80]
cmp edx, 0x1f
jbe short loc_fffacfec  ; jbe 0xfffacfec
lea eax, [edx - 1]
call fcn_fffb396b  ; call 0xfffb396b
movzx eax, al

loc_fffacfec:  ; not directly referenced
mov edx, eax
and ebx, 0xfff60fff
and edx, 0x1f
shl edx, 0xc
shl eax, 0xc
or ebx, edx
and eax, 0x80000
or ebx, eax
mov eax, dword [ebp - 0x20]
mov edx, dword [eax + 8]
lea eax, [edx + 0x20]
cmp edx, 0xf
jbe short loc_fffad01f  ; jbe 0xfffad01f
lea eax, [edx - 1]
call fcn_fffb396b  ; call 0xfffb396b
movzx eax, al

loc_fffad01f:  ; not directly referenced
mov edx, eax
and ebx, 0xffffffd0
and edx, 0xf
and eax, 0x20
or ebx, edx
or ebx, eax
mov eax, dword [ebp - 0x20]
mov edx, dword [eax + 0xc]
lea eax, [edx + 0x80]
cmp edx, 0x1f
jbe short loc_fffad04a  ; jbe 0xfffad04a
lea eax, [edx - 1]
call fcn_fffb396b  ; call 0xfffb396b
movzx eax, al

loc_fffad04a:  ; not directly referenced
mov edx, eax
and esi, 0xfff60fff
and edx, 0x1f
shl edx, 0xc
shl eax, 0xc
or esi, edx
and eax, 0x80000
or esi, eax

loc_fffad064:  ; not directly referenced
cmp byte [ebp - 0x24], 0
je short loc_fffad0a2  ; je 0xfffad0a2
mov ecx, dword [ebp - 0x40]
and ebx, 0xff8ffc3f
and esi, 0xff807
movzx edx, byte [ecx]
movzx eax, byte [ecx + 2]
and edx, 7
shl edx, 0x14
and eax, 0xf
shl eax, 6
or ebx, edx
movzx edx, byte [ecx + 6]
or ebx, eax
movzx eax, word [ecx + 4]
shl edx, 3
shl eax, 0x14
or esi, eax
or esi, edx

loc_fffad0a2:  ; not directly referenced
mov dword [ebp + 8], esi
mov eax, dword [ebp - 0x1c]
mov edx, edi
mov dword [ebp + 0xc], ebx
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
jmp near fcn_fffb3506  ; jmp 0xfffb3506

loc_fffad0b9:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffad0c1:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, ecx
push esi
push ebx
mov ebx, edx
sub esp, 0x3c
mov cl, byte [ebp + 8]
mov dword [ebp - 0x2c], eax
mov eax, dword [eax + 0x188b]
mov dword [ebp - 0x24], 0
mov dword [ebp - 0x20], 0
mov byte [ebp - 0x2d], cl
mov dword [ebp - 0x3c], eax
mov eax, dword [ebp + 0xc]
mov dword [ebp - 0x1c], 0
cmp dword [eax], 1
jne loc_fffad20c  ; jne 0xfffad20c
mov dword [edx + 0x1c], 3
xor esi, esi
mov word [edx + 0x2a], 0x20
mov word [edx + 0x28], 0x400
mov word [edx + 0xe], 0x18
mov word [edx + 2], 1
mov word [edx + 0xa], 1

loc_fffad128:  ; not directly referenced
imul eax, esi, 0x13c3
mov ecx, dword [ebp - 0x2c]
cmp dword [ecx + eax + 0x3757], 2
jne loc_fffad1f9  ; jne 0xfffad1f9
lea eax, [ebp - 0x1c]
mov ecx, ebx
push edx
mov edx, esi
push eax
lea eax, [ebp - 0x24]
push eax
lea eax, [ebp - 0x20]
push eax
lea eax, [ebx + 0x24]
push eax
lea eax, [ebx + 0x14]
push eax
lea eax, [ebx + 0x10]
push eax
mov eax, dword [ebp - 0x2c]
push 0
call fcn_fffacc8a  ; call 0xfffacc8a
xor edx, edx
mov eax, 0x1800
mov dword [ebp - 0x38], eax
mov eax, edx
add esp, 0x20
and eax, 0xfffffc00
mov ecx, 1
or eax, 2
mov dword [ebp - 0x34], eax
mov eax, dword [ebp - 0x38]
lea edx, [esi*4 + 0x4980]
and eax, 0x8fffffff
or eax, 0x10000000
cmp dword [ebp - 0x3c], 1
mov dword [ebp - 0x38], eax
lea eax, [edx + 0x20]
cmove edx, eax
mov eax, dword [ebp - 0x2c]
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp - 0x2c]
lea edx, [esi*8 + 0x48a8]
push ecx
push ecx
push dword [ebp - 0x34]
push dword [ebp - 0x38]
call fcn_fffb3506  ; call 0xfffb3506
mov eax, esi
mov ecx, 0x20
shl eax, 0xa
lea edx, [eax + 0x4200]
mov dword [ebp - 0x38], eax
mov eax, dword [ebp - 0x2c]
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, dword [ebp - 0x38]
mov eax, dword [ebp - 0x2c]
lea edx, [ecx + 0x4040]
mov ecx, 0x8092
call fcn_fffb3381  ; call 0xfffb3381
add esp, 0x10

loc_fffad1f9:  ; not directly referenced
inc esi
cmp esi, 2
jne loc_fffad128  ; jne 0xfffad128
mov eax, dword [ebp + 0xc]
mov dword [eax], 0

loc_fffad20c:  ; not directly referenced
mov esi, dword [ebp - 0x2c]
movzx eax, byte [esi + 0x248e]
bt eax, edi
jae loc_fffad30f  ; jae 0xfffad30f
mov eax, edi
shr eax, 1
imul eax, eax, 0x128
mov dword [ebp - 0x38], 0
lea edi, [esi + eax + 0x49af]
lea eax, [ebx + 0x14]
mov dword [ebp - 0x40], eax
movzx eax, byte [ebp - 0x2d]
mov dword [ebp - 0x44], eax

loc_fffad244:  ; not directly referenced
imul eax, dword [ebp - 0x38], 0x13c3
mov esi, dword [ebp - 0x2c]
cmp dword [esi + eax + 0x3757], 2
jne loc_fffad2fc  ; jne 0xfffad2fc
mov ax, word [ebx + 0x2a]
xor edx, edx
lea ecx, [eax*8]
mov ax, word [edi + 4]
div cx
mov edx, dword [ebp - 0x38]
movzx esi, ax
mov eax, dword [edi]
dec eax
mov word [ebx + 0xc], ax
mov ax, word [edi + 4]
sub eax, ecx
xor ecx, ecx
mov word [ebx + 0xe], ax
lea eax, [esi - 1]
mov dword [ebx + 0x1c], eax
push eax
push 0
push 0
push 0
push 0
push dword [ebp - 0x40]
lea eax, [ebx + 8]
push 0
push eax
mov eax, dword [ebp - 0x2c]
call fcn_fffacc8a  ; call 0xfffacc8a
add esp, 0x20
cmp byte [ebp - 0x2d], 0
je short loc_fffad2b7  ; je 0xfffad2b7
mov eax, dword [ebp - 0x44]
jmp short loc_fffad2bf  ; jmp 0xfffad2bf

loc_fffad2b7:  ; not directly referenced
mov eax, dword [edi]
shr eax, 0xa
imul eax, esi

loc_fffad2bf:  ; not directly referenced
dec eax
call fcn_fffb396b  ; call 0xfffb396b
imul esi, dword [ebp - 0x38], 0x28
lea edx, [esi + 0x4808]
and eax, 0x7f
mov dword [ebp - 0x3c], eax
mov ecx, eax
mov eax, dword [ebp - 0x2c]
or ecx, 0x400000
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, dword [ebp - 0x3c]
lea edx, [esi + 0x480c]
mov eax, dword [ebp - 0x2c]
or ecx, 0x8000000
call fcn_fffb3381  ; call 0xfffb3381

loc_fffad2fc:  ; not directly referenced
inc dword [ebp - 0x38]
add edi, 0x13c3
cmp dword [ebp - 0x38], 2
jne loc_fffad244  ; jne 0xfffad244

loc_fffad30f:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffad317:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
movzx esi, dl
push ebx
mov ebx, eax
imul eax, esi, 0x13c3
sub esp, 0x1c
and cl, byte [ebx + eax + 0x381b]
mov edi, ecx
and edi, 0xf
jne short loc_fffad369  ; jne 0xfffad369
xor ecx, ecx
mov eax, ebx
lea edx, [esi*4 + 0x4930]
lea esi, [esi*8 + 0x48a8]
call fcn_fffb3381  ; call 0xfffb3381
mov edx, esi
mov eax, ebx
call fcn_fffb331f  ; call 0xfffb331f
mov edx, esi
and ah, 0xf7
mov ecx, eax
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
jmp short loc_fffad3e6  ; jmp 0xfffad3e6

loc_fffad369:  ; not directly referenced
movzx edx, cl
xor eax, eax
xor edi, edi
mov byte [ebp - 0x19], 0
mov dword [ebp - 0x20], edx

loc_fffad377:  ; not directly referenced
mov edx, dword [ebp - 0x20]
bt edx, eax
jae short loc_fffad38f  ; jae 0xfffad38f
movzx ecx, byte [ebp - 0x19]
mov edx, eax
inc byte [ebp - 0x19]
shl ecx, 2
shl edx, cl
or edi, edx

loc_fffad38f:  ; not directly referenced
inc eax
cmp eax, 4
jne short loc_fffad377  ; jne 0xfffad377
mov ecx, edi
mov eax, ebx
lea edx, [esi*4 + 0x4930]
call fcn_fffb3381  ; call 0xfffb3381
mov cl, byte [ebp - 0x19]
lea edi, [esi*8]
lea edx, [edi + 0x48ef]
mov eax, ebx
add edi, 0x48a8
dec ecx
movzx ecx, cl
call fcn_fffb335b  ; call 0xfffb335b
mov edx, edi
mov eax, ebx
call fcn_fffb331f  ; call 0xfffb331f
mov edx, edi
mov edi, 1
or ah, 8
mov ecx, eax
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, esi
shl edi, cl

loc_fffad3e6:  ; not directly referenced
add esp, 0x1c
mov eax, edi
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffad3f0:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x70
mov ebx, dword [ebp + 8]
mov dword [ebp - 0x50], 0
mov byte [ebp - 0x4c], 0
mov byte [ebp - 0x4b], 0
mov eax, dword [ebx + 0x2444]
mov byte [ebp - 0x4a], 1
mov byte [ebp - 0x49], 0
mov dword [ebp - 0x48], 0
mov edi, eax
mov dword [ebp - 0x68], eax
mov eax, dword [ebx + 0x188b]
push 0
push 0x2c
mov dword [ebp - 0x5c], eax
lea eax, [ebp - 0x44]
push eax
mov eax, edi
mov byte [ebp - 0x52], 0
mov byte [ebp - 0x51], 0
call dword [eax + 0x5c]  ; ucall
add esp, 0x10
cmp byte [ebx + 0x3749], 1
je short loc_fffad45e  ; je 0xfffad45e
xor esi, esi
cmp byte [ebx + 0x2407], 1
jne loc_fffad67e  ; jne 0xfffad67e

loc_fffad45e:  ; not directly referenced
push esi
mov eax, ebx
push esi
xor esi, esi
push 0
push 1
lea ecx, [ebp - 0x51]
lea edx, [ebp - 0x52]
mov word [ebp - 0x1a], 1
mov word [ebp - 0x1c], 1
call fcn_fffa8181  ; call 0xfffa8181
add esp, 0x10

loc_fffad482:  ; not directly referenced
imul eax, esi, 0x13c3
cmp dword [ebx + eax + 0x3757], 2
jne loc_fffad536  ; jne 0xfffad536
lea eax, [ebp - 0x48]
mov edx, esi
push ecx
push eax
lea eax, [ebp - 0x50]
push eax
lea eax, [ebp - 0x4c]
push eax
lea eax, [ebp - 0x20]
push eax
lea eax, [ebp - 0x30]
push eax
lea eax, [ebp - 0x34]
push eax
mov eax, ebx
push 0
lea ecx, [ebp - 0x44]
call fcn_fffacc8a  ; call 0xfffacc8a
xor edx, edx
mov eax, 0x1800
mov ecx, edx
add esp, 0x18
and ecx, 0xfffffc00
or ecx, 2
mov edx, ecx
mov ecx, eax
or ecx, 0x28
push edx
mov eax, ecx
lea ecx, [esi*8 + 0x48a8]
push eax
mov edx, ecx
mov eax, ebx
call fcn_fffb3506  ; call 0xfffb3506
add esp, 0x10
cmp dword [ebp - 0x5c], 1
lea edx, [esi*4 + 0x4980]
lea eax, [edx + 0x20]
cmove edx, eax
xor ecx, ecx
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
imul edx, esi, 0x28
mov ecx, 0x400000
mov eax, ebx
add edx, 0x4808
call fcn_fffb3381  ; call 0xfffb3381
mov edx, esi
mov ecx, 0x20
shl edx, 0xa
mov eax, ebx
add edx, 0x4200
call fcn_fffb3381  ; call 0xfffb3381

loc_fffad536:  ; not directly referenced
inc esi
cmp esi, 2
jne loc_fffad482  ; jne 0xfffad482
mov dword [ebp - 0x5c], 0

loc_fffad547:  ; not directly referenced
movzx eax, byte [ebx + 0x248e]
mov edi, dword [ebp - 0x5c]
bt eax, edi
jb short loc_fffad566  ; jb 0xfffad566

loc_fffad556:  ; not directly referenced
inc dword [ebp - 0x5c]
cmp dword [ebp - 0x5c], 4
jne short loc_fffad547  ; jne 0xfffad547
xor esi, esi
jmp near loc_fffad632  ; jmp 0xfffad632

loc_fffad566:  ; not directly referenced
mov cl, byte [ebp - 0x5c]
mov esi, 1
xor edx, edx
mov eax, ebx
shl esi, cl
mov ecx, esi
call fcn_fffad317  ; call 0xfffad317
mov edx, 1
mov ecx, esi
mov edi, eax
mov eax, ebx
call fcn_fffad317  ; call 0xfffad317
mov dl, byte [ebp - 0x5c]
mov dword [ebp - 0x60], 0
shr dl, 1
movzx edx, dl
imul edx, edx, 0x128
or eax, edi
movzx eax, al
mov dword [ebp - 0x64], eax
lea edi, [ebx + edx + 0x49af]
mov dword [ebp - 0x6c], edi

loc_fffad5b2:  ; not directly referenced
mov eax, dword [ebp - 0x60]
xor esi, esi
mov edi, dword [ebp - 0x6c]
mov word [ebp - 0x42], ax
mov word [ebp - 0x3a], ax

loc_fffad5c2:  ; not directly referenced
mov eax, dword [ebp - 0x64]
bt eax, esi
jae short loc_fffad608  ; jae 0xfffad608
mov eax, dword [edi]
lea ecx, [ebp - 0x44]
dec eax
mov word [ebp - 0x38], ax
mov ax, word [edi + 4]
lea edx, [eax - 8]
mov word [ebp - 0x36], dx
shr ax, 3
push edx
movzx eax, ax
push 0
mov edx, esi
push 0
push 0
push 0
mov dword [ebp - 0x28], eax
lea eax, [ebp - 0x30]
push eax
push 0
lea eax, [ebp - 0x3c]
push eax
mov eax, ebx
call fcn_fffacc8a  ; call 0xfffacc8a
add esp, 0x20

loc_fffad608:  ; not directly referenced
inc esi
add edi, 0x13c3
cmp esi, 2
jne short loc_fffad5c2  ; jne 0xfffad5c2
mov edx, dword [ebp - 0x64]
mov eax, ebx
call fcn_fffb33a7  ; call 0xfffb33a7
mov esi, eax
test eax, eax
jne short loc_fffad632  ; jne 0xfffad632
inc dword [ebp - 0x60]
cmp dword [ebp - 0x60], 8
jne short loc_fffad5b2  ; jne 0xfffad5b2
jmp near loc_fffad556  ; jmp 0xfffad556

loc_fffad632:  ; not directly referenced
cmp dword [ebx + 0x3757], 2
jne short loc_fffad64c  ; jne 0xfffad64c
mov ecx, 0x3000
mov edx, 0x48a8
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381

loc_fffad64c:  ; not directly referenced
cmp dword [ebx + 0x4b1a], 2
jne short loc_fffad666  ; jne 0xfffad666
mov ecx, 0x3000
mov edx, 0x48b0
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381

loc_fffad666:  ; not directly referenced
test esi, esi
je short loc_fffad67e  ; je 0xfffad67e
push eax
push eax
mov eax, dword [ebp - 0x68]
push 0xdddc
push ebx
call dword [eax + 0x94]  ; ucall
add esp, 0x10

loc_fffad67e:  ; not directly referenced
lea esp, [ebp - 0xc]
mov eax, esi
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffad688:  ; not directly referenced
push ebp
movzx edx, dl
mov ebp, esp
push ebx
push ebx
cmp dword [eax + 0x2481], 2
push 0
push dword [ebp + 8]
sete bl
shl ebx, 3
movzx ebx, bl
push ecx
mov ecx, 0xf
push ebx
call fcn_fffa947f  ; call 0xfffa947f
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffad6b6:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
xor eax, eax
push ebx
lea esi, [edi + 0x374f]
sub esp, 0x3c
mov byte [ebp - 0x29], 0
mov dword [ebp - 0x3c], esi

loc_fffad6d0:  ; not directly referenced
test eax, eax
sete cl
cmp byte [ebp - 0x29], 1
setbe dl
test cl, dl
je loc_fffad819  ; je 0xfffad819
movzx eax, byte [ebp - 0x29]
imul edx, eax, 0x13c3
mov dword [ebp - 0x30], eax
lea eax, [edi + edx]
cmp dword [eax + 0x3757], 2
jne loc_fffad80a  ; jne 0xfffad80a
mov ebx, dword [ebp - 0x3c]
xor ecx, ecx
mov dword [ebp - 0x38], eax
lea esi, [ebx + edx + 8]
mov dword [ebp - 0x34], esi
mov esi, 1

loc_fffad715:  ; not directly referenced
mov edx, dword [ebp - 0x38]
mov eax, 1
mov bl, cl
shl eax, cl
test byte [edx + 0x381b], al
je loc_fffad7e6  ; je 0xfffad7e6
cmp byte [edi + 0x247c], 0
je short loc_fffad753  ; je 0xfffad753
mov al, cl
mov esi, dword [ebp - 0x34]
shr al, 1
movzx eax, al
imul eax, eax, 0x128
mov si, word [esi + eax + 0x126d]
jmp near loc_fffad7dc  ; jmp 0xfffad7dc

loc_fffad753:  ; not directly referenced
mov edx, dword [ebp - 0x30]
mov eax, edi
mov dword [ebp - 0x40], ecx
call fcn_fffa6bf0  ; call 0xfffa6bf0
test eax, eax
je loc_fffad814  ; je 0xfffad814
mov dl, byte [eax + 1]
xor eax, eax
mov ecx, dword [ebp - 0x40]
test dl, dl
je short loc_fffad7b4  ; je 0xfffad7b4
cmp dl, 0x3c
je short loc_fffad79e  ; je 0xfffad79e
cmp dl, 0x78
je short loc_fffad7a2  ; je 0xfffad7a2
cmp dl, 0x28
je short loc_fffad7a6  ; je 0xfffad7a6
cmp dl, 0xf0
je short loc_fffad7aa  ; je 0xfffad7aa
cmp dl, 0x30
je short loc_fffad7ae  ; je 0xfffad7ae
cmp dl, 0x50
je short loc_fffad7b2  ; je 0xfffad7b2
cmp dl, 0x22
mov al, 7
mov dl, 0
cmovne eax, edx
jmp short loc_fffad7b4  ; jmp 0xfffad7b4

loc_fffad79e:  ; not directly referenced
mov al, 1
jmp short loc_fffad7b4  ; jmp 0xfffad7b4

loc_fffad7a2:  ; not directly referenced
mov al, 2
jmp short loc_fffad7b4  ; jmp 0xfffad7b4

loc_fffad7a6:  ; not directly referenced
mov al, 3
jmp short loc_fffad7b4  ; jmp 0xfffad7b4

loc_fffad7aa:  ; not directly referenced
mov al, 4
jmp short loc_fffad7b4  ; jmp 0xfffad7b4

loc_fffad7ae:  ; not directly referenced
mov al, 5
jmp short loc_fffad7b4  ; jmp 0xfffad7b4

loc_fffad7b2:  ; not directly referenced
mov al, 6

loc_fffad7b4:  ; not directly referenced
shl eax, 8
and si, 0xf8ff
or esi, eax
mov al, bl
shr al, 1
movzx eax, al
imul eax, eax, 0x128
add eax, dword [ebp - 0x34]
mov word [eax + 0x126d], si
mov word [eax + 0x1285], si

loc_fffad7dc:  ; not directly referenced
shr bl, 1
movzx ebx, bl
mov word [ebp + ebx*2 - 0x1c], si

loc_fffad7e6:  ; not directly referenced
add ecx, 2
cmp ecx, 4
jne loc_fffad715  ; jne 0xfffad715
mov edx, dword [ebp - 0x30]
sub esp, 0xc
mov cl, 1
lea eax, [ebp - 0x1c]
push eax
mov eax, edi
call fcn_fffad688  ; call 0xfffad688
add esp, 0x10
jmp short loc_fffad80c  ; jmp 0xfffad80c

loc_fffad80a:  ; not directly referenced
xor eax, eax

loc_fffad80c:  ; not directly referenced
inc byte [ebp - 0x29]
jmp near loc_fffad6d0  ; jmp 0xfffad6d0

loc_fffad814:  ; not directly referenced
mov eax, 1

loc_fffad819:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffad821:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
sub esp, 0x3c
test dl, dl
setne bl
xor eax, eax
imul edi, dword [esi + 0x18a7], 0x2e
and ebx, 1
lea edx, [esi + 0x374f]
shl ebx, 8
mov byte [ebp - 0x2d], 0
mov dword [ebp - 0x3c], edx
mov dword [ebp - 0x40], edi

loc_fffad850:  ; not directly referenced
test eax, eax
sete cl
cmp byte [ebp - 0x2d], 1
setbe dl
test cl, dl
je loc_fffada27  ; je 0xfffada27
movzx eax, byte [ebp - 0x2d]
mov dword [ebp - 0x34], eax
imul eax, eax, 0x13c3
cmp dword [esi + eax + 0x3757], 2
jne loc_fffada11  ; jne 0xfffada11
mov edx, dword [ebp - 0x3c]
lea eax, [edx + eax + 8]
mov dword [ebp - 0x2c], eax
add eax, dword [ebp - 0x40]
mov cx, word [eax + 0x2a]
add eax, 0x20
movzx edi, word [eax - 0x16]
mov ax, word [eax + 8]
cmp cx, 0xc
setne dl
cmp cx, 0xa
mov word [ebp - 0x38], ax
setne al
test dl, al
je short loc_fffad8df  ; je 0xfffad8df
cmp cx, 0x10
setne dl
cmp cx, 0xe
setne al
test dl, al
je short loc_fffad8df  ; je 0xfffad8df
cmp cx, 0x14
setne dl
cmp cx, 0x12
setne al
test dl, al
je short loc_fffad8df  ; je 0xfffad8df
cmp cx, 0x18
jne loc_fffada1b  ; jne 0xfffada1b

loc_fffad8df:  ; not directly referenced
movzx eax, word [ebp - 0x38]
add eax, eax
mov edx, eax
mov dword [ebp - 0x38], eax
movzx eax, cx
cmp edx, eax
jne loc_fffada22  ; jne 0xfffada22
cmp di, 0x10
ja short loc_fffad904  ; ja 0xfffad904
xor eax, eax
test di, 1
jne short loc_fffad913  ; jne 0xfffad913

loc_fffad904:  ; not directly referenced
mov eax, edi
and eax, 0xfffffffb
cmp ax, 0x12
setne al
movzx eax, al

loc_fffad913:  ; not directly referenced
shl eax, 2
and ebx, 0xfffffffb
or ebx, eax
cmp di, 0x10
ja short loc_fffad939  ; ja 0xfffad939
lea eax, [edi - 9]
mov edi, 2
cdq
and ebx, 0xffffff8f
idiv edi
and eax, 7
shl eax, 4
or ebx, eax
jmp short loc_fffad94a  ; jmp 0xfffad94a

loc_fffad939:  ; not directly referenced
sub edi, 2
and ebx, 0xffffff8f
sar edi, 2
and edi, 7
shl edi, 4
or ebx, edi

loc_fffad94a:  ; not directly referenced
cmp cx, 0x14
ja loc_fffad9ff  ; ja 0xfffad9ff
mov eax, dword [ebp - 0x38]
mov ecx, 2
and bh, 0xf1
sub eax, 0xa
cdq
idiv ecx
and eax, 7
shl eax, 9
or ebx, eax

loc_fffad96d:  ; not directly referenced
imul eax, dword [ebp - 0x34], 0x13c3
test byte [esi + eax + 0x381b], 1
je short loc_fffad9aa  ; je 0xfffad9aa
cmp byte [esi + 0x247c], 0
jne short loc_fffad99e  ; jne 0xfffad99e
mov eax, dword [ebp - 0x2c]
mov word [eax + 0x126b], bx
mov word [eax + 0x1283], bx

loc_fffad998:  ; not directly referenced
mov word [ebp - 0x1c], bx
jmp short loc_fffad9aa  ; jmp 0xfffad9aa

loc_fffad99e:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
mov bx, word [eax + 0x126b]
jmp short loc_fffad998  ; jmp 0xfffad998

loc_fffad9aa:  ; not directly referenced
imul eax, dword [ebp - 0x34], 0x13c3
test byte [esi + eax + 0x381b], 4
je short loc_fffad9e7  ; je 0xfffad9e7
cmp byte [esi + 0x247c], 0
jne short loc_fffad9db  ; jne 0xfffad9db
mov eax, dword [ebp - 0x2c]
mov word [eax + 0x1393], bx
mov word [eax + 0x13ab], bx

loc_fffad9d5:  ; not directly referenced
mov word [ebp - 0x1a], bx
jmp short loc_fffad9e7  ; jmp 0xfffad9e7

loc_fffad9db:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
mov bx, word [eax + 0x1393]
jmp short loc_fffad9d5  ; jmp 0xfffad9d5

loc_fffad9e7:  ; not directly referenced
mov edx, dword [ebp - 0x34]
sub esp, 0xc
xor ecx, ecx
lea eax, [ebp - 0x1c]
push eax
mov eax, esi
call fcn_fffad688  ; call 0xfffad688
add esp, 0x10
jmp short loc_fffada13  ; jmp 0xfffada13

loc_fffad9ff:  ; not directly referenced
shl ecx, 7
and bh, 0xf1
and cx, 0xe00
or ebx, ecx
jmp near loc_fffad96d  ; jmp 0xfffad96d

loc_fffada11:  ; not directly referenced
xor eax, eax

loc_fffada13:  ; not directly referenced
inc byte [ebp - 0x2d]
jmp near loc_fffad850  ; jmp 0xfffad850

loc_fffada1b:  ; not directly referenced
mov eax, 0xd
jmp short loc_fffada27  ; jmp 0xfffada27

loc_fffada22:  ; not directly referenced
mov eax, 0x1d

loc_fffada27:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffada2f:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, 0x100
sub esp, 0x90
mov esi, dword [ebp + 8]
lea edx, [ebp - 0x44]
mov dword [ebp - 0x48], 1
mov eax, dword [esi + 0x2444]
push 0
push 0x2c
push edx
call dword [eax + 0x5c]  ; ucall
add esp, 0x10
cmp dword [esi + 0x3757], 2
jne short loc_fffada93  ; jne 0xfffada93
xor edi, edi

loc_fffada69:  ; not directly referenced
mov eax, edi
cmp al, byte [esi + 0x2489]
jae short loc_fffada93  ; jae 0xfffada93
movzx eax, al
and ebx, 0xffffff80
mov edx, eax
inc edi
and edx, 0x7f
or ebx, edx
mov ecx, ebx
lea edx, [eax*4 + 0x40f0]
mov eax, esi
call fcn_fffb3381  ; call 0xfffb3381
jmp short loc_fffada69  ; jmp 0xfffada69

loc_fffada93:  ; not directly referenced
xor edi, edi
cmp dword [esi + 0x4b1a], 2
je short loc_fffadaa9  ; je 0xfffadaa9

loc_fffada9e:  ; not directly referenced
mov byte [ebp - 0x65], 0
xor edi, edi
jmp near loc_fffadc40  ; jmp 0xfffadc40

loc_fffadaa9:  ; not directly referenced
mov eax, edi
cmp al, byte [esi + 0x2489]
jae short loc_fffada9e  ; jae 0xfffada9e
mov eax, edi
and ebx, 0xffffff80
movzx eax, al
inc edi
mov edx, eax
and edx, 0x7f
or ebx, edx
mov ecx, ebx
lea edx, [eax*4 + 0x44f0]
mov eax, esi
call fcn_fffb3381  ; call 0xfffb3381
jmp short loc_fffadaa9  ; jmp 0xfffadaa9

loc_fffadad5:  ; not directly referenced
mov cl, byte [ebp - 0x65]
xor edi, edi
mov dword [ebp - 0x5c], 1
shl dword [ebp - 0x5c], cl
movzx eax, cl
mov dword [ebp - 0x7c], eax
mov al, byte [ebp - 0x5c]
test byte [esi + 0x248e], al
je loc_fffadc3d  ; je 0xfffadc3d
mov ecx, dword [ebp - 0x5c]
xor edx, edx
mov eax, esi
call fcn_fffad317  ; call 0xfffad317
mov ecx, dword [ebp - 0x5c]
mov edx, 1
mov byte [ebp - 0x4a], 0
mov bl, al
mov eax, esi
call fcn_fffad317  ; call 0xfffad317
imul ecx, dword [ebp - 0x7c], 0x18
mov byte [ebp - 0x49], 0
mov dword [ebp - 0x80], 0
mov dword [ebp - 0x8c], ecx
lea ecx, [esi + ecx + 0x49c2]
or eax, ebx
movzx eax, al
mov dword [ebp - 0x90], ecx
mov dword [ebp - 0x64], eax

loc_fffadb44:  ; not directly referenced
mov ecx, dword [ebp - 0x7c]
lea eax, [ebp - 0x48]
push ebx
push ebx
mov ebx, edi
push eax
mov eax, esi
push 1
xor edi, edi
lea edx, [ebp - 0x44]
call fcn_fffad0c1  ; call 0xfffad0c1
mov cl, byte [ebp - 0x80]
add esp, 0x10
mov eax, dword [ebp - 0x90]
mov dword [ebp - 0x84], 1
shl dword [ebp - 0x84], cl
mov dword [ebp - 0x60], eax

loc_fffadb7c:  ; not directly referenced
mov eax, dword [ebp - 0x64]
bt eax, edi
jb loc_fffadc59  ; jb 0xfffadc59

loc_fffadb88:  ; not directly referenced
inc edi
add dword [ebp - 0x60], 0x13c3
cmp edi, 2
jne short loc_fffadb7c  ; jne 0xfffadb7c
mov edx, dword [ebp - 0x64]
mov eax, esi
call fcn_fffb33a7  ; call 0xfffb33a7
test eax, eax
mov edi, eax
lea eax, [esi + 0x49bb]
cmove edi, ebx
mov dword [ebp - 0x84], eax
mov eax, dword [ebp - 0x8c]
xor ebx, ebx
add eax, 7
mov dword [ebp - 0x94], eax

loc_fffadbc3:  ; not directly referenced
mov eax, dword [ebp - 0x64]
bt eax, ebx
jae short loc_fffadbfc  ; jae 0xfffadbfc
mov eax, ebx
shl eax, 0xa
add eax, 0x4114
mov dword [ebp - 0x88], eax
mov byte [ebp - 0x60], 0
mov byte [ebp - 0x78], 0

loc_fffadbe3:  ; not directly referenced
mov al, byte [ebp - 0x78]
cmp al, byte [esi + 0x2489]
jb loc_fffadceb  ; jb 0xfffadceb
cmp byte [ebp - 0x60], 0
jne loc_fffadd2d  ; jne 0xfffadd2d

loc_fffadbfc:  ; not directly referenced
inc ebx
add dword [ebp - 0x84], 0x13c3
cmp ebx, 2
jne short loc_fffadbc3  ; jne 0xfffadbc3
inc dword [ebp - 0x80]
cmp dword [ebp - 0x80], 8
jne loc_fffadb44  ; jne 0xfffadb44
test byte [ebp - 0x64], 1
je short loc_fffadc2b  ; je 0xfffadc2b
cmp byte [ebp - 0x4a], 0xff
mov eax, 0x1f
cmovne edi, eax

loc_fffadc2b:  ; not directly referenced
test byte [ebp - 0x64], 2
je short loc_fffadc3d  ; je 0xfffadc3d
cmp byte [ebp - 0x49], 0xff
mov eax, 0x1f
cmovne edi, eax

loc_fffadc3d:  ; not directly referenced
inc byte [ebp - 0x65]

loc_fffadc40:  ; not directly referenced
test edi, edi
sete dl
cmp byte [ebp - 0x65], 1
setbe al
test dl, al
jne loc_fffadad5  ; jne 0xfffadad5
jmp near loc_fffadd8d  ; jmp 0xfffadd8d

loc_fffadc59:  ; not directly referenced
cmp byte [ebp + edi - 0x4a], 0xff
je loc_fffadb88  ; je 0xfffadb88
mov eax, dword [ebp - 0x60]
mov edx, edi
mov cx, word [eax + 6]
push eax
push eax
mov word [ebp - 0x78], cx
mov ecx, dword [ebp - 0x5c]
or word [ebp - 0x78], 0x10
movzx eax, word [ebp - 0x78]
push eax
mov eax, esi
push 3
call fcn_fffa96cb  ; call 0xfffa96cb
add esp, 0xc
mov ecx, dword [ebp - 0x7c]
mov edx, edi
test eax, eax
cmovne ebx, eax
mov eax, dword [ebp - 0x60]
mov ax, word [eax]
push dword [ebp - 0x84]
and eax, 0xfffc
push 0
or eax, 2
push eax
mov eax, esi
call fcn_fffac8c3  ; call 0xfffac8c3
pop edx
mov edx, edi
pop ecx
mov ecx, dword [ebp - 0x5c]
test eax, eax
cmovne ebx, eax
mov eax, dword [ebp - 0x78]
mov dword [ebp - 0x88], ebx
and eax, 0xffef
push eax
mov eax, esi
push 3
call fcn_fffa96cb  ; call 0xfffa96cb
add esp, 0x10
mov ebx, eax
test eax, eax
cmove ebx, dword [ebp - 0x88]
jmp near loc_fffadb88  ; jmp 0xfffadb88

loc_fffadceb:  ; not directly referenced
mov dl, byte [ebp - 0x78]
movzx eax, byte [ebp + ebx - 0x4a]
movzx ecx, dl
bt eax, edx
jb short loc_fffadd25  ; jb 0xfffadd25
mov eax, dword [ebp - 0x88]
mov dword [ebp - 0x98], ecx
lea edx, [eax + ecx*4]
mov eax, esi
call fcn_fffb331f  ; call 0xfffb331f
mov ecx, dword [ebp - 0x98]
test eax, eax
je short loc_fffadd25  ; je 0xfffadd25
mov eax, 1
shl eax, cl
or byte [ebp - 0x60], al

loc_fffadd25:  ; not directly referenced
inc byte [ebp - 0x78]
jmp near loc_fffadbe3  ; jmp 0xfffadbe3

loc_fffadd2d:  ; not directly referenced
movzx eax, byte [ebp - 0x60]
call fcn_fffb38d9  ; call 0xfffb38d9
mov ecx, dword [ebp - 0x84]
cmp byte [ecx], 8
movzx eax, al
jne short loc_fffadd47  ; jne 0xfffadd47
dec eax
jmp short loc_fffadd4a  ; jmp 0xfffadd4a

loc_fffadd47:  ; not directly referenced
cmp eax, 2

loc_fffadd4a:  ; not directly referenced
sete al
mov edx, dword [ebp - 0x94]
movzx eax, al
test eax, eax
mov eax, 0x1f
cmove edi, eax
mov al, byte [ebp - 0x60]
add edx, dword [ebp - 0x84]
or byte [ebp + ebx - 0x4a], al
xor eax, eax

loc_fffadd6f:  ; not directly referenced
cmp byte [edx + eax + 0x10], 0
jne short loc_fffadd82  ; jne 0xfffadd82
mov cl, byte [ebp - 0x60]
mov byte [edx + eax + 0x10], cl
jmp near loc_fffadbfc  ; jmp 0xfffadbfc

loc_fffadd82:  ; not directly referenced
inc eax
cmp eax, 8
jne short loc_fffadd6f  ; jne 0xfffadd6f
jmp near loc_fffadbfc  ; jmp 0xfffadbfc

loc_fffadd8d:  ; not directly referenced
mov cl, byte [esi + 0x247c]
xor edx, edx
mov eax, esi
mov byte [esi + 0x247c], 1
mov dword [ebp - 0x5c], ecx
call fcn_fffad821  ; call 0xfffad821
mov ecx, dword [ebp - 0x5c]
mov byte [esi + 0x247c], cl
test eax, eax
mov ebx, eax
mov eax, esi
cmove ebx, edi
call fcn_fffaa4a9  ; call 0xfffaa4a9
lea esp, [ebp - 0xc]
mov eax, ebx
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffaddc7:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, eax
lea esi, [ebx + 0x374f]
sub esp, 0x3c
xor eax, eax
mov byte [ebp - 0x2b], 0
mov dword [ebp - 0x40], esi

loc_fffadde1:  ; not directly referenced
test eax, eax
sete cl
cmp byte [ebp - 0x2b], 1
setbe dl
test cl, dl
je loc_fffadf25  ; je 0xfffadf25
movzx eax, byte [ebp - 0x2b]
imul edx, eax, 0x13c3
mov dword [ebp - 0x34], eax
lea eax, [ebx + edx]
cmp dword [eax + 0x3757], 2
jne loc_fffadf16  ; jne 0xfffadf16
mov esi, dword [ebp - 0x40]
mov dword [ebp - 0x30], 0
mov dword [ebp - 0x3c], eax
lea esi, [esi + edx + 8]
mov dword [ebp - 0x38], esi
xor esi, esi

loc_fffade28:  ; not directly referenced
mov edi, dword [ebp - 0x30]
mov eax, edi
mov ecx, edi
mov edi, dword [ebp - 0x3c]
mov byte [ebp - 0x2c], al
mov eax, 1
shl eax, cl
test byte [edi + 0x381b], al
je loc_fffadeed  ; je 0xfffadeed
cmp byte [ebx + 0x247c], 0
je short loc_fffade6b  ; je 0xfffade6b
mov al, cl
mov edx, dword [ebp - 0x38]
shr al, 1
movzx eax, al
imul eax, eax, 0x128
mov si, word [edx + eax + 0x126d]
jmp short loc_fffadee0  ; jmp 0xfffadee0

loc_fffade6b:  ; not directly referenced
mov al, byte [ebp - 0x2c]
mov edx, dword [ebp - 0x34]
shr al, 1
movzx edi, al
mov eax, ebx
mov ecx, edi
call fcn_fffa6998  ; call 0xfffa6998
test eax, eax
je loc_fffadf20  ; je 0xfffadf20
mov edx, dword [ebx + 0x1887]
cmp edx, 0x306d0
sete cl
cmp edx, 0x40650
sete dl
or cl, dl
je short loc_fffadeac  ; je 0xfffadeac
cmp dword [ebx + 0x2481], 1
je short loc_fffadeb2  ; je 0xfffadeb2

loc_fffadeac:  ; not directly referenced
movzx ecx, byte [eax + 1]
jmp short loc_fffadeb4  ; jmp 0xfffadeb4

loc_fffadeb2:  ; not directly referenced
xor ecx, ecx

loc_fffadeb4:  ; not directly referenced
sub esp, 0xc
mov edx, ebx
push esi
lea eax, [ebp - 0x2a]
call fcn_fffa6b7f  ; call 0xfffa6b7f
imul edi, edi, 0x128
mov si, word [ebp - 0x2a]
add edi, dword [ebp - 0x38]
add esp, 0x10
mov word [edi + 0x126d], si
mov word [edi + 0x1285], si

loc_fffadee0:  ; not directly referenced
mov al, byte [ebp - 0x2c]
shr al, 1
movzx eax, al
mov word [ebp + eax*2 - 0x1c], si

loc_fffadeed:  ; not directly referenced
add dword [ebp - 0x30], 2
cmp dword [ebp - 0x30], 4
jne loc_fffade28  ; jne 0xfffade28
mov edx, dword [ebp - 0x34]
sub esp, 0xc
mov ecx, 1
lea eax, [ebp - 0x1c]
push eax
mov eax, ebx
call fcn_fffad688  ; call 0xfffad688
add esp, 0x10
jmp short loc_fffadf18  ; jmp 0xfffadf18

loc_fffadf16:  ; not directly referenced
xor eax, eax

loc_fffadf18:  ; not directly referenced
inc byte [ebp - 0x2b]
jmp near loc_fffadde1  ; jmp 0xfffadde1

loc_fffadf20:  ; not directly referenced
mov eax, 1

loc_fffadf25:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffadf2d:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
sub esp, 0x3c
mov edi, dword [esi + 0x2481]
mov dword [ebp - 0x3c], ecx
mov dword [ebp - 0x38], edi
cmp ecx, 1
je short loc_fffadf70  ; je 0xfffadf70
jb short loc_fffadf60  ; jb 0xfffadf60
cmp ecx, 2
je short loc_fffadf67  ; je 0xfffadf67
cmp ecx, 3
jne loc_fffae060  ; jne 0xfffae060
mov edi, 0xc3
jmp short loc_fffadf6c  ; jmp 0xfffadf6c

loc_fffadf60:  ; not directly referenced
mov edi, 0xff
jmp short loc_fffadf75  ; jmp 0xfffadf75

loc_fffadf67:  ; not directly referenced
mov edi, 0x56

loc_fffadf6c:  ; not directly referenced
xor eax, eax
jmp short loc_fffadf7a  ; jmp 0xfffadf7a

loc_fffadf70:  ; not directly referenced
mov edi, 0xab

loc_fffadf75:  ; not directly referenced
mov eax, 0x400

loc_fffadf7a:  ; not directly referenced
mov word [ebp - 0x1c], ax
movzx ecx, dl
xor ebx, ebx
mov word [ebp - 0x1a], ax
lea eax, [esi + 0x3757]
mov dword [ebp - 0x34], eax
xor eax, eax
mov byte [ebp - 0x2d], 1
mov dword [ebp - 0x40], ecx

loc_fffadf99:  ; not directly referenced
mov ecx, dword [ebp - 0x34]
cmp dword [ecx], 2
jne loc_fffae039  ; jne 0xfffae039
mov ecx, dword [ebp - 0x40]
bt ecx, ebx
jae loc_fffae039  ; jae 0xfffae039
lea edx, [ebx + 1]
bt ecx, edx
jb short loc_fffadfc8  ; jb 0xfffadfc8
mov cl, byte [ebp - 0x2d]
mov dl, 7
cmp dword [ebp - 0x3c], 2
cmove ecx, edx
mov byte [ebp - 0x2d], cl

loc_fffadfc8:  ; not directly referenced
cmp dword [ebp - 0x38], 3
jne short loc_fffae00a  ; jne 0xfffae00a
mov dword [ebp - 0x2c], 0

loc_fffadfd5:  ; not directly referenced
mov cl, byte [ebp - 0x2c]
mov edx, 1
shl edx, cl
mov ecx, dword [ebp - 0x34]
test byte [ecx + 0xc4], dl
je short loc_fffadfff  ; je 0xfffadfff
mov ecx, dword [ebp - 0x2c]
mov edx, ebx
push eax
mov eax, esi
push 0
push edi
push 0xa
call fcn_fffacb43  ; call 0xfffacb43
add esp, 0x10

loc_fffadfff:  ; not directly referenced
inc dword [ebp - 0x2c]
cmp dword [ebp - 0x2c], 4
jne short loc_fffadfd5  ; jne 0xfffadfd5
jmp short loc_fffae039  ; jmp 0xfffae039

loc_fffae00a:  ; not directly referenced
cmp dword [ebp - 0x38], 2
movzx eax, byte [ebp - 0x2d]
jne short loc_fffae01f  ; jne 0xfffae01f
push eax
lea eax, [ebp - 0x1c]
push eax
push 0
push 0xe
jmp short loc_fffae028  ; jmp 0xfffae028

loc_fffae01f:  ; not directly referenced
push eax
lea eax, [ebp - 0x1c]
push eax
push 0
push 6

loc_fffae028:  ; not directly referenced
mov ecx, 0xf
mov edx, ebx
mov eax, esi
call fcn_fffa947f  ; call 0xfffa947f
add esp, 0x10

loc_fffae039:  ; not directly referenced
inc ebx
add dword [ebp - 0x34], 0x13c3
cmp ebx, 2
jne loc_fffadf99  ; jne 0xfffadf99
cmp dword [ebp - 0x3c], 1
mov ebx, eax
ja short loc_fffae065  ; ja 0xfffae065
mov edx, 0x13
mov eax, esi
call fcn_fffa82f9  ; call 0xfffa82f9
jmp short loc_fffae065  ; jmp 0xfffae065

loc_fffae060:  ; not directly referenced
mov ebx, 2

loc_fffae065:  ; not directly referenced
lea esp, [ebp - 0xc]
mov eax, ebx
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffae06f:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
xor esi, esi
push ebx
sub esp, 0x4c
mov ebx, dword [ebp + 8]
mov byte [ebp - 0x28], 2
mov byte [ebp - 0x27], 0x40
mov byte [ebp - 0x26], 1
mov byte [ebp - 0x25], 0x43
mov byte [ebp - 0x24], 3
mov byte [ebp - 0x23], 1
mov byte [ebp - 0x22], 0xb
mov byte [ebp - 0x21], 3
mov dword [ebp - 0x50], 0

loc_fffae0a4:  ; not directly referenced
imul eax, esi, 0x13c3
cmp dword [ebx + eax + 0x3757], 2
jne short loc_fffae0ef  ; jne 0xfffae0ef
mov edi, esi
mov eax, ebx
shl edi, 0xa
add edi, 0x4004
mov edx, edi
call fcn_fffb331f  ; call 0xfffb331f
mov dword [ebp + esi*4 - 0x20], eax
mov al, byte [ebp + esi*4 - 0x1d]
test al, 0x20
jne short loc_fffae0ef  ; jne 0xfffae0ef
or eax, 0x20
mov edx, edi
mov byte [ebp + esi*4 - 0x1d], al
mov ecx, dword [ebp + esi*4 - 0x20]
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov dword [ebp - 0x50], 1

loc_fffae0ef:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffae0a4  ; jne 0xfffae0a4
xor ecx, ecx
mov edx, 3
mov eax, ebx
call fcn_fffadf2d  ; call 0xfffadf2d
test eax, eax
jne loc_fffae328  ; jne 0xfffae328
mov edx, dword [ebx + 0x36d8]
cmp edx, 0x320
jbe short loc_fffae14b  ; jbe 0xfffae14b
cmp edx, 0x42b
jbe short loc_fffae14f  ; jbe 0xfffae14f
cmp edx, 0x4b0
jbe short loc_fffae153  ; jbe 0xfffae153
cmp edx, 0x535
jbe short loc_fffae157  ; jbe 0xfffae157
cmp edx, 0x640
jbe short loc_fffae15b  ; jbe 0xfffae15b
mov al, 0x16
cmp edx, 0x74b
ja loc_fffae328  ; ja 0xfffae328
mov al, 0x1c
jmp short loc_fffae15d  ; jmp 0xfffae15d

loc_fffae14b:  ; not directly referenced
mov al, 0x14
jmp short loc_fffae15d  ; jmp 0xfffae15d

loc_fffae14f:  ; not directly referenced
mov al, 0x16
jmp short loc_fffae15d  ; jmp 0xfffae15d

loc_fffae153:  ; not directly referenced
mov al, 0x17
jmp short loc_fffae15d  ; jmp 0xfffae15d

loc_fffae157:  ; not directly referenced
mov al, 0x18
jmp short loc_fffae15d  ; jmp 0xfffae15d

loc_fffae15b:  ; not directly referenced
mov al, 0x1a

loc_fffae15d:  ; not directly referenced
mov byte [ebp - 0x27], al
lea eax, [ebx + 0x3757]
xor edi, edi
mov dword [ebp - 0x2c], eax

loc_fffae16b:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
cmp dword [eax], 2
jne loc_fffae307  ; jne 0xfffae307
mov dword [ebp - 0x34], 0

loc_fffae17e:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
mov ecx, dword [ebp - 0x34]
mov al, byte [eax + 0xc4]
mov dl, cl
mov esi, eax
mov eax, 1
shl eax, cl
mov ecx, esi
test cl, al
jne short loc_fffae1a9  ; jne 0xfffae1a9

loc_fffae19b:  ; not directly referenced
inc dword [ebp - 0x34]
cmp dword [ebp - 0x34], 4
jne short loc_fffae17e  ; jne 0xfffae17e
jmp near loc_fffae29b  ; jmp 0xfffae29b

loc_fffae1a9:  ; not directly referenced
cmp byte [ebp - 0x34], 0
mov byte [ebp - 0x48], 0
jne short loc_fffae1d3  ; jne 0xfffae1d3
cmp byte [ebx + 0x240a], 0
mov byte [ebp - 0x48], dl
je short loc_fffae1d3  ; je 0xfffae1d3
mov eax, esi
and eax, 2
cmp al, 1
sbb eax, eax
mov dword [ebp - 0x48], eax
and byte [ebp - 0x48], 0xfc
add byte [ebp - 0x48], 7

loc_fffae1d3:  ; not directly referenced
mov eax, edx
and eax, 1
mov dword [ebp - 0x38], 0
mov dword [ebp - 0x4c], eax

loc_fffae1e2:  ; not directly referenced
mov eax, dword [ebp - 0x38]
cmp byte [ebx + 0x247c], 0
movzx edx, byte [ebp + eax*2 - 0x28]
je short loc_fffae21f  ; je 0xfffae21f
cmp edx, 6
ja short loc_fffae20c  ; ja 0xfffae20c
imul eax, dword [ebp - 0x4c], 0xc
mov ecx, dword [ebp - 0x2c]
lea eax, [edx + eax + 0x930]
mov al, byte [ecx + eax*2 + 0xb]
jmp short loc_fffae21a  ; jmp 0xfffae21a

loc_fffae20c:  ; not directly referenced
imul eax, dword [ebp - 0x4c], 0x18
mov ecx, dword [ebp - 0x2c]
mov al, byte [ecx + eax + 0x1279]

loc_fffae21a:  ; not directly referenced
mov byte [ebp - 0x2d], al
jmp short loc_fffae269  ; jmp 0xfffae269

loc_fffae21f:  ; not directly referenced
mov eax, dword [ebp - 0x38]
cmp eax, 3
je short loc_fffae22d  ; je 0xfffae22d
mov al, byte [ebp + eax*2 - 0x27]
jmp short loc_fffae230  ; jmp 0xfffae230

loc_fffae22d:  ; not directly referenced
mov al, byte [ebp - 0x48]

loc_fffae230:  ; not directly referenced
mov byte [ebp - 0x2d], al
cmp edx, 6
ja short loc_fffae251  ; ja 0xfffae251
imul ecx, dword [ebp - 0x4c], 0xc
movzx esi, byte [ebp - 0x2d]
mov eax, dword [ebp - 0x2c]
lea ecx, [edx + ecx + 0x930]
mov word [eax + ecx*2 + 0xb], si
jmp short loc_fffae269  ; jmp 0xfffae269

loc_fffae251:  ; not directly referenced
cmp edx, 0xb
jne short loc_fffae269  ; jne 0xfffae269
imul ecx, dword [ebp - 0x4c], 0x18
movzx esi, byte [ebp - 0x2d]
mov eax, dword [ebp - 0x2c]
mov word [eax + ecx + 0x1279], si

loc_fffae269:  ; not directly referenced
push eax
movzx eax, byte [ebp - 0x2d]
mov ecx, dword [ebp - 0x34]
push 0
push eax
mov eax, ebx
push edx
mov edx, edi
call fcn_fffacb43  ; call 0xfffacb43
add esp, 0x10
test eax, eax
jne loc_fffae328  ; jne 0xfffae328
inc dword [ebp - 0x38]
cmp dword [ebp - 0x38], 4
jne loc_fffae1e2  ; jne 0xfffae1e2
jmp near loc_fffae19b  ; jmp 0xfffae19b

loc_fffae29b:  ; not directly referenced
cmp byte [ebx + 0x247e], 0
jne short loc_fffae2e6  ; jne 0xfffae2e6
cmp dword [ebx + 0x188b], 1
jne short loc_fffae2e6  ; jne 0xfffae2e6
mov eax, edi
shl eax, 8
add eax, 0x1c20
mov edx, eax
mov esi, eax
mov eax, ebx
call fcn_fffb331f  ; call 0xfffb331f
cmp byte [ebx + 0x240a], 1
sbb edx, edx
not edx
add edx, 3
and eax, 0xffffffcf
and edx, 3
shl edx, 4
or eax, edx
mov edx, esi
mov ecx, eax
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381

loc_fffae2e6:  ; not directly referenced
cmp dword [ebp - 0x50], 0
je short loc_fffae307  ; je 0xfffae307
and byte [ebp + edi*4 - 0x1d], 0xdf
mov edx, edi
mov ecx, dword [ebp + edi*4 - 0x20]
shl edx, 0xa
mov eax, ebx
add edx, 0x4004
call fcn_fffb3381  ; call 0xfffb3381

loc_fffae307:  ; not directly referenced
inc edi
add dword [ebp - 0x2c], 0x13c3
cmp edi, 2
jne loc_fffae16b  ; jne 0xfffae16b
mov byte [ebx + 0x247e], 1
xor eax, eax
mov byte [ebx + 0x247c], 1

loc_fffae328:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffae330:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x1c
mov ebx, dword [ebp + 8]
mov dword [ebp - 0x20], 0
lea edi, [ebx + 0x3757]

loc_fffae349:  ; not directly referenced
cmp dword [edi], 2
je short loc_fffae35f  ; je 0xfffae35f

loc_fffae34e:  ; not directly referenced
inc dword [ebp - 0x20]
add edi, 0x13c3
cmp dword [ebp - 0x20], 2
jne short loc_fffae349  ; jne 0xfffae349
jmp short loc_fffae3d2  ; jmp 0xfffae3d2

loc_fffae35f:  ; not directly referenced
mov edx, dword [ebp - 0x20]
xor ecx, ecx
mov eax, ebx
call fcn_fffa7236  ; call 0xfffa7236
mov edx, eax
mov eax, ebx
call fcn_fffb331f  ; call 0xfffb331f
mov edx, dword [ebp - 0x20]
mov ecx, 0xff
mov esi, eax
mov eax, ebx
call fcn_fffa7236  ; call 0xfffa7236
or esi, 0x100000
mov dword [ebp - 0x1c], 0
mov dword [ebp - 0x24], eax

loc_fffae395:  ; not directly referenced
mov cl, byte [ebp - 0x1c]
mov eax, 1
shl eax, cl
test byte [edi + 0xc4], al
je short loc_fffae3c4  ; je 0xfffae3c4
mov eax, dword [ebp - 0x1c]
and esi, 0xff3fffff
mov edx, dword [ebp - 0x24]
and eax, 3
shl eax, 0x16
or esi, eax
mov eax, ebx
mov ecx, esi
call fcn_fffb38b3  ; call 0xfffb38b3

loc_fffae3c4:  ; not directly referenced
inc dword [ebp - 0x1c]
cmp dword [ebp - 0x1c], 4
jne short loc_fffae395  ; jne 0xfffae395
jmp near loc_fffae34e  ; jmp 0xfffae34e

loc_fffae3d2:  ; not directly referenced
cmp dword [ebx + 0x3757], 2
jne short loc_fffae3ee  ; jne 0xfffae3ee
movzx ecx, byte [ebx + 0x381b]
mov edx, 0x4192
mov eax, ebx
call fcn_fffb335b  ; call 0xfffb335b

loc_fffae3ee:  ; not directly referenced
cmp dword [ebx + 0x4b1a], 2
jne short loc_fffae40a  ; jne 0xfffae40a
movzx ecx, byte [ebx + 0x4bde]
mov edx, 0x4592
mov eax, ebx
call fcn_fffb335b  ; call 0xfffb335b

loc_fffae40a:  ; not directly referenced
mov eax, ebx
mov ecx, 1
mov edx, 3
call fcn_fffadf2d  ; call 0xfffadf2d
add esp, 0x1c
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffae425:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0xdc
mov edi, dword [ebp + 0x20]
mov byte [ebp - 0x51], cl
mov esi, dword [ebp + 8]
mov dword [ebp - 0x78], ecx
mov cl, byte [ebp + 0x14]
mov dword [ebp - 0x4c], eax
mov eax, dword [eax + 0x188b]
mov dword [ebp - 0x58], edi
mov edi, dword [ebp + 0x24]
mov ebx, esi
mov byte [ebp - 0xe8], cl
mov cl, byte [ebp + 0x1c]
mov dword [ebp - 0x60], eax
movzx eax, bx
dec eax
mov dword [ebp - 0x50], esi
mov esi, dword [ebp + 0xc]
mov byte [ebp - 0xad], dl
mov byte [ebp - 0x98], cl
mov dword [ebp - 0x5c], edi
mov dword [ebp - 0x45], 0
mov dword [ebp - 0x41], 0
mov dword [ebp - 0x3d], 0
call fcn_fffb396b  ; call 0xfffb396b
mov ecx, dword [ebp - 0x78]
lea edx, [esi + 1]
sub edx, eax
test dl, dl
setle bl
cmp cl, 4
mov byte [ebp - 0x61], al
sete al
or bl, al
jne short loc_fffae4b4  ; jne 0xfffae4b4
cmp cl, 5
mov al, 1
cmove edx, eax
jmp short loc_fffae4b6  ; jmp 0xfffae4b6

loc_fffae4b4:  ; not directly referenced
mov dl, 1

loc_fffae4b6:  ; not directly referenced
mov ebx, dword [ebp - 0x50]
lea ecx, [edx - 1]
movzx esi, byte [ebp - 0x61]
mov dword [ebp - 0x68], 1
shl dword [ebp - 0x68], cl
mov al, bl
add eax, 0xffffff80
cmp bx, 0x7f
cmova eax, esi
add ebx, ebx
mov byte [ebp - 0x88], al
lea eax, [ebx - 0x80]
mov byte [ebp - 0x78], al
cmp bx, 0x7f
jbe short loc_fffae4f8  ; jbe 0xfffae4f8
movzx ebx, bx
lea eax, [ebx - 1]
call fcn_fffb396b  ; call 0xfffb396b
mov byte [ebp - 0x78], al

loc_fffae4f8:  ; not directly referenced
mov eax, dword [ebp + 0x18]
mov bx, word [eax]
movzx eax, bx
dec eax
call fcn_fffb396b  ; call 0xfffb396b
cmp bx, 0x1f
jbe short loc_fffae518  ; jbe 0xfffae518
mov esi, dword [ebp + 0x18]
movzx eax, al
mov word [esi], ax
jmp short loc_fffae521  ; jmp 0xfffae521

loc_fffae518:  ; not directly referenced
mov eax, dword [ebp + 0x18]
add ebx, 0x20
mov word [eax], bx

loc_fffae521:  ; not directly referenced
cmp byte [ebp - 0x58], 0
je short loc_fffae547  ; je 0xfffae547
mov eax, dword [ebp - 0x4c]
mov edx, 0x4cb0
call fcn_fffb331f  ; call 0xfffb331f
mov edi, eax
mov eax, dword [ebp - 0x5c]
and di, 0xfff
add edi, 0x10
cmp ax, di
cmovae edi, eax

loc_fffae547:  ; not directly referenced
cmp di, 0xff
mov eax, 0xff
cmova edi, eax
mov al, byte [ebp - 0x88]
mov word [ebp - 0xa8], di
mov dword [ebp - 0x50], 0x4960
mov dword [ebp - 0x5c], 0x4040
shr al, 7
mov byte [ebp - 0xc8], al
mov al, byte [ebp - 0x78]
mov dword [ebp - 0x58], 0
shr al, 7
mov byte [ebp - 0xd8], al
mov eax, dword [ebp - 0x98]
and eax, 1
mov dword [ebp - 0xb4], eax

loc_fffae59a:  ; not directly referenced
movzx eax, byte [ebp - 0xad]
mov esi, dword [ebp - 0x58]
mov dword [ebp - 0xac], eax
bt eax, esi
jb short loc_fffae5c0  ; jb 0xfffae5c0
mov eax, dword [ebp - 0x50]
xor ecx, ecx
lea edx, [eax + eax - 0x4a18]
jmp near loc_fffae9a7  ; jmp 0xfffae9a7

loc_fffae5c0:  ; not directly referenced
mov eax, dword [ebp - 0x5c]
movzx ecx, byte [ebp - 0xb4]
lea edx, [eax + 0x158]
mov eax, dword [ebp - 0x4c]
call fcn_fffb335b  ; call 0xfffb335b
cmp byte [ebp - 0x98], 0
je short loc_fffae5f9  ; je 0xfffae5f9
mov edx, dword [ebp - 0x58]
sub esp, 0xc
mov ecx, 7
mov eax, dword [ebp - 0x4c]
push 8
call fcn_fffaca06  ; call 0xfffaca06
add esp, 0x10

loc_fffae5f9:  ; not directly referenced
cmp byte [ebp - 0x51], 5
ja short loc_fffae611  ; ja 0xfffae611
movzx eax, byte [ebp - 0x51]
mov dl, byte [eax + ref_fffd38f8]  ; mov dl, byte [eax - 0x2c708]
mov al, byte [eax + ref_fffd38f0]  ; mov al, byte [eax - 0x2c710]
jmp short loc_fffae615  ; jmp 0xfffae615

loc_fffae611:  ; not directly referenced
xor eax, eax
xor edx, edx

loc_fffae615:  ; not directly referenced
and edx, 7
and eax, 7
mov bl, byte [ebp - 0x51]
shl edx, 0x18
xor edi, edi
mov ecx, dword [ebp - 0x50]
shl eax, 0x1c
or eax, edx
and ah, 0xcf
mov edx, eax
mov eax, dword [ebp - 0x4c]
or dh, 0x18
cmp byte [eax + 0x247b], 0
setne al
movzx eax, al
shl eax, 7
or eax, edx
mov edx, eax
or edx, 0x20
cmp bl, 6
mov ebx, dword [ebp - 0x4c]
cmove eax, edx
mov esi, eax
mov eax, edi
and eax, 0xfffffc00
or eax, 2
mov edi, eax
cmp dword [ebp - 0x60], 1
lea eax, [ecx + 0x20]
lea edx, [ecx + 0x40]
mov ecx, dword [ebp - 0x68]
cmovne edx, eax
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov eax, ebx
push ecx
push ecx
mov ecx, dword [ebp - 0x50]
push edi
push esi
lea edx, [ecx + ecx - 0x4a18]
call fcn_fffb3506  ; call 0xfffb3506
mov ecx, dword [ebp - 0x50]
mov eax, ebx
lea edx, [ecx - 0xa8]
mov ecx, 4
call fcn_fffb335b  ; call 0xfffb335b
mov edx, dword [ebp - 0xc8]
add esp, 0x10
mov eax, dword [ebp - 0x88]
mov esi, dword [ebp - 0x78]
mov ecx, dword [ebp - 0xd8]
and edx, 1
mov bl, byte [ebp - 0x51]
shl edx, 7
and eax, 0x7f
or eax, edx
mov edx, dword [ebp - 0xa8]
and esi, 0x7f
or eax, 0x8000000
and ecx, 1
shl ecx, 7
and edx, 0x3fff
shl edx, 8
or eax, edx
mov edx, eax
and edx, 0x83fff00
or edx, esi
or edx, ecx
cmp bl, 4
je short loc_fffae71d  ; je 0xfffae71d
cmp bl, 5
je short loc_fffae763  ; je 0xfffae763
cmp bl, 3
jne loc_fffae7a5  ; jne 0xfffae7a5
mov dword [ebp - 0x38], edx
mov byte [ebp - 0x39], 1
or byte [ebp - 0x36], 0xc0
and byte [ebp - 0x35], 0xfc
jmp near loc_fffae7c7  ; jmp 0xfffae7c7

loc_fffae71d:  ; not directly referenced
mov dword [ebp - 0x38], eax
mov cl, byte [ebp - 0x36]
and byte [ebp - 0x35], 0xfc
and ecx, 0x3f
or ecx, 0x40
mov byte [ebp - 0x36], cl
mov ecx, 1

loc_fffae735:  ; not directly referenced
mov dword [ebp + ecx*4 - 0x38], edx
mov bl, byte [ebp + ecx*4 - 0x36]
and byte [ebp + ecx*4 - 0x35], 0xfc
and ebx, 0x3f
or ebx, 0xffffff80
mov byte [ebp + ecx*4 - 0x36], bl
inc ecx
cmp ecx, 7
jne short loc_fffae735  ; jne 0xfffae735
mov dword [ebp - 0x1c], eax
mov byte [ebp - 0x39], 0xff
and byte [ebp - 0x1a], 0x3f
and byte [ebp - 0x19], 0xfc
jmp short loc_fffae7c7  ; jmp 0xfffae7c7

loc_fffae763:  ; not directly referenced
mov dword [ebp - 0x38], eax
mov cl, byte [ebp - 0x36]
mov dword [ebp - 0x34], edx
mov dword [ebp - 0x30], eax
mov dword [ebp - 0x2c], edx
and ecx, 0x3f
or ecx, 0x40
mov byte [ebp - 0x36], cl
mov cl, byte [ebp - 0x32]
and byte [ebp - 0x35], 0xfc
and byte [ebp - 0x31], 0xfc
and byte [ebp - 0x2e], 0x3f
and ecx, 0x3f
or ecx, 0xffffff80
mov byte [ebp - 0x32], cl
and byte [ebp - 0x2d], 0xfc
or byte [ebp - 0x2a], 0xc0
and byte [ebp - 0x29], 0xfc
mov byte [ebp - 0x39], 0xf
jmp short loc_fffae7c7  ; jmp 0xfffae7c7

loc_fffae7a5:  ; not directly referenced
mov dword [ebp - 0x38], eax
mov dl, byte [ebp - 0x36]
mov dword [ebp - 0x34], eax
and byte [ebp - 0x35], 0xfc
and byte [ebp - 0x32], 0x3f
and byte [ebp - 0x31], 0xfc
and edx, 0x3f
or edx, 0x40
mov byte [ebp - 0x36], dl
mov byte [ebp - 0x39], 3

loc_fffae7c7:  ; not directly referenced
imul eax, dword [ebp - 0x58], 0x28
xor ebx, ebx
lea edi, [ebp - 0x39]
lea esi, [eax + 0x4808]
sub edi, eax

loc_fffae7d8:  ; not directly referenced
movzx eax, byte [ebp - 0x39]
bt eax, ebx
jb loc_fffae8ab  ; jb 0xfffae8ab

loc_fffae7e5:  ; not directly referenced
lea eax, [ebp - 0x3d]
mov esi, dword [ebp - 0x4c]
push edx
mov ecx, dword [ebp + 0x10]
push eax
mov edx, dword [ebp - 0x58]
lea eax, [ebp - 0x41]
push eax
lea eax, [ebp - 0x45]
push eax
mov eax, dword [ebp + 0x10]
add eax, 0x24
push eax
mov eax, dword [ebp + 0x10]
add eax, 0x14
push eax
mov eax, dword [ebp + 0x10]
add eax, 0x10
push eax
mov eax, dword [ebp + 0x10]
add eax, 8
push eax
mov eax, esi
call fcn_fffacc8a  ; call 0xfffacc8a
mov eax, dword [ebp + 0x18]
add esp, 0x20
mov edi, dword [ebp + 0x18]
movzx ecx, byte [eax + 6]
movzx eax, byte [eax + 2]
mov dx, word [edi]
and ecx, 0x3f
and eax, 0x3f
shl eax, 8
mov ebx, edx
shl ecx, 0x10
and ebx, 0x1f
or ecx, eax
mov eax, dword [ebp - 0x5c]
shr dx, 5
or ecx, ebx
and edx, 1
shl edx, 5
or ecx, edx
lea edx, [eax + 0x1c0]
mov eax, esi
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 0x18]
mov dl, byte [eax + 0xa]
cmp dl, 2
sete al
cmp dl, 4
sete dl
or eax, edx
cmp al, 1
mov al, byte [ebp - 0x51]
sbb ecx, ecx
and ecx, 2
movzx ecx, cl
sub eax, 4
or ecx, 0x8090
cmp al, 1
ja short loc_fffae8ce  ; ja 0xfffae8ce
mov al, byte [ebp - 0x61]
and ecx, 0xf8c0ffff
inc eax
and eax, 7
shl eax, 0x18
or ecx, eax
or ecx, 0x10000
jmp short loc_fffae8ce  ; jmp 0xfffae8ce

loc_fffae8ab:  ; not directly referenced
mov ecx, dword [edi + esi - 0x4807]
mov edx, esi
inc ebx
mov eax, dword [ebp - 0x4c]
add esi, 4
call fcn_fffb3381  ; call 0xfffb3381
cmp ebx, 8
jne loc_fffae7d8  ; jne 0xfffae7d8
jmp near loc_fffae7e5  ; jmp 0xfffae7e5

loc_fffae8ce:  ; not directly referenced
mov edi, dword [ebp - 0x4c]
mov esi, dword [ebp - 0x5c]
mov eax, edi
mov edx, esi
call fcn_fffb3381  ; call 0xfffb3381
xor ecx, ecx
mov eax, edi
lea edx, [esi + 0x44]
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, dword [ebp - 0xe8]
mov eax, edi
lea edx, [esi + 0x58]
and ecx, 3
shl ecx, 0xc
or ecx, 0xffff0001
call fcn_fffb3381  ; call 0xfffb3381
lea edx, [esi + 0x98]
push eax
push eax
mov eax, edi
push 0
push 0
call fcn_fffb3506  ; call 0xfffb3506
xor ecx, ecx
mov eax, edi
lea edx, [esi + 0x5c]
call fcn_fffb335b  ; call 0xfffb335b
add esp, 0x10
cmp byte [edi + 0x247b], 0
je short loc_fffae9af  ; je 0xfffae9af
mov eax, dword [ebp - 0x50]
mov ecx, 0xfc
lea edx, [eax - 8]
mov eax, dword [ebp - 0x4c]
call fcn_fffb335b  ; call 0xfffb335b
cmp dword [ebp - 0x60], 1
jne short loc_fffae95c  ; jne 0xfffae95c
mov eax, dword [ebp - 0x50]
mov ecx, 0xff
lea edx, [eax - 7]
mov eax, dword [ebp - 0x4c]
call fcn_fffb335b  ; call 0xfffb335b

loc_fffae95c:  ; not directly referenced
mov eax, dword [ebp - 0x4c]
movzx ebx, word [eax + 0x248a]
test bx, bx
je short loc_fffae97f  ; je 0xfffae97f
mov eax, 0x9c40
cdq
idiv ebx
mov ecx, eax
mov eax, 0x30d40
cdq
idiv ebx
jmp short loc_fffae989  ; jmp 0xfffae989

loc_fffae97f:  ; not directly referenced
mov eax, 0xff
mov ecx, 0xff

loc_fffae989:  ; not directly referenced
mov ebx, ecx
movzx ecx, cl
mov edx, dword [ebp - 0x50]
shl ebx, 8
and ebx, 0xff00
shl ecx, 0x10
shl eax, 0x18
or ecx, ebx
or ecx, eax
or ecx, 2

loc_fffae9a7:  ; not directly referenced
mov eax, dword [ebp - 0x4c]
call fcn_fffb3381  ; call 0xfffb3381

loc_fffae9af:  ; not directly referenced
inc dword [ebp - 0x58]
add dword [ebp - 0x5c], 0x400
add dword [ebp - 0x50], 4
cmp dword [ebp - 0x58], 2
jne loc_fffae59a  ; jne 0xfffae59a
mov edx, dword [ebp - 0xac]
mov ecx, 2
mov eax, dword [ebp - 0x4c]
call fcn_fffadf2d  ; call 0xfffadf2d
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffae9e2:  ; not directly referenced
push ebp
movzx edx, dl
mov ebp, esp
push edi
push esi
mov esi, ecx
push ebx
mov ecx, 0xb
sub esp, 0x4c
mov ebx, eax
lea edi, [ebp - 0x44]
xor eax, eax
rep stosd  ; rep stosd dword es:[edi], eax
lea eax, [ebp - 0x4f]
push 0
push 0
push 0
push eax
movzx eax, byte [ebp + 8]
mov word [ebp - 0x36], 0x3ff
mov dword [ebp - 0x30], 0x20
push eax
lea eax, [ebp - 0x44]
push eax
mov eax, ebx
push esi
push 0x80
mov word [ebp - 0x20], 1
mov word [ebp - 0x1a], 1
mov word [ebp - 0x4f], 4
mov dword [ebp - 0x4d], 0
mov dword [ebp - 0x49], 7
mov byte [ebp - 0x45], 0
call fcn_fffae425  ; call 0xfffae425
lea edx, [esi - 7]
add esp, 0x20
mov al, 1
test dl, dl
cmovg eax, edx
mov byte [ebx + 0x248d], al
mov byte [ebx + 0x248c], 0
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffaea71:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, ref_fffd38bc  ; mov esi, 0xfffd38bc
push ebx
mov ebx, eax
sub esp, 0x5c
mov edi, dword [ebp + 8]
mov eax, edx
mov dword [ebp - 0x5c], edx
mov edx, dword [ebp + 0xc]
mov dword [ebp - 0x60], ecx
mov ecx, 0xb
mov word [ebp - 0x4f], 4
mov dword [ebp - 0x64], edi
lea edi, [ebp - 0x44]
mov dword [ebp - 0x4d], 0
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov esi, 1
mov dword [ebp - 0x49], 9
mov byte [ebp - 0x45], 2
test al, 1
je short loc_fffaead8  ; je 0xfffaead8
mov al, dl
and al, byte [ebx + 0x381b]
mov dword [ebp - 0x68], edx
movzx eax, al
call fcn_fffb38d9  ; call 0xfffb38d9
mov edx, dword [ebp - 0x68]
test al, al
cmovne esi, eax

loc_fffaead8:  ; not directly referenced
test byte [ebp - 0x5c], 2
je short loc_fffaeaf3  ; je 0xfffaeaf3
and dl, byte [ebx + 0x4bde]
movzx eax, dl
call fcn_fffb38d9  ; call 0xfffb38d9
mov ecx, esi
cmp cl, al
cmovb esi, eax

loc_fffaeaf3:  ; not directly referenced
cmp dword [ebx + 0x2481], 1
je short loc_fffaeb0e  ; je 0xfffaeb0e
mov ecx, esi
mov al, 4
cmp cl, 4
cmovbe eax, esi
movzx eax, al
shl eax, 5
jmp short loc_fffaeb13  ; jmp 0xfffaeb13

loc_fffaeb0e:  ; not directly referenced
mov eax, 0x80

loc_fffaeb13:  ; not directly referenced
push 0
mov edi, dword [ebp - 0x60]
movzx eax, ax
push 0
movzx edx, byte [ebp - 0x5c]
push 1
lea ecx, [ebp - 0x4f]
push ecx
movzx ecx, byte [ebp - 0x64]
push ecx
lea ecx, [ebp - 0x44]
push ecx
xor ecx, ecx
push edi
push eax
mov eax, ebx
call fcn_fffae425  ; call 0xfffae425
mov edx, edi
add esp, 0x20
sub edx, 4
mov al, 1
test dl, dl
cmovg eax, edx
mov byte [ebx + 0x248d], al
mov byte [ebx + 0x248c], 2
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffaeb5f:  ; not directly referenced
push ebp
mov ecx, 0xb
mov ebp, esp
push edi
push ebx
mov ebx, eax
lea edi, [ebp - 0x8c]
xor eax, eax
sub esp, 0x90
rep stosd  ; rep stosd dword es:[edi], eax
lea edi, [ebp - 0x60]
mov word [ebp - 0x82], 0xf
mov word [ebp - 0x66], 1
mov word [ebp - 0x97], 1
mov dword [ebp - 0x95], 0
mov dword [ebp - 0x91], 3
mov cl, 0xb
rep stosd  ; rep stosd dword es:[edi], eax
lea edi, [ebp - 0x34]
mov word [ebp - 0x52], 0x3ff
mov dword [ebp - 0x4c], 0x20
mov word [ebp - 0x3c], 1
mov word [ebp - 0x36], 1
mov byte [ebp - 0x8d], 0
mov cl, 0xb
rep stosd  ; rep stosd dword es:[edi], eax
mov eax, dword [ebx + 0x2481]
mov word [ebp - 0x32], 4
mov word [ebp - 0x2a], 4
cmp eax, 3
je short loc_fffaebfb  ; je 0xfffaebfb
dec eax
lea ecx, [ebp - 0x8c]
lea eax, [ebp - 0x60]
cmovne eax, ecx
jmp short loc_fffaebfe  ; jmp 0xfffaebfe

loc_fffaebfb:  ; not directly referenced
lea eax, [ebp - 0x34]

loc_fffaebfe:  ; not directly referenced
push 0
movzx edx, dl
push 0
push 0
lea ecx, [ebp - 0x97]
push ecx
mov ecx, 2
push 0
push eax
mov eax, ebx
push 0xa
push 0x80
call fcn_fffae425  ; call 0xfffae425
add esp, 0x20
mov byte [ebx + 0x248d], 1
mov byte [ebx + 0x248c], 0
lea esp, [ebp - 8]
pop ebx
pop edi
pop ebp
ret

fcn_fffaec3c:  ; not directly referenced
push ebp
xor eax, eax
mov ebp, esp
mov ecx, 0xb
push edi
push esi
push ebx
lea edi, [ebp - 0x1f4]
sub esp, 0x270
rep stosd  ; rep stosd dword es:[edi], eax
mov eax, dword [ebp + 8]
lea edx, [ebp - 0x217]
mov word [ebp - 0x1e6], 0x3ff
mov word [ebp - 0x1ca], 1
mov word [ebp - 0x1ff], 0x20
mov esi, dword [eax + 0x5edd]
mov al, byte [eax + 0x248f]
mov dword [ebp - 0x1fd], 0
mov dword [ebp - 0x1f9], 9
mov byte [ebp - 0x1f5], 0
mov byte [ebp - 0x22c], al
mov eax, dword [ebp + 8]
mov al, byte [eax + 0x248e]
mov byte [ebp - 0x230], al
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x18a7]
mov dword [ebp - 0x234], eax
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x188b]
mov dword [ebp - 0x260], eax
mov eax, dword [ebp + 8]
cmp dword [eax + 0x2481], 2
sete al
movzx eax, al
mov dword [ebp - 0x250], eax
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x2444]
push 1
push 7
push edx
call dword [eax + 0x5c]  ; ucall
mov eax, dword [ebp + 8]
add esp, 0x10
mov eax, dword [eax + 0x1887]
cmp eax, 0x40650
je short loc_fffaed68  ; je 0xfffaed68
ja short loc_fffaed18  ; ja 0xfffaed18
cmp eax, 0x306d0
jmp short loc_fffaed24  ; jmp 0xfffaed24

loc_fffaed18:  ; not directly referenced
cmp eax, 0x40660
je short loc_fffaed32  ; je 0xfffaed32
cmp eax, 0x40670

loc_fffaed24:  ; not directly referenced
jne short loc_fffaed4d  ; jne 0xfffaed4d
mov dword [ebp - 0x248], 0x7f
jmp short loc_fffaed72  ; jmp 0xfffaed72

loc_fffaed32:  ; not directly referenced
mov dword [ebp - 0x248], 0x3f
mov ebx, 0x19
mov dword [ebp - 0x240], 0x14
jmp short loc_fffaed81  ; jmp 0xfffaed81

loc_fffaed4d:  ; not directly referenced
mov dword [ebp - 0x248], 0x3f
mov ebx, 0x15
mov dword [ebp - 0x240], 0x10
jmp short loc_fffaed81  ; jmp 0xfffaed81

loc_fffaed68:  ; not directly referenced
mov dword [ebp - 0x248], 0x3f

loc_fffaed72:  ; not directly referenced
mov dword [ebp - 0x240], 0x12
mov ebx, 0x17

loc_fffaed81:  ; not directly referenced
push 8
movzx edx, byte [ebp - 0x22c]
mov ecx, 2
push 0
push 0
lea eax, [ebp - 0x1ff]
push eax
push 0
lea eax, [ebp - 0x1f4]
push eax
mov eax, dword [ebp + 8]
push 7
push 2
shl ebx, 0x10
call fcn_fffae425  ; call 0xfffae425
lea eax, [esi + 0x1c]
add esp, 0x20
mov dword [ebp - 0x264], eax
xor esi, esi
mov dword [ebp - 0x22c], eax
mov dword [ebp - 0x238], ebx

loc_fffaedcc:  ; not directly referenced
imul eax, esi, 0x13c3
mov edi, dword [ebp + 8]
xor ebx, ebx
cmp dword [edi + eax + 0x3757], 2
jne loc_fffaee75  ; jne 0xfffaee75

loc_fffaede5:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp bl, byte [eax + 0x2489]
jae short loc_fffaee19  ; jae 0xfffaee19
mov eax, dword [ebp + 8]
movzx edi, bl
mov edx, esi
mov ecx, edi
inc ebx
call fcn_fffa71bc  ; call 0xfffa71bc
mov ecx, dword [ebp - 0x22c]
mov ecx, dword [ecx + edi*4 + 0x28]
mov edx, eax
mov eax, dword [ebp + 8]
or ecx, 0x40
call fcn_fffb3381  ; call 0xfffb3381
jmp short loc_fffaede5  ; jmp 0xfffaede5

loc_fffaee19:  ; not directly referenced
mov ecx, 0xff
mov edx, esi
call fcn_fffa7236  ; call 0xfffa7236
mov edi, eax
mov eax, dword [ebp - 0x22c]
mov ebx, dword [eax]
mov eax, dword [ebp + 8]
cmp dword [eax + 0x2481], 3
jne short loc_fffaee4a  ; jne 0xfffaee4a
and ebx, 0xefffffff
mov edx, edi
mov ecx, ebx
call fcn_fffb38b3  ; call 0xfffb38b3

loc_fffaee4a:  ; not directly referenced
mov eax, dword [ebp + 8]
or ebx, 0x1000004
mov edx, edi
mov ecx, ebx
call fcn_fffb38b3  ; call 0xfffb38b3
mov ecx, dword [ebp - 0x238]
mov edx, esi
mov eax, dword [ebp + 8]
shl edx, 0xa
add edx, 0x4028
call fcn_fffb3381  ; call 0xfffb3381

loc_fffaee75:  ; not directly referenced
inc esi
add dword [ebp - 0x22c], 0xcc
cmp esi, 2
jne loc_fffaedcc  ; jne 0xfffaedcc
imul eax, dword [ebp - 0x234], 0x2e
mov dword [ebp - 0x22c], 0
mov dword [ebp - 0x26c], eax
movzx eax, byte [ebp - 0x230]
mov dword [ebp - 0x274], eax
mov eax, dword [ebp + 8]
add eax, 0x3757
mov dword [ebp - 0x234], eax

loc_fffaeebb:  ; not directly referenced
mov edi, dword [ebp - 0x22c]
mov esi, dword [ebp - 0x274]
mov eax, edi
bt esi, edi
jb short loc_fffaef02  ; jb 0xfffaef02

loc_fffaeece:  ; not directly referenced
inc dword [ebp - 0x22c]
cmp dword [ebp - 0x22c], 4
jne short loc_fffaeebb  ; jne 0xfffaeebb
mov eax, dword [ebp + 8]
mov edi, dword [ebp - 0x264]
mov dword [ebp - 0x22c], 0
add eax, 0x3757
mov dword [ebp - 0x234], eax
mov esi, eax
jmp near loc_fffaf927  ; jmp 0xfffaf927

loc_fffaef02:  ; not directly referenced
mov esi, dword [ebp - 0x22c]
and eax, 1
mov dword [ebp - 0x23c], 1
mov dword [ebp - 0x238], 0
mov byte [ebp - 0x254], 0
mov ecx, esi
shl dword [ebp - 0x23c], cl
mov bl, byte [ebp - 0x23c]
mov dword [ebp - 0x24c], eax
mov byte [ebp - 0x230], bl
mov ebx, esi
shr bl, 1
movzx esi, bl
mov byte [ebp - 0x265], bl
mov ebx, dword [ebp - 0x234]
mov dword [ebp - 0x244], esi

loc_fffaef59:  ; not directly referenced
mov ecx, dword [ebp - 0x23c]
mov edx, dword [ebp - 0x238]
mov eax, dword [ebp + 8]
call fcn_fffad317  ; call 0xfffad317
or byte [ebp - 0x254], al
mov al, byte [ebp - 0x230]
test byte [ebx + 0xc4], al
je loc_fffaf0b2  ; je 0xfffaf0b2
mov eax, dword [ebp - 0x22c]
mov edx, 0
mov byte [ebx + eax + 0x1011], 0
mov eax, dword [ebp + 8]
movzx eax, byte [eax + 0x36e8]
cmp al, 1
cmovbe eax, edx
cmp dword [ebp - 0x260], 1
jne short loc_fffaefd1  ; jne 0xfffaefd1
mov esi, dword [ebp + 8]
cmp dword [esi + 0x36e4], 1
jne short loc_fffaefc7  ; jne 0xfffaefc7
imul eax, eax, 0x64
mov ecx, 0x85
cdq
idiv ecx

loc_fffaefc7:  ; not directly referenced
cmp al, 2
lea edx, [eax - 2]
mov al, 0
cmovae eax, edx

loc_fffaefd1:  ; not directly referenced
mov esi, dword [ebp + 8]
cmp dword [esi + 0x2481], 3
mov esi, dword [ebp - 0x26c]
movzx esi, word [ebx + esi + 0xa]
jne short loc_fffaf01d  ; jne 0xfffaf01d
mov edi, dword [ebp + 8]
movzx edx, al
add esi, esi
mov ecx, 4
movzx edi, word [edi + 0x248a]
add edi, edi
cmp al, 5
cmovae ecx, edx
xor edx, edx
lea eax, [edi + 0x157b]
div edi
mov edi, dword [ebp - 0x240]
lea edx, [edi + eax + 1]
add esi, edx
add esi, ecx
jmp short loc_fffaf038  ; jmp 0xfffaf038

loc_fffaf01d:  ; not directly referenced
add esi, esi
movzx ecx, al
cmp al, 5
mov eax, dword [ebp - 0x240]
mov edx, 4
cmovae edx, ecx
lea esi, [eax + esi + 5]
add esi, edx

loc_fffaf038:  ; not directly referenced
mov eax, dword [ebp - 0x248]
mov edi, dword [ebp - 0x22c]
cmp esi, eax
cmova esi, eax
mov eax, dword [ebp - 0x238]
mov ecx, esi
shl eax, 0xa
lea edx, [edi + eax + 0x4024]
mov eax, dword [ebp + 8]
call fcn_fffb335b  ; call 0xfffb335b
mov eax, esi
cmp dword [ebp - 0x250], 0
mov byte [ebx + edi + 0x1015], al
je short loc_fffaf0b2  ; je 0xfffaf0b2
imul edx, dword [ebp - 0x24c], 0x18
imul eax, dword [ebp - 0x244], 0x128
mov ecx, dword [ebp - 0x23c]
add eax, edx
mov ax, word [ebx + eax + 0x1273]
push edx
push edx
mov edx, dword [ebp - 0x238]
or ah, 4
movzx eax, ax
push eax
mov eax, dword [ebp + 8]
push 4
call fcn_fffa96cb  ; call 0xfffa96cb
add esp, 0x10

loc_fffaf0b2:  ; not directly referenced
inc dword [ebp - 0x238]
add ebx, 0x13c3
cmp dword [ebp - 0x238], 2
jne loc_fffaef59  ; jne 0xfffaef59
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x36d8]
cmp eax, 0x320
je short loc_fffaf116  ; je 0xfffaf116
cmp eax, 0x42b
ja short loc_fffaf12a  ; ja 0xfffaf12a
mov eax, dword [ebp + 8]
mov esi, 0x198
cmp dword [eax + 0x2481], 3
mov eax, 0x158
cmovne eax, esi
mov esi, 0x118
mov word [ebp - 0x23c], ax
mov eax, 0xd8
cmovne eax, esi
mov word [ebp - 0x238], ax
jmp short loc_fffaf13c  ; jmp 0xfffaf13c

loc_fffaf116:  ; not directly referenced
mov word [ebp - 0x23c], 0x158
mov word [ebp - 0x238], 0xd8
jmp short loc_fffaf13c  ; jmp 0xfffaf13c

loc_fffaf12a:  ; not directly referenced
mov word [ebp - 0x23c], 0x198
mov word [ebp - 0x238], 0x118

loc_fffaf13c:  ; not directly referenced
mov eax, dword [ebp - 0x238]
mov word [ebp - 0x244], ax
movzx eax, word [ebp - 0x23c]
sub eax, 8
mov dword [ebp - 0x270], eax

loc_fffaf159:  ; not directly referenced
movzx edi, word [ebp - 0x244]
xor ebx, ebx

loc_fffaf162:  ; not directly referenced
imul eax, ebx, 0x13c3
mov esi, dword [ebp + 8]
mov cl, byte [ebp - 0x230]
test byte [esi + eax + 0x381b], cl
je short loc_fffaf17e  ; je 0xfffaf17e
xor esi, esi
jmp short loc_fffaf1c3  ; jmp 0xfffaf1c3

loc_fffaf17e:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffaf162  ; jne 0xfffaf162
movzx eax, byte [ebp - 0x254]
xor ecx, ecx
xor esi, esi
push edi
push 0
push 1
mov edx, eax
mov dword [ebp - 0x258], eax
lea eax, [ebp - 0x217]
push eax
mov eax, dword [ebp + 8]
call fcn_fffaa5b3  ; call 0xfffaa5b3
movzx ebx, word [ebp - 0x244]
add esp, 0x10
lea eax, [ebx - 8]
mov dword [ebp - 0x25c], eax
jmp near loc_fffaf27a  ; jmp 0xfffaf27a

loc_fffaf1c3:  ; not directly referenced
mov ecx, dword [ebp + 8]
mov eax, esi
cmp al, byte [ecx + 0x2489]
jae short loc_fffaf17e  ; jae 0xfffaf17e
push eax
mov eax, esi
mov ecx, dword [ebp - 0x22c]
push edi
movzx eax, al
push 0
mov edx, ebx
push eax
mov eax, dword [ebp + 8]
inc esi
call fcn_fffa7447  ; call 0xfffa7447
add esp, 0x10
jmp short loc_fffaf1c3  ; jmp 0xfffaf1c3

loc_fffaf1f0:  ; not directly referenced
movzx edi, byte [ebp - 0x24c]
mov edx, esi
mov eax, dword [ebp + 8]
mov ecx, edi
call fcn_fffa75c5  ; call 0xfffa75c5
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb331f  ; call 0xfffb331f
mov ecx, dword [ebp - 0x238]
cmp eax, 0x1f
seta al
movzx eax, al
cmp word [ebp - 0x244], cx
jne loc_fffaf2e4  ; jne 0xfffaf2e4
test eax, eax
je short loc_fffaf29b  ; je 0xfffaf29b
lea eax, [esi + esi*8]
add edi, eax
mov dword [ebp + edi*4 - 0x180], ebx
mov dword [ebp + edi*4 - 0x1c8], ebx
mov dword [ebp + edi*4 - 0xf0], ebx
mov dword [ebp + edi*4 - 0x138], ebx
mov dword [ebp + edi*4 - 0x60], ebx
mov dword [ebp + edi*4 - 0xa8], ebx

loc_fffaf259:  ; not directly referenced
inc byte [ebp - 0x24c]

loc_fffaf25f:  ; not directly referenced
mov edi, dword [ebp + 8]
mov al, byte [ebp - 0x24c]
cmp al, byte [edi + 0x2489]
jb short loc_fffaf1f0  ; jb 0xfffaf1f0

loc_fffaf270:  ; not directly referenced
inc esi
cmp esi, 2
je loc_fffaf3ab  ; je 0xfffaf3ab

loc_fffaf27a:  ; not directly referenced
imul eax, esi, 0x13c3
mov edi, dword [ebp + 8]
mov cl, byte [ebp - 0x230]
test byte [edi + eax + 0x381b], cl
je short loc_fffaf270  ; je 0xfffaf270
mov byte [ebp - 0x24c], 0
jmp short loc_fffaf25f  ; jmp 0xfffaf25f

loc_fffaf29b:  ; not directly referenced
lea eax, [esi + esi*8]
add edi, eax
mov dword [ebp + edi*4 - 0x180], 0xfffffff8
mov dword [ebp + edi*4 - 0x1c8], 0xfffffff8
mov dword [ebp + edi*4 - 0xf0], 0xfffffff8
mov dword [ebp + edi*4 - 0x138], 0xfffffff8
mov dword [ebp + edi*4 - 0x60], 0xfffffff8
mov dword [ebp + edi*4 - 0xa8], 0xfffffff8
jmp near loc_fffaf259  ; jmp 0xfffaf259

loc_fffaf2e4:  ; not directly referenced
test eax, eax
je loc_fffaf259  ; je 0xfffaf259
lea eax, [esi + esi*8]
mov ecx, dword [ebp - 0x25c]
add eax, edi
cmp dword [ebp + eax*4 - 0x180], ecx
jne short loc_fffaf307  ; jne 0xfffaf307
mov dword [ebp + eax*4 - 0x180], ebx

loc_fffaf307:  ; not directly referenced
lea eax, [esi + esi*8]
mov ecx, dword [ebp - 0x25c]
add eax, edi
cmp dword [ebp + eax*4 - 0xf0], ecx
mov dword [ebp + eax*4 - 0xf0], ebx
je short loc_fffaf329  ; je 0xfffaf329
mov dword [ebp + eax*4 - 0x138], ebx

loc_fffaf329:  ; not directly referenced
cmp ebx, dword [ebp - 0x270]
jl short loc_fffaf378  ; jl 0xfffaf378
lea eax, [esi + esi*8]
movzx edx, word [ebp - 0x238]
add eax, edi
mov ecx, dword [ebp + eax*4 - 0x1c8]
cmp ecx, edx
jne short loc_fffaf378  ; jne 0xfffaf378
mov edx, dword [ebp + eax*4 - 0x180]
cmp edx, ebx
je short loc_fffaf378  ; je 0xfffaf378
mov edi, ebx
sub edi, dword [ebp + eax*4 - 0x138]
mov dword [ebp + eax*4 - 0x60], edx
sub ecx, edi
sub ecx, 8
mov dword [ebp + eax*4 - 0x1c8], ecx
mov dword [ebp + eax*4 - 0xa8], ecx
jmp near loc_fffaf259  ; jmp 0xfffaf259

loc_fffaf378:  ; not directly referenced
lea eax, [esi + esi*8]
mov ecx, ebx
add edi, eax
mov edx, dword [ebp + edi*4 - 0x138]
mov eax, dword [ebp + edi*4 - 0x60]
sub eax, dword [ebp + edi*4 - 0xa8]
sub ecx, edx
cmp ecx, eax
jle loc_fffaf259  ; jle 0xfffaf259
mov dword [ebp + edi*4 - 0xa8], edx
mov dword [ebp + edi*4 - 0x60], ebx
jmp near loc_fffaf259  ; jmp 0xfffaf259

loc_fffaf3ab:  ; not directly referenced
add word [ebp - 0x244], 8
mov eax, dword [ebp - 0x23c]
cmp word [ebp - 0x244], ax
jb loc_fffaf159  ; jb 0xfffaf159
movzx eax, word [ebp - 0x23c]
xor edi, edi
mov ebx, dword [ebp - 0x234]
mov dword [ebp - 0x254], eax
imul eax, dword [ebp - 0x22c], 9
mov dword [ebp - 0x25c], eax

loc_fffaf3e8:  ; not directly referenced
mov al, byte [ebp - 0x230]
test byte [ebx + 0xc4], al
jne short loc_fffaf459  ; jne 0xfffaf459

loc_fffaf3f6:  ; not directly referenced
inc edi
add ebx, 0x13c3
cmp edi, 2
jne short loc_fffaf3e8  ; jne 0xfffaf3e8
mov eax, dword [ebp + 8]
mov bl, byte [ebp - 0x265]
mov word [ebp - 0x220], 0x1ff
mov word [ebp - 0x21e], 0x1ff
movzx ecx, byte [eax + 0x2489]
mov eax, 1
shl eax, cl
dec eax
mov word [ebp - 0x244], ax
lea eax, [ebx + ebx]
movzx eax, al
mov dword [ebp - 0x23c], eax
inc eax
mov dword [ebp - 0x238], eax
movzx eax, bl
add eax, 0x4028
mov dword [ebp - 0x25c], eax
jmp near loc_fffaf572  ; jmp 0xfffaf572

loc_fffaf459:  ; not directly referenced
lea eax, [edi + edi*8]
mov byte [ebp - 0x238], 0
mov dword [ebp - 0x24c], eax

loc_fffaf469:  ; not directly referenced
mov esi, dword [ebp + 8]
mov al, byte [ebp - 0x238]
cmp al, byte [esi + 0x2489]
jae loc_fffaf3f6  ; jae 0xfffaf3f6
movzx ecx, byte [ebp - 0x238]
mov eax, dword [ebp - 0x24c]
add eax, ecx
mov esi, dword [ebp + eax*4 - 0x60]
mov eax, dword [ebp + eax*4 - 0xa8]
mov dword [ebp - 0x23c], esi
mov dword [ebp - 0x244], eax
add eax, esi
mov esi, 2
cdq
idiv esi
mov esi, dword [ebp - 0x23c]
sub esi, dword [ebp - 0x244]
cmp eax, dword [ebp - 0x254]
jle short loc_fffaf4d8  ; jle 0xfffaf4d8
mov edx, dword [ebp + 8]
cmp byte [edx + 0x1965], 0
je short loc_fffaf4d8  ; je 0xfffaf4d8

loc_fffaf4ce:  ; not directly referenced
mov eax, 7
jmp near loc_fffafdfb  ; jmp 0xfffafdfb

loc_fffaf4d8:  ; not directly referenced
sub esi, 0x21
cmp esi, 0x3e
jbe short loc_fffaf4ec  ; jbe 0xfffaf4ec
mov esi, dword [ebp + 8]
cmp byte [esi + 0x1965], 0
jne short loc_fffaf4ce  ; jne 0xfffaf4ce

loc_fffaf4ec:  ; not directly referenced
mov esi, dword [ebp - 0x25c]
lea edx, [ecx + esi + 0xd8]
mov word [ebx + edx*2 + 1], ax
mov eax, dword [ebp + 8]
mov edx, edi
push esi
push 0
push 0xff
push ecx
mov ecx, dword [ebp - 0x22c]
call fcn_fffa7447  ; call 0xfffa7447
add esp, 0x10
inc byte [ebp - 0x238]
jmp near loc_fffaf469  ; jmp 0xfffaf469

loc_fffaf525:  ; not directly referenced
push ebx
mov edx, dword [ebp - 0x258]
xor ecx, ecx
push 0
xor ebx, ebx
push 1
lea eax, [ebp - 0x217]
push eax
mov eax, dword [ebp + 8]
call fcn_fffaa5b3  ; call 0xfffaa5b3
mov esi, dword [ebp - 0x234]
add esp, 0x10

loc_fffaf54c:  ; not directly referenced
mov al, byte [ebp - 0x230]
xor edi, edi
mov word [ebp + ebx*2 - 0x220], 0
test byte [esi + 0xc4], al
jne short loc_fffaf5b7  ; jne 0xfffaf5b7

loc_fffaf566:  ; not directly referenced
inc ebx
add esi, 0x13c3
cmp ebx, 2
jne short loc_fffaf54c  ; jne 0xfffaf54c

loc_fffaf572:  ; not directly referenced
cmp word [ebp - 0x220], 0
je loc_fffaf6bf  ; je 0xfffaf6bf
jmp short loc_fffaf525  ; jmp 0xfffaf525

loc_fffaf582:  ; not directly referenced
mov eax, edi
mov edx, ebx
movzx ecx, al
mov eax, dword [ebp + 8]
call fcn_fffa75c5  ; call 0xfffa75c5
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb331f  ; call 0xfffb331f
and eax, 0x1ff
cmp eax, 0x1f
jle short loc_fffaf5b6  ; jle 0xfffaf5b6
mov eax, 1
mov ecx, edi
shl eax, cl
or word [ebp + ebx*2 - 0x220], ax

loc_fffaf5b6:  ; not directly referenced
inc edi

loc_fffaf5b7:  ; not directly referenced
mov ecx, dword [ebp + 8]
mov eax, edi
cmp al, byte [ecx + 0x2489]
jb short loc_fffaf582  ; jb 0xfffaf582
mov dx, word [ebp + ebx*2 - 0x220]
cmp dx, word [ebp - 0x244]
je short loc_fffaf5ef  ; je 0xfffaf5ef

loc_fffaf5d5:  ; not directly referenced
movzx eax, dx
xor edi, edi
mov dword [ebp - 0x24c], eax
imul eax, dword [ebp - 0x22c], 9
mov dword [ebp - 0x254], eax
jmp short loc_fffaf65a  ; jmp 0xfffaf65a

loc_fffaf5ef:  ; not directly referenced
mov eax, dword [ebp - 0x22c]
mov al, byte [esi + eax + 0x1011]
cmp al, 0xd
ja short loc_fffaf5d5  ; ja 0xfffaf5d5
mov edi, dword [ebp - 0x22c]
add eax, 2
mov edx, ebx
shl edx, 0xa
add edx, dword [ebp - 0x25c]
mov byte [esi + edi + 0x1011], al
mov eax, dword [ebp - 0x238]
movzx ecx, byte [esi + eax + 0x1011]
mov eax, dword [ebp - 0x23c]
shl ecx, 4
add cl, byte [esi + eax + 0x1011]
mov eax, dword [ebp + 8]
movzx ecx, cl
call fcn_fffb335b  ; call 0xfffb335b
jmp near loc_fffaf566  ; jmp 0xfffaf566

loc_fffaf649:  ; not directly referenced
mov ecx, dword [ebp - 0x24c]
mov eax, edi
movzx eax, al
bt ecx, edi
jb short loc_fffaf66c  ; jb 0xfffaf66c

loc_fffaf659:  ; not directly referenced
inc edi

loc_fffaf65a:  ; not directly referenced
mov ecx, dword [ebp + 8]
mov eax, edi
cmp al, byte [ecx + 0x2489]
jb short loc_fffaf649  ; jb 0xfffaf649
jmp near loc_fffaf566  ; jmp 0xfffaf566

loc_fffaf66c:  ; not directly referenced
mov ecx, dword [ebp - 0x254]
lea edx, [eax + ecx]
lea edx, [esi + edx*2]
mov cx, word [edx + 0x1b1]
cmp cx, 0x7f
jbe short loc_fffaf691  ; jbe 0xfffaf691
add ecx, 0xffffff80
mov word [edx + 0x1b1], cx
jmp short loc_fffaf6a1  ; jmp 0xfffaf6a1

loc_fffaf691:  ; not directly referenced
mov ecx, dword [ebp + 8]
cmp byte [ecx + 0x1965], 0
jne loc_fffaf4ce  ; jne 0xfffaf4ce

loc_fffaf6a1:  ; not directly referenced
push ecx
mov ecx, dword [ebp - 0x22c]
mov edx, ebx
push 0
push 0xff
push eax
mov eax, dword [ebp + 8]
call fcn_fffa7447  ; call 0xfffa7447
add esp, 0x10
jmp short loc_fffaf659  ; jmp 0xfffaf659

loc_fffaf6bf:  ; not directly referenced
cmp word [ebp - 0x21e], 0
jne loc_fffaf525  ; jne 0xfffaf525
mov ebx, dword [ebp - 0x234]
xor esi, esi
imul edi, dword [ebp - 0x22c], 9

loc_fffaf6dc:  ; not directly referenced
mov al, byte [ebp - 0x230]
test byte [ebx + 0xc4], al
jne short loc_fffaf721  ; jne 0xfffaf721

loc_fffaf6ea:  ; not directly referenced
inc esi
add ebx, 0x13c3
cmp esi, 2
jne short loc_fffaf6dc  ; jne 0xfffaf6dc
imul eax, dword [ebp - 0x22c], 9
mov word [ebp - 0x220], 0
mov word [ebp - 0x21e], 0
mov byte [ebp - 0x254], 0x40
mov dword [ebp - 0x25c], eax
jmp near loc_fffaf7cd  ; jmp 0xfffaf7cd

loc_fffaf721:  ; not directly referenced
mov byte [ebp - 0x238], 0

loc_fffaf728:  ; not directly referenced
mov edx, dword [ebp + 8]
mov al, byte [ebp - 0x238]
cmp al, byte [edx + 0x2489]
jae short loc_fffaf6ea  ; jae 0xfffaf6ea
movzx eax, byte [ebp - 0x238]
mov ecx, dword [ebp - 0x22c]
lea edx, [eax + edi]
add edx, edx
add word [ebx + edx + 0x1b1], 0x40
push edx
mov edx, esi
push 0
push 0xff
push eax
mov eax, dword [ebp + 8]
call fcn_fffa7447  ; call 0xfffa7447
add esp, 0x10
inc byte [ebp - 0x238]
jmp short loc_fffaf728  ; jmp 0xfffaf728

loc_fffaf772:  ; not directly referenced
mov al, byte [ebp - 0x230]
test byte [esi + 0xc4], al
je short loc_fffaf7ab  ; je 0xfffaf7ab
mov byte [ebp - 0x238], 0

loc_fffaf787:  ; not directly referenced
mov ecx, dword [ebp + 8]
mov al, byte [ebp - 0x238]
cmp al, byte [ecx + 0x2489]
jb short loc_fffaf7fe  ; jb 0xfffaf7fe
mov eax, dword [ebp - 0x244]
cmp word [ebp + ebx*2 - 0x220], ax
mov al, 0
cmovne edi, eax

loc_fffaf7ab:  ; not directly referenced
inc ebx
add esi, 0x13c3
cmp ebx, 2
jne short loc_fffaf772  ; jne 0xfffaf772
mov eax, edi
test al, al
jne loc_fffaf8a8  ; jne 0xfffaf8a8
dec byte [ebp - 0x254]
je loc_fffaf898  ; je 0xfffaf898

loc_fffaf7cd:  ; not directly referenced
push eax
mov edx, dword [ebp - 0x258]
xor ecx, ecx
push 0
xor ebx, ebx
push 1
mov edi, 1
lea eax, [ebp - 0x217]
push eax
mov eax, dword [ebp + 8]
call fcn_fffaa5b3  ; call 0xfffaa5b3
add esp, 0x10
mov esi, dword [ebp - 0x234]
jmp near loc_fffaf772  ; jmp 0xfffaf772

loc_fffaf7fe:  ; not directly referenced
movzx eax, word [ebp + ebx*2 - 0x220]
mov cl, byte [ebp - 0x238]
mov word [ebp - 0x24c], ax
movzx edx, cl
bt eax, ecx
mov dword [ebp - 0x23c], edx
jb short loc_fffaf88d  ; jb 0xfffaf88d
mov eax, dword [ebp + 8]
mov ecx, edx
mov edx, ebx
call fcn_fffa75c5  ; call 0xfffa75c5
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb331f  ; call 0xfffb331f
cmp eax, 0x1f
jbe short loc_fffaf859  ; jbe 0xfffaf859
mov cl, byte [ebp - 0x23c]
mov eax, 1
shl eax, cl
or eax, dword [ebp - 0x24c]
mov word [ebp + ebx*2 - 0x220], ax
jmp short loc_fffaf88d  ; jmp 0xfffaf88d

loc_fffaf859:  ; not directly referenced
mov ecx, dword [ebp - 0x23c]
mov edx, dword [ebp - 0x25c]
mov eax, ecx
add eax, edx
mov edx, ebx
inc word [esi + eax*2 + 0x1b1]
push eax
mov eax, dword [ebp + 8]
push 0
push 0xff
push ecx
mov ecx, dword [ebp - 0x22c]
call fcn_fffa7447  ; call 0xfffa7447
add esp, 0x10

loc_fffaf88d:  ; not directly referenced
inc byte [ebp - 0x238]
jmp near loc_fffaf787  ; jmp 0xfffaf787

loc_fffaf898:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp byte [eax + 0x1965], 0
jne loc_fffaf4ce  ; jne 0xfffaf4ce

loc_fffaf8a8:  ; not directly referenced
mov ebx, dword [ebp - 0x234]
xor esi, esi
imul edi, dword [ebp - 0x22c], 9

loc_fffaf8b7:  ; not directly referenced
mov al, byte [ebp - 0x230]
test byte [ebx + 0xc4], al
jne short loc_fffaf8d6  ; jne 0xfffaf8d6

loc_fffaf8c5:  ; not directly referenced
inc esi
add ebx, 0x13c3
cmp esi, 2
jne short loc_fffaf8b7  ; jne 0xfffaf8b7
jmp near loc_fffaeece  ; jmp 0xfffaeece

loc_fffaf8d6:  ; not directly referenced
mov byte [ebp - 0x238], 0

loc_fffaf8dd:  ; not directly referenced
mov ecx, dword [ebp + 8]
mov al, byte [ebp - 0x238]
cmp al, byte [ecx + 0x2489]
jae short loc_fffaf8c5  ; jae 0xfffaf8c5
movzx eax, byte [ebp - 0x238]
lea edx, [eax + edi]
add edx, edx
sub word [ebx + edx + 0x1b1], 0x40
mov edx, esi
push ecx
mov ecx, dword [ebp - 0x22c]
push 0
push 0xff
push eax
mov eax, dword [ebp + 8]
call fcn_fffa7447  ; call 0xfffa7447
add esp, 0x10
inc byte [ebp - 0x238]
jmp short loc_fffaf8dd  ; jmp 0xfffaf8dd

loc_fffaf927:  ; not directly referenced
cmp dword [esi], 2
je short loc_fffaf966  ; je 0xfffaf966

loc_fffaf92c:  ; not directly referenced
inc dword [ebp - 0x22c]
add esi, 0x13c3
add edi, 0xcc
cmp dword [ebp - 0x22c], 2
jne short loc_fffaf927  ; jne 0xfffaf927
mov eax, dword [ebp + 8]
call fcn_fffaa4a9  ; call 0xfffaa4a9
mov edi, dword [ebp - 0x234]
mov dword [ebp - 0x22c], 0
mov ebx, eax
jmp near loc_fffafa4f  ; jmp 0xfffafa4f

loc_fffaf966:  ; not directly referenced
mov edx, dword [ebp - 0x22c]
mov ecx, 0xff
mov eax, dword [ebp + 8]
call fcn_fffa7236  ; call 0xfffa7236
mov ebx, dword [edi]
mov dword [ebp - 0x230], eax
mov eax, dword [ebp + 8]
cmp dword [eax + 0x2481], 3
jne short loc_fffaf9a0  ; jne 0xfffaf9a0
mov edx, dword [ebp - 0x230]
and ebx, 0xefffffff
mov ecx, ebx
call fcn_fffb38b3  ; call 0xfffb38b3

loc_fffaf9a0:  ; not directly referenced
mov ecx, dword [edi]
xor ebx, ebx
mov edx, dword [ebp - 0x230]
mov eax, dword [ebp + 8]
call fcn_fffb38b3  ; call 0xfffb38b3

loc_fffaf9b2:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp bl, byte [eax + 0x2489]
jae short loc_fffaf9ed  ; jae 0xfffaf9ed
movzx eax, bl
mov edx, dword [ebp - 0x22c]
inc ebx
mov ecx, eax
mov dword [ebp - 0x230], eax
mov eax, dword [ebp + 8]
call fcn_fffa71bc  ; call 0xfffa71bc
mov ecx, dword [ebp - 0x230]
mov ecx, dword [edi + ecx*4 + 0x28]
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
jmp short loc_fffaf9b2  ; jmp 0xfffaf9b2

loc_fffaf9ed:  ; not directly referenced
cmp dword [ebp - 0x250], 0
je loc_fffaf92c  ; je 0xfffaf92c
xor ebx, ebx

loc_fffaf9fc:  ; not directly referenced
mov eax, 1
mov cl, bl
shl eax, cl
test byte [esi + 0xc4], al
je short loc_fffafa44  ; je 0xfffafa44
push edx
mov ecx, ebx
push edx
mov dl, bl
shr dl, 1
and ecx, 1
movzx edx, dl
imul ecx, ecx, 0x18
imul edx, edx, 0x128
add edx, ecx
mov ecx, eax
mov eax, dword [ebp + 8]
movzx edx, word [esi + edx + 0x1273]
push edx
mov edx, dword [ebp - 0x22c]
push 4
call fcn_fffa96cb  ; call 0xfffa96cb
add esp, 0x10

loc_fffafa44:  ; not directly referenced
inc ebx
cmp ebx, 4
jne short loc_fffaf9fc  ; jne 0xfffaf9fc
jmp near loc_fffaf92c  ; jmp 0xfffaf92c

loc_fffafa4f:  ; not directly referenced
cmp dword [edi], 2
jne loc_fffafde0  ; jne 0xfffafde0
mov eax, dword [ebp + 8]
mov ebx, dword [eax + 0x2444]
lea eax, [ebp - 0x210]
push ecx
push 0xf000
push 4
push eax
call dword [ebx + 0x60]  ; ucall
add esp, 0xc
push 0x1000
push 4
lea eax, [ebp - 0x208]
push eax
call dword [ebx + 0x60]  ; ucall
add esp, 0xc
push 0
push 4
lea eax, [ebp - 0x21b]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0x10
mov ebx, 2
cmp dword [edi], 2
jne loc_fffafde0  ; jne 0xfffafde0
xor ecx, ecx
mov esi, 0x1000
mov word [ebp - 0x230], 0xf000

loc_fffafab9:  ; not directly referenced
mov ebx, 0xf
bt ebx, ecx
jae loc_fffafb5e  ; jae 0xfffafb5e
mov edx, 1
shl edx, cl
test byte [edi + 0xc4], dl
je loc_fffafb5e  ; je 0xfffafb5e
mov ebx, dword [ebp + 8]
imul edx, ecx, 0x12
mov bl, byte [ebx + 0x2489]
mov byte [ebp - 0x234], bl
lea ebx, [edi + edx]
xor edx, edx
mov eax, ebx

loc_fffafaf3:  ; not directly referenced
cmp byte [ebp - 0x234], dl
jbe short loc_fffafb35  ; jbe 0xfffafb35
movzx ebx, byte [edi + ecx + 0x1011]
imul ebx, ebx, 0xffffffc0
add bx, word [eax + edx*2 + 0x1b1]
cmp word [ebp + ecx*2 - 0x210], bx
jge short loc_fffafb20  ; jge 0xfffafb20
mov word [ebp + ecx*2 - 0x210], bx

loc_fffafb20:  ; not directly referenced
cmp word [ebp + ecx*2 - 0x208], bx
jle short loc_fffafb32  ; jle 0xfffafb32
mov word [ebp + ecx*2 - 0x208], bx

loc_fffafb32:  ; not directly referenced
inc edx
jmp short loc_fffafaf3  ; jmp 0xfffafaf3

loc_fffafb35:  ; not directly referenced
mov eax, dword [ebp - 0x230]
mov dx, word [ebp + ecx*2 - 0x210]
cmp ax, dx
cmovge edx, eax
mov word [ebp - 0x230], dx
movsx edx, word [ebp + ecx*2 - 0x208]
cmp si, dx
cmovg esi, edx

loc_fffafb5e:  ; not directly referenced
inc ecx
cmp ecx, 4
jne loc_fffafab9  ; jne 0xfffafab9
movsx eax, word [ebp - 0x230]
mov cl, 2
xor ebx, ebx
add eax, esi
xor esi, esi
cdq
idiv ecx
mov cl, 0x40
neg eax
add eax, 0x160
cdq
idiv ecx
mov dword [ebp - 0x240], eax
mov byte [ebp - 0x23c], al
cbw
mov word [ebp - 0x234], ax
shl word [ebp - 0x234], 6

loc_fffafba3:  ; not directly referenced
mov eax, 0xf
bt eax, ebx
jae loc_fffafce6  ; jae 0xfffafce6
mov al, 1
mov cl, bl
shl eax, cl
test byte [edi + 0xc4], al
je loc_fffafce6  ; je 0xfffafce6
mov al, byte [ebp - 0x23c]
mov byte [ebp + ebx - 0x21b], al
mov eax, dword [ebp - 0x234]
add ax, word [ebp + ebx*2 - 0x208]
cmp ax, 0x3f
jg short loc_fffafbfe  ; jg 0xfffafbfe
movsx edx, ax
mov eax, 0x7f
sub eax, edx
sar eax, 6
add eax, dword [ebp - 0x240]
mov byte [ebp + ebx - 0x21b], al

loc_fffafbfe:  ; not directly referenced
mov dl, byte [ebp + ebx - 0x21b]
movsx ax, dl
shl eax, 6
add ax, word [ebp + ebx*2 - 0x210]
cwde
cmp eax, 0x1bf
jle short loc_fffafc2d  ; jle 0xfffafc2d
sub eax, 0x180
sar eax, 6
sub edx, eax
mov byte [ebp + ebx - 0x21b], dl

loc_fffafc2d:  ; not directly referenced
mov al, byte [ebp + ebx - 0x21b]
mov ecx, esi
movsx ecx, cl
movsx edx, al
mov byte [ebp - 0x230], al
mov eax, edx
sub eax, ecx
mov cl, byte [ebp - 0x230]
sub ecx, 0xe
cmp eax, 0xf
mov al, byte [ebp - 0x230]
cmovge esi, ecx
mov ecx, esi
movsx ecx, cl
sub edx, ecx
test edx, edx
lea ecx, [eax - 1]
cmovle esi, ecx
sub al, byte [edi + ebx + 0x1011]
mov byte [ebp - 0x230], 0
cbw
mov word [ebp - 0x238], ax
lea eax, [ebx + ebx*8]
shl word [ebp - 0x238], 6
mov dword [ebp - 0x244], eax

loc_fffafc92:  ; not directly referenced
mov edx, dword [ebp + 8]
mov al, byte [ebp - 0x230]
cmp al, byte [edx + 0x2489]
jae short loc_fffafce6  ; jae 0xfffafce6
movzx eax, byte [ebp - 0x230]
mov edx, dword [ebp - 0x244]
mov ecx, dword [ebp - 0x238]
add edx, eax
add edx, edx
add word [edi + edx + 0x1b1], cx
mov ecx, ebx
push edx
mov edx, dword [ebp - 0x22c]
push 0
push 0xff
push eax
mov eax, dword [ebp + 8]
call fcn_fffa7447  ; call 0xfffa7447
add esp, 0x10
inc byte [ebp - 0x230]
jmp short loc_fffafc92  ; jmp 0xfffafc92

loc_fffafce6:  ; not directly referenced
inc ebx
cmp ebx, 4
jne loc_fffafba3  ; jne 0xfffafba3
mov eax, dword [ebp - 0x22c]
mov ebx, esi
shl eax, 0xa
add eax, 0x4028
mov dword [ebp - 0x234], eax
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb331f  ; call 0xfffb331f
test bl, bl
jns short loc_fffafd34  ; jns 0xfffafd34
mov edx, eax
mov ecx, esi
shr edx, 0x10
neg ecx
and edx, 0x3f
movzx ecx, cl
cmp edx, ecx
mov ebx, 7
mov edx, 0
cmovge ebx, edx
jmp short loc_fffafd55  ; jmp 0xfffafd55

loc_fffafd34:  ; not directly referenced
je short loc_fffafd53  ; je 0xfffafd53
mov edx, eax
mov ebx, esi
shr edx, 0x10
movsx ecx, bl
not edx
xor ebx, ebx
and edx, 0x3f
cmp ecx, edx
mov edx, 7
cmovg ebx, edx
jmp short loc_fffafd55  ; jmp 0xfffafd55

loc_fffafd53:  ; not directly referenced
xor ebx, ebx

loc_fffafd55:  ; not directly referenced
mov edx, eax
and eax, 0xffc00000
shr edx, 0x10
add edx, esi
and edx, 0x3f
mov ecx, edx
shl ecx, 0x10
mov dword [ebp - 0x230], eax
or dword [ebp - 0x230], ecx
mov dword [edi + 0x1019], edx
xor edx, edx

loc_fffafd7d:  ; not directly referenced
mov eax, 0xf
bt eax, edx
jae short loc_fffafda7  ; jae 0xfffafda7
mov al, 1
mov cl, dl
shl eax, cl
test byte [edi + 0xc4], al
je short loc_fffafda7  ; je 0xfffafda7
mov cl, byte [ebp + edx - 0x21b]
mov eax, esi
sub ecx, eax
mov byte [edi + edx + 0x1011], cl

loc_fffafda7:  ; not directly referenced
mov cl, byte [edi + edx + 0x1011]
mov eax, ecx
and eax, 0xf
lea ecx, [edx*4]
inc edx
shl eax, cl
or eax, dword [ebp - 0x230]
cmp edx, 4
je short loc_fffafdd0  ; je 0xfffafdd0
mov dword [ebp - 0x230], eax
jmp short loc_fffafd7d  ; jmp 0xfffafd7d

loc_fffafdd0:  ; not directly referenced
mov ecx, eax
mov edx, dword [ebp - 0x234]
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381

loc_fffafde0:  ; not directly referenced
inc dword [ebp - 0x22c]
add edi, 0x13c3
cmp dword [ebp - 0x22c], 2
jne loc_fffafa4f  ; jne 0xfffafa4f
mov eax, ebx

loc_fffafdfb:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffafe03:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, ecx
push esi
mov esi, eax
push ebx
sub esp, 0x50
mov al, byte [ecx + 0x539]
push 0
push 5
mov bl, al
mov eax, dword [esi + 0x2444]
mov byte [ebp - 0x2d], dl
lea edx, [ebp - 0x1d]
push edx
call dword [eax + 0x5c]  ; ucall
add esp, 0x10
mov al, 0
cmp dword [ebp + 0xc], 0
cmovne ebx, eax
xor eax, eax
mov byte [ebp - 0x2e], bl

loc_fffafe3d:  ; not directly referenced
cmp byte [ebp - 0x2e], al
jbe short loc_fffafe60  ; jbe 0xfffafe60
movzx edx, byte [edi + eax + 0x534]
xor ecx, ecx
cmp dl, 5
ja short loc_fffafe58  ; ja 0xfffafe58
movzx ecx, byte [edx + ref_fffd38e8]  ; movzx ecx, byte [edx - 0x2c718]

loc_fffafe58:  ; not directly referenced
mov byte [ebp + ecx - 0x1d], 1
inc eax
jmp short loc_fffafe3d  ; jmp 0xfffafe3d

loc_fffafe60:  ; not directly referenced
cmp dword [ebp + 8], 0
jne short loc_fffafe7e  ; jne 0xfffafe7e
movzx ecx, byte [edi + 8]
sub esp, 0xc
xor edx, edx
push 1
mov eax, esi
call fcn_fffa8377  ; call 0xfffa8377
add esp, 0x10
mov dword [edi + 9], eax

loc_fffafe7e:  ; not directly referenced
lea eax, [esi + 0x3757]
mov ebx, edi
mov dword [ebp - 0x34], eax
movzx eax, byte [ebp - 0x2d]
mov dword [ebp - 0x2c], 0
mov dword [ebp - 0x50], eax

loc_fffafe97:  ; not directly referenced
mov eax, dword [ebp - 0x34]
cmp dword [eax], 2
je short loc_fffafeba  ; je 0xfffafeba

loc_fffafe9f:  ; not directly referenced
inc dword [ebp - 0x2c]
add ebx, 2
add dword [ebp - 0x34], 0x13c3
cmp dword [ebp - 0x2c], 2
jne short loc_fffafe97  ; jne 0xfffafe97
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

loc_fffafeba:  ; not directly referenced
mov eax, dword [ebp - 0x50]
mov ecx, dword [ebp - 0x2c]
bt eax, ecx
jae short loc_fffafe9f  ; jae 0xfffafe9f
mov eax, dword [ebp - 0x34]
mov byte [ebp - 0x2d], 1
cmp dword [eax + 0xc0], 1
jne short loc_fffafee4  ; jne 0xfffafee4
mov al, byte [ebx + 4]
mov byte [ebp - 0x2d], 0
mov byte [ebx], al
mov al, byte [ebx + 5]
mov byte [ebx + 1], al

loc_fffafee4:  ; not directly referenced
mov eax, dword [esi + 0x1887]
cmp eax, 0x306d0
sete dl
cmp eax, 0x40650
sete al
or dl, al
je short loc_fffaff0d  ; je 0xfffaff0d
mov byte [ebx], 0
mov byte [ebx + 1], 0
mov byte [ebx + 5], 0
mov byte [ebp - 0x2d], 1

loc_fffaff0d:  ; not directly referenced
mov dl, byte [ebx + 4]
mov ecx, 3
push 1
mov al, dl
movzx edx, byte [ebx]
mul byte [ebp - 0x2d]
shl eax, 4
add eax, edx
mov edx, dword [ebp - 0x2c]
movzx eax, ax
push eax
mov eax, esi
push 7
push 0
call fcn_fffa972b  ; call 0xfffa972b
mov dl, byte [ebx + 5]
mov ecx, 0xc
mov al, byte [ebp - 0x2d]
push 1
mul dl
movzx edx, byte [ebx + 1]
shl eax, 4
add eax, edx
mov edx, dword [ebp - 0x2c]
movzx eax, ax
push eax
mov eax, esi
push 7
push 0
call fcn_fffa972b  ; call 0xfffa972b
add esp, 0x20
cmp byte [ebp - 0x2e], 0
je loc_fffafe9f  ; je 0xfffafe9f
imul eax, dword [ebp - 0x2c], 9
mov byte [ebp - 0x2d], 0
mov dword [ebp - 0x4c], eax
mov dword [ebp - 0x48], eax

loc_fffaff7b:  ; not directly referenced
mov al, byte [ebp - 0x2d]
cmp al, byte [esi + 0x2489]
jae loc_fffafe9f  ; jae 0xfffafe9f
cmp byte [ebp - 0x1d], 0
je short loc_fffaffb8  ; je 0xfffaffb8
movzx eax, byte [ebp - 0x2d]
mov ecx, dword [ebp - 0x48]
push 1
lea edx, [eax + ecx + 0x28]
mov ecx, 0xf
movsx edx, word [edi + edx*2 + 7]
push edx
mov edx, dword [ebp - 0x2c]
push 6
push eax
mov eax, esi
call fcn_fffa972b  ; call 0xfffa972b
add esp, 0x10

loc_fffaffb8:  ; not directly referenced
cmp byte [ebp - 0x1c], 0
je short loc_fffaffe9  ; je 0xfffaffe9
movzx eax, byte [ebp - 0x2d]
mov ecx, dword [ebp - 0x48]
push 1
lea edx, [eax + ecx + 0xa4]
mov ecx, 0xf
movsx edx, word [edi + edx*2 + 7]
push edx
mov edx, dword [ebp - 0x2c]
push 0
push eax
mov eax, esi
call fcn_fffa972b  ; call 0xfffa972b
add esp, 0x10

loc_fffaffe9:  ; not directly referenced
movzx eax, byte [ebp - 0x2d]
mov ecx, dword [ebp - 0x4c]
mov dword [ebp - 0x40], 0
mov dword [ebp - 0x44], eax
lea edx, [eax + ecx]
lea edx, [edx + edx + 0x33f]
lea ecx, [edi + edx]
mov dword [ebp - 0x3c], ecx

loc_fffb000a:  ; not directly referenced
mov cl, byte [ebp - 0x40]
mov dword [ebp - 0x38], 1
shl dword [ebp - 0x38], cl
mov ecx, dword [ebp - 0x34]
mov al, byte [ebp - 0x38]
test byte [ecx + 0xc4], al
je short loc_fffb0071  ; je 0xfffb0071
cmp byte [ebp - 0x1b], 0
je short loc_fffb004d  ; je 0xfffb004d
mov eax, dword [ebp - 0x3c]
push 1
mov ecx, dword [ebp - 0x38]
mov edx, dword [ebp - 0x2c]
movsx eax, word [eax - 0xf8]
push eax
mov eax, esi
push 5
push dword [ebp - 0x44]
call fcn_fffa972b  ; call 0xfffa972b
add esp, 0x10

loc_fffb004d:  ; not directly referenced
cmp byte [ebp - 0x1a], 0
je short loc_fffb0071  ; je 0xfffb0071
mov eax, dword [ebp - 0x3c]
push 1
mov ecx, dword [ebp - 0x38]
mov edx, dword [ebp - 0x2c]
movsx eax, word [eax]
push eax
mov eax, esi
push 4
push dword [ebp - 0x44]
call fcn_fffa972b  ; call 0xfffa972b
add esp, 0x10

loc_fffb0071:  ; not directly referenced
inc dword [ebp - 0x40]
add dword [ebp - 0x3c], 0x3e
cmp dword [ebp - 0x40], 4
jne short loc_fffb000a  ; jne 0xfffb000a
inc byte [ebp - 0x2d]
jmp near loc_fffaff7b  ; jmp 0xfffaff7b

fcn_fffb0086:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0xc]
mov edx, dword [ebp + 8]
out dx, eax
pop ebp
ret

fcn_fffb0092:  ; not directly referenced
push ebp
xor eax, eax
mov ebp, esp
xor edx, edx
pop ebp
ret

fcn_fffb009b:  ; not directly referenced
push ebp
mov ebp, esp
pop ebp
ret

fcn_fffb00a0:  ; not directly referenced
push ebp
mov ebp, esp
mov edx, dword [ebp + 8]
in ax, dx
pop ebp
ret

fcn_fffb00aa:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x10]
mov dword [ebp + 8], eax
pop ebp
jmp near fcn_fffb00a0  ; jmp 0xfffb00a0

fcn_fffb00b9:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0xc]
mov edx, dword [ebp + 8]
out dx, ax
pop ebp
ret

fcn_fffb00c6:  ; not directly referenced
push ebp
mov ebp, esp
movzx eax, word [ebp + 0x18]
mov dword [ebp + 0xc], eax
mov eax, dword [ebp + 0x10]
mov dword [ebp + 8], eax
pop ebp
jmp near fcn_fffb00b9  ; jmp 0xfffb00b9

fcn_fffb00dc:  ; not directly referenced
push ebp
mov ebp, esp
mov edx, dword [ebp + 8]
in eax, dx
pop ebp
ret

fcn_fffb00e5:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x10]
mov dword [ebp + 8], eax
pop ebp
jmp near fcn_fffb00dc  ; jmp 0xfffb00dc

fcn_fffb00f4:
mov eax, dword [0xff7d0270]
push ebp
mov ebp, esp
lea edx, [eax + 4]
mov eax, dword [ebp + 0xc]
mov dword [eax], edx
xor eax, eax
pop ebp
ret

fcn_fffb0108:  ; not directly referenced
push ebp
mov edx, 0x186a0
mov ebp, esp
xor eax, eax
push ebx
sub esp, 0x10

loc_fffb0116:  ; not directly referenced
test eax, eax
sete bl
test edx, edx
setne cl
test bl, cl
je short loc_fffb0133  ; je 0xfffb0133
clc

loc_fffb0125:  ; not directly referenced
rdrand eax
mov dword [ebp - 8], eax
jae short loc_fffb0125  ; jae 0xfffb0125
mov eax, dword [ebp - 8]
dec edx
jmp short loc_fffb0116  ; jmp 0xfffb0116

loc_fffb0133:  ; not directly referenced
add esp, 0x10
pop ebx
pop ebp
ret

fcn_fffb0139:  ; not directly referenced
push ebp
mov ebp, esp
pop ebp
ret

fcn_fffb013e:  ; not directly referenced
push ebp
mov ebp, esp
push eax
mov eax, 0x1000
in al, 0x99
pop eax
pop ebp
ret

fcn_fffb014c:
mov edx, dword [0xff7d026c]
xor eax, eax
push ebp
mov ebp, esp
push edi
push esi
push ebx
imul ebx, edx, 0xc

loc_fffb015d:
cmp edx, 0x13
ja short loc_fffb018d  ; ja 0xfffb018d
mov esi, dword [ebp + 0xc]
inc edx
mov ecx, 3
mov dword [0xff7d026c], edx
lea edi, [ebx + eax - 0x82fe84]
add esi, eax
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov edi, dword [ebp + 0xc]
mov ecx, dword [edi + eax]
add eax, 0xc
test ecx, ecx
jns short loc_fffb015d  ; jns 0xfffb015d
xor eax, eax
jmp short loc_fffb0192  ; jmp 0xfffb0192

loc_fffb018d:
mov eax, 0x80000009

loc_fffb0192:
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb0197:  ; not directly referenced
push ebp
mov ebp, esp
mov edx, dword [ebp + 0x10]
mov eax, dword [ebp + 0x18]
out dx, al
pop ebp
ret

fcn_fffb01a3:  ; not directly referenced
push ebp
mov ebp, esp
pop ebp
jmp near loc_fffd2c76  ; jmp 0xfffd2c76

fcn_fffb01ac:
push ebp
mov ebp, esp
mov edx, dword [ebp + 0xc]
mov eax, dword [ebp + 8]
mov ecx, dword [ebp + 0x10]
test edx, edx
je short loc_fffb01c8  ; je 0xfffb01c8
movzx ecx, cl
mov dword [ebp + 0x10], ecx
pop ebp
jmp near loc_fffd2c24  ; jmp 0xfffd2c24

loc_fffb01c8:
pop ebp
ret

fcn_fffb01ca:
push ebp
mov ebp, esp
pop ebp
jmp near loc_fffd2c09  ; jmp 0xfffd2c09

fcn_fffb01d3:  ; not directly referenced
push ebp
mov ebp, esp
pop ebp
jmp near loc_fffd2bee  ; jmp 0xfffd2bee

fcn_fffb01dc:
push ebp
mov ebp, esp
mov ecx, dword [ebp + 0x10]
mov eax, dword [ebp + 8]
mov edx, dword [ebp + 0xc]
test ecx, ecx
je short loc_fffb01f6  ; je 0xfffb01f6
cmp eax, edx
je short loc_fffb01f6  ; je 0xfffb01f6
pop ebp
jmp near loc_fffd2b28  ; jmp 0xfffd2b28

loc_fffb01f6:
pop ebp
ret

fcn_fffb01f8:  ; not directly referenced
push ebp
mov ebp, esp
pop ebp
jmp near fcn_fffb01dc  ; jmp 0xfffb01dc

fcn_fffb0201:
push ebp
mov eax, dword [0xff7d0000]
mov ebp, esp
pop ebp
ret

fcn_fffb020b:
push ebp
mov ebp, esp
sub esp, 8
call fcn_fffb0201  ; call 0xfffb0201
sub esp, 0xc
mov edx, dword [eax]
push dword [ebp + 0x14]
push 0
push dword [ebp + 0xc]
push dword [ebp + 8]
push eax
call dword [edx + 0x20]  ; ucall
leave
ret

fcn_fffb022c:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
push ebx
mov ebx, edx
sub esp, 0x2c
mov esi, dword [ebp + 0xc]
lea eax, [ebp - 0x1c]
push eax
push 0
push 0
push ref_fffd6928  ; push 0xfffd6928
mov dword [ebp - 0x2c], ecx
call fcn_fffb020b  ; call 0xfffb020b
add esp, 0xc
mov edx, dword [ebp - 0x1c]
push dword [ebp + 8]
mov ecx, ebx
lea eax, [ebp - 0x2c]
shr ecx, 1
and ecx, 0x7f
push eax
mov eax, ebx
shr eax, 0x16
movzx ebx, bh
and eax, 1
push eax
push edi
push ebx
push ecx
push edx
call dword [edx]  ; ucall
add esp, 0x20
test esi, esi
je short loc_fffb0280  ; je 0xfffb0280
mov dword [esi], eax

loc_fffb0280:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb028b:  ; not directly referenced
push ebp
mov ecx, 1
mov ebp, esp
sub esp, 0x20
push dword [ebp + 0xc]
mov edx, dword [ebp + 8]
lea eax, [ebp - 9]
push eax
mov eax, 4
call fcn_fffb022c  ; call 0xfffb022c
mov al, byte [ebp - 9]
leave
ret

fcn_fffb02af:  ; not directly referenced
push ebp
mov ecx, 1
mov ebp, esp
push ebx
sub esp, 0x1c
mov ebx, dword [ebp + 0xc]
push dword [ebp + 0x10]
mov edx, dword [ebp + 8]
lea eax, [ebp - 9]
mov byte [ebp - 9], bl
push eax
mov eax, 5
call fcn_fffb022c  ; call 0xfffb022c
mov al, bl
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffb02dc:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
mov ebx, edx
sub esp, 0x2c
test ebx, ebx
setne al
cmp cx, 0x1ff
setbe bl
mov dword [ebp - 0x2c], edx
mov edx, dword [ebp + 8]
mov word [ebp - 0x2e], cx
mov dword [ebp - 0x1c], 0x80000007
test al, bl
je loc_fffb03b0  ; je 0xfffb03b0
mov edi, edx
movzx edx, dx
add edx, ecx
cmp edx, 0x1ff
jg loc_fffb03b0  ; jg 0xfffb03b0
mov eax, dword [ebp - 0x2c]
add edi, eax
mov ebx, eax
mov eax, esi
movzx eax, al
mov word [ebp - 0x30], di
mov dword [ebp - 0x34], eax

loc_fffb0335:  ; not directly referenced
cmp word [ebp - 0x30], bx
je short loc_fffb03a9  ; je 0xfffb03a9
mov ecx, dword [ebp + 0xc]
mov dx, word [ebp - 0x2e]
sub edx, dword [ebp - 0x2c]
movzx ecx, byte [ecx]
add edx, ebx
mov eax, edx
shr ax, 8
cmp ax, cx
je short loc_fffb035e  ; je 0xfffb035e
mov edi, dword [ebp + 0xc]
mov byte [edi], al
mov al, 1
jmp short loc_fffb0360  ; jmp 0xfffb0360

loc_fffb035e:  ; not directly referenced
xor eax, eax

loc_fffb0360:  ; not directly referenced
dec al
movzx esi, dl
jne short loc_fffb0385  ; jne 0xfffb0385
mov eax, dword [ebp + 0xc]
cmp byte [eax], 1
push edx
lea edx, [ebp - 0x1c]
sbb eax, eax
push edx
and eax, 0xfffffffe
push 0
add eax, 0x6e
push eax
call fcn_fffb02af  ; call 0xfffb02af
add esp, 0x10

loc_fffb0385:  ; not directly referenced
shl esi, 8
mov edi, ebx
push eax
inc ebx
or esi, dword [ebp - 0x34]
push eax
lea eax, [ebp - 0x1c]
push eax
push esi
call fcn_fffb028b  ; call 0xfffb028b
add esp, 0x10
mov byte [ebx - 1], al
cmp dword [ebp - 0x1c], 0
je short loc_fffb0335  ; je 0xfffb0335
mov byte [edi], 0

loc_fffb03a9:  ; not directly referenced
mov dword [ebp - 0x1c], 0

loc_fffb03b0:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb03bb:  ; not directly referenced
push ebp
mov ecx, 2
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x34
mov esi, dword [ebp + 0x10]
movzx eax, byte [ebp + 0xc]
lea edi, [ebp - 0x19]
push edi
push 1
lea edx, [esi + 2]
mov byte [ebp - 0x19], 0xff
mov dword [ebp - 0x30], eax
call fcn_fffb02dc  ; call 0xfffb02dc
add esp, 0x10
mov esi, eax
test eax, eax
jne short loc_fffb044f  ; jne 0xfffb044f
mov eax, dword [ebp + 0x18]
xor edx, edx
mov ecx, dword [ebp + 8]
mov dword [ebp - 0x2c], 1
mov ebx, dword [ebp + 0x14]
shl dword [ebp - 0x2c], cl
mov ecx, 5
div ecx
lea eax, [eax + eax*4]
add eax, ebx
mov dword [ebp - 0x34], eax

loc_fffb0412:  ; not directly referenced
cmp ebx, dword [ebp - 0x34]
je short loc_fffb044f  ; je 0xfffb044f
movzx eax, byte [ebx + 4]
test dword [ebp - 0x2c], eax
je short loc_fffb044a  ; je 0xfffb044a
push eax
mov edx, dword [ebp + 0x10]
push eax
movzx ecx, word [ebx]
push edi
mov ax, word [ebx + 2]
add edx, ecx
inc eax
sub ax, word [ebx]
movzx eax, ax
push eax
mov eax, dword [ebp - 0x30]
call fcn_fffb02dc  ; call 0xfffb02dc
add esp, 0x10
test eax, eax
je short loc_fffb044a  ; je 0xfffb044a
mov esi, eax
jmp short loc_fffb044f  ; jmp 0xfffb044f

loc_fffb044a:  ; not directly referenced
add ebx, 5
jmp short loc_fffb0412  ; jmp 0xfffb0412

loc_fffb044f:  ; not directly referenced
test esi, esi
sete al
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb045c:  ; not directly referenced
push ebp
mov ecx, 2
mov ebp, esp
sub esp, 0x20
push dword [ebp + 0xc]
mov edx, dword [ebp + 8]
lea eax, [ebp - 0xa]
push eax
mov eax, 6
call fcn_fffb022c  ; call 0xfffb022c
mov ax, word [ebp - 0xa]
leave
ret

fcn_fffb0481:  ; not directly referenced
push ebp
mov ecx, 2
mov ebp, esp
push ebx
sub esp, 0x1c
mov ebx, dword [ebp + 0xc]
push dword [ebp + 0x10]
mov edx, dword [ebp + 8]
lea eax, [ebp - 0xa]
mov word [ebp - 0xa], bx
push eax
mov eax, 7
call fcn_fffb022c  ; call 0xfffb022c
mov eax, ebx
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffb04af:
push ebp
mov ebp, esp
push ebx
mov ebx, edx
sub esp, 0x14
mov dword [edx + 4], eax
lea eax, [ebp - 0xc]
mov dword [edx], 0x626d7370
push eax
push 0
push 0
push ref_fffd6880  ; push 0xfffd6880
call fcn_fffb020b  ; call 0xfffb020b
mov eax, dword [ebp - 0xc]
add esp, 0x10
movzx edx, word [eax + 0x388]
add eax, 0x38e
mov dword [ebx + 8], edx
mov dl, byte [eax - 1]
mov dword [ebx + 0xce], eax
lea eax, [ebx + 0x18]
mov dword [ebx + 0xc], 0x80000010
mov dword [ebx + 0x10], ref_fffd6928  ; mov dword [ebx + 0x10], 0xfffd6928
mov byte [ebx + 0xcd], dl
mov dword [ebx + 0x14], eax
mov dword [ebx + 0x18], fcn_fffb94a2  ; mov dword [ebx + 0x18], 0xfffb94a2
mov dword [ebx + 0x1c], fcn_fffa5b8d  ; mov dword [ebx + 0x1c], 0xfffa5b8d
mov dword [ebx + 0x20], fcn_fffa5b83  ; mov dword [ebx + 0x20], 0xfffa5b83
mov dword [ebx + 0x24], fcn_fffa5b79  ; mov dword [ebx + 0x24], 0xfffa5b79
mov dword [ebx + 0x38], 0x80000020
mov dword [ebx + 0x3c], ref_fffd68ac  ; mov dword [ebx + 0x3c], 0xfffd68ac
mov dword [ebx + 0x40], fcn_fffb054c  ; mov dword [ebx + 0x40], 0xfffb054c
mov byte [ebx + 0x44], 0
mov byte [ebx + 0xd2], 0
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffb054c:  ; not directly referenced
push ebp
mov ebp, esp
sub esp, 8
mov eax, dword [ebp + 0xc]
lea edx, [eax - 0x38]
mov eax, dword [ebp + 8]
call fcn_fffb04af  ; call 0xfffb04af
xor eax, eax
leave
ret

fcn_fffb0564:
push ebp
mov ebp, esp
push ebx
push eax
mov ebx, dword [ebp + 0xc]
call fcn_fffb0201  ; call 0xfffb0201
movzx ebx, bx
mov edx, dword [eax]
push dword [ebp + 0x10]
push ebx
push 4
push eax
call dword [edx + 0x34]  ; ucall
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffb0585:
push ebp
mov ebp, esp
sub esp, 8
call fcn_fffb0201  ; call 0xfffb0201
push edx
push edx
mov edx, dword [eax]
push dword [ebp + 8]
push eax
call dword [edx + 0x18]  ; ucall
leave
ret

fcn_fffb059d:
push ebp
mov ebp, esp
sub esp, 0x18
call fcn_fffb0201  ; call 0xfffb0201
lea ecx, [ebp - 0xc]
push edx
push edx
mov edx, dword [eax]
push ecx
push eax
call dword [edx + 0x30]  ; ucall
mov eax, dword [ebp - 0xc]
leave
ret

fcn_fffb05b9:
push ebp
mov ebp, esp
sub esp, 8
call fcn_fffb0201  ; call 0xfffb0201
push edx
mov edx, dword [eax]
push dword [ebp + 0xc]
push dword [ebp + 8]
push eax
call dword [edx + 0x4c]  ; ucall
leave
ret

fcn_fffb05d3:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, edx
push esi
mov esi, 1
push ebx
sub esp, 0x1c
mov ebx, dword [ebp + 8]
lea ecx, [edx - 4]
cmp ecx, 3
cmova esi, dword [ebp + 0x10]
and edi, 3
mov dword [ebp - 0x1c], ebx
mov ebx, dword [ebp + 0xc]
cmp edi, 3
sete cl
test al, al
sete dl
mov dword [ebp - 0x20], ebx
test cl, dl
jne short loc_fffb0672  ; jne 0xfffb0672
mov ecx, 0xffff
xor ebx, ebx
test al, al
je short loc_fffb061b  ; je 0xfffb061b
or ecx, 0xffffffff
xor ebx, ebx

loc_fffb061b:  ; not directly referenced
test esi, esi
jne short loc_fffb0636  ; jne 0xfffb0636
cmp dword [ebp - 0x20], ebx
jb short loc_fffb0632  ; jb 0xfffb0632
ja short loc_fffb062b  ; ja 0xfffb062b
cmp dword [ebp - 0x1c], ecx

loc_fffb0629:  ; not directly referenced
jbe short loc_fffb0632  ; jbe 0xfffb0632

loc_fffb062b:  ; not directly referenced
mov eax, 0x80000003
jmp short loc_fffb0677  ; jmp 0xfffb0677

loc_fffb0632:  ; not directly referenced
xor eax, eax
jmp short loc_fffb0677  ; jmp 0xfffb0677

loc_fffb0636:  ; not directly referenced
push eax
push edi
push ebx
push ecx
call fcn_fffb01ca  ; call 0xfffb01ca
lea ecx, [esi - 1]
add esp, 0x10
cmp edx, 0
ja short loc_fffb064e  ; ja 0xfffb064e
cmp eax, ecx
jb short loc_fffb062b  ; jb 0xfffb062b

loc_fffb064e:  ; not directly referenced
push ecx
push edi
xor edi, edi
sub eax, esi
sbb edx, edi
add eax, 1
adc edx, 0
push edx
push eax
call fcn_fffb01d3  ; call 0xfffb01d3
add esp, 0x10
cmp dword [ebp - 0x20], edx
ja short loc_fffb062b  ; ja 0xfffb062b
jb short loc_fffb0632  ; jb 0xfffb0632
cmp dword [ebp - 0x1c], eax
jmp short loc_fffb0629  ; jmp 0xfffb0629

loc_fffb0672:  ; not directly referenced
mov eax, 0x80000002

loc_fffb0677:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb067f:
push ebp
mov ebp, esp
pop ebp
jmp near loc_fffd2b5e  ; jmp 0xfffd2b5e

fcn_fffb0688:
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, ecx
sub esp, 0x4c
mov edi, dword [ebp + 0xc]
lea ecx, [ecx + 0x186e]
mov dword [ebp - 0x3c], ecx
mov dword [ebp - 0x44], edx
mov edx, dword [ebp + 0x10]
mov ecx, dword [edi + 0x1e]
mov esi, dword [edi + 9]
mov dword [ebx + 0x18bd], 0x102
mov dword [ebx + 0x1877], 2
mov dword [ebp - 0x40], ecx
mov ecx, dword [ebx + 0x2444]
mov dword [ebx + 0x18b9], esi
mov byte [ebx + 0x1876], 0
mov dword [ebx + 0x18a3], 0
mov dword [ebp - 0x30], ecx
mov cl, byte [esi + 0xf2]
mov byte [ebx + 0x2407], cl
mov ecx, dword [esi + 4]
cmp ecx, 2
je short loc_fffb0700  ; je 0xfffb0700
cmp ecx, 3
je short loc_fffb070d  ; je 0xfffb070d
dec ecx
jne short loc_fffb074f  ; jne 0xfffb074f
jmp short loc_fffb0721  ; jmp 0xfffb0721

loc_fffb0700:
cmp eax, 4
setne al
movzx eax, al
add eax, eax
jmp short loc_fffb0719  ; jmp 0xfffb0719

loc_fffb070d:
cmp eax, 4
setne al
movzx eax, al
lea eax, [eax + eax*2]

loc_fffb0719:
mov dword [ebx + 0x18a7], eax
jmp short loc_fffb0759  ; jmp 0xfffb0759

loc_fffb0721:
cmp eax, 4
je short loc_fffb074f  ; je 0xfffb074f
mov dword [ebx + 0x18a7], 1
movzx eax, byte [esi + 0x53]
mov dword [ebx + 0x1877], eax
mov al, byte [esi + 0x54]
mov byte [ebx + 0x1876], al
movzx eax, word [esi + 0x4c]
mov dword [ebx + 0x18a3], eax
jmp short loc_fffb0759  ; jmp 0xfffb0759

loc_fffb074f:
mov dword [ebx + 0x18a7], 0

loc_fffb0759:
mov eax, dword [edi + 1]
mov eax, dword [eax + 4]
mov dword [ebx + 0x18c5], eax
mov eax, dword [edi + 1]
mov eax, dword [eax + 0x10]
mov dword [ebx + 0x18c1], eax
mov eax, dword [edi + 1]
mov eax, dword [eax + 0x14]
mov dword [ebx + 0x18c9], eax
mov eax, dword [edi + 1]
mov eax, dword [eax + 0x18]
mov dword [ebx + 0x18d1], 0xfed00000
mov dword [ebx + 0x18cd], eax
mov eax, dword [edi + 5]
movzx eax, word [eax]
mov dword [ebx + 0x18d9], eax
movzx eax, word [esi + 1]
mov dword [ebx + 0x1872], eax
mov eax, dword [edi + 1]
mov eax, dword [eax + 0x1c]
shr eax, 0x14
cmp edx, 0x40650
sete cl
cmp edx, 0x306c0
mov dword [ebx + 0x18dd], eax
sete al
or cl, al
mov eax, dword [edi + 5]
jne short loc_fffb07d9  ; jne 0xfffb07d9
cmp edx, 0x40660
jne short loc_fffb07df  ; jne 0xfffb07df

loc_fffb07d9:
movzx eax, word [eax + 2]
jmp short loc_fffb07ea  ; jmp 0xfffb07ea

loc_fffb07df:
movzx ecx, word [eax + 2]
mov eax, 1
shl eax, cl

loc_fffb07ea:
mov dword [ebx + 0x1893], eax
mov eax, dword [edi + 5]
movzx eax, byte [eax + 4]
mov byte [ebx + 0x18b3], 0
shl eax, 5
mov dword [ebx + 0x188f], eax
push eax
push eax
lea eax, [ebx + 0x189c]
push eax
lea eax, [ebx + 0x189b]
push eax
lea eax, [ebx + 0x189a]
push eax
lea eax, [ebx + 0x1899]
push eax
lea eax, [ebx + 0x1898]
push eax
lea eax, [ebx + 0x1897]
push eax
mov eax, dword [ebp - 0x30]
call dword [eax + 0x50]  ; ucall
mov eax, dword [edi + 1]
movzx eax, byte [eax + 0x20]
mov dword [ebx + 0x187f], eax
mov eax, dword [edi + 9]
mov al, byte [eax + 0xc6]
mov byte [ebx + 0x18b0], al
mov eax, dword [esi + 0x4e]
mov word [ebx + 0x1902], 0x3e8
mov word [ebx + 0x1904], 0x3e8
mov byte [ebx + 0x18b2], 0
mov dword [ebx + 0x18ee], eax
mov al, byte [esi + 0x2e]
mov byte [ebx + 0x2442], 0
mov byte [ebx + 0x18b5], al
mov al, byte [esi + 0x2f]
mov byte [ebx + 0x23ff], al
mov al, byte [esi + 0x30]
mov byte [ebx + 0x2400], al
mov al, byte [esi + 0x31]
mov byte [ebx + 0x2401], al
mov al, byte [esi + 0x6b]
mov byte [ebx + 0x2402], al
mov al, byte [ebx + 0x2403]
mov dl, byte [esi + 0x32]
and eax, 0xfffffffe
and edx, 1
or eax, edx
mov byte [ebx + 0x2403], al
mov dl, byte [esi + 0x33]
and eax, 0xfffffffd
and edx, 1
add edx, edx
or eax, edx
mov byte [ebx + 0x2403], al
mov dl, byte [esi + 0x34]
and eax, 0xfffffffb
and edx, 1
shl edx, 2
or eax, edx
mov byte [ebx + 0x2403], al
mov dl, byte [esi + 0x35]
and eax, 0xfffffff7
and edx, 1
shl edx, 3
or eax, edx
mov byte [ebx + 0x2403], al
mov dl, byte [esi + 0x36]
and eax, 0xffffffef
and edx, 1
shl edx, 4
or eax, edx
mov byte [ebx + 0x2403], al
mov dl, byte [esi + 0x37]
and eax, 0xffffffdf
and edx, 1
shl edx, 5
or eax, edx
mov byte [ebx + 0x2403], al
mov dl, byte [esi + 0x38]
and eax, 0xffffffbf
and edx, 1
shl edx, 6
or eax, edx
mov byte [ebx + 0x2403], al
mov dl, byte [esi + 0x39]
and eax, 0x7f
shl edx, 7
or eax, edx
mov byte [ebx + 0x2403], al
mov al, byte [ebx + 0x2404]
mov dl, byte [esi + 0x3a]
and edx, 1
and eax, 0xfffffffe
or eax, edx
mov byte [ebx + 0x2404], al
mov dl, byte [esi + 0x3b]
and eax, 0xfffffffd
and edx, 1
add edx, edx
or eax, edx
mov byte [ebx + 0x2404], al
mov dl, byte [esi + 0x3c]
and eax, 0xfffffffb
and edx, 1
shl edx, 2
or eax, edx
mov byte [ebx + 0x2404], al
mov dl, byte [esi + 0x3e]
and eax, 0xffffffef
and edx, 1
shl edx, 4
or eax, edx
mov byte [ebx + 0x2404], al
mov dl, byte [esi + 0x3f]
and eax, 0xffffffdf
and edx, 1
shl edx, 5
or eax, edx
mov byte [ebx + 0x2404], al
mov dl, byte [esi + 0x40]
and eax, 0xffffffbf
and edx, 1
shl edx, 6
or eax, edx
mov byte [ebx + 0x2404], al
mov dl, byte [esi + 0x41]
and eax, 0x7f
shl edx, 7
or eax, edx
mov byte [ebx + 0x2404], al
mov al, byte [ebx + 0x2405]
mov dl, byte [esi + 0x42]
and eax, 0xfffffffe
and edx, 1
or eax, edx
mov byte [ebx + 0x2405], al
mov dl, byte [esi + 0x43]
and eax, 0xfffffffb
and edx, 1
shl edx, 2
or eax, edx
mov byte [ebx + 0x2405], al
mov dl, byte [esi + 0x44]
and edx, 1
shl edx, 3
and eax, 0xfffffff7
or eax, edx
add esp, 0x20
mov byte [ebx + 0x2405], al
mov dl, byte [esi + 0x47]
and eax, 0xffffffbf
and edx, 1
shl edx, 6
or eax, edx
mov byte [ebx + 0x2405], al
mov dl, byte [esi + 0x48]
and eax, 0x7f
shl edx, 7
or eax, edx
mov byte [ebx + 0x2405], al
mov al, byte [ebx + 0x2406]
mov dl, byte [esi + 0x49]
and eax, 0xfffffffe
and edx, 1
or eax, edx
mov byte [ebx + 0x2406], al
mov dl, byte [esi + 0x4a]
and eax, 0xfffffffd
and edx, 1
add edx, edx
or eax, edx
mov byte [ebx + 0x2406], al
mov dl, byte [esi + 0x4b]
and eax, 0xfffffffb
and edx, 1
shl edx, 2
or eax, edx
mov byte [ebx + 0x2406], al
cmp byte [edi], 1
jbe short loc_fffb0ab7  ; jbe 0xfffb0ab7
mov dl, byte [esi + 0x58]
and eax, 0xfffffff7
and edx, 1
shl edx, 3
or eax, edx
mov byte [ebx + 0x2406], al
mov dl, byte [esi + 0x59]
and eax, 0xffffffef
and edx, 1
shl edx, 4
or eax, edx
mov byte [ebx + 0x2406], al
mov dl, byte [esi + 0x5a]
and eax, 0xffffffdf
and edx, 1
shl edx, 5
or eax, edx
jmp short loc_fffb0abd  ; jmp 0xfffb0abd

loc_fffb0ab7:
and eax, 0xffffffe7
or eax, 0x20

loc_fffb0abd:
mov byte [ebx + 0x2406], al
mov al, byte [ebx + 0x2405]
cmp byte [edi], 3
jbe short loc_fffb0b22  ; jbe 0xfffb0b22
mov dl, byte [esi + 0x5c]
and eax, 0xfffffffd
and edx, 1
add edx, edx
or eax, edx
mov byte [ebx + 0x2405], al
mov al, byte [esi + 0x5d]
mov byte [ebx + 0x1906], al
mov al, byte [esi + 0x5e]
mov byte [ebx + 0x1907], al
mov al, byte [esi + 0x5f]
mov byte [ebx + 0x1908], al
mov al, byte [esi + 0x60]
mov byte [ebx + 0x1909], al
mov al, byte [esi + 0x61]
mov byte [ebx + 0x190a], al
mov al, byte [esi + 0x62]
mov byte [ebx + 0x190b], al
mov al, byte [esi + 0x63]
mov byte [ebx + 0x190c], al
jmp short loc_fffb0b5c  ; jmp 0xfffb0b5c

loc_fffb0b22:
or eax, 2
mov byte [ebx + 0x2405], al
mov byte [ebx + 0x1906], 0xff
mov byte [ebx + 0x1907], 0x80
mov byte [ebx + 0x1908], 1
mov byte [ebx + 0x1909], 1
mov byte [ebx + 0x190a], 1
mov byte [ebx + 0x190b], 7
mov byte [ebx + 0x190c], 0

loc_fffb0b5c:
cmp byte [edi], 4
jbe short loc_fffb0b87  ; jbe 0xfffb0b87
mov eax, dword [esi + 0x64]
mov edx, 0x5f5e100
cmp eax, 0x55d4a7f
jbe short loc_fffb0b7f  ; jbe 0xfffb0b7f
mov ecx, 0xf4240
xor edx, edx
div ecx
imul edx, eax, 0xf4240

loc_fffb0b7f:
mov dword [ebx + 0x187b], edx
jmp short loc_fffb0b91  ; jmp 0xfffb0b91

loc_fffb0b87:
mov dword [ebx + 0x187b], 0x5f5e100

loc_fffb0b91:
cmp byte [edi], 5
mov dl, byte [ebx + 0x2406]
jbe short loc_fffb0bac  ; jbe 0xfffb0bac
mov al, byte [esi + 0x6a]
and edx, 0xffffffbf
and eax, 1
shl eax, 6
or edx, eax
jmp short loc_fffb0baf  ; jmp 0xfffb0baf

loc_fffb0bac:
or edx, 0x40

loc_fffb0baf:
mov byte [ebx + 0x2406], dl
cmp byte [edi], 8
jbe short loc_fffb0be8  ; jbe 0xfffb0be8
mov eax, dword [edi + 1]
mov eax, dword [eax + 0x2b]
shr eax, 0x14
mov dword [ebx + 0x18e1], eax
mov al, byte [esi + 0x6d]
mov byte [ebx + 0x1917], al
mov ax, word [esi + 0x6e]
mov word [ebx + 0x1918], ax
mov al, byte [esi + 0x70]
mov byte [ebx + 0x191a], al
jmp short loc_fffb0c09  ; jmp 0xfffb0c09

loc_fffb0be8:
mov dword [ebx + 0x18e1], 4
mov byte [ebx + 0x1917], 2
mov word [ebx + 0x1918], 0x30ce
mov byte [ebx + 0x191a], 1

loc_fffb0c09:
cmp byte [edi], 9
jbe loc_fffb0f0e  ; jbe 0xfffb0f0e
mov al, byte [esi + 0x71]
mov byte [ebx + 0x1923], al
mov al, byte [esi + 0x72]
mov byte [ebx + 0x1924], al
mov al, byte [esi + 0x73]
mov byte [ebx + 0x1925], al
mov al, byte [esi + 0x74]
mov byte [ebx + 0x1926], al
mov eax, dword [ebx + 0x1887]
cmp eax, 0x40650
je short loc_fffb0c4c  ; je 0xfffb0c4c
cmp dword [ebx + 0x188b], 1
jne short loc_fffb0c55  ; jne 0xfffb0c55

loc_fffb0c4c:
mov dl, byte [esi + 0x75]
mov byte [ebx + 0x1927], dl

loc_fffb0c55:
mov dl, byte [esi + 0x76]
mov byte [ebx + 0x1928], dl
mov dl, byte [esi + 0x77]
mov byte [ebx + 0x1929], dl
mov dl, byte [esi + 0x78]
mov byte [ebx + 0x192a], dl
mov dl, byte [esi + 0x79]
mov byte [ebx + 0x192b], dl
mov dl, byte [esi + 0x7a]
mov byte [ebx + 0x192c], dl
mov dl, byte [esi + 0x7b]
mov byte [ebx + 0x192e], dl
mov dl, byte [esi + 0x7c]
mov byte [ebx + 0x192d], dl
mov dl, byte [esi + 0x7d]
mov byte [ebx + 0x192f], dl
mov dl, byte [esi + 0x7e]
mov byte [ebx + 0x1930], dl
mov dl, byte [esi + 0x7f]
mov byte [ebx + 0x1931], dl
mov dl, byte [esi + 0x80]
mov byte [ebx + 0x1932], dl
mov dx, word [esi + 0x81]
mov word [ebx + 0x1933], dx
mov dl, byte [esi + 0x83]
mov byte [ebx + 0x1935], dl
mov dl, byte [esi + 0x84]
mov byte [ebx + 0x1936], dl
mov dl, byte [esi + 0x85]
mov byte [ebx + 0x1937], dl
mov dx, word [esi + 0x86]
mov word [ebx + 0x1938], dx
mov dl, byte [esi + 0x88]
mov byte [ebx + 0x193a], dl
mov dl, byte [esi + 0x89]
mov byte [ebx + 0x193b], dl
mov dl, byte [esi + 0x8a]
mov byte [ebx + 0x193c], dl
mov dl, byte [esi + 0x8b]
mov byte [ebx + 0x193d], dl
mov dl, byte [esi + 0x8c]
mov byte [ebx + 0x193e], dl
mov dl, byte [esi + 0x8d]
mov byte [ebx + 0x193f], dl
mov dl, byte [esi + 0x8e]
mov byte [ebx + 0x1940], dl
mov dl, byte [esi + 0x8f]
mov byte [ebx + 0x1941], dl
mov dl, byte [esi + 0x90]
mov byte [ebx + 0x1942], dl
mov dl, byte [esi + 0x91]
mov byte [ebx + 0x1943], dl
mov dl, byte [esi + 0x92]
mov byte [ebx + 0x1944], dl
mov dl, byte [esi + 0x93]
mov byte [ebx + 0x1945], dl
mov dl, byte [esi + 0x94]
mov byte [ebx + 0x1946], dl
mov dl, byte [esi + 0x95]
mov byte [ebx + 0x1947], dl
mov dl, byte [esi + 0x96]
mov byte [ebx + 0x1948], dl
mov dl, byte [esi + 0x97]
mov byte [ebx + 0x1949], dl
mov dl, byte [esi + 0x98]
mov byte [ebx + 0x194b], dl
mov dl, byte [esi + 0x99]
mov byte [ebx + 0x194a], dl
mov dl, byte [esi + 0xa2]
mov byte [ebx + 0x194d], dl
mov dl, byte [esi + 0xa3]
mov byte [ebx + 0x194c], dl
mov dl, byte [esi + 0x9a]
mov byte [ebx + 0x194f], dl
mov dl, byte [esi + 0x9b]
mov byte [ebx + 0x194e], dl
mov dl, byte [esi + 0xa4]
mov byte [ebx + 0x1951], dl
mov dl, byte [esi + 0xa5]
mov byte [ebx + 0x1950], dl
mov dl, byte [esi + 0x9c]
mov byte [ebx + 0x1953], dl
mov dl, byte [esi + 0x9d]
mov byte [ebx + 0x1952], dl
mov dl, byte [esi + 0xa6]
mov byte [ebx + 0x1955], dl
mov dl, byte [esi + 0xa7]
mov byte [ebx + 0x1954], dl
mov dl, byte [esi + 0x9e]
mov byte [ebx + 0x1957], dl
mov dl, byte [esi + 0x9f]
mov byte [ebx + 0x1956], dl
mov dl, byte [esi + 0xa8]
mov byte [ebx + 0x1959], dl
mov dl, byte [esi + 0xa9]
mov byte [ebx + 0x1958], dl
mov dl, byte [esi + 0xa0]
mov byte [ebx + 0x195b], dl
mov dl, byte [esi + 0xa1]
mov byte [ebx + 0x195a], dl
mov dl, byte [esi + 0xaa]
mov byte [ebx + 0x195d], dl
mov dl, byte [esi + 0xab]
mov byte [ebx + 0x195c], dl
mov dl, byte [esi + 0xac]
mov byte [ebx + 0x195e], dl
mov dx, word [esi + 0xad]
mov word [ebx + 0x195f], dx
mov dl, byte [esi + 0xaf]
mov byte [ebx + 0x1961], dl
mov dl, byte [esi + 0xb0]
mov byte [ebx + 0x1962], dl
cmp eax, 0x40650
je short loc_fffb0ef1  ; je 0xfffb0ef1
cmp dword [ebx + 0x188b], 1
jne loc_fffb1045  ; jne 0xfffb1045

loc_fffb0ef1:
mov al, byte [esi + 0xb1]
mov byte [ebx + 0x1963], al
mov al, byte [esi + 0xb2]
mov byte [ebx + 0x1964], al
jmp near loc_fffb1045  ; jmp 0xfffb1045

loc_fffb0f0e:
mov ecx, dword [ebx + 0x1887]
mov byte [ebx + 0x1923], 0
mov byte [ebx + 0x1924], 0
mov byte [ebx + 0x1925], 0
mov byte [ebx + 0x1926], 1
cmp ecx, 0x40650
je short loc_fffb0f41  ; je 0xfffb0f41
cmp dword [ebx + 0x188b], 1
jne short loc_fffb0f48  ; jne 0xfffb0f48

loc_fffb0f41:
mov byte [ebx + 0x1927], 0

loc_fffb0f48:
mov byte [ebx + 0x1928], 0
lea eax, [ebx + 0x193a]
xor edx, edx
mov byte [ebx + 0x1929], 1
mov byte [ebx + 0x192a], 0
mov byte [ebx + 0x192c], 3
mov byte [ebx + 0x192f], 0
mov byte [ebx + 0x1930], 0
mov byte [ebx + 0x1931], 0
mov byte [ebx + 0x1932], 0
mov word [ebx + 0x1933], 0
mov byte [ebx + 0x1935], 0
mov byte [ebx + 0x1936], 0
mov byte [ebx + 0x1937], 0
mov word [ebx + 0x1938], 0

loc_fffb0faf:
mov byte [ebx + edx + 0x192d], 0
inc edx
add eax, 2
mov byte [eax - 2], 0xff
mov byte [eax + 2], 0xff
mov byte [eax + 6], 0xff
mov byte [eax + 0xa], 0xff
mov byte [eax + 0xe], 0
mov byte [eax + 0x12], 0
mov byte [eax + 0x16], 0
mov byte [eax + 0x1a], 0
mov byte [eax + 0x1e], 0
mov byte [eax - 1], 0xff
mov byte [eax + 3], 0xff
mov byte [eax + 7], 0xff
mov byte [eax + 0xb], 0xff
mov byte [eax + 0xf], 0
mov byte [eax + 0x13], 0
mov byte [eax + 0x17], 0
mov byte [eax + 0x1b], 0
mov byte [eax + 0x1f], 0
cmp edx, 2
jne short loc_fffb0faf  ; jne 0xfffb0faf
mov byte [ebx + 0x195e], 1
mov word [ebx + 0x195f], 0x200
mov byte [ebx + 0x1961], 0
mov byte [ebx + 0x1962], 0x30
cmp ecx, 0x40650
je short loc_fffb1037  ; je 0xfffb1037
cmp dword [ebx + 0x188b], 1
jne short loc_fffb1045  ; jne 0xfffb1045

loc_fffb1037:
mov byte [ebx + 0x1963], 1
mov byte [ebx + 0x1964], 0x40

loc_fffb1045:
cmp byte [edi], 0xa
jbe short loc_fffb1070  ; jbe 0xfffb1070
mov al, byte [esi + 0xc2]
mov byte [ebx + 0x18b7], al
mov al, byte [esi + 0xc3]
mov byte [ebx + 0x18b8], al
mov al, byte [esi + 0xc4]
mov byte [ebx + 0x2411], al
jmp short loc_fffb1085  ; jmp 0xfffb1085

loc_fffb1070:
mov byte [ebx + 0x18b7], 1
mov byte [ebx + 0x18b8], 1
mov byte [ebx + 0x2411], 0

loc_fffb1085:
cmp byte [edi], 0xb
mov al, byte [ebx + 0x2404]
jbe short loc_fffb10a3  ; jbe 0xfffb10a3
mov dl, byte [esi + 0xc5]
and eax, 0xfffffff7
and edx, 1
shl edx, 3
or eax, edx
jmp short loc_fffb10a6  ; jmp 0xfffb10a6

loc_fffb10a3:
or eax, 8

loc_fffb10a6:
mov byte [ebx + 0x2404], al
mov cl, byte [ebx + 0x2405]
cmp byte [edi], 0xe
jbe loc_fffb115e  ; jbe 0xfffb115e
mov al, byte [esi + 0xf3]
and ecx, 0xffffffef
mov dl, cl
xor ecx, ecx
mov byte [ebx + 0x1965], al
mov al, byte [esi + 0xce]
and eax, 1
shl eax, 4
or edx, eax
mov byte [ebx + 0x2405], dl
mov al, byte [esi + 0xcf]
mov byte [ebx + 0x190d], al
mov al, byte [esi + 0xd1]
mov byte [ebx + 0x2420], al

loc_fffb10fa:
mov eax, dword [esi + ecx + 0xd2]
mov edx, dword [esi + ecx + 0xd6]
mov dword [ebx + ecx + 0x2421], eax
mov dword [ebx + ecx + 0x2425], edx
add ecx, 8
cmp ecx, 0x20
jne short loc_fffb10fa  ; jne 0xfffb10fa
mov al, byte [esi + 0xd0]
mov byte [ebx + 0x240f], al
mov al, byte [esi + 0xf4]
mov byte [ebx + 0x191b], al
mov eax, dword [esi + 0xf5]
mov dword [ebx + 0x191c], eax
mov ax, word [esi + 0xf9]
mov word [ebx + 0x1920], ax
mov al, byte [esi + 0xfb]
mov byte [ebx + 0x1922], al
jmp short loc_fffb11b5  ; jmp 0xfffb11b5

loc_fffb115e:
cmp dword [ebx + 0x188b], 1
mov al, cl
mov byte [ebx + 0x1965], 1
mov byte [ebx + 0x190d], 0
setne dl
and eax, 0xffffffef
shl edx, 4
or eax, edx
mov byte [ebx + 0x2405], al
mov byte [ebx + 0x2420], 0
mov byte [ebx + 0x240f], 1
mov byte [ebx + 0x191b], 1
mov dword [ebx + 0x191c], 0x320
mov word [ebx + 0x1920], 0x118
mov byte [ebx + 0x1922], 7

loc_fffb11b5:
cmp byte [edi], 0xf
mov dl, byte [ebx + 0x2405]
jbe short loc_fffb11df  ; jbe 0xfffb11df
mov al, byte [esi + 0xfc]
and edx, 0xffffffdf
mov byte [ebx + 0x2410], al
mov al, byte [esi + 0xfd]
and eax, 1
shl eax, 5
or edx, eax
jmp short loc_fffb11e9  ; jmp 0xfffb11e9

loc_fffb11df:
mov byte [ebx + 0x2410], 0
and edx, 0xffffffdf

loc_fffb11e9:
mov byte [ebx + 0x2405], dl
cmp byte [edi], 0x11
jbe short loc_fffb121c  ; jbe 0xfffb121c
movzx eax, byte [esi + 0xfe]
mov dword [ebx + 0x190e], eax
movzx eax, byte [esi + 0xff]
mov dword [ebx + 0x1912], eax
mov al, byte [esi + 0x100]
mov byte [ebx + 0x1916], al
jmp short loc_fffb1237  ; jmp 0xfffb1237

loc_fffb121c:
mov dword [ebx + 0x190e], 0
mov dword [ebx + 0x1912], 0xe
mov byte [ebx + 0x1916], 0

loc_fffb1237:
cmp byte [edi], 0x12
mov byte [ebp - 0x45], 0xff
jbe short loc_fffb1249  ; jbe 0xfffb1249
mov al, byte [esi + 0x101]
mov byte [ebp - 0x45], al

loc_fffb1249:
mov dword [ebx + 0x189f], 0
mov byte [ebx + 0x189e], 0
mov al, byte [esi + 0xc7]
mov byte [ebx + 0x241f], al
mov al, byte [esi + 0xcc]
mov byte [ebx + 0x2441], 0
mov byte [ebx + 0x240c], al
mov al, byte [esi + 0x11]
mov byte [ebx + 0x18b4], al
mov al, byte [esi + 0x2c]
mov byte [ebx + 0x18b6], al
mov al, byte [esi]
mov byte [ebx + 0x18b1], al
mov al, byte [edi + 0x22]
mov byte [ebx + 0x2408], al
mov eax, dword [ebx + 0x1887]
cmp eax, 0x40650
je short loc_fffb12b6  ; je 0xfffb12b6
cmp dword [ebx + 0x188b], 1
jne loc_fffb1369  ; jne 0xfffb1369

loc_fffb12b6:
mov dl, byte [esi + 0x57]
mov byte [ebx + 0x2409], dl
cmp eax, 0x40670
je short loc_fffb12cd  ; je 0xfffb12cd
mov byte [ebx + 0x240a], 0

loc_fffb12cd:
cmp dword [ebx + 0x188b], 1
jne loc_fffb1369  ; jne 0xfffb1369
mov eax, dword [ebp - 0x30]
mov byte [ebx + 0x240b], 0
mov eax, dword [eax + 0x80]
test eax, eax
je short loc_fffb1301  ; je 0xfffb1301
lea edx, [ebp - 0x20]
push edx
lea edx, [ebp - 0x1c]
push edx
push 0x1b
push 1
call eax
add esp, 0x10
jmp short loc_fffb1308  ; jmp 0xfffb1308

loc_fffb1301:
mov dword [ebp - 0x1c], 0

loc_fffb1308:
cmp dword [ebp - 0x1c], 0
je short loc_fffb1359  ; je 0xfffb1359
mov dx, word [ebp - 0x1a]
mov ecx, 0xb
xor eax, eax
mov word [ebp - 0x2c], 0x4e20
and edx, 0xfff
mov dword [ebp - 0x38], edx

loc_fffb1328:
mov edx, dword [ebp - 0x38]
sar edx, cl
mov dword [ebp - 0x34], edx
mov edx, dword [ebp - 0x2c]
add edx, eax
test byte [ebp - 0x34], 1
cmovne eax, edx
dec ecx
shr word [ebp - 0x2c], 1
cmp ecx, 0xffffffff
jne short loc_fffb1328  ; jne 0xfffb1328
mov ecx, 0xa
xor edx, edx
div cx
mov word [ebx + 0x1902], ax
jmp short loc_fffb1362  ; jmp 0xfffb1362

loc_fffb1359:
mov word [ebx + 0x1902], 0x352

loc_fffb1362:
mov byte [ebx + 0x240d], 0

loc_fffb1369:
movzx eax, byte [ebp - 0x44]
lea ecx, [ebx + 0x19bb]
mov byte [ebx + 0x196a], 0
mov dword [ebp - 0x2c], 0
mov dword [ebp - 0x50], eax

loc_fffb1384:
mov edx, dword [ebp - 0x2c]
mov al, byte [ebp - 0x45]
mov byte [ebp - 0x34], dl
cmp dl, al
je short loc_fffb13de  ; je 0xfffb13de
mov eax, dword [ebp - 0x2c]
mov al, byte [esi + eax + 0x2a]
cmp al, 2
je short loc_fffb13b7  ; je 0xfffb13b7
cmp al, 3
je short loc_fffb13de  ; je 0xfffb13de
dec al
jne short loc_fffb13ff  ; jne 0xfffb13ff
mov dword [ecx - 0x48], 1
mov dword [ecx + 0x22f], 0
jmp short loc_fffb13c8  ; jmp 0xfffb13c8

loc_fffb13b7:
mov dword [ecx - 0x48], 0
mov dword [ecx + 0x22f], 1

loc_fffb13c8:
mov dword [ecx - 0x50], 2
inc byte [ebx + 0x196a]
mov dword [ecx - 0x4c], 1
jmp short loc_fffb1424  ; jmp 0xfffb1424

loc_fffb13de:
mov dword [ecx - 0x48], 1
mov dword [ecx + 0x22f], 1
mov dword [ecx - 0x50], 1
mov dword [ecx - 0x4c], 0
jmp short loc_fffb1424  ; jmp 0xfffb1424

loc_fffb13ff:
mov dword [ecx - 0x48], 0
mov dword [ecx + 0x22f], 0
mov dword [ecx - 0x50], 2
inc byte [ebx + 0x196a]
mov dword [ecx - 0x4c], 2

loc_fffb1424:
mov edx, dword [ebp - 0x40]
push eax
imul eax, dword [ebp - 0x2c], 0xc
push 0xc
add eax, dword [edx + 0xd4]
mov dword [ebp - 0x38], ecx
push eax
lea eax, [ecx + 0x4ee]
push eax
mov eax, dword [ebp - 0x30]
call dword [eax + 0x58]  ; ucall
mov edx, dword [ebp - 0x40]
add esp, 0xc
push 8
mov ecx, dword [ebp - 0x2c]
mov eax, dword [edx + 0xd8]
lea eax, [eax + ecx*8]
mov ecx, dword [ebp - 0x38]
push eax
lea eax, [ecx + 0x4a6]
push eax
mov eax, dword [ebp - 0x30]
call dword [eax + 0x58]  ; ucall
mov al, byte [ebp - 0x34]
add esp, 0x10
mov ecx, dword [ebp - 0x38]
mov dword [ebp - 0x38], 0
add eax, eax
mov byte [ebp - 0x47], al
mov al, byte [ebp - 0x2c]
mov dword [ebp - 0x34], ecx
and eax, 7
mov byte [ebp - 0x46], al
shl byte [ebp - 0x46], 4

loc_fffb148f:
mov dword [ebp - 0x54], ecx
mov ecx, dword [ebp - 0x34]
mov edx, dword [edi + 1]
mov eax, ecx
sub eax, 0x48
mov dword [ebp - 0x4c], eax
mov al, byte [ebp - 0x47]
add eax, dword [ebp - 0x38]
movzx eax, al
mov al, byte [edx + eax]
mov edx, dword [ebp - 0x30]
mov byte [ecx + 0x22e], al
push eax
push 3
push ref_fffd3980  ; push 0xfffd3980
lea eax, [ecx - 4]
push eax
call dword [edx + 0x58]  ; ucall
mov ecx, dword [ebp - 0x34]
add esp, 0x10
mov al, byte [ebp - 0x38]
mov cl, byte [ecx + 0x22e]
and eax, 0xf
test cl, cl
setne dl
or al, byte [ebp - 0x46]
mov byte [ebp - 0x48], cl
mov cl, dl
shl ecx, 7
or eax, ecx
mov ecx, dword [ebp - 0x4c]
mov byte [ecx + 0x47], al
mov ecx, dword [ebp - 0x34]
cmp dword [ecx - 0x48], 1
mov ecx, dword [ebp - 0x54]
ja short loc_fffb1567  ; ja 0xfffb1567
test dl, dl
je short loc_fffb1538  ; je 0xfffb1538
mov eax, dword [ebp - 0x44]
cmp eax, 3
sete dl
test eax, eax
sete al
or dl, al
je short loc_fffb1567  ; je 0xfffb1567
push edx
movzx eax, byte [ebp - 0x48]
push 0x41
push ref_fffd3900  ; push 0xfffd3900
push 0x3c
push ref_fffd3944  ; push 0xfffd3944
push dword [ebp - 0x34]
mov dword [ebp - 0x4c], ecx
push eax
mov eax, dword [ebp - 0x30]
push dword [ebp - 0x50]
call dword [eax + 0x78]  ; ucall
add esp, 0x20
jmp short loc_fffb1564  ; jmp 0xfffb1564

loc_fffb1538:
mov dword [ebp - 0x4c], ecx
mov ecx, dword [ebp - 0x2c]
push eax
push 0x200
mov eax, ecx
add eax, ecx
mov ecx, dword [ebp - 0x40]
add eax, dword [ebp - 0x38]
shl eax, 9
add eax, dword [ecx + 0xd0]
push eax
mov eax, dword [ebp - 0x30]
push dword [ebp - 0x34]
call dword [eax + 0x58]  ; ucall
add esp, 0x10

loc_fffb1564:
mov ecx, dword [ebp - 0x4c]

loc_fffb1567:
inc dword [ebp - 0x38]
add dword [ebp - 0x34], 0x277
cmp dword [ebp - 0x38], 2
jne loc_fffb148f  ; jne 0xfffb148f
inc dword [ebp - 0x2c]
add ecx, 0x54a
cmp dword [ebp - 0x2c], 2
jne loc_fffb1384  ; jne 0xfffb1384
mov eax, dword [ebp - 0x44]
mov edx, edi
cmp eax, 2
je short loc_fffb15af  ; je 0xfffb15af
cmp eax, 3
je short loc_fffb15be  ; je 0xfffb15be
dec eax
mov eax, dword [ebp - 0x3c]
jne short loc_fffb15cd  ; jne 0xfffb15cd
call fcn_fffc3d1e  ; call 0xfffc3d1e
mov eax, 1
jmp short loc_fffb15d4  ; jmp 0xfffb15d4

loc_fffb15af:
mov eax, dword [ebp - 0x3c]
call fcn_fffc3d1e  ; call 0xfffc3d1e
mov eax, 2
jmp short loc_fffb15d4  ; jmp 0xfffb15d4

loc_fffb15be:
mov eax, dword [ebp - 0x3c]
call fcn_fffc3d1e  ; call 0xfffc3d1e
mov eax, 3
jmp short loc_fffb15d4  ; jmp 0xfffb15d4

loc_fffb15cd:
call fcn_fffc3d1e  ; call 0xfffc3d1e
xor eax, eax

loc_fffb15d4:
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb15dc:  ; not directly referenced
push ebp
mov eax, 1
mov ebp, esp
movzx ecx, byte [ebp + 0x10]
push esi
movzx esi, byte [ebp + 0xc]
mov edx, dword [ebp + 8]
push ebx
sub ecx, esi
shl eax, cl
mov ecx, esi
dec eax
movzx ebx, dl
shl eax, cl
lea ecx, [esi - 1]
sar ebx, cl
test ebx, ebx
je short loc_fffb160a  ; je 0xfffb160a
or eax, edx
jmp short loc_fffb160e  ; jmp 0xfffb160e

loc_fffb160a:  ; not directly referenced
not eax
and eax, edx

loc_fffb160e:  ; not directly referenced
pop ebx
pop esi
pop ebp
ret

fcn_fffb1612:  ; not directly referenced
push ebp
mov ebp, esp
movzx eax, byte [ebp + 0xc]
imul eax, eax, 0x13c3
add eax, dword [ebp + 8]
pop ebp
cmp dword [eax + 0x130b], 2
sete al
movzx eax, al
ret

fcn_fffb1631:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x10]
mov ecx, dword [ebp + 0xc]
mov edx, dword [eax + 0xd5]
and edx, 0xfffffffd
dec edx
jne short loc_fffb164b  ; jne 0xfffb164b
mov dl, byte [ecx + 0x3e]
jmp short loc_fffb1651  ; jmp 0xfffb1651

loc_fffb164b:  ; not directly referenced
mov dl, byte [ecx + 0x82]

loc_fffb1651:  ; not directly referenced
mov cl, dl
and edx, 0x1f
shr cl, 7
movzx ecx, cl
shl ecx, 5
or edx, ecx
mov byte [eax + 0xf5], dl
mov eax, 1
pop ebp
ret

fcn_fffb166e:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x3c
mov eax, dword [ebp + 8]
mov dword [ebp - 0x3c], 0
mov dword [ebp - 0x20], 0
mov edi, dword [eax + 0x1887]
mov dword [ebp - 0x2c], edi
lea edi, [eax + 0x2407]
mov dword [ebp - 0x48], edi

loc_fffb169a:  ; not directly referenced
mov edi, dword [ebp - 0x20]
mov edx, 0x4b0
lea ecx, [edi - 2]
cmp ecx, 1
ja short loc_fffb16cc  ; ja 0xfffb16cc
cmp byte [eax + 0x374a], 0
jne short loc_fffb16ca  ; jne 0xfffb16ca

loc_fffb16b3:  ; not directly referenced
inc dword [ebp - 0x20]
add dword [ebp - 0x3c], 0x23
cmp dword [ebp - 0x20], 4
jne short loc_fffb169a  ; jne 0xfffb169a
mov edx, 0xfffffffe
jmp near loc_fffb193b  ; jmp 0xfffb193b

loc_fffb16ca:  ; not directly referenced
xor edx, edx

loc_fffb16cc:  ; not directly referenced
mov edi, dword [ebp - 0x20]
mov dword [ebp + edi*4 - 0x1c], edx
mov edi, dword [ebp - 0x3c]
lea edx, [eax + 0x1973]
mov dword [ebp - 0x30], edx
lea edx, [eax + 0x3757]
mov dword [ebp - 0x28], edx
lea ebx, [edi + 0x18b]
add edi, 0xbb
mov dword [ebp - 0x40], ebx
mov dword [ebp - 0x44], edi

loc_fffb16fa:  ; not directly referenced
mov edx, dword [ebp - 0x30]
mov dword [ebp - 0x24], 0
mov dword [ebp - 0x38], edx

loc_fffb1707:  ; not directly referenced
mov ebx, dword [ebp - 0x28]
mov edi, dword [ebp - 0x24]
cmp dword [ebx + edi + 0x1173], 2
jne loc_fffb1901  ; jne 0xfffb1901
mov edi, dword [ebp - 0x20]
cmp edi, 1
je loc_fffb17c7  ; je 0xfffb17c7
jb loc_fffb17d5  ; jb 0xfffb17d5
cmp edi, 3
ja loc_fffb17d5  ; ja 0xfffb17d5
mov edx, ebx
mov ebx, dword [ebp - 0x24]
cmp edi, 2
mov dl, byte [edx + ebx + 0x1269]
jne short loc_fffb1754  ; jne 0xfffb1754
and dl, 1
jne short loc_fffb175f  ; jne 0xfffb175f
xor di, di
jmp near loc_fffb18f1  ; jmp 0xfffb18f1

loc_fffb1754:  ; not directly referenced
xor edi, edi
and dl, 2
je loc_fffb18f1  ; je 0xfffb18f1

loc_fffb175f:  ; not directly referenced
mov edi, dword [ebp - 0x28]
mov edx, dword [ebp - 0x24]
mov ecx, dword [ebp - 0x44]
mov ebx, dword [ebp - 0x40]
mov edx, dword [edi + edx + 0x1248]
mov edi, dword [ebp - 0x38]
and edx, 0xfffffffd
add ebx, edi
add ecx, edi
dec edx
mov edx, 0x3e7
cmovne ecx, ebx
mov edi, 0x672
mov cl, byte [ecx]
mov ebx, ecx
and ebx, 0x1f
imul ebx, ebx, 0x32
cmp ebx, 0x3e7
cmovbe edx, ebx
mov ebx, 0x4b0
shr cl, 5
and ecx, 3
imul ecx, ecx, 0x3e8
add edx, ecx
cmp edx, 0x4b0
cmovae ebx, edx
cmp ebx, 0x672
cmovbe edi, ebx
jmp near loc_fffb18f1  ; jmp 0xfffb18f1

loc_fffb17c7:  ; not directly referenced
mov edi, dword [eax + 0x18a3]
test edi, edi
jne loc_fffb18f1  ; jne 0xfffb18f1

loc_fffb17d5:  ; not directly referenced
mov edi, dword [ebp - 0x24]
mov ebx, dword [ebp - 0x28]
mov edx, dword [ebx + edi + 0x1248]
mov edi, 0x4b0
and edx, 0xfffffffd
dec edx
jne loc_fffb18f1  ; jne 0xfffb18f1
mov edx, dword [ebp - 0x38]
mov edi, dword [ebp - 0x2c]
mov cl, byte [edx + 0x4e]
mov dl, cl
mov bl, cl
and edx, 1
shr bl, 1
xor edx, 1
shr cl, 2
mov byte [ebp - 0x31], bl
mov byte [ebp - 0x32], cl
and byte [ebp - 0x31], 1
and byte [ebp - 0x32], 1
cmp edi, 0x40650
je short loc_fffb184b  ; je 0xfffb184b
cmp edi, 0x40660
sete bl
cmp edi, 0x306c0
sete cl
or bl, cl
jne short loc_fffb184b  ; jne 0xfffb184b
cmp edi, 0x40670
sete bl
cmp edi, 0x306d0
sete cl
or bl, cl
je short loc_fffb1890  ; je 0xfffb1890

loc_fffb184b:  ; not directly referenced
mov bl, byte [ebp - 0x32]
and esi, 0xfffffff9
mov cl, byte [ebp - 0x31]
and ebx, 1
add ebx, ebx
and ecx, 1
shl ecx, 2
or esi, ebx
or esi, ecx
and esi, 0xfffffff7
lea ecx, [edx*8]
or esi, ecx
mov ecx, esi
and ecx, 4
cmp cl, 1
sbb edi, edi
and edi, 0x96
add edi, 0x546
cmp dword [ebp - 0x2c], 0x40650
jne short loc_fffb1895  ; jne 0xfffb1895
jmp short loc_fffb18ae  ; jmp 0xfffb18ae

loc_fffb1890:  ; not directly referenced
mov edi, 0x5dc

loc_fffb1895:  ; not directly referenced
mov ecx, dword [ebp - 0x2c]
cmp ecx, 0x40670
sete bl
cmp ecx, 0x306d0
sete cl
or bl, cl
je short loc_fffb18dc  ; je 0xfffb18dc

loc_fffb18ae:  ; not directly referenced
mov cl, byte [ebp - 0x32]
and esi, 0xfffffff9
mov bl, byte [ebp - 0x31]
shl edx, 3
and ecx, 1
add ecx, ecx
and ebx, 1
shl ebx, 2
or esi, ecx
or esi, ebx
and esi, 0xfffffff7
or esi, edx
mov edx, 0x4b0
test esi, 2
cmovne edi, edx

loc_fffb18dc:  ; not directly referenced
cmp dword [ebp - 0x20], 0
jne short loc_fffb18f1  ; jne 0xfffb18f1
cmp dword [eax + 0x187f], 1
mov ebx, 0x5dc
cmove edi, ebx

loc_fffb18f1:  ; not directly referenced
mov ebx, dword [ebp - 0x20]
mov edx, dword [ebp + ebx*4 - 0x1c]
cmp edi, edx
cmovb edi, edx
mov dword [ebp + ebx*4 - 0x1c], edi

loc_fffb1901:  ; not directly referenced
add dword [ebp - 0x24], 0x128
add dword [ebp - 0x38], 0x277
cmp dword [ebp - 0x24], 0x250
jne loc_fffb1707  ; jne 0xfffb1707
add dword [ebp - 0x30], 0x54a
mov edi, dword [ebp - 0x48]
add dword [ebp - 0x28], 0x13c3
cmp dword [ebp - 0x30], edi
jne loc_fffb16fa  ; jne 0xfffb16fa
jmp near loc_fffb16b3  ; jmp 0xfffb16b3

loc_fffb193b:  ; not directly referenced
cmp edx, 1
ja short loc_fffb1949  ; ja 0xfffb1949
cmp byte [eax + 0x374a], 0
je short loc_fffb1970  ; je 0xfffb1970

loc_fffb1949:  ; not directly referenced
mov ecx, dword [ebp + edx*4 - 0x14]
mov dword [eax + edx*4 + 0x373e], ecx
mov dword [eax + edx*4 + 0x498e], ecx
mov dword [eax + edx*4 + 0x4ab6], ecx
mov dword [eax + edx*4 + 0x5d51], ecx
mov dword [eax + edx*4 + 0x5e79], ecx

loc_fffb1970:  ; not directly referenced
inc edx
cmp edx, 2
jne short loc_fffb193b  ; jne 0xfffb193b
add esp, 0x3c
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb1983:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x34
mov edi, dword [ebp + 8]

loc_fffb1991:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffb19b8  ; ja 0xfffb19b8
cmp byte [edi + 0x374a], 0
jne short loc_fffb19b8  ; jne 0xfffb19b8

loc_fffb19a2:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffb1991  ; jne 0xfffb1991
lea eax, [edi + 0x48d2]
mov ecx, 0xfffffffe
jmp near loc_fffb1af5  ; jmp 0xfffb1af5

loc_fffb19b8:  ; not directly referenced
xor edx, edx
cmp ecx, 1
lea esi, [edi + 0x49c0]
setbe dl
mov dword [ebp - 0x2c], esi
imul eax, eax, 0x23
imul esi, ecx, 0x2e
lea ebx, [ecx*8 - 0x1269]
mov dword [ebp + ecx*4 - 0x1c], edx
mov dword [ebp - 0x24], 0
mov dword [ebp - 0x34], esi
mov dword [ebp - 0x40], ebx
mov dword [ebp - 0x30], eax

loc_fffb19ea:  ; not directly referenced
mov eax, dword [ebp - 0x40]
mov ebx, dword [ebp - 0x2c]
mov dword [ebp - 0x28], 0
add eax, ebx
mov dword [ebp - 0x3c], eax
mov eax, dword [ebp - 0x24]
lea esi, [edi + eax + 0x1973]

loc_fffb1a06:  ; not directly referenced
cmp dword [ebx - 0xf6], 2
jne loc_fffb1abb  ; jne 0xfffb1abb
mov eax, dword [ebp - 0x34]
mov edx, dword [ebp - 0x28]
mov eax, dword [ebx + eax - 0xf2]
mov dword [ebp - 0x20], eax
mov eax, dword [ebp - 0x3c]
mov eax, dword [eax + edx + 0xc9]
mov dword [ebp - 0x38], eax
cmp ecx, 1
je short loc_fffb1a92  ; je 0xfffb1a92
jb short loc_fffb1aa9  ; jb 0xfffb1aa9
cmp ecx, 3
ja short loc_fffb1aa9  ; ja 0xfffb1aa9
cmp ecx, 2
mov dl, byte [ebx]
jne short loc_fffb1a4c  ; jne 0xfffb1a4c
and dl, 1
jne short loc_fffb1a53  ; jne 0xfffb1a53
xor eax, eax
jmp short loc_fffb1aae  ; jmp 0xfffb1aae

loc_fffb1a4c:  ; not directly referenced
xor eax, eax
and dl, 2
je short loc_fffb1aae  ; je 0xfffb1aae

loc_fffb1a53:  ; not directly referenced
mov eax, dword [ebx - 0x21]
and eax, 0xfffffffd
dec eax
mov eax, dword [ebp - 0x30]
jne short loc_fffb1a69  ; jne 0xfffb1a69
movzx edx, byte [esi + eax + 0x118]
jmp short loc_fffb1a71  ; jmp 0xfffb1a71

loc_fffb1a69:  ; not directly referenced
movzx edx, byte [esi + eax + 0x1e8]

loc_fffb1a71:  ; not directly referenced
xor eax, eax
cmp dword [ebp - 0x20], 0
je short loc_fffb1aae  ; je 0xfffb1aae
imul edx, dword [ebp - 0x38]
mov eax, dword [ebp - 0x20]
lea eax, [eax + edx - 1]
xor edx, edx
div dword [ebp - 0x20]
mov edx, 2
test eax, eax
jmp short loc_fffb1aa4  ; jmp 0xfffb1aa4

loc_fffb1a92:  ; not directly referenced
mov dx, word [esi + 0x24c]
movzx eax, dx
test dx, dx
mov edx, 1

loc_fffb1aa4:  ; not directly referenced
cmove eax, edx
jmp short loc_fffb1aae  ; jmp 0xfffb1aae

loc_fffb1aa9:  ; not directly referenced
mov eax, 1

loc_fffb1aae:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffb1abb:  ; not directly referenced
add dword [ebp - 0x28], 0x20
add ebx, 0x128
add esi, 0x277
cmp dword [ebp - 0x28], 0x40
jne loc_fffb1a06  ; jne 0xfffb1a06
add dword [ebp - 0x24], 0x54a
add dword [ebp - 0x2c], 0x13c3
cmp dword [ebp - 0x24], 0xa94
jne loc_fffb19ea  ; jne 0xfffb19ea
jmp near loc_fffb19a2  ; jmp 0xfffb19a2

loc_fffb1af5:  ; not directly referenced
cmp ecx, 1
ja short loc_fffb1b03  ; ja 0xfffb1b03
cmp byte [edi + 0x374a], 0
je short loc_fffb1b2d  ; je 0xfffb1b2d

loc_fffb1b03:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffb1b2d:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffb1af5  ; jne 0xfffb1af5
add esp, 0x34
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb1b43:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x24
mov edi, dword [ebp + 8]

loc_fffb1b51:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffb1b78  ; ja 0xfffb1b78
cmp byte [edi + 0x374a], 0
jne short loc_fffb1b78  ; jne 0xfffb1b78

loc_fffb1b62:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffb1b51  ; jne 0xfffb1b51
lea eax, [edi + 0x48fa]
mov ecx, 0xfffffffe
jmp near loc_fffb1c43  ; jmp 0xfffb1c43

loc_fffb1b78:  ; not directly referenced
lea eax, [edi + 0x48ca]
mov dword [ebp - 0x28], eax
imul eax, ecx, 0x2e
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x20], 0
mov dword [ebp - 0x2c], eax

loc_fffb1b96:  ; not directly referenced
mov eax, dword [ebp - 0x20]
mov ebx, dword [ebp - 0x28]
mov dword [ebp - 0x24], 0
lea eax, [edi + eax + 0x196b]
mov dword [ebp - 0x30], eax

loc_fffb1bad:  ; not directly referenced
cmp dword [ebx], 2
jne short loc_fffb1c0d  ; jne 0xfffb1c0d
mov eax, dword [ebp - 0x2c]
mov esi, dword [ebx + eax + 4]
cmp ecx, 1
je short loc_fffb1bc9  ; je 0xfffb1bc9
jb short loc_fffb1bdc  ; jb 0xfffb1bdc
xor eax, eax
cmp ecx, 3
jbe short loc_fffb1bf5  ; jbe 0xfffb1bf5
jmp short loc_fffb1bdc  ; jmp 0xfffb1bdc

loc_fffb1bc9:  ; not directly referenced
mov eax, dword [ebp - 0x30]
mov edx, dword [ebp - 0x24]
movzx eax, word [eax + edx + 0x27a]
test ax, ax
jne short loc_fffb1bf5  ; jne 0xfffb1bf5

loc_fffb1bdc:  ; not directly referenced
xor eax, eax
cmp dword [ebx + 0xd5], 2
jne short loc_fffb1bf5  ; jne 0xfffb1bf5
test esi, esi
je short loc_fffb1bf5  ; je 0xfffb1bf5
lea eax, [esi + 0x26259f]
xor edx, edx
div esi

loc_fffb1bf5:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, 4
mov esi, 4
cmova eax, esi
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffb1c0d:  ; not directly referenced
add dword [ebp - 0x24], 0x277
add ebx, 0x128
cmp dword [ebp - 0x24], 0x4ee
jne short loc_fffb1bad  ; jne 0xfffb1bad
add dword [ebp - 0x20], 0x54a
add dword [ebp - 0x28], 0x13c3
cmp dword [ebp - 0x20], 0xa94
jne loc_fffb1b96  ; jne 0xfffb1b96
jmp near loc_fffb1b62  ; jmp 0xfffb1b62

loc_fffb1c43:  ; not directly referenced
cmp ecx, 1
ja short loc_fffb1c51  ; ja 0xfffb1c51
cmp byte [edi + 0x374a], 0
je short loc_fffb1c7b  ; je 0xfffb1c7b

loc_fffb1c51:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffb1c7b:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffb1c43  ; jne 0xfffb1c43
add esp, 0x24
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb1c91:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x24
mov edi, dword [ebp + 8]

loc_fffb1c9f:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffb1cc6  ; ja 0xfffb1cc6
cmp byte [edi + 0x374a], 0
jne short loc_fffb1cc6  ; jne 0xfffb1cc6

loc_fffb1cb0:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffb1c9f  ; jne 0xfffb1c9f
lea eax, [edi + 0x48f8]
mov ecx, 0xfffffffe
jmp near loc_fffb1d91  ; jmp 0xfffb1d91

loc_fffb1cc6:  ; not directly referenced
lea eax, [edi + 0x48ca]
mov dword [ebp - 0x28], eax
imul eax, ecx, 0x2e
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x20], 0
mov dword [ebp - 0x2c], eax

loc_fffb1ce4:  ; not directly referenced
mov eax, dword [ebp - 0x20]
mov ebx, dword [ebp - 0x28]
mov dword [ebp - 0x24], 0
lea eax, [edi + eax + 0x196b]
mov dword [ebp - 0x30], eax

loc_fffb1cfb:  ; not directly referenced
cmp dword [ebx], 2
jne short loc_fffb1d5b  ; jne 0xfffb1d5b
mov eax, dword [ebp - 0x2c]
mov esi, dword [ebx + eax + 4]
cmp ecx, 1
je short loc_fffb1d17  ; je 0xfffb1d17
jb short loc_fffb1d2a  ; jb 0xfffb1d2a
xor eax, eax
cmp ecx, 3
jbe short loc_fffb1d43  ; jbe 0xfffb1d43
jmp short loc_fffb1d2a  ; jmp 0xfffb1d2a

loc_fffb1d17:  ; not directly referenced
mov eax, dword [ebp - 0x30]
mov edx, dword [ebp - 0x24]
movzx eax, word [eax + edx + 0x27a]
test ax, ax
jne short loc_fffb1d43  ; jne 0xfffb1d43

loc_fffb1d2a:  ; not directly referenced
xor eax, eax
cmp dword [ebx + 0xd5], 2
jne short loc_fffb1d43  ; jne 0xfffb1d43
test esi, esi
je short loc_fffb1d43  ; je 0xfffb1d43
lea eax, [esi + 0x7270df]
xor edx, edx
div esi

loc_fffb1d43:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, 0xb
mov esi, 0xb
cmova eax, esi
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffb1d5b:  ; not directly referenced
add dword [ebp - 0x24], 0x277
add ebx, 0x128
cmp dword [ebp - 0x24], 0x4ee
jne short loc_fffb1cfb  ; jne 0xfffb1cfb
add dword [ebp - 0x20], 0x54a
add dword [ebp - 0x28], 0x13c3
cmp dword [ebp - 0x20], 0xa94
jne loc_fffb1ce4  ; jne 0xfffb1ce4
jmp near loc_fffb1cb0  ; jmp 0xfffb1cb0

loc_fffb1d91:  ; not directly referenced
cmp ecx, 1
ja short loc_fffb1d9f  ; ja 0xfffb1d9f
cmp byte [edi + 0x374a], 0
je short loc_fffb1dc9  ; je 0xfffb1dc9

loc_fffb1d9f:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffb1dc9:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffb1d91  ; jne 0xfffb1d91
add esp, 0x24
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb1ddf:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x30

loc_fffb1dea:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffb1e16  ; ja 0xfffb1e16
mov edi, dword [ebp + 8]
cmp byte [edi + 0x374a], 0
jne short loc_fffb1e16  ; jne 0xfffb1e16

loc_fffb1dfe:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffb1dea  ; jne 0xfffb1dea
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48f6
jmp near loc_fffb1f37  ; jmp 0xfffb1f37

loc_fffb1e16:  ; not directly referenced
mov edi, dword [ebp + 8]
imul esi, ecx, 0x2e
imul eax, eax, 0x23
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x24], 0
lea ebx, [edi + 0x49c0]
mov dword [ebp - 0x2c], ebx
lea ebx, [ecx*8 - 0x1269]
mov dword [ebp - 0x30], esi
mov dword [ebp - 0x38], ebx
mov dword [ebp - 0x3c], eax

loc_fffb1e47:  ; not directly referenced
mov eax, dword [ebp - 0x38]
mov esi, dword [ebp - 0x2c]
mov edi, dword [ebp - 0x24]
mov dword [ebp - 0x20], 0
add eax, esi
mov dword [ebp - 0x34], eax
mov eax, dword [ebp + 8]
lea edi, [eax + edi + 0x1973]

loc_fffb1e66:  ; not directly referenced
cmp dword [esi - 0xf6], 2
jne loc_fffb1efd  ; jne 0xfffb1efd
mov eax, dword [ebp - 0x30]
mov edx, dword [ebp - 0x20]
mov ebx, dword [esi + eax - 0xf2]
mov eax, dword [ebp - 0x34]
mov eax, dword [eax + edx + 0xc9]
mov dword [ebp - 0x28], eax
cmp ecx, 1
je short loc_fffb1ec3  ; je 0xfffb1ec3
jb short loc_fffb1ecf  ; jb 0xfffb1ecf
cmp ecx, 3
ja short loc_fffb1ecf  ; ja 0xfffb1ecf
cmp ecx, 2
mov dl, byte [esi]
jne short loc_fffb1ea9  ; jne 0xfffb1ea9
and dl, 1
jne short loc_fffb1eb0  ; jne 0xfffb1eb0
xor eax, eax
jmp short loc_fffb1ee5  ; jmp 0xfffb1ee5

loc_fffb1ea9:  ; not directly referenced
xor eax, eax
and dl, 2
je short loc_fffb1ee5  ; je 0xfffb1ee5

loc_fffb1eb0:  ; not directly referenced
mov eax, dword [ebp - 0x3c]
movzx edx, byte [edi + eax + 0x115]
xor eax, eax
test ebx, ebx
je short loc_fffb1ee5  ; je 0xfffb1ee5
jmp short loc_fffb1ed9  ; jmp 0xfffb1ed9

loc_fffb1ec3:  ; not directly referenced
movzx eax, word [edi + 0x270]
test ax, ax
jne short loc_fffb1ee5  ; jne 0xfffb1ee5

loc_fffb1ecf:  ; not directly referenced
xor eax, eax
test ebx, ebx
je short loc_fffb1ee5  ; je 0xfffb1ee5
movzx edx, byte [edi + 0x62]

loc_fffb1ed9:  ; not directly referenced
imul edx, dword [ebp - 0x28]
lea eax, [ebx + edx - 1]
xor edx, edx
div ebx

loc_fffb1ee5:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, 0xa
mov ebx, 0xa
cmova eax, ebx
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffb1efd:  ; not directly referenced
add dword [ebp - 0x20], 0x20
add esi, 0x128
add edi, 0x277
cmp dword [ebp - 0x20], 0x40
jne loc_fffb1e66  ; jne 0xfffb1e66
add dword [ebp - 0x24], 0x54a
add dword [ebp - 0x2c], 0x13c3
cmp dword [ebp - 0x24], 0xa94
jne loc_fffb1e47  ; jne 0xfffb1e47
jmp near loc_fffb1dfe  ; jmp 0xfffb1dfe

loc_fffb1f37:  ; not directly referenced
cmp ecx, 1
ja short loc_fffb1f48  ; ja 0xfffb1f48
mov esi, dword [ebp + 8]
cmp byte [esi + 0x374a], 0
je short loc_fffb1f72  ; je 0xfffb1f72

loc_fffb1f48:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffb1f72:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffb1f37  ; jne 0xfffb1f37
add esp, 0x30
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb1f88:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x30
mov dword [ebp - 0x20], 0x10

loc_fffb1f9a:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffb1fb2  ; ja 0xfffb1fb2
mov esi, dword [ebp + 8]
cmp byte [esi + 0x374a], 0
je loc_fffb2107  ; je 0xfffb2107

loc_fffb1fb2:  ; not directly referenced
imul esi, ecx, 0x2e
imul eax, eax, 0x23
lea edi, [ecx*8 + 0x3757]
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x30], esi
mov dword [ebp - 0x24], 0
mov dword [ebp - 0x38], edi
mov dword [ebp - 0x3c], eax

loc_fffb1fd7:  ; not directly referenced
mov edi, dword [ebp - 0x24]
mov esi, dword [ebp - 0x38]
mov dword [ebp - 0x28], 0
imul eax, edi, 0x13c3
imul edx, edi, 0x54a
mov edi, dword [ebp + 8]
lea ebx, [esi + eax]
mov esi, dword [ebp + 8]
add ebx, dword [ebp + 8]
lea edi, [edi + edx + 0x1973]
mov dword [ebp - 0x34], ebx
lea esi, [esi + eax + 0x49c0]

loc_fffb200d:  ; not directly referenced
cmp dword [esi - 0xf6], 2
jne loc_fffb20e0  ; jne 0xfffb20e0
mov eax, dword [ebp - 0x30]
mov edx, dword [ebp - 0x28]
mov ebx, dword [esi + eax - 0xf2]
mov eax, dword [ebp - 0x34]
mov eax, dword [eax + edx + 0xc9]
mov edx, dword [esi - 0x21]
mov dword [ebp - 0x2c], eax
mov eax, 0x18
cmp edx, 2
cmovne eax, dword [ebp - 0x20]
mov dword [ebp - 0x20], eax
cmp ecx, 1
je short loc_fffb2084  ; je 0xfffb2084
jb short loc_fffb2090  ; jb 0xfffb2090
cmp ecx, 3
ja short loc_fffb2090  ; ja 0xfffb2090
cmp ecx, 2
mov dl, byte [esi]
jne short loc_fffb2062  ; jne 0xfffb2062
and dl, 1
jne short loc_fffb2069  ; jne 0xfffb2069
xor eax, eax
jmp short loc_fffb20be  ; jmp 0xfffb20be

loc_fffb2062:  ; not directly referenced
xor eax, eax
and dl, 2
je short loc_fffb20be  ; je 0xfffb20be

loc_fffb2069:  ; not directly referenced
mov eax, dword [ebp - 0x3c]
movzx edx, byte [edi + eax + 0x109]
xor eax, eax
test ebx, ebx
je short loc_fffb20be  ; je 0xfffb20be
imul edx, dword [ebp - 0x2c]
lea eax, [ebx + edx - 1]
jmp short loc_fffb20a7  ; jmp 0xfffb20a7

loc_fffb2084:  ; not directly referenced
movzx eax, word [edi + 0x26e]
test ax, ax
jne short loc_fffb20be  ; jne 0xfffb20be

loc_fffb2090:  ; not directly referenced
xor eax, eax
test ebx, ebx
je short loc_fffb20be  ; je 0xfffb20be
movzx eax, byte [edi + 0x59]
cmp edx, 2
je short loc_fffb20ad  ; je 0xfffb20ad
imul eax, dword [ebp - 0x2c]
lea eax, [ebx + eax - 1]

loc_fffb20a7:  ; not directly referenced
xor edx, edx
div ebx
jmp short loc_fffb20be  ; jmp 0xfffb20be

loc_fffb20ad:  ; not directly referenced
xor edx, edx
mov eax, 0xe4e1c0
div ebx
lea edx, [eax + 1]
test al, 1
cmovne eax, edx

loc_fffb20be:  ; not directly referenced
mov edx, eax
and edx, 0xfffffff9
cmp edx, 9
jne short loc_fffb20cb  ; jne 0xfffb20cb
inc eax
jmp short loc_fffb20d3  ; jmp 0xfffb20d3

loc_fffb20cb:  ; not directly referenced
mov ebx, dword [ebp - 0x20]
cmp eax, ebx
cmova eax, ebx

loc_fffb20d3:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffb20e0:  ; not directly referenced
add dword [ebp - 0x28], 0x20
add esi, 0x128
add edi, 0x277
cmp dword [ebp - 0x28], 0x40
jne loc_fffb200d  ; jne 0xfffb200d
inc dword [ebp - 0x24]
cmp dword [ebp - 0x24], 2
jne loc_fffb1fd7  ; jne 0xfffb1fd7

loc_fffb2107:  ; not directly referenced
inc ecx
cmp ecx, 4
jne loc_fffb1f9a  ; jne 0xfffb1f9a
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48f4

loc_fffb211e:  ; not directly referenced
cmp ecx, 1
ja short loc_fffb212f  ; ja 0xfffb212f
mov edi, dword [ebp + 8]
cmp byte [edi + 0x374a], 0
je short loc_fffb2159  ; je 0xfffb2159

loc_fffb212f:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffb2159:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffb211e  ; jne 0xfffb211e
add esp, 0x30
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb216f:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x30
mov dword [ebp - 0x20], 0xf

loc_fffb2181:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffb2199  ; ja 0xfffb2199
mov esi, dword [ebp + 8]
cmp byte [esi + 0x374a], 0
je loc_fffb22ed  ; je 0xfffb22ed

loc_fffb2199:  ; not directly referenced
imul esi, ecx, 0x2e
imul eax, eax, 0x23
lea edi, [ecx*8 + 0x3757]
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x30], esi
mov dword [ebp - 0x24], 0
mov dword [ebp - 0x38], edi
mov dword [ebp - 0x3c], eax

loc_fffb21be:  ; not directly referenced
mov edi, dword [ebp - 0x24]
mov esi, dword [ebp - 0x38]
mov dword [ebp - 0x28], 0
imul eax, edi, 0x13c3
imul edx, edi, 0x54a
mov edi, dword [ebp + 8]
lea ebx, [esi + eax]
mov esi, dword [ebp + 8]
add ebx, dword [ebp + 8]
lea edi, [edi + edx + 0x1973]
mov dword [ebp - 0x34], ebx
lea esi, [esi + eax + 0x49c0]

loc_fffb21f4:  ; not directly referenced
cmp dword [esi - 0xf6], 2
jne loc_fffb22c6  ; jne 0xfffb22c6
mov eax, dword [ebp - 0x30]
mov edx, dword [ebp - 0x28]
mov ebx, dword [esi + eax - 0xf2]
mov eax, dword [ebp - 0x34]
mov eax, dword [eax + edx + 0xc9]
mov edx, dword [esi - 0x21]
mov dword [ebp - 0x2c], eax
mov eax, 0xc
cmp edx, 2
cmovne eax, dword [ebp - 0x20]
mov dword [ebp - 0x20], eax
cmp ecx, 1
je short loc_fffb226b  ; je 0xfffb226b
jb short loc_fffb2277  ; jb 0xfffb2277
cmp ecx, 3
ja short loc_fffb2277  ; ja 0xfffb2277
cmp ecx, 2
mov dl, byte [esi]
jne short loc_fffb2249  ; jne 0xfffb2249
and dl, 1
jne short loc_fffb2250  ; jne 0xfffb2250
xor eax, eax
jmp short loc_fffb22b1  ; jmp 0xfffb22b1

loc_fffb2249:  ; not directly referenced
xor eax, eax
and dl, 2
je short loc_fffb22b1  ; je 0xfffb22b1

loc_fffb2250:  ; not directly referenced
mov eax, dword [ebp - 0x3c]
movzx edx, byte [edi + eax + 0x111]
xor eax, eax
test ebx, ebx
je short loc_fffb22b1  ; je 0xfffb22b1
imul edx, dword [ebp - 0x2c]
lea eax, [ebx + edx - 1]
jmp short loc_fffb228e  ; jmp 0xfffb228e

loc_fffb226b:  ; not directly referenced
movzx eax, word [edi + 0x26c]
test ax, ax
jne short loc_fffb22b1  ; jne 0xfffb22b1

loc_fffb2277:  ; not directly referenced
xor eax, eax
test ebx, ebx
je short loc_fffb22b1  ; je 0xfffb22b1
movzx eax, byte [edi + 0x63]
cmp edx, 2
je short loc_fffb2294  ; je 0xfffb2294
imul eax, dword [ebp - 0x2c]
lea eax, [ebx + eax - 1]

loc_fffb228e:  ; not directly referenced
xor edx, edx
div ebx
jmp short loc_fffb22b1  ; jmp 0xfffb22b1

loc_fffb2294:  ; not directly referenced
mov eax, 0x7270e0
xor edx, edx
div ebx
mov ebx, eax
mov eax, 5
cmp ebx, 4
jbe short loc_fffb22b1  ; jbe 0xfffb22b1
cmp ebx, 0xb
mov al, 0xc
cmovne eax, ebx

loc_fffb22b1:  ; not directly referenced
mov ebx, dword [ebp - 0x20]
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, ebx
cmova eax, ebx
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffb22c6:  ; not directly referenced
add dword [ebp - 0x28], 0x20
add esi, 0x128
add edi, 0x277
cmp dword [ebp - 0x28], 0x40
jne loc_fffb21f4  ; jne 0xfffb21f4
inc dword [ebp - 0x24]
cmp dword [ebp - 0x24], 2
jne loc_fffb21be  ; jne 0xfffb21be

loc_fffb22ed:  ; not directly referenced
inc ecx
cmp ecx, 4
jne loc_fffb2181  ; jne 0xfffb2181
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48f2

loc_fffb2304:  ; not directly referenced
cmp ecx, 1
ja short loc_fffb2315  ; ja 0xfffb2315
mov edi, dword [ebp + 8]
cmp byte [edi + 0x374a], 0
je short loc_fffb233f  ; je 0xfffb233f

loc_fffb2315:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffb233f:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffb2304  ; jne 0xfffb2304
add esp, 0x30
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb2355:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x34

loc_fffb2360:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffb238c  ; ja 0xfffb238c
mov eax, dword [ebp + 8]
cmp byte [eax + 0x374a], 0
jne short loc_fffb238c  ; jne 0xfffb238c

loc_fffb2374:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffb2360  ; jne 0xfffb2360
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48f0
jmp near loc_fffb24b1  ; jmp 0xfffb24b1

loc_fffb238c:  ; not directly referenced
mov eax, dword [ebp + 8]
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x20], 0
lea edi, [eax + 0x3757]
lea eax, [ecx*8]
mov dword [ebp - 0x30], eax
imul eax, ecx, 0x2e
mov dword [ebp - 0x2c], eax

loc_fffb23b4:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
xor esi, esi
mov ebx, dword [ebp - 0x20]
add eax, edi
mov dword [ebp - 0x40], eax
mov eax, dword [ebp + 8]
lea ebx, [eax + ebx + 0x1973]
mov eax, dword [ebp - 0x30]
add eax, edi
mov dword [ebp - 0x28], eax

loc_fffb23d3:  ; not directly referenced
cmp dword [edi + esi + 0x1173], 2
jne loc_fffb2476  ; jne 0xfffb2476
mov eax, dword [ebp - 0x40]
mov eax, dword [eax + esi + 0x1177]
mov dword [ebp - 0x24], eax
mov eax, dword [ebp - 0x28]
mov edx, dword [eax + 0xc9]
mov eax, dword [eax + 0xcd]
mov dword [ebp - 0x34], edx
mov dword [ebp - 0x38], eax
cmp ecx, 1
je short loc_fffb2413  ; je 0xfffb2413
jb short loc_fffb241f  ; jb 0xfffb241f
xor eax, eax
cmp ecx, 3
jbe short loc_fffb245e  ; jbe 0xfffb245e
jmp short loc_fffb241f  ; jmp 0xfffb241f

loc_fffb2413:  ; not directly referenced
movzx eax, word [ebx + 0x26a]
test ax, ax
jne short loc_fffb245e  ; jne 0xfffb245e

loc_fffb241f:  ; not directly referenced
xor eax, eax
cmp dword [edi + esi + 0x1248], 2
jne short loc_fffb245e  ; jne 0xfffb245e
mov dl, byte [ebx + 0x6e]
cmp dword [ebp - 0x24], 0
mov byte [ebp - 0x39], dl
mov dl, byte [ebx + 0xbf]
mov byte [ebp - 0x3a], dl
je short loc_fffb245e  ; je 0xfffb245e
movzx edx, byte [ebp - 0x39]
imul edx, dword [ebp - 0x34]
mov eax, dword [ebp - 0x24]
lea eax, [eax + edx - 1]
movsx edx, byte [ebp - 0x3a]
imul edx, dword [ebp - 0x38]
add eax, edx
xor edx, edx
div dword [ebp - 0x24]

loc_fffb245e:  ; not directly referenced
cmp eax, 0xa
mov edx, 0xa
cmova eax, edx
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffb2476:  ; not directly referenced
add esi, 0x128
add ebx, 0x277
add dword [ebp - 0x28], 0x20
cmp esi, 0x250
jne loc_fffb23d3  ; jne 0xfffb23d3
add dword [ebp - 0x20], 0x54a
add edi, 0x13c3
cmp dword [ebp - 0x20], 0xa94
jne loc_fffb23b4  ; jne 0xfffb23b4
jmp near loc_fffb2374  ; jmp 0xfffb2374

loc_fffb24b1:  ; not directly referenced
cmp ecx, 1
ja short loc_fffb24c2  ; ja 0xfffb24c2
mov esi, dword [ebp + 8]
cmp byte [esi + 0x374a], 0
je short loc_fffb24ec  ; je 0xfffb24ec

loc_fffb24c2:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffb24ec:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffb24b1  ; jne 0xfffb24b1
add esp, 0x34
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb2502:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x34

loc_fffb250d:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffb2539  ; ja 0xfffb2539
mov eax, dword [ebp + 8]
cmp byte [eax + 0x374a], 0
jne short loc_fffb2539  ; jne 0xfffb2539

loc_fffb2521:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffb250d  ; jne 0xfffb250d
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48ee
jmp near loc_fffb265e  ; jmp 0xfffb265e

loc_fffb2539:  ; not directly referenced
mov eax, dword [ebp + 8]
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x20], 0
lea edi, [eax + 0x3757]
lea eax, [ecx*8]
mov dword [ebp - 0x30], eax
imul eax, ecx, 0x2e
mov dword [ebp - 0x2c], eax

loc_fffb2561:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
xor esi, esi
mov ebx, dword [ebp - 0x20]
add eax, edi
mov dword [ebp - 0x40], eax
mov eax, dword [ebp + 8]
lea ebx, [eax + ebx + 0x1973]
mov eax, dword [ebp - 0x30]
add eax, edi
mov dword [ebp - 0x28], eax

loc_fffb2580:  ; not directly referenced
cmp dword [edi + esi + 0x1173], 2
jne loc_fffb2623  ; jne 0xfffb2623
mov eax, dword [ebp - 0x40]
mov eax, dword [eax + esi + 0x1177]
mov dword [ebp - 0x24], eax
mov eax, dword [ebp - 0x28]
mov edx, dword [eax + 0xc9]
mov eax, dword [eax + 0xcd]
mov dword [ebp - 0x34], edx
mov dword [ebp - 0x38], eax
cmp ecx, 1
je short loc_fffb25c0  ; je 0xfffb25c0
jb short loc_fffb25cc  ; jb 0xfffb25cc
xor eax, eax
cmp ecx, 3
jbe short loc_fffb260b  ; jbe 0xfffb260b
jmp short loc_fffb25cc  ; jmp 0xfffb25cc

loc_fffb25c0:  ; not directly referenced
movzx eax, word [ebx + 0x268]
test ax, ax
jne short loc_fffb260b  ; jne 0xfffb260b

loc_fffb25cc:  ; not directly referenced
xor eax, eax
cmp dword [edi + esi + 0x1248], 2
jne short loc_fffb260b  ; jne 0xfffb260b
mov dl, byte [ebx + 0x6f]
cmp dword [ebp - 0x24], 0
mov byte [ebp - 0x39], dl
mov dl, byte [ebx + 0xbe]
mov byte [ebp - 0x3a], dl
je short loc_fffb260b  ; je 0xfffb260b
movzx edx, byte [ebp - 0x39]
imul edx, dword [ebp - 0x34]
mov eax, dword [ebp - 0x24]
lea eax, [eax + edx - 1]
movsx edx, byte [ebp - 0x3a]
imul edx, dword [ebp - 0x38]
add eax, edx
xor edx, edx
div dword [ebp - 0x24]

loc_fffb260b:  ; not directly referenced
cmp eax, 0xf
mov edx, 0xf
cmova eax, edx
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffb2623:  ; not directly referenced
add esi, 0x128
add ebx, 0x277
add dword [ebp - 0x28], 0x20
cmp esi, 0x250
jne loc_fffb2580  ; jne 0xfffb2580
add dword [ebp - 0x20], 0x54a
add edi, 0x13c3
cmp dword [ebp - 0x20], 0xa94
jne loc_fffb2561  ; jne 0xfffb2561
jmp near loc_fffb2521  ; jmp 0xfffb2521

loc_fffb265e:  ; not directly referenced
cmp ecx, 1
ja short loc_fffb266f  ; ja 0xfffb266f
mov esi, dword [ebp + 8]
cmp byte [esi + 0x374a], 0
je short loc_fffb2699  ; je 0xfffb2699

loc_fffb266f:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffb2699:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffb265e  ; jne 0xfffb265e
add esp, 0x34
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb26af:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x30

loc_fffb26ba:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffb26e6  ; ja 0xfffb26e6
mov edi, dword [ebp + 8]
cmp byte [edi + 0x374a], 0
jne short loc_fffb26e6  ; jne 0xfffb26e6

loc_fffb26ce:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffb26ba  ; jne 0xfffb26ba
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48ec
jmp near loc_fffb2807  ; jmp 0xfffb2807

loc_fffb26e6:  ; not directly referenced
mov edi, dword [ebp + 8]
imul esi, ecx, 0x2e
imul eax, eax, 0x23
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x24], 0
lea ebx, [edi + 0x49c0]
mov dword [ebp - 0x2c], ebx
lea ebx, [ecx*8 - 0x1269]
mov dword [ebp - 0x30], esi
mov dword [ebp - 0x38], ebx
mov dword [ebp - 0x3c], eax

loc_fffb2717:  ; not directly referenced
mov eax, dword [ebp - 0x38]
mov esi, dword [ebp - 0x2c]
mov edi, dword [ebp - 0x24]
mov dword [ebp - 0x20], 0
add eax, esi
mov dword [ebp - 0x34], eax
mov eax, dword [ebp + 8]
lea edi, [eax + edi + 0x1973]

loc_fffb2736:  ; not directly referenced
cmp dword [esi - 0xf6], 2
jne loc_fffb27cd  ; jne 0xfffb27cd
mov eax, dword [ebp - 0x30]
mov edx, dword [ebp - 0x20]
mov ebx, dword [esi + eax - 0xf2]
mov eax, dword [ebp - 0x34]
mov eax, dword [eax + edx + 0xc9]
mov dword [ebp - 0x28], eax
cmp ecx, 1
je short loc_fffb2793  ; je 0xfffb2793
jb short loc_fffb279f  ; jb 0xfffb279f
cmp ecx, 3
ja short loc_fffb279f  ; ja 0xfffb279f
cmp ecx, 2
mov dl, byte [esi]
jne short loc_fffb2779  ; jne 0xfffb2779
and dl, 1
jne short loc_fffb2780  ; jne 0xfffb2780
xor eax, eax
jmp short loc_fffb27b5  ; jmp 0xfffb27b5

loc_fffb2779:  ; not directly referenced
xor eax, eax
and dl, 2
je short loc_fffb27b5  ; je 0xfffb27b5

loc_fffb2780:  ; not directly referenced
mov eax, dword [ebp - 0x3c]
movzx edx, byte [edi + eax + 0x112]
xor eax, eax
test ebx, ebx
je short loc_fffb27b5  ; je 0xfffb27b5
jmp short loc_fffb27a9  ; jmp 0xfffb27a9

loc_fffb2793:  ; not directly referenced
movzx eax, word [edi + 0x266]
test ax, ax
jne short loc_fffb27b5  ; jne 0xfffb27b5

loc_fffb279f:  ; not directly referenced
xor eax, eax
test ebx, ebx
je short loc_fffb27b5  ; je 0xfffb27b5
movzx edx, byte [edi + 0x5b]

loc_fffb27a9:  ; not directly referenced
imul edx, dword [ebp - 0x28]
lea eax, [ebx + edx - 1]
xor edx, edx
div ebx

loc_fffb27b5:  ; not directly referenced
cmp dword [ebp + ecx*4 - 0x1c], 4
mov edx, 4
cmovae edx, dword [ebp + ecx*4 - 0x1c]
cmp edx, eax
cmovae eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffb27cd:  ; not directly referenced
add dword [ebp - 0x20], 0x20
add esi, 0x128
add edi, 0x277
cmp dword [ebp - 0x20], 0x40
jne loc_fffb2736  ; jne 0xfffb2736
add dword [ebp - 0x24], 0x54a
add dword [ebp - 0x2c], 0x13c3
cmp dword [ebp - 0x24], 0xa94
jne loc_fffb2717  ; jne 0xfffb2717
jmp near loc_fffb26ce  ; jmp 0xfffb26ce

loc_fffb2807:  ; not directly referenced
cmp ecx, 1
ja short loc_fffb2818  ; ja 0xfffb2818
mov esi, dword [ebp + 8]
cmp byte [esi + 0x374a], 0
je short loc_fffb2842  ; je 0xfffb2842

loc_fffb2818:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffb2842:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffb2807  ; jne 0xfffb2807
add esp, 0x30
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb2858:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x38
mov edi, dword [ebp + 8]
mov byte [ebp - 0x1d], 0
lea eax, [edi + 0x3757]
mov dword [ebp - 0x40], eax

loc_fffb2873:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffb2888  ; ja 0xfffb2888
cmp byte [edi + 0x374a], 0
je loc_fffb29a1  ; je 0xfffb29a1

loc_fffb2888:  ; not directly referenced
lea eax, [edi + 0x48ca]
mov dword [ebp - 0x3c], eax
imul eax, ecx, 0x2e
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x28], 0
mov dword [ebp - 0x38], eax
mov eax, dword [ebp - 0x40]
mov dword [ebp - 0x34], eax

loc_fffb28ac:  ; not directly referenced
mov eax, dword [ebp - 0x28]
mov ebx, dword [ebp - 0x3c]
mov dword [ebp - 0x2c], 0
lea eax, [edi + eax + 0x1973]
mov dword [ebp - 0x30], eax

loc_fffb28c3:  ; not directly referenced
cmp dword [ebx], 2
jne loc_fffb2964  ; jne 0xfffb2964
cmp dword [ebx + 0xd5], 3
jne loc_fffb2964  ; jne 0xfffb2964
mov eax, dword [ebp - 0x38]
mov esi, dword [ebp - 0x2c]
mov eax, dword [ebx + eax + 4]
mov dword [ebp - 0x24], eax
mov eax, dword [ebp - 0x34]
mov edx, dword [eax + esi + 0xc9]
mov eax, dword [eax + esi + 0xcd]
mov dword [ebp - 0x44], eax
cmp ecx, 1
jne short loc_fffb290e  ; jne 0xfffb290e
mov eax, dword [ebp - 0x30]
movzx eax, word [eax + 0x264]
test ax, ax
jne short loc_fffb2934  ; jne 0xfffb2934

loc_fffb290e:  ; not directly referenced
cmp dword [ebp - 0x24], 0
je short loc_fffb2957  ; je 0xfffb2957
mov esi, dword [ebp - 0x30]
movzx eax, byte [esi + 0x6f]
imul edx, eax
mov eax, dword [ebp - 0x24]
lea edx, [eax + edx - 1]
movsx eax, byte [esi + 0x70]
imul eax, dword [ebp - 0x44]
add eax, edx
xor edx, edx
div dword [ebp - 0x24]

loc_fffb2934:  ; not directly referenced
cmp eax, 3
jbe short loc_fffb2957  ; jbe 0xfffb2957
mov esi, dword [ebp - 0x38]
movzx edx, word [ebx + esi + 0x1e]
mov esi, eax
sub esi, edx
cmp esi, 3
ja short loc_fffb2957  ; ja 0xfffb2957
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffb2957:  ; not directly referenced
mov dl, byte [ebp - 0x1d]
mov al, 1
test dl, dl
cmove edx, eax
mov byte [ebp - 0x1d], dl

loc_fffb2964:  ; not directly referenced
add dword [ebp - 0x2c], 0x20
add ebx, 0x128
add dword [ebp - 0x30], 0x277
cmp dword [ebp - 0x2c], 0x40
jne loc_fffb28c3  ; jne 0xfffb28c3
add dword [ebp - 0x28], 0x54a
add dword [ebp - 0x3c], 0x13c3
add dword [ebp - 0x34], 0x13c3
cmp dword [ebp - 0x28], 0xa94
jne loc_fffb28ac  ; jne 0xfffb28ac

loc_fffb29a1:  ; not directly referenced
inc ecx
add dword [ebp - 0x40], 8
cmp ecx, 4
jne loc_fffb2873  ; jne 0xfffb2873
mov al, byte [ebp - 0x1d]
test al, al
je short loc_fffb2a02  ; je 0xfffb2a02
lea eax, [edi + 0x48ea]
mov ecx, 0xfffffffe

loc_fffb29c1:  ; not directly referenced
cmp ecx, 1
ja short loc_fffb29cf  ; ja 0xfffb29cf
cmp byte [edi + 0x374a], 0
je short loc_fffb29f9  ; je 0xfffb29f9

loc_fffb29cf:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffb29f9:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffb29c1  ; jne 0xfffb29c1

loc_fffb2a02:  ; not directly referenced
add esp, 0x38
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb2a0f:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x40
mov eax, dword [ebp + 8]
mov dword [ebp - 0x3c], 0
add eax, 0x3757
mov dword [ebp - 0x2c], eax

loc_fffb2a2c:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffb2a60  ; ja 0xfffb2a60
mov eax, dword [ebp + 8]
cmp byte [eax + 0x374a], 0
jne short loc_fffb2a60  ; jne 0xfffb2a60

loc_fffb2a40:  ; not directly referenced
inc ecx
add dword [ebp - 0x3c], 0x23
add dword [ebp - 0x2c], 8
cmp ecx, 4
jne short loc_fffb2a2c  ; jne 0xfffb2a2c
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48e8
jmp near loc_fffb2bcc  ; jmp 0xfffb2bcc

loc_fffb2a60:  ; not directly referenced
mov eax, dword [ebp + 8]
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x28], 0
add eax, 0x49c0
mov dword [ebp - 0x40], eax
imul eax, ecx, 0x2e
mov dword [ebp - 0x44], eax
mov eax, dword [ebp - 0x2c]
mov dword [ebp - 0x30], eax
mov eax, dword [ebp - 0x3c]
lea esi, [eax + 0x18b]
add eax, 0xbb
mov dword [ebp - 0x48], esi
mov dword [ebp - 0x4c], eax

loc_fffb2a9a:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ebx, dword [ebp - 0x28]
mov esi, dword [ebp - 0x40]
mov dword [ebp - 0x24], 0
lea ebx, [eax + ebx + 0x1973]

loc_fffb2ab1:  ; not directly referenced
cmp dword [esi - 0xf6], 2
jne loc_fffb2b8b  ; jne 0xfffb2b8b
mov eax, dword [ebp - 0x44]
mov edi, dword [ebp - 0x24]
mov eax, dword [esi + eax - 0xf2]
mov dword [ebp - 0x20], eax
mov eax, dword [ebp - 0x30]
mov edx, dword [eax + edi + 0xc9]
mov eax, dword [eax + edi + 0xcd]
mov dword [ebp - 0x34], edx
mov dword [ebp - 0x38], eax
cmp ecx, 1
je short loc_fffb2b36  ; je 0xfffb2b36
jb short loc_fffb2b42  ; jb 0xfffb2b42
cmp ecx, 3
ja short loc_fffb2b42  ; ja 0xfffb2b42
cmp ecx, 2
mov dl, byte [esi]
jne short loc_fffb2b01  ; jne 0xfffb2b01
and dl, 1
jne short loc_fffb2b08  ; jne 0xfffb2b08
xor eax, eax
jmp short loc_fffb2b7e  ; jmp 0xfffb2b7e

loc_fffb2b01:  ; not directly referenced
xor eax, eax
and dl, 2
je short loc_fffb2b7e  ; je 0xfffb2b7e

loc_fffb2b08:  ; not directly referenced
mov edx, dword [esi - 0x21]
mov eax, dword [ebp - 0x4c]
mov edi, dword [ebp - 0x48]
and edx, 0xfffffffd
add eax, ebx
add edi, ebx
dec edx
cmovne eax, edi
xor edi, edi
cmp byte [esi + 1], 0x13
movzx edx, byte [eax + 6]
jne short loc_fffb2b2c  ; jne 0xfffb2b2c
movsx edi, byte [eax + 0x1c]

loc_fffb2b2c:  ; not directly referenced
xor eax, eax
cmp dword [ebp - 0x20], 0
je short loc_fffb2b7e  ; je 0xfffb2b7e
jmp short loc_fffb2b68  ; jmp 0xfffb2b68

loc_fffb2b36:  ; not directly referenced
movzx eax, word [ebx + 0x262]
test ax, ax
jne short loc_fffb2b7e  ; jne 0xfffb2b7e

loc_fffb2b42:  ; not directly referenced
xor eax, eax
cmp dword [ebp - 0x20], 0
je short loc_fffb2b7e  ; je 0xfffb2b7e
mov eax, dword [esi - 0x21]
and eax, 0xfffffffd
dec eax
jne short loc_fffb2b5d  ; jne 0xfffb2b5d
movzx edx, byte [ebx + 0x5c]
movsx edi, byte [ebx + 0x6d]
jmp short loc_fffb2b68  ; jmp 0xfffb2b68

loc_fffb2b5d:  ; not directly referenced
movzx edx, byte [ebx + 0x62]
movsx edi, byte [ebx + 0xc1]

loc_fffb2b68:  ; not directly referenced
imul edx, dword [ebp - 0x34]
mov eax, dword [ebp - 0x20]
imul edi, dword [ebp - 0x38]
lea eax, [eax + edx - 1]
xor edx, edx
add eax, edi
div dword [ebp - 0x20]

loc_fffb2b7e:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffb2b8b:  ; not directly referenced
add dword [ebp - 0x24], 0x20
add esi, 0x128
add ebx, 0x277
cmp dword [ebp - 0x24], 0x40
jne loc_fffb2ab1  ; jne 0xfffb2ab1
add dword [ebp - 0x28], 0x54a
add dword [ebp - 0x40], 0x13c3
add dword [ebp - 0x30], 0x13c3
cmp dword [ebp - 0x28], 0xa94
jne loc_fffb2a9a  ; jne 0xfffb2a9a
jmp near loc_fffb2a40  ; jmp 0xfffb2a40

loc_fffb2bcc:  ; not directly referenced
cmp ecx, 1
ja short loc_fffb2bdd  ; ja 0xfffb2bdd
mov esi, dword [ebp + 8]
cmp byte [esi + 0x374a], 0
je short loc_fffb2c07  ; je 0xfffb2c07

loc_fffb2bdd:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffb2c07:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffb2bcc  ; jne 0xfffb2bcc
add esp, 0x40
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb2c1d:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x30
mov esi, dword [ebp + 8]

loc_fffb2c2b:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffb2c52  ; ja 0xfffb2c52
cmp byte [esi + 0x374a], 0
jne short loc_fffb2c52  ; jne 0xfffb2c52

loc_fffb2c3c:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffb2c2b  ; jne 0xfffb2c2b
lea eax, [esi + 0x48e6]
mov ecx, 0xfffffffe
jmp near loc_fffb2d4a  ; jmp 0xfffb2d4a

loc_fffb2c52:  ; not directly referenced
lea eax, [esi + 0x48ca]
mov dword [ebp - 0x2c], eax
imul eax, ecx, 0x2e
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x20], 0
mov dword [ebp - 0x30], eax
lea eax, [ecx*8 - 0x1173]
mov dword [ebp - 0x3c], eax

loc_fffb2c7a:  ; not directly referenced
mov eax, dword [ebp - 0x3c]
mov ebx, dword [ebp - 0x2c]
mov dword [ebp - 0x28], 0
add eax, ebx
mov dword [ebp - 0x38], eax
mov eax, dword [ebp - 0x20]
lea edi, [esi + eax + 0x1973]

loc_fffb2c96:  ; not directly referenced
cmp dword [ebx], 2
jne short loc_fffb2d10  ; jne 0xfffb2d10
mov eax, dword [ebp - 0x30]
mov edx, dword [ebp - 0x28]
mov eax, dword [ebx + eax + 4]
mov dword [ebp - 0x24], eax
mov eax, dword [ebp - 0x38]
mov eax, dword [eax + edx + 0xc9]
mov dword [ebp - 0x34], eax
cmp ecx, 1
je short loc_fffb2cc5  ; je 0xfffb2cc5
jb short loc_fffb2cd1  ; jb 0xfffb2cd1
xor eax, eax
cmp ecx, 3
jbe short loc_fffb2cf6  ; jbe 0xfffb2cf6
jmp short loc_fffb2cd1  ; jmp 0xfffb2cd1

loc_fffb2cc5:  ; not directly referenced
movzx eax, word [edi + 0x260]
test ax, ax
jne short loc_fffb2cf6  ; jne 0xfffb2cf6

loc_fffb2cd1:  ; not directly referenced
xor eax, eax
cmp dword [ebx + 0xd5], 2
jne short loc_fffb2cf6  ; jne 0xfffb2cf6
cmp dword [ebp - 0x24], 0
movzx edx, word [edi + 0x6a]
je short loc_fffb2cf6  ; je 0xfffb2cf6
imul edx, dword [ebp - 0x34]
mov eax, dword [ebp - 0x24]
lea eax, [eax + edx - 1]
xor edx, edx
div dword [ebp - 0x24]

loc_fffb2cf6:  ; not directly referenced
cmp eax, 0x1ff
mov edx, 0x1ff
cmova eax, edx
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffb2d10:  ; not directly referenced
add dword [ebp - 0x28], 0x20
add ebx, 0x128
add edi, 0x277
cmp dword [ebp - 0x28], 0x40
jne loc_fffb2c96  ; jne 0xfffb2c96
add dword [ebp - 0x20], 0x54a
add dword [ebp - 0x2c], 0x13c3
cmp dword [ebp - 0x20], 0xa94
jne loc_fffb2c7a  ; jne 0xfffb2c7a
jmp near loc_fffb2c3c  ; jmp 0xfffb2c3c

loc_fffb2d4a:  ; not directly referenced
cmp ecx, 1
ja short loc_fffb2d58  ; ja 0xfffb2d58
cmp byte [esi + 0x374a], 0
je short loc_fffb2d82  ; je 0xfffb2d82

loc_fffb2d58:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffb2d82:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffb2d4a  ; jne 0xfffb2d4a
add esp, 0x30
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb2d98:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x30
mov esi, dword [ebp + 8]

loc_fffb2da6:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffb2dcd  ; ja 0xfffb2dcd
cmp byte [esi + 0x374a], 0
jne short loc_fffb2dcd  ; jne 0xfffb2dcd

loc_fffb2db7:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffb2da6  ; jne 0xfffb2da6
lea eax, [esi + 0x48e4]
mov ecx, 0xfffffffe
jmp near loc_fffb2ec5  ; jmp 0xfffb2ec5

loc_fffb2dcd:  ; not directly referenced
lea eax, [esi + 0x48ca]
mov dword [ebp - 0x2c], eax
imul eax, ecx, 0x2e
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x20], 0
mov dword [ebp - 0x30], eax
lea eax, [ecx*8 - 0x1173]
mov dword [ebp - 0x3c], eax

loc_fffb2df5:  ; not directly referenced
mov eax, dword [ebp - 0x3c]
mov ebx, dword [ebp - 0x2c]
mov dword [ebp - 0x28], 0
add eax, ebx
mov dword [ebp - 0x38], eax
mov eax, dword [ebp - 0x20]
lea edi, [esi + eax + 0x1973]

loc_fffb2e11:  ; not directly referenced
cmp dword [ebx], 2
jne short loc_fffb2e8b  ; jne 0xfffb2e8b
mov eax, dword [ebp - 0x30]
mov edx, dword [ebp - 0x28]
mov eax, dword [ebx + eax + 4]
mov dword [ebp - 0x24], eax
mov eax, dword [ebp - 0x38]
mov eax, dword [eax + edx + 0xc9]
mov dword [ebp - 0x34], eax
cmp ecx, 1
je short loc_fffb2e40  ; je 0xfffb2e40
jb short loc_fffb2e4c  ; jb 0xfffb2e4c
xor eax, eax
cmp ecx, 3
jbe short loc_fffb2e71  ; jbe 0xfffb2e71
jmp short loc_fffb2e4c  ; jmp 0xfffb2e4c

loc_fffb2e40:  ; not directly referenced
movzx eax, word [edi + 0x25e]
test ax, ax
jne short loc_fffb2e71  ; jne 0xfffb2e71

loc_fffb2e4c:  ; not directly referenced
xor eax, eax
cmp dword [ebx + 0xd5], 2
jne short loc_fffb2e71  ; jne 0xfffb2e71
cmp dword [ebp - 0x24], 0
movzx edx, word [edi + 0x68]
je short loc_fffb2e71  ; je 0xfffb2e71
imul edx, dword [ebp - 0x34]
mov eax, dword [ebp - 0x24]
lea eax, [eax + edx - 1]
xor edx, edx
div dword [ebp - 0x24]

loc_fffb2e71:  ; not directly referenced
cmp eax, 0x1ff
mov edx, 0x1ff
cmova eax, edx
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffb2e8b:  ; not directly referenced
add dword [ebp - 0x28], 0x20
add ebx, 0x128
add edi, 0x277
cmp dword [ebp - 0x28], 0x40
jne loc_fffb2e11  ; jne 0xfffb2e11
add dword [ebp - 0x20], 0x54a
add dword [ebp - 0x2c], 0x13c3
cmp dword [ebp - 0x20], 0xa94
jne loc_fffb2df5  ; jne 0xfffb2df5
jmp near loc_fffb2db7  ; jmp 0xfffb2db7

loc_fffb2ec5:  ; not directly referenced
cmp ecx, 1
ja short loc_fffb2ed3  ; ja 0xfffb2ed3
cmp byte [esi + 0x374a], 0
je short loc_fffb2efd  ; je 0xfffb2efd

loc_fffb2ed3:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffb2efd:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffb2ec5  ; jne 0xfffb2ec5
add esp, 0x30
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb2f13:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x30

loc_fffb2f1e:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffb2f4a  ; ja 0xfffb2f4a
mov ebx, dword [ebp + 8]
cmp byte [ebx + 0x374a], 0
jne short loc_fffb2f4a  ; jne 0xfffb2f4a

loc_fffb2f32:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffb2f1e  ; jne 0xfffb2f1e
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48e2
jmp near loc_fffb308f  ; jmp 0xfffb308f

loc_fffb2f4a:  ; not directly referenced
mov ebx, dword [ebp + 8]
imul eax, eax, 0x23
lea esi, [ecx*8 - 0x1269]
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x20], 0
lea edi, [ebx + 0x49c0]
mov dword [ebp - 0x2c], edi
imul edi, ecx, 0x2e
mov dword [ebp - 0x3c], esi
mov dword [ebp - 0x30], eax
mov dword [ebp - 0x34], edi

loc_fffb2f7b:  ; not directly referenced
mov eax, dword [ebp - 0x3c]
mov esi, dword [ebp - 0x2c]
mov ebx, dword [ebp - 0x20]
mov dword [ebp - 0x24], 0
add eax, esi
mov dword [ebp - 0x38], eax
mov eax, dword [ebp + 8]
lea edi, [eax + ebx + 0x1973]

loc_fffb2f9a:  ; not directly referenced
cmp dword [esi - 0xf6], 2
jne loc_fffb3055  ; jne 0xfffb3055
mov eax, dword [ebp - 0x34]
mov edx, dword [ebp - 0x24]
mov ebx, dword [esi + eax - 0xf2]
mov eax, dword [ebp - 0x38]
mov eax, dword [eax + edx + 0xc9]
mov dword [ebp - 0x28], eax
cmp ecx, 1
je short loc_fffb300a  ; je 0xfffb300a
jb short loc_fffb3016  ; jb 0xfffb3016
cmp ecx, 3
ja short loc_fffb3016  ; ja 0xfffb3016
cmp ecx, 2
mov dl, byte [esi]
jne short loc_fffb2fdd  ; jne 0xfffb2fdd
and dl, 1
jne short loc_fffb2fe4  ; jne 0xfffb2fe4
xor eax, eax
jmp short loc_fffb303b  ; jmp 0xfffb303b

loc_fffb2fdd:  ; not directly referenced
xor eax, eax
and dl, 2
je short loc_fffb303b  ; je 0xfffb303b

loc_fffb2fe4:  ; not directly referenced
mov eax, dword [esi - 0x21]
and eax, 0xfffffffd
dec eax
mov eax, dword [ebp - 0x30]
jne short loc_fffb2ffa  ; jne 0xfffb2ffa
movzx edx, word [edi + eax + 0x10f]
jmp short loc_fffb3002  ; jmp 0xfffb3002

loc_fffb2ffa:  ; not directly referenced
movzx edx, word [edi + eax + 0x1df]

loc_fffb3002:  ; not directly referenced
xor eax, eax
test ebx, ebx
je short loc_fffb303b  ; je 0xfffb303b
jmp short loc_fffb302f  ; jmp 0xfffb302f

loc_fffb300a:  ; not directly referenced
movzx eax, word [edi + 0x25c]
test ax, ax
jne short loc_fffb303b  ; jne 0xfffb303b

loc_fffb3016:  ; not directly referenced
xor eax, eax
test ebx, ebx
je short loc_fffb303b  ; je 0xfffb303b
mov eax, dword [esi - 0x21]
and eax, 0xfffffffd
dec eax
jne short loc_fffb302b  ; jne 0xfffb302b
movzx edx, word [edi + 0x60]
jmp short loc_fffb302f  ; jmp 0xfffb302f

loc_fffb302b:  ; not directly referenced
movzx edx, word [edi + 0x66]

loc_fffb302f:  ; not directly referenced
imul edx, dword [ebp - 0x28]
lea eax, [ebx + edx - 1]
xor edx, edx
div ebx

loc_fffb303b:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, 0x1ff
mov ebx, 0x1ff
cmova eax, ebx
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffb3055:  ; not directly referenced
add dword [ebp - 0x24], 0x20
add esi, 0x128
add edi, 0x277
cmp dword [ebp - 0x24], 0x40
jne loc_fffb2f9a  ; jne 0xfffb2f9a
add dword [ebp - 0x20], 0x54a
add dword [ebp - 0x2c], 0x13c3
cmp dword [ebp - 0x20], 0xa94
jne loc_fffb2f7b  ; jne 0xfffb2f7b
jmp near loc_fffb2f32  ; jmp 0xfffb2f32

loc_fffb308f:  ; not directly referenced
cmp ecx, 1
ja short loc_fffb30a0  ; ja 0xfffb30a0
mov edi, dword [ebp + 8]
cmp byte [edi + 0x374a], 0
je short loc_fffb30ca  ; je 0xfffb30ca

loc_fffb30a0:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffb30ca:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffb308f  ; jne 0xfffb308f
add esp, 0x30
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb30e0:  ; not directly referenced
push ebp
mov ebp, esp
push edi
xor edi, edi
push esi
push ebx
sub esp, 0x4c
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x2444]
mov dword [ebp - 0x44], eax

loc_fffb30f7:  ; not directly referenced
lea eax, [edi - 2]
cmp eax, 1
ja short loc_fffb3123  ; ja 0xfffb3123
mov ebx, dword [ebp + 8]
cmp byte [ebx + 0x374a], 0
jne short loc_fffb3123  ; jne 0xfffb3123

loc_fffb310b:  ; not directly referenced
inc edi
cmp edi, 4
jne short loc_fffb30f7  ; jne 0xfffb30f7
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48e0
jmp near loc_fffb32ce  ; jmp 0xfffb32ce

loc_fffb3123:  ; not directly referenced
mov ebx, dword [ebp + 8]
imul eax, eax, 0x23
lea esi, [edi*8 - 0x1269]
mov dword [ebp + edi*4 - 0x28], 0
mov dword [ebp - 0x34], 0
add ebx, 0x49c0
mov dword [ebp - 0x3c], ebx
imul ebx, edi, 0x2e
mov dword [ebp - 0x54], esi
mov dword [ebp - 0x40], eax
mov dword [ebp - 0x48], ebx

loc_fffb3154:  ; not directly referenced
mov eax, dword [ebp - 0x54]
mov esi, dword [ebp - 0x3c]
mov ebx, dword [ebp - 0x34]
mov dword [ebp - 0x38], 0
add eax, esi
mov dword [ebp - 0x50], eax
mov eax, dword [ebp + 8]
lea eax, [eax + ebx + 0x1973]
mov dword [ebp - 0x30], eax

loc_fffb3176:  ; not directly referenced
cmp dword [esi - 0xf6], 2
jne loc_fffb3293  ; jne 0xfffb3293
mov eax, dword [ebp - 0x48]
mov ebx, dword [ebp - 0x38]
mov eax, dword [esi + eax - 0xf2]
mov dword [ebp - 0x2c], eax
mov eax, dword [ebp - 0x50]
mov ecx, dword [eax + ebx + 0xc9]
cmp edi, 1
je loc_fffb323b  ; je 0xfffb323b
jb loc_fffb324a  ; jb 0xfffb324a
cmp edi, 3
ja loc_fffb324a  ; ja 0xfffb324a
cmp edi, 2
mov dl, byte [esi]
jne short loc_fffb31c8  ; jne 0xfffb31c8
and dl, 1
jne short loc_fffb31d3  ; jne 0xfffb31d3
xor eax, eax
jmp near loc_fffb3279  ; jmp 0xfffb3279

loc_fffb31c8:  ; not directly referenced
xor eax, eax
and dl, 2
je loc_fffb3279  ; je 0xfffb3279

loc_fffb31d3:  ; not directly referenced
mov eax, dword [esi - 0x21]
mov ebx, dword [ebp - 0x40]
and eax, 0xfffffffd
dec eax
mov eax, dword [ebp - 0x30]
jne short loc_fffb31ec  ; jne 0xfffb31ec
movzx edx, word [eax + ebx + 0x10d]
jmp short loc_fffb31f4  ; jmp 0xfffb31f4

loc_fffb31ec:  ; not directly referenced
movzx edx, word [eax + ebx + 0x1dd]

loc_fffb31f4:  ; not directly referenced
xor eax, eax
cmp dword [ebp - 0x2c], 0
je short loc_fffb3279  ; je 0xfffb3279
mov eax, dword [ebp - 0x44]
imul edx, edx, 0x3e8
mov ebx, dword [eax + 0x74]
mov dword [ebp - 0x4c], ebx
push ebx
mov ebx, ecx
push edx
sar ebx, 0x1f
push ebx
xor ebx, ebx
push ecx
call dword [eax + 0x70]  ; ucall
mov ecx, dword [ebp - 0x2c]
mov dword [esp], 0
push ebx
xor ebx, ebx
push ecx
mov ecx, dword [ebp - 0x2c]
dec ecx
add eax, ecx
adc edx, ebx
mov ebx, dword [ebp - 0x4c]
push edx
push eax
call ebx
add esp, 0x20
jmp short loc_fffb3279  ; jmp 0xfffb3279

loc_fffb323b:  ; not directly referenced
mov eax, dword [ebp - 0x30]
movzx eax, word [eax + 0x25a]
test ax, ax
jne short loc_fffb3279  ; jne 0xfffb3279

loc_fffb324a:  ; not directly referenced
xor eax, eax
cmp dword [ebp - 0x2c], 0
je short loc_fffb3279  ; je 0xfffb3279
cmp dword [esi - 0x21], 3
mov eax, 0x3b8260
mov ebx, 0x7704c0
mov ecx, 0x3e8
cmove ebx, eax
mov eax, dword [ebp - 0x2c]
xor edx, edx
div ecx
xor edx, edx
mov ecx, eax
lea eax, [ebx + eax - 1]
div ecx

loc_fffb3279:  ; not directly referenced
cmp eax, 0xffff
mov edx, 0xffff
cmovbe edx, eax
mov eax, dword [ebp + edi*4 - 0x28]
cmp edx, eax
cmovb edx, eax
mov dword [ebp + edi*4 - 0x28], edx

loc_fffb3293:  ; not directly referenced
add dword [ebp - 0x38], 0x20
add esi, 0x128
add dword [ebp - 0x30], 0x277
cmp dword [ebp - 0x38], 0x40
jne loc_fffb3176  ; jne 0xfffb3176
add dword [ebp - 0x34], 0x54a
add dword [ebp - 0x3c], 0x13c3
cmp dword [ebp - 0x34], 0xa94
jne loc_fffb3154  ; jne 0xfffb3154
jmp near loc_fffb310b  ; jmp 0xfffb310b

loc_fffb32ce:  ; not directly referenced
cmp ecx, 1
ja short loc_fffb32df  ; ja 0xfffb32df
mov esi, dword [ebp + 8]
cmp byte [esi + 0x374a], 0
je short loc_fffb3309  ; je 0xfffb3309

loc_fffb32df:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x20]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffb3309:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffb32ce  ; jne 0xfffb32ce
lea esp, [ebp - 0xc]
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb331f:
push ebp
mov ebp, esp
sub esp, 0x14
mov ecx, dword [eax + 0x2444]
add edx, dword [eax + 0x18c5]
inc dword [eax + 0x36a5]
push edx
call dword [ecx + 0x20]  ; ucall
leave
ret

fcn_fffb333d:
push ebp
mov ebp, esp
sub esp, 0x14
mov ecx, dword [eax + 0x2444]
add edx, dword [eax + 0x18c5]
inc dword [eax + 0x36a5]
push edx
call dword [ecx + 0x24]  ; ucall
leave
ret

fcn_fffb335b:  ; not directly referenced
push ebp
mov ebp, esp
push ebx
sub esp, 0xc
mov ebx, dword [eax + 0x2444]
inc dword [eax + 0x36a1]
push ecx
add edx, dword [eax + 0x18c5]
push edx
call dword [ebx + 0x28]  ; ucall
add esp, 0x10
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffb3381:  ; not directly referenced
push ebp
mov ebp, esp
push ebx
sub esp, 0xc
mov ebx, dword [eax + 0x2444]
inc dword [eax + 0x36a1]
push ecx
add edx, dword [eax + 0x18c5]
push edx
call dword [ebx + 0x30]  ; ucall
add esp, 0x10
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffb33a7:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, eax
sub esp, 0x1c
mov esi, dword [ebx + 0x2444]
mov dword [ebp - 0x24], edx
mov byte [ebp - 0x1d], dl
call dword [esi + 0x54]  ; ucall
mov ecx, 5
mov edx, 0x4800
add eax, 0x2710
mov dword [ebp - 0x1c], eax
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381

loc_fffb33da:  ; not directly referenced
mov edx, 0x4804
mov eax, ebx
call fcn_fffb331f  ; call 0xfffb331f
mov cl, byte [ebp - 0x1d]
mov edx, eax
mov edi, eax
shr edx, 0x10
shr eax, 0x10
and edx, 2
and eax, 1
or eax, edx
and eax, ecx
cmp al, cl
jne short loc_fffb3405  ; jne 0xfffb3405
xor eax, eax
jmp short loc_fffb3412  ; jmp 0xfffb3412

loc_fffb3405:  ; not directly referenced
call dword [esi + 0x54]  ; ucall
cmp dword [ebp - 0x1c], eax
ja short loc_fffb33da  ; ja 0xfffb33da
mov eax, 0x12

loc_fffb3412:  ; not directly referenced
mov edx, edi
mov ecx, edi
and edx, 2
and ecx, 1
or ecx, edx
mov edx, 0x14
test byte [ebp - 0x24], cl
cmovne eax, edx
add esp, 0x1c
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb3431:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, 0x1ff
push esi
mov esi, 0x2800
push ebx
mov ebx, eax
sub esp, 0x10
mov dword [ebp - 0x1c], edx
imul edx, dword [eax + 0x18a7], 0x2e
imul eax, dword [ebp - 0x1c], 0x13c3
lea eax, [edx + eax + 0x3740]
lea edx, [ebx + eax + 0x1b]
movzx eax, word [edx + 0x12]
cmp word [edx + 0x14], 0x1ff
cmovbe di, word [edx + 0x14]
movzx ecx, ax
imul eax, eax, 0x59
and edi, 0x1ff
shl edi, 0x10
cdq
idiv esi
mov esi, dword [ebp - 0x1c]
mov edx, 0x7f
cmp eax, 0x7f
cmovbe edx, eax
add esp, 0x10
shl edx, 0x19
or ecx, edi
shl esi, 0xa
or ecx, edx
mov eax, ebx
lea edx, [esi + 0x4298]
pop ebx
pop esi
pop edi
pop ebp
jmp near fcn_fffb3381  ; jmp 0xfffb3381

fcn_fffb34af:  ; not directly referenced
mov dl, byte [eax + 0x1907]
push ebp
mov ebp, esp
push esi
mov esi, 0x80
test dl, dl
movzx ecx, dl
cmovne esi, ecx
movzx ecx, byte [eax + 0x1906]
push ebx
cmp cl, 6
sete bl
cmp cl, 1
setbe dl
or bl, dl
jne short loc_fffb34f1  ; jne 0xfffb34f1
xor ecx, ecx
cmp dword [eax + 0x2481], 3
setne cl
lea ecx, [ecx*4 + 2]

loc_fffb34f1:  ; not directly referenced
and ecx, 0xf
mov edx, 0x4cb0
shl ecx, 0xc
pop ebx
or ecx, esi
pop esi
pop ebp
jmp near fcn_fffb3381  ; jmp 0xfffb3381

fcn_fffb3506:  ; not directly referenced
push ebp
mov ebp, esp
sub esp, 0xc
mov ecx, dword [eax + 0x2444]
inc dword [eax + 0x36a1]
push dword [ebp + 0xc]
push dword [ebp + 8]
add edx, dword [eax + 0x18c5]
push edx
call dword [ecx + 0x34]  ; ucall
add esp, 0x10
leave
ret

fcn_fffb352d:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
mov ebx, dword [ebp + 8]
mov eax, dword [ebx + 0x2444]
cmp dword [ebx + 0x188b], 1
mov dword [ebp - 0x24], eax
je loc_fffb371b  ; je 0xfffb371b

loc_fffb354f:  ; not directly referenced
mov edx, 0x5030
mov eax, ebx
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x5030
or al, 0x89
mov ecx, eax
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, 0x8f
mov edx, 0x50fc
mov eax, ebx
mov esi, dword [ebx + 0x2444]
call fcn_fffb3381  ; call 0xfffb3381
cmp byte [ebx + 0x18b5], 0
je loc_fffb3800  ; je 0xfffb3800
mov edi, dword [ebx + 0x18c1]
push 0xa0
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
add edi, eax
mov dword [esp], edi
call dword [esi + 0x20]  ; ucall
pop edx
pop ecx
or eax, 1
push eax
push edi
call dword [esi + 0x30]  ; ucall
mov edi, dword [ebx + 0x18c1]
push 0xbc
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
add esp, 0x14
add edi, eax
push edi
call dword [esi + 0x20]  ; ucall
pop edx
pop ecx
or eax, 1
push eax
push edi
call dword [esi + 0x30]  ; ucall
mov edi, dword [ebx + 0x18c1]
push 0xa8
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
add esp, 0x14
add edi, eax
push edi
call dword [esi + 0x20]  ; ucall
pop edx
pop ecx
or eax, 1
push eax
push edi
call dword [esi + 0x30]  ; ucall
mov edi, dword [ebx + 0x18c1]
push 0x90
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
add esp, 0x14
add edi, eax
push edi
call dword [esi + 0x20]  ; ucall
pop edx
pop ecx
or eax, 1
push eax
push edi
call dword [esi + 0x30]  ; ucall
mov edi, dword [ebx + 0x18c1]
push 0x98
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
add esp, 0x14
add edi, eax
push edi
call dword [esi + 0x20]  ; ucall
pop edx
pop ecx
or eax, 1
push eax
push edi
call dword [esi + 0x30]  ; ucall
mov edi, dword [ebx + 0x18c1]
push 0xb0
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
add esp, 0x14
add edi, eax
push edi
call dword [esi + 0x20]  ; ucall
pop edx
pop ecx
or eax, 1
push eax
push edi
call dword [esi + 0x30]  ; ucall
mov edi, dword [ebx + 0x18c1]
push 0xb4
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
add esp, 0x14
add edi, eax
push edi
call dword [esi + 0x20]  ; ucall
pop edx
pop ecx
or eax, 1
push eax
push edi
call dword [esi + 0x30]  ; ucall
mov edi, dword [ebx + 0x18c1]
push 0x78
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
add esp, 0x14
add edi, eax
push edi
call dword [esi + 0x20]  ; ucall
pop edx
pop ecx
or ah, 4
push eax
push edi
call dword [esi + 0x30]  ; ucall
mov edi, dword [ebx + 0x18c1]
push 0x50
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
add esp, 0x14
add edi, eax
push edi
call dword [esi + 0x20]  ; ucall
pop edx
pop ecx
or eax, 1
push eax
push edi
call dword [esi + 0x30]  ; ucall
mov edx, 0x5880
mov eax, ebx
call fcn_fffb331f  ; call 0xfffb331f
movzx edx, byte [ebx + 0x192a]
and edx, 1
shl edx, 5
and eax, 0xffffffdf
or eax, edx
mov edx, 0x5880
mov ecx, eax
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
add esp, 0x10
jmp near loc_fffb3800  ; jmp 0xfffb3800

loc_fffb371b:  ; not directly referenced
cmp byte [ebx + 0x36a9], 0
je loc_fffb354f  ; je 0xfffb354f
cmp byte [ebx + 0x3705], 0
je short loc_fffb3765  ; je 0xfffb3765
push eax
mov esi, dword [ebp - 0x24]
xor edx, edx
push 0x14
mov eax, dword [ebx + 0x3712]
push edx
push eax
call dword [esi + 0x68]  ; ucall
add esp, 0xc
push 0x14
mov dword [ebp - 0x28], eax
mov eax, dword [ebx + 0x3706]
mov dword [ebp - 0x2c], edx
xor edx, edx
push edx
push eax
call dword [esi + 0x68]  ; ucall
add esp, 0x10
mov ecx, eax
mov edi, edx
jmp short loc_fffb3777  ; jmp 0xfffb3777

loc_fffb3765:  ; not directly referenced
xor ecx, ecx
xor edi, edi
mov dword [ebp - 0x28], 0
mov dword [ebp - 0x2c], 0

loc_fffb3777:  ; not directly referenced
xor esi, esi

loc_fffb3779:  ; not directly referenced
movzx eax, byte [ebx + 0x36a9]
cmp esi, eax
jae loc_fffb354f  ; jae 0xfffb354f
mov eax, dword [ebx + esi*8 + 0x36aa]
mov edx, dword [ebx + esi*8 + 0x36ae]
cmp byte [ebx + 0x3705], 0
mov dword [ebp - 0x20], eax
mov dword [ebp - 0x1c], edx
je short loc_fffb37c5  ; je 0xfffb37c5
cmp edx, dword [ebp - 0x2c]
ja short loc_fffb37c5  ; ja 0xfffb37c5
jb short loc_fffb37b1  ; jb 0xfffb37b1
cmp eax, dword [ebp - 0x28]
jae short loc_fffb37c5  ; jae 0xfffb37c5

loc_fffb37b1:  ; not directly referenced
cmp edx, edi
jb short loc_fffb37c5  ; jb 0xfffb37c5
ja short loc_fffb37bb  ; ja 0xfffb37bb
cmp eax, ecx
jb short loc_fffb37c5  ; jb 0xfffb37c5

loc_fffb37bb:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
or eax, 0x40000000
jmp short loc_fffb37cd  ; jmp 0xfffb37cd

loc_fffb37c5:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
and eax, 0xbfffffff

loc_fffb37cd:  ; not directly referenced
mov dword [ebp - 0x1c], eax
mov eax, dword [ebp - 0x1c]
lea edx, [esi*8 + 0x50b0]
mov dword [ebp - 0x30], ecx
inc esi
or eax, 0x80000000
mov dword [ebp - 0x1c], eax
push eax
push eax
mov eax, ebx
push dword [ebp - 0x1c]
push dword [ebp - 0x20]
call fcn_fffb3506  ; call 0xfffb3506
add esp, 0x10
mov ecx, dword [ebp - 0x30]
jmp near loc_fffb3779  ; jmp 0xfffb3779

loc_fffb3800:  ; not directly referenced
mov eax, dword [ebp - 0x24]
call dword [eax + 0x54]  ; ucall
lea esi, [eax + 0x2710]

loc_fffb380c:  ; not directly referenced
mov edx, 0x5030
mov eax, ebx
call fcn_fffb331f  ; call 0xfffb331f
test al, 0x20
jne short loc_fffb382d  ; jne 0xfffb382d
mov eax, dword [ebp - 0x24]
call dword [eax + 0x54]  ; ucall
cmp esi, eax
ja short loc_fffb380c  ; ja 0xfffb380c
mov eax, 1
jmp short loc_fffb38ab  ; jmp 0xfffb38ab

loc_fffb382d:  ; not directly referenced
xor eax, eax
cmp dword [ebx + 0x1887], 0x306d0
je short loc_fffb3867  ; je 0xfffb3867
mov ecx, eax
mov edx, 0x14000000
and ecx, 0xe00fffff
mov dl, 0xa0
or ecx, 0x5a00000
and ecx, 0xfff00fff
or ecx, 0x24000
and ecx, 0xfffff00f
or ecx, 0x4f
jmp short loc_fffb3894  ; jmp 0xfffb3894

loc_fffb3867:  ; not directly referenced
mov ecx, eax
mov edx, 0x14000000
and ecx, 0xe00fffff
mov dl, 0xa0
or ecx, 0x8200000
and ecx, 0xfff00fff
or ecx, 0x5a000
and ecx, 0xfffff00f
or ecx, 0x32f

loc_fffb3894:  ; not directly referenced
mov eax, ecx
push ecx
push ecx
push edx
mov edx, 0x5d10
push eax
mov eax, ebx
call fcn_fffb3506  ; call 0xfffb3506
add esp, 0x10
xor eax, eax

loc_fffb38ab:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb38b3:  ; not directly referenced
push ebp
mov ebp, esp
push ebx
sub esp, 0xc
mov ebx, dword [eax + 0x2444]
inc dword [eax + 0x36a1]
push ecx
add edx, dword [eax + 0x18c5]
push edx
call dword [ebx + 0x30]  ; ucall
add esp, 0x10
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffb38d9:  ; not directly referenced
push ebp
mov edx, eax
mov ebp, esp
xor eax, eax

loc_fffb38e0:  ; not directly referenced
test edx, edx
je short loc_fffb38ec  ; je 0xfffb38ec
lea ecx, [edx - 1]
inc eax
and edx, ecx
jmp short loc_fffb38e0  ; jmp 0xfffb38e0

loc_fffb38ec:  ; not directly referenced
pop ebp
ret

fcn_fffb38ee:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push ebx
mov ebx, 0xa9e

loc_fffb38f9:  ; not directly referenced
cmp eax, 0x10f
jbe short loc_fffb390f  ; jbe 0xfffb390f
imul eax, eax, 0x3e8
xor edx, edx
add ecx, 0x64
div ebx
jmp short loc_fffb38f9  ; jmp 0xfffb38f9

loc_fffb390f:  ; not directly referenced
imul edx, eax, 0xfffffff0
mov ebx, 0x2710
add edx, 0x2d3a
imul edx, eax
lea eax, [edx - 0xeefac]
xor edx, edx
div ebx
pop ebx
pop ebp
add eax, ecx
ret

fcn_fffb392f:  ; not directly referenced
push ebp
mov ecx, 0x12
mov ebp, esp
xor edx, edx
push edi
push esi
mov esi, ref_fffd3988  ; mov esi, 0xfffd3988
sub esp, 0x20
lea edi, [ebp - 0x1a]
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
lea ecx, [eax + eax]

loc_fffb394b:  ; not directly referenced
cmp eax, 8
jbe short loc_fffb395d  ; jbe 0xfffb395d
mov ecx, eax
add edx, 0xa
shr ecx, 2
shr eax, 3
jmp short loc_fffb394b  ; jmp 0xfffb394b

loc_fffb395d:  ; not directly referenced
movzx eax, byte [ebp + ecx - 0x1a]
add esp, 0x20
pop esi
pop edi
pop ebp
add eax, edx
ret

fcn_fffb396b:  ; not directly referenced
cmp eax, 0xffffffff
je short loc_fffb3993  ; je 0xfffb3993
push ebp
xor ecx, ecx
mov ebp, esp
xor edx, edx
push edi
push esi
push ebx
mov ebx, 1

loc_fffb397f:  ; not directly referenced
mov edi, ebx
shl edi, cl
lea esi, [ecx + 1]
test edi, eax
cmovne edx, esi
inc ecx
cmp ecx, 0x20
jne short loc_fffb397f  ; jne 0xfffb397f
jmp short loc_fffb3998  ; jmp 0xfffb3998

loc_fffb3993:  ; not directly referenced
xor edx, edx
mov al, dl
ret

loc_fffb3998:  ; not directly referenced
pop ebx
mov al, dl
pop esi
pop edi
pop ebp
ret

fcn_fffb399f:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x10
mov bl, byte [ebp + 8]
mov byte [ebp - 0xe], bl
mov bl, byte [ebp + 0xc]
mov byte [ebp - 0xf], bl
mov bl, byte [ebp + 0x10]
cmp cl, 0xff
je short loc_fffb39c4  ; je 0xfffb39c4
lea edi, [ecx + 1]
mov byte [ebp - 0xd], cl
jmp short loc_fffb39cd  ; jmp 0xfffb39cd

loc_fffb39c4:  ; not directly referenced
mov edi, 4
mov byte [ebp - 0xd], 0

loc_fffb39cd:  ; not directly referenced
imul edx, edx, 0x13c3
lea esi, [eax + edx + 0x3757]
add eax, edx
mov dword [ebp - 0x14], esi
mov dword [ebp - 0x1c], eax

loc_fffb39e2:  ; not directly referenced
mov eax, edi
cmp byte [ebp - 0xd], al
jae short loc_fffb3a5e  ; jae 0xfffb3a5e
mov cl, byte [ebp - 0xd]
mov eax, 1
mov esi, dword [ebp - 0x1c]
movzx edx, cl
shl eax, cl
test byte [esi + 0x381b], al
je short loc_fffb3a59  ; je 0xfffb3a59
movzx eax, byte [ebp - 0xe]
lea edx, [edx + edx*8]
add edx, dword [ebp - 0x14]
add eax, edx
cmp byte [ebp - 0xf], 0
mov dl, byte [eax + 0x104a]
mov al, byte [eax + 0x106e]
jne short loc_fffb3a2b  ; jne 0xfffb3a2b
cmp al, dl
cmova eax, edx
cmp bl, al
cmova ebx, eax
jmp short loc_fffb3a59  ; jmp 0xfffb3a59

loc_fffb3a2b:  ; not directly referenced
movzx ecx, dl
movzx esi, bl
mov dword [ebp - 0x18], ecx
mov ecx, 0x3f
sub ecx, dword [ebp - 0x18]
cmp esi, ecx
jle short loc_fffb3a44  ; jle 0xfffb3a44
mov bl, 0x3f
sub ebx, edx

loc_fffb3a44:  ; not directly referenced
movzx esi, al
mov edx, 0x3f
movzx ecx, bl
sub edx, esi
cmp ecx, edx
jle short loc_fffb3a59  ; jle 0xfffb3a59
mov bl, 0x3f
sub ebx, eax

loc_fffb3a59:  ; not directly referenced
inc byte [ebp - 0xd]
jmp short loc_fffb39e2  ; jmp 0xfffb39e2

loc_fffb3a5e:  ; not directly referenced
add esp, 0x10
mov al, bl
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb3a68:
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, edx
sub esp, 0x10
mov edi, dword [ebp + 8]
mov esi, dword [eax + 0x2444]
mov eax, 0x5f5e100
test edi, edi
cmovne eax, edi
xor edx, edx
mov edi, 0x186a0
div edi
dec ecx
mov edx, 0x3b9aca00
mov ecx, 0x4f790d55
cmovne edx, ecx
push edx
xor edx, edx
push edx
push eax
call dword [esi + 0x70]  ; ucall
add esp, 0xc
push ebx
push edx
push eax
call dword [esi + 0x70]  ; ucall
add esp, 0x10
xor ecx, ecx
mov ebx, edx
or ebx, eax
je short loc_fffb3ad2  ; je 0xfffb3ad2
sub esp, 0xc
push 0
push edx
push eax
push 0x8ac72304
push 0x89e80000
call dword [esi + 0x74]  ; ucall
add esp, 0x20
mov ecx, eax

loc_fffb3ad2:
lea esp, [ebp - 0xc]
mov eax, ecx
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb3adc:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
xor esi, esi
push ebx
sub esp, 0x4c
mov ebx, dword [ebp + 8]
lea eax, [ebx + 0x3757]
mov dword [ebp - 0x4c], eax
lea eax, [ebx + 0x2407]
mov dword [ebp - 0x58], eax

loc_fffb3afc:  ; not directly referenced
lea eax, [esi - 2]
cmp eax, 1
ja short loc_fffb3b27  ; ja 0xfffb3b27
cmp byte [ebx + 0x374a], 0
jne short loc_fffb3b27  ; jne 0xfffb3b27

loc_fffb3b0d:  ; not directly referenced
inc esi
add dword [ebp - 0x4c], 8
cmp esi, 4
jne short loc_fffb3afc  ; jne 0xfffb3afc
lea eax, [ebx + 0x48ce]
mov ecx, 0xfffffffe
jmp near loc_fffb3cc0  ; jmp 0xfffb3cc0

loc_fffb3b27:  ; not directly referenced
lea eax, [ebx + 0x49c0]
mov edi, dword [ebp - 0x4c]
mov dword [ebp - 0x44], eax
lea eax, [ebx + 0x1973]
mov dword [ebp - 0x34], eax
imul eax, esi, 0x23
mov dword [ebp + esi*4 - 0x28], 0
mov dword [ebp - 0x48], edi
lea edi, [eax + 0x18b]
add eax, 0xbb
mov dword [ebp - 0x50], edi
mov dword [ebp - 0x54], eax

loc_fffb3b5b:  ; not directly referenced
mov eax, dword [ebp - 0x44]
mov edi, dword [ebp - 0x34]
mov dword [ebp - 0x38], 0
mov dword [ebp - 0x2c], eax

loc_fffb3b6b:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
cmp dword [eax - 0xf6], 2
jne loc_fffb3c7f  ; jne 0xfffb3c7f
mov eax, dword [ebp - 0x48]
mov ecx, dword [ebp - 0x38]
mov edx, dword [eax + ecx + 0xc9]
mov eax, dword [eax + ecx + 0xcd]
mov dword [ebp - 0x3c], edx
mov dword [ebp - 0x40], eax
cmp esi, 1
je short loc_fffb3c09  ; je 0xfffb3c09
jb loc_fffb3c3a  ; jb 0xfffb3c3a
cmp esi, 3
ja loc_fffb3c3a  ; ja 0xfffb3c3a
mov eax, dword [ebp - 0x2c]
cmp esi, 2
mov dl, byte [eax]
jne short loc_fffb3bbf  ; jne 0xfffb3bbf
and dl, 1
jne short loc_fffb3bca  ; jne 0xfffb3bca
xor eax, eax
jmp near loc_fffb3c72  ; jmp 0xfffb3c72

loc_fffb3bbf:  ; not directly referenced
xor eax, eax
and dl, 2
je loc_fffb3c72  ; je 0xfffb3c72

loc_fffb3bca:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
mov ecx, dword [ebp - 0x54]
mov edx, dword [eax - 0x21]
add ecx, edi
mov dword [ebp - 0x30], ecx
mov ecx, dword [ebp - 0x50]
and edx, 0xfffffffd
add ecx, edi
dec edx
cmove ecx, dword [ebp - 0x30]
xor edx, edx
cmp byte [eax + 1], 0x13
mov dword [ebp - 0x30], ecx
movzx ecx, byte [ecx + 1]
jne short loc_fffb3bfb  ; jne 0xfffb3bfb
mov eax, dword [ebp - 0x30]
movsx edx, byte [eax + 0x1a]

loc_fffb3bfb:  ; not directly referenced
mov eax, dword [ebp - 0x40]
imul ecx, dword [ebp - 0x3c]
imul eax, edx
add eax, ecx
jmp short loc_fffb3c65  ; jmp 0xfffb3c65

loc_fffb3c09:  ; not directly referenced
movzx edx, byte [ebx + 0x1876]
test dl, dl
je short loc_fffb3c3a  ; je 0xfffb3c3a
sub esp, 0xc
mov ecx, dword [ebx + 0x36e4]
mov eax, ebx
push dword [ebx + 0x187b]
call fcn_fffb3a68  ; call 0xfffb3a68
mov edx, dword [ebx + 0x36dc]
add esp, 0x10
cmp eax, edx
cmovb eax, edx
jmp short loc_fffb3c72  ; jmp 0xfffb3c72

loc_fffb3c3a:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
mov eax, dword [eax - 0x21]
and eax, 0xfffffffd
dec eax
jne short loc_fffb3c50  ; jne 0xfffb3c50
movzx eax, byte [edi + 0x54]
movsx edx, byte [edi + 0x6a]
jmp short loc_fffb3c5b  ; jmp 0xfffb3c5b

loc_fffb3c50:  ; not directly referenced
movzx eax, byte [edi + 0x5a]
movsx edx, byte [edi + 0xc5]

loc_fffb3c5b:  ; not directly referenced
imul eax, dword [ebp - 0x3c]
imul edx, dword [ebp - 0x40]
add eax, edx

loc_fffb3c65:  ; not directly referenced
cmp eax, dword [ebx + 0x36dc]
cmovb eax, dword [ebx + 0x36dc]

loc_fffb3c72:  ; not directly referenced
mov edx, dword [ebp + esi*4 - 0x28]
cmp eax, edx
cmovb eax, edx
mov dword [ebp + esi*4 - 0x28], eax

loc_fffb3c7f:  ; not directly referenced
add dword [ebp - 0x38], 0x20
add edi, 0x277
add dword [ebp - 0x2c], 0x128
cmp dword [ebp - 0x38], 0x40
jne loc_fffb3b6b  ; jne 0xfffb3b6b
add dword [ebp - 0x34], 0x54a
mov eax, dword [ebp - 0x58]
add dword [ebp - 0x44], 0x13c3
add dword [ebp - 0x48], 0x13c3
cmp dword [ebp - 0x34], eax
jne loc_fffb3b5b  ; jne 0xfffb3b5b
jmp near loc_fffb3b0d  ; jmp 0xfffb3b0d

loc_fffb3cc0:  ; not directly referenced
cmp ecx, 1
ja short loc_fffb3cce  ; ja 0xfffb3cce
cmp byte [ebx + 0x374a], 0
je short loc_fffb3cf2  ; je 0xfffb3cf2

loc_fffb3cce:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x20]
mov dword [eax], edx
mov dword [eax - 0x1173], edx
mov dword [eax + 0x128], edx
mov dword [eax + 0x13c3], edx
mov dword [eax + 0x250], edx
mov dword [eax + 0x14eb], edx

loc_fffb3cf2:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffb3cc0  ; jne 0xfffb3cc0
mov eax, dword [ebx + 0x18a7]
mov eax, dword [ebp + eax*4 - 0x28]
mov dword [ebx + 0x36e0], eax
lea esp, [ebp - 0xc]
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb3d18:
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, 0x5f5e100
sub esp, 0x10
mov edi, dword [ebp + 8]
mov esi, dword [eax + 0x2444]
mov eax, 0xbebc200
test edi, edi
cmovne ebx, edi
dec ecx
mov ecx, 0xfe502ab
cmovne eax, ecx
imul ebx, edx
xor edx, edx
push ebx
push edx
push eax
call dword [esi + 0x70]  ; ucall
mov dword [esp], 0
push 0x5af3
push 0x107a4000
add eax, 0x883d2000
adc edx, 0x2d79
push edx
push eax
call dword [esi + 0x74]  ; ucall
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb3d76:
push ebp
mov ebp, esp
push edi
push esi
xor esi, esi
push ebx
xor ebx, ebx
sub esp, 8
mov dword [ebp - 0x14], eax

loc_fffb3d86:
cmp esi, edx
je short loc_fffb3db4  ; je 0xfffb3db4
mov eax, dword [ebp - 0x14]
mov byte [ebp - 0xd], 8
movzx edi, byte [eax + esi]
shl edi, 8
xor ebx, edi

loc_fffb3d9a:
lea edi, [ebx + ebx]
mov eax, edi
xor eax, 0x1021
and bh, 0x80
mov ebx, eax
cmove ebx, edi
dec byte [ebp - 0xd]
jne short loc_fffb3d9a  ; jne 0xfffb3d9a
inc esi
jmp short loc_fffb3d86  ; jmp 0xfffb3d86

loc_fffb3db4:
mov word [ecx], bx
mov eax, 1
pop edx
pop ecx
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb3dc3:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, ecx
push esi
mov esi, eax
push ebx
mov eax, ref_fffd37fc  ; mov eax, 0xfffd37fc
xor ebx, ebx

loc_fffb3dd4:  ; not directly referenced
cmp edx, dword [eax]
ja short loc_fffb3de8  ; ja 0xfffb3de8
cmp edx, dword [eax + 9]
jbe short loc_fffb3de8  ; jbe 0xfffb3de8
lea eax, [ebx + ebx*8]
mov eax, dword [eax + ref_fffd3800]  ; mov eax, dword [eax - 0x2c800]
jmp short loc_fffb3df3  ; jmp 0xfffb3df3

loc_fffb3de8:  ; not directly referenced
inc ebx
add eax, 9
cmp ebx, 0x14
jne short loc_fffb3dd4  ; jne 0xfffb3dd4
xor eax, eax

loc_fffb3df3:  ; not directly referenced
mov ecx, esi
mov edx, 1
shl edx, cl
lea ecx, [ebx + ebx*8]
add ecx, ref_fffd37fc  ; add ecx, 0xfffd37fc
jmp short loc_fffb3e16  ; jmp 0xfffb3e16

loc_fffb3e07:  ; not directly referenced
movzx esi, byte [ecx + 8]
sub ecx, 9
test esi, edx
jne short loc_fffb3e1a  ; jne 0xfffb3e1a
mov eax, dword [ecx + 4]
dec ebx

loc_fffb3e16:  ; not directly referenced
test ebx, ebx
jne short loc_fffb3e07  ; jne 0xfffb3e07

loc_fffb3e1a:  ; not directly referenced
test edi, edi
je short loc_fffb3e20  ; je 0xfffb3e20
mov dword [edi], ebx

loc_fffb3e20:  ; not directly referenced
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb3e25:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 8]
mov al, byte [eax]
pop ebp
ret

fcn_fffb3e2f:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0xc]
mov edx, dword [ebp + 8]
mov byte [edx], al
pop ebp
ret

fcn_fffb3e3c:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x10]
mov edx, dword [ebp + 0x18]
mov byte [eax], dl
pop ebp
ret

fcn_fffb3e49:
push ebp
mov ebp, esp
mov eax, dword [ebp + 8]
mov ax, word [eax]
pop ebp
ret

fcn_fffb3e54:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x10]
mov dword [ebp + 8], eax
pop ebp
jmp near fcn_fffb3e49  ; jmp 0xfffb3e49

fcn_fffb3e63:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x10]
mov al, byte [eax]
pop ebp
ret

fcn_fffb3e6d:  ; not directly referenced
push ebp
mov ecx, 0xfffff
mov ebp, esp
push edi
mov edi, dword [ebp + 0x18]
push esi
mov esi, dword [ebp + 0x1c]
push ebx
mov ebx, dword [ebp + 8]

loc_fffb3e81:  ; not directly referenced
mov al, 0xa
mov edx, 0x70
out dx, al
mov dl, 0x71
in al, dx
test al, al
jns short loc_fffb3e95  ; jns 0xfffb3e95
dec ecx
jne short loc_fffb3e81  ; jne 0xfffb3e81
jmp short loc_fffb3e99  ; jmp 0xfffb3e99

loc_fffb3e95:  ; not directly referenced
test ecx, ecx
jne short loc_fffb3eca  ; jne 0xfffb3eca

loc_fffb3e99:  ; not directly referenced
mov edx, 0x70
mov al, 0xb
out dx, al
mov al, 0x82
mov dl, 0x71
out dx, al
mov al, 0xa
mov dl, 0x70
out dx, al
mov al, 0x26
mov dl, 0x71
out dx, al
mov al, 0xc
mov dl, 0x70
out dx, al
mov dl, 0x71
in al, dx
mov al, 0xd
mov dl, 0x70
out dx, al
mov dl, 0x71
in al, dx
mov al, 0xb
mov dl, 0x70
out dx, al
mov al, 2
mov dl, 0x71
out dx, al

loc_fffb3eca:  ; not directly referenced
mov edx, 0x70
xor eax, eax
out dx, al
mov dl, 0x71
in al, dx
mov byte [ebx], al
mov dl, 0x70
mov al, 2
out dx, al
mov dl, 0x71
in al, dx
mov ecx, dword [ebp + 0xc]
mov dl, 0x70
mov byte [ecx], al
mov al, 4
out dx, al
mov dl, 0x71
in al, dx
mov ecx, dword [ebp + 0x10]
mov dl, 0x70
mov byte [ecx], al
mov al, 7
out dx, al
mov dl, 0x71
in al, dx
mov ecx, dword [ebp + 0x14]
mov dl, 0x70
mov byte [ecx], al
mov al, 8
out dx, al
mov dl, 0x71
in al, dx
mov byte [edi], al
mov dl, 0x70
mov al, 9
out dx, al
mov dl, 0x71
in al, dx
movzx eax, al
mov dl, 0xa
mov word [esi], ax
mov cl, byte [ebx]
mov al, cl
and ecx, 0xf
shr al, 4
imul eax, edx
add ecx, eax
mov eax, dword [ebp + 0xc]
mov byte [ebx], cl
mov ebx, dword [ebp + 0x14]
mov cl, byte [eax]
mov al, cl
and ecx, 0xf
shr al, 4
imul eax, edx
add ecx, eax
mov eax, dword [ebp + 0xc]
mov byte [eax], cl
mov eax, dword [ebp + 0x10]
mov cl, byte [eax]
mov al, cl
and ecx, 0xf
shr al, 4
imul eax, edx
add ecx, eax
mov eax, dword [ebp + 0x10]
mov byte [eax], cl
mov eax, dword [ebp + 0x14]
mov cl, byte [eax]
mov al, cl
and ecx, 0xf
shr al, 4
imul eax, edx
add eax, ecx
mov byte [ebx], al
mov cl, byte [edi]
mov al, cl
and ecx, 0xf
shr al, 4
imul eax, edx
add eax, ecx
mov byte [edi], al
mov ax, word [esi]
mov edx, eax
shr ax, 4
and edx, 0xf
and eax, 0xf
imul eax, eax, 0xa
lea eax, [edx + eax + 0x7d0]
mov word [esi], ax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb3fa0:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0xc]
mov edx, dword [ebp + 8]
mov word [edx], ax
pop ebp
ret

fcn_fffb3fae:  ; not directly referenced
push ebp
mov ebp, esp
movzx eax, word [ebp + 0x18]
mov dword [ebp + 0xc], eax
mov eax, dword [ebp + 0x10]
mov dword [ebp + 8], eax
pop ebp
jmp near fcn_fffb3fa0  ; jmp 0xfffb3fa0

fcn_fffb3fc4:
push ebp
mov ebp, esp
mov eax, dword [ebp + 8]
mov eax, dword [eax]
pop ebp
ret

fcn_fffb3fce:
mov eax, dword [0xff7d0084]
push ebp
mov ebp, esp
mov eax, dword [eax + 0x14]
add eax, 0xfb020
push eax
call fcn_fffb3fc4  ; call 0xfffb3fc4
leave
and eax, 0xffe0
ret

fcn_fffb3feb:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x10]
mov dword [ebp + 8], eax
pop ebp
jmp near fcn_fffb3fc4  ; jmp 0xfffb3fc4

fcn_fffb3ffa:
push ebp
mov ebp, esp
mov eax, dword [ebp + 0xc]
mov edx, dword [ebp + 8]
mov dword [edx], eax
pop ebp
ret

fcn_fffb4007:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x18]
mov dword [ebp + 0xc], eax
mov eax, dword [ebp + 0x10]
mov dword [ebp + 8], eax
pop ebp
jmp near fcn_fffb3ffa  ; jmp 0xfffb3ffa

fcn_fffb401c:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 8]
mov edx, dword [eax + 4]
mov eax, dword [eax]
pop ebp
ret

fcn_fffb4029:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x10]
mov dword [ebp + 8], eax
pop ebp
jmp near fcn_fffb401c  ; jmp 0xfffb401c

fcn_fffb4038:  ; not directly referenced
push ebp
mov ebp, esp
mov edx, dword [ebp + 0x10]
in al, dx
pop ebp
ret

fcn_fffb4041:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 8]
mov dl, al
mov cl, al
sar dl, 7
and eax, 0x7f
sar cl, 7
and edx, 2
and ecx, 2
add edx, 0x74
add ecx, 0x75
movzx edx, dl
out dx, al
movzx edx, cl
in al, dx
pop ebp
ret

fcn_fffb406a:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x18]
mov dword [ebp + 0xc], eax
mov eax, dword [ebp + 0x10]
mov dword [ebp + 8], eax
pop ebp
jmp near fcn_fffb0086  ; jmp 0xfffb0086

fcn_fffb407f:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
push ebx
sub esp, 0x5c
mov edi, dword [edi + 0x5edd]
mov dword [ebp - 0x3c], eax
mov eax, edx
mov dword [ebp - 0x4c], edx
mov byte [ebp - 0x3e], dl
mov dword [ebp - 0x58], edi
mov esi, dword [edi + 0xc]
mov ebx, dword [edi + 0x10]
xor edi, edi
cmp dl, 2
sete byte [ebp - 0x46]
test al, 0xfd
jne short loc_fffb40df  ; jne 0xfffb40df
mov eax, dword [ebp - 0x3c]
mov edx, 0x3a00
call fcn_fffb331f  ; call 0xfffb331f
mov ecx, dword [ebp - 0x3c]
mov dl, al
and edx, 0x3f
cmp dword [ecx + 0x188b], 0
jne short loc_fffb40d4  ; jne 0xfffb40d4
shr eax, 0x1a
jmp short loc_fffb40d7  ; jmp 0xfffb40d7

loc_fffb40d4:  ; not directly referenced
shr eax, 0x14

loc_fffb40d7:  ; not directly referenced
and eax, 0x1f
mov byte [ebp - 0x3d], al
jmp short loc_fffb40fe  ; jmp 0xfffb40fe

loc_fffb40df:  ; not directly referenced
mov al, byte [ebp - 0x4c]
sub eax, 0xa
cmp al, 1
ja short loc_fffb40f8  ; ja 0xfffb40f8
mov eax, dword [ebp - 0x3c]
mov edx, 0x3a08
call fcn_fffb331f  ; call 0xfffb331f
mov edi, eax

loc_fffb40f8:  ; not directly referenced
mov byte [ebp - 0x3d], 0
xor edx, edx

loc_fffb40fe:  ; not directly referenced
mov eax, dword [ebp - 0x4c]
cmp al, 0xb
ja loc_fffb41f2  ; ja 0xfffb41f2
jmp dword [eax*4 + ref_fffd399c]  ; ujmp: jmp dword [eax*4 - 0x2c664]

loc_fffb4110:  ; not directly referenced
shr esi, 0xb
and esi, 0xf
mov eax, esi
mov edi, esi
or eax, 0xfffffff0
test esi, 8
cmovne edi, eax
mov byte [ebp - 0x3d], dl
mov byte [ebp - 0x44], 0
mov byte [ebp - 0x40], 0xf8
mov byte [ebp - 0x45], 7
mov byte [ebp - 0x3f], 1
jmp near loc_fffb4208  ; jmp 0xfffb4208

loc_fffb413e:  ; not directly referenced
mov eax, dword [ebp - 0x3c]
mov edx, 0x3a04
shr esi, 0xf
and esi, 0x1f
mov edi, esi
call fcn_fffb331f  ; call 0xfffb331f
mov byte [ebp - 0x44], 0
mov byte [ebp - 0x40], 0xf0
mov byte [ebp - 0x45], 0xf
and eax, 0x3f
mov byte [ebp - 0x3d], al
mov eax, esi
or eax, 0xffffffe0
test esi, 0x10
cmovne edi, eax
jmp near loc_fffb4204  ; jmp 0xfffb4204

loc_fffb4178:  ; not directly referenced
mov eax, ebx
mov edi, ebx
shr eax, 4
and edi, 0xf
and eax, 1
mov byte [ebp - 0x44], al
mov byte [ebp - 0x40], 4
mov byte [ebp - 0x45], 0xf
mov byte [ebp - 0x3f], 5
jmp short loc_fffb4208  ; jmp 0xfffb4208

loc_fffb4196:  ; not directly referenced
shr edi, 0xc
mov eax, edi
shr esi, 0x14
and eax, 0x3f
and esi, 0xf
mov byte [ebp - 0x3d], al
mov eax, esi
or eax, 0xfffffff0
test esi, 8
cmovne esi, eax
mov edi, esi
mov byte [ebp - 0x44], 0
mov byte [ebp - 0x40], 0xf8
mov byte [ebp - 0x45], 7
mov byte [ebp - 0x3f], 2
jmp short loc_fffb4208  ; jmp 0xfffb4208

loc_fffb41c9:  ; not directly referenced
mov eax, edi
and eax, 0x3f
mov byte [ebp - 0x3d], al
mov eax, ebx
shr eax, 9
shr ebx, 5
and eax, 1
mov edi, ebx
mov byte [ebp - 0x44], al
and edi, 0xf
mov byte [ebp - 0x40], 4
mov byte [ebp - 0x45], 0xf
mov byte [ebp - 0x3f], 6
jmp short loc_fffb4208  ; jmp 0xfffb4208

loc_fffb41f2:  ; not directly referenced
mov byte [ebp - 0x44], 0
xor edi, edi
mov byte [ebp - 0x40], 0
mov byte [ebp - 0x45], 0
mov byte [ebp - 0x3d], 0

loc_fffb4204:  ; not directly referenced
mov byte [ebp - 0x3f], 0

loc_fffb4208:  ; not directly referenced
mov eax, dword [ebp - 0x3c]
xor ebx, ebx
xor esi, esi
mov ecx, dword [ebp - 0x58]
mov byte [ebp - 0x47], 0
mov word [ebp - 0x58], 0
add eax, 0x3757
mov dword [ebp - 0x54], eax
lea eax, [ebp - 0x2a]
add ecx, 0x1c
mov dword [ebp - 0x50], eax
mov al, byte [ebp - 0x3e]
sub eax, 0xa
mov byte [ebp - 0x5e], al

loc_fffb4236:  ; not directly referenced
mov eax, dword [ebp - 0x54]
cmp dword [eax], 2
jne loc_fffb42fc  ; jne 0xfffb42fc
mov eax, dword [ebp - 0x3c]
mov edx, dword [ecx + 0x4c]
mov al, byte [eax + 0x2489]
mov byte [ebp - 0x5d], al
mov eax, edx
shr eax, 9
and eax, 0xf
mov byte [ebp - 0x5c], al
mov al, dl
xor edx, edx
and eax, 0x1f
mov byte [ebp - 0x48], al

loc_fffb4266:  ; not directly referenced
cmp byte [ebp - 0x5d], dl
jbe loc_fffb42f9  ; jbe 0xfffb42f9
cmp byte [ebp - 0x3e], 0
mov eax, dword [ecx + edx*4 + 0x78]
jne short loc_fffb4282  ; jne 0xfffb4282
mov esi, eax
mov bl, 6
and esi, 0x3f
jmp short loc_fffb42bc  ; jmp 0xfffb42bc

loc_fffb4282:  ; not directly referenced
cmp byte [ebp - 0x3e], 1
jne short loc_fffb4292  ; jne 0xfffb4292
shr eax, 0xc
mov esi, eax
and esi, 0x1f
jmp short loc_fffb429d  ; jmp 0xfffb429d

loc_fffb4292:  ; not directly referenced
cmp byte [ebp - 0x46], 0
je short loc_fffb42a1  ; je 0xfffb42a1
shr eax, 0x1b
mov esi, eax

loc_fffb429d:  ; not directly referenced
mov bl, 5
jmp short loc_fffb42bc  ; jmp 0xfffb42bc

loc_fffb42a1:  ; not directly referenced
mov al, byte [ebp - 0x3e]
cmp al, 0xa
je short loc_fffb42b7  ; je 0xfffb42b7
cmp al, 0xb
mov al, byte [ebp - 0x48]
cmove esi, eax
mov al, 5
cmove ebx, eax
jmp short loc_fffb42bc  ; jmp 0xfffb42bc

loc_fffb42b7:  ; not directly referenced
mov esi, dword [ebp - 0x5c]
mov bl, 4

loc_fffb42bc:  ; not directly referenced
push eax
movzx eax, bl
push 8
push eax
mov eax, esi
movzx eax, al
push eax
mov dword [ebp - 0x68], edx
mov dword [ebp - 0x64], ecx
call fcn_fffb15dc  ; call 0xfffb15dc
mov edx, dword [ebp - 0x68]
add esp, 0x10
movsx cx, al
add word [ebp - 0x58], cx
mov ecx, dword [ebp - 0x50]
add al, byte [ebp - 0x3d]
mov byte [ecx + edx], al
inc edx
mov ecx, dword [ebp - 0x64]
cmp byte [ebp - 0x5e], 2
ja loc_fffb4266  ; ja 0xfffb4266

loc_fffb42f9:  ; not directly referenced
inc byte [ebp - 0x47]

loc_fffb42fc:  ; not directly referenced
add dword [ebp - 0x50], 9
add ecx, 0xcc
add dword [ebp - 0x54], 0x13c3
lea eax, [ebp - 0x18]
cmp dword [ebp - 0x50], eax
jne loc_fffb4236  ; jne 0xfffb4236
movsx ebx, word [ebp - 0x58]
movzx ecx, byte [ebp - 0x47]
mov eax, ebx
sar ax, 0xf
or eax, 1
cmp byte [ebp - 0x4c], 2
mov byte [ebp - 0x54], al
movsx eax, al
mov dword [ebp - 0x50], ebx
ja short loc_fffb4359  ; ja 0xfffb4359
mov esi, dword [ebp - 0x3c]
imul eax, ecx
mov ebx, 2
movzx esi, byte [esi + 0x2489]
imul eax, esi
imul ecx, esi
cdq
idiv ebx
add eax, dword [ebp - 0x50]
jmp short loc_fffb4367  ; jmp 0xfffb4367

loc_fffb4359:  ; not directly referenced
imul eax, ecx
mov esi, 2
cdq
idiv esi
add eax, dword [ebp - 0x50]

loc_fffb4367:  ; not directly referenced
cdq
idiv ecx
test ax, ax
jne short loc_fffb4378  ; jne 0xfffb4378
movzx eax, byte [ebp - 0x3d]
jmp near loc_fffb450f  ; jmp 0xfffb450f

loc_fffb4378:  ; not directly referenced
movsx eax, al
cdq
mov ecx, edx
xor ecx, eax
sub ecx, edx
cmp byte [ebp - 0x4c], 0xb
mov byte [ebp - 0x47], cl
sete dl
or dl, byte [ebp - 0x46]
mov byte [ebp - 0x58], dl
je short loc_fffb4397  ; je 0xfffb4397
neg byte [ebp - 0x54]

loc_fffb4397:  ; not directly referenced
mov bl, byte [ebp - 0x54]
mov dl, byte [ebp - 0x3d]
mov esi, dword [ebp - 0x44]
mov byte [ebp - 0x46], cl
add ebx, edi
movzx ecx, dl
mov byte [ebp - 0x50], bl
add eax, ecx
mov ebx, edi
mov byte [ebp - 0x4c], bl
mov dword [ebp - 0x5c], eax

loc_fffb43b5:  ; not directly referenced
mov al, byte [ebp - 0x50]
mov bl, 1
mov byte [ebp - 0x3d], al
lea eax, [edx - 3]
cmp al, 0x39
ja short loc_fffb43d7  ; ja 0xfffb43d7
mov al, byte [ebp - 0x45]
mov cl, byte [ebp - 0x50]
cmp cl, al
setg bl
cmp byte [ebp - 0x40], cl
setg al
or ebx, eax

loc_fffb43d7:  ; not directly referenced
cmp byte [ebp - 0x58], 0
je short loc_fffb43f2  ; je 0xfffb43f2
mov cl, byte [ebp - 0x50]
mov al, 0
cmp cl, 0x10
cmovge esi, eax
mov eax, esi
shl eax, 4
add eax, ecx
mov byte [ebp - 0x3d], al

loc_fffb43f2:  ; not directly referenced
test bl, bl
jne short loc_fffb443b  ; jne 0xfffb443b
movsx ecx, byte [ebp - 0x3d]
sub esp, 0xc
movzx edx, byte [ebp - 0x3f]
mov eax, dword [ebp - 0x3c]
push 0
call fcn_fffa8377  ; call 0xfffa8377
mov ecx, dword [ebp - 0x5c]
add esp, 0x10
mov dl, al
movzx eax, al
sub ecx, eax
mov eax, ecx
sar ecx, 0x1f
xor eax, ecx
sub eax, ecx
cmp al, byte [ebp - 0x47]
jae short loc_fffb443b  ; jae 0xfffb443b
cmp al, byte [ebp - 0x46]
jae short loc_fffb443d  ; jae 0xfffb443d
mov cl, byte [ebp - 0x3d]
test al, al
sete bl
mov byte [ebp - 0x46], al
mov byte [ebp - 0x4c], cl
jmp short loc_fffb443d  ; jmp 0xfffb443d

loc_fffb443b:  ; not directly referenced
mov bl, 1

loc_fffb443d:  ; not directly referenced
mov al, byte [ebp - 0x54]
add byte [ebp - 0x50], al
test bl, bl
je loc_fffb43b5  ; je 0xfffb43b5
mov bl, byte [ebp - 0x4c]
mov eax, edi
movzx edx, byte [ebp - 0x3f]
cmp bl, al
je loc_fffb44e5  ; je 0xfffb44e5
mov eax, dword [ebp - 0x3c]
sub esp, 0xc
movzx ecx, bl
push 1
xor ebx, ebx
call fcn_fffa8377  ; call 0xfffa8377
movzx esi, byte [ebp - 0x3e]
add esp, 0x10
mov byte [ebp - 0x3f], al
movzx edi, al

loc_fffb447b:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edx, dword [ebp - 0x3c]
cmp dword [edx + eax + 0x3757], 2
je short loc_fffb4496  ; je 0xfffb4496

loc_fffb448e:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffb447b  ; jne 0xfffb447b
jmp short loc_fffb450b  ; jmp 0xfffb450b

loc_fffb4496:  ; not directly referenced
lea eax, [ebx + ebx*8]
lea edx, [ebp - 0x18]
add eax, edx
mov byte [ebp - 0x3d], 0
mov dword [ebp - 0x44], eax

loc_fffb44a5:  ; not directly referenced
mov edx, dword [ebp - 0x3c]
mov al, byte [ebp - 0x3d]
cmp al, byte [edx + 0x2489]
jae short loc_fffb448e  ; jae 0xfffb448e
movzx edx, byte [ebp - 0x3d]
xor ecx, ecx
mov eax, dword [ebp - 0x44]
push 1
movzx eax, byte [edx + eax - 0x12]
sub eax, edi
cwde
push eax
mov eax, dword [ebp - 0x3c]
push esi
push edx
mov edx, ebx
call fcn_fffa972b  ; call 0xfffa972b
mov al, byte [ebp - 0x3e]
add esp, 0x10
sub eax, 0xa
cmp al, 2
jbe short loc_fffb448e  ; jbe 0xfffb448e
inc byte [ebp - 0x3d]
jmp short loc_fffb44a5  ; jmp 0xfffb44a5

loc_fffb44e5:  ; not directly referenced
cmp byte [ebp - 0x58], 0
je short loc_fffb44f4  ; je 0xfffb44f4
mov al, byte [ebp - 0x44]
shl eax, 4
add byte [ebp - 0x4c], al

loc_fffb44f4:  ; not directly referenced
movzx ecx, byte [ebp - 0x4c]
sub esp, 0xc
mov eax, dword [ebp - 0x3c]
push 1
call fcn_fffa8377  ; call 0xfffa8377
add esp, 0x10
mov byte [ebp - 0x3f], al

loc_fffb450b:  ; not directly referenced
movzx eax, byte [ebp - 0x3f]

loc_fffb450f:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb4517:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x1c
mov ebx, dword [ebp + 8]
mov byte [ebp - 0x1b], 0
lea esi, [ebp - 0x1b]
mov byte [ebp - 0x1a], 1
lea edi, [ebp - 0x18]
mov byte [ebp - 0x19], 2

loc_fffb4535:  ; not directly referenced
movzx edx, byte [esi]
mov eax, ebx
inc esi
call fcn_fffb407f  ; call 0xfffb407f
cmp esi, edi
jne short loc_fffb4535  ; jne 0xfffb4535
cmp dword [ebx + 0x188b], 1
jne short loc_fffb4565  ; jne 0xfffb4565
mov edx, 0xa
mov eax, ebx
call fcn_fffb407f  ; call 0xfffb407f
mov edx, 0xb
mov eax, ebx
call fcn_fffb407f  ; call 0xfffb407f

loc_fffb4565:  ; not directly referenced
add esp, 0x1c
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb456f:  ; not directly referenced
push ebp
mov eax, 0x80000002
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x1c
mov ebx, dword [ebp + 0x20]
mov ecx, dword [ebp + 0x10]
mov esi, dword [ebp + 0x14]
mov edi, dword [ebp + 0x18]
test ebx, ebx
je loc_fffb464a  ; je 0xfffb464a
cmp ecx, 0xb
ja loc_fffb464a  ; ja 0xfffb464a
push eax
mov edx, ecx
push dword [ebp + 0x1c]
mov eax, 1
mov dword [ebp - 0x1c], ecx
push edi
push esi
call fcn_fffb05d3  ; call 0xfffb05d3
add esp, 0x10
mov ecx, dword [ebp - 0x1c]
test eax, eax
js loc_fffb464a  ; js 0xfffb464a
mov al, byte [ecx + ref_fffd6138]  ; mov al, byte [ecx - 0x29ec8]
mov dword [ebp - 0x24], 0
mov byte [ebp - 0x1e], al
mov eax, ecx
and eax, 3
mov dword [ebp - 0x1c], eax
movzx eax, byte [eax + ref_fffd6144]  ; movzx eax, byte [eax - 0x29ebc]
dec eax
test ebx, eax
movzx eax, byte [ecx + ref_fffd6144]  ; movzx eax, byte [ecx - 0x29ebc]
sete byte [ebp - 0x1d]
mov dword [ebp - 0x28], eax

loc_fffb45ed:  ; not directly referenced
cmp dword [ebp + 0x1c], 0
je short loc_fffb4648  ; je 0xfffb4648
cmp dword [ebp - 0x1c], 0
jne short loc_fffb45ff  ; jne 0xfffb45ff
mov al, byte [esi]
mov byte [ebx], al
jmp short loc_fffb4637  ; jmp 0xfffb4637

loc_fffb45ff:  ; not directly referenced
cmp dword [ebp - 0x1c], 1
jne short loc_fffb4613  ; jne 0xfffb4613
sub esp, 0xc
push esi
call fcn_fffb3e49  ; call 0xfffb3e49
mov word [ebx], ax
jmp short loc_fffb4634  ; jmp 0xfffb4634

loc_fffb4613:  ; not directly referenced
cmp dword [ebp - 0x1c], 2
jne short loc_fffb4626  ; jne 0xfffb4626
sub esp, 0xc
push esi
call fcn_fffb3fc4  ; call 0xfffb3fc4
mov dword [ebx], eax
jmp short loc_fffb4634  ; jmp 0xfffb4634

loc_fffb4626:  ; not directly referenced
sub esp, 0xc
push esi
call fcn_fffb401c  ; call 0xfffb401c
mov dword [ebx], eax
mov dword [ebx + 4], edx

loc_fffb4634:  ; not directly referenced
add esp, 0x10

loc_fffb4637:  ; not directly referenced
movzx eax, byte [ebp - 0x1e]
add esi, dword [ebp - 0x28]
adc edi, dword [ebp - 0x24]
dec dword [ebp + 0x1c]
add ebx, eax
jmp short loc_fffb45ed  ; jmp 0xfffb45ed

loc_fffb4648:  ; not directly referenced
xor eax, eax

loc_fffb464a:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb4652:  ; not directly referenced
push ebp
movzx edx, dl
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
sub esp, 0x2c
mov ebx, dword [ebp + 0x10]
mov eax, dword [ebp + 8]
mov dword [ebp - 0x24], ecx
mov edi, dword [esi + 0x5edd]
mov dword [ebp - 0x1c], ebx
mov byte [ebp - 0x2b], bl
mov bl, byte [ebp + 0x18]
mov ecx, eax
mov eax, dword [ebp + 0xc]
mov byte [ebp - 0x2c], bl
imul ebx, edx, 0xcc
mov byte [ebp - 0x20], al
lea ebx, [edi + ebx + 0x1c]
cmp cl, 0xe
ja loc_fffb4a3a  ; ja 0xfffb4a3a
movzx edi, cl
jmp dword [edi*4 + ref_fffd39cc]  ; ujmp: jmp dword [edi*4 - 0x2c634]

loc_fffb46a0:  ; not directly referenced
mov edi, dword [ebx + 0xa0]
and eax, 0xf
shl eax, 0xf
and edi, 0xfff87fff
jmp near loc_fffb49e6  ; jmp 0xfffb49e6

loc_fffb46b7:  ; not directly referenced
mov edi, dword [ebx + 0xa0]
and eax, 0xf
shl eax, 0x13
and edi, 0xff87ffff
jmp near loc_fffb49e6  ; jmp 0xfffb49e6

loc_fffb46ce:  ; not directly referenced
mov edi, dword [ebx + 0xa4]
and eax, 0xf
shl eax, 0x11
and edi, 0xffe1ffff
jmp short loc_fffb474a  ; jmp 0xfffb474a

loc_fffb46e2:  ; not directly referenced
mov edi, dword [ebx + 0xa4]
and eax, 0xf
shl eax, 0x15
and edi, 0xfe1fffff
jmp short loc_fffb474a  ; jmp 0xfffb474a

loc_fffb46f6:  ; not directly referenced
mov edi, dword [ebx + 0xa8]
and eax, 0x1f
shl eax, 0x13
and edi, 0xff07ffff
jmp near loc_fffb4a1a  ; jmp 0xfffb4a1a

loc_fffb470d:  ; not directly referenced
mov edi, dword [ebx + 0xa8]
and eax, 0x1f
shl eax, 0x18
and edi, 0xe0ffffff
jmp near loc_fffb4a1a  ; jmp 0xfffb4a1a

loc_fffb4724:  ; not directly referenced
mov edi, dword [ebx + 0xa4]
and eax, 0xf
shl eax, 6
and edi, 0xfffffc3f
jmp short loc_fffb474a  ; jmp 0xfffb474a

loc_fffb4738:  ; not directly referenced
mov edi, dword [ebx + 0xa4]
and eax, 0xf
shl eax, 0xa
and edi, 0xffffc3ff

loc_fffb474a:  ; not directly referenced
or edi, eax
mov eax, esi
shl edx, 0xa
mov ecx, edi
add edx, 0x4008
call fcn_fffb3381  ; call 0xfffb3381
cmp byte [ebp - 0x1c], 0
je loc_fffb4a3a  ; je 0xfffb4a3a
mov dword [ebx + 0xa4], edi
jmp near loc_fffb4a3a  ; jmp 0xfffb4a3a

loc_fffb4773:  ; not directly referenced
mov edi, dword [ebx + 0xac]
sub eax, 6
and eax, 3
shl eax, 0x11
and edi, 0xfff9ffff
jmp short loc_fffb47b6  ; jmp 0xfffb47b6

loc_fffb478a:  ; not directly referenced
sub eax, 6
mov edi, dword [ebx + 0xac]
cmp dword [esi + 0x2481], 3
jne short loc_fffb47aa  ; jne 0xfffb47aa
and eax, 7
and edi, 0xffc7ffff
shl eax, 0x13
jmp short loc_fffb47b6  ; jmp 0xfffb47b6

loc_fffb47aa:  ; not directly referenced
and eax, 3
and edi, 0xffe7ffff
shl eax, 0x13

loc_fffb47b6:  ; not directly referenced
or edi, eax
mov eax, esi
shl edx, 0xa
mov ecx, edi
add edx, 0x4014
call fcn_fffb3381  ; call 0xfffb3381
cmp byte [ebp - 0x1c], 0
je loc_fffb4a3a  ; je 0xfffb4a3a
mov dword [ebx + 0xac], edi
jmp near loc_fffb4a3a  ; jmp 0xfffb4a3a

loc_fffb47df:  ; not directly referenced
movzx ecx, byte [ebp - 0x24]
lea edi, [ebx + ecx*4]
mov ebx, dword [edi + 4]
mov dword [ebp - 0x24], edi
mov dword [ebp - 0x20], ebx
shr ebx, 0xd
and ebx, 0xf
mov edi, ebx
or edi, 0xfffffff0
test bl, 8
cmovne ebx, edi
add eax, ebx
mov bl, 6
cmp al, 6
cmovle ebx, eax
mov al, 0xfc
cmp bl, 0xfc
cmovge eax, ebx
mov ebx, dword [ebp - 0x20]
and eax, 0xf
mov edi, eax
shl edi, 0xd
and ebx, 0xff0e1fff
shl eax, 0x14
or ebx, edi
or ebx, eax
mov eax, esi
call fcn_fffa71f9  ; call 0xfffa71f9
mov ecx, ebx
mov edx, eax
mov eax, esi
call fcn_fffb3381  ; call 0xfffb3381
cmp byte [ebp - 0x1c], 0
je loc_fffb4a3a  ; je 0xfffb4a3a
mov eax, dword [ebp - 0x24]
mov dword [eax + 4], ebx
jmp near loc_fffb4a3a  ; jmp 0xfffb4a3a

loc_fffb4850:  ; not directly referenced
movzx ecx, byte [ebp - 0x24]
lea edi, [ebx + ecx*4]
mov ebx, dword [edi + 4]
mov dword [ebp - 0x20], ebx
shr ebx, 0x11
and ebx, 7
add eax, ebx
mov bl, 7
cmp al, 7
cmovle ebx, eax
xor eax, eax
test bl, bl
cmovns eax, ebx
and eax, 7
mov ebx, eax
shl ebx, 0x11
mov dword [ebp - 0x24], ebx
mov ebx, dword [ebp - 0x20]
shl eax, 0x18
and ebx, 0xf8f1ffff
or ebx, dword [ebp - 0x24]
or ebx, eax
mov eax, esi
call fcn_fffa71f9  ; call 0xfffa71f9
mov ecx, ebx
mov edx, eax
mov eax, esi
call fcn_fffb3381  ; call 0xfffb3381
cmp byte [ebp - 0x1c], 0
je loc_fffb4a3a  ; je 0xfffb4a3a
mov dword [edi + 4], ebx
jmp near loc_fffb4a3a  ; jmp 0xfffb4a3a

loc_fffb48b3:  ; not directly referenced
imul eax, edx, 0x13c3
xor edi, edi
shl edx, 0xa
lea eax, [esi + eax + 0x3757]
mov dword [ebp - 0x24], eax
lea eax, [edx + 0x4028]
mov dword [ebp - 0x30], eax
lea eax, [edx + 0x4024]
mov dword [ebp - 0x28], eax
mov eax, dword [ebp - 0x20]
and eax, 0x7f
mov dword [ebp - 0x1c], eax

loc_fffb48e3:  ; not directly referenced
mov eax, edi
mov byte [ebp - 0x2a], al
movzx eax, byte [ebp - 0x2c]
bt eax, edi
jae loc_fffb49c8  ; jae 0xfffb49c8
mov ecx, dword [ebp - 0x24]
mov al, byte [ebp - 0x20]
add al, byte [ecx + edi + 0x1011]
sub al, byte [ecx + edi + 0x1015]
mov byte [ebp - 0x29], al
js loc_fffb49c8  ; js 0xfffb49c8
mov edx, dword [ebp - 0x30]
mov eax, esi
call fcn_fffb331f  ; call 0xfffb331f
mov edx, dword [ebp - 0x28]
mov dword [ebp - 0x34], eax
mov eax, esi
call fcn_fffb331f  ; call 0xfffb331f
mov dl, byte [ebp - 0x2a]
mov ecx, dword [ebp - 0x34]
cmp dl, 2
mov ebx, eax
movzx eax, byte [ebp - 0x29]
je short loc_fffb4966  ; je 0xfffb4966
and eax, 0xf
cmp dl, 3
je short loc_fffb497f  ; je 0xfffb497f
dec dl
je short loc_fffb4953  ; je 0xfffb4953
and ecx, 0xfffffff0
and ebx, 0xffffff80
or ecx, eax
or ebx, dword [ebp - 0x1c]
jmp short loc_fffb4995  ; jmp 0xfffb4995

loc_fffb4953:  ; not directly referenced
shl eax, 4
and cl, 0xf
or ecx, eax
mov eax, dword [ebp - 0x1c]
and bh, 0x80
shl eax, 8
jmp short loc_fffb4993  ; jmp 0xfffb4993

loc_fffb4966:  ; not directly referenced
and eax, 0xf
and ch, 0xf0
shl eax, 8
and ebx, 0xff80ffff
or ecx, eax
mov eax, dword [ebp - 0x1c]
shl eax, 0x10
jmp short loc_fffb4993  ; jmp 0xfffb4993

loc_fffb497f:  ; not directly referenced
shl eax, 0xc
and ch, 0xf
or ecx, eax
mov eax, dword [ebp - 0x1c]
and ebx, 0x80ffffff
shl eax, 0x18

loc_fffb4993:  ; not directly referenced
or ebx, eax

loc_fffb4995:  ; not directly referenced
mov edx, dword [ebp - 0x30]
mov eax, esi
call fcn_fffb3381  ; call 0xfffb3381
mov edx, dword [ebp - 0x28]
mov ecx, ebx
mov eax, esi
call fcn_fffb3381  ; call 0xfffb3381
cmp byte [ebp - 0x2b], 0
je short loc_fffb49c8  ; je 0xfffb49c8
mov ecx, dword [ebp - 0x24]
mov al, byte [ebp - 0x20]
mov byte [ecx + edi + 0x1015], al
mov al, byte [ebp - 0x29]
mov byte [ecx + edi + 0x1011], al

loc_fffb49c8:  ; not directly referenced
inc edi
cmp edi, 4
jne loc_fffb48e3  ; jne 0xfffb48e3
jmp short loc_fffb4a3a  ; jmp 0xfffb4a3a

loc_fffb49d4:  ; not directly referenced
mov edi, dword [ebx + 0xa0]
and eax, 7
shl eax, 0xc
and edi, 0xffff8fff

loc_fffb49e6:  ; not directly referenced
or edi, eax
mov eax, esi
shl edx, 0xa
mov ecx, edi
add edx, 0x4004
call fcn_fffb3381  ; call 0xfffb3381
cmp byte [ebp - 0x1c], 0
je short loc_fffb4a3a  ; je 0xfffb4a3a
mov dword [ebx + 0xa0], edi
jmp short loc_fffb4a3a  ; jmp 0xfffb4a3a

loc_fffb4a08:  ; not directly referenced
mov edi, dword [ebx + 0xa8]
and eax, 0x1f
shl eax, 0xe
and edi, 0xfff83fff

loc_fffb4a1a:  ; not directly referenced
or edi, eax
mov eax, esi
shl edx, 0xa
mov ecx, edi
add edx, 0x400c
call fcn_fffb3381  ; call 0xfffb3381
cmp byte [ebp - 0x1c], 0
je short loc_fffb4a3a  ; je 0xfffb4a3a
mov dword [ebx + 0xa8], edi

loc_fffb4a3a:  ; not directly referenced
add esp, 0x2c
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb4a42:
push ebp
mov ebp, esp
push esi
mov esi, dword [ebp + 8]
push ebx
mov ebx, dword [ebp + 0xc]
call fcn_fffb3fce  ; call 0xfffb3fce
mov ecx, esi
movzx esi, cl
lea edx, [eax + esi]
mov al, bl
out dx, al
pop ebx
pop esi
pop ebp
ret

fcn_fffb4a61:  ; not directly referenced
push ebp
mov ebp, esp
push ebx
mov ebx, dword [ebp + 8]
call fcn_fffb3fce  ; call 0xfffb3fce
movzx ebx, bl
lea edx, [eax + ebx]
in al, dx
pop ebx
pop ebp
ret

fcn_fffb4a77:  ; not directly referenced
push ebp
mov ebp, esp
push esi
mov esi, dword [ebp + 0xc]
push ebx
mov ebx, dword [ebp + 8]
sub esp, 0xc
push ebx
call fcn_fffb00dc  ; call 0xfffb00dc
add esp, 0x10
mov dword [ebp + 8], ebx
or eax, esi
mov dword [ebp + 0xc], eax
lea esp, [ebp - 8]
pop ebx
pop esi
pop ebp
jmp near fcn_fffb0086  ; jmp 0xfffb0086

fcn_fffb4aa1:  ; not directly referenced
push ebp
mov ebp, esp
push esi
mov esi, dword [ebp + 0xc]
push ebx
mov ebx, dword [ebp + 8]
sub esp, 0xc
push ebx
call fcn_fffb00dc  ; call 0xfffb00dc
add esp, 0x10
mov dword [ebp + 8], ebx
and eax, esi
mov dword [ebp + 0xc], eax
lea esp, [ebp - 8]
pop ebx
pop esi
pop ebp
jmp near fcn_fffb0086  ; jmp 0xfffb0086

fcn_fffb4acb:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
mov eax, dword [ebp + 8]
lea esi, [eax - 8]
mov edi, dword [esi + 0x10]
lea eax, [edi + 2]
push eax
call fcn_fffb3e49  ; call 0xfffb3e49
pop ebx
mov ebx, 1
mov edx, eax
and dl, 0x7d
cmp dx, 0x8c44
je loc_fffb4c16  ; je 0xfffb4c16
cmp ax, 0x8c4c
sete cl
cmp ax, 0x8c4a
sete dl
or cl, dl
jne loc_fffb4c16  ; jne 0xfffb4c16
cmp ax, 0x8c50
sete cl
cmp ax, 0x8c4e
sete dl
or cl, dl
jne loc_fffb4c16  ; jne 0xfffb4c16
cmp ax, 0x8c42
sete cl
cmp ax, 0x8c5c
sete dl
or cl, dl
jne loc_fffb4c16  ; jne 0xfffb4c16
cmp ax, 0x8c4f
sete cl
cmp ax, 0x8c49
sete dl
or cl, dl
jne loc_fffb4c16  ; jne 0xfffb4c16
cmp ax, 0x8c41
sete cl
cmp ax, 0x8c4b
sete dl
or cl, dl
jne loc_fffb4c16  ; jne 0xfffb4c16
cmp ax, 0x8c58
je loc_fffb4c16  ; je 0xfffb4c16
cmp ax, 0x8c54
sete cl
cmp ax, 0x8c52
sete dl
or cl, dl
jne loc_fffb4c16  ; jne 0xfffb4c16
cmp ax, 0x8c56
je loc_fffb4c16  ; je 0xfffb4c16
cmp ax, 0x8cc5
sete cl
cmp ax, 0x8cc3
sete dl
or cl, dl
jne short loc_fffb4c16  ; jne 0xfffb4c16
lea edx, [eax + 0x733f]
cmp dx, 1
jbe short loc_fffb4c11  ; jbe 0xfffb4c11
lea edx, [eax + 0x63bf]
mov bl, 2
cmp dx, 6
jbe short loc_fffb4c16  ; jbe 0xfffb4c16
lea edx, [eax + 0x633f]
cmp dx, 2
setbe cl
cmp ax, 0x9cc5
sete dl
or cl, dl
jne short loc_fffb4c16  ; jne 0xfffb4c16
lea edx, [eax + 0x633a]
cmp dx, 1
setbe cl
cmp ax, 0x9cc9
sete dl
or cl, dl
jne short loc_fffb4c16  ; jne 0xfffb4c16
cmp ax, 0x9cc8
sete cl
cmp ax, 0x9cc4
sete dl
or cl, dl
jne short loc_fffb4c16  ; jne 0xfffb4c16
add ax, 0x6336
cmp ax, 2
sbb ebx, ebx
add ebx, 3
jmp short loc_fffb4c16  ; jmp 0xfffb4c16

loc_fffb4c11:  ; not directly referenced
mov ebx, 1

loc_fffb4c16:  ; not directly referenced
mov eax, dword [esi + 0xc]
mov dword [ebp - 0x2c], eax
lea eax, [edi + 0x40]
push eax
call fcn_fffb3e49  ; call 0xfffb3e49
mov esi, eax
lea eax, [edi + 0x48]
push eax
call fcn_fffb3e49  ; call 0xfffb3e49
cmp dword [ebp + 0xc], 5
pop edx
pop ecx
ja loc_fffb4e80  ; ja 0xfffb4e80
mov edx, dword [ebp + 0xc]
jmp dword [edx*4 + ref_fffd3a08]  ; ujmp: jmp dword [edx*4 - 0x2c5f8]

loc_fffb4c46:  ; not directly referenced
mov edx, 0xcf9
xor eax, eax
out dx, al
mov bl, 4
jmp near loc_fffb4e02  ; jmp 0xfffb4e02

loc_fffb4c55:  ; not directly referenced
mov edx, 0xcf9
mov al, 2
out dx, al
mov bl, 6
jmp near loc_fffb4e02  ; jmp 0xfffb4e02

loc_fffb4c64:  ; not directly referenced
and esi, 0xfffffffc
mov al, byte [edi + 0x44]
or eax, 0xffffff80
mov byte [edi + 0x44], al
cmp ebx, 2
movzx esi, si
jne short loc_fffb4c8a  ; jne 0xfffb4c8a
push eax
push eax
push 0
lea eax, [esi + 0x9c]
push eax
call fcn_fffb0086  ; call 0xfffb0086
jmp short loc_fffb4ca7  ; jmp 0xfffb4ca7

loc_fffb4c8a:  ; not directly referenced
dec ebx
jne short loc_fffb4caa  ; jne 0xfffb4caa
push ecx
push ecx
push 0
lea eax, [esi + 0x28]
push eax
call fcn_fffb00b9  ; call 0xfffb00b9
lea eax, [esi + 0x2c]
pop ebx
pop edi
push 0
push eax
call fcn_fffb00b9  ; call 0xfffb00b9

loc_fffb4ca7:  ; not directly referenced
add esp, 0x10

loc_fffb4caa:  ; not directly referenced
push ecx
push ecx
push 0x100
lea eax, [esi + 0x34]
add esi, 4
push eax
call fcn_fffb00b9  ; call 0xfffb00b9
mov dword [esp], esi
call fcn_fffb00dc  ; call 0xfffb00dc
pop edi
mov ebx, eax
and bh, 0xc3
pop eax
mov eax, ebx
or ah, 0x1c
or bh, 0x3c
push eax
push esi
call fcn_fffb0086  ; call 0xfffb0086
pop eax
pop edx
push ebx
push esi
call fcn_fffb0086  ; call 0xfffb0086
add esp, 0x10
xor ecx, ecx
jmp near loc_fffb4e85  ; jmp 0xfffb4e85

loc_fffb4cee:  ; not directly referenced
mov esi, eax
push edx
and esi, 0xfffc
push edx
push 0
lea eax, [esi + 0x60]
push eax
mov dword [ebp - 0x30], eax
call fcn_fffb0086  ; call 0xfffb0086
pop ecx
pop eax
lea eax, [esi + 0x64]
push 0
push eax
call fcn_fffb0086  ; call 0xfffb0086
pop eax
pop edx
lea eax, [esi + 0x68]
push 0
push eax
call fcn_fffb0086  ; call 0xfffb0086
mov eax, dword [ebp + 0xc]
add esp, 0x10
sub eax, 4
cmp eax, 1
ja loc_fffb4e00  ; ja 0xfffb4e00
sub esp, 0xc
add edi, 0xac
push edi
call fcn_fffb3fc4  ; call 0xfffb3fc4
pop edx
pop ecx
or eax, 0x100000
push eax
push edi
call fcn_fffb3ffa  ; call 0xfffb3ffa
add esp, 0x10
cmp dword [ebp + 0xc], 5
jne loc_fffb4e00  ; jne 0xfffb4e00
mov eax, dword [ebp - 0x2c]
sub esp, 0xc
add eax, 0x332c
push eax
call fcn_fffb3fc4  ; call 0xfffb3fc4
add esp, 0x10
test al, 3
jne loc_fffb4e00  ; jne 0xfffb4e00
mov eax, dword [ebp - 0x2c]
sub esp, 0xc
add eax, 0x3330
push eax
call fcn_fffb3fc4  ; call 0xfffb3fc4
add esp, 0x10
test ah, 0xc0
jne short loc_fffb4e00  ; jne 0xfffb4e00
cmp ebx, 1
jne short loc_fffb4dbf  ; jne 0xfffb4dbf
push eax
push eax
push 0x40000000
push esi
call fcn_fffb4a77  ; call 0xfffb4a77
pop eax
pop edx
lea eax, [esi + 4]
add esi, 0xc
push 0xbfffffff
push eax
call fcn_fffb4aa1  ; call 0xfffb4aa1
pop ecx
pop ebx
push 0xbfffffff
jmp short loc_fffb4de5  ; jmp 0xfffb4de5

loc_fffb4dbf:  ; not directly referenced
cmp ebx, 2
jne short loc_fffb4dee  ; jne 0xfffb4dee
push edx
add esi, 0x1f0
push edx
push 1
push esi
call fcn_fffb4a77  ; call 0xfffb4a77
pop ecx
pop ebx
push 0xfffffffffffffffb
push esi
call fcn_fffb4aa1  ; call 0xfffb4aa1
pop edi
pop eax
push 0x7fffffff

loc_fffb4de5:  ; not directly referenced
push esi
call fcn_fffb4aa1  ; call 0xfffb4aa1
add esp, 0x10

loc_fffb4dee:  ; not directly referenced
push eax
push eax
push 0x40000000
push dword [ebp - 0x30]
call fcn_fffb4a77  ; call 0xfffb4a77
add esp, 0x10

loc_fffb4e00:  ; not directly referenced
mov bl, 0xe

loc_fffb4e02:  ; not directly referenced
mov eax, dword [ebp + 0xc]
sub eax, 4
cmp eax, 1
jbe short loc_fffb4e14  ; jbe 0xfffb4e14

loc_fffb4e0d:  ; not directly referenced
xor esi, esi
lea edi, [ebp - 0x1c]
jmp short loc_fffb4e32  ; jmp 0xfffb4e32

loc_fffb4e14:  ; not directly referenced
push 0
push 0
push 0
push ref_fffd68ac  ; push 0xfffd68ac
call fcn_fffb020b  ; call 0xfffb020b
add esp, 0x10
test eax, eax
jne short loc_fffb4e0d  ; jne 0xfffb4e0d
mov ecx, 0x80000003
jmp short loc_fffb4e85  ; jmp 0xfffb4e85

loc_fffb4e32:  ; not directly referenced
push edi
push 0
push esi
push ref_fffd6938  ; push 0xfffd6938
call fcn_fffb020b  ; call 0xfffb020b
add esp, 0x10
mov edx, eax
test eax, eax
jne short loc_fffb4e5d  ; jne 0xfffb4e5d
mov dword [ebp - 0x2c], eax
mov eax, dword [ebp - 0x1c]
sub esp, 0xc
push dword [ebp + 0xc]
call dword [eax]  ; ucall
mov edx, dword [ebp - 0x2c]
add esp, 0x10

loc_fffb4e5d:  ; not directly referenced
inc esi
cmp edx, 0x8000000e
jne short loc_fffb4e32  ; jne 0xfffb4e32
xor ecx, ecx
mov edx, 0xcf9
mov al, bl
out dx, al
mov dword [ebp - 0x1c], 0

loc_fffb4e77:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
test eax, eax
je short loc_fffb4e77  ; je 0xfffb4e77
jmp short loc_fffb4e85  ; jmp 0xfffb4e85

loc_fffb4e80:  ; not directly referenced
mov ecx, 0x80000002

loc_fffb4e85:  ; not directly referenced
lea esp, [ebp - 0xc]
mov eax, ecx
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb4e8f:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
mov edx, 0x40
push edi
push esi
push ebx
sub esp, 0xac
mov edi, dword [ebp + 8]
mov eax, dword [edi + 0x5edd]
mov esi, eax
mov dword [ebp - 0x90], eax
mov eax, dword [edi + 0x2444]
mov dword [ebp - 0x7c], eax
mov eax, dword [edi + 0x1887]
mov dword [ebp - 0x78], eax
mov eax, dword [edi + 0x188b]
mov dword [ebp - 0x6c], eax
mov eax, edi
call fcn_fffc3b02  ; call 0xfffc3b02
lea eax, [edi + 0x3757]
mov ecx, eax
mov dword [ebp - 0x80], eax
mov eax, esi
xor esi, esi
add eax, 0x1c
mov dword [ebp - 0x8c], eax
mov ebx, eax
mov dword [ebp - 0x70], ecx

loc_fffb4ef2:  ; not directly referenced
mov eax, dword [ebp - 0x70]
cmp dword [eax], 2
jne loc_fffb50b6  ; jne 0xfffb50b6
cmp dword [ebp - 0x6c], 1
je short loc_fffb4f41  ; je 0xfffb4f41

loc_fffb4f04:  ; not directly referenced
cmp byte [edi + 0x18b4], 1
jne loc_fffb4fdf  ; jne 0xfffb4fdf
mov eax, dword [ebp - 0x7c]
call dword [eax + 0x7c]  ; ucall
mov edx, dword [ebp - 0x6c]
movzx eax, ax
add eax, eax
mov ecx, eax
or eax, 1
or ecx, 0x3e0001
dec edx
cmovne ecx, eax
mov eax, edi
lea edx, [esi*4 + 0x2000]
call fcn_fffb3381  ; call 0xfffb3381
jmp near loc_fffb4fdf  ; jmp 0xfffb4fdf

loc_fffb4f41:  ; not directly referenced
mov dl, byte [ebx + 0xcb]
mov ecx, 0xff
mov al, byte [ebx + 3]
and edx, 1
shl edx, 6
and eax, 0xffffffbf
or eax, edx
mov edx, esi
mov byte [ebx + 3], al
mov eax, edi
call fcn_fffa7236  ; call 0xfffa7236
mov ecx, dword [ebx]
mov edx, eax
mov eax, edi
call fcn_fffb38b3  ; call 0xfffb38b3
cmp byte [ebx + 0xcb], 0
je short loc_fffb4f04  ; je 0xfffb4f04
mov byte [ebp - 0x74], 0

loc_fffb4f7e:  ; not directly referenced
mov al, byte [ebp - 0x74]
cmp al, byte [edi + 0x2489]
jae loc_fffb4f04  ; jae 0xfffb4f04
movzx ecx, byte [ebp - 0x74]
xor edx, edx
mov al, byte [ebx + ecx*4 + 6]
shr al, 1
and eax, 7
cmp al, 2
jbe short loc_fffb4fa6  ; jbe 0xfffb4fa6
lea edx, [eax - 1]
and edx, 7

loc_fffb4fa6:  ; not directly referenced
mov al, byte [ebx + ecx*4 + 6]
and edx, 7
add edx, edx
and eax, 0xfffffff1
or eax, edx
mov edx, esi
mov byte [ebx + ecx*4 + 6], al
mov eax, dword [ebx + ecx*4 + 4]
mov dword [ebp - 0x84], eax
mov eax, edi
call fcn_fffa71f9  ; call 0xfffa71f9
mov ecx, dword [ebp - 0x84]
mov edx, eax
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
inc byte [ebp - 0x74]
jmp short loc_fffb4f7e  ; jmp 0xfffb4f7e

loc_fffb4fdf:  ; not directly referenced
imul eax, dword [edi + 0x18a7], 0x2e
mov ecx, dword [ebp - 0x70]
cmp word [ecx + eax + 8], 1
jne short loc_fffb502c  ; jne 0xfffb502c
mov eax, esi
shl eax, 0xa
add eax, 0x4010
mov edx, eax
mov dword [ebp - 0x74], eax
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov dl, byte [edi + 0x190b]
mov ecx, edx
shr dl, 1
and ecx, 1
and eax, 0xfffffff0
and edx, 7
add edx, edx
or eax, ecx
or eax, edx
mov edx, dword [ebp - 0x74]
mov ecx, eax
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381

loc_fffb502c:  ; not directly referenced
cmp byte [edi + 0x190c], 0
jne short loc_fffb505a  ; jne 0xfffb505a
cmp dword [ebp - 0x6c], 0
jne short loc_fffb505a  ; jne 0xfffb505a
and byte [ebx + 0xa3], 0xdf
mov edx, esi
mov ecx, dword [ebx + 0xa0]
shl edx, 0xa
mov eax, edi
add edx, 0x4004
call fcn_fffb3381  ; call 0xfffb3381

loc_fffb505a:  ; not directly referenced
lea edx, [esi*8 + 0x48a8]
mov ecx, 0x3000
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp - 0x70]
mov edx, esi
shl edx, 0xa
add edx, 0x42a0
movzx ecx, byte [eax + 0xc4]
mov eax, edi
call fcn_fffb335b  ; call 0xfffb335b
cmp byte [edi + 0x3749], 1
jne short loc_fffb50b6  ; jne 0xfffb50b6
lea eax, [esi*4 + 0x5004]
mov edx, eax
mov dword [ebp - 0x74], eax
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov edx, dword [ebp - 0x74]
or eax, 0x3000000
mov ecx, eax
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381

loc_fffb50b6:  ; not directly referenced
inc esi
add ebx, 0xcc
add dword [ebp - 0x70], 0x13c3
cmp esi, 2
jne loc_fffb4ef2  ; jne 0xfffb4ef2
xor eax, eax
cmp dword [edi + 0x2481], 3
sete al
mov dword [ebp - 0x84], eax
test byte [edi + 0x2406], 1
je short loc_fffb50ec  ; je 0xfffb50ec
test eax, eax
je short loc_fffb50f5  ; je 0xfffb50f5

loc_fffb50ec:  ; not directly referenced
xor edx, edx
mov eax, edi
call fcn_fffaa9ee  ; call 0xfffaa9ee

loc_fffb50f5:  ; not directly referenced
mov eax, dword [ebp - 0x78]
cmp eax, 0x40660
sete dl
cmp eax, 0x306c0
sete al
or dl, al
jne short loc_fffb5127  ; jne 0xfffb5127

loc_fffb510c:  ; not directly referenced
mov eax, dword [edi + 0x5edd]
mov dword [ebp - 0x7c], 0
lea esi, [eax + 0x1c]
mov eax, dword [ebp - 0x80]
mov dword [ebp - 0x74], eax
jmp near loc_fffb521d  ; jmp 0xfffb521d

loc_fffb5127:  ; not directly referenced
mov eax, dword [edi + 0x5edd]
mov dword [ebp - 0x70], 0
lea ebx, [eax + 0x1c]

loc_fffb5137:  ; not directly referenced
imul eax, dword [ebp - 0x70], 0x13c3
cmp dword [edi + eax + 0x3757], 2
jne loc_fffb51eb  ; jne 0xfffb51eb
mov al, byte [edi + 0x2489]
mov byte [ebp - 0x7c], al
xor eax, eax

loc_fffb5157:  ; not directly referenced
cmp byte [ebp - 0x7c], al
jbe short loc_fffb51c0  ; jbe 0xfffb51c0
mov dl, byte [ebx + eax*4 + 5]
movzx ecx, byte [ebx + eax*4 + 6]
shr dl, 5
and ecx, 1
movzx edx, dl
shl ecx, 3
or ecx, edx
mov esi, ecx
mov dl, cl
or edx, 0xfffffff0
shr esi, 3
cmove edx, ecx
mov cl, byte [ebx + eax*4 + 6]
movsx edx, dl
shr cl, 1
mov esi, ecx
and esi, 7
mov dword [ebp - 0x74], esi
mov cl, byte [ebx + eax*4 + 6]
shr cl, 4
mov esi, ecx
or esi, 0xfffffff0
test cl, 8
cmovne ecx, esi
movzx esi, byte [ebx + eax*4 + 7]
add edx, dword [ebp - 0x74]
and esi, 7
cmp edx, 6
jg short loc_fffb51c4  ; jg 0xfffb51c4
movsx ecx, cl
inc eax
add ecx, esi
cmp ecx, 6
jle short loc_fffb5157  ; jle 0xfffb5157
jmp short loc_fffb51c4  ; jmp 0xfffb51c4

loc_fffb51c0:  ; not directly referenced
xor edx, edx
jmp short loc_fffb51c6  ; jmp 0xfffb51c6

loc_fffb51c4:  ; not directly referenced
mov dl, 1

loc_fffb51c6:  ; not directly referenced
mov al, byte [ebx + 1]
mov ecx, 0xff
and eax, 0xfffffffe
or eax, edx
mov edx, dword [ebp - 0x70]
mov byte [ebx + 1], al
mov eax, edi
call fcn_fffa7236  ; call 0xfffa7236
mov ecx, dword [ebx]
mov edx, eax
mov eax, edi
call fcn_fffb38b3  ; call 0xfffb38b3

loc_fffb51eb:  ; not directly referenced
inc dword [ebp - 0x70]
add ebx, 0xcc
cmp dword [ebp - 0x70], 2
je loc_fffb510c  ; je 0xfffb510c
jmp near loc_fffb5137  ; jmp 0xfffb5137

loc_fffb5203:  ; not directly referenced
inc dword [ebp - 0x7c]
add esi, 0xcc
add dword [ebp - 0x74], 0x13c3
cmp dword [ebp - 0x7c], 2
je loc_fffb52d3  ; je 0xfffb52d3

loc_fffb521d:  ; not directly referenced
mov eax, dword [ebp - 0x74]
cmp dword [eax], 2
jne short loc_fffb5203  ; jne 0xfffb5203
mov byte [ebp - 0x70], 0

loc_fffb5229:  ; not directly referenced
movzx eax, byte [ebp - 0x70]
cmp al, byte [edi + 0x2489]
jae short loc_fffb5203  ; jae 0xfffb5203
mov ecx, dword [ebp - 0x74]
mov bl, byte [ecx + 0xc4]
lea eax, [ecx + eax + 0x104a]
xor ecx, ecx
mov dword [ebp - 0x88], eax
xor eax, eax
mov byte [ebp - 0x98], bl

loc_fffb5255:  ; not directly referenced
mov edx, 1
shl edx, cl
test byte [ebp - 0x98], dl
je short loc_fffb5285  ; je 0xfffb5285
mov ebx, dword [ebp - 0x88]
mov dl, byte [ebx]
mov byte [ebp - 0x94], dl
mov dl, byte [ebx + 0x24]
mov bl, byte [ebp - 0x94]
cmp bl, dl
cmovae edx, ebx
cmp al, dl
cmovb eax, edx

loc_fffb5285:  ; not directly referenced
inc ecx
add dword [ebp - 0x88], 9
cmp ecx, 4
jne short loc_fffb5255  ; jne 0xfffb5255
movzx ebx, byte [ebp - 0x70]
shr al, 3
not eax
shr eax, 1
and eax, 3
mov dl, byte [esi + ebx*4 + 5]
mov ecx, ebx
and byte [esi + ebx*4 + 4], 0x7f
and edx, 0xfffffffc
or edx, eax
mov eax, edi
mov byte [esi + ebx*4 + 5], dl
mov edx, dword [ebp - 0x7c]
call fcn_fffa71f9  ; call 0xfffa71f9
mov ecx, dword [esi + ebx*4 + 4]
mov edx, eax
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
inc byte [ebp - 0x70]
jmp near loc_fffb5229  ; jmp 0xfffb5229

loc_fffb52d3:  ; not directly referenced
movzx ecx, word [edi + 0x248a]
mov eax, ecx
shr ax, 1
movzx eax, ax
add eax, 0xb2c
cdq
idiv ecx
mov ecx, 7
cmp eax, 7
ja short loc_fffb5303  ; ja 0xfffb5303
xor cl, cl
cmp eax, 2
jbe short loc_fffb5303  ; jbe 0xfffb5303
mov cl, 4
cmp eax, 3
cmovne ecx, eax

loc_fffb5303:  ; not directly referenced
cmp dword [ebp - 0x6c], 1
jne short loc_fffb531b  ; jne 0xfffb531b

loc_fffb5309:  ; not directly referenced
cmp dword [ebp - 0x78], 0x40650
jne loc_fffb53c7  ; jne 0xfffb53c7
jmp near loc_fffb53d4  ; jmp 0xfffb53d4

loc_fffb531b:  ; not directly referenced
and ecx, 7
xor esi, esi
mov ebx, dword [ebp - 0x8c]
cmp dword [ebp - 0x84], 0
lea eax, [ecx*8]
mov dword [ebp - 0x70], 0
cmove esi, ecx
mov byte [ebp - 0x7c], al

loc_fffb5341:  ; not directly referenced
imul eax, dword [ebp - 0x70], 0x13c3
cmp dword [edi + eax + 0x3757], 2
je short loc_fffb5363  ; je 0xfffb5363

loc_fffb5352:  ; not directly referenced
inc dword [ebp - 0x70]
add ebx, 0xcc
cmp dword [ebp - 0x70], 2
jne short loc_fffb5341  ; jne 0xfffb5341
jmp short loc_fffb5309  ; jmp 0xfffb5309

loc_fffb5363:  ; not directly referenced
mov byte [ebp - 0x6c], 0

loc_fffb5367:  ; not directly referenced
mov al, byte [ebp - 0x6c]
cmp al, byte [edi + 0x2489]
jae short loc_fffb5352  ; jae 0xfffb5352
cmp dword [ebp - 0x78], 0x40650
movzx edx, byte [ebp - 0x6c]
jne short loc_fffb5391  ; jne 0xfffb5391
mov al, byte [ebx + edx*4 + 7]
lea ecx, [esi*8]
and eax, 0xffffffc7
or eax, ecx
jmp short loc_fffb539b  ; jmp 0xfffb539b

loc_fffb5391:  ; not directly referenced
mov al, byte [ebx + edx*4 + 7]
and eax, 0xffffffc7
or eax, dword [ebp - 0x7c]

loc_fffb539b:  ; not directly referenced
mov byte [ebx + edx*4 + 7], al
movzx eax, byte [ebp - 0x6c]
mov edx, dword [ebp - 0x70]
mov ecx, eax
mov dword [ebp - 0x74], eax
mov eax, edi
call fcn_fffa71f9  ; call 0xfffa71f9
mov ecx, dword [ebp - 0x74]
mov ecx, dword [ebx + ecx*4 + 4]
mov edx, eax
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
inc byte [ebp - 0x6c]
jmp short loc_fffb5367  ; jmp 0xfffb5367

loc_fffb53c7:  ; not directly referenced
cmp dword [edi + 0x188b], 1
jne loc_fffb56d6  ; jne 0xfffb56d6

loc_fffb53d4:  ; not directly referenced
mov eax, dword [ebp - 0x80]
mov esi, dword [ebp - 0x8c]
mov dword [ebp - 0x74], 0
mov dword [ebp - 0x78], eax

loc_fffb53e7:  ; not directly referenced
mov eax, dword [ebp - 0x78]
cmp dword [eax], 2
je short loc_fffb540a  ; je 0xfffb540a

loc_fffb53ef:  ; not directly referenced
inc dword [ebp - 0x74]
add esi, 0xcc
add dword [ebp - 0x78], 0x13c3
cmp dword [ebp - 0x74], 2
jne short loc_fffb53e7  ; jne 0xfffb53e7
jmp near loc_fffb5573  ; jmp 0xfffb5573

loc_fffb540a:  ; not directly referenced
mov ebx, dword [ebp - 0x78]
xor ecx, ecx
mov al, byte [ebx + 0xc4]
mov dword [ebp - 0x70], ebx
xor ebx, ebx
mov byte [ebp - 0x80], al

loc_fffb541d:  ; not directly referenced
mov edx, 1
shl edx, cl
test byte [ebp - 0x80], dl
je short loc_fffb545f  ; je 0xfffb545f
mov al, byte [edi + 0x2489]
xor edx, edx
mov byte [ebp - 0x7c], al

loc_fffb5434:  ; not directly referenced
cmp byte [ebp - 0x7c], dl
jbe short loc_fffb545f  ; jbe 0xfffb545f
mov eax, dword [ebp - 0x70]
mov ax, word [eax + edx*2 + 0x1b1]
mov word [ebp - 0x6c], ax
movzx eax, bl
shr word [ebp - 0x6c], 6
cmp ax, word [ebp - 0x6c]
mov al, byte [ebp - 0x6c]
cmova eax, ebx
inc edx
mov bl, al
jmp short loc_fffb5434  ; jmp 0xfffb5434

loc_fffb545f:  ; not directly referenced
inc ecx
add dword [ebp - 0x70], 0x12
cmp ecx, 4
jne short loc_fffb541d  ; jne 0xfffb541d
cmp dword [ebp - 0x84], 0
mov al, 1
je short loc_fffb5481  ; je 0xfffb5481
movzx ecx, word [edi + 0x248a]
lea eax, [ecx + 0x3f]
cdq
idiv ecx

loc_fffb5481:  ; not directly referenced
mov byte [ebp - 0x70], 0
lea eax, [ebx + eax*2 + 0xf]
mov byte [ebp - 0x6c], al

loc_fffb548c:  ; not directly referenced
mov al, byte [ebp - 0x70]
cmp al, byte [edi + 0x2489]
jae loc_fffb53ef  ; jae 0xfffb53ef
movzx ecx, byte [ebp - 0x70]
mov bl, 0x1f
mov al, byte [esi + ecx*4 + 7]
shr al, 6
and eax, 1
cmp al, 1
sbb byte [ebp - 0x6c], 0xff
mov al, byte [ebp - 0x6c]
cmp al, 0x1f
cmova eax, ebx
mov byte [ebp - 0x6c], al
mov dl, byte [esi + ecx*4 + 5]
movzx eax, byte [esi + ecx*4 + 6]
shr dl, 5
and eax, 1
movzx edx, dl
shl eax, 3
or eax, edx
mov edx, eax
mov bl, al
or ebx, 0xfffffff0
shr edx, 3
mov dl, byte [esi + ecx*4 + 6]
cmove ebx, eax
shr dl, 1
and edx, 7
test byte [esi + 3], 0x40
je short loc_fffb5513  ; je 0xfffb5513
lea eax, [ecx + 8]
mov bl, byte [ebp - 0x6c]
mov dl, byte [esi + eax*4 + 9]
movzx eax, byte [esi + eax*4 + 0xa]
shr dl, 5
and eax, 3
movzx edx, dl
shl eax, 3
or eax, edx
cmp bl, al
cmovae eax, ebx
jmp short loc_fffb5525  ; jmp 0xfffb5525

loc_fffb5513:  ; not directly referenced
lea eax, [edx + ebx + 0xe]
mov bl, 0x1f
cmp al, 0x1f
mov dl, 0x11
cmovg eax, ebx
cmp al, 0x11
cmovl eax, edx

loc_fffb5525:  ; not directly referenced
and eax, 0x1f
mov dl, al
lea ebx, [ecx + 8]
shl edx, 5
mov byte [ebp - 0x7c], dl
mov dl, byte [esi + ebx*4 + 9]
shr al, 3
and eax, 3
and edx, 0x1f
or edx, dword [ebp - 0x7c]
mov byte [esi + ebx*4 + 9], dl
mov dl, byte [esi + ebx*4 + 0xa]
and edx, 0xfffffffc
or edx, eax
mov eax, edi
mov byte [esi + ebx*4 + 0xa], dl
mov edx, dword [ebp - 0x74]
call fcn_fffa71bc  ; call 0xfffa71bc
mov ecx, dword [esi + ebx*4 + 8]
mov edx, eax
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
inc byte [ebp - 0x70]
jmp near loc_fffb548c  ; jmp 0xfffb548c

loc_fffb5573:  ; not directly referenced
mov eax, dword [edi + 0x2444]
cmp byte [edi + 0x2402], 0
mov ebx, dword [edi + 0x5edd]
mov dword [ebp - 0x74], eax
je loc_fffb56d6  ; je 0xfffb56d6
mov edx, 0x4024
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x40d0
mov dword [ebp - 0x78], eax
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x4ca4
mov dword [ebp - 0x7c], eax
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov dl, byte [ebx + 0xc8]
movzx ecx, byte [ebx + 0xc9]
mov esi, edx
and esi, 0x1f
and ecx, 3
shr dl, 5
mov dword [ebp - 0x80], esi
lea esi, [ecx*8]
movzx edx, dl
mov dword [ebp - 0x70], esi
xor ecx, ecx
or dword [ebp - 0x70], edx
mov dl, byte [ebx + 0xcb]
shr dl, 2
mov esi, edx
mov dl, byte [ebx + 0xbf]
and esi, 3
mov dword [ebp - 0x84], esi
shr dl, 6
movzx esi, dl
mov dl, byte [ebx + 0xc3]
mov dword [ebp - 0x6c], esi
shr dl, 7
cmp dword [edi + 0x2481], 1
movzx esi, dl
jne short loc_fffb562e  ; jne 0xfffb562e
mov edx, dword [ebp - 0x70]
xor ecx, ecx
add edx, dword [ebp - 0x6c]
sub edx, esi
cmp edx, 5
sete cl

loc_fffb562e:  ; not directly referenced
mov bl, al
mov edx, 1
and ebx, 3
cmp bl, 2
jne short loc_fffb5645  ; jne 0xfffb5645
shr eax, 4
mov edx, eax
and edx, 7

loc_fffb5645:  ; not directly referenced
mov al, byte [edi + 0x381b]
add esi, esi
add ecx, ecx
mov byte [ebp - 0x70], al
lea eax, [esi + 4]
mov esi, dword [ebp - 0x84]
add esi, dword [ebp - 0x80]
add esi, dword [ebp - 0x6c]
add esi, esi
sub eax, esi
sub eax, ecx
lea eax, [eax + edx*8 - 8]
xor edx, edx
mov dword [ebp - 0x6c], eax
xor eax, eax

loc_fffb5672:  ; not directly referenced
mov cl, al
mov esi, 1
shl esi, cl
mov ecx, esi
test byte [ebp - 0x70], cl
je short loc_fffb56b8  ; je 0xfffb56b8
mov ebx, dword [ebp - 0x78]
lea esi, [eax*8]
mov ecx, esi
mov dword [ebp - 0x80], esi
shr ebx, cl
mov esi, ebx
mov ebx, dword [ebp - 0x7c]
lea ecx, [eax + eax]
and esi, 0x3f
add esi, dword [ebp - 0x6c]
shr ebx, cl
mov ecx, ebx
and ecx, 3
add ecx, ecx
sub esi, ecx
mov ecx, esi
movzx esi, cl
mov cl, byte [ebp - 0x80]
shl esi, cl
or edx, esi

loc_fffb56b8:  ; not directly referenced
inc eax
cmp eax, 4
jne short loc_fffb5672  ; jne 0xfffb5672
push ebx
push ebx
push edx
mov eax, dword [edi + 0x18cd]
add eax, 0xc04
push eax
mov eax, dword [ebp - 0x74]
call dword [eax + 0x30]  ; ucall
add esp, 0x10

loc_fffb56d6:  ; not directly referenced
mov ecx, 0x14
mov edx, 0x5f08
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
mov esi, dword [ebp - 0x90]
mov dl, byte [edi + 0x369e]
mov al, byte [esi + 0x16]
shl edx, 7
and eax, 0x7f
or eax, edx
mov byte [esi + 0x16], al
mov dl, byte [edi + 0x369f]
and eax, 0xffffffbf
and edx, 1
shl edx, 6
or eax, edx
mov byte [esi + 0x16], al
mov dl, byte [edi + 0x36a0]
and eax, 0xffffffdf
and edx, 1
shl edx, 5
or eax, edx
mov edx, 0xf78
mov byte [esi + 0x16], al
mov ecx, dword [esi + 0x14]
mov eax, 0xf84
cmp dword [edi + 0x188b], 1
cmove edx, eax
mov eax, edi
call fcn_fffb38b3  ; call 0xfffb38b3
mov ebx, dword [edi + 0x5edd]
cmp dword [edi + 0x3757], 2
jne short loc_fffb57aa  ; jne 0xfffb57aa
cmp dword [edi + 0x36d8], 0x74a
ja short loc_fffb5796  ; ja 0xfffb5796

loc_fffb5762:  ; not directly referenced
cmp dword [edi + 0x36d8], 0x854
ja short loc_fffb5782  ; ja 0xfffb5782

loc_fffb576e:  ; not directly referenced
mov ecx, dword [ebx + 0xc8]
mov edx, 0x4014
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
jmp short loc_fffb57aa  ; jmp 0xfffb57aa

loc_fffb5782:  ; not directly referenced
mov al, byte [ebx + 0xc9]
and eax, 0xffffffcf
or eax, 0x20
mov byte [ebx + 0xc9], al
jmp short loc_fffb576e  ; jmp 0xfffb576e

loc_fffb5796:  ; not directly referenced
mov al, byte [ebx + 0xc9]
and eax, 0xfffffff3
or eax, 8
mov byte [ebx + 0xc9], al
jmp short loc_fffb5762  ; jmp 0xfffb5762

loc_fffb57aa:  ; not directly referenced
cmp dword [edi + 0x4b1a], 2
jne short loc_fffb5801  ; jne 0xfffb5801
cmp dword [edi + 0x36d8], 0x74a
jbe short loc_fffb57d1  ; jbe 0xfffb57d1
mov al, byte [ebx + 0x195]
and eax, 0xfffffff3
or eax, 8
mov byte [ebx + 0x195], al

loc_fffb57d1:  ; not directly referenced
cmp dword [edi + 0x36d8], 0x854
jbe short loc_fffb57ef  ; jbe 0xfffb57ef
mov al, byte [ebx + 0x195]
and eax, 0xffffffcf
or eax, 0x20
mov byte [ebx + 0x195], al

loc_fffb57ef:  ; not directly referenced
mov ecx, dword [ebx + 0x194]
mov edx, 0x4414
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381

loc_fffb5801:  ; not directly referenced
mov eax, edi
call fcn_fffb34af  ; call 0xfffb34af
mov edx, 0x501c
mov eax, edi
cmp byte [edi + 0x190a], 1
sbb ecx, ecx
and ecx, 0x40000000
call fcn_fffb38b3  ; call 0xfffb38b3
mov eax, edi
call fcn_fffa86bc  ; call 0xfffa86bc
lea ecx, [edi + 0x18b5]
mov edx, 0x41
mov eax, edi
call fcn_fffc3b02  ; call 0xfffc3b02
cmp byte [edi + 0x192b], 0
jne loc_fffb5ece  ; jne 0xfffb5ece
mov ebx, dword [edi + 0x2444]
lea eax, [ebp - 0x40]
push ecx
push 0
push 8
push eax
mov dword [ebp - 0x50], ref_fffd3aec  ; mov dword [ebp - 0x50], 0xfffd3aec
mov dword [ebp - 0x4c], ref_fffd3a9c  ; mov dword [ebp - 0x4c], 0xfffd3a9c
mov dword [ebp - 0x48], ref_fffd3a3c  ; mov dword [ebp - 0x48], 0xfffd3a3c
mov dword [ebp - 0x44], ref_fffd3a30  ; mov dword [ebp - 0x44], 0xfffd3a30
mov dword [ebp - 0xb8], 0
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 8
lea eax, [ebp - 0x38]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 8
lea eax, [ebp - 0x30]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 8
lea eax, [ebp - 0x28]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 8
lea eax, [ebp - 0x20]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0xff
push 4
lea eax, [ebp - 0x58]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 4
lea eax, [ebp - 0x54]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0x10
cmp dword [edi + 0x2481], 3
jne short loc_fffb58f2  ; jne 0xfffb58f2
mov word [ebp - 0x5c], 8
mov word [ebp - 0x5a], 1
jmp short loc_fffb58fe  ; jmp 0xfffb58fe

loc_fffb58f2:  ; not directly referenced
mov word [ebp - 0x5c], 0x228
mov word [ebp - 0x5a], 7

loc_fffb58fe:  ; not directly referenced
mov eax, dword [edi + 0x18a7]
mov dword [ebp - 0xb0], eax
dec eax
je loc_fffb5ece  ; je 0xfffb5ece
lea eax, [edi + 0x48ca]
mov dword [ebp - 0x7c], eax
lea eax, [ebp - 0x58]
mov dword [ebp - 0x90], eax
lea eax, [ebp - 0x20]
mov dword [ebp - 0xa4], eax
lea eax, [ebp - 0x28]
mov dword [ebp - 0x8c], eax
lea eax, [ebp - 0x30]
mov dword [ebp - 0x94], eax
lea eax, [ebp - 0x38]
mov dword [ebp - 0x98], eax
lea eax, [ebp - 0x40]
mov dword [ebp - 0x88], eax
lea eax, [ebp - 0x54]
mov dword [ebp - 0x80], eax
mov byte [ebp - 0x74], 0xff

loc_fffb595a:  ; not directly referenced
mov eax, dword [ebp - 0x7c]
cmp dword [eax - 0x1173], 2
jne loc_fffb5c82  ; jne 0xfffb5c82
mov dword [ebp - 0x6c], eax
mov dword [ebp - 0x78], 0

loc_fffb5974:  ; not directly referenced
mov eax, dword [ebp - 0x6c]
cmp dword [eax], 2
jne loc_fffb5c6e  ; jne 0xfffb5c6e
mov eax, dword [ebp - 0xb0]
mov eax, dword [edi + eax*4 + 0x3736]
cmp eax, 0x546
je short loc_fffb59b5  ; je 0xfffb59b5
cmp eax, 0x5dc
je short loc_fffb59bc  ; je 0xfffb59bc
cmp eax, 0x4b0
setne cl
movzx eax, cl
movzx ebx, cl
lea eax, [eax + eax*2 + 1]
mov dword [ebp - 0x84], ebx
jmp short loc_fffb59cb  ; jmp 0xfffb59cb

loc_fffb59b5:  ; not directly referenced
mov eax, 2
jmp short loc_fffb59c1  ; jmp 0xfffb59c1

loc_fffb59bc:  ; not directly referenced
mov eax, 3

loc_fffb59c1:  ; not directly referenced
mov dword [ebp - 0x84], 0

loc_fffb59cb:  ; not directly referenced
mov esi, dword [ebp - 0x6c]
and eax, 0xfffffe0f
movzx ebx, byte [esi + 0xcc]
movzx ecx, byte [esi + 0xd9]
and ebx, 1
shl ebx, 4
and ecx, 0xf
or eax, ebx
movzx ebx, byte [esi + 0xf2]
shl ecx, 5
or eax, ecx
movzx ecx, byte [esi + 0xed]
and ah, 0x81
and ebx, 7
shl ebx, 9
or eax, ebx
mov ebx, dword [ebp - 0x7c]
and ecx, 7
shl ecx, 0xc
or eax, ecx
and eax, 0xfffe7fff
movzx ecx, byte [ebx - 0x10b3]
and ecx, 3
shl ecx, 0xf
or eax, ecx
mov ecx, dword [edi + 0x36d8]
cmp ecx, 0x640
je short loc_fffb5a7d  ; je 0xfffb5a7d
ja short loc_fffb5a55  ; ja 0xfffb5a55
cmp ecx, 0x42b
je short loc_fffb5a71  ; je 0xfffb5a71
cmp ecx, 0x535
jne short loc_fffb5a95  ; jne 0xfffb5a95
and eax, 0xffe1ffff
or eax, 0xa0000
jmp short loc_fffb5a9f  ; jmp 0xfffb5a9f

loc_fffb5a55:  ; not directly referenced
cmp ecx, 0x74b
je short loc_fffb5a89  ; je 0xfffb5a89
cmp ecx, 0x855
jne short loc_fffb5a95  ; jne 0xfffb5a95
and eax, 0xffe1ffff
or eax, 0x160000
jmp short loc_fffb5a9f  ; jmp 0xfffb5a9f

loc_fffb5a71:  ; not directly referenced
and eax, 0xffe1ffff
or eax, 0x60000
jmp short loc_fffb5a9f  ; jmp 0xfffb5a9f

loc_fffb5a7d:  ; not directly referenced
and eax, 0xffe1ffff
or eax, 0xe0000
jmp short loc_fffb5a9f  ; jmp 0xfffb5a9f

loc_fffb5a89:  ; not directly referenced
and eax, 0xffe1ffff
or eax, 0x120000
jmp short loc_fffb5a9f  ; jmp 0xfffb5a9f

loc_fffb5a95:  ; not directly referenced
mov dword [ebp - 0x84], 1

loc_fffb5a9f:  ; not directly referenced
mov esi, dword [ebp - 0x6c]
and eax, 0xff1fffff
mov ebx, dword [edi + 0x2481]
mov dword [ebp - 0x70], 0
movzx ecx, byte [esi + 0xf3]
mov dword [ebp - 0xb4], ebx
and ecx, 7
shl ecx, 0x15
or eax, ecx
mov ecx, eax
and ecx, 0xfffe7e0f
cmp ebx, 3
cmove eax, ecx
xor ebx, ebx

loc_fffb5ad9:  ; not directly referenced
mov edx, dword [ebp - 0x70]
mov byte [ebp - 0xa9], dl
test dl, dl
jne short loc_fffb5af5  ; jne 0xfffb5af5
cmp dword [ebp - 0x84], 0
jne loc_fffb5c61  ; jne 0xfffb5c61
jmp short loc_fffb5b02  ; jmp 0xfffb5b02

loc_fffb5af5:  ; not directly referenced
test ebx, ebx
jne loc_fffb5c5c  ; jne 0xfffb5c5c
and eax, 0xff0001ff

loc_fffb5b02:  ; not directly referenced
mov ecx, dword [ebp - 0x70]
xor esi, esi
movzx ecx, word [ebp + ecx*2 - 0x5c]
mov word [ebp - 0xac], cx
dec ecx
mov dword [ebp - 0xa8], ecx

loc_fffb5b1a:  ; not directly referenced
cmp word [ebp - 0xac], si
jbe loc_fffb5c61  ; jbe 0xfffb5c61
cmp dword [ebp - 0xb4], 3
jne loc_fffb5bd2  ; jne 0xfffb5bd2
mov edx, dword [ebp - 0x70]
imul ecx, esi, 0xc
add ecx, dword [ebp + edx*4 - 0x48]
cmp eax, dword [ecx]
jne short loc_fffb5bb2  ; jne 0xfffb5bb2

loc_fffb5b42:  ; not directly referenced
mov bl, byte [ecx + 5]
mov esi, dword [ebp - 0x78]
mov edx, dword [ebp - 0x88]
cmp byte [edi + 0x3756], 1
mov byte [edx + esi], bl
mov edx, dword [ebp - 0x98]
mov bl, byte [ecx + 6]
mov byte [edx + esi], bl
mov edx, dword [ebp - 0x94]
mov bl, byte [ecx + 7]
mov byte [edx + esi], bl
mov edx, dword [ebp - 0x8c]
mov bl, byte [ecx + 8]
mov byte [edx + esi], bl
mov edx, dword [ebp - 0xa4]
mov bl, byte [ecx + 9]
mov byte [edx + esi], bl
mov ebx, dword [ebp - 0x90]
mov dl, byte [ecx + 4]
mov byte [ebx + esi], dl
mov bl, byte [ecx + 0xa]
mov cl, byte [ecx + 0xb]
cmove ecx, ebx
mov ebx, dword [ebp - 0x80]
mov byte [ebx + esi], cl
mov bl, byte [ebp - 0x74]
cmp bl, dl
cmovbe edx, ebx
mov bl, dl
jmp near loc_fffb5c3e  ; jmp 0xfffb5c3e

loc_fffb5bb2:  ; not directly referenced
cmp byte [ebp - 0xa9], 1
jne loc_fffb5c56  ; jne 0xfffb5c56
mov edx, dword [ebp - 0xa8]
cmp esi, edx
jne loc_fffb5c56  ; jne 0xfffb5c56
jmp near loc_fffb5b42  ; jmp 0xfffb5b42

loc_fffb5bd2:  ; not directly referenced
mov edx, dword [ebp - 0x70]
imul ecx, esi, 0xb
add ecx, dword [ebp + edx*4 - 0x50]
cmp eax, dword [ecx]
jne short loc_fffb5c43  ; jne 0xfffb5c43

loc_fffb5be0:  ; not directly referenced
mov bl, byte [ecx + 5]
mov esi, dword [ebp - 0x78]
mov edx, dword [ebp - 0x88]
mov byte [edx + esi], bl
mov edx, dword [ebp - 0x98]
mov bl, byte [ecx + 6]
mov byte [edx + esi], bl
mov edx, dword [ebp - 0x94]
mov bl, byte [ecx + 7]
mov byte [edx + esi], bl
mov edx, dword [ebp - 0x8c]
mov bl, byte [ecx + 8]
mov byte [edx + esi], bl
mov edx, dword [ebp - 0xa4]
mov bl, byte [ecx + 9]
mov byte [edx + esi], bl
mov edx, dword [ebp - 0x90]
mov bl, byte [ecx + 4]
mov byte [edx + esi], bl
mov edx, dword [ebp - 0x80]
mov cl, byte [ecx + 0xa]
mov byte [edx + esi], cl
mov cl, byte [ebp - 0x74]
cmp cl, bl
cmova ecx, ebx
mov bl, cl

loc_fffb5c3e:  ; not directly referenced
mov byte [ebp - 0x74], bl
jmp short loc_fffb5c5c  ; jmp 0xfffb5c5c

loc_fffb5c43:  ; not directly referenced
cmp byte [ebp - 0xa9], 1
jne short loc_fffb5c56  ; jne 0xfffb5c56
mov edx, dword [ebp - 0xa8]
cmp esi, edx
je short loc_fffb5be0  ; je 0xfffb5be0

loc_fffb5c56:  ; not directly referenced
inc esi
jmp near loc_fffb5b1a  ; jmp 0xfffb5b1a

loc_fffb5c5c:  ; not directly referenced
mov ebx, 1

loc_fffb5c61:  ; not directly referenced
inc dword [ebp - 0x70]
cmp dword [ebp - 0x70], 2
jne loc_fffb5ad9  ; jne 0xfffb5ad9

loc_fffb5c6e:  ; not directly referenced
inc dword [ebp - 0x78]
add dword [ebp - 0x6c], 0x128
cmp dword [ebp - 0x78], 2
jne loc_fffb5974  ; jne 0xfffb5974

loc_fffb5c82:  ; not directly referenced
add dword [ebp - 0x80], 2
add dword [ebp - 0x7c], 0x13c3
add dword [ebp - 0x88], 4
add dword [ebp - 0x98], 4
add dword [ebp - 0x94], 4
add dword [ebp - 0x8c], 4
add dword [ebp - 0xa4], 4
add dword [ebp - 0x90], 2
lea eax, [ebp - 0x50]
cmp dword [ebp - 0x80], eax
jne loc_fffb595a  ; jne 0xfffb595a
lea eax, [ebp - 0x58]
mov esi, 0x42f8
mov dword [ebp - 0x8c], eax
lea eax, [ebp - 0x20]
mov dword [ebp - 0x7c], eax
lea eax, [ebp - 0x28]
mov dword [ebp - 0x84], eax
lea eax, [ebp - 0x30]
mov dword [ebp - 0x80], eax
lea eax, [ebp - 0x38]
mov dword [ebp - 0x88], eax
lea eax, [ebp - 0x40]
mov dword [ebp - 0x70], edi
lea ebx, [ebp - 0x54]
mov dword [ebp - 0x78], eax

loc_fffb5cfb:  ; not directly referenced
mov eax, dword [ebp - 0x70]
cmp dword [eax + 0x3757], 2
jne loc_fffb5e63  ; jne 0xfffb5e63
xor eax, eax

loc_fffb5d0d:  ; not directly referenced
imul edx, eax, 0x128
mov ecx, dword [ebp - 0x70]
cmp dword [ecx + edx + 0x48ca], 2
jne loc_fffb5dcb  ; jne 0xfffb5dcb
mov ecx, dword [ebp - 0x8c]
mov cl, byte [ecx + eax]
sub cl, byte [ebp - 0x74]
mov byte [ebp - 0x6c], cl
je loc_fffb5dcb  ; je 0xfffb5dcb
mov ecx, dword [ebp - 0x78]
movzx edx, byte [ecx + eax]
mov dword [ebp - 0x90], ecx
mov cl, byte [ebp - 0x6c]
inc edx
sar edx, cl
mov ecx, dword [ebp - 0x90]
mov byte [ecx + eax], dl
mov ecx, dword [ebp - 0x88]
movzx edx, byte [ecx + eax]
mov dword [ebp - 0x90], ecx
mov cl, byte [ebp - 0x6c]
inc edx
sar edx, cl
mov ecx, dword [ebp - 0x90]
mov byte [ecx + eax], dl
mov ecx, dword [ebp - 0x80]
movzx edx, byte [ecx + eax]
mov dword [ebp - 0x90], ecx
mov cl, byte [ebp - 0x6c]
inc edx
sar edx, cl
mov ecx, dword [ebp - 0x90]
mov byte [ecx + eax], dl
mov ecx, dword [ebp - 0x84]
movzx edx, byte [ecx + eax]
mov dword [ebp - 0x90], ecx
mov cl, byte [ebp - 0x6c]
inc edx
sar edx, cl
mov ecx, dword [ebp - 0x90]
mov byte [ecx + eax], dl
mov ecx, dword [ebp - 0x7c]
movzx edx, byte [ecx + eax]
mov dword [ebp - 0x90], ecx
mov cl, byte [ebp - 0x6c]
inc edx
sar edx, cl
mov ecx, dword [ebp - 0x90]
mov byte [ecx + eax], dl

loc_fffb5dcb:  ; not directly referenced
inc eax
cmp eax, 2
jne loc_fffb5d0d  ; jne 0xfffb5d0d
mov eax, dword [ebp - 0x70]
cmp dword [eax + 0x3817], 1
ja short loc_fffb5ded  ; ja 0xfffb5ded
mov al, byte [ebx]
mov dl, byte [ebx + 1]
cmp dl, al
cmovae eax, edx
jmp short loc_fffb5e0c  ; jmp 0xfffb5e0c

loc_fffb5ded:  ; not directly referenced
movzx edx, byte [ebx]
movzx eax, byte [ebx + 1]
cmp dl, al
je short loc_fffb5e13  ; je 0xfffb5e13
lea eax, [edx + eax + 1]
sar eax, 1
cmp al, 0xf7
ja short loc_fffb5e10  ; ja 0xfffb5e10
test al, 7
je short loc_fffb5e0c  ; je 0xfffb5e0c
and eax, 0xfffffff8
add eax, 8

loc_fffb5e0c:  ; not directly referenced
mov byte [ebx], al
jmp short loc_fffb5e13  ; jmp 0xfffb5e13

loc_fffb5e10:  ; not directly referenced
mov byte [ebx], 0xf8

loc_fffb5e13:  ; not directly referenced
mov eax, dword [ebp - 0x78]
mov edx, esi
mov ecx, dword [eax]
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp - 0x88]
lea edx, [esi + 4]
mov ecx, dword [eax]
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp - 0x80]
lea edx, [esi - 4]
mov ecx, dword [eax]
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp - 0x84]
lea edx, [esi - 8]
mov ecx, dword [eax]
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp - 0x7c]
lea edx, [esi - 0xc]
mov ecx, dword [eax]
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381

loc_fffb5e63:  ; not directly referenced
add esi, 0x400
add ebx, 2
add dword [ebp - 0x70], 0x13c3
add dword [ebp - 0x78], 4
add dword [ebp - 0x88], 4
add dword [ebp - 0x80], 4
add dword [ebp - 0x84], 4
add dword [ebp - 0x7c], 4
add dword [ebp - 0x8c], 2
cmp esi, 0x4af8
jne loc_fffb5cfb  ; jne 0xfffb5cfb
mov eax, dword [ebp - 0xb8]
mov edx, 0x5888
mov al, byte [ebp - 0x54]
mov ebx, eax
mov al, byte [ebp - 0x52]
mov bh, al
mov eax, edi
mov ecx, ebx
call fcn_fffb3381  ; call 0xfffb3381
movzx ecx, byte [ebp - 0x74]
mov edx, 0x5884
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381

loc_fffb5ece:  ; not directly referenced
cmp dword [edi + 0x188b], 1
jne loc_fffb619e  ; jne 0xfffb619e
movzx eax, byte [edi + 0x2420]
mov byte [ebp - 0x6c], al
test al, al
je loc_fffb6155  ; je 0xfffb6155
mov esi, dword [edi + 0x2444]
cmp al, 4
ja loc_fffb608f  ; ja 0xfffb608f
shl eax, 3
push edx
push eax
lea eax, [edi + 0x2421]
push eax
lea eax, [edi + 0x36aa]
push eax
call dword [esi + 0x58]  ; ucall
mov cl, byte [ebp - 0x6c]
mov eax, 1
add esp, 0x10
shl eax, cl
dec eax
mov byte [ebp - 0x70], al
xor eax, eax

loc_fffb5f24:  ; not directly referenced
and dword [edi + eax*8 + 0x36aa], 0xffffffc0
and dword [edi + eax*8 + 0x36ae], 0x7f
inc eax
cmp byte [ebp - 0x6c], al
ja short loc_fffb5f24  ; ja 0xfffb5f24
mov al, byte [ebp - 0x6c]
xor ecx, ecx
mov byte [ebp - 0x74], 0
dec eax
mov byte [ebp - 0x78], al

loc_fffb5f47:  ; not directly referenced
cmp cl, byte [ebp - 0x78]
jae short loc_fffb5fa8  ; jae 0xfffb5fa8
lea eax, [ecx + 1]
mov byte [ebp - 0x7c], al

loc_fffb5f52:  ; not directly referenced
cmp al, byte [ebp - 0x6c]
jae short loc_fffb5fa2  ; jae 0xfffb5fa2
lea esi, [ecx + 0x24a]
movzx ebx, al
mov edx, dword [edi + esi*8 + 0x245a]
add ebx, 0x24a
mov dword [ebp - 0x80], edx
mov edx, dword [edi + ebx*8 + 0x245e]
cmp dword [edi + esi*8 + 0x245e], edx
jne short loc_fffb5f9f  ; jne 0xfffb5f9f
mov esi, dword [ebp - 0x80]
cmp esi, dword [edi + ebx*8 + 0x245a]
jne short loc_fffb5f9f  ; jne 0xfffb5f9f
mov eax, 1
shl eax, cl
mov ecx, eax
not ecx
inc byte [ebp - 0x74]
and byte [ebp - 0x70], cl
jmp short loc_fffb5fa2  ; jmp 0xfffb5fa2

loc_fffb5f9f:  ; not directly referenced
inc eax
jmp short loc_fffb5f52  ; jmp 0xfffb5f52

loc_fffb5fa2:  ; not directly referenced
movzx ecx, byte [ebp - 0x7c]
jmp short loc_fffb5f47  ; jmp 0xfffb5f47

loc_fffb5fa8:  ; not directly referenced
xor ebx, ebx

loc_fffb5faa:  ; not directly referenced
movzx eax, byte [ebp - 0x70]
bt eax, ebx
jae short loc_fffb600c  ; jae 0xfffb600c
push esi
mov eax, dword [edi + 0x2444]
push 0x14
push dword [edi + ebx*8 + 0x36ae]
push dword [edi + ebx*8 + 0x36aa]
call dword [eax + 0x6c]  ; ucall
mov ecx, dword [edi + 0x370e]
add esp, 0x10
mov dword [ebp - 0x7c], ecx
mov esi, edx
mov edx, dword [edi + 0x36f1]
cmp esi, 0
ja short loc_fffb5fea  ; ja 0xfffb5fea
cmp eax, edx
jb short loc_fffb600c  ; jb 0xfffb600c

loc_fffb5fea:  ; not directly referenced
cmp esi, 0
ja short loc_fffb5ffa  ; ja 0xfffb5ffa
cmp eax, 0xfff
jbe loc_fffb615e  ; jbe 0xfffb615e

loc_fffb5ffa:  ; not directly referenced
cmp esi, 0
ja loc_fffb615e  ; ja 0xfffb615e
cmp eax, dword [ebp - 0x7c]
jae loc_fffb615e  ; jae 0xfffb615e

loc_fffb600c:  ; not directly referenced
inc ebx
cmp byte [ebp - 0x6c], bl
ja short loc_fffb5faa  ; ja 0xfffb5faa
mov esi, dword [ebp - 0x74]
mov al, byte [ebp - 0x6c]
mov ebx, esi
sub eax, ebx
mov byte [edi + 0x36a9], al
test bl, bl
je loc_fffb619e  ; je 0xfffb619e
test al, al
je loc_fffb619e  ; je 0xfffb619e
xor eax, eax

loc_fffb6034:  ; not directly referenced
mov dl, al
cmp al, byte [ebp - 0x78]
jae loc_fffb619e  ; jae 0xfffb619e
movzx esi, byte [ebp - 0x70]
bt esi, eax
jb short loc_fffb608c  ; jb 0xfffb608c

loc_fffb6048:  ; not directly referenced
inc edx
cmp dl, byte [ebp - 0x6c]
jae short loc_fffb608c  ; jae 0xfffb608c
bt esi, edx
movzx ecx, dl
jae short loc_fffb6048  ; jae 0xfffb6048
mov esi, dword [edi + ecx*8 + 0x36ae]
mov edx, 1
mov ebx, dword [edi + ecx*8 + 0x36aa]
shl edx, cl
mov cl, al
not edx
mov dword [edi + eax*8 + 0x36ae], esi
mov esi, 1
shl esi, cl
mov ecx, esi
or byte [ebp - 0x70], cl
and byte [ebp - 0x70], dl
mov dword [edi + eax*8 + 0x36aa], ebx

loc_fffb608c:  ; not directly referenced
inc eax
jmp short loc_fffb6034  ; jmp 0xfffb6034

loc_fffb608f:  ; not directly referenced
mov al, byte [ebp - 0x6c]
mov bl, 4
sub eax, 4
cmp al, 4
cmovbe ebx, eax
mov eax, dword [edi + 0x370e]
xor edx, edx
mov byte [edi + 0x36a9], bl
push ecx
push 0x14
push edx
push eax
mov byte [ebp - 0x70], bl
call dword [esi + 0x68]  ; ucall
add eax, 0xffffffff
adc edx, 0xffffffff
add esp, 0xc
push 0x20
mov ebx, eax
push edx
and ebx, 0xffffffc0
push eax
mov dword [ebp - 0x74], ebx
call dword [esi + 0x6c]  ; ucall
add esp, 0x10
mov dword [ebp - 0x6c], 0
mov dword [ebp - 0x78], eax

loc_fffb60da:  ; not directly referenced
mov ebx, dword [esi + 0x68]
call dword [esi + 0x7c]  ; ucall
and eax, dword [ebp - 0x78]
push edx
xor edx, edx
push 0x20
push edx
push eax
call ebx
mov ebx, eax
mov dword [ebp - 0x7c], edx
call dword [esi + 0x7c]  ; ucall
mov edx, dword [ebp - 0x7c]
add esp, 0xc
and eax, dword [ebp - 0x74]
mov dword [ebp - 0x9c], edx
or eax, ebx
mov dword [ebp - 0xa0], eax
mov eax, dword [edi + 0x2444]
push 0x14
push dword [ebp - 0x9c]
push dword [ebp - 0xa0]
call dword [eax + 0x6c]  ; ucall
mov ebx, dword [edi + 0x370e]
mov ecx, dword [edi + 0x36f1]
add esp, 0x10
mov dword [ebp - 0x7c], ebx
cmp edx, 0
ja short loc_fffb613d  ; ja 0xfffb613d
cmp eax, ecx
jb short loc_fffb6172  ; jb 0xfffb6172

loc_fffb613d:  ; not directly referenced
cmp edx, 0
ja short loc_fffb6149  ; ja 0xfffb6149
cmp eax, 0xfff
jbe short loc_fffb60da  ; jbe 0xfffb60da

loc_fffb6149:  ; not directly referenced
cmp edx, 0
ja short loc_fffb60da  ; ja 0xfffb60da
cmp eax, dword [ebp - 0x7c]
jb short loc_fffb6172  ; jb 0xfffb6172
jmp short loc_fffb60da  ; jmp 0xfffb60da

loc_fffb6155:  ; not directly referenced
mov byte [edi + 0x36a9], 0
jmp short loc_fffb619e  ; jmp 0xfffb619e

loc_fffb615e:  ; not directly referenced
mov eax, 0xfffffffe
mov cl, bl
rol eax, cl
inc byte [ebp - 0x74]
and byte [ebp - 0x70], al
jmp near loc_fffb600c  ; jmp 0xfffb600c

loc_fffb6172:  ; not directly referenced
mov ebx, dword [ebp - 0x6c]
mov eax, dword [ebp - 0xa0]
mov edx, dword [ebp - 0x9c]
inc dword [ebp - 0x6c]
mov dword [edi + ebx*8 + 0x36aa], eax
mov al, byte [ebp - 0x6c]
mov dword [edi + ebx*8 + 0x36ae], edx
cmp byte [ebp - 0x70], al
ja loc_fffb60da  ; ja 0xfffb60da

loc_fffb619e:  ; not directly referenced
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb61a8:  ; not directly referenced
push ebp
mov eax, 0x80000002
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x1c
mov ebx, dword [ebp + 0x20]
mov ecx, dword [ebp + 0x10]
mov esi, dword [ebp + 0x14]
mov edi, dword [ebp + 0x18]
test ebx, ebx
je loc_fffb626d  ; je 0xfffb626d
cmp ecx, 0xb
ja loc_fffb626d  ; ja 0xfffb626d
push eax
mov edx, ecx
push dword [ebp + 0x1c]
xor eax, eax
mov dword [ebp - 0x1c], ecx
push edi
push esi
call fcn_fffb05d3  ; call 0xfffb05d3
add esp, 0x10
mov ecx, dword [ebp - 0x1c]
test eax, eax
js short loc_fffb626d  ; js 0xfffb626d
mov al, byte [ecx + ref_fffd6138]  ; mov al, byte [ecx - 0x29ec8]
mov dword [ebp - 0x24], 0
mov byte [ebp - 0x1e], al
mov eax, ecx
and eax, 3
mov dword [ebp - 0x1c], eax
movzx eax, byte [eax + ref_fffd6144]  ; movzx eax, byte [eax - 0x29ebc]
dec eax
test ebx, eax
movzx eax, byte [ecx + ref_fffd6144]  ; movzx eax, byte [ecx - 0x29ebc]
sete byte [ebp - 0x1d]
mov dword [ebp - 0x28], eax

loc_fffb621f:  ; not directly referenced
cmp dword [ebp + 0x1c], 0
je short loc_fffb626b  ; je 0xfffb626b
cmp dword [ebp - 0x1c], 0
jne short loc_fffb6232  ; jne 0xfffb6232
mov edx, esi
in al, dx
mov byte [ebx], al
jmp short loc_fffb625a  ; jmp 0xfffb625a

loc_fffb6232:  ; not directly referenced
cmp dword [ebp - 0x1c], 1
jne short loc_fffb6246  ; jne 0xfffb6246
sub esp, 0xc
push esi
call fcn_fffb00a0  ; call 0xfffb00a0
mov word [ebx], ax
jmp short loc_fffb6257  ; jmp 0xfffb6257

loc_fffb6246:  ; not directly referenced
cmp dword [ebp - 0x1c], 2
jne short loc_fffb625a  ; jne 0xfffb625a
sub esp, 0xc
push esi
call fcn_fffb00dc  ; call 0xfffb00dc
mov dword [ebx], eax

loc_fffb6257:  ; not directly referenced
add esp, 0x10

loc_fffb625a:  ; not directly referenced
movzx eax, byte [ebp - 0x1e]
add esi, dword [ebp - 0x28]
adc edi, dword [ebp - 0x24]
dec dword [ebp + 0x1c]
add ebx, eax
jmp short loc_fffb621f  ; jmp 0xfffb621f

loc_fffb626b:  ; not directly referenced
xor eax, eax

loc_fffb626d:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb6275:  ; not directly referenced
push ebp
mov eax, 0x80000002
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x1c
mov ebx, dword [ebp + 0x20]
mov ecx, dword [ebp + 0x10]
mov esi, dword [ebp + 0x14]
mov edi, dword [ebp + 0x18]
test ebx, ebx
je loc_fffb6339  ; je 0xfffb6339
cmp ecx, 0xb
ja loc_fffb6339  ; ja 0xfffb6339
push eax
mov edx, ecx
push dword [ebp + 0x1c]
xor eax, eax
mov dword [ebp - 0x1c], ecx
push edi
push esi
call fcn_fffb05d3  ; call 0xfffb05d3
add esp, 0x10
mov ecx, dword [ebp - 0x1c]
test eax, eax
js short loc_fffb6339  ; js 0xfffb6339
mov al, byte [ecx + ref_fffd6138]  ; mov al, byte [ecx - 0x29ec8]
mov dword [ebp - 0x24], 0
mov byte [ebp - 0x1e], al
mov eax, ecx
and eax, 3
mov dword [ebp - 0x1c], eax
movzx eax, byte [eax + ref_fffd6144]  ; movzx eax, byte [eax - 0x29ebc]
dec eax
test ebx, eax
movzx eax, byte [ecx + ref_fffd6144]  ; movzx eax, byte [ecx - 0x29ebc]
sete byte [ebp - 0x1d]
mov dword [ebp - 0x28], eax

loc_fffb62ec:  ; not directly referenced
cmp dword [ebp + 0x1c], 0
je short loc_fffb6337  ; je 0xfffb6337
cmp dword [ebp - 0x1c], 0
jne short loc_fffb62ff  ; jne 0xfffb62ff
mov al, byte [ebx]
mov edx, esi
out dx, al
jmp short loc_fffb6326  ; jmp 0xfffb6326

loc_fffb62ff:  ; not directly referenced
cmp dword [ebp - 0x1c], 1
jne short loc_fffb6313  ; jne 0xfffb6313
movzx eax, word [ebx]
push edx
push edx
push eax
push esi
call fcn_fffb00b9  ; call 0xfffb00b9
jmp short loc_fffb6323  ; jmp 0xfffb6323

loc_fffb6313:  ; not directly referenced
cmp dword [ebp - 0x1c], 2
jne short loc_fffb6326  ; jne 0xfffb6326
push eax
push eax
push dword [ebx]
push esi
call fcn_fffb0086  ; call 0xfffb0086

loc_fffb6323:  ; not directly referenced
add esp, 0x10

loc_fffb6326:  ; not directly referenced
movzx eax, byte [ebp - 0x1e]
add esi, dword [ebp - 0x28]
adc edi, dword [ebp - 0x24]
dec dword [ebp + 0x1c]
add ebx, eax
jmp short loc_fffb62ec  ; jmp 0xfffb62ec

loc_fffb6337:  ; not directly referenced
xor eax, eax

loc_fffb6339:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb6341:  ; not directly referenced
push ebp
mov ebp, esp
sub esp, 8
mov edx, dword [0xff7d77b0]
mov eax, dword [ebp + 0xc]
add eax, 3
and eax, 0xfffffffc
test edx, edx
jne short loc_fffb6366  ; jne 0xfffb6366
mov dword [0xff7d77ac], 0xff7d027c
jmp short loc_fffb638c  ; jmp 0xfffb638c

loc_fffb6366:  ; not directly referenced
mov ecx, dword [0xff7d77ac]
cmp dword [ecx + edx], 0x900ddea1
je short loc_fffb638c  ; je 0xfffb638c
push eax
push 0x3d
push ref_fffd3a20  ; push 0xfffd3a20
push ref_fffd62d9  ; push 0xfffd62d9
call mrc_printk  ; call 0xfffb8212
add esp, 0x10

loc_fffb638a:  ; not directly referenced
jmp short loc_fffb638a  ; jmp 0xfffb638a

loc_fffb638c:  ; not directly referenced
lea ecx, [eax + edx]
cmp ecx, 0x752c
jbe short loc_fffb63ae  ; jbe 0xfffb63ae
push eax
push 0x4b
push ref_fffd3a20  ; push 0xfffd3a20
push ref_fffd62f9  ; push 0xfffd62f9
call mrc_printk  ; call 0xfffb8212
add esp, 0x10

loc_fffb63ac:  ; not directly referenced
jmp short loc_fffb63ac  ; jmp 0xfffb63ac

loc_fffb63ae:  ; not directly referenced
mov eax, dword [0xff7d77ac]
mov dword [0xff7d77b0], ecx
mov dword [eax + ecx], 0x900ddea1
mov ecx, dword [ebp + 0x10]
add edx, eax
xor eax, eax
mov dword [ecx], edx
leave
ret

fcn_fffb63cb:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
mov dword [ebp - 0x30], edx
mov dword [ebp - 0x1c], 0
call fcn_fffb91ff  ; call 0xfffb91ff
mov dword [ebp - 0x2c], eax
lea eax, [ebp - 0x1c]
push eax
push 0
push 0
push ref_fffd6948  ; push 0xfffd6948
call fcn_fffb020b  ; call 0xfffb020b
mov eax, dword [0xff7d0084]
mov esi, dword [eax + 0x14]
lea edi, [esi + 0xf80ac]
mov dword [esp], edi
call fcn_fffb3fc4  ; call 0xfffb3fc4
pop edx
pop ecx
and eax, 0xffebffff
push eax
push edi
call fcn_fffb3ffa  ; call 0xfffb3ffa
mov edx, 0xcf9
in al, dx
mov ecx, dword [ebp - 0x30]
mov bl, al
add esp, 0x10
and ebx, 0xfffffff1
cmp cl, 6
jne short loc_fffb6479  ; jne 0xfffb6479
sub esp, 0xc
add esi, 0xf8048
push esi
call fcn_fffb3fc4  ; call 0xfffb3fc4
add esp, 0x10
mov esi, eax
and esi, 0xfffffffe
cmp dword [ebp - 0x2c], 1
jne short loc_fffb6494  ; jne 0xfffb6494
push eax
push eax
push 0x40000000
push esi
call fcn_fffb4a77  ; call 0xfffb4a77
pop eax
pop edx
lea eax, [esi + 4]
push 0xbfffffff
push eax
call fcn_fffb4aa1  ; call 0xfffb4aa1
pop ecx
pop eax
lea eax, [esi + 0xc]
push 0xbfffffff
push eax
jmp short loc_fffb64c5  ; jmp 0xfffb64c5

loc_fffb6479:  ; not directly referenced
cmp cl, 1
je short loc_fffb648f  ; je 0xfffb648f
cmp cl, 2
jne short loc_fffb64f9  ; jne 0xfffb64f9
mov eax, dword [ebp - 0x1c]
sub esp, 0xc
push 2
call dword [eax]  ; ucall
jmp short loc_fffb64f3  ; jmp 0xfffb64f3

loc_fffb648f:  ; not directly referenced
or ebx, 6
jmp short loc_fffb64f9  ; jmp 0xfffb64f9

loc_fffb6494:  ; not directly referenced
cmp dword [ebp - 0x2c], 2
jne short loc_fffb64cd  ; jne 0xfffb64cd
push eax
push eax
push 1
lea edx, [esi + 0x1f0]
push edx
mov dword [ebp - 0x2c], edx
call fcn_fffb4a77  ; call 0xfffb4a77
pop eax
pop edx
mov edx, dword [ebp - 0x2c]
push 0xfffffffffffffffb
push edx
call fcn_fffb4aa1  ; call 0xfffb4aa1
mov edx, dword [ebp - 0x2c]
pop ecx
pop eax
push 0x7fffffff
push edx

loc_fffb64c5:  ; not directly referenced
call fcn_fffb4aa1  ; call 0xfffb4aa1
add esp, 0x10

loc_fffb64cd:  ; not directly referenced
push eax
add esi, 0x60
push eax
push 0x40000000
push esi
call fcn_fffb4a77  ; call 0xfffb4a77
mov dword [esp], edi
call fcn_fffb3fc4  ; call 0xfffb3fc4
pop edx
pop ecx
or eax, 0x100000
push eax
push edi
call fcn_fffb3ffa  ; call 0xfffb3ffa

loc_fffb64f3:  ; not directly referenced
or ebx, 0xe
add esp, 0x10

loc_fffb64f9:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
call dword [eax + 0xc]  ; ucall
mov edx, 0xcf9
mov al, bl
out dx, al
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb6511:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, eax
sub esp, 0x20
mov edi, dword [ebp + 0x10]
mov esi, dword [ebp + 0xc]
push 0x3f
push edi
push esi
mov dword [ebp - 0x1c], edx
mov dword [ebp - 0x20], ecx
call dword [eax + 0x6c]  ; ucall
add esp, 0x10
test al, 1
je short loc_fffb6573  ; je 0xfffb6573
mov eax, dword [ebp - 0x1c]
mov edx, esi
and edx, 0xffffffc0
and eax, 0xffffffc0
mov ecx, eax
mov eax, dword [ebp - 0x20]
and eax, 0x7f
mov dword [ebp - 0x1c], eax
mov eax, edi
and eax, 0x7f
cmp dword [ebp - 0x1c], eax
jne short loc_fffb6573  ; jne 0xfffb6573
cmp ecx, edx
jne short loc_fffb6573  ; jne 0xfffb6573
push eax
push 0x3e
push edi
push esi
call dword [ebx + 0x6c]  ; ucall
add esp, 0x10
and eax, 1
cmp dword [ebp + 8], eax
sete al
movzx eax, al
jmp short loc_fffb6575  ; jmp 0xfffb6575

loc_fffb6573:  ; not directly referenced
xor eax, eax

loc_fffb6575:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb657d:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
mov ebx, dword [ebp + 8]
mov dword [ebp - 0x1c], 0
mov eax, dword [ebx + 0x2444]
lea esi, [ebx + 0xfb9]
mov dword [ebp - 0x20], eax
lea eax, [ebx + 0x10]
mov dword [ebp - 0x2c], eax
mov al, byte [ebx + 0x3756]
mov byte [ebx + 0xfb8], al
mov eax, dword [ebx + 0x374f]
mov dword [ebx + 0xfb4], eax

loc_fffb65bd:  ; not directly referenced
imul eax, dword [ebp - 0x1c], 0x13c3
xor edi, edi
mov edx, dword [ebx + eax + 0x3817]
lea ecx, [ebx + eax + 0x3757]
mov dword [ebp - 0x28], ecx
mov dword [esi + 4], edx
mov dl, byte [ebx + eax + 0x381b]
mov byte [esi + 8], dl
mov eax, dword [ebx + eax + 0x3757]
mov dword [esi], eax

loc_fffb65ed:  ; not directly referenced
mov eax, dword [ebp - 0x28]
push edx
push 0x2e
lea eax, [eax + edi + 4]
push eax
lea eax, [esi + edi + 9]
add edi, 0x2e
push eax
mov eax, dword [ebp - 0x20]
call dword [eax + 0x58]  ; ucall
add esp, 0x10
cmp edi, 0xb8
jne short loc_fffb65ed  ; jne 0xfffb65ed
imul eax, dword [ebp - 0x1c], 0x54a
lea edx, [esi + 0x313]
mov dword [ebp - 0x24], 0
lea edi, [ebx + eax + 0x19bb]

loc_fffb662c:  ; not directly referenced
mov ecx, dword [ebp - 0x24]
mov dword [ebp - 0x30], edx
mov edx, dword [ebp - 0x28]
push eax
push 0x128
lea eax, [edx + ecx + 0x1173]
push eax
lea eax, [esi + ecx + 0xc1]
push eax
mov eax, dword [ebp - 0x20]
call dword [eax + 0x58]  ; ucall
mov al, byte [edi + 3]
add esp, 0x10
mov edx, dword [ebp - 0x30]
cmp byte [edi + 2], 0xc
mov byte [edx - 2], al
jne short loc_fffb6676  ; jne 0xfffb6676
mov al, byte [edi + 0xd]
mov ecx, 0x1d
mov byte [edx - 1], al
lea eax, [edi + 0x140]
jmp short loc_fffb6684  ; jmp 0xfffb6684

loc_fffb6676:  ; not directly referenced
mov al, byte [edi + 8]
mov ecx, 0x1f
mov byte [edx - 1], al
lea eax, [edi + 0x75]

loc_fffb6684:  ; not directly referenced
sub esp, 4
add edi, 0x277
push ecx
push eax
mov eax, dword [ebp - 0x20]
push edx
mov dword [ebp - 0x30], edx
call dword [eax + 0x58]  ; ucall
mov edx, dword [ebp - 0x30]
add esp, 0x10
add dword [ebp - 0x24], 0x128
add edx, 0x21
cmp dword [ebp - 0x24], 0x250
jne loc_fffb662c  ; jne 0xfffb662c
inc dword [ebp - 0x1c]
add esi, 0x433
cmp dword [ebp - 0x1c], 2
jne loc_fffb65bd  ; jne 0xfffb65bd
mov eax, dword [ebx + 0x3736]
mov dword [ebx + 0x182c], eax
mov eax, dword [ebx + 0x373a]
mov dword [ebx + 0x1830], eax
mov eax, dword [ebx + 0x373e]
mov dword [ebx + 0x1834], eax
mov eax, dword [ebx + 0x3742]
mov dword [ebx + 0x1838], eax
push eax
mov eax, dword [ebx + 0x2444]
push 4
mov edx, dword [ebx + 0x188b]
lea edx, [edx*4 + ref_fffd3520]  ; lea edx, [edx*4 - 0x2cae0]
push edx
lea edx, [ebx + 0xfac]
push edx
call dword [eax + 0x58]  ; ucall
mov eax, dword [ebx + 0x1887]
add esp, 0x10
xor ecx, ecx
mov dword [ebx + 0xfa4], eax
mov eax, dword [ebx + 0x1883]
mov dword [ebx + 0xfa0], eax
mov eax, dword [ebx + 0x188b]
mov dword [ebx + 0xfa8], eax
mov al, byte [ebx + 0x190d]
mov byte [ebx + 0x1842], al
mov eax, dword [ebx + 0x36d8]
mov dword [ebx + 0x181f], eax
mov eax, dword [ebx + 0x36e0]
mov dword [ebx + 0x1823], eax
mov al, byte [ebx + 0x36e8]
mov byte [ebx + 0x182b], al
mov eax, dword [ebx + 0x36e4]
mov dword [ebx + 0x1827], eax
mov al, byte [ebx + 0x3749]
mov byte [ebx + 0x183c], al
mov eax, dword [ebx + 0x2481]
mov dword [ebx + 0x183d], eax
mov al, byte [ebx + 0x374a]
mov byte [ebx + 0x1841], al
mov al, byte [ebx + 0x36cb]
mov byte [ebx + 0x184c], al
mov al, byte [ebx + 0x36a9]
mov byte [ebx + 0x184d], al
mov eax, dword [ebx + 0x36cc]
mov dword [ebx + 0x1843], eax
mov eax, dword [ebx + 0x1912]
mov dword [ebx + 0x1847], eax
mov al, byte [ebx + 0x1916]
mov byte [ebx + 0x184b], al

loc_fffb67df:  ; not directly referenced
mov eax, dword [ebx + ecx*8 + 0x36aa]
mov edx, dword [ebx + ecx*8 + 0x36ae]
mov dword [ebx + ecx*8 + 0x184e], eax
mov dword [ebx + ecx*8 + 0x1852], edx
inc ecx
cmp ecx, 4
jne short loc_fffb67df  ; jne 0xfffb67df
mov edx, dword [ebx + 0x18bd]
mov eax, dword [ebx + 0x18b9]
call fcn_fffc3cb8  ; call 0xfffc3cb8
mov edx, 0x185e
mov dword [ebx + 0xfb0], eax
mov eax, dword [ebp - 0x2c]
call fcn_fffc3cb8  ; call 0xfffc3cb8
mov dword [ebx + 8], 0x1866
mov dword [ebx + 0xc], eax
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb6839:  ; not directly referenced
mov eax, dword [0xff7d0084]
push ebp
mov ebp, esp
push esi
mov esi, dword [ebp + 8]
push ebx
mov eax, dword [eax + 0x14]
mov ebx, dword [ebp + 0xc]
sub esp, 0xc
add eax, 0xb0048
push eax
call fcn_fffb3fc4  ; call 0xfffb3fc4
add esp, 0x10
cmp bl, 2
je short loc_fffb6872  ; je 0xfffb6872
cmp bl, 6
je short loc_fffb6879  ; je 0xfffb6879
dec bl
jne short loc_fffb6885  ; jne 0xfffb6885
mov edx, 1
jmp short loc_fffb687e  ; jmp 0xfffb687e

loc_fffb6872:  ; not directly referenced
mov edx, 2
jmp short loc_fffb687e  ; jmp 0xfffb687e

loc_fffb6879:  ; not directly referenced
mov edx, 6

loc_fffb687e:  ; not directly referenced
mov eax, esi
call fcn_fffb63cb  ; call 0xfffb63cb

loc_fffb6885:  ; not directly referenced
lea esp, [ebp - 8]
xor eax, eax
pop ebx
pop esi
pop ebp
ret

fcn_fffb688e:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x38
mov eax, dword [0xff7d0084]
mov edi, dword [eax + 0x14]
add edi, 0xb0048
push edi
call fcn_fffb3fc4  ; call 0xfffb3fc4
mov ebx, eax
lea eax, [ebp - 0x1c]
push eax
push 0
push 0
push ref_fffd6348  ; push 0xfffd6348
call fcn_fffb020b  ; call 0xfffb020b
add esp, 0x20
xor ecx, ecx
mov esi, eax

loc_fffb68c6:  ; not directly referenced
test bh, 1
jne short loc_fffb68f6  ; jne 0xfffb68f6
cmp ecx, 0x32
je short loc_fffb6941  ; je 0xfffb6941
mov eax, dword [ebp - 0x1c]
push ebx
push 0x3e8
push eax
push dword [ebp + 8]
mov dword [ebp - 0x2c], ecx
call dword [eax + 4]  ; ucall
mov dword [esp], edi
call fcn_fffb3fc4  ; call 0xfffb3fc4
mov ecx, dword [ebp - 0x2c]
add esp, 0x10
inc ecx
mov ebx, eax
jmp short loc_fffb68c6  ; jmp 0xfffb68c6

loc_fffb68f6:  ; not directly referenced
cmp ecx, 0x32
je short loc_fffb6941  ; je 0xfffb6941
mov edi, ebx
test bl, bl
jns short loc_fffb6938  ; jns 0xfffb6938
mov eax, dword [0xff7d0084]
sub esp, 0xc
mov ebx, dword [eax + 0x14]
add ebx, 0xf80a2
push ebx
call fcn_fffb3e49  ; call 0xfffb3e49
pop edx
pop ecx
and eax, 0xff7f
push eax
push ebx
call fcn_fffb3fa0  ; call 0xfffb3fa0
mov eax, dword [ebp + 8]
mov edx, 1
call fcn_fffb63cb  ; call 0xfffb63cb
add esp, 0x10
mov esi, eax

loc_fffb6938:  ; not directly referenced
mov eax, edi
and eax, 0xffffff90
cmp al, 0x10
jne short loc_fffb6947  ; jne 0xfffb6947

loc_fffb6941:  ; not directly referenced
mov eax, dword [ebp + 0x10]
mov byte [eax], 1

loc_fffb6947:  ; not directly referenced
lea esp, [ebp - 0xc]
mov eax, esi
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb6951:
push ebp
mov ebp, esp
mov ecx, dword [ebp + 8]
mov edx, dword [ebp + 0xc]
push ebx
mov ebx, dword [ecx + 8]
mov eax, dword [ecx + 0xc]
xor ebx, dword [edx + 8]
xor eax, dword [edx + 0xc]
or ebx, eax
mov ebx, dword [ecx]
mov ecx, dword [ecx + 4]
sete al
xor ebx, dword [edx]
xor ecx, dword [edx + 4]
or ebx, ecx
sete dl
and eax, edx
pop ebx
pop ebp
ret

fcn_fffb6980:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
sub esp, 0x6c
mov eax, dword [ebp + 8]
mov dword [ebp - 0x68], ecx
mov ecx, dword [ebp + 0xc]
mov ebx, dword [ebp + 0x10]
mov byte [ebp - 0x30], 0x21
mov dword [ebp - 0x6c], eax
mov al, byte [ebp + 0x14]
mov dword [ebp - 0x3c], ecx
mov byte [ebp - 0x76], cl
mov edi, ebx
mov byte [ebp - 0x2f], 0x42
mov byte [ebp - 0x40], al
mov byte [ebp - 0x2e], 0x58
mov byte [ebp - 0x2d], 0x64
mov byte [ebp - 0x2c], 0x85
mov byte [ebp - 0x2b], 0xa6
mov byte [ebp - 0x2a], 0xc8
mov byte [ebp - 0x29], 0xe9
mov byte [ebp - 0x28], 0x2f
mov byte [ebp - 0x27], 0x41
mov byte [ebp - 0x26], 0x53
mov byte [ebp - 0x25], 0x64
mov byte [ebp - 0x24], 0x7d
mov byte [ebp - 0x23], 0x95
mov byte [ebp - 0x22], 0xad
mov byte [ebp - 0x21], 0xc5
mov byte [ebp - 0x20], 0x76
mov byte [ebp - 0x1f], 0x70
mov byte [ebp - 0x1e], 0x6c
mov byte [ebp - 0x1d], 0x67
mov eax, dword [esi + 0x5edd]
mov byte [ebp - 0x1c], 0x64
mov byte [ebp - 0x1b], 0x61
mov byte [ebp - 0x1a], 0x5f
mov dword [ebp - 0x58], eax
movzx eax, dl
mov edx, dword [ebp - 0x58]
mov dword [ebp - 0x60], eax
imul eax, eax, 0xcc
mov byte [ebp - 0x19], 0x5d
mov dword [ebp - 0x74], 0
mov dword [ebp - 0x5c], 0
lea eax, [edx + eax + 0x1c]
mov dl, 0x19
mov dword [ebp - 0x44], eax
mov eax, dword [esi + 0x18a7]
mov eax, dword [esi + eax*4 + 0x3736]
mov dword [ebp - 0x48], eax
mov eax, dword [esi + 0x188b]
mov dword [ebp - 0x70], eax
xor eax, eax
cmp dword [esi + 0x2481], 3
sete al
cmp cl, 0xc
mov dword [ebp - 0x64], eax
mov al, 0x4b
cmovne edx, eax
cmp dword [ebp + 0x1c], 0
mov byte [ebp - 0x75], dl
je short loc_fffb6a81  ; je 0xfffb6a81
mov eax, dword [ebp + 0x1c]
cmp dword [eax], 0
setne al
movzx eax, al
mov dword [ebp - 0x4c], eax
jmp short loc_fffb6aa6  ; jmp 0xfffb6aa6

loc_fffb6a81:  ; not directly referenced
mov eax, dword [ebp - 0x3c]
cmp al, 0xc
sete dl
cmp al, 0xa
sete al
or dl, al
je short loc_fffb6a99  ; je 0xfffb6a99

loc_fffb6a92:  ; not directly referenced
xor eax, eax
jmp near loc_fffb70f8  ; jmp 0xfffb70f8

loc_fffb6a99:  ; not directly referenced
cmp byte [ebp - 0x3c], 0xf
je short loc_fffb6a92  ; je 0xfffb6a92
mov dword [ebp - 0x4c], 0

loc_fffb6aa6:  ; not directly referenced
cmp dword [ebp - 0x64], 0
jne short loc_fffb6aee  ; jne 0xfffb6aee
mov edx, dword [ebp - 0x60]
imul eax, edx, 0x54a
imul edx, edx, 0x13c3
lea eax, [esi + eax + 0x196b]
mov dl, byte [esi + edx + 0x381b]
test dl, 1
je short loc_fffb6ad7  ; je 0xfffb6ad7
cmp byte [eax + 0x27e], 0
je short loc_fffb6afe  ; je 0xfffb6afe

loc_fffb6ad7:  ; not directly referenced
and dl, 4
je short loc_fffb6b07  ; je 0xfffb6b07
cmp byte [eax + 0x4f5], 1
sbb eax, eax
mov dword [ebp - 0x54], eax
add dword [ebp - 0x54], 0x24
jmp short loc_fffb6b0e  ; jmp 0xfffb6b0e

loc_fffb6aee:  ; not directly referenced
mov dword [ebp - 0x54], 0x50
mov dword [ebp - 0x50], 0x37
jmp short loc_fffb6b15  ; jmp 0xfffb6b15

loc_fffb6afe:  ; not directly referenced
mov dword [ebp - 0x54], 0x23
jmp short loc_fffb6b0e  ; jmp 0xfffb6b0e

loc_fffb6b07:  ; not directly referenced
mov dword [ebp - 0x54], 0x24

loc_fffb6b0e:  ; not directly referenced
mov dword [ebp - 0x50], 0x23

loc_fffb6b15:  ; not directly referenced
cmp byte [ebp - 0x3c], 2
ja loc_fffb6c0b  ; ja 0xfffb6c0b
movzx eax, byte [ebp - 0x6c]
mov edx, dword [ebp - 0x44]
cmp byte [ebp - 0x3c], 1
mov eax, dword [edx + eax*4 + 0x78]
mov dword [ebp - 0x5c], eax
jne short loc_fffb6b47  ; jne 0xfffb6b47
mov edx, 0x3a04
mov eax, esi
call fcn_fffb331f  ; call 0xfffb331f
mov dword [ebp - 0x74], eax
jmp near loc_fffb6c15  ; jmp 0xfffb6c15

loc_fffb6b47:  ; not directly referenced
mov edx, 0x3a00
mov eax, esi
call fcn_fffb331f  ; call 0xfffb331f
cmp byte [ebp - 0x3c], 0
jne loc_fffb6c0b  ; jne 0xfffb6c0b
mov ebx, dword [ebp - 0x58]
mov edx, dword [ebx + 0xc]
shr edx, 0xb
mov cl, dl
and ecx, 0xf
and dl, 8
lea ebx, [ecx - 0x10]
cmovne ecx, ebx
cmp dword [ebp + 0x18], 0
je short loc_fffb6b93  ; je 0xfffb6b93
mov edi, dword [ebp - 0x5c]
and eax, 0x3f
mov byte [ebp - 0x40], al
mov eax, edi
and eax, 0x3f
and edi, 0x20
lea edx, [eax - 0x40]
cmovne eax, edx
mov edi, eax

loc_fffb6b93:  ; not directly referenced
cmp dword [ebp - 0x70], 1
movsx ecx, cl
mov edx, dword [esi + 0x1887]
sbb ebx, ebx
and ebx, 0x12
add ebx, 0x1e
cmp edx, 0x306d0
sete al
cmp edx, 0x40650
sete dl
movsx ebx, bl
or eax, edx
mov edx, 0x20
cmp al, 1
sbb eax, eax
sub edx, ecx
and eax, 0xffffffd3
add ecx, 0x20
add eax, 0x78
movzx eax, al
imul eax, edx
cdq
idiv ecx
mov ecx, 3
xor edx, edx
div cx
movsx ecx, byte [ebp - 0x40]
lea edx, [ecx + ecx*2]
add edx, ebx
imul eax, edx
mov edx, edi
movsx edx, dl
add edx, ecx
lea edx, [edx + edx*2]
movzx eax, ax
add ebx, edx
cdq
idiv ebx
mov ecx, eax
jmp near loc_fffb6d05  ; jmp 0xfffb6d05

loc_fffb6c0b:  ; not directly referenced
cmp byte [ebp - 0x3c], 1
jne loc_fffb6cae  ; jne 0xfffb6cae

loc_fffb6c15:  ; not directly referenced
mov eax, dword [ebp - 0x58]
mov ecx, dword [eax + 0xc]
mov eax, ecx
shr eax, 3
and eax, 1
shr ecx, 0xf
mov byte [ebp - 0x64], al
mov al, cl
and eax, 0x1f
cmp dword [ebp - 0x70], 1
lea edx, [eax - 0x20]
sbb ebx, ebx
and ebx, 6
add ebx, 0xa
and cl, 0x10
cmove edx, eax
cmp dword [ebp + 0x18], 0
je short loc_fffb6c68  ; je 0xfffb6c68
mov al, byte [ebp - 0x74]
mov edi, dword [ebp - 0x5c]
and eax, 0x3f
shr edi, 0xc
mov byte [ebp - 0x40], al
mov eax, edi
and eax, 0x1f
and edi, 0x10
lea ecx, [eax - 0x20]
cmovne eax, ecx
mov edi, eax

loc_fffb6c68:  ; not directly referenced
mov cl, byte [ebp - 0x40]
mov al, 1
movsx edx, dl
movsx ebx, bl
test cl, cl
cmove ecx, eax
mov eax, esi
mov byte [ebp - 0x40], cl
call fcn_fffa6cac  ; call 0xfffa6cac
mov dl, byte [ebp - 0x64]
xor edx, 1
movzx edx, dl
imul ebx, edx
movsx edx, byte [ebp - 0x40]
lea ecx, [ebx + edx]
imul eax, ecx
mov ecx, edi
movsx ecx, cl
add edx, ecx
add ebx, edx
movzx eax, ax
cdq
idiv ebx
mov ecx, eax
jmp near loc_fffb6da7  ; jmp 0xfffb6da7

loc_fffb6cae:  ; not directly referenced
cmp byte [ebp - 0x3c], 2
jne short loc_fffb6cda  ; jne 0xfffb6cda
cmp dword [ebp + 0x18], 0
je short loc_fffb6ccd  ; je 0xfffb6ccd
mov edi, dword [ebp - 0x5c]
shr edi, 0x1b
mov eax, edi
and eax, 0x10
lea ecx, [edi - 0x20]
test al, al
cmovne edi, ecx

loc_fffb6ccd:  ; not directly referenced
mov eax, edi
movsx ecx, al
add ecx, 0x32
jmp near loc_fffb6da7  ; jmp 0xfffb6da7

loc_fffb6cda:  ; not directly referenced
cmp byte [ebp - 0x3c], 4
jne short loc_fffb6ce8  ; jne 0xfffb6ce8
movsx ecx, bl
jmp near loc_fffb6eef  ; jmp 0xfffb6eef

loc_fffb6ce8:  ; not directly referenced
cmp byte [ebp - 0x3c], 5
jne short loc_fffb6d03  ; jne 0xfffb6d03
movsx ax, bl
idiv byte [ebp - 0x76]
movsx eax, al
lea ecx, [eax + eax*4]
add ecx, 0x64
jmp near loc_fffb6eef  ; jmp 0xfffb6eef

loc_fffb6d03:  ; not directly referenced
xor ecx, ecx

loc_fffb6d05:  ; not directly referenced
cmp byte [ebp - 0x3c], 9
jne loc_fffb6da7  ; jne 0xfffb6da7
cmp dword [ebp + 0x18], 0
je short loc_fffb6d6a  ; je 0xfffb6d6a
cmp byte [ebp - 0x68], 3
ja loc_fffb6a92  ; ja 0xfffb6a92
mov ecx, dword [ebp - 0x68]
imul eax, dword [ebp - 0x60], 0x13c3
mov edx, ecx
and edx, 1
shr ecx, 1
imul edx, edx, 0x18
imul ecx, ecx, 0x128
lea eax, [esi + eax + 0x3757]
add edx, ecx
cmp dword [ebp - 0x64], 0
je short loc_fffb6d58  ; je 0xfffb6d58
mov cx, word [eax + edx + 0x1271]
lea edi, [ecx - 1]
and edi, 0xf
jmp short loc_fffb6d70  ; jmp 0xfffb6d70

loc_fffb6d58:  ; not directly referenced
mov cx, word [eax + edx + 0x126d]
shr cx, 1
mov edi, ecx
and edi, 1
jmp short loc_fffb6d90  ; jmp 0xfffb6d90

loc_fffb6d6a:  ; not directly referenced
cmp dword [ebp - 0x64], 0
je short loc_fffb6d87  ; je 0xfffb6d87

loc_fffb6d70:  ; not directly referenced
mov eax, edi
mov ebx, 7
cmp al, 6
mov al, 6
cmovg edi, eax
mov eax, edi
movsx eax, al
sub ebx, eax
jmp short loc_fffb6d98  ; jmp 0xfffb6d98

loc_fffb6d87:  ; not directly referenced
mov eax, edi
cmp al, 0xfa
mov al, 0xfb
cmovle edi, eax

loc_fffb6d90:  ; not directly referenced
mov eax, edi
movsx ebx, al
add ebx, 6

loc_fffb6d98:  ; not directly referenced
mov eax, 0xf0
cdq
idiv ebx
mov ecx, eax
jmp near loc_fffb6eef  ; jmp 0xfffb6eef

loc_fffb6da7:  ; not directly referenced
cmp byte [ebp - 0x3c], 6
jne loc_fffb6eef  ; jne 0xfffb6eef
mov edx, 0x3918
mov eax, esi
call fcn_fffb331f  ; call 0xfffb331f
mov dl, byte [esi + 0x36e8]
and eax, 3
cmp dword [esi + 0x36e4], 1
sbb ebx, ebx
and ebx, 0xfffffffe
add ebx, 6
cmp dword [esi + 0x188b], 0
jne loc_fffb6e84  ; jne 0xfffb6e84
cmp dword [ebp - 0x48], 0x546
movzx eax, al
seta cl
sub edx, ebx
cmp dl, 4
mov bl, 4
cmovle ebx, edx
xor edx, edx
test bl, bl
movzx ecx, cl
cmovns edx, ebx
cmp dword [esi + 0x1887], 0x40650
jne short loc_fffb6e29  ; jne 0xfffb6e29
cmp dl, 2
mov bl, 2
cmovle ebx, edx
movsx ebx, bl
lea ecx, [ecx + ecx*2]
add ecx, ebx
movzx ebx, byte [eax + ecx*4 + ref_fffd35c4]  ; movzx ebx, byte [eax + ecx*4 - 0x2ca3c]
jmp short loc_fffb6e39  ; jmp 0xfffb6e39

loc_fffb6e29:  ; not directly referenced
movsx edx, dl
lea ecx, [ecx + ecx*4]
add edx, ecx
movzx ebx, byte [eax + edx*4 + ref_fffd359c]  ; movzx ebx, byte [eax + edx*4 - 0x2ca64]

loc_fffb6e39:  ; not directly referenced
imul eax, dword [ebp - 0x48], 0x4b0
mov ecx, 0x3e8
xor edx, edx
div ecx
xor edx, edx
add eax, 0x520
div ecx
cmp dword [ebp + 0x18], 0
mov ecx, eax
je short loc_fffb6e70  ; je 0xfffb6e70
movzx eax, byte [ebp - 0x6c]
mov edi, dword [ebp - 0x44]
movzx edi, byte [edi + eax*4 + 5]
mov eax, edi
shr al, 2
mov edi, eax
and edi, 7

loc_fffb6e70:  ; not directly referenced
mov eax, edi
movzx ebx, byte [ebp + ebx - 0x30]
movsx eax, al
movzx eax, byte [ebp + eax - 0x30]
imul eax, ecx
jmp short loc_fffb6ee8  ; jmp 0xfffb6ee8

loc_fffb6e84:  ; not directly referenced
imul eax, dword [ebp - 0x48], 0x5fa
xor edx, edx
mov ecx, 0x3e8
div ecx
cmp dword [ebp + 0x18], 0
lea edx, [eax + 0x4cc]
je short loc_fffb6ebf  ; je 0xfffb6ebf
movzx eax, byte [ebp - 0x6c]
mov ecx, dword [ebp - 0x44]
movzx edi, byte [ecx + eax*4 + 5]
mov ebx, edi
shr bl, 2
mov edi, ebx
mov bl, byte [ecx + eax*4 + 0x2b]
and edi, 7
shr bl, 2
jmp short loc_fffb6ec8  ; jmp 0xfffb6ec8

loc_fffb6ebf:  ; not directly referenced
mov eax, edi
mov ebx, edi
shr al, 3
mov edi, eax

loc_fffb6ec8:  ; not directly referenced
and ebx, 7
mov eax, edi
movzx ebx, bl
movsx eax, al
movzx ecx, byte [ebp + ebx - 0x20]
mov ebx, 0x2710
movzx eax, byte [ebp + eax - 0x28]
imul eax, ecx
imul eax, edx

loc_fffb6ee8:  ; not directly referenced
xor edx, edx
div ebx
movzx ecx, ax

loc_fffb6eef:  ; not directly referenced
mov eax, dword [ebp - 0x3c]
cmp al, 0xa
sete bl
cmp al, 0xc
sete al
mov byte [ebp - 0x64], al
or al, bl
mov byte [ebp - 0x5c], bl
jne short loc_fffb6f12  ; jne 0xfffb6f12
cmp byte [ebp - 0x3c], 0xf
jne loc_fffb70b5  ; jne 0xfffb70b5
jmp short loc_fffb6f39  ; jmp 0xfffb6f39

loc_fffb6f12:  ; not directly referenced
cmp byte [ebp - 0x3c], 0xf
je short loc_fffb6f39  ; je 0xfffb6f39
mov eax, dword [ebp - 0x58]
cmp dword [ebp - 0x4c], 0
mov ecx, dword [eax + 0xc]
je short loc_fffb6f29  ; je 0xfffb6f29
shr ecx, 0x18
jmp short loc_fffb6f2c  ; jmp 0xfffb6f2c

loc_fffb6f29:  ; not directly referenced
shr ecx, 0x14

loc_fffb6f2c:  ; not directly referenced
and ecx, 0xf
test cl, 8
je short loc_fffb6f3b  ; je 0xfffb6f3b
sub ecx, 0x10
jmp short loc_fffb6f3b  ; jmp 0xfffb6f3b

loc_fffb6f39:  ; not directly referenced
mov ecx, edi

loc_fffb6f3b:  ; not directly referenced
movsx ecx, cl
xor edx, edx
add ecx, 0x20
mov eax, 0x1900
div ecx
sub eax, 0x64
cmp dword [ebp + 0x18], 0
mov dword [ebp - 0x58], eax
setne bl
cmp byte [ebp - 0x3c], 0xf
sete al
xor edx, edx
mov byte [ebp - 0x68], al
or al, bl
je short loc_fffb6fd8  ; je 0xfffb6fd8
cmp dword [ebp - 0x4c], 0
je short loc_fffb6f81  ; je 0xfffb6f81
mov edx, 0x3a0c
mov eax, esi
call fcn_fffb331f  ; call 0xfffb331f
mov edi, dword [ebp - 0x44]
mov edx, dword [edi + 0x50]
jmp short loc_fffb6f93  ; jmp 0xfffb6f93

loc_fffb6f81:  ; not directly referenced
mov edx, 0x3a08
mov eax, esi
call fcn_fffb331f  ; call 0xfffb331f
mov edi, dword [ebp - 0x44]
mov edx, dword [edi + 0x4c]

loc_fffb6f93:  ; not directly referenced
shr edx, 9
shr eax, 0xc
mov edi, edx
and eax, 0x3f
and edi, 0xf
mov byte [ebp - 0x40], al
test edi, 8
je short loc_fffb6faf  ; je 0xfffb6faf
sub edi, 0x10

loc_fffb6faf:  ; not directly referenced
xor edx, edx
test bl, bl
je short loc_fffb6fd8  ; je 0xfffb6fd8
cmp byte [ebp - 0x64], 0
je short loc_fffb6fd8  ; je 0xfffb6fd8
mov edx, dword [ebp - 0x60]
mov eax, esi
shl edx, 8
add edx, 0x140c
call fcn_fffb331f  ; call 0xfffb331f
mov edx, edi
shr eax, 0xd
mov edi, eax
and edi, 3

loc_fffb6fd8:  ; not directly referenced
movsx ecx, byte [ebp - 0x40]
mov eax, dword [ebp - 0x58]
mov bl, byte [ebp - 0x68]
add ecx, 0xc
imul eax, ecx
or bl, byte [ebp - 0x5c]
mov ebx, edi
movsx ebx, bl
je short loc_fffb701b  ; je 0xfffb701b
add ecx, ebx
xor edx, edx
mov esi, dword [ebp - 0x50]
div ecx
xor edx, edx
mov ecx, 5
div ecx
mov ebx, eax
mov eax, dword [ebp + 0x1c]
add esi, ebx
mov dword [eax], ebx
mov eax, dword [ebp - 0x54]
add eax, ebx
cmp dword [ebp - 0x4c], 0
cmovne esi, eax
jmp short loc_fffb703b  ; jmp 0xfffb703b

loc_fffb701b:  ; not directly referenced
movsx edx, dl
mov esi, dword [ebp - 0x50]
add ecx, edx
xor edx, edx
div ecx
mov ecx, 5
sub ecx, ebx
xor edx, edx
div ecx
mov ebx, eax
add esi, eax
mov eax, dword [ebp + 0x1c]
mov dword [eax], ebx

loc_fffb703b:  ; not directly referenced
imul eax, dword [ebp - 0x48], 0x3e8
add esi, esi
xor edx, edx
div esi
mov esi, 0x3e8
xor edx, edx
mov ecx, eax
div esi
movzx esi, byte [ebp - 0x75]
xor edx, edx
mov dword [ebp - 0x40], esi
mov esi, eax
imul esi, eax
mov dword [ebp - 0x50], eax
mov eax, esi
mov esi, 0x64
imul eax, ebx
imul ebx, dword [ebp - 0x50]
div esi
xor edx, edx
imul eax, dword [ebp - 0x40]
div esi
mov edx, dword [ebp + 0x1c]
mov dword [edx + 4], eax
mov eax, dword [ebp - 0x48]
xor edx, edx
sub eax, ebx
sub eax, ebx
mov ebx, 0x3e8
imul eax, eax
div ebx
mov bx, 0x2710
xor edx, edx
imul eax, eax, 0xd2f0
div ebx
xor edx, edx
div esi
xor edx, edx
imul eax, dword [ebp - 0x40]
div esi
mov esi, dword [ebp + 0x1c]
mov dword [esi + 8], eax

loc_fffb70b5:  ; not directly referenced
cmp byte [ebp - 0x3c], 0xb
mov eax, ecx
jne short loc_fffb70f8  ; jne 0xfffb70f8
cmp dword [ebp + 0x18], 0
je short loc_fffb70f0  ; je 0xfffb70f0
mov eax, dword [ebp - 0x44]
mov eax, dword [eax + 0x4c]
mov dword [ebp - 0x3c], eax
mov cl, byte [ebp - 0x3c]
and ecx, 0x1f
cmp dword [ebp - 0x4c], 0
mov edi, ecx
je short loc_fffb70e5  ; je 0xfffb70e5
mov eax, dword [ebp - 0x44]
mov ecx, dword [eax + 0x50]
mov edi, ecx
and edi, 0x1f

loc_fffb70e5:  ; not directly referenced
test edi, 0x10
je short loc_fffb70f0  ; je 0xfffb70f0
sub edi, 0x20

loc_fffb70f0:  ; not directly referenced
mov eax, edi
movsx eax, al
add eax, 0x32

loc_fffb70f8:  ; not directly referenced
add esp, 0x6c
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb7100:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, edx
push esi
push ebx
mov ebx, eax
sub esp, 0x8c
mov eax, dword [eax + 0x188b]
mov byte [ebp - 0x2a], 0
mov byte [ebp - 0x29], 0x3c
mov byte [ebp - 0x28], 0x78
cmp eax, 1
mov dword [ebp - 0x8c], eax
sbb eax, eax
mov dword [ebp - 0x88], eax
and word [ebp - 0x88], 0xfc19
add word [ebp - 0x88], 0x3e8
mov byte [ebp - 0x27], 0x28
mov byte [ebp - 0x26], 0x14
mov byte [ebp - 0x25], 0x1e
mov byte [ebp - 0x35], 0
mov byte [ebp - 0x34], 0x3c
mov byte [ebp - 0x33], 0x78
mov byte [ebp - 0x32], 0
mov byte [ebp - 0x31], 0x22
mov byte [ebp - 0x30], 0x28
mov byte [ebp - 0x2f], 0x30
mov byte [ebp - 0x2e], 0
mov byte [ebp - 0x2d], 0
mov byte [ebp - 0x2c], 0x78
mov byte [ebp - 0x2b], 0xf0
mov dword [ebp - 0x48], ebx
mov dword [ebp - 0x3c], 0
mov dword [ebp - 0x44], 0
mov dword [ebp - 0x50], 0
mov dword [ebp - 0x6c], 0
mov byte [ebp - 0x76], 0

loc_fffb71a0:  ; not directly referenced
mov eax, dword [ebp - 0x48]
mov esi, edi
mov dword [ebp - 0x54], 0
mov word [ebp - 0x4a], 0
mov word [ebp - 0x56], 0
add eax, 0x3757
mov word [ebp - 0x4c], 0
mov dword [ebp - 0x70], 0
mov dword [ebp - 0x94], eax

loc_fffb71d0:  ; not directly referenced
mov ecx, dword [ebp - 0x48]
mov al, byte [ebp - 0x54]
mov edx, dword [ecx + 0x3817]
mov cl, al
mov dword [ebp - 0x90], edx
mov edx, 1
shl edx, cl
mov ecx, dword [ebp - 0x48]
test byte [ecx + 0x381b], dl
je loc_fffb74ec  ; je 0xfffb74ec
cmp dword [ebx + 0x2481], 3
jne short loc_fffb7243  ; jne 0xfffb7243
cmp al, 1
ja loc_fffb7577  ; ja 0xfffb7577
imul eax, dword [ebp - 0x54], 0x18
mov word [ebp - 0x40], 0x3fff
mov dx, word [ecx + eax + 0x49c8]
and edx, 3
mov cl, byte [ebp + edx - 0x32]
mov byte [ebp - 0x75], cl
mov ecx, dword [ebp - 0x48]
mov ax, word [ecx + eax + 0x49d0]
and eax, 3
movzx eax, byte [ebp + eax - 0x2e]
mov word [ebp - 0x68], ax
jmp near loc_fffb72c9  ; jmp 0xfffb72c9

loc_fffb7243:  ; not directly referenced
mov dl, al
and eax, 1
shr dl, 1
movzx edx, dl
imul edx, edx, 0x128
imul eax, eax, 0x18
add eax, edx
add eax, dword [ebp - 0x94]
mov cx, word [eax + 0x126d]
mov ax, word [eax + 0x126f]
mov word [ebp - 0x68], ax
mov eax, ecx
shr ax, 1
and eax, 1
add eax, 6
mov dword [ebp - 0x40], eax
mov eax, 0xf0
cdq
idiv dword [ebp - 0x40]
mov edx, ecx
shr dx, 6
and edx, 1
add edx, edx
shr word [ebp - 0x68], 9
mov byte [ebp - 0x75], al
mov eax, ecx
shr ax, 9
and eax, 1
shl eax, 2
shr cx, 2
or eax, edx
and ecx, 1
or eax, ecx
movzx eax, byte [ebp + eax - 0x2a]
mov word [ebp - 0x40], ax
mov eax, dword [ebp - 0x68]
and eax, 3
movzx eax, byte [ebp + eax - 0x35]
mov word [ebp - 0x68], ax

loc_fffb72c9:  ; not directly referenced
cmp dword [ebp - 0x70], 0
jne loc_fffb744e  ; jne 0xfffb744e
mov byte [ebp - 0x70], 0

loc_fffb72d7:  ; not directly referenced
movzx ecx, byte [ebx + 0x2489]
cmp byte [ebp - 0x70], cl
jae short loc_fffb735b  ; jae 0xfffb735b
push edx
movzx eax, byte [ebp - 0x70]
xor ecx, ecx
push edx
mov edx, dword [ebp - 0x3c]
push 0
push 1
push 0
push 0
push 0
push eax
mov dword [ebp - 0x74], eax
mov eax, ebx
call fcn_fffb6980  ; call 0xfffb6980
add esp, 0x18
mov edx, dword [ebp - 0x3c]
push 0
xor ecx, ecx
push 1
push 0
push 0
push 1
push dword [ebp - 0x74]
add word [ebp - 0x56], ax
mov eax, ebx
call fcn_fffb6980  ; call 0xfffb6980
add esp, 0x18
mov edx, dword [ebp - 0x3c]
push 0
xor ecx, ecx
push 1
push 0
push 0
push 6
push dword [ebp - 0x74]
add word [ebp - 0x4c], ax
mov eax, ebx
call fcn_fffb6980  ; call 0xfffb6980
xor edx, edx
add esp, 0x20
inc byte [ebp - 0x70]
div word [ebp - 0x88]
add word [ebp - 0x4a], ax
jmp near loc_fffb72d7  ; jmp 0xfffb72d7

loc_fffb735b:  ; not directly referenced
movzx eax, word [ebp - 0x56]
mov dword [ebp - 0x70], 1
cdq
idiv ecx
mov word [ebp - 0x56], ax
movzx eax, word [ebp - 0x4c]
cdq
idiv ecx
mov word [ebp - 0x4c], ax
movzx eax, word [ebp - 0x4a]
cdq
idiv ecx
cmp dword [ebp - 0x8c], 1
mov word [ebp - 0x4a], ax
jne loc_fffb744e  ; jne 0xfffb744e
push eax
mov edx, dword [ebp - 0x3c]
xor ecx, ecx
push eax
lea eax, [ebp - 0x24]
push eax
movzx eax, byte [ebx + 0x2489]
push 1
push 0
push 0
push 0xa
push eax
mov eax, ebx
mov dword [ebp - 0x24], 0
call fcn_fffb6980  ; call 0xfffb6980
mov eax, dword [ebp - 0x20]
add esp, 0x18
mov edx, dword [ebp - 0x3c]
xor ecx, ecx
mov dword [edi + 0x20], eax
mov eax, dword [ebp - 0x1c]
mov dword [edi + 0x24], eax
lea eax, [ebp - 0x24]
push eax
movzx eax, byte [ebx + 0x2489]
push 1
push 0
push 0
push 0xc
push eax
mov eax, ebx
mov dword [ebp - 0x24], 0
call fcn_fffb6980  ; call 0xfffb6980
mov eax, dword [ebp - 0x20]
add esp, 0x18
add dword [edi + 0x20], eax
xor ecx, ecx
mov eax, dword [ebp - 0x1c]
add dword [edi + 0x24], eax
lea eax, [ebp - 0x24]
mov edx, dword [ebp - 0x3c]
push eax
movzx eax, byte [ebx + 0x2489]
push 1
push 0
push 0
push 0xa
push eax
mov eax, ebx
mov dword [ebp - 0x24], 1
call fcn_fffb6980  ; call 0xfffb6980
mov eax, dword [ebp - 0x20]
add esp, 0x20
mov dword [edi + 0x28], eax
mov edx, dword [ebp - 0x1c]
add eax, edx
mov dword [ebp - 0x44], eax
mov eax, dword [edi + 0x20]
add dword [ebp - 0x44], eax
mov eax, dword [edi + 0x24]
add dword [ebp - 0x44], eax
mov eax, dword [ebp - 0x8c]
mov dword [edi + 0x2c], edx
mov dword [ebp - 0x70], eax

loc_fffb744e:  ; not directly referenced
cmp dword [ebp - 0x90], 1
jne short loc_fffb746e  ; jne 0xfffb746e
mov eax, dword [ebp - 0x68]
test ax, ax
cmove ax, word [ebp - 0x40]
mov word [ebp - 0x40], 0x3fff
mov word [ebp - 0x68], ax
jmp short loc_fffb7480  ; jmp 0xfffb7480

loc_fffb746e:  ; not directly referenced
mov ecx, dword [ebp - 0x40]
mov eax, 0x3fff
test cx, cx
cmovne eax, ecx
mov word [ebp - 0x40], ax

loc_fffb7480:  ; not directly referenced
movzx eax, word [ebp - 0x68]
movzx edx, word [ebp - 0x40]
movzx ecx, word [ebp - 0x56]
test ax, ax
cmove eax, edx
push eax
movzx eax, dx
push eax
movzx eax, word [ebp - 0x4c]
mov edx, esi
push eax
movzx eax, byte [ebp - 0x75]
push eax
mov eax, ebx
call fcn_fffa6d0f  ; call 0xfffa6d0f
mov ax, word [ebp - 0x4a]
add esp, 0x10
add word [esi + 0x30], ax
add ax, word [esi + 0x34]
add eax, dword [ebp - 0x44]
inc byte [ebp - 0x76]
mov word [esi + 0x34], ax
mov eax, dword [esi]
add dword [ebp - 0x6c], eax
mov eax, dword [esi + 4]
add dword [ebp - 0x6c], eax
mov eax, dword [esi + 0x14]
add dword [ebp - 0x6c], eax
mov eax, dword [esi + 8]
add dword [ebp - 0x50], eax
mov eax, dword [esi + 0x10]
add dword [ebp - 0x50], eax
mov eax, dword [esi + 0xc]
add dword [ebp - 0x50], eax
mov eax, dword [esi + 0x18]
add dword [ebp - 0x50], eax

loc_fffb74ec:  ; not directly referenced
inc dword [ebp - 0x54]
add esi, 0x36
cmp dword [ebp - 0x54], 4
jne loc_fffb71d0  ; jne 0xfffb71d0
inc dword [ebp - 0x3c]
add edi, 0xd8
add dword [ebp - 0x48], 0x13c3
cmp dword [ebp - 0x3c], 2
jne loc_fffb71a0  ; jne 0xfffb71a0
movzx edi, byte [ebp - 0x76]
movzx esi, word [ebp - 0x4a]
mov eax, edi
test al, al
mov al, 1
cmove edi, eax
xor edx, edx
mov eax, edi
movzx ecx, al
mov eax, dword [ebp - 0x6c]
div ecx
xor edx, edx
add esi, eax
mov eax, dword [ebp - 0x50]
div ecx
cmp byte [ebx + 0x3691], 0
jne short loc_fffb755f  ; jne 0xfffb755f
mov word [ebx + 0x3694], ax
mov eax, dword [ebp - 0x44]
mov word [ebx + 0x3692], si
mov word [ebx + 0x3696], ax
jmp short loc_fffb7577  ; jmp 0xfffb7577

loc_fffb755f:  ; not directly referenced
mov word [ebx + 0x369a], ax
mov eax, dword [ebp - 0x44]
mov word [ebx + 0x3698], si
mov word [ebx + 0x369c], ax

loc_fffb7577:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb757f:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x1c0
mov ebx, dword [ebp + 8]
lea esi, [ebp - 0x1c8]
mov eax, dword [ebx + 0x2444]
push 0
push 0x1b0
push esi
call dword [eax + 0x5c]  ; ucall
mov edx, esi
mov eax, ebx
call fcn_fffb7100  ; call 0xfffb7100
add esp, 0x10
cmp byte [ebx + 0x3691], 0
je loc_fffb7652  ; je 0xfffb7652
mov dx, word [ebx + 0x3692]
xor ecx, ecx
movzx eax, word [ebx + 0x3698]
cmp dx, ax
jbe short loc_fffb75e5  ; jbe 0xfffb75e5
movzx ecx, dx
xor edx, edx
mov edi, ecx
sub edi, eax
mov eax, edi
shl eax, 8
div ecx
mov cl, al

loc_fffb75e5:  ; not directly referenced
mov dx, word [ebx + 0x3694]
xor esi, esi
movzx eax, word [ebx + 0x369a]
cmp dx, ax
jbe short loc_fffb760c  ; jbe 0xfffb760c
movzx esi, dx
xor edx, edx
mov edi, esi
sub edi, eax
mov eax, edi
shl eax, 8
div esi
mov esi, eax

loc_fffb760c:  ; not directly referenced
movzx edi, word [ebx + 0x3696]
xor eax, eax
movzx edx, word [ebx + 0x369c]
cmp di, dx
jbe short loc_fffb762c  ; jbe 0xfffb762c
mov eax, edi
sub eax, edx
xor edx, edx
shl eax, 8
div edi

loc_fffb762c:  ; not directly referenced
xor edx, edx
mov dl, cl
mov ecx, esi
movzx eax, al
mov dh, cl
mov ecx, edx
mov edx, 0x59b8
shl eax, 0x10
and ecx, 0xff00ffff
or ecx, eax
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
jmp short loc_fffb7659  ; jmp 0xfffb7659

loc_fffb7652:  ; not directly referenced
mov byte [ebx + 0x3691], 1

loc_fffb7659:  ; not directly referenced
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb7663:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
xor esi, esi
push ebx
mov ebx, eax
sub esp, 0x34
mov dword [ebp - 0x1c], eax
mov eax, dword [eax + 0x18a7]
lea edi, [ebx + 0x3757]
mov byte [ebp - 0x1d], dl
mov edx, dword [ebx + 0x2481]
mov eax, dword [ebx + eax*4 + 0x3736]
push 0
push 1
push 0
push 0
push 1
push 0
mov dword [ebp - 0x30], eax
shr eax, 1
mov dword [ebp - 0x28], edx
xor edx, edx
mov dword [ebp - 0x2c], eax
mov eax, ebx
call fcn_fffb6980  ; call 0xfffb6980
add esp, 0x20
mov byte [ebp - 0x1e], 2
mov dword [ebp - 0x24], 0
mov dword [ebp - 0x34], eax

loc_fffb76c2:  ; not directly referenced
cmp dword [edi], 2
jne loc_fffb7779  ; jne 0xfffb7779
mov al, byte [edi + 0xc4]
xor ecx, ecx
mov byte [ebp - 0x1f], al

loc_fffb76d6:  ; not directly referenced
mov eax, 1
shl eax, cl
test byte [ebp - 0x1f], al
je loc_fffb776d  ; je 0xfffb776d
mov al, cl
inc esi
shr al, 1
movzx eax, al
imul eax, eax, 0x128
cmp dword [ebp - 0x28], 3
lea eax, [edi + eax + 0x126b]
jne short loc_fffb7720  ; jne 0xfffb7720
cmp byte [ebp - 0x1d], 0
mov ebx, 7
je short loc_fffb7761  ; je 0xfffb7761
movzx eax, word [eax + 6]
dec eax
and eax, 0xf
sub ebx, eax
mov eax, 1
cmove ebx, eax
jmp short loc_fffb7761  ; jmp 0xfffb7761

loc_fffb7720:  ; not directly referenced
cmp dword [ebp - 0x28], 2
jne short loc_fffb773c  ; jne 0xfffb773c
cmp byte [ebp - 0x1d], 0
mov ebx, 7
je short loc_fffb7761  ; je 0xfffb7761
movzx eax, word [eax + 2]
and eax, 6
sub ebx, eax
jmp short loc_fffb7761  ; jmp 0xfffb7761

loc_fffb773c:  ; not directly referenced
cmp byte [ebp - 0x1d], 0
mov ebx, 6
je short loc_fffb7761  ; je 0xfffb7761
mov bx, word [eax + 2]
mov eax, ebx
shr ax, 5
and eax, 1
shr bx, 1
add eax, eax
and ebx, 1
or ebx, eax
add ebx, 6

loc_fffb7761:  ; not directly referenced
mov eax, 0xf0
xor edx, edx
div ebx
add dword [ebp - 0x24], eax

loc_fffb776d:  ; not directly referenced
add ecx, 2
cmp ecx, 4
jne loc_fffb76d6  ; jne 0xfffb76d6

loc_fffb7779:  ; not directly referenced
add edi, 0x13c3
dec byte [ebp - 0x1e]
jne loc_fffb76c2  ; jne 0xfffb76c2
mov eax, esi
mov edi, dword [ebp - 0x34]
mov ecx, 1
test al, al
mov al, 1
cmove esi, eax
xor edx, edx
mov eax, esi
movzx esi, al
mov eax, dword [ebp - 0x24]
div esi
test eax, eax
sete bl
test di, di
sete dl
movzx edi, di
test bl, dl
mov ebx, dword [ebp - 0x30]
cmovne eax, ecx
xor edx, edx
add edi, eax
add edi, edi
imul esi, ebx, 0xfa00
mov eax, esi
div edi
mov edx, dword [ebp - 0x1c]
movzx edi, word [edx + 0x248a]
xor edx, edx
imul edi, edi, 0xc0
mov esi, eax
imul eax, ebx, 0x7d00
div edi
mov edx, dword [ebp - 0x1c]
mov edi, 0x64
imul eax, eax, 0x3e8
lea ebx, [esi + eax]
movzx esi, word [edx + 0x1902]
xor edx, edx
sub esi, dword [ebp - 0x2c]
shr ebx, 5
imul eax, esi, 0x3e8
div edi
mov di, 0xc8
xor edx, edx
mov esi, eax
imul eax, dword [ebp - 0x2c], 0x3e8
div edi
test esi, esi
cmove esi, ecx
mov edi, ecx
mov edx, 0x3a28
test eax, eax
cmovne edi, eax
mov eax, dword [ebp - 0x1c]
call fcn_fffb331f  ; call 0xfffb331f
xor edx, edx
mov ecx, eax
mov eax, ebx
div edi
mov edi, 0xf
add eax, eax
cmp eax, 0xf
cmovbe edi, eax
mov eax, ebx
xor edx, edx
and edi, 0xf
div esi
and ecx, 0xfffe00ff
mov esi, dword [ebp - 0x1c]
mov edx, 0x1f
shl edi, 8
lea ebx, [eax + eax]
mov eax, esi
cmp ebx, 0x1f
cmovbe edx, ebx
or ecx, edi
and edx, 0x1f
shl edx, 0xc
or ecx, edx
mov edx, 0x3a28
and ecx, 0xff0fffff
or ecx, 0x800000
call fcn_fffb3381  ; call 0xfffb3381
mov edx, 0x5f08
mov eax, esi
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x5f08
or ah, 1
mov ecx, eax
mov eax, esi
call fcn_fffb3381  ; call 0xfffb3381
lea esp, [ebp - 0xc]
mov eax, esi
pop ebx
mov edx, 0xe1
pop esi
pop edi
pop ebp
jmp near fcn_fffa82f9  ; jmp 0xfffa82f9

fcn_fffb78c3:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov bl, cl
sub esp, 0xb0
mov esi, dword [ebp + 0x10]
mov cl, byte [ebp + 0x14]
mov dword [ebp - 0x74], eax
mov dword [ebp - 0x6c], esi
mov esi, dword [ebp + 0x20]
mov byte [ebp - 0x8a], cl
mov ecx, esi
mov byte [ebp - 0x9b], cl
mov cl, byte [ebp + 0x28]
mov dword [ebp - 0x94], esi
mov esi, dword [eax + 0x2444]
mov byte [ebp - 0x8c], cl
mov ecx, eax
movzx eax, dl
mov dword [ebp - 0x90], eax
imul eax, eax, 0x13c3
lea edi, [ecx + eax + 0x3757]
mov eax, dword [edi + 0xc0]
mov dword [ebp - 0x98], eax
mov eax, dword [ecx + 0x188b]
push 0
push 0x36
mov dword [ebp - 0x7c], eax
lea eax, [ebp - 0x4e]
push eax
call dword [esi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 4
lea eax, [ebp - 0x5e]
push eax
call dword [esi + 0x60]  ; ucall
add esp, 0xc
push 0xffff
push 4
lea eax, [ebp - 0x56]
push eax
call dword [esi + 0x60]  ; ucall
add esp, 0x10
cmp dword [ebp - 0x7c], 1
mov dword [ebp - 0x88], 0
jne short loc_fffb7996  ; jne 0xfffb7996
cmp byte [edi + 0x1390], 5
mov al, byte [edi + 0x1268]
je short loc_fffb798c  ; je 0xfffb798c
cmp al, 5
sete al
movzx eax, al
mov dword [ebp - 0x88], eax
jmp short loc_fffb7996  ; jmp 0xfffb7996

loc_fffb798c:  ; not directly referenced
mov dword [ebp - 0x88], 1

loc_fffb7996:  ; not directly referenced
movzx eax, byte [ebp - 0x6c]
mov esi, dword [ebp + 0xc]
mov word [ebp - 0x6c], 0
mov byte [ebp - 0x8b], 0
mov edi, eax
mov dword [ebp - 0xa0], eax
movzx eax, byte [ebp - 0x94]
mov word [ebp - 0x6e], 0xffff
mov word [ebp - 0x70], 0
imul eax, edi
add edi, edi
mov dword [ebp - 0xa4], edi
lea eax, [esi + eax*2]
mov esi, dword [ebp - 0x90]
mov dword [ebp - 0x80], eax
mov eax, dword [ebp + 8]
mov dword [ebp - 0x84], eax
mov eax, esi
add eax, esi
mov dword [ebp - 0xa8], eax
movzx eax, bl
mov dword [ebp - 0xac], eax

loc_fffb79f8:  ; not directly referenced
mov al, byte [ebp - 0x8a]
mov bl, byte [ebp - 0x8b]
cmp bl, al
je loc_fffb7bd7  ; je 0xfffb7bd7
movzx eax, bl
mov ebx, dword [ebp + 0xc]
xor ecx, ecx
lea ebx, [ebx + eax*2]
xor eax, eax

loc_fffb7a19:  ; not directly referenced
cmp byte [ebp - 0x9b], al
jbe short loc_fffb7a46  ; jbe 0xfffb7a46
mov dx, word [ebx + ecx]
cmp word [ebp + eax*2 - 0x5e], dx
jae short loc_fffb7a31  ; jae 0xfffb7a31
mov word [ebp + eax*2 - 0x5e], dx

loc_fffb7a31:  ; not directly referenced
cmp word [ebp + eax*2 - 0x56], dx
jbe short loc_fffb7a3d  ; jbe 0xfffb7a3d
mov word [ebp + eax*2 - 0x56], dx

loc_fffb7a3d:  ; not directly referenced
inc eax
add ecx, dword [ebp - 0xa4]
jmp short loc_fffb7a19  ; jmp 0xfffb7a19

loc_fffb7a46:  ; not directly referenced
cmp dword [ebp + 0x24], 0
jne loc_fffb7b8a  ; jne 0xfffb7b8a
mov edi, dword [ebp - 0x84]
xor esi, esi
xor ebx, ebx
mov eax, dword [ebp - 0x74]
movsx edx, byte [edi + 8]
call fcn_fffa6cac  ; call 0xfffa6cac
add edi, dword [ebp - 0xa8]
mov byte [ebp - 0x89], 0
mov byte [ebp - 0x78], 0
mov word [ebp - 0x9a], ax

loc_fffb7a7e:  ; not directly referenced
mov eax, dword [ebp - 0xac]
bt eax, esi
jae short loc_fffb7b03  ; jae 0xfffb7b03
push eax
mov edx, dword [ebp - 0x90]
push eax
mov eax, dword [ebp - 0x74]
push 0
push 1
push 0
push 0
push 9
lea ecx, [esi + esi]
push 0
call fcn_fffb6980  ; call 0xfffb6980
movzx edx, byte [edi + esi + 4]
add esp, 0x20
add byte [ebp - 0x78], al
movzx ecx, byte [edx + ref_fffd52a4]  ; movzx ecx, byte [edx - 0x2ad5c]
movzx eax, byte [edi + esi]
cmp dword [ebp - 0x98], 1
mov word [ebp - 0x6c], cx
movzx eax, byte [eax + ref_fffd52a4]  ; movzx eax, byte [eax - 0x2ad5c]
jne short loc_fffb7ae3  ; jne 0xfffb7ae3
test cx, cx
cmovne eax, ecx
mov word [ebp - 0x6c], ax
mov eax, 0x3fff
jmp short loc_fffb7aee  ; jmp 0xfffb7aee

loc_fffb7ae3:  ; not directly referenced
test ax, ax
mov edx, 0x3fff
cmove eax, edx

loc_fffb7aee:  ; not directly referenced
mov ecx, dword [ebp - 0x6c]
test cx, cx
cmove ecx, eax
add ebx, eax
inc byte [ebp - 0x89]
mov word [ebp - 0x6c], cx

loc_fffb7b03:  ; not directly referenced
inc esi
cmp esi, 2
jne loc_fffb7a7e  ; jne 0xfffb7a7e
cmp byte [ebp - 0x89], 0
je short loc_fffb7b35  ; je 0xfffb7b35
movzx esi, byte [ebp - 0x89]
movzx eax, bx
cdq
mov ebx, esi
movzx ecx, bl
idiv ecx
mov ecx, esi
mov ebx, eax
movzx eax, byte [ebp - 0x78]
div cl
mov byte [ebp - 0x78], al

loc_fffb7b35:  ; not directly referenced
lea eax, [ebx - 0x79]
mov ecx, 0x1e
cmp ax, 0x3f85
mov eax, 0xf0
cmovbe ebx, eax
movzx eax, word [ebp - 0x6c]
movzx ebx, bx
lea edx, [ebp - 0x4e]
lea esi, [ebp - 0x4e]
push eax
movzx eax, word [ebp - 0x9a]
push ebx
push eax
movzx eax, byte [ebp - 0x78]
push eax
mov eax, dword [ebp - 0x74]
call fcn_fffa6d0f  ; call 0xfffa6d0f
mov ax, word [ebp - 0x1a]
mov ecx, 0x36
mov edi, dword [ebp - 0x80]
add esp, 0x10
mov word [edi], ax
mov eax, dword [ebp - 0x84]
lea edi, [eax + 0xd]
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]

loc_fffb7b8a:  ; not directly referenced
mov eax, dword [ebp - 0x80]
cmp byte [ebp - 0x8a], 1
mov ax, word [eax]
je short loc_fffb7bb4  ; je 0xfffb7bb4
mov edx, dword [ebp - 0x70]
mov bx, word [ebp - 0x6e]
cmp ax, dx
cmovae edx, eax
cmp bx, ax
cmovbe eax, ebx
mov word [ebp - 0x6e], ax
mov eax, edx
jmp short loc_fffb7bba  ; jmp 0xfffb7bba

loc_fffb7bb4:  ; not directly referenced
mov word [ebp - 0x6e], 0

loc_fffb7bba:  ; not directly referenced
inc byte [ebp - 0x8b]
add dword [ebp - 0x80], 2
add dword [ebp - 0x84], 0x54e
mov word [ebp - 0x70], ax
jmp near loc_fffb79f8  ; jmp 0xfffb79f8

loc_fffb7bd7:  ; not directly referenced
mov edi, dword [ebp - 0x94]
mov al, 4
mov word [ebp - 0x6c], 0x7fff
mov word [ebp - 0x80], 0
mov ebx, edi
cmp bl, 4
cmovbe eax, edi
xor edi, edi
mov byte [ebp - 0x78], al
mov eax, dword [ebp - 0x88]
xor eax, 1
and eax, 1
mov byte [ebp - 0x89], al

loc_fffb7c0a:  ; not directly referenced
mov eax, edi
cmp byte [ebp - 0x78], al
jbe loc_fffb7cd7  ; jbe 0xfffb7cd7
mov si, word [ebp + edi*2 - 0x5e]
add word [ebp - 0x80], si
cmp byte [ebp - 0x8c], 6
mov eax, dword [ebp + 0x18]
sete dl
cmp dword [ebp - 0x7c], 1
mov cl, byte [eax + edi]
sete al
xor ebx, ebx
test dl, al
je short loc_fffb7c46  ; je 0xfffb7c46
cmp cl, 1
mov eax, 0x28
cmove ebx, eax

loc_fffb7c46:  ; not directly referenced
cmp byte [ebp - 0x8c], 8
setne dl
cmp dword [ebp - 0x7c], 1
setne al
or dl, al
jne short loc_fffb7c6f  ; jne 0xfffb7c6f
cmp cl, 2
setne al
or al, byte [ebp - 0x89]
mov eax, 0x50
cmove ebx, eax

loc_fffb7c6f:  ; not directly referenced
movzx eax, si
mov esi, dword [ebp + 0x1c]
cdq
movzx esi, byte [esi + edi]
idiv esi
movzx esi, cl
mov edx, esi
xor ecx, ecx
mov dword [ebp - 0x84], esi
mov dword [ebp - 0x88], eax
mov eax, dword [ebp - 0x74]
call fcn_fffaab72  ; call 0xfffaab72
mov edx, dword [ebp - 0x84]
mov ecx, 1
movzx esi, ax
mov eax, dword [ebp - 0x74]
call fcn_fffaab72  ; call 0xfffaab72
mov edx, dword [ebp - 0x88]
sub edx, esi
imul edx, edx, 0x64
movzx eax, ax
add ebx, eax
sub ebx, esi
mov eax, edx
cdq
idiv ebx
mov ebx, dword [ebp - 0x6c]
cmp bx, ax
cmovle eax, ebx
inc edi
mov word [ebp - 0x6c], ax
jmp near loc_fffb7c0a  ; jmp 0xfffb7c0a

loc_fffb7cd7:  ; not directly referenced
movzx eax, word [ebp - 0x80]
mov ebx, 0x64
movzx ecx, byte [ebp - 0x78]
cdq
idiv ecx
mov dword [ebp - 0x74], eax
movsx eax, word [ebp - 0x6c]
imul eax, eax, 0x41
cdq
idiv ebx
xor bl, bl
movzx edi, ax
cmp ax, 0x64
jbe short loc_fffb7d07  ; jbe 0xfffb7d07
lea ebx, [eax - 0x64]
mov edi, 0x64

loc_fffb7d07:  ; not directly referenced
imul ecx, dword [ebp - 0xa0]
movzx ebx, bx
mov eax, dword [ebp + 0xc]
lea esi, [eax + ecx*2]
xor ecx, ecx
lea eax, [edi + ebx]
mov dword [ebp - 0x7c], eax
movzx eax, word [ebp - 0x6e]
mov dword [ebp - 0x80], eax
movzx eax, word [ebp - 0x70]
mov dword [ebp - 0x84], eax

loc_fffb7d30:  ; not directly referenced
cmp byte [ebp - 0x8a], cl
jbe short loc_fffb7d96  ; jbe 0xfffb7d96
cmp word [ebp - 0x6c], 0
jns short loc_fffb7d47  ; jns 0xfffb7d47
mov word [esi + ecx*2], 1
jmp short loc_fffb7d93  ; jmp 0xfffb7d93

loc_fffb7d47:  ; not directly referenced
mov ax, word [ebp - 0x6e]
cmp word [ebp - 0x70], ax
je short loc_fffb7d6b  ; je 0xfffb7d6b
movzx eax, word [esi + ecx*2]
sub eax, dword [ebp - 0x80]
imul eax, eax, 0x64
cdq
idiv dword [ebp - 0x84]
mov edx, 0x64
sub edx, eax
jmp short loc_fffb7d6d  ; jmp 0xfffb7d6d

loc_fffb7d6b:  ; not directly referenced
xor edx, edx

loc_fffb7d6d:  ; not directly referenced
movzx edx, dx
mov ebx, 0x64
imul edx, dword [ebp - 0x7c]
mov eax, ebx
sub eax, edi
mov dword [ebp - 0x78], eax
mov eax, edx
cdq
idiv ebx
add eax, dword [ebp - 0x78]
imul eax, dword [ebp - 0x74]
cdq
idiv ebx
mov word [esi + ecx*2], ax

loc_fffb7d93:  ; not directly referenced
inc ecx
jmp short loc_fffb7d30  ; jmp 0xfffb7d30

loc_fffb7d96:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb7d9e:
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
push ebx
mov ebx, edx
sub esp, 0x1c

loc_fffb7dab:
test ebx, ebx
jle short loc_fffb7dd8  ; jle 0xfffb7dd8
cmp ebx, 0x10
mov esi, 0x10
cmovle esi, ebx
push eax
push esi
push edi
push dword [ecx]
mov dword [ebp - 0x1c], ecx
call fcn_fffa5c76  ; call 0xfffa5c76
mov ecx, dword [ebp - 0x1c]
add esp, 0x10
mov dword [ecx], eax
test eax, eax
jne short loc_fffb7ddc  ; jne 0xfffb7ddc
or eax, 0xffffffff
jmp short loc_fffb7de0  ; jmp 0xfffb7de0

loc_fffb7dd8:
xor eax, eax
jmp short loc_fffb7de0  ; jmp 0xfffb7de0

loc_fffb7ddc:
sub ebx, esi
jmp short loc_fffb7dab  ; jmp 0xfffb7dab

loc_fffb7de0:
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb7de8:
push ebp
mov ebp, esp
push edi
mov edi, ecx
push esi
mov esi, edx
push ebx
mov ebx, eax
sub esp, 0xc
test edx, edx
jne short loc_fffb7e0d  ; jne 0xfffb7e0d

loc_fffb7dfb:
test edi, edi
setne dl
cmp dword [ebp + 8], 0
setne al
test dl, al
je short loc_fffb7e3a  ; je 0xfffb7e3a
jmp short loc_fffb7e22  ; jmp 0xfffb7e22

loc_fffb7e0d:
mov ecx, eax
mov eax, ref_fffd52c0  ; mov eax, 0xfffd52c0
call fcn_fffb7d9e  ; call 0xfffb7d9e
test eax, eax
jns short loc_fffb7dfb  ; jns 0xfffb7dfb

loc_fffb7e1d:
or eax, 0xffffffff
jmp short loc_fffb7e98  ; jmp 0xfffb7e98

loc_fffb7e22:
push edx
push dword [ebp + 8]
push edi
push dword [ebx]
call fcn_fffa5c76  ; call 0xfffa5c76
add esp, 0x10
mov dword [ebx], eax
test eax, eax
je short loc_fffb7e1d  ; je 0xfffb7e1d
add esi, dword [ebp + 8]

loc_fffb7e3a:
cmp dword [ebp + 0xc], 0
jne short loc_fffb7e4b  ; jne 0xfffb7e4b

loc_fffb7e40:
add esi, dword [ebp + 0xc]
cmp dword [ebp + 0x14], 0
je short loc_fffb7e77  ; je 0xfffb7e77
jmp short loc_fffb7e60  ; jmp 0xfffb7e60

loc_fffb7e4b:
mov edx, dword [ebp + 0xc]
mov ecx, ebx
mov eax, ref_fffd52ac  ; mov eax, 0xfffd52ac
call fcn_fffb7d9e  ; call 0xfffb7d9e
test eax, eax
jns short loc_fffb7e40  ; jns 0xfffb7e40
jmp short loc_fffb7e1d  ; jmp 0xfffb7e1d

loc_fffb7e60:
push eax
push dword [ebp + 0x14]
push dword [ebp + 0x10]
push dword [ebx]
call fcn_fffa5c76  ; call 0xfffa5c76
add esp, 0x10
mov dword [ebx], eax
test eax, eax
je short loc_fffb7e1d  ; je 0xfffb7e1d

loc_fffb7e77:
add esi, dword [ebp + 0x14]
cmp dword [ebp + 0x18], 0
je short loc_fffb7e93  ; je 0xfffb7e93
mov edx, dword [ebp + 0x18]
mov ecx, ebx
mov eax, ref_fffd52c0  ; mov eax, 0xfffd52c0
call fcn_fffb7d9e  ; call 0xfffb7d9e
test eax, eax
js short loc_fffb7e1d  ; js 0xfffb7e1d

loc_fffb7e93:
mov eax, dword [ebp + 0x18]
add eax, esi

loc_fffb7e98:
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb7ea0:
mov ecx, 0xce
rdmsr
movzx ecx, ah
xor edx, edx
imul ecx, ecx, 0x186a0
xor eax, eax
test ecx, ecx
je short loc_fffb7ecc  ; je 0xfffb7ecc
push ebp
mov ebp, esp
sub esp, 0xc
rdtsc
push ecx
push edx
push eax
call fcn_fffd2b90  ; call 0xfffd2b90
add esp, 0x10
leave

loc_fffb7ecc:
ret

fcn_fffb7ecd:
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
mov ebx, dword [ebp + 8]
mov esi, dword [ebx + 0x2444]
mov edi, dword [ebx + 0x18c1]
push 0xe4
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
add edi, eax
mov dword [esp], edi
add edi, 4
call dword [esi + 0x20]  ; ucall
mov dword [esp], edi
mov dword [ebp - 0x2c], eax
call dword [esi + 0x20]  ; ucall
add esp, 0x10
mov edx, dword [ebp - 0x2c]
cmp eax, dword [ebx + 0x14]
jne short loc_fffb7f17  ; jne 0xfffb7f17
cmp edx, dword [ebx + 0x10]
je short loc_fffb7f21  ; je 0xfffb7f21

loc_fffb7f17:
mov eax, 0x18
jmp near loc_fffb7fe6  ; jmp 0xfffb7fe6

loc_fffb7f21:
lea eax, [ebx + 0x1165]
xor esi, esi
mov dword [ebp - 0x30], eax

loc_fffb7f2c:
lea eax, [ebx + esi + 0x196b]
xor edi, edi
mov dword [ebp - 0x34], eax
mov eax, dword [ebp - 0x30]
mov dword [ebp - 0x2c], eax
lea eax, [esi + 0x1afb]
mov dword [ebp - 0x38], eax

loc_fffb7f47:
mov eax, dword [ebp - 0x34]
cmp dword [eax + edi + 8], 1
jne short loc_fffb7f59  ; jne 0xfffb7f59
mov word [ebp - 0x1a], 0
jmp short loc_fffb7f9f  ; jmp 0xfffb7f9f

loc_fffb7f59:
lea eax, [ebx + edi]
mov al, byte [esi + eax + 0x19bd]
cmp al, 0xf1
sete cl
cmp al, 0xb
sete dl
or cl, dl
je short loc_fffb7f81  ; je 0xfffb7f81
lea eax, [edi + esi + 0x1a30]
mov edx, 0xb
add eax, ebx
jmp short loc_fffb7f97  ; jmp 0xfffb7f97

loc_fffb7f81:
cmp al, 0xc
jne short loc_fffb7f93  ; jne 0xfffb7f93
mov eax, dword [ebp - 0x38]
mov edx, 9
add eax, edi
add eax, ebx
jmp short loc_fffb7f97  ; jmp 0xfffb7f97

loc_fffb7f93:
xor edx, edx
xor eax, eax

loc_fffb7f97:
lea ecx, [ebp - 0x1a]
call fcn_fffb3d76  ; call 0xfffb3d76

loc_fffb7f9f:
mov eax, dword [ebp - 0x2c]
mov ax, word [eax]
cmp word [ebp - 0x1a], ax
jne loc_fffb7f17  ; jne 0xfffb7f17
add edi, 0x277
add dword [ebp - 0x2c], 0x128
cmp edi, 0x4ee
jne short loc_fffb7f47  ; jne 0xfffb7f47
add esi, 0x54a
add dword [ebp - 0x30], 0x433
cmp esi, 0xa94
jne loc_fffb7f2c  ; jne 0xfffb7f2c
mov byte [ebx + 0x247c], 1
xor eax, eax

loc_fffb7fe6:
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb7fee:
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x34
mov edi, dword [ebp + 0x10]
mov edx, dword [ebp + 0xc]
lea eax, [ebp - 0x1c]
push eax
mov ebx, dword [ebp + 0x14]
movzx esi, di
lea eax, [esi + 0xc]
push eax
mov dword [ebp - 0x2c], edx
call fcn_fffb05b9  ; call 0xfffb05b9
add esp, 0x10
mov edx, dword [ebp - 0x2c]
test eax, eax
jns short loc_fffb8024  ; jns 0xfffb8024
mov dword [ebp - 0x1c], 0

loc_fffb8024:
mov eax, dword [ebp - 0x1c]
test eax, eax
je short loc_fffb8068  ; je 0xfffb8068
lea ecx, [eax + 4]
mov dword [ebx], ecx
mov word [eax + 4], dx
mov edx, dword [ebx]
mov word [edx + 2], di
mov edx, dword [ebx]
mov dword [edx + 4], 0
add esi, dword [ebx]
mov word [esi], 0xffff
mov word [esi + 2], 8
mov dword [esi + 4], 0
mov edx, dword [0xff7d0270]
mov dword [eax], edx
mov dword [0xff7d0270], eax
xor eax, eax
jmp short loc_fffb806d  ; jmp 0xfffb806d

loc_fffb8068:
mov eax, 0x80000009

loc_fffb806d:
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb8075:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x38
mov edi, dword [ebp + 8]
push edi
call fcn_fffb9a46  ; call 0xfffb9a46
add esp, 0x10
mov ebx, eax
test eax, eax
js loc_fffb8201  ; js 0xfffb8201
cmp edi, 1
je short loc_fffb80a7  ; je 0xfffb80a7
cmp edi, 2
je loc_fffb814a  ; je 0xfffb814a
jmp near loc_fffb8205  ; jmp 0xfffb8205

loc_fffb80a7:  ; not directly referenced
mov eax, dword [ebp + 0xc]
sub esp, 0xc
mov dword [ebp - 0x20], eax
mov eax, dword [0xff7d0084]
or byte [ebp - 0x1d], 0x80
mov eax, dword [eax + 0x14]
add eax, 0x48
push eax
call fcn_fffb3fc4  ; call 0xfffb3fc4
mov edi, eax
pop eax
and edi, 0xfffffffe
pop edx
push dword [ebp - 0x20]
lea esi, [edi + 0x5da4]
add edi, 0x5da0
push esi
call fcn_fffb3ffa  ; call 0xfffb3ffa
mov dword [esp], 1
call fcn_fffb9a46  ; call 0xfffb9a46
mov dword [esp], esi
call fcn_fffb3fc4  ; call 0xfffb3fc4
mov dword [esp], edi
mov dword [ebp - 0x20], eax
call fcn_fffb3fc4  ; call 0xfffb3fc4
mov dword [esp], 0xa
mov dword [ebp - 0x1c], eax
call fcn_fffb93ec  ; call 0xfffb93ec
mov dword [esp], esi
call fcn_fffb3fc4  ; call 0xfffb3fc4
mov dword [esp], edi
mov esi, eax
call fcn_fffb3fc4  ; call 0xfffb3fc4
mov edx, dword [ebp - 0x20]
add esp, 0x10
cmp edx, esi
je short loc_fffb813a  ; je 0xfffb813a
cmp dword [ebp - 0x1c], eax
je short loc_fffb813a  ; je 0xfffb813a

loc_fffb8130:  ; not directly referenced
mov eax, 0x80000002
jmp near loc_fffb820a  ; jmp 0xfffb820a

loc_fffb813a:  ; not directly referenced
mov eax, dword [ebp + 0x14]
mov dword [eax], edx
lea eax, [ebp - 0x1c]
push ecx
push 4
jmp near loc_fffb81f5  ; jmp 0xfffb81f5

loc_fffb814a:  ; not directly referenced
mov eax, dword [ebp + 0xc]
mov dword [ebp - 0x24], eax
mov eax, dword [ebp + 0x10]
mov eax, dword [eax]
push edx
push 8
or byte [ebp - 0x21], 0x80
mov dword [ebp - 0x28], eax
lea eax, [ebp - 0x28]
push eax
lea eax, [ebp - 0x30]
push eax
call fcn_fffb01dc  ; call 0xfffb01dc
mov eax, dword [ebp - 0x30]
mov ecx, 0x150
mov edx, dword [ebp - 0x2c]
wrmsr
mov dword [esp], 2
call fcn_fffb9a46  ; call 0xfffb9a46
mov ecx, 0x150
rdmsr
add esp, 0xc
push 8
mov dword [ebp - 0x30], eax
lea eax, [ebp - 0x30]
push eax
lea eax, [ebp - 0x28]
push eax
mov dword [ebp - 0x2c], edx
call fcn_fffb01dc  ; call 0xfffb01dc
mov dword [esp], 0xa
call fcn_fffb93ec  ; call 0xfffb93ec
mov ecx, 0x150
rdmsr
add esp, 0xc
push 8
mov dword [ebp - 0x30], eax
lea eax, [ebp - 0x30]
push eax
lea eax, [ebp - 0x20]
push eax
mov dword [ebp - 0x2c], edx
call fcn_fffb01dc  ; call 0xfffb01dc
mov eax, dword [ebp - 0x1c]
add esp, 0x10
cmp dword [ebp - 0x24], eax
je short loc_fffb81e6  ; je 0xfffb81e6
mov eax, dword [ebp - 0x20]
cmp dword [ebp - 0x28], eax
jne loc_fffb8130  ; jne 0xfffb8130

loc_fffb81e6:  ; not directly referenced
movzx eax, byte [ebp - 0x24]
mov edx, dword [ebp + 0x14]
mov dword [edx], eax
push eax
push 4
lea eax, [ebp - 0x28]

loc_fffb81f5:  ; not directly referenced
push eax
push dword [ebp + 0x10]
call fcn_fffb01dc  ; call 0xfffb01dc
add esp, 0x10

loc_fffb8201:  ; not directly referenced
mov eax, ebx
jmp short loc_fffb820a  ; jmp 0xfffb820a

loc_fffb8205:  ; not directly referenced
mov eax, 0x80000003

loc_fffb820a:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

mrc_printk_:
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0xfc
mov ecx, dword [ebp + 8]
lea ebx, [ebp + 0xc]
mov dword [ebp - 0xa8], ebx
mov dword [ebp - 0xa4], 0
test ecx, ecx
je short loc_fffb8286  ; je 0xfffb8286
mov dword [ebp - 0xf8], 0
mov dword [ebp - 0xe4], 0
jmp short loc_fffb829b  ; jmp 0xfffb829b

loc_fffb824e:
cmp dl, 0x2a
jne loc_fffb82ef  ; jne 0xfffb82ef
mov ecx, dword [ebx]
lea eax, [ebx + 4]
mov dword [ebp - 0xe0], ecx
test ecx, ecx
jns short loc_fffb8273  ; jns 0xfffb8273
neg dword [ebp - 0xe0]
or dword [ebp - 0xc4], 4

loc_fffb8273:
inc edi
mov ebx, eax

loc_fffb8276:
cmp dword [ebp - 0xe0], 0x1f4
jle loc_fffb8347  ; jle 0xfffb8347

loc_fffb8286:
or eax, 0xffffffff
jmp near loc_fffb8de1  ; jmp 0xfffb8de1

loc_fffb828e:
mov edi, esi
sub edi, ecx
jne short loc_fffb82b9  ; jne 0xfffb82b9

loc_fffb8294:
cmp byte [esi], 0
jne short loc_fffb82dc  ; jne 0xfffb82dc
mov ecx, esi

loc_fffb829b:
cmp byte [ecx], 0
je loc_fffb8da6  ; je 0xfffb8da6
mov esi, ecx

loc_fffb82a6:
mov al, byte [esi]
cmp al, 0x25
setne dl
test al, al
setne al
test dl, al
je short loc_fffb828e  ; je 0xfffb828e
inc esi
jmp short loc_fffb82a6  ; jmp 0xfffb82a6

loc_fffb82b9:
push eax
push edi
push ecx
push dword [ebp - 0xa4]
call fcn_fffa5c76  ; call 0xfffa5c76
add esp, 0x10
mov dword [ebp - 0xa4], eax
test eax, eax
je short loc_fffb8286  ; je 0xfffb8286
add dword [ebp - 0xe4], edi
jmp short loc_fffb8294  ; jmp 0xfffb8294

loc_fffb82dc:
lea edi, [esi + 1]
mov dword [ebp - 0xc4], 0

loc_fffb82e9:
mov dl, byte [edi]
test dl, dl
jne short loc_fffb82fb  ; jne 0xfffb82fb

loc_fffb82ef:
mov dword [ebp - 0xe0], 0
jmp short loc_fffb8337  ; jmp 0xfffb8337

loc_fffb82fb:
mov eax, ref_fffd531c  ; mov eax, 0xfffd531c

loc_fffb8300:
mov cl, byte [eax]
cmp cl, dl
je loc_fffb8dae  ; je 0xfffb8dae
test cl, cl
je loc_fffb824e  ; je 0xfffb824e
inc eax
jmp short loc_fffb8300  ; jmp 0xfffb8300

loc_fffb8315:
cmp dword [ebp - 0xe0], 0x1f3
jg loc_fffb8276  ; jg 0xfffb8276
imul edx, dword [ebp - 0xe0], 0xa
inc edi
lea eax, [edx + eax - 0x30]
mov dword [ebp - 0xe0], eax

loc_fffb8337:
movsx eax, byte [edi]
lea edx, [eax - 0x30]
cmp dl, 9
jbe short loc_fffb8315  ; jbe 0xfffb8315
jmp near loc_fffb8276  ; jmp 0xfffb8276

loc_fffb8347:
cmp byte [edi], 0x2e
mov dword [ebp - 0xd0], 0xffffffff
jne short loc_fffb83c0  ; jne 0xfffb83c0
cmp byte [edi + 1], 0x2a
je short loc_fffb8369  ; je 0xfffb8369
inc edi
mov dword [ebp - 0xd0], 0
jmp short loc_fffb83a5  ; jmp 0xfffb83a5

loc_fffb8369:
mov ecx, dword [ebx]
lea eax, [ebx + 4]
mov dword [ebp - 0xd0], ecx
cmp ecx, 0x1f4
jg loc_fffb8286  ; jg 0xfffb8286
add edi, 2
mov ebx, eax
jmp short loc_fffb83c0  ; jmp 0xfffb83c0

loc_fffb8387:
cmp dword [ebp - 0xd0], 0x1f3
jg short loc_fffb83b0  ; jg 0xfffb83b0
imul edx, dword [ebp - 0xd0], 0xa
inc edi
lea eax, [edx + eax - 0x30]
mov dword [ebp - 0xd0], eax

loc_fffb83a5:
movsx eax, byte [edi]
lea edx, [eax - 0x30]
cmp dl, 9
jbe short loc_fffb8387  ; jbe 0xfffb8387

loc_fffb83b0:
cmp dword [ebp - 0xd0], 0x1f4
jg loc_fffb8286  ; jg 0xfffb8286

loc_fffb83c0:
cmp byte [edi], 0x3a
mov dword [ebp - 0xc0], 0
jne short loc_fffb8432  ; jne 0xfffb8432
cmp byte [edi + 1], 0x2a
jne short loc_fffb8419  ; jne 0xfffb8419
mov esi, dword [ebx]
lea eax, [ebx + 4]
mov dword [ebp - 0xc0], esi
test esi, esi
js short loc_fffb83ee  ; js 0xfffb83ee
cmp esi, 0x24
jle short loc_fffb83f8  ; jle 0xfffb83f8
jmp near loc_fffb8286  ; jmp 0xfffb8286

loc_fffb83ee:
mov dword [ebp - 0xc0], 0

loc_fffb83f8:
add edi, 2
mov ebx, eax
jmp short loc_fffb8432  ; jmp 0xfffb8432

loc_fffb83ff:
cmp dword [ebp - 0xc0], 0x23
jg short loc_fffb8425  ; jg 0xfffb8425
imul ecx, dword [ebp - 0xc0], 0xa
lea eax, [ecx + eax - 0x30]
mov dword [ebp - 0xc0], eax

loc_fffb8419:
inc edi
movsx eax, byte [edi]
lea edx, [eax - 0x30]
cmp dl, 9
jbe short loc_fffb83ff  ; jbe 0xfffb83ff

loc_fffb8425:
cmp dword [ebp - 0xc0], 0x24
jg loc_fffb8286  ; jg 0xfffb8286

loc_fffb8432:
cmp byte [edi], 0x5b
mov dword [ebp - 0xd8], 0
jne short loc_fffb846a  ; jne 0xfffb846a
lea eax, [edi + 1]
not edi
mov dword [ebp - 0xf8], eax

loc_fffb844c:
mov dl, byte [eax]
lea esi, [edi + eax]
mov dword [ebp - 0xd8], esi
mov esi, eax
test dl, dl
je loc_fffb8286  ; je 0xfffb8286
inc eax
cmp dl, 0x5d
jne short loc_fffb844c  ; jne 0xfffb844c
lea edi, [esi + 1]

loc_fffb846a:
mov al, byte [edi]
mov esi, ref_fffd631f  ; mov esi, 0xfffd631f
test al, al
je short loc_fffb84a2  ; je 0xfffb84a2

loc_fffb8475:
mov dl, byte [esi]
cmp dl, al
je short loc_fffb8486  ; je 0xfffb8486
test dl, dl
je short loc_fffb8482  ; je 0xfffb8482
inc esi
jmp short loc_fffb8475  ; jmp 0xfffb8475

loc_fffb8482:
xor eax, eax
jmp short loc_fffb84a2  ; jmp 0xfffb84a2

loc_fffb8486:
mov dl, byte [edi + 1]
lea esi, [edi + 1]
test dl, dl
je loc_fffb8dc6  ; je 0xfffb8dc6
cmp dl, al
jne loc_fffb8dc6  ; jne 0xfffb8dc6
or eax, 1
add edi, 2

loc_fffb84a2:
mov dl, byte [edi]
test dl, dl
jne short loc_fffb84b2  ; jne 0xfffb84b2
mov ecx, dword [ebx]
add ebx, 4
jmp near loc_fffb829b  ; jmp 0xfffb829b

loc_fffb84b2:
mov byte [ebp - 0xc8], 0
cmp dl, 0x43
jne short loc_fffb84d4  ; jne 0xfffb84d4
mov cl, byte [edi + 1]
lea esi, [edi + 1]
mov byte [ebp - 0xc8], cl
test cl, cl
je loc_fffb8286  ; je 0xfffb8286
mov edi, esi

loc_fffb84d4:
mov byte [ebp - 0xab], dl
cmp dl, 0x6e
jne short loc_fffb8535  ; jne 0xfffb8535
mov edx, dword [ebx]
test edx, edx
je loc_fffb8dda  ; je 0xfffb8dda
cmp al, 0x68
jne short loc_fffb84fb  ; jne 0xfffb84fb
mov eax, dword [ebp - 0xe4]
mov word [edx], ax
jmp near loc_fffb8dda  ; jmp 0xfffb8dda

loc_fffb84fb:
cmp al, 0x69
jne short loc_fffb850c  ; jne 0xfffb850c
mov al, byte [ebp - 0xe4]
mov byte [edx], al
jmp near loc_fffb8dda  ; jmp 0xfffb8dda

loc_fffb850c:
cmp al, 0x6c
je short loc_fffb8528  ; je 0xfffb8528
cmp al, 0x6a
jne short loc_fffb8528  ; jne 0xfffb8528
mov eax, dword [ebp - 0xe4]
mov dword [edx + 4], 0
mov dword [edx], eax
jmp near loc_fffb8dda  ; jmp 0xfffb8dda

loc_fffb8528:
mov eax, dword [ebp - 0xe4]
mov dword [edx], eax
jmp near loc_fffb8dda  ; jmp 0xfffb8dda

loc_fffb8535:
cmp dl, 0x25
jne short loc_fffb8563  ; jne 0xfffb8563
sub esp, 0xc
xor ecx, ecx
push 0
xor edx, edx
push 1
lea eax, [ebp - 0xab]
push eax
push 0
push 0
lea eax, [ebp - 0xa4]
call fcn_fffb7de8  ; call 0xfffb7de8
add esp, 0x20
jmp near loc_fffb8d90  ; jmp 0xfffb8d90

loc_fffb8563:
mov esi, edx
and esi, 0xffffffdf
mov ecx, esi
cmp cl, 0x43
jne short loc_fffb85e8  ; jne 0xfffb85e8
cmp dl, 0x63
jne short loc_fffb8581  ; jne 0xfffb8581
mov eax, dword [ebx]
add ebx, 4
mov byte [ebp - 0x9a], al
jmp short loc_fffb858d  ; jmp 0xfffb858d

loc_fffb8581:
mov al, byte [ebp - 0xc8]
mov byte [ebp - 0x9a], al

loc_fffb858d:
mov esi, dword [ebp - 0xd0]
mov eax, 1
test esi, esi
cmovs esi, eax
test esi, esi
cmovg eax, esi
xor esi, esi
mov dword [ebp - 0xc0], eax

loc_fffb85aa:
sub esp, 0xc
xor ecx, ecx
push 0
xor edx, edx
push 1
lea eax, [ebp - 0x9a]
push eax
push 0
push 0
lea eax, [ebp - 0xa4]
call fcn_fffb7de8  ; call 0xfffb7de8
add esp, 0x20
cmp eax, 0xffffffff
je loc_fffb8286  ; je 0xfffb8286
add esi, eax
dec dword [ebp - 0xc0]
jne short loc_fffb85aa  ; jne 0xfffb85aa
mov eax, esi
jmp near loc_fffb8d90  ; jmp 0xfffb8d90

loc_fffb85e8:
cmp dl, 0x73
jne loc_fffb8680  ; jne 0xfffb8680
lea eax, [ebx + 4]
mov edx, ref_fffd6326  ; mov edx, 0xfffd6326
mov dword [ebp - 0xc0], eax
mov eax, dword [ebx]
test eax, eax
cmove eax, edx
mov ecx, eax

loc_fffb8608:
cmp byte [ecx], 0
je short loc_fffb8610  ; je 0xfffb8610
inc ecx
jmp short loc_fffb8608  ; jmp 0xfffb8608

loc_fffb8610:
mov ebx, dword [ebp - 0xd0]
sub ecx, eax
test ebx, ebx
js short loc_fffb8621  ; js 0xfffb8621
cmp ecx, ebx
cmovg ecx, ebx

loc_fffb8621:
mov esi, dword [ebp - 0xe0]
xor edx, edx
mov ebx, esi
sub ebx, ecx
cmp ecx, esi
mov esi, dword [ebp - 0xc4]
cmovl edx, ebx
xor ebx, ebx
and esi, 4
je short loc_fffb8643  ; je 0xfffb8643
mov ebx, edx
xor edx, edx

loc_fffb8643:
test byte [ebp - 0xc4], 0x40
je short loc_fffb865b  ; je 0xfffb865b
add ebx, edx
xor edx, edx
test esi, esi
sete dl
add edx, ebx
sar edx, 1
sub ebx, edx

loc_fffb865b:
sub esp, 0xc
push ebx
push ecx
xor ecx, ecx
push eax
push 0
push 0
lea eax, [ebp - 0xa4]
call fcn_fffb7de8  ; call 0xfffb7de8
add esp, 0x20
mov ebx, dword [ebp - 0xc0]
jmp near loc_fffb8d90  ; jmp 0xfffb8d90

loc_fffb8680:
cmp dl, 0x70
jne short loc_fffb86ac  ; jne 0xfffb86ac
mov byte [ebp - 0xab], 0x58
xor eax, eax
mov dword [ebp - 0xd0], 8
mov dword [ebp - 0xe0], 8
mov dword [ebp - 0xc4], 0x28

loc_fffb86ac:
mov dl, byte [ebp - 0xab]
cmp dl, 0x69
sete cl
cmp dl, 0x64
mov byte [ebp - 0xd4], dl
sete dl
or dl, cl
mov byte [ebp - 0xe8], cl
jne short loc_fffb86d9  ; jne 0xfffb86d9
xor esi, esi
cmp byte [ebp - 0xd4], 0x49
jne short loc_fffb8708  ; jne 0xfffb8708

loc_fffb86d9:
mov dl, byte [ebp - 0xd4]
mov esi, 0xa
and dword [ebp - 0xc4], 0xfffffff7
or dword [ebp - 0xc4], 0x80
and edx, 0xffffffdf
cmp dl, 0x49
jne short loc_fffb8708  ; jne 0xfffb8708
mov ecx, dword [ebp - 0xc0]
test ecx, ecx
cmovne esi, ecx

loc_fffb8708:
mov dl, byte [ebp - 0xd4]
and edx, 0xffffffdf
cmp dl, 0x58
sete cl
test cl, cl
mov byte [ebp - 0xcc], cl
mov ecx, 0x10
cmovne esi, ecx
cmp dl, 0x55
jne short loc_fffb873c  ; jne 0xfffb873c
mov ecx, dword [ebp - 0xc0]
mov esi, 0xa
test ecx, ecx
cmovne esi, ecx

loc_fffb873c:
mov cl, byte [ebp - 0xd4]
cmp cl, 0x6f
je short loc_fffb8756  ; je 0xfffb8756
cmp cl, 0x62
je short loc_fffb875d  ; je 0xfffb875d
cmp esi, 1
ja short loc_fffb8762  ; ja 0xfffb8762
jmp near loc_fffb8286  ; jmp 0xfffb8286

loc_fffb8756:
mov esi, 8
jmp short loc_fffb8762  ; jmp 0xfffb8762

loc_fffb875d:
mov esi, 2

loc_fffb8762:
test byte [ebp - 0xc4], 0x80
je loc_fffb8827  ; je 0xfffb8827
cmp al, 0x6c
jne short loc_fffb8778  ; jne 0xfffb8778
lea eax, [ebx + 4]
jmp short loc_fffb877f  ; jmp 0xfffb877f

loc_fffb8778:
cmp al, 0x6a
jne short loc_fffb8789  ; jne 0xfffb8789
lea eax, [ebx + 8]

loc_fffb877f:
mov dword [ebp - 0xc8], eax

loc_fffb8785:
mov edx, dword [ebx]
jmp short loc_fffb87ad  ; jmp 0xfffb87ad

loc_fffb8789:
lea edx, [ebx + 4]
cmp al, 0x7a
mov dword [ebp - 0xc8], edx
je short loc_fffb8785  ; je 0xfffb8785
mov edx, dword [ebx]
cmp al, 0x74
je short loc_fffb87ad  ; je 0xfffb87ad
cmp al, 0x68
jne short loc_fffb87a5  ; jne 0xfffb87a5
movsx edx, dx
jmp short loc_fffb87ad  ; jmp 0xfffb87ad

loc_fffb87a5:
movsx ecx, dl
cmp al, 0x69
cmove edx, ecx

loc_fffb87ad:
mov ecx, edx
sar ecx, 0x1f
mov eax, ecx
xor eax, edx
sub eax, ecx
mov dword [ebp - 0xc0], eax
sar eax, 0x1f
mov dword [ebp - 0xbc], eax
test edx, edx
jns short loc_fffb87d4  ; jns 0xfffb87d4
mov byte [ebp - 0xaa], 0x2d
jmp short loc_fffb87fa  ; jmp 0xfffb87fa

loc_fffb87d4:
test byte [ebp - 0xc4], 2
je short loc_fffb87e6  ; je 0xfffb87e6
mov byte [ebp - 0xaa], 0x2b
jmp short loc_fffb87fa  ; jmp 0xfffb87fa

loc_fffb87e6:
mov eax, dword [ebp - 0xc4]
and eax, 1
neg eax
and eax, 0x20
mov byte [ebp - 0xaa], al

loc_fffb87fa:
cmp byte [ebp - 0xaa], 0
mov dword [ebp - 0xdc], 0
je loc_fffb88cb  ; je 0xfffb88cb
or dword [ebp - 0xc4], 8
mov dword [ebp - 0xdc], 1
jmp near loc_fffb88cb  ; jmp 0xfffb88cb

loc_fffb8827:
cmp al, 0x6c
jne short loc_fffb883a  ; jne 0xfffb883a
lea eax, [ebx + 4]
xor edx, edx
mov dword [ebp - 0xc8], eax
mov eax, dword [ebx]
jmp short loc_fffb884c  ; jmp 0xfffb884c

loc_fffb883a:
cmp al, 0x6a
jne short loc_fffb885a  ; jne 0xfffb885a
lea eax, [ebx + 8]
mov edx, dword [ebx + 4]
mov dword [ebp - 0xc8], eax
mov eax, dword [ebx]

loc_fffb884c:
mov dword [ebp - 0xc0], eax
mov dword [ebp - 0xbc], edx
jmp short loc_fffb88ba  ; jmp 0xfffb88ba

loc_fffb885a:
lea edx, [ebx + 4]
cmp al, 0x7a
mov dword [ebp - 0xc8], edx
je short loc_fffb886b  ; je 0xfffb886b
cmp al, 0x74
jne short loc_fffb887e  ; jne 0xfffb887e

loc_fffb886b:
mov eax, dword [ebx]
mov dword [ebp - 0xc0], eax
sar eax, 0x1f
mov dword [ebp - 0xbc], eax
jmp short loc_fffb88ba  ; jmp 0xfffb88ba

loc_fffb887e:
mov edx, dword [ebx]
mov dword [ebp - 0xbc], 0
mov dword [ebp - 0xc0], edx
cmp al, 0x68
jne short loc_fffb889f  ; jne 0xfffb889f
movzx edx, dx
mov dword [ebp - 0xc0], edx
jmp short loc_fffb88b0  ; jmp 0xfffb88b0

loc_fffb889f:
cmp al, 0x69
jne short loc_fffb88ba  ; jne 0xfffb88ba
movzx eax, byte [ebp - 0xc0]
mov dword [ebp - 0xc0], eax

loc_fffb88b0:
mov dword [ebp - 0xbc], 0

loc_fffb88ba:
mov byte [ebp - 0xaa], 0x30
mov dword [ebp - 0xdc], 0

loc_fffb88cb:
mov eax, dword [ebp - 0xc0]
mov edx, dword [ebp - 0xbc]
mov ebx, eax
or ebx, edx
setne al
cmp byte [ebp - 0xd4], 0x6f
sete dl
test al, dl
mov edx, 1
cmove edx, dword [ebp - 0xdc]
cmp byte [ebp - 0xcc], 0
mov dword [ebp - 0xdc], edx
jne short loc_fffb890e  ; jne 0xfffb890e
cmp byte [ebp - 0xd4], 0x62
jne short loc_fffb893c  ; jne 0xfffb893c

loc_fffb890e:
test byte [ebp - 0xc4], 0x20
jne short loc_fffb8923  ; jne 0xfffb8923
test al, al
je short loc_fffb893c  ; je 0xfffb893c
mov al, byte [ebp - 0xd4]
jmp short loc_fffb892c  ; jmp 0xfffb892c

loc_fffb8923:
mov al, byte [ebp - 0xd4]
or eax, 0x20

loc_fffb892c:
mov byte [ebp - 0xa9], al
mov dword [ebp - 0xdc], 2

loc_fffb893c:
test byte [ebp - 0xc4], 8
je short loc_fffb8953  ; je 0xfffb8953
lea eax, [ebp - 0xaa]
mov dword [ebp - 0xf4], eax
jmp short loc_fffb8967  ; jmp 0xfffb8967

loc_fffb8953:
mov dword [ebp - 0xf4], 0
mov dword [ebp - 0xdc], 0

loc_fffb8967:
cmp esi, 0xa
jne short loc_fffb89d2  ; jne 0xfffb89d2
mov dword [ebp - 0xcc], 0
lea ebx, [ebp - 0xa0]

loc_fffb897c:
mov edx, dword [ebp - 0xbc]
mov eax, dword [ebp - 0xc0]
mov esi, edx
or esi, eax
je loc_fffb8b1f  ; je 0xfffb8b1f
push ebx
push 0xa
push dword [ebp - 0xbc]
push dword [ebp - 0xc0]
call fcn_fffd2ba5  ; call 0xfffd2ba5
mov esi, dword [ebp - 0xa0]
add esp, 0x10
inc dword [ebp - 0xcc]
mov dword [ebp - 0xc0], eax
mov eax, dword [ebp - 0xcc]
mov dword [ebp - 0xbc], edx
lea edx, [esi + 0x30]
neg eax
mov byte [eax + ebp - 0x18], dl
jmp short loc_fffb897c  ; jmp 0xfffb897c

loc_fffb89d2:
cmp byte [ebp - 0xd4], 0x75
sete byte [ebp - 0xec]
cmp esi, 8
sete dl
cmp esi, 2
sete al
or al, dl
jne short loc_fffb8a10  ; jne 0xfffb8a10
cmp esi, 0x10
je short loc_fffb8a10  ; je 0xfffb8a10
mov bl, byte [ebp - 0xec]
mov dword [ebp - 0xcc], 0
or ebx, dword [ebp - 0xe8]
jmp near loc_fffb8ab2  ; jmp 0xfffb8ab2

loc_fffb8a10:
lea eax, [esi - 1]
cmp esi, 0x10
je short loc_fffb8a25  ; je 0xfffb8a25
cmp dl, 1
sbb ecx, ecx
and ecx, 0xfffffffe
add ecx, 3
jmp short loc_fffb8a2a  ; jmp 0xfffb8a2a

loc_fffb8a25:
mov ecx, 4

loc_fffb8a2a:
mov dword [ebp - 0xcc], 0

loc_fffb8a34:
mov esi, dword [ebp - 0xbc]
mov ebx, dword [ebp - 0xc0]
mov edx, esi
or edx, ebx
je loc_fffb8b1f  ; je 0xfffb8b1f
mov edx, dword [ebp - 0xc0]
and edx, eax
cmp byte [ebp - 0xd4], 0x78
mov bl, byte [edx + ref_fffd52d4]  ; mov bl, byte [edx - 0x2ad2c]
sete dl
or dl, byte [ebp - 0xe8]
jne short loc_fffb8a73  ; jne 0xfffb8a73
cmp byte [ebp - 0xec], 0
je short loc_fffb8a76  ; je 0xfffb8a76

loc_fffb8a73:
or ebx, 0x20

loc_fffb8a76:
inc dword [ebp - 0xcc]
mov edx, dword [ebp - 0xcc]
mov esi, dword [ebp - 0xbc]
neg edx
mov byte [edx + ebp - 0x18], bl
mov ebx, dword [ebp - 0xc0]
xor edx, edx
shrd ebx, esi, cl
shr esi, cl
test cl, 0x20
cmovne ebx, esi
cmovne esi, edx
mov dword [ebp - 0xc0], ebx
mov dword [ebp - 0xbc], esi
jmp short loc_fffb8a34  ; jmp 0xfffb8a34

loc_fffb8ab2:
mov edx, dword [ebp - 0xbc]
mov eax, dword [ebp - 0xc0]
mov ecx, edx
or ecx, eax
je short loc_fffb8b1f  ; je 0xfffb8b1f
push eax
push esi
push dword [ebp - 0xbc]
push dword [ebp - 0xc0]
call fcn_fffd2b7b  ; call 0xfffd2b7b
add esp, 0xc
push esi
push dword [ebp - 0xbc]
push dword [ebp - 0xc0]
mov al, byte [eax + ref_fffd52d4]  ; mov al, byte [eax - 0x2ad2c]
mov dl, al
or edx, 0x20
test bl, bl
cmovne eax, edx
inc dword [ebp - 0xcc]
mov edx, dword [ebp - 0xcc]
neg edx
mov byte [edx + ebp - 0x18], al
call fcn_fffd2b90  ; call 0xfffd2b90
add esp, 0x10
mov dword [ebp - 0xc0], eax
mov dword [ebp - 0xbc], edx
jmp short loc_fffb8ab2  ; jmp 0xfffb8ab2

loc_fffb8b1f:
cmp dword [ebp - 0xd8], 0
mov dword [ebp - 0xf0], 0
je loc_fffb8cca  ; je 0xfffb8cca
mov ebx, dword [ebp - 0xf8]
mov esi, dword [ebp - 0xd8]
mov eax, dword [ebp - 0xcc]
mov dword [ebp - 0xc0], 0x82
mov byte [ebp - 0xec], 0
lea ebx, [ebx + esi - 1]
sub dword [ebp - 0xc0], eax
mov dword [ebp - 0xe8], eax
xor eax, eax
mov dword [ebp - 0xd4], ebx

loc_fffb8b71:
cmp dword [ebp - 0xe8], 0
je loc_fffb8cca  ; je 0xfffb8cca
cmp dword [ebp - 0xd8], 0
je loc_fffb8dcd  ; je 0xfffb8dcd
mov esi, dword [ebp - 0xd4]
mov al, byte [esi]
cmp al, 0x2d
je loc_fffb8cca  ; je 0xfffb8cca
cmp al, 0x2a
je short loc_fffb8bbd  ; je 0xfffb8bbd
mov ebx, dword [ebp - 0xd8]
xor eax, eax
mov dword [ebp - 0xec], 1
sub esi, ebx
mov edx, ebx
mov dword [ebp - 0x100], esi
jmp short loc_fffb8c10  ; jmp 0xfffb8c10

loc_fffb8bbd:
mov eax, dword [ebp - 0xc8]
lea ebx, [eax + 4]
mov eax, dword [eax]
test eax, eax
js loc_fffb8cc4  ; js 0xfffb8cc4
mov ecx, dword [ebp - 0xd4]
mov edx, dword [ebp - 0xd8]
mov dword [ebp - 0xc8], ebx
dec ecx
dec edx
jne short loc_fffb8c37  ; jne 0xfffb8c37
jmp near loc_fffb8cca  ; jmp 0xfffb8cca

loc_fffb8beb:
movsx esi, byte [ebp - 0xf9]
mov ecx, dword [ebp - 0xec]
sub esi, 0x30
imul esi, ecx
add eax, esi
imul esi, ecx, 0xa
mov dword [ebp - 0xec], esi
dec edx
je loc_fffb8cca  ; je 0xfffb8cca

loc_fffb8c10:
mov ebx, dword [ebp - 0x100]
mov ecx, edx
sub ecx, dword [ebp - 0xd8]
add ecx, dword [ebp - 0xd4]
mov bl, byte [ebx + edx]
lea esi, [ebx - 0x30]
mov byte [ebp - 0xf9], bl
mov ebx, esi
cmp bl, 9
jbe short loc_fffb8beb  ; jbe 0xfffb8beb

loc_fffb8c37:
mov bl, byte [ecx]
lea esi, [ecx - 1]
mov dword [ebp - 0xd4], esi
mov byte [ebp - 0xec], bl
lea ebx, [edx - 1]
mov dword [ebp - 0xd8], ebx
test eax, eax
je short loc_fffb8cb5  ; je 0xfffb8cb5

loc_fffb8c55:
mov esi, dword [ebp - 0xe8]
cmp esi, eax
jle short loc_fffb8cca  ; jle 0xfffb8cca
lea ecx, [ebp - 0x9a]
sub esi, eax
add ecx, dword [ebp - 0xc0]
xor edx, edx

loc_fffb8c6f:
cmp edx, esi
je short loc_fffb8c7d  ; je 0xfffb8c7d
mov bl, byte [ecx + edx]
mov byte [ecx + edx - 1], bl
inc edx
jmp short loc_fffb8c6f  ; jmp 0xfffb8c6f

loc_fffb8c7d:
mov ecx, dword [ebp - 0xe8]
dec dword [ebp - 0xc0]
add ecx, dword [ebp - 0xc0]
mov bl, byte [ebp - 0xec]
inc dword [ebp - 0xcc]
sub ecx, eax
inc dword [ebp - 0xf0]
mov byte [ebp + ecx - 0x9a], bl
mov dword [ebp - 0xe8], edx
jmp near loc_fffb8b71  ; jmp 0xfffb8b71

loc_fffb8cb5:
cmp dword [ebp - 0xd8], 0
jne loc_fffb8b71  ; jne 0xfffb8b71
jmp short loc_fffb8cca  ; jmp 0xfffb8cca

loc_fffb8cc4:
mov dword [ebp - 0xc8], ebx

loc_fffb8cca:
cmp dword [ebp - 0xd0], 0
js short loc_fffb8cdc  ; js 0xfffb8cdc
and dword [ebp - 0xc4], 0xffffffef
jmp short loc_fffb8ce6  ; jmp 0xfffb8ce6

loc_fffb8cdc:
mov dword [ebp - 0xd0], 1

loc_fffb8ce6:
mov esi, dword [ebp - 0xcc]
mov eax, dword [ebp - 0xd0]
add eax, dword [ebp - 0xf0]
cmp eax, esi
cmovl eax, esi
mov esi, dword [ebp - 0xe0]
xor edx, edx
mov ebx, eax
mov eax, dword [ebp - 0xdc]
mov ecx, esi
add eax, ebx
sub ecx, eax
cmp eax, esi
cmovl edx, ecx
mov ecx, dword [ebp - 0xc4]
xor eax, eax
and ecx, 4
je short loc_fffb8d29  ; je 0xfffb8d29
mov eax, edx
xor edx, edx

loc_fffb8d29:
test byte [ebp - 0xc4], 0x40
je short loc_fffb8d41  ; je 0xfffb8d41
add eax, edx
xor edx, edx
test ecx, ecx
sete dl
add edx, eax
sar edx, 1
sub eax, edx

loc_fffb8d41:
sub ebx, dword [ebp - 0xcc]
mov ecx, ebx
test byte [ebp - 0xc4], 0x10
je short loc_fffb8d56  ; je 0xfffb8d56
add ecx, edx
xor edx, edx

loc_fffb8d56:
mov esi, dword [ebp - 0xcc]
sub esp, 0xc
push eax
lea eax, [ebp - 0x9a]
sub eax, esi
push esi
add eax, 0x82
push eax
push ecx
mov ecx, dword [ebp - 0xf4]
push dword [ebp - 0xdc]
lea eax, [ebp - 0xa4]
call fcn_fffb7de8  ; call 0xfffb7de8
mov ebx, dword [ebp - 0xc8]
add esp, 0x20

loc_fffb8d90:
test eax, eax
js loc_fffb8286  ; js 0xfffb8286

loc_fffb8d98:
add dword [ebp - 0xe4], eax
lea ecx, [edi + 1]
jmp near loc_fffb829b  ; jmp 0xfffb829b

loc_fffb8da6:
mov eax, dword [ebp - 0xe4]
jmp short loc_fffb8de1  ; jmp 0xfffb8de1

loc_fffb8dae:
sub eax, ref_fffd531c  ; sub eax, 0xfffd531c
inc edi
mov eax, dword [eax*4 + ref_fffd52fc]  ; mov eax, dword [eax*4 - 0x2ad04]
or dword [ebp - 0xc4], eax
jmp near loc_fffb82e9  ; jmp 0xfffb82e9

loc_fffb8dc6:
mov edi, esi
jmp near loc_fffb84a2  ; jmp 0xfffb84a2

loc_fffb8dcd:
test eax, eax
jne loc_fffb8c55  ; jne 0xfffb8c55
jmp near loc_fffb8cca  ; jmp 0xfffb8cca

loc_fffb8dda:
add ebx, 4
xor eax, eax
jmp short loc_fffb8d98  ; jmp 0xfffb8d98

loc_fffb8de1:
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb8de9:
push ebp
mov ebp, esp
push edi
mov edi, ecx
push esi
push ebx
mov ebx, eax
sub esp, 0x20
mov esi, dword [edx + 9]
mov edx, dword [ebx + 0x188b]
mov eax, dword [eax + 0x2444]
push 4
lea edx, [edx*4 + ref_fffd3520]  ; lea edx, [edx*4 - 0x2cae0]
push edx
lea edx, [ebp - 0x1c]
push edx
call dword [eax + 0x58]  ; ucall
mov al, byte [ebx + 0xfac]
add esp, 0x10
cmp byte [ebp - 0x1c], al
mov al, 1
jne short loc_fffb8e7f  ; jne 0xfffb8e7f
mov cl, byte [ebx + 0xfad]
cmp byte [ebp - 0x1b], cl
jne short loc_fffb8e7f  ; jne 0xfffb8e7f
mov cl, byte [ebx + 0xfae]
cmp byte [ebp - 0x1a], cl
jne short loc_fffb8e7f  ; jne 0xfffb8e7f
mov cl, byte [ebx + 0xfaf]
cmp byte [ebp - 0x19], cl
jne short loc_fffb8e7f  ; jne 0xfffb8e7f
mov ecx, dword [ebx + 0xfa4]
cmp dword [ebx + 0x1887], ecx
jne short loc_fffb8e7f  ; jne 0xfffb8e7f
mov ecx, dword [ebx + 0xfa0]
cmp dword [ebx + 0x1883], ecx
jne short loc_fffb8e7f  ; jne 0xfffb8e7f
xor eax, eax
cmp edi, 2
je short loc_fffb8e7f  ; je 0xfffb8e7f
mov edx, 0x102
mov eax, esi
call fcn_fffc3cb8  ; call 0xfffc3cb8
cmp eax, dword [ebx + 0xfb0]
setne al

loc_fffb8e7f:
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb8e87:
push ebp
mov ebp, esp
push ebx
sub esp, 0x1c
mov ebx, dword [ebp + 8]
lea eax, [ebp - 0xc]
push eax
push ebx
call fcn_fffb05b9  ; call 0xfffb05b9
add esp, 0x10
test eax, eax
jns short loc_fffb8ea9  ; jns 0xfffb8ea9
mov dword [ebp - 0xc], 0

loc_fffb8ea9:
mov eax, dword [ebp - 0xc]
test eax, eax
je short loc_fffb8ebe  ; je 0xfffb8ebe
push edx
push edx
push ebx
push eax
call fcn_fffb067f  ; call 0xfffb067f
add esp, 0x10
jmp short loc_fffb8ec0  ; jmp 0xfffb8ec0

loc_fffb8ebe:
xor eax, eax

loc_fffb8ec0:
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffb8ec5:  ; not directly referenced
and dh, 4
je short loc_fffb8f29  ; je 0xfffb8f29
push ebp
mov edx, ecx
mov ebp, esp
push edi
push esi
mov esi, ecx
shr edx, 0x14
push ebx
and edx, 1
sub esp, 0xc
cmp edx, 1
mov edi, dword [eax + 0x68]
mov edx, ecx
sbb ebx, ebx
call fcn_fffc3acf  ; call 0xfffc3acf
shr esi, 0x12
and ebx, 0x10
and esi, 1
add ebx, 0x10
push ecx
push esi
push edx
push eax
call edi
add esp, 0x10
cmp bx, 0x10
jne short loc_fffb8f18  ; jne 0xfffb8f18
xor eax, 0x1000000
or eax, edx
cmp eax, 1
sbb eax, eax
add eax, 0xb
jmp short loc_fffb8f2f  ; jmp 0xfffb8f2f

loc_fffb8f18:  ; not directly referenced
xor eax, 0x800000
or eax, edx
cmp eax, 1
sbb eax, eax
add eax, 0xa
jmp short loc_fffb8f2f  ; jmp 0xfffb8f2f

loc_fffb8f29:  ; not directly referenced
mov eax, 0xa
ret

loc_fffb8f2f:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb8f37:  ; not directly referenced
and dh, 4
je short loc_fffb8f9b  ; je 0xfffb8f9b
push ebp
mov edx, ecx
mov ebp, esp
push edi
push esi
mov esi, ecx
shr edx, 0x13
push ebx
and edx, 1
sub esp, 0xc
cmp edx, 1
mov edi, dword [eax + 0x68]
mov edx, ecx
sbb ebx, ebx
call fcn_fffc3aea  ; call 0xfffc3aea
shr esi, 0x11
and ebx, 0x10
and esi, 1
add ebx, 0x10
push ecx
push esi
push edx
push eax
call edi
add esp, 0x10
cmp bx, 0x10
jne short loc_fffb8f8a  ; jne 0xfffb8f8a
xor eax, 0x1000000
or eax, edx
cmp eax, 1
sbb eax, eax
add eax, 0xb
jmp short loc_fffb8fa1  ; jmp 0xfffb8fa1

loc_fffb8f8a:  ; not directly referenced
xor eax, 0x800000
or eax, edx
cmp eax, 1
sbb eax, eax
add eax, 0xa
jmp short loc_fffb8fa1  ; jmp 0xfffb8fa1

loc_fffb8f9b:  ; not directly referenced
mov eax, 0xa
ret

loc_fffb8fa1:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb8fa9:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0xc]
mov edx, dword [ebp + 8]
push edi
push esi
push ebx
mov esi, eax
mov word [edx + 0x2468], ax
mov edx, 0x80
out dx, ax
mov edi, 0x48
mov ebx, 0x74

loc_fffb8fcf:  ; not directly referenced
mov eax, edi
mov edx, ebx
out dx, al
mov edx, 0x75
in al, dx
movzx ecx, al
mov edx, ebx
mov al, 0x49
out dx, al
mov edx, 0x75
in al, dx
shl eax, 8
or eax, ecx
cmp si, ax
je short loc_fffb8fcf  ; je 0xfffb8fcf
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb8ff7:
push ebp
mov ebp, esp
push ebx
sub esp, 0x10
mov eax, dword [0xff7d0084]
mov eax, dword [eax + 0x14]
add eax, 0xf8002
push eax
call fcn_fffb3e49  ; call 0xfffb3e49
add esp, 0x10
mov ecx, eax
mov edx, eax
and cl, 0x7d
mov eax, 1
cmp cx, 0x8c44
je loc_fffb9156  ; je 0xfffb9156
cmp dx, 0x8c4c
sete bl
cmp dx, 0x8c4a
sete cl
or bl, cl
jne loc_fffb9156  ; jne 0xfffb9156
cmp dx, 0x8c50
sete bl
cmp dx, 0x8c4e
sete cl
or bl, cl
jne loc_fffb9156  ; jne 0xfffb9156
cmp dx, 0x8c42
sete bl
cmp dx, 0x8c5c
sete cl
or bl, cl
jne loc_fffb9156  ; jne 0xfffb9156
cmp dx, 0x8c4f
sete bl
cmp dx, 0x8c49
sete cl
or bl, cl
jne loc_fffb9156  ; jne 0xfffb9156
cmp dx, 0x8c41
sete bl
cmp dx, 0x8c4b
sete cl
or bl, cl
jne loc_fffb9156  ; jne 0xfffb9156
cmp dx, 0x8c58
je loc_fffb9156  ; je 0xfffb9156
cmp dx, 0x8c54
sete bl
cmp dx, 0x8c52
sete cl
or bl, cl
jne loc_fffb9156  ; jne 0xfffb9156
cmp dx, 0x8c56
je loc_fffb9156  ; je 0xfffb9156
lea ecx, [edx + 0x63bf]
cmp cx, 6
jbe short loc_fffb9156  ; jbe 0xfffb9156
cmp dx, 0x8cc5
sete bl
cmp dx, 0x8cc3
sete cl
or bl, cl
jne short loc_fffb9156  ; jne 0xfffb9156
lea ecx, [edx + 0x733f]
cmp cx, 1
jbe short loc_fffb9156  ; jbe 0xfffb9156
lea eax, [edx + 0x633f]
cmp ax, 2
mov eax, 2
setbe bl
cmp dx, 0x9cc5
sete cl
or bl, cl
jne short loc_fffb9156  ; jne 0xfffb9156
lea ecx, [edx + 0x633a]
cmp cx, 1
setbe bl
cmp dx, 0x9cc9
sete cl
or bl, cl
jne short loc_fffb9156  ; jne 0xfffb9156
cmp dx, 0x9cc8
sete bl
cmp dx, 0x9cc4
sete cl
or bl, cl
jne short loc_fffb9156  ; jne 0xfffb9156
add dx, 0x6336
cmp dx, 2
sbb eax, eax
add eax, 3

loc_fffb9156:
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffb915b:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x28
mov eax, dword [0xff7d0084]
mov edi, dword [eax + 0x14]
lea esi, [edi + 0xb0044]
add edi, 0xb0040
push esi
call fcn_fffb3fc4  ; call 0xfffb3fc4
mov dword [esp], edi
mov ebx, eax
call fcn_fffb3fc4  ; call 0xfffb3fc4
add esp, 0x10
mov edx, eax
shr edx, 0x10
and edx, 0xf
cmp dl, 2
jne short loc_fffb919c  ; jne 0xfffb919c

loc_fffb9198:  ; not directly referenced
xor eax, eax
jmp short loc_fffb91f7  ; jmp 0xfffb91f7

loc_fffb919c:  ; not directly referenced
movzx eax, ah
test al, 0xf0
jne short loc_fffb9198  ; jne 0xfffb9198
lea eax, [ebp - 0x1c]
xor edi, edi
push eax
push 0
push 0
push ref_fffd6348  ; push 0xfffd6348
call fcn_fffb020b  ; call 0xfffb020b
add esp, 0x10

loc_fffb91ba:  ; not directly referenced
test ebx, 0x10000
jne short loc_fffb91ea  ; jne 0xfffb91ea
cmp edi, 0x1388
je short loc_fffb9198  ; je 0xfffb9198
mov eax, dword [ebp - 0x1c]
inc edi
push edx
push 0x3e8
push eax
push dword [ebp + 8]
call dword [eax + 4]  ; ucall
mov dword [esp], esi
call fcn_fffb3fc4  ; call 0xfffb3fc4
add esp, 0x10
mov ebx, eax
jmp short loc_fffb91ba  ; jmp 0xfffb91ba

loc_fffb91ea:  ; not directly referenced
cmp edi, 0x1388
je short loc_fffb9198  ; je 0xfffb9198
mov eax, ebx
and eax, 0x3f

loc_fffb91f7:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb91ff:
push ebp
mov ebp, esp
push ebx
sub esp, 0x10
mov eax, dword [0xff7d0084]
mov eax, dword [eax + 0x14]
add eax, 0xf8002
push eax
call fcn_fffb3e49  ; call 0xfffb3e49
add esp, 0x10
mov ecx, eax
mov edx, eax
and cl, 0x7d
mov eax, 1
cmp cx, 0x8c44
je loc_fffb9365  ; je 0xfffb9365
cmp dx, 0x8c4c
sete bl
cmp dx, 0x8c4a
sete cl
or bl, cl
jne loc_fffb9365  ; jne 0xfffb9365
cmp dx, 0x8c50
sete bl
cmp dx, 0x8c4e
sete cl
or bl, cl
jne loc_fffb9365  ; jne 0xfffb9365
cmp dx, 0x8c42
sete bl
cmp dx, 0x8c5c
sete cl
or bl, cl
jne loc_fffb9365  ; jne 0xfffb9365
cmp dx, 0x8c4f
sete bl
cmp dx, 0x8c49
sete cl
or bl, cl
jne loc_fffb9365  ; jne 0xfffb9365
cmp dx, 0x8c41
sete bl
cmp dx, 0x8c4b
sete cl
or bl, cl
jne loc_fffb9365  ; jne 0xfffb9365
cmp dx, 0x8c58
je loc_fffb9365  ; je 0xfffb9365
cmp dx, 0x8c54
sete bl
cmp dx, 0x8c52
sete cl
or bl, cl
jne loc_fffb9365  ; jne 0xfffb9365
cmp dx, 0x8c56
je loc_fffb9365  ; je 0xfffb9365
cmp dx, 0x8cc5
sete bl
cmp dx, 0x8cc3
sete cl
or bl, cl
jne short loc_fffb9365  ; jne 0xfffb9365
lea eax, [edx + 0x733f]
cmp ax, 1
jbe short loc_fffb9360  ; jbe 0xfffb9360
lea ecx, [edx + 0x63bf]
mov eax, 2
cmp cx, 6
jbe short loc_fffb9365  ; jbe 0xfffb9365
lea ecx, [edx + 0x633f]
cmp cx, 2
setbe bl
cmp dx, 0x9cc5
sete cl
or bl, cl
jne short loc_fffb9365  ; jne 0xfffb9365
lea ecx, [edx + 0x633a]
cmp cx, 1
setbe bl
cmp dx, 0x9cc9
sete cl
or bl, cl
jne short loc_fffb9365  ; jne 0xfffb9365
cmp dx, 0x9cc8
sete bl
cmp dx, 0x9cc4
sete cl
or bl, cl
jne short loc_fffb9365  ; jne 0xfffb9365
add dx, 0x6336
cmp dx, 2
sbb eax, eax
add eax, 3
jmp short loc_fffb9365  ; jmp 0xfffb9365

loc_fffb9360:
mov eax, 1

loc_fffb9365:
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffb936a:
push ebp
mov ebp, esp
sub esp, 8
call fcn_fffb8ff7  ; call 0xfffb8ff7
cmp eax, 1
jne short loc_fffb9388  ; jne 0xfffb9388
call fcn_fffb91ff  ; call 0xfffb91ff
cmp eax, 1
jne short loc_fffb9388  ; jne 0xfffb9388
mov al, 6
jmp short loc_fffb9391  ; jmp 0xfffb9391

loc_fffb9388:
cmp eax, 2
sete al
shl eax, 2

loc_fffb9391:
leave
ret

fcn_fffb9393:
push ebp
mov ebp, esp
sub esp, 8
call fcn_fffb8ff7  ; call 0xfffb8ff7
cmp eax, 1
jne short loc_fffb93bc  ; jne 0xfffb93bc
call fcn_fffb91ff  ; call 0xfffb91ff
cmp eax, 1
je short loc_fffb93b8  ; je 0xfffb93b8
cmp eax, 2
sete dl
shl edx, 3
jmp short loc_fffb93c6  ; jmp 0xfffb93c6

loc_fffb93b8:
mov dl, 0xe
jmp short loc_fffb93c6  ; jmp 0xfffb93c6

loc_fffb93bc:
cmp eax, 2
mov dl, 0xa
mov al, 0
cmovne edx, eax

loc_fffb93c6:
mov al, dl
leave
ret

fcn_fffb93ca:
push ebp
mov ebp, esp
sub esp, 8
call fcn_fffb91ff  ; call 0xfffb91ff
cmp eax, 1
je short loc_fffb93e6  ; je 0xfffb93e6
xor edx, edx
cmp eax, 2
mov al, 6
cmove edx, eax
jmp short loc_fffb93e8  ; jmp 0xfffb93e8

loc_fffb93e6:
mov dl, 8

loc_fffb93e8:
mov al, dl
leave
ret

fcn_fffb93ec:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x28
mov eax, dword [0xff7d0084]
mov eax, dword [eax + 0x14]
add eax, 0xf8040
push eax
call fcn_fffb3e49  ; call 0xfffb3e49
mov esi, eax
and esi, 0xfffc
add esi, 8
mov dword [esp], esi
call fcn_fffb00dc  ; call 0xfffb00dc
mov ecx, 0x64
xor edx, edx
add esp, 0x10
mov ebx, eax
imul eax, dword [ebp + 8], 0x166
and ebx, 0xffffff
div ecx
lea edi, [ebx + eax + 1]
mov ecx, edi
and edi, 0xffffff
shr ecx, 0x18

loc_fffb9445:  ; not directly referenced
test ecx, ecx
setne dl
cmp edi, ebx
seta al
or al, dl
je short loc_fffb947d  ; je 0xfffb947d
sub esp, 0xc
push esi
mov dword [ebp - 0x20], edx
mov dword [ebp - 0x1c], ecx
call fcn_fffb00dc  ; call 0xfffb00dc
add esp, 0x10
mov ecx, dword [ebp - 0x1c]
mov edx, dword [ebp - 0x20]
and eax, 0xffffff
cmp eax, ebx
jae short loc_fffb9479  ; jae 0xfffb9479
test dl, dl
je short loc_fffb947d  ; je 0xfffb947d
dec ecx

loc_fffb9479:  ; not directly referenced
mov ebx, eax
jmp short loc_fffb9445  ; jmp 0xfffb9445

loc_fffb947d:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb9485:  ; not directly referenced
push ebp
mov ebp, esp
sub esp, 8
mov eax, dword [ebp + 0x10]
test eax, eax
je short loc_fffb949e  ; je 0xfffb949e
sub esp, 0xc
push eax
call fcn_fffb93ec  ; call 0xfffb93ec
add esp, 0x10

loc_fffb949e:  ; not directly referenced
xor eax, eax
leave
ret

fcn_fffb94a2:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
mov bl, byte [ebp + 0xc]
mov al, byte [ebp + 0x18]
mov edi, dword [ebp + 0x1c]
and ebx, 0x7f
cmp dword [ebp + 0x14], 1
mov byte [ebp - 0x1f], al
jbe short loc_fffb94d9  ; jbe 0xfffb94d9
test edi, edi
mov esi, 0x80000002
sete dl
cmp dword [ebp + 0x20], 0
sete al
or dl, al
jne loc_fffb9a3c  ; jne 0xfffb9a3c

loc_fffb94d9:  ; not directly referenced
sub esp, 0xc
mov esi, 0x80000012
push 0
call fcn_fffb4a61  ; call 0xfffb4a61
add esp, 0x10
test al, 0x40
jne loc_fffb9a3c  ; jne 0xfffb9a3c
test al, 1
je short loc_fffb950d  ; je 0xfffb950d
push edi
push edi
push 0xff
push 0
call fcn_fffb4a42  ; call 0xfffb4a42
add esp, 0x10
jmp near loc_fffb9a3c  ; jmp 0xfffb9a3c

loc_fffb950d:  ; not directly referenced
push esi
movzx eax, al
push esi
push eax
push 0
call fcn_fffb4a42  ; call 0xfffb4a42
lea eax, [ebx + ebx + 1]
add esp, 0x10
mov byte [ebp - 0x1c], al
dec eax
mov byte [ebp - 0x1d], al
mov eax, dword [ebp + 0x14]
mov dword [ebp - 0x24], 3
mov byte [ebp - 0x1e], 0
and eax, 0xfffffffd
mov dword [ebp - 0x2c], eax

loc_fffb953c:  ; not directly referenced
mov al, byte [ebp + 0x10]
cmp dword [ebp + 0x14], 0xb
mov byte [ebp - 0x20], al
ja loc_fffb96fd  ; ja 0xfffb96fd
mov eax, dword [ebp + 0x14]
jmp dword [eax*4 + ref_fffd5324]  ; ujmp: jmp dword [eax*4 - 0x2acdc]

loc_fffb9556:  ; not directly referenced
mov dl, byte [ebp - 0x1d]
jmp short loc_fffb955e  ; jmp 0xfffb955e

loc_fffb955b:  ; not directly referenced
mov dl, byte [ebp - 0x1c]

loc_fffb955e:  ; not directly referenced
cmp byte [ebp - 0x1f], 1
je loc_fffb96ef  ; je 0xfffb96ef
xor esi, esi
jmp near loc_fffb96e9  ; jmp 0xfffb96e9

loc_fffb956f:  ; not directly referenced
mov eax, dword [ebp + 0x20]
mov dl, byte [ebp - 0x1d]
mov al, byte [eax]
mov byte [ebp - 0x20], al
jmp short loc_fffb957f  ; jmp 0xfffb957f

loc_fffb957c:  ; not directly referenced
mov dl, byte [ebp - 0x1c]

loc_fffb957f:  ; not directly referenced
cmp dword [edi], 1
mov esi, 4
mov dword [edi], 1
sbb ebx, ebx
and ebx, 0x80000005
jmp near loc_fffb96b2  ; jmp 0xfffb96b2

loc_fffb959a:  ; not directly referenced
mov eax, dword [ebp + 0x20]
push ecx
push ecx
movzx eax, byte [eax]
push eax
push 5
call fcn_fffb4a42  ; call 0xfffb4a42
add esp, 0x10
mov dl, byte [ebp - 0x1d]
mov dword [edi], 1
jmp short loc_fffb95bb  ; jmp 0xfffb95bb

loc_fffb95b8:  ; not directly referenced
mov dl, byte [ebp - 0x1c]

loc_fffb95bb:  ; not directly referenced
mov eax, dword [edi]
test eax, eax
je loc_fffb97f8  ; je 0xfffb97f8
cmp eax, 1
je loc_fffb96e4  ; je 0xfffb96e4
cmp eax, 0x100
ja loc_fffb96fd  ; ja 0xfffb96fd
cmp byte [ebp - 0x1f], 1
je loc_fffb96ef  ; je 0xfffb96ef
mov esi, 0x18
jmp near loc_fffb96e9  ; jmp 0xfffb96e9

loc_fffb95ed:  ; not directly referenced
cmp dword [edi], 2
mov dl, byte [ebp - 0x1c]
mov dword [edi], 2
sbb ebx, ebx
and ebx, 0x80000005
jmp short loc_fffb963b  ; jmp 0xfffb963b

loc_fffb9603:  ; not directly referenced
push eax
push eax
mov eax, dword [ebp + 0x20]
movzx eax, byte [eax + 1]
push eax
push 6
call fcn_fffb4a42  ; call 0xfffb4a42
pop eax
mov eax, dword [ebp + 0x20]
pop edx
movzx eax, byte [eax]
push eax
push 5
call fcn_fffb4a42  ; call 0xfffb4a42
add esp, 0x10
mov dl, byte [ebp - 0x1d]
cmp dword [edi], 2
mov dword [edi], 2
sbb ebx, ebx
and ebx, 0x80000005

loc_fffb963b:  ; not directly referenced
mov esi, 0xc
jmp short loc_fffb96b2  ; jmp 0xfffb96b2

loc_fffb9642:  ; not directly referenced
push eax
push eax
movzx eax, byte [edi]
push eax
push 5
call fcn_fffb4a42  ; call 0xfffb4a42
mov al, byte [edi]
add esp, 0x10
mov dl, byte [ebp - 0x1d]
mov byte [ebp - 0x1e], al
jmp short loc_fffb965f  ; jmp 0xfffb965f

loc_fffb965c:  ; not directly referenced
mov dl, byte [ebp - 0x1c]

loc_fffb965f:  ; not directly referenced
mov eax, dword [edi]
dec eax
cmp eax, 0x1f
ja loc_fffb96fd  ; ja 0xfffb96fd
mov esi, 0x14
jmp near loc_fffb96f9  ; jmp 0xfffb96f9

loc_fffb9675:  ; not directly referenced
mov eax, dword [ebp + 0x20]
push ebx
push ebx
movzx eax, byte [eax + 1]
push eax
push 6
call fcn_fffb4a42  ; call 0xfffb4a42
pop esi
mov esi, 0x10
pop eax
mov eax, dword [ebp + 0x20]
movzx eax, byte [eax]
push eax
push 5
call fcn_fffb4a42  ; call 0xfffb4a42
add esp, 0x10
mov dl, byte [ebp - 0x1c]
cmp dword [edi], 2
mov dword [edi], 2
sbb ebx, ebx
and ebx, 0x80000005

loc_fffb96b2:  ; not directly referenced
xor eax, eax
test ebx, ebx
jns short loc_fffb9707  ; jns 0xfffb9707
jmp near loc_fffb98c4  ; jmp 0xfffb98c4

loc_fffb96bd:  ; not directly referenced
mov eax, dword [edi]
dec eax
cmp eax, 0x1f
ja short loc_fffb96fd  ; ja 0xfffb96fd
push ecx
mov esi, 0x1c
push ecx
movzx eax, byte [edi]
push eax
push 5
call fcn_fffb4a42  ; call 0xfffb4a42
mov al, byte [edi]
add esp, 0x10
mov dl, byte [ebp - 0x1c]
mov byte [ebp - 0x1e], al
jmp short loc_fffb96f9  ; jmp 0xfffb96f9

loc_fffb96e4:  ; not directly referenced
mov esi, 8

loc_fffb96e9:  ; not directly referenced
xor eax, eax

loc_fffb96eb:  ; not directly referenced
xor ebx, ebx
jmp short loc_fffb9707  ; jmp 0xfffb9707

loc_fffb96ef:  ; not directly referenced
mov ebx, 0x80000003
jmp near loc_fffb98c4  ; jmp 0xfffb98c4

loc_fffb96f9:  ; not directly referenced
mov al, 2
jmp short loc_fffb96eb  ; jmp 0xfffb96eb

loc_fffb96fd:  ; not directly referenced
mov ebx, 0x80000002
jmp near loc_fffb98c4  ; jmp 0xfffb98c4

loc_fffb9707:  ; not directly referenced
mov cl, al
or ecx, 1
cmp byte [ebp - 0x1f], 1
mov dword [ebp - 0x28], edx
push edx
cmove eax, ecx
push edx
movzx eax, al
push eax
push 0xd
call fcn_fffb4a42  ; call 0xfffb4a42
mov dword [esp], 2
call fcn_fffb4a61  ; call 0xfffb4a61
add esp, 0x10
mov edx, dword [ebp - 0x28]
cmp dword [ebp - 0x2c], 9
je short loc_fffb9757  ; je 0xfffb9757

loc_fffb973b:  ; not directly referenced
push ecx
movzx edx, dl
push ecx
push edx
push 4
call fcn_fffb4a42  ; call 0xfffb4a42
add esp, 0x10
movzx eax, byte [ebp - 0x20]
cmp dword [ebp + 0x14], 4
jne short loc_fffb9794  ; jne 0xfffb9794
jmp short loc_fffb9788  ; jmp 0xfffb9788

loc_fffb9757:  ; not directly referenced
movzx ecx, byte [ebp - 0x1e]
xor eax, eax
mov dword [ebp - 0x28], ecx

loc_fffb9760:  ; not directly referenced
cmp eax, dword [ebp - 0x28]
jae short loc_fffb973b  ; jae 0xfffb973b
mov ecx, dword [ebp + 0x20]
mov dword [ebp - 0x34], edx
push edx
push edx
movzx ecx, byte [ecx + eax]
mov dword [ebp - 0x30], eax
push ecx
push 7
call fcn_fffb4a42  ; call 0xfffb4a42
mov eax, dword [ebp - 0x30]
add esp, 0x10
mov edx, dword [ebp - 0x34]
inc eax
jmp short loc_fffb9760  ; jmp 0xfffb9760

loc_fffb9788:  ; not directly referenced
cmp dword [edi], 1
jbe short loc_fffb9794  ; jbe 0xfffb9794
push ecx
push ecx
push eax
push 6
jmp short loc_fffb9799  ; jmp 0xfffb9799

loc_fffb9794:  ; not directly referenced
push edx
push edx
push eax
push 3

loc_fffb9799:  ; not directly referenced
call fcn_fffb4a42  ; call 0xfffb4a42
add esp, 0x10
lea eax, [esi + 0x40]
mov esi, 0x186a0
movzx eax, al
push ecx
push ecx
push eax
push 2
call fcn_fffb4a42  ; call 0xfffb4a42
add esp, 0x10

loc_fffb97b9:  ; not directly referenced
sub esp, 0xc
push 0
call fcn_fffb4a61  ; call 0xfffb4a61
add esp, 0x10
test al, 0x8e
jne loc_fffb98a3  ; jne 0xfffb98a3
sub esp, 0xc
push 0xa
call fcn_fffb93ec  ; call 0xfffb93ec
add esp, 0x10
dec esi
jne short loc_fffb97b9  ; jne 0xfffb97b9
jmp near loc_fffb989c  ; jmp 0xfffb989c

loc_fffb97e3:  ; not directly referenced
sub esp, 0xc
push 5
call fcn_fffb4a61  ; call 0xfffb4a61
add esp, 0x10
test al, al
jne loc_fffb99f9  ; jne 0xfffb99f9

loc_fffb97f8:  ; not directly referenced
mov ebx, 0x80000005
jmp near loc_fffb98c4  ; jmp 0xfffb98c4

loc_fffb9802:  ; not directly referenced
cmp dword [edi], 1
jbe loc_fffb9987  ; jbe 0xfffb9987
xor esi, esi

loc_fffb980d:  ; not directly referenced
cmp esi, dword [edi]
jae loc_fffb98c4  ; jae 0xfffb98c4
sub esp, 0xc
push 7
call fcn_fffb4a61  ; call 0xfffb4a61
mov ecx, dword [ebp + 0x20]
add esp, 0x10
mov byte [ecx + esi], al
mov eax, dword [edi]
lea edx, [eax - 2]
cmp esi, edx
jne loc_fffb9962  ; jne 0xfffb9962
sub esp, 0xc
push 2
call fcn_fffb4a61  ; call 0xfffb4a61
pop edx
pop ecx
or eax, 0x20
movzx eax, al

loc_fffb9847:  ; not directly referenced
push eax
push 2
call fcn_fffb4a42  ; call 0xfffb4a42
add esp, 0x10

loc_fffb9852:  ; not directly referenced
push eax
push eax
push 0x80
push 0
call fcn_fffb4a42  ; call 0xfffb4a42
mov eax, dword [edi]
add esp, 0x10
dec eax
cmp esi, eax
jae loc_fffb9981  ; jae 0xfffb9981
mov dword [ebp - 0x1c], 0x64

loc_fffb9875:  ; not directly referenced
sub esp, 0xc
push 0
call fcn_fffb4a61  ; call 0xfffb4a61
add esp, 0x10
test al, al
js loc_fffb9981  ; js 0xfffb9981
sub esp, 0xc
push 0xa
call fcn_fffb93ec  ; call 0xfffb93ec
add esp, 0x10
dec dword [ebp - 0x1c]
jne short loc_fffb9875  ; jne 0xfffb9875

loc_fffb989c:  ; not directly referenced
mov ebx, 0x80000012
jmp short loc_fffb98c4  ; jmp 0xfffb98c4

loc_fffb98a3:  ; not directly referenced
test al, 4
je short loc_fffb98f2  ; je 0xfffb98f2
sub esp, 0xc
push 0xc
call fcn_fffb4a61  ; call 0xfffb4a61
add esp, 0x10
and eax, 1
cmp al, 1
sbb ebx, ebx
and ebx, 0xffffffec
sub ebx, 0x7fffffe5

loc_fffb98c4:  ; not directly referenced
push eax
push eax
push 0xff
push 0
call fcn_fffb4a42  ; call 0xfffb4a42
pop edx
pop ecx
push 1
push 0xc
call fcn_fffb4a42  ; call 0xfffb4a42
pop esi
mov esi, ebx
pop edi
push 0
push 0xd
call fcn_fffb4a42  ; call 0xfffb4a42
add esp, 0x10
jmp near loc_fffb9a3c  ; jmp 0xfffb9a3c

loc_fffb98f2:  ; not directly referenced
test al, 8
je short loc_fffb9937  ; je 0xfffb9937
push ebx
push ebx
push 8
push 0
call fcn_fffb4a42  ; call 0xfffb4a42
pop esi
pop eax
push 0xff
push 0
call fcn_fffb4a42  ; call 0xfffb4a42
pop eax
pop edx
push 1
push 0xc
call fcn_fffb4a42  ; call 0xfffb4a42
mov dword [esp], 0xa
call fcn_fffb93ec  ; call 0xfffb93ec
add esp, 0x10
dec dword [ebp - 0x24]
je loc_fffb9a32  ; je 0xfffb9a32
jmp near loc_fffb953c  ; jmp 0xfffb953c

loc_fffb9937:  ; not directly referenced
mov eax, dword [ebp + 0x14]
sub eax, 2
cmp eax, 9
ja short loc_fffb98c4  ; ja 0xfffb98c4
jmp dword [eax*4 + ref_fffd5354]  ; ujmp: jmp dword [eax*4 - 0x2acac]

loc_fffb9949:  ; not directly referenced
sub esp, 0xc
push 6
call fcn_fffb4a61  ; call 0xfffb4a61
mov ecx, dword [ebp + 0x20]
mov byte [ecx + 1], al
mov dword [esp], 5
jmp short loc_fffb998c  ; jmp 0xfffb998c

loc_fffb9962:  ; not directly referenced
dec eax
cmp esi, eax
jne loc_fffb9852  ; jne 0xfffb9852
sub esp, 0xc
push 2
call fcn_fffb4a61  ; call 0xfffb4a61
pop edx
pop ecx
and eax, 0xdf
jmp near loc_fffb9847  ; jmp 0xfffb9847

loc_fffb9981:  ; not directly referenced
inc esi
jmp near loc_fffb980d  ; jmp 0xfffb980d

loc_fffb9987:  ; not directly referenced
sub esp, 0xc
push 5

loc_fffb998c:  ; not directly referenced
call fcn_fffb4a61  ; call 0xfffb4a61
mov ecx, dword [ebp + 0x20]
mov byte [ecx], al
jmp short loc_fffb99a6  ; jmp 0xfffb99a6

loc_fffb9998:  ; not directly referenced
push eax
push eax
push 0x80
push 0
call fcn_fffb4a42  ; call 0xfffb4a42

loc_fffb99a6:  ; not directly referenced
add esp, 0x10
jmp near loc_fffb98c4  ; jmp 0xfffb98c4

loc_fffb99ae:  ; not directly referenced
sub esp, 0xc
xor esi, esi
push 5
call fcn_fffb4a61  ; call 0xfffb4a61
add esp, 0x10
movzx edx, al
mov al, 1
cmp dword [edi], edx
jb short loc_fffb99e8  ; jb 0xfffb99e8

loc_fffb99c6:  ; not directly referenced
cmp esi, edx
jae short loc_fffb99e6  ; jae 0xfffb99e6
sub esp, 0xc
push 7
mov dword [ebp - 0x1c], edx
call fcn_fffb4a61  ; call 0xfffb4a61
mov ecx, dword [ebp + 0x20]
add esp, 0x10
mov edx, dword [ebp - 0x1c]
mov byte [ecx + esi], al
inc esi
jmp short loc_fffb99c6  ; jmp 0xfffb99c6

loc_fffb99e6:  ; not directly referenced
xor eax, eax

loc_fffb99e8:  ; not directly referenced
test al, al
mov eax, 0x80000005
mov dword [edi], edx
cmovne ebx, eax
jmp near loc_fffb98c4  ; jmp 0xfffb98c4

loc_fffb99f9:  ; not directly referenced
movzx edx, byte [edi]
movzx ecx, al
lea eax, [edx + ecx]
cmp eax, 0x20
jg short loc_fffb9a32  ; jg 0xfffb9a32
xor esi, esi
mov edx, ecx

loc_fffb9a0b:  ; not directly referenced
cmp esi, edx
jae short loc_fffb9a2b  ; jae 0xfffb9a2b
sub esp, 0xc
push 7
mov dword [ebp - 0x1c], edx
call fcn_fffb4a61  ; call 0xfffb4a61
mov ecx, dword [ebp + 0x20]
add esp, 0x10
mov edx, dword [ebp - 0x1c]
mov byte [ecx + esi], al
inc esi
jmp short loc_fffb9a0b  ; jmp 0xfffb9a0b

loc_fffb9a2b:  ; not directly referenced
mov dword [edi], edx
jmp near loc_fffb98c4  ; jmp 0xfffb98c4

loc_fffb9a32:  ; not directly referenced
mov ebx, 0x80000007
jmp near loc_fffb98c4  ; jmp 0xfffb98c4

loc_fffb9a3c:  ; not directly referenced
lea esp, [ebp - 0xc]
mov eax, esi
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb9a46:  ; not directly referenced
push ebp
mov al, 1
mov ebp, esp
push edi
push esi
push ebx
xor ebx, ebx
sub esp, 0x2c
lea esi, [ebp - 0x28]
lea edi, [ebp - 0x20]

loc_fffb9a59:  ; not directly referenced
cmp dword [ebp + 8], 1
je short loc_fffb9a84  ; je 0xfffb9a84
cmp dword [ebp + 8], 2
jne short loc_fffb9aae  ; jne 0xfffb9aae
mov ecx, 0x150
rdmsr
mov dword [ebp - 0x28], eax
push eax
push 8
push esi
push edi
mov dword [ebp - 0x24], edx
call fcn_fffb01dc  ; call 0xfffb01dc
mov al, byte [ebp - 0x19]
shr al, 7
jmp short loc_fffb9aab  ; jmp 0xfffb9aab

loc_fffb9a84:  ; not directly referenced
mov eax, dword [0xff7d0084]
sub esp, 0xc
mov eax, dword [eax + 0x14]
add eax, 0x48
push eax
call fcn_fffb3fc4  ; call 0xfffb3fc4
and eax, 0xfffffffe
add eax, 0x5da4
mov dword [esp], eax
call fcn_fffb3fc4  ; call 0xfffb3fc4
shr eax, 0x1f

loc_fffb9aab:  ; not directly referenced
add esp, 0x10

loc_fffb9aae:  ; not directly referenced
sub esp, 0xc
inc ebx
push 1
mov dword [ebp - 0x2c], eax
call fcn_fffb93ec  ; call 0xfffb93ec
mov eax, dword [ebp - 0x2c]
add esp, 0x10
mov dl, al
and edx, 1
cmp bx, 0x3e7
setbe cl
test dl, cl
jne short loc_fffb9a59  ; jne 0xfffb9a59
cmp bx, 0x3e8
sete al
and eax, edx
shl eax, 0x1f
lea esp, [ebp - 0xc]
sar eax, 0x1f
pop ebx
and eax, 0x80000012
pop esi
pop edi
pop ebp
ret

fcn_fffb9af0:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x48
mov esi, dword [ebp + 8]
push esi
call fcn_fffb9a46  ; call 0xfffb9a46
add esp, 0x10
mov ebx, eax
test eax, eax
js loc_fffb9c6c  ; js 0xfffb9c6c
cmp esi, 1
je short loc_fffb9b22  ; je 0xfffb9b22
cmp esi, 2
je loc_fffb9bc9  ; je 0xfffb9bc9
jmp near loc_fffb9c70  ; jmp 0xfffb9c70

loc_fffb9b22:  ; not directly referenced
mov eax, dword [0xff7d0084]
sub esp, 0xc
mov eax, dword [eax + 0x14]
add eax, 0x48
push eax
call fcn_fffb3fc4  ; call 0xfffb3fc4
pop edx
pop ecx
push dword [ebp + 0x10]
mov esi, eax
and esi, 0xfffffffe
lea edi, [esi + 0x5da0]
add esi, 0x5da4
push edi
call fcn_fffb3ffa  ; call 0xfffb3ffa
mov eax, dword [ebp + 0xc]
pop edx
pop ecx
or eax, 0x80000000
push eax
push esi
call fcn_fffb3ffa  ; call 0xfffb3ffa
mov dword [esp], 1
call fcn_fffb9a46  ; call 0xfffb9a46
mov dword [esp], esi
call fcn_fffb3fc4  ; call 0xfffb3fc4
mov dword [esp], edi
mov dword [ebp - 0x40], eax
call fcn_fffb3fc4  ; call 0xfffb3fc4
mov dword [esp], 0xa
mov dword [ebp - 0x3c], eax
call fcn_fffb93ec  ; call 0xfffb93ec
mov dword [esp], esi
call fcn_fffb3fc4  ; call 0xfffb3fc4
mov dword [esp], edi
mov esi, eax
call fcn_fffb3fc4  ; call 0xfffb3fc4
mov ecx, dword [ebp - 0x40]
add esp, 0x10
cmp ecx, esi
je short loc_fffb9bbc  ; je 0xfffb9bbc
cmp dword [ebp - 0x3c], eax
je short loc_fffb9bbc  ; je 0xfffb9bbc

loc_fffb9bb2:  ; not directly referenced
mov eax, 0x80000002
jmp near loc_fffb9c75  ; jmp 0xfffb9c75

loc_fffb9bbc:  ; not directly referenced
mov eax, dword [ebp + 0x14]
movzx ecx, cl
mov dword [eax], ecx
jmp near loc_fffb9c6c  ; jmp 0xfffb9c6c

loc_fffb9bc9:  ; not directly referenced
mov eax, dword [ebp + 0xc]
mov dword [ebp - 0x24], eax
mov eax, dword [ebp + 0x10]
or byte [ebp - 0x21], 0x80
mov dword [ebp - 0x28], eax
push eax
push 8
lea eax, [ebp - 0x28]
push eax
lea eax, [ebp - 0x30]
push eax
call fcn_fffb01dc  ; call 0xfffb01dc
mov eax, dword [ebp - 0x30]
mov ecx, 0x150
mov edx, dword [ebp - 0x2c]
wrmsr
mov dword [esp], 2
call fcn_fffb9a46  ; call 0xfffb9a46
mov ecx, 0x150
rdmsr
add esp, 0xc
push 8
mov dword [ebp - 0x30], eax
lea eax, [ebp - 0x30]
push eax
lea eax, [ebp - 0x28]
push eax
mov dword [ebp - 0x2c], edx
call fcn_fffb01dc  ; call 0xfffb01dc
mov dword [esp], 0xa
call fcn_fffb93ec  ; call 0xfffb93ec
mov ecx, 0x150
rdmsr
add esp, 0xc
push 8
mov dword [ebp - 0x30], eax
lea eax, [ebp - 0x30]
push eax
lea eax, [ebp - 0x20]
push eax
mov dword [ebp - 0x2c], edx
call fcn_fffb01dc  ; call 0xfffb01dc
mov eax, dword [ebp - 0x1c]
add esp, 0x10
cmp dword [ebp - 0x24], eax
je short loc_fffb9c63  ; je 0xfffb9c63
mov eax, dword [ebp - 0x20]
cmp dword [ebp - 0x28], eax
jne loc_fffb9bb2  ; jne 0xfffb9bb2

loc_fffb9c63:  ; not directly referenced
movzx eax, byte [ebp - 0x24]
mov edx, dword [ebp + 0x14]
mov dword [edx], eax

loc_fffb9c6c:  ; not directly referenced
mov eax, ebx
jmp short loc_fffb9c75  ; jmp 0xfffb9c75

loc_fffb9c70:  ; not directly referenced
mov eax, 0x80000003

loc_fffb9c75:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb9c7d:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x3d0
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x5edd]
mov dword [ebp - 0x344], eax
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x2444]
push 0x20
push 0x200
mov edi, eax
mov dword [ebp - 0x38c], eax
lea eax, [ebp - 0x218]
push eax
mov eax, edi
call dword [eax + 0x5c]  ; ucall
mov eax, dword [ebp + 8]
add esp, 0x10
mov al, byte [eax + 0x248e]
mov byte [ebp - 0x3c8], al
mov eax, dword [ebp + 8]
mov al, byte [eax + 0x248f]
mov byte [ebp - 0x348], al
mov eax, dword [ebp + 8]
cmp dword [eax + 0x2481], 3
jne loc_fffbb0a1  ; jne 0xfffbb0a1
mov eax, dword [eax + 0x5edd]
lea edi, [ebp - 0x260]
mov esi, ref_fffd537c  ; mov esi, 0xfffd537c
mov ecx, 6
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea ebx, [ebp - 0x2a8]
mov esi, 1
mov dword [ebp - 0x33c], eax
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x2444]
push edi
push 0
push 0x10
push ebx
lea edi, [ebp - 0x298]
mov dword [ebp - 0x340], eax
call dword [eax + 0x5c]  ; ucall
mov eax, dword [ebp + 8]
add esp, 0xc
lea edx, [ebp - 0x2c8]
mov byte [ebp - 0x2a7], 1
mov eax, dword [eax + 0x2444]
push 0
push 0xc
push edx
call dword [eax + 0x5c]  ; ucall
add esp, 0x10

loc_fffb9d58:  ; not directly referenced
movzx eax, byte [ebx]
xor ecx, ecx
mov dword [ebp - 0x344], eax

loc_fffb9d63:  ; not directly referenced
mov eax, dword [ebp + ecx*4 - 0x2c8]
mov edx, eax
add eax, eax
and edx, 0x8000
movzx eax, ax
shr edx, 0xf
or eax, edx
mov edx, esi
shl edx, cl
and edx, dword [ebp - 0x344]
sar edx, cl
or eax, edx
mov dword [ebp + ecx*4 - 0x2c8], eax
inc ecx
cmp ecx, 3
jne short loc_fffb9d63  ; jne 0xfffb9d63
inc ebx
cmp ebx, edi
jne short loc_fffb9d58  ; jne 0xfffb9d58
lea eax, [ebp - 0x2c8]
lea ebx, [ebp - 0x2bc]

loc_fffb9da8:  ; not directly referenced
mov edx, dword [eax]
add eax, 4
mov ecx, edx
add edx, edx
and ecx, 0x8000
movzx edx, dx
shr ecx, 0xf
or edx, ecx
mov dword [eax - 4], edx
cmp eax, ebx
jne short loc_fffb9da8  ; jne 0xfffb9da8
mov edi, dword [ebp - 0x33c]
xor ebx, ebx
add edi, 0x1c

loc_fffb9dd1:  ; not directly referenced
imul eax, ebx, 0x13c3
mov esi, dword [ebp + 8]
test byte [esi + eax + 0x381b], 1
jne short loc_fffb9e03  ; jne 0xfffb9e03

loc_fffb9de4:  ; not directly referenced
inc ebx
add edi, 0xcc
cmp ebx, 2
jne short loc_fffb9dd1  ; jne 0xfffb9dd1
mov byte [ebp - 0x340], 0
mov byte [ebp - 0x33c], 0
jmp near loc_fffb9f51  ; jmp 0xfffb9f51

loc_fffb9e03:  ; not directly referenced
imul eax, ebx, 0x54a
push esi
mov esi, dword [ebp + 8]
push 0xff
push 0x40
lea eax, [esi + eax + 0x1e69]
push eax
mov eax, dword [ebp - 0x340]
call dword [eax + 0x5c]  ; ucall
add esp, 0x10
mov byte [ebp - 0x33c], 0

loc_fffb9e2f:  ; not directly referenced
mov esi, dword [ebp + 8]
mov al, byte [ebp - 0x33c]
cmp al, byte [esi + 0x2489]
jae short loc_fffb9e6c  ; jae 0xfffb9e6c
movzx ecx, byte [ebp - 0x33c]
mov edx, ebx
mov eax, dword [ebp + 8]
mov esi, dword [edi + ecx*4 + 0x28]
call fcn_fffa71bc  ; call 0xfffa71bc
or esi, 0x60
mov ecx, esi
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
inc byte [ebp - 0x33c]
jmp short loc_fffb9e2f  ; jmp 0xfffb9e2f

loc_fffb9e6c:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ecx, 0xff
mov edx, ebx
mov esi, dword [edi]
call fcn_fffa7236  ; call 0xfffa7236
or esi, 0x1000008
mov ecx, esi
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb38b3  ; call 0xfffb38b3
mov eax, dword [ebp + 8]
sub esp, 0xc
mov cl, bl
mov edx, 1
shl edx, cl
mov ecx, 1
push 0
call fcn_fffd314a  ; call 0xfffd314a
add esp, 0x10
test eax, eax
je loc_fffb9de4  ; je 0xfffb9de4
jmp near loc_fffbb9de  ; jmp 0xfffbb9de

loc_fffb9eba:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edi, dword [ebp + 8]
test byte [edi + eax + 0x381b], 1
je short loc_fffb9f08  ; je 0xfffb9f08
sub esp, 0xc
mov cl, bl
push dword [ebp - 0x2c0]
mov eax, 1
push dword [ebp - 0x2c4]
mov edx, ebx
push dword [ebp - 0x2c8]
shl eax, cl
xor ecx, ecx
or byte [ebp - 0x340], al
lea eax, [ebp - 0x260]
push 2
push eax
mov eax, edi
call fcn_fffd2e0a  ; call 0xfffd2e0a
add esp, 0x20

loc_fffb9f08:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffb9eba  ; jne 0xfffb9eba
movzx edx, byte [ebp - 0x340]
xor edi, edi
mov eax, dword [ebp + 8]
call fcn_fffd2d1e  ; call 0xfffd2d1e

loc_fffb9f1f:  ; not directly referenced
imul eax, edi, 0x13c3
mov esi, dword [ebp + 8]
mov dword [ebp - 0x348], eax
test byte [esi + eax + 0x381b], 1
jne short loc_fffb9f94  ; jne 0xfffb9f94

loc_fffb9f38:  ; not directly referenced
inc edi
cmp edi, 2
jne short loc_fffb9f1f  ; jne 0xfffb9f1f
inc byte [ebp - 0x33c]
cmp byte [ebp - 0x33c], 8
je loc_fffba067  ; je 0xfffba067

loc_fffb9f51:  ; not directly referenced
mov dl, byte [ebp - 0x33c]
mov ebx, 1
mov eax, ebx
shr dl, 1
movzx ecx, dl
add ecx, 5
shl eax, cl
mov cl, dl
shl ebx, cl
mov cl, byte [ebp - 0x33c]
xor edx, edx
or eax, ebx
mov ebx, edx
and cl, 1
cmove ebx, eax
cmove eax, edx
mov dword [ebp - 0x254], ebx
xor ebx, ebx
mov dword [ebp - 0x250], eax
jmp near loc_fffb9eba  ; jmp 0xfffb9eba

loc_fffb9f94:  ; not directly referenced
imul eax, edi, 0x54a
mov esi, dword [ebp + 8]
xor ebx, ebx
lea eax, [esi + eax + 0x196b]
mov dword [ebp - 0x344], eax

loc_fffb9fac:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp bl, byte [eax + 0x2489]
jae short loc_fffba008  ; jae 0xfffba008
mov ecx, dword [ebp + 8]
movzx esi, bl
mov edx, dword [ebp - 0x348]
mov eax, dword [ebp - 0x344]
cmp byte [ecx + edx + 0x49bb], 0x20
mov al, byte [eax + esi + 0x4f6]
jne short loc_fffb9fe8  ; jne 0xfffb9fe8
test al, 2
je short loc_fffb9fe8  ; je 0xfffb9fe8
mov byte [ebp + esi - 0x2e8], 0
jmp short loc_fffba005  ; jmp 0xfffba005

loc_fffb9fe8:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ecx, esi
mov edx, edi
call fcn_fffa75c5  ; call 0xfffa75c5
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb331f  ; call 0xfffb331f
mov byte [ebp + esi - 0x2e8], al

loc_fffba005:  ; not directly referenced
inc ebx
jmp short loc_fffb9fac  ; jmp 0xfffb9fac

loc_fffba008:  ; not directly referenced
xor edx, edx

loc_fffba00a:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dl, byte [eax + 0x2489]
jae loc_fffb9f38  ; jae 0xfffb9f38
movzx eax, dl
mov al, byte [ebp + eax - 0x2e8]
test al, al
je short loc_fffba064  ; je 0xfffba064
xor ebx, ebx
xor ecx, ecx
xor esi, esi

loc_fffba02d:  ; not directly referenced
test al, 1
je short loc_fffba03c  ; je 0xfffba03c
test esi, esi
jne short loc_fffba041  ; jne 0xfffba041
movzx ebx, cl
mov si, 1

loc_fffba03c:  ; not directly referenced
inc ecx
shr al, 1
jne short loc_fffba02d  ; jne 0xfffba02d

loc_fffba041:  ; not directly referenced
mov esi, dword [ebp - 0x344]
movzx eax, dl
lea ecx, [esi + eax*8]
mov al, byte [esi + eax + 0x4f6]
mov esi, dword [ebp - 0x33c]
lea eax, [esi + eax*8]
mov byte [ebx + ecx + 0x4fe], al

loc_fffba064:  ; not directly referenced
inc edx
jmp short loc_fffba00a  ; jmp 0xfffba00a

loc_fffba067:  ; not directly referenced
mov eax, dword [ebp + 8]
test byte [eax + 0x381b], 1
jne short loc_fffba081  ; jne 0xfffba081

loc_fffba073:  ; not directly referenced
mov eax, dword [ebp + 8]
test byte [eax + 0x4bde], 1
je short loc_fffba0c6  ; je 0xfffba0c6
jmp short loc_fffba0a4  ; jmp 0xfffba0a4

loc_fffba081:  ; not directly referenced
mov eax, dword [ebp + 8]
sub esp, 0xc
mov ecx, 1
push 2
mov edx, 1
call fcn_fffd314a  ; call 0xfffd314a
add esp, 0x10
test eax, eax
je short loc_fffba073  ; je 0xfffba073
jmp near loc_fffbb9de  ; jmp 0xfffbb9de

loc_fffba0a4:  ; not directly referenced
mov eax, dword [ebp + 8]
sub esp, 0xc
mov ecx, 1
push 2
mov edx, 2
call fcn_fffd314a  ; call 0xfffd314a
add esp, 0x10
test eax, eax
jne loc_fffbb9de  ; jne 0xfffbb9de

loc_fffba0c6:  ; not directly referenced
mov eax, dword [ebp + 8]
mov esi, dword [eax + 0x5edd]
mov ebx, dword [eax + 0x2444]
mov al, byte [eax + 0x248e]
push ecx
push 0x7f
push 0x48
mov byte [ebp - 0x34c], al
lea eax, [ebp - 0x2a8]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0x48
lea eax, [ebp - 0x260]
push eax
call dword [ebx + 0x5c]  ; ucall
lea eax, [esi + 0x1c]
add esp, 0x10
mov dword [ebp - 0x340], eax
mov esi, eax
xor ebx, ebx

loc_fffba111:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edi, dword [ebp + 8]
cmp dword [edi + eax + 0x3757], 2
jne short loc_fffba18b  ; jne 0xfffba18b
mov byte [ebp - 0x33c], 0

loc_fffba12b:  ; not directly referenced
mov edi, dword [ebp + 8]
mov al, byte [ebp - 0x33c]
cmp al, byte [edi + 0x2489]
jae short loc_fffba168  ; jae 0xfffba168
movzx ecx, byte [ebp - 0x33c]
mov edx, ebx
mov eax, dword [ebp + 8]
mov edi, dword [esi + ecx*4 + 0x28]
call fcn_fffa71bc  ; call 0xfffa71bc
or edi, 0x60
mov ecx, edi
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
inc byte [ebp - 0x33c]
jmp short loc_fffba12b  ; jmp 0xfffba12b

loc_fffba168:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ecx, 0xff
mov edx, ebx
mov edi, dword [esi]
call fcn_fffa7236  ; call 0xfffa7236
or edi, 0x1000008
mov ecx, edi
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb38b3  ; call 0xfffb38b3

loc_fffba18b:  ; not directly referenced
inc ebx
add esi, 0xcc
cmp ebx, 2
jne loc_fffba111  ; jne 0xfffba111
xor edi, edi

loc_fffba19d:  ; not directly referenced
mov ebx, 1
mov ecx, edi
shl ebx, cl
test byte [ebp - 0x34c], bl
jne short loc_fffba1c1  ; jne 0xfffba1c1

loc_fffba1ae:  ; not directly referenced
inc edi
cmp edi, 4
jne short loc_fffba19d  ; jne 0xfffba19d
mov esi, dword [ebp - 0x340]
xor ebx, ebx
jmp near loc_fffba2bb  ; jmp 0xfffba2bb

loc_fffba1c1:  ; not directly referenced
xor esi, esi

loc_fffba1c3:  ; not directly referenced
imul eax, esi, 0x13c3
mov ecx, dword [ebp + 8]
mov byte [ebp - 0x33c], bl
test byte [ecx + eax + 0x381b], bl
je short loc_fffba223  ; je 0xfffba223
mov eax, dword [ebp + 8]
sub esp, 0xc
mov ecx, esi
mov edx, 1
shl edx, cl
mov ecx, ebx
push 0
call fcn_fffd314a  ; call 0xfffd314a
add esp, 0x10
test eax, eax
jne loc_fffba7b2  ; jne 0xfffba7b2
sub esp, 0xc
mov eax, dword [ebp + 8]
mov ecx, edi
push 0
mov edx, esi
push 0x4000
push 0x3000
push 4
push ref_fffd6958  ; push 0xfffd6958
call fcn_fffd2e0a  ; call 0xfffd2e0a
add esp, 0x20

loc_fffba223:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffba1c3  ; jne 0xfffba1c3
push eax
mov ecx, 0x7f
push eax
mov edx, edi
lea eax, [ebp - 0x2a8]
xor si, si
push eax
mov eax, dword [ebp + 8]
push 2
call fcn_fffd3280  ; call 0xfffd3280
xor ecx, ecx
pop eax
pop edx
mov edx, edi
lea eax, [ebp - 0x260]
push eax
mov eax, dword [ebp + 8]
push 0xfffffffffffffffe
call fcn_fffd3280  ; call 0xfffd3280
add esp, 0x10

loc_fffba260:  ; not directly referenced
imul eax, esi, 0x13c3
mov ecx, dword [ebp + 8]
mov dl, byte [ebp - 0x33c]
test byte [ecx + eax + 0x381b], dl
jne short loc_fffba283  ; jne 0xfffba283

loc_fffba278:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffba260  ; jne 0xfffba260
jmp near loc_fffba1ae  ; jmp 0xfffba1ae

loc_fffba283:  ; not directly referenced
push eax
push 1
push 0x40
push 1
push 3
push 4
push esi
push dword [ebp + 8]
call fcn_fffabc7a  ; call 0xfffabc7a
mov eax, dword [ebp + 8]
add esp, 0x14
mov ecx, esi
mov edx, 1
shl edx, cl
mov ecx, ebx
push 2
call fcn_fffd314a  ; call 0xfffd314a
add esp, 0x10
test eax, eax
je short loc_fffba278  ; je 0xfffba278
jmp near loc_fffba7b2  ; jmp 0xfffba7b2

loc_fffba2bb:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edi, dword [ebp + 8]
cmp dword [edi + eax + 0x3757], 2
je short loc_fffba34b  ; je 0xfffba34b

loc_fffba2ce:  ; not directly referenced
inc ebx
add esi, 0xcc
cmp ebx, 2
jne short loc_fffba2bb  ; jne 0xfffba2bb
mov eax, dword [ebp + 8]
lea esi, [ebp - 0x2e8]
lea ebx, [ebp - 0x2c8]
mov edi, dword [eax + 0x2444]
push ecx
push 0x7f
push 0x10
push esi
call dword [edi + 0x5c]  ; ucall
add esp, 0xc
push 0
lea edx, [ebp - 0x308]
push 0x10
push edx
mov dword [ebp - 0x33c], edx
call dword [edi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0x10
push ebx
call dword [edi + 0x5c]  ; ucall
mov edx, dword [ebp - 0x33c]
lea eax, [ebp - 0x260]
mov dword [ebp - 0x378], eax
lea eax, [ebp - 0x2a8]
add esp, 0x10
mov dword [ebp - 0x368], eax
xor edi, edi
mov dword [ebp - 0x3a8], esi
mov dword [ebp - 0x3b8], edx
jmp short loc_fffba3ab  ; jmp 0xfffba3ab

loc_fffba34b:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ecx, 0xff
mov edx, ebx
call fcn_fffa7236  ; call 0xfffa7236
mov ecx, dword [esi]
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb38b3  ; call 0xfffb38b3
mov byte [ebp - 0x33c], 0

loc_fffba36d:  ; not directly referenced
mov edi, dword [ebp + 8]
mov al, byte [ebp - 0x33c]
cmp al, byte [edi + 0x2489]
jae loc_fffba2ce  ; jae 0xfffba2ce
movzx edi, byte [ebp - 0x33c]
mov edx, ebx
mov eax, dword [ebp + 8]
mov ecx, edi
call fcn_fffa71bc  ; call 0xfffa71bc
mov ecx, dword [esi + edi*4 + 0x28]
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
inc byte [ebp - 0x33c]
jmp short loc_fffba36d  ; jmp 0xfffba36d

loc_fffba3ab:  ; not directly referenced
imul eax, edi, 0x13c3
mov esi, dword [ebp + 8]
cmp dword [esi + eax + 0x3757], 2
jne loc_fffba5b1  ; jne 0xfffba5b1
imul edx, edi, 0x54a
mov dword [ebp - 0x344], 0
lea esi, [esi + edx + 0x196b]
mov dword [ebp - 0x358], esi
mov esi, dword [ebp + 8]
mov al, byte [esi + eax + 0x381b]
mov byte [ebp - 0x354], al
lea eax, [edi*4]
mov dword [ebp - 0x38c], eax
mov eax, dword [ebp - 0x368]
mov dword [ebp - 0x350], eax
mov eax, dword [ebp - 0x378]
mov dword [ebp - 0x348], eax

loc_fffba414:  ; not directly referenced
mov cl, byte [ebp - 0x344]
mov eax, 1
shl eax, cl
test byte [ebp - 0x354], al
je loc_fffba4fc  ; je 0xfffba4fc
mov eax, dword [ebp + 8]
mov dword [ebp - 0x33c], 0
mov al, byte [eax + 0x2489]
mov byte [ebp - 0x388], al
mov eax, dword [ebp - 0x344]
add eax, dword [ebp - 0x38c]
add eax, eax
lea esi, [ebp + eax - 0x2c8]
mov dword [ebp - 0x390], esi
mov esi, dword [ebp - 0x3b8]
add esi, eax
mov dword [ebp - 0x340], esi
mov esi, dword [ebp - 0x3a8]
add esi, eax

loc_fffba477:  ; not directly referenced
xor eax, eax

loc_fffba479:  ; not directly referenced
cmp byte [ebp - 0x388], al
jbe short loc_fffba4c1  ; jbe 0xfffba4c1
mov edx, dword [ebp - 0x358]
mov ecx, dword [ebp - 0x33c]
movzx edx, byte [edx + ecx + 0x53e]
bt edx, eax
jae short loc_fffba4be  ; jae 0xfffba4be
mov edx, dword [ebp - 0x350]
mov dl, byte [edx + eax]
cmp byte [esi], dl
jbe short loc_fffba4a9  ; jbe 0xfffba4a9
mov byte [esi], dl

loc_fffba4a9:  ; not directly referenced
mov edx, dword [ebp - 0x348]
mov ecx, dword [ebp - 0x340]
mov dl, byte [edx + eax]
cmp byte [ecx], dl
jae short loc_fffba4be  ; jae 0xfffba4be
mov byte [ecx], dl

loc_fffba4be:  ; not directly referenced
inc eax
jmp short loc_fffba479  ; jmp 0xfffba479

loc_fffba4c1:  ; not directly referenced
movzx eax, byte [esi]
inc esi
mov ecx, dword [ebp - 0x33c]
inc dword [ebp - 0x33c]
mov edx, eax
mov eax, dword [ebp - 0x340]
inc dword [ebp - 0x340]
movzx eax, byte [eax]
add eax, edx
mov edx, dword [ebp - 0x390]
sar eax, 1
cmp dword [ebp - 0x33c], 2
mov byte [edx + ecx], al
jne loc_fffba477  ; jne 0xfffba477

loc_fffba4fc:  ; not directly referenced
inc dword [ebp - 0x344]
add dword [ebp - 0x348], 9
add dword [ebp - 0x350], 9
cmp dword [ebp - 0x344], 4
jne loc_fffba414  ; jne 0xfffba414
xor ecx, ecx
xor edx, edx
mov esi, 1

loc_fffba526:  ; not directly referenced
mov eax, esi
shl eax, cl
test byte [ebp - 0x354], al
je short loc_fffba543  ; je 0xfffba543
mov al, byte [ebx + ecx*2 + 1]
inc edx
sub al, byte [ebx + ecx*2]
mov byte [ebp + ecx - 0x328], al
jmp short loc_fffba54b  ; jmp 0xfffba54b

loc_fffba543:  ; not directly referenced
mov byte [ebp + ecx - 0x328], 0

loc_fffba54b:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffba526  ; jne 0xfffba526
xor ecx, ecx
test dl, dl
je short loc_fffba56f  ; je 0xfffba56f
movsx ecx, byte [ebp - 0x328]
movsx eax, byte [ebp - 0x327]
add eax, ecx
movzx ecx, dl
cdq
idiv ecx
mov cl, al

loc_fffba56f:  ; not directly referenced
mov dl, 2
movsx ax, cl
idiv dl
movzx edx, byte [ebx]
neg eax
add eax, 0x40
add ecx, eax
mov byte [ebp + edi*2 - 0x330], al
movzx eax, byte [ebx + 1]
mov byte [ebp + edi*2 - 0x32f], cl
add eax, edx
movzx edx, byte [ebx + 2]
sar eax, 1
mov byte [ebp + edi*2 - 0x338], al
movzx eax, byte [ebx + 3]
add eax, edx
sar eax, 1
mov byte [ebp + edi*2 - 0x337], al

loc_fffba5b1:  ; not directly referenced
inc edi
add ebx, 8
add dword [ebp - 0x378], 0x24
add dword [ebp - 0x368], 0x24
cmp edi, 2
jne loc_fffba3ab  ; jne 0xfffba3ab
mov eax, dword [ebp + 8]
xor ebx, ebx
mov dword [ebp - 0x344], 0
lea esi, [eax + 0x3757]
lea eax, [ebp - 0x330]
mov dword [ebp - 0x350], eax
mov eax, dword [ebp + 8]
add eax, 0x196b
mov dword [ebp - 0x340], eax
lea eax, [ebp - 0x338]
mov dword [ebp - 0x348], eax
movzx eax, byte [ebp - 0x34c]
mov dword [ebp - 0x33c], eax

loc_fffba614:  ; not directly referenced
cmp dword [esi], 2
jne loc_fffba771  ; jne 0xfffba771
xor edi, edi

loc_fffba61f:  ; not directly referenced
mov eax, 1
mov ecx, edi
shl eax, cl
test byte [esi + 0xc4], al
je short loc_fffba64f  ; je 0xfffba64f
mov ecx, dword [ebp - 0x348]
push edx
push 1
movzx edx, byte [ecx + edi]
push edx
push 1
push eax
push 4
push ebx
push dword [ebp + 8]
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20

loc_fffba64f:  ; not directly referenced
inc edi
cmp edi, 4
jne short loc_fffba61f  ; jne 0xfffba61f
xor ecx, ecx

loc_fffba657:  ; not directly referenced
mov eax, dword [ebp - 0x350]
movzx edi, byte [eax + ecx]
movzx eax, byte [esi + ecx + 0x241]
sub edi, eax
je loc_fffba767  ; je 0xfffba767
push eax
mov eax, 1
push 1
push edi
shl eax, cl
push eax
push dword [ebp - 0x33c]
mov dword [ebp - 0x344], ecx
push 0
push ebx
push dword [ebp + 8]
call fcn_fffabc7a  ; call 0xfffabc7a
mov edx, dword [ebp - 0x340]
add esp, 0x20
mov ecx, dword [ebp - 0x344]
mov al, byte [edx + 0x542]
cmp byte [ecx + edx + 0x53e], al
jne short loc_fffba6fb  ; jne 0xfffba6fb
push eax
push 1
mov eax, dword [esi + 0x111]
add eax, edi
push eax
push 1
push dword [ebp - 0x33c]
push 2
push ebx
push dword [ebp + 8]
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x1c
push 1
mov eax, dword [esi + 0x109]
add eax, edi
push eax
push 1
push dword [ebp - 0x33c]
push 3
push ebx
push dword [ebp + 8]
call fcn_fffabc7a  ; call 0xfffabc7a
mov ecx, dword [ebp - 0x344]
add esp, 0x20

loc_fffba6fb:  ; not directly referenced
mov edx, dword [ebp - 0x340]
mov dword [ebp - 0x344], 1
mov al, byte [edx + 0x543]
cmp byte [ecx + edx + 0x53e], al
jne short loc_fffba767  ; jne 0xfffba767
push eax
push 1
mov eax, dword [esi + 0x115]
mov dword [ebp - 0x34c], ecx
add eax, edi
push eax
push 2
push dword [ebp - 0x33c]
push 2
push ebx
push dword [ebp + 8]
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x1c
push 1
add edi, dword [esi + 0x11d]
push edi
push 2
push dword [ebp - 0x33c]
push 1
push ebx
push dword [ebp + 8]
call fcn_fffabc7a  ; call 0xfffabc7a
mov ecx, dword [ebp - 0x34c]
add esp, 0x20

loc_fffba767:  ; not directly referenced
inc ecx
cmp ecx, 2
jne loc_fffba657  ; jne 0xfffba657

loc_fffba771:  ; not directly referenced
inc ebx
add esi, 0x13c3
add dword [ebp - 0x350], 2
add dword [ebp - 0x340], 0x54a
add dword [ebp - 0x348], 2
cmp ebx, 2
jne loc_fffba614  ; jne 0xfffba614
cmp dword [ebp - 0x344], 0
je short loc_fffba7ba  ; je 0xfffba7ba
sub esp, 0xc
push dword [ebp + 8]
call fcn_fffc9f5d  ; call 0xfffc9f5d
add esp, 0x10
jmp short loc_fffba7ba  ; jmp 0xfffba7ba

loc_fffba7b2:  ; not directly referenced
test eax, eax
jne loc_fffbb9de  ; jne 0xfffbb9de

loc_fffba7ba:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ebx, dword [eax + 0x5edd]
mov esi, dword [eax + 0x2444]
mov al, byte [eax + 0x248e]
push ecx
push 0x7f
push 0x48
mov byte [ebp - 0x340], al
lea eax, [ebp - 0x2a8]
push eax
call dword [esi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0x48
lea eax, [ebp - 0x260]
push eax
call dword [esi + 0x5c]  ; ucall
lea eax, [ebx + 0x1c]
add esp, 0x10
mov dword [ebp - 0x348], eax
mov esi, eax
xor ebx, ebx

loc_fffba805:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edi, dword [ebp + 8]
cmp dword [edi + eax + 0x3757], 2
jne short loc_fffba87f  ; jne 0xfffba87f
mov byte [ebp - 0x33c], 0

loc_fffba81f:  ; not directly referenced
mov edi, dword [ebp + 8]
mov al, byte [ebp - 0x33c]
cmp al, byte [edi + 0x2489]
jae short loc_fffba85c  ; jae 0xfffba85c
movzx ecx, byte [ebp - 0x33c]
mov edx, ebx
mov eax, dword [ebp + 8]
mov edi, dword [esi + ecx*4 + 0x28]
call fcn_fffa71bc  ; call 0xfffa71bc
or edi, 0x60
mov ecx, edi
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
inc byte [ebp - 0x33c]
jmp short loc_fffba81f  ; jmp 0xfffba81f

loc_fffba85c:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ecx, 0xff
mov edx, ebx
mov edi, dword [esi]
call fcn_fffa7236  ; call 0xfffa7236
or edi, 0x1000008
mov ecx, edi
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb38b3  ; call 0xfffb38b3

loc_fffba87f:  ; not directly referenced
inc ebx
add esi, 0xcc
cmp ebx, 2
jne loc_fffba805  ; jne 0xfffba805
xor edi, edi

loc_fffba891:  ; not directly referenced
mov ebx, 1
mov ecx, edi
shl ebx, cl
test byte [ebp - 0x340], bl
jne short loc_fffba8b5  ; jne 0xfffba8b5

loc_fffba8a2:  ; not directly referenced
inc edi
cmp edi, 4
jne short loc_fffba891  ; jne 0xfffba891
mov ebx, dword [ebp - 0x348]
xor esi, esi
jmp near loc_fffba9e4  ; jmp 0xfffba9e4

loc_fffba8b5:  ; not directly referenced
xor esi, esi

loc_fffba8b7:  ; not directly referenced
imul eax, esi, 0x13c3
mov ecx, dword [ebp + 8]
mov byte [ebp - 0x33c], bl
test byte [ecx + eax + 0x381b], bl
je short loc_fffba91d  ; je 0xfffba91d
mov eax, dword [ebp + 8]
sub esp, 0xc
mov ecx, esi
mov edx, 1
shl edx, cl
mov ecx, ebx
push 0
call fcn_fffd314a  ; call 0xfffd314a
add esp, 0x10
mov dword [ebp - 0x344], eax
test eax, eax
jne loc_fffbb096  ; jne 0xfffbb096
sub esp, 0xc
mov eax, dword [ebp + 8]
mov ecx, edi
push 0
mov edx, esi
push 0x4000
push 0x3000
push 4
push ref_fffd6958  ; push 0xfffd6958
call fcn_fffd2e0a  ; call 0xfffd2e0a
add esp, 0x20

loc_fffba91d:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffba8b7  ; jne 0xfffba8b7
push eax
mov ecx, 0x7f
push eax
mov edx, edi
lea eax, [ebp - 0x2a8]
xor si, si
push eax
mov eax, dword [ebp + 8]
push 2
call fcn_fffd2f45  ; call 0xfffd2f45
xor ecx, ecx
pop eax
pop edx
mov edx, edi
lea eax, [ebp - 0x260]
push eax
mov eax, dword [ebp + 8]
push 0xfffffffffffffffe
call fcn_fffd2f45  ; call 0xfffd2f45
add esp, 0x10

loc_fffba95a:  ; not directly referenced
imul eax, esi, 0x13c3
mov ecx, dword [ebp + 8]
mov dl, byte [ebp - 0x33c]
test byte [ecx + eax + 0x381b], dl
jne short loc_fffba97d  ; jne 0xfffba97d

loc_fffba972:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffba95a  ; jne 0xfffba95a
jmp near loc_fffba8a2  ; jmp 0xfffba8a2

loc_fffba97d:  ; not directly referenced
push eax
push 1
push 0x60
push 3
push ebx
push 2
push esi
push dword [ebp + 8]
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x1c
push 1
push 0x60
push 1
push ebx
push 3
push esi
push dword [ebp + 8]
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x1c
push 1
push 0x60
push 2
push ebx
push 1
push esi
push dword [ebp + 8]
call fcn_fffabc7a  ; call 0xfffabc7a
mov eax, dword [ebp + 8]
add esp, 0x14
mov ecx, esi
mov edx, 1
shl edx, cl
mov ecx, ebx
push 2
call fcn_fffd314a  ; call 0xfffd314a
add esp, 0x10
mov dword [ebp - 0x344], eax
test eax, eax
je short loc_fffba972  ; je 0xfffba972
jmp near loc_fffbb096  ; jmp 0xfffbb096

loc_fffba9e4:  ; not directly referenced
imul eax, esi, 0x13c3
mov edi, dword [ebp + 8]
cmp dword [edi + eax + 0x3757], 2
je short loc_fffbaa4b  ; je 0xfffbaa4b

loc_fffba9f7:  ; not directly referenced
inc esi
add ebx, 0xcc
cmp esi, 2
jne short loc_fffba9e4  ; jne 0xfffba9e4
mov eax, dword [ebp + 8]
mov ebx, dword [eax + 0x2444]
lea eax, [ebp - 0x2c8]
push esi
xor esi, esi
push 0x7f
push 4
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 4
lea eax, [ebp - 0x2e8]
push eax
call dword [ebx + 0x5c]  ; ucall
lea eax, [ebp - 0x2a8]
add esp, 0x10
mov dword [ebp - 0x34c], eax
lea eax, [ebp - 0x260]
mov dword [ebp - 0x348], eax
jmp short loc_fffbaaab  ; jmp 0xfffbaaab

loc_fffbaa4b:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ecx, 0xff
mov edx, esi
call fcn_fffa7236  ; call 0xfffa7236
mov ecx, dword [ebx]
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb38b3  ; call 0xfffb38b3
mov byte [ebp - 0x33c], 0

loc_fffbaa6d:  ; not directly referenced
mov edi, dword [ebp + 8]
mov al, byte [ebp - 0x33c]
cmp al, byte [edi + 0x2489]
jae loc_fffba9f7  ; jae 0xfffba9f7
movzx edi, byte [ebp - 0x33c]
mov edx, esi
mov eax, dword [ebp + 8]
mov ecx, edi
call fcn_fffa71bc  ; call 0xfffa71bc
mov ecx, dword [ebx + edi*4 + 0x28]
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
inc byte [ebp - 0x33c]
jmp short loc_fffbaa6d  ; jmp 0xfffbaa6d

loc_fffbaaab:  ; not directly referenced
imul eax, esi, 0x13c3
mov edi, dword [ebp + 8]
cmp dword [edi + eax + 0x3757], 2
jne loc_fffbabde  ; jne 0xfffbabde
mov al, byte [edi + eax + 0x381b]
lea ecx, [ebp - 0x18]
mov edi, dword [ebp - 0x348]
mov dword [ebp - 0x33c], 0
mov byte [ebp - 0x368], al
imul eax, esi, 0x54a
mov dword [ebp - 0x350], eax
mov eax, dword [ebp - 0x34c]
mov dword [ebp - 0x344], eax
lea eax, [esi + esi]
add eax, ecx
mov dword [ebp - 0x378], eax

loc_fffbab05:  ; not directly referenced
mov cl, byte [ebp - 0x33c]
mov eax, 1
shl eax, cl
test byte [ebp - 0x368], al
je short loc_fffbab2d  ; je 0xfffbab2d
mov eax, dword [ebp + 8]
xor ecx, ecx
mov al, byte [eax + 0x2489]
mov byte [ebp - 0x354], al
jmp short loc_fffbab7e  ; jmp 0xfffbab7e

loc_fffbab2d:  ; not directly referenced
inc dword [ebp - 0x33c]
add edi, 9
add dword [ebp - 0x344], 9
cmp dword [ebp - 0x33c], 4
jne short loc_fffbab05  ; jne 0xfffbab05
movzx edx, byte [ebp + esi*2 - 0x2c8]
movzx eax, byte [ebp + esi*2 - 0x2e8]
add eax, edx
movzx edx, byte [ebp + esi*2 - 0x2c7]
sar eax, 1
mov byte [ebp + esi*2 - 0x308], al
movzx eax, byte [ebp + esi*2 - 0x2e7]
add eax, edx
sar eax, 1
mov byte [ebp + esi*2 - 0x307], al
jmp short loc_fffbabde  ; jmp 0xfffbabde

loc_fffbab7e:  ; not directly referenced
cmp byte [ebp - 0x354], cl
jbe short loc_fffbab2d  ; jbe 0xfffbab2d
mov edx, dword [ebp - 0x350]
mov eax, dword [ebp + 8]
mov ebx, dword [ebp - 0x344]
movzx eax, byte [eax + edx + 0x1ead]
mov dl, byte [ebx + ecx]
sar eax, cl
and eax, 1
xor eax, 1
add eax, dword [ebp - 0x378]
mov bl, byte [eax - 0x2b0]
cmp byte [eax - 0x2b0], dl
cmovbe edx, ebx
mov bl, byte [eax - 0x2d0]
mov byte [eax - 0x2b0], dl
mov dl, byte [edi + ecx]
cmp byte [eax - 0x2d0], dl
cmovae edx, ebx
inc ecx
mov byte [eax - 0x2d0], dl
jmp short loc_fffbab7e  ; jmp 0xfffbab7e

loc_fffbabde:  ; not directly referenced
inc esi
add dword [ebp - 0x34c], 0x24
add dword [ebp - 0x348], 0x24
cmp esi, 2
jne loc_fffbaaab  ; jne 0xfffbaaab
movzx esi, byte [ebp - 0x340]
xor ebx, ebx

loc_fffbabff:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edi, dword [ebp + 8]
cmp dword [edi + eax + 0x3757], 2
jne short loc_fffbac81  ; jne 0xfffbac81
movzx eax, byte [ebp + ebx*2 - 0x308]
push ecx
push 1
push eax
push 1
push esi
push 2
push ebx
push edi
call fcn_fffabc7a  ; call 0xfffabc7a
movzx eax, byte [ebp + ebx*2 - 0x308]
add esp, 0x1c
push 1
push eax
push 1
push esi
push 3
push ebx
push dword [ebp + 8]
call fcn_fffabc7a  ; call 0xfffabc7a
movzx eax, byte [ebp + ebx*2 - 0x307]
add esp, 0x1c
push 1
push eax
push 2
push esi
push 2
push ebx
push dword [ebp + 8]
call fcn_fffabc7a  ; call 0xfffabc7a
movzx eax, byte [ebp + ebx*2 - 0x307]
add esp, 0x1c
push 1
push eax
push 2
push esi
push 1
push ebx
push dword [ebp + 8]
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20

loc_fffbac81:  ; not directly referenced
inc ebx
cmp ebx, 2
jne loc_fffbabff  ; jne 0xfffbabff
mov eax, dword [ebp + 8]
mov dword [ebp - 0x344], 0
mov dword [ebp - 0x348], 0x4224
add eax, 0x3757
mov dword [ebp - 0x34c], eax
mov eax, dword [ebp + 8]
add eax, 0x196b
mov dword [ebp - 0x340], eax

loc_fffbacbb:  ; not directly referenced
mov eax, dword [ebp - 0x34c]
cmp dword [eax], 2
jne loc_fffbb05b  ; jne 0xfffbb05b
xor ebx, ebx
xor edi, edi
mov byte [ebp - 0x350], 0
xor ecx, ecx
xor eax, eax

loc_fffbacd9:  ; not directly referenced
mov esi, dword [ebp - 0x340]
mov dl, byte [esi + eax + 0x4f6]
cmp dl, 2
je short loc_fffbad0b  ; je 0xfffbad0b
ja short loc_fffbacf9  ; ja 0xfffbacf9
mov esi, eax
and esi, 7
test dl, dl
cmove ebx, esi
jmp short loc_fffbad1d  ; jmp 0xfffbad1d

loc_fffbacf9:  ; not directly referenced
cmp dl, 4
je short loc_fffbad12  ; je 0xfffbad12
mov esi, eax
and esi, 7
cmp dl, 6
cmove ecx, esi
jmp short loc_fffbad1d  ; jmp 0xfffbad1d

loc_fffbad0b:  ; not directly referenced
mov edi, eax
and edi, 7
jmp short loc_fffbad1d  ; jmp 0xfffbad1d

loc_fffbad12:  ; not directly referenced
mov dl, al
and edx, 7
mov byte [ebp - 0x350], dl

loc_fffbad1d:  ; not directly referenced
inc eax
cmp eax, 8
jne short loc_fffbacd9  ; jne 0xfffbacd9
mov eax, edi
mov edx, ebx
shl eax, 0x1c
xor esi, esi
mov dword [ebp - 0x33c], eax
movzx eax, cl
xor edi, edi
mov dword [ebp - 0x3cc], eax
shl eax, 0x1c
xor ebx, ebx
mov dword [ebp - 0x354], eax
mov eax, dword [ebp - 0x350]
shl edx, 0x18
or dword [ebp - 0x33c], edx
shr edx, 0x18
mov ecx, edx
shl eax, 0x18
or dword [ebp - 0x354], eax
shr eax, 0x18
mov dword [ebp - 0x388], eax
mov al, byte [ebp - 0x33c]
mov dword [ebp - 0x3d4], edx
mov edx, dword [ebp - 0x340]
mov byte [ebp - 0x378], 0
mov byte [ebp - 0x3a8], 0
and eax, 7
mov byte [ebp - 0x368], al
mov al, byte [ebp - 0x354]
lea ecx, [edx + ecx*8]
mov byte [ebp - 0x390], 0
mov byte [ebp - 0x38c], 0
mov byte [ebp - 0x358], 0
and eax, 7
mov byte [ebp - 0x350], al
mov eax, dword [ebp - 0x33c]
mov byte [ebp - 0x3c8], 0
mov byte [ebp - 0x3b8], 0
mov dword [ebp - 0x398], ecx
shr eax, 0x1c
lea eax, [edx + eax*8]
mov dword [ebp - 0x394], eax
movzx eax, byte [ebp - 0x388]
lea eax, [edx + eax*8]
mov dword [ebp - 0x3d0], eax
mov eax, dword [ebp - 0x3cc]
lea eax, [edx + eax*8]
xor edx, edx
mov dword [ebp - 0x3cc], eax
xor eax, eax

loc_fffbae07:  ; not directly referenced
mov ecx, dword [ebp - 0x398]
mov cl, byte [ecx + edx + 0x4fe]
cmp cl, 1
je short loc_fffbae2b  ; je 0xfffbae2b
jb short loc_fffbae23  ; jb 0xfffbae23
cmp cl, 2
cmove esi, eax
jmp short loc_fffbae31  ; jmp 0xfffbae31

loc_fffbae23:  ; not directly referenced
mov byte [ebp - 0x368], al
jmp short loc_fffbae31  ; jmp 0xfffbae31

loc_fffbae2b:  ; not directly referenced
mov byte [ebp - 0x378], al

loc_fffbae31:  ; not directly referenced
mov ecx, dword [ebp - 0x394]
mov cl, byte [ecx + edx + 0x4fe]
cmp cl, 0x11
je short loc_fffbae50  ; je 0xfffbae50
cmp cl, 0x12
je short loc_fffbae58  ; je 0xfffbae58
cmp cl, 0x10
cmove edi, eax
jmp short loc_fffbae5e  ; jmp 0xfffbae5e

loc_fffbae50:  ; not directly referenced
mov byte [ebp - 0x3a8], al
jmp short loc_fffbae5e  ; jmp 0xfffbae5e

loc_fffbae58:  ; not directly referenced
mov byte [ebp - 0x390], al

loc_fffbae5e:  ; not directly referenced
mov ecx, dword [ebp - 0x3d0]
mov cl, byte [ecx + edx + 0x4fe]
cmp cl, 0x21
je short loc_fffbae89  ; je 0xfffbae89
cmp cl, 0x22
je short loc_fffbae91  ; je 0xfffbae91
cmp cl, 0x20
mov cl, byte [ebp - 0x350]
cmove ecx, eax
mov byte [ebp - 0x350], cl
jmp short loc_fffbae97  ; jmp 0xfffbae97

loc_fffbae89:  ; not directly referenced
mov byte [ebp - 0x38c], al
jmp short loc_fffbae97  ; jmp 0xfffbae97

loc_fffbae91:  ; not directly referenced
mov byte [ebp - 0x358], al

loc_fffbae97:  ; not directly referenced
mov ecx, dword [ebp - 0x3cc]
mov cl, byte [ecx + edx + 0x4fe]
cmp cl, 0x31
je short loc_fffbaeb6  ; je 0xfffbaeb6
cmp cl, 0x32
je short loc_fffbaebe  ; je 0xfffbaebe
cmp cl, 0x30
cmove ebx, eax
jmp short loc_fffbaec4  ; jmp 0xfffbaec4

loc_fffbaeb6:  ; not directly referenced
mov byte [ebp - 0x3c8], al
jmp short loc_fffbaec4  ; jmp 0xfffbaec4

loc_fffbaebe:  ; not directly referenced
mov byte [ebp - 0x3b8], al

loc_fffbaec4:  ; not directly referenced
inc eax
inc edx
and eax, 7
cmp edx, 8
jne loc_fffbae07  ; jne 0xfffbae07
mov ecx, dword [ebp - 0x368]
and esi, 7
and edi, 7
mov eax, dword [ebp - 0x378]
shl esi, 8
shl edi, 0xc
mov edx, dword [ebp - 0x38c]
and ecx, 7
or ecx, dword [ebp - 0x33c]
and eax, 7
shl eax, 4
and edx, 7
shl edx, 4
or ecx, eax
mov eax, dword [ebp - 0x3a8]
or ecx, esi
mov esi, dword [ebp - 0x350]
and ecx, 0xfff88fff
or ecx, edi
and eax, 7
shl eax, 0x10
and esi, 7
or ecx, eax
mov eax, dword [ebp - 0x390]
and ecx, 0xff8fffff
or esi, dword [ebp - 0x354]
and eax, 7
shl eax, 0x14
or esi, edx
mov edx, dword [ebp - 0x3c8]
or ecx, eax
mov eax, dword [ebp - 0x358]
and edx, 7
and eax, 7
shl eax, 8
or esi, eax
mov eax, ebx
and eax, 7
and esi, 0xfff88fff
shl eax, 0xc
or esi, eax
mov eax, dword [ebp - 0x3b8]
shl edx, 0x10
or esi, edx
and esi, 0xff8fffff
and eax, 7
shl eax, 0x14
or esi, eax
mov eax, dword [ebp - 0x34c]
cmp byte [eax + 0x1264], 0x20
jne loc_fffbb01e  ; jne 0xfffbb01e
mov ebx, dword [ebp - 0x3d4]
and ecx, 0x8fffffff
and esi, 0x8fffffff
shl ebx, 0x1c
or ecx, ebx
mov eax, ecx
and ch, 0x8f
and eax, 7
shl eax, 0xc
or ecx, eax
mov eax, ecx
and ecx, 0xfff8ffff
shl eax, 0xc
and eax, 0x70000
or ecx, eax
mov eax, ecx
and ecx, 0xff8fffff
shl eax, 0xc
and eax, 0x700000
or ecx, eax
mov eax, dword [ebp - 0x388]
shl eax, 0x1c
or esi, eax
mov eax, esi
and esi, 0xffff8fff
and eax, 7
shl eax, 0xc
or esi, eax
mov eax, esi
and esi, 0xfff8ffff
shl eax, 0xc
and eax, 0x70000
or esi, eax
mov eax, esi
and esi, 0xff8fffff
shl eax, 0xc
and eax, 0x700000
or esi, eax

loc_fffbb01e:  ; not directly referenced
mov edi, dword [ebp - 0x348]
mov ebx, dword [ebp + 8]
mov eax, edi
sub eax, 4
cmp dword [ebx + 0x188b], 1
lea edx, [edi + 4]
cmovne edx, eax
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov eax, edi
mov ecx, esi
lea edx, [edi + 8]
mov edi, dword [ebp + 8]
cmp dword [edi + 0x188b], 1
cmovne edx, eax
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381

loc_fffbb05b:  ; not directly referenced
mov eax, dword [ebp - 0x348]
add dword [ebp - 0x34c], 0x13c3
add dword [ebp - 0x340], 0x54a
add eax, 0x400
cmp eax, 0x4a24
je short loc_fffbb08c  ; je 0xfffbb08c
mov dword [ebp - 0x348], eax
jmp near loc_fffbacbb  ; jmp 0xfffbacbb

loc_fffbb08c:  ; not directly referenced
mov eax, dword [ebp + 8]
mov byte [eax + 0x247d], 1

loc_fffbb096:  ; not directly referenced
mov eax, dword [ebp - 0x344]
jmp near loc_fffbb9de  ; jmp 0xfffbb9de

loc_fffbb0a1:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edi, dword [ebp - 0x344]
add eax, 0x3757
add edi, 0x70
mov ebx, eax
mov dword [ebp - 0x3d0], edi
mov esi, edi
xor edi, edi
mov dword [ebp - 0x3cc], eax

loc_fffbb0c4:  ; not directly referenced
cmp dword [ebx], 2
jne loc_fffbb15f  ; jne 0xfffbb15f
mov byte [ebp - 0x340], 0

loc_fffbb0d4:  ; not directly referenced
mov eax, dword [ebp + 8]
mov cl, byte [ebp - 0x340]
movzx eax, byte [eax + 0x2489]
cmp cl, al
jae short loc_fffbb14e  ; jae 0xfffbb14e
movzx eax, cl
mov dword [ebp - 0x33c], 0
mov dword [ebp - 0x34c], eax

loc_fffbb0fb:  ; not directly referenced
mov cl, byte [ebp - 0x33c]
mov eax, 1
shl eax, cl
test byte [ebx + 0xc4], al
je short loc_fffbb137  ; je 0xfffbb137
mov eax, dword [ebp + 8]
cmp byte [eax + 0x18b2], 1
jne short loc_fffbb137  ; jne 0xfffbb137
push edx
mov ecx, dword [ebp - 0x33c]
mov edx, edi
push 0x20
push 5
push dword [ebp - 0x34c]
call fcn_fffa7447  ; call 0xfffa7447
add esp, 0x10

loc_fffbb137:  ; not directly referenced
inc dword [ebp - 0x33c]
cmp dword [ebp - 0x33c], 4
jne short loc_fffbb0fb  ; jne 0xfffbb0fb
inc byte [ebp - 0x340]
jmp short loc_fffbb0d4  ; jmp 0xfffbb0d4

loc_fffbb14e:  ; not directly referenced
push ecx
push 0
push eax
mov eax, dword [ebp - 0x38c]
push esi
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffbb15f:  ; not directly referenced
inc edi
add ebx, 0x13c3
add esi, 0xcc
cmp edi, 2
jne loc_fffbb0c4  ; jne 0xfffbb0c4
mov eax, dword [ebp + 8]
movzx edx, byte [ebp - 0x348]
call fcn_fffaeb5f  ; call 0xfffaeb5f
mov eax, dword [ebp - 0x344]
mov dword [ebp - 0x33c], 0
add eax, 0x1c
mov dword [ebp - 0x3b8], eax

loc_fffbb19d:  ; not directly referenced
mov edi, dword [ebp - 0x33c]
mov eax, edi
mov byte [ebp - 0x388], al
cmp edi, 0x80
je loc_fffbb83d  ; je 0xfffbb83d
mov edi, dword [ebp - 0x33c]
mov eax, edi
and eax, 0x7f
mov ebx, eax
mov ecx, eax
mov edx, eax
shl ebx, 0xe
shl ecx, 0x15
shl edx, 7
or ecx, ebx
or ecx, edx
mov edx, 0x390c
or ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffb38b3  ; call 0xfffb38b3
sub esp, 0xc
push dword [ebp + 8]
call fcn_fffc9f5d  ; call 0xfffc9f5d
mov eax, edi
add esp, 0x10
shr al, 1
movzx eax, al
lea eax, [ebp + eax*8 - 0x218]
mov dword [ebp - 0x378], eax
mov dword [ebp - 0x390], 0
mov dword [ebp - 0x358], 0

loc_fffbb21a:  ; not directly referenced
mov cl, byte [ebp - 0x358]
mov dword [ebp - 0x340], 1
shl dword [ebp - 0x340], cl
mov al, byte [ebp - 0x340]
test byte [ebp - 0x3c8], al
jne short loc_fffbb266  ; jne 0xfffbb266

loc_fffbb23e:  ; not directly referenced
inc dword [ebp - 0x358]
inc dword [ebp - 0x378]
add dword [ebp - 0x390], 4
cmp dword [ebp - 0x358], 4
jne short loc_fffbb21a  ; jne 0xfffbb21a
add dword [ebp - 0x33c], 2
jmp near loc_fffbb19d  ; jmp 0xfffbb19d

loc_fffbb266:  ; not directly referenced
xor ebx, ebx

loc_fffbb268:  ; not directly referenced
mov edi, dword [ebp - 0x340]
mov edx, ebx
mov eax, dword [ebp + 8]
mov ecx, edi
call fcn_fffad317  ; call 0xfffad317
imul eax, ebx, 0x13c3
mov esi, dword [ebp + 8]
mov dword [ebp + ebx*4 - 0x338], 0
mov edx, edi
mov dword [ebp + ebx*4 - 0x330], 0
test byte [esi + eax + 0x381b], dl
je short loc_fffbb2e2  ; je 0xfffbb2e2
mov ecx, dword [ebp - 0x340]
mov eax, esi
mov esi, ebx
push edx
push edx
mov edx, ebx
push 4
push 3
call fcn_fffa96cb  ; call 0xfffa96cb
mov eax, dword [ebp + 8]
shl esi, 0xa
add esi, 0x4194
mov edx, esi
call fcn_fffb331f  ; call 0xfffb331f
mov edx, esi
or eax, 0x80000000
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
add esp, 0x10

loc_fffbb2e2:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffbb268  ; jne 0xfffbb268
mov al, byte [ebp - 0x340]
mov dword [ebp - 0x34c], 0xffffffe0
mov byte [ebp - 0x344], al
mov eax, dword [ebp + 8]
movzx ecx, byte [eax + 0x2489]
mov eax, 1
shl eax, cl
dec eax
mov dword [ebp - 0x348], eax

loc_fffbb316:  ; not directly referenced
push 1
mov edi, dword [ebp - 0x34c]
xor ebx, ebx
push 0
push 0
push 0
push 0
mov eax, edi
push 0
push 0
push 1
push 0
push edi
push 1
push dword [ebp + 8]
mov byte [ebp - 0x350], al
call fcn_fffcd268  ; call 0xfffcd268
mov edi, dword [ebp - 0x3b8]
add esp, 0x30

loc_fffbb34c:  ; not directly referenced
imul eax, ebx, 0x13c3
mov ecx, dword [ebp + 8]
xor esi, esi
mov dl, byte [ebp - 0x344]
test byte [ecx + eax + 0x381b], dl
je short loc_fffbb3c5  ; je 0xfffbb3c5

loc_fffbb366:  ; not directly referenced
mov ecx, dword [ebp + 8]
mov eax, esi
cmp al, byte [ecx + 0x2489]
jae short loc_fffbb3a4  ; jae 0xfffbb3a4
mov eax, esi
mov edx, ebx
movzx eax, al
inc esi
mov ecx, eax
mov dword [ebp - 0x354], eax
mov eax, dword [ebp + 8]
call fcn_fffa71bc  ; call 0xfffa71bc
mov ecx, dword [ebp - 0x354]
mov ecx, dword [edi + ecx*4 + 0x28]
mov edx, eax
mov eax, dword [ebp + 8]
or ecx, 0x60
call fcn_fffb38b3  ; call 0xfffb38b3
jmp short loc_fffbb366  ; jmp 0xfffbb366

loc_fffbb3a4:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ecx, 0xff
mov edx, ebx
call fcn_fffa7236  ; call 0xfffa7236
mov ecx, dword [edi]
or ecx, 0x1000001
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381

loc_fffbb3c5:  ; not directly referenced
inc ebx
add edi, 0xcc
cmp ebx, 2
jne loc_fffbb34c  ; jne 0xfffbb34c
mov eax, dword [ebp + 8]
xor bl, bl
call fcn_fffaa4a9  ; call 0xfffaa4a9
mov eax, dword [ebp + 8]
mov ecx, 5
mov edx, 0x4800
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
mov edx, 2
call fcn_fffa82f9  ; call 0xfffa82f9
mov eax, dword [ebp + 8]
call fcn_fffaa4a9  ; call 0xfffaa4a9
mov eax, dword [ebp + 8]
mov edx, 2
call fcn_fffa82f9  ; call 0xfffa82f9
mov eax, dword [ebp + 8]
mov ecx, 2
mov edx, 0x4800
call fcn_fffb3381  ; call 0xfffb3381

loc_fffbb425:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edi, dword [ebp + 8]
mov dl, byte [ebp - 0x344]
test byte [edi + eax + 0x381b], dl
je short loc_fffbb4a7  ; je 0xfffbb4a7
xor edi, edi

loc_fffbb43f:  ; not directly referenced
mov ecx, dword [ebp + 8]
mov eax, edi
cmp al, byte [ecx + 0x2489]
jae short loc_fffbb484  ; jae 0xfffbb484
mov eax, edi
mov edx, ebx
movzx ecx, al
mov eax, dword [ebp + 8]
call fcn_fffa75c5  ; call 0xfffa75c5
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 1
mov ecx, edi
shl edx, cl
dec eax
jne short loc_fffbb47a  ; jne 0xfffbb47a
or dword [ebp + ebx*4 - 0x338], edx
jmp short loc_fffbb481  ; jmp 0xfffbb481

loc_fffbb47a:  ; not directly referenced
or dword [ebp + ebx*4 - 0x330], edx

loc_fffbb481:  ; not directly referenced
inc edi
jmp short loc_fffbb43f  ; jmp 0xfffbb43f

loc_fffbb484:  ; not directly referenced
mov eax, dword [ebp - 0x348]
cmp dword [ebp + ebx*4 - 0x338], eax
jne short loc_fffbb4a7  ; jne 0xfffbb4a7
mov edi, dword [ebp - 0x378]
mov al, byte [ebp - 0x350]
cmp byte [edi + ebx*4], al
jle short loc_fffbb4a7  ; jle 0xfffbb4a7
mov byte [edi + ebx*4], al

loc_fffbb4a7:  ; not directly referenced
inc ebx
cmp ebx, 2
jne loc_fffbb425  ; jne 0xfffbb425
mov ebx, dword [ebp - 0x3b8]
xor edi, edi

loc_fffbb4b9:  ; not directly referenced
imul eax, edi, 0x13c3
mov ecx, dword [ebp + 8]
xor esi, esi
mov dl, byte [ebp - 0x344]
test byte [ecx + eax + 0x381b], dl
je short loc_fffbb530  ; je 0xfffbb530

loc_fffbb4d3:  ; not directly referenced
mov edx, dword [ebp + 8]
mov eax, esi
cmp al, byte [edx + 0x2489]
jae short loc_fffbb50e  ; jae 0xfffbb50e
mov eax, esi
mov edx, edi
movzx eax, al
inc esi
mov ecx, eax
mov dword [ebp - 0x350], eax
mov eax, dword [ebp + 8]
call fcn_fffa71bc  ; call 0xfffa71bc
mov ecx, dword [ebp - 0x350]
mov ecx, dword [ebx + ecx*4 + 0x28]
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
jmp short loc_fffbb4d3  ; jmp 0xfffbb4d3

loc_fffbb50e:  ; not directly referenced
mov eax, edx
call fcn_fffaa4a9  ; call 0xfffaa4a9
mov eax, dword [ebp + 8]
mov ecx, 0xff
mov edx, edi
call fcn_fffa7236  ; call 0xfffa7236
mov ecx, dword [ebx]
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb38b3  ; call 0xfffb38b3

loc_fffbb530:  ; not directly referenced
inc edi
add ebx, 0xcc
cmp edi, 2
jne loc_fffbb4b9  ; jne 0xfffbb4b9
mov edi, dword [ebp + 8]
mov al, byte [ebp - 0x344]
test byte [edi + 0x381b], al
je short loc_fffbb56f  ; je 0xfffbb56f
mov eax, dword [ebp - 0x348]
cmp dword [ebp - 0x338], eax
jne loc_fffbb9c5  ; jne 0xfffbb9c5
cmp dword [ebp - 0x330], eax
jne loc_fffbb9c5  ; jne 0xfffbb9c5

loc_fffbb56f:  ; not directly referenced
mov ebx, dword [ebp + 8]
mov al, byte [ebp - 0x344]
test byte [ebx + 0x4bde], al
je short loc_fffbb59e  ; je 0xfffbb59e
mov eax, dword [ebp - 0x348]
cmp dword [ebp - 0x334], eax
jne loc_fffbb9c5  ; jne 0xfffbb9c5
cmp dword [ebp - 0x32c], eax
jne loc_fffbb9c5  ; jne 0xfffbb9c5

loc_fffbb59e:  ; not directly referenced
mov eax, dword [ebp - 0x390]
mov edx, dword [ebp - 0x33c]
lea edi, [ebp + eax - 0x260]
lea ebx, [ebp + eax - 0x2a8]
mov dword [ebp - 0x350], edi
mov edi, eax
mov dword [ebp - 0x354], ebx
lea ebx, [ebp + edi - 0x2e8]
mov dword [ebp - 0x34c], ebx
mov ebx, edi
lea ebx, [ebp + ebx - 0x328]
lea ecx, [edx - 2]
mov dword [ebp - 0x368], ebx
lea eax, [ebp + eax - 0x2c8]
xor ebx, ebx
lea edi, [ebp + edi - 0x308]
mov dword [ebp - 0x3a8], ecx

loc_fffbb5fb:  ; not directly referenced
imul edx, ebx, 0x13c3
mov esi, dword [ebp + 8]
mov cl, byte [ebp - 0x344]
test byte [esi + edx + 0x381b], cl
je loc_fffbb7a6  ; je 0xfffbb7a6
mov esi, dword [ebp - 0x348]
xor ecx, ecx
cmp dword [ebp + ebx*4 - 0x338], esi
jne short loc_fffbb634  ; jne 0xfffbb634
xor ecx, ecx
cmp dword [ebp + ebx*4 - 0x330], esi
sete cl

loc_fffbb634:  ; not directly referenced
cmp byte [ebp - 0x388], 0
setne dl
test dl, cl
je short loc_fffbb661  ; je 0xfffbb661
mov ecx, dword [ebp - 0x378]
movsx edx, byte [ecx + ebx*4]
movsx ecx, byte [ecx + ebx*4 - 8]
sub edx, ecx
cmp edx, 0x10
setle dl
movzx edx, dl
jmp near loc_fffbb6f0  ; jmp 0xfffbb6f0

loc_fffbb661:  ; not directly referenced
cmp byte [ebp - 0x388], 0
mov edx, ecx
jne loc_fffbb6f0  ; jne 0xfffbb6f0
mov esi, dword [ebp - 0x368]
test ecx, ecx
je short loc_fffbb6b5  ; je 0xfffbb6b5
mov dword [esi], 0
mov esi, dword [ebp - 0x34c]
mov dword [edi], 0
mov dword [eax], 0
mov dword [esi], 0
mov esi, dword [ebp - 0x354]
mov dword [esi], 0
mov esi, dword [ebp - 0x350]
mov dword [esi], 0
jmp near loc_fffbb7a6  ; jmp 0xfffbb7a6

loc_fffbb6b5:  ; not directly referenced
mov dword [esi], 0xfffffffe
mov esi, dword [ebp - 0x34c]
mov dword [edi], 0xfffffffe
mov dword [eax], 0xfffffffe
mov dword [esi], 0xfffffffe
mov esi, dword [ebp - 0x354]
mov dword [esi], 0xfffffffe
mov esi, dword [ebp - 0x350]
mov dword [esi], 0xfffffffe
jmp near loc_fffbb7a6  ; jmp 0xfffbb7a6

loc_fffbb6f0:  ; not directly referenced
test edx, edx
je loc_fffbb7a6  ; je 0xfffbb7a6
mov esi, dword [ebp - 0x3a8]
cmp dword [edi], esi
jne short loc_fffbb70a  ; jne 0xfffbb70a
mov esi, dword [ebp - 0x33c]
mov dword [edi], esi

loc_fffbb70a:  ; not directly referenced
mov esi, dword [ebp - 0x3a8]
cmp dword [eax], esi
jne short loc_fffbb71e  ; jne 0xfffbb71e
mov esi, dword [ebp - 0x33c]
mov dword [eax], esi
jmp short loc_fffbb72e  ; jmp 0xfffbb72e

loc_fffbb71e:  ; not directly referenced
mov ecx, dword [ebp - 0x33c]
mov esi, dword [ebp - 0x34c]
mov dword [eax], ecx
mov dword [esi], ecx

loc_fffbb72e:  ; not directly referenced
cmp byte [ebp - 0x388], 0x7e
jne short loc_fffbb754  ; jne 0xfffbb754
mov esi, dword [ebp - 0x368]
cmp dword [esi], 0
jne short loc_fffbb754  ; jne 0xfffbb754
mov edx, dword [edi]
mov ecx, dword [ebp - 0x33c]
cmp edx, ecx
je short loc_fffbb754  ; je 0xfffbb754
lea edx, [edx + ecx + 2]
mov dword [eax], edx

loc_fffbb754:  ; not directly referenced
mov edx, dword [ebp - 0x34c]
mov esi, dword [eax]
mov dword [ebp - 0x3d4], eax
mov ecx, dword [ebp - 0x354]
mov edx, dword [edx]
mov eax, esi
mov dword [ebp - 0x394], esi
sub eax, edx
mov dword [ebp - 0x398], edx
mov edx, dword [ebp - 0x350]
mov edx, dword [edx]
sub edx, dword [ecx]
cmp eax, edx
mov eax, dword [ebp - 0x3d4]
jle short loc_fffbb7a6  ; jle 0xfffbb7a6
mov esi, ecx
mov ecx, dword [ebp - 0x398]
mov dword [esi], ecx
mov esi, dword [ebp - 0x350]
mov ecx, dword [ebp - 0x394]
mov dword [esi], ecx

loc_fffbb7a6:  ; not directly referenced
inc ebx
add edi, 0x10
add dword [ebp - 0x368], 0x10
add eax, 0x10
add dword [ebp - 0x34c], 0x10
add dword [ebp - 0x354], 0x10
add dword [ebp - 0x350], 0x10
cmp ebx, 2
jne loc_fffbb5fb  ; jne 0xfffbb5fb
mov edi, dword [ebp + 8]
mov al, byte [ebp - 0x340]
test byte [edi + 0x381b], al
je short loc_fffbb803  ; je 0xfffbb803
mov edx, 0x4194
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x4194
and eax, 0x7fffffff
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381

loc_fffbb803:  ; not directly referenced
mov edi, dword [ebp + 8]
mov al, byte [ebp - 0x340]
test byte [edi + 0x4bde], al
je loc_fffbb23e  ; je 0xfffbb23e
mov edx, 0x4594
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x4594
and eax, 0x7fffffff
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
jmp near loc_fffbb23e  ; jmp 0xfffbb23e

loc_fffbb83d:  ; not directly referenced
mov eax, dword [ebp - 0x3d0]
xor di, di
mov ebx, dword [ebp - 0x3cc]
mov dword [ebp - 0x340], eax

loc_fffbb852:  ; not directly referenced
cmp dword [ebx], 2
jne loc_fffbb974  ; jne 0xfffbb974
mov al, byte [ebx + 0xc4]
xor ecx, ecx
mov byte [ebp - 0x350], 0
mov byte [ebp - 0x34c], 0
mov byte [ebp - 0x348], 0
mov byte [ebp - 0x354], al
lea eax, [ebp - 0x2a8]
add eax, edi
mov byte [ebp - 0x344], 0
mov dword [ebp - 0x368], eax

loc_fffbb893:  ; not directly referenced
mov edx, 1
mov al, cl
shl edx, cl
test byte [ebp - 0x354], dl
je short loc_fffbb908  ; je 0xfffbb908
mov esi, dword [ebp - 0x368]
lea edx, [ebp - 0x260]
add edx, edi
mov esi, dword [esi + ecx*4]
mov dword [ebp - 0x33c], esi
mov esi, dword [edx + ecx*4]
sub esi, dword [ebp - 0x33c]
je loc_fffbb9be  ; je 0xfffbb9be
mov dl, 0x40
cmp esi, 0x10
jle short loc_fffbb8db  ; jle 0xfffbb8db
mov dl, byte [ebp - 0x33c]
sar esi, 1
add edx, esi

loc_fffbb8db:  ; not directly referenced
and edx, 0x7f
cmp al, 2
je short loc_fffbb8fa  ; je 0xfffbb8fa
cmp al, 3
je short loc_fffbb902  ; je 0xfffbb902
dec al
je short loc_fffbb8f2  ; je 0xfffbb8f2
mov byte [ebp - 0x344], dl
jmp short loc_fffbb908  ; jmp 0xfffbb908

loc_fffbb8f2:  ; not directly referenced
mov byte [ebp - 0x348], dl
jmp short loc_fffbb908  ; jmp 0xfffbb908

loc_fffbb8fa:  ; not directly referenced
mov byte [ebp - 0x34c], dl
jmp short loc_fffbb908  ; jmp 0xfffbb908

loc_fffbb902:  ; not directly referenced
mov byte [ebp - 0x350], dl

loc_fffbb908:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffbb893  ; jne 0xfffbb893
mov ecx, dword [ebp - 0x350]
mov eax, dword [ebp - 0x34c]
mov edx, dword [ebp - 0x348]
and ecx, 0x7f
and eax, 0x7f
shl eax, 0xe
and edx, 0x7f
shl ecx, 0x15
or ecx, eax
mov eax, dword [ebp - 0x344]
shl edx, 7
or ecx, edx
mov edx, edi
shl edx, 4
and eax, 0x7f
add edx, 0x180c
or ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
push eax
mov eax, dword [ebp + 8]
push 0
movzx eax, byte [eax + 0x2489]
push eax
mov eax, dword [ebp - 0x38c]
push dword [ebp - 0x340]
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffbb974:  ; not directly referenced
add edi, 0x10
add ebx, 0x13c3
add dword [ebp - 0x340], 0xcc
cmp edi, 0x20
jne loc_fffbb852  ; jne 0xfffbb852
push 2
push 0
push 0
push 0
push 0
push 0
push 0
push 1
push 0
push 0
push 1
push dword [ebp + 8]
call fcn_fffcd268  ; call 0xfffcd268
add esp, 0x24
push dword [ebp + 8]
call fcn_fffc9f5d  ; call 0xfffc9f5d
add esp, 0x10
jmp short loc_fffbb9de  ; jmp 0xfffbb9de

loc_fffbb9be:  ; not directly referenced
mov eax, 6
jmp short loc_fffbb9de  ; jmp 0xfffbb9de

loc_fffbb9c5:  ; not directly referenced
add dword [ebp - 0x34c], 8
cmp dword [ebp - 0x34c], 0x20
jne loc_fffbb316  ; jne 0xfffbb316
jmp near loc_fffbb59e  ; jmp 0xfffbb59e

loc_fffbb9de:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffbb9e6:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2bc
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x5edd]
mov dword [ebp - 0x294], eax
mov eax, dword [ebp + 8]
mov al, byte [eax + 0x248e]
mov byte [ebp - 0x2a0], al
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x1887]
mov dword [ebp - 0x284], eax
mov eax, dword [ebp + 8]
mov al, byte [eax + 0x247c]
mov byte [ebp - 0x2a4], al
mov eax, dword [ebp + 8]
mov edx, dword [eax + 0x2481]
mov byte [eax + 0x247c], 0
xor eax, eax
cmp edx, 3
sete al
cmp eax, 1
mov dword [ebp - 0x27c], eax
sbb eax, eax
xor ebx, ebx
and eax, 0xfffffc00
add eax, 0x800
cmp edx, 2
sete bl
mov dword [ebp - 0x280], ebx
jne short loc_fffbba7f  ; jne 0xfffbba7f
mov esi, dword [ebp + 8]
mov dx, 0x800
cmp dword [esi + 0x36d8], 0x536
cmovae eax, edx

loc_fffbba7f:  ; not directly referenced
mov esi, dword [ebp + 8]
mov ecx, 0xf4240
xor edi, edi
movzx edx, word [esi + 0x248a]
imul eax, edx
xor edx, edx
add eax, 0xf423f
div ecx
mov dword [ebp - 0x274], eax
mov eax, dword [ebp - 0x294]
add eax, 0x1c
mov dword [ebp - 0x2ac], eax
mov esi, eax

loc_fffbbab3:  ; not directly referenced
imul eax, edi, 0x13c3
mov ecx, dword [ebp + 8]
cmp dword [ecx + eax + 0x3757], 2
je short loc_fffbbaee  ; je 0xfffbbaee

loc_fffbbac6:  ; not directly referenced
inc edi
add esi, 0xcc
cmp edi, 2
jne short loc_fffbbab3  ; jne 0xfffbbab3
imul eax, dword [ebp - 0x274], 0xf
mov dword [ebp - 0x270], 0
mov dword [ebp - 0x298], eax
jmp near loc_fffbbb90  ; jmp 0xfffbbb90

loc_fffbbaee:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ecx, 0xff
mov edx, edi
mov ebx, dword [esi]
call fcn_fffa7236  ; call 0xfffa7236
and ebx, 0xff0fffff
or ebx, 0x200000
mov ecx, ebx
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb38b3  ; call 0xfffb38b3
mov byte [ebp - 0x270], 0

loc_fffbbb1e:  ; not directly referenced
mov ecx, dword [ebp + 8]
mov al, byte [ebp - 0x270]
cmp al, byte [ecx + 0x2489]
jae short loc_fffbbac6  ; jae 0xfffbbac6
movzx ecx, byte [ebp - 0x270]
mov edx, dword [ebp - 0x27c]
mov ebx, dword [esi + ecx*4 + 0x28]
or ebx, 0x20
and ebx, 0xffffffbf
mov eax, ebx
or eax, 0x40000
test edx, edx
cmovne ebx, eax
cmp dword [ebp - 0x280], 0
je short loc_fffbbb72  ; je 0xfffbbb72
mov edx, dword [ebp + 8]
mov eax, ebx
or eax, 0x40000
cmp dword [edx + 0x36d8], 0x536
cmovae ebx, eax

loc_fffbbb72:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, edi
call fcn_fffa71bc  ; call 0xfffa71bc
mov ecx, ebx
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
inc byte [ebp - 0x270]
jmp short loc_fffbbb1e  ; jmp 0xfffbbb1e

loc_fffbbb90:  ; not directly referenced
mov cl, byte [ebp - 0x270]
mov eax, 1
mov esi, eax
shl esi, cl
mov ebx, esi
mov dword [ebp - 0x278], esi
mov byte [ebp - 0x28c], bl
test byte [ebp - 0x2a0], bl
jne short loc_fffbbbd1  ; jne 0xfffbbbd1

loc_fffbbbb5:  ; not directly referenced
inc dword [ebp - 0x270]
cmp dword [ebp - 0x270], 4
jne short loc_fffbbb90  ; jne 0xfffbbb90
mov esi, dword [ebp - 0x2ac]
xor ebx, ebx
jmp near loc_fffbc35a  ; jmp 0xfffbc35a

loc_fffbbbd1:  ; not directly referenced
mov esi, dword [ebp - 0x270]
lea ecx, [esi + 2]
mov edx, esi
and ecx, 2
shl eax, cl
or eax, dword [ebp - 0x278]
shr dl, 1
movzx edx, dl
mov byte [ebp - 0x29c], al
mov eax, dword [ebp + 8]
mov dword [ebp - 0x2a8], edx
add eax, 0x3817
mov dword [ebp - 0x274], eax
imul eax, edx, 0x128
mov edi, eax
mov dword [ebp - 0x2b0], eax
mov eax, esi
mov esi, dword [ebp + 8]
and eax, 1
imul eax, eax, 0x18
add eax, edi
lea edi, [esi + eax + 0x49c4]
xor esi, esi
mov dword [ebp - 0x2b4], eax

loc_fffbbc30:  ; not directly referenced
mov ebx, dword [ebp - 0x278]
mov ecx, dword [ebp - 0x274]
mov byte [ebp - 0x290], bl
test byte [ecx + 4], bl
je loc_fffbbe03  ; je 0xfffbbe03
cmp dword [ebp - 0x27c], 0
je short loc_fffbbc78  ; je 0xfffbbc78
push ecx
mov ecx, dword [ebp - 0x270]
mov edx, esi
push 0
mov ax, word [edi + 2]
or al, 0x80
movzx eax, ax
push eax
mov eax, dword [ebp + 8]
push 2
call fcn_fffacb43  ; call 0xfffacb43
jmp near loc_fffbbd89  ; jmp 0xfffbbd89

loc_fffbbc78:  ; not directly referenced
cmp dword [ebp - 0x280], 0
je short loc_fffbbcde  ; je 0xfffbbcde
mov eax, dword [ebp + 8]
mov edx, esi
call fcn_fffa6bf0  ; call 0xfffa6bf0
test eax, eax
je loc_fffbcc99  ; je 0xfffbcc99
movzx ecx, byte [eax]
sub esp, 0xc
mov ax, word [edi + 8]
mov edx, dword [ebp + 8]
push eax
lea eax, [ebp - 0x26a]
call fcn_fffa6c59  ; call 0xfffa6c59
mov ebx, dword [ebp - 0x278]
pop eax
movzx eax, word [ebp - 0x26a]
pop edx
mov edx, esi
mov ecx, ebx
push eax
mov eax, dword [ebp + 8]
push 5
call fcn_fffa96cb  ; call 0xfffa96cb
mov ax, word [edi]
pop ecx
mov ecx, ebx
pop edx
or al, 0x80
movzx eax, ax
push eax
push 1
jmp near loc_fffbbd7f  ; jmp 0xfffbbd7f

loc_fffbbcde:  ; not directly referenced
mov ecx, dword [ebp - 0x2a8]
mov edx, esi
mov eax, dword [ebp + 8]
mov bx, word [edi]
call fcn_fffa6998  ; call 0xfffa6998
or bl, 0x80
mov dword [ebp - 0x288], eax
test eax, eax
je loc_fffbcc99  ; je 0xfffbcc99
mov eax, dword [ebp - 0x284]
cmp eax, 0x306d0
sete dl
cmp eax, 0x40650
sete al
or dl, al
je short loc_fffbbd41  ; je 0xfffbbd41
mov eax, dword [ebp - 0x288]
sub esp, 0xc
mov edx, dword [ebp + 8]
movzx ecx, byte [eax]
lea eax, [ebp - 0x26a]
push ebx
call fcn_fffa6b7f  ; call 0xfffa6b7f
mov bx, word [ebp - 0x26a]
add esp, 0x10

loc_fffbbd41:  ; not directly referenced
mov eax, dword [ebp - 0x274]
cmp dword [eax], 2
jne short loc_fffbbd71  ; jne 0xfffbbd71
mov eax, dword [ebp - 0x288]
sub esp, 0xc
mov edx, dword [ebp + 8]
movzx ecx, byte [eax]
lea eax, [ebp - 0x26a]
push ebx
call fcn_fffa6b7f  ; call 0xfffa6b7f
mov bx, word [ebp - 0x26a]
add esp, 0x10

loc_fffbbd71:  ; not directly referenced
mov ecx, dword [ebp - 0x278]
movzx ebx, bx
push eax
push eax
push ebx
push 1

loc_fffbbd7f:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, esi
call fcn_fffa96cb  ; call 0xfffa96cb

loc_fffbbd89:  ; not directly referenced
mov eax, dword [ebp - 0x274]
add esp, 0x10
mov bl, byte [ebp - 0x28c]
cmp dword [eax], 2
mov al, byte [ebp - 0x29c]
cmove ebx, eax
xor ecx, ecx
cmp dword [ebp - 0x27c], 0
je short loc_fffbbdb6  ; je 0xfffbbdb6
mov ecx, 0x10001
jmp short loc_fffbbde7  ; jmp 0xfffbbde7

loc_fffbbdb6:  ; not directly referenced
mov eax, dword [ebp - 0x284]
cmp eax, 0x40660
sete dl
cmp eax, 0x306c0
sete al
or dl, al
jne short loc_fffbbddc  ; jne 0xfffbbddc
cmp dword [ebp - 0x284], 0x40670
jne short loc_fffbbde7  ; jne 0xfffbbde7

loc_fffbbddc:  ; not directly referenced
mov ecx, ebx
and ecx, 0xf
shl ecx, 0x10
or ecx, 0xf

loc_fffbbde7:  ; not directly referenced
cmp dword [ebp - 0x280], 0
jne short loc_fffbbe03  ; jne 0xfffbbe03
mov eax, dword [ebp + 8]
mov edx, esi
shl edx, 0xa
add edx, 0x4194
call fcn_fffb3381  ; call 0xfffb3381

loc_fffbbe03:  ; not directly referenced
inc esi
add edi, 0x13c3
add dword [ebp - 0x274], 0x13c3
cmp esi, 2
jne loc_fffbbc30  ; jne 0xfffbbc30
mov eax, dword [ebp - 0x270]
mov si, 0xc0
and eax, 3
mov dword [ebp - 0x29c], eax
shl dword [ebp - 0x29c], 0x16

loc_fffbbe37:  ; not directly referenced
mov dword [ebp - 0x274], 0

loc_fffbbe41:  ; not directly referenced
imul eax, dword [ebp - 0x274], 0x13c3
mov edi, dword [ebp + 8]
mov bl, byte [ebp - 0x290]
test byte [edi + eax + 0x381b], bl
jne short loc_fffbbe71  ; jne 0xfffbbe71

loc_fffbbe5d:  ; not directly referenced
inc dword [ebp - 0x274]
cmp dword [ebp - 0x274], 2
jne short loc_fffbbe41  ; jne 0xfffbbe41
jmp near loc_fffbbef6  ; jmp 0xfffbbef6

loc_fffbbe71:  ; not directly referenced
imul eax, dword [ebp - 0x274], 0xcc
mov edi, dword [ebp - 0x294]
mov byte [ebp - 0x288], 0
mov ebx, dword [edi + eax + 0x1c]
and ebx, 0xff0fff7d
or ebx, 0x200082
or ebx, dword [ebp - 0x29c]

loc_fffbbe9e:  ; not directly referenced
mov edi, dword [ebp + 8]
mov al, byte [ebp - 0x288]
cmp al, byte [edi + 0x2489]
jae short loc_fffbbe5d  ; jae 0xfffbbe5d
movzx edi, byte [ebp - 0x288]
mov ecx, dword [ebp - 0x270]
push eax
mov edx, dword [ebp - 0x274]
mov eax, dword [ebp + 8]
push esi
push 1
push edi
call fcn_fffa735e  ; call 0xfffa735e
mov edx, dword [ebp - 0x274]
mov ecx, edi
mov eax, dword [ebp + 8]
call fcn_fffa7236  ; call 0xfffa7236
mov ecx, ebx
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
add esp, 0x10
inc byte [ebp - 0x288]
jmp short loc_fffbbe9e  ; jmp 0xfffbbe9e

loc_fffbbef6:  ; not directly referenced
mov word [ebp - 0x2a8], si
cmp si, 0xc0
jne short loc_fffbbf12  ; jne 0xfffbbf12
mov edx, dword [ebp - 0x298]
mov eax, dword [ebp + 8]
call fcn_fffa82f9  ; call 0xfffa82f9

loc_fffbbf12:  ; not directly referenced
mov eax, dword [ebp + 8]
call fcn_fffaa4a9  ; call 0xfffaa4a9
mov eax, dword [ebp + 8]
mov edx, dword [ebp - 0x298]
call fcn_fffa82f9  ; call 0xfffa82f9
lea eax, [esi - 2]
mov dword [ebp - 0x274], 0
mov dword [ebp - 0x28c], eax

loc_fffbbf3b:  ; not directly referenced
imul eax, dword [ebp - 0x274], 0x13c3
mov edi, dword [ebp + 8]
mov bl, byte [ebp - 0x290]
test byte [edi + eax + 0x381b], bl
je loc_fffbc00c  ; je 0xfffbc00c
mov byte [ebp - 0x288], 0
imul edi, dword [ebp - 0x274], 9
jmp near loc_fffbbff7  ; jmp 0xfffbbff7

loc_fffbbf6e:  ; not directly referenced
movzx ebx, byte [ebp - 0x288]
mov edx, dword [ebp - 0x274]
mov eax, dword [ebp + 8]
mov ecx, ebx
call fcn_fffa75c5  ; call 0xfffa75c5
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb331f  ; call 0xfffb331f
and eax, 0x1ff
cmp eax, 0xf
setg al
cmp word [ebp - 0x2a8], 0xc0
movzx eax, al
jne loc_fffbc065  ; jne 0xfffbc065
add ebx, edi
test eax, eax
je short loc_fffbc024  ; je 0xfffbc024
mov dword [ebp + ebx*4 - 0x180], 0xc0
mov dword [ebp + ebx*4 - 0x1c8], 0xc0
mov dword [ebp + ebx*4 - 0xf0], 0xc0
mov dword [ebp + ebx*4 - 0x138], 0xc0
mov dword [ebp + ebx*4 - 0x60], 0xc0
mov dword [ebp + ebx*4 - 0xa8], 0xc0

loc_fffbbff1:  ; not directly referenced
inc byte [ebp - 0x288]

loc_fffbbff7:  ; not directly referenced
mov ebx, dword [ebp + 8]
mov al, byte [ebp - 0x288]
cmp al, byte [ebx + 0x2489]
jb loc_fffbbf6e  ; jb 0xfffbbf6e

loc_fffbc00c:  ; not directly referenced
inc dword [ebp - 0x274]
cmp dword [ebp - 0x274], 2
jne loc_fffbbf3b  ; jne 0xfffbbf3b
jmp near loc_fffbc110  ; jmp 0xfffbc110

loc_fffbc024:  ; not directly referenced
mov dword [ebp + ebx*4 - 0x180], 0xfffffffe
mov dword [ebp + ebx*4 - 0x1c8], 0xfffffffe
mov dword [ebp + ebx*4 - 0xf0], 0xfffffffe
mov dword [ebp + ebx*4 - 0x138], 0xfffffffe
mov dword [ebp + ebx*4 - 0x60], 0xfffffffe
mov dword [ebp + ebx*4 - 0xa8], 0xfffffffe
jmp short loc_fffbbff1  ; jmp 0xfffbbff1

loc_fffbc065:  ; not directly referenced
test eax, eax
je short loc_fffbbff1  ; je 0xfffbbff1
lea eax, [edi + ebx]
mov ecx, dword [ebp - 0x28c]
cmp dword [ebp + eax*4 - 0x180], ecx
jne short loc_fffbc082  ; jne 0xfffbc082
mov dword [ebp + eax*4 - 0x180], esi

loc_fffbc082:  ; not directly referenced
lea eax, [edi + ebx]
mov ecx, dword [ebp - 0x28c]
cmp dword [ebp + eax*4 - 0xf0], ecx
mov dword [ebp + eax*4 - 0xf0], esi
je short loc_fffbc0a2  ; je 0xfffbc0a2
mov dword [ebp + eax*4 - 0x138], esi

loc_fffbc0a2:  ; not directly referenced
cmp esi, 0x13e
jne short loc_fffbc0ce  ; jne 0xfffbc0ce
lea eax, [edi + ebx]
cmp dword [ebp + eax*4 - 0x1c8], 0xc0
jne short loc_fffbc0ce  ; jne 0xfffbc0ce
mov ecx, dword [ebp + eax*4 - 0x180]
lea edx, [ecx + 0x80]
mov dword [ebp + eax*4 - 0xf0], edx

loc_fffbc0ce:  ; not directly referenced
lea ecx, [edi + ebx]
mov edx, dword [ebp + ecx*4 - 0xf0]
mov ebx, dword [ebp + ecx*4 - 0x138]
mov eax, edx
sub eax, ebx
mov dword [ebp - 0x2b8], eax
mov eax, dword [ebp + ecx*4 - 0x60]
sub eax, dword [ebp + ecx*4 - 0xa8]
cmp dword [ebp - 0x2b8], eax
jle loc_fffbbff1  ; jle 0xfffbbff1
mov dword [ebp + ecx*4 - 0xa8], ebx
mov dword [ebp + ecx*4 - 0x60], edx
jmp near loc_fffbbff1  ; jmp 0xfffbbff1

loc_fffbc110:  ; not directly referenced
add esi, 2
cmp esi, 0x140
jne loc_fffbbe37  ; jne 0xfffbbe37
mov eax, dword [ebp + 8]
mov esi, dword [ebp - 0x2b4]
mov dword [ebp - 0x274], 0
add eax, 0x3757
mov dword [ebp - 0x28c], eax
mov eax, dword [ebp + 8]
lea eax, [eax + esi + 0x49cc]
mov dword [ebp - 0x288], eax
imul eax, dword [ebp - 0x270], 9
mov dword [ebp - 0x2a8], eax

loc_fffbc15a:  ; not directly referenced
mov esi, dword [ebp - 0x28c]
mov al, byte [ebp - 0x290]
test byte [esi + 0xc4], al
jne short loc_fffbc197  ; jne 0xfffbc197

loc_fffbc16e:  ; not directly referenced
inc dword [ebp - 0x274]
add dword [ebp - 0x28c], 0x13c3
add dword [ebp - 0x288], 0x13c3
cmp dword [ebp - 0x274], 2
je loc_fffbbbb5  ; je 0xfffbbbb5
jmp short loc_fffbc15a  ; jmp 0xfffbc15a

loc_fffbc197:  ; not directly referenced
mov eax, dword [ebp - 0x28c]
xor ecx, ecx
mov esi, dword [ebp - 0x2b0]
mov edx, dword [ebp - 0x274]
mov al, byte [eax + esi + 0x1264]
shl edx, 0xa
add edx, 0x4194
mov byte [ebp - 0x29c], al
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
cmp dword [ebp - 0x27c], 0
je short loc_fffbc1f8  ; je 0xfffbc1f8
push eax
mov eax, dword [ebp - 0x288]
push 0
mov ecx, dword [ebp - 0x270]
mov edx, dword [ebp - 0x274]
movzx eax, word [eax - 6]
push eax
mov eax, dword [ebp + 8]
push 2
call fcn_fffacb43  ; call 0xfffacb43
jmp short loc_fffbc21b  ; jmp 0xfffbc21b

loc_fffbc1f8:  ; not directly referenced
push eax
mov ecx, dword [ebp - 0x278]
push eax
mov eax, dword [ebp - 0x288]
mov edx, dword [ebp - 0x274]
movzx eax, word [eax - 8]
push eax
mov eax, dword [ebp + 8]
push 1
call fcn_fffa96cb  ; call 0xfffa96cb

loc_fffbc21b:  ; not directly referenced
add esp, 0x10
cmp dword [ebp - 0x280], 0
je short loc_fffbc24c  ; je 0xfffbc24c
push eax
mov ecx, dword [ebp - 0x278]
push eax
mov eax, dword [ebp - 0x288]
mov edx, dword [ebp - 0x274]
movzx eax, word [eax]
push eax
mov eax, dword [ebp + 8]
push 5
call fcn_fffa96cb  ; call 0xfffa96cb
add esp, 0x10

loc_fffbc24c:  ; not directly referenced
imul esi, dword [ebp - 0x274], 9
xor ebx, ebx

loc_fffbc255:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp bl, byte [eax + 0x2489]
jae loc_fffbc16e  ; jae 0xfffbc16e
movzx eax, bl
lea ecx, [esi + eax]
mov edx, dword [ebp + ecx*4 - 0xa8]
mov ecx, dword [ebp + ecx*4 - 0x60]
sub ecx, edx
sub ecx, 0x21
cmp ecx, 0x3e
jbe short loc_fffbc28f  ; jbe 0xfffbc28f
mov edi, dword [ebp + 8]
cmp byte [edi + 0x1965], 0
jne loc_fffbcca3  ; jne 0xfffbcca3

loc_fffbc28f:  ; not directly referenced
cmp byte [ebp - 0x29c], 0x10
jne short loc_fffbc2e5  ; jne 0xfffbc2e5
test bl, 1
je short loc_fffbc2e5  ; je 0xfffbc2e5
lea ecx, [ebx - 1]
movzx ecx, cl
lea edi, [esi + ecx]
mov edi, dword [ebp + edi*4 - 0xa8]
add edi, 0x40
cmp edx, edi
jle short loc_fffbc2c1  ; jle 0xfffbc2c1
lea edi, [esi + eax]
add edx, 0xffffff80
mov dword [ebp + edi*4 - 0xa8], edx

loc_fffbc2c1:  ; not directly referenced
add ecx, esi
lea edx, [esi + eax]
mov ecx, dword [ebp + ecx*4 - 0xa8]
mov edi, dword [ebp + edx*4 - 0xa8]
sub ecx, 0x40
cmp edi, ecx
jge short loc_fffbc2e5  ; jge 0xfffbc2e5
sub edi, 0xffffff80
mov dword [ebp + edx*4 - 0xa8], edi

loc_fffbc2e5:  ; not directly referenced
cmp dword [ebp - 0x284], 0x40650
jne short loc_fffbc2fc  ; jne 0xfffbc2fc
lea edx, [esi + eax]
add dword [ebp + edx*4 - 0xa8], 0x40

loc_fffbc2fc:  ; not directly referenced
lea edx, [esi + eax]
mov ecx, dword [ebp + edx*4 - 0xa8]
movzx edx, bl
inc ebx
add edx, dword [ebp - 0x2a8]
add edx, edx
add edx, dword [ebp - 0x28c]
mov word [edx + 0x121], cx
add ecx, 0x20
mov word [edx + 0x169], cx
mov ecx, dword [ebp - 0x270]
push edi
mov edx, dword [ebp - 0x274]
push 0
push 0xff
push eax
mov eax, dword [ebp + 8]
call fcn_fffa735e  ; call 0xfffa735e
add esp, 0x10
jmp near loc_fffbc255  ; jmp 0xfffbc255

loc_fffbc34e:  ; not directly referenced
inc ebx
add esi, 0xcc
cmp ebx, 2
je short loc_fffbc3c9  ; je 0xfffbc3c9

loc_fffbc35a:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edi, dword [ebp + 8]
cmp dword [edi + eax + 0x3757], 2
jne short loc_fffbc34e  ; jne 0xfffbc34e
mov eax, dword [ebp + 8]
mov ecx, 0xff
mov edx, ebx
call fcn_fffa7236  ; call 0xfffa7236
mov ecx, dword [esi]
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb38b3  ; call 0xfffb38b3
mov byte [ebp - 0x270], 0

loc_fffbc38f:  ; not directly referenced
mov edi, dword [ebp + 8]
mov al, byte [ebp - 0x270]
cmp al, byte [edi + 0x2489]
jae short loc_fffbc34e  ; jae 0xfffbc34e
movzx edi, byte [ebp - 0x270]
mov edx, ebx
mov eax, dword [ebp + 8]
mov ecx, edi
call fcn_fffa71bc  ; call 0xfffa71bc
mov ecx, dword [esi + edi*4 + 0x28]
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
inc byte [ebp - 0x270]
jmp short loc_fffbc38f  ; jmp 0xfffbc38f

loc_fffbc3c9:  ; not directly referenced
cmp dword [ebp - 0x27c], 0
je loc_fffbc54a  ; je 0xfffbc54a

loc_fffbc3d6:  ; not directly referenced
mov esi, dword [ebp + 8]
lea edi, [ebp - 0x1f4]
mov ecx, 0xb
mov al, byte [ebp - 0x2a4]
mov byte [ebp - 0x25f], 0
mov byte [ebp - 0x25e], 1
mov byte [ebp - 0x25d], 0xff
mov byte [esi + 0x247c], al
xor eax, eax
mov esi, ref_fffd5394  ; mov esi, 0xfffd5394
rep stosd  ; rep stosd dword es:[edi], eax
lea edi, [ebp - 0x25a]
mov eax, dword [ebp + 8]
mov word [ebp - 0x1e6], 0x3ff
mov word [ebp - 0x1ca], 1
mov byte [ebp - 0x25c], 2
mov ebx, dword [eax + 0x2444]
lea eax, [ebp - 0x243]
mov byte [ebp - 0x25b], 3
mov cl, 7
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
lea edi, [ebp - 0x253]
mov esi, ref_fffd539c  ; mov esi, 0xfffd539c
mov byte [ebp - 0x243], 0
mov byte [ebp - 0x242], 0
mov byte [ebp - 0x241], 1
mov byte [ebp - 0x240], 1
mov byte [ebp - 0x23f], 1
mov cl, 7
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
lea edi, [ebp - 0x220]
mov esi, ref_fffd53a4  ; mov esi, 0xfffd53a4
mov byte [ebp - 0x23e], 1
mov byte [ebp - 0x23d], 0
mov byte [ebp - 0x23c], 0
mov byte [ebp - 0x23b], 0
mov byte [ebp - 0x23a], 0xff
mov cl, 3
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea edi, [ebp - 0x214]
mov esi, ref_fffd53b0  ; mov esi, 0xfffd53b0
mov byte [ebp - 0x239], 0xff
mov byte [ebp - 0x238], 0
mov cl, 3
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea edi, [ebp - 0x233]
mov byte [ebp - 0x237], 0xc3
mov byte [ebp - 0x236], 0x3c
mov byte [ebp - 0x235], 0x3c
mov byte [ebp - 0x234], 0xc3
mov word [ebp - 0x22b], 1
push esi
push 8
push eax
push edi
lea esi, [ebp - 0x23b]
mov dword [ebp - 0x229], 0
mov dword [ebp - 0x225], 3
mov byte [ebp - 0x221], 0
call dword [ebx + 0x58]  ; ucall
add esp, 0xc
push 0
push 8
lea eax, [ebp - 0x24c]
push eax
call dword [ebx + 0x5c]  ; ucall
mov eax, dword [ebp + 8]
add esp, 0x10
cmp dword [eax + 0x2481], 3
sete al
xor ebx, ebx
movzx eax, al
mov dword [ebp - 0x2a4], eax
jmp short loc_fffbc56f  ; jmp 0xfffbc56f

loc_fffbc54a:  ; not directly referenced
cmp dword [ebp - 0x280], 0
mov eax, dword [ebp + 8]
je short loc_fffbc55d  ; je 0xfffbc55d
call fcn_fffad6b6  ; call 0xfffad6b6
jmp short loc_fffbc562  ; jmp 0xfffbc562

loc_fffbc55d:  ; not directly referenced
call fcn_fffaddc7  ; call 0xfffaddc7

loc_fffbc562:  ; not directly referenced
test eax, eax
je loc_fffbc3d6  ; je 0xfffbc3d6
jmp near loc_fffbcda7  ; jmp 0xfffbcda7

loc_fffbc56f:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, esi
add esi, 2
push ecx
push ecx
mov ecx, edi
push ebx
inc ebx
push 8
call fcn_fffa8181  ; call 0xfffa8181
add esp, 0x10
cmp ebx, 4
jne short loc_fffbc56f  ; jne 0xfffbc56f
mov eax, dword [ebp + 8]
lea edx, [ebp - 0x220]
call fcn_fffa660c  ; call 0xfffa660c
mov eax, dword [ebp + 8]
mov al, byte [eax + 0x248e]
mov byte [ebp - 0x2b8], al
mov eax, dword [ebp + 8]
movzx ecx, byte [eax + 0x2489]
mov eax, 1
shl eax, cl
xor ecx, ecx
dec eax
mov word [ebp - 0x2a8], ax
mov eax, dword [ebp + 8]
movzx edx, byte [eax + 0x248f]
lea eax, [ebp - 0x22b]
push 0
push 0
push 0
push eax
push 0
lea eax, [ebp - 0x1f4]
push eax
mov eax, dword [ebp + 8]
push 4
push 2
call fcn_fffae425  ; call 0xfffae425
mov eax, dword [ebp + 8]
add esp, 0x20
cmp dword [eax + 0x3757], 2
jne short loc_fffbc60e  ; jne 0xfffbc60e
mov ecx, 0x8049
mov edx, 0x4040
call fcn_fffb3381  ; call 0xfffb3381

loc_fffbc60e:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x4b1a], 2
jne short loc_fffbc629  ; jne 0xfffbc629
mov ecx, 0x8049
mov edx, 0x4440
call fcn_fffb3381  ; call 0xfffb3381

loc_fffbc629:  ; not directly referenced
mov eax, dword [ebp + 8]
lea esi, [ebp - 0x24c]
mov dword [ebp - 0x278], 0
add eax, 0x3757
mov dword [ebp - 0x2ac], eax
mov dword [ebp - 0x2b0], eax

loc_fffbc64d:  ; not directly referenced
mov cl, byte [ebp - 0x278]
xor edx, edx
mov dword [ebp - 0x27c], 1
mov eax, dword [ebp + 8]
shl dword [ebp - 0x27c], cl
mov edi, dword [ebp - 0x27c]
mov ecx, edi
call fcn_fffad317  ; call 0xfffad317
mov ecx, edi
mov edx, 1
mov byte [ebp - 0x266], 0
mov word [ebp - 0x264], 0
mov bl, al
mov eax, dword [ebp + 8]
call fcn_fffad317  ; call 0xfffad317
mov byte [ebp - 0x265], 0
mov word [ebp - 0x262], 0
or eax, ebx
mov ebx, edi
test byte [ebp - 0x2b8], bl
je loc_fffbc953  ; je 0xfffbc953
mov edx, dword [ebp - 0x278]
movzx eax, al
mov dword [ebp - 0x274], 3
mov dword [ebp - 0x290], 2
mov dword [ebp - 0x2bc], eax
mov edi, edx
add edi, edx
mov ecx, edi
mov dword [ebp - 0x2b4], edi
lea edi, [ebp - 0x25f]
mov dword [ebp - 0x284], edi
mov edi, edx
and edx, 1
imul ebx, edx, 0x18
mov edx, edi
shr dl, 1
movzx edx, dl
shl dword [ebp - 0x274], cl
not dword [ebp - 0x274]
shl dword [ebp - 0x290], cl
lea edi, [edi + edi*8]
mov dword [ebp - 0x29c], ebx
imul ebx, edx, 0x128
mov dword [ebp - 0x28c], edi
mov dword [ebp - 0x298], ebx

loc_fffbc72d:  ; not directly referenced
mov eax, dword [ebp - 0x2ac]
xor ebx, ebx
mov dword [ebp - 0x280], eax

loc_fffbc73b:  ; not directly referenced
mov edi, dword [ebp - 0x280]
mov al, byte [ebp - 0x27c]
test byte [edi + 0xc4], al
jne loc_fffbc9c1  ; jne 0xfffbc9c1

loc_fffbc753:  ; not directly referenced
inc ebx
add dword [ebp - 0x280], 0x13c3
cmp ebx, 2
jne short loc_fffbc73b  ; jne 0xfffbc73b
mov al, byte [ebp - 0x27c]
cmp dword [ebp - 0x2a4], 0
mov byte [ebp - 0x294], al
jne short loc_fffbc7e2  ; jne 0xfffbc7e2
mov eax, dword [ebp + 8]
xor bl, bl
call fcn_fffaa4a9  ; call 0xfffaa4a9
mov eax, dword [ebp + 8]
lea edi, [eax + 0x381b]

loc_fffbc78b:  ; not directly referenced
mov al, byte [ebp - 0x294]
test byte [edi], al
je short loc_fffbc7c9  ; je 0xfffbc7c9
push eax
mov ecx, dword [ebp - 0x298]
mov edx, ebx
push eax
mov eax, dword [ebp - 0x29c]
add eax, edi
mov ax, word [eax + ecx + 0x11a7]
mov ecx, dword [ebp - 0x27c]
or ah, 1
movzx eax, ax
push eax
mov eax, dword [ebp + 8]
push 0
call fcn_fffa96cb  ; call 0xfffa96cb
add esp, 0x10

loc_fffbc7c9:  ; not directly referenced
inc ebx
add edi, 0x13c3
cmp ebx, 2
jne short loc_fffbc78b  ; jne 0xfffbc78b
mov eax, dword [ebp + 8]
mov edx, 0xf
call fcn_fffa82f9  ; call 0xfffa82f9

loc_fffbc7e2:  ; not directly referenced
lea edi, [ebp - 0x253]

loc_fffbc7e8:  ; not directly referenced
push 0
xor ebx, ebx
push 0
push 0
push 0
push 0
push dword [ebp - 0x278]
push 0
push 1
push 0
movsx eax, byte [edi]
push eax
push 2
push dword [ebp + 8]
call fcn_fffcd268  ; call 0xfffcd268
add esp, 0x2c
mov edx, dword [ebp - 0x2bc]
push 0
xor ecx, ecx
push 1
lea eax, [ebp - 0x25a]
push eax
mov eax, dword [ebp + 8]
call fcn_fffaa5b3  ; call 0xfffaa5b3
lea eax, [ebp - 0x206]
add esp, 0x10
mov dword [ebp - 0x288], eax
mov dword [ebp - 0x280], 1

loc_fffbc845:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edx, dword [ebp + 8]
mov cl, byte [ebp - 0x294]
test byte [edx + eax + 0x381b], cl
je short loc_fffbc8c9  ; je 0xfffbc8c9
mov eax, dword [ebp + 8]
mov edx, ebx
shl edx, 0xa
add edx, 0x40ec
call fcn_fffb331f  ; call 0xfffb331f
mov ecx, dword [ebp + 8]
and eax, dword [ebp - 0x2a8]
mov cl, byte [ecx + 0x2489]
mov word [ebp - 0x270], ax
mov ax, word [ebp + ebx*2 - 0x264]
or word [ebp - 0x270], ax
mov byte [ebp - 0x2a0], cl
xor ecx, ecx

loc_fffbc89d:  ; not directly referenced
cmp byte [ebp - 0x2a0], cl
ja loc_fffbcae4  ; ja 0xfffbcae4
mov eax, dword [ebp - 0x2a8]
cmp word [ebp + ebx*2 - 0x264], ax
mov eax, 0
cmove eax, dword [ebp - 0x280]
mov dword [ebp - 0x280], eax

loc_fffbc8c9:  ; not directly referenced
inc ebx
add dword [ebp - 0x288], 9
cmp ebx, 2
jne loc_fffbc845  ; jne 0xfffbc845
cmp dword [ebp - 0x280], 1
jne loc_fffbcb1a  ; jne 0xfffbcb1a

loc_fffbc8e7:  ; not directly referenced
lea eax, [ebp - 0x206]
xor edi, edi
mov dword [ebp - 0x2a0], eax
mov eax, dword [ebp - 0x2b0]
mov dword [ebp - 0x28c], eax
mov eax, dword [ebp - 0x2ac]
mov dword [ebp - 0x288], eax
imul eax, dword [ebp - 0x278], 9
mov dword [ebp - 0x2c8], eax

loc_fffbc91a:  ; not directly referenced
mov ebx, dword [ebp - 0x288]
mov al, byte [ebp - 0x294]
test byte [ebx + 0xc4], al
jne loc_fffbcb4a  ; jne 0xfffbcb4a

loc_fffbc932:  ; not directly referenced
inc edi
add dword [ebp - 0x288], 0x13c3
add dword [ebp - 0x28c], 0x13c3
add dword [ebp - 0x2a0], 9
cmp edi, 2
jne short loc_fffbc91a  ; jne 0xfffbc91a

loc_fffbc953:  ; not directly referenced
inc dword [ebp - 0x278]
add dword [ebp - 0x2b0], 0x12
cmp dword [ebp - 0x278], 4
jne loc_fffbc64d  ; jne 0xfffbc64d
push eax
mov ecx, 0x1010101
push eax
mov eax, dword [ebp + 8]
xor edx, edx
push 0
push 8
call fcn_fffa7f8c  ; call 0xfffa7f8c
mov eax, dword [ebp + 8]
lea edx, [ebp - 0x214]
call fcn_fffa660c  ; call 0xfffa660c
mov eax, dword [ebp + 8]
add esp, 0x10
mov edx, 0x3670
cmp dword [eax + 0x188b], 1
mov eax, 0x367c
cmove edx, eax
mov eax, dword [ebp + 8]
xor ecx, ecx
call fcn_fffb38b3  ; call 0xfffb38b3
mov eax, dword [ebp + 8]
call fcn_fffaa4a9  ; call 0xfffaa4a9
jmp near loc_fffbcda7  ; jmp 0xfffbcda7

loc_fffbc9c1:  ; not directly referenced
mov eax, dword [ebp - 0x284]
movsx eax, byte [eax]
cmp al, 2
jle short loc_fffbc9ef  ; jle 0xfffbc9ef
mov edx, dword [ebp - 0x274]
sub eax, 2
and edx, dword [esi + ebx*4]
or edx, dword [ebp - 0x290]
shl eax, 7
mov word [ebp - 0x270], ax
mov dword [esi + ebx*4], edx
jmp short loc_fffbca2c  ; jmp 0xfffbca2c

loc_fffbc9ef:  ; not directly referenced
test al, al
jns short loc_fffbca0d  ; jns 0xfffbca0d
mov edi, dword [ebp - 0x274]
mov word [ebp - 0x270], ax
and dword [esi + ebx*4], edi
shl word [ebp - 0x270], 7
jmp short loc_fffbca2c  ; jmp 0xfffbca2c

loc_fffbca0d:  ; not directly referenced
mov cl, byte [ebp - 0x2b4]
mov edx, dword [ebp - 0x274]
and edx, dword [esi + ebx*4]
mov word [ebp - 0x270], 0
shl eax, cl
or edx, eax
mov dword [esi + ebx*4], edx

loc_fffbca2c:  ; not directly referenced
mov eax, dword [ebp - 0x280]
add eax, dword [ebp - 0x28c]
mov byte [ebp - 0x288], 0
mov dword [ebp - 0x294], eax

loc_fffbca45:  ; not directly referenced
mov edi, dword [ebp + 8]
mov al, byte [ebp - 0x288]
cmp al, byte [edi + 0x2489]
jae short loc_fffbcaca  ; jae 0xfffbcaca
movzx ecx, byte [ebp - 0x288]
mov eax, dword [ebp - 0x28c]
mov edi, dword [ebp - 0x280]
mov edx, dword [ebp - 0x294]
lea eax, [ecx + eax + 0x90]
movzx edi, word [edi + eax*2 + 1]
movsx eax, word [ebp - 0x270]
movzx edx, byte [ecx + edx + 0x24d]
add edi, eax
lea eax, [edi + 0x20]
and edi, 0x1ff
and eax, 0x1ff
and edx, 0x3f
shl edi, 9
shl edx, 0x14
or eax, edi
or eax, edx
push edx
mov edx, ebx
push eax
mov eax, dword [ebp + 8]
push 3
push ecx
mov ecx, dword [ebp - 0x278]
call fcn_fffa735e  ; call 0xfffa735e
add esp, 0x10
inc byte [ebp - 0x288]
jmp near loc_fffbca45  ; jmp 0xfffbca45

loc_fffbcaca:  ; not directly referenced
mov ecx, dword [esi + ebx*4]
mov edx, ebx
mov eax, edi
shl edx, 0xa
add edx, 0x40d0
call fcn_fffb3381  ; call 0xfffb3381
jmp near loc_fffbc753  ; jmp 0xfffbc753

loc_fffbcae4:  ; not directly referenced
mov edx, 1
shl edx, cl
test word [ebp - 0x270], dx
jne short loc_fffbcb14  ; jne 0xfffbcb14
or word [ebp + ebx*2 - 0x264], dx
mov edx, dword [ebp - 0x284]
mov eax, dword [ebp - 0x288]
mov dl, byte [edx]
add byte [ebp + ebx - 0x266], dl
mov byte [eax + ecx], dl

loc_fffbcb14:  ; not directly referenced
inc ecx
jmp near loc_fffbc89d  ; jmp 0xfffbc89d

loc_fffbcb1a:  ; not directly referenced
inc edi
cmp edi, esi
jne loc_fffbc7e8  ; jne 0xfffbc7e8
inc dword [ebp - 0x284]
lea eax, [ebp - 0x25a]
cmp dword [ebp - 0x284], eax
jne loc_fffbc72d  ; jne 0xfffbc72d
mov dword [ebp - 0x280], 0
jmp near loc_fffbc8e7  ; jmp 0xfffbc8e7

loc_fffbcb4a:  ; not directly referenced
cmp dword [ebp - 0x280], 0
jne short loc_fffbcb63  ; jne 0xfffbcb63
mov eax, dword [ebp + 8]
cmp byte [eax + 0x1965], 0
jne loc_fffbcca3  ; jne 0xfffbcca3

loc_fffbcb63:  ; not directly referenced
mov eax, dword [ebp + 8]
mov al, byte [eax + 0x2489]
mov bl, al
mov byte [ebp - 0x2bc], al
movsx eax, byte [ebp + edi - 0x266]
mov dl, bl
shr dl, 1
movsx ecx, bl
movzx edx, dl
xor ebx, ebx
add eax, edx
cdq
idiv ecx
mov byte [ebp - 0x270], al

loc_fffbcb93:  ; not directly referenced
cmp byte [ebp - 0x270], 2
jle short loc_fffbcbc4  ; jle 0xfffbcbc4
mov eax, dword [ebp - 0x274]
and eax, dword [esi + edi*4]
or eax, dword [ebp - 0x290]
mov dword [esi + edi*4], eax
movsx eax, byte [ebp - 0x270]
sub eax, 2
shl eax, 7
mov word [ebp - 0x284], ax
jmp short loc_fffbcc15  ; jmp 0xfffbcc15

loc_fffbcbc4:  ; not directly referenced
cmp byte [ebp - 0x270], 0
jns short loc_fffbcbef  ; jns 0xfffbcbef
mov eax, dword [ebp - 0x274]
and dword [esi + edi*4], eax
movsx ax, byte [ebp - 0x270]
mov word [ebp - 0x284], ax
shl word [ebp - 0x284], 7
jmp short loc_fffbcc15  ; jmp 0xfffbcc15

loc_fffbcbef:  ; not directly referenced
movsx eax, byte [ebp - 0x270]
mov cl, byte [ebp - 0x2b4]
mov edx, dword [ebp - 0x274]
and edx, dword [esi + edi*4]
mov word [ebp - 0x284], 0
shl eax, cl
or eax, edx
mov dword [esi + edi*4], eax

loc_fffbcc15:  ; not directly referenced
movsx ecx, word [ebp - 0x284]
xor eax, eax
movsx edx, byte [ebp - 0x270]
mov dword [ebp - 0x2c0], ecx
mov dword [ebp - 0x2c4], edx

loc_fffbcc31:  ; not directly referenced
cmp byte [ebp - 0x2bc], al
jbe short loc_fffbccad  ; jbe 0xfffbccad
mov edx, dword [ebp - 0x2a0]
mov ecx, dword [ebp - 0x28c]
movsx edx, byte [edx + eax]
sub edx, dword [ebp - 0x2c4]
movzx ecx, word [ecx + eax*2 + 0x169]
shl edx, 7
add edx, dword [ebp - 0x2c0]
add ecx, edx
cmp ecx, 0x1bf
jle short loc_fffbcc73  ; jle 0xfffbcc73
inc ebx
inc byte [ebp - 0x270]
jmp short loc_fffbcc90  ; jmp 0xfffbcc90

loc_fffbcc73:  ; not directly referenced
mov ecx, dword [ebp - 0x28c]
movzx ecx, word [ecx + eax*2 + 0x121]
inc eax
add edx, ecx
cmp edx, 0x5f
jg short loc_fffbcc31  ; jg 0xfffbcc31
dec byte [ebp - 0x270]
inc ebx

loc_fffbcc90:  ; not directly referenced
cmp bl, 3
jbe loc_fffbcb93  ; jbe 0xfffbcb93

loc_fffbcc99:  ; not directly referenced
mov eax, 1
jmp near loc_fffbcda7  ; jmp 0xfffbcda7

loc_fffbcca3:  ; not directly referenced
mov eax, 8
jmp near loc_fffbcda7  ; jmp 0xfffbcda7

loc_fffbccad:  ; not directly referenced
cmp bl, 3
ja short loc_fffbcc99  ; ja 0xfffbcc99
lea eax, [edi + edi*8]
xor ebx, ebx
lea ecx, [ebp - 0x18]
add eax, ecx
mov dword [ebp - 0x2c0], eax

loc_fffbccc2:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp bl, byte [eax + 0x2489]
jae short loc_fffbcd3d  ; jae 0xfffbcd3d
mov eax, dword [ebp - 0x2c8]
movzx ecx, bl
inc ebx
lea edx, [ecx + eax]
mov eax, dword [ebp - 0x2c0]
add edx, edx
add edx, dword [ebp - 0x288]
movsx eax, byte [ecx + eax - 0x1ee]
mov dword [ebp - 0x2bc], edx
movsx edx, byte [ebp - 0x270]
sub eax, edx
movsx edx, word [ebp - 0x284]
shl eax, 7
add eax, edx
mov edx, dword [ebp - 0x2bc]
add word [edx + 0x169], ax
add word [edx + 0x121], ax
mov edx, edi
push eax
mov eax, dword [ebp + 8]
push 0
push 0xff
push ecx
mov ecx, dword [ebp - 0x278]
call fcn_fffa735e  ; call 0xfffa735e
add esp, 0x10
jmp short loc_fffbccc2  ; jmp 0xfffbccc2

loc_fffbcd3d:  ; not directly referenced
mov ecx, dword [esi + edi*4]
mov edx, edi
shl edx, 0xa
add edx, 0x40d0
call fcn_fffb3381  ; call 0xfffb3381
cmp dword [ebp - 0x2a4], 0
jne loc_fffbc932  ; jne 0xfffbc932
mov eax, dword [ebp - 0x288]
mov ebx, dword [ebp - 0x298]
add eax, dword [ebp - 0x29c]
push edx
mov ecx, dword [ebp - 0x27c]
push edx
mov edx, edi
mov ax, word [eax + ebx + 0x126b]
or ah, 1
movzx eax, ax
push eax
mov eax, dword [ebp + 8]
push 0
call fcn_fffa96cb  ; call 0xfffa96cb
mov eax, dword [ebp + 8]
mov edx, 0xf
call fcn_fffa82f9  ; call 0xfffa82f9
add esp, 0x10
jmp near loc_fffbc932  ; jmp 0xfffbc932

loc_fffbcda7:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffbcdaf:  ; not directly referenced
push ebp
mov ecx, 3
mov ebp, esp
push edi
push esi
mov esi, ref_fffd53a4  ; mov esi, 0xfffd53a4
push ebx
sub esp, 0x13c0
mov eax, dword [ebp + 8]
lea edi, [ebp - 0x1360]
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea edi, [ebp - 0x1354]
mov esi, ref_fffd53b0  ; mov esi, 0xfffd53b0
mov byte [ebp - 0x1362], 0
mov eax, dword [eax + 0x5edd]
mov dword [ebp - 0x1384], eax
mov eax, dword [ebp + 8]
mov cl, 3
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov eax, dword [eax + 0x2444]
mov edi, eax
mov dword [ebp - 0x1394], eax
mov eax, dword [ebp + 8]
mov edx, dword [eax + 0x2481]
xor eax, eax
cmp edx, 1
sete al
mov dword [ebp - 0x1398], eax
xor eax, eax
cmp edx, 2
sete al
cmp edx, 3
mov dword [ebp - 0x1370], eax
mov dl, 0xaa
mov al, 0x55
cmovne eax, edx
xor ebx, ebx
mov byte [ebp - 0x1363], al
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x188b]
push 1
push 1
mov dword [ebp - 0x139c], eax
lea eax, [ebp - 0x1361]
push eax
mov eax, edi
call dword [eax + 0x5c]  ; ucall
add esp, 0x10

loc_fffbce5c:  ; not directly referenced
push eax
push eax
mov eax, dword [ebp + 8]
push ebx
inc ebx
push 1
lea ecx, [ebp - 0x1362]
lea edx, [ebp - 0x1363]
call fcn_fffa8181  ; call 0xfffa8181
add esp, 0x10
cmp ebx, 4
jne short loc_fffbce5c  ; jne 0xfffbce5c
mov eax, dword [ebp + 8]
lea edx, [ebp - 0x1360]
xor esi, esi
call fcn_fffa660c  ; call 0xfffa660c
mov eax, dword [ebp + 8]
mov al, byte [eax + 0x248f]
mov byte [ebp - 0x1374], al
mov eax, dword [ebp + 8]
mov al, byte [eax + 0x248e]
mov byte [ebp - 0x1375], al
mov eax, dword [ebp + 8]
add eax, 0x3757
mov dword [ebp - 0x1388], eax
mov edi, eax

loc_fffbcebc:  ; not directly referenced
cmp dword [edi], 2
jne loc_fffbcfc9  ; jne 0xfffbcfc9
cmp dword [ebp - 0x139c], 1
jne short loc_fffbcf0a  ; jne 0xfffbcf0a
mov eax, dword [ebp + 8]
mov ecx, 0xff
mov edx, esi
call fcn_fffa7236  ; call 0xfffa7236
imul edx, esi, 0xcc
mov ecx, dword [ebp - 0x1384]
mov ecx, dword [ecx + edx + 0x1c]
mov edx, eax
mov eax, dword [ebp + 8]
or ecx, 0x40000000
call fcn_fffb38b3  ; call 0xfffb38b3
mov eax, dword [ebp + 8]
mov edx, 1
call fcn_fffa82f9  ; call 0xfffa82f9

loc_fffbcf0a:  ; not directly referenced
xor ebx, ebx

loc_fffbcf0c:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp bl, byte [eax + 0x2489]
jae short loc_fffbcf6f  ; jae 0xfffbcf6f
movzx eax, bl
mov dword [ebp - 0x136c], 0
mov dword [ebp - 0x137c], eax

loc_fffbcf2a:  ; not directly referenced
mov cl, byte [ebp - 0x136c]
mov eax, 1
shl eax, cl
test byte [edi + 0xc4], al
je short loc_fffbcf5d  ; je 0xfffbcf5d
push eax
mov ecx, dword [ebp - 0x136c]
mov edx, esi
push 0x20
mov eax, dword [ebp + 8]
push 5
push dword [ebp - 0x137c]
call fcn_fffa7447  ; call 0xfffa7447
add esp, 0x10

loc_fffbcf5d:  ; not directly referenced
inc dword [ebp - 0x136c]
cmp dword [ebp - 0x136c], 4
jne short loc_fffbcf2a  ; jne 0xfffbcf2a
inc ebx
jmp short loc_fffbcf0c  ; jmp 0xfffbcf0c

loc_fffbcf6f:  ; not directly referenced
cmp dword [ebp - 0x1370], 0
je short loc_fffbcfb0  ; je 0xfffbcfb0
mov eax, dword [ebp + 8]
lea ebx, [esi*8 + 0x4980]
mov edx, ebx
call fcn_fffb333d  ; call 0xfffb333d
mov dword [ebp + esi*8 - 0x1348], eax
push eax
push eax
mov eax, dword [ebp + 8]
push 0xfb73ea62
push 0xd951c840
mov dword [ebp + esi*8 - 0x1344], edx
mov edx, ebx
call fcn_fffb3506  ; call 0xfffb3506
add esp, 0x10

loc_fffbcfb0:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, esi
shl edx, 0xa
add edx, 0x4020
call fcn_fffb331f  ; call 0xfffb331f
mov dword [ebp - 0x138c], eax

loc_fffbcfc9:  ; not directly referenced
inc esi
add edi, 0x13c3
cmp esi, 2
jne loc_fffbcebc  ; jne 0xfffbcebc
cmp dword [ebp - 0x1370], 0
je short loc_fffbcfff  ; je 0xfffbcfff
or dword [ebp - 0x138c], 0x80
mov edx, 0x4c20
mov ecx, dword [ebp - 0x138c]
mov eax, dword [ebp + 8]
call fcn_fffb38b3  ; call 0xfffb38b3

loc_fffbcfff:  ; not directly referenced
movzx eax, byte [ebp - 0x1374]
mov dword [ebp - 0x13a0], eax
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffaeb5f  ; call 0xfffaeb5f
mov eax, dword [ebp + 8]
cmp dword [eax + 0x3757], 2
jne short loc_fffbd031  ; jne 0xfffbd031
mov ecx, 0x8049
mov edx, 0x4040
call fcn_fffb3381  ; call 0xfffb3381

loc_fffbd031:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x4b1a], 2
jne short loc_fffbd04c  ; jne 0xfffbd04c
mov ecx, 0x8049
mov edx, 0x4440
call fcn_fffb3381  ; call 0xfffb3381

loc_fffbd04c:  ; not directly referenced
movzx eax, byte [ebp - 0x1375]
mov dword [ebp - 0x1374], 0
mov dword [ebp - 0x1380], 0
mov dword [ebp - 0x13c8], eax

loc_fffbd06d:  ; not directly referenced
mov edi, dword [ebp - 0x1374]
mov esi, dword [ebp - 0x13c8]
mov eax, edi
bt esi, edi
mov byte [ebp - 0x13b8], al
jae loc_fffbd5fc  ; jae 0xfffbd5fc
mov dword [ebp - 0x136c], 1
mov ecx, edi
xor ebx, ebx
shl dword [ebp - 0x136c], cl
mov al, byte [ebp - 0x136c]
mov byte [ebp - 0x1375], al
mov eax, edi
mov edi, dword [ebp - 0x1388]
shr al, 1
movzx eax, al
mov dword [ebp - 0x1390], eax
mov eax, dword [ebp - 0x13b8]
and eax, 1
mov dword [ebp - 0x137c], eax

loc_fffbd0cc:  ; not directly referenced
mov ecx, dword [ebp - 0x136c]
mov edx, ebx
mov eax, dword [ebp + 8]
call fcn_fffad317  ; call 0xfffad317
mov al, byte [ebp - 0x1375]
test byte [edi + 0xc4], al
je short loc_fffbd161  ; je 0xfffbd161
cmp dword [ebp - 0x1398], 0
je short loc_fffbd0f9  ; je 0xfffbd0f9
push ecx
push ecx
push 4
jmp short loc_fffbd126  ; jmp 0xfffbd126

loc_fffbd0f9:  ; not directly referenced
cmp dword [ebp - 0x1370], 0
je short loc_fffbd13b  ; je 0xfffbd13b
imul edx, dword [ebp - 0x137c], 0x18
imul eax, dword [ebp - 0x1390], 0x128
add eax, edx
mov ax, word [edi + eax + 0x1271]
push edx
push edx
or eax, 4
movzx eax, ax
push eax

loc_fffbd126:  ; not directly referenced
mov ecx, dword [ebp - 0x136c]
mov edx, ebx
mov eax, dword [ebp + 8]
push 3
call fcn_fffa96cb  ; call 0xfffa96cb
add esp, 0x10

loc_fffbd13b:  ; not directly referenced
mov esi, ebx
mov eax, dword [ebp + 8]
shl esi, 0xa
add esi, 0x4194
mov edx, esi
call fcn_fffb331f  ; call 0xfffb331f
mov edx, esi
or eax, 0x80000000
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381

loc_fffbd161:  ; not directly referenced
inc ebx
add edi, 0x13c3
cmp ebx, 2
jne loc_fffbd0cc  ; jne 0xfffbd0cc
mov dword [ebp - 0x137c], 0

loc_fffbd17b:  ; not directly referenced
push 1
mov eax, dword [ebp - 0x137c]
xor edi, edi
push 0
push 0
push 0
push 0
sub eax, 0x20
push 0
push 0
push 1
push 0
push eax
push 1
push dword [ebp + 8]
call fcn_fffcd268  ; call 0xfffcd268
mov eax, dword [ebp + 8]
add esp, 0x2c
mov edx, dword [ebp - 0x13a0]
movzx ecx, byte [eax + 0x248c]
lea eax, [ebp - 0x1361]
push 0
push 1
push eax
mov eax, dword [ebp + 8]
call fcn_fffaa5b3  ; call 0xfffaa5b3
add esp, 0x10

loc_fffbd1cc:  ; not directly referenced
imul eax, edi, 0x13c3
mov esi, dword [ebp + 8]
mov bl, byte [ebp - 0x1375]
test byte [esi + eax + 0x381b], bl
je loc_fffbd2c0  ; je 0xfffbd2c0
mov ebx, edi
mov eax, esi
shl ebx, 0xa
lea edx, [ebx + 0x40e0]
call fcn_fffb333d  ; call 0xfffb333d
mov dword [ebp - 0x13a8], eax
lea eax, [ebx + 0x40e8]
xor ebx, ebx
mov dword [ebp - 0x13bc], eax
lea eax, [edi + edi*8]
mov dword [ebp - 0x13a4], edx
mov dword [ebp - 0x13c0], eax

loc_fffbd21d:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp bl, byte [eax + 0x2489]
jae loc_fffbd2c0  ; jae 0xfffbd2c0
cmp bl, 7
ja short loc_fffbd255  ; ja 0xfffbd255
push eax
movzx eax, bl
shl eax, 3
push eax
mov eax, dword [ebp - 0x1394]
push dword [ebp - 0x13a4]
push dword [ebp - 0x13a8]
call dword [eax + 0x6c]  ; ucall
add esp, 0x10
mov cl, al
jmp short loc_fffbd265  ; jmp 0xfffbd265

loc_fffbd255:  ; not directly referenced
mov edx, dword [ebp - 0x13bc]
mov eax, dword [ebp + 8]
call fcn_fffb331f  ; call 0xfffb331f
mov cl, al

loc_fffbd265:  ; not directly referenced
movzx eax, cl
mov dword [ebp - 0x13c4], ecx
call fcn_fffb38d9  ; call 0xfffb38d9
mov ecx, dword [ebp - 0x13c4]
cmp dword [ebp - 0x1380], 0
jne short loc_fffbd28f  ; jne 0xfffbd28f
xor edx, edx
cmp al, 6
setbe dl
mov dword [ebp - 0x1380], edx

loc_fffbd28f:  ; not directly referenced
movzx esi, bl
mov edx, 1
test cl, cl
je short loc_fffbd2a4  ; je 0xfffbd2a4
xor edx, edx
cmp al, 7
sete dl
add edx, edx

loc_fffbd2a4:  ; not directly referenced
add esi, dword [ebp - 0x13c0]
inc ebx
shl esi, 6
add esi, dword [ebp - 0x137c]
mov dword [ebp + esi*4 - 0x1218], edx
jmp near loc_fffbd21d  ; jmp 0xfffbd21d

loc_fffbd2c0:  ; not directly referenced
inc edi
cmp edi, 2
jne loc_fffbd1cc  ; jne 0xfffbd1cc
mov eax, dword [ebp + 8]
call fcn_fffaa4a9  ; call 0xfffaa4a9
inc dword [ebp - 0x137c]
cmp dword [ebp - 0x137c], 0x40
jne loc_fffbd17b  ; jne 0xfffbd17b
mov eax, dword [ebp - 0x1384]
xor di, di
mov ebx, dword [ebp - 0x1388]
lea esi, [eax + 0x70]
mov eax, dword [ebp - 0x13b8]
and eax, 1
mov dword [ebp - 0x13b8], eax

loc_fffbd306:  ; not directly referenced
mov al, byte [ebp - 0x1375]
test byte [ebx + 0xc4], al
je loc_fffbd3ad  ; je 0xfffbd3ad
mov eax, edi
shl eax, 0xa
add eax, 0x4194
mov edx, eax
mov dword [ebp - 0x137c], eax
mov eax, dword [ebp + 8]
call fcn_fffb331f  ; call 0xfffb331f
mov edx, dword [ebp - 0x137c]
and eax, 0x7fffffff
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
cmp dword [ebp - 0x1398], 0
je short loc_fffbd356  ; je 0xfffbd356
push eax
push eax
push 0
jmp short loc_fffbd37d  ; jmp 0xfffbd37d

loc_fffbd356:  ; not directly referenced
cmp dword [ebp - 0x1370], 0
je short loc_fffbd392  ; je 0xfffbd392
push eax
push eax
imul edx, dword [ebp - 0x13b8], 0x18
imul eax, dword [ebp - 0x1390], 0x128
add eax, edx
movzx eax, word [ebx + eax + 0x1271]
push eax

loc_fffbd37d:  ; not directly referenced
mov ecx, dword [ebp - 0x136c]
mov edx, edi
mov eax, dword [ebp + 8]
push 3
call fcn_fffa96cb  ; call 0xfffa96cb
add esp, 0x10

loc_fffbd392:  ; not directly referenced
push eax
mov eax, dword [ebp + 8]
push 0
movzx eax, byte [eax + 0x2489]
push eax
mov eax, dword [ebp - 0x1394]
push esi
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffbd3ad:  ; not directly referenced
inc edi
add esi, 0xcc
add ebx, 0x13c3
cmp edi, 2
jne loc_fffbd306  ; jne 0xfffbd306
lea eax, [ebp - 0x1298]
mov edx, 0xffffffe0
mov dword [ebp - 0x13b8], eax

loc_fffbd3d4:  ; not directly referenced
mov eax, dword [ebp + 8]
lea ecx, [ebp - 0x12f0]
lea edi, [ebp - 0x12a8]
add eax, 0x381b
mov dword [ebp - 0x1390], eax
lea eax, [ebp - 0x1338]
mov dword [ebp - 0x136c], eax
lea eax, [ebp - 0x1260]
mov dword [ebp - 0x137c], eax
mov eax, dword [ebp - 0x13b8]
mov dword [ebp - 0x13a8], eax
lea eax, [edx - 1]
mov dword [ebp - 0x13c4], eax

loc_fffbd41b:  ; not directly referenced
mov esi, dword [ebp - 0x1390]
mov al, byte [ebp - 0x1375]
test byte [esi], al
je short loc_fffbd491  ; je 0xfffbd491
mov eax, dword [ebp + 8]
mov al, byte [eax + 0x2489]
mov byte [ebp - 0x13bc], al
xor eax, eax
jmp short loc_fffbd489  ; jmp 0xfffbd489

loc_fffbd43e:  ; not directly referenced
mov ebx, eax
mov esi, eax
mov eax, dword [ebp - 0x13a8]
shl ebx, 8
mov ebx, dword [eax + ebx + 0x80]
mov eax, dword [ebp - 0x1380]
xor eax, 1
cmp ebx, 2
cmove ebx, eax
cmp dl, 0xe0
mov eax, esi
jne loc_fffbd4f6  ; jne 0xfffbd4f6
test ebx, ebx
je short loc_fffbd4cc  ; je 0xfffbd4cc
mov dword [ecx + esi*4], edx
mov esi, dword [ebp - 0x136c]
mov dword [edi + eax*4], edx
mov dword [esi + eax*4], edx
mov esi, dword [ebp - 0x137c]
mov dword [esi + eax*4], edx

loc_fffbd488:  ; not directly referenced
inc eax

loc_fffbd489:  ; not directly referenced
cmp byte [ebp - 0x13bc], al
ja short loc_fffbd43e  ; ja 0xfffbd43e

loc_fffbd491:  ; not directly referenced
add ecx, 0x24
add edi, 0x24
lea eax, [ebp - 0x12a8]
add dword [ebp - 0x1390], 0x13c3
add dword [ebp - 0x136c], 0x24
add dword [ebp - 0x137c], 0x24
add dword [ebp - 0x13a8], 0x900
cmp ecx, eax
jne loc_fffbd41b  ; jne 0xfffbd41b
jmp near loc_fffbd54f  ; jmp 0xfffbd54f

loc_fffbd4cc:  ; not directly referenced
mov dword [ecx + esi*4], 0xffffffdf
mov esi, dword [ebp - 0x136c]
mov dword [edi + eax*4], 0xffffffdf
mov dword [esi + eax*4], 0xffffffdf
mov esi, dword [ebp - 0x137c]
mov dword [esi + eax*4], 0xffffffdf
jmp short loc_fffbd488  ; jmp 0xfffbd488

loc_fffbd4f6:  ; not directly referenced
test ebx, ebx
je short loc_fffbd488  ; je 0xfffbd488
mov ebx, dword [ebp - 0x13c4]
cmp dword [ecx + esi*4], ebx
mov dword [ecx + esi*4], edx
je short loc_fffbd511  ; je 0xfffbd511
mov esi, dword [ebp - 0x136c]
mov dword [esi + eax*4], edx

loc_fffbd511:  ; not directly referenced
mov ebx, dword [ebp - 0x136c]
mov esi, edx
mov ebx, dword [ebx + eax*4]
mov dword [ebp - 0x13c0], ebx
sub esi, ebx
mov ebx, dword [ebp - 0x137c]
mov ebx, dword [ebx + eax*4]
sub ebx, dword [edi + eax*4]
cmp esi, ebx
jle loc_fffbd488  ; jle 0xfffbd488
mov esi, dword [ebp - 0x13c0]
mov ebx, dword [ebp - 0x137c]
mov dword [edi + eax*4], esi
mov dword [ebx + eax*4], edx
jmp near loc_fffbd488  ; jmp 0xfffbd488

loc_fffbd54f:  ; not directly referenced
inc edx
add dword [ebp - 0x13b8], 4
cmp edx, 0x20
jne loc_fffbd3d4  ; jne 0xfffbd3d4
imul ecx, dword [ebp - 0x1374], 9
xor edi, edi
mov eax, dword [ebp - 0x1388]
mov dword [ebp - 0x137c], ecx

loc_fffbd575:  ; not directly referenced
mov bl, byte [ebp - 0x1375]
test byte [eax + 0xc4], bl
jne short loc_fffbd590  ; jne 0xfffbd590

loc_fffbd583:  ; not directly referenced
inc edi
add eax, 0x13c3
cmp edi, 2
je short loc_fffbd5fc  ; je 0xfffbd5fc
jmp short loc_fffbd575  ; jmp 0xfffbd575

loc_fffbd590:  ; not directly referenced
mov ebx, dword [ebp - 0x137c]
xor edx, edx
lea ecx, [eax + ebx]
mov dword [ebp - 0x136c], ecx

loc_fffbd5a1:  ; not directly referenced
mov ecx, dword [ebp + 8]
cmp dl, byte [ecx + 0x2489]
jae short loc_fffbd583  ; jae 0xfffbd583
movzx ebx, dl
lea esi, [edi + edi*8]
add esi, ebx
mov ecx, dword [ebp + esi*4 - 0x12a8]
mov esi, dword [ebp + esi*4 - 0x1260]
sub esi, ecx
jne short loc_fffbd5d7  ; jne 0xfffbd5d7
mov esi, dword [ebp + 8]
cmp byte [esi + 0x1965], 0
je short loc_fffbd5e2  ; je 0xfffbd5e2
jmp near loc_fffbd781  ; jmp 0xfffbd781

loc_fffbd5d7:  ; not directly referenced
cmp esi, 0xc
jle short loc_fffbd5e2  ; jle 0xfffbd5e2
sar esi, 1
add esi, ecx
jmp short loc_fffbd5e4  ; jmp 0xfffbd5e4

loc_fffbd5e2:  ; not directly referenced
xor esi, esi

loc_fffbd5e4:  ; not directly referenced
add ebx, dword [ebp - 0x136c]
inc edx
lea ecx, [esi + 0x20]
mov byte [ebx + 0x104a], cl
mov byte [ebx + 0x106e], cl
jmp short loc_fffbd5a1  ; jmp 0xfffbd5a1

loc_fffbd5fc:  ; not directly referenced
inc dword [ebp - 0x1374]
cmp dword [ebp - 0x1374], 4
jne loc_fffbd06d  ; jne 0xfffbd06d
cmp dword [ebp - 0x1370], 0
je short loc_fffbd67c  ; je 0xfffbd67c
mov eax, dword [ebp + 8]
cmp dword [eax + 0x3757], 2
jne short loc_fffbd63f  ; jne 0xfffbd63f
push ebx
mov edx, 0x4980
push ebx
push dword [ebp - 0x1344]
push dword [ebp - 0x1348]
call fcn_fffb3506  ; call 0xfffb3506
add esp, 0x10

loc_fffbd63f:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x4b1a], 2
jne short loc_fffbd666  ; jne 0xfffbd666
push ecx
mov edx, 0x4988
push ecx
push dword [ebp - 0x133c]
push dword [ebp - 0x1340]
call fcn_fffb3506  ; call 0xfffb3506
add esp, 0x10

loc_fffbd666:  ; not directly referenced
mov ecx, dword [ebp - 0x138c]
mov edx, 0x4c20
mov eax, dword [ebp + 8]
and cl, 0x7f
call fcn_fffb38b3  ; call 0xfffb38b3

loc_fffbd67c:  ; not directly referenced
xor esi, esi

loc_fffbd67e:  ; not directly referenced
mov eax, 1
mov ecx, esi
shl eax, cl
xor ebx, ebx
mov dword [ebp - 0x136c], eax

loc_fffbd68f:  ; not directly referenced
mov eax, esi
test al, al
sete dl
cmp dword [ebp - 0x139c], 1
sete al
test dl, al
je short loc_fffbd6da  ; je 0xfffbd6da
mov eax, dword [ebp + 8]
mov ecx, 0xff
mov edx, ebx
call fcn_fffa7236  ; call 0xfffa7236
imul edx, ebx, 0xcc
mov edi, dword [ebp - 0x1384]
mov ecx, dword [edi + edx + 0x1c]
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb38b3  ; call 0xfffb38b3
mov eax, dword [ebp + 8]
mov edx, 1
call fcn_fffa82f9  ; call 0xfffa82f9

loc_fffbd6da:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edi, dword [ebp + 8]
mov cl, byte [ebp - 0x136c]
test byte [edi + eax + 0x381b], cl
jne short loc_fffbd6fa  ; jne 0xfffbd6fa

loc_fffbd6f2:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffbd68f  ; jne 0xfffbd68f
jmp short loc_fffbd729  ; jmp 0xfffbd729

loc_fffbd6fa:  ; not directly referenced
xor edi, edi

loc_fffbd6fc:  ; not directly referenced
mov ecx, dword [ebp + 8]
mov eax, edi
cmp al, byte [ecx + 0x2489]
jae short loc_fffbd6f2  ; jae 0xfffbd6f2
push edx
mov eax, edi
push 0
movzx eax, al
push 0xff
mov ecx, esi
push eax
mov eax, dword [ebp + 8]
mov edx, ebx
inc edi
call fcn_fffa7447  ; call 0xfffa7447
add esp, 0x10
jmp short loc_fffbd6fc  ; jmp 0xfffbd6fc

loc_fffbd729:  ; not directly referenced
inc esi
cmp esi, 4
jne loc_fffbd67e  ; jne 0xfffbd67e
push eax
mov ecx, 0x1010101
push eax
mov eax, dword [ebp + 8]
xor edx, edx
push 0
push 8
call fcn_fffa7f8c  ; call 0xfffa7f8c
mov eax, dword [ebp + 8]
lea edx, [ebp - 0x1354]
call fcn_fffa660c  ; call 0xfffa660c
push 2
push 0
push 0
push 0
push 0
push 0
push 0
push 1
push 0
push 0
push 1
push dword [ebp + 8]
call fcn_fffcd268  ; call 0xfffcd268
mov eax, dword [ebp + 8]
add esp, 0x40
call fcn_fffaa4a9  ; call 0xfffaa4a9
jmp short loc_fffbd786  ; jmp 0xfffbd786

loc_fffbd781:  ; not directly referenced
mov eax, 6

loc_fffbd786:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffbd78e:  ; not directly referenced
push ebp
mov ecx, 2
mov ebp, esp
sub esp, 0x10
mov eax, dword [ebp + 8]
movzx edx, byte [eax + 0x248f]
push 0xa
push 1
call fcn_fffcdb14  ; call 0xfffcdb14
leave
ret

fcn_fffbd7ae:  ; not directly referenced
push ebp
mov ecx, 1
mov ebp, esp
sub esp, 0x10
mov eax, dword [ebp + 8]
movzx edx, byte [eax + 0x248f]
push 0xa
push 1
call fcn_fffcdb14  ; call 0xfffcdb14
leave
ret

fcn_fffbd7ce:  ; not directly referenced
push ebp
mov ecx, 0xb
mov ebp, esp
sub esp, 0x10
mov eax, dword [ebp + 8]
movzx edx, byte [eax + 0x248f]
push 0x11
push 0
call fcn_fffcdb14  ; call 0xfffcdb14
leave
ret

fcn_fffbd7ee:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x3c
mov dword [ebp - 0x1c], eax
mov eax, dword [eax + 0x5edd]
mov dword [ebp - 0x20], edx
mov byte [ebp - 0x2a], cl
mov dword [ebp - 0x24], eax
lea eax, [ecx - 1]
cmp al, 1
jbe short loc_fffbd817  ; jbe 0xfffbd817

loc_fffbd810:  ; not directly referenced
xor esi, esi
jmp near loc_fffbdaca  ; jmp 0xfffbdaca

loc_fffbd817:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
movzx ebx, cl
dec cl
mov edx, ebx
mov ecx, 1
movzx edi, byte [ebx + ref_fffd58e0]  ; movzx edi, byte [ebx - 0x2a720]
sete byte [ebp - 0x28]
add byte [ebp - 0x28], 8
call fcn_fffaab72  ; call 0xfffaab72
mov edx, ebx
mov ebx, dword [ebp - 0x1c]
xor ecx, ecx
imul edi, edi, 0x240
movzx esi, ax
mov eax, ebx
call fcn_fffaab72  ; call 0xfffaab72
add edi, dword [ebp - 0x20]
mov dword [ebp - 0x38], edi
movzx eax, ax
add eax, esi
xor esi, esi
mov dword [ebp - 0x30], eax
mov eax, ebx
add eax, 0x3757
mov dword [ebp - 0x20], eax
mov eax, dword [ebp - 0x24]
sar dword [ebp - 0x30], 1
mov dword [ebp - 0x24], 0
add eax, 0x1c
mov dword [ebp - 0x40], eax
mov dword [ebp - 0x34], eax
movzx eax, byte [ebp - 0x28]
mov dword [ebp - 0x48], eax

loc_fffbd888:  ; not directly referenced
mov eax, dword [ebp - 0x20]
cmp dword [eax], 2
jne loc_fffbda46  ; jne 0xfffbda46
imul eax, dword [ebp - 0x24], 9
mov byte [ebp - 0x29], 0
mov dword [ebp - 0x44], eax

loc_fffbd89f:  ; not directly referenced
mov ebx, dword [ebp - 0x1c]
mov al, byte [ebp - 0x29]
cmp al, byte [ebx + 0x2489]
jae loc_fffbda46  ; jae 0xfffbda46
mov edi, dword [ebp - 0x20]
xor ecx, ecx
mov dword [ebp - 0x28], 0xffffffff
mov bl, byte [edi + 0xc4]
mov edi, dword [ebp - 0x38]
mov byte [ebp - 0x3c], bl
movzx ebx, al
mov eax, dword [ebp - 0x44]
add eax, ebx
lea edx, [edi + eax*8 + 4]

loc_fffbd8d5:  ; not directly referenced
mov edi, 1
shl edi, cl
mov eax, edi
test byte [ebp - 0x3c], al
je short loc_fffbd8f3  ; je 0xfffbd8f3
mov eax, dword [ebp - 0x28]
mov edi, dword [edx]
add edi, dword [edx - 4]
cmp eax, edi
cmovbe edi, eax
mov dword [ebp - 0x28], edi

loc_fffbd8f3:  ; not directly referenced
inc ecx
add edx, 0x90
cmp ecx, 4
jne short loc_fffbd8d5  ; jne 0xfffbd8d5
mov eax, dword [ebp - 0x30]
cmp dword [ebp - 0x28], eax
jbe loc_fffbda3e  ; jbe 0xfffbda3e
movzx edi, byte [ebp - 0x29]
xor esi, esi

loc_fffbd911:  ; not directly referenced
mov edx, dword [ebp - 0x20]
mov eax, 1
mov ecx, esi
shl eax, cl
test byte [edx + 0xc4], al
je short loc_fffbd946  ; je 0xfffbd946
push 0
push 0
push 1
push 0
push edi
push esi
push dword [ebp - 0x24]
push 0
push 0
push 0
push dword [ebp - 0x48]
push dword [ebp - 0x1c]
call fcn_fffcd268  ; call 0xfffcd268
add esp, 0x30

loc_fffbd946:  ; not directly referenced
inc esi
cmp esi, 4
jne short loc_fffbd911  ; jne 0xfffbd911
mov eax, dword [ebp - 0x20]
movzx edi, byte [ebp - 0x29]
mov dword [ebp - 0x28], 0
lea esi, [eax + ebx + 0x104a]
lea ebx, [ebx + ebx + 0x121]
add ebx, eax
lea eax, [edi*4]
mov dword [ebp - 0x3c], eax

loc_fffbd974:  ; not directly referenced
mov cl, byte [ebp - 0x28]
mov eax, 1
shl eax, cl
mov ecx, dword [ebp - 0x20]
test byte [ecx + 0xc4], al
je loc_fffbda26  ; je 0xfffbda26
cmp byte [ebp - 0x2a], 1
jne short loc_fffbd9d2  ; jne 0xfffbd9d2
mov al, byte [esi + 0x24]
xor edx, edx
lea ecx, [eax - 9]
cmp al, 0xa
mov al, cl
cmovb eax, edx
mov byte [esi + 0x24], al
mov al, byte [esi]
cmp al, 0xa
lea ecx, [eax - 9]
mov eax, dword [ebp - 0x1c]
cmovae edx, ecx
mov ecx, dword [ebp - 0x28]
mov byte [esi], dl
push edx
mov edx, dword [ebp - 0x24]
push 0
push 0xff
push edi
call fcn_fffa7447  ; call 0xfffa7447
add esp, 0x10
mov eax, 0x40000000
jmp short loc_fffbda1c  ; jmp 0xfffbda1c

loc_fffbd9d2:  ; not directly referenced
mov dx, word [ebx + 0x48]
mov eax, 0x1ff
lea ecx, [edx + 9]
cmp dx, 0x1f5
mov edx, ecx
cmova edx, eax
mov word [ebx + 0x48], dx
mov dx, word [ebx]
cmp dx, 0x1f5
lea ecx, [edx + 9]
mov edx, dword [ebp - 0x24]
cmovbe eax, ecx
mov ecx, dword [ebp - 0x28]
mov word [ebx], ax
push eax
mov eax, dword [ebp - 0x1c]
push 0
push 0xff
push edi
call fcn_fffa735e  ; call 0xfffa735e
add esp, 0x10
mov eax, 0x20000000

loc_fffbda1c:  ; not directly referenced
mov edx, dword [ebp - 0x34]
mov ecx, dword [ebp - 0x3c]
or dword [edx + ecx + 0x28], eax

loc_fffbda26:  ; not directly referenced
inc dword [ebp - 0x28]
add esi, 9
add ebx, 0x12
cmp dword [ebp - 0x28], 4
jne loc_fffbd974  ; jne 0xfffbd974
mov esi, 1

loc_fffbda3e:  ; not directly referenced
inc byte [ebp - 0x29]
jmp near loc_fffbd89f  ; jmp 0xfffbd89f

loc_fffbda46:  ; not directly referenced
inc dword [ebp - 0x24]
add dword [ebp - 0x20], 0x13c3
add dword [ebp - 0x34], 0xcc
cmp dword [ebp - 0x24], 2
jne loc_fffbd888  ; jne 0xfffbd888
test esi, esi
je loc_fffbd810  ; je 0xfffbd810
mov edi, dword [ebp - 0x40]
xor ebx, ebx

loc_fffbda6e:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edx, dword [ebp - 0x1c]
cmp dword [edx + eax + 0x3757], 2
je short loc_fffbda8f  ; je 0xfffbda8f

loc_fffbda81:  ; not directly referenced
inc ebx
add edi, 0xcc
cmp ebx, 2
je short loc_fffbdaca  ; je 0xfffbdaca
jmp short loc_fffbda6e  ; jmp 0xfffbda6e

loc_fffbda8f:  ; not directly referenced
mov byte [ebp - 0x20], 0

loc_fffbda93:  ; not directly referenced
mov ecx, dword [ebp - 0x1c]
mov al, byte [ebp - 0x20]
cmp al, byte [ecx + 0x2489]
jae short loc_fffbda81  ; jae 0xfffbda81
movzx eax, byte [ebp - 0x20]
mov edx, ebx
mov ecx, eax
mov dword [ebp - 0x24], eax
mov eax, dword [ebp - 0x1c]
call fcn_fffa71bc  ; call 0xfffa71bc
mov edx, dword [ebp - 0x24]
mov ecx, dword [edi + edx*4 + 0x28]
mov edx, eax
mov eax, dword [ebp - 0x1c]
call fcn_fffb3381  ; call 0xfffb3381
inc byte [ebp - 0x20]
jmp short loc_fffbda93  ; jmp 0xfffbda93

loc_fffbdaca:  ; not directly referenced
lea esp, [ebp - 0xc]
mov eax, esi
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffbdad4:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x57c
mov ebx, dword [ebp + 0x10]
cmp byte [eax + 0x248c], 1
mov dword [ebp - 0x50c], eax
mov dword [ebp - 0x574], ecx
mov dword [ebp - 0x53c], ebx
mov byte [ebp - 0x566], dl
mov byte [ebp - 0x535], cl
mov byte [ebp - 0x50e], bl
jne short loc_fffbdb36  ; jne 0xfffbdb36
mov al, byte [eax + 0x248d]
lea edx, [eax + 4]
mov byte [ebp - 0x508], al
mov byte [ebp - 0x507], al
add eax, 2
mov byte [ebp - 0x506], dl
mov byte [ebp - 0x505], al
jmp short loc_fffbdb52  ; jmp 0xfffbdb52

loc_fffbdb36:  ; not directly referenced
mov byte [ebp - 0x508], 1
mov byte [ebp - 0x507], 1
mov byte [ebp - 0x506], 1
mov byte [ebp - 0x505], 1

loc_fffbdb52:  ; not directly referenced
mov ebx, dword [ebp - 0x53c]
mov al, bl
shr al, 4
inc eax
mov byte [ebp - 0x520], al
cmp bl, 9
je short loc_fffbdb85  ; je 0xfffbdb85
cmp bl, 8
je short loc_fffbdb95  ; je 0xfffbdb95
cmp bl, 0xa
sete al
mov byte [ebp - 0x50d], al
shl eax, 2
mov byte [ebp - 0x50f], al
jmp short loc_fffbdba3  ; jmp 0xfffbdba3

loc_fffbdb85:  ; not directly referenced
mov byte [ebp - 0x50d], 1
mov byte [ebp - 0x50f], 1
jmp short loc_fffbdba3  ; jmp 0xfffbdba3

loc_fffbdb95:  ; not directly referenced
mov byte [ebp - 0x50d], 1
mov byte [ebp - 0x50f], 2

loc_fffbdba3:  ; not directly referenced
mov eax, dword [ebp - 0x53c]
cmp al, 0x21
sete dl
cmp al, 0x11
sete al
or dl, al
jne short loc_fffbdbca  ; jne 0xfffbdbca
cmp byte [ebp - 0x53c], 5
mov dword [ebp - 0x52c], 0
jne short loc_fffbdbdc  ; jne 0xfffbdbdc

loc_fffbdbca:  ; not directly referenced
mov al, byte [ebp - 0x50d]
xor eax, 1
movzx eax, al
mov dword [ebp - 0x52c], eax

loc_fffbdbdc:  ; not directly referenced
lea eax, [ebp - 0x4e0]
xor edi, edi
mov dword [ebp - 0x51c], eax
mov eax, dword [ebp + 0xc]
mov dword [ebp - 0x514], eax
movzx eax, byte [ebp - 0x566]
mov dword [ebp - 0x518], eax

loc_fffbdc00:  ; not directly referenced
mov eax, dword [ebp - 0x518]
bt eax, edi
jb short loc_fffbdc6b  ; jb 0xfffbdc6b

loc_fffbdc0b:  ; not directly referenced
inc edi
add dword [ebp - 0x514], 0x48
add dword [ebp - 0x51c], 0x24
cmp edi, 2
jne short loc_fffbdc00  ; jne 0xfffbdc00
mov eax, dword [ebp - 0x518]
mov byte [ebp - 0x510], 0
mov dword [ebp - 0x514], 0
sar eax, 1
mov dword [ebp - 0x564], eax
movzx eax, byte [ebp - 0x50d]
and dword [ebp - 0x564], 1
shl eax, 2
mov dword [ebp - 0x560], eax
movzx eax, byte [ebp - 0x520]
mov dword [ebp - 0x57c], eax
dec eax
mov dword [ebp - 0x580], eax
jmp short loc_fffbdcae  ; jmp 0xfffbdcae

loc_fffbdc6b:  ; not directly referenced
mov eax, dword [ebp - 0x50c]
xor ecx, ecx
mov esi, dword [ebp - 0x514]
mov al, byte [eax + 0x2489]
mov byte [ebp - 0x524], al

loc_fffbdc85:  ; not directly referenced
cmp byte [ebp - 0x524], cl
jbe loc_fffbdc0b  ; jbe 0xfffbdc0b
mov eax, dword [esi + 4]
mov ebx, 0x14
xor edx, edx
add eax, dword [esi]
add esi, 8
div ebx
mov ebx, dword [ebp - 0x51c]
mov dword [ebx + ecx*4], eax
inc ecx
jmp short loc_fffbdc85  ; jmp 0xfffbdc85

loc_fffbdcae:  ; not directly referenced
mov esi, dword [ebp - 0x514]
mov eax, esi
mov byte [ebp - 0x565], al
lea eax, [esi + esi - 1]
xor esi, esi
mov dword [ebp - 0x540], eax
mov eax, dword [ebp + 8]
mov dword [ebp - 0x520], eax
movzx eax, byte [ebp - 0x535]
mov dword [ebp - 0x534], eax
movzx eax, byte [ebp - 0x50f]
mov dword [ebp - 0x558], eax

loc_fffbdceb:  ; not directly referenced
mov eax, dword [ebp - 0x518]
bt eax, esi
jae loc_fffbde70  ; jae 0xfffbde70
lea eax, [esi + esi*8]
lea edi, [ebp - 0x18]
add edi, eax
mov dword [ebp - 0x528], eax
mov byte [ebp - 0x524], 0x7f
mov byte [ebp - 0x51c], 0
mov dword [ebp - 0x530], eax
mov dword [ebp - 0x55c], edi
jmp near loc_fffbde58  ; jmp 0xfffbde58

loc_fffbdd27:  ; not directly referenced
movzx ebx, byte [ebp - 0x51c]
mov eax, dword [ebp - 0x55c]
movzx edi, byte [ebp - 0x50e]
add eax, ebx
mov byte [eax - 0x4da], 0
mov byte [eax - 0x4ec], 0
mov eax, dword [ebp - 0x530]
lea ecx, [eax + ebx]
mov eax, dword [ebp + ecx*4 - 0x4e0]
shl ecx, 5
lea edx, [eax - 2]
mov dword [ebp + ecx - 0x498], edx
lea ecx, [edi - 8]
cmp cl, 1
ja loc_fffbde89  ; ja 0xfffbde89
push 1
push 0
push 0
push 0
push ebx
push dword [ebp - 0x534]
imul edx, dword [ebp - 0x540]
push esi
push 0
push 0
push edx

loc_fffbdd90:  ; not directly referenced
push dword [ebp - 0x558]
push dword [ebp - 0x50c]
call fcn_fffcd268  ; call 0xfffcd268
add esp, 0x30

loc_fffbdda4:  ; not directly referenced
cmp byte [ebp - 0x50d], 0
jne loc_fffbdeba  ; jne 0xfffbdeba

loc_fffbddb1:  ; not directly referenced
cmp dword [ebp - 0x52c], 0
je short loc_fffbddec  ; je 0xfffbddec
add ebx, dword [ebp - 0x530]
mov edi, dword [ebp - 0x524]
shl ebx, 5
mov eax, dword [ebp + ebx - 0x498]
mov ecx, edi
movzx edx, cl
cmp eax, edx
cmovb edi, eax
mov eax, edi
mov byte [ebp - 0x524], al
movzx eax, al
mov dword [ebp + ebx - 0x498], eax

loc_fffbddec:  ; not directly referenced
movzx eax, byte [ebp - 0x51c]
mov edi, dword [ebp - 0x528]
lea edx, [eax + edi]
shl edx, 5
lea ebx, [ebp + edx - 0x258]
mov dword [ebp - 0x544], ebx
mov ebx, dword [ebp - 0x520]
shl eax, 4
add eax, dword [ebp - 0x514]
lea edi, [ebp + edx - 0x498]
xor edx, edx
lea eax, [ebx + eax*4]
mov dword [ebp - 0x548], eax
xor eax, eax

loc_fffbde2f:  ; not directly referenced
mov ebx, dword [edi + edx]
mov ecx, dword [ebp - 0x544]
add edx, dword [ebp - 0x560]
mov dword [ecx + eax], ebx
mov ecx, dword [ebp - 0x548]
mov dword [ecx + eax*2], ebx
add eax, 4
cmp eax, 0x20
jne short loc_fffbde2f  ; jne 0xfffbde2f
inc byte [ebp - 0x51c]

loc_fffbde58:  ; not directly referenced
mov edi, dword [ebp - 0x50c]
mov al, byte [ebp - 0x51c]
cmp al, byte [edi + 0x2489]
jb loc_fffbdd27  ; jb 0xfffbdd27

loc_fffbde70:  ; not directly referenced
inc esi
add dword [ebp - 0x520], 0x240
cmp esi, 2
jne loc_fffbdceb  ; jne 0xfffbdceb
jmp near loc_fffbe05b  ; jmp 0xfffbe05b

loc_fffbde89:  ; not directly referenced
cmp byte [ebp - 0x50e], 0xa
jne loc_fffbdda4  ; jne 0xfffbdda4
push 1
add eax, 2
push 0
push 0
push 0
push ebx
push dword [ebp - 0x534]
imul eax, dword [ebp - 0x540]
push esi
push 0
push 0
push eax
jmp near loc_fffbdd90  ; jmp 0xfffbdd90

loc_fffbdeba:  ; not directly referenced
movzx eax, byte [ebp - 0x51c]
mov edi, dword [ebp - 0x520]
mov edx, eax
add eax, dword [ebp - 0x528]
shl edx, 4
add edx, dword [ebp - 0x514]
shl eax, 5
lea eax, [ebp + eax - 0x498]
mov dword [ebp - 0x544], eax
lea edi, [edi + edx*4]
xor eax, eax

loc_fffbdeed:  ; not directly referenced
mov edx, dword [edi + eax*2]
mov ecx, 0xf
cmp edx, 0xf
cmova edx, ecx
mov ecx, dword [ebp - 0x544]
mov dword [ecx + eax], edx
add eax, 4
cmp eax, 0x20
jne short loc_fffbdeed  ; jne 0xfffbdeed
jmp near loc_fffbddb1  ; jmp 0xfffbddb1

loc_fffbdf11:  ; not directly referenced
inc al
je loc_fffbe650  ; je 0xfffbe650
mov eax, dword [ebp - 0x50c]
mov ecx, 4
mov edx, 0x4800
call fcn_fffb335b  ; call 0xfffb335b
mov dword [ebp - 0x520], 0

loc_fffbdf38:  ; not directly referenced
mov eax, dword [ebp - 0x57c]
cmp dword [ebp - 0x520], eax
jae loc_fffbdfe6  ; jae 0xfffbdfe6
mov al, byte [ebp - 0x510]
xor ebx, ebx
and eax, 1
mov byte [ebp - 0x558], al

loc_fffbdf5b:  ; not directly referenced
mov eax, dword [ebp - 0x518]
bt eax, ebx
jb loc_fffbe0d6  ; jb 0xfffbe0d6

loc_fffbdf6a:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffbdf5b  ; jne 0xfffbdf5b
mov esi, dword [ebp - 0x50c]
xor eax, eax
mov edi, dword [ebp - 0x520]
push edx
mov edx, dword [ebp - 0x518]
movzx ecx, byte [esi + 0x248c]
test edi, edi
push 0
sete al
push eax
lea eax, [ebp - 0x508]
push eax
mov eax, esi
call fcn_fffaa5b3  ; call 0xfffaa5b3
mov eax, dword [ebp - 0x580]
add esp, 0x10
cmp edi, eax
jae loc_fffbe273  ; jae 0xfffbe273
mov eax, dword [ebp - 0x50c]
xor edi, edi
mov cl, 1
mov al, byte [eax + 0x3749]
mov byte [ebp - 0x51c], al

loc_fffbdfc9:  ; not directly referenced
mov eax, dword [ebp - 0x518]
bt eax, edi
jb loc_fffbe1fd  ; jb 0xfffbe1fd

loc_fffbdfd8:  ; not directly referenced
inc edi
cmp edi, 2
jne short loc_fffbdfc9  ; jne 0xfffbdfc9
test cl, cl
je loc_fffbe273  ; je 0xfffbe273

loc_fffbdfe6:  ; not directly referenced
lea eax, [ebp - 0x498]
mov dword [ebp - 0x530], eax
mov eax, dword [ebp + 8]
mov dword [ebp - 0x534], 0
mov dword [ebp - 0x51c], 0
mov dword [ebp - 0x55c], eax
movzx eax, byte [ebp - 0x535]
mov dword [ebp - 0x578], eax

loc_fffbe01c:  ; not directly referenced
mov eax, dword [ebp - 0x518]
mov esi, dword [ebp - 0x51c]
bt eax, esi
jb loc_fffbe27e  ; jb 0xfffbe27e

loc_fffbe031:  ; not directly referenced
inc dword [ebp - 0x51c]
add dword [ebp - 0x530], 0x120
add dword [ebp - 0x55c], 0x240
add dword [ebp - 0x534], 9
cmp dword [ebp - 0x51c], 2
jne short loc_fffbe01c  ; jne 0xfffbe01c

loc_fffbe05b:  ; not directly referenced
mov al, 0xff
test byte [ebp - 0x566], 1
je short loc_fffbe08b  ; je 0xfffbe08b
mov esi, dword [ebp - 0x50c]
xor edx, edx
mov cl, byte [esi + 0x2489]

loc_fffbe074:  ; not directly referenced
cmp cl, dl
jbe short loc_fffbe08b  ; jbe 0xfffbe08b
mov bl, byte [ebp + edx - 0x504]
and bl, byte [ebp + edx - 0x4f2]
inc edx
and eax, ebx
jmp short loc_fffbe074  ; jmp 0xfffbe074

loc_fffbe08b:  ; not directly referenced
cmp dword [ebp - 0x564], 0
je loc_fffbdf11  ; je 0xfffbdf11
mov edi, dword [ebp - 0x50c]
lea esi, [ebp - 0x504]
mov cl, byte [edi + 0x2489]
lea edi, [ebp - 0x4f2]
mov edx, edi
mov byte [ebp - 0x51c], cl

loc_fffbe0b8:  ; not directly referenced
mov bl, dl
mov ecx, edi
inc esi
sub ebx, ecx
cmp bl, byte [ebp - 0x51c]
jae loc_fffbdf11  ; jae 0xfffbdf11
mov bl, byte [edx + 9]
inc edx
and bl, byte [esi + 8]
and eax, ebx
jmp short loc_fffbe0b8  ; jmp 0xfffbe0b8

loc_fffbe0d6:  ; not directly referenced
mov eax, dword [ebp - 0x518]
lea ecx, [ebx + 1]
mov byte [ebp - 0x51c], 0
sar eax, cl
mov dword [ebp - 0x528], eax
lea eax, [ebx + ebx*8]
mov dword [ebp - 0x530], eax

loc_fffbe0f7:  ; not directly referenced
mov esi, dword [ebp - 0x50c]
mov al, byte [ebp - 0x51c]
cmp al, byte [esi + 0x2489]
jae loc_fffbdf6a  ; jae 0xfffbdf6a
cmp byte [ebp - 0x50d], 0
movzx eax, byte [ebp - 0x51c]
je short loc_fffbe19e  ; je 0xfffbe19e
add eax, dword [ebp - 0x530]
xor ecx, ecx
mov dl, byte [ebp - 0x565]
shl eax, 5
lea eax, [ebp + eax - 0x498]
xor edx, 1
mov dword [ebp - 0x524], eax
xor eax, eax
mov byte [ebp - 0x534], dl

loc_fffbe148:  ; not directly referenced
cmp byte [ebp - 0x50e], 9
sete dl
test byte [ebp - 0x558], dl
jne short loc_fffbe16c  ; jne 0xfffbe16c
cmp byte [ebp - 0x50e], 9
setne dl
test byte [ebp - 0x534], dl
je short loc_fffbe17c  ; je 0xfffbe17c

loc_fffbe16c:  ; not directly referenced
mov esi, dword [ebp - 0x524]
mov edi, 0xf
sub edi, dword [esi + ecx]
jmp short loc_fffbe185  ; jmp 0xfffbe185

loc_fffbe17c:  ; not directly referenced
mov edi, dword [ebp - 0x524]
mov edi, dword [edi + ecx]

loc_fffbe185:  ; not directly referenced
cmp edi, 0xf
mov esi, 0xf
cmovbe esi, edi
shl esi, cl
add ecx, 4
or eax, esi
cmp ecx, 0x20
jne short loc_fffbe148  ; jne 0xfffbe148
jmp short loc_fffbe1b6  ; jmp 0xfffbe1b6

loc_fffbe19e:  ; not directly referenced
lea edx, [ebx + ebx*8]
mov esi, dword [ebp - 0x540]
add eax, edx
shl eax, 5
imul esi, dword [ebp + eax - 0x498]
mov eax, esi

loc_fffbe1b6:  ; not directly referenced
push 1
movzx edx, byte [ebp - 0x51c]
push dword [ebp - 0x528]
push 0
push 0
push edx
movzx edx, byte [ebp - 0x535]
push edx
push ebx
push 0
push dword [ebp - 0x520]
push eax
movzx eax, byte [ebp - 0x50e]
push eax
push dword [ebp - 0x50c]
call fcn_fffcd268  ; call 0xfffcd268
add esp, 0x30
inc byte [ebp - 0x51c]
jmp near loc_fffbe0f7  ; jmp 0xfffbe0f7

loc_fffbe1fd:  ; not directly referenced
mov ebx, dword [ebp - 0x50c]
mov esi, edi
shl esi, 0xa
lea edx, [esi + 0x40e0]
mov dword [ebp - 0x528], ecx
mov eax, ebx
call fcn_fffb331f  ; call 0xfffb331f
lea edx, [esi + 0x40e4]
mov dword [ebp - 0x524], eax
mov eax, ebx
call fcn_fffb331f  ; call 0xfffb331f
mov ecx, dword [ebp - 0x528]
inc eax
sete bl
cmp dword [ebp - 0x524], 0xffffffff
sete al
and ebx, eax
and ebx, ecx
mov ecx, 1
cmp byte [ebp - 0x51c], 0
je short loc_fffbe26c  ; je 0xfffbe26c
mov eax, dword [ebp - 0x50c]
lea edx, [esi + 0x40e8]
call fcn_fffb331f  ; call 0xfffb331f
xor ecx, ecx
inc al
sete cl

loc_fffbe26c:  ; not directly referenced
and ecx, ebx
jmp near loc_fffbdfd8  ; jmp 0xfffbdfd8

loc_fffbe273:  ; not directly referenced
inc dword [ebp - 0x520]
jmp near loc_fffbdf38  ; jmp 0xfffbdf38

loc_fffbe27e:  ; not directly referenced
mov esi, dword [ebp - 0x51c]
mov edi, dword [ebp - 0x50c]
mov ebx, esi
shl ebx, 0xa
mov eax, edi
lea edx, [ebx + 0x40e0]
call fcn_fffb331f  ; call 0xfffb331f
lea edx, [ebx + 0x40e4]
mov dword [ebp - 0x56c], eax
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
lea edx, [ebx + 0x40e8]
mov dword [ebp - 0x570], eax
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov byte [ebp - 0x538], 0xff
mov byte [ebp - 0x537], 0xff
mov byte [ebp - 0x524], 0
mov byte [ebp - 0x567], al
lea eax, [esi + esi*8]
lea esi, [ebp - 0x18]
add esi, eax
mov dword [ebp - 0x548], eax
mov dword [ebp - 0x520], esi

loc_fffbe2f1:  ; not directly referenced
mov eax, dword [ebp - 0x50c]
mov dl, byte [eax + 0x2489]
cmp byte [ebp - 0x524], dl
jae loc_fffbe5dd  ; jae 0xfffbe5dd
movzx eax, byte [ebp - 0x524]
cmp al, 3
ja short loc_fffbe32b  ; ja 0xfffbe32b
mov esi, dword [ebp - 0x56c]
lea ecx, [eax*8]
shr esi, cl
mov dword [ebp - 0x558], esi
jmp short loc_fffbe355  ; jmp 0xfffbe355

loc_fffbe32b:  ; not directly referenced
mov bl, byte [ebp - 0x567]
cmp byte [ebp - 0x524], 7
mov byte [ebp - 0x558], bl
ja short loc_fffbe355  ; ja 0xfffbe355
mov edi, dword [ebp - 0x570]
lea ecx, [eax*8 - 0x20]
shr edi, cl
mov dword [ebp - 0x558], edi

loc_fffbe355:  ; not directly referenced
mov esi, dword [ebp - 0x534]
lea edi, [ebp - 0x498]
xor ecx, ecx
movzx ebx, byte [ebp - 0x524]
lea edx, [eax + esi]
shl edx, 5
lea esi, [edi + edx]
mov dword [ebp - 0x544], esi
mov esi, dword [ebp - 0x55c]
shl eax, 4
add eax, dword [ebp - 0x514]
lea edi, [esi + eax*4]
mov eax, dword [ebp - 0x520]
add eax, ebx

loc_fffbe393:  ; not directly referenced
mov edx, 1
movzx esi, byte [eax - 0x4da]
shl edx, cl
mov dword [ebp - 0x528], edx
mov dl, byte [eax - 0x4ec]
mov byte [ebp - 0x536], dl
and edx, esi
test byte [ebp - 0x528], dl
jne short loc_fffbe41e  ; jne 0xfffbe41e
mov dl, byte [ebp - 0x528]
test byte [ebp - 0x558], dl
je short loc_fffbe3fc  ; je 0xfffbe3fc
or esi, edx
mov edx, esi
mov esi, dword [ebp - 0x544]
mov byte [eax - 0x4da], dl
mov esi, dword [esi]
cmp dword [edi + ecx*8], esi
jb short loc_fffbe41e  ; jb 0xfffbe41e
mov dl, byte [ebp - 0x528]
dec esi
mov dword [edi + ecx*8], esi
not edx
and dl, byte [ebp - 0x536]
mov byte [eax - 0x4ec], dl
jmp short loc_fffbe41e  ; jmp 0xfffbe41e

loc_fffbe3fc:  ; not directly referenced
mov dl, byte [ebp - 0x528]
mov esi, dword [ebp - 0x544]
or dl, byte [ebp - 0x536]
mov byte [eax - 0x4ec], dl
mov edx, dword [esi]
cmp dword [edi + ecx*8], edx
jae short loc_fffbe41e  ; jae 0xfffbe41e
mov dword [edi + ecx*8], edx

loc_fffbe41e:  ; not directly referenced
mov esi, dword [ebp - 0x560]
inc ecx
add dword [ebp - 0x544], esi
cmp ecx, 8
jne loc_fffbe393  ; jne 0xfffbe393
cmp byte [ebp - 0x50e], 1
mov al, 0xf
jne short loc_fffbe463  ; jne 0xfffbe463
push eax
mov ecx, dword [ebp - 0x578]
push 0xf
mov edx, dword [ebp - 0x51c]
push dword [ebp - 0x514]
mov eax, dword [ebp - 0x50c]
push ebx
call fcn_fffb399f  ; call 0xfffb399f
add esp, 0x10

loc_fffbe463:  ; not directly referenced
cmp byte [ebp - 0x50d], 0
je short loc_fffbe4c4  ; je 0xfffbe4c4
mov edi, dword [ebp - 0x534]
lea esi, [ebp - 0x498]
xor ecx, ecx
add edi, ebx
shl edi, 5
add edi, esi
mov dword [ebp - 0x528], edi

loc_fffbe487:  ; not directly referenced
mov edi, dword [ebp - 0x528]
mov edx, 1
shl edx, cl
mov esi, dword [edi + ecx*4]
movzx edi, al
cmp esi, edi
jb short loc_fffbe4ab  ; jb 0xfffbe4ab
mov edi, dword [ebp - 0x520]
or byte [ebx + edi - 0x4da], dl

loc_fffbe4ab:  ; not directly referenced
test esi, esi
jne short loc_fffbe4bc  ; jne 0xfffbe4bc
mov edi, dword [ebp - 0x520]
or byte [ebx + edi - 0x4ec], dl

loc_fffbe4bc:  ; not directly referenced
inc ecx
cmp ecx, 8
jne short loc_fffbe487  ; jne 0xfffbe487
jmp short loc_fffbe4fe  ; jmp 0xfffbe4fe

loc_fffbe4c4:  ; not directly referenced
mov edi, dword [ebp - 0x548]
movzx eax, al
lea edx, [edi + ebx]
shl edx, 5
mov edx, dword [ebp + edx - 0x498]
cmp edx, eax
jb short loc_fffbe4ec  ; jb 0xfffbe4ec
mov eax, dword [ebp - 0x520]
mov byte [ebx + eax - 0x4da], 0xff

loc_fffbe4ec:  ; not directly referenced
test edx, edx
jne short loc_fffbe4fe  ; jne 0xfffbe4fe
mov eax, dword [ebp - 0x520]
mov byte [ebx + eax - 0x4ec], 0xff

loc_fffbe4fe:  ; not directly referenced
mov eax, dword [ebp - 0x520]
lea edx, [eax + ebx]
mov al, byte [edx - 0x4ec]
mov dl, byte [edx - 0x4da]
and byte [ebp - 0x537], al
and byte [ebp - 0x538], dl
cmp dword [ebp - 0x52c], 0
jne loc_fffbe5d2  ; jne 0xfffbe5d2
cmp byte [ebp - 0x50d], 0
je short loc_fffbe58b  ; je 0xfffbe58b
mov esi, dword [ebp - 0x534]
lea edi, [ebp - 0x498]
lea ecx, [ebx + esi]
mov bl, dl
shl ecx, 5
and ebx, eax
lea esi, [edi + ecx]
mov byte [ebp - 0x528], bl
lea edi, [ebp + ecx - 0x258]
xor ecx, ecx

loc_fffbe55d:  ; not directly referenced
mov ebx, 1
shl ebx, cl
test byte [ebp - 0x528], bl
jne short loc_fffbe583  ; jne 0xfffbe583
test dl, bl
jne short loc_fffbe575  ; jne 0xfffbe575
inc dword [esi + ecx*4]
jmp short loc_fffbe583  ; jmp 0xfffbe583

loc_fffbe575:  ; not directly referenced
test al, bl
jne short loc_fffbe583  ; jne 0xfffbe583
mov ebx, dword [edi + ecx*4]
dec ebx
mov dword [edi + ecx*4], ebx
mov dword [esi + ecx*4], ebx

loc_fffbe583:  ; not directly referenced
inc ecx
cmp ecx, 8
jne short loc_fffbe55d  ; jne 0xfffbe55d
jmp short loc_fffbe5d2  ; jmp 0xfffbe5d2

loc_fffbe58b:  ; not directly referenced
mov cl, dl
and ecx, eax
inc cl
je short loc_fffbe5d2  ; je 0xfffbe5d2
inc dl
je short loc_fffbe5ab  ; je 0xfffbe5ab
mov eax, dword [ebp - 0x548]
add eax, ebx
shl eax, 5
inc dword [ebp + eax - 0x498]
jmp short loc_fffbe5d2  ; jmp 0xfffbe5d2

loc_fffbe5ab:  ; not directly referenced
inc al
je short loc_fffbe5d2  ; je 0xfffbe5d2
mov eax, dword [ebp - 0x548]
add eax, ebx
shl eax, 5
mov esi, dword [ebp + eax - 0x258]
lea edx, [esi - 1]
mov dword [ebp + eax - 0x258], edx
mov dword [ebp + eax - 0x498], edx

loc_fffbe5d2:  ; not directly referenced
inc byte [ebp - 0x524]
jmp near loc_fffbe2f1  ; jmp 0xfffbe2f1

loc_fffbe5dd:  ; not directly referenced
cmp dword [ebp - 0x52c], 1
jne loc_fffbe031  ; jne 0xfffbe031
mov al, byte [ebp - 0x537]
mov edi, dword [ebp - 0x538]
and eax, edi
inc al
je loc_fffbe031  ; je 0xfffbe031
mov eax, edi
inc al
je short loc_fffbe612  ; je 0xfffbe612
mov eax, dword [ebp - 0x530]
inc dword [eax]

loc_fffbe60e:  ; not directly referenced
xor eax, eax
jmp short loc_fffbe635  ; jmp 0xfffbe635

loc_fffbe612:  ; not directly referenced
imul ecx, dword [ebp - 0x51c], 0x120
mov edi, dword [ebp - 0x530]
mov eax, dword [ebp + ecx - 0x258]
dec eax
mov dword [ebp + ecx - 0x258], eax
mov dword [edi], eax
jmp short loc_fffbe60e  ; jmp 0xfffbe60e

loc_fffbe635:  ; not directly referenced
cmp dl, al
jbe loc_fffbe031  ; jbe 0xfffbe031
mov esi, dword [ebp - 0x530]
mov ecx, eax
inc eax
shl ecx, 5
mov ebx, dword [esi]
mov dword [esi + ecx], ebx
jmp short loc_fffbe635  ; jmp 0xfffbe635

loc_fffbe650:  ; not directly referenced
cmp byte [ebp - 0x50d], 0
jne loc_fffbe701  ; jne 0xfffbe701
mov eax, dword [ebp + 8]
xor edi, edi
mov dword [ebp - 0x51c], eax
mov eax, dword [ebp + 0xc]
mov dword [ebp - 0x520], eax

loc_fffbe671:  ; not directly referenced
mov eax, dword [ebp - 0x518]
bt eax, edi
jb short loc_fffbe699  ; jb 0xfffbe699

loc_fffbe67c:  ; not directly referenced
inc edi
add dword [ebp - 0x520], 0x48
add dword [ebp - 0x51c], 0x240
cmp edi, 2
je loc_fffbe7ca  ; je 0xfffbe7ca
jmp short loc_fffbe671  ; jmp 0xfffbe671

loc_fffbe699:  ; not directly referenced
xor ebx, ebx

loc_fffbe69b:  ; not directly referenced
mov eax, dword [ebp - 0x50c]
cmp bl, byte [eax + 0x2489]
jae short loc_fffbe67c  ; jae 0xfffbe67c
movzx ecx, bl
mov esi, dword [ebp - 0x51c]
xor edx, edx
mov eax, ecx
shl eax, 4
add eax, dword [ebp - 0x514]
mov dword [ebp - 0x524], ecx
lea esi, [esi + eax*4]
mov eax, 0x7f

loc_fffbe6cd:  ; not directly referenced
movzx ecx, al
cmp ecx, dword [esi + edx]
movzx ecx, byte [esi + edx]
cmova eax, ecx
add edx, 8
cmp edx, 0x40
jne short loc_fffbe6cd  ; jne 0xfffbe6cd
mov esi, dword [ebp - 0x524]
imul eax, eax, 0xa
inc ebx
mov ecx, esi
add ecx, esi
mov esi, dword [ebp - 0x520]
add ecx, dword [ebp - 0x514]
mov dword [esi + ecx*4], eax
jmp short loc_fffbe69b  ; jmp 0xfffbe69b

loc_fffbe701:  ; not directly referenced
mov al, byte [ebp - 0x510]
xor edi, edi
mov esi, dword [ebp + 8]
and eax, 1
mov byte [ebp - 0x520], al

loc_fffbe715:  ; not directly referenced
mov eax, dword [ebp - 0x518]
xor edx, edx
bt eax, edi
jb short loc_fffbe78d  ; jb 0xfffbe78d

loc_fffbe722:  ; not directly referenced
inc edi
add esi, 0x240
cmp edi, 2
jne short loc_fffbe715  ; jne 0xfffbe715
push 2
movzx eax, byte [ebp - 0x535]
push 0
push 0
push 0
push 0
push eax
movzx eax, byte [ebp - 0x50f]
push 0
push 1
push 0
push 0
push eax
push dword [ebp - 0x50c]
call fcn_fffcd268  ; call 0xfffcd268
add esp, 0x30
jmp short loc_fffbe7ca  ; jmp 0xfffbe7ca

loc_fffbe760:  ; not directly referenced
cmp byte [ebp - 0x50e], 9
sete bl
test byte [ebp - 0x520], bl
jne short loc_fffbe7bd  ; jne 0xfffbe7bd
cmp byte [ebp - 0x50e], 9
setne bl
test byte [ebp - 0x51c], bl
jne short loc_fffbe7bd  ; jne 0xfffbe7bd

loc_fffbe784:  ; not directly referenced
add eax, 8
cmp eax, 0x40
jne short loc_fffbe760  ; jne 0xfffbe760
inc edx

loc_fffbe78d:  ; not directly referenced
mov eax, dword [ebp - 0x50c]
cmp dl, byte [eax + 0x2489]
jae short loc_fffbe722  ; jae 0xfffbe722
mov bl, byte [ebp - 0x565]
movzx eax, dl
shl eax, 4
add eax, dword [ebp - 0x514]
xor ebx, 1
lea ecx, [esi + eax*4]
xor eax, eax
mov byte [ebp - 0x51c], bl
jmp short loc_fffbe760  ; jmp 0xfffbe760

loc_fffbe7bd:  ; not directly referenced
mov ebx, 0xf
sub ebx, dword [ecx + eax]
mov dword [ecx + eax], ebx
jmp short loc_fffbe784  ; jmp 0xfffbe784

loc_fffbe7ca:  ; not directly referenced
inc byte [ebp - 0x510]
inc dword [ebp - 0x514]
and byte [ebp - 0x510], 1
cmp dword [ebp - 0x514], 2
jne loc_fffbdcae  ; jne 0xfffbdcae
push 2
mov edx, 0
push 0
mov eax, 0x88888888
push 0
push 0
push 0
push dword [ebp - 0x574]
cmp byte [ebp - 0x50d], 1
push 0
cmovne eax, edx
push 1
push 0
push eax
movzx eax, byte [ebp - 0x53c]
push eax
push dword [ebp - 0x50c]
call fcn_fffcd268  ; call 0xfffcd268
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffbe830:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, 0x36
push ebx
mov ebx, eax
sub esp, 0x3c
mov eax, dword [ebp + 8]
cmp dword [ebx + 0x2481], 2
mov dword [ebp - 0x28], edx
mov dword [ebp - 0x24], eax
mov byte [ebp - 0x2a], al
mov eax, dword [ebx + 0x2444]
mov dword [ebp - 0x38], eax
jne short loc_fffbe867  ; jne 0xfffbe867
cmp byte [ebp - 0x24], 5
mov al, 0x25
cmove esi, eax

loc_fffbe867:  ; not directly referenced
movzx eax, byte [ebp - 0x24]
movzx edi, cl
push ecx
push ecx
mov ecx, edi
mov edx, eax
mov dword [ebp - 0x1c], eax
lea eax, [ebx + 0x2491]
mov dword [ebp - 0x20], eax
mov eax, 1
shl eax, cl
mov ecx, edx
mov edx, dword [ebp - 0x20]
movzx eax, al
push eax
mov eax, ebx
push edi
call fcn_fffa7e1a  ; call 0xfffa7e1a
add esp, 0x10
test eax, eax
jne loc_fffbea00  ; jne 0xfffbea00
movzx eax, byte [ebp - 0x28]
push edx
push edx
mov edx, dword [ebp - 0x20]
push dword [ebp + 0x18]
mov ecx, eax
mov dword [ebp - 0x3c], eax
mov eax, esi
movzx esi, al
mov eax, ebx
push esi
push dword [ebp + 0xc]
push dword [ebp - 0x1c]
push edi
push edi
call fcn_fffd16df  ; call 0xfffd16df
add esp, 0x20
test eax, eax
jne loc_fffbea00  ; jne 0xfffbea00
mov ecx, dword [ebp - 0x1c]
sub esp, 0xc
mov eax, ebx
mov edx, dword [ebp - 0x20]
push edi
call fcn_fffa7d46  ; call 0xfffa7d46
add esp, 0x10
test eax, eax
jne loc_fffbea00  ; jne 0xfffbea00
xor edx, edx
cmp byte [ebp - 0x24], 0x21
ja short loc_fffbe902  ; ja 0xfffbe902
mov eax, dword [ebp - 0x1c]
movzx edx, byte [eax + ref_fffd58e0]  ; movzx edx, byte [eax - 0x2a720]

loc_fffbe902:  ; not directly referenced
imul esi, edx, 0x48
xor eax, eax
mov byte [ebp - 0x28], 0
mov dword [ebp - 0x44], esi

loc_fffbe90e:  ; not directly referenced
test eax, eax
sete cl
cmp byte [ebp - 0x28], 1
setbe dl
test cl, dl
je loc_fffbea00  ; je 0xfffbea00
mov al, byte [ebp - 0x28]
movzx esi, al
mov dword [ebp - 0x30], esi
mov esi, dword [ebp - 0x3c]
bt esi, eax
jb short loc_fffbe93a  ; jb 0xfffbe93a

loc_fffbe933:  ; not directly referenced
xor eax, eax
jmp near loc_fffbe9f8  ; jmp 0xfffbe9f8

loc_fffbe93a:  ; not directly referenced
imul eax, dword [ebp - 0x30], 0x24
mov esi, dword [ebp + 0x14]
mov dword [ebp - 0x24], 0x18
mov byte [ebp - 0x29], 0
add esi, eax
add eax, dword [ebp + 0x10]
mov dword [ebp - 0x34], esi
mov dword [ebp - 0x40], eax

loc_fffbe957:  ; not directly referenced
mov al, byte [ebp - 0x29]
cmp al, byte [ebx + 0x2489]
jae short loc_fffbe933  ; jae 0xfffbe933
imul edx, edi, 0x12
movzx ecx, byte [ebp - 0x29]
imul eax, dword [ebp - 0x30], 9
add eax, edx
mov edx, dword [ebp - 0x44]
mov esi, eax
add eax, ecx
lea eax, [eax + edx + 8]
add edx, esi
mov eax, dword [ebx + eax*8 + 0x2455]
lea edx, [ecx + edx + 8]
mov esi, 0xa
add eax, dword [ebx + edx*8 + 0x2451]
xor edx, edx
div esi
mov edx, dword [ebp - 0x40]
mov dword [edx + ecx*4], eax
shr eax, 1
mov edx, 0x18
cmp eax, 0x18
cmovbe edx, eax
mov eax, dword [ebp - 0x34]
cmp dword [ebp - 0x24], edx
mov dword [eax + ecx*4], edx
mov ecx, dword [ebp - 0x1c]
mov eax, ebx
cmovbe edx, dword [ebp - 0x24]
sub esp, 0xc
push edi
mov dword [ebp - 0x24], edx
mov edx, dword [ebp - 0x20]
call fcn_fffa7d46  ; call 0xfffa7d46
add esp, 0x10
test eax, eax
jne short loc_fffbe9f8  ; jne 0xfffbe9f8
cmp byte [ebp - 0x2a], 5
jne short loc_fffbe9f0  ; jne 0xfffbe9f0
push eax
movzx eax, byte [ebx + 0x2489]
push dword [ebp - 0x24]
push eax
mov eax, dword [ebp - 0x38]
push dword [ebp - 0x34]
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffbe9f0:  ; not directly referenced
inc byte [ebp - 0x29]
jmp near loc_fffbe957  ; jmp 0xfffbe957

loc_fffbe9f8:  ; not directly referenced
inc byte [ebp - 0x28]
jmp near loc_fffbe90e  ; jmp 0xfffbe90e

loc_fffbea00:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffbea08:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0xcfc
mov edi, dword [ebp + 0x18]
mov dword [ebp - 0xcc0], edx
mov dl, byte [ebp + 0xc]
mov esi, dword [ebp + 0x10]
mov dword [ebp - 0xc88], ecx
mov ecx, 7
mov ebx, dword [ebp + 8]
mov dword [ebp - 0xca0], edi
mov edi, dword [ebp + 0x1c]
mov byte [ebp - 0xcee], dl
mov dl, byte [ebp + 0x14]
mov dword [ebp - 0xc98], esi
mov esi, ref_fffd53bc  ; mov esi, 0xfffd53bc
mov dword [ebp - 0xc7c], eax
mov dword [ebp - 0xca4], edi
mov byte [ebp - 0xcef], dl
mov edx, edi
lea edi, [ebp - 0xc58]
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea edi, [ebp - 0xc3c]
mov esi, ref_fffd53d8  ; mov esi, 0xfffd53d8
mov byte [ebp - 0xc9a], bl
mov byte [ebp - 0xc99], dl
mov cl, 7
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea edi, [ebp - 0xc20]
mov esi, ref_fffd53f4  ; mov esi, 0xfffd53f4
mov cl, 7
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov esi, dword [eax + 0x5edd]
mov eax, dword [eax + 0x2444]
mov dword [ebp - 0xce8], esi
mov dword [ebp - 0xc84], eax
lea eax, [ebx - 1]
cmp al, 1
ja loc_fffbf976  ; ja 0xfffbf976
push esi
push 0
push 0x10
lea eax, [ebp - 0xc68]
push eax
mov eax, dword [ebp - 0xc84]
call dword [eax + 0x5c]  ; ucall
add esp, 0x10
xor eax, eax

loc_fffbead1:  ; not directly referenced
mov byte [ebp + eax - 0xc71], al
inc eax
cmp eax, 9
jne short loc_fffbead1  ; jne 0xfffbead1
movzx eax, bl
mov cl, byte [ebp - 0xca0]
sub esp, 0xc
mov al, byte [eax + ref_fffd58e0]  ; mov al, byte [eax - 0x2a720]
mov edi, dword [ebp - 0xc7c]
push 0
dec ecx
mov byte [ebp - 0xc80], al
movzx eax, byte [ebp - 0xc88]
movzx ecx, cl
mov dword [ebp - 0xcec], eax
mov edx, eax
mov eax, edi
call fcn_fffae9e2  ; call 0xfffae9e2
xor eax, eax
add esp, 0x10
mov byte [edi + 0x248c], 9
mov edi, dword [ebp - 0xc98]
cmp bl, 1
cmove eax, edi
mov byte [ebp - 0xc9c], al
inc eax
cmp byte [ebp - 0xca4], 0
mov byte [ebp - 0xced], al
jne short loc_fffbeb5d  ; jne 0xfffbeb5d
push ecx
push 0
lea eax, [ebp - 0xc04]
push 0x1c
push eax
mov eax, dword [ebp - 0xc84]
call dword [eax + 0x5c]  ; ucall
jmp short loc_fffbeb77  ; jmp 0xfffbeb77

loc_fffbeb5d:  ; not directly referenced
push edx
push 0x1c
lea eax, [ebp - 0xc20]
push eax
lea eax, [ebp - 0xc04]
push eax
mov eax, dword [ebp - 0xc84]
call dword [eax + 0x58]  ; ucall

loc_fffbeb77:  ; not directly referenced
add esp, 0x10
xor edx, edx
xor esi, esi
xor eax, eax
mov edi, 6

loc_fffbeb85:  ; not directly referenced
movzx ecx, al
add esi, dword [ebp + ecx*4 - 0xc58]
add edx, dword [ebp + ecx*4 - 0xc3c]
cmp byte [ebp - 0xc99], 0
mov dword [ebp - 0xcd8], esi
mov dword [ebp - 0xcdc], edx
cmove eax, edi
inc eax
cmp al, 7
jne short loc_fffbeb85  ; jne 0xfffbeb85
movzx eax, byte [ebp - 0xc80]
cmp bl, 1
sete byte [ebp - 0xc9b]
add byte [ebp - 0xc9b], 8
dec bl
setne byte [ebp - 0xca0]
imul eax, eax, 0x240
add eax, dword [ebp - 0xcc0]
add byte [ebp - 0xca0], 4
mov dword [ebp - 0xcbc], eax
movzx eax, byte [ebp - 0xc9a]
mov dword [ebp - 0xc80], 0
mov dword [ebp - 0xce4], eax
movzx eax, byte [ebp - 0xca0]
mov dword [ebp - 0xcb4], eax

loc_fffbec0f:  ; not directly referenced
mov eax, dword [ebp - 0xce8]
mov edi, 1
xor ebx, ebx
mov cl, byte [ebp - 0xc80]
mov byte [ebp - 0xc98], 0
add eax, 0x70
shl edi, cl
mov esi, eax
mov dword [ebp - 0xcc8], eax

loc_fffbec36:  ; not directly referenced
mov eax, dword [ebp - 0xcec]
bt eax, ebx
jae short loc_fffbec80  ; jae 0xfffbec80
mov eax, dword [ebp - 0xc7c]
mov ecx, edi
mov edx, ebx
call fcn_fffad317  ; call 0xfffad317
or byte [ebp - 0xc98], al
movzx eax, byte [ebp - 0xc98]
bt eax, ebx
jae short loc_fffbec80  ; jae 0xfffbec80
push eax
mov eax, dword [ebp - 0xc7c]
push 0
movzx eax, byte [eax + 0x2489]
push eax
mov eax, dword [ebp - 0xc84]
push esi
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffbec80:  ; not directly referenced
inc ebx
add esi, 0xcc
cmp ebx, 2
jne short loc_fffbec36  ; jne 0xfffbec36
cmp byte [ebp - 0xc98], 0
jne short loc_fffbecdf  ; jne 0xfffbecdf

loc_fffbec95:  ; not directly referenced
inc dword [ebp - 0xc80]
cmp dword [ebp - 0xc80], 4
jne loc_fffbec0f  ; jne 0xfffbec0f
mov edi, dword [ebp - 0xc7c]
movzx eax, byte [ebp - 0xca0]
mov byte [edi + 0x247b], 0
push 2
push 0
push 0
push 0
push 0
push 0
push 0
push 1
push 0
push 0
push eax
push edi
call fcn_fffcd268  ; call 0xfffcd268
add esp, 0x30
jmp near loc_fffbf982  ; jmp 0xfffbf982

loc_fffbecdf:  ; not directly referenced
cmp byte [ebp - 0xcef], 1
jne short loc_fffbed19  ; jne 0xfffbed19
push 0
movzx eax, byte [ebp - 0xc9b]
push 0
push 1
push 0
push 0
push dword [ebp - 0xc80]
push 0
push 1
push 0
push 0x88888888
push eax
push dword [ebp - 0xc7c]
call fcn_fffcd268  ; call 0xfffcd268
add esp, 0x30

loc_fffbed19:  ; not directly referenced
xor ebx, ebx
cmp byte [ebp - 0xc99], 0
je loc_fffbee01  ; je 0xfffbee01
sub esp, 0xc
movzx edx, byte [ebp - 0xc98]
lea eax, [ebp - 0xc68]
mov ecx, dword [ebp - 0xc80]
push eax
lea ebx, [ebp - 0xbe8]
push ebx
lea eax, [ebp - 0xba0]
push eax
lea eax, [ebp - 0xc71]
push eax
mov eax, dword [ebp - 0xc7c]
push dword [ebp - 0xcb4]
call fcn_fffbe830  ; call 0xfffbe830
add esp, 0x20
test eax, eax
jne short loc_fffbedc3  ; jne 0xfffbedc3

loc_fffbed6c:  ; not directly referenced
push eax
mov ecx, dword [ebp - 0xce4]
push eax
mov edx, dword [ebp - 0xcc0]
push edi
mov edi, dword [ebp - 0xc80]
mov eax, dword [ebp - 0xc7c]
push edi
call fcn_fffa7e1a  ; call 0xfffa7e1a
mov al, byte [ebp - 0xc98]
add esp, 0x10
mov dword [ebp - 0xcac], 0
movzx ebx, al
and eax, 2
movzx eax, al
mov dword [ebp - 0xca8], eax
imul eax, edi, 0x12
mov dword [ebp - 0xc88], ebx
mov dword [ebp - 0xcc4], eax
jmp near loc_fffbefc6  ; jmp 0xfffbefc6

loc_fffbedc3:  ; not directly referenced
mov esi, dword [ebp - 0xc7c]
push eax
push 0x18
movzx eax, byte [esi + 0x2489]
push eax
push ebx
mov ebx, dword [ebp - 0xc84]
mov eax, ebx
call dword [eax + 0x64]  ; ucall
add esp, 0xc
push 0x18
movzx eax, byte [esi + 0x2489]
push eax
lea eax, [ebp - 0xbc4]
push eax
mov eax, ebx
call dword [eax + 0x64]  ; ucall
add esp, 0x10
jmp near loc_fffbed6c  ; jmp 0xfffbed6c

loc_fffbee01:  ; not directly referenced
mov esi, dword [ebp - 0xc7c]
push eax
push 1
movzx eax, byte [esi + 0x2489]
push eax
lea eax, [ebp - 0xba0]
add eax, ebx
push eax
mov eax, dword [ebp - 0xc84]
call dword [eax + 0x64]  ; ucall
add esp, 0xc
push 1
movzx eax, byte [esi + 0x2489]
lea esi, [ebp - 0xbe8]
push eax
lea eax, [esi + ebx]
add ebx, 0x24
push eax
mov eax, dword [ebp - 0xc84]
call dword [eax + 0x64]  ; ucall
add esp, 0x10
cmp ebx, 0x48
je loc_fffbed6c  ; je 0xfffbed6c
jmp short loc_fffbee01  ; jmp 0xfffbee01

loc_fffbee55:  ; not directly referenced
cmp byte [ebp - 0xc9c], 0
jne loc_fffbefe5  ; jne 0xfffbefe5

loc_fffbee62:  ; not directly referenced
xor ebx, ebx

loc_fffbee64:  ; not directly referenced
lea eax, [ebp - 0xbe8]
xor edi, edi
mov dword [ebp - 0xcb0], eax
movzx eax, bl
mov dword [ebp - 0xcd0], eax

loc_fffbee7b:  ; not directly referenced
mov eax, dword [ebp - 0xc88]
bt eax, edi
jb loc_fffbf040  ; jb 0xfffbf040

loc_fffbee8a:  ; not directly referenced
inc edi
add dword [ebp - 0xcb0], 0x24
cmp edi, 2
jne short loc_fffbee7b  ; jne 0xfffbee7b
push eax
mov ecx, dword [ebp - 0xc88]
push eax
mov edx, dword [ebp - 0xcc0]
lea eax, [ebp - 0xc68]
push eax
push 0x1f
lea eax, [ebp - 0xc71]
push eax
mov eax, dword [ebp - 0xc80]
push dword [ebp - 0xce4]
push eax
push eax
mov eax, dword [ebp - 0xc7c]
call fcn_fffd16df  ; call 0xfffd16df
movzx eax, bl
add esp, 0x20
mov dword [ebp - 0xce0], eax
imul eax, eax, 0x12
mov dword [ebp - 0xcb0], 0
mov dword [ebp - 0xcfc], eax

loc_fffbeeed:  ; not directly referenced
mov eax, dword [ebp - 0xc88]
mov edi, dword [ebp - 0xcb0]
bt eax, edi
jb loc_fffbf0d2  ; jb 0xfffbf0d2

loc_fffbef02:  ; not directly referenced
inc dword [ebp - 0xcb0]
cmp dword [ebp - 0xcb0], 2
jne short loc_fffbeeed  ; jne 0xfffbeeed
cmp byte [ebp - 0xc99], 0
mov al, 7
cmove ebx, eax
inc ebx
cmp bl, 6
jbe loc_fffbee64  ; jbe 0xfffbee64
mov eax, dword [ebp - 0xc7c]
xor esi, esi
add eax, 0x3757
mov dword [ebp - 0xcb0], eax
mov eax, dword [ebp - 0xcc8]
mov dword [ebp - 0xcb8], eax
imul eax, dword [ebp - 0xc80], 9
mov dword [ebp - 0xcd4], eax

loc_fffbef53:  ; not directly referenced
mov eax, dword [ebp - 0xc88]
bt eax, esi
jae short loc_fffbefa6  ; jae 0xfffbefa6
mov eax, dword [ebp - 0xcb0]
add eax, dword [ebp - 0xcd4]
mov byte [ebp - 0xca4], 0
mov dword [ebp - 0xcd0], eax

loc_fffbef77:  ; not directly referenced
mov eax, dword [ebp - 0xc7c]
movzx eax, byte [eax + 0x2489]
cmp byte [ebp - 0xca4], al
jb loc_fffbf22e  ; jb 0xfffbf22e
push edx
push 0
push eax
mov eax, dword [ebp - 0xc84]
push dword [ebp - 0xcb8]
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffbefa6:  ; not directly referenced
inc esi
add dword [ebp - 0xcb8], 0xcc
add dword [ebp - 0xcb0], 0x13c3
cmp esi, 2
jne short loc_fffbef53  ; jne 0xfffbef53
inc dword [ebp - 0xcac]

loc_fffbefc6:  ; not directly referenced
mov ebx, dword [ebp - 0xcac]
mov al, byte [ebp - 0xced]
mov byte [ebp - 0xccc], bl
cmp bl, al
jb loc_fffbee55  ; jb 0xfffbee55
jmp near loc_fffbf386  ; jmp 0xfffbf386

loc_fffbefe5:  ; not directly referenced
test byte [ebp - 0xc98], 1
je short loc_fffbf00e  ; je 0xfffbf00e
mov cl, byte [ebp - 0xcac]
mov eax, 0x55
mov edx, 0x409a
shl eax, cl
movzx ecx, al
mov eax, dword [ebp - 0xc7c]
call fcn_fffb335b  ; call 0xfffb335b

loc_fffbf00e:  ; not directly referenced
cmp dword [ebp - 0xca8], 0
je loc_fffbee62  ; je 0xfffbee62
mov cl, byte [ebp - 0xcac]
mov eax, 0x55
mov edx, 0x449a
shl eax, cl
movzx ecx, al
mov eax, dword [ebp - 0xc7c]
call fcn_fffb335b  ; call 0xfffb335b
jmp near loc_fffbee62  ; jmp 0xfffbee62

loc_fffbf040:  ; not directly referenced
mov eax, dword [ebp - 0xc88]
lea ecx, [edi + 1]
mov byte [ebp - 0xca4], 1
sar eax, cl
cmp byte [ebp - 0xca0], 4
mov dword [ebp - 0xcb8], eax
jne short loc_fffbf073  ; jne 0xfffbf073
mov eax, dword [ebp - 0xc7c]
mov al, byte [eax + 0x2489]
mov byte [ebp - 0xca4], al

loc_fffbf073:  ; not directly referenced
xor esi, esi

loc_fffbf075:  ; not directly referenced
mov eax, esi
cmp byte [ebp - 0xca4], al
jbe loc_fffbee8a  ; jbe 0xfffbee8a
push 0
mov eax, dword [ebp - 0xcb0]
push dword [ebp - 0xcb8]
mov ecx, dword [ebp - 0xcd0]
push 0
push 0
push esi
push dword [ebp - 0xc80]
push edi
push 0
push 0
mov eax, dword [eax + esi*4]
inc esi
imul eax, dword [ebp + ecx*4 - 0xc04]
mov ecx, 0x18
cdq
idiv ecx
push eax
push dword [ebp - 0xcb4]
push dword [ebp - 0xc7c]
call fcn_fffcd268  ; call 0xfffcd268
add esp, 0x30
jmp short loc_fffbf075  ; jmp 0xfffbf075

loc_fffbf0d2:  ; not directly referenced
imul eax, dword [ebp - 0xcb0], 9
mov byte [ebp - 0xcb8], 0
mov dword [ebp - 0xca4], eax
mov eax, dword [ebp - 0xcfc]
add eax, dword [ebp - 0xca4]
mov dword [ebp - 0xcf8], eax

loc_fffbf0f8:  ; not directly referenced
mov edx, dword [ebp - 0xc7c]
mov al, byte [ebp - 0xcb8]
cmp al, byte [edx + 0x2489]
jae loc_fffbef02  ; jae 0xfffbef02
mov eax, dword [ebp - 0xcc4]
mov edi, dword [ebp - 0xca4]
movzx ecx, byte [ebp - 0xcb8]
mov esi, dword [ebp - 0xcbc]
lea edx, [eax + edi]
add edx, ecx
lea eax, [esi + edx*8]
mov esi, dword [esi + edx*8]
mov dword [ebp - 0xcd0], eax
mov eax, dword [eax + 4]
mov dword [ebp - 0xcd4], esi
mov edx, eax
sub edx, esi
mov dword [ebp - 0xcf4], edx
test bl, bl
jne short loc_fffbf175  ; jne 0xfffbf175
add eax, dword [ebp - 0xcd4]
xor edx, edx
lea esi, [edi + ecx]
mov edi, 0xa
mov dword [ebp + esi*4 - 0xb10], 0
div edi
mov dword [ebp + esi*4 - 0xb58], eax

loc_fffbf175:  ; not directly referenced
mov eax, dword [ebp - 0xca4]
lea esi, [eax + ecx]
mov eax, dword [ebp - 0xce0]
mov edi, esi
mov esi, dword [ebp + esi*4 - 0xb58]
mov edx, dword [ebp + edi*4 - 0xba0]
imul esi, dword [ebp + eax*4 - 0xc3c]
imul edx, dword [ebp + eax*4 - 0xc58]
add edx, esi
mov esi, dword [ebp - 0xcf8]
imul edx, dword [ebp - 0xcf4]
add dword [ebp + edi*4 - 0xb10], edx
cmp dword [ebp + eax*4 - 0xc04], 0
lea edx, [esi + ecx]
mov esi, dword [ebp - 0xcd4]
mov dword [ebp + edx*8 - 0x888], esi
mov esi, dword [ebp - 0xcd0]
mov esi, dword [esi + 4]
mov dword [ebp + edx*8 - 0x884], esi
jns short loc_fffbf223  ; jns 0xfffbf223
cmp bl, 6
je short loc_fffbf223  ; je 0xfffbf223
cmp dword [ebp + eax*4 - 0xc00], 0
jle short loc_fffbf223  ; jle 0xfffbf223
mov eax, dword [ebp - 0xcc4]
mov edx, dword [ebp - 0xca4]
mov esi, dword [ebp + edi*8 - 0x888]
add edx, eax
mov eax, dword [ebp - 0xcbc]
add ecx, edx
mov dword [eax + ecx*8], esi
mov ecx, dword [ebp - 0xcd0]
mov eax, dword [ebp + edi*8 - 0x884]
mov dword [ecx + 4], eax

loc_fffbf223:  ; not directly referenced
inc byte [ebp - 0xcb8]
jmp near loc_fffbf0f8  ; jmp 0xfffbf0f8

loc_fffbf22e:  ; not directly referenced
movzx ebx, byte [ebp - 0xca4]
lea ecx, [esi + esi*8]
mov edi, dword [ebp - 0xcdc]
mov eax, dword [ebp - 0xcd8]
add ecx, ebx
imul edi, dword [ebp + ecx*4 - 0xb58]
imul eax, dword [ebp + ecx*4 - 0xba0]
add edi, eax
je loc_fffbf97d  ; je 0xfffbf97d
mov edx, dword [ebp + ecx*4 - 0xb10]
mov eax, edx
sar eax, 0x1f
or eax, 1
movsx eax, al
imul eax, edi
imul edi, edi, 0x14
imul eax, eax, 0xa
add eax, edx
cdq
idiv edi
cmp byte [ebp - 0xc9a], 1
mov edi, eax
mov dword [ebp + ecx*4 - 0xb10], eax
jne short loc_fffbf2eb  ; jne 0xfffbf2eb
cmp byte [ebp - 0xccc], 0
jne short loc_fffbf2a6  ; jne 0xfffbf2a6
mov ecx, dword [ebp - 0xcd0]
add byte [ebx + ecx + 0x104a], al

loc_fffbf2a6:  ; not directly referenced
cmp byte [ebp - 0xccc], 1
sete dl
cmp byte [ebp - 0xc9c], 0
sete al
or dl, al
je short loc_fffbf320  ; je 0xfffbf320
mov edx, dword [ebp - 0xcd0]
mov eax, edi
mov ecx, dword [ebp - 0xc80]
add byte [ebx + edx + 0x106e], al
mov edx, esi
push eax
mov eax, dword [ebp - 0xc7c]
push 0
push 0xff
push ebx
call fcn_fffa7447  ; call 0xfffa7447
jmp short loc_fffbf31d  ; jmp 0xfffbf31d

loc_fffbf2eb:  ; not directly referenced
mov eax, dword [ebp - 0xcd4]
mov edx, esi
mov ecx, dword [ebp - 0xcb0]
add eax, ebx
add word [ecx + eax*2 + 0x169], di
mov eax, dword [ebp - 0xc7c]
push ecx
mov ecx, dword [ebp - 0xc80]
push 0
push 0xff
push ebx
call fcn_fffa735e  ; call 0xfffa735e

loc_fffbf31d:  ; not directly referenced
add esp, 0x10

loc_fffbf320:  ; not directly referenced
imul edi, edi, 0xa
xor ecx, ecx
lea edx, [esi + esi*8]

loc_fffbf328:  ; not directly referenced
movzx eax, cl
imul eax, eax, 0x12
add eax, edx
add eax, ebx
add dword [ebp + eax*8 - 0x888], edi
sub dword [ebp + eax*8 - 0x884], edi
mov al, 7
cmp byte [ebp - 0xc99], 0
cmove ecx, eax
inc ecx
cmp cl, 6
jbe short loc_fffbf328  ; jbe 0xfffbf328
lea ecx, [esi + esi*8]
mov edi, dword [ebp - 0xcbc]
lea eax, [ecx + ebx]
mov edx, dword [ebp + eax*8 - 0x888]
add ecx, dword [ebp - 0xcc4]
inc byte [ebp - 0xca4]
add ebx, ecx
mov dword [edi + ebx*8], edx
mov eax, dword [ebp + eax*8 - 0x884]
mov dword [edi + ebx*8 + 4], eax
jmp near loc_fffbef77  ; jmp 0xfffbef77

loc_fffbf386:  ; not directly referenced
cmp byte [ebp - 0xcee], 0
je loc_fffbec95  ; je 0xfffbec95
cmp byte [ebp - 0xc99], 0
jne short loc_fffbf3e9  ; jne 0xfffbf3e9

loc_fffbf39c:  ; not directly referenced
mov eax, dword [ebp - 0xc98]
and eax, 1
mov dword [ebp - 0xcb0], eax
je short loc_fffbf3c2  ; je 0xfffbf3c2
mov eax, dword [ebp - 0xc7c]
mov ecx, 0xffff3001
mov edx, 0x4098
call fcn_fffb3381  ; call 0xfffb3381

loc_fffbf3c2:  ; not directly referenced
cmp dword [ebp - 0xca8], 0
je loc_fffbf46e  ; je 0xfffbf46e
mov eax, dword [ebp - 0xc7c]
mov ecx, 0xffff3001
mov edx, 0x4498
call fcn_fffb3381  ; call 0xfffb3381
jmp near loc_fffbf46e  ; jmp 0xfffbf46e

loc_fffbf3e9:  ; not directly referenced
sub esp, 0xc
mov ecx, dword [ebp - 0xc80]
lea eax, [ebp - 0xc68]
mov edx, dword [ebp - 0xc88]
push eax
lea ebx, [ebp - 0xbe8]
push ebx
lea eax, [ebp - 0xba0]
push eax
lea eax, [ebp - 0xc71]
push eax
mov eax, dword [ebp - 0xc7c]
push dword [ebp - 0xcb4]
call fcn_fffbe830  ; call 0xfffbe830
add esp, 0x20
test eax, eax
je loc_fffbf39c  ; je 0xfffbf39c
push edi
mov edi, dword [ebp - 0xc7c]
push 0x18
movzx eax, byte [edi + 0x2489]
push eax
push ebx
mov ebx, dword [ebp - 0xc84]
mov eax, ebx
call dword [eax + 0x64]  ; ucall
add esp, 0xc
push 0x18
movzx eax, byte [edi + 0x2489]
push eax
lea eax, [ebp - 0xbc4]
push eax
mov eax, ebx
call dword [eax + 0x64]  ; ucall
add esp, 0x10
jmp near loc_fffbf39c  ; jmp 0xfffbf39c

loc_fffbf46e:  ; not directly referenced
movzx eax, byte [ebp - 0xc9b]
mov byte [ebp - 0xc98], 0
mov dword [ebp - 0xcd0], eax

loc_fffbf482:  ; not directly referenced
lea eax, [ebp - 0xbe8]
xor ebx, ebx
mov dword [ebp - 0xcac], eax
movzx eax, byte [ebp - 0xc98]
lea edi, [ebp - 0x498]
mov dword [ebp - 0xcc4], eax

loc_fffbf4a3:  ; not directly referenced
mov eax, dword [ebp - 0xc88]
bt eax, ebx
jb loc_fffbf55d  ; jb 0xfffbf55d

loc_fffbf4b2:  ; not directly referenced
mov eax, dword [ebp - 0xc84]
inc ebx
push esi
push 8
push 0x90
push edi
add edi, 0x240
call dword [eax + 0x64]  ; ucall
add esp, 0x10
add dword [ebp - 0xcac], 0x24
cmp ebx, 2
jne short loc_fffbf4a3  ; jne 0xfffbf4a3
movzx eax, byte [ebp - 0xc98]
mov ebx, dword [ebp - 0xc7c]
mov edx, dword [ebp - 0xc88]
mov dword [ebp - 0xcd4], eax
imul eax, eax, 0x90
mov byte [ebx + 0x248d], 1
push ecx
mov ecx, dword [ebp - 0xc80]
push dword [ebp - 0xcd0]
lea eax, [ebp + eax - 0x888]
push eax
lea eax, [ebp - 0x498]
push eax
mov eax, ebx
call fcn_fffbdad4  ; call 0xfffbdad4
lea eax, [ebp - 0xac8]
add esp, 0x10
mov dword [ebp - 0xcac], eax
lea eax, [ebp - 0xba0]
xor ebx, ebx
mov dword [ebp - 0xcc4], eax
lea eax, [ebp - 0xb58]
mov dword [ebp - 0xcb8], eax
lea eax, [ebp - 0x498]
mov dword [ebp - 0xccc], eax
jmp near loc_fffbf61b  ; jmp 0xfffbf61b

loc_fffbf55d:  ; not directly referenced
mov eax, dword [ebp - 0xc88]
lea ecx, [ebx + 1]
mov byte [ebp - 0xca4], 1
sar eax, cl
cmp byte [ebp - 0xca0], 4
mov dword [ebp - 0xcb8], eax
jne short loc_fffbf590  ; jne 0xfffbf590
mov eax, dword [ebp - 0xc7c]
mov al, byte [eax + 0x2489]
mov byte [ebp - 0xca4], al

loc_fffbf590:  ; not directly referenced
xor esi, esi

loc_fffbf592:  ; not directly referenced
mov eax, esi
cmp byte [ebp - 0xca4], al
jbe loc_fffbf4b2  ; jbe 0xfffbf4b2
push 0
mov eax, dword [ebp - 0xcac]
mov ecx, 0x18
push dword [ebp - 0xcb8]
mov edx, dword [ebp - 0xcc4]
push 0
push 0
push esi
push dword [ebp - 0xc80]
push ebx
push 0
push 0
mov eax, dword [eax + esi*4]
inc esi
imul eax, dword [ebp + edx*4 - 0xc04]
cdq
idiv ecx
push eax
push dword [ebp - 0xcb4]
push dword [ebp - 0xc7c]
call fcn_fffcd268  ; call 0xfffcd268
add esp, 0x30
jmp short loc_fffbf592  ; jmp 0xfffbf592

loc_fffbf5ef:  ; not directly referenced
inc ebx
add dword [ebp - 0xcac], 0x120
add dword [ebp - 0xccc], 0x240
add dword [ebp - 0xcc4], 0x24
add dword [ebp - 0xcb8], 0x24
cmp ebx, 2
je loc_fffbf6cb  ; je 0xfffbf6cb

loc_fffbf61b:  ; not directly referenced
mov eax, dword [ebp - 0xc88]
bt eax, ebx
jae short loc_fffbf5ef  ; jae 0xfffbf5ef
mov eax, dword [ebp - 0xc7c]
xor edx, edx
mov esi, dword [ebp - 0xccc]
mov al, byte [eax + 0x2489]
mov byte [ebp - 0xce0], al
mov eax, dword [ebp - 0xcac]
mov dword [ebp - 0xca4], eax

loc_fffbf64c:  ; not directly referenced
cmp byte [ebp - 0xce0], dl
jbe short loc_fffbf5ef  ; jbe 0xfffbf5ef
mov eax, dword [ebp - 0xcb8]
mov edi, dword [ebp - 0xcd4]
mov ecx, dword [eax + edx*4]
mov eax, dword [ebp - 0xcc4]
imul ecx, dword [ebp + edi*4 - 0xc3c]
mov eax, dword [eax + edx*4]
imul eax, dword [ebp + edi*4 - 0xc58]
add eax, ecx
mov dword [ebp - 0xcf4], eax
xor eax, eax

loc_fffbf686:  ; not directly referenced
mov edi, dword [esi + eax*2 + 4]
add edi, dword [esi + eax*2]
sub edi, 0x10
cmp byte [ebp - 0xc98], 0
jne short loc_fffbf6a6  ; jne 0xfffbf6a6
mov ecx, dword [ebp - 0xca4]
mov dword [ecx + eax], 0

loc_fffbf6a6:  ; not directly referenced
mov ecx, dword [ebp - 0xca4]
imul edi, dword [ebp - 0xcf4]
add dword [ecx + eax], edi
add eax, 4
cmp eax, 0x20
jne short loc_fffbf686  ; jne 0xfffbf686
inc edx
add esi, 0x40
add dword [ebp - 0xca4], 0x20
jmp short loc_fffbf64c  ; jmp 0xfffbf64c

loc_fffbf6cb:  ; not directly referenced
mov bl, byte [ebp - 0xc98]
mov al, 7
cmp byte [ebp - 0xc99], 0
cmove ebx, eax
mov byte [ebp - 0xc98], bl
inc byte [ebp - 0xc98]
cmp byte [ebp - 0xc98], 6
jbe loc_fffbf482  ; jbe 0xfffbf482
mov eax, dword [ebp - 0xc7c]
xor edi, edi
mov ebx, dword [ebp - 0xcc8]
mov dword [ebp - 0xcac], 0
add eax, 0x3757
mov dword [ebp - 0xcb8], eax
imul eax, dword [ebp - 0xc80], 0xd8
mov dword [ebp - 0xcc4], ebx
add eax, 0x282
mov dword [ebp - 0xcf4], eax

loc_fffbf734:  ; not directly referenced
mov eax, dword [ebp - 0xc88]
bt eax, edi
jae loc_fffbf8d0  ; jae 0xfffbf8d0
mov eax, dword [ebp - 0xc7c]
mov edx, edi
mov ecx, 0xffff0001
shl edx, 0xa
add edx, 0x4098
call fcn_fffb3381  ; call 0xfffb3381
lea eax, [edi + edi*8]
mov byte [ebp - 0xc98], 0
mov dword [ebp - 0xce0], eax

loc_fffbf76e:  ; not directly referenced
mov eax, dword [ebp - 0xc7c]
movzx eax, byte [eax + 0x2489]
cmp byte [ebp - 0xc98], al
jae loc_fffbf8ba  ; jae 0xfffbf8ba
movzx eax, byte [ebp - 0xc98]
mov edx, dword [ebp - 0xcdc]
mov ebx, dword [ebp - 0xcd8]
mov dword [ebp - 0xca4], 0
mov esi, eax
mov dword [ebp - 0xccc], eax
mov eax, dword [ebp - 0xce0]
add eax, esi
imul ebx, dword [ebp + eax*4 - 0xba0]
imul edx, dword [ebp + eax*4 - 0xb58]
mov eax, 1
add edx, ebx
cmovne eax, edx
xor ecx, ecx
mov ebx, eax
add ebx, eax
mov dword [ebp - 0xcd4], ebx
imul ebx, esi, 0x18
add esi, dword [ebp - 0xcac]
add ebx, dword [ebp - 0xcf4]
add ebx, dword [ebp - 0xcb8]
mov dword [ebp - 0xcc8], eax
shl esi, 5
lea eax, [ebp - 0xac8]
add esi, eax

loc_fffbf800:  ; not directly referenced
mov edx, dword [esi + ecx]
mov eax, edx
sar eax, 0x1f
or eax, 1
movsx eax, al
imul eax, dword [ebp - 0xcc8]
add eax, edx
cdq
idiv dword [ebp - 0xcd4]
cmp byte [ebp - 0xc9a], 1
jne short loc_fffbf82c  ; jne 0xfffbf82c
movzx edx, byte [ebx]
jmp short loc_fffbf833  ; jmp 0xfffbf833

loc_fffbf82c:  ; not directly referenced
movzx edx, byte [ebx + 0x360]

loc_fffbf833:  ; not directly referenced
add eax, edx
cmp eax, 0xf
jle short loc_fffbf843  ; jle 0xfffbf843
mov dword [esi + ecx], 0xf
jmp short loc_fffbf850  ; jmp 0xfffbf850

loc_fffbf843:  ; not directly referenced
test eax, eax
mov edx, 0
cmovs eax, edx
mov dword [esi + ecx], eax

loc_fffbf850:  ; not directly referenced
cmp byte [ebp - 0xc9a], 1
mov eax, dword [esi + ecx]
jne short loc_fffbf860  ; jne 0xfffbf860
mov byte [ebx], al
jmp short loc_fffbf866  ; jmp 0xfffbf866

loc_fffbf860:  ; not directly referenced
mov byte [ebx + 0x360], al

loc_fffbf866:  ; not directly referenced
mov eax, dword [esi + ecx]
add ebx, 3
shl eax, cl
add ecx, 4
or dword [ebp - 0xca4], eax
cmp ecx, 0x20
jne short loc_fffbf800  ; jne 0xfffbf800
push 0
push 0
push 0
push 0
push dword [ebp - 0xccc]
push dword [ebp - 0xc80]
push edi
push 0
push 0
push dword [ebp - 0xca4]
push dword [ebp - 0xcd0]
push dword [ebp - 0xc7c]
call fcn_fffcd268  ; call 0xfffcd268
add esp, 0x30
inc byte [ebp - 0xc98]
jmp near loc_fffbf76e  ; jmp 0xfffbf76e

loc_fffbf8ba:  ; not directly referenced
push edx
push 0
push eax
mov eax, dword [ebp - 0xc84]
push dword [ebp - 0xcc4]
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffbf8d0:  ; not directly referenced
inc edi
add dword [ebp - 0xcc4], 0xcc
add dword [ebp - 0xcac], 9
add dword [ebp - 0xcb8], 0x13c3
cmp edi, 2
jne loc_fffbf734  ; jne 0xfffbf734
cmp dword [ebp - 0xcb0], 0
je short loc_fffbf913  ; je 0xfffbf913
mov eax, dword [ebp - 0xc7c]
mov ecx, 0xffff3001
mov edx, 0x4098
call fcn_fffb3381  ; call 0xfffb3381

loc_fffbf913:  ; not directly referenced
cmp dword [ebp - 0xca8], 0
je short loc_fffbf931  ; je 0xfffbf931
mov eax, dword [ebp - 0xc7c]
mov ecx, 0xffff3001
mov edx, 0x4498
call fcn_fffb3381  ; call 0xfffb3381

loc_fffbf931:  ; not directly referenced
cmp dword [ebp - 0xcb0], 0
je short loc_fffbf94f  ; je 0xfffbf94f
mov eax, dword [ebp - 0xc7c]
mov ecx, 0xffff0001
mov edx, 0x4098
call fcn_fffb3381  ; call 0xfffb3381

loc_fffbf94f:  ; not directly referenced
cmp dword [ebp - 0xca8], 0
je loc_fffbec95  ; je 0xfffbec95
mov eax, dword [ebp - 0xc7c]
mov ecx, 0xffff0001
mov edx, 0x4498
call fcn_fffb3381  ; call 0xfffb3381
jmp near loc_fffbec95  ; jmp 0xfffbec95

loc_fffbf976:  ; not directly referenced
mov eax, 2
jmp short loc_fffbf982  ; jmp 0xfffbf982

loc_fffbf97d:  ; not directly referenced
mov eax, 1

loc_fffbf982:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffbf98a:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x1040
mov edi, dword [eax + 0x5edd]
mov dword [ebp - 0x101c], edx
mov dl, byte [ebp + 0x10]
mov dword [ebp - 0xffc], eax
mov esi, dword [ebp + 8]
mov dword [ebp - 0x1000], ecx
mov ebx, dword [ebp + 0xc]
mov byte [ebp - 0xff7], 0
mov byte [ebp - 0x1008], dl
mov edx, dword [eax + 0x2444]
mov eax, dword [eax + 0x188b]
push 0
push 0x10
mov dword [ebp - 0x102c], eax
lea eax, [ebp - 0xfe8]
push eax
mov dword [ebp - 0x1038], esi
mov byte [ebp - 0xff6], 0xf8
mov byte [ebp - 0xff5], 8
mov byte [ebp - 0xff4], 1
mov byte [ebp - 0xff3], 1
mov byte [ebp - 0xff2], 1
mov dword [ebp - 0x1010], edx
call dword [edx + 0x5c]  ; ucall
mov ecx, dword [ebp - 0x1000]
add esp, 0x10
xor eax, eax

loc_fffbfa1e:  ; not directly referenced
mov byte [ebp + eax - 0xff1], al
inc eax
cmp eax, 9
jne short loc_fffbfa1e  ; jne 0xfffbfa1e
mov eax, dword [ebp - 0xffc]
sub esp, 0xc
movzx edx, cl
push 2
mov ecx, 0xf
call fcn_fffae9e2  ; call 0xfffae9e2
add esp, 0x10
xor eax, eax
mov byte [ebp - 0x1004], 0
mov dl, 3

loc_fffbfa51:  ; not directly referenced
movzx ecx, al
mov cl, byte [ebp + ecx - 0xff4]
add byte [ebp - 0x1004], cl
cmp byte [ebp - 0x1008], 0
cmove eax, edx
inc eax
cmp al, 2
jbe short loc_fffbfa51  ; jbe 0xfffbfa51
mov esi, dword [ebp - 0x1004]
mov eax, esi
test al, al
mov al, 1
cmove esi, eax
dec bl
mov eax, esi
mov byte [ebp - 0x1004], al
jne short loc_fffbfab2  ; jne 0xfffbfab2
push 1
push 0
push 1
push 0
push 0
push 0
push 0
push 1
push 0
push 0x88888888
push 0xa
push dword [ebp - 0xffc]
call fcn_fffcd268  ; call 0xfffcd268
add esp, 0x30

loc_fffbfab2:  ; not directly referenced
mov eax, dword [ebp - 0xffc]
xor ebx, ebx
mov byte [ebp - 0x1000], 0
lea esi, [eax + 0x381b]
lea eax, [edi + 0x70]
mov dword [ebp - 0x1028], eax
mov edi, eax

loc_fffbfad2:  ; not directly referenced
movzx ecx, byte [esi]
mov edx, ebx
mov eax, dword [ebp - 0xffc]
call fcn_fffad317  ; call 0xfffad317
or byte [ebp - 0x1000], al
cmp dword [esi - 0xc4], 2
jne short loc_fffbfb0f  ; jne 0xfffbfb0f
mov eax, dword [ebp - 0xffc]
push ecx
push 0
movzx eax, byte [eax + 0x2489]
push eax
mov eax, dword [ebp - 0x1010]
push edi
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffbfb0f:  ; not directly referenced
inc ebx
add esi, 0x13c3
add edi, 0xcc
cmp ebx, 2
jne short loc_fffbfad2  ; jne 0xfffbfad2
mov eax, dword [ebp - 0xffc]
mov ecx, 1
push edx
push edx
push 0xf
lea edi, [eax + 0x2491]
push 0
mov edx, edi
mov dword [ebp - 0x1014], edi
call fcn_fffa7e1a  ; call 0xfffa7e1a
movzx eax, byte [ebp - 0x1000]
lea ecx, [ebp - 0xfd8]
mov esi, dword [ebp - 0x101c]
add esp, 0x10
mov dword [ebp - 0x100c], 0
mov dword [ebp - 0x1000], eax

loc_fffbfb6b:  ; not directly referenced
mov eax, dword [ebp - 0x1000]
mov edi, dword [ebp - 0x100c]
bt eax, edi
jae short loc_fffbfbd0  ; jae 0xfffbfbd0
mov eax, dword [ebp - 0xffc]
xor edi, edi
mov al, byte [eax + 0x2489]
mov byte [ebp - 0x1018], al
jmp short loc_fffbfbc6  ; jmp 0xfffbfbc6

loc_fffbfb92:  ; not directly referenced
cmp byte [ebp - 0x1008], 0
je short loc_fffbfc08  ; je 0xfffbfc08
mov eax, dword [esi + edi*8 + 0x244]
mov ebx, 0x14
xor edx, edx
add eax, dword [esi + edi*8 + 0x240]
div ebx
mov dword [ecx + edi*4], eax

loc_fffbfbb5:  ; not directly referenced
mov eax, dword [ecx + edi*4]
dec eax
cmp eax, 0xb
jbe short loc_fffbfbc5  ; jbe 0xfffbfbc5
mov dword [ecx + edi*4], 0xc

loc_fffbfbc5:  ; not directly referenced
inc edi

loc_fffbfbc6:  ; not directly referenced
mov eax, edi
cmp byte [ebp - 0x1018], al
ja short loc_fffbfb92  ; ja 0xfffbfb92

loc_fffbfbd0:  ; not directly referenced
inc dword [ebp - 0x100c]
add ecx, 0x24
add esi, 0x48
cmp dword [ebp - 0x100c], 2
jne short loc_fffbfb6b  ; jne 0xfffbfb6b
push eax
mov edx, dword [ebp - 0x1014]
mov ecx, 4
push eax
mov eax, dword [ebp - 0xffc]
xor edi, edi
push 0xf
push 0
call fcn_fffa7e1a  ; call 0xfffa7e1a
add esp, 0x10
jmp short loc_fffbfc11  ; jmp 0xfffbfc11

loc_fffbfc08:  ; not directly referenced
mov dword [ecx + edi*4], 1
jmp short loc_fffbfbb5  ; jmp 0xfffbfbb5

loc_fffbfc11:  ; not directly referenced
mov eax, edi
xor ebx, ebx
movzx esi, al

loc_fffbfc18:  ; not directly referenced
mov eax, dword [ebp - 0x1000]
bt eax, ebx
jae short loc_fffbfc30  ; jae 0xfffbfc30
lea eax, [ebx + ebx*8]
xor ecx, ecx
mov dword [ebp - 0x100c], eax
jmp short loc_fffbfc9c  ; jmp 0xfffbfc9c

loc_fffbfc30:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffbfc18  ; jne 0xfffbfc18
push eax
mov ecx, dword [ebp - 0x1000]
push eax
mov edx, dword [ebp - 0x1014]
lea eax, [ebp - 0xfe8]
push eax
push 0x36
lea eax, [ebp - 0xff1]
push eax
mov eax, dword [ebp - 0xffc]
push 4
push 0xff
push 0
call fcn_fffd16df  ; call 0xfffd16df
mov eax, edi
mov ebx, dword [ebp - 0x101c]
movzx eax, al
add esp, 0x20
imul ecx, eax, 0x90
lea edx, [ebp - 0xf90]
mov dword [ebp - 0x100c], ebx
xor ebx, ebx
mov dword [ebp - 0x1034], eax
lea esi, [ebp + ecx - 0xf48]
jmp near loc_fffbfd30  ; jmp 0xfffbfd30

loc_fffbfc9c:  ; not directly referenced
mov eax, dword [ebp - 0xffc]
cmp cl, byte [eax + 0x2489]
jae short loc_fffbfc30  ; jae 0xfffbfc30
push 2
mov edx, dword [ebp - 0x100c]
movzx eax, cl
push 0
push 1
push 0
push eax
add edx, eax
movsx eax, byte [ebp + esi - 0xff7]
imul eax, dword [ebp + edx*4 - 0xfd8]
mov dword [ebp - 0x1018], ecx
mov ecx, 0xc
push 0
push ebx
cdq
idiv ecx
push 0
push 0
push eax
push 1
push dword [ebp - 0xffc]
call fcn_fffcd268  ; call 0xfffcd268
mov ecx, dword [ebp - 0x1018]
add esp, 0x30
inc ecx
jmp short loc_fffbfc9c  ; jmp 0xfffbfc9c

loc_fffbfcfd:  ; not directly referenced
mov eax, dword [ebp - 0xffc]
mov al, byte [eax + 0x2489]
mov byte [ebp - 0x1030], al
xor eax, eax

loc_fffbfd11:  ; not directly referenced
cmp byte [ebp - 0x1030], al
ja short loc_fffbfd3d  ; ja 0xfffbfd3d

loc_fffbfd19:  ; not directly referenced
inc ebx
add edx, 0x24
add esi, 0x48
add dword [ebp - 0x100c], 0x48
cmp ebx, 2
je loc_fffbfdb6  ; je 0xfffbfdb6

loc_fffbfd30:  ; not directly referenced
mov eax, dword [ebp - 0x1000]
bt eax, ebx
jb short loc_fffbfcfd  ; jb 0xfffbfcfd
jmp short loc_fffbfd19  ; jmp 0xfffbfd19

loc_fffbfd3d:  ; not directly referenced
mov dword [ebp - 0x103c], edx
mov edx, dword [ebp - 0x100c]
mov ecx, dword [edx + eax*8 + 4]
mov edx, dword [edx + eax*8]
mov dword [ebp - 0x1018], ecx
sub ecx, edx
mov dword [ebp - 0x1024], ecx
mov ecx, edi
test cl, cl
mov dword [ebp - 0x1020], edx
mov edx, dword [ebp - 0x103c]
jne short loc_fffbfd77  ; jne 0xfffbfd77
mov dword [edx + eax*4], 0

loc_fffbfd77:  ; not directly referenced
mov dword [ebp - 0x103c], eax
mov eax, dword [ebp - 0x1034]
movzx eax, byte [ebp + eax - 0xff4]
imul eax, dword [ebp - 0x1024]
mov ecx, eax
mov eax, dword [ebp - 0x103c]
add dword [edx + eax*4], ecx
mov ecx, dword [ebp - 0x1020]
mov dword [esi + eax*8], ecx
mov ecx, dword [ebp - 0x1018]
mov dword [esi + eax*8 + 4], ecx
inc eax
jmp near loc_fffbfd11  ; jmp 0xfffbfd11

loc_fffbfdb6:  ; not directly referenced
cmp byte [ebp - 0x1008], 0
mov al, 3
cmove edi, eax
inc edi
mov eax, edi
cmp al, 2
jbe loc_fffbfc11  ; jbe 0xfffbfc11
movsx eax, byte [ebp - 0x1004]
mov dword [ebp - 0x1004], 0
mov dword [ebp - 0x1018], eax
imul eax, eax, 0x14
mov dword [ebp - 0x1030], eax
mov eax, dword [ebp - 0xffc]
add eax, 0x3757
mov dword [ebp - 0x1034], eax
mov dword [ebp - 0x1014], eax
mov eax, dword [ebp - 0x1028]
mov dword [ebp - 0x1024], eax

loc_fffbfe10:  ; not directly referenced
mov eax, dword [ebp - 0x1000]
mov ebx, dword [ebp - 0x1004]
bt eax, ebx
jae loc_fffbff78  ; jae 0xfffbff78
lea eax, [ebx + ebx*8]
mov byte [ebp - 0x100c], 0
mov dword [ebp - 0x1020], eax

loc_fffbfe35:  ; not directly referenced
mov eax, dword [ebp - 0xffc]
movzx eax, byte [eax + 0x2489]
cmp byte [ebp - 0x100c], al
jae loc_fffbff3d  ; jae 0xfffbff3d
movzx ebx, byte [ebp - 0x100c]
mov eax, dword [ebp - 0x1020]
lea ecx, [eax + ebx]
mov eax, dword [ebp + ecx*4 - 0xf90]
cdq
or edx, 1
movsx edi, dl
imul edi, dword [ebp - 0x1018]
imul esi, edi, 0xa
mov edi, dword [ebp - 0x1014]
add eax, esi
cdq
idiv dword [ebp - 0x1030]
mov dword [ebp + ecx*4 - 0xf90], eax
cdq
mov ecx, 2
mov esi, eax
idiv ecx
add byte [edi + ebx + 0x101d], al
xor edi, edi

loc_fffbfe9f:  ; not directly referenced
mov edx, dword [ebp - 0x1014]
mov eax, 1
mov ecx, edi
shl eax, cl
test byte [edx + 0xc4], al
je short loc_fffbfed5  ; je 0xfffbfed5
mov edx, dword [ebp - 0x1004]
mov ecx, edi
push eax
mov eax, dword [ebp - 0xffc]
push 0
push 0xff
push ebx
call fcn_fffa7447  ; call 0xfffa7447
add esp, 0x10

loc_fffbfed5:  ; not directly referenced
inc edi
cmp edi, 4
jne short loc_fffbfe9f  ; jne 0xfffbfe9f
imul edi, esi, 0xa
xor ecx, ecx
imul esi, esi, 0xfffffff6
mov dl, 3

loc_fffbfee5:  ; not directly referenced
movzx eax, cl
imul eax, eax, 0x12
add eax, dword [ebp - 0x1020]
add eax, ebx
add dword [ebp + eax*8 - 0xf48], edi
add dword [ebp + eax*8 - 0xf44], esi
cmp byte [ebp - 0x1008], 0
cmove ecx, edx
inc ecx
cmp cl, 2
jbe short loc_fffbfee5  ; jbe 0xfffbfee5
add ebx, dword [ebp - 0x1020]
mov edi, dword [ebp - 0x101c]
inc byte [ebp - 0x100c]
mov eax, dword [ebp + ebx*8 - 0xf48]
mov dword [edi + ebx*8], eax
mov eax, dword [ebp + ebx*8 - 0xf44]
mov dword [edi + ebx*8 + 4], eax
jmp near loc_fffbfe35  ; jmp 0xfffbfe35

loc_fffbff3d:  ; not directly referenced
push ebx
push 0
push eax
mov eax, dword [ebp - 0x1010]
push dword [ebp - 0x1024]
call dword [eax + 0x64]  ; ucall
mov edx, dword [ebp - 0x1004]
mov ecx, 1
mov dword [esp], 0
mov eax, dword [ebp - 0xffc]
push 1
push 0
push 2
push 0
call fcn_fffa7273  ; call 0xfffa7273
add esp, 0x20

loc_fffbff78:  ; not directly referenced
inc dword [ebp - 0x1004]
add dword [ebp - 0x1024], 0xcc
add dword [ebp - 0x1014], 0x13c3
cmp dword [ebp - 0x1004], 2
jne loc_fffbfe10  ; jne 0xfffbfe10
cmp dword [ebp - 0x102c], 1
sete dl
cmp byte [ebp - 0x1038], 0
setne cl
mov al, cl
and eax, edx
xor eax, 1
test al, cl
je loc_fffc03d7  ; je 0xfffc03d7
cmp dl, 1
sbb eax, eax
mov dword [ebp - 0x100c], eax
and byte [ebp - 0x100c], 0xfd
add byte [ebp - 0x100c], 4
test byte [ebp - 0x1000], 1
je short loc_fffbfff9  ; je 0xfffbfff9
mov eax, dword [ebp - 0xffc]
mov ecx, 0xffff3001
mov edx, 0x4098
call fcn_fffb3381  ; call 0xfffb3381

loc_fffbfff9:  ; not directly referenced
test byte [ebp - 0x1000], 2
je short loc_fffc0017  ; je 0xfffc0017
mov eax, dword [ebp - 0xffc]
mov ecx, 0xffff3001
mov edx, 0x4498
call fcn_fffb3381  ; call 0xfffb3381

loc_fffc0017:  ; not directly referenced
mov byte [ebp - 0x1004], 0

loc_fffc001e:  ; not directly referenced
movzx edi, byte [ebp - 0x1004]
xor ebx, ebx

loc_fffc0027:  ; not directly referenced
mov eax, dword [ebp - 0x1000]
bt eax, ebx
jb short loc_fffc0068  ; jb 0xfffc0068

loc_fffc0032:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffc0027  ; jne 0xfffc0027
movzx eax, byte [ebp - 0x1004]
lea ebx, [ebp - 0xf48]
mov dword [ebp - 0x1014], 0
mov dword [ebp - 0x1030], eax
imul eax, eax, 0x90
add eax, ebx
mov dword [ebp - 0x1038], eax
jmp near loc_fffc0138  ; jmp 0xfffc0138

loc_fffc0068:  ; not directly referenced
lea eax, [ebx + ebx*8]
xor ecx, ecx
mov dword [ebp - 0x1014], eax
mov dword [ebp - 0x101c], eax

loc_fffc0079:  ; not directly referenced
mov eax, dword [ebp - 0xffc]
cmp cl, byte [eax + 0x2489]
jae short loc_fffc0032  ; jae 0xfffc0032
mov eax, dword [ebp - 0x101c]
movzx esi, cl
mov dword [ebp - 0x1020], ecx
mov ecx, 0xc
push 1
push 0
lea edx, [eax + esi]
movsx eax, byte [ebp + edi - 0xff7]
imul eax, dword [ebp + edx*4 - 0xfd8]
push 1
push 0
push esi
cdq
idiv ecx
push 0
push ebx
push 0
push 0
push eax
push 1
push dword [ebp - 0xffc]
call fcn_fffcd268  ; call 0xfffcd268
mov ecx, dword [ebp - 0x1020]
lea eax, [ebp - 0xd98]
add esi, dword [ebp - 0x1014]
add esp, 0x30
shl esi, 6
add esi, eax
xor eax, eax

loc_fffc00eb:  ; not directly referenced
mov dword [esi + eax + 4], 8
mov dword [esi + eax], 8
add eax, 8
cmp eax, 0x40
jne short loc_fffc00eb  ; jne 0xfffc00eb
inc ecx
jmp near loc_fffc0079  ; jmp 0xfffc0079

loc_fffc0108:  ; not directly referenced
mov eax, dword [ebp - 0x1000]
bt eax, edx
jb short loc_fffc0178  ; jb 0xfffc0178

loc_fffc0113:  ; not directly referenced
inc edx
add dword [ebp - 0x101c], 0x24
cmp edx, 2
jne short loc_fffc0108  ; jne 0xfffc0108
inc dword [ebp - 0x1014]
mov al, byte [ebp - 0x1014]
cmp byte [ebp - 0x100c], al
jbe loc_fffc020e  ; jbe 0xfffc020e

loc_fffc0138:  ; not directly referenced
mov eax, dword [ebp - 0xffc]
lea esi, [ebp - 0xd98]
mov edx, dword [ebp - 0x1000]
mov byte [eax + 0x248d], 1
push ecx
push 0xa
push dword [ebp - 0x1038]
push esi
mov esi, dword [ebp - 0x1014]
mov ecx, esi
call fcn_fffbdad4  ; call 0xfffbdad4
lea eax, [esi + esi*8]
add esp, 0x10
mov dword [ebp - 0x101c], eax
xor edx, edx
jmp short loc_fffc0108  ; jmp 0xfffc0108

loc_fffc0178:  ; not directly referenced
mov eax, dword [ebp - 0xffc]
xor ecx, ecx
mov al, byte [eax + 0x2489]
mov byte [ebp - 0x102c], al
lea eax, [edx + edx*8]
mov dword [ebp - 0x1020], eax

loc_fffc0195:  ; not directly referenced
cmp cl, byte [ebp - 0x102c]
je loc_fffc0113  ; je 0xfffc0113
mov eax, dword [ebp - 0x1030]
movzx ebx, cl
movzx eax, byte [ebp + eax - 0xff4]
mov dword [ebp - 0x1024], eax
mov eax, dword [ebp - 0x1020]
lea edi, [ebx + eax]
add ebx, dword [ebp - 0x101c]
lea eax, [ebp - 0xd98]
shl edi, 6
add edi, eax
shl ebx, 5
lea eax, [ebp - 0x918]
add ebx, eax
xor eax, eax

loc_fffc01df:  ; not directly referenced
mov esi, dword [edi + eax*2 + 4]
add esi, dword [edi + eax*2]
sub esi, 0x10
cmp byte [ebp - 0x1004], 0
jne short loc_fffc01f9  ; jne 0xfffc01f9
mov dword [ebx + eax], 0

loc_fffc01f9:  ; not directly referenced
imul esi, dword [ebp - 0x1024]
add dword [ebx + eax], esi
add eax, 4
cmp eax, 0x20
jne short loc_fffc01df  ; jne 0xfffc01df
inc ecx
jmp short loc_fffc0195  ; jmp 0xfffc0195

loc_fffc020e:  ; not directly referenced
mov bl, byte [ebp - 0x1004]
mov al, 3
cmp byte [ebp - 0x1008], 0
cmove ebx, eax
mov byte [ebp - 0x1004], bl
inc byte [ebp - 0x1004]
cmp byte [ebp - 0x1004], 2
jbe loc_fffc001e  ; jbe 0xfffc001e
mov edi, dword [ebp - 0x1018]
mov eax, edi
add eax, edi
xor edi, edi
mov dword [ebp - 0x102c], eax
mov eax, dword [ebp - 0x1034]
mov dword [ebp - 0x1008], eax
mov eax, dword [ebp - 0x1028]
mov dword [ebp - 0x1024], eax

loc_fffc0263:  ; not directly referenced
mov eax, dword [ebp - 0x1000]
bt eax, edi
jae loc_fffc03b9  ; jae 0xfffc03b9
imul eax, edi, 0x24
mov dword [ebp - 0x1004], 0
mov dword [ebp - 0x1020], eax

loc_fffc0285:  ; not directly referenced
imul eax, dword [ebp - 0x1004], 0xd8
mov byte [ebp - 0x1014], 0
add eax, 0x942
mov dword [ebp - 0x1030], eax

loc_fffc02a1:  ; not directly referenced
mov eax, dword [ebp - 0xffc]
mov bl, byte [ebp - 0x1014]
movzx eax, byte [eax + 0x2489]
cmp bl, al
jae loc_fffc0384  ; jae 0xfffc0384
movzx eax, bl
mov ebx, dword [ebp - 0x1020]
xor ecx, ecx
imul esi, eax, 0x18
add esi, dword [ebp - 0x1030]
add esi, dword [ebp - 0x1008]
add ebx, eax
shl ebx, 5
lea edx, [ebp - 0x918]
add ebx, edx
mov dword [ebp - 0x101c], 0
mov dword [ebp - 0x1028], eax

loc_fffc02f3:  ; not directly referenced
mov edx, dword [ebx + ecx]
mov eax, edx
sar eax, 0x1f
or eax, 1
movsx eax, al
imul eax, dword [ebp - 0x1018]
add eax, edx
cdq
idiv dword [ebp - 0x102c]
movzx edx, byte [esi]
add eax, edx
cmp eax, 0xf
jle short loc_fffc0324  ; jle 0xfffc0324
mov dword [ebx + ecx], 0xf
jmp short loc_fffc0331  ; jmp 0xfffc0331

loc_fffc0324:  ; not directly referenced
test eax, eax
mov edx, 0
cmovs eax, edx
mov dword [ebx + ecx], eax

loc_fffc0331:  ; not directly referenced
mov eax, dword [ebx + ecx]
add esi, 3
mov byte [esi - 3], al
shl eax, cl
add ecx, 4
or dword [ebp - 0x101c], eax
cmp ecx, 0x20
jne short loc_fffc02f3  ; jne 0xfffc02f3
push 2
push 0
push 0
push 0
push dword [ebp - 0x1028]
push dword [ebp - 0x1004]
push edi
push 0
push 0
push dword [ebp - 0x101c]
push 0xa
push dword [ebp - 0xffc]
call fcn_fffcd268  ; call 0xfffcd268
add esp, 0x30
inc byte [ebp - 0x1014]
jmp near loc_fffc02a1  ; jmp 0xfffc02a1

loc_fffc0384:  ; not directly referenced
inc dword [ebp - 0x1004]
mov dl, byte [ebp - 0x1004]
add dword [ebp - 0x1020], 9
cmp byte [ebp - 0x100c], dl
ja loc_fffc0285  ; ja 0xfffc0285
push edx
push 0
push eax
mov eax, dword [ebp - 0x1010]
push dword [ebp - 0x1024]
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffc03b9:  ; not directly referenced
inc edi
add dword [ebp - 0x1024], 0xcc
add dword [ebp - 0x1008], 0x13c3
cmp edi, 2
jne loc_fffc0263  ; jne 0xfffc0263

loc_fffc03d7:  ; not directly referenced
mov eax, dword [ebp - 0xffc]
mov byte [eax + 0x247b], 0
push 2
push 0
push 1
push 0
push 0
push 0
push 0
push 1
push 0
push 0
push 1
push eax
call fcn_fffcd268  ; call 0xfffcd268
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc0408:  ; not directly referenced
push ebp
mov ebp, esp
push esi
push ebx
mov ebx, dword [ebp + 8]
push edx
movzx ecx, byte [ebx + 0x248f]
lea esi, [ebx + 0x2491]
mov eax, ebx
push 0
mov edx, esi
push 1
push 1
call fcn_fffbf98a  ; call 0xfffbf98a
add esp, 0x10
test eax, eax
jne short loc_fffc044e  ; jne 0xfffc044e
push eax
movzx ecx, byte [ebx + 0x248f]
mov edx, esi
push 1
mov eax, ebx
push 0
push 0
call fcn_fffbf98a  ; call 0xfffbf98a
add esp, 0x10

loc_fffc044e:  ; not directly referenced
lea esp, [ebp - 8]
pop ebx
pop esi
pop ebp
ret

fcn_fffc0455:  ; not directly referenced
push ebp
mov ecx, 0xa
mov ebp, esp
push edi
push esi
mov esi, ref_fffd5410  ; mov esi, 0xfffd5410
push ebx
sub esp, 0x6c
mov ebx, dword [ebp + 8]
lea edi, [ebp - 0x60]
mov byte [ebp - 0x67], 4
mov byte [ebp - 0x66], 1
mov eax, dword [ebx + 0x1887]
mov byte [ebp - 0x65], 1
mov byte [ebp - 0x64], 2
mov byte [ebp - 0x63], 1
cmp eax, 0x306d0
sete dl
cmp eax, 0x40650
sete al
or dl, al
mov byte [ebp - 0x62], 0
mov byte [ebp - 0x61], 0
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
je loc_fffc0540  ; je 0xfffc0540
mov cl, 1
mov edx, 4
mov eax, ebx
mov esi, 4
call fcn_fffaab72  ; call 0xfffaab72
mov edx, dword [ebp - 0x60]
mov ecx, 1
cmp ax, dx
cmovae edx, eax
mov eax, ebx
mov word [ebp - 0x60], dx
mov edx, 1
call fcn_fffaab72  ; call 0xfffaab72
mov dx, word [ebp - 0x5e]
mov byte [ebp - 0x69], 1
cmp ax, dx
cmovae edx, eax
cmp dword [ebx + 0x188b], 1
mov word [ebp - 0x5e], dx
sete al
lea eax, [eax + eax*4 + 7]
movsx edi, al

loc_fffc04fe:  ; not directly referenced
mov al, byte [ebp - 0x69]
test byte [ebx + 0x248e], al
je short loc_fffc053a  ; je 0xfffc053a
push eax
mov ecx, 3
push 0
push 0
push 0xf
push edi
push 0
lea eax, [ebp - 0x60]
push eax
lea eax, [ebp - 0x65]
push eax
push 2
lea eax, [ebp - 0x67]
push eax
movzx eax, byte [ebp - 0x69]
push 5
lea edx, [ebp - 0x56]
push eax
mov eax, ebx
call fcn_fffcb1dd  ; call 0xfffcb1dd
add esp, 0x30

loc_fffc053a:  ; not directly referenced
shl byte [ebp - 0x69], 1
dec esi
jne short loc_fffc04fe  ; jne 0xfffc04fe

loc_fffc0540:  ; not directly referenced
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc054a:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x140
mov edi, dword [ebp + 8]
mov dword [ebp - 0xe4], 1
mov dword [ebp - 0xe0], 1
mov eax, dword [edi + 0x2444]
mov ebx, dword [edi + 0x5edd]
mov esi, eax
mov dword [ebp - 0x110], eax
mov eax, dword [edi + 0x1887]
mov dword [ebp - 0x108], eax
mov eax, dword [edi + 0x1883]
push 0
push 0x10
mov dword [ebp - 0x100], eax
lea eax, [ebp - 0xc8]
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
add esp, 0xc
push 1
push 3
lea eax, [ebp - 0xee]
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
add esp, 0x10
cmp dword [edi + 0x2481], 2
mov byte [ebp - 0xf1], 0xfc
mov byte [ebp - 0xf0], 4
mov byte [ebp - 0xef], 0
jne loc_fffc0d43  ; jne 0xfffc0d43
mov eax, dword [edi + 0x5edd]
mov dword [ebp - 0x100], eax
mov eax, dword [edi + 0x2444]
mov esi, eax
mov dword [ebp - 0x110], eax
push eax
push 0
push 0x10
lea eax, [ebp - 0xb8]
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
add esp, 0xc
push 1
push 3
lea eax, [ebp - 0xe8]
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
add esp, 0x10
xor eax, eax
mov byte [ebp - 0xeb], 0xfc
mov byte [ebp - 0xea], 4
mov byte [ebp - 0xe9], 0

loc_fffc0639:  ; not directly referenced
mov byte [ebp + eax - 0xd4], al
inc eax
cmp eax, 9
jne short loc_fffc0639  ; jne 0xfffc0639
mov ecx, 1
mov edx, 5
mov eax, edi
call fcn_fffaab72  ; call 0xfffaab72
xor ecx, ecx
mov edx, 5
lea ebx, [edi + 0x2b51]
mov word [ebp - 0x138], ax
mov eax, edi
call fcn_fffaab72  ; call 0xfffaab72
sub esp, 0xc
mov ecx, 0x11
mov word [ebp - 0x13c], ax
movzx eax, byte [edi + 0x248f]
push 0
mov edx, eax
mov dword [ebp - 0x10c], eax
mov eax, edi
call fcn_fffae9e2  ; call 0xfffae9e2
mov al, byte [ebp - 0xe7]
mov ecx, 2
mov byte [ebp - 0x11c], al
mov al, byte [ebp - 0xe8]
add byte [ebp - 0x11c], al
mov al, byte [ebp - 0xe6]
add byte [ebp - 0x11c], al
lea eax, [edi + 0x2491]
mov dword [ebp - 0x140], eax
mov edx, eax
mov eax, edi
call fcn_fffa668b  ; call 0xfffa668b
add esp, 0x10
xor ecx, ecx

loc_fffc06dc:  ; not directly referenced
mov eax, dword [ebp - 0x10c]
mov dword [ebp + ecx*4 - 0xdc], 0
bt eax, ecx
jae short loc_fffc0714  ; jae 0xfffc0714
mov eax, dword [ebx + 4]
mov esi, 0x14
xor edx, edx
add eax, dword [ebx]
div esi
mov si, 0xc
lea edx, [eax - 1]
cmp edx, 0xb
cmova eax, esi
mov dword [ebp + ecx*4 - 0xdc], eax

loc_fffc0714:  ; not directly referenced
inc ecx
add ebx, 0x48
cmp ecx, 2
jne short loc_fffc06dc  ; jne 0xfffc06dc
push eax
push 0
push 0x80
lea eax, [ebp - 0x98]
push eax
mov eax, dword [ebp - 0x110]
call dword [eax + 0x5c]  ; ucall
mov eax, dword [ebp - 0x100]
add esp, 0x10
mov dword [ebp - 0xfc], 0
add eax, 0x70
mov dword [ebp - 0x134], eax

loc_fffc0751:  ; not directly referenced
xor esi, esi

loc_fffc0753:  ; not directly referenced
mov eax, dword [ebp - 0x10c]
bt eax, esi
jb short loc_fffc0768  ; jb 0xfffc0768

loc_fffc075e:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffc0753  ; jne 0xfffc0753
xor esi, esi
jmp short loc_fffc07bd  ; jmp 0xfffc07bd

loc_fffc0768:  ; not directly referenced
mov eax, dword [ebp - 0xfc]
mov ecx, 0xc
xor ebx, ebx
movsx eax, byte [ebp + eax - 0xeb]
imul eax, dword [ebp + esi*4 - 0xdc]
cdq
idiv ecx
mov dword [ebp - 0x100], eax

loc_fffc078e:  ; not directly referenced
cmp bl, byte [edi + 0x2489]
jae short loc_fffc075e  ; jae 0xfffc075e
push 1
movzx eax, bl
push 0
inc ebx
push 1
push 0
push eax
push 0
push esi
push 0
push 0
push dword [ebp - 0x100]
push 2
push edi
call fcn_fffcd268  ; call 0xfffcd268
add esp, 0x30
jmp short loc_fffc078e  ; jmp 0xfffc078e

loc_fffc07bd:  ; not directly referenced
mov eax, dword [ebp - 0x134]
mov ecx, esi
xor ebx, ebx
mov dword [ebp - 0x100], 1
shl dword [ebp - 0x100], cl
mov dword [ebp - 0x108], eax
mov byte [ebp - 0x104], 0

loc_fffc07e4:  ; not directly referenced
imul eax, ebx, 0x13c3
cmp dword [edi + eax + 0x3757], 2
jne short loc_fffc0826  ; jne 0xfffc0826
mov ecx, dword [ebp - 0x100]
mov edx, ebx
mov eax, edi
call fcn_fffad317  ; call 0xfffad317
or byte [ebp - 0x104], al
push eax
push 0
movzx eax, byte [edi + 0x2489]
push eax
mov eax, dword [ebp - 0x110]
push dword [ebp - 0x108]
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffc0826:  ; not directly referenced
inc ebx
add dword [ebp - 0x108], 0xcc
cmp ebx, 2
jne short loc_fffc07e4  ; jne 0xfffc07e4
push ecx
mov edx, dword [ebp - 0x140]
push ecx
movzx ecx, byte [ebp - 0x104]
lea eax, [ebp - 0xb8]
push eax
push 0x25
lea eax, [ebp - 0xd4]
push eax
mov eax, edi
push 5
push 0
push esi
inc esi
call fcn_fffd16df  ; call 0xfffd16df
add esp, 0x20
cmp esi, 2
jne loc_fffc07bd  ; jne 0xfffc07bd
lea eax, [ebp - 0xa8]
xor esi, esi
mov dword [ebp - 0x130], eax
lea eax, [ebp - 0x98]
mov dword [ebp - 0x128], eax

loc_fffc0888:  ; not directly referenced
mov eax, dword [ebp - 0x10c]
bt eax, esi
jb short loc_fffc08ac  ; jb 0xfffc08ac

loc_fffc0893:  ; not directly referenced
inc esi
add dword [ebp - 0x128], 0x40
add dword [ebp - 0x130], 8
cmp esi, 2
jne short loc_fffc0888  ; jne 0xfffc0888
jmp near loc_fffc0a5e  ; jmp 0xfffc0a5e

loc_fffc08ac:  ; not directly referenced
imul edx, esi, 0x13c3
mov ebx, dword [ebp - 0x130]
mov ecx, dword [ebp - 0x128]
mov dword [ebp - 0x108], 0
mov al, byte [edi + edx + 0x381b]
lea edx, [edi + edx + 0x49c2]
mov dword [ebp - 0x100], ebx
mov dword [ebp - 0x12c], ecx
mov dword [ebp - 0x120], edx
mov byte [ebp - 0x141], al
imul eax, esi, 0x48
add eax, edi

loc_fffc08f3:  ; not directly referenced
mov cl, byte [ebp - 0x108]
mov edx, 1
shl edx, cl
test byte [ebp - 0x141], dl
jne short loc_fffc0936  ; jne 0xfffc0936

loc_fffc0908:  ; not directly referenced
inc dword [ebp - 0x108]
add eax, 0x90
add dword [ebp - 0x120], 0x18
add dword [ebp - 0x12c], 0x20
add dword [ebp - 0x100], 4
cmp dword [ebp - 0x108], 2
jne short loc_fffc08f3  ; jne 0xfffc08f3
jmp near loc_fffc0893  ; jmp 0xfffc0893

loc_fffc0936:  ; not directly referenced
cmp byte [ebp - 0xfc], 0
jne short loc_fffc094b  ; jne 0xfffc094b
mov ebx, dword [ebp - 0x100]
mov dword [ebx], 0xffffffff

loc_fffc094b:  ; not directly referenced
mov dl, byte [edi + 0x2489]
mov byte [ebp - 0x124], dl
xor edx, edx

loc_fffc0959:  ; not directly referenced
cmp byte [ebp - 0x124], dl
jbe short loc_fffc0987  ; jbe 0xfffc0987
mov ebx, dword [ebp - 0x100]
mov ecx, dword [eax + edx*8 + 0x2915]
cmp dword [eax + edx*8 + 0x2911], ecx
cmovbe ecx, dword [eax + edx*8 + 0x2911]
cmp ecx, dword [ebx]
cmova ecx, dword [ebx]
inc edx
mov dword [ebx], ecx
jmp short loc_fffc0959  ; jmp 0xfffc0959

loc_fffc0987:  ; not directly referenced
xor edx, edx

loc_fffc0989:  ; not directly referenced
mov ecx, dword [ebp - 0x120]
movzx ecx, byte [ecx + edx + 0x10]
test cl, cl
je loc_fffc0908  ; je 0xfffc0908
mov dword [ebp - 0x104], 0
mov dword [ebp - 0x118], 0xffffffff
mov dword [ebp - 0x114], 0xffffffff

loc_fffc09ba:  ; not directly referenced
mov bl, byte [ebp - 0x104]
cmp byte [ebp - 0x124], bl
jbe short loc_fffc0a1d  ; jbe 0xfffc0a1d
mov ebx, dword [ebp - 0x104]
bt ecx, ebx
jae short loc_fffc0a15  ; jae 0xfffc0a15
mov dword [ebp - 0x148], edx
mov edx, dword [ebp - 0x114]
cmp edx, dword [eax + ebx*8 + 0x2911]
cmova edx, dword [eax + ebx*8 + 0x2911]
mov dword [ebp - 0x114], edx
mov edx, dword [ebp - 0x118]
cmp edx, dword [eax + ebx*8 + 0x2915]
cmova edx, dword [eax + ebx*8 + 0x2915]
mov dword [ebp - 0x118], edx
mov edx, dword [ebp - 0x148]

loc_fffc0a15:  ; not directly referenced
inc dword [ebp - 0x104]
jmp short loc_fffc09ba  ; jmp 0xfffc09ba

loc_fffc0a1d:  ; not directly referenced
mov ecx, dword [ebp - 0xfc]
movzx ebx, byte [ebp + ecx - 0xe8]
mov ecx, dword [ebp - 0x118]
sub ecx, dword [ebp - 0x114]
mov dword [ebp - 0x104], ebx
mov ebx, dword [ebp - 0x104]
imul ebx, ecx
mov ecx, dword [ebp - 0x12c]
add dword [ecx + edx*4], ebx
inc edx
cmp edx, 8
jne loc_fffc0989  ; jne 0xfffc0989
jmp near loc_fffc0908  ; jmp 0xfffc0908

loc_fffc0a5e:  ; not directly referenced
inc dword [ebp - 0xfc]
cmp dword [ebp - 0xfc], 3
jne loc_fffc0751  ; jne 0xfffc0751
movzx edx, word [ebp - 0x138]
movzx eax, word [ebp - 0x13c]
mov dword [ebp - 0x120], edi
mov dword [ebp - 0xfc], 0
add eax, edx
mov dword [ebp - 0x12c], eax
movsx eax, byte [ebp - 0x11c]
sar dword [ebp - 0x12c], 2
imul esi, eax, 0xa
imul eax, eax, 0x14
mov dword [ebp - 0x138], esi
mov dword [ebp - 0x13c], eax
mov eax, dword [ebp - 0x134]
mov dword [ebp - 0x130], eax
lea eax, [edi + 0x49c2]
mov dword [ebp - 0x114], eax
lea eax, [ebp - 0xa8]
mov dword [ebp - 0x11c], eax
lea eax, [ebp - 0x98]
mov dword [ebp - 0x124], eax

loc_fffc0ae7:  ; not directly referenced
mov eax, dword [ebp - 0x10c]
mov esi, dword [ebp - 0xfc]
bt eax, esi
jae loc_fffc0d02  ; jae 0xfffc0d02
mov eax, dword [ebp - 0x114]
mov dword [ebp - 0x100], 0
lea esi, [eax - 0x126b]
mov dword [ebp - 0x134], esi
mov esi, dword [ebp - 0x120]
mov dword [ebp - 0x108], eax
mov dword [ebp - 0x128], esi
mov esi, dword [ebp - 0x124]

loc_fffc0b30:  ; not directly referenced
mov ebx, dword [ebp - 0x114]
mov cl, byte [ebp - 0x100]
mov dword [ebp - 0x104], 1
shl dword [ebp - 0x104], cl
mov al, byte [ebp - 0x104]
test byte [ebx - 0x11a7], al
je loc_fffc0cbe  ; je 0xfffc0cbe
mov eax, dword [ebp - 0x108]
mov ebx, dword [ebp - 0x11c]
mov edx, dword [ebp - 0x100]
mov ecx, dword [ebp - 0x12c]
mov ax, word [eax + 0xc]
or al, 0x80
cmp dword [ebx + edx*4], ecx
jbe short loc_fffc0bac  ; jbe 0xfffc0bac
imul edx, edx, 0x70
mov ebx, dword [ebp - 0x134]
and eax, 0xffffff80
or eax, 0xd
mov word [ebx + edx + 0x109f], ax
mov ebx, dword [ebp - 0x108]
mov word [ebx + 0xc], ax
movzx eax, ax
push edx
push edx
push eax
push 6
jmp short loc_fffc0c08  ; jmp 0xfffc0c08

loc_fffc0bac:  ; not directly referenced
mov eax, dword [ebp - 0x108]
xor ebx, ebx
mov ecx, dword [ebp - 0x104]
mov edx, dword [ebp - 0xfc]
mov ax, word [eax + 6]
mov word [ebp - 0x118], ax
or word [ebp - 0x118], 0x10
push eax
push eax
movzx eax, word [ebp - 0x118]
push eax
mov eax, edi
push 3
call fcn_fffa96cb  ; call 0xfffa96cb
add esp, 0x10

loc_fffc0be9:  ; not directly referenced
mov eax, dword [ebp - 0x108]
movzx ecx, byte [eax + ebx + 0x10]
test cl, cl
jne short loc_fffc0c23  ; jne 0xfffc0c23

loc_fffc0bf8:  ; not directly referenced
mov eax, dword [ebp - 0x118]
push ebx
push ebx
and eax, 0xffef
push eax
push 3

loc_fffc0c08:  ; not directly referenced
mov ecx, dword [ebp - 0x104]
mov eax, edi
mov edx, dword [ebp - 0xfc]
call fcn_fffa96cb  ; call 0xfffa96cb
add esp, 0x10
jmp near loc_fffc0cbe  ; jmp 0xfffc0cbe

loc_fffc0c23:  ; not directly referenced
mov edx, dword [esi + ebx*4]
mov dword [ebp - 0x140], ecx
mov eax, edx
sar eax, 0x1f
or eax, 1
movsx eax, al
imul eax, dword [ebp - 0x138]
add eax, edx
cdq
idiv dword [ebp - 0x13c]
mov dword [esi + ebx*4], eax
push 2
push 0
push 1
push 0
push ecx
push dword [ebp - 0x100]
push dword [ebp - 0xfc]
push 0
push 0
push eax
push 5
push edi
call fcn_fffcd268  ; call 0xfffcd268
mov al, byte [edi + 0x2489]
add esp, 0x30
mov byte [ebp - 0x141], al
xor eax, eax

loc_fffc0c7d:  ; not directly referenced
cmp byte [ebp - 0x141], al
jbe short loc_fffc0caf  ; jbe 0xfffc0caf
mov edx, dword [ebp - 0x140]
bt edx, eax
jae short loc_fffc0cac  ; jae 0xfffc0cac
mov edx, dword [ebp - 0x128]
imul ecx, dword [esi + ebx*4], 0xa
add dword [edx + eax*8 + 0x2911], ecx
imul ecx, dword [esi + ebx*4], 0xfffffff6
add dword [edx + eax*8 + 0x2915], ecx

loc_fffc0cac:  ; not directly referenced
inc eax
jmp short loc_fffc0c7d  ; jmp 0xfffc0c7d

loc_fffc0caf:  ; not directly referenced
inc ebx
cmp ebx, 8
jne loc_fffc0be9  ; jne 0xfffc0be9
jmp near loc_fffc0bf8  ; jmp 0xfffc0bf8

loc_fffc0cbe:  ; not directly referenced
inc dword [ebp - 0x100]
add esi, 0x20
add dword [ebp - 0x108], 0x18
add dword [ebp - 0x128], 0x90
cmp dword [ebp - 0x100], 2
jne loc_fffc0b30  ; jne 0xfffc0b30
push ecx
push 0
movzx eax, byte [edi + 0x2489]
push eax
mov eax, dword [ebp - 0x110]
push dword [ebp - 0x130]
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffc0d02:  ; not directly referenced
inc dword [ebp - 0xfc]
add dword [ebp - 0x130], 0xcc
add dword [ebp - 0x114], 0x13c3
add dword [ebp - 0x124], 0x40
add dword [ebp - 0x120], 0x48
add dword [ebp - 0x11c], 8
cmp dword [ebp - 0xfc], 2
jne loc_fffc0ae7  ; jne 0xfffc0ae7
jmp near loc_fffc1272  ; jmp 0xfffc1272

loc_fffc0d43:  ; not directly referenced
mov ecx, 1
mov edx, 5
mov eax, edi
call fcn_fffaab72  ; call 0xfffaab72
xor ecx, ecx
mov edx, 5
mov word [ebp - 0x118], ax
mov eax, edi
call fcn_fffaab72  ; call 0xfffaab72
mov word [ebp - 0x11c], ax
mov al, byte [ebx + 0x15]
shr al, 6
movzx edx, al
movzx eax, byte [ebx + 0x16]
and eax, 0x1f
shl eax, 2
or eax, edx
mov esi, eax
mov dl, al
or edx, 0xffffff80
shr esi, 6
cmove edx, eax
mov byte [ebp - 0xeb], dl
mov cl, byte [ebx + 0x14]
movsx dx, dl
movzx eax, byte [ebx + 0x15]
lea edx, [edx + edx*4]
shr cl, 7
and eax, 0x3f
movzx ecx, cl
add eax, eax
or eax, ecx
mov esi, eax
mov cl, al
or ecx, 0xffffff80
shr esi, 6
cmove ecx, eax
add edx, edx
mov byte [ebp - 0xea], cl
movsx cx, cl
sub esp, 0xc
mov word [ebp - 0xe8], dx
movzx edx, byte [edi + 0x248f]
lea ecx, [ecx + ecx*4]
add ecx, ecx
mov eax, edi
mov word [ebp - 0xe6], cx
mov ecx, 0x11
push 0
call fcn_fffae9e2  ; call 0xfffae9e2
mov al, byte [ebp - 0xed]
lea esi, [edi + 0x3757]
add esp, 0x10
mov byte [ebp - 0xfc], 0
mov byte [ebp - 0x10c], al
mov al, byte [ebp - 0xee]
add byte [ebp - 0x10c], al
mov al, byte [ebp - 0xec]
add byte [ebp - 0x10c], al
lea eax, [ebx + 0x70]
xor ebx, ebx
mov dword [ebp - 0x128], eax
mov dword [ebp - 0x104], eax

loc_fffc0e3c:  ; not directly referenced
cmp dword [esi], 2
jne short loc_fffc0e74  ; jne 0xfffc0e74
movzx ecx, byte [esi + 0xc4]
mov edx, ebx
mov eax, edi
call fcn_fffad317  ; call 0xfffad317
or byte [ebp - 0xfc], al
push edx
push 0
movzx eax, byte [edi + 0x2489]
push eax
mov eax, dword [ebp - 0x110]
push dword [ebp - 0x104]
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffc0e74:  ; not directly referenced
inc ebx
add esi, 0x13c3
add dword [ebp - 0x104], 0xcc
cmp ebx, 2
jne short loc_fffc0e3c  ; jne 0xfffc0e3c
lea eax, [edi + 0x2491]
mov ecx, 2
mov dword [ebp - 0x114], eax
mov edx, eax
mov eax, edi
call fcn_fffa668b  ; call 0xfffa668b
movzx eax, byte [ebp - 0xfc]
lea ebx, [edi + 0x2b51]
xor ecx, ecx
mov dword [ebp - 0xfc], eax

loc_fffc0eb9:  ; not directly referenced
mov eax, dword [ebp - 0xfc]
mov dword [ebp + ecx*4 - 0xdc], 0
bt eax, ecx
jae short loc_fffc0ef1  ; jae 0xfffc0ef1
mov eax, dword [ebx + 4]
mov esi, 0x14
xor edx, edx
add eax, dword [ebx]
div esi
mov si, 0xc
lea edx, [eax - 1]
cmp edx, 0xb
cmovbe esi, eax
mov dword [ebp + ecx*4 - 0xdc], esi

loc_fffc0ef1:  ; not directly referenced
inc ecx
add ebx, 0x48
cmp ecx, 2
jne short loc_fffc0eb9  ; jne 0xfffc0eb9
mov edx, dword [ebp - 0x114]
mov cl, 5
mov eax, edi
call fcn_fffa668b  ; call 0xfffa668b
mov dword [ebp - 0xd4], 0
mov dword [ebp - 0xb8], 0x7fffffff
mov dword [ebp - 0xa8], 0x7fffffff
mov dword [ebp - 0xd0], 0
mov dword [ebp - 0xb4], 0x7fffffff
mov dword [ebp - 0xa4], 0x7fffffff
mov dword [ebp - 0x104], 0

loc_fffc0f4f:  ; not directly referenced
xor esi, esi

loc_fffc0f51:  ; not directly referenced
mov eax, dword [ebp - 0xfc]
bt eax, esi
jb short loc_fffc0f95  ; jb 0xfffc0f95

loc_fffc0f5c:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffc0f51  ; jne 0xfffc0f51
push eax
mov edx, dword [ebp - 0x114]
push eax
mov ecx, dword [ebp - 0xfc]
push 0
lea eax, [ebp - 0xc8]
push eax
mov eax, edi
push 0x36
push 1
push 5
push 0
call fcn_fffc66ae  ; call 0xfffc66ae
lea edx, [edi + 0x2915]
add esp, 0x20
xor eax, eax
jmp short loc_fffc0ff3  ; jmp 0xfffc0ff3

loc_fffc0f95:  ; not directly referenced
mov eax, dword [ebp - 0x104]
mov ecx, 0xc
xor ebx, ebx
movsx eax, byte [ebp + eax - 0xf1]
imul eax, dword [ebp + esi*4 - 0xdc]
cdq
idiv ecx
mov dword [ebp - 0x120], eax

loc_fffc0fbb:  ; not directly referenced
cmp bl, byte [edi + 0x2489]
jae short loc_fffc0f5c  ; jae 0xfffc0f5c
push 1
movzx eax, bl
push 0
inc ebx
push 1
push 0
push eax
push 0
push esi
push 0
push 0
push dword [ebp - 0x120]
push 2
push edi
call fcn_fffcd268  ; call 0xfffcd268
add esp, 0x30
jmp short loc_fffc0fbb  ; jmp 0xfffc0fbb

loc_fffc0fea:  ; not directly referenced
inc eax
add edx, 0x48
cmp eax, 2
je short loc_fffc1045  ; je 0xfffc1045

loc_fffc0ff3:  ; not directly referenced
mov esi, dword [ebp - 0xfc]
bt esi, eax
jae short loc_fffc0fea  ; jae 0xfffc0fea
mov ebx, dword [ebp - 0x104]
mov ecx, dword [edx - 4]
mov esi, dword [edx]
movzx ebx, byte [ebp + ebx - 0xee]
sub esi, ecx
imul ebx, esi
add dword [ebp + eax*4 - 0xd4], ebx
mov ebx, dword [ebp + eax*4 - 0xb8]
cmp ecx, ebx
cmovg ecx, ebx
mov dword [ebp + eax*4 - 0xb8], ecx
mov ecx, dword [ebp + eax*4 - 0xa8]
cmp dword [edx], ecx
cmovle ecx, dword [edx]
mov dword [ebp + eax*4 - 0xa8], ecx
jmp short loc_fffc0fea  ; jmp 0xfffc0fea

loc_fffc1045:  ; not directly referenced
inc dword [ebp - 0x104]
cmp dword [ebp - 0x104], 3
jne loc_fffc0f4f  ; jne 0xfffc0f4f
xor eax, eax
xor ebx, ebx

loc_fffc105c:  ; not directly referenced
movsx ecx, word [ebp + eax - 0xe8]
mov edx, dword [ebp + eax*2 - 0xb8]
sub edx, ecx
cmovs edx, ebx
add ecx, dword [ebp + eax*2 - 0xa8]
mov dword [ebp + eax*2 - 0xb8], edx
cmovs ecx, ebx
cmp ecx, edx
cmovle edx, ecx
mov dword [ebp + eax*2 - 0xa8], ecx
mov dword [ebp + eax*2 - 0x98], edx
add eax, 2
cmp eax, 4
jne short loc_fffc105c  ; jne 0xfffc105c
movsx eax, byte [ebp - 0x10c]
xor ebx, ebx
movzx edx, word [ebp - 0x118]
imul esi, eax, 0xa
imul eax, eax, 0x14
mov dword [ebp - 0x120], esi
mov dword [ebp - 0x124], eax
movzx eax, word [ebp - 0x11c]
add eax, edx
mov dword [ebp - 0x10c], eax
lea eax, [edi + 0x2911]
mov dword [ebp - 0x114], eax
mov eax, dword [ebp - 0x128]
sar dword [ebp - 0x10c], 2
mov dword [ebp - 0x104], eax

loc_fffc10ec:  ; not directly referenced
mov eax, dword [ebp - 0xfc]
bt eax, ebx
jae loc_fffc1257  ; jae 0xfffc1257
mov edx, dword [ebp + ebx*4 - 0xd4]
mov eax, edx
sar eax, 0x1f
or eax, 1
movsx eax, al
imul eax, dword [ebp - 0x120]
add eax, edx
cdq
idiv dword [ebp - 0x124]
cmp dword [ebp - 0x108], 0x306d0
sete dl
cmp dword [ebp - 0x100], 3
mov dword [ebp + ebx*4 - 0xd4], eax
seta al
test al, dl
jne short loc_fffc115a  ; jne 0xfffc115a
cmp dword [ebp - 0x100], 0
setne cl
cmp dword [ebp - 0x108], 0x40670
sete al
test cl, al
je short loc_fffc1185  ; je 0xfffc1185

loc_fffc115a:  ; not directly referenced
mov eax, dword [ebp - 0x10c]
cmp dword [ebp + ebx*4 - 0x98], eax
jbe short loc_fffc1185  ; jbe 0xfffc1185
movsx eax, byte [ebp + ebx - 0xeb]
mov dword [ebp + ebx*4 - 0xe4], 0
neg eax
mov dword [ebp + ebx*4 - 0xd4], eax

loc_fffc1185:  ; not directly referenced
mov eax, dword [ebp + ebx*4 - 0xe4]
mov esi, dword [ebp - 0x104]
mov byte [edi + ebx + 0x369e], al
cmp byte [esi + 0x61], 0
jle short loc_fffc11fc  ; jle 0xfffc11fc
cmp dword [ebp - 0x100], 3
sete cl
test cl, dl
jne short loc_fffc11d2  ; jne 0xfffc11d2
cmp dword [ebp - 0x100], 0
sete cl
cmp dword [ebp - 0x108], 0x40670
sete byte [ebp - 0x118]
xor edx, edx
test byte [ebp - 0x118], cl
je short loc_fffc11db  ; je 0xfffc11db

loc_fffc11d2:  ; not directly referenced
mov esi, dword [ebp - 0x104]
mov dl, byte [esi + 0x73]

loc_fffc11db:  ; not directly referenced
sub dl, byte [ebp + ebx - 0xeb]
add edx, 3
movsx esi, dl
cmp dword [ebp + ebx*4 - 0xd4], esi
jle short loc_fffc11fc  ; jle 0xfffc11fc
test eax, eax
je short loc_fffc11fc  ; je 0xfffc11fc
mov dword [ebp + ebx*4 - 0xd4], esi

loc_fffc11fc:  ; not directly referenced
mov eax, dword [ebp - 0xfc]
lea ecx, [ebx + 1]
push 2
mov esi, dword [ebp + ebx*4 - 0xd4]
sar eax, cl
push eax
push 1
push 0
push 7
push 0
push ebx
push 0
push 0
push esi
push 5
push edi
call fcn_fffcd268  ; call 0xfffcd268
mov ecx, dword [ebp - 0x114]
imul eax, esi, 0xa
imul esi, esi, 0xfffffff6
add esp, 0x2c
add dword [ecx], eax
add dword [ecx + 4], esi
push 0
movzx eax, byte [edi + 0x2489]
push eax
mov eax, dword [ebp - 0x110]
push dword [ebp - 0x104]
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffc1257:  ; not directly referenced
inc ebx
add dword [ebp - 0x114], 0x48
add dword [ebp - 0x104], 0xcc
cmp ebx, 2
jne loc_fffc10ec  ; jne 0xfffc10ec

loc_fffc1272:  ; not directly referenced
push 2
push 0
push 1
push 0
push 0
push 0
push 0
push 1
push 0
push 0
push 2
push edi
call fcn_fffcd268  ; call 0xfffcd268
add esp, 0x30
mov byte [edi + 0x247b], 0
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc12a0:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x230
mov edi, dword [ebp + 8]
mov eax, dword [edi + 0x5edd]
mov dword [ebp - 0x1fc], eax
mov eax, dword [edi + 0x2444]
mov esi, eax
mov dword [ebp - 0x21c], eax
mov eax, dword [edi + 0x188b]
push 0
push 0x10
mov dword [ebp - 0x220], eax
lea eax, [ebp - 0x1d8]
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
add esp, 0xc
push 0
push 2
lea eax, [ebp - 0x1dc]
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0x1b0
lea eax, [ebp - 0x1c8]
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
mov al, byte [edi + 0x2441]
xor ecx, ecx
mov byte [ebp - 0x1d9], 0
mov byte [ebp - 0x1da], 0
mov byte [ebp - 0x216], al
mov eax, dword [edi + 0x2481]
mov dword [esp], edi
cmp eax, 3
sete cl
cmp eax, 2
mov ebx, ecx
sete byte [ebp - 0x217]
mov dword [ebp - 0x208], ebx
call fcn_fffc9f5d  ; call 0xfffc9f5d
add esp, 0x10
cmp ebx, 1
lea ecx, [edi + 0x2491]
mov dword [ebp - 0x1f8], edi
mov dword [ebp - 0x1f0], 0
mov dword [ebp - 0x214], ecx
mov dword [ebp - 0x200], eax
sbb eax, eax
and eax, 7
add eax, 0xa
movzx eax, al
mov dword [ebp - 0x22c], eax

loc_fffc1389:  ; not directly referenced
mov eax, dword [ebp - 0x1fc]
xor ebx, ebx
mov cl, byte [ebp - 0x1f0]
mov dword [ebp - 0x1ec], 1
shl dword [ebp - 0x1ec], cl
add eax, 0x70
mov dword [ebp - 0x204], eax
mov byte [ebp - 0x1f4], 0

loc_fffc13b7:  ; not directly referenced
mov ecx, dword [ebp - 0x1ec]
mov edx, ebx
mov eax, edi
call fcn_fffad317  ; call 0xfffad317
or byte [ebp - 0x1f4], al
movzx eax, byte [ebp - 0x1f4]
bt eax, ebx
mov esi, eax
jae short loc_fffc13f7  ; jae 0xfffc13f7
push ecx
push 0
movzx eax, byte [edi + 0x2489]
push eax
mov eax, dword [ebp - 0x21c]
push dword [ebp - 0x204]
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffc13f7:  ; not directly referenced
inc ebx
add dword [ebp - 0x204], 0xcc
cmp ebx, 2
jne short loc_fffc13b7  ; jne 0xfffc13b7
cmp byte [ebp - 0x1f4], 0
je loc_fffc1932  ; je 0xfffc1932
sub esp, 0xc
mov ecx, 0x11
push 0
mov edx, esi
mov eax, edi
xor bl, bl
call fcn_fffae9e2  ; call 0xfffae9e2
add esp, 0x10

loc_fffc142c:  ; not directly referenced
mov dl, bl
cmp bl, 3
je short loc_fffc1495  ; je 0xfffc1495
cmp bl, 1
jne short loc_fffc1441  ; jne 0xfffc1441
mov byte [edi + 0x248c], 9
jmp short loc_fffc144d  ; jmp 0xfffc144d

loc_fffc1441:  ; not directly referenced
cmp bl, 4
jne short loc_fffc144d  ; jne 0xfffc144d
mov byte [edi + 0x248c], 0

loc_fffc144d:  ; not directly referenced
lea eax, [edx - 4]
cmp al, 2
sbb eax, eax
and eax, 0x17
add eax, 0x1f
cmp dl, 5
sete dl
test byte [ebp - 0x217], dl
mov dl, 0x25
lea ecx, [ebp - 0x1d8]
cmovne eax, edx
push edx
movzx eax, al
push edx
mov edx, dword [ebp - 0x214]
push 0
push ecx
mov ecx, esi
push eax
mov eax, edi
push 1
push ebx
push dword [ebp - 0x1f0]
call fcn_fffc66ae  ; call 0xfffc66ae
add esp, 0x20

loc_fffc1495:  ; not directly referenced
inc ebx
cmp ebx, 7
jne short loc_fffc142c  ; jne 0xfffc142c
push eax
mov ecx, dword [ebp - 0x22c]
mov edx, esi
push eax
mov eax, edi
push dword [ebp - 0x1ec]
push 0
call fcn_fffaea71  ; call 0xfffaea71
add esp, 0x10
cmp dword [ebp - 0x208], 0
je short loc_fffc14e8  ; je 0xfffc14e8
push eax
mov ecx, esi
push 0
xor edx, edx
push 0
push 0x20
push 0
lea eax, [ebp - 0x1da]
push eax
mov eax, edi
push 0xff
push dword [ebp - 0x1ec]
call fcn_fffcffd1  ; call 0xfffcffd1
jmp short loc_fffc150b  ; jmp 0xfffc150b

loc_fffc14e8:  ; not directly referenced
push 1
mov ecx, esi
push 1
xor edx, edx
lea eax, [ebp - 0x1dc]
push eax
mov eax, edi
push 1
push 0x40
push 0xffffffffffffffc0
push 3
push 0xff
call fcn_fffcf65b  ; call 0xfffcf65b

loc_fffc150b:  ; not directly referenced
add esp, 0x20
cmp byte [ebp - 0x216], 0
sete dl
cmp dword [ebp - 0x220], 1
sete al
test dl, al
jne loc_fffc15e2  ; jne 0xfffc15e2

loc_fffc152a:  ; not directly referenced
push edx
push 0
push 0
push 3
push 0xff
push 0
push 0
push edi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x1c
push 0
push 0
push 3
push 0xff
push 0
push 1
push edi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x14
push edi
call fcn_fffc9f5d  ; call 0xfffc9f5d
lea eax, [ebp - 0x1d8]
mov edx, dword [ebp - 0x214]
pop ecx
mov ecx, esi
pop ebx
mov ebx, dword [ebp - 0x1f0]
push 0
push eax
mov eax, edi
push 0x36
push 1
push 0xd
push ebx
call fcn_fffc66ae  ; call 0xfffc66ae
add esp, 0x14
push edi
call fcn_fffc9f5d  ; call 0xfffc9f5d
lea edx, [ebp - 0x1c8]
mov dword [ebp - 0x200], eax
mov eax, edi
call fcn_fffb7100  ; call 0xfffb7100
imul eax, ebx, 0xd8
mov edx, ebx
add edx, ebx
add esp, 0x10
lea ecx, [edi + ebx*4]
add edx, edi
mov dword [ebp - 0x210], ecx
mov ecx, dword [ebp - 0x1f8]
add eax, 0x281
mov dword [ebp - 0x20c], edx
mov dword [ebp - 0x1f4], 0
mov dword [ebp - 0x228], eax
jmp near loc_fffc17a9  ; jmp 0xfffc17a9

loc_fffc15e2:  ; not directly referenced
xor ebx, ebx

loc_fffc15e4:  ; not directly referenced
imul eax, ebx, 0x13c3
cmp dword [edi + eax + 0x3757], 2
jne short loc_fffc1641  ; jne 0xfffc1641
push eax
push 0
push 0
push 3
push 0xff
push 0
push ebx
push edi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20
cmp byte [edi + 0x36ca], 2
jne short loc_fffc1641  ; jne 0xfffc1641
mov ecx, dword [ebp - 0x1fc]
imul eax, ebx, 0xcc
mov edx, ebx
push 0
push 1
movzx eax, byte [ecx + eax + 0xe2]
mov ecx, 0xff
push eax
mov eax, edi
push 1
call fcn_fffac68e  ; call 0xfffac68e
add esp, 0x10

loc_fffc1641:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffc15e4  ; jne 0xfffc15e4
sub esp, 0xc
push edi
call fcn_fffc9f5d  ; call 0xfffc9f5d
add esp, 0x10
cmp dword [ebp - 0x208], 0
jne short loc_fffc16bd  ; jne 0xfffc16bd
mov ecx, dword [ebp - 0x1f8]
mov edx, 6
mov eax, dword [ecx + 0x3211]
mov dword [ecx + 0x3219], eax
mov eax, dword [ecx + 0x3215]
mov dword [ecx + 0x321d], eax
mov eax, dword [ecx + 0x3259]
mov dword [ecx + 0x3261], eax
mov eax, dword [ecx + 0x325d]
mov dword [ecx + 0x3265], eax
lea eax, [ebp - 0x1dc]
mov ecx, esi
push 1
push 1
push eax
mov eax, edi
push 0
push 0x40
push 0xffffffffffffffc0
push 3
push 0xff
call fcn_fffcf65b  ; call 0xfffcf65b
add esp, 0x20
jmp short loc_fffc16cc  ; jmp 0xfffc16cc

loc_fffc16bd:  ; not directly referenced
mov ecx, dword [ebp - 0x1ec]
mov edx, esi
mov eax, edi
call fcn_fffcb062  ; call 0xfffcb062

loc_fffc16cc:  ; not directly referenced
mov ebx, dword [ebp - 0x1f8]
mov dword [ebp - 0x1f4], 0

loc_fffc16dc:  ; not directly referenced
imul eax, dword [ebp - 0x1f4], 0x13c3
cmp dword [edi + eax + 0x3757], 2
jne short loc_fffc175d  ; jne 0xfffc175d
mov eax, dword [ebx + 0x3219]
cmp dword [ebx + 0x3211], eax
cmovbe eax, dword [ebx + 0x3211]
mov dword [ebx + 0x3211], eax
mov eax, dword [ebx + 0x321d]
cmp dword [ebx + 0x3215], eax
cmovbe eax, dword [ebx + 0x3215]
mov dword [ebx + 0x3215], eax
cmp byte [edi + 0x36ca], 2
jne short loc_fffc175d  ; jne 0xfffc175d
mov edx, dword [ebp - 0x1f4]
mov ecx, dword [ebp - 0x1fc]
push 0
push 1
imul eax, edx, 0xcc
movzx eax, byte [ecx + eax + 0xe2]
mov ecx, 0xff
neg eax
push eax
mov eax, edi
push 1
call fcn_fffac68e  ; call 0xfffac68e
add esp, 0x10

loc_fffc175d:  ; not directly referenced
inc dword [ebp - 0x1f4]
add ebx, 0x48
cmp dword [ebp - 0x1f4], 2
jne loc_fffc16dc  ; jne 0xfffc16dc
jmp near loc_fffc152a  ; jmp 0xfffc152a

loc_fffc1778:  ; not directly referenced
add dword [ebp - 0x1f4], 0x13c3
add ecx, 0x48
add dword [ebp - 0x210], 0x13c3
add dword [ebp - 0x20c], 0x13c3
cmp dword [ebp - 0x1f4], 0x2786
je loc_fffc1932  ; je 0xfffc1932

loc_fffc17a9:  ; not directly referenced
mov ebx, dword [ebp - 0x1f4]
mov al, byte [ebp - 0x1ec]
test byte [edi + ebx + 0x381b], al
je short loc_fffc1778  ; je 0xfffc1778
mov eax, dword [ebp - 0x1f4]
mov ebx, 0xa
xor edx, edx
mov esi, 0xa
mov byte [ebp - 0x204], 0
lea eax, [edi + eax + 0x3757]
mov dword [ebp - 0x224], eax
mov eax, dword [ecx + 0x3211]
div ebx
mov ebx, dword [ebp - 0x210]
xor edx, edx
mov byte [ebx + 0x39c8], al
mov eax, dword [ecx + 0x3215]
div esi
xor edx, edx
mov byte [ebx + 0x39c9], al
mov eax, dword [ecx + 0x3451]
div esi
xor edx, edx
mov byte [ebx + 0x39cb], al
mov eax, dword [ecx + 0x3455]
div esi
xor edx, edx
mov byte [ebx + 0x39ca], al
mov eax, dword [ecx + 0x2d91]
mov ebx, dword [ebp - 0x20c]
div esi
xor edx, edx
mov byte [ebx + 0x4758], al
mov eax, dword [ecx + 0x2d95]
div esi
xor edx, edx
mov byte [ebx + 0x4759], al
mov eax, dword [ecx + 0x2fd1]
div esi
xor edx, edx
mov byte [ebx + 0x4760], al
mov eax, dword [ecx + 0x2fd5]
div esi
mov byte [ebx + 0x4761], al

loc_fffc186e:  ; not directly referenced
mov al, byte [ebp - 0x204]
cmp al, byte [edi + 0x2489]
jae loc_fffc1778  ; jae 0xfffc1778
movzx ebx, al
imul ebx, ebx, 0x18
add ebx, dword [ebp - 0x228]
add ebx, dword [ebp - 0x224]
mov byte [ebp - 0x215], 8

loc_fffc1899:  ; not directly referenced
mov eax, dword [ecx + 0x26d1]
mov esi, 0xa
xor edx, edx
add ebx, 3
div esi
xor edx, edx
mov byte [ebx - 3], al
mov eax, dword [ecx + 0x26d5]
div esi
xor edx, edx
mov byte [ebx - 1], al
mov eax, dword [ecx + 0x2b51]
div esi
xor edx, edx
mov byte [ebx + 0x35d], al
mov eax, dword [ecx + 0x2b55]
div esi
xor edx, edx
mov byte [ebx + 0x35f], al
mov eax, dword [ecx + 0x2491]
div esi
xor edx, edx
mov byte [ebx + 0x6bf], al
mov eax, dword [ecx + 0x2495]
div esi
xor edx, edx
mov byte [ebx + 0x6bd], al
mov eax, dword [ecx + 0x2911]
div esi
xor edx, edx
mov byte [ebx + 0xa1f], al
mov eax, dword [ecx + 0x2915]
div esi
mov byte [ebx + 0xa1d], al
dec byte [ebp - 0x215]
jne loc_fffc1899  ; jne 0xfffc1899
inc byte [ebp - 0x204]
jmp near loc_fffc186e  ; jmp 0xfffc186e

loc_fffc1932:  ; not directly referenced
inc dword [ebp - 0x1f0]
add dword [ebp - 0x1f8], 0x90
cmp dword [ebp - 0x1f0], 4
jne loc_fffc1389  ; jne 0xfffc1389
cmp dword [edi + 0x3757], 2
jne short loc_fffc1966  ; jne 0xfffc1966
xor ecx, ecx
mov edx, 0x4198
mov eax, edi
call fcn_fffb335b  ; call 0xfffb335b

loc_fffc1966:  ; not directly referenced
cmp dword [edi + 0x4b1a], 2
jne short loc_fffc197d  ; jne 0xfffc197d
xor ecx, ecx
mov edx, 0x4598
mov eax, edi
call fcn_fffb335b  ; call 0xfffb335b

loc_fffc197d:  ; not directly referenced
mov eax, dword [ebp - 0x200]
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc198b:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
xor esi, esi
push ebx
add esp, 0xffffff80
mov ebx, dword [ebp + 8]
lea edi, [ebp - 0x60]
mov byte [ebp - 0x67], 5
mov byte [ebp - 0x66], 2
mov eax, dword [ebx + 0x5edd]
mov byte [ebp - 0x65], 1
mov byte [ebp - 0x64], 2
mov byte [ebp - 0x63], 1
mov dword [ebp - 0x6c], eax
mov al, byte [ebx + 0x248f]
mov byte [ebp - 0x62], 0
mov byte [ebp - 0x61], 0
mov byte [ebp - 0x6d], al
mov eax, dword [ebx + 0x188b]
mov dword [ebp - 0x74], eax
mov eax, dword [ebx + 0x2444]
push 0
push 5
push edi
call dword [eax + 0x60]  ; ucall
movzx edx, byte [ebp - 0x67]
mov ecx, 1
mov eax, ebx
call fcn_fffaab72  ; call 0xfffaab72
movzx edx, byte [ebp - 0x66]
mov ecx, 1
mov word [ebp - 0x60], ax
mov eax, ebx
call fcn_fffaab72  ; call 0xfffaab72
add esp, 0x10
mov word [ebp - 0x5e], ax

loc_fffc1a0c:  ; not directly referenced
mov eax, 1
mov ecx, esi
shl eax, cl
test byte [ebx + 0x248e], al
je short loc_fffc1a48  ; je 0xfffc1a48
push edx
mov ecx, 3
push 2
push 0
push 0xf
push 0xb
push 0
push edi
lea edx, [ebp - 0x65]
push edx
push 2
lea edx, [ebp - 0x67]
push edx
push 4
push eax
mov eax, ebx
lea edx, [ebp - 0x56]
call fcn_fffcb1dd  ; call 0xfffcb1dd
add esp, 0x30

loc_fffc1a48:  ; not directly referenced
inc esi
cmp esi, 4
jne short loc_fffc1a0c  ; jne 0xfffc1a0c
push eax
mov ecx, 3
push eax
mov eax, ebx
push 0
push 0xf
push 0
push 0
push 0
push 2
lea edx, [ebx + 0x2491]
call fcn_fffbea08  ; call 0xfffbea08
add esp, 0x20
cmp dword [ebp - 0x74], 1
jne loc_fffc1b55  ; jne 0xfffc1b55
lea eax, [ebx + 0x3757]
mov edi, dword [ebp - 0x6c]
mov dword [ebp - 0x78], eax
movzx eax, byte [ebp - 0x6d]
mov dword [ebp - 0x6c], 0
add edi, 0x1c
mov dword [ebp - 0x80], eax

loc_fffc1a98:  ; not directly referenced
mov eax, dword [ebp - 0x80]
mov ecx, dword [ebp - 0x6c]
bt eax, ecx
jb short loc_fffc1abe  ; jb 0xfffc1abe

loc_fffc1aa3:  ; not directly referenced
inc dword [ebp - 0x6c]
add edi, 0xcc
add dword [ebp - 0x78], 0x13c3
cmp dword [ebp - 0x6c], 2
jne short loc_fffc1a98  ; jne 0xfffc1a98
jmp near loc_fffc1b55  ; jmp 0xfffc1b55

loc_fffc1abe:  ; not directly referenced
mov byte [ebp - 0x6d], 0

loc_fffc1ac2:  ; not directly referenced
mov al, byte [ebp - 0x6d]
cmp al, byte [ebx + 0x2489]
jae short loc_fffc1aa3  ; jae 0xfffc1aa3
mov edx, dword [ebp - 0x78]
movzx esi, al
mov byte [ebp - 0x74], 0
mov cl, byte [edx + 0xc4]
add esi, edx
mov dword [ebp - 0x7c], esi
mov byte [ebp - 0x6e], cl
xor ecx, ecx

loc_fffc1ae7:  ; not directly referenced
mov eax, 1
shl eax, cl
test byte [ebp - 0x6e], al
je short loc_fffc1b13  ; je 0xfffc1b13
mov eax, dword [ebp - 0x7c]
lea esi, [ecx + ecx*8]
mov al, byte [eax + esi + 0x24d]
mov dl, al
and eax, 0xf
shr dl, 4
shl edx, 2
cmp dl, al
setne al
or byte [ebp - 0x74], al

loc_fffc1b13:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffc1ae7  ; jne 0xfffc1ae7
cmp byte [ebx + 0x240e], 1
je short loc_fffc1b28  ; je 0xfffc1b28
cmp byte [ebp - 0x74], 1
jne short loc_fffc1b4d  ; jne 0xfffc1b4d

loc_fffc1b28:  ; not directly referenced
movzx esi, byte [ebp - 0x6d]
mov eax, ebx
mov edx, dword [ebp - 0x6c]
mov ecx, esi
add esi, 8
call fcn_fffa71bc  ; call 0xfffa71bc
or byte [edi + esi*4 + 0xb], 1
mov ecx, dword [edi + esi*4 + 8]
mov edx, eax
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381

loc_fffc1b4d:  ; not directly referenced
inc byte [ebp - 0x6d]
jmp near loc_fffc1ac2  ; jmp 0xfffc1ac2

loc_fffc1b55:  ; not directly referenced
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc1b5f:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x540
mov esi, dword [ebp + 0xc]
mov ebx, dword [ebp + 8]
lea edi, [ebp - 0x4fa]
mov dword [ebp - 0x520], edx
mov edx, dword [ebp + 0x14]
mov dword [ebp - 0x51c], eax
mov dword [ebp - 0x52c], esi
mov esi, dword [ebp + 0x18]
mov dword [ebp - 0x524], ecx
mov ecx, 0xa
mov dword [ebp - 0x538], edx
mov dword [ebp - 0x528], ebx
mov ebx, dword [ebp + 0x10]
mov dword [ebp - 0x530], esi
mov esi, dword [ebp + 0x20]
mov byte [ebp - 0x507], 4
mov byte [ebp - 0x506], 1
mov byte [ebp - 0x505], 5
mov eax, esi
mov dword [ebp - 0x534], esi
mov esi, ref_fffd541c  ; mov esi, 0xfffd541c
mov byte [ebp - 0x541], al
lea eax, [ebp - 0x4f0]
mov byte [ebp - 0x504], 2
mov byte [ebp - 0x50b], 4
mov byte [ebp - 0x50a], 1
mov byte [ebp - 0x509], 5
mov byte [ebp - 0x508], 2
mov byte [ebp - 0x4ff], 1
mov byte [ebp - 0x4fe], 2
mov byte [ebp - 0x4fd], 0
mov byte [ebp - 0x4fc], 0
mov byte [ebp - 0x4fb], 0
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
mov edi, dword [ebp - 0x51c]
mov dword [ebp - 0x503], 0
mov esi, dword [edi + 0x2444]
push 0xff
push 0x4d8
push eax
call dword [esi + 0x5c]  ; ucall
add esp, 0xc
push 0xff
push 0x54e
push dword [ebp - 0x520]
call dword [esi + 0x5c]  ; ucall
mov cl, byte [ebp - 0x524]
mov al, byte [ebp - 0x528]
and cl, byte [edi + 0x248f]
and al, byte [edi + 0x248e]
add esp, 0x10
mov byte [ebp - 0x50d], 0
mov edx, dword [ebp - 0x538]
movzx esi, cl
mov edi, eax
xor eax, eax
and cl, 1
je short loc_fffc1caf  ; je 0xfffc1caf
mov ecx, dword [ebp - 0x51c]
mov eax, edi
and al, byte [ecx + 0x381b]
test al, al
mov byte [ebp - 0x50d], al
setne al

loc_fffc1caf:  ; not directly referenced
and esi, 2
mov byte [ebp - 0x50c], 0
je short loc_fffc1cd9  ; je 0xfffc1cd9
mov esi, dword [ebp - 0x51c]
mov ecx, edi
and cl, byte [esi + 0x4bde]
mov esi, eax
or esi, 2
test cl, cl
mov byte [ebp - 0x50c], cl
cmovne eax, esi

loc_fffc1cd9:  ; not directly referenced
mov cl, byte [ebx]
movzx eax, al
mov esi, dword [ebp - 0x520]
mov dword [ebp - 0x524], eax
mov byte [esi], cl
mov cl, byte [edx]
mov byte [esi + 4], cl
mov cl, byte [ebx + 1]
mov byte [esi + 1], cl
mov cl, byte [edx + 1]
mov byte [esi + 5], cl
mov cl, byte [ebx + 2]
mov byte [esi + 2], cl
mov cl, byte [edx + 2]
mov byte [esi + 6], cl
mov cl, byte [ebx + 3]
mov bl, byte [ebp - 0x530]
mov byte [esi + 3], cl
mov dl, byte [edx + 3]
mov byte [esi + 8], bl
mov byte [esi + 7], dl
mov edx, eax
movzx eax, byte [ebp - 0x52c]
push ecx
push ecx
mov ecx, esi
push 1
push eax
mov eax, dword [ebp - 0x51c]
call fcn_fffafe03  ; call 0xfffafe03
add esp, 0x10
cmp dword [ebp + 0x24], 0
je short loc_fffc1d84  ; je 0xfffc1d84
mov esi, dword [ebp - 0x51c]
push ecx
mov ecx, dword [ebp - 0x524]
push 0
push 0
lea ebx, [esi + 0x2491]
mov eax, esi
push 0
mov edx, ebx
call fcn_fffbf98a  ; call 0xfffbf98a
mov ecx, dword [ebp - 0x524]
pop eax
mov eax, esi
pop edx
mov edx, ebx
push 0
push 0xf
push 0
push 0
push 0
push 1
call fcn_fffbea08  ; call 0xfffbea08
add esp, 0x20

loc_fffc1d84:  ; not directly referenced
cmp dword [ebp + 0x28], 0
je short loc_fffc1dbd  ; je 0xfffc1dbd
mov ebx, dword [ebp - 0x51c]
sub esp, 0xc
push ebx
call fcn_fffc054a  ; call 0xfffc054a
mov ecx, dword [ebp - 0x524]
pop eax
mov eax, ebx
pop edx
lea edx, [ebx + 0x2491]
push 0
push 0xf
push 0
push 0
push 0
push 2
call fcn_fffbea08  ; call 0xfffbea08
add esp, 0x20

loc_fffc1dbd:  ; not directly referenced
mov ebx, dword [ebp - 0x520]
mov edx, edi
xor ecx, ecx
mov al, byte [ebp - 0x534]
movzx edi, dl
mov dword [ebp - 0x52c], edi
mov byte [ebx + 0x539], al
lea eax, [ebx + 0x534]
mov dword [ebp - 0x538], eax
mov eax, dword [ebp + 0x1c]
lea ebx, [ebp - 0x507]
mov dword [ebp - 0x530], eax
xor eax, eax

loc_fffc1df9:  ; not directly referenced
mov dl, byte [ebp - 0x530]
sub edx, dword [ebp + 0x1c]
cmp dl, byte [ebp - 0x541]
jae loc_fffc226f  ; jae 0xfffc226f
mov edi, dword [ebp - 0x530]
mov esi, dword [ebp - 0x538]
mov dl, byte [edi]
mov byte [esi], dl
cmp byte [edi], 6
ja loc_fffc21a3  ; ja 0xfffc21a3
movzx edx, byte [edi]
jmp dword [edx*4 + ref_fffd5428]  ; ujmp: jmp dword [edx*4 - 0x2abd8]

loc_fffc1e31:  ; not directly referenced
push eax
mov ecx, dword [ebp - 0x524]
push 1
push 0
push 0xf
push 0xc
push 0xfffffffffffffff5
lea eax, [ebp - 0x4fa]
push eax
lea eax, [ebp - 0x4ff]
push eax
mov eax, dword [ebp - 0x51c]
push 2
lea ebx, [ebp - 0x509]
push ebx
push 0
push dword [ebp - 0x52c]
lea esi, [ebp - 0x3f8]
mov edx, esi
call fcn_fffcb1dd  ; call 0xfffcb1dd
mov eax, dword [ebp - 0x520]
mov ecx, 0x3e
add esp, 0x30
lea edi, [eax + 0x14f]
mov eax, 1
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
mov cl, 2
jmp near loc_fffc21a3  ; jmp 0xfffc21a3

loc_fffc1e96:  ; not directly referenced
push eax
mov ecx, dword [ebp - 0x524]
push 0
push 9
push 0xf
push 6
push 0xfffffffffffffff6
lea eax, [ebp - 0x4fa]
push eax
lea eax, [ebp - 0x4ff]
push eax
mov eax, dword [ebp - 0x51c]
push 2
lea ebx, [ebp - 0x50b]
push ebx
push 1
push dword [ebp - 0x52c]
lea esi, [ebp - 0x110]
mov edx, esi
call fcn_fffcb1dd  ; call 0xfffcb1dd
mov eax, dword [ebp - 0x520]
mov ecx, 0x3e
add esp, 0x30
lea edi, [eax + 0x437]
mov eax, 4
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
mov cl, 2
jmp near loc_fffc21a3  ; jmp 0xfffc21a3

loc_fffc1efb:  ; not directly referenced
lea eax, [ebp - 0x208]
xor ebx, ebx
mov dword [ebp - 0x534], eax

loc_fffc1f09:  ; not directly referenced
mov eax, dword [ebp - 0x52c]
bt eax, ebx
jb short loc_fffc1f33  ; jb 0xfffc1f33

loc_fffc1f14:  ; not directly referenced
inc ebx
add dword [ebp - 0x534], 0x3e
cmp ebx, 4
jne short loc_fffc1f09  ; jne 0xfffc1f09
mov cl, 2
mov eax, 3
lea ebx, [ebp - 0x509]
jmp near loc_fffc21a3  ; jmp 0xfffc21a3

loc_fffc1f33:  ; not directly referenced
push edi
mov esi, dword [ebp - 0x534]
mov cl, bl
push 2
push 0
push 0xf
push 0xb
mov edx, esi
push 0
lea eax, [ebp - 0x4fa]
push eax
lea eax, [ebp - 0x4ff]
push eax
push 2
lea eax, [ebp - 0x509]
push eax
mov eax, dword [ebp - 0x51c]
push 4
mov dword [ebp - 0x528], 1
shl dword [ebp - 0x528], cl
push dword [ebp - 0x528]
mov ecx, dword [ebp - 0x524]
call fcn_fffcb1dd  ; call 0xfffcb1dd
imul eax, ebx, 0x3e
mov edi, dword [ebp - 0x520]
mov ecx, 0x3e
add esp, 0x30
lea edx, [ebp - 0x4f0]
lea edi, [edi + eax + 0x33f]
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
lea ecx, [ebp - 0x50d]
lea edi, [ebp - 0x50b]

loc_fffc1fb4:  ; not directly referenced
movzx esi, byte [ecx]
test dword [ebp - 0x528], esi
je short loc_fffc1fef  ; je 0xfffc1fef
mov si, word [edx + eax + 0x30c]
cmp si, word [edx + 0x30c]
jae short loc_fffc1fd7  ; jae 0xfffc1fd7
mov word [edx + 0x30c], si

loc_fffc1fd7:  ; not directly referenced
mov si, word [edx + eax + 0x310]
cmp si, word [edx + 0x310]
jae short loc_fffc1fef  ; jae 0xfffc1fef
mov word [edx + 0x310], si

loc_fffc1fef:  ; not directly referenced
inc ecx
add edx, 2
cmp ecx, edi
je loc_fffc1f14  ; je 0xfffc1f14
jmp short loc_fffc1fb4  ; jmp 0xfffc1fb4

loc_fffc1ffd:  ; not directly referenced
mov eax, dword [ebp - 0x51c]
lea ebx, [ebp - 0x300]
mov dword [ebp - 0x534], ebx
cmp dword [eax + 0x188b], 1
setne al
xor ebx, ebx
lea eax, [eax + eax + 0xc]
movsx eax, al
mov dword [ebp - 0x53c], eax

loc_fffc2028:  ; not directly referenced
mov eax, dword [ebp - 0x52c]
bt eax, ebx
jb short loc_fffc2052  ; jb 0xfffc2052

loc_fffc2033:  ; not directly referenced
inc ebx
add dword [ebp - 0x534], 0x3e
cmp ebx, 4
jne short loc_fffc2028  ; jne 0xfffc2028
mov cl, 2
mov eax, 2
lea ebx, [ebp - 0x50b]
jmp near loc_fffc21a3  ; jmp 0xfffc21a3

loc_fffc2052:  ; not directly referenced
push esi
mov cl, bl
mov esi, dword [ebp - 0x534]
push 0
push 9
push 0xf
push dword [ebp - 0x53c]
mov edx, esi
lea eax, [ebp - 0x4fa]
mov dword [ebp - 0x528], 1
shl dword [ebp - 0x528], cl
push 0
mov ecx, dword [ebp - 0x524]
push eax
lea eax, [ebp - 0x4ff]
push eax
push 2
lea eax, [ebp - 0x50b]
push eax
mov eax, dword [ebp - 0x51c]
push 5
push dword [ebp - 0x528]
call fcn_fffcb1dd  ; call 0xfffcb1dd
imul eax, ebx, 0x3e
mov edi, dword [ebp - 0x520]
mov ecx, 0x3e
add esp, 0x30
lea edx, [ebp - 0x4f0]
lea edi, [edi + eax + 0x247]
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
lea ecx, [ebp - 0x50d]

loc_fffc20d1:  ; not directly referenced
movzx esi, byte [ecx]
test dword [ebp - 0x528], esi
je short loc_fffc210c  ; je 0xfffc210c
mov si, word [edx + eax + 0x214]
cmp si, word [edx + 0x214]
jae short loc_fffc20f4  ; jae 0xfffc20f4
mov word [edx + 0x214], si

loc_fffc20f4:  ; not directly referenced
mov si, word [edx + eax + 0x218]
cmp si, word [edx + 0x218]
jae short loc_fffc210c  ; jae 0xfffc210c
mov word [edx + 0x218], si

loc_fffc210c:  ; not directly referenced
inc ecx
add edx, 2
lea edi, [ebp - 0x50b]
cmp ecx, edi
je loc_fffc2033  ; je 0xfffc2033
jmp short loc_fffc20d1  ; jmp 0xfffc20d1

loc_fffc2120:  ; not directly referenced
mov eax, dword [ebp - 0x51c]
cmp dword [eax + 0x188b], 1
jne short loc_fffc2140  ; jne 0xfffc2140
call fcn_fffaac56  ; call 0xfffaac56
mov edx, 0x2f
mov eax, 8
jmp short loc_fffc2147  ; jmp 0xfffc2147

loc_fffc2140:  ; not directly referenced
mov edx, 7
xor eax, eax

loc_fffc2147:  ; not directly referenced
push ecx
mov ecx, dword [ebp - 0x524]
push 0
push 9
push 0xf
push edx
push eax
lea eax, [ebp - 0x4fa]
push eax
lea eax, [ebp - 0x4ff]
push eax
mov eax, dword [ebp - 0x51c]
push 2
lea ebx, [ebp - 0x50b]
push ebx
push 6
push dword [ebp - 0x52c]
lea edx, [ebp - 0x4f0]
lea esi, [ebp - 0x4f0]
call fcn_fffcb1dd  ; call 0xfffcb1dd
mov eax, dword [ebp - 0x520]
mov ecx, 0x3e
add esp, 0x30
lea edi, [eax + 0x57]
xor eax, eax
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
mov cl, 2

loc_fffc21a3:  ; not directly referenced
imul edi, eax, 0x7c
mov dword [ebp - 0x528], 0
mov dword [ebp - 0x53c], edi

loc_fffc21b6:  ; not directly referenced
mov edi, dword [ebp - 0x528]
cmp byte [ebp + edi - 0x50d], 0
je loc_fffc224b  ; je 0xfffc224b
mov edi, dword [ebp - 0x53c]
lea edx, [ebp - 0x4f0]
add edi, dword [ebp - 0x528]
add edi, edi
add edi, edx
mov dword [ebp - 0x540], edi
xor edi, edi
jmp short loc_fffc2245  ; jmp 0xfffc2245

loc_fffc21ea:  ; not directly referenced
mov dl, byte [ebx + edi]
xor esi, esi
mov byte [ebp - 0x534], dl
cmp dl, 0x21
ja short loc_fffc2204  ; ja 0xfffc2204
movzx esi, dl
movzx esi, byte [esi + ref_fffd58e0]  ; movzx esi, byte [esi - 0x2a720]

loc_fffc2204:  ; not directly referenced
mov edx, esi
movzx esi, dl
mov dl, byte [ebp - 0x534]
mov dword [ebp - 0x548], eax
mov eax, dword [ebp - 0x520]
mov byte [ebp + esi - 0x503], dl
mov edx, dword [ebp - 0x528]
add esi, esi
lea edx, [edx + esi + 0x20]
mov esi, dword [ebp - 0x540]
mov si, word [esi + edi*4 + 0x24]
inc edi
mov word [eax + edx*2 + 3], si
mov eax, dword [ebp - 0x548]

loc_fffc2245:  ; not directly referenced
mov edx, edi
cmp cl, dl
ja short loc_fffc21ea  ; ja 0xfffc21ea

loc_fffc224b:  ; not directly referenced
inc dword [ebp - 0x528]
cmp dword [ebp - 0x528], 2
jne loc_fffc21b6  ; jne 0xfffc21b6
inc dword [ebp - 0x530]
inc dword [ebp - 0x538]
jmp near loc_fffc1df9  ; jmp 0xfffc1df9

loc_fffc226f:  ; not directly referenced
mov eax, dword [ebp - 0x520]
lea ebx, [ebp - 0x503]
mov dword [ebp - 0x524], ebx
mov byte [ebp - 0x52c], 0
mov byte [eax + 0x52f], 0
mov dword [ebp - 0x528], eax

loc_fffc2295:  ; not directly referenced
mov eax, dword [ebp - 0x524]
mov bl, byte [eax]
test bl, bl
je loc_fffc2348  ; je 0xfffc2348
mov ecx, dword [ebp - 0x520]
xor esi, esi
movzx eax, byte [ebp - 0x52c]
mov edi, dword [ebp - 0x51c]
mov byte [ecx + eax + 0x530], bl
lea eax, [ecx + eax*4]
inc byte [ecx + 0x52f]
add edi, 0x49bf
mov dword [ebp - 0x530], eax
movzx eax, bl
mov dword [ebp - 0x534], eax

loc_fffc22df:  ; not directly referenced
cmp byte [ebp + esi - 0x50d], 0
je short loc_fffc2336  ; je 0xfffc2336
mov edx, dword [ebp - 0x534]
mov ecx, 1
mov eax, dword [ebp - 0x51c]
call fcn_fffaab72  ; call 0xfffaab72
cmp bl, 2
jne short loc_fffc2317  ; jne 0xfffc2317
cmp byte [edi + 0x128], 5
mov dl, byte [edi]
je short loc_fffc2314  ; je 0xfffc2314
cmp dl, 5
jne short loc_fffc2317  ; jne 0xfffc2317

loc_fffc2314:  ; not directly referenced
add eax, 0x50

loc_fffc2317:  ; not directly referenced
mov ecx, dword [ebp - 0x528]
mov dx, word [ecx + esi*2 + 0x43]
mov ecx, dword [ebp - 0x530]
cmp dx, ax
cmovbe eax, edx
mov word [ecx + esi*2 + 0x53a], ax

loc_fffc2336:  ; not directly referenced
inc esi
add edi, 0x13c3
cmp esi, 2
jne short loc_fffc22df  ; jne 0xfffc22df
inc byte [ebp - 0x52c]

loc_fffc2348:  ; not directly referenced
inc dword [ebp - 0x524]
add dword [ebp - 0x528], 4
lea eax, [ebp - 0x4ff]
cmp dword [ebp - 0x524], eax
jne loc_fffc2295  ; jne 0xfffc2295
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc236f:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x40
mov eax, dword [ebp + 8]
mov dword [ebp - 0x3c], 0
add eax, 0x3757
mov dword [ebp - 0x2c], eax

loc_fffc238c:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffc23c0  ; ja 0xfffc23c0
mov eax, dword [ebp + 8]
cmp byte [eax + 0x374a], 0
jne short loc_fffc23c0  ; jne 0xfffc23c0

loc_fffc23a0:  ; not directly referenced
inc ecx
add dword [ebp - 0x3c], 0x23
add dword [ebp - 0x2c], 8
cmp ecx, 4
jne short loc_fffc238c  ; jne 0xfffc238c
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48de
jmp near loc_fffc2537  ; jmp 0xfffc2537

loc_fffc23c0:  ; not directly referenced
mov eax, dword [ebp + 8]
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x28], 0
add eax, 0x49c0
mov dword [ebp - 0x40], eax
imul eax, ecx, 0x2e
mov dword [ebp - 0x44], eax
mov eax, dword [ebp - 0x2c]
mov dword [ebp - 0x30], eax
mov eax, dword [ebp - 0x3c]
lea esi, [eax + 0x18b]
add eax, 0xbb
mov dword [ebp - 0x48], esi
mov dword [ebp - 0x4c], eax

loc_fffc23fa:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ebx, dword [ebp - 0x28]
mov esi, dword [ebp - 0x40]
mov dword [ebp - 0x24], 0
lea ebx, [eax + ebx + 0x1973]

loc_fffc2411:  ; not directly referenced
cmp dword [esi - 0xf6], 2
jne loc_fffc24f6  ; jne 0xfffc24f6
mov eax, dword [ebp - 0x44]
mov edi, dword [ebp - 0x24]
mov eax, dword [esi + eax - 0xf2]
mov dword [ebp - 0x20], eax
mov eax, dword [ebp - 0x30]
mov edx, dword [eax + edi + 0xc9]
mov eax, dword [eax + edi + 0xcd]
mov dword [ebp - 0x34], edx
mov dword [ebp - 0x38], eax
cmp ecx, 1
je short loc_fffc2496  ; je 0xfffc2496
jb short loc_fffc24a2  ; jb 0xfffc24a2
cmp ecx, 3
ja short loc_fffc24a2  ; ja 0xfffc24a2
cmp ecx, 2
mov dl, byte [esi]
jne short loc_fffc2461  ; jne 0xfffc2461
and dl, 1
jne short loc_fffc2468  ; jne 0xfffc2468
xor eax, eax
jmp short loc_fffc24de  ; jmp 0xfffc24de

loc_fffc2461:  ; not directly referenced
xor eax, eax
and dl, 2
je short loc_fffc24de  ; je 0xfffc24de

loc_fffc2468:  ; not directly referenced
mov edx, dword [esi - 0x21]
mov eax, dword [ebp - 0x4c]
mov edi, dword [ebp - 0x48]
and edx, 0xfffffffd
add eax, ebx
add edi, ebx
dec edx
cmovne eax, edi
xor edi, edi
cmp byte [esi + 1], 0x13
movzx edx, byte [eax + 7]
jne short loc_fffc248c  ; jne 0xfffc248c
movsx edi, byte [eax + 0x1d]

loc_fffc248c:  ; not directly referenced
xor eax, eax
cmp dword [ebp - 0x20], 0
je short loc_fffc24de  ; je 0xfffc24de
jmp short loc_fffc24c8  ; jmp 0xfffc24c8

loc_fffc2496:  ; not directly referenced
movzx eax, word [ebx + 0x258]
test ax, ax
jne short loc_fffc24de  ; jne 0xfffc24de

loc_fffc24a2:  ; not directly referenced
xor eax, eax
cmp dword [ebp - 0x20], 0
je short loc_fffc24de  ; je 0xfffc24de
mov eax, dword [esi - 0x21]
and eax, 0xfffffffd
dec eax
jne short loc_fffc24bd  ; jne 0xfffc24bd
movzx edx, byte [ebx + 0x5a]
movsx edi, byte [ebx + 0x6c]
jmp short loc_fffc24c8  ; jmp 0xfffc24c8

loc_fffc24bd:  ; not directly referenced
movzx edx, byte [ebx + 0x61]
movsx edi, byte [ebx + 0xc2]

loc_fffc24c8:  ; not directly referenced
imul edx, dword [ebp - 0x34]
mov eax, dword [ebp - 0x20]
imul edi, dword [ebp - 0x38]
lea eax, [eax + edx - 1]
xor edx, edx
add eax, edi
div dword [ebp - 0x20]

loc_fffc24de:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, 0x14
mov edi, 0x14
cmova eax, edi
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffc24f6:  ; not directly referenced
add dword [ebp - 0x24], 0x20
add esi, 0x128
add ebx, 0x277
cmp dword [ebp - 0x24], 0x40
jne loc_fffc2411  ; jne 0xfffc2411
add dword [ebp - 0x28], 0x54a
add dword [ebp - 0x40], 0x13c3
add dword [ebp - 0x30], 0x13c3
cmp dword [ebp - 0x28], 0xa94
jne loc_fffc23fa  ; jne 0xfffc23fa
jmp near loc_fffc23a0  ; jmp 0xfffc23a0

loc_fffc2537:  ; not directly referenced
cmp ecx, 1
ja short loc_fffc2548  ; ja 0xfffc2548
mov esi, dword [ebp + 8]
cmp byte [esi + 0x374a], 0
je short loc_fffc2572  ; je 0xfffc2572

loc_fffc2548:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffc2572:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffc2537  ; jne 0xfffc2537
add esp, 0x40
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc2588:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x44
mov eax, dword [ebp + 8]
mov dword [ebp - 0x40], 0
add eax, 0x3757
mov dword [ebp - 0x30], eax

loc_fffc25a5:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffc25d9  ; ja 0xfffc25d9
mov eax, dword [ebp + 8]
cmp byte [eax + 0x374a], 0
jne short loc_fffc25d9  ; jne 0xfffc25d9

loc_fffc25b9:  ; not directly referenced
inc ecx
add dword [ebp - 0x40], 0x23
add dword [ebp - 0x30], 8
cmp ecx, 4
jne short loc_fffc25a5  ; jne 0xfffc25a5
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48dc
jmp near loc_fffc27b6  ; jmp 0xfffc27b6

loc_fffc25d9:  ; not directly referenced
mov eax, dword [ebp + 8]
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x28], 0
add eax, 0x49c0
mov dword [ebp - 0x44], eax
imul eax, ecx, 0x2e
mov dword [ebp - 0x48], eax
mov eax, dword [ebp - 0x30]
mov dword [ebp - 0x34], eax
mov eax, dword [ebp - 0x40]
lea ebx, [eax + 0x18b]
add eax, 0xbb
mov dword [ebp - 0x4c], ebx
mov dword [ebp - 0x50], eax

loc_fffc2613:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ebx, dword [ebp - 0x28]
mov dword [ebp - 0x2c], 0
lea ebx, [eax + ebx + 0x1973]
mov eax, dword [ebp - 0x44]
mov dword [ebp - 0x20], eax

loc_fffc262d:  ; not directly referenced
mov eax, dword [ebp - 0x20]
cmp dword [eax - 0xf6], 2
jne loc_fffc2774  ; jne 0xfffc2774
mov edi, dword [ebp - 0x48]
mov esi, dword [ebp - 0x2c]
mov edx, dword [eax + edi - 0xf2]
mov edi, dword [ebp - 0x34]
mov dword [ebp - 0x24], edx
mov edx, dword [edi + esi + 0xc9]
mov edi, dword [edi + esi + 0xcd]
mov dword [ebp - 0x38], edx
mov dword [ebp - 0x3c], edi
cmp ecx, 1
je loc_fffc26f2  ; je 0xfffc26f2
jb loc_fffc26fe  ; jb 0xfffc26fe
cmp ecx, 3
ja loc_fffc26fe  ; ja 0xfffc26fe
cmp ecx, 2
mov dl, byte [eax]
jne short loc_fffc268f  ; jne 0xfffc268f
and dl, 1
jne short loc_fffc269a  ; jne 0xfffc269a
xor eax, eax
jmp near loc_fffc275a  ; jmp 0xfffc275a

loc_fffc268f:  ; not directly referenced
xor eax, eax
and dl, 2
je loc_fffc275a  ; je 0xfffc275a

loc_fffc269a:  ; not directly referenced
mov eax, dword [ebp - 0x20]
mov esi, dword [ebp - 0x50]
mov edx, dword [ebp - 0x4c]
mov eax, dword [eax - 0x21]
lea edi, [esi + ebx]
add edx, ebx
and eax, 0xfffffffd
dec eax
cmovne edi, edx
xor edx, edx
mov al, byte [edi + 9]
shr al, 4
movzx esi, al
movzx eax, byte [edi + 0xb]
shl esi, 8
or esi, eax
mov eax, dword [ebp - 0x20]
cmp byte [eax + 1], 0x13
jne short loc_fffc26d3  ; jne 0xfffc26d3
movsx edx, byte [edi + 0x1e]

loc_fffc26d3:  ; not directly referenced
xor eax, eax
cmp dword [ebp - 0x24], 0
je short loc_fffc275a  ; je 0xfffc275a
mov edi, dword [ebp - 0x24]
imul esi, dword [ebp - 0x38]
imul edx, dword [ebp - 0x3c]
lea eax, [edi + esi - 1]
add eax, edx
xor edx, edx
div edi
jmp short loc_fffc275a  ; jmp 0xfffc275a

loc_fffc26f2:  ; not directly referenced
movzx eax, word [ebx + 0x256]
test ax, ax
jne short loc_fffc275a  ; jne 0xfffc275a

loc_fffc26fe:  ; not directly referenced
xor eax, eax
cmp dword [ebp - 0x24], 0
je short loc_fffc275a  ; je 0xfffc275a
mov eax, dword [ebp - 0x20]
mov eax, dword [eax - 0x21]
and eax, 0xfffffffd
dec eax
jne short loc_fffc272a  ; jne 0xfffc272a
mov al, byte [ebx + 0x5d]
movsx edi, byte [ebx + 0x6e]
shr al, 4
movzx esi, al
movzx eax, byte [ebx + 0x5f]
shl esi, 8
or esi, eax
jmp short loc_fffc2743  ; jmp 0xfffc2743

loc_fffc272a:  ; not directly referenced
mov al, byte [ebx + 0x63]
movsx edi, byte [ebx + 0xc0]
shr al, 4
movzx esi, al
movzx eax, byte [ebx + 0x65]
shl esi, 8
or esi, eax

loc_fffc2743:  ; not directly referenced
mov eax, dword [ebp - 0x24]
xor edx, edx
imul esi, dword [ebp - 0x38]
imul edi, dword [ebp - 0x3c]
lea esi, [eax + esi - 1]
lea eax, [esi + edi]
div dword [ebp - 0x24]

loc_fffc275a:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, 0xfff
mov edi, 0xfff
cmova eax, edi
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffc2774:  ; not directly referenced
add dword [ebp - 0x2c], 0x20
add ebx, 0x277
add dword [ebp - 0x20], 0x128
cmp dword [ebp - 0x2c], 0x40
jne loc_fffc262d  ; jne 0xfffc262d
add dword [ebp - 0x28], 0x54a
add dword [ebp - 0x44], 0x13c3
add dword [ebp - 0x34], 0x13c3
cmp dword [ebp - 0x28], 0xa94
jne loc_fffc2613  ; jne 0xfffc2613
jmp near loc_fffc25b9  ; jmp 0xfffc25b9

loc_fffc27b6:  ; not directly referenced
cmp ecx, 1
ja short loc_fffc27c7  ; ja 0xfffc27c7
mov ebx, dword [ebp + 8]
cmp byte [ebx + 0x374a], 0
je short loc_fffc27f1  ; je 0xfffc27f1

loc_fffc27c7:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffc27f1:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffc27b6  ; jne 0xfffc27b6
add esp, 0x44
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc2807:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x3c
mov dword [ebp - 0x28], 0

loc_fffc2819:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffc2849  ; ja 0xfffc2849
mov eax, dword [ebp + 8]
cmp byte [eax + 0x374a], 0
jne short loc_fffc2849  ; jne 0xfffc2849

loc_fffc282d:  ; not directly referenced
inc ecx
add dword [ebp - 0x28], 0x23
cmp ecx, 4
jne short loc_fffc2819  ; jne 0xfffc2819
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48da
jmp near loc_fffc29b8  ; jmp 0xfffc29b8

loc_fffc2849:  ; not directly referenced
mov eax, dword [ebp + 8]
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x20], 0
add eax, 0x49c0
mov dword [ebp - 0x30], eax
imul eax, ecx, 0x2e
mov dword [ebp - 0x3c], eax
lea eax, [ecx*8 - 0x1269]
mov dword [ebp - 0x44], eax
mov eax, dword [ebp - 0x28]
add eax, 0x18b
mov dword [ebp - 0x48], eax

loc_fffc287e:  ; not directly referenced
mov eax, dword [ebp - 0x44]
mov edi, dword [ebp - 0x30]
mov ebx, dword [ebp - 0x20]
mov dword [ebp - 0x24], 0
add eax, edi
mov dword [ebp - 0x34], eax
mov eax, dword [ebp + 8]
lea ebx, [eax + ebx + 0x1973]
mov eax, dword [ebp - 0x28]
add eax, 0xbb
mov dword [ebp - 0x40], eax

loc_fffc28a8:  ; not directly referenced
cmp dword [edi - 0xf6], 2
jne loc_fffc297e  ; jne 0xfffc297e
mov eax, dword [ebp - 0x3c]
mov edx, dword [ebp - 0x24]
mov esi, dword [edi + eax - 0xf2]
mov eax, dword [ebp - 0x34]
mov eax, dword [eax + edx + 0xc9]
mov dword [ebp - 0x2c], eax
cmp ecx, 1
je short loc_fffc2921  ; je 0xfffc2921
jb short loc_fffc292d  ; jb 0xfffc292d
cmp ecx, 3
ja short loc_fffc292d  ; ja 0xfffc292d
cmp ecx, 2
mov dl, byte [edi]
jne short loc_fffc28eb  ; jne 0xfffc28eb
and dl, 1
jne short loc_fffc28f2  ; jne 0xfffc28f2
xor eax, eax
jmp short loc_fffc2966  ; jmp 0xfffc2966

loc_fffc28eb:  ; not directly referenced
xor eax, eax
and dl, 2
je short loc_fffc2966  ; je 0xfffc2966

loc_fffc28f2:  ; not directly referenced
mov eax, dword [ebp - 0x40]
mov edx, dword [edi - 0x21]
add eax, ebx
mov dword [ebp - 0x38], eax
mov eax, dword [ebp - 0x48]
and edx, 0xfffffffd
add eax, ebx
dec edx
cmove eax, dword [ebp - 0x38]
mov dl, byte [eax + 9]
movzx eax, byte [eax + 0xa]
and edx, 0xf
shl edx, 8
or edx, eax
xor eax, eax
test esi, esi
je short loc_fffc2966  ; je 0xfffc2966
jmp short loc_fffc295a  ; jmp 0xfffc295a

loc_fffc2921:  ; not directly referenced
movzx eax, word [ebx + 0x254]
test ax, ax
jne short loc_fffc2966  ; jne 0xfffc2966

loc_fffc292d:  ; not directly referenced
xor eax, eax
test esi, esi
je short loc_fffc2966  ; je 0xfffc2966
mov eax, dword [edi - 0x21]
and eax, 0xfffffffd
dec eax
jne short loc_fffc294b  ; jne 0xfffc294b
mov dl, byte [ebx + 0x5d]
movzx eax, byte [ebx + 0x5e]
and edx, 0xf
shl edx, 8
jmp short loc_fffc2958  ; jmp 0xfffc2958

loc_fffc294b:  ; not directly referenced
mov dl, byte [ebx + 0x63]
movzx eax, byte [ebx + 0x64]
and edx, 0xf
shl edx, 8

loc_fffc2958:  ; not directly referenced
or edx, eax

loc_fffc295a:  ; not directly referenced
imul edx, dword [ebp - 0x2c]
lea eax, [esi + edx - 1]
xor edx, edx
div esi

loc_fffc2966:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, 0x28
mov esi, 0x28
cmova eax, esi
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffc297e:  ; not directly referenced
add dword [ebp - 0x24], 0x20
add edi, 0x128
add ebx, 0x277
cmp dword [ebp - 0x24], 0x40
jne loc_fffc28a8  ; jne 0xfffc28a8
add dword [ebp - 0x20], 0x54a
add dword [ebp - 0x30], 0x13c3
cmp dword [ebp - 0x20], 0xa94
jne loc_fffc287e  ; jne 0xfffc287e
jmp near loc_fffc282d  ; jmp 0xfffc282d

loc_fffc29b8:  ; not directly referenced
cmp ecx, 1
ja short loc_fffc29c9  ; ja 0xfffc29c9
mov ebx, dword [ebp + 8]
cmp byte [ebx + 0x374a], 0
je short loc_fffc29f3  ; je 0xfffc29f3

loc_fffc29c9:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffc29f3:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffc29b8  ; jne 0xfffc29b8
add esp, 0x3c
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc2a09:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x30

loc_fffc2a14:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffc2a40  ; ja 0xfffc2a40
mov eax, dword [ebp + 8]
cmp byte [eax + 0x374a], 0
jne short loc_fffc2a40  ; jne 0xfffc2a40

loc_fffc2a28:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffc2a14  ; jne 0xfffc2a14
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48d8
jmp near loc_fffc2b99  ; jmp 0xfffc2b99

loc_fffc2a40:  ; not directly referenced
mov eax, dword [ebp + 8]
lea esi, [ecx*8 - 0x1269]
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x20], 0
mov dword [ebp - 0x38], esi
add eax, 0x49c0
mov dword [ebp - 0x2c], eax
imul eax, ecx, 0x2e
mov dword [ebp - 0x30], eax
imul eax, ecx, 0x23
add eax, 0xbb
mov dword [ebp - 0x3c], eax

loc_fffc2a75:  ; not directly referenced
mov eax, dword [ebp - 0x38]
mov edi, dword [ebp - 0x2c]
mov ebx, dword [ebp - 0x20]
mov dword [ebp - 0x24], 0
add eax, edi
mov dword [ebp - 0x34], eax
mov eax, dword [ebp + 8]
lea ebx, [eax + ebx + 0x1973]

loc_fffc2a94:  ; not directly referenced
cmp dword [edi - 0xf6], 2
jne loc_fffc2b5f  ; jne 0xfffc2b5f
mov eax, dword [ebp - 0x30]
mov edx, dword [ebp - 0x24]
mov esi, dword [edi + eax - 0xf2]
mov eax, dword [ebp - 0x34]
mov eax, dword [eax + edx + 0xc9]
mov dword [ebp - 0x28], eax
cmp ecx, 1
je short loc_fffc2b02  ; je 0xfffc2b02
jb short loc_fffc2b0e  ; jb 0xfffc2b0e
cmp ecx, 3
ja short loc_fffc2b0e  ; ja 0xfffc2b0e
cmp ecx, 2
mov dl, byte [edi]
jne short loc_fffc2ad7  ; jne 0xfffc2ad7
and dl, 1
jne short loc_fffc2ade  ; jne 0xfffc2ade
xor eax, eax
jmp short loc_fffc2b47  ; jmp 0xfffc2b47

loc_fffc2ad7:  ; not directly referenced
xor eax, eax
and dl, 2
je short loc_fffc2b47  ; je 0xfffc2b47

loc_fffc2ade:  ; not directly referenced
mov eax, dword [ebp - 0x3c]
add eax, ebx
mov dl, byte [eax + 0x12]
movzx eax, byte [eax + 0x13]
and edx, 0xf
shl edx, 8
or edx, eax
xor eax, eax
test esi, esi
je short loc_fffc2b47  ; je 0xfffc2b47
imul edx, dword [ebp - 0x28]
lea eax, [esi + edx - 1]
jmp short loc_fffc2b43  ; jmp 0xfffc2b43

loc_fffc2b02:  ; not directly referenced
movzx eax, word [ebx + 0x252]
test ax, ax
jne short loc_fffc2b47  ; jne 0xfffc2b47

loc_fffc2b0e:  ; not directly referenced
xor eax, eax
test esi, esi
je short loc_fffc2b47  ; je 0xfffc2b47
mov eax, dword [edi - 0x21]
and eax, 0xfffffffd
dec eax
jne short loc_fffc2b2c  ; jne 0xfffc2b2c
mov al, byte [ebx + 0x64]
movzx edx, byte [ebx + 0x65]
and eax, 0xf
shl eax, 8
jmp short loc_fffc2b39  ; jmp 0xfffc2b39

loc_fffc2b2c:  ; not directly referenced
mov al, byte [ebx + 0x6c]
movzx edx, byte [ebx + 0x6d]
and eax, 0xf
shl eax, 8

loc_fffc2b39:  ; not directly referenced
or eax, edx
imul eax, dword [ebp - 0x28]
lea eax, [esi + eax - 1]

loc_fffc2b43:  ; not directly referenced
xor edx, edx
div esi

loc_fffc2b47:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, 0x36
mov esi, 0x36
cmova eax, esi
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffc2b5f:  ; not directly referenced
add dword [ebp - 0x24], 0x20
add edi, 0x128
add ebx, 0x277
cmp dword [ebp - 0x24], 0x40
jne loc_fffc2a94  ; jne 0xfffc2a94
add dword [ebp - 0x20], 0x54a
add dword [ebp - 0x2c], 0x13c3
cmp dword [ebp - 0x20], 0xa94
jne loc_fffc2a75  ; jne 0xfffc2a75
jmp near loc_fffc2a28  ; jmp 0xfffc2a28

loc_fffc2b99:  ; not directly referenced
cmp ecx, 1
ja short loc_fffc2baa  ; ja 0xfffc2baa
mov edi, dword [ebp + 8]
cmp byte [edi + 0x374a], 0
je short loc_fffc2bd4  ; je 0xfffc2bd4

loc_fffc2baa:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffc2bd4:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffc2b99  ; jne 0xfffc2b99
add esp, 0x30
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc2bea:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
xor ebx, ebx
sub esp, 0x34
mov dword [ebp - 0x20], 0xc

loc_fffc2bfc:  ; not directly referenced
lea eax, [ebx - 2]
cmp eax, 1
ja short loc_fffc2c14  ; ja 0xfffc2c14
mov esi, dword [ebp + 8]
cmp byte [esi + 0x374a], 0
je loc_fffc2e13  ; je 0xfffc2e13

loc_fffc2c14:  ; not directly referenced
imul esi, ebx, 0x2e
imul eax, eax, 0x23
lea edi, [ebx*8 + 0x3757]
mov dword [ebp + ebx*4 - 0x1c], 0
mov dword [ebp - 0x34], esi
mov dword [ebp - 0x24], 0
mov dword [ebp - 0x40], edi
mov dword [ebp - 0x30], eax

loc_fffc2c39:  ; not directly referenced
mov edi, dword [ebp - 0x24]
mov esi, dword [ebp - 0x40]
mov dword [ebp - 0x28], 0
imul eax, edi, 0x13c3
imul edx, edi, 0x54a
mov edi, dword [ebp + 8]
lea ecx, [esi + eax]
mov esi, dword [ebp + 8]
add ecx, dword [ebp + 8]
lea edi, [edi + edx + 0x1973]
mov dword [ebp - 0x3c], ecx
lea esi, [esi + eax + 0x49c0]

loc_fffc2c6f:  ; not directly referenced
cmp dword [esi - 0xf6], 2
jne loc_fffc2dec  ; jne 0xfffc2dec
mov eax, dword [ebp - 0x34]
mov edx, dword [ebp - 0x28]
mov ecx, dword [esi + eax - 0xf2]
mov eax, dword [ebp - 0x3c]
mov eax, dword [eax + edx + 0xc9]
mov edx, dword [esi - 0x21]
mov dword [ebp - 0x38], eax
mov eax, 0x12
cmp edx, 2
cmovne eax, dword [ebp - 0x20]
mov dword [ebp - 0x20], eax
cmp ebx, 1
je short loc_fffc2d0b  ; je 0xfffc2d0b
jb short loc_fffc2d1b  ; jb 0xfffc2d1b
cmp ebx, 3
ja short loc_fffc2d1b  ; ja 0xfffc2d1b
mov al, byte [esi]
cmp ebx, 2
mov byte [ebp - 0x29], al
jne short loc_fffc2cc9  ; jne 0xfffc2cc9
test al, 1
jne short loc_fffc2cd5  ; jne 0xfffc2cd5
xor eax, eax
jmp near loc_fffc2dd7  ; jmp 0xfffc2dd7

loc_fffc2cc9:  ; not directly referenced
xor eax, eax
test byte [ebp - 0x29], 2
je loc_fffc2dd7  ; je 0xfffc2dd7

loc_fffc2cd5:  ; not directly referenced
and edx, 0xfffffffd
mov eax, dword [ebp - 0x30]
dec edx
jne short loc_fffc2ce8  ; jne 0xfffc2ce8
movzx edx, byte [edi + eax + 0x106]
jmp short loc_fffc2cf0  ; jmp 0xfffc2cf0

loc_fffc2ce8:  ; not directly referenced
movzx edx, byte [edi + eax + 0x1d6]

loc_fffc2cf0:  ; not directly referenced
xor eax, eax
test ecx, ecx
je loc_fffc2dd7  ; je 0xfffc2dd7
imul edx, dword [ebp - 0x38]
lea eax, [ecx + edx - 1]
xor edx, edx
div ecx
jmp near loc_fffc2dd7  ; jmp 0xfffc2dd7

loc_fffc2d0b:  ; not directly referenced
movzx eax, word [edi + 0x250]
test ax, ax
jne loc_fffc2dd7  ; jne 0xfffc2dd7

loc_fffc2d1b:  ; not directly referenced
cmp edx, 3
jne short loc_fffc2d5a  ; jne 0xfffc2d5a
mov eax, 9
cmp ecx, 0x105944
jbe loc_fffc2dd7  ; jbe 0xfffc2dd7
mov al, 7
cmp ecx, 0x16e360
jbe loc_fffc2dd7  ; jbe 0xfffc2dd7
mov al, 5
cmp ecx, 0x1c9c38
jbe loc_fffc2dd7  ; jbe 0xfffc2dd7
cmp ecx, 0x2625a1
sbb eax, eax
and eax, 4
jmp short loc_fffc2dd7  ; jmp 0xfffc2dd7

loc_fffc2d5a:  ; not directly referenced
cmp edx, 2
jne short loc_fffc2d97  ; jne 0xfffc2d97
mov eax, 0x12
cmp ecx, 0xbbcce
jbe short loc_fffc2dd7  ; jbe 0xfffc2dd7
mov al, 0xc
cmp ecx, 0xcb735
jbe short loc_fffc2dd7  ; jbe 0xfffc2dd7
mov al, 0xb
cmp ecx, 0xe5010
jbe short loc_fffc2dd7  ; jbe 0xfffc2dd7
mov al, 0xa
cmp ecx, 0x105944
jbe short loc_fffc2dd7  ; jbe 0xfffc2dd7
cmp ecx, 0x1312d1
sbb eax, eax
and eax, 9
jmp short loc_fffc2dd7  ; jmp 0xfffc2dd7

loc_fffc2d97:  ; not directly referenced
mov eax, 0xa
cmp ecx, 0xe5010
jbe short loc_fffc2dd7  ; jbe 0xfffc2dd7
mov al, 9
cmp ecx, 0x105944
jbe short loc_fffc2dd7  ; jbe 0xfffc2dd7
mov al, 8
cmp ecx, 0x1312d0
jbe short loc_fffc2dd7  ; jbe 0xfffc2dd7
mov al, 7
cmp ecx, 0x16e360
jbe short loc_fffc2dd7  ; jbe 0xfffc2dd7
mov al, 6
cmp ecx, 0x1c9c38
jbe short loc_fffc2dd7  ; jbe 0xfffc2dd7
cmp ecx, 0x2625a1
sbb eax, eax
and eax, 5

loc_fffc2dd7:  ; not directly referenced
mov edx, dword [ebp - 0x20]
cmp eax, edx
cmova eax, edx
mov edx, dword [ebp + ebx*4 - 0x1c]
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ebx*4 - 0x1c], eax

loc_fffc2dec:  ; not directly referenced
add dword [ebp - 0x28], 0x20
add esi, 0x128
add edi, 0x277
cmp dword [ebp - 0x28], 0x40
jne loc_fffc2c6f  ; jne 0xfffc2c6f
inc dword [ebp - 0x24]
cmp dword [ebp - 0x24], 2
jne loc_fffc2c39  ; jne 0xfffc2c39

loc_fffc2e13:  ; not directly referenced
inc ebx
cmp ebx, 4
jne loc_fffc2bfc  ; jne 0xfffc2bfc
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48d6

loc_fffc2e2a:  ; not directly referenced
cmp ecx, 1
ja short loc_fffc2e3b  ; ja 0xfffc2e3b
mov ebx, dword [ebp + 8]
cmp byte [ebx + 0x374a], 0
je short loc_fffc2e65  ; je 0xfffc2e65

loc_fffc2e3b:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffc2e65:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffc2e2a  ; jne 0xfffc2e2a
add esp, 0x34
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc2e7b:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
xor esi, esi
push ebx
sub esp, 0x24

loc_fffc2e86:  ; not directly referenced
lea eax, [esi - 2]
cmp eax, 1
ja short loc_fffc2ead  ; ja 0xfffc2ead
mov eax, dword [ebp + 8]
cmp byte [eax + 0x374a], 0
jne short loc_fffc2ead  ; jne 0xfffc2ead

loc_fffc2e9a:  ; not directly referenced
inc esi
cmp esi, 4
jne short loc_fffc2e86  ; jne 0xfffc2e86
add esp, 0x24
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

loc_fffc2ead:  ; not directly referenced
mov eax, dword [ebp + 8]
mov byte [ebp - 0x1f], 2
add eax, 0x1973
mov dword [ebp - 0x24], eax
mov eax, dword [ebp + 8]
add eax, 0x3757
mov dword [ebp - 0x14], eax
lea eax, [esi*8]
mov dword [ebp - 0x28], eax
lea eax, [esi + esi + 0xf8]
mov dword [ebp - 0x2c], eax
lea eax, [esi - 2]
mov dword [ebp - 0x30], eax

loc_fffc2ee1:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
mov ecx, dword [ebp - 0x24]
mov edi, dword [ebp - 0x28]
mov dword [ebp - 0x10], 0
add eax, ecx
mov dword [ebp - 0x1c], eax
mov eax, dword [ebp - 0x14]
add edi, eax

loc_fffc2efb:  ; not directly referenced
mov eax, dword [ebp - 0x14]
mov ebx, dword [ebp - 0x10]
cmp dword [eax + ebx + 0x1173], 2
jne loc_fffc3070  ; jne 0xfffc3070
cmp dword [ebp - 0x30], 1
ja loc_fffc2fdd  ; ja 0xfffc2fdd
cmp esi, 2
mov al, byte [eax + ebx + 0x1269]
jne short loc_fffc2f29  ; jne 0xfffc2f29
test al, 1
jmp short loc_fffc2f2b  ; jmp 0xfffc2f2b

loc_fffc2f29:  ; not directly referenced
test al, 2

loc_fffc2f2b:  ; not directly referenced
je loc_fffc2fc4  ; je 0xfffc2fc4
mov eax, dword [ebp - 0x14]
mov ebx, dword [ebp - 0x10]
mov eax, dword [eax + ebx + 0x1248]
and eax, 0xfffffffd
dec eax
jne short loc_fffc2f5d  ; jne 0xfffc2f5d
mov al, byte [ecx + 0x100]
mov dl, al
and eax, 0xf
shr dl, 4
mov byte [ebp - 0x18], al
mov eax, dword [ebp - 0x1c]
mov byte [ebp - 0x1d], dl
jmp short loc_fffc2f79  ; jmp 0xfffc2f79

loc_fffc2f5d:  ; not directly referenced
mov al, byte [ecx + 0x1d0]
mov dl, al
and eax, 0xf
mov byte [ebp - 0x18], al
mov eax, dword [ebp - 0x1c]
shr dl, 4
mov byte [ebp - 0x1d], dl
add eax, 0xd0

loc_fffc2f79:  ; not directly referenced
mov bl, byte [eax]
mov edx, dword [ebp - 0x10]
mov byte [ebp - 0x1e], bl
movzx ebx, byte [eax + 1]
mov eax, dword [ebp - 0x14]
cmp byte [eax + edx + 0x126a], 0x12
mov eax, 0
je short loc_fffc2fb2  ; je 0xfffc2fb2
cmp byte [ebp - 0x18], 0
je short loc_fffc2fb2  ; je 0xfffc2fb2
movzx edx, byte [ebp - 0x1d]
imul eax, edx, 0x3e8
movzx edx, byte [ebp - 0x18]
mov dword [ebp - 0x18], edx
cdq
idiv dword [ebp - 0x18]

loc_fffc2fb2:  ; not directly referenced
mov dword [edi + 0xcd], eax
xor eax, eax
test bl, bl
je short loc_fffc3039  ; je 0xfffc3039
movzx eax, byte [ebp - 0x1e]
jmp short loc_fffc3030  ; jmp 0xfffc3030

loc_fffc2fc4:  ; not directly referenced
mov dword [edi + 0xcd], 0
mov dword [edi + 0xc9], 0
jmp near loc_fffc3070  ; jmp 0xfffc3070

loc_fffc2fdd:  ; not directly referenced
mov eax, dword [ebp - 0x14]
mov ebx, dword [ebp - 0x10]
mov eax, dword [eax + ebx + 0x1248]
and eax, 0xfffffffd
dec eax
jne short loc_fffc3041  ; jne 0xfffc3041
mov dl, byte [ecx + 0x51]
movzx ebx, byte [ecx + 0x53]
mov al, dl
shr al, 4
mov byte [ebp - 0x18], al
mov al, byte [ecx + 0x52]
mov byte [ebp - 0x1d], al
xor eax, eax
and dl, 0xf
je short loc_fffc3020  ; je 0xfffc3020
movzx eax, byte [ebp - 0x18]
movzx edx, dl
mov dword [ebp - 0x18], edx
imul eax, eax, 0x3e8
cdq
idiv dword [ebp - 0x18]

loc_fffc3020:  ; not directly referenced
mov dword [edi + 0xcd], eax
xor eax, eax
test bl, bl
je short loc_fffc3039  ; je 0xfffc3039
movzx eax, byte [ebp - 0x1d]

loc_fffc3030:  ; not directly referenced
imul eax, eax, 0xf4240
cdq
idiv ebx

loc_fffc3039:  ; not directly referenced
mov dword [edi + 0xc9], eax
jmp short loc_fffc3070  ; jmp 0xfffc3070

loc_fffc3041:  ; not directly referenced
mov al, byte [ecx + 0x59]
shr al, 2
and eax, 3
cmp eax, 1
sbb eax, eax
and eax, 0x1e848
mov dword [edi + 0xc9], eax
mov al, byte [ecx + 0x59]
and eax, 3
cmp eax, 1
sbb eax, eax
and eax, 0x3e8
mov dword [edi + 0xcd], eax

loc_fffc3070:  ; not directly referenced
add dword [ebp - 0x10], 0x128
add edi, 0x20
add ecx, 0x277
add dword [ebp - 0x1c], 0x277
cmp dword [ebp - 0x10], 0x250
jne loc_fffc2efb  ; jne 0xfffc2efb
add dword [ebp - 0x24], 0x54a
add dword [ebp - 0x14], 0x13c3
dec byte [ebp - 0x1f]
jne loc_fffc2ee1  ; jne 0xfffc2ee1
jmp near loc_fffc2e9a  ; jmp 0xfffc2e9a

fcn_fffc30b0:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x10]
mov ecx, dword [ebp + 0xc]
mov edx, dword [eax + 0xd5]
and edx, 0xfffffffd
dec edx
jne short loc_fffc30ca  ; jne 0xfffc30ca
mov dl, byte [ecx + 0x29]
jmp short loc_fffc30cd  ; jmp 0xfffc30cd

loc_fffc30ca:  ; not directly referenced
mov dl, byte [ecx + 7]

loc_fffc30cd:  ; not directly referenced
and edx, 0xf
cmp edx, 8
ja short loc_fffc3129  ; ja 0xfffc3129
jmp dword [edx*4 + ref_fffd5444]  ; ujmp: jmp dword [edx*4 - 0x2abbc]

loc_fffc30dc:  ; not directly referenced
mov byte [eax + 0xf4], 0
jmp short loc_fffc30ec  ; jmp 0xfffc30ec

loc_fffc30e5:  ; not directly referenced
mov byte [eax + 0xf4], 2

loc_fffc30ec:  ; not directly referenced
mov eax, 1
jmp short loc_fffc3132  ; jmp 0xfffc3132

loc_fffc30f3:  ; not directly referenced
mov byte [eax + 0xf4], 3
jmp short loc_fffc30ec  ; jmp 0xfffc30ec

loc_fffc30fc:  ; not directly referenced
mov byte [eax + 0xf4], 4
jmp short loc_fffc30ec  ; jmp 0xfffc30ec

loc_fffc3105:  ; not directly referenced
mov byte [eax + 0xf4], 5
jmp short loc_fffc30ec  ; jmp 0xfffc30ec

loc_fffc310e:  ; not directly referenced
mov byte [eax + 0xf4], 6
jmp short loc_fffc30ec  ; jmp 0xfffc30ec

loc_fffc3117:  ; not directly referenced
mov byte [eax + 0xf4], 7
jmp short loc_fffc30ec  ; jmp 0xfffc30ec

loc_fffc3120:  ; not directly referenced
mov byte [eax + 0xf4], 8
jmp short loc_fffc30ec  ; jmp 0xfffc30ec

loc_fffc3129:  ; not directly referenced
mov byte [eax + 0xf4], 0
xor eax, eax

loc_fffc3132:  ; not directly referenced
pop ebp
ret

fcn_fffc3134:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x10]
push ebx
mov edx, dword [ebp + 0xc]
mov ebx, dword [ebp + 8]
mov ecx, dword [eax + 0xd5]
and ecx, 0xfffffffd
dec ecx
jne short loc_fffc319e  ; jne 0xfffc319e
mov cl, byte [edx + 0x1f]
shr cl, 7
mov byte [eax + 0xd1], cl
mov cl, byte [edx + 0x1f]
shr cl, 3
and ecx, 1
mov byte [eax + 0xd2], cl
xor ecx, ecx
test byte [edx + 0x1f], 4
je short loc_fffc317c  ; je 0xfffc317c
xor ecx, ecx
cmp byte [ebx + 0x18b7], 0
setne cl

loc_fffc317c:  ; not directly referenced
mov byte [eax + 0xd0], cl
mov cl, byte [edx + 0x1f]
shr cl, 1
and ecx, 1
mov byte [eax + 0xd4], cl
mov dl, byte [edx + 0x1f]
and edx, 1
mov byte [eax + 0xd3], dl
jmp short loc_fffc31c1  ; jmp 0xfffc31c1

loc_fffc319e:  ; not directly referenced
mov byte [eax + 0xd1], 0
mov byte [eax + 0xd2], 0
mov byte [eax + 0xd0], 0
mov byte [eax + 0xd4], 0
mov byte [eax + 0xd3], 0

loc_fffc31c1:  ; not directly referenced
xor edx, edx
cmp byte [eax + 0xd0], 0
jne short loc_fffc31e1  ; jne 0xfffc31e1
cmp byte [eax + 0xd3], 0
je short loc_fffc31e1  ; je 0xfffc31e1
xor edx, edx
cmp byte [ebx + 0x18b8], 0
setne dl

loc_fffc31e1:  ; not directly referenced
mov byte [eax + 0xcf], dl
mov eax, 1
pop ebx
pop ebp
ret

fcn_fffc31ef:  ; not directly referenced
push ebp
mov ebp, esp
mov ecx, dword [ebp + 0x10]
push ebx
mov eax, dword [ebp + 0xc]
mov ebx, dword [ecx + 0xd5]
mov edx, ebx
and edx, 0xfffffffd
dec edx
jne short loc_fffc320c  ; jne 0xfffc320c
mov dl, byte [eax + 0x3f]
jmp short loc_fffc3212  ; jmp 0xfffc3212

loc_fffc320c:  ; not directly referenced
mov dl, byte [eax + 0x83]

loc_fffc3212:  ; not directly referenced
and edx, 1
mov eax, 1
mov byte [ecx + 0xce], dl
cmp ebx, 2
jne short loc_fffc3235  ; jne 0xfffc3235
dec dl
jne short loc_fffc3235  ; jne 0xfffc3235
xor eax, eax
cmp dword [ecx + 0xd9], 3
sete al

loc_fffc3235:  ; not directly referenced
pop ebx
pop ebp
ret

fcn_fffc3238:  ; not directly referenced
push ebp
mov ebp, esp
mov edx, dword [ebp + 0x10]
mov eax, dword [edx + 0xd5]
and eax, 0xfffffffd
dec eax
jne short loc_fffc3263  ; jne 0xfffc3263
mov eax, dword [ebp + 0xc]
mov al, byte [eax + 8]
shr al, 3
and eax, 3
dec al
jne short loc_fffc3263  ; jne 0xfffc3263
mov byte [edx + 0xcc], 1
jmp short loc_fffc326a  ; jmp 0xfffc326a

loc_fffc3263:  ; not directly referenced
mov byte [edx + 0xcc], 0

loc_fffc326a:  ; not directly referenced
mov eax, 1
pop ebp
ret

fcn_fffc3271:  ; not directly referenced
push ebp
mov ecx, 8
mov ebp, esp
push edi
push esi
mov esi, ref_fffd5468  ; mov esi, 0xfffd5468
push ebx
sub esp, 0x20
mov ebx, dword [ebp + 0x10]
lea edi, [ebp - 0x2c]
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov dl, byte [ebx + 0xf1]
test dl, dl
je short loc_fffc32db  ; je 0xfffc32db
mov al, byte [ebx + 0xf3]
cmp al, 7
ja short loc_fffc32db  ; ja 0xfffc32db
movzx ecx, al
movzx eax, byte [ebx + 0xf0]
imul eax, dword [ebp + ecx*4 - 0x2c]
movzx ecx, dl
xor edx, edx
div ecx
movzx edx, byte [ebx + 0xed]
imul eax, edx
lea edx, [eax - 0x200]
cmp edx, 0x3e00
ja short loc_fffc32db  ; ja 0xfffc32db
mov dword [ebx + 0xe1], eax
mov eax, 1
jmp short loc_fffc32e7  ; jmp 0xfffc32e7

loc_fffc32db:  ; not directly referenced
mov dword [ebx + 0xe1], 0
xor eax, eax

loc_fffc32e7:  ; not directly referenced
add esp, 0x20
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc32ef:  ; not directly referenced
push ebp
mov ebp, esp
mov edx, dword [ebp + 0x10]
mov ecx, dword [ebp + 0xc]
mov eax, dword [edx + 0xd5]
and eax, 0xfffffffd
dec eax
jne short loc_fffc3309  ; jne 0xfffc3309
mov al, byte [ecx + 7]
jmp short loc_fffc330c  ; jmp 0xfffc330c

loc_fffc3309:  ; not directly referenced
mov al, byte [ecx + 0xc]

loc_fffc330c:  ; not directly referenced
shr al, 3
and eax, 7
inc eax
cmp al, 2
ja short loc_fffc3324  ; ja 0xfffc3324
mov byte [edx + 0xed], al
mov eax, 1
jmp short loc_fffc332d  ; jmp 0xfffc332d

loc_fffc3324:  ; not directly referenced
mov byte [edx + 0xed], 0
xor eax, eax

loc_fffc332d:  ; not directly referenced
pop ebp
ret

fcn_fffc332f:  ; not directly referenced
push ebp
mov ebp, esp
mov edx, dword [ebp + 0x10]
push esi
mov eax, dword [ebp + 0xc]
push ebx
mov ecx, dword [edx + 0xd5]
and ecx, 0xfffffffd
dec ecx
mov cl, byte [eax + 4]
jne short loc_fffc336d  ; jne 0xfffc336d
and ecx, 0xf
mov byte [edx + 0xf3], cl
test byte [eax + 4], 0x70
jne short loc_fffc33b8  ; jne 0xfffc33b8
mov byte [edx + 0xee], 8
mov eax, 1
mov byte [edx + 0xef], 0
jmp short loc_fffc33ba  ; jmp 0xfffc33ba

loc_fffc336d:  ; not directly referenced
and ecx, 0xf
mov byte [edx + 0xf3], cl
mov al, byte [eax + 4]
mov cl, al
shr cl, 4
shr al, 6
and ecx, 3
mov esi, eax
xor eax, eax
cmp cl, 1
ja short loc_fffc339f  ; ja 0xfffc339f
mov eax, 4
shl eax, cl
mov byte [edx + 0xee], al
mov eax, 1

loc_fffc339f:  ; not directly referenced
lea ecx, [esi - 1]
cmp cl, 1
ja short loc_fffc33b8  ; ja 0xfffc33b8
mov ebx, 1
mov ecx, esi
shl ebx, cl
mov byte [edx + 0xef], bl
jmp short loc_fffc33ba  ; jmp 0xfffc33ba

loc_fffc33b8:  ; not directly referenced
xor eax, eax

loc_fffc33ba:  ; not directly referenced
pop ebx
pop esi
pop ebp
ret

fcn_fffc33be:  ; not directly referenced
push ebp
mov ebp, esp
mov edx, dword [ebp + 0x10]
mov ecx, dword [ebp + 0xc]
mov eax, dword [edx + 0xd5]
and eax, 0xfffffffd
dec eax
jne short loc_fffc33d8  ; jne 0xfffc33d8
mov al, byte [ecx + 8]
jmp short loc_fffc33db  ; jmp 0xfffc33db

loc_fffc33d8:  ; not directly referenced
mov al, byte [ecx + 0xd]

loc_fffc33db:  ; not directly referenced
and eax, 7
cmp al, 3
jne short loc_fffc33f0  ; jne 0xfffc33f0
mov byte [edx + 0xf0], 0x40
mov eax, 1
jmp short loc_fffc33f9  ; jmp 0xfffc33f9

loc_fffc33f0:  ; not directly referenced
mov byte [edx + 0xf0], 0
xor eax, eax

loc_fffc33f9:  ; not directly referenced
pop ebp
ret

fcn_fffc33fb:  ; not directly referenced
push ebp
mov ebp, esp
mov edx, dword [ebp + 0xc]
push ebx
mov eax, dword [ebp + 8]
mov ecx, dword [ebp + 0x10]
mov dl, byte [edx + 5]
mov eax, dword [eax + 0x1887]
and edx, 7
cmp dl, 2
je short loc_fffc345c  ; je 0xfffc345c
cmp dl, 3
je short loc_fffc3487  ; je 0xfffc3487
dec dl
jne short loc_fffc3499  ; jne 0xfffc3499
cmp eax, 0x40650
je short loc_fffc3451  ; je 0xfffc3451
cmp eax, 0x40660
sete bl
cmp eax, 0x306c0
sete dl
or bl, dl
jne short loc_fffc3451  ; jne 0xfffc3451
cmp eax, 0x40670
sete bl
cmp eax, 0x306d0
sete dl
or bl, dl
je short loc_fffc3463  ; je 0xfffc3463

loc_fffc3451:  ; not directly referenced
mov word [ecx + 0xe9], 0x400
jmp short loc_fffc3480  ; jmp 0xfffc3480

loc_fffc345c:  ; not directly referenced
cmp eax, 0x40650
je short loc_fffc3477  ; je 0xfffc3477

loc_fffc3463:  ; not directly referenced
cmp eax, 0x40670
sete dl
cmp eax, 0x306d0
sete al
or dl, al
je short loc_fffc3499  ; je 0xfffc3499

loc_fffc3477:  ; not directly referenced
mov word [ecx + 0xe9], 0x800

loc_fffc3480:  ; not directly referenced
mov eax, 1
jmp short loc_fffc34a4  ; jmp 0xfffc34a4

loc_fffc3487:  ; not directly referenced
cmp eax, 0x40650
jne short loc_fffc3499  ; jne 0xfffc3499
mov word [ecx + 0xe9], 0x1000
jmp short loc_fffc3480  ; jmp 0xfffc3480

loc_fffc3499:  ; not directly referenced
mov word [ecx + 0xe9], 0
xor eax, eax

loc_fffc34a4:  ; not directly referenced
pop ebx
pop ebp
ret

fcn_fffc34a7:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0xc]
mov edx, dword [ebp + 0x10]
mov al, byte [eax + 5]
shr al, 3
and eax, 7
cmp al, 4
ja short loc_fffc3508  ; ja 0xfffc3508
movzx eax, al
jmp dword [eax*4 + ref_fffd5488]  ; ujmp: jmp dword [eax*4 - 0x2ab78]

loc_fffc34c7:  ; not directly referenced
mov dword [edx + 0xe5], 0x1000
jmp short loc_fffc34dd  ; jmp 0xfffc34dd

loc_fffc34d3:  ; not directly referenced
mov dword [edx + 0xe5], 0x2000

loc_fffc34dd:  ; not directly referenced
mov eax, 1
jmp short loc_fffc3514  ; jmp 0xfffc3514

loc_fffc34e4:  ; not directly referenced
mov dword [edx + 0xe5], 0x4000
jmp short loc_fffc34dd  ; jmp 0xfffc34dd

loc_fffc34f0:  ; not directly referenced
mov dword [edx + 0xe5], 0x8000
jmp short loc_fffc34dd  ; jmp 0xfffc34dd

loc_fffc34fc:  ; not directly referenced
mov dword [edx + 0xe5], 0x10000
jmp short loc_fffc34dd  ; jmp 0xfffc34dd

loc_fffc3508:  ; not directly referenced
mov dword [edx + 0xe5], 0
xor eax, eax

loc_fffc3514:  ; not directly referenced
pop ebp
ret

fcn_fffc3516:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x10]
mov ecx, dword [ebp + 0xc]
mov edx, dword [eax + 0xd5]
and edx, 0xfffffffd
dec edx
jne short loc_fffc3530  ; jne 0xfffc3530
mov dl, byte [ecx + 7]
jmp short loc_fffc3533  ; jmp 0xfffc3533

loc_fffc3530:  ; not directly referenced
mov dl, byte [ecx + 0xc]

loc_fffc3533:  ; not directly referenced
and edx, 7
mov byte [eax + 0xf2], dl
mov dl, byte [eax + 0xf2]
cmp dl, 2
je short loc_fffc3559  ; je 0xfffc3559
cmp dl, 3
je short loc_fffc3567  ; je 0xfffc3567
dec dl
jne short loc_fffc3570  ; jne 0xfffc3570
mov byte [eax + 0xf1], 8
jmp short loc_fffc3560  ; jmp 0xfffc3560

loc_fffc3559:  ; not directly referenced
mov byte [eax + 0xf1], 0x10

loc_fffc3560:  ; not directly referenced
mov eax, 1
jmp short loc_fffc3579  ; jmp 0xfffc3579

loc_fffc3567:  ; not directly referenced
mov byte [eax + 0xf1], 0x20
jmp short loc_fffc3560  ; jmp 0xfffc3560

loc_fffc3570:  ; not directly referenced
mov byte [eax + 0xf1], 0
xor eax, eax

loc_fffc3579:  ; not directly referenced
pop ebp
ret

fcn_fffc357b:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 1
mov ebx, dword [ebp + 0xc]
mov esi, dword [ebp + 8]
mov edx, dword [ebp + 0x10]
mov cl, byte [ebx + 6]
mov eax, dword [esi + 0x1887]
mov edi, dword [esi + 0x188b]
mov byte [ebp - 0xd], cl
mov cl, byte [ebx + 2]
shr byte [ebp - 0xd], 1
and byte [ebp - 0xd], 1
cmp cl, 0xc
je loc_fffc363e  ; je 0xfffc363e
cmp cl, 0xf1
je short loc_fffc35ff  ; je 0xfffc35ff
cmp cl, 0xb
jne loc_fffc365f  ; jne 0xfffc365f
mov dword [edx + 0xd5], 1
mov cl, byte [ebx + 3]
add ebx, 0xb0
and ecx, 0xf
cmp eax, 0x306d0
mov dword [edx + 0xd9], ecx
sete cl
cmp eax, 0x40650
sete al
or cl, al
je loc_fffc3709  ; je 0xfffc3709
cmp byte [ebp - 0xd], 0
je short loc_fffc3675  ; je 0xfffc3675
jmp near loc_fffc3709  ; jmp 0xfffc3709

loc_fffc35ff:  ; not directly referenced
cmp eax, 0x40650
je short loc_fffc361d  ; je 0xfffc361d
cmp eax, 0x40660
sete cl
cmp eax, 0x306c0
sete al
or cl, al
jne short loc_fffc361d  ; jne 0xfffc361d
dec edi
jne short loc_fffc363e  ; jne 0xfffc363e

loc_fffc361d:  ; not directly referenced
mov dword [edx + 0xd5], 3
mov al, byte [ebx + 3]
add ebx, 0xb0
and eax, 0xf
mov dword [edx + 0xd9], eax
jmp near loc_fffc3709  ; jmp 0xfffc3709

loc_fffc363e:  ; not directly referenced
mov dword [edx + 0xd5], 2
mov al, byte [ebx + 3]
add ebx, 0x180
and eax, 0xf
mov dword [edx + 0xd9], eax
jmp near loc_fffc3709  ; jmp 0xfffc3709

loc_fffc365f:  ; not directly referenced
mov dword [edx + 0xd5], 0
xor ebx, ebx
mov dword [edx + 0xd9], 0

loc_fffc3675:  ; not directly referenced
xor eax, eax

loc_fffc3677:  ; not directly referenced
mov byte [edx + 0xf6], 0
test eax, eax
je loc_fffc3731  ; je 0xfffc3731
cmp word [ebx], 0x4a0c
mov eax, dword [esi + 0x18a7]
jne short loc_fffc36b4  ; jne 0xfffc36b4
mov cl, byte [ebx + 3]
and ecx, 0xfffffffe
cmp cl, 0x12
jne short loc_fffc36b4  ; jne 0xfffc36b4
cmp eax, 2
jne short loc_fffc36a9  ; jne 0xfffc36a9
test byte [ebx + 2], 1
jmp short loc_fffc36b2  ; jmp 0xfffc36b2

loc_fffc36a9:  ; not directly referenced
cmp eax, 3
jne short loc_fffc36c2  ; jne 0xfffc36c2
test byte [ebx + 2], 2

loc_fffc36b2:  ; not directly referenced
jne short loc_fffc36c2  ; jne 0xfffc36c2

loc_fffc36b4:  ; not directly referenced
sub eax, 2
cmp eax, 1
seta al
movzx eax, al
jmp short loc_fffc36ce  ; jmp 0xfffc36ce

loc_fffc36c2:  ; not directly referenced
or byte [esi + 0x374a], 1
mov eax, 1

loc_fffc36ce:  ; not directly referenced
cmp word [ebx], 0x4a0c
jne short loc_fffc3731  ; jne 0xfffc3731
movzx edi, byte [ebx + 3]
mov esi, edi
and esi, 0xfffffffe
mov ecx, esi
cmp cl, 0x12
jne short loc_fffc36ed  ; jne 0xfffc36ed
mov ecx, edi
mov byte [edx + 0xf7], cl

loc_fffc36ed:  ; not directly referenced
test byte [ebx + 2], 1
je short loc_fffc36fa  ; je 0xfffc36fa
or byte [edx + 0xf6], 1

loc_fffc36fa:  ; not directly referenced
test byte [ebx + 2], 2
je short loc_fffc3731  ; je 0xfffc3731
or byte [edx + 0xf6], 2
jmp short loc_fffc3731  ; jmp 0xfffc3731

loc_fffc3709:  ; not directly referenced
mov eax, dword [edx + 0xd9]
lea ecx, [eax - 2]
xor eax, eax
cmp ecx, 6
ja loc_fffc3677  ; ja 0xfffc3677
mov eax, 1
shl eax, cl
test al, 0x43
setne al
movzx eax, al
jmp near loc_fffc3677  ; jmp 0xfffc3677

loc_fffc3731:  ; not directly referenced
add esp, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc3739:  ; not directly referenced
push ebp
mov ebp, esp
movzx eax, byte [ebp + 0x10]
movzx edx, byte [ebp + 0x14]
shl eax, 0xc
add edx, eax
movzx eax, byte [ebp + 0xc]
shl eax, 0xf
add edx, eax
movzx eax, byte [ebp + 8]
pop ebp
shl eax, 0x14
add eax, edx
ret

fcn_fffc375d:  ; not directly referenced
push ebp
mov ebp, esp
mov edx, dword [ebp + 0x10]
movzx eax, byte [ebp + 0x14]
and edx, 7
shl edx, 8
or eax, 0x80000000
or eax, edx
movzx edx, byte [ebp + 8]
shl edx, 0x10
or eax, edx
movzx edx, byte [ebp + 0xc]
pop ebp
shl edx, 0xb
movzx edx, dx
or eax, edx
ret

fcn_fffc378b:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
mov ebx, dword [ebp + 8]
mov dword [ebp - 0x1c], 0
mov eax, dword [ebx + 0x2444]
lea edi, [ebx + 0xfb9]
mov dword [ebp - 0x20], eax
mov al, byte [ebx + 0xfb8]
mov byte [ebx + 0x3756], al
mov eax, dword [ebx + 0xfb4]
mov dword [ebx + 0x374f], eax

loc_fffc37c5:  ; not directly referenced
imul esi, dword [ebp - 0x1c], 0x13c3
xor edx, edx
mov eax, dword [edi + 4]
lea ecx, [ebx + esi + 0x3757]
mov dword [ebx + esi + 0x3817], eax
mov al, byte [edi + 8]
mov byte [ebx + esi + 0x381b], al
mov eax, dword [edi]
mov dword [ebx + esi + 0x3757], eax

loc_fffc37f2:  ; not directly referenced
push eax
push 0x2e
lea eax, [edi + edx + 9]
push eax
lea eax, [ecx + edx + 4]
push eax
mov eax, dword [ebp - 0x20]
mov dword [ebp - 0x28], edx
mov dword [ebp - 0x24], ecx
call dword [eax + 0x58]  ; ucall
mov edx, dword [ebp - 0x28]
add esp, 0x10
mov ecx, dword [ebp - 0x24]
add edx, 0x2e
cmp edx, 0xb8
jne short loc_fffc37f2  ; jne 0xfffc37f2
imul eax, dword [ebp - 0x1c], 0x54a
lea esi, [ebx + esi + 0x48ca]
mov dword [ebp - 0x24], esi
lea edx, [edi + 0x313]
mov byte [ebp - 0x29], 2
lea esi, [ebx + eax + 0x1afb]
lea eax, [edi + 0xc1]
mov dword [ebp - 0x28], eax

loc_fffc384a:  ; not directly referenced
mov eax, dword [ebp - 0x28]
mov eax, dword [eax]
lea ecx, [eax - 1]
cmp ecx, 1
ja short loc_fffc38ca  ; ja 0xfffc38ca
push eax
mov eax, dword [ebp - 0x20]
push 0x128
push dword [ebp - 0x28]
push dword [ebp - 0x24]
mov dword [ebp - 0x30], edx
call dword [eax + 0x58]  ; ucall
mov edx, dword [ebp - 0x30]
add esp, 0x10
cmp byte [esi - 0x13e], 0xc
jne short loc_fffc3896  ; jne 0xfffc3896
mov cl, byte [edx - 2]
mov eax, esi
mov byte [esi - 0x13d], cl
mov cl, byte [edx - 1]
mov byte [esi - 0x133], cl
mov ecx, 0x1d
jmp short loc_fffc38b3  ; jmp 0xfffc38b3

loc_fffc3896:  ; not directly referenced
mov al, byte [edx - 2]
mov ecx, 0x1f
mov byte [esi - 0x13d], al
mov al, byte [edx - 1]
mov byte [esi - 0x138], al
lea eax, [esi - 0xcb]

loc_fffc38b3:  ; not directly referenced
sub esp, 4
push ecx
push edx
push eax
mov eax, dword [ebp - 0x20]
mov dword [ebp - 0x30], edx
call dword [eax + 0x58]  ; ucall
add esp, 0x10
mov edx, dword [ebp - 0x30]
jmp short loc_fffc38cf  ; jmp 0xfffc38cf

loc_fffc38ca:  ; not directly referenced
mov ecx, dword [ebp - 0x24]
mov dword [ecx], eax

loc_fffc38cf:  ; not directly referenced
add dword [ebp - 0x28], 0x128
add esi, 0x277
add edx, 0x21
add dword [ebp - 0x24], 0x128
dec byte [ebp - 0x29]
jne loc_fffc384a  ; jne 0xfffc384a
inc dword [ebp - 0x1c]
add edi, 0x433
cmp dword [ebp - 0x1c], 2
jne loc_fffc37c5  ; jne 0xfffc37c5
mov eax, dword [ebx + 0x182c]
xor ecx, ecx
mov dword [ebx + 0x3736], eax
mov eax, dword [ebx + 0x1830]
mov dword [ebx + 0x373a], eax
mov eax, dword [ebx + 0x1834]
mov dword [ebx + 0x373e], eax
mov eax, dword [ebx + 0x1838]
mov dword [ebx + 0x3742], eax
mov eax, dword [ebx + 0xfa4]
mov dword [ebx + 0x1887], eax
mov eax, dword [ebx + 0xfa0]
mov dword [ebx + 0x1883], eax
mov eax, dword [ebx + 0xfa8]
mov dword [ebx + 0x188b], eax
mov al, byte [ebx + 0x1842]
mov byte [ebx + 0x190d], al
mov eax, dword [ebx + 0x181f]
mov dword [ebx + 0x36d8], eax
mov eax, dword [ebx + 0x1823]
mov dword [ebx + 0x36e0], eax
mov al, byte [ebx + 0x182b]
mov byte [ebx + 0x36e8], al
mov eax, dword [ebx + 0x1827]
mov dword [ebx + 0x36e4], eax
mov al, byte [ebx + 0x183c]
mov byte [ebx + 0x3749], al
mov eax, dword [ebx + 0x183d]
mov dword [ebx + 0x2481], eax
mov al, byte [ebx + 0x1841]
mov byte [ebx + 0x374a], al
mov al, byte [ebx + 0x184c]
mov byte [ebx + 0x36cb], al
mov eax, dword [ebx + 0x1843]
mov dword [ebx + 0x36cc], eax
mov eax, dword [ebx + 0x1847]
mov dword [ebx + 0x1912], eax
mov al, byte [ebx + 0x184b]
mov byte [ebx + 0x1916], al
mov al, byte [ebx + 0x184d]
mov byte [ebx + 0x36a9], al

loc_fffc39f4:  ; not directly referenced
mov eax, dword [ebx + ecx + 0x184e]
mov edx, dword [ebx + ecx + 0x1852]
mov dword [ebx + ecx + 0x36aa], eax
mov dword [ebx + ecx + 0x36ae], edx
add ecx, 8
cmp ecx, 0x20
jne short loc_fffc39f4  ; jne 0xfffc39f4
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc3a22:  ; not directly referenced
push ebp
mov ebp, esp
push ebx
sub esp, 0x10
mov ebx, dword [ebp + 8]
mov al, byte [ebx + 0x18b1]
mov ecx, dword [ebx + 0x18cd]
mov byte [ebx + 0x247a], 0
mov byte [ebx + 0x3749], al
mov al, byte [ebx + 0x23ff]
lea edx, [ecx + 0x18]
mov byte [ebx + 0x3746], al
mov eax, dword [ebx + 0x2444]
push edx
call dword [eax + 0x20]  ; ucall
add esp, 0x10
mov edx, eax
shr edx, 0x10
test ax, ax
jne short loc_fffc3a75  ; jne 0xfffc3a75
cmp dx, 1
jbe short loc_fffc3a75  ; jbe 0xfffc3a75
mov al, dl
jmp short loc_fffc3a7b  ; jmp 0xfffc3a7b

loc_fffc3a75:  ; not directly referenced
mov al, byte [ebx + 0x2401]

loc_fffc3a7b:  ; not directly referenced
mov ecx, dword [ebx + 0x18cd]
sub esp, 0xc
mov byte [ebx + 0x3748], al
mov eax, dword [ebx + 0x2444]
lea edx, [ecx + 0x28]
push edx
call dword [eax + 0x20]  ; ucall
add esp, 0x10
mov edx, eax
shr edx, 0x10
test ax, ax
jne short loc_fffc3aae  ; jne 0xfffc3aae
cmp dx, 1
jbe short loc_fffc3aae  ; jbe 0xfffc3aae
mov al, dl
jmp short loc_fffc3ab4  ; jmp 0xfffc3ab4

loc_fffc3aae:  ; not directly referenced
mov al, byte [ebx + 0x2400]

loc_fffc3ab4:  ; not directly referenced
mov byte [ebx + 0x3747], al
xor eax, eax
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffc3ac1:  ; not directly referenced
push ebp
xor eax, eax
mov ebp, esp
pop ebp
ret

fcn_fffc3ac8:  ; not directly referenced
push ebp
xor eax, eax
mov ebp, esp
pop ebp
ret

fcn_fffc3acf:  ; not directly referenced
push ebp
and edx, 0xff00
mov ebp, esp
push ebx
xor ebx, ebx
sub esp, 8
push 0xe
push ebx
push edx
call dword [eax + 0x68]  ; ucall
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffc3aea:  ; not directly referenced
push ebp
movzx ecx, dl
mov ebp, esp
push ebx
xor ebx, ebx
sub esp, 8
push 0x16
push ebx
push ecx
call dword [eax + 0x68]  ; ucall
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffc3b02:
push ebp
mov ebp, esp
push esi
push ebx
mov esi, dword [eax + 0x2444]
lea ebx, [edx - 0xd]
mov ecx, dword [eax + 0x2481]
cmp ebx, 0x36
ja loc_fffc3ca2  ; ja 0xfffc3ca2
jmp dword [ebx*4 + ref_fffd549c]  ; ujmp: jmp dword [ebx*4 - 0x2ab64]

loc_fffc3b26:
cmp ecx, 3
je loc_fffc3ca2  ; je 0xfffc3ca2
mov bl, byte [eax + 0x2403]
jmp short loc_fffc3b8d  ; jmp 0xfffc3b8d

loc_fffc3b37:
mov bl, byte [eax + 0x2403]
jmp short loc_fffc3bb5  ; jmp 0xfffc3bb5

loc_fffc3b3f:
mov bl, byte [eax + 0x2403]
jmp near loc_fffc3bfe  ; jmp 0xfffc3bfe

loc_fffc3b4a:
mov bl, byte [eax + 0x2403]
jmp near loc_fffc3c09  ; jmp 0xfffc3c09

loc_fffc3b55:
mov bl, byte [eax + 0x2403]
jmp near loc_fffc3c7c  ; jmp 0xfffc3c7c

loc_fffc3b60:
mov bl, byte [eax + 0x2403]
jmp short loc_fffc3bd2  ; jmp 0xfffc3bd2

loc_fffc3b68:
mov bl, byte [eax + 0x2403]
jmp near loc_fffc3c14  ; jmp 0xfffc3c14

loc_fffc3b73:
movsx ebx, byte [eax + 0x2403]
jmp near loc_fffc3c46  ; jmp 0xfffc3c46

loc_fffc3b7f:
cmp ecx, 2
jmp near loc_fffc3c71  ; jmp 0xfffc3c71

loc_fffc3b87:
mov bl, byte [eax + 0x2404]

loc_fffc3b8d:
not ebx
jmp near loc_fffc3c1a  ; jmp 0xfffc3c1a

loc_fffc3b94:
mov bl, byte [eax + 0x2406]
jmp short loc_fffc3bd2  ; jmp 0xfffc3bd2

loc_fffc3b9c:
mov bl, byte [eax + 0x2406]
jmp near loc_fffc3c7c  ; jmp 0xfffc3c7c

loc_fffc3ba7:
mov bl, byte [eax + 0x2406]
jmp short loc_fffc3c09  ; jmp 0xfffc3c09

loc_fffc3baf:
mov bl, byte [eax + 0x2404]

loc_fffc3bb5:
shr bl, 1
jmp short loc_fffc3c17  ; jmp 0xfffc3c17

loc_fffc3bb9:
mov bl, byte [eax + 0x2404]
jmp short loc_fffc3bfe  ; jmp 0xfffc3bfe

loc_fffc3bc1:
mov bl, byte [eax + 0x2404]
jmp near loc_fffc3c7c  ; jmp 0xfffc3c7c

loc_fffc3bcc:
mov bl, byte [eax + 0x2404]

loc_fffc3bd2:
shr bl, 5
jmp short loc_fffc3c17  ; jmp 0xfffc3c17

loc_fffc3bd7:
mov bl, byte [eax + 0x2404]
jmp short loc_fffc3c14  ; jmp 0xfffc3c14

loc_fffc3bdf:
movsx ebx, byte [eax + 0x2404]
jmp short loc_fffc3c46  ; jmp 0xfffc3c46

loc_fffc3be8:
mov bl, byte [eax + 0x2405]
jmp short loc_fffc3b8d  ; jmp 0xfffc3b8d

loc_fffc3bf0:
mov bl, byte [eax + 0x2405]
jmp short loc_fffc3bb5  ; jmp 0xfffc3bb5

loc_fffc3bf8:
mov bl, byte [eax + 0x2405]

loc_fffc3bfe:
shr bl, 2
jmp short loc_fffc3c17  ; jmp 0xfffc3c17

loc_fffc3c03:
mov bl, byte [eax + 0x2405]

loc_fffc3c09:
shr bl, 3
jmp short loc_fffc3c17  ; jmp 0xfffc3c17

loc_fffc3c0e:
mov bl, byte [eax + 0x2405]

loc_fffc3c14:
shr bl, 6

loc_fffc3c17:
xor ebx, 1

loc_fffc3c1a:
and ebx, 1
jmp near loc_fffc3ca4  ; jmp 0xfffc3ca4

loc_fffc3c22:
mov ebx, 1
test byte [eax + 0x2405], 0x20
je short loc_fffc3ca4  ; je 0xfffc3ca4
cmp dword [eax + 0x188b], 0

loc_fffc3c37:
sete bl

loc_fffc3c3a:
movzx ebx, bl
jmp short loc_fffc3ca4  ; jmp 0xfffc3ca4

loc_fffc3c3f:
movsx ebx, byte [eax + 0x2405]

loc_fffc3c46:
not ebx
shr ebx, 0x1f
jmp short loc_fffc3ca4  ; jmp 0xfffc3ca4

loc_fffc3c4d:
mov ebx, 1
test byte [eax + 0x2406], 1
je short loc_fffc3ca4  ; je 0xfffc3ca4

loc_fffc3c5b:
cmp ecx, 3
jmp short loc_fffc3c37  ; jmp 0xfffc3c37

loc_fffc3c60:
mov ebx, 1
test byte [eax + 0x2404], 8
je short loc_fffc3ca4  ; je 0xfffc3ca4

loc_fffc3c6e:
cmp ecx, 3

loc_fffc3c71:
setne bl
jmp short loc_fffc3c3a  ; jmp 0xfffc3c3a

loc_fffc3c76:
mov bl, byte [eax + 0x2405]

loc_fffc3c7c:
shr bl, 4
jmp short loc_fffc3c17  ; jmp 0xfffc3c17

loc_fffc3c81:
mov bl, byte [eax + 0x2406]
jmp near loc_fffc3bb5  ; jmp 0xfffc3bb5

loc_fffc3c8c:
mov bl, byte [eax + 0x2406]
jmp near loc_fffc3bfe  ; jmp 0xfffc3bfe

loc_fffc3c97:
mov bl, byte [eax + 0x2406]
jmp near loc_fffc3c14  ; jmp 0xfffc3c14

loc_fffc3ca2:
xor ebx, ebx

loc_fffc3ca4:
push ecx
push 0
push edx
push eax
call dword [esi + 0x90]  ; ucall
lea esp, [ebp - 8]
or eax, ebx
pop ebx
pop esi
pop ebp
ret

fcn_fffc3cb8:
push ebp
xor ecx, ecx
mov ebp, esp
push esi
push ebx
sub esp, 0x400

loc_fffc3cc5:
mov ebx, ecx
mov esi, 8

loc_fffc3ccc:
test bl, 1
je short loc_fffc3cdb  ; je 0xfffc3cdb
shr ebx, 1
xor ebx, 0xedb88320
jmp short loc_fffc3cdd  ; jmp 0xfffc3cdd

loc_fffc3cdb:
shr ebx, 1

loc_fffc3cdd:
dec esi
jne short loc_fffc3ccc  ; jne 0xfffc3ccc
mov dword [ebp + ecx*4 - 0x408], ebx
inc ecx
cmp ecx, 0x100
jne short loc_fffc3cc5  ; jne 0xfffc3cc5
or ecx, 0xffffffff
xor ebx, ebx

loc_fffc3cf5:
cmp ebx, edx
je short loc_fffc3d10  ; je 0xfffc3d10
mov esi, ecx
xor cl, byte [eax + ebx]
inc ebx
shr esi, 8
movzx ecx, cl
xor esi, dword [ebp + ecx*4 - 0x408]
mov ecx, esi
jmp short loc_fffc3cf5  ; jmp 0xfffc3cf5

loc_fffc3d10:
add esp, 0x400
mov eax, ecx
pop ebx
not eax
pop esi
pop ebp
ret

fcn_fffc3d1e:
cmp dword [eax + 0x39], 1
jne loc_fffc3dfc  ; jne 0xfffc3dfc
push ebp
add eax, 0x369
mov ebp, esp
push edi
push esi
push ebx
sub esp, 5
mov ebx, dword [edx + 9]
mov dword [ebp - 0x10], eax
mov byte [ebp - 0x11], 2

loc_fffc3d40:
mov ecx, dword [ebp - 0x10]
xor esi, esi

loc_fffc3d45:
movzx edi, byte [ebx + 0x10]
mov word [ecx - 0x18], di
mov di, word [ebx + 8]
mov word [ecx - 0x16], di
mov di, word [ebx + 0x20]
mov word [ecx - 0x14], di
mov di, word [ebx + 0x1e]
mov word [ecx - 0x12], di
mov di, word [ebx + 0xe]
mov word [ecx - 0x10], di
mov di, word [ebx + 0x1c]
mov word [ecx - 0xe], di
mov di, word [ebx + 0xa]
mov word [ecx - 0xc], di
mov di, word [ebx + 0x22]
mov word [ecx - 0xa], di
mov di, word [ebx + 0x14]
mov word [ecx - 8], di
mov di, word [ebx + 0xc]
mov word [ecx - 2], di
cmp byte [edx], 5
jbe short loc_fffc3da3  ; jbe 0xfffc3da3
mov di, word [ebx + 0x68]
mov word [ecx], di
jmp short loc_fffc3da8  ; jmp 0xfffc3da8

loc_fffc3da3:
mov word [ecx], 0

loc_fffc3da8:
mov di, word [ebx + 0x16]
inc esi
add ecx, 0x277
mov eax, esi
mov word [ecx - 0x275], di
mov di, word [ebx + 0x1a]
mov word [ecx - 0x26f], di
mov di, word [ebx + 0x12]
mov word [ecx - 0x26d], di
mov di, word [ebx + 0x18]
mov word [ecx - 0x26b], di
cmp al, 2
jne loc_fffc3d45  ; jne 0xfffc3d45
add dword [ebp - 0x10], 0x54a
dec byte [ebp - 0x11]
jne loc_fffc3d40  ; jne 0xfffc3d40
add esp, 5
pop ebx
pop esi
pop edi
pop ebp

loc_fffc3dfc:
ret

fcn_fffc3dfd:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
xor ebx, ebx
sub esp, 0x2c
mov eax, dword [eax + 0x2481]
mov dword [ebp - 0x2c], ecx
lea edi, [esi + 0x3757]
mov byte [ebp - 0x25], dl
mov dword [ebp - 0x24], eax

loc_fffc3e1f:  ; not directly referenced
cmp dword [edi], 2
jne loc_fffc3f1b  ; jne 0xfffc3f1b
mov dl, byte [ebp - 0x25]
and dl, byte [edi + 0xc4]
je loc_fffc3f1b  ; je 0xfffc3f1b
mov eax, dword [ebp - 0x2c]
movzx ecx, dl
mov dword [ebp - 0x20], ecx
movzx eax, byte [eax + ebx]
push edx
push 0
push eax
push 3
push ecx
push 0
push ebx
push esi
mov dword [ebp - 0x1c], eax
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20
xor edx, edx

loc_fffc3e5c:  ; not directly referenced
mov eax, dword [ebp - 0x20]
bt eax, edx
jae short loc_fffc3e71  ; jae 0xfffc3e71
movzx edx, byte [edi + edx + 0x245]
add edx, dword [ebp - 0x1c]
jmp short loc_fffc3e79  ; jmp 0xfffc3e79

loc_fffc3e71:  ; not directly referenced
inc edx
cmp edx, 4
jne short loc_fffc3e5c  ; jne 0xfffc3e5c
xor dl, dl

loc_fffc3e79:  ; not directly referenced
push ecx
push 0
push edx
push 1
push dword [ebp - 0x20]
push 4
push ebx
push esi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x1c
mov edx, dword [ebp - 0x1c]
push 0
add edx, dword [edi + 0x111]
push edx
push 1
push dword [ebp - 0x20]
push 2
push ebx
push esi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x1c
mov edx, dword [ebp - 0x1c]
push 0
add edx, dword [edi + 0x119]
push edx
push 1
push dword [ebp - 0x20]
push 1
push ebx
push esi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20
cmp dword [ebp - 0x24], 3
jne short loc_fffc3efd  ; jne 0xfffc3efd
mov eax, dword [ebp - 0x1c]
add dword [edi + 0x111], eax
push edx
push 0
mov edx, dword [edi + 0x115]
add edx, eax
push edx
push 2
push dword [ebp - 0x20]
push 2
push ebx
push esi
call fcn_fffabc7a  ; call 0xfffabc7a
mov edx, dword [ebp - 0x1c]
add esp, 0x20
sub dword [edi + 0x111], edx

loc_fffc3efd:  ; not directly referenced
mov edx, dword [ebp - 0x1c]
push eax
push 0
add edx, dword [edi + 0x109]
push edx
push 1
push dword [ebp - 0x20]
push 3
push ebx
push esi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20

loc_fffc3f1b:  ; not directly referenced
inc ebx
add edi, 0x13c3
cmp ebx, 2
jne loc_fffc3e1f  ; jne 0xfffc3e1f
sub esp, 0xc
push esi
call fcn_fffc9f5d  ; call 0xfffc9f5d
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc3f3c:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, edx
sub esp, 0x3d0
mov edi, dword [ebp + 0xc]
mov dword [ebp - 0x3cc], ecx
mov ecx, dword [ebp + 0x14]
mov byte [ebp - 0x38e], dl
mov dl, byte [ebp + 8]
mov esi, dword [ebp + 0x10]
mov dword [ebp - 0x34c], eax
xor eax, eax
cmp bl, 0xc
mov dword [ebp - 0x37c], ecx
mov ecx, dword [ebp + 0x24]
mov dword [ebp - 0x374], edi
mov byte [ebp - 0x3a4], dl
mov edx, edi
lea edi, [ebp - 0x2e0]
mov dword [ebp - 0x380], ecx
mov ecx, dword [ebp + 0x2c]
mov byte [ebp - 0x34d], dl
mov edx, esi
mov byte [ebp - 0x364], dl
mov dl, byte [ebp + 0x20]
mov dword [ebp - 0x378], esi
mov esi, ref_fffd5578  ; mov esi, 0xfffd5578
mov dword [ebp - 0x384], ecx
mov ecx, 0xb
rep stosd  ; rep stosd dword es:[edi], eax
lea edi, [ebp - 0x321]
mov byte [ebp - 0x38f], dl
mov dl, byte [ebp + 0x28]
mov word [ebp - 0x2d8], 7
mov word [ebp - 0x2d2], 0x3ff
mov word [ebp - 0x2bc], 1
mov byte [ebp - 0x34e], dl
mov cl, 0xd
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
lea edi, [ebp - 0x302]
mov esi, ref_fffd5588  ; mov esi, 0xfffd5588
mov word [ebp - 0x2b6], 1
mov cl, 4
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov eax, dword [ebp - 0x34c]
lea edi, [ebp - 0x288]
mov esi, ref_fffd5598  ; mov esi, 0xfffd5598
mov byte [ebp - 0x33e], 0
mov byte [ebp - 0x33d], 0
mov word [ebp - 0x32c], 0
mov dword [ebp - 0x32a], 0
mov cl, 0xc
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov edi, dword [eax + 0x2444]
mov esi, 0xa
mov al, 0x14
cmovne esi, eax
push 0
mov eax, esi
push 2
mov byte [ebp - 0x3b6], al
lea eax, [ebp - 0x33a]
push eax
mov dword [ebp - 0x326], 7
mov byte [ebp - 0x322], 0
call dword [edi + 0x60]  ; ucall
add esp, 0xc
push 0
push 2
lea eax, [ebp - 0x33c]
push eax
call dword [edi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0x10
lea eax, [ebp - 0x314]
push eax
call dword [edi + 0x5c]  ; ucall
add esp, 0xc
push 0x2c
lea eax, [ebp - 0x2e0]
push eax
lea eax, [ebp - 0x2b4]
push eax
call dword [edi + 0x58]  ; ucall
add esp, 0x10
xor eax, eax

loc_fffc40b2:  ; not directly referenced
mov byte [ebp + eax - 0x335], al
inc eax
cmp eax, 9
jne short loc_fffc40b2  ; jne 0xfffc40b2
cmp bl, 0xc
sete al
mov byte [ebp - 0x34f], al
movzx eax, al
mov dword [ebp - 0x354], eax
lea eax, [ebx - 8]
cmp al, 1
setbe dl
cmp bl, 0xb
sete al
or dl, al
mov dword [ebp - 0x35c], 1
jne short loc_fffc40fe  ; jne 0xfffc40fe
xor eax, eax
cmp bl, 0xa
sete al
mov dword [ebp - 0x35c], eax

loc_fffc40fe:  ; not directly referenced
mov al, byte [ebp - 0x33d]
mov esi, dword [ebp - 0x34c]
movzx ecx, byte [ebp - 0x38e]
mov dword [ebp - 0x358], 0
mov byte [ebp - 0x360], al
mov al, byte [ebp - 0x33e]
add esi, 0x381b
mov dword [ebp - 0x388], ecx

loc_fffc4133:  ; not directly referenced
mov cl, byte [esi]
test cl, cl
je loc_fffc41f7  ; je 0xfffc41f7
mov dl, cl
and edx, 0xc
cmp dl, 0xc
je short loc_fffc415d  ; je 0xfffc415d
mov dl, cl
and edx, 3
cmp dl, 3
sete dl
movzx edx, dl
mov dword [ebp - 0x370], edx
jmp short loc_fffc4167  ; jmp 0xfffc4167

loc_fffc415d:  ; not directly referenced
mov dword [ebp - 0x370], 1

loc_fffc4167:  ; not directly referenced
test byte [ebp - 0x34e], cl
je loc_fffc41f7  ; je 0xfffc41f7
mov cl, byte [ebp - 0x358]
mov edx, 1
shl edx, cl
mov ecx, dword [ebp - 0x388]
mov dword [ebp - 0x368], edx
mov cl, byte [ebp + ecx - 0x321]
mov byte [ebp - 0x36c], cl
and cl, 2
je short loc_fffc41b9  ; je 0xfffc41b9
mov cl, byte [ebp - 0x360]
mov dl, byte [ebp - 0x368]
or edx, ecx
cmp dword [esi - 4], 2
cmove ecx, edx
mov byte [ebp - 0x360], cl

loc_fffc41b9:  ; not directly referenced
test byte [ebp - 0x36c], 1
je short loc_fffc41cb  ; je 0xfffc41cb
cmp dword [ebp - 0x370], 0
jne short loc_fffc41d4  ; jne 0xfffc41d4

loc_fffc41cb:  ; not directly referenced
cmp dword [ebp - 0x354], 0
je short loc_fffc41da  ; je 0xfffc41da

loc_fffc41d4:  ; not directly referenced
or eax, dword [ebp - 0x368]

loc_fffc41da:  ; not directly referenced
cmp dword [ebp - 0x35c], 0
je short loc_fffc41f7  ; je 0xfffc41f7
mov edx, dword [ebp - 0x358]
movzx ecx, al
bt ecx, edx
jb short loc_fffc41f7  ; jb 0xfffc41f7
or eax, dword [ebp - 0x368]

loc_fffc41f7:  ; not directly referenced
inc dword [ebp - 0x358]
add esi, 0x13c3
cmp dword [ebp - 0x358], 2
jne loc_fffc4133  ; jne 0xfffc4133
mov dl, byte [ebp - 0x360]
mov cl, byte [ebp - 0x374]
cmp byte [ebp - 0x378], cl
mov byte [ebp - 0x33e], al
mov byte [ebp - 0x33d], dl
setle cl
or al, dl
mov byte [ebp - 0x358], al
sete al
or cl, al
je short loc_fffc424a  ; je 0xfffc424a

loc_fffc4240:  ; not directly referenced
mov eax, 1
jmp near loc_fffc4f9d  ; jmp 0xfffc4f9d

loc_fffc424a:  ; not directly referenced
mov eax, dword [ebp - 0x34c]
mov byte [eax + 0x248c], 3
lea eax, [ebx - 6]
cmp al, 1
ja short loc_fffc4279  ; ja 0xfffc4279
mov eax, dword [ebp - 0x34c]
mov edx, 1
mov ecx, 4
mov byte [eax + 0x248c], 5
mov al, 0xd
jmp short loc_fffc429b  ; jmp 0xfffc429b

loc_fffc4279:  ; not directly referenced
cmp dword [ebp - 0x35c], 0
je short loc_fffc42a2  ; je 0xfffc42a2
mov eax, dword [ebp - 0x34c]
mov edx, 1
mov ecx, 5
mov byte [eax + 0x248c], 6
mov al, 0xd

loc_fffc429b:  ; not directly referenced
mov esi, 0x80
jmp short loc_fffc42c4  ; jmp 0xfffc42c4

loc_fffc42a2:  ; not directly referenced
cmp byte [ebp - 0x34f], 1
sbb eax, eax
xor edx, edx
and eax, 0xfffffffd
xor ecx, ecx
add eax, 0x10
cmp byte [ebp - 0x34f], 1
sbb esi, esi
and esi, 0x7c
add esi, 4

loc_fffc42c4:  ; not directly referenced
movzx eax, al
movzx esi, si
mov dword [ebp - 0x35c], ebx
mov ebx, dword [ebp - 0x34c]
mov word [ebp - 0x32c], ax
movzx eax, byte [ebp - 0x37c]
mov dword [ebp - 0x2a0], edx
mov dword [ebp - 0x294], edx
mov bl, byte [ebx + 0x248c]
mov edx, eax
movzx eax, byte [ebp - 0x358]
push 0
push 0
push 0
mov byte [ebp - 0x322], bl
mov ebx, eax
mov dword [ebp - 0x3a0], eax
lea eax, [ebp - 0x32c]
push eax
push 0
lea eax, [ebp - 0x2b4]
push eax
push edx
push esi
mov dword [ebp - 0x358], edx
mov edx, ebx
mov ebx, dword [ebp - 0x34c]
mov eax, ebx
call fcn_fffae425  ; call 0xfffae425
add esp, 0x20
lea eax, [esi - 1]
mov esi, ebx
call fcn_fffb396b  ; call 0xfffb396b
mov cl, byte [ebp - 0x358]
mov edx, 1
sub ecx, eax
mov eax, edx
shl eax, cl
mov ecx, eax
mov al, 1
test cl, cl
cmovg eax, ecx
mov byte [ebx + 0x248d], al
mov ebx, dword [ebp - 0x35c]
movzx ecx, byte [esi + 0x2489]
mov dword [ebp - 0x35c], 0
lea eax, [ebx - 0xa]
cmp al, 1
mov byte [ebp - 0x3b5], al
setbe al
movzx eax, al
shl edx, cl
cmp bl, 0xa
mov bl, byte [ebp - 0x364]
mov dword [ebp - 0x38c], eax
lea eax, [edx - 1]
mov dl, byte [ebp - 0x34d]
mov word [ebp - 0x3a2], ax
sete al
lea eax, [eax + eax - 1]
mov cl, al
mov byte [ebp - 0x358], al
mov al, byte [ebp - 0x378]
cmove eax, edx
mov dl, al
mov byte [ebp - 0x34d], al
mov al, byte [ebp - 0x374]
cmove eax, ebx
add esi, 0x3757
mov byte [ebp - 0x364], al
mov al, byte [ebp - 0x384]
imul eax, ecx
sub edx, eax
mov byte [ebp - 0x350], al
movzx eax, dl
mov dword [ebp - 0x36c], eax

loc_fffc43ff:  ; not directly referenced
cmp dword [esi], 2
je short loc_fffc4476  ; je 0xfffc4476

loc_fffc4404:  ; not directly referenced
add dword [ebp - 0x35c], 9
add esi, 0x13c3
cmp dword [ebp - 0x35c], 0x12
jne short loc_fffc43ff  ; jne 0xfffc43ff
movzx eax, byte [ebp - 0x380]
movzx edi, byte [ebp - 0x38e]
mov dword [ebp - 0x37c], 0
mov dword [ebp - 0x3b0], eax
imul eax, eax, 0x90
mov dword [ebp - 0x398], edi
movzx edi, byte [ebp - 0x34e]
mov dword [ebp - 0x3c4], eax
mov al, byte [ebp - 0x364]
mov dword [ebp - 0x39c], edi
mov byte [ebp - 0x36c], al
mov al, byte [ebp - 0x34d]
mov byte [ebp - 0x374], al
xor eax, eax
jmp near loc_fffc469c  ; jmp 0xfffc469c

loc_fffc4476:  ; not directly referenced
mov ebx, dword [ebp - 0x34c]
push ecx
push dword [ebp - 0x36c]
movzx eax, byte [ebx + 0x2489]
push eax
mov eax, dword [ebp - 0x35c]
lea eax, [ebp + eax - 0x2f2]
push eax
call dword [edi + 0x5c]  ; ucall
mov al, byte [ebx + 0x2489]
add esp, 0x10
xor edx, edx
mov byte [ebp - 0x368], al

loc_fffc44ad:  ; not directly referenced
cmp dl, byte [ebp - 0x368]
je loc_fffc4404  ; je 0xfffc4404
movzx ecx, dl
add ecx, dword [ebp - 0x35c]
lea eax, [ebp - 0x258]
mov byte [ebp - 0x360], 0
add ecx, ecx
add ecx, eax
xor eax, eax

loc_fffc44d5:  ; not directly referenced
mov bl, byte [ebp - 0x3a4]
cmp byte [ebp - 0x360], bl
je short loc_fffc4523  ; je 0xfffc4523
mov bl, byte [ebp - 0x38f]
test bl, bl
je short loc_fffc4516  ; je 0xfffc4516
mov word [ecx + eax], 0x500
cmp bl, 1
jbe short loc_fffc44ff  ; jbe 0xfffc44ff
mov word [ecx + eax + 0x24], 0x500

loc_fffc44ff:  ; not directly referenced
cmp byte [ebp - 0x38f], 1
mov word [ecx + eax + 0x48], 0x500
jbe short loc_fffc4516  ; jbe 0xfffc4516
mov word [ecx + eax + 0x6c], 0x500

loc_fffc4516:  ; not directly referenced
inc byte [ebp - 0x360]
add eax, 0x90
jmp short loc_fffc44d5  ; jmp 0xfffc44d5

loc_fffc4523:  ; not directly referenced
inc edx
jmp short loc_fffc44ad  ; jmp 0xfffc44ad

loc_fffc4526:  ; not directly referenced
test al, al
jne loc_fffc46b8  ; jne 0xfffc46b8
mov al, byte [ebp - 0x34d]
sub eax, dword [ebp - 0x374]
imul eax, dword [ebp - 0x358]
mov byte [ebp - 0x38d], al
dec al
sete al
test byte [ebp - 0x34f], al
je short loc_fffc4578  ; je 0xfffc4578
mov al, byte [ebp - 0x36c]
add ecx, dword [ebp - 0x374]
neg byte [ebp - 0x358]
mov byte [ebp - 0x374], dl
mov byte [ebp - 0x34d], al
mov byte [ebp - 0x36c], cl

loc_fffc4578:  ; not directly referenced
movzx eax, byte [ebp - 0x34d]
xor esi, esi
mov edi, eax
shl edi, 0x18
mov dword [ebp - 0x360], edi
mov edi, 0x48dc
mov dword [ebp - 0x368], eax

loc_fffc4597:  ; not directly referenced
imul eax, esi, 0x13c3
mov ebx, dword [ebp - 0x34c]
mov al, byte [ebx + eax + 0x381b]
mov ebx, dword [ebp - 0x3a0]
bt ebx, esi
jb loc_fffc46e2  ; jb 0xfffc46e2

loc_fffc45b9:  ; not directly referenced
inc esi
add edi, 8
cmp esi, 2
jne short loc_fffc4597  ; jne 0xfffc4597
mov al, byte [ebp - 0x34d]
sub eax, dword [ebp - 0x358]
mov dword [ebp - 0x3a8], 0
mov dword [ebp - 0x368], 0
mov byte [ebp - 0x390], al
mov al, byte [ebp - 0x350]
sub byte [ebp - 0x390], al

loc_fffc45f4:  ; not directly referenced
mov eax, dword [ebp - 0x368]
movzx eax, byte [ebp + eax - 0x33e]
mov byte [ebp - 0x3a3], al
test al, al
je loc_fffc4e37  ; je 0xfffc4e37
mov dword [ebp - 0x35c], eax
xor esi, esi
imul eax, dword [ebp - 0x368], 6
mov dword [ebp - 0x364], eax

loc_fffc4625:  ; not directly referenced
mov eax, dword [ebp - 0x35c]
bt eax, esi
jb loc_fffc4802  ; jb 0xfffc4802

loc_fffc4634:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffc4625  ; jne 0xfffc4625
mov eax, dword [ebp - 0x35c]
mov byte [ebp - 0x360], 0
and eax, 2
mov dword [ebp - 0x3b4], eax
mov eax, dword [ebp + 0x1c]
mov dword [ebp - 0x394], eax

loc_fffc4659:  ; not directly referenced
mov al, byte [ebp - 0x394]
sub eax, dword [ebp + 0x1c]
mov byte [ebp - 0x364], al
cmp al, byte [ebp - 0x38f]
jae short loc_fffc467d  ; jae 0xfffc467d
cmp byte [ebp - 0x360], 0
je loc_fffc48b2  ; je 0xfffc48b2

loc_fffc467d:  ; not directly referenced
cmp dword [ebp - 0x368], 1
jne loc_fffc4e43  ; jne 0xfffc4e43

loc_fffc468a:  ; not directly referenced
mov al, byte [ebp - 0x358]
add byte [ebp - 0x34d], al
mov al, byte [ebp - 0x360]

loc_fffc469c:  ; not directly referenced
mov edi, dword [ebp - 0x358]
mov dl, byte [ebp - 0x36c]
mov ecx, edi
add edx, edi
cmp byte [ebp - 0x34d], dl
jne loc_fffc4526  ; jne 0xfffc4526

loc_fffc46b8:  ; not directly referenced
cmp dword [ebp - 0x354], 1
jne loc_fffc4e66  ; jne 0xfffc4e66
mov al, byte [ebp - 0x374]
add eax, dword [ebp - 0x358]
neg byte [ebp - 0x358]
mov byte [ebp - 0x36c], al
jmp near loc_fffc4e66  ; jmp 0xfffc4e66

loc_fffc46e2:  ; not directly referenced
and al, byte [ebp - 0x34e]
mov byte [ebp - 0x364], al
je loc_fffc45b9  ; je 0xfffc45b9
mov ebx, dword [ebp - 0x34c]
mov edx, edi
mov eax, ebx
call fcn_fffb331f  ; call 0xfffb331f
mov edx, edi
mov dword [ebp - 0x34c], ebx
xor al, al
or eax, dword [ebp - 0x398]
mov ecx, eax
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp - 0x34c]
lea ebx, [edi - 4]
mov edx, ebx
call fcn_fffb331f  ; call 0xfffb331f
mov edx, ebx
lea ebx, [edi + 0x10]
and eax, 0xffffff
or eax, dword [ebp - 0x360]
mov ecx, eax
mov eax, dword [ebp - 0x34c]
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp - 0x34c]
mov edx, ebx
call fcn_fffb331f  ; call 0xfffb331f
mov edx, ebx
lea ebx, [edi + 0xc]
xor al, al
or eax, dword [ebp - 0x398]
mov ecx, eax
mov eax, dword [ebp - 0x34c]
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp - 0x34c]
mov edx, ebx
call fcn_fffb331f  ; call 0xfffb331f
mov edx, ebx
and eax, 0xffffff
or eax, dword [ebp - 0x360]
mov ecx, eax
mov eax, dword [ebp - 0x34c]
call fcn_fffb3381  ; call 0xfffb3381
cmp dword [ebp - 0x38c], 0
mov byte [ebp - 0x35c], 1
je short loc_fffc47b9  ; je 0xfffc47b9
mov eax, dword [ebp - 0x34c]
mov al, byte [eax + 0x2489]
mov byte [ebp - 0x35c], al

loc_fffc47b9:  ; not directly referenced
movzx eax, byte [ebp - 0x364]
xor ebx, ebx
mov dword [ebp - 0x364], eax

loc_fffc47c8:  ; not directly referenced
cmp byte [ebp - 0x35c], bl
jbe loc_fffc45b9  ; jbe 0xfffc45b9
sub esp, 0xc
mov eax, dword [ebp - 0x34c]
mov ecx, ebx
push dword [ebp - 0x364]
mov edx, esi
inc ebx
push 0
push 0
push dword [ebp - 0x368]
push dword [ebp - 0x398]
call fcn_fffb4652  ; call 0xfffb4652
add esp, 0x20
jmp short loc_fffc47c8  ; jmp 0xfffc47c8

loc_fffc4802:  ; not directly referenced
imul eax, esi, 0x13c3
mov edi, dword [ebp - 0x34c]
mov dl, byte [ebp - 0x34e]
and dl, byte [edi + eax + 0x381b]
je loc_fffc4634  ; je 0xfffc4634
cmp dword [ebp - 0x354], 0
mov eax, 0x3210
jne short loc_fffc484c  ; jne 0xfffc484c
movzx ecx, dl
movzx ecx, byte [ebp + ecx - 0x302]
cmp cl, 0xf
je short loc_fffc484c  ; je 0xfffc484c
add ecx, dword [ebp - 0x364]
mov eax, dword [ebp + ecx*4 - 0x288]

loc_fffc484c:  ; not directly referenced
mov dword [ebp - 0x360], 0
xor ebx, ebx
movzx edx, dl

loc_fffc485b:  ; not directly referenced
test eax, eax
je short loc_fffc4881  ; je 0xfffc4881
mov cl, al
and ecx, 0xf
shr eax, 4
bt edx, ecx
movzx edi, cl
jae short loc_fffc485b  ; jae 0xfffc485b
lea ecx, [ebx*4]
inc ebx
shl edi, cl
or dword [ebp - 0x360], edi
jmp short loc_fffc485b  ; jmp 0xfffc485b

loc_fffc4881:  ; not directly referenced
mov edi, dword [ebp - 0x34c]
lea edx, [esi*4 + 0x4930]
dec ebx
mov ecx, dword [ebp - 0x360]
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
movzx ecx, bl
mov eax, edi
lea edx, [esi*8 + 0x48ef]
call fcn_fffb335b  ; call 0xfffb335b
jmp near loc_fffc4634  ; jmp 0xfffc4634

loc_fffc48b2:  ; not directly referenced
mov eax, dword [ebp - 0x394]
cmp dword [ebp - 0x354], 0
mov bl, byte [eax]
je short loc_fffc4906  ; je 0xfffc4906
mov edi, dword [ebp - 0x360]
lea ecx, [ebp - 0x33c]
test byte [ebp - 0x3a3], 1
mov edx, dword [ebp - 0x39c]
mov eax, edi
cmovne eax, ebx
cmp dword [ebp - 0x3b4], 0
mov byte [ebp - 0x33c], al
mov eax, edi
cmovne eax, ebx
mov byte [ebp - 0x33b], al
mov eax, dword [ebp - 0x34c]
call fcn_fffc3dfd  ; call 0xfffc3dfd
jmp short loc_fffc4976  ; jmp 0xfffc4976

loc_fffc4906:  ; not directly referenced
cmp byte [ebp - 0x368], 1
movzx eax, bl
jne short loc_fffc493f  ; jne 0xfffc493f
mov esi, dword [ebp - 0x35c]
sub esp, 0xc
mov ecx, 3
mov edi, dword [ebp - 0x34c]
neg ebx
push eax
mov edx, esi
mov eax, edi
call fcn_fffcff73  ; call 0xfffcff73
movzx eax, bl
mov ecx, 0xc
mov dword [esp], eax
jmp short loc_fffc496a  ; jmp 0xfffc496a

loc_fffc493f:  ; not directly referenced
mov esi, dword [ebp - 0x35c]
sub esp, 0xc
mov ecx, 5
mov edi, dword [ebp - 0x34c]
neg ebx
push eax
mov edx, esi
mov eax, edi
call fcn_fffcff73  ; call 0xfffcff73
movzx eax, bl
mov ecx, 0xa
mov dword [esp], eax

loc_fffc496a:  ; not directly referenced
mov edx, esi
mov eax, edi
call fcn_fffcff73  ; call 0xfffcff73
add esp, 0x10

loc_fffc4976:  ; not directly referenced
movzx ebx, byte [ebp - 0x364]
mov dword [ebp - 0x388], 0
imul ebx, ebx, 0x24
add ebx, dword [ebp - 0x3a8]
mov dword [ebp - 0x3c8], ebx

loc_fffc4996:  ; not directly referenced
mov al, byte [ebp - 0x388]
cmp byte [ebp - 0x3a4], al
jbe loc_fffc4ddd  ; jbe 0xfffc4ddd
mov eax, dword [ebp - 0x3cc]
mov edi, dword [ebp - 0x388]
mov bl, byte [eax + edi]
test bl, bl
je loc_fffc4240  ; je 0xfffc4240
movzx eax, bl
mov dword [ebp - 0x378], eax
mov byte [ebp - 0x370], 0
cmp bl, 0x21
ja short loc_fffc49e0  ; ja 0xfffc49e0
mov al, byte [eax + ref_fffd58e0]  ; mov al, byte [eax - 0x2a720]
mov byte [ebp - 0x370], al

loc_fffc49e0:  ; not directly referenced
mov esi, dword [ebp - 0x34c]
xor ecx, ecx
mov edx, dword [ebp - 0x378]
mov eax, esi
call fcn_fffaab72  ; call 0xfffaab72
cmp dword [esi + 0x2481], 2
mov word [ebp - 0x3b8], ax
jne short loc_fffc4a1a  ; jne 0xfffc4a1a
cmp bl, 0x11
sete dl
cmp bl, 5
sete al
or dl, al
jne short loc_fffc4a54  ; jne 0xfffc4a54
cmp bl, 0x21
je short loc_fffc4a54  ; je 0xfffc4a54

loc_fffc4a1a:  ; not directly referenced
cmp bl, 0x10
sete dl
cmp bl, 4
sete al
or dl, al
jne short loc_fffc4a58  ; jne 0xfffc4a58
cmp bl, 5
sete dl
cmp bl, 0x20
sete al
or dl, al
jne short loc_fffc4a58  ; jne 0xfffc4a58
cmp bl, 0x21
sete al
cmp bl, 0x11
sete dl
or eax, edx
cmp al, 1
sbb ebx, ebx
and ebx, 0xffffffe9
add ebx, 0x36
jmp short loc_fffc4a5a  ; jmp 0xfffc4a5a

loc_fffc4a54:  ; not directly referenced
mov bl, 0x25
jmp short loc_fffc4a5a  ; jmp 0xfffc4a5a

loc_fffc4a58:  ; not directly referenced
mov bl, 0x36

loc_fffc4a5a:  ; not directly referenced
xor eax, eax
mov dl, 1

loc_fffc4a5e:  ; not directly referenced
mov esi, dword [ebp - 0x35c]
bt esi, eax
jae short loc_fffc4ab7  ; jae 0xfffc4ab7
imul esi, eax, 0x13c3
mov edi, dword [ebp - 0x34c]
mov cl, byte [ebp - 0x34e]
test byte [edi + esi + 0x381b], cl
je short loc_fffc4ab7  ; je 0xfffc4ab7
cmp byte [ebp - 0x3b5], 2
ja short loc_fffc4aa6  ; ja 0xfffc4aa6
mov di, word [ebp - 0x3a2]
cmp word [ebp + eax*2 - 0x33a], di
mov edi, 0
cmovne edx, edi
jmp short loc_fffc4ab7  ; jmp 0xfffc4ab7

loc_fffc4aa6:  ; not directly referenced
cmp word [ebp + eax*2 - 0x33a], 0
mov edi, 0
cmove edx, edi

loc_fffc4ab7:  ; not directly referenced
inc eax
cmp eax, 2
jne short loc_fffc4a5e  ; jne 0xfffc4a5e
test dl, dl
jne loc_fffc4dd6  ; jne 0xfffc4dd6
mov edi, dword [ebp - 0x34c]
mov ecx, dword [ebp - 0x378]
push edx
push edx
mov eax, edi
add eax, 0x2491
push 0xf
mov edx, eax
push 0
mov esi, eax
mov dword [ebp - 0x3bc], eax
mov eax, edi
call fcn_fffa7e1a  ; call 0xfffa7e1a
add esp, 0x10
test eax, eax
jne loc_fffc4f9d  ; jne 0xfffc4f9d
push eax
movzx ebx, bl
mov ecx, dword [ebp - 0x35c]
push eax
mov edx, esi
lea eax, [ebp - 0x314]
push eax
push ebx
lea eax, [ebp - 0x335]
push eax
mov eax, edi
push dword [ebp - 0x378]
push 0xff
push dword [ebp - 0x3b0]
call fcn_fffd16df  ; call 0xfffd16df
add esp, 0x20
mov dword [ebp - 0x37c], eax
test eax, eax
jne loc_fffc4f97  ; jne 0xfffc4f97
imul eax, dword [ebp - 0x388], 0x90
mov esi, 0x64
add eax, dword [ebp - 0x3c8]
mov bl, byte [ebp - 0x370]
lea edi, [ebp - 0x2f2]
mov dword [ebp - 0x364], edi
lea eax, [ebp + eax - 0x258]
mov dword [ebp - 0x384], eax
movzx eax, byte [ebp - 0x3b6]
movzx edi, bl
imul edi, edi, 0x240
add edi, dword [ebp + 0x18]
add edi, dword [ebp - 0x3c4]
sub esi, eax
mov byte [ebp - 0x380], 1
mov dword [ebp - 0x3d4], esi
mov dword [ebp - 0x3ac], edi
xor edi, edi

loc_fffc4ba3:  ; not directly referenced
imul eax, edi, 0x13c3
mov esi, dword [ebp - 0x34c]
mov al, byte [esi + eax + 0x381b]
mov esi, dword [ebp - 0x35c]
bt esi, edi
jae loc_fffc4d7a  ; jae 0xfffc4d7a
test byte [ebp - 0x34e], al
je loc_fffc4d7a  ; je 0xfffc4d7a
mov eax, dword [ebp - 0x34c]
xor ecx, ecx
mov al, byte [eax + 0x2489]
mov byte [ebp - 0x3bf], al

loc_fffc4be5:  ; not directly referenced
cmp byte [ebp - 0x3bf], cl
jbe loc_fffc4d7a  ; jbe 0xfffc4d7a
mov eax, dword [ebp - 0x3ac]
mov dword [ebp - 0x370], 1
shl dword [ebp - 0x370], cl
movzx ebx, word [eax + ecx*8 + 4]
movzx edx, word [eax + ecx*8]
mov esi, ebx
lea eax, [ebx + edx]
sub esi, edx
add eax, eax
mov word [ebp - 0x3be], ax
sub eax, esi
add si, word [ebp - 0x3be]
cmp bx, dx
mov ebx, dword [ebp - 0x370]
cmovbe eax, esi
mov si, word [ebp + edi*2 - 0x33a]
and bx, si
mov word [ebp - 0x3be], bx
je short loc_fffc4c56  ; je 0xfffc4c56
cmp dword [ebp - 0x354], 0
je loc_fffc4d74  ; je 0xfffc4d74

loc_fffc4c56:  ; not directly referenced
mov edx, eax
mov ebx, 2
sar dx, 0xf
idiv bx
cmp ax, word [ebp - 0x3b8]
jae short loc_fffc4cae  ; jae 0xfffc4cae
cmp dword [ebp - 0x354], 1
jne loc_fffc4d0a  ; jne 0xfffc4d0a
cmp byte [ebp - 0x38d], 0
mov byte [ebp - 0x380], 0
jne loc_fffc4d74  ; jne 0xfffc4d74
mov ax, word [ebp - 0x3a2]
mov word [ebp + edi*2 - 0x33a], ax
mov al, byte [ebp - 0x38d]
mov byte [ebp - 0x380], al
jmp near loc_fffc4d74  ; jmp 0xfffc4d74

loc_fffc4cae:  ; not directly referenced
cmp byte [ebp - 0x38d], 0
jne short loc_fffc4cd0  ; jne 0xfffc4cd0
mov esi, dword [ebp - 0x384]
cmp word [esi + ecx*2], ax
jbe loc_fffc4d74  ; jbe 0xfffc4d74
mov word [esi + ecx*2], ax
jmp near loc_fffc4d74  ; jmp 0xfffc4d74

loc_fffc4cd0:  ; not directly referenced
movzx eax, ax
mov ebx, 0x64
mov dword [ebp - 0x3d0], eax
mov eax, dword [ebp - 0x384]
movzx eax, word [eax + ecx*2]
imul eax, dword [ebp - 0x3d4]
cdq
idiv ebx
cmp dword [ebp - 0x3d0], eax
jge short loc_fffc4d26  ; jge 0xfffc4d26
cmp dword [ebp - 0x354], 0
mov byte [ebp - 0x380], 0
jne short loc_fffc4d74  ; jne 0xfffc4d74

loc_fffc4d0a:  ; not directly referenced
or esi, dword [ebp - 0x370]
mov al, byte [ebp - 0x390]
mov word [ebp + edi*2 - 0x33a], si
mov esi, dword [ebp - 0x364]
jmp short loc_fffc4d71  ; jmp 0xfffc4d71

loc_fffc4d26:  ; not directly referenced
cmp dword [ebp - 0x354], 1
jne short loc_fffc4d5f  ; jne 0xfffc4d5f
mov ebx, dword [ebp - 0x370]
cmp word [ebp - 0x3be], bx
je short loc_fffc4d74  ; je 0xfffc4d74
mov al, byte [ebp - 0x34d]
or esi, ebx
mov edx, dword [ebp - 0x364]
sub eax, dword [ebp - 0x350]
mov word [ebp + edi*2 - 0x33a], si
mov byte [edx + ecx], al
jmp short loc_fffc4d74  ; jmp 0xfffc4d74

loc_fffc4d5f:  ; not directly referenced
mov al, byte [ebp - 0x34d]
mov esi, dword [ebp - 0x364]
sub eax, dword [ebp - 0x350]

loc_fffc4d71:  ; not directly referenced
mov byte [esi + ecx], al

loc_fffc4d74:  ; not directly referenced
inc ecx
jmp near loc_fffc4be5  ; jmp 0xfffc4be5

loc_fffc4d7a:  ; not directly referenced
inc edi
add dword [ebp - 0x384], 0x12
add dword [ebp - 0x364], 9
add dword [ebp - 0x3ac], 0x48
cmp edi, 2
jne loc_fffc4ba3  ; jne 0xfffc4ba3
cmp byte [ebp - 0x380], 0
je short loc_fffc4dcb  ; je 0xfffc4dcb
sub esp, 0xc
mov ecx, dword [ebp - 0x378]
push dword [ebp - 0x3b0]
mov edx, dword [ebp - 0x3bc]
mov eax, dword [ebp - 0x34c]
call fcn_fffa7d46  ; call 0xfffa7d46
add esp, 0x10
mov dword [ebp - 0x37c], eax

loc_fffc4dcb:  ; not directly referenced
inc dword [ebp - 0x388]
jmp near loc_fffc4996  ; jmp 0xfffc4996

loc_fffc4dd6:  ; not directly referenced
mov byte [ebp - 0x360], 1

loc_fffc4ddd:  ; not directly referenced
cmp dword [ebp - 0x354], 0
je short loc_fffc4e0d  ; je 0xfffc4e0d
mov edx, dword [ebp - 0x39c]
lea ecx, [ebp - 0x33c]
mov eax, dword [ebp - 0x34c]
mov byte [ebp - 0x33c], 0
mov byte [ebp - 0x33b], 0
call fcn_fffc3dfd  ; call 0xfffc3dfd
jmp short loc_fffc4e2c  ; jmp 0xfffc4e2c

loc_fffc4e0d:  ; not directly referenced
mov ecx, dword [ebp - 0x39c]
sub esp, 0xc
mov edx, dword [ebp - 0x35c]
mov eax, dword [ebp - 0x34c]
push 0
call fcn_fffcff73  ; call 0xfffcff73
add esp, 0x10

loc_fffc4e2c:  ; not directly referenced
inc dword [ebp - 0x394]
jmp near loc_fffc4659  ; jmp 0xfffc4659

loc_fffc4e37:  ; not directly referenced
mov byte [ebp - 0x360], 0
jmp near loc_fffc467d  ; jmp 0xfffc467d

loc_fffc4e43:  ; not directly referenced
add dword [ebp - 0x3a8], 0x48
cmp byte [ebp - 0x360], 0
jne loc_fffc468a  ; jne 0xfffc468a
mov dword [ebp - 0x368], 1
jmp near loc_fffc45f4  ; jmp 0xfffc45f4

loc_fffc4e66:  ; not directly referenced
movzx eax, byte [ebp - 0x38e]
xor esi, esi
mov dword [ebp - 0x35c], eax

loc_fffc4e75:  ; not directly referenced
mov eax, dword [ebp - 0x3a0]
bt eax, esi
jae loc_fffc4f8d  ; jae 0xfffc4f8d
imul eax, esi, 0x13c3
mov edi, dword [ebp - 0x34c]
mov bl, byte [ebp - 0x34e]
and bl, byte [edi + eax + 0x381b]
mov byte [ebp - 0x354], bl
je loc_fffc4f8d  ; je 0xfffc4f8d
movzx ebx, byte [ebp - 0x36c]
lea edi, [esi + esi*8]
lea eax, [ebp - 0x18]
mov byte [ebp - 0x34d], 0
add edi, eax

loc_fffc4ebf:  ; not directly referenced
mov ecx, dword [ebp - 0x34c]
mov al, byte [ebp - 0x34d]
cmp al, byte [ecx + 0x2489]
jae loc_fffc4f5c  ; jae 0xfffc4f5c
cmp byte [ebp - 0x358], 1
jne short loc_fffc4ef6  ; jne 0xfffc4ef6
movzx eax, byte [ebp - 0x34d]
movzx eax, byte [eax + edi - 0x2da]
cmp bl, al
cmovg ebx, eax
jmp short loc_fffc4f13  ; jmp 0xfffc4f13

loc_fffc4ef6:  ; not directly referenced
cmp byte [ebp - 0x358], 0xff
jne short loc_fffc4f13  ; jne 0xfffc4f13
movzx eax, byte [ebp - 0x34d]
movzx eax, byte [eax + edi - 0x2da]
cmp bl, al
cmovl ebx, eax

loc_fffc4f13:  ; not directly referenced
cmp dword [ebp - 0x38c], 0
je short loc_fffc4f51  ; je 0xfffc4f51
movzx eax, byte [ebp - 0x354]
sub esp, 0xc
mov edx, esi
movzx ecx, byte [ebp - 0x34d]
push eax
push 1
push 1
movzx eax, byte [ecx + edi - 0x2da]
push eax
mov eax, dword [ebp - 0x34c]
push dword [ebp - 0x35c]
call fcn_fffb4652  ; call 0xfffb4652
add esp, 0x20

loc_fffc4f51:  ; not directly referenced
inc byte [ebp - 0x34d]
jmp near loc_fffc4ebf  ; jmp 0xfffc4ebf

loc_fffc4f5c:  ; not directly referenced
cmp dword [ebp - 0x38c], 0
jne short loc_fffc4f8d  ; jne 0xfffc4f8d
movzx eax, byte [ebp - 0x354]
sub esp, 0xc
xor ecx, ecx
mov edx, esi
push eax
mov eax, dword [ebp - 0x34c]
push 1
push 1
push ebx
push dword [ebp - 0x35c]
call fcn_fffb4652  ; call 0xfffb4652
add esp, 0x20

loc_fffc4f8d:  ; not directly referenced
inc esi
cmp esi, 2
jne loc_fffc4e75  ; jne 0xfffc4e75

loc_fffc4f97:  ; not directly referenced
mov eax, dword [ebp - 0x37c]

loc_fffc4f9d:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc4fa5:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
xor ebx, ebx
sub esp, 0x2c
mov eax, dword [ebp + 8]
mov byte [ebp - 0x1c], 4
mov byte [ebp - 0x1b], 1
mov byte [ebp - 0x1a], 5
mov eax, dword [eax + 0x5edd]
mov byte [ebp - 0x19], 2
mov byte [ebp - 0x22], 4
mov byte [ebp - 0x21], 1
lea edx, [eax + 0x1c]
xor eax, eax
mov byte [ebp - 0x20], 5
mov byte [ebp - 0x1f], 2
mov byte [ebp - 0x1e], 0xf9
mov byte [ebp - 0x1d], 7
mov dword [ebp - 0x30], 0
mov dword [ebp - 0x2c], 0

loc_fffc4ff4:  ; not directly referenced
mov edi, dword [ebp + 8]
mov cl, byte [edi + eax + 0x381b]
test cl, cl
je short loc_fffc505c  ; je 0xfffc505c
cmp dword [ebp - 0x2c], 0
mov ebx, 1
jne short loc_fffc501a  ; jne 0xfffc501a
xor ebx, ebx
cmp dword [edi + eax + 0x3817], 2
sete bl

loc_fffc501a:  ; not directly referenced
cmp dword [ebp - 0x30], 0
mov edi, 1
mov dword [ebp - 0x2c], ebx
jne short loc_fffc5041  ; jne 0xfffc5041
mov esi, ecx
and esi, 0xc
mov ebx, esi
cmp bl, 0xc
je short loc_fffc5041  ; je 0xfffc5041
and ecx, 3
xor ebx, ebx
cmp cl, 3
sete bl
mov edi, ebx

loc_fffc5041:  ; not directly referenced
movzx ecx, byte [edx + 0xa5]
mov bl, byte [edx + 0xa4]
mov dword [ebp - 0x30], edi
and ecx, 3
shr bl, 6
shl ecx, 2
or ebx, ecx

loc_fffc505c:  ; not directly referenced
add eax, 0x13c3
add edx, 0xcc
cmp eax, 0x2786
jne short loc_fffc4ff4  ; jne 0xfffc4ff4
mov eax, dword [ebp + 8]
mov edx, 1
lea edi, [ebp - 0x1e]
call fcn_fffaa9ee  ; call 0xfffaa9ee
mov eax, dword [ebp + 8]
mov edx, 0xa
lea esi, [eax + 0x2491]
push ecx
push ecx
push 1
push 0xf
push 0
push 2
push edi
push esi
push 0xc
push 3
push 0
push 2
lea ecx, [ebp - 0x22]
call fcn_fffc3f3c  ; call 0xfffc3f3c
add esp, 0x28
mov eax, dword [ebp + 8]
push 1
mov edx, 0xb
push 0xf
push 0
push 2
push edi
push esi
push 0xc
push 0
push 0xfffffffffffffffe
push 2
lea ecx, [ebp - 0x22]
call fcn_fffc3f3c  ; call 0xfffc3f3c
add esp, 0x30
cmp dword [ebp - 0x2c], 0
je short loc_fffc5151  ; je 0xfffc5151
push edx
mov eax, dword [ebp + 8]
push edx
mov edx, 1
push 0
push 0xf
push 0
push 2
push edi
push esi
push 0xc
push 7
push 6
push 2
lea ecx, [ebp - 0x22]
call fcn_fffc3f3c  ; call 0xfffc3f3c
add esp, 0x28
mov eax, dword [ebp + 8]
push 0
mov edx, 3
push 0xf
push 0
push 2
push edi
push esi
push 0xc
push 8
push 7
push 2
lea ecx, [ebp - 0x20]
call fcn_fffc3f3c  ; call 0xfffc3f3c
add esp, 0x28
mov edx, 7
push 0
push 0xf
push 0
push 2
push edi
push esi
lea eax, [ebx + 1]
push 0xc
movsx eax, al
push eax
lea eax, [ebx - 1]
movsx eax, al
push eax
mov eax, dword [ebp + 8]
push 4
lea ecx, [ebp - 0x1c]
call fcn_fffc3f3c  ; call 0xfffc3f3c
add esp, 0x30

loc_fffc5151:  ; not directly referenced
cmp dword [ebp - 0x30], 0
je short loc_fffc51d0  ; je 0xfffc51d0
push eax
xor edx, edx
push eax
mov eax, dword [ebp + 8]
push 0
push 0xf
push 0
push 2
lea edi, [ebp - 0x1e]
push edi
push esi
push 0xc
push 7
push 6
push 2
lea ecx, [ebp - 0x22]
call fcn_fffc3f3c  ; call 0xfffc3f3c
add esp, 0x28
mov eax, dword [ebp + 8]
push 0
mov edx, 2
push 0xf
push 0
push 2
push edi
push esi
push 0xc
push 8
push 7
push 2
lea ecx, [ebp - 0x20]
call fcn_fffc3f3c  ; call 0xfffc3f3c
add esp, 0x28
mov edx, 6
push 0
push 0xf
push 0
push 2
push edi
push esi
lea eax, [ebx + 1]
dec ebx
push 0xc
movsx eax, al
push eax
mov eax, dword [ebp + 8]
movsx ebx, bl
push ebx
push 4
lea ecx, [ebp - 0x1c]
call fcn_fffc3f3c  ; call 0xfffc3f3c
add esp, 0x30

loc_fffc51d0:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc51d8:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
xor ebx, ebx
sub esp, 0x3c
mov edi, dword [ebp + 8]
mov byte [ebp - 0x1a], 1
mov byte [ebp - 0x19], 0x19
mov dword [ebp - 0x38], 0
mov eax, dword [edi + 0x5edd]
mov dword [ebp - 0x30], eax

loc_fffc51fe:  ; not directly referenced
mov esi, 1
mov cl, bl
shl esi, cl
mov eax, esi
test byte [edi + 0x248e], al
je loc_fffc52ae  ; je 0xfffc52ae
test byte [edi + 0x381b], al
je short loc_fffc523d  ; je 0xfffc523d
mov cl, byte [edi + ebx + 0x4768]
mov dl, 0xf
movsx eax, byte [edi + ebx + 0x476c]
cmp cl, 0xf
cmovbe edx, ecx
mov cl, al
mov byte [ebp - 0x29], dl
sub ecx, edx
jmp short loc_fffc5245  ; jmp 0xfffc5245

loc_fffc523d:  ; not directly referenced
mov byte [ebp - 0x29], 0xf
xor eax, eax
xor ecx, ecx

loc_fffc5245:  ; not directly referenced
mov edx, esi
test byte [edi + 0x4bde], dl
je short loc_fffc526f  ; je 0xfffc526f
movsx ecx, byte [edi + ebx + 0x5b2f]
mov dl, byte [ebp - 0x29]
cmp al, cl
cmovb eax, ecx
mov cl, byte [edi + ebx + 0x5b2b]
cmp dl, cl
cmova edx, ecx
mov cl, al
sub ecx, edx

loc_fffc526f:  ; not directly referenced
mov dl, 0
test cl, cl
cmovs ecx, edx
push edx
movzx ecx, cl
push edx
push 0
push esi
push ebx
push 1
lea esi, [ebp - 0x19]
push esi
lea edx, [edi + 0x2491]
push edx
mov edx, 0xc
push 0xa
push eax
mov eax, edi
push ecx
push 1
lea ecx, [ebp - 0x1a]
call fcn_fffc3f3c  ; call 0xfffc3f3c
add esp, 0x30
mov dword [ebp - 0x38], eax
dec eax
je loc_fffc53c0  ; je 0xfffc53c0

loc_fffc52ae:  ; not directly referenced
inc ebx
cmp ebx, 4
jne loc_fffc51fe  ; jne 0xfffc51fe
mov esi, dword [ebp - 0x30]
lea ebx, [edi + 0x3757]
mov dword [ebp - 0x34], 0
add esi, 0x1c

loc_fffc52cb:  ; not directly referenced
cmp dword [ebx], 2
je short loc_fffc52ed  ; je 0xfffc52ed

loc_fffc52d0:  ; not directly referenced
inc dword [ebp - 0x34]
add ebx, 0x13c3
add esi, 0xcc
cmp dword [ebp - 0x34], 2
jne short loc_fffc52cb  ; jne 0xfffc52cb
mov eax, dword [ebp - 0x38]
jmp near loc_fffc53c5  ; jmp 0xfffc53c5

loc_fffc52ed:  ; not directly referenced
mov al, byte [esi + 0xa1]
movzx edx, byte [esi + 0xa2]
mov byte [ebp - 0x29], 0
shr al, 7
and edx, 7
movzx eax, al
add edx, edx
or edx, eax
mov al, byte [esi + 0xa2]
shr al, 3
and eax, 0xf
cmp al, dl
cmovb eax, edx
xor edx, edx
lea eax, [eax + eax - 8]
test al, al
cmovns edx, eax
mov al, byte [ebx + 0xc4]
xor ecx, ecx
mov byte [ebp - 0x2a], dl
mov byte [ebp - 0x30], al

loc_fffc5335:  ; not directly referenced
mov edx, 1
shl edx, cl
test byte [ebp - 0x30], dl
je short loc_fffc5353  ; je 0xfffc5353
mov al, byte [ebp - 0x29]
mov dl, byte [ebx + ecx + 0x1015]
cmp al, dl
cmovb eax, edx
mov byte [ebp - 0x29], al

loc_fffc5353:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffc5335  ; jne 0xfffc5335
mov al, byte [ebp - 0x29]
sub al, byte [ebp - 0x2a]
mov dword [ebp - 0x30], 0
movzx eax, al
mov dword [ebp - 0x3c], eax

loc_fffc536c:  ; not directly referenced
mov cl, byte [ebp - 0x30]
mov eax, 1
shl eax, cl
test byte [ebx + 0xc4], al
je short loc_fffc53b2  ; je 0xfffc53b2
mov ecx, dword [ebp - 0x30]
mov dl, byte [ebp - 0x29]
sub dl, byte [ebx + ecx + 0x1015]
movsx ecx, byte [ebp - 0x2a]
movzx edx, dl
cmp edx, ecx
jle short loc_fffc53b2  ; jle 0xfffc53b2
sub esp, 0xc
mov edx, dword [ebp - 0x34]
xor ecx, ecx
push eax
mov eax, edi
push 0
push 1
push dword [ebp - 0x3c]
push 0xc
call fcn_fffb4652  ; call 0xfffb4652
add esp, 0x20

loc_fffc53b2:  ; not directly referenced
inc dword [ebp - 0x30]
cmp dword [ebp - 0x30], 4
jne short loc_fffc536c  ; jne 0xfffc536c
jmp near loc_fffc52d0  ; jmp 0xfffc52d0

loc_fffc53c0:  ; not directly referenced
mov eax, 0x19

loc_fffc53c5:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc53cd:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x3c
mov ebx, dword [ebp + 8]
cmp dword [ebx + 0x1887], 0x306d0
je short loc_fffc5419  ; je 0xfffc5419

loc_fffc53e5:  ; not directly referenced
mov ecx, 0x14
mov edx, 0x5f08
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
cmp dword [ebx + 0x3757], 2
jne loc_fffc5544  ; jne 0xfffc5544
mov ecx, 0x3000
mov edx, 0x48a8
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
jmp near loc_fffc5544  ; jmp 0xfffc5544

loc_fffc5419:  ; not directly referenced
cmp byte [ebx + 0x18ed], 0
je short loc_fffc53e5  ; je 0xfffc53e5
mov eax, dword [ebx + 0x36e9]
sub eax, 2
cmp eax, 1
ja short loc_fffc53e5  ; ja 0xfffc53e5
mov dl, 0x10

loc_fffc5432:  ; not directly referenced
mov eax, ebx
mov dword [ebp - 0x2c], edx
call fcn_fffaa4a9  ; call 0xfffaa4a9
mov edx, dword [ebp - 0x2c]
dec dl
jne short loc_fffc5432  ; jne 0xfffc5432
cmp dword [ebx + 0x36e9], 3
jne short loc_fffc53e5  ; jne 0xfffc53e5
mov eax, dword [ebx + 0x2444]
mov esi, dword [ebx + 0x5edd]
push edi
push 0
push 0x10
lea edi, [ebp - 0x28]
push edi
mov dword [ebp - 0x3c], eax
call dword [eax + 0x5c]  ; ucall
lea eax, [ebx + 0x3757]
add esp, 0x10
mov dword [ebp - 0x30], eax
lea eax, [esi + 0x70]
mov dword [ebp - 0x34], eax
lea eax, [ebx + 0x2491]
mov dword [ebp - 0x2c], 0
mov dword [ebp - 0x40], eax
mov dword [ebp - 0x44], edi

loc_fffc548c:  ; not directly referenced
mov eax, dword [ebp - 0x30]
cmp dword [eax], 2
je short loc_fffc54b0  ; je 0xfffc54b0

loc_fffc5494:  ; not directly referenced
inc dword [ebp - 0x2c]
add dword [ebp - 0x30], 0x13c3
add dword [ebp - 0x34], 0xcc
cmp dword [ebp - 0x2c], 2
jne short loc_fffc548c  ; jne 0xfffc548c
jmp near loc_fffc53e5  ; jmp 0xfffc53e5

loc_fffc54b0:  ; not directly referenced
mov cl, byte [ebp - 0x2c]
xor esi, esi
xor edx, edx
mov dword [ebp - 0x38], 1
shl dword [ebp - 0x38], cl

loc_fffc54c1:  ; not directly referenced
mov edi, dword [ebp - 0x30]
mov eax, 1
mov ecx, esi
shl eax, cl
test byte [edi + 0xc4], al
je short loc_fffc5539  ; je 0xfffc5539
test edx, edx
jne short loc_fffc5539  ; jne 0xfffc5539
mov edx, dword [ebp - 0x2c]
mov ecx, eax
mov eax, ebx
call fcn_fffad317  ; call 0xfffad317
movzx edi, al
test dword [ebp - 0x38], edi
je short loc_fffc5504  ; je 0xfffc5504
push ecx
push 0
movzx eax, byte [ebx + 0x2489]
push eax
mov eax, dword [ebp - 0x3c]
push dword [ebp - 0x34]
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffc5504:  ; not directly referenced
sub esp, 0xc
mov ecx, 0x11
push 0
mov edx, edi
mov eax, ebx
call fcn_fffae9e2  ; call 0xfffae9e2
mov ecx, edi
pop eax
mov eax, ebx
pop edx
mov edx, dword [ebp - 0x40]
push 0
push dword [ebp - 0x44]
push 1
push 1
push 2
push esi
call fcn_fffc66ae  ; call 0xfffc66ae
add esp, 0x20
mov edx, 1

loc_fffc5539:  ; not directly referenced
inc esi
cmp esi, 4
jne short loc_fffc54c1  ; jne 0xfffc54c1
jmp near loc_fffc5494  ; jmp 0xfffc5494

loc_fffc5544:  ; not directly referenced
cmp dword [ebx + 0x4b1a], 2
jne short loc_fffc555e  ; jne 0xfffc555e
mov ecx, 0x3000
mov edx, 0x48b0
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381

loc_fffc555e:  ; not directly referenced
mov eax, ebx
call fcn_fffb34af  ; call 0xfffb34af
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc556f:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x60
mov edi, dword [ebp + 8]
mov eax, dword [edi + 0x5edd]
mov esi, dword [edi + 0x188b]
mov dword [ebp - 0x44], eax
mov eax, dword [edi + 0x2444]
mov ebx, eax
mov dword [ebp - 0x54], eax
mov eax, dword [edi + 0x1887]
mov dword [ebp - 0x4c], eax
mov eax, dword [edi + 0x1883]
mov dword [ebp - 0x50], eax
mov al, byte [edi + 0x248e]
push 0
push 0x10
mov byte [ebp - 0x63], al
lea eax, [ebp - 0x28]
push eax
mov eax, ebx
call dword [eax + 0x5c]  ; ucall
add esp, 0x10
cmp byte [edi + 0x36ca], 0
jne short loc_fffc55d3  ; jne 0xfffc55d3
xor ebx, ebx
test esi, esi
je loc_fffc5aa5  ; je 0xfffc5aa5

loc_fffc55d3:  ; not directly referenced
cmp dword [edi + 0x2481], 3
mov dl, 0xa
sete bl
jne short loc_fffc5615  ; jne 0xfffc5615
cmp dword [ebp - 0x50], 3
sete dl
cmp dword [ebp - 0x4c], 0x306d0
sete al
test dl, al
jne loc_fffc5a91  ; jne 0xfffc5a91
cmp dword [ebp - 0x50], 0
sete dl
cmp dword [ebp - 0x4c], 0x40670
sete al
test dl, al
jne loc_fffc5a91  ; jne 0xfffc5a91
mov dl, 6

loc_fffc5615:  ; not directly referenced
mov dword [ebp - 0x58], 0

loc_fffc561c:  ; not directly referenced
mov eax, dword [ebp - 0x44]
mov al, byte [eax + 0x14]
and eax, 0x7f
mov cl, al
or ecx, 0xffffff80
test al, 0x40
cmovne eax, ecx
cbw
lea eax, [eax + eax*4]
add eax, eax
dec esi
mov word [ebp - 0x62], ax
sete al
test al, bl
je loc_fffc5749  ; je 0xfffc5749
mov eax, dword [ebp - 0x44]
lea ebx, [ebp - 0x34]
mov dword [ebp - 0x40], 0
lea esi, [eax + 0x1c]

loc_fffc5656:  ; not directly referenced
cmp byte [esi + 0xb5], 0
je short loc_fffc5675  ; je 0xfffc5675

loc_fffc565f:  ; not directly referenced
inc dword [ebp - 0x40]
add esi, 0xcc
cmp dword [ebp - 0x40], 2
jne short loc_fffc5656  ; jne 0xfffc5656
mov dl, 0xa
jmp near loc_fffc5749  ; jmp 0xfffc5749

loc_fffc5675:  ; not directly referenced
imul eax, dword [ebp - 0x40], 0x13c3
mov byte [esi + 0xb5], 0xff
mov dword [ebp - 0x3c], 0
mov dword [ebp - 0x5c], eax

loc_fffc568d:  ; not directly referenced
mov cl, byte [ebp - 0x3c]
mov eax, 1
shl eax, cl
mov ecx, dword [ebp - 0x5c]
test byte [edi + ecx + 0x381b], al
jne short loc_fffc56ae  ; jne 0xfffc56ae

loc_fffc56a3:  ; not directly referenced
inc dword [ebp - 0x3c]
cmp dword [ebp - 0x3c], 4
jne short loc_fffc568d  ; jne 0xfffc568d
jmp short loc_fffc565f  ; jmp 0xfffc565f

loc_fffc56ae:  ; not directly referenced
mov ecx, dword [ebp - 0x3c]
mov edx, dword [ebp - 0x40]
movzx eax, cl
lea eax, [esi + eax*4 + 0xb6]
mov dword [ebp - 0x48], eax
push eax
push eax
mov eax, edi
push ebx
push 5
call fcn_fffa681b  ; call 0xfffa681b
mov ecx, dword [ebp - 0x3c]
pop eax
pop edx
mov edx, dword [ebp - 0x40]
lea eax, [ebp - 0x30]
push eax
mov eax, edi
push 6
call fcn_fffa681b  ; call 0xfffa681b
mov edx, dword [ebp - 0x40]
pop ecx
pop eax
mov ecx, dword [ebp - 0x3c]
lea eax, [ebp - 0x2c]
push eax
mov eax, edi
push 7
call fcn_fffa681b  ; call 0xfffa681b
add esp, 0x10
xor eax, eax

loc_fffc56fc:  ; not directly referenced
mov dl, byte [eax + ebx]
mov ecx, dword [ebp - 0x48]
mov byte [ecx + eax], dl
mov dl, byte [eax + ebx]
cmp dl, 1
je short loc_fffc5714  ; je 0xfffc5714
cmp dl, 3
je short loc_fffc5729  ; je 0xfffc5729
jmp short loc_fffc573e  ; jmp 0xfffc573e

loc_fffc5714:  ; not directly referenced
cmp byte [eax + ebp - 0x30], 1
jne short loc_fffc5729  ; jne 0xfffc5729
cmp byte [ebp + eax - 0x2c], 0
jne short loc_fffc5729  ; jne 0xfffc5729
mov byte [esi + 0xb5], 1

loc_fffc5729:  ; not directly referenced
cmp byte [eax + ebp - 0x30], 0
jne short loc_fffc573e  ; jne 0xfffc573e
cmp byte [ebp + eax - 0x2c], 0
jne short loc_fffc573e  ; jne 0xfffc573e
mov byte [esi + 0xb5], 1

loc_fffc573e:  ; not directly referenced
inc eax
cmp eax, 4
jne short loc_fffc56fc  ; jne 0xfffc56fc
jmp near loc_fffc56a3  ; jmp 0xfffc56a3

loc_fffc5749:  ; not directly referenced
movzx eax, dl
xor esi, esi
mov dword [ebp - 0x60], eax
lea eax, [edi + 0x2491]
mov dword [ebp - 0x68], eax

loc_fffc575a:  ; not directly referenced
mov eax, dword [ebp - 0x44]
mov ecx, esi
xor ebx, ebx
mov dword [ebp - 0x3c], 1
shl dword [ebp - 0x3c], cl
add eax, 0x70
mov dword [ebp - 0x48], eax
mov byte [ebp - 0x40], 0

loc_fffc5775:  ; not directly referenced
mov ecx, dword [ebp - 0x3c]
mov edx, ebx
mov eax, edi
call fcn_fffad317  ; call 0xfffad317
or byte [ebp - 0x40], al
movzx eax, byte [ebp - 0x40]
bt eax, ebx
mov dword [ebp - 0x5c], eax
jae short loc_fffc57a7  ; jae 0xfffc57a7
push eax
push 0
movzx eax, byte [edi + 0x2489]
push eax
mov eax, dword [ebp - 0x54]
push dword [ebp - 0x48]
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffc57a7:  ; not directly referenced
inc ebx
add dword [ebp - 0x48], 0xcc
cmp ebx, 2
jne short loc_fffc5775  ; jne 0xfffc5775
cmp byte [ebp - 0x40], 0
je short loc_fffc57f7  ; je 0xfffc57f7
push eax
mov ebx, dword [ebp - 0x5c]
push eax
mov ecx, dword [ebp - 0x60]
mov eax, edi
push dword [ebp - 0x3c]
mov edx, ebx
push 0
call fcn_fffaea71  ; call 0xfffaea71
lea eax, [ebp - 0x28]
pop edx
pop ecx
mov ecx, ebx
mov edx, dword [ebp - 0x68]
push 0
push eax
mov eax, edi
push 0x36
push 0
push 0xd
push esi
call fcn_fffc66ae  ; call 0xfffc66ae
add esp, 0x14
push edi
call fcn_fffc9f5d  ; call 0xfffc9f5d
add esp, 0x10

loc_fffc57f7:  ; not directly referenced
inc esi
cmp esi, 4
jne loc_fffc575a  ; jne 0xfffc575a
mov eax, dword [ebp - 0x44]
mov dword [ebp - 0x5c], edi
mov dword [ebp - 0x44], 0
mov dword [ebp - 0x48], 0x3e8
add eax, 0xd1
mov dword [ebp - 0x60], eax
mov eax, dword [ebp - 0x58]
mov dword [ebp - 0x54], 0
mov dword [ebp - 0x40], 0x7fffffff
mov dword [ebp - 0x3c], 0x7fffffff
add eax, 0x1e
mov dword [ebp - 0x68], eax
movsx eax, word [ebp - 0x62]
sub dword [ebp - 0x68], eax

loc_fffc5842:  ; not directly referenced
mov eax, dword [ebp - 0x44]
cmp dword [edi + eax + 0x3757], 2
jne loc_fffc58ea  ; jne 0xfffc58ea
mov al, byte [edi + eax + 0x381b]
mov edx, 0x7fffffff
mov esi, dword [ebp - 0x5c]
mov dword [ebp - 0x58], 0
mov byte [ebp - 0x64], al
mov eax, 0x7fffffff

loc_fffc5871:  ; not directly referenced
mov cl, byte [ebp - 0x58]
mov ebx, 1
shl ebx, cl
test byte [ebp - 0x64], bl
je short loc_fffc589a  ; je 0xfffc589a
cmp edx, dword [esi + 0x3451]
cmovg edx, dword [esi + 0x3451]
cmp eax, dword [esi + 0x3455]
cmovg eax, dword [esi + 0x3455]

loc_fffc589a:  ; not directly referenced
inc dword [ebp - 0x58]
add esi, 0x90
cmp dword [ebp - 0x58], 4
jne short loc_fffc5871  ; jne 0xfffc5871
mov esi, dword [ebp - 0x3c]
mov ecx, dword [ebp - 0x48]
cmp esi, edx
cmovg esi, edx
mov dword [ebp - 0x3c], esi
mov esi, dword [ebp - 0x40]
cmp esi, eax
cmovg esi, eax
mov dword [ebp - 0x40], esi
mov esi, dword [ebp - 0x5c]
mov dword [esi + 0x3455], eax
mov eax, dword [ebp - 0x60]
mov dword [esi + 0x3451], edx
cmp byte [eax], 0
mov eax, 1
cmovg ecx, dword [ebp - 0x68]
cmovle eax, dword [ebp - 0x54]
mov dword [ebp - 0x48], ecx
mov dword [ebp - 0x54], eax

loc_fffc58ea:  ; not directly referenced
add dword [ebp - 0x44], 0x13c3
add dword [ebp - 0x5c], 0x48
add dword [ebp - 0x60], 0xcc
cmp dword [ebp - 0x44], 0x2786
jne loc_fffc5842  ; jne 0xfffc5842
mov eax, dword [ebp - 0x40]
mov ecx, 2
sub eax, dword [ebp - 0x3c]
cdq
idiv ecx
cmp dword [ebp - 0x50], 3
seta dl
cmp dword [ebp - 0x4c], 0x306d0
mov dword [ebp - 0x44], eax
sete al
test dl, al
jne short loc_fffc5949  ; jne 0xfffc5949
cmp dword [ebp - 0x50], 0
mov esi, 1
setne dl
cmp dword [ebp - 0x4c], 0x40670
sete al
test dl, al
je short loc_fffc59a3  ; je 0xfffc59a3

loc_fffc5949:  ; not directly referenced
cmp dword [edi + 0x2481], 2
mov esi, 1
je short loc_fffc59a3  ; je 0xfffc59a3
mov ecx, 1
mov edx, 0xd
movsx ebx, word [ebp - 0x62]
mov eax, edi
call fcn_fffaab72  ; call 0xfffaab72
mov ecx, dword [ebp - 0x40]
mov edx, 0
add ecx, ebx
cmovs ecx, edx
mov edx, dword [ebp - 0x3c]
mov word [ebp - 0x4c], ax
mov eax, 0
sub edx, ebx
cmovs edx, eax
cmp ecx, edx
cmovle edx, ecx
shr word [ebp - 0x4c], 1
movzx eax, word [ebp - 0x4c]
cmp edx, eax
jbe short loc_fffc59a3  ; jbe 0xfffc59a3
neg ebx
xor si, si
mov dword [ebp - 0x44], ebx

loc_fffc59a3:  ; not directly referenced
mov eax, esi
mov byte [edi + 0x36a0], al
mov eax, dword [ebp - 0x48]
cmp dword [ebp - 0x44], eax
setg al
test byte [ebp - 0x54], al
je short loc_fffc59c5  ; je 0xfffc59c5
mov eax, dword [ebp - 0x48]
test esi, esi
cmove eax, dword [ebp - 0x44]
mov dword [ebp - 0x44], eax

loc_fffc59c5:  ; not directly referenced
mov eax, dword [ebp - 0x44]
mov ecx, 0xa
push 0
push 0
push 0
cdq
idiv ecx
push 0
push eax
push 1
push 2
push edi
call fcn_fffcce33  ; call 0xfffcce33
add esp, 0x14
push edi
call fcn_fffc9f5d  ; call 0xfffc9f5d
mov edx, 0xd
xor ecx, ecx
mov dword [ebp - 0x48], eax
mov eax, edi
call fcn_fffaab72  ; call 0xfffaab72
mov edx, dword [ebp - 0x40]
add esp, 0x10
add edx, dword [ebp - 0x3c]
shr ax, 1
movzx eax, ax
cmp edx, eax
jb short loc_fffc5a27  ; jb 0xfffc5a27

loc_fffc5a10:  ; not directly referenced
mov edx, dword [ebp - 0x44]
lea eax, [edi + 0x3451]
xor ecx, ecx
mov ebx, dword [ebp - 0x3c]
mov esi, dword [ebp - 0x40]
add ebx, edx
sub esi, edx
jmp short loc_fffc5a4b  ; jmp 0xfffc5a4b

loc_fffc5a27:  ; not directly referenced
cmp byte [edi + 0x1965], 0
je short loc_fffc5a10  ; je 0xfffc5a10
cmp dword [edi + 0x188b], 1
mov ebx, 0xc
jne short loc_fffc5a10  ; jne 0xfffc5a10
jmp short loc_fffc5aa5  ; jmp 0xfffc5aa5

loc_fffc5a40:  ; not directly referenced
inc ecx
add eax, 0x90
cmp ecx, 4
je short loc_fffc5a5e  ; je 0xfffc5a5e

loc_fffc5a4b:  ; not directly referenced
mov edx, 1
shl edx, cl
test byte [ebp - 0x63], dl
je short loc_fffc5a40  ; je 0xfffc5a40
mov dword [eax], ebx
mov dword [eax + 4], esi
jmp short loc_fffc5a40  ; jmp 0xfffc5a40

loc_fffc5a5e:  ; not directly referenced
cmp dword [edi + 0x3757], 2
jne short loc_fffc5a75  ; jne 0xfffc5a75
xor cl, cl
mov edx, 0x4198
mov eax, edi
call fcn_fffb335b  ; call 0xfffb335b

loc_fffc5a75:  ; not directly referenced
cmp dword [edi + 0x4b1a], 2
mov ebx, dword [ebp - 0x48]
jne short loc_fffc5aa5  ; jne 0xfffc5aa5
xor ecx, ecx
mov edx, 0x4598
mov eax, edi
call fcn_fffb335b  ; call 0xfffb335b
jmp short loc_fffc5aa5  ; jmp 0xfffc5aa5

loc_fffc5a91:  ; not directly referenced
mov eax, dword [ebp - 0x44]
mov dl, 6
imul eax, dword [eax + 0x1b4], 0xa
mov dword [ebp - 0x58], eax
jmp near loc_fffc561c  ; jmp 0xfffc561c

loc_fffc5aa5:  ; not directly referenced
lea esp, [ebp - 0xc]
mov eax, ebx
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc5aaf:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x1c
mov ebx, dword [ebp + 0xc]

loc_fffc5abb:  ; not directly referenced
mov eax, dword [0xff7d0178]
mov esi, 0xff7d0004
xor edi, edi
mov dword [ebp - 0x1c], eax

loc_fffc5aca:  ; not directly referenced
cmp edi, dword [ebp - 0x1c]
je short loc_fffc5ae9  ; je 0xfffc5ae9
push ecx
add esi, 0xc
push ecx
push dword [ebx + 4]
push dword [esi + 0x7c]
call fcn_fffb6951  ; call 0xfffb6951
add esp, 0x10
test al, al
jne short loc_fffc5af6  ; jne 0xfffc5af6
inc edi
jmp short loc_fffc5aca  ; jmp 0xfffc5aca

loc_fffc5ae9:  ; not directly referenced
cmp edi, 0x13
ja short loc_fffc5b50  ; ja 0xfffc5b50
lea eax, [edi + 1]
mov dword [0xff7d0178], eax

loc_fffc5af6:  ; not directly referenced
imul edi, edi, 0xc
mov ecx, 3
mov esi, ebx
add edi, 0xff7d0088
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov edi, 0xff7d017c
xor esi, esi

loc_fffc5b0f:  ; not directly referenced
cmp esi, dword [0xff7d026c]
jae short loc_fffc5b3f  ; jae 0xfffc5b3f
push edx
push edx
push dword [ebx + 4]
push dword [edi + 4]
call fcn_fffb6951  ; call 0xfffb6951
add esp, 0x10
test al, al
je short loc_fffc5b39  ; je 0xfffc5b39
push eax
push dword [ebx + 8]
push edi
push dword [ebp + 8]
call dword [edi + 8]  ; ucall
add esp, 0x10

loc_fffc5b39:  ; not directly referenced
inc esi
add edi, 0xc
jmp short loc_fffc5b0f  ; jmp 0xfffc5b0f

loc_fffc5b3f:  ; not directly referenced
mov eax, dword [ebx]
add ebx, 0xc
test eax, eax
jns loc_fffc5abb  ; jns 0xfffc5abb
xor eax, eax
jmp short loc_fffc5b55  ; jmp 0xfffc5b55

loc_fffc5b50:  ; not directly referenced
mov eax, 0x80000009

loc_fffc5b55:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc5b5d:  ; not directly referenced
push ebp
mov ebp, esp
push edi
xor edi, edi
push esi
push ebx
mov ebx, 0xff7d0088
sub esp, 0x1c
mov eax, dword [0xff7d0178]
mov dword [ebp - 0x1c], eax

loc_fffc5b75:  ; not directly referenced
cmp edi, dword [ebp - 0x1c]
je short loc_fffc5ba2  ; je 0xfffc5ba2
push eax
mov esi, ebx
push eax
add ebx, 0xc
push dword [ebx - 8]
push dword [ebp + 0xc]
call fcn_fffb6951  ; call 0xfffb6951
add esp, 0x10
test al, al
je short loc_fffc5b9f  ; je 0xfffc5b9f
mov eax, dword [ebp + 0x18]
mov edx, dword [esi + 8]
mov dword [eax], edx
xor eax, eax
jmp short loc_fffc5ba7  ; jmp 0xfffc5ba7

loc_fffc5b9f:  ; not directly referenced
inc edi
jmp short loc_fffc5b75  ; jmp 0xfffc5b75

loc_fffc5ba2:  ; not directly referenced
mov eax, 0x8000000e

loc_fffc5ba7:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc5baf:
push ebp
mov ebp, esp
push ebx
push edx
mov ebx, dword [ebp + 0xc]

loc_fffc5bb7:
mov ax, word [ebx]
cmp ax, 0xffff
je short loc_fffc5bce  ; je 0xfffc5bce
cmp ax, 4
je short loc_fffc5bd2  ; je 0xfffc5bd2

loc_fffc5bc6:
movzx eax, word [ebx + 2]
add ebx, eax
jmp short loc_fffc5bb7  ; jmp 0xfffc5bb7

loc_fffc5bce:
xor eax, eax
jmp short loc_fffc5be9  ; jmp 0xfffc5be9

loc_fffc5bd2:
push eax
push eax
lea eax, [ebx + 8]
push eax
push dword [ebp + 8]
call fcn_fffb6951  ; call 0xfffb6951
add esp, 0x10
test al, al
je short loc_fffc5bc6  ; je 0xfffc5bc6
mov eax, ebx

loc_fffc5be9:
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffc5bee:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
mov eax, dword [ebp + 0x10]
mov dword [ebp - 0x2c], eax
lea eax, [ebp - 0x20]
push eax
push 0
push 0
push ref_fffd63d8  ; push 0xfffd63d8
call fcn_fffb020b  ; call 0xfffb020b
lea eax, [ebp - 0x24]
push eax
push 0
push 0
push ref_fffd6348  ; push 0xfffd6348
call fcn_fffb020b  ; call 0xfffb020b
mov eax, dword [0xff7d0084]
add esp, 0x14
mov eax, dword [eax + 0x14]
lea ebx, [eax + 0xb0040]
push ebx
mov dword [ebp - 0x30], eax
call fcn_fffb3fc4  ; call 0xfffb3fc4
add esp, 0x10
mov edx, eax
shr edx, 0x10
and edx, 0xf
cmp dl, 2
je loc_fffc5e38  ; je 0xfffc5e38
movzx edx, ah
xor eax, eax
and dl, 0xf0
jne loc_fffc5e3a  ; jne 0xfffc5e3a
call fcn_fffb91ff  ; call 0xfffb91ff
cmp eax, 2
je loc_fffc5cf7  ; je 0xfffc5cf7

loc_fffc5c6b:  ; not directly referenced
mov eax, dword [0xff7d0084]
sub esp, 0xc
mov edi, dword [eax + 0x14]
lea eax, [edi + 0x70]
add edi, 0x74
push eax
call fcn_fffb3fc4  ; call 0xfffb3fc4
mov dword [esp], edi
mov esi, eax
call fcn_fffb3fc4  ; call 0xfffb3fc4
shr esi, 4
mov ecx, dword [ebp - 0x2c]
mov edi, dword [ebp - 0x30]
shl eax, 0x1c
add eax, esi
shr eax, 0x10
mov esi, eax
or eax, 0x10800000
or esi, 0x10000000
test cl, cl
cmovs esi, eax
mov eax, ecx
and eax, 0x7f
add edi, 0xb004c
shl eax, 0x18
mov dword [esp], edi
or esi, eax
call fcn_fffb3fc4  ; call 0xfffb3fc4
pop eax
pop edx
push esi
mov esi, 0x1389
push edi
call fcn_fffb3ffa  ; call 0xfffb3ffa
mov eax, dword [ebp - 0x24]
add esp, 0xc
push 0x44c
push eax
push dword [ebp + 8]
call dword [eax + 4]  ; ucall
mov dword [esp], ebx
call fcn_fffb3fc4  ; call 0xfffb3fc4
add esp, 0x10
jmp near loc_fffc5e18  ; jmp 0xfffc5e18

loc_fffc5cf7:  ; not directly referenced
mov eax, dword [0xfed70044]
test al, 1
je loc_fffc5c6b  ; je 0xfffc5c6b
mov eax, dword [ebp - 0x20]
cmp byte [eax + 1], 0
jne loc_fffc5c6b  ; jne 0xfffc5c6b
cmp byte [ebp - 0x2c], 1
je loc_fffc5c6b  ; je 0xfffc5c6b
lea eax, [ebp - 0x1c]
mov esi, ref_fffd6988  ; mov esi, 0xfffd6988
push ecx
push eax
push 0x20
push 4
call fcn_fffb0564  ; call 0xfffb0564
mov eax, dword [ebp - 0x1c]
mov ecx, 4
lea edi, [eax + 8]
add eax, 0x18
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
pop esi
pop edi
push 8
push eax
call fcn_fffb067f  ; call 0xfffb067f
call fcn_fffb059d  ; call 0xfffb059d
pop edx
pop ecx
push eax
push ref_fffd6988  ; push 0xfffd6988
call fcn_fffc5baf  ; call 0xfffc5baf
add esp, 0x10
mov edx, eax
test eax, eax
je loc_fffc5c6b  ; je 0xfffc5c6b
mov eax, dword [ebp + 0x14]
mov esi, 0x166
mov dword [edx + 0x1c], 0
mov dword [edx + 0x18], eax

loc_fffc5d79:  ; not directly referenced
mov eax, dword [0xfed70044]
test al, 2
je short loc_fffc5db4  ; je 0xfffc5db4
mov esi, dword [edx + 0x18]
xor edi, edi
mov dword [0xfed70080], esi
mov dword [0xfed70084], edi
mov dword [0xfed7000c], 3
cmp dword [ebp + 0x18], 0x20
jne short loc_fffc5dad  ; jne 0xfffc5dad
mov dword [0xfed70040], 0

loc_fffc5dad:  ; not directly referenced
mov esi, 0x48
jmp short loc_fffc5dec  ; jmp 0xfffc5dec

loc_fffc5db4:  ; not directly referenced
mov eax, dword [ebp - 0x24]
mov dword [ebp - 0x34], edx
push edx
push 0x8c
push eax
push dword [ebp + 8]
call dword [eax + 4]  ; ucall
mov edx, dword [ebp - 0x34]
add esp, 0x10
dec esi
jne short loc_fffc5d79  ; jne 0xfffc5d79
jmp short loc_fffc5dad  ; jmp 0xfffc5dad

loc_fffc5dd2:  ; not directly referenced
mov eax, dword [ebp - 0x24]
push edi
push 0x8c
push eax
push dword [ebp + 8]
call dword [eax + 4]  ; ucall
add esp, 0x10
dec esi
je loc_fffc5c6b  ; je 0xfffc5c6b

loc_fffc5dec:  ; not directly referenced
mov eax, dword [0xfed7000c]
test eax, eax
jne short loc_fffc5dd2  ; jne 0xfffc5dd2
jmp near loc_fffc5c6b  ; jmp 0xfffc5c6b

loc_fffc5dfa:  ; not directly referenced
dec esi
je short loc_fffc5e22  ; je 0xfffc5e22
mov eax, dword [ebp - 0x24]
push ecx
push 0x3e8
push eax
push dword [ebp + 8]
call dword [eax + 4]  ; ucall
mov dword [esp], ebx
call fcn_fffb3fc4  ; call 0xfffb3fc4
add esp, 0x10

loc_fffc5e18:  ; not directly referenced
mov edx, eax
shr edx, 0x18
and dl, 0xf0
je short loc_fffc5dfa  ; je 0xfffc5dfa

loc_fffc5e22:  ; not directly referenced
shr eax, 0x19
push edx
and eax, 7
push edx
push eax
push dword [ebp + 8]
call fcn_fffb6839  ; call 0xfffb6839
add esp, 0x10
jmp short loc_fffc5e3a  ; jmp 0xfffc5e3a

loc_fffc5e38:  ; not directly referenced
xor eax, eax

loc_fffc5e3a:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc5e42:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x4c
mov edi, dword [ebp + 8]
mov dword [ebp - 0x3c], 0
mov eax, dword [edi + 0x5edd]
mov esi, dword [edi + 0x18a7]
mov dword [ebp - 0x40], eax
mov eax, dword [edi + 0x188b]
mov dword [ebp - 0x34], eax
mov al, byte [edi + 0x36ca]
inc eax
cmp byte [edi + 0x1965], 1
mov byte [edi + 0x36ca], al
jne short loc_fffc5e8f  ; jne 0xfffc5e8f
xor ebx, ebx
cmp dword [ebp - 0x34], 1
sete bl
mov dword [ebp - 0x3c], ebx

loc_fffc5e8f:  ; not directly referenced
cmp dword [edi + 0x2481], 3
sete bl
dec al
movzx ecx, bl
mov dword [ebp - 0x44], ecx
mov ecx, 0xa
jne short loc_fffc5f20  ; jne 0xfffc5f20
cmp dword [ebp - 0x34], 1
jne short loc_fffc5f0a  ; jne 0xfffc5f0a
cmp dword [edi + 0x3757], 2
jne short loc_fffc5edc  ; jne 0xfffc5edc
cmp byte [edi + 0x190c], 0
jne short loc_fffc5edc  ; jne 0xfffc5edc
mov eax, dword [ebp - 0x40]
mov edx, 0x4004
and byte [eax + 0xbf], 0xdf
mov ecx, dword [eax + 0xbc]
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381

loc_fffc5edc:  ; not directly referenced
cmp dword [edi + 0x4b1a], 2
jne short loc_fffc5f0a  ; jne 0xfffc5f0a
cmp byte [edi + 0x190c], 0
jne short loc_fffc5f0a  ; jne 0xfffc5f0a
mov eax, dword [ebp - 0x40]
mov edx, 0x4404
and byte [eax + 0x18b], 0xdf
mov ecx, dword [eax + 0x188]
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381

loc_fffc5f0a:  ; not directly referenced
cmp dword [ebp - 0x34], 0
sete dl
xor eax, eax
or dl, bl
jne loc_fffc66a6  ; jne 0xfffc66a6
mov ecx, 6

loc_fffc5f20:  ; not directly referenced
movzx eax, byte [edi + 0x248e]
movzx ebx, byte [edi + 0x248f]
push edx
push edx
push eax
push 1
mov edx, ebx
mov byte [ebp - 0x45], al
mov dword [ebp - 0x30], eax
mov eax, edi
mov dword [ebp - 0x38], ebx
call fcn_fffaea71  ; call 0xfffaea71
add esp, 0x10
cmp dword [ebp - 0x44], 0
jne loc_fffc6217  ; jne 0xfffc6217
cmp dword [edi + 0x3757], 2
je short loc_fffc5f6d  ; je 0xfffc5f6d
cmp dword [edi + 0x4b1a], 2
mov al, 0x40
jne short loc_fffc5f8a  ; jne 0xfffc5f8a
mov eax, 1
jmp short loc_fffc5f6f  ; jmp 0xfffc5f6f

loc_fffc5f6d:  ; not directly referenced
xor eax, eax

loc_fffc5f6f:  ; not directly referenced
imul eax, eax, 0x13c3
mov dl, 0x55
imul esi, esi, 0x2e
add esi, eax
mov al, 0x40
cmp word [edi + esi + 0x375f], 2
cmove eax, edx

loc_fffc5f8a:  ; not directly referenced
mov byte [ebp - 0x21], al
lea esi, [edi + 0x381b]
xor ebx, ebx
mov byte [ebp - 0x22], al
mov byte [ebp - 0x1f], 0x40
mov byte [ebp - 0x20], 0x40

loc_fffc5fa0:  ; not directly referenced
cmp dword [esi - 0xc4], 2
jne short loc_fffc6016  ; jne 0xfffc6016
push ecx
push 1
movzx eax, byte [esi + 0x17d]
neg eax
push eax
push 1
movzx eax, byte [esi]
push eax
push 0
push ebx
push edi
call fcn_fffabc7a  ; call 0xfffabc7a
movzx eax, byte [ebp + ebx - 0x22]
add esp, 0x1c
push 1
push eax
push 1
movzx eax, byte [esi]
push eax
push 2
push ebx
push edi
call fcn_fffabc7a  ; call 0xfffabc7a
movzx eax, byte [ebp + ebx - 0x22]
add esp, 0x1c
push 1
push eax
push 1
movzx eax, byte [esi]
push eax
push 1
push ebx
push edi
call fcn_fffabc7a  ; call 0xfffabc7a
movzx eax, byte [ebp + ebx - 0x20]
add esp, 0x1c
push 1
push eax
push 1
movzx eax, byte [esi]
push eax
push 4
push ebx
push edi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20

loc_fffc6016:  ; not directly referenced
inc ebx
add esi, 0x13c3
cmp ebx, 2
jne loc_fffc5fa0  ; jne 0xfffc5fa0
mov ecx, dword [ebp - 0x30]
mov eax, edi
push edx
push edx
xor edx, edx
push 0
push 1
call fcn_fffcfc57  ; call 0xfffcfc57
mov cl, byte [ebp - 0x3c]
add esp, 0x10
and ecx, 1
mov byte [ebp - 0x2c], cl
test eax, eax
setne dl
test cl, dl
jne loc_fffc66a6  ; jne 0xfffc66a6
cmp byte [edi + 0x36ca], 2
je short loc_fffc606c  ; je 0xfffc606c

loc_fffc605a:  ; not directly referenced
cmp byte [edi + 0x36ca], 2
jne loc_fffc6126  ; jne 0xfffc6126
jmp near loc_fffc6105  ; jmp 0xfffc6105

loc_fffc606c:  ; not directly referenced
mov ecx, dword [ebp - 0x30]
lea ebx, [ebp - 0x22]
mov edx, 2
push eax
push eax
mov eax, edi
push ebx
push 1
call fcn_fffcfc57  ; call 0xfffcfc57
add esp, 0x10
test eax, eax
setne dl
test byte [ebp - 0x2c], dl
jne loc_fffc66a6  ; jne 0xfffc66a6
mov ecx, dword [ebp - 0x30]
mov edx, 1
push eax
push eax
mov eax, edi
push ebx
push 1
call fcn_fffcfc57  ; call 0xfffcfc57
add esp, 0x10
test eax, eax
setne dl
test byte [ebp - 0x2c], dl
jne loc_fffc66a6  ; jne 0xfffc66a6
xor ebx, ebx
lea esi, [ebp - 0x20]

loc_fffc60be:  ; not directly referenced
mov cl, bl
mov eax, 1
shl eax, cl
mov cl, 0xc
cmp bl, 2
cmovne ecx, eax
and cl, byte [ebp - 0x45]
jne short loc_fffc60df  ; jne 0xfffc60df

loc_fffc60d4:  ; not directly referenced
inc ebx
cmp ebx, 3
jne short loc_fffc60be  ; jne 0xfffc60be
jmp near loc_fffc605a  ; jmp 0xfffc605a

loc_fffc60df:  ; not directly referenced
push eax
mov edx, 4
push eax
movzx ecx, cl
push esi
mov eax, edi
push 1
call fcn_fffcfc57  ; call 0xfffcfc57
add esp, 0x10
test eax, eax
setne dl
test byte [ebp - 0x2c], dl
je short loc_fffc60d4  ; je 0xfffc60d4
jmp near loc_fffc66a6  ; jmp 0xfffc66a6

loc_fffc6105:  ; not directly referenced
lea ebx, [edi + 0x3757]
mov dword [ebp - 0x2c], 0

loc_fffc6112:  ; not directly referenced
cmp dword [ebx], 2
je short loc_fffc6146  ; je 0xfffc6146

loc_fffc6117:  ; not directly referenced
inc dword [ebp - 0x2c]
add ebx, 0x13c3
cmp dword [ebp - 0x2c], 2
jne short loc_fffc6112  ; jne 0xfffc6112

loc_fffc6126:  ; not directly referenced
cmp dword [edi + 0x3757], 2
jne loc_fffc61ef  ; jne 0xfffc61ef
xor ecx, ecx
mov edx, 0x4198
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
jmp near loc_fffc61ef  ; jmp 0xfffc61ef

loc_fffc6146:  ; not directly referenced
mov eax, dword [ebx + 0x109]
cmp dword [ebx + 0x111], eax
cmovbe eax, dword [ebx + 0x111]
cmp dword [ebp - 0x44], 0
je short loc_fffc6184  ; je 0xfffc6184
mov esi, dword [ebx + 0x115]
cmp dword [ebx + 0x11d], esi
cmovbe esi, dword [ebx + 0x11d]
cmp esi, eax
cmova esi, eax

loc_fffc6177:  ; not directly referenced
mov al, byte [ebx + 0xc4]
xor ecx, ecx
mov byte [ebp - 0x30], al
jmp short loc_fffc6191  ; jmp 0xfffc6191

loc_fffc6184:  ; not directly referenced
mov esi, dword [ebx + 0x119]
cmp eax, esi
cmovbe esi, eax
jmp short loc_fffc6177  ; jmp 0xfffc6177

loc_fffc6191:  ; not directly referenced
mov edx, 1
shl edx, cl
test byte [ebp - 0x30], dl
je short loc_fffc61b7  ; je 0xfffc61b7
movzx eax, byte [ebx + ecx + 0x249]
movzx edx, byte [ebx + ecx + 0x245]
cmp eax, edx
cmovbe edx, eax
cmp esi, edx
cmova esi, edx

loc_fffc61b7:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffc6191  ; jne 0xfffc6191
push 1
mov edx, dword [ebp - 0x2c]
mov eax, esi
push 1
neg eax
push eax
mov cl, 0xff
push 1
mov eax, edi
call fcn_fffac68e  ; call 0xfffac68e
mov edx, dword [ebp - 0x40]
mov ecx, esi
imul eax, dword [ebp - 0x2c], 0xcc
add esp, 0x10
mov byte [edx + eax + 0xe2], cl
jmp near loc_fffc6117  ; jmp 0xfffc6117

loc_fffc61ef:  ; not directly referenced
cmp dword [edi + 0x4b1a], 2
jne short loc_fffc6206  ; jne 0xfffc6206
xor ecx, ecx
mov edx, 0x4598
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381

loc_fffc6206:  ; not directly referenced
sub esp, 0xc
push edi
call fcn_fffc9f5d  ; call 0xfffc9f5d
add esp, 0x10
jmp near loc_fffc66a6  ; jmp 0xfffc66a6

loc_fffc6217:  ; not directly referenced
mov eax, dword [edi + 0x3860]
mov edx, 3
xor ebx, ebx
mov ecx, dword [ebp - 0x38]
mov byte [ebp - 0x1e], al
mov eax, dword [edi + 0x3868]
mov byte [ebp - 0x1a], al
mov eax, dword [edi + 0x4c23]
mov byte [ebp - 0x1d], al
mov eax, dword [edi + 0x4c2b]
mov byte [ebp - 0x19], al
push eax
push 1
push 1
push 0x14
push 1
lea eax, [ebp - 0x1e]
push eax
mov eax, edi
push 1
push dword [ebp - 0x30]
call fcn_fffcffd1  ; call 0xfffcffd1
add esp, 0x20
mov dword [ebp - 0x2c], 0

loc_fffc6268:  ; not directly referenced
imul eax, ebx, 0x13c3
cmp dword [edi + eax + 0x3757], 2
jne short loc_fffc62e6  ; jne 0xfffc62e6
imul ecx, ebx, 0x48
mov esi, 0xa
xor edx, edx
mov eax, dword [edi + ecx + 0x3211]
div esi
xor edx, edx
mov dword [ebp - 0x50], eax
mov eax, dword [edi + ecx + 0x3215]
mov ecx, 2
div esi
mov esi, dword [ebp - 0x50]
mov edx, esi
movsx edx, dl
mov dword [ebp - 0x4c], eax
movsx eax, byte [ebp - 0x4c]
sub eax, edx
cdq
idiv ecx
mov cl, byte [ebp - 0x4c]
mov edx, 0xc
add ecx, esi
cmp cl, 0x11
cmova edx, dword [ebp - 0x2c]
mov dword [ebp - 0x2c], edx
push edx
push 1
add al, byte [ebp + ebx - 0x1e]
mov byte [ebp + ebx - 0x1e], al
movzx eax, al
push eax
push 1
push dword [ebp - 0x30]
push 3
push ebx
push edi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20

loc_fffc62e6:  ; not directly referenced
inc ebx
cmp ebx, 2
jne loc_fffc6268  ; jne 0xfffc6268
mov al, byte [ebp - 0x3c]
and eax, 1
mov bl, al
mov byte [ebp - 0x3c], al
mov eax, dword [ebp - 0x2c]
test eax, eax
setne dl
test bl, dl
jne loc_fffc66a6  ; jne 0xfffc66a6
push eax
mov ecx, dword [ebp - 0x38]
mov edx, 2
push 1
xor ebx, ebx
push 1
push 0x14
push 1
lea eax, [ebp - 0x1a]
push eax
mov eax, edi
push 1
push dword [ebp - 0x30]
call fcn_fffcffd1  ; call 0xfffcffd1
add esp, 0x20

loc_fffc6331:  ; not directly referenced
imul eax, ebx, 0x13c3
cmp dword [edi + eax + 0x3757], 2
jne short loc_fffc63af  ; jne 0xfffc63af
imul ecx, ebx, 0x48
mov esi, 0xa
xor edx, edx
mov eax, dword [edi + ecx + 0x3211]
div esi
xor edx, edx
mov dword [ebp - 0x50], eax
mov eax, dword [edi + ecx + 0x3215]
mov ecx, 2
div esi
mov esi, dword [ebp - 0x50]
mov edx, esi
movsx edx, dl
mov dword [ebp - 0x4c], eax
movsx eax, byte [ebp - 0x4c]
sub eax, edx
cdq
idiv ecx
mov cl, byte [ebp - 0x4c]
mov edx, 0xc
add ecx, esi
cmp cl, 0x11
cmova edx, dword [ebp - 0x2c]
push esi
push 1
mov dword [ebp - 0x2c], edx
add al, byte [ebp + ebx - 0x1a]
mov byte [ebp + ebx - 0x1a], al
movzx eax, al
push eax
push 1
push dword [ebp - 0x30]
push 2
push ebx
push edi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20

loc_fffc63af:  ; not directly referenced
inc ebx
cmp ebx, 2
jne loc_fffc6331  ; jne 0xfffc6331
mov eax, dword [ebp - 0x2c]
test eax, eax
setne dl
test byte [ebp - 0x3c], dl
jne loc_fffc66a6  ; jne 0xfffc66a6
mov eax, dword [edi + 0x386c]
mov edx, 2
xor bl, bl
mov byte [ebp - 0x1a], al
mov eax, dword [edi + 0x3874]
mov byte [ebp - 0x1c], al
mov eax, dword [edi + 0x4c2f]
mov byte [ebp - 0x19], al
mov eax, dword [edi + 0x4c37]
push ecx
mov ecx, dword [ebp - 0x38]
push 1
push 1
push 0x14
push 1
mov byte [ebp - 0x1b], al
lea eax, [ebp - 0x1a]
push eax
mov eax, edi
push 2
push dword [ebp - 0x30]
call fcn_fffcffd1  ; call 0xfffcffd1
add esp, 0x20

loc_fffc6414:  ; not directly referenced
imul eax, ebx, 0x13c3
cmp dword [edi + eax + 0x3757], 2
jne short loc_fffc6492  ; jne 0xfffc6492
imul ecx, ebx, 0x48
mov esi, 0xa
xor edx, edx
mov eax, dword [edi + ecx + 0x3211]
div esi
xor edx, edx
mov dword [ebp - 0x50], eax
mov eax, dword [edi + ecx + 0x3215]
mov ecx, 2
div esi
mov esi, dword [ebp - 0x50]
mov edx, esi
movsx edx, dl
mov dword [ebp - 0x4c], eax
movsx eax, byte [ebp - 0x4c]
sub eax, edx
cdq
idiv ecx
mov cl, byte [ebp - 0x4c]
mov edx, 0xc
add ecx, esi
cmp cl, 0x11
cmova edx, dword [ebp - 0x2c]
mov dword [ebp - 0x2c], edx
push edx
push 1
add al, byte [ebp + ebx - 0x1a]
mov byte [ebp + ebx - 0x1a], al
movzx eax, al
push eax
push 2
push dword [ebp - 0x30]
push 2
push ebx
push edi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20

loc_fffc6492:  ; not directly referenced
inc ebx
cmp ebx, 2
jne loc_fffc6414  ; jne 0xfffc6414
mov eax, dword [ebp - 0x2c]
test eax, eax
setne dl
test byte [ebp - 0x3c], dl
jne loc_fffc66a6  ; jne 0xfffc66a6
push eax
mov ecx, dword [ebp - 0x38]
mov edx, 1
push 1
xor bl, bl
push 1
push 0x14
push 1
lea eax, [ebp - 0x1c]
push eax
mov eax, edi
push 2
push dword [ebp - 0x30]
call fcn_fffcffd1  ; call 0xfffcffd1
add esp, 0x20

loc_fffc64d3:  ; not directly referenced
imul eax, ebx, 0x13c3
cmp dword [edi + eax + 0x3757], 2
jne short loc_fffc6551  ; jne 0xfffc6551
imul ecx, ebx, 0x48
mov esi, 0xa
xor edx, edx
mov eax, dword [edi + ecx + 0x3211]
div esi
xor edx, edx
mov dword [ebp - 0x4c], eax
mov eax, dword [edi + ecx + 0x3215]
mov ecx, 2
div esi
mov esi, dword [ebp - 0x4c]
mov edx, esi
movsx edx, dl
mov dword [ebp - 0x38], eax
movsx eax, byte [ebp - 0x38]
sub eax, edx
cdq
idiv ecx
mov cl, byte [ebp - 0x38]
mov edx, 0xc
add ecx, esi
cmp cl, 0x11
cmova edx, dword [ebp - 0x2c]
push esi
push 1
mov dword [ebp - 0x2c], edx
add al, byte [ebp + ebx - 0x1c]
mov byte [ebp + ebx - 0x1c], al
movzx eax, al
push eax
push 2
push dword [ebp - 0x30]
push 1
push ebx
push edi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20

loc_fffc6551:  ; not directly referenced
inc ebx
cmp ebx, 2
jne loc_fffc64d3  ; jne 0xfffc64d3
mov eax, dword [ebp - 0x2c]
test eax, eax
setne dl
test byte [ebp - 0x3c], dl
jne loc_fffc66a6  ; jne 0xfffc66a6
lea eax, [edi + 0x3757]
mov bx, 0x4908
mov dword [ebp - 0x2c], eax

loc_fffc6579:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
cmp dword [eax], 2
jne loc_fffc6622  ; jne 0xfffc6622
xor ecx, ecx
mov edx, ebx
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
xor eax, eax
mov edx, 0x80080020
mov ecx, eax
or ecx, 0x80000
and ecx, 0xfffff807
or ecx, 8
mov eax, ecx
push ecx
push ecx
push edx
lea esi, [ebx + ebx - 0x4900]
push eax
mov edx, esi
mov eax, edi
call fcn_fffb3506  ; call 0xfffb3506
mov edx, ebx
mov ecx, 0x2c08
shl edx, 8
mov eax, edi
sub edx, 0x48c668
call fcn_fffb3381  ; call 0xfffb3381
lea edx, [ebx + 0x50]
mov ecx, 0xff
mov eax, edi
call fcn_fffb335b  ; call 0xfffb335b
add esp, 0x10
cmp dword [ebp - 0x34], 1
jne short loc_fffc65fc  ; jne 0xfffc65fc
lea edx, [ebx + 0x51]
mov ecx, 0xff
mov eax, edi
call fcn_fffb335b  ; call 0xfffb335b

loc_fffc65fc:  ; not directly referenced
push ecx
mov eax, edi
push ecx
push 0
push 0
lea edx, [esi - 0x38]
call fcn_fffb3506  ; call 0xfffb3506
pop eax
mov eax, edi
pop edx
lea edx, [esi - 0x28]
push 0
push 0x3f8
call fcn_fffb3506  ; call 0xfffb3506
add esp, 0x10

loc_fffc6622:  ; not directly referenced
add ebx, 4
add dword [ebp - 0x2c], 0x13c3
cmp ebx, 0x4910
jne loc_fffc6579  ; jne 0xfffc6579
xor bx, bx
lea esi, [ebp - 0x20]

loc_fffc663e:  ; not directly referenced
mov eax, 1
mov cl, bl
shl eax, cl
test byte [ebp - 0x45], al
jne short loc_fffc6657  ; jne 0xfffc6657

loc_fffc664c:  ; not directly referenced
inc ebx
cmp ebx, 4
jne short loc_fffc663e  ; jne 0xfffc663e
jmp near loc_fffc605a  ; jmp 0xfffc605a

loc_fffc6657:  ; not directly referenced
test byte [edi + 0x381b], al
jne short loc_fffc6665  ; jne 0xfffc6665
mov byte [ebp - 0x20], 0
jmp short loc_fffc666f  ; jmp 0xfffc666f

loc_fffc6665:  ; not directly referenced
mov dl, byte [edi + ebx + 0x399c]
mov byte [ebp - 0x20], dl

loc_fffc666f:  ; not directly referenced
test byte [edi + 0x4bde], al
je short loc_fffc6683  ; je 0xfffc6683
mov dl, byte [edi + ebx + 0x4d5f]
mov byte [ebp - 0x1f], dl
jmp short loc_fffc6687  ; jmp 0xfffc6687

loc_fffc6683:  ; not directly referenced
mov byte [ebp - 0x1f], 0

loc_fffc6687:  ; not directly referenced
push edx
mov ecx, eax
push edx
mov edx, 4
push esi
push eax
mov eax, edi
call fcn_fffcfc57  ; call 0xfffcfc57
add esp, 0x10
test eax, eax
setne dl
test byte [ebp - 0x3c], dl
je short loc_fffc664c  ; je 0xfffc664c

loc_fffc66a6:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc66ae:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
push ebx
sub esp, 0xdc
mov eax, dword [ebp + 0xc]
mov dword [ebp - 0x4c], ecx
mov ebx, dword [ebp + 8]
mov byte [ebp - 0x70], cl
mov cl, byte [ebp + 0x10]
mov dword [ebp - 0x50], edx
xor edx, edx
mov dword [ebp - 0x5c], eax
mov byte [ebp - 0xc8], bl
mov byte [ebp - 0xb1], cl
mov cl, byte [ebp + 0x14]
mov byte [ebp - 0x6d], al
mov byte [ebp - 0x6f], cl
mov ecx, dword [edi + 0x2444]
mov dword [ebp - 0xb8], ecx
cmp al, 0x21
ja short loc_fffc6702  ; ja 0xfffc6702
movzx eax, byte [ebp - 0x5c]
mov dl, byte [eax + ref_fffd58e0]  ; mov dl, byte [eax - 0x2a720]

loc_fffc6702:  ; not directly referenced
mov eax, dword [edi + 0x188b]
cmp byte [edi + 0x248c], 1
mov esi, dword [edi + 0x2481]
mov dword [ebp - 0x88], eax
jne short loc_fffc6737  ; jne 0xfffc6737
mov al, byte [edi + 0x248d]
lea ecx, [eax + 4]
mov byte [ebp - 0x24], al
mov byte [ebp - 0x23], al
add eax, 2
mov byte [ebp - 0x22], cl
mov byte [ebp - 0x21], al
jmp short loc_fffc6747  ; jmp 0xfffc6747

loc_fffc6737:  ; not directly referenced
mov byte [ebp - 0x24], 1
mov byte [ebp - 0x23], 1
mov byte [ebp - 0x22], 1
mov byte [ebp - 0x21], 1

loc_fffc6747:  ; not directly referenced
mov eax, dword [ebp - 0x5c]
mov dword [ebp - 0x9c], 1
cmp al, 0x21
sete cl
cmp al, 0x11
sete al
or cl, al
jne short loc_fffc6771  ; jne 0xfffc6771
xor eax, eax
cmp byte [ebp - 0x5c], 5
sete al
mov dword [ebp - 0x9c], eax

loc_fffc6771:  ; not directly referenced
cmp byte [ebp - 0x5c], 0xd
mov dword [ebp - 0x74], 0
jne short loc_fffc6798  ; jne 0xfffc6798
movzx eax, byte [ebp - 0x4c]
mov dword [ebp - 0x54], edx
call fcn_fffb38d9  ; call 0xfffb38d9
mov edx, dword [ebp - 0x54]
cmp al, 1
seta al
movzx eax, al
mov dword [ebp - 0x74], eax

loc_fffc6798:  ; not directly referenced
mov eax, 2
cmp bl, 3
ja loc_fffc74f5  ; ja 0xfffc74f5
mov al, byte [ebp - 0x5c]
movzx edx, dl
mov dword [ebp - 0x68], 1
mov dword [ebp - 0x7c], 0
mov byte [ebp - 0x6e], 0
shr al, 4
inc eax
mov byte [ebp - 0xa1], al
xor eax, eax
cmp esi, 3
sete al
cmp esi, 2
mov dword [ebp - 0x8c], eax
movzx eax, bl
sete byte [ebp - 0xa2]
mov cl, al
imul edx, edx, 0x240
mov dword [ebp - 0x64], eax
imul eax, eax, 0x90
add edx, dword [ebp - 0x50]
shl dword [ebp - 0x68], cl
shr bl, 1
mov esi, eax
movzx ebx, bl
mov dword [ebp - 0xdc], eax
movzx eax, byte [ebp - 0x4c]
mov dword [ebp - 0x54], edx
add edx, esi
mov dword [ebp - 0xac], ebx
mov dword [ebp - 0x94], edx
mov dword [ebp - 0x6c], eax
sar eax, 1
mov dword [ebp - 0xa0], eax
mov eax, dword [ebp - 0xc8]
and dword [ebp - 0xa0], 1
mov dword [ebp - 0x4c], 0
and eax, 1
mov dword [ebp - 0x84], 0
mov byte [ebp - 0x58], 0
mov dword [ebp - 0xe0], eax

loc_fffc6852:  ; not directly referenced
mov esi, dword [ebp - 0xb8]
mov ebx, dword [ebp - 0x4c]
push eax
push 0
push 4
lea eax, [ebp - 0x28]
push eax
mov eax, esi
mov byte [ebp - 0x80], bl
call dword [eax + 0x5c]  ; ucall
add esp, 0xc
push 0
push 2
lea eax, [ebp - 0x40]
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
mov cl, byte [ebp - 0x6f]
add esp, 0x10
lea esi, [edi + 0x3757]
mov dword [ebp - 0xa8], esi
mov dword [ebp - 0x50], esi
mov al, cl
neg eax
test bl, bl
cmovne eax, ecx
xor ebx, ebx
mov byte [ebp - 0xb0], al
mov eax, dword [ebp - 0x7c]
add eax, dword [ebp - 0xdc]
add eax, dword [ebp - 0x54]
mov dword [ebp - 0x90], eax
mov dword [ebp - 0x60], eax
movzx eax, byte [ebp - 0x58]
imul eax, eax, 0x12
mov dword [ebp - 0xcc], eax

loc_fffc68c4:  ; not directly referenced
mov al, byte [ebp - 0x6f]
mov byte [ebp + ebx - 0x3e], 0x7f
mov dword [ebp + ebx*4 - 0x20], 0
mov byte [ebp + ebx - 0x3a], 0
mov byte [ebp + ebx - 0x42], al
mov eax, dword [ebp - 0x6c]
mov byte [ebp + ebx - 0x3c], 0
bt eax, ebx
jb short loc_fffc68fb  ; jb 0xfffc68fb
mov word [ebp + ebx*2 - 0x28], 1
mov byte [ebp + ebx - 0x40], 1
jmp near loc_fffc6b29  ; jmp 0xfffc6b29

loc_fffc68fb:  ; not directly referenced
cmp byte [ebp - 0x6d], 1
jne short loc_fffc693a  ; jne 0xfffc693a
mov al, byte [edi + 0x2489]
xor esi, esi
mov byte [ebp - 0x78], al

loc_fffc690c:  ; not directly referenced
mov eax, esi
cmp byte [ebp - 0x78], al
jbe loc_fffc6aca  ; jbe 0xfffc6aca
push eax
movzx eax, byte [ebp + ebx - 0x42]
mov ecx, 0xff
mov edx, ebx
push eax
mov eax, edi
push dword [ebp - 0x4c]
push esi
inc esi
call fcn_fffb399f  ; call 0xfffb399f
add esp, 0x10
mov byte [ebp + ebx - 0x42], al
jmp short loc_fffc690c  ; jmp 0xfffc690c

loc_fffc693a:  ; not directly referenced
cmp byte [ebp - 0x6d], 0xd
je short loc_fffc6956  ; je 0xfffc6956
cmp dword [ebp - 0x88], 1
sete al
test byte [ebp - 0x9c], al
je loc_fffc69da  ; je 0xfffc69da

loc_fffc6956:  ; not directly referenced
cmp byte [ebp - 0x6d], 0xd
mov edx, dword [edi + 0x5edd]
jne short loc_fffc696a  ; jne 0xfffc696a
mov al, byte [edx + 0x14]
and eax, 0x7f
jmp short loc_fffc6991  ; jmp 0xfffc6991

loc_fffc696a:  ; not directly referenced
test bl, bl
jne short loc_fffc6980  ; jne 0xfffc6980
mov al, byte [edx + 0x15]
movzx edx, byte [edx + 0x16]
shr al, 6
and edx, 0x1f
shl edx, 2
jmp short loc_fffc698f  ; jmp 0xfffc698f

loc_fffc6980:  ; not directly referenced
mov al, byte [edx + 0x14]
movzx edx, byte [edx + 0x15]
shr al, 7
and edx, 0x3f
add edx, edx

loc_fffc698f:  ; not directly referenced
or eax, edx

loc_fffc6991:  ; not directly referenced
mov esi, dword [ebp - 0xb0]
mov dl, al
or edx, 0xffffff80
test al, 0xc0
cmovne eax, edx
lea ecx, [eax + esi]
mov esi, dword [ebp - 0x80]
cmp cl, 0xca
mov byte [ebp - 0x78], cl
setl cl
xor esi, 1
mov edx, esi
test dl, cl
je short loc_fffc69be  ; je 0xfffc69be
lea edx, [eax + 0x36]
jmp short loc_fffc69d1  ; jmp 0xfffc69d1

loc_fffc69be:  ; not directly referenced
cmp byte [ebp - 0x78], 0x36
mov dl, byte [ebp - 0x6f]
setg cl
test byte [ebp - 0x4c], cl
je short loc_fffc69d1  ; je 0xfffc69d1
mov dl, 0x36
sub edx, eax

loc_fffc69d1:  ; not directly referenced
mov byte [ebp + ebx - 0x42], dl
jmp near loc_fffc6aca  ; jmp 0xfffc6aca

loc_fffc69da:  ; not directly referenced
cmp byte [ebp - 0x6d], 0xc
jne loc_fffc6aca  ; jne 0xfffc6aca
cmp dword [ebp - 0x8c], 1
mov ecx, dword [ebp - 0x50]
sbb eax, eax
mov dword [ebp - 0x78], eax
mov esi, dword [ecx + 0x11d]
mov eax, dword [ecx + 0x111]
mov cl, byte [ecx + 0xc4]
add byte [ebp - 0x78], 4
cmp byte [ebp - 0x80], 0
mov byte [ebp - 0x98], cl
jne short loc_fffc6a66  ; jne 0xfffc6a66
cmp eax, esi
cmovae eax, esi
xor ecx, ecx
mov esi, 1

loc_fffc6a21:  ; not directly referenced
mov edx, esi
shl edx, cl
test byte [ebp - 0x98], dl
je short loc_fffc6a3c  ; je 0xfffc6a3c
mov edx, dword [ebp - 0x50]
mov dl, byte [edx + ecx + 0x245]
cmp al, dl
cmova eax, edx

loc_fffc6a3c:  ; not directly referenced
inc ecx
cmp byte [ebp - 0x78], cl
ja short loc_fffc6a21  ; ja 0xfffc6a21
cmp dword [ebp - 0x8c], 0
je short loc_fffc6abb  ; je 0xfffc6abb
mov esi, dword [ebp - 0x50]
mov edx, dword [esi + 0x109]
cmp al, dl
cmovae eax, edx
mov edx, dword [esi + 0x115]
cmp al, dl
cmovae eax, edx
jmp short loc_fffc6abb  ; jmp 0xfffc6abb

loc_fffc6a66:  ; not directly referenced
cmp eax, esi
mov dl, al
cmovbe edx, esi
xor ecx, ecx
mov esi, 1

loc_fffc6a74:  ; not directly referenced
mov eax, esi
shl eax, cl
test byte [ebp - 0x98], al
je short loc_fffc6a8f  ; je 0xfffc6a8f
mov eax, dword [ebp - 0x50]
mov al, byte [eax + ecx + 0x245]
cmp dl, al
cmovb edx, eax

loc_fffc6a8f:  ; not directly referenced
inc ecx
cmp byte [ebp - 0x78], cl
ja short loc_fffc6a74  ; ja 0xfffc6a74
cmp dword [ebp - 0x8c], 0
je short loc_fffc6ab7  ; je 0xfffc6ab7
mov esi, dword [ebp - 0x50]
mov eax, dword [esi + 0x109]
cmp dl, al
cmovbe edx, eax
mov eax, dword [esi + 0x115]
cmp dl, al
cmovbe edx, eax

loc_fffc6ab7:  ; not directly referenced
mov al, 0x7f
sub eax, edx

loc_fffc6abb:  ; not directly referenced
movzx esi, byte [ebp - 0x6f]
mov ecx, esi
cmp al, cl
cmova eax, esi
mov byte [ebp + ebx - 0x42], al

loc_fffc6aca:  ; not directly referenced
mov esi, dword [ebp - 0x60]
mov ecx, 0xa
xor edx, edx
mov eax, dword [esi]
div ecx
mov dword [esi], eax
movzx edx, byte [ebp + ebx - 0x42]
cmp eax, edx
jbe short loc_fffc6ae5  ; jbe 0xfffc6ae5
mov dword [esi], edx

loc_fffc6ae5:  ; not directly referenced
cmp dword [ebp - 0x74], 0
je short loc_fffc6b08  ; je 0xfffc6b08
mov eax, dword [ebp - 0x60]
mov esi, dword [ebp - 0x54]
mov edx, dword [eax]
imul eax, dword [ebp - 0x64], 0x24
add eax, dword [ebp - 0xcc]
add eax, dword [ebp - 0x4c]
cmp dword [esi + eax*4], edx
jbe short loc_fffc6b08  ; jbe 0xfffc6b08
mov dword [esi + eax*4], edx

loc_fffc6b08:  ; not directly referenced
mov eax, dword [ebp - 0x60]
mov edx, ebx
xor ecx, ecx
shl edx, 0xa
add edx, 0x40f0
mov eax, dword [eax]
mov byte [ebp + ebx - 0x3a], al
mov byte [ebp + ebx - 0x3c], al
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381

loc_fffc6b29:  ; not directly referenced
inc ebx
add dword [ebp - 0x60], 0x48
add dword [ebp - 0x50], 0x13c3
cmp ebx, 2
jne loc_fffc68c4  ; jne 0xfffc68c4
cmp dword [ebp - 0x74], 0
jne short loc_fffc6b56  ; jne 0xfffc6b56

loc_fffc6b44:  ; not directly referenced
mov eax, dword [ebp - 0x4c]
lea eax, [eax + eax - 1]
mov dword [ebp - 0xd8], eax
jmp near loc_fffc6d0f  ; jmp 0xfffc6d0f

loc_fffc6b56:  ; not directly referenced
test byte [ebp - 0x70], 1
je short loc_fffc6b87  ; je 0xfffc6b87
movzx eax, byte [ebp - 0x58]
imul edx, dword [ebp - 0x64], 0x24
mov esi, dword [ebp - 0x54]
mov ebx, dword [ebp - 0x94]
imul eax, eax, 0x12
mov ecx, dword [ebp - 0x7c]
add eax, edx
add eax, dword [ebp - 0x4c]
mov edx, dword [esi + eax*4]
mov dword [ebx + ecx], edx
mov eax, dword [esi + eax*4]
mov byte [ebp - 0x3a], al
mov byte [ebp - 0x3c], al

loc_fffc6b87:  ; not directly referenced
cmp dword [ebp - 0xa0], 0
je short loc_fffc6b44  ; je 0xfffc6b44
movzx eax, byte [ebp - 0x58]
imul edx, dword [ebp - 0x64], 0x24
mov esi, dword [ebp - 0x54]
mov ebx, dword [ebp - 0x94]
imul eax, eax, 0x12
mov ecx, dword [ebp - 0x7c]
add eax, edx
add eax, dword [ebp - 0x4c]
mov edx, dword [esi + eax*4]
mov dword [ebx + ecx + 0x48], edx
mov eax, dword [esi + eax*4]
mov byte [ebp - 0x39], al
mov byte [ebp - 0x3b], al
jmp short loc_fffc6b44  ; jmp 0xfffc6b44

loc_fffc6bbe:  ; not directly referenced
cmp byte [ebp - 0x6d], 0xc
jne loc_fffc6e09  ; jne 0xfffc6e09
mov eax, dword [ebp - 0x60]
cmp byte [ebp - 0x6e], 0
mov al, byte [eax + 0xc4]
setne dl
cmp dword [ebp + 0x1c], 0
mov byte [ebp - 0x78], al
setne al
test dl, al
jne loc_fffc6d57  ; jne 0xfffc6d57

loc_fffc6bea:  ; not directly referenced
cmp dword [ebp - 0x88], 0
movzx ecx, byte [ebp - 0x78]
jne loc_fffc6df2  ; jne 0xfffc6df2
push esi
push 0
push dword [ebp - 0x50]
push 3
push ecx
push 0
push ebx
push edi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20

loc_fffc6c10:  ; not directly referenced
inc ebx
add dword [ebp - 0x60], 0x13c3
cmp ebx, 2
je loc_fffc6ca5  ; je 0xfffc6ca5

loc_fffc6c21:  ; not directly referenced
mov eax, dword [ebp - 0x6c]
bt eax, ebx
jae short loc_fffc6c10  ; jae 0xfffc6c10
imul eax, ebx, 0x48
mov ecx, dword [ebp - 0x90]
mov esi, dword [ebp - 0xd8]
imul esi, dword [ecx + eax]
cmp byte [ebp - 0x6d], 0xd
mov dword [ebp - 0x50], esi
jne loc_fffc6bbe  ; jne 0xfffc6bbe
cmp byte [ebp - 0x6e], 0
setne dl
cmp dword [ebp + 0x1c], 0
setne al
test dl, al
je short loc_fffc6c7b  ; je 0xfffc6c7b
push 0
push 0
push 0
push 0
push 0
push 0
push 2
push edi
call fcn_fffcce33  ; call 0xfffcce33
add esp, 0x14
push edi
call fcn_fffc9f5d  ; call 0xfffc9f5d
add esp, 0x10

loc_fffc6c7b:  ; not directly referenced
push 0
push 0
push 0
push 0
push dword [ebp - 0x50]
push 0
push 2
push edi
call fcn_fffcce33  ; call 0xfffcce33
add esp, 0x20
cmp dword [ebp + 0x1c], 0
jne short loc_fffc6ca5  ; jne 0xfffc6ca5
sub esp, 0xc
push edi
call fcn_fffc9f5d  ; call 0xfffc9f5d
add esp, 0x10

loc_fffc6ca5:  ; not directly referenced
push eax
xor eax, eax
movzx ecx, byte [edi + 0x248c]
cmp dword [ebp - 0x80], 0
mov edx, dword [ebp - 0x6c]
push 0
sete al
push eax
lea eax, [ebp - 0x24]
push eax
mov eax, edi
call fcn_fffaa5b3  ; call 0xfffaa5b3
add esp, 0x10
mov byte [ebp - 0x6e], al
movzx eax, al
or dword [ebp - 0xb0], eax
cmp byte [ebp - 0xb1], 0
jne loc_fffc6efb  ; jne 0xfffc6efb
movzx eax, byte [ebp - 0xa1]
dec eax
cmp dword [ebp - 0x80], eax
jae loc_fffc6efb  ; jae 0xfffc6efb
movzx eax, byte [ebp - 0x70]
cmp dword [ebp - 0xb0], eax
jne loc_fffc6efb  ; jne 0xfffc6efb

loc_fffc6d04:  ; not directly referenced
cmp word [ebp - 0x28], 0
jne loc_fffc72f4  ; jne 0xfffc72f4

loc_fffc6d0f:  ; not directly referenced
mov ecx, 4
mov edx, 0x4800
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
mov dword [ebp - 0xb0], 0
mov dword [ebp - 0x80], 0

loc_fffc6d31:  ; not directly referenced
movzx eax, byte [ebp - 0xa1]
cmp dword [ebp - 0x80], eax
jae short loc_fffc6d04  ; jae 0xfffc6d04
mov eax, dword [ebp - 0xa8]
xor ebx, ebx
mov dword [ebp - 0x98], 0
mov dword [ebp - 0x60], eax
jmp near loc_fffc6c21  ; jmp 0xfffc6c21

loc_fffc6d57:  ; not directly referenced
cmp dword [ebp - 0x98], 0
jne loc_fffc6bea  ; jne 0xfffc6bea
cmp dword [ebp - 0x8c], 0
jne short loc_fffc6d88  ; jne 0xfffc6d88

loc_fffc6d6d:  ; not directly referenced
sub esp, 0xc
push edi
call fcn_fffc9f5d  ; call 0xfffc9f5d
add esp, 0x10
mov dword [ebp - 0x98], 1
jmp near loc_fffc6bea  ; jmp 0xfffc6bea

loc_fffc6d88:  ; not directly referenced
movzx eax, byte [ebp - 0x6e]
xor esi, esi
mov dword [ebp - 0xcc], eax
movzx eax, byte [ebp - 0x78]
mov dword [ebp - 0x98], eax

loc_fffc6d9e:  ; not directly referenced
mov eax, dword [ebp - 0xcc]
bt eax, esi
jae short loc_fffc6de7  ; jae 0xfffc6de7
cmp dword [ebp - 0x88], 0
jne short loc_fffc6dcd  ; jne 0xfffc6dcd
push eax
push 0
push 0
push 3
push dword [ebp - 0x98]
push 0
push esi
push edi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20
jmp short loc_fffc6de7  ; jmp 0xfffc6de7

loc_fffc6dcd:  ; not directly referenced
push 0
mov ecx, dword [ebp - 0x98]
mov edx, ebx
push 0
mov eax, edi
push 0
push 0
call fcn_fffac68e  ; call 0xfffac68e
add esp, 0x10

loc_fffc6de7:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffc6d9e  ; jne 0xfffc6d9e
jmp near loc_fffc6d6d  ; jmp 0xfffc6d6d

loc_fffc6df2:  ; not directly referenced
push 0
mov edx, ebx
push 0
mov eax, edi
push dword [ebp - 0x50]
push 0
call fcn_fffac68e  ; call 0xfffac68e
jmp near loc_fffc6ea1  ; jmp 0xfffc6ea1

loc_fffc6e09:  ; not directly referenced
mov eax, dword [ebp - 0x6c]
lea ecx, [ebx + 1]
sar eax, cl
mov cl, byte [ebp - 0x6d]
mov dword [ebp - 0x78], eax
cmp cl, 5
sete al
test byte [ebp - 0xa2], al
jne short loc_fffc6e2f  ; jne 0xfffc6e2f
xor edx, edx
movzx esi, cl
jmp near loc_fffc6eee  ; jmp 0xfffc6eee

loc_fffc6e2f:  ; not directly referenced
imul edx, dword [ebp - 0xe0], 0x18
imul eax, dword [ebp - 0xac], 0x128
mov esi, dword [ebp - 0x60]
mov ecx, dword [ebp - 0x68]
add eax, edx
lea esi, [esi + eax + 0x1266]
mov ax, word [esi + 0xb]
push edx
push edx
mov edx, ebx
or eax, 0x10
movzx eax, ax
push eax
mov eax, edi
push 3
call fcn_fffa96cb  ; call 0xfffa96cb
push dword [ebp - 0x78]
push 1
push 0xff
push dword [ebp - 0x68]
push dword [ebp - 0x50]
push 0
push ebx
push edi
call fcn_fffcce33  ; call 0xfffcce33
mov ax, word [esi + 0xb]
add esp, 0x28
mov ecx, dword [ebp - 0x68]
mov edx, ebx
and eax, 0xffef
push eax
mov eax, edi
push 3
call fcn_fffa96cb  ; call 0xfffa96cb
mov dword [ebp - 0x84], eax

loc_fffc6ea1:  ; not directly referenced
add esp, 0x10
jmp near loc_fffc6c10  ; jmp 0xfffc6c10

loc_fffc6ea9:  ; not directly referenced
push 1
movzx eax, dl
push dword [ebp - 0x78]
mov dword [ebp - 0xcc], edx
push 0
push 0
push eax
push 0xff
push ebx
push 0
push dword [ebp - 0x80]
push dword [ebp - 0x50]
push esi
push edi
call fcn_fffcd268  ; call 0xfffcd268
add esp, 0x30
cmp dword [ebp - 0x9c], 0
mov dword [ebp - 0x84], eax
jne loc_fffc6c10  ; jne 0xfffc6c10
mov edx, dword [ebp - 0xcc]
inc edx

loc_fffc6eee:  ; not directly referenced
cmp dl, byte [edi + 0x2489]
jb short loc_fffc6ea9  ; jb 0xfffc6ea9
jmp near loc_fffc6c10  ; jmp 0xfffc6c10

loc_fffc6efb:  ; not directly referenced
mov eax, dword [ebp - 0x90]
xor ebx, ebx
mov dword [ebp - 0x98], eax
jmp short loc_fffc6f23  ; jmp 0xfffc6f23

loc_fffc6f0b:  ; not directly referenced
cmp byte [ebp + ebx - 0x40], 1
jne short loc_fffc6f2d  ; jne 0xfffc6f2d

loc_fffc6f12:  ; not directly referenced
inc ebx
add dword [ebp - 0x98], 0x48
cmp ebx, 2
je loc_fffc7212  ; je 0xfffc7212

loc_fffc6f23:  ; not directly referenced
cmp word [ebp + ebx*2 - 0x28], 1
mov al, bl
je short loc_fffc6f0b  ; je 0xfffc6f0b

loc_fffc6f2d:  ; not directly referenced
mov esi, dword [ebp - 0x6c]
bt esi, ebx
jae short loc_fffc6f12  ; jae 0xfffc6f12
xor esi, esi
mov edx, ebx
cmp dword [ebp - 0x74], 0
cmove esi, eax
mov eax, esi
shl edx, 0xa
add edx, 0x4114
mov byte [ebp - 0x58], al
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov esi, dword [ebp - 0x98]
mov dl, byte [ebp + ebx - 0x3e]
mov esi, dword [esi]
mov ecx, esi
sub ecx, edx
and eax, 0x7fffff
mov dword [ebp - 0x78], eax
movzx eax, byte [ebp - 0x58]
mov dword [ebp - 0x50], esi
mov byte [ebp - 0x60], cl
jne loc_fffc7028  ; jne 0xfffc7028
mov cl, byte [ebp - 0x50]
cmp cl, byte [ebp + eax - 0x3c]
jne short loc_fffc6fe9  ; jne 0xfffc6fe9
cmp byte [ebp - 0x60], 0
jns short loc_fffc6fae  ; jns 0xfffc6fae
cmp byte [ebp + eax - 0x3a], cl
jne short loc_fffc6f9e  ; jne 0xfffc6f9e

loc_fffc6f92:  ; not directly referenced
mov al, byte [ebp - 0x50]
mov byte [ebp + ebx - 0x3e], al
jmp near loc_fffc7176  ; jmp 0xfffc7176

loc_fffc6f9e:  ; not directly referenced
mov dword [ebp - 0x2c], 1

loc_fffc6fa5:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
test eax, eax
jne short loc_fffc6fa5  ; jne 0xfffc6fa5
jmp short loc_fffc6f92  ; jmp 0xfffc6f92

loc_fffc6fae:  ; not directly referenced
cmp byte [ebp - 0x60], 1
jne short loc_fffc6fca  ; jne 0xfffc6fca
mov eax, dword [ebp + ebx*4 - 0x20]
shr eax, 8
xor ah, ah
mov dword [ebp + ebx*4 - 0x20], eax
mov al, byte [ebp - 0x50]
mov byte [ebx + ebp - 0x3e], al
jmp short loc_fffc7010  ; jmp 0xfffc7010

loc_fffc6fca:  ; not directly referenced
xor eax, eax
cmp byte [ebp - 0x60], 2
je loc_fffc707a  ; je 0xfffc707a
mov dword [ebp - 0x30], 1

loc_fffc6fdd:  ; not directly referenced
mov eax, dword [ebp - 0x30]
test eax, eax
jne short loc_fffc6fdd  ; jne 0xfffc6fdd
jmp near loc_fffc7176  ; jmp 0xfffc7176

loc_fffc6fe9:  ; not directly referenced
mov cl, byte [ebp - 0x50]
cmp cl, byte [ebp + eax - 0x3a]
jne loc_fffc7168  ; jne 0xfffc7168
cmp word [ebp + ebx*2 - 0x28], 1
je loc_fffc6f12  ; je 0xfffc6f12
cmp byte [ebp - 0x60], 0xff
jne short loc_fffc701c  ; jne 0xfffc701c
and dword [ebp + ebx*4 - 0x20], 0xffffff00

loc_fffc7010:  ; not directly referenced
mov word [ebp + ebx*2 - 0x28], 1
jmp near loc_fffc7176  ; jmp 0xfffc7176

loc_fffc701c:  ; not directly referenced
mov al, byte [ebp - 0x50]
mov byte [ebx + ebp - 0x3e], al
jmp near loc_fffc715f  ; jmp 0xfffc715f

loc_fffc7028:  ; not directly referenced
mov cl, byte [ebp + eax - 0x3c]
mov byte [ebp - 0xcc], cl
cmp byte [ebp - 0x50], cl
jne short loc_fffc709c  ; jne 0xfffc709c
cmp byte [ebp - 0x60], 2
jle short loc_fffc7050  ; jle 0xfffc7050
mov dword [ebp - 0x34], 1

loc_fffc7044:  ; not directly referenced
mov eax, dword [ebp - 0x34]
test eax, eax
jne short loc_fffc7044  ; jne 0xfffc7044
jmp near loc_fffc7176  ; jmp 0xfffc7176

loc_fffc7050:  ; not directly referenced
mov eax, dword [ebp - 0x78]
je short loc_fffc707a  ; je 0xfffc707a
call fcn_fffb392f  ; call 0xfffb392f
mov edx, dword [ebp + ebx*4 - 0x20]
mov byte [ebp + ebx - 0x40], 0
and edx, 0xff00ffff
movzx eax, al
shl eax, 0x10
or eax, edx
mov dword [ebp + ebx*4 - 0x20], eax
jmp near loc_fffc7176  ; jmp 0xfffc7176

loc_fffc707a:  ; not directly referenced
call fcn_fffb392f  ; call 0xfffb392f
mov edx, dword [ebp + ebx*4 - 0x20]
mov byte [ebp + ebx - 0x40], 1
and edx, 0xffffff
shl eax, 0x18
or eax, edx
mov dword [ebp + ebx*4 - 0x20], eax
jmp near loc_fffc7176  ; jmp 0xfffc7176

loc_fffc709c:  ; not directly referenced
mov cl, byte [ebp - 0x50]
cmp cl, byte [ebp + eax - 0x3a]
jne loc_fffc7168  ; jne 0xfffc7168
inc dl
je short loc_fffc7126  ; je 0xfffc7126
cmp byte [ebp - 0x60], 0
jg short loc_fffc7126  ; jg 0xfffc7126
movsx eax, byte [ebp - 0x60]
mov esi, eax
mov eax, dword [ebp - 0x78]
call fcn_fffb392f  ; call 0xfffb392f
mov ecx, dword [ebp + ebx*4 - 0x20]
mov edx, 1
sub edx, esi
shl edx, 3
mov dword [ebp - 0xd4], ecx
lea ecx, [edx + 0x1f]
mov dword [ebp - 0xd0], eax
mov eax, esi
xor esi, esi
cmp cl, 0x3e
ja short loc_fffc7118  ; ja 0xfffc7118
mov esi, eax
mov eax, 0xff
lea ecx, [esi*8 + 8]
movzx esi, byte [ebp - 0xd0]
shl eax, cl
not eax
and eax, dword [ebp - 0xd4]
shl esi, cl
mov cl, dl
or esi, eax
test dl, dl
jle short loc_fffc7114  ; jle 0xfffc7114
shl esi, cl
jmp short loc_fffc7118  ; jmp 0xfffc7118

loc_fffc7114:  ; not directly referenced
neg ecx
shr esi, cl

loc_fffc7118:  ; not directly referenced
mov al, byte [ebp - 0x50]
mov dword [ebp + ebx*4 - 0x20], esi
dec eax
mov byte [ebp + ebx - 0x3e], al
jmp short loc_fffc7149  ; jmp 0xfffc7149

loc_fffc7126:  ; not directly referenced
mov eax, dword [ebp - 0x78]
mov esi, dword [ebp + ebx*4 - 0x20]
call fcn_fffb392f  ; call 0xfffb392f
movzx edx, si
and esi, 0xff0000
shr esi, 8
add esi, eax
shl esi, 0x10
or esi, edx
mov dword [ebp + ebx*4 - 0x20], esi

loc_fffc7149:  ; not directly referenced
mov al, byte [ebp - 0xcc]
cmp byte [ebp - 0x50], al
jae short loc_fffc7159  ; jae 0xfffc7159
mov byte [ebp + ebx - 0x40], 1

loc_fffc7159:  ; not directly referenced
cmp byte [ebp - 0x60], 0
jg short loc_fffc7176  ; jg 0xfffc7176

loc_fffc715f:  ; not directly referenced
mov word [ebp + ebx*2 - 0x28], 0
jmp short loc_fffc7176  ; jmp 0xfffc7176

loc_fffc7168:  ; not directly referenced
mov dword [ebp - 0x38], 1

loc_fffc716f:  ; not directly referenced
mov eax, dword [ebp - 0x38]
test eax, eax
jne short loc_fffc716f  ; jne 0xfffc716f

loc_fffc7176:  ; not directly referenced
mov al, byte [ebp + ebx - 0x42]
cmp byte [ebp - 0x50], al
jne short loc_fffc7184  ; jne 0xfffc7184
mov byte [ebp + ebx - 0x40], 1

loc_fffc7184:  ; not directly referenced
cmp dword [ebp - 0x78], 0
jne short loc_fffc719f  ; jne 0xfffc719f
cmp al, byte [ebp + ebx - 0x3e]
jne short loc_fffc719f  ; jne 0xfffc719f
cmp word [ebp + ebx*2 - 0x28], 1
jne short loc_fffc719f  ; jne 0xfffc719f
mov word [ebp + ebx*4 - 0x1e], 0xfffe

loc_fffc719f:  ; not directly referenced
cmp byte [ebp - 0x50], 0
jne short loc_fffc71c3  ; jne 0xfffc71c3
cmp dword [ebp - 0x78], 0
mov word [ebp + ebx*2 - 0x28], 1
je short loc_fffc71c3  ; je 0xfffc71c3
mov byte [ebp + ebx - 0x40], 1
mov byte [ebp + ebx - 0x3e], 0
mov word [ebp + ebx*4 - 0x1e], 0x707

loc_fffc71c3:  ; not directly referenced
cmp dword [ebp - 0x74], 0
jne loc_fffc6f12  ; jne 0xfffc6f12
cmp word [ebp + ebx*2 - 0x28], 1
jne short loc_fffc71f9  ; jne 0xfffc71f9
cmp byte [ebp + ebx - 0x40], 1
je loc_fffc6f12  ; je 0xfffc6f12
mov al, byte [ebp + ebx - 0x3c]
mov esi, dword [ebp - 0x98]
inc eax
mov byte [ebp + ebx - 0x3c], al
movzx eax, al
mov dword [esi], eax
jmp near loc_fffc6f12  ; jmp 0xfffc6f12

loc_fffc71f9:  ; not directly referenced
mov al, byte [ebp + ebx - 0x3a]
mov ecx, dword [ebp - 0x98]
dec eax
mov byte [ebp + ebx - 0x3a], al
movzx eax, al
mov dword [ecx], eax
jmp near loc_fffc6f12  ; jmp 0xfffc6f12

loc_fffc7212:  ; not directly referenced
cmp dword [ebp - 0x74], 0
je loc_fffc72ec  ; je 0xfffc72ec
cmp word [ebp - 0x28], 1
jne loc_fffc72d8  ; jne 0xfffc72d8
cmp word [ebp - 0x26], 1
jne loc_fffc72d8  ; jne 0xfffc72d8
cmp byte [ebp - 0x40], 1
jne short loc_fffc7242  ; jne 0xfffc7242
cmp byte [ebp - 0x3f], 1
je loc_fffc72ec  ; je 0xfffc72ec

loc_fffc7242:  ; not directly referenced
movzx eax, byte [ebp - 0x58]
mov bl, byte [ebp + eax - 0x3c]
lea edx, [ebx + 1]
mov byte [ebp + eax - 0x3c], dl

loc_fffc7251:  ; not directly referenced
imul ecx, dword [ebp - 0x64], 0x24
movzx edx, dl
imul eax, eax, 0x12
mov ebx, dword [ebp - 0x54]
add eax, ecx
add eax, dword [ebp - 0x4c]
mov dword [ebx + eax*4], edx
test byte [ebp - 0x70], 1
je short loc_fffc729c  ; je 0xfffc729c
movzx eax, byte [ebp - 0x58]
imul ecx, dword [ebp - 0x64], 0x24
mov ebx, dword [ebp - 0x54]
mov esi, dword [ebp - 0x7c]
imul edx, eax, 0x12
add edx, ecx
add edx, dword [ebp - 0x4c]
mov edx, dword [ebx + edx*4]
mov ebx, dword [ebp - 0x94]
mov dword [ebx + esi], edx
mov dl, byte [ebp + eax - 0x3a]
mov al, byte [ebp + eax - 0x3c]
mov byte [ebp - 0x3a], dl
mov byte [ebp - 0x3c], al

loc_fffc729c:  ; not directly referenced
cmp dword [ebp - 0xa0], 0
je short loc_fffc72ec  ; je 0xfffc72ec
movzx eax, byte [ebp - 0x58]
imul ecx, dword [ebp - 0x64], 0x24
mov ebx, dword [ebp - 0x94]
mov esi, dword [ebp - 0x7c]
imul edx, eax, 0x12
add edx, ecx
mov ecx, dword [ebp - 0x54]
add edx, dword [ebp - 0x4c]
mov edx, dword [ecx + edx*4]
mov dword [ebx + esi + 0x48], edx
mov dl, byte [ebp + eax - 0x3a]
mov al, byte [ebp + eax - 0x3c]
mov byte [ebp - 0x39], dl
mov byte [ebp - 0x3b], al
jmp short loc_fffc72ec  ; jmp 0xfffc72ec

loc_fffc72d8:  ; not directly referenced
movzx eax, byte [ebp - 0x58]
mov bl, byte [ebp + eax - 0x3a]
lea edx, [ebx - 1]
mov byte [ebp + eax - 0x3a], dl
jmp near loc_fffc7251  ; jmp 0xfffc7251

loc_fffc72ec:  ; not directly referenced
inc dword [ebp - 0x80]
jmp near loc_fffc6d31  ; jmp 0xfffc6d31

loc_fffc72f4:  ; not directly referenced
cmp byte [ebp - 0x40], 0
je loc_fffc6d0f  ; je 0xfffc6d0f
cmp word [ebp - 0x26], 0
je loc_fffc6d0f  ; je 0xfffc6d0f
cmp byte [ebp - 0x3f], 0
je loc_fffc6d0f  ; je 0xfffc6d0f
xor ebx, ebx

loc_fffc7315:  ; not directly referenced
mov eax, dword [ebp - 0x6c]
bt eax, ebx
jae short loc_fffc736a  ; jae 0xfffc736a
cmp byte [ebp - 0xb1], 0
je short loc_fffc7356  ; je 0xfffc7356
mov edx, dword [ebp + ebx*4 - 0x20]
sub esp, 0xc
movzx eax, byte [ebp + ebx - 0x3e]
push dword [ebp + 0x18]
mov ecx, edx
shr edx, 0x10
shr ecx, 0x18
movzx edx, dl
call fcn_fffac986  ; call 0xfffac986
imul edx, ebx, 0x48
mov ecx, dword [ebp - 0x90]
add esp, 0x10
mov dword [ecx + edx], eax
jmp short loc_fffc736a  ; jmp 0xfffc736a

loc_fffc7356:  ; not directly referenced
movzx edx, byte [ebp + ebx - 0x3e]
imul eax, ebx, 0x48
mov esi, dword [ebp - 0x90]
imul edx, edx, 0xa
mov dword [esi + eax], edx

loc_fffc736a:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffc7315  ; jne 0xfffc7315
inc dword [ebp - 0x4c]
add dword [ebp - 0x7c], 4
cmp dword [ebp - 0x4c], 2
jne loc_fffc6852  ; jne 0xfffc6852
cmp byte [ebp - 0x5c], 0xd
jne short loc_fffc73a3  ; jne 0xfffc73a3
push 0
push 0
push 0
push 0
push 0
push 0
push 2
push edi
call fcn_fffcce33  ; call 0xfffcce33
add esp, 0x20
jmp near loc_fffc74e1  ; jmp 0xfffc74e1

loc_fffc73a3:  ; not directly referenced
cmp byte [ebp - 0x5c], 0xc
jne short loc_fffc73f7  ; jne 0xfffc73f7
xor ebx, ebx

loc_fffc73ab:  ; not directly referenced
imul eax, ebx, 0x13c3
cmp dword [ebp - 0x88], 0
movzx ecx, byte [edi + eax + 0x381b]
jne short loc_fffc73d8  ; jne 0xfffc73d8
push esi
push 0
push 0
push 3
push ecx
push 0
push ebx
push edi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20
jmp short loc_fffc73ec  ; jmp 0xfffc73ec

loc_fffc73d8:  ; not directly referenced
push 0
mov edx, ebx
push 0
mov eax, edi
push 0
push 0
call fcn_fffac68e  ; call 0xfffac68e
add esp, 0x10

loc_fffc73ec:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffc73ab  ; jne 0xfffc73ab
jmp near loc_fffc74e1  ; jmp 0xfffc74e1

loc_fffc73f7:  ; not directly referenced
cmp byte [ebp - 0x5c], 5
sete al
test byte [ebp - 0xa2], al
je loc_fffc74b9  ; je 0xfffc74b9
mov edx, dword [ebp - 0xc8]
xor ebx, ebx
mov eax, dword [ebp - 0xa8]
and edx, 1
mov dword [ebp - 0x4c], eax
imul edx, edx, 0x18
imul eax, dword [ebp - 0xac], 0x128
add eax, edx
mov dword [ebp - 0x58], eax

loc_fffc7430:  ; not directly referenced
mov esi, dword [ebp - 0x6c]
lea eax, [ebx + 1]
mov cl, al
mov edx, dword [ebp - 0x58]
mov dword [ebp - 0x50], eax
sar esi, cl
mov ecx, dword [ebp - 0x4c]
mov dword [ebp - 0x54], esi
lea esi, [ecx + edx + 0x1266]
mov ecx, dword [ebp - 0x68]
mov ax, word [esi + 0xb]
push edx
push edx
mov edx, ebx
or eax, 0x10
movzx eax, ax
push eax
mov eax, edi
push 3
call fcn_fffa96cb  ; call 0xfffa96cb
push dword [ebp - 0x54]
push 1
push 0xff
push dword [ebp - 0x68]
push 0
push 0
push ebx
push edi
call fcn_fffcce33  ; call 0xfffcce33
mov ax, word [esi + 0xb]
add esp, 0x28
mov ecx, dword [ebp - 0x68]
mov edx, ebx
and eax, 0xffef
push eax
mov eax, edi
push 3
call fcn_fffa96cb  ; call 0xfffa96cb
mov ebx, dword [ebp - 0x50]
add esp, 0x10
add dword [ebp - 0x4c], 0x13c3
mov dword [ebp - 0x84], eax
cmp ebx, 2
jne loc_fffc7430  ; jne 0xfffc7430
jmp short loc_fffc74e1  ; jmp 0xfffc74e1

loc_fffc74b9:  ; not directly referenced
push 2
movzx eax, byte [ebp - 0x5c]
push 0
push 0
push 0
push 0
push 0
push 0
push 1
push 0
push 0
push eax
push edi
call fcn_fffcd268  ; call 0xfffcd268
add esp, 0x30
mov dword [ebp - 0x84], eax

loc_fffc74e1:  ; not directly referenced
mov eax, edi
xor ecx, ecx
mov edx, 0x4cf0
call fcn_fffb38b3  ; call 0xfffb38b3
mov eax, dword [ebp - 0x84]

loc_fffc74f5:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc74fd:  ; not directly referenced
push ebp
mov eax, 0x80000002
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x1c
mov ebx, dword [ebp + 0x20]
mov ecx, dword [ebp + 0x10]
mov esi, dword [ebp + 0x14]
mov edi, dword [ebp + 0x18]
test ebx, ebx
je loc_fffc75d3  ; je 0xfffc75d3
cmp ecx, 0xb
ja loc_fffc75d3  ; ja 0xfffc75d3
push eax
mov edx, ecx
push dword [ebp + 0x1c]
mov eax, 1
mov dword [ebp - 0x1c], ecx
push edi
push esi
call fcn_fffb05d3  ; call 0xfffb05d3
add esp, 0x10
mov ecx, dword [ebp - 0x1c]
test eax, eax
js loc_fffc75d3  ; js 0xfffc75d3
mov al, byte [ecx + ref_fffd6138]  ; mov al, byte [ecx - 0x29ec8]
mov dword [ebp - 0x24], 0
mov byte [ebp - 0x1e], al
mov eax, ecx
and eax, 3
mov dword [ebp - 0x1c], eax
movzx eax, byte [eax + ref_fffd6144]  ; movzx eax, byte [eax - 0x29ebc]
dec eax
test ebx, eax
movzx eax, byte [ecx + ref_fffd6144]  ; movzx eax, byte [ecx - 0x29ebc]
sete byte [ebp - 0x1d]
mov dword [ebp - 0x28], eax

loc_fffc757b:  ; not directly referenced
cmp dword [ebp + 0x1c], 0
je short loc_fffc75d1  ; je 0xfffc75d1
cmp dword [ebp - 0x1c], 0
jne short loc_fffc758d  ; jne 0xfffc758d
mov dl, byte [ebx]
mov byte [esi], dl
jmp short loc_fffc75c0  ; jmp 0xfffc75c0

loc_fffc758d:  ; not directly referenced
cmp dword [ebp - 0x1c], 1
jne short loc_fffc75a1  ; jne 0xfffc75a1
movzx eax, word [ebx]
push edx
push edx
push eax
push esi
call fcn_fffb3fa0  ; call 0xfffb3fa0
jmp short loc_fffc75b1  ; jmp 0xfffc75b1

loc_fffc75a1:  ; not directly referenced
cmp dword [ebp - 0x1c], 2
jne short loc_fffc75b6  ; jne 0xfffc75b6
push eax
push eax
push dword [ebx]
push esi
call fcn_fffb3ffa  ; call 0xfffb3ffa

loc_fffc75b1:  ; not directly referenced
add esp, 0x10
jmp short loc_fffc75c0  ; jmp 0xfffc75c0

loc_fffc75b6:  ; not directly referenced
mov eax, dword [ebx]
mov edx, dword [ebx + 4]
mov dword [esi], eax
mov dword [esi + 4], edx

loc_fffc75c0:  ; not directly referenced
movzx eax, byte [ebp - 0x1e]
add esi, dword [ebp - 0x28]
adc edi, dword [ebp - 0x24]
dec dword [ebp + 0x1c]
add ebx, eax
jmp short loc_fffc757b  ; jmp 0xfffc757b

loc_fffc75d1:  ; not directly referenced
xor eax, eax

loc_fffc75d3:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc75db:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
push ebx
mov ebx, ref_fffd5904  ; mov ebx, 0xfffd5904
sub esp, 0x2c
mov eax, dword [ebp + 8]
mov dword [ebp - 0x28], ecx
mov byte [ebp - 0x21], cl
mov dword [ebp - 0x2c], edx
mov esi, dword [eax]
mov eax, dword [edi + 0x188b]
mov dword [ebp - 0x1c], eax

loc_fffc7602:  ; not directly referenced
mov al, byte [ebx + 4]
and eax, 1
cmp eax, dword [ebp - 0x2c]
jne short loc_fffc765b  ; jne 0xfffc765b
movzx eax, word [ebx]
mov dword [ebp - 0x20], eax
sub dword [ebp - 0x20], esi

loc_fffc7616:  ; not directly referenced
mov eax, dword [ebp - 0x20]
lea edx, [esi + eax]
movzx eax, word [ebx + 2]
cmp edx, eax
ja short loc_fffc765b  ; ja 0xfffc765b
cmp dword [ebp - 0x1c], 0
jne short loc_fffc7630  ; jne 0xfffc7630
test byte [ebx + 4], 2
jmp short loc_fffc763a  ; jmp 0xfffc763a

loc_fffc7630:  ; not directly referenced
cmp dword [ebp - 0x1c], 1
jne short loc_fffc7656  ; jne 0xfffc7656
test byte [ebx + 4], 4

loc_fffc763a:  ; not directly referenced
je short loc_fffc7656  ; je 0xfffc7656
cmp byte [ebp - 0x21], 1
jne short loc_fffc764d  ; jne 0xfffc764d
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov dword [esi], eax
jmp short loc_fffc7656  ; jmp 0xfffc7656

loc_fffc764d:  ; not directly referenced
mov ecx, dword [esi]
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381

loc_fffc7656:  ; not directly referenced
add esi, 4
jmp short loc_fffc7616  ; jmp 0xfffc7616

loc_fffc765b:  ; not directly referenced
add ebx, 5
cmp ebx, ref_fffd6138  ; cmp ebx, 0xfffd6138
jne short loc_fffc7602  ; jne 0xfffc7602
mov eax, dword [ebp + 8]
cmp byte [ebp - 0x28], 0
mov dword [eax], esi
jne short loc_fffc768e  ; jne 0xfffc768e
mov edx, 0x5f09
mov eax, edi
mov ecx, 1
call fcn_fffb335b  ; call 0xfffb335b
mov edx, 0x96
mov eax, edi
call fcn_fffa82f9  ; call 0xfffa82f9

loc_fffc768e:  ; not directly referenced
add esp, 0x2c
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc7698:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 8]
mov ecx, dword [eax + 0x5edd]
lea edx, [ecx + 0x1b8]
xor ecx, ecx
mov dword [ebp + 8], edx
mov edx, 1
pop ebp
jmp near fcn_fffc75db  ; jmp 0xfffc75db

fcn_fffc76ba:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 8]
mov edx, dword [eax + 0x5edd]
lea ecx, [eax + 0x1c]
mov byte [eax + 0x247d], 1
add edx, 0x1b8
mov dword [edx], ecx
xor ecx, ecx
mov dword [ebp + 8], edx
xor edx, edx
pop ebp
jmp near fcn_fffc75db  ; jmp 0xfffc75db

fcn_fffc76e5:  ; not directly referenced
push ebp
mov ebp, esp
sub esp, 8
mov eax, dword [ebp + 8]
mov edx, dword [eax + 0x5edd]
cmp byte [edx + 0x1c4], 1
jne short loc_fffc7709  ; jne 0xfffc7709
sub esp, 0xc
push eax
call fcn_fffc76ba  ; call 0xfffc76ba
add esp, 0x10

loc_fffc7709:  ; not directly referenced
xor eax, eax
leave
ret

fcn_fffc770d:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 8]
mov ecx, dword [eax + 0x5edd]
lea edx, [ecx + 0x1b8]
mov ecx, 1
mov dword [ebp + 8], edx
mov edx, 1
pop ebp
jmp near fcn_fffc75db  ; jmp 0xfffc75db

fcn_fffc7732:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 8]
mov edx, dword [eax + 0x5edd]
lea ecx, [eax + 0x1c]
mov dword [edx + 0x1b8], ecx
add edx, 0x1b8
mov ecx, 1
mov dword [ebp + 8], edx
xor edx, edx
pop ebp
jmp near fcn_fffc75db  ; jmp 0xfffc75db

fcn_fffc775d:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2cc
mov edi, dword [ebp + 8]
mov dword [ebp - 0x268], 1
mov eax, dword [edi + 0x5edd]
mov edx, dword [edi + 0x2481]
mov ecx, dword [edi + 0x1883]
mov dword [ebp - 0x260], eax
mov eax, dword [edi + 0x2444]
cmp edx, 3
mov dword [ebp - 0x28c], ecx
mov dword [ebp - 0x2a4], eax
sete al
movzx ebx, al
mov dword [ebp - 0x288], ebx
mov ebx, dword [edi + 0x1887]
mov esi, ebx
mov dword [ebp - 0x2b0], ebx
mov ebx, dword [edi + 0x188b]
mov dword [ebp - 0x290], ebx
xor ebx, ebx
cmp edx, 2
sete bl
cmp esi, 0x306d0
mov dword [ebp - 0x2b4], ebx
sete bl
cmp ecx, 3
setbe dl
mov byte [ebp - 0x27b], bl
test bl, dl
jne short loc_fffc780c  ; jne 0xfffc780c
test ecx, ecx
sete dl
xor ebx, ebx
cmp esi, 0x40670
sete bl
mov dword [ebp - 0x268], ebx
and dword [ebp - 0x268], edx

loc_fffc780c:  ; not directly referenced
and al, byte [ebp - 0x27b]
cmp dword [ebp - 0x290], 1
movzx eax, al
mov dword [ebp - 0x2b8], eax
mov eax, dword [ebp - 0x260]
movzx eax, byte [eax + 0x1c5]
mov dword [ebp - 0x298], eax
movzx eax, byte [edi + 0x1965]
mov dword [ebp - 0x284], eax
jne short loc_fffc7889  ; jne 0xfffc7889
cmp dword [ebp - 0x28c], 4
mov byte [ebp - 0x27a], 0x10
mov byte [ebp - 0x280], 0xf0
setbe al
test byte [ebp - 0x27b], al
mov byte [ebp - 0x279], 4
je short loc_fffc789e  ; je 0xfffc789e
cmp dword [edi + 0x36d8], 0x640
mov eax, 0
cmovbe eax, dword [ebp - 0x284]
mov dword [ebp - 0x284], eax
jmp short loc_fffc789e  ; jmp 0xfffc789e

loc_fffc7889:  ; not directly referenced
mov byte [ebp - 0x27a], 8
mov byte [ebp - 0x280], 0xf8
mov byte [ebp - 0x279], 1

loc_fffc789e:  ; not directly referenced
mov ebx, dword [ebp - 0x260]
lea eax, [edi + 0x3757]
xor esi, esi
mov dword [ebp - 0x264], eax
mov dword [ebp - 0x25c], eax
add ebx, 0x1c
mov dword [ebp - 0x2a8], ebx
mov dword [ebp - 0x270], ebx

loc_fffc78c7:  ; not directly referenced
mov eax, dword [ebp - 0x25c]
mov byte [ebp + esi - 0x252], 0
cmp dword [eax], 2
je short loc_fffc78f9  ; je 0xfffc78f9

loc_fffc78da:  ; not directly referenced
inc esi
add dword [ebp - 0x25c], 0x13c3
add dword [ebp - 0x270], 0xcc
cmp esi, 2
jne short loc_fffc78c7  ; jne 0xfffc78c7
jmp near loc_fffc798a  ; jmp 0xfffc798a

loc_fffc78f9:  ; not directly referenced
mov eax, dword [ebp - 0x25c]
xor ecx, ecx
mov edx, 1
mov al, byte [eax + 0xc4]

loc_fffc790c:  ; not directly referenced
mov ebx, edx
shl ebx, cl
test al, bl
je short loc_fffc791b  ; je 0xfffc791b
mov byte [ebp + esi - 0x252], cl

loc_fffc791b:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffc790c  ; jne 0xfffc790c
mov byte [ebp - 0x26c], 0

loc_fffc7928:  ; not directly referenced
mov al, byte [ebp - 0x26c]
cmp al, byte [edi + 0x2489]
jae short loc_fffc78da  ; jae 0xfffc78da
movzx ecx, byte [ebp - 0x26c]
mov eax, dword [ebp - 0x270]
mov edx, dword [ebp - 0x298]
mov ebx, dword [eax + ecx*4 + 0x28]
or ebx, 0x60
mov eax, ebx
and eax, 0xffbfffff
test edx, edx
mov edx, dword [ebp - 0x2b4]
cmovne ebx, eax
mov eax, ebx
and eax, 0xffdfffff
test edx, edx
mov edx, esi
cmovne ebx, eax
mov eax, edi
call fcn_fffa71bc  ; call 0xfffa71bc
mov ecx, ebx
mov edx, eax
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
inc byte [ebp - 0x26c]
jmp short loc_fffc7928  ; jmp 0xfffc7928

loc_fffc798a:  ; not directly referenced
cmp dword [ebp - 0x298], 0
je short loc_fffc79e7  ; je 0xfffc79e7
mov edx, 0x3a28
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x3a28
mov dword [ebp - 0x2ac], eax
mov eax, edi
and dword [ebp - 0x2ac], 0xfffffffd
mov ecx, dword [ebp - 0x2ac]
call fcn_fffb3381  ; call 0xfffb3381
mov edx, 0x5f08
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x5f08
or ah, 1
mov ecx, eax
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
mov edx, 0x96
mov eax, edi
call fcn_fffa82f9  ; call 0xfffa82f9

loc_fffc79e7:  ; not directly referenced
movzx eax, byte [ebp - 0x280]
mov dword [ebp - 0x278], 1
mov dword [ebp - 0x270], 0
mov dword [ebp - 0x2c8], eax

loc_fffc7a08:  ; not directly referenced
mov esi, dword [ebp - 0x278]
mov eax, esi
mov byte [ebp - 0x274], al
test al, al
je short loc_fffc7a30  ; je 0xfffc7a30
cmp dword [ebp - 0x290], 0
sete al
or al, byte [ebp - 0x268]
jne loc_fffc81ea  ; jne 0xfffc81ea

loc_fffc7a30:  ; not directly referenced
mov esi, dword [ebp - 0x2a4]
push eax
push 0
push 0x24
lea eax, [ebp - 0x1c8]
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0x24
lea eax, [ebp - 0x1ec]
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
add esp, 0xc
push dword [ebp - 0x2c8]
lea eax, [ebp - 0x234]
push 0x12
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
add esp, 0xc
push 0xff
push 0x12
lea eax, [ebp - 0x210]
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0x12
lea eax, [ebp - 0x222]
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
mov esi, dword [ebp - 0x264]
add esp, 0x10
mov dword [ebp - 0x26c], 0

loc_fffc7aad:  ; not directly referenced
cmp dword [esi], 2
je short loc_fffc7ae9  ; je 0xfffc7ae9

loc_fffc7ab2:  ; not directly referenced
inc dword [ebp - 0x26c]
add esi, 0x13c3
cmp dword [ebp - 0x26c], 2
jne short loc_fffc7aad  ; jne 0xfffc7aad
mov al, byte [ebp - 0x280]
mov byte [ebp - 0x29c], 0
mov byte [ebp - 0x25c], al
imul eax, dword [ebp - 0x278], 0x12
mov dword [ebp - 0x2c0], eax
jmp short loc_fffc7b59  ; jmp 0xfffc7b59

loc_fffc7ae9:  ; not directly referenced
xor ebx, ebx

loc_fffc7aeb:  ; not directly referenced
cmp bl, byte [edi + 0x2489]
jae short loc_fffc7ab2  ; jae 0xfffc7ab2
movzx eax, bl
mov dword [ebp - 0x270], eax
mov byte [esi + eax + 0x101d], 0
mov dword [ebp - 0x25c], 0

loc_fffc7b0e:  ; not directly referenced
mov cl, byte [ebp - 0x25c]
mov eax, 1
shl eax, cl
test byte [esi + 0xc4], al
je short loc_fffc7b47  ; je 0xfffc7b47
push eax
mov ecx, dword [ebp - 0x25c]
mov eax, edi
push 0
mov edx, dword [ebp - 0x26c]
push 0xff
push dword [ebp - 0x270]
call fcn_fffa7447  ; call 0xfffa7447
add esp, 0x10

loc_fffc7b47:  ; not directly referenced
inc dword [ebp - 0x25c]
cmp dword [ebp - 0x25c], 4
jne short loc_fffc7b0e  ; jne 0xfffc7b0e
inc ebx
jmp short loc_fffc7aeb  ; jmp 0xfffc7aeb

loc_fffc7b59:  ; not directly referenced
cmp byte [ebp - 0x274], 0
jne short loc_fffc7b8f  ; jne 0xfffc7b8f
push 0
movsx eax, byte [ebp - 0x25c]
push 0
push 0
push 0
push 0
push 0
push 0
push 1
push 0
push eax
push 4
push edi
call fcn_fffcd268  ; call 0xfffcd268
add esp, 0x30
mov dword [ebp - 0x270], eax
jmp short loc_fffc7be3  ; jmp 0xfffc7be3

loc_fffc7b8f:  ; not directly referenced
push 0
mov bl, byte [ebp - 0x25c]
push 0
push 0
push 0
push 0
and ebx, 1
push 0
movzx eax, bl
push 0
push 1
push 0
push eax
push 4
push edi
call fcn_fffcd268  ; call 0xfffcd268
mov esi, dword [ebp - 0x25c]
mov dl, 2
add esp, 0x30
mov dword [ebp - 0x270], eax
mov eax, esi
cbw
idiv dl
mov edx, esi
shr dl, 7
mov byte [ebp - 0x29c], al
test bl, dl
je short loc_fffc7be3  ; je 0xfffc7be3
dec eax
mov byte [ebp - 0x29c], al

loc_fffc7be3:  ; not directly referenced
mov eax, edi
or edx, 0xffffffff
call fcn_fffac864  ; call 0xfffac864
mov eax, dword [ebp - 0x264]
mov dword [ebp - 0x26c], 0
mov dword [ebp - 0x294], eax

loc_fffc7c03:  ; not directly referenced
mov eax, dword [ebp - 0x294]
cmp dword [eax], 2
jne loc_fffc7d84  ; jne 0xfffc7d84
cmp byte [ebp - 0x274], 1
je short loc_fffc7c8f  ; je 0xfffc7c8f

loc_fffc7c1b:  ; not directly referenced
mov esi, dword [ebp - 0x26c]
mov ecx, 0xff
mov ebx, dword [ebp - 0x260]
imul eax, esi, 0xcc
mov edx, esi
mov ebx, dword [ebx + eax + 0x1c]
movzx eax, byte [ebp + esi - 0x252]
or ebx, 0x100000
and eax, 3
and ebx, 0xff1fffff
shl eax, 0x16
or ebx, eax
mov eax, edi
call fcn_fffa7236  ; call 0xfffa7236
or ebx, 0x1000008
mov ecx, ebx
mov edx, eax
mov eax, edi
call fcn_fffb38b3  ; call 0xfffb38b3
mov eax, edi
mov edx, 0xf
call fcn_fffa82f9  ; call 0xfffa82f9
lea eax, [esi + esi*8]
lea esi, [ebp - 0x18]
add eax, esi
mov byte [ebp - 0x2a0], 0
mov dword [ebp - 0x2bc], eax
jmp short loc_fffc7d04  ; jmp 0xfffc7d04

loc_fffc7c8f:  ; not directly referenced
mov byte [ebp - 0x2a0], 0

loc_fffc7c96:  ; not directly referenced
mov al, byte [ebp - 0x2a0]
cmp al, byte [edi + 0x2489]
jae loc_fffc7c1b  ; jae 0xfffc7c1b
mov ebx, dword [ebp - 0x294]
movzx esi, byte [ebp - 0x2a0]
mov al, byte [ebp - 0x29c]
mov byte [ebx + esi + 0x101d], al
xor ebx, ebx

loc_fffc7cc4:  ; not directly referenced
mov cl, bl
mov eax, 1
shl eax, cl
mov ecx, dword [ebp - 0x294]
test byte [ecx + 0xc4], al
je short loc_fffc7cf6  ; je 0xfffc7cf6
mov edx, dword [ebp - 0x26c]
mov ecx, ebx
push eax
mov eax, edi
push 0
push 0xff
push esi
call fcn_fffa7447  ; call 0xfffa7447
add esp, 0x10

loc_fffc7cf6:  ; not directly referenced
inc ebx
cmp ebx, 4
jne short loc_fffc7cc4  ; jne 0xfffc7cc4
inc byte [ebp - 0x2a0]
jmp short loc_fffc7c96  ; jmp 0xfffc7c96

loc_fffc7d04:  ; not directly referenced
mov al, byte [ebp - 0x2a0]
cmp al, byte [edi + 0x2489]
jae short loc_fffc7d64  ; jae 0xfffc7d64
movzx esi, byte [ebp - 0x2a0]
mov eax, edi
mov edx, dword [ebp - 0x26c]
mov ecx, esi
call fcn_fffa75c5  ; call 0xfffa75c5
mov edx, eax
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
movzx edx, al
movzx eax, dx
mov dword [ebp - 0x2c4], edx
call fcn_fffb38d9  ; call 0xfffb38d9
mov edx, dword [ebp - 0x2c4]
add esi, dword [ebp - 0x2bc]
inc byte [ebp - 0x2a0]
and byte [esi - 0x1f8], dl
neg eax
mov byte [esi - 0x22e], al
jmp short loc_fffc7d04  ; jmp 0xfffc7d04

loc_fffc7d64:  ; not directly referenced
mov edx, dword [ebp - 0x26c]
mov ecx, 0xff
mov eax, edi
and ebx, 0xfffffff7
call fcn_fffa7236  ; call 0xfffa7236
mov ecx, ebx
mov edx, eax
mov eax, edi
call fcn_fffb38b3  ; call 0xfffb38b3

loc_fffc7d84:  ; not directly referenced
inc dword [ebp - 0x26c]
add dword [ebp - 0x294], 0x13c3
cmp dword [ebp - 0x26c], 2
jne loc_fffc7c03  ; jne 0xfffc7c03
mov eax, edi
mov edx, 0x11111111
call fcn_fffac864  ; call 0xfffac864
mov eax, dword [ebp - 0x264]
xor esi, esi
mov dword [ebp - 0x2a0], eax

loc_fffc7dbb:  ; not directly referenced
mov eax, dword [ebp - 0x2a0]
cmp dword [eax], 2
jne loc_fffc7f4c  ; jne 0xfffc7f4c
imul eax, esi, 0xcc
mov ebx, dword [ebp - 0x260]
mov ecx, 0xff
mov edx, esi
mov ebx, dword [ebx + eax + 0x1c]
movzx eax, byte [ebp + esi - 0x252]
or ebx, 0x100000
and eax, 3
and ebx, 0xff1fffff
shl eax, 0x16
or ebx, eax
mov eax, edi
call fcn_fffa7236  ; call 0xfffa7236
or ebx, 0x1000008
mov ecx, ebx
mov edx, eax
mov eax, edi
call fcn_fffb38b3  ; call 0xfffb38b3
mov eax, edi
mov edx, 0xf
call fcn_fffa82f9  ; call 0xfffa82f9
lea eax, [esi + esi*8]
lea ecx, [ebp - 0x18]
add ecx, eax
mov byte [ebp - 0x294], 0
mov dword [ebp - 0x2bc], eax
mov dword [ebp - 0x2c4], ecx

loc_fffc7e3c:  ; not directly referenced
mov al, byte [ebp - 0x294]
cmp al, byte [edi + 0x2489]
jae loc_fffc7f30  ; jae 0xfffc7f30
movzx eax, byte [ebp - 0x294]
mov edx, esi
mov ecx, eax
mov dword [ebp - 0x26c], eax
mov eax, edi
call fcn_fffa75c5  ; call 0xfffa75c5
mov edx, eax
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
movzx ecx, al
movzx eax, cx
mov dword [ebp - 0x2cc], ecx
call fcn_fffb38d9  ; call 0xfffb38d9
mov edx, dword [ebp - 0x2c4]
add edx, dword [ebp - 0x26c]
mov ecx, dword [ebp - 0x2cc]
or byte [edx - 0x20a], cl
add al, byte [edx - 0x22e]
mov byte [edx - 0x22e], al
cmp al, byte [edx - 0x21c]
jle short loc_fffc7eff  ; jle 0xfffc7eff
mov byte [edx - 0x21c], al
mov eax, dword [ebp - 0x2c0]
lea ecx, [ebp - 0x18]
add eax, dword [ebp - 0x2bc]
add eax, ecx
mov cl, byte [ebp - 0x25c]
add eax, dword [ebp - 0x26c]
cmp byte [ebp - 0x274], 0
mov byte [eax - 0x1b0], cl
mov byte [eax - 0x1d4], cl
jne short loc_fffc7f25  ; jne 0xfffc7f25
mov ecx, dword [ebp - 0x2a0]
mov edx, dword [ebp - 0x26c]
mov al, byte [ebp - 0x25c]
mov byte [ecx + edx + 0x101d], al
jmp short loc_fffc7f25  ; jmp 0xfffc7f25

loc_fffc7eff:  ; not directly referenced
jne short loc_fffc7f25  ; jne 0xfffc7f25
mov eax, dword [ebp - 0x2c0]
lea ecx, [ebp - 0x18]
add eax, dword [ebp - 0x2bc]
mov edx, dword [ebp - 0x26c]
add eax, ecx
mov cl, byte [ebp - 0x25c]
mov byte [edx + eax - 0x1b0], cl

loc_fffc7f25:  ; not directly referenced
inc byte [ebp - 0x294]
jmp near loc_fffc7e3c  ; jmp 0xfffc7e3c

loc_fffc7f30:  ; not directly referenced
mov ecx, 0xff
mov edx, esi
mov eax, edi
and ebx, 0xfffffff7
call fcn_fffa7236  ; call 0xfffa7236
mov ecx, ebx
mov edx, eax
mov eax, edi
call fcn_fffb38b3  ; call 0xfffb38b3

loc_fffc7f4c:  ; not directly referenced
inc esi
add dword [ebp - 0x2a0], 0x13c3
cmp esi, 2
jne loc_fffc7dbb  ; jne 0xfffc7dbb
inc byte [ebp - 0x25c]
mov al, byte [ebp - 0x27a]
cmp byte [ebp - 0x25c], al
jle loc_fffc7b59  ; jle 0xfffc7b59
push 0
xor ebx, ebx
push 0
push 0
push 0
push 0
push 0
push 0
push 1
push 0
push 0
push 4
push edi
call fcn_fffcd268  ; call 0xfffcd268
mov eax, dword [ebp - 0x264]
add esp, 0x30
mov dword [ebp - 0x25c], eax
imul eax, dword [ebp - 0x278], 0x12
mov dword [ebp - 0x2a0], eax

loc_fffc7fb2:  ; not directly referenced
mov eax, dword [ebp - 0x25c]
mov dword [ebp + ebx*4 - 0x250], 0
cmp dword [eax], 2
je short loc_fffc7fdd  ; je 0xfffc7fdd

loc_fffc7fc8:  ; not directly referenced
inc ebx
add dword [ebp - 0x25c], 0x13c3
cmp ebx, 2
jne short loc_fffc7fb2  ; jne 0xfffc7fb2
jmp near loc_fffc8122  ; jmp 0xfffc8122

loc_fffc7fdd:  ; not directly referenced
lea eax, [ebx + ebx*8]
lea esi, [ebp - 0x18]
add esi, eax
mov byte [ebp - 0x294], 0
mov dword [ebp - 0x29c], eax
mov dword [ebp - 0x2bc], esi

loc_fffc7ff8:  ; not directly referenced
mov al, byte [ebp - 0x294]
cmp al, byte [edi + 0x2489]
jae short loc_fffc7fc8  ; jae 0xfffc7fc8
mov ecx, dword [ebp - 0x2a0]
lea eax, [ebp - 0x18]
add ecx, dword [ebp - 0x29c]
movzx esi, byte [ebp - 0x294]
add ecx, eax
add ecx, esi
mov dl, byte [ecx - 0x1d4]
mov al, byte [ecx - 0x1b0]
sub eax, edx
mov byte [ecx - 0x168], al
mov cl, 2
cbw
idiv cl
add eax, edx
cmp dword [ebp - 0x268], 0
mov dl, al
je short loc_fffc807b  ; je 0xfffc807b
mov ecx, dword [ebp - 0x2bc]
mov byte [esi + ecx - 0x1e6], al
movsx eax, al
push 0
push 0
push 0
push 0
push esi
push 0xff
push ebx
push 0
push 0
push eax
push 4
push edi
call fcn_fffcd268  ; call 0xfffcd268
add esp, 0x30
jmp near loc_fffc8117  ; jmp 0xfffc8117

loc_fffc807b:  ; not directly referenced
cmp byte [ebp - 0x274], 0
jne short loc_fffc8091  ; jne 0xfffc8091
lea eax, [edx - 1]
test dl, dl
lea ecx, [edx + 1]
cmovns eax, ecx
mov dl, al

loc_fffc8091:  ; not directly referenced
movsx eax, dl
mov cl, 2
add dword [ebp + ebx*4 - 0x250], eax
movsx ax, dl
idiv cl
mov ecx, dword [ebp - 0x25c]
mov edx, dword [ebp - 0x2a0]
add edx, dword [ebp - 0x29c]
mov dword [ebp - 0x26c], 0
mov byte [ecx + esi + 0x101d], al
lea ecx, [ebp - 0x18]
add edx, ecx
mov byte [esi + edx - 0x18c], al

loc_fffc80d2:  ; not directly referenced
mov cl, byte [ebp - 0x26c]
mov eax, 1
mov edx, dword [ebp - 0x25c]
shl eax, cl
test byte [edx + 0xc4], al
je short loc_fffc8108  ; je 0xfffc8108
push ecx
mov ecx, dword [ebp - 0x26c]
mov edx, ebx
push 0
mov eax, edi
push 0xff
push esi
call fcn_fffa7447  ; call 0xfffa7447
add esp, 0x10

loc_fffc8108:  ; not directly referenced
inc dword [ebp - 0x26c]
cmp dword [ebp - 0x26c], 4
jne short loc_fffc80d2  ; jne 0xfffc80d2

loc_fffc8117:  ; not directly referenced
inc byte [ebp - 0x294]
jmp near loc_fffc7ff8  ; jmp 0xfffc7ff8

loc_fffc8122:  ; not directly referenced
cmp dword [ebp - 0x290], 0
sete al
or al, byte [ebp - 0x268]
jne loc_fffc81ea  ; jne 0xfffc81ea
cmp byte [ebp - 0x274], 1
je loc_fffc81ea  ; je 0xfffc81ea
mov eax, dword [ebp - 0x264]
lea edx, [ebp - 0x180]
lea ecx, [ebp - 0x1a4]
mov dword [ebp - 0x25c], eax

loc_fffc815d:  ; not directly referenced
mov eax, dword [ebp - 0x25c]
cmp dword [eax], 2
jne short loc_fffc81cc  ; jne 0xfffc81cc
mov al, byte [edi + 0x2489]
mov byte [ebp - 0x26c], al
xor eax, eax

loc_fffc8176:  ; not directly referenced
cmp byte [ebp - 0x26c], al
jbe short loc_fffc81cc  ; jbe 0xfffc81cc
cmp dword [ebp - 0x284], 0
je short loc_fffc81c9  ; je 0xfffc81c9
movsx esi, byte [edx + eax + 0x12]
movsx ebx, byte [edx + eax]
sub ebx, esi
mov esi, ebx
sar esi, 0x1f
xor ebx, esi
sub ebx, esi
cmp ebx, 4
jle short loc_fffc81c9  ; jle 0xfffc81c9
movsx esi, byte [ecx + eax + 0x12]
movsx ebx, byte [ecx + eax]
sub ebx, esi
mov esi, ebx
sar esi, 0x1f
xor ebx, esi
sub ebx, esi
mov esi, 5
cmp ebx, 3
cmovl esi, dword [ebp - 0x270]
mov dword [ebp - 0x270], esi

loc_fffc81c9:  ; not directly referenced
inc eax
jmp short loc_fffc8176  ; jmp 0xfffc8176

loc_fffc81cc:  ; not directly referenced
add edx, 9
add ecx, 9
lea eax, [ebp - 0x16e]
add dword [ebp - 0x25c], 0x13c3
cmp edx, eax
jne loc_fffc815d  ; jne 0xfffc815d

loc_fffc81ea:  ; not directly referenced
dec dword [ebp - 0x278]
cmp dword [ebp - 0x278], 0xffffffff
jne loc_fffc7a08  ; jne 0xfffc7a08
cmp dword [ebp - 0x290], 1
jne loc_fffc8321  ; jne 0xfffc8321
cmp dword [ebp - 0x270], 5
mov eax, 5
sete cl
cmp dword [ebp - 0x284], 0
setne dl
test cl, dl
jne loc_fffc8a14  ; jne 0xfffc8a14
cmp dword [ebp - 0x28c], 3
seta al
test byte [ebp - 0x27b], al
jne short loc_fffc8258  ; jne 0xfffc8258
cmp dword [ebp - 0x28c], 0
setne dl
cmp dword [ebp - 0x2b0], 0x40670
sete al
test dl, al
je short loc_fffc82ca  ; je 0xfffc82ca

loc_fffc8258:  ; not directly referenced
mov eax, dword [ebp - 0x250]
movzx ecx, byte [edi + 0x2489]
add eax, dword [ebp - 0x24c]
add ecx, ecx
cdq
idiv ecx
mov dword [ebp - 0x250], eax

loc_fffc8276:  ; not directly referenced
cmp dword [edi + 0x3757], 2
mov eax, dword [ebp - 0x250]
jne short loc_fffc8291  ; jne 0xfffc8291
mov ebx, dword [ebp - 0x260]
mov dword [ebx + 0xe3], eax

loc_fffc8291:  ; not directly referenced
cmp dword [edi + 0x4b1a], 2
jne short loc_fffc82a6  ; jne 0xfffc82a6
mov ebx, dword [ebp - 0x260]
mov dword [ebx + 0x1af], eax

loc_fffc82a6:  ; not directly referenced
mov esi, dword [ebp - 0x260]
mov ebx, eax
cmp dword [ebp - 0x288], 0
mov dword [esi + 0x1b4], eax
je short loc_fffc82d6  ; je 0xfffc82d6
mov ebx, 3
cmp eax, 3
cmovle ebx, eax
jmp short loc_fffc82d6  ; jmp 0xfffc82d6

loc_fffc82ca:  ; not directly referenced
mov dword [ebp - 0x250], 0xfffffff0
jmp short loc_fffc8276  ; jmp 0xfffc8276

loc_fffc82d6:  ; not directly referenced
push 1
push 0
push 0
push 0xff
push ebx
push 1
push 0
push edi
call fcn_fffcce33  ; call 0xfffcce33
add esp, 0x20
push 1
push 0
push 0
push 0xff
push ebx
push 1
push 1
push edi
call fcn_fffcce33  ; call 0xfffcce33
add esp, 0x20
push 0
push 0
push 0
push 0xff
push ebx
push 1
push 2
push edi
call fcn_fffcce33  ; call 0xfffcce33
add esp, 0x20

loc_fffc8321:  ; not directly referenced
mov eax, dword [ebp - 0x2a4]
lea ebx, [ebp - 0x15c]
push edx
push 0
push 0xa2
push ebx
call dword [eax + 0x5c]  ; ucall
add esp, 0xc
mov eax, dword [ebp - 0x2a4]
push 0
push 0xa2
lea esi, [ebp - 0xba]
push esi
call dword [eax + 0x5c]  ; ucall
add esp, 0x10
cmp dword [ebp - 0x288], 1
mov dword [ebp - 0x260], 1
mov dword [ebp - 0x290], esi
sbb eax, eax
mov dword [ebp - 0x270], eax
add byte [ebp - 0x270], 9
mov dword [ebp - 0x294], ebx

loc_fffc8382:  ; not directly referenced
mov al, byte [ebp - 0x260]
xor ecx, ecx
xor edx, edx
mov byte [ebp - 0x278], al

loc_fffc8392:  ; not directly referenced
mov eax, dword [ebp - 0x260]
shl eax, cl
add ecx, 4
add edx, eax
cmp ecx, 0x20
jne short loc_fffc8392  ; jne 0xfffc8392
mov eax, edi
call fcn_fffac864  ; call 0xfffac864
mov eax, dword [ebp - 0x2a8]
mov dword [ebp - 0x25c], 0
mov dword [ebp - 0x274], eax
mov eax, dword [ebp - 0x260]
and eax, 0xf
mov dword [ebp - 0x284], eax
shl dword [ebp - 0x284], 9

loc_fffc83d7:  ; not directly referenced
imul eax, dword [ebp - 0x25c], 0x13c3
cmp dword [edi + eax + 0x3757], 2
jne loc_fffc85c8  ; jne 0xfffc85c8
cmp dword [ebp - 0x288], 0
jne short loc_fffc8462  ; jne 0xfffc8462

loc_fffc83f8:  ; not directly referenced
mov esi, dword [ebp - 0x25c]
mov ecx, 0xff
mov eax, dword [ebp - 0x274]
mov edx, esi
mov ebx, dword [eax]
movzx eax, byte [ebp + esi - 0x252]
or ebx, 0x100000
and eax, 3
and ebx, 0xff1fffff
shl eax, 0x16
or ebx, eax
mov eax, edi
call fcn_fffa7236  ; call 0xfffa7236
or ebx, 0x1000008
mov ecx, ebx
mov edx, eax
mov eax, edi
call fcn_fffb38b3  ; call 0xfffb38b3
mov eax, edi
mov edx, 0xf
call fcn_fffa82f9  ; call 0xfffa82f9
imul eax, esi, 0x51
mov byte [ebp - 0x26c], 0
mov dword [ebp - 0x28c], eax
jmp near loc_fffc853e  ; jmp 0xfffc853e

loc_fffc8462:  ; not directly referenced
mov byte [ebp - 0x26c], 0

loc_fffc8469:  ; not directly referenced
mov al, byte [ebp - 0x26c]
cmp al, byte [edi + 0x2489]
jae short loc_fffc83f8  ; jae 0xfffc83f8
movzx esi, byte [ebp - 0x26c]
mov eax, dword [ebp - 0x274]
mov ecx, dword [ebp - 0x298]
mov edx, dword [ebp - 0x25c]
lea eax, [eax + esi*4]
mov dword [ebp - 0x280], eax
mov eax, dword [eax + 0x28]
and ah, 0xe1
or eax, dword [ebp - 0x284]
or eax, 0x60
mov ebx, eax
and eax, 0xfffffe7f
and ebx, 0xffbffe7f
test ecx, ecx
mov ecx, dword [ebp - 0x2b4]
cmove ebx, eax
mov eax, ebx
and eax, 0xffdfffff
test ecx, ecx
mov ecx, esi
cmovne ebx, eax
mov eax, edi
call fcn_fffa71bc  ; call 0xfffa71bc
mov ecx, ebx
mov edx, eax
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
cmp dword [ebp - 0x2b8], 0
je short loc_fffc8510  ; je 0xfffc8510
mov edx, dword [ebp - 0x25c]
mov ecx, esi
mov eax, edi
call fcn_fffa71f9  ; call 0xfffa71f9
mov esi, dword [ebp - 0x280]
mov ecx, dword [esi + 4]
mov edx, eax
mov eax, edi
and ecx, 0xc7ffffff
call fcn_fffb3381  ; call 0xfffb3381

loc_fffc8510:  ; not directly referenced
inc byte [ebp - 0x26c]
jmp near loc_fffc8469  ; jmp 0xfffc8469

loc_fffc851b:  ; not directly referenced
mov eax, dword [ebp - 0x280]
bt eax, edx
jae short loc_fffc8597  ; jae 0xfffc8597
mov al, byte [ebp - 0x278]
mov byte [ecx + edx], al

loc_fffc852f:  ; not directly referenced
inc edx
cmp byte [ebp - 0x270], dl
ja short loc_fffc851b  ; ja 0xfffc851b
inc byte [ebp - 0x26c]

loc_fffc853e:  ; not directly referenced
mov al, byte [ebp - 0x26c]
cmp al, byte [edi + 0x2489]
jae short loc_fffc85a8  ; jae 0xfffc85a8
movzx esi, byte [ebp - 0x26c]
mov eax, edi
mov edx, dword [ebp - 0x25c]
mov ecx, esi
call fcn_fffa75c5  ; call 0xfffa75c5
lea esi, [esi + esi*8]
mov edx, eax
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
xor edx, edx
add esi, dword [ebp - 0x28c]
mov dword [ebp - 0x280], eax
mov eax, dword [ebp - 0x290]
and dword [ebp - 0x280], 0x1ff
lea ecx, [eax + esi]
add esi, dword [ebp - 0x294]
jmp short loc_fffc851b  ; jmp 0xfffc851b

loc_fffc8597:  ; not directly referenced
cmp byte [esi + edx], 0
jne short loc_fffc852f  ; jne 0xfffc852f
mov al, byte [ebp - 0x278]
mov byte [esi + edx], al
jmp short loc_fffc852f  ; jmp 0xfffc852f

loc_fffc85a8:  ; not directly referenced
mov edx, dword [ebp - 0x25c]
mov ecx, 0xff
mov eax, edi
and ebx, 0xfffffff7
call fcn_fffa7236  ; call 0xfffa7236
mov ecx, ebx
mov edx, eax
mov eax, edi
call fcn_fffb38b3  ; call 0xfffb38b3

loc_fffc85c8:  ; not directly referenced
inc dword [ebp - 0x25c]
add dword [ebp - 0x274], 0xcc
cmp dword [ebp - 0x25c], 2
jne loc_fffc83d7  ; jne 0xfffc83d7
inc dword [ebp - 0x260]
cmp dword [ebp - 0x260], 0x10
jne loc_fffc8382  ; jne 0xfffc8382
mov eax, dword [ebp - 0x2a8]
mov dword [ebp - 0x25c], 0
mov dword [ebp - 0x280], eax
mov eax, dword [ebp - 0x264]
mov dword [ebp - 0x260], eax

loc_fffc861a:  ; not directly referenced
mov eax, dword [ebp - 0x260]
cmp dword [eax], 2
je short loc_fffc864d  ; je 0xfffc864d

loc_fffc8625:  ; not directly referenced
inc dword [ebp - 0x25c]
add dword [ebp - 0x260], 0x13c3
add dword [ebp - 0x280], 0xcc
cmp dword [ebp - 0x25c], 2
jne short loc_fffc861a  ; jne 0xfffc861a
jmp near loc_fffc87fb  ; jmp 0xfffc87fb

loc_fffc864d:  ; not directly referenced
mov esi, dword [ebp - 0x25c]
mov byte [ebp - 0x26c], 0
imul ebx, esi, 0x51
mov eax, esi
shl eax, 8
mov dword [ebp - 0x29c], eax
add eax, 0x4c
mov dword [ebp - 0x28c], eax
mov dword [ebp - 0x284], ebx

loc_fffc8677:  ; not directly referenced
movzx eax, byte [ebp - 0x26c]
cmp al, byte [edi + 0x2489]
jae short loc_fffc8625  ; jae 0xfffc8625
mov ebx, eax
mov dword [ebp - 0x274], eax
lea eax, [eax + eax*8]
add eax, dword [ebp - 0x284]
lea esi, [ebp - 0x15c]
mov dword [ebp - 0x278], 0
add esi, eax
mov dword [ebp - 0x294], esi
lea esi, [ebp - 0xba]
add eax, esi
mov dword [ebp - 0x290], eax
imul eax, ebx, 0x18
xor ebx, ebx
mov dword [ebp - 0x2a0], eax

loc_fffc86c8:  ; not directly referenced
mov eax, dword [ebp - 0x294]
mov dl, byte [eax + ebx]
mov eax, dword [ebp - 0x290]
movsx ecx, byte [eax + ebx]
mov al, 0xf
test dl, dl
je short loc_fffc86f4  ; je 0xfffc86f4
xor eax, eax
test cl, cl
je short loc_fffc86f4  ; je 0xfffc86f4
movsx eax, dl
mov esi, 2
add eax, ecx
cdq
idiv esi

loc_fffc86f4:  ; not directly referenced
cmp dword [ebp - 0x288], 0
je short loc_fffc8755  ; je 0xfffc8755
cmp bl, 8
jne short loc_fffc8755  ; jne 0xfffc8755
mov dl, 0xf
cmp al, 6
jg short loc_fffc870e  ; jg 0xfffc870e
lea edx, [eax + 8]
and edx, 0xf

loc_fffc870e:  ; not directly referenced
mov eax, dword [ebp - 0x274]
and edx, 0xf
mov esi, dword [ebp - 0x280]
add edx, edx
lea ecx, [eax + 8]
mov al, byte [esi + ecx*4 + 9]
and eax, 0xffffffe1
or eax, edx
mov byte [esi + ecx*4 + 9], al

loc_fffc872f:  ; not directly referenced
mov eax, dword [ebp - 0x274]
mov esi, dword [ebp - 0x28c]
shl eax, 9
lea ebx, [eax + esi]
mov dword [ebp - 0x274], ebx
mov ebx, dword [ebp - 0x29c]
lea esi, [ebx + eax + 0x50]
xor ebx, ebx
jmp short loc_fffc879f  ; jmp 0xfffc879f

loc_fffc8755:  ; not directly referenced
mov edx, eax
lea esi, [ebx + ebx*2]
and edx, 0xf
add esi, dword [ebp - 0x2a0]
add esi, dword [ebp - 0x260]
lea ecx, [ebx*4]
shl edx, cl
add dword [ebp - 0x278], edx
xor edx, edx

loc_fffc877a:  ; not directly referenced
imul ecx, edx, 0xd8
inc edx
mov byte [esi + ecx + 0x942], al
cmp byte [ebp - 0x279], dl
ja short loc_fffc877a  ; ja 0xfffc877a
inc ebx
cmp byte [ebp - 0x270], bl
ja loc_fffc86c8  ; ja 0xfffc86c8
jmp short loc_fffc872f  ; jmp 0xfffc872f

loc_fffc879f:  ; not directly referenced
mov eax, dword [edi + 0x188b]
mov edx, dword [ebp - 0x274]
test eax, eax
je short loc_fffc87b5  ; je 0xfffc87b5
xor edx, edx
dec eax
cmove edx, esi

loc_fffc87b5:  ; not directly referenced
mov ecx, dword [ebp - 0x278]
mov eax, edi
inc ebx
add esi, 4
call fcn_fffb3381  ; call 0xfffb3381
cmp bl, byte [ebp - 0x279]
jb short loc_fffc879f  ; jb 0xfffc879f
sub esp, 0xc
mov edx, dword [ebp - 0x25c]
mov ecx, 1
push 0
mov eax, edi
push 1
push 0
push 0
push 0
call fcn_fffa7273  ; call 0xfffa7273
add esp, 0x20
inc byte [ebp - 0x26c]
jmp near loc_fffc8677  ; jmp 0xfffc8677

loc_fffc87fb:  ; not directly referenced
cmp dword [ebp - 0x268], 0
jne short loc_fffc8854  ; jne 0xfffc8854

loc_fffc8804:  ; not directly referenced
cmp dword [ebp - 0x298], 0
je loc_fffc894e  ; je 0xfffc894e
mov ecx, dword [ebp - 0x2ac]
mov eax, edi
mov edx, 0x3a28
or ecx, 2
call fcn_fffb3381  ; call 0xfffb3381
mov edx, 0x5f08
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x5f08
or ah, 1
mov ecx, eax
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
mov edx, 0xe1
mov eax, edi
call fcn_fffa82f9  ; call 0xfffa82f9
jmp near loc_fffc894e  ; jmp 0xfffc894e

loc_fffc8854:  ; not directly referenced
push 0
push 0
push 0
push 0
push 0
push 0
push 0
push 1
push 0
push 0
push 4
push edi
call fcn_fffcd268  ; call 0xfffcd268
mov ebx, dword [ebp - 0x264]
add esp, 0x30
mov dword [ebp - 0x260], 0

loc_fffc8883:  ; not directly referenced
cmp dword [ebx], 2
je short loc_fffc88a3  ; je 0xfffc88a3

loc_fffc8888:  ; not directly referenced
inc dword [ebp - 0x260]
add ebx, 0x13c3
cmp dword [ebp - 0x260], 2
je loc_fffc8804  ; je 0xfffc8804
jmp short loc_fffc8883  ; jmp 0xfffc8883

loc_fffc88a3:  ; not directly referenced
imul eax, dword [ebp - 0x260], 9
lea edx, [ebp - 0x18]
mov byte [ebp - 0x264], 0
add eax, edx
mov dword [ebp - 0x268], eax

loc_fffc88bc:  ; not directly referenced
mov al, byte [ebp - 0x264]
cmp al, byte [edi + 0x2489]
jae short loc_fffc8888  ; jae 0xfffc8888
movzx esi, byte [ebp - 0x264]
mov eax, dword [ebp - 0x268]
mov dword [ebp - 0x25c], 0
mov dl, byte [esi + eax - 0x1e6]
test dl, dl
lea eax, [edx - 1]
lea ecx, [edx + 1]
mov dl, 2
cmovns eax, ecx
cbw
idiv dl
mov byte [ebx + esi + 0x101d], al

loc_fffc8900:  ; not directly referenced
mov cl, byte [ebp - 0x25c]
mov eax, 1
shl eax, cl
test byte [ebx + 0xc4], al
je short loc_fffc8934  ; je 0xfffc8934
mov ecx, dword [ebp - 0x25c]
push eax
mov edx, dword [ebp - 0x260]
mov eax, edi
push 0
push 0xff
push esi
call fcn_fffa7447  ; call 0xfffa7447
add esp, 0x10

loc_fffc8934:  ; not directly referenced
inc dword [ebp - 0x25c]
cmp dword [ebp - 0x25c], 4
jne short loc_fffc8900  ; jne 0xfffc8900
inc byte [ebp - 0x264]
jmp near loc_fffc88bc  ; jmp 0xfffc88bc

loc_fffc894e:  ; not directly referenced
mov esi, dword [ebp - 0x2a8]
xor ebx, ebx

loc_fffc8956:  ; not directly referenced
imul eax, ebx, 0x13c3
cmp dword [edi + eax + 0x3757], 2
jne loc_fffc89fd  ; jne 0xfffc89fd
mov byte [ebp - 0x25c], 0

loc_fffc8971:  ; not directly referenced
mov al, byte [ebp - 0x25c]
cmp al, byte [edi + 0x2489]
jae short loc_fffc89e4  ; jae 0xfffc89e4
movzx eax, byte [ebp - 0x25c]
mov edx, ebx
mov ecx, eax
mov dword [ebp - 0x260], eax
mov eax, edi
call fcn_fffa71bc  ; call 0xfffa71bc
mov ecx, dword [ebp - 0x260]
lea ecx, [esi + ecx*4]
mov dword [ebp - 0x264], ecx
mov ecx, dword [ecx + 0x28]
mov edx, eax
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
cmp dword [ebp - 0x2b8], 0
je short loc_fffc89dc  ; je 0xfffc89dc
mov ecx, dword [ebp - 0x260]
mov edx, ebx
mov eax, edi
call fcn_fffa71f9  ; call 0xfffa71f9
mov ecx, dword [ebp - 0x264]
mov ecx, dword [ecx + 4]
mov edx, eax
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381

loc_fffc89dc:  ; not directly referenced
inc byte [ebp - 0x25c]
jmp short loc_fffc8971  ; jmp 0xfffc8971

loc_fffc89e4:  ; not directly referenced
mov ecx, 0xff
mov edx, ebx
mov eax, edi
call fcn_fffa7236  ; call 0xfffa7236
mov ecx, dword [esi]
mov edx, eax
mov eax, edi
call fcn_fffb38b3  ; call 0xfffb38b3

loc_fffc89fd:  ; not directly referenced
inc ebx
add esi, 0xcc
cmp ebx, 2
jne loc_fffc8956  ; jne 0xfffc8956
mov eax, edi
call fcn_fffaa4a9  ; call 0xfffaa4a9

loc_fffc8a14:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc8a1c:  ; not directly referenced
push ebp
mov ebp, esp
push esi
push ebx
mov ebx, dword [ebp + 8]
push edx
push edx
movzx ecx, byte [ebx + 0x248f]
lea esi, [ebx + 0x2491]
mov eax, ebx
push 0
mov edx, esi
push 0xf
push 1
push 0
push 1
push 2
call fcn_fffbea08  ; call 0xfffbea08
add esp, 0x20
test eax, eax
jne short loc_fffc8a90  ; jne 0xfffc8a90
cmp dword [ebx + 0x188b], 1
jne short loc_fffc8a6f  ; jne 0xfffc8a6f
cmp dword [ebx + 0x2481], 1
jne short loc_fffc8a6f  ; jne 0xfffc8a6f
mov ecx, 2
mov edx, esi
mov eax, ebx
call fcn_fffbd7ee  ; call 0xfffbd7ee

loc_fffc8a6f:  ; not directly referenced
push eax
mov edx, esi
push eax
movzx ecx, byte [ebx + 0x248f]
mov eax, ebx
push 1
push 0xf
push 0
push 0
push 0
push 2
call fcn_fffbea08  ; call 0xfffbea08
add esp, 0x20

loc_fffc8a90:  ; not directly referenced
lea esp, [ebp - 8]
pop ebx
pop esi
pop ebp
ret

fcn_fffc8a97:  ; not directly referenced
push ebp
mov ebp, esp
push esi
push ebx
mov ebx, dword [ebp + 8]
push edx
push edx
movzx ecx, byte [ebx + 0x248f]
lea esi, [ebx + 0x2491]
mov eax, ebx
push 0
mov edx, esi
push 0xf
push 1
push 0
push 1
push 1
call fcn_fffbea08  ; call 0xfffbea08
add esp, 0x20
test eax, eax
jne short loc_fffc8b02  ; jne 0xfffc8b02
cmp dword [ebx + 0x188b], 1
jne short loc_fffc8ae1  ; jne 0xfffc8ae1
mov ecx, 1
mov edx, esi
mov eax, ebx
call fcn_fffbd7ee  ; call 0xfffbd7ee

loc_fffc8ae1:  ; not directly referenced
push eax
mov edx, esi
push eax
movzx ecx, byte [ebx + 0x248f]
mov eax, ebx
push 1
push 0xf
push 0
push 1
push 0
push 1
call fcn_fffbea08  ; call 0xfffbea08
add esp, 0x20

loc_fffc8b02:  ; not directly referenced
lea esp, [ebp - 8]
pop ebx
pop esi
pop ebp
ret

fcn_fffc8b09:  ; not directly referenced
push ebp
mov ecx, 8
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x178
mov eax, dword [ebp + 8]
lea edi, [ebp - 0xe8]
mov edx, dword [ebp + 0xc]
mov dword [ebp - 0xbc], fcn_fffb00dc  ; mov dword [ebp - 0xbc], 0xfffb00dc
mov dword [ebp - 0xb0], fcn_fffb0086  ; mov dword [ebp - 0xb0], 0xfffb0086
mov dword [ebp - 0x130], eax
xor eax, eax
rep stosd  ; rep stosd dword es:[edi], eax
lea edi, [ebp - 0xf8]
mov dword [ebp - 0x12c], edx
mov edx, 0xcf8
mov dword [ebp - 0x5c], fcn_fffb01d3  ; mov dword [ebp - 0x5c], 0xfffb01d3
mov dword [ebp - 0x58], fcn_fffb01ca  ; mov dword [ebp - 0x58], 0xfffb01ca
mov dword [ebp - 0xa4], fcn_fffb3fc4  ; mov dword [ebp - 0xa4], 0xfffb3fc4
mov dword [ebp - 0xa0], fcn_fffb401c  ; mov dword [ebp - 0xa0], 0xfffb401c
mov cl, 4
rep stosd  ; rep stosd dword es:[edi], eax
mov eax, 0x80000048
mov dword [ebp - 0x7c], fcn_fffc375d  ; mov dword [ebp - 0x7c], 0xfffc375d
mov dword [ebp - 0x78], fcn_fffc3739  ; mov dword [ebp - 0x78], 0xfffc3739
out dx, eax
push 0xcfc
call fcn_fffb00dc  ; call 0xfffb00dc
add esp, 0x10
mov ebx, eax
test al, 1
jne short loc_fffc8ba9  ; jne 0xfffc8ba9

loc_fffc8ba2:  ; not directly referenced
xor eax, eax
jmp near loc_fffc9f55  ; jmp 0xfffc9f55

loc_fffc8ba9:  ; not directly referenced
push 0x60
mov esi, dword [ebp - 0xb0]
push 0
push 0
push 0
call dword [ebp - 0x7c]  ; ucall
pop edi
pop edx
push eax
push 0xcf8
call esi
mov dword [esp], 0xcfc
call dword [ebp - 0xbc]  ; ucall
add esp, 0x10
test al, 1
je short loc_fffc8ba2  ; je 0xfffc8ba2
and eax, 0xfffffff8
mov esi, eax
call fcn_fffa67af  ; call 0xfffa67af
mov dword [ebp - 0x144], 0
cmp eax, 0x40660
setne cl
cmp eax, 0x306c0
setne dl
test cl, dl
je short loc_fffc8c11  ; je 0xfffc8c11
cmp eax, 0x40650
setne al
movzx eax, al
mov dword [ebp - 0x144], eax

loc_fffc8c11:  ; not directly referenced
push 0xbc
and ebx, 0xfffffffe
push 0
push 0
push 0
call dword [ebp - 0x78]  ; ucall
add eax, esi
mov dword [esp], eax
call dword [ebp - 0xa4]  ; ucall
push 0x90
push 0
push 0
push 0
mov dword [ebp - 0x160], eax
call dword [ebp - 0x78]  ; ucall
add esp, 0x14
add eax, esi
push eax
call dword [ebp - 0xa0]  ; ucall
push 0x98
push 0
push 0
push 0
mov dword [ebp - 0x150], edx
mov dword [ebp - 0x138], eax
call dword [ebp - 0x78]  ; ucall
add esp, 0x14
add esi, eax
push esi
call dword [ebp - 0xa0]  ; ucall
mov edi, eax
lea eax, [ebx + 0x5024]
or edi, 0xfffff
mov dword [ebp - 0x164], edx
mov dword [esp], eax
call dword [ebp - 0xa4]  ; ucall
mov dword [ebp - 0x154], eax
lea eax, [ebx + 0x5014]
mov dword [esp], eax
call dword [ebp - 0xa4]  ; ucall
mov dword [ebp - 0x140], eax
lea eax, [ebx + 0x5000]
mov dword [esp], eax
call dword [ebp - 0xa4]  ; ucall
mov dword [ebp - 0x148], eax
lea eax, [ebx + 0x5004]
add ebx, 0x5008
mov dword [esp], eax
call dword [ebp - 0xa4]  ; ucall
mov dword [esp], ebx
mov esi, eax
call dword [ebp - 0xa4]  ; ucall
mov ecx, dword [ebp - 0x138]
add esp, 0xc
mov ebx, dword [ebp - 0x140]
mov edx, dword [ebp - 0x164]
push 0x16
and ecx, 0xfff00000
mov dword [ebp - 0x110], ecx
mov ecx, dword [ebp - 0x150]
mov dword [ebp - 0x138], edi
xor edi, edi
and edx, 0x7f
push edi
and ecx, 0x7f
mov dword [ebp - 0x10c], ecx
movzx ecx, bl
push ecx
mov dword [ebp - 0x104], esi
mov esi, ecx
mov dword [ebp - 0x100], eax
mov dword [ebp - 0xfc], 0
mov dword [ebp - 0x134], edx
call dword [ebp - 0x5c]  ; ucall
add esp, 0xc
push 0x16
push edi
mov edi, ebx
push esi
mov dword [ebp - 0x150], eax
mov dword [ebp - 0x14c], edx
call dword [ebp - 0x5c]  ; ucall
add esp, 0xc
xor edx, edx
push 0xe
mov eax, ebx
and eax, 0xff00
push edx
push eax
call dword [ebp - 0x5c]  ; ucall
add esp, 0xc
mov eax, ebx
push 6
and eax, 0xff0000
xor edx, edx
and edi, 0xff000000
push edx
push eax
call dword [ebp - 0x5c]  ; ucall
add esp, 0xc
push 2
mov dword [ebp - 0x168], edx
xor edx, edx
push edx
push edi
mov dword [ebp - 0x164], eax
call dword [ebp - 0x5c]  ; ucall
mov dword [ebp - 0x140], eax
mov eax, dword [ebp - 0x148]
mov dword [ebp - 0x13c], edx
and eax, 1
mov ebx, dword [ebp + eax*4 - 0x104]
lea eax, [ebp - 0xc4]
mov edx, ebx
call fcn_fffc3aea  ; call 0xfffc3aea
mov esi, eax
mov edi, edx
lea eax, [ebp - 0xc4]
mov edx, ebx
call fcn_fffc3acf  ; call 0xfffc3acf
add eax, esi
adc edx, edi
add esp, 0x10
cmp dword [ebp - 0x144], 1
jne short loc_fffc8df7  ; jne 0xfffc8df7
add eax, dword [ebp - 0x150]
adc edx, dword [ebp - 0x14c]
jmp short loc_fffc8e03  ; jmp 0xfffc8e03

loc_fffc8df7:  ; not directly referenced
add eax, dword [ebp - 0x140]
adc edx, dword [ebp - 0x13c]

loc_fffc8e03:  ; not directly referenced
mov esi, eax
mov eax, dword [ebp - 0x10c]
mov edi, edx
cmp dword [ebp - 0x134], eax
jb loc_fffc8f07  ; jb 0xfffc8f07
ja short loc_fffc8e2d  ; ja 0xfffc8e2d
mov eax, dword [ebp - 0x110]
cmp dword [ebp - 0x138], eax
jbe loc_fffc8f07  ; jbe 0xfffc8f07

loc_fffc8e2d:  ; not directly referenced
mov eax, dword [ebp - 0x160]
mov cl, 1
mov ebx, dword [ebp - 0x134]
mov dword [ebp - 0x15c], 0
and eax, 0xfff00000
mov edx, eax
mov dword [ebp - 0x160], eax
cmp dword [ebp - 0x12c], ebx
jb short loc_fffc8e6c  ; jb 0xfffc8e6c
ja short loc_fffc8e6a  ; ja 0xfffc8e6a
mov ebx, dword [ebp - 0x138]
cmp dword [ebp - 0x130], ebx
jbe short loc_fffc8e6c  ; jbe 0xfffc8e6c

loc_fffc8e6a:  ; not directly referenced
xor ecx, ecx

loc_fffc8e6c:  ; not directly referenced
mov eax, dword [ebp - 0x10c]
mov bl, 1
cmp dword [ebp - 0x12c], eax
ja short loc_fffc8e8e  ; ja 0xfffc8e8e
jb short loc_fffc8e8c  ; jb 0xfffc8e8c
mov eax, dword [ebp - 0x110]
cmp dword [ebp - 0x130], eax
jae short loc_fffc8e8e  ; jae 0xfffc8e8e

loc_fffc8e8c:  ; not directly referenced
xor ebx, ebx

loc_fffc8e8e:  ; not directly referenced
test cl, bl
je short loc_fffc8eb8  ; je 0xfffc8eb8
mov eax, dword [ebp - 0x160]
mov edx, dword [ebp - 0x15c]
sub eax, dword [ebp - 0x110]
sbb edx, dword [ebp - 0x10c]
add eax, dword [ebp - 0x130]
adc edx, dword [ebp - 0x12c]
jmp short loc_fffc8f13  ; jmp 0xfffc8f13

loc_fffc8eb8:  ; not directly referenced
cmp dword [ebp - 0x12c], 0
ja short loc_fffc8ec9  ; ja 0xfffc8ec9
cmp dword [ebp - 0x130], edx
jb short loc_fffc8f07  ; jb 0xfffc8f07

loc_fffc8ec9:  ; not directly referenced
mov eax, dword [ebp - 0x160]
mov edx, dword [ebp - 0x15c]
add eax, dword [ebp - 0x138]
adc edx, dword [ebp - 0x134]
sub eax, dword [ebp - 0x110]
sbb edx, dword [ebp - 0x10c]
cmp dword [ebp - 0x12c], edx
ja short loc_fffc8f07  ; ja 0xfffc8f07
jb loc_fffc9ed7  ; jb 0xfffc9ed7
cmp dword [ebp - 0x130], eax
jbe loc_fffc9ed7  ; jbe 0xfffc9ed7

loc_fffc8f07:  ; not directly referenced
mov eax, dword [ebp - 0x130]
mov edx, dword [ebp - 0x12c]

loc_fffc8f13:  ; not directly referenced
push ecx
push 6
push edx
push eax
call dword [ebp - 0x58]  ; ucall
mov ebx, dword [ebp - 0x148]
add esp, 0x10
shr ebx, 6
and ebx, 1
cmp dword [ebp - 0x144], 1
mov dword [ebp - 0x110], eax
mov dword [ebp - 0x10c], edx
jne short loc_fffc8f60  ; jne 0xfffc8f60
push edx
push 1
push dword [ebp - 0x14c]
push dword [ebp - 0x150]
call dword [ebp - 0x5c]  ; ucall
add esp, 0x10
mov dword [ebp - 0x164], eax
mov dword [ebp - 0x168], edx

loc_fffc8f60:  ; not directly referenced
test ebx, ebx
je short loc_fffc8fc9  ; je 0xfffc8fc9
cmp dword [ebp - 0x10c], edi
ja loc_fffc9ed7  ; ja 0xfffc9ed7
jb short loc_fffc8f7e  ; jb 0xfffc8f7e
cmp dword [ebp - 0x110], esi
jae loc_fffc9ed7  ; jae 0xfffc9ed7

loc_fffc8f7e:  ; not directly referenced
push eax
mov eax, dword [ebp - 0x148]
shr eax, 7
and eax, 7
push eax
push 0
push 0x400000
call dword [ebp - 0x5c]  ; ucall
add esp, 0x10
cmp dword [ebp - 0x10c], edx
jb loc_fffc9109  ; jb 0xfffc9109
ja short loc_fffc8fb3  ; ja 0xfffc8fb3
cmp dword [ebp - 0x110], eax
jb loc_fffc9109  ; jb 0xfffc9109

loc_fffc8fb3:  ; not directly referenced
sub dword [ebp - 0x110], eax
mov edi, 1
sbb dword [ebp - 0x10c], edx
jmp near loc_fffc910b  ; jmp 0xfffc910b

loc_fffc8fc9:  ; not directly referenced
mov eax, dword [ebp - 0x168]
cmp dword [ebp - 0x10c], eax
ja loc_fffc90b6  ; ja 0xfffc90b6
jb short loc_fffc8fef  ; jb 0xfffc8fef
mov eax, dword [ebp - 0x164]
cmp dword [ebp - 0x110], eax
jae loc_fffc90b6  ; jae 0xfffc90b6

loc_fffc8fef:  ; not directly referenced
test dword [ebp - 0x154], 0x800000
je loc_fffc908a  ; je 0xfffc908a
mov eax, dword [ebp - 0x154]
mov edx, 1
xor edi, edi
mov esi, eax
and ax, 0x3fff
shr esi, 0x15
and esi, 3
mov ecx, esi
shl edx, cl
xor ecx, ecx
or eax, edx
and eax, dword [ebp - 0x110]
movzx eax, ax

loc_fffc9029:  ; not directly referenced
mov edx, eax
sar edx, cl
inc ecx
xor edi, edx
cmp ecx, 0xe
jne short loc_fffc9029  ; jne 0xfffc9029
push eax
and edi, 1
push esi
push 0
push 1
call dword [ebp - 0x5c]  ; ucall
add esp, 0xc
push esi
mov ebx, eax
mov ecx, edx
mov eax, dword [ebp - 0x110]
mov edx, dword [ebp - 0x10c]
not ebx
not ecx
and ebx, eax
and ecx, edx
xor edx, edx
mov dword [ebp - 0x138], ecx
mov ecx, ebx
and ecx, 1
push edx
push ecx
call dword [ebp - 0x5c]  ; ucall
mov ecx, dword [ebp - 0x138]
add esp, 0x10
or ebx, eax
or ecx, edx
mov dword [ebp - 0x110], ebx
mov dword [ebp - 0x10c], ecx
jmp short loc_fffc9093  ; jmp 0xfffc9093

loc_fffc908a:  ; not directly referenced
mov edi, dword [ebp - 0x110]
and edi, 1

loc_fffc9093:  ; not directly referenced
push eax
push 1
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
mov dword [ebp - 0x110], eax
mov dword [ebp - 0x10c], edx
jmp short loc_fffc910b  ; jmp 0xfffc910b

loc_fffc90b6:  ; not directly referenced
cmp dword [ebp - 0x10c], edi
ja loc_fffc9ed7  ; ja 0xfffc9ed7
jb short loc_fffc90d0  ; jb 0xfffc90d0
cmp dword [ebp - 0x110], esi
jae loc_fffc9ed7  ; jae 0xfffc9ed7

loc_fffc90d0:  ; not directly referenced
cmp dword [ebp - 0x144], 1
jne short loc_fffc90f1  ; jne 0xfffc90f1
mov eax, dword [ebp - 0x150]
mov edx, dword [ebp - 0x14c]
mov dword [ebp - 0x140], eax
mov dword [ebp - 0x13c], edx

loc_fffc90f1:  ; not directly referenced
mov eax, dword [ebp - 0x140]
mov edx, dword [ebp - 0x13c]
sub dword [ebp - 0x110], eax
sbb dword [ebp - 0x10c], edx

loc_fffc9109:  ; not directly referenced
xor edi, edi

loc_fffc910b:  ; not directly referenced
mov eax, dword [ebp - 0x148]
movzx edi, di
lea ecx, [edi + edi]
shr eax, cl
and eax, 1
mov word [ebp - 0x158], ax
movzx eax, ax
mov ebx, dword [ebp + eax*4 - 0x104]
mov dword [ebp - 0x16c], eax
lea eax, [ebp - 0xc4]
mov edx, ebx
call fcn_fffc3aea  ; call 0xfffc3aea
mov dword [ebp - 0x138], eax
lea eax, [ebp - 0xc4]
mov dword [ebp - 0x134], edx
mov edx, ebx
call fcn_fffc3acf  ; call 0xfffc3acf
mov ecx, ebx
shr ecx, 0x16
mov dword [ebp - 0x150], ecx
and dword [ebp - 0x150], 1
mov dword [ebp - 0x140], eax
mov eax, ebx
shr eax, 0x15
mov edi, eax
mov dword [ebp - 0x13c], edx
mov edx, ebx
and edi, 1
shr edx, 0x1a
mov dword [ebp - 0x164], edi
mov edi, edx
or eax, edx
and edi, 1
mov dword [ebp - 0x168], edi
test al, 1
je loc_fffc9266  ; je 0xfffc9266
push eax
push 1
push dword [ebp - 0x13c]
push dword [ebp - 0x140]
call dword [ebp - 0x5c]  ; ucall
add esp, 0x10
cmp dword [ebp - 0x10c], edx
ja short loc_fffc921a  ; ja 0xfffc921a
jb short loc_fffc91c8  ; jb 0xfffc91c8
cmp dword [ebp - 0x110], eax
jae short loc_fffc921a  ; jae 0xfffc921a

loc_fffc91c8:  ; not directly referenced
push eax
push 9
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0xc
push 1
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
mov esi, eax
call dword [ebp - 0x58]  ; ucall
mov ecx, dword [ebp - 0x110]
and esi, 1
add esp, 0x10
and ecx, 0x1ff
and eax, 0xfffffe00
or eax, ecx
mov dword [ebp - 0x110], eax
mov dword [ebp - 0x10c], edx
jmp near loc_fffc92d7  ; jmp 0xfffc92d7

loc_fffc921a:  ; not directly referenced
mov eax, dword [ebp - 0x140]
mov edx, dword [ebp - 0x13c]
add eax, dword [ebp - 0x138]
adc edx, dword [ebp - 0x134]
cmp dword [ebp - 0x10c], edx
ja loc_fffc9ed7  ; ja 0xfffc9ed7
jb short loc_fffc924c  ; jb 0xfffc924c
cmp dword [ebp - 0x110], eax
jae loc_fffc9ed7  ; jae 0xfffc9ed7

loc_fffc924c:  ; not directly referenced
mov eax, dword [ebp - 0x140]
mov edx, dword [ebp - 0x13c]
sub dword [ebp - 0x110], eax
sbb dword [ebp - 0x10c], edx
jmp short loc_fffc92d5  ; jmp 0xfffc92d5

loc_fffc9266:  ; not directly referenced
mov eax, dword [ebp - 0x134]
cmp dword [ebp - 0x10c], eax
jb short loc_fffc92d5  ; jb 0xfffc92d5
ja short loc_fffc9284  ; ja 0xfffc9284
mov eax, dword [ebp - 0x138]
cmp dword [ebp - 0x110], eax
jb short loc_fffc92d5  ; jb 0xfffc92d5

loc_fffc9284:  ; not directly referenced
mov eax, dword [ebp - 0x140]
mov edx, dword [ebp - 0x13c]
add eax, dword [ebp - 0x138]
adc edx, dword [ebp - 0x134]
cmp dword [ebp - 0x10c], edx
ja loc_fffc9ed7  ; ja 0xfffc9ed7
jb short loc_fffc92b6  ; jb 0xfffc92b6
cmp dword [ebp - 0x110], eax
jae loc_fffc9ed7  ; jae 0xfffc9ed7

loc_fffc92b6:  ; not directly referenced
mov eax, dword [ebp - 0x138]
mov esi, 1
mov edx, dword [ebp - 0x134]
sub dword [ebp - 0x110], eax
sbb dword [ebp - 0x10c], edx
jmp short loc_fffc92d7  ; jmp 0xfffc92d7

loc_fffc92d5:  ; not directly referenced
xor esi, esi

loc_fffc92d7:  ; not directly referenced
mov eax, dword [ebp - 0x148]
shr eax, 0xa
mov dword [ebp - 0x154], eax
mov eax, ebx
shr eax, 0x10
and eax, 1
mov word [ebp - 0x118], ax
and dword [ebp - 0x154], 1
xor word [ebp - 0x118], si
test si, si
je short loc_fffc9342  ; je 0xfffc9342
mov edx, dword [ebp - 0x148]
mov eax, ebx
mov ecx, ebx
shr eax, 0x12
mov edi, dword [ebp - 0x140]
mov dword [ebp - 0x138], eax
lea eax, [ebp - 0xc4]
and dword [ebp - 0x138], 1
call fcn_fffb8ec5  ; call 0xfffb8ec5
test ebx, 0x100000
mov word [ebp - 0x116], ax
jmp short loc_fffc937a  ; jmp 0xfffc937a

loc_fffc9342:  ; not directly referenced
mov edx, dword [ebp - 0x148]
mov eax, ebx
mov ecx, ebx
shr eax, 0x11
mov edi, dword [ebp - 0x138]
mov dword [ebp - 0x138], eax
lea eax, [ebp - 0xc4]
and dword [ebp - 0x138], 1
call fcn_fffb8f37  ; call 0xfffb8f37
test ebx, 0x80000
mov word [ebp - 0x116], ax

loc_fffc937a:  ; not directly referenced
je short loc_fffc9383  ; je 0xfffc9383
mov esi, 0x10
jmp short loc_fffc9392  ; jmp 0xfffc9392

loc_fffc9383:  ; not directly referenced
cmp dword [ebp - 0x154], 1
sbb esi, esi
and esi, 0xffffffe8
add esi, 0x20

loc_fffc9392:  ; not directly referenced
mov eax, dword [ebp - 0x148]
shr eax, 0xb
mov dword [ebp - 0x140], eax
and dword [ebp - 0x140], 1
cmp dword [ebp - 0x144], 1
jne short loc_fffc93cb  ; jne 0xfffc93cb
mov eax, dword [ebp - 0x110]
mov edx, eax
shr dx, 1
cmp dword [ebp - 0x140], 0
cmovne eax, edx
shl eax, 3
jmp short loc_fffc9403  ; jmp 0xfffc9403

loc_fffc93cb:  ; not directly referenced
push eax
push 3
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x5c]  ; ucall
add esp, 0xc
push 3
push dword [ebp - 0x12c]
push dword [ebp - 0x130]
mov dword [ebp - 0x160], eax
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
and eax, 7
or eax, dword [ebp - 0x160]

loc_fffc9403:  ; not directly referenced
mov cl, byte [ebp - 0x116]
mov edx, 1
shl edx, cl
lea ecx, [edx - 1]
mov word [ebp - 0x160], cx
and word [ebp - 0x160], ax
mov eax, dword [ebp - 0x160]
cmp dword [ebp - 0x140], 0
mov word [ebp - 0x156], ax
je loc_fffc993f  ; je 0xfffc993f
push ecx
push 8
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
mov ecx, dword [ebp - 0x110]
xor edx, edx
add esp, 0xc
push 2
and ecx, 1
push edx
push ecx
mov dword [ebp - 0x114], eax
call dword [ebp - 0x5c]  ; ucall
mov ecx, dword [ebp - 0x114]
add esp, 0x10
and ecx, 3
mov word [ebp - 0x114], cx
or word [ebp - 0x114], ax
mov al, byte [ebp - 0x168]
test byte [ebp - 0x138], al
mov eax, dword [ebp - 0x58]
je loc_fffc966d  ; je 0xfffc966d
shr ebx, 0x1b
and ebx, 7
cmp si, 8
jne loc_fffc95b3  ; jne 0xfffc95b3
push edx
push 7
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call eax
add esp, 0x10
mov esi, eax
and esi, 8
or esi, dword [ebp - 0x114]
cmp dword [ebp - 0x150], 0
jne short loc_fffc94d8  ; jne 0xfffc94d8
mov word [ebp - 0x114], si
jmp short loc_fffc9546  ; jmp 0xfffc9546

loc_fffc94d8:  ; not directly referenced
push eax
push 0xc
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0xc
push 9
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
mov dword [ebp - 0x114], eax
call dword [ebp - 0x58]  ; ucall
mov ecx, dword [ebp - 0x114]
add esp, 0xc
push 0xb
push dword [ebp - 0x10c]
and ecx, 3
mov word [ebp - 0x114], cx
and eax, 4
push dword [ebp - 0x110]
xor word [ebp - 0x114], ax
xor word [ebp - 0x114], si
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
and eax, 8
xor word [ebp - 0x114], ax

loc_fffc9546:  ; not directly referenced
lea eax, [ebx + 0xf]
movzx ebx, bx
push ecx
movzx eax, al
push eax
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0xc
push 0xb
push dword [ebp - 0x10c]
and eax, 1
push dword [ebp - 0x110]
mov word [ebp - 0x116], ax
call dword [ebp - 0x58]  ; ucall
lea ecx, [ebx + 4]
mov edx, 1
shl edx, cl
dec edx
mov ecx, edx
not ecx
mov esi, eax
and edx, eax
shr si, 1
mov eax, edi
mov word [ebp - 0x128], si
shr eax, 0xc
and word [ebp - 0x128], cx
or word [ebp - 0x128], dx
jmp near loc_fffc965d  ; jmp 0xfffc965d

loc_fffc95b3:  ; not directly referenced
cmp dword [ebp - 0x150], 0
je short loc_fffc95f5  ; je 0xfffc95f5
push edx
push 0xb
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call eax
add esp, 0xc
push 8
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
mov esi, eax
call dword [ebp - 0x58]  ; ucall
and esi, 3
add esp, 0x10
and eax, 4
xor esi, eax
xor word [ebp - 0x114], si

loc_fffc95f5:  ; not directly referenced
lea eax, [ebx + 0xe]
movzx ebx, bx
push esi
movzx eax, al
push eax
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0xc
push 0xa
push dword [ebp - 0x10c]
and eax, 1
push dword [ebp - 0x110]
mov word [ebp - 0x116], ax
call dword [ebp - 0x58]  ; ucall
lea ecx, [ebx + 4]
mov edx, 1
shl edx, cl
dec edx
mov ecx, edx
not ecx
mov esi, eax
and edx, eax
shr si, 1
mov eax, edi
mov word [ebp - 0x128], si
shr eax, 0xb
and word [ebp - 0x128], cx
or word [ebp - 0x128], dx

loc_fffc965d:  ; not directly referenced
dec eax

loc_fffc965e:  ; not directly referenced
and word [ebp - 0x128], ax

loc_fffc9665:  ; not directly referenced
add esp, 0x10
jmp near loc_fffc9d70  ; jmp 0xfffc9d70

loc_fffc966d:  ; not directly referenced
mov cl, byte [ebp - 0x164]
test byte [ebp - 0x138], cl
je loc_fffc97da  ; je 0xfffc97da
push ecx
push 0xa
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call eax
add esp, 0x10
and eax, 1
cmp si, 8
mov word [ebp - 0x116], ax
mov eax, dword [ebp - 0x58]
jne loc_fffc9756  ; jne 0xfffc9756
push edx
push 8
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call eax
add esp, 0x10
and eax, 8
or word [ebp - 0x114], ax
cmp dword [ebp - 0x150], 0
je short loc_fffc973f  ; je 0xfffc973f
push eax
push 0xd
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0xc
push 0xa
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
mov ebx, eax
call dword [ebp - 0x58]  ; ucall
and ebx, 3
mov esi, dword [ebp - 0x10c]
add esp, 0xc
push 0xd
push esi
and eax, 4
xor ebx, eax
xor word [ebp - 0x114], bx
mov ebx, dword [ebp - 0x110]
push ebx
call dword [ebp - 0x58]  ; ucall
add esp, 0xc
push 0xf
push esi
push ebx
and eax, 8
xor word [ebp - 0x114], ax
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
and eax, 1
xor word [ebp - 0x116], ax

loc_fffc973f:  ; not directly referenced
push esi
push 0xc
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
shr edi, 0xc
jmp short loc_fffc97cb  ; jmp 0xfffc97cb

loc_fffc9756:  ; not directly referenced
cmp dword [ebp - 0x150], 0
je short loc_fffc97b6  ; je 0xfffc97b6
push ebx
push 0xc
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call eax
add esp, 0xc
push 9
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
mov ebx, eax
call dword [ebp - 0x58]  ; ucall
and ebx, 3
add esp, 0xc
push 0xe
push dword [ebp - 0x10c]
and eax, 4
push dword [ebp - 0x110]
xor ebx, eax
xor word [ebp - 0x114], bx
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
and eax, 1
xor word [ebp - 0x116], ax

loc_fffc97b6:  ; not directly referenced
push ecx
push 0xb
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
shr edi, 0xb

loc_fffc97cb:  ; not directly referenced
lea edi, [edi - 1]
mov word [ebp - 0x128], di
jmp near loc_fffc965e  ; jmp 0xfffc965e

loc_fffc97da:  ; not directly referenced
mov edx, edi
shr edx, 1
test dword [ebp - 0x110], edx
setne dl
mov ecx, edx
and ecx, dword [ebp - 0x138]
mov word [ebp - 0x116], cx
cmp si, 8
jne loc_fffc98d1  ; jne 0xfffc98d1
push edx
push 7
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call eax
add esp, 0x10
mov ebx, eax
and ebx, 8
or ebx, dword [ebp - 0x114]
cmp dword [ebp - 0x150], 0
jne short loc_fffc9831  ; jne 0xfffc9831
mov word [ebp - 0x114], bx
jmp short loc_fffc9895  ; jmp 0xfffc9895

loc_fffc9831:  ; not directly referenced
push eax
push 0xc
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0xc
push 9
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
mov esi, eax
call dword [ebp - 0x58]  ; ucall
and esi, 3
mov word [ebp - 0x114], si
add esp, 0xc
push 0xb
push dword [ebp - 0x10c]
and eax, 4
push dword [ebp - 0x110]
xor word [ebp - 0x114], ax
xor word [ebp - 0x114], bx
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
and eax, 8
xor word [ebp - 0x114], ax

loc_fffc9895:  ; not directly referenced
push esi
push 0xb
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
xor edx, edx
add esp, 0xc
mov ebx, eax
mov eax, dword [ebp - 0x138]
add eax, 0xb
push eax
push edx
push edi
call dword [ebp - 0x58]  ; ucall
dec eax
mov word [ebp - 0x128], ax
and word [ebp - 0x128], bx
jmp near loc_fffc9665  ; jmp 0xfffc9665

loc_fffc98d1:  ; not directly referenced
cmp dword [ebp - 0x150], 0
je short loc_fffc9913  ; je 0xfffc9913
push ebx
push 0xb
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call eax
add esp, 0xc
push 8
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
mov ebx, eax
call dword [ebp - 0x58]  ; ucall
and ebx, 3
add esp, 0x10
and eax, 4
xor ebx, eax
xor word [ebp - 0x114], bx

loc_fffc9913:  ; not directly referenced
push ecx
push 0xa
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
mov ecx, dword [ebp - 0x138]
add ecx, 0xa
shr edi, cl
lea esi, [edi - 1]
mov word [ebp - 0x128], si
jmp near loc_fffc965e  ; jmp 0xfffc965e

loc_fffc993f:  ; not directly referenced
cmp word [ebp - 0x116], 9
jne short loc_fffc9976  ; jne 0xfffc9976
push edx
push 1
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x5c]  ; ucall
mov ecx, dword [ebp - 0x144]
add esp, 0x10
dec ecx
mov dword [ebp - 0x110], eax
lea eax, [edi + edi]
mov dword [ebp - 0x10c], edx
jmp short loc_fffc99ac  ; jmp 0xfffc99ac

loc_fffc9976:  ; not directly referenced
cmp word [ebp - 0x116], 0xb
jne short loc_fffc99af  ; jne 0xfffc99af
push eax
push 1
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
mov dword [ebp - 0x110], eax
mov eax, edi
shr eax, 1
cmp dword [ebp - 0x144], 1
mov dword [ebp - 0x10c], edx

loc_fffc99ac:  ; not directly referenced
cmove edi, eax

loc_fffc99af:  ; not directly referenced
mov al, byte [ebp - 0x168]
test byte [ebp - 0x138], al
je loc_fffc9a86  ; je 0xfffc9a86
shr ebx, 0x1b
and ebx, 7
push eax
lea eax, [ebx + 0xe]
movzx eax, al
push eax
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0xc
push 7
push dword [ebp - 0x10c]
and eax, 1
push dword [ebp - 0x110]
mov word [ebp - 0x116], ax
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
and eax, 7
cmp dword [ebp - 0x150], 0
mov word [ebp - 0x114], ax
je short loc_fffc9a31  ; je 0xfffc9a31
push eax
push 0xa
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
and eax, 7
xor word [ebp - 0x114], ax

loc_fffc9a31:  ; not directly referenced
push eax
movzx ebx, bx
push 0xa
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
lea ecx, [ebx + 4]
mov edx, 1
shl edx, cl
lea ecx, [edx - 1]
mov ebx, ecx
add esp, 0x10
not ebx
mov edx, eax
and eax, ecx
shr dx, 1
and edx, ebx
or edx, eax
mov al, byte [ebp - 0x144]
lea ecx, [eax + 0xa]
mov eax, edi
shr eax, cl
dec eax
mov word [ebp - 0x128], ax
and word [ebp - 0x128], dx
jmp near loc_fffc9d70  ; jmp 0xfffc9d70

loc_fffc9a86:  ; not directly referenced
mov al, byte [ebp - 0x164]
test byte [ebp - 0x138], al
je loc_fffc9b61  ; je 0xfffc9b61
cmp dword [ebp - 0x150], 0
je short loc_fffc9acb  ; je 0xfffc9acb
mov esi, dword [ebp - 0x10c]
mov ebx, dword [ebp - 0x110]
push eax
push 4
push esi
push ebx
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
mov dword [ebp - 0x10c], esi
and eax, 0x780
xor eax, ebx
mov dword [ebp - 0x110], eax

loc_fffc9acb:  ; not directly referenced
mov esi, dword [ebp - 0x10c]
mov ebx, dword [ebp - 0x110]
push eax
push 9
push esi
push ebx
call dword [ebp - 0x58]  ; ucall
add esp, 0xc
push 8
push esi
push ebx
mov dword [ebp - 0x110], ebx
and eax, 1
mov word [ebp - 0x116], ax
mov dword [ebp - 0x10c], esi
call dword [ebp - 0x58]  ; ucall
add esp, 0xc
push 7
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
mov ebx, eax
call dword [ebp - 0x58]  ; ucall
add esp, 0xc
and ebx, 4
push 0xb
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
and eax, 3
mov word [ebp - 0x114], ax
or word [ebp - 0x114], bx
call dword [ebp - 0x58]  ; ucall
mov cl, byte [ebp - 0x144]
add esp, 0x10
add ecx, 0xa
shr edi, cl
lea edi, [edi - 1]
mov word [ebp - 0x128], di
and word [ebp - 0x128], ax
jmp near loc_fffc9d70  ; jmp 0xfffc9d70

loc_fffc9b61:  ; not directly referenced
cmp dword [ebp - 0x144], 1
jne loc_fffc9c03  ; jne 0xfffc9c03
mov ecx, dword [ebp - 0x110]
mov eax, edi
shr eax, 1
mov ebx, dword [ebp - 0x10c]
push esi
push 7
test ecx, eax
setne al
and eax, dword [ebp - 0x138]
push ebx
push ecx
mov word [ebp - 0x116], ax
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
and eax, 7
cmp dword [ebp - 0x150], 0
mov word [ebp - 0x114], ax
je short loc_fffc9bcd  ; je 0xfffc9bcd
push ebx
push 0xa
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
and eax, 7
xor word [ebp - 0x114], ax

loc_fffc9bcd:  ; not directly referenced
push ecx
push 0xa
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
mov ecx, dword [ebp - 0x138]
add esp, 0x10
add ecx, 0xa
shr edi, cl
lea esi, [edi - 1]
mov word [ebp - 0x128], si
and word [ebp - 0x128], ax
jmp near loc_fffc9d7d  ; jmp 0xfffc9d7d

loc_fffc9c03:  ; not directly referenced
cmp dword [ebp - 0x138], 0
je loc_fffc9cf2  ; je 0xfffc9cf2
mov al, byte [ebp - 0x154]
and eax, 1
cmp word [ebp - 0x116], 0xb
sete dl
test dl, al
je short loc_fffc9c48  ; je 0xfffc9c48
cmp edi, 0x4000000
je short loc_fffc9c43  ; je 0xfffc9c43
cmp edi, 0x8000000
jne loc_fffc9ec0  ; jne 0xfffc9ec0
mov edi, 0x4000000
jmp short loc_fffc9c48  ; jmp 0xfffc9c48

loc_fffc9c43:  ; not directly referenced
mov edi, 0x2000000

loc_fffc9c48:  ; not directly referenced
cmp word [ebp - 0x116], 9
sete dl
test dl, al
je short loc_fffc9c64  ; je 0xfffc9c64
cmp edi, 0x1000000
je short loc_fffc9cc6  ; je 0xfffc9cc6
jmp near loc_fffc9ec0  ; jmp 0xfffc9ec0

loc_fffc9c64:  ; not directly referenced
cmp edi, 0x2000000
je short loc_fffc9cc6  ; je 0xfffc9cc6
ja short loc_fffc9c8e  ; ja 0xfffc9c8e
cmp edi, 0x800000
je short loc_fffc9cae  ; je 0xfffc9cae
cmp edi, 0x1000000
jne loc_fffc9ec0  ; jne 0xfffc9ec0
mov eax, 0x17
mov esi, 0x7ffc00
jmp short loc_fffc9cd0  ; jmp 0xfffc9cd0

loc_fffc9c8e:  ; not directly referenced
cmp edi, 0x4000000
je short loc_fffc9cba  ; je 0xfffc9cba
cmp edi, 0x8000000
jne loc_fffc9ec0  ; jne 0xfffc9ec0
mov eax, 0x1a
mov esi, 0x3fffc00
jmp short loc_fffc9cd0  ; jmp 0xfffc9cd0

loc_fffc9cae:  ; not directly referenced
mov eax, 0x16
mov esi, 0x3ffc00
jmp short loc_fffc9cd0  ; jmp 0xfffc9cd0

loc_fffc9cba:  ; not directly referenced
mov eax, 0x19
mov esi, 0x1fffc00
jmp short loc_fffc9cd0  ; jmp 0xfffc9cd0

loc_fffc9cc6:  ; not directly referenced
mov eax, 0x18
mov esi, 0xfffc00

loc_fffc9cd0:  ; not directly referenced
push edx
xor ebx, ebx
push eax
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
and eax, 1
mov word [ebp - 0x116], ax
jmp short loc_fffc9d03  ; jmp 0xfffc9d03

loc_fffc9cf2:  ; not directly referenced
mov word [ebp - 0x116], 0
mov esi, 0xfffffc00
or ebx, 0xffffffff

loc_fffc9d03:  ; not directly referenced
push eax
push 7
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
and eax, 7
cmp dword [ebp - 0x150], 0
mov word [ebp - 0x114], ax
je short loc_fffc9d4a  ; je 0xfffc9d4a
push edi
push 0xa
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
and eax, 7
xor word [ebp - 0x114], ax

loc_fffc9d4a:  ; not directly referenced
mov edi, dword [ebp - 0x10c]
mov ecx, esi
mov esi, dword [ebp - 0x110]
and edi, ebx
push ebx
and ecx, esi
push 0xa
push edi
push ecx
call dword [ebp - 0x58]  ; ucall
mov word [ebp - 0x128], ax
jmp near loc_fffc9ebb  ; jmp 0xfffc9ebb

loc_fffc9d70:  ; not directly referenced
cmp dword [ebp - 0x144], 1
jne loc_fffc9ecb  ; jne 0xfffc9ecb

loc_fffc9d7d:  ; not directly referenced
movzx esi, word [ebp - 0x116]
xor ebx, ebx
movzx edi, word [ebp - 0x118]

loc_fffc9d8d:  ; not directly referenced
push ecx
push 0x3f
push dword [ebp + ebx*2 - 0xe4]
push dword [ebp + ebx*2 - 0xe8]
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
test al, 1
je short loc_fffc9dea  ; je 0xfffc9dea
sub esp, 0xc
movzx eax, word [ebp - 0x160]
mov ecx, esi
push dword [ebp - 0x148]
mov edx, edi
push dword [ebp + ebx - 0xf8]
push eax
movzx eax, word [ebp - 0x128]
push eax
movzx eax, word [ebp - 0x114]
push eax
mov eax, dword [ebp - 0x16c]
call fcn_fffce2bd  ; call 0xfffce2bd
add esp, 0x20
test eax, eax
jne loc_fffc9ed7  ; jne 0xfffc9ed7

loc_fffc9dea:  ; not directly referenced
add ebx, 4
cmp ebx, 0x10
jne short loc_fffc9d8d  ; jne 0xfffc9d8d
xor bl, bl

loc_fffc9df4:  ; not directly referenced
push edx
mov ecx, dword [ebp - 0x12c]
push dword [ebp + ebx*8 - 0xe4]
push dword [ebp + ebx*8 - 0xe8]
mov edx, dword [ebp - 0x130]
lea eax, [ebp - 0xc4]
push 0
call fcn_fffb6511  ; call 0xfffb6511
add esp, 0x10
test eax, eax
je short loc_fffc9e95  ; je 0xfffc9e95
mov eax, dword [ebp + ebx*4 - 0xf8]
mov edx, eax
shr edx, 0x1d
mov esi, edx
mov edx, eax
and esi, 1
shr edx, 0xc
cmp dword [ebp - 0x140], 0
mov word [ebp - 0x158], si
jne loc_fffc9f2a  ; jne 0xfffc9f2a
mov edi, edx
mov edx, eax
and edi, 1
shr edx, 0xb
mov word [ebp - 0x118], di
mov esi, edx
mov edi, eax
and esi, 1
shr edi, 8
mov word [ebp - 0x116], si
mov esi, edi
and esi, 7
mov word [ebp - 0x114], si

loc_fffc9e7b:  ; not directly referenced
mov edi, eax
movzx eax, al
shr edi, 0xd
shl eax, 3
mov dword [ebp - 0x128], edi
mov word [ebp - 0x156], ax
jmp short loc_fffc9e9f  ; jmp 0xfffc9e9f

loc_fffc9e95:  ; not directly referenced
inc ebx
cmp ebx, 4
jne loc_fffc9df4  ; jne 0xfffc9df4

loc_fffc9e9f:  ; not directly referenced
push eax
push 3
push dword [ebp - 0x12c]
push dword [ebp - 0x130]
call dword [ebp - 0x58]  ; ucall
and eax, 7
or word [ebp - 0x156], ax

loc_fffc9ebb:  ; not directly referenced
add esp, 0x10
jmp short loc_fffc9ecb  ; jmp 0xfffc9ecb

loc_fffc9ec0:  ; not directly referenced
mov word [ebp - 0x116], 0
jmp short loc_fffc9ee1  ; jmp 0xfffc9ee1

loc_fffc9ecb:  ; not directly referenced
mov dword [ebp - 0x140], 1
jmp short loc_fffc9ee1  ; jmp 0xfffc9ee1

loc_fffc9ed7:  ; not directly referenced
mov dword [ebp - 0x140], 0

loc_fffc9ee1:  ; not directly referenced
mov eax, dword [ebp + 0x10]
mov ecx, dword [ebp - 0x128]
mov si, word [ebp - 0x156]
mov byte [eax], 0
mov edi, eax
mov al, byte [ebp - 0x158]
mov word [edi + 7], cx
mov word [edi + 5], si
mov byte [edi + 1], al
mov al, byte [ebp - 0x118]
mov byte [edi + 2], al
mov al, byte [ebp - 0x116]
mov byte [edi + 3], al
mov al, byte [ebp - 0x114]
mov byte [edi + 4], al
mov al, byte [ebp - 0x140]
jmp short loc_fffc9f55  ; jmp 0xfffc9f55

loc_fffc9f2a:  ; not directly referenced
mov esi, edx
mov edi, eax
and esi, 1
shr edi, 8
mov word [ebp - 0x116], si
mov esi, edi
and esi, 0xf
mov word [ebp - 0x114], si
mov word [ebp - 0x118], 0
jmp near loc_fffc9e7b  ; jmp 0xfffc9e7b

loc_fffc9f55:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc9f5d:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x4c
mov eax, dword [ebp + 8]
call fcn_fffaa4a9  ; call 0xfffaa4a9
mov esi, eax
test eax, eax
jne loc_fffcad7f  ; jne 0xfffcad7f
mov eax, dword [ebp + 8]
call fcn_fffa67d6  ; call 0xfffa67d6
mov esi, eax
test eax, eax
jne loc_fffcad7f  ; jne 0xfffcad7f
mov eax, dword [ebp + 8]
mov ecx, 0xf
mov edx, 0x4d94
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
cmp dword [eax + 0x2481], 3
jne loc_fffca108  ; jne 0xfffca108
mov ecx, 0xf
mov edx, 0x4d90
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
mov edx, 0x5030
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x5030
or eax, 0x400000
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
mov edx, 1
call fcn_fffa82f9  ; call 0xfffa82f9
mov eax, dword [ebp + 8]
cmp dword [eax + 0x3757], 2
jne short loc_fffca006  ; jne 0xfffca006
movzx ecx, byte [eax + 0x47e9]
mov edx, 0x4192
call fcn_fffb335b  ; call 0xfffb335b

loc_fffca006:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x4b1a], 2
jne short loc_fffca023  ; jne 0xfffca023
movzx ecx, byte [eax + 0x5bac]
mov edx, 0x4592
call fcn_fffb335b  ; call 0xfffb335b

loc_fffca023:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 0xbb8
xor ebx, ebx
call fcn_fffa82f9  ; call 0xfffa82f9
mov eax, dword [ebp + 8]
lea edi, [eax + 0x3757]

loc_fffca03b:  ; not directly referenced
cmp dword [edi], 2
je short loc_fffca05d  ; je 0xfffca05d

loc_fffca040:  ; not directly referenced
inc ebx
add edi, 0x13c3
cmp ebx, 2
jne short loc_fffca03b  ; jne 0xfffca03b
mov eax, dword [ebp + 8]
mov edx, 0x96
xor esi, esi
call fcn_fffa82f9  ; call 0xfffa82f9
jmp short loc_fffca0da  ; jmp 0xfffca0da

loc_fffca05d:  ; not directly referenced
mov dword [ebp - 0x30], 0

loc_fffca064:  ; not directly referenced
mov cl, byte [ebp - 0x30]
mov eax, 1
shl eax, cl
test byte [edi + 0xc4], al
jne short loc_fffca081  ; jne 0xfffca081

loc_fffca076:  ; not directly referenced
inc dword [ebp - 0x30]
cmp dword [ebp - 0x30], 4
jne short loc_fffca064  ; jne 0xfffca064
jmp short loc_fffca040  ; jmp 0xfffca040

loc_fffca081:  ; not directly referenced
mov esi, dword [ebp + 8]
cmp byte [esi + 0x247d], 0
je short loc_fffca0ba  ; je 0xfffca0ba
push 0
mov ecx, eax
mov eax, dword [ebp + 8]
lea esi, [ebp - 0x24]
mov edx, ebx
push esi
push 0
push 7
mov dword [ebp - 0x24], 0x8600
call fcn_fffa947f  ; call 0xfffa947f
mov eax, dword [ebp + 8]
mov edx, 0xf
call fcn_fffa82f9  ; call 0xfffa82f9
add esp, 0x10

loc_fffca0ba:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, ebx
push ecx
mov ecx, dword [ebp - 0x30]
push 1
push 0xfc
push 0x3f
call fcn_fffacb43  ; call 0xfffacb43
add esp, 0x10
mov esi, eax
test eax, eax
je short loc_fffca076  ; je 0xfffca076

loc_fffca0da:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp byte [eax + 0x247d], 0
je short loc_fffca0f4  ; je 0xfffca0f4
sub esp, 0xc
push eax
call fcn_fffae06f  ; call 0xfffae06f
add esp, 0x10
mov esi, eax

loc_fffca0f4:  ; not directly referenced
mov eax, dword [ebp + 8]
xor ecx, ecx
mov edx, 0x4d94
call fcn_fffb38b3  ; call 0xfffb38b3
jmp near loc_fffcad89  ; jmp 0xfffcad89

loc_fffca108:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, dword [eax + 0x1887]
mov esi, dword [eax + 0x2444]
cmp edx, 0x306d0
sete al
cmp edx, 0x40650
sete dl
or eax, edx
movzx eax, al
mov dword [ebp - 0x34], eax
mov edi, eax
mov eax, dword [ebp + 8]
mov ebx, dword [eax + 0x18c1]
push 0xf0
push 0
push 0x1f
push 0
call dword [esi + 0x4c]  ; ucall
add ebx, eax
mov dword [esp], ebx
xor ebx, ebx
call dword [esi + 0x20]  ; ucall
add esp, 0x10
mov dword [ebp - 0x30], eax
and dword [ebp - 0x30], 0xfffffffe
test edi, edi
je short loc_fffca184  ; je 0xfffca184
mov eax, dword [ebp - 0x30]
sub esp, 0xc
lea edi, [eax + 0x333c]
push edi
call dword [esi + 0x20]  ; ucall
mov ebx, eax
pop eax
or ebx, 0x4000000
pop edx
push ebx
push edi
call dword [esi + 0x30]  ; ucall
add esp, 0x10

loc_fffca184:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ecx, 0x102
mov edx, 0x5030
mov edi, 0x102
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
mov ecx, 0xf
mov edx, 0x4d90
call fcn_fffb3381  ; call 0xfffb3381
cmp dword [ebp - 0x34], 0
je short loc_fffca1cd  ; je 0xfffca1cd
push eax
and ebx, 0xfbffffff
push eax
mov eax, dword [ebp - 0x30]
push ebx
add eax, 0x333c
push eax
call dword [esi + 0x30]  ; ucall
add esp, 0x10
jmp short loc_fffca1ee  ; jmp 0xfffca1ee

loc_fffca1cd:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 0x5030
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x5030
mov edi, eax
mov eax, dword [ebp + 8]
and edi, 0xfffffffd
mov ecx, edi
call fcn_fffb3381  ; call 0xfffb3381

loc_fffca1ee:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 0xc8
mov ecx, dword [ebp + 8]
mov eax, dword [eax + 0x18a7]
mov ecx, dword [ecx + eax*4 + 0x3736]
test ecx, ecx
je loc_fffca29f  ; je 0xfffca29f
mov eax, dword [ebp + 8]
cmp byte [eax + 0x247a], 0
jne loc_fffca29f  ; jne 0xfffca29f
mov edx, dword [eax + 0x2444]
mov dword [ebp - 0x3c], ecx
push ecx
movzx eax, byte [eax + 0x187f]
mov dword [ebp - 0x38], edx
push eax
mov eax, dword [ebp + 8]
movzx eax, byte [eax + 0x18b0]
push eax
mov eax, dword [ebp + 8]
push dword [eax + 0x18c1]
call dword [edx + 0x88]  ; ucall
mov ecx, dword [ebp - 0x3c]
add esp, 0x10
cmp ecx, eax
je short loc_fffca283  ; je 0xfffca283
mov eax, dword [ebp + 8]
push ecx
mov edx, dword [ebp - 0x38]
movzx eax, byte [eax + 0x187f]
push eax
mov eax, dword [ebp + 8]
movzx eax, byte [eax + 0x18b0]
push eax
mov eax, dword [ebp + 8]
push dword [eax + 0x18c1]
call dword [edx + 0x8c]  ; ucall
add esp, 0x10

loc_fffca283:  ; not directly referenced
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x18ee]
mov dword [ebp - 0x38], eax
lea edx, [eax + 0xc8]
mov eax, dword [ebp + 8]
mov byte [eax + 0x247a], 1

loc_fffca29f:  ; not directly referenced
imul edx, edx, 0xf
mov eax, dword [ebp + 8]
call fcn_fffa82f9  ; call 0xfffa82f9
cmp dword [ebp - 0x34], 0
je short loc_fffca2ca  ; je 0xfffca2ca
push eax
or ebx, 0x4000000
push eax
mov eax, dword [ebp - 0x30]
push ebx
add eax, 0x333c
push eax
call dword [esi + 0x30]  ; ucall
add esp, 0x10
jmp short loc_fffca2dc  ; jmp 0xfffca2dc

loc_fffca2ca:  ; not directly referenced
mov eax, dword [ebp + 8]
or edi, 2
mov edx, 0x5030
mov ecx, edi
call fcn_fffb3381  ; call 0xfffb3381

loc_fffca2dc:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 0x1d4c
or edi, 0x400000
call fcn_fffa82f9  ; call 0xfffa82f9
mov eax, dword [ebp + 8]
mov ecx, edi
mov edx, 0x5030
call fcn_fffb3381  ; call 0xfffb3381
mov eax, dword [ebp + 8]
mov edx, 1
call fcn_fffa82f9  ; call 0xfffa82f9
mov eax, dword [ebp + 8]
cmp dword [eax + 0x3757], 2
jne short loc_fffca328  ; jne 0xfffca328
movzx ecx, byte [eax + 0x381b]
mov edx, 0x4192
call fcn_fffb335b  ; call 0xfffb335b

loc_fffca328:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x4b1a], 2
jne short loc_fffca345  ; jne 0xfffca345
movzx ecx, byte [eax + 0x4bde]
mov edx, 0x4592
call fcn_fffb335b  ; call 0xfffb335b

loc_fffca345:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 1
call fcn_fffa82f9  ; call 0xfffa82f9
mov eax, dword [ebp + 8]
cmp dword [eax + 0x2481], 2
jne loc_fffca94c  ; jne 0xfffca94c
mov edi, dword [eax + 0x36d8]
xor eax, eax
cmp edi, 0x640
jbe short loc_fffca37d  ; jbe 0xfffca37d
cmp edi, 0x961
sbb eax, eax
add eax, 2

loc_fffca37d:  ; not directly referenced
mov esi, dword [ebp + 8]
cmp al, 3
mov bl, 3
cmovbe ebx, eax
xor eax, eax
and ebx, 3
shl ebx, 9
add esi, 0x374f
mov byte [ebp - 0x30], 0
mov dword [ebp - 0x34], esi

loc_fffca39c:  ; not directly referenced
test eax, eax
sete cl
cmp byte [ebp - 0x30], 1
setbe dl
test cl, dl
je loc_fffca45f  ; je 0xfffca45f
movzx edx, byte [ebp - 0x30]
xor eax, eax
mov ecx, dword [ebp + 8]
imul esi, edx, 0x13c3
add ecx, esi
cmp dword [ecx + 0x3757], 2
jne loc_fffca457  ; jne 0xfffca457
mov eax, dword [ebp - 0x34]
lea eax, [eax + esi + 8]
test byte [ecx + 0x381b], 1
je short loc_fffca407  ; je 0xfffca407
mov esi, dword [ebp + 8]
cmp byte [esi + 0x247c], 0
jne short loc_fffca3fe  ; jne 0xfffca3fe
mov word [eax + 0x1271], bx
mov word [eax + 0x1289], bx

loc_fffca3f8:  ; not directly referenced
mov word [ebp - 0x24], bx
jmp short loc_fffca407  ; jmp 0xfffca407

loc_fffca3fe:  ; not directly referenced
mov bx, word [eax + 0x1271]
jmp short loc_fffca3f8  ; jmp 0xfffca3f8

loc_fffca407:  ; not directly referenced
imul ecx, edx, 0x13c3
mov esi, dword [ebp + 8]
test byte [esi + ecx + 0x381b], 4
je short loc_fffca440  ; je 0xfffca440
cmp byte [esi + 0x247c], 0
jne short loc_fffca437  ; jne 0xfffca437
mov word [eax + 0x1399], bx
mov word [eax + 0x13b1], bx

loc_fffca431:  ; not directly referenced
mov word [ebp - 0x22], bx
jmp short loc_fffca440  ; jmp 0xfffca440

loc_fffca437:  ; not directly referenced
mov bx, word [eax + 0x1399]
jmp short loc_fffca431  ; jmp 0xfffca431

loc_fffca440:  ; not directly referenced
sub esp, 0xc
mov ecx, 3
lea eax, [ebp - 0x24]
push eax
mov eax, dword [ebp + 8]
call fcn_fffad688  ; call 0xfffad688
add esp, 0x10

loc_fffca457:  ; not directly referenced
inc byte [ebp - 0x30]
jmp near loc_fffca39c  ; jmp 0xfffca39c

loc_fffca45f:  ; not directly referenced
mov esi, eax
test eax, eax
jne loc_fffcad7f  ; jne 0xfffcad7f
mov eax, dword [ebp + 8]
mov bl, 4
movzx eax, byte [eax + 0x247e]
mov dword [ebp - 0x34], eax
cmp edi, 0x535
jbe short loc_fffca495  ; jbe 0xfffca495
mov bl, 5
cmp edi, 0x74b
jbe short loc_fffca495  ; jbe 0xfffca495
cmp edi, 0x961
sbb ebx, ebx
add ebx, 7

loc_fffca495:  ; not directly referenced
sub ebx, 4
mov al, 3
cmp bl, 3
cmova ebx, eax
mov eax, dword [ebp + 8]
xor esi, esi
and ebx, 7
shl ebx, 0xa
or bl, 0x8d
mov byte [ebp - 0x30], 0
lea edi, [eax + 0x374f]

loc_fffca4b8:  ; not directly referenced
test esi, esi
sete dl
cmp byte [ebp - 0x30], 1
setbe al
test dl, al
je loc_fffca586  ; je 0xfffca586
movzx edx, byte [ebp - 0x30]
xor esi, esi
mov ecx, dword [ebp + 8]
imul eax, edx, 0x13c3
add ecx, eax
cmp dword [ecx + 0x3757], 2
jne loc_fffca57e  ; jne 0xfffca57e
lea eax, [edi + eax + 8]
test byte [ecx + 0x381b], 1
je short loc_fffca526  ; je 0xfffca526
mov esi, dword [ebp + 8]
cmp byte [esi + 0x247c], 0
je short loc_fffca510  ; je 0xfffca510

loc_fffca503:  ; not directly referenced
mov bx, word [eax + 0x1277]

loc_fffca50a:  ; not directly referenced
mov word [ebp - 0x24], bx
jmp short loc_fffca526  ; jmp 0xfffca526

loc_fffca510:  ; not directly referenced
cmp dword [ebp - 0x34], 0
jne short loc_fffca503  ; jne 0xfffca503
mov word [eax + 0x1277], bx
mov word [eax + 0x128f], bx
jmp short loc_fffca50a  ; jmp 0xfffca50a

loc_fffca526:  ; not directly referenced
imul ecx, edx, 0x13c3
mov esi, dword [ebp + 8]
test byte [esi + ecx + 0x381b], 4
je short loc_fffca565  ; je 0xfffca565
cmp byte [esi + 0x247c], 0
je short loc_fffca54f  ; je 0xfffca54f

loc_fffca542:  ; not directly referenced
mov bx, word [eax + 0x139f]

loc_fffca549:  ; not directly referenced
mov word [ebp - 0x22], bx
jmp short loc_fffca565  ; jmp 0xfffca565

loc_fffca54f:  ; not directly referenced
cmp dword [ebp - 0x34], 0
jne short loc_fffca542  ; jne 0xfffca542
mov word [eax + 0x139f], bx
mov word [eax + 0x13b7], bx
jmp short loc_fffca549  ; jmp 0xfffca549

loc_fffca565:  ; not directly referenced
sub esp, 0xc
mov ecx, 6
lea eax, [ebp - 0x24]
push eax
mov eax, dword [ebp + 8]
call fcn_fffad688  ; call 0xfffad688
add esp, 0x10
mov esi, eax

loc_fffca57e:  ; not directly referenced
inc byte [ebp - 0x30]
jmp near loc_fffca4b8  ; jmp 0xfffca4b8

loc_fffca586:  ; not directly referenced
mov dword [ebp - 0x38], esi
test esi, esi
jne loc_fffcad7f  ; jne 0xfffcad7f
mov eax, dword [ebp + 8]
mov ebx, 0x20
mov byte [ebp - 0x30], 0
add eax, 0x374f
mov dword [ebp - 0x40], eax

loc_fffca5a5:  ; not directly referenced
test esi, esi
sete dl
cmp byte [ebp - 0x30], 1
setbe al
test dl, al
je loc_fffca67c  ; je 0xfffca67c
movzx eax, byte [ebp - 0x30]
imul edx, eax, 0x13c3
mov dword [ebp - 0x34], eax
mov eax, dword [ebp + 8]
add eax, edx
cmp dword [eax + 0x3757], 2
jne loc_fffca671  ; jne 0xfffca671
mov edi, dword [ebp - 0x40]
mov dword [ebp - 0x3c], eax
lea esi, [edi + edx + 0x127d]
xor edi, edi

loc_fffca5e7:  ; not directly referenced
mov ecx, edi
mov eax, 1
shl eax, cl
mov ecx, dword [ebp - 0x3c]
test byte [ecx + 0x381b], al
je short loc_fffca645  ; je 0xfffca645
mov eax, dword [ebp + 8]
cmp byte [eax + 0x247c], 0
je short loc_fffca60c  ; je 0xfffca60c
mov bx, word [esi]
jmp short loc_fffca640  ; jmp 0xfffca640

loc_fffca60c:  ; not directly referenced
mov edx, dword [ebp - 0x34]
mov eax, dword [ebp + 8]
call fcn_fffa6bf0  ; call 0xfffa6bf0
test eax, eax
je loc_fffcab2e  ; je 0xfffcab2e
movzx ecx, byte [eax + 2]
sub esp, 0xc
mov edx, dword [ebp + 8]
lea eax, [ebp - 0x2a]
push ebx
call fcn_fffa6c59  ; call 0xfffa6c59
mov bx, word [ebp - 0x2a]
add esp, 0x10
mov word [esi], bx
mov word [esi + 0x18], bx

loc_fffca640:  ; not directly referenced
mov word [ebp + edi - 0x24], bx

loc_fffca645:  ; not directly referenced
add edi, 2
add esi, 0x128
cmp edi, 4
jne short loc_fffca5e7  ; jne 0xfffca5e7
sub esp, 0xc
mov edx, dword [ebp - 0x34]
mov ecx, 5
lea eax, [ebp - 0x24]
push eax
mov eax, dword [ebp + 8]
call fcn_fffad688  ; call 0xfffad688
add esp, 0x10
mov esi, eax
jmp short loc_fffca674  ; jmp 0xfffca674

loc_fffca671:  ; not directly referenced
mov esi, dword [ebp - 0x38]

loc_fffca674:  ; not directly referenced
inc byte [ebp - 0x30]
jmp near loc_fffca5a5  ; jmp 0xfffca5a5

loc_fffca67c:  ; not directly referenced
test esi, esi
jne loc_fffcad7f  ; jne 0xfffcad7f
mov edi, dword [ebp + 8]
xor ebx, ebx
xor eax, eax
mov byte [ebp - 0x30], 0
add edi, 0x374f

loc_fffca695:  ; not directly referenced
test eax, eax
sete cl
cmp byte [ebp - 0x30], 1
setbe dl
test cl, dl
je loc_fffca755  ; je 0xfffca755
movzx edx, byte [ebp - 0x30]
xor eax, eax
mov ecx, dword [ebp + 8]
imul esi, edx, 0x13c3
add ecx, esi
cmp dword [ecx + 0x3757], 2
jne loc_fffca74d  ; jne 0xfffca74d
lea eax, [edi + esi + 8]
test byte [ecx + 0x381b], 1
je short loc_fffca6fd  ; je 0xfffca6fd
mov esi, dword [ebp + 8]
cmp byte [esi + 0x247c], 0
jne short loc_fffca6f4  ; jne 0xfffca6f4
mov word [eax + 0x1273], bx
mov word [eax + 0x128b], bx

loc_fffca6ee:  ; not directly referenced
mov word [ebp - 0x24], bx
jmp short loc_fffca6fd  ; jmp 0xfffca6fd

loc_fffca6f4:  ; not directly referenced
mov bx, word [eax + 0x1273]
jmp short loc_fffca6ee  ; jmp 0xfffca6ee

loc_fffca6fd:  ; not directly referenced
imul ecx, edx, 0x13c3
mov esi, dword [ebp + 8]
test byte [esi + ecx + 0x381b], 4
je short loc_fffca736  ; je 0xfffca736
cmp byte [esi + 0x247c], 0
jne short loc_fffca72d  ; jne 0xfffca72d
mov word [eax + 0x139b], bx
mov word [eax + 0x13b3], bx

loc_fffca727:  ; not directly referenced
mov word [ebp - 0x22], bx
jmp short loc_fffca736  ; jmp 0xfffca736

loc_fffca72d:  ; not directly referenced
mov bx, word [eax + 0x139b]
jmp short loc_fffca727  ; jmp 0xfffca727

loc_fffca736:  ; not directly referenced
sub esp, 0xc
mov ecx, 4
lea eax, [ebp - 0x24]
push eax
mov eax, dword [ebp + 8]
call fcn_fffad688  ; call 0xfffad688
add esp, 0x10

loc_fffca74d:  ; not directly referenced
inc byte [ebp - 0x30]
jmp near loc_fffca695  ; jmp 0xfffca695

loc_fffca755:  ; not directly referenced
mov esi, eax
test eax, eax
jne loc_fffcad7f  ; jne 0xfffcad7f
mov eax, dword [ebp + 8]
mov byte [ebp - 0x30], 0
add eax, 0x374f
mov dword [ebp - 0x48], eax
mov eax, dword [ebp + 8]
imul eax, dword [eax + 0x18a7], 0x2e
mov dword [ebp - 0x4c], eax

loc_fffca77b:  ; not directly referenced
test esi, esi
sete dl
cmp byte [ebp - 0x30], 1
setbe al
test dl, al
je loc_fffca8f3  ; je 0xfffca8f3
movzx eax, byte [ebp - 0x30]
mov edi, dword [ebp + 8]
mov dword [ebp - 0x38], eax
imul eax, eax, 0x13c3
cmp dword [edi + eax + 0x3757], 2
jne loc_fffca8e9  ; jne 0xfffca8e9
mov edi, dword [ebp - 0x48]
lea edi, [edi + eax + 8]
mov eax, dword [ebp - 0x4c]
movzx eax, word [edi + eax + 0xc]
cmp ax, 0xc
ja short loc_fffca7c7  ; ja 0xfffca7c7
sub eax, 9
jmp short loc_fffca7d5  ; jmp 0xfffca7d5

loc_fffca7c7:  ; not directly referenced
sub eax, 0xe
mov ecx, 2
cdq
idiv ecx
or eax, 4

loc_fffca7d5:  ; not directly referenced
and eax, 7
lea ebx, [eax*8]
imul eax, dword [ebp - 0x38], 0x13c3
add eax, dword [ebp + 8]
mov dword [ebp - 0x3c], 0
mov dword [ebp - 0x40], eax
movzx eax, byte [ebp - 0x30]
mov dword [ebp - 0x44], eax

loc_fffca7fa:  ; not directly referenced
mov esi, dword [ebp - 0x3c]
mov eax, esi
mov ecx, esi
mov byte [ebp - 0x34], al
mov eax, 1
shl eax, cl
mov ecx, dword [ebp - 0x40]
test byte [ecx + 0x381b], al
je loc_fffca8bd  ; je 0xfffca8bd
mov eax, dword [ebp + 8]
cmp byte [eax + 0x247c], 0
je short loc_fffca83d  ; je 0xfffca83d
mov eax, esi
shr al, 1
movzx eax, al
imul eax, eax, 0x128
mov bx, word [edi + eax + 0x126f]
jmp short loc_fffca8b0  ; jmp 0xfffca8b0

loc_fffca83d:  ; not directly referenced
mov edx, dword [ebp - 0x38]
mov eax, dword [ebp + 8]
call fcn_fffa6bf0  ; call 0xfffa6bf0
test eax, eax
je loc_fffcab2e  ; je 0xfffcab2e
mov dl, byte [eax]
cmp dl, 0x78
je short loc_fffca871  ; je 0xfffca871
ja short loc_fffca860  ; ja 0xfffca860
mov al, 4
cmp dl, 0x50
jmp short loc_fffca86b  ; jmp 0xfffca86b

loc_fffca860:  ; not directly referenced
mov al, 2
cmp dl, 0xf0
je short loc_fffca873  ; je 0xfffca873
mov al, 3
inc dl

loc_fffca86b:  ; not directly referenced
je short loc_fffca873  ; je 0xfffca873
xor eax, eax
jmp short loc_fffca873  ; jmp 0xfffca873

loc_fffca871:  ; not directly referenced
mov al, 1

loc_fffca873:  ; not directly referenced
shl eax, 9
and bh, 0xf1
mov edx, dword [ebp - 0x44]
or ebx, eax
mov al, byte [ebp - 0x34]
sub esp, 0xc
shr al, 1
movzx esi, al
movzx eax, bx
mov ecx, esi
imul esi, esi, 0x128
push eax
mov eax, dword [ebp + 8]
add esi, edi
call fcn_fffa86e1  ; call 0xfffa86e1
add esp, 0x10
mov word [esi + 0x126f], bx
mov word [esi + 0x1287], bx

loc_fffca8b0:  ; not directly referenced
mov al, byte [ebp - 0x34]
shr al, 1
movzx eax, al
mov word [ebp + eax*2 - 0x24], bx

loc_fffca8bd:  ; not directly referenced
add dword [ebp - 0x3c], 2
cmp dword [ebp - 0x3c], 4
jne loc_fffca7fa  ; jne 0xfffca7fa
sub esp, 0xc
mov edx, dword [ebp - 0x38]
mov ecx, 2
lea eax, [ebp - 0x24]
push eax
mov eax, dword [ebp + 8]
call fcn_fffad688  ; call 0xfffad688
add esp, 0x10
mov esi, eax
jmp short loc_fffca8eb  ; jmp 0xfffca8eb

loc_fffca8e9:  ; not directly referenced
xor esi, esi

loc_fffca8eb:  ; not directly referenced
inc byte [ebp - 0x30]
jmp near loc_fffca77b  ; jmp 0xfffca77b

loc_fffca8f3:  ; not directly referenced
test esi, esi
jne loc_fffcad7f  ; jne 0xfffcad7f
mov eax, dword [ebp + 8]
call fcn_fffad6b6  ; call 0xfffad6b6
mov esi, eax
test eax, eax
jne loc_fffcad7f  ; jne 0xfffcad7f
mov eax, dword [ebp + 8]
mov edx, 1
call fcn_fffad821  ; call 0xfffad821
mov esi, eax
test eax, eax
jne loc_fffcad7f  ; jne 0xfffcad7f
mov eax, dword [ebp + 8]
xor ecx, ecx
mov edx, 3
call fcn_fffadf2d  ; call 0xfffadf2d
mov esi, eax
test eax, eax
jne loc_fffcad7f  ; jne 0xfffcad7f
mov eax, dword [ebp + 8]
mov byte [eax + 0x247e], 1
jmp near loc_fffcad7f  ; jmp 0xfffcad7f

loc_fffca94c:  ; not directly referenced
mov edi, dword [ebp + 8]
xor eax, eax
mov byte [ebp - 0x30], 0
add edi, 0x374f
mov dword [ebp - 0x4c], edi
mov edi, dword [ebp + 8]
imul edi, dword [edi + 0x18a7], 0x2e
mov dword [ebp - 0x50], edi

loc_fffca96b:  ; not directly referenced
test eax, eax
sete cl
cmp byte [ebp - 0x30], 1
setbe dl
test cl, dl
je loc_fffcab1b  ; je 0xfffcab1b
movzx eax, byte [ebp - 0x30]
imul edx, eax, 0x13c3
mov dword [ebp - 0x34], eax
mov eax, dword [ebp + 8]
add eax, edx
cmp dword [eax + 0x3757], 2
jne loc_fffcab11  ; jne 0xfffcab11
mov edi, dword [ebp - 0x4c]
mov dword [ebp - 0x44], eax
mov eax, dword [ebp - 0x34]
lea esi, [edi + edx + 8]
mov edi, dword [ebp - 0x50]
mov dword [ebp - 0x48], eax
mov di, word [esi + edi + 0xc]
mov word [ebp - 0x38], di
mov edi, dword [ebp - 0x38]
mov dword [ebp - 0x38], 0
lea ebx, [edi - 5]
and ebx, 7
shl ebx, 3

loc_fffca9cd:  ; not directly referenced
mov edi, dword [ebp - 0x38]
mov eax, edi
mov ecx, edi
mov edi, dword [ebp - 0x44]
mov byte [ebp - 0x3c], al
mov eax, 1
shl eax, cl
test byte [edi + 0x381b], al
je loc_fffcaae7  ; je 0xfffcaae7
mov eax, dword [ebp + 8]
cmp byte [eax + 0x247c], 0
je short loc_fffcaa13  ; je 0xfffcaa13
mov al, cl
shr al, 1
movzx eax, al
imul eax, eax, 0x128
mov bx, word [esi + eax + 0x126f]
jmp near loc_fffcaada  ; jmp 0xfffcaada

loc_fffcaa13:  ; not directly referenced
mov al, byte [ebp - 0x3c]
shr al, 1
movzx edi, al
mov byte [ebp - 0x40], al
imul eax, edi, 0x128
cmp byte [esi + eax + 0x1243], 1
jne short loc_fffcaa4c  ; jne 0xfffcaa4c
mov eax, dword [ebp + 8]
cmp byte [eax + 0x190d], 0
je short loc_fffcaa61  ; je 0xfffcaa61
cmp dword [eax + 0x36cc], 1
jne short loc_fffcaa61  ; jne 0xfffcaa61
cmp byte [eax + 0x2480], 1
je short loc_fffcaa61  ; je 0xfffcaa61

loc_fffcaa4c:  ; not directly referenced
imul eax, edi, 0x128
cmp byte [esi + eax + 0x1242], 1
sete al
xor edx, edx
jmp short loc_fffcaa65  ; jmp 0xfffcaa65

loc_fffcaa61:  ; not directly referenced
xor eax, eax
mov dl, 1

loc_fffcaa65:  ; not directly referenced
and edx, 1
and bl, 0x3f
shl edx, 6
and eax, 1
shl eax, 7
or ebx, edx
mov edx, dword [ebp - 0x34]
or ebx, eax
mov eax, dword [ebp + 8]
mov ecx, edi
call fcn_fffa6998  ; call 0xfffa6998
test eax, eax
je loc_fffcab2e  ; je 0xfffcab2e
movzx eax, byte [eax]
xor edx, edx
cmp al, 0x78
ja short loc_fffcaaa0  ; ja 0xfffcaaa0
mov cl, 0x3c
div cl
test ah, 0x3f
cmove edx, eax

loc_fffcaaa0:  ; not directly referenced
and edx, 3
and bh, 0xf9
movzx ecx, byte [ebp - 0x40]
shl edx, 9
sub esp, 0xc
or ebx, edx
mov edx, dword [ebp - 0x48]
movzx eax, bx
imul edi, edi, 0x128
push eax
mov eax, dword [ebp + 8]
add edi, esi
call fcn_fffa86e1  ; call 0xfffa86e1
add esp, 0x10
mov word [edi + 0x126f], bx
mov word [edi + 0x1287], bx

loc_fffcaada:  ; not directly referenced
mov al, byte [ebp - 0x3c]
shr al, 1
movzx eax, al
mov word [ebp + eax*2 - 0x24], bx

loc_fffcaae7:  ; not directly referenced
add dword [ebp - 0x38], 2
cmp dword [ebp - 0x38], 4
jne loc_fffca9cd  ; jne 0xfffca9cd
sub esp, 0xc
mov edx, dword [ebp - 0x34]
mov ecx, 2
lea eax, [ebp - 0x24]
push eax
mov eax, dword [ebp + 8]
call fcn_fffad688  ; call 0xfffad688
add esp, 0x10
jmp short loc_fffcab13  ; jmp 0xfffcab13

loc_fffcab11:  ; not directly referenced
xor eax, eax

loc_fffcab13:  ; not directly referenced
inc byte [ebp - 0x30]
jmp near loc_fffca96b  ; jmp 0xfffca96b

loc_fffcab1b:  ; not directly referenced
mov esi, eax
test eax, eax
jne loc_fffcad7f  ; jne 0xfffcad7f
xor eax, eax
xor ebx, ebx
lea edi, [ebp - 0x24]
jmp short loc_fffcab70  ; jmp 0xfffcab70

loc_fffcab2e:  ; not directly referenced
mov esi, 1
jmp near loc_fffcad7f  ; jmp 0xfffcad7f

loc_fffcab38:  ; not directly referenced
movzx edx, bl
mov esi, dword [ebp + 8]
xor eax, eax
imul ecx, edx, 0x13c3
cmp dword [esi + ecx + 0x3757], 2
jne short loc_fffcab6f  ; jne 0xfffcab6f
sub esp, 0xc
mov ecx, 3
push edi
mov eax, esi
mov word [ebp - 0x24], 0
mov word [ebp - 0x22], 0
call fcn_fffad688  ; call 0xfffad688
add esp, 0x10

loc_fffcab6f:  ; not directly referenced
inc ebx

loc_fffcab70:  ; not directly referenced
test eax, eax
sete cl
cmp bl, 1
setbe dl
test cl, dl
jne short loc_fffcab38  ; jne 0xfffcab38
mov esi, eax
test eax, eax
jne loc_fffcad7f  ; jne 0xfffcad7f
mov eax, dword [ebp + 8]
call fcn_fffaddc7  ; call 0xfffaddc7
mov esi, eax
test eax, eax
jne loc_fffcad7f  ; jne 0xfffcad7f
lea edi, [ebp - 0x24]
mov esi, ref_fffd6150  ; mov esi, 0xfffd6150
mov ecx, 3
mov ebx, 0x100
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov edi, dword [ebp + 8]
xor eax, eax
mov byte [ebp - 0x34], 0
add edi, 0x374f
mov dword [ebp - 0x3c], edi
mov edi, dword [ebp + 8]
imul edi, dword [edi + 0x18a7], 0x2e
mov dword [ebp - 0x40], edi

loc_fffcabce:  ; not directly referenced
test eax, eax
sete cl
cmp byte [ebp - 0x34], 1
setbe dl
test cl, dl
je loc_fffcad4c  ; je 0xfffcad4c
movzx eax, byte [ebp - 0x34]
mov edi, dword [ebp + 8]
mov dword [ebp - 0x38], eax
imul eax, eax, 0x13c3
cmp dword [edi + eax + 0x3757], 2
jne loc_fffcad42  ; jne 0xfffcad42
mov edi, dword [ebp - 0x3c]
lea edi, [edi + eax + 8]
mov eax, dword [ebp - 0x40]
add eax, edi
mov cx, word [eax + 0xa]
movzx eax, word [eax + 0x2a]
mov word [ebp - 0x30], cx
cmp ax, 4
jbe loc_fffcad54  ; jbe 0xfffcad54
cmp ax, 0xa
setne cl
cmp ax, 8
seta dl
test cl, dl
je short loc_fffcac49  ; je 0xfffcac49
mov edx, eax
and edx, 0xfffffffd
cmp dx, 0xc
je short loc_fffcac49  ; je 0xfffcac49
cmp ax, 0x10
jne loc_fffcad54  ; jne 0xfffcad54

loc_fffcac49:  ; not directly referenced
mov esi, dword [ebp - 0x30]
movzx eax, byte [ebp + eax - 0x29]
cmp si, 0xc
sbb ecx, ecx
and ebx, 0xffffff8b
mov esi, ebx
mov bl, byte [ebp - 0x30]
mov edx, ecx
and edx, 0xfffffff8
and eax, 7
add edx, 0xc
lea ecx, [ecx*4 + 4]
sub ebx, edx
and ecx, 4
mov dl, bl
or esi, ecx
and edx, 7
shl edx, 4
or esi, edx
shl eax, 9
and si, 0xf1ff
or esi, eax
mov eax, dword [ebp + 8]
mov ebx, esi
mov al, byte [eax + 0x1906]
cmp al, 6
setne cl
cmp al, 1
seta dl
and bh, 0xef
test cl, dl
jne short loc_fffcacb5  ; jne 0xfffcacb5
cmp al, 1
setbe al
and eax, 1
shl eax, 0xc
or ebx, eax

loc_fffcacb5:  ; not directly referenced
imul eax, dword [ebp - 0x38], 0x13c3
mov esi, dword [ebp + 8]
test byte [esi + eax + 0x381b], 1
je short loc_fffcacef  ; je 0xfffcacef
cmp byte [esi + 0x247c], 0
jne short loc_fffcace6  ; jne 0xfffcace6
mov word [edi + 0x126b], bx
mov word [edi + 0x1283], bx

loc_fffcace0:  ; not directly referenced
mov word [ebp - 0x28], bx
jmp short loc_fffcacef  ; jmp 0xfffcacef

loc_fffcace6:  ; not directly referenced
mov bx, word [edi + 0x126b]
jmp short loc_fffcace0  ; jmp 0xfffcace0

loc_fffcacef:  ; not directly referenced
imul eax, dword [ebp - 0x38], 0x13c3
mov ecx, dword [ebp + 8]
test byte [ecx + eax + 0x381b], 4
je short loc_fffcad29  ; je 0xfffcad29
cmp byte [ecx + 0x247c], 0
jne short loc_fffcad20  ; jne 0xfffcad20
mov word [edi + 0x1393], bx
mov word [edi + 0x13ab], bx

loc_fffcad1a:  ; not directly referenced
mov word [ebp - 0x26], bx
jmp short loc_fffcad29  ; jmp 0xfffcad29

loc_fffcad20:  ; not directly referenced
mov bx, word [edi + 0x1393]
jmp short loc_fffcad1a  ; jmp 0xfffcad1a

loc_fffcad29:  ; not directly referenced
sub esp, 0xc
mov edx, dword [ebp - 0x38]
xor ecx, ecx
lea eax, [ebp - 0x28]
push eax
mov eax, dword [ebp + 8]
call fcn_fffad688  ; call 0xfffad688
add esp, 0x10
jmp short loc_fffcad44  ; jmp 0xfffcad44

loc_fffcad42:  ; not directly referenced
xor eax, eax

loc_fffcad44:  ; not directly referenced
inc byte [ebp - 0x34]
jmp near loc_fffcabce  ; jmp 0xfffcabce

loc_fffcad4c:  ; not directly referenced
mov esi, eax
test eax, eax
jne short loc_fffcad7f  ; jne 0xfffcad7f
jmp short loc_fffcad5b  ; jmp 0xfffcad5b

loc_fffcad54:  ; not directly referenced
mov esi, 0xd
jmp short loc_fffcad7f  ; jmp 0xfffcad7f

loc_fffcad5b:  ; not directly referenced
mov eax, dword [ebp + 8]
xor ecx, ecx
mov edx, 3
call fcn_fffadf2d  ; call 0xfffadf2d
mov esi, eax
test eax, eax
jne short loc_fffcad7f  ; jne 0xfffcad7f
mov eax, dword [ebp + 8]
xor ecx, ecx
mov edx, 0x4d94
call fcn_fffb3381  ; call 0xfffb3381

loc_fffcad7f:  ; not directly referenced
mov eax, dword [ebp + 8]
mov byte [eax + 0x247c], 1

loc_fffcad89:  ; not directly referenced
lea esp, [ebp - 0xc]
mov eax, esi
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcad93:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
mov esi, edx
push ebx
sub esp, 0x50
mov eax, dword [ebp + 8]
push 1
push 7
mov dword [ebp - 0x48], eax
mov eax, dword [edi + 0x2444]
mov byte [ebp - 0x49], dl
lea edx, [ebp - 0x27]
push edx
mov byte [ebp - 0x4b], cl
call dword [eax + 0x5c]  ; ucall
mov ecx, esi
add esp, 0x10
movzx esi, cl
xor eax, eax
lea edx, [edi + 0x3757]
mov dword [ebp - 0x40], esi

loc_fffcadd0:  ; not directly referenced
mov esi, dword [ebp - 0x40]
bt esi, eax
jae loc_fffcae9d  ; jae 0xfffcae9d
mov esi, dword [edx + 0x109]
mov ecx, dword [edx + 0x111]
mov dword [ebp + eax*4 - 0x20], 0
mov dword [ebp - 0x3c], esi
mov ebx, esi
mov esi, dword [edx + 0x11d]
cmp byte [edx + 0x11d], bl
mov bl, byte [ebp - 0x3c]
cmovg esi, ebx
mov ebx, esi
cmp bl, cl
cmovg esi, ecx
mov ebx, esi
cmp bl, byte [edx + 0x115]
mov bl, byte [edx + 0x115]
cmovg esi, ebx
mov ebx, esi
mov esi, dword [edx + 0x11d]
mov byte [ebp + eax - 0x2f], bl
mov bl, byte [ebp - 0x3c]
cmp byte [edx + 0x11d], bl
cmovge ebx, esi
mov esi, dword [edx + 0x115]
cmp bl, cl
cmovl ebx, ecx
mov cl, byte [edx + 0xc4]
cmp bl, byte [edx + 0x115]
cmovl ebx, esi
mov byte [ebp - 0x44], cl
xor ecx, ecx
mov byte [ebp + eax - 0x2d], bl

loc_fffcae5a:  ; not directly referenced
mov ebx, 1
shl ebx, cl
test byte [ebp - 0x44], bl
je short loc_fffcae95  ; je 0xfffcae95
mov bl, byte [edx + ecx + 0x245]
movzx esi, byte [ebp + eax - 0x2f]
cmp bl, byte [ebp + eax - 0x2f]
mov byte [ebp - 0x3c], bl
cmovle esi, ebx
mov ebx, esi
movzx esi, byte [ebp + eax - 0x2d]
mov byte [ebp + eax - 0x2f], bl
mov bl, byte [ebp - 0x3c]
cmp bl, byte [ebp + eax - 0x2d]
cmovl ebx, esi
mov byte [ebp + eax - 0x2d], bl

loc_fffcae95:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffcae5a  ; jne 0xfffcae5a
jmp short loc_fffcaeaf  ; jmp 0xfffcaeaf

loc_fffcae9d:  ; not directly referenced
mov dword [ebp + eax*4 - 0x20], 1
mov byte [ebp + eax - 0x2f], 0
mov byte [ebp + eax - 0x2d], 0x7f

loc_fffcaeaf:  ; not directly referenced
inc eax
add edx, 0x13c3
cmp eax, 2
jne loc_fffcadd0  ; jne 0xfffcadd0
cmp byte [ebp - 0x48], 0
je short loc_fffcaeea  ; je 0xfffcaeea
mov dl, byte [ebp - 0x2d]
mov al, 0x5f
cmp byte [ebp - 0x2d], 0x5f
mov dword [ebp - 0x3c], 1
cmovl edx, eax
mov byte [ebp - 0x2b], dl
mov dl, byte [ebp - 0x2c]
cmp byte [ebp - 0x2c], 0x5f
cmovge eax, edx
mov byte [ebp - 0x2a], al
jmp short loc_fffcaf0d  ; jmp 0xfffcaf0d

loc_fffcaeea:  ; not directly referenced
mov dl, byte [ebp - 0x2f]
mov al, 0x20
cmp byte [ebp - 0x2f], 0x20
mov dword [ebp - 0x3c], 0xffffffff
cmovg edx, eax
mov byte [ebp - 0x2b], dl
mov dl, byte [ebp - 0x2e]
cmp byte [ebp - 0x2e], 0x20
cmovle eax, edx
mov byte [ebp - 0x2a], al

loc_fffcaf0d:  ; not directly referenced
mov al, byte [ebp - 0x2b]
mov dword [ebp - 0x44], 0
mov byte [ebp - 0x29], al
mov al, byte [ebp - 0x2a]
mov byte [ebp - 0x28], al
mov eax, dword [ebp - 0x40]
sar eax, 1
mov dword [ebp - 0x48], eax
mov al, byte [ebp - 0x49]
and dword [ebp - 0x48], 1
and eax, 1
mov byte [ebp - 0x4c], al

loc_fffcaf35:  ; not directly referenced
mov eax, dword [ebp - 0x3c]
xor ebx, ebx
add dword [ebp - 0x44], eax

loc_fffcaf3d:  ; not directly referenced
mov eax, dword [ebp - 0x40]
bt eax, ebx
jae short loc_fffcaf74  ; jae 0xfffcaf74
mov al, byte [ebp - 0x3c]
mov edx, ebx
add byte [ebp + ebx - 0x2b], al
imul eax, ebx, 0x13c3
mov cl, byte [ebp - 0x4b]
and cl, byte [edi + eax + 0x381b]
mov eax, edi
push 0
push 0
push dword [ebp - 0x44]
movzx ecx, cl
push 0
call fcn_fffac68e  ; call 0xfffac68e
add esp, 0x10

loc_fffcaf74:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffcaf3d  ; jne 0xfffcaf3d
sub esp, 0xc
push edi
call fcn_fffc9f5d  ; call 0xfffc9f5d
add esp, 0xc
movzx ecx, byte [edi + 0x248c]
mov edx, dword [ebp - 0x40]
lea eax, [ebp - 0x27]
push 0
push 1
push eax
mov eax, edi
call fcn_fffaa5b3  ; call 0xfffaa5b3
add esp, 0x10
xor ecx, ecx
mov byte [ebp - 0x4a], al

loc_fffcafa7:  ; not directly referenced
mov eax, 1
shl eax, cl
test byte [ebp - 0x49], al
je short loc_fffcb029  ; je 0xfffcb029
cmp dword [ebp + ecx*4 - 0x20], 0
jne short loc_fffcb029  ; jne 0xfffcb029
test byte [ebp - 0x4a], al
je short loc_fffcaff2  ; je 0xfffcaff2
mov bl, byte [ebp + ecx - 0x2b]
mov dl, byte [ebp + ecx - 0x29]
mov dword [ebp + ecx*4 - 0x20], 1
movsx eax, bl
sub eax, dword [ebp - 0x3c]
movsx esi, dl
cmp eax, esi
jns short loc_fffcafe5  ; jns 0xfffcafe5
mov al, byte [ebp - 0x3c]
add eax, edx
sub eax, ebx
jmp short loc_fffcafec  ; jmp 0xfffcafec

loc_fffcafe5:  ; not directly referenced
mov al, bl
sub eax, dword [ebp - 0x3c]
sub eax, edx

loc_fffcafec:  ; not directly referenced
mov esi, dword [ebp + 0xc]
mov byte [esi + ecx], al

loc_fffcaff2:  ; not directly referenced
mov al, byte [ebp + ecx - 0x2b]
cmp al, 0x7f
sete bl
test al, al
sete dl
or bl, dl
je short loc_fffcb029  ; je 0xfffcb029
mov bl, byte [ebp + ecx - 0x29]
movsx edx, al
movsx esi, byte [ebp + ecx - 0x29]
mov dword [ebp + ecx*4 - 0x20], 1
sub ebx, eax
sub al, byte [ebp + ecx - 0x29]
cmp edx, esi
cmovns ebx, eax
mov eax, dword [ebp + 0xc]
mov byte [eax + ecx], bl

loc_fffcb029:  ; not directly referenced
inc ecx
cmp ecx, 2
jne loc_fffcafa7  ; jne 0xfffcafa7
cmp byte [ebp - 0x4c], 0
mov al, 1
je short loc_fffcb042  ; je 0xfffcb042
cmp dword [ebp - 0x20], 0
setne al

loc_fffcb042:  ; not directly referenced
cmp dword [ebp - 0x48], 0
je short loc_fffcb052  ; je 0xfffcb052
cmp dword [ebp - 0x1c], 0
je loc_fffcaf35  ; je 0xfffcaf35

loc_fffcb052:  ; not directly referenced
test al, al
je loc_fffcaf35  ; je 0xfffcaf35
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcb062:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, eax
sub esp, 0x30
mov edi, dword [ebx + 0x2444]
movzx eax, cl
push 0
push 4
lea esi, [ebp - 0x1a]
push esi
mov byte [ebp - 0x31], dl
mov byte [ebp - 0x30], cl
mov dword [ebp - 0x2c], eax
call dword [edi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 4
lea eax, [ebp - 0x1c]
push eax
call dword [edi + 0x5c]  ; ucall
mov ecx, dword [ebp - 0x2c]
xor edx, edx
mov eax, ebx
call fcn_fffad317  ; call 0xfffad317
mov ecx, dword [ebp - 0x2c]
mov edx, 1
mov edi, eax
mov eax, ebx
call fcn_fffad317  ; call 0xfffad317
pop ecx
mov ecx, dword [ebp - 0x2c]
or eax, edi
movzx edi, al
pop eax
mov edx, edi
mov eax, ebx
push esi
xor esi, esi
push 0
call fcn_fffcad93  ; call 0xfffcad93
add esp, 0x10

loc_fffcb0d0:  ; not directly referenced
bt edi, esi
jae short loc_fffcb0fc  ; jae 0xfffcb0fc
imul eax, esi, 0x13c3
mov cl, byte [ebp - 0x30]
mov edx, esi
and cl, byte [ebx + eax + 0x381b]
mov eax, ebx
push 0
push 0
push 0
movzx ecx, cl
push 0
call fcn_fffac68e  ; call 0xfffac68e
add esp, 0x10

loc_fffcb0fc:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffcb0d0  ; jne 0xfffcb0d0
sub esp, 0xc
xor si, si
push ebx
call fcn_fffc9f5d  ; call 0xfffc9f5d
mov ecx, dword [ebp - 0x2c]
pop eax
pop edx
mov edx, edi
lea eax, [ebp - 0x1c]
push eax
mov eax, ebx
push 1
call fcn_fffcad93  ; call 0xfffcad93
add esp, 0x10

loc_fffcb125:  ; not directly referenced
bt edi, esi
jae short loc_fffcb151  ; jae 0xfffcb151
imul eax, esi, 0x13c3
mov cl, byte [ebp - 0x30]
mov edx, esi
and cl, byte [ebx + eax + 0x381b]
mov eax, ebx
push 0
push 0
push 0
movzx ecx, cl
push 0
call fcn_fffac68e  ; call 0xfffac68e
add esp, 0x10

loc_fffcb151:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffcb125  ; jne 0xfffcb125
sub esp, 0xc
xor edi, edi
push ebx
call fcn_fffc9f5d  ; call 0xfffc9f5d
movzx eax, byte [ebp - 0x31]
lea esi, [ebx + 0x3219]
add esp, 0x10
mov dword [ebp - 0x30], eax

loc_fffcb172:  ; not directly referenced
mov eax, dword [ebp - 0x30]
bt eax, edi
jb short loc_fffcb18b  ; jb 0xfffcb18b

loc_fffcb17a:  ; not directly referenced
inc edi
add esi, 0x48
cmp edi, 2
jne short loc_fffcb172  ; jne 0xfffcb172
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

loc_fffcb18b:  ; not directly referenced
push 0
mov ecx, dword [ebp - 0x2c]
mov edx, edi
push 0
mov eax, ebx
push 0
push 0
call fcn_fffac68e  ; call 0xfffac68e
movzx edx, byte [ebp + edi - 0x1c]
add esp, 0x10
movzx eax, byte [ebp + edi - 0x1a]
imul edx, edx, 0xa
imul eax, eax, 0xa
mov dword [esi], edx
mov dword [esi + 4], eax
mov dword [esi + 0x90], edx
mov dword [esi + 0x94], eax
mov dword [esi + 0x120], edx
mov dword [esi + 0x124], eax
mov dword [esi + 0x1b0], edx
mov dword [esi + 0x1b4], eax
jmp short loc_fffcb17a  ; jmp 0xfffcb17a

fcn_fffcb1dd:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
push ebx
sub esp, 0xad10
mov esi, dword [ebp + 0x20]
mov ebx, dword [ebp + 0x24]
mov dword [ebp - 0xacb4], edx
mov dl, byte [ebp + 0x14]
mov dword [ebp - 0xac88], ecx
mov eax, dword [ebp + 0xc]
mov dword [ebp - 0xacb0], esi
mov dword [ebp - 0xacac], ebx
mov ebx, dword [ebp + 0x28]
mov byte [ebp - 0xace6], dl
mov edx, esi
mov esi, dword [edi + 0x5edd]
mov byte [ebp - 0xac90], dl
mov dl, byte [ebp - 0xacac]
mov dword [ebp - 0xac98], eax
mov ecx, ebx
mov byte [ebp - 0xac8c], al
mov byte [ebp - 0xaca1], dl
mov dl, cl
mov ecx, dword [edi + 0x2481]
mov dword [ebp - 0xaca0], edx
mov dl, byte [ebp + 0x30]
mov dword [ebp - 0xac94], ebx
mov ebx, dword [ebp + 0x2c]
mov dword [ebp - 0xaca8], esi
mov esi, dword [edi + 0x2444]
mov dword [ebp - 0xacc4], ecx
mov byte [ebp - 0xad09], dl
mov edx, dword [edi + 0x188b]
mov dword [ebp - 0xacc0], edx
dec edx
sete dl
cmp al, 6
sete al
mov byte [ebp - 0xacbb], dl
mov byte [ebp - 0xace7], al
and eax, edx
movzx eax, al
mov dword [ebp - 0xacc8], eax
mov al, byte [ebp - 0xac88]
and al, byte [edi + 0x248f]
push 0
push 0x5ab4
mov byte [ebp - 0xac9c], al
mov eax, dword [ebp + 8]
and al, byte [edi + 0x248e]
mov byte [ebp - 0xac88], al
lea eax, [ebp - 0x5acc]
push eax
call dword [esi + 0x5c]  ; ucall
add esp, 0xc
push 0xff
push 0x3e
push dword [ebp - 0xacb4]
call dword [esi + 0x5c]  ; ucall
lea eax, [ebp - 0xabcc]
add esp, 0xc
push 0
push 0x280
push eax
call dword [esi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0x80
lea eax, [ebp - 0xac4c]
push eax
call dword [esi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0x680
lea eax, [ebp - 0xa94c]
push eax
call dword [esi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 2
lea eax, [ebp - 0xac75]
push eax
call dword [esi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0x10
lea eax, [ebp - 0xac5c]
push eax
call dword [esi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 2
lea eax, [ebp - 0xac73]
push eax
call dword [esi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0x4800
lea eax, [ebp - 0xa2cc]
push eax
call dword [esi + 0x5c]  ; ucall
mov edx, dword [ebp - 0xaca0]
add esp, 0x10
xor eax, eax

loc_fffcb371:  ; not directly referenced
mov byte [ebp + eax - 0xac71], al
inc eax
cmp eax, 9
jne short loc_fffcb371  ; jne 0xfffcb371
mov byte [edi + 0x247b], 0
cmp bl, 9
jne short loc_fffcb393  ; jne 0xfffcb393
mov dl, byte [ebp - 0xac94]
dec edx
jmp short loc_fffcb3a2  ; jmp 0xfffcb3a2

loc_fffcb393:  ; not directly referenced
mov al, byte [ebp - 0xac94]
sub eax, 3
cmp bl, 0xa
cmove edx, eax

loc_fffcb3a2:  ; not directly referenced
mov ecx, dword [ebp - 0xac98]
mov al, cl
sub eax, 0xa
cmp cl, 0xf
sete cl
cmp al, 2
mov byte [ebp - 0xacbc], al
setbe al
or al, cl
mov byte [ebp - 0xac94], cl
movzx ecx, dl
movzx edx, byte [ebp - 0xac9c]
je short loc_fffcb3f4  ; je 0xfffcb3f4
push eax
push eax
movzx eax, byte [ebp - 0xac88]
push eax
mov eax, edi
push 0
call fcn_fffaea71  ; call 0xfffaea71
add esp, 0x10
mov dword [ebp - 0xacf0], 1
jmp short loc_fffcb40d  ; jmp 0xfffcb40d

loc_fffcb3f4:  ; not directly referenced
sub esp, 0xc
mov eax, edi
push 0
call fcn_fffae9e2  ; call 0xfffae9e2
add esp, 0x10
mov dword [ebp - 0xacf0], 0

loc_fffcb40d:  ; not directly referenced
test bl, bl
je short loc_fffcb417  ; je 0xfffcb417
mov byte [edi + 0x248c], bl

loc_fffcb417:  ; not directly referenced
mov eax, dword [ebp - 0xaca8]
xor ebx, ebx
mov byte [ebp - 0xaca3], 0
add eax, 0x70
mov dword [ebp - 0xaca0], eax
movzx eax, byte [ebp - 0xac9c]
mov dword [ebp - 0xac9c], eax

loc_fffcb43c:  ; not directly referenced
mov eax, dword [ebp - 0xac9c]
bt eax, ebx
jae short loc_fffcb48a  ; jae 0xfffcb48a
imul eax, ebx, 0x13c3
mov cl, byte [ebp - 0xac88]
mov edx, ebx
and cl, byte [edi + eax + 0x381b]
mov eax, edi
mov byte [ebp + ebx - 0xac75], cl
movzx ecx, cl
call fcn_fffad317  ; call 0xfffad317
or byte [ebp - 0xaca3], al
push eax
movzx eax, byte [edi + 0x2489]
push 0
push eax
push dword [ebp - 0xaca0]
call dword [esi + 0x5c]  ; ucall
add esp, 0x10

loc_fffcb48a:  ; not directly referenced
inc ebx
add dword [ebp - 0xaca0], 0xcc
cmp ebx, 2
jne short loc_fffcb43c  ; jne 0xfffcb43c
cmp byte [ebp - 0xaca3], 0
je loc_fffcc5ab  ; je 0xfffcc5ab
movzx esi, byte [ebp - 0xac88]
xor eax, eax
mov dword [ebp - 0xacec], esi

loc_fffcb4b6:  ; not directly referenced
mov esi, dword [ebp - 0xacec]
mov byte [ebp - 0xaca4], al
bt esi, eax
jb short loc_fffcb4d4  ; jb 0xfffcb4d4
inc eax
cmp eax, 4
jne short loc_fffcb4b6  ; jne 0xfffcb4b6
mov byte [ebp - 0xaca4], 0

loc_fffcb4d4:  ; not directly referenced
mov ecx, dword [ebp - 0xac98]
mov al, byte [edi + 0x2489]
mov bl, al
mov al, cl
sub eax, 7
cmp al, 5
mov byte [ebp - 0xace8], al
setbe al
or al, byte [ebp - 0xac94]
mov al, 1
cmovne ebx, eax
mov eax, ecx
cmp cl, 3
sete cl
cmp al, 1
setbe dl
mov eax, 1
or cl, dl
mov byte [ebp - 0xaca2], bl
jne short loc_fffcb525  ; jne 0xfffcb525
xor eax, eax
cmp byte [ebp - 0xac98], 2
sete al

loc_fffcb525:  ; not directly referenced
mov dword [ebp - 0xaccc], eax
xor eax, 1
test byte [ebp - 0xacbb], al
je short loc_fffcb54f  ; je 0xfffcb54f
cmp byte [ebp - 0xacbc], 1
setbe al
or eax, dword [ebp - 0xac94]
movzx eax, al
mov dword [ebp - 0xaccc], eax

loc_fffcb54f:  ; not directly referenced
cmp dword [ebp - 0xaccc], 0
mov byte [ebp - 0xac88], 0
je loc_fffcb6a5  ; je 0xfffcb6a5
xor esi, esi
xor ebx, ebx
cmp byte [ebp - 0xac98], 1
jne short loc_fffcb58d  ; jne 0xfffcb58d
mov edx, 0x3a04
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
cmp dword [ebp - 0xacc0], 0
mov esi, eax
je loc_fffcb62a  ; je 0xfffcb62a
jmp short loc_fffcb5c4  ; jmp 0xfffcb5c4

loc_fffcb58d:  ; not directly referenced
mov edx, 0x3a00
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
cmp dword [ebp - 0xacc0], 0
mov ebx, eax
jne short loc_fffcb5c4  ; jne 0xfffcb5c4
mov ecx, dword [ebp - 0xac98]
cmp cl, 2
je short loc_fffcb5ba  ; je 0xfffcb5ba
cmp cl, 3
je short loc_fffcb5bf  ; je 0xfffcb5bf
test cl, cl
jne short loc_fffcb633  ; jne 0xfffcb633
jmp short loc_fffcb62a  ; jmp 0xfffcb62a

loc_fffcb5ba:  ; not directly referenced
shr eax, 0x1a
jmp short loc_fffcb609  ; jmp 0xfffcb609

loc_fffcb5bf:  ; not directly referenced
shr eax, 0x14
jmp short loc_fffcb62a  ; jmp 0xfffcb62a

loc_fffcb5c4:  ; not directly referenced
mov edx, 0x3a08
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov edx, 0x3a0c
mov dword [ebp - 0xac88], eax
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov eax, dword [ebp - 0xac98]
cmp al, 0xf
ja short loc_fffcb637  ; ja 0xfffcb637
movzx eax, al
mov ecx, dword [ebp - 0xac88]
jmp dword [eax*4 + ref_fffd615c]  ; ujmp: jmp dword [eax*4 - 0x29ea4]

loc_fffcb5fc:  ; not directly referenced
mov al, bl
jmp short loc_fffcb62a  ; jmp 0xfffcb62a

loc_fffcb600:  ; not directly referenced
mov eax, esi
jmp short loc_fffcb62a  ; jmp 0xfffcb62a

loc_fffcb604:  ; not directly referenced
shr ebx, 0x14
mov al, bl

loc_fffcb609:  ; not directly referenced
and eax, 0x1f
mov byte [ebp - 0xac88], al
mov al, 0x1f
jmp short loc_fffcb640  ; jmp 0xfffcb640

loc_fffcb616:  ; not directly referenced
shr ebx, 0x1a
mov dword [ebp - 0xac88], ebx
jmp short loc_fffcb633  ; jmp 0xfffcb633

loc_fffcb621:  ; not directly referenced
mov eax, ecx
shr eax, 0xc
jmp short loc_fffcb62a  ; jmp 0xfffcb62a

loc_fffcb628:  ; not directly referenced
mov al, cl

loc_fffcb62a:  ; not directly referenced
and eax, 0x3f
mov byte [ebp - 0xac88], al

loc_fffcb633:  ; not directly referenced
mov al, 0x3f
jmp short loc_fffcb640  ; jmp 0xfffcb640

loc_fffcb637:  ; not directly referenced
mov al, 0x3f
mov byte [ebp - 0xac88], 0

loc_fffcb640:  ; not directly referenced
cmp byte [ebp - 0xac98], 0xa
sete dl
or dl, byte [ebp - 0xac94]
jne short loc_fffcb677  ; jne 0xfffcb677
mov esi, dword [ebp - 0xacb0]
mov bl, byte [ebp - 0xac88]
mov ecx, esi
lea edx, [ebx + ecx - 3]
mov bl, byte [ebp - 0xac90]
sub ecx, edx
test dl, dl
cmovs ebx, ecx
mov byte [ebp - 0xac90], bl

loc_fffcb677:  ; not directly referenced
movzx esi, byte [ebp - 0xaca1]
sub eax, 3
sub eax, dword [ebp - 0xac88]
cmp al, byte [ebp - 0xacac]
cmovs esi, eax
mov eax, esi
mov esi, dword [ebp - 0xac90]
mov ebx, esi
cmp al, bl
cmovl eax, esi
mov byte [ebp - 0xaca1], al

loc_fffcb6a5:  ; not directly referenced
mov eax, dword [ebp + 0x1c]
mov dword [ebp - 0xace4], eax
movzx eax, byte [ebp - 0xaca4]
imul esi, eax, 0x90
mov dword [ebp - 0xacd8], eax
mov dword [ebp - 0xad08], esi
add esi, 4
mov dword [ebp - 0xad00], esi
mov esi, dword [ebp + 0x10]
mov dword [ebp - 0xacb8], esi
movzx esi, byte [ebp - 0xace6]
mov word [ebp - 0xacba], si

loc_fffcb6e7:  ; not directly referenced
mov eax, dword [ebp + 0x10]
mov esi, dword [ebp - 0xacb8]
mov word [ebp - 0xad04], ax
sub esi, eax
cmp si, word [ebp - 0xacba]
jae loc_fffcbbc6  ; jae 0xfffcbbc6
mov eax, dword [ebp - 0xacb8]
mov al, byte [eax]
mov cl, al
mov byte [ebp - 0xac98], al
movzx eax, al
mov ebx, eax
mov dword [ebp - 0xacb0], eax
xor eax, eax
cmp cl, 0x21
ja short loc_fffcb72f  ; ja 0xfffcb72f
movzx eax, byte [ebx + ref_fffd58e0]  ; movzx eax, byte [ebx - 0x2a720]

loc_fffcb72f:  ; not directly referenced
cmp al, 8
mov ebx, 8
cmovbe ebx, eax
mov al, byte [ebp - 0xac98]
sub eax, 0xc
mov byte [ebp - 0xacdc], al
cmp al, 1
jbe short loc_fffcb770  ; jbe 0xfffcb770
push eax
mov ecx, dword [ebp - 0xacb0]
push eax
mov eax, edi
push dword [ebp - 0xacec]
push dword [ebp - 0xacd8]
lea edx, [edi + 0x2491]
call fcn_fffa7e1a  ; call 0xfffa7e1a
add esp, 0x10

loc_fffcb770:  ; not directly referenced
cmp dword [ebp - 0xacc4], 2
jne short loc_fffcb79d  ; jne 0xfffcb79d
mov al, byte [ebp - 0xac98]
mov byte [ebp - 0xac9c], 0x25
cmp al, 0x11
sete dl
cmp al, 5
sete al
or dl, al
jne short loc_fffcb7f9  ; jne 0xfffcb7f9
cmp byte [ebp - 0xac98], 0x21
je short loc_fffcb7f9  ; je 0xfffcb7f9

loc_fffcb79d:  ; not directly referenced
mov al, byte [ebp - 0xac98]
mov byte [ebp - 0xac9c], 0x36
cmp al, 0x10
sete dl
cmp al, 4
sete al
or dl, al
jne short loc_fffcb7f9  ; jne 0xfffcb7f9
mov al, byte [ebp - 0xac98]
cmp al, 5
sete dl
cmp al, 0x20
sete al
or dl, al
jne short loc_fffcb7f9  ; jne 0xfffcb7f9
mov al, byte [ebp - 0xac98]
cmp al, 0x21
sete dl
cmp al, 0x11
sete al
or dl, al
jne short loc_fffcb7f9  ; jne 0xfffcb7f9
mov al, byte [ebp - 0xac98]
cmp al, 0xd
je short loc_fffcb7f9  ; je 0xfffcb7f9
cmp al, 0xc
mov cl, 0x1f
mov al, 0x40
cmove ecx, eax
mov byte [ebp - 0xac9c], cl

loc_fffcb7f9:  ; not directly referenced
mov eax, dword [ebp - 0xace4]
mov ecx, 0x14
xor edx, edx
movzx esi, si
mov ax, word [eax]
div cx
mov cl, byte [ebp - 0xac9c]
movzx edx, cl
cmp dx, ax
cmova ecx, eax
imul ebx, ebx, 0x240
lea eax, [edi + 0x2491]
mov dword [ebp - 0xace0], eax
mov byte [ebp - 0xac9c], cl
add eax, ebx
add eax, dword [ebp - 0xad00]
add ebx, dword [ebp - 0xad08]
mov dword [ebp - 0xad04], eax
imul eax, esi, 0x1200
mov dword [ebp - 0xacf8], ebx
mov dword [ebp - 0xacfc], eax
movsx eax, byte [ebp - 0xac90]
mov byte [ebp - 0xaca0], al
mov dword [ebp - 0xad10], eax
movzx eax, byte [ebp - 0xaca3]
mov dword [ebp - 0xacac], eax

loc_fffcb87c:  ; not directly referenced
mov al, byte [ebp - 0xaca0]
cmp byte [ebp - 0xaca1], al
jl loc_fffcbbb4  ; jl 0xfffcbbb4
movsx eax, byte [ebp - 0xaca0]
mov dword [ebp - 0xacd0], eax
mov eax, dword [ebp - 0xad10]
sub dword [ebp - 0xacd0], eax
cmp dword [ebp - 0xacc8], 0
jne short loc_fffcb8c3  ; jne 0xfffcb8c3

loc_fffcb8b0:  ; not directly referenced
movsx ax, byte [ebp - 0xaca0]
xor ebx, ebx
mov word [ebp - 0xacf4], ax
jmp short loc_fffcb91a  ; jmp 0xfffcb91a

loc_fffcb8c3:  ; not directly referenced
movsx ax, byte [ebp - 0xaca0]
mov dl, 8
mov esi, dword [ebp - 0xaca8]
idiv dl
movsx ecx, ah
mov dl, al
cmp cl, 1
movsx eax, al
setle bl
test dl, dl
mov al, byte [esi + eax + 0x1bc]
sete dl
test bl, dl
jne loc_fffcbba9  ; jne 0xfffcbba9
mov edx, 1
shl edx, cl
test al, dl
je short loc_fffcb8b0  ; je 0xfffcb8b0
jmp near loc_fffcbba9  ; jmp 0xfffcbba9

loc_fffcb907:  ; not directly referenced
cmp byte [ebp - 0xacbb], 0
jne short loc_fffcb989  ; jne 0xfffcb989

loc_fffcb910:  ; not directly referenced
inc ebx
cmp ebx, 2
je loc_fffcb9c0  ; je 0xfffcb9c0

loc_fffcb91a:  ; not directly referenced
mov eax, dword [ebp - 0xacac]
bt eax, ebx
jae short loc_fffcb910  ; jae 0xfffcb910
xor eax, eax
cmp byte [ebp - 0xac8c], 7
jne short loc_fffcb946  ; jne 0xfffcb946
imul edx, ebx, 0x13c3
cmp dword [edi + edx + 0x3817], 2
mov edx, 0x20
cmove eax, edx

loc_fffcb946:  ; not directly referenced
xor esi, esi
mov word [ebp - 0xacd4], ax

loc_fffcb94f:  ; not directly referenced
mov eax, esi
cmp byte [ebp - 0xaca2], al
jbe short loc_fffcb907  ; jbe 0xfffcb907
mov eax, dword [ebp - 0xacf4]
mov edx, ebx
add eax, dword [ebp - 0xacd4]
push 0
movzx ecx, byte [ebp + ebx - 0xac75]
cwde
push eax
movzx eax, byte [ebp - 0xac8c]
push eax
mov eax, edi
push esi
inc esi
call fcn_fffa972b  ; call 0xfffa972b
add esp, 0x10
jmp short loc_fffcb94f  ; jmp 0xfffcb94f

loc_fffcb989:  ; not directly referenced
mov al, byte [ebp - 0xac8c]
and eax, 0xfffffff7
dec al
jne loc_fffcb910  ; jne 0xfffcb910
mov eax, dword [ebp - 0xaca8]
cmp byte [eax + 0x1c5], 0
je loc_fffcb910  ; je 0xfffcb910
xor ecx, ecx
mov edx, 1
mov eax, edi
call fcn_fffb7663  ; call 0xfffb7663
jmp near loc_fffcb910  ; jmp 0xfffcb910

loc_fffcb9c0:  ; not directly referenced
cmp byte [ebp - 0xacdc], 1
ja loc_fffcba62  ; ja 0xfffcba62
cmp dword [ebp - 0xacc4], 3
je short loc_fffcba1b  ; je 0xfffcba1b

loc_fffcb9d6:  ; not directly referenced
push eax
mov ecx, dword [ebp - 0xacac]
push eax
mov edx, dword [ebp - 0xace0]
push 1
lea eax, [ebp - 0xac5c]
push eax
movzx eax, byte [ebp - 0xac9c]
push eax
mov eax, edi
push 0
push dword [ebp - 0xacb0]
push dword [ebp - 0xacd8]
call fcn_fffc66ae  ; call 0xfffc66ae
add esp, 0x14
push edi
call fcn_fffc9f5d  ; call 0xfffc9f5d
add esp, 0x10
jmp near loc_fffcba9e  ; jmp 0xfffcba9e

loc_fffcba1b:  ; not directly referenced
mov eax, dword [ebp - 0xad04]
xor edx, edx
xor ecx, ecx

loc_fffcba25:  ; not directly referenced
cmp dword [edi + edx + 0x3757], 2
jne short loc_fffcba4b  ; jne 0xfffcba4b
mov ebx, dword [eax - 4]
cmp ebx, 0x29
lea esi, [ebx - 0x28]
mov ebx, dword [eax]
cmovb esi, ecx
mov dword [eax - 4], esi
cmp ebx, 0x29
lea esi, [ebx - 0x28]
cmovb esi, ecx
mov dword [eax], esi

loc_fffcba4b:  ; not directly referenced
add edx, 0x13c3
add eax, 0x48
cmp edx, 0x2786
je loc_fffcb9d6  ; je 0xfffcb9d6
jmp short loc_fffcba25  ; jmp 0xfffcba25

loc_fffcba62:  ; not directly referenced
push eax
mov ecx, dword [ebp - 0xacac]
push eax
mov edx, dword [ebp - 0xace0]
lea eax, [ebp - 0xac5c]
push eax
movzx eax, byte [ebp - 0xac9c]
push eax
lea eax, [ebp - 0xac71]
push eax
mov eax, dword [ebp - 0xacd8]
push dword [ebp - 0xacb0]
push eax
push eax
mov eax, edi
call fcn_fffd16df  ; call 0xfffd16df
add esp, 0x20

loc_fffcba9e:  ; not directly referenced
movsx eax, byte [ebp - 0xacd0]
xor ecx, ecx
mov esi, dword [ebp - 0xacfc]
imul eax, eax, 0x48
lea eax, [esi + eax + 4]
lea eax, [ebp + eax - 0xa2cc]
mov dword [ebp - 0xacd4], eax

loc_fffcbac1:  ; not directly referenced
mov eax, dword [ebp - 0xacac]
bt eax, ecx
jae loc_fffcbb98  ; jae 0xfffcbb98
imul esi, ecx, 0x48
mov eax, dword [ebp - 0xacd4]
add esi, dword [ebp - 0xacf8]
lea ebx, [eax - 4]
add esi, edi

loc_fffcbae4:  ; not directly referenced
mov al, byte [edi + 0x2489]
mov word [ebp - 0xacd0], 0xffff
mov byte [ebp - 0xacf4], al
xor eax, eax

loc_fffcbafb:  ; not directly referenced
cmp byte [ebp - 0xacf4], al
jbe short loc_fffcbb36  ; jbe 0xfffcbb36
mov edx, dword [esi + eax*8 + 0x2491]
mov word [ebx + eax*4], dx
mov edx, dword [ebp - 0xacd0]
cmp dx, word [esi + eax*8 + 0x2491]
cmova dx, word [esi + eax*8 + 0x2491]
inc eax
cmp byte [ebp - 0xacdc], 1
mov word [ebp - 0xacd0], dx
ja short loc_fffcbafb  ; ja 0xfffcbafb

loc_fffcbb36:  ; not directly referenced
cmp byte [ebp - 0xaca2], 1
jne short loc_fffcbb48  ; jne 0xfffcbb48
mov eax, dword [ebp - 0xacd0]
mov word [ebx], ax

loc_fffcbb48:  ; not directly referenced
cmp byte [ebp - 0xac94], 0
je short loc_fffcbb86  ; je 0xfffcbb86
mov al, byte [ebp - 0xac98]
cmp al, 0xc
je short loc_fffcbb64  ; je 0xfffcbb64
cmp al, 0xd
jne short loc_fffcbb86  ; jne 0xfffcbb86
jmp near loc_fffcc5a1  ; jmp 0xfffcc5a1

loc_fffcbb64:  ; not directly referenced
mov eax, 0x8c

loc_fffcbb69:  ; not directly referenced
cmp word [ebx], ax
ja short loc_fffcbb86  ; ja 0xfffcbb86
sub esp, 0xc
push edi
mov dword [ebp - 0xacd0], ecx
call fcn_fffc9f5d  ; call 0xfffc9f5d
mov ecx, dword [ebp - 0xacd0]
add esp, 0x10

loc_fffcbb86:  ; not directly referenced
add ebx, 2
add esi, 4
cmp ebx, dword [ebp - 0xacd4]
jne loc_fffcbae4  ; jne 0xfffcbae4

loc_fffcbb98:  ; not directly referenced
inc ecx
add dword [ebp - 0xacd4], 0x24
cmp ecx, 2
jne loc_fffcbac1  ; jne 0xfffcbac1

loc_fffcbba9:  ; not directly referenced
inc byte [ebp - 0xaca0]
jmp near loc_fffcb87c  ; jmp 0xfffcb87c

loc_fffcbbb4:  ; not directly referenced
add dword [ebp - 0xace4], 2
inc dword [ebp - 0xacb8]
jmp near loc_fffcb6e7  ; jmp 0xfffcb6e7

loc_fffcbbc6:  ; not directly referenced
movsx esi, byte [ebp - 0xaca1]
movsx eax, byte [ebp - 0xac90]
mov dword [ebp - 0xac98], 0
mov dword [ebp - 0xacd4], esi
sub dword [ebp - 0xacd4], eax
mov esi, dword [ebp - 0xacd4]
mov dword [ebp - 0xacd0], eax
mov eax, esi
mov byte [ebp - 0xad00], al
inc eax
mov byte [ebp - 0xacac], al
lea eax, [ebp - 0x5acc]
mov dword [ebp - 0xacf8], eax
lea eax, [edi + 0x3757]
mov dword [ebp - 0xacb0], eax
mov eax, dword [ebp - 0xacb4]
mov dword [ebp - 0xace0], eax
movzx eax, byte [ebp - 0xace6]
mov dword [ebp - 0xad08], eax
shl eax, 6
mov dword [ebp - 0xacdc], eax

loc_fffcbc3f:  ; not directly referenced
movzx eax, byte [ebp - 0xaca3]
mov esi, dword [ebp - 0xac98]
mov dword [ebp - 0xace4], eax
bt eax, esi
jae loc_fffcc332  ; jae 0xfffcc332
mov eax, dword [ebp - 0xacf8]
mov dword [ebp - 0xac9c], 0
mov dword [ebp - 0xacec], eax

loc_fffcbc71:  ; not directly referenced
mov al, byte [ebp - 0xac9c]
cmp byte [ebp - 0xaca2], al
jbe loc_fffcc332  ; jbe 0xfffcc332
imul eax, dword [ebp - 0xac98], 9
mov word [ebp - 0xacd8], 0
mov dword [ebp - 0xacfc], eax

loc_fffcbc99:  ; not directly referenced
mov ax, word [ebp - 0xacba]
mov esi, dword [ebp - 0xacd8]
cmp si, ax
jae loc_fffcbe54  ; jae 0xfffcbe54
mov al, byte [ebp - 0xac90]
movzx ebx, si
mov byte [ebp - 0xaca0], al
mov eax, ebx
shl eax, 6
mov dword [ebp - 0xacb8], eax

loc_fffcbcc9:  ; not directly referenced
mov al, byte [ebp - 0xaca0]
cmp byte [ebp - 0xaca1], al
jl loc_fffcbe48  ; jl 0xfffcbe48
mov al, byte [ebp - 0xaca0]
sub eax, dword [ebp - 0xacd0]
movsx esi, al
mov eax, dword [ebp - 0xacb8]
add eax, esi
cmp dword [ebp - 0xacc8], 0
mov word [ebp + eax*2 - 0xabcc], 0
je short loc_fffcbd55  ; je 0xfffcbd55
movsx ax, byte [ebp - 0xaca0]
mov dl, 8
mov ecx, dword [ebp - 0xaca8]
idiv dl
mov byte [ebp - 0xace6], ah
mov dl, al
movsx eax, al
cmp byte [ebp - 0xace6], 1
mov al, byte [ecx + eax + 0x1bc]
setle cl
test dl, dl
sete dl
test cl, dl
jne loc_fffcbe3d  ; jne 0xfffcbe3d
mov cl, byte [ebp - 0xace6]
mov edx, 1
shl edx, cl
test al, dl
jne loc_fffcbe3d  ; jne 0xfffcbe3d

loc_fffcbd55:  ; not directly referenced
mov eax, dword [ebp + 0x10]
mov al, byte [eax + ebx]
lea edx, [eax - 4]
cmp dl, 1
setbe cl
cmp al, 0x21
sete dl
or cl, dl
jne short loc_fffcbd79  ; jne 0xfffcbd79
cmp al, 0x20
je short loc_fffcbd79  ; je 0xfffcbd79
cmp al, 0xd
jne loc_fffcbdfd  ; jne 0xfffcbdfd

loc_fffcbd79:  ; not directly referenced
mov eax, dword [ebp + 0x18]
imul ecx, esi, 0x12
movzx edx, byte [eax + ebx]
imul eax, ebx, 0x480
add eax, ecx
mov ecx, edx
add eax, dword [ebp - 0xacfc]
add eax, dword [ebp - 0xac9c]
imul cx, word [ebp + eax*4 - 0xa2ca]
imul edx, dword [ebp + eax*4 - 0xa2cc]
mov word [ebp - 0xace6], dx
mov eax, edx
mov edx, ecx
sub dx, word [ebp - 0xace6]
add eax, ecx
add eax, eax
mov word [ebp - 0xacf4], dx
mov edx, eax
sub eax, dword [ebp - 0xacf4]
add edx, dword [ebp - 0xacf4]
cmp cx, word [ebp - 0xace6]
mov ecx, 2
cmovbe eax, edx
mov edx, eax
sar dx, 0xf
idiv cx
add esi, dword [ebp - 0xacb8]
mov word [ebp + esi*2 - 0xabcc], ax
jmp short loc_fffcbe3d  ; jmp 0xfffcbe3d

loc_fffcbdfd:  ; not directly referenced
mov ecx, dword [ebp + 0x18]
mov eax, dword [ebp - 0xacb8]
movzx edx, byte [ecx + ebx]
imul ecx, ebx, 0x480
add eax, esi
imul esi, esi, 0x12
add esi, ecx
add esi, dword [ebp - 0xacfc]
add esi, dword [ebp - 0xac9c]
movzx ecx, word [ebp + esi*4 - 0xa2ca]
add ecx, dword [ebp + esi*4 - 0xa2cc]
imul ecx, edx
mov word [ebp + eax*2 - 0xabcc], cx

loc_fffcbe3d:  ; not directly referenced
inc byte [ebp - 0xaca0]
jmp near loc_fffcbcc9  ; jmp 0xfffcbcc9

loc_fffcbe48:  ; not directly referenced
inc word [ebp - 0xacd8]
jmp near loc_fffcbc99  ; jmp 0xfffcbc99

loc_fffcbe54:  ; not directly referenced
cmp byte [ebp - 0xac8c], 0xc
mov byte [ebp - 0xaca0], 1
sete bl
cmp byte [ebp - 0xace8], 2
mov byte [ebp - 0xace6], bl
setbe al
or al, bl
jne loc_fffcbfb2  ; jne 0xfffcbfb2
cmp byte [ebp - 0xace7], 0
je short loc_fffcbedc  ; je 0xfffcbedc
cmp byte [ebp - 0xacbb], 0
mov byte [ebp - 0xaca0], 3
je loc_fffcbfb2  ; je 0xfffcbfb2
mov al, byte [ebp - 0xaca1]
push ecx
push ecx
mov ecx, 8
push 3
lea ebx, [eax + 1]
sub ebx, dword [ebp - 0xac90]
push 0
lea eax, [ebp - 0xabcc]
movzx ebx, bl
mov edx, ebx
call fcn_fffa6ff5  ; call 0xfffa6ff5
mov ecx, 8
mov edx, ebx
pop esi
pop eax
lea eax, [ebp - 0xab4c]
push 3
push 0
jmp near loc_fffcbf61  ; jmp 0xfffcbf61

loc_fffcbedc:  ; not directly referenced
cmp byte [ebp - 0xac8c], 5
jne loc_fffcbf72  ; jne 0xfffcbf72
cmp dword [ebp - 0xacc0], 0
je short loc_fffcbf04  ; je 0xfffcbf04
movzx eax, byte [ebp - 0xacd4]
mov ebx, 1
xor ecx, ecx
mov dl, 4
jmp short loc_fffcbf11  ; jmp 0xfffcbf11

loc_fffcbf04:  ; not directly referenced
movzx eax, byte [ebp - 0xacac]
xor ebx, ebx
mov cl, 2
mov dl, 5

loc_fffcbf11:  ; not directly referenced
movzx esi, cl
movzx ecx, dl
mov dword [ebp - 0xaca0], esi
mov edx, eax
push esi
push esi
push 1
push dword [ebp - 0xaca0]
lea esi, [ebp - 0xabcc]
lea eax, [ebx + ebx]
add eax, esi
mov esi, edx
mov dword [ebp - 0xacb8], ecx
call fcn_fffa6ff5  ; call 0xfffa6ff5
mov ecx, dword [ebp - 0xacb8]
pop eax
pop edx
mov edx, esi
lea eax, [ebp + ebx - 0xabcc]
lea eax, [eax + ebx + 0x80]
push 1
push dword [ebp - 0xaca0]

loc_fffcbf61:  ; not directly referenced
call fcn_fffa6ff5  ; call 0xfffa6ff5
add esp, 0x10
mov byte [ebp - 0xaca0], 1
jmp short loc_fffcbfb2  ; jmp 0xfffcbfb2

loc_fffcbf72:  ; not directly referenced
cmp byte [ebp - 0xac8c], 0xa
mov byte [ebp - 0xaca0], 5
sete al
or al, byte [ebp - 0xac94]
jne short loc_fffcbfb2  ; jne 0xfffcbfb2
cmp byte [ebp - 0xacac], 6
mov byte [ebp - 0xaca0], 7
jg short loc_fffcbfb2  ; jg 0xfffcbfb2
mov al, byte [ebp - 0xad00]
mov esi, dword [ebp - 0xacac]
test al, al
cmove eax, esi
mov byte [ebp - 0xaca0], al

loc_fffcbfb2:  ; not directly referenced
mov dword [ebp - 0xacd8], 0

loc_fffcbfbc:  ; not directly referenced
movsx ebx, byte [ebp - 0xacd8]
movsx esi, byte [ebp - 0xacac]
movzx eax, byte [ebp - 0xac8c]
cmp ebx, esi
mov dword [ebp - 0xacb8], eax
jge loc_fffcc23f  ; jge 0xfffcc23f
movsx eax, byte [ebp - 0xac88]
push edx
push edx
mov edx, dword [ebp - 0xac98]
mov ecx, eax
mov dword [ebp - 0xacf4], eax
mov al, byte [ebp - 0xac90]
add eax, dword [ebp - 0xacd8]
mov dword [ebp - 0xac68], 0
movsx esi, al
lea eax, [ebp - 0xac68]
push eax
mov eax, edi
push 0
push ecx
xor ecx, ecx
push esi
push dword [ebp - 0xacb8]
push dword [ebp - 0xac9c]
call fcn_fffb6980  ; call 0xfffb6980
add esp, 0x20
cmp byte [ebp - 0xac8c], 0xa
mov word [ebp + ebx*2 - 0xac4c], ax
sete al
mov byte [ebp - 0xacfc], al
or al, byte [ebp - 0xace6]
jne short loc_fffcc05b  ; jne 0xfffcc05b
cmp byte [ebp - 0xac94], 0
je short loc_fffcc087  ; je 0xfffcc087

loc_fffcc05b:  ; not directly referenced
imul eax, ebx, 0x1a
mov edx, dword [ebp - 0xac68]
lea ecx, [ebp - 0x18]
add eax, ecx
mov ecx, dword [ebp - 0xac64]
mov dword [eax - 0xa91e], edx
mov dword [eax - 0xa932], ecx
mov ecx, dword [ebp - 0xac60]
mov dword [eax - 0xa92e], ecx

loc_fffcc087:  ; not directly referenced
cmp byte [ebp - 0xacbc], 1
setbe al
or al, byte [ebp - 0xac94]
je short loc_fffcc116  ; je 0xfffcc116
push eax
mov edx, dword [ebp - 0xac98]
xor ecx, ecx
push eax
lea eax, [ebp - 0xac68]
push eax
mov eax, edi
push 0
push dword [ebp - 0xacf4]
mov dword [ebp - 0xac68], 1
push esi
push dword [ebp - 0xacb8]
push dword [ebp - 0xac9c]
imul esi, ebx, 0x1a
call fcn_fffb6980  ; call 0xfffb6980
add esp, 0x20
lea ecx, [ebp - 0x18]
lea edx, [ecx + esi]
mov word [ebp + esi - 0xa94c], ax
mov al, byte [ebp - 0xacfc]
or al, byte [ebp - 0xac94]
je short loc_fffcc116  ; je 0xfffcc116
mov eax, dword [ebp - 0xac64]
mov dword [edx - 0xa92a], eax
mov eax, dword [ebp - 0xac60]
mov dword [edx - 0xa926], eax
mov eax, dword [ebp - 0xac68]
mov dword [edx - 0xa922], eax

loc_fffcc116:  ; not directly referenced
imul edx, ebx, 0x1a
mov ax, word [ebp + ebx*2 - 0xac4c]
mov esi, dword [ebp - 0xacdc]
mov ecx, eax
add cx, word [ebp + edx - 0xa94c]
cmp dword [ebp - 0xacc8], 0
lea edx, [esi + ebx]
mov word [ebp + edx*2 - 0xabcc], cx
je short loc_fffcc157  ; je 0xfffcc157
mov esi, 0x3e8
xor edx, edx
div si
mov word [ebp + ebx*2 - 0xac4c], ax

loc_fffcc157:  ; not directly referenced
mov al, byte [ebp - 0xac8c]
test al, al
sete dl
cmp al, 9
sete al
or dl, al
jne short loc_fffcc174  ; jne 0xfffcc174
cmp byte [ebp - 0xac8c], 1
jne short loc_fffcc190  ; jne 0xfffcc190

loc_fffcc174:  ; not directly referenced
mov eax, dword [ebp - 0xacdc]
movzx ecx, cx
lea esi, [eax + ebx]
mov eax, 0xdb88
cdq
idiv ecx
mov word [ebp + esi*2 - 0xabcc], ax

loc_fffcc190:  ; not directly referenced
cmp byte [ebp - 0xac8c], 4
jne loc_fffcc234  ; jne 0xfffcc234
mov eax, dword [ebp - 0xacb0]
cmp dword [eax + 0xc0], 1
jne loc_fffcc234  ; jne 0xfffcc234
movzx edx, byte [eax + 0xc4]
xor eax, eax

loc_fffcc1b9:  ; not directly referenced
bt edx, eax
jb short loc_fffcc1c6  ; jb 0xfffcc1c6
inc eax
cmp eax, 4
jne short loc_fffcc1b9  ; jne 0xfffcc1b9
jmp short loc_fffcc1cc  ; jmp 0xfffcc1cc

loc_fffcc1c6:  ; not directly referenced
mov byte [ebp - 0xaca4], al

loc_fffcc1cc:  ; not directly referenced
cmp dword [ebp - 0xacc4], 3
jne short loc_fffcc1e7  ; jne 0xfffcc1e7

loc_fffcc1d5:  ; not directly referenced
add ebx, dword [ebp - 0xacdc]
mov word [ebp + ebx*2 - 0xabcc], 1
jmp short loc_fffcc234  ; jmp 0xfffcc234

loc_fffcc1e7:  ; not directly referenced
mov al, byte [ebp - 0xaca4]
mov esi, dword [ebp - 0xacb0]
mov edx, eax
shr al, 1
and edx, 1
movzx eax, al
imul edx, edx, 0x18
imul eax, eax, 0x128
add eax, edx
mov ax, word [esi + eax + 0x126d]
mov ecx, eax
mov edx, eax
shr cx, 9
shr dx, 6
and ecx, 1
and edx, 1
shl ecx, 2
add edx, edx
shr ax, 2
or edx, ecx
and eax, 1
or dl, al
je short loc_fffcc1d5  ; je 0xfffcc1d5

loc_fffcc234:  ; not directly referenced
inc dword [ebp - 0xacd8]
jmp near loc_fffcbfbc  ; jmp 0xfffcbfbc

loc_fffcc23f:  ; not directly referenced
sub esp, 0xc
mov edx, dword [ebp - 0xac98]
push dword [ebp - 0xacb8]
movzx eax, byte [ebp - 0xacac]
lea ebx, [ebp - 0xabcc]
movzx ecx, byte [ebp + edx - 0xac75]
push 1
push dword [ebp - 0xad08]
push dword [ebp + 0x18]
push dword [ebp + 0x10]
push eax
mov eax, edi
push 0x40
push ebx
push 0
call fcn_fffb78c3  ; call 0xfffb78c3
movsx eax, byte [ebp - 0xad09]
add esp, 0x2c
mov ecx, ebx
push eax
movzx eax, byte [ebp - 0xaca0]
push dword [ebp + 0x1c]
push dword [ebp - 0xacf0]
push eax
mov eax, edi
push dword [ebp + 0x18]
push esi
mov esi, dword [ebp - 0xacec]
push 0x40
mov edx, esi
call fcn_fffa5cdb  ; call 0xfffa5cdb
movsx bx, byte [esi + 2]
add esp, 0x20
add bx, word [esi]
xor edx, edx
cmp byte [ebp - 0xac8c], 7
jne short loc_fffcc2dc  ; jne 0xfffcc2dc
mov eax, dword [ebp - 0xacb0]
cmp dword [eax + 0xc0], 2
mov eax, 0x20
cmove edx, eax

loc_fffcc2dc:  ; not directly referenced
movsx ax, byte [ebp - 0xac90]
push 1
mov esi, dword [ebp - 0xac9c]
sub eax, edx
mov edx, dword [ebp - 0xac98]
add ebx, eax
movsx eax, bx
push eax
mov eax, edi
push dword [ebp - 0xacb8]
movzx ecx, byte [ebp + edx - 0xac75]
push esi
call fcn_fffa972b  ; call 0xfffa972b
mov ecx, dword [ebp - 0xace0]
add esp, 0x10
inc dword [ebp - 0xac9c]
add dword [ebp - 0xacec], 0x50a
mov word [ecx + esi*2], bx
jmp near loc_fffcbc71  ; jmp 0xfffcbc71

loc_fffcc332:  ; not directly referenced
inc dword [ebp - 0xac98]
add dword [ebp - 0xacf8], 0x2d5a
add dword [ebp - 0xace0], 0x12
add dword [ebp - 0xacb0], 0x13c3
cmp dword [ebp - 0xac98], 2
jne loc_fffcbc3f  ; jne 0xfffcbc3f
cmp dword [ebp - 0xaccc], 0
je short loc_fffcc381  ; je 0xfffcc381
mov eax, dword [ebp - 0xaca8]
mov edx, 0x2008
mov ecx, dword [eax + 0x18]
mov eax, edi
or ecx, 0x20
call fcn_fffb3381  ; call 0xfffb3381

loc_fffcc381:  ; not directly referenced
lea eax, [edi + 0x2491]
xor esi, esi
mov dword [ebp - 0xac94], eax

loc_fffcc38f:  ; not directly referenced
mov eax, dword [ebp - 0xacb4]
cmp word [ebp - 0xacba], si
jbe loc_fffcc486  ; jbe 0xfffcc486
mov dword [ebp - 0xac88], eax
imul eax, esi, 0x480
xor edx, edx
mov dword [ebp - 0xac90], eax

loc_fffcc3b6:  ; not directly referenced
mov eax, dword [ebp - 0xace4]
bt eax, edx
jb short loc_fffcc3ed  ; jb 0xfffcc3ed

loc_fffcc3c1:  ; not directly referenced
inc edx
add dword [ebp - 0xac88], 0x12
cmp edx, 2
jne short loc_fffcc3b6  ; jne 0xfffcc3b6
mov eax, dword [ebp + 0x10]
sub esp, 0xc
mov edx, dword [ebp - 0xac94]
movzx ecx, byte [eax + esi]
mov eax, edi
inc esi
push 0
call fcn_fffa7d46  ; call 0xfffa7d46
add esp, 0x10
jmp short loc_fffcc38f  ; jmp 0xfffcc38f

loc_fffcc3ed:  ; not directly referenced
mov eax, dword [ebp + 0x10]
xor ebx, ebx
movzx eax, byte [eax + esi]
cmp al, 0x21
ja short loc_fffcc401  ; ja 0xfffcc401
movzx ebx, byte [eax + ref_fffd58e0]  ; movzx ebx, byte [eax - 0x2a720]

loc_fffcc401:  ; not directly referenced
imul ebx, ebx, 0x240
imul eax, edx, 0x48
add eax, ebx
add eax, edi
lea ebx, [edx + edx*8]
mov ecx, eax
mov dword [ebp - 0xac8c], ebx
xor eax, eax

loc_fffcc41b:  ; not directly referenced
cmp byte [ebp - 0xaca2], al
jbe short loc_fffcc3c1  ; jbe 0xfffcc3c1
mov ebx, dword [ebp - 0xac88]
movsx ebx, word [ebx + eax*2]
sub ebx, dword [ebp - 0xacd0]
imul ebx, ebx, 0x12
add ebx, dword [ebp - 0xac90]
add ebx, dword [ebp - 0xac8c]
add ebx, eax
movzx ebx, word [ebp + ebx*4 - 0xa2cc]
mov dword [ecx + eax*8 + 0x2491], ebx
mov ebx, dword [ebp - 0xac88]
movsx ebx, word [ebx + eax*2]
sub ebx, dword [ebp - 0xacd0]
imul ebx, ebx, 0x12
add ebx, dword [ebp - 0xac90]
add ebx, dword [ebp - 0xac8c]
add ebx, eax
movzx ebx, word [ebp + ebx*4 - 0xa2ca]
mov dword [ecx + eax*8 + 0x2495], ebx
inc eax
jmp short loc_fffcc41b  ; jmp 0xfffcc41b

loc_fffcc486:  ; not directly referenced
mov esi, dword [ebp + 0x10]
add eax, 0x24
mov byte [eax + 0x18], 4
mov dword [ebp - 0xac90], eax

loc_fffcc496:  ; not directly referenced
mov ecx, esi
sub ecx, dword [ebp - 0xad04]
cmp cx, word [ebp - 0xacba]
jae loc_fffcc598  ; jae 0xfffcc598
movzx edx, byte [esi]
xor eax, eax
cmp dl, 0x21
ja short loc_fffcc4bc  ; ja 0xfffcc4bc
movzx eax, byte [edx + ref_fffd58e0]  ; movzx eax, byte [edx - 0x2a720]

loc_fffcc4bc:  ; not directly referenced
mov ebx, dword [ebp - 0xacb4]
movzx ecx, cx
imul eax, eax, 0x240
mov dword [ebp - 0xac88], 0
lea ebx, [ebx + ecx*2]
mov dword [ebp - 0xac94], ebx
mov ebx, dword [ebp - 0xac90]
add eax, edi
mov dword [ebp - 0xac8c], ebx

loc_fffcc4ec:  ; not directly referenced
mov ecx, dword [ebp - 0xace4]
mov edx, dword [ebp - 0xac88]
bt ecx, edx
jae short loc_fffcc56e  ; jae 0xfffcc56e
xor edx, edx

loc_fffcc4ff:  ; not directly referenced
cmp dl, byte [ebp - 0xaca2]
jae short loc_fffcc55c  ; jae 0xfffcc55c
test dl, dl
jne short loc_fffcc519  ; jne 0xfffcc519
mov ecx, dword [eax + 0x2491]
add ecx, dword [eax + 0x2495]
jmp short loc_fffcc550  ; jmp 0xfffcc550

loc_fffcc519:  ; not directly referenced
mov ecx, dword [eax + edx*8 + 0x2495]
mov ebx, dword [eax + edx*8 + 0x2491]
mov dword [ebp - 0xac9c], eax
mov eax, dword [ebp - 0xac8c]
mov dword [ebp - 0xac98], ecx
add ecx, ebx
movzx eax, word [eax]
cmp eax, ecx
mov eax, dword [ebp - 0xac9c]
jbe short loc_fffcc559  ; jbe 0xfffcc559
mov ecx, ebx
add ecx, dword [ebp - 0xac98]

loc_fffcc550:  ; not directly referenced
mov ebx, dword [ebp - 0xac8c]
mov word [ebx], cx

loc_fffcc559:  ; not directly referenced
inc edx
jmp short loc_fffcc4ff  ; jmp 0xfffcc4ff

loc_fffcc55c:  ; not directly referenced
mov dl, byte [esi]
mov ecx, dword [ebp - 0xac94]
mov ebx, dword [ebp - 0xac88]
mov byte [ecx + ebx + 0x34], dl

loc_fffcc56e:  ; not directly referenced
inc dword [ebp - 0xac88]
add eax, 0x48
add dword [ebp - 0xac8c], 2
cmp dword [ebp - 0xac88], 2
jne loc_fffcc4ec  ; jne 0xfffcc4ec
add dword [ebp - 0xac90], 4
inc esi
jmp near loc_fffcc496  ; jmp 0xfffcc496

loc_fffcc598:  ; not directly referenced
mov byte [edi + 0x247b], 0
jmp short loc_fffcc5ab  ; jmp 0xfffcc5ab

loc_fffcc5a1:  ; not directly referenced
mov eax, 0xdc
jmp near loc_fffcbb69  ; jmp 0xfffcbb69

loc_fffcc5ab:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcc5b3:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x60
mov ebx, dword [ebp + 8]
mov byte [ebp - 0x67], 4
lea esi, [ebp - 0x60]
mov byte [ebp - 0x66], 1
mov byte [ebp - 0x65], 1
mov edi, dword [ebx + 0x2444]
push 0
push 8
mov eax, dword [ebx + 0x5edd]
mov byte [ebp - 0x64], 2
mov byte [ebp - 0x63], 1
add eax, 0x1bc
push eax
mov byte [ebp - 0x62], 0
mov byte [ebp - 0x61], 0
call dword [edi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 5
push esi
call dword [edi + 0x60]  ; ucall
movzx edx, byte [ebp - 0x67]
mov ecx, 1
mov eax, ebx
call fcn_fffaab72  ; call 0xfffaab72
movzx edx, byte [ebp - 0x66]
mov ecx, 1
mov word [ebp - 0x60], ax
mov eax, ebx
call fcn_fffaab72  ; call 0xfffaab72
add esp, 0x10
cmp dword [ebx + 0x188b], 1
mov word [ebp - 0x5e], ax
jne short loc_fffcc64e  ; jne 0xfffcc64e
mov eax, ebx
call fcn_fffaac56  ; call 0xfffaac56
mov eax, 8
mov edx, 0x2f
add word [ebp - 0x5e], 0x28
jmp short loc_fffcc655  ; jmp 0xfffcc655

loc_fffcc64e:  ; not directly referenced
xor eax, eax
mov edx, 7

loc_fffcc655:  ; not directly referenced
push ecx
mov ecx, 3
push 0
push 0
push 0xf
push edx
push eax
push esi
lea eax, [ebp - 0x65]
push eax
push 2
lea eax, [ebp - 0x67]
push eax
mov eax, ebx
push 6
lea edx, [ebp - 0x56]
push 0xf
call fcn_fffcb1dd  ; call 0xfffcb1dd
add esp, 0x28
mov eax, ebx
push 0
mov ecx, 3
push 0xf
push 0
push 0
push 0
lea edx, [ebx + 0x2491]
push 1
call fcn_fffbea08  ; call 0xfffbea08
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcc6a5:  ; not directly referenced
push ebp
mov ebp, esp
push esi
push ebx
sub esp, 0x54
mov ebx, dword [ebp + 8]
lea esi, [ebp - 0x50]
mov byte [ebp - 0x57], 4
mov byte [ebp - 0x56], 1
mov eax, dword [ebx + 0x2444]
push 0
push 5
push esi
mov byte [ebp - 0x55], 1
mov byte [ebp - 0x54], 2
mov byte [ebp - 0x53], 1
mov byte [ebp - 0x52], 0
mov byte [ebp - 0x51], 0
call dword [eax + 0x60]  ; ucall
movzx edx, byte [ebp - 0x57]
mov ecx, 1
mov eax, ebx
call fcn_fffaab72  ; call 0xfffaab72
movzx edx, byte [ebp - 0x56]
mov ecx, 1
mov word [ebp - 0x50], ax
mov eax, ebx
call fcn_fffaab72  ; call 0xfffaab72
add esp, 0x10
cmp dword [ebx + 0x2481], 3
mov word [ebp - 0x4e], ax
jne short loc_fffcc73d  ; jne 0xfffcc73d
push eax
mov ecx, 3
push 0
push 0
push 0xf
push 2
push 0
push esi
lea eax, [ebp - 0x55]
push eax
push 2
lea eax, [ebp - 0x57]
push eax
mov eax, ebx
push 9
push 0xf
lea edx, [ebp - 0x46]
call fcn_fffcb1dd  ; call 0xfffcb1dd
add esp, 0x30

loc_fffcc73d:  ; not directly referenced
lea esp, [ebp - 8]
xor eax, eax
pop ebx
pop esi
pop ebp
ret

fcn_fffcc746:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
add esp, 0xffffff80
mov edi, dword [ebp + 8]
lea edx, [ebp - 0x60]
mov byte [ebp - 0x6f], 4
mov byte [ebp - 0x6e], 1
mov eax, dword [edi + 0x2444]
mov ebx, dword [edi + 0x1887]
mov esi, dword [edi + 0x5edd]
push 0
push 5
push edx
mov byte [ebp - 0x6a], 1
mov byte [ebp - 0x69], 2
mov byte [ebp - 0x68], 1
mov byte [ebp - 0x67], 0
mov byte [ebp - 0x66], 0
mov byte [ebp - 0x6d], 4
mov byte [ebp - 0x6c], 1
mov byte [ebp - 0x6b], 0xb
mov byte [ebp - 0x65], 1
mov byte [ebp - 0x64], 2
mov byte [ebp - 0x63], 2
mov byte [ebp - 0x62], 1
mov byte [ebp - 0x61], 0
call dword [eax + 0x60]  ; ucall
mov edx, 0x3a04
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
add esp, 0x10
mov edx, dword [edi + 0x2481]
and eax, 0x3f
cmp ebx, 0x306d0
mov byte [ebp - 0x88], al
sete al
cmp ebx, 0x40650
sete cl
or al, cl
je short loc_fffcc7f7  ; je 0xfffcc7f7
cmp edx, 3
je short loc_fffcc81a  ; je 0xfffcc81a
mov byte [ebp - 0x85], 9
mov byte [ebp - 0x7e], 0x1e
mov word [ebp - 0x80], 0xe6
jmp short loc_fffcc808  ; jmp 0xfffcc808

loc_fffcc7f7:  ; not directly referenced
mov byte [ebp - 0x85], 9
mov byte [ebp - 0x7e], 0x1e
mov word [ebp - 0x80], 0xb4

loc_fffcc808:  ; not directly referenced
lea eax, [ebp - 0x6a]
mov dword [ebp - 0x84], eax
lea eax, [ebp - 0x6f]
mov byte [ebp - 0x7d], 2
jmp short loc_fffcc83b  ; jmp 0xfffcc83b

loc_fffcc81a:  ; not directly referenced
lea eax, [ebp - 0x65]
mov dword [ebp - 0x84], eax
lea eax, [ebp - 0x6d]
mov byte [ebp - 0x85], 0xa
mov byte [ebp - 0x7e], 0x50
mov word [ebp - 0x80], 0xe6
mov byte [ebp - 0x7d], 3

loc_fffcc83b:  ; not directly referenced
mov dword [ebp - 0x7c], eax
xor ebx, ebx

loc_fffcc840:  ; not directly referenced
mov eax, dword [ebp - 0x7c]
mov ecx, 1
movzx edx, byte [eax + ebx]
mov eax, edi
call fcn_fffaab72  ; call 0xfffaab72
mov word [ebp + ebx*2 - 0x60], ax
inc ebx
cmp byte [ebp - 0x7d], bl
ja short loc_fffcc840  ; ja 0xfffcc840
mov ecx, dword [esi + 0xc]
mov esi, ecx
shr ecx, 0xf
mov al, cl
and eax, 0x1f
shr esi, 3
and esi, 1
and cl, 0x10
lea edx, [eax - 0x20]
cmove edx, eax
mov eax, edi
movsx edx, dl
call fcn_fffa6cac  ; call 0xfffa6cac
movzx ecx, byte [ebp - 0x88]
mov edx, esi
xor edx, 1
movzx esi, dl
shl esi, 4
mov ebx, eax
movzx eax, dl
shl eax, 4
xor edx, edx
add eax, ecx
imul ebx, eax
movzx eax, byte [ebp - 0x88]
mov word [ebp - 0x88], ax
mov eax, ebx
div word [ebp - 0x80]
mov ecx, eax
movzx eax, bx
movzx ebx, byte [ebp - 0x7e]
cdq
sub ecx, esi
sub ecx, dword [ebp - 0x88]
idiv ebx
mov dl, 0xf0
sub eax, esi
sub eax, dword [ebp - 0x88]
cmp cx, 0xfff1
cmovge edx, ecx
movsx ecx, dl
add edx, 0x17
movsx esi, al
lea ebx, [ecx + 0x17]
cmp esi, ebx
cmovg eax, edx
push edx
movzx edx, byte [ebp - 0x85]
cmp al, 0xf
push 0
push edx
mov dl, 0xf
cmovle edx, eax
push 0x11
movsx edx, dl
push edx
push ecx
mov ecx, 3
lea eax, [ebp - 0x60]
push eax
movzx eax, byte [ebp - 0x7d]
push dword [ebp - 0x84]
lea edx, [ebp - 0x56]
push eax
mov eax, edi
push dword [ebp - 0x7c]
push 1
push 0xf
call fcn_fffcb1dd  ; call 0xfffcb1dd
add esp, 0x28
mov eax, edi
push 0
mov ecx, 3
push 0x11
push 0
push 0
push 0
lea edx, [edi + 0x2491]
push 1
call fcn_fffbea08  ; call 0xfffbea08
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcc956:  ; not directly referenced
push ebp
mov ecx, 0xa
mov ebp, esp
push edi
push esi
mov esi, ref_fffd619c  ; mov esi, 0xfffd619c
push ebx
sub esp, 0x7c
mov eax, dword [ebp + 8]
lea edi, [ebp - 0x60]
mov byte [ebp - 0x6e], 4
lea ebx, [ebp - 0x60]
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
mov byte [ebp - 0x6d], 1
lea esi, [eax + 0x3757]
mov byte [ebp - 0x6c], 5
mov byte [ebp - 0x6b], 2
mov byte [ebp - 0x70], 5
mov byte [ebp - 0x6f], 2
mov byte [ebp - 0x6a], 1
mov byte [ebp - 0x69], 2
mov byte [ebp - 0x68], 1
mov byte [ebp - 0x67], 2
mov byte [ebp - 0x66], 0
mov byte [ebp - 0x65], 1
mov byte [ebp - 0x64], 2
mov byte [ebp - 0x63], 0
mov byte [ebp - 0x62], 0
mov byte [ebp - 0x61], 0
mov dword [ebp - 0x7c], 0

loc_fffcc9c1:  ; not directly referenced
cmp dword [esi], 2
jne loc_fffcca75  ; jne 0xfffcca75
mov cl, byte [ebp - 0x7c]
mov edi, 1
shl edi, cl
cmp dword [esi + 0xc0], 2
jne short loc_fffcca4b  ; jne 0xfffcca4b
push edx
mov ecx, edi
push 0
push 0
push 0xf
push 4
push 1
push ebx
lea eax, [ebp - 0x6a]
push eax
push 4
lea eax, [ebp - 0x6e]
push eax
mov eax, dword [ebp + 8]
push 7
push 0xf
lea edx, [ebp - 0x56]
call fcn_fffcb1dd  ; call 0xfffcb1dd
add esp, 0x2c
mov ecx, edi
push 0
push 0
push 0xf
push 2
push 1
push ebx
lea eax, [ebp - 0x65]
push eax
push 2
lea eax, [ebp - 0x70]
push eax
mov eax, dword [ebp + 8]
push 8
push 3
lea edx, [ebp - 0x56]
call fcn_fffcb1dd  ; call 0xfffcb1dd
add esp, 0x2c
push 0
push 0
push 0xf
push 2
push 1
push ebx
lea eax, [ebp - 0x65]
push eax
push 2
lea eax, [ebp - 0x70]
push eax
push 8
push 0xc
jmp short loc_fffcca65  ; jmp 0xfffcca65

loc_fffcca4b:  ; not directly referenced
push eax
push 0
push 0
push 0xf
push 2
push 0
push ebx
lea eax, [ebp - 0x65]
push eax
push 2
lea eax, [ebp - 0x70]
push eax
push 7
push 0xf

loc_fffcca65:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ecx, edi
lea edx, [ebp - 0x56]
call fcn_fffcb1dd  ; call 0xfffcb1dd
add esp, 0x30

loc_fffcca75:  ; not directly referenced
inc dword [ebp - 0x7c]
add esi, 0x13c3
cmp dword [ebp - 0x7c], 2
jne loc_fffcc9c1  ; jne 0xfffcc9c1
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcca92:  ; not directly referenced
push ebp
mov ecx, 0xa
mov ebp, esp
push edi
push esi
mov esi, ref_fffd61a8  ; mov esi, 0xfffd61a8
push ebx
sub esp, 0x5c
mov ebx, dword [ebp + 8]
lea edi, [ebp - 0x60]
mov byte [ebp - 0x67], 5
mov byte [ebp - 0x66], 2
mov eax, dword [ebx + 0x1887]
mov byte [ebp - 0x65], 1
mov byte [ebp - 0x64], 2
mov byte [ebp - 0x63], 0
cmp eax, 0x306d0
sete dl
cmp eax, 0x40650
sete al
or dl, al
mov byte [ebp - 0x62], 0
mov byte [ebp - 0x61], 0
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
je short loc_fffccb4c  ; je 0xfffccb4c
mov cl, 1
mov edx, 5
mov eax, ebx
call fcn_fffaab72  ; call 0xfffaab72
mov edx, dword [ebp - 0x60]
mov ecx, 1
cmp ax, dx
cmovae edx, eax
mov eax, ebx
mov word [ebp - 0x60], dx
mov edx, 2
call fcn_fffaab72  ; call 0xfffaab72
mov dx, word [ebp - 0x5e]
mov ecx, 3
cmp ax, dx
cmovae edx, eax
push eax
push 0
push 0
push 0xf
push 8
push 0xfffffffffffffff1
lea eax, [ebp - 0x60]
push eax
lea eax, [ebp - 0x65]
push eax
push 2
lea eax, [ebp - 0x67]
push eax
mov eax, ebx
push 2
push 0xf
mov word [ebp - 0x5e], dx
lea edx, [ebp - 0x56]
call fcn_fffcb1dd  ; call 0xfffcb1dd
add esp, 0x30

loc_fffccb4c:  ; not directly referenced
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffccb56:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x6c
mov ebx, dword [ebp + 8]
mov byte [ebp - 0x67], 0xd
mov byte [ebp - 0x66], 0xc
mov byte [ebp - 0x65], 1
cmp dword [ebx + 0x188b], 1
mov byte [ebp - 0x64], 2
mov byte [ebp - 0x63], 1
mov byte [ebp - 0x62], 0
mov byte [ebp - 0x61], 0
jne loc_fffccc5f  ; jne 0xfffccc5f
movzx esi, byte [ebx + 0x248f]
lea ecx, [ebp - 0x60]
movzx edi, byte [ebx + 0x248e]
push eax
mov eax, dword [ebx + 0x2444]
push 0
push 5
push ecx
call dword [eax + 0x60]  ; ucall
movzx edx, byte [ebp - 0x67]
mov ecx, 1
mov eax, ebx
call fcn_fffaab72  ; call 0xfffaab72
movzx edx, byte [ebp - 0x66]
mov ecx, 1
mov word [ebp - 0x60], ax
mov eax, ebx
call fcn_fffaab72  ; call 0xfffaab72
add esp, 0xc
mov ecx, edi
push 0
push 0
push 0xf
push 0
push 0xfffffffffffffff8
lea edi, [ebp - 0x67]
mov word [ebp - 0x5e], ax
mov eax, esi
lea esi, [ebp - 0x60]
push esi
lea esi, [ebp - 0x65]
push esi
push 2
push edi
push 0xf
push ecx
lea edx, [ebp - 0x56]
mov dword [ebp - 0x6c], ecx
mov ecx, eax
mov dword [ebp - 0x70], eax
mov eax, ebx
call fcn_fffcb1dd  ; call 0xfffcb1dd
add esp, 0x30
mov edx, 0x3a08
mov eax, ebx
call fcn_fffb331f  ; call 0xfffb331f
mov edx, eax
shr edx, 0x12
shr eax, 0xc
and edx, 0x3f
and eax, 0x3f
cmp dl, al
push ecx
cmovle eax, edx
mov ecx, dword [ebp - 0x70]
mov dl, 5
push 0
sub edx, eax
push 0
cmp dl, 0xf8
mov al, 0xf8
push 0xf
cmovge eax, edx
push 0
movsx eax, al
push eax
mov eax, ebx
lea edx, [ebp - 0x60]
push edx
push esi
push 2
push edi
push 0xa
push dword [ebp - 0x6c]
lea edx, [ebp - 0x56]
call fcn_fffcb1dd  ; call 0xfffcb1dd
add esp, 0x30

loc_fffccc5f:  ; not directly referenced
sub esp, 0xc
push ebx
call fcn_fffc9f5d  ; call 0xfffc9f5d
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffccc72:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x6c
mov ebx, dword [ebp + 8]
mov byte [ebp - 0x67], 0xd
mov byte [ebp - 0x66], 0xc
mov byte [ebp - 0x65], 1
cmp dword [ebx + 0x188b], 1
mov byte [ebp - 0x64], 2
mov byte [ebp - 0x63], 1
mov byte [ebp - 0x62], 0
mov byte [ebp - 0x61], 0
jne short loc_fffccd1b  ; jne 0xfffccd1b
movzx eax, byte [ebx + 0x248e]
lea esi, [ebp - 0x60]
movzx edi, byte [ebx + 0x248f]
mov dword [ebp - 0x6c], eax
push eax
mov eax, dword [ebx + 0x2444]
push 0
push 5
push esi
call dword [eax + 0x60]  ; ucall
movzx edx, byte [ebp - 0x67]
mov ecx, 1
mov eax, ebx
call fcn_fffaab72  ; call 0xfffaab72
movzx edx, byte [ebp - 0x66]
mov ecx, 1
mov word [ebp - 0x60], ax
mov eax, ebx
call fcn_fffaab72  ; call 0xfffaab72
add esp, 0xc
mov ecx, edi
push 0
push 0
push 0xf
push 3
push 0
push esi
lea edx, [ebp - 0x56]
mov word [ebp - 0x5e], ax
lea eax, [ebp - 0x65]
push eax
push 2
lea eax, [ebp - 0x67]
push eax
mov eax, dword [ebp - 0x6c]
push 0xc
push eax
mov eax, ebx
call fcn_fffcb1dd  ; call 0xfffcb1dd
add esp, 0x30

loc_fffccd1b:  ; not directly referenced
sub esp, 0xc
push ebx
call fcn_fffc9f5d  ; call 0xfffc9f5d
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffccd2e:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, ecx
push esi
push ebx
mov ebx, eax
sub esp, 0x70
mov eax, dword [eax + 0x2444]
push 0
push 5
lea esi, [ebp - 0x60]
push esi
mov dword [ebp - 0x6c], edx
mov byte [ebp - 0x67], 5
mov byte [ebp - 0x66], 2
mov byte [ebp - 0x65], 1
mov byte [ebp - 0x64], 2
mov byte [ebp - 0x63], 1
mov byte [ebp - 0x62], 0
mov byte [ebp - 0x61], 0
call dword [eax + 0x60]  ; ucall
movzx edx, byte [ebp - 0x67]
mov ecx, 1
mov eax, ebx
call fcn_fffaab72  ; call 0xfffaab72
movzx edx, byte [ebp - 0x66]
mov ecx, 1
mov word [ebp - 0x60], ax
mov eax, ebx
call fcn_fffaab72  ; call 0xfffaab72
add esp, 0xc
movzx ecx, byte [ebp - 0x6c]
cmp dword [ebx + 0x188b], 1
push 1
push 0
push 0xf
push 0xa
lea edx, [ebp - 0x56]
mov word [ebp - 0x5e], ax
sbb eax, eax
and eax, 4
sub eax, 0x11
movsx eax, al
push eax
push esi
lea eax, [ebp - 0x65]
push eax
push 2
lea eax, [ebp - 0x67]
push eax
mov eax, ebx
push 0
push 0xf
call fcn_fffcb1dd  ; call 0xfffcb1dd
add esp, 0x30
xor eax, eax
cmp dword [ebp + 8], 0
je short loc_fffccdfb  ; je 0xfffccdfb
push eax
mov ecx, 3
push eax
mov eax, ebx
push 0
push edi
push 0
push 0
push 0
push 2
lea edx, [ebx + 0x2491]
call fcn_fffbea08  ; call 0xfffbea08
add esp, 0x20

loc_fffccdfb:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcce03:  ; not directly referenced
push ebp
mov ecx, 0xf
mov ebp, esp
mov edx, 3
mov eax, dword [ebp + 8]
mov dword [ebp + 8], 1
pop ebp
jmp near fcn_fffccd2e  ; jmp 0xfffccd2e

fcn_fffcce20:  ; not directly referenced
push ebp
mov ebp, esp
mov ecx, dword [ebp + 0x10]
mov eax, dword [ebp + 0x18]
mov edx, dword [ebp + 0x1c]
mov dword [ecx], eax
mov dword [ecx + 4], edx
pop ebp
ret

fcn_fffcce33:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x3c
mov eax, dword [ebp + 0x14]
mov ebx, dword [ebp + 0xc]
mov edi, dword [ebp + 8]
mov edx, dword [ebp + 0x10]
mov dword [ebp - 0x2c], eax
mov eax, dword [ebp + 0x20]
mov dword [ebp - 0x24], ebx
mov byte [ebp - 0x32], bl
mov byte [ebp - 0x31], dl
mov dword [ebp - 0x3c], eax
mov eax, dword [ebp + 0x24]
mov dword [ebp - 0x40], eax
mov al, byte [ebp + 0x18]
mov byte [ebp - 0x33], al
mov al, byte [ebp + 0x1c]
mov byte [ebp - 0x34], al
mov eax, dword [edi + 0x5edd]
cmp bl, 1
ja loc_fffcd076  ; ja 0xfffcd076
cmp dword [edi + 0x2481], 2
jne loc_fffcd076  ; jne 0xfffcd076
movzx eax, byte [ebp - 0x24]
mov dword [ebp - 0x1c], 0
mov dword [ebp - 0x38], eax
imul eax, eax, 0x13c3
lea ebx, [edi + eax + 0x3757]
add eax, edi
mov dword [ebp - 0x48], eax

loc_fffccea8:  ; not directly referenced
mov cl, byte [ebp - 0x1c]
mov edx, 1
shl edx, cl
test byte [ebp - 0x33], dl
je loc_fffcd05f  ; je 0xfffcd05f
mov eax, dword [ebp - 0x48]
test byte [eax + 0x381b], dl
je loc_fffcd05f  ; je 0xfffcd05f
mov esi, dword [ebp - 0x1c]
imul eax, esi, 0x18
mov dword [ebp - 0x30], eax
mov ax, word [ebx + eax + 0x1277]
mov word [ebp - 0x28], ax
or word [ebp - 0x28], 0x80
mov eax, dword [ebp - 0x28]
cmp dword [ebp - 0x3c], 0
mov word [ebp - 0x20], ax
je loc_fffccfce  ; je 0xfffccfce
movzx eax, byte [ebp - 0x34]
imul esi, esi, 0x70
mov dword [ebp - 0x28], 0
mov dword [ebp - 0x30], eax
movzx eax, byte [ebp - 0x32]
add esi, ebx
mov dword [ebp - 0x44], eax

loc_fffccf10:  ; not directly referenced
mov eax, dword [ebp - 0x30]
mov edx, dword [ebp - 0x28]
bt eax, edx
jae loc_fffccfb9  ; jae 0xfffccfb9
mov cx, word [esi + 0x109f]
mov al, cl
and ecx, 0x3f
and eax, 0x7f
mov dl, al
or edx, 0xffffffc0
test al, 0x60
cmove edx, ecx
lea eax, [edx - 0xd]
cmp dl, 0xc
jg short loc_fffccf4b  ; jg 0xfffccf4b
xor eax, eax
cmp dl, 0xe4
lea ecx, [edx + 0x1b]
cmovle eax, ecx

loc_fffccf4b:  ; not directly referenced
add eax, dword [ebp - 0x2c]
cmp al, 0x25
jg short loc_fffccf5c  ; jg 0xfffccf5c
cmp al, 0xdb
jl short loc_fffccf63  ; jl 0xfffccf63
test al, al
jns short loc_fffccf5e  ; jns 0xfffccf5e
jmp short loc_fffccf65  ; jmp 0xfffccf65

loc_fffccf5c:  ; not directly referenced
mov al, 0x25

loc_fffccf5e:  ; not directly referenced
add eax, 0xd
jmp short loc_fffccf68  ; jmp 0xfffccf68

loc_fffccf63:  ; not directly referenced
mov al, 0xdb

loc_fffccf65:  ; not directly referenced
sub eax, 0x1b

loc_fffccf68:  ; not directly referenced
and eax, 0x7f
mov cl, byte [ebp - 0x28]
mov dl, al
and eax, 0x3f
shr dl, 6
and word [ebp - 0x20], 0xff80
and edx, 1
shl edx, 6
or word [ebp - 0x20], dx
or word [ebp - 0x20], ax
mov eax, 1
push edx
mov edx, dword [ebp - 0x44]
shl eax, cl
mov ecx, dword [ebp - 0x1c]
push eax
movzx eax, word [ebp - 0x20]
push 6
push eax
mov eax, edi
call fcn_fffac8c3  ; call 0xfffac8c3
add esp, 0x10
cmp byte [ebp - 0x31], 0
je short loc_fffccfb9  ; je 0xfffccfb9
mov eax, dword [ebp - 0x20]
mov word [esi + 0x109f], ax

loc_fffccfb9:  ; not directly referenced
inc dword [ebp - 0x28]
add esi, 0xe
cmp dword [ebp - 0x28], 8
jne loc_fffccf10  ; jne 0xfffccf10
jmp near loc_fffcd05f  ; jmp 0xfffcd05f

loc_fffccfce:  ; not directly referenced
mov eax, dword [ebp - 0x30]
mov si, word [ebx + eax + 0x1277]
mov ecx, esi
and esi, 0x3f
and ecx, 0x7f
mov al, cl
or eax, 0xffffffc0
and cl, 0x60
cmove eax, esi
lea ecx, [eax - 0xd]
cmp al, 0xc
jg short loc_fffccffd  ; jg 0xfffccffd
xor ecx, ecx
cmp al, 0xe4
lea esi, [eax + 0x1b]
cmovle ecx, esi

loc_fffccffd:  ; not directly referenced
add ecx, dword [ebp - 0x2c]
cmp cl, 0x25
jg short loc_fffcd010  ; jg 0xfffcd010
cmp cl, 0xdb
jl short loc_fffcd017  ; jl 0xfffcd017
test cl, cl
js short loc_fffcd019  ; js 0xfffcd019
jmp short loc_fffcd012  ; jmp 0xfffcd012

loc_fffcd010:  ; not directly referenced
mov cl, 0x25

loc_fffcd012:  ; not directly referenced
add ecx, 0xd
jmp short loc_fffcd01c  ; jmp 0xfffcd01c

loc_fffcd017:  ; not directly referenced
mov cl, 0xdb

loc_fffcd019:  ; not directly referenced
sub ecx, 0x1b

loc_fffcd01c:  ; not directly referenced
and ecx, 0x7f
mov esi, dword [ebp - 0x28]
mov al, cl
and ecx, 0x3f
shr al, 6
and eax, 1
shl eax, 6
and esi, 0xffffff80
or esi, eax
or esi, ecx
mov ecx, edx
mov edx, dword [ebp - 0x38]
push eax
push eax
movzx eax, si
push eax
mov eax, edi
push 6
call fcn_fffa96cb  ; call 0xfffa96cb
add esp, 0x10
cmp byte [ebp - 0x31], 0
je short loc_fffcd05f  ; je 0xfffcd05f
mov eax, dword [ebp - 0x30]
mov word [ebx + eax + 0x1277], si

loc_fffcd05f:  ; not directly referenced
inc dword [ebp - 0x1c]
cmp dword [ebp - 0x1c], 2
jne loc_fffccea8  ; jne 0xfffccea8
mov ebx, 0x40000000
jmp near loc_fffcd1ce  ; jmp 0xfffcd1ce

loc_fffcd076:  ; not directly referenced
mov ebx, dword [ebp - 0x24]
cmp bl, 1
je short loc_fffcd0a3  ; je 0xfffcd0a3
jb short loc_fffcd091  ; jb 0xfffcd091
cmp bl, 2
jne loc_fffcd260  ; jne 0xfffcd260
mov cl, byte [eax + 0x14]
and ecx, 0x7f
jmp short loc_fffcd0b4  ; jmp 0xfffcd0b4

loc_fffcd091:  ; not directly referenced
movzx ebx, byte [eax + 0x16]
mov cl, byte [eax + 0x15]
and ebx, 0x1f
shr cl, 6
shl ebx, 2
jmp short loc_fffcd0b2  ; jmp 0xfffcd0b2

loc_fffcd0a3:  ; not directly referenced
movzx ebx, byte [eax + 0x15]
mov cl, byte [eax + 0x14]
and ebx, 0x3f
shr cl, 7
add ebx, ebx

loc_fffcd0b2:  ; not directly referenced
or ecx, ebx

loc_fffcd0b4:  ; not directly referenced
mov bl, cl
mov esi, 0xffffffca
or ebx, 0xffffff80
test cl, 0xc0
cmovne ecx, ebx
mov ebx, 0x36
movsx ecx, cl
add ecx, dword [ebp - 0x2c]
cmp ecx, 0xffffffca
cmovge esi, ecx
cmp esi, 0x36
cmovle ebx, esi
test dl, dl
je short loc_fffcd14e  ; je 0xfffcd14e
mov edx, dword [ebp - 0x24]
cmp dl, 1
je short loc_fffcd129  ; je 0xfffcd129
jb short loc_fffcd104  ; jb 0xfffcd104
cmp dl, 2
jne loc_fffcd260  ; jne 0xfffcd260
mov dl, byte [eax + 0x14]
mov cl, bl
and ecx, 0x7f
and edx, 0xffffff80
or edx, ecx
mov byte [eax + 0x14], dl
jmp short loc_fffcd14e  ; jmp 0xfffcd14e

loc_fffcd104:  ; not directly referenced
mov dl, byte [eax + 0x15]
mov cl, bl
shl ecx, 6
and edx, 0x3f
or edx, ecx
mov ecx, ebx
mov byte [eax + 0x15], dl
mov dl, byte [eax + 0x16]
shr ecx, 2
and ecx, 0x1f
and edx, 0xffffffe0
or edx, ecx
mov byte [eax + 0x16], dl
jmp short loc_fffcd14e  ; jmp 0xfffcd14e

loc_fffcd129:  ; not directly referenced
mov dl, byte [eax + 0x14]
mov ecx, ebx
and ecx, 1
shl ecx, 7
and edx, 0x7f
or edx, ecx
mov ecx, ebx
mov byte [eax + 0x14], dl
mov dl, byte [eax + 0x15]
shr ecx, 1
and ecx, 0x3f
and edx, 0xffffffc0
or edx, ecx
mov byte [eax + 0x15], dl

loc_fffcd14e:  ; not directly referenced
cmp dword [edi + 0x188b], 1
mov eax, 0xf84
mov edx, 0xf78
cmove edx, eax
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov edx, dword [ebp - 0x24]
cmp dl, 1
je short loc_fffcd19f  ; je 0xfffcd19f
jb short loc_fffcd18b  ; jb 0xfffcd18b
cmp dl, 2
jne loc_fffcd260  ; jne 0xfffcd260
and ebx, 0x7f
and eax, 0xffffff80
or eax, ebx
mov ebx, 0x20000000
jmp short loc_fffcd1b1  ; jmp 0xfffcd1b1

loc_fffcd18b:  ; not directly referenced
and ebx, 0x7f
and eax, 0xffe03fff
shl ebx, 0xe
or eax, ebx
mov ebx, 0x40000000
jmp short loc_fffcd1b1  ; jmp 0xfffcd1b1

loc_fffcd19f:  ; not directly referenced
and ebx, 0x7f
and eax, 0xffffc07f
shl ebx, 7
or eax, ebx
mov ebx, 0x80000000

loc_fffcd1b1:  ; not directly referenced
cmp dword [edi + 0x188b], 1
mov ecx, 0xf84
mov edx, 0xf78
cmove edx, ecx
mov ecx, eax
mov eax, edi
call fcn_fffb38b3  ; call 0xfffb38b3

loc_fffcd1ce:  ; not directly referenced
cmp byte [ebp - 0x40], 0
jne loc_fffcd260  ; jne 0xfffcd260
cmp dword [edi + 0x2481], 2
jne short loc_fffcd1ec  ; jne 0xfffcd1ec
cmp byte [ebp - 0x24], 1
mov edx, 3
jbe short loc_fffcd236  ; jbe 0xfffcd236

loc_fffcd1ec:  ; not directly referenced
cmp dword [edi + 0x188b], 1
mov cl, 0x4b
mov byte [ebp - 0x1c], 0
sete al
mov esi, eax
mov al, 0x32
lea esi, [esi + esi*4 + 5]
cmovne ecx, eax

loc_fffcd207:  ; not directly referenced
cmp dword [edi + 0x188b], 1
mov eax, 0xf84
mov edx, 0xf78
mov dword [ebp - 0x20], ecx
cmove edx, eax
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov ecx, dword [ebp - 0x20]
and eax, ebx
cmp eax, ebx
jne short loc_fffcd244  ; jne 0xfffcd244

loc_fffcd22e:  ; not directly referenced
mov eax, esi
movzx esi, al
imul edx, esi, 0xf

loc_fffcd236:  ; not directly referenced
lea esp, [ebp - 0xc]
mov eax, edi
pop ebx
pop esi
pop edi
pop ebp
jmp near fcn_fffa82f9  ; jmp 0xfffa82f9

loc_fffcd244:  ; not directly referenced
mov edx, 0xf
mov eax, edi
mov dword [ebp - 0x20], ecx
call fcn_fffa82f9  ; call 0xfffa82f9
mov ecx, dword [ebp - 0x20]
inc byte [ebp - 0x1c]
cmp byte [ebp - 0x1c], cl
jb short loc_fffcd207  ; jb 0xfffcd207
jmp short loc_fffcd22e  ; jmp 0xfffcd22e

loc_fffcd260:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcd268:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x4c
mov eax, dword [ebp + 0x18]
mov esi, dword [ebp + 0x20]
mov edi, dword [ebp + 0x2c]
mov ecx, dword [ebp + 0xc]
mov dword [ebp - 0x30], eax
mov ebx, dword [ebp + 0x1c]
mov byte [ebp - 0x2b], al
mov eax, esi
mov edx, dword [ebp + 0x24]
mov byte [ebp - 0x48], al
mov eax, edi
mov byte [ebp - 0x29], al
mov al, byte [ebp + 0x30]
cmp cl, 6
mov dword [ebp - 0x40], ebx
mov byte [ebp - 0x2c], bl
sete bl
cmp cl, 3
mov dword [ebp - 0x20], esi
mov byte [ebp - 0x50], al
mov eax, dword [ebp + 8]
mov dword [ebp - 0x44], edx
mov dword [ebp - 0x34], edi
mov byte [ebp - 0x49], dl
mov eax, dword [eax + 0x5edd]
mov byte [ebp - 0x2a], bl
mov dword [ebp - 0x38], eax
setbe al
or al, bl
jne short loc_fffcd2f6  ; jne 0xfffcd2f6
lea eax, [ecx - 8]
cmp al, 2
jbe short loc_fffcd2fa  ; jbe 0xfffcd2fa
mov eax, dword [ebp + 8]
mov bl, 0x36
cmp dword [eax + 0x2481], 2
jne short loc_fffcd300  ; jne 0xfffcd300
cmp cl, 0x11
sete dl
cmp cl, 5
sete al
or dl, al
jne short loc_fffcd2fe  ; jne 0xfffcd2fe
cmp cl, 0x21
jne short loc_fffcd300  ; jne 0xfffcd300
jmp short loc_fffcd311  ; jmp 0xfffcd311

loc_fffcd2f6:  ; not directly referenced
mov bl, 0x1f
jmp short loc_fffcd300  ; jmp 0xfffcd300

loc_fffcd2fa:  ; not directly referenced
mov bl, 0xff
jmp short loc_fffcd300  ; jmp 0xfffcd300

loc_fffcd2fe:  ; not directly referenced
mov bl, 0x25

loc_fffcd300:  ; not directly referenced
cmp cl, 0x1f
ja short loc_fffcd313  ; ja 0xfffcd313
mov eax, dword [ebp + 0x14]
lea esi, [eax + eax - 1]
mov eax, dword [ebp + 0x10]
jmp short loc_fffcd33e  ; jmp 0xfffcd33e

loc_fffcd311:  ; not directly referenced
mov bl, 0x25

loc_fffcd313:  ; not directly referenced
imul esi, dword [ebp + 0x14], 3
mov edi, 2
lea eax, [esi - 5]
imul eax, dword [ebp + 0x14]
cdq
idiv edi
cmp dword [ebp + 0x14], 0
mov esi, eax
mov eax, dword [ebp + 0x10]
mov dword [ebp - 0x1c], eax
jne short loc_fffcd341  ; jne 0xfffcd341
lea eax, [eax + eax*4]
mov di, 4
cdq
idiv edi

loc_fffcd33e:  ; not directly referenced
mov dword [ebp - 0x1c], eax

loc_fffcd341:  ; not directly referenced
mov eax, dword [ebp + 0x10]
mov edi, 3
imul eax, esi
movzx esi, bl
cdq
idiv edi
cmp dword [ebp - 0x1c], esi
jg short loc_fffcd361  ; jg 0xfffcd361
mov edi, dword [ebp - 0x1c]
neg esi
cmp edi, esi
cmovge esi, edi

loc_fffcd361:  ; not directly referenced
mov ebx, dword [ebp - 0x20]
cmp eax, 0xffffffe1
mov edx, 0xffffffe1
cmovge edx, eax
mov edi, 0x1f
cmp edx, 0x1f
cmovle edi, edx
xor eax, eax
mov edx, dword [ebp + 8]
cmp bl, 0xff
cmovne eax, ebx
mov byte [ebp - 0x24], al
movzx eax, byte [ebp - 0x40]
mov ebx, eax
mov dword [ebp - 0x20], eax
imul eax, eax, 0x13c3
lea eax, [edx + eax + 0x3757]
mov dword [ebp - 0x28], eax
movzx eax, byte [ebp - 0x44]
mov edx, eax
mov dword [ebp - 0x1c], eax
imul eax, ebx, 0xcc
mov ebx, dword [ebp - 0x38]
lea eax, [ebx + eax + 0x1c]
lea eax, [eax + edx*4]
mov dword [ebp - 0x3c], eax
mov ebx, dword [eax + 0x54]
cmp cl, 0x21
ja loc_fffcd922  ; ja 0xfffcd922
movzx eax, cl
jmp dword [eax*4 + ref_fffd61b4]  ; ujmp: jmp dword [eax*4 - 0x29e4c]

loc_fffcd3d3:  ; not directly referenced
and esi, 0x3f
and ebx, 0xffffffc0
jmp near loc_fffcd579  ; jmp 0xfffcd579

loc_fffcd3de:  ; not directly referenced
and esi, 0x3f
and ebx, 0xfffff03f
shl esi, 6
jmp near loc_fffcd579  ; jmp 0xfffcd579

loc_fffcd3ef:  ; not directly referenced
and esi, 0x3f
and ebx, 0xfffc0fff
shl esi, 0xc
jmp near loc_fffcd579  ; jmp 0xfffcd579

loc_fffcd400:  ; not directly referenced
and esi, 0x3f
and ebx, 0xff03ffff
shl esi, 0x12
jmp near loc_fffcd579  ; jmp 0xfffcd579

loc_fffcd411:  ; not directly referenced
and esi, 0x7f
and ebx, 0x80ffffff
shl esi, 0x18
jmp near loc_fffcd579  ; jmp 0xfffcd579

loc_fffcd422:  ; not directly referenced
mov ebx, dword [ebp - 0x20]
mov eax, dword [ebp + 8]
shl ebx, 0xa
add ebx, 0x4028
mov edx, ebx
call fcn_fffb331f  ; call 0xfffb331f
cmp esi, 0
mov edi, eax
mov eax, dword [ebp - 0x28]
mov eax, dword [eax + 0x1019]
jle short loc_fffcd44f  ; jle 0xfffcd44f
lea esi, [esi + esi - 0x10]
dec eax
jmp short loc_fffcd456  ; jmp 0xfffcd456

loc_fffcd44f:  ; not directly referenced
je short loc_fffcd456  ; je 0xfffcd456
lea esi, [esi + esi + 0x10]
inc eax

loc_fffcd456:  ; not directly referenced
movzx ecx, byte [ebp - 0x24]
and eax, 0x3f
and edi, 0xffc0ffff
mov edx, dword [ebp - 0x1c]
shl eax, 0x10
or edi, eax
lea eax, [ecx + ecx*8]
lea eax, [edx + eax + 0xd8]
mov edx, dword [ebp - 0x28]
movzx eax, word [edx + eax*2 + 1]
push edx
add esi, eax
mov eax, 0x1ff
cmp esi, 0x1ff
cmovle eax, esi
xor edx, edx
test eax, eax
cmovns edx, eax
mov eax, dword [ebp + 8]
push edx
mov edx, dword [ebp - 0x20]
push 0
push dword [ebp - 0x1c]
call fcn_fffa7447  ; call 0xfffa7447
mov eax, dword [ebp + 8]
mov ecx, edi
mov edx, ebx
call fcn_fffb3381  ; call 0xfffb3381
add esp, 0x10
jmp near loc_fffcdab0  ; jmp 0xfffcdab0

loc_fffcd4ba:  ; not directly referenced
movzx eax, byte [ebp - 0x50]
xor ebx, ebx
mov dword [ebp - 0x28], eax
movzx eax, byte [ebp - 0x48]
mov dword [ebp - 0x48], eax

loc_fffcd4ca:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edx, dword [ebp + 8]
cmp dword [edx + eax + 0x3757], 2
jne short loc_fffcd519  ; jne 0xfffcd519
cmp byte [ebp - 0x2c], bl
sete dl
cmp byte [ebp - 0x2b], 1
sete al
or dl, al
je short loc_fffcd519  ; je 0xfffcd519
push dword [ebp - 0x28]
xor eax, eax
cmp byte [ebp - 0x49], 0
mov dword [ebp - 0x50], ecx
setne al
push eax
movzx eax, byte [ebp - 0x29]
push dword [ebp - 0x1c]
push dword [ebp - 0x48]
push esi
push eax
push ebx
push dword [ebp + 8]
call fcn_fffcce33  ; call 0xfffcce33
mov ecx, dword [ebp - 0x50]
add esp, 0x20

loc_fffcd519:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffcd4ca  ; jne 0xfffcd4ca
cmp cl, 0x21
sete dl
cmp cl, 0x11
sete al
or dl, al
je loc_fffcdab0  ; je 0xfffcdab0
mov eax, dword [ebp - 0x3c]
mov ebx, dword [eax + 0x54]
mov eax, edi
and eax, 0x3f
shl eax, 0xc
and ebx, 0xfffc0fff
jmp short loc_fffcd55f  ; jmp 0xfffcd55f

loc_fffcd549:  ; not directly referenced
and esi, 0x7f
mov eax, edi
shl esi, 0x18
and ebx, 0x80fff03f
and eax, 0x3f
or ebx, esi
shl eax, 6

loc_fffcd55f:  ; not directly referenced
or ebx, eax
jmp near loc_fffcd92c  ; jmp 0xfffcd92c

loc_fffcd566:  ; not directly referenced
and esi, 0x3f
and ebx, 0xff000fff
mov eax, esi
shl eax, 0xc
shl esi, 0x12
or ebx, eax

loc_fffcd579:  ; not directly referenced
or ebx, esi
jmp near loc_fffcd92c  ; jmp 0xfffcd92c

loc_fffcd580:  ; not directly referenced
cmp byte [ebp - 0x30], 0
movzx ebx, byte [ebp - 0x24]
je loc_fffcd632  ; je 0xfffcd632
mov eax, dword [ebp + 8]
lea edx, [ebx*4 + 0x3630]
xor edi, edi
mov ecx, dword [ebp + 0x10]
call fcn_fffb38b3  ; call 0xfffb38b3
imul eax, ebx, 0xd8
mov dword [ebp - 0x20], eax

loc_fffcd5ab:  ; not directly referenced
sub esp, 0xc
mov eax, dword [ebp + 8]
mov ecx, 1
push 1
mov edx, edi
push 0
push 0
push dword [ebp + 0x34]
push ebx
call fcn_fffa7273  ; call 0xfffa7273
add esp, 0x20
cmp byte [ebp - 0x29], 0
jne short loc_fffcd5db  ; jne 0xfffcd5db

loc_fffcd5d0:  ; not directly referenced
inc edi
cmp edi, 2
jne short loc_fffcd5ab  ; jne 0xfffcd5ab
jmp near loc_fffcdab0  ; jmp 0xfffcdab0

loc_fffcd5db:  ; not directly referenced
imul eax, edi, 0x13c3
add eax, dword [ebp - 0x20]
mov byte [ebp - 0x1c], 0
mov dword [ebp - 0x24], eax

loc_fffcd5eb:  ; not directly referenced
mov eax, dword [ebp + 8]
mov cl, byte [ebp - 0x1c]
cmp cl, byte [eax + 0x2489]
jae short loc_fffcd5d0  ; jae 0xfffcd5d0
movzx esi, cl
imul esi, esi, 0x18
add esi, dword [ebp - 0x24]
add esi, eax
xor eax, eax
mov dword [ebp - 0x28], esi

loc_fffcd609:  ; not directly referenced
mov esi, dword [ebp + 0x10]
lea ecx, [eax*4]
lea edx, [eax + eax*2]
inc eax
sar esi, cl
mov ecx, esi
mov esi, dword [ebp - 0x28]
and ecx, 0xf
mov byte [esi + edx + 0x3d39], cl
cmp eax, 8
jne short loc_fffcd609  ; jne 0xfffcd609
inc byte [ebp - 0x1c]
jmp short loc_fffcd5eb  ; jmp 0xfffcd5eb

loc_fffcd632:  ; not directly referenced
mov edi, dword [ebp - 0x1c]
mov esi, dword [ebp - 0x20]
mov ecx, dword [ebp + 0x10]
mov eax, edi
shl eax, 7
lea edx, [eax + ebx + 0xc]
mov eax, esi
shl eax, 6
add edx, eax
mov eax, dword [ebp + 8]
shl edx, 2
call fcn_fffb3381  ; call 0xfffb3381
sub esp, 0xc
mov eax, dword [ebp + 8]
push 1
xor ecx, ecx
push 0
mov edx, esi
push edi
push dword [ebp + 0x34]
push ebx
call fcn_fffa7273  ; call 0xfffa7273
add esp, 0x20
cmp byte [ebp - 0x34], 0
je loc_fffcdab0  ; je 0xfffcdab0
imul eax, dword [ebp - 0x1c], 0x18
xor ecx, ecx
imul ebx, ebx, 0xd8
add ebx, eax
xor eax, eax
add ebx, dword [ebp - 0x28]

loc_fffcd68e:  ; not directly referenced
mov edx, dword [ebp + 0x10]
sar edx, cl
add ecx, 4
and edx, 0xf
mov byte [ebx + eax + 0x5e2], dl
add eax, 3
cmp ecx, 0x20
jne short loc_fffcd68e  ; jne 0xfffcd68e
jmp near loc_fffcdab0  ; jmp 0xfffcdab0

loc_fffcd6ad:  ; not directly referenced
cmp byte [ebp - 0x30], 0
movzx ebx, byte [ebp - 0x24]
je loc_fffcd75f  ; je 0xfffcd75f
mov eax, dword [ebp + 8]
lea edx, [ebx*4 + 0x3610]
xor edi, edi
mov ecx, dword [ebp + 0x10]
call fcn_fffb38b3  ; call 0xfffb38b3
imul eax, ebx, 0xd8
mov dword [ebp - 0x24], eax

loc_fffcd6d8:  ; not directly referenced
sub esp, 0xc
mov eax, dword [ebp + 8]
mov ecx, 1
push 0
mov edx, edi
push 1
push 0
push dword [ebp + 0x34]
push ebx
call fcn_fffa7273  ; call 0xfffa7273
add esp, 0x20
cmp byte [ebp - 0x29], 0
jne short loc_fffcd708  ; jne 0xfffcd708

loc_fffcd6fd:  ; not directly referenced
inc edi
cmp edi, 2
jne short loc_fffcd6d8  ; jne 0xfffcd6d8
jmp near loc_fffcdab0  ; jmp 0xfffcdab0

loc_fffcd708:  ; not directly referenced
imul eax, edi, 0x13c3
add eax, dword [ebp - 0x24]
mov byte [ebp - 0x1c], 0
mov dword [ebp - 0x20], eax

loc_fffcd718:  ; not directly referenced
mov eax, dword [ebp + 8]
mov cl, byte [ebp - 0x1c]
cmp cl, byte [eax + 0x2489]
jae short loc_fffcd6fd  ; jae 0xfffcd6fd
movzx esi, cl
imul esi, esi, 0x18
add esi, dword [ebp - 0x20]
add esi, eax
xor eax, eax
mov dword [ebp - 0x28], esi

loc_fffcd736:  ; not directly referenced
mov esi, dword [ebp + 0x10]
lea ecx, [eax*4]
lea edx, [eax + eax*2]
inc eax
sar esi, cl
mov ecx, esi
mov esi, dword [ebp - 0x28]
and ecx, 0xf
mov byte [esi + edx + 0x39d9], cl
cmp eax, 8
jne short loc_fffcd736  ; jne 0xfffcd736
inc byte [ebp - 0x1c]
jmp short loc_fffcd718  ; jmp 0xfffcd718

loc_fffcd75f:  ; not directly referenced
mov edi, dword [ebp - 0x1c]
mov esi, dword [ebp - 0x20]
mov ecx, dword [ebp + 0x10]
mov eax, edi
shl eax, 7
lea edx, [eax + ebx + 4]
mov eax, esi
shl eax, 6
add edx, eax
mov eax, dword [ebp + 8]
shl edx, 2
call fcn_fffb3381  ; call 0xfffb3381
sub esp, 0xc
mov eax, dword [ebp + 8]
push 0
xor ecx, ecx
push 1
mov edx, esi
push edi
push dword [ebp + 0x34]
push ebx
call fcn_fffa7273  ; call 0xfffa7273
add esp, 0x20
cmp byte [ebp - 0x34], 0
je loc_fffcdab0  ; je 0xfffcdab0
imul eax, dword [ebp - 0x1c], 0x18
xor ecx, ecx
imul ebx, ebx, 0xd8
add ebx, eax
xor eax, eax
add ebx, dword [ebp - 0x28]

loc_fffcd7bb:  ; not directly referenced
mov edx, dword [ebp + 0x10]
sar edx, cl
add ecx, 4
and edx, 0xf
mov byte [ebx + eax + 0x282], dl
add eax, 3
cmp ecx, 0x20
jne short loc_fffcd7bb  ; jne 0xfffcd7bb
jmp near loc_fffcdab0  ; jmp 0xfffcdab0

loc_fffcd7da:  ; not directly referenced
cmp byte [ebp - 0x30], 0
movzx edi, byte [ebp - 0x24]
je loc_fffcd885  ; je 0xfffcd885
mov eax, dword [ebp + 8]
xor ebx, ebx
mov edx, dword [ebp + 0x10]
call fcn_fffac864  ; call 0xfffac864
imul eax, edi, 0xd8
mov dword [ebp - 0x20], eax

loc_fffcd7fe:  ; not directly referenced
sub esp, 0xc
mov eax, dword [ebp + 8]
mov ecx, 1
push 0
mov edx, ebx
push 1
push 0
push dword [ebp + 0x34]
push edi
call fcn_fffa7273  ; call 0xfffa7273
add esp, 0x20
cmp byte [ebp - 0x29], 0
jne short loc_fffcd82e  ; jne 0xfffcd82e

loc_fffcd823:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffcd7fe  ; jne 0xfffcd7fe
jmp near loc_fffcdab0  ; jmp 0xfffcdab0

loc_fffcd82e:  ; not directly referenced
imul eax, ebx, 0x13c3
add eax, dword [ebp - 0x20]
mov byte [ebp - 0x1c], 0
mov dword [ebp - 0x24], eax

loc_fffcd83e:  ; not directly referenced
mov eax, dword [ebp + 8]
mov cl, byte [ebp - 0x1c]
cmp cl, byte [eax + 0x2489]
jae short loc_fffcd823  ; jae 0xfffcd823
movzx esi, cl
imul esi, esi, 0x18
add esi, dword [ebp - 0x24]
add esi, eax
xor eax, eax
mov dword [ebp - 0x28], esi

loc_fffcd85c:  ; not directly referenced
mov esi, dword [ebp + 0x10]
lea ecx, [eax*4]
lea edx, [eax + eax*2]
inc eax
sar esi, cl
mov ecx, esi
mov esi, dword [ebp - 0x28]
and ecx, 0xf
mov byte [esi + edx + 0x4099], cl
cmp eax, 8
jne short loc_fffcd85c  ; jne 0xfffcd85c
inc byte [ebp - 0x1c]
jmp short loc_fffcd83e  ; jmp 0xfffcd83e

loc_fffcd885:  ; not directly referenced
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x188b]
test eax, eax
jne short loc_fffcd8a4  ; jne 0xfffcd8a4
mov edx, dword [ebp - 0x20]
mov eax, dword [ebp - 0x1c]
shl edx, 8
shl eax, 9
lea edx, [edx + eax + 0x4c]
jmp short loc_fffcd8bd  ; jmp 0xfffcd8bd

loc_fffcd8a4:  ; not directly referenced
dec eax
jne short loc_fffcd8bb  ; jne 0xfffcd8bb
mov eax, dword [ebp - 0x20]
shl eax, 8
lea edx, [eax + edi*4 + 0x50]
mov eax, dword [ebp - 0x1c]
shl eax, 9
add edx, eax
jmp short loc_fffcd8bd  ; jmp 0xfffcd8bd

loc_fffcd8bb:  ; not directly referenced
xor edx, edx

loc_fffcd8bd:  ; not directly referenced
mov ecx, dword [ebp + 0x10]
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
sub esp, 0xc
mov edx, dword [ebp - 0x20]
push 0
mov eax, dword [ebp + 8]
xor ecx, ecx
push 1
push dword [ebp - 0x1c]
push dword [ebp + 0x34]
push edi
call fcn_fffa7273  ; call 0xfffa7273
add esp, 0x20
cmp byte [ebp - 0x34], 0
je loc_fffcdab0  ; je 0xfffcdab0
imul eax, dword [ebp - 0x1c], 0x18
xor ecx, ecx
imul edx, edi, 0xd8
add edx, eax
xor eax, eax
add edx, dword [ebp - 0x28]

loc_fffcd903:  ; not directly referenced
mov ebx, dword [ebp + 0x10]
sar ebx, cl
add ecx, 4
and ebx, 0xf
mov byte [edx + eax + 0x942], bl
add eax, 3
cmp ecx, 0x20
jne short loc_fffcd903  ; jne 0xfffcd903
jmp near loc_fffcdab0  ; jmp 0xfffcdab0

loc_fffcd922:  ; not directly referenced
mov eax, 2
jmp near loc_fffcdab2  ; jmp 0xfffcdab2

loc_fffcd92c:  ; not directly referenced
test cl, cl
sete dl
cmp cl, 0xb
sete al
or dl, al
jne short loc_fffcd985  ; jne 0xfffcd985
cmp cl, 4
sete dl
cmp cl, 1
sete al
or dl, al
jne short loc_fffcd985  ; jne 0xfffcd985
cmp cl, 0x20
sete dl
cmp cl, 0x10
sete al
or dl, al
jne short loc_fffcd985  ; jne 0xfffcd985
mov dl, byte [ebp - 0x2a]
lea eax, [ecx - 2]
cmp al, 1
setbe al
or dl, al
jne short loc_fffcd97c  ; jne 0xfffcd97c
cmp cl, 0x21
sete al
cmp cl, 0x11
mov esi, eax
sete al
or esi, eax
jmp short loc_fffcd981  ; jmp 0xfffcd981

loc_fffcd97c:  ; not directly referenced
mov esi, 1

loc_fffcd981:  ; not directly referenced
xor edi, edi
jmp short loc_fffcd98c  ; jmp 0xfffcd98c

loc_fffcd985:  ; not directly referenced
xor esi, esi
mov edi, 1

loc_fffcd98c:  ; not directly referenced
cmp byte [ebp - 0x30], 0
mov edx, 0x3670
je loc_fffcda3c  ; je 0xfffcda3c
mov eax, dword [ebp + 8]
mov ecx, ebx
cmp dword [eax + 0x188b], 1
mov eax, 0x367c
cmove edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb38b3  ; call 0xfffb38b3
mov eax, dword [ebp - 0x38]
mov dword [ebp - 0x1c], 0
add eax, 0x1c
mov dword [ebp - 0x20], eax
mov eax, esi
movzx esi, al
mov eax, edi
movzx edi, al

loc_fffcd9d1:  ; not directly referenced
imul eax, dword [ebp - 0x1c], 0x13c3
mov ecx, dword [ebp + 8]
cmp dword [ecx + eax + 0x3757], 2
je short loc_fffcd9fa  ; je 0xfffcd9fa

loc_fffcd9e5:  ; not directly referenced
inc dword [ebp - 0x1c]
add dword [ebp - 0x20], 0xcc
cmp dword [ebp - 0x1c], 2
jne short loc_fffcd9d1  ; jne 0xfffcd9d1
jmp near loc_fffcdab0  ; jmp 0xfffcdab0

loc_fffcd9fa:  ; not directly referenced
sub esp, 0xc
movzx eax, byte [ebp - 0x24]
mov ecx, 1
push esi
mov edx, dword [ebp - 0x1c]
push edi
push 0
push dword [ebp + 0x34]
push eax
mov eax, dword [ebp + 8]
call fcn_fffa7273  ; call 0xfffa7273
add esp, 0x20
xor eax, eax

loc_fffcda1e:  ; not directly referenced
mov ecx, dword [ebp + 8]
cmp al, byte [ecx + 0x2489]
jae short loc_fffcd9e5  ; jae 0xfffcd9e5
cmp byte [ebp - 0x29], 0
je short loc_fffcda39  ; je 0xfffcda39
mov ecx, dword [ebp - 0x20]
movzx edx, al
mov dword [ecx + edx*4 + 0x54], ebx

loc_fffcda39:  ; not directly referenced
inc eax
jmp short loc_fffcda1e  ; jmp 0xfffcda1e

loc_fffcda3c:  ; not directly referenced
cmp byte [ebp - 0x40], 1
ja short loc_fffcda60  ; ja 0xfffcda60
mov edx, dword [ebp - 0x20]
shl edx, 8
cmp byte [ebp - 0x44], 8
jbe short loc_fffcda56  ; jbe 0xfffcda56
add edx, 0x3070
jmp short loc_fffcda60  ; jmp 0xfffcda60

loc_fffcda56:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
shl eax, 9
lea edx, [edx + eax + 0x70]

loc_fffcda60:  ; not directly referenced
mov ecx, dword [ebp + 8]
lea eax, [edx + 0xc]
cmp dword [ecx + 0x188b], 1
mov ecx, ebx
cmove edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb3381  ; call 0xfffb3381
mov eax, esi
sub esp, 0xc
movzx esi, al
mov eax, edi
mov edx, dword [ebp - 0x20]
push esi
movzx edi, al
movzx eax, byte [ebp - 0x24]
push edi
xor ecx, ecx
push dword [ebp - 0x1c]
push dword [ebp + 0x34]
push eax
mov eax, dword [ebp + 8]
call fcn_fffa7273  ; call 0xfffa7273
add esp, 0x20
cmp byte [ebp - 0x34], 0
je short loc_fffcdab0  ; je 0xfffcdab0
mov eax, dword [ebp - 0x3c]
mov dword [eax + 0x54], ebx

loc_fffcdab0:  ; not directly referenced
xor eax, eax

loc_fffcdab2:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcdaba:
push ebp
mov ebp, esp
push ebx
sub esp, 0x14
mov eax, dword [ebp + 0xc]
lea ebx, [eax - 4]
cmp byte [ebx + 0x18], 1
je short loc_fffcdb0d  ; je 0xfffcdb0d
mov eax, dword [ebx + 0x14]
test eax, eax
jne short loc_fffcdae7  ; jne 0xfffcdae7

loc_fffcdad4:
mov eax, dword [ebx + 0x10]
mov ecx, ebx
mov edx, dword [ebp + 8]
mov byte [ebx + 0x18], 1
call fcn_fffa1e98  ; call 0xfffa1e98
jmp short loc_fffcdb0f  ; jmp 0xfffcdb0f

loc_fffcdae7:
test byte [eax + 1], 1
je short loc_fffcdad4  ; je 0xfffcdad4
lea eax, [ebp - 0xc]
push eax
push 0
push 0
push ref_fffd68e8  ; push 0xfffd68e8
call fcn_fffb020b  ; call 0xfffb020b
add esp, 0x10
test eax, eax
je short loc_fffcdad4  ; je 0xfffcdad4
mov eax, 0x80000006
jmp short loc_fffcdb0f  ; jmp 0xfffcdb0f

loc_fffcdb0d:
xor eax, eax

loc_fffcdb0f:
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffcdb14:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
sub esp, 0x190
mov ebx, dword [ebp + 8]
mov dword [ebp - 0x14c], edx
mov edx, dword [esi + 0x5edd]
lea eax, [ebp - 0x13f]
push 1
mov edi, dword [ebp + 0xc]
push 7
push eax
mov dword [ebp - 0x180], edx
mov edx, dword [esi + 0x2444]
mov dword [ebp - 0x16c], ecx
mov byte [ebp - 0x151], cl
mov dword [ebp - 0x184], edx
call dword [edx + 0x5c]  ; ucall
mov eax, dword [ebp - 0x16c]
add esp, 0x10
mov edx, dword [ebp - 0x14c]
cmp al, 0xb
setne cl
dec eax
cmp al, 1
seta al
test cl, al
mov byte [ebp - 0x152], cl
jne loc_fffce2ae  ; jne 0xfffce2ae
cmp byte [ebp - 0x16c], 0xb
movzx edx, dl
jne short loc_fffcdbc7  ; jne 0xfffcdbc7
sub esp, 0xc
mov eax, esi
lea ecx, [edi - 3]
push 0
movzx ecx, cl
call fcn_fffae9e2  ; call 0xfffae9e2
add esp, 0x10
dec bl
mov byte [esi + 0x248c], 0xa
je short loc_fffcdbc0  ; je 0xfffcdbc0

loc_fffcdbb4:  ; not directly referenced
mov dword [ebp - 0x158], 0
jmp short loc_fffcdc14  ; jmp 0xfffcdc14

loc_fffcdbc0:  ; not directly referenced
mov eax, 8
jmp short loc_fffcdbed  ; jmp 0xfffcdbed

loc_fffcdbc7:  ; not directly referenced
sub esp, 0xc
mov eax, edi
movzx ecx, al
mov eax, esi
push 0
call fcn_fffae9e2  ; call 0xfffae9e2
add esp, 0x10
dec bl
jne short loc_fffcdbb4  ; jne 0xfffcdbb4
cmp byte [ebp - 0x16c], 1
jne short loc_fffcdbc0  ; jne 0xfffcdbc0
mov eax, 9

loc_fffcdbed:  ; not directly referenced
push 1
push 0
push 1
push 0
push 0
push 0
push 0
push 1
push 0
push 0x88888888
push eax
push esi
call fcn_fffcd268  ; call 0xfffcd268
add esp, 0x30
mov dword [ebp - 0x158], eax

loc_fffcdc14:  ; not directly referenced
lea eax, [esi + 0x3757]
mov dword [ebp - 0x178], eax
movzx eax, byte [ebp - 0x151]
mov dword [ebp - 0x150], 0
mov dword [ebp - 0x164], 0
mov dword [ebp - 0x17c], eax

loc_fffcdc41:  ; not directly referenced
mov edi, dword [ebp - 0x180]
xor ebx, ebx
mov eax, dword [ebp - 0x150]
mov dword [ebp - 0x170], 1
mov byte [ebp - 0x15c], 0
add edi, 0x70
mov cl, al
mov dword [ebp - 0x160], edi
mov edi, dword [ebp - 0x178]
lea eax, [eax + eax*8]
shl dword [ebp - 0x170], cl
mov dword [ebp - 0x174], eax

loc_fffcdc80:  ; not directly referenced
mov ecx, dword [ebp - 0x170]
mov edx, ebx
mov eax, esi
call fcn_fffad317  ; call 0xfffad317
or byte [ebp - 0x15c], al
movzx eax, byte [ebp - 0x15c]
bt eax, ebx
mov dword [ebp - 0x168], eax
jae loc_fffcdd9c  ; jae 0xfffcdd9c
mov eax, dword [ebp - 0x174]
mov byte [ebp - 0x14c], 0
add eax, edi
mov dword [ebp - 0x188], eax

loc_fffcdcc0:  ; not directly referenced
movzx eax, byte [esi + 0x2489]
cmp byte [ebp - 0x14c], al
jb short loc_fffcdcfe  ; jb 0xfffcdcfe

loc_fffcdccf:  ; not directly referenced
push edx
push 0
push eax
mov eax, dword [ebp - 0x184]
push dword [ebp - 0x160]
call dword [eax + 0x64]  ; ucall
mov edx, ebx
xor ecx, ecx
shl edx, 0xa
mov eax, esi
add edx, 0x40f0
call fcn_fffb3381  ; call 0xfffb3381
add esp, 0x10
jmp near loc_fffcdd9c  ; jmp 0xfffcdd9c

loc_fffcdcfe:  ; not directly referenced
cmp byte [ebp - 0x152], 0
je short loc_fffcdccf  ; je 0xfffcdccf
cmp byte [ebp - 0x151], 1
jne short loc_fffcdd48  ; jne 0xfffcdd48
movzx eax, byte [ebp - 0x14c]
mov ecx, dword [ebp - 0x188]
lea edx, [ecx + eax]
mov ecx, dword [ebp - 0x150]
mov byte [edx + 0x104a], 0x20
mov byte [edx + 0x106e], 0x20
push edx
mov edx, ebx
push 0
push 0xff
push eax
mov eax, esi
call fcn_fffa7447  ; call 0xfffa7447
jmp short loc_fffcdd8e  ; jmp 0xfffcdd8e

loc_fffcdd48:  ; not directly referenced
cmp byte [ebp - 0x151], 2
jne short loc_fffcdd91  ; jne 0xfffcdd91
movzx eax, byte [ebp - 0x14c]
mov ecx, dword [ebp - 0x174]
lea edx, [eax + ecx]
add edx, edx
add edx, edi
mov cx, word [edx + 0x121]
add ecx, 0x20
mov word [edx + 0x169], cx
mov edx, ebx
push ecx
mov ecx, dword [ebp - 0x150]
push 0
push 0xff
push eax
mov eax, esi
call fcn_fffa735e  ; call 0xfffa735e

loc_fffcdd8e:  ; not directly referenced
add esp, 0x10

loc_fffcdd91:  ; not directly referenced
inc byte [ebp - 0x14c]
jmp near loc_fffcdcc0  ; jmp 0xfffcdcc0

loc_fffcdd9c:  ; not directly referenced
inc ebx
add edi, 0x13c3
add dword [ebp - 0x160], 0xcc
cmp ebx, 2
jne loc_fffcdc80  ; jne 0xfffcdc80
cmp byte [ebp - 0x15c], 0
je loc_fffce283  ; je 0xfffce283
mov edi, 0xffffffe1

loc_fffcddc8:  ; not directly referenced
cmp byte [ebp - 0x151], 0xb
jne short loc_fffcde22  ; jne 0xfffcde22
xor ebx, ebx

loc_fffcddd3:  ; not directly referenced
mov eax, dword [ebp - 0x168]
bt eax, ebx
jb short loc_fffcdde6  ; jb 0xfffcdde6

loc_fffcddde:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffcddd3  ; jne 0xfffcddd3
jmp short loc_fffcde44  ; jmp 0xfffcde44

loc_fffcdde6:  ; not directly referenced
xor edx, edx

loc_fffcdde8:  ; not directly referenced
cmp dl, byte [esi + 0x2489]
jae short loc_fffcddde  ; jae 0xfffcddde
push 1
movzx eax, dl
push 0
push 0
push 0
push eax
push dword [ebp - 0x150]
mov dword [ebp - 0x14c], edx
push ebx
push 0
push 0
push edi
push 0xb
push esi
call fcn_fffcd268  ; call 0xfffcd268
mov edx, dword [ebp - 0x14c]
add esp, 0x30
inc edx
jmp short loc_fffcdde8  ; jmp 0xfffcdde8

loc_fffcde22:  ; not directly referenced
push 1
push 0
push 0
push 0
push 0
push 0
push 0
push 1
push 0
push edi
push dword [ebp - 0x17c]
push esi
call fcn_fffcd268  ; call 0xfffcd268
add esp, 0x30

loc_fffcde44:  ; not directly referenced
movzx ecx, byte [esi + 0x248c]
lea eax, [ebp - 0x13f]
push ebx
mov edx, dword [ebp - 0x168]
push 0
push 1
push eax
mov eax, esi
call fcn_fffaa5b3  ; call 0xfffaa5b3
lea eax, [ebp - 0x60]
add esp, 0x10
mov dword [ebp - 0x14c], eax
lea eax, [ebp - 0xa8]
mov dword [ebp - 0x158], eax
lea eax, [ebp - 0x138]
mov dword [ebp - 0x15c], eax
lea eax, [edi - 1]
lea ebx, [ebp - 0xf0]
mov dword [ebp - 0x160], 0
mov dword [ebp - 0x190], eax

loc_fffcdea1:  ; not directly referenced
mov eax, dword [ebp - 0x168]
mov ecx, dword [ebp - 0x160]
bt eax, ecx
jb short loc_fffcdede  ; jb 0xfffcdede

loc_fffcdeb2:  ; not directly referenced
inc dword [ebp - 0x160]
add ebx, 0x24
add dword [ebp - 0x14c], 0x24
add dword [ebp - 0x158], 0x24
add dword [ebp - 0x15c], 0x24
cmp dword [ebp - 0x160], 2
jne short loc_fffcdea1  ; jne 0xfffcdea1
jmp near loc_fffcdff1  ; jmp 0xfffcdff1

loc_fffcdede:  ; not directly referenced
mov edx, dword [ebp - 0x160]
mov eax, esi
shl edx, 0xa
add edx, 0x40ec
call fcn_fffb331f  ; call 0xfffb331f
mov cl, byte [esi + 0x2489]
mov byte [ebp - 0x170], cl
xor ecx, ecx
movzx eax, ax
mov dword [ebp - 0x18c], eax

loc_fffcdf0b:  ; not directly referenced
cmp byte [ebp - 0x170], cl
jbe short loc_fffcdeb2  ; jbe 0xfffcdeb2
mov eax, dword [ebp - 0x18c]
sar eax, cl
and eax, 1
xor eax, 1
cmp edi, 0xffffffe1
jne short loc_fffcdf87  ; jne 0xfffcdf87
test eax, eax
mov eax, dword [ebp - 0x14c]
je short loc_fffcdf5d  ; je 0xfffcdf5d
mov dword [eax + ecx*4], 0xffffffe1
mov eax, dword [ebp - 0x158]
mov dword [ebx + ecx*4], 0xffffffe1
mov dword [eax + ecx*4], 0xffffffe1
mov eax, dword [ebp - 0x15c]
mov dword [eax + ecx*4], 0xffffffe1
jmp near loc_fffcdfeb  ; jmp 0xfffcdfeb

loc_fffcdf5d:  ; not directly referenced
mov dword [eax + ecx*4], 0xffffffdf
mov eax, dword [ebp - 0x158]
mov dword [ebx + ecx*4], 0xffffffdf
mov dword [eax + ecx*4], 0xffffffdf
mov eax, dword [ebp - 0x15c]
mov dword [eax + ecx*4], 0xffffffdf
jmp short loc_fffcdfeb  ; jmp 0xfffcdfeb

loc_fffcdf87:  ; not directly referenced
test eax, eax
je short loc_fffcdfeb  ; je 0xfffcdfeb
mov eax, dword [ebp - 0x190]
cmp dword [ebx + ecx*4], eax
je short loc_fffcdf9f  ; je 0xfffcdf9f
mov eax, dword [ebp - 0x15c]
mov dword [eax + ecx*4], edi

loc_fffcdf9f:  ; not directly referenced
mov eax, dword [ebp - 0x15c]
mov dword [ebx + ecx*4], edi
mov eax, dword [eax + ecx*4]
mov edx, eax
mov dword [ebp - 0x174], eax
mov eax, edi
sub eax, edx
mov edx, dword [ebp - 0x158]
mov dword [ebp - 0x188], eax
mov eax, dword [ebp - 0x14c]
mov eax, dword [eax + ecx*4]
sub eax, dword [edx + ecx*4]
cmp dword [ebp - 0x188], eax
jle short loc_fffcdfeb  ; jle 0xfffcdfeb
mov eax, edx
mov edx, dword [ebp - 0x174]
mov dword [eax + ecx*4], edx
mov eax, dword [ebp - 0x14c]
mov dword [eax + ecx*4], edi

loc_fffcdfeb:  ; not directly referenced
inc ecx
jmp near loc_fffcdf0b  ; jmp 0xfffcdf0b

loc_fffcdff1:  ; not directly referenced
inc edi
cmp edi, 0x20
jne loc_fffcddc8  ; jne 0xfffcddc8
push 2
push 0
push 0
push 0
push 0
push 0
push 0
push 1
push 0
push 0
push dword [ebp - 0x17c]
push esi
call fcn_fffcd268  ; call 0xfffcd268
add esp, 0x30
mov dword [ebp - 0x14c], 0
mov dword [ebp - 0x158], eax
mov eax, dword [ebp - 0x178]
mov dword [ebp - 0x15c], eax
mov eax, dword [ebp - 0x150]
lea ebx, [eax + eax*8]
imul eax, eax, 0x12
mov dword [ebp - 0x170], ebx
mov dword [ebp - 0x174], eax

loc_fffce052:  ; not directly referenced
mov eax, dword [ebp - 0x168]
mov ebx, dword [ebp - 0x14c]
bt eax, ebx
jae loc_fffce266  ; jae 0xfffce266
mov eax, dword [ebp - 0x170]
add eax, dword [ebp - 0x15c]
mov byte [ebp - 0x160], 0
mov dword [ebp - 0x188], eax

loc_fffce080:  ; not directly referenced
mov al, byte [ebp - 0x160]
cmp al, byte [esi + 0x2489]
jae loc_fffce220  ; jae 0xfffce220
movzx eax, byte [ebp - 0x160]
imul edx, dword [ebp - 0x14c], 9
add edx, eax
mov ebx, dword [ebp + edx*4 - 0x60]
mov edx, dword [ebp + edx*4 - 0xa8]
mov ecx, ebx
sub ecx, edx
cmp ecx, 7
jg short loc_fffce0d1  ; jg 0xfffce0d1
cmp byte [esi + 0x1965], 0
mov ecx, 9
cmove ecx, dword [ebp - 0x158]
mov dword [ebp - 0x158], ecx
jmp short loc_fffce0db  ; jmp 0xfffce0db

loc_fffce0d1:  ; not directly referenced
sar ecx, 1
add ecx, edx
mov dword [ebp - 0x164], ecx

loc_fffce0db:  ; not directly referenced
imul edi, edx, 0xfffffff6
imul ecx, edx, 0xa
test edx, edx
cmovs ecx, edi
imul edx, ebx, 0xa
imul edi, ebx, 0xfffffff6
test ebx, ebx
cmovs edx, edi
cmp byte [ebp - 0x151], 1
jne short loc_fffce139  ; jne 0xfffce139
imul ebx, dword [ebp - 0x14c], 9
add ebx, dword [ebp - 0x174]
mov edi, dword [ebp - 0x188]
lea ebx, [eax + ebx + 0x50]
mov dword [esi + ebx*8 + 0x2451], ecx
mov ecx, dword [ebp - 0x164]
mov dword [esi + ebx*8 + 0x2455], edx
lea edx, [edi + eax]
add byte [edx + 0x104a], cl
add byte [edx + 0x106e], cl
jmp near loc_fffce1f6  ; jmp 0xfffce1f6

loc_fffce139:  ; not directly referenced
cmp byte [ebp - 0x151], 2
jne short loc_fffce1a5  ; jne 0xfffce1a5
imul ebx, dword [ebp - 0x14c], 9
add ebx, dword [ebp - 0x174]
mov edi, dword [ebp - 0x164]
lea ebx, [eax + ebx + 0xe0]
mov dword [esi + ebx*8 + 0x2455], edx
movzx edx, byte [ebp - 0x160]
mov dword [esi + ebx*8 + 0x2451], ecx
mov ebx, dword [ebp - 0x15c]
add edx, dword [ebp - 0x170]
add edx, edx
add word [ebx + edx + 0x169], di
push ecx
mov edx, dword [ebp - 0x14c]
mov ecx, dword [ebp - 0x150]
push 0
push 0xff
push eax
mov eax, esi
call fcn_fffa735e  ; call 0xfffa735e
jmp short loc_fffce212  ; jmp 0xfffce212

loc_fffce1a5:  ; not directly referenced
cmp byte [ebp - 0x151], 0xb
jne short loc_fffce215  ; jne 0xfffce215
imul ebx, dword [ebp - 0x14c], 9
add ebx, dword [ebp - 0x174]
mov edi, dword [ebp - 0x164]
lea ebx, [eax + ebx + 0x128]
mov dword [esi + ebx*8 + 0x2455], edx
movzx edx, byte [ebp - 0x160]
mov dword [esi + ebx*8 + 0x2451], ecx
lea ecx, [edi + edi]
mov edi, dword [ebp - 0x15c]
add edx, dword [ebp - 0x170]
add edx, edx
add word [edi + edx + 0x1b1], cx

loc_fffce1f6:  ; not directly referenced
mov ecx, dword [ebp - 0x150]
push edx
mov edx, dword [ebp - 0x14c]
push 0
push 0xff
push eax
mov eax, esi
call fcn_fffa7447  ; call 0xfffa7447

loc_fffce212:  ; not directly referenced
add esp, 0x10

loc_fffce215:  ; not directly referenced
inc byte [ebp - 0x160]
jmp near loc_fffce080  ; jmp 0xfffce080

loc_fffce220:  ; not directly referenced
cmp byte [ebp - 0x151], 0xb
jne short loc_fffce266  ; jne 0xfffce266
mov ebx, dword [ebp - 0x14c]
mov eax, esi
shl ebx, 0xa
add ebx, 0x4028
mov edx, ebx
call fcn_fffb331f  ; call 0xfffb331f
mov edi, dword [ebp - 0x15c]
movzx edx, byte [edi + 0x1019]
and eax, 0xffc0ffff
and edx, 0x3f
shl edx, 0x10
or eax, edx
mov edx, ebx
mov ecx, eax
mov eax, esi
call fcn_fffb3381  ; call 0xfffb3381

loc_fffce266:  ; not directly referenced
inc dword [ebp - 0x14c]
add dword [ebp - 0x15c], 0x13c3
cmp dword [ebp - 0x14c], 2
jne loc_fffce052  ; jne 0xfffce052

loc_fffce283:  ; not directly referenced
inc dword [ebp - 0x150]
cmp dword [ebp - 0x150], 4
jne loc_fffcdc41  ; jne 0xfffcdc41
cmp byte [ebp - 0x16c], 0xb
mov ebx, dword [ebp - 0x158]
jne short loc_fffce2b3  ; jne 0xfffce2b3
mov eax, esi
call fcn_fffaa4a9  ; call 0xfffaa4a9
jmp short loc_fffce2b3  ; jmp 0xfffce2b3

loc_fffce2ae:  ; not directly referenced
mov ebx, 2

loc_fffce2b3:  ; not directly referenced
lea esp, [ebp - 0xc]
mov eax, ebx
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffce2bd:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 8
mov esi, dword [ebp + 8]
mov ebx, dword [ebp + 0x14]
mov dword [ebp - 0x10], esi
mov esi, dword [ebp + 0xc]
mov edi, ebx
shr edi, 0x1d
and edi, 1
mov dword [ebp - 0x14], esi
mov esi, dword [ebp + 0x10]
cmp ax, di
jne short loc_fffce352  ; jne 0xfffce352
test dword [ebp + 0x18], 0x800
jne short loc_fffce336  ; jne 0xfffce336
mov eax, ebx
shr eax, 0xc
and eax, 1
cmp dx, ax
jne short loc_fffce352  ; jne 0xfffce352
mov eax, ebx
shr eax, 0xb
and eax, 1
cmp cx, ax
jne short loc_fffce352  ; jne 0xfffce352
mov edx, ebx
shr edx, 8
and edx, 7

loc_fffce310:  ; not directly referenced
xor eax, eax
cmp word [ebp - 0x10], dx
jne short loc_fffce354  ; jne 0xfffce354
mov edx, ebx
shr edx, 0xd
cmp word [ebp - 0x14], dx
jne short loc_fffce354  ; jne 0xfffce354
movzx ebx, bl
and esi, 0xfffffff8
shl ebx, 3
xor eax, eax
cmp si, bx
sete al
jmp short loc_fffce354  ; jmp 0xfffce354

loc_fffce336:  ; not directly referenced
test dx, dx
jne short loc_fffce352  ; jne 0xfffce352
mov eax, ebx
shr eax, 0xc
and eax, 1
cmp cx, ax
jne short loc_fffce352  ; jne 0xfffce352
mov edx, ebx
shr edx, 8
and edx, 0xf
jmp short loc_fffce310  ; jmp 0xfffce310

loc_fffce352:  ; not directly referenced
xor eax, eax

loc_fffce354:  ; not directly referenced
pop edx
pop ecx
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffce35b:  ; not directly referenced
push ebp
xor eax, eax
mov ebp, esp
mov ecx, 8
push edi
mov edx, 0xcf8
push esi
push ebx
lea edi, [ebp - 0xe8]
sub esp, 0x198
mov ebx, dword [ebp + 8]
rep stosd  ; rep stosd dword es:[edi], eax
lea edi, [ebp - 0xf8]
mov dword [ebp - 0xbc], fcn_fffb00dc  ; mov dword [ebp - 0xbc], 0xfffb00dc
mov dword [ebp - 0xb0], fcn_fffb0086  ; mov dword [ebp - 0xb0], 0xfffb0086
mov dword [ebp - 0x5c], fcn_fffb01d3  ; mov dword [ebp - 0x5c], 0xfffb01d3
mov dword [ebp - 0x58], fcn_fffb01ca  ; mov dword [ebp - 0x58], 0xfffb01ca
mov dword [ebp - 0xa4], fcn_fffb3fc4  ; mov dword [ebp - 0xa4], 0xfffb3fc4
mov cl, 4
rep stosd  ; rep stosd dword es:[edi], eax
mov eax, 0x80000048
mov dword [ebp - 0xa0], fcn_fffb401c  ; mov dword [ebp - 0xa0], 0xfffb401c
mov dword [ebp - 0x7c], fcn_fffc375d  ; mov dword [ebp - 0x7c], 0xfffc375d
mov dword [ebp - 0x78], fcn_fffc3739  ; mov dword [ebp - 0x78], 0xfffc3739
out dx, eax
push 0xcfc
call fcn_fffb00dc  ; call 0xfffb00dc
add esp, 0x10
mov esi, eax
test al, 1
jne short loc_fffce3ec  ; jne 0xfffce3ec

loc_fffce3e5:  ; not directly referenced
xor eax, eax
jmp near loc_fffcf1ab  ; jmp 0xfffcf1ab

loc_fffce3ec:  ; not directly referenced
push 0x60
mov edi, dword [ebp - 0xb0]
push 0
push 0
push 0
call dword [ebp - 0x7c]  ; ucall
pop edx
pop ecx
push eax
push 0xcf8
call edi
mov dword [esp], 0xcfc
call dword [ebp - 0xbc]  ; ucall
add esp, 0x10
test al, 1
je short loc_fffce3e5  ; je 0xfffce3e5
and eax, 0xfffffff8
mov edi, eax
call fcn_fffa67af  ; call 0xfffa67af
mov dword [ebp - 0x12c], 0
cmp eax, 0x40660
setne cl
cmp eax, 0x306c0
setne dl
test cl, dl
je short loc_fffce454  ; je 0xfffce454
cmp eax, 0x40650
setne al
movzx eax, al
mov dword [ebp - 0x12c], eax

loc_fffce454:  ; not directly referenced
push 0xbc
and esi, 0xfffffffe
push 0
push 0
push 0
call dword [ebp - 0x78]  ; ucall
add eax, edi
mov dword [esp], eax
call dword [ebp - 0xa4]  ; ucall
push 0x90
push 0
push 0
push 0
mov dword [ebp - 0x168], eax
call dword [ebp - 0x78]  ; ucall
add esp, 0x14
add eax, edi
push eax
call dword [ebp - 0xa0]  ; ucall
push 0x98
push 0
push 0
push 0
mov dword [ebp - 0x184], edx
mov dword [ebp - 0x180], eax
call dword [ebp - 0x78]  ; ucall
add esp, 0x14
add edi, eax
push edi
call dword [ebp - 0xa0]  ; ucall
mov dword [ebp - 0x188], eax
lea eax, [esi + 0x5024]
mov dword [ebp - 0x18c], edx
mov dword [esp], eax
call dword [ebp - 0xa4]  ; ucall
mov dword [ebp - 0x14c], eax
lea eax, [esi + 0x5014]
mov dword [esp], eax
call dword [ebp - 0xa4]  ; ucall
mov dword [ebp - 0x150], eax
lea eax, [esi + 0x5000]
mov dword [esp], eax
call dword [ebp - 0xa4]  ; ucall
mov dword [ebp - 0x114], eax
lea eax, [esi + 0x5004]
add esi, 0x5008
mov dword [esp], eax
call dword [ebp - 0xa4]  ; ucall
mov dword [esp], esi
mov edi, eax
call dword [ebp - 0xa4]  ; ucall
mov cl, byte [ebx + 4]
add esp, 0x10
mov dx, word [ebx + 5]
mov dword [ebp - 0x104], edi
mov dword [ebp - 0xfc], 0
mov byte [ebp - 0x110], cl
mov cl, byte [ebx + 3]
mov word [ebp - 0x12e], dx
mov dx, word [ebx + 7]
mov dword [ebp - 0x100], eax
mov byte [ebp - 0x134], cl
mov cl, byte [ebx + 2]
mov word [ebp - 0x130], dx
mov dl, byte [ebx + 1]
mov al, cl
or eax, edx
mov byte [ebp - 0x151], cl
test al, 0xfe
je short loc_fffce57d  ; je 0xfffce57d

loc_fffce576:  ; not directly referenced
xor eax, eax
jmp near loc_fffcf1ab  ; jmp 0xfffcf1ab

loc_fffce57d:  ; not directly referenced
movzx eax, dl
movzx edx, byte [ebp - 0x151]
mov esi, dword [ebp + eax*4 - 0x104]
mov dword [ebp - 0x140], eax
mov dword [ebp - 0x16c], 0
mov eax, esi
shr eax, 0x10
and eax, 1
xor eax, edx
mov edx, esi
movzx eax, ax
test eax, eax
mov dword [ebp - 0x148], eax
mov dword [ebp - 0x170], eax
lea eax, [ebp - 0xc4]
je short loc_fffce5ca  ; je 0xfffce5ca
call fcn_fffc3acf  ; call 0xfffc3acf
jmp short loc_fffce5cf  ; jmp 0xfffce5cf

loc_fffce5ca:  ; not directly referenced
call fcn_fffc3aea  ; call 0xfffc3aea

loc_fffce5cf:  ; not directly referenced
mov dword [ebp - 0x124], edx
mov edx, dword [ebp - 0x124]
mov dword [ebp - 0x128], eax
mov eax, dword [ebp - 0x128]
mov edi, edx
or edi, eax
je short loc_fffce576  ; je 0xfffce576
movzx eax, byte [ebp - 0x134]
mov dword [ebp - 0x144], eax
test al, 0xfe
jne loc_fffce576  ; jne 0xfffce576
cmp dword [ebp - 0x148], 0
mov ebx, esi
je short loc_fffce612  ; je 0xfffce612
shr ebx, 0x12
jmp short loc_fffce615  ; jmp 0xfffce615

loc_fffce612:  ; not directly referenced
shr ebx, 0x11

loc_fffce615:  ; not directly referenced
and ebx, 1
cmp byte [ebp - 0x134], 0
mov eax, ebx
setne cl
xor eax, 1
mov byte [ebp - 0x152], cl
test cl, al
jne loc_fffce576  ; jne 0xfffce576
cmp dword [ebp - 0x148], 0
mov ecx, esi
mov edx, dword [ebp - 0x114]
lea eax, [ebp - 0xc4]
je short loc_fffce660  ; je 0xfffce660
call fcn_fffb8ec5  ; call 0xfffb8ec5
test esi, 0x100000
mov word [ebp - 0x118], ax
jmp short loc_fffce672  ; jmp 0xfffce672

loc_fffce660:  ; not directly referenced
call fcn_fffb8f37  ; call 0xfffb8f37
test esi, 0x80000
mov word [ebp - 0x118], ax

loc_fffce672:  ; not directly referenced
je short loc_fffce67b  ; je 0xfffce67b
mov eax, 0x10
jmp short loc_fffce692  ; jmp 0xfffce692

loc_fffce67b:  ; not directly referenced
mov eax, dword [ebp - 0x114]
shr eax, 0xa
and eax, 1
cmp eax, 1
sbb eax, eax
and eax, 0xffffffe8
add eax, 0x20

loc_fffce692:  ; not directly referenced
mov edi, dword [ebp - 0x114]
shr edi, 0xb
mov dword [ebp - 0x13c], edi
movzx edi, byte [ebp - 0x110]
and dword [ebp - 0x13c], 1
cmp ax, 8
sete dl
mov byte [ebp - 0x120], dl
and edx, dword [ebp - 0x13c]
mov dword [ebp - 0x138], edi
movzx eax, dl
shl eax, 3
or eax, 7
not eax
test edi, eax
jne loc_fffce576  ; jne 0xfffce576
push eax
mov al, byte [ebp - 0x118]
add eax, ebx
add edx, eax
movzx edx, dl
push edx
push dword [ebp - 0x124]
push dword [ebp - 0x128]
call dword [ebp - 0x58]  ; ucall
movzx edi, word [ebp - 0x130]
add esp, 0x10
mov dword [ebp - 0x160], eax
neg eax
mov dword [ebp - 0x15c], edx
test eax, edi
jne loc_fffce576  ; jne 0xfffce576
movzx eax, word [ebp - 0x12e]
mov cl, byte [ebp - 0x118]
mov edx, eax
mov dword [ebp - 0x174], eax
mov eax, 1
shl eax, cl
dec eax
movzx eax, ax
not eax
test edx, eax
jne loc_fffce576  ; jne 0xfffce576
mov eax, esi
shr eax, 0x15
mov dword [ebp - 0x178], eax
and eax, 1
mov dword [ebp - 0x158], eax
mov eax, esi
shr eax, 0x1a
mov dword [ebp - 0x17c], eax
and eax, 1
mov dword [ebp - 0x164], eax
mov eax, esi
shr eax, 0x16
mov dword [ebp - 0x128], eax
and dword [ebp - 0x128], 1
cmp dword [ebp - 0x13c], 0
je loc_fffceae1  ; je 0xfffceae1
push eax
mov eax, dword [ebp - 0x110]
xor edx, edx
push 8
push edx
and eax, 3
push eax
call dword [ebp - 0x5c]  ; ucall
add esp, 0xc
push 2
mov dword [ebp - 0x190], eax
mov al, byte [ebp - 0x110]
mov dword [ebp - 0x194], edx
xor edx, edx
push edx
and eax, 4
movzx eax, al
push eax
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
mov dword [ebp - 0x118], eax
mov eax, dword [ebp - 0x190]
or dword [ebp - 0x118], eax
mov eax, dword [ebp - 0x194]
mov dword [ebp - 0x13c], edx
mov edx, dword [ebp - 0x5c]
or dword [ebp - 0x13c], eax
test byte [ebp - 0x164], bl
je loc_fffce8c6  ; je 0xfffce8c6
mov ecx, esi
mov ebx, 1
shr ecx, 0x1b
and ecx, 7
add ecx, 4
shl ebx, cl
dec ebx
cmp byte [ebp - 0x120], 1
push esi
mov esi, dword [ebp - 0x144]
sbb eax, eax
add eax, 0xb
push eax
mov eax, dword [ebp - 0x130]
shl esi, cl
and eax, ebx
movzx ebx, bx
not ebx
movzx eax, ax
and ebx, edi
or eax, esi
add ebx, ebx
or eax, ebx
mov ebx, eax
sar ebx, 0x1f
push ebx
push eax
call edx
add esp, 0xc
push 7
mov esi, eax
mov al, byte [ebp - 0x110]
mov ebx, edx
xor edx, edx
push edx
and eax, 8
movzx eax, al
push eax
call dword [ebp - 0x5c]  ; ucall
add esp, 0x10
or eax, esi
or edx, ebx
or eax, dword [ebp - 0x118]
or edx, dword [ebp - 0x13c]
cmp dword [ebp - 0x128], 0
mov dword [ebp - 0x110], eax
mov dword [ebp - 0x10c], edx
je loc_fffceaa0  ; je 0xfffceaa0
cmp byte [ebp - 0x120], 0
mov eax, dword [ebp - 0x58]
jne loc_fffcea2b  ; jne 0xfffcea2b
push ebx
push 3
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call eax
mov ecx, dword [ebp - 0x110]
mov ebx, dword [ebp - 0x10c]
mov edi, ebx
and eax, 0x300
xor eax, ecx
mov esi, eax
jmp near loc_fffcea82  ; jmp 0xfffcea82

loc_fffce8c6:  ; not directly referenced
cmp byte [ebp - 0x120], 1
sbb eax, eax
test byte [ebp - 0x158], bl
je loc_fffce987  ; je 0xfffce987
add eax, 0xc
xor ebx, ebx
push ecx
push eax
push ebx
push edi
call edx
add esp, 0xc
push 0xa
mov esi, eax
movzx eax, byte [ebp - 0x134]
mov ebx, edx
xor edx, edx
push edx
push eax
call dword [ebp - 0x5c]  ; ucall
add esp, 0xc
push 8
or esi, eax
mov al, byte [ebp - 0x110]
or ebx, edx
xor edx, edx
push edx
or esi, dword [ebp - 0x118]
and eax, 8
movzx eax, al
or ebx, dword [ebp - 0x13c]
push eax
call dword [ebp - 0x5c]  ; ucall
add esp, 0x10
or esi, eax
or ebx, edx
cmp dword [ebp - 0x128], 0
mov dword [ebp - 0x110], esi
mov dword [ebp - 0x10c], ebx
je loc_fffceaa0  ; je 0xfffceaa0
cmp byte [ebp - 0x120], 0
mov eax, dword [ebp - 0x58]
je loc_fffcea2b  ; je 0xfffcea2b
push esi
push 5
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call eax
mov ecx, dword [ebp - 0x110]
mov ebx, dword [ebp - 0x10c]
add esp, 0xc
push 0xc
mov edi, ebx
and eax, 0xf00
xor eax, ecx
mov esi, eax
jmp near loc_fffcea87  ; jmp 0xfffcea87

loc_fffce987:  ; not directly referenced
add eax, 0xb
push ebx
xor ebx, ebx
push eax
push ebx
push edi
call edx
add esp, 0xc
push 7
mov esi, eax
mov al, byte [ebp - 0x110]
mov ebx, edx
xor edx, edx
push edx
and eax, 8
movzx eax, al
push eax
call dword [ebp - 0x5c]  ; ucall
add esp, 0x10
or eax, esi
or edx, ebx
or eax, dword [ebp - 0x118]
or edx, dword [ebp - 0x13c]
cmp byte [ebp - 0x152], 0
mov dword [ebp - 0x110], eax
mov dword [ebp - 0x10c], edx
je short loc_fffcea12  ; je 0xfffcea12
cmp byte [ebp - 0x120], 1
push ecx
sbb eax, eax
add eax, 0xb
push eax
push dword [ebp - 0x15c]
push dword [ebp - 0x160]
call dword [ebp - 0x5c]  ; ucall
mov ecx, dword [ebp - 0x110]
mov ebx, dword [ebp - 0x10c]
add esp, 0x10
or eax, ecx
or edx, ebx
mov dword [ebp - 0x110], eax
mov dword [ebp - 0x10c], edx

loc_fffcea12:  ; not directly referenced
cmp dword [ebp - 0x128], 0
je loc_fffceaa0  ; je 0xfffceaa0
cmp byte [ebp - 0x120], 0
mov eax, dword [ebp - 0x58]
je short loc_fffcea5a  ; je 0xfffcea5a

loc_fffcea2b:  ; not directly referenced
push edx
push 4
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call eax
mov ecx, dword [ebp - 0x110]
mov ebx, dword [ebp - 0x10c]
add esp, 0xc
push 0xb
mov edi, ebx
and eax, 0x700
xor eax, ecx
mov esi, eax
jmp short loc_fffcea87  ; jmp 0xfffcea87

loc_fffcea5a:  ; not directly referenced
push edi
push 3
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call eax
mov edx, dword [ebp - 0x110]
mov ecx, dword [ebp - 0x10c]
mov edi, ecx
and eax, 0x300
xor eax, edx
mov esi, eax

loc_fffcea82:  ; not directly referenced
add esp, 0xc
push 0xa

loc_fffcea87:  ; not directly referenced
push edi
push esi
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
mov dword [ebp - 0x10c], edi
and eax, 1
xor eax, esi
mov dword [ebp - 0x110], eax

loc_fffceaa0:  ; not directly referenced
mov cx, word [ebp - 0x12e]
mov ebx, dword [ebp - 0x10c]
shr cx, 2
and ecx, 0x3ffe
mov eax, ecx
cdq
mov eax, ecx
mov dword [ebp - 0x120], ecx
mov ecx, dword [ebp - 0x110]
mov dword [ebp - 0x11c], edx
or eax, ecx
mov esi, eax
mov eax, dword [ebp - 0x11c]
or eax, ebx
mov edi, eax
jmp near loc_fffcecfa  ; jmp 0xfffcecfa

loc_fffceae1:  ; not directly referenced
test byte [ebp - 0x164], bl
je short loc_fffceb45  ; je 0xfffceb45
mov ebx, esi
mov eax, 1
shr ebx, 0x1b
and ebx, 7
lea ecx, [ebx + 4]
shl eax, cl
mov ecx, eax
dec ecx
movzx eax, cx
and ecx, dword [ebp - 0x130]
not eax
and eax, edi
add eax, eax
movzx ecx, cx
push esi
or eax, ecx
push 0xa
cdq
push edx
push eax
call dword [ebp - 0x58]  ; ucall
lea ecx, [ebx + 0xe]
mov ebx, dword [ebp - 0x144]
shl ebx, cl
mov ecx, dword [ebp - 0x138]
shl ecx, 7
or ebx, ecx
mov edi, ebx
or eax, ebx
sar edi, 0x1f
mov dword [ebp - 0x110], eax
or edx, edi
jmp near loc_fffcec4e  ; jmp 0xfffcec4e

loc_fffceb45:  ; not directly referenced
test byte [ebp - 0x158], bl
je loc_fffcec04  ; je 0xfffcec04
push ebx
xor edx, edx
push 0xb
push edx
push edi
xor edi, edi
call dword [ebp - 0x5c]  ; ucall
add esp, 0xc
push 9
mov dword [ebp - 0x110], eax
movzx eax, byte [ebp - 0x134]
mov dword [ebp - 0x120], edx
xor edx, edx
push edx
push eax
call dword [ebp - 0x5c]  ; ucall
mov esi, dword [ebp - 0x138]
add esp, 0xc
push 8
push edi
push esi
mov dword [ebp - 0x134], eax
mov dword [ebp - 0x13c], edx
call dword [ebp - 0x5c]  ; ucall
add esp, 0xc
push 7
push edi
push esi
mov ebx, eax
call dword [ebp - 0x5c]  ; ucall
mov edi, dword [ebp - 0x134]
and ebx, 0x400
or edi, dword [ebp - 0x110]
add esp, 0x10
mov edx, edi
or edx, ebx
and eax, 0x180
mov edi, edx
or edi, eax
mov eax, dword [ebp - 0x13c]
or eax, dword [ebp - 0x120]
cmp dword [ebp - 0x128], 0
mov dword [ebp - 0x110], edi
mov dword [ebp - 0x10c], eax
je loc_fffcec91  ; je 0xfffcec91
mov ebx, dword [ebp - 0x110]
push ecx
mov esi, dword [ebp - 0x10c]
push 4
mov edi, ebx
and edi, 0x7800
jmp short loc_fffcec77  ; jmp 0xfffcec77

loc_fffcec04:  ; not directly referenced
mov ebx, dword [ebp - 0x138]
mov eax, edi
shl eax, 0xa
shl ebx, 7
or ebx, eax
mov eax, ebx
sar eax, 0x1f
cmp byte [ebp - 0x152], 0
mov dword [ebp - 0x110], ebx
mov dword [ebp - 0x10c], eax
je short loc_fffcec57  ; je 0xfffcec57
push edx
push 0xa
push dword [ebp - 0x15c]
push dword [ebp - 0x160]
call dword [ebp - 0x5c]  ; ucall
or edx, dword [ebp - 0x10c]
or ebx, eax
mov dword [ebp - 0x110], ebx

loc_fffcec4e:  ; not directly referenced
mov dword [ebp - 0x10c], edx
add esp, 0x10

loc_fffcec57:  ; not directly referenced
cmp dword [ebp - 0x128], 0
je short loc_fffcec91  ; je 0xfffcec91
mov ebx, dword [ebp - 0x110]
mov esi, dword [ebp - 0x10c]
push eax
push 3
mov edi, ebx
and edi, 0x1c00

loc_fffcec77:  ; not directly referenced
xor edx, edx
push edx
push edi
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
xor eax, ebx
xor edx, esi
mov dword [ebp - 0x110], eax
mov dword [ebp - 0x10c], edx

loc_fffcec91:  ; not directly referenced
cmp word [ebp - 0x118], 9
jne short loc_fffcecaf  ; jne 0xfffcecaf
push eax
push 1
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
jmp short loc_fffceccb  ; jmp 0xfffceccb

loc_fffcecaf:  ; not directly referenced
cmp word [ebp - 0x118], 0xb
jne short loc_fffcecda  ; jne 0xfffcecda
push eax
push 1
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x5c]  ; ucall

loc_fffceccb:  ; not directly referenced
mov dword [ebp - 0x110], eax
add esp, 0x10
mov dword [ebp - 0x10c], edx

loc_fffcecda:  ; not directly referenced
mov ax, word [ebp - 0x12e]
mov edx, dword [ebp - 0x110]
mov ecx, dword [ebp - 0x10c]
shr ax, 3
movzx eax, ax
or eax, edx
mov edi, ecx
mov esi, eax

loc_fffcecfa:  ; not directly referenced
mov eax, dword [ebp - 0x140]
mov ebx, dword [ebp + eax*4 - 0x104]
lea eax, [ebp - 0xc4]
mov edx, ebx
call fcn_fffc3aea  ; call 0xfffc3aea
mov dword [ebp - 0x110], eax
lea eax, [ebp - 0xc4]
mov dword [ebp - 0x10c], edx
mov edx, ebx
call fcn_fffc3acf  ; call 0xfffc3acf
mov ecx, dword [ebp - 0x17c]
or ecx, dword [ebp - 0x178]
and cl, 1
je short loc_fffced95  ; je 0xfffced95
cmp edi, edx
ja short loc_fffced8f  ; ja 0xfffced8f
jb short loc_fffced48  ; jb 0xfffced48
cmp esi, eax
jae short loc_fffced8f  ; jae 0xfffced8f

loc_fffced48:  ; not directly referenced
push eax
push 1
push edi
push esi
call dword [ebp - 0x5c]  ; ucall
add esp, 0xc
push 9
push dword [ebp - 0x16c]
push dword [ebp - 0x170]
mov ebx, edx
mov dword [ebp - 0x110], eax
call dword [ebp - 0x5c]  ; ucall
add esp, 0x10
mov ecx, eax
mov eax, esi
and eax, 0x1ff
or edx, ebx
or ecx, eax
mov eax, dword [ebp - 0x110]
mov edi, edx
and eax, 0xfffffc00
or ecx, eax
mov esi, ecx
jmp short loc_fffcedaa  ; jmp 0xfffcedaa

loc_fffced8f:  ; not directly referenced
add esi, eax
adc edi, edx
jmp short loc_fffcedaa  ; jmp 0xfffcedaa

loc_fffced95:  ; not directly referenced
cmp dword [ebp - 0x148], 0
je short loc_fffcedaa  ; je 0xfffcedaa
add esi, dword [ebp - 0x110]
adc edi, dword [ebp - 0x10c]

loc_fffcedaa:  ; not directly referenced
mov ebx, dword [ebp - 0x114]
mov eax, ebx
and eax, 3
cmp eax, dword [ebp - 0x140]
push eax
movzx eax, byte [ebp - 0x150]
push 0x16
setne byte [ebp - 0x110]
xor edx, edx
push edx
push eax
call dword [ebp - 0x5c]  ; ucall
add esp, 0xc
push 2
mov dword [ebp - 0x128], eax
mov eax, dword [ebp - 0x150]
mov dword [ebp - 0x118], edx
xor edx, edx
push edx
and eax, 0xff000000
push eax
call dword [ebp - 0x5c]  ; ucall
mov ecx, ebx
add esp, 0x10
shr ecx, 6
mov dword [ebp - 0x120], ecx
and dword [ebp - 0x120], 1
cmp dword [ebp - 0x12c], 1
jne short loc_fffcee22  ; jne 0xfffcee22
mov ebx, dword [ebp - 0x128]
mov ecx, dword [ebp - 0x118]
jmp short loc_fffcee26  ; jmp 0xfffcee26

loc_fffcee22:  ; not directly referenced
mov ebx, eax
mov ecx, edx

loc_fffcee26:  ; not directly referenced
cmp dword [ebp - 0x120], 0
je short loc_fffcee6d  ; je 0xfffcee6d
mov ebx, dword [ebp - 0x114]
push eax
shr ebx, 7
and ebx, 7
push ebx
add ebx, 0x16
push 0
push 0x400000
call dword [ebp - 0x5c]  ; ucall
movzx eax, byte [ebp - 0x110]
add esp, 0xc
push ebx
xor edx, edx
push edx
push eax
call dword [ebp - 0x5c]  ; ucall
mov ecx, eax
mov ebx, edx
or ecx, esi
or ebx, edi
mov eax, ecx
mov edx, ebx
jmp near loc_fffcef2c  ; jmp 0xfffcef2c

loc_fffcee6d:  ; not directly referenced
cmp edi, ecx
ja loc_fffcef4c  ; ja 0xfffcef4c
jb short loc_fffcee7f  ; jb 0xfffcee7f
cmp esi, ebx
jae loc_fffcef4c  ; jae 0xfffcef4c

loc_fffcee7f:  ; not directly referenced
push ebx
push 1
push edi
push esi
call dword [ebp - 0x5c]  ; ucall
add esp, 0x10
mov dword [ebp - 0x120], eax
mov dword [ebp - 0x11c], edx
test dword [ebp - 0x14c], 0x800000
je loc_fffcef31  ; je 0xfffcef31
mov edi, dword [ebp - 0x14c]
push ecx
mov esi, edi
shr esi, 0x15
and esi, 3
push esi
push edx
push eax
call dword [ebp - 0x58]  ; ucall
mov edx, dword [ebp - 0x11c]
add esp, 0xc
push esi
push 0
push 1
mov ebx, eax
mov eax, dword [ebp - 0x120]
and ebx, 1
mov dword [ebp - 0x120], edx
or ebx, eax
call dword [ebp - 0x5c]  ; ucall
add esp, 0x10
xor ecx, ecx
not eax
not edx
and dword [ebp - 0x120], edx
mov edx, edi
and ebx, eax
and dx, 0x3fff
and edx, ebx
xor eax, eax
movzx edx, dx

loc_fffceefe:  ; not directly referenced
mov edi, edx
sar edi, cl
inc ecx
xor eax, edi
cmp ecx, 0xe
jne short loc_fffceefe  ; jne 0xfffceefe
xor eax, dword [ebp - 0x110]
xor edx, edx
push edi
push esi
and eax, 1
push edx
push eax
call dword [ebp - 0x5c]  ; ucall
mov esi, edx
mov ecx, eax
or esi, dword [ebp - 0x120]
or ecx, ebx
mov eax, ecx
mov edx, esi

loc_fffcef2c:  ; not directly referenced
add esp, 0x10
jmp short loc_fffcef65  ; jmp 0xfffcef65

loc_fffcef31:  ; not directly referenced
movzx ecx, byte [ebp - 0x110]
mov ebx, dword [ebp - 0x120]
mov esi, dword [ebp - 0x11c]
or ecx, ebx
mov eax, ecx
mov edx, esi
jmp short loc_fffcef65  ; jmp 0xfffcef65

loc_fffcef4c:  ; not directly referenced
cmp dword [ebp - 0x12c], 1
jne short loc_fffcef61  ; jne 0xfffcef61
mov eax, dword [ebp - 0x128]
mov edx, dword [ebp - 0x118]

loc_fffcef61:  ; not directly referenced
add eax, esi
adc edx, edi

loc_fffcef65:  ; not directly referenced
mov edi, dword [ebp - 0x180]
push ecx
push 6
push edx
and edi, 0xfff00000
mov dword [ebp - 0x110], edi
mov edi, dword [ebp - 0x184]
push eax
and edi, 0x7f
mov dword [ebp - 0x10c], edi
mov edi, dword [ebp - 0x188]
or edi, 0xfffff
mov dword [ebp - 0x120], edi
mov edi, dword [ebp - 0x18c]
and edi, 0x7f
mov dword [ebp - 0x11c], edi
mov edi, 1
call dword [ebp - 0x5c]  ; ucall
add esp, 0x10
cmp edx, dword [ebp - 0x10c]
ja short loc_fffcefcb  ; ja 0xfffcefcb
jb short loc_fffcefc9  ; jb 0xfffcefc9
cmp eax, dword [ebp - 0x110]
jae short loc_fffcefcb  ; jae 0xfffcefcb

loc_fffcefc9:  ; not directly referenced
xor edi, edi

loc_fffcefcb:  ; not directly referenced
mov esi, 1
cmp edx, dword [ebp - 0x11c]
jb short loc_fffcefe4  ; jb 0xfffcefe4
ja short loc_fffcefe2  ; ja 0xfffcefe2
cmp eax, dword [ebp - 0x120]
jbe short loc_fffcefe4  ; jbe 0xfffcefe4

loc_fffcefe2:  ; not directly referenced
xor esi, esi

loc_fffcefe4:  ; not directly referenced
mov ecx, dword [ebp + 0xc]
and edi, esi
mov ebx, edi
movzx edi, bl
mov dword [ecx], eax
mov dword [ecx + 4], edx
test edi, edi
jne loc_fffcf084  ; jne 0xfffcf084
mov esi, dword [ebp - 0x10c]
cmp dword [ebp - 0x11c], esi
jb short loc_fffcf084  ; jb 0xfffcf084
ja short loc_fffcf019  ; ja 0xfffcf019
mov esi, dword [ebp - 0x110]
cmp dword [ebp - 0x120], esi
jbe short loc_fffcf084  ; jbe 0xfffcf084

loc_fffcf019:  ; not directly referenced
mov esi, dword [ebp - 0x168]
xor ebx, ebx
mov dword [ebp - 0x124], ebx
and esi, 0xfff00000
mov ecx, esi
add ecx, dword [ebp - 0x120]
adc ebx, dword [ebp - 0x11c]
sub ecx, dword [ebp - 0x110]
sbb ebx, dword [ebp - 0x10c]
mov dword [ebp - 0x128], esi
cmp edx, ebx
ja short loc_fffcf084  ; ja 0xfffcf084
jb short loc_fffcf057  ; jb 0xfffcf057
cmp eax, ecx
ja short loc_fffcf084  ; ja 0xfffcf084

loc_fffcf057:  ; not directly referenced
cmp edx, 0
ja short loc_fffcf060  ; ja 0xfffcf060
cmp eax, esi
jb short loc_fffcf084  ; jb 0xfffcf084

loc_fffcf060:  ; not directly referenced
mov ecx, dword [ebp - 0x110]
sub ecx, dword [ebp - 0x128]
mov ebx, dword [ebp - 0x10c]
sbb ebx, dword [ebp - 0x124]
add ecx, eax
mov eax, dword [ebp + 0xc]
adc ebx, edx
mov dword [eax], ecx
mov dword [eax + 4], ebx

loc_fffcf084:  ; not directly referenced
cmp dword [ebp - 0x12c], 1
jne loc_fffcf17d  ; jne 0xfffcf17d
lea ebx, [ebp - 0xe8]
lea esi, [ebp - 0xc8]

loc_fffcf09d:  ; not directly referenced
push eax
mov eax, dword [ebp + 0xc]
mov edx, dword [eax + 4]
mov eax, dword [eax]
push dword [ebx + 4]
push dword [ebx]
mov ecx, edx
mov dword [ebp - 0x110], eax
mov dword [ebp - 0x10c], edx
mov edx, eax
push edi
lea eax, [ebp - 0xc4]
call fcn_fffb6511  ; call 0xfffb6511
add esp, 0x10
test eax, eax
jne loc_fffce576  ; jne 0xfffce576
add ebx, 8
cmp ebx, esi
jne short loc_fffcf09d  ; jne 0xfffcf09d
movzx eax, byte [ebp - 0x151]
xor ebx, ebx
mov dword [ebp - 0x110], eax
movzx eax, word [ebp - 0x130]
mov dword [ebp - 0x120], eax

loc_fffcf0f5:  ; not directly referenced
mov edi, dword [ebp + ebx*2 - 0xe4]
mov esi, dword [ebp + ebx*2 - 0xe8]
push ecx
push 0x3f
push edi
push esi
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
test al, 1
je short loc_fffcf171  ; je 0xfffcf171
sub esp, 0xc
mov ecx, dword [ebp - 0x144]
push dword [ebp - 0x114]
push dword [ebp + ebx - 0xf8]
push dword [ebp - 0x174]
push dword [ebp - 0x120]
push dword [ebp - 0x138]
mov edx, dword [ebp - 0x110]
mov eax, dword [ebp - 0x140]
call fcn_fffce2bd  ; call 0xfffce2bd
add esp, 0x20
test eax, eax
je short loc_fffcf171  ; je 0xfffcf171
mov edx, dword [ebp + 0xc]
mov eax, esi
and eax, 0xffffffc0
mov dword [edx], eax
mov eax, edi
and eax, 0x7f
mov dword [edx + 4], eax
push edx
push 0x3e
push edi
push esi
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
jmp short loc_fffcf17d  ; jmp 0xfffcf17d

loc_fffcf171:  ; not directly referenced
add ebx, 4
cmp ebx, 0x10
jne loc_fffcf0f5  ; jne 0xfffcf0f5

loc_fffcf17d:  ; not directly referenced
mov eax, dword [ebp + 0xc]
xor edx, edx
mov ebx, dword [eax]
mov esi, dword [eax + 4]
push eax
movzx eax, word [ebp - 0x12e]
push 3
push edx
push eax
call dword [ebp - 0x5c]  ; ucall
mov edi, dword [ebp + 0xc]
add esp, 0x10
mov dword [edi + 4], esi
and eax, 0x3f
or eax, ebx
mov dword [edi], eax
mov eax, 1

loc_fffcf1ab:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcf1b3:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
sub esp, 0x40
mov al, byte [ebp + 8]
mov edi, dword [ebp + 0xc]
mov ebx, dword [ebp + 0x18]
mov byte [ebp - 0x41], dl
mov edx, dword [esi + 0x2444]
push 0
push 2
mov byte [ebp - 0x33], al
mov eax, edi
mov byte [ebp - 0x34], al
lea eax, [ebp - 0x23]
push eax
mov byte [ebp - 0x32], cl
mov dword [ebp - 0x30], ecx
mov dword [ebp - 0x2c], edx
mov byte [ebp - 0x42], bl
call dword [edx + 0x5c]  ; ucall
add esp, 0xc
mov edx, dword [ebp - 0x2c]
push 1
push 7
lea eax, [ebp - 0x1f]
push eax
call dword [edx + 0x5c]  ; ucall
add esp, 0x10
mov ecx, dword [ebp - 0x30]
cmp dword [esi + 0x188b], 1
mov dword [ebp - 0x2c], 0
jne short loc_fffcf24a  ; jne 0xfffcf24a
xor eax, eax
cmp dword [esi + 0x2481], 3
sete al
mov dword [ebp - 0x2c], eax
jne short loc_fffcf24a  ; jne 0xfffcf24a
test bl, bl
je short loc_fffcf230  ; je 0xfffcf230
mov eax, dword [ebp + 0x10]
jmp short loc_fffcf233  ; jmp 0xfffcf233

loc_fffcf230:  ; not directly referenced
mov eax, dword [ebp + 0x14]

loc_fffcf233:  ; not directly referenced
mov al, byte [eax]
mov byte [ebp - 0x21], al
test bl, bl
jne short loc_fffcf241  ; jne 0xfffcf241
mov eax, dword [ebp + 0x14]
jmp short loc_fffcf244  ; jmp 0xfffcf244

loc_fffcf241:  ; not directly referenced
mov eax, dword [ebp + 0x10]

loc_fffcf244:  ; not directly referenced
mov al, byte [eax + 1]
mov byte [ebp - 0x20], al

loc_fffcf24a:  ; not directly referenced
movzx eax, cl
mov dword [ebp - 0x38], eax
sar eax, 1
mov dword [ebp - 0x40], eax
movzx eax, byte [ebp - 0x42]
shr edi, 1
mov dword [ebp - 0x30], edi
and dword [ebp - 0x40], 1
and dword [ebp - 0x30], 1
mov dword [ebp - 0x48], eax
movzx eax, byte [ebp - 0x41]
mov dword [ebp - 0x3c], eax

loc_fffcf270:  ; not directly referenced
xor edi, edi

loc_fffcf272:  ; not directly referenced
mov eax, dword [ebp - 0x38]
bt eax, edi
jb short loc_fffcf282  ; jb 0xfffcf282

loc_fffcf27a:  ; not directly referenced
inc edi
cmp edi, 2
jne short loc_fffcf272  ; jne 0xfffcf272
jmp short loc_fffcf2ef  ; jmp 0xfffcf2ef

loc_fffcf282:  ; not directly referenced
mov eax, dword [ebp + 0x14]
mov bl, byte [ebp - 0x33]
movzx edx, byte [eax + edi]
mov eax, dword [ebp + 0x10]
movzx eax, byte [eax + edi]
add eax, edx
imul edx, edi, 0x13c3
add eax, dword [ebp - 0x48]
sar eax, 1
mov byte [ebp + edi - 0x23], al
and bl, byte [esi + edx + 0x381b]
test byte [ebp - 0x34], 1
je short loc_fffcf2cb  ; je 0xfffcf2cb
push edx
movzx eax, al
push 0
push eax
movzx eax, bl
push 1
push eax
push dword [ebp - 0x3c]
push edi
push esi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20

loc_fffcf2cb:  ; not directly referenced
cmp dword [ebp - 0x30], 0
je short loc_fffcf27a  ; je 0xfffcf27a
push eax
movzx eax, byte [ebp + edi - 0x23]
movzx ebx, bl
push 0
push eax
push 2
push ebx
push dword [ebp - 0x3c]
push edi
push esi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20
jmp short loc_fffcf27a  ; jmp 0xfffcf27a

loc_fffcf2ef:  ; not directly referenced
cmp dword [ebp - 0x2c], 0
jne short loc_fffcf301  ; jne 0xfffcf301
sub esp, 0xc
push esi
call fcn_fffc9f5d  ; call 0xfffc9f5d
add esp, 0x10

loc_fffcf301:  ; not directly referenced
xor ebx, ebx
mov byte [ebp - 0x31], 0
lea edi, [ebp - 0x1f]

loc_fffcf30a:  ; not directly referenced
mov eax, dword [ebp + 0x1c]
push 0
push 0
push 0
push 0
movsx eax, byte [eax + ebx]
push eax
push 0
push 2
push esi
call fcn_fffcce33  ; call 0xfffcce33
add esp, 0x1c
movzx ecx, byte [esi + 0x248c]
mov edx, dword [ebp - 0x38]
mov eax, esi
push 0
push 1
push edi
call fcn_fffaa5b3  ; call 0xfffaa5b3
add esp, 0x10
or byte [ebp - 0x31], al
mov al, byte [ebp - 0x32]
cmp byte [ebp - 0x31], al
jne short loc_fffcf368  ; jne 0xfffcf368

loc_fffcf34b:  ; not directly referenced
cmp byte [ebp - 0x31], 0
setne al
test byte [ebp - 0x2c], al
je loc_fffcf3e2  ; je 0xfffcf3e2
mov al, byte [ebp - 0x34]
xor edi, edi
and eax, 1
mov byte [ebp - 0x43], al
jmp short loc_fffcf370  ; jmp 0xfffcf370

loc_fffcf368:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffcf30a  ; jne 0xfffcf30a
jmp short loc_fffcf34b  ; jmp 0xfffcf34b

loc_fffcf370:  ; not directly referenced
mov eax, dword [ebp - 0x38]
bt eax, edi
jb short loc_fffcf38c  ; jb 0xfffcf38c

loc_fffcf378:  ; not directly referenced
inc edi
cmp edi, 2
jne short loc_fffcf370  ; jne 0xfffcf370
sub esp, 0xc
push esi
call fcn_fffc9f5d  ; call 0xfffc9f5d
add esp, 0x10
jmp short loc_fffcf3e2  ; jmp 0xfffcf3e2

loc_fffcf38c:  ; not directly referenced
imul edx, edi, 0x13c3
mov bl, byte [ebp - 0x33]
and bl, byte [esi + edx + 0x381b]
cmp byte [ebp - 0x43], 0
je short loc_fffcf3be  ; je 0xfffcf3be
movzx edx, byte [ebp + edi - 0x21]
push eax
push 0
push edx
movzx edx, bl
push 1
push edx
push dword [ebp - 0x3c]
push edi
push esi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20

loc_fffcf3be:  ; not directly referenced
cmp dword [ebp - 0x30], 0
je short loc_fffcf378  ; je 0xfffcf378
movzx edx, byte [ebp + edi - 0x21]
movzx ebx, bl
push ecx
push 0
push edx
push 2
push ebx
push dword [ebp - 0x3c]
push edi
push esi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20
jmp short loc_fffcf378  ; jmp 0xfffcf378

loc_fffcf3e2:  ; not directly referenced
xor ecx, ecx
mov eax, 1

loc_fffcf3e9:  ; not directly referenced
mov edx, eax
shl edx, cl
test byte [ebp - 0x32], dl
je short loc_fffcf432  ; je 0xfffcf432
mov ebx, dword [ebp + 0x10]
mov edi, dword [ebp + 0x14]
mov bl, byte [ebx + ecx]
cmp byte [edi + ecx], bl
jbe short loc_fffcf432  ; jbe 0xfffcf432
and dl, byte [ebp - 0x31]
cmp byte [ebp - 0x42], 0
je short loc_fffcf41b  ; je 0xfffcf41b
test dl, dl
mov dl, byte [ebp + ecx - 0x23]
je short loc_fffcf416  ; je 0xfffcf416
dec edx
mov ebx, edi
jmp short loc_fffcf42f  ; jmp 0xfffcf42f

loc_fffcf416:  ; not directly referenced
mov ebx, dword [ebp + 0x10]
jmp short loc_fffcf42f  ; jmp 0xfffcf42f

loc_fffcf41b:  ; not directly referenced
test dl, dl
mov dl, byte [ebp + ecx - 0x23]
je short loc_fffcf42c  ; je 0xfffcf42c
mov edi, dword [ebp + 0x10]
inc edx
mov byte [edi + ecx], dl
jmp short loc_fffcf432  ; jmp 0xfffcf432

loc_fffcf42c:  ; not directly referenced
mov ebx, dword [ebp + 0x14]

loc_fffcf42f:  ; not directly referenced
mov byte [ebx + ecx], dl

loc_fffcf432:  ; not directly referenced
inc ecx
cmp ecx, 2
jne short loc_fffcf3e9  ; jne 0xfffcf3e9
mov al, 1
test byte [ebp - 0x32], 1
je short loc_fffcf44d  ; je 0xfffcf44d
mov eax, dword [ebp + 0x10]
mov ecx, dword [ebp + 0x14]
mov al, byte [eax]
cmp byte [ecx], al
setbe al

loc_fffcf44d:  ; not directly referenced
cmp dword [ebp - 0x40], 0
je short loc_fffcf465  ; je 0xfffcf465
mov ecx, dword [ebp + 0x10]
mov edi, dword [ebp + 0x14]
mov cl, byte [ecx + 1]
cmp byte [edi + 1], cl
ja loc_fffcf270  ; ja 0xfffcf270

loc_fffcf465:  ; not directly referenced
test al, al
je loc_fffcf270  ; je 0xfffcf270
push 0
xor edi, edi
push 0
push 0
push 0
push 0
push 0
push 2
push esi
call fcn_fffcce33  ; call 0xfffcce33
add esp, 0x20
cmp dword [ebp - 0x2c], 0
jne short loc_fffcf49d  ; jne 0xfffcf49d

loc_fffcf48c:  ; not directly referenced
sub esp, 0xc
push esi
call fcn_fffc9f5d  ; call 0xfffc9f5d
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

loc_fffcf49d:  ; not directly referenced
mov al, byte [ebp - 0x34]
and eax, 1
mov byte [ebp - 0x31], al
movzx eax, byte [ebp - 0x41]
mov dword [ebp - 0x2c], eax

loc_fffcf4ad:  ; not directly referenced
mov eax, dword [ebp - 0x38]
bt eax, edi
jb short loc_fffcf4bd  ; jb 0xfffcf4bd

loc_fffcf4b5:  ; not directly referenced
inc edi
cmp edi, 2
jne short loc_fffcf4ad  ; jne 0xfffcf4ad
jmp short loc_fffcf48c  ; jmp 0xfffcf48c

loc_fffcf4bd:  ; not directly referenced
imul edx, edi, 0x13c3
mov bl, byte [ebp - 0x33]
and bl, byte [esi + edx + 0x381b]
cmp byte [ebp - 0x31], 0
je short loc_fffcf4ef  ; je 0xfffcf4ef
push edx
movzx edx, byte [ebp + edi - 0x21]
push 0
push edx
movzx edx, bl
push 1
push edx
push dword [ebp - 0x2c]
push edi
push esi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20

loc_fffcf4ef:  ; not directly referenced
cmp dword [ebp - 0x30], 0
je short loc_fffcf4b5  ; je 0xfffcf4b5
movzx edx, byte [ebp + edi - 0x21]
movzx ebx, bl
push eax
push 0
push edx
push 2
push ebx
push dword [ebp - 0x2c]
push edi
push esi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20
jmp short loc_fffcf4b5  ; jmp 0xfffcf4b5

fcn_fffcf513:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
xor ebx, ebx
sub esp, 0x40
mov al, byte [ebp + 8]
push 1
movzx edi, byte [ebp + 0xc]
push 7
mov byte [ebp - 0x31], al
mov eax, dword [ebp + 0x14]
mov byte [ebp - 0x2a], dl
lea edx, [ebp - 0x27]
push edx
mov word [ebp - 0x2c], ax
mov eax, dword [ebp + 0x18]
mov byte [ebp - 0x29], cl
mov dword [ebp - 0x1c], 0
mov dword [ebp - 0x20], 0
mov word [ebp - 0x34], ax
mov eax, dword [esi + 0x2444]
call dword [eax + 0x5c]  ; ucall
movzx eax, byte [ebp - 0x29]
add esp, 0x10
mov dword [ebp - 0x3c], edi
mov dword [ebp - 0x30], eax

loc_fffcf56a:  ; not directly referenced
movsx eax, bx
xor edi, edi
mov dword [ebp - 0x38], eax

loc_fffcf572:  ; not directly referenced
mov eax, dword [ebp - 0x30]
bt eax, edi
jae short loc_fffcf5a6  ; jae 0xfffcf5a6
cmp dword [ebp + edi*4 - 0x20], 0
jne short loc_fffcf5a6  ; jne 0xfffcf5a6
mov eax, dword [ebp + 0x10]
push edx
push 0
movzx edx, byte [eax + edi]
add edx, dword [ebp - 0x38]
push edx
movzx edx, byte [ebp - 0x31]
push dword [ebp - 0x3c]
push edx
movzx edx, byte [ebp - 0x2a]
push edx
push edi
push esi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20

loc_fffcf5a6:  ; not directly referenced
inc edi
cmp edi, 2
jne short loc_fffcf572  ; jne 0xfffcf572
cmp dword [ebp + 0x20], 0
jne short loc_fffcf5be  ; jne 0xfffcf5be
sub esp, 0xc
push esi
call fcn_fffc9f5d  ; call 0xfffc9f5d
add esp, 0x10

loc_fffcf5be:  ; not directly referenced
mov edx, dword [ebp - 0x30]
push eax
movzx ecx, byte [esi + 0x248c]
push 0
push 1
lea eax, [ebp - 0x27]
push eax
mov eax, esi
call fcn_fffaa5b3  ; call 0xfffaa5b3
mov dl, bl
add esp, 0x10
neg edx
test bx, bx
cmovns edx, ebx
test byte [ebp - 0x29], 1
je short loc_fffcf603  ; je 0xfffcf603
cmp dword [ebp - 0x20], 0
jne short loc_fffcf603  ; jne 0xfffcf603
test al, 1
je short loc_fffcf5fe  ; je 0xfffcf5fe
mov dword [ebp - 0x20], 1
jmp short loc_fffcf603  ; jmp 0xfffcf603

loc_fffcf5fe:  ; not directly referenced
mov ecx, dword [ebp + 0x1c]
mov byte [ecx], dl

loc_fffcf603:  ; not directly referenced
test byte [ebp - 0x29], 2
je short loc_fffcf622  ; je 0xfffcf622
cmp dword [ebp - 0x1c], 0
jne short loc_fffcf622  ; jne 0xfffcf622
test al, 2
jne short loc_fffcf61b  ; jne 0xfffcf61b
mov eax, dword [ebp + 0x1c]
mov byte [eax + 1], dl
jmp short loc_fffcf622  ; jmp 0xfffcf622

loc_fffcf61b:  ; not directly referenced
mov dword [ebp - 0x1c], 1

loc_fffcf622:  ; not directly referenced
mov eax, dword [ebp - 0x34]
add ebx, eax
test ax, ax
jle short loc_fffcf635  ; jle 0xfffcf635
cmp bx, word [ebp - 0x2c]
setg al
jmp short loc_fffcf63c  ; jmp 0xfffcf63c

loc_fffcf635:  ; not directly referenced
cmp bx, word [ebp - 0x2c]
setl al

loc_fffcf63c:  ; not directly referenced
cmp dword [ebp - 0x20], 0
movzx eax, al
je short loc_fffcf64b  ; je 0xfffcf64b
cmp dword [ebp - 0x1c], 0
jne short loc_fffcf653  ; jne 0xfffcf653

loc_fffcf64b:  ; not directly referenced
test eax, eax
je loc_fffcf56a  ; je 0xfffcf56a

loc_fffcf653:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcf65b:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
mov esi, edx
push ebx
sub esp, 0x90
mov eax, dword [ebp + 0x10]
push 1
push 7
mov ebx, eax
mov dword [ebp - 0x78], eax
mov al, byte [ebp + 8]
mov byte [ebp - 0x89], bl
mov ebx, dword [edi + 0x2444]
mov dword [ebp - 0x88], edx
mov byte [ebp - 0x69], dl
mov byte [ebp - 0x6a], al
mov al, byte [ebp + 0xc]
mov byte [ebp - 0x68], cl
mov byte [ebp - 0x74], al
mov al, byte [ebp + 0x14]
mov byte [ebp - 0x7c], al
mov al, byte [ebp + 0x18]
mov byte [ebp - 0x8a], al
lea eax, [ebp - 0x4f]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 2
lea eax, [ebp - 0x53]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 2
lea eax, [ebp - 0x51]
push eax
call dword [ebx + 0x5c]  ; ucall
xor eax, eax
add esp, 0x10
cmp dword [edi + 0x2481], 3
sete al
mov dword [ebp - 0x60], eax
mov eax, esi
cmp al, 6
je short loc_fffcf717  ; je 0xfffcf717

loc_fffcf6e5:  ; not directly referenced
cmp dword [ebp - 0x60], 1
sbb eax, eax
mov dword [ebp - 0x60], eax
movsx ax, byte [ebp - 0x78]
and byte [ebp - 0x60], 4
add byte [ebp - 0x60], 2
mov word [ebp - 0x6c], ax
mov word [ebp - 0x64], ax
mov al, byte [ebp - 0x7c]
sub eax, dword [ebp - 0x60]
movzx eax, al
mov dword [ebp - 0x94], eax
jmp near loc_fffcf892  ; jmp 0xfffcf892

loc_fffcf717:  ; not directly referenced
movzx esi, byte [ebp - 0x68]
lea eax, [edi + 0x3757]
mov dword [ebp - 0x5c], eax
xor eax, eax
mov dword [ebp - 0x70], esi

loc_fffcf729:  ; not directly referenced
mov esi, dword [ebp - 0x70]
bt esi, eax
jae loc_fffcf7f5  ; jae 0xfffcf7f5
mov esi, dword [ebp - 0x5c]
mov ebx, dword [esi + 0x111]
mov ecx, dword [esi + 0x11d]
cmp bl, cl
mov esi, ecx
cmovl esi, ebx
cmp cl, bl
mov edx, esi
mov esi, dword [ebp - 0x5c]
cmovbe ecx, ebx
mov byte [ebp + eax - 0x53], dl
mov byte [ebp + eax - 0x51], cl
xor ecx, ecx
mov dl, byte [esi + 0xc4]
mov byte [ebp - 0x64], dl

loc_fffcf768:  ; not directly referenced
mov ebx, 1
shl ebx, cl
test byte [ebp - 0x64], bl
je short loc_fffcf7a0  ; je 0xfffcf7a0
mov esi, dword [ebp - 0x5c]
mov bl, byte [esi + ecx + 0x245]
movzx esi, byte [ebp + eax - 0x53]
cmp bl, byte [ebp + eax - 0x53]
cmovle esi, ebx
mov edx, esi
movzx esi, byte [ebp + eax - 0x51]
cmp bl, byte [ebp + eax - 0x51]
mov byte [ebp + eax - 0x53], dl
cmovb ebx, esi
mov byte [ebp + eax - 0x51], bl

loc_fffcf7a0:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffcf768  ; jne 0xfffcf768
cmp dword [ebp - 0x60], 0
je short loc_fffcf7e7  ; je 0xfffcf7e7
mov ecx, dword [ebp - 0x5c]
mov esi, dword [ecx + 0x109]
mov ecx, dword [ecx + 0x115]
mov edx, esi
mov ebx, esi
cmp cl, dl
mov dl, byte [ebp + eax - 0x53]
cmovl ebx, ecx
cmp bl, byte [ebp + eax - 0x53]
cmovg ebx, edx
mov edx, esi
mov byte [ebp + eax - 0x53], bl
mov bl, byte [ebp + eax - 0x51]
cmp bl, dl
cmovbe ebx, esi
cmp bl, cl
cmovbe ebx, ecx
mov byte [ebp + eax - 0x51], bl

loc_fffcf7e7:  ; not directly referenced
mov cl, 0x7f
neg byte [ebp + eax - 0x53]
sub cl, byte [ebp + eax - 0x51]
mov byte [ebp + eax - 0x51], cl

loc_fffcf7f5:  ; not directly referenced
inc eax
add dword [ebp - 0x5c], 0x13c3
cmp eax, 2
jne loc_fffcf729  ; jne 0xfffcf729
jmp near loc_fffcf6e5  ; jmp 0xfffcf6e5

loc_fffcf80b:  ; not directly referenced
mov eax, dword [ebp - 0x70]
bt eax, ebx
jb loc_fffcf8ba  ; jb 0xfffcf8ba

loc_fffcf817:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffcf80b  ; jne 0xfffcf80b
sub esp, 0xc
push edi
call fcn_fffc9f5d  ; call 0xfffc9f5d
add esp, 0x10
cmp dword [ebp + 0x24], 0
je loc_fffcf90d  ; je 0xfffcf90d
movzx ecx, byte [edi + 0x248c]
push eax
mov edx, dword [ebp - 0x70]
push 0
push 1
lea eax, [ebp - 0x4f]
push eax
mov eax, edi
call fcn_fffaa5b3  ; call 0xfffaa5b3
add esp, 0x10
mov byte [ebp - 0x5c], al

loc_fffcf853:  ; not directly referenced
cmp byte [ebp - 0x69], 6
je loc_fffcf966  ; je 0xfffcf966

loc_fffcf85d:  ; not directly referenced
movzx eax, byte [ebp - 0x60]
mov edx, esi
xor ecx, ecx
sub edx, eax
mov dword [ebp - 0x70], eax
movsx eax, byte [ebp - 0x89]
mov dword [ebp - 0x80], edx

loc_fffcf874:  ; not directly referenced
mov edx, 1
shl edx, cl
test byte [ebp - 0x68], dl
jne loc_fffcf9a0  ; jne 0xfffcf9a0

loc_fffcf884:  ; not directly referenced
inc ecx
cmp ecx, 2
jne short loc_fffcf874  ; jne 0xfffcf874
movzx eax, byte [ebp - 0x60]
add word [ebp - 0x64], ax

loc_fffcf892:  ; not directly referenced
movzx eax, byte [ebp - 0x7c]
movsx esi, word [ebp - 0x64]
mov dword [ebp - 0x5c], eax
cmp esi, eax
jg loc_fffcfa7e  ; jg 0xfffcfa7e
movzx eax, byte [ebp - 0x68]
xor ebx, ebx
mov dword [ebp - 0x70], eax
movzx eax, byte [ebp - 0x74]
mov dword [ebp - 0x5c], eax
jmp near loc_fffcf80b  ; jmp 0xfffcf80b

loc_fffcf8ba:  ; not directly referenced
imul eax, ebx, 0x13c3
mov cl, byte [ebp - 0x6a]
and cl, byte [edi + eax + 0x381b]
movzx eax, byte [ebp - 0x69]
movzx ecx, cl
cmp al, 6
je short loc_fffcf8ed  ; je 0xfffcf8ed
push edx
push 0
push esi
push dword [ebp - 0x5c]
push ecx
push eax
push ebx
push edi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20
jmp near loc_fffcf817  ; jmp 0xfffcf817

loc_fffcf8ed:  ; not directly referenced
xor eax, eax
mov edx, ebx
cmp dword [ebp + 0x20], 0
sete al
push eax
mov eax, edi
push 0
push esi
push 0
call fcn_fffac68e  ; call 0xfffac68e
add esp, 0x10
jmp near loc_fffcf817  ; jmp 0xfffcf817

loc_fffcf90d:  ; not directly referenced
xor ebx, ebx
mov byte [ebp - 0x5c], 0

loc_fffcf913:  ; not directly referenced
mov eax, dword [ebp + 0x1c]
push 0
push 0
push 0
push 0
movsx eax, byte [eax + ebx]
push eax
push 0
push 2
push edi
call fcn_fffcce33  ; call 0xfffcce33
add esp, 0x1c
movzx ecx, byte [edi + 0x248c]
mov edx, dword [ebp - 0x70]
lea eax, [ebp - 0x4f]
push 0
push 1
push eax
mov eax, edi
call fcn_fffaa5b3  ; call 0xfffaa5b3
add esp, 0x10
or byte [ebp - 0x5c], al
mov al, byte [ebp - 0x68]
cmp byte [ebp - 0x5c], al
je loc_fffcf853  ; je 0xfffcf853
inc ebx
cmp ebx, 2
jne short loc_fffcf913  ; jne 0xfffcf913
jmp near loc_fffcf853  ; jmp 0xfffcf853

loc_fffcf966:  ; not directly referenced
movsx ax, byte [ebp - 0x53]
cmp word [ebp - 0x64], ax
jge short loc_fffcf977  ; jge 0xfffcf977

loc_fffcf971:  ; not directly referenced
or byte [ebp - 0x5c], 1
jmp short loc_fffcf97f  ; jmp 0xfffcf97f

loc_fffcf977:  ; not directly referenced
movzx eax, byte [ebp - 0x51]
cmp esi, eax
jg short loc_fffcf971  ; jg 0xfffcf971

loc_fffcf97f:  ; not directly referenced
movsx ax, byte [ebp - 0x52]
cmp word [ebp - 0x64], ax
jge short loc_fffcf993  ; jge 0xfffcf993

loc_fffcf98a:  ; not directly referenced
or byte [ebp - 0x5c], 2
jmp near loc_fffcf85d  ; jmp 0xfffcf85d

loc_fffcf993:  ; not directly referenced
movzx eax, byte [ebp - 0x50]
cmp esi, eax
jg short loc_fffcf98a  ; jg 0xfffcf98a
jmp near loc_fffcf85d  ; jmp 0xfffcf85d

loc_fffcf9a0:  ; not directly referenced
test byte [ebp - 0x5c], dl
mov ebx, dword [ebp - 0x6c]
sete dl
movzx edx, dl
cmp word [ebp - 0x64], bx
jne short loc_fffcf9f5  ; jne 0xfffcf9f5
test edx, edx
je short loc_fffcf9d3  ; je 0xfffcf9d3
mov dword [ebp + ecx*4 - 0x20], eax
mov dword [ebp + ecx*4 - 0x28], eax
mov dword [ebp + ecx*4 - 0x30], eax
mov dword [ebp + ecx*4 - 0x38], eax
mov dword [ebp + ecx*4 - 0x40], eax
mov dword [ebp + ecx*4 - 0x48], eax
jmp near loc_fffcf884  ; jmp 0xfffcf884

loc_fffcf9d3:  ; not directly referenced
mov edx, eax
sub edx, dword [ebp - 0x70]
mov dword [ebp + ecx*4 - 0x20], edx
mov dword [ebp + ecx*4 - 0x28], edx
mov dword [ebp + ecx*4 - 0x30], edx
mov dword [ebp + ecx*4 - 0x38], edx
mov dword [ebp + ecx*4 - 0x40], edx
mov dword [ebp + ecx*4 - 0x48], edx
jmp near loc_fffcf884  ; jmp 0xfffcf884

loc_fffcf9f5:  ; not directly referenced
test edx, edx
je loc_fffcf884  ; je 0xfffcf884
mov ebx, dword [ebp - 0x80]
cmp dword [ebp + ecx*4 - 0x40], ebx
jne short loc_fffcfa0a  ; jne 0xfffcfa0a
mov dword [ebp + ecx*4 - 0x40], esi

loc_fffcfa0a:  ; not directly referenced
mov ebx, dword [ebp - 0x80]
cmp dword [ebp + ecx*4 - 0x30], ebx
mov dword [ebp + ecx*4 - 0x30], esi
je short loc_fffcfa1b  ; je 0xfffcfa1b
mov dword [ebp + ecx*4 - 0x38], esi

loc_fffcfa1b:  ; not directly referenced
cmp esi, dword [ebp - 0x94]
jl short loc_fffcfa41  ; jl 0xfffcfa41
cmp dword [ebp + ecx*4 - 0x48], eax
jne short loc_fffcfa41  ; jne 0xfffcfa41
cmp byte [ebp - 0x8a], 0
je short loc_fffcfa41  ; je 0xfffcfa41
mov edx, dword [ebp + ecx*4 - 0x40]
sub edx, eax
add edx, dword [ebp - 0x70]
add edx, esi
mov dword [ebp + ecx*4 - 0x30], edx

loc_fffcfa41:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x30]
mov ebx, dword [ebp + ecx*4 - 0x38]
mov dword [ebp - 0x84], edx
sub edx, ebx
mov dword [ebp - 0x90], edx
mov edx, dword [ebp + ecx*4 - 0x20]
sub edx, dword [ebp + ecx*4 - 0x28]
cmp dword [ebp - 0x90], edx
jle loc_fffcf884  ; jle 0xfffcf884
mov dword [ebp + ecx*4 - 0x28], ebx
mov ebx, dword [ebp - 0x84]
mov dword [ebp + ecx*4 - 0x20], ebx
jmp near loc_fffcf884  ; jmp 0xfffcf884

loc_fffcfa7e:  ; not directly referenced
movzx eax, byte [ebp - 0x60]
mov ecx, 2
xor ebx, ebx
mov esi, dword [ebp - 0x5c]
lea eax, [eax + eax*2]
mov dword [ebp - 0x7c], eax
movsx eax, byte [ebp - 0x78]
add esi, eax
mov dword [ebp - 0x78], eax
mov eax, esi
cdq
idiv ecx
mov dword [ebp - 0x70], eax
movzx eax, byte [ebp - 0x68]
mov dword [ebp - 0x68], eax
movzx eax, byte [ebp - 0x74]
mov dword [ebp - 0x74], eax

loc_fffcfab1:  ; not directly referenced
mov eax, dword [ebp - 0x68]
bt eax, ebx
jb short loc_fffcfac5  ; jb 0xfffcfac5

loc_fffcfab9:  ; not directly referenced
inc ebx
cmp ebx, 2
je loc_fffcfb9c  ; je 0xfffcfb9c
jmp short loc_fffcfab1  ; jmp 0xfffcfab1

loc_fffcfac5:  ; not directly referenced
mov esi, dword [ebp + ebx*4 - 0x20]
mov eax, dword [ebp + ebx*4 - 0x28]
mov ecx, esi
mov dword [ebp - 0x60], eax
sub ecx, eax
cmp ecx, dword [ebp - 0x7c]
jl short loc_fffcfae3  ; jl 0xfffcfae3
mov edx, dword [ebp - 0x5c]
sub edx, dword [ebp - 0x78]
cmp ecx, edx
jl short loc_fffcfafa  ; jl 0xfffcfafa

loc_fffcfae3:  ; not directly referenced
cmp byte [edi + 0x1965], 0
je short loc_fffcfb09  ; je 0xfffcfb09
cmp dword [edi + 0x188b], 1
jne short loc_fffcfb09  ; jne 0xfffcfb09
jmp near loc_fffcfc4a  ; jmp 0xfffcfc4a

loc_fffcfafa:  ; not directly referenced
mov eax, dword [ebp - 0x60]
mov ecx, 2
add eax, esi
cdq
idiv ecx
jmp short loc_fffcfb0c  ; jmp 0xfffcfb0c

loc_fffcfb09:  ; not directly referenced
mov eax, dword [ebp - 0x70]

loc_fffcfb0c:  ; not directly referenced
imul edx, ebx, 0x13c3
mov cl, byte [ebp - 0x6a]
and cl, byte [edi + edx + 0x381b]
cmp dword [ebp + 0x20], 0
mov byte [ebp - 0x64], cl
jne short loc_fffcfb48  ; jne 0xfffcfb48
mov dl, byte [ebp - 0x69]
cmp dl, 6
je short loc_fffcfb48  ; je 0xfffcfb48
sub esp, 4
push 1
push eax
movzx eax, cl
push dword [ebp - 0x74]
push eax
movzx eax, dl
push eax
push ebx
push edi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20

loc_fffcfb48:  ; not directly referenced
mov edx, dword [ebp - 0x60]
movzx ecx, byte [ebp - 0x64]
mov eax, edx
sar eax, 0x1f
xor edx, eax
sub edx, eax
imul eax, edx, 0xa
imul edx, ebx, 0x48
mov dword [ebp - 0x64], ecx
mov dword [ebp - 0x60], eax
mov eax, esi
sar eax, 0x1f
add edx, edi
xor esi, eax
sub esi, eax
xor eax, eax
imul esi, esi, 0xa

loc_fffcfb74:  ; not directly referenced
mov ecx, dword [ebp - 0x64]
bt ecx, eax
jae short loc_fffcfb8b  ; jae 0xfffcfb8b
mov ecx, dword [ebp - 0x60]
mov dword [edx + 0x3215], esi
mov dword [edx + 0x3211], ecx

loc_fffcfb8b:  ; not directly referenced
inc eax
add edx, 0x90
cmp eax, 4
jne short loc_fffcfb74  ; jne 0xfffcfb74
jmp near loc_fffcfab9  ; jmp 0xfffcfab9

loc_fffcfb9c:  ; not directly referenced
cmp dword [ebp + 0x24], 0
jne short loc_fffcfbb9  ; jne 0xfffcfbb9
push 0
push 0
push 0
push 0
push 0
push 0
push 2
push edi
call fcn_fffcce33  ; call 0xfffcce33
add esp, 0x20

loc_fffcfbb9:  ; not directly referenced
cmp byte [ebp - 0x88], 6
je short loc_fffcfbd0  ; je 0xfffcfbd0

loc_fffcfbc2:  ; not directly referenced
sub esp, 0xc
push edi
call fcn_fffc9f5d  ; call 0xfffc9f5d
add esp, 0x10
jmp short loc_fffcfc4f  ; jmp 0xfffcfc4f

loc_fffcfbd0:  ; not directly referenced
xor ebx, ebx

loc_fffcfbd2:  ; not directly referenced
mov eax, dword [ebp - 0x68]
bt eax, ebx
jb short loc_fffcfbe2  ; jb 0xfffcfbe2

loc_fffcfbda:  ; not directly referenced
inc ebx
cmp ebx, 2
je short loc_fffcfbc2  ; je 0xfffcfbc2
jmp short loc_fffcfbd2  ; jmp 0xfffcfbd2

loc_fffcfbe2:  ; not directly referenced
imul eax, ebx, 0x13c3
mov dl, byte [ebp - 0x6a]
and dl, byte [edi + eax + 0x381b]
xor eax, eax
cmp dword [ebp + 0x20], 0
movzx esi, dl
mov edx, ebx
sete al
mov ecx, esi
push eax
mov eax, edi
push 0
push 0
push 0
call fcn_fffac68e  ; call 0xfffac68e
imul eax, ebx, 0x48
add esp, 0x10
xor edx, edx
add eax, edi

loc_fffcfc1a:  ; not directly referenced
bt esi, edx
jae short loc_fffcfc3d  ; jae 0xfffcfc3d
mov ecx, dword [eax + 0x3211]
mov dword [ebp - 0x5c], ecx
mov ecx, dword [eax + 0x3215]
mov dword [eax + 0x3211], ecx
mov ecx, dword [ebp - 0x5c]
mov dword [eax + 0x3215], ecx

loc_fffcfc3d:  ; not directly referenced
inc edx
add eax, 0x90
cmp edx, 4
jne short loc_fffcfc1a  ; jne 0xfffcfc1a
jmp short loc_fffcfbda  ; jmp 0xfffcfbda

loc_fffcfc4a:  ; not directly referenced
mov eax, 0xc

loc_fffcfc4f:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcfc57:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x40
mov edi, dword [ebp + 8]
mov dword [ebp - 0x2c], eax
mov dword [ebp - 0x44], ecx
mov byte [ebp - 0x3d], cl
mov esi, edi
mov ebx, esi
mov esi, eax
mov byte [ebp - 0x3e], bl
mov ebx, dword [eax + 0x2444]
lea eax, [ebp - 0x24]
push 0
push 2
push eax
mov dword [ebp - 0x3c], edx
mov dword [ebp - 0x38], edi
mov edi, dword [ebp + 0xc]
mov byte [ebp - 0x1a], 0xf8
mov byte [ebp - 0x19], 8
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 2
lea eax, [ebp - 0x22]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0x10
cmp byte [ebp - 0x3c], 0
setne cl
cmp dword [esi + 0x2481], 3
mov byte [ebp - 0x30], cl
sete al
test cl, al
je short loc_fffcfcf7  ; je 0xfffcfcf7
mov al, byte [edi]
xor ecx, ecx
lea edx, [eax - 0x20]
cmp al, 0x21
cmovb edx, ecx
cmp al, 0x5e
lea ebx, [eax + 0x20]
mov al, byte [edi + 1]
mov byte [ebp - 0x1e], dl
mov dl, 0x7f
cmova ebx, edx
mov byte [ebp - 0x1c], bl
cmp al, 0x21
lea ebx, [eax - 0x20]
cmovae ecx, ebx
cmp al, 0x5e
mov byte [ebp - 0x1d], cl
lea ecx, [eax + 0x20]
cmovbe edx, ecx
mov byte [ebp - 0x1b], dl
jmp short loc_fffcfd14  ; jmp 0xfffcfd14

loc_fffcfcf7:  ; not directly referenced
push eax
push 0
push 2
lea eax, [ebp - 0x1e]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0x7f
push 2
lea eax, [ebp - 0x1c]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0x10

loc_fffcfd14:  ; not directly referenced
test edi, edi
mov eax, 1
sete dl
test byte [ebp - 0x30], dl
jne loc_fffcff6b  ; jne 0xfffcff6b
movzx esi, byte [ebp - 0x3d]
xor ebx, ebx
mov byte [ebp - 0x34], 0

loc_fffcfd31:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
mov ecx, esi
mov edx, ebx
call fcn_fffad317  ; call 0xfffad317
or byte [ebp - 0x34], al
cmp byte [ebp - 0x30], 0
je short loc_fffcfd4d  ; je 0xfffcfd4d
mov al, byte [edi + ebx]
mov byte [ebp + ebx - 0x20], al

loc_fffcfd4d:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffcfd31  ; jne 0xfffcfd31
cmp byte [ebp - 0x3c], 0
jne loc_fffcfe70  ; jne 0xfffcfe70
mov eax, dword [ebp - 0x2c]
cmp dword [eax + 0x188b], 0
je short loc_fffcfd73  ; je 0xfffcfd73
mov al, byte [ebp - 0x44]
and eax, 5
cmp al, 5
je short loc_fffcfda3  ; je 0xfffcfda3

loc_fffcfd73:  ; not directly referenced
push 0
movzx ecx, byte [ebp - 0x34]
xor edx, edx
push 0
lea eax, [ebp - 0x1a]
push eax
movzx eax, byte [ebp - 0x1c]
push 1
push eax
movsx eax, byte [ebp - 0x1e]
push eax
movzx eax, byte [ebp - 0x38]
push eax
mov eax, dword [ebp - 0x2c]
push esi
call fcn_fffcf65b  ; call 0xfffcf65b
add esp, 0x20
jmp near loc_fffcff6b  ; jmp 0xfffcff6b

loc_fffcfda3:  ; not directly referenced
movzx edi, byte [ebp - 0x3e]
xor eax, eax
mov dword [ebp - 0x30], 0
mov dword [ebp - 0x38], edi

loc_fffcfdb3:  ; not directly referenced
mov cl, byte [ebp - 0x30]
mov ebx, 3
xor esi, esi
mov edi, dword [ebp - 0x2c]
shl ebx, cl
mov byte [ebp - 0x34], bl
add edi, 0x3757

loc_fffcfdcb:  ; not directly referenced
cmp dword [edi], 2
jne short loc_fffcfe05  ; jne 0xfffcfe05
cmp byte [ebp - 0x34], 3
mov ecx, 0x40
mov dword [ebp - 0x3c], eax
mov edx, 0xffffffc0
push eax
push 1
cmove edx, ecx
push edx
push 1
mov dl, byte [edi + 0xc4]
and edx, 0xc
push edx
push 0
push esi
push dword [ebp - 0x2c]
call fcn_fffabc7a  ; call 0xfffabc7a
mov eax, dword [ebp - 0x3c]
add esp, 0x20

loc_fffcfe05:  ; not directly referenced
inc esi
add edi, 0x13c3
cmp esi, 2
jne short loc_fffcfdcb  ; jne 0xfffcfdcb
test byte [ebp - 0x3d], bl
je short loc_fffcfe5d  ; je 0xfffcfe5d
mov edi, dword [ebp - 0x2c]
mov ecx, ebx
xor edx, edx
mov eax, edi
call fcn_fffad317  ; call 0xfffad317
mov ecx, ebx
mov edx, 1
mov esi, eax
mov eax, edi
call fcn_fffad317  ; call 0xfffad317
xor edx, edx
push 0
push 0
or eax, esi
movzx ecx, al
lea eax, [ebp - 0x1a]
push eax
movzx eax, byte [ebp - 0x1c]
push 1
push eax
movsx eax, byte [ebp - 0x1e]
push eax
mov eax, edi
push dword [ebp - 0x38]
push ebx
call fcn_fffcf65b  ; call 0xfffcf65b
add esp, 0x20

loc_fffcfe5d:  ; not directly referenced
add dword [ebp - 0x30], 2
cmp dword [ebp - 0x30], 4
je loc_fffcff6b  ; je 0xfffcff6b
jmp near loc_fffcfdb3  ; jmp 0xfffcfdb3

loc_fffcfe70:  ; not directly referenced
movzx eax, byte [ebp - 0x38]
push ebx
push ebx
lea ebx, [ebp - 0x1a]
mov edx, eax
mov dword [ebp - 0x30], eax
movzx eax, byte [ebp - 0x34]
push ebx
push 0
lea ebx, [ebp - 0x20]
mov ecx, eax
mov dword [ebp - 0x38], eax
movzx eax, byte [ebp - 0x3c]
push ebx
mov dword [ebp - 0x3c], eax
lea eax, [ebp - 0x1e]
push eax
mov eax, dword [ebp - 0x2c]
push edx
mov edx, dword [ebp - 0x3c]
push esi
call fcn_fffcf1b3  ; call 0xfffcf1b3
mov al, byte [ebp - 0x20]
add esp, 0x18
lea edx, [ebp - 0x1a]
mov ecx, dword [ebp - 0x38]
mov byte [ebp - 0x24], al
mov al, byte [ebp - 0x1f]
mov byte [ebp - 0x23], al
mov al, byte [edi]
mov byte [ebp - 0x20], al
mov al, byte [edi + 1]
push edx
mov edx, dword [ebp - 0x3c]
push 1
mov byte [ebp - 0x1f], al
lea eax, [ebp - 0x1c]
push eax
mov eax, dword [ebp - 0x2c]
push ebx
push dword [ebp - 0x30]
push esi
xor esi, esi
call fcn_fffcf1b3  ; call 0xfffcf1b3
mov al, byte [ebp - 0x20]
add esp, 0x20
mov dword [ebp - 0x34], 0
mov byte [ebp - 0x22], al
mov al, byte [ebp - 0x1f]
mov byte [ebp - 0x21], al

loc_fffcfef5:  ; not directly referenced
mov eax, dword [ebp - 0x38]
bt eax, esi
jae short loc_fffcff62  ; jae 0xfffcff62
mov ebx, dword [ebp - 0x2c]
imul eax, esi, 0x13c3
mov cl, byte [ebp - 0x3d]
movzx edx, byte [ebp + esi - 0x22]
and cl, byte [ebx + eax + 0x381b]
mov bl, dl
mov byte [ebp - 0x44], cl
movzx ecx, byte [ebp + esi - 0x24]
sub ebx, ecx
cmp dl, 0x7f
jne short loc_fffcff2f  ; jne 0xfffcff2f
test cl, cl
jne short loc_fffcff2f  ; jne 0xfffcff2f
mov al, byte [edi + esi]
jmp short loc_fffcff44  ; jmp 0xfffcff44

loc_fffcff2f:  ; not directly referenced
lea eax, [ecx + edx + 1]
mov edx, 0xc
shr eax, 1
cmp bl, 0x11
cmova edx, dword [ebp - 0x34]
mov dword [ebp - 0x34], edx

loc_fffcff44:  ; not directly referenced
push edx
movzx eax, al
push 1
push eax
movzx eax, byte [ebp - 0x44]
push dword [ebp - 0x30]
push eax
push dword [ebp - 0x3c]
push esi
push dword [ebp - 0x2c]
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20

loc_fffcff62:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffcfef5  ; jne 0xfffcfef5
mov eax, dword [ebp - 0x34]

loc_fffcff6b:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcff73:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, edx
push esi
mov esi, eax
push ebx
xor ebx, ebx
sub esp, 0x1c
mov byte [ebp - 0x19], cl
movzx ecx, byte [ebp + 8]

loc_fffcff89:  ; not directly referenced
bt edi, ebx
jae short loc_fffcffbc  ; jae 0xfffcffbc
imul eax, ebx, 0x13c3
mov dl, byte [ebp - 0x19]
and dl, byte [esi + eax + 0x381b]
movzx eax, dl
je short loc_fffcffbc  ; je 0xfffcffbc
push edx
push 0
push ecx
push 3
push eax
push 0
push ebx
push esi
mov dword [ebp - 0x20], ecx
call fcn_fffabc7a  ; call 0xfffabc7a
mov ecx, dword [ebp - 0x20]
add esp, 0x20

loc_fffcffbc:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffcff89  ; jne 0xfffcff89
mov dword [ebp + 8], esi
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
jmp near fcn_fffc9f5d  ; jmp 0xfffc9f5d

fcn_fffcffd1:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, eax
sub esp, 0x3c
mov edi, dword [ebp + 0xc]
mov eax, dword [ebp + 8]
mov dword [ebp - 0x2c], ecx
mov esi, dword [ebx + 0x2444]
mov dword [ebp - 0x30], edx
mov edx, dword [ebp + 0x18]
mov ecx, edi
inc cl
mov dword [ebp - 0x3c], eax
mov eax, dword [ebp + 0x14]
je short loc_fffd000e  ; je 0xfffd000e
movsx cx, dl
movzx edx, dl
mov word [ebp - 0x34], cx
neg word [ebp - 0x34]
jmp short loc_fffd0019  ; jmp 0xfffd0019

loc_fffd000e:  ; not directly referenced
mov edx, 0x20
mov word [ebp - 0x34], 0xffe0

loc_fffd0019:  ; not directly referenced
push ecx
movzx eax, al
push 0
inc eax
lea ecx, [ebp - 0x1c]
push 2
push ecx
mov dword [ebp - 0x44], edx
mov dword [ebp - 0x40], ecx
mov word [ebp - 0x36], ax
call dword [esi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 2
lea eax, [ebp - 0x1a]
push eax
call dword [esi + 0x5c]  ; ucall
movzx ecx, byte [ebp - 0x2c]
add esp, 0xc
movzx edx, byte [ebp - 0x30]
mov eax, edi
push dword [ebp + 0x1c]
movzx edi, al
movzx eax, word [ebp - 0x36]
mov dword [ebp - 0x2c], ecx
mov ecx, dword [ebp - 0x40]
mov dword [ebp - 0x30], edx
mov edx, dword [ebp - 0x44]
movzx esi, byte [ebp - 0x3c]
push ecx
mov ecx, dword [ebp - 0x2c]
push eax
movsx edx, dx
push edx
mov edx, dword [ebp - 0x30]
mov eax, ebx
push dword [ebp + 0x10]
push edi
push esi
call fcn_fffcf513  ; call 0xfffcf513
add esp, 0x20
cmp dword [ebp + 0x1c], 0
je short loc_fffd00c5  ; je 0xfffd00c5
xor eax, eax

loc_fffd008b:  ; not directly referenced
mov ecx, dword [ebp - 0x2c]
bt ecx, eax
jae short loc_fffd00b3  ; jae 0xfffd00b3
mov ecx, dword [ebp + 0x10]
push edx
push 0
movzx edx, byte [ecx + eax]
mov dword [ebp - 0x3c], eax
push edx
push edi
push esi
push dword [ebp - 0x30]
push eax
push ebx
call fcn_fffabc7a  ; call 0xfffabc7a
mov eax, dword [ebp - 0x3c]
add esp, 0x20

loc_fffd00b3:  ; not directly referenced
inc eax
cmp eax, 2
jne short loc_fffd008b  ; jne 0xfffd008b
sub esp, 0xc
push ebx
call fcn_fffc9f5d  ; call 0xfffc9f5d
add esp, 0x10

loc_fffd00c5:  ; not directly referenced
push ecx
mov edx, dword [ebp - 0x30]
push dword [ebp + 0x1c]
lea eax, [ebp - 0x1a]
mov ecx, dword [ebp - 0x2c]
push eax
mov ax, word [ebp - 0x36]
neg eax
cwde
push eax
movsx eax, word [ebp - 0x34]
push eax
mov eax, ebx
push dword [ebp + 0x10]
push edi
push esi
call fcn_fffcf513  ; call 0xfffcf513
add esp, 0x20
cmp dword [ebp + 0x1c], 0
je short loc_fffd0131  ; je 0xfffd0131
xor eax, eax

loc_fffd00f7:  ; not directly referenced
mov ecx, dword [ebp - 0x2c]
bt ecx, eax
jae short loc_fffd011f  ; jae 0xfffd011f
push edx
mov edx, dword [ebp + 0x10]
push 0
mov dword [ebp - 0x34], eax
movzx edx, byte [edx + eax]
push edx
push edi
push esi
push dword [ebp - 0x30]
push eax
push ebx
call fcn_fffabc7a  ; call 0xfffabc7a
mov eax, dword [ebp - 0x34]
add esp, 0x20

loc_fffd011f:  ; not directly referenced
inc eax
cmp eax, 2
jne short loc_fffd00f7  ; jne 0xfffd00f7
sub esp, 0xc
push ebx
call fcn_fffc9f5d  ; call 0xfffc9f5d
add esp, 0x10

loc_fffd0131:  ; not directly referenced
xor eax, eax

loc_fffd0133:  ; not directly referenced
mov edi, dword [ebp - 0x2c]
bt edi, eax
jb short loc_fffd014c  ; jb 0xfffd014c

loc_fffd013b:  ; not directly referenced
inc eax
add ebx, 0x48
cmp eax, 2
jne short loc_fffd0133  ; jne 0xfffd0133
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

loc_fffd014c:  ; not directly referenced
mov ecx, ebx
xor edx, edx

loc_fffd0150:  ; not directly referenced
bt esi, edx
jae short loc_fffd0171  ; jae 0xfffd0171
movzx edi, byte [ebp + eax - 0x1a]
imul edi, edi, 0xa
mov dword [ecx + 0x3211], edi
movzx edi, byte [ebp + eax - 0x1c]
imul edi, edi, 0xa
mov dword [ecx + 0x3215], edi

loc_fffd0171:  ; not directly referenced
inc edx
add ecx, 0x90
cmp edx, 4
jne short loc_fffd0150  ; jne 0xfffd0150
jmp short loc_fffd013b  ; jmp 0xfffd013b

fcn_fffd017f:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0xfc
mov esi, dword [ebp + 8]
mov dword [ebp - 0xd4], 0
mov eax, dword [esi + 0x2444]
mov dword [ebp - 0xd8], eax
mov eax, dword [esi + 0x5edd]
mov dword [ebp - 0xdc], eax
lea eax, [esi + 0x2491]
mov dword [ebp - 0xe0], eax
mov eax, dword [esi + 0x188b]
mov dword [ebp - 0xe4], eax
mov al, byte [esi + 0x2441]
mov byte [ebp - 0xf9], al
test byte [esi + 0x2405], 0x20
je short loc_fffd01ef  ; je 0xfffd01ef
xor eax, eax
cmp dword [ebp - 0xe4], 1
sete al
mov dword [ebp - 0xd4], eax

loc_fffd01ef:  ; not directly referenced
cmp dword [esi + 0x2481], 3
mov edi, dword [ebp - 0xd8]
push ebx
sete al
push 0
push 0x10
lea ebx, [ebp - 0xa8]
mov byte [ebp - 0xfa], al
movzx eax, al
mov dword [ebp - 0xd0], eax
mov eax, edi
push ebx
call dword [eax + 0x5c]  ; ucall
add esp, 0xc
push 0
push 2
lea eax, [ebp - 0xb0]
push eax
mov eax, edi
call dword [eax + 0x5c]  ; ucall
add esp, 0xc
mov eax, edi
push 0xff
lea edx, [ebp - 0x98]
push 0x80
push edx
mov dword [ebp - 0xbc], edx
call dword [eax + 0x5c]  ; ucall
add esp, 0x10
mov edx, dword [ebp - 0xbc]
cmp dword [ebp - 0xd0], 1
mov byte [ebp - 0xad], 0
mov byte [ebp - 0xae], 0
sbb eax, eax
and eax, 7
add eax, 0xa
cmp dword [ebp - 0xd4], 1
movzx eax, al
mov byte [esi + 0x2443], 0
mov dword [ebp - 0xf8], edx
sbb edi, edi
mov dword [ebp - 0xcc], edi
mov edi, esi
and dword [ebp - 0xcc], 0xfffffff8
add dword [ebp - 0xcc], 0xd
mov dword [ebp - 0xec], edx
mov dword [ebp - 0xc8], 0
mov dword [ebp - 0xc0], 0
mov dword [ebp - 0xf4], ebx
mov dword [ebp - 0x100], eax

loc_fffd02cc:  ; not directly referenced
mov eax, dword [ebp - 0xdc]
xor ebx, ebx
mov cl, byte [ebp - 0xc8]
mov dword [ebp - 0xc4], 1
shl dword [ebp - 0xc4], cl
add eax, 0x70
mov dword [ebp - 0xf0], eax
mov byte [ebp - 0xe8], 0

loc_fffd02fa:  ; not directly referenced
mov ecx, dword [ebp - 0xc4]
mov edx, ebx
mov eax, esi
call fcn_fffad317  ; call 0xfffad317
or byte [ebp - 0xe8], al
movzx eax, byte [ebp - 0xe8]
bt eax, ebx
mov dword [ebp - 0xbc], eax
jae short loc_fffd033e  ; jae 0xfffd033e
push ecx
push 0
movzx eax, byte [esi + 0x2489]
push eax
mov eax, dword [ebp - 0xd8]
push dword [ebp - 0xf0]
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffd033e:  ; not directly referenced
inc ebx
add dword [ebp - 0xf0], 0xcc
cmp ebx, 2
jne short loc_fffd02fa  ; jne 0xfffd02fa
cmp byte [ebp - 0xe8], 0
je loc_fffd065c  ; je 0xfffd065c
mov edx, dword [ebp - 0xbc]
sub esp, 0xc
mov ecx, 0x11
push 0
mov eax, esi
mov bl, 1
call fcn_fffae9e2  ; call 0xfffae9e2
add esp, 0x10

loc_fffd0377:  ; not directly referenced
cmp ebx, 3
je short loc_fffd03d7  ; je 0xfffd03d7
cmp ebx, 1
jne short loc_fffd038a  ; jne 0xfffd038a
mov byte [esi + 0x248c], 9
jmp short loc_fffd0396  ; jmp 0xfffd0396

loc_fffd038a:  ; not directly referenced
cmp ebx, 4
jne short loc_fffd0396  ; jne 0xfffd0396
mov byte [esi + 0x248c], 0

loc_fffd0396:  ; not directly referenced
lea eax, [ebx - 4]
mov ecx, dword [ebp - 0xbc]
push edx
cmp eax, 2
push edx
sbb eax, eax
mov edx, dword [ebp - 0xe0]
push 0
and eax, 0x17
push dword [ebp - 0xf4]
add eax, 0x1f
movzx eax, al
push eax
mov eax, esi
push 1
push ebx
push dword [ebp - 0xc8]
call fcn_fffc66ae  ; call 0xfffc66ae
add esp, 0x20
mov dword [ebp - 0xc0], eax

loc_fffd03d7:  ; not directly referenced
inc ebx
cmp ebx, 6
jne short loc_fffd0377  ; jne 0xfffd0377
cmp dword [ebp - 0xd4], 0
je loc_fffd065c  ; je 0xfffd065c
push eax
mov ecx, dword [ebp - 0x100]
push eax
mov edx, dword [ebp - 0xbc]
mov eax, esi
push dword [ebp - 0xc4]
push 0
call fcn_fffaea71  ; call 0xfffaea71
add esp, 0x10
cmp dword [ebp - 0xd0], 0
je short loc_fffd043f  ; je 0xfffd043f
push eax
mov ecx, dword [ebp - 0xbc]
xor edx, edx
push 0
push 0
push 0x20
push 0
lea eax, [ebp - 0xae]
push eax
mov eax, esi
push 0xff
push dword [ebp - 0xc4]
call fcn_fffcffd1  ; call 0xfffcffd1
jmp short loc_fffd048f  ; jmp 0xfffd048f

loc_fffd043f:  ; not directly referenced
push 1
mov ecx, dword [ebp - 0xbc]
xor edx, edx
push 1
lea eax, [ebp - 0xb0]
push eax
mov eax, esi
push 1
push 0x40
push 0xffffffffffffffc0
push 3
push 0xff
call fcn_fffcf65b  ; call 0xfffcf65b
mov ebx, dword [ebp - 0xec]
mov eax, dword [edi + 0x3211]
mov dword [ebx], eax
mov eax, dword [edi + 0x3215]
mov dword [ebx + 4], eax
mov eax, dword [edi + 0x3259]
mov dword [ebx + 0x10], eax
mov eax, dword [edi + 0x325d]
mov dword [ebx + 0x14], eax

loc_fffd048f:  ; not directly referenced
add esp, 0x20
cmp byte [ebp - 0xf9], 0
je short loc_fffd0512  ; je 0xfffd0512

loc_fffd049b:  ; not directly referenced
push ecx
push 0
push 0
push 3
push 0xff
push 0
push 0
push esi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x1c
push 0
push 0
push 3
push 0xff
push 0
push 1
push esi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x14
push esi
call fcn_fffc9f5d  ; call 0xfffc9f5d
mov ecx, dword [ebp - 0xbc]
pop ebx
pop eax
mov eax, esi
mov edx, dword [ebp - 0xe0]
push 0
push dword [ebp - 0xf4]
push 0x36
push 0
push 0xd
push dword [ebp - 0xc8]
call fcn_fffc66ae  ; call 0xfffc66ae
add esp, 0x14
push esi
call fcn_fffc9f5d  ; call 0xfffc9f5d
add esp, 0x10
mov dword [ebp - 0xc0], eax
jmp near loc_fffd065c  ; jmp 0xfffd065c

loc_fffd0512:  ; not directly referenced
xor ebx, ebx

loc_fffd0514:  ; not directly referenced
imul eax, ebx, 0x13c3
cmp dword [esi + eax + 0x3757], 2
jne short loc_fffd0568  ; jne 0xfffd0568
push edx
push 0
push 0
push 3
push 0xff
push 0
push ebx
push esi
call fcn_fffabc7a  ; call 0xfffabc7a
mov ecx, dword [ebp - 0xdc]
imul eax, ebx, 0xcc
add esp, 0x20
mov edx, ebx
push 0
push 1
movzx eax, byte [ecx + eax + 0xe2]
mov ecx, 0xff
push eax
mov eax, esi
push 1
call fcn_fffac68e  ; call 0xfffac68e
add esp, 0x10

loc_fffd0568:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffd0514  ; jne 0xfffd0514
sub esp, 0xc
push esi
call fcn_fffc9f5d  ; call 0xfffc9f5d
add esp, 0x10
cmp dword [ebp - 0xd0], 0
je short loc_fffd05b0  ; je 0xfffd05b0
mov ecx, dword [ebp - 0xc4]
mov eax, esi
mov edx, dword [ebp - 0xbc]
call fcn_fffcb062  ; call 0xfffcb062

loc_fffd0596:  ; not directly referenced
mov eax, dword [ebp - 0xec]
mov ebx, edi
mov dword [ebp - 0xc0], 0
mov dword [ebp - 0xc4], eax
jmp short loc_fffd05fc  ; jmp 0xfffd05fc

loc_fffd05b0:  ; not directly referenced
push 1
mov ecx, dword [ebp - 0xbc]
mov edx, 6
push 1
lea eax, [ebp - 0xb0]
push eax
mov eax, esi
push 0
push 0x40
push 0xffffffffffffffc0
push 3
push 0xff
call fcn_fffcf65b  ; call 0xfffcf65b
add esp, 0x20
jmp short loc_fffd0596  ; jmp 0xfffd0596

loc_fffd05df:  ; not directly referenced
inc dword [ebp - 0xc0]
add ebx, 0x48
add dword [ebp - 0xc4], 0x10
cmp dword [ebp - 0xc0], 2
je loc_fffd049b  ; je 0xfffd049b

loc_fffd05fc:  ; not directly referenced
imul eax, dword [ebp - 0xc0], 0x13c3
cmp dword [esi + eax + 0x3757], 2
jne short loc_fffd05df  ; jne 0xfffd05df
mov eax, dword [ebx + 0x3211]
mov edx, dword [ebp - 0xc4]
mov ecx, dword [ebp - 0xdc]
mov dword [edx + 8], eax
mov eax, dword [ebx + 0x3215]
mov dword [edx + 0xc], eax
mov edx, dword [ebp - 0xc0]
push 0
push 1
imul eax, edx, 0xcc
movzx eax, byte [ecx + eax + 0xe2]
mov ecx, 0xff
neg eax
push eax
mov eax, esi
push 1
call fcn_fffac68e  ; call 0xfffac68e
add esp, 0x10
jmp short loc_fffd05df  ; jmp 0xfffd05df

loc_fffd065c:  ; not directly referenced
inc dword [ebp - 0xc8]
add edi, 0x90
add dword [ebp - 0xec], 0x20
cmp dword [ebp - 0xc8], 4
jne loc_fffd02cc  ; jne 0xfffd02cc
cmp dword [ebp - 0xd0], 0
jne short loc_fffd06d3  ; jne 0xfffd06d3
mov eax, dword [ebp - 0xf8]
lea edx, [esi + 0x3211]
lea ebx, [ebp - 0x18]

loc_fffd0694:  ; not directly referenced
mov ecx, dword [eax]
cmp dword [eax + 8], ecx
cmovbe ecx, dword [eax + 8]
mov dword [edx], ecx
mov ecx, dword [eax + 4]
cmp dword [eax + 0xc], ecx
cmovbe ecx, dword [eax + 0xc]
mov dword [edx + 4], ecx
mov ecx, dword [eax + 0x18]
cmp dword [eax + 0x10], ecx
cmovbe ecx, dword [eax + 0x10]
mov dword [edx + 0x48], ecx
mov ecx, dword [eax + 0x1c]
cmp dword [eax + 0x14], ecx
cmovbe ecx, dword [eax + 0x14]
add eax, 0x20
add edx, 0x90
mov dword [edx - 0x44], ecx
cmp eax, ebx
jne short loc_fffd0694  ; jne 0xfffd0694

loc_fffd06d3:  ; not directly referenced
mov dword [ebp - 0xd0], 0
xor edi, edi
mov dword [ebp - 0xc8], 0
mov byte [ebp - 0xc4], 0

loc_fffd06f0:  ; not directly referenced
mov byte [ebp - 0xbc], 0

loc_fffd06f7:  ; not directly referenced
mov cl, byte [ebp - 0xc4]
mov eax, 1
movzx edx, byte [ebp - 0xbc]
movzx ebx, cl
shl eax, cl
imul ecx, edx, 0x13c3
test byte [esi + ecx + 0x381b], al
je loc_fffd08b4  ; je 0xfffd08b4
imul ebx, ebx, 0x90
imul edx, edx, 0x48
mov dword [ebp - 0xd4], edi
lea eax, [ebx + edx]
mov ebx, 1
mov dword [ebp - 0xe8], eax

loc_fffd073e:  ; not directly referenced
lea eax, [ebx - 6]
cmp eax, 5
setbe dl
cmp ebx, 3
sete al
or dl, al
jne loc_fffd0891  ; jne 0xfffd0891
mov ecx, 2
mov edx, ebx
movzx edi, byte [ebx + ref_fffd58e0]  ; movzx edi, byte [ebx - 0x2a720]
mov eax, esi
call fcn_fffaab72  ; call 0xfffaab72
mov ecx, 0xa
xor edx, edx
imul edi, edi, 0x240
div cx
mov word [ebp - 0xec], ax
push eax
push 0xffff
push 2
lea eax, [ebp - 0xac]
push eax
mov eax, dword [ebp - 0xd8]
call dword [eax + 0x60]  ; ucall
lea eax, [ebx - 0xc]
add esp, 0x10
add edi, dword [ebp - 0xe0]
xor ecx, ecx
add edi, dword [ebp - 0xe8]
mov dword [ebp - 0xf0], eax
mov dword [ebp - 0xdc], edi

loc_fffd07b9:  ; not directly referenced
mov eax, dword [ebp - 0xdc]
xor edx, edx
mov edi, 0xa
mov eax, dword [eax + ecx*2]
div di
mov dx, word [ecx + ebp - 0xac]
cmp ax, dx
cmovbe edx, eax
mov word [ecx + ebp - 0xac], dx
cmp ax, word [ebp - 0xec]
ja short loc_fffd085f  ; ja 0xfffd085f
cmp ebx, 4
sete dl
cmp ebx, 1
sete al
or dl, al
je short loc_fffd080e  ; je 0xfffd080e
or byte [esi + 0x2443], 1
mov dword [ebp - 0xc8], 1
jmp short loc_fffd082f  ; jmp 0xfffd082f

loc_fffd080e:  ; not directly referenced
cmp ebx, 5
sete dl
cmp ebx, 2
sete al
or dl, al
je short loc_fffd083b  ; je 0xfffd083b
or byte [esi + 0x2443], 2
mov dword [ebp - 0xd4], 1

loc_fffd082f:  ; not directly referenced
mov dword [ebp - 0xc0], 0x1c
jmp short loc_fffd085f  ; jmp 0xfffd085f

loc_fffd083b:  ; not directly referenced
cmp dword [ebp - 0xf0], 1
mov dword [ebp - 0xc0], 0x1c
ja short loc_fffd085f  ; ja 0xfffd085f
or byte [esi + 0x2443], 4
mov dword [ebp - 0xd0], 1

loc_fffd085f:  ; not directly referenced
add ecx, 2
cmp ecx, 4
jne loc_fffd07b9  ; jne 0xfffd07b9
mov eax, dword [ebp - 0xc8]
mov edi, dword [ebp - 0xd4]
dec eax
jne short loc_fffd0891  ; jne 0xfffd0891
cmp edi, 1
jne short loc_fffd0891  ; jne 0xfffd0891
cmp dword [ebp - 0xd0], 1
je short loc_fffd08a6  ; je 0xfffd08a6
cmp dword [ebp - 0xe4], 0
je short loc_fffd08a6  ; je 0xfffd08a6

loc_fffd0891:  ; not directly referenced
inc ebx
cmp ebx, dword [ebp - 0xcc]
jbe loc_fffd073e  ; jbe 0xfffd073e
mov edi, dword [ebp - 0xd4]
jmp short loc_fffd08b4  ; jmp 0xfffd08b4

loc_fffd08a6:  ; not directly referenced
mov byte [ebp - 0xc4], 4
mov byte [ebp - 0xbc], 2

loc_fffd08b4:  ; not directly referenced
inc byte [ebp - 0xbc]
cmp byte [ebp - 0xbc], 1
jbe loc_fffd06f7  ; jbe 0xfffd06f7
inc byte [ebp - 0xc4]
cmp byte [ebp - 0xc4], 3
jbe loc_fffd06f0  ; jbe 0xfffd06f0
cmp dword [ebp - 0xc0], 0x1c
jne loc_fffd0a51  ; jne 0xfffd0a51
mov dl, byte [ebp - 0xfa]
xor edx, 1
cmp dword [ebp - 0xe4], 1
sete al
test dl, al
jne short loc_fffd0908  ; jne 0xfffd0908

loc_fffd08fe:  ; not directly referenced
mov eax, 1
jmp near loc_fffd0998  ; jmp 0xfffd0998

loc_fffd0908:  ; not directly referenced
lea eax, [esi + 0x3757]
mov ebx, 0x4020
mov dword [ebp - 0xc4], eax

loc_fffd0919:  ; not directly referenced
mov eax, dword [ebp - 0xc4]
cmp dword [eax], 2
jne short loc_fffd0961  ; jne 0xfffd0961
mov edx, ebx
mov eax, esi
call fcn_fffb331f  ; call 0xfffb331f
mov edx, ebx
mov dword [ebp - 0xbc], eax
mov eax, esi
or dword [ebp - 0xbc], 0x40000000
mov ecx, dword [ebp - 0xbc]
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, dword [ebp - 0xbc]
mov edx, ebx
mov eax, esi
and ecx, 0xbfffffff
call fcn_fffb3381  ; call 0xfffb3381

loc_fffd0961:  ; not directly referenced
add ebx, 0x400
add dword [ebp - 0xc4], 0x13c3
cmp ebx, 0x4820
jne short loc_fffd0919  ; jne 0xfffd0919
jmp short loc_fffd08fe  ; jmp 0xfffd08fe

loc_fffd097b:  ; not directly referenced
cmp eax, 4
sete cl
cmp eax, 1
sete dl
or cl, dl
je short loc_fffd09a1  ; je 0xfffd09a1

loc_fffd098b:  ; not directly referenced
inc eax
cmp eax, dword [ebp - 0xcc]
ja loc_fffd0a51  ; ja 0xfffd0a51

loc_fffd0998:  ; not directly referenced
cmp dword [ebp - 0xc8], 0
je short loc_fffd097b  ; je 0xfffd097b

loc_fffd09a1:  ; not directly referenced
test edi, edi
jne short loc_fffd09b5  ; jne 0xfffd09b5
cmp eax, 5
sete cl
cmp eax, 2
sete dl
or cl, dl
jne short loc_fffd098b  ; jne 0xfffd098b

loc_fffd09b5:  ; not directly referenced
cmp dword [ebp - 0xd0], 0
jne short loc_fffd09c6  ; jne 0xfffd09c6
lea edx, [eax - 0xc]
cmp edx, 1
jbe short loc_fffd098b  ; jbe 0xfffd098b

loc_fffd09c6:  ; not directly referenced
cmp eax, 3
je short loc_fffd098b  ; je 0xfffd098b
lea edx, [eax - 6]
cmp edx, 5
jbe short loc_fffd098b  ; jbe 0xfffd098b
mov dword [ebp - 0xbc], 0
mov byte [ebp - 0xd4], al

loc_fffd09e3:  ; not directly referenced
mov ecx, dword [esi + 0x5edd]
mov ecx, dword [ecx + 4]
mov dword [ebp - 0xc4], ecx
mov ebx, ecx
xor ecx, ecx

loc_fffd09f6:  ; not directly referenced
mov dl, byte [ebp - 0xd4]
cmp dl, byte [ebx]
jne short loc_fffd0a0d  ; jne 0xfffd0a0d
mov edx, dword [ebp - 0xbc]
movzx ebx, word [ebx + edx*2 + 1]
jmp short loc_fffd0a18  ; jmp 0xfffd0a18

loc_fffd0a0d:  ; not directly referenced
inc ecx
add ebx, 7
cmp ecx, 0xb
jne short loc_fffd09f6  ; jne 0xfffd09f6
xor ebx, ebx

loc_fffd0a18:  ; not directly referenced
add ebx, 0x28
mov edx, 0xffff
imul ecx, ecx, 7
add ecx, dword [ebp - 0xc4]
cmp ebx, 0xffff
cmovg ebx, edx
mov edx, dword [ebp - 0xbc]
inc dword [ebp - 0xbc]
cmp dword [ebp - 0xbc], 2
mov word [ecx + edx*2 + 1], bx
jne short loc_fffd09e3  ; jne 0xfffd09e3
jmp near loc_fffd098b  ; jmp 0xfffd098b

loc_fffd0a51:  ; not directly referenced
mov eax, dword [ebp - 0xc0]
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffd0a5f:  ; not directly referenced
push ebp
mov ecx, 0xa
mov ebp, esp
push edi
push esi
mov esi, ref_fffd623c  ; mov esi, 0xfffd623c
push ebx
sub esp, 0xe100
mov eax, dword [ebp + 8]
lea edi, [ebp - 0xe044]
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
mov byte [ebp - 0xe06e], 6
mov eax, dword [eax + 0x5edd]
mov byte [ebp - 0xe069], 0
mov byte [ebp - 0xe068], 4
mov byte [ebp - 0xe065], 6
mov esi, eax
mov dword [ebp - 0xe0f4], eax
mov eax, dword [ebp + 8]
mov byte [ebp - 0xe064], 0
mov byte [ebp - 0xe063], 4
mov byte [ebp - 0xe056], 1
mov ebx, dword [eax + 0x2444]
movzx eax, byte [eax + 0x2489]
mov byte [ebp - 0xe055], 1
mov byte [ebp - 0xe054], 1
mov byte [ebp - 0xe053], 1
mov dword [ebp - 0xe0e4], eax
mov eax, dword [ebp + 8]
mov byte [ebp - 0xe052], 1
mov byte [ebp - 0xe051], 1
mov byte [ebp - 0xe050], 1
mov edi, dword [eax + 0x1887]
mov eax, dword [eax + 0x188b]
mov byte [ebp - 0xe04f], 1
mov byte [ebp - 0xe04e], 0
mov byte [ebp - 0xe04d], 0
mov byte [ebp - 0xe067], 6
mov byte [ebp - 0xe066], 5
mov dword [ebp - 0xe084], eax
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x2481]
push 0
push 0x50a
mov dword [ebp - 0xe0f8], eax
lea eax, [ebp - 0xdea0]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0xd97e
lea eax, [ebp - 0xd996]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0x19a
lea eax, [ebp - 0xe03a]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 2
lea eax, [ebp - 0xe06d]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 8
lea eax, [ebp - 0xe04c]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0x10
cmp edi, 0x306d0
sete bl
cmp edi, 0x40650
sete al
or ebx, eax
mov al, bl
xor eax, 1
mov byte [ebp - 0xe0a8], al
mov eax, dword [ebp + 8]
cmp byte [esi + 0x1c5], 1
mov word [ebp - 0xe07a], 0
mov byte [ebp - 0xe0c0], 0
mov al, byte [eax + 0x248f]
sbb esi, esi
mov dword [ebp - 0xe098], esi
mov dword [ebp - 0xe0d8], esi
mov dword [ebp - 0xe0b8], esi
mov byte [ebp - 0xe0c1], al
mov eax, dword [ebp + 8]
and byte [ebp - 0xe0c1], 3
movzx esi, byte [ebp - 0xe0c1]
not byte [ebp - 0xe098]
mov al, byte [eax + 0x248e]
and byte [ebp - 0xe0d8], 0xe
and byte [ebp - 0xe0b8], 0xfc
and byte [ebp - 0xe098], 0x10
add byte [ebp - 0xe0d8], 2
add byte [ebp - 0xe0b8], 6
mov byte [ebp - 0xe0c8], al
mov eax, dword [ebp + 8]
and byte [ebp - 0xe0c8], 0xf
mov dword [ebp - 0xe0bc], 0
lea edx, [eax + 0x39b6]
xor eax, eax
mov dword [ebp - 0xe09c], 0
mov dword [ebp - 0xe080], esi

loc_fffd0c6f:  ; not directly referenced
mov esi, dword [ebp - 0xe080]
bt esi, eax
jae loc_fffd0d47  ; jae 0xfffd0d47
cmp dword [edx - 0x19f], 2
lea ecx, [eax*4]
jne short loc_fffd0ca9  ; jne 0xfffd0ca9
mov esi, 3
shl esi, cl
mov ecx, esi
mov dword [ebp - 0xe09c], 1
or byte [ebp - 0xe0c0], cl
jmp short loc_fffd0cc2  ; jmp 0xfffd0cc2

loc_fffd0ca9:  ; not directly referenced
mov esi, 1
shl esi, cl
mov ecx, esi
or byte [ebp - 0xe0c0], cl
mov dword [ebp - 0xe0bc], 1

loc_fffd0cc2:  ; not directly referenced
mov esi, dword [ebp + 8]
mov cl, byte [ebp - 0xe0c8]
and cl, byte [edx - 0x19b]
mov esi, dword [esi + 0x2481]
mov byte [ebp + eax - 0xe06d], cl
cmp esi, 3
setne cl
add ecx, ecx
cmp dword [ebp - 0xe084], 1
mov byte [ebp + eax*2 - 0xe062], cl
jne short loc_fffd0d13  ; jne 0xfffd0d13
mov cl, byte [edx - 0x12]
and ecx, 0x30
cmp cl, 0x30
mov ecx, 3
cmovne cx, word [ebp - 0xe07a]
mov word [ebp - 0xe07a], cx

loc_fffd0d13:  ; not directly referenced
cmp esi, 3
setne cl
add ecx, ecx
cmp dword [ebp - 0xe084], 1
mov byte [ebp + eax*2 - 0xe061], cl
jne short loc_fffd0d47  ; jne 0xfffd0d47
mov cl, byte [edx]
mov esi, 3
and ecx, 0x30
cmp cl, 0x30
cmovne si, word [ebp - 0xe07a]
mov word [ebp - 0xe07a], si

loc_fffd0d47:  ; not directly referenced
inc eax
add edx, 0x13c3
cmp eax, 2
jne loc_fffd0c6f  ; jne 0xfffd0c6f
mov eax, dword [ebp + 8]
cmp byte [eax + 0x189e], 1
jne short loc_fffd0d93  ; jne 0xfffd0d93
cmp edi, 0x40670
sete al
test byte [ebp - 0xe09c], al
je short loc_fffd0d93  ; je 0xfffd0d93
mov eax, dword [ebp + 8]
mov edi, dword [ebp - 0xe0a8]
test byte [eax + 0x2443], 2
mov al, 2
cmovne edi, eax
mov eax, edi
mov byte [ebp - 0xe0a8], al
jmp short loc_fffd0dba  ; jmp 0xfffd0dba

loc_fffd0d93:  ; not directly referenced
cmp dword [ebp - 0xe09c], 0
jne short loc_fffd0dba  ; jne 0xfffd0dba
test bl, bl
je short loc_fffd0dda  ; je 0xfffd0dda
mov eax, dword [ebp + 8]
test byte [eax + 0x2404], 0x20
lea eax, [ebp - 0xe051]
mov dword [ebp - 0xe0a0], eax
jne short loc_fffd0df5  ; jne 0xfffd0df5
jmp short loc_fffd0de6  ; jmp 0xfffd0de6

loc_fffd0dba:  ; not directly referenced
lea eax, [ebp - 0xe056]
mov edi, 2
mov dword [ebp - 0xe0a0], eax
lea esi, [ebp - 0xe065]
mov byte [ebp - 0xe088], 3
jmp short loc_fffd0e07  ; jmp 0xfffd0e07

loc_fffd0dda:  ; not directly referenced
lea eax, [ebp - 0xe051]
mov dword [ebp - 0xe0a0], eax

loc_fffd0de6:  ; not directly referenced
mov byte [ebp - 0xe088], 1
lea esi, [ebp - 0xe06e]
jmp short loc_fffd0e02  ; jmp 0xfffd0e02

loc_fffd0df5:  ; not directly referenced
mov byte [ebp - 0xe088], 2
lea esi, [ebp - 0xe067]

loc_fffd0e02:  ; not directly referenced
mov edi, 1

loc_fffd0e07:  ; not directly referenced
cmp dword [ebp - 0xe084], 0
je short loc_fffd0e2f  ; je 0xfffd0e2f
mov dx, word [ebp - 0xe07a]
mov ebx, dword [ebp - 0xe084]
mov eax, edx
add eax, 0xc
dec ebx
cmovne eax, edx
mov word [ebp - 0xe07a], ax
jmp short loc_fffd0e38  ; jmp 0xfffd0e38

loc_fffd0e2f:  ; not directly referenced
mov word [ebp - 0xe07a], 0xc

loc_fffd0e38:  ; not directly referenced
mov al, byte [ebp - 0xe098]
mov byte [ebp - 0xe0c2], 0
mov byte [ebp - 0xe098], 0
sub eax, 0x10
mov byte [ebp - 0xe0c3], al
movzx eax, byte [ebp - 0xe0b8]
mov dword [ebp - 0xe104], eax
movzx eax, byte [ebp - 0xe0a8]
mov dword [ebp - 0xe0f0], eax

loc_fffd0e6f:  ; not directly referenced
movsx eax, byte [ebp - 0xe0c2]
cmp eax, dword [ebp - 0xe104]
jge loc_fffd105f  ; jge 0xfffd105f
mov al, byte [ebp - 0xe0a8]
mov byte [ebp - 0xe0a4], al
mov eax, edi
movzx eax, al
add eax, dword [ebp - 0xe0f0]
mov dword [ebp - 0xe0ec], eax

loc_fffd0e9f:  ; not directly referenced
mov dl, byte [ebp - 0xe0a4]
movsx eax, dl
cmp eax, dword [ebp - 0xe0ec]
jge loc_fffd1048  ; jge 0xfffd1048
mov al, dl
add eax, 2
mov byte [ebp - 0xe0c4], al
mov al, dl
dec eax
mov byte [ebp - 0xe0b8], al
movsx eax, word [ebp - 0xe07a]
mov dword [ebp - 0xe0fc], eax
movzx eax, byte [ebp - 0xe088]
mov dword [ebp - 0xe100], eax

loc_fffd0ee2:  ; not directly referenced
movsx eax, byte [ebp - 0xe0b8]
cmp eax, dword [ebp - 0xe0ec]
je loc_fffd1025  ; je 0xfffd1025
cmp eax, dword [ebp - 0xe0f0]
jl loc_fffd1025  ; jl 0xfffd1025
cmp byte [ebp - 0xe0b8], 1
mov dword [ebp - 0xe0e0], 0
sete dl
cmp byte [ebp - 0xe0a4], 1
sete al
or dl, al
je short loc_fffd0f2f  ; je 0xfffd0f2f
mov eax, dword [ebp - 0xe09c]
mov dword [ebp - 0xe0e0], eax

loc_fffd0f2f:  ; not directly referenced
xor ebx, ebx

loc_fffd0f31:  ; not directly referenced
mov eax, dword [ebp - 0xe080]
bt eax, ebx
jb short loc_fffd0f44  ; jb 0xfffd0f44

loc_fffd0f3c:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffd0f31  ; jne 0xfffd0f31
jmp short loc_fffd0fbf  ; jmp 0xfffd0fbf

loc_fffd0f44:  ; not directly referenced
mov al, byte [ebp - 0xe0a4]
mov byte [ebp - 0xe0dc], 0
mov byte [ebp + ebx*2 - 0xe05e], al
mov al, byte [ebp - 0xe0b8]
mov byte [ebp + ebx*2 - 0xe05d], al

loc_fffd0f65:  ; not directly referenced
movzx eax, byte [ebp - 0xe0dc]
mov dword [ebp - 0xe0e8], eax
cmp eax, dword [ebp - 0xe0e4]
jae short loc_fffd0f3c  ; jae 0xfffd0f3c
push 1
mov eax, dword [ebp + 8]
xor ecx, ecx
push 0
mov edx, ebx
push 0
push dword [ebp - 0xe0e8]
call fcn_fffa972b  ; call 0xfffa972b
movzx ecx, byte [ebp + ebx - 0xe06d]
mov edx, ebx
push 1
mov eax, dword [ebp + 8]
push dword [ebp - 0xe0fc]
push 4
push dword [ebp - 0xe0e8]
call fcn_fffa972b  ; call 0xfffa972b
add esp, 0x20
inc byte [ebp - 0xe0dc]
jmp short loc_fffd0f65  ; jmp 0xfffd0f65

loc_fffd0fbf:  ; not directly referenced
cmp byte [ebp - 0xe098], 0x28
ja short loc_fffd1025  ; ja 0xfffd1025
movzx eax, byte [ebp - 0xe098]
sub esp, 0xc
push 0
mov ecx, dword [ebp - 0xe080]
push dword [ebp - 0xe0e0]
push dword [ebp - 0xe100]
imul eax, eax, 0x54e
push esi
lea edx, [ebp + eax - 0xd996]
movsx eax, byte [ebp - 0xe0c3]
push eax
lea eax, [ebp - 0xe062]
push eax
lea eax, [ebp - 0xe05e]
push eax
movzx eax, byte [ebp - 0xe0c8]
push 0
push eax
mov eax, dword [ebp + 8]
call fcn_fffc1b5f  ; call 0xfffc1b5f
add esp, 0x30
inc byte [ebp - 0xe098]

loc_fffd1025:  ; not directly referenced
inc byte [ebp - 0xe0b8]
mov al, byte [ebp - 0xe0c4]
cmp byte [ebp - 0xe0b8], al
jne loc_fffd0ee2  ; jne 0xfffd0ee2
inc byte [ebp - 0xe0a4]
jmp near loc_fffd0e9f  ; jmp 0xfffd0e9f

loc_fffd1048:  ; not directly referenced
mov al, byte [ebp - 0xe0d8]
inc byte [ebp - 0xe0c2]
add byte [ebp - 0xe0c3], al
jmp near loc_fffd0e6f  ; jmp 0xfffd0e6f

loc_fffd105f:  ; not directly referenced
movzx eax, byte [ebp - 0xe0c0]
xor ebx, ebx
mov dword [ebp - 0xe0a4], eax
movzx eax, byte [ebp - 0xe098]
mov dword [ebp - 0xe0a8], eax

loc_fffd107b:  ; not directly referenced
mov eax, dword [ebp - 0xe080]
mov byte [ebp + ebx - 0xe06b], 0
bt eax, ebx
jae loc_fffd11ee  ; jae 0xfffd11ee
mov al, byte [ebp - 0xd467]
mov byte [ebp - 0xe088], 0
mov byte [ebp - 0xe0b8], al

loc_fffd10a5:  ; not directly referenced
mov edi, dword [ebp - 0xe088]
mov al, byte [ebp - 0xe098]
mov edx, edi
cmp dl, al
je short loc_fffd10fa  ; je 0xfffd10fa
movzx ecx, dl
imul esi, ecx, 0x2a7
add ecx, ecx
lea eax, [ebp - 0xd996]
add esi, ebx
add esi, esi
add esi, eax
lea eax, [ebp - 0xe03a]
add ecx, eax
xor eax, eax

loc_fffd10d8:  ; not directly referenced
cmp byte [ebp - 0xe0b8], al
jbe short loc_fffd10f2  ; jbe 0xfffd10f2
imul edi, eax, 0x52
mov dx, word [esi + eax*4 + 0x53a]
inc eax
mov word [ecx + edi], dx
jmp short loc_fffd10d8  ; jmp 0xfffd10d8

loc_fffd10f2:  ; not directly referenced
inc byte [ebp - 0xe088]
jmp short loc_fffd10a5  ; jmp 0xfffd10a5

loc_fffd10fa:  ; not directly referenced
mov eax, dword [ebp - 0xe0a4]
lea ecx, [ebx*4]
sub esp, 0xc
mov edi, dword [ebp - 0xe0a0]
lea esi, [ebp - 0xe03a]
mov edx, ebx
push 7
push 0
sar eax, cl
mov ecx, eax
movzx eax, byte [ebp - 0xd467]
push eax
push edi
lea eax, [ebp - 0xd466]
push eax
push dword [ebp - 0xe0a8]
lea eax, [ebp - 0xd996]
push 0x29
push esi
push eax
mov eax, dword [ebp + 8]
call fcn_fffb78c3  ; call 0xfffb78c3
add esp, 0x2c
mov ecx, esi
push 0
lea eax, [ebp - 0xe044]
push eax
movsx eax, byte [ebp - 0xe098]
push 1
push 1
push edi
push eax
mov eax, dword [ebp + 8]
push 0x29
lea edx, [ebp - 0xdea0]
call fcn_fffa5cdb  ; call 0xfffa5cdb
movsx di, byte [ebp - 0xde9e]
lea eax, [ebp - 0xd996]
add edi, dword [ebp - 0xdea0]
mov cl, bl
mov edx, 1
add esp, 0x18
shl edx, cl
movsx edi, di
imul esi, edi, 0x54e
imul edi, edi, 0x2a7
push 0
push 0
add eax, esi
mov ecx, eax
mov eax, dword [ebp + 8]
add edi, ebx
call fcn_fffafe03  ; call 0xfffafe03
mov al, byte [ebp + edi*2 - 0xd996]
add esp, 0x10
mov byte [ebp + ebx*2 - 0xe05a], al
mov al, byte [ebp + edi*2 - 0xd995]
mov byte [ebp + ebx*2 - 0xe059], al
lea eax, [ebp + esi - 0xd996]
mov dl, byte [eax + 8]
mov eax, dword [eax + 9]
mov byte [ebp + ebx - 0xe06b], dl
mov dword [ebp + ebx*4 - 0xe04c], eax

loc_fffd11ee:  ; not directly referenced
inc ebx
cmp ebx, 2
jne loc_fffd107b  ; jne 0xfffd107b
test byte [ebp - 0xe080], 1
je short loc_fffd1211  ; je 0xfffd1211
mov al, byte [ebp - 0xe06b]
mov bl, 1
mov byte [ebp - 0xe098], al
jmp short loc_fffd121a  ; jmp 0xfffd121a

loc_fffd1211:  ; not directly referenced
mov byte [ebp - 0xe098], 0
xor ebx, ebx

loc_fffd121a:  ; not directly referenced
mov eax, dword [ebp - 0xe080]
shr eax, 1
je short loc_fffd1233  ; je 0xfffd1233
mov al, byte [ebp - 0xe06a]
inc ebx
add byte [ebp - 0xe098], al
jmp short loc_fffd1239  ; jmp 0xfffd1239

loc_fffd1233:  ; not directly referenced
test bl, bl
je short loc_fffd124c  ; je 0xfffd124c
mov bl, 1

loc_fffd1239:  ; not directly referenced
movsx eax, byte [ebp - 0xe098]
movzx ecx, bl
cdq
idiv ecx
mov byte [ebp - 0xe098], al

loc_fffd124c:  ; not directly referenced
movzx ecx, byte [ebp - 0xe098]
sub esp, 0xc
xor edx, edx
mov eax, dword [ebp + 8]
push 1
call fcn_fffa8377  ; call 0xfffa8377
add esp, 0x10
mov edi, eax
cmp bl, 2
je short loc_fffd12c4  ; je 0xfffd12c4

loc_fffd126c:  ; not directly referenced
mov eax, dword [ebp + 8]
mov esi, dword [ebp - 0xe080]
push edx
push 0
add eax, 0x2491
mov edx, eax
mov edi, eax
mov dword [ebp - 0xe0a8], eax
mov eax, dword [ebp + 8]
mov ecx, esi
push 0
push 0
call fcn_fffbf98a  ; call 0xfffbf98a
mov eax, dword [ebp + 8]
mov edx, edi
pop ecx
mov ecx, esi
pop ebx
push 0
push 0xf
push 0
push 0
push 0
push 1
call fcn_fffbea08  ; call 0xfffbea08
add esp, 0x20
cmp dword [ebp - 0xe0f8], 3
jne loc_fffd1350  ; jne 0xfffd1350
jmp near loc_fffd13fc  ; jmp 0xfffd13fc

loc_fffd12c4:  ; not directly referenced
mov esi, dword [ebp - 0xe0f4]
xor ebx, ebx
add esi, 0x1c

loc_fffd12cf:  ; not directly referenced
mov eax, dword [ebp - 0xe080]
bt eax, ebx
jb short loc_fffd12e8  ; jb 0xfffd12e8

loc_fffd12da:  ; not directly referenced
inc ebx
add esi, 0xcc
cmp ebx, 2
jne short loc_fffd12cf  ; jne 0xfffd12cf
jmp short loc_fffd126c  ; jmp 0xfffd126c

loc_fffd12e8:  ; not directly referenced
sub dword [ebp + ebx*4 - 0xe04c], edi
mov byte [ebp - 0xe088], 0

loc_fffd12f6:  ; not directly referenced
mov edx, dword [ebp + 8]
mov al, byte [ebp - 0xe088]
cmp al, byte [edx + 0x2489]
jae short loc_fffd12da  ; jae 0xfffd12da
movzx edx, byte [ebp - 0xe088]
push 1
lea eax, [edx + 0x1c]
mov cl, byte [esi + eax*4 + 9]
movzx eax, byte [esi + eax*4 + 0xa]
shr cl, 4
and eax, 1
movzx ecx, cl
shl eax, 4
or eax, ecx
mov ecx, 0xf
add eax, dword [ebp + ebx*4 - 0xe04c]
cwde
push eax
mov eax, dword [ebp + 8]
push 1
push edx
mov edx, ebx
call fcn_fffa972b  ; call 0xfffa972b
add esp, 0x10
inc byte [ebp - 0xe088]
jmp short loc_fffd12f6  ; jmp 0xfffd12f6

loc_fffd1350:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [ebp - 0xe0bc], 0
mov byte [ebp - 0xe0a0], 1
mov al, byte [eax + 0x2411]
sete dl
test byte [ebp - 0xe09c], dl
jne short loc_fffd1384  ; jne 0xfffd1384
test al, al
mov edi, 1
cmove edi, eax
mov eax, edi
mov byte [ebp - 0xe0a0], al

loc_fffd1384:  ; not directly referenced
lea eax, [ebp - 0xe062]
mov dword [ebp - 0xe09c], eax
movsx eax, byte [ebp - 0xe098]
mov dword [ebp - 0xe088], 0
mov dword [ebp - 0xe0dc], eax

loc_fffd13a7:  ; not directly referenced
mov eax, dword [ebp - 0xe088]
mov ebx, 3
mov ecx, eax
add ecx, eax
mov eax, dword [ebp + 8]
shl ebx, cl
test byte [eax + 0x248e], bl
jne short loc_fffd1435  ; jne 0xfffd1435

loc_fffd13c3:  ; not directly referenced
inc dword [ebp - 0xe088]
inc dword [ebp - 0xe09c]
cmp dword [ebp - 0xe088], 2
jne short loc_fffd13a7  ; jne 0xfffd13a7
movsx edi, word [ebp - 0xe07a]
xor ebx, ebx

loc_fffd13e1:  ; not directly referenced
mov eax, dword [ebp + 8]
xor esi, esi
movzx eax, byte [eax + 0x248f]
bt eax, ebx
jb loc_fffd166b  ; jb 0xfffd166b

loc_fffd13f6:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffd13e1  ; jne 0xfffd13e1

loc_fffd13fc:  ; not directly referenced
mov eax, dword [ebp + 8]
sub esp, 0xc
xor ecx, ecx
movzx edx, byte [eax + 0x248f]
push 0
call fcn_fffccd2e  ; call 0xfffccd2e
add esp, 0x10
cmp dword [ebp - 0xe084], 0
jne loc_fffd169a  ; jne 0xfffd169a
sub esp, 0xc
push dword [ebp + 8]
call fcn_fffc054a  ; call 0xfffc054a
add esp, 0x10
jmp near loc_fffd169a  ; jmp 0xfffd169a

loc_fffd1435:  ; not directly referenced
test byte [ebp - 0xe06d], bl
setne al
mov dl, al
or edx, 2
test byte [ebp - 0xe06c], bl
cmovne eax, edx
xor esi, esi
and al, byte [ebp - 0xe0c1]
lea edx, [ebp - 0xd996]
mov edi, edx
movzx eax, al
mov dword [ebp - 0xe0a4], eax

loc_fffd1465:  ; not directly referenced
mov al, byte [ebp - 0xe0a0]
sub esp, 0xc
mov edx, dword [ebp - 0xe09c]
mov ecx, dword [ebp - 0xe0a4]
add eax, esi
test al, al
mov byte [edx], al
mov byte [edx + 2], al
sete al
mov edx, edi
and eax, dword [ebp - 0xe0bc]
add edi, 0x54e
push eax
push 0
push 2
lea eax, [ebp - 0xe069]
push eax
push dword [ebp - 0xe0dc]
lea eax, [ebp - 0xe062]
push eax
lea eax, [ebp - 0xe05a]
push eax
mov eax, dword [ebp + 8]
push 1
push ebx
call fcn_fffc1b5f  ; call 0xfffc1b5f
lea eax, [esi + 1]
inc esi
mov byte [ebp - 0xe0b8], al
mov al, byte [ebp - 0xe0a0]
add esp, 0x30
add eax, esi
cmp al, 2
jbe short loc_fffd1465  ; jbe 0xfffd1465
movsx eax, byte [ebp - 0xe0b8]
mov cl, byte [ebp - 0xe088]
mov dword [ebp - 0xe098], 1
shl dword [ebp - 0xe098], cl
movzx ebx, al
mov dword [ebp - 0xe080], 0
mov dword [ebp - 0xe0c0], ebx
mov dword [ebp - 0xe0c8], eax

loc_fffd150e:  ; not directly referenced
mov eax, dword [ebp - 0xe0a4]
mov ebx, dword [ebp - 0xe080]
bt eax, ebx
jae loc_fffd1653  ; jae 0xfffd1653
mov al, byte [ebp - 0xd467]
xor edx, edx
mov byte [ebp - 0xe0d8], al

loc_fffd1531:  ; not directly referenced
movzx ecx, dl
imul ebx, ecx, 0x2a7
add ecx, ecx
add ebx, dword [ebp - 0xe080]
lea eax, [ebp - 0xd996]
add ebx, ebx
add ebx, eax
lea eax, [ebp - 0xe03a]
add ecx, eax
xor eax, eax

loc_fffd1556:  ; not directly referenced
cmp byte [ebp - 0xe0d8], al
jbe short loc_fffd1570  ; jbe 0xfffd1570
imul esi, eax, 0x52
mov di, word [ebx + eax*4 + 0x53a]
inc eax
mov word [ecx + esi], di
jmp short loc_fffd1556  ; jmp 0xfffd1556

loc_fffd1570:  ; not directly referenced
inc edx
cmp dl, byte [ebp - 0xe0b8]
jne short loc_fffd1531  ; jne 0xfffd1531
movzx eax, byte [ebp - 0xd467]
sub esp, 0xc
push 8
mov ecx, dword [ebp - 0xe098]
push 0
mov edx, dword [ebp - 0xe080]
lea ebx, [ebp - 0xe051]
push eax
push ebx
lea eax, [ebp - 0xd466]
push eax
push dword [ebp - 0xe0c0]
lea esi, [ebp - 0xe03a]
lea eax, [ebp - 0xd996]
lea edi, [ebp - 0xd996]
push 0x29
push esi
push eax
mov eax, dword [ebp + 8]
call fcn_fffb78c3  ; call 0xfffb78c3
add esp, 0x2c
mov ecx, esi
push 0
lea eax, [ebp - 0xe044]
push eax
mov eax, dword [ebp + 8]
push 1
push 1
push ebx
push dword [ebp - 0xe0c8]
lea edx, [ebp - 0xdea0]
push 0x29
call fcn_fffa5cdb  ; call 0xfffa5cdb
movsx si, byte [ebp - 0xde9e]
add esp, 0x18
add esi, dword [ebp - 0xdea0]
mov edx, 1
push 0
push 1
movsx esi, si
imul eax, esi, 0x54e
imul esi, esi, 0x2a7
lea ebx, [edi + eax]
mov edi, dword [ebp - 0xe080]
mov eax, dword [ebp + 8]
mov ecx, edi
add esi, edi
shl edx, cl
mov ecx, ebx
call fcn_fffafe03  ; call 0xfffafe03
add esi, esi
mov edx, edi
lea eax, [ebp - 0x18]
mov edi, dword [ebp - 0xe09c]
add esp, 0x10
add esi, eax
mov eax, dword [ebp - 0xe088]
mov al, byte [eax + esi - 0xd97a]
mov byte [edi + edx*2], al

loc_fffd1653:  ; not directly referenced
inc dword [ebp - 0xe080]
cmp dword [ebp - 0xe080], 2
jne loc_fffd150e  ; jne 0xfffd150e
jmp near loc_fffd13c3  ; jmp 0xfffd13c3

loc_fffd166b:  ; not directly referenced
mov eax, esi
movzx eax, al
cmp eax, dword [ebp - 0xe0e4]
jae loc_fffd13f6  ; jae 0xfffd13f6
push 1
movzx ecx, byte [ebp + ebx - 0xe06d]
mov edx, ebx
push edi
inc esi
push 4
push eax
mov eax, dword [ebp + 8]
call fcn_fffa972b  ; call 0xfffa972b
add esp, 0x10
jmp short loc_fffd166b  ; jmp 0xfffd166b

loc_fffd169a:  ; not directly referenced
push eax
mov edx, dword [ebp - 0xe0a8]
push eax
mov eax, dword [ebp + 8]
movzx ecx, byte [eax + 0x248f]
push 0
push 0xf
push 0
push 0
push 0
push 2
call fcn_fffbea08  ; call 0xfffbea08
add esp, 0x20
cmp dword [ebp - 0xe084], 1
jne short loc_fffd16d7  ; jne 0xfffd16d7
sub esp, 0xc
push dword [ebp + 8]
call fcn_fffc054a  ; call 0xfffc054a
add esp, 0x10

loc_fffd16d7:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffd16df:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
push ebx
sub esp, 0x10c
mov eax, dword [ebp + 0x10]
mov byte [ebp - 0xfa], cl
mov cl, byte [ebp + 0xc]
mov ebx, dword [ebp + 8]
mov dword [ebp - 0xbc], edx
mov dword [ebp - 0xe4], eax
mov byte [ebp - 0xd4], cl
mov ecx, eax
mov byte [ebp - 0xeb], al
mov al, byte [ebp + 0x18]
mov byte [ebp - 0xec], bl
mov byte [ebp - 0xd3], al
mov eax, dword [edi + 0x2444]
mov dword [ebp - 0xf8], eax
mov al, cl
shr al, 4
inc eax
mov byte [ebp - 0xf9], al
xor eax, eax
cmp cl, 0x21
ja short loc_fffd1752  ; ja 0xfffd1752
movzx eax, byte [ebp - 0xe4]
movzx eax, byte [eax + ref_fffd58e0]  ; movzx eax, byte [eax - 0x2a720]

loc_fffd1752:  ; not directly referenced
mov ecx, dword [ebp - 0xe4]
mov dword [ebp - 0xd8], 1
cmp cl, 0x21
sete dl
cmp cl, 0x11
sete cl
or dl, cl
jne short loc_fffd1784  ; jne 0xfffd1784
xor ecx, ecx
cmp byte [ebp - 0xe4], 5
sete cl
mov dword [ebp - 0xd8], ecx

loc_fffd1784:  ; not directly referenced
movzx ecx, byte [edi + 0x2489]
mov esi, 1
shl esi, cl
dec esi
cmp byte [edi + 0x248c], 1
mov word [ebp - 0xea], si
jne short loc_fffd1810  ; jne 0xfffd1810
mov cl, byte [edi + 0x248d]
lea esi, [ecx + 4]
mov byte [ebp - 0x9a], cl
mov edx, esi
mov byte [ebp - 0x99], cl
add ecx, 2
mov byte [ebp - 0x98], dl
mov byte [ebp - 0x97], cl

loc_fffd17c9:  ; not directly referenced
imul eax, eax, 0x240
movzx ebx, bl
add eax, dword [ebp - 0xbc]
mov dword [ebp - 0xc4], 0
mov byte [ebp - 0xd2], 0
mov dword [ebp - 0xc8], eax
imul eax, ebx, 0x24
mov dword [ebp - 0x110], eax
movzx eax, byte [ebp - 0xec]
mov dword [ebp - 0x118], eax
imul eax, eax, 0x12
mov dword [ebp - 0xd0], eax
jmp short loc_fffd184b  ; jmp 0xfffd184b

loc_fffd1810:  ; not directly referenced
mov byte [ebp - 0x9a], 1
mov byte [ebp - 0x99], 1
mov byte [ebp - 0x98], 1
mov byte [ebp - 0x97], 1
jmp short loc_fffd17c9  ; jmp 0xfffd17c9

loc_fffd182e:  ; not directly referenced
inc ebx
cmp ebx, 2
jne loc_fffd222a  ; jne 0xfffd222a
inc dword [ebp - 0xc4]
cmp dword [ebp - 0xc4], 2
je loc_fffd22b6  ; je 0xfffd22b6

loc_fffd184b:  ; not directly referenced
mov ebx, dword [ebp - 0xf8]
lea eax, [ebp - 0xa2]
xor esi, esi
push ecx
push 0
push 4
push eax
mov eax, ebx
call dword [eax + 0x5c]  ; ucall
add esp, 0xc
push 0
push 4
lea eax, [ebp - 0x9e]
push eax
mov eax, ebx
call dword [eax + 0x5c]  ; ucall
lea eax, [ebp - 0x72]
add esp, 0x10
mov dword [ebp - 0xbc], eax

loc_fffd1883:  ; not directly referenced
movzx eax, byte [ebp - 0xfa]
bt eax, esi
mov dword [ebp - 0xe0], eax
jb short loc_fffd18b1  ; jb 0xfffd18b1
mov ax, word [ebp - 0xea]
mov word [ebp + esi*2 - 0xa2], ax
mov word [ebp + esi*2 - 0x9e], ax
jmp near loc_fffd1a58  ; jmp 0xfffd1a58

loc_fffd18b1:  ; not directly referenced
mov eax, dword [ebp - 0xbc]
mov byte [ebp - 0xc0], 0
mov byte [eax], 0x7f
mov eax, esi
shl eax, 0xa
add eax, 0x40f0
mov dword [ebp - 0xf0], eax
lea eax, [esi + esi*8]
mov dword [ebp - 0xe8], eax

loc_fffd18da:  ; not directly referenced
mov al, byte [ebp - 0xc0]
cmp al, byte [edi + 0x2489]
jae loc_fffd1a10  ; jae 0xfffd1a10
movzx eax, byte [ebp - 0xc0]
lea ecx, [ebp - 0x18]
mov ebx, eax
mov dword [ebp - 0xcc], eax
lea eax, [esi + esi*8]
lea edx, [ecx + eax]
add eax, ebx
mov dword [ebp + eax*4 - 0x60], 0
movzx eax, byte [ebp - 0xd3]
cmp byte [ebp - 0xeb], 1
mov byte [ebx + edx - 0x7e], 0x7f
mov byte [ebp - 0xd1], al
jne short loc_fffd194b  ; jne 0xfffd194b
push edx
movzx ecx, byte [ebp - 0xd4]
mov edx, esi
push eax
mov eax, edi
push dword [ebp - 0xc4]
push ebx
call fcn_fffb399f  ; call 0xfffb399f
add esp, 0x10
mov byte [ebp - 0xd1], al

loc_fffd194b:  ; not directly referenced
lea eax, [esi + esi*8]
xor edx, edx
mov dword [ebp - 0xdc], eax
mov eax, dword [ebp - 0xd0]
mov ecx, 0xa
mov ebx, dword [ebp - 0xdc]
add ebx, eax
mov eax, dword [ebp - 0xc8]
add ebx, dword [ebp - 0xcc]
add ebx, ebx
add ebx, dword [ebp - 0xc4]
mov eax, dword [eax + ebx*4]
div ecx
movzx edx, byte [ebp - 0xd1]
cmp eax, edx
cmova eax, edx
mov edx, dword [ebp - 0xc8]
cmp dword [ebp - 0xd8], 1
mov dword [edx + ebx*4], eax
jne short loc_fffd19c4  ; jne 0xfffd19c4
mov ebx, dword [ebp - 0xbc]
movzx edx, byte [ebx]
cmp eax, edx
jae short loc_fffd19db  ; jae 0xfffd19db
mov ebx, dword [ebp - 0xe8]
mov byte [ebp + ebx - 0x84], al
mov ebx, dword [ebp - 0xbc]
mov byte [ebx], al
jmp short loc_fffd19db  ; jmp 0xfffd19db

loc_fffd19c4:  ; not directly referenced
mov ecx, dword [ebp - 0xdc]
lea ebx, [ebp - 0x18]
add ecx, ebx
add ecx, dword [ebp - 0xcc]
mov byte [ecx - 0x6c], al
mov byte [ecx - 0x5a], al

loc_fffd19db:  ; not directly referenced
movzx eax, byte [ebp - 0xc0]
mov ebx, dword [ebp + 0x14]
movzx ecx, byte [ebx + eax]
mov eax, dword [ebp - 0xf0]
mov ebx, dword [ebp - 0xcc]
and ecx, 0x7f
or ch, 1
lea edx, [eax + ebx*4]
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
inc byte [ebp - 0xc0]
jmp near loc_fffd18da  ; jmp 0xfffd18da

loc_fffd1a10:  ; not directly referenced
cmp dword [ebp - 0xd8], 1
jne short loc_fffd1a58  ; jne 0xfffd1a58
lea edx, [esi + esi*8]
xor eax, eax
add edx, dword [ebp - 0xd0]
mov dword [ebp - 0xc0], edx

loc_fffd1a2a:  ; not directly referenced
cmp al, byte [edi + 0x2489]
jae short loc_fffd1a58  ; jae 0xfffd1a58
mov ebx, dword [ebp - 0xbc]
movzx ecx, al
inc eax
add ecx, dword [ebp - 0xc0]
mov edx, dword [ebp - 0xc8]
movzx ebx, byte [ebx]
add ecx, ecx
add ecx, dword [ebp - 0xc4]
mov dword [edx + ecx*4], ebx
jmp short loc_fffd1a2a  ; jmp 0xfffd1a2a

loc_fffd1a58:  ; not directly referenced
inc esi
add dword [ebp - 0xbc], 9
cmp esi, 2
jne loc_fffd1883  ; jne 0xfffd1883
mov eax, dword [ebp - 0xc4]
lea esi, [eax + eax - 1]
mov dword [ebp - 0x114], esi
mov esi, dword [ebp - 0xc8]
add eax, dword [ebp - 0x110]
lea eax, [esi + eax*4]
mov dword [ebp - 0xf0], eax

loc_fffd1a8e:  ; not directly referenced
mov ecx, 4
mov edx, 0x4800
mov eax, edi
xor esi, esi
call fcn_fffb3381  ; call 0xfffb3381

loc_fffd1aa1:  ; not directly referenced
movzx eax, byte [ebp - 0xf9]
cmp esi, eax
jae loc_fffd1b75  ; jae 0xfffd1b75
xor ebx, ebx

loc_fffd1ab2:  ; not directly referenced
mov eax, dword [ebp - 0xe0]
bt eax, ebx
jb short loc_fffd1aef  ; jb 0xfffd1aef

loc_fffd1abd:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffd1ab2  ; jne 0xfffd1ab2
xor eax, eax
mov edx, dword [ebp - 0xe0]
test esi, esi
push ecx
movzx ecx, byte [edi + 0x248c]
sete al
push 0
inc esi
push eax
lea eax, [ebp - 0x9a]
push eax
mov eax, edi
call fcn_fffaa5b3  ; call 0xfffaa5b3
add esp, 0x10
jmp short loc_fffd1aa1  ; jmp 0xfffd1aa1

loc_fffd1aef:  ; not directly referenced
mov eax, dword [ebp - 0xe0]
lea ecx, [ebx + 1]
xor edx, edx
sar eax, cl
mov dword [ebp - 0xbc], eax

loc_fffd1b02:  ; not directly referenced
cmp dl, byte [edi + 0x2489]
jae short loc_fffd1abd  ; jae 0xfffd1abd
push 1
movzx eax, dl
push dword [ebp - 0xbc]
lea ecx, [ebx + ebx*8]
add ecx, dword [ebp - 0xd0]
mov dword [ebp - 0xc0], edx
mov edx, dword [ebp - 0xc8]
push 0
push 0
push eax
add eax, ecx
mov ecx, dword [ebp - 0x114]
push dword [ebp - 0x118]
add eax, eax
add eax, dword [ebp - 0xc4]
push ebx
push 0
push esi
imul ecx, dword [edx + eax*4]
movzx eax, byte [ebp - 0xeb]
push ecx
push eax
push edi
call fcn_fffcd268  ; call 0xfffcd268
add esp, 0x30
mov edx, dword [ebp - 0xc0]
cmp dword [ebp - 0xd8], 0
jne loc_fffd1abd  ; jne 0xfffd1abd
inc edx
jmp short loc_fffd1b02  ; jmp 0xfffd1b02

loc_fffd1b75:  ; not directly referenced
xor esi, esi

loc_fffd1b77:  ; not directly referenced
mov eax, dword [ebp - 0xe0]
bt eax, esi
jae loc_fffd21d1  ; jae 0xfffd21d1
mov eax, esi
shl eax, 0xa
add eax, 0x4114
mov dword [ebp - 0x10c], eax
mov byte [ebp - 0xe8], 0

loc_fffd1b9d:  ; not directly referenced
mov al, byte [ebp - 0xe8]
cmp al, byte [edi + 0x2489]
jae loc_fffd210a  ; jae 0xfffd210a
mov cl, byte [ebp - 0xe8]
movzx eax, cl
mov dword [ebp - 0xbc], eax
mov eax, 1
shl eax, cl
mov ebx, eax
mov dword [ebp - 0xc0], eax
mov ax, word [ebp + esi*2 - 0x9e]
and ax, word [ebp + esi*2 - 0xa2]
test bx, ax
jne loc_fffd20ff  ; jne 0xfffd20ff
xor eax, eax
mov bl, cl
mov edx, dword [ebp - 0x10c]
cmp dword [ebp - 0xd8], 1
cmovne eax, ebx
mov ebx, dword [ebp - 0xbc]
mov byte [ebp - 0xd2], al
mov eax, edi
lea edx, [edx + ebx*4]
call fcn_fffb331f  ; call 0xfffb331f
mov edx, dword [ebp - 0xd0]
lea ebx, [esi + esi*8]
mov ecx, dword [ebp - 0xbc]
add edx, ebx
add edx, ecx
mov dword [ebp - 0xdc], eax
mov eax, dword [ebp - 0xc8]
add edx, edx
add edx, dword [ebp - 0xc4]
mov edx, dword [eax + edx*4]
lea eax, [ebp - 0x18]
add eax, ebx
add ecx, eax
mov dword [ebp - 0xf4], eax
mov al, byte [ecx - 0x7e]
mov dword [ebp - 0xcc], edx
mov byte [ebp - 0x100], al
sub edx, eax
mov eax, dword [ebp - 0xdc]
mov byte [ebp - 0xd1], dl
mov edx, dword [ebp - 0xf4]
and eax, 0x7fffff
mov dword [ebp - 0xdc], eax
movzx eax, byte [ebp - 0xd2]
jne loc_fffd1dae  ; jne 0xfffd1dae
add edx, eax
mov al, byte [ebp - 0xcc]
cmp al, byte [edx - 0x6c]
jne loc_fffd1d40  ; jne 0xfffd1d40
cmp byte [ebp - 0xd1], 0
jns short loc_fffd1cd4  ; jns 0xfffd1cd4
cmp byte [edx - 0x5a], al
jne short loc_fffd1cbe  ; jne 0xfffd1cbe

loc_fffd1ca1:  ; not directly referenced
lea ebx, [ebp - 0x18]
mov ecx, dword [ebp - 0xbc]
lea eax, [esi + esi*8]
add eax, ebx
mov bl, byte [ebp - 0xcc]
mov byte [ecx + eax - 0x7e], bl
jmp near loc_fffd1f97  ; jmp 0xfffd1f97

loc_fffd1cbe:  ; not directly referenced
mov dword [ebp - 0xa8], 1

loc_fffd1cc8:  ; not directly referenced
mov eax, dword [ebp - 0xa8]
test eax, eax
jne short loc_fffd1cc8  ; jne 0xfffd1cc8
jmp short loc_fffd1ca1  ; jmp 0xfffd1ca1

loc_fffd1cd4:  ; not directly referenced
cmp byte [ebp - 0xd1], 1
jne short loc_fffd1d0c  ; jne 0xfffd1d0c
add ebx, dword [ebp - 0xbc]
mov eax, dword [ebp + ebx*4 - 0x60]
shr eax, 8
xor ah, ah
mov dword [ebp + ebx*4 - 0x60], eax
mov al, byte [ebp - 0xcc]
mov byte [ecx - 0x7e], al
mov eax, dword [ebp - 0xc0]
or word [ebp + esi*2 - 0xa2], ax
jmp near loc_fffd1f97  ; jmp 0xfffd1f97

loc_fffd1d0c:  ; not directly referenced
cmp byte [ebp - 0xd1], 2
jne short loc_fffd1d27  ; jne 0xfffd1d27
xor eax, eax
call fcn_fffb392f  ; call 0xfffb392f
add ebx, dword [ebp - 0xbc]
jmp near loc_fffd1e2d  ; jmp 0xfffd1e2d

loc_fffd1d27:  ; not directly referenced
mov dword [ebp - 0xac], 1

loc_fffd1d31:  ; not directly referenced
mov eax, dword [ebp - 0xac]
test eax, eax
jne short loc_fffd1d31  ; jne 0xfffd1d31
jmp near loc_fffd1f97  ; jmp 0xfffd1f97

loc_fffd1d40:  ; not directly referenced
mov al, byte [ebp - 0xcc]
cmp al, byte [edx - 0x5a]
jne loc_fffd1f83  ; jne 0xfffd1f83
mov ax, word [ebp + esi*2 - 0xa2]
test word [ebp - 0xc0], ax
jne loc_fffd20ff  ; jne 0xfffd20ff
cmp byte [ebp - 0xd1], 0xff
jne short loc_fffd1d8e  ; jne 0xfffd1d8e
add ebx, dword [ebp - 0xbc]
or eax, dword [ebp - 0xc0]
and dword [ebp + ebx*4 - 0x60], 0xffffff00
mov word [ebp + esi*2 - 0xa2], ax
jmp near loc_fffd1f97  ; jmp 0xfffd1f97

loc_fffd1d8e:  ; not directly referenced
mov edx, dword [ebp - 0xc0]
mov bl, byte [ebp - 0xcc]
not edx
and edx, eax
mov byte [ecx - 0x7e], bl
mov word [ebp + esi*2 - 0xa2], dx
jmp near loc_fffd1f97  ; jmp 0xfffd1f97

loc_fffd1dae:  ; not directly referenced
add edx, eax
mov al, byte [edx - 0x6c]
mov byte [ebp - 0xf4], al
cmp byte [ebp - 0xcc], al
jne loc_fffd1e53  ; jne 0xfffd1e53
cmp byte [ebp - 0xd1], 2
jle short loc_fffd1de7  ; jle 0xfffd1de7
mov dword [ebp - 0xb0], 1

loc_fffd1dd8:  ; not directly referenced
mov eax, dword [ebp - 0xb0]
test eax, eax
jne short loc_fffd1dd8  ; jne 0xfffd1dd8
jmp near loc_fffd1f97  ; jmp 0xfffd1f97

loc_fffd1de7:  ; not directly referenced
mov eax, dword [ebp - 0xbc]
lea ebx, [ebx + eax]
mov eax, dword [ebp - 0xdc]
je short loc_fffd1e28  ; je 0xfffd1e28
call fcn_fffb392f  ; call 0xfffb392f
mov edx, dword [ebp + ebx*4 - 0x60]
and edx, 0xff00ffff
movzx eax, al
shl eax, 0x10
or eax, edx
mov dword [ebp + ebx*4 - 0x60], eax
mov eax, dword [ebp - 0xc0]
not eax
and word [ebp + esi*2 - 0x9e], ax
jmp near loc_fffd1f97  ; jmp 0xfffd1f97

loc_fffd1e28:  ; not directly referenced
call fcn_fffb392f  ; call 0xfffb392f

loc_fffd1e2d:  ; not directly referenced
mov edx, dword [ebp + ebx*4 - 0x60]
shl eax, 0x18
and edx, 0xffffff
or eax, edx
mov dword [ebp + ebx*4 - 0x60], eax
mov eax, dword [ebp - 0xc0]
or word [ebp + esi*2 - 0x9e], ax
jmp near loc_fffd1f97  ; jmp 0xfffd1f97

loc_fffd1e53:  ; not directly referenced
mov al, byte [ebp - 0xcc]
cmp al, byte [edx - 0x5a]
jne loc_fffd1f83  ; jne 0xfffd1f83
cmp byte [ebp - 0x100], 0xff
je loc_fffd1f19  ; je 0xfffd1f19
cmp byte [ebp - 0xd1], 0
jg loc_fffd1f19  ; jg 0xfffd1f19
movsx eax, byte [ebp - 0xd1]
mov dword [ebp - 0x100], eax
mov eax, dword [ebp - 0xdc]
call fcn_fffb392f  ; call 0xfffb392f
mov edx, 1
add ebx, dword [ebp - 0xbc]
mov ebx, dword [ebp + ebx*4 - 0x60]
mov dword [ebp - 0x104], eax
mov eax, dword [ebp - 0x100]
mov dword [ebp - 0x108], ebx
xor ebx, ebx
sub edx, eax
shl edx, 3
lea ecx, [edx + 0x1f]
cmp cl, 0x3e
ja short loc_fffd1ef5  ; ja 0xfffd1ef5
mov cl, al
movzx ebx, byte [ebp - 0x104]
mov eax, 0xff
lea ecx, [ecx*8 + 8]
shl eax, cl
not eax
and eax, dword [ebp - 0x108]
shl ebx, cl
mov cl, dl
or ebx, eax
test dl, dl
jle short loc_fffd1ef1  ; jle 0xfffd1ef1
shl ebx, cl
jmp short loc_fffd1ef5  ; jmp 0xfffd1ef5

loc_fffd1ef1:  ; not directly referenced
neg ecx
shr ebx, cl

loc_fffd1ef5:  ; not directly referenced
mov ecx, dword [ebp - 0xbc]
lea eax, [esi + esi*8]
lea edx, [eax + ecx]
mov dword [ebp + edx*4 - 0x60], ebx
lea ebx, [ebp - 0x18]
add eax, ebx
mov bl, byte [ebp - 0xcc]
lea edx, [ebx - 1]
mov byte [ecx + eax - 0x7e], dl
jmp short loc_fffd1f4c  ; jmp 0xfffd1f4c

loc_fffd1f19:  ; not directly referenced
mov ebx, dword [ebp - 0xbc]
lea eax, [esi + esi*8]
lea edx, [eax + ebx]
mov eax, dword [ebp - 0xdc]
mov ebx, dword [ebp + edx*4 - 0x60]
mov dword [ebp - 0x100], edx
call fcn_fffb392f  ; call 0xfffb392f
mov edx, dword [ebp - 0x100]
movzx ebx, bx
shl eax, 0x10
or eax, ebx
mov dword [ebp + edx*4 - 0x60], eax

loc_fffd1f4c:  ; not directly referenced
mov al, byte [ebp - 0xf4]
cmp byte [ebp - 0xcc], al
jae short loc_fffd1f68  ; jae 0xfffd1f68
mov eax, dword [ebp - 0xc0]
or word [ebp + esi*2 - 0x9e], ax

loc_fffd1f68:  ; not directly referenced
cmp byte [ebp - 0xd1], 0
jg short loc_fffd1f97  ; jg 0xfffd1f97
mov eax, dword [ebp - 0xc0]
not eax
and word [ebp + esi*2 - 0xa2], ax
jmp short loc_fffd1f97  ; jmp 0xfffd1f97

loc_fffd1f83:  ; not directly referenced
mov dword [ebp - 0xb4], 1

loc_fffd1f8d:  ; not directly referenced
mov eax, dword [ebp - 0xb4]
test eax, eax
jne short loc_fffd1f8d  ; jne 0xfffd1f8d

loc_fffd1f97:  ; not directly referenced
cmp byte [ebp - 0xeb], 1
movzx eax, byte [ebp - 0xd3]
jne short loc_fffd1fc8  ; jne 0xfffd1fc8
push edx
movzx ecx, byte [ebp - 0xd4]
mov edx, esi
push eax
mov eax, edi
push dword [ebp - 0xc4]
push dword [ebp - 0xbc]
call fcn_fffb399f  ; call 0xfffb399f
add esp, 0x10

loc_fffd1fc8:  ; not directly referenced
cmp byte [ebp - 0xcc], al
jne short loc_fffd1fde  ; jne 0xfffd1fde
mov ebx, dword [ebp - 0xc0]
or word [ebp + esi*2 - 0x9e], bx

loc_fffd1fde:  ; not directly referenced
cmp dword [ebp - 0xdc], 0
jne short loc_fffd2015  ; jne 0xfffd2015
lea ebx, [ebp - 0x18]
lea edx, [esi + esi*8]
lea ecx, [ebx + edx]
mov ebx, dword [ebp - 0xbc]
cmp al, byte [ebx + ecx - 0x7e]
jne short loc_fffd2015  ; jne 0xfffd2015
mov eax, dword [ebp - 0xc0]
test word [ebp + esi*2 - 0xa2], ax
je short loc_fffd2015  ; je 0xfffd2015
add edx, ebx
mov word [ebp + edx*4 - 0x5e], 0xfffe

loc_fffd2015:  ; not directly referenced
cmp byte [ebp - 0xcc], 0
jne short loc_fffd205a  ; jne 0xfffd205a
mov eax, dword [ebp - 0xc0]
or word [ebp + esi*2 - 0xa2], ax
cmp dword [ebp - 0xdc], 0
je short loc_fffd205a  ; je 0xfffd205a
lea ebx, [ebp - 0x18]
or word [ebp + esi*2 - 0x9e], ax
lea eax, [esi + esi*8]
lea edx, [ebx + eax]
mov ebx, dword [ebp - 0xbc]
add eax, ebx
mov byte [ebx + edx - 0x7e], 0
mov word [ebp + eax*4 - 0x5e], 0x707

loc_fffd205a:  ; not directly referenced
cmp dword [ebp - 0xd8], 0
jne loc_fffd20ff  ; jne 0xfffd20ff
mov cx, word [ebp + esi*2 - 0x9e]
mov dx, word [ebp + esi*2 - 0xa2]
mov eax, ecx
and eax, edx
test word [ebp - 0xc0], ax
jne short loc_fffd20ff  ; jne 0xfffd20ff
cmp dword [ebp - 0xdc], 0
movzx eax, byte [ebp - 0xd2]
jne short loc_fffd20b3  ; jne 0xfffd20b3
test word [ebp - 0xc0], cx
jne short loc_fffd20a8  ; jne 0xfffd20a8
lea ecx, [esi + esi*8]
lea ebx, [ebp - 0x18]
lea edx, [ebx + ecx]
jmp short loc_fffd20d2  ; jmp 0xfffd20d2

loc_fffd20a8:  ; not directly referenced
lea ecx, [esi + esi*8]
lea ebx, [ebp - 0x18]
lea edx, [ebx + ecx]
jmp short loc_fffd20c5  ; jmp 0xfffd20c5

loc_fffd20b3:  ; not directly referenced
test word [ebp - 0xc0], dx
lea ecx, [esi + esi*8]
lea ebx, [ebp - 0x18]
lea edx, [ebx + ecx]
jne short loc_fffd20d2  ; jne 0xfffd20d2

loc_fffd20c5:  ; not directly referenced
add eax, edx
mov bl, byte [eax - 0x5a]
lea edx, [ebx - 1]
mov byte [eax - 0x5a], dl
jmp short loc_fffd20dd  ; jmp 0xfffd20dd

loc_fffd20d2:  ; not directly referenced
add eax, edx
mov bl, byte [eax - 0x6c]
lea edx, [ebx + 1]
mov byte [eax - 0x6c], dl

loc_fffd20dd:  ; not directly referenced
mov eax, dword [ebp - 0xd0]
movzx edx, dl
add eax, ecx
mov ecx, dword [ebp - 0xc8]
add eax, dword [ebp - 0xbc]
add eax, eax
add eax, dword [ebp - 0xc4]
mov dword [ecx + eax*4], edx

loc_fffd20ff:  ; not directly referenced
inc byte [ebp - 0xe8]
jmp near loc_fffd1b9d  ; jmp 0xfffd1b9d

loc_fffd210a:  ; not directly referenced
cmp dword [ebp - 0xd8], 1
jne loc_fffd21d1  ; jne 0xfffd21d1
mov ax, word [ebp + esi*2 - 0xa2]
mov bx, word [ebp - 0xea]
mov edx, eax
and dx, word [ebp + esi*2 - 0x9e]
cmp dx, bx
je loc_fffd21d1  ; je 0xfffd21d1
lea edx, [esi + esi*8]
lea ecx, [ebp - 0x18]
add edx, ecx
cmp ax, bx
movzx eax, byte [ebp - 0xd2]
je short loc_fffd2181  ; je 0xfffd2181
add eax, edx
mov ebx, dword [ebp - 0xf0]
mov cl, byte [eax - 0x5a]
dec ecx
mov byte [eax - 0x5a], cl
imul eax, esi, 0x48
movzx ecx, cl
mov dword [ebx + eax], ecx

loc_fffd2165:  ; not directly referenced
imul eax, esi, 0x48
lea ebx, [esi + esi*8]
add ebx, dword [ebp - 0xd0]
mov dword [ebp - 0xbc], eax
xor eax, eax
mov dword [ebp - 0xc0], ebx
jmp short loc_fffd219b  ; jmp 0xfffd219b

loc_fffd2181:  ; not directly referenced
add edx, eax
mov ecx, dword [ebp - 0xf0]
mov al, byte [edx - 0x6c]
inc eax
mov byte [edx - 0x6c], al
imul edx, esi, 0x48
movzx eax, al
mov dword [ecx + edx], eax
jmp short loc_fffd2165  ; jmp 0xfffd2165

loc_fffd219b:  ; not directly referenced
cmp al, byte [edi + 0x2489]
jae short loc_fffd21d1  ; jae 0xfffd21d1
mov ebx, dword [ebp - 0xbc]
mov edx, dword [ebp - 0xf0]
mov edx, dword [edx + ebx]
mov ebx, dword [ebp - 0xc8]
mov ecx, edx
movzx edx, al
add edx, dword [ebp - 0xc0]
inc eax
add edx, edx
add edx, dword [ebp - 0xc4]
mov dword [ebx + edx*4], ecx
jmp short loc_fffd219b  ; jmp 0xfffd219b

loc_fffd21d1:  ; not directly referenced
inc esi
cmp esi, 2
jne loc_fffd1b77  ; jne 0xfffd1b77
mov si, word [ebp - 0xea]
mov eax, esi
and ax, word [ebp - 0xa2]
cmp ax, si
jne loc_fffd1a8e  ; jne 0xfffd1a8e
mov eax, esi
and ax, word [ebp - 0x9e]
cmp ax, si
jne loc_fffd1a8e  ; jne 0xfffd1a8e
mov eax, esi
and eax, dword [ebp - 0xa0]
cmp ax, si
jne loc_fffd1a8e  ; jne 0xfffd1a8e
mov eax, esi
and eax, dword [ebp - 0x9c]
cmp ax, si
jne loc_fffd1a8e  ; jne 0xfffd1a8e
xor ebx, ebx

loc_fffd222a:  ; not directly referenced
mov eax, dword [ebp - 0xe0]
bt eax, ebx
jae loc_fffd182e  ; jae 0xfffd182e
mov byte [ebp - 0xbc], 0

loc_fffd2240:  ; not directly referenced
mov al, byte [ebp - 0xbc]
cmp al, byte [edi + 0x2489]
jae loc_fffd182e  ; jae 0xfffd182e
movzx esi, byte [ebp - 0xbc]
lea eax, [ebx + ebx*8]
sub esp, 0xc
mov dword [ebp - 0xc0], eax
add eax, esi
mov edx, dword [ebp + eax*4 - 0x60]
lea eax, [ebp - 0x18]
add eax, dword [ebp - 0xc0]
movzx eax, byte [esi + eax - 0x7e]
mov ecx, edx
push dword [ebp + 0x1c]
shr edx, 0x10
shr ecx, 0x18
movzx edx, dl
call fcn_fffac986  ; call 0xfffac986
mov edx, dword [ebp - 0xc0]
add esp, 0x10
add edx, dword [ebp - 0xd0]
mov ecx, dword [ebp - 0xc8]
inc byte [ebp - 0xbc]
add esi, edx
add esi, esi
add esi, dword [ebp - 0xc4]
mov dword [ecx + esi*4], eax
jmp short loc_fffd2240  ; jmp 0xfffd2240

loc_fffd22b6:  ; not directly referenced
cmp byte [ebp - 0xe4], 0xb
je short loc_fffd22ed  ; je 0xfffd22ed

loc_fffd22bf:  ; not directly referenced
push 2
movzx eax, byte [ebp - 0xe4]
xor ebx, ebx
push 0
push 0
push 0
push 0
push 0
push 0
push 1
push 0
push 0
push eax
push edi
call fcn_fffcd268  ; call 0xfffcd268
add esp, 0x30
mov esi, eax
jmp near loc_fffd2395  ; jmp 0xfffd2395

loc_fffd22ed:  ; not directly referenced
movzx eax, byte [ebp - 0xec]
xor ebx, ebx
mov dword [ebp - 0xc4], eax

loc_fffd22fc:  ; not directly referenced
mov eax, dword [ebp - 0xe0]
bt eax, ebx
jb short loc_fffd230f  ; jb 0xfffd230f

loc_fffd2307:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffd22fc  ; jne 0xfffd22fc
jmp short loc_fffd22bf  ; jmp 0xfffd22bf

loc_fffd230f:  ; not directly referenced
mov eax, ebx
imul esi, ebx, 0x13c3
shl eax, 0xa
add eax, 0x4028
mov dword [ebp - 0xc0], eax
mov byte [ebp - 0xbc], 0

loc_fffd232c:  ; not directly referenced
mov al, byte [ebp - 0xbc]
cmp al, byte [edi + 0x2489]
jae short loc_fffd2307  ; jae 0xfffd2307
push eax
movzx eax, byte [ebp - 0xbc]
mov edx, ebx
mov ecx, dword [ebp - 0xc4]
push 0
push 0xff
push eax
mov eax, edi
call fcn_fffa7447  ; call 0xfffa7447
mov edx, dword [ebp - 0xc0]
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
movzx edx, byte [edi + esi + 0x4770]
and edx, 0x3f
shl edx, 0x10
and eax, 0xffc0ffff
or eax, edx
mov edx, dword [ebp - 0xc0]
mov ecx, eax
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
add esp, 0x10
inc byte [ebp - 0xbc]
jmp short loc_fffd232c  ; jmp 0xfffd232c

loc_fffd2395:  ; not directly referenced
cmp bl, byte [edi + 0x2489]
jae short loc_fffd23b3  ; jae 0xfffd23b3
movzx eax, bl
xor ecx, ecx
lea edx, [eax*4 + 0x4cf0]
mov eax, edi
call fcn_fffb38b3  ; call 0xfffb38b3
inc ebx
jmp short loc_fffd2395  ; jmp 0xfffd2395

loc_fffd23b3:  ; not directly referenced
lea esp, [ebp - 0xc]
mov eax, esi
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffd23bd:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x4c
mov ebx, dword [ebp + 8]
mov eax, dword [ebx + 0x2444]
lea ecx, [ebx + 0x5f99]
movzx esi, byte [ebx + 0x18ed]
mov dword [ebx + 0x3712], 0
mov dword [ebp - 0x3c], eax
mov eax, dword [ebx + 0x188b]
mov dword [ebp - 0x40], eax
lea eax, [ebx + 0x3813]

loc_fffd23f8:  ; not directly referenced
cmp dword [eax - 0xbc], 2
mov dword [eax], 0
jne short loc_fffd243c  ; jne 0xfffd243c
cmp dword [eax + 0x10b7], 2
jne short loc_fffd2418  ; jne 0xfffd2418
mov edx, dword [eax + 0x1198]
mov dword [eax], edx

loc_fffd2418:  ; not directly referenced
cmp dword [eax + 0x11df], 2
jne short loc_fffd2429  ; jne 0xfffd2429
mov edx, dword [eax + 0x12c0]
add dword [eax], edx

loc_fffd2429:  ; not directly referenced
mov edx, dword [ebx + 0x2485]
cmp dword [eax], edx
cmovbe edx, dword [eax]
mov dword [eax], edx
add dword [ebx + 0x3712], edx

loc_fffd243c:  ; not directly referenced
add eax, 0x13c3
cmp eax, ecx
jne short loc_fffd23f8  ; jne 0xfffd23f8
mov edi, dword [ebx + 0x3712]
mov eax, dword [ebx + 0x18d9]
mov ecx, edi
sub ecx, dword [ebx + 0x18d5]
cmp byte [ebx + 0x2402], 0
mov dword [ebx + 0x36ed], ecx
je short loc_fffd247e  ; je 0xfffd247e
cmp edi, 0x1000
ja short loc_fffd247e  ; ja 0xfffd247e
shr edi, 1
mov edx, 0x1000
sub edx, edi
cmp eax, edx
cmovb eax, edx

loc_fffd247e:  ; not directly referenced
mov edx, 0x1000
sub edx, eax
cmp edx, ecx
cmovbe ecx, edx
mov dword [ebx + 0x36f1], ecx
test esi, esi
je short loc_fffd24be  ; je 0xfffd24be
mov eax, dword [ebx + 0x3813]
mov edx, dword [ebx + 0x4bd6]
cmp eax, edx
je short loc_fffd24be  ; je 0xfffd24be
test eax, eax
je short loc_fffd24be  ; je 0xfffd24be
test edx, edx
je short loc_fffd24be  ; je 0xfffd24be
cmp edx, eax
cmova edx, eax
add edx, edx
cmp ecx, edx
cmovbe edx, ecx
mov dword [ebx + 0x36f1], edx

loc_fffd24be:  ; not directly referenced
mov eax, dword [ebx + 0x36f1]
sub eax, dword [ebx + 0x246e]
mov edi, dword [ebx + 0x18c1]
mov dword [ebx + 0x36f5], eax
sub eax, dword [ebx + 0x2472]
mov dword [ebx + 0x36f9], eax
mov eax, dword [ebp - 0x3c]
push 0x50
push 0
push 0
push 0
call dword [eax + 0x4c]  ; ucall
add edi, eax
mov eax, dword [ebp - 0x3c]
mov dword [esp], edi
call dword [eax + 0x20]  ; ucall
add esp, 0x10
mov ecx, dword [ebx + 0x246e]
cmp dword [ebp - 0x40], 0
jne short loc_fffd2567  ; jne 0xfffd2567
xor edx, edx
cmp byte [ebx + 0x18b3], 1
sete dl
and ah, 0xbc
mov edi, edx
mov edx, 3
shl edi, 0xe
cmp dword [ebx + 0x2472], 3
cmovbe edx, dword [ebx + 0x2472]
or eax, edi
and edx, 3
shl edx, 8
or eax, edx
cmp ecx, 0x400
jne short loc_fffd2549  ; jne 0xfffd2549
and al, 7
or al, 0x88
jmp short loc_fffd25ab  ; jmp 0xfffd25ab

loc_fffd2549:  ; not directly referenced
mov dl, 0x1f
cmp ecx, 0x3ff
ja short loc_fffd255b  ; ja 0xfffd255b
shr ecx, 5
mov dl, cl
and edx, 0x1f

loc_fffd255b:  ; not directly referenced
and edx, 0x1f
and al, 7
shl edx, 3
or eax, edx
jmp short loc_fffd25ab  ; jmp 0xfffd25ab

loc_fffd2567:  ; not directly referenced
xor edx, edx
mov edi, dword [ebx + 0x2472]
cmp byte [ebx + 0x18b3], 1
sete dl
and eax, 0xfffffffb
shl edx, 2
or eax, edx
mov dl, 3
cmp edi, 7
ja short loc_fffd258f  ; ja 0xfffd258f
shr edi, 1
mov edx, edi
and edx, 3

loc_fffd258f:  ; not directly referenced
and edx, 3
and al, 0x3f
shl edx, 6
mov edi, ecx
or eax, edx
mov dl, 0xff
shr edi, 5
cmp ecx, 0x1fff
cmovbe edx, edi
mov ah, dl

loc_fffd25ab:  ; not directly referenced
mov ecx, dword [ebx + 0x36f9]
mov dword [ebx + 0x36fd], eax
mov eax, dword [ebx + 0x18dd]
mov edx, dword [ebx + 0x18e5]
mov dword [ebp - 0x40], ecx
sub dword [ebp - 0x40], eax
neg eax
and eax, dword [ebp - 0x40]
mov dword [ebx + 0x372e], edx
mov dword [ebx + 0x3701], eax
test esi, esi
jne short loc_fffd2604  ; jne 0xfffd2604

loc_fffd25de:  ; not directly referenced
mov eax, dword [ebp - 0x40]
sub eax, dword [ebx + 0x3701]
je loc_fffd26ed  ; je 0xfffd26ed
sub dword [ebx + 0x36f9], eax
sub dword [ebx + 0x36f5], eax
sub dword [ebx + 0x36f1], eax
jmp near loc_fffd26ed  ; jmp 0xfffd26ed

loc_fffd2604:  ; not directly referenced
or edx, 0xffffffff
sub edx, dword [ebx + 0x18e9]
mov dword [ebp - 0x4c], 0
lea esi, [ebp - 0x2a]
mov dword [ebp - 0x48], 0
add eax, edx
shl eax, 0x14
mov dword [ebp - 0x50], eax

loc_fffd2626:  ; not directly referenced
mov ecx, dword [ebp - 0x48]
imul eax, ecx, 0x13c3
mov byte [ebp - 0x44], cl
cmp dword [ebx + eax + 0x3757], 2
jne loc_fffd26d8  ; jne 0xfffd26d8

loc_fffd2640:  ; not directly referenced
push eax
push esi
push dword [ebp - 0x4c]
push dword [ebp - 0x50]
call fcn_fffc8b09  ; call 0xfffc8b09
mov al, byte [ebp - 0x44]
add dword [ebp - 0x50], 0x40
adc dword [ebp - 0x4c], 0
add esp, 0x10
cmp byte [esi + 1], al
jne short loc_fffd2640  ; jne 0xfffd2640
mov ax, word [esi + 7]
movzx ecx, byte [esi + 5]
mov edx, eax
movzx edi, ah
movzx eax, byte [esi + 3]
shl edx, 0x18
shl ecx, 3
or ecx, edx
movzx edx, byte [esi + 4]
and eax, 7
shl eax, 0x18
and edx, 0xf
shl edx, 0x10
or edi, edx
or edi, eax
cmp byte [ebp - 0x44], 1
lea edx, [ebp - 0x30]
push edx
sbb eax, eax
not eax
and eax, 0x200
push ecx
or eax, 0x1e
push eax
mov eax, dword [ebp - 0x3c]
push 1
call dword [eax + 0x84]  ; ucall
add esp, 0x10
cmp byte [ebp - 0x44], 1
lea ecx, [ebp - 0x30]
push ecx
sbb eax, eax
and eax, 0xfffffe00
add eax, 0x300
push edi
or eax, 0x1e
push eax
mov eax, dword [ebp - 0x3c]
push 1
call dword [eax + 0x84]  ; ucall
add esp, 0x10

loc_fffd26d8:  ; not directly referenced
inc dword [ebp - 0x48]
add esi, 9
cmp dword [ebp - 0x48], 2
jne loc_fffd2626  ; jne 0xfffd2626
jmp near loc_fffd25de  ; jmp 0xfffd25de

loc_fffd26ed:  ; not directly referenced
cmp byte [ebx + 0x18b6], 0
mov eax, dword [ebx + 0x36ed]
je short loc_fffd2738  ; je 0xfffd2738
mov ecx, dword [ebx + 0x36f1]
cmp eax, ecx
jbe short loc_fffd2738  ; jbe 0xfffd2738
mov edx, 0x1000
cmp eax, 0x1000
mov esi, edx
cmovbe edx, eax
cmovae esi, eax
add edx, esi
sub edx, ecx
mov dword [ebx + 0x370e], edx
dec edx
mov byte [ebx + 0x3705], 1
mov dword [ebx + 0x3706], esi
mov dword [ebx + 0x370a], edx
jmp short loc_fffd2745  ; jmp 0xfffd2745

loc_fffd2738:  ; not directly referenced
mov byte [ebx + 0x3705], 0
mov dword [ebx + 0x370e], eax

loc_fffd2745:  ; not directly referenced
cmp byte [ebx + 0x3746], 0
je short loc_fffd27b1  ; je 0xfffd27b1
cmp byte [ebx + 0x2402], 0
je short loc_fffd276d  ; je 0xfffd276d
cmp dword [ebx + 0x3712], 0x1000
mov edx, eax
ja short loc_fffd2779  ; ja 0xfffd2779
mov edx, dword [ebx + 0x370e]
jmp short loc_fffd2779  ; jmp 0xfffd2779

loc_fffd276d:  ; not directly referenced
mov edx, dword [ebx + 0x3701]
sub edx, dword [ebx + 0x18e5]

loc_fffd2779:  ; not directly referenced
movzx ecx, byte [ebx + 0x3748]
shl ecx, 3
mov dword [ebx + 0x3722], ecx
not ecx
add edx, ecx
movzx ecx, byte [ebx + 0x3747]
and edx, 0xffffffc0
mov dword [ebx + 0x371e], edx
shl ecx, 3
sub edx, ecx
sub edx, 0x40
mov dword [ebx + 0x372a], ecx
mov dword [ebx + 0x3726], edx

loc_fffd27b1:  ; not directly referenced
mov dword [ebx + 0x3716], eax
mov eax, dword [ebx + 0x18d5]
mov edx, dword [ebx + 0x3712]
mov esi, dword [ebx + 0x2444]
mov dword [ebx + 0x371a], eax
mov eax, dword [ebx + 0x18cd]
mov dword [ebp - 0x40], eax
mov eax, dword [ebx + 0x18c1]
push 0xa0
push 0
push 0
mov edi, eax
mov dword [ebp - 0x3c], eax
mov eax, edx
shr edx, 0xc
and edx, 0x7f
shl eax, 0x14
push 0
mov dword [ebp - 0x48], edx
mov dword [ebp - 0x44], eax
call dword [esi + 0x4c]  ; ucall
pop ecx
mov dword [ebp - 0x3c], edi
lea edi, [eax + edi]
pop eax
push dword [ebp - 0x44]
push edi
call dword [esi + 0x30]  ; ucall
lea ecx, [edi + 4]
pop eax
pop edx
mov edx, dword [ebp - 0x48]
push edx
push ecx
call dword [esi + 0x30]  ; ucall
movzx edi, word [ebx + 0x36f1]
push 0xbc
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
shl edi, 0x14
add esp, 0x18
push edi
mov edi, dword [ebp - 0x3c]
add eax, edi
push eax
call dword [esi + 0x30]  ; ucall
mov edx, dword [ebx + 0x370e]
push 0xa8
push 0
push 0
mov eax, edx
shr edx, 0xc
and edx, 0x7f
shl eax, 0x14
mov dword [ebp - 0x48], edx
push 0
mov dword [ebp - 0x44], eax
call dword [esi + 0x4c]  ; ucall
add esp, 0x18
push dword [ebp - 0x44]
lea edi, [eax + edi]
push edi
call dword [esi + 0x30]  ; ucall
mov edx, dword [ebp - 0x48]
pop ecx
pop eax
lea ecx, [edi + 4]
push edx
push ecx
call dword [esi + 0x30]  ; ucall
add esp, 0x10
cmp byte [ebx + 0x3705], 0
je loc_fffd2918  ; je 0xfffd2918
mov edx, dword [ebx + 0x3706]
push 0x90
push 0
push 0
mov eax, edx
shr edx, 0xc
and edx, 0x7f
shl eax, 0x14
push 0
mov dword [ebp - 0x48], edx
mov dword [ebp - 0x44], eax
call dword [esi + 0x4c]  ; ucall
mov ecx, dword [ebp - 0x3c]
lea edi, [eax + ecx]
pop eax
pop edx
push dword [ebp - 0x44]
push edi
call dword [esi + 0x30]  ; ucall
mov edx, dword [ebp - 0x48]
pop ecx
pop eax
lea ecx, [edi + 4]
push edx
push ecx
call dword [esi + 0x30]  ; ucall
mov edx, dword [ebx + 0x370a]
push 0x98
push 0
push 0
mov eax, edx
shr edx, 0xc
and edx, 0x7f
shl eax, 0x14
mov dword [ebp - 0x48], edx
push 0
mov dword [ebp - 0x44], eax
call dword [esi + 0x4c]  ; ucall
mov ecx, dword [ebp - 0x3c]
add esp, 0x18
push dword [ebp - 0x44]
lea edi, [eax + ecx]
push edi
call dword [esi + 0x30]  ; ucall
lea ecx, [edi + 4]
pop eax
pop edx
mov edx, dword [ebp - 0x48]
push edx
push ecx
call dword [esi + 0x30]  ; ucall
add esp, 0x10

loc_fffd2918:  ; not directly referenced
push 0xb8
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
movzx edx, word [ebx + 0x3701]
pop edi
pop ecx
add eax, dword [ebp - 0x3c]
shl edx, 0x14
push edx
push eax
call dword [esi + 0x30]  ; ucall
add esp, 0x10
cmp dword [ebx + 0x372e], 0
je short loc_fffd297b  ; je 0xfffd297b
push 0x5c
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
mov ecx, dword [ebp - 0x3c]
lea edi, [eax + ecx]
mov dword [esp], edi
call dword [esi + 0x20]  ; ucall
movzx edx, byte [ebx + 0x372e]
shl edx, 4
and eax, 0xfffff00f
or eax, edx
pop edx
or eax, 4
pop ecx
push eax
push edi
call dword [esi + 0x30]  ; ucall
add esp, 0x10

loc_fffd297b:  ; not directly referenced
push 0xb0
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
movzx edx, word [ebx + 0x36f5]
pop ecx
pop edi
mov edi, dword [ebp - 0x3c]
shl edx, 0x14
push edx
add eax, edi
push eax
call dword [esi + 0x30]  ; ucall
push 0xb4
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
movzx edx, word [ebx + 0x36f9]
add esp, 0x18
shl edx, 0x14
push edx
add eax, edi
push eax
call dword [esi + 0x30]  ; ucall
mov eax, dword [ebx + 0x371a]
add esp, 0x10
test eax, eax
je loc_fffd2a56  ; je 0xfffd2a56
mov edi, 0x80000
sub edi, eax
push 0x78
mov edx, edi
push 0
shl edx, 0x14
push 0
or dh, 8
push 0
shr edi, 0xc
mov dword [ebp - 0x44], edx
and edi, 0x7f
call dword [esi + 0x4c]  ; ucall
mov ecx, dword [ebp - 0x3c]
add ecx, eax
pop eax
pop edx
mov edx, dword [ebp - 0x44]
mov dword [ebp - 0x44], ecx
push edx
push ecx
call dword [esi + 0x30]  ; ucall
pop ecx
mov ecx, dword [ebp - 0x44]
pop eax
add ecx, 4
push edi
push ecx
call dword [esi + 0x30]  ; ucall
mov edx, dword [ebx + 0x3716]
push 0x70
push 0
push 0
mov eax, edx
shr edx, 0xc
and edx, 0x7f
shl eax, 0x14
mov dword [ebp - 0x48], edx
push 0
mov dword [ebp - 0x44], eax
call dword [esi + 0x4c]  ; ucall
mov ecx, dword [ebp - 0x3c]
add esp, 0x18
push dword [ebp - 0x44]
lea edi, [eax + ecx]
push edi
call dword [esi + 0x30]  ; ucall
lea ecx, [edi + 4]
pop eax
pop edx
mov edx, dword [ebp - 0x48]
push edx
push ecx
call dword [esi + 0x30]  ; ucall
add esp, 0x10

loc_fffd2a56:  ; not directly referenced
push 0x50
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
pop edx
pop ecx
push dword [ebx + 0x36fd]
add eax, dword [ebp - 0x3c]
push eax
call dword [esi + 0x30]  ; ucall
mov edx, dword [ebx + 0x371e]
pop edi
pop eax
mov eax, dword [ebx + 0x3722]
mov edi, dword [ebp - 0x40]
add eax, edx
shr eax, 3
shr edx, 3
shl eax, 0x10
or eax, edx
push eax
mov eax, edi
add eax, 0x18
push eax
call dword [esi + 0x30]  ; ucall
pop eax
mov eax, dword [ebx + 0x371e]
pop edx
shl eax, 0xe
push eax
mov eax, edi
add eax, 0x10
push eax
call dword [esi + 0x30]  ; ucall
pop ecx
pop eax
mov eax, dword [ebx + 0x371e]
and eax, 0x40000
shr eax, 0x12
push eax
mov eax, edi
add eax, 0x14
push eax
call dword [esi + 0x30]  ; ucall
mov edx, dword [ebx + 0x3726]
pop eax
mov eax, dword [ebx + 0x372a]
pop ecx
add eax, edx
shr eax, 3
shr edx, 3
shl eax, 0x10
or eax, edx
push eax
mov eax, edi
add eax, 0x28
push eax
call dword [esi + 0x30]  ; ucall
pop eax
mov eax, dword [ebx + 0x3726]
pop edx
shl eax, 0xe
push eax
mov eax, edi
add eax, 0x20
push eax
call dword [esi + 0x30]  ; ucall
pop ecx
pop eax
mov eax, dword [ebx + 0x3726]
and eax, 0x40000
shr eax, 0x12
or eax, 4
push eax
mov eax, edi
add eax, 0x24
push eax
call dword [esi + 0x30]  ; ucall
xor eax, eax
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

loc_fffd2b28:
push esi
push edi
mov esi, dword [esp + 0x10]
mov edi, dword [esp + 0xc]
mov edx, dword [esp + 0x14]
cmp edi, esi
je short loc_fffd2b57  ; je 0xfffd2b57
cmp edx, 0
je short loc_fffd2b57  ; je 0xfffd2b57
lea eax, [esi + edx - 1]
cmp esi, edi
jae short loc_fffd2b52  ; jae 0xfffd2b52
cmp eax, edi
jb short loc_fffd2b52  ; jb 0xfffd2b52
mov esi, eax
lea edi, [edi + edx - 1]
std

loc_fffd2b52:
mov ecx, edx
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
cld

loc_fffd2b57:
mov eax, dword [esp + 0xc]
pop edi
pop esi
ret

loc_fffd2b5e:
push edi
xor eax, eax
mov edi, dword [esp + 8]
mov ecx, dword [esp + 0xc]
mov edx, ecx
shr ecx, 2
and edx, 3
push edi
rep stosd  ; rep stosd dword es:[edi], eax
mov ecx, edx
rep stosb  ; rep stosb byte es:[edi], al
pop eax
pop edi
ret

fcn_fffd2b7b:
mov eax, dword [esp + 8]
mov ecx, dword [esp + 0xc]
xor edx, edx
div ecx
mov eax, dword [esp + 4]
div ecx
mov eax, edx
ret

fcn_fffd2b90:
mov eax, dword [esp + 8]
mov ecx, dword [esp + 0xc]
xor edx, edx
div ecx
push eax
mov eax, dword [esp + 8]
div ecx
pop edx
ret

fcn_fffd2ba5:
mov ecx, dword [esp + 0xc]
mov eax, dword [esp + 8]
xor edx, edx
div ecx
push eax
mov eax, dword [esp + 8]
div ecx
mov ecx, dword [esp + 0x14]
jecxz loc_fffd2bc0  ; jecxz 0xfffd2bc0
mov dword [ecx], edx

loc_fffd2bc0:
pop edx
ret

fcn_fffd2bc2:
push ebx

fcn_fffd2bc3:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0xc]
cpuid
push ecx
mov ecx, dword [ebp + 0x10]
jecxz loc_fffd2bd3  ; jecxz 0xfffd2bd3
mov dword [ecx], eax

loc_fffd2bd3:
mov ecx, dword [ebp + 0x14]
jecxz loc_fffd2bda  ; jecxz 0xfffd2bda
mov dword [ecx], ebx

loc_fffd2bda:
mov ecx, dword [ebp + 0x18]
jecxz loc_fffd2be1  ; jecxz 0xfffd2be1
pop dword [ecx]

loc_fffd2be1:
mov ecx, dword [ebp + 0x1c]
jecxz loc_fffd2be8  ; jecxz 0xfffd2be8
mov dword [ecx], edx

loc_fffd2be8:
mov eax, dword [ebp + 0xc]
leave
pop ebx
ret

loc_fffd2bee:  ; not directly referenced
mov cl, byte [esp + 0xc]
xor eax, eax
mov edx, dword [esp + 4]
test cl, 0x20
cmove eax, edx
cmove edx, dword [esp + 8]
shld edx, eax, cl
shl eax, cl
ret

loc_fffd2c09:
mov cl, byte [esp + 0xc]
xor edx, edx
mov eax, dword [esp + 8]
test cl, 0x20
cmove edx, eax
cmove eax, dword [esp + 4]
shrd eax, edx, cl
shr edx, cl
ret

loc_fffd2c24:
push edi
mov ecx, dword [esp + 0xc]
mov al, byte [esp + 0x10]
mov ah, al
shrd edx, eax, 0x10
shld eax, edx, 0x10
mov edx, ecx
mov edi, dword [esp + 8]
shr ecx, 2
rep stosd  ; rep stosd dword es:[edi], eax
mov ecx, edx
and ecx, 3
rep stosb  ; rep stosb byte es:[edi], al
mov eax, dword [esp + 8]
pop edi
ret

fcn_fffd2c4f:
push edi
mov eax, dword [esp + 0x10]
mov edi, dword [esp + 8]
mov ecx, dword [esp + 0xc]
rep stosd  ; rep stosd dword es:[edi], eax
mov eax, dword [esp + 8]
pop edi
ret

loc_fffd2c64:  ; not directly referenced
mov ecx, dword [esp + 0xc]
mov eax, ecx
imul ecx, dword [esp + 8]
mul dword [esp + 4]
add edx, ecx
ret

loc_fffd2c76:  ; not directly referenced
mov ecx, dword [esp + 0x10]
test ecx, ecx
jne short loc_fffd2c91  ; jne 0xfffd2c91
mov ecx, dword [esp + 0x14]
jecxz loc_fffd2c8c  ; jecxz 0xfffd2c8c
and dword [ecx + 4], 0
mov dword [esp + 0x10], ecx

loc_fffd2c8c:  ; not directly referenced
jmp near fcn_fffd2ba5  ; jmp 0xfffd2ba5

loc_fffd2c91:  ; not directly referenced
push ebx
push esi
push edi
mov edx, dword [esp + 0x14]
mov eax, dword [esp + 0x10]
mov edi, edx
mov esi, eax
mov ebx, dword [esp + 0x18]

loc_fffd2ca4:  ; not directly referenced
shr edx, 1
rcr eax, 1
shrd ebx, ecx, 1
shr ecx, 1
jne short loc_fffd2ca4  ; jne 0xfffd2ca4
div ebx
mov ebx, eax
mov ecx, dword [esp + 0x1c]
mul dword [esp + 0x18]
imul ecx, ebx
add edx, ecx
mov ecx, dword [esp + 0x20]
jb short loc_fffd2cd1  ; jb 0xfffd2cd1
cmp edi, edx
ja short loc_fffd2cdc  ; ja 0xfffd2cdc
jb short loc_fffd2cd1  ; jb 0xfffd2cd1
cmp esi, eax
jae short loc_fffd2cdc  ; jae 0xfffd2cdc

loc_fffd2cd1:  ; not directly referenced
dec ebx
jecxz loc_fffd2ce7  ; jecxz 0xfffd2ce7
sub eax, dword [esp + 0x18]
sbb edx, dword [esp + 0x1c]

loc_fffd2cdc:  ; not directly referenced
jecxz loc_fffd2ce7  ; jecxz 0xfffd2ce7
sub esi, eax
sbb edi, edx
mov dword [ecx], esi
mov dword [ecx + 4], edi

loc_fffd2ce7:  ; not directly referenced
mov eax, ebx
xor edx, edx
pop edi
pop esi
pop ebx
ret

loc_fffd2cef:
db 0x53

fcn_fffd2cf0:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0xc]
mov ecx, dword [ebp + 0x10]
cpuid
push ecx
mov ecx, dword [ebp + 0x14]
jecxz loc_fffd2d03  ; jecxz 0xfffd2d03
mov dword [ecx], eax

loc_fffd2d03:  ; not directly referenced
mov ecx, dword [ebp + 0x18]
jecxz loc_fffd2d0a  ; jecxz 0xfffd2d0a
mov dword [ecx], ebx

loc_fffd2d0a:  ; not directly referenced
mov ecx, dword [ebp + 0x20]
jecxz loc_fffd2d11  ; jecxz 0xfffd2d11
mov dword [ecx], edx

loc_fffd2d11:  ; not directly referenced
mov ecx, dword [ebp + 0x1c]
jecxz loc_fffd2d18  ; jecxz 0xfffd2d18
pop dword [ecx]

loc_fffd2d18:  ; not directly referenced
mov eax, dword [ebp + 0xc]
leave
pop ebx
ret

fcn_fffd2d1e:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
xor esi, esi
push ebx
mov ebx, eax
sub esp, 0x1c
mov dword [ebp - 0x1c], edx

loc_fffd2d2e:  ; not directly referenced
lea eax, [esi*8 + 0x48a8]
mov dword [ebp - 0x20], eax
mov edx, eax
mov eax, ebx
call fcn_fffb333d  ; call 0xfffb333d
mov edi, dword [ebp - 0x1c]
bt edi, esi
mov ecx, eax
jae short loc_fffd2d53  ; jae 0xfffd2d53
and ch, 0xcf
or ch, 0x18
jmp short loc_fffd2d56  ; jmp 0xfffd2d56

loc_fffd2d53:  ; not directly referenced
and ch, 0xf7

loc_fffd2d56:  ; not directly referenced
push edi
mov eax, ebx
push edi
inc esi
push edx
mov edx, dword [ebp - 0x20]
push ecx
call fcn_fffb3506  ; call 0xfffb3506
add esp, 0x10
cmp esi, 2
jne short loc_fffd2d2e  ; jne 0xfffd2d2e
mov ecx, 2
mov edx, 0x4d98
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, 1
mov edx, 0x4800
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov edx, 0x4800
mov eax, ebx
call fcn_fffb331f  ; call 0xfffb331f
xor ecx, ecx
mov edx, 0x4d98
mov esi, eax
mov eax, ebx
and esi, 0xfffffffe
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, esi
mov edx, 0x4800
or ecx, 2
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov edx, 0x4800
mov eax, ebx
call fcn_fffb331f  ; call 0xfffb331f
xor esi, esi

loc_fffd2dcd:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
bt eax, esi
jae short loc_fffd2dfc  ; jae 0xfffd2dfc
lea edi, [esi*8 + 0x48a8]
mov eax, ebx
mov edx, edi
call fcn_fffb333d  ; call 0xfffb333d
mov ecx, eax
and ch, 0xf7
mov eax, ecx
push ecx
push ecx
push edx
mov edx, edi
push eax
mov eax, ebx
call fcn_fffb3506  ; call 0xfffb3506
add esp, 0x10

loc_fffd2dfc:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffd2dcd  ; jne 0xfffd2dcd
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffd2e0a:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, edx
shl esi, 0xa
push ebx
mov ebx, eax
lea edi, [esi + 0x41a0]
sub esp, 0x2c
mov edx, edi
mov byte [ebp - 0x29], cl
call fcn_fffb331f  ; call 0xfffb331f
mov edx, edi
and eax, 0xfffffccc
or eax, 0x111
mov ecx, eax
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, dword [ebp + 0x10]
lea edx, [esi + 0x41a4]
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, dword [ebp + 0x14]
lea edx, [esi + 0x41a8]
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, dword [ebp + 0x18]
lea edx, [esi + 0x41ac]
mov eax, ebx
call fcn_fffb3381  ; call 0xfffb3381
lea edx, [esi + 0x41bc]
mov eax, ebx
xor ecx, ecx
call fcn_fffb3381  ; call 0xfffb3381
lea eax, [esi + 0x41c0]
mov dword [ebp - 0x28], eax
mov eax, dword [ebp + 8]
mov dword [ebp - 0x20], 0
mov dword [ebp - 0x1c], 0
mov dword [ebp - 0x24], 0
lea esi, [eax + 4]

loc_fffd2ea2:  ; not directly referenced
mov eax, dword [ebp - 0x24]
cmp eax, dword [ebp + 0xc]
je loc_fffd2f3d  ; je 0xfffd2f3d
mov ecx, dword [esi - 4]
add esi, 0xc
movzx eax, byte [esi - 0xc]
mov edx, ecx
mov edi, ecx
and edx, 0x7c
or ah, 0x80
shl edx, 6
and edi, 1
or eax, edx
mov edx, ecx
and edx, 2
add edi, edi
shr edx, 1
and ecx, 0x380
or edx, edi
mov edi, dword [esi - 0xc]
shl ecx, 0x11
or edx, 4
shl edx, 8
and edi, 0x300
shl edi, 5
or eax, edi
mov word [ebp - 0x20], ax
mov eax, dword [ebp - 0x20]
and eax, 0xf0ffffff
or eax, ecx
mov cl, byte [ebp - 0x29]
mov dword [ebp - 0x20], eax
mov eax, dword [ebp - 0x1c]
and ah, 0xf0
or eax, edx
mov edx, dword [esi - 8]
and eax, 0xfffffff0
shl edx, cl
not edx
and edx, 0xf
or eax, edx
mov edx, dword [ebp - 0x28]
mov dword [ebp - 0x1c], eax
push eax
push eax
mov eax, ebx
push dword [ebp - 0x1c]
push dword [ebp - 0x20]
call fcn_fffb3506  ; call 0xfffb3506
add esp, 0x10
inc dword [ebp - 0x24]
jmp near loc_fffd2ea2  ; jmp 0xfffd2ea2

loc_fffd2f3d:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffd2f45:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, eax
sub esp, 0x50
mov al, byte [ebp + 8]
push 0
push 2
mov byte [ebp - 0x34], al
mov eax, dword [ebx + 0x2444]
mov byte [ebp - 0x33], cl
lea ecx, [ebp - 0x1a]
push ecx
mov dword [ebp - 0x2c], edx
call dword [eax + 0x5c]  ; ucall
mov edx, dword [ebp - 0x2c]
add esp, 0x10
mov byte [ebp - 0x2c], 0x60
movzx eax, dl
mov edi, eax
mov ecx, edi
mov dword [ebp - 0x48], eax
mov eax, 1
shl eax, cl
test byte [ebx + 0x381b], al
mov byte [ebp - 0x32], al
setne dl
mov cl, dl
or ecx, 2
test byte [ebx + 0x4bde], al
movzx eax, al
mov dword [ebp - 0x38], eax
cmovne edx, ecx
movzx eax, dl
mov dword [ebp - 0x50], eax

loc_fffd2fae:  ; not directly referenced
movzx esi, byte [ebp - 0x2c]
xor edi, edi

loc_fffd2fb4:  ; not directly referenced
imul eax, edi, 0x13c3
mov cl, byte [ebp - 0x32]
test byte [ebx + eax + 0x381b], cl
je short loc_fffd3003  ; je 0xfffd3003
push eax
push 0
push esi
push 3
push dword [ebp - 0x38]
push 1
push edi
push ebx
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x1c
push 0
push esi
push 3
push dword [ebp - 0x38]
push 2
push edi
push ebx
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x1c
push 0
push esi
push 3
push dword [ebp - 0x38]
push 3
push edi
push ebx
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20

loc_fffd3003:  ; not directly referenced
inc edi
cmp edi, 2
jne short loc_fffd2fb4  ; jne 0xfffd2fb4
mov edx, dword [ebp - 0x50]
mov eax, ebx
xor esi, esi
call fcn_fffd2d1e  ; call 0xfffd2d1e
mov eax, ebx
mov edx, 0xf
call fcn_fffa82f9  ; call 0xfffa82f9
mov edi, dword [ebp + 0xc]
imul eax, dword [ebp - 0x48], 9
mov dword [ebp - 0x4c], eax

loc_fffd302b:  ; not directly referenced
imul eax, esi, 0x13c3
mov dword [ebp - 0x40], eax
mov ecx, eax
mov al, byte [ebp - 0x32]
test byte [ebx + ecx + 0x381b], al
jne short loc_fffd304c  ; jne 0xfffd304c
mov byte [ebp + esi - 0x1a], 0xff
jmp near loc_fffd30fc  ; jmp 0xfffd30fc

loc_fffd304c:  ; not directly referenced
cmp byte [ebp + esi - 0x1a], 0xff
je loc_fffd30fc  ; je 0xfffd30fc
imul eax, esi, 0x54a
mov byte [ebp - 0x31], 0
lea eax, [ebx + eax + 0x196b]
mov dword [ebp - 0x44], eax

loc_fffd306b:  ; not directly referenced
mov al, byte [ebp - 0x31]
cmp al, byte [ebx + 0x2489]
jae loc_fffd30fc  ; jae 0xfffd30fc
mov cl, byte [ebp - 0x31]
mov edx, dword [ebp - 0x40]
mov dword [ebp - 0x30], 1
shl dword [ebp - 0x30], cl
movzx eax, cl
mov ecx, dword [ebp - 0x44]
cmp byte [ebx + edx + 0x49bb], 0x20
mov dword [ebp - 0x3c], eax
mov al, byte [ecx + eax + 0x4f6]
jne short loc_fffd30b1  ; jne 0xfffd30b1
test al, 2
je short loc_fffd30b1  ; je 0xfffd30b1
mov al, byte [ebp - 0x30]
or byte [ebp + esi - 0x1a], al
jmp short loc_fffd30f4  ; jmp 0xfffd30f4

loc_fffd30b1:  ; not directly referenced
mov ecx, dword [ebp - 0x3c]
mov edx, esi
mov eax, ebx
call fcn_fffa75c5  ; call 0xfffa75c5
mov edx, eax
mov eax, ebx
call fcn_fffb331f  ; call 0xfffb331f
mov dl, byte [ebp + esi - 0x1a]
test byte [ebp - 0x30], dl
jne short loc_fffd30f4  ; jne 0xfffd30f4
movzx eax, al
mov dword [ebp - 0x54], edx
call fcn_fffb38d9  ; call 0xfffb38d9
cmp al, 4
je short loc_fffd30f4  ; je 0xfffd30f4
mov eax, dword [ebp - 0x3c]
mov cl, byte [ebp - 0x2c]
mov edx, dword [ebp - 0x54]
add eax, dword [ebp - 0x4c]
or edx, dword [ebp - 0x30]
mov byte [edi + eax], cl
mov byte [esi + ebp - 0x1a], dl

loc_fffd30f4:  ; not directly referenced
inc byte [ebp - 0x31]
jmp near loc_fffd306b  ; jmp 0xfffd306b

loc_fffd30fc:  ; not directly referenced
inc esi
add edi, 0x24
cmp esi, 2
jne loc_fffd302b  ; jne 0xfffd302b
cmp byte [ebp - 0x1a], 0xff
jne short loc_fffd3115  ; jne 0xfffd3115
cmp byte [ebp - 0x19], 0xff
je short loc_fffd3142  ; je 0xfffd3142

loc_fffd3115:  ; not directly referenced
mov al, byte [ebp - 0x34]
add byte [ebp - 0x2c], al
test al, al
jle short loc_fffd312a  ; jle 0xfffd312a
mov al, byte [ebp - 0x33]
cmp byte [ebp - 0x2c], al
seta al
jmp short loc_fffd3137  ; jmp 0xfffd3137

loc_fffd312a:  ; not directly referenced
movzx eax, byte [ebp - 0x33]
movsx edx, byte [ebp - 0x2c]
cmp edx, eax
setl al

loc_fffd3137:  ; not directly referenced
movzx eax, al
test eax, eax
je loc_fffd2fae  ; je 0xfffd2fae

loc_fffd3142:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffd314a:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
sub esp, 0x2c
cmp dword [ebp + 8], 1
je short loc_fffd3187  ; je 0xfffd3187
jb short loc_fffd3177  ; jb 0xfffd3177
cmp dword [ebp + 8], 2
jne loc_fffd3273  ; jne 0xfffd3273
mov dword [ebp - 0x24], 0xa8
mov dword [ebp - 0x20], 0x2a
jmp short loc_fffd3195  ; jmp 0xfffd3195

loc_fffd3177:  ; not directly referenced
mov dword [ebp - 0x24], 0xa4
mov dword [ebp - 0x20], 0x29
jmp short loc_fffd3195  ; jmp 0xfffd3195

loc_fffd3187:  ; not directly referenced
mov dword [ebp - 0x24], 0xc0
mov dword [ebp - 0x20], 0x30

loc_fffd3195:  ; not directly referenced
lea eax, [esi + 0x381b]
xor ebx, ebx
mov dword [ebp - 0x28], eax
movzx eax, dl
mov dword [ebp - 0x30], eax
movzx eax, cl
mov dword [ebp - 0x34], eax

loc_fffd31ac:  ; not directly referenced
mov eax, dword [ebp - 0x30]
bt eax, ebx
jae loc_fffd325e  ; jae 0xfffd325e
mov eax, dword [ebp - 0x28]
movzx edi, byte [eax + 0xfce]
mov eax, ebx
shl eax, 0xa
add eax, 0x4190
mov edx, eax
and edi, 0xf
shl edi, 0x10
or edi, 0xf
mov dword [ebp - 0x2c], eax
mov ecx, edi
mov eax, esi
call fcn_fffb3381  ; call 0xfffb3381
mov edx, 1
mov eax, esi
call fcn_fffa82f9  ; call 0xfffa82f9
mov dword [ebp - 0x1c], 0

loc_fffd31f6:  ; not directly referenced
mov cl, byte [ebp - 0x1c]
mov eax, 1
mov edx, dword [ebp - 0x28]
shl eax, cl
test byte [edx], al
jne short loc_fffd3212  ; jne 0xfffd3212

loc_fffd3207:  ; not directly referenced
inc dword [ebp - 0x1c]
cmp dword [ebp - 0x1c], 4
jne short loc_fffd31f6  ; jne 0xfffd31f6
jmp short loc_fffd323a  ; jmp 0xfffd323a

loc_fffd3212:  ; not directly referenced
mov eax, dword [ebp - 0x34]
mov edx, dword [ebp - 0x1c]
bt eax, edx
jae short loc_fffd3207  ; jae 0xfffd3207
push eax
mov ecx, edx
push 1
mov edx, ebx
push dword [ebp - 0x24]
mov eax, esi
push dword [ebp - 0x20]
call fcn_fffacb43  ; call 0xfffacb43
add esp, 0x10
test eax, eax
je short loc_fffd3207  ; je 0xfffd3207
jmp short loc_fffd3278  ; jmp 0xfffd3278

loc_fffd323a:  ; not directly referenced
cmp dword [ebp + 8], 2
je short loc_fffd325e  ; je 0xfffd325e
mov edx, 1
mov eax, esi
call fcn_fffa82f9  ; call 0xfffa82f9
mov edx, dword [ebp - 0x2c]
and edi, 0xfff0ffff
mov ecx, edi
mov eax, esi
call fcn_fffb3381  ; call 0xfffb3381

loc_fffd325e:  ; not directly referenced
inc ebx
add dword [ebp - 0x28], 0x13c3
cmp ebx, 2
jne loc_fffd31ac  ; jne 0xfffd31ac
xor eax, eax
jmp short loc_fffd3278  ; jmp 0xfffd3278

loc_fffd3273:  ; not directly referenced
mov eax, 1

loc_fffd3278:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffd3280:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
mov esi, ecx
push ebx
mov ebx, edx
sub esp, 0x70
mov al, byte [ebp + 8]
push 0
push 2
lea edx, [ebp - 0x2c]
mov byte [ebp - 0x53], al
mov eax, dword [edi + 0x2444]
mov byte [ebp - 0x52], cl
push edx
call dword [eax + 0x5c]  ; ucall
movzx ecx, bl
mov eax, 1
shl eax, cl
add esp, 0x10
mov byte [ebp - 0x3e], al
movzx eax, al
mov dword [ebp - 0x50], eax
lea eax, [ecx + ecx*8]
mov dword [ebp - 0x60], eax
mov eax, esi
movzx eax, al
mov byte [ebp - 0x40], 0
mov byte [ebp - 0x3d], 0x40
mov dword [ebp - 0x64], eax

loc_fffd32d5:  ; not directly referenced
movzx esi, byte [ebp - 0x3d]
xor ebx, ebx

loc_fffd32db:  ; not directly referenced
imul eax, ebx, 0x13c3
mov dl, byte [ebp - 0x3e]
test byte [edi + eax + 0x381b], dl
je short loc_fffd3302  ; je 0xfffd3302
push eax
push 0
push esi
push 1
push dword [ebp - 0x50]
push 4
push ebx
push edi
call fcn_fffabc7a  ; call 0xfffabc7a
add esp, 0x20

loc_fffd3302:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffd32db  ; jne 0xfffd32db
mov dword [ebp - 0x3c], 0

loc_fffd330f:  ; not directly referenced
mov al, byte [ebp - 0x3e]
test byte [edi + 0x381b], al
je short loc_fffd335b  ; je 0xfffd335b
or byte [ebp - 0x40], 1
mov edx, 0x41a4
cmp dword [ebp - 0x3c], 1
mov eax, edi
sbb ecx, ecx
and ecx, 0xffffc000
add ecx, 0x7000
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, 0x4000
mov edx, 0x41a8
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
xor ecx, ecx
mov edx, 0x41ac
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381

loc_fffd335b:  ; not directly referenced
mov al, byte [ebp - 0x3e]
test byte [edi + 0x4bde], al
je short loc_fffd33a7  ; je 0xfffd33a7
or byte [ebp - 0x40], 2
mov edx, 0x45a4
cmp dword [ebp - 0x3c], 1
mov eax, edi
sbb ecx, ecx
and ecx, 0xffffc000
add ecx, 0x7000
call fcn_fffb3381  ; call 0xfffb3381
mov ecx, 0x4000
mov edx, 0x45a8
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381
xor ecx, ecx
mov edx, 0x45ac
mov eax, edi
call fcn_fffb3381  ; call 0xfffb3381

loc_fffd33a7:  ; not directly referenced
movzx edx, byte [ebp - 0x40]
mov eax, edi
xor esi, esi
call fcn_fffd2d1e  ; call 0xfffd2d1e
mov eax, edi
mov edx, 0xf
call fcn_fffa82f9  ; call 0xfffa82f9
mov eax, dword [ebp + 0xc]
mov dword [ebp - 0x48], eax

loc_fffd33c6:  ; not directly referenced
imul eax, esi, 0x13c3
mov dword [ebp - 0x5c], eax
mov ebx, eax
mov al, byte [ebp - 0x3e]
test byte [edi + ebx + 0x381b], al
jne short loc_fffd33e7  ; jne 0xfffd33e7
mov byte [ebp + esi - 0x2c], 0xff
jmp near loc_fffd34c6  ; jmp 0xfffd34c6

loc_fffd33e7:  ; not directly referenced
cmp byte [ebp + esi - 0x2c], 0xff
je loc_fffd34c6  ; je 0xfffd34c6
imul eax, esi, 0x54a
lea ebx, [ebp - 0x18]
mov byte [ebp - 0x3f], 0
lea eax, [edi + eax + 0x196b]
mov dword [ebp - 0x58], eax
lea eax, [esi + esi*8]
add eax, ebx
mov dword [ebp - 0x4c], eax

loc_fffd3411:  ; not directly referenced
mov al, byte [ebp - 0x3f]
cmp al, byte [edi + 0x2489]
jae loc_fffd34c6  ; jae 0xfffd34c6
mov edx, dword [ebp - 0x5c]
mov cl, byte [ebp - 0x3f]
mov eax, dword [ebp - 0x58]
mov dword [ebp - 0x44], 1
shl dword [ebp - 0x44], cl
cmp byte [edi + edx + 0x49bb], 0x20
movzx ebx, cl
mov al, byte [eax + ebx + 0x4f6]
jne short loc_fffd3454  ; jne 0xfffd3454
test al, 2
je short loc_fffd3454  ; je 0xfffd3454
mov al, byte [ebp - 0x44]
or byte [ebp + esi - 0x2c], al
jmp short loc_fffd34be  ; jmp 0xfffd34be

loc_fffd3454:  ; not directly referenced
mov ecx, ebx
mov edx, esi
mov eax, edi
call fcn_fffa75c5  ; call 0xfffa75c5
mov edx, eax
mov eax, edi
call fcn_fffb331f  ; call 0xfffb331f
mov cl, byte [ebp + esi - 0x2c]
test byte [ebp - 0x44], cl
jne short loc_fffd34be  ; jne 0xfffd34be
cmp dword [ebp - 0x3c], 0
movzx edx, al
jne short loc_fffd3483  ; jne 0xfffd3483
mov eax, dword [ebp - 0x4c]
mov byte [ebx + eax - 0x12], dl
jmp short loc_fffd34be  ; jmp 0xfffd34be

loc_fffd3483:  ; not directly referenced
mov eax, dword [ebp - 0x4c]
mov dword [ebp - 0x6c], ecx
mov dword [ebp - 0x68], edx
mov al, byte [ebx + eax - 0x12]
mov byte [ebp - 0x51], al
mov eax, edx
call fcn_fffb38d9  ; call 0xfffb38d9
mov edx, dword [ebp - 0x68]
mov ecx, dword [ebp - 0x6c]
cmp al, 4
jne short loc_fffd34a9  ; jne 0xfffd34a9
cmp byte [ebp - 0x51], dl
jne short loc_fffd34be  ; jne 0xfffd34be

loc_fffd34a9:  ; not directly referenced
mov eax, dword [ebp - 0x60]
mov edx, dword [ebp - 0x48]
or ecx, dword [ebp - 0x44]
add eax, ebx
mov bl, byte [ebp - 0x3d]
mov byte [ebp + esi - 0x2c], cl
mov byte [edx + eax], bl

loc_fffd34be:  ; not directly referenced
inc byte [ebp - 0x3f]
jmp near loc_fffd3411  ; jmp 0xfffd3411

loc_fffd34c6:  ; not directly referenced
inc esi
add dword [ebp - 0x48], 0x24
cmp esi, 2
jne loc_fffd33c6  ; jne 0xfffd33c6
inc dword [ebp - 0x3c]
cmp dword [ebp - 0x3c], 2
jne loc_fffd330f  ; jne 0xfffd330f
cmp byte [ebp - 0x2c], 0xff
jne short loc_fffd34ed  ; jne 0xfffd34ed
cmp byte [ebp - 0x2b], 0xff
je short loc_fffd3517  ; je 0xfffd3517

loc_fffd34ed:  ; not directly referenced
mov al, byte [ebp - 0x53]
add byte [ebp - 0x3d], al
test al, al
jle short loc_fffd3502  ; jle 0xfffd3502
mov al, byte [ebp - 0x52]
cmp byte [ebp - 0x3d], al
seta al
jmp short loc_fffd350c  ; jmp 0xfffd350c

loc_fffd3502:  ; not directly referenced
movsx eax, byte [ebp - 0x3d]
cmp eax, dword [ebp - 0x64]
setl al

loc_fffd350c:  ; not directly referenced
movzx eax, al
test eax, eax
je loc_fffd32d5  ; je 0xfffd32d5

loc_fffd3517:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

loc_fffd351f:
db 0x90

ref_fffd3520:
dd 0x02000801
dd 0x00000602

ref_fffd3528:
dd 0x4000f001
dd 0x02005a01
dd 0x011800dc
dd 0x9004005a
dd 0xa0020801
dd 0x01900500
dd 0x00a00208
dd 0xe000f010
dd 0x11000001
dd 0x01e000f0
dd 0xc0200000
dd 0x00018000
dd 0x00c02100
dd 0x00000180
dd 0x2200be0b
dd 0x0c000001
dd 0x01900118
dd 0x080d008c
dd 0xbe028002
dd 0x00000000

ref_fffd3578:
dd 0x4443524d
dd 0x90906600

ref_fffd3580:
dd 0x05010400
dd 0x07030602
dd 0x00000008

ref_fffd358c:
dd 0xff830000
dd 0xffe1ffc2
dd 0x007d00fa
dd 0x001f003e

ref_fffd359c:
dd 0x02030304
dd 0x02030404
dd 0x03030405
dd 0x03040405
dd 0x03040405
dd 0x02030304
dd 0x02030404
dd 0x03030405
dd 0x03040405
dd 0x03030404

ref_fffd35c4:
dd 0x05060605
dd 0x05060605
dd 0x06060604
dd 0x05060607
dd 0x05060607
dd 0x06060607

ref_fffd35dc:
dd loc_fffa6b23
dd loc_fffa6a60
dd loc_fffa6a95
dd loc_fffa6af5
dd loc_fffa6a33
dd loc_fffa6b23
dd loc_fffa6b23

ref_fffd35f8:
dd loc_fffa83ad
dd loc_fffa83bb
dd loc_fffa83cb
dd loc_fffa84b9
dd loc_fffa83e0
dd loc_fffa83eb
dd loc_fffa83f8
dd loc_fffa8429
dd loc_fffa8446

ref_fffd361c:
dd loc_fffa863f
dd loc_fffa8673
dd loc_fffa86b0
dd loc_fffa868f
dd loc_fffa863f
dd loc_fffa8673
dd loc_fffa868f
dd loc_fffa85e4

ref_fffd363c:
dd 0x50f00050
dd 0x0000f000
dd 0x00000000

ref_fffd3648:
dd 0x50f00050
dd 0x0000f000
dd 0x00000000

ref_fffd3654:
db '<<<<<(<(<(<(<<<<<(<(<(<('

ref_fffd366c:
dd 0x3c3c3c3c
dd 0x1e3c1e3c
dd 0x1e3c1e3c
dd 0x3c3c3c3c
dd 0x1e3c1e3c
dd 0x1e3c1e3c

ref_fffd3684:
dd 0x00780078
dd 0x00000000

ref_fffd368c:
dd 0x003c003c
dd 0x1e3c1e3c
dd 0x1e3c1e3c
dd 0x003c003c
dd 0x1e3c1e3c
dd 0x1e3c1e3c

ref_fffd36a4:
dd 0x28002800
dd 0x1e3c1e3c
dd 0x1e3c1e3c
dd 0x28002800
dd 0x1e3c1e3c
dd 0x1e3c1e3c

ref_fffd36bc:
dd 0x00780078
dd 0x00000000

ref_fffd36c4:
dd 0x02000100
dd 0x08000400
dd 0x20001000
dd 0x80004000

ref_fffd36d4:
dd 0x86186186
dd 0x18618618
dd 0x30c30c30
dd 0xa28a28a2
dd 0x8a28a28a
dd 0x14514514
dd 0x28a28a28
dd 0x92492492
dd 0x24924924

ref_fffd36f8:
dd 0x00a10ca1
dd 0x00ef0d08
dd 0x00ad0a1e

ref_fffd3704:
dd 0x00100000
dd 0x00110001
dd 0x00800081

ref_fffd3710:
dd 0x00010000
dd 0x00030002
dd 0x00050004
dd 0x00070006

ref_fffd3720:
dd 0x00000000
dd 0x00010105
dd 0x01050100

ref_fffd372c:
dd 0x00000000
dd 0x04000101
dd 0x01050000

ref_fffd3738:
dd 0x01000001
dd 0x04010101
dd 0x01050100

ref_fffd3744:
dd 0x00000000
dd 0x04000103
dd 0x01070000

ref_fffd3750:
dd 0x00000000
dd 0x04000003
dd 0x00070000

ref_fffd375c:
dd 0x00010000
dd 0x04000103
dd 0x01070001

ref_fffd3768:
dd fcn_fffc357b
dd fcn_fffc3516
dd fcn_fffc33be
dd fcn_fffc32ef
dd fcn_fffc332f
dd fcn_fffc3271
dd fcn_fffc34a7
dd fcn_fffc33fb
dd fcn_fffc3238
dd fcn_fffc31ef
dd fcn_fffc3134
dd fcn_fffc30b0
dd fcn_fffb1631

ref_fffd379c:
dd fcn_fffc2e7b
dd fcn_fffb3adc
dd fcn_fffa7800
dd fcn_fffc2bea
dd fcn_fffc2807
dd fcn_fffc2588
dd fcn_fffc236f
dd fcn_fffb30e0
dd fcn_fffb2f13
dd fcn_fffb2a0f
dd fcn_fffb2858
dd fcn_fffc2a09
dd fcn_fffb26af
dd fcn_fffb216f
dd fcn_fffb1f88
dd fcn_fffb1ddf
dd fcn_fffb2d98
dd fcn_fffb2c1d
dd fcn_fffb2502
dd fcn_fffb2355
dd fcn_fffb1c91
dd fcn_fffb1b43
dd fcn_fffb1983
dd fcn_fffb166e

ref_fffd37fc:
dd 0xffffffff

ref_fffd3800:
dd 0x7fffffff

ref_fffd3804:
dd 0x2625a000
dd 0x00032000
dd 0x84800300
dd 0x03e8001e
dd 0x38020000
dd 0x2b001c9c
dd 0x01000004
dd 0x00196e6a
dd 0x000004b0
dd 0x16e36002
dd 0x00053500
dd 0xcc5b0100
dd 0x05780015
dd 0xd0020000
dd 0x40001312
dd 0x03000006
dd 0x0010f447
dd 0x00000708
dd 0x10594402
dd 0x00074b00
dd 0x42400100
dd 0x07d0000f
dd 0x10020000
dd 0x55000e50
dd 0x01000008
dd 0x000ddf22
dd 0x00000898
dd 0x0cb73502
dd 0x00096000
dd 0xbcce0300
dd 0x0a28000b
dd 0xb0020000
dd 0x6b000b71
dd 0x0100000a
dd 0x000ae62d
dd 0x00000af0
dd 0x0a675a02
dd 0x000b7500
dd 0x2c2a0100
dd 0x0bb8000a
dd 0x68020000
dd 0x80000989
dd 0x0300000c
dd 0x00000000
dd 0x00000000
dd 0x90906600

ref_fffd38bc:
dd 0x00000000
dd 0x00000000
dd 0x00070000
dd 0x03ff07ff
dd 0x00000000
dd 0x00000020
dd 0x00000003
dd 0x00000003
dd 0x00000000
dd 0x00010001
dd 0x00350049

ref_fffd38e8:
dd 0x00000401
dd 0x00000203

ref_fffd38f0:
dd 0x00010001
dd 0x00000307

ref_fffd38f8:
dd 0x00010000
dd 0x90660000

ref_fffd3900:
dd 0x00010000
dd 0x02000201
dd 0x00030900
dd 0x7801001f
dd 0x01007d00
dd 0x01480140
dd 0x5c014909
dd 0x00200101
dd 0x7e010077
dd 0x0100ff00
dd 0x017f015d
dd 0x83018001
dd 0x01840101
dd 0x89010188
dd 0x0101a701
dd 0x01ca01ac
dd 0x00000001

ref_fffd3944:
dd 0x00010000
dd 0x02000201
dd 0x00030900
dd 0x3c010029
dd 0x01003f00
dd 0x007f0075
dd 0x91008009
dd 0x00270100
dd 0x4001003b
dd 0x01007d00
dd 0x00b300b0
dd 0xb800b401
dd 0x00b90100
dd 0xdc0100d7
dd 0x0100fa00

ref_fffd3980:
dd 0x20445053
dd 0x90906600

ref_fffd3988:
dd 0x02010000
dd 0x06050403
dd 0x08080707
dd 0x0a090909
dd 0x90660a0a

ref_fffd399c:
dd loc_fffb4110
dd loc_fffb413e
dd loc_fffb4178
dd loc_fffb41f2
dd loc_fffb41f2
dd loc_fffb41f2
dd loc_fffb41f2
dd loc_fffb41f2
dd loc_fffb41f2
dd loc_fffb41f2
dd loc_fffb4196
dd loc_fffb41c9

ref_fffd39cc:
dd loc_fffb46a0
dd loc_fffb46b7
dd loc_fffb46ce
dd loc_fffb46e2
dd loc_fffb46f6
dd loc_fffb470d
dd loc_fffb4724
dd loc_fffb4738
dd loc_fffb4773
dd loc_fffb478a
dd loc_fffb47df
dd loc_fffb4850
dd loc_fffb48b3
dd loc_fffb49d4
dd loc_fffb4a08

ref_fffd3a08:
dd loc_fffb4c55
dd loc_fffb4c46
dd loc_fffb4c64
dd loc_fffb4cee
dd loc_fffb4cee
dd loc_fffb4cee

ref_fffd3a20:
db 'CbAllocatePool',0x00,0x00

ref_fffd3a30:
dd 0x00000000
dd 0xe0566b04
dd 0x060a0302

ref_fffd3a3c:
dd 0x008a2601
dd 0xee84a905
dd 0x03060402
dd 0x008a1601
dd 0xee4c9105
dd 0x03050402
dd 0x008e2601
dd 0xe979a305
dd 0x04070302
dd 0x008e1601
dd 0xe94a8b05
dd 0x03060302
dd 0x008a2401
dd 0xe0566b04
dd 0x05090302
dd 0x008a1401
dd 0xe03d5f04
dd 0x04080302
dd 0x008e2401
dd 0xdb4f6704
dd 0x060a0302
dd 0x008e1401
dd 0xdb385b04
dd 0x05090302

ref_fffd3a9c:
dd 0x00000062
dd 0x44ab8703
dd 0x42220805
dd 0x03000000
dd 0x0544c19f
dd 0x00522008
dd 0xda030000
dd 0x09054df2
dd 0x0000631e
dd 0xefc50300
dd 0x341008cd
dd 0x00000043
dd 0x67877202
dd 0x53340804
dd 0x02000000
dd 0x0573a398
dd 0x00003109
dd 0x98020000
dd 0x090573a3
dd 0x00000034

ref_fffd3aec:
dd 0x00669263
dd 0x82ca6a04
dd 0x63081009
dd 0x030066a2
dd 0x05408934
dd 0x92630b07
dd 0x78040086
dd 0x130b86d6
dd 0x86a26309
dd 0x8f3b0300
dd 0x0e090642
dd 0x00669463
dd 0x7cb05b04
dd 0x63070b05
dd 0x040066a4
dd 0x057af758
dd 0x94630909
dd 0x66040086
dd 0x0d0681b9
dd 0x86a46308
dd 0x80320300
dd 0x09050340
dd 0x00671263
dd 0x40ca9f03
dd 0x63110705
dd 0x03006722
dd 0x053fca9e
dd 0x12631807
dd 0xa6030087
dd 0x090642d0
dd 0x87226313
dd 0xd0a50300
dd 0x1a080641
dd 0x00671463
dd 0x3dbd9803
dd 0x630f0503
dd 0x03006724
dd 0x033dbd97
dd 0x14631204
dd 0x9d030087
dd 0x060340c2
dd 0x87246310
dd 0xc19c0300
dd 0x1405033f
dd 0x006a9263
dd 0x88b36604
dd 0x630a0e08
dd 0x04006aa2
dd 0x0886b164
dd 0x92630d0c
dd 0x7404008a
dd 0x110a8bbf
dd 0x8aa2630b
dd 0xbd720400
dd 0x0f0f0a89
dd 0x006a9463
dd 0x7c9a5704
dd 0x63080a04
dd 0x04006aa4
dd 0x047a9855
dd 0x94630a08
dd 0x6204008a
dd 0x0b0580a3
dd 0x8aa46309
dd 0xa1600400
dd 0x0b09057e
dd 0x006b1263
dd 0x43ab8803
dd 0x63140704
dd 0x03006b22
dd 0x0443aa87
dd 0x12631a06
dd 0x8f03008b
dd 0x080545b1
dd 0x8b226315
dd 0xb08f0300
dd 0x1d070544
dd 0x006b1463
dd 0x3d9e8103
dd 0x63100402
dd 0x03006b24
dd 0x023d9e80
dd 0x14631504
dd 0x8603008b
dd 0x05033fa3
dd 0x8b246311
dd 0xa2850300
dd 0x1504033f
dd 0x006e9263
dd 0x90fd7204
dd 0x630c0d07
dd 0x04006ea2
dd 0x078efb71
dd 0x92630f0b
dd 0x4003008e
dd 0x08054a85
dd 0x8ea2630e
dd 0x843f0300
dd 0x12070549
dd 0x006e9463
dd 0x7ee46204
dd 0x630a0904
dd 0x04006ea4
dd 0x047ce361
dd 0x94630c07
dd 0x6c04008e
dd 0x0a0582ed
dd 0x8ea4630b
dd 0xeb6b0400
dd 0x0d080580
dd 0x006f1263
dd 0x47ce8e03
dd 0x63170604
dd 0x03006f22
dd 0x0447cd8e
dd 0x12632006
dd 0x9503008f
dd 0x070549d4
dd 0x8f226319
dd 0xd3950300
dd 0x23070548
dd 0x006f1463
dd 0x3ec18603
dd 0x63130402
dd 0x03006f24
dd 0x023ec186
dd 0x14631603
dd 0x8c03008f
dd 0x040340c6
dd 0x8f246314
dd 0xc58b0300
dd 0x1a040340
dd 0x00729263
dd 0x9ce66f04
dd 0x630e0c07
dd 0x040072a2
dd 0x079be46d
dd 0x9263120b
dd 0x7c040092
dd 0x0e089ff1
dd 0x92a2630f
dd 0xf07b0400
dd 0x140d089d
dd 0x00729463
dd 0x83ce5f04
dd 0x630b0804
dd 0x040072a4
dd 0x0482cc5e
dd 0x94630d06
dd 0x69040092
dd 0x090587d6
dd 0x92a4630c
dd 0xd5680400
dd 0x0e070586
dd 0x00731263
dd 0x4eb78103
dd 0x631a0604
dd 0x03007322
dd 0x044db680
dd 0x12632105
dd 0x87030093
dd 0x07044fbd
dd 0x9322631c
dd 0xbc870300
dd 0x2506044f
dd 0x00731463
dd 0x41ab7903
dd 0x63150402
dd 0x03007324
dd 0x0241aa78
dd 0x14631903
dd 0x7e030093
dd 0x040343af
dd 0x93246316
dd 0xaf7d0300
dd 0x1d040343
dd 0x00769263
dd 0xa6d46c04
dd 0x630f0b06
dd 0x040076a2
dd 0x06a4d36b
dd 0x9263130a
dd 0x7a040096
dd 0x0d08a8e0
dd 0x96a26311
dd 0xde790400
dd 0x160c08a7
dd 0x00769463
dd 0x87bd5c04
dd 0x630c0703
dd 0x040076a4
dd 0x0385bb5b
dd 0x94630e06
dd 0x66040096
dd 0x08048ac5
dd 0x96a4630d
dd 0xc3650400
dd 0x10070489
dd 0x00771263
dd 0x52a67603
dd 0x631a0503
dd 0x03007722
dd 0x0352a576
dd 0x12632405
dd 0x7d030097
dd 0x060454ab
dd 0x9722631d
dd 0xab7d0300
dd 0x29060453
dd 0x00771463
dd 0x439a6e03
dd 0x63150302
dd 0x03007724
dd 0x02439a6e
dd 0x14631b03
dd 0x73030097
dd 0x0402459e
dd 0x97246318
dd 0x9d730300
dd 0x1c030244
dd 0x00669243
dd 0x82c97704
dd 0x43091009
dd 0x040066a2
dd 0x097fc775
dd 0x92430c0e
dd 0x85040086
dd 0x130b86d6
dd 0x86a2430a
dd 0xd3830400
dd 0x0d110b83
dd 0x00669443
dd 0x7cb06804
dd 0x43070b05
dd 0x040066a4
dd 0x057aae66
dd 0x94430909
dd 0x73040086
dd 0x0d0681b9
dd 0x86a44308
dd 0xb7710400
dd 0x0a0a067e
dd 0x00671243
dd 0x40e8bd03
dd 0x43130705
dd 0x03006722
dd 0x053fe8bd
dd 0x12431a07
dd 0xc4030087
dd 0x090642ef
dd 0x87224315
dd 0xeec30300
dd 0x1c080641
dd 0x00671443
dd 0x3ddcb603
dd 0x43110503
dd 0x03006724
dd 0x033ddbb5
dd 0x14431404
dd 0xbb030087
dd 0x060340e0
dd 0x87244312
dd 0xdfbb0300
dd 0x1605033f
dd 0x006a9243
dd 0x88b27104
dd 0x430a0e08
dd 0x04006aa2
dd 0x0886b16f
dd 0x92430d0c
dd 0x7f04008a
dd 0x110a8bbf
dd 0x8aa2430b
dd 0xbd7d0400
dd 0x0f0f0a89
dd 0x006a9443
dd 0x7c9a6204
dd 0x43080a04
dd 0x04006aa4
dd 0x047a9860
dd 0x94430a08
dd 0x6d04008a
dd 0x0b0580a3
dd 0x8aa44309
dd 0xa16b0400
dd 0x0b09057e
dd 0x006b1243
dd 0x43c3a003
dd 0x43150704
dd 0x03006b22
dd 0x0443c2a0
dd 0x12431c06
dd 0xa703008b
dd 0x080545c9
dd 0x8b224317
dd 0xc8a70300
dd 0x1f070544
dd 0x006b1443
dd 0x3db69903
dd 0x43110402
dd 0x03006b24
dd 0x023db698
dd 0x14431604
dd 0x9e03008b
dd 0x05033fbb
dd 0x8b244313
dd 0xba9e0300
dd 0x1704033f
dd 0x006e9243
dd 0x90d27904
dd 0x430c0d07
dd 0x04006ea2
dd 0x078ed077
dd 0x92430f0b
dd 0x8704008e
dd 0x0f0993de
dd 0x8ea2430d
dd 0xdc850400
dd 0x110d0991
dd 0x006e9443
dd 0x7eba6904
dd 0x430a0804
dd 0x04006ea4
dd 0x047cb867
dd 0x94430c07
dd 0x7304008e
dd 0x0a0581c2
dd 0x8ea4430b
dd 0xc0720400
dd 0x0d080580
dd 0x006f1243
dd 0x47ba8e03
dd 0x43170604
dd 0x03006f22
dd 0x0447ba8e
dd 0x12432006
dd 0x9503008f
dd 0x070549c0
dd 0x8f224319
dd 0xc0940300
dd 0x23070548
dd 0x006f1443
dd 0x3eae8603
dd 0x43130402
dd 0x03006f24
dd 0x023eae86
dd 0x14431603
dd 0x8b03008f
dd 0x040340b2
dd 0x8f244314
dd 0xb28b0300
dd 0x1a040340
dd 0x00729243
dd 0x9cc17504
dd 0x430e0c07
dd 0x040072a2
dd 0x079bbf73
dd 0x9243120b
dd 0x82040092
dd 0x0e089fcc
dd 0x92a2430f
dd 0xcb810400
dd 0x140c089d
dd 0x00729443
dd 0x83a96504
dd 0x430b0804
dd 0x040072a4
dd 0x0482a864
dd 0x94430d06
dd 0x6f040092
dd 0x090587b1
dd 0x92a4430c
dd 0xb06e0400
dd 0x0e070586
dd 0x00731243
dd 0x4ea68003
dd 0x431a0604
dd 0x03007322
dd 0x044da680
dd 0x12432105
dd 0x87030093
dd 0x07044fac
dd 0x9322431c
dd 0xab870300
dd 0x2506044f
dd 0x00731443
dd 0x419a7803
dd 0x43150402
dd 0x03007324
dd 0x02419a78
dd 0x14431903
dd 0x7d030093
dd 0x0403439e
dd 0x93244316
dd 0x9e7d0300
dd 0x1d040343
dd 0x00769243
dd 0xa5b47204
dd 0x430f0b06
dd 0x040076a2
dd 0x06a4b370
dd 0x9243140a
dd 0x7f040096
dd 0x0d08a8c0
dd 0x96a24311
dd 0xbe7e0400
dd 0x160c08a7
dd 0x00769443
dd 0x879d6104
dd 0x430c0703
dd 0x040076a4
dd 0x03859b60
dd 0x94430e06
dd 0x6b040096
dd 0x08048aa4
dd 0x96a4430d
dd 0xa36a0400
dd 0x10070489
dd 0x00771243
dd 0x52977603
dd 0x431a0503
dd 0x03007722
dd 0x03529776
dd 0x12432405
dd 0x7d030097
dd 0x0604549d
dd 0x9722431d
dd 0x9c7c0300
dd 0x29060453
dd 0x00771443
dd 0x438b6e03
dd 0x43150302
dd 0x03007724
dd 0x02438b6d
dd 0x14431b03
dd 0x73030097
dd 0x0402458f
dd 0x97244318
dd 0x8f720300
dd 0x1c030244
dd 0x00669253
dd 0x91e28504
dd 0x5308120a
dd 0x040066a2
dd 0x0a8fdf83
dd 0x92530b0f
dd 0x95040086
dd 0x150d96f0
dd 0x86a25309
dd 0xed920400
dd 0x0d130d93
dd 0x00669453
dd 0x9acf7e04
dd 0x53060c06
dd 0x040066a4
dd 0x0698cc7b
dd 0x9453080a
dd 0x8b040086
dd 0x0e07a0da
dd 0x86a45307
dd 0xd7890400
dd 0x0a0c079d
dd 0x00671253
dd 0x248c7702
dd 0x530f0403
dd 0x02006722
dd 0x03248c76
dd 0x12531704
dd 0x7b020087
dd 0x05042590
dd 0x87225311
dd 0x8f7a0200
dd 0x1b050425
dd 0x00671453
dd 0x26877502
dd 0x530d0302
dd 0x02006724
dd 0x02268774
dd 0x14531303
dd 0x78020087
dd 0x0302288a
dd 0x8724530d
dd 0x8a780200
dd 0x13030227
dd 0x006a9253
dd 0x98c87e04
dd 0x53091009
dd 0x04006aa2
dd 0x0996c67c
dd 0x92530d0e
dd 0x8e04008a
dd 0x120b9cd6
dd 0x8aa2530a
dd 0xd48c0400
dd 0x0e100b9a
dd 0x006a9453
dd 0x9ab67704
dd 0x53070b05
dd 0x04006aa4
dd 0x0598b475
dd 0x94530a09
dd 0x8404008a
dd 0x0c079fc0
dd 0x8aa45308
dd 0xbe820400
dd 0x0a0a079d
dd 0x006b1253
dd 0x26928302
dd 0x53130403
dd 0x02006b22
dd 0x03269282
dd 0x12531d04
dd 0x8702008b
dd 0x05032796
dd 0x8b225316
dd 0x95860200
dd 0x1d040327
dd 0x006b1453
dd 0x268e8102
dd 0x53110302
dd 0x02006b24
dd 0x02268d80
dd 0x14531302
dd 0x8402008b
dd 0x03022890
dd 0x8b245311
dd 0x90840200
dd 0x18030227
dd 0x006e9253
dd 0xa1b87a04
dd 0x530a0e08
dd 0x04006ea2
dd 0x08a0b679
dd 0x92530e0c
dd 0x8a04008e
dd 0x100aa5c5
dd 0x8ea2530b
dd 0xc4880400
dd 0x100f0aa3
dd 0x006e9453
dd 0x9ca67104
dd 0x53080a05
dd 0x04006ea4
dd 0x059aa470
dd 0x94530b08
dd 0x7e04008e
dd 0x0b06a1b0
dd 0x8ea45309
dd 0xae7c0400
dd 0x0c09069f
dd 0x006f1253
dd 0x50fce203
dd 0x53140704
dd 0x03006f22
dd 0x0450fbe1
dd 0x12531c06
dd 0x7502008f
dd 0x04032982
dd 0x8f225316
dd 0x81750200
dd 0x22040329
dd 0x006f1453
dd 0x4ef3dd03
dd 0x53100403
dd 0x03006f24
dd 0x034df2dd
dd 0x14531604
dd 0xe403008f
dd 0x050350f8
dd 0x8f245312
dd 0xf7e30300
dd 0x19050350
dd 0x00729253
dd 0xafac7704
dd 0x530b0d07
dd 0x040072a2
dd 0x07aeab76
dd 0x9253100c
dd 0x86040092
dd 0x0f09b2b9
dd 0x92a2530d
dd 0xb8850400
dd 0x120e09b1
dd 0x00729453
dd 0xa39a6f04
dd 0x53090904
dd 0x040072a4
dd 0x04a2996d
dd 0x94530c07
dd 0x7b040092
dd 0x0a05a8a5
dd 0x92a4530a
dd 0xa37a0400
dd 0x0e0905a7
dd 0x00731253
dd 0x57dfc903
dd 0x53150604
dd 0x03007322
dd 0x0457dfc8
dd 0x12532006
dd 0xd0030093
dd 0x070559e6
dd 0x93225317
dd 0xe5d00300
dd 0x24070558
dd 0x00731453
dd 0x51d6c503
dd 0x53120402
dd 0x03007324
dd 0x0251d6c4
dd 0x14531904
dd 0xcb030093
dd 0x050354db
dd 0x93245314
dd 0xdbcb0300
dd 0x19040353
dd 0x00769253
dd 0xbaa47504
dd 0x530d0c07
dd 0x040076a2
dd 0x07b9a274
dd 0x9253120b
dd 0x84040096
dd 0x0e09bcb0
dd 0x96a2530e
dd 0xaf830400
dd 0x140d09bb
dd 0x00769453
dd 0xa7926c04
dd 0x530a0804
dd 0x040076a4
dd 0x04a6916a
dd 0x94530d07
dd 0x78040096
dd 0x0905ac9c
dd 0x96a4530b
dd 0x9b770400
dd 0x0e0805ab
dd 0x00771253
dd 0x5dcab603
dd 0x53180604
dd 0x03007722
dd 0x045cc9b6
dd 0x12532406
dd 0xbe030097
dd 0x07055ed0
dd 0x9722531a
dd 0xd0bd0300
dd 0x2406055e
dd 0x00771453
dd 0x53c1b103
dd 0x53130402
dd 0x03007724
dd 0x0253c1b1
dd 0x14531703
dd 0xb8030097
dd 0x040356c6
dd 0x97245314
dd 0xc6b70300
dd 0x1c040355
dd 0x00669262
dd 0x69a35604
dd 0x62070d07
dd 0x040066a2
dd 0x0767dd54
dd 0x9262090b
dd 0x61040086
dd 0x10096cad
dd 0x86a26208
dd 0xe75f0400
dd 0x0b0e096a
dd 0x00669462
dd 0x658f4a04
dd 0x62060904
dd 0x040066a4
dd 0x0463c948
dd 0x94620707
dd 0x53040086
dd 0x0a056996
dd 0x86a46206
dd 0xd0510400
dd 0x08080567
dd 0x00671262
dd 0x34a48103
dd 0x620e0604
dd 0x03006722
dd 0x0433a380
dd 0x12621406
dd 0x87030087
dd 0x070536a9
dd 0x87226210
dd 0xa8860300
dd 0x16070535
dd 0x00671462
dd 0x329a7b03
dd 0x620c0402
dd 0x03006724
dd 0x0231997a
dd 0x14620e03
dd 0x7f030087
dd 0x0503349d
dd 0x8724620d
dd 0x9d7f0300
dd 0x10040333
dd 0x006a9262
dd 0x6e915304
dd 0x62080c06
dd 0x04006aa2
dd 0x066d8f51
dd 0x92620b0a
dd 0x5e04008a
dd 0x0e08719b
dd 0x8aa26209
dd 0x995c0400
dd 0x0c0c086f
dd 0x006a9462
dd 0xc9f98d05
dd 0x62060f07
dd 0x05006aa4
dd 0x07c5f68a
dd 0x9462080c
dd 0x4f04008a
dd 0x09046884
dd 0x8aa46207
dd 0x824e0400
dd 0x09070466
dd 0x006b1262
dd 0x378a6e03
dd 0x620f0503
dd 0x03006b22
dd 0x03368a6e
dd 0x12621605
dd 0x7403008b
dd 0x0604388f
dd 0x8b226211
dd 0x8f740300
dd 0x18060438
dd 0x006b1462
dd 0x32806803
dd 0x620e0402
dd 0x04006b24
dd 0x0462ffcf
dd 0x14621006
dd 0x6d03008b
dd 0x04023484
dd 0x8b24620e
dd 0x836c0300
dd 0x13040233
dd 0x006e9262
dd 0x75cd5d04
dd 0x620a0b06
dd 0x04006ea2
dd 0x0673cb5b
dd 0x92620d09
dd 0x6804008e
dd 0x0c0777d6
dd 0x8ea2620b
dd 0xd5660400
dd 0x0e0b0776
dd 0x006e9462
dd 0x66b95004
dd 0x62080703
dd 0x04006ea4
dd 0x0365b84e
dd 0x94620a06
dd 0x5804008e
dd 0x080469c0
dd 0x8ea46209
dd 0xbe570400
dd 0x0b070468
dd 0x006f1262
dd 0x3aa77303
dd 0x62130503
dd 0x03006f22
dd 0x033aa673
dd 0x12621a05
dd 0x7903008f
dd 0x06043bab
dd 0x8f226215
dd 0xab790300
dd 0x1b05043b
dd 0x006f1462
dd 0x339d6d03
dd 0x620f0302
dd 0x03006f24
dd 0x02329c6d
dd 0x14621403
dd 0x7103008f
dd 0x040234a0
dd 0x8f246211
dd 0xa0710300
dd 0x14030234
dd 0x00729262
dd 0x7fba5a04
dd 0x620b0a05
dd 0x040072a2
dd 0x057eb959
dd 0x92620f09
dd 0x65040092
dd 0x0b0781c3
dd 0x92a2620c
dd 0xc2640400
dd 0x100a0780
dd 0x00729462
dd 0x6ba74d04
dd 0x62090603
dd 0x040072a4
dd 0x0369a64c
dd 0x94620a05
dd 0x55040092
dd 0x07046ead
dd 0x92a46209
dd 0xac540400
dd 0x0c06046c
dd 0x00731262
dd 0x3f946803
dd 0x62150503
dd 0x03007322
dd 0x033f9468
dd 0x12621b04
dd 0x6e030093
dd 0x05044099
dd 0x93226216
dd 0x986d0300
dd 0x1e050440
dd 0x00731462
dd 0x358a6203
dd 0x62110302
dd 0x03007324
dd 0x02358a62
dd 0x14621603
dd 0x66030093
dd 0x0302378e
dd 0x93246211
dd 0x8d660300
dd 0x17030236
dd 0x00769262
dd 0x86ac5804
dd 0x620c0905
dd 0x040076a2
dd 0x0585ab57
dd 0x92621008
dd 0x63040096
dd 0x0b0688b5
dd 0x96a2620e
dd 0xb4620400
dd 0x120a0687
dd 0x00769462
dd 0x6d994a04
dd 0x620a0603
dd 0x040076a4
dd 0x036c9849
dd 0x94620c05
dd 0x53040096
dd 0x0704709f
dd 0x96a4620b
dd 0x9e520400
dd 0x0d06046f
dd 0x00771262
dd 0x43866003
dd 0x62160403
dd 0x03007722
dd 0x03438660
dd 0x12621d04
dd 0x65030097
dd 0x0503448b
dd 0x97226218
dd 0x8b650300
dd 0x22050344
dd 0x00771462
dd 0x6cf9b204
dd 0x62110503
dd 0x04007724
dd 0x036cf8b1
dd 0x14621605
dd 0xba040097
dd 0x06046fff
dd 0x97246213
dd 0xffb90400
dd 0x1705046f
dd 0x00669242
dd 0x69a36304
dd 0x42070d07
dd 0x040066a2
dd 0x0767a161
dd 0x9242090b
dd 0x6e040086
dd 0x10096cad
dd 0x86a24208
dd 0xab6c0400
dd 0x0b0e096a
dd 0x00669442
dd 0x658f5704
dd 0x42060904
dd 0x040066a4
dd 0x04638d55
dd 0x94420707
dd 0x5f040086
dd 0x0a056896
dd 0x86a44206
dd 0x945d0400
dd 0x08080567
dd 0x00671242
dd 0x34bc9903
dd 0x42100604
dd 0x03006722
dd 0x0433bc99
dd 0x12421606
dd 0x9f030087
dd 0x070536c1
dd 0x87224211
dd 0xc19e0300
dd 0x18070535
dd 0x00671442
dd 0x32b29303
dd 0x420d0402
dd 0x03006724
dd 0x0231b193
dd 0x14420f03
dd 0x98030087
dd 0x050334b6
dd 0x8724420f
dd 0xb5970300
dd 0x12040333
dd 0x006a9242
dd 0x6e915d04
dd 0x42080c06
dd 0x04006aa2
dd 0x066d8f5b
dd 0x92420b0a
dd 0x6804008a
dd 0x0e08719b
dd 0x8aa24209
dd 0x99670400
dd 0x0d0c086f
dd 0x006a9442
dd 0xc8f9a205
dd 0x42070f07
dd 0x05006aa4
dd 0x07c5f69e
dd 0x9442080c
dd 0x5a04008a
dd 0x09046884
dd 0x8aa44207
dd 0x82580400
dd 0x09070466
dd 0x006b1242
dd 0x379e8203
dd 0x42110503
dd 0x03006b22
dd 0x03369d81
dd 0x12421705
dd 0x8803008b
dd 0x060438a3
dd 0x8b224212
dd 0xa2870300
dd 0x1a060438
dd 0x006b1442
dd 0x32947c03
dd 0x420e0302
dd 0x03006b24
dd 0x0231937b
dd 0x14421203
dd 0x8003008b
dd 0x04023497
dd 0x8b24420f
dd 0x97800300
dd 0x14040233
dd 0x006e9242
dd 0x74aa6304
dd 0x420a0b06
dd 0x04006ea2
dd 0x0673a962
dd 0x92420d09
dd 0x6f04008e
dd 0x0c0777b4
dd 0x8ea2420b
dd 0xb26d0400
dd 0x0f0b0776
dd 0x006e9442
dd 0x66965604
dd 0x42080703
dd 0x04006ea4
dd 0x03649555
dd 0x94420a06
dd 0x5f04008e
dd 0x0804699d
dd 0x8ea44209
dd 0x9c5d0400
dd 0x0b070468
dd 0x006f1242
dd 0x3a977303
dd 0x42130503
dd 0x03006f22
dd 0x033a9673
dd 0x12421a05
dd 0x7903008f
dd 0x06043b9c
dd 0x8f224215
dd 0x9b780300
dd 0x1b05043b
dd 0x006f1442
dd 0x338d6d03
dd 0x420f0302
dd 0x03006f24
dd 0x02328d6c
dd 0x14421403
dd 0x7103008f
dd 0x04023490
dd 0x8f244211
dd 0x90700300
dd 0x14030234
dd 0x00729242
dd 0x7f9c6004
dd 0x420b0a05
dd 0x040072a2
dd 0x057e9b5f
dd 0x92420f09
dd 0x6b040092
dd 0x0b0781a6
dd 0x92a2420c
dd 0xa56a0400
dd 0x100a0780
dd 0x00729442
dd 0x6a895304
dd 0x42090603
dd 0x040072a4
dd 0x03698852
dd 0x94420b05
dd 0x5b040092
dd 0x07046d90
dd 0x92a4420a
dd 0x8f5a0400
dd 0x0c06046c
dd 0x00731242
dd 0x3f876803
dd 0x42150503
dd 0x03007322
dd 0x033f8668
dd 0x12421a04
dd 0x6d030093
dd 0x0504408b
dd 0x93224216
dd 0x8b6d0300
dd 0x1e050440
dd 0x00731442
dd 0x6af9c304
dd 0x42100503
dd 0x04007324
dd 0x0369f9c2
dd 0x14421405
dd 0x66030093
dd 0x03023780
dd 0x93244211
dd 0xffca0400
dd 0x1606046c
dd 0x00769242
dd 0x86925d04
dd 0x420c0905
dd 0x040076a2
dd 0x0585915c
dd 0x92421008
dd 0x68040096
dd 0x0b06889b
dd 0x96a2420e
dd 0x9a670400
dd 0x120a0687
dd 0x00769442
dd 0xdafd9f05
dd 0x420a0b05
dd 0x050076a4
dd 0x05d8fb9d
dd 0x94420b09
dd 0x58040096
dd 0x07047085
dd 0x96a4420b
dd 0x84570400
dd 0x0d06046f
dd 0x00771242
dd 0x85f4bf04
dd 0x42150805
dd 0x04007722
dd 0x0585f4be
dd 0x12421d08
dd 0xca040097
dd 0x0a0687fe
dd 0x97224218
dd 0xfdc90400
dd 0x20090687
dd 0x00771442
dd 0x6ce1b104
dd 0x42110503
dd 0x04007724
dd 0x036ce1b1
dd 0x14421605
dd 0xb9040097
dd 0x06046fe8
dd 0x97244213
dd 0xe7b90400
dd 0x1705046f
dd 0x00669252
dd 0x76b76e04
dd 0x52060e08
dd 0x040066a2
dd 0x0874b56c
dd 0x9252090c
dd 0x7b040086
dd 0x110a79c2
dd 0x86a25207
dd 0xc0790400
dd 0x0a0f0a77
dd 0x00669452
dd 0x7da76804
dd 0x52050a05
dd 0x040066a4
dd 0x057ba566
dd 0x94520708
dd 0x73040086
dd 0x0c0681b0
dd 0x86a45206
dd 0xaf710400
dd 0x080a067f
dd 0x00671252
dd 0x3ae3c003
dd 0x520d0704
dd 0x03006722
dd 0x043ae2bf
dd 0x12521206
dd 0xc6030087
dd 0x08053ce8
dd 0x8722520e
dd 0xe8c60300
dd 0x1407053b
dd 0x00671452
dd 0x3edbbd03
dd 0x520a0403
dd 0x03006724
dd 0x033ddabc
dd 0x14520e04
dd 0xc2030087
dd 0x050340df
dd 0x8724520b
dd 0xdfc20300
dd 0x10050340
dd 0x006a9252
dd 0x7ba26804
dd 0x52070d07
dd 0x04006aa2
dd 0x077aa166
dd 0x92520a0b
dd 0x7504008a
dd 0x0f097eae
dd 0x8aa25208
dd 0xac730400
dd 0x0c0d097d
dd 0x006a9452
dd 0x7d936204
dd 0x52060904
dd 0x04006aa4
dd 0x047b9261
dd 0x94520807
dd 0x6d04008a
dd 0x0a05819c
dd 0x8aa45207
dd 0x9a6b0400
dd 0x0908057f
dd 0x006b1252
dd 0x3dedd303
dd 0x520f0604
dd 0x03006b22
dd 0x043decd3
dd 0x12521405
dd 0xda03008b
dd 0x07053ff2
dd 0x8b225210
dd 0xf2d90300
dd 0x1907053e
dd 0x006b1452
dd 0x3ee5d003
dd 0x520d0402
dd 0x03006b24
dd 0x023de5d0
dd 0x14521104
dd 0xd603008b
dd 0x050340e9
dd 0x8b24520e
dd 0xe9d50300
dd 0x12040340
dd 0x006e9252
dd 0x83956404
dd 0x52080b06
dd 0x04006ea2
dd 0x06819463
dd 0x92520b0a
dd 0x7104008e
dd 0x0d0885a0
dd 0x8ea25209
dd 0x9f700400
dd 0x0d0c0884
dd 0x006e9452
dd 0x7e865d04
dd 0x52070804
dd 0x04006ea4
dd 0x047d855c
dd 0x94520907
dd 0x6804008e
dd 0x0905828f
dd 0x8ea45207
dd 0x8d660400
dd 0x0a080581
dd 0x006f1252
dd 0x41ccb703
dd 0x52100503
dd 0x03006f22
dd 0x0341ccb7
dd 0x12521705
dd 0xbd03008f
dd 0x060442d2
dd 0x8f225211
dd 0xd1bd0300
dd 0x1a060442
dd 0x006f1452
dd 0x3fc5b303
dd 0x520e0402
dd 0x03006f24
dd 0x023fc4b3
dd 0x14521103
dd 0xb903008f
dd 0x040341c9
dd 0x8f24520e
dd 0xc9b80300
dd 0x14040341
dd 0x00729252
dd 0x8e8c6204
dd 0x520a0b06
dd 0x040072a2
dd 0x068d8a61
dd 0x92520d0a
dd 0x6e040092
dd 0x0c089096
dd 0x92a2520a
dd 0x956d0400
dd 0x0f0b088f
dd 0x00729452
dd 0x847d5b04
dd 0x52080704
dd 0x040072a4
dd 0x04837c5a
dd 0x94520a06
dd 0x65040092
dd 0x08058885
dd 0x92a45208
dd 0x84640400
dd 0x0b070587
dd 0x00731252
dd 0x47b5a303
dd 0x52120503
dd 0x03007322
dd 0x0347b5a2
dd 0x12521a05
dd 0xa9030093
dd 0x060448ba
dd 0x93225214
dd 0xbaa90300
dd 0x1e060448
dd 0x00731452
dd 0x42ae9f03
dd 0x520e0302
dd 0x03007324
dd 0x0242ad9f
dd 0x14521303
dd 0xa4030093
dd 0x040344b2
dd 0x93245210
dd 0xb2a40300
dd 0x17040344
dd 0x00769252
dd 0x97856004
dd 0x520b0a06
dd 0x040076a2
dd 0x0696845f
dd 0x92520e09
dd 0x6c040096
dd 0x0c07998f
dd 0x96a2520c
dd 0x8e6b0400
dd 0x110b0798
dd 0x00769452
dd 0x88765804
dd 0x52090703
dd 0x040076a4
dd 0x03877557
dd 0x94520b06
dd 0x62040096
dd 0x08048b7e
dd 0x96a45209
dd 0x7d610400
dd 0x0c07048a
dd 0x00771252
dd 0x4ba49403
dd 0x52140503
dd 0x03007722
dd 0x034ba393
dd 0x12521e05
dd 0x9a030097
dd 0x06044ca9
dd 0x97225216
dd 0xa8990300
dd 0x1e05044c
dd 0x00771452
dd 0x449c9003
dd 0x520f0302
dd 0x03007724
dd 0x02439c8f
dd 0x14521503
dd 0x95030097
dd 0x040245a0
dd 0x97245211
dd 0xa0950300
dd 0x16030245
dd 0x0046a263
dd 0xccad5a03
dd 0x63170e08
dd 0x03004692
dd 0x08cd8a5b
dd 0x22631110
dd 0xc5030047
dd 0x0e08cbee
dd 0x4712632b
dd 0xefc50300
dd 0x1e0f08cc
dd 0x0046a243
dd 0xcc886103
dd 0x43170e08
dd 0x03004692
dd 0x08cd8a62
dd 0x22431110
dd 0x72020047
dd 0x07046686
dd 0x4712432c
dd 0x87720200
dd 0x20080466
dd 0x0046a253
dd 0xe5996d03
dd 0x53171009
dd 0x03004692
dd 0x09e69a6e
dd 0x22531011
dd 0x8c020047
dd 0x080573a0
dd 0x4712532b
dd 0xa18c0200
dd 0x1b080573
dd 0x0046a463
dd 0x62974003
dd 0x630e0805
dd 0x04004694
dd 0x09c5e783
dd 0x24630a12
dd 0xab030047
dd 0x080561d8
dd 0x4714631b
dd 0xd9ac0300
dd 0x14080562
dd 0x0046a443
dd 0xc3e48e04
dd 0x430e1009
dd 0x04004694
dd 0x09c5e690
dd 0x24430b12
dd 0xc9030047
dd 0x080561f6
dd 0x4714431d
dd 0xf7ca0300
dd 0x15080562
dd 0x0046a453
dd 0x7a885703
dd 0x530f0a06
dd 0x03004694
dd 0x067b8a58
dd 0x24530a0b
dd 0x81020047
dd 0x05033d98
dd 0x4714531c
dd 0x98810200
dd 0x1205033d
dd 0x004aa263
dd 0xa8765803
dd 0x631a0d08
dd 0x03004a92
dd 0x08a97759
dd 0x2263130e
dd 0xad03004b
dd 0x0c08a8c8
dd 0x4b12632e
dd 0xc8ad0300
dd 0x200d08a9
dd 0x004aa243
dd 0xa8765d03
dd 0x431a0d08
dd 0x03004a92
dd 0x08a9775e
dd 0x2243130e
dd 0xc503004b
dd 0x0c08a8e0
dd 0x4b12432f
dd 0xe0c50300
dd 0x220d08a9
dd 0x004aa253
dd 0xbd856803
dd 0x53190e08
dd 0x03004a92
dd 0x08be8669
dd 0x2253110f
dd 0x9702004b
dd 0x07045fa3
dd 0x4b125330
dd 0xa3980200
dd 0x1e07045f
dd 0x004aa463
dd 0xc7ca8304
dd 0x63100e08
dd 0x04004a94
dd 0x08c9cc85
dd 0x24630c10
dd 0x9703004b
dd 0x070463b6
dd 0x4b14631e
dd 0xb7970300
dd 0x16070464
dd 0x004aa443
dd 0xc7ca8e04
dd 0x43100e08
dd 0x04004a94
dd 0x08c9cb8f
dd 0x24430c10
dd 0xaf03004b
dd 0x070463cf
dd 0x4b144320
dd 0xcfb00300
dd 0x17070464
dd 0x004aa453
dd 0xf8f2ae04
dd 0x53101009
dd 0x04004a94
dd 0x09faf4b0
dd 0x24530c12
dd 0x8f02004b
dd 0x04033e9d
dd 0x4b14531f
dd 0x9d8f0200
dd 0x1705033f
dd 0x004ea263
dd 0x94975d03
dd 0x631c0b06
dd 0x03004e92
dd 0x0695985e
dd 0x2263150c
dd 0xb203004f
dd 0x0b0693e7
dd 0x4f126334
dd 0xe7b30300
dd 0x230b0694
dd 0x004ea243
dd 0x94826003
dd 0x431d0b06
dd 0x03004e92
dd 0x06958361
dd 0x2243150c
dd 0xb203004f
dd 0x0b0693d3
dd 0x4f124334
dd 0xd4b20300
dd 0x230b0694
dd 0x004ea253
dd 0xa6786503
dd 0x531a0c07
dd 0x03004e92
dd 0x07a77966
dd 0x2253120d
dd 0x8502004f
dd 0x0604538c
dd 0x4f125331
dd 0x8c860200
dd 0x1f060453
dd 0x004ea463
dd 0x60884703
dd 0x63120604
dd 0x03004e94
dd 0x04618948
dd 0x24630e07
dd 0x9c03004f
dd 0x060460d8
dd 0x4f146322
dd 0xd89d0300
dd 0x19060460
dd 0x004ea443
dd 0xc0e59404
dd 0x43120c07
dd 0x04004e94
dd 0x07c1e796
dd 0x24430e0e
dd 0x9c03004f
dd 0x060460c4
dd 0x4f144322
dd 0xc59c0300
dd 0x19060460
dd 0x004ea453
dd 0xefdda704
dd 0x53110e08
dd 0x04004e94
dd 0x08f0dea9
dd 0x24530d10
dd 0x7d02004f
dd 0x04023c88
dd 0x4f145324
dd 0x887d0200
dd 0x1804023c

ref_fffd52a4:
dd 0x283c7800
dd 0x9066141e

ref_fffd52ac:
db '0000000000000000',0x00,0x00,0x00,0x00

ref_fffd52c0:
db '                ',0x00,0x00,0x00,0x00

ref_fffd52d4:
db '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ',0x00,0x00,0x00,0x00

ref_fffd52fc:
dd 0x00000001
dd 0x00000002
dd 0x00000004
dd 0x00000008
dd 0x00000010
dd 0x00000020
dd 0x00000040
dd 0x00000000

ref_fffd531c:
db ' +-#0!^',0x00

ref_fffd5324:
dd loc_fffb955b
dd loc_fffb9556
dd loc_fffb957c
dd loc_fffb956f
dd loc_fffb95b8
dd loc_fffb959a
dd loc_fffb95ed
dd loc_fffb9603
dd loc_fffb965c
dd loc_fffb9642
dd loc_fffb9675
dd loc_fffb96bd

ref_fffd5354:
dd loc_fffb9987
dd loc_fffb98c4
dd loc_fffb9802
dd loc_fffb98c4
dd loc_fffb9949
dd loc_fffb98c4
dd loc_fffb99ae
dd loc_fffb9998
dd loc_fffb9949
dd loc_fffb97e3

ref_fffd537c:
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00000001
dd 0x00000000
dd 0x00000001

ref_fffd5394:
dd 0x01010101
dd 0x00010101

ref_fffd539c:
dd 0xfb0af600
dd 0x000ff105

ref_fffd53a4:
dd 0x00aaaaaa
dd 0x00cccccc
dd 0x00f0f0f0

ref_fffd53b0:
dd 0x00a10ca1
dd 0x00ef0d08
dd 0x00ad0a1e

ref_fffd53bc:
dd 0x00000006
dd 0x00000002
dd 0x00000001
dd 0x00000000
dd 0x00000002
dd 0x00000001
dd 0x00000000

ref_fffd53d8:
dd 0x00000000
dd 0x00000001
dd 0x00000002
dd 0x00000003
dd 0x00000001
dd 0x00000002
dd 0x00000003

ref_fffd53f4:
dd 0x00000000
dd 0xfffffffa
dd 0xfffffff4
dd 0xffffffee
dd 0x00000006
dd 0x0000000c
dd 0x00000012

ref_fffd5410:
dd 0x05000500
dd 0x00000000
dd 0x00000000

ref_fffd541c:
dd 0x08c009b0
dd 0x00000000
dd 0x00000000

ref_fffd5428:
dd loc_fffc1e31
dd loc_fffc1e96
dd loc_fffc21a3
dd loc_fffc21a3
dd loc_fffc1efb
dd loc_fffc1ffd
dd loc_fffc2120

ref_fffd5444:
dd loc_fffc30dc
dd loc_fffc3117
dd loc_fffc310e
dd loc_fffc3105
dd loc_fffc30fc
dd loc_fffc30f3
dd loc_fffc30e5
dd loc_fffc3129
dd loc_fffc3120

ref_fffd5468:
dd 0x00000020
dd 0x00000040
dd 0x00000080
dd 0x00000100
dd 0x00000200
dd 0x00000400
dd 0x00000800
dd 0x00001000

ref_fffd5488:
dd loc_fffc34c7
dd loc_fffc34d3
dd loc_fffc34e4
dd loc_fffc34f0
dd loc_fffc34fc

ref_fffd549c:
dd loc_fffc3b26
dd loc_fffc3c6e
dd loc_fffc3b37
dd loc_fffc3b3f
dd loc_fffc3b4a
dd loc_fffc3b55
dd loc_fffc3b60
dd loc_fffc3b68
dd loc_fffc3b73
dd loc_fffc3b7f
dd loc_fffc3b94
dd loc_fffc3b87
dd loc_fffc3ba7
dd loc_fffc3baf
dd loc_fffc3b9c
dd loc_fffc3bb9
dd loc_fffc3bc1
dd loc_fffc3bcc
dd loc_fffc3bd7
dd loc_fffc3ca2
dd loc_fffc3ca2
dd loc_fffc3bdf
dd loc_fffc3be8
dd loc_fffc3bf0
dd loc_fffc3bf8
dd loc_fffc3c03
dd loc_fffc3c0e
dd loc_fffc3c22
dd loc_fffc3c22
dd loc_fffc3c22
dd loc_fffc3c22
dd loc_fffc3c22
dd loc_fffc3c3f
dd loc_fffc3c4d
dd loc_fffc3c60
dd loc_fffc3ca2
dd loc_fffc3c81
dd loc_fffc3c8c
dd loc_fffc3ca2
dd loc_fffc3ca2
dd loc_fffc3ca2
dd loc_fffc3c97
dd loc_fffc3ca2
dd loc_fffc3c5b
dd loc_fffc3ca2
dd loc_fffc3ca2
dd loc_fffc3ca2
dd loc_fffc3ca2
dd loc_fffc3ca2
dd loc_fffc3ca2
dd loc_fffc3ca2
dd loc_fffc3ca2
dd loc_fffc3ca2
dd loc_fffc3ca2
dd loc_fffc3c76

ref_fffd5578:
dd 0x02010201
dd 0x02010201
dd 0x03030303
dd 0x00000000

ref_fffd5588:
dd 0x040f0f0f
dd 0x010f030f
dd 0x0f0f0f0f
dd 0x000f0205

ref_fffd5598:
dd 0x32320101
dd 0x20101010
dd 0x23232320
dd 0x00000020
dd 0x00000010
dd 0x00000023
dd 0x21303120
dd 0x00002120
dd 0x00003020
dd 0x00000020
dd 0x00000000
dd 0x00000000

ref_fffd55c8:
dd fcn_fffb7ecd
dd 0x0000dd1b
dd 0xff320000
dd fcn_fffc378b
dd 0x0001dd1c
dd 0xff3e0000
dd fcn_fffc3ac1
dd 0x0004dd1e
dd 0xff3f0000
dd fcn_fffac0c5
dd 0x0005dd1f
dd 0xff3f0000
dd fcn_fffac2dd
dd 0x0003dd20
dd 0xff310000
dd fcn_fffc3a22
dd 0x0006dd21
dd 0xff3f0000
dd fcn_fffab2f0
dd 0x0007dd22
dd 0xff3f0000
dd fcn_fffa2b43
dd 0x0008dd23
dd 0xff3f0000
dd fcn_fffd23bd
dd 0x0009dd24
dd 0xff3f0000
dd fcn_fffc9f5d
dd 0x000add26
dd 0xff310000
dd fcn_fffa91a0
dd 0x000bdd27
dd 0xff330000
dd fcn_fffc775d
dd 0x000fdd29
dd 0xff310000
dd fcn_fffb9c7d
dd 0x000ddd28
dd 0xff310000
dd fcn_fffae06f
dd 0x000edd25
dd 0xff310000
dd fcn_fffaec3c
dd 0x0011dd2b
dd 0xff310000
dd fcn_fffbcdaf
dd 0x0010dd2a
dd 0xff310000
dd fcn_fffbb9e6
dd 0x0012dd2c
dd 0xff310000
dd fcn_fffbd78e
dd 0x0014dd2e
dd 0xff310000
dd fcn_fffbd7ae
dd 0x0015dd2f
dd 0xff310000
dd fcn_fffada2f
dd 0x0016dd4a
dd 0xff310000
dd fcn_fffc556f
dd 0x0024dd3a
dd 0xff310000
dd fcn_fffa8788
dd 0x0038dd3d
dd 0xff310000
dd fcn_fffc5e42
dd 0x0027dd3e
dd 0xff310000
dd fcn_fffb757f
dd 0x0021dd49
dd 0xff310000
dd fcn_fffcc6a5
dd 0x0017dd46
dd 0xff310000
dd fcn_fffd0a5f
dd 0x0018dd30
dd 0xff310000
dd fcn_fffcc956
dd 0x0019dd30
dd 0xff310000
dd fcn_fffcce03
dd 0x001add32
dd 0xff310000
dd fcn_fffc198b
dd 0x001cdd33
dd 0xff310000
dd fcn_fffcc746
dd 0x001ddd35
dd 0xff310000
dd fcn_fffcca92
dd 0x001bdd45
dd 0xff310000
dd fcn_fffcc5b3
dd 0x001fdd37
dd 0xff310000
dd fcn_fffc0455
dd 0x001edd36
dd 0xff310000
dd fcn_fffccb56
dd 0x0028dd4b
dd 0xff310000
dd fcn_fffccc72
dd 0x0029dd4c
dd 0xff310000
dd fcn_fffb4517
dd 0x0020dd41
dd 0xff310000
dd fcn_fffacbf4
dd 0x0006dd21
dd 0xff310000
dd fcn_fffa8788
dd 0x0038dd3d
dd 0xff310000
dd fcn_fffc5e42
dd 0x0027dd3e
dd 0xff310000
dd fcn_fffc556f
dd 0x0024dd3a
dd 0xff310000
dd fcn_fffc054a
dd 0x0025dd3b
dd 0xff310000
dd fcn_fffc0408
dd 0x0026dd3c
dd 0xff310000
dd fcn_fffc8a1c
dd 0x0022dd38
dd 0xff310000
dd fcn_fffc8a97
dd 0x0023dd39
dd 0xff310000
dd fcn_fffbd7ce
dd 0x002fdd47
dd 0xff310000
dd fcn_fffc51d8
dd 0x002ddd3f
dd 0xff310000
dd fcn_fffc4fa5
dd 0x002edd40
dd 0xff310000
dd fcn_fffd017f
dd 0x0043dd58
dd 0x01310000
dd fcn_fffc12a0
dd 0x0031dd44
dd 0xff310000
dd fcn_fffb757f
dd 0x0021dd49
dd 0xff310000
dd fcn_fffa7602
dd 0x0045dd48
dd 0xff310000
dd fcn_fffc7732
dd 0x0030dd42
dd 0xff310000
dd fcn_fffc76e5
dd 0x0044dd7f
dd 0xff310000
dd fcn_fffb4e8f
dd 0x0039dd50
dd 0xff310000
dd fcn_fffc770d
dd 0x0030dd42
dd 0xff310000
dd fcn_fffb657d
dd 0x0030dd42
dd 0xff310000
dd fcn_fffc76ba
dd 0x0033dd43
dd 0xff3e0000
dd fcn_fffc9f5d
dd 0x000add26
dd 0xff320000
dd fcn_fffc76e5
dd 0x0044dd7f
dd 0xff360000
dd fcn_fffc7698
dd 0x0033dd43
dd 0xff3e0000
dd fcn_fffa8c9b
dd 0x003add51
dd 0xff3f0000
dd fcn_fffae330
dd 0x0034dd70
dd 0xff3c0000
dd fcn_fffc53cd
dd 0x0035dd71
dd 0xff3e0000
dd fcn_fffa8a11
dd 0x0036dd5b
dd 0xff310000
dd fcn_fffad3f0
dd 0x0037dd5c
dd 0xff330000
dd fcn_fffb352d
dd 0x003bdd5d
dd 0xff3f0000

ref_fffd58e0:
dd 0x00030104
dd 0x00050200
dd 0x04000000
dd 0x00000706
dd 0x00000200
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x90660200

ref_fffd5904:
dd 0x003c0000
dd 0x48004806
dd 0x004c0600
dd 0x5002004c
dd 0x04005000
dd 0x00540054
dd 0x58005806
dd 0x005c0400
dd 0x6006005c
dd 0x06006000
dd 0x00640064
dd 0x60006002
dd 0x00640700
dd 0x68030064
dd 0x06006800
dd 0x0070006c
dd 0x78007407
dd 0x00740600
dd 0x7c070074
dd 0x04008c00
dd 0x00800080
dd 0x3c010005
dd 0x01480601
dd 0x4c060148
dd 0x02014c01
dd 0x01500150
dd 0x54015404
dd 0x01580601
dd 0x5c040158
dd 0x06015c01
dd 0x01600160
dd 0x64016406
dd 0x01600201
dd 0x64070160
dd 0x03016401
dd 0x01680168
dd 0x70016c06
dd 0x01740701
dd 0x74060178
dd 0x07017401
dd 0x018c017c
dd 0x80018004
dd 0x02000501
dd 0x4806023c
dd 0x06024802
dd 0x024c024c
dd 0x50025002
dd 0x02540402
dd 0x58060254
dd 0x04025802
dd 0x025c025c
dd 0x60026006
dd 0x02640602
dd 0x60020264
dd 0x07026002
dd 0x02640264
dd 0x68026803
dd 0x026c0602
dd 0x74070270
dd 0x06027802
dd 0x02740274
dd 0x8c027c07
dd 0x02800402
dd 0x00050280
dd 0x06033c03
dd 0x03480348
dd 0x4c034c06
dd 0x03500203
dd 0x54040350
dd 0x06035403
dd 0x03580358
dd 0x5c035c04
dd 0x03600603
dd 0x64060360
dd 0x02036403
dd 0x03600360
dd 0x64036407
dd 0x03680303
dd 0x6c060368
dd 0x07037003
dd 0x03780374
dd 0x74037406
dd 0x037c0703
dd 0x8004038c
dd 0x05038003
dd 0x043c0400
dd 0x48044806
dd 0x044c0604
dd 0x5002044c
dd 0x04045004
dd 0x04540454
dd 0x58045806
dd 0x045c0404
dd 0x6006045c
dd 0x06046004
dd 0x04640464
dd 0x60046002
dd 0x04640704
dd 0x68030464
dd 0x06046804
dd 0x0470046c
dd 0x78047407
dd 0x04740604
dd 0x7c070474
dd 0x04048c04
dd 0x04800480
dd 0x3c050005
dd 0x05480605
dd 0x4c060548
dd 0x02054c05
dd 0x05500550
dd 0x54055404
dd 0x05580605
dd 0x5c040558
dd 0x06055c05
dd 0x05600560
dd 0x64056406
dd 0x05600205
dd 0x64070560
dd 0x03056405
dd 0x05680568
dd 0x70056c06
dd 0x05740705
dd 0x74060578
dd 0x07057405
dd 0x058c057c
dd 0x80058004
dd 0x06000505
dd 0x4806063c
dd 0x06064806
dd 0x064c064c
dd 0x50065002
dd 0x06540406
dd 0x58060654
dd 0x04065806
dd 0x065c065c
dd 0x60066006
dd 0x06640606
dd 0x60020664
dd 0x07066006
dd 0x06640664
dd 0x68066803
dd 0x066c0606
dd 0x74070670
dd 0x06067806
dd 0x06740674
dd 0x8c067c07
dd 0x06800406
dd 0x00050680
dd 0x06073c07
dd 0x07480748
dd 0x4c074c06
dd 0x07500207
dd 0x54040750
dd 0x06075407
dd 0x07580758
dd 0x5c075c04
dd 0x07600607
dd 0x64060760
dd 0x02076407
dd 0x07600760
dd 0x64076407
dd 0x07680307
dd 0x6c060768
dd 0x07077007
dd 0x07780774
dd 0x74077406
dd 0x077c0707
dd 0x8004078c
dd 0x05078007
dd 0x083c0800
dd 0x48084806
dd 0x084c0608
dd 0x5002084c
dd 0x04085008
dd 0x08540854
dd 0x58085806
dd 0x085c0408
dd 0x6006085c
dd 0x06086008
dd 0x08640864
dd 0x60086002
dd 0x08640708
dd 0x68030864
dd 0x06086808
dd 0x0870086c
dd 0x78087407
dd 0x08740608
dd 0x7c070874
dd 0x04088c08
dd 0x08800880
dd 0x3c090005
dd 0x09480609
dd 0x4c060948
dd 0x02094c09
dd 0x09500950
dd 0x54095404
dd 0x09580609
dd 0x5c040958
dd 0x06095c09
dd 0x09600960
dd 0x64096406
dd 0x09600209
dd 0x64070960
dd 0x03096409
dd 0x09680968
dd 0x70096c06
dd 0x09740709
dd 0x74060978
dd 0x07097409
dd 0x098c097c
dd 0x80098004
dd 0x0a000509
dd 0x48060a3c
dd 0x060a480a
dd 0x0a4c0a4c
dd 0x500a5002
dd 0x0a54040a
dd 0x58060a54
dd 0x040a580a
dd 0x0a5c0a5c
dd 0x600a6006
dd 0x0a64060a
dd 0x60020a64
dd 0x070a600a
dd 0x0a640a64
dd 0x680a6803
dd 0x0a6c060a
dd 0x74070a70
dd 0x060a780a
dd 0x0a740a74
dd 0x8c0a7c07
dd 0x0a80040a
dd 0x00050a80
dd 0x060b3c0b
dd 0x0b480b48
dd 0x4c0b4c06
dd 0x0b50020b
dd 0x54040b50
dd 0x060b540b
dd 0x0b580b58
dd 0x5c0b5c04
dd 0x0b60060b
dd 0x64060b60
dd 0x020b640b
dd 0x0b600b60
dd 0x640b6407
dd 0x0b68030b
dd 0x6c060b68
dd 0x070b700b
dd 0x0b780b74
dd 0x740b7406
dd 0x0b7c070b
dd 0x80040b8c
dd 0x050b800b
dd 0x0c3c0c00
dd 0x480c4806
dd 0x0c4c060c
dd 0x50020c4c
dd 0x040c500c
dd 0x0c540c54
dd 0x580c5806
dd 0x0c5c040c
dd 0x60060c5c
dd 0x060c600c
dd 0x0c640c64
dd 0x600c6002
dd 0x0c64070c
dd 0x68030c64
dd 0x060c680c
dd 0x0c700c6c
dd 0x780c7407
dd 0x0c74060c
dd 0x7c070c74
dd 0x040c8c0c
dd 0x0c800c80
dd 0x3c0d0005
dd 0x0d48060d
dd 0x4c060d48
dd 0x020d4c0d
dd 0x0d500d50
dd 0x540d5404
dd 0x0d58060d
dd 0x5c040d58
dd 0x060d5c0d
dd 0x0d600d60
dd 0x640d6406
dd 0x0d60020d
dd 0x64070d60
dd 0x030d640d
dd 0x0d680d68
dd 0x700d6c06
dd 0x0d74070d
dd 0x74060d78
dd 0x070d740d
dd 0x0d8c0d7c
dd 0x800d8004
dd 0x0e00050d
dd 0x48060e3c
dd 0x060e480e
dd 0x0e4c0e4c
dd 0x500e5002
dd 0x0e54040e
dd 0x58060e54
dd 0x040e580e
dd 0x0e5c0e5c
dd 0x600e6006
dd 0x0e64060e
dd 0x60020e64
dd 0x070e600e
dd 0x0e640e64
dd 0x680e6803
dd 0x0e6c060e
dd 0x74070e70
dd 0x060e780e
dd 0x0e740e74
dd 0x8c0e7c07
dd 0x0e80040e
dd 0x00050e80
dd 0x060f3c0f
dd 0x0f480f48
dd 0x4c0f4c06
dd 0x0f50020f
dd 0x54040f50
dd 0x060f540f
dd 0x0f580f58
dd 0x5c0f5c04
dd 0x0f60060f
dd 0x64060f60
dd 0x020f640f
dd 0x0f600f60
dd 0x640f6407
dd 0x0f68030f
dd 0x6c060f68
dd 0x070f700f
dd 0x0f780f74
dd 0x740f7406
dd 0x0f7c070f
dd 0x80040f8c
dd 0x050f800f
dd 0x0f840f84
dd 0x3c100005
dd 0x10480610
dd 0x4c061048
dd 0x02104c10
dd 0x10501050
dd 0x54105404
dd 0x10580610
dd 0x5c041058
dd 0x06105c10
dd 0x10601060
dd 0x64106406
dd 0x10600210
dd 0x64071060
dd 0x03106410
dd 0x10681068
dd 0x70106c06
dd 0x10740710
dd 0x74061078
dd 0x07107410
dd 0x108c107c
dd 0x80108004
dd 0x11000510
dd 0x4806113c
dd 0x06114811
dd 0x114c114c
dd 0x50115002
dd 0x11540411
dd 0x58061154
dd 0x04115811
dd 0x115c115c
dd 0x60116006
dd 0x11640611
dd 0x60021164
dd 0x07116011
dd 0x11641164
dd 0x68116803
dd 0x116c0611
dd 0x74071170
dd 0x06117811
dd 0x11741174
dd 0x8c117c07
dd 0x11800411
dd 0x04051180
dd 0x06120812
dd 0x121c1214
dd 0x20122006
dd 0x13040412
dd 0x14061308
dd 0x06131c13
dd 0x13201320
dd 0x0c140404
dd 0x15040614
dd 0x0006150c
dd 0x04180018
dd 0x18101808
dd 0x18181806
dd 0x18200418
dd 0x00041820
dd 0x04190019
dd 0x19101908
dd 0x18191806
dd 0x19200419
dd 0x04041920
dd 0x061a0c1a
dd 0x1b0c1b04
dd 0x1c1c1406
dd 0x1c20061c
dd 0x14041c20
dd 0x061d1c1d
dd 0x1d201d20
dd 0x04200004
dd 0x20080720
dd 0xb8062008
dd 0x022bb82b
dd 0x36783678
dd 0x283a0004
dd 0x3a2c063a
dd 0x30043a2c
dd 0x043a343a
dd 0x40044000
dd 0x04400406
dd 0x40080740
dd 0x1006400c
dd 0x07401440
dd 0x40184018
dd 0x20402005
dd 0x40240740
dd 0x2c064028
dd 0x04403840
dd 0x40ac40a4
dd 0xcc40b404
dd 0x40d00440
dd 0xd40640d0
dd 0x0440d440
dd 0x42104210
dd 0x24422004
dd 0x42280642
dd 0x8c044244
dd 0x04429042
dd 0x42944294
dd 0x98429806
dd 0x429c0442
dd 0xa006429c
dd 0x0742a042
dd 0x42ac42a4
dd 0xe842e405
dd 0x42ec0542
dd 0x280742fc
dd 0x07432843
dd 0x43744340
dd 0x90438c05
dd 0x44000643
dd 0x04064404
dd 0x07440444
dd 0x440c4408
dd 0x14441006
dd 0x44180744
dd 0x20054418
dd 0x07442044
dd 0x44284424
dd 0x38442c06
dd 0x44a40444
dd 0xb40444ac
dd 0x0444cc44
dd 0x44d044d0
dd 0xd444d406
dd 0x46100444
dd 0x20044610
dd 0x06462446
dd 0x46444628
dd 0x90468c04
dd 0x46940446
dd 0x98064694
dd 0x04469846
dd 0x469c469c
dd 0xa046a006
dd 0x46a40746
dd 0xe40546ac
dd 0x0546e846
dd 0x46fc46ec
dd 0x28472807
dd 0x47400747
dd 0x8c054774
dd 0x06479047
dd 0x48c048a8
dd 0xf448d802
dd 0x49080248
dd 0x6802491c
dd 0x04496849
dd 0x498c4980
dd 0x444e3802
dd 0x5000024e
dd 0x04065000
dd 0x07500850
dd 0x5018500c
dd 0x1c501c06
dd 0x50200750
dd 0x38065034
dd 0x02503c50
dd 0x50585040
dd 0x5c505c06
dd 0x50600250
dd 0x64075060
dd 0x02507c50
dd 0x50845080
dd 0x8c508806
dd 0x50900250
dd 0x98065094
dd 0x02509c50
dd 0x50a450a0
dd 0xac50a806
dd 0x50b00250
dd 0xd00650cc
dd 0x0250dc50
dd 0x58805880
dd 0x88588407
dd 0x588c0758
dd 0x9005588c
dd 0x07589c58
dd 0x58a458a4
dd 0xdc58d006
dd 0x58e00758
dd 0xb80758e4
dd 0x0759b859

ref_fffd6138:
dd 0x08040201
dd 0x08040201
dd 0x00000000

ref_fffd6144:
dd 0x08040201
dd 0x00000000
dd 0x08040201

ref_fffd6150:
dd 0x04030201
dd 0x06000500
dd 0x00000700

ref_fffd615c:
dd loc_fffcb5fc
dd loc_fffcb600
dd loc_fffcb604
dd loc_fffcb616
dd loc_fffcb637
dd loc_fffcb637
dd loc_fffcb637
dd loc_fffcb637
dd loc_fffcb637
dd loc_fffcb637
dd loc_fffcb621
dd loc_fffcb628
dd loc_fffcb637
dd loc_fffcb637
dd loc_fffcb637
dd loc_fffcb621

ref_fffd619c:
dd 0x08c009b0
dd 0x08c009b0
dd 0x00000000

ref_fffd61a8:
dd 0x08c009b0
dd 0x00000000
dd 0x90660000

ref_fffd61b4:
dd loc_fffcd3d3
dd loc_fffcd3de
dd loc_fffcd3ef
dd loc_fffcd400
dd loc_fffcd411
dd loc_fffcd4ba
dd loc_fffcd566
dd loc_fffcd922
dd loc_fffcd580
dd loc_fffcd6ad
dd loc_fffcd7da
dd loc_fffcd422
dd loc_fffcd922
dd loc_fffcd922
dd loc_fffcd922
dd loc_fffcd922
dd loc_fffcd549
dd loc_fffcd4ba
dd loc_fffcd922
dd loc_fffcd922
dd loc_fffcd922
dd loc_fffcd922
dd loc_fffcd922
dd loc_fffcd922
dd loc_fffcd922
dd loc_fffcd922
dd loc_fffcd922
dd loc_fffcd922
dd loc_fffcd922
dd loc_fffcd922
dd loc_fffcd922
dd loc_fffcd922
dd loc_fffcd549
dd loc_fffcd4ba

ref_fffd623c:
dd 0x0bb80bb8
dd 0x00000000
db 0x00
db 0x00

ref_fffd6246:
db 'Invalid PEI data version, %d != %d',0x0a,0x00

ref_fffd626a:
db 'MRC: S3 Resume',0x0a,0x00

ref_fffd627a:
db 'Initializing Policy',0x0a,0x00

ref_fffd628f:
db 'Installing common PPI',0x0a,0x00

ref_fffd62a6:
db 'Initializing Memory',0x0a,0x00

ref_fffd62bb:
db 'MRC: Done.',0x0a,0x00

ref_fffd62c7:
db 'MRC: Starting...',0x0a,0x00

ref_fffd62d9:
db '%s:%d pool cookie corrupted...',0x0a,0x00

ref_fffd62f9:
db '%s:%d failed to allocate %d bytes...',0x0a,0x00

ref_fffd631f:
db 'hljztL',0x00

ref_fffd6326:
db '(null)',0x00,0x00,0x00,0x00

ref_fffd6330:
dd 0xe6af1f7b
dd 0x46dafc3f
dd 0xb4a328a8
dd 0x8242a457

ref_fffd6340:
dd 0x00000000
dd fcn_fffb9485

ref_fffd6348:
dd 0x1f4c6f90
dd 0x48d8b06b
dd 0xe5ba01a2
dd 0x567dcdf1

; FIXME: fix up for a PPI
ref_fffd6358:
db 0x01
dd fcn_fffb915b
dd fcn_fffb688e
dd fcn_fffc5bee
dd fcn_fffb6839
db 0x00, 0x00, 0x00

ref_fffd636c:
dd 0x794a0deb
dd 0x4e7bc971
dd 0xbfd0f28a
dd 0x9826ca3c

ref_fffd637c:
dd 0x80000010
dd ref_fffd6330
dd 0x00000000

ref_fffd6388:
dd fcn_fffb456f
dd fcn_fffc74fd
dd fcn_fffb61a8
dd fcn_fffb6275
dd fcn_fffb4038
dd fcn_fffb00aa
dd fcn_fffb00e5
dd fcn_fffb0092
dd fcn_fffb0197
dd fcn_fffb00c6
dd fcn_fffb406a
dd fcn_fffb009b
dd fcn_fffb3e63
dd fcn_fffb3e54
dd fcn_fffb3feb
dd fcn_fffb4029
dd fcn_fffb3e3c
dd fcn_fffb3fae
dd fcn_fffb4007
dd fcn_fffcce20

ref_fffd63d8:
dd 0x98191174
dd 0x41060b26
dd 0x45d002af
dd 0x2b05e851

ref_fffd63e8:
dd 0xaf4a1998
dd 0x45454949
dd 0xe7c14c9c
dd 0x56e042c0

ref_fffd63f8:
dd 0x02353140
dd 0x20373144
dd 0x32103146
dd 0x32163148
dd 0x3250314c
dd 0x76543150

ref_fffd6410:
dd 0x00003100
dd 0x03203200
dd 0x00003108
dd 0x00000001
dd 0x0000310c
dd 0x43214321
dd 0x00003110
dd 0x00000001
dd 0x00003114
dd 0x00000001
dd 0x00003118
dd 0x00000001

ref_fffd6440:
dd 0x02353140
dd 0x20373144
dd 0x32103146
dd 0x32163148
dd 0x3250314c
dd 0x76543150
dd 0x00063158
dd 0x55443164
dd 0x00073168

ref_fffd6464:
dd 0x00003100
dd 0x03203200
dd 0x00003108
dd 0x00000001
dd 0x0000310c
dd 0x43214321
dd 0x00003110
dd 0x00000001
dd 0x00003118
dd 0x00000001

ref_fffd648c:
dd 0xa6a4a2a0

ref_fffd6490:
dd 0x422b8086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x422c8086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x42388086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x42398086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00828086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00858086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00838086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00848086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00868086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00878086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00888086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00898086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x008f8086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00908086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08ae8086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08af8086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08968086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08978086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08858086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08868086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08948086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08958086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08928086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08938086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08908086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08918086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08878086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08888086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x088e8086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x088f8086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08b58086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08b68086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08b38086
dd 0x028002ff
dd 0x01540003
dd 0x00000003
dd 0x00000000
dd 0x00000000
dd 0x08b38086
dd 0x028002ff
dd 0x01580002
dd 0x00000003
dd 0x00000000
dd 0x00000000
dd 0x08b48086
dd 0x028002ff
dd 0x01540003
dd 0x00000003
dd 0x00000000
dd 0x00000000
dd 0x08b48086
dd 0x028002ff
dd 0x01580002
dd 0x00000003
dd 0x00000000
dd 0x00000000
dd 0x08b18086
dd 0x028002ff
dd 0x01540003
dd 0x00000003
dd 0x00000000
dd 0x00000000
dd 0x08b18086
dd 0x028002ff
dd 0x01580002
dd 0x00000003
dd 0x00000000
dd 0x00000000
dd 0x08b28086
dd 0x028002ff
dd 0x01540003
dd 0x00000003
dd 0x00000000
dd 0x00000000
dd 0x08b28086
dd 0x028002ff
dd 0x01580002
dd 0x00000003
dd 0x00000000
dd 0x00000000
dd 0x08b08086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00000000

ref_fffd6880:
dd 0x50031131
dd 0x43ef4f24
dd 0x3773afb7
dd 0xac0ef794

ref_fffd6890:
dd 0x80000010
dd ref_fffd6348
dd ref_fffd6340

ref_fffd689c:
dd 0x433e0f9f
dd 0x410a05ae
dd 0x29bfc3a0
dd 0xac25cb8e

ref_fffd68ac:
dd 0xf894643d
dd 0x42d1c449
dd 0xbd85a88e
dd 0xde5bc6d8

ref_fffd68bc:
dd 0xf8d5438e
dd 0x481d26e1
dd 0xd6303cb6
dd 0x20a4f4ef

ref_fffd68cc:
dd 0x4c10d934
dd 0x45a438e6
dd 0x792a249a
dd 0x7fcb3db9

ref_fffd68dc:
dd 0x80000010
dd ref_fffd636c
dd ref_fffd6358

ref_fffd68e8:
dd 0x3d0e663a
dd 0x4489dc72
dd 0x9ee4c587
dd 0x52a473e7

ref_fffd68f8:
dd 0x3e14d361
dd 0x42e4c7d7
dd 0xebb907ae
dd 0x2aed9648

ref_fffd6908:
dd 0x87f22dcb
dd 0x41057304
dd 0x71317cbb
dd 0x3bc2cc43

ref_fffd6918:
dd 0x573eaf99
dd 0x46b5f445
dd 0x4abcd5a5
dd 0xf3983593

ref_fffd6928:
dd 0x9ca93627
dd 0x4324b65b
dd 0xb4c002a2
dd 0x43457661

ref_fffd6938:
dd 0x17865dc0
dd 0x4da80b8b
dd 0x467c428b
dd 0x4dca5cb8

ref_fffd6948:
dd 0xf38d1338
dd 0x4fb6af7a
dd 0x9c1adb91
dd 0x0d578321

ref_fffd6958:
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x000003ff
dd 0x000003ff
dd 0x00000000
dd 0x000002aa
dd 0x000002aa
dd 0x00000001
dd 0x00000155
dd 0x00000155
dd 0x00000001

ref_fffd6988:
dd 0x1e94f097
dd 0x40895acd
dd 0xa5b9e3b2
dd 0x0ca779c8