;; Generated with r2dumpbin (https://github.com/mytbk/r2dumpbin) bits 32 extern __imp__CreateFontA@56 extern __imp__CreatePen@12 extern __imp__CreateSolidBrush@4 extern __imp__DeleteObject@4 extern __imp__Ellipse@20 extern __imp__FloodFill@16 extern __imp__GetStockObject@4 extern __imp__LineTo@12 extern __imp__MoveToEx@16 extern __imp__Pie@36 extern __imp__SelectObject@8 extern __imp__SetBkMode@8 extern __imp__SetTextCharacterExtra@8 extern __imp__SetTextColor@8 extern __imp__TextOutA@20 extern __imp__BeginPaint@8 extern __imp__CharUpperBuffA@8 extern __imp__CreateWindowExA@48 extern __imp__DefWindowProcA@16 extern __imp__DestroyWindow@4 extern __imp__DispatchMessageA@4 extern __imp__DrawTextA@20 extern __imp__EndPaint@8 extern __imp__GetCursorPos@4 extern __imp__GetSystemMetrics@4 extern __imp__IntersectRect@12 extern __imp__InvalidateRect@12 extern __imp__KillTimer@8 extern __imp__LoadCursorA@8 extern __imp__LoadIconA@8 extern __imp__MessageBoxA@16 extern __imp__PeekMessageA@20 extern __imp__PostMessageA@16 extern __imp__PostQuitMessage@4 extern __imp__RegisterClassA@4 extern __imp__SetCursorPos@8 extern __imp__SetFocus@4 extern __imp__SetTimer@16 extern __imp__SetWindowsHookExA@16 extern __imp__ShowCursor@4 extern __imp__ShowWindow@8 extern __imp__TranslateMessage@4 extern __imp__UnhookWindowsHookEx@4 extern __imp__UpdateWindow@4 extern __imp__ValidateRect@8 extern __imp__CloseHandle@4 extern __imp__CreateEventA@16 extern __imp__CreateFileA@28 extern __imp__CreateThread@24 extern __imp__DeleteFileA@4 extern __imp__ExitProcess@4 extern __imp__ExitThread@4 extern __imp__FlushFileBuffers@4 extern __imp__GetACP@0 extern __imp__GetCPInfo@8 extern __imp__GetCommandLineA@0 extern __imp__GetCommandLineW@0 extern __imp__GetConsoleMode@8 extern __imp__GetCurrentDirectoryA@8 extern __imp__GetCurrentProcessId@0 extern __imp__GetCurrentThreadId@0 extern __imp__GetCurrentThread@0 extern __imp__GetDriveTypeA@4 extern __imp__GetEnvironmentStrings@0 extern __imp__GetFileAttributesA@4 extern __imp__GetFileSize@8 extern __imp__GetFileType@4 extern __imp__GetFullPathNameA@16 extern __imp__GetLastError@0 extern __imp__GetLocalTime@4 extern __imp__GetModuleFileNameA@12 extern __imp__GetModuleFileNameW@12 extern __imp__GetModuleHandleA@4 extern __imp__GetOEMCP@0 extern __imp__GetProcAddress@8 extern __imp__GetStdHandle@4 extern __imp__GetTickCount@0 extern __imp__GetVersion@0 extern __imp__LoadLibraryA@4 extern __imp__MoveFileA@8 extern __imp__MultiByteToWideChar@24 extern __imp__ReadConsoleInputA@16 extern __imp__ReadFile@20 extern __imp__SetConsoleCtrlHandler@8 extern __imp__SetConsoleMode@8 extern __imp__SetEnvironmentVariableA@8 extern __imp__SetEnvironmentVariableW@8 extern __imp__SetEvent@4 extern __imp__SetFilePointer@16 extern __imp__SetLastError@4 extern __imp__SetStdHandle@8 extern __imp__SetUnhandledExceptionFilter@4 extern __imp__UnhandledExceptionFilter@4 extern __imp__VirtualAlloc@16 extern __imp__VirtualFree@12 extern __imp__VirtualQuery@12 extern __imp__WaitForSingleObject@8 extern __imp__WideCharToMultiByte@32 extern __imp__WriteConsoleA@20 extern __imp__WriteFile@20 extern __imp__auxGetDevCapsA@12 extern __imp__auxGetNumDevs@0 extern __imp__auxGetVolume@8 extern __imp__auxSetVolume@8 extern __imp__mciGetDeviceIDA@4 extern __imp__mciSendStringA@16 extern __imp__midiOutGetDevCapsA@12 extern __imp__midiOutGetVolume@8 extern __imp__midiOutSetVolume@8 extern __imp__timeGetTime@0 extern __imp__timeKillEvent@4 extern __imp__timeSetEvent@20 extern __imp__DirectSoundCreate@12 extern __imp__DirectDrawCreate@12 global loc_004588b0 global __imp__GetModuleHandleA@4 global _LpCmdLine global memset global rich4_main global __ThreadDataSize global fcn_0045abc6 global _GetThreadPtr global __init_stack_limits global __NewExceptionFilter global __NTInit global ref_00488f8c global ref_00489330 global ref_004898ca global ref_00489900 global ref_004991c0 global fcn_0045ac2a extern _abs extern _memcpy extern _strlen extern _memcmp extern _get_local_time extern _card_strings extern _card_table extern _game_stocks extern _stocks_on_map extern _player_stocks extern _tool_strings extern _rich4_players extern _nplayers extern _current_player extern _players extern clib_fopen extern clib_fclose extern clib_fseek extern clib_fread extern clib_fwrite global fcn_00457135 global fcn_00457254 global fcn_00457902 global fcn_00458de7 global fcn_004590b9 global fcn_004591f9 global fcn_0045931e global fcn_004593a9 global fcn_0045940b global fcn_0045949c global fcn_00459657 global fcn_004599bb global fcn_00459aab global ref_00488f50 global ref_00488f54 global ref_00488f60 global ref_00488f64 global ref_004991d4 extern clib_rand extern clib_srand global _GetThreadPtr extern __AllocInitThreadData extern __NTRemoveThread extern __NTThreadFini global clib_free global fcn_0045c836 global fcn_0045e8ca global lib_calloc global ref_00488f78 global ref_00488f7c global ref_00499954 global _RWD_osbuild global _RWD_osmajor global __ThreadDataSize global __fatal_runtime_error global fcn_0045c585 global ref_0046c97c global ref_0046c9a1 global ref_0046c9c9 global __init_stack_limits global _gWindowHandle extern _Wait_0402_Message extern _Post_0402_Message extern _callbackSize extern _windowCallbacks section .text db 0xcc db 0xeb db 0xfd ref_00401003: db 0x90 dd 0x00909090 dd 0x00000000 dd 0x00000000 fcn_00401010: push ebx push esi push edi push ebp sub esp, 8 mov esi, dword [esp + 0x20] mov ebx, dword [esp + 0x24] cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je near loc_00401537 ; je 0x401537 mov eax, esp push eax call dword [cs:__imp__GetCursorPos@4] ; ucall: call dword cs:[0x4622ec] xor eax, eax mov ax, word [ref_00497168] ; mov ax, word [0x497168] cmp esi, eax jne short loc_00401059 ; jne 0x401059 test ebx, 0x80000000 jne short loc_00401059 ; jne 0x401059 mov eax, dword [esp + 4] sub eax, 0xa push eax mov edi, dword [esp + 4] push edi jmp short loc_0040107a ; jmp 0x40107a loc_00401059: xor eax, eax mov ax, word [ref_0049716a] ; mov ax, word [0x49716a] cmp esi, eax jne short loc_00401086 ; jne 0x401086 test ebx, 0x80000000 jne short loc_00401086 ; jne 0x401086 mov esi, dword [esp + 4] push esi mov eax, dword [esp + 4] add eax, 0xa loc_00401079: push eax loc_0040107a: call dword [cs:__imp__SetCursorPos@8] ; ucall: call dword cs:[0x46231c] jmp near loc_00401537 ; jmp 0x401537 loc_00401086: xor eax, eax mov ax, word [ref_0049716c] ; mov ax, word [0x49716c] cmp esi, eax jne short loc_004010a9 ; jne 0x4010a9 test ebx, 0x80000000 jne short loc_004010a9 ; jne 0x4010a9 mov eax, dword [esp + 4] add eax, 0xa push eax mov ebx, dword [esp + 4] push ebx jmp short loc_0040107a ; jmp 0x40107a loc_004010a9: xor eax, eax mov ax, word [ref_0049716e] ; mov ax, word [0x49716e] cmp esi, eax jne short loc_004010cb ; jne 0x4010cb test ebx, 0x80000000 jne short loc_004010cb ; jne 0x4010cb mov ecx, dword [esp + 4] push ecx mov eax, dword [esp + 4] sub eax, 0xa jmp short loc_00401079 ; jmp 0x401079 loc_004010cb: xor eax, eax mov ax, word [ref_00497170] ; mov ax, word [0x497170] cmp esi, eax jne near loc_00401157 ; jne 0x401157 test ebx, 0x80000000 jne short loc_004010f1 ; jne 0x4010f1 cmp word [ref_0046cb09], 0 ; cmp word [0x46cb09], 0 jne near loc_00401537 ; jne 0x401537 loc_004010f1: cmp byte [ref_0046cb00], 0 ; cmp byte [0x46cb00], 0 jne near loc_00401537 ; jne 0x401537 mov eax, dword [esp + 4] shl eax, 0x10 add eax, dword [esp] test ebx, 0x80000000 je short loc_00401134 ; je 0x401134 push eax push 0 push 0x202 mov edx, dword [_gWindowHandle] ; mov edx, dword [0x48a0d4] push edx call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] xor ebx, ebx mov word [ref_0046cb09], bx ; mov word [0x46cb09], bx jmp near loc_00401537 ; jmp 0x401537 loc_00401134: push eax push 0 push 0x201 mov eax, dword [_gWindowHandle] ; mov eax, dword [0x48a0d4] push eax call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] mov word [ref_0046cb09], 1 ; mov word [0x46cb09], 1 jmp near loc_00401537 ; jmp 0x401537 loc_00401157: xor eax, eax mov ax, word [ref_00497172] ; mov ax, word [0x497172] cmp esi, eax jne near loc_004011df ; jne 0x4011df test ebx, 0x80000000 je near loc_004011df ; je 0x4011df cmp byte [ref_0046cafe], 0 ; cmp byte [0x46cafe], 0 je short loc_004011c3 ; je 0x4011c3 cmp dword [_callbackSize], 1 ; cmp dword [0x46cad8], 1 jne short loc_004011c3 ; jne 0x4011c3 xor edx, edx xor ebx, ebx mov ebp, dword [_nplayers] ; mov ebp, dword [0x499114] loc_0040118f: cmp edx, ebp jge short loc_004011af ; jge 0x4011af imul eax, edx, 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_004011ac ; jne 0x4011ac cmp dword [eax + (_players+50)], 0 ; cmp dword [eax + 0x496b9a], 0 je near loc_00401537 ; je 0x401537 loc_004011ac: inc edx jmp short loc_0040118f ; jmp 0x40118f loc_004011af: test ebx, ebx jne near loc_00401537 ; jne 0x401537 mov byte [ref_0046caff], 1 ; mov byte [0x46caff], 1 jmp near loc_00401537 ; jmp 0x401537 loc_004011c3: push 0 push 0 push 0x205 mov edi, dword [_gWindowHandle] ; mov edi, dword [0x48a0d4] push edi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] jmp near loc_00401537 ; jmp 0x401537 loc_004011df: cmp byte [ref_0046cafd], 0 ; cmp byte [0x46cafd], 0 je near loc_00401537 ; je 0x401537 test ebx, 0xc0000000 je short loc_00401202 ; je 0x401202 xor edi, edi mov word [ref_0046cb07], di ; mov word [0x46cb07], di jmp near loc_00401537 ; jmp 0x401537 loc_00401202: cmp esi, 0x11 jne short loc_00401212 ; jne 0x401212 mov word [ref_0046cb07], 0x1100 ; mov word [0x46cb07], 0x1100 jmp short loc_00401219 ; jmp 0x401219 loc_00401212: or word [ref_0046cb07], si ; or word [0x46cb07], si loc_00401219: xor edx, edx mov dx, word [ref_00497176] ; mov dx, word [0x497176] xor eax, eax mov ax, word [ref_0046cb07] ; mov ax, word [0x46cb07] cmp eax, edx jne short loc_00401262 ; jne 0x401262 mov dh, byte [ref_0049715d] ; mov dh, byte [0x49715d] inc dh mov byte [ref_0049715d], dh ; mov byte [0x49715d], dh cmp dh, 3 jne short loc_00401249 ; jne 0x401249 xor bh, bh mov byte [ref_0049715d], bh ; mov byte [0x49715d], bh loc_00401249: call fcn_00419703 ; call 0x419703 push 1 call fcn_0041906a ; call 0x41906a add esp, 4 call fcn_004196f1 ; call 0x4196f1 jmp near loc_00401523 ; jmp 0x401523 loc_00401262: xor edx, edx mov dx, word [ref_0049717c] ; mov dx, word [0x49717c] cmp eax, edx jne short loc_0040128d ; jne 0x40128d push 0 call fcn_00402460 ; call 0x402460 add esp, 4 call fcn_00419703 ; call 0x419703 call fcn_0041d546 ; call 0x41d546 call fcn_0040dd1f ; call 0x40dd1f jmp near loc_00401523 ; jmp 0x401523 loc_0040128d: xor edx, edx mov dx, word [ref_0049717e] ; mov dx, word [0x49717e] cmp eax, edx jne near loc_00401312 ; jne 0x401312 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] imul eax, ecx, 0x68 cmp byte [eax + (_players+56)], 0 ; cmp byte [eax + 0x496ba0], 0 jne near loc_00401523 ; jne 0x401523 imul eax, ecx, 0x68 mov al, byte [eax + (_players+17)] ; mov al, byte [eax + 0x496b79] cmp al, 1 jb short loc_00401306 ; jb 0x401306 jbe short loc_004012c9 ; jbe 0x4012c9 cmp al, 2 je short loc_004012e7 ; je 0x4012e7 jmp short loc_00401306 ; jmp 0x401306 loc_004012c9: imul eax, ecx, 0x68 imul edx, ecx, 0x68 inc byte [eax + (_players+18)] ; inc byte [eax + 0x496b7a] cmp byte [edx + (_players+18)], 3 ; cmp byte [edx + 0x496b7a], 3 jne short loc_00401306 ; jne 0x401306 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 jmp short loc_004012ff ; jmp 0x4012ff loc_004012e7: imul eax, ecx, 0x68 imul edx, ecx, 0x68 inc byte [eax + (_players+18)] ; inc byte [eax + 0x496b7a] cmp byte [edx + (_players+18)], 4 ; cmp byte [edx + 0x496b7a], 4 jne short loc_00401306 ; jne 0x401306 imul eax, ecx, 0x68 loc_004012ff: mov byte [eax + (_players+18)], 1 ; mov byte [eax + 0x496b7a], 1 loc_00401306: push 1 call fcn_00417191 ; call 0x417191 jmp near loc_00401520 ; jmp 0x401520 loc_00401312: xor edx, edx mov dx, word [ref_00497180] ; mov dx, word [0x497180] cmp eax, edx jne short loc_0040132b ; jne 0x40132b push 0xa loc_00401321: call fcn_00417d65 ; call 0x417d65 jmp near loc_00401520 ; jmp 0x401520 loc_0040132b: xor edx, edx mov dx, word [ref_00497182] ; mov dx, word [0x497182] cmp eax, edx jne short loc_0040133c ; jne 0x40133c push 9 jmp short loc_00401321 ; jmp 0x401321 loc_0040133c: xor edx, edx mov dx, word [ref_00497184] ; mov dx, word [0x497184] cmp eax, edx jne short loc_0040134d ; jne 0x40134d push 8 jmp short loc_00401321 ; jmp 0x401321 loc_0040134d: xor edx, edx mov dx, word [ref_00497186] ; mov dx, word [0x497186] cmp eax, edx jne short loc_0040135e ; jne 0x40135e push 7 jmp short loc_00401321 ; jmp 0x401321 loc_0040135e: xor edx, edx mov dx, word [ref_00497188] ; mov dx, word [0x497188] cmp eax, edx jne short loc_0040136f ; jne 0x40136f push 6 jmp short loc_00401321 ; jmp 0x401321 loc_0040136f: xor edx, edx mov dx, word [ref_0049718a] ; mov dx, word [0x49718a] cmp eax, edx jne short loc_00401380 ; jne 0x401380 push 5 jmp short loc_00401321 ; jmp 0x401321 loc_00401380: xor edx, edx mov dx, word [ref_0049718c] ; mov dx, word [0x49718c] cmp eax, edx jne short loc_004013c0 ; jne 0x4013c0 mov edi, dword [ref_00499088] ; mov edi, dword [0x499088] dec edi mov dword [ref_00499088], edi ; mov dword [0x499088], edi mov ebp, edi and ebp, 7 mov dword [ref_00499088], ebp ; mov dword [0x499088], ebp mov eax, 0xffffffff mov dword [ref_00474930], eax ; mov dword [0x474930], eax mov dword [ref_00474934], eax ; mov dword [0x474934], eax loc_004013b4: push 1 call fcn_00415e70 ; call 0x415e70 jmp near loc_00401520 ; jmp 0x401520 loc_004013c0: xor edx, edx mov dx, word [ref_0049718e] ; mov dx, word [0x49718e] cmp eax, edx jne short loc_004013f8 ; jne 0x4013f8 mov edx, dword [ref_00499088] ; mov edx, dword [0x499088] inc edx mov dword [ref_00499088], edx ; mov dword [0x499088], edx mov ecx, edx and ecx, 7 mov dword [ref_00499088], ecx ; mov dword [0x499088], ecx mov ebx, 0xffffffff mov dword [ref_00474930], ebx ; mov dword [0x474930], ebx mov dword [ref_00474934], ebx ; mov dword [0x474934], ebx jmp short loc_004013b4 ; jmp 0x4013b4 loc_004013f8: xor edx, edx mov dx, word [ref_00497190] ; mov dx, word [0x497190] cmp eax, edx jne short loc_0040140c ; jne 0x40140c push 2 jmp near loc_00401321 ; jmp 0x401321 loc_0040140c: xor edx, edx mov dx, word [ref_00497192] ; mov dx, word [0x497192] cmp eax, edx jne short loc_00401420 ; jne 0x401420 push 1 jmp near loc_00401321 ; jmp 0x401321 loc_00401420: xor edx, edx mov dx, word [ref_00497194] ; mov dx, word [0x497194] cmp eax, edx jne short loc_00401434 ; jne 0x401434 push 4 jmp near loc_00401321 ; jmp 0x401321 loc_00401434: xor edx, edx mov dx, word [ref_00497196] ; mov dx, word [0x497196] cmp eax, edx jne short loc_00401448 ; jne 0x401448 push 3 jmp near loc_00401321 ; jmp 0x401321 loc_00401448: xor edx, edx mov dx, word [ref_00497198] ; mov dx, word [0x497198] cmp eax, edx jne short loc_0040145c ; jne 0x40145c push 0 jmp near loc_00401321 ; jmp 0x401321 loc_0040145c: xor edx, edx mov dx, word [ref_0049719e] ; mov dx, word [0x49719e] cmp eax, edx jne short loc_004014b1 ; jne 0x4014b1 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 call fcn_00419703 ; call 0x419703 push 0xf0 push 0xdc call fcn_00453a32 ; call 0x453a32 add esp, 8 cmp eax, 1 jne short loc_004014a0 ; jne 0x4014a0 call fcn_00411f80 ; call 0x411f80 mov byte [ref_0046caf9], 1 ; mov byte [0x46caf9], 1 jmp near loc_00401523 ; jmp 0x401523 loc_004014a0: call fcn_004196f1 ; call 0x4196f1 push 1 call fcn_00402460 ; call 0x402460 jmp near loc_00401520 ; jmp 0x401520 loc_004014b1: cmp byte [ref_0049715d], 2 ; cmp byte [0x49715d], 2 je short loc_00401523 ; je 0x401523 xor edx, edx mov dx, word [ref_0049719a] ; mov dx, word [0x49719a] cmp eax, edx jne short loc_004014ee ; jne 0x4014ee mov eax, dword [_current_player] ; mov eax, dword [0x49910c] mov cl, byte [eax + ref_0048be24] ; mov cl, byte [eax + 0x48be24] dec cl mov byte [eax + ref_0048be24], cl ; mov byte [eax + 0x48be24], cl mov ch, cl and ch, 3 mov byte [eax + ref_0048be24], ch ; mov byte [eax + 0x48be24], ch push 1 call fcn_00415f69 ; call 0x415f69 jmp short loc_00401520 ; jmp 0x401520 loc_004014ee: xor edx, edx mov dx, word [ref_0049719c] ; mov dx, word [0x49719c] cmp eax, edx jne short loc_00401523 ; jne 0x401523 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] mov bl, byte [eax + ref_0048be24] ; mov bl, byte [eax + 0x48be24] inc bl mov byte [eax + ref_0048be24], bl ; mov byte [eax + 0x48be24], bl mov bh, bl and bh, 3 mov byte [eax + ref_0048be24], bh ; mov byte [eax + 0x48be24], bh push 1 call fcn_00415f69 ; call 0x415f69 loc_00401520: add esp, 4 loc_00401523: cmp word [ref_0046cb07], 0x1100 ; cmp word [0x46cb07], 0x1100 je short loc_00401537 ; je 0x401537 xor esi, esi mov word [ref_0046cb07], si ; mov word [0x46cb07], si loc_00401537: xor eax, eax add esp, 8 pop ebp pop edi pop esi pop ebx ret 0xc fcn_00401543: push ebx push esi push edi push ebp push 0 push 0 push 0x259 mov edx, dword [ref_0048a0e4] ; mov edx, dword [0x48a0e4] push edx call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x96000 push ebx mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call _memcpy ; call 0x456de8 add esp, 0xc mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 push ref_0046cadc ; push 0x46cadc mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] push esi mov edi, dword [ref_0046cae0] ; mov edi, dword [0x46cae0] push edi mov ebp, dword [ref_0046cadc] ; mov ebp, dword [0x46cadc] push ebp push eax call dword [edx + 0x1c] ; ucall push ebx call clib_free ; call 0x456e11 add esp, 4 call fcn_00454edc ; call 0x454edc pop ebp pop edi pop esi pop ebx ret fcn_004015d6: push ebx push esi call fcn_0045011a ; call 0x45011a test eax, eax je near loc_00401812 ; je 0x401812 push 0 call fcn_00453b55 ; call 0x453b55 add esp, 4 push 0 push ref_0048a0d8 ; push 0x48a0d8 push 0 call fcn_00461222 ; call 0x461222 test eax, eax je short loc_0040161b ; je 0x40161b push 0x10 push ref_00463004 ; push 0x463004 push ref_0046300a ; push 0x46300a loc_0040160d: push 0 call dword [cs:__imp__MessageBoxA@16] ; ucall: call dword cs:[0x462308] xor eax, eax pop esi pop ebx ret loc_0040161b: mov eax, dword [ref_0048a0d8] ; mov eax, dword [0x48a0d8] mov edx, dword [eax] push 0x11 mov ecx, dword [_gWindowHandle] ; mov ecx, dword [0x48a0d4] push ecx push eax call dword [edx + 0x50] ; ucall mov eax, dword [ref_0048a0d8] ; mov eax, dword [0x48a0d8] mov edx, dword [eax] push 0x10 push 0x1e0 push 0x280 push eax call dword [edx + 0x54] ; ucall test eax, eax je short loc_00401658 ; je 0x401658 push 0x10 push ref_00463004 ; push 0x463004 push ref_00463024 ; push 0x463024 jmp short loc_0040160d ; jmp 0x40160d loc_00401658: mov dword [ref_0048a068], 0x6c ; mov dword [0x48a068], 0x6c mov esi, 1 mov dword [ref_0048a06c], esi ; mov dword [0x48a06c], esi mov dword [ref_0048a0d0], 0x200 ; mov dword [0x48a0d0], 0x200 mov eax, dword [ref_0048a0d8] ; mov eax, dword [0x48a0d8] mov edx, dword [eax] push 0 push ref_0048a0dc ; push 0x48a0dc push ref_0048a068 ; push 0x48a068 push eax call dword [edx + 0x18] ; ucall mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push eax call dword [edx + 0x6c] ; ucall mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0 push esi push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a078] ; mov eax, dword [0x48a078] mov dword [ref_0048a060], eax ; mov dword [0x48a060], eax mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov dword [ref_0048a06c], 7 ; mov dword [0x48a06c], 7 mov dword [ref_0048a0d0], 0x840 ; mov dword [0x48a0d0], 0x840 mov dword [ref_0048a074], 0x280 ; mov dword [0x48a074], 0x280 mov dword [ref_0048a070], 0x1e0 ; mov dword [0x48a070], 0x1e0 mov eax, dword [ref_0048a0d8] ; mov eax, dword [0x48a0d8] mov edx, dword [eax] push 0 push ref_0048a0e0 ; push 0x48a0e0 push ref_0048a068 ; push 0x48a068 push eax call dword [edx + 0x18] ; ucall call dword [cs:__imp__GetTickCount@0] ; ucall: call dword cs:[0x4623cc] push eax call clib_srand ; call 0x456f50 add esp, 4 call fcn_0044f935 ; call 0x44f935 call fcn_0045175d ; call 0x45175d push ref_0046303e ; push 0x46303e call fcn_004502fe ; call 0x4502fe add esp, 4 mov dword [ref_0048a0e4], eax ; mov dword [0x48a0e4], eax push ref_00463047 ; push 0x463047 call fcn_004502fe ; call 0x4502fe add esp, 4 mov dword [ref_0048a054], eax ; mov dword [0x48a054], eax push ref_00463054 ; push 0x463054 call fcn_004502fe ; call 0x4502fe add esp, 4 mov dword [ref_0048a05c], eax ; mov dword [0x48a05c], eax push ref_0046305e ; push 0x46305e call fcn_004502fe ; call 0x4502fe add esp, 4 mov dword [ref_0048a058], eax ; mov dword [0x48a058], eax push ref_0048231a ; push 0x48231a call fcn_00454176 ; call 0x454176 add esp, 4 call fcn_00411e8f ; call 0x411e8f push 0 mov ebx, dword [ref_0048a064] ; mov ebx, dword [0x48a064] push ebx push fcn_00401010 ; push 0x401010 push 2 call dword [cs:__imp__SetWindowsHookExA@16] ; ucall: call dword cs:[0x462328] mov dword [ref_0048a050], eax ; mov dword [0x48a050], eax call fcn_004020fa ; call 0x4020fa call fcn_004545ba ; call 0x4545ba push 0 push esi push 0x29 call fcn_004021f8 ; call 0x4021f8 add esp, 0xc xor ah, ah mov byte [ref_0046caf8], ah ; mov byte [0x46caf8], ah mov byte [ref_0046caf9], ah ; mov byte [0x46caf9], ah mov byte [ref_0046cafd], ah ; mov byte [0x46cafd], ah mov byte [ref_0046cb05], ah ; mov byte [0x46cb05], ah push 4 push 0 push ref_004990f0 ; push 0x4990f0 call memset ; call 0x456f60 add esp, 0xc push 0x5e880 call fcn_00456f80 ; call 0x456f80 add esp, 4 mov dword [ref_00474938], eax ; mov dword [0x474938], eax xor esi, esi mov dword [ref_00474930], esi ; mov dword [0x474930], esi mov dword [ref_00474934], esi ; mov dword [0x474934], esi mov dword [_windowCallbacks], esi ; mov dword [0x48a010], esi mov dword [_callbackSize], esi ; mov dword [0x46cad8], esi xor bh, bh mov byte [ref_0047e771], bh ; mov byte [0x47e771], bh mov eax, 1 loc_00401812: pop esi pop ebx ret fcn_00401815: push ebx push esi push edi push ebp cmp byte [ref_0046cb05], 0 ; cmp byte [0x46cb05], 0 jne near loc_004018e2 ; jne 0x4018e2 call fcn_004543c4 ; call 0x4543c4 mov edx, dword [ref_00474938] ; mov edx, dword [0x474938] push edx call clib_free ; call 0x456e11 add esp, 4 call fcn_004021b2 ; call 0x4021b2 call fcn_004548ef ; call 0x4548ef mov ecx, dword [ref_0048a058] ; mov ecx, dword [0x48a058] push ecx call fcn_00450404 ; call 0x450404 add esp, 4 mov ebx, dword [ref_0048a05c] ; mov ebx, dword [0x48a05c] push ebx call fcn_00450404 ; call 0x450404 add esp, 4 mov esi, dword [ref_0048a054] ; mov esi, dword [0x48a054] push esi call fcn_00450404 ; call 0x450404 add esp, 4 mov edi, dword [ref_0048a0e4] ; mov edi, dword [0x48a0e4] push edi call fcn_00450404 ; call 0x450404 add esp, 4 call fcn_00419228 ; call 0x419228 call fcn_0044f9b3 ; call 0x44f9b3 mov ebp, dword [ref_0048a050] ; mov ebp, dword [0x48a050] push ebp call dword [cs:__imp__UnhookWindowsHookEx@4] ; ucall: call dword cs:[0x462338] push ref_0048231a ; push 0x48231a call fcn_00454240 ; call 0x454240 add esp, 4 call fcn_00453d28 ; call 0x453d28 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] test eax, eax je short loc_004018b9 ; je 0x4018b9 mov edx, dword [eax] push eax call dword [edx + 8] ; ucall loc_004018b9: mov edx, dword [ref_0048a0dc] ; mov edx, dword [0x48a0dc] test edx, edx je short loc_004018cb ; je 0x4018cb mov eax, edx mov edx, dword [edx] push eax call dword [edx + 8] ; ucall loc_004018cb: mov ecx, dword [ref_0048a0d8] ; mov ecx, dword [0x48a0d8] test ecx, ecx je short loc_004018db ; je 0x4018db mov edx, dword [ecx] push ecx call dword [edx + 8] ; ucall loc_004018db: mov byte [ref_0046cb05], 1 ; mov byte [0x46cb05], 1 loc_004018e2: pop ebp pop edi pop esi pop ebx ret fcn_00401981: push ebx mov edx, dword [_callbackSize] ; mov edx, dword [0x46cad8] inc edx mov dword [_callbackSize], edx ; mov dword [0x46cad8], edx mov dword [edx*4 + _windowCallbacks], fcn_00417e26 ; mov dword [edx*4 + 0x48a010], 0x417e26 push 0 push 0 push 0x401 mov ebx, dword [_gWindowHandle] ; mov ebx, dword [0x48a0d4] push ebx call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 or byte [eax + ref_00498ea0], 0x80 ; or byte [eax + 0x498ea0], 0x80 cmp dword [esp + 8], 0 je short loc_004019d0 ; je 0x4019d0 push 0 call fcn_00454d91 ; call 0x454d91 add esp, 4 loc_004019d0: pop ebx ret fcn_004019d2: dec dword [_callbackSize] ; dec dword [0x46cad8] jmp near fcn_00454edc ; jmp 0x454edc fcn_004019dd: push ebx push esi push edi push ebp mov eax, dword [esp + 0x18] mov edx, dword [esp + 0x1c] xor ebx, ebx cmp eax, 0x1c jb short loc_00401a02 ; jb 0x401a02 jbe short loc_00401a10 ; jbe 0x401a10 cmp eax, 0x3b9 je near loc_00401b08 ; je 0x401b08 jmp near loc_00401b33 ; jmp 0x401b33 loc_00401a02: cmp eax, 2 je near loc_00401b24 ; je 0x401b24 jmp near loc_00401b33 ; jmp 0x401b33 loc_00401a10: test edx, edx je near loc_00401a9f ; je 0x401a9f cmp dword [ref_0046cb0b], 0 ; cmp dword [0x46cb0b], 0 je short loc_00401a87 ; je 0x401a87 mov esi, dword [ref_0048a0dc] ; mov esi, dword [0x48a0dc] test esi, esi je short loc_00401a31 ; je 0x401a31 mov edx, dword [esi] push esi call dword [edx + 0x6c] ; ucall loc_00401a31: cmp byte [ref_0046cb02], 0 ; cmp byte [0x46cb02], 0 je short loc_00401a4c ; je 0x401a4c push 0 push 0 push 0 push ref_00463069 ; push 0x463069 call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] loc_00401a4c: cmp byte [ref_0046cb03], 0 ; cmp byte [0x46cb03], 0 je short loc_00401a67 ; je 0x401a67 push 0 push 0 push 0 push ref_00463074 ; push 0x463074 call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] loc_00401a67: cmp byte [ref_0046cb04], 0 ; cmp byte [0x46cb04], 0 je short loc_00401a87 ; je 0x401a87 mov edi, dword [_gWindowHandle] ; mov edi, dword [0x48a0d4] push edi push 0 push 0 push ref_0046307f ; push 0x46307f call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] loc_00401a87: mov ebp, dword [esp + 0x14] push ebp call dword [cs:__imp__SetFocus@4] ; ucall: call dword cs:[0x462320] mov byte [ref_0046cb01], 1 ; mov byte [0x46cb01], 1 jmp near loc_00401b6e ; jmp 0x401b6e loc_00401a9f: mov dword [ref_0046cb0b], 1 ; mov dword [0x46cb0b], 1 xor dl, dl mov byte [ref_0046cb01], dl ; mov byte [0x46cb01], dl cmp byte [ref_0046cb02], 0 ; cmp byte [0x46cb02], 0 je short loc_00401ac9 ; je 0x401ac9 push ebx push ebx push ebx push ref_00463093 ; push 0x463093 call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] loc_00401ac9: cmp byte [ref_0046cb03], 0 ; cmp byte [0x46cb03], 0 je short loc_00401ae4 ; je 0x401ae4 push 0 push 0 push 0 push ref_0046309d ; push 0x46309d call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] loc_00401ae4: cmp byte [ref_0046cb04], 0 ; cmp byte [0x46cb04], 0 je near loc_00401b6e ; je 0x401b6e push 0 push 0 push 0 push ref_004630a7 ; push 0x4630a7 call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] jmp near loc_00401b6e ; jmp 0x401b6e loc_00401b08: cmp edx, 1 jne short loc_00401b6e ; jne 0x401b6e cmp byte [ref_0046cb02], 0 ; cmp byte [0x46cb02], 0 je short loc_00401b1d ; je 0x401b1d call fcn_0045174a ; call 0x45174a jmp short loc_00401b6e ; jmp 0x401b6e loc_00401b1d: call fcn_00454d2c ; call 0x454d2c jmp short loc_00401b6e ; jmp 0x401b6e loc_00401b24: call fcn_00401815 ; call 0x401815 push ebx call dword [cs:__imp__PostQuitMessage@4] ; ucall: call dword cs:[0x462314] jmp short loc_00401b6e ; jmp 0x401b6e loc_00401b33: mov ebx, dword [_callbackSize] ; mov ebx, dword [0x46cad8] shl ebx, 2 cmp dword [ebx + _windowCallbacks], 0 ; cmp dword [ebx + 0x48a010], 0 je short loc_00401b59 ; je 0x401b59 mov edi, dword [esp + 0x20] push edi push edx push eax mov ebp, dword [esp + 0x20] push ebp call dword [ebx + _windowCallbacks] ; ucall: call dword [ebx + 0x48a010] jmp short loc_00401b6c ; jmp 0x401b6c loc_00401b59: mov ebx, dword [esp + 0x20] push ebx push edx push eax mov esi, dword [esp + 0x20] push esi call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] loc_00401b6c: mov ebx, eax loc_00401b6e: mov eax, ebx pop ebp pop edi pop esi pop ebx ret 0x10 endloc_00401b77: db 0x90 ref_00401b78: ; may contain a jump table dd loc_00401cc8 dd loc_00401d08 dd loc_00401d2b dd loc_00401d18 dd loc_00401cbf ref_00401b8c: ; may contain a jump table dd loc_00401c8c dd loc_00401def dd loc_00401e25 dd loc_00401e2f rich4_main: push ebx push esi push ebp sub esp, 0x44 mov eax, dword [esp + 0x54] mov dword [ref_0048a064], eax ; mov dword [0x48a064], eax xor edx, edx mov dword [esp], edx mov dword [esp + 4], fcn_004019dd ; mov dword [esp + 4], 0x4019dd xor ebx, ebx mov dword [esp + 8], edx mov dword [esp + 0xc], edx mov dword [esp + 0x10], eax push ref_004630b4 ; push 0x4630b4 push eax call dword [cs:__imp__LoadIconA@8] ; ucall: call dword cs:[0x462304] mov dword [esp + 0x14], eax push 0x7f00 push ebx call dword [cs:__imp__LoadCursorA@8] ; ucall: call dword cs:[0x462300] mov dword [esp + 0x18], eax push 4 call dword [cs:__imp__GetStockObject@4] ; ucall: call dword cs:[0x4622a4] mov dword [esp + 0x1c], eax mov dword [esp + 0x20], ebx mov ebp, ref_004630bf ; mov ebp, 0x4630bf mov dword [esp + 0x24], ebp mov eax, esp push eax call dword [cs:__imp__RegisterClassA@4] ; ucall: call dword cs:[0x462318] test ax, ax jne short loc_00401c1b ; jne 0x401c1b mov eax, 0xffffffff jmp near loc_00401e50 ; jmp 0x401e50 loc_00401c1b: push ebx mov eax, dword [ref_0048a064] ; mov eax, dword [0x48a064] push eax push ebx push ebx push 1 call dword [cs:__imp__GetSystemMetrics@4] ; ucall: call dword cs:[0x4622f0] push eax push ebx call dword [cs:__imp__GetSystemMetrics@4] ; ucall: call dword cs:[0x4622f0] push eax push ebx push ebx push 0x80000000 push ebp push ebp push ebx call dword [cs:__imp__CreateWindowExA@48] ; ucall: call dword cs:[0x4622d4] mov dword [_gWindowHandle], eax ; mov dword [0x48a0d4], eax call fcn_004015d6 ; call 0x4015d6 test eax, eax je near loc_00401e50 ; je 0x401e50 push 5 mov edx, dword [_gWindowHandle] ; mov edx, dword [0x48a0d4] push edx call dword [cs:__imp__ShowWindow@8] ; ucall: call dword cs:[0x462330] mov ecx, dword [_gWindowHandle] ; mov ecx, dword [0x48a0d4] push ecx call dword [cs:__imp__UpdateWindow@4] ; ucall: call dword cs:[0x46233c] push 1 push ref_0046cadc ; push 0x46cadc push ref_004630c5 ; push 0x4630c5 call fcn_00451677 ; call 0x451677 add esp, 0xc loc_00401c8c: xor edx, edx mov word [ref_004991b8], dx ; mov word [0x4991b8], dx mov word [ref_004991b6], dx ; mov word [0x4991b6], dx xor ebx, ebx mov dword [ref_004990f0], ebx ; mov dword [0x4990f0], ebx xor ah, ah mov byte [ref_0046cafc], ah ; mov byte [0x46cafc], ah call fcn_004029fd ; call 0x4029fd mov ebx, eax loc_00401cb3: cmp ebx, 4 ja short loc_00401d2b ; ja 0x401d2b loc_00401cb8: jmp dword [ebx*4 + ref_00401b78] ; ujmp: jmp dword [ebx*4 + 0x401b78] loc_00401cbf: mov word [ref_004991b6], 1 ; mov word [0x4991b6], 1 loc_00401cc8: xor eax, eax mov al, byte [ref_0046cafc] ; mov al, byte [0x46cafc] push eax call fcn_00406de7 ; call 0x406de7 add esp, 4 test eax, eax je short loc_00401c8c ; je 0x401c8c call fcn_00401543 ; call 0x401543 call fcn_00407ad2 ; call 0x407ad2 call fcn_004190cf ; call 0x4190cf call fcn_004291d6 ; call 0x4291d6 call fcn_00415872 ; call 0x415872 mov byte [ref_0046cafc], 1 ; mov byte [0x46cafc], 1 push 0 loc_00401cfe: call fcn_00401981 ; call 0x401981 add esp, 4 jmp short loc_00401d2b ; jmp 0x401d2b loc_00401d08: call fcn_004190cf ; call 0x4190cf mov byte [ref_0046cafc], 1 ; mov byte [0x46cafc], 1 push 1 jmp short loc_00401cfe ; jmp 0x401cfe loc_00401d18: call fcn_00401815 ; call 0x401815 mov esi, dword [_gWindowHandle] ; mov esi, dword [0x48a0d4] push esi loc_00401d24: call dword [cs:__imp__DestroyWindow@4] ; ucall: call dword cs:[0x4622dc] loc_00401d2b: push 1 push 0 push 0 push 0 lea eax, [esp + 0x38] push eax call dword [cs:__imp__PeekMessageA@20] ; ucall: call dword cs:[0x46230c] test eax, eax je short loc_00401d68 ; je 0x401d68 cmp dword [esp + 0x2c], 0x12 je near loc_00401e4c ; je 0x401e4c lea eax, [esp + 0x28] push eax call dword [cs:__imp__TranslateMessage@4] ; ucall: call dword cs:[0x462334] lea eax, [esp + 0x28] push eax call dword [cs:__imp__DispatchMessageA@4] ; ucall: call dword cs:[0x4622e0] jmp short loc_00401d2b ; jmp 0x401d2b loc_00401d68: cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je short loc_00401d2b ; je 0x401d2b cmp dword [ref_00475110], 0 ; cmp dword [0x475110], 0 je short loc_00401d7f ; je 0x401d7f call fcn_004192f7 ; call 0x4192f7 loc_00401d7f: cmp byte [ref_0046cafa], 0 ; cmp byte [0x46cafa], 0 je short loc_00401d8d ; je 0x401d8d call fcn_0040d7c4 ; call 0x40d7c4 loc_00401d8d: imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 cmp byte [eax + ref_00498ea2], 0 ; cmp byte [eax + 0x498ea2], 0 jne short loc_00401db8 ; jne 0x401db8 mov ch, byte [eax + ref_00498ea0] ; mov ch, byte [eax + 0x498ea0] test ch, 0x80 je short loc_00401db8 ; je 0x401db8 mov dl, ch and dl, 0x7f mov byte [eax + ref_00498ea0], dl ; mov byte [eax + 0x498ea0], dl call fcn_00418c55 ; call 0x418c55 loc_00401db8: mov dh, byte [ref_0046caf8] ; mov dh, byte [0x46caf8] test dh, dh je short loc_00401e03 ; je 0x401e03 xor bl, bl mov byte [ref_0046cb06], bl ; mov byte [0x46cb06], bl xor ebx, ebx mov bl, dh call fcn_00419228 ; call 0x419228 call fcn_004019d2 ; call 0x4019d2 xor cl, cl mov byte [ref_0046caf8], cl ; mov byte [0x46caf8], cl lea eax, [ebx - 1] cmp eax, 3 ja short loc_00401e03 ; ja 0x401e03 jmp dword [eax*4 + ref_00401b8c] ; ujmp: jmp dword [eax*4 + 0x401b8c] loc_00401def: xor ebx, ebx call fcn_004075c1 ; call 0x4075c1 cmp byte [ref_0046caf9], 0 ; cmp byte [0x46caf9], 0 je near loc_00401cb3 ; je 0x401cb3 loc_00401e03: cmp byte [ref_0046caf9], 0 ; cmp byte [0x46caf9], 0 je near loc_00401d2b ; je 0x401d2b call fcn_00451b36 ; call 0x451b36 call fcn_00401815 ; call 0x401815 mov eax, dword [_gWindowHandle] ; mov eax, dword [0x48a0d4] push eax jmp near loc_00401d24 ; jmp 0x401d24 loc_00401e25: call fcn_004075c1 ; call 0x4075c1 jmp near loc_00401c8c ; jmp 0x401c8c loc_00401e2f: push 0 call game_load_ui ; call 0x403d74 add esp, 4 cmp eax, 0xffffffff je near loc_00401c8c ; je 0x401c8c mov ebx, 1 jmp near loc_00401cb8 ; jmp 0x401cb8 loc_00401e4c: mov eax, dword [esp + 0x30] loc_00401e50: add esp, 0x44 pop ebp pop esi pop ebx ret 0x10 fcn_00401e59: push ebx push esi push edi mov ecx, 0x20 mov edx, ecx mov eax, dword [esp + 0x10] mov dword [ref_0048a168], eax ; mov dword [0x48a168], eax mov eax, dword [esp + 0x14] mov dword [ref_0048a164], eax ; mov dword [0x48a164], eax movsx ebx, word [ref_0048a172] ; movsx ebx, word [0x48a172] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 mov ebx, dword [ref_0048a0f4] ; mov ebx, dword [0x48a0f4] add eax, ebx movsx ebx, word [eax + 4] mov esi, dword [esp + 0x10] sub esi, ebx mov dword [ref_0048a0ec], esi ; mov dword [0x48a0ec], esi movsx eax, word [eax + 6] mov ebx, dword [esp + 0x14] sub ebx, eax mov dword [ref_0048a0f0], ebx ; mov dword [0x48a0f0], ebx test esi, esi jge short loc_00401ebc ; jge 0x401ebc add ecx, esi xor esi, esi mov dword [ref_0048a0ec], esi ; mov dword [0x48a0ec], esi loc_00401ebc: mov edi, dword [ref_0048a0f0] ; mov edi, dword [0x48a0f0] test edi, edi jge short loc_00401ecf ; jge 0x401ecf add edx, edi xor eax, eax mov dword [ref_0048a0f0], eax ; mov dword [0x48a0f0], eax loc_00401ecf: mov eax, dword [ref_0048a0ec] ; mov eax, dword [0x48a0ec] add eax, 0x20 cmp eax, 0x280 jle short loc_00401eea ; jle 0x401eea mov eax, dword [ref_0048a0ec] ; mov eax, dword [0x48a0ec] sub eax, 0x260 sub ecx, eax loc_00401eea: mov eax, dword [ref_0048a0f0] ; mov eax, dword [0x48a0f0] add eax, 0x20 cmp eax, 0x1e0 jle short loc_00401f05 ; jle 0x401f05 mov eax, dword [ref_0048a0f0] ; mov eax, dword [0x48a0f0] sub eax, 0x1c0 sub edx, eax loc_00401f05: push edx push ecx mov edx, dword [ref_0048a0f0] ; mov edx, dword [0x48a0f0] push edx mov ecx, dword [ref_0048a0ec] ; mov ecx, dword [0x48a0ec] push ecx mov ebx, dword [ref_0048a0e8] ; mov ebx, dword [0x48a0e8] push ebx push ref_0046cb14 ; push 0x46cb14 call fcn_00451a97 ; call 0x451a97 add esp, 0x18 mov esi, dword [esp + 0x14] push esi mov edi, dword [esp + 0x14] push edi movsx edx, word [ref_0048a172] ; movsx edx, word [0x48a172] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048a0f4] ; mov edx, dword [0x48a0f4] add eax, edx push eax push ref_0046cb14 ; push 0x46cb14 call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 pop edi pop esi pop ebx ret fcn_00401f5e: push ebx push esi cmp dword [ref_0048a168], 0xffffffff ; cmp dword [0x48a168], 0xffffffff je short loc_00401f95 ; je 0x401f95 mov ecx, dword [ref_0048a0f0] ; mov ecx, dword [0x48a0f0] push ecx mov ebx, dword [ref_0048a0ec] ; mov ebx, dword [0x48a0ec] push ebx mov esi, dword [ref_0048a0e8] ; mov esi, dword [0x48a0e8] push esi push ref_0046cb14 ; push 0x46cb14 call fcn_00456280 ; call 0x456280 add esp, 0x10 mov dword [ref_0048a168], 0xffffffff ; mov dword [0x48a168], 0xffffffff loc_00401f95: pop esi pop ebx ret fcn_00401f98: push ebx push esi push edi sub esp, 8 xor ebx, ebx cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je near loc_004020f1 ; je 0x4020f1 xor eax, eax mov al, byte [ref_00497158] ; mov al, byte [0x497158] mov al, byte [eax + ref_0046cb20] ; mov al, byte [eax + 0x46cb20] and eax, 0xff mov edx, dword [ref_0046cb23] ; mov edx, dword [0x46cb23] inc edx mov dword [ref_0046cb23], edx ; mov dword [0x46cb23], edx cmp eax, edx jg short loc_00401fdd ; jg 0x401fdd mov dword [ref_0046cb23], ebx ; mov dword [0x46cb23], ebx mov byte [ref_0046cafa], 1 ; mov byte [0x46cafa], 1 loc_00401fdd: test byte [ref_0048a179], 1 ; test byte [0x48a179], 1 je near loc_004020f1 ; je 0x4020f1 cmp byte [ref_0048a17a], 0 ; cmp byte [0x48a17a], 0 jne near loc_004020f1 ; jne 0x4020f1 cmp byte [ref_0046caf9], 0 ; cmp byte [0x46caf9], 0 jne near loc_004020f1 ; jne 0x4020f1 mov byte [ref_0048a17a], 1 ; mov byte [0x48a17a], 1 cmp word [ref_0048a170], 1 ; cmp word [0x48a170], 1 jle short loc_00402065 ; jle 0x402065 mov cx, word [ref_0048a176] ; mov cx, word [0x48a176] inc ecx mov word [ref_0048a176], cx ; mov word [0x48a176], cx movsx edx, cx movsx eax, word [ref_0048a174] ; movsx eax, word [0x48a174] cmp edx, eax jl short loc_00402065 ; jl 0x402065 xor esi, esi mov word [ref_0048a176], si ; mov word [0x48a176], si mov di, word [ref_0048a172] ; mov di, word [0x48a172] inc edi mov word [ref_0048a172], di ; mov word [0x48a172], di movsx eax, di movsx edx, word [ref_0048a170] ; movsx edx, word [0x48a170] cmp eax, edx jne short loc_00402060 ; jne 0x402060 xor eax, edx mov word [ref_0048a172], ax ; mov word [0x48a172], ax loc_00402060: mov ebx, 1 loc_00402065: mov eax, esp push eax call dword [cs:__imp__GetCursorPos@4] ; ucall: call dword cs:[0x4622ec] mov eax, dword [esp] cmp eax, dword [ref_0048a168] ; cmp eax, dword [0x48a168] jne short loc_0040208a ; jne 0x40208a mov eax, dword [esp + 4] cmp eax, dword [ref_0048a164] ; cmp eax, dword [0x48a164] jne short loc_0040208a ; jne 0x40208a test ebx, ebx je short loc_004020e9 ; je 0x4020e9 loc_0040208a: test byte [ref_0048a179], 2 ; test byte [0x48a179], 2 jne short loc_004020a2 ; jne 0x4020a2 mov eax, dword [ref_0048a0d8] ; mov eax, dword [0x48a0d8] mov ebx, dword [eax] push 0 push 1 push eax call dword [ebx + 0x58] ; ucall loc_004020a2: mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov ebx, dword [eax] push 0 push 1 push ref_0048a0f8 ; push 0x48a0f8 push 0 push eax call dword [ebx + 0x64] ; ucall mov eax, dword [ref_0048a11c] ; mov eax, dword [0x48a11c] mov dword [ref_0046cb1c], eax ; mov dword [0x46cb1c], eax call fcn_00401f5e ; call 0x401f5e mov eax, dword [esp + 4] push eax mov edx, dword [esp + 4] push edx call fcn_00401e59 ; call 0x401e59 add esp, 8 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov ebx, dword [eax] push 0 push eax call dword [ebx + 0x80] ; ucall loc_004020e9: xor dl, dl mov byte [ref_0048a17a], dl ; mov byte [0x48a17a], dl loc_004020f1: add esp, 8 pop edi pop esi pop ebx ret 0x14 fcn_004020fa: mov edx, dword [ref_0046cb10] ; mov edx, dword [0x46cb10] test edx, edx jne near loc_004021b1 ; jne 0x4021b1 push edx push edx push edx mov ecx, dword [ref_0048a0e4] ; mov ecx, dword [0x48a0e4] push ecx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0046cb10], eax ; mov dword [0x46cb10], eax push 0 push 0 push 0x20 push 0x20 call fcn_00451a5a ; call 0x451a5a add esp, 0x10 mov dword [ref_0048a0e8], eax ; mov dword [0x48a0e8], eax xor ah, ah mov byte [ref_0048a179], ah ; mov byte [0x48a179], ah mov byte [ref_0048a17a], ah ; mov byte [0x48a17a], ah mov byte [ref_0048a178], ah ; mov byte [0x48a178], ah mov dword [ref_0048a168], 0xffffffff ; mov dword [0x48a168], 0xffffffff push 0 call dword [cs:__imp__ShowCursor@4] ; ucall: call dword cs:[0x46232c] mov dword [ref_0048a0f8], 0x6c ; mov dword [0x48a0f8], 0x6c mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0 push 1 push ref_0048a0f8 ; push 0x48a0f8 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a108] ; mov eax, dword [0x48a108] sar eax, 1 mov word [ref_0046cb14], ax ; mov word [0x46cb14], ax mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 1 push 0 push fcn_00401f98 ; push 0x401f98 push 5 push 0x14 call dword [cs:__imp__timeSetEvent@20] ; ucall: call dword cs:[0x462474] mov dword [ref_0048a16c], eax ; mov dword [0x48a16c], eax loc_004021b1: ret fcn_004021b2: push ebx push esi mov edx, dword [ref_0046cb10] ; mov edx, dword [0x46cb10] test edx, edx je short loc_004021f5 ; je 0x4021f5 xor ah, ah mov byte [ref_0048a179], ah ; mov byte [0x48a179], ah push edx call clib_free ; call 0x456e11 add esp, 4 mov ebx, dword [ref_0048a0e8] ; mov ebx, dword [0x48a0e8] push ebx call clib_free ; call 0x456e11 add esp, 4 mov esi, dword [ref_0048a16c] ; mov esi, dword [0x48a16c] push esi call dword [cs:__imp__timeKillEvent@4] ; ucall: call dword cs:[0x462470] push 1 call dword [cs:__imp__ShowCursor@4] ; ucall: call dword cs:[0x46232c] loc_004021f5: pop esi pop ebx ret fcn_004021f8: mov ecx, dword [ref_0046cb10] ; mov ecx, dword [0x46cb10] mov edx, dword [esp + 4] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 add ecx, 0xc add ecx, eax mov dword [ref_0048a0f4], ecx ; mov dword [0x48a0f4], ecx mov eax, dword [esp + 8] mov word [ref_0048a170], ax ; mov word [0x48a170], ax mov eax, dword [esp + 0xc] mov word [ref_0048a174], ax ; mov word [0x48a174], ax xor edx, edx mov word [ref_0048a172], dx ; mov word [0x48a172], dx mov word [ref_0048a176], dx ; mov word [0x48a176], dx push 0 call fcn_0040235d ; call 0x40235d add esp, 4 push 0 call fcn_00402250 ; call 0x402250 add esp, 4 ret fcn_00402250: push ebx push esi sub esp, 8 mov ebx, dword [esp + 0x14] mov ah, byte [ref_0048a178] ; mov ah, byte [0x48a178] cmp ah, 1 jne near loc_00402357 ; jne 0x402357 cmp byte [ref_0046caf9], 0 ; cmp byte [0x46caf9], 0 jne near loc_00402357 ; jne 0x402357 test byte [ref_0048a179], ah ; test byte [0x48a179], ah jne near loc_00402357 ; jne 0x402357 mov eax, esp push eax call dword [cs:__imp__GetCursorPos@4] ; ucall: call dword cs:[0x4622ec] test ebx, ebx je near loc_004022ff ; je 0x4022ff movsx edx, word [ref_0048a172] ; movsx edx, word [0x48a172] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048a0f4] ; mov edx, dword [0x48a0f4] add eax, edx movsx edx, word [eax + 4] mov ecx, dword [esp] sub ecx, edx mov edx, ecx movsx eax, word [eax + 6] mov ecx, dword [esp + 4] sub ecx, eax mov eax, ecx lea ecx, [edx + 0x20] lea esi, [eax + 0x20] cmp edx, dword [ebx + 8] jge short loc_004022dc ; jge 0x4022dc cmp ecx, dword [ebx] jle short loc_004022dc ; jle 0x4022dc cmp eax, dword [ebx + 0xc] jge short loc_004022dc ; jge 0x4022dc cmp esi, dword [ebx + 4] jg short loc_004022ff ; jg 0x4022ff loc_004022dc: mov eax, dword [ref_0048a0ec] ; mov eax, dword [0x48a0ec] cmp eax, dword [ebx + 8] jge short loc_00402357 ; jge 0x402357 add eax, 0x20 cmp eax, dword [ebx] jle short loc_00402357 ; jle 0x402357 mov eax, dword [ref_0048a0f0] ; mov eax, dword [0x48a0f0] cmp eax, dword [ebx + 0xc] jge short loc_00402357 ; jge 0x402357 add eax, 0x20 cmp eax, dword [ebx + 4] jle short loc_00402357 ; jle 0x402357 loc_004022ff: mov byte [ref_0048a17a], 1 ; mov byte [0x48a17a], 1 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov ebx, dword [eax] push 0 push 1 push ref_0048a0f8 ; push 0x48a0f8 push 0 push eax call dword [ebx + 0x64] ; ucall mov eax, dword [ref_0048a11c] ; mov eax, dword [0x48a11c] mov dword [ref_0046cb1c], eax ; mov dword [0x46cb1c], eax mov ecx, dword [esp + 4] push ecx mov ebx, dword [esp + 4] push ebx call fcn_00401e59 ; call 0x401e59 add esp, 8 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall xor bh, bh mov byte [ref_0048a17a], bh ; mov byte [0x48a17a], bh or byte [ref_0048a179], 1 ; or byte [0x48a179], 1 loc_00402357: add esp, 8 pop esi pop ebx ret fcn_0040235d: push ebx push esi sub esp, 8 mov ebx, dword [esp + 0x14] mov ah, byte [ref_0048a178] ; mov ah, byte [0x48a178] cmp ah, 1 jne short loc_00402357 ; jne 0x402357 cmp byte [ref_0046caf9], 0 ; cmp byte [0x46caf9], 0 jne short loc_00402357 ; jne 0x402357 test byte [ref_0048a179], ah ; test byte [0x48a179], ah je short loc_00402357 ; je 0x402357 mov eax, esp push eax call dword [cs:__imp__GetCursorPos@4] ; ucall: call dword cs:[0x4622ec] test ebx, ebx je near loc_00402410 ; je 0x402410 movsx edx, word [ref_0048a172] ; movsx edx, word [0x48a172] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048a0f4] ; mov edx, dword [0x48a0f4] add eax, edx movsx edx, word [eax + 4] mov ecx, dword [esp] sub ecx, edx mov edx, ecx movsx eax, word [eax + 6] mov ecx, dword [esp + 4] sub ecx, eax mov eax, ecx lea ecx, [edx + 0x20] lea esi, [eax + 0x20] cmp edx, dword [ebx + 8] jge short loc_004023dd ; jge 0x4023dd cmp ecx, dword [ebx] jle short loc_004023dd ; jle 0x4023dd cmp eax, dword [ebx + 0xc] jge short loc_004023dd ; jge 0x4023dd cmp esi, dword [ebx + 4] jg short loc_00402410 ; jg 0x402410 loc_004023dd: mov eax, dword [ref_0048a0ec] ; mov eax, dword [0x48a0ec] cmp eax, dword [ebx + 8] jge near loc_00402357 ; jge 0x402357 add eax, 0x20 cmp eax, dword [ebx] jle near loc_00402357 ; jle 0x402357 mov eax, dword [ref_0048a0f0] ; mov eax, dword [0x48a0f0] cmp eax, dword [ebx + 0xc] jge near loc_00402357 ; jge 0x402357 add eax, 0x20 cmp eax, dword [ebx + 4] jle near loc_00402357 ; jle 0x402357 loc_00402410: mov byte [ref_0048a17a], 1 ; mov byte [0x48a17a], 1 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov ebx, dword [eax] push 0 push 1 push ref_0048a0f8 ; push 0x48a0f8 push 0 push eax call dword [ebx + 0x64] ; ucall mov eax, dword [ref_0048a11c] ; mov eax, dword [0x48a11c] mov dword [ref_0046cb1c], eax ; mov dword [0x46cb1c], eax call fcn_00401f5e ; call 0x401f5e mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall xor bh, bh mov byte [ref_0048a17a], bh ; mov byte [0x48a17a], bh and byte [ref_0048a179], 0xfe ; and byte [0x48a179], 0xfe jmp near loc_00402357 ; jmp 0x402357 fcn_00402460: cmp dword [esp + 4], 1 jne short loc_00402484 ; jne 0x402484 mov al, byte [esp + 4] mov byte [ref_0048a178], al ; mov byte [0x48a178], al test byte [ref_0048a179], 1 ; test byte [0x48a179], 1 jne short loc_004024a0 ; jne 0x4024a0 push 0 call fcn_00402250 ; call 0x402250 add esp, 4 ret loc_00402484: test byte [ref_0048a179], 1 ; test byte [0x48a179], 1 je short loc_00402497 ; je 0x402497 push 0 call fcn_0040235d ; call 0x40235d add esp, 4 loc_00402497: mov al, byte [esp + 4] mov byte [ref_0048a178], al ; mov byte [0x48a178], al loc_004024a0: ret fcn_004024a1: xor eax, eax mov al, byte [ref_0048a178] ; mov al, byte [0x48a178] ret fcn_004024a9: cmp dword [esp + 4], 1 jne short loc_004024b8 ; jne 0x4024b8 and byte [ref_0048a179], 0xfd ; and byte [0x48a179], 0xfd ret loc_004024b8: or byte [ref_0048a179], 2 ; or byte [0x48a179], 2 ret fcn_004024c0: push ebx sub esp, 8 mov ebx, dword [esp + 0x10] mov eax, esp push eax call dword [cs:__imp__GetCursorPos@4] ; ucall: call dword cs:[0x4622ec] movsx edx, word [ref_0048a172] ; movsx edx, word [0x48a172] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048a0f4] ; mov eax, dword [0x48a0f4] movsx eax, word [edx + eax + 4] mov edx, dword [esp] sub edx, eax mov dword [ebx], edx movsx edx, word [ref_0048a172] ; movsx edx, word [0x48a172] mov eax, edx shl eax, 2 sub eax, edx mov edx, dword [ref_0048a0f4] ; mov edx, dword [0x48a0f4] movsx eax, word [edx + eax*4 + 6] mov edx, dword [esp + 4] sub edx, eax mov dword [ebx + 4], edx mov eax, dword [ebx] add eax, 0x20 mov dword [ebx + 8], eax mov eax, dword [ebx + 4] add eax, 0x20 mov dword [ebx + 0xc], eax cmp dword [ebx], 0 jge short loc_00402534 ; jge 0x402534 mov dword [ebx], 0 loc_00402534: cmp dword [ebx + 4], 0 jge short loc_00402541 ; jge 0x402541 mov dword [ebx + 4], 0 loc_00402541: cmp dword [ebx + 8], 0x280 jle short loc_00402551 ; jle 0x402551 mov dword [ebx + 8], 0x280 loc_00402551: cmp dword [ebx + 0xc], 0x1e0 jle short loc_00402561 ; jle 0x402561 mov dword [ebx + 0xc], 0x1e0 loc_00402561: add esp, 8 pop ebx ret ref_00402566: ; may contain a jump table dd fcn_0040274c dd fcn_0040264d dd fcn_004026e2 dd fcn_0040274c dd fcn_0040274c fcn_0040257a: push ebx push esi push edi push ebp sub esp, 0x58 mov eax, dword [esp + 0x70] mov ecx, dword [esp + 0x78] cmp eax, 0x200 jb short loc_004025ad ; jb 0x4025ad jbe near loc_00402762 ; jbe 0x402762 cmp eax, 0x201 jbe near loc_00402620 ; jbe 0x402620 cmp eax, 0x401 je short loc_004025bb ; je 0x4025bb jmp near loc_004029e5 ; jmp 0x4029e5 loc_004025ad: cmp eax, 0xf je near loc_00402989 ; je 0x402989 jmp near loc_004029e5 ; jmp 0x4029e5 loc_004025bb: mov dword [ref_0048a184], 0xffffffff ; mov dword [0x48a184], 0xffffffff mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0 push 0 mov eax, dword [ref_0048a180] ; mov eax, dword [0x48a180] add eax, 0xc push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push 0 mov ebx, dword [esp + 0x74] push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_00402617: push 1 call fcn_00402460 ; call 0x402460 jmp short loc_00402672 ; jmp 0x402672 loc_00402620: cmp dword [ref_0048a184], 0xffffffff ; cmp dword [0x48a184], 0xffffffff je short loc_00402638 ; je 0x402638 push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 loc_00402638: mov eax, dword [ref_0048a184] ; mov eax, dword [0x48a184] cmp eax, 4 ja near loc_004026d6 ; ja 0x4026d6 jmp dword [eax*4 + ref_00402566] ; ujmp: jmp dword [eax*4 + 0x402566] fcn_0040264d: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 call game_load_ui ; call 0x403d74 add esp, 4 cmp eax, 0xffffffff je short loc_0040267a ; je 0x40267a mov edx, dword [ref_0048a184] ; mov edx, dword [0x48a184] push edx loc_0040266d: call _Post_0402_Message ; call 0x401966 loc_00402672: add esp, 4 jmp near loc_004026d6 ; jmp 0x4026d6 loc_0040267a: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0 push 0 mov eax, dword [ref_0048a180] ; mov eax, dword [0x48a180] add eax, 0xc push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 1 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 0 mov eax, dword [esp + 0x74] push eax loc_004026cf: call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_004026d6: xor eax, eax loc_004026d8: add esp, 0x58 pop ebp pop edi pop esi pop ebx ret 0x10 fcn_004026e2: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 call fcn_00454acb ; call 0x454acb push 0 call options_ui ; call 0x411b53 add esp, 4 push 0 call fcn_004549cf ; call 0x4549cf add esp, 4 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0 push 0 mov eax, dword [ref_0048a180] ; mov eax, dword [0x48a180] add eax, 0xc push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall jmp near loc_00402617 ; jmp 0x402617 fcn_0040274c: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov ecx, dword [ref_0048a184] ; mov ecx, dword [0x48a184] push ecx jmp near loc_0040266d ; jmp 0x40266d loc_00402762: xor edx, edx mov dx, cx mov eax, ecx shr eax, 0x10 and eax, 0xffff xor ecx, ecx mov cx, ax mov eax, dword [ref_0048a184] ; mov eax, dword [0x48a184] mov dword [esp + 0x54], eax xor esi, esi jmp short loc_0040278d ; jmp 0x40278d loc_00402783: inc esi cmp esi, 5 jge near loc_0040289f ; jge 0x40289f loc_0040278d: lea eax, [esi + esi] lea ebx, [eax + 2] mov edi, ebx shl edi, 2 sub edi, ebx shl edi, 2 mov eax, dword [ref_0048a180] ; mov eax, dword [0x48a180] movsx ebx, word [edi + eax + 0x10] mov dword [esp + 0x50], ebx mov ebx, esi shl ebx, 2 movsx ebp, word [ebx + ref_0046cb28] ; movsx ebp, word [ebx + 0x46cb28] sub ebp, dword [esp + 0x50] mov dword [esp + 0x40], ebp movsx ebp, word [edi + eax + 0x12] mov dword [esp + 0x50], ebp movsx ebp, word [ebx + ref_0046cb2a] ; movsx ebp, word [ebx + 0x46cb2a] sub ebp, dword [esp + 0x50] mov dword [esp + 0x44], ebp movsx ebp, word [edi + eax + 0xc] mov dword [esp + 0x50], ebp mov ebp, dword [esp + 0x40] add ebp, dword [esp + 0x50] mov dword [esp + 0x48], ebp movsx eax, word [edi + eax + 0xe] mov ebp, dword [esp + 0x44] add ebp, eax mov dword [esp + 0x4c], ebp cmp edx, dword [esp + 0x40] jl short loc_00402783 ; jl 0x402783 cmp ecx, dword [esp + 0x44] jl near loc_00402783 ; jl 0x402783 cmp edx, dword [esp + 0x48] jge near loc_00402783 ; jge 0x402783 cmp ecx, dword [esp + 0x4c] jge near loc_00402783 ; jge 0x402783 cmp esi, dword [ref_0048a184] ; cmp esi, dword [0x48a184] je short loc_0040289f ; je 0x40289f mov dword [ref_0048a184], esi ; mov dword [0x48a184], esi mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall movsx eax, word [ebx + ref_0046cb2a] ; movsx eax, word [ebx + 0x46cb2a] push eax movsx eax, word [ebx + ref_0046cb28] ; movsx eax, word [ebx + 0x46cb28] push eax mov eax, dword [ref_0048a180] ; mov eax, dword [0x48a180] add eax, 0xc add eax, edi push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax mov ebx, dword [esp + 0x74] push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 push ref_0048231a ; push 0x48231a call fcn_004542ce ; call 0x4542ce add esp, 8 loc_0040289f: cmp esi, 5 jne short loc_004028ae ; jne 0x4028ae mov dword [ref_0048a184], 0xffffffff ; mov dword [0x48a184], 0xffffffff loc_004028ae: mov eax, dword [esp + 0x54] cmp eax, dword [ref_0048a184] ; cmp eax, dword [0x48a184] je near loc_004026d6 ; je 0x4026d6 cmp eax, 0xffffffff je near loc_004026d6 ; je 0x4026d6 lea edx, [eax + eax + 2] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048a180] ; mov edx, dword [0x48a180] add eax, edx movsx ebx, word [eax + 0x10] mov edx, dword [esp + 0x54] movsx ecx, word [edx*4 + ref_0046cb28] ; movsx ecx, word [edx*4 + 0x46cb28] sub ecx, ebx mov dword [esp + 0x40], ecx movsx ecx, word [eax + 0x12] movsx edx, word [edx*4 + ref_0046cb2a] ; movsx edx, word [edx*4 + 0x46cb2a] sub edx, ecx mov dword [esp + 0x44], edx movsx edx, word [eax + 0xc] mov ecx, dword [esp + 0x40] add ecx, edx mov dword [esp + 0x48], ecx movsx eax, word [eax + 0xe] mov edx, dword [esp + 0x44] add edx, eax mov dword [esp + 0x4c], edx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [esp + 0x4c] mov edx, dword [esp + 0x44] sub eax, edx push eax mov eax, dword [esp + 0x4c] mov ecx, dword [esp + 0x44] sub eax, ecx push eax push edx push ecx push edx push ecx mov eax, dword [ref_0048a180] ; mov eax, dword [0x48a180] add eax, 0xc push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax mov edx, dword [esp + 0x74] push edx jmp near loc_004026cf ; jmp 0x4026cf loc_00402989: mov eax, esp push eax mov edi, dword [esp + 0x70] push edi call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0xc] push ecx mov ebp, dword [ref_0048a0e0] ; mov ebp, dword [0x48a0e0] push ebp mov ecx, dword [esp + 0x18] push ecx mov ebx, dword [esp + 0x18] push ebx push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push edi call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_004026d6 ; jmp 0x4026d6 loc_004029e5: push ecx mov ebx, dword [esp + 0x78] push ebx push eax mov esi, dword [esp + 0x78] push esi call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_004026d8 ; jmp 0x4026d8 fcn_004029fd: push ebx push 0 push 0 push 1 mov edx, dword [ref_0048a0e4] ; mov edx, dword [0x48a0e4] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048a180], eax ; mov dword [0x48a180], eax xor ebx, ebx loc_00402a1a: movsx edx, word [ebx*4 + ref_0046cb2a] ; movsx edx, word [ebx*4 + 0x46cb2a] push edx movsx eax, word [ebx*4 + ref_0046cb28] ; movsx eax, word [ebx*4 + 0x46cb28] push eax lea eax, [ebx + ebx] lea edx, [eax + 1] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048a180] ; mov eax, dword [0x48a180] add eax, 0xc add edx, eax push edx push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 inc ebx cmp ebx, 5 jl short loc_00402a1a ; jl 0x402a1a push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 6 push 0x1d6 push 0x27e push ref_004630d0 ; push 0x4630d0 mov eax, dword [ref_0048a180] ; mov eax, dword [0x48a180] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 call fcn_004549cf ; call 0x4549cf add esp, 4 push 0 push fcn_0040257a ; push 0x40257a call _Wait_0402_Message ; call 0x4018e7 mov ebx, eax add esp, 8 call fcn_00454acb ; call 0x454acb mov ecx, dword [ref_0048a180] ; mov ecx, dword [0x48a180] push ecx call clib_free ; call 0x456e11 add esp, 4 mov eax, ebx pop ebx ret fcn_00402ac5: push ebx push esi push edi push ebp sub esp, 0x28 xor esi, esi mov edx, dword [esp + 0x3c] push edx push ref_004630d8 ; push 0x4630d8 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push ref_004630e3 ; push 0x4630e3 lea eax, [esp + 4] push eax call clib_fopen ; call 0x4573bf mov ebx, eax add esp, 8 mov edi, eax test eax, eax je near loc_00402fbe ; je 0x402fbe call fcn_00401543 ; call 0x401543 call dword [cs:__imp__timeGetTime@0] ; ucall: call dword cs:[0x46246c] mov ebp, eax call fcn_004080f5 ; call 0x4080f5 push esi push 4 push ebx call clib_fseek ; call 0x45753a add esp, 0xc push ebx push 1 push 4 push ref_00497160 ; push 0x497160 call clib_fread ; call 0x4576d0 add esp, 0x10 push ebx push 1 push 2 push ref_004991b8 ; push 0x4991b8 call clib_fread ; call 0x4576d0 add esp, 0x10 push ebx push 1 push 2 push ref_004991b6 ; push 0x4991b6 call clib_fread ; call 0x4576d0 add esp, 0x10 push ebx push 1 push 4 push _nplayers ; push 0x499114 call clib_fread ; call 0x4576d0 add esp, 0x10 push ebx push 4 push 0x68 push (_players+0) ; push 0x496b68 call clib_fread ; call 0x4576d0 add esp, 0x10 push ebx push 1 push 4 push ref_00499104 ; push 0x499104 call clib_fread ; call 0x4576d0 add esp, 0x10 xor ebx, ebx mov ecx, dword [_nplayers] ; mov ecx, dword [0x499114] loc_00402b96: cmp ebx, ecx jge short loc_00402bb7 ; jge 0x402bb7 imul eax, ebx, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] imul edx, edx, 0x68 mov edx, dword [edx + _rich4_players] ; mov edx, dword [edx + 0x47e80c] mov dword [eax + (_players+0)], edx ; mov dword [eax + 0x496b68], edx inc ebx jmp short loc_00402b96 ; jmp 0x402b96 loc_00402bb7: push edi push 5 push 0x10 push ref_00498e28 ; push 0x498e28 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 0x2e push 0x18 push ref_00496d08 ; push 0x496d08 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 0x3c push 1 push ref_00499120 ; push 0x499120 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 0x3c push 1 push ref_0049915c ; push 0x49915c call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 0x1e push 1 push ref_00499198 ; push 0x499198 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 8 push 1 push ref_00497320 ; push 0x497320 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 1 push 4 push ref_00499100 ; push 0x499100 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 0x6c0 push 4 push ref_00497328 ; push 0x497328 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 0x30 push 8 push _player_stocks ; push 0x4971a0 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 0xc push 0x24 push (_stocks_on_map+0) ; push 0x496980 call clib_fread ; call 0x4576d0 add esp, 0x10 xor ebx, ebx loc_00402c70: movsx edx, word [ref_004991b6] ; movsx edx, word [0x4991b6] shl edx, 2 movsx eax, word [ref_004991b8] ; movsx eax, word [0x4991b8] add edx, eax mov eax, edx shl eax, 2 sub eax, edx shl eax, 4 mov esi, eax shl esi, 3 add esi, eax mov eax, ebx shl eax, 3 add eax, ebx shl eax, 2 lea edx, [esi + eax] mov edx, dword [edx + _game_stocks] ; mov edx, dword [edx + 0x47f072] mov dword [eax + (_stocks_on_map+0)], edx ; mov dword [eax + 0x496980], edx inc ebx cmp ebx, 0xc jl short loc_00402c70 ; jl 0x402c70 push edi push 0x1c push 0xc push ref_004967e0 ; push 0x4967e0 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 1 push 4 push _current_player ; push 0x49910c call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 1 push 4 push ref_00499118 ; push 0x499118 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 1 push 4 push ref_00499110 ; push 0x499110 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 1 push 4 push ref_0049911c ; push 0x49911c call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 1 push 4 push ref_00499108 ; push 0x499108 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 1 push 4 push ref_0049908c ; push 0x49908c call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 1 push 4 push ref_004990e8 ; push 0x4990e8 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 1 push 4 push ref_004990e4 ; push 0x4990e4 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 1 push 4 push ref_00499084 ; push 0x499084 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 1 push 4 push ref_004990dc ; push 0x4990dc call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 1 push 4 push ref_0049907c ; push 0x49907c call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 1 push 4 push ref_00499078 ; push 0x499078 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 1 push 4 push ref_004990ec ; push 0x4990ec call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 4 push 1 push ref_004990f0 ; push 0x4990f0 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 0xc push 1 push ref_004990f4 ; push 0x4990f4 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 1 push 4 push ref_00499080 ; push 0x499080 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 0x24 push 1 push ref_004990b8 ; push 0x4990b8 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 8 push 1 push ref_00496b30 ; push 0x496b30 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 8 push 1 push ref_00496b60 ; push 0x496b60 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 1 push 4 push ref_004990e0 ; push 0x4990e0 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 1 push 4 push ref_004990b4 ; push 0x4990b4 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 0x24 push 1 push ref_00499090 ; push 0x499090 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 0x25 push 1 push ref_00496b38 ; push 0x496b38 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 1 push 4 push ref_00499088 ; push 0x499088 call clib_fread ; call 0x4576d0 add esp, 0x10 push edi push 1 push 4 push ref_00498e94 ; push 0x498e94 call clib_fread ; call 0x4576d0 add esp, 0x10 mov ebx, dword [ref_00498e94] ; mov ebx, dword [0x498e94] push ebx call fcn_00456f80 ; call 0x456f80 add esp, 4 mov dword [ref_0047493c], eax ; mov dword [0x47493c], eax push edi mov esi, dword [ref_00498e94] ; mov esi, dword [0x498e94] push esi push 1 push eax call clib_fread ; call 0x4576d0 add esp, 0x10 mov eax, dword [ref_0047493c] ; mov eax, dword [0x47493c] mov edx, dword [eax] mov dword [ref_00498e9c], edx ; mov dword [0x498e9c], edx mov edx, dword [eax + 4] lea ebx, [eax + edx] mov dword [ref_00498e80], ebx ; mov dword [0x498e80], ebx mov edx, dword [eax + 8] mov dword [ref_00498e98], edx ; mov dword [0x498e98], edx mov edx, dword [eax + 0xc] lea ebx, [eax + edx] mov dword [ref_00498e84], ebx ; mov dword [0x498e84], ebx mov edx, dword [eax + 0x10] mov dword [ref_00498e8c], edx ; mov dword [0x498e8c], edx mov edx, dword [eax + 0x14] lea ebx, [eax + edx] mov dword [ref_00498e88], ebx ; mov dword [0x498e88], ebx mov edx, dword [eax + 0x18] mov dword [ref_00498e90], edx ; mov dword [0x498e90], edx mov edx, dword [eax + 0x1c] lea ebx, [eax + edx] mov dword [ref_00498e7c], ebx ; mov dword [0x498e7c], ebx mov edx, dword [eax + 0x20] mov dword [ref_00499074], edx ; mov dword [0x499074], edx mov edx, dword [eax + 0x24] add eax, edx mov dword [ref_00498e78], eax ; mov dword [0x498e78], eax xor ebx, ebx loc_00402f1b: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_00402f86 ; jge 0x402f86 push edi push 1 push 0x2718 mov eax, ebx shl eax, 3 add eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 sub eax, ebx shl eax, 3 mov esi, eax shl esi, 3 add esi, eax mov eax, ref_0048cb80 ; mov eax, 0x48cb80 add eax, esi push eax call clib_fread ; call 0x4576d0 add esp, 0x10 mov ecx, dword [ref_00498e94] ; mov ecx, dword [0x498e94] push ecx call fcn_00456f80 ; call 0x456f80 add esp, 4 mov dword [esi + ref_0048f294], eax ; mov dword [esi + 0x48f294], eax push edi mov eax, dword [ref_00498e94] ; mov eax, dword [0x498e94] push eax push 1 mov edx, dword [esi + ref_0048f294] ; mov edx, dword [esi + 0x48f294] push edx call clib_fread ; call 0x4576d0 add esp, 0x10 inc ebx jmp short loc_00402f1b ; jmp 0x402f1b loc_00402f86: call fcn_00407ad2 ; call 0x407ad2 imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 or byte [eax + ref_00498ea0], 0x80 ; or byte [eax + 0x498ea0], 0x80 call dword [cs:__imp__GetTickCount@0] ; ucall: call dword cs:[0x4623cc] push eax call clib_srand ; call 0x456f50 add esp, 4 mov esi, 1 loc_00402fae: call dword [cs:__imp__timeGetTime@0] ; ucall: call dword cs:[0x46246c] sub eax, ebp cmp eax, 0x3e8 jb short loc_00402fae ; jb 0x402fae loc_00402fbe: push edi call clib_fclose ; call 0x4578c5 add esp, 4 mov eax, esi add esp, 0x28 pop ebp pop edi pop esi pop ebx ret fcn_00402fd1: push ebx push esi push edi sub esp, 0x2c mov dword [esp + 0x28], 0x26 mov ecx, dword [esp + 0x3c] push ecx push ref_004630d8 ; push 0x4630d8 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push ref_004630e6 ; push 0x4630e6 lea eax, [esp + 4] push eax call clib_fopen ; call 0x4573bf mov ebx, eax add esp, 8 mov edi, eax push eax push 1 push 4 lea eax, [esp + 0x34] push eax call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 1 push 4 push ref_00497160 ; push 0x497160 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 1 push 2 push ref_004991b8 ; push 0x4991b8 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 1 push 2 push ref_004991b6 ; push 0x4991b6 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 1 push 4 push _nplayers ; push 0x499114 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 4 push 0x68 push (_players+0) ; push 0x496b68 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 1 push 4 push ref_00499104 ; push 0x499104 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 5 push 0x10 push ref_00498e28 ; push 0x498e28 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 0x2e push 0x18 push ref_00496d08 ; push 0x496d08 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 0x3c push 1 push ref_00499120 ; push 0x499120 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 0x3c push 1 push ref_0049915c ; push 0x49915c call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 0x1e push 1 push ref_00499198 ; push 0x499198 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 8 push 1 push ref_00497320 ; push 0x497320 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 1 push 4 push ref_00499100 ; push 0x499100 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 0x6c0 push 4 push ref_00497328 ; push 0x497328 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 0x30 push 8 push _player_stocks ; push 0x4971a0 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 0xc push 0x24 push (_stocks_on_map+0) ; push 0x496980 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 0x1c push 0xc push ref_004967e0 ; push 0x4967e0 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 1 push 4 push _current_player ; push 0x49910c call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 1 push 4 push ref_00499118 ; push 0x499118 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 1 push 4 push ref_00499110 ; push 0x499110 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 1 push 4 push ref_0049911c ; push 0x49911c call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 1 push 4 push ref_00499108 ; push 0x499108 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 1 push 4 push ref_0049908c ; push 0x49908c call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 1 push 4 push ref_004990e8 ; push 0x4990e8 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 1 push 4 push ref_004990e4 ; push 0x4990e4 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 1 push 4 push ref_00499084 ; push 0x499084 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 1 push 4 push ref_004990dc ; push 0x4990dc call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 1 push 4 push ref_0049907c ; push 0x49907c call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 1 push 4 push ref_00499078 ; push 0x499078 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 1 push 4 push ref_004990ec ; push 0x4990ec call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 4 push 1 push ref_004990f0 ; push 0x4990f0 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 0xc push 1 push ref_004990f4 ; push 0x4990f4 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 1 push 4 push ref_00499080 ; push 0x499080 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 0x24 push 1 push ref_004990b8 ; push 0x4990b8 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 8 push 1 push ref_00496b30 ; push 0x496b30 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 8 push 1 push ref_00496b60 ; push 0x496b60 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 1 push 4 push ref_004990e0 ; push 0x4990e0 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 1 push 4 push ref_004990b4 ; push 0x4990b4 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 0x24 push 1 push ref_00499090 ; push 0x499090 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 0x25 push 1 push ref_00496b38 ; push 0x496b38 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 1 push 4 push ref_00499088 ; push 0x499088 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 1 push 4 push ref_00498e94 ; push 0x498e94 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx mov ebx, dword [ref_00498e94] ; mov ebx, dword [0x498e94] push ebx push 1 mov esi, dword [ref_0047493c] ; mov esi, dword [0x47493c] push esi call clib_fwrite ; call 0x457ada add esp, 0x10 xor ebx, ebx loc_00403330: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_00403386 ; jge 0x403386 push edi push 1 push 0x2718 mov eax, ebx shl eax, 3 add eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 sub eax, ebx shl eax, 3 mov esi, eax shl esi, 3 add esi, eax mov eax, ref_0048cb80 ; mov eax, 0x48cb80 add eax, esi push eax call clib_fwrite ; call 0x457ada add esp, 0x10 push edi mov eax, dword [ref_00498e94] ; mov eax, dword [0x498e94] push eax push 1 mov edx, dword [esi + ref_0048f294] ; mov edx, dword [esi + 0x48f294] push edx call clib_fwrite ; call 0x457ada add esp, 0x10 inc ebx jmp short loc_00403330 ; jmp 0x403330 loc_00403386: push edi call clib_fclose ; call 0x4578c5 add esp, 4 add esp, 0x2c pop edi pop esi pop ebx ret fcn_00403396: push ebx push esi push edi push ebp sub esp, 0x38 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x30 push 0x28 mov eax, dword [ref_0048a338] ; mov eax, dword [0x48a338] add eax, 0x18 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov ebp, 1 jmp near loc_004035df ; jmp 0x4035df loc_004033e9: push ebx push 1 push 4 push ref_0048a340 ; push 0x48a340 call clib_fread ; call 0x4576d0 add esp, 0x10 push ebx push 1 push 2 push ref_0048a33c ; push 0x48a33c call clib_fread ; call 0x4576d0 add esp, 0x10 push ebx push 1 push 2 push ref_0048a330 ; push 0x48a330 call clib_fread ; call 0x4576d0 add esp, 0x10 push ebx push 1 push 4 push ref_0048a32c ; push 0x48a32c call clib_fread ; call 0x4576d0 add esp, 0x10 push ebx push 4 push 0x68 push ref_0048a188 ; push 0x48a188 call clib_fread ; call 0x4576d0 add esp, 0x10 push ebx call clib_fclose ; call 0x4578c5 add esp, 4 push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall lea edx, [ebp - 1] mov eax, edx shl eax, 3 add eax, edx shl eax, 3 lea edi, [eax + 0x39] push edi push 0x81 mov eax, dword [ref_0048a338] ; mov eax, dword [0x48a338] add eax, 0x84 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 test ebp, ebp jne short loc_004034c7 ; jne 0x4034c7 push 2 lea eax, [edi + 0xf] push eax push 0xa5 push ref_004630e9 ; push 0x4630e9 push ebp call fcn_0044fabc ; call 0x44fabc add esp, 0x14 loc_004034c7: push 0xa lea eax, [esp + 0x2c] push eax mov eax, dword [ref_0048a340] ; mov eax, dword [0x48a340] shr eax, 0x10 push eax call fcn_00457d61 ; call 0x457d61 add esp, 0xc push 2 lea eax, [edi + 0x24] push eax push 0xa5 lea eax, [esp + 0x34] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov ebx, dword [ref_0048a340] ; mov ebx, dword [0x48a340] shr ebx, 8 and ebx, 0xff mov esi, dword [ref_0048a340] ; mov esi, dword [0x48a340] and esi, 0xff push esi push ebx push ref_004630ee ; push 0x4630ee lea eax, [esp + 0x34] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 2 lea eax, [edi + 0x39] push eax push 0xa5 lea eax, [esp + 0x34] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push edi push 0xd1 mov edx, dword [ref_0048a33c] ; mov edx, dword [0x48a33c] add edx, 2 mov eax, dword [ref_0048a330] ; mov eax, dword [0x48a330] shl eax, 2 add edx, eax mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048a338] ; mov eax, dword [0x48a338] add eax, 0xc add eax, edx push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 xor ebx, ebx mov esi, 0x121 loc_00403588: cmp ebx, dword [ref_0048a32c] ; cmp ebx, dword [0x48a32c] jge short loc_004035c9 ; jge 0x4035c9 push edi push esi imul eax, ebx, 0x68 xor edx, edx mov dl, byte [eax + ref_0048a19b] ; mov dl, byte [eax + 0x48a19b] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048a328] ; mov eax, dword [0x48a328] add eax, 0xc add eax, edx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 inc ebx add esi, 0x48 jmp short loc_00403588 ; jmp 0x403588 loc_004035c9: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall loc_004035d9: inc ebp cmp ebp, 5 jg short loc_00403632 ; jg 0x403632 loc_004035df: push ebp push ref_004630d8 ; push 0x4630d8 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push ref_004630e3 ; push 0x4630e3 lea eax, [esp + 4] push eax call clib_fopen ; call 0x4573bf mov ebx, eax add esp, 8 test eax, eax je short loc_004035d9 ; je 0x4035d9 push eax push 1 push 4 lea eax, [esp + 0x40] push eax call clib_fread ; call 0x4576d0 add esp, 0x10 cmp dword [esp + 0x34], 0x26 je near loc_004033e9 ; je 0x4033e9 push ebx call clib_fclose ; call 0x4578c5 add esp, 4 jmp short loc_004035d9 ; jmp 0x4035d9 loc_00403632: add esp, 0x38 pop ebp pop edi pop esi pop ebx ret fcn_0040363a: push ebx push esi push edi push ebp sub esp, 0x50 mov ebx, dword [esp + 0x64] mov eax, dword [esp + 0x68] mov ecx, dword [esp + 0x70] cmp eax, 0x201 jb short loc_00403683 ; jb 0x403683 jbe near loc_004038eb ; jbe 0x4038eb cmp eax, 0x205 jb short loc_00403673 ; jb 0x403673 jbe near loc_00403934 ; jbe 0x403934 cmp eax, 0x401 je short loc_0040369e ; je 0x40369e jmp near loc_004039a9 ; jmp 0x4039a9 loc_00403673: cmp eax, 0x203 je near loc_004038eb ; je 0x4038eb jmp near loc_004039a9 ; jmp 0x4039a9 loc_00403683: cmp eax, 0xf jb near loc_004039a9 ; jb 0x4039a9 jbe near loc_00403951 ; jbe 0x403951 cmp eax, 0x200 je short loc_004036c3 ; je 0x4036c3 jmp near loc_004039a9 ; jmp 0x4039a9 loc_0040369e: mov dword [ref_0048a34a], 0xffffffff ; mov dword [0x48a34a], 0xffffffff push 1 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 0 push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_00403865 ; jmp 0x403865 loc_004036c3: xor edx, edx mov dx, cx mov eax, ecx shr eax, 0x10 and eax, 0xffff and eax, 0xffff cmp edx, 0x81 jle near loc_0040386c ; jle 0x40386c cmp edx, 0x241 jge near loc_0040386c ; jge 0x40386c cmp eax, 0x18 jle near loc_0040386c ; jle 0x40386c cmp eax, 0x1c8 jge near loc_0040386c ; jge 0x40386c lea edx, [eax - 0x18] mov ebx, 0x48 mov eax, edx sar edx, 0x1f idiv ebx mov ebx, eax cmp eax, dword [ref_0048a34a] ; cmp eax, dword [0x48a34a] je near loc_00403865 ; je 0x403865 push 0 push ref_0048231a ; push 0x48231a call fcn_004542ce ; call 0x4542ce add esp, 8 mov dword [esp + 0x40], 0x7f mov dword [esp + 0x48], 0x243 mov ecx, dword [ref_0048a34a] ; mov ecx, dword [0x48a34a] cmp ecx, 0xffffffff je short loc_0040379f ; je 0x40379f mov eax, ecx shl eax, 3 add eax, ecx shl eax, 3 lea edx, [eax + 0x16] mov dword [esp + 0x44], edx add eax, 0x62 mov dword [esp + 0x4c], eax lea eax, [esp + 0x40] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0x44] push ecx mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] push esi mov edi, dword [esp + 0x50] push edi mov ebp, dword [esp + 0x50] push ebp push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 0x40] push eax call fcn_00402250 ; call 0x402250 add esp, 4 loc_0040379f: mov eax, ebx shl eax, 3 add eax, ebx shl eax, 3 lea edx, [eax + 0x16] mov dword [esp + 0x44], edx add eax, 0x62 mov dword [esp + 0x4c], eax lea eax, [esp + 0x40] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a078] ; mov eax, dword [0x48a078] sar eax, 1 mov word [ref_0046caec], ax ; mov word [0x46caec], ax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax push 0xffff00 push 0x4c push 0x1c4 mov eax, dword [esp + 0x50] push eax mov edx, dword [esp + 0x50] push edx push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 push 0xffff00 push 0x4a push 0x1c2 mov eax, dword [esp + 0x50] inc eax push eax mov eax, dword [esp + 0x50] inc eax push eax push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov word [ref_0046caec], 0x280 ; mov word [0x46caec], 0x280 lea eax, [esp + 0x40] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov dword [ref_0048a34a], ebx ; mov dword [0x48a34a], ebx loc_00403865: xor eax, eax jmp near loc_004039b8 ; jmp 0x4039b8 loc_0040386c: mov esi, dword [ref_0048a34a] ; mov esi, dword [0x48a34a] cmp esi, 0xffffffff je short loc_00403865 ; je 0x403865 mov dword [esp + 0x40], 0x7f mov dword [esp + 0x48], 0x243 mov eax, esi shl eax, 3 add eax, esi shl eax, 3 lea edx, [eax + 0x16] mov dword [esp + 0x44], edx add eax, 0x62 mov dword [esp + 0x4c], eax lea eax, [esp + 0x40] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0x44] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [esp + 0x50] push ebx mov esi, dword [esp + 0x50] push esi push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 0x40] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov dword [ref_0048a34a], 0xffffffff ; mov dword [0x48a34a], 0xffffffff jmp near loc_00403865 ; jmp 0x403865 loc_004038eb: mov ecx, dword [ref_0048a34a] ; mov ecx, dword [0x48a34a] cmp ecx, 0xffffffff je near loc_00403865 ; je 0x403865 cmp byte [ecx + ref_0048a344], 0 ; cmp byte [ecx + 0x48a344], 0 je near loc_00403865 ; je 0x403865 push 0 push ref_0048232a ; push 0x48232a call fcn_004542ce ; call 0x4542ce add esp, 8 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov ebx, dword [ref_0048a34a] ; mov ebx, dword [0x48a34a] push ebx loc_00403927: call _Post_0402_Message ; call 0x401966 add esp, 4 jmp near loc_00403865 ; jmp 0x403865 loc_00403934: push 0 push ref_00482332 ; push 0x482332 call fcn_004542ce ; call 0x4542ce add esp, 8 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0xffffffffffffffff jmp short loc_00403927 ; jmp 0x403927 loc_00403951: mov eax, esp push eax push ebx call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0xc] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov esi, dword [esp + 0x18] push esi mov edi, dword [esp + 0x18] push edi push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push ebx call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_00403865 ; jmp 0x403865 loc_004039a9: push ecx mov ebp, dword [esp + 0x70] push ebp loc_004039af: push eax push ebx call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] loc_004039b8: add esp, 0x50 pop ebp pop edi pop esi pop ebx ret 0x10 fcn_004039c2: push ebx push esi push edi push ebp sub esp, 0x50 mov ebx, dword [esp + 0x64] mov eax, dword [esp + 0x68] mov ecx, dword [esp + 0x70] cmp eax, 0x201 jb short loc_00403a0b ; jb 0x403a0b jbe near loc_00403c7f ; jbe 0x403c7f cmp eax, 0x205 jb short loc_004039fb ; jb 0x4039fb jbe near loc_00403cf4 ; jbe 0x403cf4 cmp eax, 0x401 je short loc_00403a26 ; je 0x403a26 jmp near loc_00403d69 ; jmp 0x403d69 loc_004039fb: cmp eax, 0x203 je near loc_00403c7f ; je 0x403c7f jmp near loc_00403d69 ; jmp 0x403d69 loc_00403a0b: cmp eax, 0xf jb near loc_00403d69 ; jb 0x403d69 jbe near loc_00403d11 ; jbe 0x403d11 cmp eax, 0x200 je short loc_00403a50 ; je 0x403a50 jmp near loc_00403d69 ; jmp 0x403d69 loc_00403a26: mov dword [ref_0048a34e], 0xffffffff ; mov dword [0x48a34e], 0xffffffff call fcn_00403396 ; call 0x403396 push 1 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 0 push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_00403865 ; jmp 0x403865 loc_00403a50: xor edx, edx mov dx, cx mov eax, ecx shr eax, 0x10 and eax, 0xffff and eax, 0xffff cmp edx, 0x81 jle near loc_00403bfb ; jle 0x403bfb cmp edx, 0x241 jge near loc_00403bfb ; jge 0x403bfb cmp eax, 0x39 jle near loc_00403bfb ; jle 0x403bfb cmp eax, 0x1a1 jge near loc_00403bfb ; jge 0x403bfb lea edx, [eax - 0x39] mov ebx, 0x48 mov eax, edx sar edx, 0x1f idiv ebx mov ebx, eax cmp ebx, dword [ref_0048a34e] ; cmp ebx, dword [0x48a34e] je near loc_00403865 ; je 0x403865 push 0 push ref_0048231a ; push 0x48231a call fcn_004542ce ; call 0x4542ce add esp, 8 mov dword [esp + 0x40], 0x7f mov dword [esp + 0x48], 0x243 mov esi, dword [ref_0048a34e] ; mov esi, dword [0x48a34e] cmp esi, 0xffffffff je short loc_00403b2e ; je 0x403b2e mov eax, esi shl eax, 3 add eax, esi shl eax, 3 lea edx, [eax + 0x37] mov dword [esp + 0x44], edx add eax, 0x83 mov dword [esp + 0x4c], eax lea eax, [esp + 0x40] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0x44] push ecx mov edi, dword [ref_0048a0e0] ; mov edi, dword [0x48a0e0] push edi mov ebp, dword [esp + 0x50] push ebp mov ecx, dword [esp + 0x50] push ecx push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 0x40] push eax call fcn_00402250 ; call 0x402250 add esp, 4 loc_00403b2e: mov eax, ebx shl eax, 3 add eax, ebx shl eax, 3 lea edx, [eax + 0x37] mov dword [esp + 0x44], edx add eax, 0x83 mov dword [esp + 0x4c], eax lea eax, [esp + 0x40] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a078] ; mov eax, dword [0x48a078] sar eax, 1 mov word [ref_0046caec], ax ; mov word [0x46caec], ax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax push 0xffff00 push 0x4c push 0x1c4 mov esi, dword [esp + 0x50] push esi mov edi, dword [esp + 0x50] push edi push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 push 0xffff00 push 0x4a push 0x1c2 mov eax, dword [esp + 0x50] inc eax push eax mov eax, dword [esp + 0x50] inc eax push eax push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov word [ref_0046caec], 0x280 ; mov word [0x46caec], 0x280 lea eax, [esp + 0x40] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov dword [ref_0048a34e], ebx ; mov dword [0x48a34e], ebx jmp near loc_00403865 ; jmp 0x403865 loc_00403bfb: mov eax, dword [ref_0048a34e] ; mov eax, dword [0x48a34e] cmp eax, 0xffffffff je near loc_00403865 ; je 0x403865 mov dword [esp + 0x40], 0x7f mov dword [esp + 0x48], 0x243 mov edx, eax shl eax, 3 add eax, edx shl eax, 3 lea edx, [eax + 0x37] mov dword [esp + 0x44], edx add eax, 0x83 mov dword [esp + 0x4c], eax lea eax, [esp + 0x40] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0x44] push ecx mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] push ebx mov esi, dword [esp + 0x50] push esi mov edi, dword [esp + 0x50] push edi push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 0x40] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov dword [ref_0048a34e], 0xffffffff ; mov dword [0x48a34e], 0xffffffff jmp near loc_00403865 ; jmp 0x403865 loc_00403c7f: cmp dword [ref_0048a34e], 0xffffffff ; cmp dword [0x48a34e], 0xffffffff je near loc_00403865 ; je 0x403865 push 0 push ref_0048232a ; push 0x48232a call fcn_004542ce ; call 0x4542ce add esp, 8 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov eax, dword [ref_0048a34e] ; mov eax, dword [0x48a34e] inc eax push eax call fcn_00402fd1 ; call 0x402fd1 add esp, 4 call fcn_00403396 ; call 0x403396 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 push ref_0046cadc ; push 0x46cadc mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] push ebx mov esi, dword [ref_0046cae0] ; mov esi, dword [0x46cae0] push esi mov edi, dword [ref_0046cadc] ; mov edi, dword [0x46cadc] push edi push eax call dword [edx + 0x1c] ; ucall mov ebp, dword [ref_0048a34e] ; mov ebp, dword [0x48a34e] push ebp loc_00403ce7: call _Post_0402_Message ; call 0x401966 add esp, 4 jmp near loc_00403865 ; jmp 0x403865 loc_00403cf4: push 0 push ref_00482332 ; push 0x482332 call fcn_004542ce ; call 0x4542ce add esp, 8 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0xffffffffffffffff jmp short loc_00403ce7 ; jmp 0x403ce7 loc_00403d11: mov eax, esp push eax push ebx call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0xc] push ecx mov ebp, dword [ref_0048a0e0] ; mov ebp, dword [0x48a0e0] push ebp mov ecx, dword [esp + 0x18] push ecx mov esi, dword [esp + 0x18] push esi push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push ebx call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_00403865 ; jmp 0x403865 loc_00403d69: push ecx mov edi, dword [esp + 0x70] push edi jmp near loc_004039af ; jmp 0x4039af game_load_ui: push ebx push esi push edi push ebp sub esp, 0x50 xor edx, edx mov dword [esp + 0x48], edx push edx push edx push 0x208 mov ecx, dword [ref_0048a0e4] ; mov ecx, dword [0x48a0e4] push ecx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048a338], eax ; mov dword [0x48a338], eax push 0 push 0 push 2 mov ebx, dword [ref_0048a0e4] ; mov ebx, dword [0x48a0e4] push ebx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048a328], eax ; mov dword [0x48a328], eax cmp dword [esp + 0x64], 0 je short loc_00403dfa ; je 0x403dfa mov edi, 0x28 mov dword [esp + 0x28], edi mov ebp, 0xf mov dword [esp + 0x2c], ebp mov eax, dword [ref_0048a338] ; mov eax, dword [0x48a338] movsx edx, word [eax + 0xc] add edx, edi mov dword [esp + 0x30], edx movsx eax, word [eax + 0xe] add eax, ebp mov dword [esp + 0x34], eax lea eax, [esp + 0x28] push eax call fcn_00451e7e ; call 0x451e7e add esp, 4 mov dword [ref_0048a334], eax ; mov dword [0x48a334], eax loc_00403dfa: xor ebp, ebp jmp short loc_00403e08 ; jmp 0x403e08 loc_00403dfe: inc ebp cmp ebp, 5 jg near loc_004040b0 ; jg 0x4040b0 loc_00403e08: xor ah, ah mov byte [ebp + ref_0048a344], ah ; mov byte [ebp + 0x48a344], ah push ebp push ref_004630d8 ; push 0x4630d8 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push ref_004630e3 ; push 0x4630e3 lea eax, [esp + 4] push eax call clib_fopen ; call 0x4573bf mov ebx, eax add esp, 8 mov dword [esp + 0x4c], eax test eax, eax je near loc_004040a6 ; je 0x4040a6 push eax push 1 push 4 lea eax, [esp + 0x50] push eax call clib_fread ; call 0x4576d0 add esp, 0x10 cmp dword [esp + 0x44], 0x26 je short loc_00403e67 ; je 0x403e67 push ebx loc_00403e5d: call clib_fclose ; call 0x4578c5 add esp, 4 jmp short loc_00403dfe ; jmp 0x403dfe loc_00403e67: cmp dword [esp + 0x48], 0 jne short loc_00403eb8 ; jne 0x403eb8 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0xf push 0x28 mov eax, dword [ref_0048a338] ; mov eax, dword [0x48a338] add eax, 0xc push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov dword [esp + 0x48], 1 loc_00403eb8: mov byte [ebp + ref_0048a344], 1 ; mov byte [ebp + 0x48a344], 1 mov esi, dword [esp + 0x4c] push esi push 1 push 4 push ref_0048a340 ; push 0x48a340 call clib_fread ; call 0x4576d0 add esp, 0x10 push esi push 1 push 2 push ref_0048a33c ; push 0x48a33c call clib_fread ; call 0x4576d0 add esp, 0x10 push esi push 1 push 2 push ref_0048a330 ; push 0x48a330 call clib_fread ; call 0x4576d0 add esp, 0x10 push esi push 1 push 4 push ref_0048a32c ; push 0x48a32c call clib_fread ; call 0x4576d0 add esp, 0x10 push esi push 4 push 0x68 push ref_0048a188 ; push 0x48a188 call clib_fread ; call 0x4576d0 add esp, 0x10 push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, ebp shl eax, 3 add eax, ebp shl eax, 3 lea edi, [eax + 0x18] push edi push 0x81 mov eax, dword [ref_0048a338] ; mov eax, dword [0x48a338] add eax, 0x84 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 test ebp, ebp jne short loc_00403f95 ; jne 0x403f95 push 2 lea eax, [edi + 0xf] push eax push 0xa5 push ref_004630e9 ; push 0x4630e9 push ebp call fcn_0044fabc ; call 0x44fabc add esp, 0x14 loc_00403f95: push 0xa lea eax, [esp + 0x3c] push eax mov eax, dword [ref_0048a340] ; mov eax, dword [0x48a340] shr eax, 0x10 push eax call fcn_00457d61 ; call 0x457d61 add esp, 0xc push 2 lea eax, [edi + 0x24] push eax push 0xa5 lea eax, [esp + 0x44] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov ebx, dword [ref_0048a340] ; mov ebx, dword [0x48a340] shr ebx, 8 and ebx, 0xff mov esi, dword [ref_0048a340] ; mov esi, dword [0x48a340] and esi, 0xff push esi push ebx push ref_004630ee ; push 0x4630ee lea eax, [esp + 0x44] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 2 lea eax, [edi + 0x39] push eax push 0xa5 lea eax, [esp + 0x44] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push edi push 0xd1 mov edx, dword [ref_0048a33c] ; mov edx, dword [0x48a33c] add edx, 2 mov eax, dword [ref_0048a330] ; mov eax, dword [0x48a330] shl eax, 2 add edx, eax mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048a338] ; mov eax, dword [0x48a338] add eax, 0xc add eax, edx push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 xor ebx, ebx mov esi, 0x121 loc_00404056: cmp ebx, dword [ref_0048a32c] ; cmp ebx, dword [0x48a32c] jge short loc_00404096 ; jge 0x404096 push edi push esi imul eax, ebx, 0x68 xor edx, edx mov dl, byte [eax + ref_0048a19b] ; mov dl, byte [eax + 0x48a19b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048a328] ; mov edx, dword [0x48a328] add edx, 0xc add eax, edx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 inc ebx add esi, 0x48 jmp short loc_00404056 ; jmp 0x404056 loc_00404096: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall loc_004040a6: mov ecx, dword [esp + 0x4c] push ecx jmp near loc_00403e5d ; jmp 0x403e5d loc_004040b0: mov ebp, 0xffffffff cmp dword [esp + 0x48], 0 je short loc_004040dd ; je 0x4040dd push 0 push fcn_0040363a ; push 0x40363a call _Wait_0402_Message ; call 0x4018e7 add esp, 8 mov ebp, eax cmp eax, 0xffffffff je short loc_004040dd ; je 0x4040dd push eax call fcn_00402ac5 ; call 0x402ac5 add esp, 4 mov ebp, eax loc_004040dd: cmp dword [esp + 0x64], 0 je short loc_0040413d ; je 0x40413d cmp ebp, 0xffffffff jne short loc_00404104 ; jne 0x404104 mov eax, dword [esp + 0x2c] push eax mov edx, dword [esp + 0x2c] push edx mov ecx, dword [ref_0048a334] ; mov ecx, dword [0x48a334] push ecx call fcn_00451edb ; call 0x451edb add esp, 0xc jmp short loc_0040413d ; jmp 0x40413d loc_00404104: mov edi, dword [ref_0048a334] ; mov edi, dword [0x48a334] push edi call clib_free ; call 0x456e11 add esp, 4 push 1 call fcn_0041906a ; call 0x41906a add esp, 4 cmp byte [ref_0046cb06], 0 ; cmp byte [0x46cb06], 0 je short loc_00404133 ; je 0x404133 xor bl, bl mov byte [ref_0046cb06], bl ; mov byte [0x46cb06], bl call fcn_00454acb ; call 0x454acb loc_00404133: push 0 call fcn_00454d91 ; call 0x454d91 add esp, 4 loc_0040413d: mov ebx, dword [ref_0048a338] ; mov ebx, dword [0x48a338] push ebx call clib_free ; call 0x456e11 add esp, 4 mov esi, dword [ref_0048a328] ; mov esi, dword [0x48a328] push esi call clib_free ; call 0x456e11 add esp, 4 mov eax, ebp add esp, 0x50 pop ebp pop edi pop esi pop ebx ret game_save_ui: push ebx push esi push edi push ebp sub esp, 0x10 push 0 push 0 push 0x208 mov edx, dword [ref_0048a0e4] ; mov edx, dword [0x48a0e4] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048a338], eax ; mov dword [0x48a338], eax push 0 push 0 push 2 mov ecx, dword [ref_0048a0e4] ; mov ecx, dword [0x48a0e4] push ecx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048a328], eax ; mov dword [0x48a328], eax mov ebx, 0x28 mov dword [esp], ebx mov esi, 0x30 mov dword [esp + 4], esi mov eax, dword [ref_0048a338] ; mov eax, dword [0x48a338] movsx edx, word [eax + 0x18] add edx, ebx mov dword [esp + 8], edx movsx eax, word [eax + 0x1a] add eax, esi mov dword [esp + 0xc], eax mov eax, esp push eax call fcn_00451e7e ; call 0x451e7e add esp, 4 mov dword [ref_0048a334], eax ; mov dword [0x48a334], eax push 0 push fcn_004039c2 ; push 0x4039c2 call _Wait_0402_Message ; call 0x4018e7 add esp, 8 cmp eax, 0xffffffff je short loc_004041fe ; je 0x4041fe push 0x1f4 call fcn_0045285e ; call 0x45285e add esp, 4 loc_004041fe: mov edi, dword [esp + 4] push edi mov ebp, dword [esp + 4] push ebp mov eax, dword [ref_0048a334] ; mov eax, dword [0x48a334] push eax call fcn_00451edb ; call 0x451edb add esp, 0xc mov edx, dword [ref_0048a338] ; mov edx, dword [0x48a338] push edx call clib_free ; call 0x456e11 add esp, 4 mov ecx, dword [ref_0048a328] ; mov ecx, dword [0x48a328] push ecx call clib_free ; call 0x456e11 add esp, 4 add esp, 0x10 pop ebp pop edi pop esi pop ebx ret fcn_0040423c: push ebx push esi push edi push ebp sub esp, 0x10 push 0 push 0 mov eax, dword [ref_0048a3b8] ; mov eax, dword [0x48a3b8] add eax, 0xc push eax mov edx, dword [ref_0048a3a4] ; mov edx, dword [0x48a3a4] push edx call fcn_00456280 ; call 0x456280 add esp, 0x10 xor ebx, ebx jmp near loc_0040434d ; jmp 0x40434d loc_00404266: test dl, dl jne near loc_00404347 ; jne 0x404347 cmp ebx, dword [esp + 0x24] je near loc_00404347 ; je 0x404347 push ebp push edi mov eax, dword [ref_0048a3c0] ; mov eax, dword [0x48a3c0] add eax, 0xc add eax, esi push eax mov edx, dword [ref_0048a3a4] ; mov edx, dword [0x48a3a4] push edx call fcn_00456280 ; call 0x456280 add esp, 0x10 jmp near loc_00404347 ; jmp 0x404347 loc_00404299: push ebp push edi mov eax, dword [ref_0048a3c0] ; mov eax, dword [0x48a3c0] add eax, 0xc add esi, eax push esi mov esi, dword [ref_0048a3a4] ; mov esi, dword [0x48a3a4] push esi call fcn_00456280 ; call 0x456280 add esp, 0x10 push 0xfffffffffffffff0 push 0x48 push 0x48 push ebp push edi mov edi, dword [ref_0048a3a4] ; mov edi, dword [0x48a3a4] push edi call fcn_004552e7 ; call 0x4552e7 add esp, 0x18 jmp short loc_00404347 ; jmp 0x404347 loc_004042ce: push 0x2880 mov eax, dword [ref_0048a3c0] ; mov eax, dword [0x48a3c0] mov ecx, dword [esi + eax + 0x14] push ecx push ecx call fcn_004553da ; call 0x4553da add esp, 0xc push 0x24 push 0x24 mov eax, dword [ref_0048a3b8] ; mov eax, dword [0x48a3b8] add eax, 0x78 push eax mov eax, dword [ref_0048a3c0] ; mov eax, dword [0x48a3c0] add eax, 0xc add eax, esi push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 push ebp push edi mov eax, dword [ref_0048a3c0] ; mov eax, dword [0x48a3c0] add eax, 0xc add eax, esi push eax mov ecx, dword [ref_0048a3a4] ; mov ecx, dword [0x48a3a4] push ecx call fcn_00456280 ; call 0x456280 add esp, 0x10 push ebp push edi mov eax, dword [ref_0048a3c0] ; mov eax, dword [0x48a3c0] add eax, 0xc add esi, eax push esi mov eax, dword [ref_0048a3b8] ; mov eax, dword [0x48a3b8] add eax, 0xc push eax call fcn_00456280 ; call 0x456280 add esp, 0x10 mov byte [ebx + ref_004990f4], 4 ; mov byte [ebx + 0x4990f4], 4 loc_00404347: inc ebx cmp ebx, 0xc jge short loc_004043a8 ; jge 0x4043a8 loc_0040434d: mov esi, 6 mov eax, ebx mov edx, ebx sar edx, 0x1f idiv esi mov eax, edx shl eax, 3 add eax, edx shl eax, 3 lea edi, [eax + 4] mov eax, ebx mov edx, ebx sar edx, 0x1f idiv esi mov edx, eax shl eax, 3 add eax, edx shl eax, 3 lea ebp, [eax + 5] mov dl, byte [ebx + ref_004990f4] ; mov dl, byte [ebx + 0x4990f4] mov esi, ebx shl esi, 2 sub esi, ebx shl esi, 2 cmp dl, 1 jb near loc_00404266 ; jb 0x404266 jbe near loc_00404299 ; jbe 0x404299 cmp dl, 2 je near loc_004042ce ; je 0x4042ce jmp short loc_00404347 ; jmp 0x404347 loc_004043a8: mov ecx, dword [esp + 0x24] cmp ecx, 0xffffffff je near loc_00404488 ; je 0x404488 cmp byte [ecx + ref_004990f4], 0 ; cmp byte [ecx + 0x4990f4], 0 jne near loc_00404488 ; jne 0x404488 mov ebx, 6 mov eax, ecx mov edx, ecx sar edx, 0x1f idiv ebx mov ebx, edx shl ebx, 3 add ebx, edx shl ebx, 3 lea edi, [ebx + 4] mov esi, 6 mov eax, ecx mov edx, ecx sar edx, 0x1f idiv esi mov edx, eax shl eax, 3 add eax, edx shl eax, 3 lea ebp, [eax + 5] inc eax push eax add ebx, 8 push ebx mov ebx, dword [ref_0048a3c0] ; mov ebx, dword [0x48a3c0] mov eax, ecx shl eax, 2 sub eax, ecx shl eax, 2 lea edx, [ebx + 0xc] add eax, edx push eax mov ebx, dword [ref_0048a3a4] ; mov ebx, dword [0x48a3a4] push ebx call fcn_00456280 ; call 0x456280 add esp, 0x10 push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 cmp dword [esp + 0x24], 6 jge short loc_00404447 ; jge 0x404447 add ebp, 0x44 jmp short loc_0040444a ; jmp 0x40444a loc_00404447: sub ebp, 0x18 loc_0040444a: push 0xffffffffffffffec push 0x14 push 0x46 push ebp lea eax, [edi + 5] push eax mov eax, dword [ref_0048a3a4] ; mov eax, dword [0x48a3a4] push eax call fcn_004552e7 ; call 0x4552e7 add esp, 0x18 push 2 add ebp, 0xa push ebp add edi, 0x28 push edi imul eax, dword [esp + 0x30], 0x68 mov ecx, dword [eax + _rich4_players] ; mov ecx, dword [eax + 0x47e80c] push ecx mov ebx, dword [ref_0048a3a4] ; mov ebx, dword [0x48a3a4] push ebx call fcn_0044fabc ; call 0x44fabc add esp, 0x14 loc_00404488: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0xa push 4 mov esi, dword [ref_0048a3a4] ; mov esi, dword [0x48a3a4] push esi mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov dword [esp], 4 mov dword [esp + 8], 0x1bc mov dword [esp + 4], 0xa mov dword [esp + 0xc], 0xa5 push 0 lea eax, [esp + 4] push eax mov ebx, dword [ref_0048a3b4] ; mov ebx, dword [0x48a3b4] push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_004044fc: add esp, 0x10 pop ebp pop edi pop esi pop ebx ret fcn_00404504: push ebx push esi push edi push ebp sub esp, 0x1c push 0 push 3 push 0x101010 push 0xffffff push 0xf call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 0 push 0 movsx edx, word [ref_004991b6] ; movsx edx, word [0x4991b6] mov eax, edx shl eax, 2 add eax, edx shl eax, 2 lea edx, [eax + 1] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048a3b8] ; mov eax, dword [0x48a3b8] add eax, 0xc add eax, edx push eax mov edx, dword [ref_0048a3a0] ; mov edx, dword [0x48a3a0] push edx call fcn_00456280 ; call 0x456280 add esp, 0x10 mov eax, dword [ref_0046cb54] ; mov eax, dword [0x46cb54] movsx eax, word [eax*2 + ref_0046cc80] ; movsx eax, word [eax*2 + 0x46cc80] push eax push 0x96 mov eax, dword [ref_0048a3b8] ; mov eax, dword [0x48a3b8] add eax, 0x6c push eax mov ecx, dword [ref_0048a3a0] ; mov ecx, dword [0x48a3a0] push ecx call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 push 5 push 0xe4 push 8 push ref_00463138 ; push 0x463138 mov ebx, dword [ref_0048a3a0] ; mov ebx, dword [0x48a3a0] push ebx call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 5 push 0x108 push 8 push ref_00463141 ; push 0x463141 mov esi, dword [ref_0048a3a0] ; mov esi, dword [0x48a3a0] push esi call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 5 push 0x12c push 8 push ref_0046314a ; push 0x46314a mov edi, dword [ref_0048a3a0] ; mov edi, dword [0x48a3a0] push edi call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 5 push 0x150 push 8 push ref_00463153 ; push 0x463153 mov ebp, dword [ref_0048a3a0] ; mov ebp, dword [0x48a3a0] push ebp call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 5 push 0x174 push 8 push ref_0046315c ; push 0x46315c mov eax, dword [ref_0048a3a0] ; mov eax, dword [0x48a3a0] push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 5 push 0x198 push 8 push ref_00463165 ; push 0x463165 mov edx, dword [ref_0048a3a0] ; mov edx, dword [0x48a3a0] push edx call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 1 push 2 push 0x101010 push 0x101010 push 0xf call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov eax, dword [ref_0046cb40] ; mov eax, dword [0x46cb40] mov ecx, dword [eax*4 + ref_0046cb94] ; mov ecx, dword [eax*4 + 0x46cb94] push ecx push ref_0046316e ; push 0x46316e lea eax, [esp + 0x18] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 6 push 0x108 push 0x9b lea eax, [esp + 0x1c] push eax mov ebx, dword [ref_0048a3a0] ; mov ebx, dword [0x48a3a0] push ebx call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0046cb40] ; mov eax, dword [0x46cb40] mov edx, dword [ref_0046cb50] ; mov edx, dword [0x46cb50] mov eax, dword [eax*4 + ref_0046cb94] ; mov eax, dword [eax*4 + 0x46cb94] imul eax, dword [edx*4 + ref_0046cc00] ; imul eax, dword [edx*4 + 0x46cc00] test eax, eax je short loc_004046c3 ; je 0x4046c3 push eax push ref_0046316e ; push 0x46316e lea eax, [esp + 0x18] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc jmp short loc_004046d5 ; jmp 0x4046d5 loc_004046c3: push ref_00463171 ; push 0x463171 lea eax, [esp + 0x14] push eax call fcn_00457d96 ; call 0x457d96 add esp, 8 loc_004046d5: push 6 push 0x198 push 0x9b lea eax, [esp + 0x1c] push eax mov edi, dword [ref_0048a3a0] ; mov edi, dword [0x48a3a0] push edi call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 6 push 0xe4 push 0x9b mov eax, dword [ref_0046cb3c] ; mov eax, dword [0x46cb3c] mov ebp, dword [eax*4 + ref_0046cb88] ; mov ebp, dword [eax*4 + 0x46cb88] push ebp mov eax, dword [ref_0048a3a0] ; mov eax, dword [0x48a3a0] push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 6 push 0x12c push 0x9b mov eax, dword [ref_0046cb44] ; mov eax, dword [0x46cb44] mov edx, dword [eax*4 + ref_0046cbac] ; mov edx, dword [eax*4 + 0x46cbac] push edx mov ecx, dword [ref_0048a3a0] ; mov ecx, dword [0x48a3a0] push ecx call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 6 push 0x150 push 0x9b mov eax, dword [ref_0046cb48] ; mov eax, dword [0x46cb48] mov ebx, dword [eax*4 + ref_0046cbb8] ; mov ebx, dword [eax*4 + 0x46cbb8] push ebx mov esi, dword [ref_0048a3a0] ; mov esi, dword [0x48a3a0] push esi call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 6 push 0x174 push 0x9b mov eax, dword [ref_0046cb4c] ; mov eax, dword [0x46cb4c] mov edi, dword [eax*4 + ref_0046cbd0] ; mov edi, dword [eax*4 + 0x46cbd0] push edi mov ebp, dword [ref_0048a3a0] ; mov ebp, dword [0x48a3a0] push ebp call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0xa push 0x1bd mov eax, dword [ref_0048a3a0] ; mov eax, dword [0x48a3a0] push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov dword [esp], 0x1bd mov dword [esp + 8], 0x27d mov dword [esp + 4], 0xa mov dword [esp + 0xc], 0x1d7 push 0 lea eax, [esp + 4] push eax mov ebp, dword [ref_0048a3b4] ; mov ebp, dword [0x48a3b4] push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] add esp, 0x1c pop ebp pop edi pop esi pop ebx ret endloc_00404812: db 0x8b db 0xc0 ref_00404814: ; may contain a jump table dd loc_004048cb dd loc_00404950 dd loc_004049ec dd loc_00404a71 dd loc_00404af6 dd loc_00404b7a fcn_0040482c: push ebx push esi push edi push ebp sub esp, 0x94 mov ebx, dword [esp + 0xa8] movsx eax, word [ebx*8 + ref_0046cc8a] ; movsx eax, word [ebx*8 + 0x46cc8a] sub eax, 0xa push eax movsx eax, word [ebx*8 + ref_0046cc88] ; movsx eax, word [ebx*8 + 0x46cc88] sub eax, 0x1bd push eax movsx edx, word [ebx*2 + ref_0046ccb8] ; movsx edx, word [ebx*2 + 0x46ccb8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048a3b8] ; mov edx, dword [0x48a3b8] add edx, 0xc add eax, edx push eax mov edx, dword [ref_0048a3a0] ; mov edx, dword [0x48a3a0] push edx call fcn_00456280 ; call 0x456280 add esp, 0x10 movsx eax, word [ebx*8 + ref_0046cc88] ; movsx eax, word [ebx*8 + 0x46cc88] lea edx, [eax - 0x1bb] mov dword [esp + 0x90], edx movsx edi, word [ebx*8 + ref_0046cc8c] ; movsx edi, word [ebx*8 + 0x46cc8c] mov ebp, edi sub ebp, eax sub ebp, 3 sub edi, 0x1bf movsx esi, word [ebx*8 + ref_0046cc8a] ; movsx esi, word [ebx*8 + 0x46cc8a] sub esi, 5 cmp ebx, 5 ja near loc_00404c37 ; ja 0x404c37 mov eax, ebx jmp dword [eax*4 + ref_00404814] ; ujmp: jmp dword [eax*4 + 0x404814] loc_004048cb: xor ebx, ebx jmp short loc_004048fa ; jmp 0x4048fa loc_004048cf: push 6 lea eax, [esi + 8] push eax push edi mov edx, dword [ebx*4 + ref_0046cb88] ; mov edx, dword [ebx*4 + 0x46cb88] push edx mov ecx, dword [ref_0048a3a0] ; mov ecx, dword [0x48a3a0] push ecx call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx add esi, 0x17 cmp ebx, 3 jge near loc_00404c37 ; jge 0x404c37 loc_004048fa: cmp ebx, dword [esp + 0xac] je short loc_0040491d ; je 0x40491d push 1 push 2 push 0x101010 push 0x101010 loc_00404911: push 0xf call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 jmp short loc_004048cf ; jmp 0x4048cf loc_0040491d: push 0xaa0000 push 0x14 push ebp lea eax, [esi - 3] push eax mov edx, dword [esp + 0xa0] push edx mov ecx, dword [ref_0048a3a0] ; mov ecx, dword [0x48a3a0] push ecx call fcn_004561be ; call 0x4561be add esp, 0x18 push 1 push 2 push 0x101010 push 0xffffff jmp short loc_00404911 ; jmp 0x404911 loc_00404950: xor ebx, ebx jmp short loc_0040497c ; jmp 0x40497c loc_00404954: push 6 lea eax, [esi + 8] push eax push edi lea eax, [esp + 0xc] push eax mov ecx, dword [ref_0048a3a0] ; mov ecx, dword [0x48a3a0] push ecx call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx add esi, 0x17 cmp ebx, 6 jge near loc_00404c37 ; jge 0x404c37 loc_0040497c: mov edx, dword [ebx*4 + ref_0046cb94] ; mov edx, dword [ebx*4 + 0x46cb94] push edx push ref_0046316e ; push 0x46316e lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc cmp ebx, dword [esp + 0xac] je short loc_004049b9 ; je 0x4049b9 push 1 push 2 push 0x101010 push 0x101010 loc_004049ad: push 0xf call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 jmp short loc_00404954 ; jmp 0x404954 loc_004049b9: push 0xaa0000 push 0x14 push ebp lea eax, [esi - 3] push eax mov eax, dword [esp + 0xa0] push eax mov edx, dword [ref_0048a3a0] ; mov edx, dword [0x48a3a0] push edx call fcn_004561be ; call 0x4561be add esp, 0x18 push 1 push 2 push 0x101010 push 0xffffff jmp short loc_004049ad ; jmp 0x4049ad loc_004049ec: xor ebx, ebx jmp short loc_00404a1b ; jmp 0x404a1b loc_004049f0: push 6 lea eax, [esi + 8] push eax push edi mov edx, dword [ebx*4 + ref_0046cbac] ; mov edx, dword [ebx*4 + 0x46cbac] push edx mov ecx, dword [ref_0048a3a0] ; mov ecx, dword [0x48a3a0] push ecx call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx add esi, 0x17 cmp ebx, 3 jge near loc_00404c37 ; jge 0x404c37 loc_00404a1b: cmp ebx, dword [esp + 0xac] je short loc_00404a3e ; je 0x404a3e push 1 push 2 push 0x101010 push 0x101010 loc_00404a32: push 0xf call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 jmp short loc_004049f0 ; jmp 0x4049f0 loc_00404a3e: push 0xaa0000 push 0x14 push ebp lea eax, [esi - 3] push eax mov edx, dword [esp + 0xa0] push edx mov ecx, dword [ref_0048a3a0] ; mov ecx, dword [0x48a3a0] push ecx call fcn_004561be ; call 0x4561be add esp, 0x18 push 1 push 2 push 0x101010 push 0xffffff jmp short loc_00404a32 ; jmp 0x404a32 loc_00404a71: xor ebx, ebx jmp short loc_00404aa0 ; jmp 0x404aa0 loc_00404a75: push 6 lea eax, [esi + 8] push eax push edi mov edx, dword [ebx*4 + ref_0046cbb8] ; mov edx, dword [ebx*4 + 0x46cbb8] push edx mov ecx, dword [ref_0048a3a0] ; mov ecx, dword [0x48a3a0] push ecx call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx add esi, 0x17 cmp ebx, 6 jge near loc_00404c37 ; jge 0x404c37 loc_00404aa0: cmp ebx, dword [esp + 0xac] je short loc_00404ac3 ; je 0x404ac3 push 1 push 2 push 0x101010 push 0x101010 loc_00404ab7: push 0xf call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 jmp short loc_00404a75 ; jmp 0x404a75 loc_00404ac3: push 0xaa0000 push 0x14 push ebp lea eax, [esi - 3] push eax mov edx, dword [esp + 0xa0] push edx mov ecx, dword [ref_0048a3a0] ; mov ecx, dword [0x48a3a0] push ecx call fcn_004561be ; call 0x4561be add esp, 0x18 push 1 push 2 push 0x101010 push 0xffffff jmp short loc_00404ab7 ; jmp 0x404ab7 loc_00404af6: xor ebx, ebx jmp short loc_00404b25 ; jmp 0x404b25 loc_00404afa: push 6 lea eax, [esi + 8] push eax push edi mov edx, dword [ebx*4 + ref_0046cbd0] ; mov edx, dword [ebx*4 + 0x46cbd0] push edx mov ecx, dword [ref_0048a3a0] ; mov ecx, dword [0x48a3a0] push ecx call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx add esi, 0x17 cmp ebx, 6 jge near loc_00404c37 ; jge 0x404c37 loc_00404b25: cmp ebx, dword [esp + 0xac] je short loc_00404b48 ; je 0x404b48 push 1 push 2 push 0x101010 push 0x101010 loc_00404b3c: push 0xf call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 jmp short loc_00404afa ; jmp 0x404afa loc_00404b48: push 0xaa0000 push 0x14 push ebp lea eax, [esi - 3] push eax mov ecx, dword [esp + 0xa0] push ecx mov eax, dword [ref_0048a3a0] ; mov eax, dword [0x48a3a0] push eax call fcn_004561be ; call 0x4561be add esp, 0x18 push 1 push 2 push 0x101010 push 0xffffff jmp short loc_00404b3c ; jmp 0x404b3c loc_00404b7a: xor ebx, ebx jmp short loc_00404bd4 ; jmp 0x404bd4 loc_00404b7e: push ref_00463171 ; push 0x463171 lea eax, [esp + 4] push eax call fcn_00457d96 ; call 0x457d96 add esp, 8 loc_00404b90: cmp ebx, dword [esp + 0xac] je short loc_00404c01 ; je 0x404c01 push 1 push 2 push 0x101010 push 0x101010 loc_00404ba7: push 0xf call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 6 lea eax, [esi + 8] push eax push edi lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048a3a0] ; mov eax, dword [0x48a3a0] push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx add esi, 0x17 cmp ebx, 6 jge short loc_00404c37 ; jge 0x404c37 loc_00404bd4: mov eax, dword [ref_0046cb40] ; mov eax, dword [0x46cb40] mov eax, dword [eax*4 + ref_0046cb94] ; mov eax, dword [eax*4 + 0x46cb94] imul eax, dword [ebx*4 + ref_0046cc00] ; imul eax, dword [ebx*4 + 0x46cc00] test eax, eax je short loc_00404b7e ; je 0x404b7e push eax push ref_0046316e ; push 0x46316e lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc jmp short loc_00404b90 ; jmp 0x404b90 loc_00404c01: push 0xaa0000 push 0x14 push ebp lea eax, [esi - 3] push eax mov edx, dword [esp + 0xa0] push edx mov ecx, dword [ref_0048a3a0] ; mov ecx, dword [0x48a3a0] push ecx call fcn_004561be ; call 0x4561be add esp, 0x18 push 1 push 2 push 0x101010 push 0xffffff jmp near loc_00404ba7 ; jmp 0x404ba7 loc_00404c37: mov edx, dword [esp + 0xa8] movsx eax, word [edx*8 + ref_0046cc88] ; movsx eax, word [edx*8 + 0x46cc88] mov dword [esp + 0x80], eax movsx eax, word [edx*8 + ref_0046cc8a] ; movsx eax, word [edx*8 + 0x46cc8a] mov dword [esp + 0x84], eax movsx eax, word [edx*8 + ref_0046cc8c] ; movsx eax, word [edx*8 + 0x46cc8c] mov dword [esp + 0x88], eax movsx eax, word [edx*8 + ref_0046cc8e] ; movsx eax, word [edx*8 + 0x46cc8e] add eax, 2 mov dword [esp + 0x8c], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [esp + 0x8c] mov ebx, dword [esp + 0x84] sub eax, ebx push eax mov eax, dword [esp + 0x8c] mov esi, dword [esp + 0x84] sub eax, esi push eax lea eax, [ebx - 0xa] push eax lea eax, [esi - 0x1bd] push eax push ebx push esi mov eax, dword [ref_0048a3a0] ; mov eax, dword [0x48a3a0] push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x84] push eax mov ecx, dword [ref_0048a3b4] ; mov ecx, dword [0x48a3b4] push ecx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] add esp, 0x94 pop ebp pop edi pop esi pop ebx ret fcn_00404d0a: push ebx push esi push edi push ebp mov ebx, dword [esp + 0x18] mov eax, ebx shl eax, 2 sub eax, ebx add eax, dword [ref_0046cb44] ; add eax, dword [0x46cb44] lea esi, [eax + 9] mov ebx, dword [esp + 0x14] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 mov ecx, dword [eax + ref_0048a364] ; mov ecx, dword [eax + 0x48a364] test ecx, ecx je short loc_00404d43 ; je 0x404d43 push ecx call clib_free ; call 0x456e11 add esp, 4 loc_00404d43: mov ebx, dword [esp + 0x14] mov eax, ebx shl eax, 2 sub eax, ebx mov ebx, eax shl ebx, 2 mov eax, dword [esp + 0x18] mov dword [ebx + ref_0048a35c], eax ; mov dword [ebx + 0x48a35c], eax xor edi, edi mov dword [ebx + ref_0048a360], edi ; mov dword [ebx + 0x48a360], edi push edi push edi push esi mov ebp, dword [ref_0048a3b0] ; mov ebp, dword [0x48a3b0] push ebp call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx + ref_0048a364], eax ; mov dword [ebx + 0x48a364], eax pop ebp pop edi pop esi pop ebx ret fcn_00404d82: push ebx push esi push edi push ebp mov ebp, dword [esp + 0x14] xor edi, edi xor ebx, ebx jmp short loc_00404dc5 ; jmp 0x404dc5 loc_00404d90: test edi, edi je short loc_00404dbf ; je 0x404dbf push 0xc push esi lea edx, [ebx - 1] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 add eax, ref_0048a35c ; add eax, 0x48a35c push eax call _memcpy ; call 0x456de8 add esp, 0xc push 0xc push 0 push esi call memset ; call 0x456f60 add esp, 0xc loc_00404dbf: inc ebx cmp ebx, 4 jge short loc_00404e01 ; jge 0x404e01 loc_00404dc5: mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 mov esi, ref_0048a35c ; mov esi, 0x48a35c add esi, eax cmp ebp, dword [eax + ref_0048a35c] ; cmp ebp, dword [eax + 0x48a35c] jne short loc_00404d90 ; jne 0x404d90 mov ecx, dword [eax + ref_0048a364] ; mov ecx, dword [eax + 0x48a364] push ecx call clib_free ; call 0x456e11 add esp, 4 push 0xc push 0 push esi call memset ; call 0x456f60 add esp, 0xc mov edi, 1 jmp short loc_00404dbf ; jmp 0x404dbf loc_00404e01: xor ah, ah mov byte [ebp + ref_004990f4], ah ; mov byte [ebp + 0x4990f4], ah pop ebp pop edi pop esi pop ebx ret endloc_00404e0e: db 0x8b db 0xc0 ref_00404e10: ; may contain a jump table dd loc_00405339 dd loc_004053d9 dd loc_004053d9 dd loc_004054d8 dd loc_004054d8 dd loc_004054d8 dd loc_004054d8 dd loc_004054d8 dd loc_004054d8 dd loc_004055b9 dd loc_004055b9 dd loc_004055b9 dd loc_004055b9 fcn_00404e44: push ebx push esi push edi push ebp sub esp, 0x6c mov ebp, dword [esp + 0x80] mov eax, dword [esp + 0x84] mov edx, dword [esp + 0x88] mov ebx, dword [esp + 0x8c] mov ecx, dword [ref_0048a3ac] ; mov ecx, dword [0x48a3ac] test ecx, ecx jne near loc_00405c48 ; jne 0x405c48 cmp eax, 0x201 jb short loc_00404eb0 ; jb 0x404eb0 jbe near loc_004052bc ; jbe 0x4052bc cmp eax, 0x203 jb near loc_00405745 ; jb 0x405745 jbe near loc_004052bc ; jbe 0x4052bc cmp eax, 0x205 jb near loc_00405ee2 ; jb 0x405ee2 jbe near loc_00405ab0 ; jbe 0x405ab0 cmp eax, 0x401 je short loc_00404edb ; je 0x404edb jmp near loc_00405ee2 ; jmp 0x405ee2 loc_00404eb0: cmp eax, 0x113 jb short loc_00404ecd ; jb 0x404ecd jbe near loc_00404feb ; jbe 0x404feb cmp eax, 0x200 je near loc_00405163 ; je 0x405163 jmp near loc_00405ee2 ; jmp 0x405ee2 loc_00404ecd: cmp eax, 0xf je near loc_00405b04 ; je 0x405b04 jmp near loc_00405ee2 ; jmp 0x405ee2 loc_00404edb: mov dword [ref_0048a3c8], ecx ; mov dword [0x48a3c8], ecx mov dword [ref_0048a408], ecx ; mov dword [0x48a408], ecx mov dword [ref_0048a404], ebx ; mov dword [0x48a404], ebx mov bh, 0xff mov byte [ref_0048a40e], bh ; mov byte [0x48a40e], bh mov byte [ref_0048a40f], bh ; mov byte [0x48a40f], bh mov byte [ref_0048a40c], bh ; mov byte [0x48a40c], bh mov byte [ref_0048a410], bh ; mov byte [0x48a410], bh mov dword [ref_0048a3b4], ebp ; mov dword [0x48a3b4], ebp mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push ecx push 1 mov edx, ref_0048a068 ; mov edx, 0x48a068 push edx push ecx mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] push ebx call dword [eax + 0x64] ; ucall push 0x96000 mov esi, dword [ref_0048a354] ; mov esi, dword [0x48a354] push esi mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call _memcpy ; call 0x456de8 add esp, 0xc mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 mov edx, dword [ref_0048a0e0] ; mov edx, dword [0x48a0e0] push edx call dword [eax + 0x80] ; ucall xor ebx, ebx xor esi, esi jmp short loc_00404f65 ; jmp 0x404f65 loc_00404f5f: inc ebx cmp ebx, 0xc jge short loc_00404f71 ; jge 0x404f71 loc_00404f65: cmp byte [ebx + ref_004990f4], 0 ; cmp byte [ebx + 0x4990f4], 0 jne short loc_00404f5f ; jne 0x404f5f inc esi jmp short loc_00404f5f ; jmp 0x404f5f loc_00404f71: mov eax, dword [ref_0046cb3c] ; mov eax, dword [0x46cb3c] inc eax cmp esi, eax jge short loc_00404f82 ; jge 0x404f82 dec esi mov dword [ref_0046cb3c], esi ; mov dword [0x46cb3c], esi loc_00404f82: movsx eax, byte [ref_0048a410] ; movsx eax, byte [0x48a410] push eax call fcn_0040423c ; call 0x40423c add esp, 4 call fcn_00404504 ; call 0x404504 push 0 push 0x64 mov edx, dword [_callbackSize] ; mov edx, dword [0x46cad8] push edx push ebp call dword [cs:__imp__SetTimer@16] ; ucall: call dword cs:[0x462324] mov dword [ref_0048a3c4], eax ; mov dword [0x48a3c4], eax cmp dword [ref_0048a404], 0 ; cmp dword [0x48a404], 0 jne short loc_00404fcc ; jne 0x404fcc push 1 call fcn_00402460 ; call 0x402460 add esp, 4 xor bh, bh mov byte [ref_0048a40d], bh ; mov byte [0x48a40d], bh jmp short loc_00404fd3 ; jmp 0x404fd3 loc_00404fcc: mov byte [ref_0048a40d], 1 ; mov byte [0x48a40d], 1 loc_00404fd3: push 0 push 0 push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_00404fdf: xor eax, eax loc_00404fe1: add esp, 0x6c loc_00404fe4: pop ebp pop edi pop esi pop ebx ret 0x10 loc_00404feb: cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je short loc_00404fdf ; je 0x404fdf cmp edx, dword [_callbackSize] ; cmp edx, dword [0x46cad8] jne short loc_00404fdf ; jne 0x404fdf mov edx, dword [ref_0048a3c8] ; mov edx, dword [0x48a3c8] add edx, 4 mov dword [ref_0048a3c8], edx ; mov dword [0x48a3c8], edx cmp edx, 0x500 jl short loc_00405019 ; jl 0x405019 mov dword [ref_0048a3c8], ecx ; mov dword [0x48a3c8], ecx loc_00405019: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov esi, dword [ref_0048a3c8] ; mov esi, dword [0x48a3c8] push esi mov edi, dword [ref_0048a354] ; mov edi, dword [0x48a354] push edi mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456180 ; call 0x456180 add esp, 0xc xor ebx, ebx loc_0040504d: mov eax, dword [ref_0046cb3c] ; mov eax, dword [0x46cb3c] add eax, 2 cmp ebx, eax jge near loc_004050d1 ; jge 0x4050d1 mov esi, ebx shl esi, 2 sub esi, ebx shl esi, 2 cmp dword [esi + ref_0048a364], 0 ; cmp dword [esi + 0x48a364], 0 je short loc_004050cb ; je 0x4050cb push 0x1b8 mov eax, dword [ref_0046cb3c] ; mov eax, dword [0x46cb3c] shl eax, 4 mov edx, ebx mov ecx, dword [eax + edx*4 + ref_0046cb58] ; mov ecx, dword [eax + edx*4 + 0x46cb58] push ecx mov edi, dword [esi + ref_0048a360] ; mov edi, dword [esi + 0x48a360] push edi mov eax, dword [esi + ref_0048a364] ; mov eax, dword [esi + 0x48a364] push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045663e ; call 0x45663e add esp, 0x14 mov eax, dword [esi + ref_0048a364] ; mov eax, dword [esi + 0x48a364] mov eax, dword [eax + 4] dec eax mov ecx, dword [esi + ref_0048a360] ; mov ecx, dword [esi + 0x48a360] cmp eax, ecx jle short loc_004050c3 ; jle 0x4050c3 lea eax, [ecx + 1] mov dword [esi + ref_0048a360], eax ; mov dword [esi + 0x48a360], eax jmp short loc_004050cb ; jmp 0x4050cb loc_004050c3: xor edi, edi mov dword [esi + ref_0048a360], edi ; mov dword [esi + 0x48a360], edi loc_004050cb: inc ebx jmp near loc_0040504d ; jmp 0x40504d loc_004050d1: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0xa push 4 mov ebx, dword [ref_0048a3a4] ; mov ebx, dword [0x48a3a4] push ebx mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0xa push 0x1bd mov edi, dword [ref_0048a3a0] ; mov edi, dword [0x48a3a0] push edi mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0 push 0 push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] cmp dword [ref_0048a404], 0 ; cmp dword [0x48a404], 0 je near loc_00404fdf ; je 0x404fdf mov ecx, dword [ref_0048a408] ; mov ecx, dword [0x48a408] inc ecx mov dword [ref_0048a408], ecx ; mov dword [0x48a408], ecx cmp ecx, 0xa jne near loc_00404fdf ; jne 0x404fdf mov byte [ref_0048a40e], 1 ; mov byte [0x48a40e], 1 push 0 push 0 push 0x202 loc_00405156: push ebp call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] jmp near loc_00404fdf ; jmp 0x404fdf loc_00405163: cmp dword [ref_0048a404], 0 ; cmp dword [0x48a404], 0 jne near loc_00404fdf ; jne 0x404fdf xor esi, esi mov si, bx mov eax, ebx shr eax, 0x10 and eax, 0xffff xor edi, edi mov di, ax cmp esi, 8 jl near loc_00405205 ; jl 0x405205 cmp esi, 0x1b8 jge near loc_00405205 ; jge 0x405205 cmp edi, 0xf jl short loc_00405205 ; jl 0x405205 cmp edi, 0x9f jge short loc_00405205 ; jge 0x405205 lea edx, [edi - 0xf] mov ebx, 0x48 mov eax, edx sar edx, 0x1f idiv ebx mov ebx, eax shl ebx, 2 sub ebx, eax add ebx, ebx lea edx, [esi - 8] mov ebp, 0x48 mov eax, edx sar edx, 0x1f idiv ebp add ebx, eax movsx eax, byte [ref_0048a410] ; movsx eax, byte [0x48a410] cmp ebx, eax je short loc_00405222 ; je 0x405222 mov byte [ref_0048a410], bl ; mov byte [0x48a410], bl movsx eax, bl cmp byte [eax + ref_004990f4], 0 ; cmp byte [eax + 0x4990f4], 0 jne short loc_00405222 ; jne 0x405222 push ecx mov eax, ref_0048231a ; mov eax, 0x48231a push eax call fcn_004542ce ; call 0x4542ce add esp, 8 movsx eax, byte [ref_0048a410] ; movsx eax, byte [0x48a410] push eax jmp short loc_0040521a ; jmp 0x40521a loc_00405205: movsx eax, byte [ref_0048a410] ; movsx eax, byte [0x48a410] cmp eax, 0xffffffff je short loc_00405222 ; je 0x405222 mov byte [ref_0048a410], 0xff ; mov byte [0x48a410], 0xff push 0xffffffffffffffff loc_0040521a: call fcn_0040423c ; call 0x40423c add esp, 4 loc_00405222: movsx ebp, byte [ref_0048a40f] ; movsx ebp, byte [0x48a40f] cmp ebp, 0xffffffff je near loc_00404fdf ; je 0x404fdf mov eax, ebp shl eax, 3 movsx edx, word [eax + ref_0046cc88] ; movsx edx, word [eax + 0x46cc88] cmp esi, edx jl short loc_00405299 ; jl 0x405299 movsx edx, word [eax + ref_0046cc8a] ; movsx edx, word [eax + 0x46cc8a] cmp edi, edx jl short loc_00405299 ; jl 0x405299 movsx ebx, word [eax + ref_0046cc8c] ; movsx ebx, word [eax + 0x46cc8c] cmp esi, ebx jge short loc_00405299 ; jge 0x405299 movsx eax, word [eax + ref_0046cc8e] ; movsx eax, word [eax + 0x46cc8e] cmp edi, eax jge short loc_00405299 ; jge 0x405299 sub edi, edx mov edx, edi mov ebx, 0x17 mov eax, edi sar edx, 0x1f idiv ebx mov ebx, eax movsx eax, byte [ref_0048a40c] ; movsx eax, byte [0x48a40c] cmp ebx, eax je near loc_00404fdf ; je 0x404fdf mov byte [ref_0048a40c], bl ; mov byte [0x48a40c], bl movsx eax, bl push eax push ebp loc_0040528f: call fcn_0040482c ; call 0x40482c jmp near loc_004054d0 ; jmp 0x4054d0 loc_00405299: movsx eax, byte [ref_0048a40c] ; movsx eax, byte [0x48a40c] cmp eax, 0xffffffff je near loc_00404fdf ; je 0x404fdf mov byte [ref_0048a40c], 0xff ; mov byte [0x48a40c], 0xff push 0xffffffffffffffff movsx eax, byte [ref_0048a40f] ; movsx eax, byte [0x48a40f] push eax jmp short loc_0040528f ; jmp 0x40528f loc_004052bc: mov esi, dword [ref_0048a404] ; mov esi, dword [0x48a404] test esi, esi jne near loc_00404fdf ; jne 0x404fdf mov si, bx mov eax, ebx shr eax, 0x10 and eax, 0xffff xor edi, edi mov di, ax movsx eax, byte [ref_0048a40f] ; movsx eax, byte [0x48a40f] cmp eax, 0xffffffff jne near loc_0040566f ; jne 0x40566f xor ebx, ebx jmp short loc_004052f6 ; jmp 0x4052f6 loc_004052f0: inc ebx cmp ebx, 0xd jge short loc_00405327 ; jge 0x405327 loc_004052f6: mov eax, ebx shl eax, 3 movsx edx, word [eax + ref_0046cc18] ; movsx edx, word [eax + 0x46cc18] cmp esi, edx jl short loc_004052f0 ; jl 0x4052f0 movsx edx, word [eax + ref_0046cc1a] ; movsx edx, word [eax + 0x46cc1a] cmp edi, edx jl short loc_004052f0 ; jl 0x4052f0 movsx edx, word [eax + ref_0046cc1c] ; movsx edx, word [eax + 0x46cc1c] cmp esi, edx jge short loc_004052f0 ; jge 0x4052f0 movsx eax, word [eax + ref_0046cc1e] ; movsx eax, word [eax + 0x46cc1e] cmp edi, eax jge short loc_004052f0 ; jge 0x4052f0 loc_00405327: cmp ebx, 0xc ja near loc_00404fdf ; ja 0x404fdf mov eax, ebx jmp dword [eax*4 + ref_00404e10] ; ujmp: jmp dword [eax*4 + 0x404e10] loc_00405339: movsx eax, byte [ref_0048a410] ; movsx eax, byte [0x48a410] cmp eax, 0xffffffff je near loc_00404fdf ; je 0x404fdf cmp byte [eax + ref_004990f4], 0 ; cmp byte [eax + 0x4990f4], 0 jne short loc_0040539e ; jne 0x40539e mov ebx, dword [ref_0046cb3c] ; mov ebx, dword [0x46cb3c] add ebx, 2 movsx edx, byte [ref_0048a40d] ; movsx edx, byte [0x48a40d] cmp edx, ebx jge short loc_0040539e ; jge 0x40539e mov byte [eax + ref_004990f4], 1 ; mov byte [eax + 0x4990f4], 1 push eax push edx call fcn_00404d0a ; call 0x404d0a add esp, 8 push 0 push ref_00482322 ; push 0x482322 inc byte [ref_0048a40d] ; inc byte [0x48a40d] loc_00405384: call fcn_004542ce ; call 0x4542ce add esp, 8 movsx eax, byte [ref_0048a410] ; movsx eax, byte [0x48a410] push eax call fcn_0040423c ; call 0x40423c jmp near loc_00405afc ; jmp 0x405afc loc_0040539e: movsx eax, byte [ref_0048a410] ; movsx eax, byte [0x48a410] cmp byte [eax + ref_004990f4], 1 ; cmp byte [eax + 0x4990f4], 1 jne near loc_00404fdf ; jne 0x404fdf push eax call fcn_00404d82 ; call 0x404d82 add esp, 4 movsx eax, byte [ref_0048a410] ; movsx eax, byte [0x48a410] xor bl, bl mov byte [eax + ref_004990f4], bl ; mov byte [eax + 0x4990f4], bl push 0 push ref_00482322 ; push 0x482322 dec byte [ref_0048a40d] ; dec byte [0x48a40d] jmp short loc_00405384 ; jmp 0x405384 loc_004053d9: mov byte [ref_0048a40e], bl ; mov byte [0x48a40e], bl mov esi, ebx shl esi, 3 movsx eax, word [esi + ref_0046cc1a] ; movsx eax, word [esi + 0x46cc1a] sub eax, 0xa push eax movsx eax, word [esi + ref_0046cc18] ; movsx eax, word [esi + 0x46cc18] sub eax, 0x1bd push eax lea edx, [ebx + 1] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048a3b8] ; mov eax, dword [0x48a3b8] add eax, 0xc add eax, edx push eax mov edx, dword [ref_0048a3a0] ; mov edx, dword [0x48a3a0] push edx call fcn_00456280 ; call 0x456280 add esp, 0x10 movsx eax, word [esi + ref_0046cc18] ; movsx eax, word [esi + 0x46cc18] mov dword [esp + 0x40], eax movsx eax, word [esi + ref_0046cc1c] ; movsx eax, word [esi + 0x46cc1c] mov dword [esp + 0x48], eax movsx eax, word [esi + ref_0046cc1a] ; movsx eax, word [esi + 0x46cc1a] mov dword [esp + 0x44], eax movsx eax, word [esi + ref_0046cc1e] ; movsx eax, word [esi + 0x46cc1e] mov dword [esp + 0x4c], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [esp + 0x4c] mov ecx, dword [esp + 0x44] sub eax, ecx push eax mov eax, dword [esp + 0x4c] mov ebx, dword [esp + 0x44] sub eax, ebx push eax lea eax, [ecx - 0xa] push eax lea eax, [ebx - 0x1bd] push eax push ecx push ebx mov edx, dword [ref_0048a3a0] ; mov edx, dword [0x48a3a0] push edx mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 add esi, 8 add esi, ref_0048231a ; add esi, 0x48231a push esi loc_004054cb: call fcn_004542ce ; call 0x4542ce loc_004054d0: add esp, 8 jmp near loc_00404fdf ; jmp 0x404fdf loc_004054d8: mov byte [ref_0048a40e], bl ; mov byte [0x48a40e], bl movsx eax, word [ebx*8 + ref_0046cc1a] ; movsx eax, word [ebx*8 + 0x46cc1a] sub eax, 0xa push eax movsx eax, word [ebx*8 + ref_0046cc18] ; movsx eax, word [ebx*8 + 0x46cc18] sub eax, 0x1bd push eax mov eax, dword [ref_0048a3b8] ; mov eax, dword [0x48a3b8] add eax, 0x3c push eax mov edi, dword [ref_0048a3a0] ; mov edi, dword [0x48a3a0] push edi call fcn_00456280 ; call 0x456280 add esp, 0x10 movsx eax, word [ebx*8 + ref_0046cc18] ; movsx eax, word [ebx*8 + 0x46cc18] mov dword [esp + 0x40], eax movsx eax, word [ebx*8 + ref_0046cc1c] ; movsx eax, word [ebx*8 + 0x46cc1c] mov dword [esp + 0x48], eax movsx eax, word [ebx*8 + ref_0046cc1a] ; movsx eax, word [ebx*8 + 0x46cc1a] mov dword [esp + 0x44], eax movsx eax, word [ebx*8 + ref_0046cc1e] ; movsx eax, word [ebx*8 + 0x46cc1e] mov dword [esp + 0x4c], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [esp + 0x4c] mov edx, dword [esp + 0x44] sub eax, edx push eax mov eax, dword [esp + 0x4c] mov ecx, dword [esp + 0x44] sub eax, ecx push eax lea eax, [edx - 0xa] push eax lea eax, [ecx - 0x1bd] push eax push edx push ecx mov edi, dword [ref_0048a3a0] ; mov edi, dword [0x48a3a0] push edi mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 push ref_0048231a ; push 0x48231a jmp near loc_004054cb ; jmp 0x4054cb loc_004055b9: sub ebx, 9 cmp ebx, dword [ref_0046cb54] ; cmp ebx, dword [0x46cb54] je near loc_00404fdf ; je 0x404fdf push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 mov dword [ref_0046cb54], ebx ; mov dword [0x46cb54], ebx push 0xf push 0x8a mov ebx, dword [ref_0048a390] ; mov ebx, dword [0x48a390] push ebx mov esi, dword [ref_0048a3a0] ; mov esi, dword [0x48a3a0] push esi call fcn_00456280 ; call 0x456280 add esp, 0x10 mov eax, dword [ref_0046cb54] ; mov eax, dword [0x46cb54] movsx eax, word [eax*2 + ref_0046cc80] ; movsx eax, word [eax*2 + 0x46cc80] push eax push 0x96 mov eax, dword [ref_0048a3b8] ; mov eax, dword [0x48a3b8] add eax, 0x6c push eax mov edi, dword [ref_0048a3a0] ; mov edi, dword [0x48a3a0] push edi call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 push 0 mov eax, dword [ref_0048a358] ; mov eax, dword [0x48a358] push eax movsx eax, word [ref_004991b6] ; movsx eax, word [0x4991b6] shl eax, 2 add eax, dword [ref_0046cb54] ; add eax, dword [0x46cb54] push eax mov ecx, dword [ref_0048a3b0] ; mov ecx, dword [0x48a3b0] push ecx call fcn_00450441 ; call 0x450441 add esp, 0x10 push 0xfffffffffffffff0 push 0x96000 mov ebx, dword [ref_0048a358] ; mov ebx, dword [0x48a358] push ebx mov esi, dword [ref_0048a354] ; mov esi, dword [0x48a354] push esi call fcn_004552b7 ; call 0x4552b7 add esp, 0x10 jmp near loc_00404fd3 ; jmp 0x404fd3 loc_0040566f: movsx edx, byte [ref_0048a40c] ; movsx edx, byte [0x48a40c] cmp edx, 0xffffffff je near loc_00405735 ; je 0x405735 shl eax, 2 cmp edx, dword [eax + ref_0046cb3c] ; cmp edx, dword [eax + 0x46cb3c] je near loc_0040571d ; je 0x40571d mov dword [eax + ref_0046cb3c], edx ; mov dword [eax + 0x46cb3c], edx mov al, byte [ref_0048a40f] ; mov al, byte [0x48a40f] test al, al jbe short loc_004056a6 ; jbe 0x4056a6 cmp al, 2 je short loc_004056ee ; je 0x4056ee jmp near loc_0040571d ; jmp 0x40571d loc_004056a6: mov ebx, 3 loc_004056ab: mov eax, dword [ref_0046cb3c] ; mov eax, dword [0x46cb3c] add eax, 2 cmp ebx, eax jl short loc_004056e2 ; jl 0x4056e2 mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 cmp dword [eax + ref_0048a364], 0 ; cmp dword [eax + 0x48a364], 0 je short loc_004056df ; je 0x4056df mov edx, dword [eax + ref_0048a35c] ; mov edx, dword [eax + 0x48a35c] push edx call fcn_00404d82 ; call 0x404d82 add esp, 4 dec byte [ref_0048a40d] ; dec byte [0x48a40d] loc_004056df: dec ebx jmp short loc_004056ab ; jmp 0x4056ab loc_004056e2: push 0xffffffffffffffff call fcn_0040423c ; call 0x40423c add esp, 4 jmp short loc_0040571d ; jmp 0x40571d loc_004056ee: xor ebx, ebx jmp short loc_004056f8 ; jmp 0x4056f8 loc_004056f2: inc ebx cmp ebx, 4 jge short loc_0040571d ; jge 0x40571d loc_004056f8: mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 cmp dword [eax + ref_0048a364], 0 ; cmp dword [eax + 0x48a364], 0 je short loc_004056f2 ; je 0x4056f2 mov edi, dword [eax + ref_0048a35c] ; mov edi, dword [eax + 0x48a35c] push edi push ebx call fcn_00404d0a ; call 0x404d0a add esp, 8 jmp short loc_004056f2 ; jmp 0x4056f2 loc_0040571d: mov ch, 0xff mov byte [ref_0048a40f], ch ; mov byte [0x48a40f], ch mov byte [ref_0048a40c], ch ; mov byte [0x48a40c], ch loc_0040572b: call fcn_00404504 ; call 0x404504 jmp near loc_00404fdf ; jmp 0x404fdf loc_00405735: mov bh, 0xff mov byte [ref_0048a40f], bh ; mov byte [0x48a40f], bh mov byte [ref_0048a40c], bh ; mov byte [0x48a40c], bh jmp short loc_0040572b ; jmp 0x40572b loc_00405745: movsx eax, byte [ref_0048a40e] ; movsx eax, byte [0x48a40e] cmp eax, 0xffffffff je near loc_00404fdf ; je 0x404fdf mov al, byte [ref_0048a40e] ; mov al, byte [0x48a40e] cmp al, 1 jb near loc_00405a49 ; jb 0x405a49 jbe short loc_00405771 ; jbe 0x405771 cmp al, 2 je near loc_00405924 ; je 0x405924 jmp near loc_00405a49 ; jmp 0x405a49 loc_00405771: movsx eax, al movsx eax, word [eax*8 + ref_0046cc1a] ; movsx eax, word [eax*8 + 0x46cc1a] sub eax, 0xa push eax movsx eax, byte [ref_0048a40e] ; movsx eax, byte [0x48a40e] movsx eax, word [eax*8 + ref_0046cc18] ; movsx eax, word [eax*8 + 0x46cc18] sub eax, 0x1bd push eax mov esi, dword [ref_0048a398] ; mov esi, dword [0x48a398] push esi mov edi, dword [ref_0048a3a0] ; mov edi, dword [0x48a3a0] push edi call fcn_00456280 ; call 0x456280 add esp, 0x10 movsx eax, byte [ref_0048a40e] ; movsx eax, byte [0x48a40e] movsx eax, word [eax*8 + ref_0046cc18] ; movsx eax, word [eax*8 + 0x46cc18] mov dword [esp + 0x40], eax movsx eax, byte [ref_0048a40e] ; movsx eax, byte [0x48a40e] movsx eax, word [eax*8 + ref_0046cc1c] ; movsx eax, word [eax*8 + 0x46cc1c] mov dword [esp + 0x48], eax movsx eax, byte [ref_0048a40e] ; movsx eax, byte [0x48a40e] movsx eax, word [eax*8 + ref_0046cc1a] ; movsx eax, word [eax*8 + 0x46cc1a] mov dword [esp + 0x44], eax movsx eax, byte [ref_0048a40e] ; movsx eax, byte [0x48a40e] movsx eax, word [eax*8 + ref_0046cc1e] ; movsx eax, word [eax*8 + 0x46cc1e] mov dword [esp + 0x4c], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 push 1 mov edx, ref_0048a068 ; mov edx, 0x48a068 push edx push 0 mov edx, dword [ref_0048a0e0] ; mov edx, dword [0x48a0e0] push edx call dword [eax + 0x64] ; ucall mov eax, dword [esp + 0x4c] mov ecx, dword [esp + 0x44] sub eax, ecx push eax mov eax, dword [esp + 0x4c] mov ebx, dword [esp + 0x44] sub eax, ebx push eax lea eax, [ecx - 0xa] push eax lea eax, [ebx - 0x1bd] push eax push ecx push ebx mov eax, dword [ref_0048a3a0] ; mov eax, dword [0x48a3a0] push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx call dword [eax + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] cmp byte [ref_0048a40d], 0 ; cmp byte [0x48a40d], 0 je near loc_00405aa4 ; je 0x405aa4 push 0x18 push 0 mov eax, ref_0048a3cc ; mov eax, 0x48a3cc push eax call memset ; call 0x456f60 add esp, 0xc mov ebx, 0xa mov dword [ref_0048a3cc], ebx ; mov dword [0x48a3cc], ebx mov dword [ref_0048a3e4], ebx ; mov dword [0x48a3e4], ebx mov dword [ref_0048a3e8], 0x1bd ; mov dword [0x48a3e8], 0x1bd mov eax, dword [ref_0046cb3c] ; mov eax, dword [0x46cb3c] shl eax, 4 mov eax, dword [eax + ref_0046cb58] ; mov eax, dword [eax + 0x46cb58] mov dword [ref_0048a3ec], eax ; mov dword [0x48a3ec], eax mov eax, dword [ref_0046cb3c] ; mov eax, dword [0x46cb3c] shl eax, 4 mov eax, dword [eax + ref_0046cb5c] ; mov eax, dword [eax + 0x46cb5c] mov dword [ref_0048a3f0], eax ; mov dword [0x48a3f0], eax mov eax, dword [ref_0046cb3c] ; mov eax, dword [0x46cb3c] shl eax, 4 mov eax, dword [eax + ref_0046cb60] ; mov eax, dword [eax + 0x46cb60] mov dword [ref_0048a3f4], eax ; mov dword [0x48a3f4], eax mov eax, dword [ref_0046cb3c] ; mov eax, dword [0x46cb3c] shl eax, 4 mov eax, dword [eax + ref_0046cb64] ; mov eax, dword [eax + 0x46cb64] mov dword [ref_0048a3f8], eax ; mov dword [0x48a3f8], eax mov dword [ref_0048a3fc], 6 ; mov dword [0x48a3fc], 6 mov dword [ref_0048a400], 4 ; mov dword [0x48a400], 4 mov dword [ref_0048a3ac], 1 ; mov dword [0x48a3ac], 1 push 0 call fcn_00402460 ; call 0x402460 loc_0040591c: add esp, 4 jmp near loc_00405aa4 ; jmp 0x405aa4 loc_00405924: movsx eax, al movsx eax, word [eax*8 + ref_0046cc1a] ; movsx eax, word [eax*8 + 0x46cc1a] sub eax, 0xa push eax movsx eax, byte [ref_0048a40e] ; movsx eax, byte [0x48a40e] movsx eax, word [eax*8 + ref_0046cc18] ; movsx eax, word [eax*8 + 0x46cc18] sub eax, 0x1bd push eax mov esi, dword [ref_0048a394] ; mov esi, dword [0x48a394] push esi mov edi, dword [ref_0048a3a0] ; mov edi, dword [0x48a3a0] push edi call fcn_00456280 ; call 0x456280 add esp, 0x10 movsx eax, byte [ref_0048a40e] ; movsx eax, byte [0x48a40e] movsx eax, word [eax*8 + ref_0046cc18] ; movsx eax, word [eax*8 + 0x46cc18] mov dword [esp + 0x40], eax movsx eax, byte [ref_0048a40e] ; movsx eax, byte [0x48a40e] movsx eax, word [eax*8 + ref_0046cc1c] ; movsx eax, word [eax*8 + 0x46cc1c] mov dword [esp + 0x48], eax movsx eax, byte [ref_0048a40e] ; movsx eax, byte [0x48a40e] movsx eax, word [eax*8 + ref_0046cc1a] ; movsx eax, word [eax*8 + 0x46cc1a] mov dword [esp + 0x44], eax movsx eax, byte [ref_0048a40e] ; movsx eax, byte [0x48a40e] movsx eax, word [eax*8 + ref_0046cc1e] ; movsx eax, word [eax*8 + 0x46cc1e] mov dword [esp + 0x4c], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 push 1 mov edx, ref_0048a068 ; mov edx, 0x48a068 push edx push 0 mov edx, dword [ref_0048a0e0] ; mov edx, dword [0x48a0e0] push edx call dword [eax + 0x64] ; ucall mov eax, dword [esp + 0x4c] mov ecx, dword [esp + 0x44] sub eax, ecx push eax mov eax, dword [esp + 0x4c] mov ebx, dword [esp + 0x44] sub eax, ebx push eax lea eax, [ecx - 0xa] push eax lea eax, [ebx - 0x1bd] push eax push ecx push ebx mov eax, dword [ref_0048a3a0] ; mov eax, dword [0x48a3a0] push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx call dword [eax + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov ebx, dword [ref_0048a3c4] ; mov ebx, dword [0x48a3c4] push ebx push ebp call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] push 0 call _Post_0402_Message ; call 0x401966 jmp near loc_0040591c ; jmp 0x40591c loc_00405a49: movsx eax, byte [ref_0048a40e] ; movsx eax, byte [0x48a40e] movsx edx, word [eax*8 + ref_0046cc1a] ; movsx edx, word [eax*8 + 0x46cc1a] sub edx, 0xa push edx movsx eax, word [eax*8 + ref_0046cc18] ; movsx eax, word [eax*8 + 0x46cc18] sub eax, 0x1bd push eax mov ecx, dword [ref_0048a39c] ; mov ecx, dword [0x48a39c] push ecx mov ebx, dword [ref_0048a3a0] ; mov ebx, dword [0x48a3a0] push ebx call fcn_00456280 ; call 0x456280 add esp, 0x10 mov al, byte [ref_0048a40e] ; mov al, byte [0x48a40e] sub al, 3 mov byte [ref_0048a40f], al ; mov byte [0x48a40f], al movsx eax, byte [ref_0048a40c] ; movsx eax, byte [0x48a40c] push eax movsx eax, byte [ref_0048a40f] ; movsx eax, byte [0x48a40f] push eax call fcn_0040482c ; call 0x40482c add esp, 8 loc_00405aa4: mov byte [ref_0048a40e], 0xff ; mov byte [0x48a40e], 0xff jmp near loc_00404fdf ; jmp 0x404fdf loc_00405ab0: mov ecx, dword [ref_0048a404] ; mov ecx, dword [0x48a404] test ecx, ecx jne near loc_00404fdf ; jne 0x404fdf movsx eax, byte [ref_0048a40f] ; movsx eax, byte [0x48a40f] cmp eax, 0xffffffff je short loc_00405add ; je 0x405add mov ah, 0xff mov byte [ref_0048a40f], ah ; mov byte [0x48a40f], ah mov byte [ref_0048a40c], ah ; mov byte [0x48a40c], ah jmp near loc_0040572b ; jmp 0x40572b loc_00405add: push ecx call fcn_00402460 ; call 0x402460 add esp, 4 mov ebx, dword [ref_0048a3c4] ; mov ebx, dword [0x48a3c4] push ebx push ebp call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] push 0 loc_00405af7: call _Post_0402_Message ; call 0x401966 loc_00405afc: add esp, 4 jmp near loc_00404fdf ; jmp 0x404fdf loc_00405b04: mov eax, esp push eax push ebp call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] cmp dword [esp + 0xc], 0 jne near loc_00405bfb ; jne 0x405bfb cmp dword [esp + 0x14], 0x1e0 jne near loc_00405bfb ; jne 0x405bfb lea eax, [esp + 0x40] push eax call fcn_004024c0 ; call 0x4024c0 add esp, 4 xor eax, eax mov dword [esp + 0x50], eax mov dword [esp + 0x58], 0x280 mov ecx, dword [esp + 0x44] test ecx, ecx jle short loc_00405b78 ; jle 0x405b78 xor ebx, ebx mov dword [esp + 0x54], eax mov dword [esp + 0x5c], ecx mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov eax, dword [eax] push 0x10 lea edx, [esp + 0x54] push edx mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] push esi mov edi, ebx push edi push ebx mov ecx, dword [ref_0048a0dc] ; mov ecx, dword [0x48a0dc] push ecx call dword [eax + 0x1c] ; ucall loc_00405b78: mov eax, dword [esp + 0x44] mov dword [esp + 0x54], eax mov eax, dword [esp + 0x4c] mov dword [esp + 0x5c], eax push 0 call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ebx, [esp + 0x54] push ebx mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] push ebx mov esi, dword [esp + 0x60] push esi mov edi, dword [esp + 0x60] push edi push eax call dword [edx + 0x1c] ; ucall push 0 call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, dword [esp + 0x4c] cmp eax, 0x1e0 jge short loc_00405c38 ; jge 0x405c38 mov dword [esp + 0x54], eax mov dword [esp + 0x5c], 0x1e0 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ebx, [esp + 0x54] push ebx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [esp + 0x58] push ebx mov esi, dword [esp + 0x60] push esi push eax call dword [edx + 0x1c] ; ucall jmp short loc_00405c38 ; jmp 0x405c38 loc_00405bfb: lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ebx, [esp + 0xc] push ebx mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] push ebx mov esi, dword [esp + 0x18] push esi mov edi, dword [esp + 0x18] push edi push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 loc_00405c38: mov eax, esp push eax push ebp call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_00404fdf ; jmp 0x404fdf loc_00405c48: cmp ecx, 1 jne near loc_00405eb8 ; jne 0x405eb8 cmp eax, 0xf jb near loc_00405ee2 ; jb 0x405ee2 jbe near loc_00405d8f ; jbe 0x405d8f cmp eax, 0x113 jne near loc_00405ee2 ; jne 0x405ee2 cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je near loc_00404fdf ; je 0x404fdf cmp edx, dword [_callbackSize] ; cmp edx, dword [0x46cad8] jne near loc_00404fdf ; jne 0x404fdf mov eax, dword [ref_0048a3c8] ; mov eax, dword [0x48a3c8] add eax, 4 mov dword [ref_0048a3c8], eax ; mov dword [0x48a3c8], eax cmp eax, 0x500 jl short loc_00405ca0 ; jl 0x405ca0 xor ecx, ecx mov dword [ref_0048a3c8], ecx ; mov dword [0x48a3c8], ecx loc_00405ca0: mov eax, dword [ref_0048a3cc] ; mov eax, dword [0x48a3cc] lea edx, [eax + 1] mov dword [ref_0048a3cc], edx ; mov dword [0x48a3cc], edx cmp eax, 0xa jl near loc_00404fd3 ; jl 0x404fd3 xor ebx, ebx mov dword [ref_0048a3cc], ebx ; mov dword [0x48a3cc], ebx mov eax, dword [ref_0046cb3c] ; mov eax, dword [0x46cb3c] add eax, 2 movsx edx, byte [ref_0048a40d] ; movsx edx, byte [0x48a40d] cmp edx, eax jne short loc_00405d0d ; jne 0x405d0d mov esi, dword [ref_0048a3c4] ; mov esi, dword [0x48a3c4] push esi push ebp call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] push ebx push 0x32 mov edi, dword [_callbackSize] ; mov edi, dword [0x46cad8] push edi push ebp call dword [cs:__imp__SetTimer@16] ; ucall: call dword cs:[0x462324] mov dword [ref_0048a3c4], eax ; mov dword [0x48a3c4], eax mov dword [ref_0048a3ac], 2 ; mov dword [0x48a3ac], 2 push ebx push ref_0046ccd0 ; push 0x46ccd0 jmp near loc_004054cb ; jmp 0x4054cb loc_00405d0d: xor esi, esi jmp short loc_00405d17 ; jmp 0x405d17 loc_00405d11: inc ebx cmp ebx, 0xc jge short loc_00405d27 ; jge 0x405d27 loc_00405d17: cmp byte [ebx + ref_004990f4], 0 ; cmp byte [ebx + 0x4990f4], 0 jne short loc_00405d11 ; jne 0x405d11 mov byte [esp + esi + 0x60], bl inc esi jmp short loc_00405d11 ; jmp 0x405d11 loc_00405d27: call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv esi xor ebx, ebx mov bl, byte [esp + edx + 0x60] mov byte [ebx + ref_004990f4], 1 ; mov byte [ebx + 0x4990f4], 1 push ebx movsx eax, byte [ref_0048a40d] ; movsx eax, byte [0x48a40d] push eax call fcn_00404d0a ; call 0x404d0a add esp, 8 push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 push 0xffffffffffffffff call fcn_0040423c ; call 0x40423c add esp, 4 mov bl, byte [ref_0048a40d] ; mov bl, byte [0x48a40d] movsx edx, bl mov eax, edx shl eax, 2 sub eax, edx or byte [eax*4 + ref_0048a35f], 0x80 ; or byte [eax*4 + 0x48a35f], 0x80 inc bl mov byte [ref_0048a40d], bl ; mov byte [0x48a40d], bl jmp near loc_00404fd3 ; jmp 0x404fd3 loc_00405d8f: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push ecx push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a3c8] ; mov eax, dword [0x48a3c8] push eax mov edx, dword [ref_0048a354] ; mov edx, dword [0x48a354] push edx mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456180 ; call 0x456180 add esp, 0xc push 0xa push 4 mov ebx, dword [ref_0048a3a4] ; mov ebx, dword [0x48a3a4] push ebx mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0xa push 0x1bd mov edi, dword [ref_0048a3a0] ; mov edi, dword [0x48a3a0] push edi mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 xor ebx, ebx loc_00405df8: mov eax, dword [ref_0046cb3c] ; mov eax, dword [0x46cb3c] add eax, 2 cmp ebx, eax jge near loc_00405e7c ; jge 0x405e7c mov esi, ebx shl esi, 2 sub esi, ebx shl esi, 2 cmp dword [esi + ref_0048a364], 0 ; cmp dword [esi + 0x48a364], 0 je short loc_00405e76 ; je 0x405e76 push 0x1b8 mov eax, dword [ref_0046cb3c] ; mov eax, dword [0x46cb3c] shl eax, 4 mov edx, ebx mov ecx, dword [eax + edx*4 + ref_0046cb58] ; mov ecx, dword [eax + edx*4 + 0x46cb58] push ecx mov edi, dword [esi + ref_0048a360] ; mov edi, dword [esi + 0x48a360] push edi mov eax, dword [esi + ref_0048a364] ; mov eax, dword [esi + 0x48a364] push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045663e ; call 0x45663e add esp, 0x14 mov eax, dword [esi + ref_0048a364] ; mov eax, dword [esi + 0x48a364] mov eax, dword [eax + 4] dec eax mov ecx, dword [esi + ref_0048a360] ; mov ecx, dword [esi + 0x48a360] cmp eax, ecx jle short loc_00405e6e ; jle 0x405e6e lea eax, [ecx + 1] mov dword [esi + ref_0048a360], eax ; mov dword [esi + 0x48a360], eax jmp short loc_00405e76 ; jmp 0x405e76 loc_00405e6e: xor edi, edi mov dword [esi + ref_0048a360], edi ; mov dword [esi + 0x48a360], edi loc_00405e76: inc ebx jmp near loc_00405df8 ; jmp 0x405df8 loc_00405e7c: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 push ref_0046cadc ; push 0x46cadc mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx push 0 push 0 push eax call dword [edx + 0x1c] ; ucall push 0 push ebp call dword [cs:__imp__ValidateRect@8] ; ucall: call dword cs:[0x462340] jmp near loc_00404fdf ; jmp 0x404fdf loc_00405eb8: cmp ecx, 2 jne near loc_00404fdf ; jne 0x404fdf cmp eax, 0x113 jb short loc_00405ef2 ; jb 0x405ef2 jbe short loc_00405f04 ; jbe 0x405f04 cmp eax, 0x202 jb short loc_00405ee2 ; jb 0x405ee2 jbe near loc_00405f6a ; jbe 0x405f6a cmp eax, 0x205 loc_00405edc: je near loc_00405f6a ; je 0x405f6a loc_00405ee2: push ebx push edx push eax push ebp call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_00404fe1 ; jmp 0x404fe1 loc_00405ef2: cmp eax, 0xf jb short loc_00405ee2 ; jb 0x405ee2 jbe near loc_00405f80 ; jbe 0x405f80 cmp eax, 0x100 jmp short loc_00405edc ; jmp 0x405edc loc_00405f04: cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je near loc_00404fdf ; je 0x404fdf cmp edx, dword [_callbackSize] ; cmp edx, dword [0x46cad8] jne near loc_00404fdf ; jne 0x404fdf add dword [ref_0048a3fc], ecx ; add dword [0x48a3fc], ecx mov ecx, dword [ref_0048a400] ; mov ecx, dword [0x48a400] cmp ecx, 0x1e jge short loc_00405f37 ; jge 0x405f37 lea ebx, [ecx + 1] mov dword [ref_0048a400], ebx ; mov dword [0x48a400], ebx loc_00405f37: mov eax, dword [ref_0048a3fc] ; mov eax, dword [0x48a3fc] sub dword [ref_0048a3e4], eax ; sub dword [0x48a3e4], eax add dword [ref_0048a3e8], eax ; add dword [0x48a3e8], eax mov eax, dword [ref_0048a400] ; mov eax, dword [0x48a400] add dword [ref_0048a3ec], eax ; add dword [0x48a3ec], eax add dword [ref_0048a3f0], eax ; add dword [0x48a3f0], eax add dword [ref_0048a3f4], eax ; add dword [0x48a3f4], eax add dword [ref_0048a3f8], eax ; add dword [0x48a3f8], eax jmp near loc_00404fd3 ; jmp 0x404fd3 loc_00405f6a: mov edi, dword [ref_0048a3c4] ; mov edi, dword [0x48a3c4] push edi push ebp call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] push 1 jmp near loc_00405af7 ; jmp 0x405af7 loc_00405f80: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a3c8] ; mov eax, dword [0x48a3c8] push eax mov edx, dword [ref_0048a358] ; mov edx, dword [0x48a358] push edx mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456180 ; call 0x456180 add esp, 0xc cmp dword [ref_0048a3cc], 0 ; cmp dword [0x48a3cc], 0 jne short loc_00405fde ; jne 0x405fde mov esi, dword [ref_0048a3e4] ; mov esi, dword [0x48a3e4] push esi push 4 mov edi, dword [ref_0048a3a4] ; mov edi, dword [0x48a3a4] push edi mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov dword [ref_0048a3cc], eax ; mov dword [0x48a3cc], eax loc_00405fde: cmp dword [ref_0048a3d0], 0 ; cmp dword [0x48a3d0], 0 jne short loc_0040600b ; jne 0x40600b push 0xa mov ecx, dword [ref_0048a3e8] ; mov ecx, dword [0x48a3e8] push ecx mov ebx, dword [ref_0048a3a0] ; mov ebx, dword [0x48a3a0] push ebx mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov dword [ref_0048a3d0], eax ; mov dword [0x48a3d0], eax loc_0040600b: xor ebx, ebx loc_0040600d: mov eax, dword [ref_0046cb3c] ; mov eax, dword [0x46cb3c] add eax, 2 cmp ebx, eax jge near loc_00406091 ; jge 0x406091 mov edi, ebx shl edi, 2 cmp dword [edi + ref_0048a3d4], 0 ; cmp dword [edi + 0x48a3d4], 0 jne short loc_0040608b ; jne 0x40608b push 0x1b8 mov esi, dword [edi + ref_0048a3ec] ; mov esi, dword [edi + 0x48a3ec] push esi mov esi, ebx shl esi, 2 sub esi, ebx shl esi, 2 mov eax, dword [esi + ref_0048a360] ; mov eax, dword [esi + 0x48a360] push eax mov edx, dword [esi + ref_0048a364] ; mov edx, dword [esi + 0x48a364] push edx mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_0045663e ; call 0x45663e add esp, 0x14 mov dword [edi + ref_0048a3d4], eax ; mov dword [edi + 0x48a3d4], eax mov eax, dword [esi + ref_0048a364] ; mov eax, dword [esi + 0x48a364] mov eax, dword [eax + 4] dec eax mov edi, dword [esi + ref_0048a360] ; mov edi, dword [esi + 0x48a360] cmp eax, edi jle short loc_00406083 ; jle 0x406083 lea edx, [edi + 1] mov dword [esi + ref_0048a360], edx ; mov dword [esi + 0x48a360], edx jmp short loc_0040608b ; jmp 0x40608b loc_00406083: xor eax, eax mov dword [esi + ref_0048a360], eax ; mov dword [esi + 0x48a360], eax loc_0040608b: inc ebx jmp near loc_0040600d ; jmp 0x40600d loc_00406091: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 push ref_0046cadc ; push 0x46cadc mov edi, dword [ref_0048a0e0] ; mov edi, dword [0x48a0e0] push edi push 0 push 0 push eax call dword [edx + 0x1c] ; ucall push 0 push ebp call dword [cs:__imp__ValidateRect@8] ; ucall: call dword cs:[0x462340] mov eax, dword [ref_0046cb3c] ; mov eax, dword [0x46cb3c] cmp dword [eax*4 + ref_0048a3d8], 0 ; cmp dword [eax*4 + 0x48a3d8], 0 je near loc_00404fdf ; je 0x404fdf push 0 push 0 push 0x100 jmp near loc_00405156 ; jmp 0x405156 fcn_004060e9: push ebx push esi push edi push ebp sub esp, 0x60 mov esi, dword [esp + 0x74] mov eax, dword [esp + 0x78] mov edx, dword [esp + 0x80] cmp eax, 0x201 jb short loc_00406135 ; jb 0x406135 jbe near loc_004067f2 ; jbe 0x4067f2 cmp eax, 0x205 jb short loc_00406125 ; jb 0x406125 jbe near loc_00406969 ; jbe 0x406969 cmp eax, 0x401 je short loc_00406160 ; je 0x406160 jmp near loc_00406afd ; jmp 0x406afd loc_00406125: cmp eax, 0x202 je near loc_0040697f ; je 0x40697f jmp near loc_00406afd ; jmp 0x406afd loc_00406135: cmp eax, 0x113 jb short loc_00406152 ; jb 0x406152 jbe near loc_0040622c ; jbe 0x40622c cmp eax, 0x200 je near loc_00406589 ; je 0x406589 jmp near loc_00406afd ; jmp 0x406afd loc_00406152: cmp eax, 0xf je near loc_004069b3 ; je 0x4069b3 jmp near loc_00406afd ; jmp 0x406afd loc_00406160: xor edx, edx mov dword [ref_0048a415], edx ; mov dword [0x48a415], edx xor ecx, ecx mov dword [ref_0048a419], edx ; mov dword [0x48a419], edx xor ebx, ebx mov dword [ref_0048a41d], edx ; mov dword [0x48a41d], edx xor ah, ah mov byte [ref_0048a436], ah ; mov byte [0x48a436], ah xor dl, dl mov byte [ref_0048a437], dl ; mov byte [0x48a437], dl xor dh, dh mov byte [ref_0048a438], dh ; mov byte [0x48a438], dh xor bl, cl mov byte [ref_0048a439], bl ; mov byte [0x48a439], bl xor bh, ch mov byte [ref_0048a43a], bh ; mov byte [0x48a43a], bh mov dword [ref_0048a421], 0xffffffb0 ; mov dword [0x48a421], 0xffffffb0 mov dword [ref_0048a425], 0x1e ; mov dword [0x48a425], 0x1e cmp word [ref_004991b6], 0 ; cmp word [0x4991b6], 0 je short loc_004061d4 ; je 0x4061d4 mov dword [ref_0048a42d], 0x14 ; mov dword [0x48a42d], 0x14 mov dword [ref_0048a431], 0xf ; mov dword [0x48a431], 0xf jmp short loc_004061e8 ; jmp 0x4061e8 loc_004061d4: mov dword [ref_0048a42d], 0xf ; mov dword [0x48a42d], 0xf mov dword [ref_0048a431], 0xa ; mov dword [0x48a431], 0xa loc_004061e8: mov eax, dword [ref_0048a3bc] ; mov eax, dword [0x48a3bc] mov eax, dword [eax + 4] sub eax, 4 sar eax, 1 mov dword [ref_0048a429], eax ; mov dword [0x48a429], eax mov edi, dword [ref_00499104] ; mov edi, dword [0x499104] cmp edi, 1 setne al mov byte [ref_0048a435], al ; mov byte [0x48a435], al push 0 push 0x32 mov ebp, dword [_callbackSize] ; mov ebp, dword [0x46cad8] push ebp push esi call dword [cs:__imp__SetTimer@16] ; ucall: call dword cs:[0x462324] mov dword [ref_0048a411], eax ; mov dword [0x48a411], eax loc_00406223: push 0 push 0 jmp near loc_00406724 ; jmp 0x406724 loc_0040622c: cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je near loc_0040672c ; je 0x40672c mov eax, dword [esp + 0x7c] cmp eax, dword [_callbackSize] ; cmp eax, dword [0x46cad8] jne near loc_0040672c ; jne 0x40672c cmp byte [ref_0048a43a], 2 ; cmp byte [0x48a43a], 2 jne short loc_0040627a ; jne 0x40627a mov cl, byte [ref_0048a43b] ; mov cl, byte [0x48a43b] dec cl mov byte [ref_0048a43b], cl ; mov byte [0x48a43b], cl jne short loc_0040627a ; jne 0x40627a mov byte [ref_0048a43a], 1 ; mov byte [0x48a43a], 1 push 0 push 0 push 0x202 push esi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] loc_0040627a: mov ebx, dword [ref_0048a415] ; mov ebx, dword [0x48a415] add ebx, 4 mov dword [ref_0048a415], ebx ; mov dword [0x48a415], ebx cmp ebx, 0x500 jl short loc_00406299 ; jl 0x406299 xor ebp, ebp mov dword [ref_0048a415], ebp ; mov dword [0x48a415], ebp loc_00406299: cmp dword [ref_0048a41d], 0 ; cmp dword [0x48a41d], 0 jne short loc_004062e5 ; jne 0x4062e5 call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 0x168 sar edx, 0x1f idiv ecx add edx, 0x64 mov dword [ref_0048a41d], edx ; mov dword [0x48a41d], edx mov dl, byte [ref_0048a436] ; mov dl, byte [0x48a436] xor dl, 1 mov byte [ref_0048a436], dl ; mov byte [0x48a436], dl jne short loc_004062d9 ; jne 0x4062d9 mov dword [ref_0048a419], 0xffffff9c ; mov dword [0x48a419], 0xffffff9c jmp short loc_0040632a ; jmp 0x40632a loc_004062d9: mov dword [ref_0048a419], 0x2e4 ; mov dword [0x48a419], 0x2e4 jmp short loc_0040632a ; jmp 0x40632a loc_004062e5: cmp byte [ref_0048a436], 0 ; cmp byte [0x48a436], 0 jne short loc_0040630e ; jne 0x40630e mov edi, dword [ref_0048a419] ; mov edi, dword [0x48a419] add edi, 0xa mov dword [ref_0048a419], edi ; mov dword [0x48a419], edi cmp edi, 0x2e4 jl short loc_0040632a ; jl 0x40632a xor eax, eax mov dword [ref_0048a41d], eax ; mov dword [0x48a41d], eax jmp short loc_0040632a ; jmp 0x40632a loc_0040630e: mov edx, dword [ref_0048a419] ; mov edx, dword [0x48a419] sub edx, 0xa mov dword [ref_0048a419], edx ; mov dword [0x48a419], edx cmp edx, 0xffffff9c jg short loc_0040632a ; jg 0x40632a xor ebx, ebx mov dword [ref_0048a41d], ebx ; mov dword [0x48a41d], ebx loc_0040632a: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ebx, dword [ref_0048a415] ; mov ebx, dword [0x48a415] push ebx mov edi, dword [ref_0048a354] ; mov edi, dword [0x48a354] push edi mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456180 ; call 0x456180 add esp, 0xc mov bl, byte [ref_0048a437] ; mov bl, byte [0x48a437] inc bl mov byte [ref_0048a437], bl ; mov byte [0x48a437], bl xor eax, eax mov al, bl cmp eax, dword [ref_0048a429] ; cmp eax, dword [0x48a429] jne short loc_0040637f ; jne 0x40637f xor bh, bh mov byte [ref_0048a437], bh ; mov byte [0x48a437], bh loc_0040637f: mov al, byte [ref_0048a436] ; mov al, byte [0x48a436] xor al, 1 and eax, 0xff mov edx, dword [ref_0048a429] ; mov edx, dword [0x48a429] imul edx, eax xor eax, eax mov al, byte [ref_0048a437] ; mov al, byte [0x48a437] add eax, edx lea ebx, [eax + 5] cmp byte [ref_0048a436], 0 ; cmp byte [0x48a436], 0 je short loc_004063b3 ; je 0x4063b3 mov eax, dword [ref_0048a419] ; mov eax, dword [0x48a419] add eax, 0x5a jmp short loc_004063bb ; jmp 0x4063bb loc_004063b3: mov eax, dword [ref_0048a419] ; mov eax, dword [0x48a419] sub eax, 0x5a loc_004063bb: mov ecx, dword [ref_0048a41d] ; mov ecx, dword [0x48a41d] push ecx push eax push ebx mov ebx, dword [ref_0048a3bc] ; mov ebx, dword [0x48a3bc] push ebx mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_0045663e ; call 0x45663e add esp, 0x14 mov ch, byte [ref_0048a438] ; mov ch, byte [0x48a438] inc ch mov byte [ref_0048a438], ch ; mov byte [0x48a438], ch cmp ch, 6 jne short loc_004063f5 ; jne 0x4063f5 xor ah, ah mov byte [ref_0048a438], ah ; mov byte [0x48a438], ah loc_004063f5: cmp byte [ref_0048a436], 0 ; cmp byte [0x48a436], 0 je short loc_00406408 ; je 0x406408 mov eax, dword [ref_0048a419] ; mov eax, dword [0x48a419] sub eax, 0x5a jmp short loc_00406410 ; jmp 0x406410 loc_00406408: mov eax, dword [ref_0048a419] ; mov eax, dword [0x48a419] add eax, 0x5a loc_00406410: mov ebp, dword [ref_0048a41d] ; mov ebp, dword [0x48a41d] push ebp push eax xor edx, edx mov dl, byte [ref_0048a436] ; mov dl, byte [0x48a436] mov eax, edx shl eax, 2 sub eax, edx lea edx, [eax + eax] xor eax, eax mov al, byte [ref_0048a438] ; mov al, byte [0x48a438] mov al, byte [edx + eax + ref_0046ccc4] ; mov al, byte [edx + eax + 0x46ccc4] and eax, 0xff push eax mov eax, dword [ref_0048a38c] ; mov eax, dword [0x48a38c] push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045663e ; call 0x45663e add esp, 0x14 cmp byte [ref_0048a435], 0 ; cmp byte [0x48a435], 0 jne near loc_00406541 ; jne 0x406541 mov ecx, dword [ref_0048a421] ; mov ecx, dword [0x48a421] cmp ecx, 0x168 jge short loc_004064a1 ; jge 0x4064a1 mov eax, dword [ref_0048a425] ; mov eax, dword [0x48a425] lea ebx, [ecx + eax] mov dword [ref_0048a421], ebx ; mov dword [0x48a421], ebx lea edi, [eax - 1] mov dword [ref_0048a425], edi ; mov dword [0x48a425], edi cmp ebx, 0x168 jle short loc_004064a1 ; jle 0x4064a1 mov dword [ref_0048a421], 0x168 ; mov dword [0x48a421], 0x168 push 1 call fcn_00402460 ; call 0x402460 add esp, 4 loc_004064a1: mov edx, dword [ref_0048a421] ; mov edx, dword [0x48a421] push edx push 0x140 mov ecx, dword [ref_0048a3b8] ; mov ecx, dword [0x48a3b8] mov edx, dword [ref_0048a42d] ; mov edx, dword [0x48a42d] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 lea eax, [ecx + 0xc] add eax, edx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov bl, byte [ref_0048a439] ; mov bl, byte [0x48a439] test bl, bl je near loc_00406574 ; je 0x406574 xor edx, edx mov dl, bl cmp byte [edx + ref_004990ef], 0 ; cmp byte [edx + 0x4990ef], 0 jne near loc_00406574 ; jne 0x406574 lea ebx, [edx - 1] mov eax, ebx shl eax, 2 add eax, ebx shl eax, 3 add eax, 0x12c push eax push 0x140 mov ebx, dword [ref_0048a431] ; mov ebx, dword [0x48a431] add edx, ebx mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048a3b8] ; mov eax, dword [0x48a3b8] add eax, 0xc add eax, edx push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 jmp short loc_00406574 ; jmp 0x406574 loc_00406541: push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x30 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0xf0 push 0x140 push ref_00463176 ; push 0x463176 push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 loc_00406574: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall jmp near loc_00406223 ; jmp 0x406223 loc_00406589: cmp byte [ref_0048a435], 0 ; cmp byte [0x48a435], 0 jne near loc_0040672c ; jne 0x40672c mov edi, dword [ref_0048a421] ; mov edi, dword [0x48a421] cmp edi, 0x168 jne near loc_0040672c ; jne 0x40672c xor eax, eax mov ax, dx shr edx, 0x10 and edx, 0xffff and edx, 0xffff cmp eax, 0xc8 jle near loc_00406736 ; jle 0x406736 cmp eax, 0x1b8 jge near loc_00406736 ; jge 0x406736 cmp edx, 0x118 jle near loc_00406736 ; jle 0x406736 cmp edx, 0x1b8 jge near loc_00406736 ; jge 0x406736 sub edx, 0x118 mov ecx, 0x28 mov eax, edx sar edx, 0x1f idiv ecx lea ebx, [eax + 1] xor eax, eax mov al, byte [ref_0048a439] ; mov al, byte [0x48a439] cmp ebx, eax je near loc_0040672c ; je 0x40672c mov ecx, dword [ref_0048a3b8] ; mov ecx, dword [0x48a3b8] mov edx, dword [ref_0048a42d] ; mov edx, dword [0x48a42d] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 add eax, ecx movsx edx, word [eax + 0x10] mov ecx, 0x140 sub ecx, edx mov dword [esp + 0x50], ecx movsx edx, word [eax + 0xc] add ecx, edx mov dword [esp + 0x58], ecx movsx edx, word [eax + 0x12] mov ecx, edi sub ecx, edx mov dword [esp + 0x54], ecx movsx eax, word [eax + 0xe] lea edx, [ecx + eax] mov dword [esp + 0x5c], edx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall cmp byte [ref_0048a439], 0 ; cmp byte [0x48a439], 0 je short loc_004066a5 ; je 0x4066a5 push edi push 0x140 mov ecx, dword [ref_0048a3b8] ; mov ecx, dword [0x48a3b8] mov edx, dword [ref_0048a42d] ; mov edx, dword [0x48a42d] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 add ecx, 0xc add eax, ecx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 loc_004066a5: mov byte [ref_0048a439], bl ; mov byte [0x48a439], bl cmp byte [ebx + ref_004990ef], 0 ; cmp byte [ebx + 0x4990ef], 0 jne short loc_0040670d ; jne 0x40670d xor eax, eax mov al, bl lea edx, [eax - 1] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 add eax, 0x12c push eax push 0x140 mov edx, dword [ref_0048a431] ; mov edx, dword [0x48a431] add edx, ebx mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048a3b8] ; mov eax, dword [0x48a3b8] add eax, 0xc add eax, edx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0 push ref_0048231a ; push 0x48231a call fcn_004542ce ; call 0x4542ce add esp, 8 loc_0040670d: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall loc_0040671d: push 0 lea eax, [esp + 0x54] push eax loc_00406724: push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_0040672c: xor eax, eax loc_0040672e: add esp, 0x60 jmp near loc_00404fe4 ; jmp 0x404fe4 loc_00406736: cmp byte [ref_0048a439], 0 ; cmp byte [0x48a439], 0 je short loc_0040672c ; je 0x40672c mov ecx, dword [ref_0048a3b8] ; mov ecx, dword [0x48a3b8] mov edx, dword [ref_0048a42d] ; mov edx, dword [0x48a42d] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 add eax, ecx movsx edx, word [eax + 0x10] mov ecx, 0x140 sub ecx, edx mov dword [esp + 0x50], ecx movsx edx, word [eax + 0xc] add ecx, edx mov dword [esp + 0x58], ecx movsx edx, word [eax + 0x12] mov ecx, 0x168 sub ecx, edx mov dword [esp + 0x54], ecx movsx eax, word [eax + 0xe] lea edx, [ecx + eax] mov dword [esp + 0x5c], edx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x168 push 0x140 mov ecx, dword [ref_0048a3b8] ; mov ecx, dword [0x48a3b8] mov edx, dword [ref_0048a42d] ; mov edx, dword [0x48a42d] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 lea edx, [ecx + 0xc] add eax, edx push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall xor ah, ah mov byte [ref_0048a439], ah ; mov byte [0x48a439], ah jmp near loc_0040671d ; jmp 0x40671d loc_004067f2: cmp byte [ref_0048a435], 0 ; cmp byte [0x48a435], 0 jne near loc_0040695d ; jne 0x40695d cmp dword [ref_0048a421], 0x168 ; cmp dword [0x48a421], 0x168 jne near loc_0040672c ; jne 0x40672c mov dh, byte [ref_0048a439] ; mov dh, byte [0x48a439] test dh, dh je near loc_0040672c ; je 0x40672c xor eax, eax mov al, dh cmp byte [eax + ref_004990ef], 0 ; cmp byte [eax + 0x4990ef], 0 jne near loc_0040672c ; jne 0x40672c push 0 push ref_0048232a ; push 0x48232a call fcn_004542ce ; call 0x4542ce add esp, 8 mov edx, dword [ref_0048a3b8] ; mov edx, dword [0x48a3b8] mov ecx, dword [ref_0048a42d] ; mov ecx, dword [0x48a42d] mov eax, ecx shl eax, 2 sub eax, ecx movsx ecx, word [edx + eax*4 + 0x10] mov ebx, 0x140 sub ebx, ecx mov dword [esp + 0x50], ebx movsx ecx, word [edx + eax*4 + 0xc] add ebx, ecx mov dword [esp + 0x58], ebx movsx ecx, word [edx + eax*4 + 0x12] mov ebx, 0x168 sub ebx, ecx mov dword [esp + 0x54], ebx movsx eax, word [edx + eax*4 + 0xe] lea ecx, [ebx + eax] mov dword [esp + 0x5c], ecx push 8 push 0xd6 lea eax, [edx + 0x6c] push eax xor eax, eax mov al, byte [ref_0048a439] ; mov al, byte [0x48a439] mov ebx, dword [ref_0048a431] ; mov ebx, dword [0x48a431] add ebx, eax mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 add edx, 0xc add eax, edx push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall xor edx, edx mov dl, byte [ref_0048a439] ; mov dl, byte [0x48a439] lea ebx, [edx - 1] mov eax, ebx shl eax, 2 add eax, ebx shl eax, 3 add eax, 0x12c push eax push 0x140 mov ecx, dword [ref_0048a431] ; mov ecx, dword [0x48a431] add edx, ecx mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048a3b8] ; mov eax, dword [0x48a3b8] add eax, 0xc add eax, edx push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall xor eax, eax mov al, byte [ref_0048a439] ; mov al, byte [0x48a439] dec eax mov word [ref_004991b8], ax ; mov word [0x4991b8], ax push 0 lea eax, [esp + 0x54] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov byte [ref_0048a43a], 2 ; mov byte [0x48a43a], 2 mov byte [ref_0048a43b], 0xa ; mov byte [0x48a43b], 0xa jmp near loc_0040672c ; jmp 0x40672c loc_0040695d: mov byte [ref_0048a43a], 1 ; mov byte [0x48a43a], 1 jmp near loc_0040672c ; jmp 0x40672c loc_00406969: cmp byte [ref_0048a435], 0 ; cmp byte [0x48a435], 0 je near loc_0040672c ; je 0x40672c mov byte [ref_0048a43a], 1 ; mov byte [0x48a43a], 1 jmp short loc_0040698c ; jmp 0x40698c loc_0040697f: cmp byte [ref_0048a43a], 1 ; cmp byte [0x48a43a], 1 jne near loc_0040672c ; jne 0x40672c loc_0040698c: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov eax, dword [ref_0048a411] ; mov eax, dword [0x48a411] push eax push esi call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] push 0 call _Post_0402_Message ; call 0x401966 add esp, 4 jmp near loc_0040672c ; jmp 0x40672c loc_004069b3: mov eax, esp push eax push esi call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] cmp dword [esp + 0xc], 0 jne near loc_00406ab0 ; jne 0x406ab0 cmp dword [esp + 0x14], 0x1e0 jne near loc_00406ab0 ; jne 0x406ab0 cmp byte [ref_0048a435], 0 ; cmp byte [0x48a435], 0 jne near loc_00406ab0 ; jne 0x406ab0 lea eax, [esp + 0x50] push eax call fcn_004024c0 ; call 0x4024c0 add esp, 4 xor ebp, ebp mov dword [esp + 0x40], ebp mov dword [esp + 0x48], 0x280 mov edx, dword [esp + 0x54] test edx, edx jle short loc_00406a30 ; jle 0x406a30 mov dword [esp + 0x44], ebp mov dword [esp + 0x4c], edx mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov eax, dword [eax] push 0x10 lea edx, [esp + 0x44] push edx mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] push ebx push ebp push ebp mov edx, dword [ref_0048a0dc] ; mov edx, dword [0x48a0dc] push edx call dword [eax + 0x1c] ; ucall loc_00406a30: mov eax, dword [esp + 0x54] mov dword [esp + 0x44], eax mov eax, dword [esp + 0x5c] mov dword [esp + 0x4c], eax push 0 call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0x44] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [esp + 0x50] push ebx mov edi, dword [esp + 0x50] push edi push eax call dword [edx + 0x1c] ; ucall push 0 call fcn_00402250 ; call 0x402250 add esp, 4 mov ebp, dword [esp + 0x5c] cmp ebp, 0x1e0 jge short loc_00406aed ; jge 0x406aed mov dword [esp + 0x44], ebp mov dword [esp + 0x4c], 0x1e0 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0x44] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx push ebp mov edi, dword [esp + 0x50] push edi push eax call dword [edx + 0x1c] ; ucall jmp short loc_00406aed ; jmp 0x406aed loc_00406ab0: lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0xc] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [esp + 0x18] push ebx mov edi, dword [esp + 0x18] push edi push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 loc_00406aed: mov eax, esp push eax push esi call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_0040672c ; jmp 0x40672c loc_00406afd: push edx mov ebp, dword [esp + 0x80] push ebp push eax push esi call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_0040672e ; jmp 0x40672e fcn_00406b14: push ebx push esi push edi push ebp sub esp, 0x50 mov ebx, dword [esp + 0x64] mov eax, dword [esp + 0x68] mov edx, dword [esp + 0x6c] cmp eax, 0x113 jb short loc_00406b5d ; jb 0x406b5d jbe near loc_00406c52 ; jbe 0x406c52 cmp eax, 0x205 jb short loc_00406b4d ; jb 0x406b4d jbe near loc_00406d60 ; jbe 0x406d60 cmp eax, 0x401 je short loc_00406b7c ; je 0x406b7c jmp near loc_00406dd3 ; jmp 0x406dd3 loc_00406b4d: cmp eax, 0x202 je near loc_00406d50 ; je 0x406d50 jmp near loc_00406dd3 ; jmp 0x406dd3 loc_00406b5d: cmp eax, 0xf jb near loc_00406dd3 ; jb 0x406dd3 jbe near loc_00406d95 ; jbe 0x406d95 cmp eax, 0x101 je near loc_00406d40 ; je 0x406d40 jmp near loc_00406dd3 ; jmp 0x406dd3 loc_00406b7c: mov dword [ref_0048a440], 0xa ; mov dword [0x48a440], 0xa xor ecx, ecx mov dword [ref_0048a444], ecx ; mov dword [0x48a444], ecx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push ecx push 1 push ref_0048a068 ; push 0x48a068 push ecx push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax push 0x1e0 push 0x280 push 0 push 0 push 0 push ref_0046caec ; push 0x46caec call fcn_00451a97 ; call 0x451a97 add esp, 0x18 mov dword [ref_0048a448], eax ; mov dword [0x48a448], eax push 0x78 push 0x140 mov eax, dword [ref_0048a3a8] ; mov eax, dword [0x48a3a8] add eax, 0xc push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x15e push 0x140 mov eax, dword [ref_0048a3a8] ; mov eax, dword [0x48a3a8] add eax, 0x84 push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push 0x3e8 mov ebp, dword [_callbackSize] ; mov ebp, dword [0x46cad8] push ebp push ebx call dword [cs:__imp__SetTimer@16] ; ucall: call dword cs:[0x462324] mov dword [ref_0048a43c], eax ; mov dword [0x48a43c], eax push 0 push 0 loc_00406c40: push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_00406c48: xor eax, eax loc_00406c4a: add esp, 0x50 jmp near loc_00404fe4 ; jmp 0x404fe4 loc_00406c52: cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je short loc_00406c48 ; je 0x406c48 cmp edx, dword [_callbackSize] ; cmp edx, dword [0x46cad8] jne short loc_00406c48 ; jne 0x406c48 mov edi, dword [ref_0048a440] ; mov edi, dword [0x48a440] dec edi mov dword [ref_0048a440], edi ; mov dword [0x48a440], edi je near loc_00406d2c ; je 0x406d2c mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x64 push 0x50 push 0x12c push 0x118 push 0x12c push 0x118 mov eax, dword [ref_0048a448] ; mov eax, dword [0x48a448] push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x15e push 0x140 mov ecx, dword [ref_0048a3a8] ; mov ecx, dword [0x48a3a8] mov edx, dword [ref_0048a440] ; mov edx, dword [0x48a440] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 lea eax, [ecx + 0xc] add eax, edx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov dword [esp + 0x40], 0x118 mov dword [esp + 0x48], 0x168 mov dword [esp + 0x44], 0x12c mov dword [esp + 0x4c], 0x190 push 0 lea eax, [esp + 0x44] push eax jmp near loc_00406c40 ; jmp 0x406c40 loc_00406d2c: push edi push edi loc_00406d2e: push 0x205 push ebx call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] jmp near loc_00406c48 ; jmp 0x406c48 loc_00406d40: xor eax, eax mov ax, word [ref_00497178] ; mov ax, word [0x497178] cmp edx, eax jne near loc_00406c48 ; jne 0x406c48 loc_00406d50: mov dword [ref_0048a444], 1 ; mov dword [0x48a444], 1 push 0 push 0 jmp short loc_00406d2e ; jmp 0x406d2e loc_00406d60: mov eax, dword [ref_0048a43c] ; mov eax, dword [0x48a43c] push eax push ebx call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] push 0 push 0 mov edx, dword [ref_0048a448] ; mov edx, dword [0x48a448] push edx call fcn_00451edb ; call 0x451edb add esp, 0xc mov ecx, dword [ref_0048a444] ; mov ecx, dword [0x48a444] push ecx call _Post_0402_Message ; call 0x401966 add esp, 4 jmp near loc_00406c48 ; jmp 0x406c48 loc_00406d95: mov eax, esp push eax push ebx call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0xc] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov esi, dword [esp + 0x18] push esi mov edi, dword [esp + 0x18] push edi push eax call dword [edx + 0x1c] ; ucall mov eax, esp push eax push ebx call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_00406c48 ; jmp 0x406c48 loc_00406dd3: mov ebp, dword [esp + 0x70] push ebp push edx push eax push ebx call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_00406c4a ; jmp 0x406c4a fcn_00406de7: push ebx push esi push edi push ebp sub esp, 0x10 push ref_0046ccd0 ; push 0x46ccd0 call fcn_00454176 ; call 0x454176 add esp, 4 push 0x96000 call fcn_00456f80 ; call 0x456f80 add esp, 4 mov dword [ref_0048a354], eax ; mov dword [0x48a354], eax push 0x96000 call fcn_00456f80 ; call 0x456f80 add esp, 4 mov dword [ref_0048a358], eax ; mov dword [0x48a358], eax push ref_00463187 ; push 0x463187 call fcn_004502fe ; call 0x4502fe add esp, 4 mov dword [ref_0048a3b0], eax ; mov dword [0x48a3b0], eax push 0 mov edx, dword [ref_0048a358] ; mov edx, dword [0x48a358] push edx movsx edx, word [ref_004991b6] ; movsx edx, word [0x4991b6] shl edx, 2 movsx ecx, word [ref_004991b8] ; movsx ecx, word [0x4991b8] add edx, ecx push edx push eax call fcn_00450441 ; call 0x450441 add esp, 0x10 push 0xfffffffffffffff0 push 0x96000 mov ecx, dword [ref_0048a358] ; mov ecx, dword [0x48a358] push ecx mov ebx, dword [ref_0048a354] ; mov ebx, dword [0x48a354] push ebx call fcn_004552b7 ; call 0x4552b7 add esp, 0x10 push 0 push 0 push 0x9b push 0x1b8 call fcn_00451a5a ; call 0x451a5a add esp, 0x10 mov dword [ref_0048a3a4], eax ; mov dword [0x48a3a4], eax push 0 push 0 push 0x1cd push 0xc0 call fcn_00451a5a ; call 0x451a5a add esp, 0x10 mov dword [ref_0048a3a0], eax ; mov dword [0x48a3a0], eax push 0 push 0 push 8 mov esi, dword [ref_0048a3b0] ; mov esi, dword [0x48a3b0] push esi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048a3b8], eax ; mov dword [0x48a3b8], eax push 0 push 0 push 2 mov edi, dword [ref_0048a0e4] ; mov edi, dword [0x48a0e4] push edi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048a3c0], eax ; mov dword [0x48a3c0], eax xor ebp, ebp mov dword [ref_0048a3ac], ebp ; mov dword [0x48a3ac], ebp cmp dword [esp + 0x24], 0 jne short loc_00406f3f ; jne 0x406f3f xor edx, edx mov word [ref_004991b8], dx ; mov word [0x4991b8], dx push 0xc push ebp push ref_004990f4 ; push 0x4990f4 call memset ; call 0x456f60 add esp, 0xc push 0x1c push ebp push ref_0046cb3c ; push 0x46cb3c call memset ; call 0x456f60 add esp, 0xc mov dword [ref_0046cb3c], 2 ; mov dword [0x46cb3c], 2 mov dword [ref_0046cb40], 1 ; mov dword [0x46cb40], 1 push 0x30 push ebp push ref_0048a35c ; push 0x48a35c call memset ; call 0x456f60 add esp, 0xc jmp near loc_00406ff6 ; jmp 0x406ff6 loc_00406f3f: mov eax, dword [_nplayers] ; mov eax, dword [0x499114] sub eax, 2 mov dword [ref_0046cb3c], eax ; mov dword [0x46cb3c], eax xor ebx, ebx mov esi, dword [ref_0049908c] ; mov esi, dword [0x49908c] jmp short loc_00406f5c ; jmp 0x406f5c loc_00406f56: inc ebx cmp ebx, 6 jge short loc_00406f6b ; jge 0x406f6b loc_00406f5c: cmp esi, dword [ebx*4 + ref_0046cb94] ; cmp esi, dword [ebx*4 + 0x46cb94] jne short loc_00406f56 ; jne 0x406f56 mov dword [ref_0046cb40], ebx ; mov dword [0x46cb40], ebx loc_00406f6b: mov eax, dword [ref_00499118] ; mov eax, dword [0x499118] mov dword [ref_0046cb44], eax ; mov dword [0x46cb44], eax mov eax, dword [ref_00499110] ; mov eax, dword [0x499110] mov dword [ref_0046cb48], eax ; mov dword [0x46cb48], eax xor ebx, ebx mov edi, dword [ref_0049911c] ; mov edi, dword [0x49911c] jmp short loc_00406f8f ; jmp 0x406f8f loc_00406f89: inc ebx cmp ebx, 6 jge short loc_00406f9e ; jge 0x406f9e loc_00406f8f: cmp edi, dword [ebx*4 + ref_0046cbe8] ; cmp edi, dword [ebx*4 + 0x46cbe8] jne short loc_00406f89 ; jne 0x406f89 mov dword [ref_0046cb4c], ebx ; mov dword [0x46cb4c], ebx loc_00406f9e: mov edx, dword [ref_00499108] ; mov edx, dword [0x499108] mov eax, edx sar edx, 0x1f mov ebp, dword [ref_0049908c] ; mov ebp, dword [0x49908c] idiv ebp mov edx, eax xor ebx, ebx jmp short loc_00406fbd ; jmp 0x406fbd loc_00406fb7: inc ebx cmp ebx, 6 jge short loc_00406fcc ; jge 0x406fcc loc_00406fbd: cmp edx, dword [ebx*4 + ref_0046cc00] ; cmp edx, dword [ebx*4 + 0x46cc00] jne short loc_00406fb7 ; jne 0x406fb7 mov dword [ref_0046cb50], ebx ; mov dword [0x46cb50], ebx loc_00406fcc: push 0x30 push 0 push ref_0048a35c ; push 0x48a35c call memset ; call 0x456f60 add esp, 0xc xor eax, eax mov al, byte [(_players+19)] ; mov al, byte [0x496b7b] mov byte [eax + ref_004990f4], 1 ; mov byte [eax + 0x4990f4], 1 push eax push 0 call fcn_00404d0a ; call 0x404d0a add esp, 8 loc_00406ff6: movsx eax, word [ref_004991b8] ; movsx eax, word [0x4991b8] mov dword [ref_0046cb54], eax ; mov dword [0x46cb54], eax push 0x85 push 0x29 push 0xf push 0x8a push 0 movsx edx, word [ref_004991b6] ; movsx edx, word [0x4991b6] mov eax, edx shl eax, 2 add eax, edx shl eax, 2 lea edx, [eax + 1] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048a3b8] ; mov eax, dword [0x48a3b8] add eax, 0xc add eax, edx push eax call fcn_00451a97 ; call 0x451a97 add esp, 0x18 mov dword [ref_0048a390], eax ; mov dword [0x48a390], eax push 0x27 push 0x4f push 0xa6 push 0xb push 0 movsx edx, word [ref_004991b6] ; movsx edx, word [0x4991b6] mov eax, edx shl eax, 2 add eax, edx shl eax, 2 lea edx, [eax + 1] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048a3b8] ; mov edx, dword [0x48a3b8] add edx, 0xc add eax, edx push eax call fcn_00451a97 ; call 0x451a97 add esp, 0x18 mov dword [ref_0048a398], eax ; mov dword [0x48a398], eax push 0x27 push 0x4f push 0xa6 push 0x63 push 0 movsx edx, word [ref_004991b6] ; movsx edx, word [0x4991b6] mov eax, edx shl eax, 2 add eax, edx shl eax, 2 lea edx, [eax + 1] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048a3b8] ; mov edx, dword [0x48a3b8] add edx, 0xc add eax, edx push eax call fcn_00451a97 ; call 0x451a97 add esp, 0x18 mov dword [ref_0048a394], eax ; mov dword [0x48a394], eax push 0x18 push 0x17 push 0xd8 push 0x9d push 0 movsx edx, word [ref_004991b6] ; movsx edx, word [0x4991b6] mov eax, edx shl eax, 2 add eax, edx shl eax, 2 lea edx, [eax + 1] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048a3b8] ; mov eax, dword [0x48a3b8] add eax, 0xc add eax, edx push eax call fcn_00451a97 ; call 0x451a97 add esp, 0x18 mov dword [ref_0048a39c], eax ; mov dword [0x48a39c], eax push 0x8001 call fcn_004549cf ; call 0x4549cf add esp, 4 mov ebx, dword [esp + 0x24] push ebx push fcn_00404e44 ; push 0x404e44 call _Wait_0402_Message ; call 0x4018e7 mov ebx, eax add esp, 8 mov dword [esp + 4], eax mov esi, dword [ref_0048a3b0] ; mov esi, dword [0x48a3b0] push esi call fcn_00450404 ; call 0x450404 add esp, 4 cmp ebx, 1 jne near loc_004074c9 ; jne 0x4074c9 mov eax, dword [ref_0046cb3c] ; mov eax, dword [0x46cb3c] add eax, 2 mov dword [_nplayers], eax ; mov dword [0x499114], eax xor edi, edi mov dword [ref_00499104], edi ; mov dword [0x499104], edi mov dword [_current_player], edi ; mov dword [0x49910c], edi mov eax, dword [ref_0046cb40] ; mov eax, dword [0x46cb40] mov eax, dword [eax*4 + ref_0046cb94] ; mov eax, dword [eax*4 + 0x46cb94] mov dword [ref_0049908c], eax ; mov dword [0x49908c], eax push 0x3c push edi push ref_00499120 ; push 0x499120 call memset ; call 0x456f60 add esp, 0xc push 0x3c push edi push ref_0049915c ; push 0x49915c call memset ; call 0x456f60 add esp, 0xc xor ebx, ebx loc_004071a5: mov al, byte [ebx*8 + (_card_table + 4)] ; mov al, byte [ebx*8 + 0x47fdf6] mov byte [ebx + ref_00499198], al ; mov byte [ebx + 0x499198], al inc ebx cmp ebx, 0x1e jl short loc_004071a5 ; jl 0x4071a5 xor ebx, ebx loc_004071ba: mov al, byte [ebx*8 + ref_0047fee6] ; mov al, byte [ebx*8 + 0x47fee6] mov byte [ebx + ref_00497320], al ; mov byte [ebx + 0x497320], al inc ebx cmp ebx, 8 jl short loc_004071ba ; jl 0x4071ba xor ebx, ebx jmp near loc_0040726f ; jmp 0x40726f loc_004071d4: xor eax, eax mov al, byte [esi + (_players+25)] ; mov al, byte [esi + 0x496b81] mov dword [esp + 0xc], eax fild word [esp + 0xc] fild dword [ref_0049908c] ; fild dword [0x49908c] fdiv dword [ref_00463190] ; fdiv dword [0x463190] fmulp st1 ; fmulp st(1) call fcn_00457dbc ; call 0x457dbc fistp dword [esp] mov eax, dword [esp] mov dword [esi + (_players+28)], eax ; mov dword [esi + 0x496b84], eax mov eax, dword [ref_0049908c] ; mov eax, dword [0x49908c] mov edx, dword [esi + (_players+28)] ; mov edx, dword [esi + 0x496b84] sub eax, edx loc_00407210: mov dword [esi + (_players+32)], eax ; mov dword [esi + 0x496b88], eax imul eax, ebx, 0x68 mov dl, byte [ref_0046cb44] ; mov dl, byte [0x46cb44] mov byte [eax + (_players+17)], dl ; mov byte [eax + 0x496b79], dl test dl, dl je short loc_00407236 ; je 0x407236 mov al, dl and eax, 0xff dec byte [eax + ref_00497323] ; dec byte [eax + 0x497323] loc_00407236: mov dl, byte [ref_0046cb44] ; mov dl, byte [0x46cb44] inc dl imul eax, ebx, 0x68 mov byte [eax + (_players+18)], dl ; mov byte [eax + 0x496b7a], dl test byte [eax + (_players+100)], 1 ; test byte [eax + 0x496bcc], 1 je short loc_00407265 ; je 0x407265 inc dword [ref_00499104] ; inc dword [0x499104] jmp short loc_00407265 ; jmp 0x407265 loc_00407258: push 0x68 push 0 push ebp call memset ; call 0x456f60 add esp, 0xc loc_00407265: inc ebx cmp ebx, 4 jge near loc_00407319 ; jge 0x407319 loc_0040726f: imul esi, ebx, 0x68 mov ebp, (_players+0) ; mov ebp, 0x496b68 add ebp, esi cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_00407258 ; jge 0x407258 push 1 push ebx call fcn_00445a4d ; call 0x445a4d add esp, 8 push 2 push ebx call fcn_00445a4d ; call 0x445a4d add esp, 8 push 3 push ebx call fcn_00445a4d ; call 0x445a4d add esp, 8 push 4 push ebx call fcn_00445a4d ; call 0x445a4d add esp, 8 push 8 push ebx call fcn_00445a4d ; call 0x445a4d add esp, 8 push 9 push ebx call fcn_00445a4d ; call 0x445a4d add esp, 8 push 0x68 mov edi, ebx shl edi, 2 sub edi, ebx shl edi, 2 mov eax, dword [edi + ref_0048a35c] ; mov eax, dword [edi + 0x48a35c] and eax, 0xff imul eax, eax, 0x68 add eax, _rich4_players ; add eax, 0x47e80c push eax push ebp call _memcpy ; call 0x456de8 add esp, 0xc mov eax, dword [edi + ref_0048a35c] ; mov eax, dword [edi + 0x48a35c] sar eax, 0x1f and eax, 1 inc eax mov byte [esi + (_players+100)], al ; mov byte [esi + 0x496bcc], al test al, 1 je near loc_004071d4 ; je 0x4071d4 mov eax, dword [ref_0049908c] ; mov eax, dword [0x49908c] sar eax, 1 mov dword [esi + (_players+28)], eax ; mov dword [esi + 0x496b84], eax jmp near loc_00407210 ; jmp 0x407210 loc_00407319: push 0x50 push ref_0047ecec ; push 0x47ecec push ref_00498e28 ; push 0x498e28 call _memcpy ; call 0x456de8 add esp, 0xc push 8 push 0 push ref_00496b30 ; push 0x496b30 call memset ; call 0x456f60 add esp, 0xc push 8 push 0 push ref_00496b60 ; push 0x496b60 call memset ; call 0x456f60 add esp, 0xc mov dh, 1 mov byte [ref_00496b34], dh ; mov byte [0x496b34], dh mov byte [ref_00496b35], dh ; mov byte [0x496b35], dh mov byte [ref_00496b66], dh ; mov byte [0x496b66], dh mov byte [ref_00496b67], dh ; mov byte [0x496b67], dh mov eax, dword [ref_0046cb44] ; mov eax, dword [0x46cb44] mov dword [ref_00499118], eax ; mov dword [0x499118], eax mov eax, dword [ref_0046cb48] ; mov eax, dword [0x46cb48] mov dword [ref_00499110], eax ; mov dword [0x499110], eax mov eax, dword [ref_0046cb4c] ; mov eax, dword [0x46cb4c] mov eax, dword [eax*4 + ref_0046cbe8] ; mov eax, dword [eax*4 + 0x46cbe8] mov dword [ref_0049911c], eax ; mov dword [0x49911c], eax mov eax, dword [ref_0046cb50] ; mov eax, dword [0x46cb50] mov edx, dword [ref_0049908c] ; mov edx, dword [0x49908c] mov eax, dword [eax*4 + ref_0046cc00] ; mov eax, dword [eax*4 + 0x46cc00] imul eax, edx mov dword [ref_00499108], eax ; mov dword [0x499108], eax mov ax, word [ref_0046cb54] ; mov ax, word [0x46cb54] mov word [ref_004991b8], ax ; mov word [0x4991b8], ax mov dword [ref_004990e8], 1 ; mov dword [0x4990e8], 1 xor esi, esi mov dword [ref_004990e4], esi ; mov dword [0x4990e4], esi mov dword [ref_00499084], esi ; mov dword [0x499084], esi mov dword [ref_004990dc], esi ; mov dword [0x4990dc], esi mov dword [ref_004990ec], esi ; mov dword [0x4990ec], esi mov dword [ref_00499100], esi ; mov dword [0x499100], esi xor ebx, ebx jmp short loc_004073e8 ; jmp 0x4073e8 loc_004073e2: inc ebx cmp ebx, 0xc jge short loc_0040740b ; jge 0x40740b loc_004073e8: xor edx, edx loc_004073ea: mov eax, ebx shl eax, 3 lea ecx, [ebx + eax] shl ecx, 6 mov eax, edx xor esi, esi mov dword [ecx + eax*4 + ref_00497328], esi ; mov dword [ecx + eax*4 + 0x497328], esi inc edx cmp edx, 0x90 jl short loc_004073ea ; jl 0x4073ea jmp short loc_004073e2 ; jmp 0x4073e2 loc_0040740b: push 0x1b0 movsx eax, word [ref_004991b6] ; movsx eax, word [0x4991b6] shl eax, 2 movsx edx, word [ref_004991b8] ; movsx edx, word [0x4991b8] add edx, eax mov eax, edx shl eax, 2 sub eax, edx shl eax, 4 mov edx, eax shl eax, 3 add eax, edx add eax, _game_stocks ; add eax, 0x47f072 push eax push (_stocks_on_map+0) ; push 0x496980 call _memcpy ; call 0x456de8 add esp, 0xc xor ebx, ebx mov dword [esp + 8], esi loc_0040744d: mov eax, ebx shl eax, 3 add eax, ebx fld dword [esp + 8] fadd dword [eax*4 + (_stocks_on_map+12)] ; fadd dword [eax*4 + 0x49698c] fstp dword [esp + 8] inc ebx cmp ebx, 0xc jl short loc_0040744d ; jl 0x40744d fld dword [esp + 8] fmul dword [ref_00463194] ; fmul dword [0x463194] call fcn_00457dbc ; call 0x457dbc fistp dword [ref_0049907c] ; fistp dword [0x49907c] push 0x150 push 0 push ref_004967e0 ; push 0x4967e0 call memset ; call 0x456f60 add esp, 0xc push 0x180 push 0 push _player_stocks ; push 0x4971a0 call memset ; call 0x456f60 add esp, 0xc push 0x24 push 0 push ref_004990b8 ; push 0x4990b8 call memset ; call 0x456f60 add esp, 0xc xor ebp, ebp mov dword [ref_00499080], ebp ; mov dword [0x499080], ebp call fcn_00448b81 ; call 0x448b81 call fcn_0044baea ; call 0x44baea loc_004074c9: push ref_0046ccd0 ; push 0x46ccd0 call fcn_00454240 ; call 0x454240 add esp, 4 mov eax, dword [ref_0048a390] ; mov eax, dword [0x48a390] push eax call clib_free ; call 0x456e11 add esp, 4 mov edx, dword [ref_0048a398] ; mov edx, dword [0x48a398] push edx call clib_free ; call 0x456e11 add esp, 4 mov ecx, dword [ref_0048a394] ; mov ecx, dword [0x48a394] push ecx call clib_free ; call 0x456e11 add esp, 4 mov ebx, dword [ref_0048a39c] ; mov ebx, dword [0x48a39c] push ebx call clib_free ; call 0x456e11 add esp, 4 xor ebx, ebx jmp short loc_0040751b ; jmp 0x40751b loc_00407515: inc ebx cmp ebx, 4 jge short loc_0040753a ; jge 0x40753a loc_0040751b: mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 mov esi, dword [eax + ref_0048a364] ; mov esi, dword [eax + 0x48a364] test esi, esi je short loc_00407515 ; je 0x407515 push esi call clib_free ; call 0x456e11 add esp, 4 jmp short loc_00407515 ; jmp 0x407515 loc_0040753a: xor ebx, ebx mov al, 2 jmp short loc_0040754c ; jmp 0x40754c loc_00407540: mov byte [ebx + ref_004990f4], al ; mov byte [ebx + 0x4990f4], al loc_00407546: inc ebx cmp ebx, 0xc jge short loc_0040755f ; jge 0x40755f loc_0040754c: cmp byte [ebx + ref_004990f4], 4 ; cmp byte [ebx + 0x4990f4], 4 je short loc_00407540 ; je 0x407540 xor ah, ah mov byte [ebx + ref_004990f4], ah ; mov byte [ebx + 0x4990f4], ah jmp short loc_00407546 ; jmp 0x407546 loc_0040755f: mov ebp, dword [ref_0048a3a0] ; mov ebp, dword [0x48a3a0] push ebp call clib_free ; call 0x456e11 add esp, 4 mov eax, dword [ref_0048a3a4] ; mov eax, dword [0x48a3a4] push eax call clib_free ; call 0x456e11 add esp, 4 mov edx, dword [ref_0048a3c0] ; mov edx, dword [0x48a3c0] push edx call clib_free ; call 0x456e11 add esp, 4 mov ecx, dword [ref_0048a3b8] ; mov ecx, dword [0x48a3b8] push ecx call clib_free ; call 0x456e11 add esp, 4 mov ebx, dword [ref_0048a358] ; mov ebx, dword [0x48a358] push ebx call clib_free ; call 0x456e11 add esp, 4 mov esi, dword [ref_0048a354] ; mov esi, dword [0x48a354] push esi call clib_free ; call 0x456e11 add esp, 4 mov eax, dword [esp + 4] jmp near loc_004044fc ; jmp 0x4044fc fcn_004075c1: push ebx push esi push edi push ebp sub esp, 0x14 movsx eax, word [ref_004991b8] ; movsx eax, word [0x4991b8] mov byte [eax + ref_004990f0], 1 ; mov byte [eax + 0x4990f0], 1 push ref_00463187 ; push 0x463187 call fcn_004502fe ; call 0x4502fe add esp, 4 mov dword [ref_0048a3b0], eax ; mov dword [0x48a3b0], eax push 0 push 0 movsx edx, word [ref_004991b6] ; movsx edx, word [0x4991b6] shl edx, 2 movsx ecx, word [ref_004991b8] ; movsx ecx, word [0x4991b8] add edx, ecx push edx push eax call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048a354], eax ; mov dword [0x48a354], eax push 0 push 0 push 8 mov edx, dword [ref_0048a3b0] ; mov edx, dword [0x48a3b0] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048a3b8], eax ; mov dword [0x48a3b8], eax mov ecx, dword [ref_0048a3b0] ; mov ecx, dword [0x48a3b0] push ecx call fcn_00450404 ; call 0x450404 add esp, 4 xor ebx, ebx mov esi, dword [_nplayers] ; mov esi, dword [0x499114] loc_0040763f: cmp ebx, esi jge short loc_00407652 ; jge 0x407652 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 jne short loc_00407652 ; jne 0x407652 inc ebx jmp short loc_0040763f ; jmp 0x40763f loc_00407652: imul ebx, ebx, 0x68 movzx ebp, byte [ebx + (_players+19)] ; movzx ebp, byte [ebx + 0x496b7b] push 0 push 0 lea eax, [ebp + 0x64] push eax mov edi, dword [ref_0048a05c] ; mov edi, dword [0x48a05c] push edi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048a3bc], eax ; mov dword [0x48a3bc], eax push 0 push 0 push 0x5d mov eax, dword [ref_0048a05c] ; mov eax, dword [0x48a05c] push eax call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048a38c], eax ; mov dword [0x48a38c], eax cmp word [ref_004991b6], 0 ; cmp word [0x4991b6], 0 je short loc_004076a2 ; je 0x4076a2 mov esi, 0x14 jmp short loc_004076a7 ; jmp 0x4076a7 loc_004076a2: mov esi, 0xf loc_004076a7: xor ebx, ebx xor edi, edi jmp short loc_004076b3 ; jmp 0x4076b3 loc_004076ad: inc ebx cmp ebx, 4 jge short loc_00407726 ; jge 0x407726 loc_004076b3: cmp byte [ebx + ref_004990f0], 0 ; cmp byte [ebx + 0x4990f0], 0 je short loc_004076ad ; je 0x4076ad push 0x16 push 0x20 mov ecx, dword [ref_0048a3b8] ; mov ecx, dword [0x48a3b8] lea eax, [ecx + 0x84] push eax lea eax, [ebx + esi] lea edx, [eax - 4] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 add ecx, 0xc add eax, ecx push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 mov eax, ebx shl eax, 2 add eax, ebx shl eax, 3 add eax, 0x1c push eax push 0xdc mov edx, dword [ref_0048a3b8] ; mov edx, dword [0x48a3b8] lea eax, [edx + 0x84] push eax mov eax, esi shl eax, 2 sub eax, esi shl eax, 2 add edx, 0xc add eax, edx push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 inc edi jmp short loc_004076ad ; jmp 0x4076ad loc_00407726: cmp edi, 4 jge short loc_0040778f ; jge 0x40778f mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x96000 mov edx, dword [ref_0048a354] ; mov edx, dword [0x48a354] push edx mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call _memcpy ; call 0x456de8 add esp, 0xc mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0x8006 call fcn_004549cf ; call 0x4549cf add esp, 4 push 0 push fcn_004060e9 ; push 0x4060e9 call _Wait_0402_Message ; call 0x4018e7 add esp, 8 call fcn_00454acb ; call 0x454acb jmp short loc_004077fe ; jmp 0x4077fe loc_0040778f: cmp word [ref_004991b6], 0 ; cmp word [0x4991b6], 0 je short loc_004077cf ; je 0x4077cf inc ebp push ebp push ref_00463198 ; push 0x463198 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push ref_0046cadc ; push 0x46cadc lea eax, [esp + 8] push eax call fcn_00451677 ; call 0x451677 add esp, 0xc push 0 push ref_0046cadc ; push 0x46cadc push ref_004631a4 ; push 0x4631a4 jmp short loc_004077ef ; jmp 0x4077ef loc_004077cf: push 0 push ref_0046cadc ; push 0x46cadc push ref_004631af ; push 0x4631af call fcn_00451677 ; call 0x451677 add esp, 0xc push 0 push ref_0046cadc ; push 0x46cadc push ref_004631b7 ; push 0x4631b7 loc_004077ef: call fcn_00451677 ; call 0x451677 add esp, 0xc mov byte [ref_0046caf9], 1 ; mov byte [0x46caf9], 1 loc_004077fe: mov ebx, dword [ref_0048a354] ; mov ebx, dword [0x48a354] push ebx call clib_free ; call 0x456e11 add esp, 4 mov esi, dword [ref_0048a3b8] ; mov esi, dword [0x48a3b8] push esi call clib_free ; call 0x456e11 add esp, 4 mov edi, dword [ref_0048a3bc] ; mov edi, dword [0x48a3bc] push edi call clib_free ; call 0x456e11 add esp, 4 mov ebp, dword [ref_0048a38c] ; mov ebp, dword [0x48a38c] push ebp call clib_free ; call 0x456e11 add esp, 4 add esp, 0x14 pop ebp pop edi pop esi pop ebx ret fcn_00407842: push ebx push esi push edi push ebp push 0 push 0 push 0x70 mov edx, dword [ref_0048a05c] ; mov edx, dword [0x48a05c] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048a3a8], eax ; mov dword [0x48a3a8], eax mov ecx, dword [esp + 0x14] test ecx, ecx jne near loc_00407912 ; jne 0x407912 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push ecx push 1 push ref_0048a068 ; push 0x48a068 push ecx push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a078] ; mov eax, dword [0x48a078] sar eax, 1 mov word [ref_0046caec], ax ; mov word [0x46caec], ax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax push 0x1b8 push 0x1b8 push 0x28 push 0 push 0 push ref_0046caec ; push 0x46caec call fcn_00451a97 ; call 0x451a97 mov ebx, eax add esp, 0x18 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov word [ref_0046caec], 0x280 ; mov word [0x46caec], 0x280 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x28 push 0 push ebx mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push ebx call clib_free ; call 0x456e11 add esp, 4 loc_00407912: push 0 push fcn_00406b14 ; push 0x406b14 call _Wait_0402_Message ; call 0x4018e7 add esp, 8 test eax, eax je near loc_004079de ; je 0x4079de mov edi, dword [_current_player] ; mov edi, dword [0x49910c] imul eax, edi, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov ebp, dword [edx + eax*8 + ref_004808b2] ; mov ebp, dword [edx + eax*8 + 0x4808b2] push ebp push 3 mov eax, edi or ah, 0x80 push eax call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc mov eax, dword [esp + 0x14] test eax, eax jne short loc_004079a9 ; jne 0x4079a9 push eax push eax push 0x22c mov edx, dword [ref_0048a0e4] ; mov edx, dword [0x48a0e4] push edx call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0 call fcn_0041906a ; call 0x41906a add esp, 4 xor ecx, ecx mov dword [ref_00475110], ecx ; mov dword [0x475110], ecx push 0x65 push 1 push 0x28 push ecx push ebx call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 loc_004079a9: mov eax, 1 loc_004079ae: cmp eax, dword [_nplayers] ; cmp eax, dword [0x499114] jge short loc_004079d0 ; jge 0x4079d0 imul edx, eax, 0x68 mov dl, byte [edx + (_players+19)] ; mov dl, byte [edx + 0x496b7b] and edx, 0xff xor bl, bl mov byte [edx + ref_004990f4], bl ; mov byte [edx + 0x4990f4], bl inc eax jmp short loc_004079ae ; jmp 0x4079ae loc_004079d0: mov byte [(_players+21)], 1 ; mov byte [0x496b7d], 1 mov ebx, 4 jmp short loc_004079e3 ; jmp 0x4079e3 loc_004079de: mov ebx, 1 loc_004079e3: mov esi, dword [ref_0048a3a8] ; mov esi, dword [0x48a3a8] push esi call clib_free ; call 0x456e11 add esp, 4 mov eax, ebx pop ebp pop edi pop esi pop ebx ret fcn_004079f9: push ebx push esi xor eax, eax mov ebx, dword [esp + 0xc] mov bx, word [ebx] mov edx, dword [esp + 0x10] mov dx, word [edx] movsx esi, bx movsx ecx, dx cmp esi, ecx jle short loc_00407a1a ; jle 0x407a1a mov eax, 1 loc_00407a1a: movsx ecx, bx movsx edx, dx cmp ecx, edx jge short loc_00407a29 ; jge 0x407a29 mov eax, 0xffffffff loc_00407a29: pop esi pop ebx ret fcn_00407a2c: push ebx push esi mov edx, dword [esp + 0xc] and edx, 0x1f mov ebx, dword [esp + 0x10] and ebx, 0x1f mov eax, dword [ref_00499088] ; mov eax, dword [0x499088] movsx ecx, byte [eax*4 + ref_00474910] ; movsx ecx, byte [eax*4 + 0x474910] imul ecx, edx sar ecx, 5 movsx esi, byte [eax*4 + ref_00474912] ; movsx esi, byte [eax*4 + 0x474912] imul esi, ebx sar esi, 5 add ecx, esi movsx esi, byte [eax*4 + ref_00474911] ; movsx esi, byte [eax*4 + 0x474911] imul edx, esi sar edx, 5 movsx eax, byte [eax*4 + ref_00474913] ; movsx eax, byte [eax*4 + 0x474913] imul eax, ebx sar eax, 5 add edx, eax mov eax, dword [esp + 0x14] mov dword [eax], ecx mov eax, dword [esp + 0x18] mov dword [eax], edx pop esi pop ebx ret fcn_00407a8c: push ebx mov edx, dword [esp + 8] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 mov ebx, dword [ref_00498e80] ; mov ebx, dword [0x498e80] lea edx, [ebx + eax] mov ecx, dword [esp + 0xc] mov eax, ecx shl eax, 2 add eax, ecx shl eax, 3 add eax, ebx movsx ebx, word [eax] movsx ecx, word [edx] sub ebx, ecx movsx ecx, word [eax + 2] movsx eax, word [edx + 2] sub ecx, eax push ecx push ebx call fcn_00454fb4 ; call 0x454fb4 add esp, 8 pop ebx ret fcn_00407ad2: push ebx push esi push edi push ebp call fcn_004080f5 ; call 0x4080f5 push ref_004631c0 ; push 0x4631c0 call fcn_004502fe ; call 0x4502fe mov ebx, eax add esp, 4 mov edi, eax push 0 push 0 movsx edx, word [ref_004991b6] ; movsx edx, word [0x4991b6] shl edx, 2 movsx eax, word [ref_004991b8] ; movsx eax, word [0x4991b8] add eax, edx add eax, eax push eax push ebx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_00474945], eax ; mov dword [0x474945], eax push 0 push 0 movsx eax, word [ref_004991b6] ; movsx eax, word [0x4991b6] shl eax, 2 movsx edx, word [ref_004991b8] ; movsx edx, word [0x4991b8] add eax, edx add eax, 0x10 push eax push ebx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048badc], eax ; mov dword [0x48badc], eax push 0 push 0 movsx eax, word [ref_004991b6] ; movsx eax, word [0x4991b6] shl eax, 2 movsx edx, word [ref_004991b8] ; movsx edx, word [0x4991b8] add eax, edx add eax, 0x10 push eax push ebx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048bad0], eax ; mov dword [0x48bad0], eax push 0x200 mov eax, dword [ref_00474945] ; mov eax, dword [0x474945] add eax, 0x10 push eax push ref_0048b6b4 ; push 0x48b6b4 call _memcpy ; call 0x456de8 add esp, 0xc mov eax, dword [ref_00474945] ; mov eax, dword [0x474945] lea edx, [eax + 0x210] mov dword [ref_0048bac4], edx ; mov dword [0x48bac4], edx add eax, 0x2a90 mov dword [ref_0048bacc], eax ; mov dword [0x48bacc], eax push 0 push 0 push 0x18 push ebx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_00474949], eax ; mov dword [0x474949], eax push 0 push 0 push 0x1a push ebx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0047494d], eax ; mov dword [0x47494d], eax cmp dword [ref_0047493c], 0 ; cmp dword [0x47493c], 0 jne near loc_00407e0b ; jne 0x407e0b push ref_004631c8 ; push 0x4631c8 call fcn_004502fe ; call 0x4502fe mov esi, eax add esp, 4 cmp eax, 0xffffffff je short loc_00407c16 ; je 0x407c16 push 0 push 0 movsx eax, word [ref_004991b6] ; movsx eax, word [0x4991b6] shl eax, 2 movsx edx, word [ref_004991b8] ; movsx edx, word [0x4991b8] add eax, edx push eax push esi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0047493c], eax ; mov dword [0x47493c], eax push esi call fcn_00450404 ; call 0x450404 add esp, 4 jmp short loc_00407c3f ; jmp 0x407c3f loc_00407c16: push 0 push 0 movsx eax, word [ref_004991b6] ; movsx eax, word [0x4991b6] shl eax, 2 movsx edx, word [ref_004991b8] ; movsx edx, word [0x4991b8] add eax, edx add eax, eax inc eax push eax push ebx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0047493c], eax ; mov dword [0x47493c], eax loc_00407c3f: mov eax, dword [ref_0047493c] ; mov eax, dword [0x47493c] mov edx, dword [eax] mov dword [ref_00498e9c], edx ; mov dword [0x498e9c], edx mov edx, dword [eax + 4] lea ebx, [eax + edx] mov dword [ref_00498e80], ebx ; mov dword [0x498e80], ebx mov edx, dword [eax + 8] mov dword [ref_00498e98], edx ; mov dword [0x498e98], edx mov edx, dword [eax + 0xc] lea ebx, [eax + edx] mov dword [ref_00498e84], ebx ; mov dword [0x498e84], ebx mov edx, dword [eax + 0x10] mov dword [ref_00498e8c], edx ; mov dword [0x498e8c], edx mov edx, dword [eax + 0x14] lea ebx, [eax + edx] mov dword [ref_00498e88], ebx ; mov dword [0x498e88], ebx mov edx, dword [eax + 0x18] mov dword [ref_00498e90], edx ; mov dword [0x498e90], edx mov edx, dword [eax + 0x1c] lea ebx, [eax + edx] mov dword [ref_00498e7c], ebx ; mov dword [0x498e7c], ebx mov edx, dword [eax + 0x20] mov dword [ref_00499074], edx ; mov dword [0x499074], edx mov edx, dword [eax + 0x24] lea ebx, [eax + edx] mov dword [ref_00498e78], ebx ; mov dword [0x498e78], ebx mov edx, dword [ref_00499074] ; mov edx, dword [0x499074] shl edx, 2 mov ebx, edx shl edx, 3 sub edx, ebx mov ebx, dword [ref_00498e78] ; mov ebx, dword [0x498e78] add edx, ebx add edx, 0x1c sub edx, eax mov dword [ref_00498e94], edx ; mov dword [0x498e94], edx xor ebx, ebx loc_00407cd1: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_00407d3a ; jge 0x407d3a push 0x2718 push 0 mov eax, ebx shl eax, 3 add eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 sub eax, ebx shl eax, 3 mov esi, eax shl eax, 3 add esi, eax mov eax, ref_0048cb80 ; mov eax, 0x48cb80 add eax, esi push eax call memset ; call 0x456f60 add esp, 0xc mov ebp, dword [ref_00498e94] ; mov ebp, dword [0x498e94] push ebp call fcn_00456f80 ; call 0x456f80 add esp, 4 mov dword [esi + ref_0048f294], eax ; mov dword [esi + 0x48f294], eax mov eax, dword [ref_00498e94] ; mov eax, dword [0x498e94] push eax push 0 mov edx, dword [esi + ref_0048f294] ; mov edx, dword [esi + 0x48f294] push edx call memset ; call 0x456f60 add esp, 0xc inc ebx jmp short loc_00407cd1 ; jmp 0x407cd1 loc_00407d3a: push 0x450 push 0 push ref_00496d08 ; push 0x496d08 call memset ; call 0x456f60 add esp, 0xc xor ebx, ebx loc_00407d50: mov eax, ebx shl eax, 2 sub eax, ebx mov dl, byte [ebx + ref_0047ed3c] ; mov dl, byte [ebx + 0x47ed3c] mov byte [eax*8 + ref_00496d08], dl ; mov byte [eax*8 + 0x496d08], dl inc ebx cmp ebx, 0x2e jl short loc_00407d50 ; jl 0x407d50 mov ebx, 1 loc_00407d6f: push 0 push 0 push 0 call fcn_0040aa6c ; call 0x40aa6c add esp, 4 push eax push ebx call fcn_0040e033 ; call 0x40e033 add esp, 0x10 add ebx, 2 cmp ebx, 0xb jle short loc_00407d6f ; jle 0x407d6f push 0 push 0 push 0 call fcn_0040aa6c ; call 0x40aa6c add esp, 4 push eax push 0xd call fcn_0040e033 ; call 0x40e033 add esp, 0x10 push 0 push 0 push 0 call fcn_0040aa6c ; call 0x40aa6c add esp, 4 push eax push 0xe call fcn_0040e033 ; call 0x40e033 add esp, 0x10 mov ebx, 1 loc_00407dc6: cmp ebx, dword [ref_00498e90] ; cmp ebx, dword [0x498e90] jg short loc_00407dfe ; jg 0x407dfe imul esi, ebx, 0x34 mov eax, dword [ref_00498e7c] ; mov eax, dword [0x498e7c] add esi, eax xor edx, edx mov dl, byte [esi + 0x19] mov eax, edx shl eax, 3 add eax, edx mov ax, word [eax*4 + (_stocks_on_map+8)] ; mov ax, word [eax*4 + 0x496988] and eax, 0xffff mov edx, 0x2710 sub edx, eax mov dword [esi + 0x30], edx inc ebx jmp short loc_00407dc6 ; jmp 0x407dc6 loc_00407dfe: call fcn_0042915a ; call 0x42915a xor ebx, ebx mov dword [ref_00499088], ebx ; mov dword [0x499088], ebx loc_00407e0b: xor ebx, ebx loc_00407e0d: push 0 push 0 movsx eax, word [ref_004991b6] ; movsx eax, word [0x4991b6] shl eax, 2 movsx edx, word [ref_004991b8] ; movsx edx, word [0x4991b8] lea esi, [edx + eax] mov eax, esi shl eax, 2 add eax, esi add eax, ebx add eax, 0x27 push eax push edi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx*4 + ref_0048ae4c], eax ; mov dword [ebx*4 + 0x48ae4c], eax inc ebx cmp ebx, 5 jl short loc_00407e0d ; jl 0x407e0d push 0 push 0 movsx edx, word [ref_004991b8] ; movsx edx, word [0x4991b8] movsx eax, word [ref_004991b6] ; movsx eax, word [0x4991b6] shl eax, 2 add edx, 0x4f add eax, edx push eax push edi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048ae60], eax ; mov dword [0x48ae60], eax cmp word [ref_004991b6], 0 ; cmp word [0x4991b6], 0 jne short loc_00407e9d ; jne 0x407e9d xor ebx, ebx loc_00407e7d: push 0 push 0 lea eax, [ebx + 0x57] push eax push edi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx*4 + ref_0048ae64], eax ; mov dword [ebx*4 + 0x48ae64], eax inc ebx cmp ebx, 0x11 jl short loc_00407e7d ; jl 0x407e7d jmp short loc_00407ece ; jmp 0x407ece loc_00407e9d: movsx edx, word [ref_004991b8] ; movsx edx, word [0x4991b8] mov eax, edx shl eax, 4 add eax, edx lea esi, [eax + 0x68] xor ebx, ebx loc_00407eb0: push 0 push 0 lea eax, [esi + ebx] push eax push edi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx*4 + ref_0048ae64], eax ; mov dword [ebx*4 + 0x48ae64], eax inc ebx cmp ebx, 0x11 jl short loc_00407eb0 ; jl 0x407eb0 loc_00407ece: mov ebx, 1 loc_00407ed3: cmp ebx, dword [ref_00498e90] ; cmp ebx, dword [0x498e90] jg short loc_00407f17 ; jg 0x407f17 imul eax, ebx, 0x34 mov edx, dword [ref_00498e7c] ; mov edx, dword [0x498e7c] mov ax, word [edx + eax + 0x20] and eax, 0xffff je short loc_00407f14 ; je 0x407f14 mov esi, eax shl esi, 2 mov ebp, dword [esi + ref_0048ae4c] ; mov ebp, dword [esi + 0x48ae4c] test ebp, ebp jne short loc_00407f14 ; jne 0x407f14 push ebp push ebp add eax, 0x26 push eax push edi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [esi + ref_0048ae4c], eax ; mov dword [esi + 0x48ae4c], eax loc_00407f14: inc ebx jmp short loc_00407ed3 ; jmp 0x407ed3 loc_00407f17: mov ebx, 1 loc_00407f1c: cmp ebx, dword [ref_00499074] ; cmp ebx, dword [0x499074] jg short loc_00407f68 ; jg 0x407f68 mov eax, ebx shl eax, 2 mov edx, eax shl edx, 3 sub edx, eax mov eax, dword [ref_00498e78] ; mov eax, dword [0x498e78] mov ax, word [edx + eax + 0x1a] and eax, 0xffff je short loc_00407f65 ; je 0x407f65 mov esi, eax shl esi, 2 mov edx, dword [esi + ref_0048ae4c] ; mov edx, dword [esi + 0x48ae4c] test edx, edx jne short loc_00407f65 ; jne 0x407f65 push edx push edx add eax, 0x26 push eax push edi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [esi + ref_0048ae4c], eax ; mov dword [esi + 0x48ae4c], eax loc_00407f65: inc ebx jmp short loc_00407f1c ; jmp 0x407f1c loc_00407f68: push 0 push 0 push 0x19 push edi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048aea8], eax ; mov dword [0x48aea8], eax push 0x1d4 push 0 push ref_00498ea0 ; push 0x498ea0 call memset ; call 0x456f60 add esp, 0xc xor ebx, ebx jmp short loc_00407f9e ; jmp 0x407f9e loc_00407f94: inc ebx cmp ebx, 9 jge near loc_0040801a ; jge 0x40801a loc_00407f9e: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_00407fff ; jge 0x407fff push 0 push 0 imul esi, ebx, 0x68 xor eax, eax mov al, byte [esi + (_players+19)] ; mov al, byte [esi + 0x496b7b] add eax, 0x1b push eax push edi call fcn_00450441 ; call 0x450441 mov edx, eax add esp, 0x10 imul eax, ebx, 0x34 mov dword [eax + ref_00498eb0], edx ; mov dword [eax + 0x498eb0], edx cmp byte [esi + (_players+21)], 0 ; cmp byte [esi + 0x496b7d], 0 jne short loc_00407fff ; jne 0x407fff cmp byte [esi + (_players+100)], 0 ; cmp byte [esi + 0x496bcc], 0 jne short loc_00407fff ; jne 0x407fff mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] movsx edx, word [eax + 0xe] push edx movsx edx, word [eax + 0xc] push edx push 0 push 0 add eax, 0xc push eax call fcn_004553fe ; call 0x4553fe add esp, 0x14 loc_00407fff: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jl short loc_0040800c ; jl 0x40800c cmp ebx, 4 jl short loc_00407f94 ; jl 0x407f94 loc_0040800c: push ebx call fcn_0040b93b ; call 0x40b93b add esp, 4 jmp near loc_00407f94 ; jmp 0x407f94 loc_0040801a: push edi call fcn_00450404 ; call 0x450404 add esp, 4 mov ebx, 1 mov edi, dword [ref_00498e9c] ; mov edi, dword [0x498e9c] loc_0040802e: cmp ebx, edi jg short loc_00408072 ; jg 0x408072 mov eax, ebx shl eax, 2 add eax, ebx mov edx, dword [ref_00498e80] ; mov edx, dword [0x498e80] cmp word [edx + eax*8 + 0x20], 0x1f41 jne short loc_0040804f ; jne 0x40804f mov word [ref_0048bae2], bx ; mov word [0x48bae2], bx loc_0040804f: mov eax, ebx shl eax, 2 lea edx, [ebx + eax] shl edx, 3 mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] cmp word [edx + eax + 0x20], 0x1f42 jne short loc_0040806f ; jne 0x40806f mov word [ref_0048bae0], bx ; mov word [0x48bae0], bx loc_0040806f: inc ebx jmp short loc_0040802e ; jmp 0x40802e loc_00408072: call fcn_00428caf ; call 0x428caf push 0 push 0 push 0x205 mov ebp, dword [ref_0048a0e4] ; mov ebp, dword [0x48a0e4] push ebp call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048bad8], eax ; mov dword [0x48bad8], eax push 0 push 0 push 0x207 mov eax, dword [ref_0048a0e4] ; mov eax, dword [0x48a0e4] push eax call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048bad4], eax ; mov dword [0x48bad4], eax xor ebx, ebx loc_004080b2: push 0 push 0 lea eax, [ebx + 0x18c] push eax mov edx, dword [ref_0048a0e4] ; mov edx, dword [0x48a0e4] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx*4 + ref_00496930], eax ; mov dword [ebx*4 + 0x496930], eax inc ebx cmp ebx, 0x14 jl short loc_004080b2 ; jl 0x4080b2 push ref_0048234a ; push 0x48234a call fcn_00454176 ; call 0x454176 add esp, 4 push 0 call fcn_0040a4e1 ; call 0x40a4e1 add esp, 4 pop ebp pop edi pop esi pop ebx ret fcn_004080f5: push ebx push esi push edi push ebp mov edx, dword [ref_00474945] ; mov edx, dword [0x474945] test edx, edx je near loc_0040825c ; je 0x40825c push edx call clib_free ; call 0x456e11 add esp, 4 mov ebx, dword [ref_0048badc] ; mov ebx, dword [0x48badc] push ebx call clib_free ; call 0x456e11 add esp, 4 mov esi, dword [ref_0048bad0] ; mov esi, dword [0x48bad0] push esi call clib_free ; call 0x456e11 add esp, 4 mov edi, dword [ref_0047493c] ; mov edi, dword [0x47493c] push edi call clib_free ; call 0x456e11 add esp, 4 mov ebp, dword [ref_00474949] ; mov ebp, dword [0x474949] push ebp call clib_free ; call 0x456e11 add esp, 4 mov eax, dword [ref_0047494d] ; mov eax, dword [0x47494d] push eax call clib_free ; call 0x456e11 add esp, 4 xor ebx, ebx jmp short loc_00408167 ; jmp 0x408167 loc_0040815e: inc ebx cmp ebx, 0x118 jge short loc_00408189 ; jge 0x408189 loc_00408167: mov esi, ebx shl esi, 2 mov edx, dword [esi + ref_0048ae4c] ; mov edx, dword [esi + 0x48ae4c] test edx, edx je short loc_0040815e ; je 0x40815e push edx call clib_free ; call 0x456e11 add esp, 4 xor edi, edi mov dword [esi + ref_0048ae4c], edi ; mov dword [esi + 0x48ae4c], edi jmp short loc_0040815e ; jmp 0x40815e loc_00408189: mov ebp, dword [ref_0048bad8] ; mov ebp, dword [0x48bad8] push ebp call clib_free ; call 0x456e11 add esp, 4 mov eax, dword [ref_0048bad4] ; mov eax, dword [0x48bad4] push eax call clib_free ; call 0x456e11 add esp, 4 xor ebx, ebx loc_004081a8: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_0040820c ; jge 0x40820c imul esi, ebx, 0x34 mov ecx, dword [esi + ref_00498eb0] ; mov ecx, dword [esi + 0x498eb0] push ecx call clib_free ; call 0x456e11 add esp, 4 xor edi, edi mov dword [esi + ref_00498eb0], edi ; mov dword [esi + 0x498eb0], edi mov eax, ebx shl eax, 3 add eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 sub eax, ebx shl eax, 3 mov esi, eax shl eax, 3 add esi, eax mov ebp, dword [esi + ref_0048f294] ; mov ebp, dword [esi + 0x48f294] push ebp call clib_free ; call 0x456e11 add esp, 4 push 0x2718 push edi add esi, ref_0048cb80 ; add esi, 0x48cb80 push esi call memset ; call 0x456f60 add esp, 0xc inc ebx jmp short loc_004081a8 ; jmp 0x4081a8 loc_0040820c: xor ebx, ebx loc_0040820e: mov edx, dword [ebx*4 + ref_00496930] ; mov edx, dword [ebx*4 + 0x496930] push edx call clib_free ; call 0x456e11 add esp, 4 inc ebx cmp ebx, 0x14 jl short loc_0040820e ; jl 0x40820e call fcn_0040c03b ; call 0x40c03b push ref_0048234a ; push 0x48234a call fcn_00454240 ; call 0x454240 add esp, 4 xor ecx, ecx mov dword [ref_00474945], ecx ; mov dword [0x474945], ecx mov dword [ref_0048badc], ecx ; mov dword [0x48badc], ecx mov dword [ref_0048bad0], ecx ; mov dword [0x48bad0], ecx mov dword [ref_0047493c], ecx ; mov dword [0x47493c], ecx mov dword [ref_00474949], ecx ; mov dword [0x474949], ecx mov dword [ref_0047494d], ecx ; mov dword [0x47494d], ecx loc_0040825c: xor edx, edx mov dword [ref_00475114], edx ; mov dword [0x475114], edx mov dword [ref_0048be18], edx ; mov dword [0x48be18], edx mov dword [ref_0048be1c], edx ; mov dword [0x48be1c], edx mov dword [ref_0048be20], edx ; mov dword [0x48be20], edx mov dword [ref_00474930], edx ; mov dword [0x474930], edx mov dword [ref_00474934], edx ; mov dword [0x474934], edx pop ebp pop edi pop esi pop ebx ret endloc_00408287: db 0x8b db 0xc0 ref_00408289: ; may contain a jump table dd fcn_00409419 dd fcn_00409426 dd fcn_00409434 dd fcn_00409442 dd fcn_00409449 fcn_0040829d: push ebx push esi push edi push ebp sub esp, 0x5c mov eax, dword [esp + 0x70] mov edx, dword [esp + 0x74] cmp eax, 0xffffffff jne short loc_004082bc ; jne 0x4082bc mov eax, dword [ref_0048b2ac] ; mov eax, dword [0x48b2ac] mov edx, dword [ref_0048b2b0] ; mov edx, dword [0x48b2b0] loc_004082bc: cmp dword [_current_player], 4 ; cmp dword [0x49910c], 4 jge near loc_004083a3 ; jge 0x4083a3 test eax, eax jne near loc_004083a3 ; jne 0x4083a3 test edx, edx jne near loc_004083a3 ; jne 0x4083a3 call fcn_0040aa0f ; call 0x40aa0f mov ebx, eax shl eax, 2 add eax, ebx shl eax, 3 mov edx, dword [ref_00498e80] ; mov edx, dword [0x498e80] add edx, eax mov dword [esp + 0x48], edx imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov word [eax + (_players+12)], bx ; mov word [eax + 0x496b74], bx xor ebx, ebx xor edi, edi mov ebp, dword [esp + 0x48] jmp short loc_00408312 ; jmp 0x408312 loc_0040830c: inc ebx cmp ebx, 4 jge short loc_00408328 ; jge 0x408328 loc_00408312: lea esi, [ebx + ebx] add esi, ebp mov dx, word [esi + 0x18] test dx, dx je short loc_0040830c ; je 0x40830c mov word [esp + edi*2 + 0x10], dx inc edi jmp short loc_0040830c ; jmp 0x40830c loc_00408328: call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv edi imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov dx, word [esp + edx*2 + 0x10] mov word [eax + (_players+14)], dx ; mov word [eax + 0x496b76], dx xor edx, edx mov dx, word [eax + (_players+12)] ; mov dx, word [eax + 0x496b74] push edx mov ax, word [eax + (_players+14)] ; mov ax, word [eax + 0x496b76] and eax, 0xffff push eax call fcn_00407a8c ; call 0x407a8c add esp, 8 mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] imul edx, ebx, 0x68 mov byte [edx + (_players+16)], al ; mov byte [edx + 0x496b78], al mov eax, dword [esp + 0x48] movsx eax, word [eax] mov edx, dword [esp + 0x48] movsx edx, word [edx + 2] lea ecx, [ebx + 1] mov dword [ref_00475114], ecx ; mov dword [0x475114], ecx mov cl, byte [_current_player] ; mov cl, byte [0x49910c] mov ebx, 0x100 shl ebx, cl mov ecx, ebx mov ebx, dword [esp + 0x48] or dword [ebx + 0x24], ecx loc_004083a3: mov dword [ref_0048b2ac], eax ; mov dword [0x48b2ac], eax mov dword [ref_0048b2b0], edx ; mov dword [0x48b2b0], edx mov ecx, eax sar ecx, 5 mov dword [esp + 0x50], ecx mov ecx, edx sar ecx, 5 mov dword [esp + 0x4c], ecx lea ecx, [esp + 0x20] push ecx lea ecx, [esp + 0x38] push ecx push edx push eax call fcn_00407a2c ; call 0x407a2c add esp, 0x10 xor edi, edi mov dword [ref_0048bac8], edi ; mov dword [0x48bac8], edi mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] add dword [esp + 0x34], 0xdc add dword [esp + 0x20], 0x104 mov edx, dword [eax] push edi push 1 push ref_0048a068 ; push 0x48a068 push edi push eax call dword [edx + 0x64] ; ucall xor ebx, ebx jmp short loc_00408429 ; jmp 0x408429 loc_00408404: mov esi, ref_0048b2b4 ; mov esi, 0x48b2b4 loc_00408409: mov eax, esp push eax push esi mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004557a1 ; call 0x4557a1 add esp, 0xc inc ebx cmp ebx, 0x130 jge near loc_0040855f ; jge 0x40855f loc_00408429: mov edi, dword [ref_00499088] ; mov edi, dword [0x499088] mov esi, edi shl esi, 2 add esi, edi shl esi, 2 sub esi, edi shl esi, 5 lea eax, [ebx + ebx] add esi, eax movsx ebp, byte [esi + ref_00473610] ; movsx ebp, byte [esi + 0x473610] cmp ebp, 0xffffff80 je near loc_0040855f ; je 0x40855f movsx eax, byte [esi + ref_00473611] ; movsx eax, byte [esi + 0x473611] mov dword [esp + 0x2c], eax lea edx, [eax + 0xe] lea edi, [ebp + 0xe] imul ecx, dword [ref_00499088], 0xd24 ; imul ecx, dword [0x499088], 0xd24 imul eax, edi, 0x74 add eax, ecx shl edx, 2 lea esi, [eax + edx] mov ax, word [esi + ref_0046ccf2] ; mov ax, word [esi + 0x46ccf2] add eax, dword [esp + 0x34] mov word [esp + 2], ax mov ax, word [esi + ref_0046ccf0] ; mov ax, word [esi + 0x46ccf0] add eax, dword [esp + 0x20] mov word [esp], ax mov ax, word [esi + ref_0046ccf6] ; mov ax, word [esi + 0x46ccf6] add eax, dword [esp + 0x34] mov word [esp + 6], ax mov ax, word [esi + ref_0046ccf4] ; mov ax, word [esi + 0x46ccf4] mov esi, dword [esp + 0x20] add eax, esi mov word [esp + 4], ax inc edi imul edi, edi, 0x74 add ecx, edi lea esi, [ecx + edx] mov ax, word [esi + ref_0046ccf6] ; mov ax, word [esi + 0x46ccf6] mov edi, dword [esp + 0x34] add eax, edi mov word [esp + 0xa], ax mov ax, word [esi + ref_0046ccf4] ; mov ax, word [esi + 0x46ccf4] mov edx, dword [esp + 0x20] add eax, edx mov word [esp + 8], ax mov ax, word [esi + ref_0046ccf2] ; mov ax, word [esi + 0x46ccf2] add eax, edi mov word [esp + 0xe], ax mov ax, word [esi + ref_0046ccf0] ; mov ax, word [esi + 0x46ccf0] add eax, edx mov word [esp + 0xc], ax mov edi, dword [esp + 0x50] add edi, dword [esp + 0x2c] mov esi, dword [esp + 0x4c] add esi, ebp test edi, edi jl near loc_00408404 ; jl 0x408404 cmp edi, 0x48 jge near loc_00408404 ; jge 0x408404 test esi, esi jl near loc_00408404 ; jl 0x408404 cmp esi, 0x48 jge near loc_00408404 ; jge 0x408404 mov eax, esi shl esi, 3 add esi, eax shl esi, 3 add edi, esi mov eax, dword [ref_0048bac4] ; mov eax, dword [0x48bac4] mov di, word [eax + edi*2] mov esi, edi and esi, 0xffff shl esi, 0xa mov eax, dword [ref_0048bacc] ; mov eax, dword [0x48bacc] add esi, eax jmp near loc_00408409 ; jmp 0x408409 loc_0040855f: mov ebx, 1 mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] add eax, 0x28 mov dword [esp + 0x48], eax loc_00408570: cmp ebx, dword [ref_00498e9c] ; cmp ebx, dword [0x498e9c] jg near loc_00408662 ; jg 0x408662 mov eax, dword [esp + 0x48] cmp word [eax + 0x22], 0 je near loc_00408657 ; je 0x408657 movsx ebp, word [eax] mov eax, ebp sar eax, 5 sub eax, dword [esp + 0x50] lea esi, [eax + 0xe] mov eax, dword [esp + 0x48] movsx eax, word [eax + 2] mov edx, eax sar edx, 5 sub edx, dword [esp + 0x4c] lea edi, [edx + 0xe] test esi, esi jl near loc_00408657 ; jl 0x408657 cmp esi, 0x1c jg near loc_00408657 ; jg 0x408657 test edi, edi jl near loc_00408657 ; jl 0x408657 cmp edi, 0x1c jg near loc_00408657 ; jg 0x408657 lea edx, [esp + 0x28] push edx lea edx, [esp + 0x28] push edx push eax push ebp call fcn_00407a2c ; call 0x407a2c add esp, 0x10 imul eax, dword [ref_00499088], 0xd24 ; imul eax, dword [0x499088], 0xd24 imul edi, edi, 0x74 add eax, edi shl esi, 2 add esi, eax movsx eax, word [esi + ref_0046ccf2] ; movsx eax, word [esi + 0x46ccf2] sub eax, dword [esp + 0x24] mov edx, dword [esp + 0x34] add edx, eax mov dword [esp + 0x30], edx movsx eax, word [esi + ref_0046ccf0] ; movsx eax, word [esi + 0x46ccf0] sub eax, dword [esp + 0x28] mov edx, dword [esp + 0x20] add edx, eax mov dword [esp + 0x3c], edx push edx mov edi, dword [esp + 0x34] push edi xor eax, eax mov edx, dword [esp + 0x50] mov ax, word [edx + 0x22] dec eax mov esi, eax shl esi, 2 sub esi, eax shl esi, 2 mov eax, dword [ref_00474949] ; mov eax, dword [0x474949] add eax, 0xc add eax, esi push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_004564c1 ; call 0x4564c1 add esp, 0x10 loc_00408657: inc ebx add dword [esp + 0x48], 0x28 jmp near loc_00408570 ; jmp 0x408570 loc_00408662: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall xor ebx, ebx loc_00408674: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge near loc_00408919 ; jge 0x408919 imul esi, ebx, 0x68 cmp word [esi + (_players+8)], 0 ; cmp word [esi + 0x496b70], 0 je near loc_00408913 ; je 0x408913 cmp dword [esi + (_players+50)], 0 ; cmp dword [esi + 0x496b9a], 0 je short loc_004086a7 ; je 0x4086a7 test byte [esi + (_players+21)], 0x20 ; test byte [esi + 0x496b7d], 0x20 je near loc_00408913 ; je 0x408913 loc_004086a7: imul edi, ebx, 0x68 xor eax, eax mov ax, word [edi + (_players+8)] ; mov ax, word [edi + 0x496b70] mov esi, eax sar esi, 5 sub esi, dword [esp + 0x50] add esi, 0xe movzx ebp, word [edi + (_players+10)] ; movzx ebp, word [edi + 0x496b72] mov edx, ebp sar edx, 5 sub edx, dword [esp + 0x4c] lea edi, [edx + 0xe] test esi, esi jl near loc_00408913 ; jl 0x408913 cmp esi, 0x1c jg near loc_00408913 ; jg 0x408913 test edi, edi jl near loc_00408913 ; jl 0x408913 cmp edi, 0x1c jg near loc_00408913 ; jg 0x408913 lea edx, [esp + 0x28] push edx lea edx, [esp + 0x28] push edx push ebp push eax call fcn_00407a2c ; call 0x407a2c add esp, 0x10 imul eax, dword [ref_00499088], 0xd24 ; imul eax, dword [0x499088], 0xd24 imul edi, edi, 0x74 add eax, edi shl esi, 2 add esi, eax movsx eax, word [esi + ref_0046ccf2] ; movsx eax, word [esi + 0x46ccf2] sub eax, dword [esp + 0x24] mov edx, dword [esp + 0x34] add edx, eax mov dword [esp + 0x30], edx movsx eax, word [esi + ref_0046ccf0] ; movsx eax, word [esi + 0x46ccf0] sub eax, dword [esp + 0x28] mov edx, dword [esp + 0x20] add edx, eax mov dword [esp + 0x3c], edx mov eax, edx shl eax, 4 and eax, 0xfff0 mov edx, dword [ref_0048bac8] ; mov edx, dword [0x48bac8] shl edx, 0x10 add eax, edx mov esi, dword [ref_0048bac8] ; mov esi, dword [0x48bac8] shl esi, 2 mov dword [esi + ref_0048a44c], eax ; mov dword [esi + 0x48a44c], eax cmp ebx, dword [_current_player] ; cmp ebx, dword [0x49910c] jne short loc_0040877b ; jne 0x40877b or byte [esi + ref_0048a44c], 0xd ; or byte [esi + 0x48a44c], 0xd jmp short loc_00408782 ; jmp 0x408782 loc_0040877b: or byte [esi + ref_0048a44c], 0xc ; or byte [esi + 0x48a44c], 0xc loc_00408782: imul esi, ebx, 0x34 xor eax, eax mov al, byte [esi + ref_00498ea2] ; mov al, byte [esi + 0x498ea2] shl eax, 3 lea edx, [esi + eax] xor eax, eax mov al, byte [esi + ref_00498ea1] ; mov al, byte [esi + 0x498ea1] shl eax, 2 add edx, eax mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] mov edi, eax shl edi, 2 sub edi, eax shl edi, 2 mov eax, dword [edx + ref_00498eb4] ; mov eax, dword [edx + 0x498eb4] mov dword [edi + ref_0048a84c], eax ; mov dword [edi + 0x48a84c], eax imul eax, ebx, 0x68 cmp byte [eax + (_players+54)], 0 ; cmp byte [eax + 0x496b9e], 0 je short loc_004087e6 ; je 0x4087e6 test byte [esi + ref_00498ea0], 0x40 ; test byte [esi + 0x498ea0], 0x40 jne short loc_004087e6 ; jne 0x4087e6 mov ebp, dword [edi + ref_0048a84c] ; mov ebp, dword [edi + 0x48a84c] push ebp call fcn_004555c5 ; call 0x4555c5 add esp, 4 or byte [esi + ref_00498ea0], 0x40 ; or byte [esi + 0x498ea0], 0x40 loc_004087e6: mov cl, bl mov eax, 1 shl eax, cl add ah, 0x80 mov edx, eax mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] mov esi, eax shl esi, 2 sub esi, eax mov word [esi*4 + ref_0048a850], dx ; mov word [esi*4 + 0x48a850], dx mov byte [esi*4 + ref_0048a852], 0xff ; mov byte [esi*4 + 0x48a852], 0xff mov eax, dword [esi*4 + ref_0048a84c] ; mov eax, dword [esi*4 + 0x48a84c] mov eax, dword [eax + 4] sar eax, 3 imul edi, ebx, 0x68 xor edx, edx mov dl, byte [edi + (_players+16)] ; mov dl, byte [edi + 0x496b78] mov ecx, 8 sub ecx, dword [ref_00499088] ; sub ecx, dword [0x499088] add edx, ecx and edx, 7 mov dword [esp + 0x54], edx imul edx, ebx, 0x34 mul byte [esp + 0x54] mov ch, byte [edx + ref_00498ea3] ; mov ch, byte [edx + 0x498ea3] add al, ch mov byte [esi*4 + ref_0048a853], al ; mov byte [esi*4 + 0x48a853], al mov eax, dword [esp + 0x30] mov word [esi*4 + ref_0048a854], ax ; mov word [esi*4 + 0x48a854], ax mov eax, dword [esp + 0x3c] mov word [esi*4 + ref_0048a856], ax ; mov word [esi*4 + 0x48a856], ax inc dword [ref_0048bac8] ; inc dword [0x48bac8] cmp byte [edi + (_players+55)], 0 ; cmp byte [edi + 0x496b9f], 0 je near loc_00408913 ; je 0x408913 mov eax, dword [esp + 0x3c] shl eax, 4 and eax, 0xfff0 mov edx, dword [ref_0048bac8] ; mov edx, dword [0x48bac8] shl edx, 0x10 add eax, edx mov esi, dword [ref_0048bac8] ; mov esi, dword [0x48bac8] shl esi, 2 mov dword [esi + ref_0048a44c], eax ; mov dword [esi + 0x48a44c], eax cmp ebx, dword [_current_player] ; cmp ebx, dword [0x49910c] jne short loc_004088b4 ; jne 0x4088b4 or byte [esi + ref_0048a44c], 0xf ; or byte [esi + 0x48a44c], 0xf jmp short loc_004088bb ; jmp 0x4088bb loc_004088b4: or byte [esi + ref_0048a44c], 0xe ; or byte [esi + 0x48a44c], 0xe loc_004088bb: mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] mov esi, eax shl esi, 2 sub esi, eax mov eax, dword [ref_00496978] ; mov eax, dword [0x496978] mov dword [esi*4 + ref_0048a84c], eax ; mov dword [esi*4 + 0x48a84c], eax xor edx, edx mov word [esi*4 + ref_0048a850], dx ; mov word [esi*4 + 0x48a850], dx mov byte [esi*4 + ref_0048a852], 0xff ; mov byte [esi*4 + 0x48a852], 0xff imul eax, ebx, 0x34 mov al, byte [eax + ref_00498ea4] ; mov al, byte [eax + 0x498ea4] mov byte [esi*4 + ref_0048a853], al ; mov byte [esi*4 + 0x48a853], al mov eax, dword [esp + 0x30] mov word [esi*4 + ref_0048a854], ax ; mov word [esi*4 + 0x48a854], ax mov eax, dword [esp + 0x3c] mov word [esi*4 + ref_0048a856], ax ; mov word [esi*4 + 0x48a856], ax inc dword [ref_0048bac8] ; inc dword [0x48bac8] loc_00408913: inc ebx jmp near loc_00408674 ; jmp 0x408674 loc_00408919: xor ebx, ebx mov dword [esp + 0x58], 4 jmp near loc_00408b82 ; jmp 0x408b82 loc_00408928: or byte [esi + ref_0048a44c], 8 ; or byte [esi + 0x48a44c], 8 loc_0040892f: mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] mov ebp, eax shl ebp, 2 sub ebp, eax shl ebp, 2 imul esi, dword [esp + 0x58], 0x34 cmp ebx, 4 jge near loc_00408a27 ; jge 0x408a27 mov eax, ebx shl eax, 4 mov ax, word [eax + ref_00498e2c] ; mov ax, word [eax + 0x498e2c] and eax, 0xffff mov edi, eax shl edi, 2 add edi, eax mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] test byte [eax + edi*8 + 0x27], 0x80 je short loc_00408990 ; je 0x408990 cmp byte [esi + ref_00498ea2], 0 ; cmp byte [esi + 0x498ea2], 0 jne short loc_00408990 ; jne 0x408990 xor eax, eax mov al, byte [esi + ref_00498ea1] ; mov al, byte [esi + 0x498ea1] mov eax, dword [esi + eax*4 + ref_00498ebc] ; mov eax, dword [esi + eax*4 + 0x498ebc] mov dword [ebp + ref_0048a84c], eax ; mov dword [ebp + 0x48a84c], eax jmp short loc_004089c6 ; jmp 0x4089c6 loc_00408990: imul esi, dword [esp + 0x58], 0x34 xor eax, eax mov al, byte [esi + ref_00498ea2] ; mov al, byte [esi + 0x498ea2] shl eax, 3 lea edx, [esi + eax] xor eax, eax mov al, byte [esi + ref_00498ea1] ; mov al, byte [esi + 0x498ea1] mov edi, dword [ref_0048bac8] ; mov edi, dword [0x48bac8] mov esi, edi shl esi, 2 sub esi, edi mov eax, dword [edx + eax*4 + ref_00498eb4] ; mov eax, dword [edx + eax*4 + 0x498eb4] mov dword [esi*4 + ref_0048a84c], eax ; mov dword [esi*4 + 0x48a84c], eax loc_004089c6: mov eax, ebx shl eax, 4 cmp byte [eax + ref_00498e34], 0 ; cmp byte [eax + 0x498e34], 0 je short loc_00408a05 ; je 0x408a05 imul edi, dword [esp + 0x58], 0x34 test byte [edi + ref_00498ea0], 0x40 ; test byte [edi + 0x498ea0], 0x40 jne short loc_00408a05 ; jne 0x408a05 mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] mov esi, eax shl esi, 2 sub esi, eax mov ebp, dword [esi*4 + ref_0048a84c] ; mov ebp, dword [esi*4 + 0x48a84c] push ebp call fcn_004555c5 ; call 0x4555c5 add esp, 4 or byte [edi + ref_00498ea0], 0x40 ; or byte [edi + 0x498ea0], 0x40 loc_00408a05: mov cl, bl mov edx, 0x10 shl edx, cl add dh, 0x80 mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] mov esi, eax shl esi, 2 sub esi, eax mov word [esi*4 + ref_0048a850], dx ; mov word [esi*4 + 0x48a850], dx jmp short loc_00408a53 ; jmp 0x408a53 loc_00408a27: xor eax, eax mov al, byte [esi + ref_00498ea2] ; mov al, byte [esi + 0x498ea2] shl eax, 3 lea edx, [esi + eax] xor eax, eax mov al, byte [esi + ref_00498ea1] ; mov al, byte [esi + 0x498ea1] mov eax, dword [edx + eax*4 + ref_00498eb4] ; mov eax, dword [edx + eax*4 + 0x498eb4] mov dword [ebp + ref_0048a84c], eax ; mov dword [ebp + 0x48a84c], eax xor ecx, ecx mov word [ebp + ref_0048a850], cx ; mov word [ebp + 0x48a850], cx loc_00408a53: mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] mov esi, eax shl esi, 2 sub esi, eax mov byte [esi*4 + ref_0048a852], 0xff ; mov byte [esi*4 + 0x48a852], 0xff mov eax, dword [esi*4 + ref_0048a84c] ; mov eax, dword [esi*4 + 0x48a84c] mov eax, dword [eax + 4] sar eax, 3 mov edi, ebx shl edi, 4 xor edx, edx mov dl, byte [edi + ref_00498e31] ; mov dl, byte [edi + 0x498e31] mov ecx, 8 sub ecx, dword [ref_00499088] ; sub ecx, dword [0x499088] add edx, ecx and edx, 7 mov dword [esp + 0x54], edx imul ebp, dword [esp + 0x58], 0x34 mul byte [esp + 0x54] mov dh, byte [ebp + ref_00498ea3] ; mov dh, byte [ebp + 0x498ea3] add al, dh mov byte [esi*4 + ref_0048a853], al ; mov byte [esi*4 + 0x48a853], al mov eax, dword [esp + 0x30] mov word [esi*4 + ref_0048a854], ax ; mov word [esi*4 + 0x48a854], ax mov eax, dword [esp + 0x3c] mov word [esi*4 + ref_0048a856], ax ; mov word [esi*4 + 0x48a856], ax inc dword [ref_0048bac8] ; inc dword [0x48bac8] cmp byte [edi + ref_00498e35], 0 ; cmp byte [edi + 0x498e35], 0 je near loc_00408b74 ; je 0x408b74 mov eax, dword [esp + 0x3c] shl eax, 4 and eax, 0xfff0 mov edx, dword [ref_0048bac8] ; mov edx, dword [0x48bac8] shl edx, 0x10 add eax, edx mov esi, dword [ref_0048bac8] ; mov esi, dword [0x48bac8] shl esi, 2 mov dword [esi + ref_0048a44c], eax ; mov dword [esi + 0x48a44c], eax mov eax, dword [esp + 0x58] cmp eax, dword [_current_player] ; cmp eax, dword [0x49910c] jne short loc_00408b13 ; jne 0x408b13 or byte [esi + ref_0048a44c], 0xf ; or byte [esi + 0x48a44c], 0xf jmp short loc_00408b1a ; jmp 0x408b1a loc_00408b13: or byte [esi + ref_0048a44c], 0xe ; or byte [esi + 0x48a44c], 0xe loc_00408b1a: mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] mov esi, eax shl esi, 2 sub esi, eax mov eax, dword [ref_00496978] ; mov eax, dword [0x496978] mov dword [esi*4 + ref_0048a84c], eax ; mov dword [esi*4 + 0x48a84c], eax xor edi, edi mov word [esi*4 + ref_0048a850], di ; mov word [esi*4 + 0x48a850], di mov byte [esi*4 + ref_0048a852], 0xff ; mov byte [esi*4 + 0x48a852], 0xff imul eax, dword [esp + 0x58], 0x34 mov al, byte [eax + ref_00498ea4] ; mov al, byte [eax + 0x498ea4] mov byte [esi*4 + ref_0048a853], al ; mov byte [esi*4 + 0x48a853], al mov eax, dword [esp + 0x30] mov word [esi*4 + ref_0048a854], ax ; mov word [esi*4 + 0x48a854], ax mov eax, dword [esp + 0x3c] mov word [esi*4 + ref_0048a856], ax ; mov word [esi*4 + 0x48a856], ax inc dword [ref_0048bac8] ; inc dword [0x48bac8] loc_00408b74: inc ebx inc dword [esp + 0x58] cmp ebx, 5 jge near loc_00408c5e ; jge 0x408c5e loc_00408b82: mov edi, ebx shl edi, 4 cmp byte [edi + ref_00498e32], 0 ; cmp byte [edi + 0x498e32], 0 jne short loc_00408b74 ; jne 0x408b74 xor eax, eax mov ax, word [edi + ref_00498e28] ; mov ax, word [edi + 0x498e28] mov esi, eax sar esi, 5 sub esi, dword [esp + 0x50] add esi, 0xe xor edx, edx mov dx, word [edi + ref_00498e2a] ; mov dx, word [edi + 0x498e2a] mov ecx, edx sar ecx, 5 sub ecx, dword [esp + 0x4c] lea edi, [ecx + 0xe] test esi, esi jl short loc_00408b74 ; jl 0x408b74 cmp esi, 0x1c jg short loc_00408b74 ; jg 0x408b74 test edi, edi jl short loc_00408b74 ; jl 0x408b74 cmp edi, 0x1c jg short loc_00408b74 ; jg 0x408b74 lea ecx, [esp + 0x28] push ecx lea ecx, [esp + 0x28] push ecx push edx push eax call fcn_00407a2c ; call 0x407a2c add esp, 0x10 imul eax, dword [ref_00499088], 0xd24 ; imul eax, dword [0x499088], 0xd24 imul edi, edi, 0x74 add eax, edi shl esi, 2 add esi, eax movsx eax, word [esi + ref_0046ccf2] ; movsx eax, word [esi + 0x46ccf2] sub eax, dword [esp + 0x24] mov edx, dword [esp + 0x34] add edx, eax mov dword [esp + 0x30], edx movsx eax, word [esi + ref_0046ccf0] ; movsx eax, word [esi + 0x46ccf0] sub eax, dword [esp + 0x28] mov edx, dword [esp + 0x20] add edx, eax mov dword [esp + 0x3c], edx mov eax, edx shl eax, 4 and eax, 0xfff0 mov edx, dword [ref_0048bac8] ; mov edx, dword [0x48bac8] shl edx, 0x10 add eax, edx mov esi, dword [ref_0048bac8] ; mov esi, dword [0x48bac8] shl esi, 2 mov dword [esi + ref_0048a44c], eax ; mov dword [esi + 0x48a44c], eax mov eax, dword [esp + 0x58] cmp eax, dword [_current_player] ; cmp eax, dword [0x49910c] jne near loc_00408928 ; jne 0x408928 or byte [esi + ref_0048a44c], 0xd ; or byte [esi + 0x48a44c], 0xd jmp near loc_0040892f ; jmp 0x40892f loc_00408c5e: xor ebx, ebx jmp near loc_00408f78 ; jmp 0x408f78 loc_00408c65: mov esi, dword [esp + 0x54] mov eax, dword [esi*8 + ref_00474951] ; mov eax, dword [esi*8 + 0x474951] add dword [esp + 0x30], eax mov eax, dword [esi*8 + ref_00474955] ; mov eax, dword [esi*8 + 0x474955] loc_00408c7b: add dword [esp + 0x3c], eax mov eax, ebx inc eax shl eax, 8 add ah, 0x80 mov edx, eax mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] mov edi, eax shl edi, 2 sub edi, eax shl edi, 2 mov word [edi + ref_0048a850], dx ; mov word [edi + 0x48a850], dx mov esi, ebx shl esi, 2 sub esi, ebx cmp byte [esi*8 + ref_00496d08], 0x12 ; cmp byte [esi*8 + 0x496d08], 0x12 jne short loc_00408cb8 ; jne 0x408cb8 or byte [edi + ref_0048a851], 0x40 ; or byte [edi + 0x48a851], 0x40 loc_00408cb8: mov eax, dword [esp + 0x3c] shl eax, 4 and eax, 0xfff0 mov edx, dword [ref_0048bac8] ; mov edx, dword [0x48bac8] shl edx, 0x10 add edx, eax mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] jmp near loc_00408f15 ; jmp 0x408f15 loc_00408cd9: cmp byte [ebp + ref_00496d0e], 0 ; cmp byte [ebp + 0x496d0e], 0 je near loc_00408e0e ; je 0x408e0e fld dword [ebp + ref_00496d10] ; fld dword [ebp + 0x496d10] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x40] fld dword [ebp + ref_00496d14] ; fld dword [ebp + 0x496d14] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x44] mov eax, dword [esp + 0x40] sar eax, 5 sub eax, dword [esp + 0x50] lea esi, [eax + 0xe] mov edi, dword [esp + 0x44] sar edi, 5 sub edi, dword [esp + 0x4c] add edi, 0xe test esi, esi jl short loc_00408d32 ; jl 0x408d32 cmp esi, 0x1c jg short loc_00408d32 ; jg 0x408d32 test edi, edi jl short loc_00408d32 ; jl 0x408d32 cmp edi, 0x1c jle short loc_00408d47 ; jle 0x408d47 loc_00408d32: mov esi, ebx shl esi, 2 sub esi, ebx xor ch, ch mov byte [esi*8 + ref_00496d0e], ch ; mov byte [esi*8 + 0x496d0e], ch jmp near loc_00408f6e ; jmp 0x408f6e loc_00408d47: lea eax, [esp + 0x28] push eax lea eax, [esp + 0x28] push eax mov edx, dword [esp + 0x4c] push edx mov ecx, dword [esp + 0x4c] push ecx dec byte [ebp + ref_00496d0e] ; dec byte [ebp + 0x496d0e] call fcn_00407a2c ; call 0x407a2c add esp, 0x10 imul eax, dword [ref_00499088], 0xd24 ; imul eax, dword [0x499088], 0xd24 imul edi, edi, 0x74 add edi, eax movsx eax, word [edi + esi*4 + ref_0046ccf2] ; movsx eax, word [edi + esi*4 + 0x46ccf2] sub eax, dword [esp + 0x24] mov edx, dword [esp + 0x34] add edx, eax mov dword [esp + 0x30], edx movsx eax, word [edi + esi*4 + ref_0046ccf0] ; movsx eax, word [edi + esi*4 + 0x46ccf0] sub eax, dword [esp + 0x28] mov edx, dword [esp + 0x20] add edx, eax mov dword [esp + 0x3c], edx fld dword [ebp + ref_00496d18] ; fld dword [ebp + 0x496d18] fadd dword [ebp + ref_00496d10] ; fadd dword [ebp + 0x496d10] fstp dword [ebp + ref_00496d10] ; fstp dword [ebp + 0x496d10] fld dword [ebp + ref_00496d1c] ; fld dword [ebp + 0x496d1c] fadd dword [ebp + ref_00496d14] ; fadd dword [ebp + 0x496d14] fstp dword [ebp + ref_00496d14] ; fstp dword [ebp + 0x496d14] mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] mov esi, eax shl esi, 2 sub esi, eax xor edx, edx mov word [esi*4 + ref_0048a850], dx ; mov word [esi*4 + 0x48a850], dx mov al, 8 sub al, byte [ref_00499088] ; sub al, byte [0x499088] add al, byte [ebp + ref_00496d0f] ; add al, byte [ebp + 0x496d0f] and al, 7 mov byte [esi*4 + ref_0048a853], al ; mov byte [esi*4 + 0x48a853], al mov edx, dword [ref_0048bac8] ; mov edx, dword [0x48bac8] shl edx, 0x10 mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] add edx, 0x7ff0 jmp near loc_00408f15 ; jmp 0x408f15 loc_00408e0e: xor eax, eax mov ax, word [ebp + ref_00496d0a] ; mov ax, word [ebp + 0x496d0a] mov esi, eax shl esi, 2 add esi, eax shl esi, 3 mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] add eax, esi mov dword [esp + 0x48], eax movsx edx, word [eax] mov eax, edx sar eax, 5 sub eax, dword [esp + 0x50] lea esi, [eax + 0xe] mov eax, dword [esp + 0x48] movsx eax, word [eax + 2] mov ecx, eax sar ecx, 5 sub ecx, dword [esp + 0x4c] lea edi, [ecx + 0xe] test esi, esi jl near loc_00408f6e ; jl 0x408f6e cmp esi, 0x1c jg near loc_00408f6e ; jg 0x408f6e test edi, edi jl near loc_00408f6e ; jl 0x408f6e cmp edi, 0x1c jg near loc_00408f6e ; jg 0x408f6e lea ecx, [esp + 0x28] push ecx lea ecx, [esp + 0x28] push ecx push eax push edx call fcn_00407a2c ; call 0x407a2c add esp, 0x10 imul eax, dword [ref_00499088], 0xd24 ; imul eax, dword [0x499088], 0xd24 imul edi, edi, 0x74 add eax, edi shl esi, 2 add esi, eax movsx eax, word [esi + ref_0046ccf2] ; movsx eax, word [esi + 0x46ccf2] sub eax, dword [esp + 0x24] mov edx, dword [esp + 0x34] add edx, eax mov dword [esp + 0x30], edx movsx eax, word [esi + ref_0046ccf0] ; movsx eax, word [esi + 0x46ccf0] sub eax, dword [esp + 0x28] mov edx, dword [esp + 0x20] add edx, eax mov dword [esp + 0x3c], edx mov eax, ebx inc eax shl eax, 8 add ah, 0x80 mov edx, eax mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] mov esi, eax shl esi, 2 sub esi, eax mov word [esi*4 + ref_0048a850], dx ; mov word [esi*4 + 0x48a850], dx mov al, 8 sub al, byte [ref_00499088] ; sub al, byte [0x499088] add al, byte [ebp + ref_00496d09] ; add al, byte [ebp + 0x496d09] and al, 7 mov byte [esi*4 + ref_0048a853], al ; mov byte [esi*4 + 0x48a853], al mov edx, dword [esp + 0x3c] shl edx, 4 and edx, 0xfff0 mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] shl eax, 0x10 add edx, eax mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] loc_00408f15: mov dword [eax*4 + ref_0048a44c], edx ; mov dword [eax*4 + 0x48a44c], edx mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] mov esi, eax shl esi, 2 sub esi, eax mov eax, dword [esp + 0x30] mov word [esi*4 + ref_0048a854], ax ; mov word [esi*4 + 0x48a854], ax mov eax, dword [esp + 0x3c] mov word [esi*4 + ref_0048a856], ax ; mov word [esi*4 + 0x48a856], ax mov eax, ebx mov edi, ebx shl edi, 2 sub edi, ebx xor eax, ebx mov al, byte [edi*8 + ref_00496d08] ; mov al, byte [edi*8 + 0x496d08] mov eax, dword [eax*4 + ref_0049692c] ; mov eax, dword [eax*4 + 0x49692c] mov dword [esi*4 + ref_0048a84c], eax ; mov dword [esi*4 + 0x48a84c], eax mov byte [esi*4 + ref_0048a852], 0xff ; mov byte [esi*4 + 0x48a852], 0xff inc dword [ref_0048bac8] ; inc dword [0x48bac8] loc_00408f6e: inc ebx cmp ebx, 0x2e jge near loc_004090e2 ; jge 0x4090e2 loc_00408f78: mov esi, ebx shl esi, 2 sub esi, ebx shl esi, 3 cmp word [esi + ref_00496d0a], 0 ; cmp word [esi + 0x496d0a], 0 jne short loc_00408f95 ; jne 0x408f95 cmp byte [esi + ref_00496d0e], 0 ; cmp byte [esi + 0x496d0e], 0 je short loc_00408f6e ; je 0x408f6e loc_00408f95: mov ebp, ebx shl ebp, 2 sub ebp, ebx shl ebp, 3 mov dh, byte [ebp + ref_00496d0d] ; mov dh, byte [ebp + 0x496d0d] test dh, dh je near loc_00408cd9 ; je 0x408cd9 xor eax, eax mov al, dh dec eax mov dword [esp + 0x58], eax imul eax, eax, 0x68 mov dword [esp + 0x38], eax cmp dword [eax + (_players+50)], 0 ; cmp dword [eax + 0x496b9a], 0 jne short loc_00408f6e ; jne 0x408f6e xor eax, eax mov edx, dword [esp + 0x38] mov ax, word [edx + (_players+8)] ; mov ax, word [edx + 0x496b70] mov edx, eax sar edx, 5 sub edx, dword [esp + 0x50] lea esi, [edx + 0xe] xor edx, edx mov ecx, dword [esp + 0x38] mov dx, word [ecx + (_players+10)] ; mov dx, word [ecx + 0x496b72] mov ecx, edx sar ecx, 5 sub ecx, dword [esp + 0x4c] lea edi, [ecx + 0xe] test esi, esi jl near loc_00408f6e ; jl 0x408f6e cmp esi, 0x1c jg near loc_00408f6e ; jg 0x408f6e test edi, edi jl near loc_00408f6e ; jl 0x408f6e cmp edi, 0x1c jg near loc_00408f6e ; jg 0x408f6e lea ecx, [esp + 0x28] push ecx lea ecx, [esp + 0x28] push ecx push edx push eax call fcn_00407a2c ; call 0x407a2c add esp, 0x10 imul eax, dword [ref_00499088], 0xd24 ; imul eax, dword [0x499088], 0xd24 imul edi, edi, 0x74 add eax, edi shl esi, 2 add esi, eax movsx eax, word [esi + ref_0046ccf2] ; movsx eax, word [esi + 0x46ccf2] sub eax, dword [esp + 0x24] mov edx, dword [esp + 0x34] add edx, eax mov dword [esp + 0x30], edx movsx eax, word [esi + ref_0046ccf0] ; movsx eax, word [esi + 0x46ccf0] sub eax, dword [esp + 0x28] mov edx, dword [esp + 0x20] add edx, eax mov dword [esp + 0x3c], edx xor edx, edx mov eax, dword [esp + 0x38] mov dl, byte [eax + (_players+16)] ; mov dl, byte [eax + 0x496b78] mov eax, 8 sub eax, dword [ref_00499088] ; sub eax, dword [0x499088] add eax, edx and eax, 7 mov dword [esp + 0x54], eax mov dl, byte [esp + 0x54] add dl, 4 and dl, 7 mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] mov esi, eax shl esi, 2 sub esi, eax mov byte [esi*4 + ref_0048a853], dl ; mov byte [esi*4 + 0x48a853], dl cmp byte [ebp + ref_00496d08], 0x12 ; cmp byte [ebp + 0x496d08], 0x12 jne near loc_00408c65 ; jne 0x408c65 mov eax, dword [esp + 0x38] cmp byte [eax + (_players+63)], 0 ; cmp byte [eax + 0x496ba7], 0 je near loc_00408c65 ; je 0x408c65 mov esi, dword [esp + 0x54] mov eax, dword [esi*8 + ref_00474991] ; mov eax, dword [esi*8 + 0x474991] add dword [esp + 0x30], eax mov eax, dword [esi*8 + ref_00474995] ; mov eax, dword [esi*8 + 0x474995] jmp near loc_00408c7b ; jmp 0x408c7b loc_004090e2: mov ebx, 1 mov ebp, dword [ref_00498e84] ; mov ebp, dword [0x498e84] loc_004090ed: add ebp, 0x34 cmp ebx, dword [ref_00498e98] ; cmp ebx, dword [0x498e98] jg near loc_004092f4 ; jg 0x4092f4 movsx eax, word [ebp] mov edx, eax sar edx, 5 sub edx, dword [esp + 0x50] lea esi, [edx + 0xe] movsx edx, word [ebp + 2] mov edi, edx sar edi, 5 sub edi, dword [esp + 0x4c] add edi, 0xe test esi, esi jl near loc_004092ee ; jl 0x4092ee cmp esi, 0x1c jg near loc_004092ee ; jg 0x4092ee test edi, edi jl near loc_004092ee ; jl 0x4092ee cmp edi, 0x1c jg near loc_004092ee ; jg 0x4092ee lea ecx, [esp + 0x28] push ecx lea ecx, [esp + 0x28] push ecx push edx push eax call fcn_00407a2c ; call 0x407a2c add esp, 0x10 imul eax, dword [ref_00499088], 0xd24 ; imul eax, dword [0x499088], 0xd24 imul edi, edi, 0x74 add eax, edi shl esi, 2 add esi, eax movsx eax, word [esi + ref_0046ccf2] ; movsx eax, word [esi + 0x46ccf2] sub eax, dword [esp + 0x24] mov edx, dword [esp + 0x34] add edx, eax mov dword [esp + 0x30], edx movsx eax, word [esi + ref_0046ccf0] ; movsx eax, word [esi + 0x46ccf0] sub eax, dword [esp + 0x28] mov edx, dword [esp + 0x20] add edx, eax mov dword [esp + 0x3c], edx shl edx, 4 and edx, 0xfff0 mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] shl eax, 0x10 add edx, eax mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] mov dword [eax*4 + ref_0048a44c], edx ; mov dword [eax*4 + 0x48a44c], edx mov al, byte [ebp + 0x1b] add al, byte [ref_00499088] ; add al, byte [0x499088] mov dl, 8 sub dl, al and dl, 7 mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] mov esi, eax shl esi, 2 sub esi, eax shl esi, 2 mov byte [esi + ref_0048a853], dl ; mov byte [esi + 0x48a853], dl mov al, dl and eax, 0xff mov dword [esp + 0x54], eax cmp byte [ebp + 0x1a], 0 je short loc_0040920f ; je 0x40920f mov al, byte [ebp + 0x19] mov byte [esi + ref_0048a852], al ; mov byte [esi + 0x48a852], al cmp byte [ebp + 0x18], 0 jne short loc_00409208 ; jne 0x409208 xor eax, eax mov al, byte [ebp + 0x1a] mov eax, dword [eax*4 + ref_0048ae48] ; mov eax, dword [eax*4 + 0x48ae48] loc_00409200: mov dword [esi + ref_0048a84c], eax ; mov dword [esi + 0x48a84c], eax jmp short loc_00409246 ; jmp 0x409246 loc_00409208: mov eax, dword [ref_0048ae60] ; mov eax, dword [0x48ae60] jmp short loc_00409200 ; jmp 0x409200 loc_0040920f: mov byte [esi + ref_0048a852], 0xff ; mov byte [esi + 0x48a852], 0xff cmp byte [ebp + 0x19], 0 je short loc_0040923e ; je 0x40923e mov eax, dword [ref_0048aea8] ; mov eax, dword [0x48aea8] mov dword [esi + ref_0048a84c], eax ; mov dword [esi + 0x48a84c], eax xor eax, eax mov al, byte [ebp + 0x19] dec eax imul eax, eax, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] mov byte [esi + ref_0048a853], al ; mov byte [esi + 0x48a853], al jmp short loc_00409246 ; jmp 0x409246 loc_0040923e: xor edi, edi mov dword [esi + ref_0048a84c], edi ; mov dword [esi + 0x48a84c], edi loc_00409246: mov edx, ebx add edx, 0x7d0 mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] mov esi, eax shl esi, 2 sub esi, eax mov word [esi*4 + ref_0048a850], dx ; mov word [esi*4 + 0x48a850], dx mov eax, dword [esp + 0x30] mov word [esi*4 + ref_0048a854], ax ; mov word [esi*4 + 0x48a854], ax mov eax, dword [esp + 0x3c] mov word [esi*4 + ref_0048a856], ax ; mov word [esi*4 + 0x48a856], ax inc dword [ref_0048bac8] ; inc dword [0x48bac8] cmp byte [ebp + 0x17], 0 je short loc_004092ee ; je 0x4092ee mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] mov eax, dword [esi] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push esi call dword [eax + 0x64] ; ucall mov al, byte [ebp + 0x17] and al, 1 and eax, 0xff push eax mov edx, dword [esp + 0x40] push edx mov ecx, dword [esp + 0x38] push ecx mov eax, dword [esp + 0x60] and eax, 1 mov esi, eax shl esi, 2 sub esi, eax shl esi, 2 mov eax, dword [ref_0047494d] ; mov eax, dword [0x47494d] add eax, 0xc add eax, esi push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_00456c33 ; call 0x456c33 add esp, 0x14 mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] mov eax, dword [esi] push 0 push esi call dword [eax + 0x80] ; ucall loc_004092ee: inc ebx jmp near loc_004090ed ; jmp 0x4090ed loc_004092f4: mov ebx, 1 mov ebp, dword [ref_00498e88] ; mov ebp, dword [0x498e88] loc_004092ff: add ebp, 0x38 cmp ebx, dword [ref_00498e8c] ; cmp ebx, dword [0x498e8c] jg near loc_0040953f ; jg 0x40953f movsx edx, word [ebp] mov eax, edx sar eax, 5 sub eax, dword [esp + 0x50] lea esi, [eax + 0xe] movsx eax, word [ebp + 2] mov edi, eax sar edi, 5 sub edi, dword [esp + 0x4c] add edi, 0xe test esi, esi jl near loc_00409539 ; jl 0x409539 cmp esi, 0x1c jg near loc_00409539 ; jg 0x409539 test edi, edi jl near loc_00409539 ; jl 0x409539 cmp edi, 0x1c jg near loc_00409539 ; jg 0x409539 lea ecx, [esp + 0x28] push ecx lea ecx, [esp + 0x28] push ecx push eax push edx call fcn_00407a2c ; call 0x407a2c add esp, 0x10 imul eax, dword [ref_00499088], 0xd24 ; imul eax, dword [0x499088], 0xd24 imul edi, edi, 0x74 add eax, edi shl esi, 2 add esi, eax movsx eax, word [esi + ref_0046ccf2] ; movsx eax, word [esi + 0x46ccf2] sub eax, dword [esp + 0x24] mov edx, dword [esp + 0x34] add edx, eax mov dword [esp + 0x30], edx movsx eax, word [esi + ref_0046ccf0] ; movsx eax, word [esi + 0x46ccf0] sub eax, dword [esp + 0x28] mov edx, dword [esp + 0x20] add edx, eax mov dword [esp + 0x3c], edx mov eax, edx shl eax, 4 and eax, 0xfff0 mov edx, dword [ref_0048bac8] ; mov edx, dword [0x48bac8] shl edx, 0x10 add edx, eax mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] mov dword [eax*4 + ref_0048a44c], edx ; mov dword [eax*4 + 0x48a44c], edx mov al, byte [ebp + 0x1b] add al, byte [ref_00499088] ; add al, byte [0x499088] mov dl, 8 sub dl, al and dl, 7 mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] mov esi, eax shl esi, 2 sub esi, eax shl esi, 2 mov byte [esi + ref_0048a853], dl ; mov byte [esi + 0x48a853], dl mov al, dl and eax, 0xff mov dword [esp + 0x54], eax cmp byte [ebp + 0x1a], 0 je short loc_00409457 ; je 0x409457 mov al, byte [ebp + 0x19] mov byte [esi + ref_0048a852], al ; mov byte [esi + 0x48a852], al mov al, byte [ebp + 0x18] cmp al, 4 ja near loc_0040948e ; ja 0x40948e and eax, 0xff jmp dword [eax*4 + ref_00408289] ; ujmp: jmp dword [eax*4 + 0x408289] fcn_00409419: mov eax, dword [ref_0048ae64] ; mov eax, dword [0x48ae64] loc_0040941e: mov dword [esi + ref_0048a84c], eax ; mov dword [esi + 0x48a84c], eax jmp short loc_0040948e ; jmp 0x40948e fcn_00409426: xor eax, eax mov al, byte [ebp + 0x1a] mov eax, dword [eax*4 + ref_0048ae64] ; mov eax, dword [eax*4 + 0x48ae64] jmp short loc_0040941e ; jmp 0x40941e fcn_00409434: xor eax, eax mov al, byte [ebp + 0x1a] mov eax, dword [eax*4 + ref_0048ae78] ; mov eax, dword [eax*4 + 0x48ae78] jmp short loc_0040941e ; jmp 0x40941e fcn_00409442: mov eax, dword [ref_0048ae90] ; mov eax, dword [0x48ae90] jmp short loc_0040941e ; jmp 0x40941e fcn_00409449: xor eax, eax mov al, byte [ebp + 0x1a] mov eax, dword [eax*4 + ref_0048ae90] ; mov eax, dword [eax*4 + 0x48ae90] jmp short loc_0040941e ; jmp 0x40941e loc_00409457: mov byte [esi + ref_0048a852], 0xff ; mov byte [esi + 0x48a852], 0xff cmp byte [ebp + 0x19], 0 je short loc_00409486 ; je 0x409486 mov eax, dword [ref_0048aea8] ; mov eax, dword [0x48aea8] mov dword [esi + ref_0048a84c], eax ; mov dword [esi + 0x48a84c], eax xor eax, eax mov al, byte [ebp + 0x19] dec eax imul eax, eax, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] mov byte [esi + ref_0048a853], al ; mov byte [esi + 0x48a853], al jmp short loc_0040948e ; jmp 0x40948e loc_00409486: xor edi, edi mov dword [esi + ref_0048a84c], edi ; mov dword [esi + 0x48a84c], edi loc_0040948e: mov edx, ebx add edx, 0xfa0 mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] mov esi, eax shl esi, 2 sub esi, eax mov word [esi*4 + ref_0048a850], dx ; mov word [esi*4 + 0x48a850], dx mov eax, dword [esp + 0x30] mov word [esi*4 + ref_0048a854], ax ; mov word [esi*4 + 0x48a854], ax mov eax, dword [esp + 0x3c] mov word [esi*4 + ref_0048a856], ax ; mov word [esi*4 + 0x48a856], ax inc dword [ref_0048bac8] ; inc dword [0x48bac8] cmp byte [ebp + 0x1c], 0 je short loc_00409539 ; je 0x409539 mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] mov eax, dword [esi] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push esi call dword [eax + 0x64] ; ucall mov al, byte [ebp + 0x1c] and al, 1 and eax, 0xff push eax mov edx, dword [esp + 0x40] push edx mov ecx, dword [esp + 0x38] push ecx mov eax, dword [esp + 0x60] and eax, 1 add eax, 2 mov esi, eax shl esi, 2 sub esi, eax shl esi, 2 mov eax, dword [ref_0047494d] ; mov eax, dword [0x47494d] add eax, 0xc add eax, esi push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_00456c33 ; call 0x456c33 add esp, 0x14 mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] mov eax, dword [esi] push 0 push esi call dword [eax + 0x80] ; ucall loc_00409539: inc ebx jmp near loc_004092ff ; jmp 0x4092ff loc_0040953f: mov ebx, 1 mov ebp, dword [ref_00498e7c] ; mov ebp, dword [0x498e7c] loc_0040954a: add ebp, 0x34 cmp ebx, dword [ref_00498e90] ; cmp ebx, dword [0x498e90] jg near loc_00409689 ; jg 0x409689 cmp word [ebp + 0x20], 0 je near loc_00409683 ; je 0x409683 movsx edx, word [ebp] mov eax, edx sar eax, 5 sub eax, dword [esp + 0x50] lea esi, [eax + 0xe] movsx eax, word [ebp + 2] mov ecx, eax sar ecx, 5 sub ecx, dword [esp + 0x4c] lea edi, [ecx + 0xe] test esi, esi jl near loc_00409683 ; jl 0x409683 cmp esi, 0x1c jg near loc_00409683 ; jg 0x409683 test edi, edi jl near loc_00409683 ; jl 0x409683 cmp edi, 0x1c jg near loc_00409683 ; jg 0x409683 lea ecx, [esp + 0x28] push ecx lea ecx, [esp + 0x28] push ecx push eax push edx call fcn_00407a2c ; call 0x407a2c add esp, 0x10 imul edx, dword [ref_00499088], 0xd24 ; imul edx, dword [0x499088], 0xd24 imul eax, edi, 0x74 add eax, edx shl esi, 2 add esi, eax movsx eax, word [esi + ref_0046ccf2] ; movsx eax, word [esi + 0x46ccf2] sub eax, dword [esp + 0x24] mov edx, dword [esp + 0x34] add edx, eax mov dword [esp + 0x30], edx movsx eax, word [esi + ref_0046ccf0] ; movsx eax, word [esi + 0x46ccf0] sub eax, dword [esp + 0x28] mov edx, dword [esp + 0x20] add edx, eax mov dword [esp + 0x3c], edx mov eax, edx shl eax, 4 and eax, 0xfff0 mov edx, dword [ref_0048bac8] ; mov edx, dword [0x48bac8] shl edx, 0x10 add edx, eax mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] mov dword [eax*4 + ref_0048a44c], edx ; mov dword [eax*4 + 0x48a44c], edx xor edx, edx mov dx, word [ebp + 0x20] mov esi, eax shl esi, 2 sub esi, eax mov eax, dword [edx*4 + ref_0048ae4c] ; mov eax, dword [edx*4 + 0x48ae4c] mov dword [esi*4 + ref_0048a84c], eax ; mov dword [esi*4 + 0x48a84c], eax mov eax, ebx add eax, 0x1770 mov word [esi*4 + ref_0048a850], ax ; mov word [esi*4 + 0x48a850], ax mov al, byte [ebp + 0x18] mov byte [esi*4 + ref_0048a852], al ; mov byte [esi*4 + 0x48a852], al mov al, byte [ebp + 0x1b] add al, byte [ref_00499088] ; add al, byte [0x499088] mov ah, 8 sub ah, al mov al, ah and al, 7 mov byte [esi*4 + ref_0048a853], al ; mov byte [esi*4 + 0x48a853], al mov eax, dword [esp + 0x30] mov word [esi*4 + ref_0048a854], ax ; mov word [esi*4 + 0x48a854], ax mov eax, dword [esp + 0x3c] mov word [esi*4 + ref_0048a856], ax ; mov word [esi*4 + 0x48a856], ax inc dword [ref_0048bac8] ; inc dword [0x48bac8] loc_00409683: inc ebx jmp near loc_0040954a ; jmp 0x40954a loc_00409689: mov ebx, 1 mov ebp, dword [ref_00498e78] ; mov ebp, dword [0x498e78] loc_00409694: add ebp, 0x1c cmp ebx, dword [ref_00499074] ; cmp ebx, dword [0x499074] jg near loc_004097cf ; jg 0x4097cf cmp word [ebp + 0x1a], 0 je near loc_004097c9 ; je 0x4097c9 movsx edx, word [ebp] mov eax, edx sar eax, 5 sub eax, dword [esp + 0x50] lea esi, [eax + 0xe] movsx eax, word [ebp + 2] mov ecx, eax sar ecx, 5 sub ecx, dword [esp + 0x4c] lea edi, [ecx + 0xe] test esi, esi jl near loc_004097c9 ; jl 0x4097c9 cmp esi, 0x1c jg near loc_004097c9 ; jg 0x4097c9 test edi, edi jl near loc_004097c9 ; jl 0x4097c9 cmp edi, 0x1c jg near loc_004097c9 ; jg 0x4097c9 lea ecx, [esp + 0x28] push ecx lea ecx, [esp + 0x28] push ecx push eax push edx call fcn_00407a2c ; call 0x407a2c add esp, 0x10 imul edx, dword [ref_00499088], 0xd24 ; imul edx, dword [0x499088], 0xd24 imul eax, edi, 0x74 add eax, edx shl esi, 2 add esi, eax movsx eax, word [esi + ref_0046ccf2] ; movsx eax, word [esi + 0x46ccf2] sub eax, dword [esp + 0x24] mov edx, dword [esp + 0x34] add edx, eax mov dword [esp + 0x30], edx movsx eax, word [esi + ref_0046ccf0] ; movsx eax, word [esi + 0x46ccf0] sub eax, dword [esp + 0x28] mov edx, dword [esp + 0x20] add edx, eax mov dword [esp + 0x3c], edx shl edx, 4 and edx, 0xfff0 mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] shl eax, 0x10 add edx, eax mov eax, dword [ref_0048bac8] ; mov eax, dword [0x48bac8] mov dword [eax*4 + ref_0048a44c], edx ; mov dword [eax*4 + 0x48a44c], edx xor edx, edx mov dx, word [ebp + 0x1a] mov esi, eax shl esi, 2 sub esi, eax mov eax, dword [edx*4 + ref_0048ae4c] ; mov eax, dword [edx*4 + 0x48ae4c] mov dword [esi*4 + ref_0048a84c], eax ; mov dword [esi*4 + 0x48a84c], eax mov eax, ebx add eax, 0x1f40 mov word [esi*4 + ref_0048a850], ax ; mov word [esi*4 + 0x48a850], ax mov byte [esi*4 + ref_0048a852], 0xff ; mov byte [esi*4 + 0x48a852], 0xff mov al, byte [ebp + 0x18] add al, byte [ref_00499088] ; add al, byte [0x499088] mov ah, 8 sub ah, al mov al, ah and al, 7 mov byte [esi*4 + ref_0048a853], al ; mov byte [esi*4 + 0x48a853], al mov eax, dword [esp + 0x30] mov word [esi*4 + ref_0048a854], ax ; mov word [esi*4 + 0x48a854], ax mov eax, dword [esp + 0x3c] mov word [esi*4 + ref_0048a856], ax ; mov word [esi*4 + 0x48a856], ax inc dword [ref_0048bac8] ; inc dword [0x48bac8] loc_004097c9: inc ebx jmp near loc_00409694 ; jmp 0x409694 loc_004097cf: mov ebp, dword [ref_0048bac8] ; mov ebp, dword [0x48bac8] test ebp, ebp je near loc_00409a1b ; je 0x409a1b push fcn_004079f9 ; push 0x4079f9 push 4 push ebp push ref_0048a44c ; push 0x48a44c call fcn_00457e6c ; call 0x457e6c add esp, 0x10 push 0 push 0xb push 0x101010 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall xor ebx, ebx loc_00409822: cmp ebx, dword [ref_0048bac8] ; cmp ebx, dword [0x48bac8] jge near loc_00409937 ; jge 0x409937 mov edi, dword [ebx*4 + ref_0048a44c] ; mov edi, dword [ebx*4 + 0x48a44c] shr edi, 0x10 mov esi, edi shl esi, 2 sub esi, edi shl esi, 2 mov ebp, dword [esi + ref_0048a84c] ; mov ebp, dword [esi + 0x48a84c] test ebp, ebp je near loc_00409931 ; je 0x409931 add ebp, dword [ebp + 8] mov cl, byte [esi + ref_0048a852] ; mov cl, byte [esi + 0x48a852] cmp cl, 0xff je short loc_00409884 ; je 0x409884 test cl, cl jne short loc_00409866 ; jne 0x409866 xor eax, eax jmp short loc_0040987d ; jmp 0x40987d loc_00409866: xor eax, eax mov al, cl dec eax imul eax, eax, 0x68 mov edx, dword [eax + (_players+4)] ; mov edx, dword [eax + 0x496b6c] push edx call fcn_004551f0 ; call 0x4551f0 add esp, 4 loc_0040987d: mov word [ebp + 0x1fe], ax loc_00409884: mov esi, edi shl esi, 2 sub esi, edi shl esi, 2 movsx eax, word [esi + ref_0048a856] ; movsx eax, word [esi + 0x48a856] push eax movsx eax, word [esi + ref_0048a854] ; movsx eax, word [esi + 0x48a854] push eax xor eax, eax mov al, byte [esi + ref_0048a853] ; mov al, byte [esi + 0x48a853] push eax mov ecx, dword [esi + ref_0048a84c] ; mov ecx, dword [esi + 0x48a84c] push ecx mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_00456770 ; call 0x456770 add esp, 0x14 mov al, byte [esi + ref_0048a851] ; mov al, byte [esi + 0x48a851] test al, 0x80 je short loc_00409931 ; je 0x409931 test al, 0x40 je short loc_00409931 ; je 0x409931 mov dl, al and dl, 0xbf mov byte [esi + ref_0048a851], dl ; mov byte [esi + 0x48a851], dl xor eax, eax mov ax, word [esi + ref_0048a850] ; mov ax, word [esi + 0x48a850] sar eax, 8 and eax, 0x3f mov dword [esp + 0x58], eax dec eax mov edi, eax shl edi, 2 sub edi, eax xor eax, eax mov al, byte [edi*8 + ref_00496d0c] ; mov al, byte [edi*8 + 0x496d0c] push eax push ref_004631d3 ; push 0x4631d3 lea eax, [esp + 0x20] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 2 movsx eax, word [esi + ref_0048a856] ; movsx eax, word [esi + 0x48a856] sub eax, 0x3c push eax movsx eax, word [esi + ref_0048a854] ; movsx eax, word [esi + 0x48a854] push eax lea eax, [esp + 0x24] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 loc_00409931: inc ebx jmp near loc_00409822 ; jmp 0x409822 loc_00409937: cmp byte [ref_0046cafb], 0 ; cmp byte [0x46cafb], 0 je near loc_004099fd ; je 0x4099fd cmp dword [ref_0048baf8], 0 ; cmp dword [0x48baf8], 0 je near loc_004099fd ; je 0x4099fd mov eax, dword [_current_player] ; mov eax, dword [0x49910c] cmp eax, 4 jge short loc_0040997e ; jge 0x40997e jge near loc_004099fd ; jge 0x4099fd imul eax, eax, 0x68 test byte [eax + (_players+21)], 0x30 ; test byte [eax + 0x496b7d], 0x30 jne near loc_004099fd ; jne 0x4099fd cmp dword [eax + (_players+50)], 0 ; cmp dword [eax + 0x496b9a], 0 jne near loc_004099fd ; jne 0x4099fd loc_0040997e: mov esi, dword [ref_0048baf8] ; mov esi, dword [0x48baf8] push esi push ref_004631d3 ; push 0x4631d3 lea eax, [esp + 0x20] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc lea eax, [esp + 0x18] push eax call _strlen ; call 0x45825d add esp, 4 mov dword [esp + 0x58], eax imul edx, eax, 0x32 mov eax, edx sar edx, 0x1f sub eax, edx sar eax, 1 mov esi, 0xf5 sub esi, eax xor ebx, ebx mov ebp, dword [esp + 0x58] loc_004099c1: cmp ebx, ebp jge short loc_004099fd ; jge 0x4099fd push 0x190 push esi xor eax, eax mov al, byte [esp + ebx + 0x20] sub eax, 0x28 mov edi, eax shl edi, 2 sub edi, eax shl edi, 2 mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] add eax, 0xc add eax, edi push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 inc ebx add esi, 0x32 jmp short loc_004099c1 ; jmp 0x4099c1 loc_004099fd: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall xor edx, edx mov dword [ref_00474930], edx ; mov dword [0x474930], edx mov dword [ref_00474934], edx ; mov dword [0x474934], edx loc_00409a1b: add esp, 0x5c pop ebp pop edi pop esi pop ebx ret fcn_00409a23: push ebx push esi push edi push ebp sub esp, 0x10 mov edi, dword [esp + 0x2c] mov ebp, dword [esp + 0x30] mov ebx, dword [ref_0048b2ac] ; mov ebx, dword [0x48b2ac] sar ebx, 5 mov esi, dword [ref_0048b2b0] ; mov esi, dword [0x48b2b0] sar esi, 5 lea eax, [esp + 4] push eax lea eax, [esp + 4] push eax mov edx, dword [ref_0048b2b0] ; mov edx, dword [0x48b2b0] push edx mov ecx, dword [ref_0048b2ac] ; mov ecx, dword [0x48b2ac] push ecx call fcn_00407a2c ; call 0x407a2c add esp, 0x10 mov eax, dword [esp + 0x24] sar eax, 5 add dword [esp], 0xdc add dword [esp + 4], 0x104 sub eax, ebx lea ebx, [eax + 0xe] mov eax, dword [esp + 0x28] sar eax, 5 sub eax, esi lea esi, [eax + 0xe] test ebx, ebx jl short loc_00409a9d ; jl 0x409a9d cmp ebx, 0x1c jg short loc_00409a9d ; jg 0x409a9d test esi, esi jl short loc_00409a9d ; jl 0x409a9d cmp esi, 0x1c jle short loc_00409aac ; jle 0x409aac loc_00409a9d: mov dword [edi], 0 mov dword [ebp], 0 jmp short loc_00409b10 ; jmp 0x409b10 loc_00409aac: lea eax, [esp + 0xc] push eax lea eax, [esp + 0xc] push eax mov eax, dword [esp + 0x30] push eax mov edx, dword [esp + 0x30] push edx call fcn_00407a2c ; call 0x407a2c add esp, 0x10 imul edx, dword [ref_00499088], 0xd24 ; imul edx, dword [0x499088], 0xd24 imul eax, esi, 0x74 add edx, eax shl ebx, 2 lea esi, [edx + ebx] movsx edx, word [esi + ref_0046ccf2] ; movsx edx, word [esi + 0x46ccf2] sub edx, dword [esp + 8] mov esi, dword [esp] add esi, edx mov dword [edi], esi imul edx, dword [ref_00499088], 0xd24 ; imul edx, dword [0x499088], 0xd24 add eax, edx movsx eax, word [ebx + eax + ref_0046ccf0] ; movsx eax, word [ebx + eax + 0x46ccf0] sub eax, dword [esp + 0xc] mov edx, dword [esp + 4] add edx, eax mov dword [ebp], edx loc_00409b10: add esp, 0x10 pop ebp pop edi pop esi pop ebx ret fcn_00409b18: push ebx push esi push edi push ebp sub esp, 0x18 cmp dword [esp + 0x2c], 0 jne short loc_00409b44 ; jne 0x409b44 mov eax, dword [ref_00474930] ; mov eax, dword [0x474930] cmp eax, dword [ref_0048b2ac] ; cmp eax, dword [0x48b2ac] jne short loc_00409b44 ; jne 0x409b44 mov eax, dword [ref_00474934] ; mov eax, dword [0x474934] cmp eax, dword [ref_0048b2b0] ; cmp eax, dword [0x48b2b0] je near loc_0040b33b ; je 0x40b33b loc_00409b44: mov eax, dword [ref_0048b2ac] ; mov eax, dword [0x48b2ac] mov dword [ref_00474930], eax ; mov dword [0x474930], eax mov edx, dword [ref_0048b2b0] ; mov edx, dword [0x48b2b0] mov dword [ref_00474934], edx ; mov dword [0x474934], edx mov ecx, eax sar ecx, 5 mov dword [esp + 0x10], ecx mov ecx, edx sar ecx, 5 mov dword [esp + 0x14], ecx lea ecx, [esp + 4] push ecx lea ecx, [esp + 4] push ecx push edx push eax call fcn_00407a2c ; call 0x407a2c add esp, 0x10 push 0x5e880 push 0 mov esi, dword [ref_00474938] ; mov esi, dword [0x474938] push esi add dword [esp + 0xc], 0xdc add dword [esp + 0x10], 0xdc call memset ; call 0x456f60 add esp, 0xc mov esi, 1 mov ebx, dword [ref_00498e80] ; mov ebx, dword [0x498e80] loc_00409bb1: add ebx, 0x28 cmp esi, dword [ref_00498e9c] ; cmp esi, dword [0x498e9c] jg near loc_00409c61 ; jg 0x409c61 test dword [ebx + 0x24], 0xffff00 jne near loc_00409c5b ; jne 0x409c5b movsx eax, word [ebx] mov edx, eax sar edx, 5 sub edx, dword [esp + 0x10] lea edi, [edx + 0xe] movsx edx, word [ebx + 2] mov ebp, edx sar ebp, 5 sub ebp, dword [esp + 0x14] add ebp, 0xe test edi, edi jl short loc_00409c5b ; jl 0x409c5b cmp edi, 0x1c jg short loc_00409c5b ; jg 0x409c5b test ebp, ebp jl short loc_00409c5b ; jl 0x409c5b cmp ebp, 0x1c jg short loc_00409c5b ; jg 0x409c5b lea ecx, [esp + 0xc] push ecx lea ecx, [esp + 0xc] push ecx push edx push eax call fcn_00407a2c ; call 0x407a2c add esp, 0x10 imul eax, dword [ref_00499088], 0xd24 ; imul eax, dword [0x499088], 0xd24 imul ebp, ebp, 0x74 add eax, ebp movsx edx, word [eax + edi*4 + ref_0046ccf2] ; movsx edx, word [eax + edi*4 + 0x46ccf2] sub edx, dword [esp + 8] add edx, dword [esp] movsx eax, word [eax + edi*4 + ref_0046ccf0] ; movsx eax, word [eax + edi*4 + 0x46ccf0] sub eax, dword [esp + 0xc] add eax, dword [esp + 4] push esi push eax push edx mov eax, dword [ref_0047494d] ; mov eax, dword [0x47494d] add eax, 0x3c push eax mov ebp, dword [ref_00474938] ; mov ebp, dword [0x474938] push ebp call fcn_00456a1c ; call 0x456a1c add esp, 0x14 loc_00409c5b: inc esi jmp near loc_00409bb1 ; jmp 0x409bb1 loc_00409c61: cmp dword [ref_0048bac8], 0 ; cmp dword [0x48bac8], 0 je near loc_0040b33b ; je 0x40b33b xor esi, esi loc_00409c70: cmp esi, dword [ref_0048bac8] ; cmp esi, dword [0x48bac8] jge near loc_0040b33b ; jge 0x40b33b mov edi, dword [esi*4 + ref_0048a44c] ; mov edi, dword [esi*4 + 0x48a44c] shr edi, 0x10 mov eax, edi shl eax, 2 sub eax, edi shl eax, 2 mov dx, word [eax + ref_0048a850] ; mov dx, word [eax + 0x48a850] test dx, dx je near loc_00409de1 ; je 0x409de1 xor ebx, ebx mov bx, dx cmp ebx, 0x7d0 jle near loc_00409d8d ; jle 0x409d8d cmp ebx, 0x1f40 jge near loc_00409d8d ; jge 0x409d8d cmp ebx, 0x7d0 jle short loc_00409cf6 ; jle 0x409cf6 cmp ebx, 0xfa0 jge short loc_00409cf6 ; jge 0x409cf6 lea edx, [ebx - 0x7d0] imul edx, edx, 0x34 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] mov al, byte [edx + eax + 0x1b] and eax, 0xff add eax, dword [ref_00499088] ; add eax, dword [0x499088] mov edx, 8 sub edx, eax and edx, 1 jmp short loc_00409d4a ; jmp 0x409d4a loc_00409cf6: cmp ebx, 0xfa0 jle short loc_00409d1e ; jle 0x409d1e cmp ebx, 0x1770 jge short loc_00409d1e ; jge 0x409d1e lea eax, [ebx - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] jmp short loc_00409d2c ; jmp 0x409d2c loc_00409d1e: lea eax, [ebx - 0x1770] imul edx, eax, 0x34 mov eax, dword [ref_00498e7c] ; mov eax, dword [0x498e7c] loc_00409d2c: mov al, byte [edx + eax + 0x1b] and eax, 0xff add eax, dword [ref_00499088] ; add eax, dword [0x499088] mov edx, 8 sub edx, eax mov eax, edx and eax, 1 lea edx, [eax + 2] loc_00409d4a: push ebx mov eax, edi shl eax, 2 sub eax, edi movsx ebp, word [eax*4 + ref_0048a856] ; movsx ebp, word [eax*4 + 0x48a856] sub ebp, 0x28 push ebp movsx eax, word [eax*4 + ref_0048a854] ; movsx eax, word [eax*4 + 0x48a854] push eax mov ebp, dword [ref_0047494d] ; mov ebp, dword [0x47494d] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 lea eax, [ebp + 0xc] add eax, edx push eax mov eax, dword [ref_00474938] ; mov eax, dword [0x474938] push eax call fcn_00456a1c ; call 0x456a1c add esp, 0x14 loc_00409d8d: mov eax, edi shl eax, 2 sub eax, edi shl eax, 2 cmp dword [eax + ref_0048a84c], 0 ; cmp dword [eax + 0x48a84c], 0 je short loc_00409de1 ; je 0x409de1 push ebx movsx edx, word [eax + ref_0048a856] ; movsx edx, word [eax + 0x48a856] sub edx, 0x28 push edx movsx edx, word [eax + ref_0048a854] ; movsx edx, word [eax + 0x48a854] push edx xor edx, edx mov dl, byte [eax + ref_0048a853] ; mov dl, byte [eax + 0x48a853] mov ebx, edx shl ebx, 2 sub ebx, edx shl ebx, 2 mov eax, dword [eax + ref_0048a84c] ; mov eax, dword [eax + 0x48a84c] add eax, 0xc add eax, ebx push eax mov ecx, dword [ref_00474938] ; mov ecx, dword [0x474938] push ecx call fcn_00456a1c ; call 0x456a1c add esp, 0x14 loc_00409de1: inc esi jmp near loc_00409c70 ; jmp 0x409c70 fcn_00409de7: push ebx push esi push edi push 0x5e880 push 0 mov edx, dword [ref_00474938] ; mov edx, dword [0x474938] push edx call memset ; call 0x456f60 add esp, 0xc cmp dword [ref_0048bac8], 0 ; cmp dword [0x48bac8], 0 je near loc_00409ef5 ; je 0x409ef5 xor ecx, ecx loc_00409e0f: cmp ecx, dword [ref_0048bac8] ; cmp ecx, dword [0x48bac8] jge near loc_00409ee7 ; jge 0x409ee7 mov edi, dword [ecx*4 + ref_0048a44c] ; mov edi, dword [ecx*4 + 0x48a44c] shr edi, 0x10 mov eax, edi shl eax, 2 sub eax, edi shl eax, 2 cmp word [eax + ref_0048a850], 0 ; cmp word [eax + 0x48a850], 0 je near loc_00409ee1 ; je 0x409ee1 cmp dword [eax + ref_0048a84c], 0 ; cmp dword [eax + 0x48a84c], 0 je near loc_00409ee1 ; je 0x409ee1 movsx ebx, word [eax + ref_0048a854] ; movsx ebx, word [eax + 0x48a854] movsx edx, word [eax + ref_0048a856] ; movsx edx, word [eax + 0x48a856] sub edx, 0x28 test byte [eax + ref_0048a851], 0x80 ; test byte [eax + 0x48a851], 0x80 je short loc_00409e95 ; je 0x409e95 test byte [eax + ref_0048a851], 0x3f ; test byte [eax + 0x48a851], 0x3f je short loc_00409e95 ; je 0x409e95 mov ax, word [eax + ref_0048a850] ; mov ax, word [eax + 0x48a850] xor al, al and ah, 0x3f and eax, 0xffff sar eax, 8 lea esi, [eax - 1] mov eax, esi shl eax, 2 sub eax, esi cmp byte [eax*8 + ref_00496d0d], 0 ; cmp byte [eax*8 + 0x496d0d], 0 jne short loc_00409ee1 ; jne 0x409ee1 loc_00409e95: test ebx, ebx jl short loc_00409ee1 ; jl 0x409ee1 cmp ebx, 0x1b8 jge short loc_00409ee1 ; jge 0x409ee1 test edx, edx jl short loc_00409ee1 ; jl 0x409ee1 cmp edx, 0x1b8 jge short loc_00409ee1 ; jge 0x409ee1 mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 2 add eax, edx lea edx, [eax + ebx] add edx, edx mov eax, dword [ref_00474938] ; mov eax, dword [0x474938] add edx, eax mov eax, edi shl eax, 2 sub eax, edi mov ax, word [eax*4 + ref_0048a850] ; mov ax, word [eax*4 + 0x48a850] or word [edx], ax loc_00409ee1: inc ecx jmp near loc_00409e0f ; jmp 0x409e0f loc_00409ee7: xor esi, esi mov dword [ref_00474930], esi ; mov dword [0x474930], esi mov dword [ref_00474934], esi ; mov dword [0x474934], esi loc_00409ef5: pop edi pop esi pop ebx ret fcn_00409ef9: push ebx push esi push edi push ebp sub esp, 0x18 mov eax, dword [ref_0048b2ac] ; mov eax, dword [0x48b2ac] mov dword [ref_00474930], eax ; mov dword [0x474930], eax mov edx, eax mov eax, dword [ref_0048b2b0] ; mov eax, dword [0x48b2b0] mov dword [ref_00474934], eax ; mov dword [0x474934], eax mov ecx, edx sar ecx, 5 mov dword [esp + 0x10], ecx mov ecx, eax sar ecx, 5 mov dword [esp + 0x14], ecx lea ecx, [esp + 4] push ecx lea ecx, [esp + 4] push ecx push eax push edx call fcn_00407a2c ; call 0x407a2c add esp, 0x10 push 0x5e880 push 0 mov edx, dword [ref_00474938] ; mov edx, dword [0x474938] push edx add dword [esp + 0xc], 0xdc add dword [esp + 0x10], 0xdc call memset ; call 0x456f60 add esp, 0xc mov edi, 1 mov esi, dword [ref_00498e80] ; mov esi, dword [0x498e80] loc_00409f6d: add esi, 0x28 cmp edi, dword [ref_00498e9c] ; cmp edi, dword [0x498e9c] jg near loc_0040a050 ; jg 0x40a050 test dword [esi + 0x24], 0xffff00 jne near loc_0040a04a ; jne 0x40a04a movsx eax, word [esi] mov edx, eax sar edx, 5 sub edx, dword [esp + 0x10] lea ebx, [edx + 0xe] movsx edx, word [esi + 2] mov ecx, edx sar ecx, 5 sub ecx, dword [esp + 0x14] lea ebp, [ecx + 0xe] test ebx, ebx jl near loc_0040a04a ; jl 0x40a04a cmp ebx, 0x1c jg near loc_0040a04a ; jg 0x40a04a test ebp, ebp jl near loc_0040a04a ; jl 0x40a04a cmp ebp, 0x1c jg near loc_0040a04a ; jg 0x40a04a lea ecx, [esp + 0xc] push ecx lea ecx, [esp + 0xc] push ecx push edx push eax call fcn_00407a2c ; call 0x407a2c add esp, 0x10 imul eax, dword [ref_00499088], 0xd24 ; imul eax, dword [0x499088], 0xd24 imul ebp, ebp, 0x74 add ebp, eax mov eax, ebx movsx edx, word [ebp + eax*4 + ref_0046ccf2] ; movsx edx, word [ebp + eax*4 + 0x46ccf2] sub edx, dword [esp + 8] mov ecx, dword [esp] add ecx, edx movsx edx, word [ebp + eax*4 + ref_0046ccf0] ; movsx edx, word [ebp + eax*4 + 0x46ccf0] sub edx, dword [esp + 0xc] add edx, dword [esp + 4] test ecx, ecx jl short loc_0040a04a ; jl 0x40a04a cmp ecx, 0x1b8 jge short loc_0040a04a ; jge 0x40a04a test edx, edx jl short loc_0040a04a ; jl 0x40a04a cmp edx, 0x1b8 jge short loc_0040a04a ; jge 0x40a04a mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 2 add eax, edx add eax, ecx mov edx, dword [ref_00474938] ; mov edx, dword [0x474938] mov word [edx + eax*2], di loc_0040a04a: inc edi jmp near loc_00409f6d ; jmp 0x409f6d loc_0040a050: xor eax, eax mov dword [ref_00474930], eax ; mov dword [0x474930], eax mov dword [ref_00474934], eax ; mov dword [0x474934], eax xor edi, edi xor ecx, ecx xor esi, esi jmp short loc_0040a073 ; jmp 0x40a073 loc_0040a064: add ecx, 0x1b8 inc edi cmp edi, 0x1b8 jge short loc_0040a0a0 ; jge 0x40a0a0 loc_0040a073: xor ebx, ebx jmp short loc_0040a080 ; jmp 0x40a080 loc_0040a077: inc ebx cmp ebx, 0x1b8 jge short loc_0040a064 ; jge 0x40a064 loc_0040a080: lea eax, [ecx + ebx] add eax, eax mov edx, dword [ref_00474938] ; mov edx, dword [0x474938] add eax, edx mov dx, word [eax] test dx, dx je short loc_0040a077 ; je 0x40a077 mov word [esi*2 + ref_0048b8c4], dx ; mov word [esi*2 + 0x48b8c4], dx inc esi jmp short loc_0040a077 ; jmp 0x40a077 loc_0040a0a0: push 1 call fcn_00409b18 ; call 0x409b18 add esp, 4 mov eax, esi jmp near loc_0040b33b ; jmp 0x40b33b fcn_0040a0b1: push ebx push esi push edi push ebp sub esp, 0x18 mov eax, dword [esp + 0x2c] sar eax, 5 mov dword [esp + 0x14], eax mov eax, dword [esp + 0x30] sar eax, 5 mov dword [esp + 0x10], eax lea eax, [esp + 4] push eax lea eax, [esp + 4] push eax mov edx, dword [esp + 0x38] push edx mov ecx, dword [esp + 0x38] push ecx call fcn_00407a2c ; call 0x407a2c add esp, 0x10 push 0x5e880 push 0 mov ebx, dword [ref_00474938] ; mov ebx, dword [0x474938] push ebx add dword [esp + 0xc], 0xdc add dword [esp + 0x10], 0xdc call memset ; call 0x456f60 add esp, 0xc imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov edx, dword [eax + (_players+50)] ; mov edx, dword [eax + 0x496b9a] test edx, edx jne near loc_0040a206 ; jne 0x40a206 mov dx, word [eax + (_players+8)] ; mov dx, word [eax + 0x496b70] mov ecx, edx sar ecx, 5 sub ecx, dword [esp + 0x14] lea ebx, [ecx + 0xe] mov ax, word [eax + (_players+10)] ; mov ax, word [eax + 0x496b72] and eax, 0xffff mov ebp, eax sar ebp, 5 sub ebp, dword [esp + 0x10] add ebp, 0xe test ebx, ebx jl near loc_0040a206 ; jl 0x40a206 cmp ebx, 0x1c jg near loc_0040a206 ; jg 0x40a206 test ebp, ebp jl near loc_0040a206 ; jl 0x40a206 cmp ebp, 0x1c jg near loc_0040a206 ; jg 0x40a206 lea ecx, [esp + 0xc] push ecx lea ecx, [esp + 0xc] push ecx push eax push edx call fcn_00407a2c ; call 0x407a2c add esp, 0x10 imul eax, dword [ref_00499088], 0xd24 ; imul eax, dword [0x499088], 0xd24 imul edx, ebp, 0x74 add edx, eax mov eax, ebx shl eax, 2 add eax, edx movsx edx, word [eax + ref_0046ccf2] ; movsx edx, word [eax + 0x46ccf2] sub edx, dword [esp + 8] mov ebx, dword [esp] add ebx, edx movsx eax, word [eax + ref_0046ccf0] ; movsx eax, word [eax + 0x46ccf0] sub eax, dword [esp + 0xc] add eax, dword [esp + 4] mov cl, byte [_current_player] ; mov cl, byte [0x49910c] mov edx, 1 shl edx, cl mov ecx, edx add ch, 0x80 test ebx, ebx jl short loc_0040a206 ; jl 0x40a206 cmp ebx, 0x1b8 jge short loc_0040a206 ; jge 0x40a206 test eax, eax jl short loc_0040a206 ; jl 0x40a206 cmp eax, 0x1b8 jge short loc_0040a206 ; jge 0x40a206 mov edx, eax shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 2 add eax, edx add eax, ebx mov edx, dword [ref_00474938] ; mov edx, dword [0x474938] mov word [edx + eax*2], cx loc_0040a206: mov edi, 1 mov esi, dword [ref_00498e84] ; mov esi, dword [0x498e84] loc_0040a211: add esi, 0x34 cmp edi, dword [ref_00498e98] ; cmp edi, dword [0x498e98] jg near loc_0040a2f6 ; jg 0x40a2f6 cmp byte [esi + 0x19], 0 je near loc_0040a2f0 ; je 0x40a2f0 movsx edx, word [esi] mov ebx, edx sar ebx, 5 sub ebx, dword [esp + 0x14] add ebx, 0xe movsx eax, word [esi + 2] mov ecx, eax sar ecx, 5 sub ecx, dword [esp + 0x10] lea ebp, [ecx + 0xe] test ebx, ebx jl near loc_0040a2f0 ; jl 0x40a2f0 cmp ebx, 0x1c jg near loc_0040a2f0 ; jg 0x40a2f0 test ebp, ebp jl near loc_0040a2f0 ; jl 0x40a2f0 cmp ebp, 0x1c jg near loc_0040a2f0 ; jg 0x40a2f0 lea ecx, [esp + 0xc] push ecx lea ecx, [esp + 0xc] push ecx push eax push edx call fcn_00407a2c ; call 0x407a2c add esp, 0x10 imul eax, dword [ref_00499088], 0xd24 ; imul eax, dword [0x499088], 0xd24 imul ebp, ebp, 0x74 add ebp, eax mov eax, ebx movsx ebx, word [ebp + eax*4 + ref_0046ccf2] ; movsx ebx, word [ebp + eax*4 + 0x46ccf2] sub ebx, dword [esp + 8] add ebx, dword [esp] movsx eax, word [ebp + eax*4 + ref_0046ccf0] ; movsx eax, word [ebp + eax*4 + 0x46ccf0] sub eax, dword [esp + 0xc] add eax, dword [esp + 4] test ebx, ebx jl short loc_0040a2f0 ; jl 0x40a2f0 cmp ebx, 0x1b8 jge short loc_0040a2f0 ; jge 0x40a2f0 test eax, eax jl short loc_0040a2f0 ; jl 0x40a2f0 cmp eax, 0x1b8 jge short loc_0040a2f0 ; jge 0x40a2f0 mov ecx, edi add ecx, 0x7d0 mov edx, eax shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 2 add eax, edx add eax, ebx mov edx, dword [ref_00474938] ; mov edx, dword [0x474938] mov word [edx + eax*2], cx loc_0040a2f0: inc edi jmp near loc_0040a211 ; jmp 0x40a211 loc_0040a2f6: mov edi, 1 mov esi, dword [ref_00498e88] ; mov esi, dword [0x498e88] loc_0040a301: add esi, 0x38 cmp edi, dword [ref_00498e8c] ; cmp edi, dword [0x498e8c] jg near loc_0040a3e9 ; jg 0x40a3e9 cmp byte [esi + 0x19], 0 je near loc_0040a3e3 ; je 0x40a3e3 movsx eax, word [esi] mov edx, eax sar edx, 5 sub edx, dword [esp + 0x14] lea ebx, [edx + 0xe] movsx edx, word [esi + 2] mov ecx, edx sar ecx, 5 sub ecx, dword [esp + 0x10] lea ebp, [ecx + 0xe] test ebx, ebx jl near loc_0040a3e3 ; jl 0x40a3e3 cmp ebx, 0x1c jg near loc_0040a3e3 ; jg 0x40a3e3 test ebp, ebp jl near loc_0040a3e3 ; jl 0x40a3e3 cmp ebp, 0x1c jg near loc_0040a3e3 ; jg 0x40a3e3 lea ecx, [esp + 0xc] push ecx lea ecx, [esp + 0xc] push ecx push edx push eax call fcn_00407a2c ; call 0x407a2c add esp, 0x10 imul eax, dword [ref_00499088], 0xd24 ; imul eax, dword [0x499088], 0xd24 imul ebp, ebp, 0x74 add ebp, eax mov eax, ebx movsx edx, word [ebp + eax*4 + ref_0046ccf2] ; movsx edx, word [ebp + eax*4 + 0x46ccf2] sub edx, dword [esp + 8] mov ebx, dword [esp] add ebx, edx movsx eax, word [ebp + eax*4 + ref_0046ccf0] ; movsx eax, word [ebp + eax*4 + 0x46ccf0] sub eax, dword [esp + 0xc] add eax, dword [esp + 4] test ebx, ebx jl short loc_0040a3e3 ; jl 0x40a3e3 cmp ebx, 0x1b8 jge short loc_0040a3e3 ; jge 0x40a3e3 test eax, eax jl short loc_0040a3e3 ; jl 0x40a3e3 cmp eax, 0x1b8 jge short loc_0040a3e3 ; jge 0x40a3e3 mov ecx, edi add ecx, 0xfa0 mov edx, eax shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 2 add edx, eax add edx, ebx add edx, edx mov eax, dword [ref_00474938] ; mov eax, dword [0x474938] mov word [edx + eax], cx loc_0040a3e3: inc edi jmp near loc_0040a301 ; jmp 0x40a301 loc_0040a3e9: mov edx, dword [esp + 0x34] cmp edx, 0xffffffff jne short loc_0040a3fb ; jne 0x40a3fb xor ecx, ecx mov ebp, 0x1b8 jmp short loc_0040a421 ; jmp 0x40a421 loc_0040a3fb: mov edi, 0xdc sub edi, edx mov eax, edi shl eax, 2 sub eax, edi shl eax, 2 sub eax, edi shl eax, 3 mov edx, eax shl eax, 2 add eax, edx lea ecx, [eax + edi] mov ebp, dword [esp + 0x34] add ebp, ebp loc_0040a421: xor edi, edi xor esi, esi loc_0040a425: cmp edi, ebp jge near loc_0040a0a0 ; jge 0x40a0a0 xor ebx, ebx loc_0040a42f: cmp ebx, ebp jge short loc_0040a453 ; jge 0x40a453 lea edx, [ecx + ebx] add edx, edx mov eax, dword [ref_00474938] ; mov eax, dword [0x474938] add eax, edx mov dx, word [eax] test dx, dx je short loc_0040a450 ; je 0x40a450 mov word [esi*2 + ref_0048b8c4], dx ; mov word [esi*2 + 0x48b8c4], dx inc esi loc_0040a450: inc ebx jmp short loc_0040a42f ; jmp 0x40a42f loc_0040a453: add ecx, 0x1b8 inc edi jmp short loc_0040a425 ; jmp 0x40a425 fcn_0040a45c: push ebx push esi push edi push ebp mov edi, dword [esp + 0x14] cmp edi, 0xffffffff jne short loc_0040a472 ; jne 0x40a472 xor esi, esi mov edi, 0x1b8 jmp short loc_0040a494 ; jmp 0x40a494 loc_0040a472: mov ebp, 0xdc sub ebp, edi mov eax, ebp shl eax, 2 sub eax, ebp shl eax, 2 sub eax, ebp shl eax, 3 mov edx, eax shl eax, 2 add eax, edx lea esi, [eax + ebp] add edi, edi loc_0040a494: call fcn_00409de7 ; call 0x409de7 xor ebp, ebp xor ebx, ebx loc_0040a49d: cmp ebp, edi jge short loc_0040a4d0 ; jge 0x40a4d0 xor edx, edx loc_0040a4a3: cmp edx, edi jge short loc_0040a4c7 ; jge 0x40a4c7 lea ecx, [esi + edx] add ecx, ecx mov eax, dword [ref_00474938] ; mov eax, dword [0x474938] add eax, ecx mov cx, word [eax] test cx, cx je short loc_0040a4c4 ; je 0x40a4c4 mov word [ebx*2 + ref_0048b8c4], cx ; mov word [ebx*2 + 0x48b8c4], cx inc ebx loc_0040a4c4: inc edx jmp short loc_0040a4a3 ; jmp 0x40a4a3 loc_0040a4c7: add esi, 0x1b8 inc ebp jmp short loc_0040a49d ; jmp 0x40a49d loc_0040a4d0: push 1 call fcn_00409b18 ; call 0x409b18 add esp, 4 mov eax, ebx loc_0040a4dc: pop ebp pop edi pop esi pop ebx ret fcn_0040a4e1: push ebx push esi push edi push ebp mov edi, dword [esp + 0x14] push 0 push 0 mov ecx, dword [ref_0048bad0] ; mov ecx, dword [0x48bad0] mov eax, edi shl eax, 2 sub eax, edi shl eax, 2 add ecx, 0xc add ecx, eax push ecx mov edx, dword [ref_0048badc] ; mov edx, dword [0x48badc] add edx, 0xc add eax, edx push eax call fcn_00456280 ; call 0x456280 add esp, 0x10 mov esi, 1 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] loc_0040a522: add ebx, 0x34 cmp esi, dword [ref_00498e98] ; cmp esi, dword [0x498e98] jg near loc_0040a60f ; jg 0x40a60f cmp byte [ebx + 0x19], 0 je near loc_0040a609 ; je 0x40a609 test edi, edi je short loc_0040a583 ; je 0x40a583 movsx edx, word [ebx] mov ecx, edx shl ecx, 2 sub ecx, edx shl ecx, 2 sub ecx, edx shl ecx, 3 add ecx, edx shl ecx, 7 sar ecx, 0x10 movsx edx, word [ebx + 2] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 add edx, eax shl edx, 7 sar edx, 0x10 mov al, byte [ebx + 0x1b] and al, 1 and eax, 0xff add eax, 0x1a jmp short loc_0040a5c5 ; jmp 0x40a5c5 loc_0040a583: movsx edx, word [ebx] mov ecx, edx shl ecx, 2 sub ecx, edx shl ecx, 2 sub ecx, edx shl ecx, 3 add ecx, edx shl ecx, 6 sar ecx, 0x10 movsx edx, word [ebx + 2] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 add edx, eax shl edx, 6 sar edx, 0x10 mov al, byte [ebx + 0x1b] and al, 1 and eax, 0xff add eax, 0x16 loc_0040a5c5: movzx ebp, byte [ebx + 0x19] dec ebp imul ebp, ebp, 0x68 push dword [ebp + (_players+4)] ; push dword [ebp + 0x496b6c] push edx push ecx mov ecx, dword [ref_0048bad8] ; mov ecx, dword [0x48bad8] mov edx, eax shl eax, 2 sub eax, edx shl eax, 2 add ecx, 0xc add eax, ecx push eax mov ecx, dword [ref_0048badc] ; mov ecx, dword [0x48badc] mov eax, edi shl eax, 2 sub eax, edi shl eax, 2 add ecx, 0xc add eax, ecx push eax call fcn_00456384 ; call 0x456384 add esp, 0x14 loc_0040a609: inc esi jmp near loc_0040a522 ; jmp 0x40a522 loc_0040a60f: mov esi, 1 mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] loc_0040a61a: add ebx, 0x38 cmp esi, dword [ref_00498e8c] ; cmp esi, dword [0x498e8c] jg near loc_0040a709 ; jg 0x40a709 cmp byte [ebx + 0x19], 0 je near loc_0040a703 ; je 0x40a703 test edi, edi je short loc_0040a67b ; je 0x40a67b movsx edx, word [ebx] mov ecx, edx shl ecx, 2 sub ecx, edx shl ecx, 2 sub ecx, edx shl ecx, 3 add ecx, edx shl ecx, 7 sar ecx, 0x10 movsx edx, word [ebx + 2] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 add edx, eax shl edx, 7 sar edx, 0x10 mov al, byte [ebx + 0x1b] and al, 1 and eax, 0xff add eax, 0x1c jmp short loc_0040a6bd ; jmp 0x40a6bd loc_0040a67b: movsx edx, word [ebx] mov ecx, edx shl ecx, 2 sub ecx, edx shl ecx, 2 sub ecx, edx shl ecx, 3 add ecx, edx shl ecx, 6 sar ecx, 0x10 movsx edx, word [ebx + 2] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 add edx, eax shl edx, 6 sar edx, 0x10 mov al, byte [ebx + 0x1b] and al, 1 and eax, 0xff add eax, 0x18 loc_0040a6bd: movzx ebp, byte [ebx + 0x19] dec ebp imul ebp, ebp, 0x68 push dword [ebp + (_players+4)] ; push dword [ebp + 0x496b6c] push edx push ecx mov ecx, dword [ref_0048bad8] ; mov ecx, dword [0x48bad8] mov edx, eax shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 lea eax, [ecx + 0xc] add eax, edx push eax mov ecx, dword [ref_0048badc] ; mov ecx, dword [0x48badc] mov eax, edi shl eax, 2 sub eax, edi shl eax, 2 lea edx, [ecx + 0xc] add eax, edx push eax call fcn_00456384 ; call 0x456384 add esp, 0x14 loc_0040a703: inc esi jmp near loc_0040a61a ; jmp 0x40a61a loc_0040a709: mov esi, 1 mov ebx, dword [ref_00498e7c] ; mov ebx, dword [0x498e7c] loc_0040a714: add ebx, 0x34 cmp esi, dword [ref_00498e90] ; cmp esi, dword [0x498e90] jg near loc_0040a4dc ; jg 0x40a4dc cmp byte [ebx + 0x18], 0 je near loc_0040a7fb ; je 0x40a7fb test edi, edi je short loc_0040a775 ; je 0x40a775 movsx edx, word [ebx] mov ecx, edx shl ecx, 2 sub ecx, edx shl ecx, 2 sub ecx, edx shl ecx, 3 add ecx, edx shl ecx, 7 sar ecx, 0x10 movsx edx, word [ebx + 2] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 add edx, eax shl edx, 7 sar edx, 0x10 mov al, byte [ebx + 0x1b] and al, 1 and eax, 0xff add eax, 0x1c jmp short loc_0040a7b7 ; jmp 0x40a7b7 loc_0040a775: movsx edx, word [ebx] mov ecx, edx shl ecx, 2 sub ecx, edx shl ecx, 2 sub ecx, edx shl ecx, 3 add ecx, edx shl ecx, 6 sar ecx, 0x10 movsx edx, word [ebx + 2] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 add edx, eax shl edx, 6 sar edx, 0x10 mov al, byte [ebx + 0x1b] and al, 1 and eax, 0xff add eax, 0x18 loc_0040a7b7: movzx ebp, byte [ebx + 0x18] dec ebp imul ebp, ebp, 0x68 push dword [ebp + (_players+4)] ; push dword [ebp + 0x496b6c] push edx push ecx mov ecx, dword [ref_0048bad8] ; mov ecx, dword [0x48bad8] mov edx, eax shl eax, 2 sub eax, edx shl eax, 2 lea edx, [ecx + 0xc] add eax, edx push eax mov ecx, dword [ref_0048badc] ; mov ecx, dword [0x48badc] mov eax, edi shl eax, 2 sub eax, edi shl eax, 2 add ecx, 0xc add eax, ecx push eax call fcn_00456384 ; call 0x456384 add esp, 0x14 loc_0040a7fb: inc esi jmp near loc_0040a714 ; jmp 0x40a714 fcn_0040a801: push ebx push esi push edi push ebp sub esp, 0x10 mov eax, dword [esp + 0x28] cmp eax, 0x205 jb short loc_0040a821 ; jb 0x40a821 jbe short loc_0040a854 ; jbe 0x40a854 cmp eax, 0x401 je short loc_0040a82b ; je 0x40a82b jmp near loc_0040a9a4 ; jmp 0x40a9a4 loc_0040a821: cmp eax, 0xf je short loc_0040a86d ; je 0x40a86d jmp near loc_0040a9a4 ; jmp 0x40a9a4 loc_0040a82b: push 1 call fcn_0040a4e1 ; call 0x40a4e1 add esp, 4 push 1 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 0 mov edx, dword [esp + 0x2c] push edx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_0040a998 ; jmp 0x40a998 loc_0040a854: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 call _Post_0402_Message ; call 0x401966 add esp, 4 jmp near loc_0040a998 ; jmp 0x40a998 loc_0040a86d: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x3c push 0x14 mov eax, dword [ref_0048badc] ; mov eax, dword [0x48badc] add eax, 0x18 push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 xor ebx, ebx loc_0040a8a1: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge near loc_0040a928 ; jge 0x40a928 imul edx, ebx, 0x68 cmp word [edx + (_players+8)], 0 ; cmp word [edx + 0x496b70], 0 je short loc_0040a922 ; je 0x40a922 xor ecx, ecx mov cx, word [edx + (_players+8)] ; mov cx, word [edx + 0x496b70] mov eax, ecx shl eax, 2 sub eax, ecx shl eax, 2 sub eax, ecx shl eax, 3 add eax, ecx shl eax, 7 sar eax, 0x10 lea ecx, [eax + 0x14] mov dx, word [edx + (_players+10)] ; mov dx, word [edx + 0x496b72] and edx, 0xffff mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 7 sar eax, 0x10 add eax, 0x3c push eax push ecx imul eax, ebx, 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x48 push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 loc_0040a922: inc ebx jmp near loc_0040a8a1 ; jmp 0x40a8a1 loc_0040a928: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov dword [esp], 0x14 mov dword [esp + 4], 0x3c mov dword [esp + 8], 0x1a4 mov dword [esp + 0xc], 0x1cc mov eax, esp push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] push esi push 0x3c push 0x14 push eax call dword [edx + 0x1c] ; ucall mov eax, esp push eax call fcn_00402250 ; call 0x402250 add esp, 4 push 0 mov edi, dword [esp + 0x28] push edi call dword [cs:__imp__ValidateRect@8] ; ucall: call dword cs:[0x462340] loc_0040a998: xor eax, eax loc_0040a99a: add esp, 0x10 pop ebp pop edi pop esi pop ebx ret 0x10 loc_0040a9a4: mov ecx, dword [esp + 0x30] push ecx mov ebx, dword [esp + 0x30] push ebx push eax mov esi, dword [esp + 0x30] push esi call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp short loc_0040a99a ; jmp 0x40a99a map_ui: push 0 push fcn_0040a801 ; push 0x40a801 call _Wait_0402_Message ; call 0x4018e7 add esp, 8 push 1 call fcn_00415e70 ; call 0x415e70 add esp, 4 ret fcn_0040a9d7: push 0 call fcn_00409b18 ; call 0x409b18 add esp, 4 mov edx, dword [esp + 8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 2 add eax, edx add eax, dword [esp + 4] mov edx, dword [ref_00474938] ; mov edx, dword [0x474938] mov ax, word [edx + eax*2] and eax, 0xffff ret fcn_0040aa0f: push ebx sub esp, 0x100 mov edx, 1 xor ebx, ebx loc_0040aa1d: cmp edx, dword [ref_00498e9c] ; cmp edx, dword [0x498e9c] jg short loc_0040aa53 ; jg 0x40aa53 mov eax, edx shl eax, 2 lea ecx, [edx + eax] shl ecx, 3 mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] add eax, ecx test dword [eax + 0x24], 0x80ffff00 jne short loc_0040aa50 ; jne 0x40aa50 cmp dword [eax + 0x18], 0 jne short loc_0040aa4c ; jne 0x40aa4c cmp dword [eax + 0x1c], 0 je short loc_0040aa50 ; je 0x40aa50 loc_0040aa4c: mov byte [esp + ebx], dl inc ebx loc_0040aa50: inc edx jmp short loc_0040aa1d ; jmp 0x40aa1d loc_0040aa53: call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv ebx xor eax, eax mov al, byte [esp + edx] add esp, 0x100 pop ebx ret fcn_0040aa6c: push ebx push esi push edi push ebp sub esp, 0x104 mov edx, dword [esp + 0x118] test edx, edx je short loc_0040aaa2 ; je 0x40aaa2 mov eax, edx shl eax, 2 add eax, edx shl eax, 3 mov ebp, dword [ref_00498e80] ; mov ebp, dword [0x498e80] add ebp, eax movsx eax, word [ebp] mov dword [esp + 0x100], eax movsx ebp, word [ebp + 2] loc_0040aaa2: mov edx, 1 xor ebx, ebx loc_0040aaa9: cmp edx, dword [ref_00498e9c] ; cmp edx, dword [0x498e9c] jg short loc_0040aadf ; jg 0x40aadf mov eax, edx shl eax, 2 add eax, edx shl eax, 3 mov ecx, dword [ref_00498e80] ; mov ecx, dword [0x498e80] add eax, ecx test dword [eax + 0x24], 0x80ffff00 jne short loc_0040aadc ; jne 0x40aadc cmp dword [eax + 0x18], 0 jne short loc_0040aad8 ; jne 0x40aad8 cmp dword [eax + 0x1c], 0 je short loc_0040aadc ; je 0x40aadc loc_0040aad8: mov byte [esp + ebx], dl inc ebx loc_0040aadc: inc edx jmp short loc_0040aaa9 ; jmp 0x40aaa9 loc_0040aadf: call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv ebx movzx esi, byte [esp + edx] mov eax, esi shl eax, 2 add eax, esi shl eax, 3 mov edx, dword [ref_00498e80] ; mov edx, dword [0x498e80] add eax, edx movsx edx, word [eax] movsx edi, word [eax + 2] cmp dword [esp + 0x118], 0 je short loc_0040ab3d ; je 0x40ab3d sub edx, dword [esp + 0x100] push edx call _abs ; call 0x458276 add esp, 4 cmp eax, 0x12c jge short loc_0040ab3d ; jge 0x40ab3d mov eax, edi sub eax, ebp push eax call _abs ; call 0x458276 add esp, 4 cmp eax, 0x12c jl short loc_0040aadf ; jl 0x40aadf loc_0040ab3d: mov eax, esi add esp, 0x104 pop ebp pop edi pop esi pop ebx ret fcn_0040ab4a: push ebx push esi mov esi, dword [esp + 0xc] mov ebx, dword [esp + 0x10] xor edx, edx cmp esi, 0x7d0 jle near loc_0040abdb ; jle 0x40abdb cmp esi, 0xfa0 jge near loc_0040abdb ; jge 0x40abdb lea eax, [esi - 0x7d0] imul ecx, eax, 0x34 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add eax, ecx cmp ebx, 1 jb short loc_0040ab8c ; jb 0x40ab8c jbe short loc_0040abae ; jbe 0x40abae cmp ebx, 2 je short loc_0040abc8 ; je 0x40abc8 jmp short loc_0040abdb ; jmp 0x40abdb loc_0040ab8c: test ebx, ebx jne short loc_0040abdb ; jne 0x40abdb mov ch, byte [eax + 0x1a] test ch, ch je short loc_0040abdb ; je 0x40abdb mov dl, ch dec dl mov byte [eax + 0x1a], dl cmp byte [eax + 0x18], 0 je short loc_0040abd6 ; je 0x40abd6 mov byte [eax + 0x1a], 0 mov byte [eax + 0x18], 0 jmp short loc_0040abd6 ; jmp 0x40abd6 loc_0040abae: mov byte [eax + 0x19], 0 mov byte [eax + 0x1a], 0 mov byte [eax + 0x18], 0 mov dword [eax + 0x30], edx push edx call fcn_0040a4e1 ; call 0x40a4e1 add esp, 4 jmp short loc_0040abd6 ; jmp 0x40abd6 loc_0040abc8: cmp byte [eax + 0x1a], 0 je short loc_0040abdb ; je 0x40abdb mov byte [eax + 0x1a], 0 mov byte [eax + 0x18], 0 loc_0040abd6: mov edx, 1 loc_0040abdb: cmp esi, 0xfa0 jle near loc_0040ac76 ; jle 0x40ac76 cmp esi, 0x1770 jge near loc_0040ac76 ; jge 0x40ac76 lea eax, [esi - 0xfa0] shl eax, 3 mov ecx, eax shl eax, 3 sub eax, ecx mov ecx, dword [ref_00498e88] ; mov ecx, dword [0x498e88] add eax, ecx cmp ebx, 1 jb short loc_0040ac1c ; jb 0x40ac1c jbe short loc_0040ac3a ; jbe 0x40ac3a cmp ebx, 2 je short loc_0040ac5e ; je 0x40ac5e mov eax, edx pop esi pop ebx ret loc_0040ac1c: test ebx, ebx jne short loc_0040ac76 ; jne 0x40ac76 mov bh, byte [eax + 0x1a] test bh, bh je short loc_0040ac76 ; je 0x40ac76 mov cl, bh dec cl mov byte [eax + 0x1a], cl jne short loc_0040ac71 ; jne 0x40ac71 mov byte [eax + 0x18], cl call fcn_0040dffa ; call 0x40dffa jmp short loc_0040ac71 ; jmp 0x40ac71 loc_0040ac3a: mov byte [eax + 0x19], 0 mov byte [eax + 0x1a], 0 mov byte [eax + 0x18], 0 mov dword [eax + 0x34], 0 call fcn_0040dffa ; call 0x40dffa push 0 call fcn_0040a4e1 ; call 0x40a4e1 add esp, 4 jmp short loc_0040ac71 ; jmp 0x40ac71 loc_0040ac5e: cmp byte [eax + 0x1a], 0 je short loc_0040ac76 ; je 0x40ac76 mov byte [eax + 0x1a], 0 mov byte [eax + 0x18], 0 call fcn_0040dffa ; call 0x40dffa loc_0040ac71: mov edx, 1 loc_0040ac76: mov eax, edx pop esi pop ebx ret fcn_0040ac7b: push ebx push esi push edi push ebp sub esp, 0xc mov ebp, dword [esp + 0x28] mov esi, dword [esp + 0x2c] mov edx, dword [esp + 0x20] push edx call fcn_0040a45c ; call 0x40a45c add esp, 4 mov dword [esp], eax xor edi, edi loc_0040ac9c: cmp edi, dword [esp] jge near loc_0040af0a ; jge 0x40af0a mov ax, word [edi*2 + ref_0048b8c4] ; mov ax, word [edi*2 + 0x48b8c4] and eax, 0xffff mov dword [esp + 8], eax test byte [esp + 0x24], 2 je near loc_0040ad88 ; je 0x40ad88 mov ebx, dword [esp + 8] cmp ebx, 0x7d0 jle near loc_0040ad88 ; jle 0x40ad88 cmp ebx, 0xfa0 jge near loc_0040ad88 ; jge 0x40ad88 lea eax, [ebx - 0x7d0] imul eax, eax, 0x34 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] add ebx, eax test ebp, ebp jne short loc_0040ad3a ; jne 0x40ad3a cmp esi, 0xffffffff je short loc_0040ad1c ; je 0x40ad1c cmp byte [ebx + 0x19], 0 je short loc_0040ad1c ; je 0x40ad1c mov eax, dword [ref_004990e8] ; mov eax, dword [0x4990e8] add eax, eax mov edx, eax shl eax, 4 sub eax, edx push eax push esi xor eax, eax mov al, byte [ebx + 0x19] dec eax push eax call fcn_0040df69 ; call 0x40df69 add esp, 0xc loc_0040ad1c: mov cl, byte [ebx + 0x1a] test cl, cl je short loc_0040ad2a ; je 0x40ad2a mov ch, cl dec ch mov byte [ebx + 0x1a], ch loc_0040ad2a: cmp byte [ebx + 0x18], 0 je short loc_0040ad88 ; je 0x40ad88 mov byte [ebx + 0x1a], 0 mov byte [ebx + 0x18], 0 jmp short loc_0040ad88 ; jmp 0x40ad88 loc_0040ad3a: cmp esi, 0xffffffff je short loc_0040ad6b ; je 0x40ad6b cmp byte [ebx + 0x19], 0 je short loc_0040ad6b ; je 0x40ad6b xor edx, edx mov dl, byte [ebx + 0x1a] add edx, edx mov eax, edx shl eax, 4 sub eax, edx imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] push eax push esi xor eax, eax mov al, byte [ebx + 0x19] dec eax push eax call fcn_0040df69 ; call 0x40df69 add esp, 0xc loc_0040ad6b: mov byte [ebx + 0x19], 0 mov byte [ebx + 0x1a], 0 mov byte [ebx + 0x18], 0 mov dword [ebx + 0x30], 0 push 0 call fcn_0040a4e1 ; call 0x40a4e1 add esp, 4 loc_0040ad88: test byte [esp + 0x24], 4 je near loc_0040ae67 ; je 0x40ae67 mov ecx, dword [esp + 8] cmp ecx, 0xfa0 jle near loc_0040ae67 ; jle 0x40ae67 cmp ecx, 0x1770 jge near loc_0040ae67 ; jge 0x40ae67 lea eax, [ecx - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] add ebx, eax test ebp, ebp jne short loc_0040ae14 ; jne 0x40ae14 cmp esi, 0xffffffff je short loc_0040adf5 ; je 0x40adf5 cmp byte [ebx + 0x19], 0 je short loc_0040adf5 ; je 0x40adf5 mov eax, dword [ref_004990e8] ; mov eax, dword [0x4990e8] add eax, eax mov edx, eax shl eax, 4 sub eax, edx push eax push esi xor eax, eax mov al, byte [ebx + 0x19] dec eax push eax call fcn_0040df69 ; call 0x40df69 add esp, 0xc loc_0040adf5: mov cl, byte [ebx + 0x1a] test cl, cl je short loc_0040ae03 ; je 0x40ae03 mov ch, cl dec ch mov byte [ebx + 0x1a], ch loc_0040ae03: mov al, byte [ebx + 0x1a] test al, al jne short loc_0040ae67 ; jne 0x40ae67 mov byte [ebx + 0x18], al call fcn_0040dffa ; call 0x40dffa jmp short loc_0040ae67 ; jmp 0x40ae67 loc_0040ae14: cmp esi, 0xffffffff je short loc_0040ae45 ; je 0x40ae45 cmp byte [ebx + 0x19], 0 je short loc_0040ae45 ; je 0x40ae45 xor edx, edx mov dl, byte [ebx + 0x1a] add edx, edx mov eax, edx shl eax, 4 sub eax, edx imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] push eax push esi xor eax, eax mov al, byte [ebx + 0x19] dec eax push eax call fcn_0040df69 ; call 0x40df69 add esp, 0xc loc_0040ae45: mov byte [ebx + 0x19], 0 mov byte [ebx + 0x1a], 0 mov byte [ebx + 0x18], 0 mov dword [ebx + 0x34], 0 call fcn_0040dffa ; call 0x40dffa push 0 call fcn_0040a4e1 ; call 0x40a4e1 add esp, 4 loc_0040ae67: test byte [esp + 0x24], 0x20 je near loc_0040af04 ; je 0x40af04 test byte [esp + 9], 0x80 je near loc_0040af04 ; je 0x40af04 mov eax, dword [esp + 8] mov dword [esp + 4], eax test byte [esp + 8], 0xf je short loc_0040aeac ; je 0x40aeac xor ebx, ebx jmp short loc_0040ae9a ; jmp 0x40ae9a loc_0040ae90: sar dword [esp + 8], 1 inc ebx cmp ebx, 4 jge short loc_0040aeac ; jge 0x40aeac loc_0040ae9a: test byte [esp + 8], 1 je short loc_0040ae90 ; je 0x40ae90 push ebx call fcn_0040cd07 ; call 0x40cd07 add esp, 4 jmp short loc_0040ae90 ; jmp 0x40ae90 loc_0040aeac: mov eax, dword [esp + 4] mov dword [esp + 8], eax test byte [esp + 4], 0xf0 je short loc_0040aee0 ; je 0x40aee0 mov ebx, 4 jmp short loc_0040aecc ; jmp 0x40aecc loc_0040aec2: sar dword [esp + 8], 1 inc ebx cmp ebx, 8 jge short loc_0040aee0 ; jge 0x40aee0 loc_0040aecc: test byte [esp + 8], 0x10 je short loc_0040aec2 ; je 0x40aec2 push 0 push ebx call fcn_0043ec3f ; call 0x43ec3f add esp, 8 jmp short loc_0040aec2 ; jmp 0x40aec2 loc_0040aee0: test byte [esp + 5], 0x7f je short loc_0040af04 ; je 0x40af04 mov eax, dword [esp + 4] sar eax, 8 mov dword [esp + 8], eax mov edx, eax and edx, 0x7f mov dword [esp + 8], edx push edx call fcn_0040e14d ; call 0x40e14d add esp, 4 loc_0040af04: inc edi jmp near loc_0040ac9c ; jmp 0x40ac9c loc_0040af0a: add esp, 0xc pop ebp pop edi pop esi pop ebx ret fcn_0040af12: push ebx mov eax, dword [esp + 8] xor ebx, ebx xor ecx, ecx cmp eax, 0x7d0 jge short loc_0040af38 ; jge 0x40af38 mov edx, eax shl edx, 2 add edx, eax mov ecx, dword [ref_00498e80] ; mov ecx, dword [0x498e80] movsx ebx, word [ecx + edx*8] movsx ecx, word [ecx + edx*8 + 2] loc_0040af38: cmp eax, 0x7d0 jle short loc_0040af62 ; jle 0x40af62 cmp eax, 0xfa0 jge short loc_0040af62 ; jge 0x40af62 sub eax, 0x7d0 imul eax, eax, 0x34 mov ecx, dword [ref_00498e84] ; mov ecx, dword [0x498e84] loc_0040af54: movsx ebx, word [ecx + eax] movsx ecx, word [ecx + eax + 2] jmp near loc_0040b058 ; jmp 0x40b058 loc_0040af62: cmp eax, 0xfa0 jle short loc_0040af87 ; jle 0x40af87 cmp eax, 0x1770 jge short loc_0040af87 ; jge 0x40af87 sub eax, 0xfa0 shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov ecx, dword [ref_00498e88] ; mov ecx, dword [0x498e88] jmp short loc_0040af54 ; jmp 0x40af54 loc_0040af87: cmp eax, 0x1770 jle short loc_0040afa5 ; jle 0x40afa5 cmp eax, 0x1f40 jge short loc_0040afa5 ; jge 0x40afa5 sub eax, 0x1770 imul eax, eax, 0x34 mov ecx, dword [ref_00498e7c] ; mov ecx, dword [0x498e7c] jmp short loc_0040af54 ; jmp 0x40af54 loc_0040afa5: cmp eax, 0x1f40 jle short loc_0040afca ; jle 0x40afca cmp eax, 0x2710 jge short loc_0040afca ; jge 0x40afca sub eax, 0x1f40 shl eax, 2 mov edx, eax shl eax, 3 sub eax, edx mov ecx, dword [ref_00498e78] ; mov ecx, dword [0x498e78] jmp short loc_0040af54 ; jmp 0x40af54 loc_0040afca: test ah, 0x80 je near loc_0040b058 ; je 0x40b058 xor edx, edx test al, 0xf je short loc_0040afff ; je 0x40afff loc_0040afd9: mov ecx, eax and ecx, 1 cmp ecx, 1 je short loc_0040afe8 ; je 0x40afe8 sar eax, 1 inc edx jmp short loc_0040afd9 ; jmp 0x40afd9 loc_0040afe8: imul edx, edx, 0x68 xor ebx, ebx mov bx, word [edx + (_players+8)] ; mov bx, word [edx + 0x496b70] xor ecx, ecx mov cx, word [edx + (_players+10)] ; mov cx, word [edx + 0x496b72] jmp short loc_0040b058 ; jmp 0x40b058 loc_0040afff: test al, 0xf0 je short loc_0040b023 ; je 0x40b023 loc_0040b003: test al, 0x10 jne short loc_0040b00c ; jne 0x40b00c sar eax, 1 inc edx jmp short loc_0040b003 ; jmp 0x40b003 loc_0040b00c: shl edx, 4 xor ebx, ebx mov bx, word [edx + ref_00498e28] ; mov bx, word [edx + 0x498e28] xor ecx, ecx mov cx, word [edx + ref_00498e2a] ; mov cx, word [edx + 0x498e2a] jmp short loc_0040b058 ; jmp 0x40b058 loc_0040b023: test ah, 0x7f je short loc_0040b058 ; je 0x40b058 sar eax, 8 and eax, 0x7f lea edx, [eax - 1] mov eax, edx shl eax, 2 sub eax, edx xor edx, edx mov dx, word [eax*8 + ref_00496d0a] ; mov dx, word [eax*8 + 0x496d0a] mov eax, edx shl eax, 2 add eax, edx mov ecx, dword [ref_00498e80] ; mov ecx, dword [0x498e80] movsx ebx, word [ecx + eax*8] movsx ecx, word [ecx + eax*8 + 2] loc_0040b058: mov eax, dword [esp + 0xc] mov dword [eax], ebx mov eax, dword [esp + 0x10] mov dword [eax], ecx pop ebx ret fcn_0040b066: push ebx mov ebx, dword [esp + 8] xor edx, edx mov ecx, dword [ref_0048bac8] ; mov ecx, dword [0x48bac8] loc_0040b073: cmp edx, ecx jge short loc_0040b092 ; jge 0x40b092 mov eax, edx shl eax, 2 sub eax, edx mov ax, word [eax*4 + ref_0048a850] ; mov ax, word [eax*4 + 0x48a850] and eax, 0xffff cmp eax, ebx je short loc_0040b092 ; je 0x40b092 inc edx jmp short loc_0040b073 ; jmp 0x40b073 loc_0040b092: mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 movsx edx, word [eax + ref_0048a854] ; movsx edx, word [eax + 0x48a854] mov ecx, dword [esp + 0xc] mov dword [ecx], edx movsx edx, word [eax + ref_0048a856] ; movsx edx, word [eax + 0x48a856] mov ecx, dword [esp + 0x10] mov dword [ecx], edx mov ebx, dword [esp + 0x14] test ebx, ebx je short loc_0040b0cb ; je 0x40b0cb mov al, byte [eax + ref_0048a853] ; mov al, byte [eax + 0x48a853] and eax, 0xff mov dword [ebx], eax loc_0040b0cb: pop ebx ret fcn_0040b0cd: push ebx push 0 push 0 push 0x20b mov edx, dword [ref_0048a0e4] ; mov edx, dword [0x48a0e4] push edx call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0 push 0xffffffffffffffff call fcn_0040829d ; call 0x40829d add esp, 8 push 0x5a push 1 push 0x28 push 0 push ebx call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 pop ebx ret fcn_0040b110: push ebx mov edx, dword [esp + 8] xor eax, eax cmp edx, 0x7d0 jle short loc_0040b170 ; jle 0x40b170 cmp edx, 0xfa0 jge short loc_0040b170 ; jge 0x40b170 lea ecx, [edx - 0x7d0] imul ecx, ecx, 0x34 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] add ebx, ecx cmp byte [ebx + 0x18], 0 jne short loc_0040b149 ; jne 0x40b149 cmp byte [ebx + 0x1a], 5 jae short loc_0040b149 ; jae 0x40b149 mov eax, 1 loc_0040b149: mov cl, byte [ebx + 0x18] cmp cl, 1 jne short loc_0040b15d ; jne 0x40b15d cmp cl, byte [ebx + 0x1a] jbe short loc_0040b15d ; jbe 0x40b15d mov eax, 1 jmp short loc_0040b161 ; jmp 0x40b161 loc_0040b15d: test eax, eax je short loc_0040b170 ; je 0x40b170 loc_0040b161: mov cl, byte [ebx + 0x1a] inc cl mov byte [ebx + 0x1a], cl cmp cl, 5 jne short loc_0040b170 ; jne 0x40b170 or al, 0x80 loc_0040b170: cmp edx, 0xfa0 jle near loc_0040b21f ; jle 0x40b21f cmp edx, 0x1770 jge near loc_0040b21f ; jge 0x40b21f lea ebx, [edx - 0xfa0] shl ebx, 3 mov edx, ebx shl ebx, 3 sub ebx, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] add ebx, edx cmp byte [ebx + 0x1a], 0 jne short loc_0040b1f9 ; jne 0x40b1f9 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 test byte [eax + (_players+21)], 6 ; test byte [eax + 0x496b7d], 6 je short loc_0040b1e2 ; je 0x40b1e2 xor edx, edx mov dl, byte [ebx + 0x19] mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edx, eax jne short loc_0040b1dc ; jne 0x40b1dc call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 4 sar edx, 0x1f idiv ecx inc edx mov byte [ebx + 0x18], dl jmp short loc_0040b1ef ; jmp 0x40b1ef loc_0040b1dc: mov byte [ebx + 0x18], 0 jmp short loc_0040b1ef ; jmp 0x40b1ef loc_0040b1e2: push 0 call fcn_00440aac ; call 0x440aac add esp, 4 mov byte [ebx + 0x18], al loc_0040b1ef: mov eax, 1 inc byte [ebx + 0x1a] pop ebx ret loc_0040b1f9: xor edx, edx mov dl, byte [ebx + 0x18] mov cl, byte [ebx + 0x1a] cmp cl, byte [edx + ref_00474940] ; cmp cl, byte [edx + 0x474940] jae short loc_0040b21f ; jae 0x40b21f mov eax, 1 mov dl, cl inc dl mov byte [ebx + 0x1a], dl cmp dl, 5 jne short loc_0040b21f ; jne 0x40b21f mov eax, 0x81 loc_0040b21f: pop ebx ret fcn_0040b221: push ebx push esi push edi push ebp sub esp, 0x18 xor edx, edx mov dword [esp + 8], edx push 0x10 push edx push ref_0048b8b4 ; push 0x48b8b4 call memset ; call 0x456f60 add esp, 0xc cmp dword [esp + 0x30], 8 jle short loc_0040b24d ; jle 0x40b24d mov dword [esp + 0x30], 8 loc_0040b24d: imul eax, dword [esp + 0x2c], 0x68 xor edx, edx mov dx, word [eax + (_players+12)] ; mov dx, word [eax + 0x496b74] mov dword [esp + 0xc], edx mov ax, word [eax + (_players+14)] ; mov ax, word [eax + 0x496b76] and eax, 0xffff mov dword [esp + 0x14], eax xor edi, edi mov dword [esp + 0x10], edi loc_0040b275: mov eax, dword [esp + 0x10] cmp eax, dword [esp + 0x30] jge near loc_0040b337 ; jge 0x40b337 mov edx, dword [esp + 0xc] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 mov edi, dword [ref_00498e80] ; mov edi, dword [0x498e80] add edi, eax mov ebp, dword [edi + 0x24] xor eax, eax mov ecx, 0x40000000 xor ebx, ebx jmp short loc_0040b2af ; jmp 0x40b2af loc_0040b2a7: shr ecx, 1 inc eax cmp eax, 4 jge short loc_0040b2d1 ; jge 0x40b2d1 loc_0040b2af: mov edx, eax mov dx, word [edi + edx*2 + 0x18] test dx, dx je short loc_0040b2a7 ; je 0x40b2a7 xor esi, esi mov si, dx cmp esi, dword [esp + 0x14] je short loc_0040b2a7 ; je 0x40b2a7 test ebp, ecx jne short loc_0040b2a7 ; jne 0x40b2a7 mov word [esp + ebx*2], dx inc ebx jmp short loc_0040b2a7 ; jmp 0x40b2a7 loc_0040b2d1: mov esi, dword [esp + 0x10] add esi, esi test ebx, ebx jne short loc_0040b2e8 ; jne 0x40b2e8 mov eax, dword [esp + 0x14] loc_0040b2df: mov word [esi + ref_0048b8b4], ax ; mov word [esi + 0x48b8b4], ax jmp short loc_0040b311 ; jmp 0x40b311 loc_0040b2e8: cmp ebx, 1 jne short loc_0040b2f2 ; jne 0x40b2f2 mov eax, dword [esp] jmp short loc_0040b2df ; jmp 0x40b2df loc_0040b2f2: call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv ebx mov ax, word [esp + edx*2] mov word [esi + ref_0048b8b4], ax ; mov word [esi + 0x48b8b4], ax mov dword [esp + 8], 1 loc_0040b311: mov eax, dword [esp + 0xc] mov dword [esp + 0x14], eax mov eax, dword [esp + 0x10] mov ax, word [eax*2 + ref_0048b8b4] ; mov ax, word [eax*2 + 0x48b8b4] and eax, 0xffff mov dword [esp + 0xc], eax inc dword [esp + 0x10] jmp near loc_0040b275 ; jmp 0x40b275 loc_0040b337: mov eax, dword [esp + 8] loc_0040b33b: add esp, 0x18 pop ebp pop edi pop esi pop ebx ret fcn_0040b343: push ebx push esi push edi push ebp sub esp, 0x18 xor edx, edx mov dword [esp + 8], edx push 0x10 push edx push ref_0048b8b4 ; push 0x48b8b4 call memset ; call 0x456f60 add esp, 0xc cmp dword [esp + 0x30], 8 jle short loc_0040b36f ; jle 0x40b36f mov dword [esp + 0x30], 8 loc_0040b36f: imul eax, dword [esp + 0x2c], 0x68 xor edx, edx mov dx, word [eax + (_players+14)] ; mov dx, word [eax + 0x496b76] mov dword [esp + 0xc], edx mov ax, word [eax + (_players+12)] ; mov ax, word [eax + 0x496b74] and eax, 0xffff mov dword [esp + 0x14], eax xor edi, edi mov dword [esp + 0x10], edi loc_0040b397: mov eax, dword [esp + 0x10] cmp eax, dword [esp + 0x30] jge short loc_0040b337 ; jge 0x40b337 mov edx, dword [esp + 0xc] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 mov edi, dword [ref_00498e80] ; mov edi, dword [0x498e80] add edi, eax mov ebp, dword [edi + 0x24] xor eax, eax mov ecx, 0x40000000 xor ebx, ebx jmp short loc_0040b3cd ; jmp 0x40b3cd loc_0040b3c5: shr ecx, 1 inc eax cmp eax, 4 jge short loc_0040b3ef ; jge 0x40b3ef loc_0040b3cd: mov edx, eax mov dx, word [edi + edx*2 + 0x18] test dx, dx je short loc_0040b3c5 ; je 0x40b3c5 xor esi, esi mov si, dx cmp esi, dword [esp + 0x14] je short loc_0040b3c5 ; je 0x40b3c5 test ebp, ecx jne short loc_0040b3c5 ; jne 0x40b3c5 mov word [esp + ebx*2], dx inc ebx jmp short loc_0040b3c5 ; jmp 0x40b3c5 loc_0040b3ef: mov esi, dword [esp + 0x10] add esi, esi test ebx, ebx jne short loc_0040b406 ; jne 0x40b406 mov eax, dword [esp + 0x14] loc_0040b3fd: mov word [esi + ref_0048b8b4], ax ; mov word [esi + 0x48b8b4], ax jmp short loc_0040b42f ; jmp 0x40b42f loc_0040b406: cmp ebx, 1 jne short loc_0040b410 ; jne 0x40b410 mov eax, dword [esp] jmp short loc_0040b3fd ; jmp 0x40b3fd loc_0040b410: call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv ebx mov ax, word [esp + edx*2] mov word [esi + ref_0048b8b4], ax ; mov word [esi + 0x48b8b4], ax mov dword [esp + 8], 1 loc_0040b42f: mov eax, dword [esp + 0xc] mov dword [esp + 0x14], eax mov eax, dword [esp + 0x10] mov ax, word [eax*2 + ref_0048b8b4] ; mov ax, word [eax*2 + 0x48b8b4] and eax, 0xffff mov dword [esp + 0xc], eax inc dword [esp + 0x10] jmp near loc_0040b397 ; jmp 0x40b397 fcn_0040b455: push ebx push esi push edi push ebp xor ebp, ebp mov edx, 1 xor ecx, ecx mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] loc_0040b467: add eax, 0x34 cmp edx, dword [ref_00498e98] ; cmp edx, dword [0x498e98] jg short loc_0040b4ab ; jg 0x40b4ab xor ebx, ebx mov bl, byte [eax + 0x19] mov esi, dword [esp + 0x14] inc esi cmp ebx, esi jne short loc_0040b4a8 ; jne 0x40b4a8 cmp byte [eax + 0x18], 0 jne short loc_0040b4a8 ; jne 0x40b4a8 xor ebx, ebx mov bl, byte [eax + 0x1a] mov bx, word [eax + ebx*2 + 0x20] and ebx, 0xffff cmp ecx, ebx jge short loc_0040b4a8 ; jge 0x40b4a8 cmp byte [eax + 0x1a], 5 jae short loc_0040b4a8 ; jae 0x40b4a8 mov ecx, ebx lea ebp, [edx + 0x7d0] loc_0040b4a8: inc edx jmp short loc_0040b467 ; jmp 0x40b467 loc_0040b4ab: mov edx, 1 mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] loc_0040b4b5: add eax, 0x38 cmp edx, dword [ref_00498e8c] ; cmp edx, dword [0x498e8c] jg short loc_0040b4f1 ; jg 0x40b4f1 movzx esi, byte [eax + 0x19] mov ebx, dword [esp + 0x14] inc ebx cmp esi, ebx jne short loc_0040b4ee ; jne 0x40b4ee xor edi, edi mov di, word [eax + 0x22] cmp ecx, edi jge short loc_0040b4ee ; jge 0x40b4ee movzx esi, byte [eax + 0x18] mov bl, byte [eax + 0x1a] cmp bl, byte [esi + ref_00474940] ; cmp bl, byte [esi + 0x474940] jae short loc_0040b4ee ; jae 0x40b4ee mov ecx, edi lea ebp, [edx + 0xfa0] loc_0040b4ee: inc edx jmp short loc_0040b4b5 ; jmp 0x40b4b5 loc_0040b4f1: mov eax, ebp pop ebp pop edi pop esi pop ebx ret fcn_0040b4f8: push ebx push esi push edi sub esp, 0x38 mov eax, dword [esp + 0x48] cmp eax, 0x7d0 jle near loc_0040b6e2 ; jle 0x40b6e2 cmp eax, 0xfa0 jge near loc_0040b6e2 ; jge 0x40b6e2 sub eax, 0x7d0 imul eax, eax, 0x34 mov esi, dword [ref_00498e84] ; mov esi, dword [0x498e84] lea ebx, [esi + eax] mov eax, dword [esp + 0x4c] sub eax, 0x7d0 imul eax, eax, 0x34 add esi, eax movsx eax, word [ebx] mov dword [esp + 0xc], eax movsx eax, word [ebx + 2] mov dword [esp + 0x14], eax movsx eax, word [esi] mov dword [esp + 0x10], eax movsx eax, word [esi + 2] mov dword [esp + 8], eax mov edi, dword [esp + 0xc] sub edi, dword [esp + 0x10] mov edx, dword [esp + 0x14] sub edx, eax mov ecx, edi imul ecx, edi mov eax, edx imul eax, edx add eax, ecx mov dword [esp + 0x34], eax fild dword [esp + 0x34] call fcn_004582bc ; call 0x4582bc fst dword [esp] fmul dword [ref_004631d8] ; fmul dword [0x4631d8] fld1 faddp st1 ; faddp st(1) call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x30] mov dword [esp + 0x34], edi fild dword [esp + 0x34] mov eax, dword [esp + 0x30] mov dword [esp + 0x34], eax fild dword [esp + 0x34] fstp dword [esp + 4] fdiv dword [esp + 4] fstp dword [esp + 0x18] mov dword [esp + 0x34], edx fild dword [esp + 0x34] fdiv dword [esp + 4] fstp dword [esp + 0x1c] fild word [ebx] fstp dword [esp + 0x20] fild word [ebx + 2] fstp dword [esp + 0x24] fild word [esi] fstp dword [esp + 0x28] fild word [esi + 2] fstp dword [esp + 0x2c] loc_0040b5dc: cmp dword [esp + 0x30], 0 je near loc_0040b6a7 ; je 0x40b6a7 call dword [cs:__imp__timeGetTime@0] ; ucall: call dword cs:[0x46246c] mov edi, eax fld dword [esp + 0x20] fsub dword [esp + 0x18] fstp dword [esp + 0x20] fld dword [esp + 0x24] fsub dword [esp + 0x1c] fstp dword [esp + 0x24] fld dword [esp + 0x28] fadd dword [esp + 0x18] fstp dword [esp + 0x28] fld dword [esp + 0x2c] fadd dword [esp + 0x1c] fstp dword [esp + 0x2c] fld dword [esp + 0x20] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x34] mov eax, dword [esp + 0x34] mov word [ebx], ax fld dword [esp + 0x24] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x34] mov eax, dword [esp + 0x34] mov word [ebx + 2], ax fld dword [esp + 0x28] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x34] mov eax, dword [esp + 0x34] mov word [esi], ax fld dword [esp + 0x2c] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x34] mov eax, dword [esp + 0x34] mov word [esi + 2], ax push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc call dword [cs:__imp__timeGetTime@0] ; ucall: call dword cs:[0x46246c] sub eax, edi cmp eax, 0x18 jae short loc_0040b69e ; jae 0x40b69e mov edx, 0x18 sub edx, eax push edx call fcn_0045285e ; call 0x45285e add esp, 4 loc_0040b69e: dec dword [esp + 0x30] jmp near loc_0040b5dc ; jmp 0x40b5dc loc_0040b6a7: mov eax, dword [esp + 0xc] mov word [ebx], ax mov eax, dword [esp + 0x14] mov word [ebx + 2], ax mov eax, dword [esp + 0x10] mov word [esi], ax mov eax, dword [esp + 8] mov word [esi + 2], ax mov al, byte [ebx + 0x1a] mov ah, byte [esi + 0x1a] mov byte [ebx + 0x1a], ah mov byte [esi + 0x1a], al mov al, byte [ebx + 0x18] mov ah, byte [esi + 0x18] mov byte [ebx + 0x18], ah mov byte [esi + 0x18], al jmp near loc_0040b8b6 ; jmp 0x40b8b6 loc_0040b6e2: sub eax, 0xfa0 shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] lea esi, [edx + eax] mov eax, dword [esp + 0x4c] sub eax, 0xfa0 shl eax, 3 mov ebx, eax shl eax, 3 sub eax, ebx lea ebx, [edx + eax] movsx eax, word [esi] mov dword [esp + 0xc], eax movsx eax, word [esi + 2] mov dword [esp + 0x14], eax movsx eax, word [ebx] mov dword [esp + 0x10], eax movsx eax, word [ebx + 2] mov dword [esp + 8], eax mov edi, dword [esp + 0xc] sub edi, dword [esp + 0x10] mov edx, dword [esp + 0x14] sub edx, eax mov ecx, edi imul ecx, edi mov eax, edx imul eax, edx add eax, ecx mov dword [esp + 0x34], eax fild dword [esp + 0x34] call fcn_004582bc ; call 0x4582bc fst dword [esp] fmul dword [ref_004631d8] ; fmul dword [0x4631d8] fld1 faddp st1 ; faddp st(1) call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x30] mov dword [esp + 0x34], edi fild dword [esp + 0x34] mov eax, dword [esp + 0x30] mov dword [esp + 0x34], eax fild dword [esp + 0x34] fstp dword [esp + 4] fdiv dword [esp + 4] fstp dword [esp + 0x18] mov dword [esp + 0x34], edx fild dword [esp + 0x34] fdiv dword [esp + 4] fstp dword [esp + 0x1c] fild word [esi] fstp dword [esp + 0x20] fild word [esi + 2] fstp dword [esp + 0x24] fild word [ebx] fstp dword [esp + 0x28] fild word [ebx + 2] fstp dword [esp + 0x2c] loc_0040b7b5: cmp dword [esp + 0x30], 0 je near loc_0040b880 ; je 0x40b880 call dword [cs:__imp__timeGetTime@0] ; ucall: call dword cs:[0x46246c] mov edi, eax fld dword [esp + 0x20] fsub dword [esp + 0x18] fstp dword [esp + 0x20] fld dword [esp + 0x24] fsub dword [esp + 0x1c] fstp dword [esp + 0x24] fld dword [esp + 0x28] fadd dword [esp + 0x18] fstp dword [esp + 0x28] fld dword [esp + 0x2c] fadd dword [esp + 0x1c] fstp dword [esp + 0x2c] fld dword [esp + 0x20] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x34] mov eax, dword [esp + 0x34] mov word [esi], ax fld dword [esp + 0x24] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x34] mov eax, dword [esp + 0x34] mov word [esi + 2], ax fld dword [esp + 0x28] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x34] mov eax, dword [esp + 0x34] mov word [ebx], ax fld dword [esp + 0x2c] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x34] mov eax, dword [esp + 0x34] mov word [ebx + 2], ax push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc call dword [cs:__imp__timeGetTime@0] ; ucall: call dword cs:[0x46246c] sub eax, edi cmp eax, 0x18 jae short loc_0040b877 ; jae 0x40b877 mov edx, 0x18 sub edx, eax push edx call fcn_0045285e ; call 0x45285e add esp, 4 loc_0040b877: dec dword [esp + 0x30] jmp near loc_0040b7b5 ; jmp 0x40b7b5 loc_0040b880: mov eax, dword [esp + 0xc] mov word [esi], ax mov eax, dword [esp + 0x14] mov word [esi + 2], ax mov eax, dword [esp + 0x10] mov word [ebx], ax mov eax, dword [esp + 8] mov word [ebx + 2], ax mov al, byte [esi + 0x1a] mov ah, byte [ebx + 0x1a] mov byte [esi + 0x1a], ah mov byte [ebx + 0x1a], al mov al, byte [esi + 0x18] mov ah, byte [ebx + 0x18] mov byte [esi + 0x18], ah mov byte [ebx + 0x18], al loc_0040b8b6: push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0x1f4 call fcn_0045285e ; call 0x45285e add esp, 4 add esp, 0x38 pop edi pop esi pop ebx ret fcn_0040b8d8: push ebx push esi push edi push ebp mov ebp, dword [esp + 0x14] mov edi, dword [esp + 0x18] xor esi, esi jmp short loc_0040b8ee ; jmp 0x40b8ee loc_0040b8e8: inc esi cmp esi, 4 jge short loc_0040b91c ; jge 0x40b91c loc_0040b8ee: imul eax, ebp, 0x34 mov ebx, esi shl ebx, 3 add ebx, eax mov eax, edi shl eax, 2 add ebx, eax mov edx, dword [ebx + ref_00498eb4] ; mov edx, dword [ebx + 0x498eb4] test edx, edx je short loc_0040b8e8 ; je 0x40b8e8 push edx call clib_free ; call 0x456e11 add esp, 4 xor eax, eax mov dword [ebx + ref_00498eb4], eax ; mov dword [ebx + 0x498eb4], eax jmp short loc_0040b8e8 ; jmp 0x40b8e8 loc_0040b91c: imul ebp, ebp, 0x34 test edi, edi je short loc_0040b92f ; je 0x40b92f and byte [ebp + ref_00498ea0], 0xf ; and byte [ebp + 0x498ea0], 0xf pop ebp pop edi pop esi pop ebx ret loc_0040b92f: and byte [ebp + ref_00498ea0], 0xf0 ; and byte [ebp + 0x498ea0], 0xf0 pop ebp pop edi pop esi pop ebx ret fcn_0040b93b: push ebx push esi push edi push ebp mov esi, dword [esp + 0x14] imul ebx, esi, 0x34 cmp esi, 4 jge near loc_0040bd43 ; jge 0x40bd43 imul ebp, esi, 0x68 xor eax, eax mov al, byte [ebp + (_players+19)] ; mov al, byte [ebp + 0x496b7b] mov edi, eax shl edi, 2 add edi, eax shl edi, 2 add edi, eax add edi, 0x80 mov cl, byte [ebp + (_players+21)] ; mov cl, byte [ebp + 0x496b7d] test cl, cl je short loc_0040b97f ; je 0x40b97f test cl, 0x40 je near loc_0040ba16 ; je 0x40ba16 loc_0040b97f: imul ebx, esi, 0x34 mov al, byte [ebx + ref_00498ea0] ; mov al, byte [ebx + 0x498ea0] and al, 0x30 cmp al, 0x20 je short loc_0040b9d0 ; je 0x40b9d0 push 1 push esi call fcn_0040b8d8 ; call 0x40b8d8 add esp, 8 mov cl, byte [ebx + ref_00498ea0] ; mov cl, byte [ebx + 0x498ea0] and cl, 0xcf mov byte [ebx + ref_00498ea0], cl ; mov byte [ebx + 0x498ea0], cl mov ch, cl or ch, 0x20 mov byte [ebx + ref_00498ea0], ch ; mov byte [ebx + 0x498ea0], ch push 0 push 0 add edi, 0x12 push edi mov ecx, dword [ref_0048a0e4] ; mov ecx, dword [0x48a0e4] push ecx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx + ref_00498eb8], eax ; mov dword [ebx + 0x498eb8], eax loc_0040b9d0: mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542e9 ; call 0x4542e9 add esp, 4 imul eax, esi, 0x34 mov dl, 1 mov byte [eax + ref_00498ea1], dl ; mov byte [eax + 0x498ea1], dl cmp dl, byte [eax + ref_00498ea2] ; cmp dl, byte [eax + 0x498ea2] jne short loc_0040ba00 ; jne 0x40ba00 mov byte [eax + ref_00498ea5], 5 ; mov byte [eax + 0x498ea5], 5 loc_0040ba00: imul esi, esi, 0x34 xor bh, bh mov byte [esi + ref_00498ea2], bh ; mov byte [esi + 0x498ea2], bh mov byte [esi + ref_00498ea3], bh ; mov byte [esi + 0x498ea3], bh pop ebp pop edi pop esi pop ebx ret loc_0040ba16: cmp byte [ebp + (_players+55)], 0 ; cmp byte [ebp + 0x496b9f], 0 je near loc_0040bace ; je 0x40bace mov al, byte [ebx + ref_00498ea0] ; mov al, byte [ebx + 0x498ea0] and al, 0xf cmp al, 5 je short loc_0040baaa ; je 0x40baaa push 0 push esi call fcn_0040b8d8 ; call 0x40b8d8 add esp, 8 mov cl, byte [ebx + ref_00498ea0] ; mov cl, byte [ebx + 0x498ea0] and cl, 0xf0 mov byte [ebx + ref_00498ea0], cl ; mov byte [ebx + 0x498ea0], cl mov ch, cl or ch, 5 mov byte [ebx + ref_00498ea0], ch ; mov byte [ebx + 0x498ea0], ch push 0 push 0 lea eax, [edi + 0x10] push eax mov ebp, dword [ref_0048a0e4] ; mov ebp, dword [0x48a0e4] push ebp call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx + ref_00498eb4], eax ; mov dword [ebx + 0x498eb4], eax push 0 push 0 lea eax, [edi + 0x11] push eax mov eax, dword [ref_0048a0e4] ; mov eax, dword [0x48a0e4] push eax call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx + ref_00498ebc], eax ; mov dword [ebx + 0x498ebc], eax push 0 push 0 add edi, 2 push edi mov edx, dword [ref_0048a0e4] ; mov edx, dword [0x48a0e4] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx + ref_00498ec4], eax ; mov dword [ebx + 0x498ec4], eax loc_0040baaa: imul eax, esi, 0x34 cmp byte [eax + ref_00498ea1], 1 ; cmp byte [eax + 0x498ea1], 1 jne short loc_0040babe ; jne 0x40babe loc_0040bab6: xor dh, dh mov byte [eax + ref_00498ea3], dh ; mov byte [eax + 0x498ea3], dh loc_0040babe: imul esi, esi, 0x34 xor bl, bl mov byte [esi + ref_00498ea1], bl ; mov byte [esi + 0x498ea1], bl pop ebp pop edi pop esi pop ebx ret loc_0040bace: xor edx, edx mov dx, word [ebp + (_players+12)] ; mov dx, word [ebp + 0x496b74] mov eax, edx shl eax, 2 add eax, edx mov edx, dword [ref_00498e80] ; mov edx, dword [0x498e80] test byte [edx + eax*8 + 0x27], 0x80 je near loc_0040bbd8 ; je 0x40bbd8 mov al, byte [ebx + ref_00498ea0] ; mov al, byte [ebx + 0x498ea0] and al, 0x30 cmp al, 0x10 je short loc_0040bb76 ; je 0x40bb76 push 1 push esi call fcn_0040b8d8 ; call 0x40b8d8 add esp, 8 mov cl, byte [ebx + ref_00498ea0] ; mov cl, byte [ebx + 0x498ea0] and cl, 0xcf mov byte [ebx + ref_00498ea0], cl ; mov byte [ebx + 0x498ea0], cl mov ch, cl or ch, 0x10 mov byte [ebx + ref_00498ea0], ch ; mov byte [ebx + 0x498ea0], ch push 0 push 0 lea eax, [edi + 0xd] push eax mov eax, dword [ref_0048a0e4] ; mov eax, dword [0x48a0e4] push eax call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx + ref_00498eb8], eax ; mov dword [ebx + 0x498eb8], eax push 0 push 0 lea eax, [edi + 0xe] push eax mov edx, dword [ref_0048a0e4] ; mov edx, dword [0x48a0e4] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx + ref_00498ec0], eax ; mov dword [ebx + 0x498ec0], eax push 0 push 0 add edi, 0xf push edi mov ecx, dword [ref_0048a0e4] ; mov ecx, dword [0x48a0e4] push ecx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx + ref_00498ec8], eax ; mov dword [ebx + 0x498ec8], eax loc_0040bb76: imul eax, esi, 0x34 cmp byte [eax + ref_00498ea1], 0 ; cmp byte [eax + 0x498ea1], 0 jne short loc_0040bbc9 ; jne 0x40bbc9 cmp dword [ref_0048baf8], 0 ; cmp dword [0x48baf8], 0 je short loc_0040bbbe ; je 0x40bbbe mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542e9 ; call 0x4542e9 add esp, 4 mov dword [ref_004749d4], 0xf ; mov dword [0x4749d4], 0xf push 1 mov eax, ref_0048234a ; mov eax, 0x48234a add eax, 0x78 push eax call fcn_004542ce ; call 0x4542ce add esp, 8 loc_0040bbbe: imul eax, esi, 0x34 xor dh, dh mov byte [eax + ref_00498ea3], dh ; mov byte [eax + 0x498ea3], dh loc_0040bbc9: imul esi, esi, 0x34 mov byte [esi + ref_00498ea1], 1 ; mov byte [esi + 0x498ea1], 1 pop ebp pop edi pop esi pop ebx ret loc_0040bbd8: mov al, byte [ebp + (_players+17)] ; mov al, byte [ebp + 0x496b79] and al, 3 xor edx, edx mov dl, al mov al, byte [ebx + ref_00498ea0] ; mov al, byte [ebx + 0x498ea0] and al, 0xf and eax, 0xff inc edx cmp edx, eax je near loc_0040bcb3 ; je 0x40bcb3 push 0 push esi call fcn_0040b8d8 ; call 0x40b8d8 add esp, 8 mov ch, byte [ebx + ref_00498ea0] ; mov ch, byte [ebx + 0x498ea0] and ch, 0xf0 mov byte [ebx + ref_00498ea0], ch ; mov byte [ebx + 0x498ea0], ch mov al, byte [ebp + (_players+17)] ; mov al, byte [ebp + 0x496b79] and al, 3 mov ah, al inc ah mov dl, ch or dl, ah mov byte [ebx + ref_00498ea0], dl ; mov byte [ebx + 0x498ea0], dl xor edx, edx mov dl, al mov eax, edx shl eax, 2 sub eax, edx add edi, eax push 0 push 0 push edi mov eax, dword [ref_0048a0e4] ; mov eax, dword [0x48a0e4] push eax call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx + ref_00498eb4], eax ; mov dword [ebx + 0x498eb4], eax push 0 push 0 lea eax, [edi + 1] push eax mov edx, dword [ref_0048a0e4] ; mov edx, dword [0x48a0e4] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx + ref_00498ebc], eax ; mov dword [ebx + 0x498ebc], eax push 0 push 0 lea eax, [edi + 2] push eax mov ecx, dword [ref_0048a0e4] ; mov ecx, dword [0x48a0e4] push ecx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx + ref_00498ec4], eax ; mov dword [ebx + 0x498ec4], eax mov al, byte [ebp + (_players+17)] ; mov al, byte [ebp + 0x496b79] and al, 3 cmp al, 3 jne short loc_0040bcb3 ; jne 0x40bcb3 push 0 push 0 add edi, 3 push edi mov edi, dword [ref_0048a0e4] ; mov edi, dword [0x48a0e4] push edi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx + ref_00498ecc], eax ; mov dword [ebx + 0x498ecc], eax loc_0040bcb3: imul eax, esi, 0x34 cmp byte [eax + ref_00498ea1], 1 ; cmp byte [eax + 0x498ea1], 1 jne short loc_0040bcc7 ; jne 0x40bcc7 xor bl, bl mov byte [eax + ref_00498ea3], bl ; mov byte [eax + 0x498ea3], bl loc_0040bcc7: imul eax, esi, 0x34 xor bh, bh mov byte [eax + ref_00498ea1], bh ; mov byte [eax + 0x498ea1], bh imul esi, esi, 0x68 mov al, byte [esi + (_players+17)] ; mov al, byte [esi + 0x496b79] and al, 3 and eax, 0xff mov edx, dword [ref_004749d4] ; mov edx, dword [0x4749d4] sub edx, 0xb cmp edx, eax je near loc_0040bf8e ; je 0x40bf8e cmp dword [ref_0048baf8], 0 ; cmp dword [0x48baf8], 0 je near loc_0040bf8e ; je 0x40bf8e mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542e9 ; call 0x4542e9 add esp, 4 mov al, byte [esi + (_players+17)] ; mov al, byte [esi + 0x496b79] and al, 3 and eax, 0xff add eax, 0xb mov dword [ref_004749d4], eax ; mov dword [0x4749d4], eax push 1 shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542ce ; call 0x4542ce add esp, 8 pop ebp pop edi pop esi pop ebx ret loc_0040bd43: cmp esi, 8 jge near loc_0040bf02 ; jge 0x40bf02 mov edi, esi shl edi, 2 add edi, 0x16c mov eax, esi shl eax, 4 cmp byte [eax + ref_00498df5], 0 ; cmp byte [eax + 0x498df5], 0 je short loc_0040bdd6 ; je 0x40bdd6 mov al, byte [ebx + ref_00498ea0] ; mov al, byte [ebx + 0x498ea0] and al, 0xf cmp al, 5 je near loc_0040baaa ; je 0x40baaa push 0 push esi call fcn_0040b8d8 ; call 0x40b8d8 add esp, 8 mov cl, byte [ebx + ref_00498ea0] ; mov cl, byte [ebx + 0x498ea0] and cl, 0xf0 mov byte [ebx + ref_00498ea0], cl ; mov byte [ebx + 0x498ea0], cl mov ch, cl or ch, 5 mov byte [ebx + ref_00498ea0], ch ; mov byte [ebx + 0x498ea0], ch push 0 push 0 push edi mov edx, dword [ref_0048a0e4] ; mov edx, dword [0x48a0e4] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx + ref_00498eb4], eax ; mov dword [ebx + 0x498eb4], eax push 0 push 0 add edi, 3 push edi mov ecx, dword [ref_0048a0e4] ; mov ecx, dword [0x48a0e4] push ecx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx + ref_00498ebc], eax ; mov dword [ebx + 0x498ebc], eax jmp near loc_0040baaa ; jmp 0x40baaa loc_0040bdd6: xor edx, edx mov dx, word [eax + ref_00498dec] ; mov dx, word [eax + 0x498dec] mov eax, edx shl eax, 2 add eax, edx mov edx, dword [ref_00498e80] ; mov edx, dword [0x498e80] test byte [edx + eax*8 + 0x27], 0x80 je short loc_0040be4a ; je 0x40be4a mov al, byte [ebx + ref_00498ea0] ; mov al, byte [ebx + 0x498ea0] and al, 0x30 cmp al, 0x10 je near loc_0040bb76 ; je 0x40bb76 push 1 push esi call fcn_0040b8d8 ; call 0x40b8d8 add esp, 8 mov cl, byte [ebx + ref_00498ea0] ; mov cl, byte [ebx + 0x498ea0] and cl, 0xcf mov byte [ebx + ref_00498ea0], cl ; mov byte [ebx + 0x498ea0], cl mov ch, cl or ch, 0x10 mov byte [ebx + ref_00498ea0], ch ; mov byte [ebx + 0x498ea0], ch push 0 push 0 add edi, 2 push edi mov edi, dword [ref_0048a0e4] ; mov edi, dword [0x48a0e4] push edi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx + ref_00498ec0], eax ; mov dword [ebx + 0x498ec0], eax jmp near loc_0040bb76 ; jmp 0x40bb76 loc_0040be4a: mov al, byte [ebx + ref_00498ea0] ; mov al, byte [ebx + 0x498ea0] and al, 0xf cmp al, 1 je short loc_0040beae ; je 0x40beae push 0 push esi call fcn_0040b8d8 ; call 0x40b8d8 add esp, 8 mov al, byte [ebx + ref_00498ea0] ; mov al, byte [ebx + 0x498ea0] and al, 0xf0 mov byte [ebx + ref_00498ea0], al ; mov byte [ebx + 0x498ea0], al mov ah, al or ah, 1 mov byte [ebx + ref_00498ea0], ah ; mov byte [ebx + 0x498ea0], ah push 0 push 0 push edi mov ebp, dword [ref_0048a0e4] ; mov ebp, dword [0x48a0e4] push ebp call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx + ref_00498eb4], eax ; mov dword [ebx + 0x498eb4], eax push 0 push 0 inc edi push edi mov eax, dword [ref_0048a0e4] ; mov eax, dword [0x48a0e4] push eax call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx + ref_00498ebc], eax ; mov dword [ebx + 0x498ebc], eax loc_0040beae: imul eax, esi, 0x34 cmp byte [eax + ref_00498ea1], 1 ; cmp byte [eax + 0x498ea1], 1 jne near loc_0040babe ; jne 0x40babe cmp dword [ref_0048baf8], 0 ; cmp dword [0x48baf8], 0 je short loc_0040befa ; je 0x40befa mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542e9 ; call 0x4542e9 add esp, 4 mov dword [ref_004749d4], 0xb ; mov dword [0x4749d4], 0xb push 1 mov eax, ref_0048234a ; mov eax, 0x48234a add eax, 0x58 push eax call fcn_004542ce ; call 0x4542ce add esp, 8 loc_0040befa: imul eax, esi, 0x34 jmp near loc_0040bab6 ; jmp 0x40bab6 loc_0040bf02: mov al, byte [ebx + ref_00498ea0] ; mov al, byte [ebx + 0x498ea0] and al, 0xf cmp al, 1 je short loc_0040bf6f ; je 0x40bf6f push 0 push esi call fcn_0040b8d8 ; call 0x40b8d8 add esp, 8 mov ah, byte [ebx + ref_00498ea0] ; mov ah, byte [ebx + 0x498ea0] and ah, 0xf0 mov byte [ebx + ref_00498ea0], ah ; mov byte [ebx + 0x498ea0], ah mov dl, ah or dl, 1 mov byte [ebx + ref_00498ea0], dl ; mov byte [ebx + 0x498ea0], dl push 0 push 0 push 0x209 mov edx, dword [ref_0048a0e4] ; mov edx, dword [0x48a0e4] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx + ref_00498eb4], eax ; mov dword [ebx + 0x498eb4], eax push 0 push 0 push 0x20a mov ecx, dword [ref_0048a0e4] ; mov ecx, dword [0x48a0e4] push ecx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx + ref_00498ebc], eax ; mov dword [ebx + 0x498ebc], eax loc_0040bf6f: imul eax, esi, 0x34 cmp byte [eax + ref_00498ea1], 1 ; cmp byte [eax + 0x498ea1], 1 jne short loc_0040bf83 ; jne 0x40bf83 xor bl, bl mov byte [eax + ref_00498ea3], bl ; mov byte [eax + 0x498ea3], bl loc_0040bf83: imul esi, esi, 0x34 xor bh, bh mov byte [esi + ref_00498ea1], bh ; mov byte [esi + 0x498ea1], bh loc_0040bf8e: pop ebp pop edi pop esi pop ebx ret fcn_0040bf93: push ebx push esi push edi mov edi, dword [esp + 0x10] imul eax, edi, 0x68 xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 add eax, ebx shl eax, 2 add eax, ebx lea esi, [eax + 0x80] imul eax, edi, 0x34 test byte [eax + ref_00498ea0], 0x30 ; test byte [eax + 0x498ea0], 0x30 je short loc_0040bfce ; je 0x40bfce push 1 push edi call fcn_0040b8d8 ; call 0x40b8d8 add esp, 8 loc_0040bfce: imul ebx, edi, 0x34 mov edx, dword [esp + 0x14] test edx, edx jne short loc_0040bfe8 ; jne 0x40bfe8 push edx push edx add esi, 0x13 push esi mov esi, dword [ref_0048a0e4] ; mov esi, dword [0x48a0e4] push esi jmp short loc_0040bff7 ; jmp 0x40bff7 loc_0040bfe8: push 0 push 0 add esi, 0x14 push esi mov ecx, dword [ref_0048a0e4] ; mov ecx, dword [0x48a0e4] push ecx loc_0040bff7: call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx + ref_00498eb8], eax ; mov dword [ebx + 0x498eb8], eax imul eax, edi, 0x34 mov dh, byte [eax + ref_00498ea0] ; mov dh, byte [eax + 0x498ea0] and dh, 0xcf mov byte [eax + ref_00498ea0], dh ; mov byte [eax + 0x498ea0], dh mov bl, dh or bl, 0x30 mov byte [eax + ref_00498ea0], bl ; mov byte [eax + 0x498ea0], bl mov byte [eax + ref_00498ea1], 1 ; mov byte [eax + 0x498ea1], 1 xor cl, cl mov byte [eax + ref_00498ea2], cl ; mov byte [eax + 0x498ea2], cl mov byte [eax + ref_00498ea3], cl ; mov byte [eax + 0x498ea3], cl pop edi pop esi pop ebx ret fcn_0040c03b: push ebx xor ebx, ebx loc_0040c03e: push 0 push ebx call fcn_0040b8d8 ; call 0x40b8d8 add esp, 8 push 1 push ebx call fcn_0040b8d8 ; call 0x40b8d8 add esp, 8 inc ebx cmp ebx, 9 jl short loc_0040c03e ; jl 0x40c03e pop ebx ret fcn_0040c05c: push ebx push esi push edi push ebp sub esp, 0x30 xor edx, edx mov dword [esp + 8], edx mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] cmp ecx, 4 jge near loc_0040c489 ; jge 0x40c489 cmp dword [ref_004749dc], 0 ; cmp dword [0x4749dc], 0 jne near loc_0040c332 ; jne 0x40c332 imul eax, ecx, 0x68 xor ecx, ecx mov cx, word [eax + (_players+12)] ; mov cx, word [eax + 0x496b74] mov edx, ecx shl edx, 2 add edx, ecx shl edx, 3 mov ebx, dword [ref_00498e80] ; mov ebx, dword [0x498e80] add ebx, edx mov cl, byte [_current_player] ; mov cl, byte [0x49910c] mov edx, 0x100 shl edx, cl mov dword [esp + 0x10], edx mov dl, byte [eax + (_players+21)] ; mov dl, byte [eax + 0x496b7d] test dl, 0x10 je short loc_0040c0ed ; je 0x40c0ed xor edx, edx mov dx, word [eax + (_players+8)] ; mov dx, word [eax + 0x496b70] mov dword [esp + 0x18], edx mov ax, word [eax + (_players+10)] ; mov ax, word [eax + 0x496b72] and eax, 0xffff mov dword [esp + 0x14], eax movsx eax, word [ebx] mov dword [ref_0048bae4], eax ; mov dword [0x48bae4], eax movsx eax, word [ebx + 2] jmp near loc_0040c211 ; jmp 0x40c211 loc_0040c0ed: test dl, 0x20 je short loc_0040c12c ; je 0x40c12c movsx edx, word [ebx] mov dword [esp + 0x18], edx movsx edx, word [ebx + 2] mov dword [esp + 0x14], edx movsx edx, word [eax + (_players+74)] ; movsx edx, word [eax + 0x496bb2] shl edx, 3 mov eax, edx shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] add eax, edx movsx edx, word [eax] mov dword [ref_0048bae4], edx ; mov dword [0x48bae4], edx movsx eax, word [eax + 2] jmp near loc_0040c211 ; jmp 0x40c211 loc_0040c12c: xor eax, eax mov ecx, 0x40000000 xor esi, esi mov edx, dword [ebx + 0x24] mov dword [esp + 0x24], edx mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] jmp short loc_0040c14c ; jmp 0x40c14c loc_0040c144: sar ecx, 1 inc eax cmp eax, 4 jge short loc_0040c17c ; jge 0x40c17c loc_0040c14c: mov edx, eax mov dx, word [ebx + edx*2 + 0x18] and edx, 0xffff je short loc_0040c144 ; je 0x40c144 imul edi, ebp, 0x68 mov di, word [edi + (_players+14)] ; mov di, word [edi + 0x496b76] and edi, 0xffff cmp edx, edi je short loc_0040c144 ; je 0x40c144 test dword [esp + 0x24], ecx jne short loc_0040c144 ; jne 0x40c144 mov word [esp + esi*2], dx inc esi jmp short loc_0040c144 ; jmp 0x40c144 loc_0040c17c: test esi, esi jne short loc_0040c196 ; jne 0x40c196 imul edi, dword [_current_player], 0x68 ; imul edi, dword [0x49910c], 0x68 mov di, word [edi + (_players+14)] ; mov di, word [edi + 0x496b76] and edi, 0xffff jmp short loc_0040c1a9 ; jmp 0x40c1a9 loc_0040c196: call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv esi lea edi, [edx + edx] movsx edi, word [esp + edi] loc_0040c1a9: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov dx, word [eax + (_players+12)] ; mov dx, word [eax + 0x496b74] mov word [eax + (_players+14)], dx ; mov word [eax + 0x496b76], dx mov word [eax + (_players+12)], di ; mov word [eax + 0x496b74], di mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_0040fc00 ; call 0x40fc00 add esp, 4 movsx eax, word [ebx] mov dword [esp + 0x18], eax movsx eax, word [ebx + 2] mov dword [esp + 0x14], eax mov eax, dword [esp + 0x10] not eax and dword [ebx + 0x24], eax mov eax, edi shl eax, 2 add eax, edi shl eax, 3 mov ebx, dword [ref_00498e80] ; mov ebx, dword [0x498e80] add ebx, eax mov eax, dword [esp + 0x10] or dword [ebx + 0x24], eax movsx eax, word [ebx] mov dword [ref_0048bae4], eax ; mov dword [0x48bae4], eax movsx eax, word [ebx + 2] loc_0040c211: mov dword [ref_0048bae8], eax ; mov dword [0x48bae8], eax mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp call fcn_0040b93b ; call 0x40b93b add esp, 4 mov edx, dword [ref_0048bae4] ; mov edx, dword [0x48bae4] sub edx, dword [esp + 0x18] mov edi, dword [ref_0048bae8] ; mov edi, dword [0x48bae8] sub edi, dword [esp + 0x14] mov eax, edx imul eax, edx mov ecx, edi imul ecx, edi add eax, ecx mov dword [esp + 0x28], eax fild dword [esp + 0x28] call fcn_004582bc ; call 0x4582bc fstp dword [esp + 0xc] imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 cmp byte [eax + ref_00498ea1], 0 ; cmp byte [eax + 0x498ea1], 0 jne short loc_0040c276 ; jne 0x40c276 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 test byte [eax + (_players+21)], 0x30 ; test byte [eax + 0x496b7d], 0x30 je short loc_0040c282 ; je 0x40c282 loc_0040c276: fld dword [esp + 0xc] fmul dword [ref_004631dc] ; fmul dword [0x4631dc] jmp short loc_0040c2a2 ; jmp 0x40c2a2 loc_0040c282: mov al, byte [eax + (_players+17)] ; mov al, byte [eax + 0x496b79] and al, 3 xor ecx, ecx mov cl, al xor eax, eax mov al, byte [ecx + ref_004749d8] ; mov al, byte [ecx + 0x4749d8] mov dword [esp + 0x2c], eax fild word [esp + 0x2c] fdivr dword [esp + 0xc] loc_0040c2a2: fstp dword [esp + 0x1c] mov dword [esp + 0x28], edx fild dword [esp + 0x28] fdiv dword [esp + 0x1c] fstp dword [ref_0048baec] ; fstp dword [0x48baec] mov dword [esp + 0x28], edi fild dword [esp + 0x28] fdiv dword [esp + 0x1c] fstp dword [ref_0048baf0] ; fstp dword [0x48baf0] mov edi, dword [_current_player] ; mov edi, dword [0x49910c] imul edx, edi, 0x68 xor eax, eax mov ax, word [edx + (_players+8)] ; mov ax, word [edx + 0x496b70] mov dword [esp + 0x28], eax fild dword [esp + 0x28] imul ecx, edi, 0x34 fstp dword [ecx + ref_00498ea8] ; fstp dword [ecx + 0x498ea8] xor eax, eax mov ax, word [edx + (_players+10)] ; mov ax, word [edx + 0x496b72] mov dword [esp + 0x28], eax fild dword [esp + 0x28] fstp dword [ecx + ref_00498eac] ; fstp dword [ecx + 0x498eac] fld dword [esp + 0x1c] call fcn_00457dbc ; call 0x457dbc fistp dword [ref_004749dc] ; fistp dword [0x4749dc] mov eax, dword [ref_004749dc] ; mov eax, dword [0x4749dc] sar eax, 1 mov dword [ref_0048baf4], eax ; mov dword [0x48baf4], eax cmp dword [ref_004749dc], 0 ; cmp dword [0x4749dc], 0 jne short loc_0040c332 ; jne 0x40c332 mov dword [ref_004749dc], 1 ; mov dword [0x4749dc], 1 loc_0040c332: mov ecx, dword [ref_004749dc] ; mov ecx, dword [0x4749dc] dec ecx mov dword [ref_004749dc], ecx ; mov dword [0x4749dc], ecx mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] imul eax, ebx, 0x68 test ecx, ecx jle near loc_0040c3ec ; jle 0x40c3ec imul edx, ebx, 0x34 fld dword [ref_0048baec] ; fld dword [0x48baec] fadd dword [edx + ref_00498ea8] ; fadd dword [edx + 0x498ea8] fstp dword [edx + ref_00498ea8] ; fstp dword [edx + 0x498ea8] fld dword [ref_0048baf0] ; fld dword [0x48baf0] fadd dword [edx + ref_00498eac] ; fadd dword [edx + 0x498eac] fstp dword [edx + ref_00498eac] ; fstp dword [edx + 0x498eac] fld dword [edx + ref_00498ea8] ; fld dword [edx + 0x498ea8] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x28] mov ebx, dword [esp + 0x28] mov word [eax + (_players+8)], bx ; mov word [eax + 0x496b70], bx fld dword [edx + ref_00498eac] ; fld dword [edx + 0x498eac] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x28] mov edx, dword [esp + 0x28] mov word [eax + (_players+10)], dx ; mov word [eax + 0x496b72], dx test byte [eax + (_players+21)], 0x30 ; test byte [eax + 0x496b7d], 0x30 je short loc_0040c410 ; je 0x40c410 mov edx, dword [ref_004749dc] ; mov edx, dword [0x4749dc] cmp edx, dword [ref_0048baf4] ; cmp edx, dword [0x48baf4] jge short loc_0040c410 ; jge 0x40c410 mov ch, byte [eax + (_players+21)] ; mov ch, byte [eax + 0x496b7d] test ch, 0x10 je short loc_0040c3d7 ; je 0x40c3d7 xor ebx, ebx mov dword [eax + (_players+50)], ebx ; mov dword [eax + 0x496b9a], ebx jmp short loc_0040c3e2 ; jmp 0x40c3e2 loc_0040c3d7: mov dl, ch and dl, 0xf mov byte [eax + (_players+21)], dl ; mov byte [eax + 0x496b7d], dl loc_0040c3e2: xor esi, esi mov dword [ref_0048baf4], esi ; mov dword [0x48baf4], esi jmp short loc_0040c410 ; jmp 0x40c410 loc_0040c3ec: mov dx, word [ref_0048bae4] ; mov dx, word [0x48bae4] mov word [eax + (_players+8)], dx ; mov word [eax + 0x496b70], dx mov dx, word [ref_0048bae8] ; mov dx, word [0x48bae8] mov word [eax + (_players+10)], dx ; mov word [eax + 0x496b72], dx mov dword [esp + 8], 1 loc_0040c410: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 test byte [eax + (_players+21)], 0x30 ; test byte [eax + 0x496b7d], 0x30 jne short loc_0040c44c ; jne 0x40c44c xor edx, edx mov dx, word [eax + (_players+12)] ; mov dx, word [eax + 0x496b74] push edx mov ax, word [eax + (_players+14)] ; mov ax, word [eax + 0x496b76] and eax, 0xffff push eax call fcn_00407a8c ; call 0x407a8c add esp, 8 imul edx, dword [_current_player], 0x68 ; imul edx, dword [0x49910c], 0x68 mov byte [edx + (_players+16)], al ; mov byte [edx + 0x496b78], al loc_0040c44c: mov edx, dword [_current_player] ; mov edx, dword [0x49910c] imul eax, edx, 0x68 cmp byte [eax + (_players+55)], 0 ; cmp byte [eax + 0x496b9f], 0 je near loc_0040c74a ; je 0x40c74a imul eax, edx, 0x34 mov bh, byte [eax + ref_00498ea4] ; mov bh, byte [eax + 0x498ea4] inc bh mov byte [eax + ref_00498ea4], bh ; mov byte [eax + 0x498ea4], bh cmp bh, 6 jne near loc_0040c74a ; jne 0x40c74a xor ch, ch mov byte [eax + ref_00498ea4], ch ; mov byte [eax + 0x498ea4], ch jmp near loc_0040c74a ; jmp 0x40c74a loc_0040c489: lea eax, [ecx - 4] mov dword [esp + 0x20], eax shl eax, 4 mov dx, word [eax + ref_00498e2c] ; mov dx, word [eax + 0x498e2c] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 mov ebx, dword [ref_00498e80] ; mov ebx, dword [0x498e80] add ebx, eax movsx eax, word [ebx] mov dword [esp + 0x18], eax movsx eax, word [ebx + 2] mov dword [esp + 0x14], eax mov esi, dword [ref_004749dc] ; mov esi, dword [0x4749dc] test esi, esi jne near loc_0040c65f ; jne 0x40c65f xor eax, eax mov ecx, 0x40000000 mov edx, dword [ebx + 0x24] mov dword [esp + 0x24], edx jmp short loc_0040c4e1 ; jmp 0x40c4e1 loc_0040c4d9: sar ecx, 1 inc eax cmp eax, 4 jge short loc_0040c515 ; jge 0x40c515 loc_0040c4e1: mov edx, eax mov dx, word [ebx + edx*2 + 0x18] and edx, 0xffff je short loc_0040c4d9 ; je 0x40c4d9 mov edi, dword [esp + 0x20] shl edi, 4 mov di, word [edi + ref_00498e2e] ; mov di, word [edi + 0x498e2e] and edi, 0xffff cmp edx, edi je short loc_0040c4d9 ; je 0x40c4d9 test dword [esp + 0x24], ecx jne short loc_0040c4d9 ; jne 0x40c4d9 mov word [esp + esi*2], dx inc esi jmp short loc_0040c4d9 ; jmp 0x40c4d9 loc_0040c515: test esi, esi jne short loc_0040c52f ; jne 0x40c52f mov edi, dword [esp + 0x20] shl edi, 4 mov di, word [edi + ref_00498e2e] ; mov di, word [edi + 0x498e2e] and edi, 0xffff jmp short loc_0040c542 ; jmp 0x40c542 loc_0040c52f: call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv esi lea edi, [edx + edx] movsx edi, word [esp + edi] loc_0040c542: mov eax, dword [esp + 0x20] shl eax, 4 mov dx, word [eax + ref_00498e2c] ; mov dx, word [eax + 0x498e2c] mov word [eax + ref_00498e2e], dx ; mov word [eax + 0x498e2e], dx mov word [eax + ref_00498e2c], di ; mov word [eax + 0x498e2c], di cmp dword [esp + 0x20], 4 jge short loc_0040c579 ; jge 0x40c579 mov cl, byte [esp + 0x20] mov eax, 0x1000 shl eax, cl mov dword [esp + 0x10], eax not eax and dword [ebx + 0x24], eax loc_0040c579: mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_0040b93b ; call 0x40b93b add esp, 4 mov eax, edi shl eax, 2 add eax, edi shl eax, 3 mov ebx, dword [ref_00498e80] ; mov ebx, dword [0x498e80] add ebx, eax cmp dword [esp + 0x20], 4 jge short loc_0040c5a8 ; jge 0x40c5a8 mov eax, dword [esp + 0x10] or dword [ebx + 0x24], eax loc_0040c5a8: movsx eax, word [ebx] mov dword [ref_0048bae4], eax ; mov dword [0x48bae4], eax movsx eax, word [ebx + 2] mov dword [ref_0048bae8], eax ; mov dword [0x48bae8], eax mov edx, dword [ref_0048bae4] ; mov edx, dword [0x48bae4] sub edx, dword [esp + 0x18] mov edi, eax sub edi, dword [esp + 0x14] mov eax, edx imul eax, edx mov ecx, edi imul ecx, edi add eax, ecx mov dword [esp + 0x28], eax fild dword [esp + 0x28] call fcn_004582bc ; call 0x4582bc fst dword [esp + 0xc] fmul dword [ref_004631dc] ; fmul dword [0x4631dc] fstp dword [esp + 0x1c] mov dword [esp + 0x28], edx fild dword [esp + 0x28] fdiv dword [esp + 0x1c] fstp dword [ref_0048baec] ; fstp dword [0x48baec] mov dword [esp + 0x28], edi fild dword [esp + 0x28] fdiv dword [esp + 0x1c] fstp dword [ref_0048baf0] ; fstp dword [0x48baf0] mov ecx, dword [esp + 0x20] shl ecx, 4 xor eax, eax mov ax, word [ecx + ref_00498e28] ; mov ax, word [ecx + 0x498e28] mov dword [esp + 0x28], eax fild dword [esp + 0x28] imul edx, dword [_current_player], 0x34 ; imul edx, dword [0x49910c], 0x34 fstp dword [edx + ref_00498ea8] ; fstp dword [edx + 0x498ea8] xor eax, eax mov ax, word [ecx + ref_00498e2a] ; mov ax, word [ecx + 0x498e2a] mov dword [esp + 0x28], eax fild dword [esp + 0x28] fstp dword [edx + ref_00498eac] ; fstp dword [edx + 0x498eac] fld dword [esp + 0x1c] call fcn_00457dbc ; call 0x457dbc fistp dword [ref_004749dc] ; fistp dword [0x4749dc] loc_0040c65f: mov esi, dword [ref_004749dc] ; mov esi, dword [0x4749dc] dec esi mov dword [ref_004749dc], esi ; mov dword [0x4749dc], esi mov edx, dword [esp + 0x20] shl edx, 4 test esi, esi jle short loc_0040c6d8 ; jle 0x40c6d8 imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 fld dword [ref_0048baec] ; fld dword [0x48baec] fadd dword [eax + ref_00498ea8] ; fadd dword [eax + 0x498ea8] fstp dword [eax + ref_00498ea8] ; fstp dword [eax + 0x498ea8] fld dword [ref_0048baf0] ; fld dword [0x48baf0] fadd dword [eax + ref_00498eac] ; fadd dword [eax + 0x498eac] fstp dword [eax + ref_00498eac] ; fstp dword [eax + 0x498eac] fld dword [eax + ref_00498ea8] ; fld dword [eax + 0x498ea8] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x28] mov ebx, dword [esp + 0x28] mov word [edx + ref_00498e28], bx ; mov word [edx + 0x498e28], bx fld dword [eax + ref_00498eac] ; fld dword [eax + 0x498eac] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x28] mov eax, dword [esp + 0x28] mov word [edx + ref_00498e2a], ax ; mov word [edx + 0x498e2a], ax jmp short loc_0040c6f6 ; jmp 0x40c6f6 loc_0040c6d8: mov eax, dword [esp + 0x18] mov word [edx + ref_00498e28], ax ; mov word [edx + 0x498e28], ax mov eax, dword [esp + 0x14] mov word [edx + ref_00498e2a], ax ; mov word [edx + 0x498e2a], ax mov dword [esp + 8], 1 loc_0040c6f6: mov ebx, dword [esp + 0x20] shl ebx, 4 xor eax, eax mov ax, word [ebx + ref_00498e2c] ; mov ax, word [ebx + 0x498e2c] push eax xor eax, eax mov ax, word [ebx + ref_00498e2e] ; mov ax, word [ebx + 0x498e2e] push eax call fcn_00407a8c ; call 0x407a8c add esp, 8 mov byte [ebx + ref_00498e31], al ; mov byte [ebx + 0x498e31], al cmp byte [ebx + ref_00498e35], 0 ; cmp byte [ebx + 0x498e35], 0 je short loc_0040c74a ; je 0x40c74a imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov ch, byte [eax + ref_00498ea4] ; mov ch, byte [eax + 0x498ea4] inc ch mov byte [eax + ref_00498ea4], ch ; mov byte [eax + 0x498ea4], ch cmp ch, 6 jne short loc_0040c74a ; jne 0x40c74a xor dh, dh mov byte [eax + ref_00498ea4], dh ; mov byte [eax + 0x498ea4], dh loc_0040c74a: imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 inc byte [eax + ref_00498ea3] ; inc byte [eax + 0x498ea3] xor edx, edx mov dl, byte [eax + ref_00498ea1] ; mov dl, byte [eax + 0x498ea1] mov edx, dword [eax + edx*4 + ref_00498ebc] ; mov edx, dword [eax + edx*4 + 0x498ebc] mov edx, dword [edx + 4] sar edx, 3 xor ecx, ecx mov cl, byte [eax + ref_00498ea3] ; mov cl, byte [eax + 0x498ea3] cmp ecx, edx jne short loc_0040c780 ; jne 0x40c780 xor dh, dh mov byte [eax + ref_00498ea3], dh ; mov byte [eax + 0x498ea3], dh loc_0040c780: mov eax, dword [esp + 8] add esp, 0x30 pop ebp pop edi pop esi pop ebx ret fcn_0040c78c: push ebx push esi push edi push ebp sub esp, 0xc push 0 push ref_004823f2 ; push 0x4823f2 call fcn_004542ce ; call 0x4542ce add esp, 8 mov edx, dword [esp + 0x20] cmp edx, 4 jge near loc_0040c85e ; jge 0x40c85e imul eax, edx, 0x68 mov dl, byte [eax + (_players+16)] ; mov dl, byte [eax + 0x496b78] add dl, 4 and dl, 7 mov byte [eax + (_players+16)], dl ; mov byte [eax + 0x496b78], dl xor edx, edx mov dx, word [eax + (_players+12)] ; mov dx, word [eax + 0x496b74] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 mov ecx, dword [ref_00498e80] ; mov ecx, dword [0x498e80] add ecx, eax xor ebx, ebx xor edx, edx mov esi, 0x40000000 jmp short loc_0040c7f2 ; jmp 0x40c7f2 loc_0040c7ea: sar esi, 1 inc edx cmp edx, 4 jge short loc_0040c82b ; jge 0x40c82b loc_0040c7f2: mov eax, edx mov ax, word [ecx + eax*2 + 0x18] test ax, ax je short loc_0040c7ea ; je 0x40c7ea test dword [ecx + 0x24], esi jne short loc_0040c7ea ; jne 0x40c7ea imul edi, dword [esp + 0x20], 0x68 mov di, word [edi + (_players+14)] ; mov di, word [edi + 0x496b76] and edi, 0xffff mov dword [esp + 8], edi xor edi, edi mov di, ax cmp edi, dword [esp + 8] je short loc_0040c7ea ; je 0x40c7ea mov word [esp + ebx*2], ax inc ebx jmp short loc_0040c7ea ; jmp 0x40c7ea loc_0040c82b: imul esi, dword [esp + 0x20], 0x68 test ebx, ebx je short loc_0040c850 ; je 0x40c850 call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv ebx mov ax, word [esp + edx*2] mov word [esi + (_players+14)], ax ; mov word [esi + 0x496b76], ax jmp near loc_0040c90a ; jmp 0x40c90a loc_0040c850: xor ebx, ebx mov word [esi + (_players+14)], bx ; mov word [esi + 0x496b76], bx jmp near loc_0040c90a ; jmp 0x40c90a loc_0040c85e: lea ecx, [edx - 4] mov dword [esp + 0x20], ecx mov eax, ecx shl eax, 4 mov dl, byte [eax + ref_00498e31] ; mov dl, byte [eax + 0x498e31] add dl, 4 and dl, 7 mov byte [eax + ref_00498e31], dl ; mov byte [eax + 0x498e31], dl xor edx, edx mov dx, word [eax + ref_00498e2c] ; mov dx, word [eax + 0x498e2c] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 mov ecx, dword [ref_00498e80] ; mov ecx, dword [0x498e80] add ecx, eax xor ebx, ebx xor edx, edx mov esi, 0x40000000 jmp short loc_0040c8aa ; jmp 0x40c8aa loc_0040c8a2: sar esi, 1 inc edx cmp edx, 4 jge short loc_0040c8dd ; jge 0x40c8dd loc_0040c8aa: mov eax, edx mov ax, word [ecx + eax*2 + 0x18] test ax, ax je short loc_0040c8a2 ; je 0x40c8a2 test dword [ecx + 0x24], esi jne short loc_0040c8a2 ; jne 0x40c8a2 mov edi, dword [esp + 0x20] shl edi, 4 mov di, word [edi + ref_00498e2e] ; mov di, word [edi + 0x498e2e] and edi, 0xffff movzx ebp, ax cmp edi, ebp je short loc_0040c8a2 ; je 0x40c8a2 mov word [esp + ebx*2], ax inc ebx jmp short loc_0040c8a2 ; jmp 0x40c8a2 loc_0040c8dd: mov esi, dword [esp + 0x20] shl esi, 4 test ebx, ebx je short loc_0040c901 ; je 0x40c901 call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv ebx mov ax, word [esp + edx*2] mov word [esi + ref_00498e2e], ax ; mov word [esi + 0x498e2e], ax jmp short loc_0040c90a ; jmp 0x40c90a loc_0040c901: xor edx, edx mov word [esi + ref_00498e2e], dx ; mov word [esi + 0x498e2e], dx loc_0040c90a: add esp, 0xc pop ebp pop edi pop esi pop ebx ret fcn_0040c912: push ebx push esi push edi push ebp sub esp, 0x94 xor ebx, ebx mov edx, dword [_current_player] ; mov edx, dword [0x49910c] cmp edx, 4 jge near loc_0040cbdd ; jge 0x40cbdd imul eax, edx, 0x68 mov ch, byte [eax + (_players+21)] ; mov ch, byte [eax + 0x496b7d] test ch, ch je near loc_0040cc0d ; je 0x40cc0d cmp dword [esp + 0xa8], 0 jne near loc_0040cbc2 ; jne 0x40cbc2 cmp dword [eax + (_players+50)], 0 ; cmp dword [eax + 0x496b9a], 0 jne short loc_0040c962 ; jne 0x40c962 cmp byte [eax + (_players+54)], 0 ; cmp byte [eax + 0x496b9e], 0 je near loc_0040cba5 ; je 0x40cba5 loc_0040c962: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 test byte [eax + (_players+21)], 0x30 ; test byte [eax + 0x496b7d], 0x30 je short loc_0040c97c ; je 0x40c97c call fcn_0040dd1f ; call 0x40dd1f jmp near loc_0040cc0d ; jmp 0x40cc0d loc_0040c97c: call fcn_0044808a ; call 0x44808a imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov edi, dword [eax + (_players+0)] ; mov edi, dword [eax + 0x496b68] push edi lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 xor dh, dh mov byte [esp], dh imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov cl, byte [eax + (_players+50)] ; mov cl, byte [eax + 0x496b9a] test cl, cl je short loc_0040c9da ; je 0x40c9da mov al, cl and al, 0x7f and eax, 0xff inc eax push eax lea eax, [esp + 0x84] push eax push ref_004631e0 ; push 0x4631e0 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 loc_0040c9da: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ch, byte [eax + (_players+51)] ; mov ch, byte [eax + 0x496b9b] test ch, ch je short loc_0040ca10 ; je 0x40ca10 mov al, ch and al, 0x3f and eax, 0xff inc eax push eax lea eax, [esp + 0x84] push eax push ref_004631f5 ; push 0x4631f5 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 loc_0040ca10: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+52)], 0 ; cmp byte [eax + 0x496b9c], 0 je short loc_0040ca89 ; je 0x40ca89 call clib_rand ; call 0x456f2d test al, 1 je short loc_0040ca59 ; je 0x40ca59 mov esi, dword [_current_player] ; mov esi, dword [0x49910c] imul eax, esi, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov edi, dword [edx + eax*8 + ref_00480896] ; mov edi, dword [edx + eax*8 + 0x480896] push edi push 2 push esi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_0040ca59: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov al, byte [eax + (_players+52)] ; mov al, byte [eax + 0x496b9c] and al, 0x7f and eax, 0xff inc eax push eax lea eax, [esp + 0x84] push eax push ref_0046320a ; push 0x46320a lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 loc_0040ca89: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+53)], 0 ; cmp byte [eax + 0x496b9d], 0 je short loc_0040cb02 ; je 0x40cb02 call clib_rand ; call 0x456f2d test al, 1 je short loc_0040cad2 ; je 0x40cad2 mov esi, dword [_current_player] ; mov esi, dword [0x49910c] imul eax, esi, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov edi, dword [edx + eax*8 + ref_0048089a] ; mov edi, dword [edx + eax*8 + 0x48089a] push edi push 2 push esi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_0040cad2: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov al, byte [eax + (_players+53)] ; mov al, byte [eax + 0x496b9d] and al, 0x7f and eax, 0xff inc eax push eax lea eax, [esp + 0x84] push eax push ref_0046321f ; push 0x46321f lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 loc_0040cb02: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+54)], 0 ; cmp byte [eax + 0x496b9e], 0 je short loc_0040cb84 ; je 0x40cb84 cmp dword [eax + (_players+50)], 0 ; cmp dword [eax + 0x496b9a], 0 jne short loc_0040cb84 ; jne 0x40cb84 call clib_rand ; call 0x456f2d test al, 1 je short loc_0040cb54 ; je 0x40cb54 mov edi, dword [_current_player] ; mov edi, dword [0x49910c] imul eax, edi, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov ebp, dword [edx + eax*8 + ref_0048089e] ; mov ebp, dword [edx + eax*8 + 0x48089e] push ebp push 1 push edi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_0040cb54: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov al, byte [eax + (_players+54)] ; mov al, byte [eax + 0x496b9e] and al, 0x7f and eax, 0xff inc eax push eax lea eax, [esp + 0x84] push eax push ref_00463234 ; push 0x463234 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 loc_0040cb84: cmp byte [esp], 0 je near loc_0040cc0d ; je 0x40cc0d push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 jmp near loc_0040cc0d ; jmp 0x40cc0d loc_0040cba5: cmp byte [eax + (_players+55)], 0 ; cmp byte [eax + 0x496b9f], 0 je short loc_0040cbba ; je 0x40cbba call fcn_0040dd1f ; call 0x40dd1f mov ebx, 0xffffffff jmp short loc_0040cc0d ; jmp 0x40cc0d loc_0040cbba: mov bl, byte [eax + (_players+21)] ; mov bl, byte [eax + 0x496b7d] jmp short loc_0040cc0d ; jmp 0x40cc0d loc_0040cbc2: test ch, 0x30 jne short loc_0040cc0d ; jne 0x40cc0d cmp dword [eax + (_players+50)], 0 ; cmp dword [eax + 0x496b9a], 0 jne short loc_0040cc0d ; jne 0x40cc0d cmp byte [eax + (_players+54)], 0 ; cmp byte [eax + 0x496b9e], 0 jne short loc_0040cc0d ; jne 0x40cc0d mov bl, ch jmp short loc_0040cc0d ; jmp 0x40cc0d loc_0040cbdd: lea eax, [edx - 4] shl eax, 4 cmp byte [eax + ref_00498e32], 0 ; cmp byte [eax + 0x498e32], 0 jne short loc_0040cc0d ; jne 0x40cc0d cmp dword [esp + 0xa8], 0 jne short loc_0040cc0d ; jne 0x40cc0d cmp byte [eax + ref_00498e34], 0 ; cmp byte [eax + 0x498e34], 0 jne short loc_0040cc0d ; jne 0x40cc0d cmp byte [eax + ref_00498e36], 0 ; cmp byte [eax + 0x498e36], 0 jne short loc_0040cc0d ; jne 0x40cc0d mov ebx, 2 loc_0040cc0d: mov eax, ebx add esp, 0x94 pop ebp pop edi pop esi pop ebx ret fcn_0040cc1a: push ebx imul eax, dword [esp + 8], 0x68 xor dl, dl mov byte [eax + (_players+61)], dl ; mov byte [eax + 0x496ba5], dl xor edx, edx mov dl, byte [eax + (_players+65)] ; mov dl, byte [eax + 0x496ba9] dec edx imul edx, edx, 0x68 xor bl, bl mov byte [edx + (_players+65)], bl ; mov byte [edx + 0x496ba9], bl xor edx, edx mov dl, byte [eax + (_players+65)] ; mov dl, byte [eax + 0x496ba9] dec edx imul edx, edx, 0x68 mov byte [edx + (_players+61)], bl ; mov byte [edx + 0x496ba5], bl mov byte [eax + (_players+65)], bl ; mov byte [eax + 0x496ba9], bl pop ebx ret fcn_0040cc56: push ebx push esi push edi mov cl, byte [esp + 0x10] mov edi, 0x100 shl edi, cl imul edx, dword [esp + 0x10], 0x68 xor ecx, ecx mov cx, word [edx + (_players+12)] ; mov cx, word [edx + 0x496b74] mov eax, ecx shl eax, 2 add eax, ecx shl eax, 3 mov ecx, dword [ref_00498e80] ; mov ecx, dword [0x498e80] add eax, ecx mov ecx, edi not ecx and dword [eax + 0x24], ecx xor eax, eax mov ax, word [edx + (_players+12)] ; mov ax, word [edx + 0x496b74] push eax call fcn_0040aa6c ; call 0x40aa6c add esp, 4 mov ecx, eax shl eax, 2 add eax, ecx shl eax, 3 mov ebx, dword [ref_00498e80] ; mov ebx, dword [0x498e80] add ebx, eax xor eax, eax jmp short loc_0040ccb9 ; jmp 0x40ccb9 loc_0040ccb3: inc eax cmp eax, 4 jge short loc_0040ccc8 ; jge 0x40ccc8 loc_0040ccb9: mov edx, eax mov dx, word [ebx + edx*2 + 0x18] and edx, 0xffff je short loc_0040ccb3 ; je 0x40ccb3 loc_0040ccc8: imul esi, dword [esp + 0x10], 0x68 mov ax, word [ebx] mov word [esi + (_players+8)], ax ; mov word [esi + 0x496b70], ax mov ax, word [ebx + 2] mov word [esi + (_players+10)], ax ; mov word [esi + 0x496b72], ax mov word [esi + (_players+12)], cx ; mov word [esi + 0x496b74], cx mov word [esi + (_players+14)], dx ; mov word [esi + 0x496b76], dx push ecx push edx call fcn_00407a8c ; call 0x407a8c add esp, 8 mov byte [esi + (_players+16)], al ; mov byte [esi + 0x496b78], al or dword [ebx + 0x24], edi pop edi pop esi pop ebx ret fcn_0040cd07: push ebx mov edx, dword [esp + 8] imul eax, edx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_0040cd70 ; je 0x40cd70 cmp dword [eax + (_players+50)], 0 ; cmp dword [eax + 0x496b9a], 0 jne short loc_0040cd70 ; jne 0x40cd70 mov cl, byte [eax + (_players+17)] ; mov cl, byte [eax + 0x496b79] test cl, cl je short loc_0040cd5b ; je 0x40cd5b mov al, cl and al, 3 cmp al, 1 jb short loc_0040cd49 ; jb 0x40cd49 jbe short loc_0040cd3b ; jbe 0x40cd3b cmp al, 2 je short loc_0040cd43 ; je 0x40cd43 jmp short loc_0040cd49 ; jmp 0x40cd49 loc_0040cd3b: inc byte [ref_00497324] ; inc byte [0x497324] jmp short loc_0040cd49 ; jmp 0x40cd49 loc_0040cd43: inc byte [ref_00497325] ; inc byte [0x497325] loc_0040cd49: imul eax, edx, 0x68 xor bl, bl mov byte [eax + (_players+17)], bl ; mov byte [eax + 0x496b79], bl mov byte [eax + (_players+18)], 1 ; mov byte [eax + 0x496b7a], 1 loc_0040cd5b: imul eax, edx, 0x68 or byte [eax + (_players+21)], 0x40 ; or byte [eax + 0x496b7d], 0x40 push edx call fcn_0040b93b ; call 0x40b93b add esp, 4 pop ebx ret loc_0040cd70: imul eax, edx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 jne short loc_0040cd85 ; jne 0x40cd85 push edx call fcn_0040cc56 ; call 0x40cc56 add esp, 4 loc_0040cd85: pop ebx ret fcn_0040cd87: push ebx push esi push edi push ebp sub esp, 0x404 imul eax, dword [esp + 0x418], 0x68 mov dl, byte [eax + (_players+21)] ; mov dl, byte [eax + 0x496b7d] mov byte [esp + 0x400], dl test dl, dl je near loc_0040d288 ; je 0x40d288 xor ebx, ebx mov bx, word [eax + (_players+12)] ; mov bx, word [eax + 0x496b74] mov edx, ebx shl edx, 2 add edx, ebx mov ebx, dword [ref_00498e80] ; mov ebx, dword [0x498e80] mov dx, word [ebx + edx*8] mov word [eax + (_players+8)], dx ; mov word [eax + 0x496b70], dx xor esi, esi mov si, word [eax + (_players+12)] ; mov si, word [eax + 0x496b74] mov edx, esi shl edx, 2 add edx, esi mov dx, word [ebx + edx*8 + 2] mov word [eax + (_players+10)], dx ; mov word [eax + 0x496b72], dx xor esi, esi mov si, word [eax + (_players+12)] ; mov si, word [eax + 0x496b74] mov edx, esi shl edx, 2 add edx, esi shl edx, 3 add edx, ebx mov cl, byte [esp + 0x418] mov ebx, 0x100 shl ebx, cl or dword [edx + 0x24], ebx xor dh, dh mov byte [eax + (_players+21)], dh ; mov byte [eax + 0x496b7d], dh mov edx, dword [esp + 0x418] xor bl, bl mov byte [edx + ref_00496b30], bl ; mov byte [edx + 0x496b30], bl mov byte [edx + ref_00496b60], bl ; mov byte [edx + 0x496b60], bl mov cl, byte [eax + (_players+63)] ; mov cl, byte [eax + 0x496ba7] test cl, cl je short loc_0040ce48 ; je 0x40ce48 mov al, cl and eax, 0xff push eax call fcn_0040e14d ; call 0x40e14d add esp, 4 loc_0040ce48: imul eax, dword [esp + 0x418], 0x68 mov ch, byte [eax + (_players+64)] ; mov ch, byte [eax + 0x496ba8] test ch, ch je short loc_0040ce6a ; je 0x40ce6a mov al, ch and eax, 0xff push eax call fcn_0040e14d ; call 0x40e14d add esp, 4 loc_0040ce6a: mov esi, dword [esp + 0x418] imul eax, esi, 0x68 cmp byte [eax + (_players+65)], 0 ; cmp byte [eax + 0x496ba9], 0 je short loc_0040ce86 ; je 0x40ce86 push esi call fcn_0040cc1a ; call 0x40cc1a add esp, 4 loc_0040ce86: xor ebx, ebx jmp short loc_0040ce90 ; jmp 0x40ce90 loc_0040ce8a: inc ebx cmp ebx, 2 jge short loc_0040cec0 ; jge 0x40cec0 loc_0040ce90: mov eax, ebx shl eax, 4 cmp byte [eax + ref_00498e32], 0 ; cmp byte [eax + 0x498e32], 0 jne short loc_0040ce8a ; jne 0x40ce8a mov al, byte [eax + ref_00498e30] ; mov al, byte [eax + 0x498e30] and eax, 0xff cmp eax, dword [esp + 0x418] jne short loc_0040ce8a ; jne 0x40ce8a lea eax, [ebx + 4] push eax call fcn_0043d593 ; call 0x43d593 add esp, 4 jmp short loc_0040ce8a ; jmp 0x40ce8a loc_0040cec0: mov ebx, 2 jmp short loc_0040cecd ; jmp 0x40cecd loc_0040cec7: inc ebx cmp ebx, 4 jge short loc_0040cefd ; jge 0x40cefd loc_0040cecd: mov eax, ebx shl eax, 4 cmp byte [eax + ref_00498e32], 0 ; cmp byte [eax + 0x498e32], 0 jne short loc_0040cec7 ; jne 0x40cec7 mov al, byte [eax + ref_00498e30] ; mov al, byte [eax + 0x498e30] and eax, 0xff cmp eax, dword [esp + 0x418] jne short loc_0040cec7 ; jne 0x40cec7 lea eax, [ebx + 4] push eax call fcn_0043ec3f ; call 0x43ec3f add esp, 4 jmp short loc_0040cec7 ; jmp 0x40cec7 loc_0040cefd: imul esi, dword [esp + 0x418], 0x68 mov ebx, (_players+0) ; mov ebx, 0x496b68 add ebx, esi lea eax, [ebx + 0x1c] mov edx, eax sub edx, ebx mov ebx, edx mov edx, 0x68 sub edx, ebx push edx push 0 push eax call memset ; call 0x456f60 add esp, 0xc xor eax, eax mov al, byte [esi + (_players+19)] ; mov al, byte [esi + 0x496b7b] mov byte [eax + ref_004990f4], 2 ; mov byte [eax + 0x4990f4], 2 mov esi, dword [esp + 0x418] push esi call fcn_0040b93b ; call 0x40b93b add esp, 4 xor ebx, ebx mov esi, dword [esp + 0x418] loc_0040cf50: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_0040cf6d ; jge 0x40cf6d cmp ebx, esi je short loc_0040cf6a ; je 0x40cf6a imul eax, ebx, 0x68 mov edx, esi xor ebp, ebp mov dword [eax + edx*4 + (_players+76)], ebp ; mov dword [eax + edx*4 + 0x496bb4], ebp loc_0040cf6a: inc ebx jmp short loc_0040cf50 ; jmp 0x40cf50 loc_0040cf6d: xor eax, eax mov dword [ref_0048be18], eax ; mov dword [0x48be18], eax mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] mov eax, dword [esp + 0x418] mov dword [_current_player], eax ; mov dword [0x49910c], eax push 2 call fcn_004549cf ; call 0x4549cf add esp, 4 push 1 call fcn_0041906a ; call 0x41906a add esp, 4 push 0 push 0 push 0x22b mov edx, dword [ref_0048a0e4] ; mov edx, dword [0x48a0e4] push edx call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x64 push 1 push 0x28 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 push 0x7d0 call fcn_0045285e ; call 0x45285e add esp, 4 cmp dword [ref_00499104], 1 ; cmp dword [0x499104], 1 jne short loc_0040d002 ; jne 0x40d002 test byte [esp + 0x400], 1 je short loc_0040d002 ; je 0x40d002 push 0 call fcn_00407842 ; call 0x407842 add esp, 4 mov byte [ref_0046caf8], al ; mov byte [0x46caf8], al jmp near loc_0040d274 ; jmp 0x40d274 loc_0040d002: xor ebx, ebx xor eax, eax xor esi, esi loc_0040d008: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_0040d029 ; jge 0x40d029 imul edx, ebx, 0x68 mov cl, byte [edx + (_players+21)] ; mov cl, byte [edx + 0x496b7d] test cl, cl je short loc_0040d026 ; je 0x40d026 test cl, 1 je short loc_0040d025 ; je 0x40d025 mov edi, ebx inc esi loc_0040d025: inc eax loc_0040d026: inc ebx jmp short loc_0040d008 ; jmp 0x40d008 loc_0040d029: test esi, esi jne short loc_0040d039 ; jne 0x40d039 mov byte [ref_0046caf8], 1 ; mov byte [0x46caf8], 1 jmp near loc_0040d282 ; jmp 0x40d282 loc_0040d039: cmp eax, 1 jne short loc_0040d089 ; jne 0x40d089 imul eax, edi, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov ecx, dword [edx + eax*8 + ref_004808aa] ; mov ecx, dword [edx + eax*8 + 0x4808aa] push ecx push 3 push edi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc cmp dword [ref_00499104], 1 ; cmp dword [0x499104], 1 jne short loc_0040d07d ; jne 0x40d07d mov byte [ref_0046caf8], 2 ; mov byte [0x46caf8], 2 jmp near loc_0040d282 ; jmp 0x40d282 loc_0040d07d: mov byte [ref_0046caf8], 3 ; mov byte [0x46caf8], 3 jmp near loc_0040d282 ; jmp 0x40d282 loc_0040d089: xor esi, esi mov ebx, 1 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] loc_0040d095: add eax, 0x34 cmp ebx, dword [ref_00498e98] ; cmp ebx, dword [0x498e98] jg short loc_0040d0cc ; jg 0x40d0cc xor edx, edx mov dl, byte [eax + 0x19] mov edi, dword [esp + 0x418] inc edi cmp edx, edi jne short loc_0040d0c9 ; jne 0x40d0c9 mov byte [eax + 0x19], 0 mov dword [eax + 0x30], 0 mov edi, ebx add edi, 0x7d0 mov word [esp + esi*2], di inc esi loc_0040d0c9: inc ebx jmp short loc_0040d095 ; jmp 0x40d095 loc_0040d0cc: mov ebx, 1 mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] loc_0040d0d6: add eax, 0x38 cmp ebx, dword [ref_00498e8c] ; cmp ebx, dword [0x498e8c] jg short loc_0040d10d ; jg 0x40d10d xor edx, edx mov dl, byte [eax + 0x19] mov edi, dword [esp + 0x418] inc edi cmp edx, edi jne short loc_0040d10a ; jne 0x40d10a mov byte [eax + 0x19], 0 mov dword [eax + 0x34], 0 mov edi, ebx add edi, 0xfa0 mov word [esp + esi*2], di inc esi loc_0040d10a: inc ebx jmp short loc_0040d0d6 ; jmp 0x40d0d6 loc_0040d10d: mov ebx, 1 mov eax, dword [ref_00498e7c] ; mov eax, dword [0x498e7c] loc_0040d117: add eax, 0x34 cmp ebx, dword [ref_00498e90] ; cmp ebx, dword [0x498e90] jg short loc_0040d139 ; jg 0x40d139 movzx edi, byte [eax + 0x18] mov edx, dword [esp + 0x418] inc edx cmp edi, edx jne short loc_0040d136 ; jne 0x40d136 mov byte [eax + 0x18], 0 loc_0040d136: inc ebx jmp short loc_0040d117 ; jmp 0x40d117 loc_0040d139: push 0 call fcn_0040a4e1 ; call 0x40a4e1 add esp, 4 xor ebx, ebx jmp short loc_0040d14d ; jmp 0x40d14d loc_0040d147: inc ebx cmp ebx, 0xc jge short loc_0040d185 ; jge 0x40d185 loc_0040d14d: mov edx, dword [esp + 0x418] mov eax, edx shl eax, 2 sub eax, edx shl eax, 5 mov edx, ebx shl edx, 3 add eax, edx mov edi, dword [eax + _player_stocks] ; mov edi, dword [eax + 0x4971a0] test edi, edi je short loc_0040d147 ; je 0x40d147 push 0 push edi push ebx mov ecx, dword [esp + 0x424] push ecx call fcn_00428e23 ; call 0x428e23 add esp, 0x10 jmp short loc_0040d147 ; jmp 0x40d147 loc_0040d185: mov ebx, dword [esp + 0x418] push ebx call fcn_00445b3f ; call 0x445b3f add esp, 4 push ebx call fcn_00441f21 ; call 0x441f21 add esp, 4 xor ebx, ebx jmp short loc_0040d1a8 ; jmp 0x40d1a8 loc_0040d1a2: inc ebx cmp ebx, 0x24 jge short loc_0040d1c6 ; jge 0x40d1c6 loc_0040d1a8: xor eax, eax mov al, byte [ebx + ref_004990b8] ; mov al, byte [ebx + 0x4990b8] mov edx, dword [esp + 0x418] inc edx cmp eax, edx jne short loc_0040d1a2 ; jne 0x40d1a2 xor al, dl mov byte [ebx + ref_004990b8], al ; mov byte [ebx + 0x4990b8], al jmp short loc_0040d1a2 ; jmp 0x40d1a2 loc_0040d1c6: cmp esi, 3 jle short loc_0040d211 ; jle 0x40d211 push 5 call fcn_004549cf ; call 0x4549cf add esp, 4 xor ebx, ebx jmp short loc_0040d1f7 ; jmp 0x40d1f7 loc_0040d1d9: push 0 xor eax, eax mov ax, dx push eax push 0xffffffffffffffff call fcn_0043bde5 ; call 0x43bde5 add esp, 0xc xor ecx, ecx mov word [esp + edi], cx inc ebx cmp ebx, 3 jge short loc_0040d211 ; jge 0x40d211 loc_0040d1f7: call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv esi lea edi, [edx + edx] mov dx, word [esp + edi] test dx, dx je short loc_0040d1f7 ; je 0x40d1f7 jmp short loc_0040d1d9 ; jmp 0x40d1d9 loc_0040d211: push 1 call fcn_0041906a ; call 0x41906a add esp, 4 imul eax, dword [esp + 0x418], 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov ecx, dword [edx + eax*8 + ref_004808ae] ; mov ecx, dword [edx + eax*8 + 0x4808ae] push ecx push 2 mov ebx, dword [esp + 0x420] push ebx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc imul eax, ebx, 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] movsx edx, word [eax + 0xe] push edx movsx edx, word [eax + 0xc] push edx push 0 push 0 add eax, 0xc push eax call fcn_004553fe ; call 0x4553fe add esp, 0x14 loc_0040d274: cmp byte [ref_0046caf8], 0 ; cmp byte [0x46caf8], 0 jne short loc_0040d282 ; jne 0x40d282 call fcn_00454bcc ; call 0x454bcc loc_0040d282: mov dword [_current_player], ebp ; mov dword [0x49910c], ebp loc_0040d288: add esp, 0x404 pop ebp pop edi pop esi pop ebx ret fcn_0040d293: mov edx, dword [esp + 4] test dl, 0xff jne short loc_0040d2a2 ; jne 0x40d2a2 mov eax, 0xffffffff ret loc_0040d2a2: xor eax, eax jmp short loc_0040d2ae ; jmp 0x40d2ae loc_0040d2a6: sar edx, 1 inc eax cmp eax, 8 jge short loc_0040d2b3 ; jge 0x40d2b3 loc_0040d2ae: test dl, 1 je short loc_0040d2a6 ; je 0x40d2a6 loc_0040d2b3: ret fcn_0040d2b4: xor eax, eax xor ecx, ecx loc_0040d2b8: cmp eax, dword [_nplayers] ; cmp eax, dword [0x499114] jge short loc_0040d2d0 ; jge 0x40d2d0 imul edx, eax, 0x68 cmp byte [edx + (_players+21)], 0 ; cmp byte [edx + 0x496b7d], 0 je short loc_0040d2cd ; je 0x40d2cd inc ecx loc_0040d2cd: inc eax jmp short loc_0040d2b8 ; jmp 0x40d2b8 loc_0040d2d0: mov eax, ecx ret fcn_0040d2d3: push ebx push esi push edi mov esi, dword [esp + 0x10] xor eax, eax xor ecx, ecx mov edi, 0xffffffff loc_0040d2e3: cmp eax, dword [_nplayers] ; cmp eax, dword [0x499114] jge short loc_0040d316 ; jge 0x40d316 cmp eax, esi je short loc_0040d313 ; je 0x40d313 imul edx, eax, 0x68 cmp byte [edx + (_players+21)], 0 ; cmp byte [edx + 0x496b7d], 0 je short loc_0040d313 ; je 0x40d313 imul edx, esi, 0x68 mov ebx, eax shl ebx, 2 add edx, ebx mov ebx, dword [edx + (_players+76)] ; mov ebx, dword [edx + 0x496bb4] cmp ecx, ebx jge short loc_0040d313 ; jge 0x40d313 mov ecx, ebx mov edi, eax loc_0040d313: inc eax jmp short loc_0040d2e3 ; jmp 0x40d2e3 loc_0040d316: mov eax, edi pop edi pop esi pop ebx ret fcn_0040d31c: push ebx push esi sub esp, 4 mov edx, dword [esp + 0x10] xor ebx, ebx xor esi, esi loc_0040d329: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_0040d351 ; jge 0x40d351 cmp ebx, edx je short loc_0040d34e ; je 0x40d34e imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_0040d34e ; je 0x40d34e cmp dword [eax + (_players+50)], 0 ; cmp dword [eax + 0x496b9a], 0 jne short loc_0040d34e ; jne 0x40d34e mov byte [esp + esi], bl inc esi loc_0040d34e: inc ebx jmp short loc_0040d329 ; jmp 0x40d329 loc_0040d351: test esi, esi je short loc_0040d368 ; je 0x40d368 call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv esi xor ebx, ebx mov bl, byte [esp + edx] jmp short loc_0040d36d ; jmp 0x40d36d loc_0040d368: mov ebx, 0xffffffff loc_0040d36d: mov eax, ebx add esp, 4 pop esi pop ebx ret fcn_0040d375: push ebx push esi push edi push ebp sub esp, 4 mov cl, byte [esp + 0x18] mov edi, 0x100 shl edi, cl mov edx, dword [esp + 0x18] imul ebx, edx, 0x68 mov al, byte [esp + 0x20] shl al, 6 mov ah, byte [esp + 0x1c] or ah, al mov byte [esp], ah mov ah, byte [ebx + (_players+51)] ; mov ah, byte [ebx + 0x496b9b] test ah, ah jne near loc_0040d4c5 ; jne 0x40d4c5 push edx call fcn_0040d761 ; call 0x40d761 add esp, 4 xor edx, edx mov dx, word [ebx + (_players+12)] ; mov dx, word [ebx + 0x496b74] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 mov esi, dword [ref_00498e80] ; mov esi, dword [0x498e80] add esi, eax push 0 xor eax, eax mov ax, word [ebx + (_players+10)] ; mov ax, word [ebx + 0x496b72] push eax xor eax, eax mov ax, word [ebx + (_players+8)] ; mov ax, word [ebx + 0x496b70] push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov ebp, dword [esp + 0x1c] push ebp mov eax, dword [esp + 0x1c] push eax call fcn_0044f2c2 ; call 0x44f2c2 add esp, 8 push 0 mov eax, ebp shl eax, 2 sub eax, ebp shl eax, 3 add eax, ebp shl eax, 4 mov edx, eax shl eax, 2 add eax, edx imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] push eax mov ecx, dword [esp + 0x20] push ecx call fcn_0044ba63 ; call 0x44ba63 add esp, 0xc mov al, byte [esp + 0x1c] add byte [ebx + (_players+66)], al ; add byte [ebx + 0x496baa], al mov al, byte [esp] mov byte [ebx + (_players+51)], al ; mov byte [ebx + 0x496b9b], al mov eax, edi not eax and dword [esi + 0x24], eax mov edi, dword [esp + 0x20] test edi, edi jne short loc_0040d472 ; jne 0x40d472 push edi push edi push 0x22e mov eax, dword [ref_0048a0e4] ; mov eax, dword [0x48a0e4] push eax call fcn_00450441 ; call 0x450441 add esp, 0x10 mov ebx, eax push 0x60 push 0x140001 push 0x28 push edi jmp short loc_0040d497 ; jmp 0x40d497 loc_0040d472: push 0 push 0 push 0x215 mov ebp, dword [ref_0048a0e4] ; mov ebp, dword [0x48a0e4] push ebp call fcn_00450441 ; call 0x450441 add esp, 0x10 mov ebx, eax push 0x54 push 0x1c0001 push 0x28 push 0 loc_0040d497: push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 imul eax, dword [esp + 0x18], 0x68 mov dx, word [esi] mov word [eax + (_players+8)], dx ; mov word [eax + 0x496b70], dx mov dx, word [esi + 2] mov word [eax + (_players+10)], dx ; mov word [eax + 0x496b72], dx jmp short loc_0040d4dd ; jmp 0x40d4dd loc_0040d4c5: mov dl, ah and dl, 0x3f mov byte [ebx + (_players+51)], dl ; mov byte [ebx + 0x496b9b], dl mov al, byte [esp] mov dh, dl add dh, al mov byte [ebx + (_players+51)], dh ; mov byte [ebx + 0x496b9b], dh loc_0040d4dd: add esp, 4 pop ebp pop edi pop esi pop ebx ret fcn_0040d4e5: push ebx push edi push ebp sub esp, 4 mov cl, byte [esp + 0x14] mov ebx, 0x100 shl ebx, cl push 1 call fcn_0041906a ; call 0x41906a add esp, 4 imul edx, dword [esp + 0x14], 0x68 xor eax, eax mov al, byte [edx + (_players+51)] ; mov al, byte [edx + 0x496b9b] mov dword [esp], eax xor ecx, ecx mov cx, word [edx + (_players+12)] ; mov cx, word [edx + 0x496b74] mov eax, ecx shl eax, 2 add eax, ecx mov ecx, dword [ref_00498e80] ; mov ecx, dword [0x498e80] or dword [ecx + eax*8 + 0x24], ebx xor ah, ah mov byte [edx + (_players+51)], ah ; mov byte [edx + 0x496b9b], ah mov edi, dword [esp + 0x14] push edi call fcn_0040b93b ; call 0x40b93b add esp, 4 test byte [esp], 0x40 je short loc_0040d567 ; je 0x40d567 push 0 push 0 push 0x215 mov eax, dword [ref_0048a0e4] ; mov eax, dword [0x48a0e4] push eax call fcn_00450441 ; call 0x450441 add esp, 0x10 mov ebx, eax push 0x54 push 0x1c0001 jmp short loc_0040d588 ; jmp 0x40d588 loc_0040d567: push 0 push 0 push 0x22e mov ebp, dword [ref_0048a0e4] ; mov ebp, dword [0x48a0e4] push ebp call fcn_00450441 ; call 0x450441 add esp, 0x10 mov ebx, eax push 0x60 push 0x140001 loc_0040d588: push 0x28 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 add esp, 4 pop ebp pop edi pop ebx ret fcn_0040d5a5: push ebx push edi push ebp mov cl, byte [esp + 0x10] mov eax, 0x100 shl eax, cl mov ecx, eax not ecx imul ebx, dword [esp + 0x10], 0x68 xor edx, edx mov dx, word [ebx + (_players+12)] ; mov dx, word [ebx + 0x496b74] mov eax, edx shl eax, 2 add eax, edx mov edx, dword [ref_00498e80] ; mov edx, dword [0x498e80] and dword [edx + eax*8 + 0x24], ecx mov eax, dword [esp + 0x18] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] add eax, edx movsx edx, word [eax] movsx eax, word [eax + 2] xor ecx, ecx mov cx, word [ebx + (_players+12)] ; mov cx, word [ebx + 0x496b74] cmp ecx, dword [esp + 0x14] jne short loc_0040d650 ; jne 0x40d650 mov ecx, dword [esp + 0x10] cmp ecx, dword [_current_player] ; cmp ecx, dword [0x49910c] jne short loc_0040d650 ; jne 0x40d650 or byte [ebx + (_players+21)], 0x20 ; or byte [ebx + 0x496b7d], 0x20 mov cl, byte [ebx + (_players+16)] ; mov cl, byte [ebx + 0x496b78] mov byte [ebx + (_players+27)], cl ; mov byte [ebx + 0x496b83], cl xor ecx, ecx mov cx, word [ebx + (_players+8)] ; mov cx, word [ebx + 0x496b70] sub edx, ecx mov ecx, edx xor edx, edx mov dx, word [ebx + (_players+10)] ; mov dx, word [ebx + 0x496b72] sub eax, edx push eax push ecx call fcn_00454fb4 ; call 0x454fb4 add esp, 8 mov byte [ebx + (_players+16)], al ; mov byte [ebx + 0x496b78], al call fcn_0040dd1f ; call 0x40dd1f jmp short loc_0040d6aa ; jmp 0x40d6aa loc_0040d650: mov ecx, dword [esp + 0x10] imul ebx, ecx, 0x68 mov word [ebx + (_players+8)], dx ; mov word [ebx + 0x496b70], dx mov word [ebx + (_players+10)], ax ; mov word [ebx + 0x496b72], ax imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov dx, word [eax + (_players+12)] ; mov dx, word [eax + 0x496b74] mov word [ebx + (_players+12)], dx ; mov word [ebx + 0x496b74], dx mov dx, word [eax + (_players+14)] ; mov dx, word [eax + 0x496b76] mov word [ebx + (_players+14)], dx ; mov word [ebx + 0x496b76], dx mov al, byte [eax + (_players+16)] ; mov al, byte [eax + 0x496b78] mov byte [ebx + (_players+27)], al ; mov byte [ebx + 0x496b83], al mov edi, ecx push ecx call fcn_0040b93b ; call 0x40b93b add esp, 4 mov ebp, edi push ebp call fcn_0040fc00 ; call 0x40fc00 add esp, 4 loc_0040d6aa: imul eax, dword [esp + 0x10], 0x68 mov edx, dword [esp + 0x18] mov word [eax + (_players+74)], dx ; mov word [eax + 0x496bb2], dx pop ebp pop edi pop ebx ret fcn_0040d6be: push ebx push esi push edi mov ebx, dword [esp + 0x10] mov cl, bl mov esi, 0x100 shl esi, cl imul ebx, ebx, 0x68 or byte [ebx + (_players+21)], 0x10 ; or byte [ebx + 0x496b7d], 0x10 xor edx, edx mov dx, word [ebx + (_players+12)] ; mov dx, word [ebx + 0x496b74] mov eax, edx shl eax, 2 add eax, edx mov edx, dword [ref_00498e80] ; mov edx, dword [0x498e80] movsx ecx, word [edx + eax*8] movsx edi, word [edx + eax*8 + 2] xor edx, edx mov dx, word [ebx + (_players+8)] ; mov dx, word [ebx + 0x496b70] sub ecx, edx xor eax, eax mov ax, word [ebx + (_players+10)] ; mov ax, word [ebx + 0x496b72] sub edi, eax push edi push ecx call fcn_00454fb4 ; call 0x454fb4 add esp, 8 mov byte [ebx + (_players+16)], al ; mov byte [ebx + 0x496b78], al mov bx, word [ebx + (_players+12)] ; mov bx, word [ebx + 0x496b74] and ebx, 0xffff mov eax, ebx shl eax, 2 add eax, ebx mov edx, dword [ref_00498e80] ; mov edx, dword [0x498e80] or dword [edx + eax*8 + 0x24], esi pop edi pop esi pop ebx ret fcn_0040d73f: xor edx, edx imul eax, dword [esp + 4], 0x68 mov ecx, dword [eax + (_players+50)] ; mov ecx, dword [eax + 0x496b9a] cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_0040d75e ; je 0x40d75e test ecx, ecx jne short loc_0040d75e ; jne 0x40d75e mov edx, 1 loc_0040d75e: mov eax, edx ret fcn_0040d761: push ebx mov ebx, dword [esp + 8] imul eax, ebx, 0x68 cmp byte [eax + (_players+52)], 0 ; cmp byte [eax + 0x496b9c], 0 je short loc_0040d785 ; je 0x40d785 xor dh, dh mov byte [ebx + ref_00496b30], dh ; mov byte [ebx + 0x496b30], dh push 1 push ebx call fcn_0040bf93 ; call 0x40bf93 add esp, 8 loc_0040d785: imul eax, ebx, 0x68 cmp byte [eax + (_players+53)], 0 ; cmp byte [eax + 0x496b9d], 0 je short loc_0040d7a4 ; je 0x40d7a4 xor ch, ch mov byte [ebx + ref_00496b60], ch ; mov byte [ebx + 0x496b60], ch push 0 push ebx call fcn_0040bf93 ; call 0x40bf93 add esp, 8 loc_0040d7a4: imul ebx, ebx, 0x68 xor edx, edx mov dword [ebx + (_players+50)], edx ; mov dword [ebx + 0x496b9a], edx pop ebx ret endloc_0040d7b1: db 0x8d db 0x40 db 0x00 ref_0040d7b4: ; may contain a jump table dd loc_0040d808 dd loc_0040d8d3 dd loc_0040d975 dd loc_0040da4b fcn_0040d7c4: push ebx push esi push edi push ebp sub esp, 8 xor ah, ah mov byte [ref_0046cafa], ah ; mov byte [0x46cafa], ah cmp byte [ref_0046cafb], 0 ; cmp byte [0x46cafb], 0 je near loc_0040dd17 ; je 0x40dd17 mov edi, 1 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] imul edx, ecx, 0x34 mov al, byte [edx + ref_00498ea2] ; mov al, byte [edx + 0x498ea2] cmp al, 3 ja near loc_0040d88e ; ja 0x40d88e and eax, 0xff jmp dword [eax*4 + ref_0040d7b4] ; ujmp: jmp dword [eax*4 + 0x40d7b4] loc_0040d808: xor edi, edi cmp byte [edx + ref_00498ea5], 0 ; cmp byte [edx + 0x498ea5], 0 je near loc_0040d88e ; je 0x40d88e cmp ecx, 8 jne short loc_0040d82a ; jne 0x40d82a call fcn_0040fad6 ; call 0x40fad6 test eax, eax jne short loc_0040d82a ; jne 0x40d82a mov edi, 1 loc_0040d82a: imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov bh, byte [eax + ref_00498ea5] ; mov bh, byte [eax + 0x498ea5] test bh, 0x7f je short loc_0040d846 ; je 0x40d846 mov cl, bh dec cl mov byte [eax + ref_00498ea5], cl ; mov byte [eax + 0x498ea5], cl loc_0040d846: imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov ch, byte [eax + ref_00498ea5] ; mov ch, byte [eax + 0x498ea5] test ch, 0x7f jne near loc_0040d88e ; jne 0x40d88e test ch, 0x80 je short loc_0040d879 ; je 0x40d879 xor bl, bl mov byte [ref_0046cafb], bl ; mov byte [0x46cafb], bl mov byte [eax + ref_00498ea5], bl ; mov byte [eax + 0x498ea5], bl call fcn_00418ebd ; call 0x418ebd jmp near loc_0040d88e ; jmp 0x40d88e loc_0040d879: test edi, edi je short loc_0040d889 ; je 0x40d889 mov byte [eax + ref_00498ea5], 1 ; mov byte [eax + 0x498ea5], 1 jmp near loc_0040d88e ; jmp 0x40d88e loc_0040d889: call fcn_00418e7f ; call 0x418e7f loc_0040d88e: test edi, edi je near loc_0040dd17 ; je 0x40dd17 loc_0040d896: cmp dword [ref_0048be18], 0 ; cmp dword [0x48be18], 0 jne near loc_0040dcdf ; jne 0x40dcdf mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] cmp ebp, 4 jge near loc_0040dcc4 ; jge 0x40dcc4 mov edx, ebp imul eax, ebp, 0x68 xor edx, ebp mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] loc_0040d8c8: and eax, 0xffff push eax jmp near loc_0040dced ; jmp 0x40dced loc_0040d8d3: cmp dword [ref_0048baf8], 0 ; cmp dword [0x48baf8], 0 jne short loc_0040d932 ; jne 0x40d932 mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542e9 ; call 0x4542e9 add esp, 4 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] cmp ebp, 4 jge short loc_0040d916 ; jge 0x40d916 imul eax, ebp, 0x68 cmp byte [eax + (_players+64)], 0 ; cmp byte [eax + 0x496ba8], 0 je short loc_0040d916 ; je 0x40d916 push ref_00482362 ; push 0x482362 call fcn_004542e9 ; call 0x4542e9 add esp, 4 loc_0040d916: imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 xor bl, bl mov byte [eax + ref_00498ea2], bl ; mov byte [eax + 0x498ea2], bl mov byte [eax + ref_00498ea3], bl ; mov byte [eax + 0x498ea3], bl mov byte [eax + ref_00498ea5], 5 ; mov byte [eax + 0x498ea5], 5 loc_0040d932: cmp byte [ref_0048bb00], 0 ; cmp byte [0x48bb00], 0 je short loc_0040d947 ; je 0x40d947 xor al, al mov byte [ref_0048bb00], al ; mov byte [0x48bb00], al call fcn_0041b42d ; call 0x41b42d loc_0040d947: cmp dword [ref_0048baf8], 0 ; cmp dword [0x48baf8], 0 je short loc_0040d966 ; je 0x40d966 call fcn_0040c05c ; call 0x40c05c test eax, eax je short loc_0040d966 ; je 0x40d966 mov byte [ref_0048bb00], 1 ; mov byte [0x48bb00], 1 dec dword [ref_0048baf8] ; dec dword [0x48baf8] loc_0040d966: push 1 call fcn_00416e6d ; call 0x416e6d add esp, 4 jmp near loc_0040d88e ; jmp 0x40d88e loc_0040d975: mov bl, byte [edx + ref_00498ea3] ; mov bl, byte [edx + 0x498ea3] inc bl mov byte [edx + ref_00498ea3], bl ; mov byte [edx + 0x498ea3], bl xor eax, eax mov al, byte [edx + ref_00498ea1] ; mov al, byte [edx + 0x498ea1] mov esi, dword [edx + eax*4 + ref_00498ec4] ; mov esi, dword [edx + eax*4 + 0x498ec4] mov esi, dword [esi + 4] sar esi, 3 xor eax, eax mov al, bl cmp eax, esi jne near loc_0040d88e ; jne 0x40d88e call fcn_00447285 ; call 0x447285 push eax call fcn_00419572 ; call 0x419572 add esp, 4 mov dword [ref_0048baf8], eax ; mov dword [0x48baf8], eax mov dword [ref_0048bafc], eax ; mov dword [0x48bafc], eax mov esi, dword [_current_player] ; mov esi, dword [0x49910c] imul eax, esi, 0x34 cmp byte [eax + ref_00498ea1], 0 ; cmp byte [eax + 0x498ea1], 0 je short loc_0040d9da ; je 0x40d9da mov dword [ref_004749d4], 0xf ; mov dword [0x4749d4], 0xf jmp short loc_0040d9f2 ; jmp 0x40d9f2 loc_0040d9da: imul eax, esi, 0x68 mov al, byte [eax + (_players+17)] ; mov al, byte [eax + 0x496b79] and al, 3 and eax, 0xff add eax, 0xb mov dword [ref_004749d4], eax ; mov dword [0x4749d4], eax loc_0040d9f2: push 1 mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542ce ; call 0x4542ce add esp, 8 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] cmp edx, 4 jge short loc_0040da30 ; jge 0x40da30 imul eax, edx, 0x68 cmp byte [eax + (_players+64)], 0 ; cmp byte [eax + 0x496ba8], 0 je short loc_0040da30 ; je 0x40da30 push 1 push ref_00482362 ; push 0x482362 call fcn_004542ce ; call 0x4542ce add esp, 8 loc_0040da30: imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov byte [eax + ref_00498ea2], 1 ; mov byte [eax + 0x498ea2], 1 xor dl, dl mov byte [eax + ref_00498ea3], dl ; mov byte [eax + 0x498ea3], dl jmp near loc_0040d88e ; jmp 0x40d88e loc_0040da4b: mov bl, byte [ref_004749e0] ; mov bl, byte [0x4749e0] test bl, bl je short loc_0040da64 ; je 0x40da64 mov ah, bl dec ah mov byte [ref_004749e0], ah ; mov byte [0x4749e0], ah jmp near loc_0040dd17 ; jmp 0x40dd17 loc_0040da64: imul ebx, ecx, 0x68 mov cl, byte [edx + ref_00498ea3] ; mov cl, byte [edx + 0x498ea3] test cl, cl jne near loc_0040dbde ; jne 0x40dbde xor edx, edx mov dx, word [ebx + (_players+12)] ; mov dx, word [ebx + 0x496b74] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 mov ebx, dword [ref_00498e80] ; mov ebx, dword [0x498e80] add ebx, eax mov si, word [ebx + 0x20] cmp si, 0x7d0 jbe short loc_0040dae9 ; jbe 0x40dae9 cmp si, 0xfa0 jae short loc_0040dae9 ; jae 0x40dae9 xor eax, eax mov ax, si sub eax, 0x7d0 imul eax, eax, 0x34 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] add edx, eax movsx eax, word [edx] mov dword [esp], eax movsx eax, word [edx + 2] mov dword [esp + 4], eax cmp byte [edx + 0x19], 0 je short loc_0040db3e ; je 0x40db3e mov eax, dword [ref_004990e8] ; mov eax, dword [0x4990e8] add eax, eax mov ecx, eax shl eax, 4 sub eax, ecx push eax mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax xor eax, eax mov al, byte [edx + 0x19] sub eax, edi jmp short loc_0040db35 ; jmp 0x40db35 loc_0040dae9: xor eax, eax mov ax, si sub eax, 0xfa0 shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] add edx, eax movsx eax, word [edx] mov dword [esp], eax movsx eax, word [edx + 2] mov dword [esp + 4], eax cmp byte [edx + 0x19], 0 je short loc_0040db3e ; je 0x40db3e mov eax, dword [ref_004990e8] ; mov eax, dword [0x4990e8] add eax, eax mov ecx, eax shl eax, 4 sub eax, ecx push eax mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp xor eax, eax mov al, byte [edx + 0x19] dec eax loc_0040db35: push eax call fcn_0040df69 ; call 0x40df69 add esp, 0xc loc_0040db3e: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov dl, byte [eax + (_players+16)] ; mov dl, byte [eax + 0x496b78] mov byte [eax + (_players+27)], dl ; mov byte [eax + 0x496b83], dl movsx eax, word [ebx + 2] mov edx, dword [esp + 4] sub edx, eax push edx movsx eax, word [ebx] mov edx, dword [esp + 4] sub edx, eax push edx call fcn_00454fb4 ; call 0x454fb4 mov edx, eax add esp, 8 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov byte [eax + (_players+16)], dl ; mov byte [eax + 0x496b78], dl push 0 lea eax, [esp + 8] push eax lea eax, [esp + 8] push eax xor eax, eax mov ax, si push eax call fcn_0040b066 ; call 0x40b066 add esp, 0x10 push 0 push 0 push 0x20e mov ebx, dword [ref_0048a0e4] ; mov ebx, dword [0x48a0e4] push ebx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048bb01], eax ; mov dword [0x48bb01], eax push 0xff0001 mov edx, dword [esp + 8] sub edx, 0x37 push edx mov edx, dword [esp + 8] sub edx, 0x37 push edx push eax call fcn_00450ced ; call 0x450ced add esp, 0x10 mov byte [ref_004749e0], 6 ; mov byte [0x4749e0], 6 jmp near loc_0040d88e ; jmp 0x40d88e loc_0040dbde: mov esi, dword [edx + ref_00498ecc] ; mov esi, dword [edx + 0x498ecc] mov esi, dword [esi + 4] sar esi, 3 xor eax, eax mov al, cl mov dword [esp], eax cmp eax, 3 jne short loc_0040dc21 ; jne 0x40dc21 push 2 xor edx, edx mov dx, word [ebx + (_players+12)] ; mov dx, word [ebx + 0x496b74] mov eax, edx shl eax, 2 add eax, edx mov edx, dword [ref_00498e80] ; mov edx, dword [0x498e80] mov ax, word [edx + eax*8 + 0x20] and eax, 0xffff push eax call fcn_0040ab4a ; call 0x40ab4a add esp, 8 loc_0040dc21: mov eax, dword [esp] cmp eax, 2 jl short loc_0040dc47 ; jl 0x40dc47 jne short loc_0040dc3a ; jne 0x40dc3a push 0 push ref_004823fa ; push 0x4823fa call fcn_004542ce ; call 0x4542ce add esp, 8 loc_0040dc3a: call fcn_00450f04 ; call 0x450f04 mov dword [esp + 4], eax xor edi, edi jmp short loc_0040dc4f ; jmp 0x40dc4f loc_0040dc47: mov dword [esp + 4], 1 loc_0040dc4f: lea eax, [esi - 1] cmp eax, dword [esp] jle short loc_0040dc64 ; jle 0x40dc64 imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 inc byte [eax + ref_00498ea3] ; inc byte [eax + 0x498ea3] loc_0040dc64: imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov al, byte [eax + ref_00498ea3] ; mov al, byte [eax + 0x498ea3] and eax, 0xff dec esi cmp eax, esi jne near loc_0040d88e ; jne 0x40d88e cmp dword [esp + 4], 0 jne near loc_0040d88e ; jne 0x40d88e mov ebx, dword [ref_0048bb01] ; mov ebx, dword [0x48bb01] push ebx call clib_free ; call 0x456e11 add esp, 4 mov esi, dword [_current_player] ; mov esi, dword [0x49910c] imul eax, esi, 0x68 mov dl, byte [eax + (_players+27)] ; mov dl, byte [eax + 0x496b83] mov byte [eax + (_players+16)], dl ; mov byte [eax + 0x496b78], dl imul eax, esi, 0x34 xor dl, dl mov byte [eax + ref_00498ea2], dl ; mov byte [eax + 0x498ea2], dl mov byte [eax + ref_00498ea3], dl ; mov byte [eax + 0x498ea3], dl jmp near loc_0040d896 ; jmp 0x40d896 loc_0040dcc4: mov eax, ebp shl eax, 4 xor edx, edx mov dx, word [eax + ref_00498dea] ; mov dx, word [eax + 0x498dea] push edx mov ax, word [eax + ref_00498de8] ; mov ax, word [eax + 0x498de8] jmp near loc_0040d8c8 ; jmp 0x40d8c8 loc_0040dcdf: mov esi, dword [ref_0048be20] ; mov esi, dword [0x48be20] push esi mov edi, dword [ref_0048be1c] ; mov edi, dword [0x48be1c] push edi loc_0040dced: call fcn_0040829d ; call 0x40829d add esp, 8 or byte [ref_00475110], 2 ; or byte [0x475110], 2 call fcn_004192f7 ; call 0x4192f7 cmp byte [ref_004749e0], 6 ; cmp byte [0x4749e0], 6 jne short loc_0040dd17 ; jne 0x40dd17 imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 inc byte [eax + ref_00498ea3] ; inc byte [eax + 0x498ea3] loc_0040dd17: add esp, 8 pop ebp pop edi pop esi pop ebx ret fcn_0040dd1f: push ebx push esi push edi mov edx, dword [_current_player] ; mov edx, dword [0x49910c] imul eax, edx, 0x34 cmp edx, 4 jge near loc_0040de09 ; jge 0x40de09 imul edx, edx, 0x68 test byte [edx + (_players+21)], 0x30 ; test byte [edx + 0x496b7d], 0x30 je short loc_0040dd53 ; je 0x40dd53 loc_0040dd40: mov dword [ref_0048baf8], 1 ; mov dword [0x48baf8], 1 mov byte [eax + ref_00498ea2], 1 ; mov byte [eax + 0x498ea2], 1 jmp short loc_0040dd8e ; jmp 0x40dd8e loc_0040dd53: call fcn_0044808a ; call 0x44808a mov edi, dword [_current_player] ; mov edi, dword [0x49910c] imul edx, edi, 0x68 imul eax, edi, 0x34 cmp byte [edx + (_players+56)], 0 ; cmp byte [edx + 0x496ba0], 0 je short loc_0040dd7e ; je 0x40dd7e xor dh, dh mov byte [eax + ref_00498ea2], dh ; mov byte [eax + 0x498ea2], dh mov byte [eax + ref_00498ea5], 2 ; mov byte [eax + 0x498ea5], 2 jmp short loc_0040dd8e ; jmp 0x40dd8e loc_0040dd7e: cmp byte [edx + (_players+57)], 0 ; cmp byte [edx + 0x496ba1], 0 jne short loc_0040dd40 ; jne 0x40dd40 mov byte [eax + ref_00498ea2], 2 ; mov byte [eax + 0x498ea2], 2 loc_0040dd8e: mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] imul eax, ebx, 0x34 cmp byte [eax + ref_00498ea2], 1 ; cmp byte [eax + 0x498ea2], 1 jne near loc_0040dee4 ; jne 0x40dee4 cmp byte [eax + ref_00498ea1], 0 ; cmp byte [eax + 0x498ea1], 0 je short loc_0040ddb9 ; je 0x40ddb9 mov dword [ref_004749d4], 0xf ; mov dword [0x4749d4], 0xf jmp short loc_0040ddd1 ; jmp 0x40ddd1 loc_0040ddb9: imul eax, ebx, 0x68 mov al, byte [eax + (_players+17)] ; mov al, byte [eax + 0x496b79] and al, 3 and eax, 0xff add eax, 0xb mov dword [ref_004749d4], eax ; mov dword [0x4749d4], eax loc_0040ddd1: push 1 mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542ce ; call 0x4542ce add esp, 8 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+64)], 0 ; cmp byte [eax + 0x496ba8], 0 je near loc_0040dee4 ; je 0x40dee4 push 1 push ref_00482362 ; push 0x482362 jmp near loc_0040dedc ; jmp 0x40dedc loc_0040de09: cmp edx, 8 jge near loc_0040deb9 ; jge 0x40deb9 mov eax, edx shl eax, 4 imul edx, edx, 0x34 cmp byte [eax + ref_00498df6], 0 ; cmp byte [eax + 0x498df6], 0 je short loc_0040de34 ; je 0x40de34 xor al, al mov byte [edx + ref_00498ea2], al ; mov byte [edx + 0x498ea2], al mov byte [edx + ref_00498ea5], 0x82 ; mov byte [edx + 0x498ea5], 0x82 jmp short loc_0040de78 ; jmp 0x40de78 loc_0040de34: cmp byte [eax + ref_00498df7], 0 ; cmp byte [eax + 0x498df7], 0 je short loc_0040de50 ; je 0x40de50 mov dword [ref_0048baf8], 1 ; mov dword [0x48baf8], 1 mov byte [edx + ref_00498ea2], 1 ; mov byte [edx + 0x498ea2], 1 jmp short loc_0040de78 ; jmp 0x40de78 loc_0040de50: call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 9 sar edx, 0x1f idiv ecx add edx, 2 mov dword [ref_0048baf8], edx ; mov dword [0x48baf8], edx imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov byte [eax + ref_00498ea2], 1 ; mov byte [eax + 0x498ea2], 1 loc_0040de78: imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 cmp byte [eax + ref_00498ea2], 0 ; cmp byte [eax + 0x498ea2], 0 je short loc_0040dee4 ; je 0x40dee4 cmp byte [eax + ref_00498ea1], 0 ; cmp byte [eax + 0x498ea1], 0 je short loc_0040de9d ; je 0x40de9d mov dword [ref_004749d4], 0xf ; mov dword [0x4749d4], 0xf jmp short loc_0040dea7 ; jmp 0x40dea7 loc_0040de9d: mov dword [ref_004749d4], 0xb ; mov dword [0x4749d4], 0xb loc_0040dea7: push 1 mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax jmp short loc_0040dedc ; jmp 0x40dedc loc_0040deb9: mov esi, 9 mov dword [ref_0048baf8], esi ; mov dword [0x48baf8], esi mov byte [eax + ref_00498ea2], 1 ; mov byte [eax + 0x498ea2], 1 mov dword [ref_004749d4], esi ; mov dword [0x4749d4], esi push 1 mov eax, ref_0048234a ; mov eax, 0x48234a add eax, 0x48 push eax loc_0040dedc: call fcn_004542ce ; call 0x4542ce add esp, 8 loc_0040dee4: imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 xor dh, dh mov byte [eax + ref_00498ea3], dh ; mov byte [eax + 0x498ea3], dh mov byte [ref_0046cafb], 1 ; mov byte [0x46cafb], 1 pop edi pop esi pop ebx ret fcn_0040defe: mov edx, dword [_current_player] ; mov edx, dword [0x49910c] cmp edx, 4 jge short loc_0040df41 ; jge 0x40df41 imul eax, edx, 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_0040df30 ; jne 0x40df30 cmp dword [eax + (_players+50)], 0 ; cmp dword [eax + 0x496b9a], 0 jne short loc_0040df30 ; jne 0x40df30 cmp byte [eax + (_players+55)], 0 ; cmp byte [eax + 0x496b9f], 0 jne short loc_0040df30 ; jne 0x40df30 cmp byte [eax + (_players+54)], 0 ; cmp byte [eax + 0x496b9e], 0 je short loc_0040df41 ; je 0x40df41 loc_0040df30: imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 or byte [eax + ref_00498ea0], 0x80 ; or byte [eax + 0x498ea0], 0x80 loc_0040df3e: xor eax, eax ret loc_0040df41: imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 cmp byte [eax + ref_00498ea2], 0 ; cmp byte [eax + 0x498ea2], 0 jne short loc_0040df3e ; jne 0x40df3e cmp byte [ref_0046caf8], 0 ; cmp byte [0x46caf8], 0 jne short loc_0040df3e ; jne 0x40df3e cmp byte [ref_0046caf9], 0 ; cmp byte [0x46caf9], 0 jne short loc_0040df3e ; jne 0x40df3e mov eax, 1 ret fcn_0040df69: push ebx push edi mov edx, dword [esp + 0xc] mov ebx, dword [esp + 0x10] cmp edx, ebx je short loc_0040dfd7 ; je 0x40dfd7 cmp dword [esp + 0x14], 0 jge short loc_0040df8d ; jge 0x40df8d imul eax, edx, 0x68 mov ecx, ebx cmp dword [eax + ecx*4 + (_players+76)], 0 ; cmp dword [eax + ecx*4 + 0x496bb4], 0 je short loc_0040dfd7 ; je 0x40dfd7 loc_0040df8d: imul eax, edx, 0x68 mov ecx, ebx shl ecx, 2 add eax, ecx mov ecx, dword [esp + 0x14] mov edi, dword [eax + (_players+76)] ; mov edi, dword [eax + 0x496bb4] add edi, ecx mov dword [eax + (_players+76)], edi ; mov dword [eax + 0x496bb4], edi test edi, edi jge short loc_0040dfb5 ; jge 0x40dfb5 xor ecx, ecx mov dword [eax + (_players+76)], ecx ; mov dword [eax + 0x496bb4], ecx loc_0040dfb5: cmp dword [esp + 0x14], 0 jle short loc_0040dfd7 ; jle 0x40dfd7 imul eax, edx, 0x68 xor ecx, ecx mov cl, byte [eax + (_players+65)] ; mov cl, byte [eax + 0x496ba9] lea eax, [ebx + 1] cmp ecx, eax jne short loc_0040dfd7 ; jne 0x40dfd7 push edx call fcn_0040cc1a ; call 0x40cc1a add esp, 4 loc_0040dfd7: pop edi pop ebx loc_0040dfd9: ret fcn_0040dfda: xor eax, eax xor ecx, ecx loc_0040dfde: cmp eax, dword [_nplayers] ; cmp eax, dword [0x499114] jge near loc_0040d2d0 ; jge 0x40d2d0 imul edx, eax, 0x68 test byte [edx + (_players+21)], 1 ; test byte [edx + 0x496b7d], 1 je short loc_0040dff7 ; je 0x40dff7 inc ecx loc_0040dff7: inc eax jmp short loc_0040dfde ; jmp 0x40dfde fcn_0040dffa: xor edx, edx loc_0040dffc: cmp edx, dword [_nplayers] ; cmp edx, dword [0x499114] jge short loc_0040dfd9 ; jge 0x40dfd9 imul eax, edx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_0040e020 ; je 0x40e020 cmp byte [eax + (_players+50)], 0 ; cmp byte [eax + 0x496b9a], 0 je short loc_0040e020 ; je 0x40e020 mov byte [eax + (_players+50)], 0x80 ; mov byte [eax + 0x496b9a], 0x80 loc_0040e020: inc edx jmp short loc_0040dffc ; jmp 0x40dffc ref_0040e023: ; may contain a jump table dd fcn_0040e04d dd fcn_0040e059 dd fcn_0040e065 dd fcn_0040e071 fcn_0040e033: push ebx push esi push edi mov edi, dword [esp + 0x10] mov esi, dword [esp + 0x14] lea eax, [edi - 0xf] cmp eax, 3 ja short loc_0040e07d ; ja 0x40e07d jmp dword [eax*4 + ref_0040e023] ; ujmp: jmp dword [eax*4 + 0x40e023] fcn_0040e04d: mov ebx, 0xe mov ecx, 0x10 jmp short loc_0040e082 ; jmp 0x40e082 fcn_0040e059: mov ebx, 0x10 mov ecx, 0x1a jmp short loc_0040e082 ; jmp 0x40e082 fcn_0040e065: mov ebx, 0x1a mov ecx, 0x24 jmp short loc_0040e082 ; jmp 0x40e082 fcn_0040e071: mov ebx, 0x24 mov ecx, 0x2e jmp short loc_0040e082 ; jmp 0x40e082 loc_0040e07d: lea ebx, [edi - 1] mov ecx, edi loc_0040e082: cmp ebx, ecx jge near loc_0040e13f ; jge 0x40e13f mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 3 lea edx, [ebx + 1] cmp word [eax + ref_00496d0a], 0 ; cmp word [eax + 0x496d0a], 0 jne near loc_0040e146 ; jne 0x40e146 mov word [eax + ref_00496d0a], si ; mov word [eax + 0x496d0a], si mov cl, byte [esp + 0x18] mov byte [eax + ref_00496d0c], cl ; mov byte [eax + 0x496d0c], cl mov cl, byte [esp + 0x1c] mov byte [eax + ref_00496d0d], cl ; mov byte [eax + 0x496d0d], cl mov ecx, dword [esp + 0x1c] test ecx, ecx je short loc_0040e0dc ; je 0x40e0dc cmp edi, 0xf jne short loc_0040e0dc ; jne 0x40e0dc push edx push 0 lea eax, [ecx - 1] push eax call fcn_0040ead7 ; call 0x40ead7 add esp, 0xc loc_0040e0dc: test esi, esi je short loc_0040e13f ; je 0x40e13f xor edx, edx jmp short loc_0040e0ea ; jmp 0x40e0ea loc_0040e0e4: inc edx cmp edx, 4 jge short loc_0040e10a ; jge 0x40e10a loc_0040e0ea: mov eax, esi shl eax, 2 lea ecx, [esi + eax] shl ecx, 3 mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] add eax, ecx mov ecx, edx mov ax, word [eax + ecx*2 + 0x18] and eax, 0xffff je short loc_0040e0e4 ; je 0x40e0e4 loc_0040e10a: push esi push eax call fcn_00407a8c ; call 0x407a8c mov edx, eax add esp, 8 mov eax, ebx shl eax, 2 sub eax, ebx mov byte [eax*8 + ref_00496d09], dl ; mov byte [eax*8 + 0x496d09], dl mov eax, esi shl eax, 2 add eax, esi shl eax, 3 mov edx, dword [ref_00498e80] ; mov edx, dword [0x498e80] add eax, edx lea edx, [ebx + 1] shl edx, 0x10 or dword [eax + 0x24], edx loc_0040e13f: lea eax, [ebx + 1] pop edi pop esi pop ebx ret loc_0040e146: mov ebx, edx jmp near loc_0040e082 ; jmp 0x40e082 fcn_0040e14d: push ebx push esi mov edx, dword [esp + 0xc] test edx, edx je near loc_0040e29f ; je 0x40e29f dec edx mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov cl, byte [eax + ref_00496d08] ; mov cl, byte [eax + 0x496d08] cmp cl, 0x11 jb short loc_0040e17a ; jb 0x40e17a jbe short loc_0040e18a ; jbe 0x40e18a cmp cl, 0x12 je short loc_0040e195 ; je 0x40e195 jmp short loc_0040e1ba ; jmp 0x40e1ba loc_0040e17a: cmp cl, 0x10 jne short loc_0040e1ba ; jne 0x40e1ba inc byte [ref_00497321] ; inc byte [0x497321] jmp near loc_0040e21a ; jmp 0x40e21a loc_0040e18a: inc byte [ref_00497322] ; inc byte [0x497322] jmp near loc_0040e21a ; jmp 0x40e21a loc_0040e195: inc byte [ref_00497323] ; inc byte [0x497323] mov bh, byte [eax + ref_00496d0d] ; mov bh, byte [eax + 0x496d0d] test bh, bh je short loc_0040e21a ; je 0x40e21a mov al, bh and eax, 0xff dec eax imul eax, eax, 0x68 xor cl, cl mov byte [eax + (_players+64)], cl ; mov byte [eax + 0x496ba8], cl jmp short loc_0040e21a ; jmp 0x40e21a loc_0040e1ba: mov ecx, edx shl ecx, 2 sub ecx, edx shl ecx, 3 cmp byte [ecx + ref_00496d0d], 0 ; cmp byte [ecx + 0x496d0d], 0 je short loc_0040e21a ; je 0x40e21a xor eax, eax mov al, byte [ecx + ref_00496d0d] ; mov al, byte [ecx + 0x496d0d] dec eax imul eax, eax, 0x68 xor bl, bl mov byte [eax + (_players+63)], bl ; mov byte [eax + 0x496ba7], bl mov cl, byte [ecx + ref_00496d08] ; mov cl, byte [ecx + 0x496d08] and ecx, 0xff mov bx, word [ecx*2 + ref_004749e2] ; mov bx, word [ecx*2 + 0x4749e2] sub word [eax + (_players+68)], bx ; sub word [eax + 0x496bac], bx mov bx, word [ecx*2 + ref_00474a06] ; mov bx, word [ecx*2 + 0x474a06] sub word [eax + (_players+70)], bx ; sub word [eax + 0x496bae], bx mov bx, word [ecx*2 + ref_00474a2a] ; mov bx, word [ecx*2 + 0x474a2a] sub word [eax + (_players+72)], bx ; sub word [eax + 0x496bb0], bx loc_0040e21a: mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 cmp byte [eax + ref_00496d0d], 0 ; cmp byte [eax + 0x496d0d], 0 jne short loc_0040e248 ; jne 0x40e248 xor ecx, ecx mov cx, word [eax + ref_00496d0a] ; mov cx, word [eax + 0x496d0a] mov eax, ecx shl eax, 2 add eax, ecx mov ecx, dword [ref_00498e80] ; mov ecx, dword [0x498e80] mov byte [ecx + eax*8 + 0x26], 0 loc_0040e248: mov ecx, edx mov eax, edx shl eax, 2 sub eax, edx xor ecx, edx mov cx, word [eax*8 + ref_00496d0a] ; mov cx, word [eax*8 + 0x496d0a] xor esi, esi mov word [eax*8 + ref_00496d0a], si ; mov word [eax*8 + 0x496d0a], si xor bl, bl mov byte [eax*8 + ref_00496d0c], bl ; mov byte [eax*8 + 0x496d0c], bl mov byte [eax*8 + ref_00496d0d], bl ; mov byte [eax*8 + 0x496d0d], bl cmp edx, 0xc jge short loc_0040e29f ; jge 0x40e29f test dl, 1 je short loc_0040e284 ; je 0x40e284 lea ebx, [edx - 1] jmp short loc_0040e287 ; jmp 0x40e287 loc_0040e284: lea ebx, [edx + 1] loc_0040e287: push 0 push 0 push ecx call fcn_0040aa6c ; call 0x40aa6c add esp, 4 push eax inc ebx push ebx call fcn_0040e033 ; call 0x40e033 add esp, 0x10 loc_0040e29f: pop esi pop ebx ret fcn_0040e2a2: mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a078] ; mov eax, dword [0x48a078] sar eax, 1 mov word [ref_0046caec], ax ; mov word [0x46caec], ax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax push 0 push 6 push 0x101010 push 0xffffff push 0x1c call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 7 push 0x1cc push 0xdc mov edx, dword [esp + 0x10] push edx push ref_0046caec ; push 0x46caec call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov word [ref_0046caec], 0x280 ; mov word [0x46caec], 0x280 push 0x960 call fcn_004528b9 ; call 0x4528b9 add esp, 4 ret fcn_0040e32c: push ebx push esi push edi push ebp sub esp, 0x30 imul ebx, dword [esp + 0x44], 0x68 xor eax, eax mov al, byte [ebx + (_players+63)] ; mov al, byte [ebx + 0x496ba7] dec eax mov dword [esp + 0x2c], eax mov edi, eax shl edi, 2 sub edi, eax shl edi, 3 movzx ebp, byte [edi + ref_00496d08] ; movzx ebp, byte [edi + 0x496d08] cmp dword [ebx + (_players+50)], 0 ; cmp dword [ebx + 0x496b9a], 0 je short loc_0040e36e ; je 0x40e36e inc eax push eax call fcn_0040e14d ; call 0x40e14d add esp, 4 jmp near loc_0040e661 ; jmp 0x40e661 loc_0040e36e: push 4 xor eax, eax mov ax, word [ebx + (_players+10)] ; mov ax, word [ebx + 0x496b72] push eax xor eax, eax mov ax, word [ebx + (_players+8)] ; mov ax, word [ebx + 0x496b70] push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov esi, dword [ebp*4 + ref_0049692c] ; mov esi, dword [ebp*4 + 0x49692c] mov eax, dword [esp + 0x2c] shl eax, 8 lea edx, [eax + 0x8100] lea eax, [esp + 0x24] push eax lea eax, [esp + 0x2c] push eax lea eax, [esp + 0x28] push eax push edx call fcn_0040b066 ; call 0x40b066 add esp, 0x10 xor edx, edx mov word [edi + ref_00496d0a], dx ; mov word [edi + 0x496d0a], dx push 0 push 0xffffffffffffffff call fcn_0040829d ; call 0x40829d add esp, 8 mov ax, word [ebx + (_players+12)] ; mov ax, word [ebx + 0x496b74] mov word [edi + ref_00496d0a], ax ; mov word [edi + 0x496d0a], ax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax push 0x1b8 push 0x1b8 push 0x28 push 0 push 0 push ref_0046caec ; push 0x46caec call fcn_00451a97 ; call 0x451a97 add esp, 0x18 mov edi, eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov edx, dword [esp + 0x24] mov eax, edx shl eax, 2 sub eax, edx movsx edx, word [esi + eax*4 + 0x10] mov ecx, dword [esp + 0x20] sub ecx, edx mov dword [esp], ecx movsx edx, word [esi + eax*4 + 0x12] mov ecx, dword [esp + 0x28] sub ecx, edx mov dword [esp + 4], ecx movsx edx, word [esi + eax*4 + 0xc] mov ecx, dword [esp] add ecx, edx mov dword [esp + 8], ecx movsx eax, word [esi + eax*4 + 0xe] mov edx, dword [esp + 4] add edx, eax mov dword [esp + 0xc], edx push 0 push ref_004823e2 ; push 0x4823e2 call fcn_004542ce ; call 0x4542ce add esp, 8 xor ebx, ebx jmp near loc_0040e539 ; jmp 0x40e539 loc_0040e485: lea eax, [esp + 0x10] push eax lea eax, [esp + 4] push eax lea eax, [esp + 0x18] push eax call fcn_00452808 ; call 0x452808 add esp, 0xc mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0x14] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ecx, dword [esp + 0x20] push ecx mov ecx, dword [esp + 0x20] push ecx push eax call dword [edx + 0x1c] ; ucall mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [esp + 0x1c] mov edx, dword [esp + 0x14] sub eax, edx push eax mov eax, dword [esp + 0x1c] mov ecx, dword [esp + 0x14] sub eax, ecx push eax lea eax, [edx - 0x28] push eax push ecx push edx push ecx push edi mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0x10 lea eax, [esp + 0x14] push eax lea eax, [esp + 8] push eax call _memcpy ; call 0x456de8 add esp, 0xc push 0x3c call fcn_0045285e ; call 0x45285e add esp, 4 inc ebx cmp ebx, 0x18 jge near loc_0040e5f5 ; jge 0x40e5f5 loc_0040e539: sub dword [esp + 0x28], 0xa mov edx, dword [esp + 0x24] inc edx mov dword [esp + 0x24], edx mov ecx, edx and ecx, 7 mov dword [esp + 0x24], ecx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [esp + 0x28] push eax mov edx, dword [esp + 0x24] push edx mov ecx, dword [esp + 0x2c] push ecx push esi mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456770 ; call 0x456770 add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov edx, dword [esp + 0x24] mov eax, edx shl eax, 2 sub eax, edx movsx edx, word [esi + eax*4 + 0x10] mov ecx, dword [esp + 0x20] sub ecx, edx mov dword [esp + 0x10], ecx movsx edx, word [esi + eax*4 + 0x12] mov ecx, dword [esp + 0x28] sub ecx, edx mov dword [esp + 0x14], ecx movsx edx, word [esi + eax*4 + 0xc] mov ecx, dword [esp + 0x10] add ecx, edx mov dword [esp + 0x18], ecx movsx eax, word [esi + eax*4 + 0xe] mov edx, dword [esp + 0x14] add edx, eax mov dword [esp + 0x1c], edx cmp dword [esp + 0x14], 0x28 jge short loc_0040e5ea ; jge 0x40e5ea mov dword [esp + 0x14], 0x28 loc_0040e5ea: cmp dword [esp + 0x1c], 0x28 jge near loc_0040e485 ; jge 0x40e485 loc_0040e5f5: push edi call clib_free ; call 0x456e11 add esp, 4 mov eax, dword [esp + 0x2c] inc eax push eax call fcn_0040e14d ; call 0x40e14d add esp, 4 push 0 push 0xffffffffffffffff call fcn_0040829d ; call 0x40829d add esp, 8 cmp ebp, 5 je short loc_0040e631 ; je 0x40e631 cmp ebp, 6 je short loc_0040e631 ; je 0x40e631 cmp ebp, 7 je short loc_0040e631 ; je 0x40e631 cmp ebp, 8 je short loc_0040e631 ; je 0x40e631 cmp ebp, 0xf jne short loc_0040e661 ; jne 0x40e661 loc_0040e631: imul eax, dword [esp + 0x44], 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov ecx, dword [edx + eax*8 + ref_004808a6] ; mov ecx, dword [edx + eax*8 + 0x4808a6] push ecx push 2 mov ebx, dword [esp + 0x4c] push ebx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_0040e661: add esp, 0x30 pop ebp pop edi pop esi pop ebx ret fcn_0040e669: push ebx push esi push edi push ebp sub esp, 0x68 mov edx, dword [esp + 0x7c] test edx, edx je short loc_0040e6b9 ; je 0x40e6b9 dec edx mov eax, edx shl eax, 2 sub eax, edx xor ecx, ecx mov cl, byte [eax*8 + ref_00496d09] ; mov cl, byte [eax*8 + 0x496d09] mov ebp, 8 sub ebp, dword [ref_00499088] ; sub ebp, dword [0x499088] add ebp, ecx and ebp, 7 movzx edi, byte [eax*8 + ref_00496d08] ; movzx edi, byte [eax*8 + 0x496d08] mov edi, dword [edi*4 + ref_0049692c] ; mov edi, dword [edi*4 + 0x49692c] mov eax, ebp shl eax, 2 sub eax, ebp shl eax, 2 lea ebx, [edi + 0xc] add ebx, eax jmp short loc_0040e6c4 ; jmp 0x40e6c4 loc_0040e6b9: xor ebp, ebp mov edi, dword [ref_0049697c] ; mov edi, dword [0x49697c] lea ebx, [edi + 0xc] loc_0040e6c4: lea eax, [esp + 0x34] push eax lea eax, [esp + 0x34] push eax mov esi, dword [esp + 0x8c] push esi mov eax, dword [esp + 0x8c] push eax call fcn_00409a23 ; call 0x409a23 add esp, 0x10 lea eax, [esp + 0x3c] push eax lea eax, [esp + 0x3c] push eax mov edx, dword [esp + 0x94] push edx mov ecx, dword [esp + 0x94] push ecx call fcn_00409a23 ; call 0x409a23 add esp, 0x10 mov edx, dword [esp + 0x38] sub edx, dword [esp + 0x30] mov ecx, dword [esp + 0x3c] sub ecx, dword [esp + 0x34] test edx, edx jne short loc_0040e724 ; jne 0x40e724 test ecx, ecx je near loc_0040ea5a ; je 0x40ea5a loc_0040e724: mov eax, edx imul eax, edx mov dword [esp + 0x40], eax mov eax, ecx imul eax, ecx mov esi, dword [esp + 0x40] add eax, esi mov dword [esp + 0x64], eax fild dword [esp + 0x64] call fcn_004582bc ; call 0x4582bc fmul dword [ref_0046324c] ; fmul dword [0x46324c] fld1 faddp st1 ; faddp st(1) call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x60] mov dword [esp + 0x64], edx fild dword [esp + 0x64] mov eax, dword [esp + 0x60] mov dword [esp + 0x64], eax fild dword [esp + 0x64] fstp dword [esp + 0x40] fdiv dword [esp + 0x40] fstp dword [esp + 0x48] mov dword [esp + 0x64], ecx fild dword [esp + 0x64] fdiv dword [esp + 0x40] fstp dword [esp + 0x44] mov eax, dword [esp + 0x30] mov dword [esp + 0x64], eax fild dword [esp + 0x64] fadd dword [esp + 0x48] fstp dword [esp + 0x58] mov eax, dword [esp + 0x34] mov dword [esp + 0x64], eax fild dword [esp + 0x64] fadd dword [esp + 0x44] fstp dword [esp + 0x5c] mov dword [esp], 0xfffffc18 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax push 0x1b8 push 0x1b8 push 0x28 push 0 push 0 push ref_0046caec ; push 0x46caec call fcn_00451a97 ; call 0x451a97 add esp, 0x18 mov dword [esp + 0x4c], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall loc_0040e808: cmp dword [esp + 0x60], 0 je near loc_0040e9bd ; je 0x40e9bd call dword [cs:__imp__timeGetTime@0] ; ucall: call dword cs:[0x46246c] mov esi, eax fld dword [esp + 0x58] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x54] fld dword [esp + 0x5c] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x50] mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov edx, dword [esp] cmp edx, 0xfffffc18 je short loc_0040e883 ; je 0x40e883 mov eax, dword [esp + 0xc] mov ecx, dword [esp + 4] sub eax, ecx push eax mov eax, dword [esp + 0xc] sub eax, edx push eax lea eax, [ecx - 0x28] push eax push edx push ecx push edx mov ecx, dword [esp + 0x64] push ecx mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456469 ; call 0x456469 add esp, 0x20 loc_0040e883: mov edx, dword [esp + 0x50] push edx mov ecx, dword [esp + 0x58] push ecx push ebp push edi mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456770 ; call 0x456770 add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall movsx eax, word [ebx + 4] mov edx, dword [esp + 0x54] sub edx, eax mov dword [esp + 0x20], edx movsx eax, word [ebx + 6] mov edx, dword [esp + 0x50] sub edx, eax mov dword [esp + 0x24], edx movsx eax, word [ebx] mov edx, dword [esp + 0x20] add edx, eax mov dword [esp + 0x28], edx movsx eax, word [ebx + 2] mov edx, dword [esp + 0x24] add edx, eax mov dword [esp + 0x2c], edx cmp dword [esp], 0xfffffc18 je short loc_0040e903 ; je 0x40e903 lea eax, [esp + 0x10] push eax lea eax, [esp + 4] push eax lea eax, [esp + 0x28] push eax call fcn_00452808 ; call 0x452808 jmp short loc_0040e914 ; jmp 0x40e914 loc_0040e903: push 0x10 lea eax, [esp + 0x24] push eax lea eax, [esp + 0x18] push eax call _memcpy ; call 0x456de8 loc_0040e914: add esp, 0xc cmp dword [esp + 0x18], 0 jle short loc_0040e96a ; jle 0x40e96a cmp dword [esp + 0x14], 0x1e0 jge short loc_0040e96a ; jge 0x40e96a cmp dword [esp + 0x10], 0 jge short loc_0040e935 ; jge 0x40e935 xor ecx, ecx mov dword [esp + 0x10], ecx loc_0040e935: cmp dword [esp + 0x1c], 0x1e0 jle short loc_0040e947 ; jle 0x40e947 mov dword [esp + 0x1c], 0x1e0 loc_0040e947: mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0x14] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ecx, dword [esp + 0x20] push ecx mov ecx, dword [esp + 0x20] push ecx push eax call dword [edx + 0x1c] ; ucall loc_0040e96a: push 0x10 lea eax, [esp + 0x24] push eax lea eax, [esp + 8] push eax call _memcpy ; call 0x456de8 add esp, 0xc call dword [cs:__imp__timeGetTime@0] ; ucall: call dword cs:[0x46246c] sub eax, esi cmp eax, 0x18 jae short loc_0040e99c ; jae 0x40e99c mov edx, 0x18 sub edx, eax push edx call fcn_0045285e ; call 0x45285e add esp, 4 loc_0040e99c: fld dword [esp + 0x58] fadd dword [esp + 0x48] fstp dword [esp + 0x58] fld dword [esp + 0x5c] fadd dword [esp + 0x44] fstp dword [esp + 0x5c] dec dword [esp + 0x60] jmp near loc_0040e808 ; jmp 0x40e808 loc_0040e9bd: mov ecx, dword [esp + 0x90] push ecx call fcn_0045285e ; call 0x45285e add esp, 4 mov ebx, dword [esp + 0x7c] test ebx, ebx jne short loc_0040ea4d ; jne 0x40ea4d mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push ebx push 1 push ref_0048a068 ; push 0x48a068 push ebx push eax call dword [edx + 0x64] ; ucall mov eax, dword [esp + 0xc] mov esi, dword [esp + 4] sub eax, esi push eax mov eax, dword [esp + 0xc] mov edi, dword [esp + 4] sub eax, edi push eax lea eax, [esi - 0x28] push eax push edi push esi push edi mov ecx, dword [esp + 0x64] push ecx mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_00456469 ; call 0x456469 add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] push esi mov edi, dword [esp + 0x10] push edi mov ebp, dword [esp + 0x10] push ebp push eax call dword [edx + 0x1c] ; ucall loc_0040ea4d: mov eax, dword [esp + 0x4c] push eax call clib_free ; call 0x456e11 add esp, 4 loc_0040ea5a: add esp, 0x68 pop ebp pop edi pop esi pop ebx ret fcn_0040ea62: xor edx, edx mov ecx, dword [esp + 4] test ecx, ecx jne short loc_0040ea6f ; jne 0x40ea6f xor eax, eax ret loc_0040ea6f: dec ecx mov eax, ecx shl eax, 2 sub eax, ecx mov al, byte [eax*8 + ref_00496d08] ; mov al, byte [eax*8 + 0x496d08] and eax, 0xff cmp eax, 0xc jg short loc_0040ea8d ; jg 0x40ea8d cmp eax, 0xb jne short loc_0040ea92 ; jne 0x40ea92 loc_0040ea8d: cmp eax, 0xf jne short loc_0040ea97 ; jne 0x40ea97 loc_0040ea92: mov edx, 1 loc_0040ea97: mov eax, edx ret endloc_0040ea9a: db 0x90 ref_0040ea9b: ; may contain a jump table dd fcn_0040ec14 dd fcn_0040ecf1 dd fcn_0040ed8f dd fcn_0040ee50 dd fcn_0040ef1b dd fcn_0040efe4 dd fcn_0040f083 dd fcn_0040f155 dd fcn_0040f205 dd fcn_0040f258 dd fcn_0040ece6 dd fcn_0040f2a0 dd fcn_0040ece6 dd fcn_0040ece6 dd fcn_0040f2eb fcn_0040ead7: push ebx push esi push edi push ebp sub esp, 0x80 mov edx, dword [esp + 0x9c] test edx, edx je near fcn_0040ece6 ; je 0x40ece6 push edx call fcn_0040ea62 ; call 0x40ea62 add esp, 4 test eax, eax je near fcn_0040ece6 ; je 0x40ece6 mov ebx, dword [esp + 0x9c] dec ebx mov dword [esp + 0x9c], ebx mov edx, ebx mov eax, ebx shl eax, 2 sub eax, ebx movzx esi, byte [eax*8 + ref_00496d08] ; movzx esi, byte [eax*8 + 0x496d08] xor edx, ebx mov word [eax*8 + ref_00496d0a], dx ; mov word [eax*8 + 0x496d0a], dx mov edi, dword [esp + 0x94] imul eax, edi, 0x68 cmp byte [eax + (_players+63)], 0 ; cmp byte [eax + 0x496ba7], 0 je short loc_0040eb47 ; je 0x40eb47 push edi call fcn_0040e32c ; call 0x40e32c add esp, 4 loc_0040eb47: push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov al, byte [esp + 0x9c] inc al imul ebx, dword [esp + 0x94], 0x68 mov byte [ebx + (_players+63)], al ; mov byte [ebx + 0x496ba7], al mov edx, dword [esp + 0x9c] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov dx, word [ebx + (_players+12)] ; mov dx, word [ebx + 0x496b74] mov word [eax + ref_00496d0a], dx ; mov word [eax + 0x496d0a], dx mov dl, byte [esp + 0x94] inc dl mov byte [eax + ref_00496d0d], dl ; mov byte [eax + 0x496d0d], dl cmp esi, 0xf jne short loc_0040eba8 ; jne 0x40eba8 mov byte [eax + ref_00496d0c], 0xd ; mov byte [eax + 0x496d0c], 0xd jmp short loc_0040ebaf ; jmp 0x40ebaf loc_0040eba8: mov byte [eax + ref_00496d0c], 7 ; mov byte [eax + 0x496d0c], 7 loc_0040ebaf: mov ecx, dword [esp + 0x98] test ecx, ecx je short loc_0040ebcc ; je 0x40ebcc mov eax, ecx shl eax, 2 add eax, ecx mov edx, dword [ref_00498e80] ; mov edx, dword [0x498e80] mov byte [edx + eax*8 + 0x26], 0 loc_0040ebcc: imul eax, dword [esp + 0x94], 0x68 mov dx, word [esi*2 + ref_004749e2] ; mov dx, word [esi*2 + 0x4749e2] add word [eax + (_players+68)], dx ; add word [eax + 0x496bac], dx mov dx, word [esi*2 + ref_00474a06] ; mov dx, word [esi*2 + 0x474a06] add word [eax + (_players+70)], dx ; add word [eax + 0x496bae], dx mov dx, word [esi*2 + ref_00474a2a] ; mov dx, word [esi*2 + 0x474a2a] add word [eax + (_players+72)], dx ; add word [eax + 0x496bb0], dx lea edx, [esi - 1] cmp edx, 0xe ja near fcn_0040ece6 ; ja 0x40ece6 jmp dword [edx*4 + ref_0040ea9b] ; ujmp: jmp dword [edx*4 + 0x40ea9b] fcn_0040ec14: cmp byte [ref_00497159], 0 ; cmp byte [0x497159], 0 je short loc_0040ec5e ; je 0x40ec5e push 0 push 0 push 0x21c mov esi, dword [ref_0048a0e4] ; mov esi, dword [0x48a0e4] push esi call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x66 push 1 push 0x28 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 push ref_00463250 ; push 0x463250 call fcn_0040e2a2 ; call 0x40e2a2 add esp, 4 loc_0040ec5e: push 0 call fcn_00440706 ; call 0x440706 add esp, 4 mov esi, eax xor ebx, ebx mov ebp, dword [esp + 0x94] loc_0040ec73: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_0040eca4 ; jge 0x40eca4 cmp byte [ref_0046caf8], 0 ; cmp byte [0x46caf8], 0 jne short loc_0040eca4 ; jne 0x40eca4 cmp ebx, ebp je short loc_0040eca1 ; je 0x40eca1 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_0040eca1 ; je 0x40eca1 push 1 push esi push ebp push ebx call fcn_0041d2c6 ; call 0x41d2c6 add esp, 0x10 loc_0040eca1: inc ebx jmp short loc_0040ec73 ; jmp 0x40ec73 loc_0040eca4: cmp esi, 0x2bc jle short fcn_0040ece6 ; jle 0x40ece6 cmp byte [ref_0046caf8], 0 ; cmp byte [0x46caf8], 0 jne short fcn_0040ece6 ; jne 0x40ece6 mov ecx, dword [esp + 0x94] imul eax, ecx, 0x68 xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 mov ebx, eax mov esi, dword [ebx + eax*8 + ref_0048086a] ; mov esi, dword [ebx + eax*8 + 0x48086a] push esi push 3 push ecx loc_0040ecde: call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc fcn_0040ece6: add esp, 0x80 pop ebp pop edi pop esi pop ebx ret fcn_0040ecf1: cmp byte [ref_00497159], 0 ; cmp byte [0x497159], 0 je short loc_0040ed3b ; je 0x40ed3b push 0 push 0 push 0x21d mov edx, dword [ref_0048a0e4] ; mov edx, dword [0x48a0e4] push edx call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x67 push 1 push 0x28 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 push ref_00463295 ; push 0x463295 call fcn_0040e2a2 ; call 0x40e2a2 add esp, 4 loc_0040ed3b: push 1 call fcn_00440706 ; call 0x440706 mov esi, eax add esp, 4 push 1 push eax mov ecx, dword [esp + 0x9c] push ecx call fcn_0041d3f4 ; call 0x41d3f4 add esp, 0xc mov ebx, dword [ref_004990e8] ; mov ebx, dword [0x4990e8] mov eax, ebx shl eax, 2 add eax, ebx shl eax, 3 sub eax, ebx shl eax, 4 add eax, ebx shl eax, 3 cmp esi, eax jl near fcn_0040ece6 ; jl 0x40ece6 push esi mov ebx, dword [esp + 0x98] push ebx call fcn_0044f354 ; call 0x44f354 jmp near loc_0040f14d ; jmp 0x40f14d fcn_0040ed8f: cmp byte [ref_00497159], 0 ; cmp byte [0x497159], 0 je short loc_0040ede7 ; je 0x40ede7 push 0 push 0 push 0x21e mov ecx, dword [ref_0048a0e4] ; mov ecx, dword [0x48a0e4] push ecx call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x68 push 1 push 0x28 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 push ref_004632cc ; push 0x4632cc call fcn_0040e2a2 ; call 0x40e2a2 add esp, 4 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc loc_0040ede7: mov ebx, dword [esp + 0x94] push ebx call fcn_00441e12 ; call 0x441e12 add esp, 4 test eax, eax je near fcn_0040ece6 ; je 0x40ece6 mov ebx, eax shl ebx, 3 mov edi, dword [ebx + (_card_table - 8)] ; mov edi, dword [ebx + 0x47fdea] push edi mov ebp, dword [esi*4 + ref_0047ed76] ; mov ebp, dword [esi*4 + 0x47ed76] push ebp push ref_004632fd ; push 0x4632fd lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 xor eax, eax mov al, byte [ebx + (_card_table - 3)] ; mov al, byte [ebx + 0x47fdef] push eax mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax loc_0040ee46: call fcn_0044f230 ; call 0x44f230 jmp near loc_0040f14d ; jmp 0x40f14d fcn_0040ee50: cmp byte [ref_00497159], 0 ; cmp byte [0x497159], 0 je short loc_0040eea8 ; je 0x40eea8 push 0 push 0 push 0x21f mov ebx, dword [ref_0048a0e4] ; mov ebx, dword [0x48a0e4] push ebx call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x69 push 1 push 0x28 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 push ref_0046330e ; push 0x46330e call fcn_0040e2a2 ; call 0x40e2a2 add esp, 4 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc loc_0040eea8: mov esi, dword [esp + 0x94] push esi call fcn_00441e12 ; call 0x441e12 mov ebx, eax add esp, 4 push esi call fcn_00441e12 ; call 0x441e12 add esp, 4 mov esi, eax shl esi, 3 mov ebp, dword [esi + (_card_table - 8)] ; mov ebp, dword [esi + 0x47fdea] push ebp mov eax, dword [ebx*8 + (_card_table - 8)] ; mov eax, dword [ebx*8 + 0x47fdea] push eax push ref_00463353 ; push 0x463353 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 xor edx, edx mov dl, byte [ebx*8 + (_card_table - 3)] ; mov dl, byte [ebx*8 + 0x47fdef] xor eax, eax mov al, byte [esi + (_card_table - 3)] ; mov al, byte [esi + 0x47fdef] add eax, edx push eax mov edx, dword [_current_player] ; mov edx, dword [0x49910c] push edx jmp near loc_0040ee46 ; jmp 0x40ee46 fcn_0040ef1b: xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 mov ebx, eax mov edx, dword [ebx + eax*8 + ref_004808a2] ; mov edx, dword [ebx + eax*8 + 0x4808a2] push edx push 2 mov eax, dword [esp + 0x9c] or ah, 0x80 push eax call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc cmp byte [ref_00497159], 0 ; cmp byte [0x497159], 0 je short loc_0040ef96 ; je 0x40ef96 push 0 push 0 push 0x220 mov ecx, dword [ref_0048a0e4] ; mov ecx, dword [0x48a0e4] push ecx call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x6a push 1 push 0x28 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 push ref_0046336c ; push 0x46336c call fcn_0040e2a2 ; call 0x40e2a2 add esp, 4 loc_0040ef96: push 4 call fcn_00440706 ; call 0x440706 add esp, 4 mov esi, eax xor ebx, ebx mov ebp, dword [esp + 0x94] loc_0040efab: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge near fcn_0040ece6 ; jge 0x40ece6 cmp byte [ref_0046caf8], 0 ; cmp byte [0x46caf8], 0 jne near fcn_0040ece6 ; jne 0x40ece6 cmp ebx, ebp je short loc_0040efe1 ; je 0x40efe1 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_0040efe1 ; je 0x40efe1 push 0 push esi push ebx push ebp call fcn_0041d2c6 ; call 0x41d2c6 add esp, 0x10 loc_0040efe1: inc ebx jmp short loc_0040efab ; jmp 0x40efab fcn_0040efe4: xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 mov ebx, eax mov edi, dword [ebx + eax*8 + ref_004808a2] ; mov edi, dword [ebx + eax*8 + 0x4808a2] push edi push 2 mov eax, dword [esp + 0x9c] or ah, 0x80 push eax call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc cmp byte [ref_00497159], 0 ; cmp byte [0x497159], 0 je short loc_0040f05f ; je 0x40f05f push 0 push 0 push 0x221 mov ebp, dword [ref_0048a0e4] ; mov ebp, dword [0x48a0e4] push ebp call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x6b push 1 push 0x28 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 push ref_00463381 ; push 0x463381 call fcn_0040e2a2 ; call 0x40e2a2 add esp, 4 loc_0040f05f: push 5 call fcn_00440706 ; call 0x440706 add esp, 4 push 0 push eax push 0xffffffffffffffff mov eax, dword [esp + 0xa0] push eax call fcn_0041d2c6 ; call 0x41d2c6 add esp, 0x10 jmp near fcn_0040ece6 ; jmp 0x40ece6 fcn_0040f083: xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 mov ebx, eax mov edx, dword [ebx + eax*8 + ref_004808a2] ; mov edx, dword [ebx + eax*8 + 0x4808a2] push edx push 2 mov eax, dword [esp + 0x9c] or ah, 0x80 push eax call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc cmp byte [ref_00497159], 0 ; cmp byte [0x497159], 0 je short loc_0040f10c ; je 0x40f10c push 0 push 0 push 0x222 mov ecx, dword [ref_0048a0e4] ; mov ecx, dword [0x48a0e4] push ecx call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x6c push 1 push 0x28 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 push ref_0046338e ; push 0x46338e call fcn_0040e2a2 ; call 0x40e2a2 add esp, 4 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc loc_0040f10c: mov ebx, dword [esp + 0x94] push ebx call fcn_00441e77 ; call 0x441e77 add esp, 4 test eax, eax je near fcn_0040ece6 ; je 0x40ece6 mov esi, dword [eax*8 + (_card_table - 8)] ; mov esi, dword [eax*8 + 0x47fdea] push esi push ref_004633ab ; push 0x4633ab lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x5dc lea eax, [esp + 4] push eax loc_0040f148: call fcn_00440cac ; call 0x440cac loc_0040f14d: add esp, 8 jmp near fcn_0040ece6 ; jmp 0x40ece6 fcn_0040f155: xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 mov ebx, eax mov esi, dword [ebx + eax*8 + ref_004808a2] ; mov esi, dword [ebx + eax*8 + 0x4808a2] push esi push 2 mov eax, dword [esp + 0x9c] or ah, 0x80 push eax call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc cmp byte [ref_00497159], 0 ; cmp byte [0x497159], 0 je short loc_0040f1de ; je 0x40f1de push 0 push 0 push 0x223 mov edi, dword [ref_0048a0e4] ; mov edi, dword [0x48a0e4] push edi call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x6d push 1 push 0x28 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 push ref_004633c0 ; push 0x4633c0 call fcn_0040e2a2 ; call 0x40e2a2 add esp, 4 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc loc_0040f1de: mov ebp, dword [esp + 0x94] push ebp call fcn_00441ece ; call 0x441ece add esp, 4 test eax, eax je near fcn_0040ece6 ; je 0x40ece6 push 0x5dc push ref_004633d5 ; push 0x4633d5 jmp near loc_0040f148 ; jmp 0x40f148 fcn_0040f205: cmp byte [ref_00497159], 0 ; cmp byte [0x497159], 0 je near fcn_0040ece6 ; je 0x40ece6 push 0 push 0 push 0x224 mov ebx, dword [ref_0048a0e4] ; mov ebx, dword [0x48a0e4] push ebx call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x6e push 1 push 0x28 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 push ref_004633f0 ; push 0x4633f0 loc_0040f24b: call fcn_0040e2a2 ; call 0x40e2a2 loc_0040f250: add esp, 4 jmp near fcn_0040ece6 ; jmp 0x40ece6 fcn_0040f258: cmp byte [ref_00497159], 0 ; cmp byte [0x497159], 0 je near fcn_0040ece6 ; je 0x40ece6 push 0 push 0 push 0x225 mov ecx, dword [ref_0048a0e4] ; mov ecx, dword [0x48a0e4] push ecx call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x70 push 1 push 0x28 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 push ref_00463419 ; push 0x463419 jmp short loc_0040f24b ; jmp 0x40f24b fcn_0040f2a0: cmp byte [ref_00497159], 0 ; cmp byte [0x497159], 0 je near fcn_0040ece6 ; je 0x40ece6 push 0 push 0 push 0x226 mov edx, dword [ref_0048a0e4] ; mov edx, dword [0x48a0e4] push edx call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x6f push 1 push 0x28 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 push ref_0046344e ; push 0x46344e jmp near loc_0040f24b ; jmp 0x40f24b fcn_0040f2eb: xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 mov ebx, eax mov esi, dword [ebx + eax*8 + ref_004808a2] ; mov esi, dword [ebx + eax*8 + 0x4808a2] push esi push 2 mov eax, dword [esp + 0x9c] or ah, 0x80 push eax call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc cmp byte [ref_00497159], 0 ; cmp byte [0x497159], 0 je short loc_0040f366 ; je 0x40f366 push 0 push 0 push 0x227 mov edi, dword [ref_0048a0e4] ; mov edi, dword [0x48a0e4] push edi call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x71 push 1 push 0x28 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 push ref_00463495 ; push 0x463495 call fcn_0040e2a2 ; call 0x40e2a2 add esp, 4 loc_0040f366: mov ebp, dword [esp + 0x94] push ebp call fcn_00445b3f ; call 0x445b3f add esp, 4 push ebp call fcn_00441f21 ; call 0x441f21 jmp near loc_0040f250 ; jmp 0x40f250 fcn_0040f381: push ebx push esi push edi push ebp sub esp, 0x94 xor edx, edx mov dword [esp + 0x88], edx mov ecx, dword [esp + 0xa8] imul ebx, ecx, 0x68 cmp byte [ebx + (_players+50)], 0 ; cmp byte [ebx + 0x496b9a], 0 jne near loc_0040f8b3 ; jne 0x40f8b3 cmp byte [ebx + (_players+21)], 0 ; cmp byte [ebx + 0x496b7d], 0 je near loc_0040f8b3 ; je 0x40f8b3 mov edx, dword [esp + 0xac] mov eax, edx shl eax, 2 add eax, edx mov esi, dword [ref_00498e80] ; mov esi, dword [0x498e80] mov si, word [esi + eax*8 + 0x20] and esi, 0xffff mov al, byte [ebx + (_players+63)] ; mov al, byte [ebx + 0x496ba7] cmp al, 0xa jb short loc_0040f3ff ; jb 0x40f3ff lea ebx, [esi - 0x7d0] imul ebx, ebx, 0x34 cmp al, 0xa jbe near loc_0040f521 ; jbe 0x40f521 cmp al, 0xc je near loc_0040f68b ; je 0x40f68b jmp near loc_0040f8b3 ; jmp 0x40f8b3 loc_0040f3ff: cmp al, 9 jne near loc_0040f8b3 ; jne 0x40f8b3 push 0 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor edx, edx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc cmp esi, 0xfa0 jle short loc_0040f492 ; jle 0x40f492 cmp esi, 0x1770 jge short loc_0040f492 ; jge 0x40f492 lea eax, [esi - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] cmp byte [ebx + eax + 0x1a], 0 jne short loc_0040f492 ; jne 0x40f492 mov ecx, dword [ref_0047ed9a] ; mov ecx, dword [0x47ed9a] push ecx push ref_004634c0 ; push 0x4634c0 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 mov dword [esp + 0x88], 0x800 loc_0040f492: push esi call fcn_0040b110 ; call 0x40b110 add esp, 4 or dword [esp + 0x88], eax test byte [esp + 0x88], 1 je short loc_0040f4e1 ; je 0x40f4e1 test byte [esp + 0x89], 8 jne short loc_0040f4e1 ; jne 0x40f4e1 mov edi, dword [ref_0047ed9a] ; mov edi, dword [0x47ed9a] push edi push ref_004634c0 ; push 0x4634c0 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 loc_0040f4e1: mov bh, byte [esp + 0x88] test bh, 1 je near loc_0040f8b3 ; je 0x40f8b3 push 0 push ref_004823da ; push 0x4823da call fcn_004542ce ; call 0x4542ce add esp, 8 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc test bh, 0x80 je near loc_0040f8b3 ; je 0x40f8b3 call fcn_0040b0cd ; call 0x40b0cd jmp near loc_0040f8b3 ; jmp 0x40f8b3 loc_0040f521: cmp esi, 0x7d0 jle short loc_0040f574 ; jle 0x40f574 cmp esi, 0xfa0 jge short loc_0040f574 ; jge 0x40f574 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add ebx, eax cmp byte [ebx + 0x1a], 0 je near loc_0040f5d0 ; je 0x40f5d0 mov ch, byte [ebx + 0x19] test ch, ch je near loc_0040f5de ; je 0x40f5de mov eax, dword [ref_004990e8] ; mov eax, dword [0x4990e8] add eax, eax mov edx, eax shl eax, 4 sub eax, edx push eax mov edi, dword [esp + 0xac] push edi xor eax, eax mov al, ch dec eax push eax call fcn_0040df69 ; call 0x40df69 add esp, 0xc jmp short loc_0040f5de ; jmp 0x40f5de loc_0040f574: cmp esi, 0xfa0 jle short loc_0040f5d0 ; jle 0x40f5d0 cmp esi, 0x1770 jge short loc_0040f5d0 ; jge 0x40f5d0 lea eax, [esi - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] add ebx, eax cmp byte [ebx + 0x1a], 0 je short loc_0040f5d0 ; je 0x40f5d0 cmp byte [ebx + 0x19], 0 je short loc_0040f5de ; je 0x40f5de mov eax, dword [ref_004990e8] ; mov eax, dword [0x4990e8] add eax, eax mov edx, eax shl eax, 4 sub eax, edx push eax mov edx, dword [esp + 0xac] push edx xor eax, eax mov al, byte [ebx + 0x19] dec eax push eax call fcn_0040df69 ; call 0x40df69 add esp, 0xc jmp short loc_0040f5de ; jmp 0x40f5de loc_0040f5d0: cmp dword [esp + 0x88], 0 je near loc_0040f8b3 ; je 0x40f8b3 loc_0040f5de: push 0 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor edx, edx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0x5dc push ref_004634d7 ; push 0x4634d7 call fcn_00440cac ; call 0x440cac add esp, 8 push 0 push esi call fcn_0040ab4a ; call 0x40ab4a add esp, 8 push 0 lea eax, [esp + 0x88] push eax lea eax, [esp + 0x88] push eax push esi call fcn_0040b066 ; call 0x40b066 add esp, 0x10 push 0 push 0 push 0x20e mov eax, dword [ref_0048a0e4] ; mov eax, dword [0x48a0e4] push eax call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x5f push 0x30001 mov eax, dword [esp + 0x8c] sub eax, 0x37 push eax mov eax, dword [esp + 0x8c] sub eax, 0x37 push eax push ebx call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 jmp near loc_0040f8b3 ; jmp 0x40f8b3 loc_0040f68b: cmp esi, 0x7d0 jle near loc_0040f753 ; jle 0x40f753 cmp esi, 0xfa0 jge near loc_0040f753 ; jge 0x40f753 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add ebx, eax xor edx, edx mov dl, byte [ebx + 0x19] lea eax, [ecx + 1] cmp edx, eax je near loc_0040f83c ; je 0x40f83c test dl, dl je short loc_0040f70d ; je 0x40f70d xor eax, eax mov ax, word [ebx + 0x1c] mov esi, dword [ref_004990e8] ; mov esi, dword [0x4990e8] imul eax, esi mov dword [esp + 0x8c], eax fild dword [esp + 0x8c] xor eax, eax mov al, byte [ebx + 0x1a] mov dword [esp + 0x90], eax fild word [esp + 0x90] fadd dword [ref_0046350c] ; fadd dword [0x46350c] fdiv dword [ref_00463510] ; fdiv dword [0x463510] fmulp st1 ; fmulp st(1) sub esp, 8 fstp qword [esp] push ecx dec edx push edx call fcn_0040df69 ; call 0x40df69 add esp, 0x10 loc_0040f70d: mov dword [esp + 0x88], 1 cmp dword [ref_00499110], 0 ; cmp dword [0x499110], 0 je near loc_0040f826 ; je 0x40f826 cmp byte [ebx + 0x19], 0 jne near loc_0040f826 ; jne 0x40f826 mov eax, dword [ref_00499110] ; mov eax, dword [0x499110] mov edx, dword [eax*4 + ref_004751f0] ; mov edx, dword [eax*4 + 0x4751f0] push edx mov ecx, dword [ref_00497160] ; mov ecx, dword [0x497160] push ecx call fcn_004521cb ; call 0x4521cb add esp, 8 mov dword [ebx + 0x30], eax jmp near loc_0040f826 ; jmp 0x40f826 loc_0040f753: cmp esi, 0xfa0 jle near loc_0040f83c ; jle 0x40f83c cmp esi, 0x1770 jge near loc_0040f83c ; jge 0x40f83c lea eax, [esi - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] add ebx, eax xor edx, edx mov dl, byte [ebx + 0x19] mov eax, dword [esp + 0xa8] inc eax cmp edx, eax je near loc_0040f83c ; je 0x40f83c test dl, dl je short loc_0040f7f2 ; je 0x40f7f2 xor eax, eax mov ax, word [ebx + 0x22] mov esi, dword [ref_004990e8] ; mov esi, dword [0x4990e8] imul eax, esi mov dword [esp + 0x8c], eax fild dword [esp + 0x8c] xor eax, eax mov al, byte [ebx + 0x1a] mov dword [esp + 0x90], eax fild word [esp + 0x90] fadd dword [ref_0046350c] ; fadd dword [0x46350c] fdiv dword [ref_00463510] ; fdiv dword [0x463510] fmulp st1 ; fmulp st(1) sub esp, 8 fstp qword [esp] mov edi, dword [esp + 0xb0] push edi dec edx push edx call fcn_0040df69 ; call 0x40df69 add esp, 0x10 loc_0040f7f2: mov dword [esp + 0x88], 1 mov eax, dword [ref_00499110] ; mov eax, dword [0x499110] test eax, eax je short loc_0040f826 ; je 0x40f826 cmp byte [ebx + 0x19], 0 jne short loc_0040f826 ; jne 0x40f826 mov edx, dword [eax*4 + ref_004751f0] ; mov edx, dword [eax*4 + 0x4751f0] push edx mov ecx, dword [ref_00497160] ; mov ecx, dword [0x497160] push ecx call fcn_004521cb ; call 0x4521cb add esp, 8 mov dword [ebx + 0x34], eax loc_0040f826: mov al, byte [esp + 0xa8] inc al mov byte [ebx + 0x19], al push 0 call fcn_0040a4e1 ; call 0x40a4e1 add esp, 4 loc_0040f83c: cmp dword [esp + 0x88], 0 je short loc_0040f8b3 ; je 0x40f8b3 push 0 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor edx, edx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0x5dc push ref_004634f2 ; push 0x4634f2 call fcn_00440cac ; call 0x440cac add esp, 8 mov edi, dword [_current_player] ; mov edi, dword [0x49910c] imul eax, edi, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff mov ebx, eax shl ebx, 2 sub ebx, eax shl ebx, 2 mov eax, ebx mov ebp, dword [eax + ebx*8 + ref_0048084a] ; mov ebp, dword [eax + ebx*8 + 0x48084a] push ebp push 0 push edi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_0040f8b3: add esp, 0x94 pop ebp pop edi pop esi pop ebx ret fcn_0040f8be: push ebx push esi push edi push ebp sub esp, 0x80 mov edi, dword [esp + 0x94] xor ebx, ebx imul eax, edi, 0x68 mov dl, byte [eax + (_players+63)] ; mov dl, byte [eax + 0x496ba7] cmp dl, 3 je short loc_0040f8e8 ; je 0x40f8e8 cmp dl, 4 jne near fcn_0040ece6 ; jne 0x40ece6 loc_0040f8e8: push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov edx, dword [esp + 0x98] mov eax, edx shl eax, 2 add eax, edx mov esi, dword [ref_00498e80] ; mov esi, dword [0x498e80] mov si, word [esi + eax*8 + 0x20] and esi, 0xffff cmp esi, 0xfa0 jle short loc_0040f982 ; jle 0x40f982 cmp esi, 0x1770 jge short loc_0040f982 ; jge 0x40f982 lea eax, [esi - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, eax mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] cmp byte [edx + eax + 0x1a], 0 jne short loc_0040f982 ; jne 0x40f982 imul eax, edi, 0x68 mov al, byte [eax + (_players+63)] ; mov al, byte [eax + 0x496ba7] and eax, 0xff mov edx, dword [eax*4 + ref_0047ed76] ; mov edx, dword [eax*4 + 0x47ed76] push edx push ref_004634c0 ; push 0x4634c0 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 mov ebx, 0x800 loc_0040f982: push esi call fcn_0040b110 ; call 0x40b110 add esp, 4 or ebx, eax test bl, 1 je short loc_0040f9d1 ; je 0x40f9d1 test bh, 8 jne short loc_0040f9d1 ; jne 0x40f9d1 imul eax, edi, 0x68 mov al, byte [eax + (_players+63)] ; mov al, byte [eax + 0x496ba7] and eax, 0xff mov ecx, dword [eax*4 + ref_0047ed76] ; mov ecx, dword [eax*4 + 0x47ed76] push ecx push ref_004634c0 ; push 0x4634c0 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 loc_0040f9d1: test bl, 1 je near fcn_0040ece6 ; je 0x40ece6 push 0 push ref_004823da ; push 0x4823da call fcn_004542ce ; call 0x4542ce add esp, 8 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc imul eax, edi, 0x68 test bl, 0x80 je short loc_0040fa30 ; je 0x40fa30 xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 mov ebx, eax mov ebp, dword [ebx + eax*8 + ref_00480886] ; mov ebp, dword [ebx + eax*8 + 0x480886] push ebp push 0 push edi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc call fcn_0040b0cd ; call 0x40b0cd jmp near fcn_0040ece6 ; jmp 0x40ece6 loc_0040fa30: xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 mov ebx, eax shl eax, 3 add ebx, eax call clib_rand ; call 0x456f2d and eax, 1 mov esi, dword [ebx + eax*4 + ref_0048084a] ; mov esi, dword [ebx + eax*4 + 0x48084a] push esi push 0 push edi jmp near loc_0040ecde ; jmp 0x40ecde fcn_0040fa61: push esi sub esp, 0x80 xor edx, edx imul eax, dword [esp + 0x88], 0x68 mov al, byte [eax + (_players+63)] ; mov al, byte [eax + 0x496ba7] cmp al, 8 jb short loc_0040fa84 ; jb 0x40fa84 jbe short loc_0040fa88 ; jbe 0x40fa88 cmp al, 0xf je short loc_0040fa88 ; je 0x40fa88 jmp short loc_0040facc ; jmp 0x40facc loc_0040fa84: cmp al, 7 jne short loc_0040facc ; jne 0x40facc loc_0040fa88: imul eax, dword [esp + 0x88], 0x68 mov al, byte [eax + (_players+63)] ; mov al, byte [eax + 0x496ba7] and eax, 0xff mov esi, dword [eax*4 + ref_0047ed76] ; mov esi, dword [eax*4 + 0x47ed76] push esi push ref_00463514 ; push 0x463514 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 mov edx, 1 loc_0040facc: mov eax, edx add esp, 0x80 pop esi ret fcn_0040fad6: push ebx mov ebx, 1 xor edx, edx jmp short loc_0040fae6 ; jmp 0x40fae6 loc_0040fae0: inc edx cmp edx, 0x2e jge short loc_0040faf9 ; jge 0x40faf9 loc_0040fae6: mov eax, edx shl eax, 2 sub eax, edx cmp byte [eax*8 + ref_00496d0e], 0 ; cmp byte [eax*8 + 0x496d0e], 0 je short loc_0040fae0 ; je 0x40fae0 xor ebx, ebx loc_0040faf9: mov eax, ebx pop ebx ret fcn_0040fafd: push ebx push esi push edi sub esp, 4 mov edi, dword [esp + 0x14] test edi, edi je near loc_0040fbb1 ; je 0x40fbb1 mov edx, dword [esp + 0x18] mov eax, edx shl eax, 2 add eax, edx mov ecx, dword [ref_00498e80] ; mov ecx, dword [0x498e80] dec edi movsx esi, word [ecx + eax*8] movsx ebx, word [ecx + eax*8 + 2] mov edx, dword [esp + 0x1c] mov eax, edx shl eax, 2 add eax, edx movsx edx, word [ecx + eax*8] movsx ecx, word [ecx + eax*8 + 2] mov eax, esi sub eax, edx mov dword [esp], eax fild dword [esp] fmul qword [ref_0046352c] ; fmul qword [0x46352c] mov eax, edi shl eax, 2 sub eax, edi fstp dword [eax*8 + ref_00496d18] ; fstp dword [eax*8 + 0x496d18] mov edx, ebx sub edx, ecx mov dword [esp], edx fild dword [esp] fmul qword [ref_0046352c] ; fmul qword [0x46352c] fstp dword [eax*8 + ref_00496d1c] ; fstp dword [eax*8 + 0x496d1c] mov dword [esp], esi fild dword [esp] fadd dword [eax*8 + ref_00496d18] ; fadd dword [eax*8 + 0x496d18] fstp dword [eax*8 + ref_00496d10] ; fstp dword [eax*8 + 0x496d10] mov dword [esp], ebx fild dword [esp] fadd dword [eax*8 + ref_00496d1c] ; fadd dword [eax*8 + 0x496d1c] fstp dword [eax*8 + ref_00496d14] ; fstp dword [eax*8 + 0x496d14] mov byte [eax*8 + ref_00496d0e], 0xff ; mov byte [eax*8 + 0x496d0e], 0xff mov dl, byte [eax*8 + ref_00496d09] ; mov dl, byte [eax*8 + 0x496d09] mov byte [eax*8 + ref_00496d0f], dl ; mov byte [eax*8 + 0x496d0f], dl loc_0040fbb1: add esp, 4 pop edi pop esi pop ebx ret fcn_0040fbb8: push ebx push esi mov ecx, dword [esp + 0xc] mov ebx, 0xffffffff xor edx, edx mov esi, dword [_nplayers] ; mov esi, dword [0x499114] loc_0040fbcb: cmp edx, esi jge short loc_0040fbfb ; jge 0x40fbfb cmp edx, ecx je short loc_0040fbf8 ; je 0x40fbf8 imul eax, edx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_0040fbf8 ; je 0x40fbf8 cmp byte [eax + (_players+63)], 0xe ; cmp byte [eax + 0x496ba7], 0xe je short loc_0040fbf1 ; je 0x40fbf1 cmp byte [eax + (_players+63)], 0xf ; cmp byte [eax + 0x496ba7], 0xf jne short loc_0040fbf8 ; jne 0x40fbf8 loc_0040fbf1: mov ebx, edx mov eax, ebx pop esi pop ebx ret loc_0040fbf8: inc edx jmp short loc_0040fbcb ; jmp 0x40fbcb loc_0040fbfb: mov eax, ebx pop esi pop ebx ret fcn_0040fc00: push ebx imul edx, dword [esp + 8], 0x68 mov ah, byte [edx + (_players+63)] ; mov ah, byte [edx + 0x496ba7] test ah, ah je short loc_0040fc2b ; je 0x40fc2b xor ecx, ecx mov cl, ah dec ecx mov eax, ecx shl eax, 2 sub eax, ecx mov dx, word [edx + (_players+12)] ; mov dx, word [edx + 0x496b74] mov word [eax*8 + ref_00496d0a], dx ; mov word [eax*8 + 0x496d0a], dx loc_0040fc2b: imul edx, dword [esp + 8], 0x68 mov bl, byte [edx + (_players+64)] ; mov bl, byte [edx + 0x496ba8] test bl, bl je short loc_0040fc55 ; je 0x40fc55 xor ecx, ecx mov cl, bl dec ecx mov eax, ecx shl eax, 2 sub eax, ecx mov dx, word [edx + (_players+12)] ; mov dx, word [edx + 0x496b74] mov word [eax*8 + ref_00496d0a], dx ; mov word [eax*8 + 0x496d0a], dx loc_0040fc55: pop ebx ret fcn_0040fc57: push ebx push esi push edi push ebp sub esp, 4 mov ebp, dword [esp + 0x18] mov edi, dword [esp + 0x1c] call fcn_00454f5b ; call 0x454f5b mov dword [esp], eax push 1 push 3 push 0x101010 push 0xf0f0f0 push 0xc call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [ebx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax push 0x78 push 0x9f push 0xe2 push 0x12 lea eax, [edi + 0xe2] push eax lea eax, [ebp + 0x12] push eax mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045643d ; call 0x45643d add esp, 0x20 xor ebx, ebx mov esi, 0xe9 jmp short loc_0040fd05 ; jmp 0x40fd05 loc_0040fce0: push 5 lea eax, [edi + esi] push eax lea eax, [ebp + 0x1a] push eax mov edx, dword [ebx*4 + ref_00474a9c] ; mov edx, dword [ebx*4 + 0x474a9c] push edx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx add esi, 0xf cmp ebx, 8 jge short loc_0040fd31 ; jge 0x40fd31 loc_0040fd05: lea eax, [ebx + 1] cmp eax, dword [esp] jne short loc_0040fce0 ; jne 0x40fce0 push 0xff0000 push 0xe push 0x9f lea eax, [edi + esi - 7] push eax lea eax, [ebp + 0x12] push eax push ref_0046caec ; push 0x46caec call fcn_004561be ; call 0x4561be add esp, 0x18 jmp short loc_0040fce0 ; jmp 0x40fce0 loc_0040fd31: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push eax call dword [ebx + 0x80] ; ucall add esp, 4 pop ebp pop edi pop esi pop ebx ret fcn_0040fd49: push ebx push esi push edi push ebp mov ebp, dword [esp + 0x14] mov edi, dword [esp + 0x18] mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [ebx + 0x64] ; ucall push edi push ebp mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 xor esi, esi mov ebx, dword [ref_00474b92] ; mov ebx, dword [0x474b92] add ebx, ebp loc_0040fd8f: xor eax, eax mov al, byte [ref_0048bb48] ; mov al, byte [0x48bb48] cmp esi, eax jg short loc_0040fdc0 ; jg 0x40fdc0 mov eax, dword [ref_00474b96] ; mov eax, dword [0x474b96] add eax, edi push eax push ebx mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0x48 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 inc esi add ebx, 0x10 jmp short loc_0040fd8f ; jmp 0x40fd8f loc_0040fdc0: cmp byte [ref_0048bb49], 0 ; cmp byte [0x48bb49], 0 je short loc_0040fdf1 ; je 0x40fdf1 mov eax, dword [ref_00474c26] ; mov eax, dword [0x474c26] add eax, edi push eax mov eax, dword [ref_00474c22] ; mov eax, dword [0x474c22] add eax, ebp push eax mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0x78 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 loc_0040fdf1: cmp byte [ref_0048bb4a], 0 ; cmp byte [0x48bb4a], 0 je short loc_0040fe5e ; je 0x40fe5e xor esi, esi mov ebx, dword [ref_00474ba2] ; mov ebx, dword [0x474ba2] add ebx, ebp loc_0040fe04: xor eax, eax mov al, byte [ref_0048bb4a] ; mov al, byte [0x48bb4a] cmp esi, eax jge short loc_0040fe36 ; jge 0x40fe36 mov eax, dword [ref_00474ba6] ; mov eax, dword [0x474ba6] add eax, edi push eax push ebx mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0x48 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 inc esi add ebx, 0x10 jmp short loc_0040fe04 ; jmp 0x40fe04 loc_0040fe36: mov eax, dword [ref_00474c36] ; mov eax, dword [0x474c36] add eax, edi push eax mov eax, dword [ref_00474c32] ; mov eax, dword [0x474c32] add eax, ebp push eax mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0x78 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 loc_0040fe5e: cmp byte [ref_0048bb4b], 0 ; cmp byte [0x48bb4b], 0 je short loc_0040feca ; je 0x40feca xor esi, esi mov ebx, dword [ref_00474bb2] ; mov ebx, dword [0x474bb2] add ebx, ebp loc_0040fe71: xor eax, eax mov al, byte [ref_0048bb4b] ; mov al, byte [0x48bb4b] cmp esi, eax jge short loc_0040fea2 ; jge 0x40fea2 mov eax, dword [ref_00474bb6] ; mov eax, dword [0x474bb6] add eax, edi push eax push ebx mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0x48 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 inc esi add ebx, 0x10 jmp short loc_0040fe71 ; jmp 0x40fe71 loc_0040fea2: mov eax, dword [ref_00474c46] ; mov eax, dword [0x474c46] add eax, edi push eax mov eax, dword [ref_00474c42] ; mov eax, dword [0x474c42] add eax, ebp push eax mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0x78 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_00456418 ; call 0x456418 add esp, 0x10 loc_0040feca: cmp byte [ref_0048bb4c], 0 ; cmp byte [0x48bb4c], 0 je short loc_0040fefb ; je 0x40fefb mov eax, dword [ref_00474c56] ; mov eax, dword [0x474c56] add eax, edi push eax mov eax, dword [ref_00474c52] ; mov eax, dword [0x474c52] add eax, ebp push eax mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0x78 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 loc_0040fefb: xor eax, eax mov al, byte [ref_0048bb4d] ; mov al, byte [0x48bb4d] movsx eax, word [eax*2 + ref_00474c92] ; movsx eax, word [eax*2 + 0x474c92] add eax, edi push eax lea eax, [ebp + 0xda] push eax mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0x78 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push eax call dword [ebx + 0x80] ; ucall push edi push ebp call fcn_0040fc57 ; call 0x40fc57 add esp, 8 pop ebp pop edi pop esi pop ebx ret fcn_0040ff4b: push ebx push esi push edi push ebp sub esp, 0x14 mov edi, dword [esp + 0x28] mov esi, edi shr esi, 0x10 mov eax, edi shr eax, 8 and eax, 0xff mov dword [esp + 0x10], eax mov ebp, edi and ebp, 0xff mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [ebx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax mov edx, dword [esp + 0x30] push edx mov ecx, dword [esp + 0x30] push ecx mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0x24 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 2 movsx eax, word [ref_00474cd6] ; movsx eax, word [0x474cd6] add eax, dword [esp + 0x34] push eax movsx eax, word [ref_00474cd4] ; movsx eax, word [0x474cd4] add eax, dword [esp + 0x34] push eax mov eax, dword [esp + 0x1c] mov ebx, dword [eax*4 + ref_00474c94] ; mov ebx, dword [eax*4 + 0x474c94] push ebx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0xa lea eax, [esp + 4] push eax push esi call fcn_00457d61 ; call 0x457d61 add esp, 0xc push 2 movsx eax, word [ref_00474cda] ; movsx eax, word [0x474cda] mov esi, dword [esp + 0x34] add eax, esi push eax movsx eax, word [ref_00474cd8] ; movsx eax, word [0x474cd8] add eax, dword [esp + 0x34] push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 and di, 0xff00 mov eax, edi or al, 1 lea ebx, [esp + 0xc] push ebx lea ebx, [esp + 0xc] push ebx push eax call fcn_004520a6 ; call 0x4520a6 add esp, 0xc mov ebx, dword [esp + 8] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 3 sub eax, ebx add eax, 0x1c mov dword [esp + 8], eax mov eax, dword [esp + 8] mov word [ref_0048bb08], ax ; mov word [0x48bb08], ax mov word [ref_0048bb0a], 0x50 ; mov word [0x48bb0a], 0x50 mov edi, 1 movsx ebx, ax add ebx, dword [esp + 0x2c] add esi, 0x50 loc_00410073: cmp edi, dword [esp + 0xc] jg near loc_00410126 ; jg 0x410126 push 0xa lea eax, [esp + 4] push eax push edi call fcn_00457d61 ; call 0x457d61 add esp, 0xc cmp edi, ebp jne short loc_004100f1 ; jne 0x4100f1 push 0x51916c push 0x10 push 0x14 lea eax, [esi - 6] push eax lea eax, [ebx - 0xa] push eax push ref_0046caec ; push 0x46caec call fcn_004561be ; call 0x4561be add esp, 0x18 push 0 push 2 push 0x101010 push 0xffffff push 0xf call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push esi push ebx lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 2 push 0x101010 push 0x101010 push 0xf call fcn_0044f9d8 ; call 0x44f9d8 jmp short loc_00410101 ; jmp 0x410101 loc_004100f1: push 2 push esi push ebx lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc loc_00410101: add esp, 0x14 mov eax, dword [esp + 0x2c] add eax, 0xa6 cmp ebx, eax jne short loc_0041011d ; jne 0x41011d mov ebx, dword [esp + 0x2c] add ebx, 0x1c add esi, 0x12 jmp short loc_00410120 ; jmp 0x410120 loc_0041011d: add ebx, 0x17 loc_00410120: inc edi jmp near loc_00410073 ; jmp 0x410073 loc_00410126: mov ecx, dword [esp + 0x2c] sub ebx, ecx mov word [ref_0048bb0c], bx ; mov word [0x48bb0c], bx mov edi, dword [esp + 0x30] sub esi, edi mov word [ref_0048bb0e], si ; mov word [0x48bb0e], si mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push eax call dword [ebx + 0x80] ; ucall add esp, 0x14 pop ebp pop edi pop esi pop ebx ret fcn_00410158: push ebx push esi push edi push ebp sub esp, 0x38 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov edx, dword [esp + 0x50] push edx mov ecx, dword [esp + 0x50] push ecx mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0x18 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_00456418 ; call 0x456418 add esp, 0x10 xor ebx, ebx mov edi, dword [esp + 0x4c] add edi, 0x84 mov esi, dword [esp + 0x50] add esi, 0x21 jmp near loc_004102db ; jmp 0x4102db loc_004101af: push 0 push 1 push 0x101010 push 0xf0f000 loc_004101bd: push 0xc call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor ah, ah mov byte [esp], ah lea eax, [ebx + ebx] test byte [eax + ref_0048bb11], 0xff ; test byte [eax + 0x48bb11], 0xff je short loc_0041023d ; je 0x41023d mov ax, word [eax + ref_0048bb10] ; mov ax, word [eax + 0x48bb10] mov ecx, eax and ecx, 0xffff sar ecx, 8 and ecx, 0xff xor eax, eax loc_004101f2: mov edx, eax shl edx, 3 cmp byte [edx + ref_0047edfa], 0 ; cmp byte [edx + 0x47edfa], 0 je short loc_00410213 ; je 0x410213 mov dl, byte [edx + ref_0047edfa] ; mov dl, byte [edx + 0x47edfa] and edx, 0xff cmp edx, ecx je short loc_00410213 ; je 0x410213 inc eax jmp short loc_004101f2 ; jmp 0x4101f2 loc_00410213: shl eax, 3 cmp byte [eax + ref_0047edfa], 0 ; cmp byte [eax + 0x47edfa], 0 je short loc_0041023d ; je 0x41023d test byte [ebx*2 + ref_0048bb10], 0xff ; test byte [ebx*2 + 0x48bb10], 0xff je short loc_0041023d ; je 0x41023d mov ebp, dword [eax + ref_0047edfe] ; mov ebp, dword [eax + 0x47edfe] push ebp lea eax, [esp + 4] push eax call fcn_00457d96 ; call 0x457d96 add esp, 8 loc_0041023d: lea eax, [ebx + ebx] test byte [eax + ref_0048bb10], 0xff ; test byte [eax + 0x48bb10], 0xff je short loc_0041029a ; je 0x41029a mov ax, word [eax + ref_0048bb10] ; mov ax, word [eax + 0x48bb10] xor ah, ah xor ecx, ecx mov cx, ax xor eax, eax loc_00410259: mov edx, eax shl edx, 3 cmp byte [edx + ref_0047edfa], 0 ; cmp byte [edx + 0x47edfa], 0 je short loc_0041027a ; je 0x41027a mov dl, byte [edx + ref_0047edfa] ; mov dl, byte [edx + 0x47edfa] and edx, 0xff cmp edx, ecx je short loc_0041027a ; je 0x41027a inc eax jmp short loc_00410259 ; jmp 0x410259 loc_0041027a: shl eax, 3 cmp byte [eax + ref_0047edfa], 0 ; cmp byte [eax + 0x47edfa], 0 je short loc_0041029a ; je 0x41029a mov edx, dword [eax + ref_0047edfe] ; mov edx, dword [eax + 0x47edfe] push edx lea eax, [esp + 4] push eax call fcn_004582fc ; call 0x4582fc add esp, 8 loc_0041029a: cmp byte [esp], 0 je short loc_004102b3 ; je 0x4102b3 push 2 push esi push edi lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 loc_004102b3: add esi, 0x10 cmp ebx, 0xe jne short loc_004102cc ; jne 0x4102cc mov edi, dword [esp + 0x4c] add edi, 0x11c mov esi, dword [esp + 0x50] add esi, 0x21 loc_004102cc: inc ebx cmp ebx, 0x1c jge short loc_004102ee ; jge 0x4102ee cmp ebx, 8 jge near loc_004101af ; jge 0x4101af loc_004102db: push 0 push 1 push 0x101010 push 0xf0f0 jmp near loc_004101bd ; jmp 0x4101bd loc_004102ee: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov eax, dword [esp + 0x4c] mov dword [esp + 0x28], eax mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] movsx edx, word [eax + 0x18] mov ecx, dword [esp + 0x4c] add ecx, edx mov dword [esp + 0x30], ecx mov edx, dword [esp + 0x50] mov dword [esp + 0x2c], edx movsx eax, word [eax + 0x1a] add edx, eax mov dword [esp + 0x34], edx push 0 lea eax, [esp + 0x2c] push eax mov ecx, dword [_gWindowHandle] ; mov ecx, dword [0x48a0d4] push ecx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] add esp, 0x38 pop ebp pop edi pop esi pop ebx ret endloc_00410348: db 0x8d db 0x40 db 0x00 ref_0041034b: ; may contain a jump table dd fcn_00410537 dd fcn_00410572 dd fcn_004105b9 dd fcn_004105f4 dd fcn_004105f4 dd fcn_004105f4 dd fcn_00410668 dd fcn_004106c1 dd fcn_004106c1 dd fcn_00410745 dd fcn_0041076e dd fcn_0041079c dd fcn_004107d8 dd fcn_004107f3 dd fcn_004107f3 dd fcn_004107f3 ref_0041038b: ; may contain a jump table dd fcn_00410838 dd fcn_00410838 dd fcn_00410838 dd fcn_004104a5 dd fcn_0041095b dd fcn_00410969 fcn_004103a3: push ebx push esi push edi push ebp sub esp, 0x40 mov edi, dword [esp + 0x54] mov eax, dword [esp + 0x58] mov esi, dword [esp + 0x60] cmp eax, 0x202 jb short loc_004103ec ; jb 0x4103ec jbe near loc_00410820 ; jbe 0x410820 cmp eax, 0x205 jb short loc_004103dc ; jb 0x4103dc jbe near fcn_0041095b ; jbe 0x41095b cmp eax, 0x401 je short loc_00410402 ; je 0x410402 jmp near loc_00410a73 ; jmp 0x410a73 loc_004103dc: cmp eax, 0x203 loc_004103e1: je near loc_004104af ; je 0x4104af jmp near loc_00410a73 ; jmp 0x410a73 loc_004103ec: cmp eax, 0xf jb near loc_00410a73 ; jb 0x410a73 jbe near loc_00410a1b ; jbe 0x410a1b cmp eax, 0x201 jmp short loc_004103e1 ; jmp 0x4103e1 loc_00410402: mov dword [ref_00474d74], 0xffffffff ; mov dword [0x474d74], 0xffffffff push 0x10 push ref_00497158 ; push 0x497158 push ref_0048bb48 ; push 0x48bb48 call _memcpy ; call 0x456de8 add esp, 0xc xor eax, eax mov ax, si mov dword [ref_0048bb74], eax ; mov dword [0x48bb74], eax mov eax, esi shr eax, 0x10 and eax, 0xffff and eax, 0xffff mov dword [ref_0048bb78], eax ; mov dword [0x48bb78], eax mov eax, dword [ref_0048bb74] ; mov eax, dword [0x48bb74] mov dword [ref_0048bb64], eax ; mov dword [0x48bb64], eax mov eax, dword [ref_0048bb78] ; mov eax, dword [0x48bb78] mov dword [ref_0048bb68], eax ; mov dword [0x48bb68], eax mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] movsx ebx, word [eax + 0xc] mov edx, dword [ref_0048bb74] ; mov edx, dword [0x48bb74] add edx, ebx mov dword [ref_0048bb6c], edx ; mov dword [0x48bb6c], edx movsx edx, word [eax + 0xe] mov eax, dword [ref_0048bb78] ; mov eax, dword [0x48bb78] add eax, edx mov dword [ref_0048bb70], eax ; mov dword [0x48bb70], eax mov ecx, dword [ref_0048bb78] ; mov ecx, dword [0x48bb78] push ecx mov ebx, dword [ref_0048bb74] ; mov ebx, dword [0x48bb74] push ebx call fcn_0040fd49 ; call 0x40fd49 add esp, 8 push 1 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 0 loc_0041049d: push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] fcn_004104a5: xor eax, eax loc_004104a7: add esp, 0x40 jmp near loc_0041111b ; jmp 0x41111b loc_004104af: xor ebx, ebx mov bx, si sub ebx, dword [ref_0048bb74] ; sub ebx, dword [0x48bb74] shr esi, 0x10 and esi, 0xffff and esi, 0xffff sub esi, dword [ref_0048bb78] ; sub esi, dword [0x48bb78] xor edx, edx mov dword [ref_00474d74], edx ; mov dword [0x474d74], edx jmp short loc_004104eb ; jmp 0x4104eb loc_004104d9: mov ecx, dword [ref_00474d74] ; mov ecx, dword [0x474d74] inc ecx mov dword [ref_00474d74], ecx ; mov dword [0x474d74], ecx cmp ecx, 0x10 jge short loc_00410522 ; jge 0x410522 loc_004104eb: mov eax, dword [ref_00474d74] ; mov eax, dword [0x474d74] shl eax, 4 cmp ebx, dword [eax + ref_00474b92] ; cmp ebx, dword [eax + 0x474b92] jl short loc_004104d9 ; jl 0x4104d9 cmp esi, dword [eax + ref_00474b96] ; cmp esi, dword [eax + 0x474b96] jl short loc_004104d9 ; jl 0x4104d9 cmp ebx, dword [eax + ref_00474b9a] ; cmp ebx, dword [eax + 0x474b9a] jge short loc_004104d9 ; jge 0x4104d9 cmp esi, dword [eax + ref_00474b9e] ; cmp esi, dword [eax + 0x474b9e] jge short loc_004104d9 ; jge 0x4104d9 push 0 push ref_0048bb64 ; push 0x48bb64 push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_00410522: mov eax, dword [ref_00474d74] ; mov eax, dword [0x474d74] cmp eax, 0xf ja near fcn_004104a5 ; ja 0x4104a5 jmp dword [eax*4 + ref_0041034b] ; ujmp: jmp dword [eax*4 + 0x41034b] fcn_00410537: push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 mov esi, dword [ref_00474b92] ; mov esi, dword [0x474b92] mov edx, ebx sub edx, esi mov eax, edx sar edx, 0x1f shl edx, 4 sbb eax, edx sar eax, 4 mov byte [ref_0048bb48], al ; mov byte [0x48bb48], al mov edi, dword [ref_0048bb78] ; mov edi, dword [0x48bb78] push edi mov ebp, dword [ref_0048bb74] ; mov ebp, dword [0x48bb74] push ebp jmp short loc_004105ac ; jmp 0x4105ac fcn_00410572: push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 mov edx, dword [ref_00474ba2] ; mov edx, dword [0x474ba2] sub ebx, edx mov edx, ebx mov eax, ebx sar edx, 0x1f shl edx, 4 sbb eax, edx sar eax, 4 inc eax mov byte [ref_0048bb4a], al ; mov byte [0x48bb4a], al loc_0041059e: mov ecx, dword [ref_0048bb78] ; mov ecx, dword [0x48bb78] push ecx mov ebx, dword [ref_0048bb74] ; mov ebx, dword [0x48bb74] push ebx loc_004105ac: call fcn_0040fd49 ; call 0x40fd49 loc_004105b1: add esp, 8 jmp near fcn_004104a5 ; jmp 0x4104a5 fcn_004105b9: push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 mov edi, dword [ref_00474bb2] ; mov edi, dword [0x474bb2] mov edx, ebx sub edx, edi mov eax, edx sar edx, 0x1f shl edx, 4 sbb eax, edx sar eax, 4 inc eax mov byte [ref_0048bb4b], al ; mov byte [0x48bb4b], al loc_004105e5: mov ebp, dword [ref_0048bb78] ; mov ebp, dword [0x48bb78] push ebp mov eax, dword [ref_0048bb74] ; mov eax, dword [0x48bb74] push eax jmp short loc_004105ac ; jmp 0x4105ac fcn_004105f4: push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_00474d74] ; mov eax, dword [0x474d74] shl eax, 4 mov edx, dword [ref_0048bb78] ; mov edx, dword [0x48bb78] add edx, dword [eax + ref_00474b96] ; add edx, dword [eax + 0x474b96] push edx mov edx, dword [ref_0048bb74] ; mov edx, dword [0x48bb74] add edx, dword [eax + ref_00474b92] ; add edx, dword [eax + 0x474b92] push edx mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0x54 push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi loc_0041064b: call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall jmp near fcn_004104a5 ; jmp 0x4104a5 fcn_00410668: cmp byte [ref_0049715a], 0 ; cmp byte [0x49715a], 0 je short loc_004106b0 ; je 0x4106b0 lea edx, [esi - 0xe2] mov ebx, 0xf mov eax, edx sar edx, 0x1f idiv ebx lea ebx, [eax + 1] push ebx call fcn_00454d91 ; call 0x454d91 add esp, 4 mov ebp, dword [ref_0048bb78] ; mov ebp, dword [0x48bb78] push ebp mov eax, dword [ref_0048bb74] ; mov eax, dword [0x48bb74] push eax call fcn_0040fc57 ; call 0x40fc57 add esp, 8 push 0 push ref_0048bb64 ; push 0x48bb64 jmp near loc_0041049d ; jmp 0x41049d loc_004106b0: push 0 push ref_0048233a ; push 0x48233a call fcn_004542ce ; call 0x4542ce jmp near loc_004105b1 ; jmp 0x4105b1 fcn_004106c1: push 0 mov eax, dword [ref_00474d74] ; mov eax, dword [0x474d74] sub eax, 7 xor al, 1 shl eax, 3 add eax, 0x10 add eax, ref_0048231a ; add eax, 0x48231a push eax call fcn_004542ce ; call 0x4542ce add esp, 8 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_00474d74] ; mov eax, dword [0x474d74] shl eax, 4 mov edx, dword [ref_0048bb78] ; mov edx, dword [0x48bb78] add edx, dword [eax + ref_00474b96] ; add edx, dword [eax + 0x474b96] push edx mov edx, dword [ref_0048bb74] ; mov edx, dword [0x48bb74] add edx, dword [eax + ref_00474b92] ; add edx, dword [eax + 0x474b92] push edx mov edx, dword [ref_00474d74] ; mov edx, dword [0x474d74] sub edx, 4 mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0xc add eax, edx push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi jmp near loc_0041064b ; jmp 0x41064b fcn_00410745: push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 xor byte [ref_0048bb49], 1 ; xor byte [0x48bb49], 1 mov edx, dword [ref_0048bb78] ; mov edx, dword [0x48bb78] push edx mov ecx, dword [ref_0048bb74] ; mov ecx, dword [0x48bb74] push ecx jmp near loc_004105ac ; jmp 0x4105ac fcn_0041076e: cmp byte [ref_0048bb4a], 0 ; cmp byte [0x48bb4a], 0 je short loc_00410781 ; je 0x410781 xor cl, cl mov byte [ref_0048bb4a], cl ; mov byte [0x48bb4a], cl jmp short loc_00410788 ; jmp 0x410788 loc_00410781: mov byte [ref_0048bb4a], 4 ; mov byte [0x48bb4a], 4 loc_00410788: push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 jmp near loc_004105e5 ; jmp 0x4105e5 fcn_0041079c: cmp byte [ref_0048bb4b], 0 ; cmp byte [0x48bb4b], 0 je short loc_004107af ; je 0x4107af xor dh, dh mov byte [ref_0048bb4b], dh ; mov byte [0x48bb4b], dh jmp short loc_004107b6 ; jmp 0x4107b6 loc_004107af: mov byte [ref_0048bb4b], 4 ; mov byte [0x48bb4b], 4 loc_004107b6: push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 mov esi, dword [ref_0048bb78] ; mov esi, dword [0x48bb78] push esi mov edi, dword [ref_0048bb74] ; mov edi, dword [0x48bb74] push edi jmp near loc_004105ac ; jmp 0x4105ac fcn_004107d8: xor byte [ref_0048bb4c], 1 ; xor byte [0x48bb4c], 1 push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 jmp near loc_0041059e ; jmp 0x41059e fcn_004107f3: push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 mov al, byte [ref_00474d74] ; mov al, byte [0x474d74] sub al, 0xd mov byte [ref_0048bb4d], al ; mov byte [0x48bb4d], al mov eax, dword [ref_0048bb78] ; mov eax, dword [0x48bb78] push eax mov edx, dword [ref_0048bb74] ; mov edx, dword [0x48bb74] push edx jmp near loc_004105ac ; jmp 0x4105ac loc_00410820: mov eax, dword [ref_00474d74] ; mov eax, dword [0x474d74] sub eax, 3 cmp eax, 5 ja near fcn_004104a5 ; ja 0x4104a5 jmp dword [eax*4 + ref_0041038b] ; ujmp: jmp dword [eax*4 + 0x41038b] fcn_00410838: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048bb78] ; mov eax, dword [0x48bb78] add eax, 2 push eax mov eax, dword [ref_0048bb74] ; mov eax, dword [0x48bb74] add eax, 0xa8 push eax mov edx, dword [ref_0048bb58] ; mov edx, dword [0x48bb58] add edx, 0xa mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0xc add eax, edx push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push ref_0048bb64 ; push 0x48bb64 call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 push ref_0048bb64 ; push 0x48bb64 mov edi, dword [ref_0048a0e0] ; mov edi, dword [0x48a0e0] push edi mov ebp, dword [ref_0048bb78] ; mov ebp, dword [0x48bb78] push ebp mov ecx, dword [ref_0048bb74] ; mov ecx, dword [0x48bb74] push ecx push eax call dword [edx + 0x1c] ; ucall push ref_0048bb64 ; push 0x48bb64 call fcn_00402250 ; call 0x402250 add esp, 4 mov ebx, dword [ref_0048bb58] ; mov ebx, dword [0x48bb58] test ebx, ebx je short loc_00410927 ; je 0x410927 push 0xc8 push 0x140 call fcn_00453a32 ; call 0x453a32 add esp, 8 cmp eax, 1 jne near fcn_004104a5 ; jne 0x4104a5 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov eax, dword [ref_00474d74] ; mov eax, dword [0x474d74] sub eax, 2 push eax loc_0041091a: call _Post_0402_Message ; call 0x401966 loc_0041091f: add esp, 4 jmp near fcn_004104a5 ; jmp 0x4104a5 loc_00410927: push ebx call fcn_00402460 ; call 0x402460 add esp, 4 mov eax, dword [ref_00474d74] ; mov eax, dword [0x474d74] call dword [eax*4 + ref_00474d5c] ; ucall: call dword [eax*4 + 0x474d5c] mov esi, dword [ref_0048bb78] ; mov esi, dword [0x48bb78] push esi mov edi, dword [ref_0048bb74] ; mov edi, dword [0x48bb74] push edi call fcn_0040fd49 ; call 0x40fd49 add esp, 8 push 1 call fcn_00402460 ; call 0x402460 jmp short loc_0041091f ; jmp 0x41091f fcn_0041095b: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 jmp short loc_0041091a ; jmp 0x41091a fcn_00410969: xor ebx, ebx mov bl, byte [ref_0049715a] ; mov bl, byte [0x49715a] movzx esi, byte [ref_0049715d] ; movzx esi, byte [0x49715d] push 0x10 push ref_0048bb48 ; push 0x48bb48 push ref_00497158 ; push 0x497158 call _memcpy ; call 0x456de8 add esp, 0xc call fcn_00411f80 ; call 0x411f80 cmp byte [ref_0049715a], 0 ; cmp byte [0x49715a], 0 jne short loc_004109b5 ; jne 0x4109b5 test ebx, ebx je short loc_004109b5 ; je 0x4109b5 test byte [ref_0047e772], 0x80 ; test byte [0x47e772], 0x80 je short loc_004109ae ; je 0x4109ae call fcn_00454edc ; call 0x454edc jmp short loc_004109e2 ; jmp 0x4109e2 loc_004109ae: call fcn_00454acb ; call 0x454acb jmp short loc_004109e2 ; jmp 0x4109e2 loc_004109b5: cmp byte [ref_0049715a], 0 ; cmp byte [0x49715a], 0 je short loc_004109e2 ; je 0x4109e2 test ebx, ebx jne short loc_004109e2 ; jne 0x4109e2 mov dh, byte [ref_0047e772] ; mov dh, byte [0x47e772] test dh, 0x80 je short loc_004109d5 ; je 0x4109d5 push ebx call fcn_00454d91 ; call 0x454d91 jmp short loc_004109df ; jmp 0x4109df loc_004109d5: xor eax, eax mov al, dh push eax call fcn_004549cf ; call 0x4549cf loc_004109df: add esp, 4 loc_004109e2: mov ch, byte [ref_0049715a] ; mov ch, byte [0x49715a] test ch, ch je short loc_004109f9 ; je 0x4109f9 xor eax, eax mov al, ch cmp eax, ebx je short loc_004109f9 ; je 0x4109f9 call fcn_0045497b ; call 0x45497b loc_004109f9: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 xor ebx, ebx xor eax, eax mov al, byte [ref_0049715d] ; mov al, byte [0x49715d] cmp eax, esi je short loc_00410a15 ; je 0x410a15 mov ebx, 0x8000 loc_00410a15: push ebx jmp near loc_0041091a ; jmp 0x41091a loc_00410a1b: mov eax, esp push eax push edi call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ebx, [esp + 0xc] push ebx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [esp + 0x18] push ebx mov esi, dword [esp + 0x18] push esi push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push edi call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near fcn_004104a5 ; jmp 0x4104a5 loc_00410a73: push esi mov ebp, dword [esp + 0x60] push ebp push eax push edi call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_004104a7 ; jmp 0x4104a7 ref_00410a87: ; may contain a jump table dd loc_00410c40 dd loc_00410cee dd loc_00410c40 dd loc_00410cee dd loc_00410d84 dd loc_00410d84 dd loc_00410d84 dd loc_00410e78 ref_00410aa7: ; may contain a jump table dd loc_00410f85 dd loc_00410fb3 dd loc_00410fff dd loc_0041101a dd loc_00411036 dd loc_0041104c dd loc_00411081 fcn_00410ac3: push ebx push esi push edi push ebp sub esp, 0x50 mov ebp, dword [esp + 0x64] mov eax, dword [esp + 0x68] mov edx, dword [esp + 0x70] cmp eax, 0x202 jb short loc_00410b0c ; jb 0x410b0c jbe near loc_00410f3d ; jbe 0x410f3d cmp eax, 0x205 jb short loc_00410afc ; jb 0x410afc jbe near loc_0041104c ; jbe 0x41104c cmp eax, 0x401 je short loc_00410b22 ; je 0x410b22 jmp near loc_00411109 ; jmp 0x411109 loc_00410afc: cmp eax, 0x203 loc_00410b01: je near loc_00410bc8 ; je 0x410bc8 jmp near loc_00411109 ; jmp 0x411109 loc_00410b0c: cmp eax, 0xf jb near loc_00411109 ; jb 0x411109 jbe near loc_004110b1 ; jbe 0x4110b1 cmp eax, 0x201 jmp short loc_00410b01 ; jmp 0x410b01 loc_00410b22: mov dword [ref_00474d78], 0xffffffff ; mov dword [0x474d78], 0xffffffff mov eax, dword [ref_0048bb50] ; mov eax, dword [0x48bb50] mov dword [ref_0048bb84], eax ; mov dword [0x48bb84], eax mov edx, dword [ref_0048bb60] ; mov edx, dword [0x48bb60] movsx eax, word [edx + 0x24] sar eax, 1 mov ecx, 0x140 sub ecx, eax mov dword [ref_0048bb7c], ecx ; mov dword [0x48bb7c], ecx mov dword [esp + 0x40], ecx movsx eax, word [edx + 0x26] sar eax, 1 mov ecx, 0xf0 sub ecx, eax mov dword [ref_0048bb80], ecx ; mov dword [0x48bb80], ecx mov dword [esp + 0x44], ecx movsx eax, word [edx + 0x24] mov ecx, dword [esp + 0x40] add ecx, eax mov dword [esp + 0x48], ecx movsx eax, word [edx + 0x26] mov edx, dword [esp + 0x44] add edx, eax mov dword [esp + 0x4c], edx lea eax, [esp + 0x40] push eax call fcn_00451e7e ; call 0x451e7e add esp, 4 mov dword [ref_0048bb88], eax ; mov dword [0x48bb88], eax mov ecx, dword [ref_0048bb80] ; mov ecx, dword [0x48bb80] push ecx mov ebx, dword [ref_0048bb7c] ; mov ebx, dword [0x48bb7c] push ebx mov esi, dword [ref_0048bb84] ; mov esi, dword [0x48bb84] push esi call fcn_0040ff4b ; call 0x40ff4b add esp, 0xc push 1 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 0 jmp near loc_00410ff0 ; jmp 0x410ff0 loc_00410bc8: xor ebx, ebx mov bx, dx sub ebx, dword [ref_0048bb7c] ; sub ebx, dword [0x48bb7c] mov eax, edx shr eax, 0x10 and eax, 0xffff xor esi, esi mov si, ax sub esi, dword [ref_0048bb80] ; sub esi, dword [0x48bb80] xor eax, eax mov dword [ref_00474d78], eax ; mov dword [0x474d78], eax jmp short loc_00410c03 ; jmp 0x410c03 loc_00410bf1: mov ecx, dword [ref_00474d78] ; mov ecx, dword [0x474d78] inc ecx mov dword [ref_00474d78], ecx ; mov dword [0x474d78], ecx cmp ecx, 8 jge short loc_00410c2b ; jge 0x410c2b loc_00410c03: mov eax, dword [ref_00474d78] ; mov eax, dword [0x474d78] shl eax, 4 cmp ebx, dword [eax + ref_00474ce8] ; cmp ebx, dword [eax + 0x474ce8] jl short loc_00410bf1 ; jl 0x410bf1 cmp esi, dword [eax + ref_00474cec] ; cmp esi, dword [eax + 0x474cec] jl short loc_00410bf1 ; jl 0x410bf1 cmp ebx, dword [eax + ref_00474cf0] ; cmp ebx, dword [eax + 0x474cf0] jge short loc_00410bf1 ; jge 0x410bf1 cmp esi, dword [eax + ref_00474cf4] ; cmp esi, dword [eax + 0x474cf4] jge short loc_00410bf1 ; jge 0x410bf1 loc_00410c2b: mov eax, dword [ref_00474d78] ; mov eax, dword [0x474d78] cmp eax, 7 ja near loc_00410ff8 ; ja 0x410ff8 jmp dword [eax*4 + ref_00410a87] ; ujmp: jmp dword [eax*4 + 0x410a87] loc_00410c40: push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 mov eax, dword [ref_00474d78] ; mov eax, dword [0x474d78] shl eax, 4 mov edx, dword [ref_0048bb7c] ; mov edx, dword [0x48bb7c] mov ebx, dword [eax + ref_00474ce8] ; mov ebx, dword [eax + 0x474ce8] add edx, ebx mov dword [esp + 0x40], edx mov edx, dword [ref_0048bb80] ; mov edx, dword [0x48bb80] mov esi, dword [eax + ref_00474cec] ; mov esi, dword [eax + 0x474cec] add edx, esi mov dword [esp + 0x44], edx mov edx, dword [ref_0048bb7c] ; mov edx, dword [0x48bb7c] mov edi, dword [eax + ref_00474cf0] ; mov edi, dword [eax + 0x474cf0] add edx, edi mov dword [esp + 0x48], edx mov edx, dword [ref_0048bb80] ; mov edx, dword [0x48bb80] mov ecx, dword [eax + ref_00474cf4] ; mov ecx, dword [eax + 0x474cf4] add edx, ecx mov dword [esp + 0x4c], edx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ebx, dword [esp + 0x44] push ebx mov esi, dword [esp + 0x44] push esi mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0x9c push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi loc_00410cd1: call fcn_00456418 ; call 0x456418 add esp, 0x10 loc_00410cd9: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall jmp near loc_00410fe9 ; jmp 0x410fe9 loc_00410cee: push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 mov eax, dword [ref_00474d78] ; mov eax, dword [0x474d78] shl eax, 4 mov edx, dword [ref_0048bb7c] ; mov edx, dword [0x48bb7c] mov ecx, dword [eax + ref_00474ce8] ; mov ecx, dword [eax + 0x474ce8] add edx, ecx mov dword [esp + 0x40], edx mov edx, dword [ref_0048bb80] ; mov edx, dword [0x48bb80] mov ebx, dword [eax + ref_00474cec] ; mov ebx, dword [eax + 0x474cec] add edx, ebx mov dword [esp + 0x44], edx mov edx, dword [ref_0048bb7c] ; mov edx, dword [0x48bb7c] mov esi, dword [eax + ref_00474cf0] ; mov esi, dword [eax + 0x474cf0] add edx, esi mov dword [esp + 0x48], edx mov edx, dword [ref_0048bb80] ; mov edx, dword [0x48bb80] mov edi, dword [eax + ref_00474cf4] ; mov edi, dword [eax + 0x474cf4] add edx, edi mov dword [esp + 0x4c], edx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [esp + 0x44] push eax mov edx, dword [esp + 0x44] push edx mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0xa8 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx jmp near loc_00410cd1 ; jmp 0x410cd1 loc_00410d84: mov eax, dword [ref_00474d78] ; mov eax, dword [0x474d78] cmp eax, 4 jne short loc_00410d95 ; jne 0x410d95 mov eax, 1 jmp short loc_00410d9d ; jmp 0x410d9d loc_00410d95: sub eax, 5 xor al, 1 add eax, 2 loc_00410d9d: push 0 shl eax, 3 add eax, ref_0048231a ; add eax, 0x48231a push eax call fcn_004542ce ; call 0x4542ce add esp, 8 mov eax, dword [ref_00474d78] ; mov eax, dword [0x474d78] shl eax, 4 mov edx, dword [ref_0048bb7c] ; mov edx, dword [0x48bb7c] mov ecx, dword [eax + ref_00474ce8] ; mov ecx, dword [eax + 0x474ce8] add edx, ecx mov dword [esp + 0x40], edx mov edx, dword [ref_0048bb80] ; mov edx, dword [0x48bb80] mov ebx, dword [eax + ref_00474cec] ; mov ebx, dword [eax + 0x474cec] add edx, ebx mov dword [esp + 0x44], edx mov edx, dword [ref_0048bb7c] ; mov edx, dword [0x48bb7c] mov esi, dword [eax + ref_00474cf0] ; mov esi, dword [eax + 0x474cf0] add edx, esi mov dword [esp + 0x48], edx mov edx, dword [ref_0048bb80] ; mov edx, dword [0x48bb80] mov edi, dword [eax + ref_00474cf4] ; mov edi, dword [eax + 0x474cf4] add edx, edi mov dword [esp + 0x4c], edx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [esp + 0x44] push eax mov edx, dword [esp + 0x44] push edx mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0xb4 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 push 2 mov eax, dword [ref_00474d78] ; mov eax, dword [0x474d78] movsx edx, word [eax*4 + (ref_00474cd0 - 2)] ; movsx edx, word [eax*4 + 0x474cce] add edx, dword [ref_0048bb80] ; add edx, dword [0x48bb80] inc edx push edx movsx edx, word [eax*4 + ref_00474ccc] ; movsx edx, word [eax*4 + 0x474ccc] add edx, dword [ref_0048bb7c] ; add edx, dword [0x48bb7c] inc edx push edx mov edi, dword [eax*4 + ref_00474cb8] ; mov edi, dword [eax*4 + 0x474cb8] push edi push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 jmp near loc_00410cd9 ; jmp 0x410cd9 loc_00410e78: push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 movsx eax, word [ref_0048bb08] ; movsx eax, word [0x48bb08] movsx edx, word [ref_0048bb0a] ; movsx edx, word [0x48bb0a] mov ecx, 1 loc_00410e9a: lea edi, [eax - 0xa] cmp ebx, edi jl short loc_00410ebe ; jl 0x410ebe lea edi, [edx - 8] cmp esi, edi jl short loc_00410ebe ; jl 0x410ebe lea edi, [eax + 0xa] cmp ebx, edi jge short loc_00410ebe ; jge 0x410ebe lea edi, [edx + 8] cmp esi, edi jge short loc_00410ebe ; jge 0x410ebe mov byte [ref_0048bb84], cl ; mov byte [0x48bb84], cl jmp short loc_00410ee9 ; jmp 0x410ee9 loc_00410ebe: inc ecx cmp eax, 0xa6 jne short loc_00410ed0 ; jne 0x410ed0 mov eax, 0x1c add edx, 0x12 jmp short loc_00410ed3 ; jmp 0x410ed3 loc_00410ed0: add eax, 0x17 loc_00410ed3: movsx edi, word [ref_0048bb0c] ; movsx edi, word [0x48bb0c] cmp eax, edi jne short loc_00410e9a ; jne 0x410e9a movsx edi, word [ref_0048bb0e] ; movsx edi, word [0x48bb0e] cmp edx, edi jne short loc_00410e9a ; jne 0x410e9a loc_00410ee9: mov eax, dword [ref_0048bb80] ; mov eax, dword [0x48bb80] push eax mov edx, dword [ref_0048bb7c] ; mov edx, dword [0x48bb7c] push edx mov ecx, dword [ref_0048bb84] ; mov ecx, dword [0x48bb84] push ecx call fcn_0040ff4b ; call 0x40ff4b add esp, 0xc mov eax, dword [ref_0048bb7c] ; mov eax, dword [0x48bb7c] mov dword [esp + 0x40], eax mov eax, dword [ref_0048bb80] ; mov eax, dword [0x48bb80] mov dword [esp + 0x44], eax mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] movsx edx, word [eax + 0x24] mov ecx, dword [esp + 0x40] add ecx, edx mov dword [esp + 0x48], ecx movsx eax, word [eax + 0x26] mov edx, dword [esp + 0x44] add edx, eax mov dword [esp + 0x4c], edx jmp near loc_00410fe9 ; jmp 0x410fe9 loc_00410f3d: mov eax, dword [ref_0048bb7c] ; mov eax, dword [0x48bb7c] mov dword [esp + 0x40], eax mov eax, dword [ref_0048bb80] ; mov eax, dword [0x48bb80] mov dword [esp + 0x44], eax mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] movsx edx, word [eax + 0x24] mov ecx, dword [esp + 0x40] add ecx, edx mov dword [esp + 0x48], ecx movsx eax, word [eax + 0x26] mov edx, dword [esp + 0x44] add edx, eax mov dword [esp + 0x4c], edx mov eax, dword [ref_00474d78] ; mov eax, dword [0x474d78] cmp eax, 6 ja near loc_00410ff8 ; ja 0x410ff8 jmp dword [eax*4 + ref_00410aa7] ; ujmp: jmp dword [eax*4 + 0x410aa7] loc_00410f85: mov bl, byte [ref_0048bb85] ; mov bl, byte [0x48bb85] dec bl mov byte [ref_0048bb85], bl ; mov byte [0x48bb85], bl jne short loc_00410f9c ; jne 0x410f9c mov byte [ref_0048bb85], 0xc ; mov byte [0x48bb85], 0xc loc_00410f9c: mov edx, dword [ref_0048bb80] ; mov edx, dword [0x48bb80] push edx mov ecx, dword [ref_0048bb7c] ; mov ecx, dword [0x48bb7c] push ecx mov ebx, dword [ref_0048bb84] ; mov ebx, dword [0x48bb84] push ebx jmp short loc_00410fe1 ; jmp 0x410fe1 loc_00410fb3: mov ah, byte [ref_0048bb85] ; mov ah, byte [0x48bb85] inc ah mov byte [ref_0048bb85], ah ; mov byte [0x48bb85], ah cmp ah, 0xd jne short loc_00410fcd ; jne 0x410fcd mov byte [ref_0048bb85], 1 ; mov byte [0x48bb85], 1 loc_00410fcd: mov esi, dword [ref_0048bb80] ; mov esi, dword [0x48bb80] push esi mov edi, dword [ref_0048bb7c] ; mov edi, dword [0x48bb7c] loc_00410fda: push edi mov eax, dword [ref_0048bb84] ; mov eax, dword [0x48bb84] loc_00410fe0: push eax loc_00410fe1: call fcn_0040ff4b ; call 0x40ff4b add esp, 0xc loc_00410fe9: push 0 lea eax, [esp + 0x44] push eax loc_00410ff0: push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_00410ff8: xor eax, eax jmp near loc_00411118 ; jmp 0x411118 loc_00410fff: xor ebx, ebx mov bx, word [ref_0048bb86] ; mov bx, word [0x48bb86] cmp ebx, 0x7ce jle short loc_00410f9c ; jle 0x410f9c dec ebx mov word [ref_0048bb86], bx ; mov word [0x48bb86], bx jmp short loc_00410f9c ; jmp 0x410f9c loc_0041101a: xor ebx, ebx mov bx, word [ref_0048bb86] ; mov bx, word [0x48bb86] inc ebx mov word [ref_0048bb86], bx ; mov word [0x48bb86], bx mov esi, dword [esp + 0x44] push esi mov edi, dword [esp + 0x44] jmp short loc_00410fda ; jmp 0x410fda loc_00411036: mov eax, dword [ref_0048bb5c] ; mov eax, dword [0x48bb5c] mov dword [ref_0048bb84], eax ; mov dword [0x48bb84], eax mov edx, dword [esp + 0x44] push edx mov ecx, dword [esp + 0x44] push ecx jmp short loc_00410fe0 ; jmp 0x410fe0 loc_0041104c: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov edi, dword [ref_0048bb80] ; mov edi, dword [0x48bb80] push edi mov ebp, dword [ref_0048bb7c] ; mov ebp, dword [0x48bb7c] push ebp mov eax, dword [ref_0048bb88] ; mov eax, dword [0x48bb88] push eax call fcn_00451edb ; call 0x451edb add esp, 0xc push 0xffffffffffffffff loc_00411074: call _Post_0402_Message ; call 0x401966 add esp, 4 jmp near loc_00410ff8 ; jmp 0x410ff8 loc_00411081: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov edx, dword [ref_0048bb80] ; mov edx, dword [0x48bb80] push edx mov ecx, dword [ref_0048bb7c] ; mov ecx, dword [0x48bb7c] push ecx mov ebx, dword [ref_0048bb88] ; mov ebx, dword [0x48bb88] push ebx call fcn_00451edb ; call 0x451edb add esp, 0xc mov esi, dword [ref_0048bb84] ; mov esi, dword [0x48bb84] push esi jmp short loc_00411074 ; jmp 0x411074 loc_004110b1: mov eax, esp push eax push ebp call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0xc] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [esp + 0x18] push ebx mov esi, dword [esp + 0x18] push esi push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push ebp call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_00410ff8 ; jmp 0x410ff8 loc_00411109: push edx mov edi, dword [esp + 0x70] push edi push eax push ebp loc_00411111: call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] loc_00411118: add esp, 0x50 loc_0041111b: pop ebp pop edi pop esi pop ebx ret 0x10 fcn_00411122: push ebx push esi push edi push ebp sub esp, 0x50 mov ebx, dword [esp + 0x64] mov eax, dword [esp + 0x68] mov esi, dword [esp + 0x6c] mov edx, dword [esp + 0x70] cmp eax, 0x201 jb short loc_0041116f ; jb 0x41116f jbe near loc_004113d9 ; jbe 0x4113d9 cmp eax, 0x205 jb short loc_0041115f ; jb 0x41115f jbe near loc_00411915 ; jbe 0x411915 cmp eax, 0x401 je short loc_0041119a ; je 0x41119a jmp near loc_004119da ; jmp 0x4119da loc_0041115f: cmp eax, 0x202 je near loc_0041170f ; je 0x41170f jmp near loc_004119da ; jmp 0x4119da loc_0041116f: cmp eax, 0x100 jb short loc_0041118c ; jb 0x41118c jbe near loc_0041183b ; jbe 0x41183b cmp eax, 0x113 je near loc_00411261 ; je 0x411261 jmp near loc_004119da ; jmp 0x4119da loc_0041118c: cmp eax, 0xf je near loc_0041197c ; je 0x41197c jmp near loc_004119da ; jmp 0x4119da loc_0041119a: xor edx, edx mov dword [ref_0048bb9e], edx ; mov dword [0x48bb9e], edx mov dword [ref_0048bba6], edx ; mov dword [0x48bba6], edx xor esi, esi mov dword [ref_0048bbaa], edx ; mov dword [0x48bbaa], edx mov edx, dword [ref_0048bb60] ; mov edx, dword [0x48bb60] movsx eax, word [edx + 0x18] sar eax, 1 mov ecx, 0x140 sub ecx, eax mov dword [ref_0048bb8e], ecx ; mov dword [0x48bb8e], ecx mov dword [esp + 0x40], ecx movsx eax, word [edx + 0x1a] sar eax, 1 mov ecx, 0xf0 sub ecx, eax mov dword [ref_0048bb92], ecx ; mov dword [0x48bb92], ecx mov dword [esp + 0x44], ecx movsx eax, word [edx + 0x18] mov ecx, dword [esp + 0x40] add ecx, eax mov dword [esp + 0x48], ecx movsx eax, word [edx + 0x1a] mov edx, dword [esp + 0x44] add edx, eax mov dword [esp + 0x4c], edx lea eax, [esp + 0x40] push eax call fcn_00451e7e ; call 0x451e7e add esp, 4 mov dword [ref_0048bbae], eax ; mov dword [0x48bbae], eax push 0x38 push ref_00497168 ; push 0x497168 push ref_0048bb10 ; push 0x48bb10 call _memcpy ; call 0x456de8 add esp, 0xc mov edi, dword [ref_0048bb92] ; mov edi, dword [0x48bb92] push edi mov ebp, dword [ref_0048bb8e] ; mov ebp, dword [0x48bb8e] push ebp call fcn_00410158 ; call 0x410158 add esp, 8 push esi push 0xfa mov eax, dword [_callbackSize] ; mov eax, dword [0x46cad8] push eax push ebx call dword [cs:__imp__SetTimer@16] ; ucall: call dword cs:[0x462324] mov dword [ref_0048bba2], eax ; mov dword [0x48bba2], eax push 1 call fcn_00402460 ; call 0x402460 jmp near loc_0041160f ; jmp 0x41160f loc_00411261: cmp dword [ref_0048bba6], 0 ; cmp dword [0x48bba6], 0 je near loc_00410ff8 ; je 0x410ff8 cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je near loc_00410ff8 ; je 0x410ff8 cmp esi, dword [_callbackSize] ; cmp esi, dword [0x46cad8] jne near loc_00410ff8 ; jne 0x410ff8 xor byte [ref_0048bbaa], 1 ; xor byte [0x48bbaa], 1 mov ebp, dword [ref_0048bbaa] ; mov ebp, dword [0x48bbaa] test ebp, ebp je near loc_00411329 ; je 0x411329 mov eax, dword [ref_0048bb96] ; mov eax, dword [0x48bb96] sub eax, 0x1a mov dword [esp + 0x40], eax mov eax, dword [ref_0048bb96] ; mov eax, dword [0x48bb96] add eax, 0x1b mov dword [esp + 0x48], eax mov eax, dword [ref_0048bb9a] ; mov eax, dword [0x48bb9a] sub eax, 7 mov dword [esp + 0x44], eax mov eax, dword [ref_0048bb9a] ; mov eax, dword [0x48bb9a] add eax, 6 mov dword [esp + 0x4c], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 push 1 mov edx, ref_0048a068 ; mov edx, 0x48a068 push edx push 0 mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx call dword [eax + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax push 0xf0f0f0 push 0xd push 0x35 mov esi, dword [esp + 0x50] push esi mov edi, dword [esp + 0x50] push edi mov eax, ref_0046caec ; mov eax, 0x46caec push eax call fcn_004561be ; call 0x4561be add esp, 0x18 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 mov ebp, dword [ref_0048a0e0] ; mov ebp, dword [0x48a0e0] push ebp jmp near loc_004113bf ; jmp 0x4113bf loc_00411329: mov eax, dword [ref_0048bb96] ; mov eax, dword [0x48bb96] sub eax, 0x1b mov dword [esp + 0x40], eax mov eax, dword [ref_0048bb96] ; mov eax, dword [0x48bb96] add eax, 0x1c mov dword [esp + 0x48], eax mov eax, dword [ref_0048bb9a] ; mov eax, dword [0x48bb9a] sub eax, 8 mov dword [esp + 0x44], eax mov eax, dword [ref_0048bb9a] ; mov eax, dword [0x48bb9a] add eax, 8 mov dword [esp + 0x4c], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push ebp push 1 mov edx, ref_0048a068 ; mov edx, 0x48a068 push edx push ebp mov edx, dword [ref_0048a0e0] ; mov edx, dword [0x48a0e0] push edx call dword [eax + 0x64] ; ucall push 0xf push 0x37 mov eax, dword [esp + 0x4c] sub eax, dword [ref_0048bb92] ; sub eax, dword [0x48bb92] push eax mov eax, dword [esp + 0x4c] sub eax, dword [ref_0048bb8e] ; sub eax, dword [0x48bb8e] push eax mov edi, dword [esp + 0x54] push edi mov ebp, dword [esp + 0x54] push ebp mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0x18 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 mov edx, dword [ref_0048a0e0] ; mov edx, dword [0x48a0e0] push edx loc_004113bf: call dword [eax + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_00410ff8 ; jmp 0x410ff8 loc_004113d9: xor eax, eax mov ax, dx shr edx, 0x10 and edx, 0xffff xor esi, esi mov si, dx mov edx, dword [ref_0048bb8e] ; mov edx, dword [0x48bb8e] add edx, 0x69 cmp eax, edx jl near loc_004114b6 ; jl 0x4114b6 mov edx, dword [ref_0048bb8e] ; mov edx, dword [0x48bb8e] add edx, 0xa0 cmp eax, edx jg near loc_004114b6 ; jg 0x4114b6 mov edx, dword [ref_0048bb92] ; mov edx, dword [0x48bb92] add edx, 0x19 cmp esi, edx jl near loc_004114b6 ; jl 0x4114b6 mov edx, dword [ref_0048bb92] ; mov edx, dword [0x48bb92] add edx, 0x108 cmp esi, edx jg near loc_004114b6 ; jg 0x4114b6 mov ebx, dword [ref_0048bba6] ; mov ebx, dword [0x48bba6] test ebx, ebx jne short loc_004114b6 ; jne 0x4114b6 push ebx push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 mov ecx, dword [ref_0048bb92] ; mov ecx, dword [0x48bb92] add ecx, 0x19 mov edx, esi sub edx, ecx mov eax, edx sar edx, 0x1f shl edx, 4 sbb eax, edx sar eax, 4 mov edx, eax inc eax mov dword [ref_0048bb9e], eax ; mov dword [0x48bb9e], eax mov eax, dword [ref_0048bb8e] ; mov eax, dword [0x48bb8e] add eax, 0x69 mov dword [esp + 0x40], eax mov eax, dword [ref_0048bb8e] ; mov eax, dword [0x48bb8e] add eax, 0xa0 mov dword [esp + 0x48], eax shl edx, 4 add ecx, edx mov dword [esp + 0x44], ecx lea eax, [ecx + 0xf] mov dword [esp + 0x4c], eax mov eax, dword [ref_0048bb8e] ; mov eax, dword [0x48bb8e] add eax, 0x84 loc_004114a4: mov dword [ref_0048bb96], eax ; mov dword [0x48bb96], eax lea eax, [ecx + 8] mov dword [ref_0048bb9a], eax ; mov dword [0x48bb9a], eax jmp near loc_00411605 ; jmp 0x411605 loc_004114b6: mov edx, dword [ref_0048bb8e] ; mov edx, dword [0x48bb8e] add edx, 0x101 cmp eax, edx jl near loc_00411576 ; jl 0x411576 mov edx, dword [ref_0048bb8e] ; mov edx, dword [0x48bb8e] add edx, 0x138 cmp eax, edx jg near loc_00411576 ; jg 0x411576 mov edx, dword [ref_0048bb92] ; mov edx, dword [0x48bb92] add edx, 0x19 cmp esi, edx jl near loc_00411576 ; jl 0x411576 mov edx, dword [ref_0048bb92] ; mov edx, dword [0x48bb92] add edx, 0x108 cmp esi, edx jg short loc_00411576 ; jg 0x411576 mov edi, dword [ref_0048bba6] ; mov edi, dword [0x48bba6] test edi, edi jne short loc_00411576 ; jne 0x411576 push edi push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 mov ecx, dword [ref_0048bb92] ; mov ecx, dword [0x48bb92] add ecx, 0x19 mov edx, esi sub edx, ecx mov eax, edx sar edx, 0x1f shl edx, 4 sbb eax, edx sar eax, 4 mov edx, eax add eax, 0x10 mov dword [ref_0048bb9e], eax ; mov dword [0x48bb9e], eax mov eax, dword [ref_0048bb8e] ; mov eax, dword [0x48bb8e] add eax, 0x101 mov dword [esp + 0x40], eax mov eax, dword [ref_0048bb8e] ; mov eax, dword [0x48bb8e] add eax, 0x138 mov dword [esp + 0x48], eax shl edx, 4 add ecx, edx mov dword [esp + 0x44], ecx lea eax, [ecx + 0xf] mov dword [esp + 0x4c], eax mov eax, dword [ref_0048bb8e] ; mov eax, dword [0x48bb8e] add eax, 0x11c jmp near loc_004114a4 ; jmp 0x4114a4 loc_00411576: mov edx, dword [ref_0048bb8e] ; mov edx, dword [0x48bb8e] add edx, 0x11 cmp eax, edx jl near loc_00411617 ; jl 0x411617 mov edx, dword [ref_0048bb8e] ; mov edx, dword [0x48bb8e] add edx, 0x57 cmp eax, edx jg near loc_00411617 ; jg 0x411617 mov edx, dword [ref_0048bb92] ; mov edx, dword [0x48bb92] add edx, 0x119 cmp esi, edx jl short loc_00411617 ; jl 0x411617 mov edx, dword [ref_0048bb92] ; mov edx, dword [0x48bb92] add edx, 0x137 cmp esi, edx jg short loc_00411617 ; jg 0x411617 push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 mov dword [ref_0048bb9e], 0x64 ; mov dword [0x48bb9e], 0x64 mov eax, dword [ref_0048bb8e] ; mov eax, dword [0x48bb8e] add eax, 0x11 mov dword [esp + 0x40], eax mov eax, dword [ref_0048bb8e] ; mov eax, dword [0x48bb8e] add eax, 0x57 loc_004115e5: mov dword [esp + 0x48], eax mov eax, dword [ref_0048bb92] ; mov eax, dword [0x48bb92] add eax, 0x119 mov dword [esp + 0x44], eax mov eax, dword [ref_0048bb92] ; mov eax, dword [0x48bb92] add eax, 0x137 mov dword [esp + 0x4c], eax loc_00411605: lea eax, [esp + 0x40] push eax call fcn_00451b9e ; call 0x451b9e loc_0041160f: add esp, 4 jmp near loc_00410ff8 ; jmp 0x410ff8 loc_00411617: mov edx, dword [ref_0048bb8e] ; mov edx, dword [0x48bb8e] add edx, 0x82 cmp eax, edx jl short loc_0041168d ; jl 0x41168d mov edx, dword [ref_0048bb8e] ; mov edx, dword [0x48bb8e] add edx, 0xc8 cmp eax, edx jg short loc_0041168d ; jg 0x41168d mov edx, dword [ref_0048bb92] ; mov edx, dword [0x48bb92] add edx, 0x119 cmp esi, edx jl short loc_0041168d ; jl 0x41168d mov edx, dword [ref_0048bb92] ; mov edx, dword [0x48bb92] add edx, 0x137 cmp esi, edx jg short loc_0041168d ; jg 0x41168d push 0 push ref_00482332 ; push 0x482332 call fcn_004542ce ; call 0x4542ce add esp, 8 mov dword [ref_0048bb9e], 0x65 ; mov dword [0x48bb9e], 0x65 mov eax, dword [ref_0048bb8e] ; mov eax, dword [0x48bb8e] add eax, 0x82 mov dword [esp + 0x40], eax mov eax, dword [ref_0048bb8e] ; mov eax, dword [0x48bb8e] add eax, 0xc8 jmp near loc_004115e5 ; jmp 0x4115e5 loc_0041168d: mov edx, dword [ref_0048bb8e] ; mov edx, dword [0x48bb8e] add edx, 0xf2 cmp eax, edx jl near loc_00410ff8 ; jl 0x410ff8 mov edx, dword [ref_0048bb8e] ; mov edx, dword [0x48bb8e] add edx, 0x138 cmp eax, edx jg near loc_00410ff8 ; jg 0x410ff8 mov eax, dword [ref_0048bb92] ; mov eax, dword [0x48bb92] add eax, 0x119 cmp esi, eax jl near loc_00410ff8 ; jl 0x410ff8 mov eax, dword [ref_0048bb92] ; mov eax, dword [0x48bb92] add eax, 0x137 cmp esi, eax jg near loc_00410ff8 ; jg 0x410ff8 push 0 push ref_0048232a ; push 0x48232a call fcn_004542ce ; call 0x4542ce add esp, 8 mov dword [ref_0048bb9e], 0x66 ; mov dword [0x48bb9e], 0x66 mov eax, dword [ref_0048bb8e] ; mov eax, dword [0x48bb8e] add eax, 0xf2 mov dword [esp + 0x40], eax mov eax, dword [ref_0048bb8e] ; mov eax, dword [0x48bb8e] add eax, 0x138 jmp near loc_004115e5 ; jmp 0x4115e5 loc_0041170f: cmp dword [ref_0048bb9e], 0 ; cmp dword [0x48bb9e], 0 je near loc_00410ff8 ; je 0x410ff8 call fcn_00451d4e ; call 0x451d4e mov eax, dword [ref_0048bb9e] ; mov eax, dword [0x48bb9e] cmp eax, 0x65 jb short loc_0041173b ; jb 0x41173b jbe short loc_0041177a ; jbe 0x41177a cmp eax, 0x66 je near loc_004117bc ; je 0x4117bc jmp near loc_00411804 ; jmp 0x411804 loc_0041173b: cmp eax, 0x64 jne near loc_00411804 ; jne 0x411804 push 0x38 push ref_0047edc2 ; push 0x47edc2 push ref_0048bb10 ; push 0x48bb10 call _memcpy ; call 0x456de8 add esp, 0xc mov ebp, dword [ref_0048bb92] ; mov ebp, dword [0x48bb92] push ebp mov eax, dword [ref_0048bb8e] ; mov eax, dword [0x48bb8e] push eax call fcn_00410158 ; call 0x410158 add esp, 8 xor edx, edx mov dword [ref_0048bba6], edx ; mov dword [0x48bba6], edx jmp near loc_0041182e ; jmp 0x41182e loc_0041177a: mov edx, dword [ref_0048bba2] ; mov edx, dword [0x48bba2] push edx push ebx call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov ecx, dword [ref_0048bb92] ; mov ecx, dword [0x48bb92] push ecx mov ebx, dword [ref_0048bb8e] ; mov ebx, dword [0x48bb8e] push ebx mov esi, dword [ref_0048bbae] ; mov esi, dword [0x48bbae] push esi loc_004117a8: call fcn_00451edb ; call 0x451edb add esp, 0xc push 0 call _Post_0402_Message ; call 0x401966 add esp, 4 jmp short loc_0041182e ; jmp 0x41182e loc_004117bc: mov esi, dword [ref_0048bba2] ; mov esi, dword [0x48bba2] push esi push ebx call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0x38 push ref_0048bb10 ; push 0x48bb10 push ref_00497168 ; push 0x497168 call _memcpy ; call 0x456de8 add esp, 0xc call fcn_00411f80 ; call 0x411f80 mov edi, dword [ref_0048bb92] ; mov edi, dword [0x48bb92] push edi mov ebp, dword [ref_0048bb8e] ; mov ebp, dword [0x48bb8e] push ebp mov eax, dword [ref_0048bbae] ; mov eax, dword [0x48bbae] push eax jmp short loc_004117a8 ; jmp 0x4117a8 loc_00411804: mov edi, dword [ref_0048bb9e] ; mov edi, dword [0x48bb9e] cmp edi, 8 jle short loc_0041182e ; jle 0x41182e mov dword [ref_0048bba6], edi ; mov dword [0x48bba6], edi mov dx, word [edi*2 + ref_0048bb0e] ; mov dx, word [edi*2 + 0x48bb0e] mov word [ref_0048bb8c], dx ; mov word [0x48bb8c], dx xor edx, edx mov word [edi*2 + ref_0048bb0e], dx ; mov word [edi*2 + 0x48bb0e], dx loc_0041182e: xor ecx, ecx mov dword [ref_0048bb9e], ecx ; mov dword [0x48bb9e], ecx jmp near loc_00410ff8 ; jmp 0x410ff8 loc_0041183b: cmp dword [ref_0048bba6], 0 ; cmp dword [0x48bba6], 0 je near loc_00410ff8 ; je 0x410ff8 xor edx, edx loc_0041184a: mov eax, edx shl eax, 3 mov bl, byte [eax + ref_0047edfa] ; mov bl, byte [eax + 0x47edfa] test bl, bl je short loc_00411867 ; je 0x411867 mov al, bl and eax, 0xff cmp eax, esi je short loc_00411867 ; je 0x411867 inc edx jmp short loc_0041184a ; jmp 0x41184a loc_00411867: mov ecx, edx shl ecx, 3 mov bh, byte [ecx + ref_0047edfa] ; mov bh, byte [ecx + 0x47edfa] test bh, bh je near loc_004118fb ; je 0x4118fb cmp bh, 0x11 jne short loc_00411893 ; jne 0x411893 mov eax, dword [ref_0048bba6] ; mov eax, dword [0x48bba6] mov word [eax*2 + ref_0048bb0e], 0x1100 ; mov word [eax*2 + 0x48bb0e], 0x1100 jmp near loc_004118fb ; jmp 0x4118fb loc_00411893: xor eax, eax xor esi, esi mov ebx, dword [ref_0048bba6] ; mov ebx, dword [0x48bba6] mov cl, byte [ecx + ref_0047edfa] ; mov cl, byte [ecx + 0x47edfa] xor ch, ch mov di, word [ebx*2 + ref_0048bb0e] ; mov di, word [ebx*2 + 0x48bb0e] or edi, ecx jmp short loc_004118b7 ; jmp 0x4118b7 loc_004118b1: inc eax cmp eax, 0x1c jge short loc_004118db ; jge 0x4118db loc_004118b7: mov ecx, dword [ref_0048bba6] ; mov ecx, dword [0x48bba6] dec ecx cmp eax, ecx je short loc_004118b1 ; je 0x4118b1 mov cx, word [eax*2 + ref_0048bb10] ; mov cx, word [eax*2 + 0x48bb10] and ecx, 0xffff xor ebx, ebx mov bx, di cmp ebx, ecx jne short loc_004118b1 ; jne 0x4118b1 jmp short loc_004118fb ; jmp 0x4118fb loc_004118db: test esi, esi jne short loc_004118fb ; jne 0x4118fb mov eax, dword [ref_0048bba6] ; mov eax, dword [0x48bba6] mov dl, byte [edx*8 + ref_0047edfa] ; mov dl, byte [edx*8 + 0x47edfa] xor dh, dh or word [eax*2 + ref_0048bb0e], dx ; or word [eax*2 + 0x48bb0e], dx mov dword [ref_0048bba6], esi ; mov dword [0x48bba6], esi loc_004118fb: mov eax, dword [ref_0048bb92] ; mov eax, dword [0x48bb92] push eax mov edx, dword [ref_0048bb8e] ; mov edx, dword [0x48bb8e] push edx call fcn_00410158 ; call 0x410158 add esp, 8 jmp near loc_00410ff8 ; jmp 0x410ff8 loc_00411915: mov edx, dword [ref_0048bba6] ; mov edx, dword [0x48bba6] test edx, edx je short loc_0041193a ; je 0x41193a mov eax, edx mov dx, word [ref_0048bb8c] ; mov dx, word [0x48bb8c] mov word [eax*2 + ref_0048bb0e], dx ; mov word [eax*2 + 0x48bb0e], dx xor ebp, ebp mov dword [ref_0048bba6], ebp ; mov dword [0x48bba6], ebp jmp short loc_004118fb ; jmp 0x4118fb loc_0041193a: mov ecx, dword [ref_0048bba2] ; mov ecx, dword [0x48bba2] push ecx push ebx call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov ebx, dword [ref_0048bb92] ; mov ebx, dword [0x48bb92] push ebx mov esi, dword [ref_0048bb8e] ; mov esi, dword [0x48bb8e] push esi mov edi, dword [ref_0048bbae] ; mov edi, dword [0x48bbae] push edi call fcn_00451edb ; call 0x451edb add esp, 0xc push 0 call _Post_0402_Message ; call 0x401966 jmp near loc_0041160f ; jmp 0x41160f loc_0041197c: mov eax, esp push eax push ebx call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov eax, dword [eax] push 0x10 lea edx, [esp + 0xc] push edx mov edx, dword [ref_0048a0e0] ; mov edx, dword [0x48a0e0] push edx mov ecx, dword [esp + 0x18] push ecx mov esi, dword [esp + 0x18] push esi mov edi, dword [ref_0048a0dc] ; mov edi, dword [0x48a0dc] push edi call dword [eax + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push ebx call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_00410ff8 ; jmp 0x410ff8 loc_004119da: push edx push esi push eax push ebx jmp near loc_00411111 ; jmp 0x411111 fcn_004119e3: push ebx sub esp, 8 push 0 push 2 push 0x101010 push 0x101010 push 0xf call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor ebx, ebx loc_00411a01: push 2 movsx edx, word [ebx*4 + ref_00474cde] ; movsx edx, word [ebx*4 + 0x474cde] push edx movsx edx, word [ebx*4 + ref_00474cdc] ; movsx edx, word [ebx*4 + 0x474cdc] push edx mov edx, dword [ebx*4 + ref_00474cc8] ; mov edx, dword [ebx*4 + 0x474cc8] push edx mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0x24 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx cmp ebx, 3 jl short loc_00411a01 ; jl 0x411a01 mov eax, esp push eax call _get_local_time ; call 0x458331 add esp, 4 xor eax, eax mov ax, word [esp + 2] mov edx, eax shl edx, 0x10 xor eax, eax mov al, byte [esp + 1] shl eax, 8 add edx, eax xor eax, eax mov al, byte [esp] add edx, eax mov dword [ref_0048bb5c], edx ; mov dword [0x48bb5c], edx push 0 push fcn_00410ac3 ; push 0x410ac3 call _Wait_0402_Message ; call 0x4018e7 add esp, 8 cmp eax, 0xffffffff je short loc_00411a81 ; je 0x411a81 mov dword [ref_0048bb50], eax ; mov dword [0x48bb50], eax loc_00411a7c: mov dword [ref_00497160], eax ; mov dword [0x497160], eax loc_00411a81: add esp, 8 pop ebx ret fcn_00411a86: push 0 push fcn_00411122 ; push 0x411122 call _Wait_0402_Message ; call 0x4018e7 add esp, 8 ret fcn_00411a96: push 0xffffffffffffffff push 0xffffffffffffffff call help_ui ; call 0x44eb39 add esp, 8 ret fcn_00411aa3: sub esp, 8 mov eax, esp push eax call _get_local_time ; call 0x458331 add esp, 4 xor eax, eax mov ax, word [esp + 2] mov edx, eax shl edx, 0x10 xor eax, eax mov al, byte [esp + 1] shl eax, 8 add edx, eax xor eax, eax mov al, byte [esp] add edx, eax mov dword [ref_00497160], edx ; mov dword [0x497160], edx mov byte [ref_0046caf8], 1 ; mov byte [0x46caf8], 1 add esp, 8 ret fcn_00411ae0: push ebx push esi mov edx, dword [_current_player] ; mov edx, dword [0x49910c] push edx call fcn_0040cd87 ; call 0x40cd87 add esp, 4 cmp dword [ref_00499104], 1 ; cmp dword [0x499104], 1 jle short loc_00411b43 ; jle 0x411b43 call fcn_0040dfda ; call 0x40dfda test eax, eax je short loc_00411b43 ; je 0x411b43 mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_004339d9 ; call 0x4339d9 mov ebx, eax add esp, 4 test eax, eax je short loc_00411b43 ; je 0x411b43 mov esi, dword [_current_player] ; mov esi, dword [0x49910c] dec eax mov dword [_current_player], eax ; mov dword [0x49910c], eax push 1 call fcn_0041906a ; call 0x41906a add esp, 4 push ebx push 7 push 0 push 0xf call fcn_0040e033 ; call 0x40e033 add esp, 0x10 mov dword [_current_player], esi ; mov dword [0x49910c], esi loc_00411b43: pop esi pop ebx ret fcn_00411b46: call fcn_00411f80 ; call 0x411f80 mov byte [ref_0046caf9], 1 ; mov byte [0x46caf9], 1 ret options_ui: push ebx push esi push edi push ebp sub esp, 0x10 mov eax, dword [esp + 0x24] mov dword [ref_0048bb58], eax ; mov dword [0x48bb58], eax push 0 push 0 push 3 mov edx, dword [ref_0048a0e4] ; mov edx, dword [0x48a0e4] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048bb60], eax ; mov dword [0x48bb60], eax push 1 push 2 push 0 push 0x101010 push 0xf call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor ebx, ebx loc_00411b94: mov eax, ebx shl eax, 2 sub eax, ebx movsx esi, word [eax*2 + ref_00474b3c] ; movsx esi, word [eax*2 + 0x474b3c] push esi movsx esi, word [eax*2 + ref_00474b3a] ; movsx esi, word [eax*2 + 0x474b3a] push esi movsx eax, word [eax*2 + ref_00474b38] ; movsx eax, word [eax*2 + 0x474b38] push eax mov ecx, dword [ebx*4 + ref_00474a54] ; mov ecx, dword [ebx*4 + 0x474a54] push ecx mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx cmp ebx, 0xa jl short loc_00411b94 ; jl 0x411b94 xor ebx, ebx mov esi, 0x34 loc_00411bdc: push 2 push 0x128 push esi mov edi, dword [ebx*4 + ref_00474b2c] ; mov edi, dword [ebx*4 + 0x474b2c] push edi mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx add esi, 0x71 cmp ebx, 3 jl short loc_00411bdc ; jl 0x411bdc push 0 push 1 push 0x101010 push 0xf0f0f0 push 0xc call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor ebx, ebx mov esi, 0x3e mov edi, 0x21 jmp short loc_00411c32 ; jmp 0x411c32 loc_00411c2c: inc ebx cmp ebx, 0x1c jge short loc_00411c63 ; jge 0x411c63 loc_00411c32: push 2 push edi push esi mov ebp, dword [ebx*4 + ref_00474abc] ; mov ebp, dword [ebx*4 + 0x474abc] push ebp mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 add edi, 0x10 cmp ebx, 0xe jne short loc_00411c2c ; jne 0x411c2c mov esi, 0xd0 mov edi, 0x21 jmp short loc_00411c2c ; jmp 0x411c2c loc_00411c63: push 1 push 2 push 0x101010 push 0x101010 push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 movsx eax, word [ref_00474b78] ; movsx eax, word [0x474b78] push eax movsx eax, word [ref_00474b76] ; movsx eax, word [0x474b76] push eax movsx eax, word [ref_00474b74] ; movsx eax, word [0x474b74] push eax mov eax, dword [ref_00474a7c] ; mov eax, dword [0x474a7c] push eax mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 movsx eax, word [ref_00474b7e] ; movsx eax, word [0x474b7e] push eax movsx eax, word [ref_00474b7c] ; movsx eax, word [0x474b7c] push eax movsx eax, word [ref_00474b7a] ; movsx eax, word [0x474b7a] push eax mov edx, dword [ref_00474a80] ; mov edx, dword [0x474a80] push edx mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov ebx, 0xc loc_00411cdf: mov eax, ebx shl eax, 2 sub eax, ebx movsx esi, word [eax*2 + ref_00474b3c] ; movsx esi, word [eax*2 + 0x474b3c] push esi movsx esi, word [eax*2 + ref_00474b3a] ; movsx esi, word [eax*2 + 0x474b3a] push esi movsx eax, word [eax*2 + ref_00474b38] ; movsx eax, word [eax*2 + 0x474b38] push eax mov esi, dword [ref_0048bb58] ; mov esi, dword [0x48bb58] mov eax, esi shl eax, 2 sub eax, esi add eax, ebx mov ecx, dword [eax*4 + ref_00474a54] ; mov ecx, dword [eax*4 + 0x474a54] push ecx add esi, 0xa mov eax, esi shl eax, 2 sub eax, esi mov esi, eax shl esi, 2 mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0xc add eax, esi push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx cmp ebx, 0xf jl short loc_00411cdf ; jl 0x411cdf push 2 push 0xa8 mov ebx, dword [ref_0048bb58] ; mov ebx, dword [0x48bb58] add ebx, 0xa mov eax, ebx shl eax, 2 sub eax, ebx mov ebx, eax shl ebx, 2 mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0xc add ebx, eax push ebx push eax call fcn_00456280 ; call 0x456280 add esp, 0x10 push 2 push 0xe push 0x1e mov ebx, dword [ref_00474a7c] ; mov ebx, dword [0x474a7c] push ebx mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0x30 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0xe push 0x1e mov esi, dword [ref_00474a80] ; mov esi, dword [0x474a80] push esi mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] add eax, 0x3c push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048bb60] ; mov eax, dword [0x48bb60] movsx ebx, word [eax + 0xc] sar ebx, 1 mov esi, 0x140 sub esi, ebx mov dword [esp], esi movsx ebx, word [eax + 0xe] sar ebx, 1 mov esi, 0xf0 sub esi, ebx mov dword [esp + 4], esi movsx ebx, word [eax + 0xc] mov esi, dword [esp] add esi, ebx mov dword [esp + 8], esi movsx eax, word [eax + 0xe] mov ebx, dword [esp + 4] add ebx, eax mov dword [esp + 0xc], ebx mov eax, esp push eax call fcn_00451e7e ; call 0x451e7e mov esi, eax add esp, 4 mov eax, dword [esp + 4] shl eax, 0x10 add eax, dword [esp] push eax push fcn_004103a3 ; push 0x4103a3 call _Wait_0402_Message ; call 0x4018e7 add esp, 8 mov ebx, eax mov ebp, dword [esp + 4] push ebp mov eax, dword [esp + 4] push eax push esi call fcn_00451edb ; call 0x451edb add esp, 0xc mov edx, dword [ref_0048bb60] ; mov edx, dword [0x48bb60] push edx call clib_free ; call 0x456e11 add esp, 4 cmp dword [esp + 0x24], 0 jne short loc_00411e4b ; jne 0x411e4b test byte [ref_0047e772], 0x80 ; test byte [0x47e772], 0x80 je short loc_00411e4b ; je 0x411e4b call fcn_00454edc ; call 0x454edc loc_00411e4b: mov eax, ebx and eax, 0x7fff cmp eax, 2 jb short loc_00411e60 ; jb 0x411e60 jbe short loc_00411e6c ; jbe 0x411e6c cmp eax, 3 je short loc_00411e73 ; je 0x411e73 jmp short loc_00411e78 ; jmp 0x411e78 loc_00411e60: cmp eax, 1 jne short loc_00411e78 ; jne 0x411e78 call fcn_00411aa3 ; call 0x411aa3 jmp short loc_00411e78 ; jmp 0x411e78 loc_00411e6c: call fcn_00411ae0 ; call 0x411ae0 jmp short loc_00411e78 ; jmp 0x411e78 loc_00411e73: call fcn_00411b46 ; call 0x411b46 loc_00411e78: test bh, 0x80 je short loc_00411e87 ; je 0x411e87 push 1 call fcn_0041906a ; call 0x41906a add esp, 4 loc_00411e87: add esp, 0x10 pop ebp pop edi pop esi pop ebx ret fcn_00411e8f: push ebx sub esp, 8 push ref_00463764 ; push 0x463764 push ref_00463767 ; push 0x463767 call clib_fopen ; call 0x4573bf mov ebx, eax add esp, 8 test eax, eax je short loc_00411eda ; je 0x411eda push eax push 1 push 0x10 push ref_00497158 ; push 0x497158 call clib_fread ; call 0x4576d0 add esp, 0x10 push ebx push 0x38 push 1 push ref_00497168 ; push 0x497168 call clib_fread ; call 0x4576d0 add esp, 0x10 push ebx call clib_fclose ; call 0x4578c5 add esp, 4 jmp short loc_00411f1e ; jmp 0x411f1e loc_00411eda: mov ah, 1 mov byte [ref_00497158], ah ; mov byte [0x497158], ah mov byte [ref_00497159], ah ; mov byte [0x497159], ah mov dh, 4 mov byte [ref_0049715a], dh ; mov byte [0x49715a], dh mov byte [ref_0049715b], dh ; mov byte [0x49715b], dh mov byte [ref_0049715c], ah ; mov byte [0x49715c], ah mov byte [ref_0049715d], ah ; mov byte [0x49715d], ah xor ch, ch mov byte [ref_00497164], ch ; mov byte [0x497164], ch push 0x38 push ref_0047edc2 ; push 0x47edc2 push ref_00497168 ; push 0x497168 call _memcpy ; call 0x456de8 add esp, 0xc loc_00411f1e: mov eax, esp push eax call _get_local_time ; call 0x458331 add esp, 4 mov edx, dword [esp + 2] cmp dx, 0x7ce jae short loc_00411f46 ; jae 0x411f46 mov word [esp + 2], 0x7ce mov dl, 1 mov byte [esp + 1], dl mov byte [esp], dl jmp short loc_00411f5d ; jmp 0x411f5d loc_00411f46: cmp dx, 0x7da jbe short loc_00411f5d ; jbe 0x411f5d mov word [esp + 2], 0x7da mov al, 1 mov byte [esp + 1], al mov byte [esp], al loc_00411f5d: xor ebx, ebx mov bx, word [esp + 2] mov eax, ebx shl eax, 0x10 xor ebx, ebx mov bl, byte [esp + 1] shl ebx, 8 add eax, ebx xor ebx, ebx mov bl, byte [esp] add eax, ebx jmp near loc_00411a7c ; jmp 0x411a7c fcn_00411f80: push ebx push ref_00463771 ; push 0x463771 push ref_00463767 ; push 0x463767 call clib_fopen ; call 0x4573bf mov ebx, eax add esp, 8 test eax, eax je short loc_00411fc6 ; je 0x411fc6 push eax push 1 push 0x10 push ref_00497158 ; push 0x497158 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx push 0x38 push 1 push ref_00497168 ; push 0x497168 call clib_fwrite ; call 0x457ada add esp, 0x10 push ebx call clib_fclose ; call 0x4578c5 add esp, 4 loc_00411fc6: pop ebx ret ref_00411fc8: dd 0x00000003 dd 0x0000000c dd 0x00000003 dd 0x00000009 dd 0x00000001 ref_00411fdc: dd 0x00000000 dd 0x00000000 dd 0x00000280 dd 0x00000183 ref_00411fec: dd 0x01830280 dd 0x00000000 dd 0x00000000 ref_00411ff8: dd 0x00000000 dd 0x00000000 dd 0x00000280 dd 0x00000183 ref_00412008: dd 0x01830280 dd 0x00000000 dd 0x00000000 fcn_00412014: push ebx push esi push edi push ebp sub esp, 0x20 mov ebp, 0x40 mov ecx, 5 mov edi, esp mov esi, ref_00411fc8 ; mov esi, 0x411fc8 rep movsd ; rep movsd dword es:[edi], dword ptr [esi] xor esi, esi jmp short loc_00412038 ; jmp 0x412038 loc_00412032: inc esi cmp esi, 9 jge short loc_00412064 ; jge 0x412064 loc_00412038: xor edx, edx loc_0041203a: mov eax, esi shl eax, 3 lea ecx, [esi + eax] shl ecx, 3 mov eax, edx mov bx, word [ecx + eax*8 + ref_00474d80] ; mov bx, word [ecx + eax*8 + 0x474d80] xor bh, bh and bl, 0xf0 mov word [ecx + eax*8 + ref_00474d80], bx ; mov word [ecx + eax*8 + 0x474d80], bx inc edx cmp edx, 9 jl short loc_0041203a ; jl 0x41203a jmp short loc_00412032 ; jmp 0x412032 loc_00412064: xor edx, edx mov dword [esp + 0x1c], edx jmp short loc_0041207c ; jmp 0x41207c loc_0041206c: lea esi, [eax + 1] mov dword [esp + 0x1c], esi cmp esi, 5 jge near loc_00412114 ; jge 0x412114 loc_0041207c: xor ecx, ecx mov dword [esp + 0x14], ecx loc_00412082: mov eax, dword [esp + 0x1c] mov edx, dword [esp + 0x14] cmp edx, dword [esp + eax*4] jge short loc_0041206c ; jge 0x41206c call clib_rand ; call 0x456f2d imul eax, ebp sar eax, 0xf mov dword [esp + 0x18], eax xor ecx, ecx xor esi, esi jmp short loc_004120aa ; jmp 0x4120aa loc_004120a4: inc esi cmp esi, 9 jge short loc_0041210b ; jge 0x41210b loc_004120aa: xor edx, edx jmp short loc_004120b4 ; jmp 0x4120b4 loc_004120ae: inc edx cmp edx, 9 jge short loc_004120a4 ; jge 0x4120a4 loc_004120b4: mov eax, esi shl eax, 3 lea ebx, [esi + eax] shl ebx, 3 mov eax, edx shl eax, 3 add eax, ebx cmp word [eax + ref_00474d7c], 0 ; cmp word [eax + 0x474d7c], 0 je short loc_004120ae ; je 0x4120ae test byte [eax + ref_00474d80], 0xf ; test byte [eax + 0x474d80], 0xf jne short loc_004120ae ; jne 0x4120ae mov ebx, ecx inc ecx cmp ebx, dword [esp + 0x18] jne short loc_004120ae ; jne 0x4120ae mov dx, word [eax + ref_00474d80] ; mov dx, word [eax + 0x474d80] xor dh, dh and dl, 0xf0 mov word [eax + ref_00474d80], dx ; mov word [eax + 0x474d80], dx mov edx, dword [esp + 0x1c] inc edx or word [eax + ref_00474d80], dx ; or word [eax + 0x474d80], dx mov esi, 9 mov edx, esi dec ebp jmp short loc_004120ae ; jmp 0x4120ae loc_0041210b: inc dword [esp + 0x14] jmp near loc_00412082 ; jmp 0x412082 loc_00412114: add esp, 0x20 pop ebp pop edi pop esi pop ebx ret fcn_0041211c: push ebx push esi push edi push ebp sub esp, 4 mov edi, dword [esp + 0x18] mov ebp, dword [esp + 0x1c] xor eax, eax mov ebx, ebp shl ebx, 3 lea esi, [ebx + ebp] shl esi, 3 mov ebx, edi cmp word [esi + ebx*8 + ref_00474d7c], 0 ; cmp word [esi + ebx*8 + 0x474d7c], 0 je near loc_0041227f ; je 0x41227f mov ebx, dword [ref_0048bd04] ; mov ebx, dword [0x48bd04] shr ebx, 0x10 and ebx, 0xffff and ebx, 0xffff cmp edi, ebx jne short loc_0041217f ; jne 0x41217f mov ebx, dword [ref_0048bd08] ; mov ebx, dword [0x48bd08] shr ebx, 0x10 and ebx, 0xffff and ebx, 0xffff cmp ebp, ebx je near loc_0041227f ; je 0x41227f loc_0041217f: xor ebx, ebx mov word [ref_0048bd04], bx ; mov word [0x48bd04], bx mov word [ref_0048bd08], bx ; mov word [0x48bd08], bx shl edi, 0x10 mov dword [ref_0048bcdc], edi ; mov dword [0x48bcdc], edi shl ebp, 0x10 mov dword [ref_0048bce0], ebp ; mov dword [0x48bce0], ebp mov eax, edi shr eax, 0x10 and eax, 0xffff xor ebx, ebx mov bx, ax mov edx, dword [ref_0048bd04] ; mov edx, dword [0x48bd04] add edx, 0x8000 mov dword [ref_0048bd04], edx ; mov dword [0x48bd04], edx mov eax, edx shr eax, 0x10 and eax, 0xffff xor edi, edi mov di, ax mov ecx, dword [ref_0048bd08] ; mov ecx, dword [0x48bd08] add ecx, 0x8000 mov dword [ref_0048bd08], ecx ; mov dword [0x48bd08], ecx sub ebx, edi mov edi, ebx mov eax, ebp shr eax, 0x10 and eax, 0xffff xor ebx, ebx mov bx, ax mov eax, ecx shr eax, 0x10 and eax, 0xffff movzx ebp, ax sub ebx, ebp mov ebp, ebx push edi call _abs ; call 0x458276 mov dword [esp + 4], eax add esp, 4 push ebx call _abs ; call 0x458276 add esp, 4 mov esi, ebx shl esi, 0x10 mov ebx, edi shl ebx, 0x10 cmp eax, dword [esp] jge short loc_00412248 ; jge 0x412248 push edi call _abs ; call 0x458276 mov ebp, eax add esp, 4 mov eax, ebx mov edx, ebx sar edx, 0x1f idiv ebp mov dword [ref_0048bcfc], eax ; mov dword [0x48bcfc], eax push edi jmp short loc_00412262 ; jmp 0x412262 loc_00412248: push ebp call _abs ; call 0x458276 mov edi, eax add esp, 4 mov eax, ebx mov edx, ebx sar edx, 0x1f idiv edi mov dword [ref_0048bcfc], eax ; mov dword [0x48bcfc], eax push ebp loc_00412262: call _abs ; call 0x458276 mov ebx, eax add esp, 4 mov eax, esi mov edx, esi sar edx, 0x1f idiv ebx mov dword [ref_0048bd00], eax ; mov dword [0x48bd00], eax mov eax, 1 loc_0041227f: add esp, 4 pop ebp pop edi pop esi pop ebx ret fcn_00412287: push ebx push esi push edi mov esi, dword [ref_0048bd04] ; mov esi, dword [0x48bd04] add esi, dword [ref_0048bcfc] ; add esi, dword [0x48bcfc] mov ebx, dword [ref_0048bd08] ; mov ebx, dword [0x48bd08] mov ecx, dword [ref_0048bd00] ; mov ecx, dword [0x48bd00] add ebx, ecx mov eax, ebx shr eax, 0x10 and eax, 0xffff xor edx, edx mov dx, ax mov eax, edx shl eax, 3 add edx, eax shl edx, 3 mov eax, esi shr eax, 0x10 and eax, 0xffff and eax, 0xffff cmp word [edx + eax*8 + ref_00474d7c], 0 ; cmp word [edx + eax*8 + 0x474d7c], 0 jne near loc_004123aa ; jne 0x4123aa mov edi, dword [ref_0048bcfc] ; mov edi, dword [0x48bcfc] push edi call _abs ; call 0x458276 add esp, 4 cmp eax, 0x10000 jne short loc_0041234c ; jne 0x41234c mov dword [ref_0048bd10], esi ; mov dword [0x48bd10], esi sar ebx, 0x10 mov eax, dword [ref_0048bd0c] ; mov eax, dword [0x48bd0c] shr eax, 0x10 and eax, 0xffff and eax, 0xffff cmp eax, ebx jne near loc_0041239f ; jne 0x41239f cmp dword [ref_0048bd00], 0 ; cmp dword [0x48bd00], 0 jne short loc_00412327 ; jne 0x412327 mov dword [ref_0048bd00], 1 ; mov dword [0x48bd00], 1 loc_00412327: mov edi, dword [ref_0048bd00] ; mov edi, dword [0x48bd00] push edi call _abs ; call 0x458276 mov ebx, eax add esp, 4 mov eax, edi mov edx, edi sar edx, 0x1f idiv ebx shl eax, 0x10 add dword [ref_0048bd0c], eax ; add dword [0x48bd0c], eax jmp short loc_0041239f ; jmp 0x41239f loc_0041234c: mov dword [ref_0048bd0c], ebx ; mov dword [0x48bd0c], ebx sar esi, 0x10 mov eax, dword [ref_0048bd10] ; mov eax, dword [0x48bd10] shr eax, 0x10 and eax, 0xffff and eax, 0xffff cmp eax, esi jne short loc_0041239f ; jne 0x41239f test edi, edi jne short loc_00412379 ; jne 0x412379 mov dword [ref_0048bcfc], 1 ; mov dword [0x48bcfc], 1 loc_00412379: mov edx, dword [ref_0048bcfc] ; mov edx, dword [0x48bcfc] push edx call _abs ; call 0x458276 mov ebx, eax add esp, 4 mov eax, dword [ref_0048bcfc] ; mov eax, dword [0x48bcfc] mov edx, eax sar edx, 0x1f idiv ebx shl eax, 0x10 add dword [ref_0048bd10], eax ; add dword [0x48bd10], eax loc_0041239f: mov byte [ref_0048bd5b], 1 ; mov byte [0x48bd5b], 1 pop edi pop esi pop ebx ret loc_004123aa: mov dword [ref_0048bd10], esi ; mov dword [0x48bd10], esi mov dword [ref_0048bd0c], ebx ; mov dword [0x48bd0c], ebx pop edi pop esi pop ebx ret fcn_004123ba: call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 0xa sar edx, 0x1f idiv ecx cmp edx, 7 setl al and eax, 0xff ret fcn_004123d7: push ebx sub esp, 4 xor ebx, ebx jmp short loc_004123e5 ; jmp 0x4123e5 loc_004123df: inc ebx cmp ebx, 0x10 jge short loc_004123f0 ; jge 0x4123f0 loc_004123e5: cmp word [ebx*8 + ref_0048bbc4], 0 ; cmp word [ebx*8 + 0x48bbc4], 0 jne short loc_004123df ; jne 0x4123df loc_004123f0: cmp ebx, 0x10 je near loc_004124a4 ; je 0x4124a4 cmp dword [esp + 0x10], 0 jne short loc_00412439 ; jne 0x412439 call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 0x14 sar edx, 0x1f idiv ecx cmp edx, 9 jge short loc_0041241d ; jge 0x41241d mov edx, 3 jmp short loc_00412445 ; jmp 0x412445 loc_0041241d: cmp edx, 0xf jge short loc_00412429 ; jge 0x412429 mov edx, 2 jmp short loc_00412445 ; jmp 0x412445 loc_00412429: cmp edx, 0x12 jge short loc_00412435 ; jge 0x412435 mov edx, 1 jmp short loc_00412445 ; jmp 0x412445 loc_00412435: xor edx, edx jmp short loc_00412445 ; jmp 0x412445 loc_00412439: mov edx, 4 inc word [ref_0048bd54] ; inc word [0x48bd54] loc_00412445: mov eax, dword [esp + 0xc] mov word [ebx*8 + ref_0048bbc4], ax ; mov word [ebx*8 + 0x48bbc4], ax mov word [ebx*8 + ref_0048bbc6], 0x64 ; mov word [ebx*8 + 0x48bbc6], 0x64 mov word [ebx*8 + ref_0048bbc8], dx ; mov word [ebx*8 + 0x48bbc8], dx mov word [ebx*8 + ref_0048bbca], 0xfff0 ; mov word [ebx*8 + 0x48bbca], 0xfff0 mov eax, dword [esp + 0xc] sub eax, 0x140 mov dword [esp], eax fild dword [esp] fst dword [esp] fdiv dword [ref_00463774] ; fdiv dword [0x463774] fmul dword [ref_00463778] ; fmul dword [0x463778] fsub dword [esp] call fcn_00457dbc ; call 0x457dbc fistp dword [esp] mov eax, dword [esp] shl eax, 8 add word [ebx*8 + ref_0048bbc8], ax ; add word [ebx*8 + 0x48bbc8], ax loc_004124a4: add esp, 4 pop ebx ret endloc_004124a9: db 0x8d db 0x40 db 0x00 ref_004124ac: ; may contain a jump table dd loc_004125a3 dd loc_004125e0 dd loc_00412651 dd loc_00412851 dd loc_00412a08 dd loc_00412aac dd loc_00412b45 fcn_004124c8: push ebx push esi push edi push ebp sub esp, 0x4c mov eax, dword [ref_0048bd04] ; mov eax, dword [0x48bd04] shr eax, 0x10 and eax, 0xffff and eax, 0xffff mov dword [esp + 0x48], eax mov eax, dword [ref_0048bd08] ; mov eax, dword [0x48bd08] shr eax, 0x10 and eax, 0xffff movzx ebp, ax mov eax, dword [ref_0048bd10] ; mov eax, dword [0x48bd10] shr eax, 0x10 and eax, 0xffff and eax, 0xffff mov dword [esp + 0x40], eax mov eax, dword [ref_0048bd0c] ; mov eax, dword [0x48bd0c] shr eax, 0x10 and eax, 0xffff and eax, 0xffff mov dword [esp + 0x3c], eax xor edx, edx mov dword [esp + 0x44], edx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax cmp dword [ref_0048bcf0], 0xffffffff ; cmp dword [0x48bcf0], 0xffffffff je short loc_0041258e ; je 0x41258e mov eax, dword [ref_0048bd68] ; mov eax, dword [0x48bd68] mov edx, dword [ref_0048bd60] ; mov edx, dword [0x48bd60] sub eax, edx push eax mov eax, dword [ref_0048bd64] ; mov eax, dword [0x48bd64] mov ecx, dword [ref_0048bd5c] ; mov ecx, dword [0x48bd5c] sub eax, ecx push eax mov eax, edx push edx mov edx, ecx push ecx mov ecx, eax push ecx mov eax, edx push eax mov eax, dword [ref_0048bd34] ; mov eax, dword [0x48bd34] add eax, 0xc push eax push ref_0046caec ; push 0x46caec call fcn_004562cc ; call 0x4562cc add esp, 0x20 loc_0041258e: mov eax, dword [ref_0048bccc] ; mov eax, dword [0x48bccc] cmp eax, 6 ja near loc_00412b9c ; ja 0x412b9c jmp dword [eax*4 + ref_004124ac] ; ujmp: jmp dword [eax*4 + 0x4124ac] loc_004125a3: mov eax, ebp shl eax, 3 add eax, ebp mov edi, dword [esp + 0x48] shl edi, 3 movsx esi, word [edi + eax*8 + ref_00474d7c] ; movsx esi, word [edi + eax*8 + 0x474d7c] movsx edi, word [edi + eax*8 + ref_00474d7e] ; movsx edi, word [edi + eax*8 + 0x474d7e] mov ebx, dword [ref_0048bd34] ; mov ebx, dword [0x48bd34] add ebx, 0x18 push edi push esi push ebx mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 jmp near loc_00412b9c ; jmp 0x412b9c loc_004125e0: mov eax, ebp shl eax, 3 add eax, ebp mov edi, dword [esp + 0x48] shl edi, 3 movsx esi, word [edi + eax*8 + ref_00474d7c] ; movsx esi, word [edi + eax*8 + 0x474d7c] movsx edi, word [edi + eax*8 + ref_00474d7e] ; movsx edi, word [edi + eax*8 + 0x474d7e] mov eax, dword [ref_0048bcc4] ; mov eax, dword [0x48bcc4] and eax, 0xf cmp eax, 3 jge short loc_00412616 ; jge 0x412616 mov ebx, dword [ref_0048bd34] ; mov ebx, dword [0x48bd34] add ebx, 0x18 jmp short loc_0041261f ; jmp 0x41261f loc_00412616: mov ebx, dword [ref_0048bd34] ; mov ebx, dword [0x48bd34] add ebx, 0x24 loc_0041261f: push edi push esi push ebx mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov ecx, dword [ref_0048bcc4] ; mov ecx, dword [0x48bcc4] inc ecx mov dword [ref_0048bcc4], ecx ; mov dword [0x48bcc4], ecx mov eax, ecx and eax, 0xf cmp eax, 0xf jne near loc_00412b9c ; jne 0x412b9c jmp near loc_00412b95 ; jmp 0x412b95 loc_00412651: test byte [ref_0048bcc4], 3 ; test byte [0x48bcc4], 3 jne short loc_004126b7 ; jne 0x4126b7 mov esi, dword [esp + 0x40] sub esi, dword [esp + 0x48] mov edi, dword [esp + 0x3c] sub edi, ebp test esi, esi jle short loc_0041267a ; jle 0x41267a lea eax, [edi + 1] mov edx, 4 sub edx, eax mov eax, edx jmp short loc_00412694 ; jmp 0x412694 loc_0041267a: jne short loc_0041268e ; jne 0x41268e test edi, edi jle short loc_00412687 ; jle 0x412687 mov eax, 1 jmp short loc_00412694 ; jmp 0x412694 loc_00412687: mov eax, 5 jmp short loc_00412694 ; jmp 0x412694 loc_0041268e: lea eax, [edi + 7] and eax, 7 loc_00412694: mov esi, dword [ref_0048bcc4] ; mov esi, dword [0x48bcc4] and esi, 0xf0f mov dword [ref_0048bcc4], esi ; mov dword [0x48bcc4], esi mov edx, eax shl edx, 4 mov edi, esi or edi, edx mov dword [ref_0048bcc4], edi ; mov dword [0x48bcc4], edi jmp short loc_004126c2 ; jmp 0x4126c2 loc_004126b7: mov eax, dword [ref_0048bcc4] ; mov eax, dword [0x48bcc4] sar eax, 4 and eax, 0xf loc_004126c2: mov edx, ebp shl edx, 3 add edx, ebp shl edx, 3 mov edi, dword [esp + 0x48] shl edi, 3 add edi, edx movsx esi, word [edi + ref_00474d7c] ; movsx esi, word [edi + 0x474d7c] mov ecx, dword [esp + 0x3c] mov edx, ecx shl edx, 3 add ecx, edx shl ecx, 3 mov edx, dword [esp + 0x40] shl edx, 3 add edx, ecx movsx ecx, word [edx + ref_00474d7c] ; movsx ecx, word [edx + 0x474d7c] sub ecx, esi sar ecx, 2 mov ebx, dword [ref_0048bcc4] ; mov ebx, dword [0x48bcc4] and ebx, 3 imul ecx, ebx add esi, ecx movsx edi, word [edi + ref_00474d7e] ; movsx edi, word [edi + 0x474d7e] movsx edx, word [edx + ref_00474d7e] ; movsx edx, word [edx + 0x474d7e] sub edx, edi sar edx, 2 imul edx, ebx add edi, edx shl eax, 2 lea edx, [eax + ebx] mov ebx, edx shl ebx, 2 sub ebx, edx shl ebx, 2 mov eax, dword [ref_0048bcf8] ; mov eax, dword [0x48bcf8] lea ecx, [eax + 0xc] add ebx, ecx push edi push esi push edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045663e ; call 0x45663e add esp, 0x14 mov edx, dword [ref_0048bcc4] ; mov edx, dword [0x48bcc4] inc edx mov dword [ref_0048bcc4], edx ; mov dword [0x48bcc4], edx mov ecx, edx and ecx, 0xff3 mov dword [ref_0048bcc4], ecx ; mov dword [0x48bcc4], ecx test byte [ref_0048bcc4], 3 ; test byte [0x48bcc4], 3 jne near loc_00412b9c ; jne 0x412b9c mov eax, dword [ref_0048bd10] ; mov eax, dword [0x48bd10] mov dword [ref_0048bd04], eax ; mov dword [0x48bd04], eax mov eax, dword [ref_0048bd0c] ; mov eax, dword [0x48bd0c] mov dword [ref_0048bd08], eax ; mov dword [0x48bd08], eax mov eax, dword [ref_0048bd04] ; mov eax, dword [0x48bd04] shr eax, 0x10 and eax, 0xffff xor edx, edx mov dx, ax mov eax, dword [ref_0048bcdc] ; mov eax, dword [0x48bcdc] shr eax, 0x10 and eax, 0xffff and eax, 0xffff cmp edx, eax jne short loc_00412808 ; jne 0x412808 mov eax, dword [ref_0048bd08] ; mov eax, dword [0x48bd08] shr eax, 0x10 and eax, 0xffff xor edx, edx mov dx, ax mov eax, dword [ref_0048bce0] ; mov eax, dword [0x48bce0] shr eax, 0x10 and eax, 0xffff and eax, 0xffff cmp edx, eax jne short loc_00412808 ; jne 0x412808 push ref_00475057 ; push 0x475057 call fcn_004542e9 ; call 0x4542e9 add esp, 4 push 0 push ref_0047505f ; push 0x47505f call fcn_004542ce ; call 0x4542ce add esp, 8 mov dword [ref_0048bccc], 3 ; mov dword [0x48bccc], 3 jmp near loc_00412b9c ; jmp 0x412b9c loc_00412808: cmp byte [ref_0048bd5b], 0 ; cmp byte [0x48bd5b], 0 je short loc_00412847 ; je 0x412847 mov eax, dword [ref_0048bce0] ; mov eax, dword [0x48bce0] shr eax, 0x10 and eax, 0xffff and eax, 0xffff push eax mov eax, dword [ref_0048bcdc] ; mov eax, dword [0x48bcdc] shr eax, 0x10 and eax, 0xffff and eax, 0xffff push eax call fcn_0041211c ; call 0x41211c add esp, 8 xor dl, dl mov byte [ref_0048bd5b], dl ; mov byte [0x48bd5b], dl loc_00412847: call fcn_00412287 ; call 0x412287 jmp near loc_00412b9c ; jmp 0x412b9c loc_00412851: mov eax, ebp shl eax, 3 add eax, ebp mov edi, dword [esp + 0x48] shl edi, 3 movsx esi, word [edi + eax*8 + ref_00474d7c] ; movsx esi, word [edi + eax*8 + 0x474d7c] movsx edi, word [edi + eax*8 + ref_00474d7e] ; movsx edi, word [edi + eax*8 + 0x474d7e] mov eax, dword [ref_0048bcc4] ; mov eax, dword [0x48bcc4] and eax, 3 cmp eax, 2 jne short loc_004128a5 ; jne 0x4128a5 mov eax, dword [ref_0048bd34] ; mov eax, dword [0x48bd34] lea ebx, [eax + 0x78] push edi push esi push ebx add eax, 0xc push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 push edi push esi push ebx mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 loc_004128a5: mov eax, dword [ref_0048bcc4] ; mov eax, dword [0x48bcc4] and eax, 3 cmp eax, 3 jne short loc_00412925 ; jne 0x412925 mov eax, ebp shl eax, 3 add eax, ebp shl eax, 3 mov edx, dword [esp + 0x48] shl edx, 3 add edx, eax test byte [edx + ref_00474d80], 0xf ; test byte [edx + 0x474d80], 0xf je short loc_0041291d ; je 0x41291d and dword [ref_0048bcc4], 0xff ; and dword [0x48bcc4], 0xff or byte [ref_0048bcc5], 1 ; or byte [0x48bcc5], 1 mov ax, word [edx + ref_00474d80] ; mov ax, word [edx + 0x474d80] xor ah, ah and al, 0xf cwde mov dword [ref_0048bd6c], eax ; mov dword [0x48bd6c], eax movsx eax, word [edx + ref_00474d7c] ; movsx eax, word [edx + 0x474d7c] mov dword [ref_0048bd70], eax ; mov dword [0x48bd70], eax movsx eax, word [edx + ref_00474d7e] ; movsx eax, word [edx + 0x474d7e] mov dword [ref_0048bd74], eax ; mov dword [0x48bd74], eax mov bx, word [edx + ref_00474d80] ; mov bx, word [edx + 0x474d80] xor bh, bh and bl, 0xf0 mov word [edx + ref_00474d80], bx ; mov word [edx + 0x474d80], bx jmp short loc_00412925 ; jmp 0x412925 loc_0041291d: xor ebx, ebx mov dword [ref_0048bd6c], ebx ; mov dword [0x48bd6c], ebx loc_00412925: mov eax, dword [ref_0048bcc4] ; mov eax, dword [0x48bcc4] and eax, 0xf0 sar eax, 4 shl eax, 2 mov edx, dword [ref_0048bcc4] ; mov edx, dword [0x48bcc4] and edx, 3 add edx, eax mov ebx, edx shl ebx, 2 sub ebx, edx shl ebx, 2 mov eax, dword [ref_0048bd28] ; mov eax, dword [0x48bd28] lea ecx, [eax + 0xc] add ebx, ecx push edi push esi push edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045663e ; call 0x45663e add esp, 0x14 mov edx, dword [ref_0048bcc4] ; mov edx, dword [0x48bcc4] inc edx mov dword [ref_0048bcc4], edx ; mov dword [0x48bcc4], edx mov ecx, edx and ecx, 0xff3 mov dword [ref_0048bcc4], ecx ; mov dword [0x48bcc4], ecx test byte [ref_0048bcc4], 3 ; test byte [0x48bcc4], 3 jne near loc_00412b9c ; jne 0x412b9c mov eax, dword [ref_0048bd6c] ; mov eax, dword [0x48bd6c] test eax, eax jbe short loc_0041299e ; jbe 0x41299e cmp eax, 1 je short loc_004129ab ; je 0x4129ab jmp short loc_004129c4 ; jmp 0x4129c4 loc_0041299e: xor edx, edx mov dword [ref_0048bccc], edx ; mov dword [0x48bccc], edx jmp near loc_00412b9c ; jmp 0x412b9c loc_004129ab: mov dword [ref_0048bccc], eax ; mov dword [0x48bccc], eax push 0 push ref_0047508f ; push 0x47508f call fcn_004542ce ; call 0x4542ce add esp, 8 jmp near loc_00412b9c ; jmp 0x412b9c loc_004129c4: xor ecx, ecx mov dword [ref_0048bccc], ecx ; mov dword [0x48bccc], ecx push ecx mov eax, dword [ref_0048bd6c] ; mov eax, dword [0x48bd6c] mov al, byte [eax + ref_00475051] ; mov al, byte [eax + 0x475051] and eax, 0xff shl eax, 3 add eax, ref_00475057 ; add eax, 0x475057 push eax call fcn_004542ce ; call 0x4542ce add esp, 8 mov eax, dword [ref_0048bd6c] ; mov eax, dword [0x48bd6c] mov edx, 1 mov dword [esp + 0x44], edx add dword [eax*4 + ref_0048bbac], edx ; add dword [eax*4 + 0x48bbac], edx jmp near loc_00412b9c ; jmp 0x412b9c loc_00412a08: mov eax, ebp shl eax, 3 add eax, ebp mov edi, dword [esp + 0x48] shl edi, 3 movsx esi, word [edi + eax*8 + ref_00474d7c] ; movsx esi, word [edi + eax*8 + 0x474d7c] movsx edi, word [edi + eax*8 + ref_00474d7e] ; movsx edi, word [edi + eax*8 + 0x474d7e] mov edx, dword [ref_0048bcc4] ; mov edx, dword [0x48bcc4] and edx, 0xf mov ebx, edx shl ebx, 2 sub ebx, edx shl ebx, 2 mov eax, dword [ref_0048bcd8] ; mov eax, dword [0x48bcd8] lea ecx, [eax + 0xc] add ebx, ecx push edi push esi push edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045663e ; call 0x45663e add esp, 0x14 mov eax, dword [ref_0048bcd8] ; mov eax, dword [0x48bcd8] mov edx, dword [ref_0048bcc4] ; mov edx, dword [0x48bcc4] inc edx mov dword [ref_0048bcc4], edx ; mov dword [0x48bcc4], edx and edx, 0xf cmp edx, dword [eax + 4] jne short loc_00412a87 ; jne 0x412a87 mov eax, dword [ref_0048bcc4] ; mov eax, dword [0x48bcc4] and eax, 0xf0 mov dword [ref_0048bcc4], eax ; mov dword [0x48bcc4], eax lea edx, [eax + 0x10] mov dword [ref_0048bcc4], edx ; mov dword [0x48bcc4], edx loc_00412a87: mov eax, dword [ref_0048bcc4] ; mov eax, dword [0x48bcc4] and eax, 0xf0 cmp eax, 0x40 jne near loc_00412b9c ; jne 0x412b9c push ref_00475067 ; push 0x475067 loc_00412a9f: call fcn_004542e9 ; call 0x4542e9 add esp, 4 jmp near loc_00412b95 ; jmp 0x412b95 loc_00412aac: mov eax, ebp shl eax, 3 add eax, ebp mov edi, dword [esp + 0x48] shl edi, 3 movsx esi, word [edi + eax*8 + ref_00474d7c] ; movsx esi, word [edi + eax*8 + 0x474d7c] movsx edi, word [edi + eax*8 + ref_00474d7e] ; movsx edi, word [edi + eax*8 + 0x474d7e] mov ecx, dword [ref_0048bcc4] ; mov ecx, dword [0x48bcc4] and ecx, 0xf mov ebx, ecx shl ebx, 2 sub ebx, ecx shl ebx, 2 mov eax, dword [ref_0048bcd4] ; mov eax, dword [0x48bcd4] lea edx, [eax + 0xc] add ebx, edx push edi push esi push ecx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_0045663e ; call 0x45663e add esp, 0x14 mov eax, dword [ref_0048bcd4] ; mov eax, dword [0x48bcd4] mov edx, dword [ref_0048bcc4] ; mov edx, dword [0x48bcc4] inc edx mov dword [ref_0048bcc4], edx ; mov dword [0x48bcc4], edx and edx, 0xf cmp edx, dword [eax + 4] jne short loc_00412b2c ; jne 0x412b2c mov eax, dword [ref_0048bcc4] ; mov eax, dword [0x48bcc4] and eax, 0xf0 mov dword [ref_0048bcc4], eax ; mov dword [0x48bcc4], eax lea edx, [eax + 0x10] mov dword [ref_0048bcc4], edx ; mov dword [0x48bcc4], edx loc_00412b2c: mov eax, dword [ref_0048bcc4] ; mov eax, dword [0x48bcc4] and eax, 0xf0 cmp eax, 0x40 jne short loc_00412b9c ; jne 0x412b9c push ref_0047506f ; push 0x47506f jmp near loc_00412a9f ; jmp 0x412a9f loc_00412b45: mov eax, ebp shl eax, 3 add eax, ebp mov edi, dword [esp + 0x48] shl edi, 3 movsx esi, word [edi + eax*8 + ref_00474d7c] ; movsx esi, word [edi + eax*8 + 0x474d7c] movsx edi, word [edi + eax*8 + ref_00474d7e] ; movsx edi, word [edi + eax*8 + 0x474d7e] mov ebx, dword [ref_0048bd34] ; mov ebx, dword [0x48bd34] add ebx, 0x18 push edi push esi push ebx mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov ecx, dword [ref_0048bcc4] ; mov ecx, dword [0x48bcc4] inc ecx mov dword [ref_0048bcc4], ecx ; mov dword [0x48bcc4], ecx mov eax, ecx and eax, 0xf cmp eax, 0xf jne short loc_00412b9c ; jne 0x412b9c loc_00412b95: mov byte [ref_0048bd58], 1 ; mov byte [0x48bd58], 1 loc_00412b9c: movsx eax, word [ebx + 4] mov edx, esi sub edx, eax mov dword [esp], edx movsx eax, word [ebx + 6] mov edx, edi sub edx, eax mov dword [esp + 4], edx movsx eax, word [ebx] mov edx, dword [esp] add edx, eax mov dword [esp + 8], edx movsx eax, word [ebx + 2] mov edx, dword [esp + 4] add edx, eax mov dword [esp + 0xc], edx test byte [ref_0048bcc5], 0xf ; test byte [0x48bcc5], 0xf je near loc_00412cab ; je 0x412cab mov eax, dword [ref_0048bd6c] ; mov eax, dword [0x48bd6c] mov eax, dword [eax*4 + ref_0048bd10] ; mov eax, dword [eax*4 + 0x48bd10] mov dword [esp + 0x38], eax mov eax, dword [ref_0048bcc4] ; mov eax, dword [0x48bcc4] and eax, 0xf00 sar eax, 8 lea ecx, [eax - 1] mov eax, ecx shl eax, 2 sub eax, ecx shl eax, 2 mov ebx, dword [esp + 0x38] add ebx, 0xc add ebx, eax mov edx, dword [ref_0048bd74] ; mov edx, dword [0x48bd74] push edx mov eax, dword [ref_0048bd70] ; mov eax, dword [0x48bd70] push eax push ecx mov edx, dword [esp + 0x44] push edx mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_0045663e ; call 0x45663e add esp, 0x14 movsx eax, word [ebx + 4] mov edx, dword [ref_0048bd70] ; mov edx, dword [0x48bd70] sub edx, eax mov dword [esp + 0x20], edx movsx eax, word [ebx + 6] mov edx, dword [ref_0048bd74] ; mov edx, dword [0x48bd74] sub edx, eax mov dword [esp + 0x24], edx movsx eax, word [ebx] mov edx, dword [esp + 0x20] add edx, eax mov dword [esp + 0x28], edx movsx eax, word [ebx + 2] mov edx, dword [esp + 0x24] add edx, eax mov dword [esp + 0x2c], edx mov ebx, dword [ref_0048bcc4] ; mov ebx, dword [0x48bcc4] add ebx, 0x100 mov dword [ref_0048bcc4], ebx ; mov dword [0x48bcc4], ebx mov eax, ebx and eax, 0xf00 cmp eax, 0x700 jne short loc_00412c96 ; jne 0x412c96 mov eax, ebx and eax, 0xff mov dword [ref_0048bcc4], eax ; mov dword [0x48bcc4], eax loc_00412c96: mov eax, esp push eax lea eax, [esp + 0x24] push eax lea eax, [esp + 8] push eax call fcn_00452808 ; call 0x452808 add esp, 0xc loc_00412cab: mov eax, ebp shl eax, 3 add eax, ebp mov edx, dword [esp + 0x48] shl edx, 3 test byte [edx + eax*8 + ref_00474d80], 0xf0 ; test byte [edx + eax*8 + 0x474d80], 0xf0 je short loc_00412d34 ; je 0x412d34 mov ebx, dword [ref_0048bd34] ; mov ebx, dword [0x48bd34] add ebx, 0x30 push 0xe1 push 0x140 push ebx mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 movsx eax, word [ebx + 4] mov edx, 0x140 sub edx, eax mov dword [esp + 0x20], edx movsx eax, word [ebx + 6] mov edx, 0xe1 sub edx, eax mov dword [esp + 0x24], edx movsx eax, word [ebx] mov edx, dword [esp + 0x20] add edx, eax mov dword [esp + 0x28], edx movsx eax, word [ebx + 2] mov edx, dword [esp + 0x24] add edx, eax mov dword [esp + 0x2c], edx mov eax, esp push eax lea eax, [esp + 0x24] push eax lea eax, [esp + 8] push eax call fcn_00452808 ; call 0x452808 add esp, 0xc loc_00412d34: mov ecx, dword [ref_0048bccc] ; mov ecx, dword [0x48bccc] cmp ecx, 3 jne short loc_00412d8f ; jne 0x412d8f mov eax, dword [ref_0048bcc4] ; mov eax, dword [0x48bcc4] and eax, ecx cmp eax, ecx jne short loc_00412d8f ; jne 0x412d8f mov ebx, dword [ref_0048bd34] ; mov ebx, dword [0x48bd34] movsx eax, word [ebx + 0x7c] sub esi, eax mov dword [esp + 0x20], esi movsx eax, word [ebx + 0x7e] sub edi, eax mov dword [esp + 0x24], edi movsx eax, word [ebx + 0x78] lea edx, [esi + eax] mov dword [esp + 0x28], edx movsx eax, word [ebx + 0x7a] lea edx, [edi + eax] mov dword [esp + 0x2c], edx mov eax, esp push eax lea eax, [esp + 0x24] push eax lea eax, [esp + 8] push eax call fcn_00452808 ; call 0x452808 add esp, 0xc loc_00412d8f: mov ebx, dword [ref_0048bccc] ; mov ebx, dword [0x48bccc] cmp ebx, 1 je short loc_00412d9f ; je 0x412d9f cmp ebx, 6 jne short loc_00412dac ; jne 0x412dac loc_00412d9f: mov eax, dword [ref_0048bcc4] ; mov eax, dword [0x48bcc4] and eax, 0xf cmp eax, 4 je short loc_00412dc0 ; je 0x412dc0 loc_00412dac: mov edi, dword [ref_0048bccc] ; mov edi, dword [0x48bccc] cmp edi, 4 je short loc_00412dc0 ; je 0x412dc0 cmp edi, 5 jne near loc_00412eac ; jne 0x412eac loc_00412dc0: mov eax, dword [ref_0048bcec] ; mov eax, dword [0x48bcec] push eax push ref_0046377c ; push 0x46377c lea eax, [esp + 0x38] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc lea eax, [esp + 0x30] push eax call _strlen ; call 0x45825d add esp, 4 mov edi, eax mov ebx, eax shl ebx, 5 add ebx, eax add ebx, ebx mov eax, ebx mov edx, ebx sar edx, 0x1f sub eax, edx sar eax, 1 mov esi, 0x161 sub esi, eax lea eax, [esi - 0x21] mov dword [esp + 0x20], eax mov dword [esp + 0x24], 0x64 add eax, ebx mov dword [esp + 0x28], eax mov dword [esp + 0x2c], 0xc8 mov eax, esp push eax lea eax, [esp + 0x24] push eax lea eax, [esp + 8] push eax call fcn_00452808 ; call 0x452808 add esp, 0xc xor ebx, ebx loc_00412e36: cmp ebx, edi jge short loc_00412eac ; jge 0x412eac push 0x96 push esi xor edx, edx mov dl, byte [esp + ebx + 0x38] sub edx, 0x26 mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov eax, dword [ref_0048bd34] ; mov eax, dword [0x48bd34] add eax, 0xc push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 push 0x96 push esi xor eax, eax mov al, byte [esp + ebx + 0x38] lea edx, [eax - 0x26] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 inc ebx add esi, 0x42 jmp short loc_00412e36 ; jmp 0x412e36 loc_00412eac: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall cmp dword [ref_0048bcf0], 0xffffffff ; cmp dword [0x48bcf0], 0xffffffff je short loc_00412edc ; je 0x412edc lea eax, [esp + 0x10] push eax push ref_0048bd5c ; push 0x48bd5c lea eax, [esp + 8] push eax call fcn_00452808 ; call 0x452808 add esp, 0xc loc_00412edc: push 0x10 lea eax, [esp + 4] push eax push ref_0048bd5c ; push 0x48bd5c call _memcpy ; call 0x456de8 add esp, 0xc cmp dword [esp + 0x10], 0 jge short loc_00412efd ; jge 0x412efd xor ecx, ecx mov dword [esp + 0x10], ecx loc_00412efd: cmp dword [esp + 0x18], 0x280 jle short loc_00412f0f ; jle 0x412f0f mov dword [esp + 0x18], 0x280 loc_00412f0f: lea eax, [esp + 0x10] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0x14] push ecx mov edi, dword [ref_0048a0e0] ; mov edi, dword [0x48a0e0] push edi mov ebp, dword [esp + 0x20] push ebp mov ecx, dword [esp + 0x20] push ecx push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 0x10] push eax call fcn_00402250 ; call 0x402250 add esp, 4 cmp dword [esp + 0x44], 0 je short loc_00412f5d ; je 0x412f5d push 1 call fcn_00413a4a ; call 0x413a4a add esp, 4 loc_00412f5d: mov eax, dword [ref_0048bccc] ; mov eax, dword [0x48bccc] mov dword [ref_0048bcf0], eax ; mov dword [0x48bcf0], eax add esp, 0x4c pop ebp pop edi pop esi pop ebx ret fcn_00412f6f: push ebx push esi push edi push ebp sub esp, 0x44 lea edi, [esp + 0x20] mov esi, ref_00411fdc ; mov esi, 0x411fdc movsd ; movsd dword es:[edi], dword ptr [esi] movsd ; movsd dword es:[edi], dword ptr [esi] movsd ; movsd dword es:[edi], dword ptr [esi] movsd ; movsd dword es:[edi], dword ptr [esi] lea edi, [esp + 0x30] mov esi, ref_00411fec ; mov esi, 0x411fec movsd ; movsd dword es:[edi], dword ptr [esi] movsd ; movsd dword es:[edi], dword ptr [esi] movsd ; movsd dword es:[edi], dword ptr [esi] mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [esp + 0x38], eax push 0x183 push 0x280 push 0 push 0 push 0 push 0 mov eax, dword [ref_0048bd34] ; mov eax, dword [0x48bd34] add eax, 0xc push eax lea eax, [esp + 0x4c] push eax call fcn_004562cc ; call 0x4562cc add esp, 0x20 xor ebp, ebp mov dword [esp + 0x3c], ebp jmp near loc_00413189 ; jmp 0x413189 loc_00412fe1: cmp edx, 0x1c jge short loc_00412ff8 ; jge 0x412ff8 mov eax, 0x1b sub eax, edx sar eax, 1 add eax, 5 loc_00412ff2: mov dword [esp + 0x40], eax jmp short loc_0041301c ; jmp 0x41301c loc_00412ff8: cmp edx, 0x1e jge near loc_00413183 ; jge 0x413183 call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 0xa sar edx, 0x1f idiv ecx xor eax, eax mov al, byte [edx + ref_00475039] ; mov al, byte [edx + 0x475039] jmp short loc_00412ff2 ; jmp 0x412ff2 loc_0041301c: cmp dword [esp + 0x40], 0xffffffff je near loc_00413183 ; je 0x413183 mov ebx, 0x28 xor esi, esi jmp short loc_00413066 ; jmp 0x413066 loc_00413030: inc edx cmp edx, 0x10 jge short loc_00413053 ; jge 0x413053 loc_00413036: mov eax, edx shl eax, 3 movsx ecx, word [eax + ref_0048bc44] ; movsx ecx, word [eax + 0x48bc44] cmp ecx, ebx jne short loc_00413030 ; jne 0x413030 cmp word [eax + ref_0048bc46], 0x12c ; cmp word [eax + 0x48bc46], 0x12c jle short loc_00413030 ; jle 0x413030 jmp short loc_0041305b ; jmp 0x41305b loc_00413053: test edi, edi jne short loc_0041305b ; jne 0x41305b mov dword [esp + esi*4], ebx inc esi loc_0041305b: add ebx, 0x50 cmp ebx, 0x280 jge short loc_0041306c ; jge 0x41306c loc_00413066: xor edx, edx xor edi, edi jmp short loc_00413036 ; jmp 0x413036 loc_0041306c: test esi, esi je near loc_00413183 ; je 0x413183 push 0 push ref_0047509f ; push 0x47509f call fcn_004542ce ; call 0x4542ce add esp, 8 call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv esi mov dx, word [esp + edx*4] mov word [ebp*8 + ref_0048bc44], dx ; mov word [ebp*8 + 0x48bc44], dx mov word [ebp*8 + ref_0048bc46], 0x1a4 ; mov word [ebp*8 + 0x48bc46], 0x1a4 mov edx, dword [esp + 0x40] mov word [ebp*8 + ref_0048bc48], dx ; mov word [ebp*8 + 0x48bc48], dx jmp near loc_00413183 ; jmp 0x413183 loc_004130b6: test byte [eax + ref_0048bc48], 0xf0 ; test byte [eax + 0x48bc48], 0xf0 je short loc_004130de ; je 0x4130de sub word [eax + ref_0048bc48], 0x10 ; sub word [eax + 0x48bc48], 0x10 test byte [eax + ref_0048bc48], 0xf0 ; test byte [eax + 0x48bc48], 0xf0 jne short loc_0041311b ; jne 0x41311b xor edx, edx mov word [eax + ref_0048bc44], dx ; mov word [eax + 0x48bc44], dx jmp near loc_00413183 ; jmp 0x413183 loc_004130de: cmp byte [ref_0048bd59], 0 ; cmp byte [0x48bd59], 0 jne short loc_0041311b ; jne 0x41311b movsx eax, word [eax + ref_0048bc48] ; movsx eax, word [eax + 0x48bc48] mov al, byte [eax + ref_00475004] ; mov al, byte [eax + 0x475004] and eax, 0xff mov edx, dword [ref_0048bcc8] ; mov edx, dword [0x48bcc8] cmp edx, 0xffffffff jl short loc_00413113 ; jl 0x413113 jle short loc_0041310d ; jle 0x41310d cmp edx, 1 je short loc_00413111 ; je 0x413111 jmp short loc_00413113 ; jmp 0x413113 loc_0041310d: add eax, eax jmp short loc_00413113 ; jmp 0x413113 loc_00413111: sar eax, 1 loc_00413113: sub word [ebp*8 + ref_0048bc46], ax ; sub word [ebp*8 + 0x48bc46], ax loc_0041311b: mov ebx, ebp shl ebx, 3 movsx eax, word [ebx + ref_0048bc46] ; movsx eax, word [ebx + 0x48bc46] push eax movsx eax, word [ebx + ref_0048bc44] ; movsx eax, word [ebx + 0x48bc44] push eax mov ax, word [ebx + ref_0048bc48] ; mov ax, word [ebx + 0x48bc48] xor ah, ah and al, 0xf cwde lea edx, [eax + 1] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bd34] ; mov eax, dword [0x48bd34] add eax, 0xc add eax, edx push eax lea eax, [esp + 0x3c] push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 test eax, eax je short loc_00413170 ; je 0x413170 xor esi, esi mov word [ebx + ref_0048bc44], si ; mov word [ebx + 0x48bc44], si loc_00413170: cmp word [ebp*8 + ref_0048bc44], 0 ; cmp word [ebp*8 + 0x48bc44], 0 je short loc_00413183 ; je 0x413183 mov dword [esp + 0x3c], 1 loc_00413183: inc ebp cmp ebp, 0x10 jge short loc_004131cb ; jge 0x4131cb loc_00413189: mov eax, ebp shl eax, 3 cmp word [eax + ref_0048bc44], 0 ; cmp word [eax + 0x48bc44], 0 jne near loc_004130b6 ; jne 0x4130b6 cmp byte [ref_0048bd58], 0 ; cmp byte [0x48bd58], 0 jne short loc_00413183 ; jne 0x413183 call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 0x3e8 sar edx, 0x1f idiv ecx cmp edx, 0x14 jge near loc_00412fe1 ; jge 0x412fe1 sar edx, 2 mov dword [esp + 0x40], edx jmp near loc_0041301c ; jmp 0x41301c loc_004131cb: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall lea eax, [esp + 0x20] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0x24] push ecx mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] push esi push 0 push 0 push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 0x20] push eax call fcn_00402250 ; call 0x402250 add esp, 4 cmp dword [esp + 0x3c], 0 jne short loc_00413229 ; jne 0x413229 cmp byte [ref_0048bd58], 1 ; cmp byte [0x48bd58], 1 jne short loc_00413229 ; jne 0x413229 mov byte [ref_0048bd58], 2 ; mov byte [0x48bd58], 2 loc_00413229: add esp, 0x44 pop ebp pop edi pop esi pop ebx ret endloc_00413231: db 0x8d db 0x40 db 0x00 ref_00413234: ; may contain a jump table dd loc_00413886 dd loc_00413a2b dd loc_00413934 dd loc_00413964 dd loc_00413986 fcn_00413248: push ebx push esi push edi push ebp sub esp, 0x40 mov edi, esp mov esi, ref_00411ff8 ; mov esi, 0x411ff8 movsd ; movsd dword es:[edi], dword ptr [esi] movsd ; movsd dword es:[edi], dword ptr [esi] movsd ; movsd dword es:[edi], dword ptr [esi] movsd ; movsd dword es:[edi], dword ptr [esi] lea edi, [esp + 0x10] mov esi, ref_00412008 ; mov esi, 0x412008 movsd ; movsd dword es:[edi], dword ptr [esi] movsd ; movsd dword es:[edi], dword ptr [esi] movsd ; movsd dword es:[edi], dword ptr [esi] mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [esp + 0x18], eax push 0x183 push 0x280 push 0 push 0 push 0 push 0 push ref_00475043 ; push 0x475043 lea eax, [esp + 0x2c] push eax call fcn_004562cc ; call 0x4562cc add esp, 0x20 xor esi, esi mov dword [esp + 0x30], esi jmp near loc_00413546 ; jmp 0x413546 loc_004132b4: movsx eax, bx sub eax, 0x82 loc_004132bc: mov ebx, esi shl ebx, 3 movsx edx, word [ebx + ref_0048bbc8] ; movsx edx, word [ebx + 0x48bbc8] sar edx, 8 mov dword [esp + 0x24], edx mov dword [esp + 0x3c], eax fild dword [esp + 0x3c] fdiv dword [ref_00463780] ; fdiv dword [0x463780] fstp dword [esp + 0x28] mov dword [esp + 0x3c], edx fild dword [esp + 0x3c] fmul dword [esp + 0x28] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x24] fld dword [esp + 0x28] fmul dword [ref_00463784] ; fmul dword [0x463784] fadd dword [ref_00463784] ; fadd dword [0x463784] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x34] movsx ebp, word [ebx + ref_0048bbc4] ; movsx ebp, word [ebx + 0x48bbc4] add ebp, dword [esp + 0x24] mov ax, word [ebx + ref_0048bbc8] ; mov ax, word [ebx + 0x48bbc8] xor ah, ah and al, 0xf movsx edi, ax mov cx, word [ref_0048bd48] ; mov cx, word [0x48bd48] test cx, cx je near loc_00413447 ; je 0x413447 movsx edx, cx movsx eax, word [ref_0048bd52] ; movsx eax, word [0x48bd52] dec edx imul eax, edx movsx edx, word [ref_0048bd50] ; movsx edx, word [0x48bd50] add eax, 5 add edx, eax mov ecx, dword [ref_0048bd30] ; mov ecx, dword [0x48bd30] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 add eax, ecx movsx edx, word [eax + 0x10] mov dword [esp + 0x3c], edx movsx edx, word [ref_0048bd4e] ; movsx edx, word [0x48bd4e] sub edx, dword [esp + 0x3c] movsx ecx, word [eax + 0x12] mov dword [esp + 0x3c], ecx mov ecx, 0x17c sub ecx, dword [esp + 0x3c] mov dword [esp + 0x38], ecx movsx ecx, word [eax + 0xc] add ecx, edx mov dword [esp + 0x2c], ecx movsx eax, word [eax + 0xe] mov ecx, dword [esp + 0x38] add ecx, eax cmp ebp, edx jle near loc_00413447 ; jle 0x413447 cmp ebp, dword [esp + 0x2c] jge near loc_00413447 ; jge 0x413447 movsx eax, word [ebx + ref_0048bbc6] ; movsx eax, word [ebx + 0x48bbc6] cmp eax, dword [esp + 0x38] jle near loc_00413447 ; jle 0x413447 cmp eax, ecx jge near loc_00413447 ; jge 0x413447 cmp byte [ref_0048bd5a], 0 ; cmp byte [0x48bd5a], 0 jne short loc_00413447 ; jne 0x413447 cmp edi, 4 jne short loc_00413436 ; jne 0x413436 push ref_004750cf ; push 0x4750cf call fcn_004542e9 ; call 0x4542e9 add esp, 4 push 0 push ref_004750d7 ; push 0x4750d7 call fcn_004542ce ; call 0x4542ce add esp, 8 push 1 push 0x127 movsx eax, word [ref_0048bd4e] ; movsx eax, word [0x48bd4e] sub eax, 0x37 push eax mov eax, dword [ref_0048bce8] ; mov eax, dword [0x48bce8] push eax call fcn_00450ced ; call 0x450ced add esp, 0x10 xor eax, eax mov word [ref_0048bd48], ax ; mov word [0x48bd48], ax mov word [ref_0048bd56], 4 ; mov word [0x48bd56], 4 mov dl, 1 mov byte [ref_0048bd5a], dl ; mov byte [0x48bd5a], dl mov byte [ref_0048bd58], dl ; mov byte [0x48bd58], dl jmp short loc_0041343d ; jmp 0x41343d loc_00413436: inc dword [edi*4 + ref_0048bbb4] ; inc dword [edi*4 + 0x48bbb4] loc_0041343d: xor ebx, ebx mov word [esi*8 + ref_0048bbc4], bx ; mov word [esi*8 + 0x48bbc4], bx loc_00413447: mov ebx, esi shl ebx, 3 cmp word [ebx + ref_0048bbc4], 0 ; cmp word [ebx + 0x48bbc4], 0 je near loc_0041352d ; je 0x41352d mov ax, word [ebx + ref_0048bbc8] ; mov ax, word [ebx + 0x48bbc8] xor ah, ah and al, 0xf0 cwde sar eax, 4 mov edx, dword [esp + 0x34] push edx movsx edx, word [ebx + ref_0048bbc6] ; movsx edx, word [ebx + 0x48bbc6] push edx push ebp push eax mov ecx, dword [edi*4 + ref_0048bd14] ; mov ecx, dword [edi*4 + 0x48bd14] push ecx mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_004568c2 ; call 0x4568c2 add esp, 0x18 add word [ebx + ref_0048bbc8], 0x10 ; add word [ebx + 0x48bbc8], 0x10 and byte [ebx + ref_0048bbc8], 0x7f ; and byte [ebx + 0x48bbc8], 0x7f mov dx, word [ebx + ref_0048bbc6] ; mov dx, word [ebx + 0x48bbc6] cmp dx, 0x82 jge short loc_004134e0 ; jge 0x4134e0 mov ax, word [ebx + ref_0048bbca] ; mov ax, word [ebx + 0x48bbca] db 0x05, 0x02, 0x00, 0x00, 0x00 ; add eax, 2 mov word [ebx + ref_0048bbca], ax ; mov word [ebx + 0x48bbca], ax cmp ax, 0x10 jle short loc_004134ce ; jle 0x4134ce mov word [ebx + ref_0048bbca], 0x10 ; mov word [ebx + 0x48bbca], 0x10 loc_004134ce: mov dx, word [esi*8 + ref_0048bbca] ; mov dx, word [esi*8 + 0x48bbca] add word [esi*8 + ref_0048bbc6], dx ; add word [esi*8 + 0x48bbc6], dx jmp short loc_004134f3 ; jmp 0x4134f3 loc_004134e0: xor eax, eax mov al, byte [edi + ref_00475010] ; mov al, byte [edi + 0x475010] mov ecx, edx add ecx, eax mov word [ebx + ref_0048bbc6], cx ; mov word [ebx + 0x48bbc6], cx loc_004134f3: cmp word [esi*8 + ref_0048bbc6], 0x17c ; cmp word [esi*8 + 0x48bbc6], 0x17c jle short loc_0041352d ; jle 0x41352d cmp edi, 4 jne short loc_00413523 ; jne 0x413523 mov di, word [ref_0048bd54] ; mov di, word [0x48bd54] dec di mov word [ref_0048bd54], di ; mov word [0x48bd54], di jne short loc_00413523 ; jne 0x413523 push ref_004750cf ; push 0x4750cf call fcn_004542e9 ; call 0x4542e9 add esp, 4 loc_00413523: xor edx, edx mov word [esi*8 + ref_0048bbc4], dx ; mov word [esi*8 + 0x48bbc4], dx loc_0041352d: cmp word [esi*8 + ref_0048bbc4], 0 ; cmp word [esi*8 + 0x48bbc4], 0 je short loc_00413540 ; je 0x413540 mov dword [esp + 0x30], 1 loc_00413540: inc esi cmp esi, 0x10 jge short loc_0041356e ; jge 0x41356e loc_00413546: mov eax, esi shl eax, 3 cmp word [eax + ref_0048bbc4], 0 ; cmp word [eax + 0x48bbc4], 0 je short loc_00413540 ; je 0x413540 mov bx, word [eax + ref_0048bbc6] ; mov bx, word [eax + 0x48bbc6] cmp bx, 0x82 jge near loc_004132b4 ; jge 0x4132b4 xor eax, eax jmp near loc_004132bc ; jmp 0x4132bc loc_0041356e: movsx eax, word [ref_0048bd42] ; movsx eax, word [0x48bd42] cmp eax, 0xffffffff je short loc_0041359b ; je 0x41359b push 0x7d movsx edx, word [ref_0048bd4a] ; movsx edx, word [0x48bd4a] push edx push eax mov edx, dword [ref_0048bcf4] ; mov edx, dword [0x48bcf4] push edx mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_0045663e ; call 0x45663e add esp, 0x14 loc_0041359b: push 0x7e movsx eax, word [ref_0048bd4c] ; movsx eax, word [0x48bd4c] push eax movsx edx, word [ref_0048bd44] ; movsx edx, word [0x48bd44] mov eax, edx shl eax, 2 sub eax, edx lea edx, [eax + eax] movsx eax, word [ref_0048bd46] ; movsx eax, word [0x48bd46] mov al, byte [edx + eax + ref_00475015] ; mov al, byte [edx + eax + 0x475015] and eax, 0xff push eax mov ebx, dword [ref_0048bce4] ; mov ebx, dword [0x48bce4] push ebx mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_0045663e ; call 0x45663e add esp, 0x14 cmp byte [ref_0048bd58], 2 ; cmp byte [0x48bd58], 2 je near loc_004136c1 ; je 0x4136c1 cmp byte [ref_0048bd5a], 0 ; cmp byte [0x48bd5a], 0 jne near loc_004136c1 ; jne 0x4136c1 lea eax, [esp + 0x1c] push eax call dword [cs:__imp__GetCursorPos@4] ; ucall: call dword cs:[0x4622ec] mov esi, dword [ref_0047504f] ; mov esi, dword [0x47504f] sub esi, dword [esp + 0x1c] cmp esi, 8 jle short loc_0041362d ; jle 0x41362d mov edx, dword [esp + 0x20] push edx push 0 call dword [cs:__imp__SetCursorPos@8] ; ucall: call dword cs:[0x46231c] xor ecx, ecx mov dword [ref_0047504f], ecx ; mov dword [0x47504f], ecx jmp short loc_0041364d ; jmp 0x41364d loc_0041362d: cmp esi, 0xfffffff8 jge short loc_0041364d ; jge 0x41364d mov ebp, dword [esp + 0x20] push ebp push 0x27f call dword [cs:__imp__SetCursorPos@8] ; ucall: call dword cs:[0x46231c] mov dword [ref_0047504f], 0x27f ; mov dword [0x47504f], 0x27f loc_0041364d: movsx esi, word [ref_0048bd4e] ; movsx esi, word [0x48bd4e] sub esi, dword [esp + 0x1c] push esi call _abs ; call 0x458276 add esp, 4 cmp eax, 8 jle short loc_004136c1 ; jle 0x4136c1 test esi, esi jle short loc_0041367d ; jle 0x41367d mov word [ref_0048bd48], 1 ; mov word [0x48bd48], 1 sub word [ref_0048bd4e], 0xa ; sub word [0x48bd4e], 0xa jmp short loc_0041369b ; jmp 0x41369b loc_0041367d: jge short loc_00413692 ; jge 0x413692 mov word [ref_0048bd48], 2 ; mov word [0x48bd48], 2 add word [ref_0048bd4e], 0xa ; add word [0x48bd4e], 0xa jmp short loc_0041369b ; jmp 0x41369b loc_00413692: xor ecx, ecx mov word [ref_0048bd48], cx ; mov word [0x48bd48], cx loc_0041369b: mov bx, word [ref_0048bd50] ; mov bx, word [0x48bd50] inc ebx mov word [ref_0048bd50], bx ; mov word [0x48bd50], bx movsx edx, bx movsx eax, word [ref_0048bd52] ; movsx eax, word [0x48bd52] cmp edx, eax jne short loc_004136c1 ; jne 0x4136c1 xor ecx, ecx mov word [ref_0048bd50], cx ; mov word [0x48bd50], cx loc_004136c1: mov si, word [ref_0048bd48] ; mov si, word [0x48bd48] test si, si jne short loc_004136d6 ; jne 0x4136d6 movsx eax, word [ref_0048bd56] ; movsx eax, word [0x48bd56] jmp short loc_004136f0 ; jmp 0x4136f0 loc_004136d6: movsx eax, si movsx edx, word [ref_0048bd52] ; movsx edx, word [0x48bd52] dec eax imul eax, edx movsx edx, word [ref_0048bd50] ; movsx edx, word [0x48bd50] add eax, 5 add eax, edx loc_004136f0: push 0x17c movsx edx, word [ref_0048bd4e] ; movsx edx, word [0x48bd4e] push edx push eax mov esi, dword [ref_0048bd30] ; mov esi, dword [0x48bd30] push esi mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_0045663e ; call 0x45663e add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov ebp, dword [ref_0048a0e0] ; mov ebp, dword [0x48a0e0] push ebp push 0 push 0 push eax call dword [edx + 0x1c] ; ucall push 1 call fcn_0041417e ; call 0x41417e add esp, 4 movsx eax, word [ref_0048bd42] ; movsx eax, word [0x48bd42] cmp eax, 0xffffffff jne near loc_004137e8 ; jne 0x4137e8 cmp word [ref_0048bd44], 2 ; cmp word [0x48bd44], 2 jge short loc_00413770 ; jge 0x413770 cmp word [ref_0048bd4c], 0x140 ; cmp word [0x48bd4c], 0x140 jg short loc_0041378d ; jg 0x41378d loc_00413770: cmp word [ref_0048bd44], 3 ; cmp word [0x48bd44], 3 jle near loc_00413849 ; jle 0x413849 cmp word [ref_0048bd4c], 0x140 ; cmp word [0x48bd4c], 0x140 jge near loc_00413849 ; jge 0x413849 loc_0041378d: call fcn_004123ba ; call 0x4123ba test eax, eax jne near loc_00413849 ; jne 0x413849 cmp byte [ref_0048bd58], 0 ; cmp byte [0x48bd58], 0 jne near loc_00413849 ; jne 0x413849 call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 0x8c sar edx, 0x1f idiv ecx xor ebx, ebx mov word [ref_0048bd42], bx ; mov word [0x48bd42], bx movsx eax, word [ref_0048bd4c] ; movsx eax, word [0x48bd4c] sub eax, 0x140 test eax, eax jle short loc_004137e0 ; jle 0x4137e0 add edx, 0xa0 loc_004137d7: mov word [ref_0048bd4a], dx ; mov word [0x48bd4a], dx jmp short loc_00413849 ; jmp 0x413849 loc_004137e0: add edx, 0x168 jmp short loc_004137d7 ; jmp 0x4137d7 loc_004137e8: mov di, word [ref_0048bd42] ; mov di, word [0x48bd42] inc edi mov word [ref_0048bd42], di ; mov word [0x48bd42], di cmp di, 8 jne short loc_00413836 ; jne 0x413836 cmp byte [ref_0048bd5a], 0 ; cmp byte [0x48bd5a], 0 jne short loc_00413836 ; jne 0x413836 push 0 push ref_004750bf ; push 0x4750bf call fcn_004542ce ; call 0x4542ce add esp, 8 push 1 push ref_004750cf ; push 0x4750cf call fcn_004542ce ; call 0x4542ce add esp, 8 push 1 movsx eax, word [ref_0048bd4a] ; movsx eax, word [0x48bd4a] push eax call fcn_004123d7 ; call 0x4123d7 add esp, 8 loc_00413836: cmp word [ref_0048bd42], 0xc ; cmp word [0x48bd42], 0xc jne short loc_00413849 ; jne 0x413849 mov word [ref_0048bd42], 0xffff ; mov word [0x48bd42], 0xffff loc_00413849: cmp byte [ref_0048bd58], 1 ; cmp byte [0x48bd58], 1 jne short loc_0041386a ; jne 0x41386a mov edi, 2 mov word [ref_0048bd44], di ; mov word [0x48bd44], di mov word [ref_0048bd46], di ; mov word [0x48bd46], di jmp near loc_00413a2b ; jmp 0x413a2b loc_0041386a: mov ax, word [ref_0048bd44] ; mov ax, word [0x48bd44] cmp ax, 4 ja near loc_00413a2b ; ja 0x413a2b and eax, 0xffff jmp dword [eax*4 + ref_00413234] ; ujmp: jmp dword [eax*4 + 0x413234] loc_00413886: mov bx, word [ref_0048bd46] ; mov bx, word [0x48bd46] cmp bx, 5 jge short loc_004138c7 ; jge 0x4138c7 movsx eax, bx movsx edx, word [ref_0048bd40] ; movsx edx, word [0x48bd40] cmp eax, edx jne short loc_004138b3 ; jne 0x4138b3 push 0 movsx eax, word [ref_0048bd4c] ; movsx eax, word [0x48bd4c] push eax call fcn_004123d7 ; call 0x4123d7 add esp, 8 loc_004138b3: inc word [ref_0048bd46] ; inc word [0x48bd46] add word [ref_0048bd4c], 0xc ; add word [0x48bd4c], 0xc jmp near loc_00413a2b ; jmp 0x413a2b loc_004138c7: cmp word [ref_0048bd4c], 0x140 ; cmp word [0x48bd4c], 0x140 jle short loc_004138e7 ; jle 0x4138e7 call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 4 sar edx, 0x1f idiv ecx test edx, edx je short loc_004138f2 ; je 0x4138f2 loc_004138e7: cmp word [ref_0048bd4c], 0x212 ; cmp word [0x48bd4c], 0x212 jne short loc_004138fd ; jne 0x4138fd loc_004138f2: mov word [ref_0048bd44], 2 ; mov word [0x48bd44], 2 jmp short loc_00413926 ; jmp 0x413926 loc_004138fd: call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 5 sar edx, 0x1f idiv ecx mov word [ref_0048bd40], dx ; mov word [0x48bd40], dx xor edi, edi mov word [ref_0048bd44], di ; mov word [0x48bd44], di add word [ref_0048bd4c], 0xc ; add word [0x48bd4c], 0xc loc_00413926: xor ebx, ebx loc_00413928: mov word [ref_0048bd46], bx ; mov word [0x48bd46], bx jmp near loc_00413a2b ; jmp 0x413a2b loc_00413934: mov si, word [ref_0048bd46] ; mov si, word [0x48bd46] inc esi mov word [ref_0048bd46], si ; mov word [0x48bd46], si cmp si, 5 jne near loc_00413a2b ; jne 0x413a2b mov word [ref_0048bd44], 4 ; mov word [0x48bd44], 4 xor edx, edx mov word [ref_0048bd46], dx ; mov word [0x48bd46], dx jmp near loc_00413a2b ; jmp 0x413a2b loc_00413964: mov ax, word [ref_0048bd46] ; mov ax, word [0x48bd46] inc eax mov word [ref_0048bd46], ax ; mov word [0x48bd46], ax cmp ax, 5 jne near loc_00413a2b ; jne 0x413a2b xor ebx, ebx mov word [ref_0048bd44], bx ; mov word [0x48bd44], bx jmp short loc_00413928 ; jmp 0x413928 loc_00413986: mov cx, word [ref_0048bd46] ; mov cx, word [0x48bd46] cmp cx, 5 jge short loc_004139c4 ; jge 0x4139c4 movsx edx, cx movsx eax, word [ref_0048bd40] ; movsx eax, word [0x48bd40] cmp edx, eax jne short loc_004139b3 ; jne 0x4139b3 push 0 movsx eax, word [ref_0048bd4c] ; movsx eax, word [0x48bd4c] push eax call fcn_004123d7 ; call 0x4123d7 add esp, 8 loc_004139b3: inc word [ref_0048bd46] ; inc word [0x48bd46] sub word [ref_0048bd4c], 0xc ; sub word [0x48bd4c], 0xc jmp short loc_00413a2b ; jmp 0x413a2b loc_004139c4: cmp word [ref_0048bd4c], 0x140 ; cmp word [0x48bd4c], 0x140 jge short loc_004139e4 ; jge 0x4139e4 call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 4 sar edx, 0x1f idiv ecx test edx, edx je short loc_004139ee ; je 0x4139ee loc_004139e4: cmp word [ref_0048bd4c], 0x6e ; cmp word [0x48bd4c], 0x6e jne short loc_004139f9 ; jne 0x4139f9 loc_004139ee: mov word [ref_0048bd44], 3 ; mov word [0x48bd44], 3 jmp short loc_00413a22 ; jmp 0x413a22 loc_004139f9: call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 5 sar edx, 0x1f idiv ecx mov word [ref_0048bd40], dx ; mov word [0x48bd40], dx mov word [ref_0048bd44], 4 ; mov word [0x48bd44], 4 sub word [ref_0048bd4c], 0xc ; sub word [0x48bd4c], 0xc loc_00413a22: xor ecx, ecx mov word [ref_0048bd46], cx ; mov word [0x48bd46], cx loc_00413a2b: cmp dword [esp + 0x30], 0 jne short loc_00413a42 ; jne 0x413a42 cmp byte [ref_0048bd58], 1 ; cmp byte [0x48bd58], 1 jne short loc_00413a42 ; jne 0x413a42 mov byte [ref_0048bd58], 2 ; mov byte [0x48bd58], 2 loc_00413a42: add esp, 0x40 pop ebp pop edi pop esi pop ebx ret fcn_00413a4a: push ebx push esi push edi push ebp sub esp, 0x18 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov edx, dword [ref_0048bd2c] ; mov edx, dword [0x48bd2c] push edx push ref_00463788 ; push 0x463788 lea eax, [esp + 0x18] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x1a5 push 0x31 xor eax, eax mov al, byte [esp + 0x18] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x1a5 push 0x45 xor eax, eax mov al, byte [esp + 0x19] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x1a5 push 0x5e xor edx, edx mov dl, byte [esp + 0x1a] sub edx, 0x30 mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048bcd0] ; mov edx, dword [0x48bcd0] add edx, 0xc add eax, edx push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x1a5 push 0x72 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov ebp, dword [ref_0048bbc0] ; mov ebp, dword [0x48bbc0] push ebp push ref_0046378d ; push 0x46378d lea eax, [esp + 0x18] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x1a5 push 0xb9 xor eax, eax mov al, byte [esp + 0x18] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x1a5 push 0xcd xor eax, eax mov al, byte [esp + 0x19] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov ecx, dword [ref_0048bbb8] ; mov ecx, dword [0x48bbb8] push ecx push ref_0046378d ; push 0x46378d lea eax, [esp + 0x18] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x1a5 push 0x114 xor eax, eax mov al, byte [esp + 0x18] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add edx, eax push edx mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x1a5 push 0x128 xor eax, eax mov al, byte [esp + 0x19] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov edi, dword [ref_0048bbbc] ; mov edi, dword [0x48bbbc] push edi push ref_0046378d ; push 0x46378d lea eax, [esp + 0x18] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x1a5 push 0x16f xor edx, edx mov dl, byte [esp + 0x18] sub edx, 0x30 mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x1a5 push 0x183 xor eax, eax mov al, byte [esp + 0x19] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov edx, dword [ref_0048bbb4] ; mov edx, dword [0x48bbb4] push edx push ref_0046378d ; push 0x46378d lea eax, [esp + 0x18] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x1a5 push 0x1ca xor eax, eax mov al, byte [esp + 0x18] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x1a5 push 0x1de xor eax, eax mov al, byte [esp + 0x19] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov edx, dword [ref_0048bbc0] ; mov edx, dword [0x48bbc0] mov ecx, edx shl ecx, 2 add ecx, edx shl ecx, 2 mov edx, dword [ref_0048bbb8] ; mov edx, dword [0x48bbb8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 add eax, ecx mov ecx, dword [ref_0048bbbc] ; mov ecx, dword [0x48bbbc] shl ecx, 3 add ecx, eax mov edx, dword [ref_0048bbb4] ; mov edx, dword [0x48bbb4] mov eax, edx shl eax, 2 add eax, edx add ecx, eax mov dword [ref_0048bcec], ecx ; mov dword [0x48bcec], ecx push ecx push ref_00463788 ; push 0x463788 lea eax, [esp + 0x18] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x1a5 push 0x225 xor eax, eax mov al, byte [esp + 0x18] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048bcd0] ; mov edx, dword [0x48bcd0] add edx, 0xc add eax, edx push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x1a5 push 0x239 xor eax, eax mov al, byte [esp + 0x19] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add edx, eax push edx mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x1a5 push 0x24d xor eax, eax mov al, byte [esp + 0x1a] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov edx, dword [esp + 0x2c] test edx, edx je near loc_00413eff ; je 0x413eff cmp edx, 1 jne short loc_00413eaa ; jne 0x413eaa mov dword [esp + 4], 0x19f mov dword [esp + 0xc], 0x1c7 mov dword [esp], 0x2c mov dword [esp + 8], 0x261 jmp short loc_00413ec9 ; jmp 0x413ec9 loc_00413eaa: mov dword [esp + 4], 0x19f mov dword [esp + 0xc], 0x1c7 mov dword [esp], 0x2c mov dword [esp + 8], 0x8c loc_00413ec9: mov eax, esp push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] push esi loc_00413ee9: push 0x19f push 0x2c push eax call dword [edx + 0x1c] ; ucall mov eax, esp push eax call fcn_00402250 ; call 0x402250 add esp, 4 loc_00413eff: add esp, 0x18 pop ebp pop edi pop esi pop ebx ret fcn_00413f07: push ebx push esi push edi push ebp sub esp, 0x18 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov edx, dword [ref_0048bd2c] ; mov edx, dword [0x48bd2c] push edx push ref_00463788 ; push 0x463788 lea eax, [esp + 0x18] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x1a5 push 0x31 xor eax, eax mov al, byte [esp + 0x18] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x1a5 push 0x45 xor edx, edx mov dl, byte [esp + 0x19] sub edx, 0x30 mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048bcd0] ; mov edx, dword [0x48bcd0] add edx, 0xc add eax, edx push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x1a5 push 0x5e xor eax, eax mov al, byte [esp + 0x1a] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x1a5 push 0x72 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov ebp, dword [ref_0048bcec] ; mov ebp, dword [0x48bcec] push ebp push ref_00463792 ; push 0x463792 lea eax, [esp + 0x18] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x1a5 push 0x211 xor eax, eax mov al, byte [esp + 0x18] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048bcd0] ; mov edx, dword [0x48bcd0] add edx, 0xc add eax, edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x1a5 push 0x225 xor eax, eax mov al, byte [esp + 0x19] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x1a5 push 0x239 xor eax, eax mov al, byte [esp + 0x1a] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x1a5 push 0x24d xor eax, eax mov al, byte [esp + 0x1b] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov esi, dword [esp + 0x2c] test esi, esi je near loc_00413eff ; je 0x413eff cmp esi, 1 jne short loc_0041413a ; jne 0x41413a mov dword [esp + 4], 0x19f mov dword [esp + 0xc], 0x1c7 mov dword [esp], 0x2c mov dword [esp + 8], 0x261 jmp short loc_00414159 ; jmp 0x414159 loc_0041413a: mov dword [esp + 4], 0x19f mov dword [esp + 0xc], 0x1c7 mov dword [esp], 0x2c mov dword [esp + 8], 0x8c loc_00414159: mov eax, esp push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx jmp near loc_00413ee9 ; jmp 0x413ee9 fcn_0041417e: push ebx push esi push edi push ebp sub esp, 0x18 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048bd2c] ; mov eax, dword [0x48bd2c] sar eax, 1 push eax push ref_00463788 ; push 0x463788 lea eax, [esp + 0x18] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x1a5 push 0x31 xor eax, eax mov al, byte [esp + 0x18] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x1a5 push 0x45 xor eax, eax mov al, byte [esp + 0x19] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x1a5 push 0x5e xor eax, eax mov al, byte [esp + 0x1a] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x1a5 push 0x72 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov edi, dword [ref_0048bbb4] ; mov edi, dword [0x48bbb4] push edi push ref_0046378d ; push 0x46378d lea eax, [esp + 0x18] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x1a5 push 0xb9 xor edx, edx mov dl, byte [esp + 0x18] sub edx, 0x30 mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x1a5 push 0xcd xor eax, eax mov al, byte [esp + 0x19] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov edx, dword [ref_0048bbb8] ; mov edx, dword [0x48bbb8] push edx push ref_0046378d ; push 0x46378d lea eax, [esp + 0x18] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x1a5 push 0x114 xor eax, eax mov al, byte [esp + 0x18] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add edx, eax push edx mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x1a5 push 0x128 xor eax, eax mov al, byte [esp + 0x19] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov esi, dword [ref_0048bbbc] ; mov esi, dword [0x48bbbc] push esi push ref_0046378d ; push 0x46378d lea eax, [esp + 0x18] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x1a5 push 0x16f xor edx, edx mov dl, byte [esp + 0x18] sub edx, 0x30 mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048bcd0] ; mov edx, dword [0x48bcd0] add edx, 0xc add eax, edx push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x1a5 push 0x183 xor edx, edx mov dl, byte [esp + 0x19] sub edx, 0x30 mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048bbc0] ; mov eax, dword [0x48bbc0] push eax push ref_0046378d ; push 0x46378d lea eax, [esp + 0x18] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x1a5 push 0x1ca xor eax, eax mov al, byte [esp + 0x18] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048bcd0] ; mov edx, dword [0x48bcd0] add edx, 0xc add eax, edx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x1a5 push 0x1de xor eax, eax mov al, byte [esp + 0x19] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov edx, dword [ref_0048bbb8] ; mov edx, dword [0x48bbb8] mov ecx, edx shl ecx, 2 add ecx, edx mov edx, dword [ref_0048bbb4] ; mov edx, dword [0x48bbb4] mov eax, edx shl eax, 2 add eax, edx add eax, eax add ecx, eax mov edx, dword [ref_0048bbbc] ; mov edx, dword [0x48bbbc] mov eax, edx shl eax, 2 sub eax, edx add eax, ecx mov edx, dword [ref_0048bbc0] ; mov edx, dword [0x48bbc0] add edx, eax mov dword [ref_0048bcec], edx ; mov dword [0x48bcec], edx push edx push ref_00463788 ; push 0x463788 lea eax, [esp + 0x18] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x1a5 push 0x225 xor eax, eax mov al, byte [esp + 0x18] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048bcd0] ; mov edx, dword [0x48bcd0] add edx, 0xc add eax, edx push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x1a5 push 0x239 xor eax, eax mov al, byte [esp + 0x19] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048bcd0] ; mov edx, dword [0x48bcd0] add edx, 0xc add eax, edx push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x1a5 push 0x24d xor eax, eax mov al, byte [esp + 0x1a] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov eax, dword [esp + 0x2c] test eax, eax je near loc_00413eff ; je 0x413eff cmp eax, 1 jne short loc_004145d7 ; jne 0x4145d7 mov dword [esp + 4], 0x19f mov dword [esp + 0xc], 0x1c7 mov dword [esp], 0x2c mov dword [esp + 8], 0x261 jmp short loc_004145f6 ; jmp 0x4145f6 loc_004145d7: mov dword [esp + 4], 0x19f mov dword [esp + 0xc], 0x1c7 mov dword [esp], 0x2c mov dword [esp + 8], 0x8c loc_004145f6: mov eax, esp push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] push ebx jmp near loc_00413ee9 ; jmp 0x413ee9 fcn_0041461b: push ebx push esi push edi mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0 push 0 mov eax, dword [ref_0048bd34] ; mov eax, dword [0x48bd34] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 cmp dword [esp + 0x10], 0 je near loc_004146d0 ; je 0x4146d0 xor esi, esi jmp short loc_00414665 ; jmp 0x414665 loc_0041465f: inc esi cmp esi, 9 jge short loc_004146d0 ; jge 0x4146d0 loc_00414665: xor ebx, ebx jmp short loc_0041466f ; jmp 0x41466f loc_00414669: inc ebx cmp ebx, 9 jge short loc_0041465f ; jge 0x41465f loc_0041466f: mov eax, esi shl eax, 3 lea edx, [esi + eax] shl edx, 3 mov eax, ebx shl eax, 3 add eax, edx test byte [eax + ref_00474d80], 0xf ; test byte [eax + 0x474d80], 0xf je short loc_00414669 ; je 0x414669 movsx edx, word [eax + ref_00474d7e] ; movsx edx, word [eax + 0x474d7e] push edx movsx edx, word [eax + ref_00474d7c] ; movsx edx, word [eax + 0x474d7c] push edx mov ax, word [eax + ref_00474d80] ; mov ax, word [eax + 0x474d80] xor ah, ah and al, 0xf cwde lea edx, [eax + 3] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048bd34] ; mov edx, dword [0x48bd34] add edx, 0xc add eax, edx push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_00456418 ; call 0x456418 add esp, 0x10 jmp short loc_00414669 ; jmp 0x414669 loc_004146d0: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 call fcn_00413a4a ; call 0x413a4a add esp, 4 pop edi pop esi pop ebx ret fcn_004146ee: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0 push 0 mov eax, dword [ref_0048bd34] ; mov eax, dword [0x48bd34] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 call fcn_00413f07 ; call 0x413f07 add esp, 4 ret fcn_0041473b: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0 push 0 push ref_00475043 ; push 0x475043 mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall call fcn_00413248 ; call 0x413248 push 0 call fcn_0041417e ; call 0x41417e add esp, 4 ret fcn_00414789: push ebx push esi push edi sub esp, 8 mov edx, dword [ref_0048bcec] ; mov edx, dword [0x48bcec] push edx push ref_0046377c ; push 0x46377c lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov eax, esp push eax call _strlen ; call 0x45825d add esp, 4 mov edi, eax shl eax, 5 lea edx, [edi + eax] add edx, edx mov eax, edx sar edx, 0x1f sub eax, edx sar eax, 1 mov esi, 0x161 sub esi, eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall xor ebx, ebx loc_004147e5: cmp ebx, edi jge short loc_00414824 ; jge 0x414824 push 0x96 push esi xor edx, edx mov dl, byte [esp + ebx + 8] sub edx, 0x26 mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] add eax, 0xc add eax, edx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 inc ebx add esi, 0x42 jmp short loc_004147e5 ; jmp 0x4147e5 loc_00414824: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 push ref_0046cadc ; push 0x46cadc mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] push ebx push 0 push 0 push eax call dword [edx + 0x1c] ; ucall add esp, 8 pop edi pop esi pop ebx ret fcn_00414858: push ebx push esi push edi push ebp mov ebx, dword [esp + 0x14] mov eax, dword [esp + 0x18] mov ecx, dword [esp + 0x20] cmp eax, 0x201 jb short loc_0041489e ; jb 0x41489e jbe near loc_00414aa9 ; jbe 0x414aa9 cmp eax, 0x401 jb short loc_0041488e ; jb 0x41488e jbe short loc_004148b9 ; jbe 0x4148b9 cmp eax, 0x405 je near loc_00414a51 ; je 0x414a51 jmp near loc_00414b8e ; jmp 0x414b8e loc_0041488e: cmp eax, 0x203 je near loc_00414aa9 ; je 0x414aa9 jmp near loc_00414b8e ; jmp 0x414b8e loc_0041489e: cmp eax, 0xf jb near loc_00414b8e ; jb 0x414b8e jbe near loc_00414b62 ; jbe 0x414b62 cmp eax, 0x113 je short loc_00414900 ; je 0x414900 jmp near loc_00414b8e ; jmp 0x414b8e loc_004148b9: mov dword [ref_0048bd2c], 0x96 ; mov dword [0x48bd2c], 0x96 mov dword [ref_0048bd7c], 0xa ; mov dword [0x48bd7c], 0xa push 1 call fcn_0041461b ; call 0x41461b add esp, 4 push 0 push 0x64 mov ebp, dword [_callbackSize] ; mov ebp, dword [0x46cad8] push ebp push ebx call dword [cs:__imp__SetTimer@16] ; ucall: call dword cs:[0x462324] mov dword [ref_0048bd78], eax ; mov dword [0x48bd78], eax push 0 push 0 push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_00414a4a ; jmp 0x414a4a loc_00414900: cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je near loc_00414a4a ; je 0x414a4a mov eax, dword [esp + 0x1c] cmp eax, dword [_callbackSize] ; cmp eax, dword [0x46cad8] jne near loc_00414a4a ; jne 0x414a4a mov eax, dword [ref_0048bd2c] ; mov eax, dword [0x48bd2c] dec eax cmp byte [ref_0048bd58], 2 ; cmp byte [0x48bd58], 2 jne short loc_00414957 ; jne 0x414957 mov dword [ref_0048bd2c], eax ; mov dword [0x48bd2c], eax test eax, eax jne near loc_00414a4a ; jne 0x414a4a mov esi, dword [ref_0048bd78] ; mov esi, dword [0x48bd78] push esi push ebx call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] push 0 call _Post_0402_Message ; call 0x401966 loc_0041494f: add esp, 4 jmp near loc_00414a4a ; jmp 0x414a4a loc_00414957: mov edi, dword [ref_0048bd7c] ; mov edi, dword [0x48bd7c] test edi, edi je short loc_00414986 ; je 0x414986 lea edx, [edi - 1] mov dword [ref_0048bd7c], edx ; mov dword [0x48bd7c], edx test edx, edx jne near loc_00414a4a ; jne 0x414a4a push edx push edx push 0x405 push ebx call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] jmp near loc_00414a4a ; jmp 0x414a4a loc_00414986: cmp dword [ref_0048bd2c], 0 ; cmp dword [0x48bd2c], 0 jle near loc_00414a0a ; jle 0x414a0a push 2 mov dword [ref_0048bd2c], eax ; mov dword [0x48bd2c], eax call fcn_00413a4a ; call 0x413a4a add esp, 4 cmp dword [ref_0048bd2c], 0 ; cmp dword [0x48bd2c], 0 jne short loc_00414a0a ; jne 0x414a0a push ref_00475057 ; push 0x475057 call fcn_004542e9 ; call 0x4542e9 add esp, 4 and dword [ref_0048bcc4], 0xf00 ; and dword [0x48bcc4], 0xf00 mov ecx, dword [ref_0048bcec] ; mov ecx, dword [0x48bcec] cmp ecx, 0x28 jge short loc_004149e8 ; jge 0x4149e8 mov dword [ref_0048bccc], 5 ; mov dword [0x48bccc], 5 push 1 push ref_0047506f ; push 0x47506f loc_004149de: call fcn_004542ce ; call 0x4542ce add esp, 8 jmp short loc_00414a0a ; jmp 0x414a0a loc_004149e8: cmp ecx, 0x37 jle short loc_00414a00 ; jle 0x414a00 mov dword [ref_0048bccc], 4 ; mov dword [0x48bccc], 4 push 1 push ref_00475067 ; push 0x475067 jmp short loc_004149de ; jmp 0x4149de loc_00414a00: mov dword [ref_0048bccc], 6 ; mov dword [0x48bccc], 6 loc_00414a0a: call fcn_004124c8 ; call 0x4124c8 cmp byte [ref_0048bd58], 1 ; cmp byte [0x48bd58], 1 jne near loc_00414a4a ; jne 0x414a4a mov byte [ref_0048bd58], 2 ; mov byte [0x48bd58], 2 mov dword [ref_0048bd2c], 0x14 ; mov dword [0x48bd2c], 0x14 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 1 push 0x29 call fcn_004021f8 ; call 0x4021f8 add esp, 0xc call fcn_00414789 ; call 0x414789 loc_00414a4a: xor eax, eax jmp near loc_00414b9d ; jmp 0x414b9d loc_00414a51: push 0xffffffffffffffff push 1 push 0 push 0 mov edx, dword [ref_0048bd3c] ; mov edx, dword [0x48bd3c] push edx call fcn_0045144f ; call 0x45144f add esp, 0x14 push 0 call fcn_0041461b ; call 0x41461b add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov ecx, dword [eax] push 0x10 push ref_0046cadc ; push 0x46cadc mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] push ebx push 0 push 0 push eax call dword [ecx + 0x1c] ; ucall push 0 push 1 push 0x2a call fcn_004021f8 ; call 0x4021f8 add esp, 0xc push 1 call fcn_00402460 ; call 0x402460 jmp near loc_0041494f ; jmp 0x41494f loc_00414aa9: cmp byte [ref_0048bd58], 2 ; cmp byte [0x48bd58], 2 jne short loc_00414abe ; jne 0x414abe mov dword [ref_0048bd2c], 1 ; mov dword [0x48bd2c], 1 jmp short loc_00414a4a ; jmp 0x414a4a loc_00414abe: cmp dword [ref_0048bccc], 0 ; cmp dword [0x48bccc], 0 jne short loc_00414a4a ; jne 0x414a4a cmp byte [ref_0048bd58], 0 ; cmp byte [0x48bd58], 0 jne near loc_00414a4a ; jne 0x414a4a cmp dword [ref_0048bd7c], 0 ; cmp dword [0x48bd7c], 0 jne near loc_00414a4a ; jne 0x414a4a xor ebx, ebx mov bx, cx mov eax, ecx shr eax, 0x10 and eax, 0xffff and eax, 0xffff mov ecx, eax shl ecx, 2 add ecx, eax shl ecx, 7 mov eax, dword [ref_0048bd38] ; mov eax, dword [0x48bd38] add ecx, eax mov cl, byte [ecx + ebx] and ecx, 0xff mov ebx, 9 mov eax, ecx mov edx, ecx sar edx, 0x1f idiv ebx mov ebx, edx mov esi, 9 mov eax, ecx mov edx, ecx sar edx, 0x1f idiv esi push eax push ebx call fcn_0041211c ; call 0x41211c add esp, 8 test eax, eax je near loc_00414a4a ; je 0x414a4a call fcn_00412287 ; call 0x412287 mov dword [ref_0048bccc], 2 ; mov dword [0x48bccc], 2 push 1 push ref_00475057 ; push 0x475057 call fcn_004542ce ; call 0x4542ce add esp, 8 jmp near loc_00414a4a ; jmp 0x414a4a loc_00414b62: mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov ecx, dword [eax] push 0x10 push ref_0046cadc ; push 0x46cadc mov edi, dword [ref_0048a0e0] ; mov edi, dword [0x48a0e0] push edi push 0 push 0 push eax call dword [ecx + 0x1c] ; ucall push 0 push ebx call dword [cs:__imp__ValidateRect@8] ; ucall: call dword cs:[0x462340] jmp near loc_00414a4a ; jmp 0x414a4a loc_00414b8e: push ecx mov ebp, dword [esp + 0x20] push ebp loc_00414b94: push eax push ebx call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] loc_00414b9d: pop ebp pop edi pop esi pop ebx ret 0x10 ref_00414ba4: ; may contain a jump table dd loc_00414e8d dd loc_00414e99 dd loc_00414ea2 dd loc_00414eae dd loc_00414eba dd loc_00414ebe fcn_00414bbc: push ebx push esi push edi push ebp mov ebx, dword [esp + 0x14] mov eax, dword [esp + 0x18] mov edx, dword [esp + 0x20] cmp eax, 0x201 jb short loc_00414c02 ; jb 0x414c02 jbe near loc_00414d9f ; jbe 0x414d9f cmp eax, 0x401 jb short loc_00414bf2 ; jb 0x414bf2 jbe short loc_00414c1d ; jbe 0x414c1d cmp eax, 0x405 je near loc_00414d51 ; je 0x414d51 jmp near loc_00414fc2 ; jmp 0x414fc2 loc_00414bf2: cmp eax, 0x203 je near loc_00414d9f ; je 0x414d9f jmp near loc_00414fc2 ; jmp 0x414fc2 loc_00414c02: cmp eax, 0xf jb near loc_00414fc2 ; jb 0x414fc2 jbe near loc_00414f6b ; jbe 0x414f6b cmp eax, 0x113 je short loc_00414c69 ; je 0x414c69 jmp near loc_00414fc2 ; jmp 0x414fc2 loc_00414c1d: mov dword [ref_0048bd2c], 0x96 ; mov dword [0x48bd2c], 0x96 mov dword [ref_0048bd84], 0x63 ; mov dword [0x48bd84], 0x63 call fcn_004146ee ; call 0x4146ee push 0 push 0x64 mov ebp, dword [_callbackSize] ; mov ebp, dword [0x46cad8] push ebp push ebx call dword [cs:__imp__SetTimer@16] ; ucall: call dword cs:[0x462324] mov dword [ref_0048bd80], eax ; mov dword [0x48bd80], eax push 0 push 0 push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 call fcn_004024a9 ; call 0x4024a9 loc_00414c61: add esp, 4 jmp near loc_00414a4a ; jmp 0x414a4a loc_00414c69: cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je near loc_00414a4a ; je 0x414a4a mov eax, dword [esp + 0x1c] cmp eax, dword [_callbackSize] ; cmp eax, dword [0x46cad8] jne near loc_00414a4a ; jne 0x414a4a mov ecx, dword [ref_0048bd84] ; mov ecx, dword [0x48bd84] test ecx, ecx je short loc_00414cb5 ; je 0x414cb5 lea edx, [ecx - 1] mov dword [ref_0048bd84], edx ; mov dword [0x48bd84], edx test edx, edx jne near loc_00414a4a ; jne 0x414a4a push edx push edx push 0x405 push ebx call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] jmp near loc_00414a4a ; jmp 0x414a4a loc_00414cb5: mov dh, byte [ref_0048bd59] ; mov dh, byte [0x48bd59] test dh, dh je short loc_00414cc9 ; je 0x414cc9 mov cl, dh dec cl mov byte [ref_0048bd59], cl ; mov byte [0x48bd59], cl loc_00414cc9: mov esi, dword [ref_0048bd2c] ; mov esi, dword [0x48bd2c] test esi, esi je short loc_00414ce7 ; je 0x414ce7 lea edi, [esi - 1] mov dword [ref_0048bd2c], edi ; mov dword [0x48bd2c], edi test edi, edi jne short loc_00414ce7 ; jne 0x414ce7 mov byte [ref_0048bd58], 1 ; mov byte [0x48bd58], 1 loc_00414ce7: push 2 call fcn_00413f07 ; call 0x413f07 add esp, 4 call fcn_00412f6f ; call 0x412f6f cmp byte [ref_0048bd58], 2 ; cmp byte [0x48bd58], 2 jne near loc_00414a4a ; jne 0x414a4a push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 1 push 0x29 call fcn_004021f8 ; call 0x4021f8 add esp, 0xc mov eax, dword [ref_0048bd80] ; mov eax, dword [0x48bd80] push eax push ebx call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] push 1 call fcn_004024a9 ; call 0x4024a9 add esp, 4 call fcn_00414789 ; call 0x414789 push 0x7d0 call fcn_0045285e ; call 0x45285e add esp, 4 push 0 call _Post_0402_Message ; call 0x401966 jmp near loc_00414c61 ; jmp 0x414c61 loc_00414d51: push 0xffffffffffffffff push 1 push 0 push 0 mov edx, dword [ref_0048bd3c] ; mov edx, dword [0x48bd3c] push edx call fcn_0045144f ; call 0x45144f add esp, 0x14 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 push ref_0046cadc ; push 0x46cadc mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx push 0 push 0 push eax call dword [edx + 0x1c] ; ucall push 5 push 3 push 9 call fcn_004021f8 ; call 0x4021f8 add esp, 0xc push 1 call fcn_00402460 ; call 0x402460 jmp near loc_00414c61 ; jmp 0x414c61 loc_00414d9f: cmp byte [ref_0048bd58], 2 ; cmp byte [0x48bd58], 2 je near loc_00414a4a ; je 0x414a4a cmp dword [ref_0048bd84], 0 ; cmp dword [0x48bd84], 0 jne near loc_00414a4a ; jne 0x414a4a xor edi, edi mov di, dx mov eax, edx shr eax, 0x10 and eax, 0xffff movzx ebp, ax xor ebx, ebx jmp near loc_00414f26 ; jmp 0x414f26 loc_00414dd2: movsx edx, word [eax + ref_0048bc44] ; movsx edx, word [eax + 0x48bc44] lea ecx, [edx - 0x12] add edx, 0x12 movsx eax, word [eax + ref_0048bc46] ; movsx eax, word [eax + 0x48bc46] lea esi, [eax - 0x1a] add eax, 0x1a loc_00414dec: cmp edi, ecx jl near loc_00414f0d ; jl 0x414f0d cmp edi, edx jg near loc_00414f0d ; jg 0x414f0d cmp ebp, esi jl near loc_00414f0d ; jl 0x414f0d cmp ebp, eax jg near loc_00414f0d ; jg 0x414f0d push 0 push ref_004750af ; push 0x4750af call fcn_004542ce ; call 0x4542ce add esp, 8 mov dx, word [ebx*8 + ref_0048bc48] ; mov dx, word [ebx*8 + 0x48bc48] cmp dx, 0xa jb short loc_00414e36 ; jb 0x414e36 jbe short loc_00414e51 ; jbe 0x414e51 cmp dx, 0xb je short loc_00414e5c ; je 0x414e5c jmp near loc_00414ece ; jmp 0x414ece loc_00414e36: cmp dx, 9 jne near loc_00414ece ; jne 0x414ece mov eax, dword [ref_0048bcec] ; mov eax, dword [0x48bcec] add eax, eax loc_00414e47: mov dword [ref_0048bcec], eax ; mov dword [0x48bcec], eax jmp near loc_00414ef7 ; jmp 0x414ef7 loc_00414e51: sar dword [ref_0048bcec], 1 ; sar dword [0x48bcec], 1 jmp near loc_00414ef7 ; jmp 0x414ef7 loc_00414e5c: xor dh, dh mov byte [ref_0048bd59], dh ; mov byte [0x48bd59], dh xor ecx, ecx mov dword [ref_0048bcc8], ecx ; mov dword [0x48bcc8], ecx call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 6 sar edx, 0x1f idiv ecx cmp edx, 5 ja near loc_00414ef7 ; ja 0x414ef7 jmp dword [edx*4 + ref_00414ba4] ; ujmp: jmp dword [edx*4 + 0x414ba4] loc_00414e8d: mov dword [ref_0048bd2c], 1 ; mov dword [0x48bd2c], 1 jmp short loc_00414ef7 ; jmp 0x414ef7 loc_00414e99: mov byte [ref_0048bd59], 0x14 ; mov byte [0x48bd59], 0x14 jmp short loc_00414ef7 ; jmp 0x414ef7 loc_00414ea2: mov dword [ref_0048bcc8], 0xffffffff ; mov dword [0x48bcc8], 0xffffffff jmp short loc_00414ef7 ; jmp 0x414ef7 loc_00414eae: mov dword [ref_0048bcc8], 1 ; mov dword [0x48bcc8], 1 jmp short loc_00414ef7 ; jmp 0x414ef7 loc_00414eba: xor eax, eax jmp short loc_00414e47 ; jmp 0x414e47 loc_00414ebe: mov esi, dword [ref_0048bcec] ; mov esi, dword [0x48bcec] add esi, esi mov dword [ref_0048bcec], esi ; mov dword [0x48bcec], esi jmp short loc_00414ef7 ; jmp 0x414ef7 loc_00414ece: movsx eax, word [ebx*8 + ref_0048bc48] ; movsx eax, word [ebx*8 + 0x48bc48] inc eax mov edx, dword [ref_0048bcec] ; mov edx, dword [0x48bcec] add edx, eax mov dword [ref_0048bcec], edx ; mov dword [0x48bcec], edx cmp edx, 0x3e8 jl short loc_00414ef7 ; jl 0x414ef7 mov dword [ref_0048bcec], 0x3e7 ; mov dword [0x48bcec], 0x3e7 loc_00414ef7: push 1 call fcn_00413f07 ; call 0x413f07 add esp, 4 mov word [ebx*8 + ref_0048bc48], 0x3c ; mov word [ebx*8 + 0x48bc48], 0x3c jmp short loc_00414f1c ; jmp 0x414f1c loc_00414f0d: push 0 push ref_004750a7 ; push 0x4750a7 call fcn_004542ce ; call 0x4542ce add esp, 8 loc_00414f1c: inc ebx cmp ebx, 0x10 jge near loc_00414a4a ; jge 0x414a4a loc_00414f26: mov eax, ebx shl eax, 3 cmp word [eax + ref_0048bc44], 0 ; cmp word [eax + 0x48bc44], 0 je short loc_00414f1c ; je 0x414f1c test byte [eax + ref_0048bc48], 0xf0 ; test byte [eax + 0x48bc48], 0xf0 jne short loc_00414f1c ; jne 0x414f1c cmp word [eax + ref_0048bc48], 6 ; cmp word [eax + 0x48bc48], 6 jge near loc_00414dd2 ; jge 0x414dd2 movsx edx, word [eax + ref_0048bc44] ; movsx edx, word [eax + 0x48bc44] lea ecx, [edx - 0x16] add edx, 0x16 movsx eax, word [eax + ref_0048bc46] ; movsx eax, word [eax + 0x48bc46] lea esi, [eax - 0x1e] add eax, 0x1e jmp near loc_00414dec ; jmp 0x414dec loc_00414f6b: push 0 call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 push ref_0046cadc ; push 0x46cadc mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] push esi push 0 push 0 push eax call dword [edx + 0x1c] ; ucall push 0 call fcn_00402250 ; call 0x402250 add esp, 4 push 0 push ebx call dword [cs:__imp__ValidateRect@8] ; ucall: call dword cs:[0x462340] cmp dword [ref_0048bd84], 0x63 ; cmp dword [0x48bd84], 0x63 jne near loc_00414a4a ; jne 0x414a4a mov dword [ref_0048bd84], 5 ; mov dword [0x48bd84], 5 jmp near loc_00414a4a ; jmp 0x414a4a loc_00414fc2: push edx mov edx, dword [esp + 0x20] push edx jmp near loc_00414b94 ; jmp 0x414b94 fcn_00414fcd: push ebx push edi push ebp sub esp, 8 mov ebx, dword [esp + 0x18] mov eax, dword [esp + 0x1c] cmp eax, 0x113 jb short loc_00415001 ; jb 0x415001 jbe short loc_00415051 ; jbe 0x415051 cmp eax, 0x401 jb near loc_004151fd ; jb 0x4151fd jbe short loc_0041500f ; jbe 0x41500f cmp eax, 0x405 je near loc_0041518a ; je 0x41518a jmp near loc_004151fd ; jmp 0x4151fd loc_00415001: cmp eax, 0xf je near loc_004151c1 ; je 0x4151c1 jmp near loc_004151fd ; jmp 0x4151fd loc_0041500f: mov dword [ref_0048bd2c], 0x168 ; mov dword [0x48bd2c], 0x168 mov dword [ref_0048bd8c], 0x63 ; mov dword [0x48bd8c], 0x63 call fcn_0041473b ; call 0x41473b push 0 push 0x32 mov edi, dword [_callbackSize] ; mov edi, dword [0x46cad8] push edi push ebx call dword [cs:__imp__SetTimer@16] ; ucall: call dword cs:[0x462324] mov dword [ref_0048bd88], eax ; mov dword [0x48bd88], eax push 0 push 0 push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_0041517f ; jmp 0x41517f loc_00415051: cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je near loc_0041517f ; je 0x41517f mov eax, dword [esp + 0x20] cmp eax, dword [_callbackSize] ; cmp eax, dword [0x46cad8] jne near loc_0041517f ; jne 0x41517f mov eax, dword [ref_0048bd8c] ; mov eax, dword [0x48bd8c] test eax, eax je short loc_0041509c ; je 0x41509c lea ecx, [eax - 1] mov dword [ref_0048bd8c], ecx ; mov dword [0x48bd8c], ecx test ecx, ecx jne near loc_00415156 ; jne 0x415156 push ecx push ecx push 0x405 push ebx call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] jmp near loc_00415156 ; jmp 0x415156 loc_0041509c: mov edx, dword [ref_0048bd2c] ; mov edx, dword [0x48bd2c] test edx, edx je short loc_004150ba ; je 0x4150ba lea ecx, [edx - 1] mov dword [ref_0048bd2c], ecx ; mov dword [0x48bd2c], ecx test ecx, ecx jne short loc_004150ba ; jne 0x4150ba mov byte [ref_0048bd58], 1 ; mov byte [0x48bd58], 1 loc_004150ba: push 2 call fcn_0041417e ; call 0x41417e add esp, 4 call fcn_00413248 ; call 0x413248 cmp byte [ref_0048bd58], 2 ; cmp byte [0x48bd58], 2 jne near loc_00415156 ; jne 0x415156 mov edi, dword [ref_0048bd88] ; mov edi, dword [0x48bd88] push edi push ebx call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] cmp word [ref_0048bd56], 4 ; cmp word [0x48bd56], 4 je short loc_00415135 ; je 0x415135 xor ebx, ebx mov word [ref_0048bd48], bx ; mov word [0x48bd48], bx mov ebp, dword [ref_0048bcec] ; mov ebp, dword [0x48bcec] cmp ebp, 0x28 jge short loc_0041510e ; jge 0x41510e mov word [ref_0048bd56], 1 ; mov word [0x48bd56], 1 jmp short loc_00415135 ; jmp 0x415135 loc_0041510e: cmp ebp, 0x32 jge short loc_0041511e ; jge 0x41511e mov word [ref_0048bd56], 2 ; mov word [0x48bd56], 2 jmp short loc_00415135 ; jmp 0x415135 loc_0041511e: cmp ebp, 0x3c jge short loc_0041512c ; jge 0x41512c mov word [ref_0048bd56], bx ; mov word [0x48bd56], bx jmp short loc_00415135 ; jmp 0x415135 loc_0041512c: mov word [ref_0048bd56], 3 ; mov word [0x48bd56], 3 loc_00415135: call fcn_0041473b ; call 0x41473b call fcn_00414789 ; call 0x414789 push 0x7d0 call fcn_0045285e ; call 0x45285e add esp, 4 push 0 call _Post_0402_Message ; call 0x401966 add esp, 4 loc_00415156: cmp byte [ref_0048bd5a], 0 ; cmp byte [0x48bd5a], 0 je near loc_0041517f ; je 0x41517f call fcn_00450f04 ; call 0x450f04 test eax, eax jne near loc_0041517f ; jne 0x41517f xor bh, bh mov byte [ref_0048bd5a], bh ; mov byte [0x48bd5a], bh mov byte [ref_0048bd58], 2 ; mov byte [0x48bd58], 2 loc_0041517f: xor eax, eax loc_00415181: add esp, 8 pop ebp pop edi pop ebx ret 0x10 loc_0041518a: push 0xffffffffffffffff push 1 push 0 push 0 mov edx, dword [ref_0048bd3c] ; mov edx, dword [0x48bd3c] push edx call fcn_0045144f ; call 0x45144f add esp, 0x14 push 0 push 0 push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov eax, esp push eax call dword [cs:__imp__GetCursorPos@4] ; ucall: call dword cs:[0x4622ec] mov eax, dword [esp] mov dword [ref_0047504f], eax ; mov dword [0x47504f], eax jmp short loc_0041517f ; jmp 0x41517f loc_004151c1: mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 push ref_0046cadc ; push 0x46cadc mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx push 0 push 0 push eax call dword [edx + 0x1c] ; ucall push 0 push ebx call dword [cs:__imp__ValidateRect@8] ; ucall: call dword cs:[0x462340] cmp dword [ref_0048bd8c], 0x63 ; cmp dword [0x48bd8c], 0x63 jne short loc_0041517f ; jne 0x41517f mov dword [ref_0048bd8c], 0xa ; mov dword [0x48bd8c], 0xa jmp short loc_0041517f ; jmp 0x41517f loc_004151fd: mov edi, dword [esp + 0x24] push edi mov ebp, dword [esp + 0x24] push ebp push eax push ebx call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_00415181 ; jmp 0x415181 fcn_00415215: push ebx push esi push edi push ebp sub esp, 0x80 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne near loc_00415457 ; jne 0x415457 cmp byte [ref_00497159], 0 ; cmp byte [0x497159], 0 je near loc_00415457 ; je 0x415457 push ref_00475057 ; push 0x475057 call fcn_00454176 ; call 0x454176 add esp, 4 push 0 push 0 push 0x4e mov ebp, dword [ref_0048a05c] ; mov ebp, dword [0x48a05c] push ebp call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048bd3c], eax ; mov dword [0x48bd3c], eax push 0 push 0 push 0x4f mov eax, dword [ref_0048a05c] ; mov eax, dword [0x48a05c] push eax call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048bcd0], eax ; mov dword [0x48bcd0], eax push 0 push 0 push 0x50 mov edx, dword [ref_0048a05c] ; mov edx, dword [0x48a05c] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048bd34], eax ; mov dword [0x48bd34], eax push 0 push 0 push 0x51 mov ecx, dword [ref_0048a05c] ; mov ecx, dword [0x48a05c] push ecx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048bd38], eax ; mov dword [0x48bd38], eax push 0 push 0 push 0x52 mov ebx, dword [ref_0048a05c] ; mov ebx, dword [0x48a05c] push ebx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048bcf8], eax ; mov dword [0x48bcf8], eax push 0 push 0 push 0x53 mov esi, dword [ref_0048a05c] ; mov esi, dword [0x48a05c] push esi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048bd28], eax ; mov dword [0x48bd28], eax push 0 push 0 push 0x54 mov edi, dword [ref_0048a05c] ; mov edi, dword [0x48a05c] push edi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048bcd8], eax ; mov dword [0x48bcd8], eax push 0 push 0 push 0x55 mov ebp, dword [ref_0048a05c] ; mov ebp, dword [0x48a05c] push ebp call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048bcd4], eax ; mov dword [0x48bcd4], eax xor ebx, ebx loc_0041531e: push 0 push 0 lea eax, [ebx + 0x56] push eax mov eax, dword [ref_0048a05c] ; mov eax, dword [0x48a05c] push eax call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx*4 + ref_0048bd14], eax ; mov dword [ebx*4 + 0x48bd14], eax inc ebx cmp ebx, 5 jl short loc_0041531e ; jl 0x41531e mov dword [ref_0048bd04], 0x20000 ; mov dword [0x48bd04], 0x20000 mov dword [ref_0048bd08], 0x60000 ; mov dword [0x48bd08], 0x60000 xor ebx, ebx mov dword [ref_0048bcec], ebx ; mov dword [0x48bcec], ebx mov dword [ref_0048bcf0], 0xffffffff ; mov dword [0x48bcf0], 0xffffffff xor edi, edi mov dword [ref_0048bccc], ebx ; mov dword [0x48bccc], ebx mov dword [ref_0048bcc4], ebx ; mov dword [0x48bcc4], ebx push 0x10 push ebx push ref_0048bbb4 ; push 0x48bbb4 call memset ; call 0x456f60 add esp, 0xc xor bl, bl mov byte [ref_0048bd58], bl ; mov byte [0x48bd58], bl xor bh, bh mov byte [ref_0048bd5b], bh ; mov byte [0x48bd5b], bh call fcn_00412014 ; call 0x412014 push 0xc call fcn_004549cf ; call 0x4549cf add esp, 4 push edi push fcn_00414858 ; push 0x414858 call _Wait_0402_Message ; call 0x4018e7 add esp, 8 call fcn_00454bcc ; call 0x454bcc push ref_00475057 ; push 0x475057 call fcn_00454240 ; call 0x454240 add esp, 4 mov eax, dword [ref_0048bcd0] ; mov eax, dword [0x48bcd0] push eax call clib_free ; call 0x456e11 add esp, 4 mov edx, dword [ref_0048bd3c] ; mov edx, dword [0x48bd3c] push edx call clib_free ; call 0x456e11 add esp, 4 mov ecx, dword [ref_0048bd34] ; mov ecx, dword [0x48bd34] push ecx call clib_free ; call 0x456e11 add esp, 4 mov ebx, dword [ref_0048bd38] ; mov ebx, dword [0x48bd38] push ebx call clib_free ; call 0x456e11 add esp, 4 mov esi, dword [ref_0048bcf8] ; mov esi, dword [0x48bcf8] push esi call clib_free ; call 0x456e11 add esp, 4 mov edi, dword [ref_0048bd28] ; mov edi, dword [0x48bd28] push edi call clib_free ; call 0x456e11 add esp, 4 mov ebp, dword [ref_0048bcd8] ; mov ebp, dword [0x48bcd8] push ebp call clib_free ; call 0x456e11 add esp, 4 mov eax, dword [ref_0048bcd4] ; mov eax, dword [0x48bcd4] push eax call clib_free ; call 0x456e11 add esp, 4 xor ebx, ebx loc_0041543c: mov edx, dword [ebx*4 + ref_0048bd14] ; mov edx, dword [ebx*4 + 0x48bd14] push edx call clib_free ; call 0x456e11 add esp, 4 inc ebx cmp ebx, 5 jl short loc_0041543c ; jl 0x41543c jmp near loc_004155ec ; jmp 0x4155ec loc_00415457: call clib_rand ; call 0x456f2d mov edx, eax mov ebx, 0x14 sar edx, 0x1f idiv ebx add edx, 0x32 mov dword [ref_0048bcec], edx ; mov dword [0x48bcec], edx push edx push ref_00463797 ; push 0x463797 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x7d0 lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov ebx, eax shl ebx, 3 add ebx, eax call clib_rand ; call 0x456f2d and eax, 1 mov esi, dword [ebx + eax*4 + ref_0048084a] ; mov esi, dword [ebx + eax*4 + 0x48084a] push esi push 0 mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc jmp near loc_004155ec ; jmp 0x4155ec fcn_004154dc: push ebx push esi push edi push ebp sub esp, 0x80 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne near loc_00415457 ; jne 0x415457 cmp byte [ref_00497159], 0 ; cmp byte [0x497159], 0 je near loc_00415457 ; je 0x415457 push ref_0047509f ; push 0x47509f call fcn_00454176 ; call 0x454176 add esp, 4 push 0 push 0 push 0x4e mov ebp, dword [ref_0048a05c] ; mov ebp, dword [0x48a05c] push ebp call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048bd3c], eax ; mov dword [0x48bd3c], eax push 0 push 0 push 0x4f mov eax, dword [ref_0048a05c] ; mov eax, dword [0x48a05c] push eax call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048bcd0], eax ; mov dword [0x48bcd0], eax push 0 push 0 push 0x5b mov edx, dword [ref_0048a05c] ; mov edx, dword [0x48a05c] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048bd34], eax ; mov dword [0x48bd34], eax push 0x80 push 0 push ref_0048bc44 ; push 0x48bc44 call memset ; call 0x456f60 add esp, 0xc xor ecx, ecx mov dword [ref_0048bcec], ecx ; mov dword [0x48bcec], ecx xor bl, bl mov byte [ref_0048bd58], bl ; mov byte [0x48bd58], bl xor bh, bh mov byte [ref_0048bd59], bh ; mov byte [0x48bd59], bh xor ebx, ebx mov dword [ref_0048bcc8], ecx ; mov dword [0x48bcc8], ecx push 0xb call fcn_004549cf ; call 0x4549cf add esp, 4 push ebx push fcn_00414bbc ; push 0x414bbc call _Wait_0402_Message ; call 0x4018e7 add esp, 8 call fcn_00454bcc ; call 0x454bcc push ref_0047509f ; push 0x47509f call fcn_00454240 ; call 0x454240 add esp, 4 mov esi, dword [ref_0048bcd0] ; mov esi, dword [0x48bcd0] push esi call clib_free ; call 0x456e11 add esp, 4 mov edi, dword [ref_0048bd3c] ; mov edi, dword [0x48bd3c] push edi call clib_free ; call 0x456e11 add esp, 4 mov ebp, dword [ref_0048bd34] ; mov ebp, dword [0x48bd34] push ebp loc_004155e4: call clib_free ; call 0x456e11 add esp, 4 loc_004155ec: mov eax, dword [ref_0048bcec] ; mov eax, dword [0x48bcec] add esp, 0x80 pop ebp pop edi pop esi pop ebx ret fcn_004155fc: push ebx push esi push edi push ebp sub esp, 0x80 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne near loc_00415457 ; jne 0x415457 cmp byte [ref_00497159], 0 ; cmp byte [0x497159], 0 je near loc_00415457 ; je 0x415457 push ref_004750bf ; push 0x4750bf call fcn_00454176 ; call 0x454176 add esp, 4 push 0 push 0 push 0x4e mov ebp, dword [ref_0048a05c] ; mov ebp, dword [0x48a05c] push ebp call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048bd3c], eax ; mov dword [0x48bd3c], eax push 0 push 0 push 0x4f mov eax, dword [ref_0048a05c] ; mov eax, dword [0x48a05c] push eax call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048bcd0], eax ; mov dword [0x48bcd0], eax push 0 push 0 push 0x5c mov edx, dword [ref_0048a05c] ; mov edx, dword [0x48a05c] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048bd38], eax ; mov dword [0x48bd38], eax push 0 push 0 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff add eax, 0x64 push eax mov ebx, dword [ref_0048a05c] ; mov ebx, dword [0x48a05c] push ebx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048bd30], eax ; mov dword [0x48bd30], eax push 0 push 0 push 0x5d mov esi, dword [ref_0048a05c] ; mov esi, dword [0x48a05c] push esi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048bce4], eax ; mov dword [0x48bce4], eax push 0 push 0 push 0x5e mov edi, dword [ref_0048a05c] ; mov edi, dword [0x48a05c] push edi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048bcf4], eax ; mov dword [0x48bcf4], eax xor ebx, ebx loc_004156e5: push 0 push 0 lea eax, [ebx + 0x5f] push eax mov ebp, dword [ref_0048a05c] ; mov ebp, dword [0x48a05c] push ebp call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx*4 + ref_0048bd14], eax ; mov dword [ebx*4 + 0x48bd14], eax inc ebx cmp ebx, 5 jl short loc_004156e5 ; jl 0x4156e5 push 0 push 0 push 0x20e mov eax, dword [ref_0048a0e4] ; mov eax, dword [0x48a0e4] push eax call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048bce8], eax ; mov dword [0x48bce8], eax mov eax, dword [ref_0048bd38] ; mov eax, dword [0x48bd38] mov dword [ref_0047504b], eax ; mov dword [0x47504b], eax push 0x10 push 0 push ref_0048bbb4 ; push 0x48bbb4 call memset ; call 0x456f60 add esp, 0xc xor bl, bl mov byte [ref_0048bd5a], bl ; mov byte [0x48bd5a], bl xor edx, edx mov dword [ref_0048bcec], edx ; mov dword [0x48bcec], edx xor bh, bh mov byte [ref_0048bd58], bh ; mov byte [0x48bd58], bh mov word [ref_0048bd4c], 0x6e ; mov word [0x48bd4c], 0x6e mov word [ref_0048bd44], 3 ; mov word [0x48bd44], 3 mov word [ref_0048bd46], 4 ; mov word [0x48bd46], 4 mov word [ref_0048bd42], 0xffff ; mov word [0x48bd42], 0xffff xor edi, edi mov word [ref_0048bd54], di ; mov word [0x48bd54], di mov word [ref_0048bd4e], 0x140 ; mov word [0x48bd4e], 0x140 mov word [ref_0048bd48], di ; mov word [0x48bd48], di mov word [ref_0048bd50], di ; mov word [0x48bd50], di mov word [ref_0048bd56], di ; mov word [0x48bd56], di mov eax, dword [ref_0048bd30] ; mov eax, dword [0x48bd30] mov eax, dword [eax + 4] sub eax, 5 sar eax, 1 mov word [ref_0048bd52], ax ; mov word [0x48bd52], ax push 0x80 push 0 push ref_0048bbc4 ; push 0x48bbc4 call memset ; call 0x456f60 add esp, 0xc push 0xa call fcn_004549cf ; call 0x4549cf add esp, 4 push 0 push fcn_00414fcd ; push 0x414fcd call _Wait_0402_Message ; call 0x4018e7 add esp, 8 call fcn_00454bcc ; call 0x454bcc push ref_004750bf ; push 0x4750bf call fcn_00454240 ; call 0x454240 add esp, 4 mov ecx, dword [ref_0048bd3c] ; mov ecx, dword [0x48bd3c] push ecx call clib_free ; call 0x456e11 add esp, 4 mov ebx, dword [ref_0048bcd0] ; mov ebx, dword [0x48bcd0] push ebx call clib_free ; call 0x456e11 add esp, 4 mov esi, dword [ref_0048bd38] ; mov esi, dword [0x48bd38] push esi call clib_free ; call 0x456e11 add esp, 4 mov edi, dword [ref_0048bd30] ; mov edi, dword [0x48bd30] push edi call clib_free ; call 0x456e11 add esp, 4 mov ebp, dword [ref_0048bce4] ; mov ebp, dword [0x48bce4] push ebp call clib_free ; call 0x456e11 add esp, 4 mov eax, dword [ref_0048bcf4] ; mov eax, dword [0x48bcf4] push eax call clib_free ; call 0x456e11 add esp, 4 xor ebx, ebx loc_00415850: mov edx, dword [ebx*4 + ref_0048bd14] ; mov edx, dword [ebx*4 + 0x48bd14] push edx call clib_free ; call 0x456e11 add esp, 4 inc ebx cmp ebx, 5 jl short loc_00415850 ; jl 0x415850 mov ecx, dword [ref_0048bce8] ; mov ecx, dword [0x48bce8] push ecx jmp near loc_004155e4 ; jmp 0x4155e4 fcn_00415872: push ebx push esi push edi push ebp sub esp, 0x10 push ref_004637cf ; push 0x4637cf call fcn_004502fe ; call 0x4502fe mov ebx, eax add esp, 4 mov edi, eax push 0 push 0 push 0x2d push eax call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048bdb0], eax ; mov dword [0x48bdb0], eax push 0 push 0 push 0x2e push ebx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048bdb4], eax ; mov dword [0x48bdb4], eax push 0x20 push 0 push ref_0048bd90 ; push 0x48bd90 call memset ; call 0x456f60 add esp, 0xc xor esi, esi jmp short loc_004158cd ; jmp 0x4158cd loc_004158c7: inc esi cmp esi, 2 jge short loc_00415910 ; jge 0x415910 loc_004158cd: xor ebx, ebx loc_004158cf: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_004158c7 ; jge 0x4158c7 push 0 push 0 imul eax, ebx, 0x68 xor ecx, ecx mov cl, byte [eax + (_players+19)] ; mov cl, byte [eax + 0x496b7b] mov eax, esi shl eax, 2 sub eax, esi shl eax, 2 add eax, 0x2f add eax, ecx push eax push edi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov ecx, esi shl ecx, 4 mov edx, ebx mov dword [ecx + edx*4 + ref_0048bd90], eax ; mov dword [ecx + edx*4 + 0x48bd90], eax inc ebx jmp short loc_004158cf ; jmp 0x4158cf loc_00415910: push edi call fcn_00450404 ; call 0x450404 add esp, 4 call fcn_00454acb ; call 0x454acb cmp word [ref_004991b6], 0 ; cmp word [0x4991b6], 0 je short loc_00415936 ; je 0x415936 push 1 push ref_0046cadc ; push 0x46cadc push ref_004637d8 ; push 0x4637d8 jmp short loc_0041594c ; jmp 0x41594c loc_00415936: push 1 push ref_0046cadc ; push 0x46cadc movsx eax, word [ref_004991b8] ; movsx eax, word [0x4991b8] mov ecx, dword [eax*4 + ref_004750e8] ; mov ecx, dword [eax*4 + 0x4750e8] push ecx loc_0041594c: call fcn_00451677 ; call 0x451677 add esp, 0xc mov esi, eax push ref_004750f8 ; push 0x4750f8 call fcn_00454176 ; call 0x454176 add esp, 4 push 1 call fcn_00454d91 ; call 0x454d91 add esp, 4 test esi, esi jne near loc_00415cad ; jne 0x415cad mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push esi push 1 push ref_0048a068 ; push 0x48a068 push esi push eax call dword [edx + 0x64] ; ucall push esi push esi mov eax, dword [ref_0048bdb0] ; mov eax, dword [0x48bdb0] add eax, 0xc push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push esi push eax call dword [edx + 0x80] ; ucall mov dword [esp + 4], esi mov dword [esp + 0xc], 0x1e0 mov dword [esp], esi mov dword [esp + 8], 0x280 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx push esi push esi push eax call dword [edx + 0x1c] ; ucall push esi push ref_004750f8 ; push 0x4750f8 call fcn_004542ce ; call 0x4542ce add esp, 8 push 0xffffffffffffffff push 3 push 0x3c push 0xb4 mov ebx, dword [ref_0048bdb4] ; mov ebx, dword [0x48bdb4] push ebx call fcn_0045144f ; call 0x45144f add esp, 0x14 test eax, eax jne near loc_00415cad ; jne 0x415cad movzx edi, byte [(_players+19)] ; movzx edi, byte [0x496b7b] loc_00415a1b: cmp esi, dword [_nplayers] ; cmp esi, dword [0x499114] jg near loc_00415bd3 ; jg 0x415bd3 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax push 0xf0 push 0xdc push 0x3c push 0xb4 push 0x3c push 0xb4 mov eax, dword [ref_0048bdb0] ; mov eax, dword [0x48bdb0] add eax, 0xc push eax push ref_0046caec ; push 0x46caec call fcn_004562cc ; call 0x4562cc add esp, 0x20 cmp edi, 0xffffffff je short loc_00415aee ; je 0x415aee push 0xffffffffffffffec lea edx, [edi + 3] mov ebx, edx shl ebx, 2 sub ebx, edx shl ebx, 2 mov eax, dword [ref_0048bdb0] ; mov eax, dword [0x48bdb0] movsx edx, word [ebx + eax + 0xe] movsx ecx, word [ebx + eax + 0xc] imul edx, ecx add edx, edx push edx mov edi, dword [ebx + eax + 0x14] push edi push edi call fcn_004552b7 ; call 0x4552b7 add esp, 0x10 push 0xdc push 0x10e mov eax, dword [ref_0048bdb0] ; mov eax, dword [0x48bdb0] add eax, 0xc add ebx, eax push ebx mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x3c push 0x96 mov eax, dword [ref_0048bdb0] ; mov eax, dword [0x48bdb0] add eax, 0x24 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 loc_00415aee: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov dword [esp + 4], 0x3c mov dword [esp + 0xc], 0x12c mov edi, 0xb4 mov dword [esp], edi mov dword [esp + 8], 0x190 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx push 0x3c push edi push eax call dword [edx + 0x1c] ; ucall test esi, esi je short loc_00415b70 ; je 0x415b70 push 0 push ref_00475100 ; push 0x475100 call fcn_00450cda ; call 0x450cda add esp, 8 push 0xffffffffffffffff push 0x14000003 push 0 push 0 mov ebx, dword [esi*4 + ref_0048bd8c] ; mov ebx, dword [esi*4 + 0x48bd8c] push ebx call fcn_0045144f ; call 0x45144f add esp, 0x14 test eax, eax jne near loc_00415cad ; jne 0x415cad loc_00415b70: mov edi, 0x190 mov dword [esp + 4], edi mov dword [esp + 0xc], 0x1e0 mov dword [esp], 0x140 mov dword [esp + 8], 0x280 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx push edi push 0x140 push eax call dword [edx + 0x1c] ; ucall mov eax, dword [_nplayers] ; mov eax, dword [0x499114] dec eax cmp esi, eax jge short loc_00415bc8 ; jge 0x415bc8 lea edi, [esi + 1] imul edi, edi, 0x68 movzx edi, byte [edi + (_players+19)] ; movzx edi, byte [edi + 0x496b7b] jmp short loc_00415bcd ; jmp 0x415bcd loc_00415bc8: mov edi, 0xffffffff loc_00415bcd: inc esi jmp near loc_00415a1b ; jmp 0x415a1b loc_00415bd3: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0 push 0 mov eax, dword [ref_0048bdb0] ; mov eax, dword [0x48bdb0] add eax, 0x18 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall xor edx, edx mov dword [esp + 4], edx mov dword [esp + 0xc], 0x1e0 xor ebx, ebx mov dword [esp], edx mov esi, 0x280 mov dword [esp + 8], esi mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov edi, dword [ref_0048a0e0] ; mov edi, dword [0x48a0e0] push edi push ebx push ebx push eax call dword [edx + 0x1c] ; ucall mov dword [esp + 4], 0x1b8 mov dword [esp + 0xc], 0x1e0 xor edx, edx mov dword [esp], edx mov dword [esp + 8], esi xor esi, esi loc_00415c66: cmp esi, dword [_nplayers] ; cmp esi, dword [0x499114] jge short loc_00415cad ; jge 0x415cad push 0xffffffffffffffff push 3 push 0 push 0 mov edi, dword [esi*4 + ref_0048bda0] ; mov edi, dword [esi*4 + 0x48bda0] push edi call fcn_0045144f ; call 0x45144f add esp, 0x14 test eax, eax jne short loc_00415cad ; jne 0x415cad mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov ebp, dword [ref_0048a0e0] ; mov ebp, dword [0x48a0e0] push ebp push 0x1b8 push 0 push eax call dword [edx + 0x1c] ; ucall inc esi jmp short loc_00415c66 ; jmp 0x415c66 loc_00415cad: push ref_004750f8 ; push 0x4750f8 call fcn_00454240 ; call 0x454240 add esp, 4 mov eax, dword [ref_0048bdb0] ; mov eax, dword [0x48bdb0] push eax call clib_free ; call 0x456e11 add esp, 4 mov edx, dword [ref_0048bdb4] ; mov edx, dword [0x48bdb4] push edx call clib_free ; call 0x456e11 add esp, 4 xor esi, esi jmp short loc_00415ce1 ; jmp 0x415ce1 loc_00415cdb: inc esi cmp esi, 2 jge short loc_00415d05 ; jge 0x415d05 loc_00415ce1: xor ebx, ebx loc_00415ce3: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_00415cdb ; jge 0x415cdb mov eax, esi shl eax, 4 mov edx, ebx mov edi, dword [eax + edx*4 + ref_0048bd90] ; mov edi, dword [eax + edx*4 + 0x48bd90] push edi call clib_free ; call 0x456e11 add esp, 4 inc ebx jmp short loc_00415ce3 ; jmp 0x415ce3 loc_00415d05: add esp, 0x10 pop ebp pop edi pop esi pop ebx ret ref_00415d0d: db 0x0f db 0x00 db 0x00 dd 0x00005800 dd 0x00009e00 dd 0x0000e600 db 0x00 ref_00415d1d: db 0x24 db 0x00 db 0x00 dd 0x00000000 dd 0x00000000 dd 0x00000000 dd 0x00000000 db 0x00 fcn_00415d31: push ebx push esi push edi push ebp sub esp, 0x10 test byte [ref_00475110], 1 ; test byte [0x475110], 1 jne near loc_00415f47 ; jne 0x415f47 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0 push 0 mov eax, dword [ref_00475118] ; mov eax, dword [0x475118] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 xor ebx, ebx jmp short loc_00415d81 ; jmp 0x415d81 loc_00415d7b: inc ebx cmp ebx, 0xb jge short loc_00415deb ; jge 0x415deb loc_00415d81: mov eax, ebx shl eax, 2 add eax, ebx shl eax, 3 add eax, 0x14 mov ecx, dword [ref_0048bde4] ; mov ecx, dword [0x48bde4] cmp ebx, ecx jne short loc_00415dc5 ; jne 0x415dc5 push 0x14 push eax lea edx, [ecx + 0xc] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_00475118] ; mov edx, dword [0x475118] add edx, 0xc add eax, edx push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi loc_00415dbb: call fcn_00456418 ; call 0x456418 add esp, 0x10 jmp short loc_00415d7b ; jmp 0x415d7b loc_00415dc5: push 0x14 push eax lea edx, [ebx + 1] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_00475118] ; mov eax, dword [0x475118] add eax, 0xc add eax, edx push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi jmp short loc_00415dbb ; jmp 0x415dbb loc_00415deb: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall cmp dword [esp + 0x24], 0 je short loc_00415e64 ; je 0x415e64 xor eax, eax mov dword [esp + 4], eax mov dword [esp + 0xc], 0x28 mov dword [esp], eax mov dword [esp + 8], 0x1b8 mov eax, esp push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ebx, [esp + 4] push ebx mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] push esi mov edi, dword [esp + 0x10] push edi mov ebp, dword [esp + 0x10] push ebp push eax call dword [edx + 0x1c] ; ucall mov eax, esp push eax call fcn_004174cd ; call 0x4174cd add esp, 4 mov eax, esp push eax call fcn_00402250 ; call 0x402250 add esp, 4 jmp near loc_00415f47 ; jmp 0x415f47 loc_00415e64: or byte [ref_00475110], 1 ; or byte [0x475110], 1 jmp near loc_00415f47 ; jmp 0x415f47 fcn_00415e70: push ebx push esi push edi push ebp sub esp, 0x10 test byte [ref_00475110], 2 ; test byte [0x475110], 2 jne near loc_00415f47 ; jne 0x415f47 mov edx, dword [ref_0048be18] ; mov edx, dword [0x48be18] test edx, edx jne short loc_00415ec9 ; jne 0x415ec9 mov esi, dword [_current_player] ; mov esi, dword [0x49910c] cmp esi, 4 jge short loc_00415eb3 ; jge 0x415eb3 imul eax, esi, 0x68 mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] loc_00415eab: and eax, 0xffff push eax jmp short loc_00415ed7 ; jmp 0x415ed7 loc_00415eb3: mov eax, esi shl eax, 4 mov dx, word [eax + ref_00498dea] ; mov dx, word [eax + 0x498dea] push edx mov ax, word [eax + ref_00498de8] ; mov ax, word [eax + 0x498de8] jmp short loc_00415eab ; jmp 0x415eab loc_00415ec9: mov ecx, dword [ref_0048be20] ; mov ecx, dword [0x48be20] push ecx mov ebx, dword [ref_0048be1c] ; mov ebx, dword [0x48be1c] push ebx loc_00415ed7: call fcn_0040829d ; call 0x40829d add esp, 8 cmp dword [esp + 0x24], 0 je short loc_00415f4f ; je 0x415f4f mov dword [esp + 4], 0x28 mov dword [esp + 0xc], 0x1e0 xor ecx, ecx mov dword [esp], ecx mov dword [esp + 8], 0x1b8 mov eax, esp push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] push esi mov edi, dword [esp + 0x10] push edi mov ebp, dword [esp + 0x10] push ebp loc_00415f2d: push eax call dword [edx + 0x1c] ; ucall mov eax, esp push eax call fcn_004174cd ; call 0x4174cd add esp, 4 mov eax, esp push eax call fcn_00402250 ; call 0x402250 loc_00415f44: add esp, 4 loc_00415f47: add esp, 0x10 pop ebp pop edi pop esi pop ebx ret loc_00415f4f: or byte [ref_00475110], 2 ; or byte [0x475110], 2 jmp short loc_00415f47 ; jmp 0x415f47 endloc_00415f58: db 0x90 ref_00415f59: ; may contain a jump table dd loc_004162d4 dd loc_00416355 dd loc_0041646c dd loc_004165e1 fcn_00415f69: push ebx push esi push edi push ebp sub esp, 0xb0 lea edi, [esp + 0x90] mov esi, ref_00415d0d ; mov esi, 0x415d0d movsd ; movsd dword es:[edi], dword ptr [esi] movsd ; movsd dword es:[edi], dword ptr [esi] movsd ; movsd dword es:[edi], dword ptr [esi] movsd ; movsd dword es:[edi], dword ptr [esi] cmp byte [ref_0049715d], 2 ; cmp byte [0x49715d], 2 je near loc_004166ed ; je 0x4166ed mov eax, dword [ref_00475110] ; mov eax, dword [0x475110] and eax, 0xc cmp eax, 0xc je near loc_004166ed ; je 0x4166ed mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax mov eax, dword [_current_player] ; mov eax, dword [0x49910c] cmp eax, dword [_nplayers] ; cmp eax, dword [0x499114] jl near loc_0041610d ; jl 0x41610d cmp eax, 8 je near loc_0041610d ; je 0x41610d push 0 push 0x1b8 mov eax, dword [ref_0048be0c] ; mov eax, dword [0x48be0c] add eax, 0x48 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0 push 2 push 0 push 0x101010 push 0x16 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0x28 push 0x246 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] mov edx, dword [eax*4 + ref_0047ed5a] ; mov edx, dword [eax*4 + 0x47ed5a] push edx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x40 push 0x20c mov eax, dword [_current_player] ; mov eax, dword [0x49910c] shl eax, 4 mov al, byte [eax + ref_00498df0] ; mov al, byte [eax + 0x498df0] and eax, 0xff imul eax, eax, 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x18 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 loc_00416064: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall cmp dword [esp + 0xc4], 0 je near loc_004166e6 ; je 0x4166e6 xor esi, esi mov dword [esp + 0x84], esi mov dword [esp + 0x8c], 0x118 mov dword [esp + 0x80], 0x1b8 mov dword [esp + 0x88], 0x280 lea eax, [esp + 0x80] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0x84] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [esp + 0x90] push ebx mov esi, dword [esp + 0x90] push esi push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 0x80] push eax call fcn_004174cd ; call 0x4174cd add esp, 4 lea eax, [esp + 0x80] push eax call fcn_00402250 ; call 0x402250 add esp, 4 jmp near loc_004166ed ; jmp 0x4166ed loc_0041610d: mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] cmp ebx, 8 jne short loc_00416121 ; jne 0x416121 movzx esi, byte [ref_00498e70] ; movzx esi, byte [0x498e70] jmp short loc_00416123 ; jmp 0x416123 loc_00416121: mov esi, ebx loc_00416123: push 0 push 0x1b8 xor edx, edx mov dl, byte [esi + ref_0048be24] ; mov dl, byte [esi + 0x48be24] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048be0c] ; mov eax, dword [0x48be0c] add eax, 0xc add eax, edx push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 1 push 2 push 0 push 0x101010 push 0xc call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov ebp, dword [ref_004990e8] ; mov ebp, dword [0x4990e8] push ebp push ref_004638f5 ; push 0x4638f5 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x104 push 0x1c2 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor ebx, ebx jmp short loc_004161e5 ; jmp 0x4161e5 loc_004161a5: mov eax, 0x404040 loc_004161aa: push 0 push 2 push 0 push eax push 0x12 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 3 mov edx, dword [esp + ebx*4 + 0x94] add edx, 0x14 push edx push 0x273 mov edi, dword [ebx*4 + ref_00475274] ; mov edi, dword [ebx*4 + 0x475274] push edi push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx cmp ebx, 4 jge short loc_004161f8 ; jge 0x4161f8 loc_004161e5: xor eax, eax mov al, byte [esi + ref_0048be24] ; mov al, byte [esi + 0x48be24] cmp ebx, eax jne short loc_004161a5 ; jne 0x4161a5 mov eax, 0x101010 jmp short loc_004161aa ; jmp 0x4161aa loc_004161f8: push 0 push 0xc push 0x56 push 0x39 push 0x20b push ref_0046caec ; push 0x46caec call fcn_004561be ; call 0x4561be add esp, 0x18 imul ebx, esi, 0x68 mov ebp, dword [ebx + (_players+4)] ; mov ebp, dword [ebx + 0x496b6c] push ebp push 0xc push 0x56 push 0x38 push 0x20a push ref_0046caec ; push 0x46caec call fcn_004561be ; call 0x4561be add esp, 0x18 push 0x28 push 0x1e2 imul eax, esi, 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0xc push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 mov dl, byte [ebx + (_players+65)] ; mov dl, byte [ebx + 0x496ba9] test dl, dl je short loc_00416288 ; je 0x416288 push 0x40 push 0x20c xor eax, eax mov al, dl dec eax imul eax, eax, 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x18 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 loc_00416288: push 0 push 2 push 0 push 0x101010 push 0x16 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0x28 push 0x234 imul ebx, esi, 0x68 mov ecx, dword [ebx + (_players+0)] ; mov ecx, dword [ebx + 0x496b68] push ecx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov al, byte [esi + ref_0048be24] ; mov al, byte [esi + 0x48be24] cmp al, 3 ja near loc_00416064 ; ja 0x416064 and eax, 0xff jmp dword [eax*4 + ref_00415f59] ; ujmp: jmp dword [eax*4 + 0x415f59] loc_004162d4: mov byte [esp], 0x24 xor al, al mov byte [esp + 1], al mov eax, dword [ebx + (_players+28)] ; mov eax, dword [ebx + 0x496b84] push eax lea eax, [esp + 5] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 1 push 0x66 push 0x258 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov edx, dword [ebx + (_players+32)] ; mov edx, dword [ebx + 0x496b88] push edx lea eax, [esp + 5] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 1 push 0xa6 push 0x258 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push esi call fcn_004239b9 ; call 0x4239b9 add esp, 4 push eax lea eax, [esp + 5] push eax call fcn_00452793 ; call 0x452793 add esp, 8 jmp near loc_0041644c ; jmp 0x41644c loc_00416355: mov ebx, 1 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add eax, 0x34 xor edi, edi mov dword [esp + 0xac], edi mov dword [esp + 0xa8], edi mov ebp, dword [ref_00498e98] ; mov ebp, dword [0x498e98] loc_00416378: cmp ebx, ebp jg short loc_004163a2 ; jg 0x4163a2 xor edx, edx mov dl, byte [eax + 0x19] lea ecx, [esi + 1] cmp edx, ecx jne short loc_0041639c ; jne 0x41639c inc dword [esp + 0xac] cmp byte [eax + 0x18], 0 je short loc_0041639c ; je 0x41639c inc dword [esp + 0xa8] loc_0041639c: inc ebx add eax, 0x34 jmp short loc_00416378 ; jmp 0x416378 loc_004163a2: mov ebx, 1 mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] add eax, 0x38 xor edi, edi mov ebp, dword [ref_00498e8c] ; mov ebp, dword [0x498e8c] loc_004163b7: cmp ebx, ebp jg short loc_004163db ; jg 0x4163db xor edx, edx mov dl, byte [eax + 0x19] lea ecx, [esi + 1] cmp edx, ecx jne short loc_004163d5 ; jne 0x4163d5 inc dword [esp + 0xac] cmp byte [eax + 0x1a], 0 je short loc_004163d5 ; je 0x4163d5 inc edi loc_004163d5: inc ebx add eax, 0x38 jmp short loc_004163b7 ; jmp 0x4163b7 loc_004163db: push 0xa lea eax, [esp + 4] push eax mov eax, dword [esp + 0xb4] push eax call fcn_00457d61 ; call 0x457d61 add esp, 0xc push 1 push 0x66 push 0x258 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0xa lea eax, [esp + 4] push eax mov edx, dword [esp + 0xb0] push edx call fcn_00457d61 ; call 0x457d61 add esp, 0xc push 1 push 0xa6 push 0x258 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0xa lea eax, [esp + 4] push eax push edi loc_00416444: call fcn_00457d61 ; call 0x457d61 add esp, 0xc loc_0041644c: push 1 push 0xe6 push 0x258 loc_00416458: lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 jmp near loc_00416064 ; jmp 0x416064 loc_0041646c: xor ebx, ebx mov dword [esp + 0xac], ebx mov dword [esp + 0xa8], ebx jmp short loc_00416488 ; jmp 0x416488 loc_0041647e: inc ebx cmp ebx, 0xc jge near loc_00416534 ; jge 0x416534 loc_00416488: mov eax, esi shl eax, 2 sub eax, esi shl eax, 5 mov edx, ebx shl edx, 3 add edx, eax cmp dword [edx + _player_stocks], 0 ; cmp dword [edx + 0x4971a0], 0 je short loc_0041647e ; je 0x41647e fild dword [edx + _player_stocks] ; fild dword [edx + 0x4971a0] fstp dword [esp + 0xa0] mov eax, ebx shl eax, 3 add eax, ebx fld dword [esp + 0xa0] fmul dword [eax*4 + (_stocks_on_map+20)] ; fmul dword [eax*4 + 0x496994] mov eax, dword [esp + 0xac] mov dword [esp + 0xa4], eax fild dword [esp + 0xa4] fstp dword [esp + 0xa4] fadd dword [esp + 0xa4] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0xac] fld dword [esp + 0xa0] fmul dword [edx + (_player_stocks + 4)] ; fmul dword [edx + 0x4971a4] mov eax, dword [esp + 0xa8] mov dword [esp + 0xa4], eax fild dword [esp + 0xa4] fstp dword [esp + 0xa4] fadd dword [esp + 0xa4] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0xa8] jmp near loc_0041647e ; jmp 0x41647e loc_00416534: mov byte [esp], 0x24 xor dl, dl mov byte [esp + 1], dl mov ebx, dword [esp + 0xac] push ebx lea eax, [esp + 5] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 1 push 0x66 push 0x258 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov edi, dword [esp + 0xa8] push edi lea eax, [esp + 5] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 1 push 0xa6 push 0x258 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_00498e7c] ; mov eax, dword [0x498e7c] add eax, 0x34 xor ebx, ebx mov dword [esp + 0xac], ebx loc_004165ac: cmp ebx, dword [ref_00498e90] ; cmp ebx, dword [0x498e90] jg short loc_004165cd ; jg 0x4165cd xor ecx, ecx mov cl, byte [eax + 0x18] lea edx, [esi + 1] cmp ecx, edx jne short loc_004165c7 ; jne 0x4165c7 inc dword [esp + 0xac] loc_004165c7: inc ebx add eax, 0x34 jmp short loc_004165ac ; jmp 0x4165ac loc_004165cd: push 0xa lea eax, [esp + 4] push eax mov ecx, dword [esp + 0xb4] push ecx jmp near loc_00416444 ; jmp 0x416444 loc_004165e1: push 0xa lea eax, [esp + 4] push eax xor eax, eax mov ax, word [ebx + (_players+48)] ; mov ax, word [ebx + 0x496b98] push eax call fcn_00457d61 ; call 0x457d61 add esp, 0xc push 1 push 0x66 push 0x258 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor eax, eax mov al, byte [ebx + (_players+62)] ; mov al, byte [ebx + 0x496ba6] push eax push ref_00463902 ; push 0x463902 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 1 push 0xe6 push 0x258 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov byte [esp], 0x24 xor cl, cl mov byte [esp + 1], cl mov esi, dword [ebx + (_players+36)] ; mov esi, dword [ebx + 0x496b8c] push esi lea eax, [esp + 5] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 1 push 0xa6 push 0x258 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 cmp dword [ebx + (_players+36)], 0 ; cmp dword [ebx + 0x496b8c], 0 je near loc_00416064 ; je 0x416064 mov ebp, dword [ebx + (_players+44)] ; mov ebp, dword [ebx + 0x496b94] push ebp mov eax, dword [ref_00497160] ; mov eax, dword [0x497160] push eax call fcn_004521aa ; call 0x4521aa mov ebx, eax add esp, 8 test eax, eax je near loc_00416064 ; je 0x416064 push 1 push 2 push 0 push 0x101010 push 0xc call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push ebx push ref_00463902 ; push 0x463902 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x92 push 0x1f4 jmp near loc_00416458 ; jmp 0x416458 loc_004166e6: or byte [ref_00475110], 0xc ; or byte [0x475110], 0xc loc_004166ed: add esp, 0xb0 pop ebp pop edi pop esi pop ebx ret fcn_004166f8: push ebx push esi push edi push ebp sub esp, 0x24 mov ecx, 5 mov edi, esp mov esi, ref_00415d1d ; mov esi, 0x415d1d rep movsd ; rep movsd dword es:[edi], dword ptr [esi] cmp byte [ref_0049715d], 2 ; cmp byte [0x49715d], 2 jne near loc_004169b4 ; jne 0x4169b4 test byte [ref_00475110], 4 ; test byte [0x475110], 4 jne near loc_004169b4 ; jne 0x4169b4 mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] mov eax, dword [ebx] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push ebx call dword [eax + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax push 0 push 0x1b8 mov eax, dword [ref_0048be0c] ; mov eax, dword [0x48be0c] add eax, 0x3c push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] cmp eax, dword [_nplayers] ; cmp eax, dword [0x499114] jl short loc_004167e9 ; jl 0x4167e9 cmp eax, 8 je short loc_004167e9 ; je 0x4167e9 push 0 push 2 push 0 push 0x101010 push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0x14 push 0x246 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] mov edi, dword [eax*4 + ref_0047ed5a] ; mov edi, dword [eax*4 + 0x47ed5a] push edi push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x40 push 0x20c mov eax, dword [_current_player] ; mov eax, dword [0x49910c] shl eax, 4 mov al, byte [eax + ref_00498df0] ; mov al, byte [eax + 0x498df0] and eax, 0xff imul eax, eax, 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x18 push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 jmp near loc_0041692a ; jmp 0x41692a loc_004167e9: mov esi, dword [_current_player] ; mov esi, dword [0x49910c] cmp esi, 8 jne short loc_004167fb ; jne 0x4167fb movzx esi, byte [ref_00498e70] ; movzx esi, byte [0x498e70] loc_004167fb: push 0 push 4 push 0x6a push 0x21 push 0x211 push ref_0046caec ; push 0x46caec call fcn_004561be ; call 0x4561be add esp, 0x18 imul ebx, esi, 0x68 mov edi, dword [ebx + (_players+4)] ; mov edi, dword [ebx + 0x496b6c] push edi push 4 push 0x6a push 0x20 push 0x210 push ref_0046caec ; push 0x46caec call fcn_004561be ; call 0x4561be add esp, 0x18 push 0x28 push 0x1e2 imul eax, esi, 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0xc push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 mov dh, byte [ebx + (_players+65)] ; mov dh, byte [ebx + 0x496ba9] test dh, dh je short loc_0041688b ; je 0x41688b push 0x40 push 0x20c xor eax, eax mov al, dh dec eax imul eax, eax, 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x18 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 loc_0041688b: push 0 push 2 push 0 push 0x101010 push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0x10 push 0x246 imul ebx, esi, 0x68 mov edx, dword [ebx + (_players+0)] ; mov edx, dword [ebx + 0x496b68] push edx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 1 push 2 push 0 push 0x101010 push 0xc call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov ecx, dword [ebx + (_players+28)] ; mov ecx, dword [ebx + 0x496b84] push ecx lea eax, [esp + 5] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 1 push 0x29 push 0x27a lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov esi, dword [ebx + (_players+32)] ; mov esi, dword [ebx + 0x496b88] push esi lea eax, [esp + 5] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 1 push 0x3f push 0x27a lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 loc_0041692a: mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] mov eax, dword [ebx] push 0 push ebx call dword [eax + 0x80] ; ucall cmp dword [esp + 0x38], 0 je short loc_004169ad ; je 0x4169ad xor edx, edx mov dword [esp + 0x18], edx mov dword [esp + 0x20], 0x50 mov dword [esp + 0x14], 0x1b8 mov dword [esp + 0x1c], 0x280 lea eax, [esp + 0x14] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov ebx, dword [ref_0048a0dc] ; mov ebx, dword [0x48a0dc] mov eax, dword [ebx] push 0x10 lea esi, [esp + 0x18] push esi mov edi, dword [ref_0048a0e0] ; mov edi, dword [0x48a0e0] push edi mov ebp, dword [esp + 0x24] push ebp mov edx, dword [esp + 0x24] push edx push ebx call dword [eax + 0x1c] ; ucall lea eax, [esp + 0x14] push eax call fcn_004174cd ; call 0x4174cd add esp, 4 lea eax, [esp + 0x14] push eax call fcn_00402250 ; call 0x402250 add esp, 4 jmp short loc_004169b4 ; jmp 0x4169b4 loc_004169ad: or byte [ref_00475110], 4 ; or byte [0x475110], 4 loc_004169b4: add esp, 0x24 pop ebp pop edi pop esi pop ebx ret fcn_004169bc: push ebx push esi push edi push ebp sub esp, 0x44 cmp byte [ref_0049715d], 1 ; cmp byte [0x49715d], 1 je near loc_00416e65 ; je 0x416e65 test byte [ref_00475110], 0x10 ; test byte [0x475110], 0x10 jne near loc_00416e65 ; jne 0x416e65 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [ebx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax cmp byte [ref_00497164], 0 ; cmp byte [0x497164], 0 je near loc_00416b4c ; je 0x416b4c mov ebp, dword [ref_00497160] ; mov ebp, dword [0x497160] and ebp, 0xffffff00 mov ebx, dword [ref_00497160] ; mov ebx, dword [0x497160] shr ebx, 8 and ebx, 0xff dec ebx push 0x118 push 0x1b8 xor eax, eax mov al, byte [ebx + ref_00475218] ; mov al, byte [ebx + 0x475218] lea ebx, [eax + 4] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 mov ebx, dword [ref_0048be10] ; mov ebx, dword [0x48be10] add ebx, 0xc add eax, ebx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov ebx, dword [ref_00497160] ; mov ebx, dword [0x497160] xor bl, bl mov eax, dword [ref_00497160] ; mov eax, dword [0x497160] and eax, 0xff mov dword [esp + 0x40], eax or bl, 1 lea eax, [esp + 0x3c] push eax lea eax, [esp + 0x3c] push eax push ebx call fcn_004520a6 ; call 0x4520a6 add esp, 0xc mov ebx, 1 mov esi, dword [esp + 0x38] mov eax, esi shl eax, 2 sub eax, esi shl eax, 3 sub eax, esi lea esi, [eax + 0x1d6] mov edi, 0x17a loc_00416aac: cmp ebx, dword [esp + 0x3c] jg near loc_00416d3b ; jg 0x416d3b push 0xa lea eax, [esp + 4] push eax push ebx call fcn_00457d61 ; call 0x457d61 add esp, 0xc cmp ebx, dword [esp + 0x40] jne short loc_00416aea ; jne 0x416aea push 0xff0000 push 0xe push 0x14 lea eax, [edi - 6] push eax lea eax, [esi - 0xa] push eax push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 loc_00416aea: mov eax, ebp or eax, ebx push eax call fcn_004523d5 ; call 0x4523d5 add esp, 4 cmp eax, 1 jne short loc_00416b08 ; jne 0x416b08 push eax push 2 push 0 push 0xff0000 jmp short loc_00416b13 ; jmp 0x416b13 loc_00416b08: push 1 push 2 push 0 push 0x101010 loc_00416b13: push 0xc call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push edi push esi lea eax, [esp + 0xc] push eax push ref_0046caec ; push 0x46caec call fcn_0044fabc ; call 0x44fabc add esp, 0x14 cmp esi, 0x260 jne short loc_00416b43 ; jne 0x416b43 mov esi, 0x1bf add edi, 0xe loc_00416b43: inc ebx add esi, 0x17 jmp near loc_00416aac ; jmp 0x416aac loc_00416b4c: xor esi, esi mov edx, dword [ref_00497160] ; mov edx, dword [0x497160] push edx call fcn_004521f0 ; call 0x4521f0 add esp, 4 cmp eax, 0xffffffff jne short loc_00416baf ; jne 0x416baf mov eax, dword [ref_00497160] ; mov eax, dword [0x497160] shr eax, 8 and eax, 0xff lea ebx, [eax - 1] push 0x118 push 0x1b8 mov bl, byte [ebx + ref_00475218] ; mov bl, byte [ebx + 0x475218] and ebx, 0xff mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 mov ebx, dword [ref_0048be10] ; mov ebx, dword [0x48be10] add ebx, 0xc add eax, ebx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 jmp short loc_00416c1f ; jmp 0x416c1f loc_00416baf: movsx ebx, word [ref_004991b6] ; movsx ebx, word [0x4991b6] shl ebx, 2 movsx esi, word [ref_004991b8] ; movsx esi, word [0x4991b8] add ebx, esi mov bx, word [ebx*2 + ref_00475208] ; mov bx, word [ebx*2 + 0x475208] and ebx, 0xffff add ebx, eax cmp ebx, dword [ref_0048bdd0] ; cmp ebx, dword [0x48bdd0] je short loc_00416bfb ; je 0x416bfb mov dword [ref_0048bdd0], ebx ; mov dword [0x48bdd0], ebx push 0 mov eax, dword [ref_0048bdcc] ; mov eax, dword [0x48bdcc] mov esi, dword [eax + 8] push esi push ebx mov edi, dword [ref_0048a0e4] ; mov edi, dword [0x48a0e4] push edi call fcn_00450441 ; call 0x450441 add esp, 0x10 loc_00416bfb: push 0x118 push 0x1b8 mov ebp, dword [ref_0048bdcc] ; mov ebp, dword [0x48bdcc] push ebp mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov esi, 1 loc_00416c1f: push 0x12c push 0x1ce mov eax, dword [ref_0048be10] ; mov eax, dword [0x48be10] add eax, 0x6c push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x12d push 0x1ec mov eax, dword [ref_0048be10] ; mov eax, dword [0x48be10] add eax, 0x90 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_00456418 ; call 0x456418 add esp, 0x10 lea eax, [esp + 0x3c] push eax lea eax, [esp + 0x3c] push eax mov edi, dword [ref_00497160] ; mov edi, dword [0x497160] push edi call fcn_004520a6 ; call 0x4520a6 add esp, 0xc cmp dword [esp + 0x38], 0 jne short loc_00416c8c ; jne 0x416c8c mov esi, 1 jmp short loc_00416c90 ; jmp 0x416c90 loc_00416c8c: test esi, esi je short loc_00416ca0 ; je 0x416ca0 loc_00416c90: push 1 push 6 push 0x101010 push 0xff0000 jmp short loc_00416cae ; jmp 0x416cae loc_00416ca0: push 1 push 6 push 0xffffff push 0x101010 loc_00416cae: push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 3 push 0x160 push 0x1c6 mov eax, dword [esp + 0x44] mov edx, dword [eax*4 + ref_0047511c] ; mov edx, dword [eax*4 + 0x47511c] push edx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 test esi, esi je short loc_00416cee ; je 0x416cee push 1 push 6 push 0x101010 push 0xff0000 jmp short loc_00416cfc ; jmp 0x416cfc loc_00416cee: push 1 push 6 push 0xffffff push 0x101010 loc_00416cfc: push 0x3c call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 0xa lea eax, [esp + 4] push eax mov eax, dword [ref_00497160] ; mov eax, dword [0x497160] and eax, 0xff push eax call fcn_00457d61 ; call 0x457d61 add esp, 0xc push 2 push 0x178 push 0x1f4 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 loc_00416d3b: push 1 push 6 push 0xffffff push 0x101010 push 0x18 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 0xa lea eax, [esp + 4] push eax mov eax, dword [ref_00497160] ; mov eax, dword [0x497160] shr eax, 0x10 push eax call fcn_00457d61 ; call 0x457d61 add esp, 0xc push 0 push 0x120 push 0x244 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 1 push 6 push 0xffffff push 0x101010 push 0x1c call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov ebx, dword [ref_00497160] ; mov ebx, dword [0x497160] shr ebx, 8 and ebx, 0xff push ebx push ref_00463907 ; push 0x463907 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 2 push 0x148 push 0x1f4 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push eax call dword [ebx + 0x80] ; ucall cmp dword [esp + 0x58], 0 je short loc_00416e5e ; je 0x416e5e mov dword [esp + 0x2c], 0x118 mov dword [esp + 0x34], 0x1e0 mov dword [esp + 0x28], 0x1b8 mov dword [esp + 0x30], 0x280 lea eax, [esp + 0x28] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov ebx, dword [eax] push 0x10 lea esi, [esp + 0x2c] push esi mov edx, dword [ref_0048a0e0] ; mov edx, dword [0x48a0e0] push edx mov ecx, dword [esp + 0x38] push ecx mov esi, dword [esp + 0x38] push esi push eax call dword [ebx + 0x1c] ; ucall lea eax, [esp + 0x28] push eax call fcn_004174cd ; call 0x4174cd add esp, 4 lea eax, [esp + 0x28] push eax call fcn_00402250 ; call 0x402250 add esp, 4 jmp short loc_00416e65 ; jmp 0x416e65 loc_00416e5e: or byte [ref_00475110], 0x10 ; or byte [0x475110], 0x10 loc_00416e65: add esp, 0x44 pop ebp pop edi pop esi pop ebx ret fcn_00416e6d: push ebx push esi push edi push ebp sub esp, 0x18 movzx ebp, byte [ref_0049715d] ; movzx ebp, byte [0x49715d] mov ebp, dword [ebp*4 + ref_004752aa] ; mov ebp, dword [ebp*4 + 0x4752aa] test ebp, ebp je near loc_00417179 ; je 0x417179 cmp ebp, 0x50 jne short loc_00416e9c ; jne 0x416e9c test byte [ref_00475110], 8 ; test byte [0x475110], 8 jne near loc_00417179 ; jne 0x417179 loc_00416e9c: cmp ebp, 0x118 jne short loc_00416eb1 ; jne 0x416eb1 test byte [ref_00475110], 0x10 ; test byte [0x475110], 0x10 jne near loc_00417179 ; jne 0x417179 loc_00416eb1: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax push ebp push 0x1b8 mov eax, dword [ref_0048badc] ; mov eax, dword [0x48badc] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 lea ebx, [ebp + 3] push ebx push 0x1bb mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] add eax, 0xfc push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 push ebx push 0x1d4 mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] add eax, 0x108 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_00456418 ; call 0x456418 add esp, 0x10 xor esi, esi xor edi, edi xor ebx, ebx jmp near loc_00416fb9 ; jmp 0x416fb9 loc_00416f3d: mov edx, ebx shl edx, 4 cmp byte [edx + ref_00498df2], 0 ; cmp byte [edx + 0x498df2], 0 jne short loc_00416f9f ; jne 0x416f9f cmp ebx, dword [_current_player] ; cmp ebx, dword [0x49910c] jne short loc_00416f9f ; jne 0x416f9f xor ecx, ecx mov cx, word [edx + ref_00498de8] ; mov cx, word [edx + 0x498de8] mov eax, ecx shl eax, 2 sub eax, ecx shl eax, 2 sub eax, ecx shl eax, 3 add eax, ecx shl eax, 6 sar eax, 0x10 lea esi, [eax + 0x1b8] mov dx, word [edx + ref_00498dea] ; mov dx, word [edx + 0x498dea] and edx, 0xffff mov edi, edx shl edi, 2 sub edi, edx shl edi, 2 sub edi, edx shl edi, 3 add edi, edx shl edi, 6 sar edi, 0x10 add edi, ebp loc_00416f9f: cmp ebx, dword [_current_player] ; cmp ebx, dword [0x49910c] jne short loc_00416faf ; jne 0x416faf mov dword [esp + 0x10], esi mov dword [esp + 0x14], edi loc_00416faf: inc ebx cmp ebx, 9 jge near loc_00417041 ; jge 0x417041 loc_00416fb9: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge near loc_00416f3d ; jge 0x416f3d imul edx, ebx, 0x68 cmp word [edx + (_players+8)], 0 ; cmp word [edx + 0x496b70], 0 je short loc_00416f9f ; je 0x416f9f xor ecx, ecx mov cx, word [edx + (_players+8)] ; mov cx, word [edx + 0x496b70] mov eax, ecx shl eax, 2 sub eax, ecx shl eax, 2 sub eax, ecx shl eax, 3 add eax, ecx shl eax, 6 sar eax, 0x10 lea esi, [eax + 0x1b8] mov dx, word [edx + (_players+10)] ; mov dx, word [edx + 0x496b72] and edx, 0xffff mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 6 sar eax, 0x10 lea edi, [eax + ebp] push edi push esi imul eax, ebx, 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x54 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 jmp near loc_00416f9f ; jmp 0x416f9f loc_00417041: mov ecx, dword [esp + 0x10] test ecx, ecx je short loc_0041706f ; je 0x41706f mov ebx, dword [esp + 0x14] test ebx, ebx je short loc_0041706f ; je 0x41706f push 0xffffff push 0x1e push 0x1e lea eax, [ebx - 0xf] push eax lea eax, [ecx - 0xf] push eax push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 loc_0041706f: cmp dword [ref_0048be18], 0 ; cmp dword [0x48be18], 0 je short loc_004170ea ; je 0x4170ea mov edx, dword [ref_0048be1c] ; mov edx, dword [0x48be1c] mov ecx, edx shl ecx, 2 sub ecx, edx shl ecx, 2 sub ecx, edx shl ecx, 3 add ecx, edx shl ecx, 6 sar ecx, 0x10 mov edx, dword [ref_0048be20] ; mov edx, dword [0x48be20] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 6 sar eax, 0x10 lea edx, [ecx + 0x1b8] cmp edx, dword [esp + 0x10] jne short loc_004170c7 ; jne 0x4170c7 lea edx, [eax + ebp] cmp edx, dword [esp + 0x14] je short loc_004170ea ; je 0x4170ea loc_004170c7: push 0xff0000 push 0x1e push 0x1e add eax, ebp sub eax, 0xf push eax add ecx, 0x1a9 push ecx push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 loc_004170ea: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall cmp dword [esp + 0x2c], 0 je short loc_00417164 ; je 0x417164 mov dword [esp + 4], ebp add ebp, 0xc8 mov dword [esp + 0xc], ebp mov dword [esp], 0x1b8 mov dword [esp + 8], 0x280 mov eax, esp push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [esp + 0x10] push ebx mov esi, dword [esp + 0x10] push esi push eax call dword [edx + 0x1c] ; ucall mov eax, esp push eax call fcn_004174cd ; call 0x4174cd add esp, 4 mov eax, esp push eax call fcn_00402250 ; call 0x402250 add esp, 4 jmp short loc_00417179 ; jmp 0x417179 loc_00417164: cmp ebp, 0x50 jne short loc_00417172 ; jne 0x417172 or byte [ref_00475110], 8 ; or byte [0x475110], 8 jmp short loc_00417179 ; jmp 0x417179 loc_00417172: or byte [ref_00475110], 0x10 ; or byte [0x475110], 0x10 loc_00417179: add esp, 0x18 pop ebp pop edi pop esi pop ebx ret ref_00417181: ; may contain a jump table dd loc_00417302 dd loc_00417353 dd loc_00417401 dd loc_00417302 fcn_00417191: push ebx push ebp sub esp, 0x10 mov eax, dword [ref_0048bdec] ; mov eax, dword [0x48bdec] mov dword [esp], eax mov eax, dword [ref_0048bde8] ; mov eax, dword [0x48bde8] mov dword [esp + 4], eax mov eax, dword [esp] mov edx, dword [ref_0048bdd8] ; mov edx, dword [0x48bdd8] add eax, edx mov dword [esp + 8], eax mov eax, dword [esp + 4] mov ecx, dword [ref_0048bddc] ; mov ecx, dword [0x48bddc] add eax, ecx mov dword [esp + 0xc], eax mov eax, esp push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048bdec] ; mov eax, dword [0x48bdec] cmp eax, dword [ref_00475284] ; cmp eax, dword [0x475284] jne short loc_004171f2 ; jne 0x4171f2 mov eax, dword [ref_0048bde8] ; mov eax, dword [0x48bde8] cmp eax, dword [ref_00475288] ; cmp eax, dword [0x475288] jne short loc_004171f2 ; jne 0x4171f2 cmp dword [esp + 0x1c], 0 jne short loc_0041724d ; jne 0x41724d loc_004171f2: mov eax, dword [ref_00475284] ; mov eax, dword [0x475284] mov dword [ref_0048bdec], eax ; mov dword [0x48bdec], eax mov eax, dword [ref_00475288] ; mov eax, dword [0x475288] mov dword [ref_0048bde8], eax ; mov dword [0x48bde8], eax mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ebx, [esp + 4] push ebx mov ebp, dword [ref_0048a0e0] ; mov ebp, dword [0x48a0e0] push ebp mov ecx, dword [esp + 0x10] push ecx mov ebx, dword [esp + 0x10] push ebx push eax call dword [edx + 0x1c] ; ucall cmp dword [esp + 0x1c], 0 jne short loc_0041724d ; jne 0x41724d cmp byte [ref_0046cafd], 0 ; cmp byte [0x46cafd], 0 jne near loc_004174c7 ; jne 0x4174c7 mov eax, esp push eax call fcn_00402250 ; call 0x402250 add esp, 4 jmp near loc_004174c7 ; jmp 0x4174c7 loc_0041724d: xor ebx, ebx imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+56)], 0 ; cmp byte [eax + 0x496ba0], 0 je short loc_00417264 ; je 0x417264 mov ebx, 2 loc_00417264: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+57)], 0 ; cmp byte [eax + 0x496ba1], 0 je short loc_00417279 ; je 0x417279 mov ebx, 4 loc_00417279: mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a078] ; mov eax, dword [0x48a078] sar eax, 1 mov word [ref_0046caec], ax ; mov word [0x46caec], ax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax mov eax, dword [ref_00475288] ; mov eax, dword [0x475288] push eax mov edx, dword [ref_00475284] ; mov edx, dword [0x475284] push edx mov edx, dword [ref_0048bdd4] ; mov edx, dword [0x48bdd4] add edx, ebx mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048be04] ; mov eax, dword [0x48be04] add eax, 0xc add edx, eax push edx push ref_0046caec ; push 0x46caec call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov al, byte [eax + (_players+17)] ; mov al, byte [eax + 0x496b79] and al, 3 cmp al, 3 ja near loc_004174a3 ; ja 0x4174a3 and eax, 0xff jmp dword [eax*4 + ref_00417181] ; ujmp: jmp dword [eax*4 + 0x417181] loc_00417302: imul edx, dword [_current_player], 0x68 ; imul edx, dword [0x49910c], 0x68 mov eax, dword [ref_00475288] ; mov eax, dword [0x475288] add eax, 0x1a cmp byte [edx + (_players+56)], 0 ; cmp byte [edx + 0x496ba0], 0 jne short loc_0041733f ; jne 0x41733f push eax mov eax, dword [ref_00475284] ; mov eax, dword [0x475284] add eax, 7 push eax mov eax, dword [ref_0048be04] ; mov eax, dword [0x48be04] add eax, 0x60 loc_0041732c: push eax push ref_0046caec ; push 0x46caec call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 jmp near loc_004174a3 ; jmp 0x4174a3 loc_0041733f: push eax mov eax, dword [ref_00475284] ; mov eax, dword [0x475284] add eax, 8 push eax mov eax, dword [ref_0048be04] ; mov eax, dword [0x48be04] add eax, 0x54 jmp short loc_0041732c ; jmp 0x41732c loc_00417353: xor ebx, ebx jmp short loc_00417361 ; jmp 0x417361 loc_00417357: inc ebx cmp ebx, 2 jge near loc_004174a3 ; jge 0x4174a3 loc_00417361: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor edx, edx mov dl, byte [eax + (_players+18)] ; mov dl, byte [eax + 0x496b7a] dec edx cmp ebx, edx jg short loc_004173c7 ; jg 0x4173c7 cmp byte [eax + (_players+56)], 0 ; cmp byte [eax + 0x496ba0], 0 jne short loc_004173c7 ; jne 0x4173c7 mov eax, ebx shl eax, 2 add eax, ebx shl eax, 2 sub eax, ebx add eax, dword [ref_00475288] ; add eax, dword [0x475288] add eax, 0x10 push eax mov eax, dword [ref_00475284] ; mov eax, dword [0x475284] add eax, 7 push eax lea edx, [ebx + ebx + 7] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048be04] ; mov eax, dword [0x48be04] add eax, 0xc loc_004173b5: add eax, edx push eax push ref_0046caec ; push 0x46caec call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 jmp short loc_00417357 ; jmp 0x417357 loc_004173c7: mov eax, ebx shl eax, 2 add eax, ebx shl eax, 2 sub eax, ebx add eax, dword [ref_00475288] ; add eax, dword [0x475288] add eax, 0x10 push eax mov eax, dword [ref_00475284] ; mov eax, dword [0x475284] add eax, 8 push eax lea eax, [ebx + ebx] lea edx, [eax + 6] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048be04] ; mov edx, dword [0x48be04] add edx, 0xc jmp short loc_004173b5 ; jmp 0x4173b5 loc_00417401: xor ebx, ebx jmp short loc_0041740f ; jmp 0x41740f loc_00417405: inc ebx cmp ebx, 3 jge near loc_004174a3 ; jge 0x4174a3 loc_0041740f: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor edx, edx mov dl, byte [eax + (_players+18)] ; mov dl, byte [eax + 0x496b7a] dec edx cmp ebx, edx jg short loc_00417470 ; jg 0x417470 cmp byte [eax + (_players+56)], 0 ; cmp byte [eax + 0x496ba0], 0 jne short loc_00417470 ; jne 0x417470 mov eax, ebx shl eax, 4 add eax, dword [ref_00475288] ; add eax, dword [0x475288] add eax, 9 push eax mov eax, dword [ref_00475284] ; mov eax, dword [0x475284] add eax, 7 push eax lea eax, [ebx + ebx] lea edx, [eax + 7] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048be04] ; mov eax, dword [0x48be04] add eax, 0xc loc_0041745e: add eax, edx push eax push ref_0046caec ; push 0x46caec call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 jmp short loc_00417405 ; jmp 0x417405 loc_00417470: mov eax, ebx shl eax, 4 add eax, dword [ref_00475288] ; add eax, dword [0x475288] add eax, 9 push eax mov eax, dword [ref_00475284] ; mov eax, dword [0x475284] add eax, 8 push eax lea eax, [ebx + ebx] lea edx, [eax + 6] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048be04] ; mov edx, dword [0x48be04] add edx, 0xc jmp short loc_0041745e ; jmp 0x41745e loc_004174a3: mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov eax, esp push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov word [ref_0046caec], 0x280 ; mov word [0x46caec], 0x280 loc_004174c7: add esp, 0x10 pop ebp pop ebx ret fcn_004174cd: push ebx sub esp, 0x20 cmp byte [ref_0046cafd], 0 ; cmp byte [0x46cafd], 0 je short loc_00417530 ; je 0x417530 mov eax, dword [ref_00475284] ; mov eax, dword [0x475284] mov dword [esp + 0x10], eax mov eax, dword [ref_00475288] ; mov eax, dword [0x475288] mov dword [esp + 0x14], eax mov eax, dword [esp + 0x10] mov edx, dword [ref_0048bdd8] ; mov edx, dword [0x48bdd8] add eax, edx mov dword [esp + 0x18], eax mov eax, dword [esp + 0x14] mov ecx, dword [ref_0048bddc] ; mov ecx, dword [0x48bddc] add eax, ecx mov dword [esp + 0x1c], eax mov ebx, dword [esp + 0x28] push ebx lea eax, [esp + 0x14] push eax lea eax, [esp + 8] push eax call dword [cs:__imp__IntersectRect@12] ; ucall: call dword cs:[0x4622f4] test eax, eax je short loc_00417530 ; je 0x417530 push 1 call fcn_00417191 ; call 0x417191 add esp, 4 loc_00417530: add esp, 0x20 pop ebx ret ref_00417535: ; may contain a jump table dd loc_00417637 dd loc_0041766f dd loc_0041769f dd loc_004176cd ref_00417545: ; may contain a jump table dd loc_004179c6 dd loc_00417a24 dd loc_00417a24 dd loc_004179df dd loc_00417a86 fcn_00417559: push ebx push esi push edi push ebp sub esp, 0x50 mov edx, dword [esp + 0x68] sub edx, 0x28 mov dword [esp + 0x68], edx push edx mov edi, dword [esp + 0x68] push edi call fcn_0040a9d7 ; call 0x40a9d7 add esp, 8 mov dword [esp + 0x4c], eax test eax, eax jle short loc_00417588 ; jle 0x417588 cmp eax, 0x2710 jl short loc_004175a0 ; jl 0x4175a0 loc_00417588: test byte [esp + 0x4d], 0x80 je near loc_00417c5f ; je 0x417c5f test word [esp + 0x4c], 0x7fff je near loc_00417c5f ; je 0x417c5f loc_004175a0: mov ebp, dword [esp + 0x4c] cmp ebp, 0x7d0 jge short loc_004175c4 ; jge 0x4175c4 mov eax, ebp shl eax, 2 add eax, ebp mov ecx, dword [ref_00498e80] ; mov ecx, dword [0x498e80] cmp byte [ecx + eax*8 + 4], 0 je near loc_00417c5f ; je 0x417c5f loc_004175c4: push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 push 0 call fcn_00417191 ; call 0x417191 add esp, 4 mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] movsx eax, word [eax + 0xe] cmp eax, dword [esp + 0x68] setle al movzx ebp, al mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] movsx eax, word [eax + 0xc] mov ecx, 0x1b8 sub ecx, eax mov eax, ecx cmp eax, dword [esp + 0x64] jge short loc_0041760b ; jge 0x41760b add ebp, 2 loc_0041760b: mov edi, dword [ref_0048bad8] ; mov edi, dword [0x48bad8] movsx ecx, word [edi + 0xc] mov eax, ecx mov edx, ecx sar edx, 0x1f sub eax, edx sar eax, 1 add eax, 9 cmp ebp, 3 ja near loc_004176fe ; ja 0x4176fe mov edx, ebp shl edx, 2 jmp dword [edx + ref_00417535] ; ujmp: jmp dword [edx + 0x417535] loc_00417637: mov ecx, dword [esp + 0x64] mov dword [esp + 0x3c], ecx mov ecx, dword [esp + 0x68] mov dword [esp + 0x40], ecx movsx ecx, word [edi + 0xc] mov ebx, dword [esp + 0x64] add ebx, ecx mov dword [esp + 0x44], ebx movsx ecx, word [edi + 0xe] mov ebx, dword [esp + 0x68] add ebx, ecx mov dword [esp + 0x48], ebx mov esi, eax loc_00417665: mov ebx, 0x2a jmp near loc_004176fe ; jmp 0x4176fe loc_0041766f: mov ecx, dword [esp + 0x64] mov dword [esp + 0x3c], ecx movsx ecx, word [edi + 0xe] mov ebx, dword [esp + 0x68] sub ebx, ecx mov dword [esp + 0x40], ebx movsx ecx, word [edi + 0xc] mov ebx, dword [esp + 0x64] add ebx, ecx mov dword [esp + 0x44], ebx mov ecx, dword [esp + 0x68] mov dword [esp + 0x48], ecx mov esi, eax jmp short loc_004176f9 ; jmp 0x4176f9 loc_0041769f: mov ebx, dword [esp + 0x64] sub ebx, ecx mov dword [esp + 0x3c], ebx mov ecx, dword [esp + 0x68] mov dword [esp + 0x40], ecx mov ecx, dword [esp + 0x64] mov dword [esp + 0x44], ecx movsx ecx, word [edi + 0xe] mov ebx, dword [esp + 0x68] add ebx, ecx mov dword [esp + 0x48], ebx mov esi, eax neg esi jmp short loc_00417665 ; jmp 0x417665 loc_004176cd: mov ebx, dword [esp + 0x64] sub ebx, ecx mov dword [esp + 0x3c], ebx movsx ecx, word [edi + 0xe] mov ebx, dword [esp + 0x68] sub ebx, ecx mov dword [esp + 0x40], ebx mov ecx, dword [esp + 0x64] mov dword [esp + 0x44], ecx mov ecx, dword [esp + 0x68] mov dword [esp + 0x48], ecx mov esi, eax neg esi loc_004176f9: mov ebx, 0xffffffa0 loc_004176fe: mov eax, dword [esp + 0x3c] mov dword [ref_0048bdf4], eax ; mov dword [0x48bdf4], eax mov eax, dword [esp + 0x40] add eax, 0x28 mov dword [ref_0048bdf0], eax ; mov dword [0x48bdf0], eax add esi, dword [esp + 0x64] mov edi, dword [esp + 0x68] add edi, 0x28 add ebx, edi push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ecx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [ecx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] movsx ecx, word [eax + 0xe] push ecx movsx eax, word [eax + 0xc] push eax mov eax, dword [ref_0048bdf0] ; mov eax, dword [0x48bdf0] push eax mov edx, dword [ref_0048bdf4] ; mov edx, dword [0x48bdf4] push edx mov ecx, dword [ref_0048bde0] ; mov ecx, dword [0x48bde0] push ecx push ref_0046caec ; push 0x46caec call fcn_00451a97 ; call 0x451a97 add esp, 0x18 push edi mov edi, dword [esp + 0x68] push edi mov ecx, dword [ref_0048bad8] ; mov ecx, dword [0x48bad8] mov eax, ebp shl eax, 2 sub eax, ebp shl eax, 2 add ecx, 0xc add eax, ecx push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [esp + 0x4c] test eax, eax jle short loc_004177ed ; jle 0x4177ed cmp eax, 0x7d0 jge short loc_004177ed ; jge 0x4177ed mov ecx, eax shl eax, 2 add ecx, eax shl ecx, 3 mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] loc_004177d1: add eax, ecx push 2 add ebx, 0x1b push ebx push esi add eax, 4 loc_004177dd: push eax loc_004177de: push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 jmp near loc_00417bfe ; jmp 0x417bfe loc_004177ed: mov ecx, dword [esp + 0x4c] cmp ecx, 0x7d0 jle near loc_00417942 ; jle 0x417942 cmp ecx, 0xfa0 jge near loc_00417942 ; jge 0x417942 lea edi, [ecx - 0x7d0] imul edi, edi, 0x34 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add edi, eax movzx ebp, byte [edi + 0x19] test ebp, ebp je short loc_0041783c ; je 0x41783c push 2 push ebx push esi lea eax, [ebp - 1] imul eax, eax, 0x68 mov ebp, dword [eax + (_players+0)] ; mov ebp, dword [eax + 0x496b68] push ebp push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 loc_0041783c: movzx ebp, byte [edi + 0x1a] add ebx, 0x12 test ebp, ebp jne short loc_00417853 ; jne 0x417853 push 2 push ebx push esi push ref_00463819 ; push 0x463819 push ebp jmp short loc_00417874 ; jmp 0x417874 loc_00417853: cmp byte [edi + 0x18], 0 je short loc_00417866 ; je 0x417866 push 2 push ebx push esi push ref_0046390c ; push 0x46390c push 0 jmp short loc_00417874 ; jmp 0x417874 loc_00417866: push 2 push ebx push esi mov edx, dword [ebp*4 + ref_00475138] ; mov edx, dword [ebp*4 + 0x475138] push edx push 0 loc_00417874: call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 add ebx, 0x12 push ebx push esi mov ecx, dword [ebp*4 + ref_00475164] ; mov ecx, dword [ebp*4 + 0x475164] push ecx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov byte [esp], 0x24 add ebx, 0x12 mov dl, byte [edi + 0x19] test dl, dl je near loc_00417928 ; je 0x417928 cmp byte [edi + 0x18], 0 je short loc_0041790a ; je 0x41790a xor eax, eax mov al, dl push eax call fcn_0041970f ; call 0x41970f mov edi, eax add esp, 4 mov ecx, dword [ref_004990e8] ; mov ecx, dword [0x4990e8] mov eax, ecx shl eax, 2 sub eax, ecx shl eax, 3 add eax, ecx shl eax, 4 mov ecx, eax shl eax, 2 add eax, ecx push eax lea eax, [esp + 5] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push edi push ref_00463913 ; push 0x463913 lea eax, [esp + 0x30] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc lea eax, [esp + 0x28] push eax lea eax, [esp + 4] push eax call fcn_004582fc ; call 0x4582fc jmp short loc_0041793a ; jmp 0x41793a loc_0041790a: lea eax, [edi + 4] push eax xor eax, eax mov al, dl push eax call fcn_00419744 ; call 0x419744 add esp, 8 push eax lea eax, [esp + 5] push eax call fcn_00452793 ; call 0x452793 jmp short loc_0041793a ; jmp 0x41793a loc_00417928: xor eax, eax mov ax, word [edi + ebp*2 + 0x20] push eax lea eax, [esp + 5] push eax call fcn_00452793 ; call 0x452793 loc_0041793a: add esp, 8 jmp near loc_00417a17 ; jmp 0x417a17 loc_00417942: mov ebp, dword [esp + 0x4c] cmp ebp, 0xfa0 jle near loc_00417ae4 ; jle 0x417ae4 cmp ebp, 0x1770 jge near loc_00417ae4 ; jge 0x417ae4 lea eax, [ebp - 0xfa0] shl eax, 3 mov ecx, eax shl eax, 3 sub eax, ecx mov edi, dword [ref_00498e88] ; mov edi, dword [0x498e88] add edi, eax movzx ebp, byte [edi + 0x19] test ebp, ebp je short loc_00417999 ; je 0x417999 push 2 push ebx push esi lea eax, [ebp - 1] imul eax, eax, 0x68 mov ebp, dword [eax + (_players+0)] ; mov ebp, dword [eax + 0x496b68] push ebp push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 loc_00417999: cmp byte [edi + 0x1a], 0 jne short loc_004179b0 ; jne 0x4179b0 push 2 add ebx, 0x1b push ebx push esi push ref_00463819 ; push 0x463819 jmp near loc_004177de ; jmp 0x4177de loc_004179b0: mov al, byte [edi + 0x18] cmp al, 4 ja near loc_00417bfe ; ja 0x417bfe xor ecx, ecx mov cl, al jmp dword [ecx*4 + ref_00417545] ; ujmp: jmp dword [ecx*4 + 0x417545] loc_004179c6: push 2 add ebx, 0x1b push ebx push esi and eax, 0xff mov ebx, dword [eax*4 + ref_00475150] ; mov ebx, dword [eax*4 + 0x475150] loc_004179d9: push ebx jmp near loc_004177de ; jmp 0x4177de loc_004179df: push 2 add ebx, 0x1b push ebx push esi and eax, 0xff mov edi, dword [eax*4 + ref_00475150] ; mov edi, dword [eax*4 + 0x475150] push edi push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x3e8 push ref_00463913 ; push 0x463913 loc_00417a07: lea eax, [esp + 8] push eax add ebx, 0x1b loc_00417a0f: call fcn_00457110 ; call 0x457110 add esp, 0xc loc_00417a17: push 2 push ebx push esi lea eax, [esp + 0xc] jmp near loc_004177dd ; jmp 0x4177dd loc_00417a24: push 2 add ebx, 0x12 push ebx push esi xor eax, eax mov al, byte [edi + 0x18] mov ebp, dword [eax*4 + ref_00475150] ; mov ebp, dword [eax*4 + 0x475150] push ebp push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 add ebx, 0x12 push ebx push esi xor eax, eax mov al, byte [edi + 0x1a] mov edx, dword [eax*4 + ref_00475164] ; mov edx, dword [eax*4 + 0x475164] push edx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor eax, eax mov al, byte [edi + 0x1a] add eax, eax add ebx, 0x12 add edi, eax xor eax, eax mov ax, word [edi + 0x24] imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] push eax push ref_00463913 ; push 0x463913 lea eax, [esp + 8] push eax jmp short loc_00417a0f ; jmp 0x417a0f loc_00417a86: push 2 add ebx, 0x12 push ebx push esi and eax, 0xff mov edx, dword [eax*4 + ref_00475150] ; mov edx, dword [eax*4 + 0x475150] push edx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 add ebx, 0x12 push ebx push esi xor eax, eax mov al, byte [edi + 0x1a] mov ecx, dword [eax*4 + ref_00475164] ; mov ecx, dword [eax*4 + 0x475164] push ecx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 cmp byte [edi + 0x1e], 0 je near loc_00417bfe ; je 0x417bfe push 2 add ebx, 0x12 push ebx push esi xor eax, eax mov al, byte [edi + 0x1d] mov ebx, dword [eax*8 + ref_0047ff1a] ; mov ebx, dword [eax*8 + 0x47ff1a] jmp near loc_004179d9 ; jmp 0x4179d9 loc_00417ae4: mov edx, dword [esp + 0x4c] cmp edx, 0x1770 jle short loc_00417b4f ; jle 0x417b4f cmp edx, 0x1f40 jge short loc_00417b4f ; jge 0x417b4f lea eax, [edx - 0x1770] imul eax, eax, 0x34 mov edi, dword [ref_00498e7c] ; mov edi, dword [0x498e7c] add edi, eax movzx ebp, byte [edi + 0x18] test ebp, ebp je short loc_00417b2c ; je 0x417b2c push 2 push ebx push esi lea eax, [ebp - 1] imul eax, eax, 0x68 mov edx, dword [eax + (_players+0)] ; mov edx, dword [eax + 0x496b68] push edx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 loc_00417b2c: push 2 add ebx, 0x1b push ebx push esi lea eax, [edi + 4] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov ecx, dword [edi + 0x30] push ecx push ref_00463918 ; push 0x463918 jmp near loc_00417a07 ; jmp 0x417a07 loc_00417b4f: mov edi, dword [esp + 0x4c] cmp edi, 0x1f40 jle short loc_00417b7e ; jle 0x417b7e cmp edi, 0x2710 jge short loc_00417b7e ; jge 0x417b7e lea eax, [edi - 0x1f40] shl eax, 2 mov ecx, eax shl eax, 3 sub eax, ecx mov ecx, dword [ref_00498e78] ; mov ecx, dword [0x498e78] jmp near loc_004177d1 ; jmp 0x4177d1 loc_00417b7e: test byte [esp + 0x4c], 0xff je short loc_00417bad ; je 0x417bad mov ecx, dword [esp + 0x4c] push ecx call fcn_0040d293 ; call 0x40d293 add esp, 4 cmp eax, 4 jl short loc_00417ba1 ; jl 0x417ba1 mov ebp, dword [eax*4 + ref_0047ed5a] ; mov ebp, dword [eax*4 + 0x47ed5a] push ebp jmp short loc_00417bdb ; jmp 0x417bdb loc_00417ba1: imul eax, eax, 0x68 mov edi, dword [eax + (_players+0)] ; mov edi, dword [eax + 0x496b68] push edi jmp short loc_00417bdb ; jmp 0x417bdb loc_00417bad: mov eax, dword [esp + 0x4c] and eax, 0x7f00 sar eax, 8 mov dword [esp + 0x4c], eax lea ecx, [eax - 1] mov eax, ecx shl eax, 2 sub eax, ecx mov al, byte [eax*8 + ref_00496d08] ; mov al, byte [eax*8 + 0x496d08] and eax, 0xff mov edx, dword [eax*4 + ref_0047ed76] ; mov edx, dword [eax*4 + 0x47ed76] push edx loc_00417bdb: lea eax, [esp + 4] push eax call fcn_00457d96 ; call 0x457d96 add esp, 8 push 2 add ebx, 0x19 push ebx push esi lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 loc_00417bfe: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ecx, dword [eax] push 0 push eax call dword [ecx + 0x80] ; ucall lea eax, [esp + 0x3c] push eax add dword [esp + 0x44], 0x28 add dword [esp + 0x4c], 0x28 call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov ecx, dword [eax] push 0x10 lea ebx, [esp + 0x40] push ebx mov edi, dword [ref_0048a0e0] ; mov edi, dword [0x48a0e0] push edi mov ebp, dword [esp + 0x4c] push ebp mov edx, dword [esp + 0x4c] push edx push eax call dword [ecx + 0x1c] ; ucall lea eax, [esp + 0x3c] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov dword [ref_00475270], 1 ; mov dword [0x475270], 1 loc_00417c5f: add esp, 0x50 pop ebp pop edi pop esi pop ebx ret fcn_00417c67: push ebx push esi push edi push ebp sub esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov edx, dword [ref_0048bdf0] ; mov edx, dword [0x48bdf0] push edx mov ecx, dword [ref_0048bdf4] ; mov ecx, dword [0x48bdf4] push ecx mov ebx, dword [ref_0048bde0] ; mov ebx, dword [0x48bde0] push ebx mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov eax, dword [ref_0048bdf4] ; mov eax, dword [0x48bdf4] mov dword [esp], eax mov eax, dword [ref_0048bdf0] ; mov eax, dword [0x48bdf0] mov dword [esp + 4], eax mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] movsx edx, word [eax + 0xc] mov ecx, dword [esp] add ecx, edx mov dword [esp + 8], ecx movsx eax, word [eax + 0xe] mov edx, dword [esp + 4] add edx, eax mov dword [esp + 0xc], edx mov eax, esp push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov edi, dword [ref_0048a0e0] ; mov edi, dword [0x48a0e0] push edi mov ebp, dword [esp + 0x10] push ebp mov ecx, dword [esp + 0x10] push ecx push eax call dword [edx + 0x1c] ; ucall mov eax, esp push eax call fcn_00402250 ; call 0x402250 add esp, 4 xor ebx, ebx mov dword [ref_00475270], ebx ; mov dword [0x475270], ebx push 1 call fcn_00417191 ; call 0x417191 jmp near loc_00415f44 ; jmp 0x415f44 endloc_00417d36: db 0x8d db 0x40 db 0x00 ref_00417d39: ; may contain a jump table dd loc_00417d9f dd loc_00417dad dd loc_00417db6 dd loc_00417dbd dd loc_00417dcb dd loc_00417dd2 dd loc_00417dd9 dd loc_00417de0 dd loc_00417de7 dd loc_00417dee dd loc_00417df5 fcn_00417d65: push ebx push 0 call fcn_00402460 ; call 0x402460 add esp, 4 call fcn_00419703 ; call 0x419703 mov dword [ref_0048bde4], 0xffffffff ; mov dword [0x48bde4], 0xffffffff push 1 call fcn_00415d31 ; call 0x415d31 add esp, 4 mov ecx, dword [esp + 8] cmp ecx, 0xa ja near loc_00417dff ; ja 0x417dff mov eax, ecx jmp dword [eax*4 + ref_00417d39] ; ujmp: jmp dword [eax*4 + 0x417d39] loc_00417d9f: push 0x3c push 0x14 call help_ui ; call 0x44eb39 add esp, 8 jmp short loc_00417dff ; jmp 0x417dff loc_00417dad: push 1 call options_ui ; call 0x411b53 jmp short loc_00417dfc ; jmp 0x417dfc loc_00417db6: call hosted_ai_ui ; call 0x41e345 jmp short loc_00417dff ; jmp 0x417dff loc_00417dbd: push 1 call game_load_ui ; call 0x403d74 add esp, 4 mov ebx, eax jmp short loc_00417dff ; jmp 0x417dff loc_00417dcb: call game_save_ui ; call 0x404165 jmp short loc_00417dff ; jmp 0x417dff loc_00417dd2: call map_ui ; call 0x40a9bd jmp short loc_00417dff ; jmp 0x417dff loc_00417dd9: call query_user_ui ; call 0x424492 jmp short loc_00417dff ; jmp 0x417dff loc_00417de0: call tools_ui ; call 0x447d97 jmp short loc_00417dff ; jmp 0x417dff loc_00417de7: call cards_ui ; call 0x441baa jmp short loc_00417dff ; jmp 0x417dff loc_00417dee: call sales_ui ; call 0x4284be jmp short loc_00417dff ; jmp 0x417dff loc_00417df5: push 0 call stocks_ui ; call 0x42b58f loc_00417dfc: add esp, 4 loc_00417dff: call fcn_0040defe ; call 0x40defe cmp eax, 1 jne short loc_00417e24 ; jne 0x417e24 cmp dword [esp + 8], 3 jne short loc_00417e15 ; jne 0x417e15 cmp ebx, 0xffffffff jne short loc_00417e24 ; jne 0x417e24 loc_00417e15: call fcn_004196f1 ; call 0x4196f1 push 1 call fcn_00402460 ; call 0x402460 add esp, 4 loc_00417e24: pop ebx ret fcn_00417e26: push ebx push esi push edi push ebp sub esp, 0x24 mov esi, dword [esp + 0x38] mov eax, dword [esp + 0x3c] mov ecx, dword [esp + 0x40] mov edx, dword [esp + 0x44] cmp dword [ref_00475118], 0 ; cmp dword [0x475118], 0 jne short loc_00417e56 ; jne 0x417e56 loc_00417e46: push edx push ecx push eax push esi call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_00418c32 ; jmp 0x418c32 loc_00417e56: mov ebx, edx shr ebx, 0x10 and ebx, 0xffff cmp eax, 0x201 jb short loc_00417e95 ; jb 0x417e95 jbe near loc_00418151 ; jbe 0x418151 cmp eax, 0x203 jb near loc_004186cb ; jb 0x4186cb jbe near loc_00418151 ; jbe 0x418151 cmp eax, 0x205 jb short loc_00417e46 ; jb 0x417e46 jbe near loc_00418893 ; jbe 0x418893 cmp eax, 0x401 je short loc_00417eba ; je 0x417eba jmp short loc_00417e46 ; jmp 0x417e46 loc_00417e95: cmp eax, 0x113 jb short loc_00417eaf ; jb 0x417eaf jbe near loc_00418b7a ; jbe 0x418b7a cmp eax, 0x200 je near loc_00418910 ; je 0x418910 jmp short loc_00417e46 ; jmp 0x417e46 loc_00417eaf: cmp eax, 0xf je near loc_00418bb9 ; je 0x418bb9 jmp short loc_00417e46 ; jmp 0x417e46 loc_00417eba: push 1 push 2 push 0 push 0x101010 push 0xc call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 0 push 0x50 push 0xa push ref_00463920 ; push 0x463920 mov eax, dword [ref_0048be0c] ; mov eax, dword [0x48be0c] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 0x91 push 0xa push ref_00463927 ; push 0x463927 mov eax, dword [ref_0048be0c] ; mov eax, dword [0x48be0c] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 0xd0 push 0xa push ref_0046392e ; push 0x46392e mov eax, dword [ref_0048be0c] ; mov eax, dword [0x48be0c] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 0x50 push 0xa push ref_00463935 ; push 0x463935 mov eax, dword [ref_0048be0c] ; mov eax, dword [0x48be0c] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 0x91 push 0xa push ref_0046390c ; push 0x46390c mov eax, dword [ref_0048be0c] ; mov eax, dword [0x48be0c] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 0xd0 push 0xa push ref_0046393c ; push 0x46393c mov eax, dword [ref_0048be0c] ; mov eax, dword [0x48be0c] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 0x50 push 0xa push ref_00463943 ; push 0x463943 mov eax, dword [ref_0048be0c] ; mov eax, dword [0x48be0c] add eax, 0x24 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 0x91 push 0xa push ref_0046394a ; push 0x46394a mov eax, dword [ref_0048be0c] ; mov eax, dword [0x48be0c] add eax, 0x24 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 0xd0 push 0xa push ref_00463951 ; push 0x463951 mov eax, dword [ref_0048be0c] ; mov eax, dword [0x48be0c] add eax, 0x24 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 0x50 push 0xa push ref_00463958 ; push 0x463958 mov eax, dword [ref_0048be0c] ; mov eax, dword [0x48be0c] add eax, 0x30 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 0x91 push 0xa push ref_0046395f ; push 0x46395f mov eax, dword [ref_0048be0c] ; mov eax, dword [0x48be0c] add eax, 0x30 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 0xd0 push 0xa push ref_00463966 ; push 0x463966 mov eax, dword [ref_0048be0c] ; mov eax, dword [0x48be0c] add eax, 0x30 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor edi, edi mov dword [ref_0048be24], edi ; mov dword [0x48be24], edi push 1 push 2 push edi push 0x101010 push 0xc call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push ref_00463920 ; push 0x463920 lea eax, [esp + 4] push eax call fcn_00452946 ; call 0x452946 add esp, 8 push edi push 0x28 push 0x5a lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048be0c] ; mov eax, dword [0x48be0c] add eax, 0x3c push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push ref_00463927 ; push 0x463927 lea eax, [esp + 4] push eax call fcn_00452946 ; call 0x452946 add esp, 8 push edi push 0x3e push 0x5a lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048be0c] ; mov eax, dword [0x48be0c] add eax, 0x3c push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_00475284] ; mov eax, dword [0x475284] mov dword [ref_0048bdec], eax ; mov dword [0x48bdec], eax mov eax, dword [ref_00475288] ; mov eax, dword [0x475288] mov dword [ref_0048bde8], eax ; mov dword [0x48bde8], eax mov eax, dword [ref_0048be04] ; mov eax, dword [0x48be04] movsx edx, word [eax + 0xc] mov dword [ref_0048bdd8], edx ; mov dword [0x48bdd8], edx movsx eax, word [eax + 0xe] mov dword [ref_0048bddc], eax ; mov dword [0x48bddc], eax mov dword [ref_0048bdd4], edi ; mov dword [0x48bdd4], edi push edi push 0x1f4 mov eax, dword [_callbackSize] ; mov eax, dword [0x46cad8] push eax push esi call dword [cs:__imp__SetTimer@16] ; ucall: call dword cs:[0x462324] mov dword [ref_0048bdc8], eax ; mov dword [0x48bdc8], eax mov dword [ref_0048bdd0], edi ; mov dword [0x48bdd0], edi mov dword [ref_00475270], edi ; mov dword [0x475270], edi push 0x1e0 push 0x1b8 push 0x28 push edi call fcn_0045577c ; call 0x45577c add esp, 0x10 mov dword [ref_0048bde4], 0xffffffff ; mov dword [0x48bde4], 0xffffffff xor ah, ah mov byte [ref_0048be28], ah ; mov byte [0x48be28], ah xor dl, dl mov byte [ref_0048be29], dl ; mov byte [0x48be29], dl xor dh, dh mov byte [ref_0048be2a], dh ; mov byte [0x48be2a], dh mov byte [ref_0046cafe], 1 ; mov byte [0x46cafe], 1 push edi push edi push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_00418c30 ; jmp 0x418c30 loc_00418151: cmp byte [ref_0046cafd], 0 ; cmp byte [0x46cafd], 0 je near loc_00418c30 ; je 0x418c30 xor esi, esi mov si, dx shr edx, 0x10 and edx, 0xffff and edx, 0xffff mov ecx, dword [ref_00475284] ; mov ecx, dword [0x475284] cmp esi, ecx jl near loc_004182fa ; jl 0x4182fa mov ebx, dword [ref_0048bdd8] ; mov ebx, dword [0x48bdd8] lea eax, [ecx + ebx] cmp esi, eax jg near loc_004182fa ; jg 0x4182fa mov edi, dword [ref_00475288] ; mov edi, dword [0x475288] cmp edx, edi jl near loc_004182fa ; jl 0x4182fa mov ebp, dword [ref_0048bddc] ; mov ebp, dword [0x48bddc] lea eax, [edi + ebp] cmp edx, eax jg near loc_004182fa ; jg 0x4182fa mov ebx, esi sub ebx, ecx sub edx, edi mov esi, edx mov eax, dword [ref_0048bdd8] ; mov eax, dword [0x48bdd8] imul eax, edx add eax, ebx mov edx, dword [ref_0048be08] ; mov edx, dword [0x48be08] add eax, edx mov dl, byte [eax] add dl, 0xa mov byte [ref_0048be28], dl ; mov byte [0x48be28], dl mov al, byte [eax] add al, 0xa cmp al, 0xc jb short loc_004181f0 ; jb 0x4181f0 jbe near loc_004182b5 ; jbe 0x4182b5 cmp al, 0xd je near loc_004182cd ; je 0x4182cd jmp near loc_00418c30 ; jmp 0x418c30 loc_004181f0: cmp al, 0xb jne near loc_00418c30 ; jne 0x418c30 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+56)], 0 ; cmp byte [eax + 0x496ba0], 0 jne near loc_00418c30 ; jne 0x418c30 push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov al, byte [eax + (_players+17)] ; mov al, byte [eax + 0x496b79] cmp al, 1 jb near loc_004182a6 ; jb 0x4182a6 jbe short loc_0041823b ; jbe 0x41823b cmp al, 2 je short loc_00418274 ; je 0x418274 jmp near loc_004182a6 ; jmp 0x4182a6 loc_0041823b: xor ebx, ebx mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] jmp short loc_0041824b ; jmp 0x41824b loc_00418245: inc ebx cmp ebx, 2 jge short loc_004182a6 ; jge 0x4182a6 loc_0041824b: mov eax, ebx shl eax, 2 add eax, ebx shl eax, 2 sub eax, ebx lea edx, [eax + 0x10] cmp esi, edx jl short loc_00418245 ; jl 0x418245 add eax, 0x20 cmp esi, eax jg short loc_00418245 ; jg 0x418245 mov dl, bl inc dl imul eax, ebp, 0x68 mov byte [eax + (_players+18)], dl ; mov byte [eax + 0x496b7a], dl jmp short loc_00418245 ; jmp 0x418245 loc_00418274: xor ebx, ebx mov edi, dword [_current_player] ; mov edi, dword [0x49910c] jmp short loc_00418284 ; jmp 0x418284 loc_0041827e: inc ebx cmp ebx, 3 jge short loc_004182a6 ; jge 0x4182a6 loc_00418284: mov eax, ebx shl eax, 4 lea edx, [eax + 9] cmp esi, edx jl short loc_0041827e ; jl 0x41827e add eax, 0x19 cmp esi, eax jg short loc_0041827e ; jg 0x41827e mov dl, bl inc dl imul eax, edi, 0x68 mov byte [eax + (_players+18)], dl ; mov byte [eax + 0x496b7a], dl jmp short loc_0041827e ; jmp 0x41827e loc_004182a6: push 1 call fcn_00417191 ; call 0x417191 loc_004182ad: add esp, 4 jmp near loc_00418c30 ; jmp 0x418c30 loc_004182b5: mov dword [ref_0048be2b], ebx ; mov dword [0x48be2b], ebx mov dword [ref_0048be2f], esi ; mov dword [0x48be2f], esi mov byte [ref_0048be2a], 1 ; mov byte [0x48be2a], 1 jmp near loc_00418c30 ; jmp 0x418c30 loc_004182cd: push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 call fcn_00419703 ; call 0x419703 call fcn_0041d546 ; call 0x41d546 call fcn_0040dd1f ; call 0x40dd1f jmp near loc_00418c30 ; jmp 0x418c30 loc_004182fa: cmp byte [ref_0049715d], 2 ; cmp byte [0x49715d], 2 je short loc_0041835f ; je 0x41835f cmp esi, 0x268 jl short loc_0041835f ; jl 0x41835f cmp edx, 0x118 jge short loc_0041835f ; jge 0x41835f mov ebx, 0x46 mov eax, edx sar edx, 0x1f idiv ebx mov ebx, eax mov eax, dword [_current_player] ; mov eax, dword [0x49910c] mov al, byte [eax + ref_0048be24] ; mov al, byte [eax + 0x48be24] and eax, 0xff cmp eax, ebx je near loc_00418c30 ; je 0x418c30 push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] mov byte [eax + ref_0048be24], bl ; mov byte [eax + 0x48be24], bl push 1 call fcn_00415f69 ; call 0x415f69 jmp near loc_004182ad ; jmp 0x4182ad loc_0041835f: cmp byte [ref_0049715d], 1 ; cmp byte [0x49715d], 1 je near loc_00418415 ; je 0x418415 cmp esi, 0x1b8 jle near loc_00418415 ; jle 0x418415 cmp edx, 0x118 jle near loc_00418415 ; jle 0x418415 cmp edx, 0x120 jl near loc_00418c30 ; jl 0x418c30 cmp edx, 0x13a jg near loc_00418c30 ; jg 0x418c30 cmp esi, 0x1c0 jl short loc_004183d8 ; jl 0x4183d8 cmp esi, 0x1da jg short loc_004183d8 ; jg 0x4183d8 cmp byte [ref_00497164], 0 ; cmp byte [0x497164], 0 je short loc_004183d8 ; je 0x4183d8 push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 xor bl, bl mov byte [ref_00497164], bl ; mov byte [0x497164], bl loc_004183cc: push 1 call fcn_004169bc ; call 0x4169bc jmp near loc_004182ad ; jmp 0x4182ad loc_004183d8: cmp esi, 0x1de jl near loc_00418c30 ; jl 0x418c30 cmp esi, 0x1f8 jg near loc_00418c30 ; jg 0x418c30 cmp byte [ref_00497164], 0 ; cmp byte [0x497164], 0 jne near loc_00418c30 ; jne 0x418c30 push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 mov byte [ref_00497164], 1 ; mov byte [0x497164], 1 jmp short loc_004183cc ; jmp 0x4183cc loc_00418415: mov ch, byte [ref_0049715d] ; mov ch, byte [0x49715d] test ch, ch je near loc_00418670 ; je 0x418670 cmp esi, 0x1b8 jle near loc_00418670 ; jle 0x418670 xor eax, eax mov al, ch shl eax, 2 mov ecx, dword [eax + ref_004752aa] ; mov ecx, dword [eax + 0x4752aa] cmp edx, ecx jle near loc_00418670 ; jle 0x418670 lea ebx, [ecx + 0xc8] cmp edx, ebx jge near loc_00418670 ; jge 0x418670 lea ebx, [esi - 0x1b8] mov esi, edx sub esi, ecx cmp ebx, 3 jl near loc_00418591 ; jl 0x418591 cmp ebx, 0x35 jg near loc_00418591 ; jg 0x418591 cmp esi, 3 jl near loc_00418591 ; jl 0x418591 cmp esi, 0x1c jg near loc_00418591 ; jg 0x418591 push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 lea edx, [ebx - 3] mov ebx, 0x19 mov eax, edx sar edx, 0x1f idiv ebx inc eax mov byte [ref_0048be28], al ; mov byte [0x48be28], al xor eax, eax mov al, byte [ref_0048be28] ; mov al, byte [0x48be28] lea edx, [eax - 1] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx lea edx, [eax + 0x1bb] mov dword [esp + 0x14], edx add eax, 0x1d4 mov dword [esp + 0x1c], eax xor edx, edx mov dl, byte [ref_0049715d] ; mov dl, byte [0x49715d] mov eax, dword [edx*4 + ref_004752aa] ; mov eax, dword [edx*4 + 0x4752aa] add eax, 3 mov dword [esp + 0x18], eax mov eax, dword [edx*4 + ref_004752aa] ; mov eax, dword [edx*4 + 0x4752aa] add eax, 0x1c mov dword [esp + 0x20], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ecx, dword [esp + 0x18] push ecx mov ebx, dword [esp + 0x18] push ebx xor edx, edx mov dl, byte [ref_0048be28] ; mov dl, byte [0x48be28] add edx, 0x11 mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] add eax, 0xc add eax, edx push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall lea eax, [esp + 0x14] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ebx, [esp + 0x18] push ebx mov edi, dword [ref_0048a0e0] ; mov edi, dword [0x48a0e0] push edi mov ebp, dword [esp + 0x24] push ebp mov ecx, dword [esp + 0x24] push ecx push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 0x14] push eax call fcn_00402250 ; call 0x402250 jmp near loc_004182ad ; jmp 0x4182ad loc_00418591: mov byte [ref_0048be29], 1 ; mov byte [0x48be29], 1 mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 0xd mov ebx, eax shl eax, 5 sub eax, ebx mov ebx, eax sar ebx, 0x10 mov eax, esi shl eax, 2 sub eax, esi shl eax, 0xd mov esi, eax shl eax, 5 sub eax, esi mov esi, eax sar esi, 0x10 cmp ebx, dword [ref_0048be1c] ; cmp ebx, dword [0x48be1c] jne short loc_004185d8 ; jne 0x4185d8 cmp esi, dword [ref_0048be20] ; cmp esi, dword [0x48be20] je near loc_00418656 ; je 0x418656 loc_004185d8: mov dword [ref_0048be18], 1 ; mov dword [0x48be18], 1 mov dword [ref_0048be1c], ebx ; mov dword [0x48be1c], ebx mov dword [ref_0048be20], esi ; mov dword [0x48be20], esi cmp ebx, 0xdc jge short loc_00418602 ; jge 0x418602 mov dword [ref_0048be1c], 0xdc ; mov dword [0x48be1c], 0xdc jmp short loc_00418614 ; jmp 0x418614 loc_00418602: cmp ebx, 0x824 jle short loc_00418614 ; jle 0x418614 mov dword [ref_0048be1c], 0x824 ; mov dword [0x48be1c], 0x824 loc_00418614: mov edi, dword [ref_0048be20] ; mov edi, dword [0x48be20] cmp edi, 0xdc jge short loc_0041862e ; jge 0x41862e mov dword [ref_0048be20], 0xdc ; mov dword [0x48be20], 0xdc jmp short loc_00418640 ; jmp 0x418640 loc_0041862e: cmp edi, 0x824 jle short loc_00418640 ; jle 0x418640 mov dword [ref_0048be20], 0x824 ; mov dword [0x48be20], 0x824 loc_00418640: push 1 call fcn_00416e6d ; call 0x416e6d add esp, 4 push 1 call fcn_00415e70 ; call 0x415e70 jmp near loc_004182ad ; jmp 0x4182ad loc_00418656: cmp dword [ref_0048be18], 0 ; cmp dword [0x48be18], 0 je near loc_00418c30 ; je 0x418c30 xor edx, edx mov dword [ref_0048be18], edx ; mov dword [0x48be18], edx jmp near loc_00418c30 ; jmp 0x418c30 loc_00418670: cmp esi, 0x1b8 jge short loc_004186a7 ; jge 0x4186a7 cmp edx, 0x28 jge short loc_004186a7 ; jge 0x4186a7 push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 mov ebx, 0x28 mov eax, esi mov edx, esi sar edx, 0x1f idiv ebx add eax, 0x64 mov byte [ref_0048be28], al ; mov byte [0x48be28], al jmp near loc_00418c30 ; jmp 0x418c30 loc_004186a7: cmp esi, 0x1b8 jge near loc_00418c30 ; jge 0x418c30 cmp edx, 0x28 jle near loc_00418c30 ; jle 0x418c30 push edx push esi call fcn_00417559 ; call 0x417559 add esp, 8 jmp near loc_00418c30 ; jmp 0x418c30 loc_004186cb: cmp byte [ref_0046cafd], 0 ; cmp byte [0x46cafd], 0 je near loc_00418c30 ; je 0x418c30 cmp byte [ref_0048be29], 0 ; cmp byte [0x48be29], 0 je short loc_004186f3 ; je 0x4186f3 push 1 call fcn_004024a9 ; call 0x4024a9 add esp, 4 xor dh, dh mov byte [ref_0048be29], dh ; mov byte [0x48be29], dh loc_004186f3: mov bl, byte [ref_0048be28] ; mov bl, byte [0x48be28] cmp bl, 1 je short loc_00418707 ; je 0x418707 cmp bl, 2 jne near loc_00418855 ; jne 0x418855 loc_00418707: cmp byte [ref_0048be28], 1 ; cmp byte [0x48be28], 1 jne short loc_0041873b ; jne 0x41873b mov esi, dword [ref_00499088] ; mov esi, dword [0x499088] dec esi mov dword [ref_00499088], esi ; mov dword [0x499088], esi mov edi, esi and edi, 7 mov dword [ref_00499088], edi ; mov dword [0x499088], edi mov ebp, 0xffffffff mov dword [ref_00474930], ebp ; mov dword [0x474930], ebp mov dword [ref_00474934], ebp ; mov dword [0x474934], ebp jmp short loc_00418762 ; jmp 0x418762 loc_0041873b: mov eax, dword [ref_00499088] ; mov eax, dword [0x499088] inc eax mov dword [ref_00499088], eax ; mov dword [0x499088], eax mov edx, eax and edx, 7 mov dword [ref_00499088], edx ; mov dword [0x499088], edx mov ecx, 0xffffffff mov dword [ref_00474930], ecx ; mov dword [0x474930], ecx mov dword [ref_00474934], ecx ; mov dword [0x474934], ecx loc_00418762: xor edx, edx mov dl, byte [ref_0048be28] ; mov dl, byte [0x48be28] dec edx mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx lea edx, [eax + 0x1bb] mov dword [esp + 0x14], edx add eax, 0x1d4 mov dword [esp + 0x1c], eax xor edx, edx mov dl, byte [ref_0049715d] ; mov dl, byte [0x49715d] mov eax, dword [edx*4 + ref_004752aa] ; mov eax, dword [edx*4 + 0x4752aa] add eax, 3 mov dword [esp + 0x18], eax mov eax, dword [edx*4 + ref_004752aa] ; mov eax, dword [edx*4 + 0x4752aa] add eax, 0x1c mov dword [esp + 0x20], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov edx, dword [esp + 0x18] push edx mov ecx, dword [esp + 0x18] push ecx xor edx, edx mov dl, byte [ref_0048be28] ; mov dl, byte [0x48be28] add edx, 0x13 mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] add eax, 0xc add eax, edx push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall lea eax, [esp + 0x14] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ebx, [esp + 0x18] push ebx mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] push esi mov edi, dword [esp + 0x24] push edi mov ebp, dword [esp + 0x24] push ebp push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 0x14] push eax call fcn_00402250 ; call 0x402250 add esp, 4 push 1 call fcn_00415e70 ; call 0x415e70 jmp short loc_00418875 ; jmp 0x418875 loc_00418855: cmp bl, 0xc jne short loc_00418863 ; jne 0x418863 xor al, al mov byte [ref_0048be2a], al ; mov byte [0x48be2a], al jmp short loc_00418878 ; jmp 0x418878 loc_00418863: cmp bl, 0x64 jb short loc_00418878 ; jb 0x418878 xor eax, eax mov al, bl sub eax, 0x64 push eax call fcn_00417d65 ; call 0x417d65 loc_00418875: add esp, 4 loc_00418878: cmp dword [ref_00475270], 0 ; cmp dword [0x475270], 0 je short loc_00418886 ; je 0x418886 call fcn_00417c67 ; call 0x417c67 loc_00418886: xor dl, dl mov byte [ref_0048be28], dl ; mov byte [0x48be28], dl jmp near loc_00418c30 ; jmp 0x418c30 loc_00418893: xor esi, esi mov si, dx xor edx, edx mov dx, bx cmp byte [ref_0046cafd], 0 ; cmp byte [0x46cafd], 0 je near loc_00418c30 ; je 0x418c30 cmp dword [ref_0048be18], 0 ; cmp dword [0x48be18], 0 je near loc_00418c30 ; je 0x418c30 mov cl, byte [ref_0049715d] ; mov cl, byte [0x49715d] test cl, cl je near loc_00418c30 ; je 0x418c30 cmp esi, 0x1b8 jle near loc_00418c30 ; jle 0x418c30 xor ebx, ebx cmp cl, 1 jne short loc_004188e5 ; jne 0x4188e5 cmp edx, 0x118 jle short loc_004188e5 ; jle 0x4188e5 mov ebx, 1 loc_004188e5: cmp byte [ref_0049715d], 2 ; cmp byte [0x49715d], 2 jne short loc_004188fb ; jne 0x4188fb cmp edx, 0x50 jle short loc_004188fb ; jle 0x4188fb cmp edx, 0x118 jl short loc_00418903 ; jl 0x418903 loc_004188fb: test ebx, ebx je near loc_00418c30 ; je 0x418c30 loc_00418903: xor ebp, ebp mov dword [ref_0048be18], ebp ; mov dword [0x48be18], ebp jmp near loc_00418640 ; jmp 0x418640 loc_00418910: cmp byte [ref_0046cafd], 0 ; cmp byte [0x46cafd], 0 je near loc_00418c30 ; je 0x418c30 xor esi, esi mov si, dx xor edx, edx mov dx, bx cmp byte [ref_0048be29], 0 ; cmp byte [0x48be29], 0 je near loc_00418a73 ; je 0x418a73 cmp byte [ref_0049715d], 1 ; cmp byte [0x49715d], 1 jne short loc_0041895b ; jne 0x41895b cmp esi, 0x1b8 jle short loc_0041895b ; jle 0x41895b cmp edx, 0x118 jle short loc_0041895b ; jle 0x41895b lea ebx, [esi - 0x1b8] lea esi, [edx - 0x118] jmp short loc_0041899b ; jmp 0x41899b loc_0041895b: cmp byte [ref_0049715d], 2 ; cmp byte [0x49715d], 2 jne short loc_00418984 ; jne 0x418984 cmp esi, 0x1b8 jle short loc_00418984 ; jle 0x418984 cmp edx, 0x50 jle short loc_00418984 ; jle 0x418984 cmp edx, 0x118 jge short loc_00418984 ; jge 0x418984 lea ebx, [esi - 0x1b8] lea esi, [edx - 0x50] jmp short loc_0041899b ; jmp 0x41899b loc_00418984: push 1 call fcn_004024a9 ; call 0x4024a9 add esp, 4 xor cl, cl mov byte [ref_0048be29], cl ; mov byte [0x48be29], cl jmp near loc_00418c30 ; jmp 0x418c30 loc_0041899b: cmp byte [ref_0048be29], 0 ; cmp byte [0x48be29], 0 je near loc_00418c30 ; je 0x418c30 mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 0xd mov ebx, eax shl eax, 5 sub eax, ebx mov ebx, eax sar ebx, 0x10 mov eax, esi shl eax, 2 sub eax, esi shl eax, 0xd mov esi, eax shl eax, 5 sub eax, esi mov esi, eax sar esi, 0x10 cmp ebx, dword [ref_0048be1c] ; cmp ebx, dword [0x48be1c] jne short loc_004189e8 ; jne 0x4189e8 cmp esi, dword [ref_0048be20] ; cmp esi, dword [0x48be20] je near loc_00418656 ; je 0x418656 loc_004189e8: mov dword [ref_0048be1c], ebx ; mov dword [0x48be1c], ebx mov dword [ref_0048be20], esi ; mov dword [0x48be20], esi cmp ebx, 0xdc jge short loc_00418a08 ; jge 0x418a08 mov dword [ref_0048be1c], 0xdc ; mov dword [0x48be1c], 0xdc jmp short loc_00418a1a ; jmp 0x418a1a loc_00418a08: cmp ebx, 0x824 jle short loc_00418a1a ; jle 0x418a1a mov dword [ref_0048be1c], 0x824 ; mov dword [0x48be1c], 0x824 loc_00418a1a: mov esi, dword [ref_0048be20] ; mov esi, dword [0x48be20] cmp esi, 0xdc jge short loc_00418a34 ; jge 0x418a34 mov dword [ref_0048be20], 0xdc ; mov dword [0x48be20], 0xdc jmp short loc_00418a46 ; jmp 0x418a46 loc_00418a34: cmp esi, 0x824 jle short loc_00418a46 ; jle 0x418a46 mov dword [ref_0048be20], 0x824 ; mov dword [0x48be20], 0x824 loc_00418a46: push 1 call fcn_00416e6d ; call 0x416e6d add esp, 4 push 1 call fcn_00415e70 ; call 0x415e70 add esp, 4 push 0 call fcn_004024a9 ; call 0x4024a9 add esp, 4 mov dword [ref_0048be18], 1 ; mov dword [0x48be18], 1 jmp near loc_00418c30 ; jmp 0x418c30 loc_00418a73: cmp byte [ref_0048be2a], 0 ; cmp byte [0x48be2a], 0 je near loc_00418b0a ; je 0x418b0a mov edi, dword [ref_0048be2b] ; mov edi, dword [0x48be2b] mov ebx, esi sub ebx, edi mov ebp, dword [ref_0048be2f] ; mov ebp, dword [0x48be2f] mov esi, edx sub esi, ebp cmp ebx, dword [ref_00475284] ; cmp ebx, dword [0x475284] jne short loc_00418aa8 ; jne 0x418aa8 cmp esi, dword [ref_00475288] ; cmp esi, dword [0x475288] je near loc_00418c30 ; je 0x418c30 loc_00418aa8: mov dword [ref_00475284], ebx ; mov dword [0x475284], ebx mov dword [ref_00475288], esi ; mov dword [0x475288], esi test ebx, ebx jge short loc_00418ac0 ; jge 0x418ac0 xor ecx, ecx mov dword [ref_00475284], ecx ; mov dword [0x475284], ecx loc_00418ac0: mov eax, 0x280 sub eax, dword [ref_0048bdd8] ; sub eax, dword [0x48bdd8] cmp eax, dword [ref_00475284] ; cmp eax, dword [0x475284] jge short loc_00418ad8 ; jge 0x418ad8 mov dword [ref_00475284], eax ; mov dword [0x475284], eax loc_00418ad8: cmp dword [ref_00475288], 0 ; cmp dword [0x475288], 0 jge short loc_00418ae9 ; jge 0x418ae9 xor ebp, ebp mov dword [ref_00475288], ebp ; mov dword [0x475288], ebp loc_00418ae9: mov eax, 0x1e0 sub eax, dword [ref_0048bddc] ; sub eax, dword [0x48bddc] cmp eax, dword [ref_00475288] ; cmp eax, dword [0x475288] jge near loc_004182a6 ; jge 0x4182a6 mov dword [ref_00475288], eax ; mov dword [0x475288], eax jmp near loc_004182a6 ; jmp 0x4182a6 loc_00418b0a: cmp esi, 0x1b8 jge short loc_00418b46 ; jge 0x418b46 cmp edx, 0x28 jge short loc_00418b46 ; jge 0x418b46 mov ebx, 0x28 mov eax, esi mov edx, esi sar edx, 0x1f idiv ebx mov ebx, eax cmp eax, dword [ref_0048bde4] ; cmp eax, dword [0x48bde4] je short loc_00418b63 ; je 0x418b63 push 0 push ref_0048231a ; push 0x48231a call fcn_004542ce ; call 0x4542ce add esp, 8 mov dword [ref_0048bde4], ebx ; mov dword [0x48bde4], ebx jmp short loc_00418b59 ; jmp 0x418b59 loc_00418b46: cmp dword [ref_0048bde4], 0xffffffff ; cmp dword [0x48bde4], 0xffffffff je short loc_00418b63 ; je 0x418b63 mov dword [ref_0048bde4], 0xffffffff ; mov dword [0x48bde4], 0xffffffff loc_00418b59: push 1 call fcn_00415d31 ; call 0x415d31 add esp, 4 loc_00418b63: cmp dword [ref_00475270], 0 ; cmp dword [0x475270], 0 je near loc_00418c30 ; je 0x418c30 call fcn_00417c67 ; call 0x417c67 jmp near loc_00418c30 ; jmp 0x418c30 loc_00418b7a: cmp ecx, dword [_callbackSize] ; cmp ecx, dword [0x46cad8] jne near loc_00418c30 ; jne 0x418c30 cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je near loc_00418c30 ; je 0x418c30 cmp byte [ref_0046cafd], 0 ; cmp byte [0x46cafd], 0 je near loc_00418c30 ; je 0x418c30 cmp dword [ref_00475270], 0 ; cmp dword [0x475270], 0 jne near loc_00418c30 ; jne 0x418c30 xor byte [ref_0048bdd4], 1 ; xor byte [0x48bdd4], 1 jmp near loc_004182a6 ; jmp 0x4182a6 loc_00418bb9: push 0 call fcn_00415d31 ; call 0x415d31 add esp, 4 push 0 call fcn_00415e70 ; call 0x415e70 add esp, 4 mov al, byte [ref_0049715d] ; mov al, byte [0x49715d] cmp al, 1 jb short loc_00418bde ; jb 0x418bde jbe short loc_00418bf5 ; jbe 0x418bf5 cmp al, 2 je short loc_00418c08 ; je 0x418c08 jmp short loc_00418c26 ; jmp 0x418c26 loc_00418bde: test al, al jne short loc_00418c26 ; jne 0x418c26 push 0 call fcn_00415f69 ; call 0x415f69 add esp, 4 push 0 call fcn_004169bc ; call 0x4169bc jmp short loc_00418c23 ; jmp 0x418c23 loc_00418bf5: push 0 call fcn_00415f69 ; call 0x415f69 add esp, 4 push 0 call fcn_00416e6d ; call 0x416e6d jmp short loc_00418c23 ; jmp 0x418c23 loc_00418c08: push 0 call fcn_004166f8 ; call 0x4166f8 add esp, 4 push 0 call fcn_00416e6d ; call 0x416e6d add esp, 4 push 0 call fcn_004169bc ; call 0x4169bc loc_00418c23: add esp, 4 loc_00418c26: push 0 push esi call dword [cs:__imp__ValidateRect@8] ; ucall: call dword cs:[0x462340] loc_00418c30: xor eax, eax loc_00418c32: add esp, 0x24 pop ebp pop edi pop esi pop ebx ret 0x10 endloc_00418c3c: db 0x90 ref_00418c3d: ; may contain a jump table dd loc_00418d88 dd loc_00418d99 dd loc_00418dc6 dd loc_00418e7a dd loc_00418e7a dd loc_00418dc6 fcn_00418c55: push ebx push esi push edi push ebp cmp dword [ref_00475114], 0 ; cmp dword [0x475114], 0 je near loc_00418d2a ; je 0x418d2a mov eax, dword [_current_player] ; mov eax, dword [0x49910c] cmp eax, dword [_nplayers] ; cmp eax, dword [0x499114] jge near loc_00418d2a ; jge 0x418d2a push 0 push 0 imul eax, eax, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff add eax, 0x22f push eax mov esi, dword [ref_0048a0e4] ; mov esi, dword [0x48a0e4] push esi call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0xffffffffffffffff push 1 push 0x28 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 mov ecx, dword [ref_00475114] ; mov ecx, dword [0x475114] dec ecx imul eax, ecx, 0x68 xor ebx, ebx mov bx, word [eax + (_players+12)] ; mov bx, word [eax + 0x496b74] mov edx, ebx shl edx, 2 add edx, ebx mov ebx, dword [ref_00498e80] ; mov ebx, dword [0x498e80] mov dx, word [ebx + edx*8] mov word [eax + (_players+8)], dx ; mov word [eax + 0x496b70], dx xor esi, esi mov si, word [eax + (_players+12)] ; mov si, word [eax + 0x496b74] mov edx, esi shl edx, 2 add edx, esi mov dx, word [ebx + edx*8 + 2] mov word [eax + (_players+10)], dx ; mov word [eax + 0x496b72], dx mov dl, byte [eax + (_players+100)] ; mov dl, byte [eax + 0x496bcc] mov byte [eax + (_players+21)], dl ; mov byte [eax + 0x496b7d], dl push ecx call fcn_0040b93b ; call 0x40b93b add esp, 4 xor edi, edi mov dword [ref_00475114], edi ; mov dword [0x475114], edi push 1 push edi push edi call fcn_0041d476 ; call 0x41d476 add esp, 0xc loc_00418d2a: mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] cmp ebp, 4 jge short loc_00418d41 ; jge 0x418d41 imul eax, ebp, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 jne short loc_00418d5f ; jne 0x418d5f loc_00418d41: mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] cmp ecx, 4 jl short loc_00418d6e ; jl 0x418d6e cmp ecx, 8 jge short loc_00418d6e ; jge 0x418d6e mov eax, ecx shl eax, 4 cmp byte [eax + ref_00498df2], 0 ; cmp byte [eax + 0x498df2], 0 jne short loc_00418d6e ; jne 0x418d6e loc_00418d5f: push 1 call fcn_00416e6d ; call 0x416e6d add esp, 4 call fcn_0041d546 ; call 0x41d546 loc_00418d6e: push 0 call fcn_0040c912 ; call 0x40c912 add esp, 4 cmp eax, 5 ja near loc_00418e7a ; ja 0x418e7a jmp dword [eax*4 + ref_00418c3d] ; ujmp: jmp dword [eax*4 + 0x418c3d] loc_00418d88: call fcn_00418e7f ; call 0x418e7f mov byte [ref_0046cafb], 1 ; mov byte [0x46cafb], 1 pop ebp pop edi pop esi pop ebx ret loc_00418d99: call fcn_004196f1 ; call 0x4196f1 mov eax, dword [ref_00475288] ; mov eax, dword [0x475288] add eax, 0x22 push eax mov eax, dword [ref_00475284] ; mov eax, dword [0x475284] add eax, 0x2e push eax call dword [cs:__imp__SetCursorPos@8] ; ucall: call dword cs:[0x46231c] push 1 call fcn_00402460 ; call 0x402460 add esp, 4 pop ebp pop edi pop esi pop ebx ret loc_00418dc6: mov esi, dword [_current_player] ; mov esi, dword [0x49910c] cmp esi, 4 jge near loc_00418e75 ; jge 0x418e75 imul eax, esi, 0x68 test byte [eax + (_players+21)], 0x30 ; test byte [eax + 0x496b7d], 0x30 jne near loc_00418e75 ; jne 0x418e75 push esi call fcn_0042bf03 ; call 0x42bf03 add esp, 4 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_0042c79f ; call 0x42c79f add esp, 4 push 0 call fcn_00436b0a ; call 0x436b0a add esp, 4 cmp byte [ref_0046caf8], 0 ; cmp byte [0x46caf8], 0 jne near loc_00418e7a ; jne 0x418e7a call sales_ui ; call 0x4284be call clib_rand ; call 0x456f2d test al, 1 je short loc_00418e28 ; je 0x418e28 call cards_ui ; call 0x441baa jmp short loc_00418e2d ; jmp 0x418e2d loc_00418e28: call tools_ui ; call 0x447d97 loc_00418e2d: mov edx, dword [_current_player] ; mov edx, dword [0x49910c] imul eax, edx, 0x68 cmp dword [eax + (_players+50)], 0 ; cmp dword [eax + 0x496b9a], 0 jne short loc_00418e51 ; jne 0x418e51 cmp byte [eax + (_players+55)], 0 ; cmp byte [eax + 0x496b9f], 0 jne short loc_00418e51 ; jne 0x418e51 cmp byte [eax + (_players+54)], 0 ; cmp byte [eax + 0x496b9e], 0 je short loc_00418e64 ; je 0x418e64 loc_00418e51: imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 or byte [eax + ref_00498ea0], 0x80 ; or byte [eax + 0x498ea0], 0x80 pop ebp pop edi pop esi pop ebx ret loc_00418e64: imul eax, edx, 0x34 cmp byte [eax + ref_00498ea2], 1 ; cmp byte [eax + 0x498ea2], 1 je short loc_00418e7a ; je 0x418e7a call fcn_004221c0 ; call 0x4221c0 loc_00418e75: call fcn_0040dd1f ; call 0x40dd1f loc_00418e7a: pop ebp pop edi pop esi pop ebx ret fcn_00418e7f: push 1 call fcn_0040c912 ; call 0x40c912 add esp, 4 test eax, eax je short loc_00418ead ; je 0x418ead imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ax, word [eax + (_players+12)] ; mov ax, word [eax + 0x496b74] and eax, 0xffff push eax call fcn_0041982d ; call 0x41982d add esp, 4 mov dl, al jmp short loc_00418eaf ; jmp 0x418eaf loc_00418ead: mov dl, 0x83 loc_00418eaf: imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov byte [eax + ref_00498ea5], dl ; mov byte [eax + 0x498ea5], dl ret fcn_00418ebd: push ebx push esi push ebp xor edx, edx mov dword [ref_0048be18], edx ; mov dword [0x48be18], edx mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] cmp ecx, 8 jne short loc_00418efb ; jne 0x418efb xor eax, eax mov al, byte [ref_00498e70] ; mov al, byte [0x498e70] mov dword [_current_player], eax ; mov dword [0x49910c], eax cmp byte [ref_00498e72], 0 ; cmp byte [0x498e72], 0 jne short loc_00418eef ; jne 0x418eef mov byte [ref_00498e72], 3 ; mov byte [0x498e72], 3 loc_00418eef: push 1 call fcn_00415e70 ; call 0x415e70 jmp near loc_00419055 ; jmp 0x419055 loc_00418efb: cmp ecx, 4 jge near loc_00418f93 ; jge 0x418f93 imul eax, ecx, 0x68 test byte [eax + (_players+21)], 0x30 ; test byte [eax + 0x496b7d], 0x30 je near loc_00418f93 ; je 0x418f93 push 1 call fcn_0041906a ; call 0x41906a add esp, 4 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 test byte [eax + (_players+21)], 0x10 ; test byte [eax + 0x496b7d], 0x10 je short loc_00418f80 ; je 0x418f80 mov bl, byte [eax + (_players+27)] ; mov bl, byte [eax + 0x496b83] and bl, 0xf cmp bl, 0xf je short loc_00418f42 ; je 0x418f42 mov byte [eax + (_players+16)], bl ; mov byte [eax + 0x496b78], bl loc_00418f42: mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] imul eax, ebp, 0x68 mov ax, word [eax + (_players+12)] ; mov ax, word [eax + 0x496b74] and eax, 0xffff push eax push ebp call fcn_0040f381 ; call 0x40f381 add esp, 8 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] imul eax, edx, 0x68 mov ax, word [eax + (_players+12)] ; mov ax, word [eax + 0x496b74] and eax, 0xffff push eax push edx call fcn_00448a7e ; call 0x448a7e add esp, 8 loc_00418f80: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 and byte [eax + (_players+21)], 0xf ; and byte [eax + 0x496b7d], 0xf jmp near loc_00419058 ; jmp 0x419058 loc_00418f93: xor ebx, ebx loc_00418f95: mov esi, dword [_current_player] ; mov esi, dword [0x49910c] inc esi mov dword [_current_player], esi ; mov dword [0x49910c], esi cmp esi, dword [_nplayers] ; cmp esi, dword [0x499114] jne short loc_00418fb6 ; jne 0x418fb6 mov dword [_current_player], 4 ; mov dword [0x49910c], 4 jmp short loc_00418fd4 ; jmp 0x418fd4 loc_00418fb6: cmp esi, 8 jne short loc_00418fca ; jne 0x418fca xor ecx, ecx mov dword [_current_player], ecx ; mov dword [0x49910c], ecx mov ebx, 1 jmp short loc_00418fee ; jmp 0x418fee loc_00418fca: cmp esi, 4 jl short loc_00418fe5 ; jl 0x418fe5 cmp esi, 8 jge short loc_00418fe5 ; jge 0x418fe5 loc_00418fd4: mov eax, dword [_current_player] ; mov eax, dword [0x49910c] shl eax, 4 cmp byte [eax + ref_00498df2], 0 ; cmp byte [eax + 0x498df2], 0 jne short loc_00418f95 ; jne 0x418f95 loc_00418fe5: cmp dword [_current_player], 4 ; cmp dword [0x49910c], 4 jge short loc_00419008 ; jge 0x419008 loc_00418fee: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 jne short loc_00419008 ; jne 0x419008 cmp word [eax + (_players+8)], 0 ; cmp word [eax + 0x496b70], 0 jne short loc_00418f95 ; jne 0x418f95 loc_00419008: cmp byte [ref_0046caff], 0 ; cmp byte [0x46caff], 0 je short loc_0041902a ; je 0x41902a xor cl, cl mov byte [ref_0046caff], cl ; mov byte [0x46caff], cl push 1 call fcn_0041906a ; call 0x41906a add esp, 4 and byte [(_players+21)], 0xfb ; and byte [0x496b7d], 0xfb loc_0041902a: test ebx, ebx je short loc_00419033 ; je 0x419033 call fcn_0041cf67 ; call 0x41cf67 loc_00419033: mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_0041c84f ; call 0x41c84f add esp, 4 test ebx, ebx je short loc_00419058 ; je 0x419058 cmp byte [ref_0049715c], 0 ; cmp byte [0x49715c], 0 je short loc_00419058 ; je 0x419058 push 0 call fcn_00402fd1 ; call 0x402fd1 loc_00419055: add esp, 4 loc_00419058: imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 or byte [eax + ref_00498ea0], 0x80 ; or byte [eax + 0x498ea0], 0x80 pop ebp pop esi pop ebx ret fcn_0041906a: push ebx push esi push edi push ebp push 0 push 0 push 0xf mov edx, dword [_gWindowHandle] ; mov edx, dword [0x48a0d4] push edx call fcn_00417e26 ; call 0x417e26 cmp dword [esp + 0x14], 0 je short loc_004190ca ; je 0x4190ca push 0 call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 push ref_0046cadc ; push 0x46cadc mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] push ebx mov esi, dword [ref_0046cae0] ; mov esi, dword [0x46cae0] push esi mov edi, dword [ref_0046cadc] ; mov edi, dword [0x46cadc] push edi push eax call dword [edx + 0x1c] ; ucall push 0 call fcn_00402250 ; call 0x402250 add esp, 4 xor ebp, ebp mov dword [ref_00475110], ebp ; mov dword [0x475110], ebp loc_004190ca: pop ebp pop edi pop esi pop ebx ret fcn_004190cf: push ebx push esi push edi push ebp mov edx, dword [ref_00475118] ; mov edx, dword [0x475118] test edx, edx jne near loc_00419223 ; jne 0x419223 push edx push edx push edx mov ecx, dword [ref_0048a05c] ; mov ecx, dword [0x48a05c] push ecx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048be0c], eax ; mov dword [0x48be0c], eax push 0 push 0 push 1 mov ebx, dword [ref_0048a05c] ; mov ebx, dword [0x48a05c] push ebx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_00475118], eax ; mov dword [0x475118], eax push 0 push 0 push 2 mov esi, dword [ref_0048a05c] ; mov esi, dword [0x48a05c] push esi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048be10], eax ; mov dword [0x48be10], eax push 0 push 0 push 3 mov edi, dword [ref_0048a05c] ; mov edi, dword [0x48a05c] push edi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048be14], eax ; mov dword [0x48be14], eax push 0 push 0 push 7 mov ebp, dword [ref_0048a05c] ; mov ebp, dword [0x48a05c] push ebp call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048be04], eax ; mov dword [0x48be04], eax push 0 push 0 push 8 mov eax, dword [ref_0048a05c] ; mov eax, dword [0x48a05c] push eax call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048be08], eax ; mov dword [0x48be08], eax xor ebx, ebx loc_0041917b: push 0 push 0 lea eax, [ebx + 4] push eax mov edx, dword [ref_0048a05c] ; mov edx, dword [0x48a05c] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ebx*4 + ref_0048bdf8], eax ; mov dword [ebx*4 + 0x48bdf8], eax inc ebx cmp ebx, 3 jl short loc_0041917b ; jl 0x41917b push 0 push 0 push 0xc8 push 0xc8 call fcn_00451a5a ; call 0x451a5a add esp, 0x10 mov dword [ref_0048bdcc], eax ; mov dword [0x48bdcc], eax push 0 push 0 mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] movsx edx, word [eax + 0xe] push edx movsx eax, word [eax + 0xc] push eax call fcn_00451a5a ; call 0x451a5a add esp, 0x10 mov dword [ref_0048bde0], eax ; mov dword [0x48bde0], eax mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] movsx edx, word [eax + 0x4c] mov ebx, 0xdc sub ebx, edx mov dword [ref_0048bdb8], ebx ; mov dword [0x48bdb8], ebx movsx edx, word [eax + 0x4e] mov ebx, 0x8c sub ebx, edx mov dword [ref_0048bdbc], ebx ; mov dword [0x48bdbc], ebx movsx ebx, word [eax + 0x48] mov edx, dword [ref_0048bdb8] ; mov edx, dword [0x48bdb8] add edx, ebx mov dword [ref_0048bdc0], edx ; mov dword [0x48bdc0], edx movsx edx, word [eax + 0x4a] mov eax, dword [ref_0048bdbc] ; mov eax, dword [0x48bdbc] add eax, edx mov dword [ref_0048bdc4], eax ; mov dword [0x48bdc4], eax loc_00419223: pop ebp pop edi pop esi pop ebx ret fcn_00419228: push ebx push esi push edi push ebp cmp dword [ref_00475118], 0 ; cmp dword [0x475118], 0 je near loc_004192f2 ; je 0x4192f2 mov ecx, dword [ref_0048be0c] ; mov ecx, dword [0x48be0c] push ecx call clib_free ; call 0x456e11 add esp, 4 mov ebx, dword [ref_00475118] ; mov ebx, dword [0x475118] push ebx call clib_free ; call 0x456e11 add esp, 4 mov esi, dword [ref_0048be10] ; mov esi, dword [0x48be10] push esi call clib_free ; call 0x456e11 add esp, 4 mov edi, dword [ref_0048be14] ; mov edi, dword [0x48be14] push edi call clib_free ; call 0x456e11 add esp, 4 mov ebp, dword [ref_0048be04] ; mov ebp, dword [0x48be04] push ebp call clib_free ; call 0x456e11 add esp, 4 mov eax, dword [ref_0048be08] ; mov eax, dword [0x48be08] push eax call clib_free ; call 0x456e11 add esp, 4 xor ebx, ebx loc_00419294: mov edx, dword [ebx*4 + ref_0048bdf8] ; mov edx, dword [ebx*4 + 0x48bdf8] push edx call clib_free ; call 0x456e11 add esp, 4 inc ebx cmp ebx, 3 jl short loc_00419294 ; jl 0x419294 mov ecx, dword [ref_0048bde0] ; mov ecx, dword [0x48bde0] push ecx call clib_free ; call 0x456e11 add esp, 4 mov ebx, dword [ref_0048bdcc] ; mov ebx, dword [0x48bdcc] push ebx call clib_free ; call 0x456e11 add esp, 4 call fcn_004080f5 ; call 0x4080f5 mov esi, dword [ref_0048bdc8] ; mov esi, dword [0x48bdc8] push esi mov edi, dword [_gWindowHandle] ; mov edi, dword [0x48a0d4] push edi call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] xor ah, ah mov byte [ref_0046cafe], ah ; mov byte [0x46cafe], ah xor ebp, ebp mov dword [ref_00475118], ebp ; mov dword [0x475118], ebp loc_004192f2: pop ebp pop edi pop esi pop ebx ret fcn_004192f7: push ebx push esi push edi push ebp sub esp, 0x10 mov eax, dword [ref_00475110] ; mov eax, dword [0x475110] and eax, 0x1f cmp eax, 0x1f jne short loc_00419351 ; jne 0x419351 xor ebx, ebx mov dword [ref_00475110], ebx ; mov dword [0x475110], ebx mov dword [esp + 4], ebx mov dword [esp + 0xc], 0x1e0 mov dword [esp], ebx mov dword [esp + 8], 0x280 mov eax, esp push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx push ebx push ebx jmp near loc_00415f2d ; jmp 0x415f2d loc_00419351: mov ah, byte [ref_00475110] ; mov ah, byte [0x475110] test ah, 1 je short loc_004193be ; je 0x4193be mov dl, ah and dl, 0xfe mov byte [ref_00475110], dl ; mov byte [0x475110], dl xor edx, edx mov dword [esp + 4], edx mov dword [esp + 0xc], 0x28 xor ebx, ebx mov dword [esp], edx mov dword [esp + 8], 0x1b8 mov eax, esp push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov edi, dword [ref_0048a0e0] ; mov edi, dword [0x48a0e0] push edi push ebx push ebx push eax call dword [edx + 0x1c] ; ucall mov eax, esp push eax call fcn_004174cd ; call 0x4174cd add esp, 4 mov eax, esp push eax call fcn_00402250 ; call 0x402250 add esp, 4 loc_004193be: mov dh, byte [ref_00475110] ; mov dh, byte [0x475110] test dh, 2 je short loc_0041942f ; je 0x41942f mov bl, dh and bl, 0xfd mov byte [ref_00475110], bl ; mov byte [0x475110], bl mov ebp, 0x28 mov dword [esp + 4], ebp mov dword [esp + 0xc], 0x1e0 xor edx, edx mov dword [esp], edx mov dword [esp + 8], 0x1b8 mov eax, esp push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] push ebx push ebp push 0 push eax call dword [edx + 0x1c] ; ucall mov eax, esp push eax call fcn_004174cd ; call 0x4174cd add esp, 4 mov eax, esp push eax call fcn_00402250 ; call 0x402250 add esp, 4 loc_0041942f: mov bh, byte [ref_00475110] ; mov bh, byte [0x475110] test bh, 4 je short loc_0041949f ; je 0x41949f mov cl, bh and cl, 0xfb mov byte [ref_00475110], cl ; mov byte [0x475110], cl xor esi, esi mov dword [esp + 4], esi mov dword [esp + 0xc], 0x50 mov ebp, 0x1b8 mov dword [esp], ebp mov dword [esp + 8], 0x280 mov eax, esp push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx push esi push ebp push eax call dword [edx + 0x1c] ; ucall mov eax, esp push eax call fcn_004174cd ; call 0x4174cd add esp, 4 mov eax, esp push eax call fcn_00402250 ; call 0x402250 add esp, 4 loc_0041949f: mov ch, byte [ref_00475110] ; mov ch, byte [0x475110] test ch, 8 je short loc_00419510 ; je 0x419510 mov al, ch and al, 0xf7 mov byte [ref_00475110], al ; mov byte [0x475110], al mov ebx, 0x50 mov dword [esp + 4], ebx mov dword [esp + 0xc], 0x118 mov edi, 0x1b8 mov dword [esp], edi mov dword [esp + 8], 0x280 mov eax, esp push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx push ebx push edi push eax call dword [edx + 0x1c] ; ucall mov eax, esp push eax call fcn_004174cd ; call 0x4174cd add esp, 4 mov eax, esp push eax call fcn_00402250 ; call 0x402250 add esp, 4 loc_00419510: mov ah, byte [ref_00475110] ; mov ah, byte [0x475110] test ah, 0x10 je near loc_00415f47 ; je 0x415f47 mov dl, ah and dl, 0xef mov byte [ref_00475110], dl ; mov byte [0x475110], dl mov ebx, 0x118 mov dword [esp + 4], ebx mov dword [esp + 0xc], 0x1e0 mov edi, 0x1b8 mov dword [esp], edi mov dword [esp + 8], 0x280 mov eax, esp push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx push ebx push edi jmp near loc_00415f2d ; jmp 0x415f2d fcn_00419572: push ebx push esi push edi push ebp sub esp, 0x1c imul esi, dword [_current_player], 0x68 ; imul esi, dword [0x49910c], 0x68 movzx esi, byte [esi + (_players+18)] ; movzx esi, byte [esi + 0x496b7a] mov ecx, dword [esp + 0x30] test ecx, ecx jne short loc_004195ae ; jne 0x4195ae xor ebx, ebx loc_00419591: cmp ebx, esi jge short loc_004195b7 ; jge 0x4195b7 call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 6 sar edx, 0x1f idiv ecx inc edx mov dword [esp + ebx*4 + 0x10], edx inc ebx jmp short loc_00419591 ; jmp 0x419591 loc_004195ae: mov esi, 1 mov dword [esp + 0x10], ecx loc_004195b7: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor edx, edx mov dl, byte [eax + (_players+16)] ; mov dl, byte [eax + 0x496b78] mov eax, 8 sub eax, dword [ref_00499088] ; sub eax, dword [0x499088] add eax, edx and eax, 7 mov edi, dword [eax*8 + ref_00475224] ; mov edi, dword [eax*8 + 0x475224] add edi, 0x88 mov ebp, dword [eax*8 + ref_00475228] ; mov ebp, dword [eax*8 + 0x475228] add ebp, 0x30 push 0 push ref_0048235a ; push 0x48235a call fcn_00450cda ; call 0x450cda add esp, 8 push 0xffffffffffffffff xor eax, eax mov al, byte [ref_00497158] ; mov al, byte [0x497158] mov eax, dword [eax*4 + ref_00475264] ; mov eax, dword [eax*4 + 0x475264] shl eax, 4 inc eax or eax, 0x1e000000 push eax push ebp push edi mov edx, dword [esi*4 + ref_0048bdf4] ; mov edx, dword [esi*4 + 0x48bdf4] push edx call fcn_0045144f ; call 0x45144f add esp, 0x14 push 0 push ref_0048235a ; push 0x48235a call fcn_004542ce ; call 0x4542ce add esp, 8 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall xor ebx, ebx loc_0041964f: cmp ebx, esi jge short loc_00419685 ; jge 0x419685 lea eax, [ebp + 0x91] push eax lea eax, [edi + 0x55] push eax mov eax, ebx shl eax, 2 sub eax, ebx add eax, eax add eax, dword [esp + ebx*4 + 0x18] dec eax push eax mov ecx, dword [ref_0048be14] ; mov ecx, dword [0x48be14] push ecx mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045663e ; call 0x45663e add esp, 0x14 inc ebx jmp short loc_0041964f ; jmp 0x41964f loc_00419685: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov dword [esp], edi mov dword [esp + 4], ebp lea eax, [edi + 0xbd] mov dword [esp + 8], eax lea eax, [ebp + 0x11d] mov dword [esp + 0xc], eax mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx push ebp push edi push eax call dword [edx + 0x1c] ; ucall xor ebx, ebx xor edi, edi loc_004196cf: cmp ebx, esi jge short loc_004196da ; jge 0x4196da add edi, dword [esp + ebx*4 + 0x10] inc ebx jmp short loc_004196cf ; jmp 0x4196cf loc_004196da: push 0x1f4 call fcn_0045285e ; call 0x45285e add esp, 4 mov eax, edi add esp, 0x1c pop ebp pop edi pop esi pop ebx ret fcn_004196f1: mov byte [ref_0046cafd], 1 ; mov byte [0x46cafd], 1 push 1 loc_004196fa: call fcn_00417191 ; call 0x417191 add esp, 4 ret fcn_00419703: xor ah, ah mov byte [ref_0046cafd], ah ; mov byte [0x46cafd], ah push 0 jmp short loc_004196fa ; jmp 0x4196fa fcn_0041970f: push ebx push esi mov esi, dword [esp + 0xc] mov edx, 1 xor ecx, ecx mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] loc_00419721: add eax, 0x34 cmp edx, dword [ref_00498e98] ; cmp edx, dword [0x498e98] jg short loc_0041973f ; jg 0x41973f cmp byte [eax + 0x18], 0 je short loc_0041973c ; je 0x41973c xor ebx, ebx mov bl, byte [eax + 0x19] cmp ebx, esi jne short loc_0041973c ; jne 0x41973c inc ecx loc_0041973c: inc edx jmp short loc_00419721 ; jmp 0x419721 loc_0041973f: mov eax, ecx pop esi pop ebx ret fcn_00419744: push ebx push esi push edi push ebp mov ebp, dword [esp + 0x14] xor edi, edi cmp dword [esp + 0x18], 0 je short loc_004197a5 ; je 0x4197a5 mov esi, 1 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] loc_00419760: add ebx, 0x34 cmp esi, dword [ref_00498e98] ; cmp esi, dword [0x498e98] jg near loc_004197d8 ; jg 0x4197d8 cmp byte [ebx + 0x18], 0 jne short loc_004197a2 ; jne 0x4197a2 xor eax, eax mov al, byte [ebx + 0x19] cmp eax, ebp jne short loc_004197a2 ; jne 0x4197a2 mov edx, dword [esp + 0x18] push edx lea eax, [ebx + 4] push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne short loc_004197a2 ; jne 0x4197a2 mov al, byte [ebx + 0x1a] mov ax, word [ebx + eax*2 + 0x20] and eax, 0xffff add edi, eax loc_004197a2: inc esi jmp short loc_00419760 ; jmp 0x419760 loc_004197a5: mov esi, 1 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] add ebx, 0x34 mov ecx, dword [ref_00498e98] ; mov ecx, dword [0x498e98] loc_004197b9: cmp esi, ecx jg short loc_004197d8 ; jg 0x4197d8 cmp byte [ebx + 0x18], 0 je short loc_004197d2 ; je 0x4197d2 xor eax, eax mov al, byte [ebx + 0x19] cmp eax, ebp jne short loc_004197d2 ; jne 0x4197d2 add edi, 0x7d0 loc_004197d2: inc esi add ebx, 0x34 jmp short loc_004197b9 ; jmp 0x4197b9 loc_004197d8: mov ecx, dword [ref_004990e8] ; mov ecx, dword [0x4990e8] mov eax, edi imul eax, ecx pop ebp pop edi pop esi pop ebx ret endloc_004197e8: db 0x90 ref_004197e9: ; may contain a jump table dd loc_004198b9 dd loc_0041b3d0 dd loc_0041b11e dd loc_0041b128 dd loc_0041b132 dd loc_0041b13c dd loc_0041b146 dd loc_0041b15e dd loc_0041b16c dd loc_0041b17a dd loc_0041b184 dd loc_0041b21e dd loc_0041b2a3 dd loc_0041b302 dd loc_0041b396 dd loc_0041b3b9 dd loc_0041b3cb fcn_0041982d: push ebx push esi push edi push ebp sub esp, 0xf8 mov edx, dword [esp + 0x10c] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 mov edx, dword [ref_00498e80] ; mov edx, dword [0x498e80] add eax, edx mov dx, word [eax + 0x20] mov dword [esp + 0xf0], edx mov ebx, dword [eax + 0x24] and ebx, 0xff mov byte [esp + 0xf4], 0x80 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+55)], 0 ; cmp byte [eax + 0x496b9f], 0 je short loc_00419884 ; je 0x419884 test ebx, ebx jne near loc_0041b3d0 ; jne 0x41b3d0 loc_00419884: cmp ebx, 2 jb short loc_004198a9 ; jb 0x4198a9 cmp ebx, 0x10 ja short loc_004198a9 ; ja 0x4198a9 push 0 xor eax, eax mov al, byte [ebx + ref_00475299] ; mov al, byte [ebx + 0x475299] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542ce ; call 0x4542ce add esp, 8 loc_004198a9: cmp ebx, 0x10 ja near loc_0041b3d0 ; ja 0x41b3d0 jmp dword [ebx*4 + ref_004197e9] ; ujmp: jmp dword [ebx*4 + 0x4197e9] loc_004198b9: mov ebx, dword [esp + 0xf0] test bx, bx je near loc_0041b3d0 ; je 0x41b3d0 cmp bx, 0x7d0 jbe near loc_0041a168 ; jbe 0x41a168 cmp bx, 0xfa0 jae near loc_0041a168 ; jae 0x41a168 xor eax, eax mov ax, bx sub eax, 0x7d0 imul eax, eax, 0x34 mov esi, dword [ref_00498e84] ; mov esi, dword [0x498e84] add esi, eax mov ch, byte [esi + 0x19] test ch, ch je near loc_0041a013 ; je 0x41a013 xor edx, edx mov dl, ch mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edx, eax jne near loc_00419a67 ; jne 0x419a67 cmp byte [esi + 0x1a], 5 jae near loc_0041b077 ; jae 0x41b077 cmp byte [esi + 0x18], 0 jne near loc_0041b077 ; jne 0x41b077 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+55)], 0 ; cmp byte [eax + 0x496b9f], 0 jne near loc_0041b077 ; jne 0x41b077 movzx ebp, word [esi + 0x1e] imul ebp, dword [ref_004990e8] ; imul ebp, dword [0x4990e8] imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp ebp, dword [eax + (_players+28)] ; cmp ebp, dword [eax + 0x496b84] jg near loc_00419a52 ; jg 0x419a52 push ebp lea eax, [esi + 4] push eax mov eax, ref_0046396d ; mov eax, 0x46396d push eax lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 test byte [eax + (_players+21)], 6 ; test byte [eax + 0x496b7d], 6 jne short loc_004199a7 ; jne 0x4199a7 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne near loc_0041b077 ; jne 0x41b077 mov eax, esp push eax call fcn_00440ba8 ; call 0x440ba8 add esp, 4 cmp eax, 1 jne near loc_0041b077 ; jne 0x41b077 loc_004199a7: mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_0040fa61 ; call 0x40fa61 add esp, 4 test eax, eax jne near loc_0041b077 ; jne 0x41b077 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 sub dword [eax + (_players+28)], ebp ; sub dword [eax + 0x496b84], ebp push 1 push 0 push 0 inc byte [esi + 0x1a] call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0 push ref_004823da ; push 0x4823da call fcn_004542ce ; call 0x4542ce add esp, 8 cmp byte [esi + 0x1a], 5 jne short loc_00419a2b ; jne 0x419a2b loc_004199f1: mov esi, dword [_current_player] ; mov esi, dword [0x49910c] imul eax, esi, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov edi, dword [edx + eax*8 + ref_00480886] ; mov edi, dword [edx + eax*8 + 0x480886] push edi push 0 push esi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc call fcn_0040b0cd ; call 0x40b0cd jmp near loc_0041b077 ; jmp 0x41b077 loc_00419a2b: push 1 add esi, 4 push esi call fcn_0044f627 ; call 0x44f627 add esp, 8 loc_00419a39: mov ecx, dword [esp + 0x10c] push ecx mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx loc_00419a48: call fcn_0040f8be ; call 0x40f8be jmp near loc_0041b074 ; jmp 0x41b074 loc_00419a52: push 0x5dc mov eax, ref_0046398b ; mov eax, 0x46398b push eax loc_00419a5d: call fcn_00440cac ; call 0x440cac jmp near loc_0041b074 ; jmp 0x41b074 loc_00419a67: push 0 push ref_004823ea ; push 0x4823ea call fcn_004542ce ; call 0x4542ce add esp, 8 mov edx, dword [ref_0047517c] ; mov edx, dword [0x47517c] push edx xor eax, eax mov al, byte [esi + 0x17] push eax xor eax, eax mov al, byte [esi + 0x19] dec eax push eax call fcn_0041d559 ; call 0x41d559 add esp, 0xc cmp eax, 1 jne near loc_0041b077 ; jne 0x41b077 xor eax, eax mov al, byte [esi + 0x19] dec eax imul eax, eax, 0x68 mov al, byte [eax + (_players+65)] ; mov al, byte [eax + 0x496ba9] and eax, 0xff mov dword [esp + 0xe4], eax cmp byte [esi + 0x18], 0 jne short loc_00419ade ; jne 0x419ade lea eax, [esi + 4] push eax xor eax, eax mov al, byte [esi + 0x19] push eax call fcn_00419744 ; call 0x419744 add esp, 8 mov ebp, eax lea eax, [esi + 4] push eax mov ebx, dword [esp + 0xe8] push ebx jmp short loc_00419afa ; jmp 0x419afa loc_00419ade: push 0 xor eax, eax mov al, byte [esi + 0x19] push eax call fcn_00419744 ; call 0x419744 add esp, 8 mov ebp, eax push 0 mov ecx, dword [esp + 0xe8] push ecx loc_00419afa: call fcn_00419744 ; call 0x419744 add esp, 8 mov dword [esp + 0xcc], eax cmp byte [esi + 0x17], 0 je short loc_00419b11 ; je 0x419b11 add ebp, ebp loc_00419b11: push 1 call fcn_00409b18 ; call 0x409b18 add esp, 4 mov edi, 1 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] add ebx, 0x34 xor eax, eax mov dword [esp + 0xe8], eax loc_00419b32: cmp edi, dword [ref_00498e98] ; cmp edi, dword [0x498e98] jg near loc_00419c79 ; jg 0x419c79 mov eax, dword [esp + 0xe8] inc eax mov dword [esp + 0xdc], eax lea eax, [edi + 0x7d0] mov dword [esp + 0xd8], eax cmp byte [esi + 0x18], 0 jne near loc_00419bf4 ; jne 0x419bf4 mov al, byte [ebx + 0x19] cmp al, byte [esi + 0x19] jne short loc_00419bb4 ; jne 0x419bb4 cmp byte [ebx + 0x18], 0 jne short loc_00419bb4 ; jne 0x419bb4 lea eax, [ebx + 4] push eax lea eax, [esi + 4] push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne short loc_00419bb4 ; jne 0x419bb4 push 0xffff mov ecx, dword [esp + 0xdc] push ecx push 0x2f440 mov eax, dword [ref_00474938] ; mov eax, dword [0x474938] push eax call fcn_00456c0a ; call 0x456c0a add esp, 0x10 mov eax, dword [esp + 0xdc] mov dword [esp + 0xe8], eax loc_00419bb4: mov edx, dword [esp + 0xe4] test edx, edx je near loc_00419c70 ; je 0x419c70 xor eax, eax mov al, byte [ebx + 0x19] cmp eax, edx jne near loc_00419c70 ; jne 0x419c70 cmp byte [ebx + 0x18], 0 jne near loc_00419c70 ; jne 0x419c70 lea eax, [ebx + 4] push eax lea eax, [esi + 4] push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne near loc_00419c70 ; jne 0x419c70 jmp short loc_00419c4a ; jmp 0x419c4a loc_00419bf4: mov al, byte [ebx + 0x19] cmp al, byte [esi + 0x19] jne short loc_00419c30 ; jne 0x419c30 cmp byte [ebx + 0x18], 0 je short loc_00419c30 ; je 0x419c30 push 0xffff mov ecx, dword [esp + 0xdc] push ecx push 0x2f440 mov eax, dword [ref_00474938] ; mov eax, dword [0x474938] push eax call fcn_00456c0a ; call 0x456c0a add esp, 0x10 mov eax, dword [esp + 0xdc] mov dword [esp + 0xe8], eax loc_00419c30: mov edx, dword [esp + 0xe4] test edx, edx je short loc_00419c70 ; je 0x419c70 xor eax, eax mov al, byte [ebx + 0x19] cmp eax, edx jne short loc_00419c70 ; jne 0x419c70 cmp byte [ebx + 0x18], 0 je short loc_00419c70 ; je 0x419c70 loc_00419c4a: push 0xffff lea eax, [edi + 0x7d0] push eax push 0x2f440 mov eax, dword [ref_00474938] ; mov eax, dword [0x474938] push eax call fcn_00456c0a ; call 0x456c0a add esp, 0x10 inc dword [esp + 0xe8] loc_00419c70: inc edi add ebx, 0x34 jmp near loc_00419b32 ; jmp 0x419b32 loc_00419c79: cmp dword [esp + 0xe8], 1 jle short loc_00419c88 ; jle 0x419c88 call fcn_00451985 ; call 0x451985 loc_00419c88: xor eax, eax mov al, byte [esi + 0x19] dec eax imul eax, eax, 0x68 mov ecx, dword [eax + (_players+0)] ; mov ecx, dword [eax + 0x496b68] push ecx lea eax, [esp + 0xac] push eax call fcn_00452946 ; call 0x452946 add esp, 8 lea ebx, [esi + 4] mov edi, dword [esp + 0xe4] test edi, edi je short loc_00419d2e ; je 0x419d2e mov edx, dword [esp + 0xcc] add ebp, edx mov dword [esp + 0xec], edx fild dword [esp + 0xec] mov dword [esp + 0xec], ebp fild dword [esp + 0xec] fdivp st1 ; fdivp st(1) fstp dword [esp + 0xc4] lea eax, [edi - 1] imul eax, eax, 0x68 mov ecx, dword [eax + (_players+0)] ; mov ecx, dword [eax + 0x496b68] push ecx lea eax, [esp + 0x98] push eax call fcn_00452946 ; call 0x452946 add esp, 8 mov edi, dword [ref_0047517c] ; mov edi, dword [0x47517c] push edi push ebp lea eax, [esp + 0x9c] push eax lea eax, [esp + 0xb4] push eax push ebx push ref_0046399a ; push 0x46399a lea eax, [esp + 0x18] push eax call fcn_00457110 ; call 0x457110 add esp, 0x1c jmp short loc_00419d50 ; jmp 0x419d50 loc_00419d2e: mov eax, dword [ref_0047517c] ; mov eax, dword [0x47517c] push eax push ebp lea eax, [esp + 0xb0] push eax push ebx push ref_004639b3 ; push 0x4639b3 lea eax, [esp + 0x14] push eax call fcn_00457110 ; call 0x457110 add esp, 0x18 loc_00419d50: push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 push ebp mov ebp, dword [ref_0047517c] ; mov ebp, dword [0x47517c] push ebp mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_0041d709 ; call 0x41d709 mov edx, eax add esp, 0xc mov ebp, eax test eax, eax je near loc_0041b077 ; je 0x41b077 cmp dword [esp + 0xe4], 0 je short loc_00419dda ; je 0x419dda mov edi, dword [esp + 0xcc] sub edx, edi mov ecx, 0x64 mov eax, edx sar edx, 0x1f idiv ecx push eax xor eax, eax mov al, byte [esi + 0x19] dec eax push eax mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_0040df69 ; call 0x40df69 add esp, 0xc mov ecx, 0x64 mov eax, edi mov edx, edi sar edx, 0x1f idiv ecx push eax mov eax, dword [esp + 0xe8] dec eax push eax mov edx, dword [_current_player] ; mov edx, dword [0x49910c] push edx jmp short loc_00419df3 ; jmp 0x419df3 loc_00419dda: mov ecx, 0x64 sar edx, 0x1f idiv ecx push eax xor eax, eax mov al, byte [esi + 0x19] dec eax push eax mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx loc_00419df3: call fcn_0040df69 ; call 0x40df69 add esp, 0xc mov edi, dword [_current_player] ; mov edi, dword [0x49910c] mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 4 mov edx, eax shl eax, 2 add eax, edx cmp ebp, eax jge short loc_00419e34 ; jge 0x419e34 imul eax, edi, 0x68 mov edx, dword [eax + (_players+28)] ; mov edx, dword [eax + 0x496b84] add edx, dword [eax + (_players+32)] ; add edx, dword [eax + 0x496b88] cmp ebp, edx jle short loc_00419e67 ; jle 0x419e67 loc_00419e34: push 0x14 mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_004413ad ; call 0x4413ad add esp, 8 cmp eax, 1 jne short loc_00419e67 ; jne 0x419e67 push ebp xor eax, eax mov al, byte [esi + 0x19] dec eax push eax mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_00444a60 ; call 0x444a60 add esp, 0xc cmp eax, 1 jne short loc_00419e67 ; jne 0x419e67 xor ebp, ebp loc_00419e67: mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 4 mov edx, eax shl eax, 2 add eax, edx cmp ebp, eax jge short loc_00419e9a ; jge 0x419e9a imul eax, edi, 0x68 mov edx, dword [eax + (_players+28)] ; mov edx, dword [eax + 0x496b84] add edx, dword [eax + (_players+32)] ; add edx, dword [eax + 0x496b88] cmp ebp, edx jle short loc_00419ec7 ; jle 0x419ec7 loc_00419e9a: push 0x13 mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_004413ad ; call 0x4413ad add esp, 8 cmp eax, 1 jne short loc_00419ec7 ; jne 0x419ec7 push ebp push eax mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_0044476a ; call 0x44476a add esp, 0xc cmp eax, 0xffffffff je short loc_00419ec7 ; je 0x419ec7 mov edi, eax loc_00419ec7: test ebp, ebp je short loc_00419f2a ; je 0x419f2a push edi call fcn_0040fbb8 ; call 0x40fbb8 mov ebx, eax add esp, 4 cmp eax, 0xffffffff je short loc_00419f2a ; je 0x419f2a imul eax, eax, 0x68 mov edx, dword [eax + (_players+0)] ; mov edx, dword [eax + 0x496b68] push edx lea eax, [esp + 0xac] push eax call fcn_00452946 ; call 0x452946 add esp, 8 mov ecx, dword [ref_0047517c] ; mov ecx, dword [0x47517c] push ecx lea eax, [esp + 0xac] push eax push ref_004639cc ; push 0x4639cc lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 mov edi, ebx loc_00419f2a: xor eax, eax mov al, byte [esi + 0x19] dec eax cmp edi, eax je near loc_0041b077 ; je 0x41b077 mov edx, dword [esp + 0xe4] dec edx cmp edi, edx je near loc_0041b077 ; je 0x41b077 cmp dword [esp + 0xe4], 0 je near loc_00419fcf ; je 0x419fcf push ebp push eax push edi call fcn_0044f4ed ; call 0x44f4ed add esp, 0xc test eax, eax jne short loc_00419f6f ; jne 0x419f6f push ebp push edi call fcn_0044f42d ; call 0x44f42d add esp, 8 loc_00419f6f: mov dword [esp + 0xec], ebp fild dword [esp + 0xec] fmul dword [esp + 0xc4] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0xcc] mov ebx, ebp sub ebx, dword [esp + 0xcc] push ebx xor eax, eax mov al, byte [esi + 0x19] dec eax push eax call fcn_0044f354 ; call 0x44f354 add esp, 8 push 0 push ebx xor eax, eax mov al, byte [esi + 0x19] dec eax push eax push edi call fcn_0041d2c6 ; call 0x41d2c6 add esp, 0x10 push 0 mov edx, dword [esp + 0xd0] push edx mov eax, dword [esp + 0xec] jmp short loc_0041a000 ; jmp 0x41a000 loc_00419fcf: push ebp push eax push edi call fcn_0044f4ed ; call 0x44f4ed add esp, 0xc test eax, eax jne short loc_00419fe8 ; jne 0x419fe8 push ebp push edi call fcn_0044f42d ; call 0x44f42d add esp, 8 loc_00419fe8: push ebp xor eax, eax mov al, byte [esi + 0x19] dec eax push eax call fcn_0044f354 ; call 0x44f354 add esp, 8 push 0 push ebp xor eax, eax mov al, byte [esi + 0x19] loc_0041a000: dec eax push eax push edi call fcn_0041d2c6 ; call 0x41d2c6 add esp, 0x10 mov dword [esi + 0x2c], ebp jmp near loc_0041b077 ; jmp 0x41b077 loc_0041a013: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+55)], 0 ; cmp byte [eax + 0x496b9f], 0 jne near loc_0041b077 ; jne 0x41b077 cmp byte [eax + (_players+63)], 0xc ; cmp byte [eax + 0x496ba7], 0xc je near loc_0041b077 ; je 0x41b077 xor ecx, ecx mov cl, byte [esi + 0x1a] xor edx, edx mov dx, word [esi + 0x1e] imul edx, ecx xor ecx, ecx mov cx, word [esi + 0x1c] add edx, ecx mov ebp, dword [ref_004990e8] ; mov ebp, dword [0x4990e8] imul ebp, edx cmp ebp, dword [eax + (_players+28)] ; cmp ebp, dword [eax + 0x496b84] jg near loc_0041a159 ; jg 0x41a159 push ebp lea eax, [esi + 4] push eax push ref_004639e1 ; push 0x4639e1 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 xor edi, edi imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 test byte [eax + (_players+21)], 6 ; test byte [eax + 0x496b7d], 6 je short loc_0041a098 ; je 0x41a098 push ebp call fcn_0041d7d4 ; call 0x41d7d4 add esp, 4 cmp eax, 1 jne short loc_0041a098 ; jne 0x41a098 mov edi, eax loc_0041a098: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_0041a0b8 ; jne 0x41a0b8 mov eax, esp push eax call fcn_00440ba8 ; call 0x440ba8 add esp, 4 cmp eax, 1 je short loc_0041a0c0 ; je 0x41a0c0 loc_0041a0b8: test edi, edi je near loc_0041b077 ; je 0x41b077 loc_0041a0c0: mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi call fcn_0040fa61 ; call 0x40fa61 add esp, 4 test eax, eax jne near loc_0041b077 ; jne 0x41b077 mov al, byte [_current_player] ; mov al, byte [0x49910c] inc al mov byte [esi + 0x19], al push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0 push ref_004823d2 ; push 0x4823d2 call fcn_004542ce ; call 0x4542ce add esp, 8 push 0 call fcn_0040a4e1 ; call 0x40a4e1 add esp, 4 mov eax, dword [ref_00499110] ; mov eax, dword [0x499110] test eax, eax je short loc_0041a12b ; je 0x41a12b mov edx, dword [eax*4 + ref_004751f0] ; mov edx, dword [eax*4 + 0x4751f0] push edx mov ecx, dword [ref_00497160] ; mov ecx, dword [0x497160] push ecx call fcn_004521cb ; call 0x4521cb add esp, 8 mov dword [esi + 0x30], eax loc_0041a12b: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 sub dword [eax + (_players+28)], ebp ; sub dword [eax + 0x496b84], ebp push 0 add esi, 4 push esi call fcn_0044f627 ; call 0x44f627 add esp, 8 mov ebp, dword [esp + 0x10c] push ebp mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax jmp near loc_00419a48 ; jmp 0x419a48 loc_0041a159: push 0x5dc push ref_0046398b ; push 0x46398b jmp near loc_00419a5d ; jmp 0x419a5d loc_0041a168: mov edi, dword [esp + 0xf0] cmp di, 0xfa0 jbe near loc_0041a998 ; jbe 0x41a998 cmp di, 0x1770 jae near loc_0041a998 ; jae 0x41a998 xor eax, eax mov ax, di sub eax, 0xfa0 shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] add edx, eax mov dword [esp + 0xe0], edx lea edi, [edx + 4] imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov edx, dword [esp + 0xe0] cmp byte [edx + 0x19], 0 je near loc_0041a86b ; je 0x41a86b xor edx, edx mov ecx, dword [esp + 0xe0] mov dl, byte [ecx + 0x19] mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] inc ecx cmp edx, ecx jne near loc_0041a370 ; jne 0x41a370 cmp byte [eax + (_players+55)], 0 ; cmp byte [eax + 0x496b9f], 0 jne near loc_0041b077 ; jne 0x41b077 mov edx, dword [esp + 0xe0] cmp byte [edx + 0x1a], 0 jne near loc_0041a2b3 ; jne 0x41a2b3 movzx ebp, word [edx + 0x22] imul ebp, dword [ref_004990e8] ; imul ebp, dword [0x4990e8] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] imul eax, edx, 0x68 cmp ebp, dword [eax + (_players+28)] ; cmp ebp, dword [eax + 0x496b84] jg near loc_00419a52 ; jg 0x419a52 imul eax, edx, 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_0041a23e ; jne 0x41a23e push 0 call fcn_00440aac ; call 0x440aac add esp, 4 mov edx, dword [esp + 0xe0] mov byte [edx + 0x18], al jmp short loc_0041a25a ; jmp 0x41a25a loc_0041a23e: call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 4 sar edx, 0x1f idiv ecx inc edx mov eax, dword [esp + 0xe0] mov byte [eax + 0x18], dl loc_0041a25a: mov esi, dword [_current_player] ; mov esi, dword [0x49910c] push esi call fcn_0040fa61 ; call 0x40fa61 add esp, 4 test eax, eax jne near loc_0041b077 ; jne 0x41b077 push 1 push eax push eax mov eax, dword [esp + 0xec] inc byte [eax + 0x1a] call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0 push ref_004823da ; push 0x4823da call fcn_004542ce ; call 0x4542ce add esp, 8 mov edi, dword [_current_player] ; mov edi, dword [0x49910c] imul eax, edi, 0x68 sub dword [eax + (_players+28)], ebp ; sub dword [eax + 0x496b84], ebp mov ecx, dword [esp + 0x10c] push ecx push edi jmp near loc_00419a48 ; jmp 0x419a48 loc_0041a2b3: xor edx, edx mov ecx, dword [esp + 0xe0] mov dl, byte [ecx + 0x18] mov bl, byte [ecx + 0x1a] cmp bl, byte [edx + ref_00474940] ; cmp bl, byte [edx + 0x474940] jae near loc_0041b077 ; jae 0x41b077 mov ebp, dword [esp + 0xe0] movzx ebp, word [ebp + 0x24] imul ebp, dword [ref_004990e8] ; imul ebp, dword [0x4990e8] cmp ebp, dword [eax + (_players+28)] ; cmp ebp, dword [eax + 0x496b84] jg near loc_0041a159 ; jg 0x41a159 push ebp push edi push ref_0046396d ; push 0x46396d lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ch, byte [eax + (_players+21)] ; mov ch, byte [eax + 0x496b7d] test ch, 6 jne short loc_0041a32f ; jne 0x41a32f cmp ch, 1 jne near loc_0041b077 ; jne 0x41b077 mov eax, esp push eax call fcn_00440ba8 ; call 0x440ba8 add esp, 4 cmp eax, 1 jne near loc_0041b077 ; jne 0x41b077 loc_0041a32f: mov esi, dword [_current_player] ; mov esi, dword [0x49910c] push esi call fcn_0040fa61 ; call 0x40fa61 add esp, 4 test eax, eax jne near loc_0041b077 ; jne 0x41b077 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 sub dword [eax + (_players+28)], ebp ; sub dword [eax + 0x496b84], ebp mov eax, dword [esp + 0xe0] mov dh, byte [eax + 0x1a] inc dh mov byte [eax + 0x1a], dh cmp dh, 5 je near loc_004199f1 ; je 0x4199f1 jmp near loc_00419a39 ; jmp 0x419a39 loc_0041a370: mov eax, dword [esp + 0xe0] cmp byte [eax + 0x1a], 0 je near loc_0041b077 ; je 0x41b077 mov ch, byte [eax + 0x18] test ch, ch jbe near loc_0041b077 ; jbe 0x41b077 cmp ch, 4 jae near loc_0041b077 ; jae 0x41b077 push 0 push ref_004823ea ; push 0x4823ea call fcn_004542ce ; call 0x4542ce add esp, 8 xor eax, eax mov edx, dword [esp + 0xe0] mov al, byte [edx + 0x18] movzx esi, byte [eax + ref_0047528b] ; movzx esi, byte [eax + 0x47528b] mov esi, dword [esi*4 + ref_0047517c] ; mov esi, dword [esi*4 + 0x47517c] push esi xor eax, eax mov al, byte [edx + 0x1c] push eax xor eax, eax mov al, byte [edx + 0x19] dec eax push eax call fcn_0041d559 ; call 0x41d559 add esp, 0xc cmp eax, 1 jne near loc_0041b077 ; jne 0x41b077 xor eax, eax mov edx, dword [esp + 0xe0] mov al, byte [edx + 0x19] dec eax imul eax, eax, 0x68 mov edi, dword [eax + (_players+0)] ; mov edi, dword [eax + 0x496b68] push edi lea eax, [esp + 0xac] push eax call fcn_00452946 ; call 0x452946 add esp, 8 mov eax, dword [esp + 0xe0] mov al, byte [eax + 0x18] cmp al, 2 jb short loc_0041a421 ; jb 0x41a421 jbe short loc_0041a485 ; jbe 0x41a485 cmp al, 3 je near loc_0041a4db ; je 0x41a4db jmp near loc_0041a581 ; jmp 0x41a581 loc_0041a421: cmp al, 1 jne near loc_0041a581 ; jne 0x41a581 xor eax, eax mov edx, dword [esp + 0xe0] mov al, byte [edx + 0x1a] add eax, eax add eax, edx xor ebx, ebx mov bx, word [eax + 0x24] imul ebx, dword [ref_004990e8] ; imul ebx, dword [0x4990e8] cmp byte [edx + 0x1c], 0 je short loc_0041a44e ; je 0x41a44e add ebx, ebx loc_0041a44e: lea eax, [esp + 0xa8] push eax push 1 call fcn_0044090e ; call 0x44090e add esp, 8 mov dword [esp + 0xd0], eax mov ebp, eax imul ebp, ebx push ebp push eax push ref_004639ff ; push 0x4639ff lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 jmp near loc_0041a56f ; jmp 0x41a56f loc_0041a485: xor eax, eax mov edx, dword [esp + 0xe0] mov al, byte [edx + 0x1a] add eax, eax add eax, edx xor ebx, ebx mov bx, word [eax + 0x24] imul ebx, dword [ref_004990e8] ; imul ebx, dword [0x4990e8] cmp byte [edx + 0x1c], 0 je short loc_0041a4aa ; je 0x41a4aa add ebx, ebx loc_0041a4aa: lea eax, [esp + 0xa8] push eax push 2 call fcn_0044090e ; call 0x44090e add esp, 8 mov ebp, eax imul ebp, ebx push ebp push eax push ebx push ref_00463a14 ; push 0x463a14 lea eax, [esp + 0x10] push eax call fcn_00457110 ; call 0x457110 add esp, 0x14 jmp near loc_0041a56f ; jmp 0x41a56f loc_0041a4db: xor ebp, ebp imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov dh, byte [eax + (_players+17)] ; mov dh, byte [eax + 0x496b79] test dh, 3 je near loc_0041a581 ; je 0x41a581 mov al, dh and al, 3 xor ecx, ecx mov cl, al dec ecx mov eax, 1 shl eax, cl mov dword [esp + 0xd4], eax mov edx, eax shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 2 mov edx, eax shl eax, 2 add eax, edx mov ebp, dword [ref_0048bafc] ; mov ebp, dword [0x48bafc] imul ebp, eax imul ebp, dword [ref_004990e8] ; imul ebp, dword [0x4990e8] push ref_0046385e ; push 0x46385e lea eax, [esp + 0x84] push eax call fcn_00457d96 ; call 0x457d96 add esp, 8 mov ebx, dword [ref_00475184] ; mov ebx, dword [0x475184] push ebx push ebp lea eax, [esp + 0xb0] push eax lea eax, [esp + 0x8c] push eax push ref_00463a31 ; push 0x463a31 lea eax, [esp + 0x14] push eax call fcn_00457110 ; call 0x457110 add esp, 0x18 loc_0041a56f: push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 loc_0041a581: push ebp push esi mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_0041d709 ; call 0x41d709 mov ebx, eax add esp, 0xc mov ebp, eax test eax, eax je near loc_0041b077 ; je 0x41b077 mov ecx, 0x64 mov edx, eax sar edx, 0x1f idiv ecx push eax xor eax, eax mov edx, dword [esp + 0xe4] mov al, byte [edx + 0x19] dec eax push eax mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi call fcn_0040df69 ; call 0x40df69 add esp, 0xc mov edi, dword [_current_player] ; mov edi, dword [0x49910c] mov eax, dword [esp + 0xe0] cmp byte [eax + 0x18], 1 je short loc_0041a63d ; je 0x41a63d mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 4 mov edx, eax shl eax, 2 add eax, edx cmp ebx, eax jge short loc_0041a60e ; jge 0x41a60e imul eax, edi, 0x68 mov edx, dword [eax + (_players+28)] ; mov edx, dword [eax + 0x496b84] add edx, dword [eax + (_players+32)] ; add edx, dword [eax + 0x496b88] cmp ebx, edx jle short loc_0041a63d ; jle 0x41a63d loc_0041a60e: push 0x14 push edi call fcn_004413ad ; call 0x4413ad add esp, 8 cmp eax, 1 jne short loc_0041a63d ; jne 0x41a63d push ebp xor eax, eax mov edx, dword [esp + 0xe4] mov al, byte [edx + 0x19] dec eax push eax push edi call fcn_00444a60 ; call 0x444a60 add esp, 0xc cmp eax, 1 jne short loc_0041a63d ; jne 0x41a63d xor ebp, ebp loc_0041a63d: mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 4 mov edx, eax shl eax, 2 add eax, edx cmp ebp, eax jge short loc_0041a670 ; jge 0x41a670 imul eax, edi, 0x68 mov edx, dword [eax + (_players+28)] ; mov edx, dword [eax + 0x496b84] add edx, dword [eax + (_players+32)] ; add edx, dword [eax + 0x496b88] cmp ebp, edx jle short loc_0041a692 ; jle 0x41a692 loc_0041a670: push 0x13 push edi call fcn_004413ad ; call 0x4413ad add esp, 8 cmp eax, 1 jne short loc_0041a692 ; jne 0x41a692 push ebp push eax push edi call fcn_0044476a ; call 0x44476a add esp, 0xc cmp eax, 0xffffffff je short loc_0041a692 ; je 0x41a692 mov edi, eax loc_0041a692: test ebp, ebp jne short loc_0041a6a3 ; jne 0x41a6a3 mov eax, dword [esp + 0xe0] cmp byte [eax + 0x18], 1 jne short loc_0041a6fc ; jne 0x41a6fc loc_0041a6a3: push edi call fcn_0040fbb8 ; call 0x40fbb8 mov ebx, eax add esp, 4 cmp eax, 0xffffffff je short loc_0041a6fc ; je 0x41a6fc imul eax, eax, 0x68 mov edi, dword [eax + (_players+0)] ; mov edi, dword [eax + 0x496b68] push edi lea eax, [esp + 0xac] push eax call fcn_00452946 ; call 0x452946 add esp, 8 push esi lea eax, [esp + 0xac] push eax push ref_004639cc ; push 0x4639cc lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 mov edi, ebx loc_0041a6fc: xor eax, eax mov edx, dword [esp + 0xe0] mov al, byte [edx + 0x19] dec eax cmp edi, eax je short loc_0041a761 ; je 0x41a761 push ebp push eax push edi call fcn_0044f4ed ; call 0x44f4ed add esp, 0xc test eax, eax jne short loc_0041a726 ; jne 0x41a726 push ebp push edi call fcn_0044f42d ; call 0x44f42d add esp, 8 loc_0041a726: push ebp xor eax, eax mov edx, dword [esp + 0xe4] mov al, byte [edx + 0x19] dec eax push eax call fcn_0044f354 ; call 0x44f354 add esp, 8 push 0 push ebp xor eax, eax mov edx, dword [esp + 0xe8] mov al, byte [edx + 0x19] dec eax push eax push edi call fcn_0041d2c6 ; call 0x41d2c6 add esp, 0x10 mov eax, dword [esp + 0xe0] mov dword [eax + 0x30], ebp loc_0041a761: mov eax, dword [esp + 0xe0] cmp byte [eax + 0x18], 1 jne near loc_0041b077 ; jne 0x41b077 imul eax, edi, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je near loc_0041b077 ; je 0x41b077 cmp byte [ref_0046caf8], 0 ; cmp byte [0x46caf8], 0 jne near loc_0041b077 ; jne 0x41b077 mov edx, dword [esp + 0xd0] mov eax, edx shl eax, 2 add eax, edx shl eax, 2 imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] push eax xor eax, eax mov edx, dword [esp + 0xe4] mov al, byte [edx + 0x19] dec eax push eax mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_0040df69 ; call 0x40df69 add esp, 0xc push edi call fcn_0040d761 ; call 0x40d761 add esp, 4 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] cmp edi, edx jne short loc_0041a7e8 ; jne 0x41a7e8 mov ecx, dword [esp + 0xd0] push ecx push edx call fcn_0044f2c2 ; call 0x44f2c2 add esp, 8 loc_0041a7e8: mov dl, byte [esp + 0xd0] dec dl imul eax, edi, 0x68 mov byte [eax + (_players+50)], dl ; mov byte [eax + 0x496b9a], dl test dl, dl jne short loc_0041a805 ; jne 0x41a805 mov byte [eax + (_players+50)], 0x80 ; mov byte [eax + 0x496b9a], 0x80 loc_0041a805: push 0 mov edx, dword [esp + 0xd4] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 4 mov edx, eax shl eax, 2 add eax, edx imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] push eax push edi call fcn_0044ba63 ; call 0x44ba63 add esp, 0xc imul eax, edi, 0x68 mov dl, byte [esp + 0xd0] add byte [eax + (_players+66)], dl ; add byte [eax + 0x496baa], dl xor eax, eax mov ax, word [esp + 0xf0] sub eax, 0xfa0 push eax mov ebp, dword [esp + 0x110] push ebp push edi call fcn_0040d5a5 ; call 0x40d5a5 add esp, 0xc jmp near loc_0041b077 ; jmp 0x41b077 loc_0041a86b: cmp byte [eax + (_players+55)], 0 ; cmp byte [eax + 0x496b9f], 0 jne near loc_0041b077 ; jne 0x41b077 cmp byte [eax + (_players+63)], 0xc ; cmp byte [eax + 0x496ba7], 0xc je near loc_0041b077 ; je 0x41b077 mov ebp, dword [esp + 0xe0] movzx ebp, word [ebp + 0x22] imul ebp, dword [ref_004990e8] ; imul ebp, dword [0x4990e8] cmp ebp, dword [eax + (_players+28)] ; cmp ebp, dword [eax + 0x496b84] jg near loc_0041a159 ; jg 0x41a159 push ebp push edi push ref_004639e1 ; push 0x4639e1 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 xor edi, edi imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 test byte [eax + (_players+21)], 6 ; test byte [eax + 0x496b7d], 6 je short loc_0041a8d9 ; je 0x41a8d9 push ebp call fcn_0041d7d4 ; call 0x41d7d4 add esp, 4 cmp eax, 1 jne short loc_0041a8d9 ; jne 0x41a8d9 mov edi, eax loc_0041a8d9: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_0041a8f9 ; jne 0x41a8f9 mov eax, esp push eax call fcn_00440ba8 ; call 0x440ba8 add esp, 4 cmp eax, 1 je short loc_0041a901 ; je 0x41a901 loc_0041a8f9: test edi, edi je near loc_0041b077 ; je 0x41b077 loc_0041a901: mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_0040fa61 ; call 0x40fa61 add esp, 4 test eax, eax jne near loc_0041b077 ; jne 0x41b077 mov al, byte [_current_player] ; mov al, byte [0x49910c] inc al mov edx, dword [esp + 0xe0] mov byte [edx + 0x19], al push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0 push ref_004823d2 ; push 0x4823d2 call fcn_004542ce ; call 0x4542ce add esp, 8 push 0 call fcn_0040a4e1 ; call 0x40a4e1 add esp, 4 mov ebx, dword [ref_00499110] ; mov ebx, dword [0x499110] test ebx, ebx je short loc_0041a97b ; je 0x41a97b mov esi, dword [ebx*4 + ref_004751f0] ; mov esi, dword [ebx*4 + 0x4751f0] push esi mov edi, dword [ref_00497160] ; mov edi, dword [0x497160] push edi call fcn_004521cb ; call 0x4521cb add esp, 8 mov edx, dword [esp + 0xe0] mov dword [edx + 0x34], eax loc_0041a97b: mov edx, dword [_current_player] ; mov edx, dword [0x49910c] imul eax, edx, 0x68 sub dword [eax + (_players+28)], ebp ; sub dword [eax + 0x496b84], ebp mov ebx, dword [esp + 0x10c] push ebx push edx jmp near loc_00419a48 ; jmp 0x419a48 loc_0041a998: mov edx, dword [esp + 0xf0] cmp dx, 0x1770 jbe near loc_0041b077 ; jbe 0x41b077 cmp dx, 0x1f40 jae near loc_0041b077 ; jae 0x41b077 xor eax, eax mov ax, dx sub eax, 0x1770 imul eax, eax, 0x34 mov ebx, dword [ref_00498e7c] ; mov ebx, dword [0x498e7c] add ebx, eax xor eax, eax mov al, byte [ebx + 0x18] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] inc edx lea edi, [ebx + 4] imul esi, dword [_current_player], 0x68 ; imul esi, dword [0x49910c], 0x68 cmp eax, edx jne near loc_0041ab6d ; jne 0x41ab6d mov al, byte [ebx + 0x1a] cmp al, 4 jb near loc_0041b067 ; jb 0x41b067 jbe short loc_0041a9fe ; jbe 0x41a9fe cmp al, 0xb je short loc_0041aa3c ; je 0x41aa3c jmp near loc_0041b067 ; jmp 0x41b067 loc_0041a9fe: push edi push 3 call fcn_0044090e ; call 0x44090e add esp, 8 mov dword [esp + 0xd4], eax imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov dl, byte [esp + 0xd4] mov dh, byte [eax + (_players+62)] ; mov dh, byte [eax + 0x496ba6] add dh, dl mov byte [eax + (_players+62)], dh ; mov byte [eax + 0x496ba6], dh mov cl, dh and cl, 0x7f mov byte [eax + (_players+62)], cl ; mov byte [eax + 0x496ba6], cl jmp near loc_0041b067 ; jmp 0x41b067 loc_0041aa3c: cmp byte [esi + (_players+21)], 1 ; cmp byte [esi + 0x496b7d], 1 jne short loc_0041aa76 ; jne 0x41aa76 push edi push ref_00463a4a ; push 0x463a4a lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 push 0x2090086 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_0041aa82 ; jmp 0x41aa82 loc_0041aa76: mov esi, dword [_current_player] ; mov esi, dword [0x49910c] push esi call fcn_0040b455 ; call 0x40b455 loc_0041aa82: add esp, 4 mov dword [esp + 0xd4], eax mov edi, dword [esp + 0xd4] test edi, edi je near loc_0041b062 ; je 0x41b062 lea eax, [esp + 0xc0] push eax lea eax, [esp + 0xc0] push eax push edi call fcn_0040af12 ; call 0x40af12 add esp, 0xc push 0 push 0 push 0x229 mov eax, dword [ref_0048a0e4] ; mov eax, dword [0x48a0e4] push eax call fcn_00450441 ; call 0x450441 add esp, 0x10 mov esi, eax push 0 mov edx, dword [esp + 0xc4] push edx mov ecx, dword [esp + 0xc4] push ecx call fcn_0041d476 ; call 0x41d476 add esp, 0xc push edi call fcn_0040b110 ; call 0x40b110 add esp, 4 mov dword [esp + 0xbc], eax test al, 0x80 jne short loc_0041ab04 ; jne 0x41ab04 push edi call fcn_0040b110 ; call 0x40b110 add esp, 4 loc_0041ab04: push 0x5b push 0x2c0001 push 0x28 push 0 push esi call fcn_0045144f ; call 0x45144f add esp, 0x14 push esi call clib_free ; call 0x456e11 add esp, 4 test byte [esp + 0xbc], 0x80 je near loc_0041b062 ; je 0x41b062 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov ecx, dword [edx + eax*8 + ref_00480886] ; mov ecx, dword [edx + eax*8 + 0x480886] push ecx push 0 mov esi, dword [_current_player] ; mov esi, dword [0x49910c] push esi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc call fcn_0040b0cd ; call 0x40b0cd jmp near loc_0041b062 ; jmp 0x41b062 loc_0041ab6d: test al, al je near loc_0041b067 ; je 0x41b067 cmp eax, edx je near loc_0041b067 ; je 0x41b067 xor ebp, ebp mov al, byte [ebx + 0x1a] cmp al, 5 jb short loc_0041abb0 ; jb 0x41abb0 jbe near loc_0041ac8c ; jbe 0x41ac8c cmp al, 0xb jb short loc_0041aba3 ; jb 0x41aba3 jbe near loc_0041acd1 ; jbe 0x41acd1 cmp al, 0xc je near loc_0041ae21 ; je 0x41ae21 jmp near loc_0041ae37 ; jmp 0x41ae37 loc_0041aba3: cmp al, 6 je near loc_0041ac8c ; je 0x41ac8c jmp near loc_0041ae37 ; jmp 0x41ae37 loc_0041abb0: cmp al, 3 jb short loc_0041abbb ; jb 0x41abbb jbe short loc_0041ac2c ; jbe 0x41ac2c jmp near loc_0041ac3c ; jmp 0x41ac3c loc_0041abbb: cmp al, 1 jne near loc_0041ae37 ; jne 0x41ae37 push edi push ebp call fcn_0044090e ; call 0x44090e add esp, 8 mov dword [esp + 0xd0], eax test eax, eax je short loc_0041abe6 ; je 0x41abe6 xor edx, edx mov dx, word [ebx + 0x22] loc_0041abde: imul eax, edx jmp near loc_0041ae2e ; jmp 0x41ae2e loc_0041abe6: push 0x5dc push ref_00463a5f ; push 0x463a5f call fcn_00440cac ; call 0x440cac add esp, 8 mov esi, dword [_current_player] ; mov esi, dword [0x49910c] imul eax, esi, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov edi, dword [edx + eax*8 + ref_00480852] ; mov edi, dword [edx + eax*8 + 0x480852] push edi push ebp push esi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc jmp near loc_0041ae37 ; jmp 0x41ae37 loc_0041ac2c: movzx ebp, word [ebx + 0x22] imul ebp, dword [ref_004990e4] ; imul ebp, dword [0x4990e4] jmp near loc_0041ae37 ; jmp 0x41ae37 loc_0041ac3c: push edi push 3 call fcn_0044090e ; call 0x44090e add esp, 8 mov dword [esp + 0xd4], eax xor edx, edx mov dx, word [ebx + 0x22] imul eax, edx mov ebp, dword [ref_004990e8] ; mov ebp, dword [0x4990e8] imul ebp, eax imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov dl, byte [esp + 0xd4] mov dh, byte [eax + (_players+62)] ; mov dh, byte [eax + 0x496ba6] add dh, dl mov byte [eax + (_players+62)], dh ; mov byte [eax + 0x496ba6], dh mov cl, dh and cl, 0x7f mov byte [eax + (_players+62)], cl ; mov byte [eax + 0x496ba6], cl jmp near loc_0041ae37 ; jmp 0x41ae37 loc_0041ac8c: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov dl, byte [eax + (_players+17)] ; mov dl, byte [eax + 0x496b79] test dl, dl je near loc_0041ae37 ; je 0x41ae37 mov al, dl and al, 3 xor ecx, ecx mov cl, al dec ecx mov eax, 1 shl eax, cl mov dword [esp + 0xd4], eax xor eax, eax mov ax, word [ebx + 0x22] mov edx, dword [esp + 0xd4] imul edx, dword [ref_0048bafc] ; imul edx, dword [0x48bafc] jmp near loc_0041abde ; jmp 0x41abde loc_0041acd1: cmp byte [esi + (_players+21)], 1 ; cmp byte [esi + 0x496b7d], 1 jne short loc_0041ad0b ; jne 0x41ad0b push edi push ref_00463a4a ; push 0x463a4a lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 push 0x2090086 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_0041ad17 ; jmp 0x41ad17 loc_0041ad0b: mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi call fcn_0040b455 ; call 0x40b455 loc_0041ad17: add esp, 4 mov dword [esp + 0xd4], eax mov ebp, dword [esp + 0xd4] test ebp, ebp je near loc_0041adff ; je 0x41adff lea eax, [esp + 0xc0] push eax lea eax, [esp + 0xc0] push eax push ebp call fcn_0040af12 ; call 0x40af12 add esp, 0xc push 0 push 0 push 0x229 mov edx, dword [ref_0048a0e4] ; mov edx, dword [0x48a0e4] push edx call fcn_00450441 ; call 0x450441 mov esi, eax add esp, 0x10 push 0 mov ecx, dword [esp + 0xc4] push ecx mov edi, dword [esp + 0xc4] push edi call fcn_0041d476 ; call 0x41d476 add esp, 0xc push ebp call fcn_0040b110 ; call 0x40b110 add esp, 4 mov dword [esp + 0xbc], eax push 0x5b push 0x2c0001 push 0x28 push 0 push esi call fcn_0045144f ; call 0x45144f add esp, 0x14 push esi call clib_free ; call 0x456e11 add esp, 4 test byte [esp + 0xbc], 0x80 je short loc_0041adb9 ; je 0x41adb9 call fcn_0040b0cd ; call 0x40b0cd loc_0041adb9: mov eax, dword [esp + 0xd4] cmp eax, 0xfa0 jge short loc_0041ade3 ; jge 0x41ade3 sub eax, 0x7d0 imul eax, eax, 0x34 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] movzx ebp, word [edx + eax + 0x1c] loc_0041adda: imul ebp, dword [ref_004990e8] ; imul ebp, dword [0x4990e8] jmp short loc_0041ae1a ; jmp 0x41ae1a loc_0041ade3: sub eax, 0xfa0 shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] movzx ebp, word [edx + eax + 0x22] jmp short loc_0041adda ; jmp 0x41adda loc_0041adff: mov eax, dword [ref_004990e8] ; mov eax, dword [0x4990e8] mov ebp, eax shl ebp, 2 sub ebp, eax shl ebp, 3 add ebp, eax shl ebp, 3 mov eax, ebp shl ebp, 2 add ebp, eax loc_0041ae1a: call fcn_0041d546 ; call 0x41d546 jmp short loc_0041ae37 ; jmp 0x41ae37 loc_0041ae21: xor eax, eax mov ax, word [ebx + 0x22] imul eax, dword [ref_0048bafc] ; imul eax, dword [0x48bafc] loc_0041ae2e: mov ebp, dword [ref_004990e8] ; mov ebp, dword [0x4990e8] imul ebp, eax loc_0041ae37: test ebp, ebp je near loc_0041b067 ; je 0x41b067 xor eax, eax mov al, byte [ebx + 0x18] dec eax imul eax, eax, 0x68 mov edx, dword [eax + (_players+0)] ; mov edx, dword [eax + 0x496b68] push edx lea eax, [esp + 0xac] push eax call fcn_00452946 ; call 0x452946 add esp, 8 xor eax, eax mov al, byte [ebx + 0x1a] movzx esi, byte [eax + ref_0047528e] ; movzx esi, byte [eax + 0x47528e] mov esi, dword [esi*4 + ref_0047517c] ; mov esi, dword [esi*4 + 0x47517c] lea eax, [ebx + 4] cmp byte [ebx + 0x1a], 0xc jne short loc_0041ae8d ; jne 0x41ae8d push esi push ebp lea edx, [esp + 0xb0] push edx push eax push ref_00463a6a ; push 0x463a6a jmp short loc_0041ae9d ; jmp 0x41ae9d loc_0041ae8d: push esi push ebp lea edx, [esp + 0xb0] push edx push eax push ref_00463a31 ; push 0x463a31 loc_0041ae9d: lea eax, [esp + 0x14] push eax call fcn_00457110 ; call 0x457110 add esp, 0x18 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 push ebp push esi mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_0041d709 ; call 0x41d709 mov ecx, eax add esp, 0xc mov ebp, eax mov edi, dword [_current_player] ; mov edi, dword [0x49910c] mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 4 mov edx, eax shl eax, 2 add eax, edx cmp ecx, eax jge short loc_0041af0c ; jge 0x41af0c imul eax, edi, 0x68 mov edx, dword [eax + (_players+28)] ; mov edx, dword [eax + 0x496b84] mov eax, dword [eax + (_players+32)] ; mov eax, dword [eax + 0x496b88] add edx, eax cmp ecx, edx jle short loc_0041af2f ; jle 0x41af2f loc_0041af0c: push 0x14 push edi call fcn_004413ad ; call 0x4413ad add esp, 8 cmp eax, 1 jne short loc_0041af2f ; jne 0x41af2f push ebp push 0xffffffffffffffff push edi call fcn_00444a60 ; call 0x444a60 add esp, 0xc cmp eax, 1 jne short loc_0041af2f ; jne 0x41af2f xor ebp, ebp loc_0041af2f: mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 4 mov edx, eax shl eax, 2 add eax, edx cmp ebp, eax jge short loc_0041af62 ; jge 0x41af62 imul eax, edi, 0x68 mov edx, dword [eax + (_players+28)] ; mov edx, dword [eax + 0x496b84] add edx, dword [eax + (_players+32)] ; add edx, dword [eax + 0x496b88] cmp ebp, edx jle short loc_0041af84 ; jle 0x41af84 loc_0041af62: push 0x13 push edi call fcn_004413ad ; call 0x4413ad add esp, 8 cmp eax, 1 jne short loc_0041af84 ; jne 0x41af84 push ebp push eax push edi call fcn_0044476a ; call 0x44476a add esp, 0xc cmp eax, 0xffffffff je short loc_0041af84 ; je 0x41af84 mov edi, eax loc_0041af84: test ebp, ebp jne short loc_0041af98 ; jne 0x41af98 cmp byte [ebx + 0x1a], 1 jne short loc_0041affb ; jne 0x41affb cmp dword [esp + 0xd0], 0 je short loc_0041affb ; je 0x41affb loc_0041af98: push edi call fcn_0040fbb8 ; call 0x40fbb8 mov dword [esp + 0xcc], eax add esp, 4 cmp eax, 0xffffffff je short loc_0041affb ; je 0x41affb imul eax, eax, 0x68 mov edi, dword [eax + (_players+0)] ; mov edi, dword [eax + 0x496b68] push edi lea eax, [esp + 0xac] push eax call fcn_00452946 ; call 0x452946 add esp, 8 push esi lea eax, [esp + 0xac] push eax push ref_004639cc ; push 0x4639cc lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 mov edi, dword [esp + 0xc8] loc_0041affb: mov eax, dword [_current_player] ; mov eax, dword [0x49910c] cmp edi, eax jne short loc_0041b00e ; jne 0x41b00e push ebp push eax call fcn_0044f42d ; call 0x44f42d add esp, 8 loc_0041b00e: push 0 push ebp xor eax, eax mov ax, word [esp + 0xf8] sub eax, 0x170c push eax push edi call fcn_0041d2c6 ; call 0x41d2c6 add esp, 0x10 cmp byte [ebx + 0x1a], 1 jne short loc_0041b062 ; jne 0x41b062 cmp dword [esp + 0xd0], 0 je short loc_0041b062 ; je 0x41b062 imul eax, edi, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_0041b062 ; je 0x41b062 cmp byte [ref_0046caf8], 0 ; cmp byte [0x46caf8], 0 jne short loc_0041b062 ; jne 0x41b062 push 0 mov ecx, dword [esp + 0xd4] push ecx push edi call fcn_0040d375 ; call 0x40d375 add esp, 0xc loc_0041b062: call fcn_0041d546 ; call 0x41d546 loc_0041b067: push ebx mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp call fcn_0041d1a9 ; call 0x41d1a9 loc_0041b074: add esp, 8 loc_0041b077: mov ecx, dword [esp + 0x10c] push ecx mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_0040f381 ; call 0x40f381 add esp, 8 mov esi, dword [esp + 0x10c] push esi mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi call fcn_00448a7e ; call 0x448a7e add esp, 8 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov ecx, dword [esp + 0xf0] cmp cx, 0xfa0 jbe short loc_0041b111 ; jbe 0x41b111 cmp cx, 0x1770 jae short loc_0041b111 ; jae 0x41b111 xor eax, eax mov edx, dword [esp + 0xe0] mov al, byte [edx + 0x19] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] inc edx cmp eax, edx jne short loc_0041b111 ; jne 0x41b111 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+55)], 0 ; cmp byte [eax + 0x496b9f], 0 jne short loc_0041b111 ; jne 0x41b111 mov eax, dword [esp + 0xe0] cmp byte [eax + 0x18], 4 jne short loc_0041b111 ; jne 0x41b111 cmp byte [eax + 0x1a], 0 je short loc_0041b111 ; je 0x41b111 test byte [eax + 0x1c], 0xf jne short loc_0041b111 ; jne 0x41b111 push eax call fcn_0044101d ; call 0x44101d add esp, 4 loc_0041b111: mov byte [esp + 0xf4], 0x88 jmp near loc_0041b3d0 ; jmp 0x41b3d0 loc_0041b11e: call fcn_0044b6df ; call 0x44b6df jmp near loc_0041b3d0 ; jmp 0x41b3d0 loc_0041b128: call fcn_0044db81 ; call 0x44db81 jmp near loc_0041b3d0 ; jmp 0x41b3d0 loc_0041b132: call fcn_0043d304 ; call 0x43d304 jmp near loc_0041b3d0 ; jmp 0x41b3d0 loc_0041b13c: call fcn_0043e9a4 ; call 0x43e9a4 jmp near loc_0041b3d0 ; jmp 0x41b3d0 loc_0041b146: imul ebx, dword [_current_player], 0x68 ; imul ebx, dword [0x49910c], 0x68 call fcn_00415215 ; call 0x415215 loc_0041b152: add word [ebx + (_players+48)], ax ; add word [ebx + 0x496b98], ax jmp near loc_0041b3d0 ; jmp 0x41b3d0 loc_0041b15e: imul ebx, dword [_current_player], 0x68 ; imul ebx, dword [0x49910c], 0x68 call fcn_004154dc ; call 0x4154dc jmp short loc_0041b152 ; jmp 0x41b152 loc_0041b16c: imul ebx, dword [_current_player], 0x68 ; imul ebx, dword [0x49910c], 0x68 call fcn_004155fc ; call 0x4155fc jmp short loc_0041b152 ; jmp 0x41b152 loc_0041b17a: call fcn_004315cc ; call 0x4315cc jmp near loc_0041b3d0 ; jmp 0x41b3d0 loc_0041b184: push 0 push 0 push 0x219 mov ebp, dword [ref_0048a0e4] ; mov ebp, dword [0x48a0e4] push ebp call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x62 push 1 push 0xb4 push 0xcc push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 push 0x3e8 push ref_00463a81 ; push 0x463a81 call fcn_00440cac ; call 0x440cac add esp, 8 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 add word [eax + (_players+48)], 0x32 ; add word [eax + 0x496b98], 0x32 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov ebx, eax shl ebx, 3 add ebx, eax call clib_rand ; call 0x456f2d and eax, 1 mov ecx, dword [ebx + eax*4 + ref_0048084a] ; mov ecx, dword [ebx + eax*4 + 0x48084a] push ecx push 0 mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx loc_0041b211: call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc jmp near loc_0041b3d0 ; jmp 0x41b3d0 loc_0041b21e: push 0 push 0 push 0x219 mov ecx, dword [ref_0048a0e4] ; mov ecx, dword [0x48a0e4] push ecx call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x62 push 1 push 0xb4 push 0xcc push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 push 0x3e8 push ref_00463a8e ; push 0x463a8e call fcn_00440cac ; call 0x440cac add esp, 8 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 add word [eax + (_players+48)], 0x1e ; add word [eax + 0x496b98], 0x1e xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov esi, dword [edx + eax*8 + ref_00480852] ; mov esi, dword [edx + eax*8 + 0x480852] push esi push 0 mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi jmp near loc_0041b211 ; jmp 0x41b211 loc_0041b2a3: push 0 push 0 push 0x219 mov eax, dword [ref_0048a0e4] ; mov eax, dword [0x48a0e4] push eax call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x62 push 1 push 0xb4 push 0xcc push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 push 0x3e8 push ref_00463a9b ; push 0x463a9b call fcn_00440cac ; call 0x440cac add esp, 8 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 add word [eax + (_players+48)], 0xa ; add word [eax + 0x496b98], 0xa jmp near loc_0041b3d0 ; jmp 0x41b3d0 loc_0041b302: push 0 push 0 push 0x218 mov ecx, dword [ref_0048a0e4] ; mov ecx, dword [0x48a0e4] push ecx call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x63 push 1 push 0xb4 push 0xd0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_00441e12 ; call 0x441e12 mov ebx, eax add esp, 4 test eax, eax je near loc_0041b3d0 ; je 0x41b3d0 mov edi, dword [eax*8 + (_card_table - 8)] ; mov edi, dword [eax*8 + 0x47fdea] push edi push ref_00463aa8 ; push 0x463aa8 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov eax, esp push eax push ebx call fcn_00441f73 ; call 0x441f73 add esp, 8 xor eax, eax mov al, byte [ebx*8 + (_card_table - 3)] ; mov al, byte [ebx*8 + 0x47fdef] push eax mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp call fcn_0044f230 ; call 0x44f230 add esp, 8 jmp short loc_0041b3d0 ; jmp 0x41b3d0 loc_0041b396: call fcn_004379c9 ; call 0x4379c9 cmp byte [ref_0046caf8], 0 ; cmp byte [0x46caf8], 0 jne short loc_0041b3d0 ; jne 0x41b3d0 xor eax, eax mov ax, word [esp + 0xf0] push eax call fcn_00436668 ; call 0x436668 loc_0041b3b4: add esp, 4 jmp short loc_0041b3d0 ; jmp 0x41b3d0 loc_0041b3b9: xor eax, eax mov ax, word [esp + 0xf0] push eax call fcn_0042e931 ; call 0x42e931 jmp short loc_0041b3b4 ; jmp 0x41b3b4 loc_0041b3cb: call fcn_0043380a ; call 0x43380a loc_0041b3d0: xor eax, eax mov al, byte [esp + 0xf4] add esp, 0xf8 pop ebp pop edi pop esi pop ebx ret endloc_0041b3e4: db 0x90 ref_0041b3e5: ; may contain a jump table dd loc_0041b807 dd loc_0041b807 dd loc_0041b807 dd loc_0041b807 dd loc_0041b807 dd loc_0041b807 dd loc_0041b807 dd loc_0041b807 dd loc_0041b807 dd loc_0041b807 dd loc_0041b837 dd loc_0041b807 dd loc_0041b8f9 dd loc_0041bb0c dd loc_0041c164 dd loc_0041bceb dd loc_0041be5f dd loc_0041bfd2 fcn_0041b42d: push ebx push esi push edi push ebp sub esp, 0xa8 cmp dword [ref_0048baf8], 0 ; cmp dword [0x48baf8], 0 jne short loc_0041b456 ; jne 0x41b456 mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542e9 ; call 0x4542e9 add esp, 4 loc_0041b456: mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] cmp ecx, 4 jge short loc_0041b46d ; jge 0x41b46d imul esi, ecx, 0x68 mov si, word [esi + (_players+12)] ; mov si, word [esi + 0x496b74] jmp short loc_0041b479 ; jmp 0x41b479 loc_0041b46d: mov esi, ecx shl esi, 4 mov si, word [esi + ref_00498dec] ; mov si, word [esi + 0x498dec] loc_0041b479: and esi, 0xffff mov eax, esi shl eax, 2 add eax, esi shl eax, 3 mov ecx, dword [ref_00498e80] ; mov ecx, dword [0x498e80] add eax, ecx mov ecx, dword [eax + 0x24] and ecx, 0xff mov dword [esp + 0xa0], ecx mov ecx, dword [eax + 0x24] and ecx, 0xf00 shr ecx, 8 mov dword [esp + 0x98], ecx mov eax, dword [eax + 0x24] and eax, 0xff0000 shr eax, 0x10 mov dword [esp + 0xa4], eax test eax, eax je short loc_0041b4e0 ; je 0x41b4e0 lea ebx, [eax - 1] mov eax, ebx shl eax, 2 sub eax, ebx mov al, byte [eax*8 + ref_00496d08] ; mov al, byte [eax*8 + 0x496d08] and eax, 0xff loc_0041b4e0: mov dword [esp + 0x9c], eax mov eax, dword [_current_player] ; mov eax, dword [0x49910c] cmp eax, 8 jne short loc_0041b536 ; jne 0x41b536 cmp dword [esp + 0xa4], 0 je near loc_0041c844 ; je 0x41c844 xor eax, eax mov ax, word [ref_00498e6e] ; mov ax, word [0x498e6e] push eax xor eax, eax mov ax, word [ref_00498e6c] ; mov ax, word [0x498e6c] push eax mov edx, dword [esp + 0xac] push edx call fcn_0040fafd ; call 0x40fafd add esp, 0xc mov ecx, dword [esp + 0xa4] push ecx call fcn_0040e14d ; call 0x40e14d add esp, 4 jmp near loc_0041c844 ; jmp 0x41c844 loc_0041b536: cmp eax, 4 jge near loc_0041b7ef ; jge 0x41b7ef cmp dword [esp + 0xa0], 0xe jne near loc_0041b5fd ; jne 0x41b5fd imul eax, eax, 0x68 cmp byte [eax + (_players+55)], 0 ; cmp byte [eax + 0x496b9f], 0 jne near loc_0041b5fd ; jne 0x41b5fd cmp dword [ref_0048baf8], 0 ; cmp dword [0x48baf8], 0 je near loc_0041b5fd ; je 0x41b5fd cmp dword [esp + 0x9c], 0x10 je near loc_0041b5fd ; je 0x41b5fd mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542e9 ; call 0x4542e9 add esp, 4 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+64)], 0 ; cmp byte [eax + 0x496ba8], 0 je short loc_0041b5ab ; je 0x41b5ab push ref_00482362 ; push 0x482362 call fcn_004542e9 ; call 0x4542e9 add esp, 4 loc_0041b5ab: call fcn_004379c9 ; call 0x4379c9 cmp byte [ref_0046caf8], 0 ; cmp byte [0x46caf8], 0 jne near loc_0041c844 ; jne 0x41c844 cmp dword [ref_0048baf8], 0 ; cmp dword [0x48baf8], 0 je short loc_0041b5fd ; je 0x41b5fd push 1 mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542ce ; call 0x4542ce add esp, 8 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+64)], 0 ; cmp byte [eax + 0x496ba8], 0 je short loc_0041b5fd ; je 0x41b5fd push 1 push ref_00482362 ; push 0x482362 call fcn_004542ce ; call 0x4542ce add esp, 8 loc_0041b5fd: mov cl, byte [_current_player] ; mov cl, byte [0x49910c] mov eax, 1 shl eax, cl not eax mov edi, dword [esp + 0x98] and edi, eax push edi call fcn_0040d293 ; call 0x40d293 mov ebp, eax add esp, 4 cmp eax, 0xffffffff je short loc_0041b697 ; je 0x41b697 imul eax, eax, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 jne short loc_0041b697 ; jne 0x41b697 cmp dword [ref_0048baf8], 0 ; cmp dword [0x48baf8], 0 jne short loc_0041b697 ; jne 0x41b697 mov eax, dword [ref_004990e8] ; mov eax, dword [0x4990e8] mov ebx, eax shl ebx, 2 sub ebx, eax shl ebx, 3 add ebx, eax shl ebx, 3 mov eax, ebx shl ebx, 2 add ebx, eax push ebx push ref_00463ab1 ; push 0x463ab1 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 push 0 push ebx push 0xffffffffffffffff mov edx, dword [_current_player] ; mov edx, dword [0x49910c] push edx call fcn_0041d2c6 ; call 0x41d2c6 add esp, 0x10 push ebp call fcn_0040cc56 ; call 0x40cc56 add esp, 4 loc_0041b697: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ch, byte [eax + (_players+64)] ; mov ch, byte [eax + 0x496ba8] test ch, ch je near loc_0041b7ef ; je 0x41b7ef mov al, ch and eax, 0xff lea ebx, [eax - 1] mov eax, ebx shl eax, 2 sub eax, ebx mov dl, byte [eax*8 + ref_00496d0c] ; mov dl, byte [eax*8 + 0x496d0c] dec dl mov byte [eax*8 + ref_00496d0c], dl ; mov byte [eax*8 + 0x496d0c], dl jne near loc_0041b78b ; jne 0x41b78b push ref_00482362 ; push 0x482362 call fcn_004542e9 ; call 0x4542e9 add esp, 4 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov al, byte [eax + (_players+64)] ; mov al, byte [eax + 0x496ba8] and eax, 0xff push eax call fcn_0040e14d ; call 0x40e14d add esp, 4 mov ecx, esi shl ecx, 2 add ecx, esi shl ecx, 3 mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] add eax, ecx mov di, word [eax + 0x20] test di, di je short loc_0041b727 ; je 0x41b727 push 0 mov eax, edi and eax, 0xffff push eax call fcn_0040ab4a ; call 0x40ab4a add esp, 8 loc_0041b727: mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_0040cd07 ; call 0x40cd07 add esp, 4 push 0 push 0 push 0x20d mov esi, dword [ref_0048a0e4] ; mov esi, dword [0x48a0e4] push esi call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x52 push 0x30001 push 0x28 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 xor edi, edi mov dword [ref_0048baf8], edi ; mov dword [0x48baf8], edi push 5 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp call fcn_0043ec3f ; call 0x43ec3f add esp, 8 jmp near loc_0041c844 ; jmp 0x41c844 loc_0041b78b: test edi, edi je short loc_0041b7ef ; je 0x41b7ef push edi call fcn_0040d293 ; call 0x40d293 add esp, 4 mov ebx, eax imul eax, eax, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_0041b7ef ; je 0x41b7ef mov ch, byte [eax + (_players+64)] ; mov ch, byte [eax + 0x496ba8] test ch, ch jne short loc_0041b7ef ; jne 0x41b7ef imul edi, dword [_current_player], 0x68 ; imul edi, dword [0x49910c], 0x68 mov bh, byte [edi + (_players+64)] ; mov bh, byte [edi + 0x496ba8] mov byte [eax + (_players+64)], bh ; mov byte [eax + 0x496ba8], bh mov cl, bl inc cl xor eax, eax mov al, bh lea ebx, [eax - 1] mov eax, ebx shl eax, 2 sub eax, ebx mov byte [eax*8 + ref_00496d0d], cl ; mov byte [eax*8 + 0x496d0d], cl mov byte [edi + (_players+64)], ch ; mov byte [edi + 0x496ba8], ch push ref_00482362 ; push 0x482362 call fcn_004542e9 ; call 0x4542e9 add esp, 4 loc_0041b7ef: mov eax, dword [esp + 0x9c] dec eax cmp eax, 0x11 ja near loc_0041c164 ; ja 0x41c164 jmp dword [eax*4 + ref_0041b3e5] ; ujmp: jmp dword [eax*4 + 0x41b3e5] loc_0041b807: mov edx, dword [_current_player] ; mov edx, dword [0x49910c] cmp edx, 4 jge near loc_0041c164 ; jge 0x41c164 cmp dword [ref_0048baf8], 0 ; cmp dword [0x48baf8], 0 jne near loc_0041c164 ; jne 0x41c164 mov ebx, dword [esp + 0xa4] push ebx push esi push edx call fcn_0040ead7 ; call 0x40ead7 jmp near loc_0041bb95 ; jmp 0x41bb95 loc_0041b837: mov edi, dword [ref_0048baf8] ; mov edi, dword [0x48baf8] test edi, edi jne near loc_0041c164 ; jne 0x41c164 push 0xb call fcn_0040e14d ; call 0x40e14d add esp, 4 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] cmp ebp, 4 jge short loc_0041b8a7 ; jge 0x41b8a7 imul eax, ebp, 0x68 cmp byte [eax + (_players+17)], 0 ; cmp byte [eax + 0x496b79], 0 je short loc_0041b89e ; je 0x41b89e push edi push edi push 0x228 mov eax, dword [ref_0048a0e4] ; mov eax, dword [0x48a0e4] push eax call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x55 push 0x10001 push 0x28 push edi push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 jmp near loc_0041c164 ; jmp 0x41c164 loc_0041b89e: push ebp call fcn_0040cd07 ; call 0x40cd07 add esp, 4 loc_0041b8a7: push 0 push 0 push 0x214 mov ebx, dword [ref_0048a0e4] ; mov ebx, dword [0x48a0e4] push ebx call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x5d push 0x30001 push 0x28 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 loc_0041b8de: xor edi, edi mov dword [ref_0048baf8], edi ; mov dword [0x48baf8], edi push 3 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp call fcn_0043ec3f ; call 0x43ec3f jmp near loc_0041c161 ; jmp 0x41c161 loc_0041b8f9: mov eax, dword [_current_player] ; mov eax, dword [0x49910c] cmp eax, 4 jge near loc_0041b995 ; jge 0x41b995 cmp dword [ref_0048baf8], 0 ; cmp dword [0x48baf8], 0 jne near loc_0041b995 ; jne 0x41b995 push eax call fcn_00445ada ; call 0x445ada mov ebx, eax add esp, 4 test eax, eax je near loc_0041c164 ; je 0x41c164 push 0 push ref_0048237a ; push 0x48237a call fcn_004542ce ; call 0x4542ce add esp, 8 push 0xd call fcn_0040e14d ; call 0x40e14d add esp, 4 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov ecx, dword [ebx*8 + (ref_0047fee2 - 8)] ; mov ecx, dword [ebx*8 + 0x47feda] push ecx push ref_00463aa8 ; push 0x463aa8 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 xor eax, eax mov al, byte [ebx*8 + (ref_0047fee2 - 3)] ; mov al, byte [ebx*8 + 0x47fedf] push eax mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_0044f230 ; call 0x44f230 jmp near loc_0041c161 ; jmp 0x41c161 loc_0041b995: mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] cmp ecx, 4 jne near loc_0041c164 ; jne 0x41c164 mov eax, ecx shl eax, 4 cmp byte [eax + ref_00498df5], 0 ; cmp byte [eax + 0x498df5], 0 jne near loc_0041c164 ; jne 0x41c164 push 0xd call fcn_0040e14d ; call 0x40e14d add esp, 4 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov eax, dword [_current_player] ; mov eax, dword [0x49910c] shl eax, 4 mov al, byte [eax + ref_00498df0] ; mov al, byte [eax + 0x498df0] and eax, 0xff imul eax, eax, 0x68 mov ebx, dword [eax + (_players+0)] ; mov ebx, dword [eax + 0x496b68] push ebx lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 lea eax, [esp + 0x80] push eax mov edi, dword [ref_0047edaa] ; mov edi, dword [0x47edaa] push edi push ref_00463ac0 ; push 0x463ac0 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542e9 ; call 0x4542e9 add esp, 4 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] shl eax, 4 mov al, byte [eax + ref_00498df0] ; mov al, byte [eax + 0x498df0] and eax, 0xff push eax call fcn_00445ada ; call 0x445ada mov ebx, eax add esp, 4 test eax, eax je near loc_0041be38 ; je 0x41be38 push 0 push ref_0048237a ; push 0x48237a call fcn_004542ce ; call 0x4542ce add esp, 8 push 0 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] shl eax, 4 mov al, byte [eax + ref_00498df0] ; mov al, byte [eax + 0x498df0] and eax, 0xff imul eax, eax, 0x68 xor ecx, ecx mov cx, word [eax + (_players+10)] ; mov cx, word [eax + 0x496b72] push ecx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov ebp, dword [ebx*8 + (ref_0047fee2 - 8)] ; mov ebp, dword [ebx*8 + 0x47feda] push ebp push ref_00463aa8 ; push 0x463aa8 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 xor eax, eax mov al, byte [ebx*8 + (ref_0047fee2 - 3)] ; mov al, byte [ebx*8 + 0x47fedf] push eax mov eax, dword [_current_player] ; mov eax, dword [0x49910c] shl eax, 4 mov al, byte [eax + ref_00498df0] ; mov al, byte [eax + 0x498df0] and eax, 0xff push eax call fcn_0044f230 ; call 0x44f230 add esp, 8 loc_0041bb02: call fcn_0041d546 ; call 0x41d546 jmp near loc_0041be38 ; jmp 0x41be38 loc_0041bb0c: cmp dword [_current_player], 4 ; cmp dword [0x49910c], 4 jge near loc_0041bb9d ; jge 0x41bb9d mov ecx, dword [ref_0048baf8] ; mov ecx, dword [0x48baf8] test ecx, ecx jne short loc_0041bb9d ; jne 0x41bb9d push ecx push ref_00482382 ; push 0x482382 call fcn_004542ce ; call 0x4542ce add esp, 8 push 0xe call fcn_0040e14d ; call 0x40e14d add esp, 4 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0x5dc push ref_00463ad3 ; push 0x463ad3 call fcn_00440cac ; call 0x440cac add esp, 8 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 add word [eax + (_players+48)], 0x1f4 ; add word [eax + 0x496b98], 0x1f4 xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 mov ebx, eax mov edi, dword [ebx + eax*8 + ref_0048084a] ; mov edi, dword [ebx + eax*8 + 0x48084a] push edi push 0 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp loc_0041bb90: call fcn_0044ef41 ; call 0x44ef41 loc_0041bb95: add esp, 0xc jmp near loc_0041c164 ; jmp 0x41c164 loc_0041bb9d: mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] cmp ebx, 4 jne near loc_0041c164 ; jne 0x41c164 mov eax, ebx shl eax, 4 cmp byte [eax + ref_00498df5], 0 ; cmp byte [eax + 0x498df5], 0 jne near loc_0041c164 ; jne 0x41c164 push 0 push ref_00482382 ; push 0x482382 call fcn_004542ce ; call 0x4542ce add esp, 8 push 0xe call fcn_0040e14d ; call 0x40e14d add esp, 4 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov eax, dword [_current_player] ; mov eax, dword [0x49910c] shl eax, 4 mov al, byte [eax + ref_00498df0] ; mov al, byte [eax + 0x498df0] and eax, 0xff imul eax, eax, 0x68 mov edi, dword [eax + (_players+0)] ; mov edi, dword [eax + 0x496b68] push edi lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 lea eax, [esp + 0x80] push eax mov ebp, dword [ref_0047edae] ; mov ebp, dword [0x47edae] push ebp push ref_00463ac0 ; push 0x463ac0 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542e9 ; call 0x4542e9 add esp, 4 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 push 0 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] shl eax, 4 mov al, byte [eax + ref_00498df0] ; mov al, byte [eax + 0x498df0] and eax, 0xff imul eax, eax, 0x68 xor ecx, ecx mov cx, word [eax + (_players+10)] ; mov cx, word [eax + 0x496b72] push ecx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0x5dc push ref_00463ad3 ; push 0x463ad3 call fcn_00440cac ; call 0x440cac add esp, 8 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] shl eax, 4 movzx edi, byte [eax + ref_00498df0] ; movzx edi, byte [eax + 0x498df0] imul eax, edi, 0x68 add word [eax + (_players+48)], 0x1f4 ; add word [eax + 0x496b98], 0x1f4 xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 mov ebx, eax mov edx, dword [ebx + eax*8 + ref_0048084a] ; mov edx, dword [ebx + eax*8 + 0x48084a] push edx push 0 push edi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc jmp near loc_0041bb02 ; jmp 0x41bb02 loc_0041bceb: mov eax, dword [_current_player] ; mov eax, dword [0x49910c] cmp eax, 8 jge short loc_0041bd65 ; jge 0x41bd65 cmp eax, 4 je short loc_0041bd65 ; je 0x41bd65 mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542e9 ; call 0x4542e9 add esp, 4 mov edx, dword [esp + 0xa4] push edx call fcn_0040e14d ; call 0x40e14d add esp, 4 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc xor ecx, ecx mov dword [ref_0048baf8], ecx ; mov dword [0x48baf8], ecx mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] cmp ebx, 4 jge near loc_0041c164 ; jge 0x41c164 imul eax, ebx, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff imul eax, eax, 0x68 mov ebp, dword [eax + (_tool_strings+56)] ; mov ebp, dword [eax + 0x480d92] push ebp push 1 push ebx jmp near loc_0041bb90 ; jmp 0x41bb90 loc_0041bd65: mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] cmp ecx, 4 jne near loc_0041c164 ; jne 0x41c164 mov eax, ecx shl eax, 4 cmp byte [eax + ref_00498df5], 0 ; cmp byte [eax + 0x498df5], 0 jne near loc_0041c164 ; jne 0x41c164 mov ebx, dword [esp + 0xa4] push ebx call fcn_0040e14d ; call 0x40e14d add esp, 4 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov eax, dword [_current_player] ; mov eax, dword [0x49910c] shl eax, 4 mov al, byte [eax + ref_00498df0] ; mov al, byte [eax + 0x498df0] and eax, 0xff imul eax, eax, 0x68 mov edi, dword [eax + (_players+0)] ; mov edi, dword [eax + 0x496b68] push edi lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 lea eax, [esp + 0x80] push eax mov ebp, dword [ref_0047edb6] ; mov ebp, dword [0x47edb6] push ebp push ref_00463ac0 ; push 0x463ac0 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542e9 ; call 0x4542e9 add esp, 4 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 push 2 loc_0041be1c: mov eax, dword [_current_player] ; mov eax, dword [0x49910c] shl eax, 4 mov al, byte [eax + ref_00498df0] ; mov al, byte [eax + 0x498df0] and eax, 0xff push eax call fcn_00445a4d ; call 0x445a4d add esp, 8 loc_0041be38: cmp dword [ref_0048baf8], 0 ; cmp dword [0x48baf8], 0 je near loc_0041c164 ; je 0x41c164 push 1 mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542ce ; call 0x4542ce jmp near loc_0041c161 ; jmp 0x41c161 loc_0041be5f: mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] cmp ebp, 8 jge near loc_0041bf16 ; jge 0x41bf16 cmp ebp, 4 je near loc_0041bf16 ; je 0x41bf16 cmp dword [ref_0048baf8], 0 ; cmp dword [0x48baf8], 0 jne near loc_0041bf16 ; jne 0x41bf16 mov edx, dword [esp + 0xa4] push edx call fcn_0040e14d ; call 0x40e14d add esp, 4 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] cmp ecx, 4 jge short loc_0041bea8 ; jge 0x41bea8 push ecx call fcn_0040cd07 ; call 0x40cd07 add esp, 4 loc_0041bea8: push 0 push 0 push 0x20d mov edi, dword [ref_0048a0e4] ; mov edi, dword [0x48a0e4] push edi call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x52 push 0x30001 push 0x28 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] cmp ebp, 4 jge near loc_0041b8de ; jge 0x41b8de imul eax, ebp, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff imul eax, eax, 0x68 mov ecx, dword [eax + (_tool_strings+60)] ; mov ecx, dword [eax + 0x480d96] push ecx push 1 push ebp call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc jmp near loc_0041b8de ; jmp 0x41b8de loc_0041bf16: mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] cmp ecx, 4 jne near loc_0041c164 ; jne 0x41c164 mov eax, ecx shl eax, 4 cmp byte [eax + ref_00498df5], 0 ; cmp byte [eax + 0x498df5], 0 jne near loc_0041c164 ; jne 0x41c164 mov ebx, dword [esp + 0xa4] push ebx call fcn_0040e14d ; call 0x40e14d add esp, 4 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov eax, dword [_current_player] ; mov eax, dword [0x49910c] shl eax, 4 mov al, byte [eax + ref_00498df0] ; mov al, byte [eax + 0x498df0] and eax, 0xff imul eax, eax, 0x68 mov edi, dword [eax + (_players+0)] ; mov edi, dword [eax + 0x496b68] push edi lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 lea eax, [esp + 0x80] push eax mov ebp, dword [ref_0047edba] ; mov ebp, dword [0x47edba] push ebp push ref_00463ac0 ; push 0x463ac0 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542e9 ; call 0x4542e9 add esp, 4 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 push 3 jmp near loc_0041be1c ; jmp 0x41be1c loc_0041bfd2: mov eax, dword [_current_player] ; mov eax, dword [0x49910c] cmp eax, 4 jge near loc_0041c072 ; jge 0x41c072 imul eax, eax, 0x68 mov dl, byte [eax + (_players+64)] ; mov dl, byte [eax + 0x496ba8] test dl, dl jne near loc_0041c072 ; jne 0x41c072 cmp dword [ref_0048baf8], 0 ; cmp dword [0x48baf8], 0 jne short loc_0041c072 ; jne 0x41c072 mov bl, byte [esp + 0xa4] mov byte [eax + (_players+64)], bl ; mov byte [eax + 0x496ba8], bl mov cl, byte [_current_player] ; mov cl, byte [0x49910c] inc cl mov ebx, dword [esp + 0xa4] dec ebx mov eax, ebx shl eax, 2 sub eax, ebx mov byte [eax*8 + ref_00496d0d], cl ; mov byte [eax*8 + 0x496d0d], cl mov byte [eax*8 + ref_00496d0c], 0x26 ; mov byte [eax*8 + 0x496d0c], 0x26 mov eax, esi shl eax, 2 add eax, esi mov ecx, dword [ref_00498e80] ; mov ecx, dword [0x498e80] mov byte [ecx + eax*8 + 0x26], dl push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] imul eax, ecx, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff imul eax, eax, 0x68 mov ebx, dword [eax + (_tool_strings+64)] ; mov ebx, dword [eax + 0x480d9a] push ebx push 2 push ecx jmp near loc_0041bb90 ; jmp 0x41bb90 loc_0041c072: mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] cmp ebx, 4 jne near loc_0041c164 ; jne 0x41c164 mov eax, ebx shl eax, 4 cmp byte [eax + ref_00498df5], 0 ; cmp byte [eax + 0x498df5], 0 jne near loc_0041c164 ; jne 0x41c164 mov edi, dword [esp + 0xa4] push edi call fcn_0040e14d ; call 0x40e14d add esp, 4 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov eax, dword [_current_player] ; mov eax, dword [0x49910c] shl eax, 4 mov al, byte [eax + ref_00498df0] ; mov al, byte [eax + 0x498df0] and eax, 0xff imul eax, eax, 0x68 mov ebp, dword [eax + (_players+0)] ; mov ebp, dword [eax + 0x496b68] push ebp lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 lea eax, [esp + 0x80] push eax mov eax, dword [ref_0047edbe] ; mov eax, dword [0x47edbe] push eax push ref_00463ac0 ; push 0x463ac0 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542e9 ; call 0x4542e9 add esp, 4 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 push ebx mov eax, dword [_current_player] ; mov eax, dword [0x49910c] shl eax, 4 mov al, byte [eax + ref_00498df0] ; mov al, byte [eax + 0x498df0] and eax, 0xff push eax call fcn_00445a4d ; call 0x445a4d add esp, 8 cmp dword [ref_0048baf8], 0 ; cmp dword [0x48baf8], 0 je short loc_0041c164 ; je 0x41c164 push 1 mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542ce ; call 0x4542ce loc_0041c161: add esp, 8 loc_0041c164: mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] cmp ebp, 4 jl near loc_0041c844 ; jl 0x41c844 mov ebx, ebp mov eax, ebp shl eax, 4 cmp byte [eax + ref_00498df2], 0 ; cmp byte [eax + 0x498df2], 0 jne near loc_0041c7a6 ; jne 0x41c7a6 cmp byte [eax + ref_00498df5], 0 ; cmp byte [eax + 0x498df5], 0 jne near loc_0041c7a6 ; jne 0x41c7a6 cmp ebp, 4 je short loc_0041c1a2 ; je 0x41c1a2 cmp ebp, 5 jne near loc_0041c447 ; jne 0x41c447 loc_0041c1a2: mov eax, dword [_current_player] ; mov eax, dword [0x49910c] shl eax, 4 mov cl, byte [eax + ref_00498df0] ; mov cl, byte [eax + 0x498df0] mov eax, 1 shl eax, cl not eax mov edi, dword [esp + 0x98] and edi, eax je near loc_0041c330 ; je 0x41c330 push edi call fcn_0040d293 ; call 0x40d293 mov esi, eax add esp, 4 imul ebx, eax, 0x68 cmp byte [ebx + (_players+21)], 0 ; cmp byte [ebx + 0x496b7d], 0 je near loc_0041c330 ; je 0x41c330 mov edx, dword [ebx + (_players+0)] ; mov edx, dword [ebx + 0x496b68] push edx lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 cmp dword [_current_player], 4 ; cmp dword [0x49910c], 4 jne near loc_0041c293 ; jne 0x41c293 xor edi, edi mov di, word [ebx + (_players+48)] ; mov di, word [ebx + 0x496b98] sar edi, 1 test edi, edi je near loc_0041c330 ; je 0x41c330 mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542e9 ; call 0x4542e9 add esp, 4 push edi lea eax, [esp + 0x84] push eax push ref_00463ae4 ; push 0x463ae4 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0x3e8 lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 sub word [ebx + (_players+48)], di ; sub word [ebx + 0x496b98], di mov eax, dword [_current_player] ; mov eax, dword [0x49910c] shl eax, 4 mov al, byte [eax + ref_00498df0] ; mov al, byte [eax + 0x498df0] and eax, 0xff imul eax, eax, 0x68 add word [eax + (_players+48)], di ; add word [eax + 0x496b98], di cmp dword [ref_0048baf8], 0 ; cmp dword [0x48baf8], 0 je near loc_0041c330 ; je 0x41c330 jmp near loc_0041c318 ; jmp 0x41c318 loc_0041c293: push esi call fcn_00441e77 ; call 0x441e77 mov ebx, eax add esp, 4 test eax, eax je near loc_0041c330 ; je 0x41c330 mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542e9 ; call 0x4542e9 add esp, 4 mov eax, ebx mov esi, dword [eax*8 + (_card_table - 8)] ; mov esi, dword [eax*8 + 0x47fdea] push esi lea eax, [esp + 0x84] push eax push ref_00463af7 ; push 0x463af7 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0x3e8 lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 push ebx mov eax, dword [_current_player] ; mov eax, dword [0x49910c] shl eax, 4 mov al, byte [eax + ref_00498df0] ; mov al, byte [eax + 0x498df0] and eax, 0xff push eax call fcn_004412e4 ; call 0x4412e4 add esp, 8 cmp dword [ref_0048baf8], 0 ; cmp dword [0x48baf8], 0 je short loc_0041c330 ; je 0x41c330 loc_0041c318: push 1 mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542ce ; call 0x4542ce add esp, 8 loc_0041c330: cmp dword [_current_player], 5 ; cmp dword [0x49910c], 5 jne near loc_0041c7a6 ; jne 0x41c7a6 cmp dword [esp + 0xa0], 0xe jne near loc_0041c7a6 ; jne 0x41c7a6 xor ebx, ebx xor edi, edi loc_0041c34f: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_0041c3ad ; jge 0x41c3ad imul esi, ebx, 0x68 cmp byte [esi + (_players+21)], 0 ; cmp byte [esi + 0x496b7d], 0 je short loc_0041c3aa ; je 0x41c3aa mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] shl ebp, 4 movzx ebp, byte [ebp + ref_00498df0] ; movzx ebp, byte [ebp + 0x498df0] cmp ebx, ebp je short loc_0041c3aa ; je 0x41c3aa fild dword [esi + (_players+32)] ; fild dword [esi + 0x496b88] fmul qword [ref_00463b60] ; fmul qword [0x463b60] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x94] push 5 mov eax, dword [esp + 0x98] push eax push ebp push ebx call fcn_0041d2c6 ; call 0x41d2c6 add esp, 0x10 add edi, dword [esp + 0x94] loc_0041c3aa: inc ebx jmp short loc_0041c34f ; jmp 0x41c34f loc_0041c3ad: mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542e9 ; call 0x4542e9 add esp, 4 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] shl eax, 4 mov al, byte [eax + ref_00498df0] ; mov al, byte [eax + 0x498df0] and eax, 0xff imul eax, eax, 0x68 mov ebx, dword [eax + (_players+0)] ; mov ebx, dword [eax + 0x496b68] push ebx lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 lea eax, [esp + 0x80] push eax push edi push ref_00463b02 ; push 0x463b02 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0x7d0 lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 cmp dword [ref_0048baf8], 0 ; cmp dword [0x48baf8], 0 je near loc_0041c7a6 ; je 0x41c7a6 push 1 mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542ce ; call 0x4542ce add esp, 8 jmp near loc_0041c7a6 ; jmp 0x41c7a6 loc_0041c447: mov eax, dword [ref_0048baf8] ; mov eax, dword [0x48baf8] test eax, eax jne near loc_0041c7a6 ; jne 0x41c7a6 push 1 push eax push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov eax, esi shl eax, 2 add eax, esi mov edi, dword [ref_00498e80] ; mov edi, dword [0x498e80] mov di, word [edi + eax*8 + 0x20] cmp di, 0x7d0 jbe near loc_0041c5cd ; jbe 0x41c5cd cmp di, 0xfa0 jae near loc_0041c5cd ; jae 0x41c5cd xor eax, eax mov ax, di sub eax, 0x7d0 imul eax, eax, 0x34 mov ebp, dword [ref_00498e84] ; mov ebp, dword [0x498e84] add ebp, eax mov dl, byte [ebp + 0x19] test dl, dl je near loc_0041c7a6 ; je 0x41c7a6 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] shl eax, 4 xor ecx, ecx mov cl, byte [eax + ref_00498df0] ; mov cl, byte [eax + 0x498df0] xor eax, eax mov al, dl dec eax cmp ecx, eax je near loc_0041c7a6 ; je 0x41c7a6 imul eax, eax, 0x68 mov edi, dword [eax + (_players+0)] ; mov edi, dword [eax + 0x496b68] push edi lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 cmp dword [_current_player], 6 ; cmp dword [0x49910c], 6 jne near loc_0041c597 ; jne 0x41c597 mov ebx, 1 mov esi, dword [ref_00498e84] ; mov esi, dword [0x498e84] add esi, 0x34 xor edi, edi loc_0041c4fc: cmp ebx, dword [ref_00498e98] ; cmp ebx, dword [0x498e98] jg short loc_0041c52c ; jg 0x41c52c mov al, byte [esi + 0x19] cmp al, byte [ebp + 0x19] jne short loc_0041c526 ; jne 0x41c526 lea eax, [esi + 4] push eax lea eax, [ebp + 4] push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne short loc_0041c526 ; jne 0x41c526 mov ax, word [esi + 0x1c] add edi, eax loc_0041c526: inc ebx add esi, 0x34 jmp short loc_0041c4fc ; jmp 0x41c4fc loc_0041c52c: mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542e9 ; call 0x4542e9 add esp, 4 imul edi, dword [ref_004990e8] ; imul edi, dword [0x4990e8] push edi lea eax, [esp + 0x84] push eax push ref_00463b21 ; push 0x463b21 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 loc_0041c564: push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 push 0 push edi mov eax, dword [_current_player] ; mov eax, dword [0x49910c] shl eax, 4 mov al, byte [eax + ref_00498df0] ; mov al, byte [eax + 0x498df0] and eax, 0xff push eax xor eax, eax mov al, byte [ebp + 0x19] jmp near loc_0041c6b6 ; jmp 0x41c6b6 loc_0041c597: mov edi, dword [ebp + 0x2c] test edi, edi je near loc_0041c7a6 ; je 0x41c7a6 mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542e9 ; call 0x4542e9 add esp, 4 push edi push ref_00463b36 ; push 0x463b36 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc jmp short loc_0041c564 ; jmp 0x41c564 loc_0041c5cd: cmp di, 0xfa0 jbe near loc_0041c6e6 ; jbe 0x41c6e6 cmp di, 0x1770 jae near loc_0041c6e6 ; jae 0x41c6e6 xor eax, eax mov ax, di sub eax, 0xfa0 shl eax, 3 mov ebx, eax shl eax, 3 sub eax, ebx mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] add ebx, eax cmp byte [ebx + 0x19], 0 je near loc_0041c7a6 ; je 0x41c7a6 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] shl eax, 4 xor ecx, ecx mov cl, byte [eax + ref_00498df0] ; mov cl, byte [eax + 0x498df0] xor eax, eax mov al, byte [ebx + 0x19] dec eax cmp ecx, eax je near loc_0041c7a6 ; je 0x41c7a6 imul eax, eax, 0x68 mov edx, dword [eax + (_players+0)] ; mov edx, dword [eax + 0x496b68] push edx lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a cmp dword [_current_player], 6 ; cmp dword [0x49910c], 6 jne short loc_0041c6bd ; jne 0x41c6bd push eax call fcn_004542e9 ; call 0x4542e9 add esp, 4 xor edi, edi mov di, word [ebx + 0x22] imul edi, dword [ref_004990e8] ; imul edi, dword [0x4990e8] push edi lea eax, [esp + 0x84] push eax push ref_00463b21 ; push 0x463b21 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 loc_0041c688: push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 push 0 push edi mov eax, dword [_current_player] ; mov eax, dword [0x49910c] shl eax, 4 mov al, byte [eax + ref_00498df0] ; mov al, byte [eax + 0x498df0] and eax, 0xff push eax xor eax, eax mov al, byte [ebx + 0x19] loc_0041c6b6: dec eax push eax jmp near loc_0041c79e ; jmp 0x41c79e loc_0041c6bd: mov edi, dword [ebx + 0x30] test edi, edi je near loc_0041c7a6 ; je 0x41c7a6 push eax call fcn_004542e9 ; call 0x4542e9 add esp, 4 push edi push ref_00463b36 ; push 0x463b36 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc jmp short loc_0041c688 ; jmp 0x41c688 loc_0041c6e6: cmp di, 0x1770 jbe near loc_0041c7a6 ; jbe 0x41c7a6 cmp di, 0x1f40 jae near loc_0041c7a6 ; jae 0x41c7a6 xor esi, esi mov si, di lea eax, [esi - 0x1770] imul eax, eax, 0x34 mov edi, dword [ref_00498e7c] ; mov edi, dword [0x498e7c] add edi, eax cmp byte [edi + 0x18], 0 je near loc_0041c7a6 ; je 0x41c7a6 mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] mov eax, ebx shl eax, 4 xor ecx, ecx mov cl, byte [eax + ref_00498df0] ; mov cl, byte [eax + 0x498df0] xor eax, eax mov al, byte [edi + 0x18] dec eax cmp ecx, eax je short loc_0041c7a6 ; je 0x41c7a6 cmp ebx, 7 jne short loc_0041c7a6 ; jne 0x41c7a6 mov edi, dword [edi + 0x28] test edi, edi je short loc_0041c7a6 ; je 0x41c7a6 mov eax, dword [ref_004749d4] ; mov eax, dword [0x4749d4] shl eax, 3 add eax, ref_0048234a ; add eax, 0x48234a push eax call fcn_004542e9 ; call 0x4542e9 add esp, 4 push edi push ref_00463b49 ; push 0x463b49 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 push 0 push edi mov eax, dword [_current_player] ; mov eax, dword [0x49910c] shl eax, 4 mov al, byte [eax + ref_00498df0] ; mov al, byte [eax + 0x498df0] and eax, 0xff push eax sub esi, 0x170c push esi loc_0041c79e: call fcn_0041d2c6 ; call 0x41d2c6 add esp, 0x10 loc_0041c7a6: mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] mov eax, ebx shl eax, 4 mov cl, byte [eax + ref_00498df3] ; mov cl, byte [eax + 0x498df3] and cl, 0x7f cmp cl, 1 jne short loc_0041c7f6 ; jne 0x41c7f6 cmp dword [esp + 0xa0], 4 jne short loc_0041c7f6 ; jne 0x41c7f6 mov cl, byte [eax + ref_00498df3] ; mov cl, byte [eax + 0x498df3] test cl, 0x80 je short loc_0041c7e9 ; je 0x41c7e9 push 0 push ebx call fcn_0043d593 ; call 0x43d593 add esp, 8 xor ebp, ebp mov dword [ref_0048baf8], ebp ; mov dword [0x48baf8], ebp jmp short loc_0041c844 ; jmp 0x41c844 loc_0041c7e9: mov ch, cl or ch, 0x80 mov byte [eax + ref_00498df3], ch ; mov byte [eax + 0x498df3], ch jmp short loc_0041c844 ; jmp 0x41c844 loc_0041c7f6: mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] mov eax, ebx shl eax, 4 mov cl, byte [eax + ref_00498df3] ; mov cl, byte [eax + 0x498df3] and cl, 0x7f cmp cl, 2 jne short loc_0041c844 ; jne 0x41c844 cmp dword [esp + 0xa0], 5 jne short loc_0041c844 ; jne 0x41c844 mov dl, byte [eax + ref_00498df3] ; mov dl, byte [eax + 0x498df3] test dl, 0x80 je short loc_0041c839 ; je 0x41c839 push 0 push ebx call fcn_0043ec3f ; call 0x43ec3f add esp, 8 xor edi, edi mov dword [ref_0048baf8], edi ; mov dword [0x48baf8], edi jmp short loc_0041c844 ; jmp 0x41c844 loc_0041c839: mov dh, dl or dh, 0x80 mov byte [eax + ref_00498df3], dh ; mov byte [eax + 0x498df3], dh loc_0041c844: add esp, 0xa8 pop ebp pop edi pop esi pop ebx ret fcn_0041c84f: push ebx push esi push ebp sub esp, 0x80 mov ebx, dword [esp + 0x90] cmp ebx, 4 jge near loc_0041ce39 ; jge 0x41ce39 call fcn_0042915a ; call 0x42915a call fcn_00436a5a ; call 0x436a5a imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je near loc_0041cf5d ; je 0x41cf5d cmp byte [ref_0046caf8], 0 ; cmp byte [0x46caf8], 0 jne near loc_0041cf5d ; jne 0x41cf5d mov cl, byte [eax + (_players+50)] ; mov cl, byte [eax + 0x496b9a] test cl, 0x80 je short loc_0041c8a5 ; je 0x41c8a5 push ebx call fcn_0040d6be ; call 0x40d6be add esp, 4 jmp short loc_0041c8bc ; jmp 0x41c8bc loc_0041c8a5: test cl, cl je short loc_0041c8bc ; je 0x41c8bc mov dl, cl dec dl mov byte [eax + (_players+50)], dl ; mov byte [eax + 0x496b9a], dl jne short loc_0041c8bc ; jne 0x41c8bc or byte [eax + (_players+50)], 0x80 ; or byte [eax + 0x496b9a], 0x80 loc_0041c8bc: imul eax, ebx, 0x68 mov ch, byte [eax + (_players+51)] ; mov ch, byte [eax + 0x496b9b] test ch, 0x80 je short loc_0041c8d5 ; je 0x41c8d5 push ebx call fcn_0040d4e5 ; call 0x40d4e5 add esp, 4 jmp short loc_0041c8f3 ; jmp 0x41c8f3 loc_0041c8d5: test ch, ch je short loc_0041c8f3 ; je 0x41c8f3 mov dh, ch dec dh mov byte [eax + (_players+51)], dh ; mov byte [eax + 0x496b9b], dh test dh, 0x3f jne short loc_0041c8f3 ; jne 0x41c8f3 mov ch, dh or ch, 0x80 mov byte [eax + (_players+51)], ch ; mov byte [eax + 0x496b9b], ch loc_0041c8f3: imul eax, ebx, 0x68 mov dl, byte [eax + (_players+52)] ; mov dl, byte [eax + 0x496b9c] test dl, 0x80 je short loc_0041c90c ; je 0x41c90c push ebx call fcn_0043d7bf ; call 0x43d7bf add esp, 4 jmp short loc_0041c927 ; jmp 0x41c927 loc_0041c90c: test dl, dl je short loc_0041c927 ; je 0x41c927 mov cl, dl dec cl mov byte [eax + (_players+52)], cl ; mov byte [eax + 0x496b9c], cl jne short loc_0041c927 ; jne 0x41c927 mov dl, cl or dl, 0x80 mov byte [eax + (_players+52)], dl ; mov byte [eax + 0x496b9c], dl loc_0041c927: imul eax, ebx, 0x68 mov dh, byte [eax + (_players+53)] ; mov dh, byte [eax + 0x496b9d] test dh, 0x80 je short loc_0041c940 ; je 0x41c940 push ebx call fcn_0043ee6e ; call 0x43ee6e add esp, 4 jmp short loc_0041c95b ; jmp 0x41c95b loc_0041c940: test dh, dh je short loc_0041c95b ; je 0x41c95b mov ch, dh dec ch mov byte [eax + (_players+53)], ch ; mov byte [eax + 0x496b9d], ch jne short loc_0041c95b ; jne 0x41c95b mov dh, ch or dh, 0x80 mov byte [eax + (_players+53)], dh ; mov byte [eax + 0x496b9d], dh loc_0041c95b: imul eax, ebx, 0x68 cmp dword [eax + (_players+50)], 0 ; cmp dword [eax + 0x496b9a], 0 jne near loc_0041ca8f ; jne 0x41ca8f test byte [eax + (_players+54)], 0x80 ; test byte [eax + 0x496b9e], 0x80 je short loc_0041c9a4 ; je 0x41c9a4 xor ch, ch mov byte [eax + (_players+54)], ch ; mov byte [eax + 0x496b9e], ch imul eax, ebx, 0x34 and byte [eax + ref_00498ea0], 0xbf ; and byte [eax + 0x498ea0], 0xbf mov al, byte [eax + ref_00498ea1] ; mov al, byte [eax + 0x498ea1] and eax, 0xff push eax push ebx call fcn_0040b8d8 ; call 0x40b8d8 add esp, 8 push ebx call fcn_0040b93b ; call 0x40b93b add esp, 4 loc_0041c9a4: imul eax, ebx, 0x68 test byte [eax + (_players+55)], 0x80 ; test byte [eax + 0x496b9f], 0x80 je near loc_0041ca7b ; je 0x41ca7b xor cl, cl mov byte [eax + (_players+55)], cl ; mov byte [eax + 0x496b9f], cl mov al, byte [eax + (_players+102)] ; mov al, byte [eax + 0x496bce] and al, 3 movzx esi, al cmp esi, 1 jne short loc_0041c9e3 ; jne 0x41c9e3 mov eax, ebx shl eax, 2 add eax, ebx mov edx, eax shl eax, 2 sub eax, edx cmp byte [eax + ref_00499160], 0 ; cmp byte [eax + 0x499160], 0 jne short loc_0041ca04 ; jne 0x41ca04 loc_0041c9e3: cmp esi, 2 jne short loc_0041c9ff ; jne 0x41c9ff mov eax, ebx shl eax, 2 add eax, ebx mov edx, eax shl eax, 2 sub eax, edx cmp byte [eax + ref_00499161], 0 ; cmp byte [eax + 0x499161], 0 jne short loc_0041ca04 ; jne 0x41ca04 loc_0041c9ff: cmp esi, 3 jne short loc_0041ca60 ; jne 0x41ca60 loc_0041ca04: imul eax, ebx, 0x68 mov dl, byte [eax + (_players+102)] ; mov dl, byte [eax + 0x496bce] mov byte [eax + (_players+17)], dl ; mov byte [eax + 0x496b79], dl mov dl, byte [eax + (_players+103)] ; mov dl, byte [eax + 0x496bcf] mov byte [eax + (_players+18)], dl ; mov byte [eax + 0x496b7a], dl mov ch, byte [eax + (_players+17)] ; mov ch, byte [eax + 0x496b79] cmp ch, 1 jne short loc_0041ca3e ; jne 0x41ca3e mov eax, ebx shl eax, 2 add eax, ebx mov edx, eax shl eax, 2 sub eax, edx sub byte [eax + ref_00499160], ch ; sub byte [eax + 0x499160], ch loc_0041ca3e: imul eax, ebx, 0x68 cmp byte [eax + (_players+17)], 2 ; cmp byte [eax + 0x496b79], 2 jne short loc_0041ca72 ; jne 0x41ca72 mov eax, ebx shl eax, 2 add eax, ebx mov edx, eax shl eax, 2 sub eax, edx dec byte [eax + ref_00499161] ; dec byte [eax + 0x499161] jmp short loc_0041ca72 ; jmp 0x41ca72 loc_0041ca60: imul eax, ebx, 0x68 xor dh, dh mov byte [eax + (_players+17)], dh ; mov byte [eax + 0x496b79], dh mov byte [eax + (_players+18)], 1 ; mov byte [eax + 0x496b7a], 1 loc_0041ca72: push ebx call fcn_0040b93b ; call 0x40b93b add esp, 4 loc_0041ca7b: imul eax, ebx, 0x68 test byte [eax + (_players+57)], 0x80 ; test byte [eax + 0x496ba1], 0x80 je short loc_0041ca8f ; je 0x41ca8f xor dl, dl mov byte [eax + (_players+57)], dl ; mov byte [eax + 0x496ba1], dl loc_0041ca8f: imul eax, ebx, 0x68 test byte [eax + (_players+56)], 0x80 ; test byte [eax + 0x496ba0], 0x80 je short loc_0041caa3 ; je 0x41caa3 xor cl, cl mov byte [eax + (_players+56)], cl ; mov byte [eax + 0x496ba0], cl loc_0041caa3: imul eax, ebx, 0x68 test byte [eax + (_players+59)], 0x80 ; test byte [eax + 0x496ba3], 0x80 je short loc_0041cab7 ; je 0x41cab7 xor dl, dl mov byte [eax + (_players+59)], dl ; mov byte [eax + 0x496ba3], dl loc_0041cab7: imul eax, ebx, 0x68 test byte [eax + (_players+60)], 0x80 ; test byte [eax + 0x496ba4], 0x80 je short loc_0041cacb ; je 0x41cacb xor cl, cl mov byte [eax + (_players+60)], cl ; mov byte [eax + 0x496ba4], cl loc_0041cacb: imul eax, ebx, 0x68 test byte [eax + (_players+61)], 0x80 ; test byte [eax + 0x496ba5], 0x80 je short loc_0041cae0 ; je 0x41cae0 push ebx call fcn_0040cc1a ; call 0x40cc1a add esp, 4 loc_0041cae0: imul eax, ebx, 0x68 test byte [eax + (_players+62)], 0x80 ; test byte [eax + 0x496ba6], 0x80 je short loc_0041caf4 ; je 0x41caf4 xor dh, dh mov byte [eax + (_players+62)], dh ; mov byte [eax + 0x496ba6], dh loc_0041caf4: imul eax, ebx, 0x68 cmp dword [eax + (_players+50)], 0 ; cmp dword [eax + 0x496b9a], 0 jne near loc_0041cb6d ; jne 0x41cb6d mov cl, byte [eax + (_players+54)] ; mov cl, byte [eax + 0x496b9e] test cl, cl je short loc_0041cb25 ; je 0x41cb25 mov ch, cl dec ch mov byte [eax + (_players+54)], ch ; mov byte [eax + 0x496b9e], ch jne short loc_0041cb25 ; jne 0x41cb25 mov dh, ch or dh, 0x80 mov byte [eax + (_players+54)], dh ; mov byte [eax + 0x496b9e], dh loc_0041cb25: imul eax, ebx, 0x68 mov cl, byte [eax + (_players+55)] ; mov cl, byte [eax + 0x496b9f] test cl, cl je short loc_0041cb49 ; je 0x41cb49 mov ch, cl dec ch mov byte [eax + (_players+55)], ch ; mov byte [eax + 0x496b9f], ch jne short loc_0041cb49 ; jne 0x41cb49 mov dh, ch or dh, 0x80 mov byte [eax + (_players+55)], dh ; mov byte [eax + 0x496b9f], dh loc_0041cb49: imul eax, ebx, 0x68 mov cl, byte [eax + (_players+57)] ; mov cl, byte [eax + 0x496ba1] test cl, cl je short loc_0041cb6d ; je 0x41cb6d mov ch, cl dec ch mov byte [eax + (_players+57)], ch ; mov byte [eax + 0x496ba1], ch jne short loc_0041cb6d ; jne 0x41cb6d mov dh, ch or dh, 0x80 mov byte [eax + (_players+57)], dh ; mov byte [eax + 0x496ba1], dh loc_0041cb6d: imul eax, ebx, 0x68 mov cl, byte [eax + (_players+56)] ; mov cl, byte [eax + 0x496ba0] test cl, cl je short loc_0041cb91 ; je 0x41cb91 mov ch, cl dec ch mov byte [eax + (_players+56)], ch ; mov byte [eax + 0x496ba0], ch jne short loc_0041cb91 ; jne 0x41cb91 mov dh, ch or dh, 0x80 mov byte [eax + (_players+56)], dh ; mov byte [eax + 0x496ba0], dh loc_0041cb91: imul eax, ebx, 0x68 mov cl, byte [eax + (_players+59)] ; mov cl, byte [eax + 0x496ba3] test cl, cl je short loc_0041cbb5 ; je 0x41cbb5 mov ch, cl dec ch mov byte [eax + (_players+59)], ch ; mov byte [eax + 0x496ba3], ch jne short loc_0041cbb5 ; jne 0x41cbb5 mov dh, ch or dh, 0x80 mov byte [eax + (_players+59)], dh ; mov byte [eax + 0x496ba3], dh loc_0041cbb5: imul eax, ebx, 0x68 mov cl, byte [eax + (_players+60)] ; mov cl, byte [eax + 0x496ba4] test cl, cl je short loc_0041cbd9 ; je 0x41cbd9 mov ch, cl dec ch mov byte [eax + (_players+60)], ch ; mov byte [eax + 0x496ba4], ch jne short loc_0041cbd9 ; jne 0x41cbd9 mov dh, ch or dh, 0x80 mov byte [eax + (_players+60)], dh ; mov byte [eax + 0x496ba4], dh loc_0041cbd9: imul esi, ebx, 0x68 cmp byte [esi + (_players+61)], 0 ; cmp byte [esi + 0x496ba5], 0 je short loc_0041cc48 ; je 0x41cc48 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 add eax, edx shl eax, 2 neg eax push eax xor eax, eax mov al, byte [esi + (_players+65)] ; mov al, byte [esi + 0x496ba9] dec eax push eax push ebx call fcn_0040df69 ; call 0x40df69 add esp, 0xc mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 add eax, edx shl eax, 2 neg eax push eax push ebx xor eax, eax mov al, byte [esi + (_players+65)] ; mov al, byte [esi + 0x496ba9] dec eax push eax call fcn_0040df69 ; call 0x40df69 add esp, 0xc mov ch, byte [esi + (_players+61)] ; mov ch, byte [esi + 0x496ba5] dec ch mov byte [esi + (_players+61)], ch ; mov byte [esi + 0x496ba5], ch jne short loc_0041cc48 ; jne 0x41cc48 mov byte [esi + (_players+61)], 0x80 ; mov byte [esi + 0x496ba5], 0x80 loc_0041cc48: imul eax, ebx, 0x68 mov dl, byte [eax + (_players+62)] ; mov dl, byte [eax + 0x496ba6] test dl, dl je short loc_0041cc6c ; je 0x41cc6c mov dh, dl dec dh mov byte [eax + (_players+62)], dh ; mov byte [eax + 0x496ba6], dh jne short loc_0041cc6c ; jne 0x41cc6c mov ch, dh or ch, 0x80 mov byte [eax + (_players+62)], ch ; mov byte [eax + 0x496ba6], ch loc_0041cc6c: imul eax, ebx, 0x68 cmp byte [eax + (_players+63)], 0 ; cmp byte [eax + 0x496ba7], 0 je short loc_0041cca3 ; je 0x41cca3 xor edx, edx mov dl, byte [eax + (_players+63)] ; mov dl, byte [eax + 0x496ba7] dec edx mov eax, edx shl eax, 2 sub eax, edx mov dh, byte [eax*8 + ref_00496d0c] ; mov dh, byte [eax*8 + 0x496d0c] dec dh mov byte [eax*8 + ref_00496d0c], dh ; mov byte [eax*8 + 0x496d0c], dh jne short loc_0041cca3 ; jne 0x41cca3 push ebx call fcn_0040e32c ; call 0x40e32c add esp, 4 loc_0041cca3: imul eax, ebx, 0x68 mov dl, byte [eax + (_players+17)] ; mov dl, byte [eax + 0x496b79] and dl, 3 cmp dl, 3 jne near loc_0041cd8c ; jne 0x41cd8c mov ch, byte [eax + (_players+17)] ; mov ch, byte [eax + 0x496b79] sub ch, 4 mov byte [eax + (_players+17)], ch ; mov byte [eax + 0x496b79], ch test ch, 0xfc jne near loc_0041cd8c ; jne 0x41cd8c mov al, byte [eax + (_players+100)] ; mov al, byte [eax + 0x496bcc] and al, dl movzx esi, al cmp esi, 1 jne short loc_0041ccf7 ; jne 0x41ccf7 mov eax, ebx shl eax, 2 add eax, ebx mov edx, eax shl eax, 2 sub eax, edx cmp byte [eax + ref_00499160], 0 ; cmp byte [eax + 0x499160], 0 jne short loc_0041cd17 ; jne 0x41cd17 loc_0041ccf7: cmp esi, 2 jne near loc_0041cd71 ; jne 0x41cd71 mov eax, ebx shl eax, 2 add eax, ebx mov edx, eax shl eax, 2 sub eax, edx cmp byte [eax + ref_00499161], 0 ; cmp byte [eax + 0x499161], 0 je short loc_0041cd71 ; je 0x41cd71 loc_0041cd17: imul eax, ebx, 0x68 mov dl, byte [eax + (_players+100)] ; mov dl, byte [eax + 0x496bcc] mov byte [eax + (_players+17)], dl ; mov byte [eax + 0x496b79], dl mov dl, byte [eax + (_players+101)] ; mov dl, byte [eax + 0x496bcd] mov byte [eax + (_players+18)], dl ; mov byte [eax + 0x496b7a], dl cmp byte [eax + (_players+17)], 1 ; cmp byte [eax + 0x496b79], 1 jne short loc_0041cd4f ; jne 0x41cd4f mov eax, ebx shl eax, 2 add eax, ebx mov edx, eax shl eax, 2 sub eax, edx dec byte [eax + ref_00499160] ; dec byte [eax + 0x499160] loc_0041cd4f: imul eax, ebx, 0x68 cmp byte [eax + (_players+17)], 2 ; cmp byte [eax + 0x496b79], 2 jne short loc_0041cd83 ; jne 0x41cd83 mov eax, ebx shl eax, 2 add eax, ebx mov edx, eax shl eax, 2 sub eax, edx dec byte [eax + ref_00499161] ; dec byte [eax + 0x499161] jmp short loc_0041cd83 ; jmp 0x41cd83 loc_0041cd71: imul eax, ebx, 0x68 xor ch, ch mov byte [eax + (_players+17)], ch ; mov byte [eax + 0x496b79], ch mov byte [eax + (_players+18)], 1 ; mov byte [eax + 0x496b7a], 1 loc_0041cd83: push ebx call fcn_0040b93b ; call 0x40b93b add esp, 4 loc_0041cd8c: mov esi, 1 mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] loc_0041cd97: add ebx, 0x38 cmp esi, dword [ref_00498e8c] ; cmp esi, dword [0x498e8c] jg near loc_0041cf5d ; jg 0x41cf5d cmp byte [ebx + 0x18], 4 jne near loc_0041ce33 ; jne 0x41ce33 mov cl, byte [ebx + 0x1e] test cl, cl je near loc_0041ce33 ; je 0x41ce33 xor edx, edx mov dl, byte [ebx + 0x19] mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edx, eax jne short loc_0041ce33 ; jne 0x41ce33 mov al, byte [ebx + 0x1d] cmp al, byte [ebx + 0x1a] ja short loc_0041ce2f ; ja 0x41ce2f mov al, cl dec al mov byte [ebx + 0x1e], al jne short loc_0041ce33 ; jne 0x41ce33 push 1 call fcn_0041906a ; call 0x41906a add esp, 4 xor eax, eax mov al, byte [ebx + 0x1d] mov ebp, dword [eax*8 + ref_0047ff1a] ; mov ebp, dword [eax*8 + 0x47ff1a] push ebp push ref_00463b68 ; push 0x463b68 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 xor eax, eax mov al, byte [ebx + 0x1d] add eax, 8 push eax mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_00445a4d ; call 0x445a4d add esp, 8 jmp short loc_0041ce33 ; jmp 0x41ce33 loc_0041ce2f: mov byte [ebx + 0x1e], 0 loc_0041ce33: inc esi jmp near loc_0041cd97 ; jmp 0x41cd97 loc_0041ce39: cmp ebx, 8 jge near loc_0041cf5d ; jge 0x41cf5d sub ebx, 4 mov eax, ebx shl eax, 4 test byte [eax + ref_00498e34], 0x80 ; test byte [eax + 0x498e34], 0x80 je short loc_0041ce86 ; je 0x41ce86 xor dh, dh mov byte [eax + ref_00498e34], dh ; mov byte [eax + 0x498e34], dh lea esi, [ebx + 4] imul eax, esi, 0x34 and byte [eax + ref_00498ea0], 0xbf ; and byte [eax + 0x498ea0], 0xbf mov al, byte [eax + ref_00498ea1] ; mov al, byte [eax + 0x498ea1] and eax, 0xff push eax push esi call fcn_0040b8d8 ; call 0x40b8d8 add esp, 8 push esi call fcn_0040b93b ; call 0x40b93b add esp, 4 loc_0041ce86: mov eax, ebx shl eax, 4 test byte [eax + ref_00498e35], 0x80 ; test byte [eax + 0x498e35], 0x80 je short loc_0041ce9c ; je 0x41ce9c xor dl, dl mov byte [eax + ref_00498e35], dl ; mov byte [eax + 0x498e35], dl loc_0041ce9c: mov eax, ebx shl eax, 4 test byte [eax + ref_00498e36], 0x80 ; test byte [eax + 0x498e36], 0x80 je short loc_0041ceb2 ; je 0x41ceb2 xor cl, cl mov byte [eax + ref_00498e36], cl ; mov byte [eax + 0x498e36], cl loc_0041ceb2: mov eax, ebx shl eax, 4 test byte [eax + ref_00498e37], 0x80 ; test byte [eax + 0x498e37], 0x80 je short loc_0041cec8 ; je 0x41cec8 xor dl, dl mov byte [eax + ref_00498e37], dl ; mov byte [eax + 0x498e37], dl loc_0041cec8: mov eax, ebx shl eax, 4 mov dh, byte [eax + ref_00498e34] ; mov dh, byte [eax + 0x498e34] test dh, dh je short loc_0041ceee ; je 0x41ceee mov cl, dh dec cl mov byte [eax + ref_00498e34], cl ; mov byte [eax + 0x498e34], cl jne short loc_0041ceee ; jne 0x41ceee mov dl, cl or dl, 0x80 mov byte [eax + ref_00498e34], dl ; mov byte [eax + 0x498e34], dl loc_0041ceee: mov eax, ebx shl eax, 4 mov dh, byte [eax + ref_00498e35] ; mov dh, byte [eax + 0x498e35] test dh, dh je short loc_0041cf14 ; je 0x41cf14 mov cl, dh dec cl mov byte [eax + ref_00498e35], cl ; mov byte [eax + 0x498e35], cl jne short loc_0041cf14 ; jne 0x41cf14 mov dl, cl or dl, 0x80 mov byte [eax + ref_00498e35], dl ; mov byte [eax + 0x498e35], dl loc_0041cf14: mov eax, ebx shl eax, 4 mov dh, byte [eax + ref_00498e36] ; mov dh, byte [eax + 0x498e36] test dh, dh je short loc_0041cf3a ; je 0x41cf3a mov cl, dh dec cl mov byte [eax + ref_00498e36], cl ; mov byte [eax + 0x498e36], cl jne short loc_0041cf3a ; jne 0x41cf3a mov dl, cl or dl, 0x80 mov byte [eax + ref_00498e36], dl ; mov byte [eax + 0x498e36], dl loc_0041cf3a: shl ebx, 4 mov dh, byte [ebx + ref_00498e37] ; mov dh, byte [ebx + 0x498e37] test dh, dh je short loc_0041cf5d ; je 0x41cf5d mov cl, dh dec cl mov byte [ebx + ref_00498e37], cl ; mov byte [ebx + 0x498e37], cl jne short loc_0041cf5d ; jne 0x41cf5d mov al, cl or al, 0x80 mov byte [ebx + ref_00498e37], al ; mov byte [ebx + 0x498e37], al loc_0041cf5d: add esp, 0x80 pop ebp pop esi pop ebx ret fcn_0041cf67: push ebx push esi push edi xor esi, esi mov ah, byte [ref_0046cb06] ; mov ah, byte [0x46cb06] test ah, 0xf je short loc_0041cf9c ; je 0x41cf9c mov dl, ah dec dl mov byte [ref_0046cb06], dl ; mov byte [0x46cb06], dl test dl, 0xf jne short loc_0041cf9c ; jne 0x41cf9c xor bl, bl mov byte [ref_0046cb06], bl ; mov byte [0x46cb06], bl call fcn_00454acb ; call 0x454acb push esi call fcn_00454d91 ; call 0x454d91 add esp, 4 loc_0041cf9c: push ref_00497160 ; push 0x497160 call fcn_00452117 ; call 0x452117 add esp, 4 mov edi, eax inc dword [ref_004990e4] ; inc dword [0x4990e4] call fcn_0041d89e ; call 0x41d89e cmp eax, 1 je near loc_0041d1a5 ; je 0x41d1a5 call fcn_00423acf ; call 0x423acf call fcn_00428475 ; call 0x428475 test byte [ref_004990dc], 0x80 ; test byte [0x4990dc], 0x80 je short loc_0041cfdb ; je 0x41cfdb xor eax, eax mov dword [ref_004990dc], eax ; mov dword [0x4990dc], eax jmp short loc_0041cff9 ; jmp 0x41cff9 loc_0041cfdb: mov ecx, dword [ref_004990dc] ; mov ecx, dword [0x4990dc] test ecx, ecx je short loc_0041cff9 ; je 0x41cff9 lea ebx, [ecx - 1] mov dword [ref_004990dc], ebx ; mov dword [0x4990dc], ebx test ebx, ebx jne short loc_0041cff9 ; jne 0x41cff9 or byte [ref_004990dc], 0x80 ; or byte [0x4990dc], 0x80 loc_0041cff9: xor ebx, ebx jmp short loc_0041d003 ; jmp 0x41d003 loc_0041cffd: inc ebx cmp ebx, 0xc jge short loc_0041d066 ; jge 0x41d066 loc_0041d003: mov eax, ebx shl eax, 3 add eax, ebx shl eax, 2 mov ch, byte [eax + (_stocks_on_map+6)] ; mov ch, byte [eax + 0x496986] test ch, ch je short loc_0041d021 ; je 0x41d021 mov dl, ch dec dl mov byte [eax + (_stocks_on_map+6)], dl ; mov byte [eax + 0x496986], dl loc_0041d021: mov eax, ebx shl eax, 3 add eax, ebx shl eax, 2 mov dh, byte [eax + (_stocks_on_map+7)] ; mov dh, byte [eax + 0x496987] test dh, dh je short loc_0041cffd ; je 0x41cffd test dh, 0xf0 je short loc_0041d045 ; je 0x41d045 mov ch, dh sub ch, 0x10 mov byte [eax + (_stocks_on_map+7)], ch ; mov byte [eax + 0x496987], ch loc_0041d045: mov eax, ebx shl eax, 3 add eax, ebx shl eax, 2 mov dl, byte [eax + (_stocks_on_map+7)] ; mov dl, byte [eax + 0x496987] test dl, 0xf je short loc_0041cffd ; je 0x41cffd mov dh, dl dec dh mov byte [eax + (_stocks_on_map+7)], dh ; mov byte [eax + 0x496987], dh jmp short loc_0041cffd ; jmp 0x41cffd loc_0041d066: call dword [cs:__imp__GetTickCount@0] ; ucall: call dword cs:[0x4623cc] push eax call clib_srand ; call 0x456f50 add esp, 4 call fcn_004291d6 ; call 0x4291d6 call fcn_00452444 ; call 0x452444 mov eax, dword [ref_00497160] ; mov eax, dword [0x497160] and eax, 0xff cmp eax, 0xf jne short loc_0041d099 ; jne 0x41d099 call fcn_0042ba97 ; call 0x42ba97 call fcn_00431712 ; call 0x431712 loc_0041d099: cmp edi, 1 jne short loc_0041d0ff ; jne 0x41d0ff call fcn_00439bfa ; call 0x439bfa xor ebx, ebx mov bx, word [ref_00496e2a] ; mov bx, word [0x496e2a] push 0xd call fcn_0040e14d ; call 0x40e14d add esp, 4 push 0 push 0 push ebx call fcn_0040aa6c ; call 0x40aa6c add esp, 4 push eax push 0xd call fcn_0040e033 ; call 0x40e033 add esp, 0x10 xor ebx, ebx mov bx, word [ref_00496e42] ; mov bx, word [0x496e42] push 0xe call fcn_0040e14d ; call 0x40e14d add esp, 4 push 0 push 0 push ebx call fcn_0040aa6c ; call 0x40aa6c add esp, 4 push eax push 0xe call fcn_0040e033 ; call 0x40e033 add esp, 0x10 add dword [ref_00499084], edi ; add dword [0x499084], edi loc_0041d0ff: mov ebx, 1 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] loc_0041d109: add eax, 0x34 cmp ebx, dword [ref_00498e98] ; cmp ebx, dword [0x498e98] jg short loc_0041d14b ; jg 0x41d14b mov cl, byte [eax + 0x17] test cl, 0xf0 je short loc_0041d12d ; je 0x41d12d mov ch, cl sub ch, 0x10 mov byte [eax + 0x17], ch test ch, 0xf0 jne short loc_0041d12d ; jne 0x41d12d mov byte [eax + 0x17], 0 loc_0041d12d: mov edx, dword [eax + 0x30] cmp edx, dword [ref_00497160] ; cmp edx, dword [0x497160] jne short loc_0041d148 ; jne 0x41d148 mov byte [eax + 0x19], 0 mov dword [eax + 0x30], 0 mov esi, 1 loc_0041d148: inc ebx jmp short loc_0041d109 ; jmp 0x41d109 loc_0041d14b: mov ebx, 1 mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] loc_0041d155: add eax, 0x38 cmp ebx, dword [ref_00498e8c] ; cmp ebx, dword [0x498e8c] jg short loc_0041d197 ; jg 0x41d197 mov dh, byte [eax + 0x1c] test dh, 0xf0 je short loc_0041d179 ; je 0x41d179 mov cl, dh sub cl, 0x10 mov byte [eax + 0x1c], cl test cl, 0xf0 jne short loc_0041d179 ; jne 0x41d179 mov byte [eax + 0x1c], 0 loc_0041d179: mov edx, dword [eax + 0x34] cmp edx, dword [ref_00497160] ; cmp edx, dword [0x497160] jne short loc_0041d194 ; jne 0x41d194 mov byte [eax + 0x19], 0 mov dword [eax + 0x34], 0 mov esi, 1 loc_0041d194: inc ebx jmp short loc_0041d155 ; jmp 0x41d155 loc_0041d197: test esi, esi je short loc_0041d1a5 ; je 0x41d1a5 push 0 call fcn_0040a4e1 ; call 0x40a4e1 add esp, 4 loc_0041d1a5: pop edi pop esi pop ebx ret fcn_0041d1a9: push ebx push esi push edi push ebp sub esp, 0x80 mov ebp, dword [esp + 0x94] mov ebx, dword [esp + 0x98] xor edi, edi imul esi, ebp, 0x68 cmp byte [esi + (_players+55)], 0 ; cmp byte [esi + 0x496b9f], 0 jne near loc_0041d2bb ; jne 0x41d2bb cmp byte [esi + (_players+21)], 0 ; cmp byte [esi + 0x496b7d], 0 je near loc_0041d2bb ; je 0x41d2bb cmp dword [ebx + 0x30], 0 je near loc_0041d2bb ; je 0x41d2bb mov ecx, 0x2710 mov eax, dword [ebx + 0x24] mov edx, eax sar edx, 0x1f idiv ecx mov ecx, eax mov eax, dword [esi + (_players+28)] ; mov eax, dword [esi + 0x496b84] mov edx, eax sar edx, 0x1f idiv ecx mov esi, eax cmp eax, 0x3e8 jle short loc_0041d216 ; jle 0x41d216 mov esi, 0x3e8 loc_0041d216: mov eax, dword [ebx + 0x30] cmp esi, eax jle short loc_0041d21f ; jle 0x41d21f mov esi, eax loc_0041d21f: test esi, esi je near loc_0041d2bb ; je 0x41d2bb imul eax, ebp, 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_0041d267 ; jne 0x41d267 push ecx lea eax, [ebx + 4] push eax push ref_00463b75 ; push 0x463b75 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 mov eax, esp push eax call fcn_00440ba8 ; call 0x440ba8 add esp, 4 cmp eax, 1 jne short loc_0041d273 ; jne 0x41d273 push esi call fcn_00453544 ; call 0x453544 add esp, 4 mov edi, eax jmp short loc_0041d273 ; jmp 0x41d273 loc_0041d267: push esi push ecx call fcn_0041d839 ; call 0x41d839 mov edi, eax add esp, 8 loc_0041d273: test edi, edi je short loc_0041d2bb ; je 0x41d2bb push 0 push edi xor eax, eax mov al, byte [ebx + 0x19] push eax push ebp call fcn_00428d2a ; call 0x428d2a add esp, 0x10 cmp eax, 1 jne short loc_0041d2b2 ; jne 0x41d2b2 cmp byte [ebx + 0x1a], 0xc jne short loc_0041d2a0 ; jne 0x41d2a0 push 0x5dc push ref_00463b94 ; push 0x463b94 jmp short loc_0041d2aa ; jmp 0x41d2aa loc_0041d2a0: push 0x5dc push ref_00463ba5 ; push 0x463ba5 loc_0041d2aa: call fcn_00440cac ; call 0x440cac add esp, 8 loc_0041d2b2: push ebp call fcn_0041d433 ; call 0x41d433 add esp, 4 loc_0041d2bb: add esp, 0x80 pop ebp pop edi pop esi pop ebx ret fcn_0041d2c6: push ebx push esi push edi push ebp mov esi, dword [esp + 0x14] mov edi, dword [esp + 0x18] mov ebx, dword [esp + 0x1c] cmp esi, 0x64 jle short loc_0041d2f3 ; jle 0x41d2f3 lea edx, [esi - 0x64] imul edx, edx, 0x34 mov eax, dword [ref_00498e7c] ; mov eax, dword [0x498e7c] sub dword [edx + eax + 0x28], ebx sub dword [edx + eax + 0x2c], ebx jmp near loc_0041d387 ; jmp 0x41d387 loc_0041d2f3: imul eax, esi, 0x68 test byte [esp + 0x20], 4 je short loc_0041d33d ; je 0x41d33d mov ecx, dword [eax + (_players+32)] ; mov ecx, dword [eax + 0x496b88] sub ecx, ebx mov dword [eax + (_players+32)], ecx ; mov dword [eax + 0x496b88], ecx test ecx, ecx jge near loc_0041d37e ; jge 0x41d37e mov edx, ecx add dword [eax + (_players+28)], edx ; add dword [eax + 0x496b84], edx xor ebp, ebp mov dword [eax + (_players+32)], ebp ; mov dword [eax + 0x496b88], ebp mov edx, dword [eax + (_players+28)] ; mov edx, dword [eax + 0x496b84] test edx, edx jge short loc_0041d37e ; jge 0x41d37e add ebx, edx mov dword [eax + (_players+28)], ebp ; mov dword [eax + 0x496b84], ebp test ebx, ebx jge short loc_0041d375 ; jge 0x41d375 xor ebx, ebx jmp short loc_0041d375 ; jmp 0x41d375 loc_0041d33d: mov edx, dword [eax + (_players+28)] ; mov edx, dword [eax + 0x496b84] sub edx, ebx mov dword [eax + (_players+28)], edx ; mov dword [eax + 0x496b84], edx test edx, edx jge short loc_0041d37e ; jge 0x41d37e add dword [eax + (_players+32)], edx ; add dword [eax + 0x496b88], edx xor edx, edx mov dword [eax + (_players+28)], edx ; mov dword [eax + 0x496b84], edx mov ecx, dword [eax + (_players+32)] ; mov ecx, dword [eax + 0x496b88] test ecx, ecx jge short loc_0041d37e ; jge 0x41d37e add ebx, ecx mov dword [eax + (_players+32)], edx ; mov dword [eax + 0x496b88], edx test ebx, ebx jge short loc_0041d375 ; jge 0x41d375 xor ebx, ebx loc_0041d375: push esi call fcn_0040cd87 ; call 0x40cd87 add esp, 4 loc_0041d37e: imul eax, esi, 0x68 add dword [eax + (_players+92)], ebx ; add dword [eax + 0x496bc4], ebx loc_0041d387: cmp edi, 0xffffffff jne short loc_0041d394 ; jne 0x41d394 add dword [ref_00499080], ebx ; add dword [0x499080], ebx jmp short loc_0041d3d0 ; jmp 0x41d3d0 loc_0041d394: cmp edi, 0x64 jle short loc_0041d3af ; jle 0x41d3af sub edi, 0x64 imul eax, edi, 0x34 mov edx, dword [ref_00498e7c] ; mov edx, dword [0x498e7c] add dword [edx + eax + 0x28], ebx add dword [edx + eax + 0x2c], ebx jmp short loc_0041d3d0 ; jmp 0x41d3d0 loc_0041d3af: imul eax, edi, 0x68 test byte [esp + 0x20], 1 je short loc_0041d3c1 ; je 0x41d3c1 add dword [eax + (_players+28)], ebx ; add dword [eax + 0x496b84], ebx jmp short loc_0041d3c7 ; jmp 0x41d3c7 loc_0041d3c1: add dword [eax + (_players+32)], ebx ; add dword [eax + 0x496b88], ebx loc_0041d3c7: imul eax, edi, 0x68 add dword [eax + (_players+96)], ebx ; add dword [eax + 0x496bc8], ebx loc_0041d3d0: mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] cmp esi, ebp jne short loc_0041d3ef ; jne 0x41d3ef imul eax, ebp, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_0041d3ef ; je 0x41d3ef push ebp call fcn_0041d433 ; call 0x41d433 add esp, 4 loc_0041d3ef: pop ebp pop edi pop esi pop ebx ret fcn_0041d3f4: push ebp mov edx, dword [esp + 8] mov ecx, dword [esp + 0xc] imul eax, edx, 0x68 test byte [esp + 0x10], 1 je short loc_0041d40f ; je 0x41d40f add dword [eax + (_players+28)], ecx ; add dword [eax + 0x496b84], ecx jmp short loc_0041d415 ; jmp 0x41d415 loc_0041d40f: add dword [eax + (_players+32)], ecx ; add dword [eax + 0x496b88], ecx loc_0041d415: imul eax, edx, 0x68 add dword [eax + (_players+96)], ecx ; add dword [eax + 0x496bc8], ecx mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] cmp edx, ebp jne short loc_0041d431 ; jne 0x41d431 push ebp call fcn_0041d433 ; call 0x41d433 add esp, 4 loc_0041d431: pop ebp ret fcn_0041d433: push ebx mov edx, dword [esp + 8] cmp edx, 7 jg short loc_0041d474 ; jg 0x41d474 cmp dword [_callbackSize], 1 ; cmp dword [0x46cad8], 1 jg short loc_0041d474 ; jg 0x41d474 mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] mov dword [_current_player], edx ; mov dword [0x49910c], edx cmp byte [ref_0049715d], 2 ; cmp byte [0x49715d], 2 je short loc_0041d464 ; je 0x41d464 push 1 call fcn_00415f69 ; call 0x415f69 jmp short loc_0041d46b ; jmp 0x41d46b loc_0041d464: push 1 call fcn_004166f8 ; call 0x4166f8 loc_0041d46b: add esp, 4 mov dword [_current_player], ebx ; mov dword [0x49910c], ebx loc_0041d474: pop ebx ret fcn_0041d476: push ebp test byte [esp + 0x10], 1 je short loc_0041d496 ; je 0x41d496 push 0 push 0xffffffffffffffff call fcn_0040829d ; call 0x40829d add esp, 8 or byte [ref_00475110], 2 ; or byte [0x475110], 2 jmp near loc_0041d516 ; jmp 0x41d516 loc_0041d496: mov edx, dword [_current_player] ; mov edx, dword [0x49910c] cmp edx, 4 jge short loc_0041d4b6 ; jge 0x41d4b6 imul eax, edx, 0x68 xor edx, edx mov dx, word [eax + (_players+8)] ; mov dx, word [eax + 0x496b70] mov ax, word [eax + (_players+10)] ; mov ax, word [eax + 0x496b72] jmp short loc_0041d4cb ; jmp 0x41d4cb loc_0041d4b6: mov eax, edx shl eax, 4 xor edx, edx mov dx, word [eax + ref_00498de8] ; mov dx, word [eax + 0x498de8] mov ax, word [eax + ref_00498dea] ; mov ax, word [eax + 0x498dea] loc_0041d4cb: and eax, 0xffff cmp edx, dword [esp + 8] jne short loc_0041d4e6 ; jne 0x41d4e6 cmp eax, dword [esp + 0xc] jne short loc_0041d4e6 ; jne 0x41d4e6 xor ebp, ebp mov dword [ref_0048be18], ebp ; mov dword [0x48be18], ebp jmp short loc_0041d502 ; jmp 0x41d502 loc_0041d4e6: mov dword [ref_0048be18], 1 ; mov dword [0x48be18], 1 mov eax, dword [esp + 8] mov dword [ref_0048be1c], eax ; mov dword [0x48be1c], eax mov eax, dword [esp + 0xc] mov dword [ref_0048be20], eax ; mov dword [0x48be20], eax loc_0041d502: push 0 call fcn_00416e6d ; call 0x416e6d add esp, 4 push 0 call fcn_00415e70 ; call 0x415e70 add esp, 4 loc_0041d516: test byte [esp + 0x10], 2 je short loc_0041d527 ; je 0x41d527 push 0 call fcn_00415d31 ; call 0x415d31 add esp, 4 loc_0041d527: test byte [esp + 0x10], 4 je short loc_0041d53f ; je 0x41d53f push 0 push 0 push 0xf mov eax, dword [_gWindowHandle] ; mov eax, dword [0x48a0d4] push eax call fcn_00417e26 ; call 0x417e26 loc_0041d53f: call fcn_004192f7 ; call 0x4192f7 pop ebp ret fcn_0041d546: xor edx, edx mov dword [ref_0048be18], edx ; mov dword [0x48be18], edx push 1 call fcn_0041906a ; call 0x41906a add esp, 4 ret fcn_0041d559: push ebx push esi push ebp sub esp, 0x94 mov esi, dword [esp + 0xac] mov ebx, 1 imul eax, dword [esp + 0xa4], 0x68 mov ecx, dword [eax + (_players+0)] ; mov ecx, dword [eax + 0x496b68] push ecx lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 mov ah, byte [esp + 0xa8] test ah, 0xf0 je short loc_0041d5b3 ; je 0x41d5b3 test ah, 0xf je short loc_0041d5b3 ; je 0x41d5b3 push esi push ref_00463bb8 ; push 0x463bb8 loc_0041d5a4: lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc jmp short loc_0041d5e9 ; jmp 0x41d5e9 loc_0041d5b3: imul eax, dword [esp + 0xa4], 0x68 xor ecx, ecx mov cl, byte [eax + (_players+65)] ; mov cl, byte [eax + 0x496ba9] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] inc edx cmp ecx, edx jne short loc_0041d5f0 ; jne 0x41d5f0 push esi lea eax, [esp + 0x84] push eax push ref_00463bcd ; push 0x463bcd loc_0041d5dc: lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 loc_0041d5e9: xor ebx, ebx jmp near loc_0041d6a4 ; jmp 0x41d6a4 loc_0041d5f0: cmp byte [eax + (_players+63)], 0xf ; cmp byte [eax + 0x496ba7], 0xf jne short loc_0041d601 ; jne 0x41d601 push esi push ref_00463be2 ; push 0x463be2 jmp short loc_0041d5a4 ; jmp 0x41d5a4 loc_0041d601: cmp byte [eax + (_players+50)], 0 ; cmp byte [eax + 0x496b9a], 0 je short loc_0041d61a ; je 0x41d61a push esi lea eax, [esp + 0x84] push eax push ref_00463bf5 ; push 0x463bf5 jmp short loc_0041d5dc ; jmp 0x41d5dc loc_0041d61a: cmp byte [eax + (_players+51)], 0 ; cmp byte [eax + 0x496b9b], 0 je short loc_0041d633 ; je 0x41d633 push esi lea eax, [esp + 0x84] push eax push ref_00463c08 ; push 0x463c08 jmp short loc_0041d5dc ; jmp 0x41d5dc loc_0041d633: cmp byte [eax + (_players+52)], 0 ; cmp byte [eax + 0x496b9c], 0 je short loc_0041d64c ; je 0x41d64c push esi lea eax, [esp + 0x84] push eax push ref_00463c1b ; push 0x463c1b jmp short loc_0041d5dc ; jmp 0x41d5dc loc_0041d64c: cmp byte [eax + (_players+53)], 0 ; cmp byte [eax + 0x496b9d], 0 je short loc_0041d668 ; je 0x41d668 push esi lea eax, [esp + 0x84] push eax push ref_00463c2e ; push 0x463c2e jmp near loc_0041d5dc ; jmp 0x41d5dc loc_0041d668: cmp byte [eax + (_players+54)], 0 ; cmp byte [eax + 0x496b9e], 0 je short loc_0041d684 ; je 0x41d684 push esi lea eax, [esp + 0x84] push eax push ref_00463c41 ; push 0x463c41 jmp near loc_0041d5dc ; jmp 0x41d5dc loc_0041d684: cmp byte [eax + (_players+55)], 0 ; cmp byte [eax + 0x496b9f], 0 je short loc_0041d6a0 ; je 0x41d6a0 push esi lea eax, [esp + 0x84] push eax push ref_00463c54 ; push 0x463c54 jmp near loc_0041d5dc ; jmp 0x41d5dc loc_0041d6a0: test ebx, ebx jne short loc_0041d6e5 ; jne 0x41d6e5 loc_0041d6a4: push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] imul eax, ebp, 0x68 movzx esi, byte [eax + (_players+19)] ; movzx esi, byte [eax + 0x496b7b] mov eax, esi shl eax, 2 sub eax, esi shl eax, 2 mov esi, eax mov edx, dword [esi + eax*8 + ref_0048087e] ; mov edx, dword [esi + eax*8 + 0x48087e] push edx push 3 push ebp call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_0041d6e5: mov eax, ebx add esp, 0x94 pop ebp pop esi pop ebx ret ref_0041d6f1: ; may contain a jump table dd loc_0041d741 dd loc_0041d758 dd loc_0041d79e dd loc_0041d79e dd loc_0041d76f dd loc_0041d788 fcn_0041d709: push ebx push esi sub esp, 0x80 mov edx, dword [esp + 0x90] mov esi, dword [esp + 0x94] mov ebx, esi imul eax, dword [esp + 0x8c], 0x68 mov al, byte [eax + (_players+63)] ; mov al, byte [eax + 0x496ba7] dec al cmp al, 5 ja short loc_0041d79e ; ja 0x41d79e and eax, 0xff jmp dword [eax*4 + ref_0041d6f1] ; ujmp: jmp dword [eax*4 + 0x41d6f1] loc_0041d741: push edx push ref_00463c67 ; push 0x463c67 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc sar ebx, 1 jmp short loc_0041d79e ; jmp 0x41d79e loc_0041d758: push edx push ref_00463c80 ; push 0x463c80 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc xor ebx, esi jmp short loc_0041d79e ; jmp 0x41d79e loc_0041d76f: push edx push ref_00463c95 ; push 0x463c95 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc sar ebx, 1 add ebx, esi jmp short loc_0041d79e ; jmp 0x41d79e loc_0041d788: push edx push ref_00463cae ; push 0x463cae lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc lea ebx, [esi + esi] loc_0041d79e: cmp ebx, esi je short loc_0041d7c9 ; je 0x41d7c9 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 test ebx, ebx jne short loc_0041d7c9 ; jne 0x41d7c9 push esi mov esi, dword [esp + 0x90] push esi call fcn_0044f567 ; call 0x44f567 add esp, 8 loc_0041d7c9: mov eax, ebx add esp, 0x80 pop esi pop ebx ret fcn_0041d7d4: push esi sub esp, 4 xor ecx, ecx fild dword [ref_0049908c] ; fild dword [0x49908c] fmul qword [ref_00463cc8] ; fmul qword [0x463cc8] call fcn_00457dbc ; call 0x457dbc fistp dword [esp] cmp dword [esp], 0x1b58 jle short loc_0041d7fe ; jle 0x41d7fe mov dword [esp], 0x1b58 loc_0041d7fe: mov eax, dword [esp] mov esi, dword [ref_004990e8] ; mov esi, dword [0x4990e8] imul eax, esi mov dword [esp], eax imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov edx, dword [eax + (_players+28)] ; mov edx, dword [eax + 0x496b84] add edx, dword [eax + (_players+32)] ; add edx, dword [eax + 0x496b88] mov eax, dword [esp + 0xc] sub edx, eax mov eax, edx cmp eax, dword [esp] jle short loc_0041d832 ; jle 0x41d832 mov ecx, 1 loc_0041d832: mov eax, ecx add esp, 4 pop esi ret fcn_0041d839: push edi push ebp sub esp, 4 xor ecx, ecx fild dword [ref_0049908c] ; fild dword [0x49908c] fmul qword [ref_00463cd0] ; fmul qword [0x463cd0] call fcn_00457dbc ; call 0x457dbc fistp dword [esp] mov eax, dword [esp] mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] imul eax, edx mov dword [esp], eax imul edx, dword [_current_player], 0x68 ; imul edx, dword [0x49910c], 0x68 mov edx, dword [edx + (_players+28)] ; mov edx, dword [edx + 0x496b84] sub edx, eax test edx, edx jle short loc_0041d896 ; jle 0x41d896 mov eax, dword [esp + 0x10] mov edi, dword [esp + 0x14] imul eax, edi cmp edx, eax jle short loc_0041d889 ; jle 0x41d889 mov ecx, edi jmp short loc_0041d896 ; jmp 0x41d896 loc_0041d889: mov eax, edx sar edx, 0x1f mov ebp, dword [esp + 0x10] idiv ebp mov ecx, eax loc_0041d896: mov eax, ecx add esp, 4 pop ebp pop edi ret fcn_0041d89e: push ebx push esi push edi push ebp xor ebp, ebp cmp dword [ref_0049911c], 0 ; cmp dword [0x49911c], 0 jne short loc_0041d8bd ; jne 0x41d8bd cmp dword [ref_00499108], 0 ; cmp dword [0x499108], 0 jne short loc_0041d8bd ; jne 0x41d8bd xor eax, eax pop ebp pop edi pop esi pop ebx ret loc_0041d8bd: xor ebx, ebx xor edi, edi loc_0041d8c1: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_0041d8e9 ; jge 0x41d8e9 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_0041d8e6 ; je 0x41d8e6 push ebx call fcn_004239b9 ; call 0x4239b9 add esp, 4 cmp edi, eax jge short loc_0041d8e6 ; jge 0x41d8e6 mov edi, eax mov esi, ebx loc_0041d8e6: inc ebx jmp short loc_0041d8c1 ; jmp 0x41d8c1 loc_0041d8e9: test edi, edi je short loc_0041d8ff ; je 0x41d8ff mov edx, dword [ref_0049911c] ; mov edx, dword [0x49911c] test edx, edx je short loc_0041d8ff ; je 0x41d8ff cmp edx, dword [ref_004990e4] ; cmp edx, dword [0x4990e4] jle short loc_0041d915 ; jle 0x41d915 loc_0041d8ff: mov ebx, dword [ref_00499108] ; mov ebx, dword [0x499108] test ebx, ebx je near loc_0041da5a ; je 0x41da5a cmp edi, ebx jl near loc_0041da5a ; jl 0x41da5a loc_0041d915: mov dword [_current_player], esi ; mov dword [0x49910c], esi push 1 call fcn_0041906a ; call 0x41906a add esp, 4 imul eax, esi, 0x68 xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 mov ebx, eax mov edx, dword [ebx + eax*8 + ref_004808aa] ; mov edx, dword [ebx + eax*8 + 0x4808aa] push edx push 3 push esi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc xor ebx, ebx loc_0041d951: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_0041d96b ; jge 0x41d96b cmp ebx, esi je short loc_0041d968 ; je 0x41d968 imul eax, ebx, 0x68 xor ch, ch mov byte [eax + (_players+21)], ch ; mov byte [eax + 0x496b7d], ch loc_0041d968: inc ebx jmp short loc_0041d951 ; jmp 0x41d951 loc_0041d96b: imul eax, esi, 0x68 cmp dword [ref_00499104], 1 ; cmp dword [0x499104], 1 jne near loc_0041da3c ; jne 0x41da3c test byte [eax + (_players+21)], 1 ; test byte [eax + 0x496b7d], 1 je short loc_0041d9b9 ; je 0x41d9b9 xor ebx, ebx mov dl, 2 mov ebp, dword [_nplayers] ; mov ebp, dword [0x499114] loc_0041d98e: cmp ebx, ebp jge short loc_0041d9ad ; jge 0x41d9ad cmp ebx, esi je short loc_0041d9aa ; je 0x41d9aa imul eax, ebx, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff mov byte [eax + ref_004990f4], dl ; mov byte [eax + 0x4990f4], dl loc_0041d9aa: inc ebx jmp short loc_0041d98e ; jmp 0x41d98e loc_0041d9ad: mov byte [ref_0046caf8], 2 ; mov byte [0x46caf8], 2 jmp near loc_0041da55 ; jmp 0x41da55 loc_0041d9b9: xor esi, esi mov dword [_current_player], esi ; mov dword [0x49910c], esi xor ebx, ebx mov bx, word [(_players+12)] ; mov bx, word [0x496b74] mov eax, ebx shl eax, 2 add ebx, eax shl ebx, 3 mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] add eax, ebx mov bx, word [eax] mov word [(_players+8)], bx ; mov word [0x496b70], bx mov ax, word [eax + 2] mov word [(_players+10)], ax ; mov word [0x496b72], ax mov eax, (_players+0) ; mov eax, 0x496b68 add eax, 0x32 mov ebx, eax sub ebx, (_players+0) ; sub ebx, 0x496b68 mov esi, 0x68 sub esi, ebx push esi push 0 push eax call memset ; call 0x456f60 add esp, 0xc mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi call fcn_0040b93b ; call 0x40b93b add esp, 4 push 1 call fcn_0041906a ; call 0x41906a add esp, 4 push 1 call fcn_00407842 ; call 0x407842 add esp, 4 mov byte [ref_0046caf8], al ; mov byte [0x46caf8], al jmp short loc_0041da55 ; jmp 0x41da55 loc_0041da3c: test byte [eax + (_players+21)], 1 ; test byte [eax + 0x496b7d], 1 je short loc_0041da4e ; je 0x41da4e mov byte [ref_0046caf8], 3 ; mov byte [0x46caf8], 3 jmp short loc_0041da55 ; jmp 0x41da55 loc_0041da4e: mov byte [ref_0046caf8], 1 ; mov byte [0x46caf8], 1 loc_0041da55: mov ebp, 1 loc_0041da5a: mov eax, ebp pop ebp pop edi pop esi pop ebx ret fcn_0041da61: push ebx push esi push ebp sub esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax push 0x39 push 0x50 push 0x109 push 0xd0 push 0x147 push 0x136 mov eax, dword [ref_0048be50] ; mov eax, dword [0x48be50] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045643d ; call 0x45643d add esp, 0x20 xor ebx, ebx mov esi, 0x137 jmp short loc_0041dacf ; jmp 0x41dacf loc_0041dac0: add ebx, 0xa add esi, 8 cmp ebx, 0x64 jge near loc_0041db46 ; jge 0x41db46 loc_0041dacf: mov edx, dword [ref_0048be4c] ; mov edx, dword [0x48be4c] mov eax, edx shl eax, 2 sub eax, edx mov al, byte [eax*2 + ref_0048be38] ; mov al, byte [eax*2 + 0x48be38] and eax, 0xff cmp eax, ebx jle short loc_0041db08 ; jle 0x41db08 push 0xff0000 push 0x16 push 7 push 0x148 push esi push ref_0046caec ; push 0x46caec call fcn_004561be ; call 0x4561be add esp, 0x18 loc_0041db08: mov edx, dword [ref_0048be4c] ; mov edx, dword [0x48be4c] mov eax, edx shl eax, 2 sub eax, edx mov al, byte [eax*2 + ref_0048be39] ; mov al, byte [eax*2 + 0x48be39] and eax, 0xff cmp eax, ebx jle short loc_0041dac0 ; jle 0x41dac0 push 0xff0000 push 0x16 push 7 push 0x169 push esi push ref_0046caec ; push 0x46caec call fcn_004561be ; call 0x4561be add esp, 0x18 jmp near loc_0041dac0 ; jmp 0x41dac0 loc_0041db46: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov dword [esp], 0x136 mov dword [esp + 4], 0x147 mov dword [esp + 8], 0x186 mov dword [esp + 0xc], 0x180 push 0 lea eax, [esp + 4] push eax mov ebp, dword [_gWindowHandle] ; mov ebp, dword [0x48a0d4] push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] add esp, 0x10 pop ebp pop esi pop ebx ret fcn_0041db91: push ebx push esi push edi push ebp sub esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [ebx + 0x64] ; ucall push 0x3e push 0x66 mov eax, dword [ref_0048be50] ; mov eax, dword [0x48be50] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 xor ebx, ebx mov esi, 0x46 jmp short loc_0041dbe0 ; jmp 0x41dbe0 loc_0041dbd3: inc ebx add esi, 0x53 cmp ebx, 4 jge near loc_0041dc7b ; jge 0x41dc7b loc_0041dbe0: mov eax, ebx shl eax, 2 sub eax, ebx lea edi, [eax + eax] cmp byte [edi + ref_0048be34], 0 ; cmp byte [edi + 0x48be34], 0 je short loc_0041dbd3 ; je 0x41dbd3 cmp ebx, dword [ref_0048be4c] ; cmp ebx, dword [0x48be4c] jne short loc_0041dc43 ; jne 0x41dc43 push esi push 0x6e mov eax, dword [ref_0048be50] ; mov eax, dword [0x48be50] add eax, 0x18 push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 lea eax, [esi + 0x28] push eax push 0xb6 xor eax, eax mov al, byte [edi + ref_0048be34] ; mov al, byte [edi + 0x48be34] dec eax imul eax, eax, 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0xc push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 loc_0041dc43: mov eax, ebx shl eax, 2 sub eax, ebx test byte [eax*2 + ref_0048be35], 4 ; test byte [eax*2 + 0x48be35], 4 je near loc_0041dbd3 ; je 0x41dbd3 lea eax, [esi + 0x24] push eax push 0x79 mov eax, dword [ref_0048be50] ; mov eax, dword [0x48be50] add eax, 0x30 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 jmp near loc_0041dbd3 ; jmp 0x41dbd3 loc_0041dc7b: mov ebx, dword [ref_0048be4c] ; mov ebx, dword [0x48be4c] mov eax, ebx shl eax, 2 sub eax, ebx test byte [eax*2 + ref_0048be36], 1 ; test byte [eax*2 + 0x48be36], 1 je short loc_0041dcb1 ; je 0x41dcb1 push 0x6b push 0x120 mov eax, dword [ref_0048be50] ; mov eax, dword [0x48be50] add eax, 0x30 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 loc_0041dcb1: mov ebx, dword [ref_0048be4c] ; mov ebx, dword [0x48be4c] mov eax, ebx shl eax, 2 sub eax, ebx test byte [eax*2 + ref_0048be36], 2 ; test byte [eax*2 + 0x48be36], 2 je short loc_0041dcea ; je 0x41dcea push 0x8b push 0x120 mov eax, dword [ref_0048be50] ; mov eax, dword [0x48be50] add eax, 0x30 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_00456418 ; call 0x456418 add esp, 0x10 loc_0041dcea: mov ebx, dword [ref_0048be4c] ; mov ebx, dword [0x48be4c] mov eax, ebx shl eax, 2 sub eax, ebx mov al, byte [eax*2 + ref_0048be37] ; mov al, byte [eax*2 + 0x48be37] and eax, 0xff movsx eax, word [eax*2 + ref_004752b8] ; movsx eax, word [eax*2 + 0x4752b8] push eax push 0x120 mov eax, dword [ref_0048be50] ; mov eax, dword [0x48be50] add eax, 0x30 push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push eax call dword [ebx + 0x80] ; ucall call fcn_0041da61 ; call 0x41da61 mov dword [esp], 0x66 mov dword [esp + 4], 0x3e mov dword [esp + 8], 0x219 mov dword [esp + 0xc], 0x1a1 push 0 lea eax, [esp + 4] push eax mov ecx, dword [_gWindowHandle] ; mov ecx, dword [0x48a0d4] push ecx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] add esp, 0x10 pop ebp pop edi pop esi pop ebx ret endloc_0041dd7a: db 0x8d db 0x40 db 0x00 ref_0041dd7d: ; may contain a jump table dd loc_0041e0d7 dd loc_0041e0f1 dd loc_0041e10b dd loc_0041e126 dd loc_0041e140 dd loc_0041e15a dd loc_0041e191 dd loc_0041e1c7 dd loc_0041e1fe dd loc_0041e234 dd loc_0041e297 fcn_0041dda9: push ebx push esi push edi push ebp sub esp, 0x50 mov ebp, dword [esp + 0x64] mov eax, dword [esp + 0x68] mov edx, dword [esp + 0x70] cmp eax, 0x202 jb short loc_0041ddf2 ; jb 0x41ddf2 jbe near loc_0041e0b1 ; jbe 0x41e0b1 cmp eax, 0x205 jb short loc_0041dde2 ; jb 0x41dde2 jbe near loc_0041e2ba ; jbe 0x41e2ba cmp eax, 0x401 je short loc_0041de0e ; je 0x41de0e jmp near loc_0041e331 ; jmp 0x41e331 loc_0041dde2: cmp eax, 0x203 je near loc_0041de95 ; je 0x41de95 jmp near loc_0041e331 ; jmp 0x41e331 loc_0041ddf2: cmp eax, 0x200 jb short loc_0041de00 ; jb 0x41de00 jbe short loc_0041de2e ; jbe 0x41de2e jmp near loc_0041de95 ; jmp 0x41de95 loc_0041de00: cmp eax, 0xf je near loc_0041e2d3 ; je 0x41e2d3 jmp near loc_0041e331 ; jmp 0x41e331 loc_0041de0e: xor ah, ah mov byte [ref_0048be54], ah ; mov byte [0x48be54], ah call fcn_0041db91 ; call 0x41db91 push 1 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 0 jmp near loc_0041e003 ; jmp 0x41e003 loc_0041de2e: mov al, byte [ref_0048be54] ; mov al, byte [0x48be54] cmp al, 0xd je short loc_0041de3f ; je 0x41de3f cmp al, 0xe jne near loc_0041de89 ; jne 0x41de89 loc_0041de3f: xor esi, esi mov si, dx loc_0041de44: xor ecx, ecx mov cl, byte [ref_0048be54] ; mov cl, byte [0x48be54] movsx edx, word [ecx*8 + ref_004752ae] ; movsx edx, word [ecx*8 + 0x4752ae] sub esi, edx mov edx, esi mov eax, esi sar edx, 0x1f shl edx, 3 sbb eax, edx sar eax, 3 mov edx, eax shl eax, 2 add eax, edx add eax, eax mov bl, al mov edx, dword [ref_0048be4c] ; mov edx, dword [0x48be4c] mov eax, edx shl eax, 2 sub eax, edx mov byte [ecx + eax*2 + ref_0048be2b], bl ; mov byte [ecx + eax*2 + 0x48be2b], bl call fcn_0041da61 ; call 0x41da61 loc_0041de89: xor eax, eax loc_0041de8b: add esp, 0x50 pop ebp pop edi pop esi pop ebx ret 0x10 loc_0041de95: xor esi, esi mov si, dx mov eax, edx shr eax, 0x10 and eax, 0xffff xor edi, edi mov di, ax xor edx, edx mov ecx, 0x46 jmp short loc_0041debb ; jmp 0x41debb loc_0041deb2: inc edx add ecx, 0x53 cmp edx, 4 jge short loc_0041df03 ; jge 0x41df03 loc_0041debb: mov eax, edx shl eax, 2 sub eax, edx add eax, eax cmp byte [eax + ref_0048be34], 0 ; cmp byte [eax + 0x48be34], 0 je short loc_0041deb2 ; je 0x41deb2 cmp esi, 0x6e jle short loc_0041deb2 ; jle 0x41deb2 cmp esi, 0xe2 jge short loc_0041deb2 ; jge 0x41deb2 cmp edi, ecx jle short loc_0041deb2 ; jle 0x41deb2 lea ebx, [ecx + 0x53] cmp edi, ebx jge short loc_0041deb2 ; jge 0x41deb2 cmp edx, dword [ref_0048be4c] ; cmp edx, dword [0x48be4c] jne short loc_0041def4 ; jne 0x41def4 xor byte [eax + ref_0048be35], 4 ; xor byte [eax + 0x48be35], 4 loc_0041def4: mov dword [ref_0048be4c], edx ; mov dword [0x48be4c], edx mov byte [ref_0048be54], 1 ; mov byte [0x48be54], 1 jmp short loc_0041de89 ; jmp 0x41de89 loc_0041df03: xor edx, edx jmp short loc_0041df0d ; jmp 0x41df0d loc_0041df07: inc edx cmp edx, 0xd jge short loc_0041df49 ; jge 0x41df49 loc_0041df0d: mov eax, edx shl eax, 3 movsx ecx, word [eax + ref_004752be] ; movsx ecx, word [eax + 0x4752be] cmp esi, ecx jle short loc_0041df07 ; jle 0x41df07 movsx ecx, word [eax + ref_004752c2] ; movsx ecx, word [eax + 0x4752c2] cmp esi, ecx jge short loc_0041df07 ; jge 0x41df07 movsx ecx, word [eax + ref_004752c0] ; movsx ecx, word [eax + 0x4752c0] cmp edi, ecx jle short loc_0041df07 ; jle 0x41df07 movsx eax, word [eax + ref_004752c4] ; movsx eax, word [eax + 0x4752c4] cmp edi, eax jge short loc_0041df07 ; jge 0x41df07 mov al, dl add al, 2 mov byte [ref_0048be54], al ; mov byte [0x48be54], al jmp short loc_0041df07 ; jmp 0x41df07 loc_0041df49: mov ch, byte [ref_0048be54] ; mov ch, byte [0x48be54] cmp ch, 7 jb near loc_0041e010 ; jb 0x41e010 cmp ch, 0xa ja near loc_0041e010 ; ja 0x41e010 xor edx, edx mov dl, ch movsx eax, word [edx*8 + ref_004752ae] ; movsx eax, word [edx*8 + 0x4752ae] mov dword [esp + 0x40], eax movsx eax, word [edx*8 + ref_004752b0] ; movsx eax, word [edx*8 + 0x4752b0] mov dword [esp + 0x44], eax movsx eax, word [edx*8 + ref_004752b2] ; movsx eax, word [edx*8 + 0x4752b2] mov dword [esp + 0x48], eax movsx eax, word [edx*8 + ref_004752b4] ; movsx eax, word [edx*8 + 0x4752b4] mov dword [esp + 0x4c], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall xor eax, eax mov al, byte [ref_0048be54] ; mov al, byte [0x48be54] lea ecx, [eax - 7] and ecx, 1 add ecx, 4 mov eax, dword [esp + 0x44] inc eax push eax mov eax, dword [esp + 0x44] inc eax push eax mov edx, dword [ref_0048be50] ; mov edx, dword [0x48be50] mov eax, ecx shl eax, 2 sub eax, ecx shl eax, 2 add edx, 0xc add eax, edx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 loc_0041dfec: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax loc_0041e003: push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_0041de89 ; jmp 0x41de89 loc_0041e010: mov ah, byte [ref_0048be54] ; mov ah, byte [0x48be54] cmp ah, 0xb je short loc_0041e020 ; je 0x41e020 cmp ah, 0xc jne short loc_0041e09a ; jne 0x41e09a loc_0041e020: xor edx, edx mov dl, byte [ref_0048be54] ; mov dl, byte [0x48be54] movsx eax, word [edx*8 + ref_004752ae] ; movsx eax, word [edx*8 + 0x4752ae] mov dword [esp + 0x40], eax movsx eax, word [edx*8 + ref_004752b0] ; movsx eax, word [edx*8 + 0x4752b0] mov dword [esp + 0x44], eax movsx eax, word [edx*8 + ref_004752b2] ; movsx eax, word [edx*8 + 0x4752b2] mov dword [esp + 0x48], eax movsx eax, word [edx*8 + ref_004752b4] ; movsx eax, word [edx*8 + 0x4752b4] mov dword [esp + 0x4c], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax push 0xfffffffffffffff4 push 0x38 push 0x28 mov eax, dword [esp + 0x50] push eax mov edx, dword [esp + 0x50] push edx push ref_0046caec ; push 0x46caec call fcn_004552e7 ; call 0x4552e7 add esp, 0x18 jmp near loc_0041dfec ; jmp 0x41dfec loc_0041e09a: cmp ah, 0xd je near loc_0041de44 ; je 0x41de44 cmp ah, 0xe jne near loc_0041de89 ; jne 0x41de89 jmp near loc_0041de44 ; jmp 0x41de44 loc_0041e0b1: mov dl, byte [ref_0048be54] ; mov dl, byte [0x48be54] test dl, dl je near loc_0041de89 ; je 0x41de89 mov al, dl sub al, 2 cmp al, 0xa ja near loc_0041e2a8 ; ja 0x41e2a8 and eax, 0xff jmp dword [eax*4 + ref_0041dd7d] ; ujmp: jmp dword [eax*4 + 0x41dd7d] loc_0041e0d7: mov edx, dword [ref_0048be4c] ; mov edx, dword [0x48be4c] mov eax, edx shl eax, 2 sub eax, edx xor byte [eax*2 + ref_0048be36], 1 ; xor byte [eax*2 + 0x48be36], 1 jmp near loc_0041e2a8 ; jmp 0x41e2a8 loc_0041e0f1: mov edx, dword [ref_0048be4c] ; mov edx, dword [0x48be4c] mov eax, edx shl eax, 2 sub eax, edx xor byte [eax*2 + ref_0048be36], 2 ; xor byte [eax*2 + 0x48be36], 2 jmp near loc_0041e2a8 ; jmp 0x41e2a8 loc_0041e10b: mov edx, dword [ref_0048be4c] ; mov edx, dword [0x48be4c] mov eax, edx shl eax, 2 sub eax, edx xor bh, bh mov byte [eax*2 + ref_0048be37], bh ; mov byte [eax*2 + 0x48be37], bh jmp near loc_0041e2a8 ; jmp 0x41e2a8 loc_0041e126: mov edx, dword [ref_0048be4c] ; mov edx, dword [0x48be4c] mov eax, edx shl eax, 2 sub eax, edx mov byte [eax*2 + ref_0048be37], 1 ; mov byte [eax*2 + 0x48be37], 1 jmp near loc_0041e2a8 ; jmp 0x41e2a8 loc_0041e140: mov edx, dword [ref_0048be4c] ; mov edx, dword [0x48be4c] mov eax, edx shl eax, 2 sub eax, edx mov byte [eax*2 + ref_0048be37], 2 ; mov byte [eax*2 + 0x48be37], 2 jmp near loc_0041e2a8 ; jmp 0x41e2a8 loc_0041e15a: mov edx, dword [ref_0048be4c] ; mov edx, dword [0x48be4c] mov eax, edx shl eax, 2 sub eax, edx add eax, eax mov cl, byte [eax + ref_0048be38] ; mov cl, byte [eax + 0x48be38] cmp cl, 0xa jbe short loc_0041e184 ; jbe 0x41e184 mov dl, cl sub dl, 0xa mov byte [eax + ref_0048be38], dl ; mov byte [eax + 0x48be38], dl jmp near loc_0041e2a8 ; jmp 0x41e2a8 loc_0041e184: xor ch, ch mov byte [eax + ref_0048be38], ch ; mov byte [eax + 0x48be38], ch jmp near loc_0041e2a8 ; jmp 0x41e2a8 loc_0041e191: mov edx, dword [ref_0048be4c] ; mov edx, dword [0x48be4c] mov eax, edx shl eax, 2 sub eax, edx add eax, eax mov dh, byte [eax + ref_0048be38] ; mov dh, byte [eax + 0x48be38] cmp dh, 0x5a jae short loc_0041e1bb ; jae 0x41e1bb mov bh, dh add bh, 0xa mov byte [eax + ref_0048be38], bh ; mov byte [eax + 0x48be38], bh jmp near loc_0041e2a8 ; jmp 0x41e2a8 loc_0041e1bb: mov byte [eax + ref_0048be38], 0x64 ; mov byte [eax + 0x48be38], 0x64 jmp near loc_0041e2a8 ; jmp 0x41e2a8 loc_0041e1c7: mov edx, dword [ref_0048be4c] ; mov edx, dword [0x48be4c] mov eax, edx shl eax, 2 sub eax, edx add eax, eax mov cl, byte [eax + ref_0048be39] ; mov cl, byte [eax + 0x48be39] cmp cl, 0xa jbe short loc_0041e1f1 ; jbe 0x41e1f1 mov dl, cl sub dl, 0xa mov byte [eax + ref_0048be39], dl ; mov byte [eax + 0x48be39], dl jmp near loc_0041e2a8 ; jmp 0x41e2a8 loc_0041e1f1: xor ch, ch mov byte [eax + ref_0048be39], ch ; mov byte [eax + 0x48be39], ch jmp near loc_0041e2a8 ; jmp 0x41e2a8 loc_0041e1fe: mov edx, dword [ref_0048be4c] ; mov edx, dword [0x48be4c] mov eax, edx shl eax, 2 sub eax, edx add eax, eax mov dh, byte [eax + ref_0048be39] ; mov dh, byte [eax + 0x48be39] cmp dh, 0x5a jae short loc_0041e228 ; jae 0x41e228 mov bh, dh add bh, 0xa mov byte [eax + ref_0048be39], bh ; mov byte [eax + 0x48be39], bh jmp near loc_0041e2a8 ; jmp 0x41e2a8 loc_0041e228: mov byte [eax + ref_0048be39], 0x64 ; mov byte [eax + 0x48be39], 0x64 jmp near loc_0041e2a8 ; jmp 0x41e2a8 loc_0041e234: xor edx, edx jmp short loc_0041e23e ; jmp 0x41e23e loc_0041e238: inc edx cmp edx, 4 jge short loc_0041e297 ; jge 0x41e297 loc_0041e23e: mov eax, edx shl eax, 2 sub eax, edx add eax, eax mov bl, byte [eax + ref_0048be34] ; mov bl, byte [eax + 0x48be34] test bl, bl je short loc_0041e238 ; je 0x41e238 xor ecx, ecx mov cl, bl dec ecx imul ecx, ecx, 0x68 mov bl, byte [eax + ref_0048be35] ; mov bl, byte [eax + 0x48be35] mov byte [ecx + (_players+21)], bl ; mov byte [ecx + 0x496b7d], bl mov bl, byte [eax + ref_0048be36] ; mov bl, byte [eax + 0x48be36] mov byte [ecx + (_players+22)], bl ; mov byte [ecx + 0x496b7e], bl mov bl, byte [eax + ref_0048be37] ; mov bl, byte [eax + 0x48be37] mov byte [ecx + (_players+23)], bl ; mov byte [ecx + 0x496b7f], bl mov bl, byte [eax + ref_0048be38] ; mov bl, byte [eax + 0x48be38] mov byte [ecx + (_players+25)], bl ; mov byte [ecx + 0x496b81], bl mov al, byte [eax + ref_0048be39] ; mov al, byte [eax + 0x48be39] mov byte [ecx + (_players+26)], al ; mov byte [ecx + 0x496b82], al jmp short loc_0041e238 ; jmp 0x41e238 loc_0041e297: push 0 push 0 push 0x205 push ebp call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] loc_0041e2a8: call fcn_0041db91 ; call 0x41db91 xor bh, bh mov byte [ref_0048be54], bh ; mov byte [0x48be54], bh jmp near loc_0041de89 ; jmp 0x41de89 loc_0041e2ba: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 call _Post_0402_Message ; call 0x401966 add esp, 4 jmp near loc_0041de89 ; jmp 0x41de89 loc_0041e2d3: mov eax, esp push eax push ebp call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov eax, dword [eax] push 0x10 lea edx, [esp + 0xc] push edx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [esp + 0x18] push ebx mov esi, dword [esp + 0x18] push esi mov edi, dword [ref_0048a0dc] ; mov edi, dword [0x48a0dc] push edi call dword [eax + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push ebp call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_0041de89 ; jmp 0x41de89 loc_0041e331: push edx mov edx, dword [esp + 0x70] push edx push eax push ebp call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_0041de8b ; jmp 0x41de8b hosted_ai_ui: push ebx push esi push edi sub esp, 4 push 0 push 0 push 0x4d mov edx, dword [ref_0048a05c] ; mov edx, dword [0x48a05c] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048be50], eax ; mov dword [0x48be50], eax push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0x1a push 0xad push ref_00463cd8 ; push 0x463cd8 mov eax, dword [ref_0048be50] ; mov eax, dword [0x48be50] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x72 push 0xad push ref_00463cdf ; push 0x463cdf mov eax, dword [ref_0048be50] ; mov eax, dword [0x48be50] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0xf6 push 0xf9 push ref_00463ce6 ; push 0x463ce6 mov eax, dword [ref_0048be50] ; mov eax, dword [0x48be50] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0x35 push 0xf4 push ref_00463cf3 ; push 0x463cf3 mov eax, dword [ref_0048be50] ; mov eax, dword [0x48be50] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x54 push 0xf4 push ref_00463cfc ; push 0x463cfc mov eax, dword [ref_0048be50] ; mov eax, dword [0x48be50] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x8d push 0xf4 push ref_00463d05 ; push 0x463d05 mov eax, dword [ref_0048be50] ; mov eax, dword [0x48be50] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0xad push 0xf4 push ref_00463d0c ; push 0x463d0c mov eax, dword [ref_0048be50] ; mov eax, dword [0x48be50] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0xce push 0xf4 push ref_00463d13 ; push 0x463d13 mov eax, dword [ref_0048be50] ; mov eax, dword [0x48be50] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 6 push 0x115 push 0xbf push ref_00463d1a ; push 0x463d1a mov eax, dword [ref_0048be50] ; mov eax, dword [0x48be50] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 5 push 0x115 push 0x131 push ref_00463d1f ; push 0x463d1f mov eax, dword [ref_0048be50] ; mov eax, dword [0x48be50] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 6 push 0x136 push 0xbf push ref_00463d24 ; push 0x463d24 mov eax, dword [ref_0048be50] ; mov eax, dword [0x48be50] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 5 push 0x136 push 0x131 push ref_00463d29 ; push 0x463d29 mov eax, dword [ref_0048be50] ; mov eax, dword [0x48be50] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 1 push 2 push 0 push 0x101010 push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 3 push 0x7d push 0x18d push ref_00463d2e ; push 0x463d2e mov eax, dword [ref_0048be50] ; mov eax, dword [0x48be50] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 3 push 0xd5 push 0x18d push ref_00463d33 ; push 0x463d33 mov eax, dword [ref_0048be50] ; mov eax, dword [0x48be50] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x18 push 0 push ref_0048be34 ; push 0x48be34 call memset ; call 0x456f60 add esp, 0xc xor ecx, ecx mov dword [esp], ecx xor esi, esi mov edi, 8 loc_0041e594: mov eax, dword [esp] cmp eax, dword [_nplayers] ; cmp eax, dword [0x499114] jge near loc_0041e66f ; jge 0x41e66f imul eax, eax, 0x68 test byte [eax + (_players+21)], 1 ; test byte [eax + 0x496b7d], 1 je near loc_0041e667 ; je 0x41e667 mov eax, dword [esp] cmp eax, dword [_current_player] ; cmp eax, dword [0x49910c] jne short loc_0041e5c4 ; jne 0x41e5c4 mov dword [ref_0048be4c], esi ; mov dword [0x48be4c], esi loc_0041e5c4: mov dl, byte [esp] inc dl mov eax, esi shl eax, 2 sub eax, esi mov byte [eax*2 + ref_0048be34], dl ; mov byte [eax*2 + 0x48be34], dl imul ebx, dword [esp], 0x68 mov dl, byte [ebx + (_players+21)] ; mov dl, byte [ebx + 0x496b7d] mov byte [eax*2 + ref_0048be35], dl ; mov byte [eax*2 + 0x48be35], dl mov dl, byte [ebx + (_players+22)] ; mov dl, byte [ebx + 0x496b7e] mov byte [eax*2 + ref_0048be36], dl ; mov byte [eax*2 + 0x48be36], dl mov dl, byte [ebx + (_players+23)] ; mov dl, byte [ebx + 0x496b7f] mov byte [eax*2 + ref_0048be37], dl ; mov byte [eax*2 + 0x48be37], dl mov dl, byte [ebx + (_players+25)] ; mov dl, byte [ebx + 0x496b81] mov byte [eax*2 + ref_0048be38], dl ; mov byte [eax*2 + 0x48be38], dl mov dl, byte [ebx + (_players+26)] ; mov dl, byte [ebx + 0x496b82] mov byte [eax*2 + ref_0048be39], dl ; mov byte [eax*2 + 0x48be39], dl push edi push 8 mov eax, dword [ref_0048be50] ; mov eax, dword [0x48be50] lea edx, [eax + 0x24] push edx add eax, 0xc push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 lea eax, [edi + 0x28] push eax push 0x50 xor eax, eax mov al, byte [ebx + (_players+19)] ; mov al, byte [ebx + 0x496b7b] lea ebx, [eax + 6] mov edx, ebx shl edx, 2 sub edx, ebx shl edx, 2 mov eax, dword [ref_0048be50] ; mov eax, dword [0x48be50] add eax, 0xc add edx, eax push edx push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 inc esi add edi, 0x53 loc_0041e667: inc dword [esp] jmp near loc_0041e594 ; jmp 0x41e594 loc_0041e66f: push 0 push fcn_0041dda9 ; push 0x41dda9 call _Wait_0402_Message ; call 0x4018e7 add esp, 8 push 1 call fcn_0041906a ; call 0x41906a add esp, 4 mov esi, dword [ref_0048be50] ; mov esi, dword [0x48be50] push esi call clib_free ; call 0x456e11 add esp, 4 add esp, 4 pop edi pop esi pop ebx ret fcn_0041e69e: mov eax, dword [esp + 4] xor edx, edx mov dl, byte [eax*8 + (_card_table - 1)] ; mov dl, byte [eax*8 + 0x47fdf1] imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov al, byte [eax + (_players+23)] ; mov al, byte [eax + 0x496b7f] and eax, 0xff sub edx, eax mov eax, edx cmp edx, 2 jl short loc_0041e6c9 ; jl 0x41e6c9 xor eax, edx ret loc_0041e6c9: cmp edx, 1 jne short loc_0041e6e6 ; jne 0x41e6e6 call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 3 sar edx, 0x1f idiv ecx test edx, edx je short loc_0041e6e6 ; je 0x41e6e6 fcn_0041e6e3: xor eax, eax ret loc_0041e6e6: mov eax, dword [esp + 4] call dword [eax*4 + ref_00475324] ; ucall: call dword [eax*4 + 0x475324] ret fcn_0041e6f2: mov eax, dword [esp + 4] mov eax, dword [eax*4 + ref_0048be58] ; mov eax, dword [eax*4 + 0x48be58] ret fcn_0041e6fe: push ebx push esi xor esi, esi xor edx, edx xor ecx, ecx xor ebx, ebx loc_0041e708: cmp edx, dword [_nplayers] ; cmp edx, dword [0x499114] jge short loc_0041e726 ; jge 0x41e726 imul eax, edx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_0041e723 ; je 0x41e723 add ecx, dword [eax + (_players+28)] ; add ecx, dword [eax + 0x496b84] inc ebx loc_0041e723: inc edx jmp short loc_0041e708 ; jmp 0x41e708 loc_0041e726: mov eax, ecx mov edx, ecx sar edx, 0x1f idiv ebx mov ecx, eax imul ebx, dword [_current_player], 0x68 ; imul ebx, dword [0x49910c], 0x68 mov edx, dword [ebx + (_players+28)] ; mov edx, dword [ebx + 0x496b84] mov eax, edx shl eax, 2 add eax, edx add eax, eax cmp ecx, eax jle short loc_0041e774 ; jle 0x41e774 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx cmp eax, dword [ebx + (_players+28)] ; cmp eax, dword [ebx + 0x496b84] jle short loc_0041e774 ; jle 0x41e774 mov esi, 1 loc_0041e774: mov eax, esi pop esi pop ebx ret fcn_0041e779: push ebx push esi push edi push ebp sub esp, 0xc xor esi, esi mov dword [esp], esi mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_0040d2d3 ; call 0x40d2d3 add esp, 4 mov dword [esp + 4], eax push 0xffffffffffffffff call fcn_0040a45c ; call 0x40a45c add esp, 4 mov dword [ref_0048be60], eax ; mov dword [0x48be60], eax mov dword [esp + 8], esi loc_0041e7ab: mov eax, dword [esp + 8] cmp eax, dword [ref_0048be60] ; cmp eax, dword [0x48be60] jge short loc_0041e806 ; jge 0x41e806 mov bx, word [eax*2 + ref_0048b8c4] ; mov bx, word [eax*2 + 0x48b8c4] and ebx, 0xffff test bh, 0x80 je short loc_0041e800 ; je 0x41e800 test bl, 0xf je short loc_0041e800 ; je 0x41e800 xor ecx, ecx mov eax, 1 mov edi, dword [_current_player] ; mov edi, dword [0x49910c] jmp short loc_0041e7e6 ; jmp 0x41e7e6 loc_0041e7de: add eax, eax inc ecx cmp eax, 0x10 jge short loc_0041e800 ; jge 0x41e800 loc_0041e7e6: test ebx, eax je short loc_0041e7de ; je 0x41e7de cmp ecx, edi je short loc_0041e7de ; je 0x41e7de imul edx, ecx, 0x68 cmp byte [edx + (_players+21)], 0 ; cmp byte [edx + 0x496b7d], 0 je short loc_0041e7de ; je 0x41e7de mov byte [esp + ecx], 1 jmp short loc_0041e7de ; jmp 0x41e7de loc_0041e800: inc dword [esp + 8] jmp short loc_0041e7ab ; jmp 0x41e7ab loc_0041e806: mov ebp, dword [esp + 4] cmp ebp, 0xffffffff je short loc_0041e873 ; je 0x41e873 cmp byte [esp + ebp], 0 je short loc_0041e873 ; je 0x41e873 imul ecx, ebp, 0x68 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 sub eax, edx shl eax, 4 add eax, edx shl eax, 4 mov edx, eax shl eax, 2 sub eax, edx mov edx, dword [ecx + (_players+28)] ; mov edx, dword [ecx + 0x496b84] cmp eax, edx jge short loc_0041e873 ; jge 0x41e873 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov eax, dword [eax + (_players+28)] ; mov eax, dword [eax + 0x496b84] add eax, eax cmp eax, edx jge short loc_0041e873 ; jge 0x41e873 mov cl, byte [esp + 4] mov eax, 1 shl eax, cl or ah, 0x80 mov dword [ref_0048be58], eax ; mov dword [0x48be58], eax mov esi, 1 jmp near loc_0041e8dc ; jmp 0x41e8dc loc_0041e873: test esi, esi jne short loc_0041e8dc ; jne 0x41e8dc mov dword [esp + 8], esi mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] loc_0041e881: mov eax, dword [esp + 8] cmp eax, dword [_nplayers] ; cmp eax, dword [0x499114] jge short loc_0041e8dc ; jge 0x41e8dc cmp byte [esp + eax], 0 je short loc_0041e8d6 ; je 0x41e8d6 imul edx, eax, 0x68 imul eax, dword [ref_004990e8], 0xc350 ; imul eax, dword [0x4990e8], 0xc350 mov edi, dword [edx + (_players+28)] ; mov edi, dword [edx + 0x496b84] cmp eax, edi jge short loc_0041e8d6 ; jge 0x41e8d6 imul eax, ebp, 0x68 mov ecx, dword [eax + (_players+28)] ; mov ecx, dword [eax + 0x496b84] mov eax, ecx shl eax, 2 sub eax, ecx cmp eax, edi jge short loc_0041e8d6 ; jge 0x41e8d6 mov cl, byte [esp + 8] mov eax, 1 shl eax, cl or ah, 0x80 mov dword [ref_0048be58], eax ; mov dword [0x48be58], eax mov esi, 1 loc_0041e8d6: inc dword [esp + 8] jmp short loc_0041e881 ; jmp 0x41e881 loc_0041e8dc: mov eax, esi add esp, 0xc pop ebp pop edi pop esi pop ebx ret fcn_0041e8e6: push ebx push esi push edi push ebp mov eax, dword [esp + 0x18] xor ebp, ebp cmp dword [esp + 0x14], 0xffffffff jne short loc_0041e8fe ; jne 0x41e8fe xor eax, eax pop ebp pop edi pop esi pop ebx ret loc_0041e8fe: cmp eax, 0x7d0 jle near loc_0041e994 ; jle 0x41e994 cmp eax, 0xfa0 jge near loc_0041e994 ; jge 0x41e994 sub eax, 0x7d0 imul eax, eax, 0x34 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] lea edi, [ebx + eax] mov cl, byte [edi + 0x19] test cl, cl je short loc_0041e97a ; je 0x41e97a xor edx, edx mov dl, cl mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edx, eax je short loc_0041e97a ; je 0x41e97a cmp byte [edi + 0x1a], 0 je short loc_0041e97a ; je 0x41e97a mov esi, 1 loc_0041e945: add ebx, 0x34 cmp esi, dword [ref_00498e98] ; cmp esi, dword [0x498e98] jg short loc_0041e97a ; jg 0x41e97a lea eax, [ebx + 4] push eax lea eax, [edi + 4] push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne short loc_0041e977 ; jne 0x41e977 xor edx, edx mov dl, byte [ebx + 0x19] mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edx, eax je near loc_0041e9d6 ; je 0x41e9d6 loc_0041e977: inc esi jmp short loc_0041e945 ; jmp 0x41e945 loc_0041e97a: test ebp, ebp jne short loc_0041e9db ; jne 0x41e9db xor eax, eax mov al, byte [edi + 0x19] mov edx, dword [esp + 0x14] inc edx cmp eax, edx jne short loc_0041e9db ; jne 0x41e9db cmp byte [edi + 0x1a], 2 jb short loc_0041e9db ; jb 0x41e9db jmp short loc_0041e9d6 ; jmp 0x41e9d6 loc_0041e994: cmp eax, 0xfa0 jle short loc_0041e9db ; jle 0x41e9db cmp eax, 0x1770 jge short loc_0041e9db ; jge 0x41e9db sub eax, 0xfa0 shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, eax mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] add eax, edx cmp byte [eax + 0x19], 0 je short loc_0041e9db ; je 0x41e9db xor edx, edx mov dl, byte [eax + 0x19] mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] inc ebx cmp edx, ebx je short loc_0041e9db ; je 0x41e9db cmp byte [eax + 0x1a], 0 je short loc_0041e9db ; je 0x41e9db loc_0041e9d6: mov ebp, 1 loc_0041e9db: mov eax, ebp pop ebp pop edi pop esi pop ebx ret fcn_0041e9e2: push ebx push esi xor esi, esi mov edx, dword [_current_player] ; mov edx, dword [0x49910c] imul eax, edx, 0x68 xor ebx, ebx mov bx, word [eax + (_players+12)] ; mov bx, word [eax + 0x496b74] mov eax, ebx shl eax, 2 add eax, ebx mov ebx, dword [ref_00498e80] ; mov ebx, dword [0x498e80] mov bx, word [ebx + eax*8 + 0x20] and ebx, 0xffff push edx call fcn_0040d2d3 ; call 0x40d2d3 add esp, 4 push ebx push eax call fcn_0041e8e6 ; call 0x41e8e6 add esp, 8 cmp eax, 1 jne near loc_0041eadd ; jne 0x41eadd cmp ebx, 0x7d0 jle short loc_0041ea7f ; jle 0x41ea7f cmp ebx, 0xfa0 jge short loc_0041ea7f ; jge 0x41ea7f sub ebx, 0x7d0 imul ebx, ebx, 0x34 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add eax, ebx xor ebx, ebx mov bl, byte [eax + 0x1a] xor edx, edx mov dx, word [eax + 0x1e] imul edx, ebx mov ax, word [eax + 0x1c] and eax, 0xffff add eax, edx mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] imul edx, eax imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp edx, dword [eax + (_players+28)] ; cmp edx, dword [eax + 0x496b84] jge short loc_0041eadd ; jge 0x41eadd jmp short loc_0041ead8 ; jmp 0x41ead8 loc_0041ea7f: cmp ebx, 0xfa0 jle short loc_0041eadd ; jle 0x41eadd cmp ebx, 0x1770 jge short loc_0041eadd ; jge 0x41eadd lea eax, [ebx - 0xfa0] shl eax, 3 mov ebx, eax shl eax, 3 sub eax, ebx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] add eax, edx xor edx, edx mov dl, byte [eax + 0x1a] xor ebx, ebx mov bx, word [eax + 0x24] imul ebx, edx mov ax, word [eax + 0x22] and eax, 0xffff add eax, ebx mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] imul edx, eax imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp edx, dword [eax + (_players+28)] ; cmp edx, dword [eax + 0x496b84] jge short loc_0041eadd ; jge 0x41eadd loc_0041ead8: mov esi, 1 loc_0041eadd: mov eax, esi pop esi pop ebx ret fcn_0041eae2: push ebx push esi push edi push ebp sub esp, 0x14 xor edx, edx mov dword [esp + 0xc], edx mov dword [esp], edx mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] imul eax, ebx, 0x68 mov dx, word [eax + (_players+12)] ; mov dx, word [eax + 0x496b74] mov eax, edx shl eax, 2 add eax, edx mov edx, dword [ref_00498e80] ; mov edx, dword [0x498e80] mov ax, word [edx + eax*8 + 0x20] and eax, 0xffff mov dword [esp + 4], eax push ebx call fcn_0040d2d3 ; call 0x40d2d3 add esp, 4 mov dword [esp + 8], eax mov eax, dword [esp + 4] cmp eax, 0x7d0 jle near loc_0041ebc5 ; jle 0x41ebc5 cmp eax, 0xfa0 jge near loc_0041ebc5 ; jge 0x41ebc5 sub eax, 0x7d0 imul eax, eax, 0x34 mov esi, dword [ref_00498e84] ; mov esi, dword [0x498e84] lea edi, [esi + eax] xor eax, eax mov al, byte [edi + 0x19] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] inc edx cmp eax, edx jne short loc_0041eb6b ; jne 0x41eb6b cmp byte [edi + 0x1a], 1 jbe short loc_0041eb72 ; jbe 0x41eb72 loc_0041eb6b: xor eax, eax jmp near loc_0041ed36 ; jmp 0x41ed36 loc_0041eb72: mov ebx, 1 loc_0041eb77: add esi, 0x34 cmp ebx, dword [ref_00498e98] ; cmp ebx, dword [0x498e98] jg short loc_0041ebbb ; jg 0x41ebbb mov eax, dword [esp + 4] sub eax, 0x7d0 cmp ebx, eax je short loc_0041ebb8 ; je 0x41ebb8 lea eax, [esi + 4] push eax lea eax, [edi + 4] push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne short loc_0041ebb8 ; jne 0x41ebb8 mov al, byte [esi + 0x19] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] inc edx cmp eax, edx jne short loc_0041ebb8 ; jne 0x41ebb8 xor eax, edx jmp near loc_0041ed36 ; jmp 0x41ed36 loc_0041ebb8: inc ebx jmp short loc_0041eb77 ; jmp 0x41eb77 loc_0041ebbb: mov dword [esp + 0xc], 1 jmp short loc_0041ec24 ; jmp 0x41ec24 loc_0041ebc5: mov ecx, dword [esp + 4] cmp ecx, 0xfa0 jle short loc_0041ec19 ; jle 0x41ec19 cmp ecx, 0x1770 jge short loc_0041ec19 ; jge 0x41ec19 lea eax, [ecx - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov ebp, dword [ref_00498e88] ; mov ebp, dword [0x498e88] add ebp, eax xor eax, eax mov al, byte [ebp + 0x19] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] inc edx cmp eax, edx jne near loc_0041eb6b ; jne 0x41eb6b cmp byte [ebp + 0x1a], 1 ja near loc_0041eb6b ; ja 0x41eb6b mov dword [esp + 0xc], 2 jmp short loc_0041ec24 ; jmp 0x41ec24 loc_0041ec19: cmp dword [esp + 0xc], 0 je near loc_0041ed33 ; je 0x41ed33 loc_0041ec24: push 0xffffffffffffffff call fcn_0040a45c ; call 0x40a45c add esp, 4 mov dword [ref_0048be60], eax ; mov dword [0x48be60], eax xor ebx, ebx mov dword [esp + 0x10], ebx loc_0041ec39: mov eax, dword [esp + 0x10] cmp eax, dword [ref_0048be60] ; cmp eax, dword [0x48be60] jge near loc_0041ed33 ; jge 0x41ed33 mov bx, word [eax*2 + ref_0048b8c4] ; mov bx, word [eax*2 + 0x48b8c4] and ebx, 0xffff cmp ebx, 0x7d0 jle near loc_0041ecd9 ; jle 0x41ecd9 cmp ebx, 0xfa0 jge short loc_0041ecd9 ; jge 0x41ecd9 cmp dword [esp + 0xc], 1 jne short loc_0041ecd9 ; jne 0x41ecd9 lea eax, [ebx - 0x7d0] imul eax, eax, 0x34 mov esi, dword [ref_00498e84] ; mov esi, dword [0x498e84] add esi, eax lea eax, [edi + 4] push eax lea eax, [esi + 4] push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax je near loc_0041ed2a ; je 0x41ed2a xor eax, eax mov ax, word [esi + 0x1c] xor edx, edx mov dx, word [edi + 0x1c] cmp eax, edx jle near loc_0041ed2a ; jle 0x41ed2a mov al, byte [esi + 0x1a] cmp al, byte [edi + 0x1a] jbe near loc_0041ed2a ; jbe 0x41ed2a push ebx mov esi, dword [esp + 0xc] push esi loc_0041ecc1: call fcn_0041e8e6 ; call 0x41e8e6 add esp, 8 cmp eax, 1 jne short loc_0041ed2a ; jne 0x41ed2a mov dword [ref_0048be58], ebx ; mov dword [0x48be58], ebx mov dword [esp], eax jmp short loc_0041ed33 ; jmp 0x41ed33 loc_0041ecd9: cmp ebx, 0xfa0 jle short loc_0041ed2a ; jle 0x41ed2a cmp ebx, 0x1770 jge short loc_0041ed2a ; jge 0x41ed2a cmp dword [esp + 0xc], 2 jne short loc_0041ed2a ; jne 0x41ed2a lea esi, [ebx - 0xfa0] shl esi, 3 mov eax, esi shl esi, 3 sub esi, eax mov eax, esi mov esi, dword [ref_00498e88] ; mov esi, dword [0x498e88] add esi, eax xor edx, edx mov dx, word [esi + 0x22] xor eax, eax mov ax, word [ebp + 0x22] cmp edx, eax jle short loc_0041ed2a ; jle 0x41ed2a mov al, byte [esi + 0x1a] cmp al, byte [ebp + 0x1a] jbe short loc_0041ed2a ; jbe 0x41ed2a push ebx mov ecx, dword [esp + 0xc] push ecx jmp short loc_0041ecc1 ; jmp 0x41ecc1 loc_0041ed2a: inc dword [esp + 0x10] jmp near loc_0041ec39 ; jmp 0x41ec39 loc_0041ed33: mov eax, dword [esp] loc_0041ed36: add esp, 0x14 pop ebp pop edi pop esi pop ebx ret fcn_0041ed3e: push ebx push esi push edi push ebp sub esp, 4 xor edx, edx mov dword [esp], edx mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] imul eax, ecx, 0x68 mov dx, word [eax + (_players+12)] ; mov dx, word [eax + 0x496b74] mov eax, edx shl eax, 2 add eax, edx mov ebp, dword [ref_00498e80] ; mov ebp, dword [0x498e80] movzx ebp, word [ebp + eax*8 + 0x20] push ecx call fcn_0040d2d3 ; call 0x40d2d3 add esp, 4 mov esi, eax cmp ebp, 0x7d0 jle near loc_0041ee78 ; jle 0x41ee78 cmp ebp, 0xfa0 jge near loc_0041ee78 ; jge 0x41ee78 lea eax, [ebp - 0x7d0] imul edi, eax, 0x34 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add edi, eax xor ebx, ebx mov bl, byte [edi + 0x19] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] inc edx cmp ebx, edx jne near loc_0041ef1b ; jne 0x41ef1b lea ebx, [eax + 0x34] cmp byte [edi + 0x18], 0 je short loc_0041ee04 ; je 0x41ee04 mov esi, 1 loc_0041edc1: cmp esi, dword [ref_00498e98] ; cmp esi, dword [0x498e98] jg near loc_0041ef1b ; jg 0x41ef1b lea eax, [ebp - 0x7d0] cmp esi, eax je short loc_0041edfe ; je 0x41edfe lea eax, [ebx + 4] push eax lea eax, [edi + 4] push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne short loc_0041edfe ; jne 0x41edfe xor edx, edx mov dl, byte [ebx + 0x19] mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edx, eax je near loc_0041ef14 ; je 0x41ef14 loc_0041edfe: inc esi add ebx, 0x34 jmp short loc_0041edc1 ; jmp 0x41edc1 loc_0041ee04: cmp byte [edi + 0x1a], 1 jne near loc_0041ef1b ; jne 0x41ef1b imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+23)], 0 ; cmp byte [eax + 0x496b7f], 0 je near loc_0041ef14 ; je 0x41ef14 mov ecx, 1 mov dword [esp], ecx mov esi, ecx loc_0041ee2c: cmp esi, dword [ref_00498e98] ; cmp esi, dword [0x498e98] jg near loc_0041ef1b ; jg 0x41ef1b lea eax, [ebp - 0x7d0] cmp esi, eax je short loc_0041ee72 ; je 0x41ee72 lea eax, [ebx + 4] push eax lea eax, [edi + 4] push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne short loc_0041ee72 ; jne 0x41ee72 mov al, byte [ebx + 0x19] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] inc edx cmp eax, edx je short loc_0041ee68 ; je 0x41ee68 test al, al jne short loc_0041ee72 ; jne 0x41ee72 loc_0041ee68: xor edx, edx mov dword [esp], edx jmp near loc_0041ef1b ; jmp 0x41ef1b loc_0041ee72: inc esi add ebx, 0x34 jmp short loc_0041ee2c ; jmp 0x41ee2c loc_0041ee78: cmp ebp, 0xfa0 jle near loc_0041ef1b ; jle 0x41ef1b cmp ebp, 0x1770 jge near loc_0041ef1b ; jge 0x41ef1b lea eax, [ebp - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] add eax, edx xor ebx, ebx mov bl, byte [eax + 0x19] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] inc edx cmp ebx, edx jne short loc_0041eede ; jne 0x41eede cmp byte [eax + 0x18], 0 jne short loc_0041eede ; jne 0x41eede cmp byte [eax + 0x1a], 1 jne short loc_0041eede ; jne 0x41eede call clib_rand ; call 0x456f2d mov edx, eax mov ebx, 4 sar edx, 0x1f idiv ebx inc edx mov dword [ref_0048be58], edx ; mov dword [0x48be58], edx jmp short loc_0041ef14 ; jmp 0x41ef14 loc_0041eede: mov bl, byte [eax + 0x19] test bl, bl je short loc_0041ef1b ; je 0x41ef1b xor edx, edx mov dl, bl mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] inc ebx cmp edx, ebx je short loc_0041ef1b ; je 0x41ef1b cmp byte [eax + 0x18], 0 je short loc_0041ef1b ; je 0x41ef1b mov cl, byte [eax + 0x1a] cmp cl, 3 jae short loc_0041ef0c ; jae 0x41ef0c inc esi cmp edx, esi jne short loc_0041ef1b ; jne 0x41ef1b cmp cl, 2 jb short loc_0041ef1b ; jb 0x41ef1b loc_0041ef0c: xor esi, esi mov dword [ref_0048be58], esi ; mov dword [0x48be58], esi loc_0041ef14: mov dword [esp], 1 loc_0041ef1b: mov eax, dword [esp] loc_0041ef1e: add esp, 4 pop ebp pop edi pop esi pop ebx ret fcn_0041ef26: push ebx push esi xor ebx, ebx imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor edx, edx mov dx, word [eax + (_players+12)] ; mov dx, word [eax + 0x496b74] mov eax, edx shl eax, 2 add eax, edx mov esi, dword [ref_00498e80] ; mov esi, dword [0x498e80] mov si, word [esi + eax*8 + 0x20] and esi, 0xffff mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_0040d2d3 ; call 0x40d2d3 add esp, 4 mov edx, eax cmp esi, 0x7d0 jle short loc_0041efd1 ; jle 0x41efd1 cmp esi, 0xfa0 jge short loc_0041efd1 ; jge 0x41efd1 sub esi, 0x7d0 imul esi, esi, 0x34 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add eax, esi cmp byte [eax + 0x19], 0 je short loc_0041efa3 ; je 0x41efa3 xor ecx, ecx mov cl, byte [eax + 0x19] mov esi, dword [_current_player] ; mov esi, dword [0x49910c] inc esi cmp ecx, esi je short loc_0041efa3 ; je 0x41efa3 cmp byte [eax + 0x1a], 3 jae near loc_0041f02d ; jae 0x41f02d loc_0041efa3: test ebx, ebx jne near loc_0041f032 ; jne 0x41f032 mov cl, byte [eax + 0x19] test cl, cl je near loc_0041f032 ; je 0x41f032 movzx esi, cl inc edx cmp esi, edx jne near loc_0041f032 ; jne 0x41f032 cmp byte [eax + 0x1a], 2 jb near loc_0041f032 ; jb 0x41f032 jmp near loc_0041f02d ; jmp 0x41f02d loc_0041efd1: cmp esi, 0xfa0 jle short loc_0041f032 ; jle 0x41f032 cmp esi, 0x1770 jge short loc_0041f032 ; jge 0x41f032 lea eax, [esi - 0xfa0] shl eax, 3 mov ecx, eax shl ecx, 3 sub ecx, eax mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] add eax, ecx mov cl, byte [eax + 0x19] test cl, cl je short loc_0041f013 ; je 0x41f013 movzx esi, cl mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] inc ecx cmp esi, ecx je short loc_0041f013 ; je 0x41f013 cmp byte [eax + 0x1a], 3 jae short loc_0041f02d ; jae 0x41f02d loc_0041f013: test ebx, ebx jne short loc_0041f032 ; jne 0x41f032 cmp byte [eax + 0x19], 0 je short loc_0041f032 ; je 0x41f032 xor ecx, ecx mov cl, byte [eax + 0x19] inc edx cmp ecx, edx jne short loc_0041f032 ; jne 0x41f032 cmp byte [eax + 0x1a], 2 jb short loc_0041f032 ; jb 0x41f032 loc_0041f02d: mov ebx, 1 loc_0041f032: mov eax, ebx pop esi pop ebx ret fcn_0041f037: push ebx push esi push edi push ebp sub esp, 0x120 xor edx, edx mov dword [esp + 0x110], edx push 0xffffffffffffffff call fcn_0040a45c ; call 0x40a45c add esp, 4 mov dword [ref_0048be60], eax ; mov dword [0x48be60], eax xor ecx, ecx mov dword [esp + 0x11c], ecx xor ebp, ebp loc_0041f064: mov eax, dword [esp + 0x11c] cmp eax, dword [ref_0048be60] ; cmp eax, dword [0x48be60] jge near loc_0041f13a ; jge 0x41f13a mov ax, word [eax*2 + ref_0048b8c4] ; mov ax, word [eax*2 + 0x48b8c4] and eax, 0xffff mov dword [esp + 0x118], eax cmp eax, 0x7d0 jle near loc_0041f12e ; jle 0x41f12e cmp eax, 0xfa0 jge near loc_0041f12e ; jge 0x41f12e lea ebx, [eax - 0x7d0] imul ebx, ebx, 0x34 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add ebx, eax xor eax, eax mov al, byte [ebx + 0x19] mov esi, dword [_current_player] ; mov esi, dword [0x49910c] inc esi cmp eax, esi jne near loc_0041f12e ; jne 0x41f12e xor esi, esi mov dword [esp + 0x114], esi loc_0041f0ce: lea eax, [ebx + 4] cmp esi, ebp jge short loc_0041f101 ; jge 0x41f101 cmp byte [ebx + 0x18], 0 jne short loc_0041f0fe ; jne 0x41f0fe cmp byte [ebx + 0x1a], 5 jae short loc_0041f0fe ; jae 0x41f0fe mov edi, esi shl edi, 3 mov ecx, dword [esp + edi] push ecx push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne short loc_0041f0fe ; jne 0x41f0fe inc word [esp + edi + 6] jmp short loc_0041f12e ; jmp 0x41f12e loc_0041f0fe: inc esi jmp short loc_0041f0ce ; jmp 0x41f0ce loc_0041f101: cmp dword [esp + 0x114], 0 jne short loc_0041f12e ; jne 0x41f12e cmp byte [ebx + 0x18], 0 jne short loc_0041f12e ; jne 0x41f12e cmp byte [ebx + 0x1a], 5 jae short loc_0041f12e ; jae 0x41f12e mov dword [esp + ebp*8], eax mov eax, dword [esp + 0x118] mov word [esp + ebp*8 + 4], ax mov word [esp + ebp*8 + 6], 1 inc ebp loc_0041f12e: inc dword [esp + 0x11c] jmp near loc_0041f064 ; jmp 0x41f064 loc_0041f13a: xor esi, esi mov dword [esp + 0x11c], esi loc_0041f143: mov ecx, dword [esp + 0x11c] cmp ebp, ecx jle short loc_0041f16e ; jle 0x41f16e cmp word [esp + ecx*8 + 6], 3 jb short loc_0041f165 ; jb 0x41f165 mov al, byte [esp + 0x11c] mov byte [esp + esi + 0x100], al inc esi loc_0041f165: inc dword [esp + 0x11c] jmp short loc_0041f143 ; jmp 0x41f143 loc_0041f16e: test esi, esi je short loc_0041f1a1 ; je 0x41f1a1 call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv esi xor eax, eax mov al, byte [esp + edx + 0x100] mov ax, word [esp + eax*8 + 4] and eax, 0xffff mov dword [ref_0048be58], eax ; mov dword [0x48be58], eax mov dword [esp + 0x110], 1 loc_0041f1a1: mov eax, dword [esp + 0x110] add esp, 0x120 pop ebp pop edi pop esi pop ebx ret fcn_0041f1b3: push ebx push esi push edi push ebp sub esp, 0x210 push 0x100 push 0 lea eax, [esp + 8] push eax call memset ; call 0x456f60 add esp, 0xc mov edx, dword [_current_player] ; mov edx, dword [0x49910c] push edx call fcn_0040d2d3 ; call 0x40d2d3 add esp, 4 mov dword [esp + 0x204], eax push 0xffffffffffffffff call fcn_0040a45c ; call 0x40a45c add esp, 4 mov dword [ref_0048be60], eax ; mov dword [0x48be60], eax xor ecx, ecx mov dword [esp + 0x20c], ecx mov dword [esp + 0x208], ecx loc_0041f206: mov eax, dword [esp + 0x20c] cmp eax, dword [ref_0048be60] ; cmp eax, dword [0x48be60] jge near loc_0041f2f7 ; jge 0x41f2f7 mov si, word [eax*2 + ref_0048b8c4] ; mov si, word [eax*2 + 0x48b8c4] and esi, 0xffff cmp esi, 0x7d0 jle near loc_0041f2eb ; jle 0x41f2eb cmp esi, 0xfa0 jge near loc_0041f2eb ; jge 0x41f2eb lea eax, [esi - 0x7d0] imul eax, eax, 0x34 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] add ebx, eax xor edi, edi mov dword [esp + 0x200], edi loc_0041f259: lea eax, [ebx + 4] cmp edi, dword [esp + 0x208] jge short loc_0041f2a3 ; jge 0x41f2a3 cmp byte [ebx + 0x18], 0 jne short loc_0041f2a0 ; jne 0x41f2a0 cmp byte [ebx + 0x19], 0 je short loc_0041f2a0 ; je 0x41f2a0 mov ebp, edi shl ebp, 4 mov edx, dword [esp + ebp] push edx push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne short loc_0041f2a0 ; jne 0x41f2a0 mov al, byte [ebx + 0x19] add eax, ebp mov dl, byte [ebx + 0x1a] add byte [esp + eax + 3], dl xor eax, eax mov al, byte [ebx + 0x19] add ebp, eax inc byte [esp + ebp + 7] jmp short loc_0041f2eb ; jmp 0x41f2eb loc_0041f2a0: inc edi jmp short loc_0041f259 ; jmp 0x41f259 loc_0041f2a3: cmp dword [esp + 0x200], 0 jne short loc_0041f2eb ; jne 0x41f2eb cmp byte [ebx + 0x18], 0 jne short loc_0041f2eb ; jne 0x41f2eb cmp byte [ebx + 0x19], 0 je short loc_0041f2eb ; je 0x41f2eb mov edx, dword [esp + 0x208] shl edx, 4 mov dword [esp + edx], eax mov dword [esp + edx + 0xc], esi xor eax, eax mov al, byte [ebx + 0x19] add eax, edx mov cl, byte [ebx + 0x1a] mov byte [esp + eax + 3], cl xor eax, eax mov al, byte [ebx + 0x19] add edx, eax mov byte [esp + edx + 7], 1 inc dword [esp + 0x208] loc_0041f2eb: inc dword [esp + 0x20c] jmp near loc_0041f206 ; jmp 0x41f206 loc_0041f2f7: xor edi, edi mov dword [esp + 0x20c], edi xor ecx, ecx loc_0041f302: mov eax, dword [esp + 0x20c] cmp eax, dword [esp + 0x208] jge near loc_0041f3f3 ; jge 0x41f3f3 test ecx, ecx jne near loc_0041f3f3 ; jne 0x41f3f3 mov esi, dword [esp + 0x204] cmp esi, 0xffffffff je short loc_0041f36d ; je 0x41f36d mov edx, eax shl edx, 4 lea eax, [esi + edx] cmp byte [esp + eax + 8], 2 jb near loc_0041f3e7 ; jb 0x41f3e7 cmp byte [esp + eax + 4], 7 jb near loc_0041f3e7 ; jb 0x41f3e7 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] add eax, edx cmp byte [esp + eax + 4], 1 ja near loc_0041f3e7 ; ja 0x41f3e7 mov eax, dword [esp + edx + 0xc] loc_0041f35e: mov dword [ref_0048be58], eax ; mov dword [0x48be58], eax mov ecx, 1 jmp near loc_0041f3f3 ; jmp 0x41f3f3 loc_0041f36d: xor esi, esi xor ebp, ebp xor edx, edx loc_0041f373: cmp esi, dword [_nplayers] ; cmp esi, dword [0x499114] jge short loc_0041f3bc ; jge 0x41f3bc mov ebx, dword [esp + 0x20c] shl ebx, 4 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] add eax, ebx cmp byte [esp + eax + 4], 0 jne short loc_0041f3bc ; jne 0x41f3bc cmp esi, dword [_current_player] ; cmp esi, dword [0x49910c] je short loc_0041f3b9 ; je 0x41f3b9 imul edi, esi, 0x68 cmp byte [edi + (_players+21)], 0 ; cmp byte [edi + 0x496b7d], 0 je short loc_0041f3b9 ; je 0x41f3b9 add ebx, esi xor eax, eax mov al, byte [esp + ebx + 8] add ebp, eax xor eax, eax mov al, byte [esp + ebx + 4] add edx, eax loc_0041f3b9: inc esi jmp short loc_0041f373 ; jmp 0x41f373 loc_0041f3bc: mov ebx, dword [esp + 0x20c] shl ebx, 4 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] add eax, ebx cmp byte [esp + eax + 4], 0 jne short loc_0041f3e7 ; jne 0x41f3e7 cmp ebp, 3 jl short loc_0041f3e7 ; jl 0x41f3e7 cmp edx, 9 jl short loc_0041f3e7 ; jl 0x41f3e7 mov eax, dword [esp + ebx + 0xc] jmp near loc_0041f35e ; jmp 0x41f35e loc_0041f3e7: inc dword [esp + 0x20c] jmp near loc_0041f302 ; jmp 0x41f302 loc_0041f3f3: mov eax, ecx add esp, 0x210 pop ebp pop edi pop esi pop ebx ret fcn_0041f400: push ebx push esi push edi push ebp sub esp, 0x4c xor edx, edx mov dword [esp + 0x40], edx push 0x40 push edx lea eax, [esp + 8] push eax call memset ; call 0x456f60 add esp, 0xc mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_0040d2d3 ; call 0x40d2d3 add esp, 4 mov ebp, eax push 0xffffffffffffffff call fcn_0040a45c ; call 0x40a45c add esp, 4 mov dword [ref_0048be60], eax ; mov dword [0x48be60], eax xor ecx, ecx loc_0041f43f: cmp ecx, dword [ref_0048be60] ; cmp ecx, dword [0x48be60] jge near loc_0041f5a1 ; jge 0x41f5a1 mov dx, word [ecx*2 + ref_0048b8c4] ; mov dx, word [ecx*2 + 0x48b8c4] and edx, 0xffff cmp edx, 0x7d0 jle near loc_0041f503 ; jle 0x41f503 cmp edx, 0xfa0 jge near loc_0041f503 ; jge 0x41f503 lea eax, [edx - 0x7d0] imul eax, eax, 0x34 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] add eax, ebx cmp byte [eax + 0x19], 0 je near loc_0041f59b ; je 0x41f59b xor ebx, ebx mov bl, byte [eax + 0x19] mov esi, dword [_current_player] ; mov esi, dword [0x49910c] inc esi cmp ebx, esi je near loc_0041f59b ; je 0x41f59b cmp byte [eax + 0x1a], 3 jb near loc_0041f59b ; jb 0x41f59b shl ebx, 3 xor esi, esi mov si, word [esp + ebx - 8] movzx edi, byte [eax + 0x1a] cmp esi, edi jge short loc_0041f4e7 ; jge 0x41f4e7 movzx si, byte [eax + 0x1a] mov word [esp + ebx - 8], si xor esi, esi mov si, word [eax + 0x1c] xor ebx, ebx mov bl, byte [eax + 0x19] mov dword [esp + ebx*8 - 4], esi loc_0041f4d5: mov al, byte [eax + 0x19] and eax, 0xff mov word [esp + eax*8 - 6], dx jmp near loc_0041f59b ; jmp 0x41f59b loc_0041f4e7: jne near loc_0041f59b ; jne 0x41f59b xor esi, edi mov si, word [eax + 0x1c] cmp esi, dword [esp + ebx - 4] jle near loc_0041f59b ; jle 0x41f59b mov dword [esp + ebx - 4], esi jmp short loc_0041f4d5 ; jmp 0x41f4d5 loc_0041f503: cmp edx, 0xfa0 jle near loc_0041f59b ; jle 0x41f59b cmp edx, 0x1770 jge near loc_0041f59b ; jge 0x41f59b lea eax, [edx - 0xfa0] shl eax, 3 mov ebx, eax shl eax, 3 sub eax, ebx mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] add eax, ebx cmp byte [eax + 0x19], 0 je short loc_0041f59b ; je 0x41f59b xor ebx, ebx mov bl, byte [eax + 0x19] mov esi, dword [_current_player] ; mov esi, dword [0x49910c] inc esi cmp ebx, esi je short loc_0041f59b ; je 0x41f59b cmp byte [eax + 0x1a], 3 jb short loc_0041f59b ; jb 0x41f59b shl ebx, 3 xor edi, edi mov di, word [esp + ebx + 0x18] movzx esi, byte [eax + 0x1a] cmp edi, esi jge short loc_0041f57c ; jge 0x41f57c movzx si, byte [eax + 0x1a] mov word [esp + ebx + 0x18], si xor esi, esi mov si, word [eax + 0x22] xor ebx, ebx mov bl, byte [eax + 0x19] mov dword [esp + ebx*8 + 0x1c], esi jmp short loc_0041f58e ; jmp 0x41f58e loc_0041f57c: jne short loc_0041f59b ; jne 0x41f59b xor esi, esi mov si, word [eax + 0x22] cmp esi, dword [esp + ebx + 0x1c] jle short loc_0041f59b ; jle 0x41f59b mov dword [esp + ebx + 0x1c], esi loc_0041f58e: mov al, byte [eax + 0x19] and eax, 0xff mov word [esp + eax*8 + 0x1a], dx loc_0041f59b: inc ecx jmp near loc_0041f43f ; jmp 0x41f43f loc_0041f5a1: cmp ebp, 0xffffffff je short loc_0041f5d4 ; je 0x41f5d4 mov edx, ebp shl edx, 3 cmp word [esp + edx + 0x20], 3 jb short loc_0041f5c4 ; jb 0x41f5c4 xor eax, eax mov ax, word [esp + edx + 0x22] loc_0041f5ba: mov dword [ref_0048be58], eax ; mov dword [0x48be58], eax jmp near loc_0041f695 ; jmp 0x41f695 loc_0041f5c4: cmp word [esp + edx], 3 jb short loc_0041f5d4 ; jb 0x41f5d4 xor eax, eax mov ax, word [esp + edx + 2] jmp short loc_0041f5ba ; jmp 0x41f5ba loc_0041f5d4: mov esi, dword [esp + 0x40] test esi, esi jne near loc_0041f69d ; jne 0x41f69d xor ecx, ecx xor edi, edi mov dword [esp + 0x48], esi xor ebp, ebp xor edx, edx mov dword [esp + 0x44], esi jmp short loc_0041f637 ; jmp 0x41f637 loc_0041f5f2: jne short loc_0041f605 ; jne 0x41f605 mov ebx, dword [esp + eax + 4] cmp esi, ebx jge short loc_0041f605 ; jge 0x41f605 mov esi, ebx loc_0041f5fe: xor edx, edx mov dx, word [esp + eax + 2] loc_0041f605: mov eax, ecx shl eax, 3 cmp word [esp + eax + 0x20], 3 jb short loc_0041f631 ; jb 0x41f631 xor ebx, ebx mov bx, word [esp + eax + 0x20] cmp edi, ebx jge short loc_0041f66d ; jge 0x41f66d mov edi, ebx mov ebp, dword [esp + eax + 0x24] loc_0041f623: mov ax, word [esp + eax + 0x22] and eax, 0xffff mov dword [esp + 0x44], eax loc_0041f631: inc ecx cmp ecx, 4 jge short loc_0041f67b ; jge 0x41f67b loc_0041f637: cmp ecx, dword [_current_player] ; cmp ecx, dword [0x49910c] je short loc_0041f631 ; je 0x41f631 imul eax, ecx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_0041f631 ; je 0x41f631 mov eax, ecx shl eax, 3 cmp word [esp + eax], 4 jb short loc_0041f605 ; jb 0x41f605 xor ebx, ebx mov bx, word [esp + eax] cmp ebx, dword [esp + 0x48] jle short loc_0041f5f2 ; jle 0x41f5f2 mov dword [esp + 0x48], ebx mov esi, dword [esp + eax + 4] jmp short loc_0041f5fe ; jmp 0x41f5fe loc_0041f66d: jne short loc_0041f631 ; jne 0x41f631 mov ebx, dword [esp + eax + 0x24] cmp ebp, ebx jge short loc_0041f631 ; jge 0x41f631 mov ebp, ebx jmp short loc_0041f623 ; jmp 0x41f623 loc_0041f67b: mov esi, dword [esp + 0x44] test esi, esi je short loc_0041f68b ; je 0x41f68b mov dword [ref_0048be58], esi ; mov dword [0x48be58], esi jmp short loc_0041f695 ; jmp 0x41f695 loc_0041f68b: test edx, edx je short loc_0041f69d ; je 0x41f69d mov dword [ref_0048be58], edx ; mov dword [0x48be58], edx loc_0041f695: mov dword [esp + 0x40], 1 loc_0041f69d: mov eax, dword [esp + 0x40] add esp, 0x4c pop ebp pop edi pop esi pop ebx ret fcn_0041f6a9: push ebx push esi push edi push ebp call fcn_0041f400 ; call 0x41f400 cmp eax, 1 je near loc_0041f8fc ; je 0x41f8fc xor edi, edi xor esi, esi loc_0041f6bf: cmp edi, dword [ref_0048be60] ; cmp edi, dword [0x48be60] jge near loc_0041f8fa ; jge 0x41f8fa test esi, esi jne near loc_0041f8fa ; jne 0x41f8fa mov bx, word [edi*2 + ref_0048b8c4] ; mov bx, word [edi*2 + 0x48b8c4] and ebx, 0xffff cmp ebx, 0x7d0 jle short loc_0041f752 ; jle 0x41f752 cmp ebx, 0xfa0 jge short loc_0041f752 ; jge 0x41f752 lea eax, [ebx - 0x7d0] imul edx, eax, 0x34 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add eax, edx mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] imul edx, ebp, 0x68 cmp byte [edx + (_players+23)], 0 ; cmp byte [edx + 0x496b7f], 0 je near loc_0041f8f4 ; je 0x41f8f4 mov ch, byte [eax + 0x19] test ch, ch je near loc_0041f8f4 ; je 0x41f8f4 xor edx, edx mov dl, ch lea ecx, [ebp + 1] cmp edx, ecx je near loc_0041f8f4 ; je 0x41f8f4 cmp byte [eax + 0x18], 0 je near loc_0041f8f4 ; je 0x41f8f4 push edx call fcn_0041970f ; call 0x41970f add esp, 4 cmp eax, 4 jl near loc_0041f8f4 ; jl 0x41f8f4 jmp near loc_0041f8e9 ; jmp 0x41f8e9 loc_0041f752: cmp ebx, 0xfa0 jle short loc_0041f7ba ; jle 0x41f7ba cmp ebx, 0x1770 jge short loc_0041f7ba ; jge 0x41f7ba lea eax, [ebx - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] add eax, edx imul edx, dword [_current_player], 0x68 ; imul edx, dword [0x49910c], 0x68 test byte [edx + (_players+17)], 3 ; test byte [edx + 0x496b79], 3 je near loc_0041f8f4 ; je 0x41f8f4 cmp byte [eax + 0x18], 3 jne near loc_0041f8f4 ; jne 0x41f8f4 cmp byte [eax + 0x1a], 1 jne near loc_0041f8f4 ; jne 0x41f8f4 loc_0041f7a2: xor edx, edx mov dl, byte [eax + 0x19] mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edx, eax loc_0041f7af: je near loc_0041f8f4 ; je 0x41f8f4 jmp near loc_0041f8e9 ; jmp 0x41f8e9 loc_0041f7ba: test bh, 0x80 je near loc_0041f8f4 ; je 0x41f8f4 mov eax, ebx sar eax, 8 and eax, 0x3f je near loc_0041f8f4 ; je 0x41f8f4 lea edx, [eax - 1] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 3 xor ecx, ecx mov cx, word [edx + ref_00496d0a] ; mov cx, word [edx + 0x496d0a] mov eax, ecx shl eax, 2 add eax, ecx mov ecx, dword [ref_00498e80] ; mov ecx, dword [0x498e80] mov ax, word [ecx + eax*8 + 0x20] and eax, 0xffff mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] inc ecx lea ebp, [eax - 0x7d0] imul ebp, ebp, 0x34 cmp byte [edx + ref_00496d08], 0x10 ; cmp byte [edx + 0x496d08], 0x10 jne short loc_0041f884 ; jne 0x41f884 cmp eax, 0x7d0 jle short loc_0041f847 ; jle 0x41f847 cmp eax, 0xfa0 jge short loc_0041f847 ; jge 0x41f847 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add eax, ebp mov dh, byte [eax + 0x19] test dh, dh je near loc_0041f8f4 ; je 0x41f8f4 mov al, dh and eax, 0xff cmp eax, ecx jmp near loc_0041f7af ; jmp 0x41f7af loc_0041f847: cmp eax, 0xfa0 jle near loc_0041f8f4 ; jle 0x41f8f4 cmp eax, 0x1770 jge near loc_0041f8f4 ; jge 0x41f8f4 sub eax, 0xfa0 shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, eax mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] add eax, edx cmp byte [eax + 0x19], 0 je near loc_0041f8f4 ; je 0x41f8f4 jmp near loc_0041f7a2 ; jmp 0x41f7a2 loc_0041f884: cmp byte [edx + ref_00496d08], 0x11 ; cmp byte [edx + 0x496d08], 0x11 jne near loc_0041f8f4 ; jne 0x41f8f4 cmp eax, 0x7d0 jle short loc_0041f8b4 ; jle 0x41f8b4 cmp eax, 0xfa0 jge short loc_0041f8b4 ; jge 0x41f8b4 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add eax, ebp mov al, byte [eax + 0x19] and eax, 0xff cmp eax, ecx jne short loc_0041f8f4 ; jne 0x41f8f4 jmp short loc_0041f8e9 ; jmp 0x41f8e9 loc_0041f8b4: cmp eax, 0xfa0 jle short loc_0041f8f4 ; jle 0x41f8f4 cmp eax, 0x1770 jge short loc_0041f8f4 ; jge 0x41f8f4 sub eax, 0xfa0 shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, eax mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] add eax, edx xor edx, edx mov dl, byte [eax + 0x19] mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edx, eax jne short loc_0041f8f4 ; jne 0x41f8f4 loc_0041f8e9: mov dword [ref_0048be58], ebx ; mov dword [0x48be58], ebx mov esi, 1 loc_0041f8f4: inc edi jmp near loc_0041f6bf ; jmp 0x41f6bf loc_0041f8fa: mov eax, esi loc_0041f8fc: pop ebp pop edi pop esi pop ebx ret fcn_0041f901: push ebx push esi push edi push ebp sub esp, 0x14 xor edx, edx mov dword [esp + 0xc], edx mov dword [esp + 8], edx mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_0040d2d3 ; call 0x40d2d3 add esp, 4 mov ebp, eax push 0xffffffffffffffff call fcn_0040a45c ; call 0x40a45c add esp, 4 mov dword [ref_0048be60], eax ; mov dword [0x48be60], eax xor edi, edi mov ch, 1 loc_0041f936: cmp edi, dword [ref_0048be60] ; cmp edi, dword [0x48be60] jge short loc_0041f99a ; jge 0x41f99a mov ax, word [edi*2 + ref_0048b8c4] ; mov ax, word [edi*2 + 0x48b8c4] and eax, 0xffff mov dword [esp + 0x10], eax test byte [esp + 0x11], 0x80 je short loc_0041f997 ; je 0x41f997 test byte [esp + 0x10], 0xf je short loc_0041f997 ; je 0x41f997 xor ebx, ebx mov esi, 1 jmp short loc_0041f96e ; jmp 0x41f96e loc_0041f966: add esi, esi inc ebx cmp esi, 0x10 jge short loc_0041f997 ; jge 0x41f997 loc_0041f96e: test dword [esp + 0x10], esi je short loc_0041f966 ; je 0x41f966 cmp ebx, dword [_current_player] ; cmp ebx, dword [0x49910c] je short loc_0041f966 ; je 0x41f966 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_0041f966 ; je 0x41f966 mov byte [esp + ebx + 8], ch mov edx, esi or dh, 0x80 mov word [esp + ebx*2], dx jmp short loc_0041f966 ; jmp 0x41f966 loc_0041f997: inc edi jmp short loc_0041f936 ; jmp 0x41f936 loc_0041f99a: cmp ebp, 0xffffffff je near loc_0041fa24 ; je 0x41fa24 cmp byte [esp + ebp + 8], 0 je near loc_0041fa24 ; je 0x41fa24 xor edi, edi mov dword [esp + 0x10], edi xor esi, esi loc_0041f9b6: push ebp call fcn_00441262 ; call 0x441262 add esp, 4 cmp edi, eax jge short loc_0041fa06 ; jge 0x41fa06 mov eax, ebp shl eax, 2 add eax, ebp mov edx, eax shl eax, 2 sub eax, edx lea edx, [eax + edi] mov dl, byte [edx + ref_00499120] ; mov dl, byte [edx + 0x499120] and edx, 0xff mov eax, edx shl eax, 3 cmp byte [eax + (_card_table - 1)], 1 ; cmp byte [eax + 0x47fdf1], 1 jb short loc_0041fa03 ; jb 0x41fa03 mov al, byte [eax + (_card_table - 3)] ; mov al, byte [eax + 0x47fdef] and eax, 0xff cmp eax, esi jle short loc_0041fa03 ; jle 0x41fa03 mov dword [esp + 0x10], edx mov esi, eax loc_0041fa03: inc edi jmp short loc_0041f9b6 ; jmp 0x41f9b6 loc_0041fa06: mov edx, dword [esp + 0x10] test edx, edx je short loc_0041fa24 ; je 0x41fa24 xor eax, eax mov ax, word [esp + ebp*2] mov dword [ref_0048be58], eax ; mov dword [0x48be58], eax mov dword [ref_0048be5c], edx ; mov dword [0x48be5c], edx jmp near loc_0041fabb ; jmp 0x41fabb loc_0041fa24: mov ebx, dword [esp + 0xc] test ebx, ebx jne near loc_0041fac3 ; jne 0x41fac3 xor esi, esi mov dword [esp + 0x10], ebx mov ebp, 1 loc_0041fa3b: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge near loc_0041fab4 ; jge 0x41fab4 cmp byte [esp + ebx + 8], 0 je short loc_0041fab1 ; je 0x41fab1 xor edi, edi loc_0041fa50: push ebx call fcn_00441262 ; call 0x441262 add esp, 4 cmp edi, eax jge short loc_0041fab1 ; jge 0x41fab1 mov eax, ebx shl eax, 2 add eax, ebx mov edx, eax shl eax, 2 sub eax, edx lea edx, [eax + edi] mov dl, byte [edx + ref_00499120] ; mov dl, byte [edx + 0x499120] and edx, 0xff mov eax, edx shl eax, 3 cmp byte [eax + (_card_table - 1)], 2 ; cmp byte [eax + 0x47fdf1], 2 jne short loc_0041faae ; jne 0x41faae xor ecx, ecx mov cl, byte [eax + (_card_table - 3)] ; mov cl, byte [eax + 0x47fdef] cmp ecx, esi jle short loc_0041faae ; jle 0x41faae mov ax, word [esp + ebx*2] and eax, 0xffff mov dword [ref_0048be58], eax ; mov dword [0x48be58], eax mov dword [ref_0048be5c], edx ; mov dword [0x48be5c], edx mov dword [esp + 0x10], ebp mov esi, ecx loc_0041faae: inc edi jmp short loc_0041fa50 ; jmp 0x41fa50 loc_0041fab1: inc ebx jmp short loc_0041fa3b ; jmp 0x41fa3b loc_0041fab4: cmp dword [esp + 0x10], 0 je short loc_0041fac3 ; je 0x41fac3 loc_0041fabb: mov dword [esp + 0xc], 1 loc_0041fac3: mov eax, dword [esp + 0xc] jmp near loc_0041ed36 ; jmp 0x41ed36 fcn_0041facc: push ebx push esi push edi push ebp sub esp, 0x18 xor esi, esi imul ecx, dword [_current_player], 0x68 ; imul ecx, dword [0x49910c], 0x68 xor edx, edx mov dx, word [ecx + (_players+12)] ; mov dx, word [ecx + 0x496b74] mov eax, edx shl eax, 2 add eax, edx mov ebp, dword [ref_00498e80] ; mov ebp, dword [0x498e80] movzx ebp, word [ebp + eax*8 + 0x20] cmp byte [ecx + (_players+57)], 0 ; cmp byte [ecx + 0x496ba1], 0 jne near loc_0041fca6 ; jne 0x41fca6 cmp ebp, 0x7d0 jle near loc_0041fc1f ; jle 0x41fc1f cmp ebp, 0xfa0 jge near loc_0041fc1f ; jge 0x41fc1f lea eax, [ebp - 0x7d0] imul eax, eax, 0x34 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] lea edi, [edx + eax] xor ebx, ebx mov bx, word [edi + 0x1e] imul ebx, dword [ref_004990e8] ; imul ebx, dword [0x4990e8] xor eax, eax mov al, byte [edi + 0x19] mov dword [esp + 8], eax mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax mov dword [esp + 0xc], eax mov eax, dword [esp + 8] cmp eax, dword [esp + 0xc] jne near loc_0041fca6 ; jne 0x41fca6 cmp byte [edi + 0x18], 0 jne near loc_0041fca6 ; jne 0x41fca6 cmp byte [edi + 0x1a], 5 jae near loc_0041fca6 ; jae 0x41fca6 mov eax, dword [ecx + (_players+28)] ; mov eax, dword [ecx + 0x496b84] cmp ebx, eax jge near loc_0041fca6 ; jge 0x41fca6 add eax, dword [ecx + (_players+32)] ; add eax, dword [ecx + 0x496b88] cmp eax, 0x2710 jle near loc_0041fca6 ; jle 0x41fca6 cmp word [ecx + (_players+70)], 0 ; cmp word [ecx + 0x496bae], 0 jl near loc_0041fca6 ; jl 0x41fca6 mov dword [esp + 0x14], 1 lea ebx, [edx + 0x34] loc_0041fba8: mov eax, dword [esp + 0x14] cmp eax, dword [ref_00498e98] ; cmp eax, dword [0x498e98] jg short loc_0041fc0b ; jg 0x41fc0b lea eax, [ebp - 0x7d0] cmp eax, dword [esp + 0x14] je short loc_0041fc02 ; je 0x41fc02 lea eax, [ebx + 4] push eax lea eax, [edi + 4] push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne short loc_0041fc02 ; jne 0x41fc02 xor edx, edx mov dl, byte [ebx + 0x19] mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edx, eax jne short loc_0041fc02 ; jne 0x41fc02 loc_0041fbe3: mov cl, byte [_current_player] ; mov cl, byte [0x49910c] mov eax, 1 shl eax, cl or ah, 0x80 mov dword [ref_0048be58], eax ; mov dword [0x48be58], eax loc_0041fbf8: mov esi, 1 jmp near loc_0041fe44 ; jmp 0x41fe44 loc_0041fc02: inc dword [esp + 0x14] add ebx, 0x34 jmp short loc_0041fba8 ; jmp 0x41fba8 loc_0041fc0b: test esi, esi jne near loc_0041fca6 ; jne 0x41fca6 cmp byte [edi + 0x1a], 2 jb near loc_0041fca6 ; jb 0x41fca6 jmp short loc_0041fbf8 ; jmp 0x41fbf8 loc_0041fc1f: cmp ebp, 0xfa0 jle near loc_0041fca6 ; jle 0x41fca6 cmp ebp, 0x1770 jge near loc_0041fca6 ; jge 0x41fca6 lea eax, [ebp - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, eax mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] add eax, edx xor ebx, ebx mov bx, word [eax + 0x24] imul ebx, dword [ref_004990e8] ; imul ebx, dword [0x4990e8] xor ecx, ecx mov cl, byte [eax + 0x19] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] inc edx cmp ecx, edx jne short loc_0041fca6 ; jne 0x41fca6 imul edx, dword [_current_player], 0x68 ; imul edx, dword [0x49910c], 0x68 mov ebp, dword [edx + (_players+28)] ; mov ebp, dword [edx + 0x496b84] cmp ebx, ebp jge short loc_0041fca6 ; jge 0x41fca6 cmp ebp, 0x2710 jle short loc_0041fca6 ; jle 0x41fca6 mov bl, byte [eax + 0x18] test bl, bl je short loc_0041fca6 ; je 0x41fca6 cmp bl, 3 je short loc_0041fca6 ; je 0x41fca6 cmp byte [eax + 0x1a], 5 jae short loc_0041fca6 ; jae 0x41fca6 cmp word [edx + (_players+70)], 0 ; cmp word [edx + 0x496bae], 0 jge near loc_0041fbe3 ; jge 0x41fbe3 loc_0041fca6: test esi, esi jne near loc_0041fe44 ; jne 0x41fe44 push 8 push esi lea eax, [esp + 8] push eax call memset ; call 0x456f60 add esp, 0xc push 0xffffffffffffffff call fcn_0040a45c ; call 0x40a45c add esp, 4 mov dword [ref_0048be60], eax ; mov dword [0x48be60], eax mov dword [esp + 0x10], esi mov edi, dword [_current_player] ; mov edi, dword [0x49910c] loc_0041fcd7: mov eax, dword [esp + 0x10] cmp eax, dword [ref_0048be60] ; cmp eax, dword [0x48be60] jge near loc_0041fd57 ; jge 0x41fd57 mov ax, word [eax*2 + ref_0048b8c4] ; mov ax, word [eax*2 + 0x48b8c4] and eax, 0xffff mov dword [esp + 0x14], eax test byte [esp + 0x15], 0x80 je short loc_0041fd51 ; je 0x41fd51 test byte [esp + 0x14], 0xf je short loc_0041fd51 ; je 0x41fd51 xor ecx, ecx mov edx, 1 jmp short loc_0041fd17 ; jmp 0x41fd17 loc_0041fd0f: add edx, edx inc ecx cmp edx, 0x10 jge short loc_0041fd51 ; jge 0x41fd51 loc_0041fd17: test dword [esp + 0x14], edx je short loc_0041fd0f ; je 0x41fd0f cmp ecx, edi je short loc_0041fd0f ; je 0x41fd0f imul eax, ecx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_0041fd0f ; je 0x41fd0f xor ebx, ebx mov bx, word [eax + (_players+12)] ; mov bx, word [eax + 0x496b74] mov eax, ebx shl eax, 2 add ebx, eax shl ebx, 3 mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] add eax, ebx mov ax, word [eax + 0x20] mov word [esp + ecx*2], ax jmp short loc_0041fd0f ; jmp 0x41fd0f loc_0041fd51: inc dword [esp + 0x10] jmp short loc_0041fcd7 ; jmp 0x41fcd7 loc_0041fd57: xor ebx, ebx mov dword [esp + 0x10], ebx mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] mov edi, dword [_nplayers] ; mov edi, dword [0x499114] loc_0041fd69: mov eax, dword [esp + 0x10] cmp eax, edi jge near loc_0041fe44 ; jge 0x41fe44 test esi, esi jne near loc_0041fe44 ; jne 0x41fe44 cmp eax, ebp je near loc_0041fe3b ; je 0x41fe3b imul eax, eax, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je near loc_0041fe3b ; je 0x41fe3b mov ecx, dword [esp + 0x10] add ecx, ecx mov dx, word [esp + ecx] cmp dx, 0xfa0 jbe short loc_0041fde5 ; jbe 0x41fde5 cmp dx, 0x1770 jae short loc_0041fde5 ; jae 0x41fde5 xor edx, edx mov dx, word [esp + ecx] lea eax, [edx - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] add eax, edx xor ecx, ecx mov cl, byte [eax + 0x19] lea edx, [ebp + 1] cmp ecx, edx jne short loc_0041fe3b ; jne 0x41fe3b cmp byte [eax + 0x18], 0 je short loc_0041fe3b ; je 0x41fe3b cmp byte [eax + 0x1a], 2 jb short loc_0041fe3b ; jb 0x41fe3b jmp short loc_0041fe23 ; jmp 0x41fe23 loc_0041fde5: mov eax, dword [esp + 0x10] add eax, eax mov cx, word [esp + eax] cmp cx, 0x1770 jbe short loc_0041fe3b ; jbe 0x41fe3b cmp cx, 0x1f40 jae short loc_0041fe3b ; jae 0x41fe3b mov eax, ecx and eax, 0xffff sub eax, 0x1770 imul eax, eax, 0x34 mov edx, dword [ref_00498e7c] ; mov edx, dword [0x498e7c] add eax, edx xor edx, edx mov dl, byte [eax + 0x18] mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edx, eax jne short loc_0041fe3b ; jne 0x41fe3b loc_0041fe23: mov cl, byte [esp + 0x10] mov eax, 1 shl eax, cl or ah, 0x80 mov dword [ref_0048be58], eax ; mov dword [0x48be58], eax mov esi, 1 loc_0041fe3b: inc dword [esp + 0x10] jmp near loc_0041fd69 ; jmp 0x41fd69 loc_0041fe44: mov eax, esi loc_0041fe46: add esp, 0x18 pop ebp pop edi pop esi pop ebx ret fcn_0041fe4e: push ebx xor ebx, ebx call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 4 sar edx, 0x1f idiv ecx test edx, edx jne short loc_0041fe6b ; jne 0x41fe6b mov ebx, 1 loc_0041fe6b: mov eax, ebx pop ebx ret fcn_0041fe6f: push ebx push esi push edi push ebp sub esp, 0x14 xor edx, edx mov dword [esp + 4], edx mov ebp, 0xffffffff push ebp call fcn_0040a45c ; call 0x40a45c add esp, 4 mov dword [ref_0048be60], eax ; mov dword [0x48be60], eax xor ecx, ecx mov dword [esp], ecx mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_0040d2d3 ; call 0x40d2d3 add esp, 4 mov dword [esp + 0xc], eax xor esi, esi mov dword [esp + 8], esi loc_0041fead: mov eax, dword [esp + 8] cmp eax, dword [ref_0048be60] ; cmp eax, dword [0x48be60] jge near loc_0041ff3a ; jge 0x41ff3a mov ax, word [eax*2 + ref_0048b8c4] ; mov ax, word [eax*2 + 0x48b8c4] and eax, 0xffff mov dword [esp + 0x10], eax test byte [esp + 0x11], 0x80 je near loc_0041ff31 ; je 0x41ff31 test byte [esp + 0x10], 0xf je short loc_0041ff31 ; je 0x41ff31 xor ebx, ebx mov edi, 1 jmp short loc_0041fef1 ; jmp 0x41fef1 loc_0041fee9: add edi, edi inc ebx cmp edi, 0x10 jge short loc_0041ff31 ; jge 0x41ff31 loc_0041fef1: test dword [esp + 0x10], edi je short loc_0041fee9 ; je 0x41fee9 cmp ebx, dword [_current_player] ; cmp ebx, dword [0x49910c] je short loc_0041fee9 ; je 0x41fee9 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_0041fee9 ; je 0x41fee9 cmp byte [eax + (_players+54)], 0 ; cmp byte [eax + 0x496b9e], 0 jne short loc_0041fee9 ; jne 0x41fee9 push 0x12 push ebx call fcn_004413ad ; call 0x4413ad add esp, 8 test eax, eax jne short loc_0041fee9 ; jne 0x41fee9 cmp ebx, dword [esp + 0xc] jne short loc_0041ff2b ; jne 0x41ff2b mov ebp, esi loc_0041ff2b: mov byte [esp + esi], bl inc esi jmp short loc_0041fee9 ; jmp 0x41fee9 loc_0041ff31: inc dword [esp + 8] jmp near loc_0041fead ; jmp 0x41fead loc_0041ff3a: test esi, esi je short loc_0041ff6e ; je 0x41ff6e cmp ebp, 0xffffffff je short loc_0041ff48 ; je 0x41ff48 mov cl, byte [esp + ebp] jmp short loc_0041ff57 ; jmp 0x41ff57 loc_0041ff48: call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv esi mov cl, byte [esp + edx] loc_0041ff57: mov eax, 1 shl eax, cl or ah, 0x80 mov dword [ref_0048be58], eax ; mov dword [0x48be58], eax mov dword [esp + 4], 1 loc_0041ff6e: mov eax, dword [esp + 4] jmp near loc_0041ed36 ; jmp 0x41ed36 fcn_0041ff77: push ebx xor edx, edx imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov bl, byte [eax + (_players+63)] ; mov bl, byte [eax + 0x496ba7] test bl, bl je short loc_0041ffc3 ; je 0x41ffc3 xor ecx, ecx mov cl, bl dec ecx mov eax, ecx shl eax, 2 sub eax, ecx mov al, byte [eax*8 + ref_00496d08] ; mov al, byte [eax*8 + 0x496d08] and eax, 0xff cmp eax, 5 je short loc_0041ffef ; je 0x41ffef cmp eax, 6 je short loc_0041ffef ; je 0x41ffef cmp eax, 7 je short loc_0041ffef ; je 0x41ffef cmp eax, 8 je short loc_0041ffef ; je 0x41ffef cmp eax, 0xa je short loc_0041ffef ; je 0x41ffef cmp eax, 0xf jne short loc_0041fff4 ; jne 0x41fff4 jmp short loc_0041ffef ; jmp 0x41ffef loc_0041ffc3: mov bh, byte [eax + (_players+64)] ; mov bh, byte [eax + 0x496ba8] test bh, bh je short loc_0041fff4 ; je 0x41fff4 mov al, bh and eax, 0xff lea ecx, [eax - 1] mov eax, ecx shl eax, 2 sub eax, ecx mov al, byte [eax*8 + ref_00496d0c] ; mov al, byte [eax*8 + 0x496d0c] and eax, 0xff cmp eax, 0xd jge short loc_0041fff4 ; jge 0x41fff4 loc_0041ffef: mov edx, 1 loc_0041fff4: mov eax, edx pop ebx ret fcn_0041fff8: push ebx xor eax, eax xor ebx, ebx imul edx, dword [_current_player], 0x68 ; imul edx, dword [0x49910c], 0x68 mov dl, byte [edx + (_players+63)] ; mov dl, byte [edx + 0x496ba7] and edx, 0xff cmp edx, 1 je short loc_0042002e ; je 0x42002e cmp edx, 2 je short loc_0042002e ; je 0x42002e cmp edx, 3 je short loc_0042002e ; je 0x42002e cmp edx, 4 je short loc_0042002e ; je 0x42002e cmp edx, 0xc je short loc_0042002e ; je 0x42002e call fcn_00444d1a ; call 0x444d1a loc_0042002e: cmp eax, 1 je short loc_00420047 ; je 0x420047 cmp eax, 2 je short loc_00420047 ; je 0x420047 cmp eax, 3 je short loc_00420047 ; je 0x420047 cmp eax, 4 je short loc_00420047 ; je 0x420047 cmp eax, 0xc jne short loc_00420051 ; jne 0x420051 loc_00420047: mov dword [ref_0048be58], eax ; mov dword [0x48be58], eax mov ebx, 1 loc_00420051: mov eax, ebx pop ebx ret fcn_00420055: push ebx push esi push edi push ebp sub esp, 4 mov edi, 0xffffffff xor ebp, ebp call fcn_00428d01 ; call 0x428d01 cmp eax, 1 jne short loc_00420074 ; jne 0x420074 xor eax, eax jmp near loc_0041ef1e ; jmp 0x41ef1e loc_00420074: xor ebx, ebx xor esi, esi jmp short loc_00420080 ; jmp 0x420080 loc_0042007a: inc ebx cmp ebx, 0xc jge short loc_004200d3 ; jge 0x4200d3 loc_00420080: mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 sub eax, edx shl eax, 5 mov edx, ebx fild dword [eax + edx*8 + _player_stocks] ; fild dword [eax + edx*8 + 0x4971a0] fmul dword [eax + edx*8 + (_player_stocks + 4)] ; fmul dword [eax + edx*8 + 0x4971a4] call fcn_00457dbc ; call 0x457dbc fistp dword [esp] cmp esi, dword [esp] jge short loc_0042007a ; jge 0x42007a mov eax, ebx shl eax, 3 add eax, ebx cmp byte [eax*4 + (_stocks_on_map+6)], 0 ; cmp byte [eax*4 + 0x496986], 0 jne short loc_0042007a ; jne 0x42007a push ebx call fcn_004295ea ; call 0x4295ea add esp, 4 cmp eax, 1 je short loc_0042007a ; je 0x42007a mov esi, dword [esp] mov edi, ebx jmp short loc_0042007a ; jmp 0x42007a loc_004200d3: cmp edi, 0xffffffff je short loc_004200e3 ; je 0x4200e3 mov dword [ref_0048be58], edi ; mov dword [0x48be58], edi mov ebp, 1 loc_004200e3: mov eax, ebp jmp near loc_0041ef1e ; jmp 0x41ef1e fcn_004200ea: push ebx push esi push edi push ebp sub esp, 0x10 mov edx, 0xffffffff mov dword [esp + 8], edx mov ebp, edx xor ecx, ecx mov dword [esp + 4], ecx call fcn_00428d01 ; call 0x428d01 cmp eax, 1 jne short loc_00420113 ; jne 0x420113 xor eax, eax jmp near loc_004202ca ; jmp 0x4202ca loc_00420113: xor ebx, ebx mov dword [esp], ebx mov ebx, 1 mov esi, dword [ref_00498e7c] ; mov esi, dword [0x498e7c] add esi, 0x34 mov edi, dword [ref_00498e90] ; mov edi, dword [0x498e90] loc_0042012c: cmp ebx, edi jg short loc_00420145 ; jg 0x420145 cmp byte [esi + 0x18], 0 je short loc_0042013f ; je 0x42013f xor eax, eax mov al, byte [esi + 0x18] inc byte [esp + eax - 1] loc_0042013f: inc ebx add esi, 0x34 jmp short loc_0042012c ; jmp 0x42012c loc_00420145: xor ebx, ebx xor esi, esi mov edi, 0xffffffff jmp short loc_00420156 ; jmp 0x420156 loc_00420150: inc ebx cmp ebx, 4 jge short loc_0042016d ; jge 0x42016d loc_00420156: cmp ebx, dword [_current_player] ; cmp ebx, dword [0x49910c] je short loc_00420150 ; je 0x420150 xor eax, eax mov al, byte [esp + ebx] cmp esi, eax jge short loc_00420150 ; jge 0x420150 mov esi, eax mov edi, ebx jmp short loc_00420150 ; jmp 0x420150 loc_0042016d: cmp edi, 0xffffffff je near loc_00420204 ; je 0x420204 xor ebx, ebx xor esi, esi jmp short loc_00420186 ; jmp 0x420186 loc_0042017c: inc ebx cmp ebx, 0xc jge near loc_00420204 ; jge 0x420204 loc_00420186: mov eax, edi shl eax, 2 sub eax, edi shl eax, 5 mov ecx, ebx shl ecx, 3 fild dword [ecx + eax + _player_stocks] ; fild dword [ecx + eax + 0x4971a0] fmul dword [ecx + eax + (_player_stocks + 4)] ; fmul dword [ecx + eax + 0x4971a4] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0xc] cmp esi, dword [esp + 0xc] jge short loc_0042017c ; jge 0x42017c mov eax, ebx shl eax, 3 add eax, ebx shl eax, 2 cmp word [eax + (_stocks_on_map+4)], 0 ; cmp word [eax + 0x496984], 0 je short loc_0042017c ; je 0x42017c cmp byte [eax + (_stocks_on_map+6)], 0 ; cmp byte [eax + 0x496986], 0 jne short loc_0042017c ; jne 0x42017c mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 sub eax, edx shl eax, 5 cmp dword [ecx + eax + _player_stocks], 0 ; cmp dword [ecx + eax + 0x4971a0], 0 jne short loc_0042017c ; jne 0x42017c push ebx call fcn_004295ea ; call 0x4295ea add esp, 4 cmp eax, 3 je short loc_0042017c ; je 0x42017c mov esi, dword [esp + 0xc] mov dword [esp + 8], ebx jmp near loc_0042017c ; jmp 0x42017c loc_00420204: mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_0040d2d3 ; call 0x40d2d3 add esp, 4 mov edi, eax cmp eax, 0xffffffff je near loc_0042029b ; je 0x42029b xor ebx, ebx xor esi, esi jmp short loc_0042022e ; jmp 0x42022e loc_00420224: inc ebx cmp ebx, 0xc jge near loc_0042029b ; jge 0x42029b loc_0042022e: mov eax, edi shl eax, 2 sub eax, edi shl eax, 5 mov ecx, ebx shl ecx, 3 fild dword [ecx + eax + _player_stocks] ; fild dword [ecx + eax + 0x4971a0] fmul dword [ecx + eax + (_player_stocks + 4)] ; fmul dword [ecx + eax + 0x4971a4] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0xc] cmp esi, dword [esp + 0xc] jge short loc_00420224 ; jge 0x420224 mov eax, ebx shl eax, 3 add eax, ebx cmp byte [eax*4 + (_stocks_on_map+6)], 0 ; cmp byte [eax*4 + 0x496986], 0 jne short loc_00420224 ; jne 0x420224 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 sub eax, edx shl eax, 5 cmp dword [ecx + eax + _player_stocks], 0 ; cmp dword [ecx + eax + 0x4971a0], 0 jne short loc_00420224 ; jne 0x420224 push ebx call fcn_004295ea ; call 0x4295ea add esp, 4 cmp eax, 3 je short loc_00420224 ; je 0x420224 mov esi, dword [esp + 0xc] mov ebp, ebx jmp short loc_00420224 ; jmp 0x420224 loc_0042029b: mov ecx, dword [esp + 8] cmp ecx, 0xffffffff jne short loc_004202a8 ; jne 0x4202a8 cmp ebp, ecx je short loc_004202c6 ; je 0x4202c6 loc_004202a8: cmp ebp, 0xffffffff je short loc_004202b5 ; je 0x4202b5 mov dword [ref_0048be58], ebp ; mov dword [0x48be58], ebp jmp short loc_004202be ; jmp 0x4202be loc_004202b5: mov eax, dword [esp + 8] mov dword [ref_0048be58], eax ; mov dword [0x48be58], eax loc_004202be: mov dword [esp + 4], 1 loc_004202c6: mov eax, dword [esp + 4] loc_004202ca: add esp, 0x10 pop ebp pop edi pop esi pop ebx ret fcn_004202d2: push ebx push esi push edi push ebp sub esp, 0xc xor esi, esi mov dword [esp], esi mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_0040d2d3 ; call 0x40d2d3 add esp, 4 mov dword [esp + 4], eax push 0xffffffffffffffff call fcn_0040a45c ; call 0x40a45c add esp, 4 mov dword [ref_0048be60], eax ; mov dword [0x48be60], eax mov dword [esp + 8], esi loc_00420304: mov eax, dword [esp + 8] cmp eax, dword [ref_0048be60] ; cmp eax, dword [0x48be60] jge short loc_0042035f ; jge 0x42035f mov bx, word [eax*2 + ref_0048b8c4] ; mov bx, word [eax*2 + 0x48b8c4] and ebx, 0xffff test bh, 0x80 je short loc_00420359 ; je 0x420359 test bl, 0xf je short loc_00420359 ; je 0x420359 xor ecx, ecx mov eax, 1 mov edi, dword [_current_player] ; mov edi, dword [0x49910c] jmp short loc_0042033f ; jmp 0x42033f loc_00420337: add eax, eax inc ecx cmp eax, 0x10 jge short loc_00420359 ; jge 0x420359 loc_0042033f: test ebx, eax je short loc_00420337 ; je 0x420337 cmp ecx, edi je short loc_00420337 ; je 0x420337 imul edx, ecx, 0x68 cmp byte [edx + (_players+21)], 0 ; cmp byte [edx + 0x496b7d], 0 je short loc_00420337 ; je 0x420337 mov byte [esp + ecx], 1 jmp short loc_00420337 ; jmp 0x420337 loc_00420359: inc dword [esp + 8] jmp short loc_00420304 ; jmp 0x420304 loc_0042035f: mov ebp, dword [esp + 4] cmp ebp, 0xffffffff je short loc_004203b7 ; je 0x4203b7 cmp byte [esp + ebp], 0 je short loc_004203b7 ; je 0x4203b7 imul ecx, ebp, 0x68 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 sub eax, edx shl eax, 4 add eax, edx shl eax, 4 mov edx, eax shl eax, 2 sub eax, edx cmp eax, dword [ecx + (_players+28)] ; cmp eax, dword [ecx + 0x496b84] jge short loc_004203b7 ; jge 0x4203b7 mov cl, byte [esp + 4] mov eax, 1 shl eax, cl or ah, 0x80 mov dword [ref_0048be58], eax ; mov dword [0x48be58], eax mov esi, 1 jmp near loc_0041e8dc ; jmp 0x41e8dc loc_004203b7: test esi, esi jne near loc_0041e8dc ; jne 0x41e8dc mov dword [esp + 8], esi mov ebp, dword [ref_004990e8] ; mov ebp, dword [0x4990e8] loc_004203c9: mov eax, dword [esp + 8] cmp eax, dword [_nplayers] ; cmp eax, dword [0x499114] jge near loc_0041e8dc ; jge 0x41e8dc cmp byte [esp + eax], 0 je short loc_00420408 ; je 0x420408 imul eax, eax, 0x68 imul edx, ebp, 0xc350 cmp edx, dword [eax + (_players+28)] ; cmp edx, dword [eax + 0x496b84] jge short loc_00420408 ; jge 0x420408 mov cl, byte [esp + 8] mov eax, 1 shl eax, cl or ah, 0x80 mov dword [ref_0048be58], eax ; mov dword [0x48be58], eax mov esi, 1 loc_00420408: inc dword [esp + 8] jmp short loc_004203c9 ; jmp 0x4203c9 fcn_0042040e: push ebx push esi push edi push ebp sub esp, 0x2c xor edx, edx mov dword [esp + 8], edx xor ebp, ebp mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_0040d2d3 ; call 0x40d2d3 add esp, 4 mov dword [esp + 0x1c], eax push 0xffffffffffffffff call fcn_0040a45c ; call 0x40a45c add esp, 4 mov dword [ref_0048be60], eax ; mov dword [0x48be60], eax xor ebx, ebx mov dword [esp + 0x10], ebx mov dword [esp + 4], ebp loc_00420449: mov eax, dword [esp + 0x10] cmp eax, dword [ref_0048be60] ; cmp eax, dword [0x48be60] jge near loc_00420609 ; jge 0x420609 cmp dword [esp + 8], 0 jne near loc_00420609 ; jne 0x420609 mov ax, word [eax*2 + ref_0048b8c4] ; mov ax, word [eax*2 + 0x48b8c4] and eax, 0xffff mov dword [esp + 0x14], eax cmp eax, 0x7d0 jle near loc_00420599 ; jle 0x420599 cmp eax, 0xfa0 jge near loc_00420599 ; jge 0x420599 sub eax, 0x7d0 imul edx, eax, 0x34 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add eax, edx mov dword [esp + 0x18], eax test ebp, ebp je short loc_004204b7 ; je 0x4204b7 push ebp add eax, 4 push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax je near loc_00420600 ; je 0x420600 loc_004204b7: mov esi, 1 xor ebp, ebp mov dword [esp + 0x24], ebp mov dword [esp + 0x20], ebp xor edi, edi mov dword [esp + 0xc], ebp mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] loc_004204d2: add ebx, 0x34 cmp esi, dword [ref_00498e98] ; cmp esi, dword [0x498e98] jg near loc_00420542 ; jg 0x420542 lea eax, [ebx + 4] push eax mov eax, dword [esp + 0x1c] add eax, 4 push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne short loc_0042053f ; jne 0x42053f mov al, byte [ebx + 0x19] inc edi mov edx, dword [_current_player] ; mov edx, dword [0x49910c] inc edx cmp eax, edx jne short loc_00420517 ; jne 0x420517 xor eax, edx mov al, byte [ebx + 0x1a] add dword [esp + 0x24], eax inc dword [esp + 0x20] jmp short loc_00420522 ; jmp 0x420522 loc_00420517: test al, al je short loc_00420522 ; je 0x420522 xor eax, eax mov al, byte [ebx + 0x1a] add ebp, eax loc_00420522: mov eax, dword [esp + 0x1c] cmp eax, 0xffffffff je short loc_0042053f ; je 0x42053f xor edx, edx mov dl, byte [ebx + 0x19] inc eax cmp edx, eax jne short loc_0042053f ; jne 0x42053f mov dword [esp + 0xc], 1 jmp short loc_00420542 ; jmp 0x420542 loc_0042053f: inc esi jmp short loc_004204d2 ; jmp 0x4204d2 loc_00420542: mov eax, dword [esp + 0x20] mov dword [esp + 0x28], eax fild dword [esp + 0x28] mov dword [esp + 0x28], edi fild dword [esp + 0x28] fdivp st1 ; fdivp st(1) fstp dword [esp] cmp dword [esp + 0xc], 0 jne short loc_0042058d ; jne 0x42058d cmp dword [esp + 0x24], 7 jl short loc_0042058d ; jl 0x42058d cmp ebp, 3 jg short loc_0042058d ; jg 0x42058d fld dword [esp] fcomp qword [ref_00463d38] ; fcomp qword [0x463d38] fnstsw ax sahf jb short loc_0042058d ; jb 0x42058d mov eax, dword [esp + 0x14] mov dword [ref_0048be58], eax ; mov dword [0x48be58], eax mov dword [esp + 8], 1 loc_0042058d: mov ebp, dword [esp + 0x18] add ebp, 4 jmp near loc_00420600 ; jmp 0x420600 loc_00420599: mov ecx, dword [esp + 0x14] cmp ecx, 0xfa0 jle short loc_00420600 ; jle 0x420600 cmp ecx, 0x1770 jge short loc_00420600 ; jge 0x420600 lea eax, [ecx - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] add eax, edx xor edx, edx mov dl, byte [eax + 0x19] mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] inc ebx cmp edx, ebx jne short loc_00420600 ; jne 0x420600 mov dl, byte [eax + 0x18] test dl, dl je short loc_00420600 ; je 0x420600 cmp dl, 4 je short loc_00420600 ; je 0x420600 mov bl, byte [eax + 0x1a] cmp bl, 3 jb short loc_00420600 ; jb 0x420600 mov al, bl and eax, 0xff cmp eax, dword [esp + 4] jle short loc_00420600 ; jle 0x420600 mov dword [esp + 4], esi mov dword [ref_0048be58], ecx ; mov dword [0x48be58], ecx loc_00420600: inc dword [esp + 0x10] jmp near loc_00420449 ; jmp 0x420449 loc_00420609: cmp dword [esp + 8], 0 jne short loc_0042061f ; jne 0x42061f cmp dword [esp + 4], 0 je short loc_0042061f ; je 0x42061f mov dword [esp + 8], 1 loc_0042061f: mov eax, dword [esp + 8] add esp, 0x2c pop ebp pop edi pop esi pop ebx ret fcn_0042062b: push ebx push esi push edi push ebp sub esp, 0x14 xor edx, edx mov dword [esp + 8], edx xor esi, esi push 6 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_0040b221 ; call 0x40b221 add esp, 8 mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_0040d2d3 ; call 0x40d2d3 add esp, 4 mov dword [esp + 4], eax xor edi, edi mov dword [esp + 0xc], edi jmp near loc_00420705 ; jmp 0x420705 loc_00420669: cmp dword [esp], 0 jne short loc_00420685 ; jne 0x420685 cmp edi, 7 jl short loc_00420685 ; jl 0x420685 mov eax, dword [esp + 0x10] mov dword [ref_0048be58], eax ; mov dword [0x48be58], eax mov dword [esp + 8], 1 loc_00420685: lea esi, [ebp + 4] jmp short loc_004206e8 ; jmp 0x4206e8 loc_0042068a: mov edx, dword [esp + 0x10] cmp edx, 0xfa0 jle short loc_004206e8 ; jle 0x4206e8 cmp edx, 0x1770 jge short loc_004206e8 ; jge 0x4206e8 cmp dword [esp + 4], 0xffffffff je short loc_004206e8 ; je 0x4206e8 lea eax, [edx - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] add eax, edx xor ebx, ebx mov bl, byte [eax + 0x19] mov edx, dword [esp + 4] inc edx cmp ebx, edx jne short loc_004206e8 ; jne 0x4206e8 cmp byte [eax + 0x18], 0 je short loc_004206e8 ; je 0x4206e8 cmp byte [eax + 0x1a], 3 jb short loc_004206e8 ; jb 0x4206e8 mov eax, dword [esp + 0x10] mov dword [ref_0048be58], eax ; mov dword [0x48be58], eax mov dword [esp + 8], 1 loc_004206e8: mov edi, dword [esp + 0xc] inc edi mov dword [esp + 0xc], edi cmp edi, 6 jge near loc_004207c3 ; jge 0x4207c3 cmp dword [esp + 8], 0 jne near loc_004207c3 ; jne 0x4207c3 loc_00420705: mov eax, dword [esp + 0xc] xor edx, edx mov dx, word [eax*2 + ref_0048b8b4] ; mov dx, word [eax*2 + 0x48b8b4] mov eax, edx shl eax, 2 add edx, eax shl edx, 3 mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] mov ax, word [edx + eax + 0x20] and eax, 0xffff mov dword [esp + 0x10], eax cmp eax, 0x7d0 jle near loc_0042068a ; jle 0x42068a cmp eax, 0xfa0 jge near loc_0042068a ; jge 0x42068a sub eax, 0x7d0 imul eax, eax, 0x34 mov ebp, dword [ref_00498e84] ; mov ebp, dword [0x498e84] add ebp, eax test esi, esi je short loc_0042076f ; je 0x42076f push esi lea eax, [ebp + 4] push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax je near loc_004206e8 ; je 0x4206e8 loc_0042076f: mov esi, 1 xor edi, edi mov dword [esp], edi mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] loc_0042077f: add ebx, 0x34 cmp esi, dword [ref_00498e98] ; cmp esi, dword [0x498e98] jg near loc_00420669 ; jg 0x420669 lea eax, [ebx + 4] push eax lea eax, [ebp + 4] push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne short loc_004207c0 ; jne 0x4207c0 xor edx, edx mov dl, byte [ebx + 0x19] mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edx, eax je near loc_00420685 ; je 0x420685 test dl, dl je short loc_004207c0 ; je 0x4207c0 xor eax, eax mov al, byte [ebx + 0x1a] add edi, eax loc_004207c0: inc esi jmp short loc_0042077f ; jmp 0x42077f loc_004207c3: mov eax, dword [esp + 8] jmp near loc_0041ed36 ; jmp 0x41ed36 fcn_004207cc: push ebx push esi push edi push ebp sub esp, 0x1c xor edx, edx mov dword [esp + 0xc], edx push 0xffffffffffffffff call fcn_0040a45c ; call 0x40a45c add esp, 4 mov dword [ref_0048be60], eax ; mov dword [0x48be60], eax xor ecx, ecx mov dword [esp], ecx mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_0040d2d3 ; call 0x40d2d3 add esp, 4 mov dword [esp + 0x14], eax xor eax, eax xor edi, edi loc_00420804: cmp eax, dword [ref_0048be60] ; cmp eax, dword [0x48be60] jge near loc_00420877 ; jge 0x420877 mov dx, word [eax*2 + ref_0048b8c4] ; mov dx, word [eax*2 + 0x48b8c4] and edx, 0xffff test dh, 0x80 je short loc_00420874 ; je 0x420874 test dl, 0xf je short loc_00420874 ; je 0x420874 xor ecx, ecx mov esi, 1 jmp short loc_00420839 ; jmp 0x420839 loc_00420831: add esi, esi inc ecx cmp esi, 0x10 jge short loc_00420874 ; jge 0x420874 loc_00420839: test edx, esi je short loc_00420831 ; je 0x420831 cmp ecx, dword [_current_player] ; cmp ecx, dword [0x49910c] je short loc_00420831 ; je 0x420831 cmp ecx, dword [esp + 0x14] je short loc_00420831 ; je 0x420831 imul ebx, ecx, 0x68 cmp byte [ebx + (_players+21)], 0 ; cmp byte [ebx + 0x496b7d], 0 je short loc_00420831 ; je 0x420831 mov bl, byte [ebx + (_players+65)] ; mov bl, byte [ebx + 0x496ba9] and ebx, 0xff mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] inc ebp cmp ebx, ebp je short loc_00420831 ; je 0x420831 mov byte [esp + edi], cl inc edi jmp short loc_00420831 ; jmp 0x420831 loc_00420874: inc eax jmp short loc_00420804 ; jmp 0x420804 loc_00420877: test edi, edi je near loc_00420964 ; je 0x420964 xor ecx, ecx xor esi, esi mov dword [esp + 0x10], 0xffffffff loc_0042088b: cmp ecx, dword [_nplayers] ; cmp ecx, dword [0x499114] jge near loc_00420931 ; jge 0x420931 cmp ecx, dword [_current_player] ; cmp ecx, dword [0x49910c] je near loc_0042092b ; je 0x42092b imul eax, ecx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je near loc_0042092b ; je 0x42092b xor edx, edx mov eax, 1 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] loc_004208c0: add ebx, 0x34 cmp eax, dword [ref_00498e98] ; cmp eax, dword [0x498e98] jg short loc_004208e8 ; jg 0x4208e8 movzx ebp, byte [ebx + 0x19] mov dword [esp + 4], ebp lea ebp, [ecx + 1] mov dword [esp + 8], ebp mov ebp, dword [esp + 4] cmp ebp, dword [esp + 8] jne short loc_004208e5 ; jne 0x4208e5 inc edx loc_004208e5: inc eax jmp short loc_004208c0 ; jmp 0x4208c0 loc_004208e8: mov eax, 1 mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] add ebx, 0x38 mov dword [esp + 0x18], ebx loc_004208fa: cmp eax, dword [ref_00498e8c] ; cmp eax, dword [0x498e8c] jg short loc_00420921 ; jg 0x420921 xor ebx, ebx mov ebp, dword [esp + 0x18] mov bl, byte [ebp + 0x19] mov dword [esp + 8], ebx lea ebx, [ecx + 1] cmp ebx, dword [esp + 8] jne short loc_00420919 ; jne 0x420919 inc edx loc_00420919: inc eax add dword [esp + 0x18], 0x38 jmp short loc_004208fa ; jmp 0x4208fa loc_00420921: cmp esi, edx jge short loc_0042092b ; jge 0x42092b mov esi, edx mov dword [esp + 0x10], ecx loc_0042092b: inc ecx jmp near loc_0042088b ; jmp 0x42088b loc_00420931: xor ecx, ecx mov ebx, dword [esp + 0x10] loc_00420937: cmp ecx, edi jge short loc_00420964 ; jge 0x420964 xor eax, eax mov al, byte [esp + ecx] cmp eax, ebx jne short loc_00420961 ; jne 0x420961 mov cl, byte [esp + 0x10] mov eax, 1 shl eax, cl or ah, 0x80 mov dword [ref_0048be58], eax ; mov dword [0x48be58], eax mov dword [esp + 0xc], 1 jmp short loc_00420964 ; jmp 0x420964 loc_00420961: inc ecx jmp short loc_00420937 ; jmp 0x420937 loc_00420964: mov eax, dword [esp + 0xc] add esp, 0x1c pop ebp pop edi pop esi pop ebx ret fcn_00420970: push ebx push esi push edi push ebp sub esp, 0x18 xor edx, edx mov dword [esp + 8], edx push 3 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_0040b221 ; call 0x40b221 add esp, 8 test eax, eax jne near loc_00420a82 ; jne 0x420a82 xor edi, edi mov dword [esp + 4], eax xor ebp, ebp mov dword [esp + 0x10], eax jmp short loc_004209ae ; jmp 0x4209ae loc_004209a4: inc ebp cmp ebp, 3 jge near loc_00420bdf ; jge 0x420bdf loc_004209ae: xor edx, edx mov dx, word [ebp*2 + ref_0048b8b4] ; mov dx, word [ebp*2 + 0x48b8b4] mov eax, edx shl eax, 2 add eax, edx mov edx, dword [ref_00498e80] ; mov edx, dword [0x498e80] mov ax, word [edx + eax*8 + 0x20] and eax, 0xffff cmp eax, 0x7d0 jle near loc_00420ae6 ; jle 0x420ae6 cmp eax, 0xfa0 jge near loc_00420ae6 ; jge 0x420ae6 sub eax, 0x7d0 imul eax, eax, 0x34 mov esi, dword [ref_00498e84] ; mov esi, dword [0x498e84] add esi, eax mov cl, byte [esi + 0x19] test cl, cl je short loc_00420a17 ; je 0x420a17 xor eax, eax mov al, cl mov edx, dword [_current_player] ; mov edx, dword [0x49910c] inc edx cmp eax, edx jne short loc_00420a31 ; jne 0x420a31 cmp byte [esi + 0x18], 0 jne short loc_00420a31 ; jne 0x420a31 cmp byte [esi + 0x1a], 5 jae short loc_00420a31 ; jae 0x420a31 loc_00420a17: cmp byte [esi + 0x19], 0 je short loc_00420a25 ; je 0x420a25 xor eax, eax mov ax, word [esi + 0x1e] jmp short loc_00420a2b ; jmp 0x420a2b loc_00420a25: xor eax, eax mov ax, word [esi + 0x1c] loc_00420a2b: add edi, eax inc dword [esp + 0x10] loc_00420a31: mov dl, byte [esi + 0x19] test dl, dl je near loc_004209a4 ; je 0x4209a4 xor eax, eax mov al, dl mov edx, dword [_current_player] ; mov edx, dword [0x49910c] inc edx cmp eax, edx je near loc_004209a4 ; je 0x4209a4 add esi, 4 push esi push eax call fcn_00419744 ; call 0x419744 mov ebx, eax add esp, 8 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 3 mov edx, eax shl eax, 2 add eax, edx cmp ebx, eax jle near loc_004209a4 ; jle 0x4209a4 loc_00420a82: cmp dword [esp + 8], 0 jne near loc_00420c5d ; jne 0x420c5d push 0xffffffffffffffff call fcn_0040a45c ; call 0x40a45c add esp, 4 mov dword [ref_0048be60], eax ; mov dword [0x48be60], eax xor ecx, ecx mov dword [esp], ecx xor ebp, ebp mov dword [esp + 0xc], ecx loc_00420aa7: cmp ebp, dword [ref_0048be60] ; cmp ebp, dword [0x48be60] jge near loc_00420c9e ; jge 0x420c9e mov ax, word [ebp*2 + ref_0048b8c4] ; mov ax, word [ebp*2 + 0x48b8c4] and eax, 0xffff mov dword [esp + 0x10], eax test byte [esp + 0x11], 0x80 je near loc_00420c98 ; je 0x420c98 test byte [esp + 0x10], 0xf je near loc_00420c98 ; je 0x420c98 xor ebx, ebx mov eax, 1 jmp near loc_00420c6e ; jmp 0x420c6e loc_00420ae6: cmp eax, 0xfa0 jle near loc_00420b97 ; jle 0x420b97 cmp eax, 0x1770 jge near loc_00420b97 ; jge 0x420b97 sub eax, 0xfa0 shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, eax mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] add eax, edx cmp byte [eax + 0x19], 0 je short loc_00420b3c ; je 0x420b3c xor edx, edx mov dl, byte [eax + 0x19] mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] inc ecx cmp edx, ecx jne short loc_00420b56 ; jne 0x420b56 mov bl, byte [eax + 0x18] test bl, bl je short loc_00420b56 ; je 0x420b56 cmp bl, 3 je short loc_00420b56 ; je 0x420b56 cmp byte [eax + 0x1a], 5 jae short loc_00420b56 ; jae 0x420b56 loc_00420b3c: cmp byte [eax + 0x19], 0 je short loc_00420b4a ; je 0x420b4a xor edx, edx mov dx, word [eax + 0x24] jmp short loc_00420b50 ; jmp 0x420b50 loc_00420b4a: xor edx, edx mov dx, word [eax + 0x22] loc_00420b50: add edi, edx inc dword [esp + 0x10] loc_00420b56: mov dl, byte [eax + 0x19] test dl, dl je near loc_004209a4 ; je 0x4209a4 xor ecx, ecx mov cl, dl mov edx, dword [_current_player] ; mov edx, dword [0x49910c] inc edx cmp ecx, edx je near loc_004209a4 ; je 0x4209a4 mov dh, byte [eax + 0x18] test dh, dh je near loc_004209a4 ; je 0x4209a4 cmp dh, 4 je near loc_004209a4 ; je 0x4209a4 cmp byte [eax + 0x1a], 0 je near loc_004209a4 ; je 0x4209a4 jmp near loc_00420a82 ; jmp 0x420a82 loc_00420b97: cmp eax, 0x1770 jle near loc_004209a4 ; jle 0x4209a4 cmp eax, 0x1f40 jge near loc_004209a4 ; jge 0x4209a4 sub eax, 0x1770 imul eax, eax, 0x34 mov edx, dword [ref_00498e7c] ; mov edx, dword [0x498e7c] add eax, edx cmp byte [eax + 0x18], 0 je near loc_004209a4 ; je 0x4209a4 xor edx, edx mov dl, byte [eax + 0x18] mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edx, eax je near loc_004209a4 ; je 0x4209a4 jmp near loc_00420a82 ; jmp 0x420a82 loc_00420bdf: cmp dword [esp + 4], 0 jne near loc_00420a82 ; jne 0x420a82 imul edx, dword [_current_player], 0x68 ; imul edx, dword [0x49910c], 0x68 fild dword [edx + (_players+28)] ; fild dword [edx + 0x496b84] mov dword [esp + 0x14], edi fild dword [esp + 0x14] fmul qword [ref_00463d40] ; fmul qword [0x463d40] fcompp fnstsw ax sahf jae near loc_00420a82 ; jae 0x420a82 cmp dword [esp + 0x10], 2 jl near loc_00420a82 ; jl 0x420a82 mov eax, dword [edx + (_players+28)] ; mov eax, dword [edx + 0x496b84] add eax, dword [edx + (_players+32)] ; add eax, dword [edx + 0x496b88] cmp eax, 0x2710 jle near loc_00420a82 ; jle 0x420a82 cmp word [edx + (_players+70)], 0 ; cmp word [edx + 0x496bae], 0 jl near loc_00420a82 ; jl 0x420a82 mov cl, byte [_current_player] ; mov cl, byte [0x49910c] mov eax, 1 shl eax, cl or ah, 0x80 mov dword [ref_0048be58], eax ; mov dword [0x48be58], eax mov dword [esp + 8], 1 loc_00420c5d: mov eax, dword [esp + 8] jmp near loc_0041fe46 ; jmp 0x41fe46 loc_00420c66: add eax, eax inc ebx cmp eax, 0x10 jge short loc_00420c98 ; jge 0x420c98 loc_00420c6e: test dword [esp + 0x10], eax je short loc_00420c66 ; je 0x420c66 cmp ebx, dword [_current_player] ; cmp ebx, dword [0x49910c] je short loc_00420c66 ; je 0x420c66 imul esi, ebx, 0x68 cmp byte [esi + (_players+21)], 0 ; cmp byte [esi + 0x496b7d], 0 je short loc_00420c66 ; je 0x420c66 mov edx, dword [esp + 0xc] mov byte [esp + edx], bl lea esi, [edx + 1] mov dword [esp + 0xc], esi jmp short loc_00420c66 ; jmp 0x420c66 loc_00420c98: inc ebp jmp near loc_00420aa7 ; jmp 0x420aa7 loc_00420c9e: cmp dword [esp + 0xc], 0 je short loc_00420c5d ; je 0x420c5d xor ebx, ebx loc_00420ca7: cmp ebx, dword [esp + 0xc] jge short loc_00420c5d ; jge 0x420c5d mov ebp, dword [esp + 8] test ebp, ebp jne short loc_00420c5d ; jne 0x420c5d push 3 xor eax, eax mov al, byte [esp + ebx + 4] push eax call fcn_0040b221 ; call 0x40b221 add esp, 8 test eax, eax jne near loc_00420e94 ; jne 0x420e94 xor edi, edi mov dword [esp + 4], ebp mov dword [esp + 0x10], ebp jmp short loc_00420ce4 ; jmp 0x420ce4 loc_00420cda: inc ebp cmp ebp, 3 jge near loc_00420e4e ; jge 0x420e4e loc_00420ce4: xor esi, esi mov si, word [ebp*2 + ref_0048b8b4] ; mov si, word [ebp*2 + 0x48b8b4] mov eax, esi shl eax, 2 add eax, esi mov edx, dword [ref_00498e80] ; mov edx, dword [0x498e80] mov ax, word [edx + eax*8 + 0x20] and eax, 0xffff cmp eax, 0x7d0 jle short loc_00420d68 ; jle 0x420d68 cmp eax, 0xfa0 jge short loc_00420d68 ; jge 0x420d68 sub eax, 0x7d0 imul eax, eax, 0x34 mov esi, dword [ref_00498e84] ; mov esi, dword [0x498e84] add esi, eax xor eax, eax mov al, byte [esi + 0x19] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] inc edx cmp eax, edx jne short loc_00420d46 ; jne 0x420d46 lea edx, [esi + 4] push edx push eax call fcn_00419744 ; call 0x419744 add esp, 8 add edi, eax inc dword [esp + 0x10] loc_00420d46: cmp byte [esi + 0x19], 0 je near loc_00420e94 ; je 0x420e94 xor eax, eax mov al, byte [esp + ebx] xor edx, edx mov dl, byte [esi + 0x19] inc eax cmp edx, eax jne near loc_00420cda ; jne 0x420cda jmp near loc_00420e94 ; jmp 0x420e94 loc_00420d68: cmp eax, 0xfa0 jle near loc_00420df1 ; jle 0x420df1 cmp eax, 0x1770 jge near loc_00420df1 ; jge 0x420df1 sub eax, 0xfa0 shl eax, 3 mov edx, eax shl edx, 3 sub edx, eax mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] add eax, edx xor edx, edx mov dl, byte [eax + 0x19] mov esi, dword [_current_player] ; mov esi, dword [0x49910c] inc esi cmp edx, esi jne short loc_00420dcc ; jne 0x420dcc mov dl, byte [eax + 0x18] test dl, dl je short loc_00420dcc ; je 0x420dcc cmp dl, 4 je short loc_00420dcc ; je 0x420dcc mov cl, byte [eax + 0x1a] test cl, cl je short loc_00420dcc ; je 0x420dcc xor edx, edx mov dl, cl add edx, edx lea esi, [eax + edx] xor edx, edx mov dx, word [esi + 0x24] add edi, edx inc dword [esp + 0x10] loc_00420dcc: mov ch, byte [eax + 0x19] test ch, ch je near loc_00420e94 ; je 0x420e94 xor edx, edx mov dl, byte [esp + ebx] mov al, ch and eax, 0xff inc edx cmp eax, edx jne near loc_00420cda ; jne 0x420cda jmp near loc_00420e94 ; jmp 0x420e94 loc_00420df1: cmp eax, 0x1770 jle near loc_00420cda ; jle 0x420cda cmp eax, 0x1f40 jge near loc_00420cda ; jge 0x420cda sub eax, 0x1770 imul edx, eax, 0x34 mov eax, dword [ref_00498e7c] ; mov eax, dword [0x498e7c] add eax, edx movzx esi, byte [eax + 0x18] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] inc edx cmp esi, edx jne short loc_00420e31 ; jne 0x420e31 xor edx, edx mov dx, word [eax + 0x22] add edi, edx inc dword [esp + 0x10] loc_00420e31: mov ch, byte [eax + 0x18] test ch, ch je short loc_00420e94 ; je 0x420e94 movzx esi, byte [esp + ebx] mov al, ch and eax, 0xff inc esi cmp eax, esi jne near loc_00420cda ; jne 0x420cda jmp short loc_00420e94 ; jmp 0x420e94 loc_00420e4e: cmp dword [esp + 4], 0 jne short loc_00420e94 ; jne 0x420e94 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 sub eax, edx shl eax, 4 add eax, edx shl eax, 4 cmp edi, eax jl short loc_00420e94 ; jl 0x420e94 cmp dword [esp + 0x10], 2 jl short loc_00420e94 ; jl 0x420e94 mov cl, byte [esp + ebx] mov eax, 1 shl eax, cl or ah, 0x80 mov dword [ref_0048be58], eax ; mov dword [0x48be58], eax mov dword [esp + 8], 1 loc_00420e94: inc ebx jmp near loc_00420ca7 ; jmp 0x420ca7 fcn_00420e9a: mov eax, dword [esp + 4] xor edx, edx mov dl, byte [eax*8 + (ref_0047fee2 - 1)] ; mov dl, byte [eax*8 + 0x47fee1] imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov al, byte [eax + (_players+23)] ; mov al, byte [eax + 0x496b7f] and eax, 0xff sub edx, eax mov eax, edx cmp edx, 2 jl short loc_00420ec5 ; jl 0x420ec5 xor eax, edx ret loc_00420ec5: cmp edx, 1 jne short loc_00420ee2 ; jne 0x420ee2 call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 3 sar edx, 0x1f idiv ecx test edx, edx je short loc_00420ee2 ; je 0x420ee2 fcn_00420edf: xor eax, eax ret loc_00420ee2: mov eax, dword [esp + 4] call dword [eax*4 + ref_0047539c] ; ucall: call dword [eax*4 + 0x47539c] ret fcn_00420eee: mov eax, dword [esp + 4] mov eax, dword [eax*4 + ref_0048be64] ; mov eax, dword [eax*4 + 0x48be64] ret fcn_00420efa: push ebx push esi push edi push ebp xor esi, esi push 4 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] push edx call fcn_0040b221 ; call 0x40b221 add esp, 8 test eax, eax jne near loc_00421078 ; jne 0x421078 xor edi, edi jmp near loc_00420f92 ; jmp 0x420f92 loc_00420f20: cmp eax, 0xfa0 jle short loc_00420f52 ; jle 0x420f52 cmp eax, 0x1770 jge short loc_00420f52 ; jge 0x420f52 sub eax, 0xfa0 shl eax, 3 mov ebx, eax shl eax, 3 sub eax, ebx mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] mov bl, byte [ebx + eax + 0x19] and ebx, 0xff mov edx, 0x989680 loc_00420f52: dec ebp mov eax, ebp shl eax, 2 sub eax, ebp mov al, byte [eax*8 + ref_00496d08] ; mov al, byte [eax*8 + 0x496d08] and eax, 0xff cmp eax, 5 je short loc_00420f83 ; je 0x420f83 cmp eax, 6 je short loc_00420f83 ; je 0x420f83 cmp eax, 7 je short loc_00420f83 ; je 0x420f83 cmp eax, 8 je short loc_00420f83 ; je 0x420f83 cmp eax, 0xb jne near loc_00421010 ; jne 0x421010 loc_00420f83: mov esi, 1 loc_00420f88: inc edi cmp edi, 4 jge near loc_00421078 ; jge 0x421078 loc_00420f92: test esi, esi jne near loc_00421078 ; jne 0x421078 xor edx, edx mov dx, word [edi*2 + ref_0048b8b4] ; mov dx, word [edi*2 + 0x48b8b4] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 mov edx, dword [ref_00498e80] ; mov edx, dword [0x498e80] add eax, edx mov ebp, dword [eax + 0x24] and ebp, 0x3f0000 shr ebp, 0x10 test ebp, ebp je short loc_00420f88 ; je 0x420f88 mov ax, word [eax + 0x20] and eax, 0xffff xor ebx, ebx xor edx, edx cmp eax, 0x7d0 jle near loc_00420f20 ; jle 0x420f20 cmp eax, 0xfa0 jge near loc_00420f20 ; jge 0x420f20 sub eax, 0x7d0 imul eax, eax, 0x34 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] add eax, edx mov bl, byte [eax + 0x19] add eax, 4 push eax push ebx call fcn_00419744 ; call 0x419744 add esp, 8 mov edx, eax jmp near loc_00420f52 ; jmp 0x420f52 loc_00421010: test esi, esi jne short loc_00421028 ; jne 0x421028 cmp eax, 0x11 jne short loc_00421028 ; jne 0x421028 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] inc ebp cmp ebx, ebp je near loc_00420f83 ; je 0x420f83 loc_00421028: test esi, esi jne near loc_00420f88 ; jne 0x420f88 cmp eax, 0x10 jne near loc_00420f88 ; jne 0x420f88 test ebx, ebx je near loc_00420f88 ; je 0x420f88 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp ebx, eax je near loc_00420f88 ; je 0x420f88 mov ebx, dword [ref_004990e8] ; mov ebx, dword [0x4990e8] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 3 add eax, ebx shl eax, 3 mov ebx, eax shl eax, 4 sub eax, ebx cmp edx, eax jle near loc_00420f88 ; jle 0x420f88 jmp near loc_00420f83 ; jmp 0x420f83 loc_00421078: mov eax, esi pop ebp pop edi pop esi pop ebx ret fcn_0042107f: push ebx push esi push edi push ebp sub esp, 0x10 xor edx, edx mov dword [esp + 8], edx push 4 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_0040b221 ; call 0x40b221 add esp, 8 test eax, eax jne near loc_00421299 ; jne 0x421299 xor ebp, ebp jmp near loc_00421122 ; jmp 0x421122 loc_004210ac: xor esi, esi mov eax, dword [esp + 0xc] mov si, word [eax + 0x1c] imul esi, dword [ref_004990e8] ; imul esi, dword [0x4990e8] cmp ebx, 2 jge short loc_004210c8 ; jge 0x4210c8 cmp byte [eax + 0x1a], 0 je short loc_00421118 ; je 0x421118 loc_004210c8: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov edx, dword [eax + (_players+28)] ; mov edx, dword [eax + 0x496b84] add edx, dword [eax + (_players+32)] ; add edx, dword [eax + 0x496b88] cmp edx, 0x2710 jle short loc_00421118 ; jle 0x421118 cmp word [eax + (_players+70)], 0 ; cmp word [eax + 0x496bae], 0 jl short loc_00421118 ; jl 0x421118 cmp byte [eax + (_players+57)], 0 ; cmp byte [eax + 0x496ba1], 0 jne short loc_00421118 ; jne 0x421118 cmp esi, dword [eax + (_players+28)] ; cmp esi, dword [eax + 0x496b84] loc_004210fc: jge short loc_00421118 ; jge 0x421118 mov ax, word [ebp*2 + ref_0048b8b4] ; mov ax, word [ebp*2 + 0x48b8b4] and eax, 0xffff mov dword [ref_0048be64], eax ; mov dword [0x48be64], eax loc_00421110: mov dword [esp + 8], 1 loc_00421118: inc ebp cmp ebp, 4 jge near loc_00421299 ; jge 0x421299 loc_00421122: cmp dword [esp + 8], 0 jne near loc_00421299 ; jne 0x421299 xor edx, edx mov dx, word [ebp*2 + ref_0048b8b4] ; mov dx, word [ebp*2 + 0x48b8b4] mov eax, edx shl eax, 2 add edx, eax shl edx, 3 mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] add eax, edx test dword [eax + 0x24], 0x3fff00 jne short loc_00421118 ; jne 0x421118 mov ax, word [eax + 0x20] and eax, 0xffff cmp eax, 0x7d0 jle short loc_004211c3 ; jle 0x4211c3 cmp eax, 0xfa0 jge short loc_004211c3 ; jge 0x4211c3 sub eax, 0x7d0 imul eax, eax, 0x34 mov esi, dword [ref_00498e84] ; mov esi, dword [0x498e84] lea edx, [esi + eax] mov dword [esp + 0xc], edx cmp byte [edx + 0x19], 0 jne short loc_00421118 ; jne 0x421118 mov edi, 1 xor ebx, ebx loc_0042118a: add esi, 0x34 cmp edi, dword [ref_00498e98] ; cmp edi, dword [0x498e98] jg near loc_004210ac ; jg 0x4210ac lea eax, [esi + 4] push eax mov eax, dword [esp + 0x10] add eax, 4 push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne short loc_004211c0 ; jne 0x4211c0 mov al, byte [esi + 0x19] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] inc edx cmp eax, edx jne short loc_004211c0 ; jne 0x4211c0 inc ebx loc_004211c0: inc edi jmp short loc_0042118a ; jmp 0x42118a loc_004211c3: cmp eax, 0xfa0 jle near loc_0042124c ; jle 0x42124c cmp eax, 0x1770 jge short loc_0042124c ; jge 0x42124c sub eax, 0xfa0 shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] add edx, eax cmp byte [edx + 0x19], 0 jne near loc_00421118 ; jne 0x421118 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ebx, dword [eax + (_players+28)] ; mov ebx, dword [eax + 0x496b84] add ebx, dword [eax + (_players+32)] ; add ebx, dword [eax + 0x496b88] cmp ebx, 0x2710 jle near loc_00421118 ; jle 0x421118 cmp word [eax + (_players+70)], 0 ; cmp word [eax + 0x496bae], 0 jl near loc_00421118 ; jl 0x421118 cmp byte [eax + (_players+57)], 0 ; cmp byte [eax + 0x496ba1], 0 jne near loc_00421118 ; jne 0x421118 mov dx, word [edx + 0x22] and edx, 0xffff imul edx, dword [ref_004990e8] ; imul edx, dword [0x4990e8] cmp edx, dword [eax + (_players+28)] ; cmp edx, dword [eax + 0x496b84] jmp near loc_004210fc ; jmp 0x4210fc loc_0042124c: xor ebx, ebx mov bx, word [ebp*2 + ref_0048b8b4] ; mov bx, word [ebp*2 + 0x48b8b4] mov eax, ebx shl eax, 2 lea edx, [ebx + eax] shl edx, 3 mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] mov eax, dword [edx + eax + 0x24] and eax, 0xff cmp eax, 0xf jne near loc_00421118 ; jne 0x421118 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp word [eax + (_players+48)], 0xc8 ; cmp word [eax + 0x496b98], 0xc8 jbe near loc_00421118 ; jbe 0x421118 mov dword [ref_0048be64], ebx ; mov dword [0x48be64], ebx jmp near loc_00421110 ; jmp 0x421110 loc_00421299: cmp dword [esp + 8], 0 jne near loc_004213b9 ; jne 0x4213b9 push 6 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_0040b343 ; call 0x40b343 add esp, 8 call fcn_00409ef9 ; call 0x409ef9 mov dword [esp], eax xor ebp, ebp mov dword [esp + 4], ebp loc_004212c3: cmp ebp, dword [esp] jge near loc_004213b9 ; jge 0x4213b9 xor ebx, ebx xor edx, edx jmp short loc_004212d8 ; jmp 0x4212d8 loc_004212d2: inc ebx cmp ebx, 6 jge short loc_004212f6 ; jge 0x4212f6 loc_004212d8: xor eax, eax mov ax, word [ebp*2 + ref_0048b8c4] ; mov ax, word [ebp*2 + 0x48b8c4] mov si, word [ebx*2 + ref_0048b8b4] ; mov si, word [ebx*2 + 0x48b8b4] and esi, 0xffff cmp eax, esi jne short loc_004212d2 ; jne 0x4212d2 jmp short loc_004212fe ; jmp 0x4212fe loc_004212f6: test edx, edx je near loc_004213b3 ; je 0x4213b3 loc_004212fe: lea esi, [ebp + ebp] xor edx, edx mov dx, word [esi + ref_0048b8c4] ; mov dx, word [esi + 0x48b8c4] mov eax, edx shl eax, 2 add eax, edx mov edi, dword [ref_00498e80] ; mov edi, dword [0x498e80] mov di, word [edi + eax*8 + 0x20] and edi, 0xffff cmp edi, 0x7d0 jle near loc_004213b3 ; jle 0x4213b3 cmp edi, 0xfa0 jge near loc_004213b3 ; jge 0x4213b3 lea eax, [edi - 0x7d0] imul eax, eax, 0x34 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] add edx, eax mov dword [esp + 0xc], edx xor eax, eax mov al, byte [edx + 0x19] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] inc edx cmp eax, edx jne short loc_004213b3 ; jne 0x4213b3 mov edx, dword [esp + 0xc] add edx, 4 push edx push eax call fcn_00419744 ; call 0x419744 mov ebx, eax add esp, 8 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 4 mov edx, eax shl eax, 4 sub eax, edx cmp ebx, eax jle short loc_004213b3 ; jle 0x4213b3 cmp ebx, dword [esp + 4] jle short loc_004213b3 ; jle 0x4213b3 mov dword [esp + 4], ebx xor eax, eax mov ax, word [esi + ref_0048b8c4] ; mov ax, word [esi + 0x48b8c4] mov dword [ref_0048be64], eax ; mov dword [0x48be64], eax mov dword [esp + 8], 1 loc_004213b3: inc ebp jmp near loc_004212c3 ; jmp 0x4212c3 loc_004213b9: mov eax, dword [esp + 8] loc_004213bd: add esp, 0x10 pop ebp pop edi pop esi pop ebx ret fcn_004213c5: push ebx push esi push edi sub esp, 0x208 xor edx, edx mov dword [esp + 0x200], edx push 6 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_0040b343 ; call 0x40b343 add esp, 8 call fcn_00409ef9 ; call 0x409ef9 mov dword [esp + 0x204], eax xor ebx, ebx xor esi, esi loc_004213f8: cmp ebx, dword [esp + 0x204] jge near loc_0042153a ; jge 0x42153a xor eax, eax xor edi, edi jmp short loc_00421411 ; jmp 0x421411 loc_0042140b: inc eax cmp eax, 6 jge short loc_0042142f ; jge 0x42142f loc_00421411: xor ecx, ecx mov cx, word [ebx*2 + ref_0048b8c4] ; mov cx, word [ebx*2 + 0x48b8c4] mov dx, word [eax*2 + ref_0048b8b4] ; mov dx, word [eax*2 + 0x48b8b4] and edx, 0xffff cmp ecx, edx jne short loc_0042140b ; jne 0x42140b jmp short loc_00421437 ; jmp 0x421437 loc_0042142f: test edi, edi je near loc_00421534 ; je 0x421534 loc_00421437: mov ax, word [ebx*2 + ref_0048b8c4] ; mov ax, word [ebx*2 + 0x48b8c4] and eax, 0xffff xor edx, edx mov dx, word [ref_0048bae0] ; mov dx, word [0x48bae0] cmp eax, edx jne short loc_0042145a ; jne 0x42145a cmp dword [ref_00496b30], 0 ; cmp dword [0x496b30], 0 jne short loc_0042147d ; jne 0x42147d loc_0042145a: mov ax, word [ebx*2 + ref_0048b8c4] ; mov ax, word [ebx*2 + 0x48b8c4] and eax, 0xffff xor edx, edx mov dx, word [ref_0048bae2] ; mov dx, word [0x48bae2] cmp eax, edx jne short loc_0042148c ; jne 0x42148c cmp dword [ref_00496b60], 0 ; cmp dword [0x496b60], 0 je short loc_0042148c ; je 0x42148c loc_0042147d: xor eax, eax mov ax, word [ebx*2 + ref_0048b8c4] ; mov ax, word [ebx*2 + 0x48b8c4] jmp near loc_00421553 ; jmp 0x421553 loc_0042148c: lea edx, [ebx + ebx] xor ecx, ecx mov cx, word [edx + ref_0048b8c4] ; mov cx, word [edx + 0x48b8c4] mov eax, ecx shl eax, 2 add ecx, eax shl ecx, 3 mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] mov ax, word [ecx + eax + 0x20] and eax, 0xffff cmp eax, 0x7d0 jle short loc_004214ec ; jle 0x4214ec cmp eax, 0xfa0 jge short loc_004214ec ; jge 0x4214ec sub eax, 0x7d0 imul ecx, eax, 0x34 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add eax, ecx cmp byte [eax + 0x19], 0 je short loc_00421534 ; je 0x421534 xor ecx, ecx mov cl, byte [eax + 0x19] mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp ecx, eax je short loc_00421534 ; je 0x421534 mov dx, word [edx + ref_0048b8c4] ; mov dx, word [edx + 0x48b8c4] jmp short loc_0042152f ; jmp 0x42152f loc_004214ec: cmp eax, 0xfa0 jle short loc_00421534 ; jle 0x421534 cmp eax, 0x1770 jge short loc_00421534 ; jge 0x421534 sub eax, 0xfa0 shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, eax mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] add eax, edx cmp byte [eax + 0x19], 0 je short loc_00421534 ; je 0x421534 xor edx, edx mov dl, byte [eax + 0x19] mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edx, eax je short loc_00421534 ; je 0x421534 mov dx, word [ebx*2 + ref_0048b8c4] ; mov dx, word [ebx*2 + 0x48b8c4] loc_0042152f: mov word [esp + esi*2], dx inc esi loc_00421534: inc ebx jmp near loc_004213f8 ; jmp 0x4213f8 loc_0042153a: test esi, esi je short loc_00421563 ; je 0x421563 call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv esi mov ax, word [esp + edx*2] and eax, 0xffff loc_00421553: mov dword [ref_0048be64], eax ; mov dword [0x48be64], eax mov dword [esp + 0x200], 1 loc_00421563: mov eax, dword [esp + 0x200] add esp, 0x208 pop edi pop esi pop ebx ret fcn_00421574: push ebx push esi push edi sub esp, 0x208 xor edx, edx mov dword [esp + 0x200], edx push 6 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_0040b343 ; call 0x40b343 add esp, 8 call fcn_00409ef9 ; call 0x409ef9 mov dword [esp + 0x204], eax xor ebx, ebx xor esi, esi loc_004215a7: cmp ebx, dword [esp + 0x204] jge short loc_0042153a ; jge 0x42153a xor eax, eax xor edi, edi jmp short loc_004215bc ; jmp 0x4215bc loc_004215b6: inc eax cmp eax, 6 jge short loc_004215da ; jge 0x4215da loc_004215bc: xor ecx, ecx mov cx, word [ebx*2 + ref_0048b8c4] ; mov cx, word [ebx*2 + 0x48b8c4] mov dx, word [eax*2 + ref_0048b8b4] ; mov dx, word [eax*2 + 0x48b8b4] and edx, 0xffff cmp ecx, edx jne short loc_004215b6 ; jne 0x4215b6 jmp short loc_004215de ; jmp 0x4215de loc_004215da: test edi, edi je short loc_0042163e ; je 0x42163e loc_004215de: mov ax, word [ebx*2 + ref_0048b8c4] ; mov ax, word [ebx*2 + 0x48b8c4] and eax, 0xffff xor edx, edx mov dx, word [ref_0048bae0] ; mov dx, word [0x48bae0] cmp eax, edx jne short loc_00421601 ; jne 0x421601 cmp dword [ref_00496b30], 0 ; cmp dword [0x496b30], 0 jne short loc_00421622 ; jne 0x421622 loc_00421601: mov eax, ebx xor edx, edx mov dx, word [ebx*2 + ref_0048b8c4] ; mov dx, word [ebx*2 + 0x48b8c4] xor eax, ebx mov ax, word [ref_0048bae2] ; mov ax, word [0x48bae2] cmp edx, eax jne short loc_00421631 ; jne 0x421631 cmp dword [ref_00496b60], 0 ; cmp dword [0x496b60], 0 je short loc_00421631 ; je 0x421631 loc_00421622: xor eax, eax mov ax, word [ebx*2 + ref_0048b8c4] ; mov ax, word [ebx*2 + 0x48b8c4] jmp near loc_00421553 ; jmp 0x421553 loc_00421631: mov ax, word [ebx*2 + ref_0048b8c4] ; mov ax, word [ebx*2 + 0x48b8c4] mov word [esp + esi*2], ax inc esi loc_0042163e: inc ebx jmp near loc_004215a7 ; jmp 0x4215a7 fcn_00421644: push ebx xor ebx, ebx imul edx, dword [_current_player], 0x68 ; imul edx, dword [0x49910c], 0x68 test byte [edx + (_players+17)], 3 ; test byte [edx + 0x496b79], 3 jne short loc_00421671 ; jne 0x421671 call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 4 sar edx, 0x1f idiv ecx test edx, edx jne short loc_00421671 ; jne 0x421671 mov ebx, 1 loc_00421671: mov eax, ebx pop ebx ret fcn_00421675: push ebx xor ebx, ebx imul edx, dword [_current_player], 0x68 ; imul edx, dword [0x49910c], 0x68 mov dl, byte [edx + (_players+17)] ; mov dl, byte [edx + 0x496b79] and dl, 3 cmp dl, 2 jae short loc_004216a7 ; jae 0x4216a7 call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 4 sar edx, 0x1f idiv ecx test edx, edx jne short loc_004216a7 ; jne 0x4216a7 mov ebx, 1 loc_004216a7: mov eax, ebx pop ebx ret fcn_004216ab: mov eax, dword [esp + 8] cmp eax, 0x7d0 jle short loc_004216dc ; jle 0x4216dc cmp eax, 0xfa0 jge short loc_004216dc ; jge 0x4216dc sub eax, 0x7d0 imul ecx, eax, 0x34 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add eax, ecx xor ecx, ecx mov cl, byte [eax + 0x19] mov eax, dword [esp + 4] inc eax cmp ecx, eax jne short loc_00421714 ; jne 0x421714 jmp short loc_0042170f ; jmp 0x42170f loc_004216dc: cmp eax, 0xfa0 jle short loc_00421714 ; jle 0x421714 cmp eax, 0x1770 jge short loc_00421714 ; jge 0x421714 sub eax, 0xfa0 shl eax, 3 mov ecx, eax shl eax, 3 sub eax, ecx mov ecx, dword [ref_00498e88] ; mov ecx, dword [0x498e88] add eax, ecx xor ecx, ecx mov cl, byte [eax + 0x19] mov eax, dword [esp + 4] inc eax cmp ecx, eax jne short loc_00421714 ; jne 0x421714 loc_0042170f: mov edx, 1 loc_00421714: mov eax, edx ret fcn_00421717: push ebx push esi push edi push ebp sub esp, 8 xor edx, edx mov dword [esp], edx mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_0040d2d3 ; call 0x40d2d3 add esp, 4 mov ebx, eax cmp eax, 0xffffffff jne short loc_0042174a ; jne 0x42174a mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_0040d31c ; call 0x40d31c add esp, 4 mov ebx, eax loc_0042174a: cmp ebx, 0xffffffff jne short loc_00421756 ; jne 0x421756 xor eax, eax jmp near loc_0042181f ; jmp 0x42181f loc_00421756: push 0xffffffffffffffff call fcn_0040a45c ; call 0x40a45c add esp, 4 mov dword [esp + 4], eax xor esi, esi xor edi, edi mov ebp, dword [esp + 4] loc_0042176c: cmp esi, ebp jge short loc_004217b3 ; jge 0x4217b3 test edi, edi jne short loc_004217b3 ; jne 0x4217b3 mov cx, word [esi*2 + ref_0048b8c4] ; mov cx, word [esi*2 + 0x48b8c4] and ecx, 0xffff test ch, 0x80 je short loc_004217b0 ; je 0x4217b0 test cl, 0xf je short loc_004217b0 ; je 0x4217b0 xor edx, edx mov eax, 1 jmp short loc_0042179d ; jmp 0x42179d loc_00421795: add eax, eax inc edx cmp eax, 0x10 jge short loc_004217b0 ; jge 0x4217b0 loc_0042179d: test ecx, eax je short loc_00421795 ; je 0x421795 cmp edx, ebx jne short loc_00421795 ; jne 0x421795 mov dword [ref_0048be64], ecx ; mov dword [0x48be64], ecx mov edi, 1 loc_004217b0: inc esi jmp short loc_0042176c ; jmp 0x42176c loc_004217b3: test edi, edi je short loc_0042181c ; je 0x42181c push 0x64 imul ebx, ebx, 0x68 xor eax, eax mov ax, word [ebx + (_players+10)] ; mov ax, word [ebx + 0x496b72] push eax xor eax, eax mov ax, word [ebx + (_players+8)] ; mov ax, word [ebx + 0x496b70] push eax call fcn_0040a0b1 ; call 0x40a0b1 add esp, 0xc mov dword [esp + 4], eax xor esi, esi xor edi, edi loc_004217e0: cmp esi, dword [esp + 4] jge short loc_00421811 ; jge 0x421811 mov cx, word [esi*2 + ref_0048b8c4] ; mov cx, word [esi*2 + 0x48b8c4] and ecx, 0xffff test ch, 0x80 jne short loc_0042181c ; jne 0x42181c push ecx mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_004216ab ; call 0x4216ab add esp, 8 cmp eax, 1 je short loc_0042181c ; je 0x42181c inc esi jmp short loc_004217e0 ; jmp 0x4217e0 loc_00421811: test edi, edi jne short loc_0042181c ; jne 0x42181c mov dword [esp], 1 loc_0042181c: mov eax, dword [esp] loc_0042181f: add esp, 8 pop ebp pop edi pop esi pop ebx ret fcn_00421827: push ebx push esi push edi push ebp sub esp, 0x10 xor edx, edx mov dword [esp + 4], edx mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] imul edx, ecx, 0x68 xor eax, eax mov al, byte [edx + (_players+63)] ; mov al, byte [edx + 0x496ba7] cmp eax, 7 je short loc_00421854 ; je 0x421854 cmp eax, 8 je short loc_00421854 ; je 0x421854 cmp eax, 0xf jne short loc_0042185b ; jne 0x42185b loc_00421854: xor eax, eax jmp near loc_004213bd ; jmp 0x4213bd loc_0042185b: cmp byte [edx + (_players+57)], 0 ; cmp byte [edx + 0x496ba1], 0 jne short loc_00421854 ; jne 0x421854 mov eax, dword [edx + (_players+28)] ; mov eax, dword [edx + 0x496b84] add eax, dword [edx + (_players+32)] ; add eax, dword [edx + 0x496b88] cmp eax, 0x2710 jl short loc_00421854 ; jl 0x421854 cmp word [edx + (_players+70)], 0 ; cmp word [edx + 0x496bae], 0 jl short loc_00421854 ; jl 0x421854 push 6 push ecx call fcn_0040b221 ; call 0x40b221 add esp, 8 test eax, eax jne near loc_00421b9d ; jne 0x421b9d mov dword [esp + 8], eax mov dword [esp], eax jmp near loc_004219e8 ; jmp 0x4219e8 loc_004218a0: lea edx, [eax - 1] mov eax, edx shl eax, 2 sub eax, edx mov al, byte [eax*8 + ref_00496d08] ; mov al, byte [eax*8 + 0x496d08] and eax, 0xff cmp eax, 5 je near loc_004219d6 ; je 0x4219d6 cmp eax, 6 je near loc_004219d6 ; je 0x4219d6 cmp eax, 7 je near loc_004219d6 ; je 0x4219d6 cmp eax, 8 je near loc_004219d6 ; je 0x4219d6 cmp eax, 0xa je near loc_004219d6 ; je 0x4219d6 cmp eax, 0xb je near loc_004219d6 ; je 0x4219d6 cmp eax, 0x10 je near loc_004219d6 ; je 0x4219d6 cmp eax, 0x11 je near loc_004219d6 ; je 0x4219d6 cmp eax, 0x12 je near loc_004219d6 ; je 0x4219d6 loc_00421907: mov eax, dword [esp + 8] xor edx, edx mov dx, word [eax*2 + ref_0048b8b4] ; mov dx, word [eax*2 + 0x48b8b4] mov eax, edx shl eax, 2 add eax, edx mov edx, dword [ref_00498e80] ; mov edx, dword [0x498e80] mov ax, word [edx + eax*8 + 0x20] and eax, 0xffff cmp eax, 0x7d0 jle near loc_00421ae0 ; jle 0x421ae0 cmp eax, 0xfa0 jge near loc_00421ae0 ; jge 0x421ae0 xor edi, edi sub eax, 0x7d0 imul ebp, eax, 0x34 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add ebp, eax lea ebx, [eax + 0x34] mov al, byte [ebp + 0x19] test al, al jne near loc_00421a3a ; jne 0x421a3a mov esi, 1 loc_00421966: cmp esi, dword [ref_00498e98] ; cmp esi, dword [0x498e98] jg short loc_00421997 ; jg 0x421997 lea eax, [ebx + 4] push eax lea eax, [ebp + 4] push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne short loc_00421991 ; jne 0x421991 mov al, byte [ebx + 0x19] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] inc edx cmp eax, edx jne short loc_00421991 ; jne 0x421991 inc edi loc_00421991: inc esi add ebx, 0x34 jmp short loc_00421966 ; jmp 0x421966 loc_00421997: cmp edi, 1 jle short loc_004219d6 ; jle 0x4219d6 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 fild dword [eax + (_players+28)] ; fild dword [eax + 0x496b84] xor eax, eax mov ax, word [ebp + 0x1c] loc_004219af: mov dword [esp + 0xc], eax fild dword [esp + 0xc] fmul qword [ref_00463d48] ; fmul qword [0x463d48] fcompp fnstsw ax sahf jae short loc_004219d6 ; jae 0x4219d6 loc_004219c4: mov eax, dword [esp + 8] inc eax mov dword [ref_0048be64], eax ; mov dword [0x48be64], eax mov dword [esp + 4], 1 loc_004219d6: mov ebx, dword [esp + 8] inc ebx mov dword [esp + 8], ebx cmp ebx, 6 jge near loc_00421b88 ; jge 0x421b88 loc_004219e8: cmp dword [esp + 4], 0 jne near loc_00421b88 ; jne 0x421b88 mov eax, dword [esp + 8] xor edx, edx mov dx, word [eax*2 + ref_0048b8b4] ; mov dx, word [eax*2 + 0x48b8b4] mov eax, edx shl eax, 2 add edx, eax shl edx, 3 mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] add eax, edx mov edx, dword [eax + 0x24] and edx, 0xf000 shr edx, 0xc test edx, edx jne short loc_004219d6 ; jne 0x4219d6 mov eax, dword [eax + 0x24] and eax, 0x3f0000 shr eax, 0x10 test eax, eax jne near loc_004218a0 ; jne 0x4218a0 jmp near loc_00421907 ; jmp 0x421907 loc_00421a3a: xor edx, edx mov dl, al mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edx, eax jne short loc_004219d6 ; jne 0x4219d6 cmp byte [ebp + 0x18], 0 jne short loc_004219d6 ; jne 0x4219d6 cmp byte [ebp + 0x1a], 5 jae short loc_004219d6 ; jae 0x4219d6 mov esi, 1 loc_00421a59: cmp esi, dword [ref_00498e98] ; cmp esi, dword [0x498e98] jg short loc_00421a8b ; jg 0x421a8b lea eax, [ebx + 4] push eax lea eax, [ebp + 4] push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne short loc_00421a85 ; jne 0x421a85 xor edx, edx mov dl, byte [ebx + 0x19] mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edx, eax jne short loc_00421a85 ; jne 0x421a85 inc edi loc_00421a85: inc esi add ebx, 0x34 jmp short loc_00421a59 ; jmp 0x421a59 loc_00421a8b: cmp edi, 1 jle near loc_004219d6 ; jle 0x4219d6 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 fild dword [eax + (_players+28)] ; fild dword [eax + 0x496b84] xor eax, eax mov ax, word [ebp + 0x1e] mov dword [esp + 0xc], eax fild dword [esp + 0xc] fmul qword [ref_00463d48] ; fmul qword [0x463d48] fcompp fnstsw ax sahf jae near loc_004219d6 ; jae 0x4219d6 xor eax, eax mov al, byte [ebp + 0x1a] cmp eax, dword [esp] jle near loc_004219d6 ; jle 0x4219d6 mov dword [esp], eax mov eax, dword [esp + 8] inc eax mov dword [ref_0048be64], eax ; mov dword [0x48be64], eax jmp near loc_004219d6 ; jmp 0x4219d6 loc_00421ae0: cmp eax, 0xfa0 jle near loc_004219d6 ; jle 0x4219d6 cmp eax, 0x1770 jge near loc_004219d6 ; jge 0x4219d6 sub eax, 0xfa0 shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] add edx, eax cmp byte [edx + 0x19], 0 jne short loc_00421b3f ; jne 0x421b3f imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 fild dword [eax + (_players+28)] ; fild dword [eax + 0x496b84] xor eax, eax mov ax, word [edx + 0x22] mov dword [esp + 0xc], eax fild dword [esp + 0xc] fmul qword [ref_00463d48] ; fmul qword [0x463d48] fcompp fnstsw ax sahf jb near loc_004219c4 ; jb 0x4219c4 loc_00421b3f: xor ebx, ebx mov bl, byte [edx + 0x19] mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp ebx, eax jne near loc_004219d6 ; jne 0x4219d6 mov bh, byte [edx + 0x18] test bh, bh je near loc_004219d6 ; je 0x4219d6 cmp bh, 3 je near loc_004219d6 ; je 0x4219d6 cmp byte [edx + 0x1a], 5 jae near loc_004219d6 ; jae 0x4219d6 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 fild dword [eax + (_players+28)] ; fild dword [eax + 0x496b84] xor eax, eax mov ax, word [edx + 0x24] jmp near loc_004219af ; jmp 0x4219af loc_00421b88: cmp dword [esp + 4], 0 jne short loc_00421b9d ; jne 0x421b9d cmp dword [esp], 0 je short loc_00421b9d ; je 0x421b9d mov dword [esp + 4], 1 loc_00421b9d: mov eax, dword [esp + 4] jmp near loc_004213bd ; jmp 0x4213bd fcn_00421ba6: push ebx push esi push edi push ebp sub esp, 4 xor edx, edx mov dword [esp], edx push 0xffffffffffffffff call fcn_0040a45c ; call 0x40a45c add esp, 4 mov ebp, eax xor esi, esi xor ecx, ecx loc_00421bc2: cmp esi, ebp jge near loc_00421ca0 ; jge 0x421ca0 mov dx, word [esi*2 + ref_0048b8c4] ; mov dx, word [esi*2 + 0x48b8c4] and edx, 0xffff cmp edx, 0x7d0 jle short loc_00421c38 ; jle 0x421c38 cmp edx, 0xfa0 jge short loc_00421c38 ; jge 0x421c38 lea eax, [edx - 0x7d0] imul ebx, eax, 0x34 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add eax, ebx xor ebx, ebx mov bl, byte [eax + 0x19] mov edi, dword [_current_player] ; mov edi, dword [0x49910c] inc edi cmp ebx, edi jne near loc_00421c9a ; jne 0x421c9a cmp byte [eax + 0x18], 0 jne near loc_00421c9a ; jne 0x421c9a xor ebx, ebx mov bl, byte [eax + 0x1a] mov bx, word [eax + ebx*2 + 0x20] and ebx, 0xffff cmp ecx, ebx jge near loc_00421c9a ; jge 0x421c9a cmp byte [eax + 0x1a], 5 jae short loc_00421c9a ; jae 0x421c9a mov ecx, ebx jmp short loc_00421c94 ; jmp 0x421c94 loc_00421c38: cmp edx, 0xfa0 jle short loc_00421c9a ; jle 0x421c9a cmp edx, 0x1770 jge short loc_00421c9a ; jge 0x421c9a lea eax, [edx - 0xfa0] shl eax, 3 mov ebx, eax shl eax, 3 sub eax, ebx mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] add eax, ebx xor ebx, ebx mov bl, byte [eax + 0x19] mov edi, dword [_current_player] ; mov edi, dword [0x49910c] inc edi cmp ebx, edi jne short loc_00421c9a ; jne 0x421c9a movzx edi, byte [eax + 0x18] mov bl, byte [eax + 0x1a] cmp bl, byte [edi + ref_00474940] ; cmp bl, byte [edi + 0x474940] jae short loc_00421c9a ; jae 0x421c9a xor ebx, ebx mov bl, byte [eax + 0x1a] mov ax, word [eax + ebx*2 + 0x24] and eax, 0xffff cmp ecx, eax jge short loc_00421c9a ; jge 0x421c9a mov ecx, eax loc_00421c94: mov dword [ref_0048be64], edx ; mov dword [0x48be64], edx loc_00421c9a: inc esi jmp near loc_00421bc2 ; jmp 0x421bc2 loc_00421ca0: test ecx, ecx je short loc_00421cab ; je 0x421cab mov dword [esp], 1 loc_00421cab: mov eax, dword [esp] add esp, 4 pop ebp pop edi pop esi pop ebx ret fcn_00421cb6: push ebx push esi push edi sub esp, 8 xor edx, edx mov dword [esp], edx call fcn_00409ef9 ; call 0x409ef9 mov dword [esp + 4], eax xor edx, edx xor ecx, ecx loc_00421cce: imul ebx, dword [_current_player], 0x68 ; imul ebx, dword [0x49910c], 0x68 cmp edx, dword [esp + 4] jge near loc_00421dee ; jge 0x421dee xor edi, edi mov di, word [edx*2 + ref_0048b8c4] ; mov di, word [edx*2 + 0x48b8c4] mov eax, edi shl eax, 2 add eax, edi mov esi, dword [ref_00498e80] ; mov esi, dword [0x498e80] mov ax, word [esi + eax*8 + 0x20] and eax, 0xffff cmp eax, 0x7d0 jle short loc_00421d71 ; jle 0x421d71 cmp eax, 0xfa0 jge short loc_00421d71 ; jge 0x421d71 sub eax, 0x7d0 imul eax, eax, 0x34 mov esi, dword [ref_00498e84] ; mov esi, dword [0x498e84] add eax, esi cmp byte [eax + 0x19], 0 jne near loc_00421de8 ; jne 0x421de8 cmp byte [eax + 0x18], 0 jne near loc_00421de8 ; jne 0x421de8 cmp byte [eax + 0x1a], 3 jb near loc_00421de8 ; jb 0x421de8 movzx esi, byte [eax + 0x1a] cmp ecx, esi jge near loc_00421de8 ; jge 0x421de8 mov ax, word [eax + 0x1e] and eax, 0xffff imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] cmp eax, dword [ebx + (_players+28)] ; cmp eax, dword [ebx + 0x496b84] jge near loc_00421de8 ; jge 0x421de8 mov ecx, esi mov dword [ref_0048be64], edi ; mov dword [0x48be64], edi jmp near loc_00421de8 ; jmp 0x421de8 loc_00421d71: cmp eax, 0xfa0 jle near loc_00421de8 ; jle 0x421de8 cmp eax, 0x1770 jge short loc_00421de8 ; jge 0x421de8 sub eax, 0xfa0 shl eax, 3 mov ebx, eax shl eax, 3 sub eax, ebx mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] add eax, ebx cmp byte [eax + 0x19], 0 jne short loc_00421de8 ; jne 0x421de8 cmp byte [eax + 0x18], 0 je short loc_00421de8 ; je 0x421de8 cmp byte [eax + 0x1a], 3 jb short loc_00421de8 ; jb 0x421de8 imul ebx, dword [_current_player], 0x68 ; imul ebx, dword [0x49910c], 0x68 xor esi, esi mov si, word [eax + 0x24] imul esi, dword [ref_004990e8] ; imul esi, dword [0x4990e8] cmp esi, dword [ebx + (_players+28)] ; cmp esi, dword [ebx + 0x496b84] jge short loc_00421de8 ; jge 0x421de8 mov al, byte [eax + 0x1a] and eax, 0xff cmp ecx, eax jge short loc_00421de8 ; jge 0x421de8 mov ecx, eax mov ax, word [edx*2 + ref_0048b8c4] ; mov ax, word [edx*2 + 0x48b8c4] and eax, 0xffff mov dword [ref_0048be64], eax ; mov dword [0x48be64], eax loc_00421de8: inc edx jmp near loc_00421cce ; jmp 0x421cce loc_00421dee: test ecx, ecx je short loc_00421e16 ; je 0x421e16 mov eax, dword [ebx + (_players+28)] ; mov eax, dword [ebx + 0x496b84] add eax, dword [ebx + (_players+32)] ; add eax, dword [ebx + 0x496b88] cmp eax, 0x2710 jle short loc_00421e16 ; jle 0x421e16 cmp word [ebx + (_players+70)], 0 ; cmp word [ebx + 0x496bae], 0 jl short loc_00421e16 ; jl 0x421e16 mov dword [esp], 1 loc_00421e16: mov eax, dword [esp] add esp, 8 pop edi pop esi pop ebx ret fcn_00421e20: push ebx push esi xor ebx, ebx imul edx, dword [_current_player], 0x68 ; imul edx, dword [0x49910c], 0x68 mov al, byte [edx + (_players+17)] ; mov al, byte [edx + 0x496b79] and al, 3 cmp al, 3 jne short loc_00421e3c ; jne 0x421e3c xor eax, eax pop esi pop ebx ret loc_00421e3c: movzx esi, byte [edx + (_players+23)] ; movzx esi, byte [edx + 0x496b7f] call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 0xf sar edx, 0x1f idiv ecx cmp edx, esi jg short loc_00421e5d ; jg 0x421e5d mov ebx, 1 loc_00421e5d: mov eax, ebx pop esi pop ebx ret fcn_00421e62: push ebx push esi push edi push ebp sub esp, 0x430 xor edx, edx mov dword [esp + 0x410], edx mov dword [esp + 0x420], 1 mov dword [esp + 0x41c], edx mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add eax, 0x34 mov esi, dword [ref_00498e98] ; mov esi, dword [0x498e98] loc_00421e95: cmp esi, dword [esp + 0x420] jl short loc_00421ee8 ; jl 0x421ee8 mov dl, byte [eax + 0x19] test dl, dl je short loc_00421edc ; je 0x421edc xor ecx, ecx mov cl, dl mov edx, dword [_current_player] ; mov edx, dword [0x49910c] inc edx cmp ecx, edx je short loc_00421edc ; je 0x421edc cmp byte [eax + 0x1a], 0 je short loc_00421edc ; je 0x421edc mov ebx, dword [esp + 0x420] add ebx, 0x7d0 mov edx, dword [esp + 0x41c] mov word [esp + edx*2], bx lea ebp, [edx + 1] mov dword [esp + 0x41c], ebp loc_00421edc: inc dword [esp + 0x420] add eax, 0x34 jmp short loc_00421e95 ; jmp 0x421e95 loc_00421ee8: mov dword [esp + 0x420], 1 mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] loc_00421ef8: add eax, 0x38 mov edx, dword [esp + 0x420] cmp edx, dword [ref_00498e8c] ; cmp edx, dword [0x498e8c] jg short loc_00421f51 ; jg 0x421f51 mov bl, byte [eax + 0x19] test bl, bl je short loc_00421f48 ; je 0x421f48 xor ecx, ecx mov cl, bl mov edx, dword [_current_player] ; mov edx, dword [0x49910c] inc edx cmp ecx, edx je short loc_00421f48 ; je 0x421f48 cmp byte [eax + 0x1a], 0 je short loc_00421f48 ; je 0x421f48 mov ebx, dword [esp + 0x420] add ebx, 0xfa0 mov edx, dword [esp + 0x41c] mov word [esp + edx*2], bx lea edi, [edx + 1] mov dword [esp + 0x41c], edi loc_00421f48: inc dword [esp + 0x420] jmp short loc_00421ef8 ; jmp 0x421ef8 loc_00421f51: cmp dword [esp + 0x41c], 0 je near loc_004221ae ; je 0x4221ae xor esi, esi mov dword [esp + 0x420], esi jmp near loc_00422165 ; jmp 0x422165 loc_00421f6d: sub eax, 0xfa0 shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] loc_00421f82: movsx ebx, word [edx + eax] movsx eax, word [edx + eax + 2] mov dword [esp + 0x428], eax push 0xffffffffffffffff mov esi, dword [esp + 0x42c] push esi push ebx call fcn_0040a0b1 ; call 0x40a0b1 add esp, 0xc mov dword [esp + 0x404], eax xor ebp, ebp xor edi, edi mov dword [esp + 0x424], ebp mov dword [esp + 0x428], ebp xor esi, esi mov dword [esp + 0x414], ebp loc_00421fc7: cmp ebp, dword [esp + 0x404] jge near loc_00422091 ; jge 0x422091 mov bx, word [ebp*2 + ref_0048b8c4] ; mov bx, word [ebp*2 + 0x48b8c4] and ebx, 0xffff test bh, 0x80 je short loc_00421ff7 ; je 0x421ff7 mov dword [esp + 0x414], 1 jmp near loc_00422091 ; jmp 0x422091 loc_00421ff7: push ebx mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_004216ab ; call 0x4216ab mov dword [esp + 0x434], eax add esp, 8 lea ecx, [ebx - 0x7d0] lea eax, [ebx - 0xfa0] imul ecx, ecx, 0x34 shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx cmp dword [esp + 0x42c], 1 jne short loc_0042205d ; jne 0x42205d cmp ebx, 0xfa0 jge short loc_00422043 ; jge 0x422043 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] mov al, byte [ecx + eax + 0x1a] jmp short loc_0042204d ; jmp 0x42204d loc_00422043: mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] mov al, byte [edx + eax + 0x1a] loc_0042204d: and eax, 0xff add edi, eax inc dword [esp + 0x424] jmp short loc_0042208b ; jmp 0x42208b loc_0042205d: cmp ebx, 0xfa0 jge short loc_00422073 ; jge 0x422073 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add ecx, eax xor eax, eax mov al, byte [ecx + 0x1a] jmp short loc_00422082 ; jmp 0x422082 loc_00422073: mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] mov al, byte [edx + eax + 0x1a] and eax, 0xff loc_00422082: add esi, eax inc dword [esp + 0x428] loc_0042208b: inc ebp jmp near loc_00421fc7 ; jmp 0x421fc7 loc_00422091: mov eax, dword [esp + 0x424] mov dword [esp + 0x42c], eax fild dword [esp + 0x42c] mov eax, dword [esp + 0x428] mov dword [esp + 0x42c], eax fild dword [esp + 0x42c] fdivp st1 ; fdivp st(1) fstp dword [esp + 0x408] mov dword [esp + 0x42c], edi fild dword [esp + 0x42c] mov dword [esp + 0x42c], esi fild dword [esp + 0x42c] fdivp st1 ; fdivp st(1) fstp dword [esp + 0x40c] call fcn_0040d2b4 ; call 0x40d2b4 add eax, 2 mov dword [esp + 0x42c], eax fild dword [esp + 0x42c] fld1 fdivrp st1 ; fdivrp st(1) fstp dword [esp + 0x400] cmp dword [esp + 0x414], 0 jne short loc_00422151 ; jne 0x422151 fld dword [esp + 0x408] fcomp dword [esp + 0x400] fnstsw ax sahf jae short loc_00422151 ; jae 0x422151 fld dword [esp + 0x40c] fcomp dword [esp + 0x400] fnstsw ax sahf jae short loc_00422151 ; jae 0x422151 mov eax, dword [esp + 0x418] mov dword [ref_0048be64], eax ; mov dword [0x48be64], eax mov dword [esp + 0x410], 1 loc_00422151: mov ecx, dword [esp + 0x420] inc ecx mov dword [esp + 0x420], ecx cmp ecx, 0xa jge short loc_004221ae ; jge 0x4221ae loc_00422165: cmp dword [esp + 0x410], 0 jne short loc_004221ae ; jne 0x4221ae call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv dword [esp + 0x41c] mov ax, word [esp + edx*2] and eax, 0xffff mov dword [esp + 0x418], eax cmp eax, 0xfa0 jge near loc_00421f6d ; jge 0x421f6d sub eax, 0x7d0 imul eax, eax, 0x34 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] jmp near loc_00421f82 ; jmp 0x421f82 loc_004221ae: mov eax, dword [esp + 0x410] add esp, 0x430 pop ebp pop edi pop esi pop ebx ret fcn_004221c0: push ebx push esi imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov dl, byte [eax + (_players+17)] ; mov dl, byte [eax + 0x496b79] cmp dl, 2 jne near loc_00422319 ; jne 0x422319 mov byte [eax + (_players+18)], 3 ; mov byte [eax + 0x496b7a], 3 mov dh, byte [eax + (_players+64)] ; mov dh, byte [eax + 0x496ba8] test dh, dh je short loc_0042221e ; je 0x42221e xor ecx, ecx mov cl, dh dec ecx mov edx, ecx shl edx, 2 sub edx, ecx mov dl, byte [edx*8 + ref_00496d0c] ; mov dl, byte [edx*8 + 0x496d0c] and edx, 0xff cmp edx, 0xf jl near loc_00422439 ; jl 0x422439 cmp edx, 0x14 jle near loc_00422440 ; jle 0x422440 mov byte [eax + (_players+18)], 3 ; mov byte [eax + 0x496b7a], 3 pop esi pop ebx ret loc_0042221e: push 5 mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_0040b221 ; call 0x40b221 add esp, 8 xor edx, edx xor ebx, ebx xor esi, esi jmp short loc_00422281 ; jmp 0x422281 loc_00422237: cmp eax, 0xfa0 jle short loc_0042227b ; jle 0x42227b cmp eax, 0x1770 jge short loc_0042227b ; jge 0x42227b sub eax, 0xfa0 shl eax, 3 mov ecx, eax shl eax, 3 sub eax, ecx mov ecx, eax mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] add eax, ecx mov cl, byte [eax + 0x19] test cl, cl je near loc_004222d5 ; je 0x4222d5 mov al, cl and eax, 0xff mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] inc ecx cmp eax, ecx je short loc_004222d5 ; je 0x4222d5 loc_0042227a: inc esi loc_0042227b: inc edx cmp edx, 5 jge short loc_004222d8 ; jge 0x4222d8 loc_00422281: xor ecx, ecx mov cx, word [edx*2 + ref_0048b8b4] ; mov cx, word [edx*2 + 0x48b8b4] mov eax, ecx shl eax, 2 add eax, ecx mov ecx, dword [ref_00498e80] ; mov ecx, dword [0x498e80] mov ax, word [ecx + eax*8 + 0x20] and eax, 0xffff cmp eax, 0x7d0 jle short loc_00422237 ; jle 0x422237 cmp eax, 0xfa0 jge short loc_00422237 ; jge 0x422237 sub eax, 0x7d0 imul eax, eax, 0x34 mov ecx, dword [ref_00498e84] ; mov ecx, dword [0x498e84] add eax, ecx cmp byte [eax + 0x19], 0 je short loc_004222d5 ; je 0x4222d5 xor ecx, ecx mov cl, byte [eax + 0x19] mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp ecx, eax jne short loc_0042227a ; jne 0x42227a loc_004222d5: inc ebx jmp short loc_0042227b ; jmp 0x42227b loc_004222d8: test ebx, ebx jne short loc_004222fb ; jne 0x4222fb cmp esi, 2 jle short loc_004222fb ; jle 0x4222fb call clib_rand ; call 0x456f2d mov dl, al and dl, 1 add dl, 2 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov byte [eax + (_players+18)], dl ; mov byte [eax + 0x496b7a], dl loc_004222fb: cmp ebx, 2 jl near loc_00422440 ; jl 0x422440 cmp esi, 1 jg near loc_00422440 ; jg 0x422440 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 jmp near loc_00422439 ; jmp 0x422439 loc_00422319: cmp dl, 1 jne near loc_00422440 ; jne 0x422440 mov byte [eax + (_players+18)], 2 ; mov byte [eax + 0x496b7a], 2 mov bh, byte [eax + (_players+64)] ; mov bh, byte [eax + 0x496ba8] test bh, bh je short loc_0042235d ; je 0x42235d xor edx, edx mov dl, bh lea ecx, [edx - 1] mov edx, ecx shl edx, 2 sub edx, ecx mov dl, byte [edx*8 + ref_00496d0c] ; mov dl, byte [edx*8 + 0x496d0c] and edx, 0xff cmp edx, 0xf jl near loc_00422439 ; jl 0x422439 cmp edx, 0x14 pop esi pop ebx ret loc_0042235d: push 5 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_0040b221 ; call 0x40b221 add esp, 8 xor edx, edx xor ebx, ebx xor esi, esi jmp short loc_004223bb ; jmp 0x4223bb loc_00422376: cmp eax, 0xfa0 jle short loc_004223b5 ; jle 0x4223b5 cmp eax, 0x1770 jge short loc_004223b5 ; jge 0x4223b5 sub eax, 0xfa0 shl eax, 3 mov ecx, eax shl eax, 3 sub eax, ecx mov ecx, dword [ref_00498e88] ; mov ecx, dword [0x498e88] add eax, ecx cmp byte [eax + 0x19], 0 je near loc_0042240e ; je 0x42240e xor ecx, ecx mov cl, byte [eax + 0x19] mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp ecx, eax je short loc_0042240e ; je 0x42240e loc_004223b4: inc esi loc_004223b5: inc edx cmp edx, 5 jge short loc_00422411 ; jge 0x422411 loc_004223bb: xor ecx, ecx mov cx, word [edx*2 + ref_0048b8b4] ; mov cx, word [edx*2 + 0x48b8b4] mov eax, ecx shl eax, 2 add eax, ecx mov ecx, dword [ref_00498e80] ; mov ecx, dword [0x498e80] mov ax, word [ecx + eax*8 + 0x20] and eax, 0xffff cmp eax, 0x7d0 jle short loc_00422376 ; jle 0x422376 cmp eax, 0xfa0 jge short loc_00422376 ; jge 0x422376 sub eax, 0x7d0 imul ecx, eax, 0x34 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add eax, ecx cmp byte [eax + 0x19], 0 je short loc_0042240e ; je 0x42240e xor ecx, ecx mov cl, byte [eax + 0x19] mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp ecx, eax jne short loc_004223b4 ; jne 0x4223b4 loc_0042240e: inc ebx jmp short loc_004223b5 ; jmp 0x4223b5 loc_00422411: test ebx, ebx jne short loc_00422428 ; jne 0x422428 cmp esi, 2 jle short loc_00422428 ; jle 0x422428 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov byte [eax + (_players+18)], 2 ; mov byte [eax + 0x496b7a], 2 loc_00422428: cmp ebx, 2 jl short loc_00422440 ; jl 0x422440 cmp esi, 1 jg short loc_00422440 ; jg 0x422440 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 loc_00422439: mov byte [eax + (_players+18)], 1 ; mov byte [eax + 0x496b7a], 1 loc_00422440: pop esi pop ebx ret fcn_00422443: push ebx push esi push edi push ebp push 0 push 2 push 0 push 0x101010 push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor ebx, ebx mov esi, 0x58 loc_00422463: push 2 push esi push 0x8e mov edx, dword [ebx*4 + ref_00475418] ; mov edx, dword [ebx*4 + 0x475418] push edx mov eax, dword [ref_0048c270] ; mov eax, dword [0x48c270] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx add esi, 0x30 cmp ebx, 4 jl short loc_00422463 ; jl 0x422463 mov ebx, 4 mov esi, 0x58 loc_00422497: push 2 push esi push 0x1ae mov ecx, dword [ebx*4 + ref_00475418] ; mov ecx, dword [ebx*4 + 0x475418] push ecx mov eax, dword [ref_0048c270] ; mov eax, dword [0x48c270] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx add esi, 0x30 cmp ebx, 8 jl short loc_00422497 ; jl 0x422497 mov ebx, 8 mov esi, 0x128 loc_004224cb: push 2 push esi push 0x8e mov edi, dword [ebx*4 + ref_00475418] ; mov edi, dword [ebx*4 + 0x475418] push edi mov eax, dword [ref_0048c270] ; mov eax, dword [0x48c270] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx add esi, 0x30 cmp ebx, 0xc jl short loc_004224cb ; jl 0x4224cb xor ebx, ebx loc_004224f7: push 2 push 0x70 movsx eax, word [ebx*2 + ref_00475454] ; movsx eax, word [ebx*2 + 0x475454] push eax mov ebp, dword [ebx*4 + ref_004753e8] ; mov ebp, dword [ebx*4 + 0x4753e8] push ebp mov eax, dword [ref_0048c270] ; mov eax, dword [0x48c270] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx cmp ebx, 5 jl short loc_004224f7 ; jl 0x4224f7 xor ebx, ebx loc_00422525: push 2 push 0x44 movsx eax, word [ebx*2 + ref_0047545e] ; movsx eax, word [ebx*2 + 0x47545e] push eax mov edx, dword [ebx*4 + ref_00475448] ; mov edx, dword [ebx*4 + 0x475448] push edx mov eax, dword [ref_0048c270] ; mov eax, dword [0x48c270] add eax, 0x24 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx cmp ebx, 3 jl short loc_00422525 ; jl 0x422525 push 4 push 0xff push ref_0048c278 ; push 0x48c278 call memset ; call 0x456f60 add esp, 0xc xor ebx, ebx xor esi, esi mov ecx, dword [_nplayers] ; mov ecx, dword [0x499114] loc_0042256f: cmp ebx, ecx jge short loc_00422589 ; jge 0x422589 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_00422586 ; je 0x422586 mov byte [esi + ref_0048c278], bl ; mov byte [esi + 0x48c278], bl inc esi loc_00422586: inc ebx jmp short loc_0042256f ; jmp 0x42256f loc_00422589: pop ebp pop edi pop esi pop ebx ret endloc_0042258e: db 0x90 ref_0042258f: ; may contain a jump table dd loc_004226df dd loc_00422a15 dd loc_00422ba6 dd loc_00422d51 dd loc_00422ebd fcn_004225a3: push ebx push esi push edi push ebp sub esp, 0xa0 mov ebx, dword [esp + 0xb4] mov edi, dword [esp + 0xb8] mov esi, 0x90 xor edx, edx mov dword [esp + 0x94], edx cmp ebx, dword [ref_004754a8] ; cmp ebx, dword [0x4754a8] je short loc_004225e6 ; je 0x4225e6 push ebx mov ebp, dword [ref_0048c27c] ; mov ebp, dword [0x48c27c] push ebp call fcn_00423b3b ; call 0x423b3b add esp, 8 mov dword [ref_0048c280], eax ; mov dword [0x48c280], eax loc_004225e6: push 0 mov eax, dword [ref_0048c27c] ; mov eax, dword [0x48c27c] inc eax push eax call fcn_00419744 ; call 0x419744 add esp, 8 mov ebp, eax cmp edi, 1 jb short loc_00422607 ; jb 0x422607 jbe short loc_00422613 ; jbe 0x422613 cmp edi, 2 je short loc_00422630 ; je 0x422630 jmp short loc_00422646 ; jmp 0x422646 loc_00422607: test edi, edi jne short loc_00422646 ; jne 0x422646 mov dword [ref_00475404], edi ; mov dword [0x475404], edi jmp short loc_00422646 ; jmp 0x422646 loc_00422613: mov eax, dword [ref_00475404] ; mov eax, dword [0x475404] add eax, 0xb cmp eax, dword [ref_0048c280] ; cmp eax, dword [0x48c280] jg near loc_00423065 ; jg 0x423065 add dword [ref_00475404], 0xa ; add dword [0x475404], 0xa jmp short loc_00422646 ; jmp 0x422646 loc_00422630: mov eax, dword [ref_00475404] ; mov eax, dword [0x475404] test eax, eax je near loc_00423065 ; je 0x423065 lea edx, [eax - 0xa] mov dword [ref_00475404], edx ; mov dword [0x475404], edx loc_00422646: mov eax, dword [ref_00475404] ; mov eax, dword [0x475404] add eax, 0xa mov edx, dword [ref_0048c280] ; mov edx, dword [0x48c280] cmp eax, edx jle short loc_00422669 ; jle 0x422669 mov eax, edx mov edi, dword [ref_00475404] ; mov edi, dword [0x475404] sub eax, edi mov dword [ref_00475408], eax ; mov dword [0x475408], eax jmp short loc_00422673 ; jmp 0x422673 loc_00422669: mov dword [ref_00475408], 0xa ; mov dword [0x475408], 0xa loc_00422673: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x140 push 0x1d0 push 0x80 push 0x78 push 0x80 push 0x78 mov eax, dword [ref_0048c270] ; mov eax, dword [0x48c270] add eax, 0x18 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045643d ; call 0x45643d add esp, 0x20 push 1 push 2 push 0 push 0x101010 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 cmp ebx, 4 ja near loc_00423011 ; ja 0x423011 mov eax, ebx jmp dword [eax*4 + ref_0042258f] ; ujmp: jmp dword [eax*4 + 0x42258f] loc_004226df: xor edi, edi loc_004226e1: cmp edi, dword [ref_00475408] ; cmp edi, dword [0x475408] jge near loc_00423011 ; jge 0x423011 mov eax, dword [ref_00475404] ; mov eax, dword [0x475404] add eax, edi add eax, eax mov dx, word [eax + ref_0048be70] ; mov dx, word [eax + 0x48be70] cmp dx, 0xfa0 jae near loc_00422883 ; jae 0x422883 mov eax, edx and eax, 0xffff sub eax, 0x7d0 imul eax, eax, 0x34 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] add ebx, eax push 2 push esi movsx eax, word [ref_00475454] ; movsx eax, word [0x475454] push eax lea eax, [ebx + 4] mov dword [esp + 0xa8], eax push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 cmp byte [ebx + 0x18], 0 jne short loc_00422780 ; jne 0x422780 push 2 push esi movsx eax, word [ref_00475456] ; movsx eax, word [0x475456] push eax xor eax, eax mov al, byte [ebx + 0x1a] mov edx, dword [eax*4 + ref_00475138] ; mov edx, dword [eax*4 + 0x475138] push edx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov ecx, dword [esp + 0x9c] push ecx xor eax, eax mov al, byte [ebx + 0x19] push eax call fcn_00419744 ; call 0x419744 add esp, 8 push eax jmp short loc_0042279b ; jmp 0x42279b loc_00422780: push 2 push esi movsx eax, word [ref_00475456] ; movsx eax, word [0x475456] push eax push ref_00463d6c ; push 0x463d6c push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push ebp loc_0042279b: lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi movsx eax, word [ref_0047545a] ; movsx eax, word [0x47545a] add eax, 0x2a push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor edx, edx mov dx, word [ebx + 0x1e] xor eax, eax mov al, byte [ebx + 0x1a] imul eax, edx xor edx, edx mov dx, word [ebx + 0x1c] add eax, edx imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] push eax lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi movsx eax, word [ref_00475458] ; movsx eax, word [0x475458] add eax, 0x26 push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov ecx, dword [ebx + 0x30] test ecx, ecx je short loc_0042286d ; je 0x42286d mov eax, ecx shr eax, 0x10 mov ecx, 0x64 xor edx, edx div ecx mov eax, dword [ebx + 0x30] shr eax, 8 and eax, 0xf mov dword [esp + 0x90], eax mov eax, dword [ebx + 0x30] and eax, 0xff push eax mov ebx, dword [esp + 0x94] push ebx loc_00422843: push edx push ref_00463e14 ; push 0x463e14 lea eax, [esp + 0x10] push eax call fcn_00457110 ; call 0x457110 add esp, 0x14 push 2 push esi movsx eax, word [ref_0047545c] ; movsx eax, word [0x47545c] push eax lea eax, [esp + 0xc] push eax push 0 jmp near loc_00422a04 ; jmp 0x422a04 loc_0042286d: push 2 push esi movsx eax, word [ref_0047545c] ; movsx eax, word [0x47545c] push eax push ref_00463e1f ; push 0x463e1f push ecx jmp near loc_00422a04 ; jmp 0x422a04 loc_00422883: mov eax, dword [esp + 0x94] test eax, eax jne short loc_004228ad ; jne 0x4228ad push 1 push 2 push eax push 0x1010f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov dword [esp + 0x94], 1 loc_004228ad: mov eax, dword [ref_00475404] ; mov eax, dword [0x475404] add eax, edi mov ax, word [eax*2 + ref_0048be70] ; mov ax, word [eax*2 + 0x48be70] and eax, 0xffff sub eax, 0xfa0 shl eax, 3 mov ebx, eax shl eax, 3 sub eax, ebx mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] add ebx, eax push 2 push esi movsx eax, word [ref_00475454] ; movsx eax, word [0x475454] push eax lea eax, [ebx + 4] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 cmp byte [ebx + 0x1a], 0 je short loc_00422911 ; je 0x422911 push 2 push esi movsx eax, word [ref_00475456] ; movsx eax, word [0x475456] push eax xor eax, eax mov al, byte [ebx + 0x18] mov edx, dword [eax*4 + ref_00475150] ; mov edx, dword [eax*4 + 0x475150] push edx jmp short loc_00422923 ; jmp 0x422923 loc_00422911: push 2 push esi movsx eax, word [ref_00475456] ; movsx eax, word [0x475456] push eax mov ecx, dword [ref_00475138] ; mov ecx, dword [0x475138] push ecx loc_00422923: push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor edx, edx mov dx, word [ebx + 0x24] xor eax, eax mov al, byte [ebx + 0x1a] imul edx, eax xor eax, eax mov ax, word [ebx + 0x22] add eax, edx imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] push eax lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi movsx eax, word [ref_00475458] ; movsx eax, word [0x475458] add eax, 0x26 push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 cmp byte [ebx + 0x18], 0 je short loc_00422999 ; je 0x422999 cmp byte [ebx + 0x1a], 0 je short loc_00422999 ; je 0x422999 xor eax, eax mov al, byte [ebx + 0x1a] mov ax, word [ebx + eax*2 + 0x24] and eax, 0xffff imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] jmp short loc_0042299b ; jmp 0x42299b loc_00422999: xor eax, eax loc_0042299b: push eax lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi movsx eax, word [ref_0047545a] ; movsx eax, word [0x47545a] add eax, 0x2a push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov ecx, dword [ebx + 0x34] test ecx, ecx je short loc_004229f3 ; je 0x4229f3 mov eax, ecx shr eax, 0x10 mov ecx, 0x64 xor edx, edx div ecx mov ecx, dword [ebx + 0x34] shr ecx, 8 and ecx, 0xf mov eax, dword [ebx + 0x34] and eax, 0xff push eax push ecx jmp near loc_00422843 ; jmp 0x422843 loc_004229f3: push 2 push esi movsx eax, word [ref_0047545c] ; movsx eax, word [0x47545c] push eax push ref_00463e1f ; push 0x463e1f push ecx loc_00422a04: call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc edi add esi, 0x20 jmp near loc_004226e1 ; jmp 0x4226e1 loc_00422a15: xor edi, edi loc_00422a17: cmp edi, dword [ref_00475408] ; cmp edi, dword [0x475408] jge near loc_00423011 ; jge 0x423011 mov eax, dword [ref_00475404] ; mov eax, dword [0x475404] add eax, edi mov ax, word [eax*2 + ref_0048be70] ; mov ax, word [eax*2 + 0x48be70] and eax, 0xffff sub eax, 0x7d0 imul ebx, eax, 0x34 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add ebx, eax push 2 push esi movsx eax, word [ref_00475454] ; movsx eax, word [0x475454] push eax lea eax, [ebx + 4] mov dword [esp + 0xa4], eax push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 cmp byte [ebx + 0x18], 0 jne short loc_00422aa7 ; jne 0x422aa7 push 2 push esi movsx eax, word [ref_00475456] ; movsx eax, word [0x475456] push eax xor eax, eax mov al, byte [ebx + 0x1a] mov ecx, dword [eax*4 + ref_00475138] ; mov ecx, dword [eax*4 + 0x475138] push ecx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [esp + 0x98] push eax xor eax, eax mov al, byte [ebx + 0x19] push eax call fcn_00419744 ; call 0x419744 add esp, 8 push eax jmp short loc_00422ac2 ; jmp 0x422ac2 loc_00422aa7: push 2 push esi movsx eax, word [ref_00475456] ; movsx eax, word [0x475456] push eax push ref_00463d6c ; push 0x463d6c push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push ebp loc_00422ac2: lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi movsx eax, word [ref_0047545a] ; movsx eax, word [0x47545a] add eax, 0x2a push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor edx, edx mov dx, word [ebx + 0x1e] xor eax, eax mov al, byte [ebx + 0x1a] imul eax, edx xor edx, edx mov dx, word [ebx + 0x1c] add eax, edx imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] push eax lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi movsx eax, word [ref_00475458] ; movsx eax, word [0x475458] add eax, 0x26 push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov ecx, dword [ebx + 0x30] test ecx, ecx je short loc_00422b84 ; je 0x422b84 mov eax, ecx shr eax, 0x10 mov ecx, 0x64 xor edx, edx div ecx mov eax, dword [ebx + 0x30] shr eax, 8 and eax, 0xf mov ebx, dword [ebx + 0x30] and ebx, 0xff push ebx push eax push edx push ref_00463e14 ; push 0x463e14 lea eax, [esp + 0x10] push eax call fcn_00457110 ; call 0x457110 add esp, 0x14 push 2 push esi movsx eax, word [ref_0047545c] ; movsx eax, word [0x47545c] push eax lea eax, [esp + 0xc] push eax push 0 jmp short loc_00422b95 ; jmp 0x422b95 loc_00422b84: push 2 push esi movsx eax, word [ref_0047545c] ; movsx eax, word [0x47545c] push eax push ref_00463e1f ; push 0x463e1f push ecx loc_00422b95: call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc edi add esi, 0x20 jmp near loc_00422a17 ; jmp 0x422a17 loc_00422ba6: push 1 push 2 push 0 push 0x1010f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor edi, edi loc_00422bbd: cmp edi, dword [ref_00475408] ; cmp edi, dword [0x475408] jge near loc_00423011 ; jge 0x423011 mov eax, dword [ref_00475404] ; mov eax, dword [0x475404] add eax, edi mov ax, word [eax*2 + ref_0048be70] ; mov ax, word [eax*2 + 0x48be70] and eax, 0xffff sub eax, 0xfa0 shl eax, 3 mov ebx, eax shl eax, 3 sub eax, ebx mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] add ebx, eax push 2 push esi movsx eax, word [ref_00475454] ; movsx eax, word [0x475454] push eax lea eax, [ebx + 4] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 cmp byte [ebx + 0x1a], 0 je short loc_00422c2d ; je 0x422c2d push 2 push esi movsx eax, word [ref_00475456] ; movsx eax, word [0x475456] push eax xor eax, eax mov al, byte [ebx + 0x18] mov ebp, dword [eax*4 + ref_00475150] ; mov ebp, dword [eax*4 + 0x475150] push ebp jmp short loc_00422c3f ; jmp 0x422c3f loc_00422c2d: push 2 push esi movsx eax, word [ref_00475456] ; movsx eax, word [0x475456] push eax mov ecx, dword [ref_00475138] ; mov ecx, dword [0x475138] push ecx loc_00422c3f: push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor edx, edx mov dx, word [ebx + 0x24] xor eax, eax mov al, byte [ebx + 0x1a] imul eax, edx xor edx, edx mov dx, word [ebx + 0x22] add eax, edx imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] push eax lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi movsx eax, word [ref_00475458] ; movsx eax, word [0x475458] add eax, 0x26 push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 cmp byte [ebx + 0x18], 0 je short loc_00422cb5 ; je 0x422cb5 mov dh, byte [ebx + 0x1a] test dh, dh je short loc_00422cb5 ; je 0x422cb5 xor eax, eax mov al, dh mov ax, word [ebx + eax*2 + 0x24] and eax, 0xffff imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] jmp short loc_00422cb7 ; jmp 0x422cb7 loc_00422cb5: xor eax, eax loc_00422cb7: push eax lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi movsx eax, word [ref_0047545a] ; movsx eax, word [0x47545a] add eax, 0x2a push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov ebp, dword [ebx + 0x34] test ebp, ebp je short loc_00422d2f ; je 0x422d2f mov eax, ebp shr eax, 0x10 mov ecx, 0x64 xor edx, edx div ecx mov ecx, ebp shr ecx, 8 and ecx, 0xf mov eax, ebp and eax, 0xff push eax push ecx push edx push ref_00463e14 ; push 0x463e14 lea eax, [esp + 0x10] push eax call fcn_00457110 ; call 0x457110 add esp, 0x14 push 2 push esi movsx eax, word [ref_0047545c] ; movsx eax, word [0x47545c] push eax lea eax, [esp + 0xc] push eax push 0 jmp short loc_00422d40 ; jmp 0x422d40 loc_00422d2f: push 2 push esi movsx eax, word [ref_0047545c] ; movsx eax, word [0x47545c] push eax push ref_00463e1f ; push 0x463e1f push ebp loc_00422d40: call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc edi add esi, 0x20 jmp near loc_00422bbd ; jmp 0x422bbd loc_00422d51: xor edi, edi loc_00422d53: cmp edi, dword [ref_00475408] ; cmp edi, dword [0x475408] jge near loc_00423011 ; jge 0x423011 mov eax, dword [ref_00475404] ; mov eax, dword [0x475404] add eax, edi mov ax, word [eax*2 + ref_0048be70] ; mov ax, word [eax*2 + 0x48be70] and eax, 0xffff sub eax, 0x7d0 imul eax, eax, 0x34 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] add ebx, eax push 2 push esi movsx eax, word [ref_00475454] ; movsx eax, word [0x475454] push eax lea ebp, [ebx + 4] push ebp push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push esi movsx eax, word [ref_00475456] ; movsx eax, word [0x475456] push eax xor eax, eax mov al, byte [ebx + 0x1a] mov edx, dword [eax*4 + ref_00475138] ; mov edx, dword [eax*4 + 0x475138] push edx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor edx, edx mov dx, word [ebx + 0x1e] xor eax, eax mov al, byte [ebx + 0x1a] imul eax, edx xor edx, edx mov dx, word [ebx + 0x1c] add eax, edx imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] push eax lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi movsx eax, word [ref_00475458] ; movsx eax, word [0x475458] add eax, 0x26 push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push ebp xor eax, eax mov al, byte [ebx + 0x19] push eax call fcn_00419744 ; call 0x419744 add esp, 8 push eax lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi movsx eax, word [ref_0047545a] ; movsx eax, word [0x47545a] add eax, 0x2a push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov ebp, dword [ebx + 0x30] test ebp, ebp je short loc_00422e9b ; je 0x422e9b mov eax, ebp shr eax, 0x10 mov ecx, 0x64 xor edx, edx div ecx mov eax, ebp shr eax, 8 and eax, 0xf mov dword [esp + 0x90], eax mov eax, ebp and eax, 0xff push eax mov eax, dword [esp + 0x94] push eax push edx push ref_00463e14 ; push 0x463e14 lea eax, [esp + 0x10] push eax call fcn_00457110 ; call 0x457110 add esp, 0x14 push 2 push esi movsx eax, word [ref_0047545c] ; movsx eax, word [0x47545c] push eax lea eax, [esp + 0xc] push eax push 0 jmp short loc_00422eac ; jmp 0x422eac loc_00422e9b: push 2 push esi movsx eax, word [ref_0047545c] ; movsx eax, word [0x47545c] push eax push ref_00463e1f ; push 0x463e1f push ebp loc_00422eac: call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc edi add esi, 0x20 jmp near loc_00422d53 ; jmp 0x422d53 loc_00422ebd: xor edi, edi loc_00422ebf: cmp edi, dword [ref_00475408] ; cmp edi, dword [0x475408] jge near loc_00423011 ; jge 0x423011 mov eax, dword [ref_00475404] ; mov eax, dword [0x475404] add eax, edi mov ax, word [eax*2 + ref_0048be70] ; mov ax, word [eax*2 + 0x48be70] and eax, 0xffff sub eax, 0x7d0 imul eax, eax, 0x34 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] add ebx, eax push 2 push esi movsx eax, word [ref_00475454] ; movsx eax, word [0x475454] push eax lea eax, [ebx + 4] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push esi movsx eax, word [ref_00475456] ; movsx eax, word [0x475456] push eax push ref_00463d6c ; push 0x463d6c push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor edx, edx mov dx, word [ebx + 0x1e] xor eax, eax mov al, byte [ebx + 0x1a] imul eax, edx xor edx, edx mov dx, word [ebx + 0x1c] add eax, edx imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] push eax lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi movsx eax, word [ref_00475458] ; movsx eax, word [0x475458] add eax, 0x26 push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push ebp lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi movsx eax, word [ref_0047545a] ; movsx eax, word [0x47545a] add eax, 0x2a push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ebx + 0x30] test eax, eax je short loc_00422fee ; je 0x422fee shr eax, 0x10 mov ecx, 0x64 xor edx, edx div ecx mov eax, dword [ebx + 0x30] shr eax, 8 and eax, 0xf mov dword [esp + 0x90], eax mov eax, dword [ebx + 0x30] and eax, 0xff push eax mov ecx, dword [esp + 0x94] push ecx push edx push ref_00463e14 ; push 0x463e14 lea eax, [esp + 0x10] push eax call fcn_00457110 ; call 0x457110 add esp, 0x14 push 2 push esi movsx eax, word [ref_0047545c] ; movsx eax, word [0x47545c] push eax lea eax, [esp + 0xc] push eax jmp short loc_00422ffe ; jmp 0x422ffe loc_00422fee: push 2 push esi movsx eax, word [ref_0047545c] ; movsx eax, word [0x47545c] push eax push ref_00463e1f ; push 0x463e1f loc_00422ffe: push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc edi add esi, 0x20 jmp near loc_00422ebf ; jmp 0x422ebf loc_00423011: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov dword [esp + 0x80], 0x78 mov dword [esp + 0x88], 0x248 mov dword [esp + 0x84], 0x80 mov dword [esp + 0x8c], 0x1c0 push 0 lea eax, [esp + 0x84] push eax mov edx, dword [_gWindowHandle] ; mov edx, dword [0x48a0d4] push edx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_00423065: add esp, 0xa0 pop ebp pop edi pop esi pop ebx ret fcn_00423070: push ebx push esi push edi push ebp sub esp, 0x88 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0 push 0 mov ecx, dword [ref_0048c270] ; mov ecx, dword [0x48c270] mov edx, dword [ref_004753fc] ; mov edx, dword [0x4753fc] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 lea edx, [ecx + 0xc] add eax, edx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x17 push 0x223 mov eax, dword [ref_0048c270] ; mov eax, dword [0x48c270] add eax, 0x48 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x64 push 0x3c imul eax, dword [ref_0048c27c], 0x34 ; imul eax, dword [0x48c27c], 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0xc push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_00456418 ; call 0x456418 add esp, 0x10 imul eax, dword [ref_0048c27c], 0x68 ; imul eax, dword [0x48c27c], 0x68 cmp byte [eax + (_players+63)], 0 ; cmp byte [eax + 0x496ba7], 0 je near loc_004231ba ; je 0x4231ba push 0xbc push 0x3c xor edx, edx mov dl, byte [eax + (_players+63)] ; mov dl, byte [eax + 0x496ba7] mov edx, dword [edx*4 + ref_00475464] ; mov edx, dword [edx*4 + 0x475464] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c270] ; mov eax, dword [0x48c270] add eax, 0xc add eax, edx push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0 push 2 push 0 push 0x101010 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 imul eax, dword [ref_0048c27c], 0x68 ; imul eax, dword [0x48c27c], 0x68 mov al, byte [eax + (_players+63)] ; mov al, byte [eax + 0x496ba7] and eax, 0xff lea edx, [eax - 1] mov eax, edx shl eax, 2 sub eax, edx mov al, byte [eax*8 + ref_00496d0c] ; mov al, byte [eax*8 + 0x496d0c] and eax, 0xff push eax push ref_00463e26 ; push 0x463e26 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 2 push 0xea push 0x3c lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 loc_004231ba: xor ebx, ebx mov esi, 0x12e jmp short loc_004231e3 ; jmp 0x4231e3 loc_004231c3: push 2 push esi push 0x3c mov edi, dword [ebx*4 + ref_0047540c] ; mov edi, dword [ebx*4 + 0x47540c] push edi push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx add esi, 0x40 cmp ebx, 3 jge short loc_00423215 ; jge 0x423215 loc_004231e3: cmp ebx, dword [ref_004753fc] ; cmp ebx, dword [0x4753fc] jne short loc_00423205 ; jne 0x423205 push 0 push 3 push 0x101010 push 0xffffff loc_004231f9: push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 jmp short loc_004231c3 ; jmp 0x4231c3 loc_00423205: push 0 push 3 push 0x101010 push 0xc0c0c0 jmp short loc_004231f9 ; jmp 0x4231f9 loc_00423215: push 0 push 2 push 0 push 0x101010 push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor ebx, ebx mov dword [esp + 0x80], 0x10 loc_00423237: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge near loc_004232d4 ; jge 0x4232d4 mov dh, byte [ebx + ref_0048c278] ; mov dh, byte [ebx + 0x48c278] cmp dh, 0xff je near loc_004232d4 ; je 0x4232d4 xor eax, eax mov al, dh cmp eax, dword [ref_0048c27c] ; cmp eax, dword [0x48c27c] jne short loc_0042327a ; jne 0x42327a push 0xe mov edx, dword [esp + 0x84] push edx mov eax, dword [ref_0048c270] ; mov eax, dword [0x48c270] add eax, 0x30 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx jmp short loc_00423293 ; jmp 0x423293 loc_0042327a: push 0xf mov ebp, dword [esp + 0x84] push ebp mov eax, dword [ref_0048c270] ; mov eax, dword [0x48c270] add eax, 0x3c push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax loc_00423293: call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 2 push 0x1e mov eax, dword [esp + 0x88] add eax, 0x2c push eax xor eax, eax mov al, byte [ebx + ref_0048c278] ; mov al, byte [ebx + 0x48c278] imul eax, eax, 0x68 mov esi, dword [eax + (_players+0)] ; mov esi, dword [eax + 0x496b68] push esi push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx add dword [esp + 0x80], 0x58 jmp near loc_00423237 ; jmp 0x423237 loc_004232d4: mov ebx, dword [ref_004753fc] ; mov ebx, dword [0x4753fc] cmp ebx, 1 jb short loc_004232f3 ; jb 0x4232f3 jbe near loc_00423841 ; jbe 0x423841 cmp ebx, 2 je near loc_004238b1 ; je 0x4238b1 jmp near loc_0042399e ; jmp 0x42399e loc_004232f3: test ebx, ebx jne near loc_0042399e ; jne 0x42399e push ebx push 2 push ebx push 0x101010 push 0x1c call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 imul eax, dword [ref_0048c27c], 0x68 ; imul eax, dword [0x48c27c], 0x68 mov ebx, dword [eax + (_players+28)] ; mov ebx, dword [eax + 0x496b84] push ebx lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push 0x58 push 0x14a lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 imul eax, dword [ref_0048c27c], 0x68 ; imul eax, dword [0x48c27c], 0x68 mov edi, dword [eax + (_players+32)] ; mov edi, dword [eax + 0x496b88] push edi lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push 0x88 push 0x14a lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 imul eax, dword [ref_0048c27c], 0x68 ; imul eax, dword [0x48c27c], 0x68 mov edx, dword [eax + (_players+36)] ; mov edx, dword [eax + 0x496b8c] push edx lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push 0xb8 push 0x14a lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov ecx, dword [ref_0048c27c] ; mov ecx, dword [0x48c27c] push ecx call fcn_004239b9 ; call 0x4239b9 add esp, 4 push eax lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push 0xe8 push 0x14a lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor ebx, ebx mov dword [esp + 0x80], ebx loc_004233ee: mov edx, dword [ref_0048c27c] ; mov edx, dword [0x48c27c] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 5 mov eax, ebx fild dword [edx + eax*8 + _player_stocks] ; fild dword [edx + eax*8 + 0x4971a0] shl eax, 3 add eax, ebx fmul dword [eax*4 + (_stocks_on_map+20)] ; fmul dword [eax*4 + 0x496994] mov eax, dword [esp + 0x80] mov dword [esp + 0x84], eax fild dword [esp + 0x84] fstp dword [esp + 0x84] fadd dword [esp + 0x84] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x80] inc ebx cmp ebx, 0xc jl short loc_004233ee ; jl 0x4233ee mov ebx, dword [esp + 0x80] push ebx lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push 0x58 push 0x25a lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0xa lea eax, [esp + 4] push eax imul eax, dword [ref_0048c27c], 0x68 ; imul eax, dword [0x48c27c], 0x68 mov ax, word [eax + (_players+48)] ; mov ax, word [eax + 0x496b98] and eax, 0xffff push eax call fcn_00457d61 ; call 0x457d61 add esp, 0xc push 6 push 0x88 push 0x25a lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 imul eax, dword [ref_0048c27c], 0x68 ; imul eax, dword [0x48c27c], 0x68 mov al, byte [eax + (_players+62)] ; mov al, byte [eax + 0x496ba6] and eax, 0xff push eax push ref_00463e26 ; push 0x463e26 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 6 push 0xb8 push 0x25a lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_00498e7c] ; mov eax, dword [0x498e7c] add eax, 0x34 mov ebx, 1 xor ebp, ebp mov dword [esp + 0x80], ebp loc_0042350b: cmp ebx, dword [ref_00498e90] ; cmp ebx, dword [0x498e90] jg short loc_00423530 ; jg 0x423530 xor edx, edx mov dl, byte [eax + 0x18] mov esi, dword [ref_0048c27c] ; mov esi, dword [0x48c27c] inc esi cmp edx, esi jne short loc_0042352a ; jne 0x42352a inc dword [esp + 0x80] loc_0042352a: inc ebx add eax, 0x34 jmp short loc_0042350b ; jmp 0x42350b loc_00423530: mov ecx, dword [esp + 0x80] push ecx push ref_00463e2b ; push 0x463e2b lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 6 push 0xe8 push 0x25a lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add eax, 0x34 mov ebx, 1 xor esi, esi mov dword [esp + 0x80], esi xor edi, edi mov ebp, dword [ref_00498e98] ; mov ebp, dword [0x498e98] loc_00423583: cmp ebx, ebp jg short loc_004235b4 ; jg 0x4235b4 xor ecx, ecx mov cl, byte [eax + 0x19] mov edx, dword [ref_0048c27c] ; mov edx, dword [0x48c27c] inc edx cmp ecx, edx jne short loc_004235ae ; jne 0x4235ae inc dword [esp + 0x80] cmp byte [eax + 0x18], 0 je short loc_004235a7 ; je 0x4235a7 inc esi jmp short loc_004235ae ; jmp 0x4235ae loc_004235a7: cmp byte [eax + 0x1a], 0 je short loc_004235ae ; je 0x4235ae inc edi loc_004235ae: inc ebx add eax, 0x34 jmp short loc_00423583 ; jmp 0x423583 loc_004235b4: mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] add eax, 0x38 mov ebx, 1 xor ebp, ebp loc_004235c3: cmp ebx, dword [ref_00498e8c] ; cmp ebx, dword [0x498e8c] jg short loc_004235ef ; jg 0x4235ef xor ecx, ecx mov cl, byte [eax + 0x19] mov edx, dword [ref_0048c27c] ; mov edx, dword [0x48c27c] inc edx cmp ecx, edx jne short loc_004235e9 ; jne 0x4235e9 inc dword [esp + 0x80] cmp byte [eax + 0x1a], 0 je short loc_004235e9 ; je 0x4235e9 inc ebp loc_004235e9: inc ebx add eax, 0x38 jmp short loc_004235c3 ; jmp 0x4235c3 loc_004235ef: mov ebx, dword [esp + 0x80] push ebx push ref_00463e2b ; push 0x463e2b lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 6 push 0x128 push 0xfa lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push esi push ref_00463e2b ; push 0x463e2b lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 6 push 0x158 push 0xfa lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push edi push ref_00463e2b ; push 0x463e2b lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 6 push 0x188 push 0xfa lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push ebp push ref_00463e2b ; push 0x463e2b lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 6 push 0x1b8 push 0xfa lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 3 push 0x101010 push 0xffffff push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor ebx, ebx mov dword [esp + 0x80], 0x12c mov esi, 0x119 jmp short loc_004236e4 ; jmp 0x4236e4 loc_004236da: inc ebx cmp ebx, 0xd jge near loc_004237b3 ; jge 0x4237b3 loc_004236e4: mov edx, dword [ref_0048c27c] ; mov edx, dword [0x48c27c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx cmp byte [ebx + eax + ref_0049915c], 0 ; cmp byte [ebx + eax + 0x49915c], 0 je short loc_004236da ; je 0x4236da push esi mov eax, dword [esp + 0x84] sub eax, 0x10 push eax mov edi, dword [ref_0048c274] ; mov edi, dword [0x48c274] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 add edi, 0xc add eax, edi push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov edx, dword [ref_0048c27c] ; mov edx, dword [0x48c27c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx mov al, byte [ebx + eax + ref_0049915c] ; mov al, byte [ebx + eax + 0x49915c] and eax, 0xff push eax push ref_00463e2b ; push 0x463e2b lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 6 push esi mov eax, dword [esp + 0x88] add eax, 0x1e push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov edi, dword [esp + 0x80] add edi, 0x48 mov dword [esp + 0x80], edi cmp edi, 0x24c jle near loc_004236da ; jle 0x4236da mov dword [esp + 0x80], 0x12c add esi, 0x20 jmp near loc_004236da ; jmp 0x4236da loc_004237b3: xor ebx, ebx mov dword [esp + 0x80], 0x12c mov esi, 0x181 jmp short loc_004237d1 ; jmp 0x4237d1 loc_004237c7: inc ebx cmp ebx, 0xf jge near loc_0042399e ; jge 0x42399e loc_004237d1: mov edx, dword [ref_0048c27c] ; mov edx, dword [0x48c27c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx add eax, ebx cmp byte [eax + ref_00499120], 0 ; cmp byte [eax + 0x499120], 0 je short loc_004237c7 ; je 0x4237c7 push 2 push esi mov ecx, dword [esp + 0x88] push ecx mov al, byte [eax + ref_00499120] ; mov al, byte [eax + 0x499120] and eax, 0xff mov edi, dword [eax*8 + (_card_table - 8)] ; mov edi, dword [eax*8 + 0x47fdea] push edi push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov ebp, dword [esp + 0x80] add ebp, 0x48 mov dword [esp + 0x80], ebp cmp ebp, 0x24c jle short loc_004237c7 ; jle 0x4237c7 mov dword [esp + 0x80], 0x12c add esi, 0x20 jmp short loc_004237c7 ; jmp 0x4237c7 loc_00423841: xor ebx, ebx mov dword [esp + 0x80], 0x78 jmp short loc_00423883 ; jmp 0x423883 loc_00423850: push 2 push 0x50 mov eax, dword [esp + 0x88] add eax, 0x25 push eax mov edx, dword [ebx*4 + ref_004753d4] ; mov edx, dword [ebx*4 + 0x4753d4] push edx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx add dword [esp + 0x80], 0x4b cmp ebx, 5 jge near loc_0042399e ; jge 0x42399e loc_00423883: cmp ebx, dword [ref_00475400] ; cmp ebx, dword [0x475400] jne short loc_00423850 ; jne 0x423850 push 0x40 mov edi, dword [esp + 0x84] push edi mov eax, dword [ref_0048c270] ; mov eax, dword [0x48c270] add eax, 0x90 push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 jmp short loc_00423850 ; jmp 0x423850 loc_004238b1: push 0 push ebx push 0 push 0x101010 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor ebx, ebx mov esi, 0x64 loc_004238cc: push 2 push esi movsx eax, word [ref_0047545e] ; movsx eax, word [0x47545e] push eax mov edi, ebx shl edi, 3 add edi, ebx shl edi, 2 mov ebp, dword [edi + (_stocks_on_map+0)] ; mov ebp, dword [edi + 0x496980] push ebp push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov edx, dword [ref_0048c27c] ; mov edx, dword [0x48c27c] mov eax, edx shl eax, 2 sub eax, edx shl eax, 5 mov ebp, ebx mov edx, dword [eax + ebp*8 + _player_stocks] ; mov edx, dword [eax + ebp*8 + 0x4971a0] push edx lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi movsx eax, word [ref_00475460] ; movsx eax, word [0x475460] add eax, 0x34 push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov edx, dword [ref_0048c27c] ; mov edx, dword [0x48c27c] mov eax, edx shl eax, 2 sub eax, edx shl eax, 5 fild dword [eax + ebp*8 + _player_stocks] ; fild dword [eax + ebp*8 + 0x4971a0] fmul dword [edi + (_stocks_on_map+20)] ; fmul dword [edi + 0x496994] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x80] mov ecx, dword [esp + 0x80] push ecx lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi movsx eax, word [ref_00475462] ; movsx eax, word [0x475462] add eax, 0x3c push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx add esi, 0x20 cmp ebx, 0xc jl near loc_004238cc ; jl 0x4238cc loc_0042399e: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall add esp, 0x88 pop ebp pop edi pop esi pop ebx ret fcn_004239b9: push ebx push esi push edi push ebp sub esp, 8 mov ebx, dword [esp + 0x1c] imul eax, ebx, 0x68 mov edx, dword [eax + (_players+28)] ; mov edx, dword [eax + 0x496b84] add edx, dword [eax + (_players+32)] ; add edx, dword [eax + 0x496b88] mov esi, dword [eax + (_players+36)] ; mov esi, dword [eax + 0x496b8c] sub edx, esi mov dword [esp], edx xor edx, edx loc_004239e0: mov ecx, ebx shl ecx, 2 sub ecx, ebx shl ecx, 5 mov eax, edx fild dword [ecx + eax*8 + _player_stocks] ; fild dword [ecx + eax*8 + 0x4971a0] shl eax, 3 add eax, edx fmul dword [eax*4 + (_stocks_on_map+20)] ; fmul dword [eax*4 + 0x496994] mov eax, dword [esp] mov dword [esp + 4], eax fild dword [esp + 4] fstp dword [esp + 4] fadd dword [esp + 4] call fcn_00457dbc ; call 0x457dbc fistp dword [esp] inc edx cmp edx, 0xc jl short loc_004239e0 ; jl 0x4239e0 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add eax, 0x34 mov edx, 1 loc_00423a2d: cmp edx, dword [ref_00498e98] ; cmp edx, dword [0x498e98] jg short loc_00423a83 ; jg 0x423a83 xor ecx, ecx mov cl, byte [eax + 0x19] lea esi, [ebx + 1] cmp ecx, esi jne short loc_00423a7d ; jne 0x423a7d xor ecx, esi mov cx, word [eax + 0x1c] mov ebp, dword [esp] add ebp, ecx mov dword [esp], ebp cmp byte [eax + 0x18], 0 je short loc_00423a63 ; je 0x423a63 xor ecx, ecx mov cx, word [eax + 0x1e] lea edi, [ecx + ebp] mov dword [esp], edi jmp short loc_00423a7d ; jmp 0x423a7d loc_00423a63: cmp byte [eax + 0x1a], 0 je short loc_00423a7d ; je 0x423a7d xor ecx, ecx mov cl, byte [eax + 0x1a] xor esi, esi mov si, word [eax + 0x1e] imul ecx, esi lea esi, [ecx + ebp] mov dword [esp], esi loc_00423a7d: inc edx add eax, 0x34 jmp short loc_00423a2d ; jmp 0x423a2d loc_00423a83: mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] add eax, 0x38 mov edx, 1 mov ebp, dword [ref_00498e8c] ; mov ebp, dword [0x498e8c] loc_00423a96: cmp edx, ebp jg short loc_00423ac4 ; jg 0x423ac4 movzx esi, byte [eax + 0x19] lea ecx, [ebx + 1] cmp esi, ecx jne short loc_00423abe ; jne 0x423abe xor ecx, ecx mov cl, byte [eax + 0x1a] xor esi, esi mov si, word [eax + 0x24] imul ecx, esi xor esi, esi mov si, word [eax + 0x22] add ecx, esi add dword [esp], ecx loc_00423abe: inc edx add eax, 0x38 jmp short loc_00423a96 ; jmp 0x423a96 loc_00423ac4: mov eax, dword [esp] add esp, 8 pop ebp pop edi pop esi pop ebx ret fcn_00423acf: push ebx push esi push edi xor ebx, ebx xor esi, esi xor edi, edi loc_00423ad8: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_00423afb ; jge 0x423afb imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_00423af8 ; je 0x423af8 push ebx call fcn_004239b9 ; call 0x4239b9 add esp, 4 add esi, eax inc edi loc_00423af8: inc ebx jmp short loc_00423ad8 ; jmp 0x423ad8 loc_00423afb: mov eax, esi mov edx, esi sar edx, 0x1f idiv edi mov edx, eax sar edx, 0x1f mov ecx, dword [ref_0049908c] ; mov ecx, dword [0x49908c] idiv ecx mov ebx, eax cmp eax, dword [ref_004990e8] ; cmp eax, dword [0x4990e8] jle short loc_00423b20 ; jle 0x423b20 mov dword [ref_004990e8], eax ; mov dword [0x4990e8], eax loc_00423b20: pop edi pop esi pop ebx ret endloc_00423b24: db 0x8d db 0x40 db 0x00 ref_00423b27: ; may contain a jump table dd loc_00423b5b dd loc_00423bd1 dd loc_00423c0a dd loc_00423c48 dd loc_00423c90 fcn_00423b3b: push ebx push esi push edi push ebp mov ebx, dword [esp + 0x14] xor ecx, ecx mov edx, dword [esp + 0x18] cmp edx, 4 ja near loc_00423cd1 ; ja 0x423cd1 mov eax, edx jmp dword [eax*4 + ref_00423b27] ; ujmp: jmp dword [eax*4 + 0x423b27] loc_00423b5b: mov eax, 1 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] add edx, 0x34 lea esi, [ebx + 1] loc_00423b6c: cmp eax, dword [ref_00498e98] ; cmp eax, dword [0x498e98] jg short loc_00423b93 ; jg 0x423b93 movzx edi, byte [edx + 0x19] cmp edi, esi jne short loc_00423b8d ; jne 0x423b8d mov edi, eax add edi, 0x7d0 mov word [ecx*2 + ref_0048be70], di ; mov word [ecx*2 + 0x48be70], di inc ecx loc_00423b8d: inc eax add edx, 0x34 jmp short loc_00423b6c ; jmp 0x423b6c loc_00423b93: mov eax, 1 mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] add edx, 0x38 lea esi, [ebx + 1] mov ebp, dword [ref_00498e8c] ; mov ebp, dword [0x498e8c] loc_00423baa: cmp eax, ebp jg near loc_00423cd1 ; jg 0x423cd1 movzx edi, byte [edx + 0x19] cmp edi, esi jne short loc_00423bcb ; jne 0x423bcb mov edi, eax add edi, 0xfa0 mov word [ecx*2 + ref_0048be70], di ; mov word [ecx*2 + 0x48be70], di inc ecx loc_00423bcb: inc eax add edx, 0x38 jmp short loc_00423baa ; jmp 0x423baa loc_00423bd1: mov eax, 1 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] loc_00423bdc: add edx, 0x34 cmp eax, dword [ref_00498e98] ; cmp eax, dword [0x498e98] jg near loc_00423cd1 ; jg 0x423cd1 movzx edi, byte [edx + 0x19] lea esi, [ebx + 1] cmp edi, esi jne short loc_00423c07 ; jne 0x423c07 mov edi, eax add edi, 0x7d0 mov word [ecx*2 + ref_0048be70], di ; mov word [ecx*2 + 0x48be70], di inc ecx loc_00423c07: inc eax jmp short loc_00423bdc ; jmp 0x423bdc loc_00423c0a: mov eax, 1 mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] add edx, 0x38 lea esi, [ebx + 1] mov ebp, dword [ref_00498e8c] ; mov ebp, dword [0x498e8c] loc_00423c21: cmp eax, ebp jg near loc_00423cd1 ; jg 0x423cd1 movzx edi, byte [edx + 0x19] cmp edi, esi jne short loc_00423c42 ; jne 0x423c42 mov edi, eax add edi, 0xfa0 mov word [ecx*2 + ref_0048be70], di ; mov word [ecx*2 + 0x48be70], di inc ecx loc_00423c42: inc eax add edx, 0x38 jmp short loc_00423c21 ; jmp 0x423c21 loc_00423c48: mov eax, 1 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] add edx, 0x34 lea esi, [ebx + 1] loc_00423c59: cmp eax, dword [ref_00498e98] ; cmp eax, dword [0x498e98] jg near loc_00423cd1 ; jg 0x423cd1 movzx edi, byte [edx + 0x19] cmp edi, esi jne short loc_00423c8a ; jne 0x423c8a cmp byte [edx + 0x1a], 0 je short loc_00423c8a ; je 0x423c8a cmp byte [edx + 0x18], 0 jne short loc_00423c8a ; jne 0x423c8a mov edi, eax add edi, 0x7d0 mov word [ecx*2 + ref_0048be70], di ; mov word [ecx*2 + 0x48be70], di inc ecx loc_00423c8a: inc eax add edx, 0x34 jmp short loc_00423c59 ; jmp 0x423c59 loc_00423c90: mov eax, 1 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] loc_00423c9b: add edx, 0x34 cmp eax, dword [ref_00498e98] ; cmp eax, dword [0x498e98] jg short loc_00423cd1 ; jg 0x423cd1 movzx edi, byte [edx + 0x19] lea esi, [ebx + 1] cmp edi, esi jne short loc_00423cce ; jne 0x423cce cmp byte [edx + 0x1a], 0 je short loc_00423cce ; je 0x423cce cmp byte [edx + 0x18], 0 je short loc_00423cce ; je 0x423cce mov edi, eax add edi, 0x7d0 mov word [ecx*2 + ref_0048be70], di ; mov word [ecx*2 + 0x48be70], di inc ecx loc_00423cce: inc eax jmp short loc_00423c9b ; jmp 0x423c9b loc_00423cd1: mov eax, ecx pop ebp pop edi pop esi pop ebx ret endloc_00423cd8: db 0x8d db 0x40 db 0x00 ref_00423cdb: ; may contain a jump table dd loc_004241f2 dd loc_0042420b dd loc_0042420b dd loc_0042420b dd loc_0042424e dd loc_004242cd fcn_00423cf3: push ebx push esi push edi push ebp sub esp, 0x50 mov eax, dword [esp + 0x68] mov edx, dword [esp + 0x6c] mov edi, dword [esp + 0x70] cmp eax, 0x201 jb short loc_00423d41 ; jb 0x423d41 jbe near loc_00423dd1 ; jbe 0x423dd1 cmp eax, 0x203 jb near loc_004241d7 ; jb 0x4241d7 jbe near loc_00423dd1 ; jbe 0x423dd1 cmp eax, 0x205 jb near loc_0042447e ; jb 0x42447e jbe near loc_00424409 ; jbe 0x424409 cmp eax, 0x401 je short loc_00423d6c ; je 0x423d6c jmp near loc_0042447e ; jmp 0x42447e loc_00423d41: cmp eax, 0x100 jb short loc_00423d5e ; jb 0x423d5e jbe near loc_00424374 ; jbe 0x424374 cmp eax, 0x101 je near loc_00424366 ; je 0x424366 jmp near loc_0042447e ; jmp 0x42447e loc_00423d5e: cmp eax, 0xf je near loc_00424422 ; je 0x424422 jmp near loc_0042447e ; jmp 0x42447e loc_00423d6c: mov eax, dword [_current_player] ; mov eax, dword [0x49910c] mov dword [ref_0048c27c], eax ; mov dword [0x48c27c], eax xor ah, ah mov byte [ref_0048c284], ah ; mov byte [0x48c284], ah xor edx, edx mov word [ref_0048c285], dx ; mov word [0x48c285], dx call fcn_00422443 ; call 0x422443 call fcn_00423070 ; call 0x423070 cmp dword [ref_004753fc], 1 ; cmp dword [0x4753fc], 1 jne short loc_00423dab ; jne 0x423dab push 0 mov ecx, dword [ref_00475400] ; mov ecx, dword [0x475400] push ecx call fcn_004225a3 ; call 0x4225a3 add esp, 8 loc_00423dab: push 1 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 0 mov ebx, dword [esp + 0x6c] push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_00423dc5: xor eax, eax loc_00423dc7: add esp, 0x50 pop ebp pop edi pop esi pop ebx ret 0x10 loc_00423dd1: movzx ebp, di mov eax, edi shr eax, 0x10 and eax, 0xffff xor edi, edi mov di, ax cmp ebp, 0x1ec jl near loc_00423ebb ; jl 0x423ebb cmp ebp, 0x25a jg near loc_00423ebb ; jg 0x423ebb cmp edi, 9 jl near loc_00423ebb ; jl 0x423ebb cmp edi, 0x26 jg near loc_00423ebb ; jg 0x423ebb mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x1d push 0x6e push 9 push 0x1ec push 9 push 0x1ec mov eax, dword [ref_0048c270] ; mov eax, dword [0x48c270] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x17 push 0x223 mov eax, dword [ref_0048c270] ; mov eax, dword [0x48c270] add eax, 0x54 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov dword [esp + 0x40], 0x1ec mov dword [esp + 0x44], 9 mov dword [esp + 0x48], 0x25a mov dword [esp + 0x4c], 0x26 push 0 lea eax, [esp + 0x44] push eax mov eax, dword [esp + 0x6c] push eax call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov byte [ref_0048c284], 1 ; mov byte [0x48c284], 1 jmp near loc_00423dc5 ; jmp 0x423dc5 loc_00423ebb: cmp dword [ref_004753fc], 1 ; cmp dword [0x4753fc], 1 jne near loc_00424042 ; jne 0x424042 xor ebx, ebx mov esi, 0x78 jmp short loc_00423eda ; jmp 0x423eda loc_00423ed1: inc ebx add esi, 0x4b cmp ebx, 5 jge short loc_00423f36 ; jge 0x423f36 loc_00423eda: cmp byte [ref_0048c284], 0 ; cmp byte [0x48c284], 0 jne short loc_00423f36 ; jne 0x423f36 cmp ebp, esi jl short loc_00423ed1 ; jl 0x423ed1 lea eax, [esi + 0x4b] cmp ebp, eax jg short loc_00423ed1 ; jg 0x423ed1 cmp edi, 0x40 jl short loc_00423ed1 ; jl 0x423ed1 cmp edi, 0x61 jg short loc_00423ed1 ; jg 0x423ed1 cmp ebx, dword [ref_00475400] ; cmp ebx, dword [0x475400] je short loc_00423ed1 ; je 0x423ed1 mov dword [ref_00475400], ebx ; mov dword [0x475400], ebx call fcn_00423070 ; call 0x423070 push 0 mov edx, dword [ref_00475400] ; mov edx, dword [0x475400] push edx call fcn_004225a3 ; call 0x4225a3 add esp, 8 push 0 push 0 mov ecx, dword [esp + 0x6c] push ecx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] xor ch, ch mov byte [ref_0048c284], ch ; mov byte [0x48c284], ch jmp short loc_00423ed1 ; jmp 0x423ed1 loc_00423f36: cmp byte [ref_0048c284], 0 ; cmp byte [0x48c284], 0 jne near loc_00424042 ; jne 0x424042 cmp ebp, 0x251 jle near loc_00424042 ; jle 0x424042 cmp ebp, 0x26f jge near loc_00424042 ; jge 0x424042 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ebx, 0x251 mov dword [esp + 0x40], ebx mov dword [esp + 0x48], 0x26f cmp edi, 0x171 jle short loc_00423fd9 ; jle 0x423fd9 cmp edi, 0x18f jge short loc_00423fd9 ; jge 0x423fd9 mov eax, 0x171 mov dword [esp + 0x44], eax mov dword [esp + 0x4c], 0x18f push eax push ebx mov eax, dword [ref_0048c270] ; mov eax, dword [0x48c270] add eax, 0x60 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0 lea eax, [esp + 0x44] push eax mov ebx, dword [esp + 0x6c] push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov byte [ref_0048c284], 5 ; mov byte [0x48c284], 5 jmp short loc_00424032 ; jmp 0x424032 loc_00423fd9: cmp edi, 0x1a1 jle short loc_00424032 ; jle 0x424032 cmp edi, 0x1bf jge short loc_00424032 ; jge 0x424032 mov eax, 0x1a1 mov dword [esp + 0x44], eax mov dword [esp + 0x4c], 0x1dd push eax mov ecx, dword [esp + 0x44] push ecx mov eax, dword [ref_0048c270] ; mov eax, dword [0x48c270] add eax, 0x6c push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0 lea eax, [esp + 0x44] push eax mov esi, dword [esp + 0x6c] push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov byte [ref_0048c284], 6 ; mov byte [0x48c284], 6 loc_00424032: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall loc_00424042: xor ebx, ebx mov esi, 0x10 loc_00424049: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge near loc_004240d1 ; jge 0x4240d1 cmp byte [ref_0048c284], 0 ; cmp byte [0x48c284], 0 jne near loc_004240d1 ; jne 0x4240d1 mov cl, byte [ebx + ref_0048c278] ; mov cl, byte [ebx + 0x48c278] cmp cl, 0xff je short loc_004240d1 ; je 0x4240d1 cmp ebp, esi jl short loc_004240c8 ; jl 0x4240c8 lea eax, [esi + 0x58] cmp ebp, eax jg short loc_004240c8 ; jg 0x4240c8 cmp edi, 0xe jl short loc_004240c8 ; jl 0x4240c8 cmp edi, 0x2f jg short loc_004240c8 ; jg 0x4240c8 xor eax, eax mov al, cl cmp eax, dword [ref_0048c27c] ; cmp eax, dword [0x48c27c] je short loc_004240c8 ; je 0x4240c8 mov dword [ref_0048c27c], eax ; mov dword [0x48c27c], eax call fcn_00423070 ; call 0x423070 cmp dword [ref_004753fc], 1 ; cmp dword [0x4753fc], 1 jne short loc_004240b1 ; jne 0x4240b1 push 0 mov eax, dword [ref_00475400] ; mov eax, dword [0x475400] push eax call fcn_004225a3 ; call 0x4225a3 add esp, 8 loc_004240b1: push 0 push 0 mov edx, dword [esp + 0x6c] push edx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov byte [ref_0048c284], 7 ; mov byte [0x48c284], 7 loc_004240c8: inc ebx add esi, 0x58 jmp near loc_00424049 ; jmp 0x424049 loc_004240d1: xor ebx, ebx mov esi, 0x11a jmp near loc_00424163 ; jmp 0x424163 loc_004240dd: push 0 push 3 push 0x101010 push 0xc0c0c0 loc_004240eb: push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 lea eax, [esi + 0x15] push eax push 0x3d mov edx, dword [ebx*4 + ref_0047540c] ; mov edx, dword [ebx*4 + 0x47540c] push edx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov dword [esp + 0x40], 0xc mov dword [esp + 0x44], esi mov dword [esp + 0x48], 0x6d lea eax, [esi + 0x28] mov dword [esp + 0x4c], eax push 0 lea eax, [esp + 0x44] push eax mov edx, dword [esp + 0x6c] push edx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov al, bl add al, 2 mov byte [ref_0048c284], al ; mov byte [0x48c284], al loc_00424156: inc ebx add esi, 0x40 cmp ebx, 3 jge near loc_00423dc5 ; jge 0x423dc5 loc_00424163: cmp byte [ref_0048c284], 0 ; cmp byte [0x48c284], 0 jne near loc_00423dc5 ; jne 0x423dc5 cmp ebp, 0xc jl short loc_00424156 ; jl 0x424156 cmp ebp, 0x6d jg short loc_00424156 ; jg 0x424156 cmp edi, esi jl short loc_00424156 ; jl 0x424156 lea eax, [esi + 0x28] cmp edi, eax jg short loc_00424156 ; jg 0x424156 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push esi push 0xc mov eax, dword [ref_0048c270] ; mov eax, dword [0x48c270] add eax, 0x9c push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 cmp ebx, dword [ref_004753fc] ; cmp ebx, dword [0x4753fc] jne near loc_004240dd ; jne 0x4240dd push 0 push 3 push 0x101010 push 0xffffff jmp near loc_004240eb ; jmp 0x4240eb loc_004241d7: mov al, byte [ref_0048c284] ; mov al, byte [0x48c284] dec al cmp al, 5 ja near loc_00424359 ; ja 0x424359 and eax, 0xff jmp dword [eax*4 + ref_00423cdb] ; ujmp: jmp dword [eax*4 + 0x423cdb] loc_004241f2: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 call _Post_0402_Message ; call 0x401966 add esp, 4 jmp near loc_00424359 ; jmp 0x424359 loc_0042420b: xor eax, eax mov al, byte [ref_0048c284] ; mov al, byte [0x48c284] sub eax, 2 mov dword [ref_004753fc], eax ; mov dword [0x4753fc], eax call fcn_00423070 ; call 0x423070 cmp dword [ref_004753fc], 1 ; cmp dword [0x4753fc], 1 jne short loc_00424239 ; jne 0x424239 push 0 mov edi, dword [ref_00475400] ; mov edi, dword [0x475400] push edi call fcn_004225a3 ; call 0x4225a3 add esp, 8 loc_00424239: push 0 push 0 mov ebp, dword [esp + 0x6c] push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_00424359 ; jmp 0x424359 loc_0042424e: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov esi, 0x251 mov dword [esp + 0x40], esi mov dword [esp + 0x48], 0x26f mov ebp, 0x171 mov dword [esp + 0x44], ebp mov dword [esp + 0x4c], 0x18f push 0x1e push 0x1e push ebp push esi push ebp push esi mov eax, dword [ref_0048c270] ; mov eax, dword [0x48c270] add eax, 0x18 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax mov ecx, dword [esp + 0x6c] push ecx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 2 jmp short loc_0042434a ; jmp 0x42434a loc_004242cd: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov esi, 0x251 mov dword [esp + 0x40], esi mov dword [esp + 0x48], 0x26f mov ebp, 0x1a1 mov dword [esp + 0x44], ebp mov dword [esp + 0x4c], 0x1dd push 0x1e push 0x1e push ebp push esi push ebp push esi mov eax, dword [ref_0048c270] ; mov eax, dword [0x48c270] add eax, 0x18 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax mov ecx, dword [esp + 0x6c] push ecx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 1 loc_0042434a: mov ebx, dword [ref_00475400] ; mov ebx, dword [0x475400] push ebx call fcn_004225a3 ; call 0x4225a3 add esp, 8 loc_00424359: xor dl, dl mov byte [ref_0048c284], dl ; mov byte [0x48c284], dl jmp near loc_00423dc5 ; jmp 0x423dc5 loc_00424366: xor ebx, ebx mov word [ref_0048c285], bx ; mov word [0x48c285], bx jmp near loc_00423dc5 ; jmp 0x423dc5 loc_00424374: cmp dword [ref_004753fc], 1 ; cmp dword [0x4753fc], 1 jne near loc_00423dc5 ; jne 0x423dc5 cmp edx, 0x11 jne short loc_00424391 ; jne 0x424391 mov word [ref_0048c285], 0x1100 ; mov word [0x48c285], 0x1100 jmp short loc_00424398 ; jmp 0x424398 loc_00424391: or word [ref_0048c285], dx ; or word [0x48c285], dx loc_00424398: xor edx, edx mov dx, word [ref_0049719a] ; mov dx, word [0x49719a] xor eax, eax mov ax, word [ref_0048c285] ; mov ax, word [0x48c285] cmp eax, edx jne short loc_004243c4 ; jne 0x4243c4 mov byte [ref_0048c284], 5 ; mov byte [0x48c284], 5 push 0 push 0 push 0x202 mov esi, dword [esp + 0x70] push esi jmp short loc_004243e6 ; jmp 0x4243e6 loc_004243c4: xor edx, edx mov dx, word [ref_0049719c] ; mov dx, word [0x49719c] cmp eax, edx jne short loc_004243ed ; jne 0x4243ed mov byte [ref_0048c284], 6 ; mov byte [0x48c284], 6 push 0 push 0 push 0x202 mov ebx, dword [esp + 0x70] push ebx loc_004243e6: call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] loc_004243ed: cmp word [ref_0048c285], 0x1100 ; cmp word [0x48c285], 0x1100 je near loc_00423dc5 ; je 0x423dc5 xor eax, eax mov word [ref_0048c285], ax ; mov word [0x48c285], ax jmp near loc_00423dc5 ; jmp 0x423dc5 loc_00424409: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 call _Post_0402_Message ; call 0x401966 add esp, 4 jmp near loc_00423dc5 ; jmp 0x423dc5 loc_00424422: mov eax, esp push eax mov ebp, dword [esp + 0x68] push ebp call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ebx, [esp + 0xc] push ebx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [esp + 0x18] push ebx mov esi, dword [esp + 0x18] push esi push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push ebp call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_00423dc5 ; jmp 0x423dc5 loc_0042447e: push edi push edx push eax mov edi, dword [esp + 0x70] push edi call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_00423dc7 ; jmp 0x423dc7 query_user_ui: push ebx push esi push 0 push 0 push 9 mov edx, dword [ref_0048a05c] ; mov edx, dword [0x48a05c] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c270], eax ; mov dword [0x48c270], eax push 0 push 0 push 0x4a mov ecx, dword [ref_0048a05c] ; mov ecx, dword [0x48a05c] push ecx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c274], eax ; mov dword [0x48c274], eax push 0 push fcn_00423cf3 ; push 0x423cf3 call _Wait_0402_Message ; call 0x4018e7 add esp, 8 push 1 call fcn_0041906a ; call 0x41906a add esp, 4 mov ebx, dword [ref_0048c270] ; mov ebx, dword [0x48c270] push ebx call clib_free ; call 0x456e11 add esp, 4 mov esi, dword [ref_0048c274] ; mov esi, dword [0x48c274] push esi call clib_free ; call 0x456e11 add esp, 4 pop esi pop ebx ret fcn_00424502: push ebx push esi push edi push ebp mov ebx, dword [esp + 0x18] test ebx, ebx jne short loc_00424515 ; jne 0x424515 mov ebx, 0x2a jmp short loc_0042451a ; jmp 0x42451a loc_00424515: mov ebx, 0xc4 loc_0042451a: mov dword [ref_0048c288], 0xe3 ; mov dword [0x48c288], 0xe3 mov dword [ref_0048c28c], ebx ; mov dword [0x48c28c], ebx mov dword [ref_0048c290], 0x19d ; mov dword [0x48c290], 0x19d lea eax, [ebx + 0x58] mov dword [ref_0048c294], eax ; mov dword [0x48c294], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax push 0x58 push 0xba push ebx push 0xe3 push 0 push ref_0046caec ; push 0x46caec call fcn_00451a97 ; call 0x451a97 add esp, 0x18 mov dword [ref_0048c2b0], eax ; mov dword [0x48c2b0], eax push ebx push 0xe3 mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0x48 push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 1 push 2 push 0 push 0x101010 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 4 add ebx, 0x2c push ebx push 0x140 mov edi, dword [esp + 0x20] push edi push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push ref_0048c288 ; push 0x48c288 call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 push ref_0048c288 ; push 0x48c288 mov ebp, dword [ref_0048a0e0] ; mov ebp, dword [0x48a0e0] push ebp mov ecx, dword [ref_0048c28c] ; mov ecx, dword [0x48c28c] push ecx mov ebx, dword [ref_0048c288] ; mov ebx, dword [0x48c288] push ebx push eax call dword [edx + 0x1c] ; ucall push ref_0048c288 ; push 0x48c288 call fcn_00402250 ; call 0x402250 add esp, 4 pop ebp pop edi pop esi pop ebx ret fcn_00424620: push ebx push edi push ebp mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax mov edx, dword [ref_0048c28c] ; mov edx, dword [0x48c28c] push edx mov ecx, dword [ref_0048c288] ; mov ecx, dword [0x48c288] push ecx mov ebx, dword [ref_0048c2b0] ; mov ebx, dword [0x48c2b0] push ebx push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov edi, dword [ref_0048c2b0] ; mov edi, dword [0x48c2b0] push edi call clib_free ; call 0x456e11 add esp, 4 push ref_0048c288 ; push 0x48c288 call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 push ref_0048c288 ; push 0x48c288 mov ebp, dword [ref_0048a0e0] ; mov ebp, dword [0x48a0e0] push ebp mov ecx, dword [ref_0048c28c] ; mov ecx, dword [0x48c28c] push ecx mov ebx, dword [ref_0048c288] ; mov ebx, dword [0x48c288] push ebx push eax call dword [edx + 0x1c] ; ucall push ref_0048c288 ; push 0x48c288 call fcn_00402250 ; call 0x402250 add esp, 4 pop ebp pop edi pop ebx ret fcn_004246c5: push ebx push esi push edi push ebp mov edi, dword [esp + 0x14] mov esi, dword [esp + 0x1c] xor edx, edx jmp short loc_004246df ; jmp 0x4246df loc_004246d5: inc edx cmp edx, 7 jge near loc_004247d0 ; jge 0x4247d0 loc_004246df: imul ebx, edi, 0x54 mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 add eax, ebx mov bl, byte [eax + ref_004967e0] ; mov bl, byte [eax + 0x4967e0] test bl, bl je short loc_00424712 ; je 0x424712 xor ecx, ecx mov cl, bl cmp ecx, dword [esp + 0x18] jne short loc_004246d5 ; jne 0x4246d5 mov ax, word [eax + ref_004967e2] ; mov ax, word [eax + 0x4967e2] and eax, 0xffff cmp eax, esi jne short loc_004246d5 ; jne 0x4246d5 loc_00424712: imul ebx, edi, 0x54 mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 add eax, ebx mov bl, byte [esp + 0x18] mov byte [eax + ref_004967e0], bl ; mov byte [eax + 0x4967e0], bl xor bh, bh mov byte [eax + ref_004967e1], bh ; mov byte [eax + 0x4967e1], bh mov word [eax + ref_004967e2], si ; mov word [eax + 0x4967e2], si mov ecx, dword [esp + 0x20] mov dword [eax + ref_004967e4], ecx ; mov dword [eax + 0x4967e4], ecx mov ebp, dword [esp + 0x18] cmp ebp, 1 jne short loc_0042475d ; jne 0x42475d mov edx, dword [esp + 0x24] mov word [eax + ref_004967e8], dx ; mov word [eax + 0x4967e8], dx pop ebp pop edi pop esi pop ebx ret loc_0042475d: cmp ebp, 2 jne short loc_004247d0 ; jne 0x4247d0 cmp esi, 0x7d0 jle short loc_0042479a ; jle 0x42479a cmp esi, 0xfa0 jge short loc_0042479a ; jge 0x42479a sub esi, 0x7d0 imul edx, esi, 0x34 mov ecx, dword [ref_00498e84] ; mov ecx, dword [0x498e84] mov bl, byte [ecx + edx + 0x18] mov byte [eax + ref_004967ea], bl ; mov byte [eax + 0x4967ea], bl mov dl, byte [ecx + edx + 0x1a] mov byte [eax + ref_004967eb], dl ; mov byte [eax + 0x4967eb], dl pop ebp pop edi pop esi pop ebx ret loc_0042479a: lea eax, [esi - 0xfa0] shl eax, 3 mov ecx, eax shl eax, 3 sub eax, ecx mov ecx, dword [ref_00498e88] ; mov ecx, dword [0x498e88] add ecx, eax imul edi, edi, 0x54 mov eax, edx shl eax, 2 sub eax, edx mov dl, byte [ecx + 0x18] mov byte [edi + eax*4 + ref_004967ea], dl ; mov byte [edi + eax*4 + 0x4967ea], dl mov dl, byte [ecx + 0x1a] mov byte [edi + eax*4 + ref_004967eb], dl ; mov byte [edi + eax*4 + 0x4967eb], dl loc_004247d0: pop ebp pop edi pop esi pop ebx ret fcn_004247d5: push ebx mov ecx, dword [esp + 0xc] mov ebx, 6 sub ebx, ecx mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 push eax imul ebx, dword [esp + 0xc], 0x54 add ebx, ref_004967e0 ; add ebx, 0x4967e0 lea edx, [ecx + 1] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 add eax, ebx push eax mov eax, ecx shl eax, 2 sub eax, ecx shl eax, 2 add eax, ebx push eax call _memcpy ; call 0x456de8 add esp, 0xc push 0xc push 0 add ebx, 0x48 push ebx call memset ; call 0x456f60 add esp, 0xc pop ebx ret ref_0042482e: ; may contain a jump table dd loc_0042485e dd loc_00424897 dd loc_00424934 dd loc_00424993 fcn_0042483e: push ebx push esi push edi push ebp sub esp, 0xc xor ebx, ebx loc_00424847: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge near loc_004249ba ; jge 0x4249ba xor ebp, ebp xor esi, esi xor edi, edi jmp near loc_0042496a ; jmp 0x42496a loc_0042485e: xor edx, edx mov dx, word [eax + ref_004967e2] ; mov dx, word [eax + 0x4967e2] shl edx, 3 mov dword [esp], edx mov edx, ebx shl edx, 2 sub edx, ebx shl edx, 5 add edx, dword [esp] mov ax, word [eax + ref_004967e8] ; mov ax, word [eax + 0x4967e8] and eax, 0xffff cmp eax, dword [edx + _player_stocks] ; cmp eax, dword [edx + 0x4971a0] jle near loc_004249ad ; jle 0x4249ad jmp near loc_00424955 ; jmp 0x424955 loc_00424897: xor edx, edx mov dx, word [eax + ref_004967e2] ; mov dx, word [eax + 0x4967e2] cmp edx, 0x7d0 jle short loc_004248f9 ; jle 0x4248f9 cmp edx, 0xfa0 jge short loc_004248f9 ; jge 0x4248f9 sub edx, 0x7d0 imul edx, edx, 0x34 mov ecx, dword [ref_00498e84] ; mov ecx, dword [0x498e84] add edx, ecx xor ecx, ecx mov cl, byte [edx + 0x19] mov dword [esp], ecx lea ecx, [ebx + 1] mov dword [esp + 4], ecx mov ecx, dword [esp] cmp ecx, dword [esp + 4] jne near loc_00424955 ; jne 0x424955 loc_004248dd: mov cl, byte [edx + 0x18] cmp cl, byte [eax + ref_004967ea] ; cmp cl, byte [eax + 0x4967ea] jne short loc_00424955 ; jne 0x424955 mov dl, byte [edx + 0x1a] cmp dl, byte [eax + ref_004967eb] ; cmp dl, byte [eax + 0x4967eb] je near loc_004249ad ; je 0x4249ad jmp short loc_00424955 ; jmp 0x424955 loc_004248f9: lea eax, [edx - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] add edx, eax xor eax, eax mov al, byte [edx + 0x19] lea ecx, [ebx + 1] cmp eax, ecx jne short loc_00424955 ; jne 0x424955 imul eax, ebx, 0x54 mov dword [esp + 8], eax mov eax, esi shl eax, 2 sub eax, esi shl eax, 2 add eax, dword [esp + 8] jmp short loc_004248dd ; jmp 0x4248dd loc_00424934: xor ecx, ecx mov cx, word [eax + ref_004967e2] ; mov cx, word [eax + 0x4967e2] mov eax, ebx shl eax, 2 add eax, ebx mov edx, eax shl eax, 2 sub eax, edx cmp byte [ecx + eax + ref_0049915b], 0 ; cmp byte [ecx + eax + 0x49915b], 0 loc_00424953: jne short loc_004249ad ; jne 0x4249ad loc_00424955: push esi push ebx call fcn_004247d5 ; call 0x4247d5 add esp, 8 mov edi, 1 loc_00424964: inc ebp cmp ebp, 7 jge short loc_004249b4 ; jge 0x4249b4 loc_0042496a: imul ecx, ebx, 0x54 mov eax, esi shl eax, 2 sub eax, esi shl eax, 2 add eax, ecx mov dl, byte [eax + ref_004967e0] ; mov dl, byte [eax + 0x4967e0] dec dl cmp dl, 3 ja short loc_004249ad ; ja 0x4249ad and edx, 0xff jmp dword [edx*4 + ref_0042482e] ; ujmp: jmp dword [edx*4 + 0x42482e] loc_00424993: mov ax, word [eax + ref_004967e2] ; mov ax, word [eax + 0x4967e2] and eax, 0xffff push eax push ebx call fcn_004413ad ; call 0x4413ad add esp, 8 test eax, eax jmp short loc_00424953 ; jmp 0x424953 loc_004249ad: test edi, edi jne short loc_00424964 ; jne 0x424964 inc esi jmp short loc_00424964 ; jmp 0x424964 loc_004249b4: inc ebx jmp near loc_00424847 ; jmp 0x424847 loc_004249ba: add esp, 0xc pop ebp pop edi pop esi pop ebx ret fcn_004249c2: push ebx push esi push edi push ebp sub esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x42 push 0x16 mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 xor edi, edi mov ebp, 0x72 loc_00424a02: cmp edi, dword [_nplayers] ; cmp edi, dword [0x499114] jge near loc_00424a87 ; jge 0x424a87 xor ebx, ebx mov esi, 0x68 jmp short loc_00424a1d ; jmp 0x424a1d loc_00424a17: inc ebx cmp ebx, 7 jge short loc_00424a7e ; jge 0x424a7e loc_00424a1d: imul ecx, edi, 0x54 mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 add eax, ecx cmp byte [eax + ref_004967e0], 0 ; cmp byte [eax + 0x4967e0], 0 je short loc_00424a17 ; je 0x424a17 xor edx, edx mov dl, byte [eax + ref_004967e0] ; mov dl, byte [eax + 0x4967e0] imul eax, edi, 0x68 mov al, byte [eax + (_players+20)] ; mov al, byte [eax + 0x496b7c] and eax, 0xff shl eax, 2 add edx, eax add edx, 8 push ebp push esi mov ecx, dword [ref_0048c298] ; mov ecx, dword [0x48c298] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 add ecx, 0xc add eax, ecx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 add esi, 0x48 jmp short loc_00424a17 ; jmp 0x424a17 loc_00424a7e: inc edi add ebp, 0x48 jmp near loc_00424a02 ; jmp 0x424a02 loc_00424a87: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov dword [esp], 0x16 mov dword [esp + 4], 0x42 mov dword [esp + 8], 0x26a mov dword [esp + 0xc], 0x19e push 0 lea eax, [esp + 4] push eax mov edi, dword [_gWindowHandle] ; mov edi, dword [0x48a0d4] push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] add esp, 0x10 pop ebp pop edi pop esi pop ebx ret endloc_00424ad3: db 0x8d db 0x40 db 0x00 ref_00424ad6: ; may contain a jump table dd loc_00424c62 dd loc_00424f5f dd loc_004250fe dd loc_004252a0 dd loc_0042540c fcn_00424aea: push ebx push esi push edi push ebp sub esp, 0x9c mov edi, dword [esp + 0xb0] mov ebx, dword [esp + 0xb4] mov esi, 0x70 cmp edi, dword [ref_004754c2] ; cmp edi, dword [0x4754c2] je short loc_00424b24 ; je 0x424b24 push edi mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_00423b3b ; call 0x423b3b add esp, 8 mov dword [ref_0048c2b4], eax ; mov dword [0x48c2b4], eax loc_00424b24: push 0 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax push eax call fcn_00419744 ; call 0x419744 add esp, 8 mov ebp, eax cmp ebx, 1 jb short loc_00424b45 ; jb 0x424b45 jbe short loc_00424b51 ; jbe 0x424b51 cmp ebx, 2 je short loc_00424b67 ; je 0x424b67 jmp short loc_00424b7d ; jmp 0x424b7d loc_00424b45: test ebx, ebx jne short loc_00424b7d ; jne 0x424b7d mov dword [ref_004754ba], ebx ; mov dword [0x4754ba], ebx jmp short loc_00424b7d ; jmp 0x424b7d loc_00424b51: mov eax, dword [ref_004754ba] ; mov eax, dword [0x4754ba] add eax, 0xb cmp eax, dword [ref_0048c2b4] ; cmp eax, dword [0x48c2b4] jge near loc_004255be ; jge 0x4255be jmp short loc_00424b78 ; jmp 0x424b78 loc_00424b67: mov ebx, dword [ref_004754ba] ; mov ebx, dword [0x4754ba] test ebx, ebx je near loc_004255be ; je 0x4255be lea eax, [ebx - 0xb] loc_00424b78: mov dword [ref_004754ba], eax ; mov dword [0x4754ba], eax loc_00424b7d: mov eax, dword [ref_004754ba] ; mov eax, dword [0x4754ba] add eax, 0xb mov ebx, dword [ref_0048c2b4] ; mov ebx, dword [0x48c2b4] cmp eax, ebx jle short loc_00424ba0 ; jle 0x424ba0 mov eax, ebx mov edx, dword [ref_004754ba] ; mov edx, dword [0x4754ba] sub eax, edx mov dword [ref_004754be], eax ; mov dword [0x4754be], eax jmp short loc_00424baa ; jmp 0x424baa loc_00424ba0: mov dword [ref_004754be], 0xb ; mov dword [0x4754be], 0xb loc_00424baa: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x20 push 0x70 mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0x24 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x20 mov ebx, edi shl ebx, 2 add ebx, edi shl ebx, 4 lea eax, [ebx + 0x70] push eax mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0xf0 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 1 push 2 push 0 push 0x101010 push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0x30 add ebx, 0x98 push ebx mov ebx, edi shl ebx, 2 mov edx, dword [ebx + ref_004753d4] ; mov edx, dword [ebx + 0x4753d4] push edx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 cmp edi, 4 ja near loc_00425563 ; ja 0x425563 jmp dword [ebx + ref_00424ad6] ; ujmp: jmp dword [ebx + 0x424ad6] loc_00424c62: xor edi, edi loc_00424c64: cmp edi, dword [ref_004754be] ; cmp edi, dword [0x4754be] jge near loc_00425563 ; jge 0x425563 mov eax, dword [ref_004754ba] ; mov eax, dword [0x4754ba] add eax, edi add eax, eax mov dx, word [eax + ref_0048be70] ; mov dx, word [eax + 0x48be70] cmp dx, 0xfa0 jae near loc_00424e06 ; jae 0x424e06 mov eax, edx and eax, 0xffff sub eax, 0x7d0 imul eax, eax, 0x34 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] add ebx, eax push 2 push esi movsx eax, word [ref_004754b0] ; movsx eax, word [0x4754b0] push eax lea eax, [ebx + 4] mov dword [esp + 0xa0], eax push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 cmp byte [ebx + 0x18], 0 jne short loc_00424d03 ; jne 0x424d03 push 2 push esi movsx eax, word [ref_004754b2] ; movsx eax, word [0x4754b2] push eax xor eax, eax mov al, byte [ebx + 0x1a] mov edx, dword [eax*4 + ref_00475138] ; mov edx, dword [eax*4 + 0x475138] push edx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov ecx, dword [esp + 0x94] push ecx xor eax, eax mov al, byte [ebx + 0x19] push eax call fcn_00419744 ; call 0x419744 add esp, 8 push eax jmp short loc_00424d1e ; jmp 0x424d1e loc_00424d03: push 2 push esi movsx eax, word [ref_004754b2] ; movsx eax, word [0x4754b2] push eax push ref_00463e30 ; push 0x463e30 push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push ebp loc_00424d1e: lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi movsx eax, word [ref_004754b6] ; movsx eax, word [0x4754b6] add eax, 0x1d push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor edx, edx mov dx, word [ebx + 0x1e] xor eax, eax mov al, byte [ebx + 0x1a] imul eax, edx xor edx, edx mov dx, word [ebx + 0x1c] add eax, edx imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] push eax lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi movsx eax, word [ref_004754b4] ; movsx eax, word [0x4754b4] add eax, 0x21 push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov ecx, dword [ebx + 0x30] test ecx, ecx je short loc_00424df0 ; je 0x424df0 mov eax, ecx shr eax, 0x10 mov ecx, 0x64 xor edx, edx div ecx mov eax, dword [ebx + 0x30] shr eax, 8 and eax, 0xf mov dword [esp + 0x90], eax mov eax, dword [ebx + 0x30] loc_00424db8: and eax, 0xff push eax mov ebx, dword [esp + 0x94] push ebx push edx push ref_00463e37 ; push 0x463e37 lea eax, [esp + 0x10] push eax call fcn_00457110 ; call 0x457110 add esp, 0x14 push 2 push esi movsx eax, word [ref_004754b8] ; movsx eax, word [0x4754b8] push eax lea eax, [esp + 0xc] push eax push 0 jmp near loc_00424f4e ; jmp 0x424f4e loc_00424df0: push 2 push esi movsx eax, word [ref_004754b8] ; movsx eax, word [0x4754b8] push eax push ref_00463e42 ; push 0x463e42 push ecx jmp near loc_00424f4e ; jmp 0x424f4e loc_00424e06: mov eax, edx and eax, 0xffff sub eax, 0xfa0 shl eax, 3 mov ebx, eax shl eax, 3 sub eax, ebx mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] add ebx, eax push 2 push esi movsx eax, word [ref_004754b0] ; movsx eax, word [0x4754b0] push eax lea eax, [ebx + 4] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 cmp byte [ebx + 0x1a], 0 je short loc_00424e5d ; je 0x424e5d push 2 push esi movsx eax, word [ref_004754b2] ; movsx eax, word [0x4754b2] push eax xor eax, eax mov al, byte [ebx + 0x18] mov edx, dword [eax*4 + ref_00475150] ; mov edx, dword [eax*4 + 0x475150] push edx jmp short loc_00424e6d ; jmp 0x424e6d loc_00424e5d: push 2 push esi movsx eax, word [ref_004754b2] ; movsx eax, word [0x4754b2] push eax push ref_00463e49 ; push 0x463e49 loc_00424e6d: push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor eax, eax mov ax, word [ebx + 0x24] xor edx, edx mov dl, byte [ebx + 0x1a] imul eax, edx xor edx, edx mov dx, word [ebx + 0x22] add eax, edx imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] push eax lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi movsx eax, word [ref_004754b4] ; movsx eax, word [0x4754b4] add eax, 0x21 push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 cmp byte [ebx + 0x18], 0 je short loc_00424ee3 ; je 0x424ee3 cmp byte [ebx + 0x1a], 0 je short loc_00424ee3 ; je 0x424ee3 xor eax, eax mov al, byte [ebx + 0x1a] mov ax, word [ebx + eax*2 + 0x24] and eax, 0xffff imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] jmp short loc_00424ee5 ; jmp 0x424ee5 loc_00424ee3: xor eax, eax loc_00424ee5: push eax lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi movsx eax, word [ref_004754b6] ; movsx eax, word [0x4754b6] add eax, 0x1d push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov ecx, dword [ebx + 0x34] test ecx, ecx je short loc_00424f3d ; je 0x424f3d mov eax, ecx shr eax, 0x10 mov ecx, 0x64 xor edx, edx div ecx mov eax, dword [ebx + 0x34] shr eax, 8 and eax, 0xf mov dword [esp + 0x90], eax mov eax, dword [ebx + 0x34] jmp near loc_00424db8 ; jmp 0x424db8 loc_00424f3d: push 2 push esi movsx eax, word [ref_004754b8] ; movsx eax, word [0x4754b8] push eax push ref_00463e42 ; push 0x463e42 push ecx loc_00424f4e: call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc edi add esi, 0x20 jmp near loc_00424c64 ; jmp 0x424c64 loc_00424f5f: xor edi, edi loc_00424f61: cmp edi, dword [ref_004754be] ; cmp edi, dword [0x4754be] jge near loc_00425563 ; jge 0x425563 mov eax, dword [ref_004754ba] ; mov eax, dword [0x4754ba] add eax, edi mov ax, word [eax*2 + ref_0048be70] ; mov ax, word [eax*2 + 0x48be70] and eax, 0xffff sub eax, 0x7d0 imul eax, eax, 0x34 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] add ebx, eax push 2 push esi movsx eax, word [ref_004754b0] ; movsx eax, word [0x4754b0] push eax lea eax, [ebx + 4] mov dword [esp + 0xa4], eax push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 cmp byte [ebx + 0x18], 0 jne short loc_00424ff2 ; jne 0x424ff2 push 2 push esi movsx eax, word [ref_004754b2] ; movsx eax, word [0x4754b2] push eax xor eax, eax mov al, byte [ebx + 0x1a] mov ecx, dword [eax*4 + ref_00475138] ; mov ecx, dword [eax*4 + 0x475138] push ecx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [esp + 0x98] push eax xor eax, eax mov al, byte [ebx + 0x19] push eax call fcn_00419744 ; call 0x419744 add esp, 8 push eax jmp short loc_0042500d ; jmp 0x42500d loc_00424ff2: push 2 push esi movsx eax, word [ref_004754b2] ; movsx eax, word [0x4754b2] push eax push ref_00463e30 ; push 0x463e30 push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push ebp loc_0042500d: lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi movsx eax, word [ref_004754b6] ; movsx eax, word [0x4754b6] add eax, 0x1d push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor edx, edx mov dx, word [ebx + 0x1e] xor eax, eax mov al, byte [ebx + 0x1a] imul eax, edx xor edx, edx mov dx, word [ebx + 0x1c] add eax, edx imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] push eax lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi movsx eax, word [ref_004754b4] ; movsx eax, word [0x4754b4] add eax, 0x21 push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov ecx, dword [ebx + 0x30] test ecx, ecx je short loc_004250dc ; je 0x4250dc mov eax, ecx shr eax, 0x10 mov ecx, 0x64 xor edx, edx div ecx mov eax, dword [ebx + 0x30] shr eax, 8 and eax, 0xf mov dword [esp + 0x90], eax mov eax, dword [ebx + 0x30] and eax, 0xff push eax mov ebx, dword [esp + 0x94] push ebx push edx push ref_00463e37 ; push 0x463e37 lea eax, [esp + 0x10] push eax call fcn_00457110 ; call 0x457110 add esp, 0x14 push 2 push esi movsx eax, word [ref_004754b8] ; movsx eax, word [0x4754b8] push eax lea eax, [esp + 0xc] push eax push 0 jmp short loc_004250ed ; jmp 0x4250ed loc_004250dc: push 2 push esi movsx eax, word [ref_004754b8] ; movsx eax, word [0x4754b8] push eax push ref_00463e42 ; push 0x463e42 push ecx loc_004250ed: call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc edi add esi, 0x20 jmp near loc_00424f61 ; jmp 0x424f61 loc_004250fe: xor edi, edi loc_00425100: cmp edi, dword [ref_004754be] ; cmp edi, dword [0x4754be] jge near loc_00425563 ; jge 0x425563 mov eax, dword [ref_004754ba] ; mov eax, dword [0x4754ba] add eax, edi mov ax, word [eax*2 + ref_0048be70] ; mov ax, word [eax*2 + 0x48be70] and eax, 0xffff sub eax, 0xfa0 shl eax, 3 mov ebx, eax shl eax, 3 sub eax, ebx mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] add ebx, eax push 2 push esi movsx eax, word [ref_004754b0] ; movsx eax, word [0x4754b0] push eax lea eax, [ebx + 4] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 cmp byte [ebx + 0x1a], 0 je short loc_00425170 ; je 0x425170 push 2 push esi movsx eax, word [ref_004754b2] ; movsx eax, word [0x4754b2] push eax xor eax, eax mov al, byte [ebx + 0x18] mov ecx, dword [eax*4 + ref_00475150] ; mov ecx, dword [eax*4 + 0x475150] push ecx jmp short loc_00425180 ; jmp 0x425180 loc_00425170: push 2 push esi movsx eax, word [ref_004754b2] ; movsx eax, word [0x4754b2] push eax push ref_00463e49 ; push 0x463e49 loc_00425180: push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor edx, edx mov dx, word [ebx + 0x24] xor eax, eax mov al, byte [ebx + 0x1a] imul edx, eax xor eax, eax mov ax, word [ebx + 0x22] add eax, edx imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] push eax lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi movsx eax, word [ref_004754b4] ; movsx eax, word [0x4754b4] add eax, 0x21 push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 cmp byte [ebx + 0x18], 0 je short loc_004251f6 ; je 0x4251f6 mov dh, byte [ebx + 0x1a] test dh, dh je short loc_004251f6 ; je 0x4251f6 xor eax, eax mov al, dh mov ax, word [ebx + eax*2 + 0x24] and eax, 0xffff imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] jmp short loc_004251f8 ; jmp 0x4251f8 loc_004251f6: xor eax, eax loc_004251f8: push eax lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi movsx eax, word [ref_004754b6] ; movsx eax, word [0x4754b6] add eax, 0x1d push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov ecx, dword [ebx + 0x34] test ecx, ecx je short loc_0042527e ; je 0x42527e mov eax, ecx shr eax, 0x10 mov ebp, 0x64 xor edx, edx div ebp mov eax, ecx shr eax, 8 and eax, 0xf mov dword [esp + 0x90], eax mov eax, ecx and eax, 0xff push eax mov ebx, dword [esp + 0x94] push ebx push edx push ref_00463e37 ; push 0x463e37 lea eax, [esp + 0x10] push eax call fcn_00457110 ; call 0x457110 add esp, 0x14 push 2 push esi movsx eax, word [ref_004754b8] ; movsx eax, word [0x4754b8] push eax lea eax, [esp + 0xc] push eax push 0 jmp short loc_0042528f ; jmp 0x42528f loc_0042527e: push 2 push esi movsx eax, word [ref_004754b8] ; movsx eax, word [0x4754b8] push eax push ref_00463e42 ; push 0x463e42 push ecx loc_0042528f: call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc edi add esi, 0x20 jmp near loc_00425100 ; jmp 0x425100 loc_004252a0: xor edi, edi loc_004252a2: cmp edi, dword [ref_004754be] ; cmp edi, dword [0x4754be] jge near loc_00425563 ; jge 0x425563 mov eax, dword [ref_004754ba] ; mov eax, dword [0x4754ba] add eax, edi mov ax, word [eax*2 + ref_0048be70] ; mov ax, word [eax*2 + 0x48be70] and eax, 0xffff sub eax, 0x7d0 imul eax, eax, 0x34 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] add ebx, eax push 2 push esi movsx eax, word [ref_004754b0] ; movsx eax, word [0x4754b0] push eax lea ebp, [ebx + 4] push ebp push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push esi movsx eax, word [ref_004754b2] ; movsx eax, word [0x4754b2] push eax xor eax, eax mov al, byte [ebx + 0x1a] mov edx, dword [eax*4 + ref_00475138] ; mov edx, dword [eax*4 + 0x475138] push edx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor eax, eax mov ax, word [ebx + 0x1e] xor edx, edx mov dl, byte [ebx + 0x1a] imul eax, edx xor edx, edx mov dx, word [ebx + 0x1c] add eax, edx imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] push eax lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi movsx eax, word [ref_004754b4] ; movsx eax, word [0x4754b4] add eax, 0x21 push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push ebp xor eax, eax mov al, byte [ebx + 0x19] push eax call fcn_00419744 ; call 0x419744 add esp, 8 push eax lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi movsx eax, word [ref_004754b6] ; movsx eax, word [0x4754b6] add eax, 0x1d push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov ebp, dword [ebx + 0x30] test ebp, ebp je short loc_004253ea ; je 0x4253ea mov eax, ebp shr eax, 0x10 mov ecx, 0x64 xor edx, edx div ecx mov eax, ebp shr eax, 8 and eax, 0xf mov dword [esp + 0x90], eax mov eax, ebp and eax, 0xff push eax mov eax, dword [esp + 0x94] push eax push edx push ref_00463e37 ; push 0x463e37 lea eax, [esp + 0x10] push eax call fcn_00457110 ; call 0x457110 add esp, 0x14 push 2 push esi movsx eax, word [ref_004754b8] ; movsx eax, word [0x4754b8] push eax lea eax, [esp + 0xc] push eax push 0 jmp short loc_004253fb ; jmp 0x4253fb loc_004253ea: push 2 push esi movsx eax, word [ref_004754b8] ; movsx eax, word [0x4754b8] push eax push ref_00463e42 ; push 0x463e42 push ebp loc_004253fb: call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc edi add esi, 0x20 jmp near loc_004252a2 ; jmp 0x4252a2 loc_0042540c: xor edi, edi loc_0042540e: cmp edi, dword [ref_004754be] ; cmp edi, dword [0x4754be] jge near loc_00425563 ; jge 0x425563 mov eax, dword [ref_004754ba] ; mov eax, dword [0x4754ba] add eax, edi mov ax, word [eax*2 + ref_0048be70] ; mov ax, word [eax*2 + 0x48be70] and eax, 0xffff sub eax, 0x7d0 imul eax, eax, 0x34 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] add ebx, eax push 2 push esi movsx eax, word [ref_004754b0] ; movsx eax, word [0x4754b0] push eax lea eax, [ebx + 4] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push esi movsx eax, word [ref_004754b2] ; movsx eax, word [0x4754b2] push eax push ref_00463e30 ; push 0x463e30 push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor edx, edx mov dx, word [ebx + 0x1e] xor eax, eax mov al, byte [ebx + 0x1a] imul eax, edx xor edx, edx mov dx, word [ebx + 0x1c] add eax, edx imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] push eax lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi movsx eax, word [ref_004754b4] ; movsx eax, word [0x4754b4] add eax, 0x21 push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push ebp lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi movsx eax, word [ref_004754b6] ; movsx eax, word [0x4754b6] add eax, 0x1d push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov ecx, dword [ebx + 0x30] test ecx, ecx je short loc_00425541 ; je 0x425541 mov eax, ecx shr eax, 0x10 mov ecx, 0x64 xor edx, edx div ecx mov eax, dword [ebx + 0x30] shr eax, 8 and eax, 0xf mov dword [esp + 0x90], eax mov eax, dword [ebx + 0x30] and eax, 0xff push eax mov ebx, dword [esp + 0x94] push ebx push edx push ref_00463e37 ; push 0x463e37 lea eax, [esp + 0x10] push eax call fcn_00457110 ; call 0x457110 add esp, 0x14 push 2 push esi movsx eax, word [ref_004754b8] ; movsx eax, word [0x4754b8] push eax lea eax, [esp + 0xc] push eax push 0 jmp short loc_00425552 ; jmp 0x425552 loc_00425541: push 2 push esi movsx eax, word [ref_004754b8] ; movsx eax, word [0x4754b8] push eax push ref_00463e42 ; push 0x463e42 push ecx loc_00425552: call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc edi add esi, 0x20 jmp near loc_0042540e ; jmp 0x42540e loc_00425563: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov esi, 0x70 mov dword [esp + 0x80], esi mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] movsx eax, word [eax + 0x24] add eax, esi mov dword [esp + 0x88], eax mov dword [esp + 0x84], 0x61 mov dword [esp + 0x8c], 0x1bf push 0 lea eax, [esp + 0x84] push eax mov eax, dword [_gWindowHandle] ; mov eax, dword [0x48a0d4] push eax call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_004255be: add esp, 0x9c pop ebp pop edi pop esi pop ebx ret endloc_004255c9: db 0x90 ref_004255ca: ; may contain a jump table dd loc_0042565c dd loc_0042577d dd loc_004257d2 dd loc_00425841 fcn_004255da: push ebx push esi push edi push ebp sub esp, 8 mov esi, dword [esp + 0x1c] mov ebp, dword [esp + 0x20] imul ebx, esi, 0x54 mov eax, ebp shl eax, 2 sub eax, ebp shl eax, 2 add ebx, eax mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] imul edx, ecx, 0x68 mov eax, dword [edx + (_players+28)] ; mov eax, dword [edx + 0x496b84] cmp eax, dword [ebx + ref_004967e4] ; cmp eax, dword [ebx + 0x4967e4] jge short loc_00425640 ; jge 0x425640 cmp byte [edx + (_players+21)], 1 ; cmp byte [edx + 0x496b7d], 1 jne short loc_00425639 ; jne 0x425639 push 1 push ref_00463e50 ; push 0x463e50 loc_0042561f: call fcn_00424502 ; call 0x424502 add esp, 8 push 0x5dc call fcn_004528b9 ; call 0x4528b9 add esp, 4 call fcn_00424620 ; call 0x424620 loc_00425639: xor eax, eax jmp near loc_004258b9 ; jmp 0x4258b9 loc_00425640: mov al, byte [ebx + ref_004967e0] ; mov al, byte [ebx + 0x4967e0] dec al cmp al, 3 ja near loc_004258b4 ; ja 0x4258b4 and eax, 0xff jmp dword [eax*4 + ref_004255ca] ; ujmp: jmp dword [eax*4 + 0x4255ca] loc_0042565c: xor ecx, ecx mov cx, word [ebx + ref_004967e2] ; mov cx, word [ebx + 0x4967e2] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 sub eax, edx shl eax, 5 mov edi, ecx shl edi, 3 fild dword [edi + eax + _player_stocks] ; fild dword [edi + eax + 0x4971a0] fmul dword [edi + eax + (_player_stocks + 4)] ; fmul dword [edi + eax + 0x4971a4] call fcn_00457dbc ; call 0x457dbc fistp dword [esp] xor edx, edx mov dx, word [ebx + ref_004967e8] ; mov dx, word [ebx + 0x4967e8] add dword [edi + eax + _player_stocks], edx ; add dword [edi + eax + 0x4971a0], edx mov eax, esi shl eax, 2 sub eax, esi shl eax, 5 add eax, edi mov edi, dword [eax + _player_stocks] ; mov edi, dword [eax + 0x4971a0] sub edi, edx mov dword [eax + _player_stocks], edi ; mov dword [eax + 0x4971a0], edi jne short loc_004256c2 ; jne 0x4256c2 mov dword [eax + (_player_stocks + 4)], edi ; mov dword [eax + 0x4971a4], edi loc_004256c2: imul ebx, esi, 0x54 mov eax, ebp shl eax, 2 sub eax, ebp shl eax, 2 add ebx, eax mov eax, dword [ebx + ref_004967e4] ; mov eax, dword [ebx + 0x4967e4] mov edi, dword [esp] add edi, eax mov dword [esp], edi mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 sub eax, edx shl eax, 5 mov edx, ecx shl edx, 3 add edx, eax fild dword [edx + _player_stocks] ; fild dword [edx + 0x4971a0] mov eax, edi mov dword [esp + 4], edi fild dword [esp + 4] fdivrp st1 ; fdivrp st(1) fstp dword [edx + (_player_stocks + 4)] ; fstp dword [edx + 0x4971a4] xor eax, edi mov ax, word [ebx + ref_004967e2] ; mov ax, word [ebx + 0x4967e2] push eax mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_004294d5 ; call 0x4294d5 add esp, 8 cmp eax, 1 jne short loc_0042575c ; jne 0x42575c imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_0042575c ; jne 0x42575c push 1 push ref_00463e5f ; push 0x463e5f call fcn_00424502 ; call 0x424502 add esp, 8 push 0x5dc call fcn_004528b9 ; call 0x4528b9 add esp, 4 call fcn_00424620 ; call 0x424620 loc_0042575c: push 0 imul ecx, esi, 0x54 mov eax, ebp shl eax, 2 sub eax, ebp mov ebx, dword [ecx + eax*4 + ref_004967e4] ; mov ebx, dword [ecx + eax*4 + 0x4967e4] push ebx push esi mov esi, dword [_current_player] ; mov esi, dword [0x49910c] push esi jmp near loc_004258ac ; jmp 0x4258ac loc_0042577d: mov dx, word [ebx + ref_004967e2] ; mov dx, word [ebx + 0x4967e2] cmp dx, 0xfa0 jae short loc_004257a0 ; jae 0x4257a0 xor eax, eax mov ax, dx sub eax, 0x7d0 imul eax, eax, 0x34 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] jmp short loc_004257ba ; jmp 0x4257ba loc_004257a0: xor eax, eax mov ax, dx sub eax, 0xfa0 shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] loc_004257ba: add edx, eax mov al, byte [_current_player] ; mov al, byte [0x49910c] inc al mov byte [edx + 0x19], al push 0 call fcn_0040a4e1 ; call 0x40a4e1 add esp, 4 jmp short loc_0042575c ; jmp 0x42575c loc_004257d2: xor edi, edi mov di, word [ebx + ref_004967e2] ; mov di, word [ebx + 0x4967e2] mov eax, ecx shl eax, 2 add eax, ecx mov ecx, eax shl eax, 2 sub eax, ecx cmp byte [edi + eax + ref_0049915b], 9 ; cmp byte [edi + eax + 0x49915b], 9 jb short loc_0042580c ; jb 0x42580c cmp byte [edx + (_players+21)], 1 ; cmp byte [edx + 0x496b7d], 1 jne near loc_00425639 ; jne 0x425639 push 1 push ref_00463e72 ; push 0x463e72 jmp near loc_0042561f ; jmp 0x42561f loc_0042580c: push edi push esi call fcn_00445aa2 ; call 0x445aa2 add esp, 8 xor eax, eax mov ax, word [ebx + ref_004967e2] ; mov ax, word [ebx + 0x4967e2] push eax mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_00445a4d ; call 0x445a4d add esp, 8 push 0 mov edx, dword [ebx + ref_004967e4] ; mov edx, dword [ebx + 0x4967e4] push edx push esi mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx jmp short loc_004258ac ; jmp 0x4258ac loc_00425841: push ecx call fcn_00441262 ; call 0x441262 add esp, 4 cmp eax, 0xf jl short loc_0042586f ; jl 0x42586f imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne near loc_00425639 ; jne 0x425639 push 1 push ref_00463e89 ; push 0x463e89 jmp near loc_0042561f ; jmp 0x42561f loc_0042586f: xor eax, eax mov ax, word [ebx + ref_004967e2] ; mov ax, word [ebx + 0x4967e2] push eax push esi call fcn_00441343 ; call 0x441343 add esp, 8 xor eax, eax mov ax, word [ebx + ref_004967e2] ; mov ax, word [ebx + 0x4967e2] push eax mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_004412e4 ; call 0x4412e4 add esp, 8 push 0 mov edi, dword [ebx + ref_004967e4] ; mov edi, dword [ebx + 0x4967e4] push edi push esi mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp loc_004258ac: call fcn_0041d2c6 ; call 0x41d2c6 add esp, 0x10 loc_004258b4: mov eax, 1 loc_004258b9: add esp, 8 pop ebp pop edi loc_004258be: pop esi pop ebx ret fcn_004258c1: push ebx push esi push edi push ebp sub esp, 0xdc mov eax, dword [esp + 0xf4] mov edx, dword [esp + 0xfc] cmp eax, 0x202 jb short loc_0042590f ; jb 0x42590f jbe near loc_00425dd8 ; jbe 0x425dd8 cmp eax, 0x205 jb short loc_004258ff ; jb 0x4258ff jbe near loc_00425fca ; jbe 0x425fca cmp eax, 0x401 je short loc_0042592f ; je 0x42592f jmp near loc_00426071 ; jmp 0x426071 loc_004258ff: cmp eax, 0x203 je near loc_00425cfa ; je 0x425cfa jmp near loc_00426071 ; jmp 0x426071 loc_0042590f: cmp eax, 0x200 jb short loc_00425921 ; jb 0x425921 jbe near loc_00425b19 ; jbe 0x425b19 jmp near loc_00425cfa ; jmp 0x425cfa loc_00425921: cmp eax, 0xf je near loc_00425ff9 ; je 0x425ff9 jmp near loc_00426071 ; jmp 0x426071 loc_0042592f: xor ah, ah mov byte [ref_0048c2b8], ah ; mov byte [0x48c2b8], ah mov byte [ref_0048c2b9], ah ; mov byte [0x48c2b9], ah push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax push 0x1a0 mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] movsx eax, word [eax + 0x18] push eax push 0x20 push 0x98 push 0 push ref_0046caec ; push 0x46caec call fcn_00451a97 ; call 0x451a97 add esp, 0x18 mov dword [ref_0048c2ac], eax ; mov dword [0x48c2ac], eax push 0x20 push 0x98 mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0x18 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0xc push 0 push ref_0048c29c ; push 0x48c29c call memset ; call 0x456f60 add esp, 0xc xor ebx, ebx xor ebp, ebp mov esi, 0x50 jmp short loc_004259e4 ; jmp 0x4259e4 loc_004259da: inc ebx cmp ebx, 0xc jge near loc_00425adf ; jge 0x425adf loc_004259e4: mov edi, dword [_current_player] ; mov edi, dword [0x49910c] mov eax, edi shl eax, 2 sub eax, edi shl eax, 5 mov edx, ebx shl edx, 3 mov dword [esp + 0xd4], edx add eax, edx cmp dword [eax + _player_stocks], 0 ; cmp dword [eax + 0x4971a0], 0 je short loc_004259da ; je 0x4259da push 2 push esi push 0xc8 mov eax, ebx shl eax, 3 lea edi, [ebx + eax] shl edi, 2 mov ecx, dword [edi + (_stocks_on_map+0)] ; mov ecx, dword [edi + 0x496980] push ecx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 sub eax, edx shl eax, 5 add eax, dword [esp + 0xd4] mov ecx, dword [eax + _player_stocks] ; mov ecx, dword [eax + 0x4971a0] push ecx lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi push 0x14c lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 sub eax, edx shl eax, 5 add eax, dword [esp + 0xd4] fild dword [eax + _player_stocks] ; fild dword [eax + 0x4971a0] fmul dword [edi + (_stocks_on_map+20)] ; fmul dword [edi + 0x496994] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0xd8] mov ecx, dword [esp + 0xd8] push ecx lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push esi push 0x1de lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 add esi, 0x20 mov al, bl inc al mov byte [ebp + ref_0048c29c], al ; mov byte [ebp + 0x48c29c], al inc ebp jmp near loc_004259da ; jmp 0x4259da loc_00425adf: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 1 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 0 mov ebx, dword [esp + 0xf8] push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_00425b0c: xor eax, eax loc_00425b0e: add esp, 0xdc jmp near loc_0042679d ; jmp 0x42679d loc_00425b19: xor ebx, ebx mov bx, dx shr edx, 0x10 and edx, 0xffff xor esi, esi mov si, dx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax mov dword [esp + 0xc0], 0x98 mov edi, dword [ref_0048c298] ; mov edi, dword [0x48c298] movsx eax, word [edi + 0x18] add eax, 0x98 mov dword [esp + 0xc8], eax cmp ebx, 0x98 jle near loc_00425c73 ; jle 0x425c73 cmp ebx, eax jge near loc_00425c73 ; jge 0x425c73 cmp esi, 0x40 jle near loc_00425c73 ; jle 0x425c73 cmp esi, 0x1c0 jge near loc_00425c73 ; jge 0x425c73 lea edx, [esi - 0x40] mov eax, edx sar edx, 0x1f shl edx, 5 sbb eax, edx sar eax, 5 mov ebx, eax xor eax, eax mov al, byte [ref_0048c2b9] ; mov al, byte [0x48c2b9] lea edx, [ebx + 1] cmp eax, edx je near loc_00425ce5 ; je 0x425ce5 test al, al je short loc_00425c0a ; je 0x425c0a shl eax, 5 lea edx, [eax + 0x20] mov dword [esp + 0xc4], edx add eax, 0x40 mov dword [esp + 0xcc], eax push 0 push 0x20 movsx eax, word [edi + 0x18] push eax push edx push 0x98 push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 push 0 lea eax, [esp + 0xc4] push eax mov edi, dword [esp + 0xf8] push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_00425c0a: mov eax, ebx shl eax, 5 lea edx, [eax + 0x40] mov dword [esp + 0xc4], edx add eax, 0x60 mov dword [esp + 0xcc], eax push 0xffffff push 0x20 mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] movsx eax, word [eax + 0x18] push eax push edx mov eax, dword [esp + 0xd0] push eax push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 push 0 lea eax, [esp + 0xc4] push eax mov edx, dword [esp + 0xf8] push edx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] inc bl mov byte [ref_0048c2b8], bl ; mov byte [0x48c2b8], bl mov byte [ref_0048c2b9], bl ; mov byte [0x48c2b9], bl jmp short loc_00425ce5 ; jmp 0x425ce5 loc_00425c73: cmp byte [ref_0048c2b9], 0 ; cmp byte [0x48c2b9], 0 je short loc_00425ce5 ; je 0x425ce5 xor eax, eax mov al, byte [ref_0048c2b9] ; mov al, byte [0x48c2b9] shl eax, 5 lea edx, [eax + 0x20] mov dword [esp + 0xc4], edx add eax, 0x40 mov dword [esp + 0xcc], eax push 0 push 0x20 mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] movsx eax, word [eax + 0x18] push eax push edx mov edx, dword [esp + 0xd0] push edx push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 push 0 lea eax, [esp + 0xc4] push eax mov ecx, dword [esp + 0xf8] push ecx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] xor ah, ah mov byte [ref_0048c2b8], ah ; mov byte [0x48c2b8], ah mov byte [ref_0048c2b9], ah ; mov byte [0x48c2b9], ah loc_00425ce5: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall jmp near loc_00425b0c ; jmp 0x425b0c loc_00425cfa: xor ebx, ebx mov bx, dx shr edx, 0x10 and edx, 0xffff xor esi, esi mov si, dx cmp ebx, 0x1cf jle near loc_00425b0c ; jle 0x425b0c cmp ebx, 0x1e4 jge near loc_00425b0c ; jge 0x425b0c cmp esi, 0x26 jle near loc_00425b0c ; jle 0x425b0c cmp esi, 0x3b jge near loc_00425b0c ; jge 0x425b0c mov dword [esp + 0xc0], 0x1cf mov dword [esp + 0xc8], 0x1e4 mov dword [esp + 0xc4], 0x26 mov dword [esp + 0xcc], 0x3b mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [esp + 0xc4] push eax mov edx, dword [esp + 0xc4] push edx mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0xe4 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0xc4] push eax mov ebx, dword [esp + 0xf8] push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov byte [ref_0048c2b8], 0x63 ; mov byte [0x48c2b8], 0x63 jmp near loc_00425b0c ; jmp 0x425b0c loc_00425dd8: mov dh, byte [ref_0048c2b8] ; mov dh, byte [0x48c2b8] test dh, dh je near loc_00425b0c ; je 0x425b0c cmp dh, 0x63 jne near loc_00425ea2 ; jne 0x425ea2 mov dword [esp + 0xc0], 0x1cf mov dword [esp + 0xc8], 0x1e4 mov dword [esp + 0xc4], 0x26 mov dword [esp + 0xcc], 0x3b mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x15 push 0x15 push 6 push 0x137 mov edi, dword [esp + 0xd4] push edi mov ebp, dword [esp + 0xd4] push ebp mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0x18 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0xc4] push eax mov edx, dword [esp + 0xf8] push edx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 push 0 push 0x205 mov ecx, dword [esp + 0xfc] push ecx jmp near loc_00425fb6 ; jmp 0x425fb6 loc_00425ea2: xor eax, eax mov al, dh cmp byte [eax + ref_0048c29b], 0 ; cmp byte [eax + 0x48c29b], 0 je near loc_00425fbd ; je 0x425fbd push 0 push ref_00463ea0 ; push 0x463ea0 call fcn_00424502 ; call 0x424502 add esp, 8 xor eax, eax mov al, byte [ref_0048c2b8] ; mov al, byte [0x48c2b8] xor ebx, ebx mov bl, byte [eax + ref_0048c29b] ; mov bl, byte [eax + 0x48c29b] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 sub eax, edx shl eax, 5 mov esi, dword [eax + ebx*8 + ref_00497198] ; mov esi, dword [eax + ebx*8 + 0x497198] push esi call fcn_00453544 ; call 0x453544 mov ebx, eax add esp, 4 call fcn_00424620 ; call 0x424620 test ebx, ebx je near loc_00425fbd ; je 0x425fbd xor eax, eax mov al, byte [ref_0048c2b8] ; mov al, byte [0x48c2b8] xor edx, edx mov dl, byte [eax + ref_0048c29b] ; mov dl, byte [eax + 0x48c29b] dec edx mov eax, edx shl eax, 3 add eax, edx mov dword [esp + 0xd8], ebx fild dword [esp + 0xd8] fmul dword [eax*4 + (_stocks_on_map+20)] ; fmul dword [eax*4 + 0x496994] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0xd0] mov edi, dword [esp + 0xd0] push edi push ref_00463eb3 ; push 0x463eb3 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 lea eax, [esp + 4] push eax call fcn_00424502 ; call 0x424502 add esp, 8 mov eax, edi shl eax, 2 add eax, edi add eax, eax push eax call fcn_00453544 ; call 0x453544 mov esi, eax add esp, 4 call fcn_00424620 ; call 0x424620 test esi, esi je short loc_00425fbd ; je 0x425fbd push ebx push esi xor eax, eax mov al, byte [ref_0048c2b8] ; mov al, byte [0x48c2b8] mov al, byte [eax + ref_0048c29b] ; mov al, byte [eax + 0x48c29b] and eax, 0xff dec eax push eax push 1 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp call fcn_004246c5 ; call 0x4246c5 add esp, 0x14 push 0 push 0 push 0x205 mov eax, dword [esp + 0xfc] push eax loc_00425fb6: call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] loc_00425fbd: xor cl, cl mov byte [ref_0048c2b8], cl ; mov byte [0x48c2b8], cl jmp near loc_00425b0c ; jmp 0x425b0c loc_00425fca: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0x20 push 0x98 mov ecx, dword [ref_0048c2ac] ; mov ecx, dword [0x48c2ac] push ecx call fcn_00451edb ; call 0x451edb add esp, 0xc push 0 call _Post_0402_Message ; call 0x401966 add esp, 4 jmp near loc_00425b0c ; jmp 0x425b0c loc_00425ff9: lea eax, [esp + 0x80] push eax mov esi, dword [esp + 0xf4] push esi call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 0x88] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ebx, [esp + 0x8c] push ebx mov edi, dword [ref_0048a0e0] ; mov edi, dword [0x48a0e0] push edi mov ebp, dword [esp + 0x98] push ebp mov ecx, dword [esp + 0x98] push ecx push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 0x88] push eax call fcn_00402250 ; call 0x402250 add esp, 4 lea eax, [esp + 0x80] push eax push esi call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_00425b0c ; jmp 0x425b0c loc_00426071: push edx mov ecx, dword [esp + 0xfc] push ecx push eax mov ebx, dword [esp + 0xfc] push ebx call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_00425b0e ; jmp 0x425b0e fcn_0042608f: push ebx push esi push edi push ebp sub esp, 0xd0 mov edi, dword [esp + 0xe4] mov eax, dword [esp + 0xe8] mov edx, dword [esp + 0xec] mov ebx, dword [esp + 0xf0] cmp eax, 0x201 jb short loc_004260f0 ; jb 0x4260f0 jbe near loc_00426387 ; jbe 0x426387 cmp eax, 0x203 jb near loc_00426515 ; jb 0x426515 jbe near loc_00426387 ; jbe 0x426387 cmp eax, 0x205 jb near loc_0042678c ; jb 0x42678c jbe near loc_00426673 ; jbe 0x426673 cmp eax, 0x401 je short loc_00426126 ; je 0x426126 jmp near loc_0042678c ; jmp 0x42678c loc_004260f0: cmp eax, 0x100 jb short loc_00426118 ; jb 0x426118 jbe near loc_004266aa ; jbe 0x4266aa cmp eax, 0x101 jbe near loc_0042669c ; jbe 0x42669c cmp eax, 0x200 je near loc_004261cb ; je 0x4261cb jmp near loc_0042678c ; jmp 0x42678c loc_00426118: cmp eax, 0xf je near loc_00426715 ; je 0x426715 jmp near loc_0042678c ; jmp 0x42678c loc_00426126: xor ah, ah mov byte [ref_0048c2ba], ah ; mov byte [0x48c2ba], ah xor dl, dl mov byte [ref_0048c2bb], ah ; mov byte [0x48c2bb], ah xor dh, dh mov byte [ref_0048c2bc], ah ; mov byte [0x48c2bc], ah mov word [ref_0048c2bd], dx ; mov word [0x48c2bd], dx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] movsx edx, word [eax + 0x26] push edx movsx eax, word [eax + 0x24] push eax push 0x20 push 0x70 push 0 push ref_0046caec ; push 0x46caec call fcn_00451a97 ; call 0x451a97 add esp, 0x18 mov dword [ref_0048c2ac], eax ; mov dword [0x48c2ac], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 xor eax, eax mov al, byte [ref_0048c2bb] ; mov al, byte [0x48c2bb] push eax call fcn_00424aea ; call 0x424aea add esp, 8 push 1 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 0 loc_004261bc: push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_004261c4: xor eax, eax jmp near loc_00426797 ; jmp 0x426797 loc_004261cb: xor esi, esi mov si, bx mov eax, ebx shr eax, 0x10 and eax, 0xffff xor ebx, ebx mov bx, ax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax mov edx, 0x70 mov dword [esp + 0xc0], edx mov ecx, dword [ref_0048c298] ; mov ecx, dword [0x48c298] movsx eax, word [ecx + 0x24] add eax, 0x5f mov dword [esp + 0xc8], eax cmp esi, edx jle near loc_0042630c ; jle 0x42630c cmp esi, eax jge near loc_0042630c ; jge 0x42630c cmp ebx, 0x60 jle near loc_0042630c ; jle 0x42630c cmp ebx, 0x1c0 jge near loc_0042630c ; jge 0x42630c lea edx, [ebx - 0x60] mov eax, edx sar edx, 0x1f shl edx, 5 sbb eax, edx sar eax, 5 mov ebx, eax xor eax, eax mov al, byte [ref_0048c2bc] ; mov al, byte [0x48c2bc] lea edx, [ebx + 1] cmp eax, edx je near loc_00426372 ; je 0x426372 test al, al je short loc_004262b1 ; je 0x4262b1 shl eax, 5 lea edx, [eax + 0x40] mov dword [esp + 0xc4], edx add eax, 0x60 mov dword [esp + 0xcc], eax push 0 push 0x20 movsx eax, word [ecx + 0x24] sub eax, 0x11 push eax push edx push 0x70 push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 push 0 lea eax, [esp + 0xc4] push eax push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_004262b1: mov eax, ebx shl eax, 5 lea edx, [eax + 0x60] mov dword [esp + 0xc4], edx add eax, 0x80 mov dword [esp + 0xcc], eax push 0xffffff push 0x20 mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] movsx eax, word [eax + 0x24] sub eax, 0x11 push eax push edx mov ebp, dword [esp + 0xd0] push ebp push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 push 0 lea eax, [esp + 0xc4] push eax push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] inc bl jmp short loc_0042636c ; jmp 0x42636c loc_0042630c: mov dh, byte [ref_0048c2bc] ; mov dh, byte [0x48c2bc] test dh, dh je short loc_00426372 ; je 0x426372 xor eax, eax mov al, dh shl eax, 5 lea edx, [eax + 0x40] mov dword [esp + 0xc4], edx add eax, 0x60 mov dword [esp + 0xcc], eax push 0 push 0x20 mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] movsx eax, word [eax + 0x24] sub eax, 0x11 push eax push edx mov edx, dword [esp + 0xd0] push edx push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 push 0 lea eax, [esp + 0xc4] push eax push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] xor bl, bl loc_0042636c: mov byte [ref_0048c2bc], bl ; mov byte [0x48c2bc], bl loc_00426372: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall jmp near loc_004261c4 ; jmp 0x4261c4 loc_00426387: xor esi, esi mov si, bx shr ebx, 0x10 and ebx, 0xffff and ebx, 0xffff cmp esi, 0x70 jle near loc_0042643e ; jle 0x42643e mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] movsx eax, word [eax + 0x24] add eax, 0x5f cmp esi, eax jge near loc_0042643e ; jge 0x42643e cmp ebx, 0x20 jle near loc_0042643e ; jle 0x42643e cmp ebx, 0x3e jge short loc_0042643e ; jge 0x42643e lea edx, [esi - 0x70] mov ecx, 0x50 mov eax, edx sar edx, 0x1f idiv ecx mov ebx, eax xor eax, eax mov al, byte [ref_0048c2bb] ; mov al, byte [0x48c2bb] cmp eax, ebx je near loc_004261c4 ; je 0x4261c4 mov byte [ref_0048c2bb], bl ; mov byte [0x48c2bb], bl push 0 xor eax, eax mov al, bl push eax call fcn_00424aea ; call 0x424aea add esp, 8 mov dword [esp + 0xc0], 0x70 mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] movsx eax, word [eax + 0x24] add eax, 0x5f mov dword [esp + 0xc8], eax mov dword [esp + 0xc4], 0x20 mov dword [esp + 0xcc], 0x3e push 0 lea eax, [esp + 0xc4] push eax jmp near loc_004261bc ; jmp 0x4261bc loc_0042643e: mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] movsx edx, word [eax + 0x24] lea ecx, [edx + 0x5f] cmp esi, ecx jle near loc_004261c4 ; jle 0x4261c4 lea ecx, [edx + 0x70] cmp esi, ecx jge near loc_004261c4 ; jge 0x4261c4 add edx, 0x60 mov dword [esp + 0xc0], edx movsx eax, word [eax + 0x24] add eax, 0x6f mov dword [esp + 0xc8], eax cmp ebx, 0x20 jle short loc_0042649e ; jle 0x42649e cmp ebx, 0x33 jge short loc_0042649e ; jge 0x42649e mov dword [esp + 0xc4], 0x21 mov dword [esp + 0xcc], 0x32 mov byte [ref_0048c2ba], 1 ; mov byte [0x48c2ba], 1 jmp short loc_00426500 ; jmp 0x426500 loc_0042649e: cmp ebx, 0x40 jle short loc_004264c7 ; jle 0x4264c7 cmp ebx, 0x60 jge short loc_004264c7 ; jge 0x4264c7 mov dword [esp + 0xc4], 0x41 mov dword [esp + 0xcc], 0x5f mov byte [ref_0048c2ba], 2 ; mov byte [0x48c2ba], 2 jmp short loc_00426500 ; jmp 0x426500 loc_004264c7: cmp ebx, 0x60 jle short loc_004264f3 ; jle 0x4264f3 cmp ebx, 0x80 jge short loc_004264f3 ; jge 0x4264f3 mov dword [esp + 0xc4], 0x61 mov dword [esp + 0xcc], 0x7f mov byte [ref_0048c2ba], 3 ; mov byte [0x48c2ba], 3 jmp short loc_00426500 ; jmp 0x426500 loc_004264f3: cmp byte [ref_0048c2ba], 0 ; cmp byte [0x48c2ba], 0 je near loc_004261c4 ; je 0x4261c4 loc_00426500: lea eax, [esp + 0xc0] push eax call fcn_00451b9e ; call 0x451b9e loc_0042650d: add esp, 4 jmp near loc_004261c4 ; jmp 0x4261c4 loc_00426515: cmp byte [ref_0048c2ba], 0 ; cmp byte [0x48c2ba], 0 je short loc_00426569 ; je 0x426569 call fcn_00451d4e ; call 0x451d4e mov al, byte [ref_0048c2ba] ; mov al, byte [0x48c2ba] cmp al, 2 jb short loc_00426534 ; jb 0x426534 jbe short loc_0042654b ; jbe 0x42654b cmp al, 3 je short loc_0042654f ; je 0x42654f jmp short loc_00426561 ; jmp 0x426561 loc_00426534: cmp al, 1 jne short loc_00426561 ; jne 0x426561 push 0 push 0 push 0x205 push edi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] jmp short loc_00426561 ; jmp 0x426561 loc_0042654b: push 2 jmp short loc_00426551 ; jmp 0x426551 loc_0042654f: push 1 loc_00426551: xor eax, eax mov al, byte [ref_0048c2bb] ; mov al, byte [0x48c2bb] push eax call fcn_00424aea ; call 0x424aea add esp, 8 loc_00426561: xor bh, bh mov byte [ref_0048c2ba], bh ; mov byte [0x48c2ba], bh loc_00426569: mov cl, byte [ref_0048c2bc] ; mov cl, byte [0x48c2bc] test cl, cl je near loc_004261c4 ; je 0x4261c4 xor eax, eax mov al, cl cmp eax, dword [ref_004754be] ; cmp eax, dword [0x4754be] jg near loc_004261c4 ; jg 0x4261c4 mov ebx, dword [ref_004754ba] ; mov ebx, dword [0x4754ba] add ebx, eax add ebx, ebx mov bx, word [ebx + ref_0048be6e] ; mov bx, word [ebx + 0x48be6e] and ebx, 0xffff cmp ebx, 0xfa0 jge short loc_004265cb ; jge 0x4265cb lea eax, [ebx - 0x7d0] imul eax, eax, 0x34 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] add eax, edx xor ecx, ecx mov cx, word [eax + 0x1e] xor edx, edx mov dl, byte [eax + 0x1a] imul edx, ecx mov ax, word [eax + 0x1c] jmp short loc_004265f5 ; jmp 0x4265f5 loc_004265cb: lea eax, [ebx - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] add eax, edx xor ecx, ecx mov cx, word [eax + 0x24] xor edx, edx mov dl, byte [eax + 0x1a] imul edx, ecx mov ax, word [eax + 0x22] loc_004265f5: and eax, 0xffff add eax, edx mov esi, dword [ref_004990e8] ; mov esi, dword [0x4990e8] imul esi, eax push esi push ref_00463eb3 ; push 0x463eb3 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 lea eax, [esp + 4] push eax call fcn_00424502 ; call 0x424502 add esp, 8 mov eax, esi shl eax, 2 add eax, esi add eax, eax push eax call fcn_00453544 ; call 0x453544 mov esi, eax add esp, 4 call fcn_00424620 ; call 0x424620 test esi, esi je near loc_004261c4 ; je 0x4261c4 push 0 push esi push ebx push 2 mov esi, dword [_current_player] ; mov esi, dword [0x49910c] push esi call fcn_004246c5 ; call 0x4246c5 add esp, 0x14 push 0 push 0 push 0x205 push edi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] jmp near loc_004261c4 ; jmp 0x4261c4 loc_00426673: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0x20 push 0x70 mov edx, dword [ref_0048c2ac] ; mov edx, dword [0x48c2ac] push edx call fcn_00451edb ; call 0x451edb add esp, 0xc push 0 call _Post_0402_Message ; call 0x401966 jmp near loc_0042650d ; jmp 0x42650d loc_0042669c: xor ebx, ebx mov word [ref_0048c2bd], bx ; mov word [0x48c2bd], bx jmp near loc_004261c4 ; jmp 0x4261c4 loc_004266aa: cmp edx, 0x11 jne short loc_004266ba ; jne 0x4266ba mov word [ref_0048c2bd], 0x1100 ; mov word [0x48c2bd], 0x1100 jmp short loc_004266c1 ; jmp 0x4266c1 loc_004266ba: or word [ref_0048c2bd], dx ; or word [0x48c2bd], dx loc_004266c1: xor edx, edx mov dx, word [ref_0049719a] ; mov dx, word [0x49719a] xor eax, eax mov ax, word [ref_0048c2bd] ; mov ax, word [0x48c2bd] cmp eax, edx jne short loc_004266da ; jne 0x4266da push 2 jmp short loc_004266e9 ; jmp 0x4266e9 loc_004266da: xor edx, edx mov dx, word [ref_0049719c] ; mov dx, word [0x49719c] cmp eax, edx jne short loc_004266f9 ; jne 0x4266f9 push 1 loc_004266e9: xor eax, edx mov al, byte [ref_0048c2bb] ; mov al, byte [0x48c2bb] push eax call fcn_00424aea ; call 0x424aea add esp, 8 loc_004266f9: cmp word [ref_0048c2bd], 0x1100 ; cmp word [0x48c2bd], 0x1100 je near loc_004261c4 ; je 0x4261c4 xor eax, eax mov word [ref_0048c2bd], ax ; mov word [0x48c2bd], ax jmp near loc_004261c4 ; jmp 0x4261c4 loc_00426715: lea eax, [esp + 0x80] push eax push edi call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 0x88] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov eax, dword [eax] push 0x10 lea edx, [esp + 0x8c] push edx mov edx, dword [ref_0048a0e0] ; mov edx, dword [0x48a0e0] push edx mov ecx, dword [esp + 0x98] push ecx mov ebx, dword [esp + 0x98] push ebx mov esi, dword [ref_0048a0dc] ; mov esi, dword [0x48a0dc] push esi call dword [eax + 0x1c] ; ucall lea eax, [esp + 0x88] push eax call fcn_00402250 ; call 0x402250 add esp, 4 lea eax, [esp + 0x80] push eax push edi call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_004261c4 ; jmp 0x4261c4 loc_0042678c: push ebx push edx push eax push edi loc_00426790: call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] loc_00426797: add esp, 0xd0 loc_0042679d: pop ebp pop edi pop esi pop ebx ret 0x10 fcn_004267a4: push ebx push esi push edi push ebp sub esp, 0xd0 mov eax, dword [esp + 0xe8] mov edx, dword [esp + 0xf0] cmp eax, 0x202 jb short loc_004267f2 ; jb 0x4267f2 jbe near loc_00426ab8 ; jbe 0x426ab8 cmp eax, 0x205 jb short loc_004267e2 ; jb 0x4267e2 jbe near loc_00426b89 ; jbe 0x426b89 cmp eax, 0x401 je short loc_00426808 ; je 0x426808 jmp near loc_00426c17 ; jmp 0x426c17 loc_004267e2: cmp eax, 0x203 loc_004267e7: je near loc_00426974 ; je 0x426974 jmp near loc_00426c17 ; jmp 0x426c17 loc_004267f2: cmp eax, 0xf jb near loc_00426c17 ; jb 0x426c17 jbe near loc_00426b9f ; jbe 0x426b9f cmp eax, 0x201 jmp short loc_004267e7 ; jmp 0x4267e7 loc_00426808: xor ah, ah mov byte [ref_0048c2bf], ah ; mov byte [0x48c2bf], ah mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0xa0 push 0x8c mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0x30 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0 push 3 push 0x101010 push 0xffffff push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 0x10 push 0 push ref_0048c548 ; push 0x48c548 call memset ; call 0x456f60 add esp, 0xc xor ebx, ebx xor ebp, ebp mov esi, 0xb0 mov edi, 0xd0 jmp short loc_0042688b ; jmp 0x42688b loc_00426881: inc ebx cmp ebx, 0xd jge near loc_00426942 ; jge 0x426942 loc_0042688b: mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx cmp byte [ebx + eax + ref_0049915c], 0 ; cmp byte [ebx + eax + 0x49915c], 0 je short loc_00426881 ; je 0x426881 push edi lea eax, [esi - 0x10] push eax mov ecx, dword [ref_0048c2a8] ; mov ecx, dword [0x48c2a8] mov edx, ebx shl edx, 2 sub edx, ebx shl edx, 2 lea eax, [ecx + 0xc] add eax, edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx mov al, byte [ebx + eax + ref_0049915c] ; mov al, byte [ebx + eax + 0x49915c] and eax, 0xff push eax push ref_00463ed6 ; push 0x463ed6 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 6 push edi lea eax, [esi + 0x1e] push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov al, bl inc al mov byte [ebp + ref_0048c548], al ; mov byte [ebp + 0x48c548], al inc ebp add esi, 0x48 cmp esi, 0x1d0 jle near loc_00426881 ; jle 0x426881 mov esi, 0xb0 add edi, 0x20 jmp near loc_00426881 ; jmp 0x426881 loc_00426942: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 1 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 0 mov edx, dword [esp + 0xec] push edx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_004261c4 ; jmp 0x4261c4 loc_00426974: xor esi, esi mov si, dx mov eax, edx shr eax, 0x10 and eax, 0xffff xor edi, edi mov di, ax cmp esi, 0x8c jle near loc_00426a63 ; jle 0x426a63 cmp esi, 0x1f4 jge near loc_00426a63 ; jge 0x426a63 cmp edi, 0xc0 jle near loc_00426a63 ; jle 0x426a63 cmp edi, 0x120 jge near loc_00426a63 ; jge 0x426a63 lea edx, [edi - 0xc0] mov eax, edx sar edx, 0x1f shl edx, 5 sbb eax, edx sar eax, 5 mov ebp, eax lea edx, [esi - 0x8c] mov ecx, 0x48 mov eax, edx sar edx, 0x1f idiv ecx mov edx, eax mov ecx, ebp mov eax, ecx shl eax, 2 add eax, ecx lea ebx, [eax + edx] mov cl, byte [ebx + ref_0048c548] ; mov cl, byte [ebx + 0x48c548] test cl, cl je near loc_00426a41 ; je 0x426a41 mov eax, edx shl eax, 3 add eax, edx shl eax, 3 lea edx, [eax + 0x8d] mov dword [esp + 0xc0], edx add eax, 0xd3 mov dword [esp + 0xc8], eax shl ebp, 5 lea eax, [ebp + 0xc1] mov dword [esp + 0xc4], eax add ebp, 0xdf mov dword [esp + 0xcc], ebp mov byte [ref_0048c2bf], cl ; mov byte [0x48c2bf], cl loc_00426a41: cmp byte [ref_0048c2bf], 0 ; cmp byte [0x48c2bf], 0 je near loc_004261c4 ; je 0x4261c4 loc_00426a4e: lea eax, [esp + 0xc0] push eax call fcn_00451b9e ; call 0x451b9e loc_00426a5b: add esp, 4 jmp near loc_004261c4 ; jmp 0x4261c4 loc_00426a63: cmp esi, 0x1ac jle short loc_00426a41 ; jle 0x426a41 cmp esi, 0x1f4 jge short loc_00426a41 ; jge 0x426a41 cmp edi, 0xa0 jle short loc_00426a41 ; jle 0x426a41 cmp edi, 0xc0 jge short loc_00426a41 ; jge 0x426a41 mov dword [esp + 0xc0], 0x1ad mov dword [esp + 0xc8], 0x1f3 mov dword [esp + 0xc4], 0xa1 mov dword [esp + 0xcc], 0xbf mov byte [ref_0048c2bf], 0x63 ; mov byte [0x48c2bf], 0x63 jmp short loc_00426a4e ; jmp 0x426a4e loc_00426ab8: cmp byte [ref_0048c2bf], 0 ; cmp byte [0x48c2bf], 0 je near loc_004261c4 ; je 0x4261c4 call fcn_00451d4e ; call 0x451d4e mov dh, byte [ref_0048c2bf] ; mov dh, byte [0x48c2bf] cmp dh, 0x63 jne short loc_00426af2 ; jne 0x426af2 push 0 push 0 push 0x205 mov edi, dword [esp + 0xf0] push edi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] jmp near loc_004261c4 ; jmp 0x4261c4 loc_00426af2: xor eax, eax mov al, dh xor ebx, ebx mov bl, byte [eax*8 + (ref_0047fee2 - 3)] ; mov bl, byte [eax*8 + 0x47fedf] imul ebx, ebx, 0x64 imul ebx, dword [ref_004990e8] ; imul ebx, dword [0x4990e8] push ebx push ref_00463eb3 ; push 0x463eb3 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 lea eax, [esp + 4] push eax call fcn_00424502 ; call 0x424502 add esp, 8 mov eax, ebx shl eax, 2 add eax, ebx add eax, eax push eax call fcn_00453544 ; call 0x453544 mov ebx, eax add esp, 4 call fcn_00424620 ; call 0x424620 test ebx, ebx je short loc_00426b7c ; je 0x426b7c push 0 push ebx xor eax, eax mov al, byte [ref_0048c2bf] ; mov al, byte [0x48c2bf] push eax push 3 mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_004246c5 ; call 0x4246c5 add esp, 0x14 push 0 push 0 push 0x205 mov esi, dword [esp + 0xf0] push esi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] loc_00426b7c: xor bl, bl mov byte [ref_0048c2bf], bl ; mov byte [0x48c2bf], bl jmp near loc_004261c4 ; jmp 0x4261c4 loc_00426b89: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 call _Post_0402_Message ; call 0x401966 jmp near loc_00426a5b ; jmp 0x426a5b loc_00426b9f: lea eax, [esp + 0x80] push eax mov ebx, dword [esp + 0xe8] push ebx call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 0x88] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0x8c] push ecx mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] push esi mov edi, dword [esp + 0x98] push edi mov ebp, dword [esp + 0x98] push ebp push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 0x88] push eax call fcn_00402250 ; call 0x402250 add esp, 4 lea eax, [esp + 0x80] push eax push ebx call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_004261c4 ; jmp 0x4261c4 loc_00426c17: push edx mov edx, dword [esp + 0xf0] push edx push eax mov ecx, dword [esp + 0xf0] push ecx jmp near loc_00426790 ; jmp 0x426790 fcn_00426c2e: push ebx push esi push edi push ebp sub esp, 0xd0 mov ebp, dword [esp + 0xe4] mov eax, dword [esp + 0xe8] mov edx, dword [esp + 0xf0] cmp eax, 0x202 jb short loc_00426c83 ; jb 0x426c83 jbe near loc_00426edc ; jbe 0x426edc cmp eax, 0x205 jb short loc_00426c73 ; jb 0x426c73 jbe near loc_00426fa4 ; jbe 0x426fa4 cmp eax, 0x401 je short loc_00426c99 ; je 0x426c99 jmp near loc_0042702b ; jmp 0x42702b loc_00426c73: cmp eax, 0x203 loc_00426c78: je near loc_00426d82 ; je 0x426d82 jmp near loc_0042702b ; jmp 0x42702b loc_00426c83: cmp eax, 0xf jb near loc_0042702b ; jb 0x42702b jbe near loc_00426fba ; jbe 0x426fba cmp eax, 0x201 jmp short loc_00426c78 ; jmp 0x426c78 loc_00426c99: xor ah, ah mov byte [ref_0048c2c0], ah ; mov byte [0x48c2c0], ah mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0xa0 push 0x8c mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0x3c push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0 push 3 push 0x101010 push 0xffffff push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor esi, esi mov ebx, 0xb0 mov edi, 0xd0 jmp short loc_00426d05 ; jmp 0x426d05 loc_00426cff: inc esi cmp esi, 0xf jge short loc_00426d57 ; jge 0x426d57 loc_00426d05: mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx add eax, esi mov dl, byte [eax + ref_00499120] ; mov dl, byte [eax + 0x499120] test dl, dl je short loc_00426cff ; je 0x426cff push 2 push edi push ebx mov al, dl and eax, 0xff mov edx, dword [eax*8 + (_card_table - 8)] ; mov edx, dword [eax*8 + 0x47fdea] push edx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 add ebx, 0x48 cmp ebx, 0x1d0 jle short loc_00426cff ; jle 0x426cff mov ebx, 0xb0 add edi, 0x20 jmp short loc_00426cff ; jmp 0x426cff loc_00426d57: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 1 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 0 push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_004261c4 ; jmp 0x4261c4 loc_00426d82: xor ebx, ebx mov bx, dx mov eax, edx shr eax, 0x10 and eax, 0xffff xor edi, edi mov di, ax cmp ebx, 0x8c jle near loc_00426e87 ; jle 0x426e87 cmp ebx, 0x1f4 jge near loc_00426e87 ; jge 0x426e87 cmp edi, 0xc0 jle near loc_00426e87 ; jle 0x426e87 cmp edi, 0x120 jge near loc_00426e87 ; jge 0x426e87 lea edx, [edi - 0xc0] mov eax, edx sar edx, 0x1f shl edx, 5 sbb eax, edx sar eax, 5 mov edi, eax lea edx, [ebx - 0x8c] mov ebx, 0x48 mov eax, edx sar edx, 0x1f idiv ebx mov ebx, eax mov edx, edi mov eax, edx shl eax, 2 add eax, edx lea esi, [eax + ebx] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx add esi, eax mov cl, byte [esi + ref_00499120] ; mov cl, byte [esi + 0x499120] test cl, cl je near loc_00426e65 ; je 0x426e65 mov eax, ebx shl eax, 3 add eax, ebx shl eax, 3 lea edx, [eax + 0x8d] mov dword [esp + 0xc0], edx add eax, 0xd3 mov dword [esp + 0xc8], eax shl edi, 5 lea eax, [edi + 0xc1] mov dword [esp + 0xc4], eax add edi, 0xdf mov dword [esp + 0xcc], edi mov byte [ref_0048c2c0], cl ; mov byte [0x48c2c0], cl loc_00426e65: cmp byte [ref_0048c2c0], 0 ; cmp byte [0x48c2c0], 0 je near loc_004261c4 ; je 0x4261c4 loc_00426e72: lea eax, [esp + 0xc0] push eax call fcn_00451b9e ; call 0x451b9e loc_00426e7f: add esp, 4 jmp near loc_004261c4 ; jmp 0x4261c4 loc_00426e87: cmp ebx, 0x1ac jle short loc_00426e65 ; jle 0x426e65 cmp ebx, 0x1f4 jge short loc_00426e65 ; jge 0x426e65 cmp edi, 0xa0 jle short loc_00426e65 ; jle 0x426e65 cmp edi, 0xc0 jge short loc_00426e65 ; jge 0x426e65 mov dword [esp + 0xc0], 0x1ad mov dword [esp + 0xc8], 0x1f3 mov dword [esp + 0xc4], 0xa1 mov dword [esp + 0xcc], 0xbf mov byte [ref_0048c2c0], 0x63 ; mov byte [0x48c2c0], 0x63 jmp short loc_00426e72 ; jmp 0x426e72 loc_00426edc: cmp byte [ref_0048c2c0], 0 ; cmp byte [0x48c2c0], 0 je near loc_004261c4 ; je 0x4261c4 call fcn_00451d4e ; call 0x451d4e mov dh, byte [ref_0048c2c0] ; mov dh, byte [0x48c2c0] cmp dh, 0x63 jne short loc_00426f0f ; jne 0x426f0f push 0 push 0 push 0x205 push ebp call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] jmp near loc_004261c4 ; jmp 0x4261c4 loc_00426f0f: xor eax, eax mov al, dh mov al, byte [eax*8 + (_card_table - 3)] ; mov al, byte [eax*8 + 0x47fdef] and eax, 0xff imul eax, eax, 0x64 mov ebx, dword [ref_004990e8] ; mov ebx, dword [0x4990e8] imul ebx, eax push ebx push ref_00463eb3 ; push 0x463eb3 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 lea eax, [esp + 4] push eax call fcn_00424502 ; call 0x424502 add esp, 8 mov eax, ebx shl eax, 2 add eax, ebx add eax, eax push eax call fcn_00453544 ; call 0x453544 mov ebx, eax add esp, 4 call fcn_00424620 ; call 0x424620 test ebx, ebx je short loc_00426f97 ; je 0x426f97 push 0 push ebx xor eax, eax mov al, byte [ref_0048c2c0] ; mov al, byte [0x48c2c0] push eax push 4 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_004246c5 ; call 0x4246c5 add esp, 0x14 push 0 push 0 push 0x205 push ebp call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] loc_00426f97: xor bl, bl mov byte [ref_0048c2c0], bl ; mov byte [0x48c2c0], bl jmp near loc_004261c4 ; jmp 0x4261c4 loc_00426fa4: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 call _Post_0402_Message ; call 0x401966 jmp near loc_00426e7f ; jmp 0x426e7f loc_00426fba: lea eax, [esp + 0x80] push eax push ebp call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 0x88] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ebx, [esp + 0x8c] push ebx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [esp + 0x98] push ebx mov esi, dword [esp + 0x98] push esi push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 0x88] push eax call fcn_00402250 ; call 0x402250 add esp, 4 lea eax, [esp + 0x80] push eax push ebp call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_004261c4 ; jmp 0x4261c4 loc_0042702b: push edx mov edi, dword [esp + 0xf0] push edi push eax push ebp jmp near loc_00426790 ; jmp 0x426790 endloc_0042703b: db 0x8d db 0x40 db 0x00 ref_0042703e: ; may contain a jump table dd loc_0042728e dd loc_00427469 dd loc_0042771a dd loc_00427816 fcn_0042704e: push ebx push esi push edi push ebp sub esp, 0xec mov esi, dword [esp + 0x100] mov eax, dword [esp + 0x104] mov edx, dword [esp + 0x10c] cmp eax, 0x202 jb short loc_004270a3 ; jb 0x4270a3 jbe near loc_00427ad9 ; jbe 0x427ad9 cmp eax, 0x205 jb short loc_00427093 ; jb 0x427093 jbe near loc_00427b7d ; jbe 0x427b7d cmp eax, 0x401 je short loc_004270b9 ; je 0x4270b9 jmp near loc_00427c0a ; jmp 0x427c0a loc_00427093: cmp eax, 0x203 loc_00427098: je near loc_00427a18 ; je 0x427a18 jmp near loc_00427c0a ; jmp 0x427c0a loc_004270a3: cmp eax, 0xf jb near loc_00427c0a ; jb 0x427c0a jbe near loc_00427b93 ; jbe 0x427b93 cmp eax, 0x201 jmp short loc_00427098 ; jmp 0x427098 loc_004270b9: xor ah, ah mov byte [ref_0048c2c1], ah ; mov byte [0x48c2c1], ah lea ebx, [edx - 0x64] mov ecx, 7 mov eax, ebx mov edx, ebx sar edx, 0x1f idiv ecx mov byte [ref_0048c2c2], al ; mov byte [0x48c2c2], al mov eax, ebx mov edx, ebx sar edx, 0x1f idiv ecx mov byte [ref_0048c2c3], dl ; mov byte [0x48c2c3], dl mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall xor ecx, ecx mov cl, byte [ref_0048c2c2] ; mov cl, byte [0x48c2c2] imul ecx, ecx, 0x54 xor edx, edx mov dl, byte [ref_0048c2c3] ; mov dl, byte [0x48c2c3] mov eax, edx shl eax, 2 sub eax, edx mov al, byte [ecx + eax*4 + ref_004967e0] ; mov al, byte [ecx + eax*4 + 0x4967e0] and eax, 0xff mov al, byte [eax + ref_004754ab] ; mov al, byte [eax + 0x4754ab] and eax, 0xff mov edx, dword [ref_0048c298] ; mov edx, dword [0x48c298] mov ecx, eax shl ecx, 2 sub ecx, eax shl ecx, 2 lea ebx, [edx + ecx] movsx eax, word [ebx + 0xc] movsx ebx, word [ebx + 0xe] mov edi, 0x280 sub edi, eax mov eax, edi sar eax, 1 mov word [ref_0048c2c4], ax ; mov word [0x48c2c4], ax mov eax, 0x1e0 sub eax, ebx sar eax, 1 mov word [ref_0048c2c6], ax ; mov word [0x48c2c6], ax cwde push eax movsx eax, word [ref_0048c2c4] ; movsx eax, word [0x48c2c4] push eax add edx, 0xc add edx, ecx push edx mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 xor edx, edx mov dl, byte [ref_0048c2c2] ; mov dl, byte [0x48c2c2] imul ebx, edx, 0x54 xor ecx, ecx mov cl, byte [ref_0048c2c3] ; mov cl, byte [0x48c2c3] mov eax, ecx shl eax, 2 sub eax, ecx xor ecx, ecx mov cl, byte [ebx + eax*4 + ref_004967e0] ; mov cl, byte [ebx + eax*4 + 0x4967e0] imul eax, edx, 0x68 mov al, byte [eax + (_players+20)] ; mov al, byte [eax + 0x496b7c] and eax, 0xff shl eax, 2 add eax, ecx add eax, 8 mov dword [esp + 0xe4], eax movsx eax, word [ref_0048c2c6] ; movsx eax, word [0x48c2c6] add eax, 6 push eax movsx eax, word [ref_0048c2c4] ; movsx eax, word [0x48c2c4] add eax, 0x70 push eax mov edx, dword [ref_0048c298] ; mov edx, dword [0x48c298] mov ebx, dword [esp + 0xec] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 add edx, 0xc add eax, edx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 movsx eax, word [ref_0048c2c6] ; movsx eax, word [0x48c2c6] add eax, 0x28 push eax movsx eax, word [ref_0048c2c4] ; movsx eax, word [0x48c2c4] add eax, 0x3a push eax xor eax, eax mov al, byte [ref_0048c2c2] ; mov al, byte [0x48c2c2] imul eax, eax, 0x68 mov ebx, dword [eax + (_players+0)] ; mov ebx, dword [eax + 0x496b68] push ebx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor eax, eax mov al, byte [ref_0048c2c2] ; mov al, byte [0x48c2c2] imul edx, eax, 0x54 xor ebx, ebx mov bl, byte [ref_0048c2c3] ; mov bl, byte [0x48c2c3] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 add eax, edx mov bl, byte [eax + ref_004967e0] ; mov bl, byte [eax + 0x4967e0] dec bl cmp bl, 3 ja near loc_0042796c ; ja 0x42796c xor edx, edx mov dl, bl jmp dword [edx*4 + ref_0042703e] ; ujmp: jmp dword [edx*4 + 0x42703e] loc_0042728e: push 2 movsx edx, word [ref_0048c2c6] ; movsx edx, word [0x48c2c6] add edx, 0x5c push edx movsx edx, word [ref_0048c2c4] ; movsx edx, word [0x48c2c4] add edx, 0x78 push edx xor edx, edx mov dx, word [eax + ref_004967e2] ; mov dx, word [eax + 0x4967e2] mov eax, edx shl eax, 3 add eax, edx mov edi, dword [eax*4 + (_stocks_on_map+0)] ; mov edi, dword [eax*4 + 0x496980] push edi push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor edx, edx mov dl, byte [ref_0048c2c2] ; mov dl, byte [0x48c2c2] imul edx, edx, 0x54 xor ecx, ecx mov cl, byte [ref_0048c2c3] ; mov cl, byte [0x48c2c3] mov eax, ecx shl eax, 2 sub eax, ecx mov ax, word [edx + eax*4 + ref_004967e8] ; mov ax, word [edx + eax*4 + 0x4967e8] and eax, 0xffff push eax push ref_00463edb ; push 0x463edb lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 6 movsx eax, word [ref_0048c2c6] ; movsx eax, word [0x48c2c6] add eax, 0x7c push eax movsx eax, word [ref_0048c2c4] ; movsx eax, word [0x48c2c4] add eax, 0xb2 push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor edx, edx mov dl, byte [ref_0048c2c2] ; mov dl, byte [0x48c2c2] imul edx, edx, 0x54 xor ebx, ebx mov bl, byte [ref_0048c2c3] ; mov bl, byte [0x48c2c3] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 lea ebx, [edx + eax] xor edx, edx mov dx, word [ebx + ref_004967e2] ; mov dx, word [ebx + 0x4967e2] mov eax, edx shl eax, 3 add edx, eax shl edx, 2 xor eax, eax mov ax, word [ebx + ref_004967e8] ; mov ax, word [ebx + 0x4967e8] mov dword [esp + 0xe8], eax fild dword [esp + 0xe8] fmul dword [edx + (_stocks_on_map+20)] ; fmul dword [edx + 0x496994] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0xe4] mov ebp, dword [esp + 0xe4] push ebp lea eax, [esp + 0xc4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 lea eax, [esp + 0xc0] push eax push ref_00463ee0 ; push 0x463ee0 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 6 movsx eax, word [ref_0048c2c6] ; movsx eax, word [0x48c2c6] add eax, 0x9c push eax movsx eax, word [ref_0048c2c4] ; movsx eax, word [0x48c2c4] add eax, 0xb2 push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor ecx, ecx mov cl, byte [ref_0048c2c2] ; mov cl, byte [0x48c2c2] imul ecx, ecx, 0x54 xor edx, edx mov dl, byte [ref_0048c2c3] ; mov dl, byte [0x48c2c3] mov eax, edx shl eax, 2 sub eax, edx mov edx, dword [ecx + eax*4 + ref_004967e4] ; mov edx, dword [ecx + eax*4 + 0x4967e4] push edx lea eax, [esp + 0xc4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 lea eax, [esp + 0xc0] push eax push ref_00463ee0 ; push 0x463ee0 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 6 movsx eax, word [ref_0048c2c6] ; movsx eax, word [0x48c2c6] add eax, 0xbc push eax movsx eax, word [ref_0048c2c4] ; movsx eax, word [0x48c2c4] add eax, 0xb2 push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov word [ref_0048c2c8], 0xec ; mov word [0x48c2c8], 0xec jmp near loc_0042796c ; jmp 0x42796c loc_00427469: mov cx, word [eax + ref_004967e2] ; mov cx, word [eax + 0x4967e2] cmp cx, 0xfa0 jae near loc_00427550 ; jae 0x427550 mov eax, ecx and eax, 0xffff sub eax, 0x7d0 imul eax, eax, 0x34 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] add ebx, eax push 2 movsx eax, word [ref_0048c2c6] ; movsx eax, word [0x48c2c6] add eax, 0x5c push eax movsx eax, word [ref_0048c2c4] ; movsx eax, word [0x48c2c4] add eax, 0x78 push eax push ref_00463ee5 ; push 0x463ee5 push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 movsx eax, word [ref_0048c2c6] ; movsx eax, word [0x48c2c6] add eax, 0x7c push eax movsx eax, word [ref_0048c2c4] ; movsx eax, word [0x48c2c4] add eax, 0x78 push eax lea eax, [ebx + 4] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 cmp byte [ebx + 0x18], 0 jne short loc_0042750e ; jne 0x42750e push 2 movsx eax, word [ref_0048c2c6] ; movsx eax, word [0x48c2c6] add eax, 0x9c push eax movsx eax, word [ref_0048c2c4] ; movsx eax, word [0x48c2c4] add eax, 0x78 push eax xor eax, eax mov al, byte [ebx + 0x1a] mov edx, dword [eax*4 + ref_00475138] ; mov edx, dword [eax*4 + 0x475138] push edx jmp short loc_0042752d ; jmp 0x42752d loc_0042750e: push 2 movsx eax, word [ref_0048c2c6] ; movsx eax, word [0x48c2c6] add eax, 0x9c push eax movsx eax, word [ref_0048c2c4] ; movsx eax, word [0x48c2c4] add eax, 0x78 push eax push ref_00463e30 ; push 0x463e30 loc_0042752d: push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor eax, eax mov ax, word [ebx + 0x1e] xor edx, edx mov dl, byte [ebx + 0x1a] imul eax, edx xor edx, edx mov dx, word [ebx + 0x1c] jmp near loc_0042762d ; jmp 0x42762d loc_00427550: mov eax, ecx and eax, 0xffff sub eax, 0xfa0 shl eax, 3 mov ebx, eax shl eax, 3 sub eax, ebx mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] add ebx, eax cmp byte [ebx + 0x1a], 0 jne short loc_00427593 ; jne 0x427593 push 2 movsx eax, word [ref_0048c2c6] ; movsx eax, word [0x48c2c6] add eax, 0x5c push eax movsx eax, word [ref_0048c2c4] ; movsx eax, word [0x48c2c4] add eax, 0x78 push eax push ref_00463eee ; push 0x463eee jmp short loc_004275b8 ; jmp 0x4275b8 loc_00427593: push 2 movsx eax, word [ref_0048c2c6] ; movsx eax, word [0x48c2c6] add eax, 0x5c push eax movsx eax, word [ref_0048c2c4] ; movsx eax, word [0x48c2c4] add eax, 0x78 push eax xor eax, eax mov al, byte [ebx + 0x18] mov ecx, dword [eax*4 + ref_00475150] ; mov ecx, dword [eax*4 + 0x475150] push ecx loc_004275b8: push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 movsx eax, word [ref_0048c2c6] ; movsx eax, word [0x48c2c6] add eax, 0x7c push eax movsx eax, word [ref_0048c2c4] ; movsx eax, word [0x48c2c4] add eax, 0x78 push eax lea eax, [ebx + 4] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 movsx eax, word [ref_0048c2c6] ; movsx eax, word [0x48c2c6] add eax, 0x9c push eax movsx eax, word [ref_0048c2c4] ; movsx eax, word [0x48c2c4] add eax, 0x78 push eax xor eax, eax mov al, byte [ebx + 0x1a] mov edi, dword [eax*4 + ref_00475164] ; mov edi, dword [eax*4 + 0x475164] push edi push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor edx, edx mov dx, word [ebx + 0x24] xor eax, eax mov al, byte [ebx + 0x1a] imul eax, edx xor edx, edx mov dx, word [ebx + 0x22] loc_0042762d: add eax, edx mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] imul edx, eax mov dword [esp + 0xe4], edx push edx lea eax, [esp + 0xc4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 lea eax, [esp + 0xc0] push eax push ref_00463ee0 ; push 0x463ee0 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 6 movsx eax, word [ref_0048c2c6] ; movsx eax, word [0x48c2c6] add eax, 0xbc push eax movsx eax, word [ref_0048c2c4] ; movsx eax, word [0x48c2c4] add eax, 0xb2 push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor ecx, ecx mov cl, byte [ref_0048c2c2] ; mov cl, byte [0x48c2c2] imul ecx, ecx, 0x54 xor edx, edx mov dl, byte [ref_0048c2c3] ; mov dl, byte [0x48c2c3] mov eax, edx shl eax, 2 sub eax, edx mov ebx, dword [ecx + eax*4 + ref_004967e4] ; mov ebx, dword [ecx + eax*4 + 0x4967e4] push ebx lea eax, [esp + 0xc4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 lea eax, [esp + 0xc0] push eax push ref_00463ee0 ; push 0x463ee0 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 6 movsx eax, word [ref_0048c2c6] ; movsx eax, word [0x48c2c6] add eax, 0xdc push eax movsx eax, word [ref_0048c2c4] ; movsx eax, word [0x48c2c4] add eax, 0xb2 push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov word [ref_0048c2c8], 0x109 ; mov word [0x48c2c8], 0x109 jmp near loc_0042796c ; jmp 0x42796c loc_0042771a: push 2 movsx edx, word [ref_0048c2c6] ; movsx edx, word [0x48c2c6] add edx, 0x5c push edx movsx edx, word [ref_0048c2c4] ; movsx edx, word [0x48c2c4] add edx, 0x78 push edx mov ax, word [eax + ref_004967e2] ; mov ax, word [eax + 0x4967e2] and eax, 0xffff mov ebx, dword [eax*8 + (ref_0047fee2 - 8)] ; mov ebx, dword [eax*8 + 0x47feda] push ebx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor ecx, ecx mov cl, byte [ref_0048c2c2] ; mov cl, byte [0x48c2c2] imul ecx, ecx, 0x54 xor edx, edx mov dl, byte [ref_0048c2c3] ; mov dl, byte [0x48c2c3] mov eax, edx shl eax, 2 sub eax, edx xor edx, edx mov dx, word [ecx + eax*4 + ref_004967e2] ; mov dx, word [ecx + eax*4 + 0x4967e2] xor eax, eax mov al, byte [edx*8 + (ref_0047fee2 - 3)] ; mov al, byte [edx*8 + 0x47fedf] mov dword [esp + 0xe4], eax imul eax, dword [ref_004990e8], 0x64 ; imul eax, dword [0x4990e8], 0x64 mov edx, dword [esp + 0xe4] imul edx, eax mov dword [esp + 0xe4], edx push edx lea eax, [esp + 0xc4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 lea eax, [esp + 0xc0] push eax push ref_00463ee0 ; push 0x463ee0 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 6 movsx eax, word [ref_0048c2c6] ; movsx eax, word [0x48c2c6] add eax, 0x7a push eax movsx eax, word [ref_0048c2c4] ; movsx eax, word [0x48c2c4] add eax, 0xb2 push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor eax, eax mov al, byte [ref_0048c2c2] ; mov al, byte [0x48c2c2] imul ecx, eax, 0x54 xor edx, edx mov dl, byte [ref_0048c2c3] ; mov dl, byte [0x48c2c3] mov eax, edx shl eax, 2 sub eax, edx mov edx, dword [ecx + eax*4 + ref_004967e4] ; mov edx, dword [ecx + eax*4 + 0x4967e4] push edx jmp near loc_0042790e ; jmp 0x42790e loc_00427816: push 2 movsx edx, word [ref_0048c2c6] ; movsx edx, word [0x48c2c6] add edx, 0x5c push edx movsx edx, word [ref_0048c2c4] ; movsx edx, word [0x48c2c4] add edx, 0x78 push edx mov ax, word [eax + ref_004967e2] ; mov ax, word [eax + 0x4967e2] and eax, 0xffff mov edi, dword [eax*8 + (_card_table - 8)] ; mov edi, dword [eax*8 + 0x47fdea] push edi push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor ecx, ecx mov cl, byte [ref_0048c2c2] ; mov cl, byte [0x48c2c2] imul ecx, ecx, 0x54 xor edx, edx mov dl, byte [ref_0048c2c3] ; mov dl, byte [0x48c2c3] mov eax, edx shl eax, 2 sub eax, edx xor edx, edx mov dx, word [ecx + eax*4 + ref_004967e2] ; mov dx, word [ecx + eax*4 + 0x4967e2] xor eax, eax mov al, byte [edx*8 + (_card_table - 3)] ; mov al, byte [edx*8 + 0x47fdef] mov dword [esp + 0xe4], eax imul eax, dword [ref_004990e8], 0x64 ; imul eax, dword [0x4990e8], 0x64 mov edx, dword [esp + 0xe4] imul edx, eax mov dword [esp + 0xe4], edx push edx lea eax, [esp + 0xc4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 lea eax, [esp + 0xc0] push eax push ref_00463ee0 ; push 0x463ee0 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 6 movsx eax, word [ref_0048c2c6] ; movsx eax, word [0x48c2c6] add eax, 0x7a push eax movsx eax, word [ref_0048c2c4] ; movsx eax, word [0x48c2c4] add eax, 0xb2 push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor edx, edx mov dl, byte [ref_0048c2c2] ; mov dl, byte [0x48c2c2] imul edx, edx, 0x54 xor ebx, ebx mov bl, byte [ref_0048c2c3] ; mov bl, byte [0x48c2c3] mov eax, ebx shl eax, 2 sub eax, ebx mov ecx, dword [edx + eax*4 + ref_004967e4] ; mov ecx, dword [edx + eax*4 + 0x4967e4] push ecx loc_0042790e: lea eax, [esp + 0xc4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 lea eax, [esp + 0xc0] push eax push ref_00463ee0 ; push 0x463ee0 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 6 movsx eax, word [ref_0048c2c6] ; movsx eax, word [0x48c2c6] add eax, 0x98 push eax movsx eax, word [ref_0048c2c4] ; movsx eax, word [0x48c2c4] add eax, 0xb2 push eax lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov word [ref_0048c2c8], 0xcb ; mov word [0x48c2c8], 0xcb loc_0042796c: push 1 push 3 push 0x800000 push 0xffffff push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor eax, eax mov al, byte [ref_0048c2c2] ; mov al, byte [0x48c2c2] cmp eax, dword [_current_player] ; cmp eax, dword [0x49910c] jne short loc_004279b8 ; jne 0x4279b8 push 2 movsx edx, word [ref_0048c2c6] ; movsx edx, word [0x48c2c6] movsx eax, word [ref_0048c2c8] ; movsx eax, word [0x48c2c8] add eax, edx push eax movsx eax, word [ref_0048c2c4] ; movsx eax, word [0x48c2c4] add eax, 0x34 push eax push ref_00463ef7 ; push 0x463ef7 jmp short loc_004279db ; jmp 0x4279db loc_004279b8: push 2 movsx edx, word [ref_0048c2c6] ; movsx edx, word [0x48c2c6] movsx eax, word [ref_0048c2c8] ; movsx eax, word [0x48c2c8] add eax, edx push eax movsx eax, word [ref_0048c2c4] ; movsx eax, word [0x48c2c4] add eax, 0x34 push eax push ref_00463efd ; push 0x463efd loc_004279db: push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 1 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 0 push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_00427a0b: xor eax, eax loc_00427a0d: add esp, 0xec jmp near loc_0042679d ; jmp 0x42679d loc_00427a18: xor eax, eax mov ax, dx shr edx, 0x10 and edx, 0xffff xor ebx, ebx mov bx, dx movsx ecx, word [ref_0048c2c8] ; movsx ecx, word [0x48c2c8] movsx edx, word [ref_0048c2c6] ; movsx edx, word [0x48c2c6] lea esi, [ecx - 0xc] add esi, edx cmp ebx, esi jle short loc_00427a0b ; jle 0x427a0b add ecx, 0xc add edx, ecx cmp ebx, edx jge short loc_00427a0b ; jge 0x427a0b mov dword [esp + 0xd8], esi add esi, 0x18 mov dword [esp + 0xe0], esi movsx edx, word [ref_0048c2c4] ; movsx edx, word [0x48c2c4] lea ebx, [edx + 0x10] cmp eax, ebx jle short loc_00427a88 ; jle 0x427a88 add edx, 0x58 cmp eax, edx jge short loc_00427a88 ; jge 0x427a88 mov dword [esp + 0xd4], ebx mov dword [esp + 0xdc], edx mov byte [ref_0048c2c1], 1 ; mov byte [0x48c2c1], 1 jmp short loc_00427ac4 ; jmp 0x427ac4 loc_00427a88: movsx edx, word [ref_0048c2c4] ; movsx edx, word [0x48c2c4] lea ecx, [edx + 0x68] cmp eax, ecx jle short loc_00427ab7 ; jle 0x427ab7 add edx, 0xb0 cmp eax, edx jge short loc_00427ab7 ; jge 0x427ab7 mov dword [esp + 0xd4], ecx mov dword [esp + 0xdc], edx mov byte [ref_0048c2c1], 2 ; mov byte [0x48c2c1], 2 jmp short loc_00427ac4 ; jmp 0x427ac4 loc_00427ab7: cmp byte [ref_0048c2c1], 0 ; cmp byte [0x48c2c1], 0 je near loc_00427a0b ; je 0x427a0b loc_00427ac4: lea eax, [esp + 0xd4] push eax call fcn_00451b9e ; call 0x451b9e loc_00427ad1: add esp, 4 jmp near loc_00427a0b ; jmp 0x427a0b loc_00427ad9: cmp byte [ref_0048c2c1], 0 ; cmp byte [0x48c2c1], 0 je near loc_00427a0b ; je 0x427a0b call fcn_00451d4e ; call 0x451d4e cmp byte [ref_0048c2c1], 1 ; cmp byte [0x48c2c1], 1 jne short loc_00427b5f ; jne 0x427b5f xor eax, eax mov al, byte [ref_0048c2c2] ; mov al, byte [0x48c2c2] mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] cmp eax, ebx jne short loc_00427b19 ; jne 0x427b19 xor edx, edx mov dl, byte [ref_0048c2c3] ; mov dl, byte [0x48c2c3] push edx push ebx loc_00427b0f: call fcn_004247d5 ; call 0x4247d5 add esp, 8 jmp short loc_00427b5f ; jmp 0x427b5f loc_00427b19: push 0xf0 push 0x140 call fcn_00453a32 ; call 0x453a32 add esp, 8 cmp eax, 1 jne short loc_00427b70 ; jne 0x427b70 xor eax, eax mov al, byte [ref_0048c2c3] ; mov al, byte [0x48c2c3] push eax xor eax, eax mov al, byte [ref_0048c2c2] ; mov al, byte [0x48c2c2] push eax call fcn_004255da ; call 0x4255da add esp, 8 cmp eax, 1 jne short loc_00427b70 ; jne 0x427b70 xor eax, eax mov al, byte [ref_0048c2c3] ; mov al, byte [0x48c2c3] push eax xor eax, eax mov al, byte [ref_0048c2c2] ; mov al, byte [0x48c2c2] push eax jmp short loc_00427b0f ; jmp 0x427b0f loc_00427b5f: push 0 push 0 push 0x205 push esi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] loc_00427b70: xor cl, cl mov byte [ref_0048c2c1], cl ; mov byte [0x48c2c1], cl jmp near loc_00427a0b ; jmp 0x427a0b loc_00427b7d: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 call _Post_0402_Message ; call 0x401966 jmp near loc_00427ad1 ; jmp 0x427ad1 loc_00427b93: lea eax, [esp + 0x80] push eax push esi call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 0x88] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov eax, dword [eax] push 0x10 lea edx, [esp + 0x8c] push edx mov edi, dword [ref_0048a0e0] ; mov edi, dword [0x48a0e0] push edi mov ebp, dword [esp + 0x98] push ebp mov edx, dword [esp + 0x98] push edx mov ecx, dword [ref_0048a0dc] ; mov ecx, dword [0x48a0dc] push ecx call dword [eax + 0x1c] ; ucall lea eax, [esp + 0x88] push eax call fcn_00402250 ; call 0x402250 add esp, 4 lea eax, [esp + 0x80] push eax push esi call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_00427a0b ; jmp 0x427a0b loc_00427c0a: push edx mov ebx, dword [esp + 0x10c] push ebx push eax push esi call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_00427a0d ; jmp 0x427a0d fcn_00427c21: push ebx push esi push edi push ebp sub esp, 0x58 mov edi, dword [esp + 0x6c] mov eax, dword [esp + 0x70] mov ebx, dword [esp + 0x78] cmp eax, 0x205 jb short loc_00427c8c ; jb 0x427c8c jbe near loc_00428378 ; jbe 0x428378 cmp eax, 0x410 jb short loc_00427c6f ; jb 0x427c6f jbe near loc_004283b8 ; jbe 0x4283b8 cmp eax, 0x412 jb near loc_004283cb ; jb 0x4283cb jbe near loc_004283de ; jbe 0x4283de cmp eax, 0x413 je near loc_004283f1 ; je 0x4283f1 jmp near loc_00428461 ; jmp 0x428461 loc_00427c6f: cmp eax, 0x401 jb near loc_00428461 ; jb 0x428461 jbe short loc_00427ccf ; jbe 0x427ccf cmp eax, 0x40f je near loc_0042838b ; je 0x42838b jmp near loc_00428461 ; jmp 0x428461 loc_00427c8c: cmp eax, 0x201 jb short loc_00427cb4 ; jb 0x427cb4 jbe near loc_00427ea1 ; jbe 0x427ea1 cmp eax, 0x202 jbe near loc_004281af ; jbe 0x4281af cmp eax, 0x203 je near loc_00427ea1 ; je 0x427ea1 jmp near loc_00428461 ; jmp 0x428461 loc_00427cb4: cmp eax, 0xf jb near loc_00428461 ; jb 0x428461 jbe near loc_00428403 ; jbe 0x428403 cmp eax, 0x200 je short loc_00427cfd ; je 0x427cfd jmp near loc_00428461 ; jmp 0x428461 loc_00427ccf: xor ah, ah mov byte [ref_0048c2ca], ah ; mov byte [0x48c2ca], ah mov byte [ref_0048c2cb], ah ; mov byte [0x48c2cb], ah call fcn_004249c2 ; call 0x4249c2 push 1 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 0 push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_00427e97 ; jmp 0x427e97 loc_00427cfd: cmp byte [ref_0048c2ca], 1 ; cmp byte [0x48c2ca], 1 jne near loc_00427e97 ; jne 0x427e97 xor esi, esi mov si, bx shr ebx, 0x10 and ebx, 0xffff and ebx, 0xffff mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 push 1 mov edx, ref_0048a068 ; mov edx, 0x48a068 push edx push 0 mov ebp, dword [ref_0048a0e0] ; mov ebp, dword [0x48a0e0] push ebp call dword [eax + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax mov dword [esp + 0x40], 0x1d0 mov dword [esp + 0x48], 0x260 mov dword [esp + 0x44], 0x74 mov dword [esp + 0x4c], 0xd4 cmp esi, 0x1d9 jle near loc_00427e48 ; jle 0x427e48 cmp esi, 0x256 jge near loc_00427e48 ; jge 0x427e48 cmp ebx, 0x7d jle near loc_00427e48 ; jle 0x427e48 cmp ebx, 0xca jge near loc_00427e48 ; jge 0x427e48 lea edx, [esi - 0x1d9] mov esi, 0x3f mov eax, edx sar edx, 0x1f idiv esi lea esi, [eax + eax] lea edx, [ebx - 0x7d] mov ecx, 0x27 mov eax, edx sar edx, 0x1f idiv ecx add esi, eax mov dword [esp + 0x54], esi xor edx, edx mov dl, byte [ref_0048c2cb] ; mov dl, byte [0x48c2cb] lea eax, [esi + 1] cmp edx, eax je near loc_00427e87 ; je 0x427e87 test dl, dl je short loc_00427df4 ; je 0x427df4 push 0x74 push 0x1d0 mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0xd8 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 loc_00427df4: mov eax, dword [esp + 0x54] mov edx, eax sar edx, 0x1f sub eax, edx sar eax, 1 mov ebx, eax shl eax, 3 add eax, ebx mov ebx, eax shl eax, 3 sub eax, ebx lea esi, [eax + 0x1d9] mov edx, dword [esp + 0x54] and edx, 1 mov eax, edx shl eax, 2 add eax, edx shl eax, 3 sub eax, edx lea ebx, [eax + 0x7d] push 0xfffffffffffffff4 push 0x26 push 0x3e push ebx push esi push ref_0046caec ; push 0x46caec call fcn_004552e7 ; call 0x4552e7 add esp, 0x18 mov al, byte [esp + 0x54] inc al jmp short loc_00427e73 ; jmp 0x427e73 loc_00427e48: cmp byte [ref_0048c2cb], 0 ; cmp byte [0x48c2cb], 0 je short loc_00427e87 ; je 0x427e87 push 0x74 push 0x1d0 mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0xd8 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 xor al, al loc_00427e73: mov byte [ref_0048c2cb], al ; mov byte [0x48c2cb], al push 0 lea eax, [esp + 0x44] push eax push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_00427e87: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall loc_00427e97: xor eax, eax loc_00427e99: add esp, 0x58 jmp near loc_0042679d ; jmp 0x42679d loc_00427ea1: xor esi, esi mov si, bx mov eax, ebx shr eax, 0x10 and eax, 0xffff xor ebx, ebx mov bx, ax cmp esi, 0x1d0 jle near loc_00427fc8 ; jle 0x427fc8 cmp esi, 0x218 jge near loc_00427fc8 ; jge 0x427fc8 cmp ebx, 0x4a jle near loc_00427fc8 ; jle 0x427fc8 cmp ebx, 0x72 jge near loc_00427fc8 ; jge 0x427fc8 imul eax, dword [_current_player], 0x54 ; imul eax, dword [0x49910c], 0x54 cmp byte [eax + ref_00496828], 0 ; cmp byte [eax + 0x496828], 0 je short loc_00427f12 ; je 0x427f12 push 1 push ref_00463f03 ; push 0x463f03 call fcn_00424502 ; call 0x424502 add esp, 8 push 0x5dc call fcn_004528b9 ; call 0x4528b9 add esp, 4 call fcn_00424620 ; call 0x424620 jmp short loc_00427e97 ; jmp 0x427e97 loc_00427f12: mov dword [ref_0048c2cc], 0x1d0 ; mov dword [0x48c2cc], 0x1d0 mov dword [ref_0048c2d0], 0x4a ; mov dword [0x48c2d0], 0x4a mov dword [ref_0048c2d4], 0x260 ; mov dword [0x48c2d4], 0x260 mov dword [ref_0048c2d8], 0xd4 ; mov dword [0x48c2d8], 0xd4 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax push 0xfffffffffffffff4 push 0x28 push 0x48 mov eax, dword [ref_0048c2d0] ; mov eax, dword [0x48c2d0] push eax mov edx, dword [ref_0048c2cc] ; mov edx, dword [0x48c2cc] push edx push ref_0046caec ; push 0x46caec call fcn_004552e7 ; call 0x4552e7 add esp, 0x18 push 0x74 mov ecx, dword [ref_0048c2cc] ; mov ecx, dword [0x48c2cc] push ecx mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0xd8 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push ref_0048c2cc ; push 0x48c2cc push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov byte [ref_0048c2ca], 1 ; mov byte [0x48c2ca], 1 jmp near loc_00427e97 ; jmp 0x427e97 loc_00427fc8: cmp esi, 0x218 jle near loc_00428085 ; jle 0x428085 cmp esi, 0x260 jge near loc_00428085 ; jge 0x428085 cmp ebx, 0x4a jle near loc_00428085 ; jle 0x428085 cmp ebx, 0x72 jge near loc_00428085 ; jge 0x428085 mov dword [ref_0048c2cc], 0x218 ; mov dword [0x48c2cc], 0x218 mov dword [ref_0048c2d0], 0x4a ; mov dword [0x48c2d0], 0x4a mov dword [ref_0048c2d4], 0x260 ; mov dword [0x48c2d4], 0x260 mov dword [ref_0048c2d8], 0x72 ; mov dword [0x48c2d8], 0x72 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax push 0xfffffffffffffff4 push 0x28 push 0x48 mov ebp, dword [ref_0048c2d0] ; mov ebp, dword [0x48c2d0] push ebp mov eax, dword [ref_0048c2cc] ; mov eax, dword [0x48c2cc] push eax push ref_0046caec ; push 0x46caec call fcn_004552e7 ; call 0x4552e7 add esp, 0x18 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push ref_0048c2cc ; push 0x48c2cc push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov byte [ref_0048c2ca], 2 ; mov byte [0x48c2ca], 2 jmp near loc_00427e97 ; jmp 0x427e97 loc_00428085: cmp esi, 0x68 jle near loc_00427e97 ; jle 0x427e97 cmp esi, 0x260 jge near loc_00427e97 ; jge 0x427e97 cmp ebx, 0x72 jle near loc_00427e97 ; jle 0x427e97 mov edx, dword [_nplayers] ; mov edx, dword [0x499114] mov eax, edx shl eax, 3 add eax, edx shl eax, 3 add eax, 0x72 cmp ebx, eax jge near loc_00427e97 ; jge 0x427e97 lea edx, [esi - 0x68] mov esi, 0x48 mov eax, edx sar edx, 0x1f idiv esi mov dword [esp + 0x54], eax lea edx, [ebx - 0x72] mov eax, edx sar edx, 0x1f idiv esi mov dword [esp + 0x50], eax imul ebx, eax, 0x54 mov edx, dword [esp + 0x54] mov eax, edx shl eax, 2 sub eax, edx cmp byte [ebx + eax*4 + ref_004967e0], 0 ; cmp byte [ebx + eax*4 + 0x4967e0], 0 je near loc_00427e97 ; je 0x427e97 mov eax, edx shl eax, 3 add edx, eax shl edx, 3 lea eax, [edx + 0x68] mov dword [ref_0048c2cc], eax ; mov dword [0x48c2cc], eax mov ebx, dword [esp + 0x50] mov eax, ebx shl eax, 3 add eax, ebx shl eax, 3 lea ecx, [eax + 0x72] mov dword [ref_0048c2d0], ecx ; mov dword [0x48c2d0], ecx add edx, 0xb0 mov dword [ref_0048c2d4], edx ; mov dword [0x48c2d4], edx add eax, 0xba mov dword [ref_0048c2d8], eax ; mov dword [0x48c2d8], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax push 0xfffffffffffffff4 push esi push esi mov ebp, dword [ref_0048c2d0] ; mov ebp, dword [0x48c2d0] push ebp mov eax, dword [ref_0048c2cc] ; mov eax, dword [0x48c2cc] push eax push ref_0046caec ; push 0x46caec call fcn_004552e7 ; call 0x4552e7 add esp, 0x18 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push ref_0048c2cc ; push 0x48c2cc push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov al, byte [esp + 0x50] mov ah, 7 mul ah add al, byte [esp + 0x54] add al, 0x64 mov byte [ref_0048c2ca], al ; mov byte [0x48c2ca], al jmp near loc_00427e97 ; jmp 0x427e97 loc_004281af: mov dh, byte [ref_0048c2ca] ; mov dh, byte [0x48c2ca] test dh, dh je near loc_00427e97 ; je 0x427e97 mov al, dh cmp dh, 1 jb near loc_00428296 ; jb 0x428296 jbe short loc_004281d4 ; jbe 0x4281d4 cmp dh, 2 je short loc_0042820a ; je 0x42820a jmp near loc_00428296 ; jmp 0x428296 loc_004281d4: call fcn_004249c2 ; call 0x4249c2 mov bl, byte [ref_0048c2cb] ; mov bl, byte [0x48c2cb] test bl, bl je near loc_0042836b ; je 0x42836b push 0 push 0 xor eax, eax mov al, bl add eax, 0x40e push eax push edi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] xor bh, bh mov byte [ref_0048c2cb], bh ; mov byte [0x48c2cb], bh jmp near loc_0042836b ; jmp 0x42836b loc_0042820a: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048c2d8] ; mov eax, dword [0x48c2d8] mov edx, dword [ref_0048c2d0] ; mov edx, dword [0x48c2d0] sub eax, edx push eax mov eax, dword [ref_0048c2d4] ; mov eax, dword [0x48c2d4] mov ecx, dword [ref_0048c2cc] ; mov ecx, dword [0x48c2cc] sub eax, ecx push eax lea eax, [edx - 0x42] push eax lea eax, [ecx - 0x16] push eax push edx push ecx mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0xc push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push ref_0048c2cc ; push 0x48c2cc push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 call _Post_0402_Message ; call 0x401966 add esp, 4 jmp near loc_0042836b ; jmp 0x42836b loc_00428296: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall xor ebx, ebx mov bl, byte [ref_0048c2ca] ; mov bl, byte [0x48c2ca] sub ebx, 0x64 mov esi, 7 mov eax, ebx mov edx, ebx sar edx, 0x1f idiv esi mov esi, eax imul ebp, eax, 0x54 mov ecx, 7 mov eax, ebx mov edx, ebx sar edx, 0x1f idiv ecx mov eax, edx shl eax, 2 sub eax, edx xor edx, edx mov dl, byte [ebp + eax*4 + ref_004967e0] ; mov dl, byte [ebp + eax*4 + 0x4967e0] imul esi, esi, 0x68 xor eax, eax mov al, byte [esi + (_players+20)] ; mov al, byte [esi + 0x496b7c] shl eax, 2 add eax, edx add eax, 8 mov dword [esp + 0x50], eax mov eax, dword [ref_0048c2d0] ; mov eax, dword [0x48c2d0] push eax mov edx, dword [ref_0048c2cc] ; mov edx, dword [0x48c2cc] push edx mov ecx, dword [ref_0048c298] ; mov ecx, dword [0x48c298] mov edx, dword [esp + 0x58] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 add ecx, 0xc add eax, ecx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push ref_0048c2cc ; push 0x48c2cc push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] xor eax, eax mov al, byte [ref_0048c2ca] ; mov al, byte [0x48c2ca] push eax push 0 push 0x413 push edi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] loc_0042836b: xor cl, cl mov byte [ref_0048c2ca], cl ; mov byte [0x48c2ca], cl jmp near loc_00427e97 ; jmp 0x427e97 loc_00428378: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 call _Post_0402_Message ; call 0x401966 jmp short loc_004283b0 ; jmp 0x4283b0 loc_0042838b: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push fcn_004258c1 ; push 0x4258c1 loc_0042839c: call _Wait_0402_Message ; call 0x4018e7 add esp, 8 call fcn_004249c2 ; call 0x4249c2 push 1 call fcn_00402460 ; call 0x402460 loc_004283b0: add esp, 4 jmp near loc_00427e97 ; jmp 0x427e97 loc_004283b8: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push fcn_0042608f ; push 0x42608f jmp short loc_0042839c ; jmp 0x42839c loc_004283cb: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push fcn_004267a4 ; push 0x4267a4 jmp short loc_0042839c ; jmp 0x42839c loc_004283de: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push fcn_00426c2e ; push 0x426c2e jmp short loc_0042839c ; jmp 0x42839c loc_004283f1: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push ebx push fcn_0042704e ; push 0x42704e jmp short loc_0042839c ; jmp 0x42839c loc_00428403: mov eax, esp push eax push edi call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov eax, dword [eax] push 0x10 lea edx, [esp + 0xc] push edx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [esp + 0x18] push ebx mov esi, dword [esp + 0x18] push esi mov ebp, dword [ref_0048a0dc] ; mov ebp, dword [0x48a0dc] push ebp call dword [eax + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push edi call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_00427e97 ; jmp 0x427e97 loc_00428461: push ebx mov edx, dword [esp + 0x78] push edx push eax push edi call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_00427e99 ; jmp 0x427e99 fcn_00428475: push ebx push esi xor esi, esi loc_00428479: cmp esi, dword [_nplayers] ; cmp esi, dword [0x499114] jge near loc_004258be ; jge 0x4258be imul eax, esi, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_004284bb ; je 0x4284bb xor edx, edx jmp short loc_0042849b ; jmp 0x42849b loc_00428495: inc edx cmp edx, 7 jge short loc_004284bb ; jge 0x4284bb loc_0042849b: imul ebx, esi, 0x54 mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 add eax, ebx cmp byte [eax + ref_004967e0], 0 ; cmp byte [eax + 0x4967e0], 0 je short loc_00428495 ; je 0x428495 inc byte [eax + ref_004967e1] ; inc byte [eax + 0x4967e1] jmp short loc_00428495 ; jmp 0x428495 loc_004284bb: inc esi jmp short loc_00428479 ; jmp 0x428479 sales_ui: push ebx push esi push edi push ebp sub esp, 0x18 call fcn_0042483e ; call 0x42483e imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne near loc_0042886e ; jne 0x42886e push 0 push 0 push 0x49 mov ebp, dword [ref_0048a05c] ; mov ebp, dword [0x48a05c] push ebp call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c298], eax ; mov dword [0x48c298], eax push 0 push 0 push 0x4a mov eax, dword [ref_0048a05c] ; mov eax, dword [0x48a05c] push eax call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c2a8], eax ; mov dword [0x48c2a8], eax push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0x10 push 0x30 push ref_00463f1a ; push 0x463f1a mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x10 push 0x90 push ref_00463f23 ; push 0x463f23 mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x10 push 0xfa push ref_00463f2c ; push 0x463f2c mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x5c push 0x1f push ref_00463f35 ; push 0x463f35 mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0x54 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x7a push 0x1f push ref_00463f3c ; push 0x463f3c mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0x54 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x98 push 0x1f push ref_00463f43 ; push 0x463f43 mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0x54 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x5c push 0x1f push ref_00463f35 ; push 0x463f35 mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0x60 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x7c push 0x1f push ref_00463f4a ; push 0x463f4a mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0x60 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x9c push 0x1f push ref_00463f3c ; push 0x463f3c mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0x60 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0xbc push 0x1f push ref_00463f43 ; push 0x463f43 mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0x60 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x5c push 0x1f push ref_00463f35 ; push 0x463f35 mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0x6c push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x7c push 0x1f push ref_00463f51 ; push 0x463f51 mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0x6c push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x9c push 0x1f push ref_00463f58 ; push 0x463f58 mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0x6c push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0xbc push 0x1f push ref_00463f3c ; push 0x463f3c mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0x6c push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0xdc push 0x1f push ref_00463f43 ; push 0x463f43 mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0x6c push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 1 push 3 push 0x800000 push 0xffffff push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0xcb push 0x8c push ref_00463f5f ; push 0x463f5f mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0x54 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0xec push 0x8c push ref_00463f5f ; push 0x463f5f mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0x60 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x109 push 0x8c push ref_00463f5f ; push 0x463f5f mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0x6c push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 1 push 2 push 0 push 0x101010 push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor ebx, ebx mov esi, 0x28 loc_0042877f: push 2 push 0x10 push esi mov edx, dword [ebx*4 + ref_004753d4] ; mov edx, dword [ebx*4 + 0x4753d4] push edx mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0x24 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx add esi, 0x50 cmp ebx, 5 jl short loc_0042877f ; jl 0x42877f push 1 push 2 push 0 push 0xffffff push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor ebx, ebx loc_004287bd: push 2 push 0x30 movsx eax, word [ebx*2 + ref_004754b0] ; movsx eax, word [ebx*2 + 0x4754b0] sub eax, 0x70 push eax mov ecx, dword [ebx*4 + ref_004753e8] ; mov ecx, dword [ebx*4 + 0x4753e8] push ecx mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0x24 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx cmp ebx, 5 jl short loc_004287bd ; jl 0x4287bd xor ebx, ebx mov edi, 0x30 loc_004287f3: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_00428825 ; jge 0x428825 lea eax, [edi + 0x24] push eax push 0x2c imul eax, ebx, 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0xc push eax mov eax, dword [ref_0048c298] ; mov eax, dword [0x48c298] add eax, 0xc push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 inc ebx add edi, 0x48 jmp short loc_004287f3 ; jmp 0x4287f3 loc_00428825: push 0 push fcn_00427c21 ; push 0x427c21 call _Wait_0402_Message ; call 0x4018e7 add esp, 8 push 1 call fcn_0041906a ; call 0x41906a add esp, 4 mov edi, dword [ref_0048c298] ; mov edi, dword [0x48c298] push edi call clib_free ; call 0x456e11 add esp, 4 mov ebp, dword [ref_0048c2a8] ; mov ebp, dword [0x48c2a8] push ebp call clib_free ; call 0x456e11 add esp, 4 loc_0042885c: push 0 call fcn_00436b0a ; call 0x436b0a add esp, 4 add esp, 0x18 pop ebp pop edi pop esi pop ebx ret loc_0042886e: call clib_rand ; call 0x456f2d mov edx, eax mov ebx, 0xf sar edx, 0x1f idiv ebx test edx, edx jne near loc_00428a37 ; jne 0x428a37 xor ebp, ebp mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_00441262 ; call 0x441262 add esp, 4 mov ebx, eax cmp eax, 0xc jle near loc_00428958 ; jle 0x428958 xor esi, esi mov dword [esp + 0x10], esi loc_004288a9: cmp esi, ebx jge short loc_004288f4 ; jge 0x4288f4 xor edi, edi loc_004288af: cmp edi, ebx jge short loc_004288f1 ; jge 0x4288f1 cmp edi, esi je short loc_004288ee ; je 0x4288ee mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx lea edx, [eax + esi] add eax, edi mov dl, byte [edx + ref_00499120] ; mov dl, byte [edx + 0x499120] mov cl, byte [eax + ref_00499120] ; mov cl, byte [eax + 0x499120] cmp dl, cl jne short loc_004288ee ; jne 0x4288ee mov eax, dword [esp + 0x10] mov byte [esp + eax], cl lea edx, [eax + 1] mov dword [esp + 0x10], edx loc_004288ee: inc edi jmp short loc_004288af ; jmp 0x4288af loc_004288f1: inc esi jmp short loc_004288a9 ; jmp 0x4288a9 loc_004288f4: cmp dword [esp + 0x10], 0 je short loc_00428958 ; je 0x428958 call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv dword [esp + 0x10] xor eax, eax mov al, byte [esp + edx] mov dword [esp + 0x10], eax mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] imul eax, ebx, 0x54 cmp byte [eax + ref_00496828], 0 ; cmp byte [eax + 0x496828], 0 je short loc_0042892f ; je 0x42892f push 0 push ebx call fcn_004247d5 ; call 0x4247d5 add esp, 8 loc_0042892f: push 0 mov eax, dword [esp + 0x14] mov al, byte [eax*8 + (_card_table - 3)] ; mov al, byte [eax*8 + 0x47fdef] and eax, 0xff imul eax, eax, 0x64 imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] push eax mov ebp, dword [esp + 0x18] push ebp push 4 jmp near loc_00428a29 ; jmp 0x428a29 loc_00428958: test ebp, ebp jne near loc_00428a37 ; jne 0x428a37 xor ebx, ebx mov dword [esp + 0x10], ebp mov esi, dword [_current_player] ; mov esi, dword [0x49910c] jmp short loc_00428974 ; jmp 0x428974 loc_0042896e: inc ebx cmp ebx, 0xd jge short loc_004289cb ; jge 0x4289cb loc_00428974: mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx add eax, ebx mov ch, byte [eax + ref_0049915c] ; mov ch, byte [eax + 0x49915c] cmp ch, 3 jae short loc_004289b7 ; jae 0x4289b7 test ch, ch je short loc_0042896e ; je 0x42896e xor edx, edx mov dl, byte [ebx*8 + ref_0047fee9] ; mov dl, byte [ebx*8 + 0x47fee9] imul eax, esi, 0x68 mov al, byte [eax + (_players+23)] ; mov al, byte [eax + 0x496b7f] and eax, 0xff sub edx, eax cmp edx, 2 jne short loc_0042896e ; jne 0x42896e loc_004289b7: mov dl, bl inc dl mov eax, dword [esp + 0x10] mov byte [esp + eax], dl lea edi, [eax + 1] mov dword [esp + 0x10], edi jmp short loc_0042896e ; jmp 0x42896e loc_004289cb: mov ebp, dword [esp + 0x10] test ebp, ebp je short loc_00428a37 ; je 0x428a37 call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv ebp xor eax, eax mov al, byte [esp + edx] mov dword [esp + 0x10], eax mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] imul eax, ebx, 0x54 cmp byte [eax + ref_00496828], 0 ; cmp byte [eax + 0x496828], 0 je short loc_00428a05 ; je 0x428a05 push 0 push ebx call fcn_004247d5 ; call 0x4247d5 add esp, 8 loc_00428a05: push 0 mov eax, dword [esp + 0x14] mov al, byte [eax*8 + (ref_0047fee2 - 3)] ; mov al, byte [eax*8 + 0x47fedf] and eax, 0xff imul eax, eax, 0x64 imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] push eax mov ebp, dword [esp + 0x18] push ebp push 3 loc_00428a29: mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_004246c5 ; call 0x4246c5 add esp, 0x14 loc_00428a37: call clib_rand ; call 0x456f2d mov edx, eax mov ebx, 3 sar edx, 0x1f idiv ebx test edx, edx jne near loc_00428ae8 ; jne 0x428ae8 xor ebx, ebx jmp short loc_00428a92 ; jmp 0x428a92 loc_00428a54: cmp cl, 4 jne short loc_00428a8c ; jne 0x428a8c xor eax, eax mov ax, word [edx + ref_004967e2] ; mov ax, word [edx + 0x4967e2] mov al, byte [eax*8 + (_card_table - 3)] ; mov al, byte [eax*8 + 0x47fdef] and eax, 0xff imul eax, eax, 0x64 mov esi, dword [ref_004990e8] ; mov esi, dword [0x4990e8] imul esi, eax mov dword [esp + 0x10], esi cmp esi, dword [edx + ref_004967e4] ; cmp esi, dword [edx + 0x4967e4] je short loc_00428a8c ; je 0x428a8c mov dword [edx + ref_004967e4], esi ; mov dword [edx + 0x4967e4], esi loc_00428a8c: inc ebx cmp ebx, 7 jge short loc_00428ae8 ; jge 0x428ae8 loc_00428a92: imul esi, dword [_current_player], 0x54 ; imul esi, dword [0x49910c], 0x54 mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 lea edx, [esi + eax] mov cl, byte [edx + ref_004967e0] ; mov cl, byte [edx + 0x4967e0] cmp cl, 3 jne short loc_00428a54 ; jne 0x428a54 xor eax, eax mov ax, word [edx + ref_004967e2] ; mov ax, word [edx + 0x4967e2] mov al, byte [eax*8 + (ref_0047fee2 - 3)] ; mov al, byte [eax*8 + 0x47fedf] and eax, 0xff imul eax, eax, 0x64 mov esi, dword [ref_004990e8] ; mov esi, dword [0x4990e8] imul esi, eax mov dword [esp + 0x10], esi mov eax, esi cmp eax, dword [edx + ref_004967e4] ; cmp eax, dword [edx + 0x4967e4] je short loc_00428a8c ; je 0x428a8c mov dword [edx + ref_004967e4], eax ; mov dword [edx + 0x4967e4], eax jmp short loc_00428a8c ; jmp 0x428a8c loc_00428ae8: call clib_rand ; call 0x456f2d mov edx, eax mov ebx, 4 sar edx, 0x1f idiv ebx test edx, edx jne near loc_0042885c ; jne 0x42885c xor esi, esi xor ebp, ebp loc_00428b05: cmp esi, dword [_nplayers] ; cmp esi, dword [0x499114] jge near loc_0042885c ; jge 0x42885c test ebp, ebp jne near loc_0042885c ; jne 0x42885c cmp esi, dword [_current_player] ; cmp esi, dword [0x49910c] je near loc_00428ca9 ; je 0x428ca9 imul eax, esi, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je near loc_00428ca9 ; je 0x428ca9 xor ebx, ebx jmp short loc_00428b43 ; jmp 0x428b43 loc_00428b39: inc ebx cmp ebx, 7 jge near loc_00428ca9 ; jge 0x428ca9 loc_00428b43: imul edi, esi, 0x54 mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 lea edx, [edi + eax] mov cl, byte [edx + ref_004967e0] ; mov cl, byte [edx + 0x4967e0] cmp cl, 1 jne short loc_00428bc6 ; jne 0x428bc6 fild dword [edx + ref_004967e4] ; fild dword [edx + 0x4967e4] xor eax, eax mov ax, word [edx + ref_004967e8] ; mov ax, word [edx + 0x4967e8] mov dword [esp + 0x14], eax fild dword [esp + 0x14] fdivp st1 ; fdivp st(1) call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x10] mov dx, word [edx + ref_004967e2] ; mov dx, word [edx + 0x4967e2] and edx, 0xffff mov eax, edx shl eax, 3 add edx, eax shl edx, 2 mov eax, dword [esp + 0x10] mov dword [esp + 0x14], eax fild dword [esp + 0x14] fcomp dword [edx + (_stocks_on_map+20)] ; fcomp dword [edx + 0x496994] fnstsw ax sahf jae short loc_00428b39 ; jae 0x428b39 push ebx push esi call fcn_004255da ; call 0x4255da add esp, 8 cmp eax, 1 jne near loc_00428b39 ; jne 0x428b39 jmp near loc_00428c9a ; jmp 0x428c9a loc_00428bc6: cmp cl, 2 jne near loc_00428b39 ; jne 0x428b39 mov cx, word [edx + ref_004967e2] ; mov cx, word [edx + 0x4967e2] cmp cx, 0xfa0 jae short loc_00428c06 ; jae 0x428c06 xor eax, eax mov ax, cx sub eax, 0x7d0 imul eax, eax, 0x34 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] add eax, edx xor edi, edi mov di, word [eax + 0x1e] xor edx, edx mov dl, byte [eax + 0x1a] imul edx, edi mov ax, word [eax + 0x1c] jmp short loc_00428c34 ; jmp 0x428c34 loc_00428c06: xor eax, eax mov ax, cx sub eax, 0xfa0 shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, eax mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] add eax, edx xor edx, edx mov dx, word [eax + 0x24] movzx edi, byte [eax + 0x1a] imul edx, edi mov ax, word [eax + 0x22] loc_00428c34: and eax, 0xffff add eax, edx mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] imul edx, eax mov dword [esp + 0x10], edx imul edi, esi, 0x54 mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 lea edx, [edi + eax] mov edi, dword [esp + 0x10] mov eax, edi shl eax, 2 sub eax, edi mov ecx, dword [edx + ref_004967e4] ; mov ecx, dword [edx + 0x4967e4] cmp eax, ecx jle near loc_00428b39 ; jle 0x428b39 lea edx, [ecx + ecx] imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp edx, dword [eax + (_players+28)] ; cmp edx, dword [eax + 0x496b84] jge near loc_00428b39 ; jge 0x428b39 push ebx push esi call fcn_004255da ; call 0x4255da add esp, 8 cmp eax, 1 jne near loc_00428b39 ; jne 0x428b39 loc_00428c9a: push ebx push esi call fcn_004247d5 ; call 0x4247d5 add esp, 8 mov ebp, 1 loc_00428ca9: inc esi jmp near loc_00428b05 ; jmp 0x428b05 fcn_00428caf: push ebx push esi xor esi, esi mov ebx, dword [ref_00498e90] ; mov ebx, dword [0x498e90] jmp short loc_00428cc1 ; jmp 0x428cc1 loc_00428cbb: inc esi cmp esi, 0xc jge short loc_00428cfe ; jge 0x428cfe loc_00428cc1: mov eax, esi shl eax, 3 add eax, esi cmp word [eax*4 + (_stocks_on_map+4)], 0 ; cmp word [eax*4 + 0x496984], 0 je short loc_00428cbb ; je 0x428cbb mov edx, 1 mov ecx, dword [ref_00498e7c] ; mov ecx, dword [0x498e7c] loc_00428cde: add ecx, 0x34 cmp edx, ebx jg short loc_00428cbb ; jg 0x428cbb xor eax, eax mov al, byte [ecx + 0x19] cmp eax, esi jne short loc_00428cfb ; jne 0x428cfb shl eax, 3 add eax, esi mov word [eax*4 + (_stocks_on_map+4)], dx ; mov word [eax*4 + 0x496984], dx loc_00428cfb: inc edx jmp short loc_00428cde ; jmp 0x428cde loc_00428cfe: pop esi pop ebx ret fcn_00428d01: push ebx xor ebx, ebx cmp dword [ref_004990dc], 0 ; cmp dword [0x4990dc], 0 jne short loc_00428d21 ; jne 0x428d21 mov ecx, dword [ref_00497160] ; mov ecx, dword [0x497160] push ecx call fcn_004523d5 ; call 0x4523d5 add esp, 4 cmp eax, 1 jne short loc_00428d26 ; jne 0x428d26 loc_00428d21: mov ebx, 1 loc_00428d26: mov eax, ebx pop ebx ret fcn_00428d2a: push ebx push esi push edi sub esp, 0xc mov esi, dword [esp + 0x24] imul ebx, dword [esp + 0x1c], 0x68 mov edx, dword [esp + 0x20] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 cmp dword [esp + 0x28], 0 je short loc_00428d7f ; je 0x428d7f mov dword [esp + 8], esi fild dword [esp + 8] fmul dword [eax + (_stocks_on_map+20)] ; fmul dword [eax + 0x496994] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 4] sub word [eax + (_stocks_on_map+10)], si ; sub word [eax + 0x49698a], si sub word [eax + (_stocks_on_map+8)], si ; sub word [eax + 0x496988], si mov eax, dword [esp + 4] sub dword [ebx + (_players+32)], eax ; sub dword [ebx + 0x496b88], eax jmp short loc_00428db7 ; jmp 0x428db7 loc_00428d7f: mov ax, word [eax + (_stocks_on_map+4)] ; mov ax, word [eax + 0x496984] and eax, 0xffff imul eax, eax, 0x34 mov ecx, dword [ref_00498e7c] ; mov ecx, dword [0x498e7c] add ecx, eax mov edi, 0x2710 mov eax, dword [ecx + 0x24] mov edx, eax sar edx, 0x1f idiv edi mov edx, esi imul edx, eax mov dword [esp + 4], edx sub dword [ecx + 0x30], esi sub dword [ebx + (_players+28)], edx ; sub dword [ebx + 0x496b84], edx loc_00428db7: mov edx, dword [esp + 0x1c] mov eax, edx shl eax, 2 sub eax, edx shl eax, 5 mov edx, dword [esp + 0x20] shl edx, 3 add edx, eax fild dword [edx + _player_stocks] ; fild dword [edx + 0x4971a0] fmul dword [edx + (_player_stocks + 4)] ; fmul dword [edx + 0x4971a4] call fcn_00457dbc ; call 0x457dbc fistp dword [esp] add dword [edx + _player_stocks], esi ; add dword [edx + 0x4971a0], esi mov eax, dword [esp + 4] mov ebx, dword [esp] add ebx, eax mov dword [esp], ebx fild dword [edx + _player_stocks] ; fild dword [edx + 0x4971a0] mov dword [esp + 8], ebx fild dword [esp + 8] fdivrp st1 ; fdivrp st(1) fstp dword [edx + (_player_stocks + 4)] ; fstp dword [edx + 0x4971a4] mov esi, dword [esp + 0x20] push esi mov edi, dword [esp + 0x20] push edi call fcn_004294d5 ; call 0x4294d5 add esp, 8 add esp, 0xc pop edi pop esi pop ebx ret fcn_00428e23: push ebx push esi sub esp, 8 mov ecx, dword [esp + 0x1c] mov edx, dword [esp + 0x14] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 5 mov eax, dword [esp + 0x18] shl eax, 3 add eax, edx mov edx, dword [eax + _player_stocks] ; mov edx, dword [eax + 0x4971a0] sub edx, ecx mov dword [eax + _player_stocks], edx ; mov dword [eax + 0x4971a0], edx jne short loc_00428e5b ; jne 0x428e5b mov dword [eax + (_player_stocks + 4)], edx ; mov dword [eax + 0x4971a4], edx loc_00428e5b: mov edx, dword [esp + 0x18] mov eax, edx shl eax, 3 add eax, edx mov dword [esp + 4], ecx fild dword [esp + 4] fmul dword [eax*4 + (_stocks_on_map+20)] ; fmul dword [eax*4 + 0x496994] call fcn_00457dbc ; call 0x457dbc fistp dword [esp] add word [eax*4 + (_stocks_on_map+10)], cx ; add word [eax*4 + 0x49698a], cx add word [eax*4 + (_stocks_on_map+8)], cx ; add word [eax*4 + 0x496988], cx cmp dword [esp + 0x20], 0 je short loc_00428ea4 ; je 0x428ea4 imul edx, dword [esp + 0x14], 0x68 mov eax, dword [esp] add dword [edx + (_players+32)], eax ; add dword [edx + 0x496b88], eax jmp short loc_00428ead ; jmp 0x428ead loc_00428ea4: mov eax, dword [esp] add dword [ref_00499080], eax ; add dword [0x499080], eax loc_00428ead: mov ebx, dword [esp + 0x18] push ebx mov esi, dword [esp + 0x18] push esi call fcn_004294d5 ; call 0x4294d5 add esp, 8 add esp, 8 pop esi pop ebx ret fcn_00428ec5: sub esp, 0x10 fld dword [esp + 0x18] fadd dword [ref_00463f88] ; fadd dword [0x463f88] fdiv dword [ref_00463f88] ; fdiv dword [0x463f88] fmul dword [esp + 0x14] fstp dword [esp + 0xc] fldz fcomp dword [esp + 0x18] fnstsw ax sahf jae near loc_00428f77 ; jae 0x428f77 fld dword [esp + 0xc] fsub dword [esp + 0x14] fstp dword [esp + 8] fld dword [esp + 0xc] fcomp dword [ref_00463f8c] ; fcomp dword [0x463f8c] fnstsw ax sahf jae short loc_00428f28 ; jae 0x428f28 fld qword [ref_00463fb4] ; fld qword [0x463fb4] loc_00428f10: fld dword [esp + 8] loc_00428f14: call fcn_0045841c ; call 0x45841c fld dword [esp + 0xc] fstp qword [esp] fsubr qword [esp] jmp near loc_00429009 ; jmp 0x429009 loc_00428f28: fld dword [esp + 0xc] fcomp dword [ref_00463f90] ; fcomp dword [0x463f90] fnstsw ax sahf jae short loc_00428f3f ; jae 0x428f3f fld qword [ref_00463fac] ; fld qword [0x463fac] jmp short loc_00428f10 ; jmp 0x428f10 loc_00428f3f: fld dword [esp + 0xc] fcomp dword [ref_00463f94] ; fcomp dword [0x463f94] fnstsw ax sahf jae short loc_00428f56 ; jae 0x428f56 fld qword [ref_00463fa4] ; fld qword [0x463fa4] jmp short loc_00428f10 ; jmp 0x428f10 loc_00428f56: fld dword [esp + 0xc] fcomp dword [ref_00463f98] ; fcomp dword [0x463f98] fnstsw ax sahf jae short loc_00428f6d ; jae 0x428f6d fld qword [ref_00463f9c] ; fld qword [0x463f9c] jmp short loc_00428f10 ; jmp 0x428f10 loc_00428f6d: fld dword [esp + 8] fld1 fxch st1 ; fxch st(1) jmp short loc_00428f14 ; jmp 0x428f14 loc_00428f77: fld dword [esp + 0x14] fsub dword [esp + 0xc] fstp dword [esp + 8] fld dword [esp + 0xc] fcomp dword [ref_00463f8c] ; fcomp dword [0x463f8c] fnstsw ax sahf jae short loc_00428fad ; jae 0x428fad fld qword [ref_00463fb4] ; fld qword [0x463fb4] loc_00428f98: fld dword [esp + 8] call fcn_0045841c ; call 0x45841c fld dword [esp + 0xc] fstp qword [esp] fadd qword [esp] jmp short loc_00429009 ; jmp 0x429009 loc_00428fad: fld dword [esp + 0xc] fcomp dword [ref_00463f90] ; fcomp dword [0x463f90] fnstsw ax sahf jae short loc_00428fc4 ; jae 0x428fc4 fld qword [ref_00463fac] ; fld qword [0x463fac] jmp short loc_00428f98 ; jmp 0x428f98 loc_00428fc4: fld dword [esp + 0xc] fcomp dword [ref_00463f94] ; fcomp dword [0x463f94] fnstsw ax sahf jae short loc_00428fdb ; jae 0x428fdb fld qword [ref_00463fa4] ; fld qword [0x463fa4] jmp short loc_00428f98 ; jmp 0x428f98 loc_00428fdb: fld dword [esp + 0xc] fcomp dword [ref_00463f98] ; fcomp dword [0x463f98] fnstsw ax sahf jae short loc_00428ff2 ; jae 0x428ff2 fld qword [ref_00463f9c] ; fld qword [0x463f9c] jmp short loc_00428f98 ; jmp 0x428f98 loc_00428ff2: fld dword [esp + 8] fld1 fxch st1 ; fxch st(1) call fcn_0045841c ; call 0x45841c fld dword [esp + 0xc] fstp qword [esp] fadd qword [esp] loc_00429009: fstp dword [esp + 0xc] cmp dword [esp + 0xc], 0x3f800000 jge short loc_00429021 ; jge 0x429021 mov dword [esp + 0xc], 0x3f800000 jmp short loc_00429038 ; jmp 0x429038 loc_00429021: fld dword [esp + 0xc] fcomp dword [ref_00463fbc] ; fcomp dword [0x463fbc] fnstsw ax sahf jbe short loc_00429038 ; jbe 0x429038 mov dword [esp + 0xc], 0x461c3c00 loc_00429038: mov eax, dword [esp + 0xc] add esp, 0x10 ret fcn_00429040: push ebx push esi push edi push ebp sub esp, 4 mov esi, dword [esp + 0x18] mov edi, dword [ref_00499100] ; mov edi, dword [0x499100] dec edi test edi, edi jge short loc_0042905b ; jge 0x42905b mov edi, 0x8f loc_0042905b: test esi, esi je near loc_004290e2 ; je 0x4290e2 lea ebx, [esi - 1] mov eax, ebx shl eax, 3 add eax, ebx shl eax, 2 mov dl, byte [eax + (_stocks_on_map+7)] ; mov dl, byte [eax + 0x496987] test dl, dl je near loc_004290da ; je 0x4290da test dl, 0xf0 je short loc_0042908f ; je 0x42908f mov dword [eax + (_stocks_on_map+28)], 0x41200000 ; mov dword [eax + 0x49699c], 0x41200000 jmp short loc_00429099 ; jmp 0x429099 loc_0042908f: mov dword [eax + (_stocks_on_map+28)], 0xc1200000 ; mov dword [eax + 0x49699c], 0xc1200000 loc_00429099: dec esi mov ebx, esi shl ebx, 3 add ebx, esi push dword [ebx*4 + (_stocks_on_map+28)] ; push dword [ebx*4 + 0x49699c] push dword [ebx*4 + (_stocks_on_map+16)] ; push dword [ebx*4 + 0x496990] call fcn_00428ec5 ; call 0x428ec5 mov dword [esp + 8], eax fld dword [esp + 8] add esp, 8 fst dword [ebx*4 + (_stocks_on_map+20)] ; fst dword [ebx*4 + 0x496994] mov eax, esi shl eax, 3 lea ebx, [esi + eax] shl ebx, 6 mov eax, edi fstp dword [ebx + eax*4 + ref_00497328] ; fstp dword [ebx + eax*4 + 0x497328] loc_004290da: add esp, 4 pop ebp pop edi pop esi pop ebx ret loc_004290e2: mov ebp, 0x41200000 jmp short loc_00429139 ; jmp 0x429139 loc_004290e9: mov dword [eax + (_stocks_on_map+28)], 0xc1200000 ; mov dword [eax + 0x49699c], 0xc1200000 loc_004290f3: mov ebx, esi shl ebx, 3 add ebx, esi push dword [ebx*4 + (_stocks_on_map+28)] ; push dword [ebx*4 + 0x49699c] push dword [ebx*4 + (_stocks_on_map+16)] ; push dword [ebx*4 + 0x496990] call fcn_00428ec5 ; call 0x428ec5 mov dword [esp + 8], eax fld dword [esp + 8] add esp, 8 fst dword [ebx*4 + (_stocks_on_map+20)] ; fst dword [ebx*4 + 0x496994] mov eax, esi shl eax, 3 lea ebx, [esi + eax] shl ebx, 6 mov eax, edi fstp dword [ebx + eax*4 + ref_00497328] ; fstp dword [ebx + eax*4 + 0x497328] loc_00429133: inc esi cmp esi, 0xc jge short loc_004290da ; jge 0x4290da loc_00429139: mov eax, esi shl eax, 3 add eax, esi shl eax, 2 mov bl, byte [eax + (_stocks_on_map+7)] ; mov bl, byte [eax + 0x496987] test bl, bl je short loc_00429133 ; je 0x429133 test bl, 0xf0 je short loc_004290e9 ; je 0x4290e9 mov dword [eax + (_stocks_on_map+28)], ebp ; mov dword [eax + 0x49699c], ebp jmp short loc_004290f3 ; jmp 0x4290f3 fcn_0042915a: push ebx push esi sub esp, 4 xor esi, esi jmp short loc_00429170 ; jmp 0x429170 loc_00429163: mov word [ebx + (_stocks_on_map+10)], dx ; mov word [ebx + 0x49698a], dx loc_0042916a: inc esi cmp esi, 0xc jge short loc_004291d0 ; jge 0x4291d0 loc_00429170: mov ebx, esi shl ebx, 3 add ebx, esi shl ebx, 2 mov dx, word [ebx + (_stocks_on_map+8)] ; mov dx, word [ebx + 0x496988] cmp dx, 0x3e8 jbe short loc_00429163 ; jbe 0x429163 call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 0x7d0 sar edx, 0x1f idiv ecx add edx, 0x3e8 xor eax, eax mov ax, word [ebx + (_stocks_on_map+8)] ; mov ax, word [ebx + 0x496988] mov dword [esp], eax fild dword [esp] mov dword [esp], edx fild dword [esp] fdiv dword [ref_00463fc0] ; fdiv dword [0x463fc0] fmulp st1 ; fmulp st(1) call fcn_00457dbc ; call 0x457dbc fistp dword [esp] mov eax, dword [esp] mov word [ebx + (_stocks_on_map+10)], ax ; mov word [ebx + 0x49698a], ax jmp short loc_0042916a ; jmp 0x42916a loc_004291d0: add esp, 4 pop esi pop ebx ret fcn_004291d6: push ebx push esi push edi push ebp sub esp, 0xc xor edx, edx mov dword [esp], edx call fcn_00428d01 ; call 0x428d01 cmp eax, 1 je near loc_004294cd ; je 0x4294cd call clib_rand ; call 0x456f2d sub eax, 0x4000 mov dword [esp + 8], eax fild dword [esp + 8] fdiv dword [ref_00463fc4] ; fdiv dword [0x463fc4] fstp dword [ref_004990ec] ; fstp dword [0x4990ec] xor esi, esi mov ebp, 0xc1200000 mov edi, 0xc1200000 jmp near loc_00429470 ; jmp 0x429470 loc_0042921f: mov dl, byte [ebx + (_stocks_on_map+7)] ; mov dl, byte [ebx + 0x496987] test dl, dl je short loc_00429248 ; je 0x429248 test dl, 0xf0 je short loc_0042923d ; je 0x42923d mov dword [ebx + (_stocks_on_map+28)], 0x41200000 ; mov dword [ebx + 0x49699c], 0x41200000 jmp near loc_00429413 ; jmp 0x429413 loc_0042923d: mov dword [ebx + (_stocks_on_map+28)], ebp ; mov dword [ebx + 0x49699c], ebp jmp near loc_00429413 ; jmp 0x429413 loc_00429248: call clib_rand ; call 0x456f2d sub eax, 0x4000 mov dword [esp + 8], eax fild dword [esp + 8] fdiv dword [ref_00463fc8] ; fdiv dword [0x463fc8] fst dword [ebx + (_stocks_on_map+32)] ; fst dword [ebx + 0x4969a0] fmul dword [ebx + (_stocks_on_map+24)] ; fmul dword [ebx + 0x496998] fadd dword [ebx + (_stocks_on_map+28)] ; fadd dword [ebx + 0x49699c] fstp dword [ebx + (_stocks_on_map+28)] ; fstp dword [ebx + 0x49699c] fld dword [ref_004990ec] ; fld dword [0x4990ec] fadd dword [ebx + (_stocks_on_map+28)] ; fadd dword [ebx + 0x49699c] fstp dword [ebx + (_stocks_on_map+28)] ; fstp dword [ebx + 0x49699c] cmp word [ebx + (_stocks_on_map+4)], 0 ; cmp word [ebx + 0x496984], 0 je near loc_00429346 ; je 0x429346 xor edx, edx mov dx, word [ebx + (_stocks_on_map+4)] ; mov dx, word [ebx + 0x496984] imul edx, edx, 0x34 mov eax, dword [ref_00498e7c] ; mov eax, dword [0x498e7c] fild dword [edx + eax + 0x24] fdiv dword [ref_00463fd8] ; fdiv dword [0x463fd8] fstp dword [esp + 4] fld dword [ebx + (_stocks_on_map+16)] ; fld dword [ebx + 0x496990] fcomp dword [esp + 4] fnstsw ax sahf jbe short loc_00429316 ; jbe 0x429316 fld dword [esp + 4] fmul dword [ref_00463fe4] ; fmul dword [0x463fe4] fstp dword [esp + 4] fld dword [ebx + (_stocks_on_map+16)] ; fld dword [ebx + 0x496990] fcomp dword [esp + 4] fnstsw ax sahf jbe near loc_004293d2 ; jbe 0x4293d2 fldz fcomp dword [ebx + (_stocks_on_map+28)] ; fcomp dword [ebx + 0x49699c] fnstsw ax sahf jae short loc_00429305 ; jae 0x429305 loc_004292f4: fld dword [ebx + (_stocks_on_map+28)] ; fld dword [ebx + 0x49699c] fmul dword [ref_00463fcc] ; fmul dword [0x463fcc] jmp near loc_004293cc ; jmp 0x4293cc loc_00429305: fld dword [ebx + (_stocks_on_map+28)] ; fld dword [ebx + 0x49699c] fmul dword [ref_00463fd0] ; fmul dword [0x463fd0] jmp near loc_004293cc ; jmp 0x4293cc loc_00429316: fld dword [esp + 4] fmul qword [ref_00463fdc] ; fmul qword [0x463fdc] fstp dword [esp + 4] fld dword [ebx + (_stocks_on_map+16)] ; fld dword [ebx + 0x496990] fcomp dword [esp + 4] fnstsw ax sahf jae near loc_004293d2 ; jae 0x4293d2 fldz fcomp dword [ebx + (_stocks_on_map+28)] ; fcomp dword [ebx + 0x49699c] fnstsw ax sahf jb short loc_00429305 ; jb 0x429305 jmp short loc_004292f4 ; jmp 0x4292f4 loc_00429346: mov eax, dword [ebx + (_stocks_on_map+12)] ; mov eax, dword [ebx + 0x49698c] mov dword [esp + 4], eax fld dword [ebx + (_stocks_on_map+16)] ; fld dword [ebx + 0x496990] fcomp dword [esp + 4] fnstsw ax sahf jbe short loc_00429392 ; jbe 0x429392 fld dword [esp + 4] fmul dword [ref_00463fd4] ; fmul dword [0x463fd4] fstp dword [esp + 4] fld dword [ebx + (_stocks_on_map+16)] ; fld dword [ebx + 0x496990] fcomp dword [esp + 4] fnstsw ax sahf jbe short loc_004293d2 ; jbe 0x4293d2 fldz fcomp dword [ebx + (_stocks_on_map+28)] ; fcomp dword [ebx + 0x49699c] fnstsw ax sahf jb near loc_004292f4 ; jb 0x4292f4 jmp near loc_00429305 ; jmp 0x429305 loc_00429392: fld dword [esp + 4] fmul dword [ref_00463fcc] ; fmul dword [0x463fcc] fstp dword [esp + 4] fld dword [ebx + (_stocks_on_map+16)] ; fld dword [ebx + 0x496990] fcomp dword [esp + 4] fnstsw ax sahf jae short loc_004293d2 ; jae 0x4293d2 fldz fcomp dword [ebx + (_stocks_on_map+28)] ; fcomp dword [ebx + 0x49699c] fnstsw ax sahf jb near loc_00429305 ; jb 0x429305 fld dword [ebx + (_stocks_on_map+28)] ; fld dword [ebx + 0x49699c] fmul dword [ref_00463fcc] ; fmul dword [0x463fcc] loc_004293cc: fstp dword [ebx + (_stocks_on_map+28)] ; fstp dword [ebx + 0x49699c] loc_004293d2: mov eax, esi shl eax, 3 add eax, esi shl eax, 2 cmp dword [eax + (_stocks_on_map+28)], 0x41200000 ; cmp dword [eax + 0x49699c], 0x41200000 jle short loc_004293f2 ; jle 0x4293f2 mov dword [eax + (_stocks_on_map+28)], 0x41200000 ; mov dword [eax + 0x49699c], 0x41200000 loc_004293f2: mov ebx, esi shl ebx, 3 add ebx, esi shl ebx, 2 fld dword [ebx + (_stocks_on_map+28)] ; fld dword [ebx + 0x49699c] fcomp dword [ref_00463fe8] ; fcomp dword [0x463fe8] fnstsw ax sahf jae short loc_00429413 ; jae 0x429413 mov dword [ebx + (_stocks_on_map+28)], edi ; mov dword [ebx + 0x49699c], edi loc_00429413: mov ebx, esi shl ebx, 3 add ebx, esi push dword [ebx*4 + (_stocks_on_map+28)] ; push dword [ebx*4 + 0x49699c] push dword [ebx*4 + (_stocks_on_map+16)] ; push dword [ebx*4 + 0x496990] call fcn_00428ec5 ; call 0x428ec5 mov dword [esp + 0x10], eax fld dword [esp + 0x10] add esp, 8 fstp dword [ebx*4 + (_stocks_on_map+20)] ; fstp dword [ebx*4 + 0x496994] mov eax, esi shl eax, 3 lea edx, [esi + eax] shl edx, 6 mov eax, dword [ref_00499100] ; mov eax, dword [0x499100] mov ecx, dword [ebx*4 + (_stocks_on_map+20)] ; mov ecx, dword [ebx*4 + 0x496994] mov dword [edx + eax*4 + ref_00497328], ecx ; mov dword [edx + eax*4 + 0x497328], ecx fld dword [esp] fadd dword [ebx*4 + (_stocks_on_map+20)] ; fadd dword [ebx*4 + 0x496994] fstp dword [esp] inc esi cmp esi, 0xc jge short loc_004294a0 ; jge 0x4294a0 loc_00429470: mov ebx, esi shl ebx, 3 add ebx, esi shl ebx, 2 mov eax, dword [ebx + (_stocks_on_map+20)] ; mov eax, dword [ebx + 0x496994] mov dword [ebx + (_stocks_on_map+16)], eax ; mov dword [ebx + 0x496990], eax cmp byte [ebx + (_stocks_on_map+6)], 0 ; cmp byte [ebx + 0x496986], 0 je near loc_0042921f ; je 0x42921f xor edx, edx mov dword [ebx + (_stocks_on_map+28)], edx ; mov dword [ebx + 0x49699c], edx jmp near loc_00429413 ; jmp 0x429413 loc_004294a0: lea ecx, [eax + 1] mov dword [ref_00499100], ecx ; mov dword [0x499100], ecx cmp ecx, 0x90 jne short loc_004294b9 ; jne 0x4294b9 xor esi, esi mov dword [ref_00499100], esi ; mov dword [0x499100], esi loc_004294b9: fld dword [esp] fmul dword [ref_00463fec] ; fmul dword [0x463fec] call fcn_00457dbc ; call 0x457dbc fistp dword [ref_00499078] ; fistp dword [0x499078] loc_004294cd: add esp, 0xc pop ebp pop edi pop esi pop ebx ret fcn_004294d5: push ebx push esi push edi sub esp, 8 xor edx, edx mov dword [esp], edx mov edx, dword [esp + 0x1c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 mov dx, word [eax + (_stocks_on_map+4)] ; mov dx, word [eax + 0x496984] test dx, dx jne short loc_00429501 ; jne 0x429501 xor edx, edx jmp near loc_004295e1 ; jmp 0x4295e1 loc_00429501: mov eax, edx and eax, 0xffff imul eax, eax, 0x34 mov ebx, dword [ref_00498e7c] ; mov ebx, dword [0x498e7c] add ebx, eax xor ecx, ecx jmp short loc_0042951e ; jmp 0x42951e loc_00429517: mov ecx, eax cmp eax, 4 jge short loc_0042954f ; jge 0x42954f loc_0042951e: lea eax, [ebx + ecx] xor edx, edx mov dl, byte [eax + 0x1c] mov esi, dword [esp + 0x18] inc esi lea eax, [ecx + 1] cmp edx, esi jne short loc_00429517 ; jne 0x429517 mov edx, 3 sub edx, ecx push edx lea edx, [ebx + 0x1c] add eax, edx push eax add edx, ecx push edx call _memcpy ; call 0x456de8 add esp, 0xc mov byte [ebx + 0x1f], 0 loc_0042954f: mov edx, dword [esp + 0x18] mov eax, edx shl eax, 2 sub eax, edx shl eax, 5 mov edi, dword [esp + 0x1c] mov edi, dword [eax + edi*8 + _player_stocks] ; mov edi, dword [eax + edi*8 + 0x4971a0] test edi, edi je short loc_004295c0 ; je 0x4295c0 mov ecx, 2 xor esi, esi mov dword [esp + 4], esi jmp short loc_00429584 ; jmp 0x429584 loc_00429579: mov dl, byte [eax + 0x1c] mov byte [eax + 0x1d], dl loc_0042957f: dec ecx test ecx, ecx jl short loc_004295b2 ; jl 0x4295b2 loc_00429584: lea eax, [ebx + ecx] mov dl, byte [eax + 0x1c] test dl, dl je short loc_0042957f ; je 0x42957f movzx esi, dl dec esi mov edx, esi shl edx, 2 sub edx, esi mov esi, edx shl esi, 5 mov edx, dword [esp + 0x1c] mov edx, dword [esi + edx*8 + _player_stocks] ; mov edx, dword [esi + edx*8 + 0x4971a0] cmp edx, edi jl short loc_00429579 ; jl 0x429579 inc ecx mov dword [esp + 4], ecx loc_004295b2: mov dl, byte [esp + 0x18] inc dl mov eax, dword [esp + 4] mov byte [ebx + eax + 0x1c], dl loc_004295c0: mov al, byte [ebx + 0x18] mov dh, byte [ebx + 0x1c] cmp al, dh je short loc_004295de ; je 0x4295de mov byte [ebx + 0x18], dh push 0 call fcn_0040a4e1 ; call 0x40a4e1 add esp, 4 mov dword [esp], 1 loc_004295de: mov edx, dword [esp] loc_004295e1: mov eax, edx add esp, 8 pop edi pop esi pop ebx ret fcn_004295ea: sub esp, 0x10 mov edx, dword [esp + 0x14] mov eax, edx shl eax, 3 add eax, edx mov edx, dword [eax*4 + (_stocks_on_map+16)] ; mov edx, dword [eax*4 + 0x496990] mov dword [esp + 8], edx mov eax, dword [eax*4 + (_stocks_on_map+20)] ; mov eax, dword [eax*4 + 0x496994] mov dword [esp + 4], eax fld dword [esp + 4] fcomp dword [esp + 8] fnstsw ax sahf jbe short loc_0042964f ; jbe 0x42964f push 0x41200000 push edx call fcn_00428ec5 ; call 0x428ec5 mov dword [esp + 0x14], eax fld dword [esp + 0x14] add esp, 8 fstp dword [esp] fld dword [esp + 4] fcomp dword [esp] fnstsw ax sahf jae short loc_00429646 ; jae 0x429646 xor eax, eax add esp, 0x10 ret loc_00429646: mov eax, 1 add esp, 0x10 ret loc_0042964f: jae short loc_00429688 ; jae 0x429688 push 0xc1200000 push edx call fcn_00428ec5 ; call 0x428ec5 mov dword [esp + 0x14], eax fld dword [esp + 0x14] add esp, 8 fstp dword [esp] fld dword [esp + 4] fcomp dword [esp] fnstsw ax sahf jbe short loc_0042967f ; jbe 0x42967f mov eax, 2 add esp, 0x10 ret loc_0042967f: mov eax, 3 add esp, 0x10 ret loc_00429688: mov eax, 4 add esp, 0x10 ret fcn_00429691: mov edx, 2 fld dword [esp + 4] fcomp dword [ref_00463ff0] ; fcomp dword [0x463ff0] fnstsw ax sahf jae short loc_004296aa ; jae 0x4296aa xor edx, edx mov eax, edx ret loc_004296aa: fld dword [esp + 4] fcomp dword [ref_00463ff4] ; fcomp dword [0x463ff4] fnstsw ax sahf jae short loc_004296be ; jae 0x4296be mov edx, 1 loc_004296be: mov eax, edx ret fcn_004296c1: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax cmp dword [esp + 4], 0 jne short loc_00429702 ; jne 0x429702 push 1 push 3 push 0x101010 push 0xa0a0a0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 jmp short loc_0042976b ; jmp 0x42976b loc_00429702: push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov ecx, dword [ref_0048c2e0] ; mov ecx, dword [0x48c2e0] test ecx, ecx je short loc_00429745 ; je 0x429745 push 0 push 0x20 push 0x262 mov eax, ecx shl eax, 5 add eax, 0x30 push eax push 0xf push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 loc_00429745: push 0xffffff push 0x20 push 0x262 mov eax, dword [esp + 0x10] shl eax, 5 add eax, 0x30 push eax push 0xf push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 loc_0042976b: push 2 push 0x18 push 0xa3 push ref_00463ff8 ; push 0x463ff8 push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x18 push 0xed push ref_00463ffd ; push 0x463ffd push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x18 push 0x157 push ref_00464002 ; push 0x464002 push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov eax, dword [esp + 4] mov dword [ref_0048c2e0], eax ; mov dword [0x48c2e0], eax ret endloc_004297cd: db 0x8b db 0xc0 ref_004297cf: ; may contain a jump table dd loc_004298b9 dd loc_004298cc dd loc_004298f8 dd loc_00429908 dd loc_00429934 ref_004297e3: ; may contain a jump table dd loc_004299af dd loc_004299af dd loc_004299bf dd loc_004299bf dd loc_004299cf fcn_004297f7: push ebx push esi push edi push ebp sub esp, 0x88 push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax push 0 push 0 mov ebx, dword [ref_0048c2dc] ; mov ebx, dword [0x48c2dc] mov edx, dword [esp + 0xa4] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 add ebx, 0xc add ebx, eax push ebx mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov byte [esp], 0x24 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ebx, dword [eax + (_players+32)] ; mov ebx, dword [eax + 0x496b88] push ebx lea eax, [esp + 5] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push 0x18 push 0x21c lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov esi, dword [esp + 0x9c] test esi, esi jne near loc_00429b87 ; jne 0x429b87 mov ebp, 0x60 jmp near loc_00429b6c ; jmp 0x429b6c loc_004298b9: push 1 push 3 push 0x101010 push 0xff0000 jmp near loc_00429942 ; jmp 0x429942 loc_004298cc: push 0xd00000 push 0x14 push 0x59 lea eax, [ebp - 0xa] push eax push 0x90 push ref_0046caec ; push 0x46caec call fcn_004561be ; call 0x4561be add esp, 0x18 push 1 push 2 push 0 push 0xf0f0f0 jmp short loc_00429942 ; jmp 0x429942 loc_004298f8: push 1 push 3 push 0x101010 push 0xff00 jmp short loc_00429942 ; jmp 0x429942 loc_00429908: push 0xd000 push 0x14 push 0x59 lea eax, [ebp - 0xa] push eax push 0x90 push ref_0046caec ; push 0x46caec call fcn_004561be ; call 0x4561be add esp, 0x18 push 1 push 2 push 0 push 0x101010 jmp short loc_00429942 ; jmp 0x429942 loc_00429934: push 1 push 3 push 0x101010 push 0xf0f0f0 loc_00429942: push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 loc_0042994c: mov edi, esi shl edi, 3 add edi, esi shl edi, 2 push dword [edi + (_stocks_on_map+20)] ; push dword [edi + 0x496994] call fcn_00429691 ; call 0x429691 add esp, 4 mov dword [esp + 0x80], eax fld dword [edi + (_stocks_on_map+20)] ; fld dword [edi + 0x496994] sub esp, 8 fstp qword [esp] mov edi, dword [eax*4 + ref_00475518] ; mov edi, dword [eax*4 + 0x475518] push edi lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 6 push ebp push 0xe1 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 cmp ebx, 4 ja short loc_004299e7 ; ja 0x4299e7 jmp dword [ebx*4 + ref_004297e3] ; ujmp: jmp dword [ebx*4 + 0x4297e3] loc_004299af: push 1 push 3 push 0x101010 push 0xff0000 jmp short loc_004299dd ; jmp 0x4299dd loc_004299bf: push 1 push 3 push 0x101010 push 0xff00 jmp short loc_004299dd ; jmp 0x4299dd loc_004299cf: push 1 push 3 push 0x101010 push 0xf0f0f0 loc_004299dd: push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 loc_004299e7: mov ebx, esi shl ebx, 3 add ebx, esi shl ebx, 2 fld dword [ebx + (_stocks_on_map+20)] ; fld dword [ebx + 0x496994] fsub dword [ebx + (_stocks_on_map+16)] ; fsub dword [ebx + 0x496990] sub esp, 8 fstp qword [esp] mov eax, dword [esp + 0x88] mov edx, dword [eax*4 + ref_00475524] ; mov edx, dword [eax*4 + 0x475524] push edx lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 6 push ebp push 0x131 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 cmp byte [ebx + (_stocks_on_map+6)], 0 ; cmp byte [ebx + 0x496986], 0 je short loc_00429a66 ; je 0x429a66 push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push ebp push 0x170 push ref_0046400f ; push 0x46400f jmp short loc_00429a8f ; jmp 0x429a8f loc_00429a66: xor eax, eax mov ax, word [ebx + (_stocks_on_map+10)] ; mov ax, word [ebx + 0x49698a] push eax push ref_00464018 ; push 0x464018 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 6 push ebp push 0x191 lea eax, [esp + 0xc] push eax loc_00429a8f: push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, esi shl eax, 3 add eax, esi cmp word [eax*4 + (_stocks_on_map+4)], 0 ; cmp word [eax*4 + 0x496984], 0 je short loc_00429abb ; je 0x429abb push 1 push 3 push 0x101010 push 0xf0f0 jmp short loc_00429ac9 ; jmp 0x429ac9 loc_00429abb: push 1 push 3 push 0x101010 push 0xf0f0f0 loc_00429ac9: push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 sub eax, edx shl eax, 5 mov ebx, esi shl ebx, 3 add eax, ebx mov ecx, dword [eax + _player_stocks] ; mov ecx, dword [eax + 0x4971a0] test ecx, ecx je short loc_00429b5f ; je 0x429b5f push ecx lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push ebp push 0x1f8 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 sub eax, edx shl eax, 5 fld dword [ebx + eax + (_player_stocks + 4)] ; fld dword [ebx + eax + 0x4971a4] sub esp, 8 fstp qword [esp] push ref_00463f64 ; push 0x463f64 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 6 push ebp push 0x261 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 loc_00429b5f: inc esi add ebp, 0x20 cmp esi, 0xc jge near loc_00429d4a ; jge 0x429d4a loc_00429b6c: push esi call fcn_004295ea ; call 0x4295ea add esp, 4 mov ebx, eax cmp eax, 4 ja near loc_0042994c ; ja 0x42994c jmp dword [eax*4 + ref_004297cf] ; ujmp: jmp dword [eax*4 + 0x4297cf] loc_00429b87: xor esi, esi mov ebp, 0x60 jmp near loc_00429ccd ; jmp 0x429ccd loc_00429b93: push 1 push 3 push 0x101010 push 0xf0f0f0 loc_00429ba1: push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov edx, ebx shl edx, 2 sub edx, ebx shl edx, 5 mov eax, esi mov ecx, dword [edx + eax*8 + _player_stocks] ; mov ecx, dword [edx + eax*8 + 0x4971a0] push ecx lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 mov eax, esi shl eax, 3 add eax, esi cmp word [eax*4 + (_stocks_on_map+4)], 0 ; cmp word [eax*4 + 0x496984], 0 je short loc_00429c24 ; je 0x429c24 xor eax, eax mov edx, dword [esp + 0x84] mov al, byte [edx + 0x18] lea edx, [ebx + 1] cmp eax, edx jne short loc_00429c24 ; jne 0x429c24 push 0xff push 0x14 push 0x40 lea eax, [ebp - 0xa] push eax lea eax, [edi - 0x38] push eax push ref_0046caec ; push 0x46caec call fcn_004561be ; call 0x4561be add esp, 0x18 push 1 push 2 push 0 push 0xf0f000 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 loc_00429c24: push 6 push ebp push edi lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx add edi, 0x50 jmp near loc_00429cf9 ; jmp 0x429cf9 loc_00429c40: cmp word [eax + (_stocks_on_map+4)], 0 ; cmp word [eax + 0x496984], 0 je near loc_00429d30 ; je 0x429d30 push 1 push 3 push 0x101010 push 0xf0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov eax, dword [esp + 0x84] mov ecx, dword [eax + 0x30] push ecx lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push ebp push 0x208 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [esp + 0x84] mov ebx, dword [eax + 0x28] push ebx lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push ebp push 0x261 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc loc_00429cc1: add esp, 0x14 inc esi add ebp, 0x20 cmp esi, 0xc jge short loc_00429d4a ; jge 0x429d4a loc_00429ccd: mov eax, esi shl eax, 3 add eax, esi mov ax, word [eax*4 + (_stocks_on_map+4)] ; mov ax, word [eax*4 + 0x496984] and eax, 0xffff imul edx, eax, 0x34 mov eax, dword [ref_00498e7c] ; mov eax, dword [0x498e7c] add eax, edx mov dword [esp + 0x84], eax xor ebx, ebx mov edi, 0xc0 loc_00429cf9: mov eax, esi shl eax, 3 add eax, esi shl eax, 2 cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge near loc_00429c40 ; jge 0x429c40 cmp word [eax + (_stocks_on_map+4)], 0 ; cmp word [eax + 0x496984], 0 je near loc_00429b93 ; je 0x429b93 push 1 push 3 push 0x101010 push 0xf0f0 jmp near loc_00429ba1 ; jmp 0x429ba1 loc_00429d30: push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 jmp near loc_00429cc1 ; jmp 0x429cc1 loc_00429d4a: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall add esp, 0x88 pop ebp pop edi pop esi pop ebx ret fcn_00429d65: push ebx push esi push edi push ebp sub esp, 0x10c mov eax, dword [esp + 0x124] cmp eax, 0x202 jb short loc_00429da0 ; jb 0x429da0 jbe near loc_0042aa08 ; jbe 0x42aa08 cmp eax, 0x205 jb near loc_0042aab0 ; jb 0x42aab0 jbe near loc_0042aa08 ; jbe 0x42aa08 cmp eax, 0x401 je short loc_00429dae ; je 0x429dae jmp near loc_0042aab0 ; jmp 0x42aab0 loc_00429da0: cmp eax, 0xf je near loc_0042aa31 ; je 0x42aa31 jmp near loc_0042aab0 ; jmp 0x42aab0 loc_00429dae: mov al, byte [esp + 0x12c] mov byte [ref_0048c2e4], al ; mov byte [0x48c2e4], al mov dword [esp + 0xc0], 0x1a mov dword [esp + 0xc4], 0x34 mov dword [esp + 0xc8], 0x265 mov dword [esp + 0xcc], 0x1ab lea eax, [esp + 0xc0] push eax call fcn_00451e7e ; call 0x451e7e add esp, 4 mov dword [ref_0048c2e5], eax ; mov dword [0x48c2e5], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x34 push 0x1a mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0x24 push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0x52 push 0x140 xor edx, edx mov dl, byte [ref_0048c2e4] ; mov dl, byte [0x48c2e4] mov eax, edx shl eax, 3 add eax, edx mov ebp, dword [eax*4 + (_stocks_on_map+0)] ; mov ebp, dword [eax*4 + 0x496980] push ebp push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor edx, edx mov dl, byte [ref_0048c2e4] ; mov dl, byte [0x48c2e4] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 mov dx, word [eax + (_stocks_on_map+4)] ; mov dx, word [eax + 0x496984] test dx, dx je near loc_00429fc5 ; je 0x429fc5 mov eax, edx and eax, 0xffff imul eax, eax, 0x34 mov esi, dword [ref_00498e7c] ; mov esi, dword [0x498e7c] add esi, eax movsx eax, word [ref_004991b6] ; movsx eax, word [0x4991b6] shl eax, 2 movsx edx, word [ref_004991b8] ; movsx edx, word [0x4991b8] add edx, eax mov eax, edx shl eax, 2 sub eax, edx xor ebx, ebx mov bl, byte [esi + 0x1a] mov bl, byte [ebx + eax*4 + (ref_00475530 - 1)] ; mov bl, byte [ebx + eax*4 + 0x47552f] and ebx, 0xff cmp ebx, 0xf jne short loc_00429ef6 ; jne 0x429ef6 xor eax, eax mov al, byte [esi + 0x19] sub eax, 3 add ebx, eax loc_00429ef6: cmp ebx, 0x18 jne short loc_00429f05 ; jne 0x429f05 xor eax, eax mov al, byte [esi + 0x19] sub eax, 2 add ebx, eax loc_00429f05: push 0x6b push 0x32 mov edx, dword [ref_0048c2dc] ; mov edx, dword [0x48c2dc] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 add edx, 0xc add eax, edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov edx, dword [esi + 0x28] push edx lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push 0x7b push 0x135 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov ecx, dword [ref_00499084] ; mov ecx, dword [0x499084] test ecx, ecx je short loc_00429f6d ; je 0x429f6d mov edx, dword [esi + 0x2c] mov eax, edx sar edx, 0x1f idiv ecx push eax jmp short loc_00429f71 ; jmp 0x429f71 loc_00429f6d: mov ebx, dword [esi + 0x2c] push ebx loc_00429f71: lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push 0xa2 push 0x135 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 cmp byte [esi + 0x18], 0 je short loc_00429fc5 ; je 0x429fc5 push 2 push 0xcb push 0x10d xor eax, eax mov al, byte [esi + 0x18] dec eax imul eax, eax, 0x68 mov ebp, dword [eax + (_players+0)] ; mov ebp, dword [eax + 0x496b68] push ebp push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 loc_00429fc5: xor edx, edx mov dl, byte [ref_0048c2e4] ; mov dl, byte [0x48c2e4] mov eax, edx shl eax, 3 add eax, edx push dword [eax*4 + (_stocks_on_map+20)] ; push dword [eax*4 + 0x496994] call fcn_00429691 ; call 0x429691 mov ebx, eax add esp, 4 mov edi, eax xor edx, edx mov dl, byte [ref_0048c2e4] ; mov dl, byte [0x48c2e4] mov eax, edx shl eax, 3 add eax, edx fld dword [eax*4 + (_stocks_on_map+20)] ; fld dword [eax*4 + 0x496994] sub esp, 8 fstp qword [esp] mov eax, dword [ebx*4 + ref_00475518] ; mov eax, dword [ebx*4 + 0x475518] push eax lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 6 push 0x7b push 0x1c5 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor edx, edx mov dl, byte [ref_0048c2e4] ; mov dl, byte [0x48c2e4] mov eax, edx shl eax, 3 add eax, edx fld dword [eax*4 + (_stocks_on_map+20)] ; fld dword [eax*4 + 0x496994] fsub dword [eax*4 + (_stocks_on_map+16)] ; fsub dword [eax*4 + 0x496990] fst dword [esp + 0xdc] sub esp, 8 fstp qword [esp] mov edx, dword [ebx*4 + ref_00475524] ; mov edx, dword [ebx*4 + 0x475524] push edx lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 6 push 0xa2 push 0x1c5 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor edx, edx mov dl, byte [ref_0048c2e4] ; mov dl, byte [0x48c2e4] mov eax, edx shl eax, 3 add eax, edx mov ax, word [eax*4 + (_stocks_on_map+10)] ; mov ax, word [eax*4 + 0x49698a] and eax, 0xffff push eax push ref_00464018 ; push 0x464018 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 6 push 0x7b push 0x24d lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor edx, edx mov dl, byte [ref_0048c2e4] ; mov dl, byte [0x48c2e4] mov eax, edx shl eax, 3 add eax, edx fld dword [esp + 0xdc] fdiv dword [eax*4 + (_stocks_on_map+16)] ; fdiv dword [eax*4 + 0x496990] fmul dword [ref_0046401c] ; fmul dword [0x46401c] fst dword [esp + 0xe4] sub esp, 8 fstp qword [esp] push ref_00463f64 ; push 0x463f64 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 6 push 0xa2 push 0x24d lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor esi, esi mov ebx, dword [ref_00499100] ; mov ebx, dword [0x499100] mov dword [esp + 0x104], esi xor edx, edx jmp short loc_0042a147 ; jmp 0x42a147 loc_0042a141: inc esi cmp esi, 6 jge short loc_0042a18d ; jge 0x42a18d loc_0042a147: dec ebx test ebx, ebx jge short loc_0042a151 ; jge 0x42a151 mov ebx, 0x8f loc_0042a151: xor ecx, ecx mov cl, byte [ref_0048c2e4] ; mov cl, byte [0x48c2e4] mov eax, ecx shl eax, 3 add ecx, eax shl ecx, 6 mov eax, ebx shl eax, 2 add eax, ecx test dword [eax + ref_00497328], 0x7fffffff ; test dword [eax + 0x497328], 0x7fffffff je short loc_0042a141 ; je 0x42a141 fld dword [esp + 0x104] fadd dword [eax + ref_00497328] ; fadd dword [eax + 0x497328] fstp dword [esp + 0x104] inc edx jmp short loc_0042a141 ; jmp 0x42a141 loc_0042a18d: mov dword [esp + 0x108], edx fild dword [esp + 0x108] fdivr dword [esp + 0x104] fst dword [esp + 0x104] sub esp, 8 fstp qword [esp] mov edx, dword [edi*4 + ref_00475518] ; mov edx, dword [edi*4 + 0x475518] push edx lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 6 push 0xcb push 0x1c5 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor esi, esi mov ebx, dword [ref_00499100] ; mov ebx, dword [0x499100] mov dword [esp + 0x104], esi xor edx, edx jmp short loc_0042a1f8 ; jmp 0x42a1f8 loc_0042a1f2: inc esi cmp esi, 0x18 jge short loc_0042a23e ; jge 0x42a23e loc_0042a1f8: dec ebx test ebx, ebx jge short loc_0042a202 ; jge 0x42a202 mov ebx, 0x8f loc_0042a202: xor ecx, ecx mov cl, byte [ref_0048c2e4] ; mov cl, byte [0x48c2e4] mov eax, ecx shl eax, 3 add eax, ecx shl eax, 6 mov ecx, ebx shl ecx, 2 add eax, ecx test dword [eax + ref_00497328], 0x7fffffff ; test dword [eax + 0x497328], 0x7fffffff je short loc_0042a1f2 ; je 0x42a1f2 fld dword [esp + 0x104] fadd dword [eax + ref_00497328] ; fadd dword [eax + 0x497328] fstp dword [esp + 0x104] inc edx jmp short loc_0042a1f2 ; jmp 0x42a1f2 loc_0042a23e: mov dword [esp + 0x108], edx fild dword [esp + 0x108] fdivr dword [esp + 0x104] fst dword [esp + 0x104] sub esp, 8 fstp qword [esp] mov edx, dword [edi*4 + ref_00475518] ; mov edx, dword [edi*4 + 0x475518] push edx lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 6 push 0xcb push 0x24d lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor esi, esi mov dword [esp + 0xf0], esi mov dword [esp + 0xf4], 0x461c4000 jmp short loc_0042a2b3 ; jmp 0x42a2b3 loc_0042a2a6: inc esi cmp esi, 0x90 jge near loc_0042a32f ; jge 0x42a32f loc_0042a2b3: xor edx, edx mov dl, byte [ref_0048c2e4] ; mov dl, byte [0x48c2e4] mov eax, edx shl eax, 3 add eax, edx shl eax, 6 mov ebx, esi shl ebx, 2 add ebx, eax mov ebp, dword [ebx + ref_00497328] ; mov ebp, dword [ebx + 0x497328] test ebp, 0x7fffffff je short loc_0042a2a6 ; je 0x42a2a6 fld dword [ebx + ref_00497328] ; fld dword [ebx + 0x497328] fcomp dword [esp + 0xf0] fnstsw ax sahf jbe short loc_0042a2f3 ; jbe 0x42a2f3 mov dword [esp + 0xf0], ebp loc_0042a2f3: xor eax, eax mov al, byte [ref_0048c2e4] ; mov al, byte [0x48c2e4] mov ebx, eax shl ebx, 3 add eax, ebx shl eax, 6 mov ebx, esi shl ebx, 2 add ebx, eax fld dword [ebx + ref_00497328] ; fld dword [ebx + 0x497328] fcomp dword [esp + 0xf4] fnstsw ax sahf jae short loc_0042a2a6 ; jae 0x42a2a6 mov eax, dword [ebx + ref_00497328] ; mov eax, dword [ebx + 0x497328] mov dword [esp + 0xf4], eax jmp near loc_0042a2a6 ; jmp 0x42a2a6 loc_0042a32f: fld dword [esp + 0xf0] sub esp, 8 fstp qword [esp] mov eax, dword [edi*4 + ref_00475518] ; mov eax, dword [edi*4 + 0x475518] push eax lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 6 push 0xf3 push 0x24d lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 fld dword [esp + 0xf4] sub esp, 8 fstp qword [esp] mov edx, dword [edi*4 + ref_00475518] ; mov edx, dword [edi*4 + 0x475518] push edx lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 6 push 0x11b push 0x24d lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] lea ecx, [esp + 0xd8] push ecx push eax call dword [edx + 0x44] ; ucall push 0 push 1 push 0 call dword [cs:__imp__CreatePen@12] ; ucall: call dword cs:[0x462290] push eax mov ecx, dword [esp + 0xdc] push ecx call dword [cs:__imp__SelectObject@8] ; ucall: call dword cs:[0x4622b4] push 0 push 0x16d push 0x19e mov ebx, dword [esp + 0xe4] push ebx call dword [cs:__imp__MoveToEx@16] ; ucall: call dword cs:[0x4622ac] push 0x174 push 0x19e mov esi, dword [esp + 0xe0] push esi call dword [cs:__imp__LineTo@12] ; ucall: call dword cs:[0x4622a8] push 0 push 0x16d push 0x24e mov ebp, dword [esp + 0xe4] push ebp call dword [cs:__imp__MoveToEx@16] ; ucall: call dword cs:[0x4622ac] push 0x174 push 0x24e mov eax, dword [esp + 0xe0] push eax call dword [cs:__imp__LineTo@12] ; ucall: call dword cs:[0x4622a8] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 5 xor eax, eax mov al, byte [ref_0048c2e4] ; mov al, byte [0x48c2e4] fild dword [edx + eax*8 + _player_stocks] ; fild dword [edx + eax*8 + 0x4971a0] fdiv dword [ref_00464020] ; fdiv dword [0x464020] fstp dword [esp + 0xe4] fldz fcomp dword [esp + 0xe4] fnstsw ax sahf jae near loc_0042a658 ; jae 0x42a658 cmp dword [esp + 0xe4], 0x3f800000 jge near loc_0042a658 ; jge 0x42a658 fld dword [esp + 0xe4] fmul qword [ref_00464024] ; fmul qword [0x464024] fsubr qword [ref_0046402c] ; fsubr qword [0x46402c] fst qword [esp + 0xd0] call fcn_0045844e ; call 0x45844e fld qword [esp + 0xd0] call fcn_00458458 ; call 0x458458 fstp qword [esp + 0xd0] fmul qword [ref_00464034] ; fmul qword [0x464034] fadd qword [ref_0046403c] ; fadd qword [0x46403c] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0xfc] fld qword [esp + 0xd0] fmul qword [ref_00464044] ; fmul qword [0x464044] fsubr qword [ref_0046404c] ; fsubr qword [0x46404c] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x100] push 0xd00000 call dword [cs:__imp__CreateSolidBrush@4] ; ucall: call dword cs:[0x462294] push eax mov ebx, dword [esp + 0xdc] push ebx call dword [cs:__imp__SelectObject@8] ; ucall: call dword cs:[0x4622b4] push 0x191 push 0x24f push 0x157 push 0x19e mov esi, dword [esp + 0xe8] push esi call dword [cs:__imp__Ellipse@20] ; ucall: call dword cs:[0x46229c] mov ebp, dword [esp + 0x100] push ebp mov eax, dword [esp + 0x100] push eax push 0x150 push 0x1f6 push 0x18a push 0x24f push 0x150 push 0x19e mov edx, dword [esp + 0xf8] push edx call dword [cs:__imp__Pie@36] ; ucall: call dword cs:[0x4622b0] push 0xd0 call dword [cs:__imp__CreateSolidBrush@4] ; ucall: call dword cs:[0x462294] push eax mov ecx, dword [esp + 0xdc] push ecx call dword [cs:__imp__SelectObject@8] ; ucall: call dword cs:[0x4622b4] push 0x150 push 0x1f6 mov ebx, ebp push ebp mov esi, dword [esp + 0x108] push esi push 0x18a push 0x24f push 0x150 push 0x19e mov ebp, dword [esp + 0xf8] push ebp call dword [cs:__imp__Pie@36] ; ucall: call dword cs:[0x4622b0] mov eax, ebx cmp eax, 0x16d jl short loc_0042a611 ; jl 0x42a611 push 0 push eax push esi mov ebx, dword [esp + 0xe4] push ebx call dword [cs:__imp__MoveToEx@16] ; ucall: call dword cs:[0x4622ac] mov eax, dword [esp + 0x100] add eax, 7 push eax push esi mov ebp, dword [esp + 0xe0] push ebp call dword [cs:__imp__LineTo@12] ; ucall: call dword cs:[0x4622a8] loc_0042a611: fld dword [esp + 0xe4] fcomp qword [ref_00464054] ; fcomp qword [0x464054] fnstsw ax sahf jbe near loc_0042a724 ; jbe 0x42a724 cmp dword [esp + 0xfc], 0x24d jge near loc_0042a724 ; jge 0x42a724 push 0 push 0x176 push 0x24d mov edx, dword [esp + 0xe4] push edx call dword [cs:__imp__FloodFill@16] ; ucall: call dword cs:[0x4622a0] jmp near loc_0042a724 ; jmp 0x42a724 loc_0042a658: test dword [esp + 0xe4], 0x7fffffff jne short loc_0042a6c2 ; jne 0x42a6c2 push 0xd00000 call dword [cs:__imp__CreateSolidBrush@4] ; ucall: call dword cs:[0x462294] push eax mov eax, dword [esp + 0xdc] push eax call dword [cs:__imp__SelectObject@8] ; ucall: call dword cs:[0x4622b4] push 0x191 push 0x24f push 0x157 push 0x19e mov edx, dword [esp + 0xe8] push edx call dword [cs:__imp__Ellipse@20] ; ucall: call dword cs:[0x46229c] push 0x18a push 0x24f push 0x150 push 0x19e mov ecx, dword [esp + 0xe8] push ecx jmp short loc_0042a71d ; jmp 0x42a71d loc_0042a6c2: push 0xd0 call dword [cs:__imp__CreateSolidBrush@4] ; ucall: call dword cs:[0x462294] push eax mov ebx, dword [esp + 0xdc] push ebx call dword [cs:__imp__SelectObject@8] ; ucall: call dword cs:[0x4622b4] push 0x191 push 0x24f push 0x157 push 0x19e mov esi, dword [esp + 0xe8] push esi call dword [cs:__imp__Ellipse@20] ; ucall: call dword cs:[0x46229c] push 0x18a push 0x24f push 0x150 push 0x19e mov ebp, dword [esp + 0xe8] push ebp loc_0042a71d: call dword [cs:__imp__Ellipse@20] ; ucall: call dword cs:[0x46229c] loc_0042a724: push 0xffffff push 1 push 0 call dword [cs:__imp__CreatePen@12] ; ucall: call dword cs:[0x462290] push eax mov ecx, dword [esp + 0xdc] push ecx call dword [cs:__imp__SelectObject@8] ; ucall: call dword cs:[0x4622b4] fld dword [esp + 0xf0] fadd dword [esp + 0xf4] fmul dword [ref_0046405c] ; fmul dword [0x46405c] fstp dword [esp + 0xec] fld dword [esp + 0xf0] fsub dword [esp + 0xf4] fst dword [esp + 0xe0] fdiv dword [esp + 0xec] fcomp qword [ref_00464064] ; fcomp qword [0x464064] fnstsw ax sahf jbe short loc_0042a795 ; jbe 0x42a795 fld dword [ref_0046407c] ; fld dword [0x46407c] fdiv dword [esp + 0xe0] jmp short loc_0042a7a8 ; jmp 0x42a7a8 loc_0042a795: fld dword [esp + 0xec] fmul qword [ref_0046406c] ; fmul qword [0x46406c] fdivr qword [ref_00464074] ; fdivr qword [0x464074] loc_0042a7a8: fstp dword [esp + 0xe8] xor edx, edx mov dl, byte [ref_0048c2e4] ; mov dl, byte [0x48c2e4] mov eax, edx shl eax, 3 add eax, edx shl eax, 6 mov edx, dword [ref_00499100] ; mov edx, dword [0x499100] test dword [eax + edx*4 + ref_00497328], 0x7fffffff ; test dword [eax + edx*4 + 0x497328], 0x7fffffff jne short loc_0042a7d8 ; jne 0x42a7d8 xor ebx, ebx jmp short loc_0042a7da ; jmp 0x42a7da loc_0042a7d8: mov ebx, edx loc_0042a7da: xor esi, esi mov dword [esp + 0xf8], 0x42b80000 jmp short loc_0042a834 ; jmp 0x42a834 loc_0042a7e9: mov ecx, dword [esp + 0x100] push ecx mov ebp, dword [esp + 0x100] push ebp mov eax, dword [esp + 0xe0] push eax call dword [cs:__imp__LineTo@12] ; ucall: call dword cs:[0x4622a8] loc_0042a808: inc ebx cmp ebx, 0x90 jne short loc_0042a813 ; jne 0x42a813 xor ebx, ebx loc_0042a813: inc esi fld dword [esp + 0xf8] fadd dword [ref_00464084] ; fadd dword [0x464084] fstp dword [esp + 0xf8] cmp esi, 0x90 jge near loc_0042a8bf ; jge 0x42a8bf loc_0042a834: xor edx, edx mov dl, byte [ref_0048c2e4] ; mov dl, byte [0x48c2e4] mov eax, edx shl eax, 3 add eax, edx shl eax, 6 mov edx, ebx shl edx, 2 add eax, edx test dword [eax + ref_00497328], 0x7fffffff ; test dword [eax + 0x497328], 0x7fffffff je short loc_0042a8bf ; je 0x42a8bf fld dword [esp + 0xf8] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0xfc] fld dword [eax + ref_00497328] ; fld dword [eax + 0x497328] fsub dword [esp + 0xec] fmul dword [esp + 0xe8] fsubr dword [ref_00464080] ; fsubr dword [0x464080] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x100] test esi, esi jne near loc_0042a7e9 ; jne 0x42a7e9 push esi mov edx, dword [esp + 0x104] push edx mov ecx, dword [esp + 0x104] push ecx mov ebp, dword [esp + 0xe4] push ebp call dword [cs:__imp__MoveToEx@16] ; ucall: call dword cs:[0x4622ac] jmp near loc_0042a808 ; jmp 0x42a808 loc_0042a8bf: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] mov ecx, dword [esp + 0xd8] push ecx push eax call dword [edx + 0x68] ; ucall push 1 push 1 push 0x101010 push 0xf0f0f0 push 0xc call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall fld dword [esp + 0xf0] fsub dword [esp + 0xec] fmul dword [esp + 0xe8] fsubr dword [ref_00464080] ; fsubr dword [0x464080] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x100] fld dword [esp + 0xf0] sub esp, 8 fstp qword [esp] mov ebx, dword [edi*4 + ref_00475518] ; mov ebx, dword [edi*4 + 0x475518] push ebx lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 6 mov eax, dword [esp + 0x104] sub eax, 8 push eax push 0x58 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 fld dword [esp + 0xf4] fsub dword [esp + 0xec] fmul dword [esp + 0xe8] fsubr dword [ref_00464080] ; fsubr dword [0x464080] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x100] fld dword [esp + 0xf4] sub esp, 8 fstp qword [esp] mov esi, dword [edi*4 + ref_00475518] ; mov esi, dword [edi*4 + 0x475518] push esi lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 6 mov eax, dword [esp + 0x104] add eax, 8 push eax push 0x58 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 1 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 0 mov edi, dword [esp + 0x128] push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_0042a9fb: xor eax, eax loc_0042a9fd: add esp, 0x10c jmp near loc_0042b3e4 ; jmp 0x42b3e4 loc_0042aa08: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0x34 push 0x1a mov ebx, dword [ref_0048c2e5] ; mov ebx, dword [0x48c2e5] push ebx call fcn_00451edb ; call 0x451edb add esp, 0xc push 0 call _Post_0402_Message ; call 0x401966 add esp, 4 jmp short loc_0042a9fb ; jmp 0x42a9fb loc_0042aa31: lea eax, [esp + 0x80] push eax mov eax, dword [esp + 0x124] push eax call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 0x88] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0x8c] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [esp + 0x98] push ebx mov esi, dword [esp + 0x98] push esi push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 0x88] push eax call fcn_00402250 ; call 0x402250 add esp, 4 lea eax, [esp + 0x80] push eax mov edi, dword [esp + 0x124] push edi call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_0042a9fb ; jmp 0x42a9fb loc_0042aab0: mov esi, dword [esp + 0x12c] push esi mov edi, dword [esp + 0x12c] push edi push eax mov ebp, dword [esp + 0x12c] push ebp call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_0042a9fd ; jmp 0x42a9fd endloc_0042aad5: db 0x8b db 0xc0 ref_0042aad7: ; may contain a jump table dd loc_0042adf3 dd loc_0042adde dd loc_0042adde dd loc_0042adde dd loc_0042ae26 ref_0042aaeb: ; may contain a jump table dd loc_0042aec4 dd loc_0042aee4 dd loc_0042afff dd loc_0042b0b7 dd loc_0042b0c2 fcn_0042aaff: push ebx push esi push edi push ebp sub esp, 0x54 mov esi, dword [esp + 0x68] mov eax, dword [esp + 0x6c] mov edx, dword [esp + 0x74] cmp eax, 0x202 jb short loc_0042ab59 ; jb 0x42ab59 jbe near loc_0042ae8d ; jbe 0x42ae8d cmp eax, 0x205 jb short loc_0042ab49 ; jb 0x42ab49 jbe near loc_0042b22f ; jbe 0x42b22f cmp eax, 0x401 jb near loc_0042b2d8 ; jb 0x42b2d8 jbe short loc_0042ab75 ; jbe 0x42ab75 cmp eax, 0x40b je near loc_0042b203 ; je 0x42b203 jmp near loc_0042b2d8 ; jmp 0x42b2d8 loc_0042ab49: cmp eax, 0x203 je near loc_0042ad6c ; je 0x42ad6c jmp near loc_0042b2d8 ; jmp 0x42b2d8 loc_0042ab59: cmp eax, 0x200 jb short loc_0042ab67 ; jb 0x42ab67 jbe short loc_0042abbb ; jbe 0x42abbb jmp near loc_0042ad6c ; jmp 0x42ad6c loc_0042ab67: cmp eax, 0xf je near loc_0042b27a ; je 0x42b27a jmp near loc_0042b2d8 ; jmp 0x42b2d8 loc_0042ab75: xor ah, ah mov byte [ref_0048c2e9], ah ; mov byte [0x48c2e9], ah mov byte [ref_0048c2ea], ah ; mov byte [0x48c2ea], ah mov byte [ref_0048c2eb], ah ; mov byte [0x48c2eb], ah mov byte [ref_0048c2ec], ah ; mov byte [0x48c2ec], ah mov byte [ref_0048c2ed], dl ; mov byte [0x48c2ed], dl push 0 call fcn_004297f7 ; call 0x4297f7 add esp, 4 xor eax, eax mov al, byte [ref_0048c2eb] ; mov al, byte [0x48c2eb] push eax call fcn_004296c1 ; call 0x4296c1 add esp, 4 push 1 call fcn_00402460 ; call 0x402460 jmp near loc_0042b1ef ; jmp 0x42b1ef loc_0042abbb: cmp byte [ref_0048c2ed], 0 ; cmp byte [0x48c2ed], 0 je near loc_0042acfb ; je 0x42acfb xor ecx, ecx mov cx, dx mov eax, edx shr eax, 0x10 and eax, 0xffff xor edx, edx mov dx, ax cmp ecx, 0xf jle near loc_0042ad05 ; jle 0x42ad05 cmp ecx, 0x271 jge near loc_0042ad05 ; jge 0x42ad05 cmp edx, 0x50 jle near loc_0042ad05 ; jle 0x42ad05 cmp edx, 0x1d0 jge near loc_0042ad05 ; jge 0x42ad05 sub edx, 0x50 mov eax, edx sar edx, 0x1f shl edx, 5 sbb eax, edx sar eax, 5 lea ebx, [eax + 1] mov edi, 0xf mov dword [esp + 0x40], edi mov dword [esp + 0x48], 0x271 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 push 1 mov edx, ref_0048a068 ; mov edx, 0x48a068 push edx push 0 mov edx, dword [ref_0048a0e0] ; mov edx, dword [0x48a0e0] push edx call dword [eax + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax cmp byte [ref_0048c2ea], 0 ; cmp byte [0x48c2ea], 0 je short loc_0042ac9e ; je 0x42ac9e xor eax, eax mov al, byte [ref_0048c2ea] ; mov al, byte [0x48c2ea] shl eax, 5 add eax, 0x30 mov dword [esp + 0x44], eax add eax, 0x20 mov dword [esp + 0x4c], eax push 0 push 0x20 push 0x262 mov ecx, dword [esp + 0x50] push ecx push edi mov eax, ref_0046caec ; mov eax, 0x46caec push eax call fcn_0045620f ; call 0x45620f add esp, 0x18 push 0 lea eax, [esp + 0x44] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_0042ac9e: mov eax, ebx shl eax, 5 lea edx, [eax + 0x30] mov dword [esp + 0x44], edx add eax, 0x50 mov dword [esp + 0x4c], eax push 0xffffff push 0x20 push 0x262 push edx push 0xf push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 push 0 lea eax, [esp + 0x44] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov byte [ref_0048c2ea], bl ; mov byte [0x48c2ea], bl add bl, 0xa mov byte [ref_0048c2e9], bl ; mov byte [0x48c2e9], bl loc_0042acfb: xor eax, eax loc_0042acfd: add esp, 0x54 jmp near loc_0042b3e4 ; jmp 0x42b3e4 loc_0042ad05: mov cl, byte [ref_0048c2ea] ; mov cl, byte [0x48c2ea] test cl, cl je short loc_0042ad5c ; je 0x42ad5c mov dword [esp + 0x40], 0xf mov dword [esp + 0x48], 0x271 xor eax, eax mov al, cl shl eax, 5 lea edx, [eax + 0x30] mov dword [esp + 0x44], edx add eax, 0x50 mov dword [esp + 0x4c], eax push 0 push 0x20 push 0x262 push edx push 0xf push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 push 0 lea eax, [esp + 0x44] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_0042ad5c: xor ch, ch mov byte [ref_0048c2e9], ch ; mov byte [0x48c2e9], ch mov byte [ref_0048c2ea], ch ; mov byte [0x48c2ea], ch jmp short loc_0042acfb ; jmp 0x42acfb loc_0042ad6c: xor ecx, ecx mov cx, dx mov eax, edx shr eax, 0x10 and eax, 0xffff xor edx, edx mov dx, ax cmp edx, 0x27 jge near loc_0042ae2c ; jge 0x42ae2c xor ebx, ebx jmp short loc_0042ad93 ; jmp 0x42ad93 loc_0042ad8d: inc ebx cmp ebx, 5 jge short loc_0042adc0 ; jge 0x42adc0 loc_0042ad93: mov eax, ebx shl eax, 4 cmp ecx, dword [eax + ref_004754c8] ; cmp ecx, dword [eax + 0x4754c8] jle short loc_0042ad8d ; jle 0x42ad8d cmp ecx, dword [eax + ref_004754d0] ; cmp ecx, dword [eax + 0x4754d0] jge short loc_0042ad8d ; jge 0x42ad8d cmp edx, dword [eax + ref_004754cc] ; cmp edx, dword [eax + 0x4754cc] jle short loc_0042ad8d ; jle 0x42ad8d cmp edx, dword [eax + ref_004754d4] ; cmp edx, dword [eax + 0x4754d4] jge short loc_0042ad8d ; jge 0x42ad8d inc bl mov byte [ref_0048c2e9], bl ; mov byte [0x48c2e9], bl loc_0042adc0: mov dl, byte [ref_0048c2e9] ; mov dl, byte [0x48c2e9] mov al, dl dec al cmp al, 4 ja near loc_0042acfb ; ja 0x42acfb and eax, 0xff jmp dword [eax*4 + ref_0042aad7] ; ujmp: jmp dword [eax*4 + 0x42aad7] loc_0042adde: mov dl, byte [ref_0048c2eb] ; mov dl, byte [0x48c2eb] test dl, dl jne short loc_0042adf3 ; jne 0x42adf3 mov byte [ref_0048c2e9], dl ; mov byte [0x48c2e9], dl jmp near loc_0042acfb ; jmp 0x42acfb loc_0042adf3: cmp byte [ref_0048c2ed], 0 ; cmp byte [0x48c2ed], 0 jne short loc_0042ae19 ; jne 0x42ae19 xor eax, eax mov al, byte [ref_0048c2e9] ; mov al, byte [0x48c2e9] loc_0042ae03: shl eax, 4 sub eax, 0x10 add eax, ref_004754c8 ; add eax, 0x4754c8 push eax call fcn_00451b9e ; call 0x451b9e jmp near loc_0042b19c ; jmp 0x42b19c loc_0042ae19: xor bh, bh mov byte [ref_0048c2e9], bh ; mov byte [0x48c2e9], bh jmp near loc_0042acfb ; jmp 0x42acfb loc_0042ae26: xor eax, eax mov al, dl jmp short loc_0042ae03 ; jmp 0x42ae03 loc_0042ae2c: cmp ecx, 0xf jle near loc_0042acfb ; jle 0x42acfb cmp ecx, 0x271 jge near loc_0042acfb ; jge 0x42acfb cmp edx, 0x50 jle near loc_0042acfb ; jle 0x42acfb cmp edx, 0x1d0 jge near loc_0042acfb ; jge 0x42acfb cmp byte [ref_0048c2ec], 0 ; cmp byte [0x48c2ec], 0 jne near loc_0042acfb ; jne 0x42acfb cmp byte [ref_0048c2ed], 0 ; cmp byte [0x48c2ed], 0 jne near loc_0042acfb ; jne 0x42acfb sub edx, 0x50 mov eax, edx sar edx, 0x1f shl edx, 5 sbb eax, edx sar eax, 5 add eax, 0xb loc_0042ae83: mov byte [ref_0048c2e9], al ; mov byte [0x48c2e9], al jmp near loc_0042acfb ; jmp 0x42acfb loc_0042ae8d: mov ah, byte [ref_0048c2e9] ; mov ah, byte [0x48c2e9] test ah, ah je near loc_0042acfb ; je 0x42acfb cmp ah, 0xa jae near loc_0042b0da ; jae 0x42b0da call fcn_00451d4e ; call 0x451d4e mov al, byte [ref_0048c2e9] ; mov al, byte [0x48c2e9] dec al cmp al, 4 ja near loc_0042b0d3 ; ja 0x42b0d3 and eax, 0xff jmp dword [eax*4 + ref_0042aaeb] ; ujmp: jmp dword [eax*4 + 0x42aaeb] loc_0042aec4: mov cl, byte [ref_0048c2ec] ; mov cl, byte [0x48c2ec] xor cl, 1 mov byte [ref_0048c2ec], cl ; mov byte [0x48c2ec], cl xor ch, ch mov byte [ref_0048c2eb], ch ; mov byte [0x48c2eb], ch xor eax, eax mov al, cl jmp near loc_0042afd5 ; jmp 0x42afd5 loc_0042aee4: xor edx, edx mov dl, byte [ref_0048c2eb] ; mov dl, byte [0x48c2eb] dec edx mov eax, edx shl eax, 3 add eax, edx cmp byte [eax*4 + (_stocks_on_map+6)], 0 ; cmp byte [eax*4 + 0x496986], 0 jne near loc_0042b0d3 ; jne 0x42b0d3 xor eax, eax mov al, byte [ref_0048c2eb] ; mov al, byte [0x48c2eb] dec eax push eax call fcn_004295ea ; call 0x4295ea add esp, 4 cmp eax, 1 jne short loc_0042af30 ; jne 0x42af30 push 0x800003e8 mov eax, ref_00464088 ; mov eax, 0x464088 loc_0042af22: push eax call fcn_00440cac ; call 0x440cac add esp, 8 jmp near loc_0042b0d3 ; jmp 0x42b0d3 loc_0042af30: xor eax, eax mov al, byte [ref_0048c2eb] ; mov al, byte [0x48c2eb] lea edx, [eax - 1] mov eax, edx shl eax, 3 add eax, edx xor ecx, ecx mov cx, word [eax*4 + (_stocks_on_map+10)] ; mov cx, word [eax*4 + 0x49698a] xor eax, eax mov al, byte [ref_0048c2eb] ; mov al, byte [0x48c2eb] lea edx, [eax - 1] mov eax, edx shl eax, 3 add edx, eax shl edx, 2 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 fild dword [eax + (_players+32)] ; fild dword [eax + 0x496b88] fdiv dword [edx + (_stocks_on_map+20)] ; fdiv dword [edx + 0x496994] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x50] mov edi, dword [esp + 0x50] cmp ecx, edi jge short loc_0042af87 ; jge 0x42af87 mov eax, ecx jmp short loc_0042af89 ; jmp 0x42af89 loc_0042af87: mov eax, edi loc_0042af89: test eax, eax je near loc_0042b0d3 ; je 0x42b0d3 push eax call fcn_00453544 ; call 0x453544 mov ebx, eax add esp, 4 test eax, eax je near loc_0042b0d3 ; je 0x42b0d3 push 0 push ref_00475590 ; push 0x475590 call fcn_004542ce ; call 0x4542ce add esp, 8 push 1 push ebx xor eax, eax mov al, byte [ref_0048c2eb] ; mov al, byte [0x48c2eb] dec eax push eax mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp call fcn_00428d2a ; call 0x428d2a loc_0042afcb: add esp, 0x10 xor eax, eax mov al, byte [ref_0048c2ec] ; mov al, byte [0x48c2ec] loc_0042afd5: push eax call fcn_004297f7 ; call 0x4297f7 add esp, 4 xor eax, eax mov al, byte [ref_0048c2eb] ; mov al, byte [0x48c2eb] push eax call fcn_004296c1 ; call 0x4296c1 add esp, 4 push 0 push 0 push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_0042b0d3 ; jmp 0x42b0d3 loc_0042afff: xor edx, edx mov dl, byte [ref_0048c2eb] ; mov dl, byte [0x48c2eb] mov ebx, edx mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] mov eax, ecx shl eax, 2 sub eax, ecx shl eax, 5 cmp dword [eax + ebx*8 + ref_00497198], 0 ; cmp dword [eax + ebx*8 + 0x497198], 0 je near loc_0042b0d3 ; je 0x42b0d3 dec edx mov eax, edx shl eax, 3 add eax, edx cmp byte [eax*4 + (_stocks_on_map+6)], 0 ; cmp byte [eax*4 + 0x496986], 0 jne near loc_0042b0d3 ; jne 0x42b0d3 push edx call fcn_004295ea ; call 0x4295ea add esp, 4 cmp eax, 3 jne short loc_0042b05a ; jne 0x42b05a push 0x800003e8 mov eax, ref_00464097 ; mov eax, 0x464097 jmp near loc_0042af22 ; jmp 0x42af22 loc_0042b05a: xor eax, eax mov al, byte [ref_0048c2eb] ; mov al, byte [0x48c2eb] mov ecx, eax shl ecx, 3 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 sub eax, edx shl eax, 5 mov ebp, dword [ecx + eax + ref_00497198] ; mov ebp, dword [ecx + eax + 0x497198] push ebp call fcn_00453544 ; call 0x453544 mov ebx, eax add esp, 4 test eax, eax je short loc_0042b0d3 ; je 0x42b0d3 push 0 push ref_00475598 ; push 0x475598 call fcn_004542ce ; call 0x4542ce add esp, 8 push 1 push ebx xor eax, eax mov al, byte [ref_0048c2eb] ; mov al, byte [0x48c2eb] dec eax push eax mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_00428e23 ; call 0x428e23 jmp near loc_0042afcb ; jmp 0x42afcb loc_0042b0b7: push 0 push 0 push 0x40b jmp short loc_0042b0cb ; jmp 0x42b0cb loc_0042b0c2: push 0 push 0 push 0x205 loc_0042b0cb: push esi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] loc_0042b0d3: xor al, al jmp near loc_0042ae83 ; jmp 0x42ae83 loc_0042b0da: cmp byte [ref_0048c2ed], 0 ; cmp byte [0x48c2ed], 0 je near loc_0042b1a4 ; je 0x42b1a4 mov al, ah sub al, 0xa mov byte [ref_0048c2eb], al ; mov byte [0x48c2eb], al push 0 call fcn_00402460 ; call 0x402460 add esp, 4 cmp byte [ref_0048c2ed], 1 ; cmp byte [0x48c2ed], 1 jne short loc_0042b11e ; jne 0x42b11e xor eax, eax mov al, byte [ref_0048c2eb] ; mov al, byte [0x48c2eb] lea edx, [eax - 1] mov eax, edx shl eax, 3 add eax, edx mov byte [eax*4 + (_stocks_on_map+7)], 0x20 ; mov byte [eax*4 + 0x496987], 0x20 jmp short loc_0042b137 ; jmp 0x42b137 loc_0042b11e: xor eax, eax mov al, byte [ref_0048c2eb] ; mov al, byte [0x48c2eb] lea edx, [eax - 1] mov eax, edx shl eax, 3 add eax, edx mov byte [eax*4 + (_stocks_on_map+7)], 2 ; mov byte [eax*4 + 0x496987], 2 loc_0042b137: xor eax, eax mov al, byte [ref_0048c2eb] ; mov al, byte [0x48c2eb] push eax call fcn_00429040 ; call 0x429040 add esp, 4 push 0 call fcn_004297f7 ; call 0x4297f7 add esp, 4 push 0 call fcn_004296c1 ; call 0x4296c1 add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 push ref_0046cadc ; push 0x46cadc mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [ref_0046cae0] ; mov ebx, dword [0x46cae0] push ebx mov esi, dword [ref_0046cadc] ; mov esi, dword [0x46cadc] push esi push eax call dword [edx + 0x1c] ; ucall push 0x3e8 call fcn_0045285e ; call 0x45285e add esp, 4 xor eax, eax mov al, byte [ref_0048c2eb] ; mov al, byte [0x48c2eb] push eax loc_0042b197: call _Post_0402_Message ; call 0x401966 loc_0042b19c: add esp, 4 jmp near loc_0042acfb ; jmp 0x42acfb loc_0042b1a4: mov bl, byte [ref_0048c2eb] ; mov bl, byte [0x48c2eb] test bl, bl je short loc_0042b1d6 ; je 0x42b1d6 xor eax, eax mov al, byte [ref_0048c2e9] ; mov al, byte [0x48c2e9] xor edx, edx mov dl, bl sub eax, 0xa cmp edx, eax jne short loc_0042b1d6 ; jne 0x42b1d6 push 0 push 0 push 0x40b push esi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] jmp near loc_0042acfb ; jmp 0x42acfb loc_0042b1d6: mov al, byte [ref_0048c2e9] ; mov al, byte [0x48c2e9] sub al, 0xa mov byte [ref_0048c2eb], al ; mov byte [0x48c2eb], al loc_0042b1e2: xor eax, eax mov al, byte [ref_0048c2eb] ; mov al, byte [0x48c2eb] push eax call fcn_004296c1 ; call 0x4296c1 loc_0042b1ef: add esp, 4 push 0 push 0 push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_0042acfb ; jmp 0x42acfb loc_0042b203: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 xor eax, eax mov al, byte [ref_0048c2eb] ; mov al, byte [0x48c2eb] dec eax push eax push fcn_00429d65 ; push 0x429d65 call _Wait_0402_Message ; call 0x4018e7 add esp, 8 push 1 call fcn_00402460 ; call 0x402460 jmp near loc_0042b19c ; jmp 0x42b19c loc_0042b22f: mov cl, byte [ref_0048c2ec] ; mov cl, byte [0x48c2ec] test cl, cl je short loc_0042b25a ; je 0x42b25a mov ch, cl xor ch, 1 mov byte [ref_0048c2ec], ch ; mov byte [0x48c2ec], ch xor al, al mov byte [ref_0048c2eb], al ; mov byte [0x48c2eb], al xor eax, eax mov al, ch push eax call fcn_004297f7 ; call 0x4297f7 add esp, 4 jmp short loc_0042b1e2 ; jmp 0x42b1e2 loc_0042b25a: push 0 push ref_00482332 ; push 0x482332 call fcn_004542ce ; call 0x4542ce add esp, 8 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 jmp near loc_0042b197 ; jmp 0x42b197 loc_0042b27a: mov eax, esp push eax push esi call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov eax, dword [eax] push 0x10 lea edx, [esp + 0xc] push edx mov edx, dword [ref_0048a0e0] ; mov edx, dword [0x48a0e0] push edx mov ecx, dword [esp + 0x18] push ecx mov ebx, dword [esp + 0x18] push ebx mov edi, dword [ref_0048a0dc] ; mov edi, dword [0x48a0dc] push edi call dword [eax + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push esi call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_0042acfb ; jmp 0x42acfb loc_0042b2d8: push edx mov ebp, dword [esp + 0x74] push ebp push eax push esi call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_0042acfd ; jmp 0x42acfd fcn_0042b2ec: push ebx push esi push edi push ebp sub esp, 0x40 mov ebx, dword [esp + 0x54] mov eax, dword [esp + 0x58] cmp eax, 0x202 jb short loc_0042b321 ; jb 0x42b321 jbe near loc_0042b385 ; jbe 0x42b385 cmp eax, 0x205 jb near loc_0042b3ce ; jb 0x42b3ce jbe short loc_0042b385 ; jbe 0x42b385 cmp eax, 0x401 je short loc_0042b32b ; je 0x42b32b jmp near loc_0042b3ce ; jmp 0x42b3ce loc_0042b321: cmp eax, 0xf je short loc_0042b391 ; je 0x42b391 jmp near loc_0042b3ce ; jmp 0x42b3ce loc_0042b32b: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0 push 0 mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 call fcn_004296c1 ; call 0x4296c1 add esp, 4 push 0 push 0 push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp short loc_0042b3ca ; jmp 0x42b3ca loc_0042b385: push 0 call _Post_0402_Message ; call 0x401966 add esp, 4 jmp short loc_0042b3ca ; jmp 0x42b3ca loc_0042b391: mov eax, esp push eax push ebx call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0xc] push ecx mov edi, dword [ref_0048a0e0] ; mov edi, dword [0x48a0e0] push edi mov ebp, dword [esp + 0x18] push ebp mov ecx, dword [esp + 0x18] push ecx push eax call dword [edx + 0x1c] ; ucall mov eax, esp push eax push ebx call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] loc_0042b3ca: xor eax, eax jmp short loc_0042b3e1 ; jmp 0x42b3e1 loc_0042b3ce: mov ecx, dword [esp + 0x60] push ecx mov esi, dword [esp + 0x60] push esi loc_0042b3d8: push eax push ebx call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] loc_0042b3e1: add esp, 0x40 loc_0042b3e4: pop ebp pop edi pop esi pop ebx ret 0x10 fcn_0042b3eb: push ebx push esi push edi push ebp sub esp, 0x40 mov ebx, dword [esp + 0x54] mov eax, dword [esp + 0x58] cmp eax, 0x202 jb short loc_0042b424 ; jb 0x42b424 jbe near loc_0042b524 ; jbe 0x42b524 cmp eax, 0x205 jb near loc_0042b580 ; jb 0x42b580 jbe near loc_0042b524 ; jbe 0x42b524 cmp eax, 0x401 je short loc_0042b443 ; je 0x42b443 jmp near loc_0042b580 ; jmp 0x42b580 loc_0042b424: cmp eax, 0xf jb near loc_0042b580 ; jb 0x42b580 jbe near loc_0042b542 ; jbe 0x42b542 cmp eax, 0x113 je near loc_0042b4db ; je 0x42b4db jmp near loc_0042b580 ; jmp 0x42b580 loc_0042b443: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x96000 push 0 mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call memset ; call 0x456f60 add esp, 0xc push 0x18 push 0x18 mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0xc push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push 0x3e8 mov esi, dword [_callbackSize] ; mov esi, dword [0x46cad8] push esi push ebx call dword [cs:__imp__SetTimer@16] ; ucall: call dword cs:[0x462324] mov dword [ref_0048c2ee], eax ; mov dword [0x48c2ee], eax xor edi, edi mov dword [ref_0048c2f2], edi ; mov dword [0x48c2f2], edi push edi push edi push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push edi push ref_004755a8 ; push 0x4755a8 call fcn_004542ce ; call 0x4542ce add esp, 8 jmp near loc_0042b3ca ; jmp 0x42b3ca loc_0042b4db: cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je near loc_0042b3ca ; je 0x42b3ca mov eax, dword [esp + 0x5c] cmp eax, dword [_callbackSize] ; cmp eax, dword [0x46cad8] jne near loc_0042b3ca ; jne 0x42b3ca mov ecx, dword [ref_0048c2f2] ; mov ecx, dword [0x48c2f2] inc ecx mov dword [ref_0048c2f2], ecx ; mov dword [0x48c2f2], ecx cmp ecx, 3 jne near loc_0042b3ca ; jne 0x42b3ca push 0 push 0 push 0x202 push ebx call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] jmp near loc_0042b3ca ; jmp 0x42b3ca loc_0042b524: mov ebp, dword [ref_0048c2ee] ; mov ebp, dword [0x48c2ee] push ebp push ebx call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] push 0 call _Post_0402_Message ; call 0x401966 add esp, 4 jmp near loc_0042b3ca ; jmp 0x42b3ca loc_0042b542: mov eax, esp push eax push ebx call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0xc] push ecx mov edi, dword [ref_0048a0e0] ; mov edi, dword [0x48a0e0] push edi mov ebp, dword [esp + 0x18] push ebp mov ecx, dword [esp + 0x18] push ecx push eax call dword [edx + 0x1c] ; ucall mov eax, esp push eax push ebx call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_0042b3ca ; jmp 0x42b3ca loc_0042b580: mov esi, dword [esp + 0x60] push esi mov edi, dword [esp + 0x60] push edi jmp near loc_0042b3d8 ; jmp 0x42b3d8 stocks_ui: push ebx push esi push edi push ebp push 0 push 0 push 0x4b mov edx, dword [ref_0048a05c] ; mov edx, dword [0x48a05c] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c2dc], eax ; mov dword [0x48c2dc], eax push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0x18 push 0x46 push ref_004640a6 ; push 0x4640a6 mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x18 push 0x46 push ref_004640b1 ; push 0x4640b1 mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x40 push 0x4c push ref_004640ba ; push 0x4640ba mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x40 push 0xbc push ref_004640c3 ; push 0x4640c3 mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x40 push 0x118 push ref_004640ca ; push 0x4640ca mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x40 push 0x170 push ref_004640cf ; push 0x4640cf mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x40 push 0x1d4 push ref_004640d6 ; push 0x4640d6 mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x40 push 0x23c push ref_004640df ; push 0x4640df mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 call fcn_00428d01 ; call 0x428d01 cmp eax, 1 jne near loc_0042b745 ; jne 0x42b745 push eax push 2 push 0 push 0x101010 push 0x48 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0xf4 push 0x144 push ref_004640e8 ; push 0x4640e8 mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 1 push 2 push 0 push 0xf0f0f0 push 0x48 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0xf0 push 0x140 push ref_004640e8 ; push 0x4640e8 mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push fcn_0042b2ec ; push 0x42b2ec call _Wait_0402_Message ; call 0x4018e7 add esp, 8 mov ebx, eax jmp near loc_0042ba6d ; jmp 0x42ba6d loc_0042b745: push ref_00475590 ; push 0x475590 call fcn_00454176 ; call 0x454176 add esp, 4 xor ebx, ebx mov edi, 0x60 jmp short loc_0042b7a9 ; jmp 0x42b7a9 loc_0042b75b: push 2 push edi push 0x4c mov eax, ebx shl eax, 3 lea esi, [ebx + eax] shl esi, 2 mov ecx, dword [esi + (_stocks_on_map+0)] ; mov ecx, dword [esi + 0x496980] push ecx mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push edi push 0x47 mov ebp, dword [esi + (_stocks_on_map+0)] ; mov ebp, dword [esi + 0x496980] push ebp mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx add edi, 0x20 cmp ebx, 0xc jge short loc_0042b7e5 ; jge 0x42b7e5 loc_0042b7a9: mov eax, ebx shl eax, 3 add eax, ebx cmp word [eax*4 + (_stocks_on_map+4)], 0 ; cmp word [eax*4 + 0x496984], 0 je short loc_0042b7d5 ; je 0x42b7d5 push 1 push 3 push 0x101010 push 0xf0f0 loc_0042b7c9: push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 jmp short loc_0042b75b ; jmp 0x42b75b loc_0042b7d5: push 1 push 3 push 0x101010 push 0xf0f0f0 jmp short loc_0042b7c9 ; jmp 0x42b7c9 loc_0042b7e5: push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0x40 push 0x47 push ref_004640ba ; push 0x4640ba mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor ebx, ebx mov esi, 0xa8 loc_0042b820: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_0042b84e ; jge 0x42b84e push 2 push 0x40 push esi imul eax, ebx, 0x68 mov ecx, dword [eax + (_players+0)] ; mov ecx, dword [eax + 0x496b68] push ecx mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx add esi, 0x50 jmp short loc_0042b820 ; jmp 0x42b820 loc_0042b84e: push 2 push 0x40 push 0x1ec push ref_004640f1 ; push 0x4640f1 mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x40 push 0x244 push ref_004640fa ; push 0x4640fa mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 6 push 0x47 push 0xba push ref_00464103 ; push 0x464103 mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0x24 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 6 push 0x6e push 0xba push ref_0046410c ; push 0x46410c mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0x24 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 6 push 0x97 push 0xba push ref_00464115 ; push 0x464115 mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0x24 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 6 push 0x47 push 0x171 push ref_004640c3 ; push 0x4640c3 mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0x24 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 6 push 0x6e push 0x171 push ref_0046411e ; push 0x46411e mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0x24 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 6 push 0x97 push 0x171 push ref_00464125 ; push 0x464125 mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0x24 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 6 push 0x47 push 0x1f9 push ref_004640cf ; push 0x4640cf mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0x24 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 6 push 0x6e push 0x1f9 push ref_0046412c ; push 0x46412c mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0x24 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 6 push 0x97 push 0x1f9 push ref_00464133 ; push 0x464133 mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0x24 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 6 push 0xbf push 0x1f9 push ref_0046413a ; push 0x46413a mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0x24 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 6 push 0xe7 push 0x1f9 push ref_00464143 ; push 0x464143 mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0x24 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 1 push 1 push 0x101010 push 0xf0f0f0 push 0xc call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0xc4 push 0xd2 push ref_0046414c ; push 0x46414c mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0x24 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x10a push 0x1dc push ref_0046415f ; push 0x46415f mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0x24 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov edx, dword [esp + 0x14] push edx push fcn_0042aaff ; push 0x42aaff call _Wait_0402_Message ; call 0x4018e7 add esp, 8 mov ebx, eax push ref_00475590 ; push 0x475590 call fcn_00454240 ; call 0x454240 add esp, 4 loc_0042ba6d: mov esi, dword [ref_0048c2dc] ; mov esi, dword [0x48c2dc] push esi call clib_free ; call 0x456e11 add esp, 4 push 1 call fcn_0041906a ; call 0x41906a add esp, 4 push 0 call fcn_00436b0a ; call 0x436b0a add esp, 4 mov eax, ebx pop ebp pop edi pop esi pop ebx ret fcn_0042ba97: push ebx push esi push edi push ebp sub esp, 0xb4 push ref_004755a8 ; push 0x4755a8 call fcn_00454176 ; call 0x454176 add esp, 4 push 0 push 0 push 0x4c mov edx, dword [ref_0048a05c] ; mov edx, dword [0x48a05c] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c2dc], eax ; mov dword [0x48c2dc], eax push 0x10 push 0 lea eax, [esp + 0x98] push eax call memset ; call 0x456f60 add esp, 0xc push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x1c call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0x19 push 0x128 push ref_00464168 ; push 0x464168 mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 1 push 2 push 0 push 0x101010 push 0xc call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 6 push 0x52 push 0x68 push ref_00464175 ; push 0x464175 mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 5 push 0x5e push 0x12 push ref_0046417a ; push 0x46417a mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 1 push 2 push 0 push 0x101010 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor ebx, ebx mov edi, 0xa0 loc_0042bb7c: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_0042bbb3 ; jge 0x42bbb3 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_0042bbb0 ; je 0x42bbb0 push 2 push 0x58 push edi mov ebp, dword [eax + (_players+0)] ; mov ebp, dword [eax + 0x496b68] push ebp mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 add edi, 0x62 loc_0042bbb0: inc ebx jmp short loc_0042bb7c ; jmp 0x42bb7c loc_0042bbb3: push 2 push 0x58 push 0x21e push ref_00464103 ; push 0x464103 mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x194 push 0x3e push ref_0046417f ; push 0x46417f mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor ebx, ebx mov dword [esp + 0xac], ebx mov dword [esp + 0xa8], 0x74 jmp near loc_0042bd61 ; jmp 0x42bd61 loc_0042bc0a: xor ebx, ebx loc_0042bc0c: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_0042bc6e ; jge 0x42bc6e imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_0042bc6b ; je 0x42bc6b mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 5 mov esi, dword [esp + 0xac] shl esi, 3 add esi, eax mov eax, ebx shl eax, 2 mov edi, dword [esi + _player_stocks] ; mov edi, dword [esi + 0x4971a0] test edi, edi je short loc_0042bc64 ; je 0x42bc64 fild dword [esi + _player_stocks] ; fild dword [esi + 0x4971a0] mov dword [esp + 0xb0], ebp fild dword [esp + 0xb0] fdivp st1 ; fdivp st(1) fstp dword [esp + eax + 0x80] jmp short loc_0042bc6b ; jmp 0x42bc6b loc_0042bc64: mov dword [esp + eax + 0x80], edi loc_0042bc6b: inc ebx jmp short loc_0042bc0c ; jmp 0x42bc0c loc_0042bc6e: xor ebx, ebx mov edi, 0xc6 loc_0042bc75: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_0042bcf0 ; jge 0x42bcf0 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_0042bced ; je 0x42bced mov eax, dword [esp + 0xa4] fild dword [eax + 0x28] fmul dword [esp + ebx*4 + 0x80] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0xa0] mov eax, dword [esp + 0xa0] push eax lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 mov edx, dword [esp + 0xac] push edx push edi lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [esp + 0xa0] add dword [esp + ebx*4 + 0x90], eax add edi, 0x62 loc_0042bced: inc ebx jmp short loc_0042bc75 ; jmp 0x42bc75 loc_0042bcf0: mov eax, dword [esp + 0xa4] mov ebx, dword [eax + 0x28] push ebx lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 mov esi, dword [esp + 0xac] push esi push 0x23c lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 lea edi, [esi + 0x18] mov dword [esp + 0xa8], edi test ebp, ebp je short loc_0042bd49 ; je 0x42bd49 mov eax, dword [esp + 0xa4] mov dword [eax + 0x28], 0 loc_0042bd49: mov ebx, dword [esp + 0xac] inc ebx mov dword [esp + 0xac], ebx cmp ebx, 0xc jge near loc_0042bdef ; jge 0x42bdef loc_0042bd61: mov ebx, dword [esp + 0xac] mov eax, ebx shl eax, 3 add eax, ebx shl eax, 2 mov dx, word [eax + (_stocks_on_map+4)] ; mov dx, word [eax + 0x496984] test dx, dx je short loc_0042bd49 ; je 0x42bd49 mov eax, edx and eax, 0xffff imul eax, eax, 0x34 mov ebx, dword [ref_00498e7c] ; mov ebx, dword [0x498e7c] add ebx, eax mov dword [esp + 0xa4], ebx push 2 mov eax, dword [esp + 0xac] push eax push 0x3e lea eax, [ebx + 4] push eax mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor ebx, ebx xor ebp, ebp mov esi, dword [esp + 0xac] loc_0042bdc3: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge near loc_0042bc0a ; jge 0x42bc0a imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_0042bdec ; je 0x42bdec mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 5 add ebp, dword [eax + esi*8 + _player_stocks] ; add ebp, dword [eax + esi*8 + 0x4971a0] loc_0042bdec: inc ebx jmp short loc_0042bdc3 ; jmp 0x42bdc3 loc_0042bdef: xor ebx, ebx mov edi, 0xc6 loc_0042bdf6: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_0042be43 ; jge 0x42be43 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_0042be40 ; je 0x42be40 mov edx, dword [esp + ebx*4 + 0x90] push edx lea eax, [esp + 4] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 6 push 0x194 push edi lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 add edi, 0x62 loc_0042be40: inc ebx jmp short loc_0042bdf6 ; jmp 0x42bdf6 loc_0042be43: push 0 push fcn_0042b3eb ; push 0x42b3eb call _Wait_0402_Message ; call 0x4018e7 add esp, 8 mov eax, dword [ref_0048c2dc] ; mov eax, dword [0x48c2dc] push eax call clib_free ; call 0x456e11 add esp, 4 push ref_004755a8 ; push 0x4755a8 call fcn_00454240 ; call 0x454240 add esp, 4 xor ebx, ebx loc_0042be6f: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_0042bec5 ; jge 0x42bec5 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_0042bec2 ; je 0x42bec2 mov esi, dword [esp + ebx*4 + 0x90] mov edi, dword [eax + (_players+32)] ; mov edi, dword [eax + 0x496b88] add edi, esi mov dword [eax + (_players+32)], edi ; mov dword [eax + 0x496b88], edi test edi, edi jge short loc_0042bec2 ; jge 0x42bec2 add dword [eax + (_players+28)], edi ; add dword [eax + 0x496b84], edi xor ecx, ecx mov dword [eax + (_players+32)], ecx ; mov dword [eax + 0x496b88], ecx cmp dword [eax + (_players+28)], 0 ; cmp dword [eax + 0x496b84], 0 jge short loc_0042bec2 ; jge 0x42bec2 mov dword [eax + (_players+28)], ecx ; mov dword [eax + 0x496b84], ecx push ebx call fcn_0040cd87 ; call 0x40cd87 add esp, 4 loc_0042bec2: inc ebx jmp short loc_0042be6f ; jmp 0x42be6f loc_0042bec5: add esp, 0xb4 pop ebp pop edi pop esi pop ebx ret fcn_0042bed0: push ebx push esi xor eax, eax mov ebx, dword [esp + 0xc] mov bx, word [ebx] mov edx, dword [esp + 0x10] mov dx, word [edx] movsx esi, bx movsx ecx, dx cmp esi, ecx jle short loc_0042bef1 ; jle 0x42bef1 mov eax, 0xffffffff loc_0042bef1: movsx ecx, bx movsx edx, dx cmp ecx, edx jge short loc_0042bf00 ; jge 0x42bf00 mov eax, 1 loc_0042bf00: pop esi pop ebx ret fcn_0042bf03: push ebx push esi push edi push ebp sub esp, 0xe8 mov edi, dword [esp + 0xfc] call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 3 sar edx, 0x1f idiv ecx test edx, edx jne near loc_0042c794 ; jne 0x42c794 imul ebx, edi, 0x68 cmp byte [ebx + (_players+26)], 0 ; cmp byte [ebx + 0x496b82], 0 je near loc_0042c794 ; je 0x42c794 call fcn_00428d01 ; call 0x428d01 cmp eax, 1 je near loc_0042c794 ; je 0x42c794 mov edx, dword [ebx + (_players+44)] ; mov edx, dword [ebx + 0x496b94] test edx, edx je short loc_0042bf6e ; je 0x42bf6e push edx mov ebx, dword [ref_00497160] ; mov ebx, dword [0x497160] push ebx call fcn_004521aa ; call 0x4521aa add esp, 8 cmp eax, 0xf jl near loc_0042c794 ; jl 0x42c794 loc_0042bf6e: xor esi, esi mov dword [esp + 0xe0], esi mov dword [esp + 0xc8], esi jmp short loc_0042bf94 ; jmp 0x42bf94 loc_0042bf80: mov ecx, dword [esp + 0xe0] inc ecx mov dword [esp + 0xe0], ecx cmp ecx, 0xc jge short loc_0042bfff ; jge 0x42bfff loc_0042bf94: mov edx, edi shl edx, 2 sub edx, edi shl edx, 5 mov eax, dword [esp + 0xe0] shl eax, 3 add eax, edx cmp dword [eax + _player_stocks], 0 ; cmp dword [eax + 0x4971a0], 0 je short loc_0042bf80 ; je 0x42bf80 fild dword [eax + _player_stocks] ; fild dword [eax + 0x4971a0] mov edx, dword [esp + 0xe0] mov eax, edx shl eax, 3 add eax, edx fmul dword [eax*4 + (_stocks_on_map+20)] ; fmul dword [eax*4 + 0x496994] mov eax, dword [esp + 0xc8] mov dword [esp + 0xe4], eax fild dword [esp + 0xe4] fstp dword [esp + 0xe4] fadd dword [esp + 0xe4] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0xc8] jmp short loc_0042bf80 ; jmp 0x42bf80 loc_0042bfff: imul ecx, edi, 0x68 mov eax, dword [ecx + (_players+32)] ; mov eax, dword [ecx + 0x496b88] add eax, dword [ecx + (_players+28)] ; add eax, dword [ecx + 0x496b84] mov edx, dword [esp + 0xc8] add edx, eax xor eax, eax mov al, byte [ecx + (_players+26)] ; mov al, byte [ecx + 0x496b82] imul edx, eax mov ebx, 0x64 mov eax, edx sar edx, 0x1f idiv ebx mov dword [esp + 0xc4], eax mov eax, dword [esp + 0xc8] mov ebp, dword [esp + 0xc4] cmp eax, ebp jge near loc_0042c794 ; jge 0x42c794 mov edx, ebp sub edx, eax mov dword [esp + 0xc4], edx mov ebx, dword [ecx + (_players+32)] ; mov ebx, dword [ecx + 0x496b88] cmp edx, ebx jle short loc_0042c067 ; jle 0x42c067 mov dword [esp + 0xc4], ebx loc_0042c067: xor esi, esi mov dword [esp + 0xe0], esi jmp near loc_0042c58c ; jmp 0x42c58c loc_0042c075: fild dword [ecx + 0x2c] loc_0042c078: fstp dword [esp + 0xd4] mov ebx, 0x2710 mov eax, dword [ecx + 0x24] mov edx, eax sar edx, 0x1f idiv ebx mov dword [esp + 0xe4], eax fild dword [esp + 0xe4] fstp dword [esp + 0xd0] fldz fcomp dword [esp + 0xd4] fnstsw ax sahf jae short loc_0042c0f3 ; jae 0x42c0f3 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 sub eax, edx shl eax, 4 add eax, edx shl eax, 3 mov dword [esp + 0xe4], eax fild dword [esp + 0xe4] fcomp dword [esp + 0xd4] fnstsw ax sahf jbe short loc_0042c0f3 ; jbe 0x42c0f3 mov eax, dword [esp + 0xe0] inc dword [esp + eax*4 + 0x80] loc_0042c0f3: mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 sub eax, edx shl eax, 4 add eax, edx shl eax, 3 mov dword [esp + 0xe4], eax fild dword [esp + 0xe4] fcomp dword [esp + 0xd4] fnstsw ax sahf ja short loc_0042c164 ; ja 0x42c164 mov eax, edx shl eax, 2 add eax, edx shl eax, 3 sub eax, edx shl eax, 4 add eax, edx shl eax, 4 mov dword [esp + 0xe4], eax fild dword [esp + 0xe4] fcomp dword [esp + 0xd4] fnstsw ax sahf jbe short loc_0042c164 ; jbe 0x42c164 mov eax, dword [esp + 0xe0] add dword [esp + eax*4 + 0x80], 2 loc_0042c164: mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 sub eax, edx shl eax, 4 add eax, edx shl eax, 4 mov dword [esp + 0xe4], eax fild dword [esp + 0xe4] fcomp dword [esp + 0xd4] fnstsw ax sahf ja short loc_0042c1a7 ; ja 0x42c1a7 mov eax, dword [esp + 0xe0] add dword [esp + eax*4 + 0x80], 3 loc_0042c1a7: cmp dword [ecx + 0x28], 0 jle near loc_0042c2e7 ; jle 0x42c2e7 mov eax, edi shl eax, 2 sub eax, edi shl eax, 5 mov esi, dword [esp + 0xe0] shl esi, 3 lea ebx, [eax + esi] cmp dword [ebx + _player_stocks], 0x1388 ; cmp dword [ebx + 0x4971a0], 0x1388 jge near loc_0042c2e7 ; jge 0x42c2e7 mov edx, dword [esp + 0xe0] mov eax, edx shl eax, 3 add edx, eax shl edx, 2 fld dword [edx + (_stocks_on_map+20)] ; fld dword [edx + 0x496994] fld dword [esp + 0xd0] fmul qword [ref_0046419c] ; fmul qword [0x46419c] fcompp fnstsw ax sahf jb near loc_0042c2e7 ; jb 0x42c2e7 mov eax, dword [esp + 0xe0] shl eax, 2 inc dword [esp + eax + 0x80] cmp byte [ecx + 0x18], 0 je near loc_0042c2e7 ; je 0x42c2e7 movzx ebp, byte [ecx + 0x18] mov dword [esp + 0xcc], ebp lea ebp, [edi + 1] mov dword [esp + 0xe4], ebp mov ebp, dword [esp + 0xcc] cmp ebp, dword [esp + 0xe4] je near loc_0042c2e7 ; je 0x42c2e7 mov dx, word [edx + (_stocks_on_map+8)] ; mov dx, word [edx + 0x496988] and edx, 0xffff add edx, dword [ebx + _player_stocks] ; add edx, dword [ebx + 0x4971a0] mov ebp, dword [ecx + 0x30] add ebp, edx mov ebx, dword [esp + 0xcc] dec ebx mov edx, ebx shl edx, 2 sub edx, ebx shl edx, 5 cmp ebp, dword [edx + esi + _player_stocks] ; cmp ebp, dword [edx + esi + 0x4971a0] jle short loc_0042c285 ; jle 0x42c285 inc dword [esp + eax + 0x80] loc_0042c285: mov eax, edi shl eax, 2 sub eax, edi shl eax, 5 mov esi, dword [esp + 0xe0] shl esi, 3 lea ebx, [eax + esi] mov edx, dword [esp + 0xe0] mov eax, edx shl eax, 3 add eax, edx mov ax, word [eax*4 + (_stocks_on_map+10)] ; mov ax, word [eax*4 + 0x49698a] and eax, 0xffff mov ebx, dword [ebx + _player_stocks] ; mov ebx, dword [ebx + 0x4971a0] add ebx, eax xor edx, edx mov dl, byte [ecx + 0x18] dec edx mov eax, edx shl eax, 2 sub eax, edx shl eax, 5 cmp ebx, dword [esi + eax + _player_stocks] ; cmp ebx, dword [esi + eax + 0x4971a0] jle short loc_0042c2e7 ; jle 0x42c2e7 mov eax, dword [esp + 0xe0] add dword [esp + eax*4 + 0x80], 2 loc_0042c2e7: mov edx, dword [esp + 0xe0] mov eax, edx shl eax, 3 add eax, edx fld dword [eax*4 + (_stocks_on_map+20)] ; fld dword [eax*4 + 0x496994] fld dword [esp + 0xd0] fmul qword [ref_004641a4] ; fmul qword [0x4641a4] fcompp fnstsw ax sahf jbe short loc_0042c318 ; jbe 0x42c318 add dword [esp + edx*4 + 0x80], 3 loc_0042c318: mov edx, dword [esp + 0xe0] mov eax, edx shl eax, 3 add eax, edx fld dword [eax*4 + (_stocks_on_map+20)] ; fld dword [eax*4 + 0x496994] fld dword [esp + 0xd0] fmul qword [ref_004641ac] ; fmul qword [0x4641ac] fcompp fnstsw ax sahf jbe near loc_0042c557 ; jbe 0x42c557 add dword [esp + edx*4 + 0x80], 5 jmp near loc_0042c557 ; jmp 0x42c557 loc_0042c352: mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 sub eax, edx shl eax, 4 add eax, edx shl eax, 4 mov edx, eax shl eax, 2 sub eax, edx cmp eax, dword [ecx + (_players+32)] ; cmp eax, dword [ecx + 0x496b88] jge near loc_0042c574 ; jge 0x42c574 mov eax, dword [ref_00499100] ; mov eax, dword [0x499100] sub eax, 0x18 test eax, eax jge short loc_0042c390 ; jge 0x42c390 add eax, 0x90 loc_0042c390: xor ecx, ecx xor ebx, ebx mov dword [esp + 0xd8], ecx jmp short loc_0042c3a4 ; jmp 0x42c3a4 loc_0042c39d: inc ecx inc eax cmp ecx, 0x18 jge short loc_0042c3e8 ; jge 0x42c3e8 loc_0042c3a4: cmp eax, 0x90 jne short loc_0042c3ad ; jne 0x42c3ad xor eax, eax loc_0042c3ad: mov esi, dword [esp + 0xe0] mov edx, esi shl edx, 3 add esi, edx shl esi, 6 mov edx, eax shl edx, 2 add edx, esi test dword [edx + ref_00497328], 0x7fffffff ; test dword [edx + 0x497328], 0x7fffffff je short loc_0042c39d ; je 0x42c39d fld dword [esp + 0xd8] fadd dword [edx + ref_00497328] ; fadd dword [edx + 0x497328] fstp dword [esp + 0xd8] inc ebx jmp short loc_0042c39d ; jmp 0x42c39d loc_0042c3e8: test ebx, ebx je short loc_0042c408 ; je 0x42c408 mov dword [esp + 0xe4], ebx fild dword [esp + 0xe4] fdivr dword [esp + 0xd8] fstp dword [esp + 0xd8] loc_0042c408: mov eax, dword [ref_00499100] ; mov eax, dword [0x499100] sub eax, 6 test eax, eax jge short loc_0042c419 ; jge 0x42c419 add eax, 0x90 loc_0042c419: xor ecx, ecx mov dword [esp + 0xdc], ecx xor ebx, ebx jmp short loc_0042c42d ; jmp 0x42c42d loc_0042c426: inc ecx inc eax cmp ecx, 6 jge short loc_0042c471 ; jge 0x42c471 loc_0042c42d: cmp eax, 0x90 jne short loc_0042c436 ; jne 0x42c436 xor eax, eax loc_0042c436: mov esi, dword [esp + 0xe0] mov edx, esi shl edx, 3 add edx, esi shl edx, 6 mov esi, eax shl esi, 2 add edx, esi test dword [edx + ref_00497328], 0x7fffffff ; test dword [edx + 0x497328], 0x7fffffff je short loc_0042c426 ; je 0x42c426 fld dword [esp + 0xdc] fadd dword [edx + ref_00497328] ; fadd dword [edx + 0x497328] fstp dword [esp + 0xdc] inc ebx jmp short loc_0042c426 ; jmp 0x42c426 loc_0042c471: test ebx, ebx je short loc_0042c491 ; je 0x42c491 mov dword [esp + 0xe4], ebx fild dword [esp + 0xe4] fdivr dword [esp + 0xdc] fstp dword [esp + 0xdc] loc_0042c491: mov edx, dword [esp + 0xe0] mov eax, edx shl eax, 3 add edx, eax shl edx, 2 fld dword [edx + (_stocks_on_map+12)] ; fld dword [edx + 0x49698c] fmul qword [ref_004641b4] ; fmul qword [0x4641b4] fld dword [edx + (_stocks_on_map+20)] ; fld dword [edx + 0x496994] fcompp fnstsw ax sahf jae short loc_0042c4e9 ; jae 0x42c4e9 cmp dword [edx + (_stocks_on_map+28)], 0x40000000 ; cmp dword [edx + 0x49699c], 0x40000000 jle short loc_0042c4e9 ; jle 0x42c4e9 fld dword [esp + 0xdc] fcomp dword [esp + 0xd8] fnstsw ax sahf jbe short loc_0042c4e9 ; jbe 0x42c4e9 mov eax, dword [esp + 0xe0] add dword [esp + eax*4 + 0x80], 2 loc_0042c4e9: mov edx, dword [esp + 0xe0] mov eax, edx shl eax, 3 add eax, edx fld dword [eax*4 + (_stocks_on_map+12)] ; fld dword [eax*4 + 0x49698c] fmul qword [ref_004641bc] ; fmul qword [0x4641bc] fld dword [eax*4 + (_stocks_on_map+20)] ; fld dword [eax*4 + 0x496994] fcompp fnstsw ax sahf jae short loc_0042c52d ; jae 0x42c52d fld dword [esp + 0xdc] fcomp dword [esp + 0xd8] fnstsw ax sahf jbe short loc_0042c52d ; jbe 0x42c52d add dword [esp + edx*4 + 0x80], 4 loc_0042c52d: fld dword [esp + 0xd8] fmul qword [ref_004641c4] ; fmul qword [0x4641c4] fld dword [esp + 0xdc] fcompp fnstsw ax sahf jae short loc_0042c557 ; jae 0x42c557 mov eax, dword [esp + 0xe0] add dword [esp + eax*4 + 0x80], 2 loc_0042c557: mov eax, dword [esp + 0xe0] xor edx, edx mov word [esp + eax*4 + 0x82], dx mov edx, eax shl edx, 0x10 or dword [esp + eax*4 + 0x80], edx loc_0042c574: mov ebp, dword [esp + 0xe0] inc ebp mov dword [esp + 0xe0], ebp cmp ebp, 0xc jge near loc_0042c63d ; jge 0x42c63d loc_0042c58c: mov eax, dword [esp + 0xe0] xor ebp, ebp mov dword [esp + eax*4 + 0x80], ebp mov ebx, eax shl ebx, 3 add ebx, eax shl ebx, 2 cmp byte [ebx + (_stocks_on_map+6)], 0 ; cmp byte [ebx + 0x496986], 0 jne short loc_0042c557 ; jne 0x42c557 push eax call fcn_004295ea ; call 0x4295ea add esp, 4 cmp eax, 1 je short loc_0042c557 ; je 0x42c557 cmp word [ebx + (_stocks_on_map+10)], 0 ; cmp word [ebx + 0x49698a], 0 je short loc_0042c557 ; je 0x42c557 imul ecx, edi, 0x68 cmp word [ebx + (_stocks_on_map+4)], 0 ; cmp word [ebx + 0x496984], 0 je near loc_0042c352 ; je 0x42c352 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 sub eax, edx shl eax, 4 add eax, edx shl eax, 5 cmp eax, dword [ecx + (_players+32)] ; cmp eax, dword [ecx + 0x496b88] jge near loc_0042c574 ; jge 0x42c574 xor eax, eax mov ax, word [ebx + (_stocks_on_map+4)] ; mov ax, word [ebx + 0x496984] imul eax, eax, 0x34 mov ecx, dword [ref_00498e7c] ; mov ecx, dword [0x498e7c] add ecx, eax mov ebp, dword [ref_00499084] ; mov ebp, dword [0x499084] test ebp, ebp je near loc_0042c075 ; je 0x42c075 mov edx, dword [ecx + 0x2c] mov eax, edx sar edx, 0x1f idiv ebp mov dword [esp + 0xe4], eax fild dword [esp + 0xe4] jmp near loc_0042c078 ; jmp 0x42c078 loc_0042c63d: push fcn_0042bed0 ; push 0x42bed0 push 4 push 0xc lea eax, [esp + 0x8c] push eax call fcn_00457e6c ; call 0x457e6c add esp, 0x10 xor edx, edx mov dword [esp + 0xe0], edx mov esi, 0xffffffff jmp short loc_0042c67a ; jmp 0x42c67a loc_0042c666: mov ebx, dword [esp + 0xe0] inc ebx mov dword [esp + 0xe0], ebx cmp ebx, 0xc jge short loc_0042c6c1 ; jge 0x42c6c1 loc_0042c67a: mov ebx, dword [esp + 0xe0] shl ebx, 2 test word [esp + ebx + 0x80], 0xffff je short loc_0042c666 ; je 0x42c666 call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 0x18 sar edx, 0x1f idiv ecx mov eax, 0xc sub eax, dword [esp + 0xe0] cmp edx, eax jg short loc_0042c666 ; jg 0x42c666 mov esi, dword [esp + ebx + 0x80] sar esi, 0x10 and esi, 0xffff loc_0042c6c1: cmp esi, 0xffffffff je near loc_0042c794 ; je 0x42c794 mov eax, esi shl eax, 3 add eax, esi shl eax, 2 mov edx, dword [esp + 0xc4] mov dword [esp + 0xe4], edx fild dword [esp + 0xe4] fdiv dword [eax + (_stocks_on_map+20)] ; fdiv dword [eax + 0x496994] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0xe0] mov edx, dword [esp + 0xe0] test edx, edx je near loc_0042c794 ; je 0x42c794 mov ax, word [eax + (_stocks_on_map+10)] ; mov ax, word [eax + 0x49698a] and eax, 0xffff cmp eax, edx jge short loc_0042c721 ; jge 0x42c721 mov dword [esp + 0xe0], eax loc_0042c721: push 1 mov ebx, dword [esp + 0xe4] push ebx push esi push edi call fcn_00428d2a ; call 0x428d2a add esp, 0x10 push edi call fcn_0041d433 ; call 0x41d433 add esp, 4 mov eax, esi shl eax, 3 add eax, esi mov esi, dword [eax*4 + (_stocks_on_map+0)] ; mov esi, dword [eax*4 + 0x496980] push esi lea eax, [esp + 0xb4] push eax call fcn_00452946 ; call 0x452946 add esp, 8 push ebx lea eax, [esp + 0xb4] push eax imul edi, edi, 0x68 mov eax, dword [edi + (_players+0)] ; mov eax, dword [edi + 0x496b68] push eax push ref_00464186 ; push 0x464186 lea eax, [esp + 0x10] push eax call fcn_00457110 ; call 0x457110 add esp, 0x14 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 loc_0042c794: add esp, 0xe8 pop ebp pop edi pop esi pop ebx ret fcn_0042c79f: push ebx push esi push edi push ebp sub esp, 0xfc mov ebp, dword [esp + 0x110] xor edx, edx mov dword [esp + 0xd0], edx imul ebx, ebp, 0x68 mov ecx, dword [ebx + (_players+44)] ; mov ecx, dword [ebx + 0x496b94] push ecx mov esi, dword [ref_00497160] ; mov esi, dword [0x497160] push esi call fcn_004521aa ; call 0x4521aa add esp, 8 cmp eax, 6 jg short loc_0042c7f8 ; jg 0x42c7f8 mov eax, dword [ebx + (_players+32)] ; mov eax, dword [ebx + 0x496b88] add eax, dword [ebx + (_players+28)] ; add eax, dword [ebx + 0x496b84] cmp eax, dword [ebx + (_players+36)] ; cmp eax, dword [ebx + 0x496b8c] jge short loc_0042c7f8 ; jge 0x42c7f8 mov dword [esp + 0xd0], 1 jmp short loc_0042c81b ; jmp 0x42c81b loc_0042c7f8: cmp dword [esp + 0xd0], 0 jne short loc_0042c81b ; jne 0x42c81b call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 3 sar edx, 0x1f idiv ecx test edx, edx jne near loc_0042d0e4 ; jne 0x42d0e4 loc_0042c81b: call fcn_00428d01 ; call 0x428d01 cmp eax, 1 je near loc_0042d0e4 ; je 0x42d0e4 loc_0042c829: xor esi, esi mov dword [esp + 0xcc], esi mov dword [esp + 0xc8], 0xffffffff xor ebx, ebx jmp near loc_0042cf7c ; jmp 0x42cf7c loc_0042c844: fild dword [esi + 0x2c] loc_0042c847: fstp dword [esp + 0xd4] mov ecx, 0x2710 mov eax, dword [esi + 0x24] mov edx, eax sar edx, 0x1f idiv ecx mov dword [esp + 0xf8], eax fild dword [esp + 0xf8] fstp dword [esp + 0xe0] xor edx, edx mov dword [esp + 0xf4], edx loc_0042c87b: mov edi, ebx shl edi, 3 cmp edx, dword [_nplayers] ; cmp edx, dword [0x499114] jge short loc_0042c8a3 ; jge 0x42c8a3 mov eax, edx shl eax, 2 sub eax, edx shl eax, 5 mov eax, dword [edi + eax + _player_stocks] ; mov eax, dword [edi + eax + 0x4971a0] add dword [esp + 0xf4], eax inc edx jmp short loc_0042c87b ; jmp 0x42c87b loc_0042c8a3: mov eax, ebp shl eax, 2 sub eax, ebp shl eax, 5 fild dword [edi + eax + _player_stocks] ; fild dword [edi + eax + 0x4971a0] mov eax, dword [esp + 0xf4] mov dword [esp + 0xf8], eax fild dword [esp + 0xf8] fdivrp st1 ; fdivrp st(1) fstp dword [esp + 0xd8] mov ecx, dword [ref_00497160] ; mov ecx, dword [0x497160] and ecx, 0xff mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 sub eax, edx shl eax, 4 add eax, edx shl eax, 4 neg eax cmp eax, dword [esi + 0x28] jl short loc_0042c923 ; jl 0x42c923 fld dword [esp + 0xd8] fcomp qword [ref_00464204] ; fcomp qword [0x464204] fnstsw ax sahf jbe short loc_0042c923 ; jbe 0x42c923 cmp ecx, 0xa jle short loc_0042c923 ; jle 0x42c923 cmp ecx, 0xf jge short loc_0042c923 ; jge 0x42c923 add dword [esp + ebx*4 + 0x80], 3 loc_0042c923: mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 4 mov edx, eax shl eax, 4 sub eax, edx neg eax cmp eax, dword [esi + 0x28] jl short loc_0042c990 ; jl 0x42c990 mov edx, ebp shl edx, 2 sub edx, ebp shl edx, 5 mov eax, ebx fld dword [edx + eax*8 + (_player_stocks + 4)] ; fld dword [edx + eax*8 + 0x4971a4] fmul qword [ref_0046420c] ; fmul qword [0x46420c] shl eax, 3 add eax, ebx fld dword [eax*4 + (_stocks_on_map+20)] ; fld dword [eax*4 + 0x496994] fcompp fnstsw ax sahf jbe short loc_0042c990 ; jbe 0x42c990 xor edx, edx mov dl, byte [esi + 0x18] lea eax, [ebp + 1] cmp edx, eax je short loc_0042c990 ; je 0x42c990 cmp ecx, 8 jle short loc_0042c990 ; jle 0x42c990 cmp ecx, 0xf jge short loc_0042c990 ; jge 0x42c990 add dword [esp + ebx*4 + 0x80], 2 loc_0042c990: mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 sub eax, edx shl eax, 4 add eax, edx shl eax, 4 mov dword [esp + 0xf8], eax fild dword [esp + 0xf8] fcomp dword [esp + 0xd4] fnstsw ax sahf jb short loc_0042ca26 ; jb 0x42ca26 mov eax, ebx shl eax, 3 lea edx, [ebx + eax] shl edx, 2 fld dword [esp + 0xe0] fmul dword [ref_004641f4] ; fmul dword [0x4641f4] fcomp dword [edx + (_stocks_on_map+20)] ; fcomp dword [edx + 0x496994] fnstsw ax sahf ja short loc_0042ca26 ; ja 0x42ca26 mov eax, ebp shl eax, 2 sub eax, ebp shl eax, 5 mov ecx, ebx fld dword [eax + ecx*8 + (_player_stocks + 4)] ; fld dword [eax + ecx*8 + 0x4971a4] fmul qword [ref_00464214] ; fmul qword [0x464214] fld dword [edx + (_stocks_on_map+20)] ; fld dword [edx + 0x496994] fcompp fnstsw ax sahf jbe short loc_0042ca26 ; jbe 0x42ca26 fld dword [esp + 0xd8] fcomp qword [ref_0046421c] ; fcomp qword [0x46421c] fnstsw ax sahf jae short loc_0042ca26 ; jae 0x42ca26 inc dword [esp + ebx*4 + 0x80] loc_0042ca26: mov dl, byte [esi + 0x18] test dl, dl je near loc_0042cad1 ; je 0x42cad1 movzx edi, dl lea eax, [ebp + 1] cmp edi, eax je near loc_0042cad1 ; je 0x42cad1 mov eax, ebp shl eax, 2 sub eax, ebp shl eax, 5 mov edx, ebx shl edx, 3 mov dword [esp + 0xc4], edx lea ecx, [edx + eax] mov eax, ebx shl eax, 3 lea edx, [ebx + eax] shl edx, 2 xor eax, eax mov ax, word [edx + (_stocks_on_map+8)] ; mov ax, word [edx + 0x496988] mov dword [esp + 0xf8], eax mov eax, dword [ecx + _player_stocks] ; mov eax, dword [ecx + 0x4971a0] add eax, dword [esp + 0xf8] add eax, dword [esi + 0x30] mov dword [esp + 0xf8], eax dec edi mov eax, edi shl eax, 2 sub eax, edi shl eax, 5 add eax, dword [esp + 0xc4] mov edi, dword [esp + 0xf8] cmp edi, dword [eax + _player_stocks] ; cmp edi, dword [eax + 0x4971a0] jge short loc_0042cad1 ; jge 0x42cad1 cmp dword [esi + 0x28], 0 jg short loc_0042cad1 ; jg 0x42cad1 fld dword [ecx + (_player_stocks + 4)] ; fld dword [ecx + 0x4971a4] fmul qword [ref_00464224] ; fmul qword [0x464224] fld dword [edx + (_stocks_on_map+20)] ; fld dword [edx + 0x496994] fcompp fnstsw ax sahf jb short loc_0042cad1 ; jb 0x42cad1 inc dword [esp + ebx*4 + 0x80] loc_0042cad1: mov edx, ebx shl edx, 3 add edx, ebx shl edx, 2 fld dword [esp + 0xe0] fmul dword [ref_004641f4] ; fmul dword [0x4641f4] fcomp dword [edx + (_stocks_on_map+20)] ; fcomp dword [edx + 0x496994] fnstsw ax sahf jae short loc_0042cb3c ; jae 0x42cb3c mov ecx, ebp shl ecx, 2 sub ecx, ebp shl ecx, 5 mov eax, ebx fld dword [ecx + eax*8 + (_player_stocks + 4)] ; fld dword [ecx + eax*8 + 0x4971a4] fmul dword [ref_004641f4] ; fmul dword [0x4641f4] fcomp dword [edx + (_stocks_on_map+20)] ; fcomp dword [edx + 0x496994] fnstsw ax sahf jae short loc_0042cb3c ; jae 0x42cb3c fld dword [edx + (_stocks_on_map+20)] ; fld dword [edx + 0x496994] fcomp dword [edx + (_stocks_on_map+16)] ; fcomp dword [edx + 0x496990] fnstsw ax sahf jae short loc_0042cb3c ; jae 0x42cb3c xor edx, edx mov dl, byte [esi + 0x18] lea eax, [ebp + 1] cmp edx, eax je short loc_0042cb3c ; je 0x42cb3c add dword [esp + ebx*4 + 0x80], 2 loc_0042cb3c: mov edx, ebx shl edx, 3 add edx, ebx shl edx, 2 fld dword [esp + 0xe0] fmul dword [ref_0046422c] ; fmul dword [0x46422c] fcomp dword [edx + (_stocks_on_map+20)] ; fcomp dword [edx + 0x496994] fnstsw ax sahf jae short loc_0042cba7 ; jae 0x42cba7 mov eax, ebp shl eax, 2 sub eax, ebp shl eax, 5 mov ecx, ebx fld dword [eax + ecx*8 + (_player_stocks + 4)] ; fld dword [eax + ecx*8 + 0x4971a4] fmul dword [ref_0046422c] ; fmul dword [0x46422c] fcomp dword [edx + (_stocks_on_map+20)] ; fcomp dword [edx + 0x496994] fnstsw ax sahf jae short loc_0042cba7 ; jae 0x42cba7 fld dword [edx + (_stocks_on_map+20)] ; fld dword [edx + 0x496994] fcomp dword [edx + (_stocks_on_map+16)] ; fcomp dword [edx + 0x496990] fnstsw ax sahf jae short loc_0042cba7 ; jae 0x42cba7 xor eax, eax mov al, byte [esi + 0x18] lea edx, [ebp + 1] cmp eax, edx jne short loc_0042cba7 ; jne 0x42cba7 add dword [esp + ebx*4 + 0x80], 2 loc_0042cba7: cmp dword [esp + 0xd0], 0 je near loc_0042cf4d ; je 0x42cf4d inc dword [esp + ebx*4 + 0x80] jmp near loc_0042cf4d ; jmp 0x42cf4d loc_0042cbc1: fld dword [esi + (_stocks_on_map+20)] ; fld dword [esi + 0x496994] fdiv dword [edi + (_player_stocks + 4)] ; fdiv dword [edi + 0x4971a4] fstp dword [esp + 0xe4] xor edx, edx mov dword [esp + 0xe8], 0x461c4000 jmp short loc_0042cbec ; jmp 0x42cbec loc_0042cbe3: inc edx cmp edx, 0x90 jge short loc_0042cc2a ; jge 0x42cc2a loc_0042cbec: mov eax, ebx shl eax, 3 add eax, ebx shl eax, 6 mov ecx, edx shl ecx, 2 add ecx, eax test dword [ecx + ref_00497328], 0x7fffffff ; test dword [ecx + 0x497328], 0x7fffffff je short loc_0042cbe3 ; je 0x42cbe3 fld dword [esp + 0xe8] fcomp dword [ecx + ref_00497328] ; fcomp dword [ecx + 0x497328] fnstsw ax sahf jbe short loc_0042cbe3 ; jbe 0x42cbe3 mov eax, dword [ecx + ref_00497328] ; mov eax, dword [ecx + 0x497328] mov dword [esp + 0xe8], eax jmp short loc_0042cbe3 ; jmp 0x42cbe3 loc_0042cc2a: mov edx, dword [ref_00499100] ; mov edx, dword [0x499100] sub edx, 0x18 test edx, edx jge short loc_0042cc3d ; jge 0x42cc3d add edx, 0x90 loc_0042cc3d: xor ecx, ecx mov dword [esp + 0xec], ecx mov dword [esp + 0xf4], ecx jmp short loc_0042cc56 ; jmp 0x42cc56 loc_0042cc4f: inc ecx inc edx cmp ecx, 0x18 jge short loc_0042cc9a ; jge 0x42cc9a loc_0042cc56: cmp edx, 0x90 jne short loc_0042cc60 ; jne 0x42cc60 xor edx, edx loc_0042cc60: mov eax, ebx shl eax, 3 add eax, ebx shl eax, 6 mov esi, edx shl esi, 2 add eax, esi test dword [eax + ref_00497328], 0x7fffffff ; test dword [eax + 0x497328], 0x7fffffff je short loc_0042cc4f ; je 0x42cc4f fld dword [esp + 0xec] fadd dword [eax + ref_00497328] ; fadd dword [eax + 0x497328] fstp dword [esp + 0xec] inc dword [esp + 0xf4] jmp short loc_0042cc4f ; jmp 0x42cc4f loc_0042cc9a: mov eax, dword [esp + 0xf4] test eax, eax je short loc_0042ccc1 ; je 0x42ccc1 mov dword [esp + 0xf8], eax fild dword [esp + 0xf8] fdivr dword [esp + 0xec] fstp dword [esp + 0xec] loc_0042ccc1: mov edx, dword [ref_00499100] ; mov edx, dword [0x499100] sub edx, 6 test edx, edx jge short loc_0042ccd4 ; jge 0x42ccd4 add edx, 0x90 loc_0042ccd4: xor ecx, ecx mov dword [esp + 0xf0], ecx mov dword [esp + 0xf4], ecx jmp short loc_0042cced ; jmp 0x42cced loc_0042cce6: inc ecx inc edx cmp ecx, 6 jge short loc_0042cd32 ; jge 0x42cd32 loc_0042cced: cmp edx, 0x90 jne short loc_0042ccf7 ; jne 0x42ccf7 xor edx, edx loc_0042ccf7: mov eax, ebx shl eax, 3 lea esi, [ebx + eax] shl esi, 6 mov eax, edx shl eax, 2 add eax, esi test dword [eax + ref_00497328], 0x7fffffff ; test dword [eax + 0x497328], 0x7fffffff je short loc_0042cce6 ; je 0x42cce6 fld dword [esp + 0xf0] fadd dword [eax + ref_00497328] ; fadd dword [eax + 0x497328] fstp dword [esp + 0xf0] inc dword [esp + 0xf4] jmp short loc_0042cce6 ; jmp 0x42cce6 loc_0042cd32: mov eax, dword [esp + 0xf4] test eax, eax je short loc_0042cd59 ; je 0x42cd59 mov dword [esp + 0xf8], eax fild dword [esp + 0xf8] fdivr dword [esp + 0xf0] fstp dword [esp + 0xf0] loc_0042cd59: fld dword [esp + 0xe4] fcomp qword [ref_004641dc] ; fcomp qword [0x4641dc] fnstsw ax sahf jbe short loc_0042cd87 ; jbe 0x42cd87 mov eax, ebx shl eax, 3 add eax, ebx cmp dword [eax*4 + (_stocks_on_map+28)], 0x3f800000 ; cmp dword [eax*4 + 0x49699c], 0x3f800000 jge short loc_0042cd87 ; jge 0x42cd87 add dword [esp + ebx*4 + 0x80], 2 loc_0042cd87: mov eax, ebx shl eax, 3 add eax, ebx fld dword [esp + 0xe8] fmul dword [ref_004641e4] ; fmul dword [0x4641e4] fstp dword [esp + 0xdc] fld dword [eax*4 + (_stocks_on_map+20)] ; fld dword [eax*4 + 0x496994] fcomp dword [esp + 0xdc] fnstsw ax sahf jbe short loc_0042cde4 ; jbe 0x42cde4 mov eax, ebp shl eax, 2 sub eax, ebp shl eax, 5 mov edx, ebx fld dword [eax + edx*8 + (_player_stocks + 4)] ; fld dword [eax + edx*8 + 0x4971a4] fmul qword [ref_004641ec] ; fmul qword [0x4641ec] fld dword [esp + 0xdc] fcompp fnstsw ax sahf jbe short loc_0042cde4 ; jbe 0x42cde4 add dword [esp + ebx*4 + 0x80], 2 loc_0042cde4: fld dword [esp + 0xec] fcomp dword [esp + 0xf0] fnstsw ax sahf jbe short loc_0042ce19 ; jbe 0x42ce19 mov eax, ebx shl eax, 3 add eax, ebx fld dword [eax*4 + (_stocks_on_map+20)] ; fld dword [eax*4 + 0x496994] fcomp dword [eax*4 + (_stocks_on_map+16)] ; fcomp dword [eax*4 + 0x496990] fnstsw ax sahf jae short loc_0042ce19 ; jae 0x42ce19 add dword [esp + ebx*4 + 0x80], 2 loc_0042ce19: fld dword [esp + 0xe4] fcomp dword [ref_004641f4] ; fcomp dword [0x4641f4] fnstsw ax sahf jb short loc_0042ce5c ; jb 0x42ce5c fld dword [esp + 0xe4] fadd dword [ref_004641f8] ; fadd dword [0x4641f8] fdiv qword [ref_004641fc] ; fdiv qword [0x4641fc] fld1 faddp st1 ; faddp st(1) call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0xf4] mov eax, dword [esp + 0xf4] add dword [esp + ebx*4 + 0x80], eax loc_0042ce5c: imul eax, ebp, 0x68 mov ecx, dword [eax + (_players+28)] ; mov ecx, dword [eax + 0x496b84] add ecx, dword [eax + (_players+32)] ; add ecx, dword [eax + 0x496b88] mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 sub eax, edx shl eax, 4 add eax, edx shl eax, 4 mov edx, eax shl eax, 2 sub eax, edx cmp ecx, eax jge short loc_0042cec9 ; jge 0x42cec9 fldz fcomp dword [esp + 0xe4] fnstsw ax sahf jae short loc_0042cec9 ; jae 0x42cec9 fld dword [esp + 0xe4] fdiv qword [ref_004641fc] ; fdiv qword [0x4641fc] fld1 faddp st1 ; faddp st(1) call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0xf4] mov eax, dword [esp + 0xf4] add dword [esp + ebx*4 + 0x80], eax loc_0042cec9: imul eax, ebp, 0x68 mov edx, dword [eax + (_players+28)] ; mov edx, dword [eax + 0x496b84] mov ecx, dword [eax + (_players+32)] ; mov ecx, dword [eax + 0x496b88] add ecx, edx mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 7 mov edx, eax shl eax, 2 add eax, edx cmp ecx, eax jge short loc_0042cf33 ; jge 0x42cf33 fldz fcomp dword [esp + 0xe4] fnstsw ax sahf jae short loc_0042cf33 ; jae 0x42cf33 fld dword [esp + 0xe4] fdiv qword [ref_004641fc] ; fdiv qword [0x4641fc] fld1 faddp st1 ; faddp st(1) call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0xf4] mov eax, dword [esp + 0xf4] add dword [esp + ebx*4 + 0x80], eax loc_0042cf33: cmp dword [esp + 0xd0], 0 je short loc_0042cf4d ; je 0x42cf4d mov edx, dword [esp + ebx*4 + 0x80] add edx, edx mov dword [esp + ebx*4 + 0x80], edx loc_0042cf4d: mov eax, ebx shl eax, 2 mov edx, dword [esp + 0xcc] mov esi, dword [esp + eax + 0x80] cmp edx, esi jge short loc_0042cf72 ; jge 0x42cf72 mov dword [esp + 0xcc], esi mov dword [esp + 0xc8], ebx loc_0042cf72: inc ebx cmp ebx, 0xc jge near loc_0042d00b ; jge 0x42d00b loc_0042cf7c: xor edx, edx mov dword [esp + ebx*4 + 0x80], edx mov eax, ebp shl eax, 2 sub eax, ebp shl eax, 5 mov edi, ebx shl edi, 3 add edi, eax cmp dword [edi + _player_stocks], 0 ; cmp dword [edi + 0x4971a0], 0 je short loc_0042cf4d ; je 0x42cf4d mov esi, ebx shl esi, 3 add esi, ebx shl esi, 2 cmp byte [esi + (_stocks_on_map+6)], 0 ; cmp byte [esi + 0x496986], 0 jne short loc_0042cf4d ; jne 0x42cf4d push ebx call fcn_004295ea ; call 0x4295ea add esp, 4 cmp eax, 3 je short loc_0042cf4d ; je 0x42cf4d mov dx, word [esi + (_stocks_on_map+4)] ; mov dx, word [esi + 0x496984] test dx, dx je near loc_0042cbc1 ; je 0x42cbc1 xor eax, eax mov ax, dx imul eax, eax, 0x34 mov esi, dword [ref_00498e7c] ; mov esi, dword [0x498e7c] add esi, eax mov edi, dword [ref_00499084] ; mov edi, dword [0x499084] test edi, edi je near loc_0042c844 ; je 0x42c844 mov edx, dword [esi + 0x2c] mov eax, edx sar edx, 0x1f idiv edi mov dword [esp + 0xf8], eax fild dword [esp + 0xf8] jmp near loc_0042c847 ; jmp 0x42c847 loc_0042d00b: mov edi, dword [esp + 0xc8] cmp edi, 0xffffffff je near loc_0042d09a ; je 0x42d09a mov eax, ebp shl eax, 2 sub eax, ebp shl eax, 5 mov ebx, edi mov ebx, dword [eax + ebx*8 + _player_stocks] ; mov ebx, dword [eax + ebx*8 + 0x4971a0] push 1 push ebx push edi push ebp call fcn_00428e23 ; call 0x428e23 add esp, 0x10 push ebp call fcn_0041d433 ; call 0x41d433 add esp, 4 mov eax, edi shl eax, 3 add eax, edi mov edx, dword [eax*4 + (_stocks_on_map+0)] ; mov edx, dword [eax*4 + 0x496980] push edx lea eax, [esp + 0xb4] push eax call fcn_00452946 ; call 0x452946 add esp, 8 push ebx lea eax, [esp + 0xb4] push eax imul eax, ebp, 0x68 mov ecx, dword [eax + (_players+0)] ; mov ecx, dword [eax + 0x496b68] push ecx push ref_004641cc ; push 0x4641cc lea eax, [esp + 0x10] push eax call fcn_00457110 ; call 0x457110 add esp, 0x14 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 loc_0042d09a: cmp dword [esp + 0xd0], 0 je short loc_0042d0e4 ; je 0x42d0e4 cmp dword [esp + 0xc8], 0xffffffff je short loc_0042d0e4 ; je 0x42d0e4 imul eax, ebp, 0x68 mov edx, dword [eax + (_players+32)] ; mov edx, dword [eax + 0x496b88] mov edi, dword [eax + (_players+28)] ; mov edi, dword [eax + 0x496b84] add edx, edi mov dword [esp + 0xf8], edx fild dword [esp + 0xf8] fild dword [eax + (_players+36)] ; fild dword [eax + 0x496b8c] fmul qword [ref_00464234] ; fmul qword [0x464234] fcompp fnstsw ax sahf ja near loc_0042c829 ; ja 0x42c829 loc_0042d0e4: add esp, 0xfc pop ebp pop edi pop esi pop ebx ret fcn_0042d0ef: push ebx sub esp, 4 xor eax, eax mov edx, dword [esp + 0xc] mov dl, byte [edx] mov byte [esp], dl mov edx, dword [esp + 0x10] mov dl, byte [edx] xor ecx, ecx mov cl, byte [esp] xor ebx, ebx mov bl, dl mov cl, byte [ecx*8 + (_card_table + 5)] ; mov cl, byte [ecx*8 + 0x47fdf7] cmp cl, byte [ebx*8 + (_card_table + 5)] ; cmp cl, byte [ebx*8 + 0x47fdf7] jbe short loc_0042d122 ; jbe 0x42d122 mov eax, 0xffffffff loc_0042d122: xor ebx, ebx mov bl, byte [esp] xor ecx, ecx mov cl, dl mov dl, byte [ebx*8 + (_card_table + 5)] ; mov dl, byte [ebx*8 + 0x47fdf7] cmp dl, byte [ecx*8 + (_card_table + 5)] ; cmp dl, byte [ecx*8 + 0x47fdf7] jae short loc_0042d140 ; jae 0x42d140 mov eax, 1 loc_0042d140: add esp, 4 pop ebx ret fcn_0042d145: sub esp, 0x10 mov edx, dword [esp + 0x18] push edx mov ecx, dword [esp + 0x18] push ecx call fcn_00441343 ; call 0x441343 add esp, 8 imul ecx, dword [esp + 0x14], 0x68 mov edx, dword [esp + 0x18] xor eax, eax mov al, byte [edx*8 + (_card_table - 3)] ; mov al, byte [edx*8 + 0x47fdef] mov dword [esp + 0xc], eax fild word [esp + 0xc] fmul qword [ref_00464364] ; fmul qword [0x464364] xor eax, eax mov ax, word [ecx + (_players+48)] ; mov ax, word [ecx + 0x496b98] mov dword [esp + 8], eax fild dword [esp + 8] fstp qword [esp] fadd qword [esp] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 8] mov eax, dword [esp + 8] mov word [ecx + (_players+48)], ax ; mov word [ecx + 0x496b98], ax xor eax, eax mov al, byte [edx*8 + (_card_table - 3)] ; mov al, byte [edx*8 + 0x47fdef] add esp, 0x10 ret fcn_0042d1b2: push ebx push esi sub esp, 0xc mov ecx, dword [esp + 0x1c] mov eax, ecx xor ebx, ebx mov bl, byte [ecx*8 + (ref_0047fee2 - 3)] ; mov bl, byte [ecx*8 + 0x47fedf] imul ebx, dword [esp + 0x20] mov esi, dword [esp + 0x18] imul edx, esi, 0x68 mov dword [esp + 8], ebx fild dword [esp + 8] fmul qword [ref_0046436c] ; fmul qword [0x46436c] xor eax, ecx mov ax, word [edx + (_players+48)] ; mov ax, word [edx + 0x496b98] mov dword [esp + 8], eax fild dword [esp + 8] fstp qword [esp] fadd qword [esp] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 8] mov eax, dword [esp + 8] mov word [edx + (_players+48)], ax ; mov word [edx + 0x496b98], ax mov eax, esi shl eax, 2 add eax, esi mov edx, eax shl eax, 2 sub eax, edx mov dl, byte [esp + 0x20] sub byte [ecx + eax + ref_0049915b], dl ; sub byte [ecx + eax + 0x49915b], dl cmp ecx, 8 jg short loc_0042d22f ; jg 0x42d22f add byte [ecx + (ref_00497320 - 1)], dl ; add byte [ecx + 0x49731f], dl loc_0042d22f: mov eax, ebx add esp, 0xc pop esi pop ebx ret fcn_0042d237: push ebx mov edx, dword [esp + 0xc] push edx mov ecx, dword [esp + 0xc] push ecx call fcn_004412e4 ; call 0x4412e4 add esp, 8 imul edx, dword [esp + 8], 0x68 mov eax, dword [esp + 0xc] xor bh, bh mov bl, byte [eax*8 + (_card_table - 3)] ; mov bl, byte [eax*8 + 0x47fdef] loc_0042d25c: sub word [edx + (_players+48)], bx ; sub word [edx + 0x496b98], bx xor edx, edx mov dl, bl mov eax, edx shl eax, 2 add eax, edx add eax, eax pop ebx ret fcn_0042d272: push ebx mov edx, dword [esp + 0xc] push edx mov ecx, dword [esp + 0xc] push ecx call fcn_00445a4d ; call 0x445a4d add esp, 8 imul edx, dword [esp + 8], 0x68 mov eax, dword [esp + 0xc] xor bh, bh mov bl, byte [eax*8 + (ref_0047fee2 - 3)] ; mov bl, byte [eax*8 + 0x47fedf] jmp short loc_0042d25c ; jmp 0x42d25c fcn_0042d299: push ebx push esi push edi mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov edx, dword [ref_0048c310] ; mov edx, dword [0x48c310] test edx, edx jne short loc_0042d2f2 ; jne 0x42d2f2 push edx push edx mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0xc push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0xf0 push 0x140 mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0x24 push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi jmp short loc_0042d32c ; jmp 0x42d32c loc_0042d2f2: push 0 push 0 mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0xcc push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0xf0 push 0x140 mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0xe4 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx loc_0042d32c: call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push 0x101010 push 0 push 0xffffffffffffffec push 0xa push 0x78 mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0xc0 push eax call fcn_0044ec30 ; call 0x44ec30 add esp, 0x1c pop edi pop esi pop ebx ret endloc_0042d36a: db 0x90 ref_0042d36b: ; may contain a jump table dd loc_0042d8ab dd loc_0042d8ee dd loc_0042d9a3 dd loc_0042da31 dd loc_0042daf1 fcn_0042d37f: push ebx push esi push edi push ebp sub esp, 0x60 mov edi, dword [esp + 0x74] mov eax, dword [esp + 0x78] mov edx, dword [esp + 0x80] cmp eax, 0x205 jb short loc_0042d3e7 ; jb 0x42d3e7 jbe near loc_0042e888 ; jbe 0x42e888 cmp eax, 0x40c jb short loc_0042d3ca ; jb 0x42d3ca jbe near loc_0042d5fe ; jbe 0x42d5fe cmp eax, 0x40d jbe near loc_0042d821 ; jbe 0x42d821 cmp eax, 0x40e je near loc_0042d499 ; je 0x42d499 jmp near loc_0042e91a ; jmp 0x42e91a loc_0042d3ca: cmp eax, 0x401 jb near loc_0042e91a ; jb 0x42e91a jbe short loc_0042d423 ; jbe 0x42d423 cmp eax, 0x405 je near loc_0042d56d ; je 0x42d56d jmp near loc_0042e91a ; jmp 0x42e91a loc_0042d3e7: cmp eax, 0x113 jb short loc_0042d415 ; jb 0x42d415 jbe near loc_0042d847 ; jbe 0x42d847 cmp eax, 0x201 jb near loc_0042e91a ; jb 0x42e91a jbe near loc_0042de09 ; jbe 0x42de09 cmp eax, 0x202 je near loc_0042e62b ; je 0x42e62b jmp near loc_0042e91a ; jmp 0x42e91a loc_0042d415: cmp eax, 0xf je near loc_0042e8bc ; je 0x42e8bc jmp near loc_0042e91a ; jmp 0x42e91a loc_0042d423: xor ebp, ebp mov dword [ref_0048c310], ebp ; mov dword [0x48c310], ebp mov dword [ref_0048c314], ebp ; mov dword [0x48c314], ebp xor bl, bl mov byte [ref_0048c347], bl ; mov byte [0x48c347], bl xor bh, bh mov byte [ref_0048c348], bh ; mov byte [0x48c348], bh mov dword [ref_0048c343], ebp ; mov dword [0x48c343], ebp mov al, byte [ref_00497159] ; mov al, byte [0x497159] xor al, 1 mov byte [ref_0048c349], al ; mov byte [0x48c349], al mov byte [ref_0048c34a], al ; mov byte [0x48c34a], al call fcn_0042d299 ; call 0x42d299 push ebp push 0x32 mov ecx, dword [_callbackSize] ; mov ecx, dword [0x46cad8] push ecx push edi call dword [cs:__imp__SetTimer@16] ; ucall: call dword cs:[0x462324] mov dword [ref_0048c32b], eax ; mov dword [0x48c32b], eax push ebp push ebp push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push ebp push ebp push 0x405 loc_0042d485: push edi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] loc_0042d48d: xor eax, eax loc_0042d48f: add esp, 0x60 pop ebp pop edi pop esi pop ebx ret 0x10 loc_0042d499: mov dword [esp + 0x40], 0xe6 mov dword [esp + 0x44], 0xf6 mov dword [esp + 0x48], 0x140 mov dword [esp + 0x4c], 0x11e mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ebp, dword [esp + 0x44] push ebp mov eax, dword [esp + 0x44] push eax mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0x1c8 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0 push 3 push 0x101010 push 0xffffff push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 0xa lea eax, [esp + 0x54] push eax imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ax, word [eax + (_players+48)] ; mov ax, word [eax + 0x496b98] and eax, 0xffff push eax call fcn_00457d61 ; call 0x457d61 add esp, 0xc push 1 push 0x101 push 0x136 lea eax, [esp + 0x5c] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax loc_0042d560: push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_0042d48d ; jmp 0x42d48d loc_0042d56d: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov eax, dword [ref_0048c310] ; mov eax, dword [0x48c310] cmp byte [eax + ref_0048c349], 0 ; cmp byte [eax + 0x48c349], 0 jne short loc_0042d5ba ; jne 0x42d5ba xor edi, edi mov dword [ref_0048c318], edi ; mov dword [0x48c318], edi mov dword [ref_0048c333], 0xffffff22 ; mov dword [0x48c333], 0xffffff22 mov dword [ref_0048c337], 0x280 ; mov dword [0x48c337], 0x280 mov edx, eax shl eax, 2 sub eax, edx mov ecx, dword [eax*8 + ref_004755c0] ; mov ecx, dword [eax*8 + 0x4755c0] push ecx call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 jmp short loc_0042d5d8 ; jmp 0x42d5d8 loc_0042d5ba: mov dword [ref_0048c318], 1 ; mov dword [0x48c318], 1 mov dword [ref_0048c333], 5 ; mov dword [0x48c333], 5 mov dword [ref_0048c337], 0xe3 ; mov dword [0x48c337], 0xe3 loc_0042d5d8: mov eax, dword [ref_0048c310] ; mov eax, dword [0x48c310] add eax, 3 mov dword [ref_0048c32f], eax ; mov dword [0x48c32f], eax mov dword [ref_0048c33b], 0x28 ; mov dword [0x48c33b], 0x28 mov dword [ref_0048c33f], 0x50 ; mov dword [0x48c33f], 0x50 jmp near loc_0042d48d ; jmp 0x42d48d loc_0042d5fe: mov eax, dword [ref_0048c33b] ; mov eax, dword [0x48c33b] mov esi, dword [ref_0048c333] ; mov esi, dword [0x48c333] add esi, eax mov dword [ref_0048c333], esi ; mov dword [0x48c333], esi mov eax, dword [ref_0048c33f] ; mov eax, dword [0x48c33f] sub dword [ref_0048c337], eax ; sub dword [0x48c337], eax sub dword [ref_0048c33b], 3 ; sub dword [0x48c33b], 3 sub dword [ref_0048c33f], 7 ; sub dword [0x48c33f], 7 cmp esi, 5 jle short loc_0042d639 ; jle 0x42d639 mov dword [ref_0048c333], 5 ; mov dword [0x48c333], 5 loc_0042d639: cmp dword [ref_0048c337], 0xe3 ; cmp dword [0x48c337], 0xe3 jge short loc_0042d64f ; jge 0x42d64f mov dword [ref_0048c337], 0xe3 ; mov dword [0x48c337], 0xe3 loc_0042d64f: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048c333] ; mov eax, dword [0x48c333] cmp eax, 5 jne near loc_0042d75e ; jne 0x42d75e cmp dword [ref_0048c337], 0xe3 ; cmp dword [0x48c337], 0xe3 jne near loc_0042d75e ; jne 0x42d75e push 0x1d6 push eax push 0xa push 0 push 0xa push 0 mov ecx, dword [ref_0048c308] ; mov ecx, dword [0x48c308] mov edx, dword [ref_0048c310] ; mov edx, dword [0x48c310] mov eax, edx shl eax, 2 sub eax, edx shl eax, 6 add ecx, 0xc add eax, ecx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0xb6 push 0xa push 0x124 push 0x276 push 0x124 push 0x276 mov ecx, dword [ref_0048c308] ; mov ecx, dword [0x48c308] mov edx, dword [ref_0048c310] ; mov edx, dword [0x48c310] mov eax, edx shl eax, 2 sub eax, edx shl eax, 6 add ecx, 0xc add eax, ecx push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0xd push 0x21e mov eax, dword [ref_0048c310] ; mov eax, dword [0x48c310] shl eax, 4 lea edx, [eax + 0xd] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0xc add eax, edx push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0xf6 fcn_0042d73f: push 0x22c mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0x1b0 push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 loc_0042d75e: push 0xa mov eax, dword [ref_0048c333] ; mov eax, dword [0x48c333] push eax mov eax, dword [ref_0048c310] ; mov eax, dword [0x48c310] shl eax, 4 lea edx, [eax + 1] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0xc add eax, edx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x125 mov ecx, dword [ref_0048c337] ; mov ecx, dword [0x48c337] push ecx mov eax, dword [ref_0048c310] ; mov eax, dword [0x48c310] mov ebx, dword [eax*4 + ref_0048c300] ; mov ebx, dword [eax*4 + 0x48c300] push ebx mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push 0 push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] cmp dword [ref_0048c333], 5 ; cmp dword [0x48c333], 5 jne near loc_0042d48d ; jne 0x42d48d cmp dword [ref_0048c337], 0xe3 ; cmp dword [0x48c337], 0xe3 jne near loc_0042d48d ; jne 0x42d48d mov dword [ref_0048c318], 2 ; mov dword [0x48c318], 2 push 0 push 0 push 0x40d push edi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] push 0 push 0 push 0x40e jmp near loc_0042d485 ; jmp 0x42d485 loc_0042d821: mov eax, dword [ref_0048c310] ; mov eax, dword [0x48c310] cmp byte [eax + ref_0048c349], 0 ; cmp byte [eax + 0x48c349], 0 jne near loc_0042d48d ; jne 0x42d48d mov edx, eax shl eax, 2 sub eax, edx mov ebx, dword [eax*8 + ref_004755c4] ; mov ebx, dword [eax*8 + 0x4755c4] loc_0042d841: push ebx jmp near loc_0042e459 ; jmp 0x42e459 loc_0042d847: cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je near loc_0042d48d ; je 0x42d48d mov eax, dword [esp + 0x7c] cmp eax, dword [_callbackSize] ; cmp eax, dword [0x46cad8] jne near loc_0042d48d ; jne 0x42d48d cmp dword [ref_0048c318], 1 ; cmp dword [0x48c318], 1 jne short loc_0042d87e ; jne 0x42d87e push 0 push 0 push 0x40c push edi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] loc_0042d87e: mov ch, byte [ref_0048c348] ; mov ch, byte [0x48c348] xor ch, 1 mov byte [ref_0048c348], ch ; mov byte [0x48c348], ch je near loc_0042d48d ; je 0x42d48d mov eax, dword [ref_0048c32f] ; mov eax, dword [0x48c32f] and eax, 0xf cmp eax, 4 ja near loc_0042dbac ; ja 0x42dbac jmp dword [eax*4 + ref_0042d36b] ; ujmp: jmp dword [eax*4 + 0x42d36b] loc_0042d8ab: call clib_rand ; call 0x456f2d mov esi, eax sar esi, 0xa test esi, esi jne short loc_0042d8d3 ; jne 0x42d8d3 test byte [ref_0048c330], 0xf ; test byte [0x48c330], 0xf je short loc_0042d8d3 ; je 0x42d8d3 mov eax, dword [ref_0048c310] ; mov eax, dword [0x48c310] inc eax or dword [ref_0048c32f], eax ; or dword [0x48c32f], eax jmp near loc_0042dbac ; jmp 0x42dbac loc_0042d8d3: cmp esi, 1 jne near loc_0042dbac ; jne 0x42dbac mov eax, dword [ref_0048c310] ; mov eax, dword [0x48c310] add eax, 3 mov dword [ref_0048c32f], eax ; mov dword [0x48c32f], eax jmp near loc_0042dbac ; jmp 0x42dbac loc_0042d8ee: mov esi, dword [ref_0048c32f] ; mov esi, dword [0x48c32f] and esi, 0xf0 sar esi, 4 cmp esi, 4 jne short loc_0042d911 ; jne 0x42d911 mov dword [ref_0048c32f], 0x200 ; mov dword [0x48c32f], 0x200 jmp near loc_0042dbac ; jmp 0x42dbac loc_0042d911: mov dword [esp + 0x40], 0x195 mov dword [esp + 0x44], 0x3c mov dword [esp + 0x48], 0x1c7 mov dword [esp + 0x4c], 0x5d mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ebp, dword [esp + 0x44] push ebp mov eax, dword [esp + 0x44] push eax xor edx, edx mov dl, byte [esi + ref_004755b8] ; mov dl, byte [esi + 0x4755b8] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0xc add eax, edx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx loc_0042d977: call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push edi add dword [ref_0048c32f], 0x10 ; add dword [0x48c32f], 0x10 jmp near loc_0042dba5 ; jmp 0x42dba5 loc_0042d9a3: mov esi, dword [ref_0048c32f] ; mov esi, dword [0x48c32f] and esi, 0xf0 sar esi, 4 cmp esi, 4 jne short loc_0042d9c6 ; jne 0x42d9c6 mov dword [ref_0048c32f], 0x100 ; mov dword [0x48c32f], 0x100 jmp near loc_0042dbac ; jmp 0x42dbac loc_0042d9c6: mov dword [esp + 0x40], 0x1a1 mov dword [esp + 0x44], 0x32 mov dword [esp + 0x48], 0x1e7 mov dword [esp + 0x4c], 0x5e mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov edx, dword [esp + 0x44] push edx mov ecx, dword [esp + 0x44] push ecx xor edx, edx mov dl, byte [esi + ref_004755bc] ; mov dl, byte [esi + 0x4755bc] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0xc add edx, eax push edx mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx jmp near loc_0042d977 ; jmp 0x42d977 loc_0042da31: call clib_rand ; call 0x456f2d mov edx, eax shl eax, 2 sub eax, edx sar eax, 0xf lea esi, [eax + 1] mov ebp, dword [ref_0048c32f] ; mov ebp, dword [0x48c32f] and ebp, 0xf00 sar ebp, 8 cmp esi, ebp je near loc_0042dbac ; je 0x42dbac mov dword [esp + 0x40], 0x195 mov dword [esp + 0x44], 0x3c mov dword [esp + 0x48], 0x1c7 mov dword [esp + 0x4c], 0x5d mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ebx, dword [esp + 0x44] push ebx mov ebp, dword [esp + 0x44] push ebp lea edx, [esi + 3] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0xc add eax, edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall and word [ref_0048c32f], 0xf0f0 ; and word [0x48c32f], 0xf0f0 shl esi, 8 or dword [ref_0048c32f], esi ; or dword [0x48c32f], esi push 0 lea eax, [esp + 0x44] push eax push edi jmp near loc_0042dba5 ; jmp 0x42dba5 loc_0042daf1: call clib_rand ; call 0x456f2d and eax, 1 lea esi, [eax + 1] mov ebp, dword [ref_0048c32f] ; mov ebp, dword [0x48c32f] and ebp, 0xf00 sar ebp, 8 cmp esi, ebp je near loc_0042dbac ; je 0x42dbac mov dword [esp + 0x40], 0x1a1 mov dword [esp + 0x44], 0x32 mov dword [esp + 0x48], 0x1e7 mov dword [esp + 0x4c], 0x5e mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [esp + 0x44] push eax mov edx, dword [esp + 0x44] push edx lea edx, [esi + 0x16] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048c308] ; mov edx, dword [0x48c308] add edx, 0xc add eax, edx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall and word [ref_0048c32f], 0xf0f0 ; and word [0x48c32f], 0xf0f0 shl esi, 8 or dword [ref_0048c32f], esi ; or dword [0x48c32f], esi push 0 lea eax, [esp + 0x44] push eax push edi loc_0042dba5: call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_0042dbac: push 0 call fcn_0044ee18 ; call 0x44ee18 add esp, 4 test eax, eax je near loc_0042dc36 ; je 0x42dc36 mov eax, dword [ref_0048c318] ; mov eax, dword [0x48c318] cmp eax, 2 jb short loc_0042dbd1 ; jb 0x42dbd1 jbe short loc_0042dbf0 ; jbe 0x42dbf0 cmp eax, 4 je short loc_0042dc0f ; je 0x42dc0f jmp short loc_0042dc36 ; jmp 0x42dc36 loc_0042dbd1: test eax, eax jne short loc_0042dc36 ; jne 0x42dc36 push eax push eax push 0x40c push edi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] mov dword [ref_0048c318], 1 ; mov dword [0x48c318], 1 jmp short loc_0042dc36 ; jmp 0x42dc36 loc_0042dbf0: mov dword [ref_0048c318], 3 ; mov dword [0x48c318], 3 mov eax, dword [ref_0048c310] ; mov eax, dword [0x48c310] mov byte [eax + ref_0048c349], 1 ; mov byte [eax + 0x48c349], 1 push 1 call fcn_00402460 ; call 0x402460 jmp short loc_0042dc33 ; jmp 0x42dc33 loc_0042dc0f: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov ebp, dword [ref_0048c32b] ; mov ebp, dword [0x48c32b] push ebp push edi call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] mov eax, dword [ref_0048c343] ; mov eax, dword [0x48c343] push eax call _Post_0402_Message ; call 0x401966 loc_0042dc33: add esp, 4 loc_0042dc36: call fcn_0044ef3b ; call 0x44ef3b test eax, eax jne short loc_0042dc4c ; jne 0x42dc4c cmp dword [ref_0048c314], 0 ; cmp dword [0x48c314], 0 je near loc_0042d48d ; je 0x42d48d loc_0042dc4c: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov esi, dword [ref_0048c314] ; mov esi, dword [0x48c314] test esi, esi je near loc_0042dd03 ; je 0x42dd03 lea edx, [esi - 1] mov dword [ref_0048c314], edx ; mov dword [0x48c314], edx test edx, edx jne near loc_0042ddf4 ; jne 0x42ddf4 cmp dword [ref_0048c310], 0 ; cmp dword [0x48c310], 0 jne short loc_0042dcc0 ; jne 0x42dcc0 mov ebx, 0x195 mov dword [esp + 0x40], ebx mov esi, 0x5b mov dword [esp + 0x44], esi mov dword [esp + 0x48], 0x1c7 mov dword [esp + 0x4c], 0x6e push esi push ebx mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0x78 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx jmp short loc_0042dcf6 ; jmp 0x42dcf6 loc_0042dcc0: mov esi, 0x1a1 mov dword [esp + 0x40], esi mov ebp, 0x59 mov dword [esp + 0x44], ebp mov dword [esp + 0x48], 0x1e7 mov dword [esp + 0x4c], 0x6e push ebp push esi mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0x138 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx loc_0042dcf6: call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 jmp near loc_0042dde5 ; jmp 0x42dde5 loc_0042dd03: call clib_rand ; call 0x456f2d mov esi, eax sar esi, 0xb cmp esi, 4 jge near loc_0042ddf4 ; jge 0x42ddf4 cmp dword [ref_0048c310], 0 ; cmp dword [0x48c310], 0 jne short loc_0042dd6e ; jne 0x42dd6e mov ebp, 0x195 mov dword [esp + 0x40], ebp mov eax, 0x5b mov dword [esp + 0x44], eax mov dword [esp + 0x48], 0x1c7 mov dword [esp + 0x4c], 0x6e push eax push ebp call clib_rand ; call 0x456f2d and eax, 1 lea edx, [eax + 0xa] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0xc add eax, edx push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx jmp short loc_0042ddbb ; jmp 0x42ddbb loc_0042dd6e: mov eax, 0x1a1 mov dword [esp + 0x40], eax mov edx, 0x59 mov dword [esp + 0x44], edx mov dword [esp + 0x48], 0x1e7 mov dword [esp + 0x4c], 0x6e push edx push eax call clib_rand ; call 0x456f2d and eax, 1 lea edx, [eax + 0x1a] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0xc add eax, edx push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi loc_0042ddbb: call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 call clib_rand ; call 0x456f2d and eax, 7 mov esi, dword [ref_0048c314] ; mov esi, dword [0x48c314] or esi, eax mov dword [ref_0048c314], esi ; mov dword [0x48c314], esi jne short loc_0042dde5 ; jne 0x42dde5 mov dword [ref_0048c314], 1 ; mov dword [0x48c314], 1 loc_0042dde5: push 0 lea eax, [esp + 0x44] push eax push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_0042ddf4: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall jmp near loc_0042d48d ; jmp 0x42d48d loc_0042de09: cmp dword [ref_0048c318], 3 ; cmp dword [0x48c318], 3 je short loc_0042de4c ; je 0x42de4c push 1 call fcn_0044ee18 ; call 0x44ee18 add esp, 4 cmp dword [ref_0048c318], 1 ; cmp dword [0x48c318], 1 jg near loc_0042d48d ; jg 0x42d48d mov dword [ref_0048c318], 1 ; mov dword [0x48c318], 1 mov dword [ref_0048c333], 5 ; mov dword [0x48c333], 5 mov dword [ref_0048c337], 0xe3 ; mov dword [0x48c337], 0xe3 jmp near loc_0042d48d ; jmp 0x42d48d loc_0042de4c: xor esi, esi mov si, dx mov eax, edx shr eax, 0x10 and eax, 0xffff movzx ebp, ax cmp esi, 0x21e jl near loc_0042df31 ; jl 0x42df31 cmp esi, 0x273 jg near loc_0042df31 ; jg 0x42df31 cmp ebp, 0xd jl near loc_0042df31 ; jl 0x42df31 cmp ebp, 0x62 jg near loc_0042df31 ; jg 0x42df31 mov dword [esp + 0x40], 0x21e mov dword [esp + 0x44], 0xd mov dword [esp + 0x48], 0x273 mov dword [esp + 0x4c], 0x62 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 push 1 mov edx, ref_0048a068 ; mov edx, 0x48a068 push edx push 0 mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx call dword [eax + 0x64] ; ucall mov ebx, dword [esp + 0x44] push ebx mov esi, dword [esp + 0x44] push esi mov eax, dword [ref_0048c310] ; mov eax, dword [0x48c310] shl eax, 4 lea edx, [eax + 0xe] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0xc add eax, edx push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 mov edx, dword [ref_0048a0e0] ; mov edx, dword [0x48a0e0] push edx call dword [eax + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov byte [ref_0048c347], 1 ; mov byte [0x48c347], 1 jmp near loc_0042d48d ; jmp 0x42d48d loc_0042df31: cmp esi, 0x22c jl near loc_0042dfe6 ; jl 0x42dfe6 cmp esi, 0x27c jg near loc_0042dfe6 ; jg 0x42dfe6 cmp ebp, 0xf6 jl near loc_0042dfe6 ; jl 0x42dfe6 cmp ebp, 0x11e jg near loc_0042dfe6 ; jg 0x42dfe6 mov dword [esp + 0x40], 0x22c mov dword [esp + 0x44], 0xf6 mov dword [esp + 0x48], 0x27c mov dword [esp + 0x4c], 0x11e mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov edx, dword [esp + 0x44] push edx mov ecx, dword [esp + 0x44] push ecx mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0x1bc push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov byte [ref_0048c347], 2 ; mov byte [0x48c347], 2 jmp near loc_0042d48d ; jmp 0x42d48d loc_0042dfe6: cmp esi, 0xe8 jle near loc_0042e148 ; jle 0x42e148 cmp esi, 0x278 jge near loc_0042e148 ; jge 0x42e148 cmp ebp, 0x12a jle near loc_0042e148 ; jle 0x42e148 cmp ebp, 0x1d2 jge near loc_0042e148 ; jge 0x42e148 lea edx, [ebp - 0x12a] mov ebx, 0x38 mov eax, edx sar edx, 0x1f idiv ebx mov edi, eax lea edx, [esi - 0xe8] mov ecx, 0x50 mov eax, edx sar edx, 0x1f idiv ecx mov edx, eax mov ebx, edi mov eax, ebx shl eax, 2 add eax, ebx lea ebx, [eax + edx] mov eax, edx shl eax, 2 add eax, edx shl eax, 4 lea edx, [eax + 0xe9] mov dword [esp + 0x40], edx add eax, 0x137 mov dword [esp + 0x48], eax shl edi, 3 mov eax, edi shl eax, 3 sub eax, edi lea edx, [eax + 0x12b] mov dword [esp + 0x44], edx add eax, 0x161 mov dword [esp + 0x4c], eax cmp dword [ref_0048c310], 0 ; cmp dword [0x48c310], 0 jne short loc_0042e100 ; jne 0x42e100 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx add ebx, eax mov dl, byte [ebx + ref_00499120] ; mov dl, byte [ebx + 0x499120] test dl, dl je near loc_0042d48d ; je 0x42d48d xor eax, eax mov al, dl push eax mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi call fcn_0042d145 ; call 0x42d145 add esp, 8 add dword [ref_0048c343], eax ; add dword [0x48c343], eax mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax mov edx, dword [ref_0048c30c] ; mov edx, dword [0x48c30c] push edx mov ecx, dword [ref_0048c300] ; mov ecx, dword [0x48c300] push ecx call fcn_00441b0a ; call 0x441b0a loc_0042e0e4: add esp, 0xc lea eax, [esp + 0x40] push eax call fcn_00451b9e ; call 0x451b9e add esp, 4 mov byte [ref_0048c347], 3 ; mov byte [0x48c347], 3 jmp near loc_0042d48d ; jmp 0x42d48d loc_0042e100: cmp byte [ebx + ref_0048c548], 0 ; cmp byte [ebx + 0x48c548], 0 je near loc_0042d48d ; je 0x42d48d push 1 xor eax, eax mov al, byte [ebx + ref_0048c548] ; mov al, byte [ebx + 0x48c548] push eax mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_0042d1b2 ; call 0x42d1b2 add esp, 0xc add dword [ref_0048c343], eax ; add dword [0x48c343], eax mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx mov ebx, dword [ref_0048c30c] ; mov ebx, dword [0x48c30c] push ebx mov esi, dword [ref_0048c304] ; mov esi, dword [0x48c304] push esi call fcn_00447c6e ; call 0x447c6e jmp short loc_0042e0e4 ; jmp 0x42e0e4 loc_0042e148: cmp dword [ref_0048c310], 0 ; cmp dword [0x48c310], 0 jne near loc_0042e39c ; jne 0x42e39c cmp esi, 0xe jl near loc_0042e39c ; jl 0x42e39c cmp esi, 0xd7 jg near loc_0042e39c ; jg 0x42e39c cmp ebp, 0x51 jl near loc_0042e39c ; jl 0x42e39c cmp ebp, 0x1b9 jg near loc_0042e39c ; jg 0x42e39c lea edx, [ebp - 0x51] mov ebx, 0x18 mov eax, edx sar edx, 0x1f idiv ebx mov ebx, eax cmp byte [eax + ref_0048c31c], 0 ; cmp byte [eax + 0x48c31c], 0 je near loc_0042d48d ; je 0x42d48d xor eax, eax mov al, byte [ebx + ref_0048c31c] ; mov al, byte [ebx + 0x48c31c] xor edx, edx mov dl, byte [eax*8 + (_card_table - 3)] ; mov dl, byte [eax*8 + 0x47fdef] mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] imul eax, ecx, 0x68 mov ax, word [eax + (_players+48)] ; mov ax, word [eax + 0x496b98] and eax, 0xffff cmp eax, edx jge short loc_0042e1eb ; jge 0x42e1eb mov dword [ref_0048c318], 2 ; mov dword [0x48c318], 2 mov edx, dword [ref_0048c310] ; mov edx, dword [0x48c310] mov eax, edx shl eax, 2 sub eax, edx mov edi, dword [eax*8 + ref_004755c8] ; mov edi, dword [eax*8 + 0x4755c8] push edi jmp near loc_0042e459 ; jmp 0x42e459 loc_0042e1eb: push ecx call fcn_00441262 ; call 0x441262 add esp, 4 cmp eax, 0xf jge near loc_0042e43a ; jge 0x42e43a xor eax, eax mov al, byte [ebx + ref_0048c31c] ; mov al, byte [ebx + 0x48c31c] push eax mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_0042d237 ; call 0x42d237 add esp, 8 add dword [ref_0048c343], eax ; add dword [0x48c343], eax mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx mov eax, dword [ref_0048c30c] ; mov eax, dword [0x48c30c] push eax mov edx, dword [ref_0048c300] ; mov edx, dword [0x48c300] push edx call fcn_00441b0a ; call 0x441b0a add esp, 0xc push 0 push 3 push 0x101010 push 0xa0a0a0 push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov dword [esp + 0x40], 0xe mov edx, ebx mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov dword [esp + 0x5c], eax add eax, 0x51 mov dword [esp + 0x44], eax mov dword [esp + 0x48], 0xd7 mov eax, dword [esp + 0x5c] add eax, 0x69 mov dword [esp + 0x4c], eax push 2 mov eax, dword [esp + 0x60] add eax, 0x53 push eax push 0x5a xor eax, eax mov al, byte [ebx + ref_0048c31c] ; mov al, byte [ebx + 0x48c31c] mov edx, dword [eax*8 + (_card_table - 8)] ; mov edx, dword [eax*8 + 0x47fdea] push edx mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor eax, eax mov al, byte [ebx + ref_0048c31c] ; mov al, byte [ebx + 0x48c31c] mov al, byte [eax*8 + (_card_table - 3)] ; mov al, byte [eax*8 + 0x47fdef] and eax, 0xff push eax push ref_00464374 ; push 0x464374 lea eax, [esp + 0x58] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 1 mov eax, dword [esp + 0x60] add eax, 0x4b push eax push 0xc2 lea eax, [esp + 0x5c] push eax mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x18 push 0xc9 mov eax, dword [esp + 0x4c] sub eax, 0xa push eax mov eax, dword [esp + 0x4c] sub eax, 5 push eax mov ecx, dword [esp + 0x54] push ecx mov eax, dword [esp + 0x54] push eax mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0x18 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x125 push 0xe3 mov ecx, dword [ref_0048c300] ; mov ecx, dword [0x48c300] push ecx mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall xor dl, dl mov byte [ebx + ref_0048c31c], dl ; mov byte [ebx + 0x48c31c], dl push 0 push 0 push 0x40e push edi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] push 0 push 0 push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_0042e39c: cmp dword [ref_0048c310], 0 ; cmp dword [0x48c310], 0 je near loc_0042d48d ; je 0x42d48d cmp esi, 0xc jl near loc_0042d48d ; jl 0x42d48d cmp esi, 0xd5 jg near loc_0042d48d ; jg 0x42d48d cmp ebp, 0x50 jl near loc_0042d48d ; jl 0x42d48d cmp ebp, 0x1d0 jg near loc_0042d48d ; jg 0x42d48d lea edx, [ebp - 0x50] mov ebx, 0x30 mov eax, edx sar edx, 0x1f idiv ebx mov ebx, eax mov dh, byte [eax + ref_0048c2f8] ; mov dh, byte [eax + 0x48c2f8] test dh, dh je near loc_0042d48d ; je 0x42d48d movzx ebp, dh xor ecx, ecx mov cl, byte [ebp*8 + (ref_0047fee2 - 3)] ; mov cl, byte [ebp*8 + 0x47fedf] imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ax, word [eax + (_players+48)] ; mov ax, word [eax + 0x496b98] and eax, 0xffff mov edx, dword [ref_0048c310] ; mov edx, dword [0x48c310] mov esi, edx shl esi, 2 sub esi, edx shl esi, 3 cmp ecx, eax jle short loc_0042e466 ; jle 0x42e466 mov dword [ref_0048c318], 2 ; mov dword [0x48c318], 2 mov ebx, dword [esi + ref_004755c8] ; mov ebx, dword [esi + 0x4755c8] jmp near loc_0042d841 ; jmp 0x42d841 loc_0042e43a: mov dword [ref_0048c318], 2 ; mov dword [0x48c318], 2 mov edx, dword [ref_0048c310] ; mov edx, dword [0x48c310] mov eax, edx shl eax, 2 sub eax, edx mov ecx, dword [eax*8 + ref_004755cc] ; mov ecx, dword [eax*8 + 0x4755cc] loc_0042e458: push ecx loc_0042e459: call fcn_0044ecb6 ; call 0x44ecb6 loc_0042e45e: add esp, 4 jmp near loc_0042d48d ; jmp 0x42d48d loc_0042e466: mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx cmp byte [eax + ebp + ref_0049915b], 9 ; cmp byte [eax + ebp + 0x49915b], 9 jae near loc_0042e616 ; jae 0x42e616 push ebp mov esi, dword [_current_player] ; mov esi, dword [0x49910c] push esi call fcn_0042d272 ; call 0x42d272 add esp, 8 add dword [ref_0048c343], eax ; add dword [0x48c343], eax mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax mov edx, dword [ref_0048c30c] ; mov edx, dword [0x48c30c] push edx mov ecx, dword [ref_0048c304] ; mov ecx, dword [0x48c304] push ecx call fcn_00447c6e ; call 0x447c6e add esp, 0xc push 0 push 3 push 0x101010 push 0xa0a0a0 push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov dword [esp + 0x40], 0xc mov edx, ebx mov esi, edx shl esi, 2 sub esi, edx shl esi, 4 lea eax, [esi + 0x50] mov dword [esp + 0x44], eax mov dword [esp + 0x48], 0xdc lea eax, [esi + 0x80] mov dword [esp + 0x4c], eax push 2 lea eax, [esi + 0x5c] push eax push 0x5a xor eax, eax mov al, byte [ebx + ref_0048c2f8] ; mov al, byte [ebx + 0x48c2f8] mov edx, dword [eax*8 + (ref_0047fee2 - 8)] ; mov edx, dword [eax*8 + 0x47feda] push edx mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0xd8 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor eax, eax mov al, byte [ebx + ref_0048c2f8] ; mov al, byte [ebx + 0x48c2f8] mov al, byte [eax*8 + (ref_0047fee2 - 3)] ; mov al, byte [eax*8 + 0x47fedf] and eax, 0xff push eax push ref_00464374 ; push 0x464374 lea eax, [esp + 0x58] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 1 add esi, 0x54 push esi push 0xc2 lea eax, [esp + 0x5c] push eax mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0xd8 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x30 push 0xd0 mov eax, dword [esp + 0x4c] sub eax, 0xa push eax mov eax, dword [esp + 0x4c] sub eax, 5 push eax mov ecx, dword [esp + 0x54] push ecx mov esi, dword [esp + 0x54] push esi mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0xd8 push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x125 push 0xe3 mov eax, dword [ref_0048c304] ; mov eax, dword [0x48c304] push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall xor ch, ch mov byte [ebx + ref_0048c2f8], ch ; mov byte [ebx + 0x48c2f8], ch push 0 push 0 push 0x40e push edi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] push 0 push 0 jmp near loc_0042d560 ; jmp 0x42d560 loc_0042e616: mov dword [ref_0048c318], 2 ; mov dword [0x48c318], 2 mov ecx, dword [esi + ref_004755cc] ; mov ecx, dword [esi + 0x4755cc] jmp near loc_0042e458 ; jmp 0x42e458 loc_0042e62b: mov cl, byte [ref_0048c347] ; mov cl, byte [0x48c347] test cl, cl je near loc_0042d48d ; je 0x42d48d mov al, cl cmp cl, 2 jb short loc_0042e650 ; jb 0x42e650 jbe short loc_0042e686 ; jbe 0x42e686 cmp cl, 3 je near loc_0042e7ec ; je 0x42e7ec jmp near loc_0042e87c ; jmp 0x42e87c loc_0042e650: cmp cl, 1 jne near loc_0042e87c ; jne 0x42e87c xor byte [ref_0048c310], cl ; xor byte [0x48c310], cl call fcn_0042d299 ; call 0x42d299 push 0 push 0 push 0x405 push edi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] push 0 push 0 push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_0042e87c ; jmp 0x42e87c loc_0042e686: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall cmp dword [ref_0048c310], 0 ; cmp dword [0x48c310], 0 jne short loc_0042e6c7 ; jne 0x42e6c7 mov dword [esp + 0x40], 0x13c mov dword [esp + 0x44], 0x5e mov dword [esp + 0x48], 0x1a0 mov dword [esp + 0x4c], 0xe3 jmp short loc_0042e6e7 ; jmp 0x42e6e7 loc_0042e6c7: mov dword [esp + 0x40], 0x136 mov dword [esp + 0x44], 0x17 mov dword [esp + 0x48], 0x19a mov dword [esp + 0x4c], 0xc1 loc_0042e6e7: mov eax, dword [esp + 0x4c] mov ecx, dword [esp + 0x44] sub eax, ecx push eax mov eax, dword [esp + 0x4c] mov ebx, dword [esp + 0x44] sub eax, ebx push eax push ecx push ebx push ecx push ebx mov ecx, dword [ref_0048c308] ; mov ecx, dword [0x48c308] mov edx, dword [ref_0048c310] ; mov edx, dword [0x48c310] mov eax, edx shl eax, 2 sub eax, edx shl eax, 6 add ecx, 0xc add eax, ecx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0xf0 push 0x140 mov eax, dword [ref_0048c310] ; mov eax, dword [0x48c310] shl eax, 4 lea edx, [eax + 3] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048c308] ; mov edx, dword [0x48c308] add edx, 0xc add eax, edx push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov esi, 0x22c mov dword [esp + 0x40], esi mov ebp, 0xf6 mov dword [esp + 0x44], ebp mov dword [esp + 0x48], 0x27c mov dword [esp + 0x4c], 0x11e push ebp push esi mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0x1b0 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push 0 push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov edx, dword [ref_0048c310] ; mov edx, dword [0x48c310] mov eax, edx shl eax, 2 sub eax, edx mov ebx, dword [eax*8 + ref_004755d0] ; mov ebx, dword [eax*8 + 0x4755d0] push ebx call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 mov dword [ref_0048c318], 4 ; mov dword [0x48c318], 4 jmp near loc_0042e87c ; jmp 0x42e87c loc_0042e7ec: call fcn_00451d4e ; call 0x451d4e mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x125 push 0xe3 mov eax, dword [ref_0048c310] ; mov eax, dword [0x48c310] mov ebp, dword [eax*4 + ref_0048c300] ; mov ebp, dword [eax*4 + 0x48c300] push ebp mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov dword [esp + 0x40], 0xe8 mov dword [esp + 0x48], 0x278 mov dword [esp + 0x44], 0x12a mov dword [esp + 0x4c], 0x1d2 push 0 lea eax, [esp + 0x44] push eax push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 push 0 push 0x40e push edi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] loc_0042e87c: xor al, al mov byte [ref_0048c347], al ; mov byte [0x48c347], al jmp near loc_0042d48d ; jmp 0x42d48d loc_0042e888: push 1 call fcn_0044ee18 ; call 0x44ee18 add esp, 4 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov ebx, dword [ref_0048c32b] ; mov ebx, dword [0x48c32b] push ebx push edi call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] mov esi, dword [ref_0048c343] ; mov esi, dword [0x48c343] push esi call _Post_0402_Message ; call 0x401966 jmp near loc_0042e45e ; jmp 0x42e45e loc_0042e8bc: mov eax, esp push eax push edi call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov eax, dword [eax] push 0x10 lea edx, [esp + 0xc] push edx mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] push ebx mov esi, dword [esp + 0x18] push esi mov ebp, dword [esp + 0x18] push ebp mov edx, dword [ref_0048a0dc] ; mov edx, dword [0x48a0dc] push edx call dword [eax + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push edi call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_0042d48d ; jmp 0x42d48d loc_0042e91a: push edx mov ecx, dword [esp + 0x80] push ecx push eax push edi call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_0042d48f ; jmp 0x42d48f fcn_0042e931: push ebx push esi push edi push ebp sub esp, 0x134 mov edx, dword [esp + 0x148] cmp edx, 0x1770 jle near loc_0042ea2b ; jle 0x42ea2b cmp edx, 0x1f40 jge near loc_0042ea2b ; jge 0x42ea2b lea eax, [edx - 0x1770] imul edx, eax, 0x34 mov eax, dword [ref_00498e7c] ; mov eax, dword [0x498e7c] add eax, edx xor edx, edx mov dl, byte [eax + 0x18] mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edx, eax jne near loc_0042ea2b ; jne 0x42ea2b call clib_rand ; call 0x456f2d test al, 1 je short loc_0042e9b9 ; je 0x42e9b9 mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi call fcn_00445ada ; call 0x445ada add esp, 4 mov ebx, eax shl ebx, 3 mov ebp, dword [ebx + (ref_0047fee2 - 8)] ; mov ebp, dword [ebx + 0x47feda] push ebp lea eax, [esp + 0x124] push eax call fcn_00457d96 ; call 0x457d96 add esp, 8 mov bl, byte [ebx + (ref_0047fee2 - 3)] ; mov bl, byte [ebx + 0x47fedf] jmp short loc_0042e9ea ; jmp 0x42e9ea loc_0042e9b9: mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_00441e12 ; call 0x441e12 add esp, 4 mov ebx, eax shl ebx, 3 mov esi, dword [ebx + (_card_table - 8)] ; mov esi, dword [ebx + 0x47fdea] push esi lea eax, [esp + 0x124] push eax call fcn_00457d96 ; call 0x457d96 add esp, 8 mov bl, byte [ebx + (_card_table - 3)] ; mov bl, byte [ebx + 0x47fdef] loc_0042e9ea: and ebx, 0xff lea eax, [esp + 0x120] push eax push ref_00464378 ; push 0x464378 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 push ebx mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_0044f230 ; call 0x44f230 add esp, 8 loc_0042ea2b: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne near loc_0042ed8d ; jne 0x42ed8d push 0 push 0 push 0xa mov ebx, dword [ref_0048a05c] ; mov ebx, dword [0x48a05c] push ebx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c308], eax ; mov dword [0x48c308], eax push 0 push 0 push 0xb mov esi, dword [ref_0048a05c] ; mov esi, dword [0x48a05c] push esi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c30c], eax ; mov dword [0x48c30c], eax push 0 push 0 movsx edx, word [eax + 0xe] push edx movsx eax, word [eax + 0xc] push eax call fcn_00451a5a ; call 0x451a5a add esp, 0x10 mov dword [ref_0048c300], eax ; mov dword [0x48c300], eax push 0 push 0 mov eax, dword [ref_0048c30c] ; mov eax, dword [0x48c30c] movsx edx, word [eax + 0x1a] push edx movsx eax, word [eax + 0x18] push eax call fcn_00451a5a ; call 0x451a5a add esp, 0x10 mov dword [ref_0048c304], eax ; mov dword [0x48c304], eax push 0xf push 0 push ref_0048c31c ; push 0x48c31c call memset ; call 0x456f60 add esp, 0xc push 8 push 0 push ref_0048c2f8 ; push 0x48c2f8 call memset ; call 0x456f60 add esp, 0xc push 0 push 3 push 0x101010 push 0xffffff push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 0x1e push ref_00499198 ; push 0x499198 lea eax, [esp + 0x108] push eax call _memcpy ; call 0x456de8 add esp, 0xc call clib_rand ; call 0x456f2d mov edx, eax mov ebx, 0xa sar edx, 0x1f idiv ebx lea ebp, [edx + 6] xor edi, edi loc_0042eb15: cmp edi, ebp jge near loc_0042ebfe ; jge 0x42ebfe xor ebx, ebx mov dword [esp + 0x130], ebx jmp short loc_0042eb37 ; jmp 0x42eb37 loc_0042eb28: lea eax, [edx + 1] mov dword [esp + 0x130], eax cmp eax, 0x1e jge short loc_0042eb61 ; jge 0x42eb61 loc_0042eb37: xor esi, esi mov edx, dword [esp + 0x130] loc_0042eb40: xor eax, eax mov al, byte [esp + edx + 0x100] cmp esi, eax jge short loc_0042eb28 ; jge 0x42eb28 mov al, byte [esp + 0x130] inc al mov byte [esp + ebx + 0x80], al inc ebx inc esi jmp short loc_0042eb40 ; jmp 0x42eb40 loc_0042eb61: call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv ebx mov al, byte [esp + edx + 0x80] mov byte [edi + ref_0048c31c], al ; mov byte [edi + 0x48c31c], al xor edx, edx mov dl, al push 2 mov ebx, edi shl ebx, 2 sub ebx, edi shl ebx, 3 dec byte [esp + edx + 0x103] lea eax, [ebx + 0x53] push eax push 0x5a mov ecx, dword [edx*8 + (_card_table - 8)] ; mov ecx, dword [edx*8 + 0x47fdea] push ecx mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor eax, eax mov al, byte [edi + ref_0048c31c] ; mov al, byte [edi + 0x48c31c] mov al, byte [eax*8 + (_card_table - 3)] ; mov al, byte [eax*8 + 0x47fdef] and eax, 0xff push eax push ref_00464374 ; push 0x464374 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 1 add ebx, 0x4b push ebx push 0xc2 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc edi jmp near loc_0042eb15 ; jmp 0x42eb15 loc_0042ebfe: xor ecx, ecx mov dword [esp + 0x130], ecx xor esi, esi jmp short loc_0042ec23 ; jmp 0x42ec23 loc_0042ec0b: mov eax, dword [esp + 0x130] inc eax mov dword [esp + 0x130], eax cmp eax, 8 jge near loc_0042ecbb ; jge 0x42ecbb loc_0042ec23: mov eax, dword [esp + 0x130] cmp byte [eax + ref_00497320], 0 ; cmp byte [eax + 0x497320], 0 je short loc_0042ec0b ; je 0x42ec0b mov al, byte [esp + 0x130] inc al mov byte [esi + ref_0048c2f8], al ; mov byte [esi + 0x48c2f8], al push 2 mov edi, esi shl edi, 2 sub edi, esi shl edi, 4 lea eax, [edi + 0x5c] push eax push 0x5a mov ebx, dword [esp + 0x13c] mov ebp, dword [ebx*8 + ref_0047fee2] ; mov ebp, dword [ebx*8 + 0x47fee2] push ebp mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0xd8 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor eax, eax mov al, byte [ebx*8 + ref_0047fee7] ; mov al, byte [ebx*8 + 0x47fee7] push eax push ref_00464374 ; push 0x464374 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 1 add edi, 0x54 push edi push 0xc2 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c308] ; mov eax, dword [0x48c308] add eax, 0xd8 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc esi jmp near loc_0042ec0b ; jmp 0x42ec0b loc_0042ecbb: mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx mov ebx, dword [ref_0048c30c] ; mov ebx, dword [0x48c30c] push ebx mov esi, dword [ref_0048c300] ; mov esi, dword [0x48c300] push esi call fcn_00441b0a ; call 0x441b0a add esp, 0xc mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi mov ebp, dword [ref_0048c30c] ; mov ebp, dword [0x48c30c] push ebp mov eax, dword [ref_0048c304] ; mov eax, dword [0x48c304] push eax call fcn_00447c6e ; call 0x447c6e add esp, 0xc push 6 call fcn_004549cf ; call 0x4549cf add esp, 4 push 0 push fcn_0042d37f ; push 0x42d37f call _Wait_0402_Message ; call 0x4018e7 add esp, 8 mov ebp, eax call fcn_00454bcc ; call 0x454bcc mov edx, dword [ref_0048c308] ; mov edx, dword [0x48c308] push edx call clib_free ; call 0x456e11 add esp, 4 mov ecx, dword [ref_0048c30c] ; mov ecx, dword [0x48c30c] push ecx call clib_free ; call 0x456e11 add esp, 4 mov ebx, dword [ref_0048c300] ; mov ebx, dword [0x48c300] push ebx call clib_free ; call 0x456e11 add esp, 4 mov esi, dword [ref_0048c304] ; mov esi, dword [0x48c304] push esi call clib_free ; call 0x456e11 add esp, 4 loc_0042ed50: mov ebx, dword [esp + 0x148] cmp ebx, 0x1770 jle short loc_0042ed82 ; jle 0x42ed82 cmp ebx, 0x1f40 jge short loc_0042ed82 ; jge 0x42ed82 lea edx, [ebx - 0x1770] imul edx, edx, 0x34 mov eax, dword [ref_00498e7c] ; mov eax, dword [0x498e7c] add dword [edx + eax + 0x28], ebp mov eax, dword [ref_00498e7c] ; mov eax, dword [0x498e7c] add dword [edx + eax + 0x2c], ebp loc_0042ed82: add esp, 0x134 pop ebp pop edi pop esi pop ebx ret loc_0042ed8d: xor ebp, ebp mov dword [esp + 0x130], ebp jmp short loc_0042edac ; jmp 0x42edac loc_0042ed98: mov edi, dword [esp + 0x130] inc edi mov dword [esp + 0x130], edi cmp edi, 0xf jge short loc_0042ee1d ; jge 0x42ee1d loc_0042edac: mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx mov edi, dword [esp + 0x130] add eax, edi cmp byte [eax + ref_00499120], 0 ; cmp byte [eax + 0x499120], 0 je short loc_0042ee1d ; je 0x42ee1d xor ebx, ebx mov bl, byte [edi*8 + (_card_table + 7)] ; mov bl, byte [edi*8 + 0x47fdf9] mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] imul edx, ecx, 0x68 mov dl, byte [edx + (_players+23)] ; mov dl, byte [edx + 0x496b7f] and edx, 0xff sub ebx, edx cmp ebx, 2 jne short loc_0042ed98 ; jne 0x42ed98 mov al, byte [eax + ref_00499120] ; mov al, byte [eax + 0x499120] and eax, 0xff push eax push ecx call fcn_0042d145 ; call 0x42d145 add esp, 8 add ebp, eax lea esi, [edi - 1] mov dword [esp + 0x130], esi jmp near loc_0042ed98 ; jmp 0x42ed98 loc_0042ee1d: xor edx, edx mov dword [esp + 0x130], edx jmp short loc_0042ee3c ; jmp 0x42ee3c loc_0042ee28: mov eax, dword [esp + 0x130] inc eax mov dword [esp + 0x130], eax cmp eax, 0xd jge short loc_0042eea4 ; jge 0x42eea4 loc_0042ee3c: mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx mov ecx, dword [esp + 0x130] add eax, ecx cmp byte [eax + ref_0049915c], 0 ; cmp byte [eax + 0x49915c], 0 je short loc_0042ee28 ; je 0x42ee28 xor ebx, ebx mov bl, byte [ecx*8 + ref_0047fee9] ; mov bl, byte [ecx*8 + 0x47fee9] mov esi, dword [_current_player] ; mov esi, dword [0x49910c] imul edx, esi, 0x68 mov dl, byte [edx + (_players+23)] ; mov dl, byte [edx + 0x496b7f] and edx, 0xff sub ebx, edx cmp ebx, 2 jne short loc_0042ee28 ; jne 0x42ee28 mov al, byte [eax + ref_0049915c] ; mov al, byte [eax + 0x49915c] and eax, 0xff push eax lea eax, [ecx + 1] push eax push esi call fcn_0042d1b2 ; call 0x42d1b2 add esp, 0xc add ebp, eax jmp short loc_0042ee28 ; jmp 0x42ee28 loc_0042eea4: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp word [eax + (_players+48)], 0x64 ; cmp word [eax + 0x496b98], 0x64 jae near loc_0042f025 ; jae 0x42f025 xor ebx, ebx mov dword [esp + 0x130], ebx mov esi, 0x2710 xor edi, edi jmp short loc_0042eedf ; jmp 0x42eedf loc_0042eecb: mov ecx, dword [esp + 0x130] inc ecx mov dword [esp + 0x130], ecx cmp ecx, 0xf jge short loc_0042ef1e ; jge 0x42ef1e loc_0042eedf: mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx add eax, dword [esp + 0x130] mov bh, byte [eax + ref_00499120] ; mov bh, byte [eax + 0x499120] test bh, bh je short loc_0042eecb ; je 0x42eecb xor edx, edx mov dl, bh mov al, byte [edx*8 + (_card_table - 3)] ; mov al, byte [edx*8 + 0x47fdef] and eax, 0xff cmp eax, esi jge short loc_0042eecb ; jge 0x42eecb mov esi, eax mov edi, edx jmp short loc_0042eecb ; jmp 0x42eecb loc_0042ef1e: test edi, edi je short loc_0042ef34 ; je 0x42ef34 push edi mov esi, dword [_current_player] ; mov esi, dword [0x49910c] push esi call fcn_0042d145 ; call 0x42d145 add esp, 8 add ebp, eax loc_0042ef34: xor edi, edi mov dword [esp + 0x130], edi jmp short loc_0042ef53 ; jmp 0x42ef53 loc_0042ef3f: mov ebx, dword [esp + 0x130] inc ebx mov dword [esp + 0x130], ebx cmp ebx, 0xd jge short loc_0042ef9b ; jge 0x42ef9b loc_0042ef53: mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx mov edx, dword [esp + 0x130] add eax, edx mov cl, byte [eax + ref_0049915c] ; mov cl, byte [eax + 0x49915c] cmp cl, 1 jbe short loc_0042ef3f ; jbe 0x42ef3f mov al, cl and eax, 0xff dec eax push eax lea eax, [edx + 1] push eax mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_0042d1b2 ; call 0x42d1b2 add esp, 0xc add ebp, eax jmp short loc_0042ef3f ; jmp 0x42ef3f loc_0042ef9b: mov edi, dword [_current_player] ; mov edi, dword [0x49910c] imul eax, edi, 0x68 mov al, byte [eax + (_players+17)] ; mov al, byte [eax + 0x496b79] and al, 3 cmp al, 1 jne short loc_0042efdd ; jne 0x42efdd mov eax, edi shl eax, 2 add eax, edi mov edx, eax shl eax, 2 sub eax, edx mov ch, byte [eax + ref_00499160] ; mov ch, byte [eax + 0x499160] test ch, ch je short loc_0042efdd ; je 0x42efdd mov al, ch and eax, 0xff push eax push 5 push edi call fcn_0042d1b2 ; call 0x42d1b2 add esp, 0xc add ebp, eax loc_0042efdd: mov edx, dword [_current_player] ; mov edx, dword [0x49910c] imul eax, edx, 0x68 mov al, byte [eax + (_players+17)] ; mov al, byte [eax + 0x496b79] and al, 3 cmp al, 2 jne short loc_0042f025 ; jne 0x42f025 mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx mov dl, byte [eax + ref_00499161] ; mov dl, byte [eax + 0x499161] test dl, dl je short loc_0042f025 ; je 0x42f025 mov al, dl and eax, 0xff push eax push 6 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_0042d1b2 ; call 0x42d1b2 add esp, 0xc add ebp, eax loc_0042f025: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov bx, word [eax + (_players+48)] ; mov bx, word [eax + 0x496b98] test bx, bx je near loc_0042ed50 ; je 0x42ed50 mov eax, ebx and eax, 0xffff mov edi, eax sar edi, 1 sub eax, edi mov dword [esp + 0x12c], eax xor esi, esi mov dword [esp + 0x130], esi xor ebx, ebx mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] jmp short loc_0042f077 ; jmp 0x42f077 loc_0042f063: mov esi, dword [esp + 0x130] inc esi mov dword [esp + 0x130], esi cmp esi, 0x1e jge short loc_0042f0cc ; jge 0x42f0cc loc_0042f077: xor esi, esi loc_0042f079: xor eax, eax mov edx, dword [esp + 0x130] mov al, byte [edx + ref_00499198] ; mov al, byte [edx + 0x499198] cmp esi, eax jge short loc_0042f063 ; jge 0x42f063 mov eax, edx shl eax, 3 xor edx, edx mov dl, byte [eax + (_card_table + 5)] ; mov dl, byte [eax + 0x47fdf7] cmp edi, edx jl short loc_0042f063 ; jl 0x42f063 xor edx, edx mov dl, byte [eax + (_card_table + 7)] ; mov dl, byte [eax + 0x47fdf9] imul eax, ecx, 0x68 mov al, byte [eax + (_players+23)] ; mov al, byte [eax + 0x496b7f] and eax, 0xff sub edx, eax cmp edx, 2 je short loc_0042f063 ; je 0x42f063 mov al, byte [esp + 0x130] mov byte [esp + ebx + 0x80], al inc ebx inc esi jmp short loc_0042f079 ; jmp 0x42f079 loc_0042f0cc: test ebx, ebx je near loc_0042f16c ; je 0x42f16c push fcn_0042d0ef ; push 0x42d0ef push 1 push ebx lea eax, [esp + 0x8c] push eax call fcn_00457e6c ; call 0x457e6c add esp, 0x10 xor edx, edx mov dword [esp + 0x130], edx loc_0042f0f5: cmp ebx, dword [esp + 0x130] jle short loc_0042f16c ; jle 0x42f16c mov esi, dword [_current_player] ; mov esi, dword [0x49910c] push esi call fcn_00441262 ; call 0x441262 add esp, 4 cmp eax, 0xf je short loc_0042f16c ; je 0x42f16c xor eax, eax mov edx, dword [esp + 0x130] mov al, byte [esp + edx + 0x80] mov dl, byte [eax*8 + (_card_table + 5)] ; mov dl, byte [eax*8 + 0x47fdf7] and edx, 0xff cmp edi, edx jl short loc_0042f163 ; jl 0x42f163 inc eax push eax mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_0042d237 ; call 0x42d237 add esp, 8 add ebp, eax xor eax, eax mov edx, dword [esp + 0x130] mov al, byte [esp + edx + 0x80] mov al, byte [eax*8 + (_card_table + 5)] ; mov al, byte [eax*8 + 0x47fdf7] and eax, 0xff sub edi, eax loc_0042f163: inc dword [esp + 0x130] jmp short loc_0042f0f5 ; jmp 0x42f0f5 loc_0042f16c: mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] imul eax, ecx, 0x68 mov al, byte [eax + (_players+17)] ; mov al, byte [eax + 0x496b79] and al, 3 cmp al, 1 je short loc_0042f1cc ; je 0x42f1cc mov eax, ecx shl eax, 2 add eax, ecx mov edx, eax shl eax, 2 sub eax, edx cmp byte [eax + ref_00499160], 0 ; cmp byte [eax + 0x499160], 0 jne short loc_0042f1cc ; jne 0x42f1cc xor eax, eax mov al, byte [ref_0047ff07] ; mov al, byte [0x47ff07] cmp eax, dword [esp + 0x12c] jge short loc_0042f1cc ; jge 0x42f1cc cmp byte [ref_00497324], 0 ; cmp byte [0x497324], 0 je short loc_0042f1cc ; je 0x42f1cc push 5 push ecx call fcn_0042d272 ; call 0x42d272 add esp, 8 add ebp, eax xor eax, eax mov al, byte [ref_0047ff07] ; mov al, byte [0x47ff07] sub dword [esp + 0x12c], eax loc_0042f1cc: mov edx, dword [_current_player] ; mov edx, dword [0x49910c] imul eax, edx, 0x68 mov al, byte [eax + (_players+17)] ; mov al, byte [eax + 0x496b79] and al, 3 cmp al, 2 je short loc_0042f232 ; je 0x42f232 mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx cmp byte [eax + ref_00499161], 0 ; cmp byte [eax + 0x499161], 0 jne short loc_0042f232 ; jne 0x42f232 xor eax, eax mov al, byte [ref_0047ff0f] ; mov al, byte [0x47ff0f] cmp eax, dword [esp + 0x12c] jge short loc_0042f232 ; jge 0x42f232 cmp byte [ref_00497325], 0 ; cmp byte [0x497325], 0 je short loc_0042f232 ; je 0x42f232 push 6 mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_0042d272 ; call 0x42d272 add esp, 8 add ebp, eax xor eax, eax mov al, byte [ref_0047ff0f] ; mov al, byte [0x47ff0f] sub dword [esp + 0x12c], eax loc_0042f232: xor edi, edi mov dword [esp + 0x130], edi jmp short loc_0042f255 ; jmp 0x42f255 loc_0042f23d: mov eax, dword [esp + 0x130] inc eax mov dword [esp + 0x130], eax cmp eax, 6 jge near loc_0042ed50 ; jge 0x42ed50 loc_0042f255: mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx mov edx, eax xor eax, eax mov ebx, dword [esp + 0x130] mov al, byte [ebx + ref_004755f0] ; mov al, byte [ebx + 0x4755f0] cmp byte [edx + eax + ref_0049915c], 9 ; cmp byte [edx + eax + 0x49915c], 9 jae short loc_0042f23d ; jae 0x42f23d mov edx, eax shl edx, 3 movzx esi, byte [edx + ref_0047fee9] ; movzx esi, byte [edx + 0x47fee9] mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] imul ebx, ecx, 0x68 mov bl, byte [ebx + (_players+23)] ; mov bl, byte [ebx + 0x496b7f] and ebx, 0xff sub esi, ebx cmp esi, 2 je short loc_0042f23d ; je 0x42f23d mov dl, byte [edx + ref_0047fee7] ; mov dl, byte [edx + 0x47fee7] and edx, 0xff mov ebx, dword [esp + 0x12c] cmp edx, ebx jg near loc_0042f23d ; jg 0x42f23d cmp byte [eax + ref_00497320], 0 ; cmp byte [eax + 0x497320], 0 je near loc_0042f23d ; je 0x42f23d inc eax push eax push ecx call fcn_0042d272 ; call 0x42d272 add esp, 8 add ebp, eax xor eax, eax mov edx, dword [esp + 0x130] mov al, byte [edx + ref_004755f0] ; mov al, byte [edx + 0x4755f0] mov al, byte [eax*8 + ref_0047fee7] ; mov al, byte [eax*8 + 0x47fee7] and eax, 0xff mov edi, ebx sub edi, eax mov dword [esp + 0x12c], edi jmp near loc_0042f23d ; jmp 0x42f23d ref_0042f30c: dd 0x00000010 dd 0x00000154 dd 0x00000010 dd 0x0000019a dd 0x00000148 dd 0x00000154 dd 0x00000148 dd 0x0000019a fcn_0042f32c: push ebx push esi push edi xor esi, esi mov ebx, 0x1f mov edi, 0x110 jmp short loc_0042f343 ; jmp 0x42f343 loc_0042f33d: inc esi cmp esi, 0x24 jge short loc_0042f37a ; jge 0x42f37a loc_0042f343: cmp byte [esi + ref_004990b8], 0 ; cmp byte [esi + 0x4990b8], 0 je short loc_0042f365 ; je 0x42f365 push 0xfffffffffffffff6 push 0x2e push 0x3e push edi push ebx mov eax, dword [ref_0048c35c] ; mov eax, dword [0x48c35c] add eax, 0xc push eax call fcn_004552e7 ; call 0x4552e7 add esp, 0x18 loc_0042f365: add ebx, 0x40 cmp ebx, 0x25f jne short loc_0042f33d ; jne 0x42f33d mov ebx, 0x1f add edi, 0x30 jmp short loc_0042f33d ; jmp 0x42f33d loc_0042f37a: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [ebx + 0x64] ; ucall push 0 push 0 mov eax, dword [ref_0048c35c] ; mov eax, dword [0x48c35c] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0xfffffffffffffffb push 0xd2 mov eax, dword [ref_0048c35c] ; mov eax, dword [0x48c35c] add eax, 0x18 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push eax call dword [ebx + 0x80] ; ucall push 0 push 0x101010 push 0 push 0x14 push 0x14 push 0x168 mov eax, dword [ref_0048c35c] ; mov eax, dword [0x48c35c] add eax, 0x6c push eax call fcn_0044ec30 ; call 0x44ec30 add esp, 0x1c push 5 push 8 push 8 mov ebx, dword [ref_0048c364] ; mov ebx, dword [0x48c364] push ebx call fcn_00450ced ; call 0x450ced add esp, 0x10 pop edi pop esi pop ebx ret fcn_0042f417: push ebx push esi push edi push ebp sub esp, 0x7c mov ecx, 8 lea edi, [esp + 0x4c] mov esi, ref_0042f30c ; mov esi, 0x42f30c rep movsd ; rep movsd dword es:[edi], dword ptr [esi] mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax xor edx, edx mov dword [esp + 0x70], edx mov dword [esp + 0x74], edx loc_0042f458: mov eax, dword [esp + 0x70] cmp eax, dword [_nplayers] ; cmp eax, dword [0x499114] jge near loc_0042f6ab ; jge 0x42f6ab imul esi, eax, 0x68 cmp byte [esi + (_players+21)], 0 ; cmp byte [esi + 0x496b7d], 0 je near loc_0042f6a2 ; je 0x42f6a2 push 0xfffffffffffffff0 push 0x3c push 0x128 mov ebx, dword [esp + 0x80] mov ebp, dword [esp + ebx*8 + 0x5c] push ebp mov eax, dword [esp + ebx*8 + 0x5c] push eax push ref_0046caec ; push 0x46caec call fcn_004552e7 ; call 0x4552e7 add esp, 0x18 mov eax, dword [esp + ebx*8 + 0x50] add eax, 0x1e push eax mov eax, dword [esp + ebx*8 + 0x50] add eax, 0x14 push eax xor eax, eax mov al, byte [esi + (_players+19)] ; mov al, byte [esi + 0x496b7b] lea edx, [eax + 0x19] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048c360] ; mov edx, dword [0x48c360] add edx, 0xc add eax, edx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 xor dl, dl mov byte [esp], dl xor edi, edi jmp short loc_0042f4ee ; jmp 0x42f4ee loc_0042f4e8: inc edi cmp edi, 0x24 jge short loc_0042f52c ; jge 0x42f52c loc_0042f4ee: xor edx, edx mov dl, byte [edi + ref_004990b8] ; mov dl, byte [edi + 0x4990b8] mov eax, dword [esp + 0x70] inc eax cmp edx, eax jne short loc_0042f4e8 ; jne 0x42f4e8 lea eax, [edi + 1] push eax push ref_004645d4 ; push 0x4645d4 lea eax, [esp + 0x80] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc lea eax, [esp + 0x78] push eax lea eax, [esp + 4] push eax call fcn_004582fc ; call 0x4582fc add esp, 8 jmp short loc_0042f4e8 ; jmp 0x42f4e8 loc_0042f52c: mov eax, esp push eax call _strlen ; call 0x45825d add esp, 4 mov edi, eax test eax, eax je near loc_0042f69e ; je 0x42f69e cmp eax, 0xc jg near loc_0042f5df ; jg 0x42f5df xor ebx, ebx mov eax, dword [esp + 0x74] mov esi, dword [esp + eax*8 + 0x4c] add esi, 0x36 mov ebp, dword [esp + 0x74] loc_0042f55b: cmp ebx, edi jge near loc_0042f69e ; jge 0x42f69e mov eax, dword [esp + ebp*8 + 0x50] add eax, 0x1e push eax push esi xor edx, edx mov dl, byte [esp + ebx + 8] sub edx, 0x30 mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048c368] ; mov edx, dword [0x48c368] add edx, 0xc add eax, edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [esp + ebp*8 + 0x50] add eax, 0x1e push eax lea eax, [esi + 0x10] push eax xor eax, eax mov al, byte [esp + ebx + 9] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c368] ; mov eax, dword [0x48c368] add eax, 0xc add eax, edx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 add ebx, 2 add esi, 0x28 jmp near loc_0042f55b ; jmp 0x42f55b loc_0042f5df: cmp eax, 0x18 jle short loc_0042f5e9 ; jle 0x42f5e9 mov edi, 0x18 loc_0042f5e9: xor ebx, ebx mov eax, dword [esp + 0x74] mov esi, dword [esp + eax*8 + 0x4c] add esi, 0x36 mov dword [esp + 0x6c], 0xf loc_0042f5fe: cmp ebx, edi jge near loc_0042f69e ; jge 0x42f69e mov ebp, dword [esp + 0x74] shl ebp, 3 mov eax, dword [esp + ebp + 0x50] add eax, dword [esp + 0x6c] push eax push esi xor eax, eax mov al, byte [esp + ebx + 8] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c368] ; mov eax, dword [0x48c368] add eax, 0xc add eax, edx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [esp + ebp + 0x50] add eax, dword [esp + 0x6c] push eax lea eax, [esi + 0x10] push eax xor eax, eax mov al, byte [esp + ebx + 9] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c368] ; mov eax, dword [0x48c368] add eax, 0xc add eax, edx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 cmp ebx, 0xa jne short loc_0042f693 ; jne 0x42f693 mov esi, dword [esp + ebp + 0x4c] add esi, 0xe add dword [esp + 0x6c], 0x1e loc_0042f693: add ebx, 2 add esi, 0x28 jmp near loc_0042f5fe ; jmp 0x42f5fe loc_0042f69e: inc dword [esp + 0x74] loc_0042f6a2: inc dword [esp + 0x70] jmp near loc_0042f458 ; jmp 0x42f458 loc_0042f6ab: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall add esp, 0x7c pop ebp pop edi pop esi pop ebx ret fcn_0042f6c3: push ebx push esi sub esp, 0x4c mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0 push 0 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x42 push 0x1d8 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0x18 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x42 push 7 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0x30 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0 push 2 push 0 push 0x4f35b1 push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0xc1 push 0x4d push ref_004645d9 ; push 0x4645d9 push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 2 push 0 push 0xff0000 push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov byte [esp], 0x24 mov esi, dword [ref_00499080] ; mov esi, dword [0x499080] push esi lea eax, [esp + 5] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 2 push 0xe4 push 0x4d lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push 0x101010 push 0 push 0xfffffffffffffff6 push 0x2f push 0x12c mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0x114 push eax call fcn_0044ec30 ; call 0x44ec30 add esp, 0x1c call fcn_0042f417 ; call 0x42f417 add esp, 0x4c pop esi pop ebx ret endloc_0042f7e7: db 0x90 ref_0042f7e8: ; may contain a jump table dd loc_0042fa88 dd loc_0042fac5 dd loc_0042fa9e dd loc_0042fae5 dd loc_0042faf8 fcn_0042f7fc: push ebx push esi push edi push ebp sub esp, 0x5c mov ebp, dword [esp + 0x70] mov eax, dword [esp + 0x74] mov ebx, dword [esp + 0x78] mov edi, dword [esp + 0x7c] cmp eax, 0x203 jb short loc_0042f85a ; jb 0x42f85a jbe near loc_0042fe8c ; jbe 0x42fe8c cmp eax, 0x401 jb short loc_0042f84a ; jb 0x42f84a jbe short loc_0042f885 ; jbe 0x42f885 cmp eax, 0x405 jb near loc_004300c0 ; jb 0x4300c0 jbe near loc_0042f930 ; jbe 0x42f930 cmp eax, 0x406 je near loc_0042f94f ; je 0x42f94f jmp near loc_004300c0 ; jmp 0x4300c0 loc_0042f84a: cmp eax, 0x205 je near loc_0043003d ; je 0x43003d jmp near loc_004300c0 ; jmp 0x4300c0 loc_0042f85a: cmp eax, 0x113 jb short loc_0042f877 ; jb 0x42f877 jbe near loc_0042fa2f ; jbe 0x42fa2f cmp eax, 0x201 je near loc_0042fe8c ; je 0x42fe8c jmp near loc_004300c0 ; jmp 0x4300c0 loc_0042f877: cmp eax, 0xf je near loc_00430062 ; je 0x430062 jmp near loc_004300c0 ; jmp 0x4300c0 loc_0042f885: xor bh, bh mov byte [ref_0048c370], bh ; mov byte [0x48c370], bh mov byte [ref_0048c371], bh ; mov byte [0x48c371], bh xor eax, eax mov dword [ref_0048c34c], eax ; mov dword [0x48c34c], eax mov dword [ref_0048c350], eax ; mov dword [0x48c350], eax xor ch, ch mov byte [ref_0048c372], ch ; mov byte [0x48c372], ch call fcn_0042f32c ; call 0x42f32c push 0 push 0x64 mov ecx, dword [_callbackSize] ; mov ecx, dword [0x46cad8] push ecx push ebp call dword [cs:__imp__SetTimer@16] ; ucall: call dword cs:[0x462324] mov dword [ref_0048c36c], eax ; mov dword [0x48c36c], eax push 0 push 0 push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp dword [eax + (_players+28)], 0x3e8 ; cmp dword [eax + 0x496b84], 0x3e8 jge short loc_0042f8f6 ; jge 0x42f8f6 push 4 push 4 loc_0042f8e7: push 0x405 push ebp call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] jmp short loc_0042f90c ; jmp 0x42f90c loc_0042f8f6: cmp byte [ref_00497159], 0 ; cmp byte [0x497159], 0 je short loc_0042f905 ; je 0x42f905 push 0 push 1 jmp short loc_0042f8e7 ; jmp 0x42f8e7 loc_0042f905: mov byte [ref_0048c370], 3 ; mov byte [0x48c370], 3 loc_0042f90c: push 0 push 1 push 0x1c call fcn_004021f8 ; call 0x4021f8 add esp, 0xc push 1 call fcn_00402460 ; call 0x402460 loc_0042f921: add esp, 4 loc_0042f924: xor eax, eax loc_0042f926: add esp, 0x5c loc_0042f929: pop ebp pop edi pop esi pop ebx ret 0x10 loc_0042f930: mov byte [ref_0048c370], bl ; mov byte [0x48c370], bl mov ebp, dword [edi*4 + ref_004755f8] ; mov ebp, dword [edi*4 + 0x4755f8] push ebp call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 mov byte [ref_0048c372], 2 ; mov byte [0x48c372], 2 jmp short loc_0042f924 ; jmp 0x42f924 loc_0042f94f: call fcn_0044ef3b ; call 0x44ef3b test eax, eax je short loc_0042f974 ; je 0x42f974 push 1 call fcn_0044ee18 ; call 0x44ee18 add esp, 4 cmp byte [ref_0048c370], 3 ; cmp byte [0x48c370], 3 jbe short loc_0042f974 ; jbe 0x42f974 mov byte [ref_0048c370], 5 ; mov byte [0x48c370], 5 jmp short loc_0042f924 ; jmp 0x42f924 loc_0042f974: mov dword [esp + 0x40], 0x9a xor ecx, ecx mov dword [esp + 0x44], ecx mov dword [esp + 0x48], 0x1c2 mov edi, 0x101 mov dword [esp + 0x4c], edi mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push ecx push 1 push ref_0048a068 ; push 0x48a068 push ecx push eax call dword [edx + 0x64] ; ucall push edi push 0xe6 mov eax, dword [esp + 0x4c] push eax mov eax, dword [esp + 0x4c] add eax, 0x42 push eax mov edx, dword [esp + 0x54] push edx push eax mov eax, dword [ref_0048c35c] ; mov eax, dword [0x48c35c] add eax, 0xc push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0xfffffffffffffff8 push 0x9a mov eax, dword [ref_0048c35c] ; mov eax, dword [0x48c35c] add eax, 0x24 push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov byte [ref_0048c370], 5 ; mov byte [0x48c370], 5 mov edi, dword [ebx*4 + ref_004755f8] ; mov edi, dword [ebx*4 + 0x4755f8] push edi call fcn_0044ecb6 ; call 0x44ecb6 jmp near loc_0042f921 ; jmp 0x42f921 loc_0042fa2f: cmp byte [ref_0048c370], 0 ; cmp byte [0x48c370], 0 je near loc_0042f924 ; je 0x42f924 cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je near loc_0042f924 ; je 0x42f924 cmp ebx, dword [_callbackSize] ; cmp ebx, dword [0x46cad8] jne near loc_0042f924 ; jne 0x42f924 xor eax, eax mov al, byte [ref_0048c372] ; mov al, byte [0x48c372] push eax call fcn_0044ee18 ; call 0x44ee18 add esp, 4 test eax, eax je near loc_0042fa9e ; je 0x42fa9e mov al, byte [ref_0048c370] ; mov al, byte [0x48c370] dec al cmp al, 4 ja near loc_0042fa9e ; ja 0x42fa9e and eax, 0xff jmp dword [eax*4 + ref_0042f7e8] ; ujmp: jmp dword [eax*4 + 0x42f7e8] loc_0042fa88: mov byte [ref_0048c370], 2 ; mov byte [0x48c370], 2 mov ecx, dword [ref_004755fc] ; mov ecx, dword [0x4755fc] push ecx call fcn_0044ecb6 ; call 0x44ecb6 loc_0042fa9b: add esp, 4 loc_0042fa9e: cmp byte [ref_0048c370], 5 ; cmp byte [0x48c370], 5 je near loc_0042fd5f ; je 0x42fd5f mov eax, dword [ref_0048c350] ; mov eax, dword [0x48c350] and eax, 0xf test eax, eax jbe short loc_0042fb2a ; jbe 0x42fb2a cmp eax, 1 je near loc_0042fb48 ; je 0x42fb48 jmp near loc_0042fc24 ; jmp 0x42fc24 loc_0042fac5: mov byte [ref_0048c370], 3 ; mov byte [0x48c370], 3 mov edx, dword [ref_00475600] ; mov edx, dword [0x475600] push edx call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 xor bl, bl mov byte [ref_0048c372], bl ; mov byte [0x48c372], bl jmp short loc_0042fa9e ; jmp 0x42fa9e loc_0042fae5: push 0 push 5 push 0x406 push ebp call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] jmp short loc_0042fa9e ; jmp 0x42fa9e loc_0042faf8: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 1 push 0x29 call fcn_004021f8 ; call 0x4021f8 add esp, 0xc mov eax, dword [ref_0048c36c] ; mov eax, dword [0x48c36c] push eax push ebp call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] push 0 call _Post_0402_Message ; call 0x401966 jmp near loc_0042fa9b ; jmp 0x42fa9b loc_0042fb2a: call clib_rand ; call 0x456f2d mov esi, eax sar esi, 0xa test esi, esi jne near loc_0042fc24 ; jne 0x42fc24 or byte [ref_0048c350], 1 ; or byte [0x48c350], 1 jmp near loc_0042fc24 ; jmp 0x42fc24 loc_0042fb48: mov esi, dword [ref_0048c350] ; mov esi, dword [0x48c350] and esi, 0xf0 sar esi, 4 mov dword [esp + 0x40], 0x111 mov edi, 0x3f mov dword [esp + 0x44], edi mov dword [esp + 0x48], 0x157 mov dword [esp + 0x4c], 0x69 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall cmp esi, 3 jge short loc_0042fbd4 ; jge 0x42fbd4 mov edi, dword [esp + 0x44] push edi mov eax, dword [esp + 0x44] push eax xor edx, edx mov dl, byte [esi + ref_00475660] ; mov dl, byte [esi + 0x475660] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c35c] ; mov eax, dword [0x48c35c] add eax, 0xc add eax, edx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 add dword [ref_0048c350], 0x10 ; add dword [0x48c350], 0x10 jmp short loc_0042fc05 ; jmp 0x42fc05 loc_0042fbd4: push 0x2a push 0x46 push 0x44 push edi mov ecx, dword [esp + 0x54] push ecx mov ebx, dword [esp + 0x54] push ebx mov eax, dword [ref_0048c35c] ; mov eax, dword [0x48c35c] add eax, 0x18 push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_0045643d ; call 0x45643d add esp, 0x20 xor ch, ch mov byte [ref_0048c350], ch ; mov byte [0x48c350], ch loc_0042fc05: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_0042fc24: call fcn_0044ef3b ; call 0x44ef3b test eax, eax jne short loc_0042fc3a ; jne 0x42fc3a cmp dword [ref_0048c34c], 0 ; cmp dword [0x48c34c], 0 je near loc_0042fd5f ; je 0x42fd5f loc_0042fc3a: mov dword [esp + 0x40], 0x111 mov dword [esp + 0x44], 0x69 mov dword [esp + 0x48], 0x157 mov dword [esp + 0x4c], 0x7b mov ecx, dword [ref_0048c34c] ; mov ecx, dword [0x48c34c] test ecx, ecx je short loc_0042fcc3 ; je 0x42fcc3 dec ecx mov dword [ref_0048c34c], ecx ; mov dword [0x48c34c], ecx jne near loc_0042fd5f ; jne 0x42fd5f mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push ecx push 1 push ref_0048a068 ; push 0x48a068 push ecx push eax call dword [edx + 0x64] ; ucall push 0x12 push 0x46 push 0x6e push 0x3f mov esi, dword [esp + 0x54] push esi mov edi, dword [esp + 0x54] push edi mov eax, dword [ref_0048c35c] ; mov eax, dword [0x48c35c] add eax, 0x18 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall jmp near loc_0042fd50 ; jmp 0x42fd50 loc_0042fcc3: call clib_rand ; call 0x456f2d mov esi, eax sar esi, 0xb cmp esi, 4 jge near loc_0042fd5f ; jge 0x42fd5f mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ebx, dword [esp + 0x44] push ebx mov esi, dword [esp + 0x44] push esi call clib_rand ; call 0x456f2d and eax, 1 lea edx, [eax + 5] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c35c] ; mov eax, dword [0x48c35c] add eax, 0xc add eax, edx push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall call clib_rand ; call 0x456f2d and eax, 7 mov dword [ref_0048c34c], eax ; mov dword [0x48c34c], eax jne short loc_0042fd50 ; jne 0x42fd50 mov dword [ref_0048c34c], 1 ; mov dword [0x48c34c], 1 loc_0042fd50: push 0 lea eax, [esp + 0x44] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_0042fd5f: call fcn_00450f04 ; call 0x450f04 cmp byte [ref_0048c371], 0 ; cmp byte [0x48c371], 0 jne near loc_0042f924 ; jne 0x42f924 mov byte [ref_0048c371], 1 ; mov byte [0x48c371], 1 mov byte [esp + 0x50], 0x24 mov edx, dword [ref_00499080] ; mov edx, dword [0x499080] push edx lea eax, [esp + 0x55] push eax call fcn_00452793 ; call 0x452793 add esp, 8 mov dword [esp + 0x40], 0x1c mov dword [esp + 0x44], 0x1b mov dword [esp + 0x48], 0xc8 mov dword [esp + 0x4c], 0x37 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [esp + 0x44] push eax mov edx, dword [esp + 0x44] push edx mov eax, dword [ref_0048c35c] ; mov eax, dword [0x48c35c] add eax, 0x78 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 lea eax, [esp + 0x50] push eax call _strlen ; call 0x45825d add esp, 4 lea ebx, [eax - 1] mov esi, 0xb8 loc_0042fdfe: test ebx, ebx jl short loc_0042fe68 ; jl 0x42fe68 mov cl, byte [esp + ebx + 0x50] cmp cl, 0x30 jb short loc_0042fe1b ; jb 0x42fe1b cmp cl, 0x39 ja short loc_0042fe1b ; ja 0x42fe1b xor ecx, ecx mov cl, byte [esp + ebx + 0x50] sub ecx, 0x30 jmp short loc_0042fe36 ; jmp 0x42fe36 loc_0042fe1b: cmp byte [esp + ebx + 0x50], 0x2c jne short loc_0042fe31 ; jne 0x42fe31 mov ecx, 0xa mov edi, 0xc add esi, 6 jmp short loc_0042fe3b ; jmp 0x42fe3b loc_0042fe31: mov ecx, 0xb loc_0042fe36: mov edi, 0x12 loc_0042fe3b: push 0x29 push esi mov edx, dword [ref_0048c368] ; mov edx, dword [0x48c368] mov eax, ecx shl eax, 2 sub eax, ecx shl eax, 2 lea ecx, [edx + 0xc] add eax, ecx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 sub esi, edi dec ebx jmp short loc_0042fdfe ; jmp 0x42fdfe loc_0042fe68: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_0042f924 ; jmp 0x42f924 loc_0042fe8c: mov dl, byte [ref_0048c370] ; mov dl, byte [0x48c370] cmp dl, 3 ja near loc_0042f924 ; ja 0x42f924 jae short loc_0042feae ; jae 0x42feae push 1 call fcn_0044ee18 ; call 0x44ee18 add esp, 4 mov byte [ref_0048c370], 3 ; mov byte [0x48c370], 3 loc_0042feae: xor esi, esi mov si, di mov eax, edi shr eax, 0x10 and eax, 0xffff xor ecx, ecx mov cx, ax cmp esi, 0x1e jl near loc_0042f924 ; jl 0x42f924 cmp esi, 0x25e jg near loc_0042f924 ; jg 0x42f924 cmp ecx, 0x10f jl near loc_0042f924 ; jl 0x42f924 cmp ecx, 0x1cf jg near loc_0042f924 ; jg 0x42f924 lea edx, [esi - 0x1e] mov eax, edx sar edx, 0x1f shl edx, 6 sbb eax, edx sar eax, 6 mov esi, eax lea edx, [ecx - 0x10f] mov ecx, 0x30 mov eax, edx sar edx, 0x1f idiv ecx mov ecx, eax shl eax, 3 add eax, ecx lea ebx, [eax + esi] cmp byte [ebx + ref_004990b8], 0 ; cmp byte [ebx + 0x4990b8], 0 jne near loc_0042f924 ; jne 0x42f924 shl esi, 6 lea eax, [esi + 0x1e] mov dword [esp + 0x40], eax mov eax, ecx shl eax, 2 sub eax, ecx shl eax, 4 lea edx, [eax + 0x10f] mov dword [esp + 0x44], edx add esi, 0x5e mov dword [esp + 0x48], esi add eax, 0x13f mov dword [esp + 0x4c], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [esp + 0x44] add eax, 0x18 push eax mov eax, dword [esp + 0x44] add eax, 0x20 push eax mov eax, dword [ref_0048c35c] ; mov eax, dword [0x48c35c] add eax, 0x60 push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_00456418 ; call 0x456418 add esp, 0x10 cmp ebx, 2 je short loc_0042ffa0 ; je 0x42ffa0 cmp ebx, 3 jne short loc_0042ffd1 ; jne 0x42ffd1 loc_0042ffa0: push 0x1e push 0x40 push 0x10c push 0 push 0x107 push 0xd2 mov eax, dword [ref_0048c35c] ; mov eax, dword [0x48c35c] add eax, 0x18 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456495 ; call 0x456495 add esp, 0x20 sub dword [esp + 0x44], 0x1e loc_0042ffd1: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov al, byte [_current_player] ; mov al, byte [0x49910c] inc al mov byte [ebx + ref_004990b8], al ; mov byte [ebx + 0x4990b8], al imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 push 0 push 3 push 0x406 push ebp sub dword [eax + (_players+28)], 0x3e8 ; sub dword [eax + 0x496b84], 0x3e8 add dword [ref_00499080], 0x3e8 ; add dword [0x499080], 0x3e8 call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] push 0 push ref_0047566b ; push 0x47566b call fcn_004542ce ; call 0x4542ce add esp, 8 jmp near loc_0042f924 ; jmp 0x42f924 loc_0043003d: push 0 push ref_00482332 ; push 0x482332 call fcn_004542ce ; call 0x4542ce add esp, 8 push 0 push 5 push 0x406 push ebp call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] jmp near loc_0042f924 ; jmp 0x42f924 loc_00430062: mov eax, esp push eax push ebp call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov eax, dword [eax] push 0x10 lea edx, [esp + 0xc] push edx mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] push ebx mov esi, dword [esp + 0x18] push esi mov edi, dword [esp + 0x18] push edi mov edx, dword [ref_0048a0dc] ; mov edx, dword [0x48a0dc] push edx call dword [eax + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push ebp call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_0042f924 ; jmp 0x42f924 loc_004300c0: push edi push ebx push eax push ebp call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_0042f926 ; jmp 0x42f926 ref_004300d0: ; may contain a jump table dd loc_00430236 dd loc_0043036c dd loc_0043024c dd loc_00430485 dd loc_0043024c dd loc_004306ff dd loc_004308e0 dd loc_004308f3 dd loc_00430aa3 dd loc_00430ab5 ref_004300f8: ; may contain a jump table dd loc_00431117 dd loc_00431157 dd loc_00431222 dd loc_004312d8 dd loc_00431383 fcn_0043010c: push ebx push esi push edi push ebp sub esp, 0x84 mov esi, dword [esp + 0x98] mov eax, dword [esp + 0x9c] cmp eax, 0x113 jb short loc_0043014a ; jb 0x43014a jbe near loc_004301e8 ; jbe 0x4301e8 cmp eax, 0x401 jb near loc_004315ae ; jb 0x4315ae jbe short loc_00430158 ; jbe 0x430158 cmp eax, 0x405 je short loc_004301b0 ; je 0x4301b0 jmp near loc_004315ae ; jmp 0x4315ae loc_0043014a: cmp eax, 0xf je near loc_00431570 ; je 0x431570 jmp near loc_004315ae ; jmp 0x4315ae loc_00430158: xor bl, bl mov byte [ref_0048c37b], bl ; mov byte [0x48c37b], bl xor ecx, ecx mov dword [ref_0048c34c], ecx ; mov dword [0x48c34c], ecx xor ebx, ebx mov dword [ref_0048c350], ecx ; mov dword [0x48c350], ecx mov dword [ref_0048c377], ecx ; mov dword [0x48c377], ecx call fcn_0042f6c3 ; call 0x42f6c3 push ebx push 0x32 mov ebp, dword [_callbackSize] ; mov ebp, dword [0x46cad8] push ebp push esi call dword [cs:__imp__SetTimer@16] ; ucall: call dword cs:[0x462324] mov dword [ref_0048c373], eax ; mov dword [0x48c373], eax push ebx push ebx push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push ebx push ebx push 0x405 push esi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] jmp near loc_004301db ; jmp 0x4301db loc_004301b0: cmp byte [ref_00497159], 0 ; cmp byte [0x497159], 0 je short loc_004301d4 ; je 0x4301d4 mov byte [ref_0048c37b], 1 ; mov byte [0x48c37b], 1 mov edx, dword [ref_00475610] ; mov edx, dword [0x475610] push edx call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 jmp near loc_004301db ; jmp 0x4301db loc_004301d4: mov byte [ref_0048c37b], 2 ; mov byte [0x48c37b], 2 loc_004301db: xor eax, eax loc_004301dd: add esp, 0x84 jmp near loc_0042f929 ; jmp 0x42f929 loc_004301e8: cmp byte [ref_0048c37b], 0 ; cmp byte [0x48c37b], 0 je short loc_004301db ; je 0x4301db cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je short loc_004301db ; je 0x4301db mov eax, dword [esp + 0xa0] cmp eax, dword [_callbackSize] ; cmp eax, dword [0x46cad8] jne short loc_004301db ; jne 0x4301db push 0 call fcn_0044ee18 ; call 0x44ee18 add esp, 4 test eax, eax je near loc_0043024c ; je 0x43024c mov al, byte [ref_0048c37b] ; mov al, byte [0x48c37b] dec al cmp al, 9 ja near loc_0043024c ; ja 0x43024c and eax, 0xff jmp dword [eax*4 + ref_004300d0] ; ujmp: jmp dword [eax*4 + 0x4300d0] loc_00430236: mov byte [ref_0048c37b], 2 ; mov byte [0x48c37b], 2 mov ecx, dword [ref_00475614] ; mov ecx, dword [0x475614] loc_00430243: push ecx loc_00430244: call fcn_0044ecb6 ; call 0x44ecb6 loc_00430249: add esp, 4 loc_0043024c: cmp byte [ref_0048c37b], 3 ; cmp byte [0x48c37b], 3 jne near loc_00430f43 ; jne 0x430f43 mov dh, byte [ref_0048c37c] ; mov dh, byte [0x48c37c] inc dh mov byte [ref_0048c37c], dh ; mov byte [0x48c37c], dh cmp dh, 0x14 jb near loc_00430f43 ; jb 0x430f43 jne near loc_00430322 ; jne 0x430322 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x50 push 0x50 push 0xab push 0x1a2 push 0xab push 0x1a2 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x5a push 0x26 push 0x33 push 0 push 0x75 push 0x1d8 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0x18 push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_00456495 ; call 0x456495 add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov dword [esp + 0x64], 0x1a2 mov dword [esp + 0x68], 0x75 mov dword [esp + 0x6c], 0x1fe mov dword [esp + 0x70], 0xfb push 0 lea eax, [esp + 0x68] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_00430322: mov dword [esp + 0x64], 0xb7 mov dword [esp + 0x68], 0x4b mov dword [esp + 0x6c], 0x1ca mov dword [esp + 0x70], 0x159 push 0 lea eax, [esp + 0x68] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] call fcn_00450f04 ; call 0x450f04 test eax, eax jne near loc_00430f43 ; jne 0x430f43 xor ebx, ebx mov dword [esp + 0x80], eax jmp near loc_00430b0d ; jmp 0x430b0d loc_0043036c: mov byte [ref_0048c37b], 3 ; mov byte [0x48c37b], 3 xor al, al mov byte [ref_0048c37c], al ; mov byte [0x48c37c], al push 8 push 0x4b push 0xb7 mov ebx, dword [ref_0048c358] ; mov ebx, dword [0x48c358] push ebx call fcn_00450ced ; call 0x450ced add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x82 push 0x260 push 0x154 push 0x10 push 0x154 push 0x10 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x5a push 0x2d push 0x74 push 0x1d8 push 0x74 push 0x1d8 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x42 push 0x1a2 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0x24 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x82 push 0x86 push 0x112 push 0 push 0x154 push 7 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0x30 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456495 ; call 0x456495 add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall call fcn_0042f417 ; call 0x42f417 push 0 push 0 push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 push ref_0047567b ; push 0x47567b loc_00430478: call fcn_004542ce ; call 0x4542ce add esp, 8 jmp near loc_0043024c ; jmp 0x43024c loc_00430485: mov byte [ref_0048c37b], 5 ; mov byte [0x48c37b], 5 xor bh, bh mov byte [ref_0048c37c], bh ; mov byte [0x48c37c], bh push 1 push 0 push 0xcd mov edi, dword [ref_0048c354] ; mov edi, dword [0x48c354] push edi call fcn_00450ced ; call 0x450ced add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x82 push 0x260 push 0x154 push 0x10 push 0x154 push 0x10 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x19e push 0xa8 push 0x42 push 0x1d8 push 0x42 push 0x1d8 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x19e push 0x8c push 0x42 push 7 push 0x42 push 7 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0 push 0 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0x54 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x42 push 0x1f9 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0x48 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0xc8 push 0x140 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0x12c push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x195 push 0x11e xor edx, edx mov dl, byte [ref_0048c37d] ; mov dl, byte [0x48c37d] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc add eax, edx push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x195 push 0x166 xor edx, edx mov dl, byte [ref_0048c37e] ; mov dl, byte [0x48c37e] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048c360] ; mov edx, dword [0x48c360] add edx, 0xc add eax, edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0 push 2 push 0 push 0x4f35b1 push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0x13 push 0x5b push ref_004645d9 ; push 0x4645d9 push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 2 push 0 push 0xff0000 push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov byte [esp + 0x74], 0x24 mov edx, dword [ref_00499080] ; mov edx, dword [0x499080] push edx lea eax, [esp + 0x79] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 2 push 0x38 push 0x5b lea eax, [esp + 0x80] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 4 push 3 push 0x400000 push 0xff0000 push 0x1c call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0xb4 push 0x140 mov eax, dword [ref_0048c377] ; mov eax, dword [0x48c377] dec eax imul eax, eax, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff mov ecx, dword [eax*4 + ref_00475630] ; mov ecx, dword [eax*4 + 0x475630] push ecx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push 0 push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] call fcn_0042f417 ; call 0x42f417 push 0 push ref_00475683 ; push 0x475683 jmp near loc_00430478 ; jmp 0x430478 loc_004306ff: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x82 push 0x260 push 0x154 push 0x10 push 0x154 push 0x10 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x1e0 push 0xa0 push 0 push 0 push 0 push 0 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x1e0 push 0x96 push 0 push 0x1ea push 0 push 0x1ea mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x42 push 0x1d8 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0x18 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x42 push 7 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0x30 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x195 push 0x11e xor edx, edx mov dl, byte [ref_0048c37d] ; mov dl, byte [0x48c37d] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc add eax, edx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x195 push 0x166 xor edx, edx mov dl, byte [ref_0048c37e] ; mov dl, byte [0x48c37e] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc add eax, edx push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0 push 2 push 0 push 0x4f35b1 push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0xc1 push 0x4d push ref_004645d9 ; push 0x4645d9 push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 2 push 0 push 0xff0000 push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov byte [esp + 0x74], 0x24 mov esi, dword [ref_00499080] ; mov esi, dword [0x499080] push esi lea eax, [esp + 0x79] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 2 push 0xe4 push 0x4d lea eax, [esp + 0x80] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall call fcn_0042f417 ; call 0x42f417 mov byte [ref_0048c37b], 8 ; mov byte [0x48c37b], 8 jmp near loc_004301db ; jmp 0x4301db loc_004308e0: mov byte [ref_0048c37b], 8 ; mov byte [0x48c37b], 8 mov ebx, dword [ref_00475624] ; mov ebx, dword [0x475624] push ebx jmp near loc_00430244 ; jmp 0x430244 loc_004308f3: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x82 push 0x260 push 0x154 push 0x10 push 0x154 push 0x10 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x16c push 0x97 push 0x74 push 0x1e9 push 0x74 push 0x1e9 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x82 push 0x86 push 0x112 push 0 push 0x154 push 7 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0x30 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_00456495 ; call 0x456495 add esp, 0x20 push 0x42 push 0x1d8 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0x18 push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x28 push 0x32 push 0x17 push 0x2d push 0x59 push 0x34 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0x30 push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x195 push 0x11e xor edx, edx mov dl, byte [ref_0048c37d] ; mov dl, byte [0x48c37d] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc add eax, edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x195 push 0x166 xor edx, edx mov dl, byte [ref_0048c37e] ; mov dl, byte [0x48c37e] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc add eax, edx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push 0 push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] call fcn_0042f417 ; call 0x42f417 push 0 push 0x101010 push 0 push 0xfffffffffffffff6 push 0x2f push 0x12c mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0x114 push eax call fcn_0044ec30 ; call 0x44ec30 add esp, 0x1c mov byte [ref_0048c37b], 9 ; mov byte [0x48c37b], 9 mov ecx, dword [ref_00475628] ; mov ecx, dword [0x475628] jmp near loc_00430243 ; jmp 0x430243 loc_00430aa3: mov byte [ref_0048c37b], 0xa ; mov byte [0x48c37b], 0xa mov eax, dword [ref_0047562c] ; mov eax, dword [0x47562c] push eax jmp near loc_00430244 ; jmp 0x430244 loc_00430ab5: mov ecx, dword [ref_0048c373] ; mov ecx, dword [0x48c373] push ecx push esi call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] mov ebx, dword [ref_0048c377] ; mov ebx, dword [0x48c377] test ebx, ebx je short loc_00430afb ; je 0x430afb push 1 mov edi, dword [ref_00499080] ; mov edi, dword [0x499080] push edi lea eax, [ebx - 1] push eax call fcn_0041d3f4 ; call 0x41d3f4 add esp, 0xc xor ebp, ebp mov dword [ref_00499080], ebp ; mov dword [0x499080], ebp push 0x24 push ebp push ref_004990b8 ; push 0x4990b8 call memset ; call 0x456f60 add esp, 0xc loc_00430afb: push 0 call _Post_0402_Message ; call 0x401966 jmp near loc_00430249 ; jmp 0x430249 loc_00430b07: inc eax cmp eax, 0x24 jge short loc_00430b2a ; jge 0x430b2a loc_00430b0d: mov cl, byte [eax + ref_004990b8] ; mov cl, byte [eax + 0x4990b8] test cl, cl je short loc_00430b07 ; je 0x430b07 xor edx, edx mov dl, cl inc byte [esp + edx + 0x7f] mov dl, al inc dl mov byte [esp + ebx + 0x40], dl inc ebx jmp short loc_00430b07 ; jmp 0x430b07 loc_00430b2a: cmp byte [esp + 0x80], 0xa ja short loc_00430b52 ; ja 0x430b52 cmp byte [esp + 0x81], 0xa ja short loc_00430b52 ; ja 0x430b52 cmp byte [esp + 0x82], 0xa ja short loc_00430b52 ; ja 0x430b52 cmp byte [esp + 0x83], 0xa jbe short loc_00430b66 ; jbe 0x430b66 loc_00430b52: call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv ebx xor ebx, ebx mov bl, byte [esp + edx + 0x40] jmp short loc_00430b7a ; jmp 0x430b7a loc_00430b66: call clib_rand ; call 0x456f2d mov edx, eax mov ebx, 0x24 sar edx, 0x1f idiv ebx lea ebx, [edx + 1] loc_00430b7a: push ebx push ref_004645d4 ; push 0x4645d4 lea eax, [esp + 0x7c] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov al, byte [esp + 0x74] sub al, 0xb mov byte [ref_0048c37d], al ; mov byte [0x48c37d], al mov al, byte [esp + 0x75] sub al, 0xb mov byte [ref_0048c37e], al ; mov byte [0x48c37e], al mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x82 push 0x260 push 0x154 push 0x10 push 0x154 push 0x10 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x82 push 0x86 push 0x112 push 0 push 0x154 push 7 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0x30 push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456495 ; call 0x456495 add esp, 0x20 push 0x195 push 0x11e xor edx, edx mov dl, byte [ref_0048c37d] ; mov dl, byte [0x48c37d] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc add eax, edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x195 push 0x166 xor edx, edx mov dl, byte [ref_0048c37e] ; mov dl, byte [0x48c37e] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc add eax, edx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0xdc push 0x12c xor eax, eax mov al, byte [ref_0048c37d] ; mov al, byte [0x48c37d] lea edx, [eax - 0x1d] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] add eax, 0xc add eax, edx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0xdc push 0x154 xor eax, eax mov al, byte [ref_0048c37e] ; mov al, byte [0x48c37e] lea edx, [eax - 0x1d] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] add eax, 0xc add eax, edx push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov dword [esp + 0x64], 0xf4 mov dword [esp + 0x68], 0xb4 mov dword [esp + 0x6c], 0x18a mov dword [esp + 0x70], 0x1bc call fcn_0042f417 ; call 0x42f417 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0x68] push ecx mov edi, dword [ref_0048a0e0] ; mov edi, dword [0x48a0e0] push edi mov ebp, dword [esp + 0x74] push ebp mov ecx, dword [esp + 0x74] push ecx push eax call dword [edx + 0x1c] ; ucall cmp byte [ebx + ref_004990b7], 0 ; cmp byte [ebx + 0x4990b7], 0 je short loc_00430d85 ; je 0x430d85 mov byte [ref_0048c37b], 4 ; mov byte [0x48c37b], 4 mov ebp, dword [ref_00475618] ; mov ebp, dword [0x475618] push ebp call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 xor eax, eax mov al, byte [ebx + ref_004990b7] ; mov al, byte [ebx + 0x4990b7] mov dword [ref_0048c377], eax ; mov dword [0x48c377], eax jmp near loc_00430f43 ; jmp 0x430f43 loc_00430d85: push 0x1f4 call fcn_0045285e ; call 0x45285e add esp, 4 mov byte [ref_0048c37b], 7 ; mov byte [0x48c37b], 7 push 0 push 0x101010 push 0 push 0 push 0xc8 push 0x140 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0x120 push eax call fcn_0044ec30 ; call 0x44ec30 add esp, 0x1c mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x82 push 0x260 push 0x154 push 0x10 push 0x154 push 0x10 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x1e0 push 0xa9 push 0 push 0x1d8 push 0 push 0x1d8 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x82 push 0x86 push 0x112 push 0 push 0x154 push 7 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0x30 push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456495 ; call 0x456495 add esp, 0x20 push 0x195 push 0x11e xor edx, edx mov dl, byte [ref_0048c37d] ; mov dl, byte [0x48c37d] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc add eax, edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x195 push 0x166 xor edx, edx mov dl, byte [ref_0048c37e] ; mov dl, byte [0x48c37e] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc add eax, edx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x74 push 0x1e9 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0x3c push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x59 push 0x34 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0x108 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push 0 push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] call fcn_0042f417 ; call 0x42f417 mov edi, dword [ref_00475620] ; mov edi, dword [0x475620] push edi call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 loc_00430f43: cmp byte [ref_0048c37b], 5 ; cmp byte [0x48c37b], 5 jne near loc_004310eb ; jne 0x4310eb mov dl, byte [ref_0048c37c] ; mov dl, byte [0x48c37c] inc dl mov byte [ref_0048c37c], dl ; mov byte [0x48c37c], dl cmp dl, 0x1e jbe near loc_004310eb ; jbe 0x4310eb call fcn_00450f04 ; call 0x450f04 test eax, eax jne near loc_004310eb ; jne 0x4310eb mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x82 push 0x260 push 0x154 push 0x10 push 0x154 push 0x10 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x168 push 0x14a push 0 push 0x96 push 0 push 0x96 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x78 push 0xa2 push 0x154 push 0 push 0x154 push 0 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0x54 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456495 ; call 0x456495 add esp, 0x20 push 0x82 push 0x7c push 0x112 push 0 push 0x154 push 0x1f9 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0x48 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_00456495 ; call 0x456495 add esp, 0x20 push 0x195 push 0x11e xor edx, edx mov dl, byte [ref_0048c37d] ; mov dl, byte [0x48c37d] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048c360] ; mov edx, dword [0x48c360] add edx, 0xc add eax, edx push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x195 push 0x166 xor edx, edx mov dl, byte [ref_0048c37e] ; mov dl, byte [0x48c37e] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc add eax, edx push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push 0 push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] call fcn_0042f417 ; call 0x42f417 mov byte [ref_0048c37b], 6 ; mov byte [0x48c37b], 6 mov eax, dword [ref_0047561c] ; mov eax, dword [0x47561c] push eax call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 loc_004310eb: mov bh, byte [ref_0048c37b] ; mov bh, byte [0x48c37b] cmp bh, 4 jb short loc_004310ff ; jb 0x4310ff cmp bh, 8 jbe near loc_004301db ; jbe 0x4301db loc_004310ff: mov eax, dword [ref_0048c350] ; mov eax, dword [0x48c350] and eax, 0xf cmp eax, 4 ja near loc_00431431 ; ja 0x431431 jmp dword [eax*4 + ref_004300f8] ; ujmp: jmp dword [eax*4 + 0x4300f8] loc_00431117: call clib_rand ; call 0x456f2d mov ebx, eax sar ebx, 9 mov eax, dword [ref_0048c350] ; mov eax, dword [0x48c350] and al, 0xf0 test ebx, ebx jne short loc_00431138 ; jne 0x431138 or al, 1 loc_0043112e: mov dword [ref_0048c350], eax ; mov dword [0x48c350], eax jmp near loc_00431431 ; jmp 0x431431 loc_00431138: cmp ebx, 1 jne short loc_00431141 ; jne 0x431141 or al, 2 jmp short loc_0043112e ; jmp 0x43112e loc_00431141: cmp ebx, 4 jge short loc_0043114a ; jge 0x43114a or al, 3 jmp short loc_0043112e ; jmp 0x43112e loc_0043114a: cmp ebx, 6 jge near loc_00431431 ; jge 0x431431 or al, 4 jmp short loc_0043112e ; jmp 0x43112e loc_00431157: mov ebx, dword [ref_0048c350] ; mov ebx, dword [0x48c350] and ebx, 0xf0 sar ebx, 4 mov dword [esp + 0x64], 0x200 mov dword [esp + 0x68], 0x66 mov dword [esp + 0x6c], 0x232 mov dword [esp + 0x70], 0x76 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ecx, dword [esp + 0x68] push ecx mov edi, dword [esp + 0x68] push edi xor edx, edx mov dl, byte [ebx + ref_00475663] ; mov dl, byte [ebx + 0x475663] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048c360] ; mov edx, dword [0x48c360] add edx, 0xc add eax, edx push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 add dword [ref_0048c350], 0x10 ; add dword [0x48c350], 0x10 mov bh, byte [ref_0048c350] ; mov bh, byte [0x48c350] and bh, 0x3f mov byte [ref_0048c350], bh ; mov byte [0x48c350], bh test bh, 0x30 jne short loc_004311fe ; jne 0x4311fe or byte [ref_0048c351], 0x10 ; or byte [0x48c351], 0x10 mov al, bh and al, 0xf0 mov byte [ref_0048c350], al ; mov byte [0x48c350], al loc_004311fe: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x68] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_00431431 ; jmp 0x431431 loc_00431222: mov ebx, dword [ref_0048c350] ; mov ebx, dword [0x48c350] and ebx, 0xf00 sar ebx, 8 mov dword [esp + 0x64], 0x34 mov dword [esp + 0x68], 0x59 mov dword [esp + 0x6c], 0x66 mov dword [esp + 0x70], 0x73 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ebp, dword [esp + 0x68] push ebp mov eax, dword [esp + 0x68] push eax xor edx, edx mov dl, byte [ebx + ref_00475667] ; mov dl, byte [ebx + 0x475667] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc add eax, edx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 add dword [ref_0048c350], 0x100 ; add dword [0x48c350], 0x100 mov ah, byte [ref_0048c351] ; mov ah, byte [0x48c351] and ah, 0xf3 mov byte [ref_0048c351], ah ; mov byte [0x48c351], ah test ah, 3 jne near loc_004311fe ; jne 0x4311fe mov dh, ah or dh, 0x20 mov byte [ref_0048c351], dh ; mov byte [0x48c351], dh and byte [ref_0048c350], 0xf0 ; and byte [0x48c350], 0xf0 jmp near loc_004311fe ; jmp 0x4311fe loc_004312d8: call clib_rand ; call 0x456f2d mov ebx, eax and ebx, 1 mov eax, dword [ref_0048c350] ; mov eax, dword [0x48c350] and eax, 0x1000 sar eax, 0xc cmp ebx, eax je near loc_0043142a ; je 0x43142a mov dword [esp + 0x64], 0x200 mov dword [esp + 0x68], 0x66 mov dword [esp + 0x6c], 0x232 mov dword [esp + 0x70], 0x76 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ecx, dword [esp + 0x68] push ecx mov edi, dword [esp + 0x68] push edi lea edx, [ebx + 9] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048c360] ; mov edx, dword [0x48c360] add edx, 0xc add eax, edx push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x68] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_0043142a ; jmp 0x43142a loc_00431383: call clib_rand ; call 0x456f2d mov ebx, eax and ebx, 1 mov eax, dword [ref_0048c350] ; mov eax, dword [0x48c350] and eax, 0x2000 sar eax, 0xd cmp ebx, eax je near loc_0043142a ; je 0x43142a mov dword [esp + 0x64], 0x34 mov dword [esp + 0x68], 0x59 mov dword [esp + 0x6c], 0x66 mov dword [esp + 0x70], 0x73 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [esp + 0x68] push eax mov edx, dword [esp + 0x68] push edx lea edx, [ebx + 0xe] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc add eax, edx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x68] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_0043142a: and byte [ref_0048c350], 0xf0 ; and byte [0x48c350], 0xf0 loc_00431431: call fcn_0044ef3b ; call 0x44ef3b test eax, eax jne short loc_00431447 ; jne 0x431447 cmp dword [ref_0048c34c], 0 ; cmp dword [0x48c34c], 0 je near loc_004301db ; je 0x4301db loc_00431447: mov dword [esp + 0x64], 0x200 mov dword [esp + 0x68], 0x77 mov dword [esp + 0x6c], 0x232 mov dword [esp + 0x70], 0x8d mov eax, dword [ref_0048c34c] ; mov eax, dword [0x48c34c] test eax, eax je short loc_004314da ; je 0x4314da dec eax mov dword [ref_0048c34c], eax ; mov dword [0x48c34c], eax jne near loc_004301db ; jne 0x4301db mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ecx, dword [esp + 0x68] push ecx mov ebx, dword [esp + 0x68] push ebx mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0x90 push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall loc_004314c6: push 0 lea eax, [esp + 0x68] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_004301db ; jmp 0x4301db loc_004314da: call clib_rand ; call 0x456f2d mov ebx, eax sar ebx, 0xb cmp ebx, 4 jge near loc_004301db ; jge 0x4301db mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov edx, dword [esp + 0x68] push edx mov ecx, dword [esp + 0x68] push ecx call clib_rand ; call 0x456f2d and eax, 1 lea edx, [eax + 0xc] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c360] ; mov eax, dword [0x48c360] add eax, 0xc add eax, edx push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall call clib_rand ; call 0x456f2d and eax, 0xf mov dword [ref_0048c34c], eax ; mov dword [0x48c34c], eax jne near loc_004314c6 ; jne 0x4314c6 mov dword [ref_0048c34c], 1 ; mov dword [0x48c34c], 1 jmp near loc_004314c6 ; jmp 0x4314c6 loc_00431570: mov eax, esp push eax push esi call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ebx, [esp + 0xc] push ebx mov edi, dword [ref_0048a0e0] ; mov edi, dword [0x48a0e0] push edi mov ebp, dword [esp + 0x18] push ebp mov ecx, dword [esp + 0x18] push ecx push eax call dword [edx + 0x1c] ; ucall mov eax, esp push eax push esi call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_004301db ; jmp 0x4301db loc_004315ae: mov ecx, dword [esp + 0xa4] push ecx mov ebx, dword [esp + 0xa4] push ebx push eax push esi call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_004301dd ; jmp 0x4301dd fcn_004315cc: push ebx push esi push edi push ebp sub esp, 0x28 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne near loc_0043169e ; jne 0x43169e push ref_0047566b ; push 0x47566b call fcn_00454176 ; call 0x454176 add esp, 4 push 0 push 0 push 0xc mov ebx, dword [ref_0048a05c] ; mov ebx, dword [0x48a05c] push ebx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c35c], eax ; mov dword [0x48c35c], eax push 0 push 0 push 0xd mov esi, dword [ref_0048a05c] ; mov esi, dword [0x48a05c] push esi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c368], eax ; mov dword [0x48c368], eax push 0 push 0 push 0xe mov edi, dword [ref_0048a05c] ; mov edi, dword [0x48a05c] push edi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c364], eax ; mov dword [0x48c364], eax push 6 call fcn_004549cf ; call 0x4549cf add esp, 4 push 0 push fcn_0042f7fc ; push 0x42f7fc call _Wait_0402_Message ; call 0x4018e7 add esp, 8 call fcn_00454bcc ; call 0x454bcc mov ebp, dword [ref_0048c35c] ; mov ebp, dword [0x48c35c] push ebp call clib_free ; call 0x456e11 add esp, 4 mov eax, dword [ref_0048c368] ; mov eax, dword [0x48c368] push eax call clib_free ; call 0x456e11 add esp, 4 mov edx, dword [ref_0048c364] ; mov edx, dword [0x48c364] push edx call clib_free ; call 0x456e11 add esp, 4 push ref_0047566b ; push 0x47566b call fcn_00454240 ; call 0x454240 add esp, 4 jmp near loc_0043170a ; jmp 0x43170a loc_0043169e: cmp dword [eax + (_players+28)], 0x3e8 ; cmp dword [eax + 0x496b84], 0x3e8 jle short loc_0043170a ; jle 0x43170a xor eax, eax xor ebx, ebx jmp short loc_004316b6 ; jmp 0x4316b6 loc_004316b0: inc eax cmp eax, 0x24 jge short loc_004316c5 ; jge 0x4316c5 loc_004316b6: cmp byte [eax + ref_004990b8], 0 ; cmp byte [eax + 0x4990b8], 0 jne short loc_004316b0 ; jne 0x4316b0 mov byte [esp + ebx], al inc ebx jmp short loc_004316b0 ; jmp 0x4316b0 loc_004316c5: test ebx, ebx je short loc_0043170a ; je 0x43170a mov al, byte [_current_player] ; mov al, byte [0x49910c] inc al mov byte [esp + 0x24], al call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv ebx xor eax, eax mov al, byte [esp + edx] mov dl, byte [esp + 0x24] mov byte [eax + ref_004990b8], dl ; mov byte [eax + 0x4990b8], dl imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 sub dword [eax + (_players+28)], 0x3e8 ; sub dword [eax + 0x496b84], 0x3e8 add dword [ref_00499080], 0x3e8 ; add dword [0x499080], 0x3e8 loc_0043170a: add esp, 0x28 pop ebp pop edi pop esi pop ebx ret fcn_00431712: push ebx push esi push edi push ebp xor eax, eax jmp short loc_00431720 ; jmp 0x431720 loc_0043171a: inc eax cmp eax, 0x24 jge short loc_00431729 ; jge 0x431729 loc_00431720: cmp byte [eax + ref_004990b8], 0 ; cmp byte [eax + 0x4990b8], 0 je short loc_0043171a ; je 0x43171a loc_00431729: cmp eax, 0x24 je near loc_0043180d ; je 0x43180d push ref_0047567b ; push 0x47567b call fcn_00454176 ; call 0x454176 add esp, 4 push 0 push 0 push 0xf mov edx, dword [ref_0048a05c] ; mov edx, dword [0x48a05c] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c360], eax ; mov dword [0x48c360], eax push 0 push 0 push 0xd mov ecx, dword [ref_0048a05c] ; mov ecx, dword [0x48a05c] push ecx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c368], eax ; mov dword [0x48c368], eax push 0 push 0 push 0x10 mov ebx, dword [ref_0048a05c] ; mov ebx, dword [0x48a05c] push ebx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c358], eax ; mov dword [0x48c358], eax push 0 push 0 push 0x11 mov esi, dword [ref_0048a05c] ; mov esi, dword [0x48a05c] push esi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c354], eax ; mov dword [0x48c354], eax push 8 call fcn_004549cf ; call 0x4549cf add esp, 4 push 0 push fcn_0043010c ; push 0x43010c call _Wait_0402_Message ; call 0x4018e7 add esp, 8 call fcn_00454bcc ; call 0x454bcc mov edi, dword [ref_0048c360] ; mov edi, dword [0x48c360] push edi call clib_free ; call 0x456e11 add esp, 4 mov ebp, dword [ref_0048c368] ; mov ebp, dword [0x48c368] push ebp call clib_free ; call 0x456e11 add esp, 4 mov eax, dword [ref_0048c358] ; mov eax, dword [0x48c358] push eax call clib_free ; call 0x456e11 add esp, 4 mov edx, dword [ref_0048c354] ; mov edx, dword [0x48c354] push edx call clib_free ; call 0x456e11 add esp, 4 push ref_0047567b ; push 0x47567b call fcn_00454240 ; call 0x454240 add esp, 4 loc_0043180d: pop ebp pop edi pop esi pop ebx ret ref_00431812: ; may contain a jump table dd loc_00431867 dd loc_004318b7 dd loc_00431969 dd loc_00431a23 dd loc_00431a7d dd loc_00431ad2 dd loc_00431b2c dd loc_00431b61 dd loc_00431b99 dd loc_00431bcf dd loc_00431c02 dd loc_00431c31 fcn_00431842: push ebx push esi push edi push ebp sub esp, 4 xor edx, edx mov dword [ref_0048c380], edx ; mov dword [0x48c380], edx mov ecx, dword [esp + 0x18] cmp ecx, 0xb ja near loc_00431c62 ; ja 0x431c62 mov eax, ecx jmp dword [eax*4 + ref_00431812] ; ujmp: jmp dword [eax*4 + 0x431812] loc_00431867: xor ebx, ebx xor esi, esi mov dword [esp], edx loc_0043186e: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge near loc_00431c62 ; jge 0x431c62 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_004318b4 ; je 0x4318b4 push ebx call fcn_004239b9 ; call 0x4239b9 add esp, 4 mov edx, dword [esp] cmp eax, edx jle short loc_004318a7 ; jle 0x4318a7 mov dword [esp], eax test esi, esi je short loc_004318a9 ; je 0x4318a9 xor esi, esi mov dword [ref_0048c380], esi ; mov dword [0x48c380], esi jmp short loc_004318a9 ; jmp 0x4318a9 loc_004318a7: jne short loc_004318b4 ; jne 0x4318b4 loc_004318a9: mov al, bl inc al mov byte [esi + ref_0048c380], al ; mov byte [esi + 0x48c380], al inc esi loc_004318b4: inc ebx jmp short loc_0043186e ; jmp 0x43186e loc_004318b7: xor ebx, ebx xor esi, esi mov dword [esp], edx loc_004318be: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge near loc_00431c62 ; jge 0x431c62 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je near loc_00431963 ; je 0x431963 xor edx, edx mov eax, 1 loc_004318e1: cmp eax, dword [ref_00498e98] ; cmp eax, dword [0x498e98] jg short loc_00431907 ; jg 0x431907 imul edi, eax, 0x34 mov ecx, dword [ref_00498e84] ; mov ecx, dword [0x498e84] mov cl, byte [ecx + edi + 0x19] and ecx, 0xff lea edi, [ebx + 1] cmp ecx, edi jne short loc_00431904 ; jne 0x431904 inc edx loc_00431904: inc eax jmp short loc_004318e1 ; jmp 0x4318e1 loc_00431907: mov eax, 1 loc_0043190c: cmp eax, dword [ref_00498e8c] ; cmp eax, dword [0x498e8c] jg short loc_00431938 ; jg 0x431938 mov ecx, eax shl ecx, 3 mov edi, ecx shl ecx, 3 sub ecx, edi mov edi, ecx mov ecx, dword [ref_00498e88] ; mov ecx, dword [0x498e88] movzx edi, byte [ecx + edi + 0x19] lea ecx, [ebx + 1] cmp edi, ecx jne short loc_00431935 ; jne 0x431935 inc edx loc_00431935: inc eax jmp short loc_0043190c ; jmp 0x43190c loc_00431938: test edx, edx je short loc_00431963 ; je 0x431963 mov ebp, dword [esp] cmp edx, ebp jle short loc_00431956 ; jle 0x431956 mov dword [esp], edx test esi, esi je short loc_00431958 ; je 0x431958 xor edx, edx mov dword [ref_0048c380], edx ; mov dword [0x48c380], edx xor esi, esi jmp short loc_00431958 ; jmp 0x431958 loc_00431956: jne short loc_00431963 ; jne 0x431963 loc_00431958: mov al, bl inc al mov byte [esi + ref_0048c380], al ; mov byte [esi + 0x48c380], al inc esi loc_00431963: inc ebx jmp near loc_004318be ; jmp 0x4318be loc_00431969: xor ebx, ebx xor esi, esi mov dword [esp], edx loc_00431970: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge near loc_00431c62 ; jge 0x431c62 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je near loc_00431a1d ; je 0x431a1d xor edx, edx mov eax, 1 loc_00431993: cmp eax, dword [ref_00498e98] ; cmp eax, dword [0x498e98] jg short loc_004319bb ; jg 0x4319bb imul ecx, eax, 0x34 mov edi, dword [ref_00498e84] ; mov edi, dword [0x498e84] add ecx, edi movzx ebp, byte [ecx + 0x19] lea edi, [ebx + 1] cmp ebp, edi jne short loc_004319b8 ; jne 0x4319b8 cmp byte [ecx + 0x1a], 0 je short loc_004319b8 ; je 0x4319b8 inc edx loc_004319b8: inc eax jmp short loc_00431993 ; jmp 0x431993 loc_004319bb: mov eax, 1 loc_004319c0: cmp eax, dword [ref_00498e8c] ; cmp eax, dword [0x498e8c] jg short loc_004319f3 ; jg 0x4319f3 mov ecx, eax shl ecx, 3 mov edi, ecx shl ecx, 3 sub ecx, edi mov edi, ecx mov ecx, dword [ref_00498e88] ; mov ecx, dword [0x498e88] add ecx, edi movzx ebp, byte [ecx + 0x19] lea edi, [ebx + 1] cmp ebp, edi jne short loc_004319f0 ; jne 0x4319f0 cmp byte [ecx + 0x1a], 0 je short loc_004319f0 ; je 0x4319f0 inc edx loc_004319f0: inc eax jmp short loc_004319c0 ; jmp 0x4319c0 loc_004319f3: test edx, edx je short loc_00431a1d ; je 0x431a1d mov edi, dword [esp] cmp edx, edi jle short loc_00431a10 ; jle 0x431a10 mov dword [esp], edx test esi, esi je short loc_00431a12 ; je 0x431a12 xor eax, eax mov dword [ref_0048c380], eax ; mov dword [0x48c380], eax xor esi, esi jmp short loc_00431a12 ; jmp 0x431a12 loc_00431a10: jne short loc_00431a1d ; jne 0x431a1d loc_00431a12: mov al, bl inc al mov byte [esi + ref_0048c380], al ; mov byte [esi + 0x48c380], al inc esi loc_00431a1d: inc ebx jmp near loc_00431970 ; jmp 0x431970 loc_00431a23: xor ebx, ebx xor esi, esi xor eax, ecx mov dword [esp], eax loc_00431a2c: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge near loc_00431c62 ; jge 0x431c62 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_00431a7a ; je 0x431a7a cmp dword [eax + (_players+28)], 0 ; cmp dword [eax + 0x496b84], 0 je short loc_00431a7a ; je 0x431a7a mov edx, dword [esp] mov ecx, dword [eax + (_players+28)] ; mov ecx, dword [eax + 0x496b84] cmp edx, ecx jge short loc_00431a6d ; jge 0x431a6d mov dword [esp], ecx test esi, esi je short loc_00431a6f ; je 0x431a6f xor ebp, ebp mov dword [ref_0048c380], ebp ; mov dword [0x48c380], ebp xor esi, esi jmp short loc_00431a6f ; jmp 0x431a6f loc_00431a6d: jne short loc_00431a7a ; jne 0x431a7a loc_00431a6f: mov al, bl inc al mov byte [esi + ref_0048c380], al ; mov byte [esi + 0x48c380], al inc esi loc_00431a7a: inc ebx jmp short loc_00431a2c ; jmp 0x431a2c loc_00431a7d: xor ebx, ebx xor esi, esi mov dword [esp], edx mov edi, dword [_nplayers] ; mov edi, dword [0x499114] loc_00431a8a: cmp ebx, edi jge near loc_00431c62 ; jge 0x431c62 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_00431acf ; je 0x431acf mov ebp, dword [eax + (_players+32)] ; mov ebp, dword [eax + 0x496b88] test ebp, ebp je short loc_00431acf ; je 0x431acf mov edx, dword [esp] cmp edx, ebp jge short loc_00431ac2 ; jge 0x431ac2 mov dword [esp], ebp test esi, esi je short loc_00431ac4 ; je 0x431ac4 xor ebp, ebp mov dword [ref_0048c380], ebp ; mov dword [0x48c380], ebp xor esi, esi jmp short loc_00431ac4 ; jmp 0x431ac4 loc_00431ac2: jne short loc_00431acf ; jne 0x431acf loc_00431ac4: mov al, bl inc al mov byte [esi + ref_0048c380], al ; mov byte [esi + 0x48c380], al inc esi loc_00431acf: inc ebx jmp short loc_00431a8a ; jmp 0x431a8a loc_00431ad2: xor ebx, ebx xor esi, esi mov dword [esp], edx loc_00431ad9: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge near loc_00431c62 ; jge 0x431c62 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_00431b29 ; je 0x431b29 mov dx, word [eax + (_players+48)] ; mov dx, word [eax + 0x496b98] test dx, dx je short loc_00431b29 ; je 0x431b29 mov eax, edx and eax, 0xffff mov edx, dword [esp] cmp eax, edx jle short loc_00431b1c ; jle 0x431b1c mov dword [esp], eax test esi, esi je short loc_00431b1e ; je 0x431b1e xor esi, esi mov dword [ref_0048c380], esi ; mov dword [0x48c380], esi jmp short loc_00431b1e ; jmp 0x431b1e loc_00431b1c: jne short loc_00431b29 ; jne 0x431b29 loc_00431b1e: mov al, bl inc al mov byte [esi + ref_0048c380], al ; mov byte [esi + 0x48c380], al inc esi loc_00431b29: inc ebx jmp short loc_00431ad9 ; jmp 0x431ad9 loc_00431b2c: xor ebx, ebx xor esi, esi mov ebp, dword [_nplayers] ; mov ebp, dword [0x499114] loc_00431b36: cmp ebx, ebp jge near loc_00431c62 ; jge 0x431c62 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_00431b5e ; je 0x431b5e test byte [eax + (_players+17)], 3 ; test byte [eax + 0x496b79], 3 jne short loc_00431b5e ; jne 0x431b5e mov al, bl inc al mov byte [esi + ref_0048c380], al ; mov byte [esi + 0x48c380], al inc esi loc_00431b5e: inc ebx jmp short loc_00431b36 ; jmp 0x431b36 loc_00431b61: xor ebx, ebx xor esi, esi mov edi, dword [_nplayers] ; mov edi, dword [0x499114] loc_00431b6b: cmp ebx, edi jge near loc_00431c62 ; jge 0x431c62 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_00431b96 ; je 0x431b96 mov al, byte [eax + (_players+17)] ; mov al, byte [eax + 0x496b79] and al, 3 cmp al, 1 jne short loc_00431b96 ; jne 0x431b96 mov al, bl inc al mov byte [esi + ref_0048c380], al ; mov byte [esi + 0x48c380], al inc esi loc_00431b96: inc ebx jmp short loc_00431b6b ; jmp 0x431b6b loc_00431b99: xor ebx, ebx xor esi, esi loc_00431b9d: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge near loc_00431c62 ; jge 0x431c62 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_00431bcc ; je 0x431bcc mov al, byte [eax + (_players+17)] ; mov al, byte [eax + 0x496b79] and al, 3 cmp al, 2 jne short loc_00431bcc ; jne 0x431bcc mov al, bl inc al mov byte [esi + ref_0048c380], al ; mov byte [esi + 0x48c380], al inc esi loc_00431bcc: inc ebx jmp short loc_00431b9d ; jmp 0x431b9d loc_00431bcf: xor ebx, ebx xor esi, esi loc_00431bd3: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge near loc_00431c62 ; jge 0x431c62 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_00431bff ; je 0x431bff cmp byte [eax + (_players+63)], 0 ; cmp byte [eax + 0x496ba7], 0 je short loc_00431bff ; je 0x431bff mov al, bl inc al mov byte [esi + ref_0048c380], al ; mov byte [esi + 0x48c380], al inc esi loc_00431bff: inc ebx jmp short loc_00431bd3 ; jmp 0x431bd3 loc_00431c02: xor ebx, ebx xor esi, esi loc_00431c06: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_00431c62 ; jge 0x431c62 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_00431c2e ; je 0x431c2e cmp byte [eax + (_players+20)], 0 ; cmp byte [eax + 0x496b7c], 0 je short loc_00431c2e ; je 0x431c2e mov al, bl inc al mov byte [esi + ref_0048c380], al ; mov byte [esi + 0x48c380], al inc esi loc_00431c2e: inc ebx jmp short loc_00431c06 ; jmp 0x431c06 loc_00431c31: xor ebx, ebx xor esi, esi mov ebp, dword [_nplayers] ; mov ebp, dword [0x499114] loc_00431c3b: cmp ebx, ebp jge short loc_00431c62 ; jge 0x431c62 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_00431c5f ; je 0x431c5f cmp byte [eax + (_players+20)], 0 ; cmp byte [eax + 0x496b7c], 0 jne short loc_00431c5f ; jne 0x431c5f mov al, bl inc al mov byte [esi + ref_0048c380], al ; mov byte [esi + 0x48c380], al inc esi loc_00431c5f: inc ebx jmp short loc_00431c3b ; jmp 0x431c3b loc_00431c62: cmp dword [ref_0048c380], 0 ; cmp dword [0x48c380], 0 setne al and eax, 0xff add esp, 4 pop ebp pop edi pop esi pop ebx ret endloc_00431c79: db 0x90 ref_00431c7a: ; may contain a jump table dd loc_00431cd6 dd loc_00431d65 dd loc_00431dcc dd loc_00431e75 dd loc_00431eef dd loc_00431f67 dd loc_004320dd dd loc_00432160 dd loc_004321f0 dd loc_00432259 dd loc_00432384 dd loc_0043242b fcn_00431caa: push ebx push esi push edi push ebp sub esp, 0xb4 mov esi, dword [esp + 0xc8] xor edx, edx mov dword [ref_0048be18], edx ; mov dword [0x48be18], edx mov eax, dword [_current_player] ; mov eax, dword [0x49910c] mov dword [esp + 0xb0], eax xor edi, edi jmp near loc_004320b4 ; jmp 0x4320b4 loc_00431cd6: push 1 call fcn_0041906a ; call 0x41906a add esp, 4 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ecx, dword [eax + (_players+0)] ; mov ecx, dword [eax + 0x496b68] push ecx push ref_0046482a ; push 0x46482a lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov eax, esi shl eax, 4 mov ebx, dword [eax + ref_00475724] ; mov ebx, dword [eax + 0x475724] push ebx lea eax, [esp + 4] push eax call fcn_004582fc ; call 0x4582fc add esp, 8 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] imul ebx, ebp, 0x68 push ebp call fcn_00441f21 ; call 0x441f21 loc_00431d3a: add esp, 4 add word [ebx + (_players+48)], ax ; add word [ebx + 0x496b98], ax mov edx, dword [_current_player] ; mov edx, dword [0x49910c] push edx loc_00431d4b: call fcn_0041d433 ; call 0x41d433 add esp, 4 push 0xc8 loc_00431d58: call fcn_0045285e ; call 0x45285e add esp, 4 jmp near loc_004320aa ; jmp 0x4320aa loc_00431d65: push 1 call fcn_0041906a ; call 0x41906a add esp, 4 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ebx, dword [eax + (_players+0)] ; mov ebx, dword [eax + 0x496b68] push ebx push ref_0046482a ; push 0x46482a lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov eax, esi shl eax, 4 mov ebp, dword [eax + ref_00475724] ; mov ebp, dword [eax + 0x475724] push ebp lea eax, [esp + 4] push eax call fcn_004582fc ; call 0x4582fc add esp, 8 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 xor ebx, ebx loc_00431dbc: call fcn_0044db81 ; call 0x44db81 inc ebx cmp ebx, 3 jl short loc_00431dbc ; jl 0x431dbc jmp near loc_004320aa ; jmp 0x4320aa loc_00431dcc: push 1 call fcn_0041906a ; call 0x41906a add esp, 4 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ecx, dword [eax + (_players+0)] ; mov ecx, dword [eax + 0x496b68] push ecx push ref_0046482a ; push 0x46482a lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov eax, esi shl eax, 4 mov ebx, dword [eax + ref_00475724] ; mov ebx, dword [eax + 0x475724] push ebx lea eax, [esp + 4] push eax call fcn_004582fc ; call 0x4582fc add esp, 8 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 mov eax, dword [ref_004990e8] ; mov eax, dword [0x4990e8] mov ebx, eax shl ebx, 2 sub ebx, eax add ebx, ebx mov eax, ebx shl ebx, 4 sub ebx, eax push ebx mov ebp, dword [esp + 0xb4] push ebp mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_0040df69 ; call 0x40df69 add esp, 0xc mov edx, dword [_current_player] ; mov edx, dword [0x49910c] push edx call fcn_00441210 ; call 0x441210 add esp, 4 cmp eax, 0xffffffff je near loc_004320aa ; je 0x4320aa push 3 push eax call fcn_0043d593 ; call 0x43d593 loc_00431e6d: add esp, 8 jmp near loc_004320aa ; jmp 0x4320aa loc_00431e75: push 1 call fcn_0041906a ; call 0x41906a add esp, 4 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ebx, dword [eax + (_players+0)] ; mov ebx, dword [eax + 0x496b68] push ebx push ref_0046482a ; push 0x46482a lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov eax, esi shl eax, 4 mov ebp, dword [eax + ref_00475724] ; mov ebp, dword [eax + 0x475724] push ebp lea eax, [esp + 4] push eax call fcn_004582fc ; call 0x4582fc add esp, 8 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 imul ebx, dword [_current_player], 0x68 ; imul ebx, dword [0x49910c], 0x68 mov dh, byte [ebx + (_players+56)] ; mov dh, byte [ebx + 0x496ba0] inc dh mov byte [ebx + (_players+56)], dh ; mov byte [ebx + 0x496ba0], dh mov cl, dh and cl, 0x7f mov byte [ebx + (_players+56)], cl ; mov byte [ebx + 0x496ba0], cl jmp near loc_004320aa ; jmp 0x4320aa loc_00431eef: push 1 call fcn_0041906a ; call 0x41906a add esp, 4 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ebp, dword [eax + (_players+0)] ; mov ebp, dword [eax + 0x496b68] push ebp push ref_0046482a ; push 0x46482a lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov eax, esi shl eax, 4 mov edx, dword [eax + ref_00475724] ; mov edx, dword [eax + 0x475724] push edx lea eax, [esp + 4] push eax call fcn_004582fc ; call 0x4582fc add esp, 8 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] imul ebx, ecx, 0x68 mov eax, dword [ebx + (_players+28)] ; mov eax, dword [ebx + 0x496b84] add dword [ebx + (_players+32)], eax ; add dword [ebx + 0x496b88], eax xor eax, eax mov dword [ebx + (_players+28)], eax ; mov dword [ebx + 0x496b84], eax push ecx jmp near loc_00431d4b ; jmp 0x431d4b loc_00431f67: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp dword [eax + (_players+50)], 0 ; cmp dword [eax + 0x496b9a], 0 jne near loc_004320aa ; jne 0x4320aa mov ax, word [eax + (_players+12)] ; mov ax, word [eax + 0x496b74] and eax, 0xffff mov ebx, eax shl ebx, 2 add ebx, eax mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] mov bx, word [eax + ebx*8 + 0x20] and ebx, 0xffff cmp ebx, 0x7d0 jle near loc_004320aa ; jle 0x4320aa cmp ebx, 0x1770 jge near loc_004320aa ; jge 0x4320aa push 1 call fcn_0041906a ; call 0x41906a add esp, 4 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ebp, dword [eax + (_players+0)] ; mov ebp, dword [eax + 0x496b68] push ebp push ref_0046482a ; push 0x46482a lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov eax, esi shl eax, 4 mov edx, dword [eax + ref_00475724] ; mov edx, dword [eax + 0x475724] push edx lea eax, [esp + 4] push eax call fcn_004582fc ; call 0x4582fc add esp, 8 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 lea eax, [esp + 0xac] push eax lea eax, [esp + 0xac] push eax push ebx call fcn_0040af12 ; call 0x40af12 add esp, 0xc push 0 push 0 push 0x229 mov ecx, dword [ref_0048a0e4] ; mov ecx, dword [0x48a0e4] push ecx call fcn_00450441 ; call 0x450441 mov ebp, eax add esp, 0x10 push 0 mov eax, dword [esp + 0xb0] push eax mov edx, dword [esp + 0xb0] push edx call fcn_0041d476 ; call 0x41d476 add esp, 0xc push ebx call fcn_0040b110 ; call 0x40b110 add esp, 4 mov dword [esp + 0xa8], eax push 0x5b push 0x2c0001 push 0x28 push 0 push ebp call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebp call clib_free ; call 0x456e11 add esp, 4 test byte [esp + 0xa8], 0x80 je short loc_00432094 ; je 0x432094 call fcn_0040b0cd ; call 0x40b0cd loc_00432094: push ref_0046482f ; push 0x46482f push 0 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx loc_004320a2: call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_004320aa: inc edi cmp edi, 4 jge near loc_004324fa ; jge 0x4324fa loc_004320b4: cmp byte [edi + ref_0048c380], 0 ; cmp byte [edi + 0x48c380], 0 je near loc_004324fa ; je 0x4324fa xor eax, eax mov al, byte [edi + ref_0048c380] ; mov al, byte [edi + 0x48c380] dec eax mov dword [_current_player], eax ; mov dword [0x49910c], eax cmp esi, 0xb ja short loc_004320aa ; ja 0x4320aa mov eax, esi jmp dword [eax*4 + ref_00431c7a] ; ujmp: jmp dword [eax*4 + 0x431c7a] loc_004320dd: push 1 call fcn_0041906a ; call 0x41906a add esp, 4 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp call fcn_00441e12 ; call 0x441e12 mov ebx, eax add esp, 4 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ecx, dword [eax + (_players+0)] ; mov ecx, dword [eax + 0x496b68] push ecx push ref_0046482a ; push 0x46482a lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov eax, ebx mov ebx, dword [eax*8 + (_card_table - 8)] ; mov ebx, dword [eax*8 + 0x47fdea] push ebx push ref_00464839 ; push 0x464839 lea eax, [esp + 0x88] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc lea eax, [esp + 0x80] push eax lea eax, [esp + 4] push eax call fcn_004582fc ; call 0x4582fc add esp, 8 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac jmp near loc_00431e6d ; jmp 0x431e6d loc_00432160: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp dword [eax + (_players+50)], 0 ; cmp dword [eax + 0x496b9a], 0 jne near loc_004320aa ; jne 0x4320aa push 1 call fcn_0041906a ; call 0x41906a add esp, 4 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov edx, dword [eax + (_players+0)] ; mov edx, dword [eax + 0x496b68] push edx push ref_0046482a ; push 0x46482a lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov eax, esi shl eax, 4 mov ecx, dword [eax + ref_00475724] ; mov ecx, dword [eax + 0x475724] push ecx lea eax, [esp + 4] push eax call fcn_004582fc ; call 0x4582fc add esp, 8 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_0040c78c ; call 0x40c78c add esp, 4 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0x1f4 jmp near loc_00431d58 ; jmp 0x431d58 loc_004321f0: push 1 call fcn_0041906a ; call 0x41906a add esp, 4 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov edx, dword [eax + (_players+0)] ; mov edx, dword [eax + 0x496b68] push edx push ref_0046482a ; push 0x46482a lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov eax, esi shl eax, 4 mov ecx, dword [eax + ref_00475724] ; mov ecx, dword [eax + 0x475724] push ecx lea eax, [esp + 4] push eax call fcn_004582fc ; call 0x4582fc add esp, 8 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] imul ebx, ebp, 0x68 push ebp call fcn_00445b3f ; call 0x445b3f jmp near loc_00431d3a ; jmp 0x431d3a loc_00432259: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp dword [eax + (_players+50)], 0 ; cmp dword [eax + 0x496b9a], 0 jne near loc_004320aa ; jne 0x4320aa mov ax, word [eax + (_players+12)] ; mov ax, word [eax + 0x496b74] and eax, 0xffff mov ebx, eax shl ebx, 2 add ebx, eax mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] mov bx, word [eax + ebx*8 + 0x20] and ebx, 0xffff cmp ebx, 0x7d0 jle near loc_004320aa ; jle 0x4320aa cmp ebx, 0x1770 jge near loc_004320aa ; jge 0x4320aa push 1 call fcn_0041906a ; call 0x41906a add esp, 4 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ecx, dword [eax + (_players+0)] ; mov ecx, dword [eax + 0x496b68] push ecx push ref_0046482a ; push 0x46482a lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov eax, esi shl eax, 4 mov ebp, dword [eax + ref_00475724] ; mov ebp, dword [eax + 0x475724] push ebp lea eax, [esp + 4] push eax call fcn_004582fc ; call 0x4582fc add esp, 8 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 lea eax, [esp + 0xac] push eax lea eax, [esp + 0xac] push eax push ebx call fcn_0040af12 ; call 0x40af12 add esp, 0xc push 0 push 0 push 0x211 mov eax, dword [ref_0048a0e4] ; mov eax, dword [0x48a0e4] push eax call fcn_00450441 ; call 0x450441 mov ebp, eax add esp, 0x10 push 0 mov edx, dword [esp + 0xb0] push edx mov ecx, dword [esp + 0xb0] push ecx call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0 push ebx call fcn_0040ab4a ; call 0x40ab4a add esp, 8 push 0x61 push 0x260001 push 0x28 push 0 push ebp call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebp call clib_free ; call 0x456e11 add esp, 4 push ref_0046482f ; push 0x46482f push 0 mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx jmp near loc_004320a2 ; jmp 0x4320a2 loc_00432384: push 1 call fcn_0041906a ; call 0x41906a add esp, 4 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ebx, dword [eax + (_players+0)] ; mov ebx, dword [eax + 0x496b68] push ebx push ref_0046482a ; push 0x46482a lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov eax, esi shl eax, 4 mov ebp, dword [eax + ref_00475724] ; mov ebp, dword [eax + 0x475724] push ebp lea eax, [esp + 4] push eax call fcn_004582fc ; call 0x4582fc add esp, 8 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 mov eax, dword [ref_004990e8] ; mov eax, dword [0x4990e8] mov ebx, eax shl ebx, 2 sub ebx, eax add ebx, ebx mov eax, ebx shl ebx, 4 sub ebx, eax push ebx mov eax, dword [esp + 0xb4] push eax mov edx, dword [_current_player] ; mov edx, dword [0x49910c] push edx call fcn_0040df69 ; call 0x40df69 add esp, 0xc mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_00441210 ; call 0x441210 add esp, 4 cmp eax, 0xffffffff je near loc_004320aa ; je 0x4320aa push 3 push eax call fcn_0043ec3f ; call 0x43ec3f jmp near loc_00431e6d ; jmp 0x431e6d loc_0043242b: imul ebx, dword [_current_player], 0x68 ; imul ebx, dword [0x49910c], 0x68 cmp dword [ebx + (_players+50)], 0 ; cmp dword [ebx + 0x496b9a], 0 jne near loc_004320aa ; jne 0x4320aa xor eax, esi mov ax, word [ebx + (_players+12)] ; mov ax, word [ebx + 0x496b74] mov ebx, eax shl ebx, 2 add ebx, eax mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] mov bx, word [eax + ebx*8 + 0x20] and ebx, 0xffff cmp ebx, 0x7d0 jle near loc_004320aa ; jle 0x4320aa cmp ebx, 0x1770 jge near loc_004320aa ; jge 0x4320aa push 1 call fcn_0041906a ; call 0x41906a add esp, 4 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ecx, dword [eax + (_players+0)] ; mov ecx, dword [eax + 0x496b68] push ecx push ref_0046482a ; push 0x46482a lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov eax, esi shl eax, 4 mov ebp, dword [eax + ref_00475724] ; mov ebp, dword [eax + 0x475724] push ebp lea eax, [esp + 4] push eax call fcn_004582fc ; call 0x4582fc add esp, 8 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 push 1 push ebx mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_0043bde5 ; call 0x43bde5 add esp, 0xc push 1 call fcn_0041906a ; call 0x41906a add esp, 4 push ref_0046482f ; push 0x46482f push 0 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] push edx jmp near loc_004320a2 ; jmp 0x4320a2 loc_004324fa: mov eax, dword [esp + 0xb0] mov dword [_current_player], eax ; mov dword [0x49910c], eax add esp, 0xb4 pop ebp pop edi pop esi pop ebx ret fcn_00432511: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0 push 0 mov eax, dword [ref_0048c398] ; mov eax, dword [0x48c398] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x8c push 0xf1 mov eax, dword [ref_0048c398] ; mov eax, dword [0x48c398] add eax, 0x18 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0x202020 push 0xe0e0e0 push 0 push 0 push 0x180 push 0x140 mov eax, dword [ref_0048c398] ; mov eax, dword [0x48c398] add eax, 0x6c push eax call fcn_0044ec30 ; call 0x44ec30 add esp, 0x1c ret endloc_0043259f: db 0x8d db 0x40 db 0x00 ref_004325a2: ; may contain a jump table dd loc_0043285b dd loc_0043292e dd loc_00432951 dd loc_00432871 dd loc_004329ef dd loc_00432a0f dd loc_00432871 dd loc_00432a4c fcn_004325c2: push ebx push esi push edi push ebp sub esp, 0x5c mov ebx, dword [esp + 0x70] mov eax, dword [esp + 0x74] mov edx, dword [esp + 0x7c] cmp eax, 0x201 jb short loc_0043261c ; jb 0x43261c jbe near loc_00432e8e ; jbe 0x432e8e cmp eax, 0x205 jb short loc_0043260c ; jb 0x43260c jbe near loc_00432e64 ; jbe 0x432e64 cmp eax, 0x401 jb near loc_00433074 ; jb 0x433074 jbe short loc_00432647 ; jbe 0x432647 cmp eax, 0x405 je near loc_004326b9 ; je 0x4326b9 jmp near loc_00433074 ; jmp 0x433074 loc_0043260c: cmp eax, 0x203 je near loc_00432e8e ; je 0x432e8e jmp near loc_00433074 ; jmp 0x433074 loc_0043261c: cmp eax, 0x113 jb short loc_00432639 ; jb 0x432639 jbe near loc_004326e5 ; jbe 0x4326e5 cmp eax, 0x200 je near loc_00432b50 ; je 0x432b50 jmp near loc_00433074 ; jmp 0x433074 loc_00432639: cmp eax, 0xf je near loc_0043301c ; je 0x43301c jmp near loc_00433074 ; jmp 0x433074 loc_00432647: xor cl, cl mov byte [ref_0048c3a0], cl ; mov byte [0x48c3a0], cl mov byte [ref_0048c3a1], cl ; mov byte [0x48c3a1], cl mov byte [ref_0048c3a2], cl ; mov byte [0x48c3a2], cl mov byte [ref_0048c3a3], cl ; mov byte [0x48c3a3], cl mov byte [ref_0048c3a4], cl ; mov byte [0x48c3a4], cl mov al, byte [ref_00497159] ; mov al, byte [0x497159] xor al, 1 mov byte [ref_0048c3a5], al ; mov byte [0x48c3a5], al call fcn_00432511 ; call 0x432511 push 0 push 0x64 mov ecx, dword [_callbackSize] ; mov ecx, dword [0x46cad8] push ecx push ebx call dword [cs:__imp__SetTimer@16] ; ucall: call dword cs:[0x462324] mov dword [ref_0048c39c], eax ; mov dword [0x48c39c], eax push 0 push 0 push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 push 0 push 0x405 push ebx call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] loc_004326ad: xor eax, eax loc_004326af: add esp, 0x5c loc_004326b2: pop ebp pop edi pop esi pop ebx ret 0x10 loc_004326b9: cmp byte [ref_0048c3a5], 0 ; cmp byte [0x48c3a5], 0 jne near loc_00432e82 ; jne 0x432e82 mov byte [ref_0048c3a2], 1 ; mov byte [0x48c3a2], 1 mov edx, dword [ref_00475694] ; mov edx, dword [0x475694] push edx call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 mov byte [ref_0048c3a4], 2 ; mov byte [0x48c3a4], 2 jmp short loc_004326ad ; jmp 0x4326ad loc_004326e5: cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je short loc_004326ad ; je 0x4326ad mov eax, dword [esp + 0x78] cmp eax, dword [_callbackSize] ; cmp eax, dword [0x46cad8] jne short loc_004326ad ; jne 0x4326ad cmp byte [ref_0048c3a2], 4 ; cmp byte [0x48c3a2], 4 jne near loc_00432828 ; jne 0x432828 mov al, byte [ref_0048c3a1] ; mov al, byte [0x48c3a1] dec al mov byte [ref_0048c3a1], al ; mov byte [0x48c3a1], al jne near loc_00432828 ; jne 0x432828 loc_00432719: call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 0xc sar edx, 0x1f idiv ecx mov byte [ref_0048c3a3], dl ; mov byte [0x48c3a3], dl xor eax, eax mov al, dl push eax call fcn_00431842 ; call 0x431842 add esp, 4 test eax, eax je short loc_00432719 ; je 0x432719 mov dword [esp + 0x40], 0xf1 mov dword [esp + 0x44], 0x8c mov dword [esp + 0x48], 0x196 mov dword [esp + 0x4c], 0x161 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov esi, dword [esp + 0x44] push esi mov edi, dword [esp + 0x44] push edi mov eax, dword [ref_0048c398] ; mov eax, dword [0x48c398] add eax, 0x18 push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x128 push 0x146 xor eax, eax mov al, byte [ref_0048c3a3] ; mov al, byte [0x48c3a3] lea edx, [eax + 0xb] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048c398] ; mov edx, dword [0x48c398] add edx, 0xc add eax, edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov byte [ref_0048c3a2], 5 ; mov byte [0x48c3a2], 5 xor eax, eax mov al, byte [ref_0048c3a3] ; mov al, byte [0x48c3a3] mov edx, dword [eax*4 + ref_004756b8] ; mov edx, dword [eax*4 + 0x4756b8] push edx call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 cmp byte [ref_0048c3a5], 0 ; cmp byte [0x48c3a5], 0 jne short loc_00432820 ; jne 0x432820 mov byte [ref_0048c3a4], 2 ; mov byte [0x48c3a4], 2 jmp short loc_00432828 ; jmp 0x432828 loc_00432820: xor cl, cl mov byte [ref_0048c3a4], cl ; mov byte [0x48c3a4], cl loc_00432828: xor eax, eax mov al, byte [ref_0048c3a4] ; mov al, byte [0x48c3a4] push eax call fcn_0044ee18 ; call 0x44ee18 add esp, 4 test eax, eax je near loc_00432871 ; je 0x432871 mov al, byte [ref_0048c3a2] ; mov al, byte [0x48c3a2] dec al cmp al, 7 ja near loc_00432871 ; ja 0x432871 and eax, 0xff jmp dword [eax*4 + ref_004325a2] ; ujmp: jmp dword [eax*4 + 0x4325a2] loc_0043285b: mov byte [ref_0048c3a2], 2 ; mov byte [0x48c3a2], 2 mov ecx, dword [ref_00475698] ; mov ecx, dword [0x475698] push ecx call fcn_0044ecb6 ; call 0x44ecb6 loc_0043286e: add esp, 4 loc_00432871: cmp byte [ref_0048c3a2], 8 ; cmp byte [0x48c3a2], 8 je near loc_004326ad ; je 0x4326ad call fcn_0044ef3b ; call 0x44ef3b test eax, eax jne short loc_00432894 ; jne 0x432894 cmp byte [ref_0048c3a0], 0 ; cmp byte [0x48c3a0], 0 je near loc_004326ad ; je 0x4326ad loc_00432894: mov ah, byte [ref_0048c3a0] ; mov ah, byte [0x48c3a0] test ah, ah je near loc_00432a85 ; je 0x432a85 mov cl, ah dec cl mov byte [ref_0048c3a0], cl ; mov byte [0x48c3a0], cl jne near loc_004326ad ; jne 0x4326ad mov dword [esp + 0x40], 0x11e mov dword [esp + 0x44], 0xdc mov dword [esp + 0x48], 0x15a mov dword [esp + 0x4c], 0xee mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ebp, dword [esp + 0x44] push ebp mov eax, dword [esp + 0x44] push eax mov eax, dword [ref_0048c398] ; mov eax, dword [0x48c398] add eax, 0x3c push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall loc_0043291a: push 0 lea eax, [esp + 0x44] push eax push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_004326ad ; jmp 0x4326ad loc_0043292e: mov byte [ref_0048c3a2], 3 ; mov byte [0x48c3a2], 3 mov edx, dword [ref_0047569c] ; mov edx, dword [0x47569c] push edx loc_0043293c: call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 loc_00432944: xor dh, dh mov byte [ref_0048c3a4], dh ; mov byte [0x48c3a4], dh jmp near loc_00432871 ; jmp 0x432871 loc_00432951: mov byte [ref_0048c3a2], 4 ; mov byte [0x48c3a2], 4 mov dword [esp + 0x40], 0x11e mov dword [esp + 0x44], 0xbc mov dword [esp + 0x48], 0x15a mov dword [esp + 0x4c], 0xdf mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov edi, dword [esp + 0x44] push edi mov ebp, dword [esp + 0x44] push ebp mov eax, dword [ref_0048c398] ; mov eax, dword [0x48c398] add eax, 0x30 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] cmp byte [ref_0048c3a5], 0 ; cmp byte [0x48c3a5], 0 je short loc_004329e3 ; je 0x4329e3 mov byte [ref_0048c3a1], 1 ; mov byte [0x48c3a1], 1 jmp near loc_00432871 ; jmp 0x432871 loc_004329e3: mov byte [ref_0048c3a1], 0xa ; mov byte [0x48c3a1], 0xa jmp near loc_00432871 ; jmp 0x432871 loc_004329ef: mov byte [ref_0048c3a2], 6 ; mov byte [0x48c3a2], 6 cmp byte [ref_0048c3a5], 0 ; cmp byte [0x48c3a5], 0 jne near loc_00432944 ; jne 0x432944 mov ebp, dword [ref_004756a0] ; mov ebp, dword [0x4756a0] push ebp jmp near loc_0043293c ; jmp 0x43293c loc_00432a0f: mov byte [ref_0048c3a2], 7 ; mov byte [0x48c3a2], 7 push 1 call fcn_00402460 ; call 0x402460 add esp, 4 lea eax, [esp + 0x50] push eax call dword [cs:__imp__GetCursorPos@4] ; ucall: call dword cs:[0x4622ec] mov eax, dword [esp + 0x54] shl eax, 0x10 add eax, dword [esp + 0x50] push eax push 0 push 0x200 push ebx call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] jmp near loc_00432871 ; jmp 0x432871 loc_00432a4c: mov ecx, dword [ref_0048c39c] ; mov ecx, dword [0x48c39c] push ecx push ebx call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] push 0x3b push 0 push 0 push 0 mov esi, dword [ref_0048c390] ; mov esi, dword [0x48c390] push esi call fcn_0045144f ; call 0x45144f add esp, 0x14 xor eax, eax mov al, byte [ref_0048c3a1] ; mov al, byte [0x48c3a1] dec eax push eax call _Post_0402_Message ; call 0x401966 jmp near loc_0043286e ; jmp 0x43286e loc_00432a85: call clib_rand ; call 0x456f2d sar eax, 0xb cmp eax, 4 jge near loc_004326ad ; jge 0x4326ad mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov dword [esp + 0x40], 0x11e mov dword [esp + 0x44], 0xd9 mov dword [esp + 0x48], 0x15a mov dword [esp + 0x4c], 0xee call clib_rand ; call 0x456f2d test al, 1 je short loc_00432b00 ; je 0x432b00 push 0x15 push 0x3c push 0x4d push 0x2d mov edi, dword [esp + 0x54] push edi mov ebp, dword [esp + 0x54] push ebp mov eax, dword [ref_0048c398] ; mov eax, dword [0x48c398] add eax, 0x18 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045643d ; call 0x45643d add esp, 0x20 jmp short loc_00432b22 ; jmp 0x432b22 loc_00432b00: mov edx, dword [esp + 0x44] push edx mov ecx, dword [esp + 0x44] push ecx mov eax, dword [ref_0048c398] ; mov eax, dword [0x48c398] add eax, 0x48 push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 loc_00432b22: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall call clib_rand ; call 0x456f2d and al, 7 mov byte [ref_0048c3a0], al ; mov byte [0x48c3a0], al jne near loc_0043291a ; jne 0x43291a mov byte [ref_0048c3a0], 1 ; mov byte [0x48c3a0], 1 jmp near loc_0043291a ; jmp 0x43291a loc_00432b50: cmp byte [ref_0048c3a2], 7 ; cmp byte [0x48c3a2], 7 jne near loc_004326ad ; jne 0x4326ad xor ecx, ecx mov cx, dx mov eax, edx shr eax, 0x10 and eax, 0xffff xor edx, edx mov dx, ax mov eax, edx shl eax, 2 add eax, edx shl eax, 7 add eax, ecx mov edx, dword [ref_0048c394] ; mov edx, dword [0x48c394] mov al, byte [edx + eax] and eax, 0xff mov dword [esp + 0x58], eax xor eax, eax mov al, byte [ref_0048c3a1] ; mov al, byte [0x48c3a1] cmp eax, dword [esp + 0x58] je near loc_004326ad ; je 0x4326ad mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov al, byte [ref_0048c3a1] ; mov al, byte [0x48c3a1] test al, al je near loc_00432ca3 ; je 0x432ca3 cmp al, 0xd je near loc_00432ca3 ; je 0x432ca3 xor eax, eax mov al, byte [ref_0048c3a1] ; mov al, byte [0x48c3a1] movsx edx, word [eax*4 + ref_004756e4] ; movsx edx, word [eax*4 + 0x4756e4] lea ecx, [edx - 0x20] mov dword [esp + 0x40], ecx movsx eax, word [eax*4 + (ref_004756e8 - 2)] ; movsx eax, word [eax*4 + 0x4756e6] lea ecx, [eax - 0x20] mov dword [esp + 0x44], ecx add edx, 0x20 mov dword [esp + 0x48], edx add eax, 0x20 mov dword [esp + 0x4c], eax push 0x40 push 0x40 push ecx mov edi, dword [esp + 0x4c] push edi push ecx push edi mov eax, dword [ref_0048c398] ; mov eax, dword [0x48c398] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0 lea eax, [esp + 0x44] push eax push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] xor edx, edx mov dl, byte [ref_0048c3a1] ; mov dl, byte [0x48c3a1] shl edx, 4 mov eax, dword [edx + ref_0047570c] ; mov eax, dword [edx + 0x47570c] sub eax, 0x48 mov dword [esp + 0x40], eax mov eax, dword [edx + ref_00475710] ; mov eax, dword [edx + 0x475710] sub eax, 0x40 mov dword [esp + 0x44], eax mov eax, dword [edx + ref_0047570c] ; mov eax, dword [edx + 0x47570c] add eax, 0x48 mov dword [esp + 0x48], eax mov eax, dword [edx + ref_00475710] ; mov eax, dword [edx + 0x475710] add eax, 0x40 mov dword [esp + 0x4c], eax mov ecx, dword [edx + ref_00475710] ; mov ecx, dword [edx + 0x475710] push ecx mov esi, dword [edx + ref_0047570c] ; mov esi, dword [edx + 0x47570c] push esi mov edi, dword [ref_0048c384] ; mov edi, dword [0x48c384] push edi mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0 lea eax, [esp + 0x44] push eax push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_00432ca3: mov al, byte [esp + 0x58] mov byte [ref_0048c3a1], al ; mov byte [0x48c3a1], al test al, al je near loc_00432e4f ; je 0x432e4f cmp al, 0xd je near loc_00432e4f ; je 0x432e4f xor ecx, ecx mov cl, al movsx edx, word [ecx*4 + ref_004756e4] ; movsx edx, word [ecx*4 + 0x4756e4] lea esi, [edx - 0x20] mov dword [esp + 0x40], esi movsx eax, word [ecx*4 + (ref_004756e8 - 2)] ; movsx eax, word [ecx*4 + 0x4756e6] lea esi, [eax - 0x20] mov dword [esp + 0x44], esi lea esi, [edx + 0x20] mov dword [esp + 0x48], esi lea esi, [eax + 0x20] mov dword [esp + 0x4c], esi push eax push edx lea edx, [ecx + 0x16] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c398] ; mov eax, dword [0x48c398] add eax, 0xc add eax, edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0 lea eax, [esp + 0x44] push eax push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] xor edx, edx mov dl, byte [ref_0048c3a1] ; mov dl, byte [0x48c3a1] shl edx, 4 mov eax, dword [edx + ref_0047570c] ; mov eax, dword [edx + 0x47570c] sub eax, 0x48 mov dword [esp + 0x40], eax mov eax, dword [edx + ref_00475710] ; mov eax, dword [edx + 0x475710] sub eax, 0x40 mov dword [esp + 0x44], eax mov eax, dword [edx + ref_0047570c] ; mov eax, dword [edx + 0x47570c] add eax, 0x48 mov dword [esp + 0x48], eax mov eax, dword [edx + ref_00475710] ; mov eax, dword [edx + 0x475710] add eax, 0x40 mov dword [esp + 0x4c], eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax push 0x80 push 0x90 mov edx, dword [esp + 0x4c] push edx mov ecx, dword [esp + 0x4c] push ecx mov esi, dword [ref_0048c384] ; mov esi, dword [0x48c384] push esi push ref_0046caec ; push 0x46caec call fcn_00451a97 ; call 0x451a97 add esp, 0x18 mov eax, dword [ref_0048c384] ; mov eax, dword [0x48c384] mov word [eax + 4], 0x48 mov eax, dword [ref_0048c384] ; mov eax, dword [0x48c384] mov word [eax + 6], 0x40 xor eax, eax mov al, byte [ref_0048c3a1] ; mov al, byte [0x48c3a1] shl eax, 4 mov edi, dword [eax + ref_00475710] ; mov edi, dword [eax + 0x475710] push edi mov ebp, dword [eax + ref_0047570c] ; mov ebp, dword [eax + 0x47570c] push ebp mov edx, dword [eax + ref_00475708] ; mov edx, dword [eax + 0x475708] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048c398] ; mov edx, dword [0x48c398] add edx, 0xc add eax, edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0 push 3 push 0x202020 push 0xe0e0e0 push 0xe call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 xor eax, eax mov al, byte [ref_0048c3a1] ; mov al, byte [0x48c3a1] shl eax, 4 mov edx, dword [eax + ref_00475710] ; mov edx, dword [eax + 0x475710] push edx mov ecx, dword [eax + ref_0047570c] ; mov ecx, dword [eax + 0x47570c] push ecx mov esi, dword [eax + ref_00475714] ; mov esi, dword [eax + 0x475714] push esi push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 lea eax, [esp + 0x44] push eax push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 push ref_004757e7 ; push 0x4757e7 call fcn_004542ce ; call 0x4542ce add esp, 8 loc_00432e4f: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall jmp near loc_004326ad ; jmp 0x4326ad loc_00432e64: cmp byte [ref_0048c3a2], 3 ; cmp byte [0x48c3a2], 3 jae near loc_004326ad ; jae 0x4326ad loc_00432e71: mov byte [ref_0048c3a5], 1 ; mov byte [0x48c3a5], 1 push 1 call fcn_0044ee18 ; call 0x44ee18 add esp, 4 loc_00432e82: mov byte [ref_0048c3a2], 3 ; mov byte [0x48c3a2], 3 jmp near loc_004326ad ; jmp 0x4326ad loc_00432e8e: mov cl, byte [ref_0048c3a2] ; mov cl, byte [0x48c3a2] cmp cl, 3 jb short loc_00432e71 ; jb 0x432e71 cmp cl, 7 jne near loc_004326ad ; jne 0x4326ad mov al, byte [ref_0048c3a1] ; mov al, byte [0x48c3a1] test al, al je near loc_00432ff7 ; je 0x432ff7 cmp al, 0xd je near loc_00432ff7 ; je 0x432ff7 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall xor edx, edx mov dl, byte [ref_0048c3a1] ; mov dl, byte [0x48c3a1] shl edx, 4 mov eax, dword [edx + ref_0047570c] ; mov eax, dword [edx + 0x47570c] sub eax, 0x48 mov dword [esp + 0x40], eax mov eax, dword [edx + ref_00475710] ; mov eax, dword [edx + 0x475710] sub eax, 0x40 mov dword [esp + 0x44], eax mov eax, dword [edx + ref_0047570c] ; mov eax, dword [edx + 0x47570c] add eax, 0x48 mov dword [esp + 0x48], eax mov eax, dword [edx + ref_00475710] ; mov eax, dword [edx + 0x475710] add eax, 0x40 mov dword [esp + 0x4c], eax mov esi, dword [edx + ref_00475710] ; mov esi, dword [edx + 0x475710] push esi mov edi, dword [edx + ref_0047570c] ; mov edi, dword [edx + 0x47570c] push edi mov ebp, dword [ref_0048c384] ; mov ebp, dword [0x48c384] push ebp mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0 lea eax, [esp + 0x44] push eax push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov edx, 0xb6 mov dword [esp + 0x40], edx mov ecx, 0x8e mov dword [esp + 0x44], ecx mov dword [esp + 0x48], 0x1d2 mov dword [esp + 0x4c], 0x160 push ecx push edx mov eax, dword [ref_0048c398] ; mov eax, dword [0x48c398] add eax, 0x24 push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x128 push 0x146 xor eax, eax mov al, byte [ref_0048c3a3] ; mov al, byte [0x48c3a3] lea edx, [eax + 0xb] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c398] ; mov eax, dword [0x48c398] add eax, 0xc add eax, edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov byte [ref_0048c3a2], 8 ; mov byte [0x48c3a2], 8 mov edx, dword [ref_004756a4] ; mov edx, dword [0x4756a4] push edx loc_00432fea: call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 jmp near loc_004326ad ; jmp 0x4326ad loc_00432ff7: cmp byte [ref_0048c3a1], 0xd ; cmp byte [0x48c3a1], 0xd jne near loc_004326ad ; jne 0x4326ad mov byte [ref_0048c3a2], 6 ; mov byte [0x48c3a2], 6 xor eax, eax mov al, byte [ref_0048c3a3] ; mov al, byte [0x48c3a3] mov ebx, dword [eax*4 + ref_004756b8] ; mov ebx, dword [eax*4 + 0x4756b8] push ebx jmp short loc_00432fea ; jmp 0x432fea loc_0043301c: mov eax, esp push eax push ebx call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0xc] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov esi, dword [esp + 0x18] push esi mov edi, dword [esp + 0x18] push edi push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push ebx call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_004326ad ; jmp 0x4326ad loc_00433074: push edx mov ebp, dword [esp + 0x7c] push ebp push eax push ebx call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_004326af ; jmp 0x4326af fcn_00433088: push ebx push esi push edi push ebp sub esp, 0x58 mov ebp, dword [esp + 0x6c] mov eax, dword [esp + 0x70] mov edx, dword [esp + 0x78] cmp eax, 0x201 jb short loc_004330e2 ; jb 0x4330e2 jbe near loc_0043364d ; jbe 0x43364d cmp eax, 0x205 jb short loc_004330d2 ; jb 0x4330d2 jbe near loc_00433763 ; jbe 0x433763 cmp eax, 0x401 jb near loc_004337f6 ; jb 0x4337f6 jbe short loc_0043310d ; jbe 0x43310d cmp eax, 0x405 je near loc_00433177 ; je 0x433177 jmp near loc_004337f6 ; jmp 0x4337f6 loc_004330d2: cmp eax, 0x203 je near loc_0043364d ; je 0x43364d jmp near loc_004337f6 ; jmp 0x4337f6 loc_004330e2: cmp eax, 0x113 jb short loc_004330ff ; jb 0x4330ff jbe near loc_00433196 ; jbe 0x433196 cmp eax, 0x200 je near loc_00433457 ; je 0x433457 jmp near loc_004337f6 ; jmp 0x4337f6 loc_004330ff: cmp eax, 0xf je near loc_0043379e ; je 0x43379e jmp near loc_004337f6 ; jmp 0x4337f6 loc_0043310d: mov byte [ref_0048c3aa], dl ; mov byte [0x48c3aa], dl xor dh, dh mov byte [ref_0048c3ab], dh ; mov byte [0x48c3ab], dh mov byte [ref_0048c3ac], dh ; mov byte [0x48c3ac], dh mov byte [ref_0048c3ad], dh ; mov byte [0x48c3ad], dh mov byte [ref_0048c3ae], dh ; mov byte [0x48c3ae], dh mov byte [ref_0048c3af], dh ; mov byte [0x48c3af], dh call fcn_00432511 ; call 0x432511 push 0 push 0x64 mov ecx, dword [_callbackSize] ; mov ecx, dword [0x46cad8] push ecx push ebp call dword [cs:__imp__SetTimer@16] ; ucall: call dword cs:[0x462324] mov dword [ref_0048c3a6], eax ; mov dword [0x48c3a6], eax push 0 push 0 push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 push 0 push 0x405 push ebp call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] loc_0043316d: xor eax, eax loc_0043316f: add esp, 0x58 jmp near loc_004326b2 ; jmp 0x4326b2 loc_00433177: mov byte [ref_0048c3ad], 1 ; mov byte [0x48c3ad], 1 mov edx, dword [ref_004756a8] ; mov edx, dword [0x4756a8] push edx call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 mov byte [ref_0048c3af], 2 ; mov byte [0x48c3af], 2 jmp short loc_0043316d ; jmp 0x43316d loc_00433196: cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je short loc_0043316d ; je 0x43316d mov eax, dword [esp + 0x74] mov ebx, dword [_callbackSize] ; mov ebx, dword [0x46cad8] cmp eax, ebx jne short loc_0043316d ; jne 0x43316d xor eax, ebx mov al, byte [ref_0048c3af] ; mov al, byte [0x48c3af] push eax call fcn_0044ee18 ; call 0x44ee18 add esp, 4 test eax, eax je near loc_004332cc ; je 0x4332cc mov al, byte [ref_0048c3ad] ; mov al, byte [0x48c3ad] cmp al, 3 jb short loc_004331dd ; jb 0x4331dd jbe short loc_00433206 ; jbe 0x433206 cmp al, 5 je near loc_0043328b ; je 0x43328b jmp near loc_004332cc ; jmp 0x4332cc loc_004331dd: cmp al, 1 jne near loc_004332cc ; jne 0x4332cc mov byte [ref_0048c3ad], 3 ; mov byte [0x48c3ad], 3 mov eax, dword [ref_004756ac] ; mov eax, dword [0x4756ac] push eax call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 xor al, al mov byte [ref_0048c3af], al ; mov byte [0x48c3af], al jmp near loc_004332cc ; jmp 0x4332cc loc_00433206: mov byte [ref_0048c3ad], 4 ; mov byte [0x48c3ad], 4 mov dword [esp + 0x40], 0xb4 mov dword [esp + 0x44], 0x12a mov dword [esp + 0x48], 0x1cc mov dword [esp + 0x4c], 0x1d7 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x180 push 0x140 mov esi, dword [ref_0048c388] ; mov esi, dword [0x48c388] push esi mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 1 call fcn_00402460 ; call 0x402460 jmp short loc_004332c9 ; jmp 0x4332c9 loc_0043328b: mov esi, dword [ref_0048c3a6] ; mov esi, dword [0x48c3a6] push esi push ebp call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] push 0x3b push 0 push 0 push 0 mov edi, dword [ref_0048c390] ; mov edi, dword [0x48c390] push edi call fcn_0045144f ; call 0x45144f add esp, 0x14 xor eax, eax mov al, byte [ref_0048c3ae] ; mov al, byte [0x48c3ae] mov al, byte [eax + ref_004757e3] ; mov al, byte [eax + 0x4757e3] and eax, 0xff push eax call _Post_0402_Message ; call 0x401966 loc_004332c9: add esp, 4 loc_004332cc: cmp byte [ref_0048c3ad], 5 ; cmp byte [0x48c3ad], 5 je near loc_0043316d ; je 0x43316d call fcn_0044ef3b ; call 0x44ef3b test eax, eax jne short loc_004332ef ; jne 0x4332ef cmp byte [ref_0048c3ab], 0 ; cmp byte [0x48c3ab], 0 je near loc_0043316d ; je 0x43316d loc_004332ef: mov dh, byte [ref_0048c3ab] ; mov dh, byte [0x48c3ab] test dh, dh je near loc_00433389 ; je 0x433389 mov cl, dh dec cl mov byte [ref_0048c3ab], cl ; mov byte [0x48c3ab], cl jne near loc_0043316d ; jne 0x43316d mov dword [esp + 0x40], 0x11e mov dword [esp + 0x44], 0xdc mov dword [esp + 0x48], 0x15a mov dword [esp + 0x4c], 0xee mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ebx, dword [esp + 0x44] push ebx mov esi, dword [esp + 0x44] push esi mov eax, dword [ref_0048c398] ; mov eax, dword [0x48c398] add eax, 0x3c push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall loc_00433375: push 0 lea eax, [esp + 0x44] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_0043316d ; jmp 0x43316d loc_00433389: call clib_rand ; call 0x456f2d mov edi, eax sar edi, 0xb cmp edi, 4 jge near loc_0043316d ; jge 0x43316d mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov dword [esp + 0x40], 0x11e mov dword [esp + 0x44], 0xd9 mov dword [esp + 0x48], 0x15a mov dword [esp + 0x4c], 0xee call clib_rand ; call 0x456f2d test al, 1 je short loc_00433407 ; je 0x433407 push 0x15 push 0x3c push 0x4d push 0x2d mov ecx, dword [esp + 0x54] push ecx mov ebx, dword [esp + 0x54] push ebx mov eax, dword [ref_0048c398] ; mov eax, dword [0x48c398] add eax, 0x18 push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_0045643d ; call 0x45643d add esp, 0x20 jmp short loc_00433429 ; jmp 0x433429 loc_00433407: mov edi, dword [esp + 0x44] push edi mov eax, dword [esp + 0x44] push eax mov eax, dword [ref_0048c398] ; mov eax, dword [0x48c398] add eax, 0x48 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 loc_00433429: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall call clib_rand ; call 0x456f2d and al, 7 mov byte [ref_0048c3ab], al ; mov byte [0x48c3ab], al jne near loc_00433375 ; jne 0x433375 mov byte [ref_0048c3ab], 1 ; mov byte [0x48c3ab], 1 jmp near loc_00433375 ; jmp 0x433375 loc_00433457: cmp byte [ref_0048c3ad], 4 ; cmp byte [0x48c3ad], 4 jne near loc_0043316d ; jne 0x43316d xor edi, edi mov di, dx mov eax, edx shr eax, 0x10 and eax, 0xffff and eax, 0xffff mov dword [esp + 0x50], eax mov dword [esp + 0x40], 0xb4 mov dword [esp + 0x44], 0x12a mov dword [esp + 0x48], 0x1cc mov dword [esp + 0x4c], 0x1d7 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax xor ebx, ebx mov dword [esp + 0x54], ebx loc_004334c2: xor eax, eax mov al, byte [ref_0048c3aa] ; mov al, byte [0x48c3aa] lea edx, [eax + 2] cmp ebx, edx jge near loc_004335f2 ; jge 0x4335f2 mov ecx, dword [esp + 0x50] cmp ecx, 0x15c jl near loc_004335ec ; jl 0x4335ec cmp ecx, 0x1a4 jg near loc_004335ec ; jg 0x4335ec mov edx, eax shl eax, 2 sub eax, edx lea edx, [ebx + ebx] movsx eax, word [edx + eax*2 + ref_004757d8] ; movsx eax, word [edx + eax*2 + 0x4757d8] cmp edi, eax jl near loc_004335ec ; jl 0x4335ec add eax, 0x48 cmp edi, eax jg near loc_004335ec ; jg 0x4335ec mov dword [esp + 0x54], 1 xor eax, eax mov al, byte [ref_0048c3ae] ; mov al, byte [0x48c3ae] lea edx, [ebx + 1] cmp eax, edx je near loc_004335ec ; je 0x4335ec push 0 push ref_0048231a ; push 0x48231a call fcn_004542ce ; call 0x4542ce add esp, 8 cmp byte [ref_0048c3ae], 0 ; cmp byte [0x48c3ae], 0 je short loc_00433567 ; je 0x433567 push 0x180 push 0x140 mov edx, dword [ref_0048c388] ; mov edx, dword [0x48c388] push edx mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 loc_00433567: push 0xffff00 push 0x4c push 0x4c push 0x15a xor edx, edx mov dl, byte [ref_0048c3aa] ; mov dl, byte [0x48c3aa] mov eax, edx shl eax, 2 sub eax, edx lea esi, [ebx + ebx] movsx eax, word [esi + eax*2 + ref_004757d8] ; movsx eax, word [esi + eax*2 + 0x4757d8] sub eax, 2 push eax push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 push 0xffff00 push 0x4a push 0x4a push 0x15b xor edx, edx mov dl, byte [ref_0048c3aa] ; mov dl, byte [0x48c3aa] mov eax, edx shl eax, 2 sub eax, edx movsx eax, word [esi + eax*2 + ref_004757d8] ; movsx eax, word [esi + eax*2 + 0x4757d8] dec eax push eax push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 mov al, bl inc al mov byte [ref_0048c3ae], al ; mov byte [0x48c3ae], al push 0 lea eax, [esp + 0x44] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_004335ec: inc ebx jmp near loc_004334c2 ; jmp 0x4334c2 loc_004335f2: mov edi, dword [esp + 0x54] test edi, edi jne short loc_00433638 ; jne 0x433638 cmp byte [ref_0048c3ae], 0 ; cmp byte [0x48c3ae], 0 je short loc_00433638 ; je 0x433638 push 0x180 push 0x140 mov eax, dword [ref_0048c388] ; mov eax, dword [0x48c388] push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 xor ah, ah mov byte [ref_0048c3ae], ah ; mov byte [0x48c3ae], ah push edi lea eax, [esp + 0x44] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_00433638: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall jmp near loc_0043316d ; jmp 0x43316d loc_0043364d: cmp byte [ref_0048c3ad], 4 ; cmp byte [0x48c3ad], 4 jne near loc_0043316d ; jne 0x43316d cmp byte [ref_0048c3ae], 0 ; cmp byte [0x48c3ae], 0 je near loc_0043316d ; je 0x43316d push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov esi, 0xb4 mov dword [esp + 0x40], esi mov edi, 0x12a mov dword [esp + 0x44], edi mov dword [esp + 0x48], 0x1cc mov dword [esp + 0x4c], 0x1d7 push 0xad push 0x118 push edi push esi push edi push esi mov eax, dword [ref_0048c398] ; mov eax, dword [0x48c398] add eax, 0xc push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0 lea eax, [esp + 0x44] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov ebx, 0xb6 mov dword [esp + 0x40], ebx mov esi, 0x8e mov dword [esp + 0x44], esi mov dword [esp + 0x48], 0x1d2 mov dword [esp + 0x4c], 0x160 push esi push ebx mov eax, dword [ref_0048c398] ; mov eax, dword [0x48c398] add eax, 0x24 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov byte [ref_0048c3ad], 5 ; mov byte [0x48c3ad], 5 mov ecx, dword [ref_004756a4] ; mov ecx, dword [0x4756a4] push ecx call fcn_0044ecb6 ; call 0x44ecb6 loc_0043375b: add esp, 4 jmp near loc_0043316d ; jmp 0x43316d loc_00433763: push 0 push ref_00482332 ; push 0x482332 call fcn_004542ce ; call 0x4542ce add esp, 8 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 1 call fcn_0044ee18 ; call 0x44ee18 add esp, 4 mov ebx, dword [ref_0048c3a6] ; mov ebx, dword [0x48c3a6] push ebx push ebp call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] push 0 call _Post_0402_Message ; call 0x401966 jmp short loc_0043375b ; jmp 0x43375b loc_0043379e: mov eax, esp push eax push ebp call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ebx, [esp + 0xc] push ebx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [esp + 0x18] push ebx mov esi, dword [esp + 0x18] push esi push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push ebp call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_0043316d ; jmp 0x43316d loc_004337f6: push edx mov edx, dword [esp + 0x78] push edx push eax push ebp call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_0043316f ; jmp 0x43316f fcn_0043380a: push ebx push esi push edi push ebp sub esp, 0x80 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne near loc_0043390b ; jne 0x43390b push ref_004757e7 ; push 0x4757e7 call fcn_00454176 ; call 0x454176 add esp, 4 push 0 push 0 push 0x12 mov ecx, dword [ref_0048a05c] ; mov ecx, dword [0x48a05c] push ecx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c398], eax ; mov dword [0x48c398], eax push 0 push 0 push 0x13 mov ebx, dword [ref_0048a05c] ; mov ebx, dword [0x48a05c] push ebx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c394], eax ; mov dword [0x48c394], eax push 0 push 0 push 0x14 mov esi, dword [ref_0048a05c] ; mov esi, dword [0x48a05c] push esi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c390], eax ; mov dword [0x48c390], eax push 0 push 0 push 0x80 push 0x90 call fcn_00451a5a ; call 0x451a5a add esp, 0x10 mov dword [ref_0048c384], eax ; mov dword [0x48c384], eax push 7 call fcn_004549cf ; call 0x4549cf add esp, 4 push 0 push fcn_004325c2 ; push 0x4325c2 call _Wait_0402_Message ; call 0x4018e7 add esp, 8 mov esi, eax call fcn_00454bcc ; call 0x454bcc push ref_004757e7 ; push 0x4757e7 call fcn_00454240 ; call 0x454240 add esp, 4 mov edi, dword [ref_0048c398] ; mov edi, dword [0x48c398] push edi call clib_free ; call 0x456e11 add esp, 4 mov ebp, dword [ref_0048c394] ; mov ebp, dword [0x48c394] push ebp call clib_free ; call 0x456e11 add esp, 4 mov eax, dword [ref_0048c390] ; mov eax, dword [0x48c390] push eax call clib_free ; call 0x456e11 add esp, 4 mov edx, dword [ref_0048c384] ; mov edx, dword [0x48c384] push edx call clib_free ; call 0x456e11 add esp, 4 jmp near loc_004339c5 ; jmp 0x4339c5 loc_0043390b: mov esi, 0xffffffff loc_00433910: call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 0xc sar edx, 0x1f idiv ecx mov bl, dl xor eax, eax mov al, dl push eax call fcn_00431842 ; call 0x431842 add esp, 4 test eax, eax je short loc_00433910 ; je 0x433910 xor eax, eax mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] jmp short loc_00433944 ; jmp 0x433944 loc_0043393e: inc eax cmp eax, 4 jge short loc_00433961 ; jge 0x433961 loc_00433944: cmp byte [eax + ref_0048c380], 0 ; cmp byte [eax + 0x48c380], 0 je short loc_00433961 ; je 0x433961 xor edx, edx mov dl, byte [eax + ref_0048c380] ; mov dl, byte [eax + 0x48c380] dec edx cmp edx, ecx jne short loc_0043393e ; jne 0x43393e mov esi, 6 jmp short loc_0043393e ; jmp 0x43393e loc_00433961: cmp esi, 0xffffffff jne short loc_00433981 ; jne 0x433981 call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 0xb sar edx, 0x1f idiv ecx mov esi, edx cmp edx, 6 jne short loc_00433981 ; jne 0x433981 lea esi, [edx + 1] loc_00433981: xor eax, eax mov al, bl mov eax, dword [eax*4 + ref_004756b8] ; mov eax, dword [eax*4 + 0x4756b8] cmp byte [eax], 0x23 jne short loc_00433994 ; jne 0x433994 add eax, 5 loc_00433994: mov edx, esi shl edx, 4 mov ebx, dword [edx + ref_00475724] ; mov ebx, dword [edx + 0x475724] push ebx push eax push ref_00464842 ; push 0x464842 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 loc_004339c5: push esi call fcn_00431caa ; call 0x431caa add esp, 4 add esp, 0x80 pop ebp pop edi pop esi pop ebx ret fcn_004339d9: push ebx push esi push edi push ebp xor ebx, ebx xor edi, edi mov ebp, dword [esp + 0x14] loc_004339e5: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_00433a01 ; jge 0x433a01 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_004339fe ; je 0x4339fe cmp ebx, ebp je short loc_004339fe ; je 0x4339fe inc edi loc_004339fe: inc ebx jmp short loc_004339e5 ; jmp 0x4339e5 loc_00433a01: cmp edi, 1 jg short loc_00433a0d ; jg 0x433a0d xor eax, eax pop ebp pop edi pop esi pop ebx ret loc_00433a0d: push 0 push 0 push 0x12 mov ecx, dword [ref_0048a05c] ; mov ecx, dword [0x48a05c] push ecx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c398], eax ; mov dword [0x48c398], eax push 0 push 0 push 0x14 mov ebx, dword [ref_0048a05c] ; mov ebx, dword [0x48a05c] push ebx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c390], eax ; mov dword [0x48c390], eax push 0 push 0 push 2 mov esi, dword [ref_0048a0e4] ; mov esi, dword [0x48a0e4] push esi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c38c], eax ; mov dword [0x48c38c], eax mov eax, dword [ref_0048c398] ; mov eax, dword [0x48c398] movsx edx, word [eax + 0x72] push edx movsx edx, word [eax + 0x70] push edx movsx edx, word [eax + 0x6e] push edx movsx eax, word [eax + 0x6c] push eax call fcn_00451a5a ; call 0x451a5a mov edx, eax add esp, 0x10 mov dword [ref_0048c388], eax ; mov dword [0x48c388], eax mov eax, dword [ref_0048c398] ; mov eax, dword [0x48c398] movsx ecx, word [eax + 0x72] push ecx movsx ecx, word [eax + 0x70] push ecx add eax, 0x6c push eax push edx call fcn_00456280 ; call 0x456280 add esp, 0x10 xor ebx, ebx xor esi, esi lea ebp, [edi - 2] loc_00433aa6: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_00433b1c ; jge 0x433b1c imul edx, ebx, 0x68 cmp byte [edx + (_players+21)], 0 ; cmp byte [edx + 0x496b7d], 0 je short loc_00433b19 ; je 0x433b19 cmp ebx, dword [esp + 0x14] je short loc_00433b19 ; je 0x433b19 mov al, bl inc al mov byte [esi + ref_004757e4], al ; mov byte [esi + 0x4757e4], al push 0x32 mov eax, ebp shl eax, 2 sub eax, ebp lea ecx, [eax + eax] mov eax, esi movsx eax, word [ecx + eax*2 + ref_004757d8] ; movsx eax, word [ecx + eax*2 + 0x4757d8] sub eax, 0xb4 push eax mov dl, byte [edx + (_players+19)] ; mov dl, byte [edx + 0x496b7b] and edx, 0xff mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c38c] ; mov eax, dword [0x48c38c] add eax, 0xc add eax, edx push eax mov edx, dword [ref_0048c388] ; mov edx, dword [0x48c388] push edx call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 inc esi loc_00433b19: inc ebx jmp short loc_00433aa6 ; jmp 0x433aa6 loc_00433b1c: push 7 call fcn_004549cf ; call 0x4549cf add esp, 4 push ebp push fcn_00433088 ; push 0x433088 call _Wait_0402_Message ; call 0x4018e7 mov ebx, eax add esp, 8 call fcn_00454bcc ; call 0x454bcc mov edx, dword [ref_0048c398] ; mov edx, dword [0x48c398] push edx call clib_free ; call 0x456e11 add esp, 4 mov ecx, dword [ref_0048c390] ; mov ecx, dword [0x48c390] push ecx call clib_free ; call 0x456e11 add esp, 4 mov esi, dword [ref_0048c38c] ; mov esi, dword [0x48c38c] push esi call clib_free ; call 0x456e11 add esp, 4 mov edi, dword [ref_0048c388] ; mov edi, dword [0x48c388] push edi call clib_free ; call 0x456e11 add esp, 4 mov eax, ebx pop ebp pop edi pop esi pop ebx ret fcn_00433b7e: push ebx push esi push edi mov esi, dword [esp + 0x10] imul ebx, esi, 0x68 cmp dword [ebx + (_players+44)], 0 ; cmp dword [ebx + 0x496b94], 0 jne short loc_00433bd4 ; jne 0x433bd4 push 0x5a mov ecx, dword [ref_00497160] ; mov ecx, dword [0x497160] push ecx call fcn_0045218f ; call 0x45218f add esp, 8 mov dword [ebx + (_players+44)], eax ; mov dword [ebx + 0x496b94], eax imul ebx, esi, 0x68 loc_00433bab: mov edi, dword [ebx + (_players+44)] ; mov edi, dword [ebx + 0x496b94] push edi call fcn_004523d5 ; call 0x4523d5 add esp, 4 cmp eax, 1 jne short loc_00433bd4 ; jne 0x433bd4 mov eax, (_players+0) ; mov eax, 0x496b68 add eax, ebx add eax, 0x2c push eax call fcn_00452117 ; call 0x452117 add esp, 4 jmp short loc_00433bab ; jmp 0x433bab loc_00433bd4: pop edi pop esi pop ebx ret fcn_00433bd8: push edi imul eax, dword [esp + 8], 0x68 mov edx, dword [esp + 0xc] mov ecx, dword [eax + (_players+32)] ; mov ecx, dword [eax + 0x496b88] sub ecx, edx mov dword [eax + (_players+32)], ecx ; mov dword [eax + 0x496b88], ecx test ecx, ecx jge short loc_00433c1e ; jge 0x433c1e add dword [eax + (_players+28)], ecx ; add dword [eax + 0x496b84], ecx xor edi, edi mov dword [eax + (_players+32)], edi ; mov dword [eax + 0x496b88], edi cmp dword [eax + (_players+28)], 0 ; cmp dword [eax + 0x496b84], 0 jge short loc_00433c1e ; jge 0x433c1e mov dword [eax + (_players+28)], edi ; mov dword [eax + 0x496b84], edi mov ecx, dword [esp + 8] push ecx call fcn_0040cd87 ; call 0x40cd87 add esp, 4 loc_00433c1e: pop edi ret fcn_00433c20: push ebx push edi push ebp sub esp, 0x1c push 0 push 2 push 0 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov byte [esp + 0x10], 0x24 xor dl, dl mov byte [esp + 0x11], dl mov dword [esp], 0x16 mov dword [esp + 4], 0xa1 mov dword [esp + 8], 0x87 mov dword [esp + 0xc], 0x116 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x75 push 0x71 mov edi, dword [esp + 0xc] push edi mov ebp, dword [esp + 0xc] push ebp push edi push ebp mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0x24 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_0045643d ; call 0x45643d add esp, 0x20 mov ebx, dword [esp + 0x2c] push ebx lea eax, [esp + 0x15] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 1 push 0xa3 push 0x80 lea eax, [esp + 0x1c] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov edi, dword [eax + (_players+40)] ; mov edi, dword [eax + 0x496b90] push edi lea eax, [esp + 0x15] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 1 push 0xd3 push 0x80 lea eax, [esp + 0x1c] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ecx, dword [eax + (_players+40)] ; mov ecx, dword [eax + 0x496b90] mov eax, ebx sub eax, ecx push eax lea eax, [esp + 0x15] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 1 push 0x103 push 0x80 lea eax, [esp + 0x1c] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov ebx, dword [esp + 0x30] test ebx, ebx je short loc_00433d67 ; je 0x433d67 push 0 lea eax, [esp + 4] push eax push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_00433d67: add esp, 0x1c pop ebp pop edi pop ebx ret fcn_00433d6e: push ebx push esi push edi push ebp sub esp, 0x80 push 0 push 0 mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0xc0 push eax mov edx, dword [ref_0048c3b8] ; mov edx, dword [0x48c3b8] push edx call fcn_00456280 ; call 0x456280 add esp, 0x10 push 0x28 push 0x2a imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0xc push eax mov ebx, dword [ref_0048c3b8] ; mov ebx, dword [0x48c3b8] push ebx call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 push 0 push 4 push 0x101010 push 0xffffff push 0xc call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 0 push 0x50 push 0xa push ref_00464a5a ; push 0x464a5a mov esi, dword [ref_0048c3b8] ; mov esi, dword [0x48c3b8] push esi call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 0x91 push 0xa push ref_00464a61 ; push 0x464a61 mov edi, dword [ref_0048c3b8] ; mov edi, dword [0x48c3b8] push edi call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 0xd0 push 0xa push ref_00464a68 ; push 0x464a68 mov ebp, dword [ref_0048c3b8] ; mov ebp, dword [0x48c3b8] push ebp call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 6 push 0x101010 push 0xffffff push 0x16 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 0 push 0x1c push 0x52 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ecx, dword [eax + (_players+0)] ; mov ecx, dword [eax + 0x496b68] push ecx mov ebx, dword [ref_0048c3b8] ; mov ebx, dword [0x48c3b8] push ebx call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov byte [esp], 0x24 xor dl, dl mov byte [esp + 1], dl imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov edi, dword [eax + (_players+28)] ; mov edi, dword [eax + 0x496b84] push edi lea eax, [esp + 5] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 1 push 0x64 push 0xb4 lea eax, [esp + 0xc] push eax mov ebp, dword [ref_0048c3b8] ; mov ebp, dword [0x48c3b8] push ebp call fcn_0044fabc ; call 0x44fabc add esp, 0x14 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ecx, dword [eax + (_players+32)] ; mov ecx, dword [eax + 0x496b88] push ecx lea eax, [esp + 5] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 1 push 0xa4 push 0xb4 lea eax, [esp + 0xc] push eax mov ebx, dword [ref_0048c3b8] ; mov ebx, dword [0x48c3b8] push ebx call fcn_0044fabc ; call 0x44fabc add esp, 0x14 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov edi, dword [eax + (_players+36)] ; mov edi, dword [eax + 0x496b8c] push edi lea eax, [esp + 5] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 1 push 0xe4 push 0xb4 lea eax, [esp + 0xc] push eax mov ebp, dword [ref_0048c3b8] ; mov ebp, dword [0x48c3b8] push ebp call fcn_0044fabc ; call 0x44fabc add esp, 0x14 add esp, 0x80 pop ebp pop edi pop esi pop ebx ret fcn_00433f24: push ebx push esi push edi push ebp sub esp, 0x88 mov edx, dword [ref_00497160] ; mov edx, dword [0x497160] push edx call fcn_004521f0 ; call 0x4521f0 add esp, 4 cmp eax, 0xffffffff jne short loc_00433f81 ; jne 0x433f81 mov eax, dword [ref_00497160] ; mov eax, dword [0x497160] shr eax, 8 and eax, 0xff dec eax push 0 push 0 xor edx, edx mov dl, byte [eax + ref_00475218] ; mov dl, byte [eax + 0x475218] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c3bc] ; mov eax, dword [0x48c3bc] add eax, 0xc add eax, edx push eax mov esi, dword [ref_0048c3b4] ; mov esi, dword [0x48c3b4] push esi call fcn_00456280 ; call 0x456280 jmp short loc_00433fbd ; jmp 0x433fbd loc_00433f81: push 0 mov edx, dword [ref_0048c3b4] ; mov edx, dword [0x48c3b4] mov ecx, dword [edx + 8] push ecx movsx edx, word [ref_004991b6] ; movsx edx, word [0x4991b6] shl edx, 2 movsx ecx, word [ref_004991b8] ; movsx ecx, word [0x4991b8] add edx, ecx mov dx, word [edx*2 + ref_00475208] ; mov dx, word [edx*2 + 0x475208] and edx, 0xffff add eax, edx push eax mov ebx, dword [ref_0048a0e4] ; mov ebx, dword [0x48a0e4] push ebx call fcn_00450441 ; call 0x450441 loc_00433fbd: add esp, 0x10 push 1 push 6 push 0xffffff push 0x101010 push 0x3c call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 0xa lea eax, [esp + 4] push eax mov eax, dword [ref_00497160] ; mov eax, dword [0x497160] and eax, 0xff push eax call fcn_00457d61 ; call 0x457d61 add esp, 0xc push 2 push 0x60 push 0x3c lea eax, [esp + 0xc] push eax mov edi, dword [ref_0048c3b4] ; mov edi, dword [0x48c3b4] push edi call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 1 push 6 push 0xffffff push 0x101010 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 lea eax, [esp + 0x80] push eax lea eax, [esp + 0x88] push eax mov ebp, dword [ref_00497160] ; mov ebp, dword [0x497160] push ebp call fcn_004520a6 ; call 0x4520a6 add esp, 0xc push 3 push 0x48 push 0xe mov eax, dword [esp + 0x90] mov edx, dword [eax*4 + ref_0047511c] ; mov edx, dword [eax*4 + 0x47511c] push edx mov ecx, dword [ref_0048c3b4] ; mov ecx, dword [0x48c3b4] push ecx call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 1 push 6 push 0xffffff push 0x101010 push 0x18 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 0xa lea eax, [esp + 4] push eax mov eax, dword [ref_00497160] ; mov eax, dword [0x497160] shr eax, 0x10 push eax call fcn_00457d61 ; call 0x457d61 add esp, 0xc push 0 push 8 push 0x8c lea eax, [esp + 0xc] push eax mov ebx, dword [ref_0048c3b4] ; mov ebx, dword [0x48c3b4] push ebx call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 1 push 6 push 0xffffff push 0x101010 push 0x1c call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov eax, dword [ref_00497160] ; mov eax, dword [0x497160] shr eax, 8 and eax, 0xff push eax push ref_00464a6f ; push 0x464a6f lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 2 push 0x30 push 0x3c lea eax, [esp + 0xc] push eax mov esi, dword [ref_0048c3b4] ; mov esi, dword [0x48c3b4] push esi call fcn_0044fabc ; call 0x44fabc add esp, 0x14 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp dword [eax + (_players+44)], 0 ; cmp dword [eax + 0x496b94], 0 je short loc_0043417b ; je 0x43417b push 1 push 6 push 0xffffff push 0x101010 push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ecx, dword [eax + (_players+44)] ; mov ecx, dword [eax + 0x496b94] push ecx mov ebx, dword [ref_00497160] ; mov ebx, dword [0x497160] push ebx call fcn_004521aa ; call 0x4521aa add esp, 8 push eax push ref_00464a74 ; push 0x464a74 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 5 push 0xb0 push 0x14 lea eax, [esp + 0xc] push eax mov esi, dword [ref_0048c3b4] ; mov esi, dword [0x48c3b4] push esi call fcn_0044fabc ; call 0x44fabc add esp, 0x14 loc_0043417b: add esp, 0x88 pop ebp pop edi pop esi pop ebx ret fcn_00434186: push esi push 1 push 2 push 0 push 0x101010 push 0x1a call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0x159 push 0x159 push ref_00464a81 ; push 0x464a81 mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x159 push 0x212 push ref_00464a8a ; push 0x464a8a mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+60)], 0 ; cmp byte [eax + 0x496ba4], 0 je short loc_00434212 ; je 0x434212 push 0x159 push 0x159 mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] lea edx, [eax + 0x120] push edx add eax, 0xc push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 loc_00434212: cmp dword [esp + 8], 0 jne short loc_0043423d ; jne 0x43423d push 0xf0 push 0x140 mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] lea edx, [eax + 0x18] push edx add eax, 0xc push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 jmp near loc_00434403 ; jmp 0x434403 loc_0043423d: push 2 push 0x1ab push 0x1bb push ref_00464a93 ; push 0x464a93 mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0x24 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x7d push 0xa mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] lea edx, [eax + 0xfc] push edx add eax, 0x24 push eax call fcn_00456280 ; call 0x456280 add esp, 0x10 push 0x131 push 0xb mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] lea edx, [eax + 0xcc] push edx add eax, 0x24 push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 push 0x16a push 0xb mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] lea edx, [eax + 0xcc] push edx add eax, 0x24 push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 push 0x1a3 push 0xb mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] lea edx, [eax + 0xe4] push edx add eax, 0x24 push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 push 0 push 2 push 0 push 0xf0f0f0 push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0x144 push 0x43 push ref_00464a9c ; push 0x464a9c mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0x24 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+60)], 0 ; cmp byte [eax + 0x496ba4], 0 je short loc_0043433b ; je 0x43433b push 0x144 push 0x43 mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] lea edx, [eax + 0x120] push edx add eax, 0x24 push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 loc_0043433b: push 2 push 0x17e push 0x43 push ref_00464aa5 ; push 0x464aa5 mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0x24 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 2 push 0 push 0x202020 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0x93 push 0x4e push ref_00464aae ; push 0x464aae mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0x24 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0xc3 push 0x4e push ref_00464abb ; push 0x464abb mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0x24 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0xf3 push 0x4e push ref_00464ac8 ; push 0x464ac8 mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0x24 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 1 push 2 push 0 push 0x808080 push 0xe call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0xf5 push 0x1ec push ref_00464a93 ; push 0x464a93 mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 loc_00434403: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0 push 0 mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0xc push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push 0x101010 push 0 push 0x14 push 0x50 push 0xf0 mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0x108 push eax call fcn_0044ec30 ; call 0x44ec30 add esp, 0x1c call fcn_00433d6e ; call 0x433d6e call fcn_00433f24 ; call 0x433f24 pop esi ret ref_00434476: ; may contain a jump table dd loc_00434791 dd loc_004347a2 dd loc_004347cb dd loc_004347a2 dd loc_00434871 dd loc_004347a2 dd loc_0043490f fcn_00434492: push ebx push esi push edi push ebp sub esp, 0x54 mov edi, dword [esp + 0x68] mov eax, dword [esp + 0x6c] mov ebx, dword [esp + 0x74] cmp eax, 0x203 jb short loc_00434509 ; jb 0x434509 jbe near loc_00434b5f ; jbe 0x434b5f cmp eax, 0x405 jb short loc_004344ec ; jb 0x4344ec jbe near loc_0043464d ; jbe 0x43464d cmp eax, 0x409 jb near loc_0043503b ; jb 0x43503b imul edx, dword [_current_player], 0x68 ; imul edx, dword [0x49910c], 0x68 cmp eax, 0x409 jbe near loc_00434665 ; jbe 0x434665 cmp eax, 0x40a je near loc_004346bb ; je 0x4346bb jmp near loc_0043503b ; jmp 0x43503b loc_004344ec: cmp eax, 0x205 jb near loc_0043503b ; jb 0x43503b jbe near loc_00434fae ; jbe 0x434fae cmp eax, 0x401 je short loc_0043453a ; je 0x43453a jmp near loc_0043503b ; jmp 0x43503b loc_00434509: cmp eax, 0x113 jb short loc_0043452c ; jb 0x43452c jbe near loc_0043473a ; jbe 0x43473a cmp eax, 0x201 jb near loc_0043503b ; jb 0x43503b jbe near loc_00434b5f ; jbe 0x434b5f jmp near loc_00434da1 ; jmp 0x434da1 loc_0043452c: cmp eax, 0xf je near loc_00434fdd ; je 0x434fdd jmp near loc_0043503b ; jmp 0x43503b loc_0043453a: xor ah, ah mov byte [ref_0048c3cc], ah ; mov byte [0x48c3cc], ah mov byte [ref_0048c3cd], ah ; mov byte [0x48c3cd], ah mov byte [ref_0048c3ce], ah ; mov byte [0x48c3ce], ah mov byte [ref_0048c3cf], ah ; mov byte [0x48c3cf], ah mov byte [ref_0048c3d0], ah ; mov byte [0x48c3d0], ah push 0 push 0x64 mov eax, dword [_callbackSize] ; mov eax, dword [0x46cad8] push eax push edi call dword [cs:__imp__SetTimer@16] ; ucall: call dword cs:[0x462324] mov dword [ref_0048c3c4], eax ; mov dword [0x48c3c4], eax xor edx, edx mov dword [esp + 0x50], edx mov dword [ref_0048c3c8], edx ; mov dword [0x48c3c8], edx mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] jmp short loc_00434593 ; jmp 0x434593 loc_00434585: mov eax, dword [esp + 0x50] inc eax mov dword [esp + 0x50], eax cmp eax, 4 jge short loc_004345ac ; jge 0x4345ac loc_00434593: mov eax, dword [esp + 0x50] cmp eax, ebx je short loc_00434585 ; je 0x434585 imul eax, eax, 0x68 mov eax, dword [eax + (_players+32)] ; mov eax, dword [eax + 0x496b88] add dword [ref_0048c3c8], eax ; add dword [0x48c3c8], eax jmp short loc_00434585 ; jmp 0x434585 loc_004345ac: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0 push 0 mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0x24 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 mov ebx, dword [ref_0048c3c8] ; mov ebx, dword [0x48c3c8] push ebx call fcn_00433c20 ; call 0x433c20 add esp, 8 push 0 push 0x101010 push 0xfffffffffffffff6 push 0 push 0x32 push 0xd6 mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0x114 push eax call fcn_0044ec30 ; call 0x44ec30 add esp, 0x1c push 0 push 0 push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 push 0 push 0x405 push edi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] loc_00434641: xor eax, eax loc_00434643: add esp, 0x54 loc_00434646: pop ebp pop edi pop esi pop ebx ret 0x10 loc_0043464d: mov byte [ref_0048c3cc], 1 ; mov byte [0x48c3cc], 1 mov ebp, dword [ref_0047585c] ; mov ebp, dword [0x47585c] push ebp loc_0043465b: call fcn_0044ecb6 ; call 0x44ecb6 loc_00434660: add esp, 4 jmp short loc_00434641 ; jmp 0x434641 loc_00434665: mov eax, dword [ref_0048c3c8] ; mov eax, dword [0x48c3c8] sub eax, dword [edx + (_players+40)] ; sub eax, dword [edx + 0x496b90] push eax call fcn_00453544 ; call 0x453544 mov edx, eax add esp, 4 test eax, eax je short loc_004346b2 ; je 0x4346b2 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 add dword [eax + (_players+32)], edx ; add dword [eax + 0x496b88], edx add dword [eax + (_players+40)], edx ; add dword [eax + 0x496b90], edx push edi mov edi, dword [ref_0048c3c8] ; mov edi, dword [0x48c3c8] push edi loc_0043469a: call fcn_00433c20 ; call 0x433c20 add esp, 8 mov byte [ref_0048c3cc], 7 ; mov byte [0x48c3cc], 7 mov byte [ref_0048c3d0], 1 ; mov byte [0x48c3d0], 1 jmp short loc_00434641 ; jmp 0x434641 loc_004346b2: mov byte [ref_0048c3cc], 2 ; mov byte [0x48c3cc], 2 jmp short loc_00434641 ; jmp 0x434641 loc_004346bb: mov ebx, dword [edx + (_players+40)] ; mov ebx, dword [edx + 0x496b90] push ebx call fcn_00453544 ; call 0x453544 mov edx, eax add esp, 4 mov dword [esp + 0x50], eax test eax, eax je short loc_004346b2 ; je 0x4346b2 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ebx, dword [eax + (_players+28)] ; mov ebx, dword [eax + 0x496b84] mov ebp, dword [eax + (_players+32)] ; mov ebp, dword [eax + 0x496b88] add ebx, ebp cmp edx, ebx jle short loc_00434700 ; jle 0x434700 mov byte [ref_0048c3cc], 5 ; mov byte [0x48c3cc], 5 mov esi, dword [ref_0047586c] ; mov esi, dword [0x47586c] push esi jmp near loc_0043465b ; jmp 0x43465b loc_00434700: mov ecx, ebp sub ecx, edx mov dword [eax + (_players+32)], ecx ; mov dword [eax + 0x496b88], ecx test ecx, ecx jge short loc_0043471c ; jge 0x43471c add dword [eax + (_players+28)], ecx ; add dword [eax + 0x496b84], ecx xor ebp, ebp mov dword [eax + (_players+32)], ebp ; mov dword [eax + 0x496b88], ebp loc_0043471c: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov edx, dword [esp + 0x50] sub dword [eax + (_players+40)], edx ; sub dword [eax + 0x496b90], edx push edi mov ebx, dword [ref_0048c3c8] ; mov ebx, dword [0x48c3c8] push ebx jmp near loc_0043469a ; jmp 0x43469a loc_0043473a: cmp byte [ref_0048c3cc], 0 ; cmp byte [0x48c3cc], 0 je near loc_00434641 ; je 0x434641 cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je near loc_00434641 ; je 0x434641 mov eax, dword [esp + 0x70] cmp eax, dword [_callbackSize] ; cmp eax, dword [0x46cad8] jne near loc_00434641 ; jne 0x434641 push 0 call fcn_0044ee18 ; call 0x44ee18 add esp, 4 test eax, eax je near loc_004347a2 ; je 0x4347a2 mov al, byte [ref_0048c3cc] ; mov al, byte [0x48c3cc] dec al cmp al, 6 ja near loc_004347a2 ; ja 0x4347a2 and eax, 0xff jmp dword [eax*4 + ref_00434476] ; ujmp: jmp dword [eax*4 + 0x434476] loc_00434791: mov byte [ref_0048c3cc], 2 ; mov byte [0x48c3cc], 2 push 1 call fcn_00402460 ; call 0x402460 loc_0043479f: add esp, 4 loc_004347a2: cmp byte [ref_0048c3cc], 4 ; cmp byte [0x48c3cc], 4 je near loc_00434641 ; je 0x434641 mov al, byte [ref_0048c3ce] ; mov al, byte [0x48c3ce] and al, 0xf test al, al jbe near loc_0043493a ; jbe 0x43493a cmp al, 1 je near loc_00434958 ; je 0x434958 jmp near loc_00434a46 ; jmp 0x434a46 loc_004347cb: mov byte [ref_0048c3cc], 4 ; mov byte [0x48c3cc], 4 mov dword [esp + 0x40], 0x1f0 mov dword [esp + 0x44], 0xa2 mov dword [esp + 0x48], 0x236 mov dword [esp + 0x4c], 0xde mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 push 1 mov edx, ref_0048a068 ; mov edx, 0x48a068 push edx push 0 mov edx, dword [ref_0048a0e0] ; mov edx, dword [0x48a0e0] push edx call dword [eax + 0x64] ; ucall push 0x3c push 0x46 mov ecx, dword [esp + 0x4c] push ecx mov ebx, dword [esp + 0x4c] push ebx push ecx push ebx mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0x24 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 mov edx, dword [ref_0048a0e0] ; mov edx, dword [0x48a0e0] push edx call dword [eax + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 push 0 push 0x409 loc_00434864: push edi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] jmp near loc_004347a2 ; jmp 0x4347a2 loc_00434871: mov byte [ref_0048c3cc], 6 ; mov byte [0x48c3cc], 6 mov dword [esp + 0x40], 0x1f0 mov dword [esp + 0x44], 0xa2 mov dword [esp + 0x48], 0x236 mov dword [esp + 0x4c], 0xde mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 push 1 mov edx, ref_0048a068 ; mov edx, 0x48a068 push edx push 0 mov edx, dword [ref_0048a0e0] ; mov edx, dword [0x48a0e0] push edx call dword [eax + 0x64] ; ucall push 0x3c push 0x46 mov ecx, dword [esp + 0x4c] push ecx mov ebx, dword [esp + 0x4c] push ebx push ecx push ebx mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0x24 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 mov edx, dword [ref_0048a0e0] ; mov edx, dword [0x48a0e0] push edx call dword [eax + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 push 0 push 0x40a jmp near loc_00434864 ; jmp 0x434864 loc_0043490f: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov ecx, dword [ref_0048c3c4] ; mov ecx, dword [0x48c3c4] push ecx push edi call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] xor eax, eax mov al, byte [ref_0048c3d0] ; mov al, byte [0x48c3d0] push eax call _Post_0402_Message ; call 0x401966 jmp near loc_0043479f ; jmp 0x43479f loc_0043493a: call clib_rand ; call 0x456f2d mov esi, eax sar esi, 0xa test esi, esi jne near loc_00434a46 ; jne 0x434a46 or byte [ref_0048c3ce], 1 ; or byte [0x48c3ce], 1 jmp near loc_00434a46 ; jmp 0x434a46 loc_00434958: mov al, byte [ref_0048c3ce] ; mov al, byte [0x48c3ce] and al, 0x30 movzx esi, al sar esi, 4 mov ch, byte [ref_0048c3ce] ; mov ch, byte [0x48c3ce] add ch, 0x10 mov byte [ref_0048c3ce], ch ; mov byte [0x48c3ce], ch mov al, ch and al, 0x3f mov byte [ref_0048c3ce], al ; mov byte [0x48c3ce], al mov dword [esp + 0x40], 0x1f0 mov dword [esp + 0x44], 0xa2 mov dword [esp + 0x48], 0x236 mov dword [esp + 0x4c], 0xc5 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov al, byte [ref_0048c3ce] ; mov al, byte [0x48c3ce] and al, 0x30 cmp al, 0x30 jne short loc_004349f0 ; jne 0x4349f0 xor ah, ah mov byte [ref_0048c3ce], ah ; mov byte [0x48c3ce], ah push 0x23 push 0x46 mov esi, dword [esp + 0x4c] push esi mov ebp, dword [esp + 0x4c] push ebp push esi push ebp mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0x24 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_0045643d ; call 0x45643d add esp, 0x20 jmp short loc_00434a27 ; jmp 0x434a27 loc_004349f0: mov edx, dword [esp + 0x44] push edx mov ecx, dword [esp + 0x44] push ecx xor edx, edx mov dl, byte [esi + ref_00475884] ; mov dl, byte [esi + 0x475884] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048c3c0] ; mov edx, dword [0x48c3c0] add edx, 0xc add eax, edx push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 loc_00434a27: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_00434a46: call fcn_0044ef3b ; call 0x44ef3b test eax, eax jne short loc_00434a5c ; jne 0x434a5c cmp byte [ref_0048c3cd], 0 ; cmp byte [0x48c3cd], 0 je near loc_00434641 ; je 0x434641 loc_00434a5c: mov dword [esp + 0x40], 0x1f0 mov dword [esp + 0x44], 0xc5 mov dword [esp + 0x48], 0x232 mov dword [esp + 0x4c], 0xde mov bl, byte [ref_0048c3cd] ; mov bl, byte [0x48c3cd] test bl, bl je short loc_00434ad9 ; je 0x434ad9 mov bh, bl dec bh mov byte [ref_0048c3cd], bh ; mov byte [0x48c3cd], bh jne near loc_00434641 ; jne 0x434641 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x19 push 0x42 mov esi, dword [esp + 0x4c] push esi mov ebp, dword [esp + 0x4c] push ebp push esi push ebp mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0x24 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_0045643d ; call 0x45643d add esp, 0x20 jmp near loc_00434cdc ; jmp 0x434cdc loc_00434ad9: call clib_rand ; call 0x456f2d mov esi, eax sar esi, 0xb cmp esi, 4 jge near loc_00434641 ; jge 0x434641 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov edx, dword [esp + 0x44] push edx mov ecx, dword [esp + 0x44] push ecx call clib_rand ; call 0x456f2d and eax, 1 lea edx, [eax + 0xd] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048c3c0] ; mov edx, dword [0x48c3c0] add edx, 0xc add eax, edx push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall call clib_rand ; call 0x456f2d and al, 7 inc al mov byte [ref_0048c3cd], al ; mov byte [0x48c3cd], al jmp near loc_00434cec ; jmp 0x434cec loc_00434b5f: mov cl, byte [ref_0048c3cc] ; mov cl, byte [0x48c3cc] cmp cl, 2 jae short loc_00434b80 ; jae 0x434b80 push 1 call fcn_0044ee18 ; call 0x44ee18 add esp, 4 mov byte [ref_0048c3cc], 1 ; mov byte [0x48c3cc], 1 jmp near loc_00434641 ; jmp 0x434641 loc_00434b80: jbe short loc_00434b8e ; jbe 0x434b8e push 1 call fcn_0044ee18 ; call 0x44ee18 jmp near loc_00434660 ; jmp 0x434660 loc_00434b8e: xor esi, esi mov si, bx mov eax, ebx shr eax, 0x10 and eax, 0xffff and eax, 0xffff xor ebp, ebp mov dword [esp + 0x50], ebp jmp short loc_00434bbc ; jmp 0x434bbc loc_00434baa: mov ebp, dword [esp + 0x50] inc ebp mov dword [esp + 0x50], ebp cmp ebp, 3 jge near loc_00434c35 ; jge 0x434c35 loc_00434bbc: mov ebx, dword [esp + 0x50] shl ebx, 3 movsx edx, word [ebx + ref_00475818] ; movsx edx, word [ebx + 0x475818] cmp esi, edx jl short loc_00434baa ; jl 0x434baa movsx edx, word [ebx + ref_0047581c] ; movsx edx, word [ebx + 0x47581c] cmp esi, edx jg short loc_00434baa ; jg 0x434baa movsx edx, word [ebx + ref_0047581a] ; movsx edx, word [ebx + 0x47581a] cmp eax, edx jl short loc_00434baa ; jl 0x434baa movsx edx, word [ebx + ref_0047581e] ; movsx edx, word [ebx + 0x47581e] cmp eax, edx jg short loc_00434baa ; jg 0x434baa push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 mov al, byte [esp + 0x50] inc al mov byte [ref_0048c3cf], al ; mov byte [0x48c3cf], al movsx eax, word [ebx + ref_00475818] ; movsx eax, word [ebx + 0x475818] mov dword [esp + 0x40], eax movsx eax, word [ebx + ref_0047581a] ; movsx eax, word [ebx + 0x47581a] mov dword [esp + 0x44], eax movsx eax, word [ebx + ref_0047581c] ; movsx eax, word [ebx + 0x47581c] mov dword [esp + 0x48], eax movsx eax, word [ebx + ref_0047581e] ; movsx eax, word [ebx + 0x47581e] mov dword [esp + 0x4c], eax loc_00434c35: mov al, byte [ref_0048c3cf] ; mov al, byte [0x48c3cf] cmp al, 2 jb short loc_00434c51 ; jb 0x434c51 jbe near loc_00434d00 ; jbe 0x434d00 cmp al, 3 je near loc_00434d62 ; je 0x434d62 jmp near loc_00434641 ; jmp 0x434641 loc_00434c51: cmp al, 1 jne near loc_00434641 ; jne 0x434641 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+60)], 0 ; cmp byte [eax + 0x496ba4], 0 je short loc_00434c75 ; je 0x434c75 xor al, al mov byte [ref_0048c3cf], al ; mov byte [0x48c3cf], al jmp near loc_00434641 ; jmp 0x434641 loc_00434c75: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ebx, dword [esp + 0x44] push ebx mov esi, dword [esp + 0x44] push esi mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0xd8 push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0 push 2 push 0 push 0xf0f0f0 push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0x145 push 0x44 push ref_00464a9c ; push 0x464a9c loc_00434cd2: push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 loc_00434cdc: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall loc_00434cec: push 0 lea eax, [esp + 0x44] push eax push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_00434641 ; jmp 0x434641 loc_00434d00: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ebp, dword [esp + 0x44] push ebp mov eax, dword [esp + 0x44] push eax mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0xd8 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0 push 2 push 0 push 0xf0f0f0 push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 2 push 0x17f push 0x44 push ref_00464aa5 ; push 0x464aa5 jmp near loc_00434cd2 ; jmp 0x434cd2 loc_00434d62: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ecx, dword [esp + 0x44] push ecx mov ebx, dword [esp + 0x44] push ebx mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0xf0 push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_00456418 ; call 0x456418 add esp, 0x10 jmp near loc_00434cdc ; jmp 0x434cdc loc_00434da1: mov al, byte [ref_0048c3cf] ; mov al, byte [0x48c3cf] test al, al je near loc_00434641 ; je 0x434641 xor edx, edx mov dl, al movsx eax, word [edx*8 + ref_00475810] ; movsx eax, word [edx*8 + 0x475810] mov dword [esp + 0x40], eax movsx eax, word [edx*8 + ref_00475812] ; movsx eax, word [edx*8 + 0x475812] mov dword [esp + 0x44], eax movsx eax, word [edx*8 + ref_00475814] ; movsx eax, word [edx*8 + 0x475814] mov dword [esp + 0x48], eax movsx eax, word [edx*8 + ref_00475816] ; movsx eax, word [edx*8 + 0x475816] mov dword [esp + 0x4c], eax mov al, dl cmp al, 2 jb short loc_00434dfb ; jb 0x434dfb jbe near loc_00434e98 ; jbe 0x434e98 cmp al, 3 je near loc_00434f25 ; je 0x434f25 jmp near loc_00434fa1 ; jmp 0x434fa1 loc_00434dfb: cmp al, 1 jne near loc_00434fa1 ; jne 0x434fa1 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 push 1 mov edx, ref_0048a068 ; mov edx, 0x48a068 push edx push 0 mov edx, dword [ref_0048a0e0] ; mov edx, dword [0x48a0e0] push edx call dword [eax + 0x64] ; ucall push 0x28 push 0x72 mov ecx, dword [esp + 0x4c] push ecx mov ebx, dword [esp + 0x4c] push ebx push ecx push ebx mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0x24 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 mov edx, dword [ref_0048a0e0] ; mov edx, dword [0x48a0e0] push edx call dword [eax + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov eax, dword [eax + (_players+40)] ; mov eax, dword [eax + 0x496b90] cmp eax, dword [ref_0048c3c8] ; cmp eax, dword [0x48c3c8] jge near loc_00434fa1 ; jge 0x434fa1 mov byte [ref_0048c3cc], 3 ; mov byte [0x48c3cc], 3 mov esi, dword [ref_00475860] ; mov esi, dword [0x475860] push esi jmp near loc_00434f99 ; jmp 0x434f99 loc_00434e98: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 push 1 mov edx, ref_0048a068 ; mov edx, 0x48a068 push edx push 0 mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] push esi call dword [eax + 0x64] ; ucall push 0x28 push 0x72 mov ebp, dword [esp + 0x4c] push ebp mov eax, dword [esp + 0x4c] push eax push ebp push eax mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0x24 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] push esi call dword [eax + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp dword [eax + (_players+40)], 0 ; cmp dword [eax + 0x496b90], 0 je near loc_00434fa1 ; je 0x434fa1 mov byte [ref_0048c3cc], 5 ; mov byte [0x48c3cc], 5 mov eax, dword [ref_00475868] ; mov eax, dword [0x475868] push eax jmp short loc_00434f99 ; jmp 0x434f99 loc_00434f25: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 push 1 mov edx, ref_0048a068 ; mov edx, 0x48a068 push edx push 0 mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] push esi call dword [eax + 0x64] ; ucall mov ebp, dword [esp + 0x44] push ebp mov eax, dword [esp + 0x44] push eax mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0xe4 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx call dword [eax + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov byte [ref_0048c3cc], 7 ; mov byte [0x48c3cc], 7 mov ebx, dword [ref_00475870] ; mov ebx, dword [0x475870] push ebx loc_00434f99: call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 loc_00434fa1: xor bl, bl mov byte [ref_0048c3cf], bl ; mov byte [0x48c3cf], bl jmp near loc_00434641 ; jmp 0x434641 loc_00434fae: cmp byte [ref_0048c3cc], 7 ; cmp byte [0x48c3cc], 7 je near loc_00434641 ; je 0x434641 push 0 push ref_00482332 ; push 0x482332 call fcn_004542ce ; call 0x4542ce add esp, 8 mov byte [ref_0048c3cc], 7 ; mov byte [0x48c3cc], 7 mov ebx, dword [ref_00475870] ; mov ebx, dword [0x475870] push ebx jmp near loc_0043465b ; jmp 0x43465b loc_00434fdd: mov eax, esp push eax push edi call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov eax, dword [eax] push 0x10 lea edx, [esp + 0xc] push edx mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] push esi mov ebp, dword [esp + 0x18] push ebp mov edx, dword [esp + 0x18] push edx mov ecx, dword [ref_0048a0dc] ; mov ecx, dword [0x48a0dc] push ecx call dword [eax + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push edi call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_00434641 ; jmp 0x434641 loc_0043503b: push ebx mov ebx, dword [esp + 0x74] push ebx push eax push edi call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_00434643 ; jmp 0x434643 endloc_0043504f: db 0x8d db 0x40 db 0x00 ref_00435052: ; may contain a jump table dd loc_00435cca dd loc_00435d48 dd loc_00435da4 dd loc_00435ddb fcn_00435062: push ebx push esi push edi push ebp sub esp, 0xd4 mov esi, dword [esp + 0xe8] mov eax, dword [esp + 0xec] mov edx, dword [esp + 0xf4] cmp eax, 0x203 jb short loc_004350e5 ; jb 0x4350e5 jbe near loc_00435c12 ; jbe 0x435c12 cmp eax, 0x405 jb short loc_004350c8 ; jb 0x4350c8 imul ebx, dword [_current_player], 0x68 ; imul ebx, dword [0x49910c], 0x68 cmp eax, 0x405 jbe near loc_00435197 ; jbe 0x435197 cmp eax, 0x409 jb near loc_0043601d ; jb 0x43601d jbe near loc_00435228 ; jbe 0x435228 cmp eax, 0x40a je near loc_00435360 ; je 0x435360 jmp near loc_0043601d ; jmp 0x43601d loc_004350c8: cmp eax, 0x205 jb near loc_0043601d ; jb 0x43601d jbe near loc_00435f6d ; jbe 0x435f6d cmp eax, 0x401 je short loc_00435116 ; je 0x435116 jmp near loc_0043601d ; jmp 0x43601d loc_004350e5: cmp eax, 0x113 jb short loc_00435108 ; jb 0x435108 jbe near loc_004354aa ; jbe 0x4354aa cmp eax, 0x201 jb near loc_0043601d ; jb 0x43601d jbe near loc_00435c12 ; jbe 0x435c12 jmp near loc_00435ea2 ; jmp 0x435ea2 loc_00435108: cmp eax, 0xf je near loc_00435fa6 ; je 0x435fa6 jmp near loc_0043601d ; jmp 0x43601d loc_00435116: mov byte [ref_0048c3e0], dl ; mov byte [0x48c3e0], dl xor bl, bl mov byte [ref_0048c3dd], bl ; mov byte [0x48c3dd], bl mov byte [ref_0048c3de], bl ; mov byte [0x48c3de], bl mov byte [ref_0048c3df], bl ; mov byte [0x48c3df], bl mov byte [ref_0048c3e1], bl ; mov byte [0x48c3e1], bl mov byte [ref_0048c3e2], bl ; mov byte [0x48c3e2], bl mov dword [ref_0048c3d5], 0x280 ; mov dword [0x48c3d5], 0x280 xor ebp, ebp mov dword [ref_0048c3d9], ebp ; mov dword [0x48c3d9], ebp xor eax, eax mov al, dl push eax call fcn_00434186 ; call 0x434186 add esp, 4 push ebp push 0x32 mov eax, dword [_callbackSize] ; mov eax, dword [0x46cad8] push eax push esi call dword [cs:__imp__SetTimer@16] ; ucall: call dword cs:[0x462324] mov dword [ref_0048c3d1], eax ; mov dword [0x48c3d1], eax push ebp push ebp push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push ebp push ebp push 0x405 push esi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] loc_0043518a: xor eax, eax loc_0043518c: add esp, 0xd4 jmp near loc_00434646 ; jmp 0x434646 loc_00435197: cmp byte [ebx + (_players+60)], 0 ; cmp byte [ebx + 0x496ba4], 0 je short loc_00435200 ; je 0x435200 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 push ref_0046cadc ; push 0x46cadc mov edi, dword [ref_0048a0e0] ; mov edi, dword [0x48a0e0] push edi mov ebp, dword [ref_0046cae0] ; mov ebp, dword [0x46cae0] push ebp mov ecx, dword [ref_0046cadc] ; mov ecx, dword [0x46cadc] push ecx push eax call dword [edx + 0x1c] ; ucall imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov al, byte [eax + (_players+60)] ; mov al, byte [eax + 0x496ba4] and al, 0x7f xor ebx, ebx mov bl, al inc ebx push ebx push ref_00464ad5 ; push 0x464ad5 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x800005dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 loc_00435200: cmp byte [ref_00497159], 0 ; cmp byte [0x497159], 0 je short loc_0043521c ; je 0x43521c mov byte [ref_0048c3dd], 1 ; mov byte [0x48c3dd], 1 mov esi, dword [ref_00475830] ; mov esi, dword [0x475830] loc_00435216: push esi jmp near loc_00435d8c ; jmp 0x435d8c loc_0043521c: mov byte [ref_0048c3dd], 3 ; mov byte [0x48c3dd], 3 jmp near loc_0043518a ; jmp 0x43518a loc_00435228: mov eax, dword [ebx + (_players+36)] ; mov eax, dword [ebx + 0x496b8c] mov edi, dword [ref_0048c3b0] ; mov edi, dword [0x48c3b0] cmp eax, edi jge near loc_00435354 ; jge 0x435354 mov eax, edi sub eax, dword [ebx + (_players+36)] ; sub eax, dword [ebx + 0x496b8c] push eax call fcn_00453544 ; call 0x453544 mov edx, eax add esp, 4 test eax, eax je near loc_00435354 ; je 0x435354 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] imul eax, ecx, 0x68 add dword [eax + (_players+32)], edx ; add dword [eax + 0x496b88], edx add dword [eax + (_players+36)], edx ; add dword [eax + 0x496b8c], edx push ecx call fcn_00433b7e ; call 0x433b7e add esp, 4 call fcn_00433d6e ; call 0x433d6e call fcn_00433f24 ; call 0x433f24 mov eax, dword [ref_0048c3d5] ; mov eax, dword [0x48c3d5] mov dword [esp + 0xc0], eax xor eax, eax mov dword [esp + 0xc4], eax mov dword [esp + 0xc8], 0x280 mov dword [esp + 0xcc], 0x1e0 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ebx, dword [esp + 0xc4] push ebx mov edi, dword [esp + 0xc4] push edi mov ebp, dword [ref_0048c3b8] ; mov ebp, dword [0x48c3b8] push ebp mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [esp + 0xc4] add eax, 0x118 push eax mov edx, dword [esp + 0xc4] push edx mov ecx, dword [ref_0048c3b4] ; mov ecx, dword [0x48c3b4] push ecx mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0xc4] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov byte [ref_0048c3dd], 7 ; mov byte [0x48c3dd], 7 mov esi, dword [ref_00475840] ; mov esi, dword [0x475840] push esi loc_00435340: call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 mov byte [ref_0048c3e2], 1 ; mov byte [0x48c3e2], 1 jmp near loc_0043518a ; jmp 0x43518a loc_00435354: mov byte [ref_0048c3dd], 8 ; mov byte [0x48c3dd], 8 jmp near loc_0043518a ; jmp 0x43518a loc_00435360: mov edi, dword [ebx + (_players+36)] ; mov edi, dword [ebx + 0x496b8c] push edi call fcn_00453544 ; call 0x453544 mov edx, eax add esp, 4 mov ebx, eax test eax, eax je short loc_00435354 ; je 0x435354 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ecx, dword [eax + (_players+28)] ; mov ecx, dword [eax + 0x496b84] mov edi, dword [eax + (_players+32)] ; mov edi, dword [eax + 0x496b88] add ecx, edi cmp edx, ecx jle short loc_004353a3 ; jle 0x4353a3 mov byte [ref_0048c3dd], 9 ; mov byte [0x48c3dd], 9 mov ebx, dword [ref_00475850] ; mov ebx, dword [0x475850] push ebx jmp near loc_00435d8c ; jmp 0x435d8c loc_004353a3: mov ebp, edi sub ebp, edx mov dword [eax + (_players+32)], ebp ; mov dword [eax + 0x496b88], ebp test ebp, ebp jge short loc_004353bf ; jge 0x4353bf add dword [eax + (_players+28)], ebp ; add dword [eax + 0x496b84], ebp xor edi, edi mov dword [eax + (_players+32)], edi ; mov dword [eax + 0x496b88], edi loc_004353bf: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov edx, dword [eax + (_players+36)] ; mov edx, dword [eax + 0x496b8c] sub edx, ebx mov dword [eax + (_players+36)], edx ; mov dword [eax + 0x496b8c], edx jne short loc_004353e1 ; jne 0x4353e1 mov dword [eax + (_players+44)], edx ; mov dword [eax + 0x496b94], edx call fcn_00433f24 ; call 0x433f24 loc_004353e1: call fcn_00433d6e ; call 0x433d6e mov eax, dword [ref_0048c3d5] ; mov eax, dword [0x48c3d5] mov dword [esp + 0xc0], eax xor edi, edi mov dword [esp + 0xc4], edi mov dword [esp + 0xc8], 0x280 mov dword [esp + 0xcc], 0x1e0 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push edi push 1 push ref_0048a068 ; push 0x48a068 push edi push eax call dword [edx + 0x64] ; ucall mov edx, dword [esp + 0xc4] push edx mov ecx, dword [esp + 0xc4] push ecx mov ebx, dword [ref_0048c3b8] ; mov ebx, dword [0x48c3b8] push ebx mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [esp + 0xc4] add eax, 0x118 push eax mov ebp, dword [esp + 0xc4] push ebp mov eax, dword [ref_0048c3b4] ; mov eax, dword [0x48c3b4] push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0xc4] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov byte [ref_0048c3dd], 8 ; mov byte [0x48c3dd], 8 mov ecx, dword [ref_00475854] ; mov ecx, dword [0x475854] push ecx jmp near loc_00435340 ; jmp 0x435340 loc_004354aa: cmp byte [ref_0048c3dd], 0 ; cmp byte [0x48c3dd], 0 je near loc_0043518a ; je 0x43518a cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je near loc_0043518a ; je 0x43518a mov eax, dword [esp + 0xf0] cmp eax, dword [_callbackSize] ; cmp eax, dword [0x46cad8] jne near loc_0043518a ; jne 0x43518a mov ebp, dword [ref_0048c3d9] ; mov ebp, dword [0x48c3d9] test ebp, ebp je near loc_00435667 ; je 0x435667 mov edx, dword [ref_0048c3d5] ; mov edx, dword [0x48c3d5] add edx, ebp mov dword [ref_0048c3d5], edx ; mov dword [0x48c3d5], edx mov dword [esp + 0xc0], edx xor ecx, ecx mov dword [esp + 0xc4], ecx mov dword [esp + 0xc8], 0x280 mov dword [esp + 0xcc], 0x1e0 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push ecx push 1 mov edx, ref_0048a068 ; mov edx, 0x48a068 push edx push ecx mov ebp, dword [ref_0048a0e0] ; mov ebp, dword [0x48a0e0] push ebp call dword [eax + 0x64] ; ucall mov eax, dword [esp + 0xc4] push eax mov edx, dword [esp + 0xc4] push edx mov ecx, dword [ref_0048c3b8] ; mov ecx, dword [0x48c3b8] push ecx mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [esp + 0xc4] add eax, 0x118 push eax mov edi, dword [esp + 0xc4] push edi mov ebp, dword [ref_0048c3b4] ; mov ebp, dword [0x48c3b4] push ebp mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov edx, dword [ref_0048c3d9] ; mov edx, dword [0x48c3d9] test edx, edx jle short loc_004355d3 ; jle 0x4355d3 mov ecx, dword [ref_0048c3d5] ; mov ecx, dword [0x48c3d5] cmp ecx, 0x1b8 jle short loc_004355d3 ; jle 0x4355d3 push 0x1e0 push edx push 0 mov eax, ecx sub eax, edx push eax push 0 mov eax, ecx sub eax, edx push eax mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0xc push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048c3d9] ; mov eax, dword [0x48c3d9] sub dword [esp + 0xc0], eax loc_004355d3: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall cmp dword [ref_0048c3d5], 0x1b8 ; cmp dword [0x48c3d5], 0x1b8 jne short loc_004355f7 ; jne 0x4355f7 xor ebx, ebx mov dword [ref_0048c3d9], ebx ; mov dword [0x48c3d9], ebx loc_004355f7: cmp dword [ref_0048c3d5], 0x280 ; cmp dword [0x48c3d5], 0x280 jne short loc_0043561b ; jne 0x43561b xor ebp, ebp mov dword [ref_0048c3d9], ebp ; mov dword [0x48c3d9], ebp cmp byte [ref_0048c3e2], 0 ; cmp byte [0x48c3e2], 0 je short loc_0043561b ; je 0x43561b mov byte [ref_0048c3dd], 0xb ; mov byte [0x48c3dd], 0xb loc_0043561b: lea eax, [esp + 0xc0] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0xc4] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [esp + 0xd0] push ebx mov edi, dword [esp + 0xd0] push edi push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 0xc0] push eax call fcn_00402250 ; call 0x402250 add esp, 4 loc_00435667: push 0 call fcn_0044ee18 ; call 0x44ee18 add esp, 4 test eax, eax je near loc_00435891 ; je 0x435891 mov al, byte [ref_0048c3dd] ; mov al, byte [0x48c3dd] cmp al, 7 jb short loc_004356a3 ; jb 0x4356a3 jbe near loc_00435794 ; jbe 0x435794 cmp al, 9 jb near loc_004357a7 ; jb 0x4357a7 jbe near loc_004357c7 ; jbe 0x4357c7 cmp al, 0xb je near loc_0043586e ; je 0x43586e jmp near loc_00435891 ; jmp 0x435891 loc_004356a3: cmp al, 3 jb short loc_004356b2 ; jb 0x4356b2 jbe short loc_004356d2 ; jbe 0x4356d2 cmp al, 5 je short loc_004356e5 ; je 0x4356e5 jmp near loc_00435891 ; jmp 0x435891 loc_004356b2: cmp al, 1 jne near loc_00435891 ; jne 0x435891 mov byte [ref_0048c3dd], 3 ; mov byte [0x48c3dd], 3 mov ebx, dword [ref_00475834] ; mov ebx, dword [0x475834] push ebx loc_004356c8: call fcn_0044ecb6 ; call 0x44ecb6 jmp near loc_0043588e ; jmp 0x43588e loc_004356d2: mov byte [ref_0048c3dd], 4 ; mov byte [0x48c3dd], 4 push 1 call fcn_00402460 ; call 0x402460 jmp near loc_0043588e ; jmp 0x43588e loc_004356e5: mov byte [ref_0048c3dd], 6 ; mov byte [0x48c3dd], 6 mov dword [esp + 0xc0], 0x8c mov dword [esp + 0xc4], 0x72 mov dword [esp + 0xc8], 0xdc mov dword [esp + 0xcc], 0xb6 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x44 push 0x50 mov edi, dword [esp + 0xcc] push edi mov ebp, dword [esp + 0xcc] push ebp push edi push ebp mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0xc push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0xc4] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 push 0 push 0x409 loc_00435787: push esi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] jmp near loc_00435891 ; jmp 0x435891 loc_00435794: mov byte [ref_0048c3dd], 8 ; mov byte [0x48c3dd], 8 mov ebp, dword [ref_00475844] ; mov ebp, dword [0x475844] push ebp jmp near loc_004356c8 ; jmp 0x4356c8 loc_004357a7: mov dword [ref_0048c3d9], 0x28 ; mov dword [0x48c3d9], 0x28 mov dword [ref_0048c3d5], 0x1b8 ; mov dword [0x48c3d5], 0x1b8 mov byte [ref_0048c3dd], 4 ; mov byte [0x48c3dd], 4 jmp near loc_004358a9 ; jmp 0x4358a9 loc_004357c7: mov byte [ref_0048c3dd], 0xa ; mov byte [0x48c3dd], 0xa mov dword [esp + 0xc0], 0x8c mov dword [esp + 0xc4], 0x72 mov dword [esp + 0xc8], 0xdc mov dword [esp + 0xcc], 0xb6 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x44 push 0x50 mov edi, dword [esp + 0xcc] push edi mov ebp, dword [esp + 0xcc] push ebp push edi push ebp mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0xc push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0xc4] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 push 0 push 0x40a jmp near loc_00435787 ; jmp 0x435787 loc_0043586e: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov ebp, dword [ref_0048c3d1] ; mov ebp, dword [0x48c3d1] push ebp push esi call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] push 0 call _Post_0402_Message ; call 0x401966 loc_0043588e: add esp, 4 loc_00435891: mov bl, byte [ref_0048c3dd] ; mov bl, byte [0x48c3dd] cmp bl, 6 je near loc_0043518a ; je 0x43518a cmp bl, 0xa je near loc_0043518a ; je 0x43518a loc_004358a9: mov al, byte [ref_0048c3df] ; mov al, byte [0x48c3df] and al, 0xf cmp al, 1 jb short loc_004358c3 ; jb 0x4358c3 jbe short loc_004358ff ; jbe 0x4358ff cmp al, 2 je near loc_004359da ; je 0x4359da jmp near loc_00435ac0 ; jmp 0x435ac0 loc_004358c3: test al, al jne near loc_00435ac0 ; jne 0x435ac0 call clib_rand ; call 0x456f2d sar eax, 0xa mov dword [esp + 0xd0], eax test eax, eax jne short loc_004358ea ; jne 0x4358ea or byte [ref_0048c3df], 1 ; or byte [0x48c3df], 1 jmp near loc_00435ac0 ; jmp 0x435ac0 loc_004358ea: cmp eax, 1 jne near loc_00435ac0 ; jne 0x435ac0 or byte [ref_0048c3df], 2 ; or byte [0x48c3df], 2 jmp near loc_00435ac0 ; jmp 0x435ac0 loc_004358ff: mov al, byte [ref_0048c3df] ; mov al, byte [0x48c3df] and al, 0x30 and eax, 0xff sar eax, 4 mov dword [esp + 0xd0], eax mov dword [esp + 0xc0], 0x8c mov dword [esp + 0xc4], 0x72 mov dword [esp + 0xc8], 0xdc mov dword [esp + 0xcc], 0x9a mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov edi, dword [esp + 0xc4] push edi mov ebp, dword [esp + 0xc4] push ebp xor edx, edx mov eax, dword [esp + 0xd8] mov dl, byte [eax + ref_00475880] ; mov dl, byte [eax + 0x475880] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0xc add eax, edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov cl, byte [ref_0048c3df] ; mov cl, byte [0x48c3df] add cl, 0x10 mov byte [ref_0048c3df], cl ; mov byte [0x48c3df], cl mov ch, cl and ch, 0x3f mov byte [ref_0048c3df], ch ; mov byte [0x48c3df], ch test ch, 0x30 jne near loc_00435aae ; jne 0x435aae mov byte [ref_0048c3df], 0x80 ; mov byte [0x48c3df], 0x80 jmp near loc_00435aae ; jmp 0x435aae loc_004359da: call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 3 sar edx, 0x1f idiv ecx mov dword [esp + 0xd0], edx mov al, byte [ref_0048c3df] ; mov al, byte [0x48c3df] and al, 0xc0 xor edx, edx mov dl, al sar edx, 6 cmp edx, dword [esp + 0xd0] je near loc_00435ac0 ; je 0x435ac0 mov dword [esp + 0xc0], 0x8c mov dword [esp + 0xc4], 0x72 mov dword [esp + 0xc8], 0xdc mov dword [esp + 0xcc], 0x9a mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ebx, dword [esp + 0xc4] push ebx mov edi, dword [esp + 0xc4] push edi mov edx, dword [esp + 0xd8] add edx, 3 mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0xc add eax, edx push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov al, byte [esp + 0xd0] shl al, 6 mov byte [ref_0048c3df], al ; mov byte [0x48c3df], al loc_00435aae: push 0 lea eax, [esp + 0xc4] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_00435ac0: call fcn_0044ef3b ; call 0x44ef3b test eax, eax jne short loc_00435ad6 ; jne 0x435ad6 cmp byte [ref_0048c3de], 0 ; cmp byte [0x48c3de], 0 je near loc_0043518a ; je 0x43518a loc_00435ad6: mov dword [esp + 0xc0], 0x8c mov dword [esp + 0xc4], 0x98 mov dword [esp + 0xc8], 0xdc mov dword [esp + 0xcc], 0xb6 mov bh, byte [ref_0048c3de] ; mov bh, byte [0x48c3de] test bh, bh je short loc_00435b81 ; je 0x435b81 mov cl, bh dec cl mov byte [ref_0048c3de], cl ; mov byte [0x48c3de], cl jne near loc_0043518a ; jne 0x43518a mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ebp, dword [esp + 0xc4] push ebp mov eax, dword [esp + 0xc4] push eax mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0x6c push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 loc_00435b57: add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall loc_00435b6a: push 0 lea eax, [esp + 0xc4] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_0043518a ; jmp 0x43518a loc_00435b81: call clib_rand ; call 0x456f2d sar eax, 0xb mov dword [esp + 0xd0], eax cmp eax, 4 jge near loc_0043518a ; jge 0x43518a mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ecx, dword [esp + 0xc4] push ecx mov ebx, dword [esp + 0xc4] push ebx call clib_rand ; call 0x456f2d and eax, 1 lea edx, [eax + 9] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048c3c0] ; mov edx, dword [0x48c3c0] add edx, 0xc add eax, edx push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall call clib_rand ; call 0x456f2d and al, 7 inc al mov byte [ref_0048c3de], al ; mov byte [0x48c3de], al jmp near loc_00435b6a ; jmp 0x435b6a loc_00435c12: mov ch, byte [ref_0048c3dd] ; mov ch, byte [0x48c3dd] cmp ch, 4 jae short loc_00435c2c ; jae 0x435c2c push 1 call fcn_0044ee18 ; call 0x44ee18 add esp, 4 jmp near loc_0043521c ; jmp 0x43521c loc_00435c2c: jbe short loc_00435c3a ; jbe 0x435c3a push 1 call fcn_0044ee18 ; call 0x44ee18 jmp near loc_00435d91 ; jmp 0x435d91 loc_00435c3a: xor eax, eax mov ax, dx mov dword [esp + 0xd0], eax mov eax, edx shr eax, 0x10 and eax, 0xffff xor edx, edx mov dx, ax xor ebx, ebx mov edi, dword [esp + 0xd0] jmp short loc_00435c66 ; jmp 0x435c66 loc_00435c60: inc ebx cmp ebx, 4 jge short loc_00435caf ; jge 0x435caf loc_00435c66: mov eax, ebx shl eax, 3 movsx ecx, word [eax + ref_004757f8] ; movsx ecx, word [eax + 0x4757f8] cmp ecx, edi jg short loc_00435c60 ; jg 0x435c60 movsx ecx, word [eax + ref_004757fc] ; movsx ecx, word [eax + 0x4757fc] cmp ecx, edi jl short loc_00435c60 ; jl 0x435c60 movsx ecx, word [eax + ref_004757fa] ; movsx ecx, word [eax + 0x4757fa] cmp edx, ecx jl short loc_00435c60 ; jl 0x435c60 movsx eax, word [eax + ref_004757fe] ; movsx eax, word [eax + 0x4757fe] cmp edx, eax jg short loc_00435c60 ; jg 0x435c60 push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 mov al, bl inc al mov byte [ref_0048c3e1], al ; mov byte [0x48c3e1], al loc_00435caf: mov al, byte [ref_0048c3e1] ; mov al, byte [0x48c3e1] dec al cmp al, 3 ja near loc_0043518a ; ja 0x43518a and eax, 0xff jmp dword [eax*4 + ref_00435052] ; ujmp: jmp dword [eax*4 + 0x435052] loc_00435cca: movsx eax, word [ebx*8 + ref_004757f8] ; movsx eax, word [ebx*8 + 0x4757f8] mov dword [esp + 0xc0], eax movsx eax, word [ebx*8 + ref_004757fa] ; movsx eax, word [ebx*8 + 0x4757fa] mov dword [esp + 0xc4], eax movsx eax, word [ebx*8 + ref_004757fc] ; movsx eax, word [ebx*8 + 0x4757fc] mov dword [esp + 0xc8], eax movsx eax, word [ebx*8 + ref_004757fe] ; movsx eax, word [ebx*8 + 0x4757fe] mov dword [esp + 0xcc], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ebp, dword [esp + 0xc4] push ebp mov eax, dword [esp + 0xc4] push eax mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0xf0 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 jmp near loc_00435b57 ; jmp 0x435b57 loc_00435d48: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+60)], 0 ; cmp byte [eax + 0x496ba4], 0 jne near loc_0043518a ; jne 0x43518a mov dword [ref_0048c3d5], 0x280 ; mov dword [0x48c3d5], 0x280 mov dword [ref_0048c3d9], 0xffffffd8 ; mov dword [0x48c3d9], 0xffffffd8 mov byte [ref_0048c3dd], 5 ; mov byte [0x48c3dd], 5 mov eax, dword [eax + (_players+36)] ; mov eax, dword [eax + 0x496b8c] cmp eax, dword [ref_0048c3b0] ; cmp eax, dword [0x48c3b0] jl short loc_00435d99 ; jl 0x435d99 mov edi, dword [ref_00475848] ; mov edi, dword [0x475848] loc_00435d8b: push edi loc_00435d8c: call fcn_0044ecb6 ; call 0x44ecb6 loc_00435d91: add esp, 4 jmp near loc_0043518a ; jmp 0x43518a loc_00435d99: mov esi, dword [ref_0047583c] ; mov esi, dword [0x47583c] jmp near loc_00435216 ; jmp 0x435216 loc_00435da4: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp dword [eax + (_players+36)], 0 ; cmp dword [eax + 0x496b8c], 0 je near loc_0043518a ; je 0x43518a mov byte [ref_0048c3dd], 9 ; mov byte [0x48c3dd], 9 mov dword [ref_0048c3d5], 0x280 ; mov dword [0x48c3d5], 0x280 mov dword [ref_0048c3d9], 0xffffffd8 ; mov dword [0x48c3d9], 0xffffffd8 mov edi, dword [ref_0047584c] ; mov edi, dword [0x47584c] jmp short loc_00435d8b ; jmp 0x435d8b loc_00435ddb: cmp byte [ref_0048c3e0], 0 ; cmp byte [0x48c3e0], 0 je near loc_0043518a ; je 0x43518a mov byte [ref_0048c3dd], 0xa ; mov byte [0x48c3dd], 0xa push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push fcn_00434492 ; push 0x434492 call _Wait_0402_Message ; call 0x4018e7 add esp, 8 mov byte [ref_0048c3e2], al ; mov byte [0x48c3e2], al test al, al je short loc_00435e1d ; je 0x435e1d mov byte [ref_0048c3dd], 0xb ; mov byte [0x48c3dd], 0xb jmp near loc_0043518a ; jmp 0x43518a loc_00435e1d: mov byte [ref_0048c3dd], 4 ; mov byte [0x48c3dd], 4 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0 push 0 mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0xc push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push 0x101010 push 0 push 0x14 push 0x50 push 0xf0 mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0x108 push eax call fcn_0044ec30 ; call 0x44ec30 add esp, 0x1c push 0 push 0 push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 1 call fcn_00402460 ; call 0x402460 jmp near loc_00435d91 ; jmp 0x435d91 loc_00435ea2: cmp byte [ref_0048c3e1], 1 ; cmp byte [0x48c3e1], 1 jne near loc_00435f60 ; jne 0x435f60 cmp byte [ref_0048c3dd], 0xb ; cmp byte [0x48c3dd], 0xb je near loc_00435f60 ; je 0x435f60 mov dword [esp + 0xc0], 0x224 mov dword [esp + 0xc4], 0x1af mov dword [esp + 0xc8], 0x274 mov dword [esp + 0xcc], 0x1d7 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [esp + 0xc4] push eax mov edx, dword [esp + 0xc4] push edx mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0xe4 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0xc4] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov byte [ref_0048c3dd], 0xb ; mov byte [0x48c3dd], 0xb mov ebx, dword [ref_00475858] ; mov ebx, dword [0x475858] push ebx call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 loc_00435f60: xor cl, cl mov byte [ref_0048c3e1], cl ; mov byte [0x48c3e1], cl jmp near loc_0043518a ; jmp 0x43518a loc_00435f6d: cmp byte [ref_0048c3dd], 0xb ; cmp byte [0x48c3dd], 0xb je near loc_0043518a ; je 0x43518a push 0 push ref_00482332 ; push 0x482332 call fcn_004542ce ; call 0x4542ce add esp, 8 push 1 call fcn_0044ee18 ; call 0x44ee18 add esp, 4 mov byte [ref_0048c3dd], 0xb ; mov byte [0x48c3dd], 0xb mov edx, dword [ref_00475858] ; mov edx, dword [0x475858] push edx jmp near loc_00435d8c ; jmp 0x435d8c loc_00435fa6: lea eax, [esp + 0x80] push eax push esi call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 0x88] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov eax, dword [eax] push 0x10 lea edx, [esp + 0x8c] push edx mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] push ebx mov edi, dword [esp + 0x98] push edi mov ebp, dword [esp + 0x98] push ebp mov edx, dword [ref_0048a0dc] ; mov edx, dword [0x48a0dc] push edx call dword [eax + 0x1c] ; ucall lea eax, [esp + 0x88] push eax call fcn_00402250 ; call 0x402250 add esp, 4 lea eax, [esp + 0x80] push eax push esi call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_0043518a ; jmp 0x43518a loc_0043601d: push edx mov ecx, dword [esp + 0xf4] push ecx push eax push esi call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_0043518c ; jmp 0x43518c fcn_00436034: push ebx push esi push edi push ebp sub esp, 0xe4 mov esi, dword [esp + 0xf8] mov eax, dword [esp + 0xfc] cmp eax, 0x203 jb short loc_00436082 ; jb 0x436082 jbe near loc_00436596 ; jbe 0x436596 cmp eax, 0x401 jb short loc_00436072 ; jb 0x436072 jbe short loc_004360ad ; jbe 0x4360ad cmp eax, 0x405 je near loc_0043616f ; je 0x43616f jmp near loc_0043664a ; jmp 0x43664a loc_00436072: cmp eax, 0x205 je near loc_004365b4 ; je 0x4365b4 jmp near loc_0043664a ; jmp 0x43664a loc_00436082: cmp eax, 0x113 jb short loc_0043609f ; jb 0x43609f jbe near loc_004361c2 ; jbe 0x4361c2 cmp eax, 0x201 je near loc_00436596 ; je 0x436596 jmp near loc_0043664a ; jmp 0x43664a loc_0043609f: cmp eax, 0xf je near loc_004365d9 ; je 0x4365d9 jmp near loc_0043664a ; jmp 0x43664a loc_004360ad: xor dl, dl mov byte [ref_0048c3e7], dl ; mov byte [0x48c3e7], dl mov byte [ref_0048c3e8], dl ; mov byte [0x48c3e8], dl mov byte [ref_0048c3e9], dl ; mov byte [0x48c3e9], dl push 0 call fcn_00434186 ; call 0x434186 add esp, 4 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0 push 0x1b8 mov ebx, dword [ref_0048c3b8] ; mov ebx, dword [0x48c3b8] push ebx mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x118 push 0x1b8 mov ebp, dword [ref_0048c3b4] ; mov ebp, dword [0x48c3b4] push ebp mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push 0x32 mov edx, dword [_callbackSize] ; mov edx, dword [0x46cad8] push edx push esi call dword [cs:__imp__SetTimer@16] ; ucall: call dword cs:[0x462324] mov dword [ref_0048c3e3], eax ; mov dword [0x48c3e3], eax push 0 push 0 push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 push 0 push 0x405 push esi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] loc_00436162: xor eax, eax loc_00436164: add esp, 0xe4 jmp near loc_00434646 ; jmp 0x434646 loc_0043616f: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ecx, dword [eax + (_players+0)] ; mov ecx, dword [eax + 0x496b68] push ecx lea eax, [esp + 0xc4] push eax call fcn_00452946 ; call 0x452946 add esp, 8 lea eax, [esp + 0xc0] push eax push ref_00464aee ; push 0x464aee lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov eax, esp mov dword [ref_00475874], eax ; mov dword [0x475874], eax mov byte [ref_0048c3e7], 1 ; mov byte [0x48c3e7], 1 mov eax, esp push eax call fcn_0044ecb6 ; call 0x44ecb6 jmp near loc_004365ac ; jmp 0x4365ac loc_004361c2: cmp byte [ref_0048c3e7], 0 ; cmp byte [0x48c3e7], 0 je short loc_00436162 ; je 0x436162 cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je short loc_00436162 ; je 0x436162 mov eax, dword [esp + 0x100] cmp eax, dword [_callbackSize] ; cmp eax, dword [0x46cad8] jne near loc_00436162 ; jne 0x436162 push 0 call fcn_0044ee18 ; call 0x44ee18 add esp, 4 test eax, eax je short loc_00436248 ; je 0x436248 mov al, byte [ref_0048c3e7] ; mov al, byte [0x48c3e7] cmp al, 2 jb short loc_00436206 ; jb 0x436206 jbe short loc_0043621f ; jbe 0x43621f cmp al, 3 je short loc_0043622f ; je 0x43622f jmp short loc_00436248 ; jmp 0x436248 loc_00436206: cmp al, 1 jne short loc_00436248 ; jne 0x436248 mov byte [ref_0048c3e7], 2 ; mov byte [0x48c3e7], 2 mov ebp, dword [ref_00475878] ; mov ebp, dword [0x475878] push ebp loc_00436218: call fcn_0044ecb6 ; call 0x44ecb6 jmp short loc_00436245 ; jmp 0x436245 loc_0043621f: mov byte [ref_0048c3e7], 3 ; mov byte [0x48c3e7], 3 mov edi, dword [ref_0047587c] ; mov edi, dword [0x47587c] push edi jmp short loc_00436218 ; jmp 0x436218 loc_0043622f: mov ebx, dword [ref_0048c3e3] ; mov ebx, dword [0x48c3e3] push ebx push esi call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] push 0 call _Post_0402_Message ; call 0x401966 loc_00436245: add esp, 4 loc_00436248: mov dh, byte [ref_0048c3e9] ; mov dh, byte [0x48c3e9] xor dh, 8 mov byte [ref_0048c3e9], dh ; mov byte [0x48c3e9], dh test dh, 8 jne near loc_00436162 ; jne 0x436162 mov al, dh and al, 0xf cmp al, 1 jb short loc_00436277 ; jb 0x436277 jbe short loc_004362ae ; jbe 0x4362ae cmp al, 2 je near loc_00436378 ; je 0x436378 jmp near loc_00436448 ; jmp 0x436448 loc_00436277: test al, al jne near loc_00436448 ; jne 0x436448 call clib_rand ; call 0x456f2d mov ebx, eax sar ebx, 0xa test ebx, ebx jne short loc_00436299 ; jne 0x436299 or byte [ref_0048c3e9], 1 ; or byte [0x48c3e9], 1 jmp near loc_00436448 ; jmp 0x436448 loc_00436299: cmp ebx, 1 jne near loc_00436448 ; jne 0x436448 or byte [ref_0048c3e9], 2 ; or byte [0x48c3e9], 2 jmp near loc_00436448 ; jmp 0x436448 loc_004362ae: mov al, dh and al, 0x30 xor ebx, ebx mov bl, al sar ebx, 4 mov dword [esp + 0xd4], 0x8c mov dword [esp + 0xd8], 0x72 mov dword [esp + 0xdc], 0xdc mov dword [esp + 0xe0], 0x9a mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov edx, dword [esp + 0xd8] push edx mov ecx, dword [esp + 0xd8] push ecx xor edx, edx mov dl, byte [ebx + ref_00475880] ; mov dl, byte [ebx + 0x475880] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0xc add eax, edx push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov bh, byte [ref_0048c3e9] ; mov bh, byte [0x48c3e9] add bh, 0x10 mov byte [ref_0048c3e9], bh ; mov byte [0x48c3e9], bh mov cl, bh and cl, 0x3f mov byte [ref_0048c3e9], cl ; mov byte [0x48c3e9], cl test cl, 0x30 jne near loc_00436436 ; jne 0x436436 mov byte [ref_0048c3e9], 0x80 ; mov byte [0x48c3e9], 0x80 jmp near loc_00436436 ; jmp 0x436436 loc_00436378: call clib_rand ; call 0x456f2d mov edx, eax mov ebx, 3 sar edx, 0x1f idiv ebx mov ebx, edx mov al, byte [ref_0048c3e9] ; mov al, byte [0x48c3e9] and al, 0xc0 and eax, 0xff sar eax, 6 cmp edx, eax je near loc_00436448 ; je 0x436448 mov dword [esp + 0xd4], 0x8c mov dword [esp + 0xd8], 0x72 mov dword [esp + 0xdc], 0xdc mov dword [esp + 0xe0], 0x9a mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ebp, dword [esp + 0xd8] push ebp mov eax, dword [esp + 0xd8] push eax lea edx, [ebx + 3] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0xc add eax, edx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall shl bl, 6 mov byte [ref_0048c3e9], bl ; mov byte [0x48c3e9], bl loc_00436436: push 0 lea eax, [esp + 0xd8] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_00436448: call fcn_0044ef3b ; call 0x44ef3b test eax, eax jne short loc_0043645e ; jne 0x43645e cmp byte [ref_0048c3e8], 0 ; cmp byte [0x48c3e8], 0 je near loc_00436162 ; je 0x436162 loc_0043645e: mov dword [esp + 0xd4], 0x8c mov dword [esp + 0xd8], 0x98 mov dword [esp + 0xdc], 0xdc mov dword [esp + 0xe0], 0xb6 mov bl, byte [ref_0048c3e8] ; mov bl, byte [0x48c3e8] test bl, bl je short loc_00436509 ; je 0x436509 mov bh, bl dec bh mov byte [ref_0048c3e8], bh ; mov byte [0x48c3e8], bh jne near loc_00436162 ; jne 0x436162 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ebp, dword [esp + 0xd8] push ebp mov eax, dword [esp + 0xd8] push eax mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0x6c push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall loc_004364f2: push 0 lea eax, [esp + 0xd8] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_00436162 ; jmp 0x436162 loc_00436509: call clib_rand ; call 0x456f2d mov ebx, eax sar ebx, 0xb cmp ebx, 4 jge near loc_00436162 ; jge 0x436162 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ecx, dword [esp + 0xd8] push ecx mov ebx, dword [esp + 0xd8] push ebx call clib_rand ; call 0x456f2d and eax, 1 lea edx, [eax + 9] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c3c0] ; mov eax, dword [0x48c3c0] add eax, 0xc add eax, edx push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall call clib_rand ; call 0x456f2d and al, 7 inc al mov byte [ref_0048c3e8], al ; mov byte [0x48c3e8], al jmp near loc_004364f2 ; jmp 0x4364f2 loc_00436596: push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 loc_004365a5: push 1 call fcn_0044ee18 ; call 0x44ee18 loc_004365ac: add esp, 4 jmp near loc_00436162 ; jmp 0x436162 loc_004365b4: cmp byte [ref_0048c3e7], 3 ; cmp byte [0x48c3e7], 3 jae near loc_00436162 ; jae 0x436162 push 0 push ref_00482332 ; push 0x482332 call fcn_004542ce ; call 0x4542ce add esp, 8 mov byte [ref_0048c3e7], 3 ; mov byte [0x48c3e7], 3 jmp short loc_004365a5 ; jmp 0x4365a5 loc_004365d9: lea eax, [esp + 0x80] push eax push esi call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 0x88] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ebx, [esp + 0x8c] push ebx mov edi, dword [ref_0048a0e0] ; mov edi, dword [0x48a0e0] push edi mov ebp, dword [esp + 0x98] push ebp mov ecx, dword [esp + 0x98] push ecx push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 0x88] push eax call fcn_00402250 ; call 0x402250 add esp, 4 lea eax, [esp + 0x80] push eax push esi call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_00436162 ; jmp 0x436162 loc_0043664a: mov ecx, dword [esp + 0x104] push ecx mov ebx, dword [esp + 0x104] push ebx push eax push esi call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_00436164 ; jmp 0x436164 fcn_00436668: push ebx push esi push edi push ebp sub esp, 0x84 xor ebx, ebx imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+59)], 0 ; cmp byte [eax + 0x496ba3], 0 jne near loc_00436953 ; jne 0x436953 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_004239b9 ; call 0x4239b9 add esp, 4 mov dword [ref_0048c3b0], eax ; mov dword [0x48c3b0], eax imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne near loc_004367ab ; jne 0x4367ab push ebx push ebx push 0x17 mov ebp, dword [ref_0048a05c] ; mov ebp, dword [0x48a05c] push ebp call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c3c0], eax ; mov dword [0x48c3c0], eax push ebx push ebx push 2 mov eax, dword [ref_0048a05c] ; mov eax, dword [0x48a05c] push eax call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c3bc], eax ; mov dword [0x48c3bc], eax push ebx push ebx push 0x118 push 0xc8 call fcn_00451a5a ; call 0x451a5a add esp, 0x10 mov dword [ref_0048c3b8], eax ; mov dword [0x48c3b8], eax push ebx push ebx push 0xc8 push 0xc8 call fcn_00451a5a ; call 0x451a5a add esp, 0x10 mov dword [ref_0048c3b4], eax ; mov dword [0x48c3b4], eax mov edx, dword [esp + 0x98] cmp edx, 0x1770 jle short loc_0043674d ; jle 0x43674d cmp edx, 0x1f40 jge short loc_0043674d ; jge 0x43674d lea eax, [edx - 0x1770] imul eax, eax, 0x34 mov edx, dword [ref_00498e7c] ; mov edx, dword [0x498e7c] add eax, edx xor edx, edx mov dl, byte [eax + 0x18] mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edx, eax jne short loc_0043674d ; jne 0x43674d mov ebx, 1 loc_0043674d: push 4 call fcn_004549cf ; call 0x4549cf add esp, 4 push ebx push fcn_00435062 ; push 0x435062 call _Wait_0402_Message ; call 0x4018e7 add esp, 8 call fcn_00454bcc ; call 0x454bcc mov ebx, dword [ref_0048c3c0] ; mov ebx, dword [0x48c3c0] push ebx call clib_free ; call 0x456e11 add esp, 4 mov esi, dword [ref_0048c3bc] ; mov esi, dword [0x48c3bc] push esi call clib_free ; call 0x456e11 add esp, 4 mov edi, dword [ref_0048c3b8] ; mov edi, dword [0x48c3b8] push edi call clib_free ; call 0x456e11 add esp, 4 mov ebp, dword [ref_0048c3b4] ; mov ebp, dword [0x48c3b4] push ebp call clib_free ; call 0x456e11 add esp, 4 jmp near loc_00436953 ; jmp 0x436953 loc_004367ab: cmp dword [eax + (_players+36)], 0 ; cmp dword [eax + 0x496b8c], 0 je near loc_00436893 ; je 0x436893 mov esi, dword [eax + (_players+44)] ; mov esi, dword [eax + 0x496b94] push esi mov edi, dword [ref_00497160] ; mov edi, dword [0x497160] push edi call fcn_004521aa ; call 0x4521aa add esp, 8 cmp eax, 6 jg short loc_0043680e ; jg 0x43680e imul ecx, dword [_current_player], 0x68 ; imul ecx, dword [0x49910c], 0x68 mov eax, dword [ecx + (_players+32)] ; mov eax, dword [ecx + 0x496b88] mov edx, dword [ecx + (_players+28)] ; mov edx, dword [ecx + 0x496b84] add eax, edx mov dword [esp + 0x80], eax fild dword [esp + 0x80] fild dword [ecx + (_players+36)] ; fild dword [ecx + 0x496b8c] fmul qword [ref_00464b24] ; fmul qword [0x464b24] fcompp fnstsw ax sahf ja short loc_0043680e ; ja 0x43680e mov ebx, 1 loc_0043680e: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov edx, dword [eax + (_players+36)] ; mov edx, dword [eax + 0x496b8c] add edx, edx cmp edx, dword [eax + (_players+32)] ; cmp edx, dword [eax + 0x496b88] jl short loc_0043682d ; jl 0x43682d test ebx, ebx je near loc_00436953 ; je 0x436953 loc_0043682d: mov edi, dword [_current_player] ; mov edi, dword [0x49910c] imul eax, edi, 0x68 mov ebp, dword [eax + (_players+36)] ; mov ebp, dword [eax + 0x496b8c] push ebp push edi call fcn_00433bd8 ; call 0x433bd8 add esp, 8 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ecx, dword [eax + (_players+36)] ; mov ecx, dword [eax + 0x496b8c] push ecx mov ebx, dword [eax + (_players+0)] ; mov ebx, dword [eax + 0x496b68] push ebx push ref_00464af5 ; push 0x464af5 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor edi, edi mov dword [eax + (_players+36)], edi ; mov dword [eax + 0x496b8c], edi jmp near loc_00436953 ; jmp 0x436953 loc_00436893: call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 0xa sar edx, 0x1f idiv ecx test edx, edx je short loc_004368c7 ; je 0x4368c7 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov edx, dword [eax + (_players+28)] ; mov edx, dword [eax + 0x496b84] add edx, dword [eax + (_players+32)] ; add edx, dword [eax + 0x496b88] cmp edx, 0x7530 jge near loc_00436953 ; jge 0x436953 loc_004368c7: imul ecx, dword [_current_player], 0x68 ; imul ecx, dword [0x49910c], 0x68 cmp byte [ecx + (_players+60)], 0 ; cmp byte [ecx + 0x496ba4], 0 jne near loc_00436953 ; jne 0x436953 mov bh, byte [ecx + (_players+24)] ; mov bh, byte [ecx + 0x496b80] test bh, bh je short loc_00436953 ; je 0x436953 xor edx, edx mov dl, bh imul edx, dword [ref_0048c3b0] ; imul edx, dword [0x48c3b0] mov ebx, 0x64 mov eax, edx sar edx, 0x1f idiv ebx mov dword [ecx + (_players+36)], eax ; mov dword [ecx + 0x496b8c], eax test eax, eax je short loc_00436953 ; je 0x436953 add dword [ecx + (_players+32)], eax ; add dword [ecx + 0x496b88], eax mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_00433b7e ; call 0x433b7e add esp, 4 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ecx, dword [eax + (_players+36)] ; mov ecx, dword [eax + 0x496b8c] push ecx mov ebx, dword [eax + (_players+0)] ; mov ebx, dword [eax + 0x496b68] push ebx push ref_00464b0c ; push 0x464b0c lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 loc_00436953: add esp, 0x84 pop ebp pop edi pop esi pop ebx ret fcn_0043695e: push ebx push esi push edi push ebp imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne near loc_00436a43 ; jne 0x436a43 push 0 push 0 push 0x17 mov ecx, dword [ref_0048a05c] ; mov ecx, dword [0x48a05c] push ecx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c3c0], eax ; mov dword [0x48c3c0], eax push 0 push 0 push 2 mov ebx, dword [ref_0048a05c] ; mov ebx, dword [0x48a05c] push ebx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c3bc], eax ; mov dword [0x48c3bc], eax push 0 push 0 push 0x118 push 0xc8 call fcn_00451a5a ; call 0x451a5a add esp, 0x10 mov dword [ref_0048c3b8], eax ; mov dword [0x48c3b8], eax push 0 push 0 push 0xc8 push 0xc8 call fcn_00451a5a ; call 0x451a5a add esp, 0x10 mov dword [ref_0048c3b4], eax ; mov dword [0x48c3b4], eax push 4 call fcn_004549cf ; call 0x4549cf add esp, 4 push 0 push fcn_00436034 ; push 0x436034 call _Wait_0402_Message ; call 0x4018e7 add esp, 8 push 1 call fcn_0041906a ; call 0x41906a add esp, 4 call fcn_00454bcc ; call 0x454bcc mov esi, dword [ref_0048c3c0] ; mov esi, dword [0x48c3c0] push esi call clib_free ; call 0x456e11 add esp, 4 mov edi, dword [ref_0048c3bc] ; mov edi, dword [0x48c3bc] push edi call clib_free ; call 0x456e11 add esp, 4 mov ebp, dword [ref_0048c3b8] ; mov ebp, dword [0x48c3b8] push ebp call clib_free ; call 0x456e11 add esp, 4 mov eax, dword [ref_0048c3b4] ; mov eax, dword [0x48c3b4] push eax call clib_free ; call 0x456e11 add esp, 4 loc_00436a43: pop ebp pop edi pop esi pop ebx ret endloc_00436a48: db 0x8b db 0xc0 ref_00436a4a: ; may contain a jump table dd loc_00436a9b dd loc_00436adf dd loc_00436af5 dd loc_00436b01 fcn_00436a5a: push ebx push esi push edi imul ebx, dword [_current_player], 0x68 ; imul ebx, dword [0x49910c], 0x68 mov ecx, dword [ebx + (_players+44)] ; mov ecx, dword [ebx + 0x496b94] push ecx mov ebx, dword [ref_00497160] ; mov ebx, dword [0x497160] push ebx call fcn_004521aa ; call 0x4521aa mov ebx, eax add esp, 8 cmp eax, 3 jg near loc_00436b06 ; jg 0x436b06 push 1 call fcn_0041906a ; call 0x41906a add esp, 4 cmp ebx, 3 ja short loc_00436b06 ; ja 0x436b06 jmp dword [ebx*4 + ref_00436a4a] ; ujmp: jmp dword [ebx*4 + 0x436a4a] loc_00436a9b: push 0x5dc push ref_00464b2c ; push 0x464b2c call fcn_00440cac ; call 0x440cac add esp, 8 mov esi, dword [_current_player] ; mov esi, dword [0x49910c] imul ebx, esi, 0x68 mov edi, dword [ebx + (_players+36)] ; mov edi, dword [ebx + 0x496b8c] push edi push esi call fcn_00433bd8 ; call 0x433bd8 add esp, 8 imul ebx, dword [_current_player], 0x68 ; imul ebx, dword [0x49910c], 0x68 xor edx, edx mov dword [ebx + (_players+36)], edx ; mov dword [ebx + 0x496b8c], edx mov dword [ebx + (_players+44)], edx ; mov dword [ebx + 0x496b94], edx pop edi pop esi pop ebx ret loc_00436adf: push 0x5dc push ref_00464b43 ; push 0x464b43 loc_00436ae9: call fcn_00440cac ; call 0x440cac add esp, 8 pop edi pop esi pop ebx ret loc_00436af5: push 0x5dc push ref_00464b5c ; push 0x464b5c jmp short loc_00436ae9 ; jmp 0x436ae9 loc_00436b01: call fcn_0043695e ; call 0x43695e loc_00436b06: pop edi pop esi pop ebx ret fcn_00436b0a: push ebx push esi push edi push ebp sub esp, 0x9c mov ebx, 1 mov edi, 0xffffffff mov ebp, dword [ref_00498e7c] ; mov ebp, dword [0x498e7c] loc_00436b24: cmp ebx, dword [ref_00498e90] ; cmp ebx, dword [0x498e90] jg short loc_00436b45 ; jg 0x436b45 imul esi, ebx, 0x34 add esi, ebp cmp byte [esi + 0x1a], 7 jne short loc_00436b42 ; jne 0x436b42 mov dl, byte [esi + 0x18] test dl, dl je short loc_00436b42 ; je 0x436b42 movzx edi, dl dec edi loc_00436b42: inc ebx jmp short loc_00436b24 ; jmp 0x436b24 loc_00436b45: cmp dword [esp + 0xb0], 0 je near loc_00436c6d ; je 0x436c6d cmp edi, 0xffffffff je near loc_00436c62 ; je 0x436c62 cmp edi, dword [_current_player] ; cmp edi, dword [0x49910c] je near loc_00436c62 ; je 0x436c62 imul ebx, edi, 0x68 mov ebx, dword [ebx + (_players+40)] ; mov ebx, dword [ebx + 0x496b90] mov dword [esp + 0x94], ebx test ebx, ebx je near loc_00436c62 ; je 0x436c62 xor ebx, ebx xor ebp, ebp loc_00436b84: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_00436ba5 ; jge 0x436ba5 cmp ebx, edi je short loc_00436ba2 ; je 0x436ba2 imul esi, ebx, 0x68 cmp byte [esi + (_players+21)], 0 ; cmp byte [esi + 0x496b7d], 0 je short loc_00436ba2 ; je 0x436ba2 add ebp, dword [esi + (_players+32)] ; add ebp, dword [esi + 0x496b88] loc_00436ba2: inc ebx jmp short loc_00436b84 ; jmp 0x436b84 loc_00436ba5: cmp ebp, dword [esp + 0x94] jge near loc_00436c62 ; jge 0x436c62 mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] mov dword [esp + 0x98], ebx mov dword [_current_player], edi ; mov dword [0x49910c], edi xor esi, esi mov dword [ref_0048be18], esi ; mov dword [0x48be18], esi push 1 call fcn_0041906a ; call 0x41906a add esp, 4 mov esi, dword [esp + 0x94] sub esi, ebp imul ebx, edi, 0x68 mov ebp, dword [ebx + (_players+0)] ; mov ebp, dword [ebx + 0x496b68] push ebp lea ebp, [esp + 0x84] push ebp call fcn_00452946 ; call 0x452946 add esp, 8 lea ebp, [esp + 0x80] push ebp push esi push ref_00464b75 ; push 0x464b75 lea ebp, [esp + 0xc] push ebp call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0x9c4 lea ebp, [esp + 4] push ebp call fcn_00440cac ; call 0x440cac add esp, 8 push esi push edi call fcn_00433bd8 ; call 0x433bd8 add esp, 8 mov eax, dword [ebx + (_players+40)] ; mov eax, dword [ebx + 0x496b90] sub eax, esi mov dword [ebx + (_players+40)], eax ; mov dword [ebx + 0x496b90], eax test eax, eax jge short loc_00436c4b ; jge 0x436c4b xor ecx, ecx mov dword [ebx + (_players+40)], ecx ; mov dword [ebx + 0x496b90], ecx loc_00436c4b: mov ebx, dword [esp + 0x98] mov dword [_current_player], ebx ; mov dword [0x49910c], ebx push 1 call fcn_0041906a ; call 0x41906a add esp, 4 loc_00436c62: add esp, 0x9c pop ebp pop edi pop esi pop ebx ret loc_00436c6d: xor ebx, ebx loc_00436c6f: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_00436c62 ; jge 0x436c62 cmp ebx, edi je near loc_00436d34 ; je 0x436d34 imul esi, ebx, 0x68 cmp byte [esi + (_players+21)], 0 ; cmp byte [esi + 0x496b7d], 0 je near loc_00436d34 ; je 0x436d34 cmp dword [esi + (_players+40)], 0 ; cmp dword [esi + 0x496b90], 0 je near loc_00436d34 ; je 0x436d34 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] mov dword [esp + 0x98], ebp mov dword [_current_player], ebx ; mov dword [0x49910c], ebx xor edx, edx mov dword [ref_0048be18], edx ; mov dword [0x48be18], edx push 1 call fcn_0041906a ; call 0x41906a add esp, 4 push 0x5dc push ref_00464b9e ; push 0x464b9e call fcn_00440cac ; call 0x440cac add esp, 8 mov ecx, dword [esi + (_players+40)] ; mov ecx, dword [esi + 0x496b90] push ecx mov ebp, dword [esi + (_players+0)] ; mov ebp, dword [esi + 0x496b68] push ebp push ref_00464baf ; push 0x464baf lea ebp, [esp + 0xc] push ebp call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0x5dc lea ebp, [esp + 4] push ebp call fcn_00440cac ; call 0x440cac add esp, 8 mov eax, dword [esi + (_players+40)] ; mov eax, dword [esi + 0x496b90] push eax push ebx call fcn_00433bd8 ; call 0x433bd8 add esp, 8 xor edx, edx mov dword [esi + (_players+40)], edx ; mov dword [esi + 0x496b90], edx mov esi, dword [esp + 0x98] mov dword [_current_player], esi ; mov dword [0x49910c], esi push 1 call fcn_0041906a ; call 0x41906a add esp, 4 loc_00436d34: inc ebx jmp near loc_00436c6f ; jmp 0x436c6f fcn_00436d3a: push ebx push esi push edi push ebp sub esp, 0x18 mov esi, 0x130 push ref_0048c3f8 ; push 0x48c3f8 call fcn_004584db ; call 0x4584db add esp, 4 mov dword [esp + 0x14], eax fild dword [esp + 0x14] fild dword [ref_0048c3ec] ; fild dword [0x48c3ec] fdivp st1 ; fdivp st(1) fmul dword [ref_00464bd0] ; fmul dword [0x464bd0] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x10] mov edx, dword [esp + 0x10] mov eax, edx shl eax, 2 sub eax, edx add eax, eax mov dword [esp + 0x10], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall xor edi, edi push ref_0048c3f8 ; push 0x48c3f8 call _strlen ; call 0x45825d add esp, 4 lea ebx, [eax - 1] jmp short loc_00436ded ; jmp 0x436ded loc_00436dad: push 0xac push esi xor edx, edx mov dl, byte [ebx + ref_0048c3f8] ; mov dl, byte [ebx + 0x48c3f8] sub edx, 0x1d mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048c3f4] ; mov edx, dword [0x48c3f4] add edx, 0xc add eax, edx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 sub esi, 0x14 dec ebx inc edi cmp edi, 0xa jge short loc_00436e1a ; jge 0x436e1a loc_00436ded: test ebx, ebx jge short loc_00436dad ; jge 0x436dad push 0x20 sub esi, 0x66 push esi push 0x65 push 0x3e push 0xac push 0x7a mov eax, dword [ref_0048c3f4] ; mov eax, dword [0x48c3f4] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045643d ; call 0x45643d add esp, 0x20 loc_00436e1a: mov ebx, dword [esp + 0x10] test ebx, ebx je short loc_00436e48 ; je 0x436e48 push 0x1a push ebx push 0 push 0 push 0xd2 push 0x76 mov eax, dword [ref_0048c3f4] ; mov eax, dword [0x48c3f4] add eax, 0x3c push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_0045643d ; call 0x45643d add esp, 0x20 loc_00436e48: mov ebp, dword [esp + 0x10] cmp ebp, 0xcc jge short loc_00436e88 ; jge 0x436e88 push 0x1a mov eax, 0xcc sub eax, ebp push eax push 0x8b lea eax, [ebp + 0x3a] push eax push 0xd2 lea eax, [ebp + 0x76] push eax mov eax, dword [ref_0048c3f4] ; mov eax, dword [0x48c3f4] add eax, 0xc push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_0045643d ; call 0x45643d add esp, 0x20 loc_00436e88: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall cmp dword [esp + 0x2c], 0 je short loc_00436ed3 ; je 0x436ed3 mov dword [esp], 0x76 mov dword [esp + 4], 0xac mov dword [esp + 8], 0x144 mov dword [esp + 0xc], 0xec push 0 lea eax, [esp + 4] push eax mov edx, dword [_gWindowHandle] ; mov edx, dword [0x48a0d4] push edx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_00436ed3: add esp, 0x18 pop ebp pop edi pop esi pop ebx ret fcn_00436edb: mov byte [ref_0048c3f8], 0x30 ; mov byte [0x48c3f8], 0x30 xor dl, dl mov byte [ref_0048c3f9], dl ; mov byte [0x48c3f9], dl mov edx, dword [esp + 4] push edx call fcn_00436d3a ; call 0x436d3a add esp, 4 ret fcn_00436ef8: push ebx push esi push edi push ebp sub esp, 0xd0 mov ebp, dword [esp + 0xe4] mov ebx, dword [esp + 0xe8] mov eax, dword [esp + 0xec] mov ecx, dword [esp + 0xf0] cmp ebx, 0x202 jb short loc_00436f6a ; jb 0x436f6a jbe near loc_0043762d ; jbe 0x43762d cmp ebx, 0x205 jb short loc_00436f59 ; jb 0x436f59 jbe near loc_0043791e ; jbe 0x43791e cmp ebx, 0x401 jb near loc_004379b9 ; jb 0x4379b9 jbe short loc_00436f9d ; jbe 0x436f9d cmp ebx, 0x408 je near loc_004370e7 ; je 0x4370e7 jmp near loc_004379b9 ; jmp 0x4379b9 loc_00436f59: cmp ebx, 0x203 je near loc_00437161 ; je 0x437161 jmp near loc_004379b9 ; jmp 0x4379b9 loc_00436f6a: cmp ebx, 0x100 jb short loc_00436f8f ; jb 0x436f8f jbe near loc_004374ac ; jbe 0x4374ac cmp ebx, 0x200 jb near loc_004379b9 ; jb 0x4379b9 jbe near loc_00437904 ; jbe 0x437904 jmp near loc_00437161 ; jmp 0x437161 loc_00436f8f: cmp ebx, 0xf je near loc_00437942 ; je 0x437942 jmp near loc_004379b9 ; jmp 0x4379b9 loc_00436f9d: xor ah, ah mov byte [ref_0048c40b], ah ; mov byte [0x48c40b], ah mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x47 push 0x3c mov eax, dword [ref_0048c3f4] ; mov eax, dword [0x48c3f4] add eax, 0xc push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+60)], 0 ; cmp byte [eax + 0x496ba4], 0 je short loc_00437041 ; je 0x437041 push 0x8d push 0x9d mov eax, dword [ref_0048c3f4] ; mov eax, dword [0x48c3f4] add eax, 0x168 push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x78 push 0xc7 mov eax, dword [ref_0048c3f4] ; mov eax, dword [0x48c3f4] add eax, 0x24 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov dword [ref_0048c3f0], 1 ; mov dword [0x48c3f0], 1 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov eax, dword [eax + (_players+28)] ; mov eax, dword [eax + 0x496b84] jmp short loc_00437072 ; jmp 0x437072 loc_00437041: push 0x78 push 0x75 mov eax, dword [ref_0048c3f4] ; mov eax, dword [0x48c3f4] add eax, 0x18 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 xor ebx, ebx mov dword [ref_0048c3f0], ebx ; mov dword [0x48c3f0], ebx imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov eax, dword [eax + (_players+32)] ; mov eax, dword [eax + 0x496b88] loc_00437072: mov dword [ref_0048c3ec], eax ; mov dword [0x48c3ec], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 call fcn_00436edb ; call 0x436edb add esp, 4 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+60)], 0 ; cmp byte [eax + 0x496ba4], 0 je short loc_004370b4 ; je 0x4370b4 push 0 push 0 push 0x408 push ebp call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] jmp short loc_004370cc ; jmp 0x4370cc loc_004370b4: push 0 push 1 push 0x1b call fcn_004021f8 ; call 0x4021f8 add esp, 0xc push 1 call fcn_00402460 ; call 0x402460 add esp, 4 loc_004370cc: push 0 push 0 push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_004370d8: xor eax, eax loc_004370da: add esp, 0xd0 pop ebp pop edi pop esi pop ebx ret 0x10 loc_004370e7: mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 push ref_0046cadc ; push 0x46cadc mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [ref_0046cae0] ; mov ebx, dword [0x46cae0] push ebx mov esi, dword [ref_0046cadc] ; mov esi, dword [0x46cadc] push esi push eax call dword [edx + 0x1c] ; ucall imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov al, byte [eax + (_players+60)] ; mov al, byte [eax + 0x496ba4] and al, 0x7f xor ebx, ebx mov bl, al inc ebx push ebx push ref_00464bd4 ; push 0x464bd4 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 push 0 push 1 push 0x1b call fcn_004021f8 ; call 0x4021f8 add esp, 0xc push 1 call fcn_00402460 ; call 0x402460 jmp near loc_004373e3 ; jmp 0x4373e3 loc_00437161: xor esi, esi mov si, cx sub esi, 0x3c mov eax, ecx shr eax, 0x10 and eax, 0xffff xor edx, edx mov dx, ax sub edx, 0x47 xor ebx, ebx jmp short loc_00437189 ; jmp 0x437189 loc_0043717f: inc ebx cmp ebx, 0x12 jge near loc_00437397 ; jge 0x437397 loc_00437189: mov eax, ebx shl eax, 3 movsx ecx, word [eax + ref_00475888] ; movsx ecx, word [eax + 0x475888] cmp esi, ecx jl short loc_0043717f ; jl 0x43717f movsx ecx, word [eax + ref_0047588c] ; movsx ecx, word [eax + 0x47588c] cmp esi, ecx jg short loc_0043717f ; jg 0x43717f movsx ecx, word [eax + ref_0047588a] ; movsx ecx, word [eax + 0x47588a] cmp edx, ecx jl short loc_0043717f ; jl 0x43717f movsx eax, word [eax + ref_0047588e] ; movsx eax, word [eax + 0x47588e] cmp edx, eax jg short loc_0043717f ; jg 0x43717f cmp ebx, 3 je near loc_0043738f ; je 0x43738f cmp ebx, 1 jg short loc_004371da ; jg 0x4371da jg near loc_0043738f ; jg 0x43738f cmp ebx, dword [ref_0048c3f0] ; cmp ebx, dword [0x48c3f0] je near loc_0043738f ; je 0x43738f loc_004371da: test ebx, ebx jne short loc_004371f9 ; jne 0x4371f9 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+60)], 0 ; cmp byte [eax + 0x496ba4], 0 je short loc_004371f9 ; je 0x4371f9 mov ebx, dword [ref_0048c3f0] ; mov ebx, dword [0x48c3f0] jmp near loc_0043738f ; jmp 0x43738f loc_004371f9: movsx edx, word [ebx*8 + ref_00475888] ; movsx edx, word [ebx*8 + 0x475888] add edx, 0x3c mov dword [esp + 0xc0], edx movsx edx, word [ebx*8 + ref_0047588a] ; movsx edx, word [ebx*8 + 0x47588a] add edx, 0x47 mov dword [esp + 0xc4], edx movsx edx, word [ebx*8 + ref_0047588c] ; movsx edx, word [ebx*8 + 0x47588c] add edx, 0x3c mov dword [esp + 0xc8], edx movsx eax, word [ebx*8 + ref_0047588e] ; movsx eax, word [ebx*8 + 0x47588e] add eax, 0x47 mov dword [esp + 0xcc], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ecx, dword [esp + 0xc4] push ecx mov edi, dword [esp + 0xc4] push edi lea edx, [ebx + 1] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048c3f4] ; mov edx, dword [0x48c3f4] add edx, 0xc add eax, edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0xc4] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] cmp ebx, 1 jg near loc_0043738f ; jg 0x43738f mov esi, ebx xor si, 1 movsx eax, word [esi*8 + ref_00475888] ; movsx eax, word [esi*8 + 0x475888] add eax, 0x3c mov dword [esp + 0xc0], eax movsx eax, word [esi*8 + ref_0047588a] ; movsx eax, word [esi*8 + 0x47588a] add eax, 0x47 mov dword [esp + 0xc4], eax movsx eax, word [esi*8 + ref_0047588c] ; movsx eax, word [esi*8 + 0x47588c] add eax, 0x3c mov dword [esp + 0xc8], eax movsx eax, word [esi*8 + ref_0047588e] ; movsx eax, word [esi*8 + 0x47588e] add eax, 0x47 mov dword [esp + 0xcc], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall movsx eax, word [esi*8 + ref_0047588e] ; movsx eax, word [esi*8 + 0x47588e] movsx edx, word [esi*8 + ref_0047588a] ; movsx edx, word [esi*8 + 0x47588a] sub eax, edx push eax movsx ecx, word [esi*8 + ref_0047588c] ; movsx ecx, word [esi*8 + 0x47588c] movsx eax, word [esi*8 + ref_00475888] ; movsx eax, word [esi*8 + 0x475888] sub ecx, eax push ecx push edx push eax mov edx, dword [esp + 0xd4] push edx mov ecx, dword [esp + 0xd4] push ecx mov eax, dword [ref_0048c3f4] ; mov eax, dword [0x48c3f4] add eax, 0xc push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0xc4] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_0043738f: inc bl mov byte [ref_0048c40b], bl ; mov byte [0x48c40b], bl loc_00437397: mov al, byte [ref_0048c40b] ; mov al, byte [0x48c40b] cmp al, 2 jb short loc_004373ab ; jb 0x4373ab jbe short loc_004373eb ; jbe 0x4373eb cmp al, 4 je short loc_00437413 ; je 0x437413 jmp near loc_0043748b ; jmp 0x43748b loc_004373ab: cmp al, 1 jne near loc_0043748b ; jne 0x43748b push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 xor ecx, ecx mov dword [ref_0048c3f0], ecx ; mov dword [0x48c3f0], ecx imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov eax, dword [eax + (_players+32)] ; mov eax, dword [eax + 0x496b88] loc_004373d7: mov dword [ref_0048c3ec], eax ; mov dword [0x48c3ec], eax push 1 call fcn_00436edb ; call 0x436edb loc_004373e3: add esp, 4 jmp near loc_004370d8 ; jmp 0x4370d8 loc_004373eb: push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 mov dword [ref_0048c3f0], 1 ; mov dword [0x48c3f0], 1 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov eax, dword [eax + (_players+28)] ; mov eax, dword [eax + 0x496b84] jmp short loc_004373d7 ; jmp 0x4373d7 loc_00437413: push 0 push ref_00482352 ; push 0x482352 call fcn_004542ce ; call 0x4542ce add esp, 8 sub esi, 0x3a test esi, esi jge short loc_0043742d ; jge 0x43742d xor ebx, ebx jmp short loc_0043746f ; jmp 0x43746f loc_0043742d: cmp esi, 0xcc jl short loc_0043743d ; jl 0x43743d mov ebx, dword [ref_0048c3ec] ; mov ebx, dword [0x48c3ec] jmp short loc_0043746f ; jmp 0x43746f loc_0043743d: mov ecx, 6 mov eax, esi mov edx, esi sar edx, 0x1f idiv ecx mov ebx, eax mov ecx, 0x22 mov eax, dword [ref_0048c3ec] ; mov eax, dword [0x48c3ec] mov edx, eax sar edx, 0x1f idiv ecx inc ebx inc eax imul ebx, eax mov ebp, dword [ref_0048c3ec] ; mov ebp, dword [0x48c3ec] cmp ebx, ebp jle short loc_0043746f ; jle 0x43746f mov ebx, ebp loc_0043746f: push 0xa push ref_0048c3f8 ; push 0x48c3f8 push ebx call fcn_00457d61 ; call 0x457d61 add esp, 0xc push 1 call fcn_00436d3a ; call 0x436d3a jmp near loc_004373e3 ; jmp 0x4373e3 loc_0043748b: cmp byte [ref_0048c40b], 0 ; cmp byte [0x48c40b], 0 je near loc_004370d8 ; je 0x4370d8 push 0 push ref_0048234a ; push 0x48234a call fcn_004542ce ; call 0x4542ce add esp, 8 jmp near loc_004370d8 ; jmp 0x4370d8 loc_004374ac: xor dl, dl mov byte [ref_0048c40b], dl ; mov byte [0x48c40b], dl cmp eax, 0x35 jb short loc_00437505 ; jb 0x437505 jbe near loc_00437594 ; jbe 0x437594 cmp eax, 0x39 jb short loc_004374f1 ; jb 0x4374f1 jbe near loc_004375b8 ; jbe 0x4375b8 cmp eax, 0x48 jb short loc_004374e3 ; jb 0x4374e3 jbe near loc_004375dc ; jbe 0x4375dc cmp eax, 0x4d je near loc_004375c1 ; je 0x4375c1 jmp near loc_00437601 ; jmp 0x437601 loc_004374e3: cmp eax, 0x43 je near loc_004375ca ; je 0x4375ca jmp near loc_00437601 ; jmp 0x437601 loc_004374f1: cmp eax, 0x37 jb near loc_0043759d ; jb 0x43759d jbe near loc_004375a6 ; jbe 0x4375a6 jmp near loc_004375af ; jmp 0x4375af loc_00437505: cmp eax, 0x31 jb short loc_00437515 ; jb 0x437515 jbe short loc_00437544 ; jbe 0x437544 cmp eax, 0x33 jb short loc_00437550 ; jb 0x437550 jbe short loc_0043755c ; jbe 0x43755c jmp short loc_00437568 ; jmp 0x437568 loc_00437515: cmp eax, 0xd jb short loc_0043752a ; jb 0x43752a jbe near loc_004375f5 ; jbe 0x4375f5 cmp eax, 0x30 je short loc_00437538 ; je 0x437538 jmp near loc_00437601 ; jmp 0x437601 loc_0043752a: cmp eax, 8 je near loc_004375d3 ; je 0x4375d3 jmp near loc_00437601 ; jmp 0x437601 loc_00437538: mov byte [ref_0048c40b], 0xf ; mov byte [0x48c40b], 0xf jmp near loc_0043756f ; jmp 0x43756f loc_00437544: mov byte [ref_0048c40b], 0xb ; mov byte [0x48c40b], 0xb jmp near loc_0043756f ; jmp 0x43756f loc_00437550: mov byte [ref_0048c40b], 0xc ; mov byte [0x48c40b], 0xc jmp near loc_0043756f ; jmp 0x43756f loc_0043755c: mov byte [ref_0048c40b], 0xd ; mov byte [0x48c40b], 0xd jmp near loc_0043756f ; jmp 0x43756f loc_00437568: mov byte [ref_0048c40b], 8 ; mov byte [0x48c40b], 8 loc_0043756f: push 0 push ref_0048234a ; push 0x48234a call fcn_004542ce ; call 0x4542ce add esp, 8 loc_0043757e: push 0 push 0 push 0x202 loc_00437587: push ebp call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] jmp near loc_004370d8 ; jmp 0x4370d8 loc_00437594: mov byte [ref_0048c40b], 9 ; mov byte [0x48c40b], 9 jmp short loc_0043756f ; jmp 0x43756f loc_0043759d: mov byte [ref_0048c40b], 0xa ; mov byte [0x48c40b], 0xa jmp short loc_0043756f ; jmp 0x43756f loc_004375a6: mov byte [ref_0048c40b], 5 ; mov byte [0x48c40b], 5 jmp short loc_0043756f ; jmp 0x43756f loc_004375af: mov byte [ref_0048c40b], 6 ; mov byte [0x48c40b], 6 jmp short loc_0043756f ; jmp 0x43756f loc_004375b8: mov byte [ref_0048c40b], 7 ; mov byte [0x48c40b], 7 jmp short loc_0043756f ; jmp 0x43756f loc_004375c1: mov byte [ref_0048c40b], 0x11 ; mov byte [0x48c40b], 0x11 jmp short loc_0043756f ; jmp 0x43756f loc_004375ca: mov byte [ref_0048c40b], 0xe ; mov byte [0x48c40b], 0xe jmp short loc_0043756f ; jmp 0x43756f loc_004375d3: mov byte [ref_0048c40b], 0x10 ; mov byte [0x48c40b], 0x10 jmp short loc_0043756f ; jmp 0x43756f loc_004375dc: mov byte [ref_0048c40b], 4 ; mov byte [0x48c40b], 4 mov esi, 0xdc mov edx, 0xdf shl edx, 0x10 lea ecx, [edx + esi] jmp short loc_00437618 ; jmp 0x437618 loc_004375f5: mov byte [ref_0048c40b], 0x12 ; mov byte [0x48c40b], 0x12 jmp near loc_0043756f ; jmp 0x43756f loc_00437601: mov ah, byte [ref_0048c40b] ; mov ah, byte [0x48c40b] test ah, ah je near loc_004370d8 ; je 0x4370d8 cmp ah, 4 jne near loc_0043756f ; jne 0x43756f loc_00437618: push ecx push 0 push 0x201 push ebp call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] jmp near loc_0043757e ; jmp 0x43757e loc_0043762d: mov bl, byte [ref_0048c40b] ; mov bl, byte [0x48c40b] cmp bl, 2 jbe near loc_004378f7 ; jbe 0x4378f7 cmp bl, 4 je near loc_004378f7 ; je 0x4378f7 mov cl, bl dec cl mov byte [ref_0048c40b], cl ; mov byte [0x48c40b], cl xor eax, eax mov al, cl movsx edx, word [eax*8 + ref_00475888] ; movsx edx, word [eax*8 + 0x475888] add edx, 0x3c mov dword [esp + 0xc0], edx movsx edx, word [eax*8 + ref_0047588a] ; movsx edx, word [eax*8 + 0x47588a] add edx, 0x47 mov dword [esp + 0xc4], edx movsx edx, word [eax*8 + ref_0047588c] ; movsx edx, word [eax*8 + 0x47588c] add edx, 0x3c mov dword [esp + 0xc8], edx movsx eax, word [eax*8 + ref_0047588e] ; movsx eax, word [eax*8 + 0x47588e] add eax, 0x47 mov dword [esp + 0xcc], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall xor eax, eax mov al, byte [ref_0048c40b] ; mov al, byte [0x48c40b] movsx ecx, word [eax*8 + ref_0047588e] ; movsx ecx, word [eax*8 + 0x47588e] movsx edx, word [eax*8 + ref_0047588a] ; movsx edx, word [eax*8 + 0x47588a] sub ecx, edx push ecx movsx ecx, word [eax*8 + ref_0047588c] ; movsx ecx, word [eax*8 + 0x47588c] movsx eax, word [eax*8 + ref_00475888] ; movsx eax, word [eax*8 + 0x475888] sub ecx, eax push ecx push edx push eax mov esi, dword [esp + 0xd4] push esi mov edi, dword [esp + 0xd4] push edi mov eax, dword [ref_0048c3f4] ; mov eax, dword [0x48c3f4] add eax, 0xc push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0xc4] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov al, byte [ref_0048c40b] ; mov al, byte [0x48c40b] cmp al, 0xf jb short loc_00437749 ; jb 0x437749 jbe short loc_0043778c ; jbe 0x43778c cmp al, 0x10 jbe near loc_004377ce ; jbe 0x4377ce cmp al, 0x11 je near loc_004377e6 ; je 0x4377e6 jmp near loc_0043787e ; jmp 0x43787e loc_00437749: cmp al, 2 jb near loc_0043787e ; jb 0x43787e jbe short loc_0043775c ; jbe 0x43775c cmp al, 0xd je short loc_00437780 ; je 0x437780 jmp near loc_0043787e ; jmp 0x43787e loc_0043775c: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 1 push 0x29 call fcn_004021f8 ; call 0x4021f8 add esp, 0xc loc_00437774: push 0 call _Post_0402_Message ; call 0x401966 jmp near loc_004378f4 ; jmp 0x4378f4 loc_00437780: push 1 call fcn_00436edb ; call 0x436edb jmp near loc_004378f4 ; jmp 0x4378f4 loc_0043778c: push ref_0048c3f8 ; push 0x48c3f8 call _strlen ; call 0x45825d add esp, 4 cmp eax, 1 jle short loc_004377b2 ; jle 0x4377b2 xor dl, dl mov byte [eax + ref_0048c3f7], dl ; mov byte [eax + 0x48c3f7], dl loc_004377a6: push 1 call fcn_00436d3a ; call 0x436d3a jmp near loc_004378f4 ; jmp 0x4378f4 loc_004377b2: jne near loc_004378f7 ; jne 0x4378f7 cmp byte [ref_0048c3f8], 0x30 ; cmp byte [0x48c3f8], 0x30 je near loc_004378f7 ; je 0x4378f7 mov byte [ref_0048c3f8], 0x30 ; mov byte [0x48c3f8], 0x30 jmp short loc_004377a6 ; jmp 0x4377a6 loc_004377ce: push 0xa push ref_0048c3f8 ; push 0x48c3f8 mov esi, dword [ref_0048c3ec] ; mov esi, dword [0x48c3ec] push esi call fcn_00457d61 ; call 0x457d61 add esp, 0xc jmp short loc_004377a6 ; jmp 0x4377a6 loc_004377e6: push ref_0048c3f8 ; push 0x48c3f8 call fcn_004584db ; call 0x4584db mov ebx, eax add esp, 4 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 1 push 0x29 call fcn_004021f8 ; call 0x4021f8 add esp, 0xc test ebx, ebx je near loc_00437774 ; je 0x437774 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] imul eax, edx, 0x68 cmp dword [ref_0048c3f0], 0 ; cmp dword [0x48c3f0], 0 jne short loc_00437856 ; jne 0x437856 sub dword [eax + (_players+32)], ebx ; sub dword [eax + 0x496b88], ebx add dword [eax + (_players+28)], ebx ; add dword [eax + 0x496b84], ebx mov eax, dword [eax + (_players+32)] ; mov eax, dword [eax + 0x496b88] mov dword [ref_0048c3ec], eax ; mov dword [0x48c3ec], eax mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_0041d433 ; call 0x41d433 add esp, 4 push 1 call fcn_00436b0a ; call 0x436b0a jmp short loc_00437876 ; jmp 0x437876 loc_00437856: add dword [eax + (_players+32)], ebx ; add dword [eax + 0x496b88], ebx mov edi, dword [eax + (_players+28)] ; mov edi, dword [eax + 0x496b84] sub edi, ebx mov dword [eax + (_players+28)], edi ; mov dword [eax + 0x496b84], edi mov dword [ref_0048c3ec], edi ; mov dword [0x48c3ec], edi push edx call fcn_0041d433 ; call 0x41d433 loc_00437876: add esp, 4 jmp near loc_00437774 ; jmp 0x437774 loc_0043787e: push ref_0048c3f8 ; push 0x48c3f8 call _strlen ; call 0x45825d add esp, 4 mov ebx, eax cmp eax, 0xa jge short loc_004378f7 ; jge 0x4378f7 cmp eax, 1 jne short loc_004378ab ; jne 0x4378ab cmp byte [ref_0048c3f8], 0x30 ; cmp byte [0x48c3f8], 0x30 jne short loc_004378ab ; jne 0x4378ab cmp byte [ref_0048c40b], 0xe ; cmp byte [0x48c40b], 0xe je short loc_004378f7 ; je 0x4378f7 xor ebx, ebx loc_004378ab: xor eax, eax mov al, byte [ref_0048c40b] ; mov al, byte [0x48c40b] mov al, byte [eax + ref_00475914] ; mov al, byte [eax + 0x475914] mov byte [ebx + ref_0048c3f8], al ; mov byte [ebx + 0x48c3f8], al xor cl, cl mov byte [ebx + ref_0048c3f9], cl ; mov byte [ebx + 0x48c3f9], cl push ref_0048c3f8 ; push 0x48c3f8 call fcn_004584db ; call 0x4584db add esp, 4 mov edi, dword [ref_0048c3ec] ; mov edi, dword [0x48c3ec] cmp eax, edi jle short loc_004378ed ; jle 0x4378ed push 0xa push ref_0048c3f8 ; push 0x48c3f8 push edi call fcn_00457d61 ; call 0x457d61 add esp, 0xc loc_004378ed: push 1 call fcn_00436d3a ; call 0x436d3a loc_004378f4: add esp, 4 loc_004378f7: xor ch, ch mov byte [ref_0048c40b], ch ; mov byte [0x48c40b], ch jmp near loc_004370d8 ; jmp 0x4370d8 loc_00437904: cmp byte [ref_0048c40b], 4 ; cmp byte [0x48c40b], 4 jne near loc_004370d8 ; jne 0x4370d8 push ecx push 0 push 0x201 jmp near loc_00437587 ; jmp 0x437587 loc_0043791e: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 1 push 0x29 call fcn_004021f8 ; call 0x4021f8 add esp, 0xc push 0 call _Post_0402_Message ; call 0x401966 jmp near loc_004373e3 ; jmp 0x4373e3 loc_00437942: lea eax, [esp + 0x80] push eax push ebp call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 0x88] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov eax, dword [eax] push 0x10 lea edx, [esp + 0x8c] push edx mov edx, dword [ref_0048a0e0] ; mov edx, dword [0x48a0e0] push edx mov ecx, dword [esp + 0x98] push ecx mov ebx, dword [esp + 0x98] push ebx mov esi, dword [ref_0048a0dc] ; mov esi, dword [0x48a0dc] push esi call dword [eax + 0x1c] ; ucall lea eax, [esp + 0x88] push eax call fcn_00402250 ; call 0x402250 add esp, 4 lea eax, [esp + 0x80] push eax push ebp call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_004370d8 ; jmp 0x4370d8 loc_004379b9: push ecx push eax push ebx push ebp call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_004370da ; jmp 0x4370da fcn_004379c9: push ebx push esi sub esp, 0x98 xor ebx, ebx imul edx, dword [_current_player], 0x68 ; imul edx, dword [0x49910c], 0x68 mov ah, byte [edx + (_players+59)] ; mov ah, byte [edx + 0x496ba3] test ah, ah je short loc_00437a18 ; je 0x437a18 mov al, ah and al, 0x7f and eax, 0xff inc eax push eax push ref_00464bed ; push 0x464bed lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x3e8 lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 jmp near loc_00437c1c ; jmp 0x437c1c loc_00437a18: mov cl, byte [edx + (_players+21)] ; mov cl, byte [edx + 0x496b7d] cmp cl, 1 jne near loc_00437acd ; jne 0x437acd mov byte [ref_0046cb00], cl ; mov byte [0x46cb00], cl push ebx push ebx push 0x18 mov eax, dword [ref_0048a05c] ; mov eax, dword [0x48a05c] push eax call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c3f4], eax ; mov dword [0x48c3f4], eax cmp byte [ref_0049715d], 2 ; cmp byte [0x49715d], 2 je short loc_00437a6f ; je 0x437a6f mov eax, dword [_current_player] ; mov eax, dword [0x49910c] mov dl, byte [eax + ref_0048be24] ; mov dl, byte [eax + 0x48be24] test dl, dl je short loc_00437a6f ; je 0x437a6f mov bl, dl xor dh, dh mov byte [eax + ref_0048be24], dh ; mov byte [eax + 0x48be24], dh push eax call fcn_0041d433 ; call 0x41d433 add esp, 4 loc_00437a6f: push 0 push fcn_00436ef8 ; push 0x436ef8 call _Wait_0402_Message ; call 0x4018e7 add esp, 8 test ebx, ebx je short loc_00437aa3 ; je 0x437aa3 push 0x168 call fcn_0045285e ; call 0x45285e add esp, 4 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] mov byte [eax + ref_0048be24], bl ; mov byte [eax + 0x48be24], bl push eax call fcn_0041d433 ; call 0x41d433 add esp, 4 loc_00437aa3: push 0xffffffffffffffff push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov edx, dword [ref_0048c3f4] ; mov edx, dword [0x48c3f4] push edx call clib_free ; call 0x456e11 add esp, 4 xor bl, bl mov byte [ref_0046cb00], bl ; mov byte [0x46cb00], bl jmp near loc_00437c1c ; jmp 0x437c1c loc_00437acd: mov ecx, dword [ref_00497160] ; mov ecx, dword [0x497160] and ecx, 0xff mov ebx, dword [edx + (_players+28)] ; mov ebx, dword [edx + 0x496b84] add ebx, dword [edx + (_players+32)] ; add ebx, dword [edx + 0x496b88] fild dword [edx + (_players+28)] ; fild dword [edx + 0x496b84] mov dword [esp + 0x90], ebx fild dword [esp + 0x90] fdivp st1 ; fdivp st(1) fstp dword [esp + 0x8c] mov al, byte [edx + (_players+25)] ; mov al, byte [edx + 0x496b81] mov dword [esp + 0x94], eax fild word [esp + 0x94] fdiv dword [ref_00464c08] ; fdiv dword [0x464c08] fstp dword [esp + 0x88] cmp ecx, 7 jg short loc_00437b3c ; jg 0x437b3c fld dword [esp + 0x88] fmul qword [ref_00464c10] ; fmul qword [0x464c10] fstp dword [esp + 0x88] loc_00437b3c: cmp ecx, 0x1a jl short loc_00437b55 ; jl 0x437b55 fld dword [esp + 0x88] fmul qword [ref_00464c18] ; fmul qword [0x464c18] fstp dword [esp + 0x88] loc_00437b55: cmp dword [esp + 0x88], 0x3f800000 jl short loc_00437b6f ; jl 0x437b6f mov dword [esp + 0x88], 0x3f666666 jmp short loc_00437b88 ; jmp 0x437b88 loc_00437b6f: fldz fcomp dword [esp + 0x88] fnstsw ax sahf jb short loc_00437b88 ; jb 0x437b88 mov dword [esp + 0x88], 0x3dcccccd loc_00437b88: fld dword [esp + 0x8c] fsub dword [esp + 0x88] fst qword [esp + 0x80] fcomp qword [ref_00464c20] ; fcomp qword [0x464c20] fnstsw ax sahf jae short loc_00437bca ; jae 0x437bca fld qword [esp + 0x80] fcomp qword [ref_00464c28] ; fcomp qword [0x464c28] fnstsw ax sahf jbe short loc_00437bca ; jbe 0x437bca imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp dword [eax + (_players+28)], 0 ; cmp dword [eax + 0x496b84], 0 jne short loc_00437c1c ; jne 0x437c1c loc_00437bca: mov dword [esp + 0x90], ebx fild dword [esp + 0x90] fmul dword [esp + 0x88] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x90] mov esi, dword [_current_player] ; mov esi, dword [0x49910c] imul edx, esi, 0x68 mov eax, dword [esp + 0x90] mov dword [edx + (_players+28)], eax ; mov dword [edx + 0x496b84], eax sub ebx, eax mov dword [edx + (_players+32)], ebx ; mov dword [edx + 0x496b88], ebx push esi call fcn_0041d433 ; call 0x41d433 add esp, 4 push 1 call fcn_00436b0a ; call 0x436b0a add esp, 4 loc_00437c1c: add esp, 0x98 pop esi pop ebx ret fcn_00437c25: push ebx push esi push edi mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0 push 0 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x46 push 0x18 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xf0 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 xor ebx, ebx loc_00437c7a: movzx esi, byte [ref_0048c420] ; movzx esi, byte [0x48c420] cmp ebx, esi jge short loc_00437cf6 ; jge 0x437cf6 xor eax, eax mov al, byte [ebx + ref_0048c418] ; mov al, byte [ebx + 0x48c418] imul eax, eax, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx lea edx, [eax + 0x2f] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov ecx, dword [ref_0048c41c] ; mov ecx, dword [0x48c41c] lea eax, [ecx + edx] mov edi, 0x14a sub di, word [eax + 0xe] add di, word [eax + 0x12] mov eax, ebx mov word [ebx*2 + ref_0048c40c], di ; mov word [ebx*2 + 0x48c40c], di movsx edi, di push edi shl esi, 3 movsx eax, word [esi + eax*2 + ref_00475930] ; movsx eax, word [esi + eax*2 + 0x475930] push eax add ecx, 0xc add edx, ecx push edx mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_00456418 ; call 0x456418 add esp, 0x10 inc ebx jmp short loc_00437c7a ; jmp 0x437c7a loc_00437cf6: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push 0 mov edi, dword [esp + 0x18] push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] pop edi pop esi pop ebx ret fcn_00437d1a: push ebx push esi push edi push ebp sub esp, 0x14 mov ebp, 0xffffffff xor eax, eax xor ecx, ecx xor edi, edi loc_00437d2c: xor edx, edx mov dl, byte [ref_0048c420] ; mov dl, byte [0x48c420] cmp eax, edx jge short loc_00437d99 ; jge 0x437d99 xor edx, edx mov dl, byte [eax + ref_0048c418] ; mov dl, byte [eax + 0x48c418] imul edx, edx, 0x68 mov ebx, dword [edx + (_players+92)] ; mov ebx, dword [edx + 0x496bc4] mov esi, dword [edx + (_players+96)] ; mov esi, dword [edx + 0x496bc8] sub ebx, esi mov esi, ebx xor ebx, ebx mov bl, byte [edx + (_players+66)] ; mov bl, byte [edx + 0x496baa] imul ebx, dword [ref_004990e8] ; imul ebx, dword [0x4990e8] imul ebx, ebx, 0x9c4 add esi, ebx movsx ebx, word [edx + (_players+68)] ; movsx ebx, word [edx + 0x496bac] mov edx, ebx shl edx, 2 add edx, ebx add edx, edx lea ebx, [esi + edx] mov dword [esp + eax*4], ebx test ecx, ecx jge short loc_00437d86 ; jge 0x437d86 xor ecx, ecx loc_00437d86: mov edx, eax shl edx, 2 mov ebx, dword [esp + edx] cmp ecx, ebx jge short loc_00437d96 ; jge 0x437d96 mov ecx, ebx mov edi, eax loc_00437d96: inc eax jmp short loc_00437d2c ; jmp 0x437d2c loc_00437d99: xor eax, eax xor ebx, ebx loc_00437d9d: xor edx, edx mov dl, byte [ref_0048c420] ; mov dl, byte [0x48c420] cmp eax, edx jge short loc_00437dc9 ; jge 0x437dc9 mov edx, eax shl edx, 2 cmp ecx, dword [esp + edx] jne short loc_00437db8 ; jne 0x437db8 xor esi, esi mov dword [esp + edx], esi loc_00437db8: mov edx, eax shl edx, 2 mov esi, dword [esp + edx] cmp ebx, esi jge short loc_00437dc6 ; jge 0x437dc6 mov ebx, esi loc_00437dc6: inc eax jmp short loc_00437d9d ; jmp 0x437d9d loc_00437dc9: test ecx, ecx je short loc_00437df4 ; je 0x437df4 test ebx, ebx je short loc_00437df4 ; je 0x437df4 mov eax, ecx sub eax, ebx mov dword [esp + 0x10], eax fild dword [esp + 0x10] mov dword [esp + 0x10], ecx fild dword [esp + 0x10] fdivp st1 ; fdivp st(1) fcomp qword [ref_00464d58] ; fcomp qword [0x464d58] fnstsw ax sahf jbe short loc_00437df4 ; jbe 0x437df4 mov ebp, edi loc_00437df4: mov eax, ebp add esp, 0x14 pop ebp pop edi pop esi pop ebx ret fcn_00437dfe: push ebx push esi push edi xor ebx, ebx xor esi, esi xor edi, edi loc_00437e07: xor eax, eax mov al, byte [ref_0048c420] ; mov al, byte [0x48c420] cmp ebx, eax jge short loc_00437e2e ; jge 0x437e2e xor eax, eax mov al, byte [ebx + ref_0048c418] ; mov al, byte [ebx + 0x48c418] push eax call fcn_004239b9 ; call 0x4239b9 add esp, 4 cmp esi, eax jge short loc_00437e2b ; jge 0x437e2b mov esi, eax mov edi, ebx loc_00437e2b: inc ebx jmp short loc_00437e07 ; jmp 0x437e07 loc_00437e2e: mov eax, edi pop edi pop esi pop ebx ret endloc_00437e34: db 0x90 ref_00437e35: ; may contain a jump table dd loc_004391ee dd loc_0043930f dd loc_004394cd dd loc_004396a8 dd loc_004395c2 ref_00437e49: ; may contain a jump table dd loc_004396d7 dd loc_00439867 dd loc_00439966 dd loc_00437f23 dd loc_00437f23 dd loc_00439a63 fcn_00437e61: push ebx push esi push edi push ebp sub esp, 0xd0 mov esi, dword [esp + 0xe4] mov eax, dword [esp + 0xe8] cmp eax, 0x202 jb short loc_00437eaf ; jb 0x437eaf jbe near loc_00439b62 ; jbe 0x439b62 cmp eax, 0x401 jb short loc_00437e9f ; jb 0x437e9f jbe short loc_00437ece ; jbe 0x437ece cmp eax, 0x405 je near loc_00437f32 ; je 0x437f32 jmp near loc_00439bdc ; jmp 0x439bdc loc_00437e9f: cmp eax, 0x205 je near loc_00439b62 ; je 0x439b62 jmp near loc_00439bdc ; jmp 0x439bdc loc_00437eaf: cmp eax, 0xf jb near loc_00439bdc ; jb 0x439bdc jbe near loc_00439b85 ; jbe 0x439b85 cmp eax, 0x113 je near loc_00437f51 ; je 0x437f51 jmp near loc_00439bdc ; jmp 0x439bdc loc_00437ece: xor dh, dh mov byte [ref_0048c42c], dh ; mov byte [0x48c42c], dh mov byte [ref_0048c429], dh ; mov byte [0x48c429], dh mov byte [ref_0048c42b], dh ; mov byte [0x48c42b], dh mov byte [ref_0048c42d], dh ; mov byte [0x48c42d], dh mov byte [ref_0048c42e], dh ; mov byte [0x48c42e], dh push 0 push 0x64 mov edx, dword [_callbackSize] ; mov edx, dword [0x46cad8] push edx push esi call dword [cs:__imp__SetTimer@16] ; ucall: call dword cs:[0x462324] mov dword [ref_0048c421], eax ; mov dword [0x48c421], eax push 0 push 0 push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 push 0 push 0x405 push esi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] loc_00437f23: xor eax, eax loc_00437f25: add esp, 0xd0 pop ebp pop edi pop esi pop ebx ret 0x10 loc_00437f32: mov byte [ref_0048c42a], 1 ; mov byte [0x48c42a], 1 cmp byte [ref_00497159], 0 ; cmp byte [0x497159], 0 je short loc_00437f23 ; je 0x437f23 push ref_00464d60 ; push 0x464d60 call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 jmp short loc_00437f23 ; jmp 0x437f23 loc_00437f51: cmp byte [ref_0048c42a], 0 ; cmp byte [0x48c42a], 0 je short loc_00437f23 ; je 0x437f23 cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je short loc_00437f23 ; je 0x437f23 mov eax, dword [esp + 0xec] cmp eax, dword [_callbackSize] ; cmp eax, dword [0x46cad8] jne short loc_00437f23 ; jne 0x437f23 push 0 call fcn_0044ee18 ; call 0x44ee18 add esp, 4 test eax, eax je near loc_00439196 ; je 0x439196 mov al, byte [ref_0048c42a] ; mov al, byte [0x48c42a] cmp al, 9 jb short loc_00437fcb ; jb 0x437fcb jbe near loc_00438a31 ; jbe 0x438a31 cmp al, 0x11 jb short loc_00437fb8 ; jb 0x437fb8 jbe near loc_00438d40 ; jbe 0x438d40 cmp al, 0x13 jb near loc_00438ff5 ; jb 0x438ff5 jbe near loc_00439120 ; jbe 0x439120 cmp al, 0x16 je near loc_00439163 ; je 0x439163 jmp near loc_00439196 ; jmp 0x439196 loc_00437fb8: cmp al, 0xf jb near loc_00439196 ; jb 0x439196 jbe near loc_00438a78 ; jbe 0x438a78 jmp near loc_00438ba6 ; jmp 0x438ba6 loc_00437fcb: cmp al, 5 jb short loc_00437fe8 ; jb 0x437fe8 jbe near loc_0043829c ; jbe 0x43829c cmp al, 7 jb near loc_004383dc ; jb 0x4383dc jbe near loc_00438570 ; jbe 0x438570 jmp near loc_0043889e ; jmp 0x43889e loc_00437fe8: cmp al, 1 jb near loc_00439196 ; jb 0x439196 jbe short loc_00437fff ; jbe 0x437fff cmp al, 2 je near loc_004380d5 ; je 0x4380d5 jmp near loc_00439196 ; jmp 0x439196 loc_00437fff: mov byte [ref_0048c42a], 2 ; mov byte [0x48c42a], 2 mov byte [ref_0048c42d], 1 ; mov byte [0x48c42d], 1 mov dword [esp + 0xc0], 0x18 mov dword [esp + 0xc4], 0x46 mov dword [esp + 0xc8], 0x105 mov dword [esp + 0xcc], 0x1e0 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 push 1 mov edx, ref_0048a068 ; mov edx, 0x48a068 push edx push 0 mov edi, dword [ref_0048a0e0] ; mov edi, dword [0x48a0e0] push edi call dword [eax + 0x64] ; ucall push 0x19a push 0xba push 0x46 push 0x18 push 0x46 push 0x18 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xc push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x46 push 0x1c mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0x12c push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 mov edx, dword [ref_0048a0e0] ; mov edx, dword [0x48a0e0] push edx call dword [eax + 0x80] ; ucall push 0 lea eax, [esp + 0xc4] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov eax, ref_00464d92 ; mov eax, 0x464d92 push eax call fcn_0044ecb6 ; call 0x44ecb6 jmp near loc_00439193 ; jmp 0x439193 loc_004380d5: xor ebp, ebp mov dword [ref_0048c425], ebp ; mov dword [0x48c425], ebp mov dword [esp + 0xc0], 0x168 mov dword [esp + 0xc4], ebp mov dword [esp + 0xc8], 0x280 mov ebx, 0x1e0 mov dword [esp + 0xcc], ebx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push ebp push 1 mov edx, ref_0048a068 ; mov edx, 0x48a068 push edx push ebp mov edi, dword [ref_0048a0e0] ; mov edi, dword [0x48a0e0] push edi call dword [eax + 0x64] ; ucall push ebx push 0x64 push ebp push 0x21c push ebp push 0x21c mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xc push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_0045643d ; call 0x45643d add esp, 0x20 xor ebx, ebx loc_0043814a: xor eax, eax mov al, byte [ref_0048c420] ; mov al, byte [0x48c420] cmp ebx, eax jge near loc_0043821e ; jge 0x43821e lea edi, [ebx + ebx] movsx eax, word [edi + eax*8 + ref_00475918] ; movsx eax, word [edi + eax*8 + 0x475918] push eax push 0x258 xor eax, eax mov al, byte [ebx + ref_0048c418] ; mov al, byte [ebx + 0x48c418] imul eax, eax, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx lea edx, [eax + 0x31] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xc add eax, edx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 xor eax, eax mov al, byte [ref_0048c420] ; mov al, byte [0x48c420] movsx eax, word [edi + eax*8 + ref_00475918] ; movsx eax, word [edi + eax*8 + 0x475918] sub eax, 0x24 push eax push 0x168 lea edx, [ebx + 0xb] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048c41c] ; mov edx, dword [0x48c41c] add edx, 0xc add eax, edx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 xor eax, eax mov al, byte [ebx + ref_0048c418] ; mov al, byte [ebx + 0x48c418] imul eax, eax, 0x68 cmp dword [eax + (_players+36)], 0 ; cmp dword [eax + 0x496b8c], 0 jne short loc_00438218 ; jne 0x438218 fild dword [eax + (_players+32)] ; fild dword [eax + 0x496b88] fmul qword [ref_00464e88] ; fmul qword [0x464e88] call fcn_00457dbc ; call 0x457dbc fistp dword [eax + (_players+32)] ; fistp dword [eax + 0x496b88] loc_00438218: inc ebx jmp near loc_0043814a ; jmp 0x43814a loc_0043821e: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0xc4] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] call fcn_00437d1a ; call 0x437d1a mov byte [ref_0048c42f], al ; mov byte [0x48c42f], al call fcn_00437dfe ; call 0x437dfe mov byte [ref_0048c430], al ; mov byte [0x48c430], al cmp byte [ref_00497159], 0 ; cmp byte [0x497159], 0 je short loc_0043827e ; je 0x43827e mov ch, byte [ref_0048c42f] ; mov ch, byte [0x48c42f] cmp al, ch je short loc_0043826c ; je 0x43826c cmp ch, 0xff jne short loc_00438275 ; jne 0x438275 loc_0043826c: mov byte [ref_0048c42a], 0xf ; mov byte [0x48c42a], 0xf jmp short loc_0043828f ; jmp 0x43828f loc_00438275: mov byte [ref_0048c42a], 5 ; mov byte [0x48c42a], 5 jmp short loc_0043828f ; jmp 0x43828f loc_0043827e: mov byte [ref_0048c42a], 0x16 ; mov byte [0x48c42a], 0x16 mov dword [ref_0048c425], 0x1e ; mov dword [0x48c425], 0x1e loc_0043828f: xor dh, dh mov byte [ref_0048c42e], dh ; mov byte [0x48c42e], dh jmp near loc_00439196 ; jmp 0x439196 loc_0043829c: mov ecx, dword [ref_0048c425] ; mov ecx, dword [0x48c425] inc ecx mov dword [ref_0048c425], ecx ; mov dword [0x48c425], ecx cmp ecx, 0x14 je short loc_004382b7 ; je 0x4382b7 cmp byte [ref_0048c42e], 0 ; cmp byte [0x48c42e], 0 je short loc_004382c8 ; je 0x4382c8 loc_004382b7: xor bh, bh mov byte [ref_0048c42d], bh ; mov byte [0x48c42d], bh push esi call fcn_00437c25 ; call 0x437c25 add esp, 4 loc_004382c8: cmp dword [ref_0048c425], 0x1e ; cmp dword [0x48c425], 0x1e je short loc_004382de ; je 0x4382de cmp byte [ref_0048c42e], 0 ; cmp byte [0x48c42e], 0 je near loc_00439196 ; je 0x439196 loc_004382de: xor ch, ch mov byte [ref_0048c42e], ch ; mov byte [0x48c42e], ch xor eax, eax mov al, byte [ref_0048c42f] ; mov al, byte [0x48c42f] cmp eax, 0xffffffff je near loc_004383d0 ; je 0x4383d0 mov ebp, 0x18 mov dword [esp + 0xc0], ebp mov dword [esp + 0xc4], 0x43 mov dword [esp + 0xc8], 0xd2 mov dword [esp + 0xcc], 0x1e0 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x19a push 0xba push 0x46 push ebp push 0x46 push ebp mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xc push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x43 push 0x23 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0x18c push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0xc4] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov byte [ref_0048c42a], 6 ; mov byte [0x48c42a], 6 mov byte [ref_0048c42d], 2 ; mov byte [0x48c42d], 2 push ref_00464dca ; push 0x464dca loc_004383b4: call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 push 0 push ref_00475b17 ; push 0x475b17 loc_004383c3: call fcn_004542ce ; call 0x4542ce add esp, 8 jmp near loc_00439196 ; jmp 0x439196 loc_004383d0: mov byte [ref_0048c42a], 0xf ; mov byte [0x48c42a], 0xf jmp near loc_00439196 ; jmp 0x439196 loc_004383dc: mov byte [ref_0048c42a], 7 ; mov byte [0x48c42a], 7 mov byte [ref_0048c42d], 3 ; mov byte [0x48c42d], 3 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 push 1 mov edx, ref_0048a068 ; mov edx, 0x48a068 push edx push 0 mov edi, dword [ref_0048a0e0] ; mov edi, dword [0x48a0e0] push edi call dword [eax + 0x64] ; ucall push 0 push 0 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xc push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0 xor eax, eax mov al, byte [ref_0048c420] ; mov al, byte [0x48c420] xor edx, edx mov dl, byte [ref_0048c42f] ; mov dl, byte [0x48c42f] add edx, edx movsx eax, word [edx + eax*8 + ref_00475948] ; movsx eax, word [edx + eax*8 + 0x475948] push eax xor eax, eax mov al, byte [ref_0048c420] ; mov al, byte [0x48c420] mov edx, eax shl edx, 3 xor eax, eax mov al, byte [ref_0048c42f] ; mov al, byte [0x48c42f] movsx edx, word [edx + eax*2 + ref_00475960] ; movsx edx, word [edx + eax*2 + 0x475960] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048c41c] ; mov edx, dword [0x48c41c] add edx, 0xc add eax, edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x59 push 0 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0x1c8 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 xor ebx, ebx loc_0043849e: movzx ebp, byte [ref_0048c420] ; movzx ebp, byte [0x48c420] cmp ebx, ebp jge short loc_00438518 ; jge 0x438518 xor eax, eax mov al, byte [ebx + ref_0048c418] ; mov al, byte [ebx + 0x48c418] imul eax, eax, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx lea edx, [eax + 0x2f] mov ecx, edx shl ecx, 2 sub ecx, edx shl ecx, 2 mov edx, dword [ref_0048c41c] ; mov edx, dword [0x48c41c] lea eax, [edx + ecx] mov edi, 0x14a sub di, word [eax + 0xe] add di, word [eax + 0x12] mov eax, ebx mov word [ebx*2 + ref_0048c40c], di ; mov word [ebx*2 + 0x48c40c], di movsx edi, di push edi shl ebp, 3 movsx eax, word [ebp + eax*2 + ref_00475930] ; movsx eax, word [ebp + eax*2 + 0x475930] push eax add edx, 0xc add edx, ecx push edx mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 inc ebx jmp short loc_0043849e ; jmp 0x43849e loc_00438518: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push 0 push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] xor eax, eax mov al, byte [ref_0048c42f] ; mov al, byte [0x48c42f] mov al, byte [eax + ref_0048c418] ; mov al, byte [eax + 0x48c418] and eax, 0xff imul eax, eax, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff mov edx, dword [eax*4 + ref_00475988] ; mov edx, dword [eax*4 + 0x475988] push edx call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 push 0 push ref_00475b27 ; push 0x475b27 jmp near loc_004383c3 ; jmp 0x4383c3 loc_00438570: mov byte [ref_0048c42a], 8 ; mov byte [0x48c42a], 8 mov byte [ref_0048c42d], 2 ; mov byte [0x48c42d], 2 push 0 push 0 xor eax, eax mov al, byte [ref_0048c42f] ; mov al, byte [0x48c42f] mov al, byte [eax + ref_0048c418] ; mov al, byte [eax + 0x48c418] and eax, 0xff imul eax, eax, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff add eax, eax add eax, 0x1a1 push eax mov ecx, dword [ref_0048a0e4] ; mov ecx, dword [0x48a0e4] push ecx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c414], eax ; mov dword [0x48c414], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 push 1 mov edx, ref_0048a068 ; mov edx, 0x48a068 push edx push 0 mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] push ebx call dword [eax + 0x64] ; ucall push 0 push 0 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xc push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x43 push 0x23 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0x18c push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0 xor eax, eax mov al, byte [ref_0048c420] ; mov al, byte [0x48c420] xor edx, edx mov dl, byte [ref_0048c42f] ; mov dl, byte [0x48c42f] add edx, edx movsx eax, word [edx + eax*8 + ref_00475948] ; movsx eax, word [edx + eax*8 + 0x475948] push eax xor eax, eax mov al, byte [ref_0048c420] ; mov al, byte [0x48c420] xor edx, edx mov dl, byte [ref_0048c42f] ; mov dl, byte [0x48c42f] add edx, edx movsx edx, word [edx + eax*8 + ref_00475960] ; movsx edx, word [edx + eax*8 + 0x475960] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xc add eax, edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x195 push 0x1b8 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0x24 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 1 push 2 push 0 push 0x101010 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov byte [esp], 0x24 xor ah, ah mov byte [esp + 1], ah push 0 push 0x172 push 0x140 mov eax, ref_00464de4 ; mov eax, 0x464de4 push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 0x184 push 0x140 mov eax, ref_00464def ; mov eax, 0x464def push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor eax, eax mov al, byte [ref_0048c42f] ; mov al, byte [0x48c42f] mov al, byte [eax + ref_0048c418] ; mov al, byte [eax + 0x48c418] and eax, 0xff imul eax, eax, 0x68 mov ecx, dword [eax + (_players+92)] ; mov ecx, dword [eax + 0x496bc4] push ecx lea eax, [esp + 5] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 1 push 0x184 push 0x230 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 0x196 push 0x140 mov eax, ref_00464dfe ; mov eax, 0x464dfe push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor eax, eax mov al, byte [ref_0048c42f] ; mov al, byte [0x48c42f] mov al, byte [eax + ref_0048c418] ; mov al, byte [eax + 0x48c418] and eax, 0xff imul eax, eax, 0x68 mov ebx, dword [eax + (_players+96)] ; mov ebx, dword [eax + 0x496bc8] push ebx lea eax, [esp + 5] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 1 push 0x196 push 0x230 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 0x1a8 push 0x140 mov eax, ref_00464e0d ; mov eax, 0x464e0d push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor eax, eax mov al, byte [ref_0048c42f] ; mov al, byte [0x48c42f] mov al, byte [eax + ref_0048c418] ; mov al, byte [eax + 0x48c418] and eax, 0xff imul eax, eax, 0x68 mov al, byte [eax + (_players+66)] ; mov al, byte [eax + 0x496baa] and eax, 0xff push eax mov eax, ref_00464e1c ; mov eax, 0x464e1c push eax lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 1 push 0x1a8 push 0x230 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor ebx, ebx loc_004387f9: movzx ebp, byte [ref_0048c420] ; movzx ebp, byte [0x48c420] cmp ebx, ebp jge near loc_00438885 ; jge 0x438885 xor eax, eax mov al, byte [ref_0048c42f] ; mov al, byte [0x48c42f] cmp ebx, eax je short loc_0043887f ; je 0x43887f xor eax, eax mov al, byte [ebx + ref_0048c418] ; mov al, byte [ebx + 0x48c418] imul eax, eax, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx lea edx, [eax + 0x2f] mov ecx, edx shl ecx, 2 sub ecx, edx shl ecx, 2 mov edx, dword [ref_0048c41c] ; mov edx, dword [0x48c41c] lea eax, [edx + ecx] mov edi, 0x14a sub di, word [eax + 0xe] add di, word [eax + 0x12] mov eax, ebx mov word [ebx*2 + ref_0048c40c], di ; mov word [ebx*2 + 0x48c40c], di movsx edi, di push edi shl ebp, 3 movsx eax, word [ebp + eax*2 + ref_00475930] ; movsx eax, word [ebp + eax*2 + 0x475930] push eax add edx, 0xc add edx, ecx push edx mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 loc_0043887f: inc ebx jmp near loc_004387f9 ; jmp 0x4387f9 loc_00438885: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push 0 jmp near loc_00438a24 ; jmp 0x438a24 loc_0043889e: push 0xffffffffffffffff xor eax, eax mov al, byte [ref_0048c42f] ; mov al, byte [0x48c42f] mov al, byte [eax + ref_0048c418] ; mov al, byte [eax + 0x48c418] and eax, 0xff imul eax, eax, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx mov edi, dword [eax*8 + ref_00475a0b] ; mov edi, dword [eax*8 + 0x475a0b] push edi xor edx, edx mov dl, byte [ref_0048c42f] ; mov dl, byte [0x48c42f] xor eax, eax mov al, byte [edx + ref_0048c418] ; mov al, byte [edx + 0x48c418] imul eax, eax, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx mov edx, 0x14a mov ebp, dword [eax*8 + ref_00475a07] ; mov ebp, dword [eax*8 + 0x475a07] lea eax, [edx + ebp] push eax xor eax, eax mov al, byte [ref_0048c42f] ; mov al, byte [0x48c42f] mov al, byte [eax + ref_0048c418] ; mov al, byte [eax + 0x48c418] and eax, 0xff imul eax, eax, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 3 xor ecx, ecx mov cl, byte [ref_0048c420] ; mov cl, byte [0x48c420] xor eax, eax mov al, byte [ref_0048c42f] ; mov al, byte [0x48c42f] add eax, eax movsx eax, word [eax + ecx*8 + ref_00475930] ; movsx eax, word [eax + ecx*8 + 0x475930] add eax, dword [edx + ref_00475a03] ; add eax, dword [edx + 0x475a03] push eax mov ebx, dword [ref_0048c414] ; mov ebx, dword [0x48c414] push ebx call fcn_0045144f ; call 0x45144f add esp, 0x14 mov edi, dword [ref_0048c414] ; mov edi, dword [0x48c414] push edi call clib_free ; call 0x456e11 add esp, 4 mov byte [ref_0048c42a], 9 ; mov byte [0x48c42a], 9 mov byte [ref_0048c42d], 4 ; mov byte [0x48c42d], 4 mov ebp, 0x11 mov dword [esp + 0xc0], ebp mov dword [esp + 0xc4], 0x41 mov dword [esp + 0xc8], 0x100 mov dword [esp + 0xcc], 0x1e0 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 push 1 mov edx, ref_0048a068 ; mov edx, 0x48a068 push edx push 0 mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] push ebx call dword [eax + 0x64] ; ucall push 0x19d push 0xad push 0x43 push 0x23 push 0x43 push 0x23 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xc push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x41 push ebp mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0x1d4 push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 mov edx, dword [ref_0048a0e0] ; mov edx, dword [0x48a0e0] push edx call dword [eax + 0x80] ; ucall loc_00438a1a: push 0 lea eax, [esp + 0xc4] push eax loc_00438a24: push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_00439196 ; jmp 0x439196 loc_00438a31: push 0 push 0x101010 push 0 push 0x14 push 0xa push 0xbe mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0x30 push eax call fcn_0044ec30 ; call 0x44ec30 add esp, 0x1c mov eax, ref_00464e21 ; mov eax, 0x464e21 push eax call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 mov byte [ref_0048c42a], 0xf ; mov byte [0x48c42a], 0xf mov dword [ref_0048c425], 0x13 ; mov dword [0x48c425], 0x13 jmp near loc_00439196 ; jmp 0x439196 loc_00438a78: mov eax, dword [ref_0048c425] ; mov eax, dword [0x48c425] inc eax mov dword [ref_0048c425], eax ; mov dword [0x48c425], eax cmp eax, 0x14 je short loc_00438a91 ; je 0x438a91 cmp byte [ref_0048c42e], 0 ; cmp byte [0x48c42e], 0 je short loc_00438aa2 ; je 0x438aa2 loc_00438a91: xor cl, cl mov byte [ref_0048c42d], cl ; mov byte [0x48c42d], cl push esi call fcn_00437c25 ; call 0x437c25 add esp, 4 loc_00438aa2: cmp dword [ref_0048c425], 0x1e ; cmp dword [0x48c425], 0x1e je short loc_00438ab8 ; je 0x438ab8 cmp byte [ref_0048c42e], 0 ; cmp byte [0x48c42e], 0 je near loc_00439196 ; je 0x439196 loc_00438ab8: xor al, al mov byte [ref_0048c42e], al ; mov byte [0x48c42e], al push 0 push 0x101010 push 0xffffffffffffffe2 push 0 push 0xa push 0xbe mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0x18 push eax call fcn_0044ec30 ; call 0x44ec30 add esp, 0x1c mov ebx, 0x11 mov dword [esp + 0xc0], ebx mov edi, 0x41 mov dword [esp + 0xc4], edi mov dword [esp + 0xc8], 0x100 mov dword [esp + 0xcc], 0x1e0 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x19a push 0xba push 0x46 push 0x18 push 0x46 push 0x18 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045643d ; call 0x45643d add esp, 0x20 push edi push ebx mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0x1d4 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0xc4] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov byte [ref_0048c42a], 0x10 ; mov byte [0x48c42a], 0x10 mov byte [ref_0048c42d], 4 ; mov byte [0x48c42d], 4 push ref_00464e39 ; push 0x464e39 jmp near loc_004383b4 ; jmp 0x4383b4 loc_00438ba6: mov byte [ref_0048c42a], 0x11 ; mov byte [0x48c42a], 0x11 mov byte [ref_0048c42d], 5 ; mov byte [0x48c42d], 5 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 push 1 mov edx, ref_0048a068 ; mov edx, 0x48a068 push edx push 0 mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx call dword [eax + 0x64] ; ucall push 0 push 0 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xc push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0 xor eax, eax mov al, byte [ref_0048c420] ; mov al, byte [0x48c420] mov edx, eax shl edx, 3 xor eax, eax mov al, byte [ref_0048c430] ; mov al, byte [0x48c430] movsx eax, word [edx + eax*2 + ref_00475948] ; movsx eax, word [edx + eax*2 + 0x475948] push eax xor eax, eax mov al, byte [ref_0048c420] ; mov al, byte [0x48c420] mov edx, eax shl edx, 3 xor eax, eax mov al, byte [ref_0048c430] ; mov al, byte [0x48c430] movsx edx, word [edx + eax*2 + ref_00475960] ; movsx edx, word [edx + eax*2 + 0x475960] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xc add eax, edx push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x40 push 0x1b mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0x204 push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 xor ebx, ebx loc_00438c6c: movzx ebp, byte [ref_0048c420] ; movzx ebp, byte [0x48c420] cmp ebx, ebp jge short loc_00438ce8 ; jge 0x438ce8 xor eax, eax mov al, byte [ebx + ref_0048c418] ; mov al, byte [ebx + 0x48c418] imul eax, eax, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx lea edx, [eax + 0x2f] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov ecx, dword [ref_0048c41c] ; mov ecx, dword [0x48c41c] lea eax, [ecx + edx] mov edi, 0x14a sub di, word [eax + 0xe] add di, word [eax + 0x12] mov eax, ebx mov word [ebx*2 + ref_0048c40c], di ; mov word [ebx*2 + 0x48c40c], di movsx edi, di push edi shl ebp, 3 movsx eax, word [ebp + eax*2 + ref_00475930] ; movsx eax, word [ebp + eax*2 + 0x475930] push eax add ecx, 0xc add edx, ecx push edx mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 inc ebx jmp short loc_00438c6c ; jmp 0x438c6c loc_00438ce8: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push 0 push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] xor eax, eax mov al, byte [ref_0048c430] ; mov al, byte [0x48c430] mov al, byte [eax + ref_0048c418] ; mov al, byte [eax + 0x48c418] and eax, 0xff imul eax, eax, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff mov edx, dword [eax*4 + ref_004759b8] ; mov edx, dword [eax*4 + 0x4759b8] push edx call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 push 0 push ref_00475b1f ; push 0x475b1f jmp near loc_004383c3 ; jmp 0x4383c3 loc_00438d40: mov byte [ref_0048c42a], 0x12 ; mov byte [0x48c42a], 0x12 push 0 push 0 xor eax, eax mov al, byte [ref_0048c430] ; mov al, byte [0x48c430] mov al, byte [eax + ref_0048c418] ; mov al, byte [eax + 0x48c418] and eax, 0xff imul eax, eax, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff add eax, eax add eax, 0x1a0 push eax mov ecx, dword [ref_0048a0e4] ; mov ecx, dword [0x48a0e4] push ecx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c414], eax ; mov dword [0x48c414], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0 xor eax, eax mov al, byte [ref_0048c420] ; mov al, byte [0x48c420] mov edx, eax shl edx, 3 xor eax, eax mov al, byte [ref_0048c430] ; mov al, byte [0x48c430] add eax, eax add eax, edx movsx edx, word [eax + ref_00475948] ; movsx edx, word [eax + 0x475948] push edx movsx edx, word [eax + ref_00475960] ; movsx edx, word [eax + 0x475960] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xc add eax, edx push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x195 push 0x1b8 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0x24 push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 1 push 2 push 0 push 0x101010 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov byte [esp], 0x24 xor dl, dl mov byte [esp + 1], dl push 0 push 0x172 push 0x140 push ref_00464de4 ; push 0x464de4 push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 0x184 push 0x140 push ref_00464e4f ; push 0x464e4f push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor eax, eax mov al, byte [ref_0048c430] ; mov al, byte [0x48c430] mov al, byte [eax + ref_0048c418] ; mov al, byte [eax + 0x48c418] and eax, 0xff imul eax, eax, 0x68 mov ebp, dword [eax + (_players+28)] ; mov ebp, dword [eax + 0x496b84] push ebp lea eax, [esp + 5] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 1 push 0x184 push 0x230 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 0x196 push 0x140 push ref_00464e56 ; push 0x464e56 push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor eax, eax mov al, byte [ref_0048c430] ; mov al, byte [0x48c430] mov al, byte [eax + ref_0048c418] ; mov al, byte [eax + 0x48c418] and eax, 0xff imul eax, eax, 0x68 mov edx, dword [eax + (_players+32)] ; mov edx, dword [eax + 0x496b88] push edx lea eax, [esp + 5] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 1 push 0x196 push 0x230 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 0x1a8 push 0x140 push ref_00464e5d ; push 0x464e5d push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor eax, eax mov al, byte [ref_0048c430] ; mov al, byte [0x48c430] mov al, byte [eax + ref_0048c418] ; mov al, byte [eax + 0x48c418] and eax, 0xff push eax call fcn_004239b9 ; call 0x4239b9 add esp, 4 push eax lea eax, [esp + 5] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 1 push 0x1a8 push 0x230 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor ebx, ebx loc_00438f66: xor ecx, ecx mov cl, byte [ref_0048c420] ; mov cl, byte [0x48c420] cmp ebx, ecx jge near loc_00438885 ; jge 0x438885 xor eax, eax mov al, byte [ref_0048c430] ; mov al, byte [0x48c430] cmp ebx, eax je short loc_00438fef ; je 0x438fef xor eax, eax mov al, byte [ebx + ref_0048c418] ; mov al, byte [ebx + 0x48c418] imul eax, eax, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx lea edx, [eax + 0x2f] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov ebp, dword [ref_0048c41c] ; mov ebp, dword [0x48c41c] lea eax, [edx + ebp] mov edi, 0x14a sub di, word [eax + 0xe] add di, word [eax + 0x12] mov eax, ebx mov word [ebx*2 + ref_0048c40c], di ; mov word [ebx*2 + 0x48c40c], di movsx edi, di push edi shl ecx, 3 movsx eax, word [ecx + eax*2 + ref_00475930] ; movsx eax, word [ecx + eax*2 + 0x475930] push eax add ebp, 0xc add edx, ebp push edx mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 loc_00438fef: inc ebx jmp near loc_00438f66 ; jmp 0x438f66 loc_00438ff5: push 0xffffffffffffffff xor edx, edx mov dl, byte [ref_0048c430] ; mov dl, byte [0x48c430] xor eax, eax mov al, byte [edx + ref_0048c418] ; mov al, byte [edx + 0x48c418] imul eax, eax, 0x68 xor ecx, ecx mov cl, byte [eax + (_players+19)] ; mov cl, byte [eax + 0x496b7b] mov eax, ecx shl eax, 2 sub eax, ecx mov ecx, dword [eax*8 + ref_004759ff] ; mov ecx, dword [eax*8 + 0x4759ff] push ecx mov ecx, dword [eax*8 + ref_004759fb] ; mov ecx, dword [eax*8 + 0x4759fb] add ecx, 0x14a push ecx xor ecx, ecx mov cl, byte [ref_0048c420] ; mov cl, byte [0x48c420] add edx, edx movsx edx, word [edx + ecx*8 + ref_00475930] ; movsx edx, word [edx + ecx*8 + 0x475930] add edx, dword [eax*8 + ref_004759f7] ; add edx, dword [eax*8 + 0x4759f7] push edx mov edi, dword [ref_0048c414] ; mov edi, dword [0x48c414] push edi call fcn_0045144f ; call 0x45144f add esp, 0x14 mov ebp, dword [ref_0048c414] ; mov ebp, dword [0x48c414] push ebp call clib_free ; call 0x456e11 add esp, 4 mov byte [ref_0048c42a], 0x13 ; mov byte [0x48c42a], 0x13 mov byte [ref_0048c42d], 6 ; mov byte [0x48c42d], 6 mov dword [esp + 0xc0], 6 mov dword [esp + 0xc4], 0x3c mov dword [esp + 0xc8], 0xde mov dword [esp + 0xcc], 0x1e0 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x1a0 push 0xc3 push 0x40 push 0x1b push 0x40 push 0x1b mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xc push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_0045643d ; call 0x45643d add esp, 0x20 mov ebp, dword [esp + 0xc4] push ebp mov eax, dword [esp + 0xc4] push eax mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0x228 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall jmp near loc_00438a1a ; jmp 0x438a1a loc_00439120: push 0 push 0x101010 push 0 push 0x14 push 0x25 push 0xd5 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0x3c push eax call fcn_0044ec30 ; call 0x44ec30 add esp, 0x1c push ref_00464e66 ; push 0x464e66 call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 mov byte [ref_0048c42a], 0x16 ; mov byte [0x48c42a], 0x16 mov dword [ref_0048c425], 0xa ; mov dword [0x48c425], 0xa jmp short loc_00439196 ; jmp 0x439196 loc_00439163: mov ebx, dword [ref_0048c425] ; mov ebx, dword [0x48c425] dec ebx mov dword [ref_0048c425], ebx ; mov dword [0x48c425], ebx test ebx, ebx jle short loc_0043917d ; jle 0x43917d cmp byte [ref_0048c42e], 0 ; cmp byte [0x48c42e], 0 je short loc_00439196 ; je 0x439196 loc_0043917d: mov ebp, dword [ref_0048c421] ; mov ebp, dword [0x48c421] push ebp push esi call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] push 0 call _Post_0402_Message ; call 0x401966 loc_00439193: add esp, 4 loc_00439196: test byte [ref_0048c42c], 0xf ; test byte [0x48c42c], 0xf jne short loc_004391c2 ; jne 0x4391c2 call clib_rand ; call 0x456f2d mov ebx, eax sar ebx, 0xa test ebx, ebx jne short loc_004391b6 ; jne 0x4391b6 or byte [ref_0048c42c], 1 ; or byte [0x48c42c], 1 jmp short loc_004391c2 ; jmp 0x4391c2 loc_004391b6: cmp ebx, 1 jne short loc_004391c2 ; jne 0x4391c2 or byte [ref_0048c42c], 2 ; or byte [0x48c42c], 2 loc_004391c2: mov al, byte [ref_0048c42c] ; mov al, byte [0x48c42c] and al, 0xf xor ebx, ebx mov bl, al test ebx, ebx je near loc_004396a8 ; je 0x4396a8 mov al, byte [ref_0048c42d] ; mov al, byte [0x48c42d] cmp al, 4 ja near loc_004396a8 ; ja 0x4396a8 and eax, 0xff jmp dword [eax*4 + ref_00437e35] ; ujmp: jmp dword [eax*4 + 0x437e35] loc_004391ee: cmp ebx, 1 jne near loc_00439302 ; jne 0x439302 mov al, byte [ref_0048c42c] ; mov al, byte [0x48c42c] and al, 0x30 xor ebx, ebx mov bl, al sar ebx, 4 mov dword [esp + 0xc0], 0x4c mov dword [esp + 0xc4], 0x78 mov dword [esp + 0xc8], 0x9c mov dword [esp + 0xcc], 0xa0 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall cmp ebx, 3 jne short loc_00439288 ; jne 0x439288 push 0x28 push 0x50 push 0x32 push 0x34 mov edx, dword [esp + 0xd4] push edx mov ecx, dword [esp + 0xd4] push ecx mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xf0 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_0045643d ; call 0x45643d add esp, 0x20 xor dh, dh mov byte [ref_0048c42c], dh ; mov byte [0x48c42c], dh jmp short loc_004392db ; jmp 0x4392db loc_00439288: mov edi, dword [esp + 0xc4] push edi mov ebp, dword [esp + 0xc4] push ebp xor edx, edx mov dl, byte [ref_0048c42d] ; mov dl, byte [0x48c42d] mov eax, edx shl eax, 2 sub eax, edx xor edx, edx mov dl, byte [ebx + eax + ref_004759e8] ; mov dl, byte [ebx + eax + 0x4759e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048c41c] ; mov edx, dword [0x48c41c] add edx, 0xc loc_004392c3: add eax, edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax loc_004392cc: call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 add byte [ref_0048c42c], 0x10 ; add byte [0x48c42c], 0x10 loc_004392db: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0xc4] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_004396a8 ; jmp 0x4396a8 loc_00439302: xor ah, ah mov byte [ref_0048c42c], ah ; mov byte [0x48c42c], ah jmp near loc_004396a8 ; jmp 0x4396a8 loc_0043930f: cmp ebx, 1 jb near loc_004396a8 ; jb 0x4396a8 jbe short loc_00439328 ; jbe 0x439328 cmp ebx, 2 je near loc_004393fd ; je 0x4393fd jmp near loc_004396a8 ; jmp 0x4396a8 loc_00439328: mov al, byte [ref_0048c42c] ; mov al, byte [0x48c42c] and al, 0x30 xor ebx, ebx mov bl, al sar ebx, 4 mov dword [esp + 0xc0], 0x67 mov dword [esp + 0xc4], 0x78 mov dword [esp + 0xc8], 0xa3 mov dword [esp + 0xcc], 0x9e mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall cmp ebx, 3 jne short loc_004393b3 ; jne 0x4393b3 mov ecx, dword [esp + 0xc4] push ecx mov ebx, dword [esp + 0xc4] push ebx mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0x138 push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 xor al, al mov byte [ref_0048c42c], al ; mov byte [0x48c42c], al jmp near loc_004392db ; jmp 0x4392db loc_004393b3: mov ebp, dword [esp + 0xc4] push ebp mov eax, dword [esp + 0xc4] push eax xor edx, edx mov dl, byte [ref_0048c42d] ; mov dl, byte [0x48c42d] mov eax, edx shl eax, 2 sub eax, edx xor edx, edx mov dl, byte [ebx + eax + ref_004759e8] ; mov dl, byte [ebx + eax + 0x4759e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048c41c] ; mov edx, dword [0x48c41c] add edx, 0xc add eax, edx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx jmp near loc_004392cc ; jmp 0x4392cc loc_004393fd: call clib_rand ; call 0x456f2d mov ebx, eax and ebx, 1 xor eax, eax mov al, byte [ref_0048c42c] ; mov al, byte [0x48c42c] sar eax, 6 cmp eax, ebx je near loc_004394c1 ; je 0x4394c1 mov dword [esp + 0xc0], 0x67 mov dword [esp + 0xc4], 0x78 mov dword [esp + 0xc8], 0xa3 mov dword [esp + 0xcc], 0x9e mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ecx, dword [esp + 0xc4] push ecx mov edi, dword [esp + 0xc4] push edi lea edx, [ebx + 0x19] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xc add eax, edx push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0xc4] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov al, bl shl al, 6 or byte [ref_0048c42c], al ; or byte [0x48c42c], al loc_004394c1: and byte [ref_0048c42c], 0x40 ; and byte [0x48c42c], 0x40 jmp near loc_004396a8 ; jmp 0x4396a8 loc_004394cd: cmp ebx, 1 jne near loc_004395b5 ; jne 0x4395b5 mov al, byte [ref_0048c42c] ; mov al, byte [0x48c42c] and al, 0x30 xor ebx, ebx mov bl, al sar ebx, 4 mov dword [esp + 0xc0], 0x57 mov dword [esp + 0xc4], 0x76 mov dword [esp + 0xc8], 0xa3 mov dword [esp + 0xcc], 0xa1 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall cmp ebx, 3 jne short loc_0043956a ; jne 0x43956a push 0x2b push 0x4c push 0x33 push 0x34 mov eax, dword [esp + 0xd4] push eax mov edx, dword [esp + 0xd4] push edx mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0x18c push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_0045643d ; call 0x45643d add esp, 0x20 xor bl, bl mov byte [ref_0048c42c], bl ; mov byte [0x48c42c], bl jmp near loc_004392db ; jmp 0x4392db loc_0043956a: mov ecx, dword [esp + 0xc4] push ecx mov edi, dword [esp + 0xc4] push edi xor edx, edx mov dl, byte [ref_0048c42d] ; mov dl, byte [0x48c42d] mov eax, edx shl eax, 2 sub eax, edx xor edx, edx mov dl, byte [ebx + eax + ref_004759e8] ; mov dl, byte [ebx + eax + 0x4759e8] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xc add eax, edx push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp jmp near loc_004392cc ; jmp 0x4392cc loc_004395b5: xor dl, dl mov byte [ref_0048c42c], dl ; mov byte [0x48c42c], dl jmp near loc_004396a8 ; jmp 0x4396a8 loc_004395c2: cmp ebx, 1 jne near loc_004396a0 ; jne 0x4396a0 mov al, byte [ref_0048c42c] ; mov al, byte [0x48c42c] and al, 0x30 xor ebx, ebx mov bl, al sar ebx, 4 mov dword [esp + 0xc0], 0x53 mov dword [esp + 0xc4], 0x7b mov dword [esp + 0xc8], 0x99 mov dword [esp + 0xcc], 0x9c mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall cmp ebx, 3 jne short loc_0043965f ; jne 0x43965f push 0x21 push 0x46 push 0x3a push 0x42 mov edx, dword [esp + 0xd4] push edx mov ecx, dword [esp + 0xd4] push ecx mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0x1d4 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_0045643d ; call 0x45643d add esp, 0x20 xor ah, ah mov byte [ref_0048c42c], ah ; mov byte [0x48c42c], ah jmp near loc_004392db ; jmp 0x4392db loc_0043965f: mov edi, dword [esp + 0xc4] push edi mov ebp, dword [esp + 0xc4] push ebp xor edx, edx mov dl, byte [ref_0048c42d] ; mov dl, byte [0x48c42d] mov eax, edx shl eax, 2 sub eax, edx xor edx, edx mov dl, byte [ebx + eax + ref_004759e8] ; mov dl, byte [ebx + eax + 0x4759e8] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xc jmp near loc_004392c3 ; jmp 0x4392c3 loc_004396a0: xor ch, ch mov byte [ref_0048c42c], ch ; mov byte [0x48c42c], ch loc_004396a8: call fcn_0044ef3b ; call 0x44ef3b test eax, eax jne short loc_004396be ; jne 0x4396be cmp byte [ref_0048c42b], 0 ; cmp byte [0x48c42b], 0 je near loc_00437f23 ; je 0x437f23 loc_004396be: mov al, byte [ref_0048c42d] ; mov al, byte [0x48c42d] cmp al, 5 ja near loc_00437f23 ; ja 0x437f23 and eax, 0xff jmp dword [eax*4 + ref_00437e49] ; ujmp: jmp dword [eax*4 + 0x437e49] loc_004396d7: mov cl, byte [ref_0048c42b] ; mov cl, byte [0x48c42b] test cl, cl je near loc_00439776 ; je 0x439776 mov ch, cl dec ch mov byte [ref_0048c42b], ch ; mov byte [0x48c42b], ch jne near loc_00437f23 ; jne 0x437f23 mov dword [esp + 0xc0], 0x4c mov dword [esp + 0xc4], 0xa0 mov dword [esp + 0xc8], 0x9c mov dword [esp + 0xcc], 0xb4 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [esp + 0xc4] push eax mov edx, dword [esp + 0xc4] push edx mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0x120 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx loc_00439759: call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall jmp near loc_0043981c ; jmp 0x43981c loc_00439776: call clib_rand ; call 0x456f2d mov ebx, eax sar ebx, 0xb cmp ebx, 4 jge near loc_00437f23 ; jge 0x437f23 mov dword [esp + 0xc0], 0x4c mov dword [esp + 0xc4], 0xa0 mov dword [esp + 0xc8], 0x9c mov dword [esp + 0xcc], 0xb4 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall call clib_rand ; call 0x456f2d test al, 1 je short loc_00439833 ; je 0x439833 mov ebp, dword [esp + 0xc4] push ebp mov eax, dword [esp + 0xc4] push eax mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0x114 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx loc_004397f6: call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 loc_004397fe: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall call clib_rand ; call 0x456f2d and al, 7 inc al mov byte [ref_0048c42b], al ; mov byte [0x48c42b], al loc_0043981c: push 0 lea eax, [esp + 0xc4] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_00437f23 ; jmp 0x437f23 loc_00439833: push 0x14 push 0x50 push 0x5a push 0x34 mov ecx, dword [esp + 0xd4] push ecx mov ebx, dword [esp + 0xd4] push ebx mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xf0 push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_0045643d ; call 0x45643d add esp, 0x20 jmp short loc_004397fe ; jmp 0x4397fe loc_00439867: mov dh, byte [ref_0048c42b] ; mov dh, byte [0x48c42b] test dh, dh je short loc_004398ea ; je 0x4398ea mov bl, dh dec bl mov byte [ref_0048c42b], bl ; mov byte [0x48c42b], bl jne near loc_00437f23 ; jne 0x437f23 mov dword [esp + 0xc0], 0x67 mov dword [esp + 0xc4], 0x9b mov dword [esp + 0xc8], 0xa3 mov dword [esp + 0xcc], 0xb4 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov edx, dword [esp + 0xc4] push edx mov ecx, dword [esp + 0xc4] push ecx mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0x168 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx jmp near loc_00439759 ; jmp 0x439759 loc_004398ea: call clib_rand ; call 0x456f2d mov ebx, eax sar ebx, 0xb cmp ebx, 4 jge near loc_00437f23 ; jge 0x437f23 mov dword [esp + 0xc0], 0x67 mov dword [esp + 0xc4], 0x9b mov dword [esp + 0xc8], 0xa3 mov dword [esp + 0xcc], 0xb4 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [esp + 0xc4] push eax mov edx, dword [esp + 0xc4] push edx mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0x174 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx jmp near loc_004397f6 ; jmp 0x4397f6 loc_00439966: mov al, byte [ref_0048c42b] ; mov al, byte [0x48c42b] test al, al je short loc_004399e8 ; je 0x4399e8 mov ah, al dec ah mov byte [ref_0048c42b], ah ; mov byte [0x48c42b], ah jne near loc_00437f23 ; jne 0x437f23 mov dword [esp + 0xc0], 0x57 mov dword [esp + 0xc4], 0xa1 mov dword [esp + 0xc8], 0xa3 mov dword [esp + 0xcc], 0xbc mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ebp, dword [esp + 0xc4] push ebp mov eax, dword [esp + 0xc4] push eax mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0x1bc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx jmp near loc_00439759 ; jmp 0x439759 loc_004399e8: call clib_rand ; call 0x456f2d mov ebx, eax sar ebx, 0xb cmp ebx, 4 jge near loc_00437f23 ; jge 0x437f23 mov dword [esp + 0xc0], 0x57 mov dword [esp + 0xc4], 0xa1 mov dword [esp + 0xc8], 0xa3 mov dword [esp + 0xcc], 0xbc mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov edi, dword [esp + 0xc4] push edi mov ebp, dword [esp + 0xc4] push ebp mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0x1b0 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax jmp near loc_004397f6 ; jmp 0x4397f6 loc_00439a63: mov bh, byte [ref_0048c42b] ; mov bh, byte [0x48c42b] test bh, bh je short loc_00439ae6 ; je 0x439ae6 mov cl, bh dec cl mov byte [ref_0048c42b], cl ; mov byte [0x48c42b], cl jne near loc_00437f23 ; jne 0x437f23 mov dword [esp + 0xc0], 0x5a mov dword [esp + 0xc4], 0x86 mov dword [esp + 0xc8], 0x96 mov dword [esp + 0xcc], 0xae mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ebx, dword [esp + 0xc4] push ebx mov edi, dword [esp + 0xc4] push edi mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0x210 push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp jmp near loc_00439759 ; jmp 0x439759 loc_00439ae6: call clib_rand ; call 0x456f2d mov ebx, eax sar ebx, 0xb cmp ebx, 4 jge near loc_00437f23 ; jge 0x437f23 mov dword [esp + 0xc0], 0x5a mov dword [esp + 0xc4], 0x86 mov dword [esp + 0xc8], 0x96 mov dword [esp + 0xcc], 0xae mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ecx, dword [esp + 0xc4] push ecx mov ebx, dword [esp + 0xc4] push ebx mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0x21c push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi jmp near loc_004397f6 ; jmp 0x4397f6 loc_00439b62: cmp byte [ref_0048c42a], 0 ; cmp byte [0x48c42a], 0 je near loc_00437f23 ; je 0x437f23 push 1 call fcn_0044ee18 ; call 0x44ee18 add esp, 4 mov byte [ref_0048c42e], 1 ; mov byte [0x48c42e], 1 jmp near loc_00437f23 ; jmp 0x437f23 loc_00439b85: lea eax, [esp + 0x80] push eax push esi call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov eax, dword [eax] push 0x10 lea edx, [esp + 0x8c] push edx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [esp + 0x98] push ebx mov edi, dword [esp + 0x98] push edi mov ebp, dword [ref_0048a0dc] ; mov ebp, dword [0x48a0dc] push ebp call dword [eax + 0x1c] ; ucall lea eax, [esp + 0x80] push eax push esi call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_00437f23 ; jmp 0x437f23 loc_00439bdc: mov edx, dword [esp + 0xf0] push edx mov ecx, dword [esp + 0xf0] push ecx push eax push esi call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_00437f25 ; jmp 0x437f25 fcn_00439bfa: push ebx push esi push edi push ebp sub esp, 0x84 push ref_00475b17 ; push 0x475b17 call fcn_00454176 ; call 0x454176 add esp, 4 push 0 push 0 push 0x19 mov edx, dword [ref_0048a05c] ; mov edx, dword [0x48a05c] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c41c], eax ; mov dword [0x48c41c], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [ebx + 0x64] ; ucall push 0 push 0 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xc push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x46 push 0x18 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xf0 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0 push 2 push 0 push 0x101010 push 0x12 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov byte [esp], 0x24 xor dl, dl mov byte [esp + 1], dl xor eax, eax xor dh, dh mov byte [ref_0048c420], dh ; mov byte [0x48c420], dh mov esi, dword [_nplayers] ; mov esi, dword [0x499114] loc_00439caa: cmp eax, esi jge short loc_00439cd5 ; jge 0x439cd5 imul ebx, eax, 0x68 cmp byte [ebx + (_players+21)], 0 ; cmp byte [ebx + 0x496b7d], 0 je short loc_00439cd2 ; je 0x439cd2 mov dl, byte [ref_0048c420] ; mov dl, byte [0x48c420] xor ebx, ebx mov bl, dl mov byte [ebx + ref_0048c418], al ; mov byte [ebx + 0x48c418], al inc dl mov byte [ref_0048c420], dl ; mov byte [0x48c420], dl loc_00439cd2: inc eax jmp short loc_00439caa ; jmp 0x439caa loc_00439cd5: xor ebx, ebx loc_00439cd7: movzx esi, byte [ref_0048c420] ; movzx esi, byte [0x48c420] cmp ebx, esi jge near loc_00439e64 ; jge 0x439e64 xor eax, eax mov al, byte [ebx + ref_0048c418] ; mov al, byte [ebx + 0x48c418] mov edi, esi shl edi, 3 mov esi, ebx movsx esi, word [edi + esi*2 + ref_00475918] ; movsx esi, word [edi + esi*2 + 0x475918] push esi push 0x258 imul esi, eax, 0x68 movzx edi, byte [esi + (_players+19)] ; movzx edi, byte [esi + 0x496b7b] mov eax, edi shl eax, 2 sub eax, edi lea edi, [eax + 0x2f] mov eax, edi shl eax, 2 sub eax, edi mov edi, eax shl edi, 2 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xc add eax, edi push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0 push 6 push 4 push ref_00464e56 ; push 0x464e56 lea edi, [ebx + 0xb] mov eax, edi shl eax, 2 sub eax, edi mov edi, eax shl edi, 2 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xc add eax, edi push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [esi + (_players+32)] ; mov eax, dword [esi + 0x496b88] push eax lea eax, [esp + 5] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 1 push 6 push 0x9a lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xc add eax, edi push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 0x2e push 4 push ref_00464e90 ; push 0x464e90 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xc add eax, edi push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 cmp dword [esi + (_players+36)], 0 ; cmp dword [esi + 0x496b8c], 0 je short loc_00439e10 ; je 0x439e10 push 0 push 2 push 0 push 0xff0000 push 0x12 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 1 push 0x2e push 0x9a push ref_00464e97 ; push 0x464e97 mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xc add eax, edi push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 2 push 0 push 0x101010 push 0x12 call fcn_0044f9d8 ; call 0x44f9d8 jmp short loc_00439e5b ; jmp 0x439e5b loc_00439e10: fild dword [esi + (_players+32)] ; fild dword [esi + 0x496b88] fmul qword [ref_00464ea0] ; fmul qword [0x464ea0] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x80] mov ecx, dword [esp + 0x80] push ecx lea eax, [esp + 5] push eax call fcn_00452793 ; call 0x452793 add esp, 8 push 1 push 0x2e push 0x9a lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0xc add eax, edi push eax call fcn_0044fabc ; call 0x44fabc loc_00439e5b: add esp, 0x14 inc ebx jmp near loc_00439cd7 ; jmp 0x439cd7 loc_00439e64: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push eax call dword [ebx + 0x80] ; ucall push 0 push 0x101010 push 0xffffffffffffffe2 push 0 push 0xa push 0xbe mov eax, dword [ref_0048c41c] ; mov eax, dword [0x48c41c] add eax, 0x18 push eax call fcn_0044ec30 ; call 0x44ec30 add esp, 0x1c push 9 call fcn_004549cf ; call 0x4549cf add esp, 4 push 0 push fcn_00437e61 ; push 0x437e61 call _Wait_0402_Message ; call 0x4018e7 add esp, 8 call fcn_00454bcc ; call 0x454bcc mov edi, dword [ref_0048c41c] ; mov edi, dword [0x48c41c] push edi call clib_free ; call 0x456e11 add esp, 4 xor ebx, ebx loc_00439ec6: xor eax, eax mov al, byte [ref_0048c420] ; mov al, byte [0x48c420] cmp ebx, eax jge short loc_00439ef5 ; jge 0x439ef5 xor eax, eax mov al, byte [ebx + ref_0048c418] ; mov al, byte [ebx + 0x48c418] imul eax, eax, 0x68 xor ch, ch mov byte [eax + (_players+66)], ch ; mov byte [eax + 0x496baa], ch xor esi, esi mov dword [eax + (_players+92)], esi ; mov dword [eax + 0x496bc4], esi mov dword [eax + (_players+96)], esi ; mov dword [eax + 0x496bc8], esi inc ebx jmp short loc_00439ec6 ; jmp 0x439ec6 loc_00439ef5: push ref_00475b17 ; push 0x475b17 call fcn_00454240 ; call 0x454240 add esp, 4 add esp, 0x84 pop ebp pop edi pop esi pop ebx ret fcn_00439f0d: push ebx push esi push edi push ebp sub esp, 0x1c mov ebx, dword [esp + 0x34] xor edi, edi xor ebp, ebp call clib_rand ; call 0x456f2d mov dword [esp + 0x18], eax fild dword [esp + 0x18] fdiv dword [ref_00465014] ; fdiv dword [0x465014] fmul qword [ref_00465018] ; fmul qword [0x465018] fadd qword [ref_00465020] ; fadd qword [0x465020] fstp dword [esp + 8] cmp ebx, 0x7d0 jle near loc_0043a054 ; jle 0x43a054 cmp ebx, 0xfa0 jge near loc_0043a054 ; jge 0x43a054 sub ebx, 0x7d0 imul ebx, ebx, 0x34 mov esi, dword [ref_00498e84] ; mov esi, dword [0x498e84] lea eax, [esi + ebx] mov dword [esp + 0x14], eax mov ebx, 1 loc_00439f72: add esi, 0x34 cmp ebx, dword [ref_00498e98] ; cmp ebx, dword [0x498e98] jg short loc_00439fab ; jg 0x439fab xor eax, eax mov al, byte [esi + 0x19] cmp eax, dword [esp + 0x30] jne short loc_00439fa1 ; jne 0x439fa1 mov eax, dword [esp + 0x14] add eax, 4 push eax lea eax, [esi + 4] push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne short loc_00439fa1 ; jne 0x439fa1 inc ebp loc_00439fa1: cmp byte [esi + 0x19], 0 jne short loc_00439fa8 ; jne 0x439fa8 inc edi loc_00439fa8: inc ebx jmp short loc_00439f72 ; jmp 0x439f72 loc_00439fab: mov dword [esp + 0x18], edi fild dword [esp + 0x18] fild dword [ref_00498e98] ; fild dword [0x498e98] fdivp st1 ; fdivp st(1) fmul dword [ref_00465028] ; fmul dword [0x465028] fsubr dword [ref_0046502c] ; fsubr dword [0x46502c] fstp dword [esp] xor eax, eax mov ebx, dword [esp + 0x14] mov al, byte [ebx + 0x1a] sar eax, 1 inc eax add eax, ebp imul eax, dword [ref_0048c488] ; imul eax, dword [0x48c488] mov ecx, dword [ref_004990e8] ; mov ecx, dword [0x4990e8] imul eax, ecx mov dword [esp + 0x18], eax fild dword [esp + 0x18] fmul dword [esp] fmul dword [esp + 8] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x10] xor eax, eax mov ax, word [ebx + 0x1c] imul eax, ecx mov dword [esp + 0x18], eax fild dword [esp + 0x18] fstp dword [esp + 4] call clib_rand ; call 0x456f2d mov dword [esp + 0x18], eax fild dword [esp + 0x18] fmul dword [ref_00465030] ; fmul dword [0x465030] fadd dword [ref_00465034] ; fadd dword [0x465034] fmul dword [esp + 4] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0xc] mov eax, dword [esp + 0x10] mov esi, dword [esp + 0xc] cmp eax, esi jle near loc_0043a131 ; jle 0x43a131 mov dword [esp + 0x10], esi jmp near loc_0043a131 ; jmp 0x43a131 loc_0043a054: lea eax, [ebx - 0xfa0] shl eax, 3 mov ebx, eax shl eax, 3 sub eax, ebx mov ebp, dword [ref_00498e88] ; mov ebp, dword [0x498e88] add ebp, eax mov ebx, 1 loc_0043a071: cmp ebx, dword [ref_00498e8c] ; cmp ebx, dword [0x498e8c] jg short loc_0043a097 ; jg 0x43a097 mov eax, ebx shl eax, 3 mov esi, eax shl eax, 3 sub eax, esi mov esi, eax mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] cmp byte [esi + eax + 0x19], 0 jne short loc_0043a094 ; jne 0x43a094 inc edi loc_0043a094: inc ebx jmp short loc_0043a071 ; jmp 0x43a071 loc_0043a097: mov dword [esp + 0x18], edi fild dword [esp + 0x18] fild dword [ref_00498e8c] ; fild dword [0x498e8c] fdivp st1 ; fdivp st(1) fmul dword [ref_00465028] ; fmul dword [0x465028] fsubr dword [ref_0046502c] ; fsubr dword [0x46502c] fstp dword [esp] xor eax, eax mov al, byte [ebp + 0x1a] sar eax, 1 inc eax imul eax, dword [ref_0048c488] ; imul eax, dword [0x48c488] mov ebx, dword [ref_004990e8] ; mov ebx, dword [0x4990e8] imul eax, ebx mov dword [esp + 0x18], eax fild dword [esp + 0x18] fmul dword [esp] fmul dword [esp + 8] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x10] xor eax, eax mov ax, word [ebp + 0x22] imul eax, ebx mov dword [esp + 0x18], eax fild dword [esp + 0x18] fstp dword [esp + 4] call clib_rand ; call 0x456f2d mov dword [esp + 0x18], eax fild dword [esp + 0x18] fmul dword [ref_00465030] ; fmul dword [0x465030] fadd dword [ref_00465034] ; fadd dword [0x465034] fmul dword [esp + 4] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0xc] mov eax, dword [esp + 0x10] mov edi, dword [esp + 0xc] cmp eax, edi jle short loc_0043a131 ; jle 0x43a131 mov dword [esp + 0x10], edi loc_0043a131: mov ebx, dword [esp + 0x30] dec ebx imul ebx, ebx, 0x68 mov eax, dword [ebx + (_players+28)] ; mov eax, dword [ebx + 0x496b84] cmp eax, dword [esp + 0x10] jge short loc_0043a149 ; jge 0x43a149 mov dword [esp + 0x10], eax loc_0043a149: mov eax, dword [esp + 0x10] add esp, 0x1c pop ebp pop edi pop esi pop ebx ret fcn_0043a155: push ebx push esi push edi push ebp sub esp, 0x20 mov ebx, dword [esp + 0x3c] mov eax, dword [esp + 0x38] shl eax, 3 mov esi, eax shl eax, 4 sub eax, esi lea esi, [eax + 0x50] mov edx, dword [esp + 0x38] mov eax, edx shl eax, 2 add eax, edx mov ax, word [eax*4 + ref_0048c434] ; mov ax, word [eax*4 + 0x48c434] and eax, 0xffff dec eax imul eax, eax, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff lea edx, [eax + 0x4e] mov ecx, dword [ref_0048c49c] ; mov ecx, dword [0x48c49c] mov edi, edx shl edi, 2 sub edi, edx shl edi, 2 lea eax, [ecx + edi] movsx edx, word [eax + 0x10] mov ecx, 0x24e sub ecx, edx mov dword [esp], ecx movsx edx, word [eax + 0x12] mov ecx, esi sub ecx, edx mov dword [esp + 4], ecx movsx edx, word [eax + 0xc] mov ecx, dword [esp] add ecx, edx mov dword [esp + 8], ecx movsx eax, word [eax + 0xe] mov edx, dword [esp + 4] add edx, eax mov dword [esp + 0xc], edx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall cmp dword [esp + 0x40], 0 jne short loc_0043a234 ; jne 0x43a234 mov eax, dword [esp + 0xc] mov edi, dword [esp + 4] sub eax, edi push eax mov eax, dword [esp + 0xc] mov ebp, dword [esp + 4] sub eax, ebp push eax push edi push ebp push edi push ebp mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0xc push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_0045643d ; call 0x45643d add esp, 0x20 jmp short loc_0043a254 ; jmp 0x43a254 loc_0043a234: push esi push 0x24e mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0xc add edi, eax push edi mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 loc_0043a254: test ebx, ebx je short loc_0043a2b2 ; je 0x43a2b2 push esi push 0x24e push 0 push ebx mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045663e ; call 0x45663e add esp, 0x14 movsx eax, word [ebx + 0x10] mov edx, 0x24e sub edx, eax mov dword [esp + 0x10], edx movsx eax, word [ebx + 0x12] sub esi, eax mov dword [esp + 0x14], esi movsx eax, word [ebx + 0xc] add edx, eax mov dword [esp + 0x18], edx movsx eax, word [ebx + 0xe] lea edx, [esi + eax] mov dword [esp + 0x1c], edx mov eax, esp push eax lea eax, [esp + 0x14] push eax lea eax, [esp + 8] push eax call fcn_00452808 ; call 0x452808 add esp, 0xc loc_0043a2b2: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 4] push eax mov edx, dword [esp + 0x3c] push edx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] add esp, 0x20 pop ebp pop edi pop esi pop ebx ret fcn_0043a2dd: push ebx push esi push edi push ebp sub esp, 0xe8 mov ebp, dword [esp + 0xfc] mov eax, dword [esp + 0x100] mov ebx, dword [esp + 0x104] cmp eax, 0x202 jb short loc_0043a343 ; jb 0x43a343 jbe near loc_0043bc59 ; jbe 0x43bc59 cmp eax, 0x401 jb short loc_0043a333 ; jb 0x43a333 jbe short loc_0043a365 ; jbe 0x43a365 cmp eax, 0x405 jb near loc_0043bdb9 ; jb 0x43bdb9 jbe near loc_0043a3e6 ; jbe 0x43a3e6 cmp eax, 0x407 je near loc_0043a3fc ; je 0x43a3fc jmp near loc_0043bdb9 ; jmp 0x43bdb9 loc_0043a333: cmp eax, 0x203 loc_0043a338: je near loc_0043bb25 ; je 0x43bb25 jmp near loc_0043bdb9 ; jmp 0x43bdb9 loc_0043a343: cmp eax, 0x113 jb short loc_0043a357 ; jb 0x43a357 jbe near loc_0043a6d5 ; jbe 0x43a6d5 cmp eax, 0x201 jmp short loc_0043a338 ; jmp 0x43a338 loc_0043a357: cmp eax, 0xf je near loc_0043bd48 ; je 0x43bd48 jmp near loc_0043bdb9 ; jmp 0x43bdb9 loc_0043a365: mov al, byte [esp + 0x108] mov byte [ref_0048c4b1], al ; mov byte [0x48c4b1], al xor dl, dl mov byte [ref_0048c4ac], dl ; mov byte [0x48c4ac], dl mov byte [ref_0048c4ad], dl ; mov byte [0x48c4ad], dl mov byte [ref_0048c4ae], dl ; mov byte [0x48c4ae], dl mov byte [ref_0048c4af], dl ; mov byte [0x48c4af], dl mov byte [ref_0048c4b0], dl ; mov byte [0x48c4b0], dl xor ecx, ecx mov dword [ref_0048c4a4], ecx ; mov dword [0x48c4a4], ecx mov dword [ref_0048c4a8], 0xffffffff ; mov dword [0x48c4a8], 0xffffffff push ecx push 0x64 mov esi, dword [_callbackSize] ; mov esi, dword [0x46cad8] push esi push ebp call dword [cs:__imp__SetTimer@16] ; ucall: call dword cs:[0x462324] mov dword [ref_0048c4a0], eax ; mov dword [0x48c4a0], eax push 0 push 0 push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 push 0 push 0x405 push ebp call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] loc_0043a3d7: xor eax, eax loc_0043a3d9: add esp, 0xe8 pop ebp pop edi pop esi pop ebx ret 0x10 loc_0043a3e6: push ref_00465038 ; push 0x465038 call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 mov byte [ref_0048c4ac], 1 ; mov byte [0x48c4ac], 1 jmp short loc_0043a3d7 ; jmp 0x43a3d7 loc_0043a3fc: push 0 push ref_00475bc2 ; push 0x475bc2 call fcn_004542ce ; call 0x4542ce add esp, 8 mov edx, dword [ref_0048c4a4] ; mov edx, dword [0x48c4a4] mov eax, edx shl eax, 2 add eax, edx shl eax, 2 test ebx, ebx jbe short loc_0043a426 ; jbe 0x43a426 cmp ebx, 6 je short loc_0043a43a ; je 0x43a43a jmp short loc_0043a478 ; jmp 0x43a478 loc_0043a426: mov word [eax + ref_0048c436], 1 ; mov word [eax + 0x48c436], 1 or word [ref_0048c4a4], 0x110 ; or word [0x48c4a4], 0x110 jmp short loc_0043a3d7 ; jmp 0x43a3d7 loc_0043a43a: push 0 mov edx, dword [eax + ref_0048c440] ; mov edx, dword [eax + 0x48c440] push edx mov ecx, dword [ref_0048c4a4] ; mov ecx, dword [0x48c4a4] push ecx push ebp call fcn_0043a155 ; call 0x43a155 add esp, 0x10 mov edx, dword [ref_0048c4a4] ; mov edx, dword [0x48c4a4] mov eax, edx shl eax, 2 add eax, edx xor edx, edx mov word [eax*4 + ref_0048c434], dx ; mov word [eax*4 + 0x48c434], dx or word [ref_0048c4a4], 0x120 ; or word [0x48c4a4], 0x120 jmp near loc_0043a3d7 ; jmp 0x43a3d7 loc_0043a478: mov edx, dword [ref_0048c4a4] ; mov edx, dword [0x48c4a4] mov eax, edx shl eax, 2 add eax, edx mov ax, word [eax*4 + ref_0048c434] ; mov ax, word [eax*4 + 0x48c434] and eax, 0xffff dec eax imul edx, eax, 0x68 mov eax, dword [ref_0048c488] ; mov eax, dword [0x48c488] add eax, dword [ebx*4 + ref_00475ba2] ; add eax, dword [ebx*4 + 0x475ba2] cmp eax, dword [edx + (_players+28)] ; cmp eax, dword [edx + 0x496b84] jg near loc_0043a3d7 ; jg 0x43a3d7 mov dword [ref_0048c488], eax ; mov dword [0x48c488], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0 push 3 push 0x101010 push 0xf0d020 push 0x12 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov dword [esp + 0xd0], 0x208 mov dword [esp + 0xd8], 0x26c xor ebx, ebx mov esi, 0x50 jmp short loc_0043a50d ; jmp 0x43a50d loc_0043a500: add esi, 0x78 inc ebx cmp ebx, 4 jge near loc_0043a5eb ; jge 0x43a5eb loc_0043a50d: mov eax, ebx shl eax, 2 add eax, ebx cmp word [eax*4 + ref_0048c434], 0 ; cmp word [eax*4 + 0x48c434], 0 je short loc_0043a500 ; je 0x43a500 mov eax, dword [ref_0048c4a8] ; mov eax, dword [0x48c4a8] and eax, 3 cmp eax, ebx jne short loc_0043a580 ; jne 0x43a580 lea eax, [esi + 0x19] mov dword [esp + 0xd4], eax lea eax, [esi + 0x2d] mov dword [esp + 0xdc], eax push 0x14 push 0x64 mov edi, dword [esp + 0xdc] push edi push 0x208 push edi push 0x208 mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0 lea eax, [esp + 0xd4] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_0043a580: mov eax, dword [ref_0048c4a4] ; mov eax, dword [0x48c4a4] and eax, 3 cmp eax, ebx jne near loc_0043a500 ; jne 0x43a500 lea edi, [esi + 0x19] mov dword [esp + 0xd4], edi lea eax, [esi + 0x2d] mov dword [esp + 0xdc], eax mov ecx, dword [ref_0048c488] ; mov ecx, dword [0x48c488] push ecx push ref_00465050 ; push 0x465050 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 1 push edi push 0x26c lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 lea eax, [esp + 0xd4] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_0043a500 ; jmp 0x43a500 loc_0043a5eb: mov ebx, 0xb4 mov dword [esp + 0xd0], ebx mov esi, 0x104 mov dword [esp + 0xd4], esi mov edi, 0x118 mov dword [esp + 0xd8], edi mov dword [esp + 0xdc], edi push 0x14 push 0x64 push esi push ebx push esi push ebx mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0 push 3 push 0x101010 push 0xffffff push 0x12 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov ecx, dword [ref_0048c488] ; mov ecx, dword [0x48c488] push ecx push ref_00465050 ; push 0x465050 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 1 push 0x106 push 0x110 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0xd4] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov eax, dword [ref_0048c4a4] ; mov eax, dword [0x48c4a4] mov dword [ref_0048c4a8], eax ; mov dword [0x48c4a8], eax xor ebx, ebx loc_0043a6b0: mov esi, ebx mov eax, ebx shl eax, 2 add eax, ebx xor esi, ebx mov word [eax*4 + ref_0048c436], si ; mov word [eax*4 + 0x48c436], si inc ebx cmp ebx, 4 jl short loc_0043a6b0 ; jl 0x43a6b0 or byte [ref_0048c4a5], 1 ; or byte [0x48c4a5], 1 jmp near loc_0043a3d7 ; jmp 0x43a3d7 loc_0043a6d5: cmp byte [ref_0048c4ac], 0 ; cmp byte [0x48c4ac], 0 je near loc_0043a3d7 ; je 0x43a3d7 cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je near loc_0043a3d7 ; je 0x43a3d7 cmp ebx, dword [_callbackSize] ; cmp ebx, dword [0x46cad8] jne near loc_0043a3d7 ; jne 0x43a3d7 test byte [ref_0048c4a5], 0xff ; test byte [0x48c4a5], 0xff je near loc_0043ab5a ; je 0x43ab5a mov ebx, dword [ref_0048c4a4] ; mov ebx, dword [0x48c4a4] sar ebx, 8 mov ecx, dword [ref_0048c4a4] ; mov ecx, dword [0x48c4a4] and ecx, 3 mov eax, ecx shl eax, 2 add eax, ecx mov esi, dword [eax*4 + ref_0048c43c] ; mov esi, dword [eax*4 + 0x48c43c] mov esi, dword [esi + 4] mov eax, ecx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx add eax, 0x50 mov dword [esp + 0xe4], eax mov edi, dword [ref_0048c4a4] ; mov edi, dword [0x48c4a4] sar edi, 4 and edi, 3 cmp ebx, 1 jne near loc_0043a8c4 ; jne 0x43a8c4 test edi, edi jne short loc_0043a766 ; jne 0x43a766 push edi push edi push ecx push ebp call fcn_0043a155 ; call 0x43a155 add esp, 0x10 loc_0043a766: mov dword [esp + 0xd0], 0x196 mov eax, dword [esp + 0xe4] sub eax, 0x4a mov dword [esp + 0xd4], eax mov dword [esp + 0xd8], 0x224 mov eax, dword [esp + 0xe4] add eax, 0x27 mov dword [esp + 0xdc], eax push 0 push 2 push 0 push 0x101010 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax push 0x71 push 0x8e mov ecx, dword [esp + 0xdc] push ecx mov eax, dword [esp + 0xdc] push eax mov edx, dword [ref_0048c484] ; mov edx, dword [0x48c484] push edx push ref_0046caec ; push 0x46caec call fcn_00451a97 ; call 0x451a97 add esp, 0x18 mov eax, dword [esp + 0xe4] sub eax, 0xf mov dword [esp + 0xe0], eax push eax push 0x1e0 mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0x18 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 cmp edi, 1 jb short loc_0043a83a ; jb 0x43a83a jbe short loc_0043a86d ; jbe 0x43a86d cmp edi, 2 je short loc_0043a885 ; je 0x43a885 jmp short loc_0043a8a2 ; jmp 0x43a8a2 loc_0043a83a: test edi, edi jne short loc_0043a8a2 ; jne 0x43a8a2 mov eax, dword [ref_0048c488] ; mov eax, dword [0x48c488] push eax push ref_00465050 ; push 0x465050 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 2 mov edx, dword [esp + 0xe4] push edx push 0x1e0 lea eax, [esp + 0xc] push eax push edi jmp short loc_0043a89a ; jmp 0x43a89a loc_0043a86d: push 2 mov ecx, dword [esp + 0xe4] push ecx push 0x1e0 push ref_00465055 ; push 0x465055 push 0 jmp short loc_0043a89a ; jmp 0x43a89a loc_0043a885: push edi mov edx, dword [esp + 0xe4] push edx push 0x1e0 push ref_0046505e ; push 0x46505e push 0 loc_0043a89a: call fcn_0044fabc ; call 0x44fabc add esp, 0x14 loc_0043a8a2: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0xd4] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_0043a8c4: cmp ebx, esi jg near loc_0043aa9a ; jg 0x43aa9a test edi, edi jne near loc_0043aa9a ; jne 0x43aa9a mov edx, dword [ref_0048c4a4] ; mov edx, dword [0x48c4a4] and edx, 3 mov eax, edx shl eax, 2 add eax, edx mov ecx, dword [eax*4 + ref_0048c43c] ; mov ecx, dword [eax*4 + 0x48c43c] lea edx, [ebx - 1] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 add eax, ecx movsx edx, word [eax + 0x10] mov ecx, 0x24e sub ecx, edx mov dword [esp + 0xd0], ecx movsx edx, word [eax + 0x12] mov ecx, dword [esp + 0xe4] sub ecx, edx mov dword [esp + 0xd4], ecx movsx edx, word [eax + 0xc] mov ecx, dword [esp + 0xd0] add ecx, edx mov dword [esp + 0xd8], ecx movsx eax, word [eax + 0xe] mov edx, dword [esp + 0xd4] add edx, eax mov dword [esp + 0xdc], edx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push edi push 1 push ref_0048a068 ; push 0x48a068 push edi push eax call dword [edx + 0x64] ; ucall mov eax, dword [esp + 0xdc] mov ecx, dword [esp + 0xd4] sub eax, ecx push eax mov eax, dword [esp + 0xdc] mov edi, dword [esp + 0xd4] sub eax, edi push eax push ecx push edi push ecx push edi mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0xc push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045643d ; call 0x45643d add esp, 0x20 mov edx, dword [ref_0048c4a4] ; mov edx, dword [0x48c4a4] and edx, 3 mov eax, edx shl eax, 2 add eax, edx shl eax, 2 cmp ebx, esi jne short loc_0043a9c3 ; jne 0x43a9c3 xor ebx, esi mov edx, dword [esp + 0xe4] push edx push 0x24e push 0 jmp short loc_0043a9d1 ; jmp 0x43a9d1 loc_0043a9c3: mov edx, dword [esp + 0xe4] push edx push 0x24e push ebx loc_0043a9d1: mov ecx, dword [eax + ref_0048c43c] ; mov ecx, dword [eax + 0x48c43c] push ecx mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_0045663e ; call 0x45663e add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov edx, dword [ref_0048c4a4] ; mov edx, dword [0x48c4a4] and edx, 3 mov eax, edx shl eax, 2 add eax, edx mov ecx, dword [eax*4 + ref_0048c43c] ; mov ecx, dword [eax*4 + 0x48c43c] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 add eax, ecx movsx edx, word [eax + 0x10] mov ecx, 0x24e sub ecx, edx mov dword [esp + 0xc0], ecx movsx edx, word [eax + 0x12] mov ecx, dword [esp + 0xe4] sub ecx, edx mov dword [esp + 0xc4], ecx movsx edx, word [eax + 0xc] mov ecx, dword [esp + 0xc0] add ecx, edx mov dword [esp + 0xc8], ecx movsx eax, word [eax + 0xe] mov edx, dword [esp + 0xc4] add edx, eax mov dword [esp + 0xcc], edx lea eax, [esp + 0xd0] push eax lea eax, [esp + 0xc4] push eax lea eax, [esp + 0xd8] push eax call fcn_00452808 ; call 0x452808 add esp, 0xc push 0 lea eax, [esp + 0xd4] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_0043aa9a: cmp ebx, esi jle near loc_0043ab50 ; jle 0x43ab50 cmp ebx, 0xa jl near loc_0043ab50 ; jl 0x43ab50 mov dword [esp + 0xd0], 0x196 mov eax, dword [esp + 0xe4] sub eax, 0x4a mov dword [esp + 0xd4], eax mov dword [esp + 0xd8], 0x224 mov eax, dword [esp + 0xe4] add eax, 0x27 mov dword [esp + 0xdc], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ebx, dword [esp + 0xd4] push ebx mov esi, dword [esp + 0xd4] push esi mov edi, dword [ref_0048c484] ; mov edi, dword [0x48c484] push edi mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0xd4] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] and dword [ref_0048c4a4], 3 ; and dword [0x48c4a4], 3 mov byte [ref_0048c4ac], 5 ; mov byte [0x48c4ac], 5 jmp short loc_0043ab5a ; jmp 0x43ab5a loc_0043ab50: add dword [ref_0048c4a4], 0x100 ; add dword [0x48c4a4], 0x100 loc_0043ab5a: test byte [ref_0048c4a6], 0xff ; test byte [0x48c4a6], 0xff je near loc_0043aeb7 ; je 0x43aeb7 mov ebx, dword [ref_0048c4a4] ; mov ebx, dword [0x48c4a4] sar ebx, 0x10 dec ebx mov edx, dword [ref_0048c4a8] ; mov edx, dword [0x48c4a8] mov eax, edx shl eax, 2 add edx, eax shl edx, 2 mov esi, dword [edx + ref_0048c444] ; mov esi, dword [edx + 0x48c444] mov esi, dword [esi + 4] mov eax, dword [ref_0048c4a8] ; mov eax, dword [0x48c4a8] shl eax, 3 mov edi, eax shl eax, 4 sub eax, edi add eax, 0x50 mov dword [esp + 0xe4], eax test ebx, ebx jne near loc_0043ad4e ; jne 0x43ad4e mov eax, dword [edx + ref_0048c43c] ; mov eax, dword [edx + 0x48c43c] movsx edx, word [eax + 0x10] mov ecx, 0x24e sub ecx, edx mov dword [esp + 0xd0], ecx movsx edx, word [eax + 0x12] mov ecx, dword [esp + 0xe4] sub ecx, edx mov dword [esp + 0xd4], ecx movsx edx, word [eax + 0xc] mov ecx, dword [esp + 0xd0] add ecx, edx mov dword [esp + 0xd8], ecx movsx eax, word [eax + 0xe] mov edx, dword [esp + 0xd4] add edx, eax mov dword [esp + 0xdc], edx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push ebx push 1 push ref_0048a068 ; push 0x48a068 push ebx push eax call dword [edx + 0x64] ; ucall mov eax, dword [esp + 0xdc] mov ebx, dword [esp + 0xd4] sub eax, ebx push eax mov eax, dword [esp + 0xdc] mov esi, dword [esp + 0xd4] sub eax, esi push eax push ebx push esi push ebx push esi mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0xc push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_0045643d ; call 0x45643d add esp, 0x20 mov esi, dword [esp + 0xe4] push esi push 0x24e push 0 mov edx, dword [ref_0048c4a8] ; mov edx, dword [0x48c4a8] mov eax, edx shl eax, 2 add eax, edx mov edi, dword [eax*4 + ref_0048c444] ; mov edi, dword [eax*4 + 0x48c444] push edi mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045663e ; call 0x45663e add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall lea eax, [esp + 0xd0] push eax lea eax, [esp + 0xc4] push eax lea eax, [esp + 0xd8] push eax call fcn_00452808 ; call 0x452808 add esp, 0xc mov edx, dword [ref_0048c4a8] ; mov edx, dword [0x48c4a8] mov eax, edx shl eax, 2 add eax, edx mov eax, dword [eax*4 + ref_0048c444] ; mov eax, dword [eax*4 + 0x48c444] movsx edx, word [eax + 0x10] mov ecx, 0x24e sub ecx, edx mov dword [esp + 0xc0], ecx movsx edx, word [eax + 0x12] mov ecx, esi loc_0043acdf: sub ecx, edx mov dword [esp + 0xc4], ecx movsx edx, word [eax + 0xc] mov ecx, dword [esp + 0xc0] add ecx, edx mov dword [esp + 0xc8], ecx movsx eax, word [eax + 0xe] mov edx, dword [esp + 0xc4] add edx, eax mov dword [esp + 0xcc], edx lea eax, [esp + 0xd0] push eax lea eax, [esp + 0xc4] push eax lea eax, [esp + 0xd8] push eax call fcn_00452808 ; call 0x452808 add esp, 0xc push 0 lea eax, [esp + 0xd4] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] inc word [ref_0048c4a6] ; inc word [0x48c4a6] jmp near loc_0043aeb7 ; jmp 0x43aeb7 loc_0043ad4e: cmp ebx, 0x3c jge near loc_0043aeae ; jge 0x43aeae mov eax, ebx mov edx, ebx sar edx, 0x1f idiv esi mov ebx, edx mov edi, edx test edx, edx jne short loc_0043ad6a ; jne 0x43ad6a mov edi, esi loc_0043ad6a: mov edx, dword [ref_0048c4a8] ; mov edx, dword [0x48c4a8] mov eax, edx shl eax, 2 add eax, edx mov eax, dword [eax*4 + ref_0048c444] ; mov eax, dword [eax*4 + 0x48c444] lea ecx, [edi - 1] mov edx, ecx shl edx, 2 sub edx, ecx shl edx, 2 add eax, edx movsx edx, word [eax + 0x10] mov ecx, 0x24e sub ecx, edx mov dword [esp + 0xd0], ecx movsx edx, word [eax + 0x12] mov ecx, dword [esp + 0xe4] sub ecx, edx mov dword [esp + 0xd4], ecx movsx edx, word [eax + 0xc] mov ecx, dword [esp + 0xd0] add ecx, edx mov dword [esp + 0xd8], ecx movsx eax, word [eax + 0xe] mov edx, dword [esp + 0xd4] add edx, eax mov dword [esp + 0xdc], edx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [esp + 0xdc] mov ecx, dword [esp + 0xd4] sub eax, ecx push eax mov eax, dword [esp + 0xdc] mov esi, dword [esp + 0xd4] sub eax, esi push eax push ecx push esi push ecx push esi mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0xc push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_0045643d ; call 0x45643d add esp, 0x20 mov edi, dword [esp + 0xe4] push edi push 0x24e push ebx mov edx, dword [ref_0048c4a8] ; mov edx, dword [0x48c4a8] mov eax, edx shl eax, 2 add eax, edx mov edx, dword [eax*4 + ref_0048c444] ; mov edx, dword [eax*4 + 0x48c444] push edx mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_0045663e ; call 0x45663e add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov edx, dword [ref_0048c4a8] ; mov edx, dword [0x48c4a8] mov eax, edx shl eax, 2 add eax, edx mov edx, dword [eax*4 + ref_0048c444] ; mov edx, dword [eax*4 + 0x48c444] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 add eax, edx movsx edx, word [eax + 0x10] mov ecx, 0x24e sub ecx, edx mov dword [esp + 0xc0], ecx movsx edx, word [eax + 0x12] mov ecx, edi jmp near loc_0043acdf ; jmp 0x43acdf loc_0043aeae: xor edi, edi mov word [ref_0048c4a6], di ; mov word [0x48c4a6], di loc_0043aeb7: push 0 call fcn_0044ee18 ; call 0x44ee18 add esp, 4 test eax, eax je near loc_0043b5dd ; je 0x43b5dd mov al, byte [ref_0048c4ac] ; mov al, byte [0x48c4ac] cmp al, 5 jb short loc_0043aefc ; jb 0x43aefc jbe near loc_0043b262 ; jbe 0x43b262 cmp al, 0xa jb short loc_0043aeef ; jb 0x43aeef jbe near loc_0043b4d8 ; jbe 0x43b4d8 cmp al, 0xb je near loc_0043b5b5 ; je 0x43b5b5 jmp near loc_0043b5dd ; jmp 0x43b5dd loc_0043aeef: cmp al, 9 je near loc_0043b412 ; je 0x43b412 jmp near loc_0043b5dd ; jmp 0x43b5dd loc_0043aefc: cmp al, 1 jb near loc_0043b5dd ; jb 0x43b5dd jbe short loc_0043af13 ; jbe 0x43af13 cmp al, 2 je near loc_0043afa1 ; je 0x43afa1 jmp near loc_0043b5dd ; jmp 0x43b5dd loc_0043af13: xor ebx, ebx mov esi, 0xffffffff mov dword [ref_0048c4a4], esi ; mov dword [0x48c4a4], esi mov esi, dword [ref_0048c4a4] ; mov esi, dword [0x48c4a4] jmp short loc_0043af2e ; jmp 0x43af2e loc_0043af28: inc ebx cmp ebx, 4 jge short loc_0043af4b ; jge 0x43af4b loc_0043af2e: mov eax, ebx shl eax, 2 add eax, ebx cmp word [eax*4 + ref_0048c434], 0 ; cmp word [eax*4 + 0x48c434], 0 je short loc_0043af28 ; je 0x43af28 cmp esi, 0xffffffff jne short loc_0043af28 ; jne 0x43af28 mov dword [ref_0048c4a4], ebx ; mov dword [0x48c4a4], ebx loc_0043af4b: cmp dword [ref_0048c4a4], 0xffffffff ; cmp dword [0x48c4a4], 0xffffffff jne short loc_0043af75 ; jne 0x43af75 push ref_00465063 ; push 0x465063 call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 mov byte [ref_0048c4ac], 0xb ; mov byte [0x48c4ac], 0xb xor edx, edx mov dword [ref_0048c4a4], edx ; mov dword [0x48c4a4], edx jmp near loc_0043b5dd ; jmp 0x43b5dd loc_0043af75: mov byte [ref_0048c4ac], 2 ; mov byte [0x48c4ac], 2 mov eax, dword [ref_0048c488] ; mov eax, dword [0x48c488] push eax push ref_0046507d ; push 0x46507d loc_0043af87: lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov eax, esp push eax loc_0043af97: call fcn_0044ecb6 ; call 0x44ecb6 jmp near loc_0043b5da ; jmp 0x43b5da loc_0043afa1: mov dword [esp + 0xd0], 0x16b mov dword [esp + 0xd4], 0x72 mov dword [esp + 0xd8], 0x1c9 mov dword [esp + 0xdc], 0x1c0 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov edx, dword [ref_0048c4a4] ; mov edx, dword [0x48c4a4] mov eax, edx shl eax, 2 add eax, edx mov ax, word [eax*4 + ref_0048c434] ; mov ax, word [eax*4 + 0x48c434] and eax, 0xffff dec eax imul eax, eax, 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne near loc_0043b0a0 ; jne 0x43b0a0 xor ebx, ebx loc_0043b010: mov esi, dword [ebx*4 + ref_00475b84] ; mov esi, dword [ebx*4 + 0x475b84] push esi push 0x196 lea eax, [ebx + ebx] lea esi, [eax + 4] mov eax, esi shl eax, 2 sub eax, esi shl eax, 2 mov edx, dword [ref_0048c49c] ; mov edx, dword [0x48c49c] add edx, 0xc add eax, edx push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_00456418 ; call 0x456418 add esp, 0x10 inc ebx cmp ebx, 7 jl short loc_0043b010 ; jl 0x43b010 mov edx, dword [ref_0048c4a4] ; mov edx, dword [0x48c4a4] mov eax, edx shl eax, 2 add eax, edx mov ax, word [eax*4 + ref_0048c434] ; mov ax, word [eax*4 + 0x48c434] and eax, 0xffff dec eax imul eax, eax, 0x68 mov edx, dword [ref_0048c488] ; mov edx, dword [0x48c488] cmp edx, dword [eax + (_players+28)] ; cmp edx, dword [eax + 0x496b84] jle short loc_0043b08a ; jle 0x43b08a mov byte [ref_0048c4ac], 4 ; mov byte [0x48c4ac], 4 push 0 push 6 jmp near loc_0043b22e ; jmp 0x43b22e loc_0043b08a: mov byte [ref_0048c4ac], 3 ; mov byte [0x48c4ac], 3 push 1 call fcn_00402460 ; call 0x402460 add esp, 4 jmp near loc_0043b23b ; jmp 0x43b23b loc_0043b0a0: mov eax, dword [esp + 0xdc] mov edx, dword [esp + 0xd4] sub eax, edx push eax mov eax, dword [esp + 0xdc] mov ecx, dword [esp + 0xd4] sub eax, ecx push eax push edx push ecx push edx push ecx mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045643d ; call 0x45643d add esp, 0x20 mov byte [ref_0048c4ac], 4 ; mov byte [0x48c4ac], 4 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov edx, dword [ref_0048c4a4] ; mov edx, dword [0x48c4a4] mov eax, edx shl eax, 2 add eax, edx shl eax, 2 xor edx, edx mov dx, word [eax + ref_0048c434] ; mov dx, word [eax + 0x48c434] dec edx imul edx, edx, 0x68 mov ecx, dword [ref_0048c488] ; mov ecx, dword [0x48c488] cmp ecx, dword [edx + (_players+28)] ; cmp ecx, dword [edx + 0x496b84] jle short loc_0043b124 ; jle 0x43b124 mov ebx, 6 jmp near loc_0043b219 ; jmp 0x43b219 loc_0043b124: lea edx, [ecx + 0x2710] mov esi, dword [eax + ref_0048c438] ; mov esi, dword [eax + 0x48c438] cmp edx, esi jg short loc_0043b13b ; jg 0x43b13b mov ebx, 5 jmp short loc_0043b183 ; jmp 0x43b183 loc_0043b13b: lea edx, [ecx + 0x1388] cmp edx, esi jg short loc_0043b14c ; jg 0x43b14c mov ebx, 4 jmp short loc_0043b183 ; jmp 0x43b183 loc_0043b14c: lea edx, [ecx + 0x3e8] cmp edx, esi jg short loc_0043b15d ; jg 0x43b15d mov ebx, 3 jmp short loc_0043b183 ; jmp 0x43b183 loc_0043b15d: lea edx, [ecx + 0x1f4] cmp edx, esi jg short loc_0043b16e ; jg 0x43b16e mov ebx, 2 jmp short loc_0043b183 ; jmp 0x43b183 loc_0043b16e: lea edx, [ecx + 0x64] cmp edx, esi jg short loc_0043b17c ; jg 0x43b17c mov ebx, 1 jmp short loc_0043b183 ; jmp 0x43b183 loc_0043b17c: xor ebx, ebx jmp near loc_0043b219 ; jmp 0x43b219 loc_0043b183: mov edi, dword [ref_0048c4a8] ; mov edi, dword [0x48c4a8] cmp edi, 0xffffffff je near loc_0043b219 ; je 0x43b219 mov esi, dword [ref_0048c488] ; mov esi, dword [0x48c488] add esi, dword [ebx*4 + ref_00475ba2] ; add esi, dword [ebx*4 + 0x475ba2] mov eax, edi shl eax, 2 add eax, edi mov ax, word [eax*4 + ref_0048c434] ; mov ax, word [eax*4 + 0x48c434] and eax, 0xffff dec eax imul eax, eax, 0x68 mov edi, dword [eax + (_players+28)] ; mov edi, dword [eax + 0x496b84] add edi, 0x1f4 cmp esi, edi jle short loc_0043b219 ; jle 0x43b219 sub edi, dword [ref_0048c488] ; sub edi, dword [0x48c488] cmp edi, 0x3e8 jle short loc_0043b1e4 ; jle 0x43b1e4 cmp edi, 0x1388 jg short loc_0043b1e4 ; jg 0x43b1e4 mov ebx, 4 jmp short loc_0043b219 ; jmp 0x43b219 loc_0043b1e4: cmp edi, 0x1f4 jle short loc_0043b1fb ; jle 0x43b1fb cmp edi, 0x3e8 jg short loc_0043b1fb ; jg 0x43b1fb mov ebx, 3 jmp short loc_0043b219 ; jmp 0x43b219 loc_0043b1fb: cmp edi, 0x64 jle short loc_0043b20f ; jle 0x43b20f cmp edi, 0x1f4 jg short loc_0043b20f ; jg 0x43b20f mov ebx, 2 jmp short loc_0043b219 ; jmp 0x43b219 loc_0043b20f: cmp edi, 0x64 jg short loc_0043b219 ; jg 0x43b219 mov ebx, 1 loc_0043b219: cmp byte [ref_0048c4b1], 1 ; cmp byte [0x48c4b1], 1 jne short loc_0043b22b ; jne 0x43b22b test ebx, ebx je short loc_0043b22b ; je 0x43b22b mov ebx, 1 loc_0043b22b: push 0 push ebx loc_0043b22e: push 0x407 push ebp call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] loc_0043b23b: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0xd4] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_0043b5dd ; jmp 0x43b5dd loc_0043b262: mov edx, dword [ref_0048c4a4] ; mov edx, dword [0x48c4a4] mov eax, edx shl eax, 2 add eax, edx shl eax, 2 cmp word [eax + ref_0048c434], 0 ; cmp word [eax + 0x48c434], 0 je short loc_0043b295 ; je 0x43b295 push 0 mov edx, dword [eax + ref_0048c43c] ; mov edx, dword [eax + 0x48c43c] push edx mov ecx, dword [ref_0048c4a4] ; mov ecx, dword [0x48c4a4] push ecx push ebp call fcn_0043a155 ; call 0x43a155 add esp, 0x10 loc_0043b295: xor ebx, ebx xor esi, esi xor edi, edi jmp short loc_0043b2a3 ; jmp 0x43b2a3 loc_0043b29d: inc ebx cmp ebx, 4 jge short loc_0043b2c5 ; jge 0x43b2c5 loc_0043b2a3: mov eax, ebx shl eax, 2 add eax, ebx shl eax, 2 cmp word [eax + ref_0048c434], 0 ; cmp word [eax + 0x48c434], 0 je short loc_0043b29d ; je 0x43b29d inc esi cmp word [eax + ref_0048c436], 0 ; cmp word [eax + 0x48c436], 0 je short loc_0043b29d ; je 0x43b29d inc edi jmp short loc_0043b29d ; jmp 0x43b29d loc_0043b2c5: test esi, esi je short loc_0043b2cd ; je 0x43b2cd cmp esi, edi jne short loc_0043b2e6 ; jne 0x43b2e6 loc_0043b2cd: push ref_00465063 ; push 0x465063 call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 mov byte [ref_0048c4ac], 0xb ; mov byte [0x48c4ac], 0xb jmp near loc_0043b5dd ; jmp 0x43b5dd loc_0043b2e6: cmp esi, 1 je short loc_0043b2f6 ; je 0x43b2f6 sub esi, edi cmp esi, 1 jne near loc_0043b3c2 ; jne 0x43b3c2 loc_0043b2f6: cmp dword [ref_0048c4a8], 0xffffffff ; cmp dword [0x48c4a8], 0xffffffff je near loc_0043b3c2 ; je 0x43b3c2 mov dword [esp + 0xd0], 0x16b mov dword [esp + 0xd4], 0x72 mov dword [esp + 0xd8], 0x1c9 mov dword [esp + 0xdc], 0x1c0 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [esp + 0xdc] mov esi, dword [esp + 0xd4] sub eax, esi push eax mov eax, dword [esp + 0xdc] mov edi, dword [esp + 0xd4] sub eax, edi push eax push esi push edi push esi push edi mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0xc push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0xd4] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 call fcn_00402460 ; call 0x402460 add esp, 4 or byte [ref_0048c4a6], 1 ; or byte [0x48c4a6], 1 mov byte [ref_0048c4ac], 9 ; mov byte [0x48c4ac], 9 jmp near loc_0043b5dd ; jmp 0x43b5dd loc_0043b3c2: mov edi, dword [ref_0048c4a4] ; mov edi, dword [0x48c4a4] inc edi mov dword [ref_0048c4a4], edi ; mov dword [0x48c4a4], edi mov eax, edi and eax, 3 mov dword [ref_0048c4a4], eax ; mov dword [0x48c4a4], eax mov edx, eax shl eax, 2 add eax, edx shl eax, 2 cmp word [eax + ref_0048c434], 0 ; cmp word [eax + 0x48c434], 0 je short loc_0043b3c2 ; je 0x43b3c2 push 1 mov edx, dword [eax + ref_0048c43c] ; mov edx, dword [eax + 0x48c43c] push edx mov ecx, dword [ref_0048c4a4] ; mov ecx, dword [0x48c4a4] push ecx push ebp call fcn_0043a155 ; call 0x43a155 add esp, 0x10 mov byte [ref_0048c4ac], 2 ; mov byte [0x48c4ac], 2 jmp near loc_0043b5dd ; jmp 0x43b5dd loc_0043b412: mov byte [ref_0048c4ac], 0xa ; mov byte [0x48c4ac], 0xa mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0xa0 push 0x9a push 0x18 push 0x7b push 0x18 push 0x7b mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0xc push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x1b push 0x7c mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0x108 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x3f push 0x43 mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0xd8 push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push 0 push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 push ref_00475bba ; push 0x475bba call fcn_004542ce ; call 0x4542ce add esp, 8 mov byte [ref_0048c4b0], 1 ; mov byte [0x48c4b0], 1 mov edi, dword [ref_0048c488] ; mov edi, dword [0x48c488] push edi push ref_00465098 ; push 0x465098 jmp near loc_0043af87 ; jmp 0x43af87 loc_0043b4d8: mov byte [ref_0048c4ac], 0xb ; mov byte [0x48c4ac], 0xb mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0xa6 push 0xc7 push 0x1b push 0x7c push 0x1b push 0x7c mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0xc push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x18 push 0x7b mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0x138 push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x3f push 0x43 mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0xd8 push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push 0 push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] xor dh, dh mov byte [ref_0048c4b0], dh ; mov byte [0x48c4b0], dh mov edx, dword [ref_0048c4a8] ; mov edx, dword [0x48c4a8] mov eax, edx shl eax, 2 add eax, edx mov ax, word [eax*4 + ref_0048c434] ; mov ax, word [eax*4 + 0x48c434] and eax, 0xffff dec eax imul eax, eax, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff mov edx, dword [eax*4 + ref_00475b54] ; mov edx, dword [eax*4 + 0x475b54] push edx jmp near loc_0043af97 ; jmp 0x43af97 loc_0043b5b5: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov edx, dword [ref_0048c4a0] ; mov edx, dword [0x48c4a0] push edx push ebp call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] mov ecx, dword [ref_0048c4a8] ; mov ecx, dword [0x48c4a8] push ecx call _Post_0402_Message ; call 0x401966 loc_0043b5da: add esp, 4 loc_0043b5dd: mov al, byte [ref_0048c4ae] ; mov al, byte [0x48c4ae] and al, 0xf cmp al, 1 jb short loc_0043b5f7 ; jb 0x43b5f7 jbe short loc_0043b637 ; jbe 0x43b637 cmp al, 2 je near loc_0043b74c ; je 0x43b74c jmp near loc_0043b853 ; jmp 0x43b853 loc_0043b5f7: test al, al jne near loc_0043b853 ; jne 0x43b853 call clib_rand ; call 0x456f2d mov edi, eax sar edi, 0xa test edi, edi jne short loc_0043b622 ; jne 0x43b622 cmp byte [ref_0048c4b0], 0 ; cmp byte [0x48c4b0], 0 jne short loc_0043b622 ; jne 0x43b622 or byte [ref_0048c4ae], 1 ; or byte [0x48c4ae], 1 jmp near loc_0043b853 ; jmp 0x43b853 loc_0043b622: cmp edi, 1 jne near loc_0043b853 ; jne 0x43b853 or byte [ref_0048c4ae], 2 ; or byte [0x48c4ae], 2 jmp near loc_0043b853 ; jmp 0x43b853 loc_0043b637: cmp byte [ref_0048c4b0], 0 ; cmp byte [0x48c4b0], 0 jne near loc_0043b853 ; jne 0x43b853 mov al, byte [ref_0048c4ae] ; mov al, byte [0x48c4ae] and al, 0x30 movzx edi, al sar edi, 4 mov dword [esp + 0xd0], 0xa3 mov dword [esp + 0xd4], 0x2d mov dword [esp + 0xd8], 0xbf mov dword [esp + 0xdc], 0x3c mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall cmp edi, 3 jge short loc_0043b6d7 ; jge 0x43b6d7 mov esi, dword [esp + 0xd4] push esi mov eax, dword [esp + 0xd4] push eax xor edx, edx mov dl, byte [edi + ref_00475ba0] ; mov dl, byte [edi + 0x475ba0] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048c49c] ; mov edx, dword [0x48c49c] add edx, 0xc add eax, edx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 jmp short loc_0043b709 ; jmp 0x43b709 loc_0043b6d7: push 0xf push 0x1c push 0x15 push 0x28 mov edx, dword [esp + 0xe4] push edx mov ecx, dword [esp + 0xe4] push ecx mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0x138 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_00456495 ; call 0x456495 add esp, 0x20 loc_0043b709: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov cl, byte [ref_0048c4ae] ; mov cl, byte [0x48c4ae] add cl, 0x10 mov byte [ref_0048c4ae], cl ; mov byte [0x48c4ae], cl mov ch, cl and ch, 0x3f mov byte [ref_0048c4ae], ch ; mov byte [0x48c4ae], ch test ch, 0x30 jne near loc_0043b841 ; jne 0x43b841 mov ah, ch and ah, 0xf0 mov byte [ref_0048c4ae], ah ; mov byte [0x48c4ae], ah jmp near loc_0043b841 ; jmp 0x43b841 loc_0043b74c: mov al, byte [ref_0048c4ae] ; mov al, byte [0x48c4ae] and al, 0xc0 movzx edi, al sar edi, 6 mov dword [esp + 0xd0], 0x7f mov dword [esp + 0xd4], 0x5a mov dword [esp + 0xd8], 0x8f mov dword [esp + 0xdc], 0x68 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall cmp edi, 3 jge short loc_0043b7e0 ; jge 0x43b7e0 mov esi, dword [esp + 0xd4] push esi mov eax, dword [esp + 0xd4] push eax xor edx, edx mov dl, byte [edi + ref_00475ba3] ; mov dl, byte [edi + 0x475ba3] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0xc add eax, edx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 jmp short loc_0043b812 ; jmp 0x43b812 loc_0043b7e0: push 0xe push 0x10 push 0x1d push 0x3d mov edx, dword [esp + 0xe4] push edx mov ecx, dword [esp + 0xe4] push ecx mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0xd8 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_0045643d ; call 0x45643d add esp, 0x20 loc_0043b812: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov dl, byte [ref_0048c4ae] ; mov dl, byte [0x48c4ae] add dl, 0x40 mov byte [ref_0048c4ae], dl ; mov byte [0x48c4ae], dl test dl, 0xc0 jne short loc_0043b841 ; jne 0x43b841 mov bl, dl and bl, 0xf0 mov byte [ref_0048c4ae], bl ; mov byte [0x48c4ae], bl loc_0043b841: push 0 lea eax, [esp + 0xd4] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_0043b853: call fcn_0044ef3b ; call 0x44ef3b test eax, eax jne short loc_0043b869 ; jne 0x43b869 cmp byte [ref_0048c4ad], 0 ; cmp byte [0x48c4ad], 0 je near loc_0043a3d7 ; je 0x43a3d7 loc_0043b869: mov al, byte [ref_0048c4ad] ; mov al, byte [0x48c4ad] dec al cmp byte [ref_0048c4b0], 0 ; cmp byte [0x48c4b0], 0 je near loc_0043b9fb ; je 0x43b9fb mov dword [esp + 0xd0], 0xb7 mov dword [esp + 0xd4], 0x41 mov dword [esp + 0xd8], 0xdf mov dword [esp + 0xdc], 0x5f cmp byte [ref_0048c4ad], 0 ; cmp byte [0x48c4ad], 0 je near loc_0043b945 ; je 0x43b945 mov byte [ref_0048c4ad], al ; mov byte [0x48c4ad], al test al, al jne near loc_0043a3d7 ; jne 0x43a3d7 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x1e push 0x28 mov edi, dword [esp + 0xdc] push edi mov eax, dword [esp + 0xdc] push eax push edi push eax mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0xc push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_0045643d ; call 0x45643d add esp, 0x20 mov esi, dword [esp + 0xd4] push esi mov edi, dword [esp + 0xd4] push edi mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0x114 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax loc_0043b928: call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall jmp near loc_0043b9e4 ; jmp 0x43b9e4 loc_0043b945: call clib_rand ; call 0x456f2d mov edi, eax sar edi, 0xb cmp edi, 4 jge near loc_0043a3d7 ; jge 0x43a3d7 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x1e push 0x28 mov ebx, dword [esp + 0xdc] push ebx mov esi, dword [esp + 0xdc] push esi push ebx push esi mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045643d ; call 0x45643d add esp, 0x20 mov ecx, dword [esp + 0xd4] push ecx mov ebx, dword [esp + 0xd4] push ebx mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0x120 push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi loc_0043b9be: call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall call clib_rand ; call 0x456f2d and al, 7 inc al mov byte [ref_0048c4ad], al ; mov byte [0x48c4ad], al loc_0043b9e4: push 0 lea eax, [esp + 0xd4] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_0043a3d7 ; jmp 0x43a3d7 loc_0043b9fb: mov dword [esp + 0xd0], 0xa3 mov dword [esp + 0xd4], 0x3c mov dword [esp + 0xd8], 0xc1 mov dword [esp + 0xdc], 0x55 cmp byte [ref_0048c4ad], 0 ; cmp byte [0x48c4ad], 0 je short loc_0043baa7 ; je 0x43baa7 mov byte [ref_0048c4ad], al ; mov byte [0x48c4ad], al test al, al jne near loc_0043a3d7 ; jne 0x43a3d7 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x19 push 0x1e mov ecx, dword [esp + 0xdc] push ecx mov ebx, dword [esp + 0xdc] push ebx push ecx push ebx mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0xc push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045643d ; call 0x45643d add esp, 0x20 mov edx, dword [esp + 0xd4] push edx mov ecx, dword [esp + 0xd4] push ecx mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0x15c push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx jmp near loc_0043b928 ; jmp 0x43b928 loc_0043baa7: call clib_rand ; call 0x456f2d mov edi, eax sar edi, 0xb cmp edi, 4 jge near loc_0043a3d7 ; jge 0x43a3d7 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x19 push 0x1e mov eax, dword [esp + 0xdc] push eax mov edx, dword [esp + 0xdc] push edx push eax push edx mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0xc push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_0045643d ; call 0x45643d add esp, 0x20 mov edi, dword [esp + 0xd4] push edi mov eax, dword [esp + 0xd4] push eax mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0x168 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx jmp near loc_0043b9be ; jmp 0x43b9be loc_0043bb25: push 1 call fcn_0044ee18 ; call 0x44ee18 add esp, 4 cmp byte [ref_0048c4ac], 3 ; cmp byte [0x48c4ac], 3 jne near loc_0043a3d7 ; jne 0x43a3d7 test dword [ref_0048c4a4], 0xffff00 ; test dword [0x48c4a4], 0xffff00 jne near loc_0043a3d7 ; jne 0x43a3d7 xor edi, edi mov di, word [esp + 0x108] mov eax, dword [esp + 0x108] shr eax, 0x10 and eax, 0xffff and eax, 0xffff mov dword [esp + 0xe4], eax xor ebx, ebx mov ecx, dword [esp + 0xe4] jmp short loc_0043bb86 ; jmp 0x43bb86 loc_0043bb7c: inc ebx cmp ebx, 7 jge near loc_0043a3d7 ; jge 0x43a3d7 loc_0043bb86: cmp edi, 0x16b jl short loc_0043bb7c ; jl 0x43bb7c cmp edi, 0x1c1 jg short loc_0043bb7c ; jg 0x43bb7c mov esi, ebx shl esi, 2 mov edx, dword [esi + ref_00475b84] ; mov edx, dword [esi + 0x475b84] sub edx, 0x13 cmp edx, dword [esp + 0xe4] jg short loc_0043bb7c ; jg 0x43bb7c mov eax, dword [esi + ref_00475b84] ; mov eax, dword [esi + 0x475b84] add eax, 0x13 cmp eax, ecx jl short loc_0043bb7c ; jl 0x43bb7c mov dword [esp + 0xd0], 0x16b mov dword [esp + 0xd4], edx mov dword [esp + 0xd8], 0x1c1 mov dword [esp + 0xdc], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ecx, dword [esi + ref_00475b84] ; mov ecx, dword [esi + 0x475b84] push ecx push 0x196 lea edx, [ebx + ebx + 3] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0xc add eax, edx push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0xd4] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] inc bl mov byte [ref_0048c4af], bl ; mov byte [0x48c4af], bl jmp near loc_0043a3d7 ; jmp 0x43a3d7 loc_0043bc59: mov ch, byte [ref_0048c4af] ; mov ch, byte [0x48c4af] test ch, ch je near loc_0043a3d7 ; je 0x43a3d7 mov dword [esp + 0xd0], 0x16b mov al, ch dec al mov byte [ref_0048c4af], al ; mov byte [0x48c4af], al xor edx, edx mov dl, al mov eax, dword [edx*4 + ref_00475b84] ; mov eax, dword [edx*4 + 0x475b84] sub eax, 0x13 mov dword [esp + 0xd4], eax mov dword [esp + 0xd8], 0x1c1 mov eax, dword [edx*4 + ref_00475b84] ; mov eax, dword [edx*4 + 0x475b84] add eax, 0x13 mov dword [esp + 0xdc], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall xor edx, edx mov dl, byte [ref_0048c4af] ; mov dl, byte [0x48c4af] mov ecx, dword [edx*4 + ref_00475b84] ; mov ecx, dword [edx*4 + 0x475b84] push ecx push 0x196 add edx, edx add edx, 4 mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0xc add eax, edx push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0xd4] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 xor eax, eax mov al, byte [ref_0048c4af] ; mov al, byte [0x48c4af] push eax push 0x407 push ebp call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] xor ah, ah mov byte [ref_0048c4af], ah ; mov byte [0x48c4af], ah jmp near loc_0043a3d7 ; jmp 0x43a3d7 loc_0043bd48: lea eax, [esp + 0x80] push eax push ebp call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 0x88] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0x8c] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [esp + 0x98] push ebx mov esi, dword [esp + 0x98] push esi push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 0x88] push eax call fcn_00402250 ; call 0x402250 add esp, 4 lea eax, [esp + 0x80] push eax push ebp call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_0043a3d7 ; jmp 0x43a3d7 loc_0043bdb9: mov edi, dword [esp + 0x108] push edi push ebx push eax push ebp call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_0043a3d9 ; jmp 0x43a3d9 endloc_0043bdd0: db 0x90 ref_0043bdd1: ; may contain a jump table dd loc_0043c064 dd loc_0043c08d dd loc_0043c08d dd loc_0043c07a dd loc_0043c08d fcn_0043bde5: push ebx push esi push edi push ebp sub esp, 0x98 xor edx, edx mov dword [esp + 0x88], edx mov dword [esp + 0x84], edx mov ebx, dword [esp + 0xb0] cmp ebx, 0x7d0 jle near loc_0043bf3a ; jle 0x43bf3a cmp ebx, 0xfa0 jge near loc_0043bf3a ; jge 0x43bf3a lea eax, [ebx - 0x7d0] imul eax, eax, 0x34 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] add edx, eax mov dword [ref_0048c48c], edx ; mov dword [0x48c48c], edx xor eax, eax mov al, byte [edx + 0x1a] mov dword [esp + 0x94], eax fild word [esp + 0x94] fmul dword [ref_004650b0] ; fmul dword [0x4650b0] fld1 faddp st1 ; faddp st(1) fstp dword [esp + 0x80] xor eax, eax mov ax, word [edx + 0x1c] mov dword [esp + 0x90], eax fild dword [esp + 0x90] fmul dword [esp + 0x80] call fcn_00457dbc ; call 0x457dbc fistp dword [ref_0048c488] ; fistp dword [0x48c488] mov eax, dword [ref_004990e8] ; mov eax, dword [0x4990e8] mov ebx, dword [ref_0048c488] ; mov ebx, dword [0x48c488] imul ebx, eax mov dword [ref_0048c488], ebx ; mov dword [0x48c488], ebx cmp byte [edx + 0x1a], 0 jne short loc_0043bec7 ; jne 0x43bec7 mov ch, byte [edx + 0x19] test ch, ch je short loc_0043bebb ; je 0x43bebb xor eax, eax mov al, ch dec eax imul eax, eax, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff add eax, 0x5b jmp near loc_0043bf29 ; jmp 0x43bf29 loc_0043bebb: mov dword [ref_0048c494], 0x5a ; mov dword [0x48c494], 0x5a jmp short loc_0043bf2e ; jmp 0x43bf2e loc_0043bec7: cmp word [ref_004991b6], 0 ; cmp word [0x4991b6], 0 jne short loc_0043befd ; jne 0x43befd cmp byte [edx + 0x18], 0 jne short loc_0043bef1 ; jne 0x43bef1 xor ebx, ebx mov bl, byte [edx + 0x1a] movsx edx, word [ref_004991b8] ; movsx edx, word [0x4991b8] mov eax, edx shl eax, 2 add eax, edx add eax, ebx add eax, 0x1d jmp short loc_0043bf29 ; jmp 0x43bf29 loc_0043bef1: mov dword [ref_0048c494], 0x32 ; mov dword [0x48c494], 0x32 jmp short loc_0043bf2e ; jmp 0x43bf2e loc_0043befd: cmp byte [edx + 0x18], 0 jne short loc_0043bf1d ; jne 0x43bf1d xor ebx, ebx mov bl, byte [edx + 0x1a] movsx edx, word [ref_004991b8] ; movsx edx, word [0x4991b8] mov eax, edx shl eax, 2 add eax, edx add eax, ebx add eax, 0x73 jmp short loc_0043bf29 ; jmp 0x43bf29 loc_0043bf1d: movsx eax, word [ref_004991b8] ; movsx eax, word [0x4991b8] add eax, 0x83 loc_0043bf29: mov dword [ref_0048c494], eax ; mov dword [0x48c494], eax loc_0043bf2e: xor eax, eax mov dword [ref_0048c490], eax ; mov dword [0x48c490], eax jmp near loc_0043c0d5 ; jmp 0x43c0d5 loc_0043bf3a: mov edi, dword [esp + 0xb0] cmp edi, 0xfa0 jle near loc_0043c0d5 ; jle 0x43c0d5 cmp edi, 0x1770 jge near loc_0043c0d5 ; jge 0x43c0d5 lea eax, [edi - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] add edx, eax mov dword [ref_0048c498], edx ; mov dword [0x48c498], edx mov ebx, edx xor eax, eax mov al, byte [edx + 0x1a] mov dword [esp + 0x94], eax fild word [esp + 0x94] fmul dword [ref_004650b0] ; fmul dword [0x4650b0] fld1 faddp st1 ; faddp st(1) fstp dword [esp + 0x80] xor eax, eax mov ax, word [edx + 0x22] mov dword [esp + 0x90], eax fild dword [esp + 0x90] fmul dword [esp + 0x80] call fcn_00457dbc ; call 0x457dbc fistp dword [ref_0048c488] ; fistp dword [0x48c488] mov eax, dword [ref_004990e8] ; mov eax, dword [0x4990e8] mov edx, dword [ref_0048c488] ; mov edx, dword [0x48c488] imul edx, eax mov dword [ref_0048c488], edx ; mov dword [0x48c488], edx cmp byte [ebx + 0x1a], 0 jne short loc_0043c013 ; jne 0x43c013 mov dh, byte [ebx + 0x19] test dh, dh je short loc_0043c004 ; je 0x43c004 xor eax, eax mov al, dh dec eax imul eax, eax, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff add eax, 0x68 loc_0043bffa: mov dword [ref_0048c494], eax ; mov dword [0x48c494], eax jmp near loc_0043c0cb ; jmp 0x43c0cb loc_0043c004: mov dword [ref_0048c494], 0x67 ; mov dword [0x48c494], 0x67 jmp near loc_0043c0cb ; jmp 0x43c0cb loc_0043c013: cmp word [ref_004991b6], 0 ; cmp word [0x4991b6], 0 jne short loc_0043c04d ; jne 0x43c04d mov dl, byte [ebx + 0x18] test dl, dl je short loc_0043c03e ; je 0x43c03e xor eax, eax mov al, dl lea edx, [eax - 1] mov eax, edx shl eax, 2 add eax, edx xor edx, edx mov dl, byte [ebx + 0x1a] add eax, edx add eax, 0x33 jmp short loc_0043bffa ; jmp 0x43bffa loc_0043c03e: mov dword [ref_0048c494], 0x33 ; mov dword [0x48c494], 0x33 jmp near loc_0043c0cb ; jmp 0x43c0cb loc_0043c04d: mov al, byte [ebx + 0x18] cmp al, 4 ja near loc_0043c0cb ; ja 0x43c0cb and eax, 0xff jmp dword [eax*4 + ref_0043bdd1] ; ujmp: jmp dword [eax*4 + 0x43bdd1] loc_0043c064: cmp word [ref_004991b8], 0 ; cmp word [0x4991b8], 0 jne short loc_0043c03e ; jne 0x43c03e mov dword [ref_0048c494], 0x97 ; mov dword [0x48c494], 0x97 jmp short loc_0043c0cb ; jmp 0x43c0cb loc_0043c07a: movsx eax, word [ref_004991b8] ; movsx eax, word [0x4991b8] mov eax, dword [eax*4 + ref_00475be2] ; mov eax, dword [eax*4 + 0x475be2] jmp near loc_0043bffa ; jmp 0x43bffa loc_0043c08d: mov eax, dword [ref_0048c498] ; mov eax, dword [0x48c498] xor ebx, ebx mov bl, byte [eax + 0x18] dec ebx cmp ebx, 3 jne short loc_0043c0a2 ; jne 0x43c0a2 mov ebx, 2 loc_0043c0a2: mov eax, dword [ref_0048c498] ; mov eax, dword [0x48c498] xor edx, edx mov dl, byte [eax + 0x1a] mov eax, ebx shl eax, 2 add eax, ebx add edx, eax movsx eax, word [ref_004991b8] ; movsx eax, word [0x4991b8] mov eax, dword [eax*4 + ref_00475bd2] ; mov eax, dword [eax*4 + 0x475bd2] add edx, eax mov dword [ref_0048c494], edx ; mov dword [0x48c494], edx loc_0043c0cb: mov dword [ref_0048c490], 1 ; mov dword [0x48c490], 1 loc_0043c0d5: push 0x50 push 0 push ref_0048c434 ; push 0x48c434 call memset ; call 0x456f60 add esp, 0xc push 0 push 0 push 0x1a mov edx, dword [ref_0048a05c] ; mov edx, dword [0x48a05c] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c49c], eax ; mov dword [0x48c49c], eax xor ebx, ebx mov dword [esp + 0x8c], ebx mov ebp, dword [esp + 0xac] loc_0043c110: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge near loc_0043c2f5 ; jge 0x43c2f5 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je near loc_0043c2ef ; je 0x43c2ef mov eax, dword [eax + (_players+28)] ; mov eax, dword [eax + 0x496b84] cmp eax, dword [ref_0048c488] ; cmp eax, dword [0x48c488] jg short loc_0043c152 ; jg 0x43c152 mov esi, dword [esp + 0x8c] mov eax, esi shl eax, 2 add eax, esi mov word [eax*4 + ref_0048c436], 8 ; mov word [eax*4 + 0x48c436], 8 loc_0043c152: imul eax, ebx, 0x68 cmp byte [eax + (_players+50)], 0 ; cmp byte [eax + 0x496b9a], 0 je short loc_0043c176 ; je 0x43c176 mov edx, dword [esp + 0x8c] mov eax, edx shl eax, 2 add eax, edx mov word [eax*4 + ref_0048c436], 1 ; mov word [eax*4 + 0x48c436], 1 loc_0043c176: imul eax, ebx, 0x68 cmp byte [eax + (_players+51)], 0 ; cmp byte [eax + 0x496b9b], 0 je short loc_0043c19a ; je 0x43c19a mov edx, dword [esp + 0x8c] mov eax, edx shl eax, 2 add eax, edx mov word [eax*4 + ref_0048c436], 2 ; mov word [eax*4 + 0x48c436], 2 loc_0043c19a: imul eax, ebx, 0x68 cmp byte [eax + (_players+52)], 0 ; cmp byte [eax + 0x496b9c], 0 je short loc_0043c1be ; je 0x43c1be mov esi, dword [esp + 0x8c] mov eax, esi shl eax, 2 add eax, esi mov word [eax*4 + ref_0048c436], 3 ; mov word [eax*4 + 0x48c436], 3 loc_0043c1be: imul eax, ebx, 0x68 cmp byte [eax + (_players+53)], 0 ; cmp byte [eax + 0x496b9d], 0 je short loc_0043c1e2 ; je 0x43c1e2 mov edx, dword [esp + 0x8c] mov eax, edx shl eax, 2 add eax, edx mov word [eax*4 + ref_0048c436], 4 ; mov word [eax*4 + 0x48c436], 4 loc_0043c1e2: imul eax, ebx, 0x68 cmp byte [eax + (_players+54)], 0 ; cmp byte [eax + 0x496b9e], 0 je short loc_0043c206 ; je 0x43c206 mov edx, dword [esp + 0x8c] mov eax, edx shl eax, 2 add eax, edx mov word [eax*4 + ref_0048c436], 5 ; mov word [eax*4 + 0x48c436], 5 loc_0043c206: imul eax, ebx, 0x68 cmp byte [eax + (_players+55)], 0 ; cmp byte [eax + 0x496b9f], 0 je short loc_0043c22a ; je 0x43c22a mov edx, dword [esp + 0x8c] mov eax, edx shl eax, 2 add eax, edx mov word [eax*4 + ref_0048c436], 6 ; mov word [eax*4 + 0x48c436], 6 loc_0043c22a: cmp ebx, ebp jne short loc_0043c246 ; jne 0x43c246 mov esi, dword [esp + 0x8c] mov eax, esi shl eax, 2 add eax, esi mov word [eax*4 + ref_0048c436], 7 ; mov word [eax*4 + 0x48c436], 7 loc_0043c246: mov edx, ebx inc edx mov eax, dword [esp + 0x8c] mov esi, eax shl esi, 2 add esi, eax mov word [esi*4 + ref_0048c434], dx ; mov word [esi*4 + 0x48c434], dx push 0 push 0 imul edi, ebx, 0x68 xor edx, edx mov dl, byte [edi + (_players+19)] ; mov dl, byte [edi + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx add eax, 0x1b push eax mov eax, dword [ref_0048a05c] ; mov eax, dword [0x48a05c] push eax call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [esi*4 + ref_0048c43c], eax ; mov dword [esi*4 + 0x48c43c], eax push 0 push 0 xor edx, edx mov dl, byte [edi + (_players+19)] ; mov dl, byte [edi + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx add eax, 0x1c push eax mov edx, dword [ref_0048a05c] ; mov edx, dword [0x48a05c] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [esi*4 + ref_0048c440], eax ; mov dword [esi*4 + 0x48c440], eax push 0 push 0 xor edx, edx mov dl, byte [edi + (_players+19)] ; mov dl, byte [edi + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx add eax, 0x1d push eax mov ecx, dword [ref_0048a05c] ; mov ecx, dword [0x48a05c] push ecx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [esi*4 + ref_0048c444], eax ; mov dword [esi*4 + 0x48c444], eax inc dword [esp + 0x8c] loc_0043c2ef: inc ebx jmp near loc_0043c110 ; jmp 0x43c110 loc_0043c2f5: push 0 push 0 push 0x71 push 0x8e call fcn_00451a5a ; call 0x451a5a add esp, 0x10 mov dword [ref_0048c484], eax ; mov dword [0x48c484], eax cmp dword [esp + 0x8c], 0 je near loc_0043c868 ; je 0x43c868 push 0 push 3 push 0x101010 push 0xffffff push 0x12 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0 push 0 mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0xc push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x18 push 0x7b mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0x138 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x3f push 0x43 mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0xd8 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0xb4 push 0xe8 mov ebx, dword [ref_0048c49c] ; mov ebx, dword [0x48c49c] mov edx, dword [ref_0048c494] ; mov edx, dword [0x48c494] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 lea eax, [ebx + 0xc] add eax, edx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0 push 0xf2 push 0xb6 push ref_004650a6 ; push 0x4650a6 push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov ebx, dword [ref_0048c488] ; mov ebx, dword [0x48c488] push ebx push ref_00465050 ; push 0x465050 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 1 push 0x106 push 0x110 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor ebx, ebx mov dword [esp + 0x8c], 0x50 xor ebp, ebp xor edi, edi jmp near loc_0043c5d9 ; jmp 0x43c5d9 loc_0043c43c: mov ax, word [eax + ref_0048c434] ; mov ax, word [eax + 0x48c434] and eax, 0xffff dec eax imul eax, eax, 0x68 mov ecx, dword [eax + (_players+28)] ; mov ecx, dword [eax + 0x496b84] push ecx push ref_00465050 ; push 0x465050 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 6 push esi push 0x26c loc_0043c46d: lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, ebx shl eax, 2 add eax, ebx shl eax, 2 cmp word [eax + ref_0048c436], 7 ; cmp word [eax + 0x48c436], 7 je short loc_0043c4af ; je 0x43c4af mov edx, dword [esp + 0x8c] push edx push 0x24e push 0 mov ecx, dword [eax + ref_0048c440] ; mov ecx, dword [eax + 0x48c440] push ecx mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi jmp short loc_0043c4cb ; jmp 0x43c4cb loc_0043c4af: mov ecx, dword [esp + 0x8c] push ecx push 0x24e push 0 mov esi, dword [eax + ref_0048c43c] ; mov esi, dword [eax + 0x48c43c] push esi mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax loc_0043c4cb: call fcn_0045663e ; call 0x45663e add esp, 0x14 mov edx, ebx mov eax, ebx shl eax, 2 add eax, ebx xor esi, esi mov word [eax*4 + ref_0048c434], si ; mov word [eax*4 + 0x48c434], si xor edx, ebx mov word [eax*4 + ref_0048c436], dx ; mov word [eax*4 + 0x48c436], dx jmp near loc_0043c5c7 ; jmp 0x43c5c7 loc_0043c4f5: inc edi test ebp, ebp jne short loc_0043c551 ; jne 0x43c551 mov ebp, 1 mov edx, dword [esp + 0x8c] push edx push 0x24e mov ax, word [eax + ref_0048c434] ; mov ax, word [eax + 0x48c434] and eax, 0xffff sub eax, ebp imul eax, eax, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff lea edx, [eax + 0x4e] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0xc add eax, edx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 loc_0043c551: mov esi, ebx shl esi, 2 add esi, ebx shl esi, 2 xor eax, eax mov ax, word [esi + ref_0048c434] ; mov ax, word [esi + 0x48c434] dec eax imul eax, eax, 0x68 mov edx, dword [eax + (_players+28)] ; mov edx, dword [eax + 0x496b84] push edx push ref_00465050 ; push 0x465050 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 6 mov eax, dword [esp + 0x90] add eax, 0xe push eax push 0x26c lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov ecx, dword [esp + 0x8c] push ecx push 0x24e push 0 mov eax, dword [esi + ref_0048c43c] ; mov eax, dword [esi + 0x48c43c] push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045663e ; call 0x45663e add esp, 0x14 loc_0043c5c7: add dword [esp + 0x8c], 0x78 loc_0043c5cf: inc ebx cmp ebx, 4 jge near loc_0043c680 ; jge 0x43c680 loc_0043c5d9: mov esi, ebx shl esi, 2 add esi, ebx shl esi, 2 mov ax, word [esi + ref_0048c434] ; mov ax, word [esi + 0x48c434] test ax, ax je short loc_0043c5cf ; je 0x43c5cf xor edx, edx mov dx, ax lea eax, [edx - 1] imul eax, eax, 0x68 test byte [eax + (_players+21)], 6 ; test byte [eax + 0x496b7d], 6 je short loc_0043c624 ; je 0x43c624 cmp word [esi + ref_0048c436], 0 ; cmp word [esi + 0x48c436], 0 jne short loc_0043c624 ; jne 0x43c624 mov eax, dword [esp + 0xb0] push eax push edx call fcn_00439f0d ; call 0x439f0d add esp, 8 mov dword [esi + ref_0048c438], eax ; mov dword [esi + 0x48c438], eax loc_0043c624: mov eax, ebx shl eax, 2 add eax, ebx shl eax, 2 cmp word [eax + ref_0048c436], 0 ; cmp word [eax + 0x48c436], 0 je near loc_0043c4f5 ; je 0x43c4f5 mov esi, dword [esp + 0x8c] add esi, 0xe mov dx, word [eax + ref_0048c436] ; mov dx, word [eax + 0x48c436] cmp dx, 8 je near loc_0043c43c ; je 0x43c43c mov eax, edx and eax, 0xffff mov edx, dword [eax*4 + ref_00475b34] ; mov edx, dword [eax*4 + 0x475b34] push edx lea eax, [esp + 4] push eax call fcn_00457d96 ; call 0x457d96 add esp, 8 push 2 push esi push 0x24e jmp near loc_0043c46d ; jmp 0x43c46d loc_0043c680: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push 0x101010 push 0 push 0 push 0x3c push 0x19a mov eax, dword [ref_0048c49c] ; mov eax, dword [0x48c49c] add eax, 0x24 push eax call fcn_0044ec30 ; call 0x44ec30 add esp, 0x1c push ref_00475bba ; push 0x475bba call fcn_00454176 ; call 0x454176 add esp, 4 cmp dword [esp + 0xb4], 0 je short loc_0043c6db ; je 0x43c6db push 5 call fcn_004549cf ; call 0x4549cf add esp, 4 mov dword [esp + 0x84], eax loc_0043c6db: push edi push fcn_0043a2dd ; push 0x43a2dd call _Wait_0402_Message ; call 0x4018e7 add esp, 8 mov dword [esp + 0x8c], eax cmp dword [esp + 0xb4], 0 je short loc_0043c709 ; je 0x43c709 cmp dword [esp + 0x84], 0 je short loc_0043c709 ; je 0x43c709 call fcn_00454bcc ; call 0x454bcc loc_0043c709: push ref_00475bba ; push 0x475bba call fcn_00454240 ; call 0x454240 add esp, 4 mov esi, dword [esp + 0x8c] cmp esi, 0xffffffff je near loc_0043c868 ; je 0x43c868 mov eax, esi shl eax, 2 add eax, esi mov ax, word [eax*4 + ref_0048c434] ; mov ax, word [eax*4 + 0x48c434] and eax, 0xffff mov dword [esp + 0x8c], eax cmp dword [ref_0048c490], 0 ; cmp dword [0x48c490], 0 jne short loc_0043c751 ; jne 0x43c751 mov eax, dword [ref_0048c48c] ; mov eax, dword [0x48c48c] jmp short loc_0043c756 ; jmp 0x43c756 loc_0043c751: mov eax, dword [ref_0048c498] ; mov eax, dword [0x48c498] loc_0043c756: xor ebx, ebx mov bl, byte [eax + 0x19] movsx edx, word [eax] movsx eax, word [eax + 2] push 4 push eax push edx call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0x3e8 call fcn_004528b9 ; call 0x4528b9 add esp, 4 cmp ebx, dword [esp + 0x8c] je near loc_0043c83b ; je 0x43c83b mov eax, dword [ref_00499110] ; mov eax, dword [0x499110] shl eax, 2 cmp dword [ref_0048c490], 0 ; cmp dword [0x48c490], 0 jne short loc_0043c7d3 ; jne 0x43c7d3 cmp dword [ref_00499110], 0 ; cmp dword [0x499110], 0 je short loc_0043c7cc ; je 0x43c7cc mov edx, dword [ref_0048c48c] ; mov edx, dword [0x48c48c] cmp byte [edx + 0x19], 0 jne short loc_0043c7cc ; jne 0x43c7cc mov ebp, dword [eax + ref_004751f0] ; mov ebp, dword [eax + 0x4751f0] push ebp mov eax, dword [ref_00497160] ; mov eax, dword [0x497160] push eax call fcn_004521cb ; call 0x4521cb add esp, 8 mov edx, dword [ref_0048c48c] ; mov edx, dword [0x48c48c] mov dword [edx + 0x30], eax loc_0043c7cc: mov eax, dword [ref_0048c48c] ; mov eax, dword [0x48c48c] jmp short loc_0043c80c ; jmp 0x43c80c loc_0043c7d3: cmp dword [ref_00499110], 0 ; cmp dword [0x499110], 0 je short loc_0043c807 ; je 0x43c807 mov edx, dword [ref_0048c498] ; mov edx, dword [0x48c498] cmp byte [edx + 0x19], 0 jne short loc_0043c807 ; jne 0x43c807 mov ebx, dword [eax + ref_004751f0] ; mov ebx, dword [eax + 0x4751f0] push ebx mov esi, dword [ref_00497160] ; mov esi, dword [0x497160] push esi call fcn_004521cb ; call 0x4521cb add esp, 8 mov edx, dword [ref_0048c498] ; mov edx, dword [0x48c498] mov dword [edx + 0x34], eax loc_0043c807: mov eax, dword [ref_0048c498] ; mov eax, dword [0x48c498] loc_0043c80c: mov dl, byte [esp + 0x8c] mov byte [eax + 0x19], dl push 0 call fcn_0040a4e1 ; call 0x40a4e1 add esp, 4 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0x3e8 call fcn_004528b9 ; call 0x4528b9 add esp, 4 loc_0043c83b: push 0 mov edx, dword [ref_0048c488] ; mov edx, dword [0x48c488] push edx mov ecx, dword [esp + 0xb4] push ecx mov eax, dword [esp + 0x98] dec eax push eax call fcn_0041d2c6 ; call 0x41d2c6 add esp, 0x10 mov dword [esp + 0x88], 1 loc_0043c868: mov esi, dword [ref_0048c49c] ; mov esi, dword [0x48c49c] push esi call clib_free ; call 0x456e11 add esp, 4 xor ebx, ebx jmp short loc_0043c881 ; jmp 0x43c881 loc_0043c87b: inc ebx cmp ebx, 4 jge short loc_0043c8da ; jge 0x43c8da loc_0043c881: mov eax, ebx shl eax, 2 add eax, ebx shl eax, 2 mov edi, dword [eax + ref_0048c43c] ; mov edi, dword [eax + 0x48c43c] test edi, edi je short loc_0043c89e ; je 0x43c89e push edi call clib_free ; call 0x456e11 add esp, 4 loc_0043c89e: mov eax, ebx shl eax, 2 add eax, ebx shl eax, 2 mov edx, dword [eax + ref_0048c440] ; mov edx, dword [eax + 0x48c440] test edx, edx je short loc_0043c8bb ; je 0x43c8bb push edx call clib_free ; call 0x456e11 add esp, 4 loc_0043c8bb: mov eax, ebx shl eax, 2 add eax, ebx shl eax, 2 mov esi, dword [eax + ref_0048c444] ; mov esi, dword [eax + 0x48c444] test esi, esi je short loc_0043c87b ; je 0x43c87b push esi call clib_free ; call 0x456e11 add esp, 4 jmp short loc_0043c87b ; jmp 0x43c87b loc_0043c8da: mov ebp, dword [ref_0048c484] ; mov ebp, dword [0x48c484] push ebp call clib_free ; call 0x456e11 add esp, 4 mov eax, dword [esp + 0x88] add esp, 0x98 pop ebp pop edi pop esi pop ebx ret fcn_0043c8fb: push ebx push esi push edi push ebp sub esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0 push 0 mov eax, dword [ref_0048c4b4] ; mov eax, dword [0x48c4b4] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 xor ebx, ebx jmp short loc_0043c9a1 ; jmp 0x43c9a1 loc_0043c938: mov ebp, dword [eax + ref_00475c08] ; mov ebp, dword [eax + 0x475c08] push ebp mov edx, dword [eax + ref_00475c04] ; mov edx, dword [eax + 0x475c04] push edx lea edx, [ebx + 0xd] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c4b4] ; mov eax, dword [0x48c4b4] add eax, 0xc add eax, edx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx loc_0043c967: call fcn_00456418 ; call 0x456418 add esp, 0x10 mov edx, dword [ebx*8 + ref_00475c08] ; mov edx, dword [ebx*8 + 0x475c08] push edx mov ecx, dword [ebx*8 + ref_00475c04] ; mov ecx, dword [ebx*8 + 0x475c04] push ecx mov eax, dword [ref_0048c4b4] ; mov eax, dword [0x48c4b4] add eax, 0x30 push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi loc_0043c98f: call fcn_00456418 ; call 0x456418 add esp, 0x10 inc ebx cmp ebx, 8 jge near loc_0043ca19 ; jge 0x43ca19 loc_0043c9a1: mov eax, ebx shl eax, 3 cmp byte [ebx + ref_00496b30], 0 ; cmp byte [ebx + 0x496b30], 0 je short loc_0043c9f6 ; je 0x43c9f6 cmp ebx, 4 jge short loc_0043c938 ; jge 0x43c938 mov esi, dword [eax + ref_00475c08] ; mov esi, dword [eax + 0x475c08] push esi mov edi, dword [eax + ref_00475c04] ; mov edi, dword [eax + 0x475c04] push edi imul eax, ebx, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff lea edx, [eax + 5] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c4b4] ; mov eax, dword [0x48c4b4] add eax, 0xc add eax, edx push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp jmp near loc_0043c967 ; jmp 0x43c967 loc_0043c9f6: mov ecx, dword [eax + ref_00475c08] ; mov ecx, dword [eax + 0x475c08] push ecx mov esi, dword [eax + ref_00475c04] ; mov esi, dword [eax + 0x475c04] push esi mov eax, dword [ref_0048c4b4] ; mov eax, dword [0x48c4b4] add eax, 0x3c push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi jmp near loc_0043c98f ; jmp 0x43c98f loc_0043ca19: push 0x1b0 push 0x21e mov eax, dword [ref_0048c4b4] ; mov eax, dword [0x48c4b4] add eax, 0x108 push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0 push 3 push 0x101010 push 0xffffff push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 0xa lea eax, [esp + 4] push eax imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ax, word [eax + (_players+48)] ; mov ax, word [eax + 0x496b98] and eax, 0xffff push eax call fcn_00457d61 ; call 0x457d61 add esp, 0xc push 6 push 0x1c4 push 0x26e lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall add esp, 0x14 pop ebp pop edi pop esi pop ebx ret fcn_0043caab: push ebx push esi push edi push ebp sub esp, 0x7c mov edi, dword [esp + 0x90] mov eax, dword [esp + 0x94] mov edx, dword [esp + 0x9c] cmp eax, 0x200 jb short loc_0043cb0d ; jb 0x43cb0d mov ebx, edx shr ebx, 0x10 and ebx, 0xffff cmp eax, 0x200 jbe near loc_0043cbf5 ; jbe 0x43cbf5 cmp eax, 0x205 jb short loc_0043cafd ; jb 0x43cafd jbe near loc_0043d266 ; jbe 0x43d266 cmp eax, 0x401 je short loc_0043cb28 ; je 0x43cb28 jmp near loc_0043d2ed ; jmp 0x43d2ed loc_0043cafd: cmp eax, 0x202 je near loc_0043cef6 ; je 0x43cef6 jmp near loc_0043d2ed ; jmp 0x43d2ed loc_0043cb0d: cmp eax, 0xf jb near loc_0043d2ed ; jb 0x43d2ed jbe near loc_0043d295 ; jbe 0x43d295 cmp eax, 0x113 je short loc_0043cb73 ; je 0x43cb73 jmp near loc_0043d2ed ; jmp 0x43d2ed loc_0043cb28: mov dword [ref_0048c4c4], 0xffffffff ; mov dword [0x48c4c4], 0xffffffff xor ah, ah mov byte [ref_0048c4c8], ah ; mov byte [0x48c4c8], ah mov byte [ref_0048c4c9], ah ; mov byte [0x48c4c9], ah push 0 push 0x64 mov ecx, dword [_callbackSize] ; mov ecx, dword [0x46cad8] push ecx push edi call dword [cs:__imp__SetTimer@16] ; ucall: call dword cs:[0x462324] mov dword [ref_0048c4c0], eax ; mov dword [0x48c4c0], eax push 1 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 0 push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_0043cbe9 ; jmp 0x43cbe9 loc_0043cb73: cmp byte [ref_0048c4c8], 0 ; cmp byte [0x48c4c8], 0 je near loc_0043cbe9 ; je 0x43cbe9 push 0 call fcn_0044ee18 ; call 0x44ee18 add esp, 4 test eax, eax je near loc_0043cbe9 ; je 0x43cbe9 cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je near loc_0043cbe9 ; je 0x43cbe9 mov eax, dword [esp + 0x98] cmp eax, dword [_callbackSize] ; cmp eax, dword [0x46cad8] jne near loc_0043cbe9 ; jne 0x43cbe9 xor dl, dl mov byte [ref_0048c4c8], dl ; mov byte [0x48c4c8], dl call fcn_0043c8fb ; call 0x43c8fb push 0 push 0 push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] cmp byte [ref_0048c4c9], 0 ; cmp byte [0x48c4c9], 0 je near loc_0043cbe9 ; je 0x43cbe9 push 0 push 0 push 0x205 push edi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] loc_0043cbe9: xor eax, eax loc_0043cbeb: add esp, 0x7c pop ebp pop edi pop esi pop ebx ret 0x10 loc_0043cbf5: cmp byte [ref_0048c4c8], 0 ; cmp byte [0x48c4c8], 0 jne short loc_0043cbe9 ; jne 0x43cbe9 xor eax, eax mov ax, dx mov dword [esp + 0x78], eax movzx ebp, bx xor ebx, ebx mov ecx, dword [esp + 0x78] jmp short loc_0043cc1c ; jmp 0x43cc1c loc_0043cc12: inc ebx cmp ebx, 8 jge near loc_0043ce40 ; jge 0x43ce40 loc_0043cc1c: cmp byte [ebx + ref_00496b30], 0 ; cmp byte [ebx + 0x496b30], 0 je short loc_0043cc12 ; je 0x43cc12 mov eax, ebx shl eax, 3 mov edx, dword [esp + 0x78] mov esi, dword [eax + ref_00475c04] ; mov esi, dword [eax + 0x475c04] cmp edx, esi jl short loc_0043cc12 ; jl 0x43cc12 lea edx, [esi + 0x79] cmp edx, ecx jl short loc_0043cc12 ; jl 0x43cc12 mov esi, dword [eax + ref_00475c08] ; mov esi, dword [eax + 0x475c08] cmp ebp, esi jl short loc_0043cc12 ; jl 0x43cc12 lea eax, [esi + 0x89] cmp ebp, eax jg short loc_0043cc12 ; jg 0x43cc12 cmp ebx, dword [ref_0048c4c4] ; cmp ebx, dword [0x48c4c4] je near loc_0043ce40 ; je 0x43ce40 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax mov eax, dword [ref_0048c4c4] ; mov eax, dword [0x48c4c4] cmp eax, 0xffffffff je short loc_0043ccf4 ; je 0x43ccf4 mov edx, eax mov eax, dword [eax*8 + ref_00475c04] ; mov eax, dword [eax*8 + 0x475c04] add eax, 0x14 mov dword [esp + 0x68], eax mov eax, dword [edx*8 + ref_00475c08] ; mov eax, dword [edx*8 + 0x475c08] add eax, 0x78 mov dword [esp + 0x6c], eax mov eax, dword [edx*8 + ref_00475c04] ; mov eax, dword [edx*8 + 0x475c04] add eax, 0x78 mov dword [esp + 0x70], eax mov eax, dword [edx*8 + ref_00475c08] ; mov eax, dword [edx*8 + 0x475c08] add eax, 0xd7 mov dword [esp + 0x74], eax mov edx, dword [esp + 0x6c] push edx mov ecx, dword [esp + 0x6c] push ecx mov esi, dword [ref_0048c4b8] ; mov esi, dword [0x48c4b8] push esi mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0 lea eax, [esp + 0x6c] push eax push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_0043ccf4: mov dword [ref_0048c4c4], ebx ; mov dword [0x48c4c4], ebx mov eax, dword [ebx*8 + ref_00475c04] ; mov eax, dword [ebx*8 + 0x475c04] add eax, 0x14 mov dword [esp + 0x68], eax mov eax, dword [ebx*8 + ref_00475c08] ; mov eax, dword [ebx*8 + 0x475c08] add eax, 0x78 mov dword [esp + 0x6c], eax mov eax, dword [ebx*8 + ref_00475c04] ; mov eax, dword [ebx*8 + 0x475c04] add eax, 0x78 mov dword [esp + 0x70], eax mov eax, dword [ebx*8 + ref_00475c08] ; mov eax, dword [ebx*8 + 0x475c08] add eax, 0xd7 mov dword [esp + 0x74], eax push 0x5f push 0x64 mov eax, dword [esp + 0x74] push eax mov edx, dword [esp + 0x74] push edx mov ecx, dword [ref_0048c4b8] ; mov ecx, dword [0x48c4b8] push ecx push ref_0046caec ; push 0x46caec call fcn_00451a97 ; call 0x451a97 add esp, 0x18 mov esi, dword [esp + 0x6c] push esi mov ebp, dword [esp + 0x6c] push ebp mov eax, dword [ref_0048c4b4] ; mov eax, dword [0x48c4b4] add eax, 0x24 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0 push 2 push 0 push 0x101010 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov eax, dword [esp + 0x68] add eax, 0x39 mov edx, dword [esp + 0x6c] add edx, 0x1a cmp ebx, 4 jge short loc_0043cdaf ; jge 0x43cdaf push 2 push edx push eax imul eax, ebx, 0x68 mov ecx, dword [eax + (_players+0)] ; mov ecx, dword [eax + 0x496b68] push ecx jmp short loc_0043cdbb ; jmp 0x43cdbb loc_0043cdaf: push 2 push edx push eax mov edx, dword [ebx*4 + ref_0047ed5a] ; mov edx, dword [ebx*4 + 0x47ed5a] push edx loc_0043cdbb: push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 mov eax, dword [esp + 0x70] add eax, 0x30 push eax mov eax, dword [esp + 0x70] add eax, 0x39 push eax push ref_00465140 ; push 0x465140 push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov esi, dword [ebx*4 + ref_00475c44] ; mov esi, dword [ebx*4 + 0x475c44] push esi push ref_00465149 ; push 0x465149 lea eax, [esp + 0x48] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 2 mov eax, dword [esp + 0x70] add eax, 0x46 push eax mov eax, dword [esp + 0x70] add eax, 0x39 push eax lea eax, [esp + 0x4c] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x6c] push eax push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_0043ce40: cmp ebx, 8 jne near loc_0043cbe9 ; jne 0x43cbe9 mov ebp, dword [ref_0048c4c4] ; mov ebp, dword [0x48c4c4] cmp ebp, 0xffffffff je near loc_0043cbe9 ; je 0x43cbe9 mov eax, dword [ebp*8 + ref_00475c04] ; mov eax, dword [ebp*8 + 0x475c04] add eax, 0x14 mov dword [esp + 0x68], eax mov eax, dword [ebp*8 + ref_00475c08] ; mov eax, dword [ebp*8 + 0x475c08] add eax, 0x78 mov dword [esp + 0x6c], eax mov eax, dword [ebp*8 + ref_00475c04] ; mov eax, dword [ebp*8 + 0x475c04] add eax, 0x78 mov dword [esp + 0x70], eax mov eax, dword [ebp*8 + ref_00475c08] ; mov eax, dword [ebp*8 + 0x475c08] add eax, 0xd7 mov dword [esp + 0x74], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [esp + 0x6c] push eax mov edx, dword [esp + 0x6c] push edx mov ecx, dword [ref_0048c4b8] ; mov ecx, dword [0x48c4b8] push ecx mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x6c] push eax push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov dword [ref_0048c4c4], 0xffffffff ; mov dword [0x48c4c4], 0xffffffff jmp near loc_0043cbe9 ; jmp 0x43cbe9 loc_0043cef6: cmp byte [ref_0048c4c8], 0 ; cmp byte [0x48c4c8], 0 je short loc_0043cf0e ; je 0x43cf0e push 1 call fcn_0044ee18 ; call 0x44ee18 loc_0043cf06: add esp, 4 jmp near loc_0043cbe9 ; jmp 0x43cbe9 loc_0043cf0e: xor eax, eax mov ax, dx mov dword [esp + 0x78], eax movzx ebp, bx xor ebx, ebx jmp near loc_0043cfdb ; jmp 0x43cfdb loc_0043cf21: imul eax, ebx, 0x68 mov al, byte [eax + (_players+52)] ; mov al, byte [eax + 0x496b9c] and al, 0x7f and eax, 0xff jne short loc_0043cf38 ; jne 0x43cf38 mov eax, 1 loc_0043cf38: imul eax, eax, 0x64 imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] neg eax push eax mov esi, dword [_current_player] ; mov esi, dword [0x49910c] push esi push ebx call fcn_0040df69 ; call 0x40df69 add esp, 0xc push 0 push 0 push 0x205 push edi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] imul eax, ebx, 0x68 mov byte [eax + (_players+52)], 0x80 ; mov byte [eax + 0x496b9c], 0x80 xor dh, dh mov byte [ebx + ref_00496b30], dh ; mov byte [ebx + 0x496b30], dh loc_0043cf78: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov dx, word [ebx*4 + ref_00475c44] ; mov dx, word [ebx*4 + 0x475c44] sub word [eax + (_players+48)], dx ; sub word [eax + 0x496b98], dx mov byte [ref_0048c4c9], 1 ; mov byte [0x48c4c9], 1 jmp short loc_0043cfd1 ; jmp 0x43cfd1 loc_0043cf97: push 0 push 0x101010 push 0xfffffffffffffffa push 0 push 0x12c push 0xe6 mov eax, dword [ref_0048c4b4] ; mov eax, dword [0x48c4b4] add eax, 0x18 push eax call fcn_0044ec30 ; call 0x44ec30 add esp, 0x1c push ref_0046514e ; push 0x46514e call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 mov byte [ref_0048c4c8], 1 ; mov byte [0x48c4c8], 1 loc_0043cfd1: inc ebx cmp ebx, 8 jge near loc_0043cbe9 ; jge 0x43cbe9 loc_0043cfdb: cmp byte [ebx + ref_00496b30], 0 ; cmp byte [ebx + 0x496b30], 0 je short loc_0043cfd1 ; je 0x43cfd1 mov eax, ebx shl eax, 3 mov edx, dword [esp + 0x78] mov ecx, dword [eax + ref_00475c04] ; mov ecx, dword [eax + 0x475c04] cmp edx, ecx jl short loc_0043cfd1 ; jl 0x43cfd1 lea edx, [ecx + 0x79] cmp edx, dword [esp + 0x78] jl short loc_0043cfd1 ; jl 0x43cfd1 mov edx, dword [eax + ref_00475c08] ; mov edx, dword [eax + 0x475c08] cmp ebp, edx jl short loc_0043cfd1 ; jl 0x43cfd1 lea eax, [edx + 0x89] cmp ebp, eax jg short loc_0043cfd1 ; jg 0x43cfd1 mov ecx, dword [ref_0048c4c4] ; mov ecx, dword [0x48c4c4] cmp ecx, 0xffffffff je near loc_0043d0bc ; je 0x43d0bc mov eax, dword [ecx*8 + ref_00475c04] ; mov eax, dword [ecx*8 + 0x475c04] add eax, 0x14 mov dword [esp + 0x68], eax mov eax, dword [ecx*8 + ref_00475c08] ; mov eax, dword [ecx*8 + 0x475c08] add eax, 0x78 mov dword [esp + 0x6c], eax mov eax, dword [ecx*8 + ref_00475c04] ; mov eax, dword [ecx*8 + 0x475c04] add eax, 0x78 mov dword [esp + 0x70], eax mov eax, dword [ecx*8 + ref_00475c08] ; mov eax, dword [ecx*8 + 0x475c08] add eax, 0xd7 mov dword [esp + 0x74], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov esi, dword [esp + 0x6c] push esi mov eax, dword [esp + 0x6c] push eax mov edx, dword [ref_0048c4b8] ; mov edx, dword [0x48c4b8] push edx mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x6c] push eax push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov dword [ref_0048c4c4], 0xffffffff ; mov dword [0x48c4c4], 0xffffffff loc_0043d0bc: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ax, word [eax + (_players+48)] ; mov ax, word [eax + 0x496b98] and eax, 0xffff mov esi, ebx shl esi, 2 cmp eax, dword [esi + ref_00475c44] ; cmp eax, dword [esi + 0x475c44] jl near loc_0043cf97 ; jl 0x43cf97 push 0xf0 push 0x140 call fcn_00453a32 ; call 0x453a32 add esp, 8 cmp eax, 1 jne near loc_0043cfd1 ; jne 0x43cfd1 mov eax, dword [ebx*8 + ref_00475c04] ; mov eax, dword [ebx*8 + 0x475c04] mov dword [esp + 0x68], eax mov eax, dword [ebx*8 + ref_00475c08] ; mov eax, dword [ebx*8 + 0x475c08] mov dword [esp + 0x6c], eax mov eax, dword [esp + 0x68] add eax, 0x8c mov dword [esp + 0x70], eax mov eax, dword [esp + 0x6c] add eax, 0x89 mov dword [esp + 0x74], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x89 push 0x8c mov eax, dword [esp + 0x74] push eax mov edx, dword [esp + 0x74] push edx push eax push edx mov eax, dword [ref_0048c4b4] ; mov eax, dword [0x48c4b4] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045643d ; call 0x45643d add esp, 0x20 mov ecx, dword [esp + 0x6c] push ecx mov eax, dword [esp + 0x6c] push eax mov eax, dword [ref_0048c4b4] ; mov eax, dword [0x48c4b4] add eax, 0x3c push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x6c] push eax push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] cmp ebx, 4 jl near loc_0043cf21 ; jl 0x43cf21 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x1c2 push 0x16d lea edx, [ebx - 4] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048c4bc] ; mov edx, dword [0x48c4bc] add edx, 0xc add eax, edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push 0 push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 push 0x101010 push 0xfffffffffffffffa push 0 push 0x96 push 0xd2 mov eax, dword [ref_0048c4b4] ; mov eax, dword [0x48c4b4] add eax, 0x18 push eax call fcn_0044ec30 ; call 0x44ec30 add esp, 0x1c mov edx, dword [esi + ref_00475be4] ; mov edx, dword [esi + 0x475be4] push edx call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 mov byte [ref_0048c4c8], 1 ; mov byte [0x48c4c8], 1 push ebx call fcn_0043d7bf ; call 0x43d7bf add esp, 4 jmp near loc_0043cf78 ; jmp 0x43cf78 loc_0043d266: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov ebx, dword [ref_0048c4c0] ; mov ebx, dword [0x48c4c0] push ebx push edi call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] push 1 call fcn_0044ee18 ; call 0x44ee18 add esp, 4 push 0 call _Post_0402_Message ; call 0x401966 jmp near loc_0043cf06 ; jmp 0x43cf06 loc_0043d295: mov eax, esp push eax push edi call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ebx, [esp + 0xc] push ebx mov ebp, dword [ref_0048a0e0] ; mov ebp, dword [0x48a0e0] push ebp mov ecx, dword [esp + 0x18] push ecx mov ebx, dword [esp + 0x18] push ebx push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push edi call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_0043cbe9 ; jmp 0x43cbe9 loc_0043d2ed: push edx mov esi, dword [esp + 0x9c] push esi push eax push edi call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_0043cbeb ; jmp 0x43cbeb fcn_0043d304: push ebx push esi push edi push ebp sub esp, 0x9c xor ebx, ebx jmp short loc_0043d318 ; jmp 0x43d318 loc_0043d312: inc ebx cmp ebx, 8 jge short loc_0043d321 ; jge 0x43d321 loc_0043d318: cmp byte [ebx + ref_00496b30], 0 ; cmp byte [ebx + 0x496b30], 0 je short loc_0043d312 ; je 0x43d312 loc_0043d321: cmp ebx, 8 je near loc_0043d588 ; je 0x43d588 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne near loc_0043d3d8 ; jne 0x43d3d8 push 0 push 0 push 0x3f mov ebx, dword [ref_0048a05c] ; mov ebx, dword [0x48a05c] push ebx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c4b4], eax ; mov dword [0x48c4b4], eax push 0 push 0 push 0x40 mov esi, dword [ref_0048a05c] ; mov esi, dword [0x48a05c] push esi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c4bc], eax ; mov dword [0x48c4bc], eax push 0 push 0 push 0x5f push 0x64 call fcn_00451a5a ; call 0x451a5a add esp, 0x10 mov dword [ref_0048c4b8], eax ; mov dword [0x48c4b8], eax call fcn_0043c8fb ; call 0x43c8fb push 0xf call fcn_004549cf ; call 0x4549cf add esp, 4 push 0 push fcn_0043caab ; push 0x43caab call _Wait_0402_Message ; call 0x4018e7 add esp, 8 call fcn_00454bcc ; call 0x454bcc mov edi, dword [ref_0048c4b4] ; mov edi, dword [0x48c4b4] push edi call clib_free ; call 0x456e11 add esp, 4 mov ebp, dword [ref_0048c4bc] ; mov ebp, dword [0x48c4bc] push ebp call clib_free ; call 0x456e11 add esp, 4 mov eax, dword [ref_0048c4b8] ; mov eax, dword [0x48c4b8] push eax call clib_free ; call 0x456e11 jmp near loc_0043d585 ; jmp 0x43d585 loc_0043d3d8: call clib_rand ; call 0x456f2d test al, 1 je near loc_0043d588 ; je 0x43d588 xor esi, esi imul edx, dword [_current_player], 0x68 ; imul edx, dword [0x49910c], 0x68 mov dl, byte [edx + (_players+23)] ; mov dl, byte [edx + 0x496b7f] cmp dl, 1 jb short loc_0043d409 ; jb 0x43d409 jbe short loc_0043d432 ; jbe 0x43d432 cmp dl, 2 je near loc_0043d484 ; je 0x43d484 jmp near loc_0043d4a4 ; jmp 0x43d4a4 loc_0043d409: test dl, dl jne near loc_0043d4a4 ; jne 0x43d4a4 xor ebx, ebx jmp short loc_0043d41f ; jmp 0x43d41f loc_0043d415: inc ebx cmp ebx, 4 jge near loc_0043d4a4 ; jge 0x43d4a4 loc_0043d41f: cmp byte [ebx + ref_00496b30], 0 ; cmp byte [ebx + 0x496b30], 0 je short loc_0043d415 ; je 0x43d415 mov byte [esp + esi + 0x94], bl inc esi jmp short loc_0043d415 ; jmp 0x43d415 loc_0043d432: xor ebx, ebx jmp short loc_0043d43c ; jmp 0x43d43c loc_0043d436: inc ebx cmp ebx, 4 jge short loc_0043d44f ; jge 0x43d44f loc_0043d43c: cmp byte [ebx + ref_00496b30], 0 ; cmp byte [ebx + 0x496b30], 0 je short loc_0043d436 ; je 0x43d436 mov byte [esp + esi + 0x94], bl inc esi jmp short loc_0043d436 ; jmp 0x43d436 loc_0043d44f: call clib_rand ; call 0x456f2d mov edx, eax mov ebx, 3 sar edx, 0x1f idiv ebx test edx, edx jne short loc_0043d4a4 ; jne 0x43d4a4 mov ebx, 4 jmp short loc_0043d471 ; jmp 0x43d471 loc_0043d46b: inc ebx cmp ebx, 8 jge short loc_0043d4a4 ; jge 0x43d4a4 loc_0043d471: cmp byte [ebx + ref_00496b30], 0 ; cmp byte [ebx + 0x496b30], 0 je short loc_0043d46b ; je 0x43d46b mov byte [esp + esi + 0x94], bl inc esi jmp short loc_0043d46b ; jmp 0x43d46b loc_0043d484: mov ebx, 4 jmp short loc_0043d491 ; jmp 0x43d491 loc_0043d48b: inc ebx cmp ebx, 8 jge short loc_0043d4a4 ; jge 0x43d4a4 loc_0043d491: cmp byte [ebx + ref_00496b30], 0 ; cmp byte [ebx + 0x496b30], 0 je short loc_0043d48b ; je 0x43d48b mov byte [esp + esi + 0x94], bl inc esi jmp short loc_0043d48b ; jmp 0x43d48b loc_0043d4a4: test esi, esi je near loc_0043d588 ; je 0x43d588 call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv esi xor ebx, ebx mov bl, byte [esp + edx + 0x94] mov esi, dword [ebx*4 + ref_00475c44] ; mov esi, dword [ebx*4 + 0x475c44] cmp ebx, 4 jge short loc_0043d4e4 ; jge 0x43d4e4 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ax, word [eax + (_players+48)] ; mov ax, word [eax + 0x496b98] and eax, 0xffff cmp eax, esi jg short loc_0043d503 ; jg 0x43d503 loc_0043d4e4: cmp ebx, 4 jl near loc_0043d588 ; jl 0x43d588 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp word [eax + (_players+48)], 0x2bc ; cmp word [eax + 0x496b98], 0x2bc jb near loc_0043d588 ; jb 0x43d588 loc_0043d503: cmp ebx, 4 jge short loc_0043d514 ; jge 0x43d514 imul edx, ebx, 0x68 mov ebp, dword [edx + (_players+0)] ; mov ebp, dword [edx + 0x496b68] push ebp jmp short loc_0043d51c ; jmp 0x43d51c loc_0043d514: mov edi, dword [ebx*4 + ref_0047ed5a] ; mov edi, dword [ebx*4 + 0x47ed5a] push edi loc_0043d51c: lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 lea eax, [esp + 0x80] push eax push ref_00465169 ; push 0x465169 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 imul edx, dword [_current_player], 0x68 ; imul edx, dword [0x49910c], 0x68 sub word [edx + (_players+48)], si ; sub word [edx + 0x496b98], si cmp ebx, 4 jge short loc_0043d57f ; jge 0x43d57f imul edx, ebx, 0x68 mov byte [edx + (_players+52)], 0x80 ; mov byte [edx + 0x496b9c], 0x80 xor dl, dl mov byte [ebx + ref_00496b30], dl ; mov byte [ebx + 0x496b30], dl jmp short loc_0043d588 ; jmp 0x43d588 loc_0043d57f: push ebx call fcn_0043d7bf ; call 0x43d7bf loc_0043d585: add esp, 4 loc_0043d588: add esp, 0x9c pop ebp pop edi pop esi pop ebx ret fcn_0043d593: push ebx push esi push edi push ebp mov cl, byte [esp + 0x14] mov edi, 0x100 shl edi, cl not edi mov edx, dword [esp + 0x14] cmp edx, 4 jge near loc_0043d760 ; jge 0x43d760 push 0 mov eax, edx imul ebx, edx, 0x68 xor eax, edx mov ax, word [ebx + (_players+10)] ; mov ax, word [ebx + 0x496b72] push eax xor eax, eax mov ax, word [ebx + (_players+8)] ; mov ax, word [ebx + 0x496b70] push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov dh, byte [ebx + (_players+52)] ; mov dh, byte [ebx + 0x496b9c] test dh, dh jne near loc_0043d6bd ; jne 0x43d6bd mov edx, dword [esp + 0x14] push edx call fcn_0040d761 ; call 0x40d761 add esp, 4 mov ecx, dword [esp + 0x18] push ecx mov esi, dword [esp + 0x18] push esi call fcn_0044f2c2 ; call 0x44f2c2 add esp, 8 and byte [ebx + (_players+21)], 0xf ; and byte [ebx + 0x496b7d], 0xf xor eax, eax mov ax, word [ebx + (_players+12)] ; mov ax, word [ebx + 0x496b74] mov esi, eax shl esi, 2 add esi, eax mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] and dword [eax + esi*8 + 0x24], edi mov ax, word [ref_0048bae0] ; mov ax, word [0x48bae0] mov word [ebx + (_players+12)], ax ; mov word [ebx + 0x496b74], ax xor edx, edx mov word [ebx + (_players+14)], dx ; mov word [ebx + 0x496b76], dx mov byte [ebx + (_players+27)], 0xf ; mov byte [ebx + 0x496b83], 0xf mov eax, dword [ref_00498e78] ; mov eax, dword [0x498e78] mov si, word [eax + 0x38] mov word [ebx + (_players+8)], si ; mov word [ebx + 0x496b70], si mov ax, word [eax + 0x3a] mov word [ebx + (_players+10)], ax ; mov word [ebx + 0x496b72], ax mov al, byte [esp + 0x18] mov byte [ebx + (_players+52)], al ; mov byte [ebx + 0x496b9c], al mov eax, dword [esp + 0x14] push eax call fcn_0040fc00 ; call 0x40fc00 add esp, 4 mov eax, dword [esp + 0x14] mov byte [eax + ref_00496b30], 1 ; mov byte [eax + 0x496b30], 1 cmp byte [ref_00497159], 0 ; cmp byte [0x497159], 0 je short loc_0043d6d6 ; je 0x43d6d6 push 0 push 0 push 0x21a mov edx, dword [ref_0048a0e4] ; mov edx, dword [0x48a0e4] push edx call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x5e push 0x120001 push 0x28 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 jmp short loc_0043d6d6 ; jmp 0x43d6d6 loc_0043d6bd: mov al, byte [esp + 0x18] mov cl, dh add cl, al mov byte [ebx + (_players+52)], cl ; mov byte [ebx + 0x496b9c], cl mov ch, cl and ch, 0x7f mov byte [ebx + (_players+52)], ch ; mov byte [ebx + 0x496b9c], ch loc_0043d6d6: push 0 imul esi, dword [esp + 0x18], 0x68 xor eax, eax mov ax, word [esi + (_players+10)] ; mov ax, word [esi + 0x496b72] push eax xor eax, eax mov ax, word [esi + (_players+8)] ; mov ax, word [esi + 0x496b70] push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc xor eax, eax mov al, byte [esi + (_players+19)] ; mov al, byte [esi + 0x496b7b] mov ebx, eax shl ebx, 2 sub ebx, eax shl ebx, 2 mov eax, ebx mov edi, dword [eax + ebx*8 + ref_00480896] ; mov edi, dword [eax + ebx*8 + 0x480896] push edi push 2 mov ebp, dword [esp + 0x1c] push ebp call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc push 0 mov eax, dword [esp + 0x1c] mov ebx, eax shl ebx, 2 sub ebx, eax shl ebx, 3 add ebx, eax shl ebx, 4 mov eax, ebx shl ebx, 2 add ebx, eax imul ebx, dword [ref_004990e8] ; imul ebx, dword [0x4990e8] push ebx push ebp call fcn_0044ba63 ; call 0x44ba63 add esp, 0xc mov al, byte [esp + 0x18] add byte [esi + (_players+66)], al ; add byte [esi + 0x496baa], al pop ebp pop edi pop esi pop ebx ret loc_0043d760: cmp edx, 8 jge short loc_0043d7ba ; jge 0x43d7ba lea ebx, [edx - 4] mov dword [esp + 0x14], ebx shl ebx, 4 xor eax, eax mov ax, word [ebx + ref_00498e2c] ; mov ax, word [ebx + 0x498e2c] mov esi, eax shl esi, 2 add esi, eax mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] and dword [eax + esi*8 + 0x24], edi mov byte [ebx + ref_00498e32], 1 ; mov byte [ebx + 0x498e32], 1 xor dl, dl mov byte [ebx + ref_00498e33], dl ; mov byte [ebx + 0x498e33], dl mov byte [ebx + ref_00498e34], dl ; mov byte [ebx + 0x498e34], dl mov byte [ebx + ref_00498e35], dl ; mov byte [ebx + 0x498e35], dl mov byte [ebx + ref_00498e36], dl ; mov byte [ebx + 0x498e36], dl mov byte [ebx + ref_00498e37], dl ; mov byte [ebx + 0x498e37], dl mov eax, dword [esp + 0x14] mov byte [eax + ref_00496b34], 1 ; mov byte [eax + 0x496b34], 1 loc_0043d7ba: pop ebp pop edi pop esi pop ebx ret fcn_0043d7bf: push ebx push esi mov ebx, dword [esp + 0xc] cmp ebx, 4 jge short loc_0043d7e0 ; jge 0x43d7e0 push ebx call fcn_0040d6be ; call 0x40d6be add esp, 4 xor al, al mov byte [ebx + ref_00496b30], al ; mov byte [ebx + 0x496b30], al jmp near loc_0043d883 ; jmp 0x43d883 loc_0043d7e0: lea eax, [ebx - 4] shl eax, 4 mov dl, byte [_current_player] ; mov dl, byte [0x49910c] mov byte [eax + ref_00498e30], dl ; mov byte [eax + 0x498e30], dl xor dl, dl mov byte [eax + ref_00498e32], dl ; mov byte [eax + 0x498e32], dl mov dx, word [ref_0048bae0] ; mov dx, word [0x48bae0] mov word [eax + ref_00498e2c], dx ; mov word [eax + 0x498e2c], dx xor edx, edx mov word [eax + ref_00498e2e], dx ; mov word [eax + 0x498e2e], dx xor ecx, ecx mov cx, word [eax + ref_00498e2c] ; mov cx, word [eax + 0x498e2c] mov edx, ecx shl edx, 2 add edx, ecx mov ecx, dword [ref_00498e80] ; mov ecx, dword [0x498e80] mov dx, word [ecx + edx*8] mov word [eax + ref_00498e28], dx ; mov word [eax + 0x498e28], dx xor esi, esi mov si, word [eax + ref_00498e2c] ; mov si, word [eax + 0x498e2c] mov edx, esi shl edx, 2 add edx, esi mov dx, word [ecx + edx*8 + 2] mov word [eax + ref_00498e2a], dx ; mov word [eax + 0x498e2a], dx mov byte [eax + ref_00498e33], 1 ; mov byte [eax + 0x498e33], 1 xor esi, esi mov si, word [eax + ref_00498e2c] ; mov si, word [eax + 0x498e2c] mov edx, esi shl edx, 2 add edx, esi mov edx, dword [ecx + edx*8 + 0x24] and edx, 0xff cmp edx, 4 jne short loc_0043d87b ; jne 0x43d87b or byte [eax + ref_00498e33], 0x80 ; or byte [eax + 0x498e33], 0x80 loc_0043d87b: xor ch, ch mov byte [ebx + ref_00496b30], ch ; mov byte [ebx + 0x496b30], ch loc_0043d883: push ebx call fcn_0040b93b ; call 0x40b93b add esp, 4 pop esi pop ebx ret fcn_0043d88f: push ebx push esi push edi push ebp sub esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0 push 0 mov eax, dword [ref_0048c4d4] ; mov eax, dword [0x48c4d4] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x6e push 0x68 mov eax, dword [ref_0048c4d4] ; mov eax, dword [0x48c4d4] add eax, 0x3c push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 xor ebx, ebx jmp short loc_0043d8f2 ; jmp 0x43d8f2 loc_0043d8e8: inc ebx cmp ebx, 8 jge near loc_0043d97d ; jge 0x43d97d loc_0043d8f2: cmp byte [ebx + ref_00496b60], 0 ; cmp byte [ebx + 0x496b60], 0 je short loc_0043d8e8 ; je 0x43d8e8 mov eax, ebx shl eax, 3 cmp ebx, 4 jge short loc_0043d94c ; jge 0x43d94c mov edx, dword [eax + ref_00475c68] ; mov edx, dword [eax + 0x475c68] push edx mov ecx, dword [eax + ref_00475c64] ; mov ecx, dword [eax + 0x475c64] push ecx imul eax, ebx, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff lea edx, [eax + 0xe] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c4d4] ; mov eax, dword [0x48c4d4] add eax, 0xc add eax, edx push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi loc_0043d942: call fcn_00456418 ; call 0x456418 add esp, 0x10 jmp short loc_0043d8e8 ; jmp 0x43d8e8 loc_0043d94c: mov esi, dword [eax + ref_00475c68] ; mov esi, dword [eax + 0x475c68] push esi mov edi, dword [eax + ref_00475c64] ; mov edi, dword [eax + 0x475c64] push edi lea edx, [ebx + 0x16] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c4d4] ; mov eax, dword [0x48c4d4] add eax, 0xc add eax, edx push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp jmp short loc_0043d942 ; jmp 0x43d942 loc_0043d97d: push 0x1b0 push 8 mov eax, dword [ref_0048c4d4] ; mov eax, dword [0x48c4d4] add eax, 0x174 push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0 push 3 push 0x101010 push 0xffffff push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 0xa lea eax, [esp + 4] push eax imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ax, word [eax + (_players+48)] ; mov ax, word [eax + 0x496b98] and eax, 0xffff push eax call fcn_00457d61 ; call 0x457d61 add esp, 0xc push 6 push 0x1c4 push 0x58 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall add esp, 0x14 pop ebp pop edi pop esi pop ebx ret endloc_0043da09: db 0x8b db 0xc0 ref_0043da0b: ; may contain a jump table dd loc_0043dba7 dd loc_0043dbb3 dd loc_0043df8b dd loc_0043dbd6 dd loc_0043dba7 dd loc_0043ded8 dd loc_0043df68 fcn_0043da27: push ebx push esi push edi push ebp sub esp, 0x78 mov ebp, dword [esp + 0x8c] mov eax, dword [esp + 0x90] mov esi, dword [esp + 0x98] mov ebx, esi shr ebx, 0x10 and ebx, 0xffff cmp eax, 0x202 jb short loc_0043da84 ; jb 0x43da84 jbe near loc_0043e658 ; jbe 0x43e658 cmp eax, 0x401 jb short loc_0043da74 ; jb 0x43da74 jbe short loc_0043daaf ; jbe 0x43daaf cmp eax, 0x405 je near loc_0043db41 ; je 0x43db41 jmp near loc_0043e98d ; jmp 0x43e98d loc_0043da74: cmp eax, 0x205 je near loc_0043e7c7 ; je 0x43e7c7 jmp near loc_0043e98d ; jmp 0x43e98d loc_0043da84: cmp eax, 0x113 jb short loc_0043daa1 ; jb 0x43daa1 jbe near loc_0043db59 ; jbe 0x43db59 cmp eax, 0x200 je near loc_0043e35b ; je 0x43e35b jmp near loc_0043e98d ; jmp 0x43e98d loc_0043daa1: cmp eax, 0xf je near loc_0043e92f ; je 0x43e92f jmp near loc_0043e98d ; jmp 0x43e98d loc_0043daaf: mov byte [ref_0048c4f0], 0xff ; mov byte [0x48c4f0], 0xff xor dh, dh mov byte [ref_0048c4f1], dh ; mov byte [0x48c4f1], dh mov byte [ref_0048c4f2], dh ; mov byte [0x48c4f2], dh mov byte [ref_0048c4f3], dh ; mov byte [0x48c4f3], dh mov byte [ref_0048c4f4], dh ; mov byte [0x48c4f4], dh mov byte [ref_0048c4f6], dh ; mov byte [0x48c4f6], dh push 0 push 0x64 mov ecx, dword [_callbackSize] ; mov ecx, dword [0x46cad8] push ecx push ebp call dword [cs:__imp__SetTimer@16] ; ucall: call dword cs:[0x462324] mov dword [ref_0048c4ec], eax ; mov dword [0x48c4ec], eax push 1 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 0x101010 push 0 push 0 push 8 push 8 mov eax, dword [ref_0048c4d4] ; mov eax, dword [0x48c4d4] add eax, 0x24 push eax call fcn_0044ec30 ; call 0x44ec30 add esp, 0x1c push 0 push 0 push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 push 0 push 0x405 push ebp call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] loc_0043db35: xor eax, eax loc_0043db37: add esp, 0x78 pop ebp pop edi pop esi pop ebx ret 0x10 loc_0043db41: mov byte [ref_0048c4f2], 1 ; mov byte [0x48c4f2], 1 mov edx, dword [ref_00475cc4] ; mov edx, dword [0x475cc4] loc_0043db4e: push edx call fcn_0044ecb6 ; call 0x44ecb6 loc_0043db54: add esp, 4 jmp short loc_0043db35 ; jmp 0x43db35 loc_0043db59: cmp byte [ref_0048c4f2], 0 ; cmp byte [0x48c4f2], 0 je short loc_0043db35 ; je 0x43db35 cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je short loc_0043db35 ; je 0x43db35 mov eax, dword [esp + 0x94] cmp eax, dword [_callbackSize] ; cmp eax, dword [0x46cad8] jne short loc_0043db35 ; jne 0x43db35 push 0 call fcn_0044ee18 ; call 0x44ee18 add esp, 4 test eax, eax je near loc_0043df8b ; je 0x43df8b mov al, byte [ref_0048c4f2] ; mov al, byte [0x48c4f2] dec al cmp al, 6 ja near loc_0043df8b ; ja 0x43df8b and eax, 0xff jmp dword [eax*4 + ref_0043da0b] ; ujmp: jmp dword [eax*4 + 0x43da0b] loc_0043dba7: mov byte [ref_0048c4f2], 2 ; mov byte [0x48c4f2], 2 jmp near loc_0043df8b ; jmp 0x43df8b loc_0043dbb3: cmp byte [ref_0048c4f6], 0 ; cmp byte [0x48c4f6], 0 je near loc_0043df8b ; je 0x43df8b push 0 push 0 push 0x205 push ebp call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] jmp near loc_0043df8b ; jmp 0x43df8b loc_0043dbd6: mov byte [ref_0048c4f2], 2 ; mov byte [0x48c4f2], 2 xor edx, edx mov dl, byte [ref_0048c4f5] ; mov dl, byte [0x48c4f5] mov eax, dword [edx*8 + ref_00475c64] ; mov eax, dword [edx*8 + 0x475c64] mov dword [esp + 0x68], eax mov eax, dword [edx*8 + ref_00475c68] ; mov eax, dword [edx*8 + 0x475c68] mov dword [esp + 0x6c], eax mov eax, dword [esp + 0x68] add eax, 0x93 mov dword [esp + 0x70], eax mov eax, dword [esp + 0x6c] add eax, 0x66 mov dword [esp + 0x74], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x66 push 0x93 mov ebx, dword [esp + 0x74] push ebx mov esi, dword [esp + 0x74] push esi push ebx push esi mov eax, dword [ref_0048c4d4] ; mov eax, dword [0x48c4d4] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x6c] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov bl, byte [ref_0048c4f5] ; mov bl, byte [0x48c4f5] cmp bl, 4 jb near loc_0043de56 ; jb 0x43de56 mov byte [ref_0048c4f2], 6 ; mov byte [0x48c4f2], 6 xor eax, eax mov al, bl lea edx, [eax - 4] mov eax, edx shl eax, 2 sub eax, edx mov edx, dword [ref_0048c4d0] ; mov edx, dword [0x48c4d0] movsx eax, word [edx + eax*4 + 0x10] mov edx, 0x1a4 sub edx, eax mov dword [ref_0048c4d8], edx ; mov dword [0x48c4d8], edx xor eax, eax mov al, bl lea edx, [eax - 4] mov eax, edx shl eax, 2 sub eax, edx mov edx, dword [ref_0048c4d0] ; mov edx, dword [0x48c4d0] movsx edx, word [edx + eax*4 + 0xc] mov eax, dword [ref_0048c4d8] ; mov eax, dword [0x48c4d8] add eax, edx mov dword [ref_0048c4e0], eax ; mov dword [0x48c4e0], eax xor eax, eax mov al, bl lea edx, [eax - 4] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c4d0] ; mov eax, dword [0x48c4d0] movsx eax, word [edx + eax + 0x12] mov edx, 0x1c2 sub edx, eax mov dword [ref_0048c4dc], edx ; mov dword [0x48c4dc], edx xor edx, edx mov dl, bl sub edx, 4 mov eax, edx shl eax, 2 sub eax, edx mov edx, dword [ref_0048c4d0] ; mov edx, dword [0x48c4d0] movsx eax, word [edx + eax*4 + 0xe] mov edx, dword [ref_0048c4dc] ; mov edx, dword [0x48c4dc] add eax, edx mov dword [ref_0048c4e4], eax ; mov dword [0x48c4e4], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 push 1 mov edx, ref_0048a068 ; mov edx, 0x48a068 push edx push 0 mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] push esi call dword [eax + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax xor eax, eax mov al, byte [ref_0048c4f5] ; mov al, byte [0x48c4f5] lea edx, [eax - 4] mov eax, edx shl eax, 2 sub eax, edx mov edx, dword [ref_0048c4d0] ; mov edx, dword [0x48c4d0] movsx eax, word [edx + eax*4 + 0xe] push eax xor eax, eax mov al, byte [ref_0048c4f5] ; mov al, byte [0x48c4f5] lea edx, [eax - 4] mov eax, edx shl eax, 2 sub eax, edx mov edx, dword [ref_0048c4d0] ; mov edx, dword [0x48c4d0] movsx eax, word [edx + eax*4 + 0xc] push eax mov edi, dword [ref_0048c4dc] ; mov edi, dword [0x48c4dc] push edi mov eax, dword [ref_0048c4d8] ; mov eax, dword [0x48c4d8] push eax push 0 mov eax, ref_0046caec ; mov eax, 0x46caec push eax call fcn_00451a97 ; call 0x451a97 add esp, 0x18 mov dword [ref_0048c4e8], eax ; mov dword [0x48c4e8], eax push 0x1c2 push 0x1a4 xor eax, eax mov al, byte [ref_0048c4f5] ; mov al, byte [0x48c4f5] lea edx, [eax - 4] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c4d0] ; mov eax, dword [0x48c4d0] add eax, 0xc add edx, eax push edx mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov eax, dword [eax] push 0 mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx call dword [eax + 0x80] ; ucall push 0 mov eax, ref_0048c4d8 ; mov eax, 0x48c4d8 push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 push 0x101010 push 0xfffffffffffffffa push 0 push 0xc8 push 0xc8 mov eax, dword [ref_0048c4d4] ; mov eax, dword [0x48c4d4] add eax, 0x18 push eax call fcn_0044ec30 ; call 0x44ec30 add esp, 0x1c xor eax, eax mov al, byte [ref_0048c4f5] ; mov al, byte [0x48c4f5] mov ebx, dword [eax*4 + ref_00475be4] ; mov ebx, dword [eax*4 + 0x475be4] push ebx call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 xor eax, eax mov al, byte [ref_0048c4f5] ; mov al, byte [0x48c4f5] push eax call fcn_0043ee6e ; call 0x43ee6e add esp, 4 jmp short loc_0043deae ; jmp 0x43deae loc_0043de56: xor eax, eax mov al, bl imul eax, eax, 0x68 mov al, byte [eax + (_players+53)] ; mov al, byte [eax + 0x496b9d] and al, 0x7f and eax, 0xff jne short loc_0043de71 ; jne 0x43de71 mov eax, 1 loc_0043de71: imul eax, eax, 0x64 imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] neg eax push eax mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx xor eax, eax mov al, byte [ref_0048c4f5] ; mov al, byte [0x48c4f5] push eax call fcn_0040df69 ; call 0x40df69 add esp, 0xc xor eax, eax mov al, byte [ref_0048c4f5] ; mov al, byte [0x48c4f5] imul edx, eax, 0x68 mov byte [edx + (_players+53)], 0x80 ; mov byte [edx + 0x496b9d], 0x80 xor cl, cl mov byte [eax + ref_00496b60], cl ; mov byte [eax + 0x496b60], cl loc_0043deae: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor edx, edx mov dl, byte [ref_0048c4f5] ; mov dl, byte [0x48c4f5] mov dx, word [edx*4 + ref_00475ca4] ; mov dx, word [edx*4 + 0x475ca4] sub word [eax + (_players+48)], dx ; sub word [eax + 0x496b98], dx mov byte [ref_0048c4f6], 1 ; mov byte [0x48c4f6], 1 jmp near loc_0043df8b ; jmp 0x43df8b loc_0043ded8: mov byte [ref_0048c4f2], 2 ; mov byte [0x48c4f2], 2 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov esi, dword [ref_0048c4dc] ; mov esi, dword [0x48c4dc] push esi mov edi, dword [ref_0048c4d8] ; mov edi, dword [0x48c4d8] push edi mov eax, dword [ref_0048c4e8] ; mov eax, dword [0x48c4e8] push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push ref_0048c4d8 ; push 0x48c4d8 push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov ecx, dword [ref_0048c4e8] ; mov ecx, dword [0x48c4e8] push ecx call clib_free ; call 0x456e11 add esp, 4 push 0 push 0x101010 push 0 push 0 push 8 push 8 mov eax, dword [ref_0048c4d4] ; mov eax, dword [0x48c4d4] add eax, 0x24 push eax call fcn_0044ec30 ; call 0x44ec30 add esp, 0x1c jmp short loc_0043df8b ; jmp 0x43df8b loc_0043df68: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov ebx, dword [ref_0048c4ec] ; mov ebx, dword [0x48c4ec] push ebx push ebp call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] push 0 call _Post_0402_Message ; call 0x401966 add esp, 4 loc_0043df8b: mov al, byte [ref_0048c4f3] ; mov al, byte [0x48c4f3] and al, 0xf test al, al jbe short loc_0043df9f ; jbe 0x43df9f cmp al, 1 je short loc_0043dfbd ; je 0x43dfbd jmp near loc_0043e0fb ; jmp 0x43e0fb loc_0043df9f: call clib_rand ; call 0x456f2d mov esi, eax sar esi, 0xa test esi, esi jne near loc_0043e0fb ; jne 0x43e0fb or byte [ref_0048c4f3], 1 ; or byte [0x48c4f3], 1 jmp near loc_0043e0fb ; jmp 0x43e0fb loc_0043dfbd: mov al, byte [ref_0048c4f3] ; mov al, byte [0x48c4f3] and al, 0xf0 movzx esi, al sar esi, 4 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall cmp byte [ref_0048c4f4], 0 ; cmp byte [0x48c4f4], 0 jne near loc_0043e07c ; jne 0x43e07c mov edi, 0x8b mov dword [esp + 0x68], edi mov eax, 0x9e mov dword [esp + 0x6c], eax mov dword [esp + 0x70], 0xb3 mov dword [esp + 0x74], 0xb4 cmp esi, 3 jge short loc_0043e050 ; jge 0x43e050 push eax push edi xor edx, edx mov dl, byte [esi + ref_00475cd8] ; mov dl, byte [esi + 0x475cd8] loc_0043e01e: mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c4d4] ; mov eax, dword [0x48c4d4] add eax, 0xc add eax, edx push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 add byte [ref_0048c4f3], 0x10 ; add byte [0x48c4f3], 0x10 jmp near loc_0043e0dc ; jmp 0x43e0dc loc_0043e050: push 0x16 push 0x28 push 0x30 push 0x23 push eax push edi mov eax, dword [ref_0048c4d4] ; mov eax, dword [0x48c4d4] add eax, 0x3c push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_0045643d ; call 0x45643d add esp, 0x20 xor cl, cl mov byte [ref_0048c4f3], cl ; mov byte [0x48c4f3], cl jmp short loc_0043e0dc ; jmp 0x43e0dc loc_0043e07c: mov edi, 0xa5 mov dword [esp + 0x68], edi mov eax, 0x9e mov dword [esp + 0x6c], eax mov dword [esp + 0x70], 0xcd mov dword [esp + 0x74], 0xb7 cmp esi, 3 jge short loc_0043e0b2 ; jge 0x43e0b2 push eax push edi xor edx, edx mov dl, byte [esi + ref_00475cdb] ; mov dl, byte [esi + 0x475cdb] jmp near loc_0043e01e ; jmp 0x43e01e loc_0043e0b2: push 0x19 push 0x28 push 0x2e push 0x4a push eax push edi mov eax, dword [ref_0048c4d4] ; mov eax, dword [0x48c4d4] add eax, 0x78 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_0045643d ; call 0x45643d add esp, 0x20 xor bl, bl mov byte [ref_0048c4f3], bl ; mov byte [0x48c4f3], bl loc_0043e0dc: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x6c] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_0043e0fb: call fcn_0044ef3b ; call 0x44ef3b test eax, eax jne short loc_0043e111 ; jne 0x43e111 cmp byte [ref_0048c4f1], 0 ; cmp byte [0x48c4f1], 0 je near loc_0043db35 ; je 0x43db35 loc_0043e111: cmp byte [ref_0048c4f2], 6 ; cmp byte [0x48c4f2], 6 je near loc_0043db35 ; je 0x43db35 mov al, byte [ref_0048c4f1] ; mov al, byte [0x48c4f1] dec al cmp byte [ref_0048c4f4], 0 ; cmp byte [0x48c4f4], 0 jne near loc_0043e26e ; jne 0x43e26e mov dword [esp + 0x68], 0x8b mov dword [esp + 0x6c], 0xb4 mov dword [esp + 0x70], 0xb3 mov dword [esp + 0x74], 0xc6 cmp byte [ref_0048c4f1], 0 ; cmp byte [0x48c4f1], 0 je short loc_0043e1b5 ; je 0x43e1b5 mov byte [ref_0048c4f1], al ; mov byte [0x48c4f1], al test al, al jne near loc_0043db35 ; jne 0x43db35 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov edi, dword [esp + 0x6c] push edi mov eax, dword [esp + 0x6c] push eax mov eax, dword [ref_0048c4d4] ; mov eax, dword [0x48c4d4] add eax, 0x6c push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx loc_0043e198: call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall jmp near loc_0043e25a ; jmp 0x43e25a loc_0043e1b5: call clib_rand ; call 0x456f2d mov esi, eax sar esi, 0xb cmp esi, 4 jge near loc_0043db35 ; jge 0x43db35 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall call clib_rand ; call 0x456f2d test al, 1 je short loc_0043e20b ; je 0x43e20b mov ecx, dword [esp + 0x6c] push ecx mov ebx, dword [esp + 0x6c] push ebx mov eax, dword [ref_0048c4d4] ; mov eax, dword [0x48c4d4] add eax, 0x60 push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 jmp short loc_0043e235 ; jmp 0x43e235 loc_0043e20b: push 0x12 push 0x28 push 0x46 push 0x23 mov edi, dword [esp + 0x7c] push edi mov eax, dword [esp + 0x7c] push eax mov eax, dword [ref_0048c4d4] ; mov eax, dword [0x48c4d4] add eax, 0x3c push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx loc_0043e22d: call fcn_0045643d ; call 0x45643d add esp, 0x20 loc_0043e235: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall call clib_rand ; call 0x456f2d and al, 7 mov byte [ref_0048c4f1], al ; mov byte [0x48c4f1], al jne short loc_0043e25a ; jne 0x43e25a mov byte [ref_0048c4f1], 1 ; mov byte [0x48c4f1], 1 loc_0043e25a: push 0 lea eax, [esp + 0x6c] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_0043db35 ; jmp 0x43db35 loc_0043e26e: mov dword [esp + 0x68], 0xa5 mov dword [esp + 0x6c], 0xb7 mov dword [esp + 0x70], 0xcd mov dword [esp + 0x74], 0xc6 cmp byte [ref_0048c4f1], 0 ; cmp byte [0x48c4f1], 0 je short loc_0043e2da ; je 0x43e2da mov byte [ref_0048c4f1], al ; mov byte [0x48c4f1], al test al, al jne near loc_0043db35 ; jne 0x43db35 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov esi, dword [esp + 0x6c] push esi mov edi, dword [esp + 0x6c] push edi mov eax, dword [ref_0048c4d4] ; mov eax, dword [0x48c4d4] add eax, 0xa8 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax jmp near loc_0043e198 ; jmp 0x43e198 loc_0043e2da: call clib_rand ; call 0x456f2d mov esi, eax sar esi, 0xb cmp esi, 4 jge near loc_0043db35 ; jge 0x43db35 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall call clib_rand ; call 0x456f2d test al, 1 je short loc_0043e335 ; je 0x43e335 mov edx, dword [esp + 0x6c] push edx mov ecx, dword [esp + 0x6c] push ecx mov eax, dword [ref_0048c4d4] ; mov eax, dword [0x48c4d4] add eax, 0x9c push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 jmp near loc_0043e235 ; jmp 0x43e235 loc_0043e335: push 0xf push 0x28 push 0x47 push 0x4a mov esi, dword [esp + 0x7c] push esi mov edi, dword [esp + 0x7c] push edi mov eax, dword [ref_0048c4d4] ; mov eax, dword [0x48c4d4] add eax, 0x78 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax jmp near loc_0043e22d ; jmp 0x43e22d loc_0043e35b: call fcn_0044ef3b ; call 0x44ef3b test eax, eax jne near loc_0043db35 ; jne 0x43db35 and esi, 0xffff xor edi, edi mov di, bx xor ebx, ebx jmp short loc_0043e381 ; jmp 0x43e381 loc_0043e377: inc ebx cmp ebx, 8 jge near loc_0043e5a0 ; jge 0x43e5a0 loc_0043e381: cmp byte [ebx + ref_00496b60], 0 ; cmp byte [ebx + 0x496b60], 0 je short loc_0043e377 ; je 0x43e377 mov eax, ebx shl eax, 3 mov ecx, dword [eax + ref_00475c64] ; mov ecx, dword [eax + 0x475c64] cmp esi, ecx jl short loc_0043e377 ; jl 0x43e377 lea edx, [ecx + 0x93] cmp esi, edx jg short loc_0043e377 ; jg 0x43e377 mov edx, dword [eax + ref_00475c68] ; mov edx, dword [eax + 0x475c68] cmp edi, edx jl short loc_0043e377 ; jl 0x43e377 lea eax, [edx + 0x66] cmp edi, eax jg short loc_0043e377 ; jg 0x43e377 xor eax, eax mov al, byte [ref_0048c4f0] ; mov al, byte [0x48c4f0] cmp eax, ebx je near loc_0043e5a0 ; je 0x43e5a0 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax cmp byte [ref_0048c4f0], 0xff ; cmp byte [0x48c4f0], 0xff je short loc_0043e456 ; je 0x43e456 xor edx, edx mov dl, byte [ref_0048c4f0] ; mov dl, byte [0x48c4f0] mov eax, dword [edx*8 + ref_00475c64] ; mov eax, dword [edx*8 + 0x475c64] sub eax, 0x50 mov dword [esp + 0x68], eax mov eax, dword [edx*8 + ref_00475c68] ; mov eax, dword [edx*8 + 0x475c68] mov dword [esp + 0x6c], eax mov eax, dword [ref_0048c4cc] ; mov eax, dword [0x48c4cc] movsx edx, word [eax] mov ecx, dword [esp + 0x68] add ecx, edx mov dword [esp + 0x70], ecx movsx edx, word [eax + 2] mov ecx, dword [esp + 0x6c] add ecx, edx mov dword [esp + 0x74], ecx mov ecx, dword [esp + 0x6c] push ecx mov esi, dword [esp + 0x6c] push esi push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0 lea eax, [esp + 0x6c] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_0043e456: mov byte [ref_0048c4f0], bl ; mov byte [0x48c4f0], bl mov eax, dword [ebx*8 + ref_00475c64] ; mov eax, dword [ebx*8 + 0x475c64] sub eax, 0x50 mov dword [esp + 0x68], eax mov eax, dword [ebx*8 + ref_00475c68] ; mov eax, dword [ebx*8 + 0x475c68] mov dword [esp + 0x6c], eax mov eax, dword [ref_0048c4cc] ; mov eax, dword [0x48c4cc] movsx edx, word [eax] mov ecx, dword [esp + 0x68] add ecx, edx mov dword [esp + 0x70], ecx movsx edx, word [eax + 2] mov ecx, dword [esp + 0x6c] add ecx, edx mov dword [esp + 0x74], ecx movsx edx, word [eax + 2] push edx movsx edx, word [eax] push edx mov edx, dword [esp + 0x74] push edx mov ecx, dword [esp + 0x74] push ecx push eax push ref_0046caec ; push 0x46caec call fcn_00451a97 ; call 0x451a97 add esp, 0x18 mov esi, dword [esp + 0x6c] push esi mov edi, dword [esp + 0x6c] push edi mov eax, dword [ref_0048c4d4] ; mov eax, dword [0x48c4d4] add eax, 0x30 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0 push 2 push 0 push 0x101010 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov eax, dword [esp + 0x68] add eax, 0x29 mov edx, dword [esp + 0x6c] add edx, 0x1a cmp ebx, 4 jge short loc_0043e50f ; jge 0x43e50f push 2 push edx push eax imul eax, ebx, 0x68 mov ecx, dword [eax + (_players+0)] ; mov ecx, dword [eax + 0x496b68] push ecx jmp short loc_0043e51b ; jmp 0x43e51b loc_0043e50f: push 2 push edx push eax mov edx, dword [ebx*4 + ref_0047ed5a] ; mov edx, dword [ebx*4 + 0x47ed5a] push edx loc_0043e51b: push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 mov eax, dword [esp + 0x70] add eax, 0x30 push eax mov eax, dword [esp + 0x70] add eax, 0x29 push eax push ref_004651f9 ; push 0x4651f9 push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov esi, dword [ebx*4 + ref_00475ca4] ; mov esi, dword [ebx*4 + 0x475ca4] push esi push ref_00465202 ; push 0x465202 lea eax, [esp + 0x48] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 2 mov eax, dword [esp + 0x70] add eax, 0x46 push eax mov eax, dword [esp + 0x70] add eax, 0x29 push eax lea eax, [esp + 0x4c] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x6c] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_0043e5a0: cmp ebx, 8 jne near loc_0043db35 ; jne 0x43db35 cmp byte [ref_0048c4f0], 0xff ; cmp byte [0x48c4f0], 0xff je near loc_0043db35 ; je 0x43db35 xor edx, edx mov dl, byte [ref_0048c4f0] ; mov dl, byte [0x48c4f0] mov eax, dword [edx*8 + ref_00475c64] ; mov eax, dword [edx*8 + 0x475c64] sub eax, 0x50 mov dword [esp + 0x68], eax mov eax, dword [edx*8 + ref_00475c68] ; mov eax, dword [edx*8 + 0x475c68] mov dword [esp + 0x6c], eax mov eax, dword [ref_0048c4cc] ; mov eax, dword [0x48c4cc] movsx edx, word [eax] mov ecx, dword [esp + 0x68] add ecx, edx mov dword [esp + 0x70], ecx movsx eax, word [eax + 2] mov edx, dword [esp + 0x6c] add edx, eax mov dword [esp + 0x74], edx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov edi, dword [esp + 0x6c] push edi mov eax, dword [esp + 0x6c] push eax mov edx, dword [ref_0048c4cc] ; mov edx, dword [0x48c4cc] push edx mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x6c] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov byte [ref_0048c4f0], 0xff ; mov byte [0x48c4f0], 0xff jmp near loc_0043db35 ; jmp 0x43db35 loc_0043e658: cmp byte [ref_0048c4f2], 2 ; cmp byte [0x48c4f2], 2 je short loc_0043e66d ; je 0x43e66d loc_0043e661: push 1 call fcn_0044ee18 ; call 0x44ee18 jmp near loc_0043db54 ; jmp 0x43db54 loc_0043e66d: and esi, 0xffff xor edi, edi mov di, bx xor ebx, ebx jmp short loc_0043e686 ; jmp 0x43e686 loc_0043e67c: inc ebx cmp ebx, 8 jge near loc_0043db35 ; jge 0x43db35 loc_0043e686: cmp byte [ebx + ref_00496b60], 0 ; cmp byte [ebx + 0x496b60], 0 je short loc_0043e67c ; je 0x43e67c mov eax, ebx shl eax, 3 mov ecx, dword [eax + ref_00475c64] ; mov ecx, dword [eax + 0x475c64] cmp esi, ecx jl short loc_0043e67c ; jl 0x43e67c lea edx, [ecx + 0x93] cmp esi, edx jg short loc_0043e67c ; jg 0x43e67c mov edx, dword [eax + ref_00475c68] ; mov edx, dword [eax + 0x475c68] cmp edi, edx jl short loc_0043e67c ; jl 0x43e67c lea eax, [edx + 0x66] cmp edi, eax jg short loc_0043e67c ; jg 0x43e67c cmp byte [ref_0048c4f0], 0xff ; cmp byte [0x48c4f0], 0xff je near loc_0043e763 ; je 0x43e763 xor edx, edx mov dl, byte [ref_0048c4f0] ; mov dl, byte [0x48c4f0] mov eax, dword [edx*8 + ref_00475c64] ; mov eax, dword [edx*8 + 0x475c64] sub eax, 0x50 mov dword [esp + 0x68], eax mov eax, dword [edx*8 + ref_00475c68] ; mov eax, dword [edx*8 + 0x475c68] mov dword [esp + 0x6c], eax mov eax, dword [ref_0048c4cc] ; mov eax, dword [0x48c4cc] movsx edx, word [eax] mov ecx, dword [esp + 0x68] add ecx, edx mov dword [esp + 0x70], ecx movsx eax, word [eax + 2] mov edx, dword [esp + 0x6c] add edx, eax mov dword [esp + 0x74], edx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ecx, dword [esp + 0x6c] push ecx mov eax, dword [esp + 0x6c] push eax mov edx, dword [ref_0048c4cc] ; mov edx, dword [0x48c4cc] push edx mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x6c] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov byte [ref_0048c4f0], 0xff ; mov byte [0x48c4f0], 0xff loc_0043e763: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor edx, edx mov dx, word [eax + (_players+48)] ; mov dx, word [eax + 0x496b98] cmp edx, dword [ebx*4 + ref_00475ca4] ; cmp edx, dword [ebx*4 + 0x475ca4] jl short loc_0043e7b8 ; jl 0x43e7b8 push 0xf0 push 0x140 call fcn_00453a32 ; call 0x453a32 add esp, 8 cmp eax, 1 jne near loc_0043e67c ; jne 0x43e67c mov byte [ref_0048c4f5], bl ; mov byte [0x48c4f5], bl mov byte [ref_0048c4f2], 4 ; mov byte [0x48c4f2], 4 mov edx, dword [ref_00475ccc] ; mov edx, dword [0x475ccc] push edx loc_0043e7ab: call fcn_0044ecb6 ; call 0x44ecb6 add esp, 4 jmp near loc_0043e67c ; jmp 0x43e67c loc_0043e7b8: mov byte [ref_0048c4f2], 5 ; mov byte [0x48c4f2], 5 mov eax, dword [ref_00475cd4] ; mov eax, dword [0x475cd4] push eax jmp short loc_0043e7ab ; jmp 0x43e7ab loc_0043e7c7: cmp byte [ref_0048c4f2], 2 ; cmp byte [0x48c4f2], 2 jne near loc_0043e661 ; jne 0x43e661 mov ah, byte [ref_0048c4f0] ; mov ah, byte [0x48c4f0] cmp ah, 0xff je near loc_0043e87b ; je 0x43e87b xor edx, edx mov dl, ah mov eax, dword [edx*8 + ref_00475c64] ; mov eax, dword [edx*8 + 0x475c64] sub eax, 0x50 mov dword [esp + 0x68], eax mov eax, dword [edx*8 + ref_00475c68] ; mov eax, dword [edx*8 + 0x475c68] mov dword [esp + 0x6c], eax mov eax, dword [ref_0048c4cc] ; mov eax, dword [0x48c4cc] movsx edx, word [eax] mov ebx, dword [esp + 0x68] add ebx, edx mov dword [esp + 0x70], ebx movsx eax, word [eax + 2] mov edx, dword [esp + 0x6c] add edx, eax mov dword [esp + 0x74], edx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ebx, dword [esp + 0x6c] push ebx mov esi, dword [esp + 0x6c] push esi mov edi, dword [ref_0048c4cc] ; mov edi, dword [0x48c4cc] push edi mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x6c] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov byte [ref_0048c4f0], 0xff ; mov byte [0x48c4f0], 0xff loc_0043e87b: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x165 push 0x86 push 0x6e push 0x68 push 0x6e push 0x68 mov eax, dword [ref_0048c4d4] ; mov eax, dword [0x48c4d4] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x70 push 0x5b mov eax, dword [ref_0048c4d4] ; mov eax, dword [0x48c4d4] add eax, 0x78 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov dword [esp + 0x68], 0x5b mov dword [esp + 0x6c], 0x6e mov dword [esp + 0x70], 0x107 mov dword [esp + 0x74], 0x1d3 push 0 lea eax, [esp + 0x6c] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov byte [ref_0048c4f2], 7 ; mov byte [0x48c4f2], 7 mov byte [ref_0048c4f4], 1 ; mov byte [0x48c4f4], 1 mov edx, dword [ref_00475cd0] ; mov edx, dword [0x475cd0] jmp near loc_0043db4e ; jmp 0x43db4e loc_0043e92f: mov eax, esp push eax push ebp call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov eax, dword [eax] push 0x10 lea edx, [esp + 0xc] push edx mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] push ebx mov esi, dword [esp + 0x18] push esi mov edi, dword [esp + 0x18] push edi mov edx, dword [ref_0048a0dc] ; mov edx, dword [0x48a0dc] push edx call dword [eax + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push ebp call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_0043db35 ; jmp 0x43db35 loc_0043e98d: push esi mov ecx, dword [esp + 0x98] push ecx push eax push ebp call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_0043db37 ; jmp 0x43db37 fcn_0043e9a4: push ebx push esi push edi push ebp sub esp, 0x9c xor ebx, ebx jmp short loc_0043e9b8 ; jmp 0x43e9b8 loc_0043e9b2: inc ebx cmp ebx, 8 jge short loc_0043e9c1 ; jge 0x43e9c1 loc_0043e9b8: cmp byte [ebx + ref_00496b60], 0 ; cmp byte [ebx + 0x496b60], 0 je short loc_0043e9b2 ; je 0x43e9b2 loc_0043e9c1: cmp ebx, 8 je near loc_0043ec34 ; je 0x43ec34 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne near loc_0043ea84 ; jne 0x43ea84 push 0 push 0 push 0x41 mov ebx, dword [ref_0048a05c] ; mov ebx, dword [0x48a05c] push ebx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c4d4], eax ; mov dword [0x48c4d4], eax push 0 push 0 push 0x40 mov esi, dword [ref_0048a05c] ; mov esi, dword [0x48a05c] push esi call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c4d0], eax ; mov dword [0x48c4d0], eax push 0 push 0 mov edx, dword [ref_0048c4d4] ; mov edx, dword [0x48c4d4] movsx eax, word [edx + 0x32] push eax movsx eax, word [edx + 0x30] push eax call fcn_00451a5a ; call 0x451a5a add esp, 0x10 mov dword [ref_0048c4cc], eax ; mov dword [0x48c4cc], eax call fcn_0043d88f ; call 0x43d88f push 0x10 call fcn_004549cf ; call 0x4549cf add esp, 4 push 0 push fcn_0043da27 ; push 0x43da27 call _Wait_0402_Message ; call 0x4018e7 add esp, 8 call fcn_00454bcc ; call 0x454bcc mov edi, dword [ref_0048c4d4] ; mov edi, dword [0x48c4d4] push edi call clib_free ; call 0x456e11 add esp, 4 mov ebp, dword [ref_0048c4d0] ; mov ebp, dword [0x48c4d0] push ebp call clib_free ; call 0x456e11 add esp, 4 mov eax, dword [ref_0048c4cc] ; mov eax, dword [0x48c4cc] push eax call clib_free ; call 0x456e11 jmp near loc_0043ec31 ; jmp 0x43ec31 loc_0043ea84: call clib_rand ; call 0x456f2d test al, 1 je near loc_0043ec34 ; je 0x43ec34 xor esi, esi imul edx, dword [_current_player], 0x68 ; imul edx, dword [0x49910c], 0x68 mov dl, byte [edx + (_players+23)] ; mov dl, byte [edx + 0x496b7f] cmp dl, 1 jb short loc_0043eab5 ; jb 0x43eab5 jbe short loc_0043eade ; jbe 0x43eade cmp dl, 2 je near loc_0043eb30 ; je 0x43eb30 jmp near loc_0043eb50 ; jmp 0x43eb50 loc_0043eab5: test dl, dl jne near loc_0043eb50 ; jne 0x43eb50 xor ebx, ebx jmp short loc_0043eacb ; jmp 0x43eacb loc_0043eac1: inc ebx cmp ebx, 4 jge near loc_0043eb50 ; jge 0x43eb50 loc_0043eacb: cmp byte [ebx + ref_00496b60], 0 ; cmp byte [ebx + 0x496b60], 0 je short loc_0043eac1 ; je 0x43eac1 mov byte [esp + esi + 0x94], bl inc esi jmp short loc_0043eac1 ; jmp 0x43eac1 loc_0043eade: xor ebx, ebx jmp short loc_0043eae8 ; jmp 0x43eae8 loc_0043eae2: inc ebx cmp ebx, 4 jge short loc_0043eafb ; jge 0x43eafb loc_0043eae8: cmp byte [ebx + ref_00496b60], 0 ; cmp byte [ebx + 0x496b60], 0 je short loc_0043eae2 ; je 0x43eae2 mov byte [esp + esi + 0x94], bl inc esi jmp short loc_0043eae2 ; jmp 0x43eae2 loc_0043eafb: call clib_rand ; call 0x456f2d mov edx, eax mov ebx, 3 sar edx, 0x1f idiv ebx test edx, edx jne short loc_0043eb50 ; jne 0x43eb50 mov ebx, 4 jmp short loc_0043eb1d ; jmp 0x43eb1d loc_0043eb17: inc ebx cmp ebx, 8 jge short loc_0043eb50 ; jge 0x43eb50 loc_0043eb1d: cmp byte [ebx + ref_00496b60], 0 ; cmp byte [ebx + 0x496b60], 0 je short loc_0043eb17 ; je 0x43eb17 mov byte [esp + esi + 0x94], bl inc esi jmp short loc_0043eb17 ; jmp 0x43eb17 loc_0043eb30: mov ebx, 4 jmp short loc_0043eb3d ; jmp 0x43eb3d loc_0043eb37: inc ebx cmp ebx, 8 jge short loc_0043eb50 ; jge 0x43eb50 loc_0043eb3d: cmp byte [ebx + ref_00496b60], 0 ; cmp byte [ebx + 0x496b60], 0 je short loc_0043eb37 ; je 0x43eb37 mov byte [esp + esi + 0x94], bl inc esi jmp short loc_0043eb37 ; jmp 0x43eb37 loc_0043eb50: test esi, esi je near loc_0043ec34 ; je 0x43ec34 call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv esi xor ebx, ebx mov bl, byte [esp + edx + 0x94] mov esi, dword [ebx*4 + ref_00475ca4] ; mov esi, dword [ebx*4 + 0x475ca4] cmp ebx, 4 jge short loc_0043eb90 ; jge 0x43eb90 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov ax, word [eax + (_players+48)] ; mov ax, word [eax + 0x496b98] and eax, 0xffff cmp eax, esi jg short loc_0043ebaf ; jg 0x43ebaf loc_0043eb90: cmp ebx, 4 jl near loc_0043ec34 ; jl 0x43ec34 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp word [eax + (_players+48)], 0x2bc ; cmp word [eax + 0x496b98], 0x2bc jb near loc_0043ec34 ; jb 0x43ec34 loc_0043ebaf: cmp ebx, 4 jge short loc_0043ebc0 ; jge 0x43ebc0 imul eax, ebx, 0x68 mov ebp, dword [eax + (_players+0)] ; mov ebp, dword [eax + 0x496b68] push ebp jmp short loc_0043ebc8 ; jmp 0x43ebc8 loc_0043ebc0: mov edi, dword [ebx*4 + ref_0047ed5a] ; mov edi, dword [ebx*4 + 0x47ed5a] push edi loc_0043ebc8: lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 lea eax, [esp + 0x80] push eax push ref_00465207 ; push 0x465207 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 imul edx, dword [_current_player], 0x68 ; imul edx, dword [0x49910c], 0x68 sub word [edx + (_players+48)], si ; sub word [edx + 0x496b98], si cmp ebx, 4 jge short loc_0043ec2b ; jge 0x43ec2b imul eax, ebx, 0x68 mov byte [eax + (_players+53)], 0x80 ; mov byte [eax + 0x496b9d], 0x80 xor dh, dh mov byte [ebx + ref_00496b60], dh ; mov byte [ebx + 0x496b60], dh jmp short loc_0043ec34 ; jmp 0x43ec34 loc_0043ec2b: push ebx call fcn_0043ee6e ; call 0x43ee6e loc_0043ec31: add esp, 4 loc_0043ec34: add esp, 0x9c pop ebp pop edi pop esi pop ebx ret fcn_0043ec3f: push ebx push esi push edi push ebp mov cl, byte [esp + 0x14] mov edi, 0x100 shl edi, cl not edi mov edx, dword [esp + 0x14] cmp edx, 4 jge near loc_0043ee0f ; jge 0x43ee0f push 0 mov eax, edx imul ebx, edx, 0x68 xor eax, edx mov ax, word [ebx + (_players+10)] ; mov ax, word [ebx + 0x496b72] push eax xor eax, eax mov ax, word [ebx + (_players+8)] ; mov ax, word [ebx + 0x496b70] push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov dh, byte [ebx + (_players+53)] ; mov dh, byte [ebx + 0x496b9d] test dh, dh jne near loc_0043ed6c ; jne 0x43ed6c mov edx, dword [esp + 0x14] push edx call fcn_0040d761 ; call 0x40d761 add esp, 4 mov ecx, dword [esp + 0x18] push ecx mov esi, dword [esp + 0x18] push esi call fcn_0044f2c2 ; call 0x44f2c2 add esp, 8 and byte [ebx + (_players+21)], 0xf ; and byte [ebx + 0x496b7d], 0xf xor eax, eax mov ax, word [ebx + (_players+12)] ; mov ax, word [ebx + 0x496b74] mov esi, eax shl esi, 2 add esi, eax mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] and dword [eax + esi*8 + 0x24], edi mov ax, word [ref_0048bae2] ; mov ax, word [0x48bae2] mov word [ebx + (_players+12)], ax ; mov word [ebx + 0x496b74], ax xor edx, edx mov word [ebx + (_players+14)], dx ; mov word [ebx + 0x496b76], dx mov byte [ebx + (_players+27)], 0xf ; mov byte [ebx + 0x496b83], 0xf mov eax, dword [ref_00498e78] ; mov eax, dword [0x498e78] mov si, word [eax + 0x1c] mov word [ebx + (_players+8)], si ; mov word [ebx + 0x496b70], si mov ax, word [eax + 0x1e] mov word [ebx + (_players+10)], ax ; mov word [ebx + 0x496b72], ax mov al, byte [esp + 0x18] mov byte [ebx + (_players+53)], al ; mov byte [ebx + 0x496b9d], al mov eax, dword [esp + 0x14] push eax call fcn_0040fc00 ; call 0x40fc00 add esp, 4 mov eax, dword [esp + 0x14] mov byte [eax + ref_00496b60], 1 ; mov byte [eax + 0x496b60], 1 cmp byte [ref_00497159], 0 ; cmp byte [0x497159], 0 je short loc_0043ed85 ; je 0x43ed85 push 0 push 0 push 0x20c mov edx, dword [ref_0048a0e4] ; mov edx, dword [0x48a0e4] push edx call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x5c push 0x1e0001 push 0xd2 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 jmp short loc_0043ed85 ; jmp 0x43ed85 loc_0043ed6c: mov al, byte [esp + 0x18] mov cl, dh add cl, al mov byte [ebx + (_players+53)], cl ; mov byte [ebx + 0x496b9d], cl mov ch, cl and ch, 0x7f mov byte [ebx + (_players+53)], ch ; mov byte [ebx + 0x496b9d], ch loc_0043ed85: push 0 imul esi, dword [esp + 0x18], 0x68 xor eax, eax mov ax, word [esi + (_players+10)] ; mov ax, word [esi + 0x496b72] push eax xor eax, eax mov ax, word [esi + (_players+8)] ; mov ax, word [esi + 0x496b70] push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc xor eax, eax mov al, byte [esi + (_players+19)] ; mov al, byte [esi + 0x496b7b] mov ebx, eax shl ebx, 2 sub ebx, eax shl ebx, 2 mov eax, ebx mov edi, dword [eax + ebx*8 + ref_0048089a] ; mov edi, dword [eax + ebx*8 + 0x48089a] push edi push 2 mov ebp, dword [esp + 0x1c] push ebp call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc push 0 mov eax, dword [esp + 0x1c] mov ebx, eax shl ebx, 2 sub ebx, eax shl ebx, 3 add ebx, eax shl ebx, 4 mov eax, ebx shl ebx, 2 add ebx, eax imul ebx, dword [ref_004990e8] ; imul ebx, dword [0x4990e8] push ebx push ebp call fcn_0044ba63 ; call 0x44ba63 add esp, 0xc mov al, byte [esp + 0x18] add byte [esi + (_players+66)], al ; add byte [esi + 0x496baa], al pop ebp pop edi pop esi pop ebx ret loc_0043ee0f: cmp edx, 8 jge short loc_0043ee69 ; jge 0x43ee69 lea ebx, [edx - 4] mov dword [esp + 0x14], ebx shl ebx, 4 xor eax, eax mov ax, word [ebx + ref_00498e2c] ; mov ax, word [ebx + 0x498e2c] mov esi, eax shl esi, 2 add esi, eax mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] and dword [eax + esi*8 + 0x24], edi mov byte [ebx + ref_00498e32], 2 ; mov byte [ebx + 0x498e32], 2 xor dl, dl mov byte [ebx + ref_00498e33], dl ; mov byte [ebx + 0x498e33], dl mov byte [ebx + ref_00498e34], dl ; mov byte [ebx + 0x498e34], dl mov byte [ebx + ref_00498e35], dl ; mov byte [ebx + 0x498e35], dl mov byte [ebx + ref_00498e36], dl ; mov byte [ebx + 0x498e36], dl mov byte [ebx + ref_00498e37], dl ; mov byte [ebx + 0x498e37], dl mov eax, dword [esp + 0x14] mov byte [eax + ref_00496b64], 1 ; mov byte [eax + 0x496b64], 1 loc_0043ee69: pop ebp pop edi pop esi pop ebx ret fcn_0043ee6e: push ebx push esi mov ebx, dword [esp + 0xc] cmp ebx, 4 jge short loc_0043ee8f ; jge 0x43ee8f push ebx call fcn_0040d6be ; call 0x40d6be add esp, 4 xor al, al mov byte [ebx + ref_00496b60], al ; mov byte [ebx + 0x496b60], al jmp near loc_0043ef32 ; jmp 0x43ef32 loc_0043ee8f: lea eax, [ebx - 4] shl eax, 4 mov dl, byte [_current_player] ; mov dl, byte [0x49910c] mov byte [eax + ref_00498e30], dl ; mov byte [eax + 0x498e30], dl xor dl, dl mov byte [eax + ref_00498e32], dl ; mov byte [eax + 0x498e32], dl mov dx, word [ref_0048bae2] ; mov dx, word [0x48bae2] mov word [eax + ref_00498e2c], dx ; mov word [eax + 0x498e2c], dx xor edx, edx mov word [eax + ref_00498e2e], dx ; mov word [eax + 0x498e2e], dx xor ecx, ecx mov cx, word [eax + ref_00498e2c] ; mov cx, word [eax + 0x498e2c] mov edx, ecx shl edx, 2 add edx, ecx mov ecx, dword [ref_00498e80] ; mov ecx, dword [0x498e80] mov dx, word [ecx + edx*8] mov word [eax + ref_00498e28], dx ; mov word [eax + 0x498e28], dx xor esi, esi mov si, word [eax + ref_00498e2c] ; mov si, word [eax + 0x498e2c] mov edx, esi shl edx, 2 add edx, esi mov dx, word [ecx + edx*8 + 2] mov word [eax + ref_00498e2a], dx ; mov word [eax + 0x498e2a], dx mov byte [eax + ref_00498e33], 2 ; mov byte [eax + 0x498e33], 2 xor esi, esi mov si, word [eax + ref_00498e2c] ; mov si, word [eax + 0x498e2c] mov edx, esi shl edx, 2 add edx, esi mov edx, dword [ecx + edx*8 + 0x24] and edx, 0xff cmp edx, 5 jne short loc_0043ef2a ; jne 0x43ef2a or byte [eax + ref_00498e33], 0x80 ; or byte [eax + 0x498e33], 0x80 loc_0043ef2a: xor ch, ch mov byte [ebx + ref_00496b60], ch ; mov byte [ebx + 0x496b60], ch loc_0043ef32: push ebx call fcn_0040b93b ; call 0x40b93b add esp, 4 pop esi pop ebx ret fcn_0043ef3e: push ebx push esi push edi push ebp sub esp, 0x18 mov edi, dword [esp + 0x2c] xor edx, edx mov dword [esp + 0x10], edx mov ecx, dword [esp + 0x34] test ecx, ecx je short loc_0043efb7 ; je 0x43efb7 xor eax, eax mov al, byte [ref_00475d5e] ; mov al, byte [0x475d5e] cmp eax, ecx je short loc_0043ef8c ; je 0x43ef8c mov eax, 4 sub eax, ecx test byte [eax + ref_0048c504], 1 ; test byte [eax + 0x48c504], 1 je short loc_0043ef8c ; je 0x43ef8c mov byte [ref_00475d5c], 1 ; mov byte [0x475d5c], 1 xor bh, bh mov byte [ref_00475d5d], bh ; mov byte [0x475d5d], bh mov al, byte [esp + 0x34] mov byte [ref_00475d5e], al ; mov byte [0x475d5e], al jmp short loc_0043ef95 ; jmp 0x43ef95 loc_0043ef8c: cmp byte [ref_00475d5c], 0 ; cmp byte [0x475d5c], 0 je short loc_0043efb7 ; je 0x43efb7 loc_0043ef95: mov al, byte [ref_00475d5c] ; mov al, byte [0x475d5c] cmp al, byte [ref_00475d5d] ; cmp al, byte [0x475d5d] ja short loc_0043efb1 ; ja 0x43efb1 xor ch, ch mov byte [ref_00475d5d], ch ; mov byte [0x475d5d], ch inc al mov byte [ref_00475d5c], al ; mov byte [0x475d5c], al loc_0043efb1: inc byte [ref_00475d5d] ; inc byte [0x475d5d] loc_0043efb7: mov dword [esp + 4], 0x140 mov dword [esp + 0xc], 0x164 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ebx, 3 mov esi, 1 mov ebp, 0x3e8 xor edx, edx mov dword [esp + 0x14], edx loc_0043eff2: cmp ebx, edi jl near loc_0043f0c2 ; jl 0x43f0c2 test dword [esp + 0x30], esi je near loc_0043f0ba ; je 0x43f0ba mov eax, 4 sub eax, ebx cmp eax, dword [esp + 0x34] jne short loc_0043f022 ; jne 0x43f022 mov al, byte [ref_00475d5c] ; mov al, byte [0x475d5c] cmp al, byte [ref_00475d5d] ; cmp al, byte [0x475d5d] ja near loc_0043f0ba ; ja 0x43f0ba loc_0043f022: mov ch, byte [ebx + ref_0048c504] ; mov ch, byte [ebx + 0x48c504] inc ch mov byte [ebx + ref_0048c504], ch ; mov byte [ebx + 0x48c504], ch cmp ch, 0x14 jb short loc_0043f03d ; jb 0x43f03d xor ah, ah mov byte [ebx + ref_0048c504], ah ; mov byte [ebx + 0x48c504], ah loc_0043f03d: mov eax, edi shl eax, 3 lea edx, [ebx + ebx] add edx, eax xor eax, eax mov ax, word [edx + ref_00475ce8] ; mov ax, word [edx + 0x475ce8] mov dword [esp], eax add eax, 0x26 mov dword [esp + 8], eax mov ecx, dword [esp] cmp ebp, ecx jle short loc_0043f063 ; jle 0x43f063 mov ebp, ecx loc_0043f063: mov eax, dword [esp + 0x14] mov edx, dword [esp + 8] cmp eax, edx jge short loc_0043f073 ; jge 0x43f073 mov dword [esp + 0x14], edx loc_0043f073: mov ecx, dword [esp + 4] push ecx mov edx, edi lea eax, [ebx + ebx] mov ax, word [eax + edx*8 + ref_00475ce8] ; mov ax, word [eax + edx*8 + 0x475ce8] and eax, 0xffff push eax xor eax, eax mov al, byte [ebx + ref_0048c504] ; mov al, byte [ebx + 0x48c504] lea edx, [eax + 4] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048c514] ; mov edx, dword [0x48c514] add edx, 0xc add eax, edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 loc_0043f0ba: add esi, esi dec ebx jmp near loc_0043eff2 ; jmp 0x43eff2 loc_0043f0c2: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov dword [esp], ebp mov eax, dword [esp + 0x14] mov dword [esp + 8], eax mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ebx, [esp + 4] push ebx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [esp + 0x10] push ebx push ebp push eax call dword [edx + 0x1c] ; ucall cmp byte [ref_00475d5c], 8 ; cmp byte [0x475d5c], 8 jne short loc_0043f11b ; jne 0x43f11b xor dh, dh mov byte [ref_00475d5c], dh ; mov byte [0x475d5c], dh mov byte [ref_00475d5d], dh ; mov byte [0x475d5d], dh mov dword [esp + 0x10], 1 loc_0043f11b: mov eax, dword [esp + 0x10] add esp, 0x18 pop ebp pop edi pop esi pop ebx ret fcn_0043f127: push ebx push esi push edi push ebp sub esp, 0x10 mov edx, dword [ref_0048c50c] ; mov edx, dword [0x48c50c] inc edx mov dword [ref_0048c50c], edx ; mov dword [0x48c50c], edx cmp edx, 0xc jne short loc_0043f148 ; jne 0x43f148 xor ebx, ebx mov dword [ref_0048c50c], ebx ; mov dword [0x48c50c], ebx loc_0043f148: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov dword [esp], 0x8a mov dword [esp + 4], 0xee mov dword [esp + 8], 0x12f mov dword [esp + 0xc], 0x193 push 0x140 push 0xdc mov edx, dword [ref_0048c50c] ; mov edx, dword [0x48c50c] add edx, 2 mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c520] ; mov eax, dword [0x48c520] add eax, 0xc add eax, edx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 cmp dword [esp + 0x24], 0 je short loc_0043f1df ; je 0x43f1df push 0xe6 push 0x109 mov eax, dword [ref_0048c520] ; mov eax, dword [0x48c520] add eax, 0x18 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_00456418 ; call 0x456418 add esp, 0x10 loc_0043f1df: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] push esi mov edi, dword [esp + 0x10] push edi mov ebp, dword [esp + 0x10] push ebp push eax call dword [edx + 0x1c] ; ucall loc_0043f212: add esp, 0x10 pop ebp pop edi pop esi pop ebx ret ref_0043f21a: ; may contain a jump table dd loc_0043f33f dd loc_0043f351 dd loc_0043f45d dd loc_0043f55f dd loc_0043f57f dd loc_0043f59f dd loc_0043f5bd dd loc_0043f5dd dd loc_0043f6fa fcn_0043f23e: push ebx push esi push edi push ebp sub esp, 0xb4 mov ebp, dword [esp + 0xc8] mov esi, 1 xor edx, edx mov dword [esp + 0xb0], edx mov dword [esp + 0x9c], edx mov ebx, 0x28 mov dword [esp + 0xa0], ebx mov dword [esp + 0xa4], 0x1b8 mov dword [esp + 0xa8], 0x1e0 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0xa0] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx push ebx push 0 push eax call dword [edx + 0x1c] ; ucall push esi push ref_00475d3c ; push 0x475d3c call fcn_004542ce ; call 0x4542ce add esp, 8 loc_0043f2b3: call dword [cs:__imp__timeGetTime@0] ; ucall: call dword cs:[0x46246c] mov edi, eax cmp esi, 3 jge short loc_0043f2f8 ; jge 0x43f2f8 mov ecx, 0xa xor edx, edx mov eax, dword [esp + 0xb0] div ecx test edx, edx jne short loc_0043f2f8 ; jne 0x43f2f8 xor ebx, ebx loc_0043f2d7: call clib_rand ; call 0x456f2d mov edx, eax mov ecx, 0xa sar edx, 0x1f idiv ecx lea eax, [edx + edx + 1] mov byte [ebx + ref_0048c504], al ; mov byte [ebx + 0x48c504], al inc ebx cmp ebx, 4 jl short loc_0043f2d7 ; jl 0x43f2d7 loc_0043f2f8: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 inc dword [esp + 0xb0] cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 ja short loc_0043f318 ; ja 0x43f318 cmp byte [eax + (_players+55)], 0 ; cmp byte [eax + 0x496b9f], 0 je short loc_0043f32c ; je 0x43f32c loc_0043f318: cmp dword [esp + 0xb0], 0x28 jb short loc_0043f32c ; jb 0x43f32c cmp esi, 1 jne short loc_0043f32c ; jne 0x43f32c mov esi, 2 loc_0043f32c: lea eax, [esi - 1] cmp eax, 8 ja near loc_0043f709 ; ja 0x43f709 jmp dword [eax*4 + ref_0043f21a] ; ujmp: jmp dword [eax*4 + 0x43f21a] loc_0043f33f: push 0 push 0xf push ebp call fcn_0043ef3e ; call 0x43ef3e add esp, 0xc jmp near loc_0043f709 ; jmp 0x43f709 loc_0043f351: push 0 push 0xf push ebp call fcn_0043ef3e ; call 0x43ef3e add esp, 0xc mov eax, dword [ebp*4 + ref_00475ce0] ; mov eax, dword [ebp*4 + 0x475ce0] mov dword [esp + 0x9c], eax mov dword [esp + 0xa0], 0xf0 add eax, 0x1f mov dword [esp + 0xa4], eax mov dword [esp + 0xa8], 0x15c mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x6c push 0x1f mov eax, dword [esp + 0xa8] sub eax, 0x28 push eax mov edx, dword [esp + 0xa8] push edx mov ecx, dword [esp + 0xb0] push ecx push edx mov esi, dword [ref_0048c51c] ; mov esi, dword [0x48c51c] push esi mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045643d ; call 0x45643d add esp, 0x20 mov edx, dword [esp + 0xa0] push edx mov ecx, dword [esp + 0xa0] push ecx mov eax, dword [ref_0048c514] ; mov eax, dword [0x48c514] add eax, 0x30 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0xa0] push ecx mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] push esi mov ecx, dword [esp + 0xac] push ecx mov ebx, dword [esp + 0xac] push ebx push eax call dword [edx + 0x1c] ; ucall push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 mov esi, 3 xor eax, eax mov dword [esp + 0xb0], eax jmp near loc_0043f709 ; jmp 0x43f709 loc_0043f45d: push 0 push 0xf push ebp call fcn_0043ef3e ; call 0x43ef3e add esp, 0xc cmp dword [esp + 0xb0], 4 jne near loc_0043f709 ; jne 0x43f709 mov eax, dword [ebp*4 + ref_00475ce0] ; mov eax, dword [ebp*4 + 0x475ce0] mov dword [esp + 0x9c], eax mov dword [esp + 0xa0], 0xf0 add eax, 0x1f mov dword [esp + 0xa4], eax mov dword [esp + 0xa8], 0x15c mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x6c push 0x1f mov eax, dword [esp + 0xa8] sub eax, 0x28 push eax mov edx, dword [esp + 0xa8] push edx mov ecx, dword [esp + 0xb0] push ecx push edx mov esi, dword [ref_0048c51c] ; mov esi, dword [0x48c51c] push esi mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045643d ; call 0x45643d add esp, 0x20 mov edx, dword [esp + 0xa0] push edx mov ecx, dword [esp + 0xa0] push ecx mov eax, dword [ref_0048c514] ; mov eax, dword [0x48c514] add eax, 0x24 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0xa0] push ecx mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] push esi mov ecx, dword [esp + 0xac] push ecx mov ebx, dword [esp + 0xac] push ebx push eax call dword [edx + 0x1c] ; ucall mov esi, 4 jmp near loc_0043f709 ; jmp 0x43f709 loc_0043f55f: push 1 push 0xf push ebp call fcn_0043ef3e ; call 0x43ef3e add esp, 0xc cmp eax, 1 jne near loc_0043f709 ; jne 0x43f709 mov esi, 5 jmp near loc_0043f709 ; jmp 0x43f709 loc_0043f57f: push 2 push 0xe push ebp call fcn_0043ef3e ; call 0x43ef3e add esp, 0xc cmp eax, 1 jne near loc_0043f709 ; jne 0x43f709 mov esi, 6 jmp near loc_0043f709 ; jmp 0x43f709 loc_0043f59f: push 3 push 0xc push ebp call fcn_0043ef3e ; call 0x43ef3e add esp, 0xc cmp eax, 1 jne near loc_0043f709 ; jne 0x43f709 lea esi, [ebp + 7] jmp near loc_0043f709 ; jmp 0x43f709 loc_0043f5bd: push 4 push 8 push ebp call fcn_0043ef3e ; call 0x43ef3e add esp, 0xc cmp eax, 1 jne near loc_0043f709 ; jne 0x43f709 mov esi, 8 jmp near loc_0043f709 ; jmp 0x43f709 loc_0043f5dd: mov esi, 9 xor eax, eax mov dword [esp + 0xb0], eax push ref_00475d3c ; push 0x475d3c call fcn_004542e9 ; call 0x4542e9 add esp, 4 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x8c push 0xdc mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] add eax, 0x48 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 xor eax, eax mov al, byte [ref_0048c506] ; mov al, byte [0x48c506] sar eax, 1 mov edx, eax shl eax, 2 add edx, eax add edx, edx xor eax, eax mov al, byte [ref_0048c507] ; mov al, byte [0x48c507] sar eax, 1 add edx, eax xor eax, eax mov al, byte [ref_0048c505] ; mov al, byte [0x48c505] sar eax, 1 imul eax, eax, 0x64 add edx, eax mov dword [esp + 0xac], edx test ebp, ebp jne short loc_0043f68c ; jne 0x43f68c xor eax, eax mov al, byte [ref_0048c504] ; mov al, byte [0x48c504] sar eax, 1 mov edx, eax shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 3 mov edx, eax shl eax, 2 add eax, edx add dword [esp + 0xac], eax loc_0043f68c: mov ebx, dword [esp + 0xac] push ebx push ref_00465284 ; push 0x465284 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 4 push 0x8c push 0xdc lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 push ref_0048bdb8 ; push 0x48bdb8 mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [ref_0048bdbc] ; mov ebx, dword [0x48bdbc] push ebx mov ecx, dword [ref_0048bdb8] ; mov ecx, dword [0x48bdb8] push ecx push eax call dword [edx + 0x1c] ; ucall jmp short loc_0043f709 ; jmp 0x43f709 loc_0043f6fa: cmp dword [esp + 0xb0], 0x28 jne short loc_0043f709 ; jne 0x43f709 mov esi, 0xa loc_0043f709: call dword [cs:__imp__timeGetTime@0] ; ucall: call dword cs:[0x46246c] mov ebx, eax sub ebx, edi push 1 push 0 push 0 push 0 lea eax, [esp + 0x90] push eax call dword [cs:__imp__PeekMessageA@20] ; ucall: call dword cs:[0x46230c] test eax, eax je near loc_0043f78e ; je 0x43f78e mov edx, dword [esp + 0x84] cmp edx, 0x202 je short loc_0043f752 ; je 0x43f752 cmp edx, 0x205 je short loc_0043f752 ; je 0x43f752 cmp edx, 0x101 jne short loc_0043f777 ; jne 0x43f777 loc_0043f752: cmp esi, 1 jne short loc_0043f78e ; jne 0x43f78e imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_0043f78e ; jne 0x43f78e cmp byte [eax + (_players+55)], 0 ; cmp byte [eax + 0x496b9f], 0 jne short loc_0043f78e ; jne 0x43f78e mov esi, 2 jmp short loc_0043f78e ; jmp 0x43f78e loc_0043f777: cmp edx, 0x3b9 jne short loc_0043f78e ; jne 0x43f78e cmp dword [esp + 0x88], 1 jne short loc_0043f78e ; jne 0x43f78e call fcn_00454d2c ; call 0x454d2c loc_0043f78e: cmp ebx, 0x1e jb near loc_0043f709 ; jb 0x43f709 cmp esi, 0xa jl near loc_0043f2b3 ; jl 0x43f2b3 mov eax, dword [esp + 0xac] add esp, 0xb4 pop ebp pop edi pop esi pop ebx ret ref_0043f7b2: ; may contain a jump table dd loc_0043f883 dd loc_0043f892 dd loc_0043f9ab dd loc_0043fa23 dd loc_0043fa19 fcn_0043f7c6: push ebx push esi push edi push ebp sub esp, 0x38 mov edx, 1 mov dword [esp + 0x34], edx mov ebx, edx xor ebp, ebp call clib_rand ; call 0x456f2d mov edx, eax mov esi, 0xc sar edx, 0x1f idiv esi mov dword [ref_0048c50c], edx ; mov dword [0x48c50c], edx mov dword [esp + 0x1c], ebp mov dword [esp + 0x20], 0x28 mov dword [esp + 0x24], 0x1b8 mov dword [esp + 0x28], 0x1e0 push ebx push ref_00475d4c ; push 0x475d4c call fcn_004542ce ; call 0x4542ce add esp, 8 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea esi, [esp + 0x20] push esi mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov esi, dword [esp + 0x2c] push esi mov edi, dword [esp + 0x2c] push edi push eax call dword [edx + 0x1c] ; ucall loc_0043f83e: call dword [cs:__imp__timeGetTime@0] ; ucall: call dword cs:[0x46246c] mov edi, eax imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 inc ebp cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 ja short loc_0043f861 ; ja 0x43f861 cmp byte [eax + (_players+55)], 0 ; cmp byte [eax + 0x496b9f], 0 je short loc_0043f870 ; je 0x43f870 loc_0043f861: cmp ebp, 0x28 jb short loc_0043f870 ; jb 0x43f870 cmp ebx, 1 jne short loc_0043f870 ; jne 0x43f870 mov ebx, 2 loc_0043f870: lea eax, [ebx - 1] cmp eax, 4 ja near loc_0043fa23 ; ja 0x43fa23 jmp dword [eax*4 + ref_0043f7b2] ; ujmp: jmp dword [eax*4 + 0x43f7b2] loc_0043f883: push 0 call fcn_0043f127 ; call 0x43f127 loc_0043f88a: add esp, 4 jmp near loc_0043fa23 ; jmp 0x43fa23 loc_0043f892: mov dword [esp + 0x1c], 0x109 mov dword [esp + 0x20], 0xe6 mov dword [esp + 0x24], 0x160 mov dword [esp + 0x28], 0x123 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [ebx + 0x64] ; ucall push 0x3d push 0x57 mov eax, dword [esp + 0x28] sub eax, 0x28 push eax mov edx, dword [esp + 0x28] push edx mov ecx, dword [esp + 0x30] push ecx push edx mov esi, dword [ref_0048c51c] ; mov esi, dword [0x48c51c] push esi mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x140 push 0xdc mov ebx, dword [ref_0048c50c] ; mov ebx, dword [0x48c50c] add ebx, 2 mov eax, ebx shl eax, 2 sub eax, ebx mov ebx, eax shl ebx, 2 mov eax, dword [ref_0048c520] ; mov eax, dword [0x48c520] add eax, 0xc add eax, ebx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov ecx, dword [esp + 0x20] push ecx mov ebx, dword [esp + 0x20] push ebx mov eax, dword [ref_0048c520] ; mov eax, dword [0x48c520] add eax, 0x18 push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push eax call dword [ebx + 0x80] ; ucall mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov ebx, dword [eax] push 0x10 lea esi, [esp + 0x20] push esi mov edx, dword [ref_0048a0e0] ; mov edx, dword [0x48a0e0] push edx mov ecx, dword [esp + 0x2c] push ecx mov esi, dword [esp + 0x2c] push esi push eax call dword [ebx + 0x1c] ; ucall push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 mov ebx, 3 mov dword [esp + 0x34], 1 mov dword [esp + 0x30], ebx mov dword [esp + 0x2c], ebp jmp near loc_0043fa23 ; jmp 0x43fa23 loc_0043f9ab: mov eax, ebp sub eax, dword [esp + 0x2c] mov esi, dword [esp + 0x34] cmp eax, esi jne short loc_0043fa23 ; jne 0x43fa23 push 1 call fcn_0043f127 ; call 0x43f127 add esp, 4 mov dword [esp + 0x2c], ebp mov eax, dword [esp + 0x30] dec eax mov dword [esp + 0x30], eax jne short loc_0043f9df ; jne 0x43f9df mov dword [esp + 0x30], 3 inc esi mov dword [esp + 0x34], esi loc_0043f9df: cmp dword [esp + 0x34], 5 jl short loc_0043fa23 ; jl 0x43fa23 mov esi, dword [esp + 0x4c] mov eax, esi shl eax, 2 sub eax, esi shl eax, 2 add eax, dword [ref_0048c50c] ; add eax, dword [0x48c50c] cmp byte [eax + ref_00475d0c], 0xff ; cmp byte [eax + 0x475d0c], 0xff je short loc_0043fa23 ; je 0x43fa23 mov ebx, 5 xor ebp, ebp push ref_00475d4c ; push 0x475d4c call fcn_004542e9 ; call 0x4542e9 jmp near loc_0043f88a ; jmp 0x43f88a loc_0043fa19: cmp ebp, 0x28 jne short loc_0043fa23 ; jne 0x43fa23 mov ebx, 6 loc_0043fa23: call dword [cs:__imp__timeGetTime@0] ; ucall: call dword cs:[0x46246c] mov esi, eax sub esi, edi push 1 push 0 push 0 push 0 lea eax, [esp + 0x10] push eax call dword [cs:__imp__PeekMessageA@20] ; ucall: call dword cs:[0x46230c] test eax, eax je near loc_0043faab ; je 0x43faab mov ecx, dword [esp + 4] cmp ecx, 0x202 je short loc_0043fa66 ; je 0x43fa66 cmp ecx, 0x205 je short loc_0043fa66 ; je 0x43fa66 cmp ecx, 0x101 jne short loc_0043fa97 ; jne 0x43fa97 loc_0043fa66: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_0043faab ; jne 0x43faab cmp byte [eax + (_players+55)], 0 ; cmp byte [eax + 0x496b9f], 0 jne short loc_0043faab ; jne 0x43faab cmp ebx, 1 jne short loc_0043fa8b ; jne 0x43fa8b mov ebx, 2 jmp short loc_0043faab ; jmp 0x43faab loc_0043fa8b: cmp ebx, 5 jne short loc_0043faab ; jne 0x43faab mov ebx, 6 jmp short loc_0043faab ; jmp 0x43faab loc_0043fa97: cmp ecx, 0x3b9 jne short loc_0043faab ; jne 0x43faab cmp dword [esp + 8], 1 jne short loc_0043faab ; jne 0x43faab call fcn_00454d2c ; call 0x454d2c loc_0043faab: cmp esi, 0x24 jb near loc_0043fa23 ; jb 0x43fa23 cmp ebx, 6 jl near loc_0043f83e ; jl 0x43f83e mov edx, dword [esp + 0x4c] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 add eax, dword [ref_0048c50c] ; add eax, dword [0x48c50c] mov al, byte [eax + ref_00475d0c] ; mov al, byte [eax + 0x475d0c] and eax, 0xff add esp, 0x38 pop ebp pop edi pop esi pop ebx ret fcn_0043fae4: push ebx push esi push edi push ebp sub esp, 0x50 mov esi, dword [esp + 0x64] mov eax, dword [esp + 0x68] mov edx, dword [esp + 0x70] cmp eax, 0x202 jb short loc_0043fb21 ; jb 0x43fb21 jbe near loc_0043fe81 ; jbe 0x43fe81 cmp eax, 0x205 jb near loc_0043ff3d ; jb 0x43ff3d jbe near loc_0043febb ; jbe 0x43febb cmp eax, 0x401 je short loc_0043fb3c ; je 0x43fb3c jmp near loc_0043ff3d ; jmp 0x43ff3d loc_0043fb21: cmp eax, 0xf jb near loc_0043ff3d ; jb 0x43ff3d jbe near loc_0043fee5 ; jbe 0x43fee5 cmp eax, 0x200 je short loc_0043fb76 ; je 0x43fb76 jmp near loc_0043ff3d ; jmp 0x43ff3d loc_0043fb3c: mov dword [ref_0048c528], edx ; mov dword [0x48c528], edx xor edx, edx mov dword [ref_0048c524], edx ; mov dword [0x48c524], edx push 0x140 push 0xdc call dword [cs:__imp__SetCursorPos@8] ; ucall: call dword cs:[0x46231c] push 1 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 0 push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_0043fd7e ; jmp 0x43fd7e loc_0043fb76: xor ebx, ebx mov bx, dx mov eax, edx shr eax, 0x10 and eax, 0xffff and eax, 0xffff cmp ebx, 0x32 jl near loc_0043fd85 ; jl 0x43fd85 cmp ebx, 0x186 jge near loc_0043fd85 ; jge 0x43fd85 cmp eax, 0x11e jl near loc_0043fd85 ; jl 0x43fd85 cmp eax, 0x162 jge near loc_0043fd85 ; jge 0x43fd85 lea edx, [ebx - 0x32] mov ebx, 0x44 mov eax, edx sar edx, 0x1f idiv ebx mov edi, eax inc eax cmp eax, dword [ref_0048c524] ; cmp eax, dword [0x48c524] je near loc_0043fd7e ; je 0x43fd7e push 0 push ref_0048231a ; push 0x48231a call fcn_004542ce ; call 0x4542ce add esp, 8 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax mov ecx, dword [ref_0048c524] ; mov ecx, dword [0x48c524] test ecx, ecx je short loc_0043fc6f ; je 0x43fc6f lea eax, [ecx - 1] mov ebx, eax shl ebx, 4 add ebx, eax shl ebx, 2 lea eax, [ebx + 0x32] mov dword [esp + 0x40], eax mov ebp, 0x11e mov dword [esp + 0x44], ebp lea eax, [ebx + 0x76] mov dword [esp + 0x48], eax mov dword [esp + 0x4c], 0x162 push 0x44 push 0x44 push 7 add ebx, 7 push ebx push ebp mov edx, dword [esp + 0x54] push edx mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] add eax, 0x3c push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0 lea eax, [esp + 0x44] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_0043fc6f: mov ebx, edi shl ebx, 4 add ebx, edi shl ebx, 2 add ebx, 0x32 push 0xffff00 push 0x44 push 0x44 push 0x11e push ebx push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 push 0xffff00 push 0x42 push 0x42 push 0x11f lea eax, [ebx + 1] push eax push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 push 0xffff00 push 0x40 push 0x40 push 0x120 lea eax, [ebx + 2] push eax push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 push 0x8c push 0xdc mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] add eax, 0x48 push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 push 2 push 0x7a push 0xdc push ref_00465289 ; push 0x465289 push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 4 push 0x9a push 0xdc mov edx, dword [edi*4 + ref_00475150] ; mov edx, dword [edi*4 + 0x475150] push edx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push ref_0048bdb8 ; push 0x48bdb8 push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov dword [esp + 0x40], ebx mov dword [esp + 0x44], 0x11e add ebx, 0x44 mov dword [esp + 0x48], ebx mov dword [esp + 0x4c], 0x162 push 0 lea eax, [esp + 0x44] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] inc edi mov dword [ref_0048c524], edi ; mov dword [0x48c524], edi loc_0043fd7e: xor eax, eax jmp near loc_0043ff4c ; jmp 0x43ff4c loc_0043fd85: mov edi, dword [ref_0048c524] ; mov edi, dword [0x48c524] test edi, edi je short loc_0043fd7e ; je 0x43fd7e lea eax, [edi - 1] mov ebx, eax shl ebx, 4 add ebx, eax shl ebx, 2 lea eax, [ebx + 0x32] mov dword [esp + 0x40], eax mov dword [esp + 0x44], 0x11e add ebx, 0x76 mov dword [esp + 0x48], ebx mov dword [esp + 0x4c], 0x162 push 0 lea eax, [esp + 0x44] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x44 push 0x44 push 7 mov eax, dword [ref_0048c524] ; mov eax, dword [0x48c524] dec eax mov ebx, eax shl ebx, 4 add ebx, eax shl ebx, 2 add ebx, 7 push ebx mov edx, dword [esp + 0x54] push edx mov ecx, dword [esp + 0x54] push ecx mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] add eax, 0x3c push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_0045643d ; call 0x45643d add esp, 0x20 push 0x8c push 0xdc mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] add eax, 0x48 push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_00456418 ; call 0x456418 add esp, 0x10 push 2 push 0x7a push 0xdc push ref_00465289 ; push 0x465289 push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push ref_0048bdb8 ; push 0x48bdb8 push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] xor ebp, ebp mov dword [ref_0048c524], ebp ; mov dword [0x48c524], ebp jmp near loc_0043fd7e ; jmp 0x43fd7e loc_0043fe81: cmp dword [ref_0048c524], 0 ; cmp dword [0x48c524], 0 je near loc_0043fd7e ; je 0x43fd7e push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov eax, dword [ref_0048c524] ; mov eax, dword [0x48c524] dec eax push eax loc_0043feae: call _Post_0402_Message ; call 0x401966 add esp, 4 jmp near loc_0043fd7e ; jmp 0x43fd7e loc_0043febb: cmp dword [ref_0048c528], 0 ; cmp dword [0x48c528], 0 je near loc_0043fd7e ; je 0x43fd7e push 0 push ref_00482332 ; push 0x482332 call fcn_004542ce ; call 0x4542ce add esp, 8 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0xffffffffffffffff jmp short loc_0043feae ; jmp 0x43feae loc_0043fee5: mov eax, esp push eax push esi call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ebx, [esp + 0xc] push ebx mov edi, dword [ref_0048a0e0] ; mov edi, dword [0x48a0e0] push edi mov ebp, dword [esp + 0x18] push ebp mov ecx, dword [esp + 0x18] push ecx push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push esi call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_0043fd7e ; jmp 0x43fd7e loc_0043ff3d: push edx mov ebx, dword [esp + 0x70] push ebx push eax push esi loc_0043ff45: call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] loc_0043ff4c: add esp, 0x50 pop ebp pop edi pop esi pop ebx ret 0x10 fcn_0043ff56: push ebx push esi push edi push ebp sub esp, 0x50 mov ebp, dword [esp + 0x64] mov eax, dword [esp + 0x68] mov edx, dword [esp + 0x70] cmp eax, 0x202 jb short loc_0043ff93 ; jb 0x43ff93 jbe near loc_0044021b ; jbe 0x44021b cmp eax, 0x205 jb near loc_004402ca ; jb 0x4402ca jbe near loc_00440255 ; jbe 0x440255 cmp eax, 0x401 je short loc_0043ffae ; je 0x43ffae jmp near loc_004402ca ; jmp 0x4402ca loc_0043ff93: cmp eax, 0xf jb near loc_004402ca ; jb 0x4402ca jbe near loc_00440272 ; jbe 0x440272 cmp eax, 0x200 je short loc_0043ffe4 ; je 0x43ffe4 jmp near loc_004402ca ; jmp 0x4402ca loc_0043ffae: mov dword [ref_0048c52c], 0xffffffff ; mov dword [0x48c52c], 0xffffffff push 0x140 push 0xdc call dword [cs:__imp__SetCursorPos@8] ; ucall: call dword cs:[0x46231c] push 1 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 0 push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_0043fd7e ; jmp 0x43fd7e loc_0043ffe4: xor ebx, ebx mov bx, dx mov eax, edx shr eax, 0x10 and eax, 0xffff xor esi, esi mov si, ax mov eax, dword [ref_0048c4fc] ; mov eax, dword [0x48c4fc] sub eax, 3 mov dword [esp + 0x40], eax mov eax, dword [ref_0048c4f8] ; mov eax, dword [0x48c4f8] sub eax, 3 mov dword [esp + 0x44], eax mov edx, dword [ref_0048c500] ; mov edx, dword [0x48c500] mov eax, edx shl eax, 2 add edx, eax shl edx, 4 mov eax, dword [esp + 0x40] add eax, edx add eax, 6 mov dword [esp + 0x48], eax mov eax, dword [ref_0048c4f8] ; mov eax, dword [0x48c4f8] add eax, 0x4b mov dword [esp + 0x4c], eax mov edi, dword [ref_0048c4fc] ; mov edi, dword [0x48c4fc] cmp ebx, edi jl near loc_00440192 ; jl 0x440192 add edx, edi cmp ebx, edx jge near loc_00440192 ; jge 0x440192 mov edx, dword [ref_0048c4f8] ; mov edx, dword [0x48c4f8] cmp esi, edx jl near loc_00440192 ; jl 0x440192 lea eax, [edx + 0x48] cmp esi, eax jge near loc_00440192 ; jge 0x440192 mov edx, ebx sub edx, edi mov ebx, 0x50 mov eax, edx sar edx, 0x1f idiv ebx mov edi, eax cmp edi, dword [ref_0048c52c] ; cmp edi, dword [0x48c52c] je near loc_0043fd7e ; je 0x43fd7e push 0 push ref_0048231a ; push 0x48231a call fcn_004542ce ; call 0x4542ce add esp, 8 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax cmp dword [ref_0048c52c], 0xffffffff ; cmp dword [0x48c52c], 0xffffffff je short loc_004400f8 ; je 0x4400f8 push 0x140 push 0xdc mov edx, dword [ref_0048c500] ; mov edx, dword [0x48c500] sub edx, 2 mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048c510] ; mov edx, dword [0x48c510] add edx, 0xc add eax, edx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 loc_004400f8: mov eax, edi shl eax, 2 add eax, edi shl eax, 4 add eax, dword [ref_0048c4fc] ; add eax, dword [0x48c4fc] lea ebx, [eax - 3] mov esi, dword [ref_0048c4f8] ; mov esi, dword [0x48c4f8] sub esi, 3 push 0xffff00 push 0x4e push 0x4e push esi push ebx push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 push 0xffff00 push 0x4c push 0x4c lea eax, [esi + 1] push eax lea eax, [ebx + 1] push eax push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 push 0xffff00 push 0x4a push 0x4a add esi, 2 push esi add ebx, 2 push ebx push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov dword [ref_0048c52c], edi ; mov dword [0x48c52c], edi jmp near loc_0043fd7e ; jmp 0x43fd7e loc_00440192: cmp dword [ref_0048c52c], 0xffffffff ; cmp dword [0x48c52c], 0xffffffff je near loc_0043fd7e ; je 0x43fd7e mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x140 push 0xdc mov edx, dword [ref_0048c500] ; mov edx, dword [0x48c500] sub edx, 2 mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048c510] ; mov edx, dword [0x48c510] add edx, 0xc add eax, edx push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push ebp call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov dword [ref_0048c52c], 0xffffffff ; mov dword [0x48c52c], 0xffffffff jmp near loc_0043fd7e ; jmp 0x43fd7e loc_0044021b: cmp dword [ref_0048c52c], 0xffffffff ; cmp dword [0x48c52c], 0xffffffff je near loc_0043fd7e ; je 0x43fd7e push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov ebx, dword [ref_0048c52c] ; mov ebx, dword [0x48c52c] push ebx loc_00440248: call _Post_0402_Message ; call 0x401966 add esp, 4 jmp near loc_0043fd7e ; jmp 0x43fd7e loc_00440255: push 0 push ref_00482332 ; push 0x482332 call fcn_004542ce ; call 0x4542ce add esp, 8 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0xffffffffffffffff jmp short loc_00440248 ; jmp 0x440248 loc_00440272: mov eax, esp push eax push ebp call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ebx, [esp + 0xc] push ebx mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] push esi mov edi, dword [esp + 0x18] push edi mov ecx, dword [esp + 0x18] push ecx push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push ebp call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_0043fd7e ; jmp 0x43fd7e loc_004402ca: push edx mov ebx, dword [esp + 0x70] push ebx push eax push ebp jmp near loc_0043ff45 ; jmp 0x43ff45 fcn_004402d7: push ebx push esi push edi push ebp sub esp, 0x50 mov edi, dword [esp + 0x64] mov eax, dword [esp + 0x68] mov edx, dword [esp + 0x70] cmp eax, 0x201 jb short loc_00440320 ; jb 0x440320 jbe near loc_004405d0 ; jbe 0x4405d0 cmp eax, 0x205 jb short loc_00440310 ; jb 0x440310 jbe near loc_00440669 ; jbe 0x440669 cmp eax, 0x401 je short loc_0044033b ; je 0x44033b jmp near loc_004406de ; jmp 0x4406de loc_00440310: cmp eax, 0x202 je near loc_0044062b ; je 0x44062b jmp near loc_004406de ; jmp 0x4406de loc_00440320: cmp eax, 0xf jb near loc_004406de ; jb 0x4406de jbe near loc_00440686 ; jbe 0x440686 cmp eax, 0x200 je short loc_00440377 ; je 0x440377 jmp near loc_004406de ; jmp 0x4406de loc_0044033b: mov dword [ref_0048c534], edx ; mov dword [0x48c534], edx mov dword [ref_0048c530], 0xffffffff ; mov dword [0x48c530], 0xffffffff push 0x140 push 0xdc call dword [cs:__imp__SetCursorPos@8] ; ucall: call dword cs:[0x46231c] push 1 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 0 push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_0043fd7e ; jmp 0x43fd7e loc_00440377: xor ebx, ebx mov bx, dx mov eax, edx shr eax, 0x10 and eax, 0xffff and eax, 0xffff mov dword [esp + 0x40], 0x14 mov dword [esp + 0x48], 0x1a4 mov dword [esp + 0x44], 0x118 mov dword [esp + 0x4c], 0x171 cmp ebx, 0x23 jl near loc_0044051a ; jl 0x44051a cmp ebx, 0x196 jg near loc_0044051a ; jg 0x44051a cmp eax, 0x129 jl near loc_0044051a ; jl 0x44051a cmp eax, 0x15f jg near loc_0044051a ; jg 0x44051a lea edx, [ebx - 0x23] mov ebx, 0x4c mov eax, edx sar edx, 0x1f idiv ebx mov esi, eax cmp eax, dword [ref_0048c530] ; cmp eax, dword [0x48c530] je near loc_0043fd7e ; je 0x43fd7e push 0 push ref_0048231a ; push 0x48231a call fcn_004542ce ; call 0x4542ce add esp, 8 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax push 0x8c push 0xdc mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] add eax, 0x48 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_00456418 ; call 0x456418 add esp, 0x10 push 2 push 0x7a push 0xdc push ref_00465298 ; push 0x465298 push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 push 0x9a push 0xdc mov eax, esi mov ebp, dword [eax*8 + ref_0047ff22] ; mov ebp, dword [eax*8 + 0x47ff22] push ebp push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 cmp dword [ref_0048c530], 0xffffffff ; cmp dword [0x48c530], 0xffffffff je short loc_004404a2 ; je 0x4404a2 push 0x118 push 0x14 mov edx, dword [ref_0048c508] ; mov edx, dword [0x48c508] push edx mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 loc_004404a2: imul ebx, esi, 0x4c add ebx, 0x20 push 0xffff00 push 0x3b push 0x47 push 0x126 push ebx push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 push 0xffff00 push 0x39 push 0x45 push 0x127 inc ebx push ebx push ref_0046caec ; push 0x46caec call fcn_0045620f ; call 0x45620f add esp, 0x18 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push ref_0048bdb8 ; push 0x48bdb8 push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 lea eax, [esp + 0x44] push eax push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov dword [ref_0048c530], esi ; mov dword [0x48c530], esi jmp near loc_0043fd7e ; jmp 0x43fd7e loc_0044051a: cmp dword [ref_0048c530], 0xffffffff ; cmp dword [0x48c530], 0xffffffff je near loc_0043fd7e ; je 0x43fd7e mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x118 push 0x14 mov esi, dword [ref_0048c508] ; mov esi, dword [0x48c508] push esi mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x8c push 0xdc mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] add eax, 0x48 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 push 2 push 0x7a push 0xdc push ref_00465298 ; push 0x465298 push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push ref_0048bdb8 ; push 0x48bdb8 push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 lea eax, [esp + 0x44] push eax push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov dword [ref_0048c530], 0xffffffff ; mov dword [0x48c530], 0xffffffff jmp near loc_0043fd7e ; jmp 0x43fd7e loc_004405d0: mov edi, dword [ref_0048c530] ; mov edi, dword [0x48c530] cmp edi, 0xffffffff je near loc_0043fd7e ; je 0x43fd7e cmp edi, dword [ref_0048c534] ; cmp edi, dword [0x48c534] jge near loc_0043fd7e ; jge 0x43fd7e push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 imul eax, dword [ref_0048c530], 0x4c ; imul eax, dword [0x48c530], 0x4c lea edx, [eax + 0x23] mov dword [esp + 0x40], edx add eax, 0x65 mov dword [esp + 0x48], eax mov dword [esp + 0x44], 0x129 mov dword [esp + 0x4c], 0x15f lea eax, [esp + 0x40] push eax call fcn_00451b9e ; call 0x451b9e jmp short loc_00440661 ; jmp 0x440661 loc_0044062b: mov ecx, dword [ref_0048c530] ; mov ecx, dword [0x48c530] cmp ecx, 0xffffffff je near loc_0043fd7e ; je 0x43fd7e cmp ecx, dword [ref_0048c534] ; cmp ecx, dword [0x48c534] jge near loc_0043fd7e ; jge 0x43fd7e call fcn_00451d4e ; call 0x451d4e push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov esi, dword [ref_0048c530] ; mov esi, dword [0x48c530] push esi loc_0044065c: call _Post_0402_Message ; call 0x401966 loc_00440661: add esp, 4 jmp near loc_0043fd7e ; jmp 0x43fd7e loc_00440669: push 0 push ref_00482332 ; push 0x482332 call fcn_004542ce ; call 0x4542ce add esp, 8 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0xffffffffffffffff jmp short loc_0044065c ; jmp 0x44065c loc_00440686: mov eax, esp push eax push edi call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ebx, [esp + 0xc] push ebx mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] push ebx mov esi, dword [esp + 0x18] push esi mov ebp, dword [esp + 0x18] push ebp push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push edi call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_0043fd7e ; jmp 0x43fd7e loc_004406de: push edx mov edx, dword [esp + 0x70] push edx push eax push edi jmp near loc_0043ff45 ; jmp 0x43ff45 endloc_004406eb: db 0x8d db 0x40 db 0x00 ref_004406ee: ; may contain a jump table dd loc_00440830 dd loc_0044083e dd loc_00440873 dd loc_00440873 dd loc_0044084c dd loc_0044085a fcn_00440706: push ebx push esi push edi push ebp sub esp, 0x90 push 0 push 0 push 0x43 mov edx, dword [ref_0048a05c] ; mov edx, dword [0x48a05c] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c514], eax ; mov dword [0x48c514], eax push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor ecx, ecx mov dword [esp + 0x80], ecx mov dword [esp + 0x84], 0x28 mov dword [esp + 0x88], 0x1b8 mov dword [esp + 0x8c], 0x1e0 lea eax, [esp + 0x80] push eax call fcn_00451e7e ; call 0x451e7e add esp, 4 mov dword [ref_0048c51c], eax ; mov dword [0x48c51c], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x8c push 0xdc mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] add eax, 0x48 push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 mov ebx, dword [esp + 0xa4] and ebx, 1 xor bl, 1 push 0x140 push 0xdc mov ecx, dword [ref_0048c514] ; mov ecx, dword [0x48c514] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 lea edx, [ecx + 0xc] add eax, edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0xf0 mov edx, dword [ebx*4 + ref_00475ce0] ; mov edx, dword [ebx*4 + 0x475ce0] push edx mov eax, dword [ref_0048c514] ; mov eax, dword [0x48c514] add eax, 0x24 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov esi, dword [esp + 0xa4] cmp esi, 5 ja short loc_00440873 ; ja 0x440873 mov eax, esi shl eax, 2 jmp dword [eax + ref_004406ee] ; ujmp: jmp dword [eax + 0x4406ee] loc_00440830: mov ecx, dword [eax + ref_0047ed7a] ; mov ecx, dword [eax + 0x47ed7a] push ecx push ref_004652a9 ; push 0x4652a9 jmp short loc_00440866 ; jmp 0x440866 loc_0044083e: mov edx, dword [eax + ref_0047ed7a] ; mov edx, dword [eax + 0x47ed7a] push edx push ref_004652c1 ; push 0x4652c1 jmp short loc_00440866 ; jmp 0x440866 loc_0044084c: mov ebp, dword [eax + ref_0047ed7a] ; mov ebp, dword [eax + 0x47ed7a] push ebp push ref_004652d1 ; push 0x4652d1 jmp short loc_00440866 ; jmp 0x440866 loc_0044085a: mov edi, dword [eax + ref_0047ed7a] ; mov edi, dword [eax + 0x47ed7a] push edi push ref_004652e7 ; push 0x4652e7 loc_00440866: lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc loc_00440873: push 4 push 0x8c push 0xdc lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push ref_00475d3c ; push 0x475d3c call fcn_00454176 ; call 0x454176 add esp, 4 push 1 push ref_00475d3c ; push 0x475d3c call fcn_004542ce ; call 0x4542ce add esp, 8 push ref_00475d3c ; push 0x475d3c call fcn_004542e9 ; call 0x4542e9 add esp, 4 push ebx call fcn_0043f23e ; call 0x43f23e mov ebx, eax add esp, 4 push ref_00475d3c ; push 0x475d3c call fcn_00454240 ; call 0x454240 add esp, 4 push 0x28 push 0 mov esi, dword [ref_0048c51c] ; mov esi, dword [0x48c51c] push esi call fcn_00451edb ; call 0x451edb add esp, 0xc mov edi, dword [ref_0048c514] ; mov edi, dword [0x48c514] push edi loc_004408f9: call clib_free ; call 0x456e11 add esp, 4 mov eax, ebx add esp, 0x90 pop ebp pop edi pop esi pop ebx ret fcn_0044090e: push ebx push esi push edi push ebp sub esp, 0x90 push 0 push 0 mov eax, dword [esp + 0xac] and eax, 3 add eax, 0x44 push eax mov edx, dword [ref_0048a05c] ; mov edx, dword [0x48a05c] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c520], eax ; mov dword [0x48c520], eax push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor ecx, ecx mov dword [esp + 0x80], ecx mov dword [esp + 0x84], 0x28 mov dword [esp + 0x88], 0x1b8 mov dword [esp + 0x8c], 0x1e0 lea eax, [esp + 0x80] push eax call fcn_00451e7e ; call 0x451e7e add esp, 4 mov dword [ref_0048c51c], eax ; mov dword [0x48c51c], eax mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] mov eax, dword [ebx] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push ebx call dword [eax + 0x64] ; ucall push 0x8c push 0xdc mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] add eax, 0x48 push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x140 push 0xdc mov eax, dword [ref_0048c520] ; mov eax, dword [0x48c520] add eax, 0x24 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0xe6 push 0x109 mov eax, dword [ref_0048c520] ; mov eax, dword [0x48c520] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov ecx, dword [esp + 0xa8] push ecx mov eax, dword [esp + 0xa8] mov ebx, dword [eax*4 + ref_00475cf8] ; mov ebx, dword [eax*4 + 0x475cf8] push ebx lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 4 push 0x8c push 0xdc lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] mov eax, dword [ebx] push 0 push ebx call dword [eax + 0x80] ; ucall push ref_00475d4c ; push 0x475d4c call fcn_00454176 ; call 0x454176 add esp, 4 mov esi, dword [esp + 0xa4] push esi call fcn_0043f7c6 ; call 0x43f7c6 mov ebx, eax add esp, 4 push ref_00475d4c ; push 0x475d4c call fcn_00454240 ; call 0x454240 add esp, 4 push 0x28 push 0 mov edi, dword [ref_0048c51c] ; mov edi, dword [0x48c51c] push edi call fcn_00451edb ; call 0x451edb add esp, 0xc mov ebp, dword [ref_0048c520] ; mov ebp, dword [0x48c520] push ebp jmp near loc_004408f9 ; jmp 0x4408f9 fcn_00440aac: push ebx push edi push ebp sub esp, 0x10 push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor edx, edx mov dword [esp], edx mov dword [esp + 4], 0x28 mov dword [esp + 8], 0x1b8 mov dword [esp + 0xc], 0x1e0 mov eax, esp push eax call fcn_00451e7e ; call 0x451e7e add esp, 4 mov dword [ref_0048c51c], eax ; mov dword [0x48c51c], eax mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] mov eax, dword [ebx] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push ebx call dword [eax + 0x64] ; ucall push 0x117 push 0x2b mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] add eax, 0x3c push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0x8c push 0xdc mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] add eax, 0x48 push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 push 2 push 0x7a push 0xdc push ref_00465289 ; push 0x465289 push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] mov eax, dword [ebx] push 0 push ebx call dword [eax + 0x80] ; ucall mov eax, dword [esp + 0x20] push eax push fcn_0043fae4 ; push 0x43fae4 call _Wait_0402_Message ; call 0x4018e7 mov ebx, eax add esp, 8 push 0x28 push 0 mov edx, dword [ref_0048c51c] ; mov edx, dword [0x48c51c] push edx call fcn_00451edb ; call 0x451edb add esp, 0xc mov eax, ebx add esp, 0x10 pop ebp pop edi pop ebx ret fcn_00440ba8: push ebx push esi push edi push ebp sub esp, 0x10 push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor edx, edx mov dword [esp], edx mov dword [esp + 4], 0x28 mov dword [esp + 8], 0x1b8 mov dword [esp + 0xc], 0x1e0 mov eax, esp push eax call fcn_00451e7e ; call 0x451e7e add esp, 4 mov dword [ref_0048c51c], eax ; mov dword [0x48c51c], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [ebx + 0x64] ; ucall push 0x8c push 0xdc mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] add eax, 0x48 push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_00456418 ; call 0x456418 add esp, 0x10 push 4 push 0x8c push 0xdc mov ebp, dword [esp + 0x30] push ebp push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push eax call dword [ebx + 0x80] ; ucall mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov ebx, dword [eax] push 0x10 push ref_0048bdb8 ; push 0x48bdb8 mov edx, dword [ref_0048a0e0] ; mov edx, dword [0x48a0e0] push edx mov ecx, dword [ref_0048bdbc] ; mov ecx, dword [0x48bdbc] push ecx mov esi, dword [ref_0048bdb8] ; mov esi, dword [0x48bdb8] push esi push eax call dword [ebx + 0x1c] ; ucall push 0x140 push 0xdc call fcn_00453a32 ; call 0x453a32 mov ebx, eax add esp, 8 push 0x28 push 0 mov edi, dword [ref_0048c51c] ; mov edi, dword [0x48c51c] push edi call fcn_00451edb ; call 0x451edb add esp, 0xc mov eax, ebx jmp near loc_0043f212 ; jmp 0x43f212 fcn_00440cac: push ebx push esi push ebp sub esp, 0x20 mov esi, dword [esp + 0x34] call fcn_004024a1 ; call 0x4024a1 mov ebx, eax cmp eax, 1 jne short loc_00440ccc ; jne 0x440ccc push 0 call fcn_00402460 ; call 0x402460 add esp, 4 loc_00440ccc: mov eax, dword [ref_0048bdb8] ; mov eax, dword [0x48bdb8] mov dword [esp], eax mov eax, dword [ref_0048bdc0] ; mov eax, dword [0x48bdc0] mov dword [esp + 8], eax mov eax, dword [ref_0048bdbc] ; mov eax, dword [0x48bdbc] mov dword [esp + 4], eax mov eax, dword [ref_0048bdc4] ; mov eax, dword [0x48bdc4] mov dword [esp + 0xc], eax test esi, 0x80000000 je short loc_00440d06 ; je 0x440d06 and esi, 0x7fffffff add dword [esp], 0x64 add dword [esp + 8], 0x64 loc_00440d06: push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor ebp, ebp mov dword [esp + 0x10], ebp mov dword [esp + 0x14], 0x28 mov dword [esp + 0x18], 0x1b8 mov dword [esp + 0x1c], 0x1e0 lea eax, [esp + 0x10] push eax call fcn_00451e7e ; call 0x451e7e add esp, 4 mov dword [ref_0048c51c], eax ; mov dword [0x48c51c], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push ebp push 1 push ref_0048a068 ; push 0x48a068 push ebp push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] movsx edx, word [eax + 0x4e] add edx, dword [esp + 4] push edx movsx edx, word [eax + 0x4c] add edx, dword [esp + 4] push edx add eax, 0x48 push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 push 4 mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] movsx edx, word [eax + 0x4e] add edx, dword [esp + 8] push edx movsx eax, word [eax + 0x4c] add eax, dword [esp + 8] push eax mov eax, dword [esp + 0x3c] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebp, dword [esp + 0x10] push ebp mov ecx, dword [esp + 0x10] push ecx push eax call dword [edx + 0x1c] ; ucall push esi call fcn_004528b9 ; call 0x4528b9 add esp, 4 push 0x28 push 0 mov esi, dword [ref_0048c51c] ; mov esi, dword [0x48c51c] push esi call fcn_00451edb ; call 0x451edb add esp, 0xc cmp ebx, 1 jne short loc_00440e11 ; jne 0x440e11 push ebx call fcn_00402460 ; call 0x402460 add esp, 4 loc_00440e11: mov eax, edi add esp, 0x20 pop ebp pop esi pop ebx ret fcn_00440e1a: push ebx push esi push edi push ebp sub esp, 0x10 mov ebp, dword [esp + 0x24] push 0 push 0 push 0x206 mov edx, dword [ref_0048a0e4] ; mov edx, dword [0x48a0e4] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c510], eax ; mov dword [0x48c510], eax push 0 push 0 push 2 mov ecx, dword [ref_0048a0e4] ; mov ecx, dword [0x48a0e4] push ecx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c518], eax ; mov dword [0x48c518], eax lea edx, [ebp - 2] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, dword [ref_0048c510] ; mov edx, dword [0x48c510] add eax, edx movsx edx, word [eax + 0x10] mov ebx, 0xdc sub ebx, edx lea edx, [ebx + 0xc] mov dword [ref_0048c4fc], edx ; mov dword [0x48c4fc], edx movsx eax, word [eax + 0x12] mov edx, 0x140 sub edx, eax lea eax, [edx + 0xc] mov dword [ref_0048c4f8], eax ; mov dword [0x48c4f8], eax mov dword [ref_0048c500], ebp ; mov dword [0x48c500], ebp xor ebx, ebx mov esi, 0xc loc_00440ea5: lea edx, [ebp - 2] mov edi, edx shl edi, 2 sub edi, edx shl edi, 2 cmp ebx, ebp jge short loc_00440f00 ; jge 0x440f00 push 0xc push esi mov eax, dword [esp + 0x30] mov al, byte [ebx + eax] and eax, 0xff imul eax, eax, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c518] ; mov eax, dword [0x48c518] add eax, 0xc add eax, edx push eax mov eax, dword [ref_0048c510] ; mov eax, dword [0x48c510] add eax, 0xc add eax, edi push eax call fcn_00456280 ; call 0x456280 add esp, 0x10 add esi, 0x50 inc ebx jmp short loc_00440ea5 ; jmp 0x440ea5 loc_00440f00: push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor ebx, ebx mov dword [esp], ebx mov dword [esp + 4], 0x28 mov dword [esp + 8], 0x1b8 mov dword [esp + 0xc], 0x1e0 mov eax, esp push eax call fcn_00451e7e ; call 0x451e7e add esp, 4 mov dword [ref_0048c51c], eax ; mov dword [0x48c51c], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push ebx push 1 push ref_0048a068 ; push 0x48a068 push ebx push eax call dword [edx + 0x64] ; ucall push 0x8c push 0xdc mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] add eax, 0x48 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456418 ; call 0x456418 add esp, 0x10 push 4 push 0x8c push 0xdc mov ecx, dword [esp + 0x38] push ecx push ebx call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x140 push 0xdc mov eax, dword [ref_0048c510] ; mov eax, dword [0x48c510] add eax, 0xc add eax, edi push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push fcn_0043ff56 ; push 0x43ff56 call _Wait_0402_Message ; call 0x4018e7 add esp, 8 mov esi, eax cmp eax, 0xffffffff je short loc_00440fe6 ; je 0x440fe6 add eax, dword [esp + 0x28] movzx esi, byte [eax] loc_00440fe6: push 0x28 push 0 mov edi, dword [ref_0048c51c] ; mov edi, dword [0x48c51c] push edi call fcn_00451edb ; call 0x451edb add esp, 0xc mov ebp, dword [ref_0048c510] ; mov ebp, dword [0x48c510] push ebp call clib_free ; call 0x456e11 add esp, 4 mov eax, dword [ref_0048c518] ; mov eax, dword [0x48c518] push eax call clib_free ; call 0x456e11 add esp, 4 mov eax, esi jmp near loc_0043f212 ; jmp 0x43f212 fcn_0044101d: push ebx push esi push edi push ebp sub esp, 0x10 mov edi, dword [esp + 0x24] imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne near loc_004411e7 ; jne 0x4411e7 push 0 push 0 push 0xb mov ecx, dword [ref_0048a05c] ; mov ecx, dword [0x48a05c] push ecx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov ebp, eax push 0 push 0 mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] movsx edx, word [eax + 0x62] push edx movsx eax, word [eax + 0x60] push eax call fcn_00451a5a ; call 0x451a5a add esp, 0x10 mov dword [ref_0048c508], eax ; mov dword [0x48c508], eax push 0 push 0 mov edx, dword [ref_0048bad8] ; mov edx, dword [0x48bad8] add edx, 0x60 push edx push eax call fcn_00456280 ; call 0x456280 add esp, 0x10 xor ebx, ebx mov esi, 0xf jmp short loc_0044109c ; jmp 0x44109c loc_00441093: inc ebx add esi, 0x4c cmp ebx, 5 jge short loc_004410e4 ; jge 0x4410e4 loc_0044109c: push 0x2c lea eax, [esi + 0x21] push eax lea edx, [ebx + 0xa] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 lea edx, [ebp + 0xc] add eax, edx push eax mov eax, dword [ref_0048c508] ; mov eax, dword [0x48c508] push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 xor eax, eax mov al, byte [edi + 0x1a] cmp ebx, eax jl short loc_00441093 ; jl 0x441093 push 0x36 push 0x42 push 0x11 push esi mov edx, dword [ref_0048c508] ; mov edx, dword [0x48c508] push edx call fcn_004553fe ; call 0x4553fe add esp, 0x14 jmp short loc_00441093 ; jmp 0x441093 loc_004410e4: push ebp call clib_free ; call 0x456e11 add esp, 4 push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor ecx, ecx mov dword [esp], ecx mov dword [esp + 4], 0x28 mov dword [esp + 8], 0x1b8 mov dword [esp + 0xc], 0x1e0 mov eax, esp push eax call fcn_00451e7e ; call 0x451e7e add esp, 4 mov dword [ref_0048c51c], eax ; mov dword [0x48c51c], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x8c push 0xdc mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] add eax, 0x48 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 push 2 push 0x7a push 0xdc push ref_00465298 ; push 0x465298 push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x118 push 0x14 mov edx, dword [ref_0048c508] ; mov edx, dword [0x48c508] push edx mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall xor eax, eax mov al, byte [edi + 0x1a] push eax push fcn_004402d7 ; push 0x4402d7 call _Wait_0402_Message ; call 0x4018e7 add esp, 8 mov ebx, eax push 0x28 push 0 mov esi, dword [ref_0048c51c] ; mov esi, dword [0x48c51c] push esi call fcn_00451edb ; call 0x451edb add esp, 0xc mov ebp, dword [ref_0048c508] ; mov ebp, dword [0x48c508] push ebp call clib_free ; call 0x456e11 add esp, 4 jmp short loc_004411ed ; jmp 0x4411ed loc_004411e7: xor ebx, ebx mov bl, byte [edi + 0x1a] dec ebx loc_004411ed: cmp ebx, 0xffffffff je near loc_0043f212 ; je 0x43f212 inc bl mov byte [edi + 0x1d], bl mov byte [edi + 0x1e], 5 jmp near loc_0043f212 ; jmp 0x43f212 ref_00441204: dd 0x010000a5 dd 0x00000000 dd 0x00000000 fcn_00441210: push ebx push esi mov esi, dword [esp + 0xc] push 0x15 push esi call fcn_004413ad ; call 0x4413ad add esp, 8 cmp eax, 1 jne short loc_00441237 ; jne 0x441237 push esi call fcn_00444bb2 ; call 0x444bb2 add esp, 4 mov eax, 0xffffffff pop esi pop ebx ret loc_00441237: mov ebx, esi push 0x13 push esi call fcn_004413ad ; call 0x4413ad add esp, 8 cmp eax, 1 jne short loc_0044125d ; jne 0x44125d push 0 push 0 push esi call fcn_0044476a ; call 0x44476a add esp, 0xc cmp eax, 0xffffffff je short loc_0044125d ; je 0x44125d mov ebx, eax loc_0044125d: mov eax, ebx pop esi pop ebx ret fcn_00441262: push ebx push esi mov esi, dword [esp + 0xc] xor ecx, ecx xor ebx, ebx jmp short loc_00441274 ; jmp 0x441274 loc_0044126e: inc ecx cmp ecx, 0xf jge short loc_0044125d ; jge 0x44125d loc_00441274: mov eax, esi shl eax, 2 add eax, esi mov edx, eax shl eax, 2 sub eax, edx cmp byte [ecx + eax + ref_00499120], 0 ; cmp byte [ecx + eax + 0x499120], 0 je short loc_0044126e ; je 0x44126e inc ebx jmp short loc_0044126e ; jmp 0x44126e fcn_0044128f: push ebx push esi push edi mov edi, dword [esp + 0x10] xor ecx, ecx mov ebx, 0x2710 xor esi, esi jmp short loc_004412a7 ; jmp 0x4412a7 loc_004412a1: inc ecx cmp ecx, 0xf jge short loc_004412de ; jge 0x4412de loc_004412a7: mov eax, edi shl eax, 2 add eax, edi mov edx, eax shl eax, 2 sub eax, edx add eax, ecx cmp byte [eax + ref_00499120], 0 ; cmp byte [eax + 0x499120], 0 je short loc_004412a1 ; je 0x4412a1 xor edx, edx mov dl, byte [eax + ref_00499120] ; mov dl, byte [eax + 0x499120] mov al, byte [edx*8 + (_card_table - 3)] ; mov al, byte [edx*8 + 0x47fdef] and eax, 0xff cmp ebx, eax jle short loc_004412a1 ; jle 0x4412a1 mov ebx, eax mov esi, edx jmp short loc_004412a1 ; jmp 0x4412a1 loc_004412de: mov eax, esi pop edi pop esi pop ebx ret fcn_004412e4: push ebx mov ebx, dword [esp + 8] push ebx call fcn_00441262 ; call 0x441262 add esp, 4 cmp eax, 0xf jne short loc_0044130a ; jne 0x44130a push ebx call fcn_0044128f ; call 0x44128f add esp, 4 push eax push ebx call fcn_00441343 ; call 0x441343 add esp, 8 loc_0044130a: xor ecx, ecx jmp short loc_00441314 ; jmp 0x441314 loc_0044130e: inc ecx cmp ecx, 0xf jge short loc_00441341 ; jge 0x441341 loc_00441314: mov eax, ebx shl eax, 2 add eax, ebx mov edx, eax shl eax, 2 sub eax, edx add eax, ecx cmp byte [eax + ref_00499120], 0 ; cmp byte [eax + 0x499120], 0 jne short loc_0044130e ; jne 0x44130e mov dl, byte [esp + 0xc] mov byte [eax + ref_00499120], dl ; mov byte [eax + 0x499120], dl mov eax, dword [esp + 0xc] dec byte [eax + ref_00499197] ; dec byte [eax + 0x499197] loc_00441341: pop ebx ret fcn_00441343: push ebx push esi push edi push ebp mov ecx, dword [esp + 0x14] mov edi, dword [esp + 0x18] xor ebx, ebx jmp short loc_0044135a ; jmp 0x44135a loc_00441353: mov ebx, eax cmp eax, 0xf jge short loc_004413a8 ; jge 0x4413a8 loc_0044135a: mov eax, ecx shl eax, 2 add eax, ecx mov esi, eax shl esi, 2 sub esi, eax lea eax, [esi + ebx] xor edx, edx mov dl, byte [eax + ref_00499120] ; mov dl, byte [eax + 0x499120] lea eax, [ebx + 1] cmp edx, edi jne short loc_00441353 ; jne 0x441353 mov ebp, 0xe sub ebp, ebx push ebp mov edx, ref_00499120 ; mov edx, 0x499120 add edx, esi add eax, edx push eax add edx, ebx push edx call _memcpy ; call 0x456de8 add esp, 0xc add ebx, ebp xor ah, ah mov byte [esi + ebx + ref_00499120], ah ; mov byte [esi + ebx + 0x499120], ah inc byte [edi + ref_00499197] ; inc byte [edi + 0x499197] loc_004413a8: pop ebp pop edi pop esi pop ebx ret fcn_004413ad: push ebx push esi mov esi, dword [esp + 0xc] mov ebx, dword [esp + 0x10] xor ecx, ecx jmp short loc_004413c1 ; jmp 0x4413c1 loc_004413bb: inc ecx cmp ecx, 0xf jge short loc_004413e7 ; jge 0x4413e7 loc_004413c1: mov eax, esi shl eax, 2 add eax, esi mov edx, eax shl eax, 2 sub eax, edx mov al, byte [ecx + eax + ref_00499120] ; mov al, byte [ecx + eax + 0x499120] and eax, 0xff cmp eax, ebx jne short loc_004413bb ; jne 0x4413bb mov eax, 1 pop esi pop ebx ret loc_004413e7: xor eax, eax pop esi pop ebx ret fcn_004413ec: push ebx push esi push edi push ebp sub esp, 0x50 mov ebx, dword [esp + 0x64] mov eax, dword [esp + 0x68] mov edx, dword [esp + 0x70] cmp eax, 0x202 jb short loc_00441429 ; jb 0x441429 jbe near loc_00441641 ; jbe 0x441641 cmp eax, 0x205 jb near loc_004416d7 ; jb 0x4416d7 jbe near loc_00441671 ; jbe 0x441671 cmp eax, 0x401 je short loc_00441444 ; je 0x441444 jmp near loc_004416d7 ; jmp 0x4416d7 loc_00441429: cmp eax, 0xf jb near loc_004416d7 ; jb 0x4416d7 jbe near loc_0044167f ; jbe 0x44167f cmp eax, 0x201 je short loc_0044147a ; je 0x44147a jmp near loc_004416d7 ; jmp 0x4416d7 loc_00441444: xor ecx, ecx mov dword [ref_0048c538], ecx ; mov dword [0x48c538], ecx mov eax, edx and eax, 3 mov dword [ref_0048c53c], eax ; mov dword [0x48c53c], eax sar edx, 0x10 mov dword [ref_0048c540], edx ; mov dword [0x48c540], edx push 1 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 0 push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_00441579 ; jmp 0x441579 loc_0044147a: xor ebx, ebx mov bx, dx shr edx, 0x10 and edx, 0xffff xor eax, eax mov ax, dx cmp ebx, 0x13 jl near loc_00441580 ; jl 0x441580 cmp ebx, 0x1a3 jge near loc_00441580 ; jge 0x441580 cmp eax, 0x4b jl near loc_00441580 ; jl 0x441580 cmp eax, 0xf3 jge near loc_00441580 ; jge 0x441580 lea edx, [eax - 0x4b] mov ecx, 0x38 mov eax, edx sar edx, 0x1f idiv ecx mov ecx, eax shl ecx, 2 add ecx, eax lea edx, [ebx - 0x13] mov ebx, 0x50 mov eax, edx sar edx, 0x1f idiv ebx lea ebx, [ecx + eax] mov edx, dword [ref_0048c53c] ; mov edx, dword [0x48c53c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx cmp byte [ebx + eax + ref_00499120], 0 ; cmp byte [ebx + eax + 0x499120], 0 je near loc_00441579 ; je 0x441579 mov ecx, 5 mov eax, ebx mov edx, ebx sar edx, 0x1f idiv ecx mov eax, edx shl eax, 2 add eax, edx shl eax, 4 lea edx, [eax + 0x14] mov dword [esp + 0x40], edx add eax, 0x62 mov dword [esp + 0x48], eax mov eax, ebx mov edx, ebx sar edx, 0x1f idiv ecx shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx lea edx, [eax + 0x4c] mov dword [esp + 0x44], edx add eax, 0x82 mov dword [esp + 0x4c], eax lea eax, [esp + 0x40] push eax call fcn_00451b9e ; call 0x451b9e add esp, 4 mov edx, dword [ref_0048c53c] ; mov edx, dword [0x48c53c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx add ebx, eax xor eax, eax mov al, byte [ebx + ref_00499120] ; mov al, byte [ebx + 0x499120] loc_00441574: mov dword [ref_0048c538], eax ; mov dword [0x48c538], eax loc_00441579: xor eax, eax jmp near loc_004416e6 ; jmp 0x4416e6 loc_00441580: cmp ebx, 0x13 jl short loc_00441579 ; jl 0x441579 cmp ebx, 0x1a3 jge short loc_00441579 ; jge 0x441579 cmp eax, 0x113 jl short loc_00441579 ; jl 0x441579 cmp eax, 0x1bb jge short loc_00441579 ; jge 0x441579 cmp dword [ref_0048c540], 0 ; cmp dword [0x48c540], 0 je short loc_00441579 ; je 0x441579 lea edx, [eax - 0x113] mov ecx, 0x38 mov eax, edx sar edx, 0x1f idiv ecx mov esi, eax shl esi, 2 add esi, eax lea edx, [ebx - 0x13] mov ecx, 0x50 mov eax, edx sar edx, 0x1f idiv ecx lea ebx, [esi + eax] cmp byte [ebx + ref_0048c548], 0 ; cmp byte [ebx + 0x48c548], 0 je short loc_00441579 ; je 0x441579 mov ecx, 5 mov eax, ebx mov edx, ebx sar edx, 0x1f idiv ecx mov eax, edx shl eax, 2 add eax, edx shl eax, 4 lea edx, [eax + 0x14] mov dword [esp + 0x40], edx add eax, 0x62 mov dword [esp + 0x48], eax mov eax, ebx mov edx, ebx sar edx, 0x1f idiv ecx shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx lea edx, [eax + 0x114] mov dword [esp + 0x44], edx add eax, 0x14a mov dword [esp + 0x4c], eax lea eax, [esp + 0x40] push eax call fcn_00451b9e ; call 0x451b9e add esp, 4 xor eax, eax mov al, byte [ebx + ref_0048c548] ; mov al, byte [ebx + 0x48c548] or ah, 0x80 jmp near loc_00441574 ; jmp 0x441574 loc_00441641: cmp dword [ref_0048c538], 0 ; cmp dword [0x48c538], 0 je near loc_00441579 ; je 0x441579 call fcn_00451d4e ; call 0x451d4e push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov esi, dword [ref_0048c538] ; mov esi, dword [0x48c538] push esi loc_00441664: call _Post_0402_Message ; call 0x401966 add esp, 4 jmp near loc_00441579 ; jmp 0x441579 loc_00441671: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 jmp short loc_00441664 ; jmp 0x441664 loc_0044167f: mov eax, esp push eax push ebx call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0xc] push ecx mov ebp, dword [ref_0048a0e0] ; mov ebp, dword [0x48a0e0] push ebp mov ecx, dword [esp + 0x18] push ecx mov esi, dword [esp + 0x18] push esi push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push ebx call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_00441579 ; jmp 0x441579 loc_004416d7: push edx mov edi, dword [esp + 0x70] push edi loc_004416dd: push eax push ebx call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] loc_004416e6: add esp, 0x50 pop ebp pop edi pop esi pop ebx ret 0x10 fcn_004416f0: push ebx push esi push edi push ebp sub esp, 0x50 mov ebx, dword [esp + 0x64] mov eax, dword [esp + 0x68] mov edx, dword [esp + 0x70] cmp eax, 0x202 jb short loc_0044172d ; jb 0x44172d jbe near loc_00441889 ; jbe 0x441889 cmp eax, 0x205 jb near loc_0044191f ; jb 0x44191f jbe near loc_004418b9 ; jbe 0x4418b9 cmp eax, 0x401 je short loc_00441748 ; je 0x441748 jmp near loc_0044191f ; jmp 0x44191f loc_0044172d: cmp eax, 0xf jb near loc_0044191f ; jb 0x44191f jbe near loc_004418c7 ; jbe 0x4418c7 cmp eax, 0x201 je short loc_0044176b ; je 0x44176b jmp near loc_0044191f ; jmp 0x44191f loc_00441748: xor edx, edx mov dword [ref_0048c544], edx ; mov dword [0x48c544], edx push 1 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 0 push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_00441579 ; jmp 0x441579 loc_0044176b: xor ebx, ebx mov bx, dx mov eax, edx shr eax, 0x10 and eax, 0xffff xor edx, edx mov dx, ax cmp ebx, 0x13 jl near loc_00441579 ; jl 0x441579 cmp ebx, 0x1a3 jge near loc_00441579 ; jge 0x441579 cmp edx, 0x87 jl near loc_00441579 ; jl 0x441579 cmp edx, 0x12f jge near loc_00441579 ; jge 0x441579 sub edx, 0x87 mov ecx, 0x38 mov eax, edx sar edx, 0x1f idiv ecx mov esi, eax shl esi, 2 add esi, eax lea edx, [ebx - 0x13] mov ecx, 0x50 mov eax, edx sar edx, 0x1f idiv ecx lea ebx, [esi + eax] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx cmp byte [ebx + eax + ref_00499120], 0 ; cmp byte [ebx + eax + 0x499120], 0 je near loc_00441579 ; je 0x441579 mov ecx, 5 mov eax, ebx mov edx, ebx sar edx, 0x1f idiv ecx mov eax, edx shl eax, 2 add eax, edx shl eax, 4 lea edx, [eax + 0x14] mov dword [esp + 0x40], edx add eax, 0x62 mov dword [esp + 0x48], eax mov eax, ebx mov edx, ebx sar edx, 0x1f idiv ecx shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx lea edx, [eax + 0x88] mov dword [esp + 0x44], edx add eax, 0xbe mov dword [esp + 0x4c], eax lea eax, [esp + 0x40] push eax call fcn_00451b9e ; call 0x451b9e add esp, 4 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx add ebx, eax xor eax, eax mov al, byte [ebx + ref_00499120] ; mov al, byte [ebx + 0x499120] mov dword [ref_0048c544], eax ; mov dword [0x48c544], eax push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 jmp near loc_00441579 ; jmp 0x441579 loc_00441889: cmp dword [ref_0048c544], 0 ; cmp dword [0x48c544], 0 je near loc_00441579 ; je 0x441579 call fcn_00451d4e ; call 0x451d4e push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov ebx, dword [ref_0048c544] ; mov ebx, dword [0x48c544] push ebx loc_004418ac: call _Post_0402_Message ; call 0x401966 add esp, 4 jmp near loc_00441579 ; jmp 0x441579 loc_004418b9: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 jmp short loc_004418ac ; jmp 0x4418ac loc_004418c7: mov eax, esp push eax push ebx call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0xc] push ecx mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] push esi mov edi, dword [esp + 0x18] push edi mov ebp, dword [esp + 0x18] push ebp push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push ebx call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_00441579 ; jmp 0x441579 loc_0044191f: push edx mov edx, dword [esp + 0x70] push edx jmp near loc_004416dd ; jmp 0x4416dd fcn_0044192a: push ebx push esi push edi push ebp sub esp, 0xa8 mov edi, dword [esp + 0xbc] imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne near loc_00441a5d ; jne 0x441a5d push 0 push 0 push 0xb mov eax, dword [ref_0048a05c] ; mov eax, dword [0x48a05c] push eax call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 mov ebp, eax push edi push eax push 0 call fcn_00447c6e ; call 0x447c6e add esp, 0xc push edi push ebx push 0 call fcn_00441b0a ; call 0x441b0a add esp, 0xc xor edx, edx mov dword [esp + 0x94], edx mov dword [esp + 0x98], 0x28 mov dword [esp + 0x9c], 0x1b8 mov dword [esp + 0xa0], 0x1e0 lea eax, [esp + 0x94] push eax call fcn_00451e7e ; call 0x451e7e add esp, 4 mov dword [esp + 0xa4], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov esi, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [esi + 0x64] ; ucall push 0x46 push 0xe lea eax, [ebx + 0xc] push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 cmp dword [esp + 0xc4], 1 jne short loc_00441a11 ; jne 0x441a11 push 0x10e push 0xe add ebx, 0x18 push ebx mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 loc_00441a11: mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] mov eax, dword [ebx] push 0 push ebx call dword [eax + 0x80] ; ucall mov eax, dword [esp + 0xc4] shl eax, 0x10 or eax, edi push eax push fcn_004413ec ; push 0x4413ec call _Wait_0402_Message ; call 0x4018e7 add esp, 8 mov ebx, eax push 0x28 push 0 mov esi, dword [esp + 0xac] push esi call fcn_00451edb ; call 0x451edb add esp, 0xc push ebp call clib_free ; call 0x456e11 add esp, 4 jmp short loc_00441ab9 ; jmp 0x441ab9 loc_00441a5d: push 1 call fcn_0041e6f2 ; call 0x41e6f2 mov esi, eax add esp, 4 mov ebx, eax imul eax, edi, 0x68 mov ecx, dword [eax + (_players+0)] ; mov ecx, dword [eax + 0x496b68] push ecx lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 mov ebp, dword [esi*8 + (_card_table - 8)] ; mov ebp, dword [esi*8 + 0x47fdea] push ebp lea eax, [esp + 0x84] push eax push ref_004652f8 ; push 0x4652f8 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 loc_00441ab9: test ebx, ebx je short loc_00441afd ; je 0x441afd test bh, 0x80 je short loc_00441ae2 ; je 0x441ae2 and ebx, 0x7fff push ebx push edi call fcn_00445aa2 ; call 0x445aa2 add esp, 8 push ebx mov ebp, dword [esp + 0xc4] push ebp call fcn_00445a4d ; call 0x445a4d jmp short loc_00441afa ; jmp 0x441afa loc_00441ae2: push ebx push edi call fcn_00441343 ; call 0x441343 add esp, 8 push ebx mov edi, dword [esp + 0xc4] push edi call fcn_004412e4 ; call 0x4412e4 loc_00441afa: add esp, 8 loc_00441afd: mov eax, ebx add esp, 0xa8 loc_00441b05: pop ebp pop edi pop esi pop ebx ret fcn_00441b0a: push ebx push esi push edi push ebp mov ebp, dword [esp + 0x14] push 0 push 3 push 0x101010 push 0xffffff push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov eax, dword [esp + 0x18] add eax, 0xc test ebp, ebp jne short loc_00441b39 ; jne 0x441b39 mov ebp, eax jmp short loc_00441b47 ; jmp 0x441b47 loc_00441b39: push 0 push 0 push eax push ebp call fcn_00456280 ; call 0x456280 add esp, 0x10 loc_00441b47: xor esi, esi mov ebx, 0x2d mov edi, 0x21 jmp short loc_00441b5b ; jmp 0x441b5b loc_00441b55: inc esi cmp esi, 0xf jge short loc_00441b05 ; jge 0x441b05 loc_00441b5b: mov edx, dword [esp + 0x1c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx add eax, esi mov dl, byte [eax + ref_00499120] ; mov dl, byte [eax + 0x499120] test dl, dl je short loc_00441b55 ; je 0x441b55 push 2 push edi push ebx mov al, dl and eax, 0xff mov edx, dword [eax*8 + (_card_table - 8)] ; mov edx, dword [eax*8 + 0x47fdea] push edx push ebp call fcn_0044fabc ; call 0x44fabc add esp, 0x14 add ebx, 0x50 cmp ebx, 0x16d jle short loc_00441b55 ; jle 0x441b55 mov ebx, 0x2d add edi, 0x38 jmp short loc_00441b55 ; jmp 0x441b55 cards_ui: push ebx push esi push edi push ebp sub esp, 0x98 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov dl, byte [eax + (_players+21)] ; mov dl, byte [eax + 0x496b7d] cmp dl, 1 jne near loc_00441d00 ; jne 0x441d00 call fcn_0041d546 ; call 0x41d546 push 0 push 0 push 0xb mov ebx, dword [ref_0048a05c] ; mov ebx, dword [0x48a05c] push ebx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov edi, eax xor esi, esi mov dword [esp + 0x80], esi mov dword [esp + 0x84], 0x28 mov dword [esp + 0x88], 0x1b8 mov dword [esp + 0x8c], 0x1e0 lea eax, [esp + 0x80] push eax call fcn_00451e7e ; call 0x451e7e add esp, 4 mov ebp, eax loc_00441c22: mov esi, 1 mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx push edi push 0 call fcn_00441b0a ; call 0x441b0a add esp, 0xc mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push esi push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x82 push 0xe lea eax, [edi + 0xc] push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push fcn_004416f0 ; push 0x4416f0 call _Wait_0402_Message ; call 0x4018e7 mov ebx, eax add esp, 8 push 0x8028 push 0 push ebp call fcn_00451edb ; call 0x451edb add esp, 0xc test ebx, ebx je short loc_00441ce1 ; je 0x441ce1 mov eax, ebx mov edx, dword [eax*8 + (_card_table - 8)] ; mov edx, dword [eax*8 + 0x47fdea] push edx push ref_00465305 ; push 0x465305 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov eax, esp push eax push ebx call fcn_00441f73 ; call 0x441f73 add esp, 8 mov eax, ebx call dword [eax*4 + ref_00475d5c] ; ucall: call dword [eax*4 + 0x475d5c] mov esi, eax test eax, eax jne short loc_00441ce1 ; jne 0x441ce1 push eax push ref_0048233a ; push 0x48233a call fcn_004542ce ; call 0x4542ce add esp, 8 loc_00441ce1: test esi, esi je near loc_00441c22 ; je 0x441c22 push edi call clib_free ; call 0x456e11 add esp, 4 push ebp call clib_free ; call 0x456e11 add esp, 4 jmp near loc_00441e07 ; jmp 0x441e07 loc_00441d00: test dl, 6 je near loc_00441e07 ; je 0x441e07 test byte [eax + (_players+22)], 1 ; test byte [eax + 0x496b7e], 1 je near loc_00441e07 ; je 0x441e07 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_00441262 ; call 0x441262 mov esi, eax add esp, 4 mov edi, eax test eax, eax je near loc_00441e07 ; je 0x441e07 push 8 push 0 lea eax, [esp + 0x98] push eax call memset ; call 0x456f60 add esp, 0xc cmp esi, 8 jle short loc_00441d5a ; jle 0x441d5a call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv esi mov esi, edx jmp short loc_00441d5c ; jmp 0x441d5c loc_00441d5a: xor esi, esi loc_00441d5c: xor ebx, ebx jmp short loc_00441d66 ; jmp 0x441d66 loc_00441d60: inc ebx cmp ebx, 8 jge short loc_00441d98 ; jge 0x441d98 loc_00441d66: mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx mov edx, esi inc esi mov al, byte [edx + eax + ref_00499120] ; mov al, byte [edx + eax + 0x499120] mov byte [esp + ebx + 0x90], al cmp edi, 8 jle short loc_00441d60 ; jle 0x441d60 cmp esi, edi jne short loc_00441d60 ; jne 0x441d60 xor esi, edi jmp short loc_00441d60 ; jmp 0x441d60 loc_00441d98: xor ebx, ebx jmp short loc_00441da2 ; jmp 0x441da2 loc_00441d9c: inc ebx cmp ebx, 8 jge short loc_00441e07 ; jge 0x441e07 loc_00441da2: mov cl, byte [esp + ebx + 0x90] test cl, cl je short loc_00441e07 ; je 0x441e07 xor eax, eax mov al, cl push eax call fcn_0041e69e ; call 0x41e69e add esp, 4 cmp eax, 1 jne short loc_00441d9c ; jne 0x441d9c xor eax, eax mov al, byte [esp + ebx + 0x90] mov ecx, dword [eax*8 + (_card_table - 8)] ; mov ecx, dword [eax*8 + 0x47fdea] push ecx push ref_00465305 ; push 0x465305 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov eax, esp push eax xor eax, eax mov al, byte [esp + ebx + 0x94] push eax call fcn_00441f73 ; call 0x441f73 add esp, 8 xor eax, eax mov al, byte [esp + ebx + 0x90] call dword [eax*4 + ref_00475d5c] ; ucall: call dword [eax*4 + 0x475d5c] loc_00441e07: add esp, 0x98 pop ebp pop edi pop esi pop ebx ret fcn_00441e12: push ebx push esi sub esp, 0x80 xor esi, esi xor eax, eax xor ebx, ebx jmp short loc_00441e28 ; jmp 0x441e28 loc_00441e22: inc eax cmp eax, 0x1e jge short loc_00441e46 ; jge 0x441e46 loc_00441e28: cmp byte [eax + ref_00499198], 0 ; cmp byte [eax + 0x499198], 0 je short loc_00441e22 ; je 0x441e22 xor edx, edx loc_00441e33: xor ecx, ecx mov cl, byte [eax + ref_00499198] ; mov cl, byte [eax + 0x499198] cmp edx, ecx jge short loc_00441e22 ; jge 0x441e22 mov byte [esp + ebx], al inc ebx inc edx jmp short loc_00441e33 ; jmp 0x441e33 loc_00441e46: test ebx, ebx je short loc_00441e6c ; je 0x441e6c call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv ebx movzx esi, byte [esp + edx] inc esi push esi mov edx, dword [esp + 0x90] push edx call fcn_004412e4 ; call 0x4412e4 add esp, 8 loc_00441e6c: mov eax, esi add esp, 0x80 pop esi pop ebx ret fcn_00441e77: push ebx push esi xor ebx, ebx mov edx, dword [esp + 0xc] push edx call fcn_00441262 ; call 0x441262 mov esi, eax add esp, 4 test eax, eax je short loc_00441ec9 ; je 0x441ec9 call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv esi mov ebx, edx mov edx, dword [esp + 0xc] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx mov bl, byte [ebx + eax + ref_00499120] ; mov bl, byte [ebx + eax + 0x499120] and ebx, 0xff push ebx mov ecx, dword [esp + 0x10] push ecx call fcn_00441343 ; call 0x441343 add esp, 8 loc_00441ec9: mov eax, ebx pop esi pop ebx ret fcn_00441ece: push ebx push esi push edi mov esi, dword [esp + 0x10] xor ebx, ebx push esi call fcn_00441262 ; call 0x441262 add esp, 4 mov edi, eax cmp eax, 1 jle short loc_00441f1b ; jle 0x441f1b loc_00441ee7: mov eax, edi sar eax, 1 cmp ebx, eax jge short loc_00441f16 ; jge 0x441f16 mov eax, esi shl eax, 2 add eax, esi mov edx, eax shl eax, 2 sub eax, edx mov al, byte [ebx + eax + ref_00499120] ; mov al, byte [ebx + eax + 0x499120] and eax, 0xff push eax push esi call fcn_00441343 ; call 0x441343 add esp, 8 inc ebx jmp short loc_00441ee7 ; jmp 0x441ee7 loc_00441f16: mov ebx, 1 loc_00441f1b: mov eax, ebx pop edi pop esi pop ebx ret fcn_00441f21: push ebx push esi mov esi, dword [esp + 0xc] xor ecx, ecx xor ebx, ebx jmp short loc_00441f33 ; jmp 0x441f33 loc_00441f2d: inc ecx cmp ecx, 0xf jge short loc_00441ec9 ; jge 0x441ec9 loc_00441f33: mov eax, esi shl eax, 2 add eax, esi mov edx, eax shl eax, 2 sub eax, edx add eax, ecx cmp byte [eax + ref_00499120], 0 ; cmp byte [eax + 0x499120], 0 je short loc_00441f2d ; je 0x441f2d xor edx, edx mov dl, byte [eax + ref_00499120] ; mov dl, byte [eax + 0x499120] inc byte [edx + ref_00499197] ; inc byte [edx + 0x499197] mov dl, byte [edx*8 + (_card_table - 3)] ; mov dl, byte [edx*8 + 0x47fdef] and edx, 0xff add ebx, edx xor dh, dh mov byte [eax + ref_00499120], dh ; mov byte [eax + 0x499120], dh jmp short loc_00441f2d ; jmp 0x441f2d fcn_00441f73: push ebx push esi push edi push ebp sub esp, 0x1c lea edi, [esp + 0x10] mov esi, ref_00441204 ; mov esi, 0x441204 movsd ; movsd dword es:[edi], dword ptr [esi] movsd ; movsd dword es:[edi], dword ptr [esi] movsd ; movsd dword es:[edi], dword ptr [esi] cmp dword [esp + 0x30], 0 je near loc_004420cd ; je 0x4420cd push 1 push 3 push 0x101010 push 0xf0f0f0 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 0 push 0 mov eax, dword [esp + 0x38] add eax, 0x23a push eax mov ecx, dword [ref_0048a0e4] ; mov ecx, dword [0x48a0e4] push ecx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [esp + 0x18], eax xor ebx, ebx mov dword [esp], ebx mov dword [esp + 4], 0x28 mov dword [esp + 8], 0x1b8 mov dword [esp + 0xc], 0x1e0 mov eax, esp push eax call fcn_00451e7e ; call 0x451e7e mov ebx, eax add esp, 4 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x81 push 0xdc mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] add eax, 0x48 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456418 ; call 0x456418 add esp, 0x10 push 4 push 0x81 push 0xdc mov edx, dword [esp + 0x40] push edx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0xc8 push 0x8a lea eax, [esp + 0x18] push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] push esi mov edi, dword [esp + 0x10] push edi mov ebp, dword [esp + 0x10] push ebp push eax call dword [edx + 0x1c] ; ucall push 0 push ref_00482402 ; push 0x482402 call fcn_004542ce ; call 0x4542ce add esp, 8 push 0x5dc call fcn_004528b9 ; call 0x4528b9 add esp, 4 push 0x28 push 0 push ebx call fcn_00451edb ; call 0x451edb add esp, 0xc mov eax, dword [esp + 0x18] push eax call clib_free ; call 0x456e11 add esp, 4 loc_004420cd: add esp, 0x1c pop ebp pop edi pop esi pop ebx ret fcn_004420d5: xor eax, eax ret fcn_004420d8: push ebx push esi push edi push 1 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] push edx call fcn_00441343 ; call 0x441343 add esp, 8 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] imul eax, ecx, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov ebx, dword [eax + (_card_strings+0)] ; mov ebx, dword [eax + 0x48123a] push ebx push 3 push ecx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc xor ebx, ebx xor esi, esi xor ecx, ecx mov edi, dword [_nplayers] ; mov edi, dword [0x499114] loc_0044212c: cmp ebx, edi jge short loc_00442146 ; jge 0x442146 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_00442143 ; je 0x442143 add esi, dword [eax + (_players+28)] ; add esi, dword [eax + 0x496b84] inc ecx loc_00442143: inc ebx jmp short loc_0044212c ; jmp 0x44212c loc_00442146: mov eax, esi mov edx, esi sar edx, 0x1f idiv ecx mov esi, eax xor ebx, ebx loc_00442153: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_0044219c ; jge 0x44219c imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_00442199 ; je 0x442199 mov edx, dword [eax + (_players+28)] ; mov edx, dword [eax + 0x496b84] cmp esi, edx jge short loc_00442190 ; jge 0x442190 sub edx, esi mov ecx, 0x64 mov eax, edx sar edx, 0x1f idiv ecx push eax mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx push ebx call fcn_0040df69 ; call 0x40df69 add esp, 0xc loc_00442190: imul eax, ebx, 0x68 mov dword [eax + (_players+28)], esi ; mov dword [eax + 0x496b84], esi loc_00442199: inc ebx jmp short loc_00442153 ; jmp 0x442153 loc_0044219c: mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_0041d433 ; call 0x41d433 add esp, 4 loc_004421ab: mov eax, 1 pop edi pop esi pop ebx ret fcn_004421b4: push ebx push esi push edi push ebp imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_004421d4 ; jne 0x4421d4 push 0xe0c0410 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_004421db ; jmp 0x4421db loc_004421d4: push 0 call fcn_0041e6f2 ; call 0x41e6f2 loc_004421db: add esp, 4 mov ebx, eax test ebx, ebx je near loc_00443069 ; je 0x443069 push 2 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_00441343 ; call 0x441343 add esp, 8 mov esi, dword [_current_player] ; mov esi, dword [0x49910c] imul eax, esi, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov edi, dword [eax + (_card_strings+4)] ; mov edi, dword [eax + 0x48123e] push edi push 3 push esi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc push ebx call fcn_0040d293 ; call 0x40d293 mov edi, eax add esp, 4 mov ebp, eax imul edx, dword [_current_player], 0x68 ; imul edx, dword [0x49910c], 0x68 imul ecx, edi, 0x68 mov edx, dword [edx + (_players+28)] ; mov edx, dword [edx + 0x496b84] mov esi, dword [ecx + (_players+28)] ; mov esi, dword [ecx + 0x496b84] add edx, esi mov eax, edx sar edx, 0x1f sub eax, edx sar eax, 1 mov esi, eax mov eax, dword [ecx + (_players+28)] ; mov eax, dword [ecx + 0x496b84] cmp esi, eax jge short loc_00442288 ; jge 0x442288 mov edx, eax sub edx, esi mov ecx, 0x64 mov eax, edx sar edx, 0x1f idiv ecx push eax mov edx, dword [_current_player] ; mov edx, dword [0x49910c] push edx push edi call fcn_0040df69 ; call 0x40df69 add esp, 0xc loc_00442288: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov dword [eax + (_players+28)], esi ; mov dword [eax + 0x496b84], esi imul ecx, ebp, 0x68 mov dword [ecx + (_players+28)], esi ; mov dword [ecx + 0x496b84], esi cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 je short loc_004422de ; je 0x4422de push 0x64 xor edx, edx mov dx, word [ecx + (_players+10)] ; mov dx, word [ecx + 0x496b72] push edx xor edx, edx mov dx, word [ecx + (_players+8)] ; mov dx, word [ecx + 0x496b70] push edx xor edx, edx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax push 0 call fcn_0040e669 ; call 0x40e669 add esp, 0x18 loc_004422de: mov esi, dword [_current_player] ; mov esi, dword [0x49910c] push esi call fcn_0041d433 ; call 0x41d433 add esp, 4 imul eax, ebp, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov edi, dword [eax + (_card_strings+244)] ; mov edi, dword [eax + 0x48132e] push edi push 1 push ebp loc_00442313: call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc call fcn_0041d546 ; call 0x41d546 jmp near loc_00443069 ; jmp 0x443069 fcn_00442325: push ebx push esi push edi push ebp sub esp, 8 xor esi, esi imul edx, dword [_current_player], 0x68 ; imul edx, dword [0x49910c], 0x68 xor ecx, ecx mov cx, word [edx + (_players+12)] ; mov cx, word [edx + 0x496b74] mov eax, ecx shl eax, 2 add eax, ecx mov ecx, dword [ref_00498e80] ; mov ecx, dword [0x498e80] mov ax, word [ecx + eax*8 + 0x20] and eax, 0xffff cmp eax, 0x7d0 jle near loc_004424be ; jle 0x4424be cmp eax, 0xfa0 jge near loc_004424be ; jge 0x4424be sub eax, 0x7d0 imul eax, eax, 0x34 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] add ebx, eax mov cl, byte [ebx + 0x19] test cl, cl je near loc_00442603 ; je 0x442603 xor eax, eax mov al, cl mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] inc ecx cmp eax, ecx je near loc_00442603 ; je 0x442603 movzx edi, byte [ebx + 0x1a] xor ecx, ecx mov cx, word [ebx + 0x1e] imul edi, ecx xor ecx, ecx mov cx, word [ebx + 0x1c] add edi, ecx imul edi, dword [ref_004990e8] ; imul edi, dword [0x4990e8] cmp edi, dword [edx + (_players+28)] ; cmp edi, dword [edx + 0x496b84] jg near loc_004425f1 ; jg 0x4425f1 lea esi, [eax - 1] mov eax, dword [ref_004990e8] ; mov eax, dword [0x4990e8] imul ecx, eax mov dword [esp], ecx fild dword [esp] xor eax, eax mov al, byte [ebx + 0x1a] mov dword [esp + 4], eax fild word [esp + 4] fadd dword [ref_0046531c] ; fadd dword [0x46531c] fdiv dword [ref_00465320] ; fdiv dword [0x465320] fmulp st1 ; fmulp st(1) sub esp, 8 fstp qword [esp] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] push edx push esi call fcn_0040df69 ; call 0x40df69 add esp, 0x10 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] imul eax, ecx, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov ebp, dword [eax + (_card_strings+8)] ; mov ebp, dword [eax + 0x481242] push ebp push 3 push ecx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc mov al, byte [_current_player] ; mov al, byte [0x49910c] inc al mov byte [ebx + 0x19], al push 0 call fcn_0040a4e1 ; call 0x40a4e1 add esp, 4 mov edx, dword [ref_00499110] ; mov edx, dword [0x499110] test edx, edx je short loc_0044246f ; je 0x44246f mov ecx, dword [edx*4 + ref_004751f0] ; mov ecx, dword [edx*4 + 0x4751f0] push ecx mov ebp, dword [ref_00497160] ; mov ebp, dword [0x497160] push ebp call fcn_004521cb ; call 0x4521cb add esp, 8 mov dword [ebx + 0x30], eax loc_0044246f: push 0 push edi push esi mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_0041d2c6 ; call 0x41d2c6 add esp, 0x10 imul eax, esi, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov edx, dword [eax + (_card_strings+248)] ; mov edx, dword [eax + 0x481332] push edx push 1 push esi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc call fcn_0041d546 ; call 0x41d546 mov esi, 1 jmp near loc_00442607 ; jmp 0x442607 loc_004424be: cmp eax, 0xfa0 jle near loc_00442603 ; jle 0x442603 cmp eax, 0x1770 jge near loc_00442603 ; jge 0x442603 sub eax, 0xfa0 shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] add ebx, eax cmp byte [ebx + 0x19], 0 je near loc_00442603 ; je 0x442603 xor eax, eax mov al, byte [ebx + 0x19] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] inc edx cmp eax, edx je near loc_00442603 ; je 0x442603 xor edx, edx mov dl, byte [ebx + 0x1a] xor ecx, ecx mov cx, word [ebx + 0x24] imul edx, ecx xor ecx, ecx mov cx, word [ebx + 0x22] lea edi, [ecx + edx] imul edi, dword [ref_004990e8] ; imul edi, dword [0x4990e8] imul edx, dword [_current_player], 0x68 ; imul edx, dword [0x49910c], 0x68 cmp edi, dword [edx + (_players+28)] ; cmp edi, dword [edx + 0x496b84] jg near loc_004425f1 ; jg 0x4425f1 lea esi, [eax - 1] mov eax, dword [ref_004990e8] ; mov eax, dword [0x4990e8] imul ecx, eax mov dword [esp], ecx fild dword [esp] xor eax, eax mov al, byte [ebx + 0x1a] mov dword [esp + 4], eax fild word [esp + 4] fadd dword [ref_0046531c] ; fadd dword [0x46531c] fdiv dword [ref_00465320] ; fdiv dword [0x465320] fmulp st1 ; fmulp st(1) sub esp, 8 fstp qword [esp] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] push edx push esi call fcn_0040df69 ; call 0x40df69 add esp, 0x10 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] imul eax, ecx, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov ebp, dword [eax + (_card_strings+8)] ; mov ebp, dword [eax + 0x481242] push ebp push 3 push ecx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc mov al, byte [_current_player] ; mov al, byte [0x49910c] inc al mov byte [ebx + 0x19], al push 0 call fcn_0040a4e1 ; call 0x40a4e1 add esp, 4 mov edx, dword [ref_00499110] ; mov edx, dword [0x499110] test edx, edx je near loc_0044246f ; je 0x44246f mov ecx, dword [edx*4 + ref_004751f0] ; mov ecx, dword [edx*4 + 0x4751f0] push ecx mov ebp, dword [ref_00497160] ; mov ebp, dword [0x497160] push ebp call fcn_004521cb ; call 0x4521cb add esp, 8 mov dword [ebx + 0x34], eax jmp near loc_0044246f ; jmp 0x44246f loc_004425f1: push 0x5dc push ref_0046530c ; push 0x46530c call fcn_00440cac ; call 0x440cac add esp, 8 loc_00442603: test esi, esi je short loc_00442618 ; je 0x442618 loc_00442607: push 3 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_00441343 ; call 0x441343 add esp, 8 loc_00442618: mov eax, esi loc_0044261a: add esp, 8 pop ebp pop edi pop esi pop ebx ret fcn_00442622: push ebx push esi push edi push ebp sub esp, 4 xor ebx, ebx imul edx, dword [_current_player], 0x68 ; imul edx, dword [0x49910c], 0x68 xor ecx, ecx mov cx, word [edx + (_players+12)] ; mov cx, word [edx + 0x496b74] mov eax, ecx shl eax, 2 add eax, ecx mov esi, dword [ref_00498e80] ; mov esi, dword [0x498e80] mov si, word [esi + eax*8 + 0x20] and esi, 0xffff cmp esi, 0x7d0 jle near loc_0044288c ; jle 0x44288c cmp esi, 0xfa0 jge near loc_0044288c ; jge 0x44288c lea eax, [esi - 0x7d0] imul eax, eax, 0x34 mov edi, dword [ref_00498e84] ; mov edi, dword [0x498e84] add edi, eax cmp byte [edx + (_players+21)], 1 ; cmp byte [edx + 0x496b7d], 1 jne short loc_00442691 ; jne 0x442691 push 0xe0c0202 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_00442698 ; jmp 0x442698 loc_00442691: push 0 call fcn_0041e6f2 ; call 0x41e6f2 loc_00442698: add esp, 4 mov ebx, eax test ebx, ebx je near loc_00442ade ; je 0x442ade push 0xffff push esi push 0x2f440 mov esi, dword [ref_00474938] ; mov esi, dword [0x474938] push esi call fcn_00456c0a ; call 0x456c0a add esp, 0x10 push 0xffff push ebx push 0x2f440 mov ebp, dword [ref_00474938] ; mov ebp, dword [0x474938] push ebp call fcn_00456c0a ; call 0x456c0a add esp, 0x10 sub ebx, 0x7d0 imul ebx, ebx, 0x34 mov esi, dword [ref_00498e84] ; mov esi, dword [0x498e84] add esi, ebx xor ebx, ebx mov bl, byte [edi + 0x19] xor eax, eax mov al, byte [esi + 0x19] mov dword [esp], eax mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp ebx, eax jne short loc_00442736 ; jne 0x442736 cmp eax, dword [esp] je short loc_00442736 ; je 0x442736 mov al, byte [esi + 0x1a] cmp al, byte [edi + 0x1a] jb short loc_00442736 ; jb 0x442736 lea ecx, [ebx - 1] imul eax, ecx, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov edx, dword [eax + (_card_strings+12)] ; mov edx, dword [eax + 0x481246] push edx jmp short loc_00442774 ; jmp 0x442774 loc_00442736: mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp ebx, eax je short loc_0044277f ; je 0x44277f cmp eax, dword [esp] jne short loc_0044277f ; jne 0x44277f mov al, byte [edi + 0x1a] cmp al, byte [esi + 0x1a] jb short loc_0044277f ; jb 0x44277f mov ecx, dword [esp] dec ecx imul eax, ecx, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov ebp, dword [eax + (_card_strings+12)] ; mov ebp, dword [eax + 0x481246] push ebp loc_00442774: push 3 push ecx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_0044277f: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 je short loc_004427bb ; je 0x4427bb push 0x64 movsx edx, word [esi + 2] push edx movsx edx, word [esi] push edx xor edx, edx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax push 0 call fcn_0040e669 ; call 0x40e669 add esp, 0x18 loc_004427bb: mov byte [esi + 0x19], bl mov al, byte [esp] mov byte [edi + 0x19], al push 0 call fcn_0040a4e1 ; call 0x40a4e1 add esp, 4 call fcn_00451985 ; call 0x451985 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0x1f4 call fcn_0045285e ; call 0x45285e add esp, 4 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp ebx, eax jne short loc_00442836 ; jne 0x442836 mov ebp, dword [esp] cmp eax, ebp je short loc_00442836 ; je 0x442836 test ebp, ebp je short loc_00442836 ; je 0x442836 mov al, byte [esi + 0x1a] cmp al, byte [edi + 0x1a] jb short loc_00442836 ; jb 0x442836 lea ecx, [ebp - 1] imul eax, ecx, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov ebx, dword [eax + (_card_strings+252)] ; mov ebx, dword [eax + 0x481336] push ebx push 2 push ecx jmp short loc_0044287a ; jmp 0x44287a loc_00442836: mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp ebx, eax je short loc_00442882 ; je 0x442882 test ebx, ebx je short loc_00442882 ; je 0x442882 cmp eax, dword [esp] jne short loc_00442882 ; jne 0x442882 mov al, byte [edi + 0x1a] cmp al, byte [esi + 0x1a] jb short loc_00442882 ; jb 0x442882 lea edx, [ebx - 1] imul eax, edx, 0x68 xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 3 mov ebx, eax shl eax, 4 sub eax, ebx mov ecx, dword [eax + (_card_strings+252)] ; mov ecx, dword [eax + 0x481336] push ecx push 2 push edx loc_0044287a: call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_00442882: mov ebx, 1 jmp near loc_00442ae2 ; jmp 0x442ae2 loc_0044288c: cmp esi, 0xfa0 jle near loc_00442ade ; jle 0x442ade cmp esi, 0x1770 jge near loc_00442ade ; jge 0x442ade lea eax, [esi - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edi, dword [ref_00498e88] ; mov edi, dword [0x498e88] add edi, eax imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_004428d8 ; jne 0x4428d8 push 0xe0c0204 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_004428df ; jmp 0x4428df loc_004428d8: push 0 call fcn_0041e6f2 ; call 0x41e6f2 loc_004428df: add esp, 4 mov ebx, eax test ebx, ebx je near loc_00442ade ; je 0x442ade push 0xffff push esi push 0x2f440 mov esi, dword [ref_00474938] ; mov esi, dword [0x474938] push esi call fcn_00456c0a ; call 0x456c0a add esp, 0x10 push 0xffff push ebx push 0x2f440 mov ebp, dword [ref_00474938] ; mov ebp, dword [0x474938] push ebp call fcn_00456c0a ; call 0x456c0a add esp, 0x10 lea eax, [ebx - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov esi, dword [ref_00498e88] ; mov esi, dword [0x498e88] add esi, eax xor ebx, ebx mov bl, byte [edi + 0x19] xor eax, eax mov al, byte [esi + 0x19] mov dword [esp], eax mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp ebx, eax jne short loc_00442984 ; jne 0x442984 cmp eax, dword [esp] je short loc_00442984 ; je 0x442984 mov al, byte [esi + 0x1a] cmp al, byte [edi + 0x1a] jb short loc_00442984 ; jb 0x442984 lea ecx, [ebx - 1] imul eax, ecx, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov edx, dword [eax + (_card_strings+12)] ; mov edx, dword [eax + 0x481246] push edx jmp short loc_004429c2 ; jmp 0x4429c2 loc_00442984: mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp ebx, eax je short loc_004429cd ; je 0x4429cd cmp eax, dword [esp] jne short loc_004429cd ; jne 0x4429cd mov al, byte [edi + 0x1a] cmp al, byte [esi + 0x1a] jb short loc_004429cd ; jb 0x4429cd mov ecx, dword [esp] dec ecx imul eax, ecx, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov ebp, dword [eax + (_card_strings+12)] ; mov ebp, dword [eax + 0x481246] push ebp loc_004429c2: push 3 push ecx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_004429cd: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 je short loc_00442a09 ; je 0x442a09 push 0x64 movsx edx, word [esi + 2] push edx movsx edx, word [esi] push edx xor edx, edx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax push 0 call fcn_0040e669 ; call 0x40e669 add esp, 0x18 loc_00442a09: mov byte [esi + 0x19], bl mov al, byte [esp] mov byte [edi + 0x19], al push 0 call fcn_0040a4e1 ; call 0x40a4e1 add esp, 4 call fcn_00451985 ; call 0x451985 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0x1f4 call fcn_0045285e ; call 0x45285e add esp, 4 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp ebx, eax jne short loc_00442a87 ; jne 0x442a87 mov ebp, dword [esp] cmp eax, ebp je short loc_00442a87 ; je 0x442a87 test ebp, ebp je short loc_00442a87 ; je 0x442a87 mov al, byte [esi + 0x1a] cmp al, byte [edi + 0x1a] jb short loc_00442a87 ; jb 0x442a87 lea ecx, [ebp - 1] imul eax, ecx, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov ebx, dword [eax + (_card_strings+252)] ; mov ebx, dword [eax + 0x481336] push ebx push 2 push ecx jmp near loc_0044287a ; jmp 0x44287a loc_00442a87: mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp ebx, eax je near loc_00442882 ; je 0x442882 test ebx, ebx je near loc_00442882 ; je 0x442882 cmp eax, dword [esp] jne near loc_00442882 ; jne 0x442882 mov al, byte [edi + 0x1a] cmp al, byte [esi + 0x1a] jb near loc_00442882 ; jb 0x442882 dec ebx imul eax, ebx, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov ecx, dword [eax + (_card_strings+252)] ; mov ecx, dword [eax + 0x481336] push ecx push 2 push ebx jmp near loc_0044287a ; jmp 0x44287a loc_00442ade: test ebx, ebx je short loc_00442af8 ; je 0x442af8 loc_00442ae2: push 4 mov esi, dword [_current_player] ; mov esi, dword [0x49910c] push esi call fcn_00441343 ; call 0x441343 add esp, 8 call fcn_0041d546 ; call 0x41d546 loc_00442af8: mov eax, ebx loc_00442afa: add esp, 4 pop ebp pop edi pop esi pop ebx ret fcn_00442b02: push ebx push esi push edi push ebp sub esp, 0xc xor ebx, ebx imul esi, dword [_current_player], 0x68 ; imul esi, dword [0x49910c], 0x68 xor edx, edx mov dx, word [esi + (_players+12)] ; mov dx, word [esi + 0x496b74] mov eax, edx shl eax, 2 add edx, eax shl edx, 3 mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] mov ax, word [edx + eax + 0x20] and eax, 0xffff mov dword [esp + 8], eax cmp eax, 0x7d0 jle near loc_00442d3a ; jle 0x442d3a cmp eax, 0xfa0 jge near loc_00442d3a ; jge 0x442d3a sub eax, 0x7d0 imul eax, eax, 0x34 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] add edx, eax mov dword [esp + 4], edx cmp byte [esi + (_players+21)], 1 ; cmp byte [esi + 0x496b7d], 1 jne short loc_00442b77 ; jne 0x442b77 push 0xe0c0202 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_00442b7e ; jmp 0x442b7e loc_00442b77: push 0 call fcn_0041e6f2 ; call 0x41e6f2 loc_00442b7e: add esp, 4 mov ebx, eax test ebx, ebx je near loc_00442f29 ; je 0x442f29 push 0xffff mov ebp, dword [esp + 0xc] push ebp push 0x2f440 mov eax, dword [ref_00474938] ; mov eax, dword [0x474938] push eax call fcn_00456c0a ; call 0x456c0a add esp, 0x10 push 0xffff push ebx push 0x2f440 mov edx, dword [ref_00474938] ; mov edx, dword [0x474938] push edx call fcn_00456c0a ; call 0x456c0a add esp, 0x10 lea eax, [ebx - 0x7d0] imul eax, eax, 0x34 mov ebp, dword [ref_00498e84] ; mov ebp, dword [0x498e84] add ebp, eax mov edi, dword [esp + 4] movzx edi, byte [edi + 0x19] movzx esi, byte [ebp + 0x19] mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edi, eax jne short loc_00442bfe ; jne 0x442bfe cmp esi, eax je short loc_00442bfe ; je 0x442bfe mov al, byte [ebp + 0x1a] mov edx, dword [esp + 4] cmp al, byte [edx + 0x1a] jb short loc_00442bfe ; jb 0x442bfe lea ecx, [edi - 1] jmp short loc_00442c1b ; jmp 0x442c1b loc_00442bfe: mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edi, eax je short loc_00442c4c ; je 0x442c4c cmp esi, eax jne short loc_00442c4c ; jne 0x442c4c mov eax, dword [esp + 4] mov al, byte [eax + 0x1a] cmp al, byte [ebp + 0x1a] jb short loc_00442c4c ; jb 0x442c4c lea ecx, [esi - 1] loc_00442c1b: imul eax, ecx, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff mov edx, eax shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov edx, dword [eax + (_card_strings+16)] ; mov edx, dword [eax + 0x48124a] push edx push 3 push ecx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_00442c4c: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 je short loc_00442c89 ; je 0x442c89 push 0x64 movsx edx, word [ebp + 2] push edx movsx edx, word [ebp] push edx xor edx, edx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax push 0 call fcn_0040e669 ; call 0x40e669 add esp, 0x18 loc_00442c89: call fcn_00451985 ; call 0x451985 push ebx mov ebx, dword [esp + 0xc] push ebx call fcn_0040b4f8 ; call 0x40b4f8 add esp, 8 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edi, eax jne short loc_00442ce3 ; jne 0x442ce3 cmp esi, eax je short loc_00442ce3 ; je 0x442ce3 test esi, esi je short loc_00442ce3 ; je 0x442ce3 mov eax, dword [esp + 4] mov al, byte [eax + 0x1a] cmp al, byte [ebp + 0x1a] jb short loc_00442ce3 ; jb 0x442ce3 dec esi imul eax, esi, 0x68 xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 3 mov ebx, eax shl eax, 4 sub eax, ebx mov edi, dword [eax + (_card_strings+256)] ; mov edi, dword [eax + 0x48133a] push edi push 2 push esi jmp short loc_00442d28 ; jmp 0x442d28 loc_00442ce3: mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edi, eax je short loc_00442d30 ; je 0x442d30 test edi, edi je short loc_00442d30 ; je 0x442d30 cmp esi, eax jne short loc_00442d30 ; jne 0x442d30 mov al, byte [ebp + 0x1a] mov edx, dword [esp + 4] loc_00442cfc: cmp al, byte [edx + 0x1a] jb short loc_00442d30 ; jb 0x442d30 dec edi imul eax, edi, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov esi, dword [eax + (_card_strings+256)] ; mov esi, dword [eax + 0x48133a] push esi push 2 push edi loc_00442d28: call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_00442d30: mov ebx, 1 jmp near loc_00442f2d ; jmp 0x442f2d loc_00442d3a: mov ebp, dword [esp + 8] cmp ebp, 0xfa0 jle near loc_00442f29 ; jle 0x442f29 cmp ebp, 0x1770 jge near loc_00442f29 ; jge 0x442f29 lea eax, [ebp - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] add edx, eax mov dword [esp], edx imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_00442d8d ; jne 0x442d8d push 0xe0c0204 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_00442d94 ; jmp 0x442d94 loc_00442d8d: push 0 call fcn_0041e6f2 ; call 0x41e6f2 loc_00442d94: add esp, 4 mov ebx, eax test ebx, ebx je near loc_00442f29 ; je 0x442f29 push 0xffff mov ecx, dword [esp + 0xc] push ecx push 0x2f440 mov esi, dword [ref_00474938] ; mov esi, dword [0x474938] push esi call fcn_00456c0a ; call 0x456c0a add esp, 0x10 push 0xffff push ebx push 0x2f440 mov edi, dword [ref_00474938] ; mov edi, dword [0x474938] push edi call fcn_00456c0a ; call 0x456c0a add esp, 0x10 lea eax, [ebx - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov ebp, dword [ref_00498e88] ; mov ebp, dword [0x498e88] add ebp, eax mov edi, dword [esp] movzx edi, byte [edi + 0x19] movzx esi, byte [ebp + 0x19] mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edi, eax jne short loc_00442e1a ; jne 0x442e1a cmp esi, eax je short loc_00442e1a ; je 0x442e1a mov al, byte [ebp + 0x1a] mov edx, dword [esp] cmp al, byte [edx + 0x1a] jb short loc_00442e1a ; jb 0x442e1a lea ecx, [edi - 1] jmp short loc_00442e36 ; jmp 0x442e36 loc_00442e1a: mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edi, eax je short loc_00442e67 ; je 0x442e67 cmp esi, eax jne short loc_00442e67 ; jne 0x442e67 mov eax, dword [esp] mov al, byte [eax + 0x1a] cmp al, byte [ebp + 0x1a] jb short loc_00442e67 ; jb 0x442e67 lea ecx, [esi - 1] loc_00442e36: imul eax, ecx, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff mov edx, eax shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov edx, dword [eax + (_card_strings+16)] ; mov edx, dword [eax + 0x48124a] push edx push 3 push ecx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_00442e67: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 je short loc_00442ea4 ; je 0x442ea4 push 0x64 movsx edx, word [ebp + 2] push edx movsx edx, word [ebp] push edx xor edx, edx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax push 0 call fcn_0040e669 ; call 0x40e669 add esp, 0x18 loc_00442ea4: call fcn_00451985 ; call 0x451985 push ebx mov ebx, dword [esp + 0xc] push ebx call fcn_0040b4f8 ; call 0x40b4f8 add esp, 8 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edi, eax jne short loc_00442f00 ; jne 0x442f00 cmp esi, eax je short loc_00442f00 ; je 0x442f00 test esi, esi je short loc_00442f00 ; je 0x442f00 mov eax, dword [esp] mov al, byte [eax + 0x1a] cmp al, byte [ebp + 0x1a] jb short loc_00442f00 ; jb 0x442f00 dec esi imul eax, esi, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov edi, dword [eax + (_card_strings+256)] ; mov edi, dword [eax + 0x48133a] push edi push 2 push esi jmp near loc_00442d28 ; jmp 0x442d28 loc_00442f00: mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edi, eax je near loc_00442d30 ; je 0x442d30 test edi, edi je near loc_00442d30 ; je 0x442d30 cmp esi, eax jne near loc_00442d30 ; jne 0x442d30 mov al, byte [ebp + 0x1a] mov edx, dword [esp] jmp near loc_00442cfc ; jmp 0x442cfc loc_00442f29: test ebx, ebx je short loc_00442f43 ; je 0x442f43 loc_00442f2d: push 5 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp call fcn_00441343 ; call 0x441343 add esp, 8 call fcn_0041d546 ; call 0x41d546 loc_00442f43: mov eax, ebx add esp, 0xc pop ebp pop edi pop esi pop ebx ret fcn_00442f4d: push ebx push esi push edi push ebp imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_00442f6d ; jne 0x442f6d push 0xe0c0010 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_00442f74 ; jmp 0x442f74 loc_00442f6d: push 0 call fcn_0041e6f2 ; call 0x41e6f2 loc_00442f74: add esp, 4 mov ebx, eax test ebx, ebx je near loc_00443069 ; je 0x443069 push 6 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_00441343 ; call 0x441343 add esp, 8 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 movzx esi, byte [eax + (_players+19)] ; movzx esi, byte [eax + 0x496b7b] mov eax, esi shl eax, 2 sub eax, esi shl eax, 3 mov esi, eax shl eax, 4 sub eax, esi mov edi, dword [eax + (_card_strings+20)] ; mov edi, dword [eax + 0x48124e] push edi push 3 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc push ebx call fcn_0040d293 ; call 0x40d293 mov edx, eax add esp, 4 mov esi, eax imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 je short loc_00443024 ; je 0x443024 push 0x64 imul edx, edx, 0x68 xor ecx, ecx mov cx, word [edx + (_players+10)] ; mov cx, word [edx + 0x496b72] push ecx mov dx, word [edx + (_players+8)] ; mov dx, word [edx + 0x496b70] and edx, 0xffff push edx xor edx, edx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax push 0 call fcn_0040e669 ; call 0x40e669 add esp, 0x18 loc_00443024: push esi call fcn_0040c78c ; call 0x40c78c add esp, 4 cmp esi, 4 jge short loc_00443069 ; jge 0x443069 mov edi, dword [_current_player] ; mov edi, dword [0x49910c] cmp esi, edi jne short loc_00443070 ; jne 0x443070 imul eax, edi, 0x68 movzx esi, byte [eax + (_players+19)] ; movzx esi, byte [eax + 0x496b7b] mov eax, esi shl eax, 2 sub eax, esi shl eax, 3 mov esi, eax shl eax, 4 sub eax, esi mov ecx, dword [eax + (_card_strings+140)] ; mov ecx, dword [eax + 0x4812c6] push ecx loc_0044305e: push 0 push edi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_00443069: mov eax, ebx pop ebp pop edi pop esi pop ebx ret loc_00443070: imul eax, esi, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov ebp, dword [eax + (_card_strings+260)] ; mov ebp, dword [eax + 0x48133e] push ebp push 2 push esi jmp near loc_00442313 ; jmp 0x442313 fcn_0044309b: push ebx push esi push edi xor esi, esi imul edx, dword [_current_player], 0x68 ; imul edx, dword [0x49910c], 0x68 xor ebx, ebx mov bx, word [edx + (_players+12)] ; mov bx, word [edx + 0x496b74] mov eax, ebx shl eax, 2 add eax, ebx mov ebx, dword [ref_00498e80] ; mov ebx, dword [0x498e80] mov ax, word [ebx + eax*8 + 0x20] and eax, 0xffff cmp eax, 0x7d0 jle near loc_00443147 ; jle 0x443147 cmp eax, 0xfa0 jge short loc_00443147 ; jge 0x443147 sub eax, 0x7d0 imul eax, eax, 0x34 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] add ebx, eax cmp byte [ebx + 0x1a], 0 je near loc_00443202 ; je 0x443202 mov dl, byte [edx + (_players+19)] ; mov dl, byte [edx + 0x496b7b] and edx, 0xff mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov ecx, dword [eax + (_card_strings+24)] ; mov ecx, dword [eax + 0x481252] push ecx push 3 mov esi, dword [_current_player] ; mov esi, dword [0x49910c] push esi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc mov ah, byte [ebx + 0x18] xor ah, 1 mov byte [ebx + 0x18], ah je short loc_0044313d ; je 0x44313d cmp byte [ebx + 0x1a], 1 jbe short loc_0044313d ; jbe 0x44313d mov byte [ebx + 0x1a], 1 loc_0044313d: mov esi, 1 jmp near loc_0044320a ; jmp 0x44320a loc_00443147: cmp eax, 0xfa0 jle near loc_00443202 ; jle 0x443202 cmp eax, 0x1770 jge near loc_00443202 ; jge 0x443202 sub eax, 0xfa0 shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] add ebx, eax cmp byte [ebx + 0x1a], 0 je near loc_00443202 ; je 0x443202 mov esi, dword [_current_player] ; mov esi, dword [0x49910c] imul eax, esi, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov edi, dword [eax + (_card_strings+24)] ; mov edi, dword [eax + 0x481252] push edi push 3 push esi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_004431da ; jne 0x4431da push 1 call fcn_00440aac ; call 0x440aac add esp, 4 mov edx, eax cmp eax, 0xffffffff jne short loc_004431e4 ; jne 0x4431e4 xor esi, esi jmp near loc_004412de ; jmp 0x4412de loc_004431da: push 0 call fcn_0041e6f2 ; call 0x41e6f2 add esp, 4 loc_004431e4: mov byte [ebx + 0x18], al mov esi, 1 mov dh, byte [ebx + 0x18] test dh, dh je short loc_004431f8 ; je 0x4431f8 cmp dh, 3 jne short loc_00443202 ; jne 0x443202 loc_004431f8: cmp byte [ebx + 0x1a], 1 jbe short loc_00443202 ; jbe 0x443202 mov byte [ebx + 0x1a], 1 loc_00443202: test esi, esi je near loc_004412de ; je 0x4412de loc_0044320a: push 7 mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi call fcn_00441343 ; call 0x441343 add esp, 8 call fcn_0041d546 ; call 0x41d546 jmp near loc_004412de ; jmp 0x4412de fcn_00443225: push ebx push esi push edi push ebp sub esp, 8 xor ebx, ebx imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor edx, edx mov dx, word [eax + (_players+12)] ; mov dx, word [eax + 0x496b74] mov eax, edx shl eax, 2 add eax, edx mov edi, dword [ref_00498e80] ; mov edi, dword [0x498e80] mov di, word [edi + eax*8 + 0x20] and edi, 0xffff cmp edi, 0x7d0 jle near loc_00443375 ; jle 0x443375 cmp edi, 0xfa0 jge near loc_00443375 ; jge 0x443375 lea eax, [edi - 0x7d0] imul eax, eax, 0x34 mov esi, dword [ref_00498e84] ; mov esi, dword [0x498e84] add esi, eax mov bl, byte [esi + 0x19] test ebx, ebx je short loc_004432ce ; je 0x4432ce xor eax, eax mov ax, word [esi + 0x1c] mov ebp, dword [ref_004990e8] ; mov ebp, dword [0x4990e8] imul eax, ebp mov dword [esp], eax fild dword [esp] xor eax, eax mov al, byte [esi + 0x1a] mov dword [esp + 4], eax fild word [esp + 4] fadd dword [ref_00465324] ; fadd dword [0x465324] fdiv dword [ref_00465328] ; fdiv dword [0x465328] fmulp st1 ; fmulp st(1) sub esp, 8 fstp qword [esp] mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax lea eax, [ebx - 1] push eax call fcn_0040df69 ; call 0x40df69 add esp, 0x10 loc_004432ce: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov ecx, dword [eax + (_card_strings+28)] ; mov ecx, dword [eax + 0x481256] push ecx push 3 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc test ebx, ebx je short loc_00443345 ; je 0x443345 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp ebx, eax je short loc_00443345 ; je 0x443345 lea edx, [ebx - 1] imul eax, edx, 0x68 xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 3 mov ebx, eax shl eax, 4 sub eax, ebx mov ecx, dword [eax + (_card_strings+268)] ; mov ecx, dword [eax + 0x481346] push ecx push 1 push edx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_00443345: push 1 push edi mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_0043bde5 ; call 0x43bde5 add esp, 0xc test eax, eax jne short loc_0044336b ; jne 0x44336b mov byte [esi + 0x19], 0 mov dword [esi + 0x30], eax loc_00443362: push eax call fcn_0040a4e1 ; call 0x40a4e1 add esp, 4 loc_0044336b: mov ebx, 1 jmp near loc_00443496 ; jmp 0x443496 loc_00443375: cmp edi, 0xfa0 jle near loc_00443492 ; jle 0x443492 cmp edi, 0x1770 jge near loc_00443492 ; jge 0x443492 lea eax, [edi - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov esi, dword [ref_00498e88] ; mov esi, dword [0x498e88] add esi, eax xor ebx, ebx mov bl, byte [esi + 0x19] test ebx, ebx je short loc_004433f7 ; je 0x4433f7 xor eax, eax mov ax, word [esi + 0x22] mov ecx, dword [ref_004990e8] ; mov ecx, dword [0x4990e8] imul eax, ecx mov dword [esp], eax fild dword [esp] xor eax, eax mov al, byte [esi + 0x1a] mov dword [esp + 4], eax fild word [esp + 4] fadd dword [ref_00465324] ; fadd dword [0x465324] fdiv dword [ref_00465328] ; fdiv dword [0x465328] fmulp st1 ; fmulp st(1) sub esp, 8 fstp qword [esp] mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp lea eax, [ebx - 1] push eax call fcn_0040df69 ; call 0x40df69 add esp, 0x10 loc_004433f7: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov ecx, dword [eax + (_card_strings+28)] ; mov ecx, dword [eax + 0x481256] push ecx push 3 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc test ebx, ebx je short loc_0044346c ; je 0x44346c mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp ebx, eax je short loc_0044346c ; je 0x44346c dec ebx imul eax, ebx, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov edx, dword [eax + (_card_strings+268)] ; mov edx, dword [eax + 0x481346] push edx push 1 push ebx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_0044346c: push 1 push edi mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_0043bde5 ; call 0x43bde5 add esp, 0xc test eax, eax jne near loc_0044336b ; jne 0x44336b mov byte [esi + 0x19], 0 mov dword [esi + 0x34], eax jmp near loc_00443362 ; jmp 0x443362 loc_00443492: test ebx, ebx je short loc_004434b9 ; je 0x4434b9 loc_00443496: push 8 mov esi, dword [_current_player] ; mov esi, dword [0x49910c] push esi call fcn_00441343 ; call 0x441343 add esp, 8 xor edi, edi mov dword [ref_0048be18], edi ; mov dword [0x48be18], edi push 1 call fcn_0041906a ; call 0x41906a add esp, 4 loc_004434b9: mov eax, ebx jmp near loc_0044261a ; jmp 0x44261a fcn_004434c0: push ebx push esi push edi push ebp sub esp, 4 xor edx, edx mov dword [esp], edx imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_004434e8 ; jne 0x4434e8 push 0xe0c0006 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_004434ef ; jmp 0x4434ef loc_004434e8: push 0 call fcn_0041e6f2 ; call 0x41e6f2 loc_004434ef: add esp, 4 mov ebp, eax test ebp, ebp je near loc_004436d9 ; je 0x4436d9 push 9 mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_00441343 ; call 0x441343 add esp, 8 mov esi, dword [_current_player] ; mov esi, dword [0x49910c] imul eax, esi, 0x68 xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 3 mov ebx, eax shl eax, 4 sub eax, ebx mov edi, dword [eax + (_card_strings+32)] ; mov edi, dword [eax + 0x48125a] push edi push 3 push esi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc cmp ebp, 0x7d0 jle near loc_00443621 ; jle 0x443621 cmp ebp, 0xfa0 jge near loc_00443621 ; jge 0x443621 lea eax, [ebp - 0x7d0] imul eax, eax, 0x34 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] lea edi, [ebx + eax] mov esi, 1 loc_00443570: add ebx, 0x34 cmp esi, dword [ref_00498e98] ; cmp esi, dword [0x498e98] jg near loc_004435e4 ; jg 0x4435e4 lea eax, [ebx + 4] push eax lea eax, [edi + 4] push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne short loc_004435e1 ; jne 0x4435e1 cmp byte [ebx + 0x1a], 5 jae short loc_004435e1 ; jae 0x4435e1 push 0xffff lea eax, [esi + 0x7d0] push eax push 0x2f440 mov ecx, dword [ref_00474938] ; mov ecx, dword [0x474938] push ecx call fcn_00456c0a ; call 0x456c0a add esp, 0x10 cmp byte [ebx + 0x18], 0 je short loc_004435cb ; je 0x4435cb cmp byte [ebx + 0x1a], 0 jne short loc_004435ce ; jne 0x4435ce mov byte [ebx + 0x1a], 1 jmp short loc_004435ce ; jmp 0x4435ce loc_004435cb: inc byte [ebx + 0x1a] loc_004435ce: cmp byte [ebx + 0x18], 0 jne short loc_004435e1 ; jne 0x4435e1 cmp byte [ebx + 0x1a], 5 jne short loc_004435e1 ; jne 0x4435e1 mov dword [esp], 1 loc_004435e1: inc esi jmp short loc_00443570 ; jmp 0x443570 loc_004435e4: push 0x64 movsx eax, word [edi + 2] push eax movsx eax, word [edi] push eax imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor ebx, ebx mov bx, word [eax + (_players+10)] ; mov bx, word [eax + 0x496b72] push ebx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax push 0 call fcn_0040e669 ; call 0x40e669 add esp, 0x18 call fcn_00451985 ; call 0x451985 jmp near loc_004436c0 ; jmp 0x4436c0 loc_00443621: cmp ebp, 0xfa0 jle near loc_004436ce ; jle 0x4436ce cmp ebp, 0x1770 jge near loc_004436ce ; jge 0x4436ce lea eax, [ebp - 0xfa0] shl eax, 3 mov ebx, eax shl eax, 3 sub eax, ebx mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] add ebx, eax push 0xffff push ebp push 0x2f440 mov edx, dword [ref_00474938] ; mov edx, dword [0x474938] push edx call fcn_00456c0a ; call 0x456c0a add esp, 0x10 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 je short loc_004436a7 ; je 0x4436a7 push 0x64 movsx esi, word [ebx + 2] push esi movsx ebx, word [ebx] push ebx xor ebx, ebx mov bx, word [eax + (_players+10)] ; mov bx, word [eax + 0x496b72] push ebx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax push 0 call fcn_0040e669 ; call 0x40e669 add esp, 0x18 loc_004436a7: call fcn_00451985 ; call 0x451985 push ebp call fcn_0040b110 ; call 0x40b110 add esp, 4 test al, 0x80 je short loc_004436c0 ; je 0x4436c0 mov dword [esp], 1 loc_004436c0: push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc loc_004436ce: cmp dword [esp], 0 je short loc_004436d9 ; je 0x4436d9 call fcn_0040b0cd ; call 0x40b0cd loc_004436d9: mov eax, ebp jmp near loc_00442afa ; jmp 0x442afa fcn_004436e0: push ebx push esi push edi push ebp imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_00443700 ; jne 0x443700 push 0xe0c0006 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_00443707 ; jmp 0x443707 loc_00443700: push 0 call fcn_0041e6f2 ; call 0x41e6f2 loc_00443707: add esp, 4 mov ebp, eax test ebp, ebp je near loc_0044558c ; je 0x44558c push 0xa mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_00441343 ; call 0x441343 add esp, 8 mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] imul eax, ebx, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov esi, dword [eax + (_card_strings+36)] ; mov esi, dword [eax + 0x48125e] push esi push 0 push ebx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc cmp ebp, 0x7d0 jle near loc_00443848 ; jle 0x443848 cmp ebp, 0xfa0 jge near loc_00443848 ; jge 0x443848 lea eax, [ebp - 0x7d0] imul eax, eax, 0x34 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] lea edi, [ebx + eax] mov esi, 1 loc_00443788: add ebx, 0x34 cmp esi, dword [ref_00498e98] ; cmp esi, dword [0x498e98] jg short loc_00443803 ; jg 0x443803 lea eax, [ebx + 4] push eax lea eax, [edi + 4] push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne short loc_00443800 ; jne 0x443800 cmp byte [ebx + 0x19], 0 je short loc_004437d8 ; je 0x4437d8 xor edx, edx mov dl, byte [ebx + 0x1a] add edx, edx mov eax, edx shl eax, 4 sub eax, edx imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] push eax mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax xor eax, eax mov al, byte [ebx + 0x19] dec eax push eax call fcn_0040df69 ; call 0x40df69 add esp, 0xc loc_004437d8: push 0xffff lea eax, [esi + 0x7d0] push eax push 0x2f440 mov edx, dword [ref_00474938] ; mov edx, dword [0x474938] push edx call fcn_00456c0a ; call 0x456c0a add esp, 0x10 mov byte [ebx + 0x1a], 0 mov byte [ebx + 0x18], 0 loc_00443800: inc esi jmp short loc_00443788 ; jmp 0x443788 loc_00443803: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 je near loc_0044390d ; je 0x44390d push 0x64 movsx edx, word [edi + 2] push edx movsx edx, word [edi] push edx xor edx, edx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax push 0 call fcn_0040e669 ; call 0x40e669 add esp, 0x18 jmp near loc_0044390d ; jmp 0x44390d loc_00443848: cmp ebp, 0xfa0 jle near loc_0044558c ; jle 0x44558c cmp ebp, 0x1770 jge near loc_0044558c ; jge 0x44558c lea eax, [ebp - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] add ebx, eax cmp byte [ebx + 0x19], 0 je short loc_004438aa ; je 0x4438aa xor edx, edx mov dl, byte [ebx + 0x1a] add edx, edx mov eax, edx shl eax, 4 sub eax, edx imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] push eax mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx xor eax, eax mov al, byte [ebx + 0x19] dec eax push eax call fcn_0040df69 ; call 0x40df69 add esp, 0xc loc_004438aa: push 0xffff push ebp push 0x2f440 mov esi, dword [ref_00474938] ; mov esi, dword [0x474938] push esi call fcn_00456c0a ; call 0x456c0a add esp, 0x10 mov byte [ebx + 0x1a], 0 mov byte [ebx + 0x18], 0 call fcn_0040dffa ; call 0x40dffa imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 je short loc_0044390d ; je 0x44390d push 0x64 movsx edx, word [ebx + 2] push edx movsx edx, word [ebx] push edx xor edx, edx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax push 0 call fcn_0040e669 ; call 0x40e669 add esp, 0x18 loc_0044390d: call fcn_00451985 ; call 0x451985 jmp near loc_0044557e ; jmp 0x44557e fcn_00443917: push ebx push esi push edi push ebp imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_00443937 ; jne 0x443937 push 0xe0c0506 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_0044393e ; jmp 0x44393e loc_00443937: push 0 call fcn_0041e6f2 ; call 0x41e6f2 loc_0044393e: add esp, 4 mov esi, eax test esi, esi je near loc_00443b08 ; je 0x443b08 push 0xb mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_00441343 ; call 0x441343 add esp, 8 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff mov ebx, eax shl ebx, 2 sub ebx, eax shl ebx, 3 mov eax, ebx shl ebx, 4 sub ebx, eax mov edi, dword [ebx + (_card_strings+40)] ; mov edi, dword [ebx + 0x481262] push edi push 0 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc cmp esi, 0xfa0 jge short loc_004439e8 ; jge 0x4439e8 lea eax, [esi - 0x7d0] imul eax, eax, 0x34 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] add ebx, eax mov cl, byte [ebx + 0x19] test cl, cl je near loc_00443a32 ; je 0x443a32 xor edx, edx mov dl, byte [ebx + 0x1a] add edx, edx mov eax, edx shl eax, 4 sub eax, edx imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] push eax mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp xor eax, eax mov al, cl dec eax push eax call fcn_0040df69 ; call 0x40df69 add esp, 0xc jmp short loc_00443a32 ; jmp 0x443a32 loc_004439e8: lea eax, [esi - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] add ebx, eax cmp byte [ebx + 0x19], 0 je short loc_00443a32 ; je 0x443a32 xor edx, edx mov dl, byte [ebx + 0x1a] add edx, edx mov eax, edx shl eax, 4 sub eax, edx imul eax, dword [ref_004990e8] ; imul eax, dword [0x4990e8] push eax mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx xor eax, eax mov al, byte [ebx + 0x19] dec eax push eax call fcn_0040df69 ; call 0x40df69 add esp, 0xc loc_00443a32: movzx edi, byte [ebx + 0x19] movsx ebp, word [ebx] movsx ebx, word [ebx + 2] imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 je short loc_00443a72 ; je 0x443a72 push 0x64 push ebx push ebp xor edx, edx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax push 0 call fcn_0040e669 ; call 0x40e669 add esp, 0x18 loc_00443a72: push 0 push ebx push ebp call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 2 push esi call fcn_0040ab4a ; call 0x40ab4a add esp, 8 push 0 push 0 push 0x22d mov ecx, dword [ref_0048a0e4] ; mov ecx, dword [0x48a0e4] push ecx call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x50 push 0x100001 push 0x28 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 push 0x1f4 call fcn_0045285e ; call 0x45285e add esp, 4 test edi, edi je short loc_00443b03 ; je 0x443b03 dec edi imul eax, edi, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff mov ebx, eax shl ebx, 2 sub ebx, eax shl ebx, 3 mov eax, ebx shl ebx, 4 sub ebx, eax mov ebp, dword [ebx + (_card_strings+280)] ; mov ebp, dword [ebx + 0x481352] push ebp push 1 push edi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_00443b03: call fcn_0041d546 ; call 0x41d546 loc_00443b08: mov eax, esi pop ebp pop edi pop esi pop ebx ret fcn_00443b0f: push ebx push esi push edi push ebp sub esp, 4 xor edi, edi imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_00443b34 ; jne 0x443b34 push 0xe0c0626 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_00443b3a ; jmp 0x443b3a loc_00443b34: push edi call fcn_0041e6f2 ; call 0x41e6f2 loc_00443b3a: add esp, 4 mov dword [esp], eax cmp dword [esp], 0 je near loc_00443e35 ; je 0x443e35 push 0xc mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_00441343 ; call 0x441343 add esp, 8 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] imul eax, ebp, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff mov ebx, eax shl ebx, 2 sub ebx, eax shl ebx, 3 mov eax, ebx shl ebx, 4 sub ebx, eax mov eax, dword [ebx + (_card_strings+44)] ; mov eax, dword [ebx + 0x481266] push eax push 0 push ebp call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc mov ecx, dword [esp] cmp ecx, 0x7d0 jle near loc_00443c54 ; jle 0x443c54 cmp ecx, 0xfa0 jge near loc_00443c54 ; jge 0x443c54 lea ebx, [ecx - 0x7d0] imul ebx, ebx, 0x34 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add ebx, eax imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 je short loc_00443bf9 ; je 0x443bf9 push 0x64 movsx edx, word [ebx + 2] push edx movsx edx, word [ebx] push edx xor edx, edx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax push 0 call fcn_0040e669 ; call 0x40e669 add esp, 0x18 loc_00443bf9: push 0 movsx eax, word [ebx + 2] push eax movsx eax, word [ebx] push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc movzx esi, byte [ebx + 0x19] dec byte [ebx + 0x1a] cmp byte [ebx + 0x18], 0 je short loc_00443c21 ; je 0x443c21 mov byte [ebx + 0x1a], 0 mov byte [ebx + 0x18], 0 loc_00443c21: cmp byte [ebx + 0x19], 0 je near loc_00443db6 ; je 0x443db6 mov eax, dword [ref_004990e8] ; mov eax, dword [0x4990e8] add eax, eax mov edx, eax shl eax, 4 sub eax, edx push eax mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax xor eax, eax mov al, byte [ebx + 0x19] dec eax push eax call fcn_0040df69 ; call 0x40df69 add esp, 0xc jmp near loc_00443db6 ; jmp 0x443db6 loc_00443c54: mov ebp, dword [esp] cmp ebp, 0xfa0 jle near loc_00443d22 ; jle 0x443d22 cmp ebp, 0x1770 jge near loc_00443d22 ; jge 0x443d22 lea ebx, [ebp - 0xfa0] shl ebx, 3 mov eax, ebx shl ebx, 3 sub ebx, eax mov eax, ebx mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] add ebx, eax imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 je short loc_00443cc5 ; je 0x443cc5 push 0x64 movsx edx, word [ebx + 2] push edx movsx edx, word [ebx] push edx xor edx, edx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax push 0 call fcn_0040e669 ; call 0x40e669 add esp, 0x18 loc_00443cc5: push 0 movsx eax, word [ebx + 2] push eax movsx eax, word [ebx] push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc movzx esi, byte [ebx + 0x19] mov al, byte [ebx + 0x1a] dec al mov byte [ebx + 0x1a], al jne short loc_00443cee ; jne 0x443cee mov byte [ebx + 0x18], al call fcn_0040dffa ; call 0x40dffa loc_00443cee: cmp byte [ebx + 0x19], 0 je near loc_00443db6 ; je 0x443db6 mov eax, dword [ref_004990e8] ; mov eax, dword [0x4990e8] add eax, eax mov edx, eax shl eax, 4 sub eax, edx push eax mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi xor eax, eax mov al, byte [ebx + 0x19] dec eax push eax call fcn_0040df69 ; call 0x40df69 add esp, 0xc jmp near loc_00443db6 ; jmp 0x443db6 loc_00443d22: test byte [esp + 1], 0x80 je near loc_00443dae ; je 0x443dae mov esi, dword [esp] and esi, 0x7f00 sar esi, 8 imul ebx, dword [_current_player], 0x68 ; imul ebx, dword [0x49910c], 0x68 cmp byte [ebx + (_players+21)], 1 ; cmp byte [ebx + 0x496b7d], 1 je short loc_00443d97 ; je 0x443d97 push 0x64 lea edx, [esi - 1] mov eax, edx shl eax, 2 sub eax, edx xor edx, edx mov dx, word [eax*8 + ref_00496d0a] ; mov dx, word [eax*8 + 0x496d0a] mov eax, edx shl eax, 2 add edx, eax shl edx, 3 mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] add eax, edx movsx edx, word [eax + 2] push edx movsx eax, word [eax] push eax xor eax, eax mov ax, word [ebx + (_players+10)] ; mov ax, word [ebx + 0x496b72] push eax xor eax, eax mov ax, word [ebx + (_players+8)] ; mov ax, word [ebx + 0x496b70] push eax push 0 call fcn_0040e669 ; call 0x40e669 add esp, 0x18 loc_00443d97: push esi call fcn_0040e14d ; call 0x40e14d add esp, 4 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc loc_00443dae: test edi, edi je near loc_00443e35 ; je 0x443e35 loc_00443db6: push 0 push 0 push 0x211 mov edx, dword [ref_0048a0e4] ; mov edx, dword [0x48a0e4] push edx call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x61 push 0x260001 push 0x28 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 push 0x1f4 call fcn_0045285e ; call 0x45285e add esp, 4 test esi, esi je short loc_00443e30 ; je 0x443e30 dec esi imul eax, esi, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff mov ebx, eax shl ebx, 2 sub ebx, eax shl ebx, 3 mov eax, ebx shl ebx, 4 sub ebx, eax mov ecx, dword [ebx + (_card_strings+284)] ; mov ecx, dword [ebx + 0x481356] push ecx push 1 push esi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_00443e30: call fcn_0041d546 ; call 0x41d546 loc_00443e35: mov eax, dword [esp] jmp near loc_00442afa ; jmp 0x442afa fcn_00443e3d: push ebx push esi push edi imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_00443e5c ; jne 0x443e5c push 0xe0c0410 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_00443e63 ; jmp 0x443e63 loc_00443e5c: push 0 call fcn_0041e6f2 ; call 0x41e6f2 loc_00443e63: add esp, 4 mov ebx, eax test ebx, ebx je near loc_00441f1b ; je 0x441f1b mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] imul eax, ecx, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov esi, dword [eax + (_card_strings+48)] ; mov esi, dword [eax + 0x48126a] push esi push 3 push ecx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc push ebx call fcn_0040d293 ; call 0x40d293 mov edx, eax add esp, 4 mov esi, eax imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 je short loc_00443eff ; je 0x443eff push 0x64 imul edx, edx, 0x68 xor ebx, ebx mov bx, word [edx + (_players+10)] ; mov bx, word [edx + 0x496b72] push ebx mov dx, word [edx + (_players+8)] ; mov dx, word [edx + 0x496b70] and edx, 0xffff push edx xor edx, edx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax push 0 call fcn_0040e669 ; call 0x40e669 add esp, 0x18 loc_00443eff: push 1 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax push esi call fcn_0044192a ; call 0x44192a add esp, 0xc mov ebx, eax test eax, eax je near loc_00441f1b ; je 0x441f1b mov al, byte [eax*8 + (_card_table - 3)] ; mov al, byte [eax*8 + 0x47fdef] and eax, 0xff push eax mov edx, dword [_current_player] ; mov edx, dword [0x49910c] push edx push esi call fcn_0040df69 ; call 0x40df69 add esp, 0xc push 0xd mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_00441343 ; call 0x441343 add esp, 8 imul eax, esi, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov edi, dword [eax + (_card_strings+288)] ; mov edi, dword [eax + 0x48135a] push edi push 1 push esi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc call fcn_0041d546 ; call 0x41d546 jmp near loc_00441f1b ; jmp 0x441f1b fcn_00443f80: push ebx push esi push edi push ebp imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_00443fa0 ; jne 0x443fa0 push 0xe0c0010 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_00443fa7 ; jmp 0x443fa7 loc_00443fa0: push 0 call fcn_0041e6f2 ; call 0x41e6f2 loc_00443fa7: add esp, 4 mov edi, eax test edi, edi je near loc_004440e3 ; je 0x4440e3 push edi call fcn_0040d293 ; call 0x40d293 mov ebx, eax add esp, 4 mov esi, eax push 0xe mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_00441343 ; call 0x441343 add esp, 8 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] cmp ebx, ebp je short loc_0044400a ; je 0x44400a imul eax, ebp, 0x68 xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 3 mov ebx, eax shl eax, 4 sub eax, ebx mov ecx, dword [eax + (_card_strings+52)] ; mov ecx, dword [eax + 0x48126e] push ecx push 3 push ebp call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_0044400a: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 je short loc_00444058 ; je 0x444058 push 0x64 imul edx, esi, 0x68 xor ebx, ebx mov bx, word [edx + (_players+10)] ; mov bx, word [edx + 0x496b72] push ebx mov dx, word [edx + (_players+8)] ; mov dx, word [edx + 0x496b70] and edx, 0xffff push edx xor edx, edx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax push 0 call fcn_0040e669 ; call 0x40e669 add esp, 0x18 loc_00444058: cmp esi, 4 jge near loc_004440d9 ; jge 0x4440d9 imul ebx, esi, 0x68 cmp esi, dword [_current_player] ; cmp esi, dword [0x49910c] jne short loc_004440a0 ; jne 0x4440a0 xor edx, edx mov dl, byte [ebx + (_players+19)] ; mov dl, byte [ebx + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov ecx, dword [eax + (_card_strings+172)] ; mov ecx, dword [eax + 0x4812e6] push ecx push 3 push esi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc mov byte [ebx + (_players+56)], 0x80 ; mov byte [ebx + 0x496ba0], 0x80 jmp short loc_004440e3 ; jmp 0x4440e3 loc_004440a0: xor edx, edx mov dl, byte [ebx + (_players+19)] ; mov dl, byte [ebx + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov edx, dword [eax + (_card_strings+292)] ; mov edx, dword [eax + 0x48135e] push edx push 2 push esi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc mov byte [ebx + (_players+56)], 1 ; mov byte [ebx + 0x496ba0], 1 call fcn_0041d546 ; call 0x41d546 jmp short loc_004440e3 ; jmp 0x4440e3 loc_004440d9: shl esi, 4 mov byte [esi + ref_00498df6], 1 ; mov byte [esi + 0x498df6], 1 loc_004440e3: mov eax, edi pop ebp pop edi pop esi pop ebx ret fcn_004440ea: push ebx push esi push edi push 0xf mov edx, dword [_current_player] ; mov edx, dword [0x49910c] push edx call fcn_00441343 ; call 0x441343 add esp, 8 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] imul eax, ecx, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov ebx, dword [eax + (_card_strings+56)] ; mov ebx, dword [eax + 0x481272] push ebx push 3 push ecx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc xor ebx, ebx jmp short loc_00444147 ; jmp 0x444147 loc_00444136: mov dh, 5 loc_00444138: inc ebx cmp ebx, 8 jge near loc_004441c9 ; jge 0x4441c9 cmp ebx, 4 jge short loc_004441a9 ; jge 0x4441a9 loc_00444147: mov edi, dword [_current_player] ; mov edi, dword [0x49910c] cmp ebx, edi je short loc_00444136 ; je 0x444136 imul esi, ebx, 0x68 cmp byte [esi + (_players+21)], 0 ; cmp byte [esi + 0x496b7d], 0 je short loc_00444136 ; je 0x444136 cmp word [esi + (_players+8)], 0 ; cmp word [esi + 0x496b70], 0 je short loc_00444136 ; je 0x444136 cmp dword [esi + (_players+50)], 0 ; cmp dword [esi + 0x496b9a], 0 jne short loc_00444136 ; jne 0x444136 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 add eax, edx add eax, eax mov edx, eax shl eax, 4 sub eax, edx push eax push edi push ebx call fcn_0040df69 ; call 0x40df69 add esp, 0xc xor dl, dl mov byte [esi + (_players+55)], dl ; mov byte [esi + 0x496b9f], dl mov dh, 5 mov byte [esi + (_players+54)], dh ; mov byte [esi + 0x496b9e], dh add byte [esi + (_players+66)], dh ; add byte [esi + 0x496baa], dh jmp short loc_00444136 ; jmp 0x444136 loc_004441a9: mov eax, ebx shl eax, 4 mov ch, byte [eax + ref_00498df2] ; mov ch, byte [eax + 0x498df2] test ch, ch jne short loc_00444138 ; jne 0x444138 mov byte [eax + ref_00498df5], ch ; mov byte [eax + 0x498df5], ch mov byte [eax + ref_00498df4], dh ; mov byte [eax + 0x498df4], dh jmp near loc_00444138 ; jmp 0x444138 loc_004441c9: push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc jmp near loc_004421ab ; jmp 0x4421ab fcn_004441dc: push ebx push esi push edi push ebp imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_004441fc ; jne 0x4441fc push 0xe0c0710 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_00444203 ; jmp 0x444203 loc_004441fc: push 0 call fcn_0041e6f2 ; call 0x41e6f2 loc_00444203: add esp, 4 mov esi, eax test esi, esi je near loc_004444b8 ; je 0x4444b8 push 0x10 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_00441343 ; call 0x441343 add esp, 8 mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] imul eax, ebx, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov edi, dword [eax + (_card_strings+60)] ; mov edi, dword [eax + 0x481276] push edi push 3 push ebx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc push esi call fcn_0040d293 ; call 0x40d293 mov edx, eax add esp, 4 mov ebp, eax mov ebx, eax imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 je short loc_004442b2 ; je 0x4442b2 push 0x64 imul edx, edx, 0x68 xor edi, edi mov di, word [edx + (_players+10)] ; mov di, word [edx + 0x496b72] push edi mov dx, word [edx + (_players+8)] ; mov dx, word [edx + 0x496b70] and edx, 0xffff push edx xor edx, edx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax push 0 call fcn_0040e669 ; call 0x40e669 add esp, 0x18 loc_004442b2: cmp ebx, 4 jge near loc_0044449b ; jge 0x44449b imul eax, ebx, 0x68 cmp byte [eax + (_players+54)], 0 ; cmp byte [eax + 0x496b9e], 0 jne near loc_0044449b ; jne 0x44449b mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 add eax, edx add eax, eax mov edx, eax shl eax, 4 sub eax, edx push eax mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi push ebx call fcn_0040df69 ; call 0x40df69 add esp, 0xc push 0x15 push ebx call fcn_004413ad ; call 0x4413ad add esp, 8 cmp eax, 1 jne short loc_00444310 ; jne 0x444310 push ebx call fcn_00444bb2 ; call 0x444bb2 add esp, 4 jmp near loc_004444b3 ; jmp 0x4444b3 loc_00444310: push 0x13 push ebx call fcn_004413ad ; call 0x4413ad add esp, 8 cmp eax, 1 jne short loc_00444334 ; jne 0x444334 push 0 push 0 push ebx call fcn_0044476a ; call 0x44476a add esp, 0xc cmp eax, 0xffffffff je short loc_00444334 ; je 0x444334 mov ebx, eax loc_00444334: imul edi, ebx, 0x68 xor edx, edx mov dl, byte [edi + (_players+19)] ; mov dl, byte [edi + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov ecx, dword [edx + eax*8 + ref_0048089e] ; mov ecx, dword [edx + eax*8 + 0x48089e] push ecx push 1 push ebx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc cmp ebx, dword [_current_player] ; cmp ebx, dword [0x49910c] setne al add al, 4 mov byte [edi + (_players+55)], al ; mov byte [edi + 0x496b9f], al imul eax, ebx, 0x68 add byte [eax + (_players+66)], 5 ; add byte [eax + 0x496baa], 5 mov dl, byte [eax + (_players+17)] ; mov dl, byte [eax + 0x496b79] mov byte [eax + (_players+102)], dl ; mov byte [eax + 0x496bce], dl mov dl, byte [eax + (_players+18)] ; mov dl, byte [eax + 0x496b7a] mov byte [eax + (_players+103)], dl ; mov byte [eax + 0x496bcf], dl mov dh, byte [eax + (_players+17)] ; mov dh, byte [eax + 0x496b79] test dh, dh je short loc_004443e6 ; je 0x4443e6 cmp dh, 1 jne short loc_004443b4 ; jne 0x4443b4 mov eax, ebx shl eax, 2 add eax, ebx mov edx, eax shl eax, 2 sub eax, edx inc byte [eax + ref_00499160] ; inc byte [eax + 0x499160] loc_004443b4: imul eax, ebx, 0x68 cmp byte [eax + (_players+17)], 2 ; cmp byte [eax + 0x496b79], 2 jne short loc_004443d4 ; jne 0x4443d4 mov eax, ebx shl eax, 2 add eax, ebx mov edx, eax shl eax, 2 sub eax, edx inc byte [eax + ref_00499161] ; inc byte [eax + 0x499161] loc_004443d4: imul eax, ebx, 0x68 xor cl, cl mov byte [eax + (_players+17)], cl ; mov byte [eax + 0x496b79], cl mov byte [eax + (_players+18)], 1 ; mov byte [eax + 0x496b7a], 1 loc_004443e6: push ebx call fcn_0040b93b ; call 0x40b93b add esp, 4 cmp ebx, ebp jne near loc_004444b3 ; jne 0x4444b3 push 0x12 push ebp call fcn_004413ad ; call 0x4413ad add esp, 8 cmp eax, 1 jne near loc_004444b3 ; jne 0x4444b3 push ebp call fcn_00444691 ; call 0x444691 add esp, 4 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] imul eax, ecx, 0x68 mov byte [eax + (_players+55)], 5 ; mov byte [eax + 0x496b9f], 5 mov dl, byte [eax + (_players+17)] ; mov dl, byte [eax + 0x496b79] mov byte [eax + (_players+102)], dl ; mov byte [eax + 0x496bce], dl mov dl, byte [eax + (_players+18)] ; mov dl, byte [eax + 0x496b7a] mov byte [eax + (_players+103)], dl ; mov byte [eax + 0x496bcf], dl cmp byte [eax + (_players+17)], 1 ; cmp byte [eax + 0x496b79], 1 jne short loc_00444459 ; jne 0x444459 mov eax, ecx shl eax, 2 add eax, ecx mov edx, eax shl eax, 2 sub eax, edx inc byte [eax + ref_00499160] ; inc byte [eax + 0x499160] loc_00444459: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+17)], 2 ; cmp byte [eax + 0x496b79], 2 jne short loc_00444483 ; jne 0x444483 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx inc byte [eax + ref_00499161] ; inc byte [eax + 0x499161] loc_00444483: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor ch, ch mov byte [eax + (_players+17)], ch ; mov byte [eax + 0x496b79], ch mov byte [eax + (_players+18)], 1 ; mov byte [eax + 0x496b7a], 1 jmp short loc_004444b3 ; jmp 0x4444b3 loc_0044449b: cmp ebx, 4 jl short loc_004444b3 ; jl 0x4444b3 shl ebx, 4 cmp byte [ebx + ref_00498df4], 0 ; cmp byte [ebx + 0x498df4], 0 jne short loc_004444b3 ; jne 0x4444b3 mov byte [ebx + ref_00498df5], 5 ; mov byte [ebx + 0x498df5], 5 loc_004444b3: call fcn_0041d546 ; call 0x41d546 loc_004444b8: mov eax, esi pop ebp pop edi pop esi pop ebx ret fcn_004444bf: push ebx push esi push edi push ebp imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_004444df ; jne 0x4444df push 0xe0c0710 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_004444e6 ; jmp 0x4444e6 loc_004444df: push 0 call fcn_0041e6f2 ; call 0x41e6f2 loc_004444e6: add esp, 4 mov esi, eax test esi, esi je near loc_0044468a ; je 0x44468a push 0x11 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_00441343 ; call 0x441343 add esp, 8 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 3 mov ebx, eax shl eax, 4 sub eax, ebx mov edi, dword [eax + (_card_strings+64)] ; mov edi, dword [eax + 0x48127a] push edi push 3 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc push esi call fcn_0040d293 ; call 0x40d293 mov edx, eax add esp, 4 mov edi, eax mov ebx, eax imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 je short loc_00444599 ; je 0x444599 push 0x64 imul edx, edx, 0x68 xor ecx, ecx mov cx, word [edx + (_players+10)] ; mov cx, word [edx + 0x496b72] push ecx mov dx, word [edx + (_players+8)] ; mov dx, word [edx + 0x496b70] and edx, 0xffff push edx xor edx, edx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax push 0 call fcn_0040e669 ; call 0x40e669 add esp, 0x18 loc_00444599: cmp ebx, 4 jge near loc_0044467a ; jge 0x44467a mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 add eax, edx add eax, eax mov edx, eax shl eax, 4 sub eax, edx push eax mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp push ebx call fcn_0040df69 ; call 0x40df69 add esp, 0xc push 0x15 push ebx call fcn_004413ad ; call 0x4413ad add esp, 8 cmp eax, 1 jne short loc_004445e7 ; jne 0x4445e7 push ebx call fcn_00444bb2 ; call 0x444bb2 add esp, 4 jmp near loc_00444685 ; jmp 0x444685 loc_004445e7: push 0x13 push ebx call fcn_004413ad ; call 0x4413ad add esp, 8 cmp eax, 1 jne short loc_0044460b ; jne 0x44460b push 0 push 0 push ebx call fcn_0044476a ; call 0x44476a add esp, 0xc cmp eax, 0xffffffff je short loc_0044460b ; je 0x44460b mov ebx, eax loc_0044460b: mov eax, dword [_current_player] ; mov eax, dword [0x49910c] cmp ebx, eax jne short loc_00444619 ; jne 0x444619 push 4 push eax jmp short loc_0044461c ; jmp 0x44461c loc_00444619: push 5 push ebx loc_0044461c: call fcn_0043d593 ; call 0x43d593 add esp, 8 imul eax, ebx, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov edx, dword [eax + (_card_strings+304)] ; mov edx, dword [eax + 0x48136a] push edx push 1 push ebx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc cmp ebx, edi jne short loc_00444685 ; jne 0x444685 push 0x12 push edi call fcn_004413ad ; call 0x4413ad add esp, 8 cmp eax, 1 jne short loc_00444685 ; jne 0x444685 push edi call fcn_00444691 ; call 0x444691 add esp, 4 push 5 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx jmp short loc_0044467d ; jmp 0x44467d loc_0044467a: push 5 push ebx loc_0044467d: call fcn_0043d593 ; call 0x43d593 add esp, 8 loc_00444685: call fcn_0041d546 ; call 0x41d546 loc_0044468a: mov eax, esi pop ebp pop edi pop esi pop ebx ret fcn_00444691: push ebx push esi push edi sub esp, 0x80 push 0 imul ebx, dword [esp + 0x94], 0x68 xor eax, eax mov ax, word [ebx + (_players+10)] ; mov ax, word [ebx + 0x496b72] push eax xor eax, eax mov ax, word [ebx + (_players+8)] ; mov ax, word [ebx + 0x496b70] push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov ecx, dword [ebx + (_players+0)] ; mov ecx, dword [ebx + 0x496b68] push ecx push ref_0046532c ; push 0x46532c lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov eax, esp push eax push 0x12 call fcn_00441f73 ; call 0x441f73 add esp, 8 push 0x12 mov esi, dword [esp + 0x94] push esi call fcn_00441343 ; call 0x441343 add esp, 8 mov bl, byte [ebx + (_players+19)] ; mov bl, byte [ebx + 0x496b7b] and ebx, 0xff mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 3 mov ebx, eax shl eax, 4 sub eax, ebx mov edi, dword [eax + (_card_strings+68)] ; mov edi, dword [eax + 0x48127e] push edi push 0 push esi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc mov edx, dword [_current_player] ; mov edx, dword [0x49910c] imul eax, edx, 0x68 xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 3 mov ebx, eax shl eax, 4 sub eax, ebx mov ecx, dword [eax + (_card_strings+308)] ; mov ecx, dword [eax + 0x48136e] push ecx push 2 push edx loc_00444753: call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc mov eax, 1 add esp, 0x80 pop edi pop esi pop ebx ret fcn_0044476a: push ebx push esi push edi push ebp sub esp, 0xa0 mov edi, dword [esp + 0xb4] mov ebx, 0xffffffff push 0 imul esi, edi, 0x68 xor eax, eax mov ax, word [esi + (_players+10)] ; mov ax, word [esi + 0x496b72] push eax xor eax, eax mov ax, word [esi + (_players+8)] ; mov ax, word [esi + 0x496b70] push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc cmp byte [esi + (_players+21)], 1 ; cmp byte [esi + 0x496b7d], 1 jne near loc_004448b0 ; jne 0x4448b0 xor ebx, ebx xor esi, esi mov ebp, dword [_nplayers] ; mov ebp, dword [0x499114] loc_004447b8: cmp ebx, ebp jge short loc_004447d7 ; jge 0x4447d7 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_004447d4 ; je 0x4447d4 cmp ebx, edi je short loc_004447d4 ; je 0x4447d4 mov byte [esp + esi + 0x9c], bl inc esi loc_004447d4: inc ebx jmp short loc_004447b8 ; jmp 0x4447b8 loc_004447d7: imul eax, edi, 0x68 cmp esi, 1 jne near loc_0044486d ; jne 0x44486d mov ecx, dword [eax + (_players+0)] ; mov ecx, dword [eax + 0x496b68] push ecx push ref_0046533d ; push 0x46533d lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov eax, esp push eax push 0x13 call fcn_00441f73 ; call 0x441f73 add esp, 8 xor eax, eax mov al, byte [esp + 0x9c] imul eax, eax, 0x68 mov ebx, dword [eax + (_players+0)] ; mov ebx, dword [eax + 0x496b68] push ebx lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 lea eax, [esp + 0x80] push eax push ref_0046534e ; push 0x46534e lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov eax, esp push eax call fcn_00440ba8 ; call 0x440ba8 add esp, 4 cmp eax, esi jne short loc_00444863 ; jne 0x444863 xor ebx, ebx mov bl, byte [esp + 0x9c] jmp near loc_004449e7 ; jmp 0x4449e7 loc_00444863: mov ebx, 0xffffffff jmp near loc_00444a53 ; jmp 0x444a53 loc_0044486d: mov edx, dword [eax + (_players+0)] ; mov edx, dword [eax + 0x496b68] push edx push ref_0046533d ; push 0x46533d lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov eax, esp push eax push 0x13 call fcn_00441f73 ; call 0x441f73 add esp, 8 push ref_0046535d ; push 0x46535d lea eax, [esp + 0xa0] push eax push esi call fcn_00440e1a ; call 0x440e1a add esp, 0xc mov ebx, eax jmp near loc_004449e7 ; jmp 0x4449e7 loc_004448b0: push edi call fcn_0040d2d3 ; call 0x40d2d3 add esp, 4 mov ebp, eax cmp eax, ebx jne short loc_004448ca ; jne 0x4448ca push edi call fcn_0040d31c ; call 0x40d31c add esp, 4 mov ebp, eax loc_004448ca: mov edx, dword [esp + 0xb8] cmp edx, 1 jb short loc_004448ef ; jb 0x4448ef imul eax, edi, 0x68 mov dword [esp + 0x94], eax cmp edx, 1 jbe short loc_004448fc ; jbe 0x4448fc cmp edx, 2 je short loc_00444934 ; je 0x444934 jmp near loc_00444973 ; jmp 0x444973 loc_004448ef: test edx, edx jne near loc_00444973 ; jne 0x444973 jmp near loc_00444971 ; jmp 0x444971 loc_004448fc: call clib_rand ; call 0x456f2d mov edx, eax mov esi, 0xfa0 sar edx, 0x1f idiv esi add edx, esi mov esi, dword [ref_004990e8] ; mov esi, dword [0x4990e8] imul esi, edx mov eax, dword [esp + 0xbc] mov edx, dword [esp + 0x94] cmp eax, dword [edx + (_players+28)] ; cmp eax, dword [edx + 0x496b84] jg short loc_00444971 ; jg 0x444971 cmp esi, eax jge short loc_00444973 ; jge 0x444973 jmp short loc_00444971 ; jmp 0x444971 loc_00444934: fild dword [eax + (_players+28)] ; fild dword [eax + 0x496b84] fmul qword [ref_00465380] ; fmul qword [0x465380] mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 5 mov edx, eax shl eax, 2 add eax, edx mov dword [esp + 0x98], eax fild dword [esp + 0x98] fcompp fnstsw ax sahf jae short loc_00444973 ; jae 0x444973 loc_00444971: mov ebx, ebp loc_00444973: cmp ebx, 0xffffffff je short loc_004449e7 ; je 0x4449e7 imul eax, edi, 0x68 mov ecx, dword [eax + (_players+0)] ; mov ecx, dword [eax + 0x496b68] push ecx push ref_0046533d ; push 0x46533d lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov eax, esp push eax push 0x13 call fcn_00441f73 ; call 0x441f73 add esp, 8 imul ebp, ebp, 0x68 mov esi, dword [ebp + (_players+0)] ; mov esi, dword [ebp + 0x496b68] push esi lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 lea eax, [esp + 0x80] push eax push ref_0046536f ; push 0x46536f lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 loc_004449e7: cmp ebx, 0xffffffff je short loc_00444a53 ; je 0x444a53 push 0x13 push edi call fcn_00441343 ; call 0x441343 add esp, 8 imul eax, edi, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov esi, dword [eax + (_card_strings+72)] ; mov esi, dword [eax + 0x481282] push esi push 0 push edi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc imul eax, ebx, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov edi, dword [eax + (_card_strings+312)] ; mov edi, dword [eax + 0x481372] push edi push 2 push ebx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_00444a53: mov eax, ebx add esp, 0xa0 pop ebp pop edi pop esi pop ebx ret fcn_00444a60: push ebx push esi push edi push ebp sub esp, 0x80 mov edi, dword [esp + 0x94] push 0 imul ebx, edi, 0x68 xor eax, eax mov ax, word [ebx + (_players+10)] ; mov ax, word [ebx + 0x496b72] push eax xor eax, eax mov ax, word [ebx + (_players+8)] ; mov ax, word [ebx + 0x496b70] push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc cmp byte [ebx + (_players+21)], 1 ; cmp byte [ebx + 0x496b7d], 1 je short loc_00444ad8 ; je 0x444ad8 call clib_rand ; call 0x456f2d mov edx, eax mov esi, 0xbb8 sar edx, 0x1f idiv esi add edx, esi mov esi, dword [ref_004990e8] ; mov esi, dword [0x4990e8] imul esi, edx mov eax, dword [esp + 0x9c] cmp eax, dword [ebx + (_players+28)] ; cmp eax, dword [ebx + 0x496b84] jg short loc_00444aca ; jg 0x444aca cmp esi, eax jge short loc_00444ad1 ; jge 0x444ad1 loc_00444aca: mov esi, 1 jmp short loc_00444b07 ; jmp 0x444b07 loc_00444ad1: xor esi, esi jmp near loc_00444ba0 ; jmp 0x444ba0 loc_00444ad8: mov esi, dword [ebx + (_players+0)] ; mov esi, dword [ebx + 0x496b68] push esi push ref_00465388 ; push 0x465388 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov eax, esp push eax call fcn_00440ba8 ; call 0x440ba8 add esp, 4 mov esi, eax cmp eax, 1 jne near loc_00444ba0 ; jne 0x444ba0 loc_00444b07: mov ebp, dword [(_card_table + 8 * 19)] ; mov ebp, dword [0x47fe8a] push ebp push ref_00465305 ; push 0x465305 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov eax, esp push eax push 0x14 call fcn_00441f73 ; call 0x441f73 add esp, 8 push 0x14 push edi call fcn_00441343 ; call 0x441343 add esp, 8 imul eax, edi, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov edx, dword [eax + (_card_strings+76)] ; mov edx, dword [eax + 0x481286] push edx push 0 push edi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc mov ecx, dword [esp + 0x98] cmp ecx, 0xffffffff je short loc_00444ba0 ; je 0x444ba0 imul eax, ecx, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov edi, dword [eax + (_card_strings+316)] ; mov edi, dword [eax + 0x481376] push edi push 1 push ecx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_00444ba0: call fcn_0041d546 ; call 0x41d546 mov eax, esi add esp, 0x80 pop ebp pop edi pop esi pop ebx ret fcn_00444bb2: push ebx push esi push edi sub esp, 0x80 push 0 imul ebx, dword [esp + 0x94], 0x68 xor eax, eax mov ax, word [ebx + (_players+10)] ; mov ax, word [ebx + 0x496b72] push eax xor eax, eax mov ax, word [ebx + (_players+8)] ; mov ax, word [ebx + 0x496b70] push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov ecx, dword [ebx + (_players+0)] ; mov ecx, dword [ebx + 0x496b68] push ecx push ref_0046539d ; push 0x46539d lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov eax, esp push eax push 0x15 call fcn_00441f73 ; call 0x441f73 add esp, 8 push 0x15 mov esi, dword [esp + 0x94] push esi call fcn_00441343 ; call 0x441343 add esp, 8 mov bl, byte [ebx + (_players+19)] ; mov bl, byte [ebx + 0x496b7b] and ebx, 0xff mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 3 mov ebx, eax shl eax, 4 sub eax, ebx mov edi, dword [eax + (_card_strings+80)] ; mov edi, dword [eax + 0x48128a] push edi push 0 push esi jmp near loc_00444753 ; jmp 0x444753 fcn_00444c45: push ebx push esi push edi push ebp xor ebx, ebx imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov dl, byte [eax + (_players+64)] ; mov dl, byte [eax + 0x496ba8] test dl, dl je short loc_00444c71 ; je 0x444c71 mov al, dl and eax, 0xff push eax call fcn_0040e14d ; call 0x40e14d add esp, 4 mov ebx, 1 loc_00444c71: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov dh, byte [eax + (_players+63)] ; mov dh, byte [eax + 0x496ba7] test dh, dh je short loc_00444cd3 ; je 0x444cd3 mov al, dh and eax, 0xff lea edx, [eax - 1] mov eax, edx shl eax, 2 sub eax, edx mov al, byte [eax*8 + ref_00496d08] ; mov al, byte [eax*8 + 0x496d08] and eax, 0xff cmp eax, 5 je short loc_00444cbd ; je 0x444cbd cmp eax, 6 je short loc_00444cbd ; je 0x444cbd cmp eax, 7 je short loc_00444cbd ; je 0x444cbd cmp eax, 8 je short loc_00444cbd ; je 0x444cbd cmp eax, 0xa je short loc_00444cbd ; je 0x444cbd cmp eax, 0xf jne short loc_00444cd3 ; jne 0x444cd3 loc_00444cbd: mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_0040e32c ; call 0x40e32c add esp, 4 mov ebx, 1 jmp short loc_00444cdb ; jmp 0x444cdb loc_00444cd3: test ebx, ebx je near loc_00443069 ; je 0x443069 loc_00444cdb: push 0x16 mov esi, dword [_current_player] ; mov esi, dword [0x49910c] push esi call fcn_00441343 ; call 0x441343 add esp, 8 mov edi, dword [_current_player] ; mov edi, dword [0x49910c] imul eax, edi, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov ebp, dword [eax + (_card_strings+84)] ; mov ebp, dword [eax + 0x48128e] push ebp jmp near loc_0044305e ; jmp 0x44305e fcn_00444d1a: push ebx push esi push edi push ebp sub esp, 0x10 xor ebp, ebp mov dword [esp + 8], 0x461c4000 push 0xffffffffffffffff call fcn_0040a45c ; call 0x40a45c add esp, 4 mov dword [esp], eax xor ebx, ebx loc_00444d3a: cmp ebx, dword [esp] jge near loc_00444e10 ; jge 0x444e10 mov ax, word [ebx*2 + ref_0048b8c4] ; mov ax, word [ebx*2 + 0x48b8c4] test ah, 0x80 je near loc_00444e0a ; je 0x444e0a test ah, 0x7f je near loc_00444e0a ; je 0x444e0a xor al, al and ah, 0x7f and eax, 0xffff sar eax, 8 xor esi, esi mov si, ax push esi call fcn_0040ea62 ; call 0x40ea62 add esp, 4 cmp eax, 1 jne near loc_00444e0a ; jne 0x444e0a lea edx, [esi - 1] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 cmp byte [eax + ref_00496d0d], 0 ; cmp byte [eax + 0x496d0d], 0 jne short loc_00444e0a ; jne 0x444e0a xor edx, edx mov dx, word [eax + ref_00496d0a] ; mov dx, word [eax + 0x496d0a] mov eax, edx shl eax, 2 add edx, eax shl edx, 3 mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] add eax, edx movsx edx, word [eax] movsx ecx, word [eax + 2] imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor edi, edi mov di, word [eax + (_players+8)] ; mov di, word [eax + 0x496b70] sub edx, edi mov ax, word [eax + (_players+10)] ; mov ax, word [eax + 0x496b72] and eax, 0xffff sub ecx, eax mov eax, ecx imul edx, edx imul eax, ecx add eax, edx mov dword [esp + 0xc], eax fild dword [esp + 0xc] call fcn_004582bc ; call 0x4582bc fstp dword [esp + 4] fld dword [esp + 8] fcomp dword [esp + 4] fnstsw ax sahf jbe short loc_00444e0a ; jbe 0x444e0a mov eax, dword [esp + 4] mov dword [esp + 8], eax mov ebp, esi loc_00444e0a: inc ebx jmp near loc_00444d3a ; jmp 0x444d3a loc_00444e10: mov eax, ebp add esp, 0x10 pop ebp pop edi pop esi pop ebx ret fcn_00444e1a: push ebx push esi push edi push ebp imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_00444e35 ; jne 0x444e35 call fcn_00444d1a ; call 0x444d1a jmp short loc_00444e3f ; jmp 0x444e3f loc_00444e35: push 0 call fcn_0041e6f2 ; call 0x41e6f2 add esp, 4 loc_00444e3f: mov esi, eax test esi, esi je near loc_0044468a ; je 0x44468a push 0x17 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_00441343 ; call 0x441343 add esp, 8 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 3 mov ebx, eax shl eax, 4 sub eax, ebx mov edi, dword [eax + (_card_strings+88)] ; mov edi, dword [eax + 0x481292] push edi push 0 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc lea eax, [esi - 1] mov ebx, eax shl ebx, 2 sub ebx, eax xor edi, edi mov di, word [ebx*8 + ref_00496d0a] ; mov di, word [ebx*8 + 0x496d0a] xor edx, edx mov word [ebx*8 + ref_00496d0a], dx ; mov word [ebx*8 + 0x496d0a], dx push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor edx, edx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax mov eax, edi shl eax, 2 add eax, edi shl eax, 3 mov edx, dword [ref_00498e80] ; mov edx, dword [0x498e80] add eax, edx movsx edx, word [eax + 2] push edx movsx eax, word [eax] push eax push esi call fcn_0040e669 ; call 0x40e669 add esp, 0x18 mov word [ebx*8 + ref_00496d0a], di ; mov word [ebx*8 + 0x496d0a], di push esi xor eax, eax mov ax, di push eax mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_0040ead7 ; call 0x40ead7 add esp, 0xc jmp near loc_00444685 ; jmp 0x444685 fcn_00444f25: push ebx push esi push edi push ebp sub esp, 0x94 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] imul eax, edx, 0x68 xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 3 mov ebx, eax shl eax, 4 sub eax, ebx mov ecx, dword [eax + (_card_strings+92)] ; mov ecx, dword [eax + 0x481296] push ecx push 0 push edx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 je short loc_00444fea ; je 0x444fea push 0 call fcn_0041e6f2 ; call 0x41e6f2 mov edx, eax add esp, 4 shl eax, 3 lea ebx, [edx + eax] shl ebx, 2 mov byte [ebx + (_stocks_on_map+7)], 0x20 ; mov byte [ebx + 0x496987], 0x20 inc edx push edx call fcn_00429040 ; call 0x429040 add esp, 4 mov edi, dword [ebx + (_stocks_on_map+0)] ; mov edi, dword [ebx + 0x496980] push edi lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 mov ebp, dword [(_card_table + 8 * 23)] ; mov ebp, dword [0x47feaa] push ebp lea eax, [esp + 0x84] push eax push ref_004653ae ; push 0x4653ae lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 mov ebx, 1 jmp short loc_00445022 ; jmp 0x445022 loc_00444fea: push 0xa push 0xf push 0xc call fcn_004021f8 ; call 0x4021f8 add esp, 0xc push 1 call stocks_ui ; call 0x42b58f mov esi, eax add esp, 4 mov ebx, eax push 0 push 1 push 0x29 call fcn_004021f8 ; call 0x4021f8 add esp, 0xc push 1 call fcn_0041906a ; call 0x41906a add esp, 4 test esi, esi je short loc_00445032 ; je 0x445032 loc_00445022: push 0x18 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_00441343 ; call 0x441343 add esp, 8 loc_00445032: mov eax, ebx add esp, 0x94 pop ebp pop edi pop esi pop ebx ret fcn_0044503f: push ebx push esi push edi push ebp sub esp, 0xc8 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov ecx, dword [eax + (_card_strings+96)] ; mov ecx, dword [eax + 0x48129a] push ecx push 0 mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc xor ebx, ebx loc_00445083: mov eax, ebx shl eax, 3 add eax, ebx mov edx, dword [eax*4 + (_stocks_on_map+20)] ; mov edx, dword [eax*4 + 0x496994] mov dword [esp + ebx*4 + 0x80], edx inc ebx cmp ebx, 0xc jl short loc_00445083 ; jl 0x445083 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_004450e2 ; jne 0x4450e2 push 0xa push 0xf push 0xc call fcn_004021f8 ; call 0x4021f8 add esp, 0xc push 2 call stocks_ui ; call 0x42b58f add esp, 4 mov ebx, eax push 0 push 1 push 0x29 call fcn_004021f8 ; call 0x4021f8 add esp, 0xc push 1 call fcn_0041906a ; call 0x41906a add esp, 4 jmp short loc_0044515c ; jmp 0x44515c loc_004450e2: push 0 call fcn_0041e6f2 ; call 0x41e6f2 add esp, 4 lea ebx, [eax + 1] mov edx, eax shl eax, 3 add eax, edx mov byte [eax*4 + (_stocks_on_map+7)], 2 ; mov byte [eax*4 + 0x496987], 2 push ebx call fcn_00429040 ; call 0x429040 add esp, 4 lea edx, [ebx - 1] mov eax, edx shl eax, 3 add eax, edx mov edi, dword [eax*4 + (_stocks_on_map+0)] ; mov edi, dword [eax*4 + 0x496980] push edi lea eax, [esp + 0xb4] push eax call fcn_00452946 ; call 0x452946 add esp, 8 mov ebp, dword [(_card_table + 8 * 24)] ; mov ebp, dword [0x47feb2] push ebp lea eax, [esp + 0xb4] push eax push ref_004653ae ; push 0x4653ae lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 loc_0044515c: test ebx, ebx je near loc_004451e3 ; je 0x4451e3 lea edx, [ebx - 1] mov eax, edx shl eax, 3 add eax, edx mov edx, ebx fld dword [esp + edx*4 + 0x7c] fsub dword [eax*4 + (_stocks_on_map+20)] ; fsub dword [eax*4 + 0x496994] fstp dword [esp + 0xc4] xor esi, esi loc_00445184: cmp esi, dword [_nplayers] ; cmp esi, dword [0x499114] jge short loc_004451d2 ; jge 0x4451d2 mov eax, esi shl eax, 2 sub eax, esi shl eax, 5 mov edx, ebx shl edx, 3 add eax, edx cmp dword [eax + ref_00497198], 0 ; cmp dword [eax + 0x497198], 0 je short loc_004451cf ; je 0x4451cf fild dword [eax + ref_00497198] ; fild dword [eax + 0x497198] fmul dword [esp + 0xc4] fdiv dword [ref_004653bc] ; fdiv dword [0x4653bc] sub esp, 8 fstp qword [esp] mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi push esi call fcn_0040df69 ; call 0x40df69 add esp, 0x10 loc_004451cf: inc esi jmp short loc_00445184 ; jmp 0x445184 loc_004451d2: push 0x19 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] push edx call fcn_00441343 ; call 0x441343 add esp, 8 loc_004451e3: mov eax, ebx add esp, 0xc8 pop ebp pop edi pop esi pop ebx ret fcn_004451f0: push ebx push esi push edi push ebp sub esp, 0x98 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_00445216 ; jne 0x445216 push 0xe0c0410 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_0044521d ; jmp 0x44521d loc_00445216: push 0 call fcn_0041e6f2 ; call 0x41e6f2 loc_0044521d: add esp, 4 mov edi, eax test edi, edi je near loc_00445426 ; je 0x445426 push 0x1a mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_00441343 ; call 0x441343 add esp, 8 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 3 mov ebx, eax shl eax, 4 sub eax, ebx mov esi, dword [eax + (_card_strings+100)] ; mov esi, dword [eax + 0x48129e] push esi push 0 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc push edi call fcn_0040d293 ; call 0x40d293 mov esi, eax add esp, 4 mov ebx, eax imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 je short loc_004452ce ; je 0x4452ce push 0x64 imul esi, esi, 0x68 xor edx, edx mov dx, word [esi + (_players+10)] ; mov dx, word [esi + 0x496b72] push edx mov si, word [esi + (_players+8)] ; mov si, word [esi + 0x496b70] and esi, 0xffff push esi xor esi, esi mov si, word [eax + (_players+10)] ; mov si, word [eax + 0x496b72] push esi mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax push 0 call fcn_0040e669 ; call 0x40e669 add esp, 0x18 loc_004452ce: imul eax, ebx, 0x68 fild dword [eax + (_players+28)] ; fild dword [eax + 0x496b84] fmul qword [ref_004653d8] ; fmul qword [0x4653d8] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x94] mov esi, 0x64 mov eax, dword [esp + 0x94] mov edx, eax sar edx, 0x1f idiv esi push eax mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx push ebx call fcn_0040df69 ; call 0x40df69 add esp, 0xc push 0x14 push ebx call fcn_004413ad ; call 0x4413ad add esp, 8 cmp eax, 1 jne short loc_0044533e ; jne 0x44533e mov esi, dword [esp + 0x94] push esi mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp push ebx call fcn_00444a60 ; call 0x444a60 add esp, 0xc cmp eax, 1 je near loc_00445426 ; je 0x445426 loc_0044533e: push 0x13 push ebx call fcn_004413ad ; call 0x4413ad add esp, 8 cmp eax, 1 jne short loc_0044536f ; jne 0x44536f cmp dword [esp + 0x94], 0x7d0 jle short loc_0044536f ; jle 0x44536f push 0 push 2 push ebx call fcn_0044476a ; call 0x44476a add esp, 0xc cmp eax, 0xffffffff je short loc_0044536f ; je 0x44536f mov ebx, eax loc_0044536f: mov edx, dword [_current_player] ; mov edx, dword [0x49910c] cmp ebx, edx je near loc_00445421 ; je 0x445421 imul esi, ebx, 0x68 fild dword [esi + (_players+28)] ; fild dword [esi + 0x496b84] fmul qword [ref_004653d8] ; fmul qword [0x4653d8] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x94] push 0 mov ecx, dword [esp + 0x98] push ecx push edx push ebx call fcn_0041d2c6 ; call 0x41d2c6 add esp, 0x10 mov eax, dword [esi + (_players+0)] ; mov eax, dword [esi + 0x496b68] push eax lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 mov edx, dword [esp + 0x94] push edx lea eax, [esp + 0x84] push eax push ref_004653c0 ; push 0x4653c0 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 movzx esi, byte [esi + (_players+19)] ; movzx esi, byte [esi + 0x496b7b] mov eax, esi shl eax, 2 sub eax, esi shl eax, 3 mov esi, eax shl eax, 4 sub eax, esi mov ecx, dword [eax + (_card_strings+340)] ; mov ecx, dword [eax + 0x48138e] push ecx push 2 push ebx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_00445421: call fcn_0041d546 ; call 0x41d546 loc_00445426: mov eax, edi jmp near loc_00441e07 ; jmp 0x441e07 fcn_0044542d: push ebx push esi push edi push ebp imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_0044544d ; jne 0x44544d push 0xe0c0006 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_00445454 ; jmp 0x445454 loc_0044544d: push 0 call fcn_0041e6f2 ; call 0x41e6f2 loc_00445454: add esp, 4 mov ebp, eax test ebp, ebp je near loc_0044558c ; je 0x44558c push 0x1b mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_00441343 ; call 0x441343 add esp, 8 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 3 mov ebx, eax shl eax, 4 sub eax, ebx mov esi, dword [eax + (_card_strings+104)] ; mov esi, dword [eax + 0x4812a2] push esi push 0 mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc cmp ebp, 0x7d0 jle short loc_00445516 ; jle 0x445516 cmp ebp, 0xfa0 jge short loc_00445516 ; jge 0x445516 lea edi, [ebp - 0x7d0] imul edi, edi, 0x34 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] add edi, ebx mov esi, 1 loc_004454d0: add ebx, 0x34 cmp esi, dword [ref_00498e98] ; cmp esi, dword [0x498e98] jg short loc_004454f6 ; jg 0x4454f6 lea eax, [ebx + 4] push eax lea eax, [edi + 4] push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne short loc_004454f3 ; jne 0x4454f3 mov byte [ebx + 0x17], 0x50 loc_004454f3: inc esi jmp short loc_004454d0 ; jmp 0x4454d0 loc_004454f6: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 je near loc_0044557e ; je 0x44557e push 0x64 movsx ebx, word [edi + 2] push ebx movsx ebx, word [edi] jmp short loc_0044555c ; jmp 0x44555c loc_00445516: cmp ebp, 0xfa0 jle short loc_0044557e ; jle 0x44557e cmp ebp, 0x1770 jge short loc_0044557e ; jge 0x44557e lea eax, [ebp - 0xfa0] shl eax, 3 mov ebx, eax shl eax, 3 sub eax, ebx mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] add ebx, eax mov byte [ebx + 0x1c], 0x50 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 je short loc_0044557e ; je 0x44557e push 0x64 movsx esi, word [ebx + 2] push esi movsx ebx, word [ebx] loc_0044555c: push ebx xor ebx, ebx mov bx, word [eax + (_players+10)] ; mov bx, word [eax + 0x496b72] push ebx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff loc_00445573: push eax push 0 call fcn_0040e669 ; call 0x40e669 add esp, 0x18 loc_0044557e: push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc loc_0044558c: mov eax, ebp pop ebp pop edi pop esi pop ebx ret fcn_00445593: push ebx push esi push edi push ebp imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_004455b3 ; jne 0x4455b3 push 0xe0c0006 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_004455ba ; jmp 0x4455ba loc_004455b3: push 0 call fcn_0041e6f2 ; call 0x41e6f2 loc_004455ba: add esp, 4 mov ebp, eax test ebp, ebp je short loc_0044558c ; je 0x44558c push 0x1c mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_00441343 ; call 0x441343 add esp, 8 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 3 mov ebx, eax shl eax, 4 sub eax, ebx mov esi, dword [eax + (_card_strings+108)] ; mov esi, dword [eax + 0x4812a6] push esi push 0 mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc cmp ebp, 0x7d0 jle near loc_0044569a ; jle 0x44569a cmp ebp, 0xfa0 jge near loc_0044569a ; jge 0x44569a lea edi, [ebp - 0x7d0] imul edi, edi, 0x34 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] add edi, ebx mov esi, 1 loc_0044563a: add ebx, 0x34 cmp esi, dword [ref_00498e98] ; cmp esi, dword [0x498e98] jg short loc_00445660 ; jg 0x445660 lea eax, [ebx + 4] push eax lea eax, [edi + 4] push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne short loc_0044565d ; jne 0x44565d mov byte [ebx + 0x17], 0x51 loc_0044565d: inc esi jmp short loc_0044563a ; jmp 0x44563a loc_00445660: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 je near loc_0044557e ; je 0x44557e push 0x64 movsx ebx, word [edi + 2] push ebx movsx ebx, word [edi] push ebx xor ebx, ebx mov bx, word [eax + (_players+10)] ; mov bx, word [eax + 0x496b72] push ebx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff jmp near loc_00445573 ; jmp 0x445573 loc_0044569a: cmp ebp, 0xfa0 jle near loc_0044557e ; jle 0x44557e cmp ebp, 0x1770 jge near loc_0044557e ; jge 0x44557e lea eax, [ebp - 0xfa0] shl eax, 3 mov ebx, eax shl eax, 3 sub eax, ebx mov ebx, eax mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] add eax, ebx mov byte [eax + 0x1c], 0x51 cmp byte [eax + 0x18], 4 jne short loc_004456d9 ; jne 0x4456d9 mov byte [eax + 0x1e], 0 loc_004456d9: imul ebx, dword [_current_player], 0x68 ; imul ebx, dword [0x49910c], 0x68 cmp byte [ebx + (_players+21)], 1 ; cmp byte [ebx + 0x496b7d], 1 je near loc_0044557e ; je 0x44557e push 0x64 movsx esi, word [eax + 2] push esi movsx eax, word [eax] push eax xor eax, eax mov ax, word [ebx + (_players+10)] ; mov ax, word [ebx + 0x496b72] push eax xor eax, eax mov ax, word [ebx + (_players+8)] ; mov ax, word [ebx + 0x496b70] jmp near loc_00445573 ; jmp 0x445573 fcn_00445710: push ebx push esi push edi push ebp sub esp, 4 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_00445733 ; jne 0x445733 push 0xe0c0410 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_0044573a ; jmp 0x44573a loc_00445733: push 0 call fcn_0041e6f2 ; call 0x41e6f2 loc_0044573a: add esp, 4 mov esi, eax test esi, esi je near loc_004458d8 ; je 0x4458d8 push 0x1d mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_00441343 ; call 0x441343 add esp, 8 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 3 mov ebx, eax shl eax, 4 sub eax, ebx mov edi, dword [eax + (_card_strings+112)] ; mov edi, dword [eax + 0x4812aa] push edi push 3 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc push esi call fcn_0040d293 ; call 0x40d293 mov ebx, eax add esp, 4 mov dword [esp], eax imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 je short loc_004457e8 ; je 0x4457e8 push 0x64 imul ebx, ebx, 0x68 xor edx, edx mov dx, word [ebx + (_players+10)] ; mov dx, word [ebx + 0x496b72] push edx xor edx, edx mov dx, word [ebx + (_players+8)] ; mov dx, word [ebx + 0x496b70] push edx xor ebx, ebx mov bx, word [eax + (_players+10)] ; mov bx, word [eax + 0x496b72] push ebx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax push 0 call fcn_0040e669 ; call 0x40e669 add esp, 0x18 loc_004457e8: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov bl, byte [eax + (_players+65)] ; mov bl, byte [eax + 0x496ba9] test bl, bl je short loc_00445827 ; je 0x445827 xor edx, edx mov dl, bl dec edx imul ebx, edx, 0x68 xor cl, cl mov byte [ebx + (_players+65)], cl ; mov byte [ebx + 0x496ba9], cl xor edx, edx mov dl, byte [eax + (_players+65)] ; mov dl, byte [eax + 0x496ba9] dec edx imul ebx, edx, 0x68 mov byte [ebx + (_players+61)], cl ; mov byte [ebx + 0x496ba5], cl mov byte [eax + (_players+65)], cl ; mov byte [eax + 0x496ba9], cl mov byte [eax + (_players+61)], cl ; mov byte [eax + 0x496ba5], cl loc_00445827: imul eax, dword [esp], 0x68 cmp byte [eax + (_players+65)], 0 ; cmp byte [eax + 0x496ba9], 0 je short loc_00445866 ; je 0x445866 xor ebx, ebx mov bl, byte [eax + (_players+65)] ; mov bl, byte [eax + 0x496ba9] dec ebx imul ebx, ebx, 0x68 xor cl, cl mov byte [ebx + (_players+65)], cl ; mov byte [ebx + 0x496ba9], cl xor ebx, ebx mov bl, byte [eax + (_players+65)] ; mov bl, byte [eax + 0x496ba9] dec ebx imul ebx, ebx, 0x68 mov byte [ebx + (_players+61)], cl ; mov byte [ebx + 0x496ba5], cl mov byte [eax + (_players+65)], cl ; mov byte [eax + 0x496ba9], cl mov byte [eax + (_players+61)], cl ; mov byte [eax + 0x496ba5], cl loc_00445866: mov dl, byte [esp] inc dl mov edi, dword [_current_player] ; mov edi, dword [0x49910c] imul eax, edi, 0x68 mov byte [eax + (_players+65)], dl ; mov byte [eax + 0x496ba9], dl mov byte [eax + (_players+61)], 7 ; mov byte [eax + 0x496ba5], 7 mov al, byte [_current_player] ; mov al, byte [0x49910c] inc al mov ebp, dword [esp] imul ebx, ebp, 0x68 mov byte [ebx + (_players+65)], al ; mov byte [ebx + 0x496ba9], al mov byte [ebx + (_players+61)], 7 ; mov byte [ebx + 0x496ba5], 7 push edi call fcn_0041d433 ; call 0x41d433 add esp, 4 mov bl, byte [ebx + (_players+19)] ; mov bl, byte [ebx + 0x496b7b] and ebx, 0xff mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 3 mov ebx, eax shl eax, 4 sub eax, ebx mov edx, dword [eax + (_card_strings+352)] ; mov edx, dword [eax + 0x48139a] push edx push 0 push ebp call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc call fcn_0041d546 ; call 0x41d546 loc_004458d8: mov eax, esi jmp near loc_00442afa ; jmp 0x442afa fcn_004458df: push ebx push esi push edi push ebp imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_004458ff ; jne 0x4458ff push 0xe0c0010 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_00445906 ; jmp 0x445906 loc_004458ff: push 0 call fcn_0041e6f2 ; call 0x41e6f2 loc_00445906: add esp, 4 mov edi, eax test edi, edi je near loc_004440e3 ; je 0x4440e3 push edi call fcn_0040d293 ; call 0x40d293 mov ebx, eax add esp, 4 mov esi, eax push 0x1e mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_00441343 ; call 0x441343 add esp, 8 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] cmp ebx, ebp je short loc_00445969 ; je 0x445969 imul eax, ebp, 0x68 xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 3 mov ebx, eax shl eax, 4 sub eax, ebx mov ecx, dword [eax + (_card_strings+116)] ; mov ecx, dword [eax + 0x4812ae] push ecx push 3 push ebp call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_00445969: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 je short loc_004459b7 ; je 0x4459b7 push 0x64 imul edx, esi, 0x68 xor ebx, ebx mov bx, word [edx + (_players+10)] ; mov bx, word [edx + 0x496b72] push ebx mov dx, word [edx + (_players+8)] ; mov dx, word [edx + 0x496b70] and edx, 0xffff push edx xor edx, edx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax push 0 call fcn_0040e669 ; call 0x40e669 add esp, 0x18 loc_004459b7: cmp esi, 4 jge near loc_00445a3e ; jge 0x445a3e imul ebx, esi, 0x68 cmp esi, dword [_current_player] ; cmp esi, dword [0x49910c] jne short loc_00445a02 ; jne 0x445a02 xor edx, edx mov dl, byte [ebx + (_players+19)] ; mov dl, byte [ebx + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov ecx, dword [eax + (_card_strings+236)] ; mov ecx, dword [eax + 0x481326] push ecx push 3 push esi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc mov byte [ebx + (_players+57)], 2 ; mov byte [ebx + 0x496ba1], 2 jmp near loc_004440e3 ; jmp 0x4440e3 loc_00445a02: xor edx, edx mov dl, byte [ebx + (_players+19)] ; mov dl, byte [ebx + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov edx, dword [eax + (_card_strings+356)] ; mov edx, dword [eax + 0x48139e] push edx push 2 push esi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc mov byte [ebx + (_players+57)], 3 ; mov byte [ebx + 0x496ba1], 3 call fcn_0041d546 ; call 0x41d546 jmp near loc_004440e3 ; jmp 0x4440e3 loc_00445a3e: shl esi, 4 mov byte [esi + ref_00498df7], 3 ; mov byte [esi + 0x498df7], 3 jmp near loc_004440e3 ; jmp 0x4440e3 fcn_00445a4d: push ebx mov edx, dword [esp + 0xc] mov ecx, dword [esp + 8] mov eax, ecx shl eax, 2 add eax, ecx mov ecx, eax shl eax, 2 sub eax, ecx cmp byte [edx + eax + ref_0049915b], 9 ; cmp byte [edx + eax + 0x49915b], 9 jae short loc_00445aa0 ; jae 0x445aa0 cmp edx, 8 jg short loc_00445a87 ; jg 0x445a87 mov bh, byte [edx + (ref_00497320 - 1)] ; mov bh, byte [edx + 0x49731f] test bh, bh je short loc_00445aa0 ; je 0x445aa0 mov cl, bh dec cl mov byte [edx + (ref_00497320 - 1)], cl ; mov byte [edx + 0x49731f], cl loc_00445a87: mov ecx, dword [esp + 8] mov eax, ecx shl eax, 2 add eax, ecx mov ecx, eax shl eax, 2 sub eax, ecx inc byte [edx + eax + ref_0049915b] ; inc byte [edx + eax + 0x49915b] loc_00445aa0: pop ebx ret fcn_00445aa2: mov ecx, dword [esp + 8] mov edx, dword [esp + 4] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx add eax, ecx mov dl, byte [eax + ref_0049915b] ; mov dl, byte [eax + 0x49915b] test dl, dl je short loc_00445ad9 ; je 0x445ad9 mov dh, dl dec dh mov byte [eax + ref_0049915b], dh ; mov byte [eax + 0x49915b], dh cmp ecx, 8 jg short loc_00445ad9 ; jg 0x445ad9 inc byte [ecx + (ref_00497320 - 1)] ; inc byte [ecx + 0x49731f] loc_00445ad9: ret fcn_00445ada: push ebx push esi sub esp, 0x80 xor esi, esi xor eax, eax xor ebx, ebx jmp short loc_00445af0 ; jmp 0x445af0 loc_00445aea: inc eax cmp eax, 8 jge short loc_00445b0e ; jge 0x445b0e loc_00445af0: cmp byte [eax + ref_00497320], 0 ; cmp byte [eax + 0x497320], 0 je short loc_00445aea ; je 0x445aea xor edx, edx loc_00445afb: xor ecx, ecx mov cl, byte [eax + ref_00497320] ; mov cl, byte [eax + 0x497320] cmp edx, ecx jge short loc_00445aea ; jge 0x445aea mov byte [esp + ebx], al inc ebx inc edx jmp short loc_00445afb ; jmp 0x445afb loc_00445b0e: test ebx, ebx je short loc_00445b34 ; je 0x445b34 call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv ebx movzx esi, byte [esp + edx] inc esi push esi mov edx, dword [esp + 0x90] push edx call fcn_00445a4d ; call 0x445a4d add esp, 8 loc_00445b34: mov eax, esi add esp, 0x80 pop esi pop ebx ret fcn_00445b3f: push ebx push esi push edi mov esi, dword [esp + 0x10] imul eax, esi, 0x68 mov dl, byte [eax + (_players+17)] ; mov dl, byte [eax + 0x496b79] test dl, dl je short loc_00445baa ; je 0x445baa mov bl, dl and bl, 3 mov eax, esi shl eax, 2 add eax, esi mov edx, eax shl eax, 2 sub eax, edx cmp bl, 2 jb short loc_00445b74 ; jb 0x445b74 jbe short loc_00445b81 ; jbe 0x445b81 cmp bl, 3 je short loc_00445b89 ; je 0x445b89 jmp short loc_00445b8f ; jmp 0x445b8f loc_00445b74: cmp bl, 1 jne short loc_00445b8f ; jne 0x445b8f add byte [eax + ref_00499160], bl ; add byte [eax + 0x499160], bl jmp short loc_00445b8f ; jmp 0x445b8f loc_00445b81: inc byte [eax + ref_00499161] ; inc byte [eax + 0x499161] jmp short loc_00445b8f ; jmp 0x445b8f loc_00445b89: inc byte [eax + ref_00499167] ; inc byte [eax + 0x499167] loc_00445b8f: imul eax, esi, 0x68 xor cl, cl mov byte [eax + (_players+17)], cl ; mov byte [eax + 0x496b79], cl mov byte [eax + (_players+18)], 1 ; mov byte [eax + 0x496b7a], 1 push esi call fcn_0040b93b ; call 0x40b93b add esp, 4 loc_00445baa: xor eax, eax xor ebx, ebx jmp short loc_00445bb6 ; jmp 0x445bb6 loc_00445bb0: inc eax cmp eax, 0xd jge short loc_00445c0e ; jge 0x445c0e loc_00445bb6: mov edx, esi shl edx, 2 add edx, esi mov ecx, edx shl edx, 2 sub edx, ecx add edx, eax mov cl, byte [edx + ref_0049915c] ; mov cl, byte [edx + 0x49915c] test cl, cl je short loc_00445bb0 ; je 0x445bb0 cmp eax, 8 jge short loc_00445bdb ; jge 0x445bdb add byte [eax + ref_00497320], cl ; add byte [eax + 0x497320], cl loc_00445bdb: mov edx, esi shl edx, 2 add edx, esi mov ecx, edx shl edx, 2 sub edx, ecx movzx edi, byte [edx + eax + ref_0049915c] ; movzx edi, byte [edx + eax + 0x49915c] mov cl, byte [eax*8 + ref_0047fee7] ; mov cl, byte [eax*8 + 0x47fee7] and ecx, 0xff imul ecx, edi add ebx, ecx xor cl, cl mov byte [edx + eax + ref_0049915c], cl ; mov byte [edx + eax + 0x49915c], cl jmp short loc_00445bb0 ; jmp 0x445bb0 loc_00445c0e: mov eax, ebx pop edi pop esi pop ebx ret tools_ui_callback: push ebx push esi push edi push ebp sub esp, 0x50 mov ebx, dword [esp + 0x64] mov eax, dword [esp + 0x68] mov edx, dword [esp + 0x70] cmp eax, 0x202 jb short loc_00445c51 ; jb 0x445c51 jbe near loc_00445d84 ; jbe 0x445d84 cmp eax, 0x205 jb near loc_00445e13 ; jb 0x445e13 jbe near loc_00445dad ; jbe 0x445dad cmp eax, 0x401 je short loc_00445c6c ; je 0x445c6c jmp near loc_00445e13 ; jmp 0x445e13 loc_00445c51: cmp eax, 0xf jb near loc_00445e13 ; jb 0x445e13 jbe near loc_00445dbb ; jbe 0x445dbb cmp eax, 0x201 je short loc_00445c8f ; je 0x445c8f jmp near loc_00445e13 ; jmp 0x445e13 loc_00445c6c: xor edx, edx mov dword [ref_0048c560], edx ; mov dword [0x48c560], edx push 1 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 0 push ebx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_00445d7d ; jmp 0x445d7d loc_00445c8f: xor ebx, ebx mov bx, dx mov eax, edx shr eax, 0x10 and eax, 0xffff xor edx, edx mov dx, ax cmp ebx, 0x13 jl near loc_00445d7d ; jl 0x445d7d cmp ebx, 0x1a3 jge near loc_00445d7d ; jge 0x445d7d cmp edx, 0x87 jl near loc_00445d7d ; jl 0x445d7d cmp edx, 0x12f jge near loc_00445d7d ; jge 0x445d7d sub edx, 0x87 mov ecx, 0x38 mov eax, edx sar edx, 0x1f idiv ecx mov ecx, eax shl ecx, 2 add ecx, eax lea edx, [ebx - 0x13] mov ebx, 0x50 mov eax, edx sar edx, 0x1f idiv ebx lea ebx, [ecx + eax] cmp byte [ebx + ref_0048c548], 0 ; cmp byte [ebx + 0x48c548], 0 je near loc_00445d7d ; je 0x445d7d mov ecx, 5 mov eax, ebx mov edx, ebx sar edx, 0x1f idiv ecx mov eax, edx shl eax, 2 add eax, edx shl eax, 4 lea edx, [eax + 0x14] mov dword [esp + 0x40], edx add eax, 0x62 mov dword [esp + 0x48], eax mov eax, ebx mov edx, ebx sar edx, 0x1f idiv ecx shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx lea edx, [eax + 0x88] mov dword [esp + 0x44], edx add eax, 0xbe mov dword [esp + 0x4c], eax lea eax, [esp + 0x40] push eax call fcn_00451b9e ; call 0x451b9e add esp, 4 xor eax, eax mov al, byte [ebx + ref_0048c548] ; mov al, byte [ebx + 0x48c548] mov dword [ref_0048c560], eax ; mov dword [0x48c560], eax push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 loc_00445d7d: xor eax, eax jmp near loc_00445e22 ; jmp 0x445e22 loc_00445d84: cmp dword [ref_0048c560], 0 ; cmp dword [0x48c560], 0 je short loc_00445d7d ; je 0x445d7d call fcn_00451d4e ; call 0x451d4e push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov ebx, dword [ref_0048c560] ; mov ebx, dword [0x48c560] push ebx loc_00445da3: call _Post_0402_Message ; call 0x401966 add esp, 4 jmp short loc_00445d7d ; jmp 0x445d7d loc_00445dad: push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 jmp short loc_00445da3 ; jmp 0x445da3 loc_00445dbb: mov eax, esp push eax push ebx call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0xc] push ecx mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] push esi mov edi, dword [esp + 0x18] push edi mov ebp, dword [esp + 0x18] push ebp push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push ebx call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_00445d7d ; jmp 0x445d7d loc_00445e13: push edx mov edx, dword [esp + 0x70] push edx push eax push ebx loc_00445e1b: call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] loc_00445e22: add esp, 0x50 loc_00445e25: pop ebp pop edi pop esi pop ebx ret 0x10 endloc_00445e2c: db 0x90 ref_00445e2d: ; may contain a jump table dd loc_00446337 dd loc_0044639a dd loc_004465b6 dd loc_00446434 dd loc_00446457 dd loc_004464c3 dd loc_00446569 dd loc_0044657c fcn_00445e4d: push ebx push esi push edi push ebp sub esp, 0x48 mov eax, dword [esp + 0x60] mov ecx, dword [esp + 0x68] cmp eax, 0x200 jb short loc_00445ea2 ; jb 0x445ea2 mov edx, ecx shr edx, 0x10 and edx, 0xffff cmp eax, 0x200 jbe near loc_0044609b ; jbe 0x44609b cmp eax, 0x205 jb short loc_00445e92 ; jb 0x445e92 jbe near loc_004466b8 ; jbe 0x4466b8 cmp eax, 0x401 je short loc_00445ec1 ; je 0x445ec1 jmp near loc_0044675c ; jmp 0x44675c loc_00445e92: cmp eax, 0x202 je near loc_00446656 ; je 0x446656 jmp near loc_0044675c ; jmp 0x44675c loc_00445ea2: cmp eax, 0xf jb near loc_0044675c ; jb 0x44675c jbe near loc_004466fa ; jbe 0x4466fa cmp eax, 0x113 je near loc_00445f88 ; je 0x445f88 jmp near loc_0044675c ; jmp 0x44675c loc_00445ec1: mov ebx, edx mov eax, edx xor ah, dh and eax, 0xffff mov dword [ref_0048c588], eax ; mov dword [0x48c588], eax xor bl, dl xor eax, eax mov ax, bx sar eax, 8 inc eax mov dword [ref_0048c58c], eax ; mov dword [0x48c58c], eax xor eax, eax mov ax, cx mov dword [ref_0048c594], eax ; mov dword [0x48c594], eax test byte [ref_0048c594], 0x40 ; test byte [0x48c594], 0x40 je short loc_00445f05 ; je 0x445f05 and dword [ref_0048c594], 0x80 ; and dword [0x48c594], 0x80 or byte [ref_0048c594], 0x37 ; or byte [0x48c594], 0x37 loc_00445f05: mov dword [ref_0048c580], 0xffffffff ; mov dword [0x48c580], 0xffffffff xor ebx, ebx mov dword [ref_0048c564], ebx ; mov dword [0x48c564], ebx mov dword [ref_0048c56c], 8 ; mov dword [0x48c56c], 8 mov dword [ref_0048c568], ebx ; mov dword [0x48c568], ebx mov dword [ref_0048c584], ebx ; mov dword [0x48c584], ebx mov dword [ref_0048c570], ebx ; mov dword [0x48c570], ebx mov dword [ref_0048c578], ebx ; mov dword [0x48c578], ebx push 1 call fcn_00402460 ; call 0x402460 add esp, 4 lea eax, [esp + 0x40] push eax call dword [cs:__imp__GetCursorPos@4] ; ucall: call dword cs:[0x4622ec] push 1 call fcn_00409b18 ; call 0x409b18 add esp, 4 mov edx, dword [esp + 0x44] shl edx, 0x10 mov eax, dword [esp + 0x40] and eax, 0xffff add eax, edx push eax push ebx push 0x200 mov ecx, dword [esp + 0x68] push ecx call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] loc_00445f7e: xor eax, eax loc_00445f80: add esp, 0x48 jmp near loc_00445e25 ; jmp 0x445e25 loc_00445f88: cmp byte [ref_0046cb01], 0 ; cmp byte [0x46cb01], 0 je short loc_00445f7e ; je 0x445f7e mov eax, dword [esp + 0x64] cmp eax, dword [_callbackSize] ; cmp eax, dword [0x46cad8] jne short loc_00445f7e ; jne 0x445f7e mov edi, dword [ref_0048c56c] ; mov edi, dword [0x48c56c] cmp edi, 0x40 jg short loc_00445fb1 ; jg 0x445fb1 lea ebp, [edi + 4] mov dword [ref_0048c56c], ebp ; mov dword [0x48c56c], ebp loc_00445fb1: mov eax, dword [ref_0048c568] ; mov eax, dword [0x48c568] add eax, eax add eax, dword [ref_00499088] ; add eax, dword [0x499088] sub eax, 2 and eax, 7 mov ecx, dword [ref_0048c56c] ; mov ecx, dword [0x48c56c] imul ecx, dword [eax*8 + ref_004751b0] ; imul ecx, dword [eax*8 + 0x4751b0] sar ecx, 0x10 mov esi, dword [ref_0048c570] ; mov esi, dword [0x48c570] add esi, ecx mov dword [ref_0048c570], esi ; mov dword [0x48c570], esi mov ecx, dword [ref_0048c56c] ; mov ecx, dword [0x48c56c] imul ecx, dword [eax*8 + ref_004751b4] ; imul ecx, dword [eax*8 + 0x4751b4] sar ecx, 0x10 add dword [ref_0048c574], ecx ; add dword [0x48c574], ecx cmp esi, 0xdc jge short loc_0044600e ; jge 0x44600e mov dword [ref_0048c570], 0xdc ; mov dword [0x48c570], 0xdc jmp short loc_00446020 ; jmp 0x446020 loc_0044600e: cmp esi, 0x824 jle short loc_00446020 ; jle 0x446020 mov dword [ref_0048c570], 0x824 ; mov dword [0x48c570], 0x824 loc_00446020: mov esi, dword [ref_0048c574] ; mov esi, dword [0x48c574] cmp esi, 0xdc jge short loc_0044603a ; jge 0x44603a mov dword [ref_0048c574], 0xdc ; mov dword [0x48c574], 0xdc jmp short loc_0044604c ; jmp 0x44604c loc_0044603a: cmp esi, 0x824 jle short loc_0044604c ; jle 0x44604c mov dword [ref_0048c574], 0x824 ; mov dword [0x48c574], 0x824 loc_0044604c: mov eax, dword [ref_0048c578] ; mov eax, dword [0x48c578] cmp eax, dword [ref_0048c570] ; cmp eax, dword [0x48c570] jne short loc_0044606a ; jne 0x44606a mov eax, dword [ref_0048c57c] ; mov eax, dword [0x48c57c] cmp eax, dword [ref_0048c574] ; cmp eax, dword [0x48c574] je near loc_00445f7e ; je 0x445f7e loc_0044606a: push 0 mov ebx, dword [ref_0048c574] ; mov ebx, dword [0x48c574] push ebx mov esi, dword [ref_0048c570] ; mov esi, dword [0x48c570] push esi call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov eax, dword [ref_0048c570] ; mov eax, dword [0x48c570] mov dword [ref_0048c578], eax ; mov dword [0x48c578], eax mov eax, dword [ref_0048c574] ; mov eax, dword [0x48c574] mov dword [ref_0048c57c], eax ; mov dword [0x48c57c], eax jmp near loc_00445f7e ; jmp 0x445f7e loc_0044609b: xor ebx, ebx mov bx, cx movzx ebp, dx sub ebp, 0x28 test byte [ref_0048c594], 0x80 ; test byte [0x48c594], 0x80 je near loc_004461ff ; je 0x4461ff test ebx, ebx jne short loc_004460c6 ; jne 0x4460c6 mov dword [ref_0048c568], 2 ; mov dword [0x48c568], 2 jmp near loc_0044614b ; jmp 0x44614b loc_004460c6: cmp ebx, 0x1b8 jl short loc_004460dd ; jl 0x4460dd mov dword [ref_0048c568], 4 ; mov dword [0x48c568], 4 jmp near loc_0044614b ; jmp 0x44614b loc_004460dd: test ebp, ebp jg short loc_004460ed ; jg 0x4460ed mov dword [ref_0048c568], 1 ; mov dword [0x48c568], 1 jmp short loc_0044614b ; jmp 0x44614b loc_004460ed: cmp ebp, 0x1b7 jne short loc_00446101 ; jne 0x446101 mov dword [ref_0048c568], 3 ; mov dword [0x48c568], 3 jmp short loc_0044614b ; jmp 0x44614b loc_00446101: mov eax, dword [ref_0048c564] ; mov eax, dword [0x48c564] test eax, eax je short loc_0044613e ; je 0x44613e push eax mov eax, dword [esp + 0x60] push eax call dword [cs:__imp__KillTimer@8] ; ucall: call dword cs:[0x4622fc] push 1 call fcn_004024a9 ; call 0x4024a9 add esp, 4 xor edx, edx mov dword [ref_0048c568], edx ; mov dword [0x48c568], edx mov dword [ref_0048c564], edx ; mov dword [0x48c564], edx mov dword [ref_0048c56c], 8 ; mov dword [0x48c56c], 8 jmp near loc_004461ff ; jmp 0x4461ff loc_0044613e: cmp dword [ref_0048c568], 0 ; cmp dword [0x48c568], 0 je near loc_004461f2 ; je 0x4461f2 loc_0044614b: mov ecx, dword [ref_0048c564] ; mov ecx, dword [0x48c564] test ecx, ecx jne near loc_004461f2 ; jne 0x4461f2 push ecx call fcn_004024a9 ; call 0x4024a9 add esp, 4 mov eax, dword [ref_0048c568] ; mov eax, dword [0x48c568] shl eax, 2 mov edx, dword [ref_0048c580] ; mov edx, dword [0x48c580] mov ecx, dword [eax + ref_00475e0d] ; mov ecx, dword [eax + 0x475e0d] cmp edx, ecx je short loc_0044618d ; je 0x44618d mov dword [ref_0048c580], ecx ; mov dword [0x48c580], ecx push 0 push 1 push ecx call fcn_004021f8 ; call 0x4021f8 add esp, 0xc loc_0044618d: push 0 push 0x32 mov edx, dword [_callbackSize] ; mov edx, dword [0x46cad8] push edx mov ecx, dword [esp + 0x68] push ecx call dword [cs:__imp__SetTimer@16] ; ucall: call dword cs:[0x462324] mov dword [ref_0048c564], eax ; mov dword [0x48c564], eax cmp dword [ref_0048c570], 0 ; cmp dword [0x48c570], 0 jne short loc_004461f2 ; jne 0x4461f2 mov edx, dword [ref_0048be18] ; mov edx, dword [0x48be18] test edx, edx jne short loc_004461de ; jne 0x4461de imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov dx, word [eax + (_players+8)] ; mov dx, word [eax + 0x496b70] mov dword [ref_0048c570], edx ; mov dword [0x48c570], edx mov ax, word [eax + (_players+10)] ; mov ax, word [eax + 0x496b72] and eax, 0xffff jmp short loc_004461ed ; jmp 0x4461ed loc_004461de: mov eax, dword [ref_0048be1c] ; mov eax, dword [0x48be1c] mov dword [ref_0048c570], eax ; mov dword [0x48c570], eax mov eax, dword [ref_0048be20] ; mov eax, dword [0x48be20] loc_004461ed: mov dword [ref_0048c574], eax ; mov dword [0x48c574], eax loc_004461f2: cmp dword [ref_0048c564], 0 ; cmp dword [0x48c564], 0 jne near loc_00445f7e ; jne 0x445f7e loc_004461ff: test ebx, ebx jl near loc_00446624 ; jl 0x446624 cmp ebx, 0x1b8 jge near loc_00446624 ; jge 0x446624 test ebp, ebp jl near loc_00446624 ; jl 0x446624 cmp ebp, 0x1b8 jge near loc_00446624 ; jge 0x446624 push ebp push ebx call fcn_0040a9d7 ; call 0x40a9d7 add esp, 8 mov ebx, eax xor ebp, ebp test byte [ref_0048c594], 1 ; test byte [0x48c594], 1 je short loc_0044624e ; je 0x44624e test eax, eax jle short loc_0044624e ; jle 0x44624e cmp eax, 0x7d0 jge short loc_0044624e ; jge 0x44624e mov ebp, 1 loc_0044624e: test byte [ref_0048c594], 2 ; test byte [0x48c594], 2 je short loc_0044627d ; je 0x44627d cmp ebx, 0x7d0 jle short loc_0044627d ; jle 0x44627d cmp ebx, 0xfa0 jge short loc_0044627d ; jge 0x44627d lea eax, [ebx - 0x7d0] imul eax, eax, 0x34 mov edi, dword [ref_00498e84] ; mov edi, dword [0x498e84] add edi, eax mov ebp, 1 loc_0044627d: test byte [ref_0048c594], 4 ; test byte [0x48c594], 4 je short loc_004462b3 ; je 0x4462b3 cmp ebx, 0xfa0 jle short loc_004462b3 ; jle 0x4462b3 cmp ebx, 0x1770 jge short loc_004462b3 ; jge 0x4462b3 lea eax, [ebx - 0xfa0] shl eax, 3 mov ecx, eax shl eax, 3 sub eax, ecx mov esi, dword [ref_00498e88] ; mov esi, dword [0x498e88] add esi, eax mov ebp, 1 loc_004462b3: test byte [ref_0048c594], 0x10 ; test byte [0x48c594], 0x10 je short loc_004462e7 ; je 0x4462e7 test bh, 0x80 je short loc_004462e7 ; je 0x4462e7 test bl, 0xff je short loc_004462e7 ; je 0x4462e7 push ebx call fcn_0040d293 ; call 0x40d293 add esp, 4 cmp eax, 4 jge short loc_004462e2 ; jge 0x4462e2 jge short loc_004462e7 ; jge 0x4462e7 imul eax, eax, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_004462e7 ; je 0x4462e7 loc_004462e2: mov ebp, 1 loc_004462e7: test byte [ref_0048c594], 0x20 ; test byte [0x48c594], 0x20 je short loc_00446301 ; je 0x446301 test bh, 0x80 je short loc_00446301 ; je 0x446301 test bh, 0x7f je short loc_00446301 ; je 0x446301 mov ebp, 1 jmp short loc_0044630a ; jmp 0x44630a loc_00446301: cmp ebp, 1 jne near loc_004465b6 ; jne 0x4465b6 loc_0044630a: test byte [ref_0048c595], 0xff ; test byte [0x48c595], 0xff je near loc_004465b6 ; je 0x4465b6 xor ebp, ebp mov eax, dword [ref_0048c594] ; mov eax, dword [0x48c594] and eax, 0xff00 shr eax, 8 dec eax cmp eax, 7 ja near loc_004465b6 ; ja 0x4465b6 jmp dword [eax*4 + ref_00445e2d] ; ujmp: jmp dword [eax*4 + 0x445e2d] loc_00446337: cmp ebx, 0x7d0 jle short loc_0044635f ; jle 0x44635f cmp ebx, 0xfa0 jge short loc_0044635f ; jge 0x44635f xor edx, edx mov dl, byte [edi + 0x19] mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edx, eax jne near loc_004465b6 ; jne 0x4465b6 jmp near loc_004465ba ; jmp 0x4465ba loc_0044635f: cmp ebx, 0xfa0 jle near loc_004465b6 ; jle 0x4465b6 cmp ebx, 0x1770 jge near loc_004465b6 ; jge 0x4465b6 xor eax, eax mov al, byte [esi + 0x19] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] inc edx cmp eax, edx jne near loc_004465b6 ; jne 0x4465b6 cmp byte [esi + 0x1a], 0 je near loc_004465b6 ; je 0x4465b6 jmp near loc_004465ba ; jmp 0x4465ba loc_0044639a: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor ecx, ecx mov cx, word [eax + (_players+12)] ; mov cx, word [eax + 0x496b74] mov eax, ecx shl eax, 2 add eax, ecx mov ecx, dword [ref_00498e80] ; mov ecx, dword [0x498e80] mov cx, word [ecx + eax*8 + 0x20] and ecx, 0xffff cmp ebx, 0x7d0 jle short loc_004463f7 ; jle 0x4463f7 cmp ebx, 0xfa0 jge short loc_004463f7 ; jge 0x4463f7 cmp ecx, 0x7d0 jle near loc_004465b6 ; jle 0x4465b6 cmp ecx, 0xfa0 jge near loc_004465b6 ; jge 0x4465b6 cmp ecx, ebx je near loc_004465b6 ; je 0x4465b6 jmp near loc_004465ba ; jmp 0x4465ba loc_004463f7: cmp ebx, 0xfa0 jle near loc_004465b6 ; jle 0x4465b6 cmp ebx, 0x1770 jge near loc_004465b6 ; jge 0x4465b6 cmp ecx, 0xfa0 jle near loc_004465b6 ; jle 0x4465b6 cmp ecx, 0x1770 jge near loc_004465b6 ; jge 0x4465b6 cmp ecx, ebx je near loc_004465b6 ; je 0x4465b6 jmp near loc_004465ba ; jmp 0x4465ba loc_00446434: test bl, 0xf je near loc_004465b6 ; je 0x4465b6 mov cl, byte [_current_player] ; mov cl, byte [0x49910c] mov eax, 1 shl eax, cl test ebx, eax jne near loc_004465b6 ; jne 0x4465b6 jmp near loc_004465ba ; jmp 0x4465ba loc_00446457: cmp ebx, 0x7d0 jle short loc_00446489 ; jle 0x446489 cmp ebx, 0xfa0 jge short loc_00446489 ; jge 0x446489 xor edx, edx mov dl, byte [edi + 0x19] mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edx, eax je near loc_004465b6 ; je 0x4465b6 cmp byte [edi + 0x1a], 0 je near loc_004465b6 ; je 0x4465b6 jmp near loc_004465ba ; jmp 0x4465ba loc_00446489: cmp ebx, 0xfa0 jle near loc_004465b6 ; jle 0x4465b6 cmp ebx, 0x1770 jge near loc_004465b6 ; jge 0x4465b6 xor edx, edx mov dl, byte [esi + 0x19] mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edx, eax je near loc_004465b6 ; je 0x4465b6 cmp byte [esi + 0x1a], 0 je near loc_004465b6 ; je 0x4465b6 jmp near loc_004465ba ; jmp 0x4465ba loc_004464c3: cmp ebx, 0x7d0 jle short loc_004464f6 ; jle 0x4464f6 cmp ebx, 0xfa0 jge short loc_004464f6 ; jge 0x4464f6 xor eax, eax mov al, byte [edi + 0x19] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] inc edx cmp eax, edx je near loc_004465b6 ; je 0x4465b6 cmp byte [edi + 0x1a], 0 je near loc_004465b6 ; je 0x4465b6 jmp near loc_004465ba ; jmp 0x4465ba loc_004464f6: cmp ebx, 0xfa0 jle short loc_00446528 ; jle 0x446528 cmp ebx, 0x1770 jge short loc_00446528 ; jge 0x446528 xor edx, edx mov dl, byte [esi + 0x19] mov eax, dword [_current_player] ; mov eax, dword [0x49910c] inc eax cmp edx, eax je near loc_004465b6 ; je 0x4465b6 cmp byte [esi + 0x1a], 0 je near loc_004465b6 ; je 0x4465b6 jmp near loc_004465ba ; jmp 0x4465ba loc_00446528: test bh, 0x80 je near loc_004465b6 ; je 0x4465b6 mov ecx, ebx and ecx, 0x7f00 sar ecx, 8 dec ecx mov eax, ecx shl eax, 2 sub eax, ecx xor ecx, ecx mov cl, byte [eax*8 + ref_00496d08] ; mov cl, byte [eax*8 + 0x496d08] cmp ecx, 0x10 je near loc_004465ba ; je 0x4465ba cmp ecx, 0x11 je near loc_004465ba ; je 0x4465ba cmp ecx, 0x12 jne short loc_004465b6 ; jne 0x4465b6 jmp near loc_004465ba ; jmp 0x4465ba loc_00446569: mov cl, byte [_current_player] ; mov cl, byte [0x49910c] mov eax, 1 shl eax, cl test ebx, eax jne short loc_004465b6 ; jne 0x4465b6 jmp short loc_004465ba ; jmp 0x4465ba loc_0044657c: cmp ebx, 0x7d0 jle short loc_0044659a ; jle 0x44659a cmp ebx, 0xfa0 jge short loc_0044659a ; jge 0x44659a cmp byte [edi + 0x19], 0 jne short loc_004465b6 ; jne 0x4465b6 cmp byte [edi + 0x1a], 0 jne short loc_004465b6 ; jne 0x4465b6 jmp short loc_004465ba ; jmp 0x4465ba loc_0044659a: cmp ebx, 0xfa0 jle short loc_004465b6 ; jle 0x4465b6 cmp ebx, 0x1770 jge short loc_004465b6 ; jge 0x4465b6 cmp byte [esi + 0x19], 0 jne short loc_004465b6 ; jne 0x4465b6 cmp byte [esi + 0x1a], 0 je short loc_004465ba ; je 0x4465ba loc_004465b6: test ebp, ebp je short loc_004465f4 ; je 0x4465f4 loc_004465ba: mov dword [ref_0048c584], ebx ; mov dword [0x48c584], ebx mov eax, dword [ref_0048c580] ; mov eax, dword [0x48c580] mov edx, dword [ref_0048c588] ; mov edx, dword [0x48c588] cmp eax, edx je near loc_00445f7e ; je 0x445f7e push 0xa mov ecx, dword [ref_0048c58c] ; mov ecx, dword [0x48c58c] push ecx push edx call fcn_004021f8 ; call 0x4021f8 add esp, 0xc mov eax, dword [ref_0048c588] ; mov eax, dword [0x48c588] mov dword [ref_0048c580], eax ; mov dword [0x48c580], eax jmp near loc_00445f7e ; jmp 0x445f7e loc_004465f4: cmp dword [ref_0048c580], 5 ; cmp dword [0x48c580], 5 je near loc_00445f7e ; je 0x445f7e push ebp push 1 push 5 call fcn_004021f8 ; call 0x4021f8 add esp, 0xc mov dword [ref_0048c580], 5 ; mov dword [0x48c580], 5 xor eax, eax mov dword [ref_0048c584], eax ; mov dword [0x48c584], eax jmp near loc_00445f7e ; jmp 0x445f7e loc_00446624: cmp dword [ref_0048c580], 5 ; cmp dword [0x48c580], 5 je near loc_00445f7e ; je 0x445f7e push 0 push 1 push 5 call fcn_004021f8 ; call 0x4021f8 add esp, 0xc mov dword [ref_0048c580], 5 ; mov dword [0x48c580], 5 xor ebx, ebx mov dword [ref_0048c584], ebx ; mov dword [0x48c584], ebx jmp near loc_00445f7e ; jmp 0x445f7e loc_00446656: mov esi, dword [ref_0048c564] ; mov esi, dword [0x48c564] test esi, esi jne near loc_00445f7e ; jne 0x445f7e cmp dword [ref_0048c584], 0 ; cmp dword [0x48c584], 0 je short loc_004466a5 ; je 0x4466a5 push esi push ref_0048232a ; push 0x48232a call fcn_004542ce ; call 0x4542ce add esp, 8 push esi call fcn_00402460 ; call 0x402460 add esp, 4 push esi push 1 push 0x29 call fcn_004021f8 ; call 0x4021f8 add esp, 0xc mov ebp, dword [ref_0048c584] ; mov ebp, dword [0x48c584] push ebp loc_00446698: call _Post_0402_Message ; call 0x401966 add esp, 4 jmp near loc_00445f7e ; jmp 0x445f7e loc_004466a5: push esi push ref_0048233a ; push 0x48233a call fcn_004542ce ; call 0x4542ce add esp, 8 jmp near loc_00445f7e ; jmp 0x445f7e loc_004466b8: mov ebx, dword [ref_0048c564] ; mov ebx, dword [0x48c564] test ebx, ebx jne near loc_00445f7e ; jne 0x445f7e test byte [ref_0048c594], 8 ; test byte [0x48c594], 8 jne near loc_00445f7e ; jne 0x445f7e push ebx push ref_00482332 ; push 0x482332 call fcn_004542ce ; call 0x4542ce add esp, 8 push ebx call fcn_00402460 ; call 0x402460 add esp, 4 push ebx push 1 push 0x29 call fcn_004021f8 ; call 0x4021f8 add esp, 0xc push ebx jmp short loc_00446698 ; jmp 0x446698 loc_004466fa: mov eax, esp push eax mov edi, dword [esp + 0x60] push edi call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov eax, dword [eax] push 0x10 lea edx, [esp + 0xc] push edx mov ebp, dword [ref_0048a0e0] ; mov ebp, dword [0x48a0e0] push ebp mov edx, dword [esp + 0x18] push edx mov ecx, dword [esp + 0x18] push ecx mov ebx, dword [ref_0048a0dc] ; mov ebx, dword [0x48a0dc] push ebx call dword [eax + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push edi call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_00445f7e ; jmp 0x445f7e loc_0044675c: push ecx mov edi, dword [esp + 0x68] push edi push eax mov ebp, dword [esp + 0x68] push ebp call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_00445f80 ; jmp 0x445f80 fcn_00446774: push ebx push esi push edi push ebp sub esp, 0x50 mov edi, dword [esp + 0x64] mov eax, dword [esp + 0x68] mov ecx, dword [esp + 0x70] cmp eax, 0x201 jb short loc_004467b1 ; jb 0x4467b1 jbe near loc_00446a2c ; jbe 0x446a2c cmp eax, 0x205 jb near loc_00446adb ; jb 0x446adb jbe near loc_00446a66 ; jbe 0x446a66 cmp eax, 0x401 je short loc_004467cc ; je 0x4467cc jmp near loc_00446adb ; jmp 0x446adb loc_004467b1: cmp eax, 0xf jb near loc_00446adb ; jb 0x446adb jbe near loc_00446a83 ; jbe 0x446a83 cmp eax, 0x200 je short loc_00446800 ; je 0x446800 jmp near loc_00446adb ; jmp 0x446adb loc_004467cc: xor edx, edx mov dword [ref_0048c598], edx ; mov dword [0x48c598], edx push 0x140 push 0xdc call dword [cs:__imp__SetCursorPos@8] ; ucall: call dword cs:[0x46231c] push 1 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 0 push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_00445d7d ; jmp 0x445d7d loc_00446800: movzx ebp, cx mov eax, ecx shr eax, 0x10 and eax, 0xffff and eax, 0xffff xor ecx, ecx cmp eax, 0x13a jl near loc_0044697b ; jl 0x44697b cmp eax, 0x157 jge near loc_0044697b ; jge 0x44697b mov dword [esp + 0x44], 0x13a mov dword [esp + 0x4c], 0x157 xor esi, esi mov ebx, 0x68 jmp short loc_00446850 ; jmp 0x446850 loc_00446843: inc esi add ebx, 0x28 cmp esi, 6 jge near loc_0044697b ; jge 0x44697b loc_00446850: cmp ebp, ebx jl short loc_00446843 ; jl 0x446843 lea eax, [ebx + 0x1e] cmp ebp, eax jge short loc_00446843 ; jge 0x446843 lea eax, [esi + 1] mov edx, dword [ref_0048c598] ; mov edx, dword [0x48c598] cmp eax, edx je near loc_00446971 ; je 0x446971 test edx, edx je near loc_004468f4 ; je 0x4468f4 dec edx mov eax, edx shl eax, 2 add eax, edx shl eax, 3 lea edx, [eax + 0x68] mov dword [esp + 0x40], edx add eax, 0x86 mov dword [esp + 0x48], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x1d push 0x1e push 0xe mov eax, dword [esp + 0x4c] sub eax, 0x5c push eax push 0x13a mov eax, dword [esp + 0x54] push eax mov eax, dword [ref_0048c55c] ; mov eax, dword [0x48c55c] add eax, 0xc push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_004468f4: mov dword [esp + 0x40], ebx lea eax, [ebx + 0x1e] mov dword [esp + 0x48], eax lea eax, [esi + 1] mov dword [ref_0048c598], eax ; mov dword [0x48c598], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ecx, dword [esp + 0x44] push ecx mov eax, dword [esp + 0x44] push eax mov ecx, dword [ref_0048c55c] ; mov ecx, dword [0x48c55c] mov edx, dword [ref_0048c598] ; mov edx, dword [0x48c598] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 add ecx, 0xc add eax, ecx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_00446971: mov ecx, 1 jmp near loc_00446843 ; jmp 0x446843 loc_0044697b: test ecx, ecx jne near loc_00445d7d ; jne 0x445d7d mov ecx, dword [ref_0048c598] ; mov ecx, dword [0x48c598] test ecx, ecx je near loc_00445d7d ; je 0x445d7d lea edx, [ecx - 1] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 lea edx, [eax + 0x68] mov dword [esp + 0x40], edx add eax, 0x86 mov dword [esp + 0x48], eax mov ebx, 0x13a mov dword [esp + 0x44], ebx mov dword [esp + 0x4c], 0x157 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x1d push 0x1e push 0xe mov eax, dword [esp + 0x4c] sub eax, 0x5c push eax push ebx mov ebp, dword [esp + 0x54] push ebp mov eax, dword [ref_0048c55c] ; mov eax, dword [0x48c55c] add eax, 0xc push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] xor edx, edx mov dword [ref_0048c598], edx ; mov dword [0x48c598], edx jmp near loc_00445d7d ; jmp 0x445d7d loc_00446a2c: cmp dword [ref_0048c598], 0 ; cmp dword [0x48c598], 0 je near loc_00445d7d ; je 0x445d7d push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov ebx, dword [ref_0048c598] ; mov ebx, dword [0x48c598] push ebx loc_00446a59: call _Post_0402_Message ; call 0x401966 add esp, 4 jmp near loc_00445d7d ; jmp 0x445d7d loc_00446a66: push 0 push ref_00482332 ; push 0x482332 call fcn_004542ce ; call 0x4542ce add esp, 8 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 jmp short loc_00446a59 ; jmp 0x446a59 loc_00446a83: mov eax, esp push eax push edi call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0xc] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [esp + 0x18] push ebx mov esi, dword [esp + 0x18] push esi push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push edi call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_00445d7d ; jmp 0x445d7d loc_00446adb: push ecx mov ebp, dword [esp + 0x70] push ebp push eax push edi jmp near loc_00445e1b ; jmp 0x445e1b fcn_00446ae8: mov edx, dword [esp + 4] push edx push fcn_00445e4d ; push 0x445e4d call _Wait_0402_Message ; call 0x4018e7 add esp, 8 ret fcn_00446afb: push ebx push 1 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] push edx call fcn_00445aa2 ; call 0x445aa2 add esp, 8 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] imul eax, ecx, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff imul eax, eax, 0x68 mov ebx, dword [eax + (_tool_strings+0)] ; mov ebx, dword [eax + 0x480d5a] push ebx push 0 push ecx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov dx, word [eax + (_players+8)] ; mov dx, word [eax + 0x496b70] mov word [ref_00498e68], dx ; mov word [0x498e68], dx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] mov word [ref_00498e6a], dx ; mov word [0x498e6a], dx mov dx, word [eax + (_players+12)] ; mov dx, word [eax + 0x496b74] mov word [ref_00498e6c], dx ; mov word [0x498e6c], dx mov dx, word [eax + (_players+14)] ; mov dx, word [eax + 0x496b76] mov word [ref_00498e6e], dx ; mov word [0x498e6e], dx mov dl, byte [_current_player] ; mov dl, byte [0x49910c] mov byte [ref_00498e70], dl ; mov byte [0x498e70], dl mov al, byte [eax + (_players+16)] ; mov al, byte [eax + 0x496b78] mov byte [ref_00498e71], al ; mov byte [0x498e71], al xor ah, ah mov byte [ref_00498e72], ah ; mov byte [0x498e72], ah mov dword [_current_player], 8 ; mov dword [0x49910c], 8 call fcn_0040dd1f ; call 0x40dd1f loc_00446ba3: mov eax, 1 pop ebx ret fcn_00446baa: push ebx mov edx, dword [_current_player] ; mov edx, dword [0x49910c] imul eax, edx, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff imul eax, eax, 0x68 mov ecx, dword [eax + (_tool_strings+4)] ; mov ecx, dword [eax + 0x480d5e] push ecx push 0 push edx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_00446bed ; jne 0x446bed push 1 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_00446bf4 ; jmp 0x446bf4 loc_00446bed: push 0 call fcn_00420eee ; call 0x420eee loc_00446bf4: add esp, 4 mov ebx, eax test ebx, ebx je near loc_00446c84 ; je 0x446c84 push 0 push 0 push ebx push 0x10 call fcn_0040e033 ; call 0x40e033 mov ecx, eax add esp, 0x10 push 0x64 mov eax, ebx shl eax, 2 lea edx, [ebx + eax] shl edx, 3 mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] add eax, edx movsx edx, word [eax + 2] push edx movsx eax, word [eax] push eax imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor edx, edx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax push ecx call fcn_0040e669 ; call 0x40e669 add esp, 0x18 push 0 push ref_0048236a ; push 0x48236a call fcn_004542ce ; call 0x4542ce add esp, 8 call fcn_0041d546 ; call 0x41d546 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx dec byte [eax + ref_0049915d] ; dec byte [eax + 0x49915d] loc_00446c84: mov eax, ebx pop ebx ret fcn_00446c88: push ebx mov edx, dword [_current_player] ; mov edx, dword [0x49910c] imul eax, edx, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff imul eax, eax, 0x68 mov ecx, dword [eax + (_tool_strings+8)] ; mov ecx, dword [eax + 0x480d62] push ecx push 0 push edx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_00446cce ; jne 0x446cce push 0x10001 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_00446cd5 ; jmp 0x446cd5 loc_00446cce: push 0 call fcn_00420eee ; call 0x420eee loc_00446cd5: add esp, 4 mov ebx, eax test ebx, ebx je near loc_00446d65 ; je 0x446d65 push 0 push 0 push ebx push 0x11 call fcn_0040e033 ; call 0x40e033 mov ecx, eax add esp, 0x10 push 0x64 mov eax, ebx shl eax, 2 lea edx, [ebx + eax] shl edx, 3 mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] add eax, edx movsx edx, word [eax + 2] push edx movsx eax, word [eax] push eax imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor edx, edx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax push ecx call fcn_0040e669 ; call 0x40e669 add esp, 0x18 push 0 push ref_00482372 ; push 0x482372 call fcn_004542ce ; call 0x4542ce add esp, 8 call fcn_0041d546 ; call 0x41d546 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx dec byte [eax + ref_0049915e] ; dec byte [eax + 0x49915e] loc_00446d65: mov eax, ebx pop ebx ret fcn_00446d69: push ebx mov edx, dword [_current_player] ; mov edx, dword [0x49910c] imul eax, edx, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff imul eax, eax, 0x68 mov ecx, dword [eax + (_tool_strings+12)] ; mov ecx, dword [eax + 0x480d66] push ecx push 0 push edx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_00446daf ; jne 0x446daf push 0x20001 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_00446db6 ; jmp 0x446db6 loc_00446daf: push 0 call fcn_00420eee ; call 0x420eee loc_00446db6: add esp, 4 mov ebx, eax test ebx, ebx je near loc_00446e46 ; je 0x446e46 push 0 push 0 push ebx push 0x12 call fcn_0040e033 ; call 0x40e033 mov ecx, eax add esp, 0x10 push 0x64 mov eax, ebx shl eax, 2 lea edx, [ebx + eax] shl edx, 3 mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] add eax, edx movsx edx, word [eax + 2] push edx movsx eax, word [eax] push eax imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor edx, edx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax push ecx call fcn_0040e669 ; call 0x40e669 add esp, 0x18 push 0 push ref_0048235a ; push 0x48235a call fcn_004542ce ; call 0x4542ce add esp, 8 call fcn_0041d546 ; call 0x41d546 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx dec byte [eax + ref_0049915f] ; dec byte [eax + 0x49915f] loc_00446e46: mov eax, ebx pop ebx ret fcn_00446e4a: push ebx push esi push edi imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov dl, byte [eax + (_players+17)] ; mov dl, byte [eax + 0x496b79] cmp dl, 1 jne short loc_00446e66 ; jne 0x446e66 xor edx, edx jmp near loc_00446eff ; jmp 0x446eff loc_00446e66: cmp dl, 2 jne short loc_00446e85 ; jne 0x446e85 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx inc byte [eax + ref_00499161] ; inc byte [eax + 0x499161] loc_00446e85: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov byte [eax + (_players+17)], 1 ; mov byte [eax + 0x496b79], 1 mov byte [eax + (_players+18)], 2 ; mov byte [eax + 0x496b7a], 2 mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_0040b93b ; call 0x40b93b add esp, 4 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov esi, dword [_current_player] ; mov esi, dword [0x49910c] imul eax, esi, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff imul eax, eax, 0x68 mov edi, dword [eax + (_tool_strings+16)] ; mov edi, dword [eax + 0x480d6a] push edi push 0 push esi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx mov edx, 1 dec byte [eax + ref_00499160] ; dec byte [eax + 0x499160] loc_00446eff: mov eax, edx pop edi pop esi pop ebx ret fcn_00446f05: push ebx push esi push edi imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov dl, byte [eax + (_players+17)] ; mov dl, byte [eax + 0x496b79] cmp dl, 2 jne short loc_00446f1e ; jne 0x446f1e xor edx, edx jmp short loc_00446eff ; jmp 0x446eff loc_00446f1e: cmp dl, 1 jne short loc_00446f3d ; jne 0x446f3d mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx inc byte [eax + ref_00499160] ; inc byte [eax + 0x499160] loc_00446f3d: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov byte [eax + (_players+17)], 2 ; mov byte [eax + 0x496b79], 2 mov byte [eax + (_players+18)], 3 ; mov byte [eax + 0x496b7a], 3 mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_0040b93b ; call 0x40b93b add esp, 4 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov esi, dword [_current_player] ; mov esi, dword [0x49910c] imul eax, esi, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff imul eax, eax, 0x68 mov edi, dword [eax + (_tool_strings+20)] ; mov edi, dword [eax + 0x480d6e] push edi push 0 push esi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx mov edx, 1 dec byte [eax + ref_00499161] ; dec byte [eax + 0x499161] jmp near loc_00446eff ; jmp 0x446eff fcn_00446fbc: push ebx push edi push ebp sub esp, 8 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] imul eax, edx, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff imul eax, eax, 0x68 mov ecx, dword [eax + (_tool_strings+24)] ; mov ecx, dword [eax + 0x480d72] push ecx push 0 push edx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_00447007 ; jne 0x447007 push 0x300c0 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_0044700e ; jmp 0x44700e loc_00447007: push 0 call fcn_00420eee ; call 0x420eee loc_0044700e: add esp, 4 mov ebx, eax test ebx, ebx je near loc_004470ef ; je 0x4470ef push 7 mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi call fcn_00445aa2 ; call 0x445aa2 add esp, 8 lea eax, [esp + 4] push eax lea eax, [esp + 4] push eax push ebx call fcn_0040af12 ; call 0x40af12 add esp, 0xc push 0 push 0 push 0x210 mov ebp, dword [ref_0048a0e4] ; mov ebp, dword [0x48a0e4] push ebp call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0 mov eax, dword [esp + 8] push eax mov edx, dword [esp + 8] push edx call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx push 0 push 0x26 push 0x64 call fcn_0040ac7b ; call 0x40ac7b add esp, 0x10 push 0x51 push 0x90001 push 0x28 push 0 push ebx call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 xor ebx, ebx loc_004470a1: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_004470ea ; jge 0x4470ea imul eax, ebx, 0x68 test byte [eax + (_players+21)], 0x40 ; test byte [eax + 0x496b7d], 0x40 je short loc_004470e7 ; je 0x4470e7 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx add eax, eax mov edx, eax shl eax, 4 sub eax, edx push eax mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi push ebx call fcn_0040df69 ; call 0x40df69 add esp, 0xc push 3 push ebx call fcn_0043ec3f ; call 0x43ec3f add esp, 8 loc_004470e7: inc ebx jmp short loc_004470a1 ; jmp 0x4470a1 loc_004470ea: call fcn_0041d546 ; call 0x41d546 loc_004470ef: mov eax, ebx add esp, 8 pop ebp pop edi pop ebx ret fcn_004470f8: push ebx push esi push edi push ebp sub esp, 0x10 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne near loc_00447250 ; jne 0x447250 push 0 push 0 push 0x48 mov ecx, dword [ref_0048a05c] ; mov ecx, dword [0x48a05c] push ecx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c55c], eax ; mov dword [0x48c55c], eax mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] imul eax, ebx, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff imul eax, eax, 0x68 mov esi, dword [eax + (_tool_strings+28)] ; mov esi, dword [eax + 0x480d76] push esi push 0 push ebx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [ebx + 0x64] ; ucall push 0x12c push 0x5c mov eax, dword [ref_0048c55c] ; mov eax, dword [0x48c55c] add eax, 0xc push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push fcn_00446774 ; push 0x446774 call _Wait_0402_Message ; call 0x4018e7 add esp, 8 mov ebx, eax mov dword [esp], 0x5c mov dword [esp + 4], 0x12c mov dword [esp + 8], 0x15c mov dword [esp + 0xc], 0x163 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x37 push 0x100 push 0x104 push 0x5c push 0x12c push 0x5c mov edi, dword [ref_0048c558] ; mov edi, dword [0x48c558] push edi mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov esi, dword [esp + 0x10] push esi mov edi, dword [esp + 0x10] push edi push eax call dword [edx + 0x1c] ; ucall mov ebp, dword [ref_0048c55c] ; mov ebp, dword [0x48c55c] push ebp call clib_free ; call 0x456e11 add esp, 4 jmp short loc_0044725c ; jmp 0x44725c loc_00447250: push 0 call fcn_00420eee ; call 0x420eee add esp, 4 mov ebx, eax loc_0044725c: test ebx, ebx je short loc_0044727b ; je 0x44727b call fcn_0040dd1f ; call 0x40dd1f push 8 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_00445aa2 ; call 0x445aa2 add esp, 8 mov byte [ref_00475dd8], bl ; mov byte [0x475dd8], bl loc_0044727b: mov eax, ebx add esp, 0x10 pop ebp pop edi pop esi pop ebx ret fcn_00447285: xor eax, eax mov al, byte [ref_00475dd8] ; mov al, byte [0x475dd8] xor dl, dl mov byte [ref_00475dd8], dl ; mov byte [0x475dd8], dl ret fcn_00447295: push ebx push esi push edi push ebp sub esp, 8 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] imul ebx, edx, 0x68 xor eax, eax mov al, byte [ebx + (_players+19)] ; mov al, byte [ebx + 0x496b7b] imul eax, eax, 0x68 mov ecx, dword [eax + (_tool_strings+32)] ; mov ecx, dword [eax + 0x480d7a] push ecx push 0 push edx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_004472de ; jne 0x4472de push 0x2090006 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_004472e5 ; jmp 0x4472e5 loc_004472de: push 0 call fcn_00420eee ; call 0x420eee loc_004472e5: add esp, 4 mov ebx, eax test ebx, ebx je near loc_0044737d ; je 0x44737d push 9 mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi call fcn_00445aa2 ; call 0x445aa2 add esp, 8 lea eax, [esp + 4] push eax lea eax, [esp + 4] push eax push ebx call fcn_0040af12 ; call 0x40af12 add esp, 0xc push 0 push 0 push 0x229 mov ebp, dword [ref_0048a0e4] ; mov ebp, dword [0x48a0e4] push ebp call fcn_00450441 ; call 0x450441 mov esi, eax add esp, 0x10 push 0 mov eax, dword [esp + 8] push eax mov edx, dword [esp + 8] push edx call fcn_0041d476 ; call 0x41d476 add esp, 0xc push ebx call fcn_0040b110 ; call 0x40b110 add esp, 4 mov dword [esp], eax push 0x5b push 0x2c0001 push 0x28 push 0 push esi call fcn_0045144f ; call 0x45144f add esp, 0x14 push esi call clib_free ; call 0x456e11 add esp, 4 test byte [esp], 0x80 je short loc_00447378 ; je 0x447378 call fcn_0040b0cd ; call 0x40b0cd loc_00447378: call fcn_0041d546 ; call 0x41d546 loc_0044737d: mov eax, ebx add esp, 8 pop ebp pop edi pop esi pop ebx ret fcn_00447387: push ebx push esi mov edx, dword [_current_player] ; mov edx, dword [0x49910c] imul eax, edx, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff imul eax, eax, 0x68 mov ecx, dword [eax + (_tool_strings+36)] ; mov ecx, dword [eax + 0x480d7e] push ecx push 0 push edx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc call fcn_00448544 ; call 0x448544 mov ebx, eax test eax, eax je short loc_00447423 ; je 0x447423 mov ah, byte [ref_0046cb06] ; mov ah, byte [0x46cb06] test ah, ah je short loc_004473fe ; je 0x4473fe mov dl, ah inc dl mov byte [ref_0046cb06], dl ; mov byte [0x46cb06], dl mov al, dl and al, 0xf xor edx, edx mov dl, al xor eax, eax mov al, byte [ref_0046cb06] ; mov al, byte [0x46cb06] sar eax, 4 cmp edx, eax jle short loc_004473fe ; jle 0x4473fe xor dh, dh mov byte [ref_0046cb06], dh ; mov byte [0x46cb06], dh call fcn_00454acb ; call 0x454acb push 0 call fcn_00454d91 ; call 0x454d91 add esp, 4 loc_004473fe: push 0xa mov esi, dword [_current_player] ; mov esi, dword [0x49910c] push esi call fcn_00445aa2 ; call 0x445aa2 add esp, 8 push 0 call fcn_0040a4e1 ; call 0x40a4e1 add esp, 4 push 1 call fcn_0041906a ; call 0x41906a add esp, 4 loc_00447423: mov eax, ebx pop esi pop ebx ret fcn_00447428: push ebx push esi push edi push ebp sub esp, 0x28 xor esi, esi mov edx, dword [_current_player] ; mov edx, dword [0x49910c] imul eax, edx, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff imul eax, eax, 0x68 mov ecx, dword [eax + (_tool_strings+40)] ; mov ecx, dword [eax + 0x480d82] push ecx push esi push edx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_00447478 ; jne 0x447478 push 0x1200036 call fcn_00446ae8 ; call 0x446ae8 add esp, 4 jmp short loc_00447488 ; jmp 0x447488 loc_00447478: mov cl, byte [_current_player] ; mov cl, byte [0x49910c] mov eax, 1 shl eax, cl or ah, 0x80 loc_00447488: mov dword [esp + 0x1c], eax mov dh, byte [esp + 0x1d] test dh, 0x80 je short loc_004474d1 ; je 0x4474d1 test dh, 0x3f je short loc_004474d1 ; je 0x4474d1 mov ebx, dword [esp + 0x1c] and ebx, 0x3f00 sar ebx, 8 lea edx, [ebx - 1] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov bh, byte [eax + ref_00496d0d] ; mov bh, byte [eax + 0x496d0d] test bh, bh je short loc_004474d1 ; je 0x4474d1 xor ecx, ecx mov cl, bh dec ecx mov eax, 1 shl eax, cl or ah, 0x80 mov dword [esp + 0x1c], eax loc_004474d1: mov ebp, dword [esp + 0x1c] test ebp, ebp je near loc_004479c8 ; je 0x4479c8 cmp ebp, 0x7d0 jle near loc_0044757c ; jle 0x44757c cmp ebp, 0xfa0 jge near loc_0044757c ; jge 0x44757c push 0x2090802 call fcn_00446ae8 ; call 0x446ae8 mov edx, eax add esp, 4 test eax, eax je near loc_004479b3 ; je 0x4479b3 lea eax, [ebp - 0x7d0] imul eax, eax, 0x34 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] add eax, ebx sub edx, 0x7d0 imul edx, edx, 0x34 add edx, ebx mov bl, byte [eax + 0x19] mov byte [edx + 0x19], bl mov byte [eax + 0x19], 0 mov bl, byte [eax + 0x1a] mov byte [edx + 0x1a], bl mov byte [eax + 0x1a], 0 mov bl, byte [eax + 0x18] mov byte [edx + 0x18], bl mov byte [eax + 0x18], 0 mov ecx, dword [eax + 0x30] mov dword [edx + 0x30], ecx mov dword [eax + 0x30], 0 mov dword [eax + 0x2c], 0 loc_0044755a: push 0 call fcn_0040a4e1 ; call 0x40a4e1 loc_00447561: add esp, 4 loc_00447564: push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov esi, 1 jmp near loc_004479b7 ; jmp 0x4479b7 loc_0044757c: mov ecx, dword [esp + 0x1c] cmp ecx, 0xfa0 jle near loc_0044761c ; jle 0x44761c cmp ecx, 0x1770 jge near loc_0044761c ; jge 0x44761c push 0x2090804 call fcn_00446ae8 ; call 0x446ae8 mov edx, eax add esp, 4 test eax, eax je near loc_004479b3 ; je 0x4479b3 mov eax, dword [esp + 0x1c] sub eax, 0xfa0 shl eax, 3 mov ebx, eax shl eax, 3 sub eax, ebx mov esi, dword [ref_00498e88] ; mov esi, dword [0x498e88] sub edx, 0xfa0 shl edx, 3 mov ebx, edx shl edx, 3 sub edx, ebx mov bl, byte [esi + eax + 0x19] mov byte [edx + esi + 0x19], bl mov byte [esi + eax + 0x19], 0 mov bl, byte [esi + eax + 0x1a] mov byte [edx + esi + 0x1a], bl mov byte [esi + eax + 0x1a], 0 mov bl, byte [esi + eax + 0x18] mov byte [edx + esi + 0x18], bl mov byte [esi + eax + 0x18], 0 mov ecx, dword [esi + eax + 0x34] mov dword [edx + esi + 0x34], ecx mov dword [esi + eax + 0x34], 0 mov dword [esi + eax + 0x30], 0 jmp near loc_0044755a ; jmp 0x44755a loc_0044761c: test byte [esp + 0x1d], 0x80 je near loc_004478cb ; je 0x4478cb test byte [esp + 0x1c], 0xff je near loc_004478cb ; je 0x4478cb mov edi, dword [esp + 0x1c] push edi call fcn_0040d293 ; call 0x40d293 add esp, 4 mov dword [esp + 8], eax imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_0044765f ; jne 0x44765f push 0x2090001 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_00447666 ; jmp 0x447666 loc_0044765f: push 0 call fcn_00420eee ; call 0x420eee loc_00447666: add esp, 4 mov dword [esp + 0x14], eax mov eax, dword [esp + 0x14] test eax, eax je near loc_004479b3 ; je 0x4479b3 mov edx, eax shl eax, 2 add eax, edx shl eax, 3 mov edx, dword [ref_00498e80] ; mov edx, dword [0x498e80] add edx, eax mov dword [esp + 0x18], edx xor edx, edx mov dword [esp + 0x24], edx xor ebx, ebx mov dword [esp + 0x20], 0x40000000 mov edx, dword [esp + 0x18] jmp short loc_004476af ; jmp 0x4476af loc_004476a5: sar dword [esp + 0x20], 1 inc ebx cmp ebx, 4 jge short loc_004476da ; jge 0x4476da loc_004476af: lea esi, [ebx + ebx] add esi, edx mov si, word [esi + 0x18] and esi, 0xffff je short loc_004476a5 ; je 0x4476a5 mov eax, dword [edx + 0x24] test dword [esp + 0x20], eax jne short loc_004476a5 ; jne 0x4476a5 mov eax, dword [esp + 0x24] mov word [esp + eax*2], si lea edi, [eax + 1] mov dword [esp + 0x24], edi jmp short loc_004476a5 ; jmp 0x4476a5 loc_004476da: mov eax, dword [esp + 8] cmp eax, 4 jge short loc_004476ef ; jge 0x4476ef imul ebp, eax, 0x68 movzx ebp, byte [ebp + (_players+16)] ; movzx ebp, byte [ebp + 0x496b78] jmp short loc_004476fb ; jmp 0x4476fb loc_004476ef: mov ebp, eax shl ebp, 4 movzx ebp, byte [ebp + ref_00498df1] ; movzx ebp, byte [ebp + 0x498df1] loc_004476fb: xor ebx, ebx mov dword [esp + 0xc], 8 loc_00447705: cmp ebx, dword [esp + 0x24] jge short loc_00447766 ; jge 0x447766 mov ax, word [esp + ebx*2] and eax, 0xffff push eax mov eax, dword [esp + 0x18] push eax call fcn_00407a8c ; call 0x407a8c mov edi, eax add esp, 8 mov esi, eax mov eax, ebp sub eax, edi push eax call _abs ; call 0x458276 add esp, 4 mov edx, eax cmp eax, 4 jle short loc_00447751 ; jle 0x447751 cmp ebp, edi jge short loc_00447740 ; jge 0x447740 mov edi, ebp loc_00447740: add edi, 8 cmp ebp, esi jle short loc_0044774b ; jle 0x44774b mov edx, ebp jmp short loc_0044774d ; jmp 0x44774d loc_0044774b: mov edx, esi loc_0044774d: sub edi, edx mov edx, edi loc_00447751: cmp edx, dword [esp + 0xc] jge short loc_00447763 ; jge 0x447763 mov dword [esp + 0xc], edx mov dword [esp + 0x10], ebx mov dword [esp + 0x20], esi loc_00447763: inc ebx jmp short loc_00447705 ; jmp 0x447705 loc_00447766: mov cl, byte [esp + 8] mov edi, 0x100 shl edi, cl cmp dword [esp + 0x24], 1 jle short loc_004477a0 ; jle 0x4477a0 xor ebx, ebx mov ebp, dword [esp + 0x24] loc_0044777e: cmp ebx, ebp jge short loc_004477ae ; jge 0x4477ae xor edx, edx mov dx, word [esp + ebx*2] mov eax, dword [esp + 0x10] mov ax, word [esp + eax*2] and eax, 0xffff cmp edx, eax je short loc_0044779d ; je 0x44779d mov esi, edx jmp short loc_004477ae ; jmp 0x4477ae loc_0044779d: inc ebx jmp short loc_0044777e ; jmp 0x44777e loc_004477a0: mov esi, dword [esp + 0x10] mov si, word [esp + esi*2] and esi, 0xffff loc_004477ae: mov eax, dword [esp + 8] cmp eax, 4 jge near loc_00447857 ; jge 0x447857 cmp eax, dword [_current_player] ; cmp eax, dword [0x49910c] jne short loc_004477e2 ; jne 0x4477e2 call fcn_0044808a ; call 0x44808a xor eax, eax mov dword [ref_0048baf8], eax ; mov dword [0x48baf8], eax imul eax, dword [esp + 8], 0x34 mov dh, 1 mov byte [eax + ref_00498ea2], dh ; mov byte [eax + 0x498ea2], dh mov byte [ref_0046cafb], dh ; mov byte [0x46cafb], dh loc_004477e2: mov ecx, dword [esp + 8] imul ebx, ecx, 0x68 xor edx, edx mov dx, word [ebx + (_players+12)] ; mov dx, word [ebx + 0x496b74] mov eax, edx shl eax, 2 add edx, eax shl edx, 3 mov eax, dword [ref_00498e80] ; mov eax, dword [0x498e80] add eax, edx mov edx, edi not edx and dword [eax + 0x24], edx mov eax, dword [esp + 0x14] mov word [ebx + (_players+12)], ax ; mov word [ebx + 0x496b74], ax mov word [ebx + (_players+14)], si ; mov word [ebx + 0x496b76], si mov al, byte [esp + 0x20] mov byte [ebx + (_players+16)], al ; mov byte [ebx + 0x496b78], al mov eax, dword [esp + 0x18] mov ax, word [eax] mov word [ebx + (_players+8)], ax ; mov word [ebx + 0x496b70], ax mov eax, dword [esp + 0x18] mov ax, word [eax + 2] mov word [ebx + (_players+10)], ax ; mov word [ebx + 0x496b72], ax push ecx call fcn_0040fc00 ; call 0x40fc00 add esp, 4 cmp byte [ebx + (_players+21)], 0 ; cmp byte [ebx + 0x496b7d], 0 je short loc_004478bc ; je 0x4478bc jmp short loc_004478b5 ; jmp 0x4478b5 loc_00447857: shl eax, 4 xor ecx, ecx mov cx, word [eax + ref_00498dec] ; mov cx, word [eax + 0x498dec] mov edx, ecx shl edx, 2 add edx, ecx shl edx, 3 mov ecx, dword [ref_00498e80] ; mov ecx, dword [0x498e80] add edx, ecx mov ecx, edi not ecx and dword [edx + 0x24], ecx mov edx, dword [esp + 0x14] mov word [eax + ref_00498dec], dx ; mov word [eax + 0x498dec], dx mov word [eax + ref_00498dee], si ; mov word [eax + 0x498dee], si mov dl, byte [esp + 0x20] mov byte [eax + ref_00498df1], dl ; mov byte [eax + 0x498df1], dl mov edx, dword [esp + 0x18] mov dx, word [edx] mov word [eax + ref_00498de8], dx ; mov word [eax + 0x498de8], dx mov edx, dword [esp + 0x18] mov dx, word [edx + 2] mov word [eax + ref_00498dea], dx ; mov word [eax + 0x498dea], dx loc_004478b5: mov eax, dword [esp + 0x18] or dword [eax + 0x24], edi loc_004478bc: mov ecx, dword [esp + 8] push ecx call fcn_0040b93b ; call 0x40b93b jmp near loc_00447561 ; jmp 0x447561 loc_004478cb: mov al, byte [esp + 0x1d] test al, 0x80 je near loc_004479b3 ; je 0x4479b3 test al, 0x3f je near loc_004479b3 ; je 0x4479b3 push 0x2090001 call fcn_00446ae8 ; call 0x446ae8 add esp, 4 mov dword [esp + 0x14], eax test eax, eax je near loc_004479b3 ; je 0x4479b3 mov edx, eax shl eax, 2 add eax, edx shl eax, 3 mov esi, dword [ref_00498e80] ; mov esi, dword [0x498e80] lea edx, [esi + eax] mov dword [esp + 0x18], edx mov ebx, dword [esp + 0x1c] and ebx, 0x3f00 sar ebx, 8 lea edx, [ebx - 1] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 3 xor ecx, ecx mov cx, word [edx + ref_00496d0a] ; mov cx, word [edx + 0x496d0a] mov eax, ecx shl eax, 2 add eax, ecx mov byte [esi + eax*8 + 0x26], 0 mov eax, dword [esp + 0x14] mov word [edx + ref_00496d0a], ax ; mov word [edx + 0x496d0a], ax mov eax, ebx shl eax, 0x10 mov edx, dword [esp + 0x18] or dword [edx + 0x24], eax xor esi, esi jmp short loc_00447961 ; jmp 0x447961 loc_0044795b: inc esi cmp esi, 4 jge short loc_00447989 ; jge 0x447989 loc_00447961: mov edx, dword [esp + 0x14] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 mov edx, dword [ref_00498e80] ; mov edx, dword [0x498e80] add eax, edx mov edx, esi mov ax, word [eax + edx*2 + 0x18] and eax, 0xffff mov dword [esp + 0x1c], eax je short loc_0044795b ; je 0x44795b loc_00447989: mov ebp, dword [esp + 0x14] push ebp mov eax, dword [esp + 0x20] push eax call fcn_00407a8c ; call 0x407a8c mov ecx, eax add esp, 8 lea edx, [ebx - 1] mov eax, edx shl eax, 2 sub eax, edx mov byte [eax*8 + ref_00496d09], cl ; mov byte [eax*8 + 0x496d09], cl jmp near loc_00447564 ; jmp 0x447564 loc_004479b3: test esi, esi je short loc_004479c8 ; je 0x4479c8 loc_004479b7: push 0xb mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_00445aa2 ; call 0x445aa2 add esp, 8 loc_004479c8: mov eax, esi add esp, 0x28 pop ebp pop edi pop esi pop ebx ret fcn_004479d2: push ebx push edi push ebp imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov dl, byte [eax + (_players+17)] ; mov dl, byte [eax + 0x496b79] and dl, 3 cmp dl, 3 jne short loc_004479f1 ; jne 0x4479f1 xor edx, edx jmp near loc_00447ac8 ; jmp 0x447ac8 loc_004479f1: cmp byte [eax + (_players+17)], 1 ; cmp byte [eax + 0x496b79], 1 jne short loc_00447a14 ; jne 0x447a14 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx inc byte [eax + ref_00499160] ; inc byte [eax + 0x499160] loc_00447a14: mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] imul eax, ecx, 0x68 cmp byte [eax + (_players+17)], 2 ; cmp byte [eax + 0x496b79], 2 jne short loc_00447a3a ; jne 0x447a3a mov eax, ecx shl eax, 2 add eax, ecx mov edx, eax shl eax, 2 sub eax, edx inc byte [eax + ref_00499161] ; inc byte [eax + 0x499161] loc_00447a3a: mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] imul eax, ebx, 0x68 mov dl, byte [eax + (_players+17)] ; mov dl, byte [eax + 0x496b79] mov byte [eax + (_players+100)], dl ; mov byte [eax + 0x496bcc], dl mov dl, byte [eax + (_players+18)] ; mov dl, byte [eax + 0x496b7a] mov byte [eax + (_players+101)], dl ; mov byte [eax + 0x496bcd], dl mov byte [eax + (_players+17)], 0x1f ; mov byte [eax + 0x496b79], 0x1f mov byte [eax + (_players+18)], 1 ; mov byte [eax + 0x496b7a], 1 push ebx call fcn_0040b93b ; call 0x40b93b add esp, 4 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov edi, dword [_current_player] ; mov edi, dword [0x49910c] imul eax, edi, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff imul eax, eax, 0x68 mov ebp, dword [eax + (_tool_strings+44)] ; mov ebp, dword [eax + 0x480d86] push ebp push 0 push edi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx mov edx, 1 dec byte [eax + ref_00499167] ; dec byte [eax + 0x499167] loc_00447ac8: mov eax, edx pop ebp pop edi pop ebx ret fcn_00447ace: push ebx push edi push ebp sub esp, 8 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] imul eax, edx, 0x68 mov al, byte [eax + (_players+19)] ; mov al, byte [eax + 0x496b7b] and eax, 0xff imul eax, eax, 0x68 mov ecx, dword [eax + (_tool_strings+48)] ; mov ecx, dword [eax + 0x480d8a] push ecx push 0 push edx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 1 ; cmp byte [eax + 0x496b7d], 1 jne short loc_00447b19 ; jne 0x447b19 push 0x400c0 call fcn_00446ae8 ; call 0x446ae8 jmp short loc_00447b20 ; jmp 0x447b20 loc_00447b19: push 0 call fcn_00420eee ; call 0x420eee loc_00447b20: add esp, 4 mov ebx, eax test ebx, ebx je near loc_004470ea ; je 0x4470ea push 0xd mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi call fcn_00445aa2 ; call 0x445aa2 add esp, 8 lea eax, [esp + 4] push eax lea eax, [esp + 4] push eax push ebx call fcn_0040af12 ; call 0x40af12 add esp, 0xc push 0 push 0 push 0x212 mov ebp, dword [ref_0048a0e4] ; mov ebp, dword [0x48a0e4] push ebp call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0 mov eax, dword [esp + 8] push eax mov edx, dword [esp + 8] push edx call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx push 1 push 0x26 push 0xffffffffffffffff call fcn_0040ac7b ; call 0x40ac7b add esp, 0x10 push 0x53 push 0x80090001 push 0x28 push 0 push ebx call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 xor ebx, ebx loc_00447bb3: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge near loc_004470ea ; jge 0x4470ea imul eax, ebx, 0x68 test byte [eax + (_players+21)], 0x40 ; test byte [eax + 0x496b7d], 0x40 je short loc_00447bfd ; je 0x447bfd mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx add eax, eax mov edx, eax shl eax, 4 sub eax, edx push eax mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi push ebx call fcn_0040df69 ; call 0x40df69 add esp, 0xc push 3 push ebx call fcn_0043ec3f ; call 0x43ec3f add esp, 8 loc_00447bfd: inc ebx jmp short loc_00447bb3 ; jmp 0x447bb3 fcn_00447c00: push ebx mov edx, dword [_current_player] ; mov edx, dword [0x49910c] imul ecx, edx, 0x68 mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx mov dl, byte [ecx + (_players+17)] ; mov dl, byte [ecx + 0x496b79] cmp dl, 1 jne short loc_00447c2b ; jne 0x447c2b add byte [eax + ref_00499160], dl ; add byte [eax + 0x499160], dl jmp short loc_00447c36 ; jmp 0x447c36 loc_00447c2b: cmp dl, 2 jne short loc_00447c36 ; jne 0x447c36 inc byte [eax + ref_00499161] ; inc byte [eax + 0x499161] loc_00447c36: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor cl, cl mov byte [eax + (_players+17)], cl ; mov byte [eax + 0x496b79], cl mov byte [eax + (_players+18)], 1 ; mov byte [eax + 0x496b7a], 1 mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_0040b93b ; call 0x40b93b add esp, 4 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc jmp near loc_00446ba3 ; jmp 0x446ba3 fcn_00447c6e: push ebx push esi push edi push ebp sub esp, 0x2c push 0x10 push 0 push ref_0048c548 ; push 0x48c548 call memset ; call 0x456f60 add esp, 0xc push 0 push 3 push 0x101010 push 0xffffff push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov eax, dword [esp + 0x44] add eax, 0x18 mov edx, dword [esp + 0x40] test edx, edx jne short loc_00447cb3 ; jne 0x447cb3 mov dword [esp + 0x40], eax jmp short loc_00447cc1 ; jmp 0x447cc1 loc_00447cb3: push 0 push 0 push eax push edx call fcn_00456280 ; call 0x456280 add esp, 0x10 loc_00447cc1: xor ebx, ebx xor ebp, ebp mov esi, 0x2d mov dword [esp + 0x28], 0x21 jmp short loc_00447cde ; jmp 0x447cde loc_00447cd4: inc ebx cmp ebx, 0xd jge near loc_00447d8f ; jge 0x447d8f loc_00447cde: mov edx, dword [esp + 0x48] mov eax, edx shl eax, 2 add eax, edx mov edx, eax shl eax, 2 sub eax, edx lea edi, [eax + ebx] cmp byte [edi + ref_0049915c], 0 ; cmp byte [edi + 0x49915c], 0 je short loc_00447cd4 ; je 0x447cd4 mov eax, dword [esp + 0x28] push eax lea eax, [esi - 0x10] push eax lea edx, [ebx + 2] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [esp + 0x4c] add eax, 0xc add eax, edx push eax mov edx, dword [esp + 0x4c] push edx call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 xor eax, eax mov al, byte [edi + ref_0049915c] ; mov al, byte [edi + 0x49915c] push eax push ref_004653e0 ; push 0x4653e0 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 1 mov eax, dword [esp + 0x2c] sub eax, 0xa push eax lea eax, [esi + 0x22] push eax lea eax, [esp + 0xc] push eax mov ecx, dword [esp + 0x50] push ecx call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov al, bl inc al mov byte [ebp + ref_0048c548], al ; mov byte [ebp + 0x48c548], al inc ebp add esi, 0x50 cmp esi, 0x16d jle near loc_00447cd4 ; jle 0x447cd4 mov esi, 0x2d add dword [esp + 0x28], 0x38 jmp near loc_00447cd4 ; jmp 0x447cd4 loc_00447d8f: add esp, 0x2c pop ebp pop edi pop esi pop ebx ret tools_ui: push ebx push esi push edi push ebp sub esp, 0x4c imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov dl, byte [eax + (_players+21)] ; mov dl, byte [eax + 0x496b7d] cmp dl, 1 jne near loc_00447f82 ; jne 0x447f82 call fcn_0041d546 ; call 0x41d546 push 0 push 0 push 0xb mov ebx, dword [ref_0048a05c] ; mov ebx, dword [0x48a05c] push ebx call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 mov edi, eax mov esi, dword [_current_player] ; mov esi, dword [0x49910c] push esi push eax push 0 call fcn_00447c6e ; call 0x447c6e add esp, 0xc imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 lea edx, [ebx + 0x18] mov cl, byte [eax + (_players+17)] ; mov cl, byte [eax + 0x496b79] cmp cl, 1 jne short loc_00447e08 ; jne 0x447e08 push 0x75 push 0x145 add ebx, 0xc0 jmp short loc_00447e1a ; jmp 0x447e1a loc_00447e08: cmp cl, 2 jne short loc_00447e2b ; jne 0x447e2b push 0x75 push 0x145 add ebx, 0xcc loc_00447e1a: push ebx push edx call fcn_00456280 ; call 0x456280 add esp, 0x10 mov byte [ref_0048c556], 0xe ; mov byte [0x48c556], 0xe loc_00447e2b: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax push 0x1b8 push 0x1b8 push 0x28 push 0 push 0 push ref_0046caec ; push 0x46caec call fcn_00451a97 ; call 0x451a97 add esp, 0x18 mov dword [ref_0048c558], eax ; mov dword [0x48c558], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall loc_00447e7d: mov ebx, 1 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push ebx push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x82 push 0xe lea eax, [edi + 0x18] push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push tools_ui_callback ; push 0x445c14 call _Wait_0402_Message ; call 0x4018e7 mov esi, eax add esp, 8 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push ebx push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x28 push 0 mov ebp, dword [ref_0048c558] ; mov ebp, dword [0x48c558] push ebp mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall xor edx, edx mov dword [esp + 0x28], edx mov dword [esp + 0x2c], 0x28 mov dword [esp + 0x30], 0x1b8 mov dword [esp + 0x34], 0x1e0 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0x2c] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx push 0x28 push 0 push eax call dword [edx + 0x1c] ; ucall test esi, esi je short loc_00447f5a ; je 0x447f5a mov eax, esi call dword [eax*4 + (ref_00475dd8 - 3)] ; ucall: call dword [eax*4 + 0x475dd5] mov ebx, eax loc_00447f5a: test ebx, ebx je near loc_00447e7d ; je 0x447e7d push edi call clib_free ; call 0x456e11 add esp, 4 mov ebx, dword [ref_0048c558] ; mov ebx, dword [0x48c558] push ebx call clib_free ; call 0x456e11 add esp, 4 loc_00447f7a: add esp, 0x4c pop ebp pop edi pop esi pop ebx ret loc_00447f82: test dl, 6 je short loc_00447f7a ; je 0x447f7a test byte [eax + (_players+22)], 2 ; test byte [eax + 0x496b7e], 2 je short loc_00447f7a ; je 0x447f7a push 0xd push 0 lea eax, [esp + 0x40] push eax call memset ; call 0x456f60 add esp, 0xc xor ecx, ecx mov dword [esp + 0x48], ecx xor esi, esi jmp short loc_00447fb9 ; jmp 0x447fb9 loc_00447fab: mov edx, dword [esp + 0x48] inc edx mov dword [esp + 0x48], edx cmp edx, 0xd jge short loc_00447fec ; jge 0x447fec loc_00447fb9: mov eax, dword [_current_player] ; mov eax, dword [0x49910c] mov ebx, eax shl ebx, 2 add ebx, eax mov eax, ebx shl ebx, 2 sub ebx, eax mov eax, dword [esp + 0x48] cmp byte [ebx + eax + ref_0049915c], 0 ; cmp byte [ebx + eax + 0x49915c], 0 je short loc_00447fab ; je 0x447fab cmp eax, 9 je short loc_00447fab ; je 0x447fab mov al, byte [esp + 0x48] inc al mov byte [esp + esi + 0x38], al inc esi jmp short loc_00447fab ; jmp 0x447fab loc_00447fec: test esi, esi je short loc_00447f7a ; je 0x447f7a cmp esi, 4 jle short loc_00448005 ; jle 0x448005 call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv esi mov ebx, edx jmp short loc_00448007 ; jmp 0x448007 loc_00448005: xor ebx, ebx loc_00448007: xor edi, edi mov dword [esp + 0x48], edi jmp short loc_00448028 ; jmp 0x448028 loc_0044800f: inc ebx cmp ebx, esi jne short loc_00448016 ; jne 0x448016 xor ebx, esi loc_00448016: mov ebp, dword [esp + 0x48] inc ebp mov dword [esp + 0x48], ebp cmp ebp, 4 jge near loc_00447f7a ; jge 0x447f7a loc_00448028: mov dh, byte [esp + ebx + 0x38] test dh, dh je near loc_00447f7a ; je 0x447f7a xor eax, eax mov al, dh push eax call fcn_00420e9a ; call 0x420e9a add esp, 4 cmp eax, 1 jne short loc_0044800f ; jne 0x44800f xor eax, eax mov al, byte [esp + ebx + 0x38] mov edx, dword [eax*8 + (ref_0047fee2 - 8)] ; mov edx, dword [eax*8 + 0x47feda] push edx push ref_004653e5 ; push 0x4653e5 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x5dc lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 xor eax, eax mov al, byte [esp + ebx + 0x38] call dword [eax*4 + (ref_00475dd8 - 3)] ; ucall: call dword [eax*4 + 0x475dd5] jmp near loc_00447f7a ; jmp 0x447f7a fcn_0044808a: push edi push ebp mov edx, dword [_current_player] ; mov edx, dword [0x49910c] cmp edx, 4 jge near loc_00448541 ; jge 0x448541 jge short loc_004480ad ; jge 0x4480ad imul eax, edx, 0x68 test byte [eax + (_players+21)], 1 ; test byte [eax + 0x496b7d], 1 je near loc_00448541 ; je 0x448541 loc_004480ad: mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx mov dword [eax + ref_0048cb80], 1 ; mov dword [eax + 0x48cb80], 1 mov edx, dword [ref_00497160] ; mov edx, dword [0x497160] mov dword [eax + ref_0048cb84], edx ; mov dword [eax + 0x48cb84], edx push 0x1a0 push (_players+0) ; push 0x496b68 add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 8 push eax call _memcpy ; call 0x456de8 add esp, 0xc push 0x50 push ref_00498e28 ; push 0x498e28 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x1a8 push eax call _memcpy ; call 0x456de8 add esp, 0xc push 0x450 push ref_00496d08 ; push 0x496d08 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x1f8 push eax call _memcpy ; call 0x456de8 add esp, 0xc push 0x3c push ref_00499120 ; push 0x499120 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x648 push eax call _memcpy ; call 0x456de8 add esp, 0xc push 0x3c push ref_0049915c ; push 0x49915c mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x684 push eax call _memcpy ; call 0x456de8 add esp, 0xc push 0x1e push ref_00499198 ; push 0x499198 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x6c0 push eax call _memcpy ; call 0x456de8 add esp, 0xc push 8 push ref_00497320 ; push 0x497320 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x6de push eax call _memcpy ; call 0x456de8 add esp, 0xc mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx mov edx, dword [ref_00499100] ; mov edx, dword [0x499100] mov dword [eax + ref_0048d268], edx ; mov dword [eax + 0x48d268], edx push 0x1b00 push ref_00497328 ; push 0x497328 add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x6ec push eax call _memcpy ; call 0x456de8 add esp, 0xc push 0x180 push _player_stocks ; push 0x4971a0 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x21ec push eax call _memcpy ; call 0x456de8 add esp, 0xc push 0x1b0 push (_stocks_on_map+0) ; push 0x496980 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x236c push eax call _memcpy ; call 0x456de8 add esp, 0xc push 0x150 push ref_004967e0 ; push 0x4967e0 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x251c push eax call _memcpy ; call 0x456de8 add esp, 0xc mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov dword [eax + ref_0048f1ec], edx ; mov dword [eax + 0x48f1ec], edx mov edx, dword [ref_004990e4] ; mov edx, dword [0x4990e4] mov dword [eax + ref_0048f1f0], edx ; mov dword [eax + 0x48f1f0], edx mov edx, dword [ref_00499084] ; mov edx, dword [0x499084] mov dword [eax + ref_0048f1f4], edx ; mov dword [eax + 0x48f1f4], edx mov edx, dword [ref_004990dc] ; mov edx, dword [0x4990dc] mov dword [eax + ref_0048f1f8], edx ; mov dword [eax + 0x48f1f8], edx mov edx, dword [ref_0049907c] ; mov edx, dword [0x49907c] mov dword [eax + ref_0048f1fc], edx ; mov dword [eax + 0x48f1fc], edx mov edx, dword [ref_00499078] ; mov edx, dword [0x499078] mov dword [eax + ref_0048f200], edx ; mov dword [eax + 0x48f200], edx mov edx, dword [ref_004990ec] ; mov edx, dword [0x4990ec] mov dword [eax + ref_0048f204], edx ; mov dword [eax + 0x48f204], edx mov edx, dword [ref_00499080] ; mov edx, dword [0x499080] mov dword [eax + ref_0048f208], edx ; mov dword [eax + 0x48f208], edx push 0x24 push ref_004990b8 ; push 0x4990b8 add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x268c push eax call _memcpy ; call 0x456de8 add esp, 0xc push 8 push ref_00496b30 ; push 0x496b30 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x26b0 push eax call _memcpy ; call 0x456de8 add esp, 0xc push 8 push ref_00496b60 ; push 0x496b60 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x26b8 push eax call _memcpy ; call 0x456de8 add esp, 0xc mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx mov edx, dword [ref_004990e0] ; mov edx, dword [0x4990e0] mov dword [eax + ref_0048f240], edx ; mov dword [eax + 0x48f240], edx mov edx, dword [ref_004990b4] ; mov edx, dword [0x4990b4] mov dword [eax + ref_0048f244], edx ; mov dword [eax + 0x48f244], edx push 0x24 push ref_00499090 ; push 0x499090 add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x26c8 push eax call _memcpy ; call 0x456de8 add esp, 0xc push 0x25 push ref_00496b38 ; push 0x496b38 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x26ec push eax call _memcpy ; call 0x456de8 add esp, 0xc mov edi, dword [ref_00498e94] ; mov edi, dword [0x498e94] push edi mov ebp, dword [ref_0047493c] ; mov ebp, dword [0x47493c] push ebp mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax mov ecx, dword [edx + eax*8 + ref_0048f294] ; mov ecx, dword [edx + eax*8 + 0x48f294] push ecx call _memcpy ; call 0x456de8 add esp, 0xc loc_00448541: pop ebp pop edi ret fcn_00448544: push ebx push esi push edi mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx cmp dword [eax + ref_0048cb80], 0 ; cmp dword [eax + 0x48cb80], 0 jne short loc_00448577 ; jne 0x448577 xor eax, eax pop edi pop esi pop ebx ret loc_00448577: mov edx, dword [eax + ref_0048cb84] ; mov edx, dword [eax + 0x48cb84] mov dword [ref_00497160], edx ; mov dword [0x497160], edx push 0x1a0 add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 8 push eax push (_players+0) ; push 0x496b68 call _memcpy ; call 0x456de8 add esp, 0xc xor ebx, ebx mov ecx, dword [_nplayers] ; mov ecx, dword [0x499114] loc_004485a6: cmp ebx, ecx jge short loc_004485c7 ; jge 0x4485c7 imul eax, ebx, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] imul edx, edx, 0x68 mov edx, dword [edx + _rich4_players] ; mov edx, dword [edx + 0x47e80c] mov dword [eax + (_players+0)], edx ; mov dword [eax + 0x496b68], edx inc ebx jmp short loc_004485a6 ; jmp 0x4485a6 loc_004485c7: push 0x50 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x1a8 push eax push ref_00498e28 ; push 0x498e28 call _memcpy ; call 0x456de8 add esp, 0xc push 0x450 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x1f8 push eax push ref_00496d08 ; push 0x496d08 call _memcpy ; call 0x456de8 add esp, 0xc push 0x3c mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x648 push eax push ref_00499120 ; push 0x499120 call _memcpy ; call 0x456de8 add esp, 0xc push 0x3c mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x684 push eax push ref_0049915c ; push 0x49915c call _memcpy ; call 0x456de8 add esp, 0xc push 0x1e mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x6c0 push eax push ref_00499198 ; push 0x499198 call _memcpy ; call 0x456de8 add esp, 0xc push 8 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x6de push eax push ref_00497320 ; push 0x497320 call _memcpy ; call 0x456de8 add esp, 0xc mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx mov edx, dword [eax + ref_0048d268] ; mov edx, dword [eax + 0x48d268] mov dword [ref_00499100], edx ; mov dword [0x499100], edx push 0x1b00 add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x6ec push eax push ref_00497328 ; push 0x497328 call _memcpy ; call 0x456de8 add esp, 0xc push 0x180 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x21ec push eax push _player_stocks ; push 0x4971a0 call _memcpy ; call 0x456de8 add esp, 0xc push 0x1b0 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x236c push eax push (_stocks_on_map+0) ; push 0x496980 call _memcpy ; call 0x456de8 add esp, 0xc xor ebx, ebx loc_004487f4: movsx edx, word [ref_004991b6] ; movsx edx, word [0x4991b6] shl edx, 2 movsx eax, word [ref_004991b8] ; movsx eax, word [0x4991b8] add edx, eax mov eax, edx shl eax, 2 sub eax, edx shl eax, 4 mov ecx, eax shl ecx, 3 add ecx, eax mov eax, ebx shl eax, 3 add eax, ebx shl eax, 2 lea edx, [ecx + eax] mov edx, dword [edx + _game_stocks] ; mov edx, dword [edx + 0x47f072] mov dword [eax + (_stocks_on_map+0)], edx ; mov dword [eax + 0x496980], edx inc ebx cmp ebx, 0xc jl short loc_004487f4 ; jl 0x4487f4 push 0x150 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x251c push eax push ref_004967e0 ; push 0x4967e0 call _memcpy ; call 0x456de8 add esp, 0xc mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx mov edx, dword [eax + ref_0048f1ec] ; mov edx, dword [eax + 0x48f1ec] mov dword [ref_004990e8], edx ; mov dword [0x4990e8], edx mov edx, dword [eax + ref_0048f1f0] ; mov edx, dword [eax + 0x48f1f0] mov dword [ref_004990e4], edx ; mov dword [0x4990e4], edx mov edx, dword [eax + ref_0048f1f4] ; mov edx, dword [eax + 0x48f1f4] mov dword [ref_00499084], edx ; mov dword [0x499084], edx mov edx, dword [eax + ref_0048f1f8] ; mov edx, dword [eax + 0x48f1f8] mov dword [ref_004990dc], edx ; mov dword [0x4990dc], edx mov edx, dword [eax + ref_0048f1fc] ; mov edx, dword [eax + 0x48f1fc] mov dword [ref_0049907c], edx ; mov dword [0x49907c], edx mov edx, dword [eax + ref_0048f200] ; mov edx, dword [eax + 0x48f200] mov dword [ref_00499078], edx ; mov dword [0x499078], edx mov edx, dword [eax + ref_0048f204] ; mov edx, dword [eax + 0x48f204] mov dword [ref_004990ec], edx ; mov dword [0x4990ec], edx mov edx, dword [eax + ref_0048f208] ; mov edx, dword [eax + 0x48f208] mov dword [ref_00499080], edx ; mov dword [0x499080], edx push 0x24 add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x268c push eax push ref_004990b8 ; push 0x4990b8 call _memcpy ; call 0x456de8 add esp, 0xc push 8 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x26b0 push eax push ref_00496b30 ; push 0x496b30 call _memcpy ; call 0x456de8 add esp, 0xc push 8 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x26b8 push eax push ref_00496b60 ; push 0x496b60 call _memcpy ; call 0x456de8 add esp, 0xc mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx mov edx, dword [eax + ref_0048f240] ; mov edx, dword [eax + 0x48f240] mov dword [ref_004990e0], edx ; mov dword [0x4990e0], edx mov edx, dword [eax + ref_0048f244] ; mov edx, dword [eax + 0x48f244] mov dword [ref_004990b4], edx ; mov dword [0x4990b4], edx push 0x24 add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x26c8 push eax push ref_00499090 ; push 0x499090 call _memcpy ; call 0x456de8 add esp, 0xc push 0x25 mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 3 add eax, edx add eax, ref_0048cb80 ; add eax, 0x48cb80 add eax, 0x26ec push eax push ref_00496b38 ; push 0x496b38 call _memcpy ; call 0x456de8 add esp, 0xc mov ebx, dword [ref_00498e94] ; mov ebx, dword [0x498e94] push ebx mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax mov esi, dword [edx + eax*8 + ref_0048f294] ; mov esi, dword [edx + eax*8 + 0x48f294] push esi mov edi, dword [ref_0047493c] ; mov edi, dword [0x47493c] push edi call _memcpy ; call 0x456de8 add esp, 0xc call fcn_0040c03b ; call 0x40c03b xor ebx, ebx jmp short loc_00448a5d ; jmp 0x448a5d loc_00448a57: inc ebx cmp ebx, 9 jge short loc_00448a75 ; jge 0x448a75 loc_00448a5d: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jl short loc_00448a6a ; jl 0x448a6a cmp ebx, 4 jl short loc_00448a57 ; jl 0x448a57 loc_00448a6a: push ebx call fcn_0040b93b ; call 0x40b93b add esp, 4 jmp short loc_00448a57 ; jmp 0x448a57 loc_00448a75: mov eax, 1 pop edi pop esi pop ebx ret fcn_00448a7e: push ebx push esi mov esi, dword [esp + 0xc] xor ebx, ebx imul eax, esi, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je near loc_00448b6e ; je 0x448b6e mov ecx, dword [esp + 0x10] mov edx, ecx shl edx, 2 add edx, ecx mov ecx, dword [ref_00498e80] ; mov ecx, dword [0x498e80] mov dx, word [ecx + edx*8 + 0x20] and edx, 0xffff mov cl, byte [eax + (_players+17)] ; mov cl, byte [eax + 0x496b79] and cl, 0x83 cmp cl, 3 jne near loc_00448b6e ; jne 0x448b6e cmp byte [eax + (_players+55)], 0 ; cmp byte [eax + 0x496b9f], 0 jne near loc_00448b6e ; jne 0x448b6e cmp byte [eax + (_players+50)], 0 ; cmp byte [eax + 0x496b9a], 0 jne near loc_00448b6e ; jne 0x448b6e cmp edx, 0x7d0 jle short loc_00448b12 ; jle 0x448b12 cmp edx, 0xfa0 jge short loc_00448b12 ; jge 0x448b12 sub edx, 0x7d0 imul edx, edx, 0x34 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add eax, edx xor edx, edx mov dl, byte [eax + 0x19] lea ecx, [esi + 1] cmp edx, ecx je short loc_00448b4c ; je 0x448b4c cmp byte [eax + 0x1a], 0 je short loc_00448b4c ; je 0x448b4c jmp short loc_00448b50 ; jmp 0x448b50 loc_00448b12: cmp edx, 0xfa0 jle short loc_00448b4c ; jle 0x448b4c cmp edx, 0x1770 jge short loc_00448b4c ; jge 0x448b4c lea eax, [edx - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] add eax, edx xor edx, edx mov dl, byte [eax + 0x19] lea ecx, [esi + 1] cmp edx, ecx je short loc_00448b4c ; je 0x448b4c cmp byte [eax + 0x1a], 0 jne short loc_00448b50 ; jne 0x448b50 loc_00448b4c: test ebx, ebx je short loc_00448b6e ; je 0x448b6e loc_00448b50: call fcn_0041d546 ; call 0x41d546 imul eax, esi, 0x34 mov byte [eax + ref_00498ea2], 3 ; mov byte [eax + 0x498ea2], 3 xor bh, bh mov byte [eax + ref_00498ea3], bh ; mov byte [eax + 0x498ea3], bh mov byte [ref_0046cafb], 1 ; mov byte [0x46cafb], 1 loc_00448b6e: pop esi pop ebx ret ref_00448b71: db 0x00 db 0x00 db 0x00 dd 0x00000000 dd 0x00000000 dd 0x00000000 db 0x00 fcn_00448b81: push ebx push esi sub esp, 0x24 push 0x24 push 0 lea eax, [esp + 8] push eax call memset ; call 0x456f60 add esp, 0xc xor ebx, ebx mov esi, 0x24 jmp short loc_00448bb1 ; jmp 0x448bb1 loc_00448ba0: mov byte [esp + eax], 1 mov byte [ebx + ref_00499090], al ; mov byte [ebx + 0x499090], al inc ebx dec esi cmp ebx, 0x24 jge short loc_00448bd4 ; jge 0x448bd4 loc_00448bb1: call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv esi xor eax, eax jmp short loc_00448bc7 ; jmp 0x448bc7 loc_00448bc1: inc eax cmp eax, 0x24 jge short loc_00448ba0 ; jge 0x448ba0 loc_00448bc7: cmp byte [esp + eax], 0 jne short loc_00448bce ; jne 0x448bce dec edx loc_00448bce: test edx, edx jl short loc_00448ba0 ; jl 0x448ba0 jmp short loc_00448bc1 ; jmp 0x448bc1 loc_00448bd4: xor edx, edx mov dword [ref_004990e0], edx ; mov dword [0x4990e0], edx add esp, 0x24 pop esi pop ebx ret fcn_00448be2: push ebx push esi push edi push ebp mov ebx, dword [esp + 0x14] mov edi, 1 xor esi, esi cmp ebx, 9 jb short loc_00448c67 ; jb 0x448c67 jbe near loc_00448d54 ; jbe 0x448d54 cmp ebx, 0x10 jb short loc_00448c37 ; jb 0x448c37 jbe near loc_00448def ; jbe 0x448def cmp ebx, 0x1c jb short loc_00448c29 ; jb 0x448c29 jbe near loc_00448e43 ; jbe 0x448e43 cmp ebx, 0x1d jbe near loc_00448e64 ; jbe 0x448e64 cmp ebx, 0x23 je near loc_00448e9c ; je 0x448e9c jmp near loc_00448ec3 ; jmp 0x448ec3 loc_00448c29: cmp ebx, 0x11 je near loc_00448e19 ; je 0x448e19 jmp near loc_00448ec3 ; jmp 0x448ec3 loc_00448c37: cmp ebx, 0xc jb short loc_00448c59 ; jb 0x448c59 jbe near loc_00448d54 ; jbe 0x448d54 cmp ebx, 0xd jbe near loc_00448da5 ; jbe 0x448da5 cmp ebx, 0xf je near loc_00448cb4 ; je 0x448cb4 jmp near loc_00448ec3 ; jmp 0x448ec3 loc_00448c59: cmp ebx, 0xa je near loc_00448da5 ; je 0x448da5 jmp near loc_00448ec3 ; jmp 0x448ec3 loc_00448c67: cmp ebx, 3 jb short loc_00448c89 ; jb 0x448c89 jbe short loc_00448cab ; jbe 0x448cab cmp ebx, 5 jb short loc_00448cb4 ; jb 0x448cb4 jbe short loc_00448cb4 ; jbe 0x448cb4 cmp ebx, 7 jb near loc_00448ec3 ; jb 0x448ec3 jbe near loc_00448d0a ; jbe 0x448d0a jmp near loc_00448d54 ; jmp 0x448d54 loc_00448c89: cmp ebx, edi jb short loc_00448c91 ; jb 0x448c91 jbe short loc_00448c99 ; jbe 0x448c99 jmp short loc_00448cab ; jmp 0x448cab loc_00448c91: test ebx, ebx jne near loc_00448ec3 ; jne 0x448ec3 loc_00448c99: cmp dword [ref_00496b30], 0 ; cmp dword [0x496b30], 0 loc_00448ca0: jne near loc_00448ec3 ; jne 0x448ec3 jmp near loc_00448ec1 ; jmp 0x448ec1 loc_00448cab: cmp dword [ref_00496b60], 0 ; cmp dword [0x496b60], 0 jmp short loc_00448ca0 ; jmp 0x448ca0 loc_00448cb4: mov ebx, 1 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add eax, 0x34 mov ebp, dword [ref_00498e98] ; mov ebp, dword [0x498e98] loc_00448cc7: cmp ebx, ebp jg short loc_00448cdb ; jg 0x448cdb cmp byte [eax + 0x1a], 0 jne near loc_00448ec3 ; jne 0x448ec3 inc ebx add eax, 0x34 jmp short loc_00448cc7 ; jmp 0x448cc7 loc_00448cdb: test esi, esi jne short loc_00448d06 ; jne 0x448d06 mov ebx, 1 mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] add eax, 0x38 mov edx, dword [ref_00498e8c] ; mov edx, dword [0x498e8c] loc_00448cf2: cmp ebx, edx jg short loc_00448d06 ; jg 0x448d06 cmp byte [eax + 0x1a], 0 jne near loc_00448ec3 ; jne 0x448ec3 inc ebx add eax, 0x38 jmp short loc_00448cf2 ; jmp 0x448cf2 loc_00448d06: test esi, esi jmp short loc_00448ca0 ; jmp 0x448ca0 loc_00448d0a: mov ebx, edi mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] loc_00448d11: add eax, 0x34 cmp ebx, dword [ref_00498e98] ; cmp ebx, dword [0x498e98] jg short loc_00448d29 ; jg 0x448d29 cmp byte [eax + 0x19], 0 je near loc_00448ec3 ; je 0x448ec3 inc ebx jmp short loc_00448d11 ; jmp 0x448d11 loc_00448d29: test esi, esi jne short loc_00448d06 ; jne 0x448d06 mov ebx, 1 mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] add eax, 0x38 mov ecx, dword [ref_00498e8c] ; mov ecx, dword [0x498e8c] loc_00448d40: cmp ebx, ecx jg short loc_00448d06 ; jg 0x448d06 cmp byte [eax + 0x19], 0 je near loc_00448ec3 ; je 0x448ec3 inc ebx add eax, 0x38 jmp short loc_00448d40 ; jmp 0x448d40 loc_00448d54: mov ebx, 1 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] loc_00448d5e: add eax, 0x34 cmp ebx, dword [ref_00498e98] ; cmp ebx, dword [0x498e98] jg short loc_00448d76 ; jg 0x448d76 cmp byte [eax + 0x19], 0 jne near loc_00448ec3 ; jne 0x448ec3 inc ebx jmp short loc_00448d5e ; jmp 0x448d5e loc_00448d76: test esi, esi jne short loc_00448d06 ; jne 0x448d06 mov ebx, 1 mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] add eax, 0x38 mov ebp, dword [ref_00498e8c] ; mov ebp, dword [0x498e8c] loc_00448d8d: cmp ebx, ebp jg near loc_00448d06 ; jg 0x448d06 cmp byte [eax + 0x19], 0 jne near loc_00448ec3 ; jne 0x448ec3 inc ebx add eax, 0x38 jmp short loc_00448d8d ; jmp 0x448d8d loc_00448da5: xor ebx, ebx loc_00448da7: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge near loc_00448d06 ; jge 0x448d06 test esi, esi jne near loc_00448d06 ; jne 0x448d06 xor edx, edx jmp short loc_00448dc5 ; jmp 0x448dc5 loc_00448dbf: inc edx cmp edx, 0xc jge short loc_00448dec ; jge 0x448dec loc_00448dc5: imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_00448dbf ; je 0x448dbf mov ecx, ebx shl ecx, 2 sub ecx, ebx shl ecx, 5 mov eax, edx cmp dword [ecx + eax*8 + _player_stocks], 0 ; cmp dword [ecx + eax*8 + 0x4971a0], 0 je short loc_00448dbf ; je 0x448dbf mov esi, 1 loc_00448dec: inc ebx jmp short loc_00448da7 ; jmp 0x448da7 loc_00448def: xor ebx, ebx loc_00448df1: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge near loc_00448d06 ; jge 0x448d06 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_00448e16 ; je 0x448e16 cmp byte [eax + (_players+17)], 0 ; cmp byte [eax + 0x496b79], 0 je near loc_00448ec3 ; je 0x448ec3 loc_00448e16: inc ebx jmp short loc_00448df1 ; jmp 0x448df1 loc_00448e19: xor ebx, ebx loc_00448e1b: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge near loc_00448d06 ; jge 0x448d06 imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_00448e40 ; je 0x448e40 cmp byte [eax + (_players+17)], 0 ; cmp byte [eax + 0x496b79], 0 jne near loc_00448ec3 ; jne 0x448ec3 loc_00448e40: inc ebx jmp short loc_00448e1b ; jmp 0x448e1b loc_00448e43: xor ebx, ebx jmp short loc_00448e51 ; jmp 0x448e51 loc_00448e47: inc ebx cmp ebx, 0xc jge near loc_00448d06 ; jge 0x448d06 loc_00448e51: mov eax, ebx shl eax, 3 add eax, ebx cmp byte [eax*4 + (_stocks_on_map+6)], 0 ; cmp byte [eax*4 + 0x496986], 0 je short loc_00448e47 ; je 0x448e47 jmp short loc_00448ec3 ; jmp 0x448ec3 loc_00448e64: mov ebx, edi loc_00448e66: cmp ebx, dword [ref_00498e90] ; cmp ebx, dword [0x498e90] jg near loc_00448d06 ; jg 0x448d06 imul edx, ebx, 0x34 mov eax, dword [ref_00498e7c] ; mov eax, dword [0x498e7c] add eax, edx mov dl, byte [eax + 0x18] test dl, dl je short loc_00448e99 ; je 0x448e99 mov al, dl and eax, 0xff dec eax push eax call fcn_0040d73f ; call 0x40d73f add esp, 4 cmp eax, 1 je short loc_00448ec3 ; je 0x448ec3 loc_00448e99: inc ebx jmp short loc_00448e66 ; jmp 0x448e66 loc_00448e9c: mov ebx, edi mov eax, dword [ref_00498e7c] ; mov eax, dword [0x498e7c] mov ebp, dword [ref_00498e90] ; mov ebp, dword [0x498e90] loc_00448ea9: cmp ebx, ebp jg short loc_00448ebd ; jg 0x448ebd imul edx, ebx, 0x34 cmp dword [edx + eax + 0x28], 0x2710 jg short loc_00448ec3 ; jg 0x448ec3 inc ebx jmp short loc_00448ea9 ; jmp 0x448ea9 loc_00448ebd: test esi, esi jne short loc_00448ec3 ; jne 0x448ec3 loc_00448ec1: xor edi, edi loc_00448ec3: mov eax, edi pop ebp pop edi loc_00448ec7: pop esi pop ebx ret fcn_00448eca: push ebx push esi mov edx, dword [esp + 0xc] test edx, edx jne short loc_00448ec7 ; jne 0x448ec7 push edx push 0x136 push 0x18 push ref_00465424 ; push 0x465424 mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor ebx, ebx mov esi, 0x148 jmp short loc_00448f01 ; jmp 0x448f01 loc_00448efb: inc ebx cmp ebx, 4 jge short loc_00448ec7 ; jge 0x448ec7 loc_00448f01: cmp byte [ebx + ref_00496b30], 0 ; cmp byte [ebx + 0x496b30], 0 je short loc_00448efb ; je 0x448efb push esi push 0x186 imul eax, ebx, 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x3c push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 imul eax, ebx, 0x68 mov byte [eax + (_players+52)], 0x80 ; mov byte [eax + 0x496b9c], 0x80 xor dh, dh mov byte [ebx + ref_00496b30], dh ; mov byte [ebx + 0x496b30], dh add esi, 0x2a jmp short loc_00448efb ; jmp 0x448efb fcn_00448f45: push ebx push esi sub esp, 0x84 cmp dword [esp + 0x90], 0 jne near loc_00448ffd ; jne 0x448ffd mov ecx, 3 mov dword [esp + 0x80], ecx push ecx push ref_0046543a ; push 0x46543a lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x136 push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor ebx, ebx mov esi, 0x148 jmp short loc_00448fa8 ; jmp 0x448fa8 loc_00448fa2: inc ebx cmp ebx, 4 jge short loc_00448ffd ; jge 0x448ffd loc_00448fa8: cmp byte [ebx + ref_00496b30], 0 ; cmp byte [ebx + 0x496b30], 0 je short loc_00448fa2 ; je 0x448fa2 push esi push 0x186 imul eax, ebx, 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x30 push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 imul eax, ebx, 0x68 add esi, 0x2a mov dl, byte [esp + 0x80] mov dh, byte [eax + (_players+52)] ; mov dh, byte [eax + 0x496b9c] add dh, dl mov byte [eax + (_players+52)], dh ; mov byte [eax + 0x496b9c], dh mov cl, dh and cl, 0x7f mov byte [eax + (_players+52)], cl ; mov byte [eax + 0x496b9c], cl jmp short loc_00448fa2 ; jmp 0x448fa2 loc_00448ffd: add esp, 0x84 loc_00449003: pop esi pop ebx ret fcn_00449006: push ebx push esi mov edx, dword [esp + 0xc] test edx, edx jne short loc_00449003 ; jne 0x449003 push edx push 0x136 push 0x18 push ref_00465454 ; push 0x465454 mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor ebx, ebx mov esi, 0x148 jmp short loc_0044903d ; jmp 0x44903d loc_00449037: inc ebx cmp ebx, 4 jge short loc_00449003 ; jge 0x449003 loc_0044903d: cmp byte [ebx + ref_00496b60], 0 ; cmp byte [ebx + 0x496b60], 0 je short loc_00449037 ; je 0x449037 push esi push 0x186 imul eax, ebx, 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x3c push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 imul eax, ebx, 0x68 mov byte [eax + (_players+53)], 0x80 ; mov byte [eax + 0x496b9d], 0x80 xor dh, dh mov byte [ebx + ref_00496b60], dh ; mov byte [ebx + 0x496b60], dh add esi, 0x2a jmp short loc_00449037 ; jmp 0x449037 fcn_00449081: push ebx push esi sub esp, 0x84 cmp dword [esp + 0x90], 0 jne near loc_00448ffd ; jne 0x448ffd mov ecx, 3 mov dword [esp + 0x80], ecx push ecx push ref_0046546c ; push 0x46546c lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x136 push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor ebx, ebx mov esi, 0x148 jmp short loc_004490e8 ; jmp 0x4490e8 loc_004490de: inc ebx cmp ebx, 4 jge near loc_00448ffd ; jge 0x448ffd loc_004490e8: cmp byte [ebx + ref_00496b60], 0 ; cmp byte [ebx + 0x496b60], 0 je short loc_004490de ; je 0x4490de push esi push 0x186 imul eax, ebx, 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x30 push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 imul eax, ebx, 0x68 add esi, 0x2a mov dl, byte [esp + 0x80] mov dh, byte [eax + (_players+53)] ; mov dh, byte [eax + 0x496b9d] add dh, dl mov byte [eax + (_players+53)], dh ; mov byte [eax + 0x496b9d], dh mov cl, dh and cl, 0x7f mov byte [eax + (_players+53)], cl ; mov byte [eax + 0x496b9d], cl jmp short loc_004490de ; jmp 0x4490de fcn_0044913d: push ebx push esi push edi push ebp sub esp, 0x408 mov edx, dword [esp + 0x41c] test edx, edx jne short loc_00449175 ; jne 0x449175 push edx push 0x136 push 0x18 push ref_00465488 ; push 0x465488 mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 jmp near loc_00449295 ; jmp 0x449295 loc_00449175: xor esi, esi mov ebx, 1 loc_0044917c: cmp ebx, dword [ref_00498e98] ; cmp ebx, dword [0x498e98] jg short loc_004491a4 ; jg 0x4491a4 imul eax, ebx, 0x34 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] cmp byte [edx + eax + 0x1a], 0 je short loc_004491a1 ; je 0x4491a1 mov edx, ebx add edx, 0x7d0 mov word [esp + esi*2], dx inc esi loc_004491a1: inc ebx jmp short loc_0044917c ; jmp 0x44917c loc_004491a4: mov ebx, 1 mov edi, dword [ref_00498e8c] ; mov edi, dword [0x498e8c] loc_004491af: cmp ebx, edi jg short loc_004491dd ; jg 0x4491dd mov eax, ebx shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, eax mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] cmp byte [edx + eax + 0x1a], 0 je short loc_004491da ; je 0x4491da mov edx, ebx add edx, 0xfa0 mov word [esp + esi*2], dx inc esi loc_004491da: inc ebx jmp short loc_004491af ; jmp 0x4491af loc_004491dd: call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv esi mov ax, word [esp + edx*2] and eax, 0xffff lea edx, [esp + 0x404] push edx lea edx, [esp + 0x404] push edx push eax call fcn_0040af12 ; call 0x40af12 add esp, 0xc push 2 mov ebp, dword [esp + 0x408] push ebp mov eax, dword [esp + 0x408] push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0xffffffffffffffff push 1 push 0x26 push 0x64 call fcn_0040ac7b ; call 0x40ac7b add esp, 0x10 push 0 push 0 push 0x213 mov edx, dword [ref_0048a0e4] ; mov edx, dword [0x48a0e4] push edx call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x56 push 0x180001 push 0x28 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 xor ebx, ebx loc_0044926e: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_00449290 ; jge 0x449290 imul eax, ebx, 0x68 test byte [eax + (_players+21)], 0x40 ; test byte [eax + 0x496b7d], 0x40 je short loc_0044928d ; je 0x44928d push 3 push ebx call fcn_0043ec3f ; call 0x43ec3f add esp, 8 loc_0044928d: inc ebx jmp short loc_0044926e ; jmp 0x44926e loc_00449290: call fcn_0041d546 ; call 0x41d546 loc_00449295: add esp, 0x408 pop ebp pop edi pop esi pop ebx ret fcn_004492a0: push ebx push esi push edi push ebp sub esp, 0x49c cmp dword [esp + 0x4b0], 0 jne near loc_0044940d ; jne 0x44940d xor ebx, ebx mov eax, 1 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] loc_004492c5: cmp eax, dword [ref_00498e98] ; cmp eax, dword [0x498e98] jg short loc_004492e7 ; jg 0x4492e7 imul ecx, eax, 0x34 cmp byte [ecx + edx + 0x1a], 0 je short loc_004492e4 ; je 0x4492e4 mov ecx, eax add ecx, 0x7d0 mov word [esp + ebx*2], cx inc ebx loc_004492e4: inc eax jmp short loc_004492c5 ; jmp 0x4492c5 loc_004492e7: mov eax, 1 mov esi, dword [ref_00498e8c] ; mov esi, dword [0x498e8c] loc_004492f2: cmp eax, esi jg short loc_0044931f ; jg 0x44931f mov edx, eax shl edx, 3 mov ecx, edx shl edx, 3 sub edx, ecx mov ecx, dword [ref_00498e88] ; mov ecx, dword [0x498e88] cmp byte [ecx + edx + 0x1a], 0 je short loc_0044931c ; je 0x44931c mov ecx, eax add ecx, 0xfa0 mov word [esp + ebx*2], cx inc ebx loc_0044931c: inc eax jmp short loc_004492f2 ; jmp 0x4492f2 loc_0044931f: call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv ebx xor eax, eax mov ax, word [esp + edx*2] mov dword [ref_0048c59c], eax ; mov dword [0x48c59c], eax cmp eax, 0xfa0 jge short loc_00449376 ; jge 0x449376 lea edx, [eax - 0x7d0] imul edx, edx, 0x34 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add eax, edx add eax, 4 push eax lea eax, [esp + 0x484] push eax call fcn_00457d96 ; call 0x457d96 add esp, 8 mov eax, dword [ref_0048c59c] ; mov eax, dword [0x48c59c] sub eax, 0x7d0 imul eax, eax, 0x34 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] jmp short loc_004493bb ; jmp 0x4493bb loc_00449376: sub eax, 0xfa0 shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] add eax, edx add eax, 4 push eax lea eax, [esp + 0x484] push eax call fcn_00457d96 ; call 0x457d96 add esp, 8 mov eax, dword [ref_0048c59c] ; mov eax, dword [0x48c59c] sub eax, 0xfa0 shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] loc_004493bb: mov al, byte [edx + eax + 0x19] and eax, 0xff mov dword [ref_0048c5a0], eax ; mov dword [0x48c5a0], eax lea eax, [esp + 0x480] push eax push ref_0046549c ; push 0x46549c lea eax, [esp + 0x408] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x136 push 0x18 lea eax, [esp + 0x40c] push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 jmp near loc_004494d5 ; jmp 0x4494d5 loc_0044940d: lea eax, [esp + 0x498] push eax lea eax, [esp + 0x498] push eax mov ecx, dword [ref_0048c59c] ; mov ecx, dword [0x48c59c] push ecx call fcn_0040af12 ; call 0x40af12 add esp, 0xc push 2 mov ebx, dword [esp + 0x49c] push ebx mov esi, dword [esp + 0x49c] push esi call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 1 mov edi, dword [ref_0048c59c] ; mov edi, dword [0x48c59c] push edi call fcn_0040ab4a ; call 0x40ab4a add esp, 8 push 0 push 0 push 0x21b mov ebp, dword [ref_0048a0e4] ; mov ebp, dword [0x48a0e4] push ebp call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x54 push 0x200001 push 0x28 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 mov eax, dword [ref_0048c5a0] ; mov eax, dword [0x48c5a0] test eax, eax je short loc_004494d5 ; je 0x4494d5 dec eax imul eax, eax, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov ebx, eax shl ebx, 3 add ebx, eax call clib_rand ; call 0x456f2d and eax, 1 mov edx, dword [ebx + eax*4 + ref_00480856] ; mov edx, dword [ebx + eax*4 + 0x480856] push edx push 2 mov eax, dword [ref_0048c5a0] ; mov eax, dword [0x48c5a0] dec eax push eax call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_004494d5: add esp, 0x49c pop ebp pop edi pop esi pop ebx ret fcn_004494e0: push ebx push esi push edi push ebp sub esp, 0x98 cmp dword [esp + 0xac], 0 jne near loc_004495b5 ; jne 0x4495b5 mov ebx, dword [ref_00498e98] ; mov ebx, dword [0x498e98] add ebx, dword [ref_00498e8c] ; add ebx, dword [0x498e8c] call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv ebx mov dword [ref_0048c59c], edx ; mov dword [0x48c59c], edx mov ecx, dword [ref_00498e98] ; mov ecx, dword [0x498e98] cmp edx, ecx jge short loc_0044953a ; jge 0x44953a lea eax, [edx + 1] lea edi, [edx + 0x7d1] mov dword [ref_0048c59c], edi ; mov dword [0x48c59c], edi imul eax, eax, 0x34 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] jmp short loc_00449561 ; jmp 0x449561 loc_0044953a: mov eax, 0xfa1 sub eax, ecx lea esi, [edx + eax] mov dword [ref_0048c59c], esi ; mov dword [0x48c59c], esi lea eax, [esi - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, eax mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] loc_00449561: add eax, edx add eax, 4 push eax lea eax, [esp + 0x84] push eax call fcn_00457d96 ; call 0x457d96 add esp, 8 lea eax, [esp + 0x80] push eax push ref_004654bd ; push 0x4654bd lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x136 push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 jmp near loc_0044972a ; jmp 0x44972a loc_004495b5: mov ecx, dword [ref_0048c59c] ; mov ecx, dword [0x48c59c] cmp ecx, 0x7d0 jle near loc_00449682 ; jle 0x449682 cmp ecx, 0xfa0 jge near loc_00449682 ; jge 0x449682 lea eax, [ecx - 0x7d0] imul eax, eax, 0x34 mov edi, dword [ref_00498e84] ; mov edi, dword [0x498e84] add edi, eax push 2 movsx eax, word [edi + 2] push eax movsx eax, word [edi] push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 1 call fcn_00409b18 ; call 0x409b18 add esp, 4 mov esi, 1 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] loc_0044960c: add ebx, 0x34 cmp esi, dword [ref_00498e98] ; cmp esi, dword [0x498e98] jg near loc_00449725 ; jg 0x449725 lea eax, [ebx + 4] push eax lea eax, [edi + 4] push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne short loc_0044967f ; jne 0x44967f push 0xffff lea eax, [esi + 0x7d0] push eax push 0x2f440 mov eax, dword [ref_00474938] ; mov eax, dword [0x474938] push eax call fcn_00456c0a ; call 0x456c0a add esp, 0x10 xor eax, eax mov ax, word [ebx + 0x1c] mov dword [esp + 0x94], eax fild dword [esp + 0x94] fmul qword [ref_004654dc] ; fmul qword [0x4654dc] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x94] mov eax, dword [esp + 0x94] mov word [ebx + 0x1c], ax loc_0044967f: inc esi jmp short loc_0044960c ; jmp 0x44960c loc_00449682: mov esi, dword [ref_0048c59c] ; mov esi, dword [0x48c59c] cmp esi, 0xfa0 jle near loc_0044972a ; jle 0x44972a cmp esi, 0x1770 jge near loc_0044972a ; jge 0x44972a lea eax, [esi - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] add ebx, eax push 2 movsx eax, word [ebx + 2] push eax movsx eax, word [ebx] push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 1 call fcn_00409b18 ; call 0x409b18 add esp, 4 push 0xffff mov ebp, dword [ref_0048c59c] ; mov ebp, dword [0x48c59c] push ebp push 0x2f440 mov eax, dword [ref_00474938] ; mov eax, dword [0x474938] push eax call fcn_00456c0a ; call 0x456c0a add esp, 0x10 xor eax, eax mov ax, word [ebx + 0x22] mov dword [esp + 0x94], eax fild dword [esp + 0x94] fmul qword [ref_004654dc] ; fmul qword [0x4654dc] loc_0044970e: call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x94] mov eax, dword [esp + 0x94] mov word [ebx + 0x22], ax loc_00449725: call fcn_00451985 ; call 0x451985 loc_0044972a: add esp, 0x98 pop ebp pop edi pop esi pop ebx ret fcn_00449735: push ebx push esi push edi sub esp, 0x494 cmp dword [esp + 0x4a4], 0 jne near loc_00449896 ; jne 0x449896 xor ebx, ebx mov eax, 1 mov esi, dword [ref_00498e98] ; mov esi, dword [0x498e98] loc_00449759: cmp eax, esi jg short loc_0044977d ; jg 0x44977d imul edx, eax, 0x34 mov ecx, dword [ref_00498e84] ; mov ecx, dword [0x498e84] cmp byte [ecx + edx + 0x19], 0 jne short loc_0044977a ; jne 0x44977a mov ecx, eax add ecx, 0x7d0 mov word [esp + ebx*2], cx inc ebx loc_0044977a: inc eax jmp short loc_00449759 ; jmp 0x449759 loc_0044977d: mov eax, 1 mov edi, dword [ref_00498e8c] ; mov edi, dword [0x498e8c] loc_00449788: cmp eax, edi jg short loc_004497b7 ; jg 0x4497b7 mov edx, eax shl edx, 3 mov ecx, edx shl edx, 3 sub edx, ecx mov ecx, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] cmp byte [ecx + edx + 0x19], 0 jne short loc_004497b4 ; jne 0x4497b4 mov ecx, eax add ecx, 0xfa0 mov word [esp + ebx*2], cx inc ebx loc_004497b4: inc eax jmp short loc_00449788 ; jmp 0x449788 loc_004497b7: call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv ebx xor eax, eax mov ax, word [esp + edx*2] mov dword [ref_0048c59c], eax ; mov dword [0x48c59c], eax cmp eax, 0x7d0 jle short loc_00449813 ; jle 0x449813 cmp eax, 0xfa0 jge short loc_00449813 ; jge 0x449813 sub eax, 0x7d0 imul eax, eax, 0x34 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] add ebx, eax lea eax, [ebx + 4] push eax lea eax, [esp + 0x484] push eax call fcn_00457d96 ; call 0x457d96 add esp, 8 movsx eax, word [ebx] shl eax, 0x10 movsx edx, word [ebx + 2] add eax, edx mov dword [ref_0048c5a0], eax ; mov dword [0x48c5a0], eax jmp short loc_00449855 ; jmp 0x449855 loc_00449813: mov eax, dword [ref_0048c59c] ; mov eax, dword [0x48c59c] sub eax, 0xfa0 shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] add ebx, eax lea eax, [ebx + 4] push eax lea eax, [esp + 0x484] push eax call fcn_00457d96 ; call 0x457d96 add esp, 8 movsx edx, word [ebx] shl edx, 0x10 movsx eax, word [ebx + 2] add edx, eax mov dword [ref_0048c5a0], edx ; mov dword [0x48c5a0], edx loc_00449855: lea eax, [esp + 0x480] push eax push ref_004654e4 ; push 0x4654e4 lea eax, [esp + 0x408] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x136 push 0x18 lea eax, [esp + 0x40c] push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 jmp short loc_004498a9 ; jmp 0x4498a9 loc_00449896: push 1 mov ecx, dword [ref_0048c59c] ; mov ecx, dword [0x48c59c] push ecx push 0xffffffffffffffff call fcn_0043bde5 ; call 0x43bde5 add esp, 0xc loc_004498a9: add esp, 0x494 pop edi pop esi pop ebx ret fcn_004498b3: push ebx push esi push edi push ebp sub esp, 0xa4 mov edx, dword [esp + 0xb8] test edx, edx jne near loc_00449a24 ; jne 0x449a24 push 0x10 push edx lea eax, [esp + 0x9c] push eax call memset ; call 0x456f60 add esp, 0xc mov eax, 1 loc_004498e4: cmp eax, dword [ref_00498e98] ; cmp eax, dword [0x498e98] jg short loc_0044990b ; jg 0x44990b imul ecx, eax, 0x34 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] mov dl, byte [ecx + edx + 0x19] and edx, 0xff je short loc_00449908 ; je 0x449908 inc dword [esp + edx*4 + 0x90] loc_00449908: inc eax jmp short loc_004498e4 ; jmp 0x4498e4 loc_0044990b: mov eax, 1 mov ebx, dword [ref_00498e8c] ; mov ebx, dword [0x498e8c] loc_00449916: cmp eax, ebx jg short loc_00449942 ; jg 0x449942 mov edx, eax shl edx, 3 mov ecx, edx shl edx, 3 sub edx, ecx mov ecx, dword [ref_00498e88] ; mov ecx, dword [0x498e88] mov dl, byte [ecx + edx + 0x19] and edx, 0xff je short loc_0044993f ; je 0x44993f inc dword [esp + edx*4 + 0x90] loc_0044993f: inc eax jmp short loc_00449916 ; jmp 0x449916 loc_00449942: xor eax, eax xor edx, edx mov edi, dword [_nplayers] ; mov edi, dword [0x499114] loc_0044994c: cmp eax, edi jge short loc_00449976 ; jge 0x449976 imul ecx, eax, 0x68 cmp byte [ecx + (_players+21)], 0 ; cmp byte [ecx + 0x496b7d], 0 je short loc_00449973 ; je 0x449973 mov ecx, eax shl ecx, 2 mov esi, dword [esp + ecx + 0x94] cmp edx, esi jge short loc_00449973 ; jge 0x449973 mov edx, esi mov dword [ref_0048c59c], eax ; mov dword [0x48c59c], eax loc_00449973: inc eax jmp short loc_0044994c ; jmp 0x44994c loc_00449976: imul eax, dword [ref_0048c59c], 0x68 ; imul eax, dword [0x48c59c], 0x68 mov edx, dword [eax + (_players+0)] ; mov edx, dword [eax + 0x496b68] push edx lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 sub eax, edx shl eax, 4 add eax, edx shl eax, 4 mov dword [ref_0048c5a0], eax ; mov dword [0x48c5a0], eax push eax lea eax, [esp + 0x84] push eax push ref_00465501 ; push 0x465501 loc_004499c1: lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0 push 0x136 push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x148 push 0x186 imul eax, dword [ref_0048c59c], 0x34 ; imul eax, dword [0x48c59c], 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x3c push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 loc_00449a19: add esp, 0xa4 pop ebp pop edi pop esi pop ebx ret loc_00449a24: push 2 imul eax, dword [ref_0048c59c], 0x68 ; imul eax, dword [0x48c59c], 0x68 xor edx, edx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 1 mov ebx, dword [ref_0048c5a0] ; mov ebx, dword [0x48c5a0] push ebx mov esi, dword [ref_0048c59c] ; mov esi, dword [0x48c59c] push esi call fcn_0041d3f4 ; call 0x41d3f4 add esp, 0xc mov edi, dword [ref_0048c59c] ; mov edi, dword [0x48c59c] push edi call fcn_0041d433 ; call 0x41d433 add esp, 4 mov ebp, dword [ref_0048c5a0] ; mov ebp, dword [0x48c5a0] push ebp mov eax, dword [ref_0048c59c] ; mov eax, dword [0x48c59c] push eax call fcn_0044f354 ; call 0x44f354 add esp, 8 jmp short loc_00449a19 ; jmp 0x449a19 fcn_00449a8a: push ebx push esi push edi push ebp sub esp, 0xa4 mov edx, dword [esp + 0xb8] test edx, edx jne short loc_00449a24 ; jne 0x449a24 push 0x10 push edx lea eax, [esp + 0x9c] push eax call memset ; call 0x456f60 add esp, 0xc mov eax, 1 loc_00449ab7: cmp eax, dword [ref_00498e98] ; cmp eax, dword [0x498e98] jg short loc_00449ade ; jg 0x449ade imul ecx, eax, 0x34 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] mov dl, byte [ecx + edx + 0x19] and edx, 0xff je short loc_00449adb ; je 0x449adb inc dword [esp + edx*4 + 0x90] loc_00449adb: inc eax jmp short loc_00449ab7 ; jmp 0x449ab7 loc_00449ade: mov eax, 1 mov ebx, dword [ref_00498e8c] ; mov ebx, dword [0x498e8c] loc_00449ae9: cmp eax, ebx jg short loc_00449b15 ; jg 0x449b15 mov edx, eax shl edx, 3 mov ecx, edx shl edx, 3 sub edx, ecx mov ecx, dword [ref_00498e88] ; mov ecx, dword [0x498e88] mov dl, byte [ecx + edx + 0x19] and edx, 0xff je short loc_00449b12 ; je 0x449b12 inc dword [esp + edx*4 + 0x90] loc_00449b12: inc eax jmp short loc_00449ae9 ; jmp 0x449ae9 loc_00449b15: xor eax, eax mov edx, 0x2710 mov edi, dword [_nplayers] ; mov edi, dword [0x499114] loc_00449b22: cmp eax, edi jge short loc_00449b4c ; jge 0x449b4c imul ecx, eax, 0x68 cmp byte [ecx + (_players+21)], 0 ; cmp byte [ecx + 0x496b7d], 0 je short loc_00449b49 ; je 0x449b49 mov ecx, eax shl ecx, 2 mov esi, dword [esp + ecx + 0x94] cmp edx, esi jle short loc_00449b49 ; jle 0x449b49 mov edx, esi mov dword [ref_0048c59c], eax ; mov dword [0x48c59c], eax loc_00449b49: inc eax jmp short loc_00449b22 ; jmp 0x449b22 loc_00449b4c: imul eax, dword [ref_0048c59c], 0x68 ; imul eax, dword [0x48c59c], 0x68 mov edx, dword [eax + (_players+0)] ; mov edx, dword [eax + 0x496b68] push edx lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 sub eax, edx shl eax, 4 add eax, edx shl eax, 3 mov dword [ref_0048c5a0], eax ; mov dword [0x48c5a0], eax push eax lea eax, [esp + 0x84] push eax push ref_00465528 ; push 0x465528 jmp near loc_004499c1 ; jmp 0x4499c1 fcn_00449b9c: push ebx push esi push edi push ebp sub esp, 0xa4 mov edx, dword [esp + 0xb8] test edx, edx jne near loc_00449a24 ; jne 0x449a24 push 0x10 push edx lea eax, [esp + 0x9c] push eax call memset ; call 0x456f60 add esp, 0xc xor esi, esi mov edx, dword [_nplayers] ; mov edx, dword [0x499114] loc_00449bd0: cmp esi, edx jge short loc_00449bf9 ; jge 0x449bf9 xor ecx, ecx loc_00449bd6: mov eax, esi shl eax, 2 sub eax, esi shl eax, 5 mov ebx, ecx mov eax, dword [eax + ebx*8 + _player_stocks] ; mov eax, dword [eax + ebx*8 + 0x4971a0] add dword [esp + esi*4 + 0x94], eax inc ecx cmp ecx, 0xc jl short loc_00449bd6 ; jl 0x449bd6 inc esi jmp short loc_00449bd0 ; jmp 0x449bd0 loc_00449bf9: xor esi, esi xor ecx, ecx loc_00449bfd: cmp esi, dword [_nplayers] ; cmp esi, dword [0x499114] jge short loc_00449c2c ; jge 0x449c2c imul eax, esi, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_00449c29 ; je 0x449c29 mov eax, esi shl eax, 2 mov ebx, dword [esp + eax + 0x94] cmp ecx, ebx jge short loc_00449c29 ; jge 0x449c29 mov ecx, ebx mov dword [ref_0048c59c], esi ; mov dword [0x48c59c], esi loc_00449c29: inc esi jmp short loc_00449bfd ; jmp 0x449bfd loc_00449c2c: imul eax, dword [ref_0048c59c], 0x68 ; imul eax, dword [0x48c59c], 0x68 mov edi, dword [eax + (_players+0)] ; mov edi, dword [eax + 0x496b68] push edi lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 sub eax, edx shl eax, 4 add eax, edx shl eax, 4 mov dword [ref_0048c5a0], eax ; mov dword [0x48c5a0], eax push eax lea eax, [esp + 0x84] push eax push ref_0046554f ; push 0x46554f jmp near loc_004499c1 ; jmp 0x4499c1 fcn_00449c7c: push ebx push esi push edi push ebp sub esp, 0x98 mov edi, 0x15a mov edx, dword [esp + 0xac] test edx, edx jne near loc_00449d9f ; jne 0x449d9f push edx push 0x136 push 0x18 push ref_00465578 ; push 0x465578 mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 3 push 0x101010 push 0xf0f0f0 push 0x18 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor ebx, ebx loc_00449cd2: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge near loc_0044972a ; jge 0x44972a imul edx, ebx, 0x68 cmp byte [edx + (_players+21)], 0 ; cmp byte [edx + 0x496b7d], 0 je near loc_00449d99 ; je 0x449d99 fild dword [edx + (_players+28)] ; fild dword [edx + 0x496b84] fmul qword [ref_004655a4] ; fmul qword [0x4655a4] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x94] mov esi, ebx shl esi, 2 mov eax, dword [esp + 0x94] mov dword [esi + ref_0048c59c], eax ; mov dword [esi + 0x48c59c], eax test eax, eax je short loc_00449d99 ; je 0x449d99 mov ecx, dword [edx + (_players+0)] ; mov ecx, dword [edx + 0x496b68] push ecx lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 mov ebp, dword [esi + ref_0048c59c] ; mov ebp, dword [esi + 0x48c59c] push ebp lea eax, [esp + 0x84] push eax push ref_00465592 ; push 0x465592 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0 push edi push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 lea eax, [edi + 0xc] push eax push 0x186 imul eax, ebx, 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x30 push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 add edi, 0x20 loc_00449d99: inc ebx jmp near loc_00449cd2 ; jmp 0x449cd2 loc_00449d9f: xor ebx, ebx loc_00449da1: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge near loc_0044972a ; jge 0x44972a cmp byte [ref_0046caf8], 0 ; cmp byte [0x46caf8], 0 jne near loc_0044972a ; jne 0x44972a imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_00449de3 ; je 0x449de3 mov eax, ebx shl eax, 2 mov esi, dword [eax + ref_0048c59c] ; mov esi, dword [eax + 0x48c59c] test esi, esi je short loc_00449de3 ; je 0x449de3 push 0 push esi push 0xffffffffffffffff push ebx call fcn_0041d2c6 ; call 0x41d2c6 add esp, 0x10 loc_00449de3: inc ebx jmp short loc_00449da1 ; jmp 0x449da1 fcn_00449de6: push ebx push esi push edi push ebp sub esp, 0xa8 mov edi, 0x15a mov edx, dword [esp + 0xbc] test edx, edx jne near loc_00449fdf ; jne 0x449fdf push 0x10 push edx lea eax, [esp + 0x9c] push eax call memset ; call 0x456f60 add esp, 0xc push 0 push 0x136 push 0x18 push ref_004655ac ; push 0x4655ac mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 3 push 0x101010 push 0xf0f0f0 push 0x18 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor esi, esi loc_00449e50: cmp esi, dword [_nplayers] ; cmp esi, dword [0x499114] jge near loc_0044a01e ; jge 0x44a01e imul eax, esi, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je near loc_00449fd9 ; je 0x449fd9 mov dword [esp + 0xa4], 1 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] loc_00449e7d: add edx, 0x34 mov eax, dword [esp + 0xa4] cmp eax, dword [ref_00498e98] ; cmp eax, dword [0x498e98] jg short loc_00449ec1 ; jg 0x449ec1 xor eax, eax mov al, byte [edx + 0x19] lea ecx, [esi + 1] cmp eax, ecx jne short loc_00449eb8 ; jne 0x449eb8 xor ebx, ebx mov bx, word [edx + 0x1e] xor ecx, ecx mov cl, byte [edx + 0x1a] imul ecx, ebx xor ebx, ebx mov bx, word [edx + 0x1c] add ecx, ebx add dword [esp + esi*4 + 0x94], ecx loc_00449eb8: inc dword [esp + 0xa4] jmp short loc_00449e7d ; jmp 0x449e7d loc_00449ec1: mov dword [esp + 0xa4], 1 mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] loc_00449ed2: add edx, 0x38 mov ebx, esi shl ebx, 2 mov eax, dword [esp + 0xa4] cmp eax, dword [ref_00498e8c] ; cmp eax, dword [0x498e8c] jg short loc_00449f1b ; jg 0x449f1b xor ecx, ecx mov cl, byte [edx + 0x19] lea eax, [esi + 1] cmp ecx, eax jne short loc_00449f12 ; jne 0x449f12 xor ecx, eax mov cx, word [edx + 0x24] xor eax, eax mov al, byte [edx + 0x1a] imul ecx, eax xor eax, eax mov ax, word [edx + 0x22] add eax, ecx add dword [esp + ebx + 0x94], eax loc_00449f12: inc dword [esp + 0xa4] jmp short loc_00449ed2 ; jmp 0x449ed2 loc_00449f1b: fild dword [esp + ebx + 0x94] fmul qword [ref_004655cc] ; fmul qword [0x4655cc] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0xa4] mov eax, dword [esp + 0xa4] mov ebp, dword [ref_004990e8] ; mov ebp, dword [0x4990e8] imul eax, ebp mov dword [esp + 0xa4], eax mov dword [ebx + ref_0048c59c], eax ; mov dword [ebx + 0x48c59c], eax test eax, eax je near loc_00449fd9 ; je 0x449fd9 imul eax, esi, 0x68 mov edx, dword [eax + (_players+0)] ; mov edx, dword [eax + 0x496b68] push edx lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 mov ecx, dword [ebx + ref_0048c59c] ; mov ecx, dword [ebx + 0x48c59c] push ecx lea eax, [esp + 0x84] push eax push ref_00465592 ; push 0x465592 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0 push edi push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 lea eax, [edi + 0xc] push eax push 0x186 imul eax, esi, 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x30 push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 add edi, 0x20 loc_00449fd9: inc esi jmp near loc_00449e50 ; jmp 0x449e50 loc_00449fdf: xor esi, esi loc_00449fe1: cmp esi, dword [_nplayers] ; cmp esi, dword [0x499114] jge short loc_0044a01e ; jge 0x44a01e cmp byte [ref_0046caf8], 0 ; cmp byte [0x46caf8], 0 jne short loc_0044a01e ; jne 0x44a01e imul eax, esi, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_0044a01b ; je 0x44a01b mov eax, esi shl eax, 2 mov ebx, dword [eax + ref_0048c59c] ; mov ebx, dword [eax + 0x48c59c] test ebx, ebx je short loc_0044a01b ; je 0x44a01b push 0 push ebx push 0xffffffffffffffff push esi call fcn_0041d2c6 ; call 0x41d2c6 add esp, 0x10 loc_0044a01b: inc esi jmp short loc_00449fe1 ; jmp 0x449fe1 loc_0044a01e: add esp, 0xa8 pop ebp pop edi pop esi pop ebx ret fcn_0044a029: push ebx push esi push edi push ebp sub esp, 0xa8 mov ebp, 0x15a lea edi, [esp + 0x94] mov esi, ref_00448b71 ; mov esi, 0x448b71 movsd ; movsd dword es:[edi], dword ptr [esi] movsd ; movsd dword es:[edi], dword ptr [esi] movsd ; movsd dword es:[edi], dword ptr [esi] movsd ; movsd dword es:[edi], dword ptr [esi] mov edx, dword [esp + 0xbc] test edx, edx jne near loc_0044a1d9 ; jne 0x44a1d9 push edx push 0x136 push 0x18 push ref_004655d4 ; push 0x4655d4 mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0 push 3 push 0x101010 push 0xf0f0f0 push 0x18 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor ebx, ebx loc_0044a08f: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_0044a01e ; jge 0x44a01e imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je near loc_0044a1d3 ; je 0x44a1d3 xor edx, edx mov dword [esp + 0xa4], edx jmp short loc_0044a0c6 ; jmp 0x44a0c6 loc_0044a0b2: mov esi, dword [esp + 0xa4] inc esi mov dword [esp + 0xa4], esi cmp esi, 0xc jge short loc_0044a110 ; jge 0x44a110 loc_0044a0c6: mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 5 mov edx, dword [esp + 0xa4] shl edx, 3 add eax, edx cmp dword [eax + _player_stocks], 0 ; cmp dword [eax + 0x4971a0], 0 je short loc_0044a0b2 ; je 0x44a0b2 fild dword [eax + _player_stocks] ; fild dword [eax + 0x4971a0] mov ecx, dword [esp + 0xa4] mov eax, ecx shl eax, 3 add eax, ecx fmul dword [eax*4 + (_stocks_on_map+20)] ; fmul dword [eax*4 + 0x496994] fadd dword [esp + ebx*4 + 0x94] fstp dword [esp + ebx*4 + 0x94] jmp short loc_0044a0b2 ; jmp 0x44a0b2 loc_0044a110: mov esi, ebx shl esi, 2 fld dword [esp + esi + 0x94] fmul qword [ref_004655f4] ; fmul qword [0x4655f4] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0xa4] mov eax, dword [esp + 0xa4] mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] imul eax, edx mov dword [esp + 0xa4], eax mov dword [esi + ref_0048c59c], eax ; mov dword [esi + 0x48c59c], eax test eax, eax je near loc_0044a1d3 ; je 0x44a1d3 imul eax, ebx, 0x68 mov edi, dword [eax + (_players+0)] ; mov edi, dword [eax + 0x496b68] push edi lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 mov eax, dword [esi + ref_0048c59c] ; mov eax, dword [esi + 0x48c59c] push eax lea eax, [esp + 0x84] push eax push ref_00465592 ; push 0x465592 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0 push ebp push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 lea eax, [ebp + 0xc] push eax push 0x186 imul eax, ebx, 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x30 push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 add ebp, 0x20 loc_0044a1d3: inc ebx jmp near loc_0044a08f ; jmp 0x44a08f loc_0044a1d9: xor ebx, ebx loc_0044a1db: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge near loc_0044a01e ; jge 0x44a01e cmp byte [ref_0046caf8], 0 ; cmp byte [0x46caf8], 0 jne near loc_0044a01e ; jne 0x44a01e imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_0044a21d ; je 0x44a21d mov eax, ebx shl eax, 2 mov esi, dword [eax + ref_0048c59c] ; mov esi, dword [eax + 0x48c59c] test esi, esi je short loc_0044a21d ; je 0x44a21d push 0 push esi push 0xffffffffffffffff push ebx call fcn_0041d2c6 ; call 0x41d2c6 add esp, 0x10 loc_0044a21d: inc ebx jmp short loc_0044a1db ; jmp 0x44a1db fcn_0044a220: push ebx push esi push edi push ebp sub esp, 0x98 cmp dword [esp + 0xac], 0 jne near loc_0044a2f5 ; jne 0x44a2f5 mov ebx, dword [ref_00498e98] ; mov ebx, dword [0x498e98] add ebx, dword [ref_00498e8c] ; add ebx, dword [0x498e8c] call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv ebx mov dword [ref_0048c59c], edx ; mov dword [0x48c59c], edx mov ecx, dword [ref_00498e98] ; mov ecx, dword [0x498e98] cmp edx, ecx jge short loc_0044a27a ; jge 0x44a27a lea eax, [edx + 1] lea edi, [edx + 0x7d1] mov dword [ref_0048c59c], edi ; mov dword [0x48c59c], edi imul eax, eax, 0x34 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] jmp short loc_0044a2a1 ; jmp 0x44a2a1 loc_0044a27a: mov eax, 0xfa1 sub eax, ecx lea esi, [edx + eax] mov dword [ref_0048c59c], esi ; mov dword [0x48c59c], esi lea eax, [esi - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, eax mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] loc_0044a2a1: add eax, edx add eax, 4 push eax lea eax, [esp + 0x84] push eax call fcn_00457d96 ; call 0x457d96 add esp, 8 lea eax, [esp + 0x80] push eax push ref_004655fc ; push 0x4655fc lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x136 push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 jmp near loc_0044972a ; jmp 0x44972a loc_0044a2f5: mov ecx, dword [ref_0048c59c] ; mov ecx, dword [0x48c59c] cmp ecx, 0x7d0 jle near loc_0044a3c2 ; jle 0x44a3c2 cmp ecx, 0xfa0 jge near loc_0044a3c2 ; jge 0x44a3c2 lea eax, [ecx - 0x7d0] imul eax, eax, 0x34 mov edi, dword [ref_00498e84] ; mov edi, dword [0x498e84] add edi, eax push 2 movsx eax, word [edi + 2] push eax movsx eax, word [edi] push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 1 call fcn_00409b18 ; call 0x409b18 add esp, 4 mov esi, 1 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] loc_0044a34c: add ebx, 0x34 cmp esi, dword [ref_00498e98] ; cmp esi, dword [0x498e98] jg near loc_00449725 ; jg 0x449725 lea eax, [ebx + 4] push eax lea eax, [edi + 4] push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne short loc_0044a3bf ; jne 0x44a3bf push 0xffff lea eax, [esi + 0x7d0] push eax push 0x2f440 mov eax, dword [ref_00474938] ; mov eax, dword [0x474938] push eax call fcn_00456c0a ; call 0x456c0a add esp, 0x10 xor eax, eax mov ax, word [ebx + 0x1c] mov dword [esp + 0x94], eax fild dword [esp + 0x94] fmul qword [ref_0046561c] ; fmul qword [0x46561c] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x94] mov eax, dword [esp + 0x94] mov word [ebx + 0x1c], ax loc_0044a3bf: inc esi jmp short loc_0044a34c ; jmp 0x44a34c loc_0044a3c2: mov esi, dword [ref_0048c59c] ; mov esi, dword [0x48c59c] cmp esi, 0xfa0 jle near loc_0044972a ; jle 0x44972a cmp esi, 0x1770 jge near loc_0044972a ; jge 0x44972a lea eax, [esi - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] add ebx, eax push 2 movsx eax, word [ebx + 2] push eax movsx eax, word [ebx] push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 1 call fcn_00409b18 ; call 0x409b18 add esp, 4 push 0xffff mov ebp, dword [ref_0048c59c] ; mov ebp, dword [0x48c59c] push ebp push 0x2f440 mov eax, dword [ref_00474938] ; mov eax, dword [0x474938] push eax call fcn_00456c0a ; call 0x456c0a add esp, 0x10 xor eax, eax mov ax, word [ebx + 0x22] mov dword [esp + 0x94], eax fild dword [esp + 0x94] fmul qword [ref_0046561c] ; fmul qword [0x46561c] jmp near loc_0044970e ; jmp 0x44970e fcn_0044a453: push ebx push esi push edi push ebp sub esp, 0x494 cmp dword [esp + 0x4a8], 0 jne near loc_0044a50f ; jne 0x44a50f xor esi, esi mov ebx, 1 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] mov ebp, dword [ref_00498e98] ; mov ebp, dword [0x498e98] loc_0044a47d: cmp ebx, ebp jg short loc_0044a493 ; jg 0x44a493 imul edx, ebx, 0x34 cmp byte [edx + eax + 0x1a], 0 je short loc_0044a490 ; je 0x44a490 mov word [esp + esi*2], bx inc esi loc_0044a490: inc ebx jmp short loc_0044a47d ; jmp 0x44a47d loc_0044a493: call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv esi mov ax, word [esp + edx*2] and eax, 0xffff mov dword [ref_0048c59c], eax ; mov dword [0x48c59c], eax imul edx, eax, 0x34 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add eax, edx add eax, 4 push eax lea eax, [esp + 0x484] push eax call fcn_00457d96 ; call 0x457d96 add esp, 8 lea eax, [esp + 0x480] push eax push ref_00465624 ; push 0x465624 lea eax, [esp + 0x408] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x136 push 0x18 lea eax, [esp + 0x40c] push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 jmp near loc_0044a5cb ; jmp 0x44a5cb loc_0044a50f: imul eax, dword [ref_0048c59c], 0x34 ; imul eax, dword [0x48c59c], 0x34 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] add eax, edx xor ebx, ebx mov bl, byte [eax + 0x19] movsx edx, word [eax] movsx eax, word [eax + 2] push 2 push eax push edx call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0 mov eax, dword [ref_0048c59c] ; mov eax, dword [0x48c59c] add eax, 0x7d0 push eax call fcn_0040ab4a ; call 0x40ab4a add esp, 8 push 0 push 0 push 0x20f mov esi, dword [ref_0048a0e4] ; mov esi, dword [0x48a0e4] push esi call fcn_00450441 ; call 0x450441 mov esi, eax add esp, 0x10 push 0x57 push 0x50001 push 0x28 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push esi call clib_free ; call 0x456e11 add esp, 4 push 0x12c call fcn_004528b9 ; call 0x4528b9 add esp, 4 test ebx, ebx je short loc_0044a5cb ; je 0x44a5cb dec ebx imul eax, ebx, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov esi, eax shl esi, 3 add esi, eax call clib_rand ; call 0x456f2d and eax, 1 mov edi, dword [esi + eax*4 + ref_00480856] ; mov edi, dword [esi + eax*4 + 0x480856] push edi push 2 push ebx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_0044a5cb: add esp, 0x494 pop ebp loc_0044a5d2: pop edi pop esi pop ebx ret fcn_0044a5d6: push ebx push esi push edi mov edi, 0x15a mov edx, dword [esp + 0x10] test edx, edx jne short loc_0044a5d2 ; jne 0x44a5d2 push edx push 0x136 push 0x18 push ref_00465645 ; push 0x465645 mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor esi, esi loc_0044a606: cmp esi, dword [_nplayers] ; cmp esi, dword [0x499114] jge short loc_0044a5d2 ; jge 0x44a5d2 imul ebx, esi, 0x68 cmp byte [ebx + (_players+21)], 0 ; cmp byte [ebx + 0x496b7d], 0 je short loc_0044a654 ; je 0x44a654 cmp byte [ebx + (_players+17)], 0 ; cmp byte [ebx + 0x496b79], 0 jne short loc_0044a654 ; jne 0x44a654 lea eax, [edi + 0xc] push eax push 0x186 imul eax, esi, 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x24 push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 mov byte [ebx + (_players+56)], 1 ; mov byte [ebx + 0x496ba0], 1 add edi, 0x20 loc_0044a654: inc esi jmp short loc_0044a606 ; jmp 0x44a606 fcn_0044a657: push ebx push esi push edi mov edi, 0x15a mov edx, dword [esp + 0x10] test edx, edx jne near loc_0044a5d2 ; jne 0x44a5d2 push edx push 0x136 push 0x18 push ref_00465662 ; push 0x465662 mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor esi, esi loc_0044a68b: cmp esi, dword [_nplayers] ; cmp esi, dword [0x499114] jge near loc_0044a5d2 ; jge 0x44a5d2 imul ebx, esi, 0x68 cmp byte [ebx + (_players+21)], 0 ; cmp byte [ebx + 0x496b7d], 0 je short loc_0044a6dd ; je 0x44a6dd cmp byte [ebx + (_players+17)], 0 ; cmp byte [ebx + 0x496b79], 0 je short loc_0044a6dd ; je 0x44a6dd lea eax, [edi + 0xc] push eax push 0x186 imul eax, esi, 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x24 push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 mov byte [ebx + (_players+56)], 1 ; mov byte [ebx + 0x496ba0], 1 add edi, 0x20 loc_0044a6dd: inc esi jmp short loc_0044a68b ; jmp 0x44a68b fcn_0044a6e0: push ebx push esi push edi push ebp sub esp, 0x94 cmp dword [esp + 0xa8], 0 jne near loc_0044a7b5 ; jne 0x44a7b5 mov ebx, dword [ref_00498e98] ; mov ebx, dword [0x498e98] add ebx, dword [ref_00498e8c] ; add ebx, dword [0x498e8c] call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv ebx mov dword [ref_0048c59c], edx ; mov dword [0x48c59c], edx mov ecx, dword [ref_00498e98] ; mov ecx, dword [0x498e98] cmp edx, ecx jge short loc_0044a73a ; jge 0x44a73a lea eax, [edx + 1] lea edi, [edx + 0x7d1] mov dword [ref_0048c59c], edi ; mov dword [0x48c59c], edi imul eax, eax, 0x34 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] jmp short loc_0044a761 ; jmp 0x44a761 loc_0044a73a: mov eax, 0xfa1 sub eax, ecx lea esi, [edx + eax] mov dword [ref_0048c59c], esi ; mov dword [0x48c59c], esi lea eax, [esi - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, eax mov eax, dword [ref_00498e88] ; mov eax, dword [0x498e88] loc_0044a761: add eax, edx add eax, 4 push eax lea eax, [esp + 0x84] push eax call fcn_00457d96 ; call 0x457d96 add esp, 8 lea eax, [esp + 0x80] push eax push ref_0046567f ; push 0x46567f lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x136 push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 jmp near loc_0044a913 ; jmp 0x44a913 loc_0044a7b5: mov ecx, dword [ref_0048c59c] ; mov ecx, dword [0x48c59c] cmp ecx, 0x7d0 jle near loc_0044a86d ; jle 0x44a86d cmp ecx, 0xfa0 jge near loc_0044a86d ; jge 0x44a86d lea eax, [ecx - 0x7d0] imul eax, eax, 0x34 mov edi, dword [ref_00498e84] ; mov edi, dword [0x498e84] add edi, eax push 2 movsx eax, word [edi + 2] push eax movsx eax, word [edi] push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 1 call fcn_00409b18 ; call 0x409b18 add esp, 4 mov esi, 1 mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] loc_0044a80c: add ebx, 0x34 cmp esi, dword [ref_00498e98] ; cmp esi, dword [0x498e98] jg near loc_0044a8f3 ; jg 0x44a8f3 lea eax, [ebx + 4] push eax lea eax, [edi + 4] push eax call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne short loc_0044a86a ; jne 0x44a86a push 0xffff lea eax, [esi + 0x7d0] push eax push 0x2f440 mov eax, dword [ref_00474938] ; mov eax, dword [0x474938] push eax call fcn_00456c0a ; call 0x456c0a add esp, 0x10 mov cl, byte [ebx + 0x1a] test cl, cl je short loc_0044a86a ; je 0x44a86a mov ch, cl dec ch mov byte [ebx + 0x1a], ch cmp byte [ebx + 0x18], 0 je short loc_0044a86a ; je 0x44a86a mov byte [ebx + 0x1a], 0 mov byte [ebx + 0x18], 0 loc_0044a86a: inc esi jmp short loc_0044a80c ; jmp 0x44a80c loc_0044a86d: mov esi, dword [ref_0048c59c] ; mov esi, dword [0x48c59c] cmp esi, 0xfa0 jle near loc_0044a8f3 ; jle 0x44a8f3 cmp esi, 0x1770 jge short loc_0044a8f3 ; jge 0x44a8f3 lea eax, [esi - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov ebx, dword [ref_00498e88] ; mov ebx, dword [0x498e88] add ebx, eax push 2 movsx eax, word [ebx + 2] push eax movsx eax, word [ebx] push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 1 call fcn_00409b18 ; call 0x409b18 add esp, 4 push 0xffff mov ebp, dword [ref_0048c59c] ; mov ebp, dword [0x48c59c] push ebp push 0x2f440 mov eax, dword [ref_00474938] ; mov eax, dword [0x474938] push eax call fcn_00456c0a ; call 0x456c0a add esp, 0x10 mov ah, byte [ebx + 0x1a] test ah, ah je short loc_0044a8f3 ; je 0x44a8f3 mov dl, ah dec dl mov byte [ebx + 0x1a], dl jne short loc_0044a8f3 ; jne 0x44a8f3 mov byte [ebx + 0x18], dl call fcn_0040dffa ; call 0x40dffa loc_0044a8f3: call fcn_00451985 ; call 0x451985 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0x1f4 call fcn_004528b9 ; call 0x4528b9 add esp, 4 loc_0044a913: add esp, 0x94 pop ebp pop edi pop esi pop ebx ret fcn_0044a91e: push ebx push esi push edi push ebp sub esp, 0x9c cmp dword [esp + 0xb0], 0 jne near loc_0044aa44 ; jne 0x44aa44 mov eax, dword [ref_00498e98] ; mov eax, dword [0x498e98] mov ebx, dword [ref_00498e8c] ; mov ebx, dword [0x498e8c] add ebx, eax call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv ebx mov dword [ref_0048c59c], edx ; mov dword [0x48c59c], edx mov esi, dword [ref_00498e98] ; mov esi, dword [0x498e98] cmp edx, esi jge short loc_0044a9a2 ; jge 0x44a9a2 lea eax, [edx + 1] add edx, 0x7d1 mov dword [ref_0048c59c], edx ; mov dword [0x48c59c], edx imul eax, eax, 0x34 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] add eax, edx add eax, 4 push eax lea eax, [esp + 0x84] push eax call fcn_00457d96 ; call 0x457d96 add esp, 8 mov eax, dword [ref_0048c59c] ; mov eax, dword [0x48c59c] sub eax, 0x7d0 imul eax, eax, 0x34 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] jmp short loc_0044a9f8 ; jmp 0x44a9f8 loc_0044a9a2: mov eax, 0xfa1 sub eax, esi lea ebp, [edx + eax] mov dword [ref_0048c59c], ebp ; mov dword [0x48c59c], ebp lea eax, [ebp - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] add eax, edx add eax, 4 push eax lea eax, [esp + 0x84] push eax call fcn_00457d96 ; call 0x457d96 add esp, 8 mov eax, dword [ref_0048c59c] ; mov eax, dword [0x48c59c] sub eax, 0xfa0 shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] loc_0044a9f8: mov al, byte [edx + eax + 0x19] and eax, 0xff mov dword [ref_0048c5a0], eax ; mov dword [0x48c5a0], eax lea eax, [esp + 0x80] push eax push ref_00465697 ; push 0x465697 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x136 push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 jmp near loc_0044ab21 ; jmp 0x44ab21 loc_0044aa44: lea eax, [esp + 0x98] push eax lea eax, [esp + 0x98] push eax mov ecx, dword [ref_0048c59c] ; mov ecx, dword [0x48c59c] push ecx call fcn_0040af12 ; call 0x40af12 add esp, 0xc push 2 mov ebx, dword [esp + 0x9c] push ebx mov esi, dword [esp + 0x9c] push esi call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 1 call fcn_00409b18 ; call 0x409b18 add esp, 4 push 0xffff mov edi, dword [ref_0048c59c] ; mov edi, dword [0x48c59c] push edi push 0x2f440 mov ebp, dword [ref_00474938] ; mov ebp, dword [0x474938] push ebp call fcn_00456c0a ; call 0x456c0a add esp, 0x10 push 1 mov eax, dword [ref_0048c59c] ; mov eax, dword [0x48c59c] push eax call fcn_0040ab4a ; call 0x40ab4a add esp, 8 call fcn_00451985 ; call 0x451985 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0x12c call fcn_004528b9 ; call 0x4528b9 add esp, 4 mov edx, dword [ref_0048c5a0] ; mov edx, dword [0x48c5a0] test edx, edx je short loc_0044ab21 ; je 0x44ab21 lea eax, [edx - 1] imul eax, eax, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov ebx, eax shl ebx, 3 add ebx, eax call clib_rand ; call 0x456f2d and eax, 1 mov ecx, dword [ebx + eax*4 + ref_00480856] ; mov ecx, dword [ebx + eax*4 + 0x480856] push ecx loc_0044ab10: push 2 mov eax, dword [ref_0048c5a0] ; mov eax, dword [0x48c5a0] dec eax push eax call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_0044ab21: add esp, 0x9c pop ebp pop edi pop esi pop ebx ret fcn_0044ab2c: push ebx push esi push edi sub esp, 0x9c cmp dword [esp + 0xac], 0 jne near loc_0044ac02 ; jne 0x44ac02 mov ebx, dword [ref_00498e98] ; mov ebx, dword [0x498e98] add ebx, dword [ref_00498e8c] ; add ebx, dword [0x498e8c] call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv ebx mov dword [ref_0048c59c], edx ; mov dword [0x48c59c], edx mov eax, edx mov edx, dword [ref_00498e98] ; mov edx, dword [0x498e98] cmp eax, edx jge short loc_0044ab83 ; jge 0x44ab83 inc eax add dword [ref_0048c59c], 0x7d1 ; add dword [0x48c59c], 0x7d1 imul eax, eax, 0x34 mov edx, dword [ref_00498e84] ; mov edx, dword [0x498e84] jmp short loc_0044abae ; jmp 0x44abae loc_0044ab83: mov eax, 0xfa1 sub eax, edx mov ebx, dword [ref_0048c59c] ; mov ebx, dword [0x48c59c] add ebx, eax mov dword [ref_0048c59c], ebx ; mov dword [0x48c59c], ebx lea eax, [ebx - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] loc_0044abae: add eax, edx add eax, 4 push eax lea eax, [esp + 0x84] push eax call fcn_00457d96 ; call 0x457d96 add esp, 8 lea eax, [esp + 0x80] push eax push ref_004656af ; push 0x4656af lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x136 push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 jmp near loc_0044ac8f ; jmp 0x44ac8f loc_0044ac02: lea eax, [esp + 0x94] push eax lea eax, [esp + 0x9c] push eax mov ecx, dword [ref_0048c59c] ; mov ecx, dword [0x48c59c] push ecx call fcn_0040af12 ; call 0x40af12 add esp, 0xc push 2 mov ebx, dword [esp + 0x98] push ebx mov esi, dword [esp + 0xa0] push esi call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0xffffffffffffffff push 0 push 6 push 0x64 call fcn_0040ac7b ; call 0x40ac7b add esp, 0x10 push 0 push 0 push 0x216 mov edi, dword [ref_0048a0e4] ; mov edi, dword [0x48a0e4] push edi call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x59 push 0x80001 push 0x28 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 push 0x1f4 call fcn_004528b9 ; call 0x4528b9 add esp, 4 loc_0044ac8f: add esp, 0x9c pop edi pop esi loc_0044ac97: pop ebx ret fcn_0044ac99: push ebx push esi push edi push ebp sub esp, 0x9c cmp dword [esp + 0xb0], 0 jne near loc_0044adbc ; jne 0x44adbc mov ebx, dword [ref_00498e98] ; mov ebx, dword [0x498e98] add ebx, dword [ref_00498e8c] ; add ebx, dword [0x498e8c] call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv ebx mov dword [ref_0048c59c], edx ; mov dword [0x48c59c], edx mov ebx, dword [ref_00498e98] ; mov ebx, dword [0x498e98] cmp edx, ebx jge short loc_0044ad1a ; jge 0x44ad1a lea eax, [edx + 1] lea ebp, [edx + 0x7d1] mov dword [ref_0048c59c], ebp ; mov dword [0x48c59c], ebp imul edx, eax, 0x34 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add eax, edx add eax, 4 push eax lea eax, [esp + 0x84] push eax call fcn_00457d96 ; call 0x457d96 add esp, 8 mov eax, dword [ref_0048c59c] ; mov eax, dword [0x48c59c] sub eax, 0x7d0 imul edx, eax, 0x34 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] jmp short loc_0044ad70 ; jmp 0x44ad70 loc_0044ad1a: mov eax, 0xfa1 sub eax, ebx lea edi, [edx + eax] mov dword [ref_0048c59c], edi ; mov dword [0x48c59c], edi lea eax, [edi - 0xfa0] shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] add eax, edx add eax, 4 push eax lea eax, [esp + 0x84] push eax call fcn_00457d96 ; call 0x457d96 add esp, 8 mov eax, dword [ref_0048c59c] ; mov eax, dword [0x48c59c] sub eax, 0xfa0 shl eax, 3 mov edx, eax shl eax, 3 sub eax, edx mov edx, dword [ref_00498e88] ; mov edx, dword [0x498e88] loc_0044ad70: mov al, byte [edx + eax + 0x19] and eax, 0xff mov dword [ref_0048c5a0], eax ; mov dword [0x48c5a0], eax lea eax, [esp + 0x80] push eax push ref_004656d0 ; push 0x4656d0 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x136 push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 jmp near loc_0044ab21 ; jmp 0x44ab21 loc_0044adbc: lea eax, [esp + 0x98] push eax lea eax, [esp + 0x98] push eax mov ecx, dword [ref_0048c59c] ; mov ecx, dword [0x48c59c] push ecx call fcn_0040af12 ; call 0x40af12 add esp, 0xc push 2 mov ebx, dword [esp + 0x9c] push ebx mov esi, dword [esp + 0x9c] push esi call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0 mov edi, dword [ref_0048c59c] ; mov edi, dword [0x48c59c] push edi call fcn_0040ab4a ; call 0x40ab4a add esp, 8 push 0 push 0 push 0x217 mov ebp, dword [ref_0048a0e4] ; mov ebp, dword [0x48a0e4] push ebp call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push 0x58 push 0x80001 push 0x28 push 0 push eax call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 push 0x12c call fcn_004528b9 ; call 0x4528b9 add esp, 4 mov eax, dword [ref_0048c5a0] ; mov eax, dword [0x48c5a0] test eax, eax je near loc_0044ab21 ; je 0x44ab21 dec eax imul eax, eax, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov ebx, eax shl ebx, 3 add ebx, eax call clib_rand ; call 0x456f2d and eax, 1 mov edx, dword [ebx + eax*4 + ref_00480856] ; mov edx, dword [ebx + eax*4 + 0x480856] push edx jmp near loc_0044ab10 ; jmp 0x44ab10 fcn_0044ae89: push ebx mov edx, dword [esp + 8] test edx, edx jne near loc_0044ac97 ; jne 0x44ac97 push edx push 0x136 push 0x18 push ref_004656ef ; push 0x4656ef mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor edx, edx mov bh, 0xf mov ecx, dword [_nplayers] ; mov ecx, dword [0x499114] loc_0044aebe: cmp edx, ecx jge near loc_0044ac97 ; jge 0x44ac97 imul eax, edx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_0044aed8 ; je 0x44aed8 mov byte [eax + (_players+60)], bh ; mov byte [eax + 0x496ba4], bh loc_0044aed8: inc edx jmp short loc_0044aebe ; jmp 0x44aebe fcn_0044aedb: push ebx push esi push edi push ebp sub esp, 0x98 mov edi, 0x15a mov edx, dword [esp + 0xac] test edx, edx jne near loc_0044972a ; jne 0x44972a push edx push 0x136 push 0x18 push ref_0046570b ; push 0x46570b mov ebx, dword [ref_0048c5ac] ; mov ebx, dword [0x48c5ac] add ebx, 0xc push ebx call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor esi, esi loc_0044af1a: cmp esi, dword [_nplayers] ; cmp esi, dword [0x499114] jge near loc_0044972a ; jge 0x44972a imul ebx, esi, 0x68 cmp byte [ebx + (_players+21)], 0 ; cmp byte [ebx + 0x496b7d], 0 je near loc_0044b004 ; je 0x44b004 mov ebp, dword [ebx + (_players+36)] ; mov ebp, dword [ebx + 0x496b8c] test ebp, ebp jne near loc_0044b004 ; jne 0x44b004 fild dword [ebx + (_players+32)] ; fild dword [ebx + 0x496b88] fmul qword [ref_00465734] ; fmul qword [0x465734] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x94] push ebp mov eax, dword [esp + 0x98] push eax push esi call fcn_0041d3f4 ; call 0x41d3f4 add esp, 0xc push ebp push 3 push 0x101010 push 0xf0f0f0 push 0x18 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov edx, dword [ebx + (_players+0)] ; mov edx, dword [ebx + 0x496b68] push edx lea ebx, [esp + 0x84] push ebx call fcn_00452946 ; call 0x452946 add esp, 8 mov ecx, dword [esp + 0x94] push ecx lea ebx, [esp + 0x84] push ebx push ref_00465727 ; push 0x465727 lea ebx, [esp + 0xc] push ebx call fcn_00457110 ; call 0x457110 add esp, 0x10 push ebp push edi push 0x18 lea ebx, [esp + 0xc] push ebx mov ebx, dword [ref_0048c5ac] ; mov ebx, dword [0x48c5ac] add ebx, 0xc push ebx call fcn_0044fabc ; call 0x44fabc add esp, 0x14 lea ebx, [edi + 0xc] push ebx push 0x186 imul ebx, esi, 0x34 mov ebx, dword [ebx + ref_00498eb0] ; mov ebx, dword [ebx + 0x498eb0] add ebx, 0x3c push ebx mov ebx, dword [ref_0048c5ac] ; mov ebx, dword [0x48c5ac] add ebx, 0xc push ebx call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 add edi, 0x20 loc_0044b004: inc esi jmp near loc_0044af1a ; jmp 0x44af1a fcn_0044b00a: push ebx mov edx, dword [esp + 8] test edx, edx jne short loc_0044b053 ; jne 0x44b053 push edx push 0x136 push 0x18 push ref_0046573c ; push 0x46573c mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor edx, edx mov bl, 1 loc_0044b035: mov eax, edx shl eax, 3 add eax, edx mov byte [eax*4 + (_stocks_on_map+7)], bl ; mov byte [eax*4 + 0x496987], bl inc edx cmp edx, 0xc jl short loc_0044b035 ; jl 0x44b035 push 0 call fcn_00429040 ; call 0x429040 add esp, 4 loc_0044b053: pop ebx ret fcn_0044b055: push ebx mov edx, dword [esp + 8] test edx, edx jne short loc_0044b09e ; jne 0x44b09e push edx push 0x136 push 0x18 push ref_00465756 ; push 0x465756 mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor edx, edx mov bl, 0x10 loc_0044b080: mov eax, edx shl eax, 3 add eax, edx mov byte [eax*4 + (_stocks_on_map+7)], bl ; mov byte [eax*4 + 0x496987], bl inc edx cmp edx, 0xc jl short loc_0044b080 ; jl 0x44b080 push 0 call fcn_00429040 ; call 0x429040 add esp, 4 loc_0044b09e: pop ebx ret fcn_0044b0a0: mov edx, dword [esp + 4] test edx, edx jne short loc_0044b0d0 ; jne 0x44b0d0 push edx push 0x136 push 0x18 push ref_00465770 ; push 0x465770 mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov dword [ref_004990dc], 0xa ; mov dword [0x4990dc], 0xa loc_0044b0d0: ret fcn_0044b0d1: push ebx push esi sub esp, 0x94 cmp dword [esp + 0xa0], 0 jne near loc_0044b19a ; jne 0x44b19a call clib_rand ; call 0x456f2d mov edx, eax mov ebx, 0xc sar edx, 0x1f idiv ebx mov esi, edx mov ebx, edx shl ebx, 3 add ebx, edx shl ebx, 2 mov ecx, dword [ebx + (_stocks_on_map+0)] ; mov ecx, dword [ebx + 0x496980] push ecx lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 lea eax, [esp + 0x80] push eax push ref_00465788 ; push 0x465788 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x136 push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov byte [ebx + (_stocks_on_map+6)], 0xf ; mov byte [ebx + 0x496986], 0xf mov edx, dword [ref_00499100] ; mov edx, dword [0x499100] dec edx test edx, edx jge short loc_0044b16b ; jge 0x44b16b mov edx, 0x8f loc_0044b16b: mov ebx, esi mov eax, esi shl eax, 3 add eax, esi mov ecx, dword [eax*4 + (_stocks_on_map+16)] ; mov ecx, dword [eax*4 + 0x496990] mov dword [eax*4 + (_stocks_on_map+20)], ecx ; mov dword [eax*4 + 0x496994], ecx fld dword [eax*4 + (_stocks_on_map+20)] ; fld dword [eax*4 + 0x496994] shl ebx, 3 add ebx, esi shl ebx, 6 mov eax, edx fstp dword [ebx + eax*4 + ref_00497328] ; fstp dword [ebx + eax*4 + 0x497328] loc_0044b19a: add esp, 0x94 pop esi pop ebx ret fcn_0044b1a3: push ebx sub esp, 0xc4 mov edx, dword [esp + 0xcc] test edx, edx jne near loc_0044b253 ; jne 0x44b253 xor ebx, ebx jmp short loc_0044b1c3 ; jmp 0x44b1c3 loc_0044b1bd: inc edx cmp edx, 0xc jge short loc_0044b1de ; jge 0x44b1de loc_0044b1c3: mov eax, edx shl eax, 3 add eax, edx cmp byte [eax*4 + (_stocks_on_map+6)], 0 ; cmp byte [eax*4 + 0x496986], 0 je short loc_0044b1bd ; je 0x44b1bd mov dword [esp + ebx*4 + 0x80], edx inc ebx jmp short loc_0044b1bd ; jmp 0x44b1bd loc_0044b1de: call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv ebx mov edx, dword [esp + edx*4 + 0x80] mov ebx, edx shl ebx, 3 add ebx, edx shl ebx, 2 mov ecx, dword [ebx + (_stocks_on_map+0)] ; mov ecx, dword [ebx + 0x496980] push ecx lea eax, [esp + 0xb4] push eax call fcn_00452946 ; call 0x452946 add esp, 8 lea eax, [esp + 0xb0] push eax push ref_004657a2 ; push 0x4657a2 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x136 push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor ch, ch mov byte [ebx + (_stocks_on_map+6)], ch ; mov byte [ebx + 0x496986], ch loc_0044b253: add esp, 0xc4 pop ebx ret fcn_0044b25b: push ebx push esi push ebp sub esp, 0xc4 cmp dword [esp + 0xd4], 0 jne near loc_0044b323 ; jne 0x44b323 mov eax, 1 xor ebx, ebx mov edx, dword [ref_00498e7c] ; mov edx, dword [0x498e7c] mov esi, dword [ref_00498e90] ; mov esi, dword [0x498e90] loc_0044b285: cmp eax, esi jg short loc_0044b29e ; jg 0x44b29e imul ecx, eax, 0x34 cmp byte [ecx + edx + 0x18], 0 je short loc_0044b29b ; je 0x44b29b mov dword [esp + ebx*4 + 0x80], eax inc ebx loc_0044b29b: inc eax jmp short loc_0044b285 ; jmp 0x44b285 loc_0044b29e: call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv ebx imul ebx, dword [esp + edx*4 + 0x80], 0x34 mov eax, dword [ref_00498e7c] ; mov eax, dword [0x498e7c] add ebx, eax xor eax, eax mov al, byte [ebx + 0x18] dec eax imul eax, eax, 0x68 mov ebp, dword [eax + (_players+0)] ; mov ebp, dword [eax + 0x496b68] push ebp lea eax, [esp + 0xb4] push eax call fcn_00452946 ; call 0x452946 add esp, 8 lea eax, [esp + 0xb0] push eax lea eax, [ebx + 4] push eax push ref_004657ba ; push 0x4657ba lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0 push 0x136 push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 xor eax, eax mov al, byte [ebx + 0x18] dec eax mov dword [ref_0048c59c], eax ; mov dword [0x48c59c], eax jmp short loc_0044b36a ; jmp 0x44b36a loc_0044b323: push 2 imul eax, dword [ref_0048c59c], 0x68 ; imul eax, dword [0x48c59c], 0x68 xor edx, edx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov ebx, dword [ref_0048c59c] ; mov ebx, dword [0x48c59c] push ebx call fcn_00441210 ; call 0x441210 add esp, 4 cmp eax, 0xffffffff je short loc_0044b36a ; je 0x44b36a push 5 push eax call fcn_0043d593 ; call 0x43d593 add esp, 8 loc_0044b36a: add esp, 0xc4 pop ebp pop esi pop ebx ret fcn_0044b374: push ebx sub esp, 0x80 cmp dword [esp + 0x88], 0 jne near loc_0044b411 ; jne 0x44b411 call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv dword [ref_00498e90] ; idiv dword [0x498e90] inc edx imul ebx, edx, 0x34 mov eax, dword [ref_00498e7c] ; mov eax, dword [0x498e7c] add ebx, eax lea eax, [ebx + 4] push eax push ref_004657db ; push 0x4657db loc_0044b3ad: lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x136 push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 sub dword [ebx + 0x28], 0x2710 sub dword [ebx + 0x2c], 0x2710 loc_0044b3e7: mov ah, byte [ebx + 0x19] cmp ah, 0xc jae short loc_0044b411 ; jae 0x44b411 xor edx, edx mov dl, ah mov eax, edx shl eax, 3 add eax, edx mov byte [eax*4 + (_stocks_on_map+7)], 3 ; mov byte [eax*4 + 0x496987], 3 loc_0044b402: xor eax, eax mov al, byte [ebx + 0x19] inc eax push eax call fcn_00429040 ; call 0x429040 add esp, 4 loc_0044b411: add esp, 0x80 pop ebx ret fcn_0044b419: push ebx sub esp, 0x80 cmp dword [esp + 0x88], 0 jne short loc_0044b411 ; jne 0x44b411 call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv dword [ref_00498e90] ; idiv dword [0x498e90] inc edx imul ebx, edx, 0x34 mov eax, dword [ref_00498e7c] ; mov eax, dword [0x498e7c] add ebx, eax lea eax, [ebx + 4] push eax push ref_004657fb ; push 0x4657fb lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x136 push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 add dword [ebx + 0x28], 0x4e20 add dword [ebx + 0x2c], 0x4e20 mov ah, byte [ebx + 0x19] cmp ah, 0xc jae short loc_0044b411 ; jae 0x44b411 xor edx, edx mov dl, ah mov eax, edx shl eax, 3 add eax, edx mov byte [eax*4 + (_stocks_on_map+7)], 0x30 ; mov byte [eax*4 + 0x496987], 0x30 jmp near loc_0044b402 ; jmp 0x44b402 fcn_0044b4a8: push ebx sub esp, 0x80 cmp dword [esp + 0x88], 0 jne near loc_0044b411 ; jne 0x44b411 call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv dword [ref_00498e90] ; idiv dword [0x498e90] inc edx imul ebx, edx, 0x34 mov eax, dword [ref_00498e7c] ; mov eax, dword [0x498e7c] add ebx, eax lea eax, [ebx + 4] push eax push ref_00465817 ; push 0x465817 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x136 push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 sub dword [ebx + 0x28], 0x4e20 sub dword [ebx + 0x2c], 0x4e20 mov ah, byte [ebx + 0x19] cmp ah, 0xc jae near loc_0044b411 ; jae 0x44b411 xor edx, edx mov dl, ah mov eax, edx shl eax, 3 add eax, edx mov byte [eax*4 + (_stocks_on_map+7)], 4 ; mov byte [eax*4 + 0x496987], 4 jmp near loc_0044b402 ; jmp 0x44b402 fcn_0044b53f: push ebx sub esp, 0x80 cmp dword [esp + 0x88], 0 jne near loc_0044b411 ; jne 0x44b411 call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv dword [ref_00498e90] ; idiv dword [0x498e90] inc edx imul ebx, edx, 0x34 mov eax, dword [ref_00498e7c] ; mov eax, dword [0x498e7c] add ebx, eax lea eax, [ebx + 4] push eax push ref_00465833 ; push 0x465833 jmp near loc_0044b3ad ; jmp 0x44b3ad fcn_0044b57d: push ebx sub esp, 0x80 cmp dword [esp + 0x88], 0 jne near loc_0044b411 ; jne 0x44b411 call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv dword [ref_00498e90] ; idiv dword [0x498e90] inc edx imul ebx, edx, 0x34 mov eax, dword [ref_00498e7c] ; mov eax, dword [0x498e7c] add ebx, eax lea eax, [ebx + 4] push eax push ref_00465855 ; push 0x465855 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x136 push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 sub dword [ebx + 0x28], 0x1388 sub dword [ebx + 0x2c], 0x1388 jmp near loc_0044b3e7 ; jmp 0x44b3e7 fcn_0044b5f5: push ebx push esi sub esp, 0xa0 cmp dword [esp + 0xac], 0 jne near loc_0044b6d6 ; jne 0x44b6d6 mov eax, 1 xor ebx, ebx mov edx, dword [ref_00498e7c] ; mov edx, dword [0x498e7c] loc_0044b618: cmp eax, dword [ref_00498e90] ; cmp eax, dword [0x498e90] jg short loc_0044b639 ; jg 0x44b639 imul ecx, eax, 0x34 cmp dword [ecx + edx + 0x28], 0x2710 jle short loc_0044b636 ; jle 0x44b636 mov word [esp + ebx*2 + 0x80], ax inc ebx loc_0044b636: inc eax jmp short loc_0044b618 ; jmp 0x44b618 loc_0044b639: call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv ebx xor eax, eax mov ax, word [esp + edx*2 + 0x80] imul eax, eax, 0x34 mov esi, dword [ref_00498e7c] ; mov esi, dword [0x498e7c] add esi, eax lea eax, [esi + 4] push eax push ref_00465874 ; push 0x465874 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x136 push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov ebx, dword [esi + 0x28] lea eax, [ebx + ebx] mov dword [esi + 0x28], eax add dword [esi + 0x2c], eax cmp byte [esi + 0x19], 0xc jae short loc_0044b6d6 ; jae 0x44b6d6 mov ecx, 0x2710 mov eax, ebx mov edx, ebx sar edx, 0x1f idiv ecx shl eax, 4 mov bl, al xor edx, edx mov dl, byte [esi + 0x19] mov eax, edx shl eax, 3 add eax, edx mov byte [eax*4 + (_stocks_on_map+7)], bl ; mov byte [eax*4 + 0x496987], bl xor eax, eax mov al, byte [esi + 0x19] inc eax push eax call fcn_00429040 ; call 0x429040 add esp, 4 loc_0044b6d6: add esp, 0xa0 pop esi pop ebx ret fcn_0044b6df: push ebx push esi push edi push ebp sub esp, 0x14 push 0 push 0 push 0x42 mov edx, dword [ref_0048a05c] ; mov edx, dword [0x48a05c] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c5ac], eax ; mov dword [0x48c5ac], eax push 0 push 0 push 0xfb push 0x184 call fcn_00451a5a ; call 0x451a5a add esp, 0x10 mov esi, eax loc_0044b718: mov ebx, dword [ref_004990e0] ; mov ebx, dword [0x4990e0] mov bl, byte [ebx + ref_00499090] ; mov bl, byte [ebx + 0x499090] and ebx, 0xff push ebx call fcn_00448be2 ; call 0x448be2 mov edi, eax add esp, 4 mov ebp, eax push 0 push 3 push 0x101010 push 0xf0f0f0 push 0x1c call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 cmp edi, 1 jne short loc_0044b7c7 ; jne 0x44b7c7 push 0 mov ecx, dword [esi + 8] push ecx lea edi, [ebx + 0x1b9] push edi mov edi, dword [ref_0048a0e4] ; mov edi, dword [0x48a0e4] push edi call fcn_00450441 ; call 0x450441 add esp, 0x10 push 0x2c push 0x19 push esi mov edi, dword [ref_0048c5ac] ; mov edi, dword [0x48c5ac] add edi, 0xc push edi call fcn_00456280 ; call 0x456280 add esp, 0x10 push esi call clib_free ; call 0x456e11 add esp, 4 push 0 push 8 push 0x18 movzx edi, byte [ebx + ref_00475eb4] ; movzx edi, byte [ebx + 0x475eb4] mov eax, dword [edi*4 + ref_00475ed8] ; mov eax, dword [edi*4 + 0x475ed8] push eax mov edi, dword [ref_0048c5ac] ; mov edi, dword [0x48c5ac] add edi, 0xc push edi call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov dword [esp + 0x10], ebx push 0 call dword [ebx*4 + ref_00475e24] ; ucall: call dword [ebx*4 + 0x475e24] add esp, 4 loc_0044b7c7: mov edx, dword [ref_004990e0] ; mov edx, dword [0x4990e0] inc edx mov dword [ref_004990e0], edx ; mov dword [0x4990e0], edx cmp edx, 0x24 jne short loc_0044b7e1 ; jne 0x44b7e1 xor ebx, ebx mov dword [ref_004990e0], ebx ; mov dword [0x4990e0], ebx loc_0044b7e1: test ebp, ebp je near loc_0044b718 ; je 0x44b718 mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] mov eax, dword [ebx] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push ebx call dword [eax + 0x64] ; ucall push 0 push 0 mov eax, dword [ref_0048c5ac] ; mov eax, dword [0x48c5ac] add eax, 0xc push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] mov eax, dword [ebx] push 0 push ebx call dword [eax + 0x80] ; ucall xor edi, edi mov dword [esp], edi mov dword [esp + 4], edi mov dword [esp + 8], 0x1b8 mov dword [esp + 0xc], 0x1e0 mov ebx, dword [ref_0048a0dc] ; mov ebx, dword [0x48a0dc] mov eax, dword [ebx] push 0x10 lea esi, [esp + 4] push esi mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx push edi push edi push ebx call dword [eax + 0x1c] ; ucall push 0x960 call fcn_004544f6 ; call 0x4544f6 add esp, 4 mov eax, dword [esp + 0x10] push 1 call dword [eax*4 + ref_00475e24] ; ucall: call dword [eax*4 + 0x475e24] add esp, 4 mov ebx, dword [ref_0048c5ac] ; mov ebx, dword [0x48c5ac] push ebx call clib_free ; call 0x456e11 add esp, 4 add esp, 0x14 pop ebp pop edi pop esi pop ebx ret fcn_0044b896: push ebx push esi push edi push ebp xor ebx, ebx xor ah, ah mov byte [ref_0048c5b8], ah ; mov byte [0x48c5b8], ah imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp dword [esp + 0x14], 0 jne near loc_0044b9d3 ; jne 0x44b9d3 cmp dword [esp + 0x18], 0 jne near loc_0044b94b ; jne 0x44b94b mov si, word [eax + (_players+70)] ; mov si, word [eax + 0x496bae] cmp si, 0x64 jle short loc_0044b8d5 ; jle 0x44b8d5 mov ebx, 2 jmp short loc_0044b8fa ; jmp 0x44b8fa loc_0044b8d5: cmp si, 0x32 jle short loc_0044b8e9 ; jle 0x44b8e9 call clib_rand ; call 0x456f2d mov ebx, eax and ebx, 1 add ebx, ebx jmp short loc_0044b8f5 ; jmp 0x44b8f5 loc_0044b8e9: test si, si jge short loc_0044b8f5 ; jge 0x44b8f5 mov ebx, 1 jmp short loc_0044b927 ; jmp 0x44b927 loc_0044b8f5: cmp ebx, 2 jne short loc_0044b91e ; jne 0x44b91e loc_0044b8fa: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov al, byte [eax + (_players+63)] ; mov al, byte [eax + 0x496ba7] and eax, 0xff mov ebp, dword [eax*4 + ref_0047ed76] ; mov ebp, dword [eax*4 + 0x47ed76] push ebp push ref_00465888 ; push 0x465888 jmp near loc_0044ba4f ; jmp 0x44ba4f loc_0044b91e: cmp ebx, 1 jne near loc_0044ba5c ; jne 0x44ba5c loc_0044b927: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov al, byte [eax + (_players+63)] ; mov al, byte [eax + 0x496ba7] and eax, 0xff mov esi, dword [eax*4 + ref_0047ed76] ; mov esi, dword [eax*4 + 0x47ed76] push esi push ref_0046589b ; push 0x46589b jmp near loc_0044ba4f ; jmp 0x44ba4f loc_0044b94b: mov di, word [eax + (_players+70)] ; mov di, word [eax + 0x496bae] cmp di, 0x64 jle short loc_0044b95f ; jle 0x44b95f mov ebx, 1 jmp short loc_0044b9af ; jmp 0x44b9af loc_0044b95f: cmp di, 0x32 jle short loc_0044b971 ; jle 0x44b971 call clib_rand ; call 0x456f2d mov ebx, eax and ebx, 1 jmp short loc_0044b97d ; jmp 0x44b97d loc_0044b971: test di, di jge short loc_0044b97d ; jge 0x44b97d mov ebx, 2 jmp short loc_0044b982 ; jmp 0x44b982 loc_0044b97d: cmp ebx, 2 jne short loc_0044b9a6 ; jne 0x44b9a6 loc_0044b982: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov al, byte [eax + (_players+63)] ; mov al, byte [eax + 0x496ba7] and eax, 0xff mov edi, dword [eax*4 + ref_0047ed76] ; mov edi, dword [eax*4 + 0x47ed76] push edi push ref_004658ae ; push 0x4658ae jmp near loc_0044ba4f ; jmp 0x44ba4f loc_0044b9a6: cmp ebx, 1 jne near loc_0044ba5c ; jne 0x44ba5c loc_0044b9af: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov al, byte [eax + (_players+63)] ; mov al, byte [eax + 0x496ba7] and eax, 0xff mov edx, dword [eax*4 + ref_0047ed76] ; mov edx, dword [eax*4 + 0x47ed76] push edx push ref_004658c1 ; push 0x4658c1 jmp near loc_0044ba4f ; jmp 0x44ba4f loc_0044b9d3: mov dx, word [eax + (_players+72)] ; mov dx, word [eax + 0x496bb0] cmp dx, 0x64 jle short loc_0044b9e7 ; jle 0x44b9e7 mov ebx, 1 jmp short loc_0044ba30 ; jmp 0x44ba30 loc_0044b9e7: cmp dx, 0x32 jle short loc_0044b9f9 ; jle 0x44b9f9 call clib_rand ; call 0x456f2d mov ebx, eax and ebx, 1 jmp short loc_0044ba05 ; jmp 0x44ba05 loc_0044b9f9: test dx, dx jge short loc_0044ba05 ; jge 0x44ba05 mov ebx, 2 jmp short loc_0044ba0a ; jmp 0x44ba0a loc_0044ba05: cmp ebx, 2 jne short loc_0044ba2b ; jne 0x44ba2b loc_0044ba0a: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov al, byte [eax + (_players+63)] ; mov al, byte [eax + 0x496ba7] and eax, 0xff mov edi, dword [eax*4 + ref_0047ed76] ; mov edi, dword [eax*4 + 0x47ed76] push edi push ref_004658d4 ; push 0x4658d4 jmp short loc_0044ba4f ; jmp 0x44ba4f loc_0044ba2b: cmp ebx, 1 jne short loc_0044ba5c ; jne 0x44ba5c loc_0044ba30: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 mov al, byte [eax + (_players+63)] ; mov al, byte [eax + 0x496ba7] and eax, 0xff mov edx, dword [eax*4 + ref_0047ed76] ; mov edx, dword [eax*4 + 0x47ed76] push edx push ref_004658e7 ; push 0x4658e7 loc_0044ba4f: push ref_0048c5b8 ; push 0x48c5b8 call fcn_00457110 ; call 0x457110 add esp, 0xc loc_0044ba5c: mov eax, ebx pop ebp pop edi pop esi pop ebx ret fcn_0044ba63: push ebx push esi push ebp sub esp, 0x80 imul eax, dword [esp + 0x90], 0x68 cmp byte [eax + (_players+62)], 0 ; cmp byte [eax + 0x496ba6], 0 je short loc_0044bae0 ; je 0x44bae0 mov ebx, 1 mov edx, dword [ref_00498e7c] ; mov edx, dword [0x498e7c] loc_0044ba88: cmp ebx, dword [ref_00498e90] ; cmp ebx, dword [0x498e90] jg short loc_0044ba9d ; jg 0x44ba9d imul eax, ebx, 0x34 cmp byte [edx + eax + 0x1a], 4 je short loc_0044ba9d ; je 0x44ba9d inc ebx jmp short loc_0044ba88 ; jmp 0x44ba88 loc_0044ba9d: mov esi, dword [esp + 0x94] push esi push ref_004658fa ; push 0x4658fa lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0x7d0 lea eax, [esp + 4] push eax call fcn_00440cac ; call 0x440cac add esp, 8 push 1 push esi mov ebp, dword [esp + 0x98] push ebp add ebx, 0x64 push ebx call fcn_0041d2c6 ; call 0x41d2c6 add esp, 0x10 loc_0044bae0: add esp, 0x80 pop ebp pop esi pop ebx ret fcn_0044baea: push ebx push esi sub esp, 0x28 push 0x25 push 0 lea eax, [esp + 8] push eax call memset ; call 0x456f60 add esp, 0xc xor ebx, ebx mov esi, 0x25 jmp short loc_0044bb1a ; jmp 0x44bb1a loc_0044bb09: mov byte [esp + eax], 1 mov byte [ebx + ref_00496b38], al ; mov byte [ebx + 0x496b38], al inc ebx dec esi cmp ebx, 0x25 jge short loc_0044bb3d ; jge 0x44bb3d loc_0044bb1a: call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv esi xor eax, eax jmp short loc_0044bb30 ; jmp 0x44bb30 loc_0044bb2a: inc eax cmp eax, 0x25 jge short loc_0044bb09 ; jge 0x44bb09 loc_0044bb30: cmp byte [esp + eax], 0 jne short loc_0044bb37 ; jne 0x44bb37 dec edx loc_0044bb37: test edx, edx jl short loc_0044bb09 ; jl 0x44bb09 jmp short loc_0044bb2a ; jmp 0x44bb2a loc_0044bb3d: xor edx, edx mov dword [ref_004990b4], edx ; mov dword [0x4990b4], edx add esp, 0x28 pop esi pop ebx ret fcn_0044bb4b: push ebx push esi push edi push ebp mov edx, dword [esp + 0x14] mov edi, 1 xor ecx, ecx mov ebx, dword [edx] cmp ebx, 0xc jb short loc_0044bbb4 ; jb 0x44bbb4 jbe near loc_0044bd35 ; jbe 0x44bd35 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp ebx, 0x10 jb short loc_0044bba0 ; jb 0x44bba0 jbe near loc_0044bded ; jbe 0x44bded cmp ebx, 0x22 jb short loc_0044bb9b ; jb 0x44bb9b jbe near loc_0044be03 ; jbe 0x44be03 cmp ebx, 0x23 jbe near loc_0044be03 ; jbe 0x44be03 cmp ebx, 0x24 loc_0044bb90: je near loc_0044be03 ; je 0x44be03 jmp near loc_0044be0f ; jmp 0x44be0f loc_0044bb9b: cmp ebx, 0x21 jmp short loc_0044bb90 ; jmp 0x44bb90 loc_0044bba0: cmp ebx, 0xe jb near loc_0044bd76 ; jb 0x44bd76 jbe near loc_0044bda8 ; jbe 0x44bda8 jmp near loc_0044bdd1 ; jmp 0x44bdd1 loc_0044bbb4: cmp ebx, 8 jb short loc_0044bbd3 ; jb 0x44bbd3 jbe near loc_0044bc84 ; jbe 0x44bc84 cmp ebx, 0xa jb near loc_0044bc84 ; jb 0x44bc84 jbe near loc_0044bcb1 ; jbe 0x44bcb1 jmp near loc_0044bcf4 ; jmp 0x44bcf4 loc_0044bbd3: cmp ebx, edi jb short loc_0044bbe7 ; jb 0x44bbe7 jbe short loc_0044bc2f ; jbe 0x44bc2f cmp ebx, 5 je near loc_0044bc5e ; je 0x44bc5e jmp near loc_0044be0f ; jmp 0x44be0f loc_0044bbe7: test ebx, ebx jne near loc_0044be0f ; jne 0x44be0f mov ebx, edi mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add eax, 0x34 mov ebp, dword [ref_00498e98] ; mov ebp, dword [0x498e98] loc_0044bbff: cmp ebx, ebp jg short loc_0044bc22 ; jg 0x44bc22 movzx esi, byte [eax + 0x19] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] inc edx cmp esi, edx jne short loc_0044bc1c ; jne 0x44bc1c cmp byte [eax + 0x1a], 0 jne near loc_0044be0f ; jne 0x44be0f loc_0044bc1c: inc ebx add eax, 0x34 jmp short loc_0044bbff ; jmp 0x44bbff loc_0044bc22: test ecx, ecx loc_0044bc24: jne near loc_0044be0f ; jne 0x44be0f jmp near loc_0044be0d ; jmp 0x44be0d loc_0044bc2f: mov ebx, edi mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] loc_0044bc36: add eax, 0x34 cmp ebx, dword [ref_00498e98] ; cmp ebx, dword [0x498e98] jg short loc_0044bc22 ; jg 0x44bc22 xor edx, edx mov dl, byte [eax + 0x19] mov esi, dword [_current_player] ; mov esi, dword [0x49910c] inc esi cmp edx, esi jne short loc_0044bc5b ; jne 0x44bc5b cmp byte [eax + 0x1a], 0 je near loc_0044be0f ; je 0x44be0f loc_0044bc5b: inc ebx jmp short loc_0044bc36 ; jmp 0x44bc36 loc_0044bc5e: xor ebx, ebx xor esi, esi loc_0044bc62: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_0044bc80 ; jge 0x44bc80 cmp ebx, dword [_current_player] ; cmp ebx, dword [0x49910c] je short loc_0044bc7d ; je 0x44bc7d push ebx call fcn_00441262 ; call 0x441262 add esp, 4 add esi, eax loc_0044bc7d: inc ebx jmp short loc_0044bc62 ; jmp 0x44bc62 loc_0044bc80: test esi, esi jmp short loc_0044bc24 ; jmp 0x44bc24 loc_0044bc84: xor ebx, ebx jmp short loc_0044bc8e ; jmp 0x44bc8e loc_0044bc88: inc ebx cmp ebx, 0xc jge short loc_0044bc22 ; jge 0x44bc22 loc_0044bc8e: mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 5 mov eax, ebx cmp dword [edx + eax*8 + _player_stocks], 0 ; cmp dword [edx + eax*8 + 0x4971a0], 0 je short loc_0044bc88 ; je 0x44bc88 jmp near loc_0044be0f ; jmp 0x44be0f loc_0044bcb1: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+17)], 1 ; cmp byte [eax + 0x496b79], 1 je short loc_0044bcd5 ; je 0x44bcd5 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+17)], 2 ; cmp byte [eax + 0x496b79], 2 jne near loc_0044be0d ; jne 0x44be0d loc_0044bcd5: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+17)], 2 ; cmp byte [eax + 0x496b79], 2 jne near loc_0044be0f ; jne 0x44be0f mov dword [edx], 0xb jmp near loc_0044be0f ; jmp 0x44be0f loc_0044bcf4: mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] imul eax, ebx, 0x68 cmp byte [eax + (_players+17)], 1 ; cmp byte [eax + 0x496b79], 1 je short loc_0044bd16 ; je 0x44bd16 imul eax, ebx, 0x68 cmp byte [eax + (_players+17)], 2 ; cmp byte [eax + 0x496b79], 2 jne near loc_0044be0d ; jne 0x44be0d loc_0044bd16: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+17)], 1 ; cmp byte [eax + 0x496b79], 1 jne near loc_0044be0f ; jne 0x44be0f mov dword [edx], 0xa jmp near loc_0044be0f ; jmp 0x44be0f loc_0044bd35: mov esi, dword [_current_player] ; mov esi, dword [0x49910c] imul eax, esi, 0x68 cmp byte [eax + (_players+17)], 0 ; cmp byte [eax + 0x496b79], 0 je short loc_0044bd57 ; je 0x44bd57 imul eax, esi, 0x68 cmp byte [eax + (_players+17)], 1 ; cmp byte [eax + 0x496b79], 1 jne near loc_0044be0d ; jne 0x44be0d loc_0044bd57: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+17)], 1 ; cmp byte [eax + 0x496b79], 1 jne near loc_0044be0f ; jne 0x44be0f mov dword [edx], 0xd jmp near loc_0044be0f ; jmp 0x44be0f loc_0044bd76: mov bh, byte [eax + (_players+17)] ; mov bh, byte [eax + 0x496b79] test bh, bh je short loc_0044bd89 ; je 0x44bd89 cmp bh, 1 jne near loc_0044be0d ; jne 0x44be0d loc_0044bd89: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+17)], 0 ; cmp byte [eax + 0x496b79], 0 jne near loc_0044be0f ; jne 0x44be0f mov dword [edx], 0xc jmp near loc_0044be0f ; jmp 0x44be0f loc_0044bda8: mov cl, byte [eax + (_players+17)] ; mov cl, byte [eax + 0x496b79] cmp cl, 2 ja near loc_0044be0d ; ja 0x44be0d cmp cl, 1 jne short loc_0044bdc4 ; jne 0x44bdc4 loc_0044bdbc: mov dword [edx], 0xf jmp short loc_0044be0f ; jmp 0x44be0f loc_0044bdc4: cmp cl, 2 loc_0044bdc7: jne short loc_0044be0f ; jne 0x44be0f mov dword [edx], 0x10 jmp short loc_0044be0f ; jmp 0x44be0f loc_0044bdd1: mov ch, byte [eax + (_players+17)] ; mov ch, byte [eax + 0x496b79] cmp ch, 2 ja short loc_0044be0d ; ja 0x44be0d test ch, ch jne short loc_0044bde8 ; jne 0x44bde8 loc_0044bde0: mov dword [edx], 0xe jmp short loc_0044be0f ; jmp 0x44be0f loc_0044bde8: cmp ch, 2 jmp short loc_0044bdc7 ; jmp 0x44bdc7 loc_0044bded: mov bl, byte [eax + (_players+17)] ; mov bl, byte [eax + 0x496b79] cmp bl, 2 ja short loc_0044be0d ; ja 0x44be0d test bl, bl je short loc_0044bde0 ; je 0x44bde0 cmp bl, 1 jne short loc_0044be0f ; jne 0x44be0f jmp short loc_0044bdbc ; jmp 0x44bdbc loc_0044be03: cmp word [ref_004991b6], 0 ; cmp word [0x4991b6], 0 je short loc_0044be0f ; je 0x44be0f loc_0044be0d: xor edi, edi loc_0044be0f: mov eax, edi pop ebp pop edi pop esi pop ebx ret fcn_0044be16: push ebx push esi push edi sub esp, 0x400 cmp dword [esp + 0x410], 0 jne near loc_0044becf ; jne 0x44becf xor ebx, ebx mov eax, 1 loc_0044be34: cmp eax, dword [ref_00498e98] ; cmp eax, dword [0x498e98] jg short loc_0044be65 ; jg 0x44be65 imul edx, eax, 0x34 mov ecx, dword [ref_00498e84] ; mov ecx, dword [0x498e84] add edx, ecx xor ecx, ecx mov cl, byte [edx + 0x19] mov esi, dword [_current_player] ; mov esi, dword [0x49910c] inc esi cmp ecx, esi jne short loc_0044be62 ; jne 0x44be62 cmp byte [edx + 0x1a], 0 je short loc_0044be62 ; je 0x44be62 mov word [esp + ebx*2], ax inc ebx loc_0044be62: inc eax jmp short loc_0044be34 ; jmp 0x44be34 loc_0044be65: call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv ebx mov ax, word [esp + edx*2] and eax, 0xffff mov dword [ref_0048c5b0], eax ; mov dword [0x48c5b0], eax push 0 push 0x14a push 0x18 push ref_00465915 ; push 0x465915 mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x158 push 0x186 imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x24 push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 jmp near loc_0044bfa7 ; jmp 0x44bfa7 loc_0044becf: imul ebx, dword [ref_0048c5b0], 0x34 ; imul ebx, dword [0x48c5b0], 0x34 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add ebx, eax push 2 movsx eax, word [ebx + 2] push eax movsx eax, word [ebx] push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 1 call fcn_00409b18 ; call 0x409b18 add esp, 4 push 0xffff mov eax, dword [ref_0048c5b0] ; mov eax, dword [0x48c5b0] add eax, 0x7d0 push eax push 0x2f440 mov esi, dword [ref_00474938] ; mov esi, dword [0x474938] push esi call fcn_00456c0a ; call 0x456c0a add esp, 0x10 push 1 xor edx, edx mov dx, word [ebx + 0x1e] xor eax, eax mov al, byte [ebx + 0x1a] imul eax, edx push eax mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi call fcn_0041d3f4 ; call 0x41d3f4 add esp, 0xc mov byte [ebx + 0x1a], 0 mov byte [ebx + 0x18], 0 loc_0044bf46: call fcn_00451985 ; call 0x451985 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0x12c call fcn_004528b9 ; call 0x4528b9 add esp, 4 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov ebx, eax shl ebx, 3 add ebx, eax call clib_rand ; call 0x456f2d and eax, 1 mov edx, dword [ebx + eax*4 + ref_00480856] ; mov edx, dword [ebx + eax*4 + 0x480856] push edx push 2 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_0044bfa7: add esp, 0x400 pop edi pop esi pop ebx ret fcn_0044bfb1: push ebx push esi push edi sub esp, 0x400 cmp dword [esp + 0x410], 0 jne near loc_0044c067 ; jne 0x44c067 xor ebx, ebx mov eax, 1 loc_0044bfcf: cmp eax, dword [ref_00498e98] ; cmp eax, dword [0x498e98] jg short loc_0044c000 ; jg 0x44c000 imul edx, eax, 0x34 mov ecx, dword [ref_00498e84] ; mov ecx, dword [0x498e84] add edx, ecx xor ecx, ecx mov cl, byte [edx + 0x19] mov esi, dword [_current_player] ; mov esi, dword [0x49910c] inc esi cmp ecx, esi jne short loc_0044bffd ; jne 0x44bffd cmp byte [edx + 0x1a], 0 jne short loc_0044bffd ; jne 0x44bffd mov word [esp + ebx*2], ax inc ebx loc_0044bffd: inc eax jmp short loc_0044bfcf ; jmp 0x44bfcf loc_0044c000: call clib_rand ; call 0x456f2d mov edx, eax sar edx, 0x1f idiv ebx xor eax, eax mov ax, word [esp + edx*2] mov dword [ref_0048c5b0], eax ; mov dword [0x48c5b0], eax push 0 push 0x14a push 0x18 push ref_0046592b ; push 0x46592b mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x158 push 0x186 imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x24 push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 jmp near loc_0044bfa7 ; jmp 0x44bfa7 loc_0044c067: imul ebx, dword [ref_0048c5b0], 0x34 ; imul ebx, dword [0x48c5b0], 0x34 mov eax, dword [ref_00498e84] ; mov eax, dword [0x498e84] add ebx, eax push 2 movsx eax, word [ebx + 2] push eax movsx eax, word [ebx] push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 1 call fcn_00409b18 ; call 0x409b18 add esp, 4 push 0xffff mov eax, dword [ref_0048c5b0] ; mov eax, dword [0x48c5b0] add eax, 0x7d0 push eax push 0x2f440 mov esi, dword [ref_00474938] ; mov esi, dword [0x474938] push esi call fcn_00456c0a ; call 0x456c0a add esp, 0x10 push 1 xor eax, eax mov ax, word [ebx + 0x1c] push eax mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi call fcn_0041d3f4 ; call 0x41d3f4 add esp, 0xc mov byte [ebx + 0x19], 0 mov dword [ebx + 0x30], 0 push 0 call fcn_0040a4e1 ; call 0x40a4e1 add esp, 4 jmp near loc_0044bf46 ; jmp 0x44bf46 fcn_0044c0e8: push ebx push ebp sub esp, 0x80 cmp dword [esp + 0x8c], 0 jne near loc_0044c180 ; jne 0x44c180 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 sub eax, edx shl eax, 4 add eax, edx shl eax, 4 mov dword [ref_0048c5b4], eax ; mov dword [0x48c5b4], eax push eax push ref_00465941 ; push 0x465941 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x14a push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x158 push 0x186 imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x30 push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 jmp near loc_0044c220 ; jmp 0x44c220 loc_0044c180: push 1 push 0 call fcn_0044b896 ; call 0x44b896 add esp, 8 mov dword [ref_0048c5b0], eax ; mov dword [0x48c5b0], eax cmp eax, 1 jne short loc_0044c1b8 ; jne 0x44c1b8 push 3 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0x5dc push ref_0048c5b8 ; push 0x48c5b8 call fcn_00440cac ; call 0x440cac add esp, 8 jmp short loc_0044c220 ; jmp 0x44c220 loc_0044c1b8: cmp eax, 2 jne short loc_0044c1eb ; jne 0x44c1eb push 3 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0x5dc push ref_0048c5b8 ; push 0x48c5b8 call fcn_00440cac ; call 0x440cac add esp, 8 mov ecx, dword [ref_0048c5b4] ; mov ecx, dword [0x48c5b4] add ecx, ecx mov dword [ref_0048c5b4], ecx ; mov dword [0x48c5b4], ecx loc_0044c1eb: mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] imul eax, ebx, 0x68 mov edx, dword [ref_0048c5b4] ; mov edx, dword [0x48c5b4] add dword [eax + (_players+36)], edx ; add dword [eax + 0x496b8c], edx push ebx call fcn_00433b7e ; call 0x433b7e add esp, 4 push 0 mov ebp, dword [ref_0048c5b4] ; mov ebp, dword [0x48c5b4] push ebp mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_0044ba63 ; call 0x44ba63 add esp, 0xc loc_0044c220: add esp, 0x80 pop ebp pop ebx ret fcn_0044c229: mov edx, dword [esp + 4] test edx, edx jne short loc_0044c27c ; jne 0x44c27c push edx push 0x14a push 0x18 push ref_00465959 ; push 0x465959 mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x158 push 0x186 imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x30 push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 ret loc_0044c27c: push 1 push 0 call fcn_0044b896 ; call 0x44b896 add esp, 8 mov dword [ref_0048c5b0], eax ; mov dword [0x48c5b0], eax cmp eax, 1 jne short loc_0044c2b3 ; jne 0x44c2b3 push 3 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0x5dc push ref_0048c5b8 ; push 0x48c5b8 call fcn_00440cac ; call 0x440cac add esp, 8 ret loc_0044c2b3: imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 add byte [eax + (_players+59)], 0x1e ; add byte [eax + 0x496ba3], 0x1e ret fcn_0044c2c2: push ebx push edi sub esp, 0x88 cmp dword [esp + 0x94], 0 jne short loc_0044c342 ; jne 0x44c342 mov ecx, 0xa mov dword [ref_0048c5b0], ecx ; mov dword [0x48c5b0], ecx push ecx push ref_0046597a ; push 0x46597a lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x14a push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x158 push 0x186 imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x18 push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 jmp near loc_0044c3ae ; jmp 0x44c3ae loc_0044c342: fild dword [ref_0048c5b0] ; fild dword [0x48c5b0] fdiv dword [ref_004659a0] ; fdiv dword [0x4659a0] fstp dword [esp + 0x84] xor ebx, ebx loc_0044c357: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge short loc_0044c3ae ; jge 0x44c3ae mov edi, dword [_current_player] ; mov edi, dword [0x49910c] cmp ebx, edi je short loc_0044c3ab ; je 0x44c3ab imul eax, ebx, 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je short loc_0044c3ab ; je 0x44c3ab cmp dword [eax + (_players+32)], 0 ; cmp dword [eax + 0x496b88], 0 je short loc_0044c3ab ; je 0x44c3ab fild dword [eax + (_players+32)] ; fild dword [eax + 0x496b88] fmul dword [esp + 0x84] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x80] push 4 mov eax, dword [esp + 0x84] push eax push edi push ebx call fcn_0041d2c6 ; call 0x41d2c6 add esp, 0x10 loc_0044c3ab: inc ebx jmp short loc_0044c357 ; jmp 0x44c357 loc_0044c3ae: add esp, 0x88 pop edi pop ebx ret fcn_0044c3b7: push ebx push esi push edi push ebp sub esp, 0x94 mov edx, dword [esp + 0xa8] test edx, edx jne short loc_0044c41b ; jne 0x44c41b push edx push 0x14a push 0x18 push ref_004659a4 ; push 0x4659a4 mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x158 push 0x186 imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x3c push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 jmp near loc_0044c5cd ; jmp 0x44c5cd loc_0044c41b: xor ebx, ebx xor edi, edi loc_0044c41f: cmp ebx, dword [_nplayers] ; cmp ebx, dword [0x499114] jge near loc_0044c57b ; jge 0x44c57b cmp ebx, dword [_current_player] ; cmp ebx, dword [0x49910c] je near loc_0044c575 ; je 0x44c575 imul esi, ebx, 0x68 cmp byte [esi + (_players+21)], 0 ; cmp byte [esi + 0x496b7d], 0 je near loc_0044c575 ; je 0x44c575 push ebx call fcn_00441262 ; call 0x441262 add esp, 4 test eax, eax je near loc_0044c575 ; je 0x44c575 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 lea ebp, [edi + 1] mov dl, byte [eax + (_players+21)] ; mov dl, byte [eax + 0x496b7d] cmp dl, 1 jbe short loc_0044c48b ; jbe 0x44c48b push ebx call fcn_00441e77 ; call 0x441e77 add esp, 4 push eax mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] push ecx call fcn_004412e4 ; call 0x4412e4 add esp, 8 jmp near loc_0044c573 ; jmp 0x44c573 loc_0044c48b: jne near loc_0044c575 ; jne 0x44c575 push 0 push 3 push 0x101010 push 0xf0f0f0 push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edi, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edi + 0x64] ; ucall mov edi, dword [esi + (_players+0)] ; mov edi, dword [esi + 0x496b68] push edi lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 lea eax, [esp + 0x80] push eax push ref_004659c9 ; push 0x4659c9 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0xa push 0x18 lea eax, [esp + 0xc] push eax push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov esi, dword [eax] push 0 push eax call dword [esi + 0x80] ; ucall push 0 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax push ebx call fcn_0044192a ; call 0x44192a add esp, 0xc mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov esi, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [esi + 0x64] ; ucall push 0x28 push 0x1b8 push 0 push 0 push 0 push 0 mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov esi, dword [eax] push 0 push eax call dword [esi + 0x80] ; ucall loc_0044c573: mov edi, ebp loc_0044c575: inc ebx jmp near loc_0044c41f ; jmp 0x44c41f loc_0044c57b: test edi, edi je short loc_0044c5cd ; je 0x44c5cd push 3 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 mov ebx, eax shl eax, 3 add ebx, eax call clib_rand ; call 0x456f2d and eax, 1 mov ebp, dword [ebx + eax*4 + ref_0048084a] ; mov ebp, dword [ebx + eax*4 + 0x48084a] push ebp push 0 mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_0044c5cd: add esp, 0x94 pop ebp pop edi pop esi pop ebx ret fcn_0044c5d8: push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x90], 0 jne short loc_0044c658 ; jne 0x44c658 mov eax, 3 mov dword [ref_0048c5b4], eax ; mov dword [0x48c5b4], eax push eax push ref_004659d8 ; push 0x4659d8 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x14a push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x158 push 0x186 imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x24 push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 jmp near loc_0044d3d1 ; jmp 0x44d3d1 loc_0044c658: push 1 push 1 call fcn_0044b896 ; call 0x44b896 add esp, 8 mov dword [ref_0048c5b0], eax ; mov dword [0x48c5b0], eax push 3 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov ecx, dword [ref_0048c5b0] ; mov ecx, dword [0x48c5b0] cmp ecx, 1 jne short loc_0044c699 ; jne 0x44c699 push 0x5dc push ref_0048c5b8 ; push 0x48c5b8 call fcn_00440cac ; call 0x440cac add esp, 8 jmp near loc_0044d3d1 ; jmp 0x44d3d1 loc_0044c699: cmp ecx, 2 jne short loc_0044c6be ; jne 0x44c6be push 0x5dc push ref_0048c5b8 ; push 0x48c5b8 call fcn_00440cac ; call 0x440cac add esp, 8 mov esi, dword [ref_0048c5b4] ; mov esi, dword [0x48c5b4] add esi, esi mov dword [ref_0048c5b4], esi ; mov dword [0x48c5b4], esi loc_0044c6be: mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi call fcn_00441210 ; call 0x441210 add esp, 4 cmp eax, 0xffffffff je near loc_0044d3d1 ; je 0x44d3d1 push 0 loc_0044c6d8: mov ebp, dword [ref_0048c5b4] ; mov ebp, dword [0x48c5b4] push ebp push eax call fcn_0040d375 ; call 0x40d375 add esp, 0xc jmp near loc_0044d3d1 ; jmp 0x44d3d1 fcn_0044c6ed: push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x90], 0 jne short loc_0044c76d ; jne 0x44c76d mov eax, 3 mov dword [ref_0048c5b4], eax ; mov dword [0x48c5b4], eax push eax push ref_004659ee ; push 0x4659ee lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x14a push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x158 push 0x186 imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x30 push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 jmp near loc_0044d3d1 ; jmp 0x44d3d1 loc_0044c76d: push 1 push 1 call fcn_0044b896 ; call 0x44b896 add esp, 8 mov dword [ref_0048c5b0], eax ; mov dword [0x48c5b0], eax push 3 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov ecx, dword [ref_0048c5b0] ; mov ecx, dword [0x48c5b0] cmp ecx, 1 jne short loc_0044c7ab ; jne 0x44c7ab push 0x5dc push ref_0048c5b8 ; push 0x48c5b8 call fcn_00440cac ; call 0x440cac jmp near loc_0044d2e2 ; jmp 0x44d2e2 loc_0044c7ab: cmp ecx, 2 jne short loc_0044c7d0 ; jne 0x44c7d0 push 0x5dc push ref_0048c5b8 ; push 0x48c5b8 call fcn_00440cac ; call 0x440cac add esp, 8 mov esi, dword [ref_0048c5b4] ; mov esi, dword [0x48c5b4] add esi, esi mov dword [ref_0048c5b4], esi ; mov dword [0x48c5b4], esi loc_0044c7d0: mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi call fcn_00441210 ; call 0x441210 add esp, 4 cmp eax, 0xffffffff je near loc_0044d3d1 ; je 0x44d3d1 push 1 jmp near loc_0044c6d8 ; jmp 0x44c6d8 fcn_0044c7ef: push ebx push esi push edi sub esp, 0x88 cmp dword [esp + 0x98], 0 jne short loc_0044c870 ; jne 0x44c870 mov ecx, 0xa mov dword [ref_0048c5b4], ecx ; mov dword [0x48c5b4], ecx push ecx push ref_00465a04 ; push 0x465a04 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x14a push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x158 push 0x186 imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x30 push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 jmp near loc_0044c915 ; jmp 0x44c915 loc_0044c870: push 1 push 0 call fcn_0044b896 ; call 0x44b896 add esp, 8 mov dword [ref_0048c5b0], eax ; mov dword [0x48c5b0], eax cmp eax, 1 jne short loc_0044c8a8 ; jne 0x44c8a8 push 3 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0x5dc push ref_0048c5b8 ; push 0x48c5b8 call fcn_00440cac ; call 0x440cac add esp, 8 jmp short loc_0044c915 ; jmp 0x44c915 loc_0044c8a8: xor ebx, ebx loc_0044c8aa: fild dword [ref_0048c5b4] ; fild dword [0x48c5b4] fdiv dword [ref_00465a24] ; fdiv dword [0x465a24] fstp dword [esp + 0x84] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 5 mov eax, ebx fild dword [edx + eax*8 + _player_stocks] ; fild dword [edx + eax*8 + 0x4971a0] fmul dword [esp + 0x84] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x80] push 0 mov esi, dword [esp + 0x84] push esi push ebx mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi call fcn_00428e23 ; call 0x428e23 add esp, 0x10 inc ebx cmp ebx, 0xc jl short loc_0044c8aa ; jl 0x44c8aa push 0 call fcn_00436b0a ; call 0x436b0a add esp, 4 loc_0044c915: add esp, 0x88 pop edi pop esi pop ebx ret fcn_0044c91f: push ebx push esi push ebp mov edx, dword [esp + 0x10] test edx, edx jne short loc_0044c978 ; jne 0x44c978 push edx push 0x14a push 0x18 push ref_00465a28 ; push 0x465a28 mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x158 push 0x186 imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x24 push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 pop ebp pop esi pop ebx ret loc_0044c978: push 1 push 0 call fcn_0044b896 ; call 0x44b896 add esp, 8 mov dword [ref_0048c5b0], eax ; mov dword [0x48c5b0], eax push 3 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc cmp dword [ref_0048c5b0], 1 ; cmp dword [0x48c5b0], 1 jne short loc_0044c9b6 ; jne 0x44c9b6 push 0x5dc push ref_0048c5b8 ; push 0x48c5b8 call fcn_00440cac ; call 0x440cac add esp, 8 pop ebp pop esi pop ebx ret loc_0044c9b6: xor ebx, ebx jmp short loc_0044c9c0 ; jmp 0x44c9c0 loc_0044c9ba: inc ebx cmp ebx, 0xc jge short loc_0044c9f6 ; jge 0x44c9f6 loc_0044c9c0: mov edx, dword [_current_player] ; mov edx, dword [0x49910c] mov eax, edx shl eax, 2 sub eax, edx shl eax, 5 mov edx, ebx shl edx, 3 add eax, edx mov esi, dword [eax + _player_stocks] ; mov esi, dword [eax + 0x4971a0] test esi, esi je short loc_0044c9ba ; je 0x44c9ba push 1 push esi push ebx mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp call fcn_00428e23 ; call 0x428e23 add esp, 0x10 jmp short loc_0044c9ba ; jmp 0x44c9ba loc_0044c9f6: mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_0041d433 ; call 0x41d433 add esp, 4 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov ecx, dword [edx + eax*8 + ref_0048085e] ; mov ecx, dword [edx + eax*8 + 0x48085e] push ecx push 2 mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc push 0 call fcn_00436b0a ; call 0x436b0a add esp, 4 pop ebp pop esi pop ebx ret fcn_0044ca46: push ebx push edi push ebp mov edx, dword [esp + 0x10] test edx, edx jne short loc_0044ca9f ; jne 0x44ca9f push edx push 0x14a push 0x18 push ref_00465a3e ; push 0x465a3e mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x158 push 0x186 imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x30 push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 pop ebp pop edi pop ebx ret loc_0044ca9f: push 1 push 1 call fcn_0044b896 ; call 0x44b896 add esp, 8 mov dword [ref_0048c5b0], eax ; mov dword [0x48c5b0], eax cmp eax, 1 jne short loc_0044cad9 ; jne 0x44cad9 push 3 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc push 0x5dc push ref_0048c5b8 ; push 0x48c5b8 call fcn_00440cac ; call 0x440cac add esp, 8 pop ebp pop edi pop ebx ret loc_0044cad9: mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] imul eax, ecx, 0x68 xor dl, dl mov byte [eax + (_players+17)], dl ; mov byte [eax + 0x496b79], dl mov byte [eax + (_players+18)], 1 ; mov byte [eax + 0x496b7a], 1 push ecx call fcn_0040b93b ; call 0x40b93b add esp, 4 push 3 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov ebx, eax shl ebx, 3 add ebx, eax call clib_rand ; call 0x456f2d and eax, 1 mov edi, dword [ebx + eax*4 + ref_00480856] ; mov edi, dword [ebx + eax*4 + 0x480856] push edi push 2 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc inc byte [ref_00497324] ; inc byte [0x497324] pop ebp pop edi pop ebx ret fcn_0044cb53: push ebx push edi push ebp mov edx, dword [esp + 0x10] test edx, edx jne short loc_0044cbac ; jne 0x44cbac push edx push 0x14a push 0x18 push ref_00465a50 ; push 0x465a50 mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x158 push 0x186 imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x30 push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 pop ebp pop edi pop ebx ret loc_0044cbac: push 1 push 1 call fcn_0044b896 ; call 0x44b896 add esp, 8 mov dword [ref_0048c5b0], eax ; mov dword [0x48c5b0], eax push 3 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc cmp dword [ref_0048c5b0], 1 ; cmp dword [0x48c5b0], 1 jne short loc_0044cbea ; jne 0x44cbea push 0x5dc push ref_0048c5b8 ; push 0x48c5b8 call fcn_00440cac ; call 0x440cac add esp, 8 pop ebp pop edi pop ebx ret loc_0044cbea: mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] imul eax, ebx, 0x68 xor dl, dl mov byte [eax + (_players+17)], dl ; mov byte [eax + 0x496b79], dl mov byte [eax + (_players+18)], 1 ; mov byte [eax + 0x496b7a], 1 push ebx call fcn_0040b93b ; call 0x40b93b add esp, 4 push 1 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov edi, dword [_current_player] ; mov edi, dword [0x49910c] imul eax, edi, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov ebp, dword [edx + eax*8 + ref_00480856] ; mov ebp, dword [edx + eax*8 + 0x480856] push ebp push 2 push edi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc inc byte [ref_00497325] ; inc byte [0x497325] pop ebp pop edi pop ebx ret fcn_0044cc53: push ebx push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x94], 0 jne short loc_0044ccd4 ; jne 0x44ccd4 mov eax, 3 mov dword [ref_0048c5b4], eax ; mov dword [0x48c5b4], eax push eax push ref_00465a66 ; push 0x465a66 loc_0044cc77: lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x14a push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x158 push 0x186 imul ebx, dword [_current_player], 0x34 ; imul ebx, dword [0x49910c], 0x34 mov eax, dword [ebx + ref_00498eb0] ; mov eax, dword [ebx + 0x498eb0] add eax, 0x30 push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 jmp near loc_0044d800 ; jmp 0x44d800 loc_0044ccd4: push 1 push 1 call fcn_0044b896 ; call 0x44b896 add esp, 8 mov dword [ref_0048c5b0], eax ; mov dword [0x48c5b0], eax push 3 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov ecx, dword [ref_0048c5b0] ; mov ecx, dword [0x48c5b0] cmp ecx, 1 jne short loc_0044cd15 ; jne 0x44cd15 push 0x5dc push ref_0048c5b8 ; push 0x48c5b8 call fcn_00440cac ; call 0x440cac loc_0044cd0d: add esp, 8 jmp near loc_0044d800 ; jmp 0x44d800 loc_0044cd15: cmp ecx, 2 jne short loc_0044cd3a ; jne 0x44cd3a push 0x5dc push ref_0048c5b8 ; push 0x48c5b8 call fcn_00440cac ; call 0x440cac add esp, 8 mov esi, dword [ref_0048c5b4] ; mov esi, dword [0x48c5b4] add esi, esi mov dword [ref_0048c5b4], esi ; mov dword [0x48c5b4], esi loc_0044cd3a: mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi call fcn_00441210 ; call 0x441210 mov ebx, eax add esp, 4 cmp eax, 0xffffffff je near loc_0044d800 ; je 0x44d800 push eax call fcn_0040cd07 ; call 0x40cd07 add esp, 4 mov ebp, dword [ref_0048c5b4] ; mov ebp, dword [0x48c5b4] push ebp push ebx call fcn_0043ec3f ; call 0x43ec3f jmp short loc_0044cd0d ; jmp 0x44cd0d fcn_0044cd6c: push ebx push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x94], 0 jne near loc_0044ccd4 ; jne 0x44ccd4 mov eax, 3 mov dword [ref_0048c5b4], eax ; mov dword [0x48c5b4], eax push eax push ref_00465a7c ; push 0x465a7c jmp near loc_0044cc77 ; jmp 0x44cc77 fcn_0044cd99: push ebx push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x94], 0 jne near loc_0044ce35 ; jne 0x44ce35 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov dword [ref_0048c5b4], eax ; mov dword [0x48c5b4], eax push eax push ref_00465a94 ; push 0x465a94 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x14a push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x158 push 0x186 imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x24 push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 jmp near loc_0044d800 ; jmp 0x44d800 loc_0044ce35: push 1 push 0 call fcn_0044b896 ; call 0x44b896 add esp, 8 mov dword [ref_0048c5b0], eax ; mov dword [0x48c5b0], eax push 3 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov ecx, dword [ref_0048c5b0] ; mov ecx, dword [0x48c5b0] cmp ecx, 1 jne short loc_0044ce8b ; jne 0x44ce8b push 0x5dc push ref_0048c5b8 ; push 0x48c5b8 call fcn_00440cac ; call 0x440cac add esp, 8 mov ebp, dword [ref_0048c5b4] ; mov ebp, dword [0x48c5b4] push ebp mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_0044f567 ; call 0x44f567 add esp, 8 jmp near loc_0044d800 ; jmp 0x44d800 loc_0044ce8b: cmp ecx, 2 jne short loc_0044ceb0 ; jne 0x44ceb0 push 0x5dc push ref_0048c5b8 ; push 0x48c5b8 call fcn_00440cac ; call 0x440cac add esp, 8 mov esi, dword [ref_0048c5b4] ; mov esi, dword [0x48c5b4] add esi, esi mov dword [ref_0048c5b4], esi ; mov dword [0x48c5b4], esi loc_0044ceb0: push 0 mov edi, dword [ref_0048c5b4] ; mov edi, dword [0x48c5b4] push edi push 0xffffffffffffffff mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp loc_0044cec2: call fcn_0041d2c6 ; call 0x41d2c6 add esp, 0x10 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+21)], 0 ; cmp byte [eax + 0x496b7d], 0 je near loc_0044d800 ; je 0x44d800 cmp byte [ref_0046caf8], 0 ; cmp byte [0x46caf8], 0 jne near loc_0044d800 ; jne 0x44d800 mov ecx, dword [ref_0048c5b4] ; mov ecx, dword [0x48c5b4] push ecx mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_0044f42d ; call 0x44f42d add esp, 8 push 1 mov esi, dword [ref_0048c5b4] ; mov esi, dword [0x48c5b4] push esi mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi call fcn_0044ba63 ; call 0x44ba63 add esp, 0xc jmp near loc_0044d800 ; jmp 0x44d800 fcn_0044cf1e: push ebx push esi push edi push ebp sub esp, 0x80 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+17)], 0 ; cmp byte [eax + 0x496b79], 0 jne short loc_0044cf4d ; jne 0x44cf4d mov ebx, dword [esp + 0x94] push ebx call fcn_0044cc53 ; call 0x44cc53 add esp, 4 jmp near loc_0044d800 ; jmp 0x44d800 loc_0044cf4d: cmp dword [esp + 0x94], 0 jne near loc_0044cfdf ; jne 0x44cfdf mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov dword [ref_0048c5b4], eax ; mov dword [0x48c5b4], eax push eax push ref_00465aae ; push 0x465aae loc_0044cf82: lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x14a push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x158 push 0x186 imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x24 push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 jmp near loc_0044d800 ; jmp 0x44d800 loc_0044cfdf: push 1 push 0 call fcn_0044b896 ; call 0x44b896 add esp, 8 mov dword [ref_0048c5b0], eax ; mov dword [0x48c5b0], eax push 3 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov ebx, dword [ref_0048c5b0] ; mov ebx, dword [0x48c5b0] cmp ebx, 1 jne short loc_0044d032 ; jne 0x44d032 loc_0044d009: push 0x5dc push ref_0048c5b8 ; push 0x48c5b8 call fcn_00440cac ; call 0x440cac add esp, 8 mov ebp, dword [ref_0048c5b4] ; mov ebp, dword [0x48c5b4] push ebp mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax call fcn_0044f567 ; call 0x44f567 jmp near loc_0044d8c7 ; jmp 0x44d8c7 loc_0044d032: cmp ebx, 2 jne short loc_0044d057 ; jne 0x44d057 push 0x5dc push ref_0048c5b8 ; push 0x48c5b8 call fcn_00440cac ; call 0x440cac add esp, 8 mov edi, dword [ref_0048c5b4] ; mov edi, dword [0x48c5b4] add edi, edi mov dword [ref_0048c5b4], edi ; mov dword [0x48c5b4], edi loc_0044d057: push 0 mov ebp, dword [ref_0048c5b4] ; mov ebp, dword [0x48c5b4] push ebp push 0xffffffffffffffff mov eax, dword [_current_player] ; mov eax, dword [0x49910c] push eax jmp near loc_0044cec2 ; jmp 0x44cec2 fcn_0044d06d: push ebx push esi push edi push ebp sub esp, 0x80 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 cmp byte [eax + (_players+17)], 0 ; cmp byte [eax + 0x496b79], 0 jne short loc_0044d09c ; jne 0x44d09c mov ebx, dword [esp + 0x94] push ebx call fcn_0044cc53 ; call 0x44cc53 add esp, 4 jmp near loc_0044d800 ; jmp 0x44d800 loc_0044d09c: cmp dword [esp + 0x94], 0 jne near loc_0044cfdf ; jne 0x44cfdf mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov dword [ref_0048c5b4], eax ; mov dword [0x48c5b4], eax push eax push ref_00465acd ; push 0x465acd jmp near loc_0044cf82 ; jmp 0x44cf82 fcn_0044d0d6: push ebx push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x94], 0 jne near loc_0044d172 ; jne 0x44d172 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 4 mov edx, eax shl eax, 4 sub eax, edx mov dword [ref_0048c5b4], eax ; mov dword [0x48c5b4], eax push eax push ref_00465ae3 ; push 0x465ae3 loc_0044d115: lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x14a push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x158 push 0x186 imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x30 push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 jmp near loc_0044d800 ; jmp 0x44d800 loc_0044d172: push 1 push 0 call fcn_0044b896 ; call 0x44b896 add esp, 8 mov dword [ref_0048c5b0], eax ; mov dword [0x48c5b0], eax push 3 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov ecx, dword [ref_0048c5b0] ; mov ecx, dword [0x48c5b0] cmp ecx, 1 jne near loc_0044ce8b ; jne 0x44ce8b jmp near loc_0044d009 ; jmp 0x44d009 fcn_0044d1a5: push ebx push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x94], 0 jne short loc_0044d172 ; jne 0x44d172 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov dword [ref_0048c5b4], eax ; mov dword [0x48c5b4], eax push eax push ref_00465b00 ; push 0x465b00 jmp near loc_0044d115 ; jmp 0x44d115 fcn_0044d1e0: push ebx push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x94], 0 jne near loc_0044d172 ; jne 0x44d172 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 2 mov edx, eax shl eax, 4 sub eax, edx mov dword [ref_0048c5b4], eax ; mov dword [0x48c5b4], eax push eax push ref_00465b16 ; push 0x465b16 jmp near loc_0044cf82 ; jmp 0x44cf82 fcn_0044d224: push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x90], 0 jne short loc_0044d2a9 ; jne 0x44d2a9 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 3 mov edx, eax shl eax, 2 add eax, edx mov dword [ref_0048c5b4], eax ; mov dword [0x48c5b4], eax push eax push ref_00465b35 ; push 0x465b35 loc_0044d25e: lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x14a push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x158 push 0x186 imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x18 jmp near loc_0044d3bf ; jmp 0x44d3bf loc_0044d2a9: push 0 push 0 call fcn_0044b896 ; call 0x44b896 add esp, 8 mov dword [ref_0048c5b0], eax ; mov dword [0x48c5b0], eax push 3 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov ecx, dword [ref_0048c5b0] ; mov ecx, dword [0x48c5b0] cmp ecx, 1 jne short loc_0044d2ea ; jne 0x44d2ea push 0x5dc push ref_0048c5b8 ; push 0x48c5b8 call fcn_00440cac ; call 0x440cac loc_0044d2e2: add esp, 8 jmp near loc_0044d3d1 ; jmp 0x44d3d1 loc_0044d2ea: cmp ecx, 2 jne short loc_0044d30f ; jne 0x44d30f push 0x5dc push ref_0048c5b8 ; push 0x48c5b8 call fcn_00440cac ; call 0x440cac add esp, 8 mov esi, dword [ref_0048c5b4] ; mov esi, dword [0x48c5b4] add esi, esi mov dword [ref_0048c5b4], esi ; mov dword [0x48c5b4], esi loc_0044d30f: push 1 mov edi, dword [ref_0048c5b4] ; mov edi, dword [0x48c5b4] push edi mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] push ebp call fcn_0041d3f4 ; call 0x41d3f4 add esp, 0xc mov eax, dword [ref_0048c5b4] ; mov eax, dword [0x48c5b4] push eax mov edx, dword [_current_player] ; mov edx, dword [0x49910c] push edx call fcn_0044f354 ; call 0x44f354 jmp short loc_0044d2e2 ; jmp 0x44d2e2 fcn_0044d33b: push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x90], 0 jne near loc_0044d2a9 ; jne 0x44d2a9 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 4 mov edx, eax shl eax, 2 add eax, edx mov dword [ref_0048c5b4], eax ; mov dword [0x48c5b4], eax push eax push ref_00465b49 ; push 0x465b49 loc_0044d379: lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x14a push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x158 push 0x186 imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x3c loc_0044d3bf: push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 loc_0044d3d1: add esp, 0x80 pop ebp pop edi pop esi ret fcn_0044d3db: push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x90], 0 jne near loc_0044d2a9 ; jne 0x44d2a9 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 3 mov edx, eax shl eax, 4 sub eax, edx mov dword [ref_0048c5b4], eax ; mov dword [0x48c5b4], eax push eax push ref_00465b5d ; push 0x465b5d jmp near loc_0044d379 ; jmp 0x44d379 fcn_0044d41e: push ebx push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x94], 0 jne near loc_0044d172 ; jne 0x44d172 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 3 mov edx, eax shl eax, 2 add eax, edx mov dword [ref_0048c5b4], eax ; mov dword [0x48c5b4], eax push eax push ref_00465b71 ; push 0x465b71 jmp near loc_0044cf82 ; jmp 0x44cf82 fcn_0044d462: push ebx push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x94], 0 jne near loc_0044d172 ; jne 0x44d172 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 4 mov edx, eax shl eax, 2 add eax, edx mov dword [ref_0048c5b4], eax ; mov dword [0x48c5b4], eax push eax push ref_00465b87 ; push 0x465b87 jmp near loc_0044d115 ; jmp 0x44d115 fcn_0044d4a6: push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x90], 0 jne near loc_0044d2a9 ; jne 0x44d2a9 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 sub eax, edx shl eax, 4 add eax, edx shl eax, 4 mov dword [ref_0048c5b4], eax ; mov dword [0x48c5b4], eax push eax push ref_00465b9d ; push 0x465b9d jmp near loc_0044d379 ; jmp 0x44d379 fcn_0044d4e7: push ebx push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x94], 0 jne near loc_0044d172 ; jne 0x44d172 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 6 mov edx, eax shl eax, 2 add eax, edx mov dword [ref_0048c5b4], eax ; mov dword [0x48c5b4], eax push eax push ref_00465bb3 ; push 0x465bb3 jmp near loc_0044d115 ; jmp 0x44d115 fcn_0044d52b: push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x90], 0 jne near loc_0044d2a9 ; jne 0x44d2a9 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 5 mov edx, eax shl eax, 2 add eax, edx mov dword [ref_0048c5b4], eax ; mov dword [0x48c5b4], eax push eax push ref_00465bc7 ; push 0x465bc7 jmp near loc_0044d25e ; jmp 0x44d25e fcn_0044d56e: push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x90], 0 jne near loc_0044d2a9 ; jne 0x44d2a9 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 4 mov edx, eax shl eax, 4 sub eax, edx mov dword [ref_0048c5b4], eax ; mov dword [0x48c5b4], eax push eax push ref_00465bd9 ; push 0x465bd9 jmp near loc_0044d379 ; jmp 0x44d379 fcn_0044d5b1: push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x90], 0 jne near loc_0044d2a9 ; jne 0x44d2a9 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 6 mov edx, eax shl eax, 2 add eax, edx mov dword [ref_0048c5b4], eax ; mov dword [0x48c5b4], eax push eax push ref_00465beb ; push 0x465beb jmp near loc_0044d379 ; jmp 0x44d379 fcn_0044d5f4: push ebx push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x94], 0 jne near loc_0044d172 ; jne 0x44d172 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 sub eax, edx shl eax, 4 add eax, edx shl eax, 3 mov dword [ref_0048c5b4], eax ; mov dword [0x48c5b4], eax push eax push ref_00465bfd ; push 0x465bfd jmp near loc_0044cf82 ; jmp 0x44cf82 fcn_0044d636: push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x90], 0 jne near loc_0044d2a9 ; jne 0x44d2a9 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 sub eax, edx shl eax, 4 add eax, edx shl eax, 3 mov dword [ref_0048c5b4], eax ; mov dword [0x48c5b4], eax push eax push ref_00465c0f ; push 0x465c0f jmp near loc_0044d379 ; jmp 0x44d379 fcn_0044d677: push ebx push esi push ebp mov edx, dword [esp + 0x10] test edx, edx jne short loc_0044d6d0 ; jne 0x44d6d0 push edx push 0x14a push 0x18 push ref_00465c23 ; push 0x465c23 mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x158 push 0x186 imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x24 push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 pop ebp pop esi pop ebx ret loc_0044d6d0: push 1 push 1 call fcn_0044b896 ; call 0x44b896 add esp, 8 mov dword [ref_0048c5b0], eax ; mov dword [0x48c5b0], eax push 3 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc cmp dword [ref_0048c5b0], 1 ; cmp dword [0x48c5b0], 1 jne short loc_0044d70e ; jne 0x44d70e push 0x5dc push ref_0048c5b8 ; push 0x48c5b8 call fcn_00440cac ; call 0x440cac add esp, 8 pop ebp pop esi pop ebx ret loc_0044d70e: mov esi, dword [_current_player] ; mov esi, dword [0x49910c] imul ebx, esi, 0x68 push esi call fcn_00445b3f ; call 0x445b3f add esp, 4 add word [ebx + (_players+48)], ax ; add word [ebx + 0x496b98], ax mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] imul ebx, ebp, 0x68 push ebp call fcn_00441f21 ; call 0x441f21 add esp, 4 add word [ebx + (_players+48)], ax ; add word [ebx + 0x496b98], ax mov edx, dword [_current_player] ; mov edx, dword [0x49910c] push edx call fcn_0041d433 ; call 0x41d433 add esp, 4 mov ecx, dword [_current_player] ; mov ecx, dword [0x49910c] imul eax, ecx, 0x68 xor ebx, ebx mov bl, byte [eax + (_players+19)] ; mov bl, byte [eax + 0x496b7b] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 mov ebx, eax mov esi, dword [ebx + eax*8 + ref_00480856] ; mov esi, dword [ebx + eax*8 + 0x480856] push esi push 2 push ecx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc pop ebp pop esi pop ebx ret fcn_0044d783: push ebx push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x94], 0 jne short loc_0044d80b ; jne 0x44d80b mov esi, 3 mov dword [ref_0048c5b4], esi ; mov dword [0x48c5b4], esi push esi push ref_00465c39 ; push 0x465c39 loc_0044d7a8: lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0x14a push 0x18 lea eax, [esp + 0xc] push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 0x158 push 0x186 imul eax, dword [_current_player], 0x34 ; imul eax, dword [0x49910c], 0x34 mov eax, dword [eax + ref_00498eb0] ; mov eax, dword [eax + 0x498eb0] add eax, 0x30 push eax mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_004562a5 ; call 0x4562a5 add esp, 0x10 loc_0044d800: add esp, 0x80 pop ebp pop edi pop esi pop ebx ret loc_0044d80b: push 1 push 1 call fcn_0044b896 ; call 0x44b896 add esp, 8 mov dword [ref_0048c5b0], eax ; mov dword [0x48c5b0], eax push 3 push 0 push 0 call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov ecx, dword [ref_0048c5b0] ; mov ecx, dword [0x48c5b0] cmp ecx, 1 jne short loc_0044d87d ; jne 0x44d87d push 0x5dc push ref_0048c5b8 ; push 0x48c5b8 call fcn_00440cac ; call 0x440cac add esp, 8 imul eax, dword [_current_player], 0x68 ; imul eax, dword [0x49910c], 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov ecx, dword [edx + eax*8 + ref_0048084a] ; mov ecx, dword [edx + eax*8 + 0x48084a] push ecx push 0 mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] push ebx call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc jmp short loc_0044d800 ; jmp 0x44d800 loc_0044d87d: cmp ecx, 2 jne short loc_0044d8a2 ; jne 0x44d8a2 push 0x5dc push ref_0048c5b8 ; push 0x48c5b8 call fcn_00440cac ; call 0x440cac add esp, 8 mov esi, dword [ref_0048c5b4] ; mov esi, dword [0x48c5b4] add esi, esi mov dword [ref_0048c5b4], esi ; mov dword [0x48c5b4], esi loc_0044d8a2: mov edi, dword [_current_player] ; mov edi, dword [0x49910c] push edi call fcn_00441210 ; call 0x441210 add esp, 4 cmp eax, 0xffffffff je near loc_0044d800 ; je 0x44d800 mov ebp, dword [ref_0048c5b4] ; mov ebp, dword [0x48c5b4] push ebp push eax call fcn_0043d593 ; call 0x43d593 loc_0044d8c7: add esp, 8 jmp near loc_0044d800 ; jmp 0x44d800 fcn_0044d8cf: push ebx push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x94], 0 jne near loc_0044d80b ; jne 0x44d80b mov esi, 5 mov dword [ref_0048c5b4], esi ; mov dword [0x48c5b4], esi push esi push ref_00465c53 ; push 0x465c53 jmp near loc_0044d7a8 ; jmp 0x44d7a8 fcn_0044d8fd: push ebx push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x94], 0 jne near loc_0044d80b ; jne 0x44d80b mov esi, 7 mov dword [ref_0048c5b4], esi ; mov dword [0x48c5b4], esi push esi push ref_00465c69 ; push 0x465c69 jmp near loc_0044d7a8 ; jmp 0x44d7a8 fcn_0044d92b: push ebx push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x94], 0 jne near loc_0044d80b ; jne 0x44d80b mov esi, 9 mov dword [ref_0048c5b4], esi ; mov dword [0x48c5b4], esi push esi push ref_00465c7f ; push 0x465c7f jmp near loc_0044d7a8 ; jmp 0x44d7a8 fcn_0044d959: push ebx push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x94], 0 jne near loc_0044d80b ; jne 0x44d80b mov esi, 3 mov dword [ref_0048c5b4], esi ; mov dword [0x48c5b4], esi push esi push ref_00465c97 ; push 0x465c97 jmp near loc_0044d7a8 ; jmp 0x44d7a8 fcn_0044d987: push ebx push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x94], 0 jne near loc_0044d80b ; jne 0x44d80b mov esi, 5 mov dword [ref_0048c5b4], esi ; mov dword [0x48c5b4], esi push esi push ref_00465cb1 ; push 0x465cb1 jmp near loc_0044d7a8 ; jmp 0x44d7a8 fcn_0044d9b5: push ebx push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x94], 0 jne near loc_0044d80b ; jne 0x44d80b mov esi, 7 mov dword [ref_0048c5b4], esi ; mov dword [0x48c5b4], esi push esi push ref_00465ccb ; push 0x465ccb jmp near loc_0044d7a8 ; jmp 0x44d7a8 fcn_0044d9e3: push ebx push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x94], 0 jne near loc_0044d80b ; jne 0x44d80b mov esi, 9 mov dword [ref_0048c5b4], esi ; mov dword [0x48c5b4], esi push esi push ref_00465ce5 ; push 0x465ce5 jmp near loc_0044d7a8 ; jmp 0x44d7a8 fcn_0044da11: push ebx push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x94], 0 jne near loc_0044d80b ; jne 0x44d80b mov esi, 3 mov dword [ref_0048c5b4], esi ; mov dword [0x48c5b4], esi push esi push ref_00465cfb ; push 0x465cfb jmp near loc_0044d7a8 ; jmp 0x44d7a8 fcn_0044da3f: push ebx push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x94], 0 jne near loc_0044d80b ; jne 0x44d80b mov esi, 5 mov dword [ref_0048c5b4], esi ; mov dword [0x48c5b4], esi push esi push ref_00465d17 ; push 0x465d17 jmp near loc_0044d7a8 ; jmp 0x44d7a8 fcn_0044da6d: push ebx push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x94], 0 jne near loc_0044d80b ; jne 0x44d80b mov esi, 7 mov dword [ref_0048c5b4], esi ; mov dword [0x48c5b4], esi push esi push ref_00465d2d ; push 0x465d2d jmp near loc_0044d7a8 ; jmp 0x44d7a8 fcn_0044da9b: push ebx push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x94], 0 jne near loc_0044d80b ; jne 0x44d80b mov esi, 9 mov dword [ref_0048c5b4], esi ; mov dword [0x48c5b4], esi push esi push ref_00465d43 ; push 0x465d43 jmp near loc_0044d7a8 ; jmp 0x44d7a8 fcn_0044dac9: push ebx push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x94], 0 jne near loc_0044d80b ; jne 0x44d80b mov esi, 3 mov dword [ref_0048c5b4], esi ; mov dword [0x48c5b4], esi push esi push ref_00465d59 ; push 0x465d59 jmp near loc_0044d7a8 ; jmp 0x44d7a8 fcn_0044daf7: push ebx push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x94], 0 jne near loc_0044d80b ; jne 0x44d80b mov esi, 5 mov dword [ref_0048c5b4], esi ; mov dword [0x48c5b4], esi push esi push ref_00465d73 ; push 0x465d73 jmp near loc_0044d7a8 ; jmp 0x44d7a8 fcn_0044db25: push ebx push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x94], 0 jne near loc_0044d80b ; jne 0x44d80b mov esi, 7 mov dword [ref_0048c5b4], esi ; mov dword [0x48c5b4], esi push esi push ref_00465d89 ; push 0x465d89 jmp near loc_0044d7a8 ; jmp 0x44d7a8 fcn_0044db53: push ebx push esi push edi push ebp sub esp, 0x80 cmp dword [esp + 0x94], 0 jne near loc_0044d80b ; jne 0x44d80b mov esi, 9 mov dword [ref_0048c5b4], esi ; mov dword [0x48c5b4], esi push esi push ref_00465da3 ; push 0x465da3 jmp near loc_0044d7a8 ; jmp 0x44d7a8 fcn_0044db81: push ebx push esi push edi push ebp sub esp, 0x14 push 0 push 0 push 0x42 mov edx, dword [ref_0048a05c] ; mov edx, dword [0x48a05c] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c5e0], eax ; mov dword [0x48c5e0], eax push 0 push 0 push 0xfb push 0x184 call fcn_00451a5a ; call 0x451a5a add esp, 0x10 mov ebx, eax loc_0044dbba: mov esi, dword [ref_004990b4] ; mov esi, dword [0x4990b4] xor eax, eax mov al, byte [esi + ref_00496b38] ; mov al, byte [esi + 0x496b38] mov dword [esp + 0x10], eax lea eax, [esp + 0x10] push eax call fcn_0044bb4b ; call 0x44bb4b mov esi, eax add esp, 4 mov edi, eax push 0 push 3 push 0x101010 push 0xf0f0f0 push 0x1c call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 cmp esi, 1 jne near loc_0044dcaa ; jne 0x44dcaa mov ebp, dword [esp + 0x10] lea eax, [ebp + ebp] cmp ebp, 0x21 jge short loc_0044dc4d ; jge 0x44dc4d push 0 mov edx, dword [ebx + 8] push edx movsx eax, word [eax + ref_00475fb4] ; movsx eax, word [eax + 0x475fb4] push eax mov ecx, dword [ref_0048a0e4] ; mov ecx, dword [0x48a0e4] push ecx call fcn_00450441 ; call 0x450441 add esp, 0x10 push 0x2c push 0x19 push ebx mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_00456280 ; call 0x456280 add esp, 0x10 mov eax, dword [esp + 0x10] push 0 call dword [eax*4 + ref_00475ef0] ; ucall: call dword [eax*4 + 0x475ef0] jmp short loc_0044dc9e ; jmp 0x44dc9e loc_0044dc4d: push 0 mov esi, dword [ebx + 8] push esi movsx esi, word [ref_004991b8] ; movsx esi, word [0x4991b8] movsx eax, word [eax + esi*8 + ref_00475fb4] ; movsx eax, word [eax + esi*8 + 0x475fb4] push eax mov eax, dword [ref_0048a0e4] ; mov eax, dword [0x48a0e4] push eax call fcn_00450441 ; call 0x450441 add esp, 0x10 push 0x2c push 0x19 push ebx mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax call fcn_00456280 ; call 0x456280 add esp, 0x10 movsx esi, word [ref_004991b8] ; movsx esi, word [0x4991b8] shl esi, 4 mov eax, dword [esp + 0x10] push 0 call dword [esi + eax*4 + ref_00475ef0] ; ucall: call dword [esi + eax*4 + 0x475ef0] loc_0044dc9e: add esp, 4 push ebx call clib_free ; call 0x456e11 add esp, 4 loc_0044dcaa: mov esi, dword [ref_004990b4] ; mov esi, dword [0x4990b4] inc esi mov dword [ref_004990b4], esi ; mov dword [0x4990b4], esi cmp esi, 0x25 jne short loc_0044dcc4 ; jne 0x44dcc4 xor edx, edx mov dword [ref_004990b4], edx ; mov dword [0x4990b4], edx loc_0044dcc4: test edi, edi je near loc_0044dbba ; je 0x44dbba mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [ebx + 0x64] ; ucall push 0 push 0 mov eax, dword [ref_0048c5e0] ; mov eax, dword [0x48c5e0] add eax, 0x18 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push eax call dword [ebx + 0x80] ; ucall xor ebx, ebx mov dword [esp], ebx mov dword [esp + 4], ebx mov dword [esp + 8], 0x1b8 mov dword [esp + 0xc], 0x1e0 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov ebx, dword [eax] push 0x10 lea esi, [esp + 4] push esi mov edx, dword [ref_0048a0e0] ; mov edx, dword [0x48a0e0] push edx push 0 push 0 push eax call dword [ebx + 0x1c] ; ucall push 0x640 call fcn_004544f6 ; call 0x4544f6 add esp, 4 mov eax, ebp shl eax, 2 cmp ebp, 0x21 jge short loc_0044dd65 ; jge 0x44dd65 push 1 call dword [eax + ref_00475ef0] ; ucall: call dword [eax + 0x475ef0] jmp short loc_0044dd78 ; jmp 0x44dd78 loc_0044dd65: movsx ebx, word [ref_004991b8] ; movsx ebx, word [0x4991b8] shl ebx, 4 push 1 call dword [ebx + eax + ref_00475ef0] ; ucall: call dword [ebx + eax + 0x475ef0] loc_0044dd78: add esp, 4 push 0x320 call fcn_004528b9 ; call 0x4528b9 add esp, 4 mov ecx, dword [ref_0048c5e0] ; mov ecx, dword [0x48c5e0] push ecx call clib_free ; call 0x456e11 add esp, 4 add esp, 0x14 pop ebp pop edi pop esi pop ebx ret fcn_0044dd9f: push ebx push esi push edi sub esp, 0xc xor esi, esi mov ebx, dword [ref_004762b8] ; mov ebx, dword [0x4762b8] mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push esi push 1 push ref_0048a068 ; push 0x48a068 push esi push eax call dword [edx + 0x64] ; ucall mov word [esp], 0x280 mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [esp + 8], eax mov edx, dword [esp + 0x1c] test edx, edx jne near loc_0044de4b ; jne 0x44de4b mov eax, dword [ref_0048c5e8] ; mov eax, dword [0x48c5e8] add eax, dword [ref_00476298] ; add eax, dword [0x476298] push eax mov eax, dword [ref_0048c5e4] ; mov eax, dword [0x48c5e4] add eax, dword [ref_00476294] ; add eax, dword [0x476294] push eax mov eax, dword [ref_0048c5f8] ; mov eax, dword [0x48c5f8] add eax, 0x6c push eax mov edi, dword [esp + 0x14] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 test ebx, ebx je near loc_0044dec6 ; je 0x44dec6 loc_0044de12: test ebx, ebx je near loc_0044ded1 ; je 0x44ded1 jle short loc_0044de1d ; jle 0x44de1d dec ebx loc_0044de1d: mov eax, dword [ref_004762b4] ; mov eax, dword [0x4762b4] loc_0044de22: cmp byte [ebx + eax - 1], 0 je short loc_0044de30 ; je 0x44de30 test ebx, ebx jle short loc_0044de30 ; jle 0x44de30 dec ebx jmp short loc_0044de22 ; jmp 0x44de22 loc_0044de30: mov eax, dword [ref_004762b4] ; mov eax, dword [0x4762b4] cmp byte [ebx + eax], 0x40 je near loc_0044ded1 ; je 0x44ded1 cmp esi, 0xd je near loc_0044ded1 ; je 0x44ded1 inc esi jmp short loc_0044de12 ; jmp 0x44de12 loc_0044de4b: cmp edx, 1 jne near loc_0044dec6 ; jne 0x44dec6 mov eax, dword [ref_0048c5e8] ; mov eax, dword [0x48c5e8] add eax, dword [ref_004762a8] ; add eax, dword [0x4762a8] push eax mov eax, dword [ref_0048c5e4] ; mov eax, dword [0x48c5e4] add eax, dword [ref_004762a4] ; add eax, dword [0x4762a4] push eax mov eax, dword [ref_0048c5f8] ; mov eax, dword [0x48c5f8] add eax, 0x78 push eax mov eax, dword [esp + 0x14] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_004762b4] ; mov eax, dword [0x4762b4] cmp byte [ebx + eax], 0x40 jne short loc_0044de90 ; jne 0x44de90 add ebx, 2 loc_0044de90: cmp ebx, dword [ref_0048c5f0] ; cmp ebx, dword [0x48c5f0] jge short loc_0044debe ; jge 0x44debe mov eax, dword [ref_004762b4] ; mov eax, dword [0x4762b4] add eax, ebx push eax call _strlen ; call 0x45825d add esp, 4 inc eax add ebx, eax mov eax, dword [ref_004762b4] ; mov eax, dword [0x4762b4] cmp byte [ebx + eax], 0x40 je short loc_0044debe ; je 0x44debe cmp esi, 0xd je short loc_0044debe ; je 0x44debe inc esi jmp short loc_0044de90 ; jmp 0x44de90 loc_0044debe: cmp ebx, dword [ref_0048c5f0] ; cmp ebx, dword [0x48c5f0] jne short loc_0044ded1 ; jne 0x44ded1 loc_0044dec6: cmp dword [esp + 0x1c], 2 jne near loc_0044df9d ; jne 0x44df9d loc_0044ded1: mov dword [ref_004762b8], ebx ; mov dword [0x4762b8], ebx mov eax, dword [ref_004762b4] ; mov eax, dword [0x4762b4] cmp byte [ebx + eax], 0x40 jne short loc_0044dee5 ; jne 0x44dee5 add ebx, 2 loc_0044dee5: push 1 push 0 push 0x101010 push 0x101010 push 0xc call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 0x112 push 0x96 push 0x50 push 0xd8 mov eax, dword [ref_0048c5e8] ; mov eax, dword [0x48c5e8] add eax, 0x50 push eax mov eax, dword [ref_0048c5e4] ; mov eax, dword [0x48c5e4] add eax, 0xd8 push eax mov eax, dword [ref_0048c5f8] ; mov eax, dword [0x48c5f8] add eax, 0xc push eax lea eax, [esp + 0x1c] push eax call fcn_004562cc ; call 0x4562cc add esp, 0x20 xor esi, esi loc_0044df3a: cmp ebx, dword [ref_0048c5f0] ; cmp ebx, dword [0x48c5f0] jge short loc_0044df9d ; jge 0x44df9d push 0 mov eax, esi shl eax, 3 add eax, esi add eax, eax add eax, dword [ref_0048c5e8] ; add eax, dword [0x48c5e8] add eax, 0x5a push eax mov eax, dword [ref_0048c5e4] ; mov eax, dword [0x48c5e4] add eax, 0xe8 push eax mov eax, dword [ref_004762b4] ; mov eax, dword [0x4762b4] add eax, ebx push eax lea eax, [esp + 0x10] push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_004762b4] ; mov eax, dword [0x4762b4] add eax, ebx push eax call _strlen ; call 0x45825d add esp, 4 inc eax add ebx, eax mov eax, dword [ref_004762b4] ; mov eax, dword [0x4762b4] cmp byte [ebx + eax], 0x40 je short loc_0044df9d ; je 0x44df9d cmp esi, 0xd je short loc_0044df9d ; je 0x44df9d inc esi jmp short loc_0044df3a ; jmp 0x44df3a loc_0044df9d: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall loc_0044dfad: add esp, 0xc pop edi pop esi pop ebx ret fcn_0044dfb4: push ebx push esi push edi sub esp, 0xc mov eax, dword [ref_00476018] ; mov eax, dword [0x476018] cmp eax, dword [ref_00476020] ; cmp eax, dword [0x476020] jne short loc_0044dfd4 ; jne 0x44dfd4 mov eax, dword [ref_0047601c] ; mov eax, dword [0x47601c] cmp eax, dword [ref_00476024] ; cmp eax, dword [0x476024] je short loc_0044dfad ; je 0x44dfad loc_0044dfd4: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov word [esp], 0x280 mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [esp + 8], eax push 1 push 0 push 0x101010 push 0x101010 push 0xc call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov ebx, dword [ref_0048c5e8] ; mov ebx, dword [0x48c5e8] push ebx mov esi, dword [ref_0048c5e4] ; mov esi, dword [0x48c5e4] push esi mov eax, dword [ref_0048c5f8] ; mov eax, dword [0x48c5f8] add eax, 0xc push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov edx, dword [ref_00476018] ; mov edx, dword [0x476018] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 add eax, dword [ref_0048c5e8] ; add eax, dword [0x48c5e8] add eax, 0x3a push eax mov eax, dword [ref_0048c5e4] ; mov eax, dword [0x48c5e4] add eax, 0x1a push eax mov eax, dword [ref_0048c5f8] ; mov eax, dword [0x48c5f8] add eax, 0x18 push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 2 mov edx, dword [ref_00476018] ; mov edx, dword [0x476018] mov eax, edx shl eax, 3 add eax, edx shl eax, 2 add eax, dword [ref_0048c5e8] ; add eax, dword [0x48c5e8] add eax, 0x49 push eax mov eax, dword [ref_0048c5e4] ; mov eax, dword [0x48c5e4] add eax, 0x3b push eax mov edx, dword [ref_00476018] ; mov edx, dword [0x476018] mov eax, edx shl eax, 2 add eax, edx mov ecx, dword [eax*4 + ref_004761b4] ; mov ecx, dword [eax*4 + 0x4761b4] push ecx lea eax, [esp + 0x10] push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 push 2 mov eax, dword [ref_0048c5e8] ; mov eax, dword [0x48c5e8] add eax, 0x39 push eax mov eax, dword [ref_0048c5e4] ; mov eax, dword [0x48c5e4] add eax, 0x8c push eax mov edx, dword [ref_00476018] ; mov edx, dword [0x476018] mov eax, edx shl eax, 2 add eax, edx mov ebx, dword [eax*4 + ref_004761b4] ; mov ebx, dword [eax*4 + 0x4761b4] push ebx lea eax, [esp + 0x10] push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov edx, dword [ref_00476018] ; mov edx, dword [0x476018] mov eax, edx shl eax, 2 add eax, edx cmp dword [eax*4 + ref_004761c0], 8 ; cmp dword [eax*4 + 0x4761c0], 8 jle short loc_0044e166 ; jle 0x44e166 mov eax, dword [ref_0048c5e8] ; mov eax, dword [0x48c5e8] add eax, dword [ref_00476278] ; add eax, dword [0x476278] push eax mov eax, dword [ref_0048c5e4] ; mov eax, dword [0x48c5e4] add eax, dword [ref_00476274] ; add eax, dword [0x476274] push eax mov eax, dword [ref_0048c5f8] ; mov eax, dword [0x48c5f8] add eax, 0x3c push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048c5e8] ; mov eax, dword [0x48c5e8] add eax, dword [ref_00476288] ; add eax, dword [0x476288] push eax mov eax, dword [ref_0048c5e4] ; mov eax, dword [0x48c5e4] add eax, dword [ref_00476284] ; add eax, dword [0x476284] push eax mov eax, dword [ref_0048c5f8] ; mov eax, dword [0x48c5f8] add eax, 0x48 push eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 loc_0044e166: mov esi, dword [ref_004762b4] ; mov esi, dword [0x4762b4] test esi, esi je short loc_0044e179 ; je 0x44e179 push esi call clib_free ; call 0x456e11 add esp, 4 loc_0044e179: push ref_0048c5f0 ; push 0x48c5f0 push 0 mov edx, dword [ref_00476018] ; mov edx, dword [0x476018] mov eax, edx shl eax, 2 add eax, edx mov eax, dword [eax*4 + ref_004761bc] ; mov eax, dword [eax*4 + 0x4761bc] add eax, dword [ref_0047601c] ; add eax, dword [0x47601c] push eax mov eax, dword [ref_0048c5f4] ; mov eax, dword [0x48c5f4] push eax call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_004762b4], eax ; mov dword [0x4762b4], eax xor esi, esi xor ebx, ebx mov dword [ref_0048c5ec], esi ; mov dword [0x48c5ec], esi mov dword [ref_004762b8], esi ; mov dword [0x4762b8], esi loc_0044e1be: cmp esi, dword [ref_0048c5f0] ; cmp esi, dword [0x48c5f0] jge short loc_0044e22d ; jge 0x44e22d push 0 mov eax, ebx shl eax, 3 add eax, ebx add eax, eax add eax, dword [ref_0048c5e8] ; add eax, dword [0x48c5e8] add eax, 0x5a push eax mov eax, dword [ref_0048c5e4] ; mov eax, dword [0x48c5e4] add eax, 0xe8 push eax mov eax, dword [ref_004762b4] ; mov eax, dword [0x4762b4] add eax, esi push eax lea eax, [esp + 0x10] push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_004762b4] ; mov eax, dword [0x4762b4] add eax, esi push eax call _strlen ; call 0x45825d add esp, 4 inc eax add esi, eax mov eax, dword [ref_004762b4] ; mov eax, dword [0x4762b4] cmp byte [esi + eax], 0x40 je short loc_0044e21e ; je 0x44e21e cmp ebx, 0xd jne short loc_0044e22a ; jne 0x44e22a loc_0044e21e: mov dword [ref_0048c5ec], 1 ; mov dword [0x48c5ec], 1 jmp short loc_0044e236 ; jmp 0x44e236 loc_0044e22a: inc ebx jmp short loc_0044e1be ; jmp 0x44e1be loc_0044e22d: cmp dword [ref_0048c5ec], 0 ; cmp dword [0x48c5ec], 0 je short loc_0044e296 ; je 0x44e296 loc_0044e236: mov eax, dword [ref_0048c5e8] ; mov eax, dword [0x48c5e8] add eax, dword [ref_00476298] ; add eax, dword [0x476298] push eax mov eax, dword [ref_0048c5e4] ; mov eax, dword [0x48c5e4] add eax, dword [ref_00476294] ; add eax, dword [0x476294] push eax mov eax, dword [ref_0048c5f8] ; mov eax, dword [0x48c5f8] add eax, 0x6c push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048c5e8] ; mov eax, dword [0x48c5e8] add eax, dword [ref_004762a8] ; add eax, dword [0x4762a8] push eax mov eax, dword [ref_0048c5e4] ; mov eax, dword [0x48c5e4] add eax, dword [ref_004762a4] ; add eax, dword [0x4762a4] push eax mov eax, dword [ref_0048c5f8] ; mov eax, dword [0x48c5f8] add eax, 0x78 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 loc_0044e296: push 0 push 2 push 0x101010 push 0x101010 push 0xf call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor ebx, ebx jmp short loc_0044e301 ; jmp 0x44e301 loc_0044e2b2: push 2 mov eax, ebx shl eax, 4 add eax, ebx add eax, eax add eax, dword [ref_0048c5e8] ; add eax, dword [0x48c5e8] add eax, 0x5e push eax mov eax, dword [ref_0048c5e4] ; mov eax, dword [0x48c5e4] add eax, 0x96 push eax mov edx, dword [ref_00476018] ; mov edx, dword [0x476018] mov eax, edx shl eax, 2 add eax, edx mov eax, dword [eax*4 + ref_004761b8] ; mov eax, dword [eax*4 + 0x4761b8] mov edx, dword [eax + esi*4] push edx lea eax, [esp + 0x10] push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx cmp ebx, 8 jge near loc_0044e376 ; jge 0x44e376 loc_0044e301: mov edx, dword [ref_00476018] ; mov edx, dword [0x476018] mov eax, edx shl eax, 2 add eax, edx mov esi, dword [eax*4 + ref_004761c4] ; mov esi, dword [eax*4 + 0x4761c4] add esi, ebx cmp esi, dword [eax*4 + ref_004761c0] ; cmp esi, dword [eax*4 + 0x4761c0] jge short loc_0044e376 ; jge 0x44e376 mov ecx, dword [ref_0048c5e4] ; mov ecx, dword [0x48c5e4] add ecx, 0x6c mov eax, ebx shl eax, 4 add eax, ebx add eax, eax add eax, dword [ref_0048c5e8] ; add eax, dword [0x48c5e8] add eax, 0x4e cmp esi, dword [ref_0047601c] ; cmp esi, dword [0x47601c] jne short loc_0044e362 ; jne 0x44e362 push eax push ecx mov eax, dword [ref_0048c5f8] ; mov eax, dword [0x48c5f8] add eax, 0x30 push eax mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi loc_0044e355: call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 jmp near loc_0044e2b2 ; jmp 0x44e2b2 loc_0044e362: push eax push ecx mov eax, dword [ref_0048c5f8] ; mov eax, dword [0x48c5f8] add eax, 0x24 push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx jmp short loc_0044e355 ; jmp 0x44e355 loc_0044e376: push 2 mov eax, dword [ref_0048c5e8] ; mov eax, dword [0x48c5e8] add eax, 0x3f push eax mov eax, dword [ref_0048c5e4] ; mov eax, dword [0x48c5e4] add eax, 0x10e push eax mov edx, dword [ref_00476018] ; mov edx, dword [0x476018] mov eax, edx shl eax, 2 add eax, edx mov edx, dword [ref_0047601c] ; mov edx, dword [0x47601c] mov eax, dword [eax*4 + ref_004761b8] ; mov eax, dword [eax*4 + 0x4761b8] mov ecx, dword [eax + edx*4] push ecx lea eax, [esp + 0x10] push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov eax, dword [ref_00476018] ; mov eax, dword [0x476018] mov dword [ref_00476020], eax ; mov dword [0x476020], eax mov eax, dword [ref_0047601c] ; mov eax, dword [0x47601c] mov dword [ref_00476024], eax ; mov dword [0x476024], eax jmp near loc_0044dfad ; jmp 0x44dfad endloc_0044e3e0: db 0x8d db 0x40 db 0x00 ref_0044e3e3: ; may contain a jump table dd loc_0044e621 dd loc_0044e668 dd loc_0044e6eb dd loc_0044e6eb dd loc_0044e7a1 dd loc_0044e7a1 ref_0044e3fb: ; may contain a jump table dd loc_0044e881 dd loc_0044e944 dd loc_0044ea1b dd loc_0044ea1b fcn_0044e40b: push ebx push esi push edi push ebp sub esp, 0x50 mov edi, dword [esp + 0x64] mov eax, dword [esp + 0x68] mov ecx, dword [esp + 0x6c] mov edx, dword [esp + 0x70] cmp eax, 0x201 jb short loc_0044e45d ; jb 0x44e45d jbe near loc_0044e592 ; jbe 0x44e592 cmp eax, 0x203 jb near loc_0044e869 ; jb 0x44e869 jbe near loc_0044e592 ; jbe 0x44e592 cmp eax, 0x205 jb near loc_0044eb29 ; jb 0x44eb29 jbe near loc_0044e546 ; jbe 0x44e546 cmp eax, 0x401 je short loc_0044e488 ; je 0x44e488 jmp near loc_0044eb29 ; jmp 0x44eb29 loc_0044e45d: cmp eax, 0x100 jb short loc_0044e47a ; jb 0x44e47a jbe near loc_0044ea58 ; jbe 0x44ea58 cmp eax, 0x101 je near loc_0044ea4a ; je 0x44ea4a jmp near loc_0044eb29 ; jmp 0x44eb29 loc_0044e47a: cmp eax, 0xf je near loc_0044eacb ; je 0x44eacb jmp near loc_0044eb29 ; jmp 0x44eb29 loc_0044e488: mov dword [ref_0048c5fc], 0xffffffff ; mov dword [0x48c5fc], 0xffffffff xor ebx, ebx mov word [ref_0048c600], bx ; mov word [0x48c600], bx xor eax, eax mov ax, dx mov dword [ref_0048c5e4], eax ; mov dword [0x48c5e4], eax mov eax, edx shr eax, 0x10 and eax, 0xffff and eax, 0xffff mov dword [ref_0048c5e8], eax ; mov dword [0x48c5e8], eax cmp dword [ref_0048c5e4], 0xffff ; cmp dword [0x48c5e4], 0xffff jne short loc_0044e4f0 ; jne 0x44e4f0 mov eax, dword [ref_0048c5f8] ; mov eax, dword [0x48c5f8] movsx edx, word [eax + 0xc] sar edx, 1 mov ecx, 0x140 sub ecx, edx mov dword [ref_0048c5e4], ecx ; mov dword [0x48c5e4], ecx movsx eax, word [eax + 0xe] sar eax, 1 mov edx, 0xf0 sub edx, eax mov dword [ref_0048c5e8], edx ; mov dword [0x48c5e8], edx loc_0044e4f0: mov eax, dword [ref_0048c5e4] ; mov eax, dword [0x48c5e4] mov dword [esp + 0x40], eax mov eax, dword [ref_0048c5e8] ; mov eax, dword [0x48c5e8] mov dword [esp + 0x44], eax mov eax, dword [ref_0048c5f8] ; mov eax, dword [0x48c5f8] movsx edx, word [eax + 0xc] mov ecx, dword [esp + 0x40] add ecx, edx mov dword [esp + 0x48], ecx movsx eax, word [eax + 0xe] mov edx, dword [esp + 0x44] add edx, eax mov dword [esp + 0x4c], edx lea eax, [esp + 0x40] push eax call fcn_00451e7e ; call 0x451e7e add esp, 4 mov dword [ref_0048c602], eax ; mov dword [0x48c602], eax call fcn_0044dfb4 ; call 0x44dfb4 push 1 call fcn_00402460 ; call 0x402460 jmp near loc_0044ea36 ; jmp 0x44ea36 loc_0044e546: push 0 push ref_00482332 ; push 0x482332 call fcn_004542ce ; call 0x4542ce add esp, 8 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 mov esi, dword [ref_0048c5e8] ; mov esi, dword [0x48c5e8] push esi mov edi, dword [ref_0048c5e4] ; mov edi, dword [0x48c5e4] push edi mov ebp, dword [ref_0048c602] ; mov ebp, dword [0x48c602] push ebp call fcn_00451edb ; call 0x451edb add esp, 0xc push 0 call _Post_0402_Message ; call 0x401966 add esp, 4 loc_0044e586: xor eax, eax loc_0044e588: add esp, 0x50 pop ebp pop edi pop esi pop ebx ret 0x10 loc_0044e592: xor esi, esi mov si, dx sub esi, dword [ref_0048c5e4] ; sub esi, dword [0x48c5e4] shr edx, 0x10 and edx, 0xffff xor ebx, ebx mov bx, dx sub ebx, dword [ref_0048c5e8] ; sub ebx, dword [0x48c5e8] xor eax, eax mov dword [ref_0048c5fc], eax ; mov dword [0x48c5fc], eax jmp short loc_0044e5cc ; jmp 0x44e5cc loc_0044e5ba: mov ecx, dword [ref_0048c5fc] ; mov ecx, dword [0x48c5fc] inc ecx mov dword [ref_0048c5fc], ecx ; mov dword [0x48c5fc], ecx cmp ecx, 6 jge short loc_0044e5f4 ; jge 0x44e5f4 loc_0044e5cc: mov eax, dword [ref_0048c5fc] ; mov eax, dword [0x48c5fc] shl eax, 4 cmp esi, dword [eax + ref_00476254] ; cmp esi, dword [eax + 0x476254] jl short loc_0044e5ba ; jl 0x44e5ba cmp ebx, dword [eax + ref_00476258] ; cmp ebx, dword [eax + 0x476258] jl short loc_0044e5ba ; jl 0x44e5ba cmp esi, dword [eax + ref_0047625c] ; cmp esi, dword [eax + 0x47625c] jge short loc_0044e5ba ; jge 0x44e5ba cmp ebx, dword [eax + ref_00476260] ; cmp ebx, dword [eax + 0x476260] jge short loc_0044e5ba ; jge 0x44e5ba loc_0044e5f4: cmp dword [ref_0048c5fc], 6 ; cmp dword [0x48c5fc], 6 jge short loc_0044e60c ; jge 0x44e60c push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 loc_0044e60c: mov eax, dword [ref_0048c5fc] ; mov eax, dword [0x48c5fc] cmp eax, 5 ja near loc_0044e586 ; ja 0x44e586 jmp dword [eax*4 + ref_0044e3e3] ; ujmp: jmp dword [eax*4 + 0x44e3e3] loc_0044e621: xor eax, eax jmp short loc_0044e62f ; jmp 0x44e62f loc_0044e625: inc eax cmp eax, 8 jge near loc_0044e586 ; jge 0x44e586 loc_0044e62f: cmp esi, 0x1a jl short loc_0044e625 ; jl 0x44e625 mov edx, eax shl edx, 3 add edx, eax shl edx, 2 lea ecx, [edx + 0x3a] cmp ebx, ecx jl short loc_0044e625 ; jl 0x44e625 cmp esi, 0x5c jge short loc_0044e625 ; jge 0x44e625 add edx, 0x5b cmp ebx, edx jge short loc_0044e625 ; jge 0x44e625 mov dword [ref_00476018], eax ; mov dword [0x476018], eax xor ecx, ecx mov dword [ref_0047601c], ecx ; mov dword [0x47601c], ecx loc_0044e65e: call fcn_0044dfb4 ; call 0x44dfb4 jmp near loc_0044ea39 ; jmp 0x44ea39 loc_0044e668: mov edx, dword [ref_00476018] ; mov edx, dword [0x476018] mov eax, edx shl eax, 2 add eax, edx shl eax, 2 mov edx, dword [eax + ref_004761c4] ; mov edx, dword [eax + 0x4761c4] add edx, 8 mov ecx, dword [eax + ref_004761c0] ; mov ecx, dword [eax + 0x4761c0] cmp edx, ecx jge short loc_0044e692 ; jge 0x44e692 mov ebp, 8 jmp short loc_0044e69a ; jmp 0x44e69a loc_0044e692: mov ebp, ecx sub ebp, dword [eax + ref_004761c4] ; sub ebp, dword [eax + 0x4761c4] loc_0044e69a: xor eax, eax loc_0044e69c: cmp eax, ebp jge near loc_0044e586 ; jge 0x44e586 cmp esi, 0x6c jl short loc_0044e6e8 ; jl 0x44e6e8 mov edx, eax shl edx, 4 add edx, eax add edx, edx lea ecx, [edx + 0x4e] cmp ebx, ecx jl short loc_0044e6e8 ; jl 0x44e6e8 cmp esi, 0xc1 jge short loc_0044e6e8 ; jge 0x44e6e8 add edx, 0x6f cmp ebx, edx jge short loc_0044e6e8 ; jge 0x44e6e8 mov ecx, dword [ref_00476018] ; mov ecx, dword [0x476018] mov edx, ecx shl edx, 2 add edx, ecx mov edx, dword [edx*4 + ref_004761c4] ; mov edx, dword [edx*4 + 0x4761c4] add eax, edx mov dword [ref_0047601c], eax ; mov dword [0x47601c], eax jmp near loc_0044e65e ; jmp 0x44e65e loc_0044e6e8: inc eax jmp short loc_0044e69c ; jmp 0x44e69c loc_0044e6eb: mov edx, dword [ref_00476018] ; mov edx, dword [0x476018] mov eax, edx shl eax, 2 add eax, edx cmp dword [eax*4 + ref_004761c0], 8 ; cmp dword [eax*4 + 0x4761c0], 8 jle near loc_0044e586 ; jle 0x44e586 mov eax, dword [ref_0048c5fc] ; mov eax, dword [0x48c5fc] shl eax, 4 mov edx, dword [ref_0048c5e4] ; mov edx, dword [0x48c5e4] mov esi, dword [eax + ref_00476254] ; mov esi, dword [eax + 0x476254] add edx, esi mov dword [esp + 0x40], edx mov edx, dword [ref_0048c5e8] ; mov edx, dword [0x48c5e8] mov ebp, dword [eax + ref_00476258] ; mov ebp, dword [eax + 0x476258] add edx, ebp mov dword [esp + 0x44], edx mov edx, dword [ref_0048c5e4] ; mov edx, dword [0x48c5e4] mov ecx, dword [eax + ref_0047625c] ; mov ecx, dword [eax + 0x47625c] add edx, ecx mov dword [esp + 0x48], edx mov edx, dword [ref_0048c5e8] ; mov edx, dword [0x48c5e8] mov ebx, dword [eax + ref_00476260] ; mov ebx, dword [eax + 0x476260] add edx, ebx mov dword [esp + 0x4c], edx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov esi, dword [esp + 0x44] push esi mov ebp, dword [esp + 0x44] push ebp mov edx, dword [ref_0048c5fc] ; mov edx, dword [0x48c5fc] add edx, 4 mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c5f8] ; mov eax, dword [0x48c5f8] add eax, 0xc add eax, edx push eax mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax jmp near loc_0044e845 ; jmp 0x44e845 loc_0044e7a1: cmp dword [ref_0048c5ec], 0 ; cmp dword [0x48c5ec], 0 je near loc_0044e586 ; je 0x44e586 mov eax, dword [ref_0048c5fc] ; mov eax, dword [0x48c5fc] shl eax, 4 mov edx, dword [ref_0048c5e4] ; mov edx, dword [0x48c5e4] mov ecx, dword [eax + ref_00476254] ; mov ecx, dword [eax + 0x476254] add edx, ecx mov dword [esp + 0x40], edx mov edx, dword [ref_0048c5e8] ; mov edx, dword [0x48c5e8] mov ebx, dword [eax + ref_00476258] ; mov ebx, dword [eax + 0x476258] add edx, ebx mov dword [esp + 0x44], edx mov edx, dword [ref_0048c5e4] ; mov edx, dword [0x48c5e4] mov esi, dword [eax + ref_0047625c] ; mov esi, dword [eax + 0x47625c] add edx, esi mov dword [esp + 0x48], edx mov edx, dword [ref_0048c5e8] ; mov edx, dword [0x48c5e8] mov ebp, dword [eax + ref_00476260] ; mov ebp, dword [eax + 0x476260] add edx, ebp mov dword [esp + 0x4c], edx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [esp + 0x44] push eax mov edx, dword [esp + 0x44] push edx mov edx, dword [ref_0048c5fc] ; mov edx, dword [0x48c5fc] add edx, 6 mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048c5f8] ; mov eax, dword [0x48c5f8] add eax, 0xc add eax, edx loc_0044e83d: push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx loc_0044e845: call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x44] push eax jmp near loc_0044ea3d ; jmp 0x44ea3d loc_0044e869: mov eax, dword [ref_0048c5fc] ; mov eax, dword [0x48c5fc] sub eax, 2 cmp eax, 3 ja near loc_0044e586 ; ja 0x44e586 jmp dword [eax*4 + ref_0044e3fb] ; ujmp: jmp dword [eax*4 + 0x44e3fb] loc_0044e881: mov edx, dword [ref_00476018] ; mov edx, dword [0x476018] mov eax, edx shl eax, 2 add eax, edx shl eax, 2 cmp dword [eax + ref_004761c0], 8 ; cmp dword [eax + 0x4761c0], 8 jle near loc_0044e586 ; jle 0x44e586 mov edx, dword [eax + ref_004761c4] ; mov edx, dword [eax + 0x4761c4] test edx, edx jle short loc_0044e8d3 ; jle 0x44e8d3 cmp edx, 8 jle short loc_0044e8c0 ; jle 0x44e8c0 sub dword [ref_0047601c], 8 ; sub dword [0x47601c], 8 sub dword [eax + ref_004761c4], 8 ; sub dword [eax + 0x4761c4], 8 jmp near loc_0044e65e ; jmp 0x44e65e loc_0044e8c0: sub dword [ref_0047601c], edx ; sub dword [0x47601c], edx xor ebp, ebp mov dword [eax + ref_004761c4], ebp ; mov dword [eax + 0x4761c4], ebp jmp near loc_0044e65e ; jmp 0x44e65e loc_0044e8d3: mov eax, dword [ref_0048c5e4] ; mov eax, dword [0x48c5e4] mov ecx, dword [ref_00476274] ; mov ecx, dword [0x476274] add eax, ecx mov dword [esp + 0x40], eax mov eax, dword [ref_0048c5e8] ; mov eax, dword [0x48c5e8] mov ebx, dword [ref_00476278] ; mov ebx, dword [0x476278] add eax, ebx mov dword [esp + 0x44], eax mov eax, dword [ref_0048c5e4] ; mov eax, dword [0x48c5e4] mov esi, dword [ref_0047627c] ; mov esi, dword [0x47627c] add eax, esi mov dword [esp + 0x48], eax mov eax, dword [ref_0048c5e8] ; mov eax, dword [0x48c5e8] mov ebp, dword [ref_00476280] ; mov ebp, dword [0x476280] add eax, ebp mov dword [esp + 0x4c], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [esp + 0x44] push eax mov edx, dword [esp + 0x44] push edx mov eax, dword [ref_0048c5f8] ; mov eax, dword [0x48c5f8] add eax, 0x3c jmp near loc_0044e83d ; jmp 0x44e83d loc_0044e944: mov edx, dword [ref_00476018] ; mov edx, dword [0x476018] mov eax, edx shl eax, 2 add eax, edx shl eax, 2 mov edx, dword [eax + ref_004761c0] ; mov edx, dword [eax + 0x4761c0] cmp edx, 8 jle near loc_0044e586 ; jle 0x44e586 sub edx, 8 mov ecx, dword [eax + ref_004761c4] ; mov ecx, dword [eax + 0x4761c4] cmp edx, ecx jle short loc_0044e9a2 ; jle 0x44e9a2 add ecx, 8 cmp ecx, edx jge short loc_0044e989 ; jge 0x44e989 add dword [ref_0047601c], 8 ; add dword [0x47601c], 8 mov dword [eax + ref_004761c4], ecx ; mov dword [eax + 0x4761c4], ecx jmp near loc_0044e65e ; jmp 0x44e65e loc_0044e989: mov ecx, edx sub ecx, dword [eax + ref_004761c4] ; sub ecx, dword [eax + 0x4761c4] add dword [ref_0047601c], ecx ; add dword [0x47601c], ecx mov dword [eax + ref_004761c4], edx ; mov dword [eax + 0x4761c4], edx jmp near loc_0044e65e ; jmp 0x44e65e loc_0044e9a2: mov eax, dword [ref_0048c5e4] ; mov eax, dword [0x48c5e4] mov ebx, dword [ref_00476284] ; mov ebx, dword [0x476284] add eax, ebx mov dword [esp + 0x40], eax mov eax, dword [ref_0048c5e8] ; mov eax, dword [0x48c5e8] mov esi, dword [ref_00476288] ; mov esi, dword [0x476288] add eax, esi mov dword [esp + 0x44], eax mov eax, dword [ref_0048c5e4] ; mov eax, dword [0x48c5e4] mov ebp, dword [ref_0047628c] ; mov ebp, dword [0x47628c] add eax, ebp mov dword [esp + 0x48], eax mov eax, dword [ref_0048c5e8] ; mov eax, dword [0x48c5e8] mov edx, dword [ref_00476290] ; mov edx, dword [0x476290] add eax, edx mov dword [esp + 0x4c], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ecx, dword [esp + 0x44] push ecx mov ebx, dword [esp + 0x44] push ebx mov eax, dword [ref_0048c5f8] ; mov eax, dword [0x48c5f8] add eax, 0x48 push eax mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] push esi jmp near loc_0044e845 ; jmp 0x44e845 loc_0044ea1b: cmp dword [ref_0048c5ec], 0 ; cmp dword [0x48c5ec], 0 je near loc_0044e586 ; je 0x44e586 mov eax, dword [ref_0048c5fc] ; mov eax, dword [0x48c5fc] sub eax, 4 push eax loc_0044ea31: call fcn_0044dd9f ; call 0x44dd9f loc_0044ea36: add esp, 4 loc_0044ea39: push 0 push 0 loc_0044ea3d: push edi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] jmp near loc_0044e586 ; jmp 0x44e586 loc_0044ea4a: xor ecx, ecx mov word [ref_0048c600], cx ; mov word [0x48c600], cx jmp near loc_0044e586 ; jmp 0x44e586 loc_0044ea58: cmp dword [ref_0048c5ec], 0 ; cmp dword [0x48c5ec], 0 je near loc_0044e586 ; je 0x44e586 cmp ecx, 0x11 jne short loc_0044ea75 ; jne 0x44ea75 mov word [ref_0048c600], 0x1100 ; mov word [0x48c600], 0x1100 jmp short loc_0044ea7c ; jmp 0x44ea7c loc_0044ea75: or word [ref_0048c600], cx ; or word [0x48c600], cx loc_0044ea7c: xor edx, edx mov dx, word [ref_0049719a] ; mov dx, word [0x49719a] xor eax, eax mov ax, word [ref_0048c600] ; mov ax, word [0x48c600] cmp eax, edx jne short loc_0044eaa4 ; jne 0x44eaa4 push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 push 0 jmp short loc_0044ea31 ; jmp 0x44ea31 loc_0044eaa4: xor edx, edx mov dx, word [ref_0049719c] ; mov dx, word [0x49719c] cmp eax, edx jne near loc_0044e586 ; jne 0x44e586 push 0 push ref_00482322 ; push 0x482322 call fcn_004542ce ; call 0x4542ce add esp, 8 push 1 jmp near loc_0044ea31 ; jmp 0x44ea31 loc_0044eacb: mov eax, esp push eax push edi call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov eax, dword [eax] push 0x10 lea edx, [esp + 0xc] push edx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [esp + 0x18] push ebx mov esi, dword [esp + 0x18] push esi mov ebp, dword [ref_0048a0dc] ; mov ebp, dword [0x48a0dc] push ebp call dword [eax + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push edi call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_0044e586 ; jmp 0x44e586 loc_0044eb29: push edx push ecx push eax push edi call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_0044e588 ; jmp 0x44e588 help_ui: push ebx push edi push ebp push ref_00466096 ; push 0x466096 call fcn_004502fe ; call 0x4502fe add esp, 4 mov dword [ref_0048c5f4], eax ; mov dword [0x48c5f4], eax push 0 push 0 push 0 push eax call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048c5f8], eax ; mov dword [0x48c5f8], eax push 1 push 0 push 0x101010 push 0x101010 push 0xc call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 xor edx, edx mov dword [ref_0047601c], edx ; mov dword [0x47601c], edx mov dword [ref_00476018], edx ; mov dword [0x476018], edx mov ebx, 0xffffffff mov dword [ref_00476024], ebx ; mov dword [0x476024], ebx mov dword [ref_00476020], ebx ; mov dword [0x476020], ebx xor ebx, ebx loc_0044eb9b: push 2 mov eax, ebx shl eax, 3 add eax, ebx shl eax, 2 add eax, 0x49 push eax push 0x3b mov eax, ebx shl eax, 2 add eax, ebx mov edi, dword [eax*4 + ref_004761b4] ; mov edi, dword [eax*4 + 0x4761b4] push edi mov eax, dword [ref_0048c5f8] ; mov eax, dword [0x48c5f8] add eax, 0xc push eax call fcn_0044fabc ; call 0x44fabc add esp, 0x14 inc ebx cmp ebx, 8 jl short loc_0044eb9b ; jl 0x44eb9b mov eax, dword [esp + 0x14] shl eax, 0x10 mov edx, dword [esp + 0x10] and edx, 0xffff or eax, edx push eax push fcn_0044e40b ; push 0x44e40b call _Wait_0402_Message ; call 0x4018e7 add esp, 8 mov ebp, dword [ref_0048c5f8] ; mov ebp, dword [0x48c5f8] push ebp call clib_free ; call 0x456e11 add esp, 4 mov eax, dword [ref_004762b4] ; mov eax, dword [0x4762b4] test eax, eax je short loc_0044ec1d ; je 0x44ec1d push eax call clib_free ; call 0x456e11 add esp, 4 xor ecx, ecx mov dword [ref_004762b4], ecx ; mov dword [0x4762b4], ecx loc_0044ec1d: mov ebx, dword [ref_0048c5f4] ; mov ebx, dword [0x48c5f4] push ebx call fcn_00450404 ; call 0x450404 add esp, 4 pop ebp pop edi pop ebx ret fcn_0044ec30: mov eax, dword [esp + 4] mov dword [ref_004762bc], eax ; mov dword [0x4762bc], eax mov edx, dword [esp + 8] mov dword [ref_0048c624], edx ; mov dword [0x48c624], edx mov edx, dword [esp + 0xc] mov dword [ref_0048c620], edx ; mov dword [0x48c620], edx mov edx, dword [esp + 0x10] mov dword [ref_0048c618], edx ; mov dword [0x48c618], edx mov edx, dword [esp + 0x14] mov dword [ref_0048c62c], edx ; mov dword [0x48c62c], edx movsx edx, word [eax + 4] mov ecx, dword [esp + 8] sub ecx, edx mov dword [ref_0048c608], ecx ; mov dword [0x48c608], ecx movsx edx, word [eax + 6] mov ecx, dword [esp + 0xc] sub ecx, edx mov dword [ref_0048c60c], ecx ; mov dword [0x48c60c], ecx movsx ecx, word [eax] mov edx, dword [ref_0048c608] ; mov edx, dword [0x48c608] add edx, ecx mov dword [ref_0048c610], edx ; mov dword [0x48c610], edx movsx eax, word [eax + 2] mov edx, dword [ref_0048c60c] ; mov edx, dword [0x48c60c] add eax, edx mov dword [ref_0048c614], eax ; mov dword [0x48c614], eax mov eax, dword [esp + 0x18] mov dword [ref_0048c61c], eax ; mov dword [0x48c61c], eax mov eax, dword [esp + 0x1c] mov dword [ref_0048c628], eax ; mov dword [0x48c628], eax ret fcn_0044ecb6: push ebx push esi push edi push ebp cmp dword [ref_004762bc], 0 ; cmp dword [0x4762bc], 0 je near loc_0044ee13 ; je 0x44ee13 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax mov ecx, dword [ref_004762c0] ; mov ecx, dword [0x4762c0] test ecx, ecx je short loc_0044ecfa ; je 0x44ecfa push ecx call clib_free ; call 0x456e11 add esp, 4 loc_0044ecfa: mov eax, dword [ref_004762bc] ; mov eax, dword [0x4762bc] movsx edx, word [eax + 2] push edx movsx eax, word [eax] push eax mov esi, dword [ref_0048c60c] ; mov esi, dword [0x48c60c] push esi mov edi, dword [ref_0048c608] ; mov edi, dword [0x48c608] push edi push 0 push ref_0046caec ; push 0x46caec call fcn_00451a97 ; call 0x451a97 add esp, 0x18 mov dword [ref_004762c0], eax ; mov dword [0x4762c0], eax mov ebp, dword [ref_0048c620] ; mov ebp, dword [0x48c620] push ebp mov eax, dword [ref_0048c624] ; mov eax, dword [0x48c624] push eax mov edx, dword [ref_004762bc] ; mov edx, dword [0x4762bc] push edx mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 mov ebx, dword [ref_0048c628] ; mov ebx, dword [0x48c628] test ebx, ebx je short loc_0044ed65 ; je 0x44ed65 push 1 push 3 push ebx mov ebp, dword [ref_0048c61c] ; mov ebp, dword [0x48c61c] push ebp jmp short loc_0044ed71 ; jmp 0x44ed71 loc_0044ed65: push 1 push 2 push ebx mov esi, dword [ref_0048c61c] ; mov esi, dword [0x48c61c] push esi loc_0044ed71: push 0x14 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 push 4 mov eax, dword [ref_004762bc] ; mov eax, dword [0x4762bc] movsx edx, word [eax + 2] sar edx, 1 add edx, dword [ref_0048c60c] ; add edx, dword [0x48c60c] add edx, dword [ref_0048c62c] ; add edx, dword [0x48c62c] push edx movsx eax, word [eax] sar eax, 1 add eax, dword [ref_0048c608] ; add eax, dword [0x48c608] add eax, dword [ref_0048c618] ; add eax, dword [0x48c618] push eax mov ebp, dword [esp + 0x20] push ebp push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push ref_0048c608 ; push 0x48c608 call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 push ref_0048c608 ; push 0x48c608 mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [ref_0048c60c] ; mov ebx, dword [0x48c60c] push ebx mov esi, dword [ref_0048c608] ; mov esi, dword [0x48c608] push esi push eax call dword [edx + 0x1c] ; ucall push ref_0048c608 ; push 0x48c608 call fcn_00402250 ; call 0x402250 add esp, 4 call dword [cs:__imp__timeGetTime@0] ; ucall: call dword cs:[0x46246c] mov dword [ref_004762c4], eax ; mov dword [0x4762c4], eax loc_0044ee13: pop ebp pop edi pop esi pop ebx ret fcn_0044ee18: push ebx push esi push edi push ebp cmp dword [ref_004762c4], 0 ; cmp dword [0x4762c4], 0 je near loc_0044ef2a ; je 0x44ef2a test byte [esp + 0x14], 1 je short loc_0044ee3f ; je 0x44ee3f call fcn_00454493 ; call 0x454493 xor ebp, ebp mov dword [ref_004762c4], ebp ; mov dword [0x4762c4], ebp jmp short loc_0044ee83 ; jmp 0x44ee83 loc_0044ee3f: call dword [cs:__imp__timeGetTime@0] ; ucall: call dword cs:[0x46246c] mov ecx, dword [ref_004762c4] ; mov ecx, dword [0x4762c4] sub eax, ecx cmp eax, 0x7d0 jb short loc_0044ee5f ; jb 0x44ee5f xor esi, esi mov dword [ref_004762c4], esi ; mov dword [0x4762c4], esi jmp short loc_0044ee63 ; jmp 0x44ee63 loc_0044ee5f: test ecx, ecx jne short loc_0044ee76 ; jne 0x44ee76 loc_0044ee63: cmp byte [ref_0049715b], 0 ; cmp byte [0x49715b], 0 je short loc_0044ee76 ; je 0x44ee76 call fcn_004544b9 ; call 0x4544b9 mov dword [ref_004762c4], eax ; mov dword [0x4762c4], eax loc_0044ee76: cmp dword [ref_004762c4], 0 ; cmp dword [0x4762c4], 0 jne near loc_0044ef34 ; jne 0x44ef34 loc_0044ee83: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048c60c] ; mov eax, dword [0x48c60c] push eax mov edx, dword [ref_0048c608] ; mov edx, dword [0x48c608] push edx mov ecx, dword [ref_004762c0] ; mov ecx, dword [0x4762c0] push ecx mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov esi, dword [ref_004762c0] ; mov esi, dword [0x4762c0] push esi call clib_free ; call 0x456e11 add esp, 4 xor edi, edi mov dword [ref_004762c0], edi ; mov dword [0x4762c0], edi mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push edi push eax call dword [edx + 0x80] ; ucall test byte [esp + 0x14], 2 jne short loc_0044ef2a ; jne 0x44ef2a push ref_0048c608 ; push 0x48c608 call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 push ref_0048c608 ; push 0x48c608 mov ebp, dword [ref_0048a0e0] ; mov ebp, dword [0x48a0e0] push ebp mov ecx, dword [ref_0048c60c] ; mov ecx, dword [0x48c60c] push ecx mov ebx, dword [ref_0048c608] ; mov ebx, dword [0x48c608] push ebx push eax call dword [edx + 0x1c] ; ucall push ref_0048c608 ; push 0x48c608 call fcn_00402250 ; call 0x402250 add esp, 4 loc_0044ef2a: mov eax, 1 pop ebp pop edi pop esi pop ebx ret loc_0044ef34: xor eax, eax pop ebp pop edi pop esi pop ebx ret fcn_0044ef3b: mov eax, dword [ref_004762c4] ; mov eax, dword [0x4762c4] ret fcn_0044ef41: push ebx push esi push edi push ebp sub esp, 0x10 mov ebx, dword [esp + 0x2c] mov edx, 1 cmp ebx, dword [ref_004762c8] ; cmp ebx, dword [0x4762c8] je near loc_0044f228 ; je 0x44f228 mov dword [ref_004762c8], ebx ; mov dword [0x4762c8], ebx test byte [esp + 0x25], 0x80 je short loc_0044ef74 ; je 0x44ef74 xor edx, edx and dword [esp + 0x24], 0x7fff loc_0044ef74: imul eax, dword [esp + 0x24], 0x68 cmp byte [eax + (_players+51)], 0 ; cmp byte [eax + 0x496b9b], 0 jne near loc_0044f228 ; jne 0x44f228 cmp byte [eax + (_players+55)], 0 ; cmp byte [eax + 0x496b9f], 0 jne near loc_0044f228 ; jne 0x44f228 cmp byte [eax + (_players+54)], 0 ; cmp byte [eax + 0x496b9e], 0 jne near loc_0044f228 ; jne 0x44f228 test edx, edx je short loc_0044efc5 ; je 0x44efc5 push 0 xor edx, edx mov dx, word [eax + (_players+10)] ; mov dx, word [eax + 0x496b72] push edx mov ax, word [eax + (_players+8)] ; mov ax, word [eax + 0x496b70] and eax, 0xffff push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc loc_0044efc5: push 1 push 2 push 0 push 0x101010 push 0x10 call fcn_0044f9d8 ; call 0x44f9d8 add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax push 0xdc push 0x1b8 push 0x28 push 0 push 0 push ref_0046caec ; push 0x46caec call fcn_00451a97 ; call 0x451a97 add esp, 0x18 mov edi, eax push 0x82 push 0xdc mov eax, dword [ref_0048bad8] ; mov eax, dword [0x48bad8] add eax, 0x54 push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 push 0x82 push 0xaa imul eax, dword [esp + 0x2c], 0x34 mov ecx, dword [eax + ref_00498eb0] ; mov ecx, dword [eax + 0x498eb0] mov edx, dword [esp + 0x30] inc edx mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 add ecx, 0xc add eax, ecx push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456418 ; call 0x456418 add esp, 0x10 test ebx, ebx je near loc_0044f157 ; je 0x44f157 cmp byte [ebx], 0x23 jne short loc_0044f088 ; jne 0x44f088 mov esi, 5 jmp short loc_0044f08a ; jmp 0x44f08a loc_0044f088: xor esi, esi loc_0044f08a: lea edx, [ebx + esi] cmp byte [edx], 0x40 jne near loc_0044f140 ; jne 0x44f140 xor eax, eax mov al, byte [edx + 1] lea ecx, [eax - 0x30] mov eax, ecx shl eax, 2 add eax, ecx add eax, eax mov dl, byte [edx + 2] and edx, 0xff sub edx, 0x30 add eax, edx push 0x82 push 0xf0 lea edx, [eax - 1] mov eax, edx shl eax, 2 sub eax, edx mov edx, eax shl edx, 2 mov eax, dword [ref_0048bad4] ; mov eax, dword [0x48bad4] add eax, 0xc add eax, edx push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_00456418 ; call 0x456418 add esp, 0x10 cmp esi, 5 jne short loc_0044f157 ; jne 0x44f157 xor eax, eax mov al, byte [ebx + 1] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 sub eax, edx shl eax, 3 add eax, edx shl eax, 3 mov ecx, eax shl ecx, 2 add ecx, eax xor eax, eax mov al, byte [ebx + 2] sub eax, 0x30 imul eax, eax, 0x64 add ecx, eax xor eax, eax mov al, byte [ebx + 3] lea edx, [eax - 0x30] mov eax, edx shl eax, 2 add eax, edx add eax, eax add ecx, eax xor eax, eax mov al, byte [ebx + 4] sub eax, 0x30 add eax, ecx push eax call fcn_0045441a ; call 0x45441a add esp, 4 jmp short loc_0044f157 ; jmp 0x44f157 loc_0044f140: push 5 push 0x82 push 0xc8 push ebx push 0 call fcn_0044fabc ; call 0x44fabc add esp, 0x14 loc_0044f157: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall xor eax, eax mov dword [esp], eax mov dword [esp + 4], 0x28 mov dword [esp + 8], 0x1b8 mov dword [esp + 0xc], 0x104 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] push esi push 0x28 push 0 push eax call dword [edx + 0x1c] ; ucall push 0x3e8 call fcn_004544f6 ; call 0x4544f6 add esp, 4 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0xdc push 0x1b8 push 0 push 0 mov ebp, dword [esp + 0x14] push ebp mov eax, dword [esp + 0x14] push eax push edi mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [esp + 0x10] push ebx mov esi, dword [esp + 0x10] push esi push eax call dword [edx + 0x1c] ; ucall push edi call clib_free ; call 0x456e11 add esp, 4 loc_0044f228: add esp, 0x10 pop ebp pop edi pop esi pop ebx ret fcn_0044f230: push ebx push esi push edi push ebp mov esi, dword [esp + 0x14] mov edx, dword [esp + 0x18] imul eax, esi, 0x68 cmp edx, 0x64 jle short loc_0044f262 ; jle 0x44f262 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov ebp, dword [edx + eax*8 + ref_0048084a] ; mov ebp, dword [edx + eax*8 + 0x48084a] push ebp jmp short loc_0044f2b2 ; jmp 0x44f2b2 loc_0044f262: cmp edx, 0x32 jle short loc_0044f292 ; jle 0x44f292 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov ebx, eax shl ebx, 3 add ebx, eax call clib_rand ; call 0x456f2d and eax, 1 mov edi, dword [ebx + eax*4 + ref_0048084a] ; mov edi, dword [ebx + eax*4 + 0x48084a] push edi jmp short loc_0044f2b2 ; jmp 0x44f2b2 loc_0044f292: test edx, edx je short loc_0044f2bd ; je 0x44f2bd xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov ecx, dword [edx + eax*8 + ref_00480852] ; mov ecx, dword [edx + eax*8 + 0x480852] push ecx loc_0044f2b2: push 0 push esi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_0044f2bd: pop ebp pop edi pop esi pop ebx ret fcn_0044f2c2: push ebx push esi push edi push ebp mov esi, dword [esp + 0x14] mov edx, dword [esp + 0x18] imul eax, esi, 0x68 cmp edx, 6 jle short loc_0044f2f4 ; jle 0x44f2f4 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov ebp, dword [edx + eax*8 + ref_00480856] ; mov ebp, dword [edx + eax*8 + 0x480856] push ebp jmp short loc_0044f344 ; jmp 0x44f344 loc_0044f2f4: cmp edx, 3 jle short loc_0044f324 ; jle 0x44f324 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov ebx, eax shl ebx, 3 add ebx, eax call clib_rand ; call 0x456f2d and eax, 1 mov edi, dword [ebx + eax*4 + ref_00480856] ; mov edi, dword [ebx + eax*4 + 0x480856] push edi jmp short loc_0044f344 ; jmp 0x44f344 loc_0044f324: test edx, edx je short loc_0044f34f ; je 0x44f34f xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov ecx, dword [edx + eax*8 + ref_0048085e] ; mov ecx, dword [edx + eax*8 + 0x48085e] push ecx loc_0044f344: push 2 push esi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_0044f34f: pop ebp pop edi pop esi pop ebx ret fcn_0044f354: push ebx push esi push edi push ebp mov esi, dword [esp + 0x14] mov ebx, dword [esp + 0x18] imul eax, dword [ref_004990e8], 0x2328 ; imul eax, dword [0x4990e8], 0x2328 imul edx, esi, 0x68 cmp ebx, eax jl short loc_0044f396 ; jl 0x44f396 mov dl, byte [edx + (_players+19)] ; mov dl, byte [edx + 0x496b7b] and edx, 0xff mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov ebp, dword [edx + eax*8 + ref_00480862] ; mov ebp, dword [edx + eax*8 + 0x480862] push ebp jmp near loc_0044f41d ; jmp 0x44f41d loc_0044f396: mov ecx, dword [ref_004990e8] ; mov ecx, dword [0x4990e8] mov eax, ecx shl eax, 2 add eax, ecx shl eax, 3 sub eax, ecx shl eax, 4 add eax, ecx shl eax, 3 cmp ebx, eax jl short loc_0044f3e3 ; jl 0x44f3e3 mov dl, byte [edx + (_players+19)] ; mov dl, byte [edx + 0x496b7b] and edx, 0xff mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov ebx, eax shl ebx, 3 add ebx, eax call clib_rand ; call 0x456f2d and eax, 1 mov edi, dword [ebx + eax*4 + ref_00480862] ; mov edi, dword [ebx + eax*4 + 0x480862] push edi jmp short loc_0044f41d ; jmp 0x44f41d loc_0044f3e3: mov eax, ecx shl eax, 2 sub eax, ecx shl eax, 3 add eax, ecx shl eax, 4 mov ecx, eax shl eax, 2 add eax, ecx cmp ebx, eax jl short loc_0044f428 ; jl 0x44f428 mov dl, byte [edx + (_players+19)] ; mov dl, byte [edx + 0x496b7b] and edx, 0xff mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov ecx, dword [edx + eax*8 + ref_0048086a] ; mov ecx, dword [edx + eax*8 + 0x48086a] push ecx loc_0044f41d: push 3 push esi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_0044f428: pop ebp pop edi pop esi pop ebx ret fcn_0044f42d: push ebx push esi push edi push ebp mov esi, dword [esp + 0x14] mov ebx, dword [esp + 0x18] imul eax, dword [ref_004990e8], 0x2328 ; imul eax, dword [0x4990e8], 0x2328 imul edx, esi, 0x68 cmp ebx, eax jl short loc_0044f46c ; jl 0x44f46c mov dl, byte [edx + (_players+19)] ; mov dl, byte [edx + 0x496b7b] and edx, 0xff mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov ebp, dword [edx + eax*8 + ref_0048086e] ; mov ebp, dword [edx + eax*8 + 0x48086e] push ebp jmp short loc_0044f4dd ; jmp 0x44f4dd loc_0044f46c: mov ecx, dword [ref_004990e8] ; mov ecx, dword [0x4990e8] mov eax, ecx shl eax, 2 add eax, ecx shl eax, 3 sub eax, ecx shl eax, 4 add eax, ecx shl eax, 3 cmp ebx, eax jl short loc_0044f4b9 ; jl 0x44f4b9 mov dl, byte [edx + (_players+19)] ; mov dl, byte [edx + 0x496b7b] and edx, 0xff mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov ebx, eax shl ebx, 3 add ebx, eax call clib_rand ; call 0x456f2d and eax, 1 mov edi, dword [ebx + eax*4 + ref_0048086e] ; mov edi, dword [ebx + eax*4 + 0x48086e] push edi jmp short loc_0044f4dd ; jmp 0x44f4dd loc_0044f4b9: test ebx, ebx jle short loc_0044f4e8 ; jle 0x44f4e8 mov dl, byte [edx + (_players+19)] ; mov dl, byte [edx + 0x496b7b] and edx, 0xff mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov ecx, dword [edx + eax*8 + ref_00480876] ; mov ecx, dword [edx + eax*8 + 0x480876] push ecx loc_0044f4dd: push 2 push esi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_0044f4e8: pop ebp pop edi pop esi pop ebx ret fcn_0044f4ed: push ebx push edi push ebp xor ebx, ebx mov edx, dword [esp + 0x10] push edx call fcn_0040d2d3 ; call 0x40d2d3 add esp, 4 cmp eax, dword [esp + 0x14] jne short loc_0044f561 ; jne 0x44f561 mov edx, dword [ref_004990e8] ; mov edx, dword [0x4990e8] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 sub eax, edx shl eax, 4 add eax, edx shl eax, 3 cmp eax, dword [esp + 0x18] jg short loc_0044f561 ; jg 0x44f561 call clib_rand ; call 0x456f2d test al, 1 je short loc_0044f561 ; je 0x44f561 mov edi, dword [esp + 0x10] imul eax, edi, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov ebp, dword [edx + eax*8 + ref_00480892] ; mov ebp, dword [edx + eax*8 + 0x480892] push ebp push 1 push edi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc mov ebx, 1 loc_0044f561: mov eax, ebx pop ebp pop edi pop ebx ret fcn_0044f567: push ebx push esi push edi push ebp mov esi, dword [esp + 0x14] mov ebx, dword [esp + 0x18] imul eax, dword [ref_004990e8], 0x2328 ; imul eax, dword [0x4990e8], 0x2328 imul edx, esi, 0x68 cmp ebx, eax jl short loc_0044f5a6 ; jl 0x44f5a6 mov dl, byte [edx + (_players+19)] ; mov dl, byte [edx + 0x496b7b] and edx, 0xff mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov ebp, dword [edx + eax*8 + ref_0048087a] ; mov ebp, dword [edx + eax*8 + 0x48087a] push ebp jmp short loc_0044f617 ; jmp 0x44f617 loc_0044f5a6: mov ecx, dword [ref_004990e8] ; mov ecx, dword [0x4990e8] mov eax, ecx shl eax, 2 add eax, ecx shl eax, 3 sub eax, ecx shl eax, 4 add eax, ecx shl eax, 3 cmp ebx, eax jl short loc_0044f5f3 ; jl 0x44f5f3 mov dl, byte [edx + (_players+19)] ; mov dl, byte [edx + 0x496b7b] and edx, 0xff mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov ebx, eax shl ebx, 3 add ebx, eax call clib_rand ; call 0x456f2d and eax, 1 mov edi, dword [ebx + eax*4 + ref_0048087a] ; mov edi, dword [ebx + eax*4 + 0x48087a] push edi jmp short loc_0044f617 ; jmp 0x44f617 loc_0044f5f3: test ebx, ebx jle short loc_0044f622 ; jle 0x44f622 mov dl, byte [edx + (_players+19)] ; mov dl, byte [edx + 0x496b7b] and edx, 0xff mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov ecx, dword [edx + eax*8 + ref_00480882] ; mov ecx, dword [edx + eax*8 + 0x480882] push ecx loc_0044f617: push 3 push esi call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_0044f622: pop ebp pop edi pop esi pop ebx ret fcn_0044f627: push ebx push esi push edi push ebp mov ebp, dword [esp + 0x14] mov esi, 1 xor edi, edi mov ebx, dword [ref_00498e84] ; mov ebx, dword [0x498e84] loc_0044f63c: add ebx, 0x34 cmp esi, dword [ref_00498e98] ; cmp esi, dword [0x498e98] jg short loc_0044f66a ; jg 0x44f66a lea eax, [ebx + 4] push eax push ebp call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne short loc_0044f667 ; jne 0x44f667 mov al, byte [ebx + 0x19] mov edx, dword [_current_player] ; mov edx, dword [0x49910c] inc edx cmp eax, edx jne short loc_0044f667 ; jne 0x44f667 inc edi loc_0044f667: inc esi jmp short loc_0044f63c ; jmp 0x44f63c loc_0044f66a: cmp edi, 3 jl near loc_0044f6e7 ; jl 0x44f6e7 mov ecx, dword [esp + 0x18] test ecx, ecx je short loc_0044f6b8 ; je 0x44f6b8 call clib_rand ; call 0x456f2d mov edx, eax mov ebx, 3 sar edx, 0x1f idiv ebx test edx, edx jne short loc_0044f6e7 ; jne 0x44f6e7 mov ebp, dword [_current_player] ; mov ebp, dword [0x49910c] imul eax, ebp, 0x68 mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov ecx, dword [edx + eax*8 + ref_0048088e] ; mov ecx, dword [edx + eax*8 + 0x48088e] push ecx push 0 push ebp jmp short loc_0044f6df ; jmp 0x44f6df loc_0044f6b8: mov ebx, dword [_current_player] ; mov ebx, dword [0x49910c] imul eax, ebx, 0x68 xor edx, edx mov dl, byte [eax + (_players+19)] ; mov dl, byte [eax + 0x496b7b] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 mov edx, eax mov esi, dword [edx + eax*8 + ref_0048088a] ; mov esi, dword [edx + eax*8 + 0x48088a] push esi push ecx push ebx loc_0044f6df: call fcn_0044ef41 ; call 0x44ef41 add esp, 0xc loc_0044f6e7: pop ebp pop edi pop esi pop ebx ret ref_0044f6ec: dd 0x00000000 dd 0x00000000 dd 0x00000200 dd 0x000000c8 ref_0044f6fc: dd 0x00000000 dd 0x00000000 dd 0x00000200 dd 0x000000c8 fcn_0044f70c: push ebx push esi push edi push ebp sub esp, 0xc mov ebx, dword [esp + 0x24] mov esi, 0x2710 mov ebp, esi mov edx, 0xffffd8f0 mov dword [esp + 8], edx mov edi, edx xor ecx, ecx mov dword [esp + 4], ecx xor edx, edx loc_0044f731: cmp edx, dword [ebx + 0xc] jge short loc_0044f77f ; jge 0x44f77f mov eax, dword [ebx] loc_0044f738: cmp eax, dword [ebx + 8] jge short loc_0044f774 ; jge 0x44f774 mov ecx, dword [esp + 4] add ecx, eax add ecx, ecx mov dword [esp], ecx mov ecx, dword [esp + 0x20] add ecx, dword [esp] cmp word [ecx], 0 je short loc_0044f771 ; je 0x44f771 cmp esi, eax jle short loc_0044f75b ; jle 0x44f75b mov esi, eax loc_0044f75b: cmp ebp, edx jle short loc_0044f761 ; jle 0x44f761 mov ebp, edx loc_0044f761: cmp eax, dword [esp + 8] jle short loc_0044f76b ; jle 0x44f76b mov dword [esp + 8], eax loc_0044f76b: cmp edi, edx jge short loc_0044f771 ; jge 0x44f771 mov edi, edx loc_0044f771: inc eax jmp short loc_0044f738 ; jmp 0x44f738 loc_0044f774: add dword [esp + 4], 0x200 inc edx jmp short loc_0044f731 ; jmp 0x44f731 loc_0044f77f: cmp esi, 0x2710 jne short loc_0044f7a8 ; jne 0x44f7a8 mov eax, dword [esp + 0x28] mov dword [eax], 0 mov dword [eax + 4], 0 mov dword [eax + 8], 0 mov dword [eax + 0xc], 0 jmp short loc_0044f7bf ; jmp 0x44f7bf loc_0044f7a8: mov eax, dword [esp + 0x28] mov dword [eax], esi mov dword [eax + 4], ebp mov eax, dword [esp + 8] mov edx, dword [esp + 0x28] mov dword [edx + 8], eax mov dword [edx + 0xc], edi loc_0044f7bf: add esp, 0xc pop ebp pop edi pop esi pop ebx ret fcn_0044f7c7: push ebx push esi push edi push ebp sub esp, 4 mov ebp, dword [esp + 0x18] mov edi, dword [esp + 0x1c] mov esi, dword [esp + 0x20] mov ebx, dword [esp + 0x24] mov eax, dword [ref_004762d4] ; mov eax, dword [0x4762d4] add eax, dword [ref_004762dc] ; add eax, dword [0x4762dc] test byte [ref_004762d8], 6 ; test byte [0x4762d8], 6 je short loc_0044f7f3 ; je 0x44f7f3 inc eax loc_0044f7f3: mov dword [esp], eax loc_0044f7f6: mov dh, byte [ebx] test dh, dh je short loc_0044f826 ; je 0x44f826 test dh, 0x80 je short loc_0044f813 ; je 0x44f813 push 2 push ebx push esi push edi push ebp call dword [cs:__imp__TextOutA@20] ; ucall: call dword cs:[0x4622c4] add ebx, 2 jmp short loc_0044f821 ; jmp 0x44f821 loc_0044f813: push 1 push ebx push esi push edi push ebp call dword [cs:__imp__TextOutA@20] ; ucall: call dword cs:[0x4622c4] inc ebx loc_0044f821: add esi, dword [esp] jmp short loc_0044f7f6 ; jmp 0x44f7f6 loc_0044f826: add esp, 4 pop ebp pop edi pop esi pop ebx ret endloc_0044f82e: db 0x53 db 0x56 dd 0xec835557 dd 0x24448b0c dd 0x08408b24 dd 0x24244c8b dd 0xd029118b dd 0x24448940 dd 0x0c418b08 dd 0x8d04412b dd 0x748b0178 dd 0x048d0824 dd 0x00c83d32 dd 0x0b7e0000 dd 0x0000c8b8 dd 0x89d02900 dd 0x8b082444 dd 0x0f082444 dd 0xc001c7af dd 0x7706e850 dd 0xc4830000 dd 0x89c68904 dd 0x8b042444 dd 0x8b242444 dd 0xe0c10c40 dd 0x244c8b09 dd 0x8d118b24 dd 0xc901100c dd 0x20244c03 dd 0x6c3bed31 dd 0x257d0824 dd 0xc031cb89 dd 0x177df839 dd 0x66138b66 dd 0xc7661689 dd 0x83000003 dd 0xeb8102c6 dd 0x00000400 dd 0x83e5eb40 dd 0xeb4502c1 dd 0x24448bd5 dd 0x04408b24 dd 0x8b09e0c1 dd 0x0324244c dd 0x8bc00101 dd 0x0120245c dd 0x24748bc3 dd 0x3bed3104 dd 0x7d08246c dd 0x3f048d1d dd 0x50240489 dd 0xede85356 dd 0x83000074 dd 0xc3810cc4 dd 0x00000400 dd 0x45243403 dd 0x448bddeb dd 0x38032424 dd 0x0878894f dd 0x0304408b dd 0x48082444 dd 0x24244c8b dd 0x8b0c4189 dd 0x56042474 dd 0x0074e4e8 dd 0x04c48300 dd 0xfffe8ae9 db 0xff fcn_0044f935: push edi mov dword [ref_0048a06c], 7 ; mov dword [0x48a06c], 7 mov dword [ref_0048a0d0], 0x840 ; mov dword [0x48a0d0], 0x840 mov dword [ref_0048a074], 0x200 ; mov dword [0x48a074], 0x200 mov dword [ref_0048a070], 0xc8 ; mov dword [0x48a070], 0xc8 mov eax, dword [ref_0048a0d8] ; mov eax, dword [0x48a0d8] mov edx, dword [eax] push 0 push ref_004762cc ; push 0x4762cc push ref_0048a068 ; push 0x48a068 push eax call dword [edx + 0x18] ; ucall mov eax, dword [ref_004762cc] ; mov eax, dword [0x4762cc] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x32000 push 0 mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call memset ; call 0x456f60 add esp, 0xc mov eax, dword [ref_004762cc] ; mov eax, dword [0x4762cc] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall pop edi ret fcn_0044f9b3: push ebx mov edx, dword [ref_004762d0] ; mov edx, dword [0x4762d0] test edx, edx je short loc_0044f9c6 ; je 0x44f9c6 push edx call dword [cs:__imp__DeleteObject@4] ; ucall: call dword cs:[0x462298] loc_0044f9c6: mov ebx, dword [ref_004762cc] ; mov ebx, dword [0x4762cc] test ebx, ebx je short loc_0044f9d6 ; je 0x44f9d6 mov edx, dword [ebx] push ebx call dword [edx + 8] ; ucall loc_0044f9d6: pop ebx ret fcn_0044f9d8: push ebx mov edx, dword [esp + 0xc] mov ecx, dword [esp + 0x10] mov eax, edx and eax, 0xff shl eax, 0x10 mov ebx, edx and ebx, 0xff00 or ebx, eax mov eax, edx and eax, 0xff0000 shr eax, 0x10 or ebx, eax mov dword [ref_004762e0], ebx ; mov dword [0x4762e0], ebx mov eax, ecx and eax, 0xff shl eax, 0x10 mov ebx, ecx and ebx, 0xff00 or ebx, eax mov eax, ecx and eax, 0xff0000 shr eax, 0x10 or ebx, eax mov dword [ref_004762e4], ebx ; mov dword [0x4762e4], ebx mov eax, dword [esp + 0x14] mov dword [ref_004762d8], eax ; mov dword [0x4762d8], eax mov eax, dword [esp + 0x18] mov dword [ref_004762dc], eax ; mov dword [0x4762dc], eax test byte [esp + 0x14], 2 je short loc_0044fa4d ; je 0x44fa4d mov ebx, 0x2bc jmp short loc_0044fa52 ; jmp 0x44fa52 loc_0044fa4d: mov ebx, 0x190 loc_0044fa52: mov edx, dword [ref_004762d0] ; mov edx, dword [0x4762d0] test edx, edx je short loc_0044fa64 ; je 0x44fa64 push edx call dword [cs:__imp__DeleteObject@4] ; ucall: call dword cs:[0x462298] loc_0044fa64: mov eax, dword [esp + 8] mov dword [ref_004762d4], eax ; mov dword [0x4762d4], eax push ref_004660a0 ; push 0x4660a0 push 0 push 0 push 0 push 0 push 0x88 push 0 push 0 push 0 push ebx push 0 push 0 push 0 neg eax push eax call dword [cs:__imp__CreateFontA@56] ; ucall: call dword cs:[0x46228c] mov dword [ref_004762d0], eax ; mov dword [0x4762d0], eax pop ebx ret endloc_0044fa9d: db 0x8d db 0x40 db 0x00 ref_0044faa0: ; may contain a jump table dd loc_0044ff21 dd loc_0044ff2a dd loc_0044ff2a dd loc_0044ff2a dd loc_0044ff35 dd loc_0044ff42 dd loc_0044ff4b fcn_0044fabc: push ebx push esi push edi push ebp sub esp, 0x90 mov ebx, dword [esp + 0xa8] mov ebp, dword [esp + 0xb4] lea edi, [esp + 0x6c] mov esi, ref_0044f6ec ; mov esi, 0x44f6ec movsd ; movsd dword es:[edi], dword ptr [esi] movsd ; movsd dword es:[edi], dword ptr [esi] movsd ; movsd dword es:[edi], dword ptr [esi] movsd ; movsd dword es:[edi], dword ptr [esi] lea edi, [esp + 0x7c] mov esi, ref_0044f6fc ; mov esi, 0x44f6fc movsd ; movsd dword es:[edi], dword ptr [esi] movsd ; movsd dword es:[edi], dword ptr [esi] movsd ; movsd dword es:[edi], dword ptr [esi] movsd ; movsd dword es:[edi], dword ptr [esi] test ebx, ebx je near loc_0045005a ; je 0x45005a mov ah, byte [ebx] test ah, ah je near loc_0045005a ; je 0x45005a cmp ah, 0x23 jne short loc_0044fb59 ; jne 0x44fb59 xor eax, eax mov al, byte [ebx + 1] lea esi, [eax - 0x30] mov eax, esi shl eax, 2 sub eax, esi shl eax, 3 add eax, esi shl eax, 3 mov edx, eax shl edx, 2 add edx, eax xor eax, eax mov al, byte [ebx + 2] sub eax, 0x30 imul eax, eax, 0x64 add edx, eax xor eax, eax mov al, byte [ebx + 3] lea esi, [eax - 0x30] mov eax, esi shl eax, 2 add eax, esi add eax, eax add edx, eax xor eax, eax mov al, byte [ebx + 4] sub eax, 0x30 add eax, edx push eax call fcn_0045441a ; call 0x45441a add esp, 4 add ebx, 5 loc_0044fb59: mov eax, dword [ref_004762cc] ; mov eax, dword [0x4762cc] mov esi, dword [eax] lea edx, [esp + 0x8c] push edx push eax call dword [esi + 0x44] ; ucall mov edx, dword [ref_004762d0] ; mov edx, dword [0x4762d0] push edx mov ecx, dword [esp + 0x90] push ecx call dword [cs:__imp__SelectObject@8] ; ucall: call dword cs:[0x4622b4] push 1 mov esi, dword [esp + 0x90] push esi call dword [cs:__imp__SetBkMode@8] ; ucall: call dword cs:[0x4622b8] mov eax, dword [ref_004762dc] ; mov eax, dword [0x4762dc] dec eax push eax mov edi, dword [esp + 0x90] push edi call dword [cs:__imp__SetTextCharacterExtra@8] ; ucall: call dword cs:[0x4622bc] push 0x400 lea eax, [esp + 0x80] push eax push ebx call _strlen ; call 0x45825d add esp, 4 push eax push ebx mov eax, dword [esp + 0x9c] push eax call dword [cs:__imp__DrawTextA@20] ; ucall: call dword cs:[0x4622e4] mov edx, dword [esp + 0x84] add edx, 0xa mov dword [esp + 0x84], edx mov ecx, dword [esp + 0x88] add ecx, 0xa mov dword [esp + 0x88], ecx cmp ebp, 3 jne short loc_0044fc07 ; jne 0x44fc07 mov dword [esp + 0x84], ecx mov dword [esp + 0x88], edx jmp short loc_0044fc31 ; jmp 0x44fc31 loc_0044fc07: cmp ebp, 4 je short loc_0044fc11 ; je 0x44fc11 cmp ebp, 7 jne short loc_0044fc31 ; jne 0x44fc31 loc_0044fc11: mov eax, dword [esp + 0x84] sar eax, 1 mov edx, 0x100 sub edx, eax mov dword [esp + 0x7c], edx add eax, 0x100 mov dword [esp + 0x84], eax loc_0044fc31: mov dh, byte [ref_004762d8] ; mov dh, byte [0x4762d8] test dh, 1 je near loc_0044fccc ; je 0x44fccc mov esi, dword [ref_004762e4] ; mov esi, dword [0x4762e4] push esi mov edi, dword [esp + 0x90] push edi call dword [cs:__imp__SetTextColor@8] ; ucall: call dword cs:[0x4622c0] mov eax, 1 mov dword [esp + 0x6c], eax mov dword [esp + 0x70], eax cmp ebp, 4 jb short loc_0044fc71 ; jb 0x44fc71 jbe short loc_0044fc8e ; jbe 0x44fc8e cmp ebp, 7 je short loc_0044fc8e ; je 0x44fc8e jmp short loc_0044fcad ; jmp 0x44fcad loc_0044fc71: cmp ebp, 3 jne short loc_0044fcad ; jne 0x44fcad push ebx push eax push eax mov edi, dword [esp + 0x98] push edi loc_0044fc81: call fcn_0044f7c7 ; call 0x44f7c7 add esp, 0x10 jmp near loc_0044fe09 ; jmp 0x44fe09 loc_0044fc8e: push 1 lea eax, [esp + 0x70] push eax push ebx call _strlen ; call 0x45825d add esp, 4 push eax push ebx mov ecx, dword [esp + 0x9c] push ecx jmp near loc_0044fe02 ; jmp 0x44fe02 loc_0044fcad: push 0 lea eax, [esp + 0x70] push eax push ebx call _strlen ; call 0x45825d add esp, 4 push eax push ebx mov esi, dword [esp + 0x9c] push esi jmp near loc_0044fe02 ; jmp 0x44fe02 loc_0044fccc: test dh, 4 je near loc_0044fe09 ; je 0x44fe09 mov esi, dword [ref_004762e4] ; mov esi, dword [0x4762e4] push esi mov edi, dword [esp + 0x90] push edi call dword [cs:__imp__SetTextColor@8] ; ucall: call dword cs:[0x4622c0] cmp ebp, 3 jne short loc_0044fd41 ; jne 0x44fd41 push ebx push 0 push 1 mov edi, dword [esp + 0x98] push edi call fcn_0044f7c7 ; call 0x44f7c7 add esp, 0x10 push ebx push 2 push 1 mov eax, dword [esp + 0x98] push eax call fcn_0044f7c7 ; call 0x44f7c7 add esp, 0x10 push ebx push 1 push 0 mov edx, dword [esp + 0x98] push edx call fcn_0044f7c7 ; call 0x44f7c7 add esp, 0x10 push ebx push 1 push 2 mov ecx, dword [esp + 0x98] push ecx jmp near loc_0044fc81 ; jmp 0x44fc81 loc_0044fd41: cmp ebp, 4 je short loc_0044fd4b ; je 0x44fd4b cmp ebp, 7 jne short loc_0044fd52 ; jne 0x44fd52 loc_0044fd4b: mov esi, 1 jmp short loc_0044fd54 ; jmp 0x44fd54 loc_0044fd52: xor esi, esi loc_0044fd54: mov dword [esp + 0x6c], 1 xor edx, edx mov dword [esp + 0x70], edx push esi lea eax, [esp + 0x70] push eax push ebx call _strlen ; call 0x45825d add esp, 4 push eax push ebx mov ecx, dword [esp + 0x9c] push ecx call dword [cs:__imp__DrawTextA@20] ; ucall: call dword cs:[0x4622e4] mov edi, 1 mov dword [esp + 0x6c], edi mov dword [esp + 0x70], 2 push esi lea eax, [esp + 0x70] push eax push ebx call _strlen ; call 0x45825d add esp, 4 push eax push ebx mov edx, dword [esp + 0x9c] push edx call dword [cs:__imp__DrawTextA@20] ; ucall: call dword cs:[0x4622e4] xor ecx, ecx mov dword [esp + 0x6c], ecx mov dword [esp + 0x70], edi push esi lea eax, [esp + 0x70] push eax push ebx call _strlen ; call 0x45825d add esp, 4 push eax push ebx mov eax, dword [esp + 0x9c] push eax call dword [cs:__imp__DrawTextA@20] ; ucall: call dword cs:[0x4622e4] mov dword [esp + 0x6c], 2 mov dword [esp + 0x70], edi push esi lea eax, [esp + 0x70] push eax push ebx call _strlen ; call 0x45825d add esp, 4 push eax push ebx mov esi, dword [esp + 0x9c] push esi loc_0044fe02: call dword [cs:__imp__DrawTextA@20] ; ucall: call dword cs:[0x4622e4] loc_0044fe09: mov eax, dword [ref_004762e0] ; mov eax, dword [0x4762e0] push eax mov edx, dword [esp + 0x90] push edx call dword [cs:__imp__SetTextColor@8] ; ucall: call dword cs:[0x4622c0] test byte [ref_004762d8], 4 ; test byte [0x4762d8], 4 je short loc_0044fe36 ; je 0x44fe36 mov edi, 1 mov dword [esp + 0x6c], edi mov dword [esp + 0x70], edi jmp short loc_0044fe40 ; jmp 0x44fe40 loc_0044fe36: xor ecx, ecx mov dword [esp + 0x6c], ecx mov dword [esp + 0x70], ecx loc_0044fe40: cmp ebp, 4 jb short loc_0044fe4e ; jb 0x44fe4e jbe short loc_0044fe70 ; jbe 0x44fe70 cmp ebp, 7 je short loc_0044fe70 ; je 0x44fe70 jmp short loc_0044fe8c ; jmp 0x44fe8c loc_0044fe4e: cmp ebp, 3 jne short loc_0044fe8c ; jne 0x44fe8c push ebx mov ebx, dword [esp + 0x74] push ebx mov esi, dword [esp + 0x74] push esi mov edi, dword [esp + 0x98] push edi call fcn_0044f7c7 ; call 0x44f7c7 add esp, 0x10 jmp short loc_0044fead ; jmp 0x44fead loc_0044fe70: push 1 lea eax, [esp + 0x70] push eax push ebx call _strlen ; call 0x45825d add esp, 4 push eax push ebx mov edx, dword [esp + 0x9c] push edx jmp short loc_0044fea6 ; jmp 0x44fea6 loc_0044fe8c: push 0 lea eax, [esp + 0x70] push eax push ebx call _strlen ; call 0x45825d add esp, 4 push eax push ebx mov ecx, dword [esp + 0x9c] push ecx loc_0044fea6: call dword [cs:__imp__DrawTextA@20] ; ucall: call dword cs:[0x4622e4] loc_0044fead: mov eax, dword [ref_004762cc] ; mov eax, dword [0x4762cc] mov ebx, dword [eax] mov edx, dword [esp + 0x8c] push edx push eax call dword [ebx + 0x68] ; ucall mov dword [esp], 0x6c mov eax, dword [ref_004762cc] ; mov eax, dword [0x4762cc] mov ebx, dword [eax] push 0 push 1 lea edx, [esp + 8] push edx push 0 push eax call dword [ebx + 0x64] ; ucall lea eax, [esp + 0x6c] push eax lea eax, [esp + 0x80] push eax mov ebx, dword [esp + 0x2c] push ebx call fcn_0044f70c ; call 0x44f70c add esp, 0xc mov esi, dword [esp + 0x74] sub esi, dword [esp + 0x6c] inc esi mov ebx, dword [esp + 0x78] sub ebx, dword [esp + 0x70] inc ebx mov eax, dword [esp + 0x24] mov dword [ref_004762f0], eax ; mov dword [0x4762f0], eax lea eax, [ebp - 1] cmp eax, 6 ja short loc_0044ff5d ; ja 0x44ff5d jmp dword [eax*4 + ref_0044faa0] ; ujmp: jmp dword [eax*4 + 0x44faa0] loc_0044ff21: sub dword [esp + 0xac], esi jmp short loc_0044ff5d ; jmp 0x44ff5d loc_0044ff2a: mov eax, esi sar eax, 1 sub dword [esp + 0xac], eax loc_0044ff35: mov eax, ebx sar eax, 1 sub dword [esp + 0xb0], eax jmp short loc_0044ff5d ; jmp 0x44ff5d loc_0044ff42: sub dword [esp + 0xac], esi jmp short loc_0044ff35 ; jmp 0x44ff35 loc_0044ff4b: mov eax, esi sar eax, 1 sub dword [esp + 0xac], eax sub dword [esp + 0xb0], ebx loc_0044ff5d: test byte [ref_004762d8], 8 ; test byte [0x4762d8], 8 je short loc_0044ffcc ; je 0x44ffcc mov edx, dword [esp + 0xa4] test edx, edx jne short loc_0044ffa3 ; jne 0x44ffa3 push ebx push esi mov ecx, dword [esp + 0x78] push ecx mov edi, dword [esp + 0x78] push edi mov ebp, dword [esp + 0xc0] push ebp mov eax, dword [esp + 0xc0] push eax push ref_004762e8 ; push 0x4762e8 mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004564e6 ; call 0x4564e6 jmp near loc_0045002c ; jmp 0x45002c loc_0044ffa3: push ebx push esi mov ecx, dword [esp + 0x78] push ecx mov edi, dword [esp + 0x78] push edi mov ebp, dword [esp + 0xc0] push ebp mov eax, dword [esp + 0xc0] push eax push ref_004762e8 ; push 0x4762e8 push edx call fcn_00456356 ; call 0x456356 jmp short loc_0045002c ; jmp 0x45002c loc_0044ffcc: mov eax, dword [esp + 0xa4] test eax, eax jne short loc_00450005 ; jne 0x450005 push ebx push esi mov edx, dword [esp + 0x78] push edx mov ecx, dword [esp + 0x78] push ecx mov edi, dword [esp + 0xc0] push edi mov ebp, dword [esp + 0xc0] push ebp push ref_004762e8 ; push 0x4762e8 mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456495 ; call 0x456495 jmp short loc_0045002c ; jmp 0x45002c loc_00450005: push ebx push esi mov edx, dword [esp + 0x78] push edx mov ecx, dword [esp + 0x78] push ecx mov edi, dword [esp + 0xc0] push edi mov ebp, dword [esp + 0xc0] push ebp push ref_004762e8 ; push 0x4762e8 push eax call fcn_00456328 ; call 0x456328 loc_0045002c: add esp, 0x20 push 0 push ebx push esi mov ecx, dword [esp + 0x7c] push ecx mov ebx, dword [esp + 0x7c] push ebx push ref_004762e8 ; push 0x4762e8 call fcn_004561be ; call 0x4561be add esp, 0x18 mov eax, dword [ref_004762cc] ; mov eax, dword [0x4762cc] mov ebx, dword [eax] push 0 push eax call dword [ebx + 0x80] ; ucall loc_0045005a: add esp, 0x90 pop ebp pop edi pop esi pop ebx ret ref_00450065: db 0x41 db 0x3a db 0x5c db 0x00 fcn_00450069: push ebx push esi push edi push ebp mov ebx, dword [esp + 0x14] push ref_004660a8 ; push 0x4660a8 push ebx call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne short loc_004500c5 ; jne 0x4500c5 mov esi, dword [ebx + 0x14] mov eax, dword [ebx + 8] add eax, ebx add eax, 0x200 mov dword [ebx + 0x14], eax mov eax, 1 loc_00450098: cmp eax, dword [ebx + 4] jge short loc_004500c5 ; jge 0x4500c5 mov edx, eax shl edx, 2 sub edx, eax shl edx, 2 lea ecx, [ebx + edx] mov ebp, dword [ecx + 0x14] lea edi, [eax - 1] mov edx, edi shl edx, 2 sub edx, edi mov edi, dword [ebx + edx*4 + 0x14] add esi, edi mov dword [ecx + 0x14], esi mov esi, ebp inc eax jmp short loc_00450098 ; jmp 0x450098 loc_004500c5: push ref_004660ac ; push 0x4660ac push ebx call fcn_00458370 ; call 0x458370 add esp, 8 test eax, eax jne short loc_00450115 ; jne 0x450115 mov esi, dword [ebx + 0x14] mov eax, dword [ebx + 8] lea edx, [ebx + eax] mov dword [ebx + 0x14], edx mov eax, 1 loc_004500e8: cmp eax, dword [ebx + 4] jge short loc_00450115 ; jge 0x450115 mov edx, eax shl edx, 2 sub edx, eax shl edx, 2 lea ecx, [ebx + edx] mov ebp, dword [ecx + 0x14] lea edi, [eax - 1] mov edx, edi shl edx, 2 sub edx, edi mov edi, dword [ebx + edx*4 + 0x14] add esi, edi mov dword [ecx + 0x14], esi mov esi, ebp inc eax jmp short loc_004500e8 ; jmp 0x4500e8 loc_00450115: pop ebp pop edi pop esi pop ebx ret fcn_0045011a: push ebx push esi push edi push ebp sub esp, 0x44 mov eax, dword [ref_00450065] ; mov eax, dword [0x450065] mov dword [esp + 0x3c], eax xor edx, edx mov dword [esp + 0x40], edx xor ebp, ebp jmp short loc_00450142 ; jmp 0x450142 loc_00450134: mov ecx, dword [esp + 0x40] inc ecx mov dword [esp + 0x40], ecx cmp ecx, 0x1a jge short loc_00450168 ; jge 0x450168 loc_00450142: mov al, byte [esp + 0x40] add al, 0x41 mov byte [esp + 0x3c], al lea eax, [esp + 0x3c] push eax call dword [cs:__imp__GetDriveTypeA@4] ; ucall: call dword cs:[0x462394] cmp eax, 2 je short loc_00450134 ; je 0x450134 mov al, byte [esp + 0x3c] mov byte [esp + ebp + 0x20], al inc ebp jmp short loc_00450134 ; jmp 0x450134 loc_00450168: test ebp, ebp jne short loc_00450187 ; jne 0x450187 push 0x10 push ref_004660b0 ; push 0x4660b0 push ref_004660b5 ; push 0x4660b5 push ebp call dword [cs:__imp__MessageBoxA@16] ; ucall: call dword cs:[0x462308] loc_00450180: xor eax, eax jmp near loc_004502f6 ; jmp 0x4502f6 loc_00450187: push ref_004660c4 ; push 0x4660c4 push ref_004660c7 ; push 0x4660c7 call clib_fopen ; call 0x4573bf add esp, 8 test eax, eax jne near loc_00450234 ; jne 0x450234 mov dword [esp + 0x40], eax loc_004501a5: xor ebx, ebx loc_004501a7: cmp ebx, ebp jge short loc_004501ff ; jge 0x4501ff cmp dword [esp + 0x40], 0 jne short loc_004501ff ; jne 0x4501ff xor eax, eax mov al, byte [esp + ebx + 0x20] push eax push ref_004660d0 ; push 0x4660d0 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push ref_004660c4 ; push 0x4660c4 lea eax, [esp + 4] push eax call clib_fopen ; call 0x4573bf add esp, 8 test eax, eax je short loc_004501fc ; je 0x4501fc mov dl, byte [esp + ebx + 0x20] mov byte [ref_00476374], dl ; mov byte [0x476374], dl push eax call clib_fclose ; call 0x4578c5 add esp, 4 mov dword [esp + 0x40], 1 loc_004501fc: inc ebx jmp short loc_004501a7 ; jmp 0x4501a7 loc_004501ff: mov eax, dword [esp + 0x40] test eax, eax jne short loc_00450224 ; jne 0x450224 push 0x15 push ref_004660b0 ; push 0x4660b0 push ref_004660dd ; push 0x4660dd push eax call dword [cs:__imp__MessageBoxA@16] ; ucall: call dword cs:[0x462308] cmp eax, 4 jne near loc_00450180 ; jne 0x450180 loc_00450224: cmp dword [esp + 0x40], 0 je near loc_004501a5 ; je 0x4501a5 jmp near loc_004502f1 ; jmp 0x4502f1 loc_00450234: push eax call clib_fclose ; call 0x4578c5 add esp, 4 xor esi, esi mov dword [esp + 0x40], esi loc_00450243: xor ebx, ebx loc_00450245: cmp ebx, ebp jge near loc_004502c1 ; jge 0x4502c1 mov eax, dword [esp + 0x40] test eax, eax jne short loc_004502c1 ; jne 0x4502c1 mov al, byte [esp + ebx + 0x20] push eax push ref_004660f0 ; push 0x4660f0 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push ref_004660c4 ; push 0x4660c4 lea eax, [esp + 4] push eax call clib_fopen ; call 0x4573bf mov esi, eax add esp, 8 test eax, eax je short loc_004502be ; je 0x4502be push 2 push 0 push eax call clib_fseek ; call 0x45753a add esp, 0xc push esi call fcn_00458532 ; call 0x458532 mov edi, eax add esp, 4 push esi call clib_fclose ; call 0x4578c5 add esp, 4 cmp edi, 0x2625a00 nop nop mov al, byte [esp + ebx + 0x20] mov byte [ref_00476374], al ; mov byte [0x476374], al mov dword [esp + 0x40], 1 loc_004502be: inc ebx jmp short loc_00450245 ; jmp 0x450245 loc_004502c1: mov edx, dword [esp + 0x40] test edx, edx jne short loc_004502e6 ; jne 0x4502e6 push 0x15 push ref_004660b0 ; push 0x4660b0 push ref_004660fd ; push 0x4660fd push edx call dword [cs:__imp__MessageBoxA@16] ; ucall: call dword cs:[0x462308] cmp eax, 4 jne near loc_00450180 ; jne 0x450180 loc_004502e6: cmp dword [esp + 0x40], 0 je near loc_00450243 ; je 0x450243 loc_004502f1: mov eax, 1 loc_004502f6: add esp, 0x44 pop ebp pop edi pop esi pop ebx ret fcn_004502fe: push ebx push esi push edi push ebp sub esp, 0x30 xor esi, esi cmp dword [ref_004762f4], 0xffffffff ; cmp dword [0x4762f4], 0xffffffff jne short loc_00450323 ; jne 0x450323 push 0x80 push esi push ref_004762f4 ; push 0x4762f4 call memset ; call 0x456f60 add esp, 0xc loc_00450323: push 0 push 0x80 push 3 push 0 push 0 push 0x80000000 mov ecx, dword [esp + 0x5c] push ecx call dword [cs:__imp__CreateFileA@28] ; ucall: call dword cs:[0x462350] mov edi, eax cmp eax, 0xffffffff jne short loc_00450389 ; jne 0x450389 mov ebx, dword [esp + 0x44] push ebx push ref_00476374 ; push 0x476374 push ref_00466110 ; push 0x466110 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0 push 0x80 push 3 push 0 push 0 push 0x80000000 lea eax, [esp + 0x18] push eax call dword [cs:__imp__CreateFileA@28] ; ucall: call dword cs:[0x462350] mov edi, eax cmp eax, 0xffffffff je short loc_004503fc ; je 0x4503fc loc_00450389: mov ebx, esi shl ebx, 3 mov ebp, dword [ebx + ref_004762f4] ; mov ebp, dword [ebx + 0x4762f4] test ebp, ebp je short loc_0045039b ; je 0x45039b inc esi jmp short loc_00450389 ; jmp 0x450389 loc_0045039b: mov dword [ebx + ref_004762f4], edi ; mov dword [ebx + 0x4762f4], edi push ebp lea eax, [esp + 0x2c] push eax push 4 lea eax, [esp + 0x38] push eax push edi call dword [cs:__imp__ReadFile@20] ; ucall: call dword cs:[0x4623ec] push ebp push edi call dword [cs:__imp__GetFileSize@8] ; ucall: call dword cs:[0x4623a0] mov edx, dword [esp + 0x2c] mov ebp, eax sub ebp, edx push 0 push 0 push edx push edi call dword [cs:__imp__SetFilePointer@16] ; ucall: call dword cs:[0x462404] push ebp call fcn_00456f80 ; call 0x456f80 add esp, 4 mov dword [ebx + ref_004762f8], eax ; mov dword [ebx + 0x4762f8], eax push 0 lea eax, [esp + 0x2c] push eax push ebp mov ebp, dword [ebx + ref_004762f8] ; mov ebp, dword [ebx + 0x4762f8] push ebp push edi call dword [cs:__imp__ReadFile@20] ; ucall: call dword cs:[0x4623ec] mov eax, esi loc_004503fc: add esp, 0x30 pop ebp pop edi pop esi pop ebx ret fcn_00450404: push ebx push esi push edi mov ebx, dword [esp + 0x10] shl ebx, 3 mov edx, dword [ebx + ref_004762f4] ; mov edx, dword [ebx + 0x4762f4] test edx, edx je short loc_0045043d ; je 0x45043d push edx call dword [cs:__imp__CloseHandle@4] ; ucall: call dword cs:[0x462348] mov esi, dword [ebx + ref_004762f8] ; mov esi, dword [ebx + 0x4762f8] push esi call clib_free ; call 0x456e11 add esp, 4 xor edi, edi mov dword [ebx + ref_004762f4], edi ; mov dword [ebx + 0x4762f4], edi mov dword [ebx + ref_004762f8], edi ; mov dword [ebx + 0x4762f8], edi loc_0045043d: pop edi pop esi pop ebx ret fcn_00450441: push ebx push esi push edi sub esp, 0x14 mov ebx, dword [esp + 0x2c] mov eax, dword [esp + 0x24] shl eax, 3 mov esi, dword [eax + ref_004762f4] ; mov esi, dword [eax + 0x4762f4] test esi, esi jne short loc_00450463 ; jne 0x450463 xor eax, eax jmp near loc_0045054e ; jmp 0x45054e loc_00450463: push 0 push 0 mov edi, dword [esp + 0x30] mov eax, dword [eax + ref_004762f8] ; mov eax, dword [eax + 0x4762f8] mov edx, dword [eax + edi*4] push edx push esi call dword [cs:__imp__SetFilePointer@16] ; ucall: call dword cs:[0x462404] push 0 lea eax, [esp + 0x14] push eax push 0x10 lea eax, [esp + 0xc] push eax push esi call dword [cs:__imp__ReadFile@20] ; ucall: call dword cs:[0x4623ec] test ebx, ebx jne short loc_004504a5 ; jne 0x4504a5 mov ecx, dword [esp] push ecx call fcn_00456f80 ; call 0x456f80 add esp, 4 mov ebx, eax loc_004504a5: mov eax, dword [esp + 4] mov edi, dword [esp] cmp eax, edi jne short loc_004504c3 ; jne 0x4504c3 push 0 lea eax, [esp + 0x14] push eax push edi push ebx push esi call dword [cs:__imp__ReadFile@20] ; ucall: call dword cs:[0x4623ec] jmp short loc_004504f6 ; jmp 0x4504f6 loc_004504c3: push eax call fcn_00456f80 ; call 0x456f80 mov edi, eax add esp, 4 push 0 lea eax, [esp + 0x14] push eax mov eax, dword [esp + 0xc] push eax push edi push esi call dword [cs:__imp__ReadFile@20] ; ucall: call dword cs:[0x4623ec] push edi push ebx call fcn_00455040 ; call 0x455040 add esp, 8 push edi call clib_free ; call 0x456e11 add esp, 4 loc_004504f6: mov ecx, dword [esp + 0xc] test ecx, ecx je short loc_0045050e ; je 0x45050e push ecx mov eax, dword [esp + 0xc] add eax, ebx push eax call fcn_00451801 ; call 0x451801 add esp, 8 loc_0045050e: mov edi, dword [esp + 0x30] test edi, edi je short loc_0045051b ; je 0x45051b mov eax, dword [esp] mov dword [edi], eax loc_0045051b: push 3 push ref_004660a8 ; push 0x4660a8 push ebx call _memcmp ; call 0x458599 add esp, 0xc test eax, eax je short loc_00450543 ; je 0x450543 push 3 push ref_004660ac ; push 0x4660ac push ebx call _memcmp ; call 0x458599 add esp, 0xc test eax, eax jne short loc_0045054c ; jne 0x45054c loc_00450543: push ebx call fcn_00450069 ; call 0x450069 add esp, 4 loc_0045054c: mov eax, ebx loc_0045054e: add esp, 0x14 pop edi pop esi pop ebx ret fcn_00450555: push ebx push esi push edi mov ebx, dword [esp + 0x10] xor edi, edi xor esi, esi mov si, word [ebx] add ebx, 2 loc_00450566: dec esi cmp esi, 0xffffffff je short loc_00450596 ; je 0x450596 xor eax, eax mov al, byte [ebx] inc ebx add edi, eax xor eax, eax mov al, byte [ebx] inc ebx test eax, eax jne short loc_00450581 ; jne 0x450581 mov eax, 0x100 loc_00450581: push eax push ebx lea eax, [edi + edi] add eax, ref_0048c630 ; add eax, 0x48c630 push eax call fcn_0045520d ; call 0x45520d add esp, 0xc jmp short loc_00450566 ; jmp 0x450566 loc_00450596: pop edi pop esi pop ebx ret fcn_0045059a: push ebx push esi push edi sub esp, 0x10 mov edi, dword [esp + 0x20] mov ecx, dword [esp + 0x24] xor eax, eax mov ax, word [ecx] mov dword [esp], eax xor edx, edx mov dword [esp + 4], edx add ecx, 2 loc_004505b9: mov eax, dword [esp + 4] cmp eax, dword [esp] jge near loc_004506c0 ; jge 0x4506c0 loc_004505c6: mov eax, edi mov dx, word [ecx] mov word [esp + 8], dx xor dl, dl and dh, 0xc0 add ecx, 2 cmp dx, 0xc000 je near loc_0045068b ; je 0x45068b test byte [esp + 9], 0x80 jne near loc_004506b1 ; jne 0x4506b1 loc_004505ee: mov ebx, dword [esp + 8] dec ebx mov word [esp + 8], bx cmp bx, 0xffff je near loc_004506b1 ; je 0x4506b1 mov dl, byte [ecx] mov byte [esp + 0xc], dl xor edx, edx mov dl, byte [esp + 0xc] add edx, edx inc ecx add eax, edx mov dl, byte [ecx] mov byte [esp + 0xc], dl inc ecx cmp dl, 0x80 jae short loc_00450640 ; jae 0x450640 movzx esi, dl add esi, esi xor edx, edx loc_00450626: cmp edx, esi jge short loc_004505ee ; jge 0x4505ee xor ebx, ebx mov bl, byte [ecx] mov bx, word [ebx*2 + ref_0048c630] ; mov bx, word [ebx*2 + 0x48c630] mov word [eax], bx add eax, 2 inc ecx inc edx jmp short loc_00450626 ; jmp 0x450626 loc_00450640: mov dl, 0 mov bl, byte [esp + 0xc] sub dl, bl mov byte [esp + 0xc], dl xor edx, edx mov dl, byte [ecx] xor esi, esi mov si, word [edx*2 + ref_0048c630] ; mov si, word [edx*2 + 0x48c630] shl esi, 0x10 inc ecx xor edx, edx mov dl, byte [ecx] mov dx, word [edx*2 + ref_0048c630] ; mov dx, word [edx*2 + 0x48c630] and edx, 0xffff inc ecx add esi, edx xor edx, edx loc_00450675: xor ebx, ebx mov bl, byte [esp + 0xc] cmp edx, ebx jge near loc_004505ee ; jge 0x4505ee mov dword [eax], esi add eax, 4 inc edx jmp short loc_00450675 ; jmp 0x450675 loc_0045068b: mov eax, 0x10000 mov edx, dword [esp + 8] sub eax, edx mov word [esp + 8], ax xor edx, edx mov dx, ax mov eax, edx shl eax, 2 add eax, edx shl eax, 8 add edi, eax jmp near loc_004505c6 ; jmp 0x4505c6 loc_004506b1: add edi, 0x500 inc dword [esp + 4] jmp near loc_004505b9 ; jmp 0x4505b9 loc_004506c0: add esp, 0x10 pop edi pop esi pop ebx ret fcn_004506c7: push ebx push esi push edi push ebp sub esp, 0x14 mov esi, dword [esp + 0x2c] xor eax, eax mov ax, word [esi] mov dword [esp], eax xor edx, edx mov dword [esp + 4], edx add esi, 2 loc_004506e3: mov eax, dword [esp + 4] cmp eax, dword [esp] jge near loc_0045088c ; jge 0x45088c mov eax, dword [esp + 0x28] mov edx, dword [esp + 0x30] loc_004506f8: mov bx, word [esi] mov word [esp + 0xc], bx xor bl, bl and bh, 0xc0 add esi, 2 cmp bx, 0xc000 je near loc_0045082e ; je 0x45082e test byte [esp + 0xd], 0x80 jne near loc_00450872 ; jne 0x450872 loc_0045071e: mov ebx, dword [esp + 0xc] dec ebx mov word [esp + 0xc], bx cmp bx, 0xffff je near loc_00450872 ; je 0x450872 xor bh, bh mov bl, byte [esi] add ebx, ebx xor ecx, ecx mov cx, bx inc esi add eax, ecx add edx, ecx mov bh, byte [esi] inc esi cmp bh, 0x80 jae short loc_0045077b ; jae 0x45077b movzx ebp, bh add ebp, ebp xor ecx, ecx loc_00450751: cmp ecx, ebp jge short loc_0045071e ; jge 0x45071e mov bl, byte [esi] inc esi test bl, bl je short loc_0045076c ; je 0x45076c and ebx, 0xff mov bx, word [ebx*2 + ref_0048c630] ; mov bx, word [ebx*2 + 0x48c630] jmp short loc_0045076f ; jmp 0x45076f loc_0045076c: mov bx, word [edx] loc_0045076f: mov word [eax], bx add eax, 2 add edx, 2 inc ecx jmp short loc_00450751 ; jmp 0x450751 loc_0045077b: mov bl, 0 sub bl, bh mov bh, bl mov bl, byte [esi] inc esi mov cl, byte [esi] mov byte [esp + 0x10], cl inc esi test bl, bl je short loc_004507e3 ; je 0x4507e3 test cl, cl je short loc_004507e3 ; je 0x4507e3 xor ecx, ecx mov cl, byte [esp + 0x10] mov cx, word [ecx*2 + ref_0048c630] ; mov cx, word [ecx*2 + 0x48c630] mov ebp, ecx and ebp, 0xffff shl ebp, 0x10 xor ecx, ecx mov cl, bl mov cx, word [ecx*2 + ref_0048c630] ; mov cx, word [ecx*2 + 0x48c630] and ecx, 0xffff add ecx, ebp mov dword [esp + 8], ecx xor ecx, ecx loc_004507c6: movzx ebp, bh cmp ecx, ebp jge short loc_004507d9 ; jge 0x4507d9 mov ebp, dword [esp + 8] mov dword [eax], ebp add eax, 4 inc ecx jmp short loc_004507c6 ; jmp 0x4507c6 loc_004507d9: shl ebp, 2 add edx, ebp jmp near loc_0045071e ; jmp 0x45071e loc_004507e3: xor ecx, ecx loc_004507e5: movzx ebp, bh cmp ecx, ebp jge near loc_0045071e ; jge 0x45071e test bl, bl je short loc_00450801 ; je 0x450801 movzx ebp, bl mov di, word [ebp*2 + ref_0048c630] ; mov di, word [ebp*2 + 0x48c630] jmp short loc_00450804 ; jmp 0x450804 loc_00450801: mov di, word [edx] loc_00450804: mov word [eax], di cmp byte [esp + 0x10], 0 je short loc_0045081d ; je 0x45081d movzx ebp, byte [esp + 0x10] mov di, word [ebp*2 + ref_0048c630] ; mov di, word [ebp*2 + 0x48c630] jmp short loc_00450821 ; jmp 0x450821 loc_0045081d: mov di, word [edx + 2] loc_00450821: mov word [eax + 2], di add eax, 4 add edx, 4 inc ecx jmp short loc_004507e5 ; jmp 0x4507e5 loc_0045082e: mov eax, 0x10000 mov edx, dword [esp + 0xc] sub eax, edx mov word [esp + 0xc], ax xor edx, edx mov dx, ax mov eax, dword [ref_0048c864] ; mov eax, dword [0x48c864] imul eax, edx mov ebx, dword [esp + 0x28] add ebx, eax mov dword [esp + 0x28], ebx mov eax, edx shl eax, 2 add eax, edx shl eax, 8 mov edi, dword [esp + 0x30] add edi, eax mov dword [esp + 0x30], edi mov eax, ebx mov edx, edi jmp near loc_004506f8 ; jmp 0x4506f8 loc_00450872: mov eax, dword [ref_0048c864] ; mov eax, dword [0x48c864] add dword [esp + 0x28], eax add dword [esp + 0x30], 0x500 inc dword [esp + 4] jmp near loc_004506e3 ; jmp 0x4506e3 loc_0045088c: add esp, 0x14 pop ebp pop edi pop esi pop ebx ret fcn_00450894: push ebx push esi push edi push ebp sub esp, 0xc mov ebp, dword [esp + 0x20] mov ecx, dword [esp + 0x24] xor eax, eax mov ax, word [ecx] mov dword [esp], eax mov edx, eax shl eax, 2 add eax, edx shl eax, 8 add ebp, eax xor eax, eax mov ax, word [ecx + 2] mov dword [esp], eax xor edi, edi add ecx, 4 loc_004508c5: cmp edi, dword [esp] jge near loc_00450962 ; jge 0x450962 mov eax, ebp mov dl, byte [ecx] mov byte [esp + 8], dl inc ecx loc_004508d7: mov dl, byte [esp + 8] dec dl mov byte [esp + 8], dl cmp dl, 0xff je near loc_00450956 ; je 0x450956 mov dl, byte [ecx] mov byte [esp + 4], dl xor edx, edx mov dl, byte [esp + 4] add edx, edx inc ecx add eax, edx mov dl, byte [ecx] mov byte [esp + 4], dl inc ecx cmp dl, 0x80 jae short loc_00450929 ; jae 0x450929 xor edx, edx loc_00450909: xor ebx, ebx mov bl, byte [esp + 4] cmp edx, ebx jge short loc_004508d7 ; jge 0x4508d7 xor ebx, ebx mov bl, byte [ecx] mov bx, word [ebx*2 + ref_0048c630] ; mov bx, word [ebx*2 + 0x48c630] mov word [eax], bx add eax, 2 inc ecx inc edx jmp short loc_00450909 ; jmp 0x450909 loc_00450929: mov dl, 0 mov bh, byte [esp + 4] sub dl, bh mov byte [esp + 4], dl movzx esi, byte [ecx] mov si, word [esi*2 + ref_0048c630] ; mov si, word [esi*2 + 0x48c630] xor edx, edx inc ecx loc_00450943: xor ebx, ebx mov bl, byte [esp + 4] cmp edx, ebx jge short loc_004508d7 ; jge 0x4508d7 mov word [eax], si add eax, 2 inc edx jmp short loc_00450943 ; jmp 0x450943 loc_00450956: add ebp, 0x500 inc edi jmp near loc_004508c5 ; jmp 0x4508c5 loc_00450962: add esp, 0xc pop ebp pop edi pop esi pop ebx ret fcn_0045096a: push ebx push esi push edi push ebp sub esp, 0x10 mov ebx, dword [esp + 0x28] xor edx, edx mov dx, word [ebx] mov dword [esp], edx imul edx, dword [ref_0048c864] ; imul edx, dword [0x48c864] add dword [esp + 0x24], edx mov ecx, dword [esp] mov edx, ecx shl edx, 2 add edx, ecx shl edx, 8 add dword [esp + 0x2c], edx xor edx, edx mov dx, word [ebx + 2] mov dword [esp], edx xor ebp, ebp mov dword [esp + 4], ebp add ebx, 4 loc_004509ab: mov edx, dword [esp + 4] cmp edx, dword [esp] jge near loc_00450a95 ; jge 0x450a95 mov esi, dword [esp + 0x24] mov edi, dword [esp + 0x2c] mov al, byte [ebx] mov byte [esp + 0xc], al inc ebx loc_004509c7: mov ah, byte [esp + 0xc] dec ah mov byte [esp + 0xc], ah cmp ah, 0xff je near loc_00450a7a ; je 0x450a7a xor ah, ah mov al, byte [ebx] add eax, eax xor edx, edx mov dx, ax inc ebx add esi, edx add edi, edx mov al, byte [ebx] inc ebx cmp al, 0x80 jae short loc_00450a1d ; jae 0x450a1d xor edx, edx loc_004509f3: movzx ebp, al cmp edx, ebp jge short loc_004509c7 ; jge 0x4509c7 mov ah, byte [ebx] inc ebx test ah, ah je short loc_00450a0e ; je 0x450a0e movzx ebp, ah mov cx, word [ebp*2 + ref_0048c630] ; mov cx, word [ebp*2 + 0x48c630] jmp short loc_00450a11 ; jmp 0x450a11 loc_00450a0e: mov cx, word [edi] loc_00450a11: mov word [esi], cx add esi, 2 add edi, 2 inc edx jmp short loc_004509f3 ; jmp 0x4509f3 loc_00450a1d: mov ah, 0 sub ah, al mov al, ah mov ah, byte [ebx] inc ebx test ah, ah je short loc_00450a51 ; je 0x450a51 xor ecx, ecx mov cl, ah mov cx, word [ecx*2 + ref_0048c630] ; mov cx, word [ecx*2 + 0x48c630] xor edx, edx movzx ebp, al loc_00450a3b: cmp edx, ebp jge short loc_00450a48 ; jge 0x450a48 mov word [esi], cx add esi, 2 inc edx jmp short loc_00450a3b ; jmp 0x450a3b loc_00450a48: add ebp, ebp add edi, ebp jmp near loc_004509c7 ; jmp 0x4509c7 loc_00450a51: xor dh, dh mov dl, al add edx, eax mov dword [esp + 8], edx xor edx, edx mov dl, al push edx push edi push esi call fcn_00456dbb ; call 0x456dbb add esp, 0xc xor edx, edx mov dx, word [esp + 8] add esi, edx add edi, edx jmp near loc_004509c7 ; jmp 0x4509c7 loc_00450a7a: mov edx, dword [ref_0048c864] ; mov edx, dword [0x48c864] add dword [esp + 0x24], edx add dword [esp + 0x2c], 0x500 inc dword [esp + 4] jmp near loc_004509ab ; jmp 0x4509ab loc_00450a95: add esp, 0x10 pop ebp pop edi pop esi pop ebx ret fcn_00450a9d: push ebx push esi push edi push ebp sub esp, 4 mov ecx, dword [esp + 0x1c] xor ebp, ebp loc_00450aaa: cmp ebp, dword [ref_0048c87c] ; cmp ebp, dword [0x48c87c] jge near loc_00450b32 ; jge 0x450b32 mov eax, dword [esp + 0x18] xor edi, edi inc ecx loc_00450abd: cmp edi, dword [ref_0048c878] ; cmp edi, dword [0x48c878] jge short loc_00450b24 ; jge 0x450b24 mov dl, byte [ecx] mov byte [esp], dl inc ecx cmp dl, 0x80 jbe short loc_00450afb ; jbe 0x450afb mov dl, 0 mov dh, byte [esp] sub dl, dh mov byte [esp], dl xor edx, edx loc_00450adc: xor ebx, ebx mov bl, byte [esp] cmp edx, ebx jge short loc_00450b1b ; jge 0x450b1b xor ebx, ebx mov bl, byte [ecx] mov bx, word [ebx*2 + ref_0048c630] ; mov bx, word [ebx*2 + 0x48c630] mov word [eax], bx add eax, 2 inc ecx inc edx jmp short loc_00450adc ; jmp 0x450adc loc_00450afb: movzx esi, byte [ecx] mov si, word [esi*2 + ref_0048c630] ; mov si, word [esi*2 + 0x48c630] xor edx, edx inc ecx loc_00450b09: xor ebx, ebx mov bl, byte [esp] cmp edx, ebx jge short loc_00450b1b ; jge 0x450b1b mov word [eax], si add eax, 2 inc edx jmp short loc_00450b09 ; jmp 0x450b09 loc_00450b1b: xor edx, edx mov dl, byte [esp] add edi, edx jmp short loc_00450abd ; jmp 0x450abd loc_00450b24: add dword [esp + 0x18], 0x500 inc ebp jmp near loc_00450aaa ; jmp 0x450aaa loc_00450b32: add esp, 4 pop ebp loc_00450b36: pop edi pop esi pop ebx ret fcn_00450b3a: push ebx push esi push edi push ebp sub esp, 0xc mov esi, dword [esp + 0x24] xor edx, edx mov dword [esp], edx loc_00450b4a: mov eax, dword [esp] cmp eax, dword [ref_0048c87c] ; cmp eax, dword [0x48c87c] jge near loc_00450962 ; jge 0x450962 mov ebx, dword [esp + 0x20] mov edi, dword [esp + 0x28] xor ebp, ebp inc esi loc_00450b64: cmp ebp, dword [ref_0048c878] ; cmp ebp, dword [0x48c878] jge near loc_00450c1c ; jge 0x450c1c mov al, byte [esi] mov byte [esp + 8], al inc esi cmp al, 0x80 jbe short loc_00450bbd ; jbe 0x450bbd mov al, 0 mov dl, byte [esp + 8] sub al, dl mov byte [esp + 8], al xor eax, eax loc_00450b89: xor edx, edx mov dl, byte [esp + 8] cmp eax, edx jge near loc_00450c0f ; jge 0x450c0f mov dl, byte [esi] inc esi test dl, dl je short loc_00450bae ; je 0x450bae and edx, 0xff mov dx, word [edx*2 + ref_0048c630] ; mov dx, word [edx*2 + 0x48c630] jmp short loc_00450bb1 ; jmp 0x450bb1 loc_00450bae: mov dx, word [edi] loc_00450bb1: mov word [ebx], dx add ebx, 2 add edi, 2 inc eax jmp short loc_00450b89 ; jmp 0x450b89 loc_00450bbd: mov dl, byte [esi] inc esi test dl, dl je short loc_00450beb ; je 0x450beb xor ecx, ecx mov cl, dl mov cx, word [ecx*2 + ref_0048c630] ; mov cx, word [ecx*2 + 0x48c630] xor eax, eax loc_00450bd2: xor edx, edx mov dl, byte [esp + 8] cmp eax, edx jge short loc_00450be5 ; jge 0x450be5 mov word [ebx], cx add ebx, 2 inc eax jmp short loc_00450bd2 ; jmp 0x450bd2 loc_00450be5: add edx, edx add edi, edx jmp short loc_00450c0f ; jmp 0x450c0f loc_00450beb: xor ah, ah add eax, eax mov dword [esp + 4], eax xor eax, eax mov al, byte [esp + 8] push eax push edi push ebx call fcn_00456dbb ; call 0x456dbb add esp, 0xc xor eax, eax mov ax, word [esp + 4] add ebx, eax add edi, eax loc_00450c0f: xor eax, eax mov al, byte [esp + 8] add ebp, eax jmp near loc_00450b64 ; jmp 0x450b64 loc_00450c1c: mov eax, dword [ref_0048c864] ; mov eax, dword [0x48c864] add dword [esp + 0x20], eax add dword [esp + 0x28], 0x500 inc dword [esp] jmp near loc_00450b4a ; jmp 0x450b4a fcn_00450c35: push ebx push esi push edi mov edi, dword [esp + 0x10] mov edx, dword [esp + 0x14] xor esi, esi loc_00450c42: cmp esi, dword [ref_0048c87c] ; cmp esi, dword [0x48c87c] jge near loc_00450b36 ; jge 0x450b36 mov eax, edi xor ecx, ecx loc_00450c52: cmp ecx, dword [ref_0048c878] ; cmp ecx, dword [0x48c878] jge short loc_00450c70 ; jge 0x450c70 xor ebx, ebx mov bl, byte [edx] mov bx, word [ebx*2 + ref_0048c630] ; mov bx, word [ebx*2 + 0x48c630] mov word [eax], bx add eax, 2 inc edx inc ecx jmp short loc_00450c52 ; jmp 0x450c52 loc_00450c70: add edi, 0x500 inc esi jmp short loc_00450c42 ; jmp 0x450c42 fcn_00450c79: push ebx push esi push edi mov ecx, dword [esp + 0x14] xor edi, edi loc_00450c82: cmp edi, dword [ref_0048c87c] ; cmp edi, dword [0x48c87c] jge near loc_00450b36 ; jge 0x450b36 mov eax, dword [esp + 0x10] mov edx, dword [esp + 0x18] xor esi, esi loc_00450c98: cmp esi, dword [ref_0048c878] ; cmp esi, dword [0x48c878] jge short loc_00450cc6 ; jge 0x450cc6 mov bl, byte [ecx] inc ecx test bl, bl je short loc_00450cb7 ; je 0x450cb7 and ebx, 0xff mov bx, word [ebx*2 + ref_0048c630] ; mov bx, word [ebx*2 + 0x48c630] jmp short loc_00450cba ; jmp 0x450cba loc_00450cb7: mov bx, word [edx] loc_00450cba: mov word [eax], bx add eax, 2 add edx, 2 inc esi jmp short loc_00450c98 ; jmp 0x450c98 loc_00450cc6: mov eax, dword [ref_0048c864] ; mov eax, dword [0x48c864] add dword [esp + 0x10], eax add dword [esp + 0x18], 0x500 inc edi jmp short loc_00450c82 ; jmp 0x450c82 fcn_00450cda: mov eax, dword [esp + 4] mov dword [ref_0048c840], eax ; mov dword [0x48c840], eax mov eax, dword [esp + 8] mov dword [ref_0048c854], eax ; mov dword [0x48c854], eax ret fcn_00450ced: push ebx push esi push edi mov eax, dword [esp + 0x10] mov edi, dword [esp + 0x14] mov esi, dword [esp + 0x18] mov ebx, dword [esp + 0x1c] cmp word [eax + 4], 0xaf12 je short loc_00450d0e ; je 0x450d0e loc_00450d08: xor eax, eax pop edi pop esi pop ebx ret loc_00450d0e: xor edx, edx mov dx, word [eax + 6] mov dword [ref_0048c86c], edx ; mov dword [0x48c86c], edx xor edx, edx mov dx, word [eax + 8] mov dword [ref_0048c878], edx ; mov dword [0x48c878], edx xor edx, edx mov dx, word [eax + 0xa] mov dword [ref_0048c87c], edx ; mov dword [0x48c87c], edx mov dword [ref_0048c830], edi ; mov dword [0x48c830], edi mov dword [ref_0048c834], esi ; mov dword [0x48c834], esi mov edx, dword [ref_0048c878] ; mov edx, dword [0x48c878] lea ecx, [edi + edx] mov dword [ref_0048c838], ecx ; mov dword [0x48c838], ecx mov edx, dword [ref_0048c87c] ; mov edx, dword [0x48c87c] lea ecx, [esi + edx] mov dword [ref_0048c83c], ecx ; mov dword [0x48c83c], ecx mov edx, esi shl edx, 2 lea ecx, [esi + edx] shl ecx, 8 lea edx, [edi + edi] add ecx, edx mov dword [ref_0048c84c], ecx ; mov dword [0x48c84c], ecx mov edx, dword [eax + 0x10] mov dword [ref_0048c870], edx ; mov dword [0x48c870], edx add eax, 0x80 mov dword [ref_0048c858], eax ; mov dword [0x48c858], eax mov dword [ref_00476378], eax ; mov dword [0x476378], eax mov al, bl and al, 1 mov byte [ref_0048c882], al ; mov byte [0x48c882], al mov al, bl and al, 2 mov byte [ref_0048c880], al ; mov byte [0x48c880], al mov al, bl and al, 4 mov byte [ref_0048c883], al ; mov byte [0x48c883], al mov eax, ebx sar eax, 3 and eax, 1 mov byte [ref_0048c881], al ; mov byte [0x48c881], al test al, al je short loc_00450dbe ; je 0x450dbe xor dl, dl mov byte [ref_0048c882], dl ; mov byte [0x48c882], dl loc_00450dbe: mov eax, ebx sar eax, 8 and eax, 0xff mov dword [ref_0048c844], eax ; mov dword [0x48c844], eax mov eax, ebx sar eax, 0x10 and eax, 0xff mov dword [ref_0048c85c], eax ; mov dword [0x48c85c], eax je short loc_00450e41 ; je 0x450e41 cmp byte [ref_0048c881], 0 ; cmp byte [0x48c881], 0 jne short loc_00450df0 ; jne 0x450df0 cmp byte [ref_0048c882], 0 ; cmp byte [0x48c882], 0 jne short loc_00450dfd ; jne 0x450dfd loc_00450df0: xor ebx, ebx mov dword [ref_0048c85c], ebx ; mov dword [0x48c85c], ebx jmp near loc_00450d08 ; jmp 0x450d08 loc_00450dfd: push 0x5e880 call fcn_00456f80 ; call 0x456f80 add esp, 4 mov dword [ref_0048c868], eax ; mov dword [0x48c868], eax push 0x5e880 push 0 push eax call memset ; call 0x456f60 add esp, 0xc lea edx, [esi - 0x28] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 sub eax, edx shl eax, 3 mov edx, eax shl eax, 2 add eax, edx add eax, edi add eax, eax mov dword [ref_0048c860], eax ; mov dword [0x48c860], eax loc_00450e41: test ebx, 0x80000000 je short loc_00450e9c ; je 0x450e9c mov dword [ref_0048c864], 0x370 ; mov dword [0x48c864], 0x370 mov byte [ref_0048c881], 2 ; mov byte [0x48c881], 2 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] add eax, 0xc800 push eax mov edx, dword [ref_00474938] ; mov edx, dword [0x474938] push edx call fcn_004556e8 ; call 0x4556e8 add esp, 8 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall jmp short loc_00450ecc ; jmp 0x450ecc loc_00450e9c: cmp byte [ref_0048c882], 0 ; cmp byte [0x48c882], 0 je short loc_00450eb1 ; je 0x450eb1 mov eax, dword [ref_0048a060] ; mov eax, dword [0x48a060] mov dword [ref_0048c864], eax ; mov dword [0x48c864], eax jmp short loc_00450ebb ; jmp 0x450ebb loc_00450eb1: mov dword [ref_0048c864], 0x500 ; mov dword [0x48c864], 0x500 loc_00450ebb: imul esi, dword [ref_0048c864] ; imul esi, dword [0x48c864] add edi, edi add esi, edi mov dword [ref_0048c848], esi ; mov dword [0x48c848], esi loc_00450ecc: xor ecx, ecx mov dword [ref_0048c874], ecx ; mov dword [0x48c874], ecx test bl, 0xf0 je short loc_00450eef ; je 0x450eef mov edx, ebx sar edx, 4 and edx, 0xf mov eax, edx shl eax, 2 add eax, edx add eax, eax mov dword [ref_0048c870], eax ; mov dword [0x48c870], eax loc_00450eef: sar ebx, 0x18 and ebx, 0x7f mov dword [ref_0048c850], ebx ; mov dword [0x48c850], ebx mov eax, 1 pop edi pop esi pop ebx ret fcn_00450f04: push ebx push esi push edi push ebp sub esp, 8 xor edi, edi cmp dword [ref_00476378], 0 ; cmp dword [0x476378], 0 je short loc_00450f23 ; je 0x450f23 mov eax, dword [ref_0048c874] ; mov eax, dword [0x48c874] cmp eax, dword [ref_0048c86c] ; cmp eax, dword [0x48c86c] jl short loc_00450f2a ; jl 0x450f2a loc_00450f23: xor eax, eax jmp near loc_00451447 ; jmp 0x451447 loc_00450f2a: mov al, byte [ref_0048c881] ; mov al, byte [0x48c881] cmp al, 1 jb short loc_00450f42 ; jb 0x450f42 jbe short loc_00450fa4 ; jbe 0x450fa4 cmp al, 2 je near loc_00450fbb ; je 0x450fbb jmp near loc_00450fea ; jmp 0x450fea loc_00450f42: test al, al jne near loc_00450fea ; jne 0x450fea cmp byte [ref_0048c882], 0 ; cmp byte [0x48c882], 0 je short loc_00450f73 ; je 0x450f73 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push edi push 1 push ref_0048a068 ; push 0x48a068 push edi push eax call dword [ebx + 0x64] ; ucall mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] add edi, dword [ref_0048c84c] ; add edi, dword [0x48c84c] loc_00450f73: push ref_0048c830 ; push 0x48c830 call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov ebx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [ebx + 0x64] ; ucall loc_00450f96: mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] add esi, dword [ref_0048c848] ; add esi, dword [0x48c848] jmp short loc_00450fea ; jmp 0x450fea loc_00450fa4: mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] mov eax, dword [ebx] push edi push 1 push ref_0048a068 ; push 0x48a068 push edi push ebx call dword [eax + 0x64] ; ucall jmp short loc_00450f96 ; jmp 0x450f96 loc_00450fbb: cmp byte [ref_0048c882], 0 ; cmp byte [0x48c882], 0 je short loc_00450fe4 ; je 0x450fe4 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push edi push 1 push ref_0048a068 ; push 0x48a068 push edi push eax call dword [ebx + 0x64] ; ucall mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] add edi, dword [ref_0048c84c] ; add edi, dword [0x48c84c] loc_00450fe4: mov esi, dword [ref_00474938] ; mov esi, dword [0x474938] loc_00450fea: mov ebx, dword [ref_00476378] ; mov ebx, dword [0x476378] mov ebp, dword [ebx] lea eax, [ebx + ebp] mov dword [ref_00476378], eax ; mov dword [0x476378], eax cmp word [ebx + 4], 0xf1fa jne short loc_00450fea ; jne 0x450fea mov ax, word [ebx + 6] mov dword [esp + 4], eax xor ecx, ecx mov dword [esp], ecx add ebx, 0x10 loc_00451012: movzx ebp, word [esp + 4] cmp ebp, dword [esp] jle near loc_00451102 ; jle 0x451102 mov ebp, dword [ebx] sub ebp, 6 mov ax, word [ebx + 4] add ebx, 6 cmp byte [ref_0048c882], 0 ; cmp byte [0x48c882], 0 je near loc_004510ad ; je 0x4510ad mov edx, eax cmp ax, 0xc jb short loc_0045105a ; jb 0x45105a jbe short loc_0045108f ; jbe 0x45108f cmp ax, 0xf jb near loc_004510f8 ; jb 0x4510f8 jbe short loc_00451099 ; jbe 0x451099 cmp ax, 0x10 je short loc_004510a3 ; je 0x4510a3 jmp near loc_004510f8 ; jmp 0x4510f8 loc_0045105a: cmp ax, 4 jb near loc_004510f8 ; jb 0x4510f8 jbe short loc_00451071 ; jbe 0x451071 cmp ax, 7 je short loc_0045107f ; je 0x45107f jmp near loc_004510f8 ; jmp 0x4510f8 loc_00451071: push ebx call fcn_00450555 ; call 0x450555 add esp, 4 jmp near loc_004510f8 ; jmp 0x4510f8 loc_0045107f: push edi push ebx push esi call fcn_004506c7 ; call 0x4506c7 loc_00451087: add esp, 0xc jmp near loc_004510f8 ; jmp 0x4510f8 loc_0045108f: push edi push ebx push esi call fcn_0045096a ; call 0x45096a jmp short loc_00451087 ; jmp 0x451087 loc_00451099: push edi push ebx push esi call fcn_00450b3a ; call 0x450b3a jmp short loc_00451087 ; jmp 0x451087 loc_004510a3: push edi push ebx push esi call fcn_00450c79 ; call 0x450c79 jmp short loc_00451087 ; jmp 0x451087 loc_004510ad: cmp ax, 0xc jb short loc_004510c5 ; jb 0x4510c5 jbe short loc_004510dc ; jbe 0x4510dc cmp ax, 0xf jb short loc_004510f8 ; jb 0x4510f8 jbe short loc_004510e5 ; jbe 0x4510e5 cmp ax, 0x10 je short loc_004510ee ; je 0x4510ee jmp short loc_004510f8 ; jmp 0x4510f8 loc_004510c5: cmp ax, 4 jb short loc_004510f8 ; jb 0x4510f8 jbe short loc_00451071 ; jbe 0x451071 cmp ax, 7 jne short loc_004510f8 ; jne 0x4510f8 push ebx push esi call fcn_0045059a ; call 0x45059a jmp short loc_004510f5 ; jmp 0x4510f5 loc_004510dc: push ebx push esi call fcn_00450894 ; call 0x450894 jmp short loc_004510f5 ; jmp 0x4510f5 loc_004510e5: push ebx push esi call fcn_00450a9d ; call 0x450a9d jmp short loc_004510f5 ; jmp 0x4510f5 loc_004510ee: push ebx push esi call fcn_00450c35 ; call 0x450c35 loc_004510f5: add esp, 8 loc_004510f8: add ebx, ebp inc dword [esp] jmp near loc_00451012 ; jmp 0x451012 loc_00451102: mov al, byte [ref_0048c881] ; mov al, byte [0x48c881] cmp al, 1 jb short loc_00451113 ; jb 0x451113 jbe short loc_00451151 ; jbe 0x451151 cmp al, 2 je short loc_00451164 ; je 0x451164 jmp short loc_0045117d ; jmp 0x45117d loc_00451113: test al, al jne short loc_0045117d ; jne 0x45117d cmp byte [ref_0048c882], 0 ; cmp byte [0x48c882], 0 je short loc_00451131 ; je 0x451131 mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] mov eax, dword [ebx] push 0 push ebx call dword [eax + 0x80] ; ucall loc_00451131: mov ebx, dword [ref_0048a0dc] ; mov ebx, dword [0x48a0dc] mov eax, dword [ebx] push 0 push ebx call dword [eax + 0x80] ; ucall push ref_0048c830 ; push 0x48c830 call fcn_00402250 ; call 0x402250 add esp, 4 jmp short loc_0045117d ; jmp 0x45117d loc_00451151: mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] mov eax, dword [ebx] push 0 push ebx call dword [eax + 0x80] ; ucall jmp short loc_0045117d ; jmp 0x45117d loc_00451164: cmp byte [ref_0048c882], 0 ; cmp byte [0x48c882], 0 je short loc_0045117d ; je 0x45117d mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push eax call dword [ebx + 0x80] ; ucall loc_0045117d: mov edx, dword [ref_0048c874] ; mov edx, dword [0x48c874] inc edx mov dword [ref_0048c874], edx ; mov dword [0x48c874], edx mov ecx, dword [ref_0048c86c] ; mov ecx, dword [0x48c86c] cmp edx, ecx jne short loc_004511dc ; jne 0x4511dc cmp byte [ref_0048c883], 0 ; cmp byte [0x48c883], 0 je short loc_004511b1 ; je 0x4511b1 xor esi, esi mov dword [ref_0048c874], esi ; mov dword [0x48c874], esi loc_004511a5: mov eax, dword [ref_0048c858] ; mov eax, dword [0x48c858] mov dword [ref_00476378], eax ; mov dword [0x476378], eax jmp short loc_004511dc ; jmp 0x4511dc loc_004511b1: mov esi, dword [ref_0048c844] ; mov esi, dword [0x48c844] test esi, esi je short loc_004511d7 ; je 0x4511d7 lea ebp, [esi - 1] mov dword [ref_0048c844], ebp ; mov dword [0x48c844], ebp test ebp, ebp jne short loc_004511cd ; jne 0x4511cd mov dword [esp], ebp jmp short loc_004511e3 ; jmp 0x4511e3 loc_004511cd: xor edx, ecx mov dword [ref_0048c874], edx ; mov dword [0x48c874], edx jmp short loc_004511a5 ; jmp 0x4511a5 loc_004511d7: mov dword [esp], esi jmp short loc_004511e3 ; jmp 0x4511e3 loc_004511dc: mov dword [esp], 1 loc_004511e3: mov ebp, dword [ref_0048c85c] ; mov ebp, dword [0x48c85c] test ebp, ebp je near loc_00451376 ; je 0x451376 cmp ebp, 0xff je short loc_00451205 ; je 0x451205 cmp ebp, dword [ref_0048c874] ; cmp ebp, dword [0x48c874] jne near loc_00451376 ; jne 0x451376 loc_00451205: push ref_0048c830 ; push 0x48c830 call fcn_0040235d ; call 0x40235d add esp, 4 mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] mov eax, dword [ebx] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push ebx call dword [eax + 0x64] ; ucall mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] add edi, dword [ref_0048c84c] ; add edi, dword [0x48c84c] cmp byte [ref_0048c881], 2 ; cmp byte [0x48c881], 2 jne short loc_00451246 ; jne 0x451246 mov esi, dword [ref_00474938] ; mov esi, dword [0x474938] jmp short loc_00451268 ; jmp 0x451268 loc_00451246: mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov ebx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [ebx + 0x64] ; ucall mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] add esi, dword [ref_0048c848] ; add esi, dword [0x48c848] loc_00451268: mov ebp, dword [ref_0048c864] ; mov ebp, dword [0x48c864] push ebp mov eax, dword [ref_0048c87c] ; mov eax, dword [0x48c87c] push eax mov edx, dword [ref_0048c878] ; mov edx, dword [0x48c878] push edx mov eax, dword [ref_0048c868] ; mov eax, dword [0x48c868] add eax, dword [ref_0048c860] ; add eax, dword [0x48c860] push eax push edi push esi call fcn_00456b3e ; call 0x456b3e add esp, 0x18 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push eax call dword [ebx + 0x80] ; ucall cmp byte [ref_0048c881], 0 ; cmp byte [0x48c881], 0 jne short loc_004512bb ; jne 0x4512bb mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov ebx, dword [eax] push 0 push eax call dword [ebx + 0x80] ; ucall loc_004512bb: push 0 push 0xffffffffffffffff call fcn_0040829d ; call 0x40829d add esp, 8 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [ebx + 0x64] ; ucall mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] add edi, 0xc800 cmp byte [ref_0048c881], 2 ; cmp byte [0x48c881], 2 jne short loc_004512fa ; jne 0x4512fa mov esi, dword [ref_00474938] ; mov esi, dword [0x474938] jmp short loc_00451327 ; jmp 0x451327 loc_004512fa: mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov ebx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [ebx + 0x64] ; ucall mov eax, dword [ref_0048a060] ; mov eax, dword [0x48a060] mov ebx, eax shl ebx, 2 add ebx, eax shl ebx, 3 mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] add esi, ebx loc_00451327: mov ebx, dword [ref_0048c864] ; mov ebx, dword [0x48c864] push ebx mov ebp, dword [ref_0048c868] ; mov ebp, dword [0x48c868] push ebp push edi push esi call fcn_00456ba5 ; call 0x456ba5 add esp, 0x10 mov ebx, dword [ref_0048a0e0] ; mov ebx, dword [0x48a0e0] mov eax, dword [ebx] push 0 push ebx call dword [eax + 0x80] ; ucall cmp byte [ref_0048c881], 0 ; cmp byte [0x48c881], 0 jne short loc_00451369 ; jne 0x451369 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov ebx, dword [eax] push 0 push eax call dword [ebx + 0x80] ; ucall loc_00451369: push ref_0048c830 ; push 0x48c830 call fcn_00402250 ; call 0x402250 add esp, 4 loc_00451376: mov eax, dword [ref_0048c850] ; mov eax, dword [0x48c850] test eax, eax je short loc_004513a1 ; je 0x4513a1 cmp eax, dword [ref_0048c874] ; cmp eax, dword [0x48c874] jne short loc_004513a1 ; jne 0x4513a1 mov ecx, dword [ref_0048c840] ; mov ecx, dword [0x48c840] test ecx, ecx je short loc_004513a1 ; je 0x4513a1 mov ebx, dword [ref_0048c854] ; mov ebx, dword [0x48c854] push ebx push ecx call fcn_004542ce ; call 0x4542ce add esp, 8 loc_004513a1: cmp byte [ref_0048c881], 2 ; cmp byte [0x48c881], 2 jne short loc_0045141a ; jne 0x45141a push ref_0048c830 ; push 0x48c830 call fcn_0040235d ; call 0x40235d add esp, 4 mov ebx, dword [ref_0048a0dc] ; mov ebx, dword [0x48a0dc] mov eax, dword [ebx] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push ebx call dword [eax + 0x64] ; ucall mov eax, dword [ref_0048a060] ; mov eax, dword [0x48a060] mov ebx, eax shl ebx, 2 add ebx, eax shl ebx, 3 mov esi, dword [ref_0048a08c] ; mov esi, dword [0x48a08c] add esi, ebx mov edi, dword [ref_0048c874] ; mov edi, dword [0x48c874] push edi mov ebp, dword [ref_00474938] ; mov ebp, dword [0x474938] push ebp push esi call fcn_00455711 ; call 0x455711 add esp, 0xc mov ebx, dword [ref_0048a0dc] ; mov ebx, dword [0x48a0dc] mov eax, dword [ebx] push 0 push ebx call dword [eax + 0x80] ; ucall push ref_0048c830 ; push 0x48c830 call fcn_00402250 ; call 0x402250 add esp, 4 loc_0045141a: cmp dword [esp], 0 jne short loc_00451444 ; jne 0x451444 cmp dword [ref_0048c85c], 0 ; cmp dword [0x48c85c], 0 je short loc_00451444 ; je 0x451444 mov ecx, dword [ref_0048c868] ; mov ecx, dword [0x48c868] test ecx, ecx je short loc_00451444 ; je 0x451444 push ecx call clib_free ; call 0x456e11 add esp, 4 xor esi, esi mov dword [ref_0048c868], esi ; mov dword [0x48c868], esi loc_00451444: mov eax, dword [esp] loc_00451447: add esp, 8 pop ebp pop edi pop esi pop ebx ret fcn_0045144f: push ebx push esi push edi push ebp sub esp, 0x20 xor ebx, ebx mov edx, dword [esp + 0x40] push edx mov ecx, dword [esp + 0x40] push ecx mov esi, dword [esp + 0x40] push esi mov edi, dword [esp + 0x40] push edi call fcn_00450ced ; call 0x450ced add esp, 0x10 test eax, eax je near loc_00451567 ; je 0x451567 mov eax, dword [esp + 0x44] cmp eax, 0xffffffff je short loc_00451490 ; je 0x451490 push eax call fcn_00454304 ; call 0x454304 add esp, 4 xor ebp, ebp loc_00451490: call dword [cs:__imp__timeGetTime@0] ; ucall: call dword cs:[0x46246c] mov edi, eax call fcn_00450f04 ; call 0x450f04 mov dword [esp + 0x1c], eax cmp dword [esp + 0x44], 0xffffffff je short loc_004514b7 ; je 0x4514b7 test ebp, ebp jne short loc_004514b7 ; jne 0x4514b7 call fcn_0045434f ; call 0x45434f mov ebp, 1 loc_004514b7: call dword [cs:__imp__timeGetTime@0] ; ucall: call dword cs:[0x46246c] mov esi, eax sub esi, edi push 1 push 0 push 0 push 0 lea eax, [esp + 0x10] push eax call dword [cs:__imp__PeekMessageA@20] ; ucall: call dword cs:[0x46230c] cmp byte [ref_0048c880], 0 ; cmp byte [0x48c880], 0 je short loc_004514fd ; je 0x4514fd mov eax, dword [esp + 4] cmp eax, 0x202 je short loc_004514f8 ; je 0x4514f8 cmp eax, 0x205 je short loc_004514f8 ; je 0x4514f8 cmp eax, 0x101 jne short loc_004514fd ; jne 0x4514fd loc_004514f8: mov ebx, 1 loc_004514fd: cmp dword [esp + 4], 0x3b9 jne short loc_00451513 ; jne 0x451513 cmp dword [esp + 8], 1 jne short loc_00451513 ; jne 0x451513 call fcn_00454d2c ; call 0x454d2c loc_00451513: cmp esi, dword [ref_0048c870] ; cmp esi, dword [0x48c870] jae short loc_0045151f ; jae 0x45151f test ebx, ebx je short loc_004514b7 ; je 0x4514b7 loc_0045151f: cmp dword [esp + 0x1c], 1 jne short loc_0045152e ; jne 0x45152e test ebx, ebx je near loc_00451490 ; je 0x451490 loc_0045152e: cmp dword [ref_0048c85c], 0 ; cmp dword [0x48c85c], 0 je short loc_00451552 ; je 0x451552 mov ebp, dword [ref_0048c868] ; mov ebp, dword [0x48c868] test ebp, ebp je short loc_00451552 ; je 0x451552 push ebp call clib_free ; call 0x456e11 add esp, 4 xor edx, edx mov dword [ref_0048c868], edx ; mov dword [0x48c868], edx loc_00451552: cmp byte [ref_0048c881], 2 ; cmp byte [0x48c881], 2 jne short loc_00451565 ; jne 0x451565 push 1 call fcn_00409b18 ; call 0x409b18 add esp, 4 loc_00451565: mov eax, ebx loc_00451567: add esp, 0x20 pop ebp pop edi pop esi pop ebx ret fcn_0045156f: push ebx push esi sub esp, 0x50 mov eax, dword [esp + 0x60] mov ebx, dword [esp + 0x68] cmp eax, 0x201 jb short loc_004515a6 ; jb 0x4515a6 jbe near loc_0045163c ; jbe 0x45163c cmp eax, 0x204 jb near loc_00451662 ; jb 0x451662 jbe near loc_0045163c ; jbe 0x45163c cmp eax, 0x401 je short loc_004515b6 ; je 0x4515b6 jmp near loc_00451662 ; jmp 0x451662 loc_004515a6: cmp eax, 0x100 je near loc_0045163c ; je 0x45163c jmp near loc_00451662 ; jmp 0x451662 loc_004515b6: mov edx, dword [esp + 0x5c] push edx push ref_00466118 ; push 0x466118 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0 push 0 lea eax, [esp + 0xc] push eax call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] mov eax, dword [ebx + 0xc] mov ecx, dword [ebx + 4] sub eax, ecx push eax mov eax, dword [ebx + 8] mov esi, dword [ebx] sub eax, esi push eax push ecx push esi push ref_0046612d ; push 0x46612d lea eax, [esp + 0x14] push eax call fcn_00457110 ; call 0x457110 add esp, 0x18 push 0 push 0 push 0 lea eax, [esp + 0xc] push eax call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] mov eax, dword [esp + 0x5c] push eax push 0 push 0 push ref_00466150 ; push 0x466150 call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] mov byte [ref_0046cb02], 1 ; mov byte [0x46cb02], 1 loc_00451632: xor eax, eax loc_00451634: add esp, 0x50 pop esi pop ebx ret 0x10 loc_0045163c: cmp byte [ref_0046cb02], 0 ; cmp byte [0x46cb02], 0 je short loc_00451632 ; je 0x451632 cmp byte [ref_0048c884], 0 ; cmp byte [0x48c884], 0 je short loc_00451632 ; je 0x451632 xor bl, bl mov byte [ref_0046cb02], bl ; mov byte [0x46cb02], bl push 1 call _Post_0402_Message ; call 0x401966 add esp, 4 jmp short loc_00451632 ; jmp 0x451632 loc_00451662: push ebx mov edx, dword [esp + 0x68] push edx push eax mov ecx, dword [esp + 0x68] push ecx call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp short loc_00451634 ; jmp 0x451634 fcn_00451677: push ebx sub esp, 0x50 call fcn_00453d28 ; call 0x453d28 mov al, byte [esp + 0x60] mov byte [ref_0048c884], al ; mov byte [0x48c884], al xor ah, ah mov byte [ref_0046cb02], ah ; mov byte [0x46cb02], ah mov edx, dword [esp + 0x58] push edx push ref_0046616e ; push 0x46616e lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0 push 0 lea eax, [esp + 0xc] push eax call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] test eax, eax je short loc_00451701 ; je 0x451701 mov ecx, dword [esp + 0x58] push ecx push ref_00476374 ; push 0x476374 push ref_00466189 ; push 0x466189 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0 push 0 push 0 lea eax, [esp + 0xc] push eax call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] test eax, eax je short loc_00451701 ; je 0x451701 push 1 call fcn_00453b55 ; call 0x453b55 add esp, 4 xor eax, eax add esp, 0x50 pop ebx ret loc_00451701: mov ebx, dword [esp + 0x5c] push ebx push fcn_0045156f ; push 0x45156f call _Wait_0402_Message ; call 0x4018e7 mov ebx, eax add esp, 8 push 0 push 0 push 0 push ref_004661a6 ; push 0x4661a6 call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] push 0 push 0 push 0 push ref_004661b4 ; push 0x4661b4 call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] push 1 call fcn_00453b55 ; call 0x453b55 add esp, 4 mov eax, ebx add esp, 0x50 pop ebx ret fcn_0045174a: xor ah, ah mov byte [ref_0046cb02], ah ; mov byte [0x46cb02], ah push 0 call _Post_0402_Message ; call 0x401966 add esp, 4 ret fcn_0045175d: push esi sub esp, 0x20 mov dword [esp], 0x20 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] mov ecx, esp push ecx push eax call dword [edx + 0x54] ; ucall cmp dword [esp + 0x10], 0x7c00 jne short loc_00451792 ; jne 0x451792 cmp dword [esp + 0x14], 0x3e0 jne short loc_00451792 ; jne 0x451792 xor esi, esi mov dword [ref_0047637c], esi ; mov dword [0x47637c], esi loc_00451792: cmp dword [esp + 0x10], 0xf800 jne short loc_004517b0 ; jne 0x4517b0 cmp dword [esp + 0x14], 0x7e0 jne short loc_004517b0 ; jne 0x4517b0 mov dword [ref_0047637c], 1 ; mov dword [0x47637c], 1 loc_004517b0: cmp dword [esp + 0x10], 0x1f jne short loc_004517cb ; jne 0x4517cb cmp dword [esp + 0x14], 0x7e0 jne short loc_004517cb ; jne 0x4517cb mov dword [ref_0047637c], 2 ; mov dword [0x47637c], 2 loc_004517cb: cmp dword [esp + 0x10], 0xf00 jne short loc_004517e9 ; jne 0x4517e9 cmp dword [esp + 0x14], 0xf0 jne short loc_004517e9 ; jne 0x4517e9 mov dword [ref_0047637c], 3 ; mov dword [0x47637c], 3 loc_004517e9: add esp, 0x20 pop esi ret endloc_004517ee: db 0x8d db 0x40 db 0x00 ref_004517f1: ; may contain a jump table dd loc_0045197d dd loc_00451832 dd loc_00451883 dd loc_00451907 fcn_00451801: push ebx push esi push edi push ebp sub esp, 0xc mov edi, dword [esp + 0x20] mov esi, dword [esp + 0x24] sar esi, 1 mov eax, esi and eax, 1 mov dword [esp + 8], eax sar esi, 1 mov eax, dword [ref_0047637c] ; mov eax, dword [0x47637c] cmp eax, 3 ja near loc_0045197d ; ja 0x45197d jmp dword [eax*4 + ref_004517f1] ; ujmp: jmp dword [eax*4 + 0x4517f1] loc_00451832: xor eax, eax loc_00451834: mov edx, eax shl edx, 2 add edx, edi cmp eax, esi jge short loc_00451857 ; jge 0x451857 mov ecx, dword [edx] lea ebx, [ecx + ecx] and ecx, 0x1f001f and ebx, 0xffc0ffc0 or ecx, ebx mov dword [edx], ecx inc eax jmp short loc_00451834 ; jmp 0x451834 loc_00451857: cmp dword [esp + 8], 0 je near loc_0045197d ; je 0x45197d xor eax, eax mov ax, word [edx] lea ecx, [eax + eax] mov dword [esp], ecx and eax, 0x1f and ecx, 0xffc0 mov dword [esp], ecx mov esi, dword [esp] or eax, esi jmp near loc_0045197a ; jmp 0x45197a loc_00451883: xor eax, eax loc_00451885: mov edx, eax shl edx, 2 add edx, edi cmp eax, esi jge short loc_004518c7 ; jge 0x4518c7 mov ecx, dword [edx] mov ebx, ecx and ebx, 0x7c007c00 shr ebx, 0xa mov dword [esp], ebx mov ebx, ecx and ebx, 0x3e003e0 add ebx, ebx mov dword [esp + 4], ebx mov ebx, ecx and ebx, 0x1f001f shl ebx, 0xb mov ecx, dword [esp] or ecx, dword [esp + 4] or ecx, ebx mov dword [edx], ecx inc eax jmp short loc_00451885 ; jmp 0x451885 loc_004518c7: cmp dword [esp + 8], 0 je near loc_0045197d ; je 0x45197d xor eax, eax mov ax, word [edx] mov ecx, eax and ecx, 0x7c00 shr ecx, 0xa mov dword [esp], ecx mov ecx, eax and ecx, 0x3e0 add ecx, ecx mov dword [esp + 4], ecx and eax, 0x1f shl eax, 0xb mov ebx, dword [esp] or ebx, dword [esp + 4] or eax, ebx jmp near loc_0045197a ; jmp 0x45197a loc_00451907: xor eax, eax loc_00451909: mov edx, eax shl edx, 2 add edx, edi cmp eax, esi jge short loc_00451941 ; jge 0x451941 mov ecx, dword [edx] mov ebx, ecx and ebx, 0x78007800 shr ebx, 3 mov ebp, ecx and ebp, 0x3c003c0 shr ebp, 2 mov dword [esp + 4], ebp and ecx, 0x1e001e shr ecx, 1 or ebx, ebp or ecx, ebx mov dword [edx], ecx inc eax jmp short loc_00451909 ; jmp 0x451909 loc_00451941: cmp dword [esp + 8], 0 je short loc_0045197d ; je 0x45197d xor eax, eax mov ax, word [edx] mov ecx, eax and ecx, 0x7800 shr ecx, 3 mov dword [esp], ecx mov ecx, eax and ecx, 0x3c0 shr ecx, 2 mov dword [esp + 4], ecx mov ecx, eax and ecx, 0x1e shr ecx, 1 mov eax, dword [esp] or eax, dword [esp + 4] or eax, ecx loc_0045197a: mov word [edx], ax loc_0045197d: add esp, 0xc pop ebp pop edi pop esi pop ebx ret fcn_00451985: push ebx push esi push edi xor ebx, ebx jmp short loc_00451996 ; jmp 0x451996 loc_0045198c: inc ebx cmp ebx, 0x10 jge near loc_00451a49 ; jge 0x451a49 loc_00451996: movsx esi, byte [ebx + ref_00476380] ; movsx esi, byte [ebx + 0x476380] mov eax, dword [ref_0048a0d8] ; mov eax, dword [0x48a0d8] mov edx, dword [eax] push 0 push 1 push eax call dword [edx + 0x58] ; ucall mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov edx, dword [ref_0048a060] ; mov edx, dword [0x48a060] mov eax, edx shl eax, 2 add eax, edx shl eax, 3 mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] lea edi, [edx + eax] mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] add eax, 0xc800 push esi push 0x1b8 push 0x1b8 mov edx, dword [ref_00474938] ; mov edx, dword [0x474938] push edx push eax push edi call fcn_004554fc ; call 0x4554fc add esp, 0x18 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0x1e call fcn_004528b9 ; call 0x4528b9 add esp, 4 test eax, eax je near loc_0045198c ; je 0x45198c loc_00451a49: push 0x190 call fcn_004528b9 ; call 0x4528b9 add esp, 4 pop edi pop esi pop ebx ret fcn_00451a5a: mov eax, dword [esp + 4] imul eax, dword [esp + 8] add eax, eax add eax, 0xc push eax call fcn_00456f80 ; call 0x456f80 add esp, 4 mov edx, dword [esp + 4] mov word [eax], dx mov edx, dword [esp + 8] mov word [eax + 2], dx mov edx, dword [esp + 0xc] mov word [eax + 4], dx mov edx, dword [esp + 0x10] mov word [eax + 6], dx lea edx, [eax + 0xc] mov dword [eax + 8], edx ret fcn_00451a97: push ebx push esi push edi push ebp sub esp, 8 mov esi, dword [esp + 0x1c] mov ebx, dword [esp + 0x2c] imul ebx, dword [esp + 0x30] add ebx, ebx add ebx, 0xc mov ecx, dword [esp + 0x20] test ecx, ecx jne short loc_00451ac5 ; jne 0x451ac5 push ebx call fcn_00456f80 ; call 0x456f80 mov ebp, eax add esp, 4 jmp short loc_00451ac7 ; jmp 0x451ac7 loc_00451ac5: mov ebp, ecx loc_00451ac7: mov ebx, dword [esp + 0x2c] mov word [ebp], bx mov ebx, dword [esp + 0x30] mov word [ebp + 2], bx mov word [ebp + 4], 0 mov word [ebp + 6], 0 lea ebx, [ebp + 0xc] mov dword [ebp + 8], ebx movsx edi, word [esi] mov ebx, dword [esp + 0x28] imul ebx, edi add ebx, dword [esp + 0x24] add ebx, ebx add ebx, dword [esi + 8] mov esi, dword [ebp + 8] mov eax, dword [esp + 0x2c] add eax, eax mov dword [esp + 4], eax add edi, edi mov dword [esp], edi xor edi, edi loc_00451b10: cmp edi, dword [esp + 0x30] jge short loc_00451b2f ; jge 0x451b2f mov eax, dword [esp + 0x2c] push eax push ebx push esi call fcn_00456d8e ; call 0x456d8e add esp, 0xc add esi, dword [esp + 4] add ebx, dword [esp] inc edi jmp short loc_00451b10 ; jmp 0x451b10 loc_00451b2f: mov eax, ebp jmp near loc_00451d46 ; jmp 0x451d46 fcn_00451b36: push ebx push esi mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push 0x96000 push 0 mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call memset ; call 0x456f60 add esp, 0xc mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 push ref_0046cadc ; push 0x46cadc mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [ref_0046cae0] ; mov ebx, dword [0x46cae0] push ebx mov esi, dword [ref_0046cadc] ; mov esi, dword [0x46cadc] push esi push eax call dword [edx + 0x1c] ; ucall pop esi pop ebx ret fcn_00451b9e: push ebx push esi push edi push ebp sub esp, 8 mov eax, dword [esp + 0x1c] mov ebx, dword [eax] mov dword [ref_0048c888], ebx ; mov dword [0x48c888], ebx mov ebx, dword [eax + 8] mov dword [ref_0048c890], ebx ; mov dword [0x48c890], ebx mov ebx, dword [eax + 4] mov dword [ref_0048c88c], ebx ; mov dword [0x48c88c], ebx mov eax, dword [eax + 0xc] mov dword [ref_0048c894], eax ; mov dword [0x48c894], eax mov eax, dword [ref_0048c890] ; mov eax, dword [0x48c890] mov edx, dword [ref_0048c888] ; mov edx, dword [0x48c888] sub eax, edx mov dword [esp + 4], eax mov edi, dword [ref_0048c894] ; mov edi, dword [0x48c894] sub edi, ebx mov eax, ebx shl eax, 2 add eax, ebx shl eax, 7 lea ebp, [edx + eax] lea ebx, [edi - 1] mov eax, ebx shl eax, 2 add eax, ebx shl eax, 7 lea ebx, [eax + ebp] mov dword [esp], ebx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [ebx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax xor esi, esi mov eax, dword [esp + 4] dec eax add eax, ebp add eax, eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] add ebx, eax lea eax, [edi - 1] loc_00451c3a: cmp esi, eax jge short loc_00451c52 ; jge 0x451c52 mov dx, word [ebx] mov word [esi*2 + ref_0048c898], dx ; mov word [esi*2 + 0x48c898], dx inc esi add ebx, 0x500 jmp short loc_00451c3a ; jmp 0x451c3a loc_00451c52: mov eax, dword [esp + 4] add eax, eax push eax mov ebx, dword [esp + 4] add ebx, ebx mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] add eax, ebx push eax lea eax, [edi + edi] add eax, ref_0048c898 ; add eax, 0x48c898 push eax call _memcpy ; call 0x456de8 add esp, 0xc xor esi, esi mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] sub ebx, 0x500 add ebx, eax lea ebp, [edi - 1] loc_00451c8a: cmp esi, ebp jge short loc_00451cb1 ; jge 0x451cb1 mov eax, dword [esp + 4] add eax, eax sub eax, 2 push eax push ebx lea eax, [ebx + 0x502] push eax call _memcpy ; call 0x456de8 add esp, 0xc inc esi sub ebx, 0x500 jmp short loc_00451c8a ; jmp 0x451c8a loc_00451cb1: push 0xfffffffffffffff0 push 1 mov ebx, dword [esp + 0xc] push ebx mov esi, dword [ref_0048c88c] ; mov esi, dword [0x48c88c] push esi mov edi, dword [ref_0048c888] ; mov edi, dword [0x48c888] push edi push ref_0046caec ; push 0x46caec call fcn_004552e7 ; call 0x4552e7 add esp, 0x18 push 0xfffffffffffffff0 push ebp push 1 mov eax, dword [ref_0048c88c] ; mov eax, dword [0x48c88c] inc eax push eax mov ebp, dword [ref_0048c888] ; mov ebp, dword [0x48c888] push ebp push ref_0046caec ; push 0x46caec call fcn_004552e7 ; call 0x4552e7 add esp, 0x18 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push eax call dword [ebx + 0x80] ; ucall push ref_0048c888 ; push 0x48c888 call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov ebx, dword [eax] push 0x10 push ref_0048c888 ; push 0x48c888 mov edx, dword [ref_0048a0e0] ; mov edx, dword [0x48a0e0] push edx mov ecx, dword [ref_0048c88c] ; mov ecx, dword [0x48c88c] push ecx mov esi, dword [ref_0048c888] ; mov esi, dword [0x48c888] push esi loc_00451d35: push eax call dword [ebx + 0x1c] ; ucall push ref_0048c888 ; push 0x48c888 call fcn_00402250 ; call 0x402250 add esp, 4 loc_00451d46: add esp, 8 pop ebp pop edi pop esi pop ebx ret fcn_00451d4e: push ebx push esi push edi push ebp sub esp, 8 mov ebp, dword [ref_0048c890] ; mov ebp, dword [0x48c890] mov edx, dword [ref_0048c888] ; mov edx, dword [0x48c888] sub ebp, edx mov edi, dword [ref_0048c894] ; mov edi, dword [0x48c894] mov ecx, dword [ref_0048c88c] ; mov ecx, dword [0x48c88c] sub edi, ecx mov eax, ecx shl eax, 2 add eax, ecx shl eax, 7 lea ebx, [edx + eax] mov dword [esp + 4], ebx lea ebx, [edi - 1] mov eax, ebx shl eax, 2 add eax, ebx shl eax, 7 mov ebx, dword [esp + 4] add ebx, eax mov dword [esp], ebx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [ebx + 0x64] ; ucall xor esi, esi mov eax, dword [esp + 4] add eax, eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] add eax, 0x502 add ebx, eax loc_00451dc3: lea eax, [edi - 1] cmp esi, eax jge short loc_00451de8 ; jge 0x451de8 lea eax, [ebp + ebp - 2] push eax push ebx lea eax, [ebx - 0x502] push eax call _memcpy ; call 0x456de8 add esp, 0xc inc esi add ebx, 0x500 jmp short loc_00451dc3 ; jmp 0x451dc3 loc_00451de8: xor esi, esi lea eax, [ebp - 1] add eax, dword [esp + 4] add eax, eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] add ebx, eax loc_00451dfb: lea eax, [edi - 1] cmp esi, eax jge short loc_00451e16 ; jge 0x451e16 mov ax, word [esi*2 + ref_0048c898] ; mov ax, word [esi*2 + 0x48c898] mov word [ebx], ax inc esi add ebx, 0x500 jmp short loc_00451dfb ; jmp 0x451dfb loc_00451e16: add ebp, ebp push ebp lea eax, [edi + edi] add eax, ref_0048c898 ; add eax, 0x48c898 push eax mov eax, dword [esp + 8] add eax, eax mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] add eax, ebx push eax call _memcpy ; call 0x456de8 add esp, 0xc mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push eax call dword [ebx + 0x80] ; ucall push ref_0048c888 ; push 0x48c888 call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov ebx, dword [eax] push 0x10 push ref_0048c888 ; push 0x48c888 mov esi, dword [ref_0048a0e0] ; mov esi, dword [0x48a0e0] push esi mov edi, dword [ref_0048c88c] ; mov edi, dword [0x48c88c] push edi mov ebp, dword [ref_0048c888] ; mov ebp, dword [0x48c888] push ebp jmp near loc_00451d35 ; jmp 0x451d35 fcn_00451e7e: push ebx mov ebx, dword [esp + 8] mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax mov eax, dword [ebx + 0xc] mov edx, dword [ebx + 4] sub eax, edx push eax mov eax, dword [ebx + 8] mov ecx, dword [ebx] sub eax, ecx push eax push edx push ecx push 0 push ref_0046caec ; push 0x46caec call fcn_00451a97 ; call 0x451a97 mov ebx, eax add esp, 0x18 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov eax, ebx pop ebx ret fcn_00451edb: push ebx push esi push edi push ebp sub esp, 0x10 mov esi, dword [esp + 0x24] mov ebp, dword [esp + 0x28] mov ebx, dword [esp + 0x2c] mov edi, 1 test esi, esi je near loc_00451f84 ; je 0x451f84 test bh, 0x80 je short loc_00451f08 ; je 0x451f08 and ebx, 0x7fff xor edi, edi loc_00451f08: mov dword [esp], ebp mov dword [esp + 4], ebx movsx eax, word [esi] lea edx, [eax + ebp] mov dword [esp + 8], edx movsx eax, word [esi + 2] lea edx, [ebx + eax] mov dword [esp + 0xc], edx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall push ebx push ebp push esi mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 4] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx push ebx push ebp push eax call dword [edx + 0x1c] ; ucall test edi, edi je short loc_00451f84 ; je 0x451f84 push esi call clib_free ; call 0x456e11 add esp, 4 loc_00451f84: add esp, 0x10 pop ebp pop edi pop esi pop ebx ret fcn_00451f8c: push ebx push esi push edi push ebp sub esp, 4 mov edx, dword [esp + 0x18] xor ebx, ebx mov esi, edx shr esi, 0x10 mov ebp, edx shr ebp, 8 and ebp, 0xff and edx, 0xff mov dword [esp], edx mov ecx, 0x7ce mov edi, 4 loc_00451fbc: cmp ecx, esi jge short loc_00451fde ; jge 0x451fde mov eax, ecx mov edx, ecx sar edx, 0x1f idiv edi test edx, edx je short loc_00451fd5 ; je 0x451fd5 add ebx, 0x16d jmp short loc_00451fdb ; jmp 0x451fdb loc_00451fd5: add ebx, 0x16e loc_00451fdb: inc ecx jmp short loc_00451fbc ; jmp 0x451fbc loc_00451fde: mov ecx, 1 mov edi, 4 loc_00451fe8: cmp ecx, ebp jge short loc_00452010 ; jge 0x452010 cmp ecx, 2 jne short loc_00452003 ; jne 0x452003 mov eax, esi mov edx, esi sar edx, 0x1f idiv edi test edx, edx jne short loc_00452003 ; jne 0x452003 add ebx, 0x1d jmp short loc_0045200d ; jmp 0x45200d loc_00452003: xor edx, edx mov dl, byte [ecx + ref_0047638f] ; mov dl, byte [ecx + 0x47638f] add ebx, edx loc_0045200d: inc ecx jmp short loc_00451fe8 ; jmp 0x451fe8 loc_00452010: mov edx, dword [esp] dec edx lea eax, [ebx + edx] loc_00452017: add esp, 4 pop ebp pop edi pop esi pop ebx ret fcn_0045201f: push ebx push esi push edi mov ebx, dword [esp + 0x10] mov ecx, 0x7ce mov esi, 1 mov edx, 0x16d mov edi, 4 loc_0045203a: cmp ebx, edx jl short loc_00452041 ; jl 0x452041 sub ebx, edx inc ecx loc_00452041: mov eax, ecx mov edx, ecx sar edx, 0x1f idiv edi test edx, edx sete dl and edx, 0xff add edx, 0x16d cmp ebx, edx jge short loc_0045203a ; jge 0x45203a mov edx, 0x1f mov edi, 4 loc_00452069: cmp ebx, edx jl short loc_00452070 ; jl 0x452070 sub ebx, edx inc esi loc_00452070: cmp esi, 2 jne short loc_00452089 ; jne 0x452089 mov eax, ecx mov edx, ecx sar edx, 0x1f idiv edi test edx, edx jne short loc_00452089 ; jne 0x452089 mov edx, 0x1d jmp short loc_00452091 ; jmp 0x452091 loc_00452089: xor edx, edx mov dl, byte [esi + ref_0047638f] ; mov dl, byte [esi + 0x47638f] loc_00452091: cmp ebx, edx jge short loc_00452069 ; jge 0x452069 shl ecx, 0x10 mov eax, esi shl eax, 8 add eax, ecx add eax, ebx inc eax pop edi pop esi pop ebx ret fcn_004520a6: push ebx push esi push edi mov eax, dword [esp + 0x10] mov ebx, eax shr ebx, 0x10 mov esi, eax shr esi, 8 and esi, 0xff push eax call fcn_00451f8c ; call 0x451f8c add esp, 4 lea ecx, [eax + 4] mov edi, 7 mov eax, ecx mov edx, ecx sar edx, 0x1f idiv edi mov ecx, edx cmp esi, 2 jne short loc_004520f7 ; jne 0x4520f7 mov edi, 4 mov eax, ebx mov edx, ebx sar edx, 0x1f idiv edi test edx, edx jne short loc_004520f7 ; jne 0x4520f7 mov edx, 0x1d jmp short loc_004520ff ; jmp 0x4520ff loc_004520f7: xor edx, edx mov dl, byte [esi + ref_0047638f] ; mov dl, byte [esi + 0x47638f] loc_004520ff: mov ebx, dword [esp + 0x14] test ebx, ebx je short loc_00452109 ; je 0x452109 mov dword [ebx], ecx loc_00452109: mov esi, dword [esp + 0x18] test esi, esi je short loc_00452113 ; je 0x452113 mov dword [esi], edx loc_00452113: pop edi pop esi pop ebx ret fcn_00452117: push ebx push esi push edi push ebp sub esp, 4 mov esi, dword [esp + 0x18] xor ebp, ebp mov ebx, dword [esi] shr ebx, 0x10 mov ecx, dword [esi] shr ecx, 8 and ecx, 0xff mov edi, dword [esi] and edi, 0xff cmp ecx, 2 jne short loc_0045215d ; jne 0x45215d mov dword [esp], 4 mov eax, ebx mov edx, ebx sar edx, 0x1f idiv dword [esp] test edx, edx jne short loc_0045215d ; jne 0x45215d mov eax, 0x1d jmp short loc_00452165 ; jmp 0x452165 loc_0045215d: xor eax, eax mov al, byte [ecx + ref_0047638f] ; mov al, byte [ecx + 0x47638f] loc_00452165: inc edi cmp edi, eax jle short loc_0045217c ; jle 0x45217c mov edi, 1 mov ebp, edi add ecx, edi cmp ecx, 0xc jle short loc_0045217c ; jle 0x45217c mov ecx, edi add ebx, edi loc_0045217c: shl ebx, 0x10 shl ecx, 8 add ecx, ebx add ecx, edi mov dword [esi], ecx mov eax, ebp jmp near loc_00452017 ; jmp 0x452017 fcn_0045218f: mov edx, dword [esp + 4] push edx call fcn_00451f8c ; call 0x451f8c add esp, 4 add eax, dword [esp + 8] push eax call fcn_0045201f ; call 0x45201f add esp, 4 ret fcn_004521aa: push ebx mov edx, dword [esp + 8] push edx call fcn_00451f8c ; call 0x451f8c mov ebx, eax add esp, 4 mov ecx, dword [esp + 0xc] push ecx call fcn_00451f8c ; call 0x451f8c add esp, 4 sub eax, ebx pop ebx ret fcn_004521cb: mov eax, dword [esp + 4] add eax, dword [esp + 8] test byte [esp + 9], 0xff je short loc_004521ef ; je 0x4521ef mov edx, eax and edx, 0xff00 cmp edx, 0xc00 jbe short loc_004521ef ; jbe 0x4521ef add eax, 0xf400 loc_004521ef: ret fcn_004521f0: push ebx push esi push edi push ebp sub esp, 8 mov edi, dword [esp + 0x1c] and edi, 0xffff xor ebx, ebx jmp short loc_0045220f ; jmp 0x45220f loc_00452205: inc ebx cmp ebx, 0x18 jge near loc_004523c1 ; jge 0x4523c1 loc_0045220f: movsx eax, word [ref_004991b6] ; movsx eax, word [0x4991b6] shl eax, 2 movsx ecx, word [ref_004991b8] ; movsx ecx, word [0x4991b8] add ecx, eax mov ebp, ecx shl ebp, 3 add ebp, ecx shl ebp, 5 mov esi, ebx shl esi, 2 sub esi, ebx shl esi, 2 lea eax, [esi + ebp] mov cl, byte [eax + ref_0047ff4b] ; mov cl, byte [eax + 0x47ff4b] cmp cl, 1 jb short loc_00452254 ; jb 0x452254 jbe short loc_00452278 ; jbe 0x452278 cmp cl, 2 je near loc_004522ce ; je 0x4522ce jmp near loc_00452387 ; jmp 0x452387 loc_00452254: test cl, cl jne near loc_00452387 ; jne 0x452387 xor edx, edx mov dl, byte [eax + ref_0047ff4c] ; mov dl, byte [eax + 0x47ff4c] mov ecx, edx shl ecx, 8 xor edx, edx mov dl, byte [eax + ref_0047ff4d] ; mov dl, byte [eax + 0x47ff4d] add edx, ecx jmp near loc_00452387 ; jmp 0x452387 loc_00452278: mov eax, dword [esp + 0x1c] push eax call fcn_00451f8c ; call 0x451f8c add esp, 4 mov edi, dword [eax*4 + ref_0047639c] ; mov edi, dword [eax*4 + 0x47639c] and edi, 0xffff movsx eax, word [ref_004991b6] ; movsx eax, word [0x4991b6] shl eax, 2 movsx edx, word [ref_004991b8] ; movsx edx, word [0x4991b8] add edx, eax mov eax, edx shl eax, 3 add eax, edx shl eax, 5 xor edx, edx mov dl, byte [esi + eax + ref_0047ff4c] ; mov dl, byte [esi + eax + 0x47ff4c] shl edx, 8 mov al, byte [esi + eax + ref_0047ff4d] ; mov al, byte [esi + eax + 0x47ff4d] and eax, 0xff loc_004522c7: add edx, eax jmp near loc_00452387 ; jmp 0x452387 loc_004522ce: mov al, byte [eax + ref_0047ff4c] ; mov al, byte [eax + 0x47ff4c] and eax, 0xff shl eax, 8 mov edx, dword [esp + 0x1c] xor dx, dx add edx, eax inc edx lea eax, [esp + 4] push eax lea eax, [esp + 4] push eax push edx call fcn_004520a6 ; call 0x4520a6 add esp, 0xc movsx eax, word [ref_004991b6] ; movsx eax, word [0x4991b6] shl eax, 2 movsx edx, word [ref_004991b8] ; movsx edx, word [0x4991b8] add edx, eax mov eax, edx shl eax, 3 add eax, edx shl eax, 5 mov al, byte [esi + eax + ref_0047ff4e] ; mov al, byte [esi + eax + 0x47ff4e] and eax, 0xff mov edx, dword [esp] cmp eax, edx jge short loc_0045232e ; jge 0x45232e mov eax, 7 loc_0045232e: sub eax, edx movsx ecx, word [ref_004991b6] ; movsx ecx, word [0x4991b6] shl ecx, 2 movsx edx, word [ref_004991b8] ; movsx edx, word [0x4991b8] inc eax add ecx, edx mov esi, ecx shl esi, 3 add esi, ecx shl esi, 5 mov edx, ebx shl edx, 2 sub edx, ebx shl edx, 2 lea ecx, [esi + edx] xor edx, edx mov dl, byte [ecx + ref_0047ff4d] ; mov dl, byte [ecx + 0x47ff4d] lea esi, [edx - 1] mov edx, esi shl edx, 3 sub edx, esi add eax, edx cmp eax, dword [esp + 4] jg short loc_00452385 ; jg 0x452385 xor edx, edx mov dl, byte [ecx + ref_0047ff4c] ; mov dl, byte [ecx + 0x47ff4c] shl edx, 8 jmp near loc_004522c7 ; jmp 0x4522c7 loc_00452385: xor edx, edx loc_00452387: cmp edi, edx jne near loc_00452205 ; jne 0x452205 movsx eax, word [ref_004991b6] ; movsx eax, word [0x4991b6] shl eax, 2 movsx ecx, word [ref_004991b8] ; movsx ecx, word [0x4991b8] add ecx, eax mov esi, ecx shl esi, 3 add esi, ecx shl esi, 5 mov eax, ebx shl eax, 2 sub eax, ebx test byte [esi + eax*4 + ref_0047ff4a], 0x80 ; test byte [esi + eax*4 + 0x47ff4a], 0x80 jne near loc_00452205 ; jne 0x452205 loc_004523c1: cmp ebx, 0x18 jne short loc_004523cb ; jne 0x4523cb mov ebx, 0xffffffff loc_004523cb: mov eax, ebx add esp, 8 pop ebp pop edi pop esi pop ebx ret fcn_004523d5: push ebx push esi sub esp, 4 xor ebx, ebx push ebx lea eax, [esp + 4] push eax mov edx, dword [esp + 0x18] push edx call fcn_004520a6 ; call 0x4520a6 add esp, 0xc cmp dword [esp], 0 je short loc_00452437 ; je 0x452437 mov esi, dword [esp + 0x10] push esi call fcn_004521f0 ; call 0x4521f0 mov edx, eax add esp, 4 cmp eax, 0xffffffff je short loc_0045243c ; je 0x45243c movsx ecx, word [ref_004991b6] ; movsx ecx, word [0x4991b6] shl ecx, 2 movsx eax, word [ref_004991b8] ; movsx eax, word [0x4991b8] add ecx, eax mov eax, ecx shl eax, 3 add ecx, eax shl ecx, 5 mov eax, edx shl eax, 2 sub eax, edx cmp byte [ecx + eax*4 + ref_0047ff4a], 0 ; cmp byte [ecx + eax*4 + 0x47ff4a], 0 je short loc_0045243c ; je 0x45243c loc_00452437: mov ebx, 1 loc_0045243c: mov eax, ebx add esp, 4 pop esi pop ebx ret fcn_00452444: push ebx push esi push edi push ebp sub esp, 0x9c mov dword [esp + 0x94], 0xffffffff xor ebx, ebx mov ecx, dword [ref_00497160] ; mov ecx, dword [0x497160] push ecx call fcn_004521f0 ; call 0x4521f0 mov edi, eax add esp, 4 mov esi, eax cmp eax, 0xffffffff je near loc_00452788 ; je 0x452788 movsx ebp, word [ref_004991b6] ; movsx ebp, word [0x4991b6] shl ebp, 2 movsx eax, word [ref_004991b8] ; movsx eax, word [0x4991b8] add ebp, eax mov eax, ebp shl eax, 3 add ebp, eax shl ebp, 5 mov eax, edi shl eax, 2 sub eax, edi cmp byte [ebp + eax*4 + ref_0047ff4f], 0 ; cmp byte [ebp + eax*4 + 0x47ff4f], 0 je near loc_00452788 ; je 0x452788 xor eax, eax mov al, byte [ref_0049715d] ; mov al, byte [0x49715d] mov dword [esp + 0x98], eax cmp al, 1 jne short loc_004524c3 ; jne 0x4524c3 xor cl, cl mov byte [ref_0049715d], cl ; mov byte [0x49715d], cl loc_004524c3: push 1 call fcn_0041906a ; call 0x41906a add esp, 4 movsx edi, word [ref_004991b6] ; movsx edi, word [0x4991b6] shl edi, 2 movsx eax, word [ref_004991b8] ; movsx eax, word [0x4991b8] add edi, eax mov edx, edi shl edx, 3 add edx, edi shl edx, 5 mov ebp, esi shl ebp, 2 sub ebp, esi shl ebp, 2 lea eax, [edx + ebp] test byte [eax + ref_0047ff4f], 1 ; test byte [eax + 0x47ff4f], 1 je short loc_00452553 ; je 0x452553 push 0 push 0 mov ax, word [eax + ref_0047ff50] ; mov ax, word [eax + 0x47ff50] and eax, 0xffff push eax mov ebx, dword [ref_0048a0e4] ; mov ebx, dword [0x48a0e4] push ebx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov ebx, eax movsx eax, word [ref_004991b6] ; movsx eax, word [0x4991b6] shl eax, 2 movsx edi, word [ref_004991b8] ; movsx edi, word [0x4991b8] add edi, eax mov eax, edi shl eax, 3 add eax, edi shl eax, 5 mov ax, word [eax + ebp + ref_0047ff52] ; mov ax, word [eax + ebp + 0x47ff52] and eax, 0xffff mov dword [esp + 0x94], eax loc_00452553: movsx edx, word [ref_004991b6] ; movsx edx, word [0x4991b6] shl edx, 2 movsx eax, word [ref_004991b8] ; movsx eax, word [0x4991b8] lea edi, [eax + edx] mov edx, edi shl edx, 3 add edx, edi shl edx, 5 mov eax, esi shl eax, 2 sub eax, esi shl eax, 2 add eax, edx test byte [eax + ref_0047ff4f], 4 ; test byte [eax + 0x47ff4f], 4 je short loc_004525ee ; je 0x4525ee cmp byte [ref_0046cb06], 0 ; cmp byte [0x46cb06], 0 jne short loc_004525ee ; jne 0x4525ee xor edi, edi mov di, word [eax + ref_0047ff54] ; mov di, word [eax + 0x47ff54] call fcn_00454edc ; call 0x454edc or di, 0x8000 push edi call fcn_004549cf ; call 0x4549cf add esp, 4 movsx eax, word [ref_004991b6] ; movsx eax, word [0x4991b6] shl eax, 2 movsx edx, word [ref_004991b8] ; movsx edx, word [0x4991b8] lea edi, [edx + eax] mov ebp, edi shl ebp, 3 add ebp, edi shl ebp, 5 lea edi, [esi + 1] mov eax, edi shl eax, 2 sub eax, edi cmp word [ebp + eax*4 + ref_0047ff54], 0 ; cmp word [ebp + eax*4 + 0x47ff54], 0 je short loc_004525e7 ; je 0x4525e7 mov byte [ref_0046cb06], 0x33 ; mov byte [0x46cb06], 0x33 jmp short loc_004525ee ; jmp 0x4525ee loc_004525e7: mov byte [ref_0046cb06], 0x11 ; mov byte [0x46cb06], 0x11 loc_004525ee: test ebx, ebx je short loc_00452612 ; je 0x452612 mov edi, dword [esp + 0x94] push edi push 1 push 0x28 push 0 push ebx call fcn_0045144f ; call 0x45144f add esp, 0x14 push ebx call clib_free ; call 0x456e11 add esp, 4 loc_00452612: movsx eax, word [ref_004991b6] ; movsx eax, word [0x4991b6] shl eax, 2 movsx edx, word [ref_004991b8] ; movsx edx, word [0x4991b8] lea ebx, [edx + eax] mov eax, ebx shl eax, 3 add ebx, eax shl ebx, 5 mov eax, esi shl eax, 2 sub eax, esi test byte [ebx + eax*4 + ref_0047ff4f], 8 ; test byte [ebx + eax*4 + 0x47ff4f], 8 je near loc_00452761 ; je 0x452761 xor esi, esi loc_00452647: cmp esi, dword [_nplayers] ; cmp esi, dword [0x499114] jge near loc_00452761 ; jge 0x452761 imul ebx, esi, 0x68 cmp byte [ebx + (_players+21)], 0 ; cmp byte [ebx + 0x496b7d], 0 je near loc_0045275b ; je 0x45275b push esi call fcn_00441e12 ; call 0x441e12 mov edi, eax add esp, 4 mov ebp, eax test eax, eax je near loc_0045275b ; je 0x45275b push 0 xor eax, eax mov ax, word [ebx + (_players+10)] ; mov ax, word [ebx + 0x496b72] push eax xor eax, eax mov ax, word [ebx + (_players+8)] ; mov ax, word [ebx + 0x496b70] push eax call fcn_0041d476 ; call 0x41d476 add esp, 0xc mov eax, dword [ebx + (_players+0)] ; mov eax, dword [ebx + 0x496b68] push eax lea eax, [esp + 0x84] push eax call fcn_00452946 ; call 0x452946 add esp, 8 movsx eax, word [ref_004991b6] ; movsx eax, word [0x4991b6] shl eax, 2 movsx ebx, word [ref_004991b8] ; movsx ebx, word [0x4991b8] add ebx, eax mov eax, edi shl eax, 3 cmp ebx, 5 jb short loc_004526d3 ; jb 0x4526d3 jbe short loc_004526ee ; jbe 0x4526ee cmp ebx, 6 je short loc_00452704 ; je 0x452704 jmp short loc_0045271a ; jmp 0x45271a loc_004526d3: cmp ebx, 4 jne short loc_0045271a ; jne 0x45271a mov edi, dword [eax + (_card_table - 8)] ; mov edi, dword [eax + 0x47fdea] push edi lea eax, [esp + 0x84] push eax push ref_004661c4 ; push 0x4661c4 jmp short loc_0045272f ; jmp 0x45272f loc_004526ee: mov ecx, dword [eax + (_card_table - 8)] ; mov ecx, dword [eax + 0x47fdea] push ecx lea eax, [esp + 0x84] push eax push ref_004661dd ; push 0x4661dd jmp short loc_0045272f ; jmp 0x45272f loc_00452704: mov edx, dword [eax + (_card_table - 8)] ; mov edx, dword [eax + 0x47fdea] push edx lea eax, [esp + 0x84] push eax push ref_004661f2 ; push 0x4661f2 jmp short loc_0045272f ; jmp 0x45272f loc_0045271a: mov ebx, dword [ebp*8 + (_card_table - 8)] ; mov ebx, dword [ebp*8 + 0x47fdea] push ebx lea eax, [esp + 0x84] push eax push ref_00466203 ; push 0x466203 loc_0045272f: lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 mov eax, esp push eax push ebp call fcn_00441f73 ; call 0x441f73 add esp, 8 xor eax, eax mov al, byte [ebp*8 + (_card_table - 3)] ; mov al, byte [ebp*8 + 0x47fdef] push eax push esi call fcn_0044f230 ; call 0x44f230 add esp, 8 loc_0045275b: inc esi jmp near loc_00452647 ; jmp 0x452647 loc_00452761: cmp dword [esp + 0x98], 1 jne short loc_00452777 ; jne 0x452777 mov al, byte [esp + 0x98] mov byte [ref_0049715d], al ; mov byte [0x49715d], al loc_00452777: xor eax, eax mov dword [ref_0048be18], eax ; mov dword [0x48be18], eax push 1 call fcn_0041906a ; call 0x41906a add esp, 4 loc_00452788: add esp, 0x9c pop ebp pop edi pop esi pop ebx ret fcn_00452793: push ebx push esi push edi push ebp sub esp, 0x2c mov ebp, dword [esp + 0x40] xor ebx, ebx push 0xa lea eax, [esp + 4] push eax mov edx, dword [esp + 0x4c] push edx call fcn_00457d61 ; call 0x457d61 add esp, 0xc mov eax, esp push eax call _strlen ; call 0x45825d add esp, 4 mov dword [esp + 0x28], eax mov ecx, eax loc_004527c5: lea edi, [ebx + 1] test ecx, ecx jle short loc_004527fc ; jle 0x4527fc mov esi, 3 mov eax, ecx mov edx, ecx sar edx, 0x1f idiv esi test edx, edx jne short loc_004527ea ; jne 0x4527ea test ebx, ebx je short loc_004527ea ; je 0x4527ea mov eax, ebx mov ebx, edi mov byte [eax + ebp], 0x2c loc_004527ea: mov esi, dword [esp + 0x28] sub esi, ecx mov eax, ebx inc ebx mov dl, byte [esp + esi] mov byte [eax + ebp], dl dec ecx jmp short loc_004527c5 ; jmp 0x4527c5 loc_004527fc: mov byte [ebx + ebp], 0 add esp, 0x2c pop ebp pop edi pop esi pop ebx ret fcn_00452808: push ebx push esi push edi push ebp mov edi, dword [esp + 0x14] mov ebx, dword [esp + 0x18] mov esi, dword [esp + 0x1c] cmp esi, edi je short loc_00452828 ; je 0x452828 push 0x10 push edi push esi call _memcpy ; call 0x456de8 add esp, 0xc loc_00452828: mov eax, dword [edi] mov edx, dword [ebx] cmp eax, edx jle short loc_00452832 ; jle 0x452832 mov dword [esi], edx loc_00452832: mov eax, dword [edi + 4] mov ecx, dword [ebx + 4] cmp eax, ecx jle short loc_0045283f ; jle 0x45283f mov dword [esi + 4], ecx loc_0045283f: mov eax, dword [edi + 8] mov ebp, dword [ebx + 8] cmp eax, ebp jge short loc_0045284c ; jge 0x45284c mov dword [esi + 8], ebp loc_0045284c: mov eax, dword [edi + 0xc] mov edx, dword [ebx + 0xc] cmp eax, edx jge short loc_00452859 ; jge 0x452859 mov dword [esi + 0xc], edx loc_00452859: pop ebp pop edi pop esi pop ebx ret fcn_0045285e: push ebx push esi push edi sub esp, 0x1c mov edi, dword [esp + 0x2c] test edi, edi je short loc_004528b2 ; je 0x4528b2 call dword [cs:__imp__timeGetTime@0] ; ucall: call dword cs:[0x46246c] mov esi, eax loc_00452875: call dword [cs:__imp__timeGetTime@0] ; ucall: call dword cs:[0x46246c] mov ebx, eax sub ebx, esi push 1 push 0 push 0 push 0 lea eax, [esp + 0x10] push eax call dword [cs:__imp__PeekMessageA@20] ; ucall: call dword cs:[0x46230c] test eax, eax je short loc_004528ae ; je 0x4528ae cmp dword [esp + 4], 0x3b9 jne short loc_004528ae ; jne 0x4528ae cmp dword [esp + 8], 1 jne short loc_004528ae ; jne 0x4528ae call fcn_00454d2c ; call 0x454d2c loc_004528ae: cmp ebx, edi jb short loc_00452875 ; jb 0x452875 loc_004528b2: add esp, 0x1c pop edi pop esi pop ebx ret fcn_004528b9: push ebx push esi push edi push ebp sub esp, 0x1c mov ebp, dword [esp + 0x30] xor ebx, ebx test ebp, ebp jne short loc_004528d1 ; jne 0x4528d1 xor eax, eax jmp near loc_0045293e ; jmp 0x45293e loc_004528d1: call dword [cs:__imp__timeGetTime@0] ; ucall: call dword cs:[0x46246c] mov edi, eax loc_004528da: call dword [cs:__imp__timeGetTime@0] ; ucall: call dword cs:[0x46246c] mov esi, eax sub esi, edi push 1 push 0 push 0 push 0 lea eax, [esp + 0x10] push eax call dword [cs:__imp__PeekMessageA@20] ; ucall: call dword cs:[0x46230c] test eax, eax je short loc_00452934 ; je 0x452934 mov edx, dword [esp + 4] cmp edx, 0x202 je short loc_00452919 ; je 0x452919 cmp edx, 0x205 je short loc_00452919 ; je 0x452919 cmp edx, 0x101 jne short loc_0045291e ; jne 0x45291e loc_00452919: mov ebx, 1 loc_0045291e: cmp dword [esp + 4], 0x3b9 jne short loc_00452934 ; jne 0x452934 cmp dword [esp + 8], 1 jne short loc_00452934 ; jne 0x452934 call fcn_00454d2c ; call 0x454d2c loc_00452934: cmp esi, ebp jae short loc_0045293c ; jae 0x45293c test ebx, ebx je short loc_004528da ; je 0x4528da loc_0045293c: mov eax, ebx loc_0045293e: add esp, 0x1c pop ebp pop edi pop esi pop ebx ret fcn_00452946: push ebx push esi push edi push ebp mov ebp, dword [esp + 0x14] mov edi, dword [esp + 0x18] xor ebx, ebx xor esi, esi loc_00452956: push edi call _strlen ; call 0x45825d add esp, 4 lea edx, [esi + ebp] cmp ebx, eax jae short loc_00452976 ; jae 0x452976 lea eax, [edi + ebx] mov cl, byte [eax] cmp cl, 0x20 je short loc_00452973 ; je 0x452973 mov byte [edx], cl inc esi loc_00452973: inc ebx jmp short loc_00452956 ; jmp 0x452956 loc_00452976: mov byte [edx], 0 pop ebp pop edi pop esi pop ebx ret fcn_0045297e: push ebx push esi push edi push ebp sub esp, 0x1c movsx esi, word [ref_0048cab8] ; movsx esi, word [0x48cab8] add esi, 0x6b movsx ebp, word [ref_0048cab6] ; movsx ebp, word [0x48cab6] add ebp, 0xb push ref_0048caac ; push 0x48caac call fcn_004584db ; call 0x4584db add esp, 4 mov dword [esp + 0x18], eax fild dword [esp + 0x18] fild dword [ref_0048ca98] ; fild dword [0x48ca98] fdivp st1 ; fdivp st(1) fstp dword [esp + 0x10] test eax, eax je short loc_004529d3 ; je 0x4529d3 fld dword [esp + 0x10] fmul dword [ref_00466218] ; fmul dword [0x466218] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x14] jmp short loc_004529db ; jmp 0x4529db loc_004529d3: mov dword [esp + 0x14], 0xffffffff loc_004529db: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [ebx + 0x64] ; ucall xor edi, edi push ref_0048caac ; push 0x48caac call _strlen ; call 0x45825d add esp, 4 lea ebx, [eax - 1] jmp short loc_00452a32 ; jmp 0x452a32 loc_00452a05: push ebp push esi xor eax, eax mov al, byte [ebx + ref_0048caac] ; mov al, byte [ebx + 0x48caac] sub eax, 0x20 push eax mov eax, dword [ref_0048caa8] ; mov eax, dword [0x48caa8] push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456512 ; call 0x456512 add esp, 0x14 sub esi, 0xc dec ebx inc edi cmp edi, 9 jge short loc_00452a64 ; jge 0x452a64 loc_00452a32: test ebx, ebx jge short loc_00452a05 ; jge 0x452a05 push 0x13 movsx eax, word [ref_0048cab8] ; movsx eax, word [0x48cab8] sub esi, eax sub esi, 2 push esi push 0xb push 0xb push ebp add eax, 0xb push eax mov ecx, dword [ref_0048caa0] ; mov ecx, dword [0x48caa0] push ecx mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_0045643d ; call 0x45643d add esp, 0x20 loc_00452a64: movsx eax, word [ref_0048cab6] ; movsx eax, word [0x48cab6] add eax, 0x2a push eax movsx eax, word [ref_0048cab8] ; movsx eax, word [0x48cab8] add eax, 0xa push eax push 1 mov ecx, dword [ref_0048caa8] ; mov ecx, dword [0x48caa8] push ecx mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_00456512 ; call 0x456512 add esp, 0x14 mov esi, dword [esp + 0x14] cmp esi, 0xffffffff je short loc_00452ad9 ; je 0x452ad9 push 0xc mov al, byte [esi + ref_0047e725] ; mov al, byte [esi + 0x47e725] and eax, 0xff push eax push 0x2a push 0xa movsx eax, word [ref_0048cab6] ; movsx eax, word [0x48cab6] add eax, 0x2a push eax movsx eax, word [ref_0048cab8] ; movsx eax, word [0x48cab8] add eax, 0xa push eax mov edi, dword [ref_0048caa0] ; mov edi, dword [0x48caa0] push edi mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_0045643d ; call 0x45643d add esp, 0x20 loc_00452ad9: mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov ebx, dword [eax] push 0 push eax call dword [ebx + 0x80] ; ucall cmp dword [esp + 0x30], 0 je short loc_00452b2e ; je 0x452b2e movsx ebx, word [ref_0048cab8] ; movsx ebx, word [0x48cab8] lea eax, [ebx + 0xb] mov dword [esp], eax movsx eax, word [ref_0048cab6] ; movsx eax, word [0x48cab6] lea esi, [eax + 0xb] mov dword [esp + 4], esi add ebx, 0x75 mov dword [esp + 8], ebx add eax, 0x36 mov dword [esp + 0xc], eax push 0 lea eax, [esp + 4] push eax mov edx, dword [_gWindowHandle] ; mov edx, dword [0x48a0d4] push edx call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_00452b2e: add esp, 0x1c pop ebp pop edi pop esi pop ebx ret fcn_00452b36: push ebx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax movsx eax, word [ref_0048cab6] ; movsx eax, word [0x48cab6] push eax movsx eax, word [ref_0048cab8] ; movsx eax, word [0x48cab8] push eax push 0 mov edx, dword [ref_0048caa8] ; mov edx, dword [0x48caa8] push edx mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_00456512 ; call 0x456512 add esp, 0x14 push 0xc0 push 0x80 movsx eax, word [ref_0048cab6] ; movsx eax, word [0x48cab6] push eax movsx eax, word [ref_0048cab8] ; movsx eax, word [0x48cab8] push eax mov ebx, dword [ref_0048caa0] ; mov ebx, dword [0x48caa0] push ebx push ref_0046caec ; push 0x46caec call fcn_00451a97 ; call 0x451a97 add esp, 0x18 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 call fcn_0045297e ; call 0x45297e add esp, 4 pop ebx ret endloc_00452bc9: db 0x90 ref_00452bca: ; may contain a jump table dd loc_004530e9 dd loc_00453116 dd loc_00453145 dd loc_00453189 dd loc_00453156 dd loc_00453189 dd loc_00453189 dd loc_00453189 dd loc_00453189 dd loc_00453189 dd loc_00453189 dd loc_00453189 dd loc_00453189 dd loc_00453189 fcn_00452c02: push ebx push esi push edi push ebp sub esp, 0x6c mov esi, dword [esp + 0x80] mov ebx, dword [esp + 0x84] mov eax, dword [esp + 0x88] mov ecx, dword [esp + 0x8c] cmp ebx, 0x201 jb short loc_00452c64 ; jb 0x452c64 jbe near loc_00452d0e ; jbe 0x452d0e cmp ebx, 0x203 jb near loc_00452fce ; jb 0x452fce jbe near loc_00452d0e ; jbe 0x452d0e cmp ebx, 0x205 jb near loc_00453534 ; jb 0x453534 jbe near loc_004534a3 ; jbe 0x4534a3 cmp ebx, 0x401 je short loc_00452c91 ; je 0x452c91 jmp near loc_00453534 ; jmp 0x453534 loc_00452c64: cmp ebx, 0x100 jb short loc_00452c83 ; jb 0x452c83 jbe near loc_00452e4b ; jbe 0x452e4b cmp ebx, 0x200 je near loc_0045320b ; je 0x45320b jmp near loc_00453534 ; jmp 0x453534 loc_00452c83: cmp ebx, 0xf je near loc_004534d6 ; je 0x4534d6 jmp near loc_00453534 ; jmp 0x453534 loc_00452c91: xor ah, ah mov byte [ref_0048cac2], ah ; mov byte [0x48cac2], ah mov byte [ref_0048caac], 0x30 ; mov byte [0x48caac], 0x30 mov byte [ref_0048caad], ah ; mov byte [0x48caad], ah call fcn_00452b36 ; call 0x452b36 push 0 push 1 push 0x1b call fcn_004021f8 ; call 0x4021f8 add esp, 0xc push 1 call fcn_00402460 ; call 0x402460 add esp, 4 movsx eax, word [ref_0048cab8] ; movsx eax, word [0x48cab8] mov dword [esp + 0x50], eax movsx eax, word [ref_0048cab6] ; movsx eax, word [0x48cab6] mov dword [esp + 0x54], eax mov eax, dword [esp + 0x50] add eax, 0x80 mov dword [esp + 0x58], eax mov eax, dword [esp + 0x54] add eax, 0xc0 mov dword [esp + 0x5c], eax loc_00452cf3: push 0 lea eax, [esp + 0x54] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_00452d02: xor eax, eax loc_00452d04: add esp, 0x6c pop ebp pop edi pop esi pop ebx ret 0x10 loc_00452d0e: xor eax, eax mov ax, cx movsx ebx, word [ref_0048cab8] ; movsx ebx, word [0x48cab8] sub eax, ebx mov ebx, eax mov eax, ecx shr eax, 0x10 and eax, 0xffff and eax, 0xffff movsx edx, word [ref_0048cab6] ; movsx edx, word [0x48cab6] sub eax, edx mov edx, eax test ebx, ebx jl short loc_00452d02 ; jl 0x452d02 cmp ebx, 0x80 jg short loc_00452d02 ; jg 0x452d02 test eax, eax jl short loc_00452d02 ; jl 0x452d02 cmp eax, 0xc0 jg short loc_00452d02 ; jg 0x452d02 mov edi, eax shl edi, 7 add edi, ebx mov eax, dword [ref_0048ca9c] ; mov eax, dword [0x48ca9c] mov al, byte [edi + eax] mov byte [ref_0048cac2], al ; mov byte [0x48cac2], al cmp al, 1 jne short loc_00452d75 ; jne 0x452d75 mov dword [ref_0048caba], ebx ; mov dword [0x48caba], ebx mov dword [ref_0048cabe], edx ; mov dword [0x48cabe], edx jmp short loc_00452d02 ; jmp 0x452d02 loc_00452d75: cmp al, 0x10 jne short loc_00452d8e ; jne 0x452d8e push ecx push 0 push 0x200 loc_00452d81: push esi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] jmp near loc_00452d02 ; jmp 0x452d02 loc_00452d8e: push 0 push ref_0048234a ; push 0x48234a call fcn_004542ce ; call 0x4542ce add esp, 8 xor eax, eax mov al, byte [ref_0048cac2] ; mov al, byte [0x48cac2] xor edx, edx mov dl, byte [eax*4 + ref_0047e6d8] ; mov dl, byte [eax*4 + 0x47e6d8] movsx ecx, word [ref_0048cab8] ; movsx ecx, word [0x48cab8] add ecx, edx mov dword [esp + 0x50], ecx xor edx, edx mov dl, byte [eax*4 + ref_0047e6d9] ; mov dl, byte [eax*4 + 0x47e6d9] movsx ecx, word [ref_0048cab6] ; movsx ecx, word [0x48cab6] add ecx, edx mov dword [esp + 0x54], ecx xor edx, edx mov dl, byte [eax*4 + ref_0047e6da] ; mov dl, byte [eax*4 + 0x47e6da] mov ecx, dword [esp + 0x50] add ecx, edx mov dword [esp + 0x58], ecx mov al, byte [eax*4 + ref_0047e6db] ; mov al, byte [eax*4 + 0x47e6db] and eax, 0xff mov edx, dword [esp + 0x54] add edx, eax mov dword [esp + 0x5c], edx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov edi, dword [esp + 0x54] push edi mov ebp, dword [esp + 0x54] push ebp xor eax, eax mov al, byte [ref_0048cac2] ; mov al, byte [0x48cac2] push eax mov eax, dword [ref_0048caa8] ; mov eax, dword [0x48caa8] push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_00456512 ; call 0x456512 add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall jmp near loc_00452cf3 ; jmp 0x452cf3 loc_00452e4b: xor dl, dl mov byte [ref_0048cac2], dl ; mov byte [0x48cac2], dl cmp eax, 0x35 jb short loc_00452ea4 ; jb 0x452ea4 jbe near loc_00452f2b ; jbe 0x452f2b cmp eax, 0x39 jb short loc_00452e90 ; jb 0x452e90 jbe near loc_00452f4f ; jbe 0x452f4f cmp eax, 0x48 jb short loc_00452e82 ; jb 0x452e82 jbe near loc_00452f73 ; jbe 0x452f73 cmp eax, 0x4d je near loc_00452f58 ; je 0x452f58 jmp near loc_00452fa2 ; jmp 0x452fa2 loc_00452e82: cmp eax, 0x43 je near loc_00452f61 ; je 0x452f61 jmp near loc_00452fa2 ; jmp 0x452fa2 loc_00452e90: cmp eax, 0x37 jb near loc_00452f34 ; jb 0x452f34 jbe near loc_00452f3d ; jbe 0x452f3d jmp near loc_00452f46 ; jmp 0x452f46 loc_00452ea4: cmp eax, 0x31 jb short loc_00452eb4 ; jb 0x452eb4 jbe short loc_00452ee3 ; jbe 0x452ee3 cmp eax, 0x33 jb short loc_00452eef ; jb 0x452eef jbe short loc_00452efb ; jbe 0x452efb jmp short loc_00452f07 ; jmp 0x452f07 loc_00452eb4: cmp eax, 0xd jb short loc_00452ec9 ; jb 0x452ec9 jbe near loc_00452f96 ; jbe 0x452f96 cmp eax, 0x30 je short loc_00452ed7 ; je 0x452ed7 jmp near loc_00452fa2 ; jmp 0x452fa2 loc_00452ec9: cmp eax, 8 je near loc_00452f6a ; je 0x452f6a jmp near loc_00452fa2 ; jmp 0x452fa2 loc_00452ed7: mov byte [ref_0048cac2], 5 ; mov byte [0x48cac2], 5 jmp near loc_00452f0e ; jmp 0x452f0e loc_00452ee3: mov byte [ref_0048cac2], 0xd ; mov byte [0x48cac2], 0xd jmp near loc_00452f0e ; jmp 0x452f0e loc_00452eef: mov byte [ref_0048cac2], 0xe ; mov byte [0x48cac2], 0xe jmp near loc_00452f0e ; jmp 0x452f0e loc_00452efb: mov byte [ref_0048cac2], 0xf ; mov byte [0x48cac2], 0xf jmp near loc_00452f0e ; jmp 0x452f0e loc_00452f07: mov byte [ref_0048cac2], 0xa ; mov byte [0x48cac2], 0xa loc_00452f0e: push 0 push ref_0048234a ; push 0x48234a call fcn_004542ce ; call 0x4542ce add esp, 8 loc_00452f1d: push 0 push 0 push 0x202 jmp near loc_00452d81 ; jmp 0x452d81 loc_00452f2b: mov byte [ref_0048cac2], 0xb ; mov byte [0x48cac2], 0xb jmp short loc_00452f0e ; jmp 0x452f0e loc_00452f34: mov byte [ref_0048cac2], 0xc ; mov byte [0x48cac2], 0xc jmp short loc_00452f0e ; jmp 0x452f0e loc_00452f3d: mov byte [ref_0048cac2], 7 ; mov byte [0x48cac2], 7 jmp short loc_00452f0e ; jmp 0x452f0e loc_00452f46: mov byte [ref_0048cac2], 8 ; mov byte [0x48cac2], 8 jmp short loc_00452f0e ; jmp 0x452f0e loc_00452f4f: mov byte [ref_0048cac2], 9 ; mov byte [0x48cac2], 9 jmp short loc_00452f0e ; jmp 0x452f0e loc_00452f58: mov byte [ref_0048cac2], 2 ; mov byte [0x48cac2], 2 jmp short loc_00452f0e ; jmp 0x452f0e loc_00452f61: mov byte [ref_0048cac2], 4 ; mov byte [0x48cac2], 4 jmp short loc_00452f0e ; jmp 0x452f0e loc_00452f6a: mov byte [ref_0048cac2], 6 ; mov byte [0x48cac2], 6 jmp short loc_00452f0e ; jmp 0x452f0e loc_00452f73: mov byte [ref_0048cac2], 0x10 ; mov byte [0x48cac2], 0x10 movsx ebx, word [ref_0048cab8] ; movsx ebx, word [0x48cab8] add ebx, 0x40 movsx edx, word [ref_0048cab6] ; movsx edx, word [0x48cab6] add edx, 0x2f shl edx, 0x10 lea ecx, [edx + ebx] jmp short loc_00452fb9 ; jmp 0x452fb9 loc_00452f96: mov byte [ref_0048cac2], 3 ; mov byte [0x48cac2], 3 jmp near loc_00452f0e ; jmp 0x452f0e loc_00452fa2: mov ah, byte [ref_0048cac2] ; mov ah, byte [0x48cac2] test ah, ah je near loc_00452d02 ; je 0x452d02 cmp ah, 0x10 jne near loc_00452f0e ; jne 0x452f0e loc_00452fb9: push ecx push 0 push 0x200 push esi call dword [cs:__imp__PostMessageA@16] ; ucall: call dword cs:[0x462310] jmp near loc_00452f1d ; jmp 0x452f1d loc_00452fce: mov bl, byte [ref_0048cac2] ; mov bl, byte [0x48cac2] test bl, bl je near loc_00452d02 ; je 0x452d02 cmp bl, 2 jb near loc_0045310a ; jb 0x45310a cmp bl, 0x10 jae near loc_0045310a ; jae 0x45310a xor eax, eax mov al, bl xor edx, edx mov dl, byte [eax*4 + ref_0047e6d8] ; mov dl, byte [eax*4 + 0x47e6d8] movsx ecx, word [ref_0048cab8] ; movsx ecx, word [0x48cab8] add ecx, edx mov dword [esp + 0x50], ecx xor edx, edx mov dl, byte [eax*4 + ref_0047e6d9] ; mov dl, byte [eax*4 + 0x47e6d9] movsx ecx, word [ref_0048cab6] ; movsx ecx, word [0x48cab6] add ecx, edx mov dword [esp + 0x54], ecx xor edx, edx mov dl, byte [eax*4 + ref_0047e6da] ; mov dl, byte [eax*4 + 0x47e6da] mov ecx, dword [esp + 0x50] add ecx, edx mov dword [esp + 0x58], ecx mov al, byte [eax*4 + ref_0047e6db] ; mov al, byte [eax*4 + 0x47e6db] and eax, 0xff mov edx, dword [esp + 0x54] add edx, eax mov dword [esp + 0x5c], edx mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall xor eax, eax mov al, byte [ref_0048cac2] ; mov al, byte [0x48cac2] xor edx, edx mov dl, byte [eax*4 + ref_0047e6db] ; mov dl, byte [eax*4 + 0x47e6db] push edx xor edx, edx mov dl, byte [eax*4 + ref_0047e6da] ; mov dl, byte [eax*4 + 0x47e6da] push edx xor edx, edx mov dl, byte [eax*4 + ref_0047e6d9] ; mov dl, byte [eax*4 + 0x47e6d9] push edx mov al, byte [eax*4 + ref_0047e6d8] ; mov al, byte [eax*4 + 0x47e6d8] and eax, 0xff push eax mov edx, dword [esp + 0x64] push edx mov ecx, dword [esp + 0x64] push ecx mov ebx, dword [ref_0048caa0] ; mov ebx, dword [0x48caa0] push ebx mov edi, dword [ref_0048a08c] ; mov edi, dword [0x48a08c] push edi call fcn_0045643d ; call 0x45643d add esp, 0x20 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 lea eax, [esp + 0x54] push eax push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] mov al, byte [ref_0048cac2] ; mov al, byte [0x48cac2] sub al, 2 cmp al, 0xd ja near loc_0045310a ; ja 0x45310a and eax, 0xff jmp dword [eax*4 + ref_00452bca] ; ujmp: jmp dword [eax*4 + 0x452bca] loc_004530e9: push 0xa mov eax, ref_0048caac ; mov eax, 0x48caac push eax mov ebx, dword [ref_0048ca98] ; mov ebx, dword [0x48ca98] push ebx loc_004530f8: call fcn_00457d61 ; call 0x457d61 add esp, 0xc loc_00453100: push 1 call fcn_0045297e ; call 0x45297e loc_00453107: add esp, 4 loc_0045310a: xor al, al mov byte [ref_0048cac2], al ; mov byte [0x48cac2], al jmp near loc_00452d02 ; jmp 0x452d02 loc_00453116: push ref_0048caac ; push 0x48caac call fcn_004584db ; call 0x4584db mov ebx, eax add esp, 4 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 1 push 0x29 call fcn_004021f8 ; call 0x4021f8 add esp, 0xc push ebx call _Post_0402_Message ; call 0x401966 jmp short loc_00453107 ; jmp 0x453107 loc_00453145: mov byte [ref_0048caac], 0x30 ; mov byte [0x48caac], 0x30 xor ch, ch mov byte [ref_0048caad], ch ; mov byte [0x48caad], ch jmp short loc_00453100 ; jmp 0x453100 loc_00453156: push ref_0048caac ; push 0x48caac call _strlen ; call 0x45825d add esp, 4 cmp eax, 1 jle short loc_00453172 ; jle 0x453172 xor dl, dl mov byte [eax + ref_0048caab], dl ; mov byte [eax + 0x48caab], dl jmp short loc_00453100 ; jmp 0x453100 loc_00453172: jne short loc_0045310a ; jne 0x45310a cmp byte [ref_0048caac], 0x30 ; cmp byte [0x48caac], 0x30 je short loc_0045310a ; je 0x45310a mov byte [ref_0048caac], 0x30 ; mov byte [0x48caac], 0x30 jmp near loc_00453100 ; jmp 0x453100 loc_00453189: push ref_0048caac ; push 0x48caac call _strlen ; call 0x45825d add esp, 4 mov dword [esp + 0x68], eax cmp eax, 9 jge near loc_0045310a ; jge 0x45310a cmp eax, 1 jne short loc_004531c4 ; jne 0x4531c4 cmp byte [ref_0048caac], 0x30 ; cmp byte [0x48caac], 0x30 jne short loc_004531c4 ; jne 0x4531c4 cmp byte [ref_0048cac2], 5 ; cmp byte [0x48cac2], 5 je near loc_0045310a ; je 0x45310a xor ebp, ebp mov dword [esp + 0x68], ebp loc_004531c4: xor eax, eax mov al, byte [ref_0048cac2] ; mov al, byte [0x48cac2] mov dl, byte [eax + ref_0047e714] ; mov dl, byte [eax + 0x47e714] mov eax, dword [esp + 0x68] mov byte [eax + ref_0048caac], dl ; mov byte [eax + 0x48caac], dl xor bh, bh mov byte [eax + ref_0048caad], bh ; mov byte [eax + 0x48caad], bh push ref_0048caac ; push 0x48caac call fcn_004584db ; call 0x4584db add esp, 4 mov edx, dword [ref_0048ca98] ; mov edx, dword [0x48ca98] cmp eax, edx jle near loc_00453100 ; jle 0x453100 push 0xa push ref_0048caac ; push 0x48caac push edx jmp near loc_004530f8 ; jmp 0x4530f8 loc_0045320b: mov dh, byte [ref_0048cac2] ; mov dh, byte [0x48cac2] cmp dh, 1 jne near loc_00453394 ; jne 0x453394 xor ebx, ebx mov bx, cx sub ebx, dword [ref_0048caba] ; sub ebx, dword [0x48caba] shr ecx, 0x10 and ecx, 0xffff xor edx, edx mov dx, cx sub edx, dword [ref_0048cabe] ; sub edx, dword [0x48cabe] test ebx, ebx jge short loc_00453241 ; jge 0x453241 xor ebx, ebx jmp short loc_0045324e ; jmp 0x45324e loc_00453241: cmp ebx, 0x200 jle short loc_0045324e ; jle 0x45324e mov ebx, 0x200 loc_0045324e: test edx, edx jge short loc_00453256 ; jge 0x453256 xor edx, edx jmp short loc_00453263 ; jmp 0x453263 loc_00453256: cmp edx, 0x120 jle short loc_00453263 ; jle 0x453263 mov edx, 0x120 loc_00453263: movsx eax, word [ref_0048cab8] ; movsx eax, word [0x48cab8] mov dword [esp + 0x50], eax movsx eax, word [ref_0048cab6] ; movsx eax, word [0x48cab6] mov dword [esp + 0x54], eax mov eax, dword [esp + 0x50] add eax, 0x80 mov dword [esp + 0x58], eax mov eax, dword [esp + 0x54] add eax, 0xc0 mov dword [esp + 0x5c], eax mov word [ref_0048cab8], bx ; mov word [0x48cab8], bx mov word [ref_0048cab6], dx ; mov word [0x48cab6], dx movsx eax, bx mov dword [esp + 0x40], eax movsx eax, dx mov dword [esp + 0x44], eax mov eax, dword [esp + 0x40] add eax, 0x80 mov dword [esp + 0x48], eax mov eax, dword [esp + 0x44] add eax, 0xc0 mov dword [esp + 0x4c], eax mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] mov dword [ref_0046caf4], eax ; mov dword [0x46caf4], eax mov eax, dword [esp + 0x54] push eax mov edx, dword [esp + 0x54] push edx mov ecx, dword [ref_0048caa4] ; mov ecx, dword [0x48caa4] push ecx mov ebx, dword [ref_0048a08c] ; mov ebx, dword [0x48a08c] push ebx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 push 0xc0 push 0x80 movsx eax, word [ref_0048cab6] ; movsx eax, word [0x48cab6] push eax movsx eax, word [ref_0048cab8] ; movsx eax, word [0x48cab8] push eax mov edi, dword [ref_0048caa4] ; mov edi, dword [0x48caa4] push edi push ref_0046caec ; push 0x46caec call fcn_00451a97 ; call 0x451a97 add esp, 0x18 movsx eax, word [ref_0048cab6] ; movsx eax, word [0x48cab6] push eax movsx eax, word [ref_0048cab8] ; movsx eax, word [0x48cab8] push eax push 0 mov ebp, dword [ref_0048caa8] ; mov ebp, dword [0x48caa8] push ebp mov eax, dword [ref_0048a08c] ; mov eax, dword [0x48a08c] push eax call fcn_00456512 ; call 0x456512 add esp, 0x14 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 call fcn_0045297e ; call 0x45297e add esp, 4 lea eax, [esp + 0x50] push eax lea eax, [esp + 0x44] push eax lea eax, [esp + 0x58] push eax call fcn_00452808 ; call 0x452808 add esp, 0xc jmp near loc_00452cf3 ; jmp 0x452cf3 loc_00453394: cmp dh, 0x10 jne near loc_00452d02 ; jne 0x452d02 xor eax, eax mov ax, cx movsx ebx, word [ref_0048cab8] ; movsx ebx, word [0x48cab8] sub eax, ebx mov ebx, eax shr ecx, 0x10 and ecx, 0xffff xor eax, eax mov ax, cx movsx edx, word [ref_0048cab6] ; movsx edx, word [0x48cab6] sub eax, edx mov edx, eax test ebx, ebx jl near loc_00452d02 ; jl 0x452d02 cmp ebx, 0x80 jg near loc_00452d02 ; jg 0x452d02 test eax, eax jl near loc_00452d02 ; jl 0x452d02 cmp eax, 0xc0 jg near loc_00452d02 ; jg 0x452d02 shl edx, 7 lea eax, [edx + ebx] mov edx, dword [ref_0048ca9c] ; mov edx, dword [0x48ca9c] cmp byte [edx + eax], 0x10 jne near loc_00452d02 ; jne 0x452d02 push 0 mov eax, ref_00482352 ; mov eax, 0x482352 push eax call fcn_004542ce ; call 0x4542ce add esp, 8 sub ebx, 0xa test ebx, ebx jg short loc_00453437 ; jg 0x453437 mov byte [ref_0048caac], 0x30 ; mov byte [0x48caac], 0x30 xor al, al mov byte [ref_0048caad], al ; mov byte [0x48caad], al loc_00453428: push 1 call fcn_0045297e ; call 0x45297e loc_0045342f: add esp, 4 jmp near loc_00452d02 ; jmp 0x452d02 loc_00453437: xor ecx, ecx mov dword [esp + 0x68], ecx jmp short loc_00453451 ; jmp 0x453451 loc_0045343f: mov ebp, dword [esp + 0x68] inc ebp mov dword [esp + 0x68], ebp cmp ebp, 0x22 jge near loc_00452d02 ; jge 0x452d02 loc_00453451: mov eax, dword [esp + 0x68] mov al, byte [eax + ref_0047e725] ; mov al, byte [eax + 0x47e725] and eax, 0xff cmp ebx, eax jg short loc_0045343f ; jg 0x45343f mov eax, dword [esp + 0x68] mov dword [esp + 0x64], eax fild dword [esp + 0x64] fdiv dword [ref_0046621c] ; fdiv dword [0x46621c] fstp dword [esp + 0x60] fild dword [ref_0048ca98] ; fild dword [0x48ca98] fmul dword [esp + 0x60] call fcn_00457dbc ; call 0x457dbc fistp dword [esp + 0x68] push 0xa push ref_0048caac ; push 0x48caac mov edx, dword [esp + 0x70] push edx call fcn_00457d61 ; call 0x457d61 add esp, 0xc jmp short loc_00453428 ; jmp 0x453428 loc_004534a3: push 0 push ref_00482332 ; push 0x482332 call fcn_004542ce ; call 0x4542ce add esp, 8 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push 1 push 0x29 call fcn_004021f8 ; call 0x4021f8 add esp, 0xc push 0 call _Post_0402_Message ; call 0x401966 jmp near loc_0045342f ; jmp 0x45342f loc_004534d6: mov eax, esp push eax push esi call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov eax, dword [eax] push 0x10 lea edx, [esp + 0xc] push edx mov edx, dword [ref_0048a0e0] ; mov edx, dword [0x48a0e0] push edx mov ecx, dword [esp + 0x18] push ecx mov ebx, dword [esp + 0x18] push ebx mov edi, dword [ref_0048a0dc] ; mov edi, dword [0x48a0dc] push edi call dword [eax + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push esi call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_00452d02 ; jmp 0x452d02 loc_00453534: push ecx push eax push ebx push esi call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_00452d04 ; jmp 0x452d04 fcn_00453544: push ebx push esi push edi push ebp sub esp, 0x10 call fcn_004024a1 ; call 0x4024a1 mov esi, eax mov byte [ref_0046cb00], 1 ; mov byte [0x46cb00], 1 cmp eax, 1 jne short loc_00453568 ; jne 0x453568 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 loc_00453568: push 0 push 0 push 0x15 mov edx, dword [ref_0048a05c] ; mov edx, dword [0x48a05c] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048caa8], eax ; mov dword [0x48caa8], eax push 0 push 0 push 0x16 mov ecx, dword [ref_0048a05c] ; mov ecx, dword [0x48a05c] push ecx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048ca9c], eax ; mov dword [0x48ca9c], eax mov word [ref_0048cab8], 0x100 ; mov word [0x48cab8], 0x100 mov word [ref_0048cab6], 0x90 ; mov word [0x48cab6], 0x90 mov dword [esp], 0x100 mov dword [esp + 4], 0x90 mov dword [esp + 8], 0x180 mov dword [esp + 0xc], 0x150 mov eax, esp push eax call fcn_00451e7e ; call 0x451e7e add esp, 4 mov dword [ref_0048caa4], eax ; mov dword [0x48caa4], eax push 0 push 0 push 0xc0 push 0x80 call fcn_00451a5a ; call 0x451a5a add esp, 0x10 mov dword [ref_0048caa0], eax ; mov dword [0x48caa0], eax mov eax, dword [esp + 0x24] mov dword [ref_0048ca98], eax ; mov dword [0x48ca98], eax push 0 push fcn_00452c02 ; push 0x452c02 call _Wait_0402_Message ; call 0x4018e7 add esp, 8 mov ebx, eax movsx eax, word [ref_0048cab6] ; movsx eax, word [0x48cab6] push eax movsx eax, word [ref_0048cab8] ; movsx eax, word [0x48cab8] push eax mov edx, dword [ref_0048caa4] ; mov edx, dword [0x48caa4] push edx call fcn_00451edb ; call 0x451edb add esp, 0xc mov ecx, dword [ref_0048caa8] ; mov ecx, dword [0x48caa8] push ecx call clib_free ; call 0x456e11 add esp, 4 mov edi, dword [ref_0048ca9c] ; mov edi, dword [0x48ca9c] push edi call clib_free ; call 0x456e11 add esp, 4 mov ebp, dword [ref_0048caa0] ; mov ebp, dword [0x48caa0] push ebp call clib_free ; call 0x456e11 add esp, 4 cmp esi, 1 jne short loc_0045366c ; jne 0x45366c push esi call fcn_00402460 ; call 0x402460 add esp, 4 loc_0045366c: xor dh, dh mov byte [ref_0046cb00], dh ; mov byte [0x46cb00], dh mov eax, ebx add esp, 0x10 pop ebp pop edi pop esi pop ebx ret fcn_0045367e: push ebx push esi push edi push ebp sub esp, 0x40 mov esi, dword [esp + 0x54] mov eax, dword [esp + 0x58] mov edx, dword [esp + 0x5c] mov ebx, dword [esp + 0x60] cmp eax, 0x200 jb short loc_004536cb ; jb 0x4536cb jbe near loc_00453745 ; jbe 0x453745 cmp eax, 0x205 jb short loc_004536bb ; jb 0x4536bb jbe near loc_004539a2 ; jbe 0x4539a2 cmp eax, 0x401 je short loc_004536f6 ; je 0x4536f6 jmp near loc_00453a22 ; jmp 0x453a22 loc_004536bb: cmp eax, 0x202 je near loc_00453892 ; je 0x453892 jmp near loc_00453a22 ; jmp 0x453a22 loc_004536cb: cmp eax, 0x100 jb short loc_004536e8 ; jb 0x4536e8 jbe near loc_00453948 ; jbe 0x453948 cmp eax, 0x101 je near loc_0045393a ; je 0x45393a jmp near loc_00453a22 ; jmp 0x453a22 loc_004536e8: cmp eax, 0xf je near loc_004539ca ; je 0x4539ca jmp near loc_00453a22 ; jmp 0x453a22 loc_004536f6: xor edx, edx mov dword [ref_0048cad8], edx ; mov dword [0x48cad8], edx xor edx, edx mov word [ref_0048cadc], dx ; mov word [0x48cadc], dx mov eax, dword [ref_0048cac8] ; mov eax, dword [0x48cac8] add eax, 0x16 push eax mov eax, dword [ref_0048cac4] ; mov eax, dword [0x48cac4] add eax, 0x16 push eax call dword [cs:__imp__SetCursorPos@8] ; ucall: call dword cs:[0x46231c] push 1 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 push ref_0048cac4 ; push 0x48cac4 push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_00453739: xor eax, eax loc_0045373b: add esp, 0x40 pop ebp pop edi pop esi pop ebx ret 0x10 loc_00453745: xor edx, edx mov dx, bx sub edx, dword [ref_0048cac4] ; sub edx, dword [0x48cac4] mov eax, ebx shr eax, 0x10 and eax, 0xffff xor ebx, ebx mov bx, ax sub ebx, dword [ref_0048cac8] ; sub ebx, dword [0x48cac8] test edx, edx jl near loc_00453827 ; jl 0x453827 mov eax, dword [ref_0048cad4] ; mov eax, dword [0x48cad4] movsx ecx, word [eax + 0xc] cmp edx, ecx jge near loc_00453827 ; jge 0x453827 test ebx, ebx jl near loc_00453827 ; jl 0x453827 movsx eax, word [eax + 0xe] cmp ebx, eax jge near loc_00453827 ; jge 0x453827 sar ecx, 1 mov eax, edx sar edx, 0x1f idiv ecx lea ebx, [eax + 1] cmp ebx, dword [ref_0048cad8] ; cmp ebx, dword [0x48cad8] je short loc_00453739 ; je 0x453739 push 0 push ref_0048231a ; push 0x48231a call fcn_004542ce ; call 0x4542ce add esp, 8 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ebp, dword [ref_0048cac8] ; mov ebp, dword [0x48cac8] push ebp mov eax, dword [ref_0048cac4] ; mov eax, dword [0x48cac4] push eax mov ecx, dword [ref_0048cad4] ; mov ecx, dword [0x48cad4] mov eax, ebx shl eax, 2 sub eax, ebx shl eax, 2 add ecx, 0xc add eax, ecx push eax mov edx, dword [ref_0048a08c] ; mov edx, dword [0x48a08c] push edx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push ref_0048cac4 ; push 0x48cac4 push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] loc_0045381c: mov dword [ref_0048cad8], ebx ; mov dword [0x48cad8], ebx jmp near loc_00453739 ; jmp 0x453739 loc_00453827: cmp dword [ref_0048cad8], 0 ; cmp dword [0x48cad8], 0 je near loc_00453739 ; je 0x453739 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov eax, dword [ref_0048cac8] ; mov eax, dword [0x48cac8] push eax mov edx, dword [ref_0048cac4] ; mov edx, dword [0x48cac4] push edx mov eax, dword [ref_0048cad4] ; mov eax, dword [0x48cad4] add eax, 0xc push eax mov ecx, dword [ref_0048a08c] ; mov ecx, dword [0x48a08c] push ecx call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push ref_0048cac4 ; push 0x48cac4 push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] xor ebx, ebx jmp short loc_0045381c ; jmp 0x45381c loc_00453892: cmp dword [ref_0048cad8], 0 ; cmp dword [0x48cad8], 0 je near loc_00453739 ; je 0x453739 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ebx, dword [ref_0048cac8] ; mov ebx, dword [0x48cac8] push ebx mov edi, dword [ref_0048cac4] ; mov edi, dword [0x48cac4] push edi mov eax, dword [ref_0048cad4] ; mov eax, dword [0x48cad4] add eax, 0xc push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push ref_0048cac4 ; push 0x48cac4 push esi call dword [cs:__imp__InvalidateRect@12] ; ucall: call dword cs:[0x4622f8] push 0 call fcn_00402460 ; call 0x402460 add esp, 4 cmp dword [ref_0048cad8], 1 ; cmp dword [0x48cad8], 1 jne short loc_00453923 ; jne 0x453923 push 0 push ref_0048232a ; push 0x48232a call fcn_004542ce ; call 0x4542ce add esp, 8 mov ebx, 1 jmp short loc_00453934 ; jmp 0x453934 loc_00453923: push 0 push ref_00482332 ; push 0x482332 call fcn_004542ce ; call 0x4542ce add esp, 8 xor ebx, ebx loc_00453934: push ebx jmp near loc_004539bd ; jmp 0x4539bd loc_0045393a: xor ebx, ebx mov word [ref_0048cadc], bx ; mov word [0x48cadc], bx jmp near loc_00453739 ; jmp 0x453739 loc_00453948: cmp edx, 0x11 jne short loc_00453958 ; jne 0x453958 mov word [ref_0048cadc], 0x1100 ; mov word [0x48cadc], 0x1100 jmp short loc_0045395f ; jmp 0x45395f loc_00453958: or word [ref_0048cadc], dx ; or word [0x48cadc], dx loc_0045395f: xor edx, edx mov dx, word [ref_00497178] ; mov dx, word [0x497178] xor eax, eax mov ax, word [ref_0048cadc] ; mov ax, word [0x48cadc] cmp eax, edx jne short loc_00453991 ; jne 0x453991 push 0 push ref_0048232a ; push 0x48232a call fcn_004542ce ; call 0x4542ce add esp, 8 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 1 jmp short loc_004539bd ; jmp 0x4539bd loc_00453991: xor edx, edx mov dx, word [ref_0049717a] ; mov dx, word [0x49717a] cmp eax, edx jne near loc_00453739 ; jne 0x453739 loc_004539a2: push 0 push ref_00482332 ; push 0x482332 call fcn_004542ce ; call 0x4542ce add esp, 8 push 0 call fcn_00402460 ; call 0x402460 add esp, 4 push 0 loc_004539bd: call _Post_0402_Message ; call 0x401966 add esp, 4 jmp near loc_00453739 ; jmp 0x453739 loc_004539ca: mov eax, esp push eax push esi call dword [cs:__imp__BeginPaint@8] ; ucall: call dword cs:[0x4622cc] lea eax, [esp + 8] push eax call fcn_0040235d ; call 0x40235d add esp, 4 mov eax, dword [ref_0048a0dc] ; mov eax, dword [0x48a0dc] mov edx, dword [eax] push 0x10 lea ecx, [esp + 0xc] push ecx mov ecx, dword [ref_0048a0e0] ; mov ecx, dword [0x48a0e0] push ecx mov ebx, dword [esp + 0x18] push ebx mov edi, dword [esp + 0x18] push edi push eax call dword [edx + 0x1c] ; ucall lea eax, [esp + 8] push eax call fcn_00402250 ; call 0x402250 add esp, 4 mov eax, esp push eax push esi call dword [cs:__imp__EndPaint@8] ; ucall: call dword cs:[0x4622e8] jmp near loc_00453739 ; jmp 0x453739 loc_00453a22: push ebx push edx push eax push esi call dword [cs:__imp__DefWindowProcA@16] ; ucall: call dword cs:[0x4622d8] jmp near loc_0045373b ; jmp 0x45373b fcn_00453a32: push ebx push esi push edi push ebp call fcn_004024a1 ; call 0x4024a1 mov edi, eax cmp eax, 1 jne short loc_00453a4c ; jne 0x453a4c push 0 call fcn_00402460 ; call 0x402460 add esp, 4 loc_00453a4c: push 0 push 0 push 0x1b8 mov edx, dword [ref_0048a0e4] ; mov edx, dword [0x48a0e4] push edx call fcn_00450441 ; call 0x450441 add esp, 0x10 mov dword [ref_0048cad4], eax ; mov dword [0x48cad4], eax movsx edx, word [eax + 0xc] sar edx, 1 mov ebx, dword [esp + 0x14] sub ebx, edx mov dword [ref_0048cac4], ebx ; mov dword [0x48cac4], ebx movsx edx, word [eax + 0xe] sar edx, 1 mov ebx, dword [esp + 0x18] sub ebx, edx mov dword [ref_0048cac8], ebx ; mov dword [0x48cac8], ebx movsx edx, word [eax + 0xc] mov ebx, dword [ref_0048cac4] ; mov ebx, dword [0x48cac4] add edx, ebx mov dword [ref_0048cacc], edx ; mov dword [0x48cacc], edx movsx edx, word [eax + 0xe] mov eax, dword [ref_0048cac8] ; mov eax, dword [0x48cac8] add eax, edx mov dword [ref_0048cad0], eax ; mov dword [0x48cad0], eax push ref_0048cac4 ; push 0x48cac4 call fcn_00451e7e ; call 0x451e7e mov ebx, eax add esp, 4 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push 1 push ref_0048a068 ; push 0x48a068 push 0 push eax call dword [edx + 0x64] ; ucall mov ecx, dword [ref_0048cac8] ; mov ecx, dword [0x48cac8] push ecx mov esi, dword [ref_0048cac4] ; mov esi, dword [0x48cac4] push esi mov eax, dword [ref_0048cad4] ; mov eax, dword [0x48cad4] add eax, 0xc push eax mov ebp, dword [ref_0048a08c] ; mov ebp, dword [0x48a08c] push ebp call fcn_004563f5 ; call 0x4563f5 add esp, 0x10 mov eax, dword [ref_0048a0e0] ; mov eax, dword [0x48a0e0] mov edx, dword [eax] push 0 push eax call dword [edx + 0x80] ; ucall push 0 push fcn_0045367e ; push 0x45367e call _Wait_0402_Message ; call 0x4018e7 add esp, 8 mov esi, eax mov eax, dword [ref_0048cac8] ; mov eax, dword [0x48cac8] push eax mov edx, dword [ref_0048cac4] ; mov edx, dword [0x48cac4] push edx push ebx call fcn_00451edb ; call 0x451edb add esp, 0xc mov ecx, dword [ref_0048cad4] ; mov ecx, dword [0x48cad4] push ecx call clib_free ; call 0x456e11 add esp, 4 cmp edi, 1 jne short loc_00453b4e ; jne 0x453b4e push edi call fcn_00402460 ; call 0x402460 add esp, 4 loc_00453b4e: mov eax, esi pop ebp pop edi pop esi pop ebx ret fcn_00453b55: push ebx push esi push edi mov edx, dword [ref_0047e748] ; mov edx, dword [0x47e748] test edx, edx jne near loc_00453cec ; jne 0x453cec cmp byte [ref_0047e76c], 0 ; cmp byte [0x47e76c], 0 jne near loc_00453cec ; jne 0x453cec push edx push ref_0047e748 ; push 0x47e748 push edx call fcn_0046121c ; call 0x46121c test eax, eax je short loc_00453bad ; je 0x453bad push 0x10 push ref_00466220 ; push 0x466220 push ref_00466228 ; push 0x466228 push 0 call dword [cs:__imp__MessageBoxA@16] ; ucall: call dword cs:[0x462308] xor esi, esi mov dword [ref_0047e748], esi ; mov dword [0x47e748], esi loc_00453ba0: mov byte [ref_0047e76c], 1 ; mov byte [0x47e76c], 1 xor eax, eax pop edi pop esi pop ebx ret loc_00453bad: mov eax, dword [ref_0047e748] ; mov eax, dword [0x47e748] mov edx, dword [eax] push 3 mov ecx, dword [_gWindowHandle] ; mov ecx, dword [0x48a0d4] push ecx push eax call dword [edx + 0x18] ; ucall test eax, eax je short loc_00453bef ; je 0x453bef push 0x10 push ref_0046625a ; push 0x46625a push ref_00466260 ; push 0x466260 push 0 call dword [cs:__imp__MessageBoxA@16] ; ucall: call dword cs:[0x462308] mov eax, dword [ref_0047e748] ; mov eax, dword [0x47e748] mov edx, dword [eax] push eax call dword [edx + 8] ; ucall xor ebx, ebx mov dword [ref_0047e748], ebx ; mov dword [0x47e748], ebx jmp short loc_00453ba0 ; jmp 0x453ba0 loc_00453bef: mov dword [ref_0048cb28], 0x14 ; mov dword [0x48cb28], 0x14 mov dword [ref_0048cb2c], 1 ; mov dword [0x48cb2c], 1 xor edi, edi mov dword [ref_0048cb30], eax ; mov dword [0x48cb30], eax mov dword [ref_0048cb34], eax ; mov dword [0x48cb34], eax mov dword [ref_0048cb38], eax ; mov dword [0x48cb38], eax mov eax, dword [ref_0047e748] ; mov eax, dword [0x47e748] mov edx, dword [eax] push edi push ref_0047e74c ; push 0x47e74c push ref_0048cb28 ; push 0x48cb28 push eax call dword [edx + 0xc] ; ucall test eax, eax je short loc_00453c5a ; je 0x453c5a push 0x10 push ref_0046625a ; push 0x46625a push ref_00466287 ; push 0x466287 push edi call dword [cs:__imp__MessageBoxA@16] ; ucall: call dword cs:[0x462308] mov eax, dword [ref_0047e748] ; mov eax, dword [0x47e748] mov edx, dword [eax] push eax call dword [edx + 8] ; ucall xor ecx, ecx mov dword [ref_0047e748], ecx ; mov dword [0x47e748], ecx jmp near loc_00453ba0 ; jmp 0x453ba0 loc_00453c5a: mov edx, 1 mov word [ref_0048cb3c], dx ; mov word [0x48cb3c], dx mov ecx, edx mov word [ref_0048cb3e], dx ; mov word [0x48cb3e], dx mov edx, 0x5622 mov dword [ref_0048cb40], edx ; mov dword [0x48cb40], edx mov dword [ref_0048cb44], edx ; mov dword [0x48cb44], edx mov word [ref_0048cb48], cx ; mov word [0x48cb48], cx mov word [ref_0048cb4a], 8 ; mov word [0x48cb4a], 8 xor edi, edi mov word [ref_0048cb4c], di ; mov word [0x48cb4c], di mov eax, dword [ref_0047e74c] ; mov eax, dword [0x47e74c] mov edx, dword [eax] push ref_0048cb3c ; push 0x48cb3c push eax call dword [edx + 0x38] ; ucall test eax, eax je short loc_00453cec ; je 0x453cec push 0x10 push ref_0046625a ; push 0x46625a push ref_004662b3 ; push 0x4662b3 push 0 call dword [cs:__imp__MessageBoxA@16] ; ucall: call dword cs:[0x462308] mov eax, dword [ref_0047e748] ; mov eax, dword [0x47e748] mov edx, dword [eax] push eax call dword [edx + 8] ; ucall xor eax, eax mov dword [ref_0047e748], eax ; mov dword [0x47e748], eax mov eax, dword [ref_0047e74c] ; mov eax, dword [0x47e74c] mov edx, dword [eax] push eax call dword [edx + 8] ; ucall xor edx, edx mov dword [ref_0047e74c], edx ; mov dword [0x47e74c], edx jmp near loc_00453ba0 ; jmp 0x453ba0 loc_00453cec: mov ebx, dword [esp + 0x10] test ebx, ebx je short loc_00453cfb ; je 0x453cfb call fcn_004541e3 ; call 0x4541e3 jmp short loc_00453d0b ; jmp 0x453d0b loc_00453cfb: push 0x40 push ebx push ref_0048cae8 ; push 0x48cae8 call memset ; call 0x456f60 add esp, 0xc loc_00453d0b: xor esi, esi mov dword [ref_0048cae4], esi ; mov dword [0x48cae4], esi mov dword [ref_0047e750], esi ; mov dword [0x47e750], esi mov dword [ref_0047e754], esi ; mov dword [0x47e754], esi mov eax, 1 pop edi pop esi pop ebx ret fcn_00453d28: push ebx push esi push edi push ebp xor esi, esi jmp short loc_00453d36 ; jmp 0x453d36 loc_00453d30: inc esi cmp esi, 0x10 jge short loc_00453d65 ; jge 0x453d65 loc_00453d36: mov ebx, esi shl ebx, 2 mov edx, dword [ebx + ref_0048cae8] ; mov edx, dword [ebx + 0x48cae8] test edx, edx je short loc_00453d30 ; je 0x453d30 mov ebx, edx loc_00453d47: cmp dword [ebx], 0xffffffff je short loc_00453d30 ; je 0x453d30 mov edi, dword [ebx + 4] test edi, edi je short loc_00453d30 ; je 0x453d30 mov edx, dword [edi] push edi call dword [edx + 8] ; ucall mov dword [ebx + 4], 0 add ebx, 8 jmp short loc_00453d47 ; jmp 0x453d47 loc_00453d65: xor ebp, ebp mov dword [ref_0048cae4], ebp ; mov dword [0x48cae4], ebp mov eax, dword [ref_0047e754] ; mov eax, dword [0x47e754] test eax, eax je short loc_00453d82 ; je 0x453d82 mov edx, dword [eax] push eax call dword [edx + 8] ; ucall mov dword [ref_0047e754], ebp ; mov dword [0x47e754], ebp loc_00453d82: mov ecx, dword [ref_0047e750] ; mov ecx, dword [0x47e750] test ecx, ecx je short loc_00453d9a ; je 0x453d9a mov edx, dword [ecx] push ecx call dword [edx + 8] ; ucall xor ebx, ebx mov dword [ref_0047e750], ebx ; mov dword [0x47e750], ebx loc_00453d9a: mov esi, dword [ref_0047e74c] ; mov esi, dword [0x47e74c] test esi, esi je short loc_00453db2 ; je 0x453db2 mov edx, dword [esi] push esi call dword [edx + 8] ; ucall xor edi, edi mov dword [ref_0047e74c], edi ; mov dword [0x47e74c], edi loc_00453db2: mov ebp, dword [ref_0047e748] ; mov ebp, dword [0x47e748] test ebp, ebp je short loc_00453dca ; je 0x453dca mov edx, dword [ebp] push ebp call dword [edx + 8] ; ucall xor eax, eax mov dword [ref_0047e748], eax ; mov dword [0x47e748], eax loc_00453dca: pop ebp pop edi pop esi pop ebx ret fcn_00453dcf: push ebx push esi push edi push ebp sub esp, 0x14 mov esi, dword [esp + 0x28] cmp dword [ref_0047e748], 0 ; cmp dword [0x47e748], 0 je short loc_00453de7 ; je 0x453de7 test esi, esi jne short loc_00453dee ; jne 0x453dee loc_00453de7: xor eax, eax jmp near loc_00453f64 ; jmp 0x453f64 loc_00453dee: cmp byte [esi], 0x52 jne short loc_00453de7 ; jne 0x453de7 cmp byte [esi + 1], 0x49 jne short loc_00453de7 ; jne 0x453de7 mov dh, byte [esi + 2] cmp dh, 0x46 jne short loc_00453de7 ; jne 0x453de7 cmp dh, byte [esi + 3] jne short loc_00453de7 ; jne 0x453de7 push 0x10 lea eax, [esi + 0x14] push eax push ref_0048cb3c ; push 0x48cb3c call _memcpy ; call 0x456de8 add esp, 0xc xor edx, edx mov word [ref_0048cb4c], dx ; mov word [0x48cb4c], dx mov ebx, dword [esi + 0x10] add ebx, 0x14 loc_00453e28: lea eax, [esi + ebx] cmp byte [eax], 0x64 jne short loc_00453e43 ; jne 0x453e43 mov ch, byte [eax + 1] cmp ch, 0x61 jne short loc_00453e43 ; jne 0x453e43 cmp byte [eax + 2], 0x74 jne short loc_00453e43 ; jne 0x453e43 cmp ch, byte [eax + 3] je short loc_00453e50 ; je 0x453e50 loc_00453e43: lea eax, [esi + ebx] mov edi, dword [eax + 4] add edi, 8 add ebx, edi jmp short loc_00453e28 ; jmp 0x453e28 loc_00453e50: mov edi, dword [eax + 4] mov dword [ref_0048cb28], 0x14 ; mov dword [0x48cb28], 0x14 mov dword [ref_0048cb2c], 0xe2 ; mov dword [0x48cb2c], 0xe2 mov dword [ref_0048cb30], edi ; mov dword [0x48cb30], edi xor eax, eax mov dword [ref_0048cb34], eax ; mov dword [0x48cb34], eax mov dword [ref_0048cb38], ref_0048cb3c ; mov dword [0x48cb38], 0x48cb3c mov eax, dword [ref_0047e748] ; mov eax, dword [0x47e748] mov edx, dword [eax] push 0 lea ecx, [esp + 4] push ecx push ref_0048cb28 ; push 0x48cb28 push eax call dword [edx + 0xc] ; ucall test eax, eax jne near loc_00453de7 ; jne 0x453de7 mov eax, dword [esp] mov eax, dword [eax] push 0 lea edx, [esp + 0x14] push edx lea edx, [esp + 0x10] push edx lea edx, [esp + 0x18] push edx lea edx, [esp + 0x14] push edx push edi push 0 mov ecx, dword [esp + 0x1c] push ecx call dword [eax + 0x2c] ; ucall mov edx, eax cmp eax, 0x88780096 jne short loc_00453f00 ; jne 0x453f00 mov eax, dword [esp] mov eax, dword [eax] mov ebp, dword [esp] push ebp call dword [eax + 0x50] ; ucall mov eax, dword [esp] mov eax, dword [eax] push 0 lea edx, [esp + 0x14] push edx lea edx, [esp + 0x10] push edx lea edx, [esp + 0x18] push edx lea edx, [esp + 0x14] push edx push edi push 0 mov edx, dword [esp + 0x1c] push edx call dword [eax + 0x2c] ; ucall mov edx, eax loc_00453f00: test edx, edx jne near loc_00453de7 ; jne 0x453de7 mov ecx, dword [esp + 0xc] push ecx add ebx, esi lea eax, [ebx + 8] push eax mov esi, dword [esp + 0xc] push esi call _memcpy ; call 0x456de8 add esp, 0xc mov ebp, dword [esp + 0xc] cmp edi, ebp je short loc_00453f40 ; je 0x453f40 mov eax, dword [esp + 0x10] push eax add ebx, ebp add ebx, 8 push ebx mov ecx, dword [esp + 0x10] push ecx call _memcpy ; call 0x456de8 add esp, 0xc loc_00453f40: mov eax, dword [esp] mov eax, dword [eax] mov ebx, dword [esp + 0x10] push ebx lea edx, [esp + 0xc] push edx mov esi, dword [esp + 0x14] push esi lea edx, [esp + 0x10] push edx mov edi, dword [esp + 0x10] push edi call dword [eax + 0x4c] ; ucall mov eax, dword [esp] loc_00453f64: add esp, 0x14 pop ebp pop edi pop esi pop ebx ret fcn_00453f6c: push ebx push esi push edi push ebp sub esp, 0x10 mov ebp, dword [esp + 0x24] cmp dword [ref_0047e748], 0 ; cmp dword [0x47e748], 0 je short loc_00453fc1 ; je 0x453fc1 test ebp, ebp je short loc_00453fc1 ; je 0x453fc1 push 0 push 0 mov ecx, dword [esp + 0x30] push ecx mov ebx, dword [ref_0048a058] ; mov ebx, dword [0x48a058] push ebx call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 mov esi, eax cmp byte [eax], 0x52 jne short loc_00453fb8 ; jne 0x453fb8 cmp byte [ebx + 1], 0x49 jne short loc_00453fb8 ; jne 0x453fb8 mov dh, byte [ebx + 2] cmp dh, 0x46 jne short loc_00453fb8 ; jne 0x453fb8 cmp dh, byte [ebx + 3] je short loc_00453fc8 ; je 0x453fc8 loc_00453fb8: push esi call clib_free ; call 0x456e11 add esp, 4 loc_00453fc1: xor eax, eax jmp near loc_004540d0 ; jmp 0x4540d0 loc_00453fc8: push 0x10 lea eax, [ebx + 0x14] push eax push ref_0048cb3c ; push 0x48cb3c call _memcpy ; call 0x456de8 add esp, 0xc xor edx, edx mov word [ref_0048cb4c], dx ; mov word [0x48cb4c], dx mov ebx, dword [ebx + 0x10] add ebx, 0x14 loc_00453fea: lea eax, [esi + ebx] cmp byte [eax], 0x64 jne short loc_00454005 ; jne 0x454005 mov dl, byte [eax + 1] cmp dl, 0x61 jne short loc_00454005 ; jne 0x454005 cmp byte [eax + 2], 0x74 jne short loc_00454005 ; jne 0x454005 cmp dl, byte [eax + 3] je short loc_00454012 ; je 0x454012 loc_00454005: lea eax, [esi + ebx] mov edi, dword [eax + 4] add edi, 8 add ebx, edi jmp short loc_00453fea ; jmp 0x453fea loc_00454012: mov edi, dword [eax + 4] mov eax, dword [ebp] push 0 lea edx, [esp + 0x10] push edx lea edx, [esp + 0xc] push edx lea edx, [esp + 0x14] push edx lea edx, [esp + 0x10] push edx push edi push 0 push ebp call dword [eax + 0x2c] ; ucall mov edx, eax cmp eax, 0x88780096 jne short loc_00454067 ; jne 0x454067 mov eax, dword [ebp] push ebp call dword [eax + 0x50] ; ucall mov eax, dword [ebp] push 0 lea edx, [esp + 0x10] push edx lea edx, [esp + 0xc] push edx lea edx, [esp + 0x14] push edx lea edx, [esp + 0x10] push edx push edi push 0 push ebp call dword [eax + 0x2c] ; ucall mov edx, eax loc_00454067: test edx, edx jne near loc_00453fb8 ; jne 0x453fb8 mov eax, dword [esp + 8] push eax add ebx, esi lea eax, [ebx + 8] push eax mov edx, dword [esp + 8] push edx call _memcpy ; call 0x456de8 add esp, 0xc mov ecx, dword [esp + 8] cmp edi, ecx je short loc_004540a7 ; je 0x4540a7 mov edi, dword [esp + 0xc] push edi add ebx, ecx add ebx, 8 push ebx mov edx, dword [esp + 0xc] push edx call _memcpy ; call 0x456de8 add esp, 0xc loc_004540a7: mov eax, dword [ebp] mov ecx, dword [esp + 0xc] push ecx lea edx, [esp + 8] push edx mov ebx, dword [esp + 0x10] push ebx lea edx, [esp + 0xc] push edx push ebp call dword [eax + 0x4c] ; ucall push esi call clib_free ; call 0x456e11 add esp, 4 mov eax, 1 loc_004540d0: add esp, 0x10 pop ebp pop edi pop esi pop ebx ret fcn_004540d8: push ebx push esi push edi mov ebx, dword [esp + 0x10] test ebx, ebx je short loc_00454150 ; je 0x454150 cmp byte [ref_0049715b], 0 ; cmp byte [0x49715b], 0 je short loc_00454150 ; je 0x454150 mov eax, dword [ebx] push 0 push ebx call dword [eax + 0x34] ; ucall mov eax, dword [ebx] mov edx, dword [esp + 0x18] push edx push 0 push 0 push ebx call dword [eax + 0x30] ; ucall cmp eax, 0x88780096 jne short loc_0045412c ; jne 0x45412c mov ecx, dword [esp + 0x14] push ecx push ebx call fcn_00453f6c ; call 0x453f6c add esp, 8 cmp eax, 1 jne short loc_0045412c ; jne 0x45412c mov eax, dword [ebx] mov esi, dword [esp + 0x18] push esi push 0 push 0 push ebx call dword [eax + 0x30] ; ucall loc_0045412c: mov edx, dword [ebx] xor eax, eax mov al, byte [ref_0049715b] ; mov al, byte [0x49715b] mov edi, dword [eax*4 + ref_0047e758] ; mov edi, dword [eax*4 + 0x47e758] push edi push ebx call dword [edx + 0x3c] ; ucall mov eax, dword [esp + 0x14] mov dword [ref_0048cae0], eax ; mov dword [0x48cae0], eax mov dword [ref_0048cae4], ebx ; mov dword [0x48cae4], ebx loc_00454150: pop edi pop esi pop ebx ret endloc_00454154: dd 0x24548b53 db 0x08 db 0x83 db 0x3d dd ref_0047e748 db 0x00 dd 0xd2851274 dd 0x028b0e74 dd 0x4850ff52 dd 0x1d89db31 dd ref_0048cae4 db 0x5b db 0xc3 fcn_00454176: push ebx push esi push edi mov ebx, dword [esp + 0x10] cmp dword [ref_0047e748], 0 ; cmp dword [0x47e748], 0 je short loc_004541df ; je 0x4541df loc_00454186: mov ecx, dword [ebx] cmp ecx, 0xffffffff je short loc_004541bd ; je 0x4541bd push 0 push 0 push ecx mov edi, dword [ref_0048a058] ; mov edi, dword [0x48a058] push edi call fcn_00450441 ; call 0x450441 mov esi, eax add esp, 0x10 push eax call fcn_00453dcf ; call 0x453dcf add esp, 4 mov dword [ebx + 4], eax push esi call clib_free ; call 0x456e11 add esp, 4 add ebx, 8 jmp short loc_00454186 ; jmp 0x454186 loc_004541bd: xor eax, eax jmp short loc_004541c7 ; jmp 0x4541c7 loc_004541c1: inc eax cmp eax, 0x10 jge short loc_004541df ; jge 0x4541df loc_004541c7: mov ebx, eax shl ebx, 2 cmp dword [ebx + ref_0048cae8], 0 ; cmp dword [ebx + 0x48cae8], 0 jne short loc_004541c1 ; jne 0x4541c1 mov eax, dword [esp + 0x10] mov dword [ebx + ref_0048cae8], eax ; mov dword [ebx + 0x48cae8], eax loc_004541df: pop edi pop esi pop ebx ret fcn_004541e3: push ebx push esi push edi cmp dword [ref_0047e748], 0 ; cmp dword [0x47e748], 0 je short loc_004541df ; je 0x4541df xor edi, edi jmp short loc_004541f9 ; jmp 0x4541f9 loc_004541f3: inc edi cmp edi, 0x10 jge short loc_004541df ; jge 0x4541df loc_004541f9: mov ebx, edi shl ebx, 2 mov ecx, dword [ebx + ref_0048cae8] ; mov ecx, dword [ebx + 0x48cae8] test ecx, ecx je short loc_004541f3 ; je 0x4541f3 mov ebx, ecx loc_0045420a: mov esi, dword [ebx] cmp esi, 0xffffffff je short loc_004541f3 ; je 0x4541f3 push 0 push 0 push esi mov eax, dword [ref_0048a058] ; mov eax, dword [0x48a058] push eax call fcn_00450441 ; call 0x450441 mov esi, eax add esp, 0x10 push eax call fcn_00453dcf ; call 0x453dcf add esp, 4 mov dword [ebx + 4], eax push esi call clib_free ; call 0x456e11 add esp, 4 add ebx, 8 jmp short loc_0045420a ; jmp 0x45420a fcn_00454240: push ebx push esi push edi push ebp sub esp, 4 mov esi, dword [esp + 0x18] mov ebx, esi cmp dword [ref_0047e748], 0 ; cmp dword [0x47e748], 0 je near loc_004542c6 ; je 0x4542c6 loc_0045425a: cmp dword [ebx], 0xffffffff je short loc_004542a7 ; je 0x4542a7 mov edi, dword [ebx + 4] test edi, edi je short loc_004542a2 ; je 0x4542a2 mov edx, dword [edi] mov ecx, esp push ecx push edi call dword [edx + 0x24] ; ucall test byte [esp], 1 je short loc_0045427e ; je 0x45427e mov eax, dword [ebx + 4] mov edx, dword [eax] push eax call dword [edx + 0x48] ; ucall loc_0045427e: mov eax, dword [ebx + 4] mov edx, dword [eax] push eax call dword [edx + 8] ; ucall mov eax, dword [ebx + 4] mov ebp, dword [ref_0048cae4] ; mov ebp, dword [0x48cae4] cmp eax, ebp jne short loc_0045429b ; jne 0x45429b xor eax, ebp mov dword [ref_0048cae4], eax ; mov dword [0x48cae4], eax loc_0045429b: mov dword [ebx + 4], 0 loc_004542a2: add ebx, 8 jmp short loc_0045425a ; jmp 0x45425a loc_004542a7: xor eax, eax jmp short loc_004542b1 ; jmp 0x4542b1 loc_004542ab: inc eax cmp eax, 0x10 jge short loc_004542c6 ; jge 0x4542c6 loc_004542b1: mov ebx, eax shl ebx, 2 cmp esi, dword [ebx + ref_0048cae8] ; cmp esi, dword [ebx + 0x48cae8] jne short loc_004542ab ; jne 0x4542ab xor ecx, ecx mov dword [ebx + ref_0048cae8], ecx ; mov dword [ebx + 0x48cae8], ecx loc_004542c6: add esp, 4 pop ebp pop edi pop esi pop ebx ret fcn_004542ce: push ebx mov eax, dword [esp + 8] mov edx, dword [esp + 0xc] push edx mov ecx, dword [eax] push ecx mov ebx, dword [eax + 4] push ebx call fcn_004540d8 ; call 0x4540d8 add esp, 0xc pop ebx ret fcn_004542e9: mov eax, dword [esp + 4] cmp dword [ref_0047e748], 0 ; cmp dword [0x47e748], 0 je short loc_00454303 ; je 0x454303 mov ecx, dword [eax + 4] test ecx, ecx je short loc_00454303 ; je 0x454303 mov edx, dword [ecx] push ecx call dword [edx + 0x48] ; ucall loc_00454303: ret fcn_00454304: push ebx call fcn_00454395 ; call 0x454395 cmp dword [ref_0047e748], 0 ; cmp dword [0x47e748], 0 je short loc_0045434d ; je 0x45434d cmp byte [ref_0049715b], 0 ; cmp byte [0x49715b], 0 je short loc_0045434d ; je 0x45434d push 0 push 0 mov ecx, dword [esp + 0x10] push ecx mov ebx, dword [ref_0048a058] ; mov ebx, dword [0x48a058] push ebx call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push eax call fcn_00453dcf ; call 0x453dcf add esp, 4 mov dword [ref_0047e754], eax ; mov dword [0x47e754], eax push ebx call clib_free ; call 0x456e11 add esp, 4 loc_0045434d: pop ebx ret fcn_0045434f: push ebx cmp dword [ref_0047e748], 0 ; cmp dword [0x47e748], 0 je short loc_00454393 ; je 0x454393 cmp byte [ref_0049715b], 0 ; cmp byte [0x49715b], 0 je short loc_00454393 ; je 0x454393 mov ecx, dword [ref_0047e754] ; mov ecx, dword [0x47e754] test ecx, ecx je short loc_00454393 ; je 0x454393 mov edx, dword [ecx] push 0 push 0 push 0 push ecx call dword [edx + 0x30] ; ucall mov eax, dword [ref_0047e754] ; mov eax, dword [0x47e754] mov edx, dword [eax] xor ecx, ecx mov cl, byte [ref_0049715b] ; mov cl, byte [0x49715b] mov ebx, dword [ecx*4 + ref_0047e758] ; mov ebx, dword [ecx*4 + 0x47e758] push ebx push eax call dword [edx + 0x3c] ; ucall loc_00454393: pop ebx ret fcn_00454395: push ebx cmp dword [ref_0047e748], 0 ; cmp dword [0x47e748], 0 je short loc_004543c2 ; je 0x4543c2 mov ecx, dword [ref_0047e754] ; mov ecx, dword [0x47e754] test ecx, ecx je short loc_004543c2 ; je 0x4543c2 mov edx, dword [ecx] push ecx call dword [edx + 0x48] ; ucall mov eax, dword [ref_0047e754] ; mov eax, dword [0x47e754] mov edx, dword [eax] push eax call dword [edx + 8] ; ucall xor ebx, ebx mov dword [ref_0047e754], ebx ; mov dword [0x47e754], ebx loc_004543c2: pop ebx ret fcn_004543c4: push ebx push esi sub esp, 4 call dword [cs:__imp__timeGetTime@0] ; ucall: call dword cs:[0x46246c] mov esi, eax cmp dword [ref_0047e748], 0 ; cmp dword [0x47e748], 0 je short loc_00454414 ; je 0x454414 cmp dword [ref_0048cae4], 0 ; cmp dword [0x48cae4], 0 je short loc_00454414 ; je 0x454414 cmp byte [ref_0049715b], 0 ; cmp byte [0x49715b], 0 je short loc_00454414 ; je 0x454414 loc_004543ed: call dword [cs:__imp__timeGetTime@0] ; ucall: call dword cs:[0x46246c] mov ebx, eax sub ebx, esi mov eax, dword [ref_0048cae4] ; mov eax, dword [0x48cae4] mov edx, dword [eax] mov ecx, esp push ecx push eax call dword [edx + 0x24] ; ucall test byte [esp], 1 je short loc_00454414 ; je 0x454414 cmp ebx, 0x3e8 jb short loc_004543ed ; jb 0x4543ed loc_00454414: add esp, 4 pop esi pop ebx ret fcn_0045441a: push ebx push esi cmp dword [ref_0047e748], 0 ; cmp dword [0x47e748], 0 je short loc_00454490 ; je 0x454490 cmp byte [ref_0049715b], 0 ; cmp byte [0x49715b], 0 je short loc_00454490 ; je 0x454490 call fcn_00454493 ; call 0x454493 push 0 push 0 mov ecx, dword [esp + 0x14] push ecx mov ebx, dword [ref_0048a054] ; mov ebx, dword [0x48a054] push ebx call fcn_00450441 ; call 0x450441 mov ebx, eax add esp, 0x10 push eax call fcn_00453dcf ; call 0x453dcf add esp, 4 mov dword [ref_0047e750], eax ; mov dword [0x47e750], eax push ebx call clib_free ; call 0x456e11 add esp, 4 mov eax, dword [ref_0047e750] ; mov eax, dword [0x47e750] mov edx, dword [eax] push 0 push 0 push 0 push eax call dword [edx + 0x30] ; ucall mov eax, dword [ref_0047e750] ; mov eax, dword [0x47e750] mov ebx, dword [eax] xor edx, edx mov dl, byte [ref_0049715b] ; mov dl, byte [0x49715b] mov esi, dword [edx*4 + ref_0047e758] ; mov esi, dword [edx*4 + 0x47e758] push esi push eax call dword [ebx + 0x3c] ; ucall loc_00454490: pop esi pop ebx ret fcn_00454493: mov edx, dword [ref_0047e750] ; mov edx, dword [0x47e750] test edx, edx je short loc_004544b8 ; je 0x4544b8 mov eax, edx mov edx, dword [edx] push eax call dword [edx + 0x48] ; ucall mov eax, dword [ref_0047e750] ; mov eax, dword [0x47e750] mov edx, dword [eax] push eax call dword [edx + 8] ; ucall xor ecx, ecx mov dword [ref_0047e750], ecx ; mov dword [0x47e750], ecx loc_004544b8: ret fcn_004544b9: push ebx sub esp, 4 xor ebx, ebx mov edx, dword [ref_0047e750] ; mov edx, dword [0x47e750] test edx, edx je short loc_004544ef ; je 0x4544ef cmp byte [ref_0049715b], 0 ; cmp byte [0x49715b], 0 je short loc_004544ef ; je 0x4544ef mov eax, edx mov edx, dword [edx] mov ecx, esp push ecx push eax call dword [edx + 0x24] ; ucall test byte [esp], 1 je short loc_004544ea ; je 0x4544ea mov ebx, 1 jmp short loc_004544ef ; jmp 0x4544ef loc_004544ea: call fcn_00454493 ; call 0x454493 loc_004544ef: mov eax, ebx add esp, 4 pop ebx ret fcn_004544f6: push ebx push esi sub esp, 0x20 xor ebx, ebx call dword [cs:__imp__timeGetTime@0] ; ucall: call dword cs:[0x46246c] mov esi, eax cmp dword [ref_0047e750], 0 ; cmp dword [0x47e750], 0 je near loc_0045458f ; je 0x45458f cmp byte [ref_0049715b], 0 ; cmp byte [0x49715b], 0 je near loc_0045458f ; je 0x45458f loc_00454520: push 1 push 0 push 0 push 0 lea eax, [esp + 0x10] push eax call dword [cs:__imp__PeekMessageA@20] ; ucall: call dword cs:[0x46230c] test eax, eax je short loc_0045456f ; je 0x45456f mov ecx, dword [esp + 4] cmp ecx, 0x202 je short loc_00454554 ; je 0x454554 cmp ecx, 0x205 je short loc_00454554 ; je 0x454554 cmp ecx, 0x101 jne short loc_00454559 ; jne 0x454559 loc_00454554: mov ebx, 1 loc_00454559: cmp dword [esp + 4], 0x3b9 jne short loc_0045456f ; jne 0x45456f cmp dword [esp + 8], 1 jne short loc_0045456f ; jne 0x45456f call fcn_00454d2c ; call 0x454d2c loc_0045456f: mov eax, dword [ref_0047e750] ; mov eax, dword [0x47e750] mov edx, dword [eax] lea ecx, [esp + 0x1c] push ecx push eax call dword [edx + 0x24] ; ucall test byte [esp + 0x1c], 1 je short loc_0045458a ; je 0x45458a test ebx, ebx je short loc_00454520 ; je 0x454520 loc_0045458a: call fcn_00454493 ; call 0x454493 loc_0045458f: call dword [cs:__imp__timeGetTime@0] ; ucall: call dword cs:[0x46246c] sub eax, esi mov ecx, dword [esp + 0x2c] cmp eax, ecx jae short loc_004545b1 ; jae 0x4545b1 test ebx, ebx jne short loc_004545b1 ; jne 0x4545b1 mov edx, ecx sub edx, eax push edx call fcn_004528b9 ; call 0x4528b9 add esp, 4 loc_004545b1: add esp, 0x20 pop esi pop ebx ret ref_004545b7: db 0x41 db 0x3a db 0x00 fcn_004545ba: push ebx push esi push edi sub esp, 0xa0 lea edi, [esp + 0x9c] mov esi, ref_004545b7 ; mov esi, 0x4545b7 db 0x66, 0xa5 ; movsw word es:[edi], word ptr [esi] movsb ; movsb byte es:[edi], byte ptr [esi] mov al, byte [ref_00476374] ; mov al, byte [0x476374] mov byte [esp + 0x9c], al lea eax, [esp + 0x9c] push eax push ref_004663e7 ; push 0x4663e7 lea eax, [esp + 0x6c] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0 push 0 lea eax, [esp + 0x70] push eax call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] test eax, eax jne near loc_00454771 ; jne 0x454771 push eax push eax push eax push ref_0046640a ; push 0x46640a call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] push 0 push 0x28 lea eax, [esp + 0x6c] push eax push ref_00466427 ; push 0x466427 call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] lea eax, [esp + 0x64] push eax call fcn_004584db ; call 0x4584db add esp, 4 cmp eax, 9 jne near loc_00454767 ; jne 0x454767 mov byte [ref_0047e770], 1 ; mov byte [0x47e770], 1 xor ebx, ebx loc_00454655: call dword [cs:__imp__auxGetNumDevs@0] ; ucall: call dword cs:[0x46244c] cmp ebx, eax jae near loc_00454779 ; jae 0x454779 push 0x30 lea eax, [esp + 0x38] push eax push ebx call dword [cs:__imp__auxGetDevCapsA@12] ; ucall: call dword cs:[0x462448] cmp word [esp + 0x5c], 1 jne near loc_00454761 ; jne 0x454761 test byte [esp + 0x60], 1 je near loc_00454761 ; je 0x454761 mov dword [ref_0047e7df], ebx ; mov dword [0x47e7df], ebx push ref_0048cb78 ; push 0x48cb78 push ebx call dword [cs:__imp__auxGetVolume@8] ; ucall: call dword cs:[0x462450] mov eax, dword [ref_0048cb78] ; mov eax, dword [0x48cb78] mov dword [ref_0047e807], eax ; mov dword [0x47e807], eax test byte [esp + 0x60], 2 je near loc_00454736 ; je 0x454736 mov edx, eax shr edx, 0x10 and edx, 0xffff mov ebx, eax and ebx, 0xffff mov ecx, 0xa mov eax, edx sar edx, 0x1f idiv ecx mov ecx, eax mov edi, eax shl edi, 3 sub edi, eax shl edi, 0x10 mov esi, 0xa mov eax, ebx mov edx, ebx sar edx, 0x1f idiv esi mov edx, eax shl eax, 3 sub eax, edx and eax, 0xffff add edi, eax mov dword [ref_0047e803], edi ; mov dword [0x47e803], edi mov ebx, ecx mov esi, ebx shl esi, 2 add esi, ebx shl esi, 0x10 mov ebx, edx mov eax, ebx shl eax, 2 add eax, ebx and eax, 0xffff add esi, eax mov dword [ref_0047e7ff], esi ; mov dword [0x47e7ff], esi shl ecx, 0x11 add edx, edx and edx, 0xffff add ecx, edx mov dword [ref_0047e7fb], ecx ; mov dword [0x47e7fb], ecx jmp short loc_00454779 ; jmp 0x454779 loc_00454736: mov ecx, 0xa xor edx, edx div ecx mov ebx, eax shl eax, 3 sub eax, ebx mov dword [ref_0047e803], eax ; mov dword [0x47e803], eax mov eax, ebx shl eax, 2 add eax, ebx mov dword [ref_0047e7ff], eax ; mov dword [0x47e7ff], eax add ebx, ebx mov dword [ref_0047e7fb], ebx ; mov dword [0x47e7fb], ebx jmp short loc_00454779 ; jmp 0x454779 loc_00454761: inc ebx jmp near loc_00454655 ; jmp 0x454655 loc_00454767: xor dl, dl mov byte [ref_0047e770], dl ; mov byte [0x47e770], dl jmp short loc_00454779 ; jmp 0x454779 loc_00454771: xor ah, ah mov byte [ref_0047e770], ah ; mov byte [0x47e770], ah loc_00454779: push ref_00466447 ; push 0x466447 call dword [cs:__imp__mciGetDeviceIDA@4] ; ucall: call dword cs:[0x462458] mov dword [ref_0047e7db], eax ; mov dword [0x47e7db], eax push 0x34 lea edx, [esp + 4] push edx push eax call dword [cs:__imp__midiOutGetDevCapsA@12] ; ucall: call dword cs:[0x462460] push ref_0048cb7c ; push 0x48cb7c mov edx, dword [ref_0047e7db] ; mov edx, dword [0x47e7db] push edx call dword [cs:__imp__midiOutGetVolume@8] ; ucall: call dword cs:[0x462464] mov eax, dword [ref_0048cb7c] ; mov eax, dword [0x48cb7c] mov dword [ref_0047e7f3], eax ; mov dword [0x47e7f3], eax test byte [esp + 0x30], 2 je near loc_00454855 ; je 0x454855 mov edx, dword [ref_0048cb7c] ; mov edx, dword [0x48cb7c] shr edx, 0x10 and edx, 0xffff mov ebx, dword [ref_0048cb7c] ; mov ebx, dword [0x48cb7c] and ebx, 0xffff mov ecx, 0xa mov eax, edx sar edx, 0x1f idiv ecx mov ecx, eax mov esi, eax shl esi, 3 add esi, eax shl esi, 0x10 mov edi, 0xa mov eax, ebx mov edx, ebx sar edx, 0x1f idiv edi mov edx, eax shl eax, 3 add eax, edx and eax, 0xffff add esi, eax mov dword [ref_0047e7ef], esi ; mov dword [0x47e7ef], esi mov ebx, ecx shl ebx, 0x13 mov eax, edx shl eax, 3 and eax, 0xffff add ebx, eax mov dword [ref_0047e7eb], ebx ; mov dword [0x47e7eb], ebx mov eax, ecx shl eax, 2 sub eax, ecx lea ecx, [eax + eax] shl ecx, 0x10 mov eax, edx shl eax, 2 sub eax, edx add eax, eax and eax, 0xffff add ecx, eax mov dword [ref_0047e7e7], ecx ; mov dword [0x47e7e7], ecx jmp near loc_004548e0 ; jmp 0x4548e0 loc_00454855: xor ecx, ecx mov dword [esp + 0x90], ecx mov eax, dword [ref_0048cb7c] ; mov eax, dword [0x48cb7c] mov dword [esp + 0x8c], eax fild qword [esp + 0x8c] fst qword [esp + 0x8c] fmul qword [ref_00466458] ; fmul qword [0x466458] call fcn_00457dbc ; call 0x457dbc fistp qword [esp + 0x94] mov eax, dword [esp + 0x94] mov dword [ref_0047e7ef], eax ; mov dword [0x47e7ef], eax fld qword [esp + 0x8c] fmul qword [ref_00466460] ; fmul qword [0x466460] call fcn_00457dbc ; call 0x457dbc fistp qword [esp + 0x94] mov eax, dword [esp + 0x94] mov dword [ref_0047e7eb], eax ; mov dword [0x47e7eb], eax fld qword [esp + 0x8c] fmul qword [ref_00466468] ; fmul qword [0x466468] call fcn_00457dbc ; call 0x457dbc fistp qword [esp + 0x94] mov eax, dword [esp + 0x94] mov dword [ref_0047e7e7], eax ; mov dword [0x47e7e7], eax loc_004548e0: call fcn_0045497b ; call 0x45497b add esp, 0xa0 pop edi pop esi pop ebx ret fcn_004548ef: push ebx cmp byte [ref_0047e770], 0 ; cmp byte [0x47e770], 0 jne short loc_00454906 ; jne 0x454906 push 0 push 0 push 0 push ref_00466470 ; push 0x466470 jmp short loc_00454923 ; jmp 0x454923 loc_00454906: push 0 push 0 push 0 push ref_0046647f ; push 0x46647f call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] push 0 push 0 push 0 push ref_00466491 ; push 0x466491 loc_00454923: call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] mov edx, dword [ref_0048cb7c] ; mov edx, dword [0x48cb7c] push edx push ref_00466447 ; push 0x466447 call dword [cs:__imp__mciGetDeviceIDA@4] ; ucall: call dword cs:[0x462458] push eax call dword [cs:__imp__midiOutSetVolume@8] ; ucall: call dword cs:[0x462468] cmp byte [ref_0047e770], 1 ; cmp byte [0x47e770], 1 jne short loc_0045496b ; jne 0x45496b mov ecx, dword [ref_0047e7df] ; mov ecx, dword [0x47e7df] cmp ecx, 0xffff je short loc_0045496b ; je 0x45496b mov ebx, dword [ref_0048cb78] ; mov ebx, dword [0x48cb78] push ebx push ecx call dword [cs:__imp__auxSetVolume@8] ; ucall: call dword cs:[0x462454] loc_0045496b: xor dh, dh mov byte [ref_0046cb03], dh ; mov byte [0x46cb03], dh mov byte [ref_0046cb04], dh ; mov byte [0x46cb04], dh pop ebx ret fcn_0045497b: push ebx xor eax, eax mov al, byte [ref_0049715a] ; mov al, byte [0x49715a] mov edx, dword [eax*4 + ref_0047e7e3] ; mov edx, dword [eax*4 + 0x47e7e3] push edx push ref_00466447 ; push 0x466447 call dword [cs:__imp__mciGetDeviceIDA@4] ; ucall: call dword cs:[0x462458] push eax call dword [cs:__imp__midiOutSetVolume@8] ; ucall: call dword cs:[0x462468] cmp byte [ref_0047e770], 1 ; cmp byte [0x47e770], 1 jne short loc_004549cd ; jne 0x4549cd mov ecx, dword [ref_0047e7df] ; mov ecx, dword [0x47e7df] cmp ecx, 0xffff je short loc_004549cd ; je 0x4549cd xor eax, eax mov al, byte [ref_0049715a] ; mov al, byte [0x49715a] mov ebx, dword [eax*4 + ref_0047e7f7] ; mov ebx, dword [eax*4 + 0x47e7f7] push ebx push ecx call dword [cs:__imp__auxSetVolume@8] ; ucall: call dword cs:[0x462454] loc_004549cd: pop ebx ret fcn_004549cf: push ebx push esi push edi push ebp sub esp, 0x28 xor esi, esi xor eax, eax cmp byte [ref_0046cb06], 0 ; cmp byte [0x46cb06], 0 jne near loc_00454ac3 ; jne 0x454ac3 test byte [esp + 0x3d], 0x80 je short loc_004549fb ; je 0x4549fb and dword [esp + 0x3c], 0x7fff mov eax, 1 loc_004549fb: cmp byte [ref_0049715a], 0 ; cmp byte [0x49715a], 0 je near loc_00454ab8 ; je 0x454ab8 test byte [ref_0047e772], 0x80 ; test byte [0x47e772], 0x80 je short loc_00454a1f ; je 0x454a1f test eax, eax jne short loc_00454a1f ; jne 0x454a1f call fcn_00454b1a ; call 0x454b1a mov esi, 1 loc_00454a1f: call fcn_00454acb ; call 0x454acb mov edi, 1 mov ebx, dword [esp + 0x3c] shl ebx, 2 mov ecx, dword [ebx + ref_0047e793] ; mov ecx, dword [ebx + 0x47e793] push ecx push ref_004664a4 ; push 0x4664a4 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0 push 0 lea eax, [esp + 0xc] push eax call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] test eax, eax je short loc_00454a93 ; je 0x454a93 mov ebp, dword [ebx + ref_0047e793] ; mov ebp, dword [ebx + 0x47e793] push ebp push ref_00476374 ; push 0x476374 push ref_004664c0 ; push 0x4664c0 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0 push 0 push 0 lea eax, [esp + 0xc] push eax call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] test eax, eax jne short loc_00454ab8 ; jne 0x454ab8 loc_00454a93: test edi, edi je short loc_00454ab8 ; je 0x454ab8 mov eax, dword [_gWindowHandle] ; mov eax, dword [0x48a0d4] push eax push 0 push 0 push ref_004664de ; push 0x4664de call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] test eax, eax jne short loc_00454ab8 ; jne 0x454ab8 mov byte [ref_0046cb03], 1 ; mov byte [0x46cb03], 1 loc_00454ab8: mov al, byte [esp + 0x3c] mov byte [ref_0047e772], al ; mov byte [0x47e772], al mov eax, esi loc_00454ac3: add esp, 0x28 pop ebp pop edi pop esi pop ebx ret fcn_00454acb: cmp byte [ref_0046cb03], 0 ; cmp byte [0x46cb03], 0 je short loc_00454ae6 ; je 0x454ae6 push 0 push 0 push 0 push ref_00466470 ; push 0x466470 call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] loc_00454ae6: xor dl, dl mov byte [ref_0046cb03], dl ; mov byte [0x46cb03], dl mov byte [ref_0047e772], dl ; mov byte [0x47e772], dl ret fcn_00454af5: call fcn_00454f46 ; call 0x454f46 cmp eax, 1 jne short loc_00454b19 ; jne 0x454b19 push 0 push 0 push 0 push ref_0046647f ; push 0x46647f call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] xor ah, ah mov byte [ref_0046cb04], ah ; mov byte [0x46cb04], ah loc_00454b19: ret fcn_00454b1a: push ebx sub esp, 0x14 cmp byte [ref_0047e770], 0 ; cmp byte [0x47e770], 0 jne near loc_00454ba9 ; jne 0x454ba9 call fcn_00454efa ; call 0x454efa cmp eax, 1 jne short loc_00454b6c ; jne 0x454b6c push 0 push 0x14 lea eax, [esp + 8] push eax push ref_004664f5 ; push 0x4664f5 call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] mov eax, esp push eax call fcn_004584db ; call 0x4584db add esp, 4 mov edx, dword [ref_0047e7d7] ; mov edx, dword [0x47e7d7] mov dword [edx*4 + ref_0048cb50], eax ; mov dword [edx*4 + 0x48cb50], eax mov eax, edx mov dl, byte [ref_0047e772] ; mov dl, byte [0x47e772] jmp short loc_00454b98 ; jmp 0x454b98 loc_00454b6c: mov dh, byte [ref_0047e771] ; mov dh, byte [0x47e771] inc dh mov byte [ref_0047e771], dh ; mov byte [0x47e771], dh mov bl, dh and bl, 7 mov byte [ref_0047e771], bl ; mov byte [0x47e771], bl mov eax, dword [ref_0047e7d7] ; mov eax, dword [0x47e7d7] xor edx, edx mov dword [eax*4 + ref_0048cb50], edx ; mov dword [eax*4 + 0x48cb50], edx mov dl, bl or dl, 0x80 loc_00454b98: mov byte [eax + ref_0048cb70], dl ; mov byte [eax + 0x48cb70], dl inc dword [ref_0047e7d7] ; inc dword [0x47e7d7] add esp, 0x14 pop ebx ret loc_00454ba9: push 0 push 0 push 0 push ref_00466509 ; push 0x466509 call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] test eax, eax jne short loc_00454bc7 ; jne 0x454bc7 xor dl, dl mov byte [ref_0046cb04], dl ; mov byte [0x46cb04], dl loc_00454bc7: add esp, 0x14 pop ebx ret fcn_00454bcc: push ebx push esi push edi push ebp sub esp, 0x50 xor ebx, ebx cmp byte [ref_0046cb06], 0 ; cmp byte [0x46cb06], 0 jne near loc_00454d24 ; jne 0x454d24 cmp byte [ref_0049715a], 0 ; cmp byte [0x49715a], 0 je near loc_00454d24 ; je 0x454d24 call fcn_00454acb ; call 0x454acb cmp byte [ref_0047e770], 0 ; cmp byte [0x47e770], 0 jne near loc_00454cd9 ; jne 0x454cd9 mov ecx, dword [ref_0047e7d7] ; mov ecx, dword [0x47e7d7] dec ecx mov dword [ref_0047e7d7], ecx ; mov dword [0x47e7d7], ecx mov bl, byte [ecx + ref_0048cb70] ; mov bl, byte [ecx + 0x48cb70] and ebx, 0xff mov edi, 1 mov esi, ebx and esi, 0x7f shl esi, 2 mov ebp, dword [esi + ref_0047e773] ; mov ebp, dword [esi + 0x47e773] push ebp push ref_004664a4 ; push 0x4664a4 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0 push 0 lea eax, [esp + 0xc] push eax call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] test eax, eax je short loc_00454c8e ; je 0x454c8e mov eax, dword [esi + ref_0047e773] ; mov eax, dword [esi + 0x47e773] push eax push ref_00476374 ; push 0x476374 push ref_004664c0 ; push 0x4664c0 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0 push 0 push 0 lea eax, [esp + 0xc] push eax call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] test eax, eax jne near loc_00454d1e ; jne 0x454d1e loc_00454c8e: test edi, edi je near loc_00454d1e ; je 0x454d1e mov eax, dword [ref_0047e7d7] ; mov eax, dword [0x47e7d7] mov edx, dword [eax*4 + ref_0048cb50] ; mov edx, dword [eax*4 + 0x48cb50] push edx push ref_00466516 ; push 0x466516 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov ecx, dword [_gWindowHandle] ; mov ecx, dword [0x48a0d4] push ecx push 0 push 0 lea eax, [esp + 0xc] push eax call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] test eax, eax jne short loc_00454d1e ; jne 0x454d1e mov byte [ref_0046cb03], 1 ; mov byte [0x46cb03], 1 jmp short loc_00454d1e ; jmp 0x454d1e loc_00454cd9: mov edx, dword [_gWindowHandle] ; mov edx, dword [0x48a0d4] push edx push ebx push ebx push ref_0046652e ; push 0x46652e call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] test eax, eax jne short loc_00454d1b ; jne 0x454d1b mov byte [ref_0046cb04], 1 ; mov byte [0x46cb04], 1 push eax push 0x28 lea eax, [esp + 8] push eax push ref_00466542 ; push 0x466542 call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] mov eax, esp push eax call fcn_004584db ; call 0x4584db add esp, 4 lea ebx, [eax - 2] loc_00454d1b: or bl, 0x80 loc_00454d1e: mov byte [ref_0047e772], bl ; mov byte [0x47e772], bl loc_00454d24: add esp, 0x50 pop ebp pop edi pop esi pop ebx ret fcn_00454d2c: push ebx cmp byte [ref_0047e770], 0 ; cmp byte [0x47e770], 0 jne short loc_00454d5d ; jne 0x454d5d test byte [ref_0047e772], 0x80 ; test byte [0x47e772], 0x80 je short loc_00454d4b ; je 0x454d4b push 0 call fcn_00454d91 ; call 0x454d91 add esp, 4 pop ebx ret loc_00454d4b: mov ebx, dword [_gWindowHandle] ; mov ebx, dword [0x48a0d4] push ebx push 0 push 0 push ref_004664de ; push 0x4664de jmp short loc_00454d88 ; jmp 0x454d88 loc_00454d5d: test byte [ref_0047e772], 0x80 ; test byte [0x47e772], 0x80 je short loc_00454d78 ; je 0x454d78 mov ecx, dword [_gWindowHandle] ; mov ecx, dword [0x48a0d4] push ecx push 0 push 0 push ref_0046655f ; push 0x46655f jmp short loc_00454d88 ; jmp 0x454d88 loc_00454d78: mov edx, dword [_gWindowHandle] ; mov edx, dword [0x48a0d4] push edx push 0 push 0 push ref_004664de ; push 0x4664de loc_00454d88: call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] pop ebx ret fcn_00454d91: push ebx push esi push edi push ebp sub esp, 0x3c cmp dword [esp + 0x50], 0 je short loc_00454dac ; je 0x454dac mov al, byte [esp + 0x50] dec al mov byte [ref_0047e771], al ; mov byte [0x47e771], al jmp short loc_00454dc5 ; jmp 0x454dc5 loc_00454dac: mov ah, byte [ref_0047e771] ; mov ah, byte [0x47e771] inc ah mov byte [ref_0047e771], ah ; mov byte [0x47e771], ah mov dl, ah and dl, 7 mov byte [ref_0047e771], dl ; mov byte [0x47e771], dl loc_00454dc5: cmp byte [ref_0049715a], 0 ; cmp byte [0x49715a], 0 je near loc_00454ec8 ; je 0x454ec8 cmp byte [ref_0047e770], 0 ; cmp byte [0x47e770], 0 jne near loc_00454e84 ; jne 0x454e84 call fcn_00454acb ; call 0x454acb mov ebx, 1 xor eax, eax mov al, byte [ref_0047e771] ; mov al, byte [0x47e771] mov esi, dword [eax*4 + ref_0047e773] ; mov esi, dword [eax*4 + 0x47e773] push esi push ref_004664a4 ; push 0x4664a4 lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc push 0 push 0 push 0 lea eax, [esp + 0xc] push eax call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] test eax, eax je short loc_00454e5c ; je 0x454e5c xor eax, eax mov al, byte [ref_0047e771] ; mov al, byte [0x47e771] mov edi, dword [eax*4 + ref_0047e773] ; mov edi, dword [eax*4 + 0x47e773] push edi push ref_00476374 ; push 0x476374 push ref_004664c0 ; push 0x4664c0 lea eax, [esp + 0xc] push eax call fcn_00457110 ; call 0x457110 add esp, 0x10 push 0 push 0 push 0 lea eax, [esp + 0xc] push eax call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] test eax, eax jne short loc_00454ec8 ; jne 0x454ec8 loc_00454e5c: test ebx, ebx je short loc_00454ec8 ; je 0x454ec8 mov ebp, dword [_gWindowHandle] ; mov ebp, dword [0x48a0d4] push ebp push 0 push 0 push ref_004664de ; push 0x4664de call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] test eax, eax jne short loc_00454ec8 ; jne 0x454ec8 mov byte [ref_0046cb03], 1 ; mov byte [0x46cb03], 1 jmp short loc_00454ec8 ; jmp 0x454ec8 loc_00454e84: call fcn_00454af5 ; call 0x454af5 xor eax, eax mov al, byte [ref_0047e771] ; mov al, byte [0x47e771] add eax, 2 push eax push ref_0046657a ; push 0x46657a lea eax, [esp + 8] push eax call fcn_00457110 ; call 0x457110 add esp, 0xc mov ecx, dword [_gWindowHandle] ; mov ecx, dword [0x48a0d4] push ecx push 0 push 0 lea eax, [esp + 0xc] push eax call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] test eax, eax jne short loc_00454ec8 ; jne 0x454ec8 mov byte [ref_0046cb04], 1 ; mov byte [0x46cb04], 1 loc_00454ec8: mov al, byte [ref_0047e771] ; mov al, byte [0x47e771] or al, 0x80 mov byte [ref_0047e772], al ; mov byte [0x47e772], al add esp, 0x3c pop ebp pop edi pop esi pop ebx ret fcn_00454edc: cmp byte [ref_0047e770], 0 ; cmp byte [0x47e770], 0 jne short loc_00454eec ; jne 0x454eec call fcn_00454acb ; call 0x454acb jmp short loc_00454ef1 ; jmp 0x454ef1 loc_00454eec: call fcn_00454af5 ; call 0x454af5 loc_00454ef1: xor edx, edx mov dword [ref_0047e7d7], edx ; mov dword [0x47e7d7], edx ret fcn_00454efa: push ebx sub esp, 0x14 xor ebx, ebx cmp byte [ref_0046cb03], 0 ; cmp byte [0x46cb03], 0 jne short loc_00454f10 ; jne 0x454f10 xor eax, eax add esp, 0x14 pop ebx ret loc_00454f10: push ebx push 0x14 lea eax, [esp + 8] push eax push ref_00466596 ; push 0x466596 loc_00454f1d: call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] push ref_004665a6 ; push 0x4665a6 lea eax, [esp + 4] push eax call fcn_004585bc ; call 0x4585bc add esp, 8 test eax, eax jne short loc_00454f3f ; jne 0x454f3f mov ebx, 1 loc_00454f3f: mov eax, ebx add esp, 0x14 pop ebx ret fcn_00454f46: push ebx sub esp, 0x14 xor ebx, ebx push ebx push 0x14 lea eax, [esp + 8] push eax push ref_004665ae ; push 0x4665ae jmp short loc_00454f1d ; jmp 0x454f1d fcn_00454f5b: push ebx sub esp, 0x28 xor ebx, ebx cmp byte [ref_0049715a], 0 ; cmp byte [0x49715a], 0 je short loc_00454fac ; je 0x454fac mov dl, byte [ref_0047e772] ; mov dl, byte [0x47e772] test dl, 0x80 je short loc_00454fac ; je 0x454fac cmp byte [ref_0047e770], 0 ; cmp byte [0x47e770], 0 jne short loc_00454f86 ; jne 0x454f86 mov bl, dl and bl, 7 inc ebx jmp short loc_00454fac ; jmp 0x454fac loc_00454f86: push ebx push 0x28 lea eax, [esp + 8] push eax push ref_00466542 ; push 0x466542 call dword [cs:__imp__mciSendStringA@16] ; ucall: call dword cs:[0x46245c] test eax, eax jne short loc_00454fac ; jne 0x454fac mov eax, esp push eax call fcn_004584db ; call 0x4584db add esp, 4 lea ebx, [eax - 1] loc_00454fac: mov eax, ebx add esp, 0x28 pop ebx ret endloc_00454fb3: db 0x00 fcn_00454fb4: push ebp mov ebp, esp push ebx push ecx push esi push edi mov eax, dword [ebp + 8] mov ecx, dword [ebp + 0xc] neg ecx call fcn_00454fe1 ; call 0x454fe1 shr ax, 0xc inc ax shr ax, 1 and eax, 7 movzx eax, byte [eax + ref_00482414] ; movzx eax, byte [eax + 0x482414] pop edi pop esi pop ecx pop ebx pop ebp ret fcn_00454fe1: mov esi, eax or esi, ecx je short loc_0045502b ; je 0x45502b xor esi, esi cdq xor eax, edx sub eax, edx shld esi, edx, 1 xchg eax, ecx cdq xor eax, edx sub eax, edx shld esi, edx, 1 xchg eax, ecx xor edx, edx cmp eax, ecx pushfd jb short loc_00455005 ; jb 0x455005 xchg eax, ecx loc_00455005: shld edx, eax, 0xb shl eax, 0xb div ecx mov ax, word [eax*2 + ref_0048242c] ; mov ax, word [eax*2 + 0x48242c] popfd jae short loc_00455020 ; jae 0x455020 sub ax, 0x1000 neg ax loc_00455020: shl ax, 2 jmp dword [esi*4 + ref_0048241c] ; ujmp: jmp dword [esi*4 + 0x48241c] loc_0045502b: ret loc_0045502c: neg ax ret loc_00455030: neg ax add ax, 0x8000 ret loc_00455038: add ax, 0x8000 ret endloc_0045503d: db 0x00 db 0x00 db 0x00 fcn_00455040: push ebp mov ebp, esp push ebx push ecx push esi push edi mov esi, ref_00483630 ; mov esi, 0x483630 mov edi, ref_004847bc ; mov edi, 0x4847bc mov ecx, 0x463 rep movsd ; rep movsd dword es:[edi], dword ptr [esi] mov edi, dword [ebp + 8] mov esi, dword [ebp + 0xc] xor edx, edx loc_00455060: call fcn_004551bb ; call 0x4551bb or bh, bh jne short loc_0045506e ; jne 0x45506e mov byte [edi], bl inc edi jmp short loc_00455060 ; jmp 0x455060 loc_0045506e: mov eax, ecx push ecx shr eax, 3 and ecx, 7 mov eax, dword [esi + eax] shr eax, cl mov ebp, eax and ebp, 0xff mov cl, byte [ebp + ref_00483530] ; mov cl, byte [ebp + 0x483530] mov dh, byte [ebp + ref_00483430] ; mov dh, byte [ebp + 0x483430] shr eax, cl mov dl, al shl dl, 2 shr dx, 2 add cl, 6 mov eax, ecx and eax, 0xff pop ecx add ecx, eax cmp dx, 0xfff je short loc_004550c6 ; je 0x4550c6 mov ebp, ecx sub ebx, 0xfd push esi lea esi, [edi - 1] sub esi, edx mov ecx, ebx rep movsb ; rep movsb byte es:[edi], byte ptr [esi] pop esi mov ecx, ebp jmp short loc_00455060 ; jmp 0x455060 loc_004550c6: pop edi pop esi pop ecx pop ebx pop ebp ret fcn_004550cc: mov edx, 0x141 xor ebp, ebp xor ecx, ecx loc_004550d5: mov cx, word [ebp + ref_004856c4] ; mov cx, word [ebp + 0x4856c4] test word [ecx + ref_004847bc], 1 ; test word [ecx + 0x4847bc], 1 je short loc_004550ee ; je 0x4550ee mov ebx, ebp call fcn_0045511b ; call 0x45511b loc_004550ee: add ebp, 2 dec edx jne short loc_004550d5 ; jne 0x4550d5 xor ebx, ebx loc_004550f6: shr word [ebx + ref_004847bc], 1 ; shr word [ebx + 0x4847bc], 1 add ebx, 2 cmp ebx, 0x502 jb short loc_004550f6 ; jb 0x4550f6 ret fcn_00455109: cmp word [ref_00484cbc], 0x8000 ; cmp word [0x484cbc], 0x8000 jne short fcn_0045511b ; jne 0x45511b push ebx call fcn_004550cc ; call 0x4550cc pop ebx fcn_0045511b: mov bx, word [ebx + ref_004856c4] ; mov bx, word [ebx + 0x4856c4] loc_00455122: inc word [ebx + ref_004847bc] ; inc word [ebx + 0x4847bc] mov ax, word [ebx + ref_004847bc] ; mov ax, word [ebx + 0x4847bc] cmp ax, word [ebx + ref_004847be] ; cmp ax, word [ebx + 0x4847be] jbe short loc_004551aa ; jbe 0x4551aa lea edi, [ebx + ref_004847be] ; lea edi, [ebx + 0x4847be] mov ecx, 0x282 dec ax repe scasw ; repe scasw ax, word es:[edi] sub edi, ref_004847c0 ; sub edi, 0x4847c0 inc ax xchg word [edi + ref_004847bc], ax ; xchg word [edi + 0x4847bc], ax mov word [ebx + ref_004847bc], ax ; mov word [ebx + 0x4847bc], ax mov ax, word [ebx + ref_00484cc0] ; mov ax, word [ebx + 0x484cc0] mov cx, word [edi + ref_00484cc0] ; mov cx, word [edi + 0x484cc0] mov word [ecx + ref_004851c2], bx ; mov word [ecx + 0x4851c2], bx cmp cx, 0x502 jae short loc_00455182 ; jae 0x455182 mov word [ecx + ref_004851c4], bx ; mov word [ecx + 0x4851c4], bx loc_00455182: xchg ax, cx mov word [ecx + ref_004851c2], di ; mov word [ecx + 0x4851c2], di cmp cx, 0x502 jae short loc_00455199 ; jae 0x455199 mov word [ecx + ref_004851c4], di ; mov word [ecx + 0x4851c4], di loc_00455199: mov word [ebx + ref_00484cc0], ax ; mov word [ebx + 0x484cc0], ax mov word [edi + ref_00484cc0], cx ; mov word [edi + 0x484cc0], cx mov bx, di loc_004551aa: mov bx, word [ebx + ref_004851c2] ; mov bx, word [ebx + 0x4851c2] or bx, bx jne near loc_00455122 ; jne 0x455122 ret fcn_004551bb: mov ebx, 0x500 loc_004551c0: mov bx, word [ebx + ref_00484cc0] ; mov bx, word [ebx + 0x484cc0] cmp bx, 0x502 jae short loc_004551da ; jae 0x4551da bt dword [esi], ecx inc ecx jae short loc_004551c0 ; jae 0x4551c0 add bx, 2 jmp short loc_004551c0 ; jmp 0x4551c0 loc_004551da: sub ebx, 0x502 push ebx push ecx push edi call fcn_00455109 ; call 0x455109 pop edi pop ecx pop ebx shr bx, 1 ret endloc_004551ef: db 0x00 fcn_004551f0: push ebp mov ebp, esp push ebx push ecx push esi push edi mov eax, dword [ebp + 8] mov ecx, dword [ref_0047637c] ; mov ecx, dword [0x47637c] call dword [ecx*4 + ref_00485948] ; ucall: call dword [ecx*4 + 0x485948] pop edi pop esi pop ecx pop ebx pop ebp ret fcn_0045520d: push ebp mov ebp, esp push ebx push ecx push esi push edi mov esi, dword [ebp + 0xc] mov edi, dword [ebp + 8] mov ecx, dword [ebp + 0x10] mov ebp, dword [ref_0047637c] ; mov ebp, dword [0x47637c] loc_00455223: mov eax, dword [esi] bswap eax shr eax, 8 call dword [ebp*4 + ref_00485948] ; ucall: call dword [ebp*4 + 0x485948] db 0x66, 0xab ; stosw word es:[edi], ax add esi, 3 loop loc_00455223 ; loop 0x455223 pop edi pop esi pop ecx pop ebx pop ebp ret fcn_0045523e: shld ebx, eax, 0x1d and ebx, 0x1f shld edx, eax, 0x1a and edx, 0x3e0 shr eax, 9 and eax, 0x7c00 or eax, edx or eax, ebx ret fcn_0045525c: shld ebx, eax, 0x1d and ebx, 0x1f shld edx, eax, 0x1b and edx, 0x7e0 shr eax, 8 and eax, 0xf800 or eax, edx or eax, ebx ret fcn_0045527a: shrd ebx, eax, 0x18 and ebx, 0xf800 shld edx, eax, 0x1b and edx, 0x7e0 shr eax, 0x13 and eax, 0x1f or eax, edx or eax, ebx ret fcn_00455299: shld ebx, eax, 0x1c and ebx, 0xf shld edx, eax, 0x18 and edx, 0xf0 shr eax, 0xc and eax, 0xf00 or eax, edx or eax, ebx ret fcn_004552b7: push ebp mov ebp, esp push ebx push ecx push esi push edi mov edi, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov ecx, dword [ebp + 0x10] mov ebx, dword [ebp + 0x14] shl ebx, 5 add ebx, ref_00485d68 ; add ebx, 0x485d68 shr ecx, 1 mov eax, dword [ref_0047637c] ; mov eax, dword [0x47637c] call dword [eax*4 + ref_00485958] ; ucall: call dword [eax*4 + 0x485958] pop edi pop esi pop ecx pop ebx pop ebp ret fcn_004552e7: push ebp mov ebp, esp push ebx push ecx push esi push edi mov edi, dword [ebp + 8] movzx ebx, word [edi] mov eax, ebx mov edi, dword [edi + 8] mul dword [ebp + 0x10] add eax, dword [ebp + 0xc] lea edi, [edi + eax*2] mov esi, edi sub ebx, dword [ebp + 0x14] add ebx, ebx mov dword [ebp + 0xc], ebx mov ebx, dword [ebp + 0x1c] shl ebx, 5 add ebx, ref_00485d68 ; add ebx, 0x485d68 loc_00455318: mov ecx, dword [ebp + 0x14] mov eax, dword [ref_0047637c] ; mov eax, dword [0x47637c] call dword [eax*4 + ref_00485958] ; ucall: call dword [eax*4 + 0x485958] add esi, dword [ebp + 0xc] mov edi, esi dec dword [ebp + 0x18] jne short loc_00455318 ; jne 0x455318 pop edi pop esi pop ecx pop ebx pop ebp ret fcn_00455337: db 0x66, 0xad ; lodsw ax, word [esi] shrd edx, eax, 0x10 and eax, 0x1f mov dl, byte [ebx + eax] shld eax, edx, 0xb and eax, 0x1f mov dh, byte [ebx + eax] shld eax, edx, 6 and eax, 0x1f mov al, byte [ebx + eax] shl dx, 3 shld ax, dx, 5 mov dh, dl shld ax, dx, 5 db 0x66, 0xab ; stosw word es:[edi], ax loop fcn_00455337 ; loop 0x455337 ret fcn_0045536c: db 0x66, 0xad ; lodsw ax, word [esi] shrd edx, eax, 0x10 and eax, 0x1f mov dl, byte [ebx + eax] shld eax, edx, 0xa and eax, 0x1f mov dh, byte [ebx + eax] shld eax, edx, 5 and eax, 0x1f mov al, byte [ebx + eax] shl dx, 3 shld ax, dx, 6 mov dh, dl shld ax, dx, 5 db 0x66, 0xab ; stosw word es:[edi], ax loop fcn_0045536c ; loop 0x45536c ret fcn_004553a1: push ebx sar ebx, 1 loc_004553a4: db 0x66, 0xad ; lodsw ax, word [esi] shrd edx, eax, 0x10 and eax, 0xf mov dl, byte [ebx + eax] shld eax, edx, 0xc and eax, 0xf mov dh, byte [ebx + eax] shld eax, edx, 8 and eax, 0xf mov al, byte [ebx + eax] shl dx, 4 shld ax, dx, 4 mov dh, dl shld ax, dx, 4 db 0x66, 0xab ; stosw word es:[edi], ax loop loc_004553a4 ; loop 0x4553a4 pop ebx ret fcn_004553da: push ebp mov ebp, esp push ebx push ecx push esi push edi mov edi, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov ecx, dword [ebp + 0x10] shr ecx, 1 mov eax, dword [ref_0047637c] ; mov eax, dword [0x47637c] call dword [eax*4 + ref_00485968] ; ucall: call dword [eax*4 + 0x485968] pop edi pop esi pop ecx pop ebx pop ebp ret fcn_004553fe: push ebp mov ebp, esp push ebx push ecx push esi push edi mov edi, dword [ebp + 8] movzx ebx, word [edi] mov eax, ebx mov edi, dword [edi + 8] mul dword [ebp + 0x10] add eax, dword [ebp + 0xc] lea edi, [edi + eax*2] mov esi, edi sub ebx, dword [ebp + 0x14] add ebx, ebx mov dword [ebp + 0xc], ebx loc_00455423: mov ecx, dword [ebp + 0x14] mov eax, dword [ref_0047637c] ; mov eax, dword [0x47637c] call dword [eax*4 + ref_00485968] ; ucall: call dword [eax*4 + 0x485968] add esi, dword [ebp + 0xc] mov edi, esi dec dword [ebp + 0x18] jne short loc_00455423 ; jne 0x455423 pop edi pop esi pop ecx pop ebx pop ebp ret fcn_00455442: db 0x66, 0xad ; lodsw ax, word [esi] or ax, ax je short loc_0045547a ; je 0x45547a shrd edx, eax, 0x10 and eax, 0x1f shld ebx, edx, 0xb and ebx, 0x1f add eax, ebx shld ebx, edx, 6 and ebx, 0x1f add eax, ebx add eax, 0x10 shr eax, 2 shrd bx, ax, 5 shrd bx, ax, 5 shrd bx, ax, 6 mov word [edi], bx loc_0045547a: add edi, 2 loop fcn_00455442 ; loop 0x455442 ret fcn_00455480: db 0x66, 0xad ; lodsw ax, word [esi] or ax, ax je short loc_004554b8 ; je 0x4554b8 shrd edx, eax, 0x10 and eax, 0x1f shld ebx, edx, 0xa and ebx, 0x1f add eax, ebx shld ebx, edx, 5 and ebx, 0x1f add eax, ebx add eax, 0x10 shr eax, 2 shrd bx, ax, 6 shrd bx, ax, 5 shrd bx, ax, 5 mov word [edi], bx loc_004554b8: add edi, 2 loop fcn_00455480 ; loop 0x455480 ret fcn_004554be: db 0x66, 0xad ; lodsw ax, word [esi] or ax, ax je short loc_004554f6 ; je 0x4554f6 shrd edx, eax, 0x10 and eax, 0xf shld ebx, edx, 0xc and ebx, 0xf add eax, ebx shld ebx, edx, 8 and ebx, 0xf add eax, ebx add eax, 8 shr eax, 2 shrd bx, ax, 4 shrd bx, ax, 4 shrd bx, ax, 8 mov word [edi], bx loc_004554f6: add edi, 2 loop fcn_004554be ; loop 0x4554be ret fcn_004554fc: push ebp mov ebp, esp push ebx push ecx push esi push edi mov edi, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov edx, dword [ebp + 0x10] mov ebx, dword [ebp + 0x1c] shl ebx, 5 add ebx, ref_00485d68 ; add ebx, 0x485d68 loc_00455518: push esi push edi mov ecx, dword [ebp + 0x14] loc_0045551d: cmp word [edx], 0xffff je short loc_00455543 ; je 0x455543 add esi, 2 add edi, 2 loc_00455529: add edx, 2 loop loc_0045551d ; loop 0x45551d pop edi pop esi add esi, 0x500 add edi, dword [ref_0048a060] ; add edi, dword [0x48a060] dec dword [ebp + 0x18] jne short loc_00455518 ; jne 0x455518 jmp short loc_0045555a ; jmp 0x45555a loc_00455543: push edx push ecx mov ecx, 1 mov eax, dword [ref_0047637c] ; mov eax, dword [0x47637c] call dword [eax*4 + ref_00485958] ; ucall: call dword [eax*4 + 0x485958] pop ecx pop edx jmp short loc_00455529 ; jmp 0x455529 loc_0045555a: pop edi pop esi pop ecx pop ebx pop ebp ret fcn_00455560: push ebp mov ebp, esp push ebx push ecx push esi push edi mov edi, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov ebx, dword [ref_0047637c] ; mov ebx, dword [0x47637c] movzx edx, word [ebx*2 + ref_00486188] ; movzx edx, word [ebx*2 + 0x486188] movzx ebx, word [ebx*2 + ref_00486190] ; movzx ebx, word [ebx*2 + 0x486190] loc_00455583: push edi mov ecx, dword [ebp + 0x10] shr ecx, 1 loc_00455589: lodsd ; lodsd eax, dword [esi] cmp ax, 0x2711 je short loc_004555a9 ; je 0x4555a9 cmp ax, 0x2712 je short loc_004555b4 ; je 0x4555b4 loc_00455596: add edi, 4 loop loc_00455589 ; loop 0x455589 pop edi add edi, 0x500 dec dword [ebp + 0x14] jne short loc_00455583 ; jne 0x455583 jmp short loc_004555bf ; jmp 0x4555bf loc_004555a9: mov dword [esi - 4], 0 or dword [edi], edx jmp short loc_00455596 ; jmp 0x455596 loc_004555b4: mov dword [esi - 4], 0 or dword [edi], ebx jmp short loc_00455596 ; jmp 0x455596 loc_004555bf: pop edi pop esi pop ecx pop ebx pop ebp ret fcn_004555c5: push ebp mov ebp, esp push ebx push ecx push esi push edi mov esi, dword [ebp + 8] add esi, dword [esi + 8] mov edi, esi mov ecx, 0x100 mov eax, dword [ref_0047637c] ; mov eax, dword [0x47637c] call dword [eax*4 + ref_00485978] ; ucall: call dword [eax*4 + 0x485978] pop edi pop esi pop ecx pop ebx pop ebp ret fcn_004555eb: db 0x66, 0xad ; lodsw ax, word [esi] shrd edx, eax, 0x10 and eax, 0x1f shld ebx, edx, 0xb and ebx, 0x1f add eax, ebx shld ebx, edx, 6 and ebx, 0x1f add eax, ebx add eax, 0x28 shr eax, 2 mov dx, 0x1f shrd bx, dx, 5 shrd bx, ax, 5 shrd bx, ax, 6 mov word [edi], bx add edi, 2 loop fcn_004555eb ; loop 0x4555eb ret fcn_00455628: db 0x66, 0xad ; lodsw ax, word [esi] shrd edx, eax, 0x10 and eax, 0x1f shld ebx, edx, 0xa and ebx, 0x1f add eax, ebx shld ebx, edx, 5 and ebx, 0x1f add eax, ebx add eax, 0x1f shr eax, 2 and eax, 0x1f add al, byte [eax + ref_00486168] ; add al, byte [eax + 0x486168] mov dx, 0x1f shrd bx, dx, 6 shrd bx, ax, 5 shrd bx, ax, 5 mov word [edi], bx add edi, 2 loop fcn_00455628 ; loop 0x455628 ret fcn_0045566e: db 0x66, 0xad ; lodsw ax, word [esi] shrd edx, eax, 0x10 and eax, 0x1f shld ebx, edx, 0xa and ebx, 0x1f add eax, ebx shld ebx, edx, 5 and ebx, 0x1f add eax, ebx add eax, 0x28 shr eax, 2 shrd bx, ax, 6 shrd bx, ax, 5 mov ax, 0x1f shrd bx, ax, 5 mov word [edi], bx add edi, 2 loop fcn_0045566e ; loop 0x45566e ret fcn_004556ab: db 0x66, 0xad ; lodsw ax, word [esi] shrd edx, eax, 0x10 and eax, 0xf shld ebx, edx, 0xc and ebx, 0xf add eax, ebx shld ebx, edx, 8 and ebx, 0xf add eax, ebx add eax, 0x14 shr eax, 2 mov dx, 0x1f shrd bx, dx, 4 shrd bx, ax, 4 shrd bx, ax, 8 mov word [edi], bx add edi, 2 loop fcn_004556ab ; loop 0x4556ab ret fcn_004556e8: push ebp mov ebp, esp push ebx push ecx push esi push edi mov edi, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov ebx, 0x1b8 mov edx, 0x190 loc_004556ff: mov ecx, 0xdc rep movsd ; rep movsd dword es:[edi], dword ptr [esi] add esi, edx dec ebx jne short loc_004556ff ; jne 0x4556ff pop edi pop esi pop ecx pop ebx pop ebp ret fcn_00455711: push ebp mov ebp, esp push ebx push ecx push esi push edi mov edi, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] mov ebp, dword [ref_0048a060] ; mov ebp, dword [0x48a060] sub ebp, 0x370 mov bl, byte [ebx + ref_00486198] ; mov bl, byte [ebx + 0x486198] or bl, bl je short loc_00455762 ; je 0x455762 shl ebx, 5 add ebx, ref_00485d68 ; add ebx, 0x485d68 mov ecx, 0x1b8 loc_00455745: push ecx mov ecx, 0x1b8 mov eax, dword [ref_0047637c] ; mov eax, dword [0x47637c] call dword [eax*4 + ref_00485958] ; ucall: call dword [eax*4 + 0x485958] pop ecx add edi, ebp loop loc_00455745 ; loop 0x455745 pop edi pop esi pop ecx pop ebx pop ebp ret loc_00455762: mov ebx, 0x1b8 loc_00455767: mov ecx, 0xdc rep movsd ; rep movsd dword es:[edi], dword ptr [esi] add edi, ebp dec ebx jne short loc_00455767 ; jne 0x455767 pop edi pop esi pop ecx pop ebx pop ebp ret endloc_00455779: db 0x00 db 0x00 db 0x00 fcn_0045577c: push ebp mov ebp, esp mov eax, dword [ebp + 8] mov dword [ref_004861b8], eax ; mov dword [0x4861b8], eax mov eax, dword [ebp + 0xc] mov dword [ref_004861bc], eax ; mov dword [0x4861bc], eax mov eax, dword [ebp + 0x10] mov dword [ref_004861c0], eax ; mov dword [0x4861c0], eax mov eax, dword [ebp + 0x14] mov dword [ref_004861c4], eax ; mov dword [0x4861c4], eax pop ebp ret fcn_004557a1: push ebp mov ebp, esp push ebx push ecx push esi push edi mov eax, dword [ebp + 8] mov dword [ref_004861cc], eax ; mov dword [0x4861cc], eax mov eax, dword [ebp + 0xc] mov dword [ref_004861c8], eax ; mov dword [0x4861c8], eax mov ebp, dword [ebp + 0x10] mov dword [ref_004861ec], 0x7fff ; mov dword [0x4861ec], 0x7fff xor ebx, ebx mov edx, 0x1f0000 mov esi, dword [ebp] mov edi, dword [ebp + 4] mov ecx, 0x200000 call fcn_0045596a ; call 0x45596a mov ebx, 0x1f0000 mov edx, 0x1f001f mov esi, dword [ebp + 4] mov edi, dword [ebp + 8] mov ecx, 0x20 call fcn_0045596a ; call 0x45596a mov ebx, 0x1f001f mov edx, 0x1f mov esi, dword [ebp + 8] mov edi, dword [ebp + 0xc] mov ecx, 0xffe00000 call fcn_0045596a ; call 0x45596a mov ebx, 0x1f xor edx, edx mov esi, dword [ebp + 0xc] mov edi, dword [ebp] mov ecx, 0xffe0 call fcn_0045596a ; call 0x45596a mov esi, dword [ref_004861ec] ; mov esi, dword [0x4861ec] cmp esi, 0x7fff je near loc_00455964 ; je 0x455964 mov edi, esi mov eax, esi shl edi, 0xa shl eax, 8 add edi, eax add edi, dword [ref_004861cc] ; add edi, dword [0x4861cc] shl esi, 2 loc_0045584e: mov ebx, dword [esi + ref_004861f0] ; mov ebx, dword [esi + 0x4861f0] mov ecx, dword [esi + ref_00486970] ; mov ecx, dword [esi + 0x486970] cmp ebx, 0x7fff0000 je near loc_00455964 ; je 0x455964 sar ebx, 0x10 sar ecx, 0x10 mov ebp, ecx sub ebp, ebx je near loc_0045593b ; je 0x45593b cmp ecx, dword [ref_004861b8] ; cmp ecx, dword [0x4861b8] jle near loc_0045593b ; jle 0x45593b cmp ebx, dword [ref_004861c0] ; cmp ebx, dword [0x4861c0] jge near loc_0045593b ; jge 0x45593b mov eax, dword [esi + ref_00487ff0] ; mov eax, dword [esi + 0x487ff0] sub eax, dword [esi + ref_004870f0] ; sub eax, dword [esi + 0x4870f0] cdq idiv ebp mov dword [ref_004861dc], eax ; mov dword [0x4861dc], eax mov eax, dword [esi + ref_00488770] ; mov eax, dword [esi + 0x488770] sub eax, dword [esi + ref_00487870] ; sub eax, dword [esi + 0x487870] cdq idiv ebp mov dword [ref_004861e0], eax ; mov dword [0x4861e0], eax cmp ebx, dword [ref_004861b8] ; cmp ebx, dword [0x4861b8] jge short loc_004558e9 ; jge 0x4558e9 mov eax, dword [ref_004861b8] ; mov eax, dword [0x4861b8] sub eax, ebx mov ebx, eax sub ebp, ebx imul dword [ref_004861dc] ; imul dword [0x4861dc] add dword [esi + ref_004870f0], eax ; add dword [esi + 0x4870f0], eax mov eax, ebx imul dword [ref_004861e0] ; imul dword [0x4861e0] add dword [esi + ref_00487870], eax ; add dword [esi + 0x487870], eax mov ebx, dword [ref_004861b8] ; mov ebx, dword [0x4861b8] loc_004558e9: sub ecx, dword [ref_004861c0] ; sub ecx, dword [0x4861c0] jle short loc_004558f3 ; jle 0x4558f3 sub ebp, ecx loc_004558f3: mov edx, dword [ref_004861c8] ; mov edx, dword [0x4861c8] push edi lea edi, [edi + ebx*2] mov ecx, dword [esi + ref_004870f0] ; mov ecx, dword [esi + 0x4870f0] mov ebx, dword [esi + ref_00487870] ; mov ebx, dword [esi + 0x487870] push esi loc_0045590a: shld eax, ecx, 0x10 shld esi, ebx, 0x15 and eax, 0x1f and esi, 0x3e0 add esi, eax mov al, byte [edx + esi] mov ax, word [eax*2 + ref_0048b6b4] ; mov ax, word [eax*2 + 0x48b6b4] db 0x66, 0xab ; stosw word es:[edi], ax add ecx, dword [ref_004861dc] ; add ecx, dword [0x4861dc] add ebx, dword [ref_004861e0] ; add ebx, dword [0x4861e0] dec ebp jne short loc_0045590a ; jne 0x45590a pop esi pop edi loc_0045593b: mov dword [esi + ref_004861f0], 0x7fff0000 ; mov dword [esi + 0x4861f0], 0x7fff0000 mov dword [esi + ref_00486970], 0x80000000 ; mov dword [esi + 0x486970], 0x80000000 add edi, 0x500 add esi, 4 cmp esi, 0x780 jb near loc_0045584e ; jb 0x45584e loc_00455964: pop edi pop esi pop ecx pop ebx pop ebp ret fcn_0045596a: push ebp mov bp, di sub bp, si je near loc_00455af1 ; je 0x455af1 jg short loc_0045597d ; jg 0x45597d mov ebx, edx xchg edi, esi loc_0045597d: cmp di, word [ref_004861bc] ; cmp di, word [0x4861bc] jle near loc_00455af1 ; jle 0x455af1 cmp si, word [ref_004861c4] ; cmp si, word [0x4861c4] jge near loc_00455af1 ; jge 0x455af1 mov ax, si cmp ax, word [ref_004861ec] ; cmp ax, word [0x4861ec] jge short loc_004559b8 ; jge 0x4559b8 cmp ax, word [ref_004861bc] ; cmp ax, word [0x4861bc] jge short loc_004559b2 ; jge 0x4559b2 mov ax, word [ref_004861bc] ; mov ax, word [0x4861bc] loc_004559b2: mov word [ref_004861ec], ax ; mov word [0x4861ec], ax loc_004559b8: mov eax, ebx and eax, 0xffff0000 mov dword [ref_004861d0], eax ; mov dword [0x4861d0], eax shl ebx, 0x10 mov dword [ref_004861d4], ebx ; mov dword [0x4861d4], ebx movsx ebp, bp mov eax, ecx and eax, 0xffff0000 cdq idiv ebp cdq mov word [ref_004861d0], dx ; mov word [0x4861d0], dx mov dword [ref_004861dc], eax ; mov dword [0x4861dc], eax shrd eax, ecx, 0x10 and eax, 0xffff0000 cdq idiv ebp cdq mov word [ref_004861d4], dx ; mov word [0x4861d4], dx mov dword [ref_004861e0], eax ; mov dword [0x4861e0], eax or ebp, ebp pushfd jns short loc_00455a07 ; jns 0x455a07 neg ebp loc_00455a07: mov eax, edi mov ebx, esi and eax, 0xffff0000 and ebx, 0xffff0000 mov dword [ref_004861d8], ebx ; mov dword [0x4861d8], ebx sub eax, ebx cdq idiv ebp mov dword [ref_004861e4], eax ; mov dword [0x4861e4], eax cmp si, word [ref_004861bc] ; cmp si, word [0x4861bc] jge short loc_00455a69 ; jge 0x455a69 mov eax, dword [ref_004861bc] ; mov eax, dword [0x4861bc] sub ax, si mov esi, eax sub ebp, esi imul dword [ref_004861dc] ; imul dword [0x4861dc] add dword [ref_004861d0], eax ; add dword [0x4861d0], eax mov eax, esi imul dword [ref_004861e0] ; imul dword [0x4861e0] add dword [ref_004861d4], eax ; add dword [0x4861d4], eax mov eax, esi imul dword [ref_004861e4] ; imul dword [0x4861e4] add dword [ref_004861d8], eax ; add dword [0x4861d8], eax mov esi, dword [ref_004861bc] ; mov esi, dword [0x4861bc] loc_00455a69: sub di, word [ref_004861c4] ; sub di, word [0x4861c4] jle short loc_00455a77 ; jle 0x455a77 movzx edi, di sub ebp, edi loc_00455a77: mov dword [ref_004861e8], ebp ; mov dword [0x4861e8], ebp mov eax, dword [ref_004861d0] ; mov eax, dword [0x4861d0] mov ebx, dword [ref_004861dc] ; mov ebx, dword [0x4861dc] mov ecx, dword [ref_004861d4] ; mov ecx, dword [0x4861d4] mov edx, dword [ref_004861e0] ; mov edx, dword [0x4861e0] mov edi, dword [ref_004861d8] ; mov edi, dword [0x4861d8] mov ebp, dword [ref_004861e4] ; mov ebp, dword [0x4861e4] and esi, 0xffff shl esi, 2 popfd js short loc_00455af3 ; js 0x455af3 loc_00455aac: cmp edi, dword [esi + ref_004861f0] ; cmp edi, dword [esi + 0x4861f0] jge short loc_00455ac6 ; jge 0x455ac6 mov dword [esi + ref_004861f0], edi ; mov dword [esi + 0x4861f0], edi mov dword [esi + ref_00487ff0], eax ; mov dword [esi + 0x487ff0], eax mov dword [esi + ref_00488770], ecx ; mov dword [esi + 0x488770], ecx loc_00455ac6: cmp edi, dword [esi + ref_00486970] ; cmp edi, dword [esi + 0x486970] jle short loc_00455ae0 ; jle 0x455ae0 mov dword [esi + ref_00486970], edi ; mov dword [esi + 0x486970], edi mov dword [esi + ref_00487ff0], eax ; mov dword [esi + 0x487ff0], eax mov dword [esi + ref_00488770], ecx ; mov dword [esi + 0x488770], ecx loc_00455ae0: add eax, ebx add ecx, edx add edi, ebp add esi, 4 dec dword [ref_004861e8] ; dec dword [0x4861e8] jne short loc_00455aac ; jne 0x455aac loc_00455af1: pop ebp ret loc_00455af3: cmp edi, dword [esi + ref_004861f0] ; cmp edi, dword [esi + 0x4861f0] jge short loc_00455b0d ; jge 0x455b0d mov dword [esi + ref_004861f0], edi ; mov dword [esi + 0x4861f0], edi mov dword [esi + ref_004870f0], eax ; mov dword [esi + 0x4870f0], eax mov dword [esi + ref_00487870], ecx ; mov dword [esi + 0x487870], ecx loc_00455b0d: cmp edi, dword [esi + ref_00486970] ; cmp edi, dword [esi + 0x486970] jle short loc_00455b27 ; jle 0x455b27 mov dword [esi + ref_00486970], edi ; mov dword [esi + 0x486970], edi mov dword [esi + ref_004870f0], eax ; mov dword [esi + 0x4870f0], eax mov dword [esi + ref_00487870], ecx ; mov dword [esi + 0x487870], ecx loc_00455b27: add eax, ebx add ecx, edx add edi, ebp add esi, 4 dec dword [ref_004861e8] ; dec dword [0x4861e8] jne short loc_00455af3 ; jne 0x455af3 pop ebp ret fcn_00455b3a: push ebp mov ebp, esp sub esp, 0x10 push ebx push ecx push esi push edi mov ebx, 1 mov esi, dword [ebp + 0x14] movsx eax, word [esi + 4] sub dword [ebp + 0x18], eax movsx eax, word [esi + 6] sub dword [ebp + 0x1c], eax mov eax, dword [ebp + 0x18] cmp eax, dword [ebp + 8] jge near loc_00455c47 ; jge 0x455c47 movzx edx, word [esi] add eax, edx jle near loc_00455c47 ; jle 0x455c47 mov eax, dword [ebp + 0x1c] cmp eax, dword [ebp + 0xc] jge near loc_00455c47 ; jge 0x455c47 movzx edx, word [esi + 2] add eax, edx jle near loc_00455c47 ; jle 0x455c47 mov dword [ebp - 4], 0 mov dword [ebp - 8], 0 movzx eax, word [esi] mov dword [ebp - 0xc], eax mov ax, word [esi + 2] mov dword [ebp - 0x10], eax xor eax, eax cmp dword [ebp + 0x18], eax jge short loc_00455bb6 ; jge 0x455bb6 xchg dword [ebp + 0x18], eax sub dword [ebp - 4], eax add dword [ebp - 0xc], eax jmp short loc_00455bc4 ; jmp 0x455bc4 loc_00455bb6: mov eax, dword [ebp - 0xc] add eax, dword [ebp + 0x18] sub eax, dword [ebp + 8] jle short loc_00455bc4 ; jle 0x455bc4 sub dword [ebp - 0xc], eax loc_00455bc4: xor eax, eax cmp dword [ebp + 0x1c], eax jge short loc_00455bd6 ; jge 0x455bd6 xchg dword [ebp + 0x1c], eax sub dword [ebp - 8], eax add dword [ebp - 0x10], eax jmp short loc_00455be4 ; jmp 0x455be4 loc_00455bd6: mov eax, dword [ebp - 0x10] add eax, dword [ebp + 0x1c] sub eax, dword [ebp + 0xc] jle short loc_00455be4 ; jle 0x455be4 sub dword [ebp - 0x10], eax loc_00455be4: movzx eax, word [esi] mov ebx, eax mul dword [ebp - 8] add eax, dword [ebp - 4] mov esi, dword [esi + 8] lea esi, [esi + eax*2] sub ebx, dword [ebp - 0xc] add ebx, ebx mov dword [ebp - 4], ebx mov eax, dword [ebp + 8] sub eax, dword [ebp - 0xc] add eax, eax mov dword [ebp - 8], eax mov edi, dword [ebp + 0x1c] imul edi, dword [ebp + 8] add edi, dword [ebp + 0x18] add edi, edi add edi, dword [ebp + 0x10] mov eax, dword [ebp - 0xc] mov ebx, dword [ebp - 0x10] mov edx, dword [ebp - 4] mov ebp, dword [ebp - 8] or eax, eax je short loc_00455c47 ; je 0x455c47 loc_00455c27: mov ecx, eax test edi, 3 je short loc_00455c34 ; je 0x455c34 db 0x66, 0xa5 ; movsw word es:[edi], word ptr [esi] dec ecx loc_00455c34: shr ecx, 1 rep movsd ; rep movsd dword es:[edi], dword ptr [esi] adc ecx, 0 db 0xf3, 0x66, 0xa5 ; rep movsw word es:[edi], word ptr [esi] add esi, edx add edi, ebp dec ebx jne short loc_00455c27 ; jne 0x455c27 xor ebx, ebx loc_00455c47: mov eax, ebx pop edi pop esi pop ecx pop ebx add esp, 0x10 pop ebp ret fcn_00455c52: push ebp mov ebp, esp sub esp, 0x10 push ebx push ecx push esi push edi mov ebx, 1 mov esi, dword [ebp + 0x14] movsx eax, word [esi + 4] sub dword [ebp + 0x18], eax movsx eax, word [esi + 6] sub dword [ebp + 0x1c], eax cmp dword [ebp + 0x20], 1 je near loc_00455d12 ; je 0x455d12 mov eax, dword [ebp + 0x18] cmp eax, dword [ebp + 8] jge near loc_00455e19 ; jge 0x455e19 movzx edx, word [esi] add eax, edx jle near loc_00455e19 ; jle 0x455e19 mov eax, dword [ebp + 0x1c] cmp eax, dword [ebp + 0xc] jge near loc_00455e19 ; jge 0x455e19 movzx edx, word [esi + 2] add eax, edx jle near loc_00455e19 ; jle 0x455e19 mov dword [ebp - 4], 0 mov dword [ebp - 8], 0 movzx eax, word [esi] mov dword [ebp - 0xc], eax mov ax, word [esi + 2] mov dword [ebp - 0x10], eax xor eax, eax cmp dword [ebp + 0x18], eax jge short loc_00455cd8 ; jge 0x455cd8 xchg dword [ebp + 0x18], eax sub dword [ebp - 4], eax add dword [ebp - 0xc], eax jmp short loc_00455ce6 ; jmp 0x455ce6 loc_00455cd8: mov eax, dword [ebp - 0xc] add eax, dword [ebp + 0x18] sub eax, dword [ebp + 8] jle short loc_00455ce6 ; jle 0x455ce6 sub dword [ebp - 0xc], eax loc_00455ce6: xor eax, eax cmp dword [ebp + 0x1c], eax jge short loc_00455cfb ; jge 0x455cfb xchg dword [ebp + 0x1c], eax sub dword [ebp - 8], eax add dword [ebp - 0x10], eax jmp near loc_00455dc4 ; jmp 0x455dc4 loc_00455cfb: mov eax, dword [ebp - 0x10] add eax, dword [ebp + 0x1c] sub eax, dword [ebp + 0xc] jle near loc_00455dc4 ; jle 0x455dc4 sub dword [ebp - 0x10], eax jmp near loc_00455dc4 ; jmp 0x455dc4 loc_00455d12: mov eax, dword [ebp + 0x18] cmp eax, dword [ref_004861c0] ; cmp eax, dword [0x4861c0] jge near loc_00455e19 ; jge 0x455e19 movzx edx, word [esi] add eax, edx cmp eax, dword [ref_004861b8] ; cmp eax, dword [0x4861b8] jle near loc_00455e19 ; jle 0x455e19 mov eax, dword [ebp + 0x1c] cmp eax, dword [ref_004861c4] ; cmp eax, dword [0x4861c4] jge near loc_00455e19 ; jge 0x455e19 movzx edx, word [esi + 2] add eax, edx cmp eax, dword [ref_004861bc] ; cmp eax, dword [0x4861bc] jle near loc_00455e19 ; jle 0x455e19 mov dword [ebp - 4], 0 mov dword [ebp - 8], 0 movzx eax, word [esi] mov dword [ebp - 0xc], eax mov ax, word [esi + 2] mov dword [ebp - 0x10], eax mov eax, dword [ref_004861b8] ; mov eax, dword [0x4861b8] cmp dword [ebp + 0x18], eax jge short loc_00455d88 ; jge 0x455d88 mov edx, dword [ebp + 0x18] mov dword [ebp + 0x18], eax sub eax, edx add dword [ebp - 4], eax sub dword [ebp - 0xc], eax jmp short loc_00455d99 ; jmp 0x455d99 loc_00455d88: mov eax, dword [ebp - 0xc] add eax, dword [ebp + 0x18] sub eax, dword [ref_004861c0] ; sub eax, dword [0x4861c0] jle short loc_00455d99 ; jle 0x455d99 sub dword [ebp - 0xc], eax loc_00455d99: mov eax, dword [ref_004861bc] ; mov eax, dword [0x4861bc] cmp dword [ebp + 0x1c], eax jge short loc_00455db3 ; jge 0x455db3 mov edx, dword [ebp + 0x1c] mov dword [ebp + 0x1c], eax sub eax, edx add dword [ebp - 8], eax sub dword [ebp - 0x10], eax jmp short loc_00455dc4 ; jmp 0x455dc4 loc_00455db3: mov eax, dword [ebp - 0x10] add eax, dword [ebp + 0x1c] sub eax, dword [ref_004861c4] ; sub eax, dword [0x4861c4] jle short loc_00455dc4 ; jle 0x455dc4 sub dword [ebp - 0x10], eax loc_00455dc4: movzx eax, word [esi] mov ebx, eax mul dword [ebp - 8] add eax, dword [ebp - 4] mov esi, dword [esi + 8] lea esi, [esi + eax*2] sub ebx, dword [ebp - 0xc] add ebx, ebx mov dword [ebp - 4], ebx mov eax, dword [ebp + 8] sub eax, dword [ebp - 0xc] add eax, eax mov dword [ebp - 8], eax mov edi, dword [ebp + 0x1c] imul edi, dword [ebp + 8] add edi, dword [ebp + 0x18] add edi, edi add edi, dword [ebp + 0x10] mov edx, dword [ebp - 0xc] mov ebx, dword [ebp - 0x10] loc_00455dfd: mov ecx, edx loc_00455dff: db 0x66, 0xad ; lodsw ax, word [esi] or ax, ax je short loc_00455e09 ; je 0x455e09 mov word [edi], ax loc_00455e09: add edi, 2 loop loc_00455dff ; loop 0x455dff add esi, dword [ebp - 4] add edi, dword [ebp - 8] dec ebx jne short loc_00455dfd ; jne 0x455dfd xor ebx, ebx loc_00455e19: mov eax, ebx pop edi pop esi pop ecx pop ebx add esp, 0x10 pop ebp ret fcn_00455e24: push ebp mov ebp, esp push ebx push ecx push esi push edi mov edi, dword [ebp + 0xc] mov esi, dword [ebp + 0x10] movsx eax, word [esi + 4] sub dword [ebp + 0x14], eax movsx eax, word [esi + 6] sub dword [ebp + 0x18], eax test dword [ebp + 0x2c], 1 jne near loc_00455edc ; jne 0x455edc mov eax, dword [ebp + 0x14] mov ebx, eax cmp eax, 0x280 jge near loc_00455fd3 ; jge 0x455fd3 mov edx, dword [ebp + 0x24] add eax, edx jle near loc_00455fd3 ; jle 0x455fd3 lea eax, [ebx + edx] cmp eax, 0x280 jle short loc_00455e7b ; jle 0x455e7b sub eax, 0x280 sub dword [ebp + 0x24], eax jmp short loc_00455e8e ; jmp 0x455e8e loc_00455e7b: cmp eax, edx jge short loc_00455e8e ; jge 0x455e8e mov dword [ebp + 0x24], eax sub edx, eax add dword [ebp + 0x1c], edx mov dword [ebp + 0x14], 0 loc_00455e8e: mov eax, dword [ebp + 0x18] mov ebx, eax cmp eax, 0x1e0 jge near loc_00455fd3 ; jge 0x455fd3 mov edx, dword [ebp + 0x28] add eax, edx jle near loc_00455fd3 ; jle 0x455fd3 lea eax, [ebx + edx] cmp eax, 0x1e0 jle short loc_00455ec0 ; jle 0x455ec0 sub eax, 0x1e0 sub dword [ebp + 0x28], eax jmp near loc_00455f80 ; jmp 0x455f80 loc_00455ec0: cmp eax, edx jge near loc_00455f80 ; jge 0x455f80 mov dword [ebp + 0x28], eax sub edx, eax add dword [ebp + 0x20], edx mov dword [ebp + 0x18], 0 jmp near loc_00455f80 ; jmp 0x455f80 loc_00455edc: mov eax, dword [ebp + 0x14] mov ebx, eax cmp eax, dword [ref_004861c0] ; cmp eax, dword [0x4861c0] jge near loc_00455fd3 ; jge 0x455fd3 mov edx, dword [ebp + 0x24] add eax, edx cmp eax, dword [ref_004861b8] ; cmp eax, dword [0x4861b8] jle near loc_00455fd3 ; jle 0x455fd3 lea eax, [ebx + edx] cmp eax, dword [ref_004861c0] ; cmp eax, dword [0x4861c0] jle short loc_00455f14 ; jle 0x455f14 sub eax, dword [ref_004861c0] ; sub eax, dword [0x4861c0] sub dword [ebp + 0x24], eax jmp short loc_00455f2e ; jmp 0x455f2e loc_00455f14: sub eax, dword [ref_004861b8] ; sub eax, dword [0x4861b8] cmp eax, edx jge short loc_00455f2e ; jge 0x455f2e mov dword [ebp + 0x24], eax sub edx, eax add dword [ebp + 0x1c], edx mov eax, dword [ref_004861b8] ; mov eax, dword [0x4861b8] mov dword [ebp + 0x14], eax loc_00455f2e: mov eax, dword [ebp + 0x18] mov ebx, eax cmp eax, dword [ref_004861c4] ; cmp eax, dword [0x4861c4] jge near loc_00455fd3 ; jge 0x455fd3 mov edx, dword [ebp + 0x28] add eax, edx cmp eax, dword [ref_004861bc] ; cmp eax, dword [0x4861bc] jle near loc_00455fd3 ; jle 0x455fd3 lea eax, [ebx + edx] cmp eax, dword [ref_004861c4] ; cmp eax, dword [0x4861c4] jle short loc_00455f66 ; jle 0x455f66 sub eax, dword [ref_004861c4] ; sub eax, dword [0x4861c4] sub dword [ebp + 0x28], eax jmp short loc_00455f80 ; jmp 0x455f80 loc_00455f66: sub eax, dword [ref_004861bc] ; sub eax, dword [0x4861bc] cmp eax, edx jge short loc_00455f80 ; jge 0x455f80 mov dword [ebp + 0x28], eax sub edx, eax add dword [ebp + 0x20], edx mov eax, dword [ref_004861bc] ; mov eax, dword [0x4861bc] mov dword [ebp + 0x18], eax loc_00455f80: movzx edx, word [esi] mov ebx, edx imul ebx, dword [ebp + 0x20] add ebx, dword [ebp + 0x1c] mov esi, dword [esi + 8] lea esi, [esi + ebx*2] mov eax, dword [ebp + 8] mov ebx, eax imul ebx, dword [ebp + 0x18] add ebx, dword [ebp + 0x14] lea edi, [edi + ebx*2] mov ecx, dword [ebp + 0x24] jecxz loc_00455fd3 ; jecxz 0x455fd3 mov ebx, dword [ebp + 0x28] mov ebp, eax sub ebp, ecx add ebp, ebp sub edx, ecx add edx, edx mov eax, ecx loc_00455fb5: mov ecx, eax test edi, 3 je short loc_00455fc2 ; je 0x455fc2 db 0x66, 0xa5 ; movsw word es:[edi], word ptr [esi] dec ecx loc_00455fc2: shr ecx, 1 rep movsd ; rep movsd dword es:[edi], dword ptr [esi] adc ecx, 0 db 0xf3, 0x66, 0xa5 ; rep movsw word es:[edi], word ptr [esi] add esi, edx add edi, ebp dec ebx jne short loc_00455fb5 ; jne 0x455fb5 loc_00455fd3: pop edi pop esi pop ecx pop ebx pop ebp ret fcn_00455fd9: push ebp mov ebp, esp push ebx push ecx push esi push edi mov edi, dword [ebp + 0xc] mov esi, dword [ebp + 0x10] movsx eax, word [esi + 4] sub dword [ebp + 0x14], eax movsx eax, word [esi + 6] sub dword [ebp + 0x18], eax test dword [ebp + 0x2c], 1 jne near loc_00456091 ; jne 0x456091 mov eax, dword [ebp + 0x14] mov ebx, eax cmp eax, 0x280 jge near loc_0045617a ; jge 0x45617a mov edx, dword [ebp + 0x24] add eax, edx jle near loc_0045617a ; jle 0x45617a lea eax, [ebx + edx] cmp eax, 0x280 jle short loc_00456030 ; jle 0x456030 sub eax, 0x280 sub dword [ebp + 0x24], eax jmp short loc_00456043 ; jmp 0x456043 loc_00456030: cmp eax, edx jge short loc_00456043 ; jge 0x456043 mov dword [ebp + 0x24], eax sub edx, eax add dword [ebp + 0x1c], edx mov dword [ebp + 0x14], 0 loc_00456043: mov eax, dword [ebp + 0x18] mov ebx, eax cmp eax, 0x1e0 jge near loc_0045617a ; jge 0x45617a mov edx, dword [ebp + 0x28] add eax, edx jle near loc_0045617a ; jle 0x45617a lea eax, [ebx + edx] cmp eax, 0x1e0 jle short loc_00456075 ; jle 0x456075 sub eax, 0x1e0 sub dword [ebp + 0x28], eax jmp near loc_00456131 ; jmp 0x456131 loc_00456075: cmp eax, edx jge near loc_00456131 ; jge 0x456131 mov dword [ebp + 0x28], eax sub edx, eax add dword [ebp + 0x20], edx mov dword [ebp + 0x18], 0 jmp near loc_00456131 ; jmp 0x456131 loc_00456091: mov eax, dword [ebp + 0x14] mov ebx, eax cmp eax, dword [ref_004861c0] ; cmp eax, dword [0x4861c0] jge near loc_0045617a ; jge 0x45617a mov edx, dword [ebp + 0x24] add eax, edx cmp eax, dword [ref_004861b8] ; cmp eax, dword [0x4861b8] jle near loc_0045617a ; jle 0x45617a lea eax, [ebx + edx] cmp eax, dword [ref_004861c0] ; cmp eax, dword [0x4861c0] jle short loc_004560c9 ; jle 0x4560c9 sub eax, dword [ref_004861c0] ; sub eax, dword [0x4861c0] sub dword [ebp + 0x24], eax jmp short loc_004560e3 ; jmp 0x4560e3 loc_004560c9: sub eax, dword [ref_004861b8] ; sub eax, dword [0x4861b8] cmp eax, edx jge short loc_004560e3 ; jge 0x4560e3 mov dword [ebp + 0x24], eax sub edx, eax add dword [ebp + 0x1c], edx mov eax, dword [ref_004861b8] ; mov eax, dword [0x4861b8] mov dword [ebp + 0x14], eax loc_004560e3: mov eax, dword [ebp + 0x18] mov ebx, eax cmp eax, dword [ref_004861c4] ; cmp eax, dword [0x4861c4] jge near loc_0045617a ; jge 0x45617a mov edx, dword [ebp + 0x28] add eax, edx cmp eax, dword [ref_004861bc] ; cmp eax, dword [0x4861bc] jle short loc_0045617a ; jle 0x45617a lea eax, [ebx + edx] cmp eax, dword [ref_004861c4] ; cmp eax, dword [0x4861c4] jle short loc_00456117 ; jle 0x456117 sub eax, dword [ref_004861c4] ; sub eax, dword [0x4861c4] sub dword [ebp + 0x28], eax jmp short loc_00456131 ; jmp 0x456131 loc_00456117: sub eax, dword [ref_004861bc] ; sub eax, dword [0x4861bc] cmp eax, edx jge short loc_00456131 ; jge 0x456131 mov dword [ebp + 0x28], eax sub edx, eax add dword [ebp + 0x20], edx mov eax, dword [ref_004861bc] ; mov eax, dword [0x4861bc] mov dword [ebp + 0x18], eax loc_00456131: movzx edx, word [esi] mov ebx, edx imul ebx, dword [ebp + 0x20] add ebx, dword [ebp + 0x1c] mov esi, dword [esi + 8] lea esi, [esi + ebx*2] mov eax, dword [ebp + 8] mov ebx, eax imul ebx, dword [ebp + 0x18] add ebx, dword [ebp + 0x14] lea edi, [edi + ebx*2] mov ecx, dword [ebp + 0x24] mov ebx, dword [ebp + 0x28] mov ebp, eax sub ebp, ecx add ebp, ebp sub edx, ecx add edx, edx loc_00456162: push ecx loc_00456163: db 0x66, 0xad ; lodsw ax, word [esi] or ax, ax je short loc_0045616d ; je 0x45616d mov word [edi], ax loc_0045616d: add edi, 2 loop loc_00456163 ; loop 0x456163 pop ecx add esi, edx add edi, ebp dec ebx jne short loc_00456162 ; jne 0x456162 loc_0045617a: pop edi pop esi pop ecx pop ebx pop ebp ret fcn_00456180: push ebp mov ebp, esp push ebx push ecx push esi push edi mov edi, dword [ebp + 8] mov ebx, dword [ebp + 0xc] mov edx, dword [ebp + 0x10] mov ebp, 0x500 sub ebp, edx shr ebp, 2 shr edx, 2 mov eax, 0x1e0 loc_004561a2: mov ecx, ebp lea esi, [ebx + edx*4] rep movsd ; rep movsd dword es:[edi], dword ptr [esi] mov ecx, edx mov esi, ebx rep movsd ; rep movsd dword es:[edi], dword ptr [esi] add ebx, 0x500 dec eax jne short loc_004561a2 ; jne 0x4561a2 pop edi pop esi pop ecx pop ebx pop ebp ret fcn_004561be: push ebp mov ebp, esp push ebx push ecx push esi push edi push dword [ebp + 0x1c] call fcn_004551f0 ; call 0x4551f0 add esp, 4 mov bx, ax shl eax, 0x10 mov ax, bx mov edi, dword [ebp + 8] movzx edx, word [edi] mov ecx, edx imul ecx, dword [ebp + 0x10] add ecx, dword [ebp + 0xc] mov edi, dword [edi + 8] lea edi, [edi + ecx*2] mov esi, dword [ebp + 0x14] mov ebx, dword [ebp + 0x18] sub edx, esi add edx, edx loc_004561f8: mov ecx, esi shr ecx, 1 rep stosd ; rep stosd dword es:[edi], eax adc ecx, 0 db 0xf3, 0x66, 0xab ; rep stosw word es:[edi], ax add edi, edx dec ebx jne short loc_004561f8 ; jne 0x4561f8 pop edi pop esi pop ecx pop ebx pop ebp ret fcn_0045620f: push ebp mov ebp, esp push ebx push ecx push esi push edi push dword [ebp + 0x1c] call fcn_004551f0 ; call 0x4551f0 add esp, 4 mov bx, ax shl eax, 0x10 mov ax, bx mov edi, dword [ebp + 8] movzx edx, word [edi] mov ecx, edx imul ecx, dword [ebp + 0x10] add ecx, dword [ebp + 0xc] mov edi, dword [edi + 8] lea edi, [edi + ecx*2] mov esi, dword [ebp + 0x14] mov ebx, dword [ebp + 0x18] add edx, edx mov ecx, esi shr ecx, 1 push edi rep stosd ; rep stosd dword es:[edi], eax adc ecx, 0 db 0xf3, 0x66, 0xab ; rep stosw word es:[edi], ax pop edi add edi, edx dec ebx lea ecx, [esi - 1] add ecx, ecx loc_0045625d: cmp ebx, 1 je short loc_0045626e ; je 0x45626e mov word [edi], ax mov word [edi + ecx], ax add edi, edx dec ebx jmp short loc_0045625d ; jmp 0x45625d loc_0045626e: mov ecx, esi shr ecx, 1 rep stosd ; rep stosd dword es:[edi], eax adc ecx, 0 db 0xf3, 0x66, 0xab ; rep stosw word es:[edi], ax pop edi pop esi pop ecx pop ebx pop ebp ret fcn_00456280: push ebp mov ebp, esp push dword [ebp + 0x14] push dword [ebp + 0x10] push dword [ebp + 0xc] mov edx, dword [ebp + 8] push dword [edx + 8] movzx eax, word [edx + 2] push eax movzx eax, word [edx] push eax call fcn_00455b3a ; call 0x455b3a add esp, 0x18 pop ebp ret fcn_004562a5: push ebp mov ebp, esp push 0 push dword [ebp + 0x14] push dword [ebp + 0x10] push dword [ebp + 0xc] mov edx, dword [ebp + 8] push dword [edx + 8] movzx eax, word [edx + 2] push eax movzx eax, word [edx] push eax call fcn_00455c52 ; call 0x455c52 add esp, 0x1c pop ebp ret fcn_004562cc: push ebp mov ebp, esp push 0 push dword [ebp + 0x24] push dword [ebp + 0x20] push dword [ebp + 0x1c] push dword [ebp + 0x18] push dword [ebp + 0x14] push dword [ebp + 0x10] push dword [ebp + 0xc] mov edx, dword [ebp + 8] push dword [edx + 8] movzx eax, word [edx] push eax call fcn_00455e24 ; call 0x455e24 add esp, 0x28 pop ebp ret fcn_004562fa: push ebp mov ebp, esp push 1 push dword [ebp + 0x24] push dword [ebp + 0x20] push dword [ebp + 0x1c] push dword [ebp + 0x18] push dword [ebp + 0x14] push dword [ebp + 0x10] push dword [ebp + 0xc] mov edx, dword [ebp + 8] push dword [edx + 8] movzx eax, word [edx] push eax call fcn_00455e24 ; call 0x455e24 add esp, 0x28 pop ebp ret fcn_00456328: push ebp mov ebp, esp push 0 push dword [ebp + 0x24] push dword [ebp + 0x20] push dword [ebp + 0x1c] push dword [ebp + 0x18] push dword [ebp + 0x14] push dword [ebp + 0x10] push dword [ebp + 0xc] mov edx, dword [ebp + 8] push dword [edx + 8] movzx eax, word [edx] push eax call fcn_00455fd9 ; call 0x455fd9 add esp, 0x28 pop ebp ret fcn_00456356: push ebp mov ebp, esp push 1 push dword [ebp + 0x24] push dword [ebp + 0x20] push dword [ebp + 0x1c] push dword [ebp + 0x18] push dword [ebp + 0x14] push dword [ebp + 0x10] push dword [ebp + 0xc] mov edx, dword [ebp + 8] push dword [edx + 8] movzx eax, word [edx] push eax call fcn_00455fd9 ; call 0x455fd9 add esp, 0x28 pop ebp ret fcn_00456384: push ebp mov ebp, esp push ebx push ecx push esi push edi push dword [ebp + 0x18] call fcn_004551f0 ; call 0x4551f0 add esp, 4 mov dword [ebp + 0x18], eax mov esi, dword [ebp + 0xc] movsx eax, word [esi + 4] sub dword [ebp + 0x10], eax movsx eax, word [esi + 6] sub dword [ebp + 0x14], eax mov edi, dword [ebp + 8] movzx eax, word [edi] mov ebx, eax mul dword [ebp + 0x14] add eax, dword [ebp + 0x10] mov edi, dword [edi + 8] lea edi, [edi + eax*2] movzx edx, word [esi] sub ebx, edx add ebx, ebx mov dword [ebp + 0x10], ebx movzx ebx, word [esi + 2] mov dword [ebp + 0x14], ebx mov bx, word [ebp + 0x18] mov esi, dword [esi + 8] loc_004563d6: mov ecx, edx loc_004563d8: db 0x66, 0xad ; lodsw ax, word [esi] or ax, ax je short loc_004563e2 ; je 0x4563e2 mov word [edi], bx loc_004563e2: add edi, 2 loop loc_004563d8 ; loop 0x4563d8 add edi, dword [ebp + 0x10] dec dword [ebp + 0x14] jne short loc_004563d6 ; jne 0x4563d6 pop edi pop esi pop ecx pop ebx pop ebp ret fcn_004563f5: push ebp mov ebp, esp push dword [ebp + 0x14] push dword [ebp + 0x10] push dword [ebp + 0xc] push dword [ebp + 8] push 0x1e0 push 0x280 call fcn_00455b3a ; call 0x455b3a add esp, 0x18 pop ebp ret fcn_00456418: push ebp mov ebp, esp push 0 push dword [ebp + 0x14] push dword [ebp + 0x10] push dword [ebp + 0xc] push dword [ebp + 8] push 0x1e0 push 0x280 call fcn_00455c52 ; call 0x455c52 add esp, 0x1c pop ebp ret fcn_0045643d: push ebp mov ebp, esp push 0 push dword [ebp + 0x24] push dword [ebp + 0x20] push dword [ebp + 0x1c] push dword [ebp + 0x18] push dword [ebp + 0x14] push dword [ebp + 0x10] push dword [ebp + 0xc] push dword [ebp + 8] push 0x280 call fcn_00455e24 ; call 0x455e24 add esp, 0x28 pop ebp ret fcn_00456469: push ebp mov ebp, esp push 1 push dword [ebp + 0x24] push dword [ebp + 0x20] push dword [ebp + 0x1c] push dword [ebp + 0x18] push dword [ebp + 0x14] push dword [ebp + 0x10] push dword [ebp + 0xc] push dword [ebp + 8] push 0x280 call fcn_00455e24 ; call 0x455e24 add esp, 0x28 pop ebp ret fcn_00456495: push ebp mov ebp, esp push 0 push dword [ebp + 0x24] push dword [ebp + 0x20] push dword [ebp + 0x1c] push dword [ebp + 0x18] push dword [ebp + 0x14] push dword [ebp + 0x10] push dword [ebp + 0xc] push dword [ebp + 8] push 0x280 call fcn_00455fd9 ; call 0x455fd9 add esp, 0x28 pop ebp ret fcn_004564c1: push ebp mov ebp, esp push 1 push dword [ebp + 0x14] push dword [ebp + 0x10] push dword [ebp + 0xc] push dword [ebp + 8] push 0x1e0 push 0x280 call fcn_00455c52 ; call 0x455c52 add esp, 0x1c pop ebp ret fcn_004564e6: push ebp mov ebp, esp push 1 push dword [ebp + 0x24] push dword [ebp + 0x20] push dword [ebp + 0x1c] push dword [ebp + 0x18] push dword [ebp + 0x14] push dword [ebp + 0x10] push dword [ebp + 0xc] push dword [ebp + 8] push 0x280 call fcn_00455fd9 ; call 0x455fd9 add esp, 0x28 pop ebp ret fcn_00456512: push ebp mov ebp, esp sub esp, 0x10 push ebx push ecx push esi push edi mov ebx, 1 mov eax, dword [ebp + 0x10] lea esi, [eax*4] lea esi, [esi + eax*8] mov eax, dword [ebp + 0xc] lea esi, [esi + eax + 0xc] mov edx, dword [eax + 8] add edx, eax mov dword [ebp + 0x10], edx movsx eax, word [esi + 4] sub dword [ebp + 0x14], eax movsx eax, word [esi + 6] sub dword [ebp + 0x18], eax mov eax, dword [ebp + 0x14] cmp eax, 0x280 jge near loc_00456633 ; jge 0x456633 movzx edx, word [esi] add eax, edx jle near loc_00456633 ; jle 0x456633 mov eax, dword [ebp + 0x18] cmp eax, 0x1e0 jge near loc_00456633 ; jge 0x456633 movzx edx, word [esi + 2] add eax, edx jle near loc_00456633 ; jle 0x456633 mov dword [ebp - 4], 0 mov dword [ebp - 8], 0 movzx eax, word [esi] mov dword [ebp - 0xc], eax mov ax, word [esi + 2] mov dword [ebp - 0x10], eax xor eax, eax cmp dword [ebp + 0x14], eax jge short loc_004565ab ; jge 0x4565ab xchg dword [ebp + 0x14], eax sub dword [ebp - 4], eax add dword [ebp - 0xc], eax jmp short loc_004565bb ; jmp 0x4565bb loc_004565ab: mov eax, dword [ebp - 0xc] add eax, dword [ebp + 0x14] sub eax, 0x280 jle short loc_004565bb ; jle 0x4565bb sub dword [ebp - 0xc], eax loc_004565bb: xor eax, eax cmp dword [ebp + 0x18], eax jge short loc_004565cd ; jge 0x4565cd xchg dword [ebp + 0x18], eax sub dword [ebp - 8], eax add dword [ebp - 0x10], eax jmp short loc_004565dd ; jmp 0x4565dd loc_004565cd: mov eax, dword [ebp - 0x10] add eax, dword [ebp + 0x18] sub eax, 0x1e0 jle short loc_004565dd ; jle 0x4565dd sub dword [ebp - 0x10], eax loc_004565dd: movzx eax, word [esi] mov ebx, eax mul dword [ebp - 8] add eax, dword [ebp - 4] mov esi, dword [esi + 8] add esi, eax sub ebx, dword [ebp - 0xc] mov dword [ebp - 4], ebx mov eax, 0x280 sub eax, dword [ebp - 0xc] add eax, eax mov dword [ebp - 8], eax mov edi, dword [ebp + 0x18] imul edi, edi, 0x280 add edi, dword [ebp + 0x14] add edi, edi add edi, dword [ebp + 8] mov ebx, dword [ebp - 0x10] mov edx, dword [ebp + 0x10] loc_00456617: mov ecx, dword [ebp - 0xc] loc_0045661a: lodsb ; lodsb al, byte [esi] and eax, 0xff mov ax, word [edx + eax*2] db 0x66, 0xab ; stosw word es:[edi], ax loop loc_0045661a ; loop 0x45661a add esi, dword [ebp - 4] add edi, dword [ebp - 8] dec ebx jne short loc_00456617 ; jne 0x456617 xor ebx, ebx loc_00456633: mov eax, ebx pop edi pop esi pop ecx pop ebx add esp, 0x10 pop ebp ret fcn_0045663e: push ebp mov ebp, esp sub esp, 0x10 push ebx push ecx push esi push edi mov ebx, 1 mov eax, dword [ebp + 0x10] lea esi, [eax*4] lea esi, [esi + eax*8] mov eax, dword [ebp + 0xc] lea esi, [esi + eax + 0xc] mov edx, dword [eax + 8] add edx, eax mov dword [ebp + 0x10], edx movsx eax, word [esi + 4] sub dword [ebp + 0x14], eax movsx eax, word [esi + 6] sub dword [ebp + 0x18], eax mov eax, dword [ebp + 0x14] cmp eax, 0x280 jge near loc_00456765 ; jge 0x456765 movzx edx, word [esi] add eax, edx jle near loc_00456765 ; jle 0x456765 mov eax, dword [ebp + 0x18] cmp eax, 0x1e0 jge near loc_00456765 ; jge 0x456765 movzx edx, word [esi + 2] add eax, edx jle near loc_00456765 ; jle 0x456765 mov dword [ebp - 4], 0 mov dword [ebp - 8], 0 movzx eax, word [esi] mov dword [ebp - 0xc], eax mov ax, word [esi + 2] mov dword [ebp - 0x10], eax xor eax, eax cmp dword [ebp + 0x14], eax jge short loc_004566d7 ; jge 0x4566d7 xchg dword [ebp + 0x14], eax sub dword [ebp - 4], eax add dword [ebp - 0xc], eax jmp short loc_004566e7 ; jmp 0x4566e7 loc_004566d7: mov eax, dword [ebp - 0xc] add eax, dword [ebp + 0x14] sub eax, 0x280 jle short loc_004566e7 ; jle 0x4566e7 sub dword [ebp - 0xc], eax loc_004566e7: xor eax, eax cmp dword [ebp + 0x18], eax jge short loc_004566f9 ; jge 0x4566f9 xchg dword [ebp + 0x18], eax sub dword [ebp - 8], eax add dword [ebp - 0x10], eax jmp short loc_00456709 ; jmp 0x456709 loc_004566f9: mov eax, dword [ebp - 0x10] add eax, dword [ebp + 0x18] sub eax, 0x1e0 jle short loc_00456709 ; jle 0x456709 sub dword [ebp - 0x10], eax loc_00456709: movzx eax, word [esi] mov ebx, eax mul dword [ebp - 8] add eax, dword [ebp - 4] mov esi, dword [esi + 8] add esi, eax sub ebx, dword [ebp - 0xc] mov dword [ebp - 4], ebx mov eax, 0x280 sub eax, dword [ebp - 0xc] add eax, eax mov dword [ebp - 8], eax mov edi, dword [ebp + 0x18] imul edi, edi, 0x280 add edi, dword [ebp + 0x14] add edi, edi add edi, dword [ebp + 8] mov ebx, dword [ebp - 0x10] mov edx, dword [ebp + 0x10] loc_00456743: mov ecx, dword [ebp - 0xc] loc_00456746: lodsb ; lodsb al, byte [esi] and eax, 0xff je short loc_00456755 ; je 0x456755 mov ax, word [edx + eax*2] mov word [edi], ax loc_00456755: add edi, 2 loop loc_00456746 ; loop 0x456746 add esi, dword [ebp - 4] add edi, dword [ebp - 8] dec ebx jne short loc_00456743 ; jne 0x456743 xor ebx, ebx loc_00456765: mov eax, ebx pop edi pop esi pop ecx pop ebx add esp, 0x10 pop ebp ret fcn_00456770: push ebp mov ebp, esp sub esp, 0x10 push ebx push ecx push esi push edi mov ebx, 1 mov eax, dword [ebp + 0x10] lea esi, [eax*4] lea esi, [esi + eax*8] mov eax, dword [ebp + 0xc] lea esi, [esi + eax + 0xc] mov edx, dword [eax + 8] add edx, eax mov dword [ebp + 0x10], edx movsx eax, word [esi + 4] sub dword [ebp + 0x14], eax movsx eax, word [esi + 6] sub dword [ebp + 0x18], eax mov eax, dword [ebp + 0x14] cmp eax, dword [ref_004861c0] ; cmp eax, dword [0x4861c0] jge near loc_004568b7 ; jge 0x4568b7 movzx edx, word [esi] add eax, edx cmp eax, dword [ref_004861b8] ; cmp eax, dword [0x4861b8] jle near loc_004568b7 ; jle 0x4568b7 mov eax, dword [ebp + 0x18] cmp eax, dword [ref_004861c4] ; cmp eax, dword [0x4861c4] jge near loc_004568b7 ; jge 0x4568b7 movzx edx, word [esi + 2] add eax, edx cmp eax, dword [ref_004861bc] ; cmp eax, dword [0x4861bc] jle near loc_004568b7 ; jle 0x4568b7 mov dword [ebp - 4], 0 mov dword [ebp - 8], 0 movzx eax, word [esi] mov dword [ebp - 0xc], eax mov ax, word [esi + 2] mov dword [ebp - 0x10], eax mov eax, dword [ref_004861b8] ; mov eax, dword [0x4861b8] cmp dword [ebp + 0x14], eax jge short loc_0045681f ; jge 0x45681f mov edx, dword [ebp + 0x14] mov dword [ebp + 0x14], eax sub eax, edx add dword [ebp - 4], eax sub dword [ebp - 0xc], eax jmp short loc_00456830 ; jmp 0x456830 loc_0045681f: mov eax, dword [ebp - 0xc] add eax, dword [ebp + 0x14] sub eax, dword [ref_004861c0] ; sub eax, dword [0x4861c0] jle short loc_00456830 ; jle 0x456830 sub dword [ebp - 0xc], eax loc_00456830: mov eax, dword [ref_004861bc] ; mov eax, dword [0x4861bc] cmp dword [ebp + 0x18], eax jge short loc_0045684a ; jge 0x45684a mov edx, dword [ebp + 0x18] mov dword [ebp + 0x18], eax sub eax, edx add dword [ebp - 8], eax sub dword [ebp - 0x10], eax jmp short loc_0045685b ; jmp 0x45685b loc_0045684a: mov eax, dword [ebp - 0x10] add eax, dword [ebp + 0x18] sub eax, dword [ref_004861c4] ; sub eax, dword [0x4861c4] jle short loc_0045685b ; jle 0x45685b sub dword [ebp - 0x10], eax loc_0045685b: movzx eax, word [esi] mov ebx, eax mul dword [ebp - 8] add eax, dword [ebp - 4] mov esi, dword [esi + 8] add esi, eax sub ebx, dword [ebp - 0xc] mov dword [ebp - 4], ebx mov eax, 0x280 sub eax, dword [ebp - 0xc] add eax, eax mov dword [ebp - 8], eax mov edi, dword [ebp + 0x18] imul edi, edi, 0x280 add edi, dword [ebp + 0x14] add edi, edi add edi, dword [ebp + 8] mov ebx, dword [ebp - 0x10] mov edx, dword [ebp + 0x10] loc_00456895: mov ecx, dword [ebp - 0xc] loc_00456898: lodsb ; lodsb al, byte [esi] and eax, 0xff je short loc_004568a7 ; je 0x4568a7 mov ax, word [edx + eax*2] mov word [edi], ax loc_004568a7: add edi, 2 loop loc_00456898 ; loop 0x456898 add esi, dword [ebp - 4] add edi, dword [ebp - 8] dec ebx jne short loc_00456895 ; jne 0x456895 xor ebx, ebx loc_004568b7: mov eax, ebx pop edi pop esi pop ecx pop ebx add esp, 0x10 pop ebp ret fcn_004568c2: push ebp mov ebp, esp sub esp, 0x10 push ebx push ecx push esi push edi mov ebx, 1 mov eax, dword [ebp + 0x10] lea esi, [eax*4] lea esi, [esi + eax*8] mov eax, dword [ebp + 0xc] lea esi, [esi + eax + 0xc] mov edx, dword [eax + 8] add edx, eax mov dword [ebp + 0x10], edx movsx eax, word [esi + 4] sub dword [ebp + 0x14], eax movsx eax, word [esi + 6] sub dword [ebp + 0x18], eax mov eax, dword [ebp + 0x14] cmp eax, 0x280 jge near loc_00456a11 ; jge 0x456a11 movzx edx, word [esi] imul edx, dword [ebp + 0x1c] shr edx, 0x10 mov dword [ebp - 0xc], edx add eax, edx jle near loc_00456a11 ; jle 0x456a11 mov eax, dword [ebp + 0x18] cmp eax, 0x1e0 jge near loc_00456a11 ; jge 0x456a11 movzx edx, word [esi + 2] imul edx, dword [ebp + 0x1c] shr edx, 0x10 mov dword [ebp - 0x10], edx add eax, edx jle near loc_00456a11 ; jle 0x456a11 mov dword [ebp - 4], 0 mov dword [ebp - 8], 0 xor eax, eax cmp dword [ebp + 0x14], eax jge short loc_00456962 ; jge 0x456962 xchg dword [ebp + 0x14], eax sub dword [ebp - 4], eax add dword [ebp - 0xc], eax jmp short loc_00456972 ; jmp 0x456972 loc_00456962: mov eax, dword [ebp - 0xc] add eax, dword [ebp + 0x14] sub eax, 0x280 jle short loc_00456972 ; jle 0x456972 sub dword [ebp - 0xc], eax loc_00456972: xor eax, eax cmp dword [ebp + 0x18], eax jge short loc_00456984 ; jge 0x456984 xchg dword [ebp + 0x18], eax sub dword [ebp - 8], eax add dword [ebp - 0x10], eax jmp short loc_00456994 ; jmp 0x456994 loc_00456984: mov eax, dword [ebp - 0x10] add eax, dword [ebp + 0x18] sub eax, 0x1e0 jle short loc_00456994 ; jle 0x456994 sub dword [ebp - 0x10], eax loc_00456994: xor eax, eax mov edx, 1 div dword [ebp + 0x1c] mov dword [ebp + 0x1c], eax mul dword [ebp - 4] shr eax, 0x10 movzx ebx, word [esi] mov dword [ebp - 4], ebx mov esi, dword [esi + 8] add esi, eax shl dword [ebp - 8], 0x10 mov edi, dword [ebp + 0x18] imul edi, edi, 0x280 add edi, dword [ebp + 0x14] add edi, edi add edi, dword [ebp + 8] mov edx, dword [ebp + 0x10] loc_004569ca: push esi push edi mov eax, dword [ebp - 8] shr eax, 0x10 imul eax, dword [ebp - 4] add esi, eax xor ebx, ebx mov ecx, dword [ebp - 0xc] loc_004569dd: shld eax, ebx, 0x10 and eax, 0xff mov al, byte [esi + eax] or al, al je short loc_004569f4 ; je 0x4569f4 mov ax, word [edx + eax*2] mov word [edi], ax loc_004569f4: add edi, 2 add ebx, dword [ebp + 0x1c] loop loc_004569dd ; loop 0x4569dd pop edi pop esi add edi, 0x500 mov eax, dword [ebp + 0x1c] add dword [ebp - 8], eax dec dword [ebp - 0x10] jne short loc_004569ca ; jne 0x4569ca xor ebx, ebx loc_00456a11: mov eax, ebx pop edi pop esi pop ecx pop ebx add esp, 0x10 pop ebp ret fcn_00456a1c: push ebp mov ebp, esp sub esp, 0x10 push ebx push ecx push esi push edi mov esi, dword [ebp + 0xc] movsx eax, word [esi + 4] sub dword [ebp + 0x10], eax movsx eax, word [esi + 6] sub dword [ebp + 0x14], eax mov eax, dword [ebp + 0x10] cmp eax, 0x1b8 jge near loc_00456b35 ; jge 0x456b35 movzx edx, word [esi] add eax, edx cmp eax, 0 jle near loc_00456b35 ; jle 0x456b35 mov eax, dword [ebp + 0x14] cmp eax, 0x1b8 jge near loc_00456b35 ; jge 0x456b35 movzx edx, word [esi + 2] add eax, edx cmp eax, 0 jle near loc_00456b35 ; jle 0x456b35 mov dword [ebp - 4], 0 mov dword [ebp - 8], 0 movzx eax, word [esi] mov dword [ebp - 0xc], eax mov ax, word [esi + 2] mov dword [ebp - 0x10], eax mov eax, 0 cmp dword [ebp + 0x10], eax jge short loc_00456aa5 ; jge 0x456aa5 mov edx, dword [ebp + 0x10] mov dword [ebp + 0x10], eax sub eax, edx add dword [ebp - 4], eax sub dword [ebp - 0xc], eax jmp short loc_00456ab5 ; jmp 0x456ab5 loc_00456aa5: mov eax, dword [ebp - 0xc] add eax, dword [ebp + 0x10] sub eax, 0x1b8 jle short loc_00456ab5 ; jle 0x456ab5 sub dword [ebp - 0xc], eax loc_00456ab5: mov eax, 0 cmp dword [ebp + 0x14], eax jge short loc_00456acf ; jge 0x456acf mov edx, dword [ebp + 0x14] mov dword [ebp + 0x14], eax sub eax, edx add dword [ebp - 8], eax sub dword [ebp - 0x10], eax jmp short loc_00456adf ; jmp 0x456adf loc_00456acf: mov eax, dword [ebp - 0x10] add eax, dword [ebp + 0x14] sub eax, 0x1b8 jle short loc_00456adf ; jle 0x456adf sub dword [ebp - 0x10], eax loc_00456adf: movzx eax, word [esi] mov ebx, eax mul dword [ebp - 8] add eax, dword [ebp - 4] mov esi, dword [esi + 8] add esi, eax sub ebx, dword [ebp - 0xc] mov dword [ebp - 4], ebx mov eax, 0x1b8 sub eax, dword [ebp - 0xc] add eax, eax mov dword [ebp - 8], eax mov edi, dword [ebp + 0x14] imul edi, edi, 0x1b8 add edi, dword [ebp + 0x10] add edi, edi add edi, dword [ebp + 8] mov ebx, dword [ebp - 0x10] mov edx, dword [ebp + 0x18] loc_00456b19: mov ecx, dword [ebp - 0xc] loc_00456b1c: lodsb ; lodsb al, byte [esi] and eax, 0xff je short loc_00456b27 ; je 0x456b27 mov word [edi], dx loc_00456b27: add edi, 2 loop loc_00456b1c ; loop 0x456b1c add esi, dword [ebp - 4] add edi, dword [ebp - 8] dec ebx jne short loc_00456b19 ; jne 0x456b19 loc_00456b35: pop edi pop esi pop ecx pop ebx add esp, 0x10 pop ebp ret fcn_00456b3e: push ebp mov ebp, esp push ebx push ecx push esi push edi mov edx, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov edi, dword [ebp + 0x10] mov ecx, dword [ebp + 0x14] mov ebx, dword [ebp + 0x18] mov ebp, dword [ebp + 0x1c] shr ecx, 1 test edx, 2 je short loc_00456b6b ; je 0x456b6b sub edx, 2 sub esi, 2 sub edi, 2 inc ecx loc_00456b6b: push ebx push ecx push edx push esi push edi loc_00456b70: mov eax, dword [edx] mov ebx, dword [esi] sub ax, bx xor bx, bx sub eax, ebx mov dword [edi], eax add edx, 4 add esi, 4 add edi, 4 loop loc_00456b70 ; loop 0x456b70 pop edi pop esi pop edx pop ecx pop ebx add edx, ebp add esi, 0x500 add edi, 0x370 dec ebx jne short loc_00456b6b ; jne 0x456b6b pop edi pop esi pop ecx pop ebx pop ebp ret fcn_00456ba5: push ebp mov ebp, esp push ebx push ecx push esi push edi mov edi, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov edx, dword [ebp + 0x10] mov ebp, dword [ebp + 0x14] mov ebx, 0x1b8 loc_00456bbd: push edi push esi mov ecx, 0xdc loc_00456bc4: mov eax, dword [edx] or eax, eax jne short loc_00456bd2 ; jne 0x456bd2 movsd ; movsd dword es:[edi], dword ptr [esi] add edx, 4 loop loc_00456bc4 ; loop 0x456bc4 jmp short loc_00456bf7 ; jmp 0x456bf7 loc_00456bd2: or ax, ax jne short loc_00456bdd ; jne 0x456bdd mov ax, word [esi] mov word [edi], ax loc_00456bdd: test eax, 0xffff0000 jne short loc_00456bec ; jne 0x456bec mov ax, word [esi + 2] mov word [edi + 2], ax loc_00456bec: add esi, 4 add edi, 4 add edx, 4 loop loc_00456bc4 ; loop 0x456bc4 loc_00456bf7: pop esi pop edi add edi, ebp add esi, 0x500 dec ebx jne short loc_00456bbd ; jne 0x456bbd pop edi pop esi pop ecx pop ebx pop ebp ret fcn_00456c0a: push ebp mov ebp, esp push ebx push ecx push esi push edi mov esi, dword [ebp + 8] mov ecx, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] mov edx, dword [ebp + 0x14] loc_00456c1d: dec ecx js short loc_00456c2d ; js 0x456c2d db 0x66, 0xad ; lodsw ax, word [esi] cmp ax, bx jne short loc_00456c1d ; jne 0x456c1d mov word [esi - 2], dx jmp short loc_00456c1d ; jmp 0x456c1d loc_00456c2d: pop edi pop esi pop ecx pop ebx pop ebp ret fcn_00456c33: push ebp mov ebp, esp sub esp, 0x10 push ebx push ecx push esi push edi mov esi, dword [ebp + 0xc] movsx eax, word [esi + 4] sub dword [ebp + 0x10], eax movsx eax, word [esi + 6] sub dword [ebp + 0x14], eax mov eax, dword [ebp + 0x10] cmp eax, dword [ref_004861c0] ; cmp eax, dword [0x4861c0] jge near loc_00456d85 ; jge 0x456d85 movzx edx, word [esi] add eax, edx cmp eax, dword [ref_004861b8] ; cmp eax, dword [0x4861b8] jle near loc_00456d85 ; jle 0x456d85 mov eax, dword [ebp + 0x14] cmp eax, dword [ref_004861c4] ; cmp eax, dword [0x4861c4] jge near loc_00456d85 ; jge 0x456d85 movzx edx, word [esi + 2] add eax, edx cmp eax, dword [ref_004861bc] ; cmp eax, dword [0x4861bc] jle near loc_00456d85 ; jle 0x456d85 mov dword [ebp - 4], 0 mov dword [ebp - 8], 0 movzx eax, word [esi] mov dword [ebp - 0xc], eax mov ax, word [esi + 2] mov dword [ebp - 0x10], eax mov eax, dword [ref_004861b8] ; mov eax, dword [0x4861b8] cmp dword [ebp + 0x10], eax jge short loc_00456cc4 ; jge 0x456cc4 mov edx, dword [ebp + 0x10] mov dword [ebp + 0x10], eax sub eax, edx add dword [ebp - 4], eax sub dword [ebp - 0xc], eax jmp short loc_00456cd5 ; jmp 0x456cd5 loc_00456cc4: mov eax, dword [ebp - 0xc] add eax, dword [ebp + 0x10] sub eax, dword [ref_004861c0] ; sub eax, dword [0x4861c0] jle short loc_00456cd5 ; jle 0x456cd5 sub dword [ebp - 0xc], eax loc_00456cd5: mov eax, dword [ref_004861bc] ; mov eax, dword [0x4861bc] cmp dword [ebp + 0x14], eax jge short loc_00456cef ; jge 0x456cef mov edx, dword [ebp + 0x14] mov dword [ebp + 0x14], eax sub eax, edx add dword [ebp - 8], eax sub dword [ebp - 0x10], eax jmp short loc_00456d00 ; jmp 0x456d00 loc_00456cef: mov eax, dword [ebp - 0x10] add eax, dword [ebp + 0x14] sub eax, dword [ref_004861c4] ; sub eax, dword [0x4861c4] jle short loc_00456d00 ; jle 0x456d00 sub dword [ebp - 0x10], eax loc_00456d00: movzx eax, word [esi] mov ebx, eax mul dword [ebp - 8] add eax, dword [ebp - 4] mov esi, dword [esi + 8] add esi, eax sub ebx, dword [ebp - 0xc] mov dword [ebp - 4], ebx mov eax, 0x280 sub eax, dword [ebp - 0xc] add eax, eax mov dword [ebp - 8], eax mov edi, dword [ebp + 0x14] imul edi, edi, 0x280 add edi, dword [ebp + 0x10] add edi, edi add edi, dword [ebp + 8] mov ebx, dword [ebp - 0x10] mov edx, dword [ebp + 0x18] shl edx, 2 add edx, dword [ref_0047637c] ; add edx, dword [0x47637c] mov dx, word [edx*2 + ref_00488ef0] ; mov dx, word [edx*2 + 0x488ef0] loc_00456d4b: mov ecx, dword [ebp - 0xc] shr ecx, 1 jecxz loc_00456d68 ; jecxz 0x456d68 loc_00456d52: db 0x66, 0xad ; lodsw ax, word [esi] or al, al je short loc_00456d63 ; je 0x456d63 or word [edi], dx or ah, ah je short loc_00456d63 ; je 0x456d63 or word [edi + 2], dx loc_00456d63: add edi, 4 loop loc_00456d52 ; loop 0x456d52 loc_00456d68: test dword [ebp - 0xc], 1 je short loc_00456d7c ; je 0x456d7c lodsb ; lodsb al, byte [esi] or al, al je short loc_00456d79 ; je 0x456d79 or word [edi], dx loc_00456d79: add edi, 2 loc_00456d7c: add esi, dword [ebp - 4] add edi, dword [ebp - 8] dec ebx jne short loc_00456d4b ; jne 0x456d4b loc_00456d85: pop edi pop esi pop ecx pop ebx add esp, 0x10 pop ebp ret fcn_00456d8e: push ebp mov ebp, esp push ecx push esi push edi mov edi, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov ecx, dword [ebp + 0x10] jecxz loc_00456db6 ; jecxz 0x456db6 test esi, 3 je short loc_00456dac ; je 0x456dac db 0x66, 0xa5 ; movsw word es:[edi], word ptr [esi] dec ecx je short loc_00456db6 ; je 0x456db6 loc_00456dac: shr ecx, 1 rep movsd ; rep movsd dword es:[edi], dword ptr [esi] adc ecx, 0 db 0xf3, 0x66, 0xa5 ; rep movsw word es:[edi], word ptr [esi] loc_00456db6: pop edi pop esi pop ecx pop ebp ret fcn_00456dbb: push ebp mov ebp, esp push ecx push esi push edi mov edi, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov ecx, dword [ebp + 0x10] jecxz loc_00456de3 ; jecxz 0x456de3 test edi, 3 je short loc_00456dd9 ; je 0x456dd9 db 0x66, 0xa5 ; movsw word es:[edi], word ptr [esi] dec ecx je short loc_00456de3 ; je 0x456de3 loc_00456dd9: shr ecx, 1 rep movsd ; rep movsd dword es:[edi], dword ptr [esi] adc ecx, 0 db 0xf3, 0x66, 0xa5 ; rep movsw word es:[edi], word ptr [esi] loc_00456de3: pop edi pop esi pop ecx pop ebp ret clib_free: mov edx, dword [esp + 4] push edx call lib_free ; call 0x456e1f add esp, 4 ret lib_free: push ebx push esi push edi mov edi, dword [esp + 0x10] test edi, edi je near loc_00456f1f ; je 0x456f1f call dword [ref_00488f68] ; ucall: call dword [0x488f68] mov esi, dword [ref_004991bc] ; mov esi, dword [0x4991bc] test esi, esi je short loc_00456e7e ; je 0x456e7e cmp esi, edi ja short loc_00456e4e ; ja 0x456e4e mov eax, dword [esi] add eax, esi cmp eax, edi ja near loc_00456ed9 ; ja 0x456ed9 loc_00456e4e: mov eax, esi mov esi, dword [esi + 4] test esi, esi je short loc_00456e67 ; je 0x456e67 cmp esi, edi ja short loc_00456e67 ; ja 0x456e67 mov edx, dword [esi] add edx, esi cmp edx, edi ja near loc_00456ed9 ; ja 0x456ed9 loc_00456e67: mov esi, dword [eax + 8] test esi, esi je short loc_00456e7e ; je 0x456e7e cmp esi, edi ja short loc_00456e7e ; ja 0x456e7e mov eax, dword [esi] add eax, esi cmp eax, edi ja near loc_00456ed9 ; ja 0x456ed9 loc_00456e7e: mov esi, dword [ref_00488f04] ; mov esi, dword [0x488f04] test esi, esi je short loc_00456ebc ; je 0x456ebc cmp esi, edi ja short loc_00456e94 ; ja 0x456e94 mov eax, dword [esi] add eax, esi cmp eax, edi ja short loc_00456ed9 ; ja 0x456ed9 loc_00456e94: mov eax, esi mov esi, dword [esi + 4] test esi, esi je short loc_00456ea9 ; je 0x456ea9 cmp esi, edi ja short loc_00456ea9 ; ja 0x456ea9 mov edx, dword [esi] add edx, esi cmp edx, edi ja short loc_00456ed9 ; ja 0x456ed9 loc_00456ea9: mov esi, dword [eax + 8] test esi, esi je short loc_00456ebc ; je 0x456ebc cmp esi, edi ja short loc_00456ebc ; ja 0x456ebc mov eax, dword [esi] add eax, esi cmp eax, edi ja short loc_00456ed9 ; ja 0x456ed9 loc_00456ebc: mov esi, dword [ref_00488f00] ; mov esi, dword [0x488f00] jmp short loc_00456ed3 ; jmp 0x456ed3 loc_00456ec4: cmp esi, edi ja short loc_00456ed0 ; ja 0x456ed0 mov eax, dword [esi] add eax, esi cmp eax, edi ja short loc_00456ed9 ; ja 0x456ed9 loc_00456ed0: mov esi, dword [esi + 8] loc_00456ed3: test esi, esi jne short loc_00456ec4 ; jne 0x456ec4 jmp short loc_00456f19 ; jmp 0x456f19 loc_00456ed9: mov eax, ref_00488f00 ; mov eax, 0x488f00 mov edx, ds and edx, 0xffff mov ebx, esi mov eax, edi call fcn_004589b0 ; call 0x4589b0 mov edx, dword [ref_00488f04] ; mov edx, dword [0x488f04] mov dword [ref_004991bc], esi ; mov dword [0x4991bc], esi cmp esi, edx jae short loc_00456f11 ; jae 0x456f11 mov ebx, dword [ref_00488f08] ; mov ebx, dword [0x488f08] mov eax, dword [esi + 0x14] cmp eax, ebx jbe short loc_00456f11 ; jbe 0x456f11 mov dword [ref_00488f08], eax ; mov dword [0x488f08], eax loc_00456f11: xor ah, ah mov byte [ref_004991d0], ah ; mov byte [0x4991d0], ah loc_00456f19: call dword [ref_00488f70] ; ucall: call dword [0x488f70] loc_00456f1f: pop edi pop esi pop ebx ret memset: mov ecx, dword [esp + 0xc] mov edx, dword [esp + 8] mov eax, dword [esp + 4] push eax mov dh, dl shl edx, 8 mov dl, dh shl edx, 8 mov dl, dh call fcn_00458ae0 ; call 0x458ae0 pop eax ret fcn_00456f80: mov edx, dword [esp + 4] push edx call fcn_00456f8e ; call 0x456f8e add esp, 4 ret fcn_00456f8e: push ebx push esi push edi push es push fs push gs push ebp sub esp, 0xc mov ebp, dword [esp + 0x2c] test ebp, ebp je short loc_00456fa7 ; je 0x456fa7 cmp ebp, 0xffffffd4 jbe short loc_00456fae ; jbe 0x456fae loc_00456fa7: xor eax, eax jmp near loc_0045708f ; jmp 0x45708f loc_00456fae: lea eax, [ebp + 0xb] and al, 0xf8 mov dword [esp + 4], eax cmp eax, 0x10 jae short loc_00456fc4 ; jae 0x456fc4 mov dword [esp + 4], 0x10 loc_00456fc4: call dword [ref_00488f68] ; ucall: call dword [0x488f68] xor ecx, ecx xor ah, ah mov dword [esp], ecx mov byte [esp + 8], ah loc_00456fd5: mov eax, dword [esp + 4] cmp eax, dword [ref_00488f08] ; cmp eax, dword [0x488f08] jbe short loc_00456ff9 ; jbe 0x456ff9 mov esi, dword [ref_00488f04] ; mov esi, dword [0x488f04] test esi, esi jne short loc_00457007 ; jne 0x457007 mov dword [ref_00488f08], esi ; mov dword [0x488f08], esi mov esi, dword [ref_00488f00] ; mov esi, dword [0x488f00] jmp short loc_00457007 ; jmp 0x457007 loc_00456ff9: xor edi, edi mov esi, dword [ref_00488f00] ; mov esi, dword [0x488f00] mov dword [ref_00488f08], edi ; mov dword [0x488f08], edi loc_00457007: test esi, esi je short loc_00457048 ; je 0x457048 mov edi, dword [esi + 0x14] mov dword [ref_00488f04], esi ; mov dword [0x488f04], esi cmp edi, ebp jb short loc_00457035 ; jb 0x457035 mov eax, ref_00488f00 ; mov eax, 0x488f00 mov edx, ds and edx, 0xffff mov ebx, esi mov eax, ebp call fcn_00458900 ; call 0x458900 mov dword [esp], eax test eax, eax jne short loc_0045707e ; jne 0x45707e loc_00457035: cmp edi, dword [ref_00488f08] ; cmp edi, dword [0x488f08] jbe short loc_00457043 ; jbe 0x457043 mov dword [ref_00488f08], edi ; mov dword [0x488f08], edi loc_00457043: mov esi, dword [esi + 8] jmp short loc_00457007 ; jmp 0x457007 loc_00457048: cmp byte [esp + 8], 0 jne short loc_0045705c ; jne 0x45705c push ebp call fcn_00458c90 ; call 0x458c90 add esp, 4 test eax, eax jne short loc_00457074 ; jne 0x457074 loc_0045705c: push ebp call fcn_00458cea ; call 0x458cea add esp, 4 test eax, eax je short loc_0045707e ; je 0x45707e xor bl, bl mov byte [esp + 8], bl jmp near loc_00456fd5 ; jmp 0x456fd5 loc_00457074: mov byte [esp + 8], 1 jmp near loc_00456fd5 ; jmp 0x456fd5 loc_0045707e: xor bh, bh mov byte [ref_004991d0], bh ; mov byte [0x4991d0], bh call dword [ref_00488f70] ; ucall: call dword [0x488f70] mov eax, dword [esp] loc_0045708f: add esp, 0xc pop ebp pop gs pop fs pop es pop edi pop esi pop ebx ret fcn_00457110: push ebx sub esp, 4 lea eax, [esp + 0x14] mov dword [esp], eax mov eax, esp push eax mov edx, dword [esp + 0x14] push edx mov ebx, dword [esp + 0x14] push ebx call fcn_00458db5 ; call 0x458db5 add esp, 0xc add esp, 4 pop ebx ret fcn_00457135: push ebx push esi push edi push ebp sub esp, 4 mov ebx, dword [esp + 0x18] mov edx, dword [esp + 0x1c] mov ecx, 1 xor ebp, ebp xor esi, esi xor edi, edi mov dword [esp], ebp test edx, edx je short loc_00457164 ; je 0x457164 cmp ecx, dword [ref_00488f98] ; cmp ecx, dword [0x488f98] jne short loc_00457162 ; jne 0x457162 mov dword [edx], ecx jmp short loc_00457164 ; jmp 0x457164 loc_00457162: mov dword [edx], ebp loc_00457164: mov al, byte [ebx] cmp al, 0x72 jb short loc_00457172 ; jb 0x457172 jbe short loc_00457178 ; jbe 0x457178 cmp al, 0x77 je short loc_0045717e ; je 0x45717e jmp short loc_0045718a ; jmp 0x45718a loc_00457172: cmp al, 0x61 je short loc_00457184 ; je 0x457184 jmp short loc_0045718a ; jmp 0x45718a loc_00457178: or byte [esp], 1 jmp short loc_0045719b ; jmp 0x45719b loc_0045717e: or byte [esp], 2 jmp short loc_0045719b ; jmp 0x45719b loc_00457184: or byte [esp], 0x82 jmp short loc_0045719b ; jmp 0x45719b loc_0045718a: push 9 call fcn_00458de7 ; call 0x458de7 add esp, 4 xor ecx, ecx jmp near loc_0045724a ; jmp 0x45724a loc_0045719b: inc ebx mov al, byte [ebx] test al, al je near loc_00457233 ; je 0x457233 test ecx, ecx je near loc_00457233 ; je 0x457233 cmp al, 0x63 jb short loc_004571c8 ; jb 0x4571c8 jbe near loc_0045720a ; jbe 0x45720a cmp al, 0x6e jb short loc_0045719b ; jb 0x45719b jbe near loc_0045721f ; jbe 0x45721f cmp al, 0x74 je short loc_004571ec ; je 0x4571ec jmp short loc_0045719b ; jmp 0x45719b loc_004571c8: cmp al, 0x2b jb short loc_0045719b ; jb 0x45719b jbe short loc_004571d4 ; jbe 0x4571d4 cmp al, 0x62 je short loc_004571f7 ; je 0x4571f7 jmp short loc_0045719b ; jmp 0x45719b loc_004571d4: test ebp, ebp je short loc_004571dc ; je 0x4571dc loc_004571d8: xor ecx, ecx jmp short loc_0045719b ; jmp 0x45719b loc_004571dc: mov ah, byte [esp] or ah, 3 mov ebp, 1 mov byte [esp], ah jmp short loc_0045719b ; jmp 0x45719b loc_004571ec: test esi, esi jne short loc_004571d8 ; jne 0x4571d8 mov esi, 1 jmp short loc_0045719b ; jmp 0x45719b loc_004571f7: test esi, esi jne short loc_004571d8 ; jne 0x4571d8 mov al, byte [esp] or al, 0x40 mov esi, 1 mov byte [esp], al jmp short loc_0045719b ; jmp 0x45719b loc_0045720a: test edi, edi jne short loc_004571d8 ; jne 0x4571d8 mov ah, byte [edx] or ah, 1 mov edi, 1 mov byte [edx], ah jmp near loc_0045719b ; jmp 0x45719b loc_0045721f: test edi, edi jne short loc_004571d8 ; jne 0x4571d8 mov al, byte [edx] and al, 0xfe mov edi, 1 mov byte [edx], al jmp near loc_0045719b ; jmp 0x45719b loc_00457233: test esi, esi jne short loc_00457247 ; jne 0x457247 cmp dword [ref_004891a5], 0x200 ; cmp dword [0x4891a5], 0x200 jne short loc_00457247 ; jne 0x457247 or byte [esp], 0x40 loc_00457247: mov ecx, dword [esp] loc_0045724a: mov eax, ecx add esp, 4 pop ebp pop edi pop esi pop ebx ret fcn_00457254: push ebx push esi push edi push ebp mov ebx, dword [esp + 0x28] and byte [ebx + 0xc], 0xfc mov eax, dword [esp + 0x1c] mov edx, dword [ebx + 0xc] or edx, eax xor eax, eax mov al, byte [esp + 0x18] push eax mov dword [ebx + 0xc], edx call fcn_00458e22 ; call 0x458e22 add esp, 4 cmp al, 0x72 jne short loc_004572ad ; jne 0x4572ad mov ch, byte [esp + 0x1c] xor eax, eax test ch, 2 je short loc_0045728f ; je 0x45728f mov eax, 2 loc_0045728f: test byte [esp + 0x1c], 0x40 je short loc_0045729b ; je 0x45729b or ah, 2 jmp short loc_0045729e ; jmp 0x45729e loc_0045729b: or ah, 1 loc_0045729e: push 0 mov edi, dword [esp + 0x28] push edi push eax mov ebp, dword [esp + 0x20] push ebp jmp short loc_004572e9 ; jmp 0x4572e9 loc_004572ad: mov dl, byte [esp + 0x1c] test dl, 1 setne al and eax, 0xff add eax, 0x21 test dl, 0x80 je short loc_004572c8 ; je 0x4572c8 or al, 0x10 jmp short loc_004572ca ; jmp 0x4572ca loc_004572c8: or al, 0x40 loc_004572ca: test byte [esp + 0x1c], 0x40 je short loc_004572d6 ; je 0x4572d6 or ah, 2 jmp short loc_004572d9 ; jmp 0x4572d9 loc_004572d6: or ah, 1 loc_004572d9: push 0x180 mov ecx, dword [esp + 0x28] push ecx push eax mov esi, dword [esp + 0x20] push esi loc_004572e9: call fcn_00458e56 ; call 0x458e56 add esp, 0x10 mov dword [ebx + 0x10], eax cmp dword [ebx + 0x10], 0xffffffff jne short loc_0045730a ; jne 0x45730a push ebx call fcn_00459171 ; call 0x459171 add esp, 4 xor eax, eax pop ebp pop edi pop esi pop ebx ret loc_0045730a: mov dword [ebx + 4], 0 mov eax, dword [ebx + 8] mov dword [ebx + 0x14], 0 mov dword [eax + 0xc], 0 mov eax, dword [ebx + 8] mov edx, dword [esp + 0x20] mov dword [eax + 0x10], edx mov eax, dword [ebx + 8] mov dword [eax + 0x15], 0 mov eax, dword [ebx + 8] mov dh, byte [esp + 0x1c] mov dword [eax + 8], 0 test dh, 0x80 je short loc_00457356 ; je 0x457356 push 2 push 0 push ebx call clib_fseek ; call 0x45753a add esp, 0xc loc_00457356: push ebx call fcn_004591c6 ; call 0x4591c6 add esp, 4 mov eax, ebx pop ebp pop edi pop esi pop ebx ret fcn_004573d6: push ebx mov ebx, dword [esp + 8] call dword [ref_00488f60] ; ucall: call dword [0x488f60] mov eax, dword [ref_004991d4] ; mov eax, dword [0x4991d4] loc_004573e6: test eax, eax je short loc_00457410 ; je 0x457410 mov edx, dword [eax + 4] cmp ebx, edx jne short loc_0045740c ; jne 0x45740c test byte [edx + 0xc], 3 je short loc_00457402 ; je 0x457402 push 1 push edx call fcn_004579e8 ; call 0x4579e8 add esp, 8 loc_00457402: call dword [ref_00488f64] ; ucall: call dword [0x488f64] mov eax, ebx pop ebx ret loc_0045740c: mov eax, dword [eax] jmp short loc_004573e6 ; jmp 0x4573e6 loc_00457410: mov edx, ref_004991d8 ; mov edx, 0x4991d8 loc_00457415: mov eax, dword [edx] test eax, eax je short loc_00457437 ; je 0x457437 cmp ebx, dword [eax + 4] jne short loc_00457433 ; jne 0x457433 mov ecx, dword [eax] mov dword [edx], ecx mov edx, dword [ref_004991d4] ; mov edx, dword [0x4991d4] mov dword [ref_004991d4], eax ; mov dword [0x4991d4], eax mov dword [eax], edx jmp short loc_00457402 ; jmp 0x457402 loc_00457433: mov edx, eax jmp short loc_00457415 ; jmp 0x457415 loc_00457437: push 4 call fcn_00458de7 ; call 0x458de7 add esp, 4 call dword [ref_00488f64] ; ucall: call dword [0x488f64] xor eax, eax pop ebx ret endloc_0045744b: db 0x53 dd 0x83555756 dd 0x748b04ec dd 0xe0892024 dd 0x24548b50 dd 0xd2e85220 dd 0x83fffffc dd 0xc78908c4 dd 0x840fc085 dd 0xfffffddc dd 0x53105e8b db 0xff db 0x15 dd ref_00488f50 db 0x8b db 0x0d dd ref_004891b0 dd 0x8504c483 dd 0x530a74c9 db 0xff db 0x15 dd ref_004891b0 db 0x83 db 0xc4 dd 0x3fe85604 dd 0x83ffffff dd 0xc68904c4 dd 0x2d74c085 dd 0x810c708b dd 0x004000e6 dd 0x70895000 dd 0x8b006a0c dd 0x5508246c dd 0x2824748b dd 0x8a57c031 dd 0x448b5006 dd 0xe8502c24 dd 0xfffffd8c dd 0x8918c483 dd 0x15ff53c6 dd ref_00488f54 dd 0x8904c483 dd 0xfd6ee9f0 db 0xff db 0xff fcn_00457902: push ebx mov edx, dword [esp + 0xc] push edx mov ebx, dword [esp + 0xc] push ebx call fcn_004579e8 ; call 0x4579e8 add esp, 8 mov ecx, dword [esp + 8] push ecx mov ebx, eax call fcn_00459171 ; call 0x459171 add esp, 4 mov eax, ebx pop ebx ret fcn_00457928: mov eax, dword [esp + 4] add eax, 0x30 cmp eax, 0x39 jle short loc_00457937 ; jle 0x457937 add eax, 0x27 loc_00457937: ret fcn_00457938: push ebx push esi push edi push ebp mov ebx, dword [esp + 0x14] call fcn_00459718 ; call 0x459718 mov ebp, eax shr ebp, 0x10 mov edi, ebx or ebp, eax call fcn_0045983a ; call 0x45983a mov esi, eax push edi loc_00457956: mov al, byte [esi] mov byte [edi], al cmp al, 0 je short loc_0045796e ; je 0x45796e mov al, byte [esi + 1] add esi, 2 mov byte [edi + 1], al add edi, 2 cmp al, 0 jne short loc_00457956 ; jne 0x457956 loc_0045796e: pop edi push es mov eax, ds mov es, eax sub ecx, ecx dec ecx xor eax, eax repne scasb ; repne scasb al, byte es:[edi] not ecx dec ecx pop es lea esi, [ebx + ecx] lea ebx, [esi + 4] mov byte [esi], 0x74 mov edi, esi loc_0045798a: mov eax, ebp and eax, 0xf push eax shr ebp, 4 call fcn_00457928 ; call 0x457928 mov byte [ebx], al dec ebx add esp, 4 cmp ebx, edi jne short loc_0045798a ; jne 0x45798a mov eax, dword [esp + 0x18] sar eax, 4 and eax, 0xf push eax mov byte [esi + 5], 0x5f call fcn_00457928 ; call 0x457928 add esp, 4 mov byte [esi + 6], al mov eax, dword [esp + 0x18] and eax, 0xf push eax call fcn_00457928 ; call 0x457928 mov byte [esi + 8], 0x2e mov byte [esi + 9], 0x74 mov byte [esi + 0xa], 0x6d mov byte [esi + 0xb], 0x70 mov byte [esi + 0xc], 0 add esp, 4 mov byte [esi + 7], al pop ebp pop edi pop esi pop ebx ret fcn_004579e8: push ebx push esi push edi push ebp sub esp, 0x114 mov ebx, dword [esp + 0x128] cmp dword [ebx + 0xc], 0 jne short loc_00457a09 ; jne 0x457a09 mov eax, 0xffffffff jmp near loc_00457acf ; jmp 0x457acf loc_00457a09: mov ah, byte [ebx + 0xd] xor esi, esi test ah, 0x10 je short loc_00457a1e ; je 0x457a1e push ebx call fcn_004591f9 ; call 0x4591f9 add esp, 4 mov esi, eax loc_00457a1e: mov ecx, dword [ebx + 0x10] push ecx call dword [ref_00488f50] ; ucall: call dword [0x488f50] add esp, 4 push ebx call fcn_00458532 ; call 0x458532 add esp, 4 cmp eax, 0xffffffff je short loc_00457a48 ; je 0x457a48 push 0 push eax mov edi, dword [ebx + 0x10] push edi call fcn_0045931e ; call 0x45931e add esp, 0xc loc_00457a48: cmp dword [esp + 0x12c], 0 je short loc_00457a60 ; je 0x457a60 mov eax, dword [ebx + 0x10] push eax call fcn_00459908 ; call 0x459908 add esp, 4 or esi, eax loc_00457a60: test byte [ebx + 0xc], 8 je short loc_00457a7f ; je 0x457a7f mov eax, dword [ebx + 8] mov edx, dword [eax + 8] push edx call clib_free ; call 0x456e11 mov eax, dword [ebx + 8] add esp, 4 mov dword [eax + 8], 0 loc_00457a7f: test byte [ebx + 0xd], 8 je short loc_00457aa9 ; je 0x457aa9 mov eax, dword [ebx + 8] mov al, byte [eax + 0x14] and eax, 0xff push eax lea eax, [esp + 4] push eax call fcn_00457938 ; call 0x457938 add esp, 8 mov eax, esp push eax call fcn_004599ad ; call 0x4599ad add esp, 4 loc_00457aa9: mov ecx, dword [ebx + 0x10] push ecx call dword [ref_00488f54] ; ucall: call dword [0x488f54] add esp, 4 cmp dword [esp + 0x12c], 0 je short loc_00457acd ; je 0x457acd mov ebp, dword [ebx + 0x10] push ebp call dword [ref_00488f5c] ; ucall: call dword [0x488f5c] add esp, 4 loc_00457acd: mov eax, esi loc_00457acf: add esp, 0x114 pop ebp pop edi pop esi pop ebx ret fcn_00457d10: push ebx push esi push edi sub esp, 0x28 mov edx, dword [esp + 0x38] mov edi, dword [esp + 0x40] mov esi, dword [esp + 0x3c] xor ah, ah lea ecx, [esp + 1] mov byte [esp], ah loc_00457d2b: lea ebx, [esp + 0x24] mov eax, edx mov dword [esp + 0x24], edi xor edx, edx div dword [ebx] mov dword [ebx], eax mov dl, byte [edx + ref_00488f0c] ; mov dl, byte [edx + 0x488f0c] mov byte [ecx], dl mov edx, dword [esp + 0x24] inc ecx test edx, edx jne short loc_00457d2b ; jne 0x457d2b loc_00457d4c: dec ecx mov dl, byte [ecx] mov byte [esi], dl inc esi test dl, dl jne short loc_00457d4c ; jne 0x457d4c mov eax, dword [esp + 0x3c] add esp, 0x28 pop edi pop esi pop ebx ret fcn_00457d61: push ebx push esi mov edx, dword [esp + 0xc] mov ebx, dword [esp + 0x10] mov ecx, dword [esp + 0x14] mov eax, ebx cmp ecx, 0xa jne short loc_00457d82 ; jne 0x457d82 test edx, edx jge short loc_00457d82 ; jge 0x457d82 neg edx lea eax, [ebx + 1] mov byte [ebx], 0x2d loc_00457d82: mov esi, dword [esp + 0x14] push esi push eax push edx call fcn_00457d10 ; call 0x457d10 add esp, 0xc mov eax, ebx pop esi pop ebx ret fcn_00457d96: mov edx, dword [esp + 8] mov eax, dword [esp + 4] push eax loc_00457d9f: mov cl, byte [edx] mov byte [eax], cl cmp cl, 0 je short loc_00457db9 ; je 0x457db9 mov cl, byte [edx + 1] add edx, 2 mov byte [eax + 1], cl add eax, 2 cmp cl, 0 jne short loc_00457d9f ; jne 0x457d9f loc_00457db9: pop eax ret endloc_00457dbb: db 0x00 fcn_00457dbc: push eax wait fnstcw word [esp] wait push dword [esp] mov byte [esp + 1], 0x1f fldcw word [esp] frndint fldcw word [esp + 4] wait lea esp, [esp + 8] ret endloc_00457dd9: db 0x00 fcn_00457dda: ret fcn_00457ddb: ret fcn_00457ddc: push ebx push esi push edi push es push fs push gs push ebp mov ebp, esp mov esi, dword [ebp + 0x28] mov edi, dword [ebp + 0x2c] push dword [ebp + 0x24] push dword [ebp + 0x20] call edi add esp, 8 test eax, eax jle short loc_00457e1f ; jle 0x457e1f push esi push dword [ebp + 0x20] call edi add esp, 8 test eax, eax jle short loc_00457e1a ; jle 0x457e1a push esi push dword [ebp + 0x24] call edi add esp, 8 test eax, eax jg short loc_00457e39 ; jg 0x457e39 loc_00457e16: mov eax, esi jmp short loc_00457e3c ; jmp 0x457e3c loc_00457e1a: mov eax, dword [ebp + 0x20] jmp short loc_00457e3c ; jmp 0x457e3c loc_00457e1f: push esi push dword [ebp + 0x20] call edi add esp, 8 test eax, eax jge short loc_00457e1a ; jge 0x457e1a push esi push dword [ebp + 0x24] call edi add esp, 8 test eax, eax jg short loc_00457e16 ; jg 0x457e16 loc_00457e39: mov eax, dword [ebp + 0x24] loc_00457e3c: pop ebp loc_00457e3d: pop gs pop fs pop es pop edi pop esi pop ebx ret fcn_00457e46: push es push ds pop es movzx edx, cl shr ecx, 2 je short loc_00457e5c ; je 0x457e5c loc_00457e51: mov eax, dword [edi] xchg dword [esi], eax stosd ; stosd dword es:[edi], eax add esi, 4 dec ecx jne short loc_00457e51 ; jne 0x457e51 loc_00457e5c: and dl, 3 je short loc_00457e6a ; je 0x457e6a loc_00457e61: mov al, byte [edi] xchg byte [esi], al stosb ; stosb byte es:[edi], al inc esi dec edx jne short loc_00457e61 ; jne 0x457e61 loc_00457e6a: pop es ret fcn_00457e6c: push ebx push esi push edi push es push fs push gs enter 0x150, 0 mov eax, dword [ebp + 0x20] mov dword [ebp - 4], eax mov eax, dword [ebp + 0x2c] mov dword [ebp - 0x28], eax mov eax, dword [ebp + 0x20] or eax, dword [ebp + 0x28] test al, 3 je short loc_00457e95 ; je 0x457e95 mov eax, 2 jmp short loc_00457e9f ; jmp 0x457e9f loc_00457e95: cmp dword [ebp + 0x28], 4 seta al movzx eax, al loc_00457e9f: mov dword [ebp - 0x2c], eax imul eax, dword [ebp + 0x28], 3 mov dword [ebp - 0x48], eax mov eax, dword [ebp + 0x28] add eax, eax mov dword [ebp - 0x24], 0 mov dword [ebp - 0x40], eax loc_00457eb8: cmp dword [ebp + 0x24], 1 jbe near loc_00457f4d ; jbe 0x457f4d cmp dword [ebp + 0x24], 0x10 jae near loc_00457f76 ; jae 0x457f76 mov eax, dword [ebp - 0x48] mov dword [ebp - 0x20], eax mov eax, dword [ebp + 0x24] imul eax, dword [ebp + 0x28] mov ebx, dword [ebp - 4] add ebx, eax mov dword [ebp - 0x44], ebx jmp short loc_00457f47 ; jmp 0x457f47 loc_00457ee3: mov eax, dword [ebp - 4] add eax, dword [ebp - 0x20] mov dword [ebp - 0x30], eax jmp short loc_00457f39 ; jmp 0x457f39 loc_00457eee: mov dword [ebp - 0x18], eax jmp short loc_00457f1a ; jmp 0x457f1a loc_00457ef3: cmp dword [ebp - 0x2c], 0 je short loc_00457f06 ; je 0x457f06 mov ecx, dword [ebp + 0x28] mov esi, dword [ebp - 0x18] call fcn_00457e46 ; call 0x457e46 jmp short loc_00457f14 ; jmp 0x457f14 loc_00457f06: mov ebx, dword [ebp - 0x18] mov ecx, dword [ebp - 0x18] mov eax, dword [edi] mov ebx, dword [ebx] mov dword [ecx], eax mov dword [edi], ebx loc_00457f14: mov eax, dword [ebp - 0x20] sub dword [ebp - 0x18], eax loc_00457f1a: mov eax, dword [ebp - 0x18] cmp eax, dword [ebp - 4] jbe short loc_00457f33 ; jbe 0x457f33 mov edi, eax push eax sub edi, dword [ebp - 0x20] push edi call dword [ebp - 0x28] ; ucall add esp, 8 test eax, eax jg short loc_00457ef3 ; jg 0x457ef3 loc_00457f33: mov eax, dword [ebp - 0x20] add dword [ebp - 0x30], eax loc_00457f39: mov eax, dword [ebp - 0x30] cmp eax, dword [ebp - 0x44] jb short loc_00457eee ; jb 0x457eee mov eax, dword [ebp - 0x40] sub dword [ebp - 0x20], eax loc_00457f47: cmp dword [ebp - 0x20], 0 jg short loc_00457ee3 ; jg 0x457ee3 loc_00457f4d: cmp dword [ebp - 0x24], 0 je near loc_00458257 ; je 0x458257 dec dword [ebp - 0x24] mov eax, dword [ebp - 0x24] mov ebx, dword [ebp + eax*4 - 0x150] mov eax, dword [ebp + eax*4 - 0xd0] mov dword [ebp - 4], ebx mov dword [ebp + 0x24], eax jmp near loc_00457eb8 ; jmp 0x457eb8 loc_00457f76: mov eax, dword [ebp + 0x24] shr eax, 1 imul eax, dword [ebp + 0x28] mov edi, dword [ebp - 4] add edi, eax cmp dword [ebp + 0x24], 0x1d jbe near loc_00458010 ; jbe 0x458010 mov esi, dword [ebp + 0x24] dec esi imul esi, dword [ebp + 0x28] mov eax, dword [ebp - 4] mov dword [ebp - 0x3c], eax add esi, eax cmp dword [ebp + 0x24], 0x2a jbe short loc_00457ffe ; jbe 0x457ffe mov ebx, dword [ebp + 0x24] shr ebx, 3 imul ebx, dword [ebp + 0x28] lea eax, [ebx + ebx] mov dword [ebp - 0x4c], eax mov eax, dword [ebp - 4] push dword [ebp - 0x28] add eax, dword [ebp - 0x4c] push eax mov eax, dword [ebp - 4] add eax, ebx push eax push dword [ebp - 4] call fcn_00457ddc ; call 0x457ddc add esp, 0x10 mov dword [ebp - 0x3c], eax push dword [ebp - 0x28] lea eax, [edi + ebx] push eax push edi sub edi, ebx push edi call fcn_00457ddc ; call 0x457ddc add esp, 0x10 mov edi, eax push dword [ebp - 0x28] mov eax, esi push esi sub eax, ebx push eax sub esi, dword [ebp - 0x4c] push esi call fcn_00457ddc ; call 0x457ddc add esp, 0x10 mov esi, eax loc_00457ffe: push dword [ebp - 0x28] push esi push edi push dword [ebp - 0x3c] call fcn_00457ddc ; call 0x457ddc add esp, 0x10 mov edi, eax loc_00458010: cmp dword [ebp - 0x2c], 0 je short loc_00458037 ; je 0x458037 mov eax, dword [ebp - 4] mov dword [ebp - 0x38], eax je short loc_0045802a ; je 0x45802a mov ecx, dword [ebp + 0x28] mov esi, eax call fcn_00457e46 ; call 0x457e46 jmp short loc_00458042 ; jmp 0x458042 loc_0045802a: mov ecx, dword [ebp - 4] mov ebx, dword [eax] mov eax, dword [edi] mov dword [ecx], eax mov dword [edi], ebx jmp short loc_00458042 ; jmp 0x458042 loc_00458037: lea eax, [ebp - 0x50] mov dword [ebp - 0x38], eax mov eax, dword [edi] mov dword [ebp - 0x50], eax loc_00458042: mov eax, dword [ebp - 4] mov dword [ebp - 8], eax mov dword [ebp - 0x1c], eax mov eax, dword [ebp + 0x24] dec eax imul eax, dword [ebp + 0x28] mov ebx, dword [ebp - 4] add ebx, eax mov eax, dword [ebp + 0x24] mov dword [ebp - 0x14], ebx mov dword [ebp - 0xc], ebx mov dword [ebp - 0x10], eax loc_00458064: cmp dword [ebp - 0x10], 0 je short loc_004580b7 ; je 0x4580b7 push dword [ebp - 0x38] push dword [ebp - 8] call dword [ebp - 0x28] ; ucall add esp, 8 test eax, eax jg short loc_004580b7 ; jg 0x4580b7 jne short loc_004580ac ; jne 0x4580ac cmp dword [ebp - 0x2c], 0 je short loc_00458092 ; je 0x458092 mov ecx, dword [ebp + 0x28] mov edi, dword [ebp - 8] mov esi, dword [ebp - 0x1c] call fcn_00457e46 ; call 0x457e46 jmp short loc_004580a6 ; jmp 0x4580a6 loc_00458092: mov eax, dword [ebp - 8] mov ebx, dword [ebp - 0x1c] mov ecx, dword [ebp - 0x1c] mov eax, dword [eax] mov ebx, dword [ebx] mov dword [ecx], eax mov eax, dword [ebp - 8] mov dword [eax], ebx loc_004580a6: mov eax, dword [ebp + 0x28] add dword [ebp - 0x1c], eax loc_004580ac: mov eax, dword [ebp + 0x28] dec dword [ebp - 0x10] add dword [ebp - 8], eax jmp short loc_00458064 ; jmp 0x458064 loc_004580b7: cmp dword [ebp - 0x10], 0 je short loc_0045810a ; je 0x45810a push dword [ebp - 0x38] push dword [ebp - 0xc] call dword [ebp - 0x28] ; ucall add esp, 8 test eax, eax jl short loc_0045810a ; jl 0x45810a jne short loc_004580ff ; jne 0x4580ff cmp dword [ebp - 0x2c], 0 je short loc_004580e5 ; je 0x4580e5 mov ecx, dword [ebp + 0x28] mov edi, dword [ebp - 0x14] mov esi, dword [ebp - 0xc] call fcn_00457e46 ; call 0x457e46 jmp short loc_004580f9 ; jmp 0x4580f9 loc_004580e5: mov eax, dword [ebp - 0x14] mov ebx, dword [ebp - 0xc] mov ecx, dword [ebp - 0xc] mov eax, dword [eax] mov ebx, dword [ebx] mov dword [ecx], eax mov eax, dword [ebp - 0x14] mov dword [eax], ebx loc_004580f9: mov eax, dword [ebp + 0x28] sub dword [ebp - 0x14], eax loc_004580ff: mov eax, dword [ebp + 0x28] dec dword [ebp - 0x10] sub dword [ebp - 0xc], eax jmp short loc_004580b7 ; jmp 0x4580b7 loc_0045810a: cmp dword [ebp - 0x10], 0 je short loc_00458150 ; je 0x458150 cmp dword [ebp - 0x2c], 0 je short loc_00458126 ; je 0x458126 mov ecx, dword [ebp + 0x28] mov edi, dword [ebp - 0xc] mov esi, dword [ebp - 8] call fcn_00457e46 ; call 0x457e46 jmp short loc_0045813a ; jmp 0x45813a loc_00458126: mov eax, dword [ebp - 0xc] mov ebx, dword [ebp - 8] mov ecx, dword [ebp - 8] mov eax, dword [eax] mov ebx, dword [ebx] mov dword [ecx], eax mov eax, dword [ebp - 0xc] mov dword [eax], ebx loc_0045813a: mov eax, dword [ebp + 0x28] add dword [ebp - 8], eax dec dword [ebp - 0x10] je short loc_00458150 ; je 0x458150 dec dword [ebp - 0x10] sub dword [ebp - 0xc], eax jmp near loc_00458064 ; jmp 0x458064 loc_00458150: mov eax, dword [ebp + 0x24] imul eax, dword [ebp + 0x28] mov ebx, dword [ebp - 4] mov ecx, dword [ebp - 0x1c] add ebx, eax mov eax, dword [ebp - 8] sub ecx, dword [ebp - 4] sub eax, dword [ebp - 0x1c] mov dword [ebp - 0x34], ebx cmp ecx, eax jl short loc_00458171 ; jl 0x458171 mov ecx, eax loc_00458171: test ecx, ecx jbe short loc_004581a2 ; jbe 0x4581a2 mov edi, dword [ebp - 8] mov esi, dword [ebp - 4] sub edi, ecx push es push ds pop es movzx edx, cl shr ecx, 2 je short loc_00458193 ; je 0x458193 loc_00458188: mov eax, dword [edi] xchg dword [esi], eax stosd ; stosd dword es:[edi], eax add esi, 4 dec ecx jne short loc_00458188 ; jne 0x458188 loc_00458193: and dl, 3 je short loc_004581a1 ; je 0x4581a1 loc_00458198: mov al, byte [edi] xchg byte [esi], al stosb ; stosb byte es:[edi], al inc esi dec edx jne short loc_00458198 ; jne 0x458198 loc_004581a1: pop es loc_004581a2: mov ecx, dword [ebp - 0x34] mov eax, dword [ebp - 0x14] sub ecx, dword [ebp - 0x14] sub eax, dword [ebp - 0xc] sub ecx, dword [ebp + 0x28] cmp eax, ecx jae short loc_004581b7 ; jae 0x4581b7 mov ecx, eax loc_004581b7: test ecx, ecx jbe short loc_004581e8 ; jbe 0x4581e8 mov edi, dword [ebp - 0x34] mov esi, dword [ebp - 8] sub edi, ecx push es push ds pop es movzx edx, cl shr ecx, 2 je short loc_004581d9 ; je 0x4581d9 loc_004581ce: mov eax, dword [edi] xchg dword [esi], eax stosd ; stosd dword es:[edi], eax add esi, 4 dec ecx jne short loc_004581ce ; jne 0x4581ce loc_004581d9: and dl, 3 je short loc_004581e7 ; je 0x4581e7 loc_004581de: mov al, byte [edi] xchg byte [esi], al stosb ; stosb byte es:[edi], al inc esi dec edx jne short loc_004581de ; jne 0x4581de loc_004581e7: pop es loc_004581e8: mov ebx, dword [ebp - 8] mov ecx, dword [ebp - 0x14] mov esi, dword [ebp - 0x34] mov edi, dword [ebp - 0x24] sub ebx, dword [ebp - 0x1c] sub ecx, dword [ebp - 0xc] shl edi, 2 sub esi, ecx cmp ecx, ebx jb short loc_00458221 ; jb 0x458221 mov eax, ecx xor edx, edx div dword [ebp + 0x28] xor edx, edx mov dword [edi + ebp - 0xd0], eax mov eax, ebx div dword [ebp + 0x28] mov dword [edi + ebp - 0x150], esi jmp short loc_0045824c ; jmp 0x45824c loc_00458221: cmp ebx, dword [ebp + 0x28] jbe near loc_00457f4d ; jbe 0x457f4d mov eax, dword [ebp - 4] xor edx, edx mov dword [edi + ebp - 0x150], eax mov eax, ebx div dword [ebp + 0x28] xor edx, edx mov dword [edi + ebp - 0xd0], eax mov eax, ecx div dword [ebp + 0x28] mov dword [ebp - 4], esi loc_0045824c: mov dword [ebp + 0x24], eax inc dword [ebp - 0x24] jmp near loc_00457eb8 ; jmp 0x457eb8 loc_00458257: leave jmp near loc_00457e3d ; jmp 0x457e3d endloc_00458281: db 0x00 db 0xf6 db 0x44 dd 0x74800b24 dd 0x24448b23 dd 0xffff2508 dd 0x440b7fff dd 0x14740424 dd 0x74ff036a dd 0x74ff0c24 dd 0xaae80c24 dd 0x83000019 dd 0x0feb0cc4 dd 0x042444dd dd 0xec83fad9 dd 0x241cdd08 dd 0xc35a589b fcn_004582bc: mov al, 3 push ebp mov ebp, esp ftst sub esp, 0x10 wait fnstsw [ebp - 8] wait xchg word [ebp - 8], ax sahf jae short loc_004582f4 ; jae 0x4582f4 fstp qword [ebp - 0x10] mov eax, dword [ebp - 8] cmp al, 3 je short loc_004582df ; je 0x4582df fstp qword [ebp - 0x10] loc_004582df: mov dword [ebp - 4], edx call fcn_00459c51 ; call 0x459c51 push edx push eax fld qword [esp] mov edx, dword [ebp - 4] wait mov al, 1 jmp short loc_004582f8 ; jmp 0x4582f8 loc_004582f4: fsqrt mov al, 0 loc_004582f8: mov esp, ebp pop ebp ret fcn_004582fc: push esi push edi mov esi, dword [esp + 0x10] mov edi, dword [esp + 0xc] push es push ds pop es push edi sub ecx, ecx dec ecx mov al, 0 repne scasb ; repne scasb al, byte es:[edi] dec edi loc_00458312: mov al, byte [esi] mov byte [edi], al cmp al, 0 je short loc_0045832a ; je 0x45832a mov al, byte [esi + 1] add esi, 2 mov byte [edi + 1], al add edi, 2 cmp al, 0 jne short loc_00458312 ; jne 0x458312 loc_0045832a: pop edi pop es mov eax, edi pop edi pop esi ret fcn_00458370: push edx mov eax, dword [esp + 8] mov edx, dword [esp + 0xc] push ebx push ecx mov ebx, eax cmp eax, edx je short loc_004583ed ; je 0x4583ed loc_00458381: mov eax, dword [ebx] mov ecx, dword [edx] cmp ecx, eax jne short loc_004583f3 ; jne 0x4583f3 not ecx add eax, 0xfefefeff and eax, ecx and eax, 0x80808080 jne short loc_004583ed ; jne 0x4583ed mov eax, dword [ebx + 4] mov ecx, dword [edx + 4] cmp ecx, eax jne short loc_004583f3 ; jne 0x4583f3 not ecx add eax, 0xfefefeff and eax, ecx and eax, 0x80808080 jne short loc_004583ed ; jne 0x4583ed mov eax, dword [ebx + 8] mov ecx, dword [edx + 8] cmp ecx, eax jne short loc_004583f3 ; jne 0x4583f3 not ecx add eax, 0xfefefeff and eax, ecx and eax, 0x80808080 jne short loc_004583ed ; jne 0x4583ed mov eax, dword [ebx + 0xc] mov ecx, dword [edx + 0xc] cmp ecx, eax jne short loc_004583f3 ; jne 0x4583f3 add ebx, 0x10 add edx, 0x10 not ecx add eax, 0xfefefeff and eax, ecx and eax, 0x80808080 je short loc_00458381 ; je 0x458381 loc_004583ed: sub eax, eax pop ecx pop ebx pop edx ret loc_004583f3: cmp al, cl jne short loc_00458414 ; jne 0x458414 cmp al, 0 je short loc_004583ed ; je 0x4583ed cmp ah, ch jne short loc_00458414 ; jne 0x458414 cmp ah, 0 je short loc_004583ed ; je 0x4583ed shr eax, 0x10 shr ecx, 0x10 cmp al, cl jne short loc_00458414 ; jne 0x458414 cmp al, 0 je short loc_004583ed ; je 0x4583ed cmp ah, ch loc_00458414: sbb eax, eax or al, 1 pop ecx pop ebx pop edx ret fcn_0045841c: test byte [ref_0048936c], 1 ; test byte [0x48936c], 1 jne short loc_00458429 ; jne 0x458429 fprem jmp short loc_0045842e ; jmp 0x45842e loc_00458429: call fcn_00460bde ; call 0x460bde loc_0045842e: fnstsw ax sahf jp short fcn_0045841c ; jp 0x45841c fstp st1 ; fstp st(1) ret endloc_00458436: db 0xdd db 0x44 dd 0x44dd0c24 dd 0xd9e80424 dd 0x83ffffff dd 0x1cdd08ec dd 0x5a589b24 db 0xc3 db 0x00 fcn_0045844e: fcos call fcn_00458462 ; call 0x458462 jae short fcn_0045844e ; jae 0x45844e ret fcn_00458458: fsin call fcn_00458462 ; call 0x458462 jae short fcn_00458458 ; jae 0x458458 ret fcn_00458462: push ebp mov ebp, esp push eax wait fnstsw [ebp - 2] mov ah, byte [ebp - 1] or ah, 1 sahf jnp short loc_0045848a ; jnp 0x45848a fld tword [ref_00488f3c] ; fld xword [0x488f3c] fxch st1 ; fxch st(1) loc_0045847b: fprem wait fnstsw [ebp - 2] mov ah, byte [ebp - 1] sahf jp short loc_0045847b ; jp 0x45847b fstp st1 ; fstp st(1) clc loc_0045848a: pop eax pop ebp ret endloc_0045848d: db 0xdd db 0x44 db 0x24 dd 0xffb8e804 dd 0xec83ffff dd 0x241cdd08 dd 0xc35a589b dd 0x042444dd dd 0xffffafe8 dd 0x08ec83ff dd 0x9b241cdd db 0x58 db 0x5a db 0xc3 fcn_004584b3: test byte [ref_0048936c], 1 ; test byte [0x48936c], 1 jne short loc_004584c0 ; jne 0x4584c0 fptan jmp short loc_004584c5 ; jmp 0x4584c5 loc_004584c0: call fcn_00459cfc ; call 0x459cfc loc_004584c5: fstp st0 ; fstp st(0) ret endloc_004584c8: dd 0x042444dd dd 0xffffe2e8 dd 0x08ec83ff dd 0x9b241cdd db 0x58 db 0x5a db 0xc3 fcn_004584db: push ebx mov eax, dword [esp + 8] loc_004584e0: mov dl, byte [eax] inc dl and edx, 0xff test byte [edx + ref_00489370], 2 ; test byte [edx + 0x489370], 2 je short loc_004584f6 ; je 0x4584f6 inc eax jmp short loc_004584e0 ; jmp 0x4584e0 loc_004584f6: mov cl, byte [eax] cmp cl, 0x2b je short loc_00458502 ; je 0x458502 cmp cl, 0x2d jne short loc_00458503 ; jne 0x458503 loc_00458502: inc eax loc_00458503: xor ebx, ebx loc_00458505: mov dl, byte [eax] inc dl and edx, 0xff test byte [edx + ref_00489370], 0x20 ; test byte [edx + 0x489370], 0x20 je short loc_00458527 ; je 0x458527 imul ebx, ebx, 0xa xor edx, edx mov dl, byte [eax] add ebx, edx inc eax sub ebx, 0x30 jmp short loc_00458505 ; jmp 0x458505 loc_00458527: cmp cl, 0x2d jne short loc_0045852e ; jne 0x45852e neg ebx loc_0045852e: mov eax, ebx pop ebx ret fcn_00458532: push ebx push esi push edi push ebp mov ebx, dword [esp + 0x14] test byte [ebx + 0xc], 0x80 je short loc_0045854f ; je 0x45854f test byte [ebx + 0xd], 0x10 je short loc_0045854f ; je 0x45854f push ebx call fcn_00459dad ; call 0x459dad add esp, 4 loc_0045854f: mov edx, dword [ebx + 0x10] push edx call fcn_004593a9 ; call 0x4593a9 mov esi, eax add esp, 4 mov edi, eax cmp eax, 0xffffffff je short loc_00458592 ; je 0x458592 mov ecx, dword [ebx + 0x10] push ecx call dword [ref_00488f50] ; ucall: call dword [0x488f50] mov ebp, dword [ebx + 4] add esp, 4 test ebp, ebp je short loc_00458585 ; je 0x458585 test byte [ebx + 0xd], 0x10 je short loc_00458583 ; je 0x458583 lea edi, [esi + ebp] jmp short loc_00458585 ; jmp 0x458585 loc_00458583: sub edi, ebp loc_00458585: mov edx, dword [ebx + 0x10] push edx call dword [ref_00488f54] ; ucall: call dword [0x488f54] add esp, 4 loc_00458592: mov eax, edi pop ebp pop edi pop esi pop ebx ret fcn_004585bc: jmp near fcn_00459dc7 ; jmp 0x459dc7 endloc_004585c1: db 0xff db 0x15 dd _GetThreadPtr db 0x05 dd 0x000000da db 0xc3 fcn_004585cd: mov eax, dword [ref_004991c4] ; mov eax, dword [0x4991c4] fcn_004585d2: ret fcn_004585d3: mov edx, dword [esp + 4] push edx call fcn_00459e49 ; call 0x459e49 add esp, 4 ret fcn_004585e1: mov edx, dword [esp + 4] push edx call fcn_00459f7f ; call 0x459f7f add esp, 4 fcn_004585ee: ret ; __NTInit(int is_dll, thread_data *tdata, HANDLE hdll) __NTInit: push ebx push esi push edi sub esp, 0x618 mov edx, dword [esp + 0x62c] mov eax, dword [esp + 0x628] push edx mov dword [ref_004991c0], eax ; mov dword [0x4991c0], eax call __AllocInitThreadData ; call 0x45a23d add esp, 4 mov dword [ref_004991c4], eax ; mov dword [0x4991c4], eax test eax, eax jne short loc_00458634 ; jne 0x458634 cmp dword [esp + 0x628], 0 jne near loc_0045884f ; jne 0x45884f push 1 call dword [cs:__imp__ExitProcess@4] ; ucall: call dword cs:[0x462364] loc_00458634: call fcn_00459fab ; call 0x459fab call dword [cs:__imp__GetEnvironmentStrings@0] ; ucall: call dword cs:[0x462398] xor ecx, ecx mov dword [_RWD_EnvPtr], eax ; mov dword [0x48934d], eax mov dword [ref_00499944], ecx ; mov dword [0x499944], ecx call dword [cs:__imp__GetVersion@0] ; ucall: call dword cs:[0x4623d0] mov edx, eax mov ebx, eax mov byte [_RWD_osmajor], al ; mov byte [0x489353], al shr eax, 0x10 and eax, 0xffff mov word [_RWD_osbuild], ax ; mov word [0x489355], ax xor eax, eax mov ax, word [_RWD_osbuild] ; mov ax, word [0x489355] and edx, 0xffff mov dword [_RWD_osver], eax ; mov dword [0x489357], eax xor eax, eax sar edx, 8 mov al, bl and edx, 0xff mov dword [_RWD_winmajor], eax ; mov dword [0x48935b], eax xor eax, eax mov byte [_RWD_osminor], dl ; mov byte [0x489354], dl mov al, dl mov edx, dword [_RWD_winmajor] ; mov edx, dword [0x48935b] push 0x104 shl edx, 8 mov dword [ref_0048935f], eax ; mov dword [0x48935f], eax or edx, eax lea eax, [esp + 0x414] push eax push 0 mov dword [_RWD_winver], edx ; mov dword [0x489363], edx call dword [cs:__imp__GetModuleFileNameA@12] ; ucall: call dword cs:[0x4623b4] lea eax, [esp + 0x410] push eax call clib_strdup ; call 0x45a53f add esp, 4 push 0x208 mov dword [_LpPgmName], eax ; mov dword [0x489314], eax lea eax, [esp + 0x20c] push eax push 0 call fcn_0045a58a ; call 0x45a58a add esp, 0xc lea eax, [esp + 0x208] push eax call fcn_0045a62f ; call 0x45a62f add esp, 4 mov dword [ref_00489320], eax ; mov dword [0x489320], eax call dword [cs:__imp__GetCommandLineA@0] ; ucall: call dword cs:[0x462378] push eax call clib_strdup ; call 0x45a53f mov edx, eax mov bl, byte [eax] add esp, 4 cmp bl, 0x22 jne short loc_00458734 ; jne 0x458734 loc_00458720: inc eax mov ch, byte [eax] cmp ch, 0x22 je short loc_0045872c ; je 0x45872c test ch, ch jne short loc_00458720 ; jne 0x458720 loc_0045872c: cmp byte [eax], 0 je short loc_0045874f ; je 0x45874f loc_00458731: inc eax jmp short loc_0045874f ; jmp 0x45874f loc_00458734: mov dl, byte [eax] inc dl and edx, 0xff test byte [edx + ref_00489370], 2 ; test byte [edx + 0x489370], 2 jne short loc_0045874f ; jne 0x45874f cmp byte [eax], 0 je short loc_0045874f ; je 0x45874f inc eax jmp short loc_00458734 ; jmp 0x458734 loc_0045874f: mov dl, byte [eax] inc dl and edx, 0xff test byte [edx + ref_00489370], 2 ; test byte [edx + 0x489370], 2 jne short loc_00458731 ; jne 0x458731 mov dword [_LpCmdLine], eax ; mov dword [0x489310], eax call dword [cs:__imp__GetCommandLineW@0] ; ucall: call dword cs:[0x46237c] test eax, eax je near loc_004587d9 ; je 0x4587d9 push eax call fcn_0045a62f ; call 0x45a62f mov edx, eax mov bx, word [eax] add esp, 4 cmp bx, 0x22 jne short loc_004587a6 ; jne 0x4587a6 loc_0045878a: add eax, 2 mov si, word [eax] cmp si, 0x22 je short loc_0045879b ; je 0x45879b test si, si jne short loc_0045878a ; jne 0x45878a loc_0045879b: cmp word [eax], 0 je short loc_004587c4 ; je 0x4587c4 loc_004587a1: add eax, 2 jmp short loc_004587c4 ; jmp 0x4587c4 loc_004587a6: mov dl, byte [eax] inc dl and edx, 0xff test byte [edx + ref_00489370], 2 ; test byte [edx + 0x489370], 2 jne short loc_004587c4 ; jne 0x4587c4 cmp word [eax], 0 je short loc_004587c4 ; je 0x4587c4 add eax, 2 jmp short loc_004587a6 ; jmp 0x4587a6 loc_004587c4: mov dl, byte [eax] inc dl and edx, 0xff test byte [edx + ref_00489370], 2 ; test byte [edx + 0x489370], 2 je short loc_004587e6 ; je 0x4587e6 jmp short loc_004587a1 ; jmp 0x4587a1 loc_004587d9: push ref_0046c410 ; push 0x46c410 call fcn_0045a62f ; call 0x45a62f add esp, 4 loc_004587e6: mov esi, dword [esp + 0x628] mov dword [ref_0048931c], eax ; mov dword [0x48931c], eax test esi, esi je short loc_0045884a ; je 0x45884a push 0x104 lea eax, [esp + 0x518] push eax mov edi, dword [esp + 0x638] push edi call dword [cs:__imp__GetModuleFileNameA@12] ; ucall: call dword cs:[0x4623b4] lea eax, [esp + 0x514] push eax call clib_strdup ; call 0x45a53f add esp, 4 push 0x208 mov dword [ref_00489318], eax ; mov dword [0x489318], eax lea eax, [esp + 4] push eax push edi call fcn_0045a58a ; call 0x45a58a add esp, 0xc mov eax, esp push eax call fcn_0045a62f ; call 0x45a62f add esp, 4 mov dword [ref_00489324], eax ; mov dword [0x489324], eax loc_0045884a: mov eax, 1 loc_0045884f: add esp, 0x618 pop edi pop esi pop ebx ret loc_004588b0: cmp dword [ref_004991c0], 0 ; cmp dword [0x4991c0], 0 je short loc_004588d4 ; je 0x4588d4 cmp dword [ref_00488f94], 0 ; cmp dword [0x488f94], 0 je short loc_004588eb ; je 0x4588eb push 0xff push 0 call dword [ref_00488f94] ; ucall: call dword [0x488f94] add esp, 8 jmp short loc_004588eb ; jmp 0x4588eb loc_004588d4: call fcn_0045aba4 ; call 0x45aba4 mov edx, 0xf xor eax, eax call fcn_0045ac2a ; call 0x45ac2a call dword [ref_00488f88] ; ucall: call dword [0x488f88] loc_004588eb: mov ecx, dword [esp] push ecx call dword [cs:__imp__ExitProcess@4] ; ucall: call dword cs:[0x462364] add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al fcn_00458900: push esi push edi push ebp xor ebp, ebp test eax, eax je near loc_004589a7 ; je 0x4589a7 lea ecx, [eax + 0xb] cmp ecx, eax jb near loc_004589a7 ; jb 0x4589a7 mov edi, ebx and cl, 0xf8 mov eax, dword [ebx + 0x14] cmp ecx, 0x10 jae short loc_0045892a ; jae 0x45892a mov ecx, 0x10 loc_0045892a: cmp ecx, eax ja near loc_004589a7 ; ja 0x4589a7 mov ebx, dword [edi + 0x10] mov eax, dword [edi + 0xc] cmp ecx, ebx ja short loc_00458941 ; ja 0x458941 mov eax, dword [edi + 0x28] xor ebx, ebx loc_00458941: lea esi, [edi + 0x20] loc_00458944: mov edx, dword [eax] cmp ecx, edx jbe short loc_0045895c ; jbe 0x45895c cmp edx, ebx jbe short loc_00458950 ; jbe 0x458950 mov ebx, edx loc_00458950: mov eax, dword [eax + 8] cmp eax, esi jne short loc_00458944 ; jne 0x458944 mov dword [edi + 0x14], ebx jmp short loc_004589a7 ; jmp 0x4589a7 loc_0045895c: mov dword [edi + 0x10], ebx mov ebx, dword [edi + 0x18] inc ebx sub edx, ecx mov dword [edi + 0x18], ebx cmp edx, 0x10 jb short loc_0045898b ; jb 0x45898b lea ebx, [eax + ecx] mov dword [edi + 0xc], ebx mov dword [ebx], edx mov dword [eax], ecx mov ecx, dword [eax + 4] mov dword [ebx + 4], ecx mov edx, dword [eax + 8] mov dword [ebx + 8], edx mov dword [ecx + 8], ebx mov dword [edx + 4], ebx jmp short loc_0045899d ; jmp 0x45899d loc_0045898b: dec dword [edi + 0x1c] mov edx, dword [eax + 4] mov dword [edi + 0xc], edx mov ebx, dword [eax + 8] mov dword [edx + 8], ebx mov dword [ebx + 4], edx loc_0045899d: mov dl, byte [eax] or dl, 1 lea ebp, [eax + 4] mov byte [eax], dl loc_004589a7: mov eax, ebp pop ebp pop edi pop esi ret endloc_004589ad: db 0x8d db 0x40 db 0x00 fcn_004589b0: push esi push edi push ebp mov ecx, ebx test eax, eax je near loc_00458ada ; je 0x458ada lea ebx, [eax - 4] test byte [ebx], 1 je near loc_00458ada ; je 0x458ada mov edx, dword [ebx] and dl, 0xfe lea eax, [ebx + edx] mov esi, ecx test byte [eax], 1 jne short loc_004589fa ; jne 0x4589fa mov edi, dword [eax] add edx, edi mov dword [ebx], edx cmp eax, dword [ecx + 0xc] jne short loc_004589e6 ; jne 0x4589e6 mov dword [ecx + 0xc], ebx loc_004589e6: mov edx, dword [eax + 4] mov eax, dword [eax + 8] mov dword [edx + 8], eax mov dword [eax + 4], edx dec dword [esi + 0x1c] jmp near loc_00458a8e ; jmp 0x458a8e loc_004589fa: mov dword [ebx], edx mov eax, dword [ecx + 0xc] cmp ebx, eax jae short loc_00458a19 ; jae 0x458a19 cmp ebx, dword [eax + 4] ja near loc_00458a8e ; ja 0x458a8e mov eax, dword [ecx + 0x28] cmp ebx, eax jb near loc_00458a8e ; jb 0x458a8e jmp short loc_00458a32 ; jmp 0x458a32 loc_00458a19: mov eax, dword [eax + 8] cmp ebx, eax jb near loc_00458a8e ; jb 0x458a8e lea eax, [ecx + 0x20] mov edx, dword [eax + 4] cmp ebx, edx ja near loc_00458a8e ; ja 0x458a8e loc_00458a32: mov edi, dword [esi + 0x1c] mov eax, dword [esi + 0x18] xor edx, edx lea ecx, [edi + 1] div ecx mov ecx, eax cmp eax, edi jae short loc_00458a6d ; jae 0x458a6d mov eax, dword [esi + 0x18] sub eax, edi add ecx, ecx cmp eax, edi ja short loc_00458a55 ; ja 0x458a55 mov ecx, 0xffffffff loc_00458a55: mov eax, dword [ebx] add eax, ebx loc_00458a59: mov edx, dword [eax] test dl, 1 je short loc_00458a8e ; je 0x458a8e cmp edx, 0xffffffff je short loc_00458a6d ; je 0x458a6d and dl, 0xfe add eax, edx dec ecx jne short loc_00458a59 ; jne 0x458a59 loc_00458a6d: mov eax, dword [esi + 0xc] cmp ebx, eax jae short loc_00458a77 ; jae 0x458a77 mov eax, dword [esi + 0x28] loc_00458a77: cmp ebx, eax jb short loc_00458a8e ; jb 0x458a8e mov eax, dword [eax + 8] cmp ebx, eax jb short loc_00458a8e ; jb 0x458a8e mov eax, dword [eax + 8] cmp ebx, eax jb short loc_00458a8e ; jb 0x458a8e mov eax, dword [eax + 8] jmp short loc_00458a77 ; jmp 0x458a77 loc_00458a8e: mov edx, dword [eax + 4] mov edi, dword [edx] add edi, edx mov ecx, dword [ebx] cmp edi, ebx jne short loc_00458aad ; jne 0x458aad mov ebp, dword [edx] add ecx, ebp mov dword [edx], ecx cmp ebx, dword [esi + 0xc] jne short loc_00458aa9 ; jne 0x458aa9 mov dword [esi + 0xc], edx loc_00458aa9: mov ebx, edx jmp short loc_00458abc ; jmp 0x458abc loc_00458aad: inc dword [esi + 0x1c] mov dword [ebx + 8], eax mov dword [ebx + 4], edx mov dword [edx + 8], ebx mov dword [eax + 4], ebx loc_00458abc: mov edx, dword [esi + 0x18] dec edx mov edi, dword [esi + 0xc] mov dword [esi + 0x18], edx cmp ebx, edi jae short loc_00458ad2 ; jae 0x458ad2 cmp ecx, dword [esi + 0x10] jbe short loc_00458ad2 ; jbe 0x458ad2 mov dword [esi + 0x10], ecx loc_00458ad2: cmp ecx, dword [esi + 0x14] jbe short loc_00458ada ; jbe 0x458ada mov dword [esi + 0x14], ecx loc_00458ada: pop ebp pop edi pop esi ret endloc_00458ade: db 0x00 db 0x00 fcn_00458ae0: or ecx, ecx je short loc_00458b10 ; je 0x458b10 cmp byte [eax], dl loc_00458ae6: test al, 3 je short loc_00458af3 ; je 0x458af3 mov byte [eax], dl inc eax ror edx, 8 dec ecx jne short loc_00458ae6 ; jne 0x458ae6 loc_00458af3: push ecx shr ecx, 2 call fcn_00458b17 ; call 0x458b17 pop ecx and ecx, 3 je short loc_00458b10 ; je 0x458b10 mov byte [eax], dl dec ecx je short loc_00458b10 ; je 0x458b10 mov byte [eax + 1], dh dec ecx je short loc_00458b10 ; je 0x458b10 mov byte [eax + 2], dl loc_00458b10: ret endloc_00458b11: db 0x90 db 0x90 db 0x90 db 0x90 db 0x90 db 0x90 fcn_00458b17: or ecx, ecx je short loc_00458b82 ; je 0x458b82 loc_00458b1b: test al, 0x1f je short loc_00458b27 ; je 0x458b27 mov dword [eax], edx lea eax, [eax + 4] dec ecx jne short loc_00458b1b ; jne 0x458b1b loc_00458b27: push ecx shr ecx, 2 je short loc_00458b67 ; je 0x458b67 dec ecx je short loc_00458b59 ; je 0x458b59 loc_00458b30: mov dword [eax], edx mov dword [eax + 4], edx dec ecx mov dword [eax + 8], edx mov dword [eax + 0xc], edx je short loc_00458b56 ; je 0x458b56 cmp byte [eax + 0x20], dl mov dword [eax + 0x10], edx mov dword [eax + 0x14], edx dec ecx mov dword [eax + 0x18], edx mov dword [eax + 0x1c], edx lea eax, [eax + 0x20] jne short loc_00458b30 ; jne 0x458b30 lea eax, [eax - 0x10] loc_00458b56: lea eax, [eax + 0x10] loc_00458b59: mov dword [eax], edx mov dword [eax + 4], edx mov dword [eax + 8], edx mov dword [eax + 0xc], edx lea eax, [eax + 0x10] loc_00458b67: pop ecx and ecx, 3 je short loc_00458b82 ; je 0x458b82 mov dword [eax], edx lea eax, [eax + 4] dec ecx je short loc_00458b82 ; je 0x458b82 mov dword [eax], edx lea eax, [eax + 4] dec ecx je short loc_00458b82 ; je 0x458b82 mov dword [eax], edx lea eax, [eax + 4] loc_00458b82: ret fcn_00458b83: push ebx mov edx, dword [esp + 8] mov eax, dword [ref_00488f00] ; mov eax, dword [0x488f00] xor ebx, ebx jmp short loc_00458b9a ; jmp 0x458b9a loc_00458b91: cmp edx, eax jb short loc_00458b9e ; jb 0x458b9e mov ebx, eax mov eax, dword [eax + 8] loc_00458b9a: test eax, eax jne short loc_00458b91 ; jne 0x458b91 loc_00458b9e: mov dword [edx + 4], ebx mov dword [edx + 8], eax test ebx, ebx je short loc_00458bad ; je 0x458bad mov dword [ebx + 8], edx jmp short loc_00458bb3 ; jmp 0x458bb3 loc_00458bad: mov dword [ref_00488f00], edx ; mov dword [0x488f00], edx loc_00458bb3: test eax, eax je short loc_00458bba ; je 0x458bba mov dword [eax + 4], edx loc_00458bba: lea ebx, [edx + 0x20] mov eax, dword [edx] add edx, 0x2c mov dword [edx - 0xc], 0 mov dword [edx - 0x1c], 0 mov dword [edx - 0x14], 0 mov dword [edx - 0x10], 0 mov dword [edx - 8], ebx mov dword [edx - 4], ebx sub eax, 0x2c mov dword [edx - 0x20], ebx mov dword [edx], eax mov dword [edx + eax], 0xffffffff mov eax, edx pop ebx ret fcn_00458bf7: push ebx push esi push edi cmp dword [ref_004894a8], 0 ; cmp dword [0x4894a8], 0 jne short loc_00458c09 ; jne 0x458c09 loc_00458c03: xor eax, eax pop edi pop esi pop ebx ret loc_00458c09: cmp dword [ref_0048930c], 0xfffffffe ; cmp dword [0x48930c], 0xfffffffe je short loc_00458c03 ; je 0x458c03 lea eax, [esp + 0x10] push eax call fcn_00458ca3 ; call 0x458ca3 add esp, 4 test eax, eax je short loc_00458c8c ; je 0x458c8c push 0x40 push 0x1000 mov ecx, dword [esp + 0x18] push ecx push 0 call dword [cs:__imp__VirtualAlloc@16] ; ucall: call dword cs:[0x462428] mov ebx, eax test eax, eax je short loc_00458c8c ; je 0x458c8c mov eax, dword [esp + 0x10] mov esi, dword [esp + 0x10] sub eax, 4 cmp eax, esi ja short loc_00458c03 ; ja 0x458c03 mov dword [esp + 0x10], eax cmp eax, 0x38 jb short loc_00458c03 ; jb 0x458c03 push ebx mov dword [ebx], eax call fcn_00458b83 ; call 0x458b83 mov edx, eax add esp, 4 mov eax, dword [eax] mov dword [esp + 0x10], eax or al, 1 mov dword [edx], eax add edx, 4 mov edi, dword [ebx + 0x18] mov dword [ebx + 0x14], 0 inc edi push edx mov dword [ebx + 0x18], edi call lib_free ; call 0x456e1f mov eax, 1 add esp, 4 loc_00458c8c: pop edi pop esi pop ebx ret fcn_00458c90: call fcn_0045acab ; call 0x45acab mov edx, dword [esp + 4] push edx call fcn_00458bf7 ; call 0x458bf7 add esp, 4 ret fcn_00458ca3: mov edx, dword [esp + 4] mov eax, dword [edx] add eax, 7 and al, 0xf8 test eax, eax jne short loc_00458cb3 ; jne 0x458cb3 ret loc_00458cb3: mov dword [edx], eax add eax, 0x3c cmp eax, dword [edx] jae short loc_00458cbf ; jae 0x458cbf loc_00458cbc: xor eax, eax ret loc_00458cbf: mov ecx, dword [ref_004894ac] ; mov ecx, dword [0x4894ac] cmp eax, ecx jae short loc_00458ccd ; jae 0x458ccd mov eax, ecx and al, 0xfe loc_00458ccd: mov dword [edx], eax add eax, 0xfff cmp eax, dword [edx] jb short loc_00458cbc ; jb 0x458cbc xor al, al and ah, 0xf0 mov dword [edx], eax test eax, eax setne al and eax, 0xff ret fcn_00458cea: xor eax, eax ret fcn_00458d9e: push ebx mov eax, dword [esp + 8] mov edx, dword [eax] lea ebx, [edx + 1] mov dword [eax], ebx mov bl, byte [esp + 0xc] mov byte [edx], bl inc dword [eax + 0x10] pop ebx ret fcn_00458db5: push ebx push fcn_00458d9e ; push 0x458d9e mov edx, dword [esp + 0x14] push edx mov ebx, dword [esp + 0x14] push ebx mov ecx, dword [esp + 0x14] push ecx call fcn_0045ae76 ; call 0x45ae76 add esp, 0x10 mov edx, dword [esp + 8] mov byte [edx + eax], 0 pop ebx ret endloc_00458ddc: db 0xc7 db 0x05 dd ref_00488f98 db 0x01 db 0x00 db 0x00 db 0x00 db 0xc3 fcn_00458de7: call dword [_GetThreadPtr] ; ucall: call dword [0x488f4c] mov edx, dword [esp + 4] mov dword [eax + 4], edx ret fcn_00458df5: push 0xd loc_00458df7: call fcn_00458de7 ; call 0x458de7 add esp, 4 ret fcn_00458e00: push 0xe jmp short loc_00458df7 ; jmp 0x458df7 endloc_00458e04: dd 0xdce8096a dd 0xb8ffffff dd 0xffffffff dd 0xc304c483 fcn_00458e14: call dword [_GetThreadPtr] ; ucall: call dword [0x488f4c] mov edx, dword [esp + 4] mov dword [eax + 8], edx ret fcn_00458e22: mov eax, dword [esp + 4] cmp eax, 0x41 jl short loc_00458e33 ; jl 0x458e33 cmp eax, 0x5a jg short loc_00458e33 ; jg 0x458e33 add eax, 0x20 loc_00458e33: ret endloc_00458e34: dd 0x24448d53 dd 0x04c08310 dd 0x50fc408b dd 0x548b006a dd 0x8b521424 dd 0x5314245c dd 0x000005e8 dd 0x10c48300 db 0x5b db 0xc3 fcn_00458e56: push ebx sub esp, 4 lea eax, [esp + 0x18] mov dword [esp], eax mov eax, esp push eax mov edx, dword [esp + 0x18] push edx mov ebx, dword [esp + 0x18] push ebx mov ecx, dword [esp + 0x18] push ecx call fcn_00458e80 ; call 0x458e80 add esp, 0x10 add esp, 4 pop ebx ret fcn_00458e80: push ebx push esi push edi push ebp sub esp, 0x1c mov ebx, dword [esp + 0x3c] call fcn_00459e08 ; call 0x459e08 test eax, eax je short loc_00458ea8 ; je 0x458ea8 push 0xb loc_00458e96: call fcn_00458de7 ; call 0x458de7 mov eax, 0xffffffff add esp, 4 jmp near loc_004590b1 ; jmp 0x4590b1 loc_00458ea8: lea eax, [esp + 0x14] push eax lea eax, [esp + 0x14] mov esi, dword [esp + 0x38] push eax and esi, 7 push esi call fcn_0045bd69 ; call 0x45bd69 add esp, 0xc lea eax, [esp + 0xc] push eax mov eax, dword [esp + 0x3c] or eax, esi push eax xor edi, edi call fcn_0045bda4 ; call 0x45bda4 mov edx, 0x80 add esp, 8 mov ecx, 0xc mov ah, byte [esp + 0x34] mov dword [esp + 0x18], edx mov dword [esp], ecx mov dword [esp + 4], edi test ah, 0x80 sete al and eax, 0xff mov dword [esp + 8], eax cmp dword [ref_004891b4], 0 ; cmp dword [0x4891b4], 0 je short loc_00458f47 ; je 0x458f47 push ref_0046c414 ; push 0x46c414 mov edx, dword [esp + 0x34] push edx call fcn_00459dc7 ; call 0x459dc7 add esp, 8 test eax, eax jne short loc_00458f47 ; jne 0x458f47 call fcn_0045a012 ; call 0x45a012 push eax call dword [ref_00488f58] ; ucall: call dword [0x488f58] add esp, 4 push 0xffffffffffffffff push eax push edi mov ebx, 0x2000 mov ebp, eax call dword [ref_004891b4] ; ucall: call dword [0x4891b4] add esp, 0xc jmp near loc_0045905e ; jmp 0x45905e loc_00458f47: mov dl, byte [esp + 0x34] test dl, 0x20 je near loc_00458fb9 ; je 0x458fb9 mov ecx, dword [ebx] add ecx, 4 mov dword [ebx], ecx mov eax, dword [ecx - 4] mov dword [esp + 0x14], eax mov dword [ebx], 0 mov eax, dword [ref_004894d0] ; mov eax, dword [0x4894d0] mov edi, dword [esp + 0x14] not eax and edi, eax mov dword [esp + 0x14], edi test byte [esp + 0x15], 1 je short loc_00458f8f ; je 0x458f8f test byte [esp + 0x14], 0x80 jne short loc_00458f8f ; jne 0x458f8f mov dword [esp + 0x18], 1 loc_00458f8f: test byte [esp + 0x35], 4 je short loc_00458f9f ; je 0x458f9f mov ebp, 1 mov eax, ebp jmp short loc_00458fc3 ; jmp 0x458fc3 loc_00458f9f: test byte [esp + 0x34], 0x40 je short loc_00458fb2 ; je 0x458fb2 mov ebp, 2 loc_00458fab: mov eax, 5 jmp short loc_00458fc3 ; jmp 0x458fc3 loc_00458fb2: mov ebp, 4 jmp short loc_00458fbe ; jmp 0x458fbe loc_00458fb9: test dl, 0x40 jne short loc_00458fab ; jne 0x458fab loc_00458fbe: mov eax, 3 loc_00458fc3: push 0 mov edx, dword [esp + 0x1c] push edx push eax lea eax, [esp + 0xc] push eax mov ebx, dword [esp + 0x1c] push ebx mov ecx, dword [esp + 0x24] push ecx mov edi, dword [esp + 0x48] push edi call dword [cs:__imp__CreateFileA@28] ; ucall: call dword cs:[0x462350] mov edi, eax cmp eax, 0xffffffff jne short loc_00459025 ; jne 0x459025 test byte [esp + 0x34], 0x20 je short loc_00459016 ; je 0x459016 push 0 mov eax, dword [esp + 0x1c] push eax push ebp push 0 mov edx, dword [esp + 0x1c] push edx mov ebx, dword [esp + 0x24] push ebx mov ecx, dword [esp + 0x48] push ecx call dword [cs:__imp__CreateFileA@28] ; ucall: call dword cs:[0x462350] mov edi, eax loc_00459016: cmp edi, 0xffffffff jne short loc_00459025 ; jne 0x459025 call fcn_0045be8f ; call 0x45be8f jmp near loc_004590b1 ; jmp 0x4590b1 loc_00459025: push edi call dword [ref_00488f58] ; ucall: call dword [0x488f58] xor ebx, ebx mov edx, dword [ref_004894e8] ; mov edx, dword [0x4894e8] add esp, 4 mov ebp, eax cmp eax, edx jb short loc_0045904c ; jb 0x45904c push edi call dword [cs:__imp__CloseHandle@4] ; ucall: call dword cs:[0x462348] push 5 jmp near loc_00458e96 ; jmp 0x458e96 loc_0045904c: push eax call fcn_0045bf21 ; call 0x45bf21 add esp, 4 test eax, eax je short loc_0045905e ; je 0x45905e mov ebx, 0x2000 loc_0045905e: cmp esi, 2 jne short loc_00459068 ; jne 0x459068 or bl, 3 jmp short loc_00459079 ; jmp 0x459079 loc_00459068: test esi, esi jne short loc_00459071 ; jne 0x459071 or bl, 1 jmp short loc_00459079 ; jmp 0x459079 loc_00459071: cmp esi, 1 jne short loc_00459079 ; jne 0x459079 or bl, 2 loc_00459079: test byte [esp + 0x34], 0x10 je short loc_00459083 ; je 0x459083 or bl, 0x80 loc_00459083: mov eax, ebx mov dl, byte [esp + 0x35] or al, 0x40 test dl, 3 je short loc_00459097 ; je 0x459097 test dl, 2 je short loc_004590a5 ; je 0x4590a5 jmp short loc_004590a3 ; jmp 0x4590a3 loc_00459097: cmp dword [ref_004891a5], 0x200 ; cmp dword [0x4891a5], 0x200 jne short loc_004590a5 ; jne 0x4590a5 loc_004590a3: mov ebx, eax loc_004590a5: push ebx push ebp call fcn_0045bef6 ; call 0x45bef6 add esp, 8 mov eax, ebp loc_004590b1: add esp, 0x1c pop ebp pop edi pop esi pop ebx ret fcn_004590b9: push ebx push esi push edi call dword [ref_00488f60] ; ucall: call dword [0x488f60] mov esi, dword [ref_004991d8] ; mov esi, dword [0x4991d8] test esi, esi je short loc_004590e5 ; je 0x4590e5 mov ebx, dword [esi + 4] mov edi, dword [ebx + 0xc] mov eax, dword [esi] and edi, 0x4003 mov dword [ref_004991d8], eax ; mov dword [0x4991d8], eax or di, 3 jmp short loc_0045912c ; jmp 0x45912c loc_004590e5: mov ebx, ref_00488f9c ; mov ebx, 0x488f9c jmp short loc_0045910c ; jmp 0x45910c loc_004590ec: test byte [ebx + 0xc], 3 jne short loc_00459109 ; jne 0x459109 push 0x1d call fcn_00456f80 ; call 0x456f80 add esp, 4 mov esi, eax test eax, eax je short loc_0045915b ; je 0x45915b mov edi, 3 jmp short loc_0045912c ; jmp 0x45912c loc_00459109: add ebx, 0x1a loc_0045910c: cmp ebx, ref_004891a4 ; cmp ebx, 0x4891a4 jb short loc_004590ec ; jb 0x4590ec push 0x37 mov edi, 0x4003 call fcn_00456f80 ; call 0x456f80 add esp, 4 mov esi, eax test eax, eax je short loc_0045915b ; je 0x45915b lea ebx, [eax + 0x1d] loc_0045912c: push 0x1a push 0 push ebx call memset ; call 0x456f60 mov dword [ebx + 0xc], edi mov eax, dword [ref_004991d4] ; mov eax, dword [0x4991d4] mov dword [esi + 4], ebx add esp, 0xc mov dword [ebx + 8], esi mov dword [ref_004991d4], esi ; mov dword [0x4991d4], esi mov dword [esi], eax call dword [ref_00488f64] ; ucall: call dword [0x488f64] mov eax, ebx pop edi pop esi pop ebx ret loc_0045915b: push 5 call fcn_00458de7 ; call 0x458de7 add esp, 4 call dword [ref_00488f64] ; ucall: call dword [0x488f64] xor eax, eax pop edi pop esi pop ebx ret fcn_00459171: push ebx mov ebx, dword [esp + 8] mov edx, ref_004991d4 ; mov edx, 0x4991d4 loc_0045917b: mov eax, dword [edx] test eax, eax je short loc_004591a6 ; je 0x4591a6 mov ecx, dword [eax + 4] cmp ebx, ecx je short loc_0045918c ; je 0x45918c mov edx, eax jmp short loc_0045917b ; jmp 0x45917b loc_0045918c: mov cl, byte [ecx + 0xc] or cl, 3 mov byte [ebx + 0xc], cl mov ebx, dword [eax] mov dword [edx], ebx mov edx, dword [ref_004991d8] ; mov edx, dword [0x4991d8] mov dword [ref_004991d8], eax ; mov dword [0x4991d8], eax mov dword [eax], edx loc_004591a6: pop ebx ret loc_004591a8: push ebx loc_004591a9: mov edx, dword [ref_004991d8] ; mov edx, dword [0x4991d8] test edx, edx je short loc_004591a6 ; je 0x4591a6 push edx mov ebx, dword [edx] call clib_free ; call 0x456e11 add esp, 4 mov dword [ref_004991d8], ebx ; mov dword [0x4991d8], ebx jmp short loc_004591a9 ; jmp 0x4591a9 fcn_004591c6: push ebx mov ebx, dword [esp + 8] test byte [ebx + 0xd], 0x20 jne short loc_004591f7 ; jne 0x4591f7 mov edx, dword [ebx + 0x10] push edx call fcn_0045bf21 ; call 0x45bf21 add esp, 4 test eax, eax je short loc_004591f7 ; je 0x4591f7 mov dl, byte [ebx + 0xd] or dl, 0x20 mov byte [ebx + 0xd], dl test dl, 7 jne short loc_004591f7 ; jne 0x4591f7 mov cl, dl or cl, 2 mov byte [ebx + 0xd], cl loc_004591f7: pop ebx ret fcn_004591f9: push ebx push esi push edi push ebp sub esp, 4 mov ebx, dword [esp + 0x18] mov edx, dword [ebx + 0x10] push edx xor edi, edi call dword [ref_00488f50] ; ucall: call dword [0x488f50] mov ah, byte [ebx + 0xd] add esp, 4 test ah, 0x10 je near loc_0045929d ; je 0x45929d mov ch, ah and ch, 0xef mov al, byte [ebx + 0xc] mov byte [ebx + 0xd], ch test al, 2 je near loc_004592d8 ; je 0x4592d8 mov ebp, dword [ebx + 8] mov eax, dword [ebp + 8] test eax, eax je near loc_004592d8 ; je 0x4592d8 mov ebp, eax mov esi, dword [ebx + 4] loc_00459245: test esi, esi je near loc_004592d8 ; je 0x4592d8 test edi, edi jne near loc_004592d8 ; jne 0x4592d8 push esi push ebp mov edx, dword [ebx + 0x10] push edx call fcn_004599bb ; call 0x4599bb add esp, 0xc mov dword [esp], eax cmp eax, 0xffffffff jne short loc_00459278 ; jne 0x459278 mov dl, byte [ebx + 0xc] or dl, 0x20 mov edi, eax mov byte [ebx + 0xc], dl jmp short loc_00459294 ; jmp 0x459294 loc_00459278: test eax, eax jne short loc_00459294 ; jne 0x459294 push 0xc call fcn_00458de7 ; call 0x458de7 mov ah, byte [ebx + 0xc] mov edi, 0xffffffff or ah, 0x20 add esp, 4 mov byte [ebx + 0xc], ah loc_00459294: mov ecx, dword [esp] add ebp, ecx sub esi, ecx jmp short loc_00459245 ; jmp 0x459245 loc_0045929d: mov eax, dword [ebx + 8] cmp dword [eax + 8], 0 je short loc_004592d8 ; je 0x4592d8 and byte [ebx + 0xc], 0xef test byte [ebx + 0xd], 0x20 jne short loc_004592d8 ; jne 0x4592d8 mov eax, dword [ebx + 4] test eax, eax je short loc_004592c8 ; je 0x4592c8 push 1 neg eax push eax mov esi, dword [ebx + 0x10] push esi call fcn_0045931e ; call 0x45931e add esp, 0xc loc_004592c8: cmp eax, 0xffffffff jne short loc_004592d8 ; jne 0x4592d8 mov cl, byte [ebx + 0xc] or cl, 0x20 mov edi, eax mov byte [ebx + 0xc], cl loc_004592d8: mov eax, dword [ebx + 8] mov eax, dword [eax + 8] mov dword [ebx + 4], 0 mov dword [ebx], eax test edi, edi jne short loc_00459307 ; jne 0x459307 mov eax, dword [ebx + 8] test byte [eax + 0x10], 1 je short loc_00459307 ; je 0x459307 mov edx, dword [ebx + 0x10] push edx call fcn_0045bf7e ; call 0x45bf7e add esp, 4 cmp eax, 0xffffffff jne short loc_00459307 ; jne 0x459307 mov edi, eax loc_00459307: mov ecx, dword [ebx + 0x10] push ecx call dword [ref_00488f54] ; ucall: call dword [0x488f54] add esp, 4 mov eax, edi add esp, 4 pop ebp pop edi pop esi pop ebx ret fcn_0045931e: push ebx push esi push edi mov ebx, dword [esp + 0x10] test ebx, ebx jl short loc_00459331 ; jl 0x459331 cmp ebx, dword [ref_004894e8] ; cmp ebx, dword [0x4894e8] jbe short loc_00459344 ; jbe 0x459344 loc_00459331: push 4 call fcn_00458de7 ; call 0x458de7 mov eax, 0xffffffff add esp, 4 pop edi pop esi pop ebx ret loc_00459344: push ebx call dword [ref_00488f50] ; ucall: call dword [0x488f50] add esp, 4 push ebx call fcn_0045bea0 ; call 0x45bea0 add esp, 4 cmp dword [esp + 0x14], 0 jle short loc_0045936f ; jle 0x45936f test al, 0x80 jne short loc_0045936f ; jne 0x45936f or ah, 0x80 push eax push ebx call fcn_0045bef6 ; call 0x45bef6 add esp, 8 loc_0045936f: mov eax, dword [ref_00489474] ; mov eax, dword [0x489474] mov esi, ebx mov eax, dword [eax + esi*4] mov esi, dword [esp + 0x18] push esi push 0 mov edi, dword [esp + 0x1c] push edi push eax call dword [cs:__imp__SetFilePointer@16] ; ucall: call dword cs:[0x462404] push ebx mov esi, eax call dword [ref_00488f54] ; ucall: call dword [0x488f54] add esp, 4 cmp esi, 0xffffffff jne short loc_004593a3 ; jne 0x4593a3 call fcn_0045be8f ; call 0x45be8f loc_004593a3: mov eax, esi pop edi pop esi pop ebx ret fcn_004593a9: push ebx push esi mov esi, dword [esp + 0xc] test esi, esi jl short loc_004593bb ; jl 0x4593bb cmp esi, dword [ref_004894e8] ; cmp esi, dword [0x4894e8] jbe short loc_004593cd ; jbe 0x4593cd loc_004593bb: push 4 call fcn_00458de7 ; call 0x458de7 mov eax, 0xffffffff add esp, 4 pop esi pop ebx ret loc_004593cd: mov ebx, dword [ref_00489474] ; mov ebx, dword [0x489474] mov eax, esi push esi mov ebx, dword [ebx + eax*4] call dword [ref_00488f50] ; ucall: call dword [0x488f50] add esp, 4 push 1 push 0 push 0 push ebx call dword [cs:__imp__SetFilePointer@16] ; ucall: call dword cs:[0x462404] push esi mov ebx, eax call dword [ref_00488f54] ; ucall: call dword [0x488f54] add esp, 4 cmp ebx, 0xffffffff jne short loc_00459406 ; jne 0x459406 call fcn_0045be8f ; call 0x45be8f loc_00459406: mov eax, ebx pop esi pop ebx ret fcn_0045940b: push ebx push esi mov ebx, dword [esp + 0xc] push ebx call fcn_004591c6 ; call 0x4591c6 mov edx, dword [ebx + 0x14] add esp, 4 test edx, edx jne short loc_00459447 ; jne 0x459447 mov ah, byte [ebx + 0xd] test ah, 2 je short loc_00459432 ; je 0x459432 mov dword [ebx + 0x14], 0x86 jmp short loc_00459447 ; jmp 0x459447 loc_00459432: test ah, 4 je short loc_00459440 ; je 0x459440 mov dword [ebx + 0x14], 1 jmp short loc_00459447 ; jmp 0x459447 loc_00459440: mov dword [ebx + 0x14], 0x1000 loc_00459447: mov ecx, dword [ebx + 0x14] push ecx call fcn_00456f80 ; call 0x456f80 mov edx, dword [ebx + 8] mov dword [edx + 8], eax mov eax, dword [ebx + 8] mov esi, dword [eax + 8] add esp, 4 test esi, esi jne short loc_00459486 ; jne 0x459486 mov cl, byte [ebx + 0xd] and cl, 0xf8 mov byte [ebx + 0xd], cl mov ch, cl mov eax, dword [ebx + 8] or ch, 4 lea edx, [ebx + 0x18] mov byte [ebx + 0xd], ch mov dword [eax + 8], edx mov dword [ebx + 0x14], 1 jmp short loc_0045948a ; jmp 0x45948a loc_00459486: or byte [ebx + 0xc], 8 loc_0045948a: mov eax, dword [ebx + 8] mov eax, dword [eax + 8] mov dword [ebx + 4], 0 mov dword [ebx], eax pop esi pop ebx ret fcn_0045949c: push ebx push esi push edi push ebp sub esp, 4 mov ebx, dword [esp + 0x18] test ebx, ebx jl short loc_004594b3 ; jl 0x4594b3 cmp ebx, dword [ref_004894e8] ; cmp ebx, dword [0x4894e8] jbe short loc_004594c7 ; jbe 0x4594c7 loc_004594b3: push 4 call fcn_00458de7 ; call 0x458de7 mov eax, 0xffffffff add esp, 4 jmp near loc_00459553 ; jmp 0x459553 loc_004594c7: push ebx call dword [ref_00488f50] ; ucall: call dword [0x488f50] mov ecx, dword [ref_004891d4] ; mov ecx, dword [0x4891d4] add esp, 4 test ecx, ecx je short loc_0045950d ; je 0x45950d push ebx call dword [ref_004891ac] ; ucall: call dword [0x4891ac] add esp, 4 test eax, eax je short loc_0045950d ; je 0x45950d mov edx, dword [esp + 0x20] push edx mov ecx, dword [esp + 0x20] push ecx push eax call dword [ref_004891d4] ; ucall: call dword [0x4891d4] add esp, 0xc push ebx mov esi, eax call dword [ref_00488f54] ; ucall: call dword [0x488f54] add esp, 4 mov eax, esi jmp short loc_00459553 ; jmp 0x459553 loc_0045950d: mov esi, dword [ref_00489474] ; mov esi, dword [0x489474] mov eax, ebx push 0 mov esi, dword [esi + eax*4] lea eax, [esp + 4] push eax mov edi, dword [esp + 0x28] push edi mov ebp, dword [esp + 0x28] push ebp push esi call dword [cs:__imp__ReadFile@20] ; ucall: call dword cs:[0x4623ec] test eax, eax jne short loc_00459546 ; jne 0x459546 push ebx call dword [ref_00488f54] ; ucall: call dword [0x488f54] add esp, 4 call fcn_0045be8f ; call 0x45be8f jmp short loc_00459553 ; jmp 0x459553 loc_00459546: push ebx call dword [ref_00488f54] ; ucall: call dword [0x488f54] add esp, 4 mov eax, dword [esp] loc_00459553: add esp, 4 pop ebp pop edi pop esi pop ebx ret endloc_0045955b: db 0x53 dd 0x8b555756 dd 0x8b14245c dd 0xff521053 db 0x15 dd ref_00488f50 db 0x8b db 0x43 db 0x08 dd 0x830c488b dd 0xf98304c4 dd 0x85197401 dd 0x8b0e74c9 dd 0xbe57107b dd 0xffffffff dd 0x00008be9 dd 0x0c40c700 dd 0x00000001 dd 0x010c43f6 dd 0x046a1a75 dd 0xfff846e8 dd 0x0c538aff dd 0xffffffbe dd 0x20ca80ff dd 0x8804c483 dd 0x20eb0c53 dd 0x4d046b8b dd 0x85046b89 dd 0x530d7ded dd 0x000063e8 dd 0x04c48300 dd 0x08ebc689 dd 0xb60f038b dd 0x03894030 dd 0x400c43f6 dd 0xfe833a75 dd 0x8b22750d dd 0x894a0453 dd 0xd2850453 dd 0xe8530d7d dd 0x00000038 dd 0x8904c483 dd 0x8b0aebc6 dd 0x40108a03 dd 0x89f2b60f dd 0x1afe8303 dd 0x4b8a0e75 dd 0x10c9800c dd 0xffffffbe dd 0x0c4b88ff dd 0x57107b8b db 0xff db 0x15 dd ref_00488f54 db 0x83 db 0xc4 dd 0x5df08904 dd 0xc35b5e5f fcn_00459628: push ebx mov ebx, dword [esp + 8] push ebx call fcn_00459657 ; call 0x459657 add esp, 4 test eax, eax jne short loc_00459641 ; jne 0x459641 mov eax, 0xffffffff pop ebx ret loc_00459641: mov edx, dword [ebx + 4] mov ecx, dword [ebx] dec edx inc ecx mov dword [ebx + 4], edx mov dword [ebx], ecx mov al, byte [ecx - 1] and eax, 0xff pop ebx ret fcn_00459657: push ebx push esi push edi push ebp mov ebx, dword [esp + 0x14] mov eax, dword [ebx + 8] cmp dword [eax + 8], 0 jne short loc_00459671 ; jne 0x459671 push ebx call fcn_0045940b ; call 0x45940b add esp, 4 loc_00459671: mov ah, byte [ebx + 0xd] test ah, 0x20 je short loc_0045968b ; je 0x45968b test ah, 6 je short loc_0045968b ; je 0x45968b push 0x2000 call fcn_0045bfe8 ; call 0x45bfe8 add esp, 4 loc_0045968b: mov dh, byte [ebx + 0xc] and dh, 0xfb mov eax, dword [ebx + 8] mov byte [ebx + 0xc], dh mov eax, dword [eax + 8] mov dword [ebx], eax mov eax, dword [ebx + 0xc] and eax, 0x2400 cmp eax, 0x2400 jne short loc_004596ce ; jne 0x4596ce mov ecx, dword [ebx + 0x10] test ecx, ecx jne short loc_004596ce ; jne 0x4596ce mov dword [ebx + 4], ecx call fcn_0045c02b ; call 0x45c02b mov edx, eax cmp eax, 0xffffffff je short loc_004596f1 ; je 0x4596f1 mov eax, dword [ebx] mov byte [eax], dl mov dword [ebx + 4], 1 jmp short loc_00459710 ; jmp 0x459710 loc_004596ce: test byte [ebx + 0xd], 4 je short loc_004596db ; je 0x4596db mov eax, 1 jmp short loc_004596de ; jmp 0x4596de loc_004596db: mov eax, dword [ebx + 0x14] loc_004596de: push eax mov esi, dword [ebx] push esi mov edi, dword [ebx + 0x10] push edi call fcn_0045949c ; call 0x45949c add esp, 0xc mov dword [ebx + 4], eax loc_004596f1: mov ebp, dword [ebx + 4] test ebp, ebp jg short loc_00459710 ; jg 0x459710 jne short loc_00459700 ; jne 0x459700 or byte [ebx + 0xc], 0x10 jmp short loc_00459710 ; jmp 0x459710 loc_00459700: mov ch, byte [ebx + 0xc] mov dword [ebx + 4], 0 or ch, 0x20 mov byte [ebx + 0xc], ch loc_00459710: mov eax, dword [ebx + 4] pop ebp pop edi pop esi pop ebx ret fcn_00459718: call dword [cs:__imp__GetCurrentProcessId@0] ; ucall: call dword cs:[0x462388] ret endloc_00459720: dd 0x55575653 dd 0x0228ec81 dd 0x15ff0000 dd _GetThreadPtr dd 0x3104688b dd 0x848d57ff dd 0x00011824 dd 0xf5e85000 dd 0x83ffffe1 dd 0x026a08c4 dd 0x1824848d dd 0x50000001 dd 0x28fbe847 dd 0xc4830000 dd 0x74c08508 db 0xd8 db 0x68 dd ref_0046c431 db 0x8d db 0x84 dd 0x00011824 dd 0x50e85000 dd 0x83ffffdc dd 0xc08508c4 dd 0x04e81b75 dd 0x83000029 dd 0x0a740b38 dd 0x0028fae8 dd 0x06388300 dd 0xc031ab75 dd 0x00009ee9 dd 0xdb315000 dd 0xffe12ce8 db 0xff db 0x8a db 0x1d dd ref_004891a4 db 0x83 dd 0x8d5304c4 dd 0x50042444 dd 0xffe18be8 dd 0x08c483ff dd 0x8d50e089 dd 0x01182484 dd 0xe8500000 dd 0x000028d3 dd 0x8508c483 dd 0x684875c0 dd ref_0046c431 dd 0x0424448d dd 0xdbe9e850 dd 0xc689ffff dd 0x8508c483 dd 0x8a2274c0 dd 0xcc800d60 dd 0x0d668808 dd 0x5508468b db 0x88 db 0x1d dd ref_004891a4 db 0x88 db 0x58 dd 0xf5ede814 dd 0xc483ffff dd 0xebf08904 dd 0x2879e82e dd 0x38830000 dd 0x7b840f0b dd 0x6affffff dd 0x24848d02 dd 0x00000118 dd 0x32e84350 dd 0x83000028 dd 0xc08508c4 dd 0xff0b850f dd 0x73e9ffff dd 0x81ffffff dd 0x000228c4 dd 0x5e5f5d00 db 0x5b db 0xc3 fcn_0045983a: push ebx push esi push edi cmp byte [ref_00489204], 0 ; cmp byte [0x489204], 0 jne near loc_004598ff ; jne 0x4598ff mov ebx, ref_004891f0 ; mov ebx, 0x4891f0 jmp short loc_00459892 ; jmp 0x459892 loc_00459851: push edx call fcn_0045c0b4 ; call 0x45c0b4 mov edx, eax add esp, 4 test eax, eax je short loc_0045988f ; je 0x45988f mov edi, eax push es mov eax, ds mov es, eax sub ecx, ecx dec ecx xor eax, eax repne scasb ; repne scasb al, byte es:[edi] not ecx dec ecx pop es cmp ecx, 0x103 ja short loc_0045988f ; ja 0x45988f push 0x103 push edx push ref_00489204 ; push 0x489204 call fcn_0045c10f ; call 0x45c10f add esp, 0xc jmp short loc_00459899 ; jmp 0x459899 loc_0045988f: add ebx, 4 loc_00459892: mov edx, dword [ebx] cmp byte [edx], 0 jne short loc_00459851 ; jne 0x459851 loc_00459899: cmp byte [ref_00489204], 0 ; cmp byte [0x489204], 0 jne short loc_004598cf ; jne 0x4598cf push 0 push 0 call fcn_0045c1b1 ; call 0x45c1b1 add esp, 8 mov edi, ref_00489204 ; mov edi, 0x489204 mov esi, eax push edi loc_004598b6: mov al, byte [esi] mov byte [edi], al cmp al, 0 je short loc_004598ce ; je 0x4598ce mov al, byte [esi + 1] add esi, 2 mov byte [edi + 1], al add edi, 2 cmp al, 0 jne short loc_004598b6 ; jne 0x4598b6 loc_004598ce: pop edi loc_004598cf: mov edi, ref_00489204 ; mov edi, 0x489204 push es mov eax, ds mov es, eax sub ecx, ecx dec ecx xor eax, eax repne scasb ; repne scasb al, byte es:[edi] not ecx dec ecx pop es lea edx, [ecx - 1] add edx, ref_00489204 ; add edx, 0x489204 mov al, byte [edx] cmp al, 0x5c je short loc_004598ff ; je 0x4598ff cmp al, 0x2f je short loc_004598ff ; je 0x4598ff inc edx mov byte [edx], 0x5c inc edx mov byte [edx], 0 loc_004598ff: mov eax, ref_00489204 ; mov eax, 0x489204 pop edi pop esi pop ebx ret fcn_00459908: push ebx push esi push edi push ebp sub esp, 4 mov ebx, dword [esp + 0x18] test ebx, ebx jl short loc_0045991f ; jl 0x45991f cmp ebx, dword [ref_004894e8] ; cmp ebx, dword [0x4894e8] jbe short loc_00459933 ; jbe 0x459933 loc_0045991f: push 4 call fcn_00458de7 ; call 0x458de7 mov eax, 0xffffffff add esp, 4 jmp near loc_004599a5 ; jmp 0x4599a5 loc_00459933: mov eax, dword [ref_00489474] ; mov eax, dword [0x489474] mov esi, ebx mov ecx, dword [ref_004891b8] ; mov ecx, dword [0x4891b8] xor ebp, ebp mov eax, dword [eax + esi*4] xor edi, edi mov dword [esp], eax test ecx, ecx je short loc_00459974 ; je 0x459974 push ebx call dword [ref_004891ac] ; ucall: call dword [0x4891ac] mov esi, eax add esp, 4 test eax, eax je short loc_00459974 ; je 0x459974 push ebx call dword [ref_004891b0] ; ucall: call dword [0x4891b0] add esp, 4 push esi call dword [ref_004891b8] ; ucall: call dword [0x4891b8] add esp, 4 jmp short loc_00459998 ; jmp 0x459998 loc_00459974: test ebp, ebp jne short loc_00459998 ; jne 0x459998 mov esi, dword [esp] push esi call dword [cs:__imp__CloseHandle@4] ; ucall: call dword cs:[0x462348] test eax, eax jne short loc_00459998 ; jne 0x459998 push 4 mov edi, 0xffffffff call fcn_00458de7 ; call 0x458de7 add esp, 4 jmp short loc_004599a3 ; jmp 0x4599a3 loc_00459998: push 0 push ebx call fcn_0045bef6 ; call 0x45bef6 add esp, 8 loc_004599a3: mov eax, edi loc_004599a5: add esp, 4 pop ebp pop edi pop esi pop ebx ret fcn_004599ad: mov edx, dword [esp + 4] push edx call fcn_0045c242 ; call 0x45c242 add esp, 4 ret fcn_004599bb: push ebx push esi push edi push ebp sub esp, 4 mov ebx, dword [esp + 0x18] test ebx, ebx jl short loc_004599d2 ; jl 0x4599d2 cmp ebx, dword [ref_004894e8] ; cmp ebx, dword [0x4894e8] jbe short loc_004599e6 ; jbe 0x4599e6 loc_004599d2: push 4 call fcn_00458de7 ; call 0x458de7 mov eax, 0xffffffff add esp, 4 jmp near loc_00459aa3 ; jmp 0x459aa3 loc_004599e6: mov esi, dword [ref_00489474] ; mov esi, dword [0x489474] mov eax, ebx push ebx mov esi, dword [esi + eax*4] call dword [ref_00488f50] ; ucall: call dword [0x488f50] add esp, 4 push ebx call fcn_0045bea0 ; call 0x45bea0 add esp, 4 test al, 0x80 je short loc_00459a2f ; je 0x459a2f push 2 push 0 push 0 push esi call dword [cs:__imp__SetFilePointer@16] ; ucall: call dword cs:[0x462404] cmp eax, 0xffffffff jne short loc_00459a2f ; jne 0x459a2f loc_00459a1b: push ebx call dword [ref_00488f54] ; ucall: call dword [0x488f54] add esp, 4 call fcn_0045be8f ; call 0x45be8f jmp near loc_00459aa3 ; jmp 0x459aa3 loc_00459a2f: cmp dword [ref_004891d8], 0 ; cmp dword [0x4891d8], 0 je short loc_00459a6a ; je 0x459a6a push ebx call dword [ref_004891ac] ; ucall: call dword [0x4891ac] add esp, 4 test eax, eax je short loc_00459a6a ; je 0x459a6a mov ecx, dword [esp + 0x20] push ecx mov esi, dword [esp + 0x20] push esi push eax call dword [ref_004891d8] ; ucall: call dword [0x4891d8] add esp, 0xc push ebx mov esi, eax call dword [ref_00488f54] ; ucall: call dword [0x488f54] add esp, 4 mov eax, esi jmp short loc_00459aa3 ; jmp 0x459aa3 loc_00459a6a: push 0 lea eax, [esp + 4] push eax mov edi, dword [esp + 0x28] push edi mov ebp, dword [esp + 0x28] push ebp push esi call dword [cs:__imp__WriteFile@20] ; ucall: call dword cs:[0x462440] test eax, eax je short loc_00459a1b ; je 0x459a1b cmp edi, dword [esp] je short loc_00459a96 ; je 0x459a96 push 0xc call fcn_00458de7 ; call 0x458de7 add esp, 4 loc_00459a96: push ebx call dword [ref_00488f54] ; ucall: call dword [0x488f54] add esp, 4 mov eax, dword [esp] loc_00459aa3: add esp, 4 pop ebp pop edi pop esi pop ebx ret fcn_00459aab: push ebx push esi push edi push ebp mov ebx, dword [esp + 0x18] mov edx, dword [ebx + 0x10] push edx call dword [ref_00488f50] ; ucall: call dword [0x488f50] mov eax, dword [ebx + 8] mov ecx, dword [eax + 0xc] add esp, 4 cmp ecx, 1 je short loc_00459aed ; je 0x459aed test ecx, ecx je short loc_00459ae6 ; je 0x459ae6 loc_00459acf: mov edi, dword [ebx + 0x10] push edi loc_00459ad3: call dword [ref_00488f54] ; ucall: call dword [0x488f54] mov eax, 0xffffffff add esp, 4 pop ebp pop edi pop esi pop ebx ret loc_00459ae6: mov dword [eax + 0xc], 1 loc_00459aed: test byte [ebx + 0xc], 2 jne short loc_00459b0c ; jne 0x459b0c push 4 call fcn_00458de7 ; call 0x458de7 add esp, 4 mov ch, byte [ebx + 0xc] mov eax, dword [ebx + 0x10] or ch, 0x20 push eax mov byte [ebx + 0xc], ch jmp short loc_00459ad3 ; jmp 0x459ad3 loc_00459b0c: mov eax, dword [ebx + 8] cmp dword [eax + 8], 0 jne short loc_00459b1e ; jne 0x459b1e push ebx call fcn_0045940b ; call 0x45940b add esp, 4 loc_00459b1e: mov eax, dword [esp + 0x14] mov esi, 0x400 cmp eax, 0xa jne short loc_00459b70 ; jne 0x459b70 mov dl, byte [ebx + 0xc] mov esi, 0x600 test dl, 0x40 jne short loc_00459b70 ; jne 0x459b70 mov dh, byte [ebx + 0xd] or dh, 0x10 mov eax, dword [ebx] mov byte [ebx + 0xd], dh mov byte [eax], 0xd mov edx, dword [ebx] inc edx mov ecx, dword [ebx + 4] mov dword [ebx], edx inc ecx mov edi, dword [ebx + 0x14] mov dword [ebx + 4], ecx cmp ecx, edi jne short loc_00459b70 ; jne 0x459b70 push ebx call fcn_004591f9 ; call 0x4591f9 add esp, 4 test eax, eax je short loc_00459b70 ; je 0x459b70 mov ebp, dword [ebx + 0x10] push ebp jmp near loc_00459ad3 ; jmp 0x459ad3 loc_00459b70: mov cl, byte [ebx + 0xd] mov eax, dword [ebx] or cl, 0x10 mov dl, byte [esp + 0x14] mov byte [ebx + 0xd], cl mov byte [eax], dl mov ebp, dword [ebx] inc ebp mov eax, dword [ebx + 4] mov dword [ebx], ebp inc eax mov edx, dword [ebx + 0xc] mov dword [ebx + 4], eax test esi, edx jne short loc_00459b99 ; jne 0x459b99 cmp eax, dword [ebx + 0x14] jne short loc_00459baa ; jne 0x459baa loc_00459b99: push ebx call fcn_004591f9 ; call 0x4591f9 add esp, 4 test eax, eax jne near loc_00459acf ; jne 0x459acf loc_00459baa: mov esi, dword [ebx + 0x10] push esi call dword [ref_00488f54] ; ucall: call dword [0x488f54] add esp, 4 xor eax, eax mov al, byte [esp + 0x14] pop ebp pop edi pop esi pop ebx ret fcn_00459bc2: mov eax, dword [esp + 4] wait fnsave [eax] wait ret fcn_00459bcb: mov eax, dword [esp + 4] frstor [eax] wait ret fcn_00459bd3: push ebx cmp byte [ref_00488f35], 0 ; cmp byte [0x488f35], 0 je short loc_00459bf3 ; je 0x459bf3 mov edx, fcn_00459bc2 ; mov edx, 0x459bc2 mov ebx, fcn_00459bcb ; mov ebx, 0x459bcb mov dword [ref_00489540], edx ; mov dword [0x489540], edx mov dword [ref_00489544], ebx ; mov dword [0x489544], ebx loc_00459bf3: xor eax, eax mov ax, word [ref_00489548] ; mov ax, word [0x489548] call fcn_0045c25a ; call 0x45c25a pop ebx ret endloc_00459c02: db 0x80 db 0x3d dd ref_00488f35 dd 0xc3c87500 fcn_00459c0c: push ebx mov ah, byte [ref_00488f34] ; mov ah, byte [0x488f34] test ah, ah jne short loc_00459c4e ; jne 0x459c4e mov byte [ref_00488f35], ah ; mov byte [0x488f35], ah xor bh, bh sub eax, eax push eax fninit fnstcw word [esp] pop eax mov al, ah xor bl, bl cmp al, 3 jne short loc_00459c39 ; jne 0x459c39 call fcn_00459bd3 ; call 0x459bd3 mov bh, al mov bl, al loc_00459c39: cmp byte [ref_00489348], 0 ; cmp byte [0x489348], 0 jne short loc_00459c4e ; jne 0x459c4e mov byte [ref_00488f34], bh ; mov byte [0x488f34], bh mov byte [ref_00488f35], bl ; mov byte [0x488f35], bl loc_00459c4e: pop ebx ret fcn_00459c50: ret fcn_00459c51: push ebp mov ebp, esp push ebx sub esp, 0x10 mov dl, byte [ebp + 0x10] cmp dl, 1 jb short loc_00459c91 ; jb 0x459c91 cmp dl, 3 jbe short loc_00459c6c ; jbe 0x459c6c cmp dl, 4 je short loc_00459c7d ; je 0x459c7d jmp short loc_00459c91 ; jmp 0x459c91 loc_00459c6c: lea ebx, [ebp + 8] or dl, 0x40 push ebx xor ebx, ebx mov bl, dl or bh, 0x20 push ebx jmp short loc_00459cb3 ; jmp 0x459cb3 loc_00459c7d: fldz fcomp qword [ebp + 8] fnstsw ax sahf jbe short loc_00459c91 ; jbe 0x459c91 xor edx, edx mov dword [ebp - 0x14], edx mov dword [ebp - 0x10], edx jmp short loc_00459ccd ; jmp 0x459ccd loc_00459c91: xor ebx, ebx mov bl, dl mov ecx, ebx or ch, 0x81 cmp dl, 6 jne short loc_00459cae ; jne 0x459cae fldz fcomp qword [ebp + 8] fnstsw ax sahf jbe short loc_00459cae ; jbe 0x459cae or bh, 0x11 mov ecx, ebx loc_00459cae: lea ebx, [ebp + 8] push ebx push ecx loc_00459cb3: call fcn_0045c281 ; call 0x45c281 mov dword [ebp - 0xc], eax mov dword [ebp - 8], edx add esp, 8 mov eax, dword [ebp - 0xc] mov dword [ebp - 0x14], eax mov eax, dword [ebp - 8] mov dword [ebp - 0x10], eax loc_00459ccd: mov ebx, dword [ebp - 0x14] mov dword [ebp - 0xc], ebx mov ebx, dword [ebp - 0x10] mov eax, dword [ebp - 0xc] mov edx, ebx lea esp, [ebp - 4] pop ebx pop ebp ret fcn_00459ce1: push ebx mov edx, fcn_0045c3b2 ; mov edx, 0x45c3b2 mov ebx, fcn_0045c4cf ; mov ebx, 0x45c4cf mov dword [ref_004895a8], edx ; mov dword [0x4895a8], edx mov dword [ref_004895ac], ebx ; mov dword [0x4895ac], ebx pop ebx ret endloc_00459cfa: db 0x00 db 0x00 fcn_00459cfc: push eax sub esp, 0x14 fstp tword [esp] ; fstp xword [esp] mov eax, dword [esp + 8] and eax, 0x7fff je near loc_00459da3 ; je 0x459da3 cmp eax, 0x7fff je near loc_00459da3 ; je 0x459da3 mov eax, dword [esp + 4] add eax, eax jae short loc_00459da3 ; jae 0x459da3 fld tword [esp] ; fld xword [esp] fabs fcomp dword [ref_0048996c] ; fcomp dword [0x48996c] fnstsw ax sahf jae short loc_00459da3 ; jae 0x459da3 fld tword [esp] ; fld xword [esp] fsincos fstp tword [esp] ; fstp xword [esp] fld tword [esp] ; fld xword [esp] mov eax, dword [esp + 4] add eax, eax xor eax, 0xe000000 test eax, 0xe000000 je short loc_00459d5b ; je 0x459d5b fdivp st1 ; fdivp st(1) fld1 add esp, 0x14 pop eax ret loc_00459d5b: shr eax, 0x1c cmp byte [eax + ref_00489958], ah ; cmp byte [eax + 0x489958], ah jne short loc_00459d6f ; jne 0x459d6f fdivp st1 ; fdivp st(1) fld1 add esp, 0x14 pop eax ret loc_00459d6f: wait wait fnstcw word [esp + 0x10] mov eax, dword [esp + 0x10] or eax, 0x33f mov dword [esp + 0xc], eax fldcw word [esp + 0xc] fmul dword [ref_00489968] ; fmul dword [0x489968] fxch st1 ; fxch st(1) fmul dword [ref_00489968] ; fmul dword [0x489968] fxch st1 ; fxch st(1) fldcw word [esp + 0x10] fdivp st1 ; fdivp st(1) fld1 add esp, 0x14 pop eax ret loc_00459da3: fld tword [esp] ; fld xword [esp] fptan add esp, 0x14 pop eax ret fcn_00459dad: mov edx, dword [esp + 4] test edx, edx jne short loc_00459dbd ; jne 0x459dbd call fcn_0045bfdd ; call 0x45bfdd xor eax, eax ret loc_00459dbd: push edx call fcn_004591f9 ; call 0x4591f9 add esp, 4 ret fcn_00459dc7: push ebx mov ebx, dword [esp + 8] mov edx, dword [esp + 0xc] loc_00459dd0: mov al, byte [ebx] mov ah, byte [edx] cmp al, 0x41 jb short loc_00459dde ; jb 0x459dde cmp al, 0x5a ja short loc_00459dde ; ja 0x459dde add al, 0x20 loc_00459dde: cmp ah, 0x41 jb short loc_00459deb ; jb 0x459deb cmp ah, 0x5a ja short loc_00459deb ; ja 0x459deb add ah, 0x20 loc_00459deb: cmp al, ah jne short loc_00459df7 ; jne 0x459df7 test ah, ah je short loc_00459df7 ; je 0x459df7 inc ebx inc edx jmp short loc_00459dd0 ; jmp 0x459dd0 loc_00459df7: xor edx, edx mov dl, al mov al, ah and eax, 0xff sub edx, eax mov eax, edx pop ebx ret fcn_00459e08: push ebx mov ecx, dword [ref_00489474] ; mov ecx, dword [0x489474] mov eax, dword [ref_00489478] ; mov eax, dword [0x489478] cmp eax, dword [ref_004894e8] ; cmp eax, dword [0x4894e8] jae short loc_00459e20 ; jae 0x459e20 loc_00459e1c: xor eax, eax jmp short loc_00459e41 ; jmp 0x459e41 loc_00459e20: mov ebx, dword [ref_00489478] ; mov ebx, dword [0x489478] mov edx, ecx xor eax, eax shl ebx, 2 jmp short loc_00459e38 ; jmp 0x459e38 loc_00459e2f: cmp dword [edx + eax], 0 je short loc_00459e1c ; je 0x459e1c add eax, 4 loc_00459e38: cmp eax, ebx jl short loc_00459e2f ; jl 0x459e2f mov eax, 1 loc_00459e41: mov dword [ref_00489474], ecx ; mov dword [0x489474], ecx pop ebx ret fcn_00459e49: push ebx call dword [ref_00488f80] ; ucall: call dword [0x488f80] mov ecx, dword [ref_00489478] ; mov ecx, dword [0x489478] xor ebx, ebx xor eax, eax shl ecx, 2 jmp short loc_00459e80 ; jmp 0x459e80 loc_00459e5f: mov edx, dword [ref_00489474] ; mov edx, dword [0x489474] add edx, eax cmp dword [edx], 0 jne short loc_00459e7c ; jne 0x459e7c mov eax, dword [esp + 8] mov dword [edx], eax call dword [ref_00488f84] ; ucall: call dword [0x488f84] mov eax, ebx pop ebx ret loc_00459e7c: add eax, 4 inc ebx loc_00459e80: cmp eax, ecx jl short loc_00459e5f ; jl 0x459e5f mov eax, dword [ref_00489478] ; mov eax, dword [0x489478] inc eax shl eax, 2 push eax mov edx, dword [ref_00489474] ; mov edx, dword [0x489474] push edx call fcn_0045c585 ; call 0x45c585 mov edx, dword [ref_00489478] ; mov edx, dword [0x489478] mov ebx, dword [ref_00489478] ; mov ebx, dword [0x489478] add esp, 8 mov dword [ref_00489474], eax ; mov dword [0x489474], eax shl edx, 2 inc ebx add eax, edx mov edx, dword [esp + 8] mov dword [ref_00489478], ebx ; mov dword [0x489478], ebx mov dword [eax], edx call dword [ref_00488f84] ; ucall: call dword [0x488f84] mov eax, dword [ref_00489478] ; mov eax, dword [0x489478] dec eax pop ebx ret fcn_00459ece: push ebx push esi push edi push ebp mov ebp, dword [esp + 0x14] mov esi, dword [esp + 0x18] test esi, esi jl near loc_00459f7a ; jl 0x459f7a call dword [ref_00488f80] ; ucall: call dword [0x488f80] cmp esi, 1 jb short loc_00459ef6 ; jb 0x459ef6 jbe short loc_00459eff ; jbe 0x459eff cmp esi, 2 je short loc_00459f04 ; je 0x459f04 jmp short loc_00459f0e ; jmp 0x459f0e loc_00459ef6: test esi, esi jne short loc_00459f0e ; jne 0x459f0e push ebp push 0xfffffffffffffff6 jmp short loc_00459f07 ; jmp 0x459f07 loc_00459eff: push ebp push 0xfffffffffffffff5 jmp short loc_00459f07 ; jmp 0x459f07 loc_00459f04: push ebp push 0xfffffffffffffff4 loc_00459f07: call dword [cs:__imp__SetStdHandle@8] ; ucall: call dword cs:[0x46240c] loc_00459f0e: mov edi, esi mov edx, dword [ref_00489478] ; mov edx, dword [0x489478] shl edi, 2 cmp esi, edx jge short loc_00459f27 ; jge 0x459f27 mov eax, dword [ref_00489474] ; mov eax, dword [0x489474] mov dword [edi + eax], ebp jmp short loc_00459f74 ; jmp 0x459f74 loc_00459f27: lea eax, [edi + 4] push eax mov ebx, dword [ref_00489474] ; mov ebx, dword [0x489474] push ebx call fcn_0045c585 ; call 0x45c585 mov ebx, dword [ref_00489478] ; mov ebx, dword [0x489478] add esp, 8 mov dword [ref_00489474], eax ; mov dword [0x489474], eax mov eax, ebx mov ecx, edi shl eax, 2 jmp short loc_00459f5f ; jmp 0x459f5f loc_00459f4e: mov edx, dword [ref_00489474] ; mov edx, dword [0x489474] inc ebx mov dword [edx + eax], 0 add eax, 4 loc_00459f5f: cmp eax, ecx jl short loc_00459f4e ; jl 0x459f4e mov eax, dword [ref_00489474] ; mov eax, dword [0x489474] mov edx, esi inc esi mov dword [eax + edx*4], ebp mov dword [ref_00489478], esi ; mov dword [0x489478], esi loc_00459f74: call dword [ref_00488f84] ; ucall: call dword [0x488f84] loc_00459f7a: pop ebp pop edi pop esi pop ebx ret fcn_00459f7f: call dword [ref_00488f80] ; ucall: call dword [0x488f80] mov edx, dword [esp + 4] test edx, edx jle short loc_00459fa4 ; jle 0x459fa4 cmp edx, dword [ref_00489478] ; cmp edx, dword [0x489478] jge short loc_00459fa4 ; jge 0x459fa4 mov eax, edx mov edx, dword [ref_00489474] ; mov edx, dword [0x489474] mov dword [edx + eax*4], 0 loc_00459fa4: call dword [ref_00488f84] ; ucall: call dword [0x488f84] ret fcn_00459fab: push 0xfffffffffffffff6 call dword [cs:__imp__GetStdHandle@4] ; ucall: call dword cs:[0x4623c8] mov edx, eax test eax, eax je short loc_00459fbf ; je 0x459fbf cmp eax, 0xffffffff jne short loc_00459fc4 ; jne 0x459fc4 loc_00459fbf: call fcn_0045a012 ; call 0x45a012 loc_00459fc4: push eax call fcn_00459e49 ; call 0x459e49 add esp, 4 push 0xfffffffffffffff5 call dword [cs:__imp__GetStdHandle@4] ; ucall: call dword cs:[0x4623c8] mov edx, eax test eax, eax je short loc_00459fe1 ; je 0x459fe1 cmp eax, 0xffffffff jne short loc_00459fe6 ; jne 0x459fe6 loc_00459fe1: call fcn_0045a012 ; call 0x45a012 loc_00459fe6: push eax call fcn_00459e49 ; call 0x459e49 add esp, 4 push 0xfffffffffffffff4 call dword [cs:__imp__GetStdHandle@4] ; ucall: call dword cs:[0x4623c8] mov edx, eax test eax, eax je short loc_0045a003 ; je 0x45a003 cmp eax, 0xffffffff jne short loc_0045a008 ; jne 0x45a008 loc_0045a003: call fcn_0045a012 ; call 0x45a012 loc_0045a008: push eax call fcn_00459e49 ; call 0x459e49 add esp, 4 ret fcn_0045a012: push 0 push 0 push 0 push 0 call dword [cs:__imp__CreateEventA@16] ; ucall: call dword cs:[0x46234c] mov edx, eax test eax, eax jne short loc_0045a034 ; jne 0x45a034 mov edx, dword [ref_0048947c] ; mov edx, dword [0x48947c] inc edx mov dword [ref_0048947c], edx ; mov dword [0x48947c], edx loc_0045a034: mov eax, edx ret fcn_0045a037: ret loc_0045a062: push 0x18 push 1 call lib_calloc ; call 0x45c62e add esp, 8 mov ebx, eax test eax, eax jne short loc_0045a083 ; jne 0x45a083 push 1 push ref_0046c438 ; push 0x46c438 call __fatal_runtime_error ; call 0x45c690 add esp, 8 loc_0045a083: mov eax, ebx pop ebx ret fcn_0045a4c0: push ebx push esi push ref_004991dc ; push 0x4991dc mov ebx, ref_004991fc ; mov ebx, 0x4991fc call dword [ref_00489488] ; ucall: call dword [0x489488] add esp, 4 lea esi, [ebx + 0x100] loc_0045a4db: push ebx call dword [ref_00489488] ; ucall: call dword [0x489488] add ebx, 0x10 add esp, 4 cmp ebx, esi jne short loc_0045a4db ; jne 0x45a4db push ref_0049932c ; push 0x49932c call dword [ref_00489488] ; ucall: call dword [0x489488] add esp, 4 call fcn_0045c901 ; call 0x45c901 push ref_004992fc ; push 0x4992fc call dword [ref_00489488] ; ucall: call dword [0x489488] add esp, 4 push ref_004991ec ; push 0x4991ec call dword [ref_00489488] ; ucall: call dword [0x489488] add esp, 4 push ref_0049931c ; push 0x49931c call dword [ref_00489488] ; ucall: call dword [0x489488] add esp, 4 push InitSemaphore ; push 0x49930c call dword [ref_00489488] ; ucall: call dword [0x489488] add esp, 4 call __NTThreadFini ; call 0x45a382 pop esi pop ebx ret clib_strdup: push ebx push esi push edi mov esi, dword [esp + 0x10] mov edi, esi push es mov eax, ds mov es, eax sub ecx, ecx dec ecx xor eax, eax repne scasb ; repne scasb al, byte es:[edi] not ecx dec ecx pop es lea ebx, [ecx + 1] push ebx call fcn_00456f80 ; call 0x456f80 add esp, 4 mov edx, eax test eax, eax je short loc_0045a584 ; je 0x45a584 mov ecx, ebx mov edi, eax push es mov eax, ds mov es, eax push edi mov eax, ecx shr ecx, 2 repne movsd mov cl, al and cl, 3 repne movsb ; repne movsb byte es:[edi], byte ptr [esi] pop edi pop es loc_0045a584: mov eax, edx pop edi pop esi pop ebx ret fcn_0045a58a: push ebx push esi push edi mov edi, dword [esp + 0x14] call dword [cs:__imp__GetVersion@0] ; ucall: call dword cs:[0x4623d0] shr eax, 0x10 and eax, 0xffff cmp ax, 0x8000 jae short loc_0045a5bc ; jae 0x45a5bc mov esi, dword [esp + 0x18] push esi push edi mov edi, dword [esp + 0x18] push edi call dword [cs:__imp__GetModuleFileNameW@12] ; ucall: call dword cs:[0x4623b8] pop edi pop esi pop ebx ret loc_0045a5bc: push 0x208 call fcn_00456f80 ; call 0x456f80 mov ebx, eax add esp, 4 test eax, eax je short loc_0045a62b ; je 0x45a62b push 0x208 push eax mov edx, dword [esp + 0x18] push edx call dword [cs:__imp__GetModuleFileNameA@12] ; ucall: call dword cs:[0x4623b4] test eax, eax jne short loc_0045a5f4 ; jne 0x45a5f4 push ebx call clib_free ; call 0x456e11 add esp, 4 loc_0045a5ee: xor eax, eax pop edi pop esi pop ebx ret loc_0045a5f4: mov ecx, dword [esp + 0x18] push ecx push edi push 0xffffffffffffffff push ebx push 1 push 1 call dword [cs:__imp__MultiByteToWideChar@24] ; ucall: call dword cs:[0x4623e4] push ebx mov esi, eax call clib_free ; call 0x456e11 add esp, 4 test esi, esi je short loc_0045a5ee ; je 0x45a5ee mov eax, dword [esp + 0x18] push edi mov word [edi + eax*2 - 2], 0 call fcn_0045c9de ; call 0x45c9de add esp, 4 loc_0045a62b: pop edi pop esi pop ebx ret fcn_0045a62f: push ebx push esi push ebp mov ebp, esp push dword [ebp + 0x10] call fcn_0045c9de ; call 0x45c9de lea esi, [eax + 1] add esp, 4 add esi, esi push esi call fcn_00456f80 ; call 0x456f80 add esp, 4 mov ebx, eax test eax, eax je short loc_0045a660 ; je 0x45a660 push esi push dword [ebp + 0x10] push eax call _memcpy ; call 0x456de8 add esp, 0xc loc_0045a660: mov eax, ebx pop ebp pop esi pop ebx ret __init_stack_limits: push ebx push esi sub esp, 0x20 mov ebx, dword [esp + 0x2c] push 0x1c lea eax, [esp + 4] push eax lea eax, [esp + 0x24] push eax call dword [cs:__imp__VirtualQuery@12] ; ucall: call dword cs:[0x462430] mov edx, dword [esp] add edx, dword [esp + 0xc] mov cx, word [_RWD_osbuild] ; mov cx, word [0x489355] mov eax, dword [esp + 4] cmp cx, 0x8000 jae short loc_0045a6a2 ; jae 0x45a6a2 add eax, 0x3000 jmp short loc_0045a6b9 ; jmp 0x45a6b9 loc_0045a6a2: jb short loc_0045a6b4 ; jb 0x45a6b4 cmp byte [_RWD_osmajor], 4 ; cmp byte [0x489353], 4 jae short loc_0045a6b4 ; jae 0x45a6b4 add eax, 0x12000 jmp short loc_0045a6b9 ; jmp 0x45a6b9 loc_0045a6b4: add eax, 0x13000 loc_0045a6b9: test ebx, ebx je short loc_0045a6bf ; je 0x45a6bf mov dword [ebx], eax loc_0045a6bf: mov esi, dword [esp + 0x30] test esi, esi je short loc_0045a6c9 ; je 0x45a6c9 mov dword [esi], edx loc_0045a6c9: add esp, 0x20 pop esi pop ebx ret fcn_0045a6cf: push ebx push ref_0046c45c ; push 0x46c45c call dword [cs:__imp__LoadLibraryA@4] ; ucall: call dword cs:[0x4623dc] xor ebx, ebx test eax, eax je short loc_0045a6f9 ; je 0x45a6f9 push ref_0046c467 ; push 0x46c467 push eax call dword [cs:__imp__GetProcAddress@8] ; ucall: call dword cs:[0x4623c4] mov edx, eax test eax, eax je short loc_0045a6f9 ; je 0x45a6f9 call edx mov ebx, eax loc_0045a6f9: test ebx, ebx setne al and eax, 0xff pop ebx ret fcn_0045a705: push ebx push esi mov edx, dword [esp + 0xc] mov eax, dword [esp + 0x10] xor ebx, ebx loc_0045a711: cmp byte [edx], 0 je short loc_0045a719 ; je 0x45a719 inc edx jmp short loc_0045a711 ; jmp 0x45a711 loc_0045a719: lea esi, [edx + 9] loc_0045a71c: mov cl, byte [eax] mov byte [edx], cl test cl, cl je short loc_0045a736 ; je 0x45a736 cmp cl, 0x30 jne short loc_0045a731 ; jne 0x45a731 cmp byte [eax + 1], 0x78 jne short loc_0045a731 ; jne 0x45a731 mov ebx, esi loc_0045a731: inc esi inc edx inc eax jmp short loc_0045a71c ; jmp 0x45a71c loc_0045a736: test ebx, ebx je short loc_0045a755 ; je 0x45a755 mov eax, dword [esp + 0x14] loc_0045a73e: test eax, eax je short loc_0045a755 ; je 0x45a755 mov edx, eax and edx, 0xf mov dl, byte [edx + ref_00489494] ; mov dl, byte [edx + 0x489494] shr eax, 4 mov byte [ebx], dl dec ebx jmp short loc_0045a73e ; jmp 0x45a73e loc_0045a755: pop esi pop ebx ret fcn_0045a758: push ebx push esi push edi push ebp sub esp, 0x104 mov esi, dword [esp + 0x118] mov ebx, dword [esi] mov esi, dword [esi + 4] call fcn_0045a6cf ; call 0x45a6cf test eax, eax jne short loc_0045a781 ; jne 0x45a781 call fcn_0045ca9a ; call 0x45ca9a cmp eax, 0xffffffff jne short loc_0045a788 ; jne 0x45a788 loc_0045a781: xor eax, eax jmp near loc_0045a961 ; jmp 0x45a961 loc_0045a788: xor ah, ah mov byte [esp], ah mov eax, dword [ebx] cmp eax, 0xc0000090 jb short loc_0045a7e3 ; jb 0x45a7e3 jbe near loc_0045a87e ; jbe 0x45a87e cmp eax, 0xc0000093 jb short loc_0045a7d6 ; jb 0x45a7d6 jbe near loc_0045a870 ; jbe 0x45a870 cmp eax, 0xc0000096 jb short loc_0045a7c6 ; jb 0x45a7c6 jbe near loc_0045a8d1 ; jbe 0x45a8d1 cmp eax, 0xc00000fd je near loc_0045a8f2 ; je 0x45a8f2 jmp near loc_0045a8fd ; jmp 0x45a8fd loc_0045a7c6: cmp eax, 0xc0000094 je near loc_0045a8e7 ; je 0x45a8e7 jmp near loc_0045a8fd ; jmp 0x45a8fd loc_0045a7d6: cmp eax, 0xc0000091 jbe near loc_0045a862 ; jbe 0x45a862 jmp short loc_0045a816 ; jmp 0x45a816 loc_0045a7e3: cmp eax, 0xc000008d jb short loc_0045a7f5 ; jb 0x45a7f5 jbe short loc_0045a838 ; jbe 0x45a838 cmp eax, 0xc000008e jbe short loc_0045a846 ; jbe 0x45a846 jmp short loc_0045a854 ; jmp 0x45a854 loc_0045a7f5: cmp eax, 0xc0000005 jb near loc_0045a8fd ; jb 0x45a8fd jbe near loc_0045a88c ; jbe 0x45a88c cmp eax, 0xc000001d je near loc_0045a8dc ; je 0x45a8dc jmp near loc_0045a8fd ; jmp 0x45a8fd loc_0045a816: test byte [esi + 0x21], 2 je short loc_0045a82a ; je 0x45a82a mov eax, dword [ebx + 0xc] push eax push ref_0046c477 ; push 0x46c477 jmp near loc_0045a91b ; jmp 0x45a91b loc_0045a82a: mov ebp, dword [ebx + 0xc] push ebp push ref_0046c4c8 ; push 0x46c4c8 jmp near loc_0045a91b ; jmp 0x45a91b loc_0045a838: mov ebp, dword [ebx + 0xc] push ebp push ref_0046c51a ; push 0x46c51a jmp near loc_0045a91b ; jmp 0x45a91b loc_0045a846: mov edi, dword [ebx + 0xc] push edi push ref_0046c56d ; push 0x46c56d jmp near loc_0045a91b ; jmp 0x45a91b loc_0045a854: mov esi, dword [ebx + 0xc] push esi push ref_0046c5c0 ; push 0x46c5c0 jmp near loc_0045a91b ; jmp 0x45a91b loc_0045a862: mov edx, dword [ebx + 0xc] push edx push ref_0046c611 ; push 0x46c611 jmp near loc_0045a91b ; jmp 0x45a91b loc_0045a870: mov edi, dword [ebx + 0xc] push edi push ref_0046c65d ; push 0x46c65d jmp near loc_0045a91b ; jmp 0x45a91b loc_0045a87e: mov ecx, dword [ebx + 0xc] push ecx push ref_0046c6aa ; push 0x46c6aa jmp near loc_0045a91b ; jmp 0x45a91b loc_0045a88c: mov edx, dword [ebx + 0xc] push edx push ref_0046c6ff ; push 0x46c6ff lea eax, [esp + 8] push eax call fcn_0045a705 ; call 0x45a705 add esp, 0xc mov ecx, dword [ebx + 0x18] push ecx push ref_0046c730 ; push 0x46c730 lea eax, [esp + 8] push eax call fcn_0045a705 ; call 0x45a705 mov esi, dword [ebx + 0x14] add esp, 0xc test esi, esi jne short loc_0045a8c8 ; jne 0x45a8c8 push esi mov eax, ref_0046c758 ; mov eax, 0x46c758 loc_0045a8c5: push eax jmp short loc_0045a91b ; jmp 0x45a91b loc_0045a8c8: push 0 mov eax, ref_0046c75f ; mov eax, 0x46c75f jmp short loc_0045a8c5 ; jmp 0x45a8c5 loc_0045a8d1: mov ecx, dword [ebx + 0xc] push ecx push ref_0046c769 ; push 0x46c769 jmp short loc_0045a91b ; jmp 0x45a91b loc_0045a8dc: mov eax, dword [ebx + 0xc] push eax push ref_0046c7a7 ; push 0x46c7a7 jmp short loc_0045a91b ; jmp 0x45a91b loc_0045a8e7: mov esi, dword [ebx + 0xc] push esi push ref_0046c7e3 ; push 0x46c7e3 jmp short loc_0045a91b ; jmp 0x45a91b loc_0045a8f2: mov edx, dword [ebx + 0xc] push edx push ref_0046c825 ; push 0x46c825 jmp short loc_0045a91b ; jmp 0x45a91b loc_0045a8fd: mov edi, dword [ebx] push edi push ref_0046c85e ; push 0x46c85e lea eax, [esp + 8] push eax call fcn_0045a705 ; call 0x45a705 add esp, 0xc mov ebp, dword [ebx + 0xc] push ebp push ref_0046c88f ; push 0x46c88f loc_0045a91b: lea eax, [esp + 8] push eax call fcn_0045a705 ; call 0x45a705 add esp, 0xc push 0 lea eax, [esp + 0x104] push eax lea edi, [esp + 8] push es mov eax, ds mov es, eax sub ecx, ecx dec ecx xor eax, eax repne scasb ; repne scasb al, byte es:[edi] not ecx dec ecx pop es push ecx lea eax, [esp + 0xc] push eax mov eax, dword [ref_00489474] ; mov eax, dword [0x489474] mov edx, dword [eax + 8] push edx call dword [cs:__imp__WriteFile@20] ; ucall: call dword cs:[0x462440] mov eax, 1 loc_0045a961: add esp, 0x104 pop ebp pop edi pop esi pop ebx ret 4 endloc_0045a96e: db 0x90 ref_0045a96f: ; may contain a jump table dd loc_0045a9d5 dd loc_0045a9df dd loc_0045a9e9 dd loc_0045aa07 dd loc_0045a9f3 dd loc_0045a9bb dd loc_0045a9fd fcn_0045a98b: push ebx push esi push edi sub esp, 8 mov esi, dword [esp + 0x18] mov edi, dword [esp + 0x20] test byte [esi + 4], 6 jne near loc_0045ab4c ; jne 0x45ab4c mov eax, dword [esi] add eax, 0x3fffff73 cmp eax, 6 ja near loc_0045aad9 ; ja 0x45aad9 jmp dword [cs:eax*4 + ref_0045a96f] ; ujmp: jmp dword cs:[eax*4 + 0x45a96f] loc_0045a9bb: test byte [edi + 0x21], 2 je short loc_0045a9cb ; je 0x45a9cb mov ebx, 0x8a jmp near loc_0045aa9a ; jmp 0x45aa9a loc_0045a9cb: mov ebx, 0x8b jmp near loc_0045aa9a ; jmp 0x45aa9a loc_0045a9d5: mov ebx, 0x82 jmp near loc_0045aa9a ; jmp 0x45aa9a loc_0045a9df: mov ebx, 0x83 jmp near loc_0045aa9a ; jmp 0x45aa9a loc_0045a9e9: mov ebx, 0x86 jmp near loc_0045aa9a ; jmp 0x45aa9a loc_0045a9f3: mov ebx, 0x84 jmp near loc_0045aa9a ; jmp 0x45aa9a loc_0045a9fd: mov ebx, 0x85 jmp near loc_0045aa9a ; jmp 0x45aa9a loc_0045aa07: mov eax, dword [edi + 0x28] mov dx, word [eax] mov ebx, 0x81 cmp dx, 0xfad9 jne short loc_0045aa23 ; jne 0x45aa23 mov ebx, 0x88 jmp near loc_0045aa9a ; jmp 0x45aa9a loc_0045aa23: cmp dx, 0xf1d9 jne short loc_0045aa34 ; jne 0x45aa34 mov ebx, 0x8e jmp near loc_0045aa9a ; jmp 0x45aa9a loc_0045aa34: jne short loc_0045aa3d ; jne 0x45aa3d mov ebx, 0x8f jmp short loc_0045aa9a ; jmp 0x45aa9a loc_0045aa3d: mov dh, byte [eax] cmp dh, 0xdb je short loc_0045aa49 ; je 0x45aa49 cmp dh, 0xdf jne short loc_0045aa59 ; jne 0x45aa59 loc_0045aa49: mov cl, byte [eax + 1] and cl, 0x30 cmp cl, 0x10 jne short loc_0045aa59 ; jne 0x45aa59 mov ebx, 0x8d loc_0045aa59: test byte [eax], 1 jne short loc_0045aa95 ; jne 0x45aa95 mov al, byte [eax + 1] and al, 0x30 cmp al, 0x30 jne short loc_0045aa95 ; jne 0x45aa95 mov ecx, dword [edi + 0x20] and ecx, 0xffff mov eax, dword [edi + 0x24] shl ecx, 2 and eax, 0xffff shr cx, 0xd and ecx, 0xffff add ecx, ecx shr eax, cl and eax, 1 cmp eax, 1 je near loc_0045a9df ; je 0x45a9df loc_0045aa95: cmp ebx, 0xffffffff je short loc_0045aad9 ; je 0x45aad9 loc_0045aa9a: mov byte [ref_00499950], 1 ; mov byte [0x499950], 1 call fcn_0045caa5 ; call 0x45caa5 push ebx call fcn_0045cc59 ; call 0x45cc59 add esp, 4 cmp eax, 0xffffffff je near loc_0045ab2d ; je 0x45ab2d cmp byte [ref_00499950], 0 ; cmp byte [0x499950], 0 je near loc_0045ab2d ; je 0x45ab2d mov bx, word [edi + 0x20] xor bl, bl and bh, 0x7f xor eax, eax mov word [edi + 0x20], bx jmp near loc_0045ab51 ; jmp 0x45ab51 loc_0045aad9: cmp dword [ref_00489490], 0 ; cmp dword [0x489490], 0 je short loc_0045ab2d ; je 0x45ab2d mov ebx, 1 loc_0045aae7: mov ecx, dword [esi] push ecx push ebx call dword [ref_0048948c] ; ucall: call dword [0x48948c] add esp, 8 test eax, eax je short loc_0045ab27 ; je 0x45ab27 cmp eax, 1 je short loc_0045ab2d ; je 0x45ab2d cmp eax, 2 je short loc_0045ab2d ; je 0x45ab2d cmp eax, 3 je short loc_0045ab2d ; je 0x45ab2d mov dl, 1 push ebx mov byte [ref_00499950], dl ; mov byte [0x499950], dl call dword [ref_00489490] ; ucall: call dword [0x489490] mov dh, byte [ref_00499950] ; mov dh, byte [0x499950] add esp, 4 test dh, dh je short loc_0045ab27 ; je 0x45ab27 xor eax, eax jmp short loc_0045ab51 ; jmp 0x45ab51 loc_0045ab27: inc ebx cmp ebx, 0xc jle short loc_0045aae7 ; jle 0x45aae7 loc_0045ab2d: mov eax, esp push eax mov dword [esp + 4], esi mov dword [esp + 8], edi call dword [cs:__imp__UnhandledExceptionFilter@4] ; ucall: call dword cs:[0x462424] test eax, eax je short loc_0045ab4c ; je 0x45ab4c push 0xffffffffffffffff call dword [cs:__imp__ExitProcess@4] ; ucall: call dword cs:[0x462364] loc_0045ab4c: mov eax, 1 loc_0045ab51: add esp, 8 pop edi pop esi pop ebx ret __NewExceptionFilter: push ebx mov ebx, dword [esp + 8] call dword [_GetThreadPtr] ; ucall: call dword [0x488f4c] mov dword [eax + 0x54], ebx xor eax, eax mov eax, dword [fs:eax] mov ebx, eax call dword [_GetThreadPtr] ; ucall: call dword [0x488f4c] mov eax, dword [eax + 0x54] mov dword [eax], ebx call dword [_GetThreadPtr] ; ucall: call dword [0x488f4c] mov eax, dword [eax + 0x54] mov dword [eax + 4], fcn_0045a98b ; mov dword [eax + 4], 0x45a98b call dword [_GetThreadPtr] ; ucall: call dword [0x488f4c] mov eax, dword [eax + 0x54] xor edx, edx mov dword [fs:edx], eax push fcn_0045a758 ; push 0x45a758 call dword [cs:__imp__SetUnhandledExceptionFilter@4] ; ucall: call dword cs:[0x462410] pop ebx ret fcn_0045aba4: call dword [_GetThreadPtr] ; ucall: call dword [0x488f4c] mov eax, dword [eax + 0x54] test eax, eax je short loc_0045abb8 ; je 0x45abb8 mov eax, dword [eax] xor edx, edx mov dword [fs:edx], eax loc_0045abb8: call dword [_GetThreadPtr] ; ucall: call dword [0x488f4c] mov dword [eax + 0x54], 0 ret fcn_0045abc6: push es mov eax, dword [esp + 8] cmp dword [eax], 0 je short loc_0045abd4 ; je 0x45abd4 push ds pop es call dword [eax] ; ucall loc_0045abd4: pop es ret fcn_0045ac2a: push ebx push esi push es sub esp, 8 mov esi, ref_00489912 ; mov esi, 0x489912 mov byte [esp + 4], al mov byte [esp], dl loc_0045ac3c: mov eax, ref_00489900 ; mov eax, 0x489900 mov dl, byte [esp + 4] mov ebx, esi loc_0045ac47: cmp eax, ref_00489912 ; cmp eax, 0x489912 jae short loc_0045ac63 ; jae 0x45ac63 cmp byte [eax], 2 je short loc_0045ac5e ; je 0x45ac5e mov cl, byte [eax + 1] cmp dl, cl ja short loc_0045ac5e ; ja 0x45ac5e mov ebx, eax mov dl, cl loc_0045ac5e: add eax, 6 jmp short loc_0045ac47 ; jmp 0x45ac47 loc_0045ac63: cmp ebx, ref_00489912 ; cmp ebx, 0x489912 je short loc_0045ac84 ; je 0x45ac84 mov al, byte [ebx + 1] cmp al, byte [esp] ja short loc_0045ac7f ; ja 0x45ac7f lea eax, [ebx + 2] push eax call fcn_0045abc6 ; call 0x45abc6 add esp, 4 loc_0045ac7f: mov byte [ebx], 2 jmp short loc_0045ac3c ; jmp 0x45ac3c loc_0045ac84: add esp, 8 pop es pop esi pop ebx ret endloc_0045ac8b: db 0x53 db 0xff db 0x15 dd ref_00488f68 db 0x8b db 0x44 dd 0x1d8b0824 dd ref_004894a8 db 0xa3 dd ref_004894a8 db 0xff db 0x15 dd ref_00488f70 db 0x89 db 0xd8 db 0x5b db 0xc3 fcn_0045acab: push ebx push esi call dword [ref_00488f68] ; ucall: call dword [0x488f68] mov eax, dword [ref_00488f00] ; mov eax, dword [0x488f00] jmp near loc_0045ad6a ; jmp 0x45ad6a fcn_0045acbd: push ebx push esi mov esi, dword [esp + 0xc] push 0x8000 push 0 push esi mov ebx, dword [esi + 8] call dword [cs:__imp__VirtualFree@12] ; ucall: call dword cs:[0x46242c] test eax, eax jne short loc_0045ace1 ; jne 0x45ace1 mov eax, 0xffffffff pop esi pop ebx ret loc_0045ace1: cmp esi, dword [ref_00488f04] ; cmp esi, dword [0x488f04] jne short loc_0045ad05 ; jne 0x45ad05 test ebx, ebx je short loc_0045acf5 ; je 0x45acf5 mov dword [ref_00488f04], ebx ; mov dword [0x488f04], ebx jmp short loc_0045ad05 ; jmp 0x45ad05 loc_0045acf5: mov eax, dword [ref_00488f00] ; mov eax, dword [0x488f00] mov dword [ref_00488f08], ebx ; mov dword [0x488f08], ebx mov dword [ref_00488f04], eax ; mov dword [0x488f04], eax loc_0045ad05: mov ecx, dword [ref_004991bc] ; mov ecx, dword [0x4991bc] cmp esi, ecx jne short loc_0045ad17 ; jne 0x45ad17 xor esi, ecx mov dword [ref_004991bc], esi ; mov dword [0x4991bc], esi loc_0045ad17: xor eax, eax pop esi pop ebx ret fcn_0045ad1c: push ebx push esi mov eax, dword [esp + 0xc] push eax mov esi, dword [eax + 4] mov ebx, dword [eax + 8] call fcn_0045acbd ; call 0x45acbd add esp, 4 test eax, eax jne short loc_0045ad4b ; jne 0x45ad4b test esi, esi jne short loc_0045ad41 ; jne 0x45ad41 mov dword [ref_00488f00], ebx ; mov dword [0x488f00], ebx jmp short loc_0045ad44 ; jmp 0x45ad44 loc_0045ad41: mov dword [esi + 8], ebx loc_0045ad44: test ebx, ebx je short loc_0045ad4b ; je 0x45ad4b mov dword [ebx + 4], esi loc_0045ad4b: pop esi pop ebx ret loc_0045ad4e: mov ecx, dword [eax] mov edx, dword [eax + 0x24] sub ecx, 0x2c mov esi, dword [edx] mov ebx, dword [eax + 8] cmp ecx, esi jne short loc_0045ad68 ; jne 0x45ad68 push eax call fcn_0045ad1c ; call 0x45ad1c add esp, 4 loc_0045ad68: mov eax, ebx loc_0045ad6a: test eax, eax jne short loc_0045ad4e ; jne 0x45ad4e call dword [ref_00488f70] ; ucall: call dword [0x488f70] xor eax, eax pop esi pop ebx ret fcn_0045adb0: ret fcn_0045ae76: push ebx push esi push edi push es push ebp sub esp, 0x74 mov ebx, dword [esp + 0x94] mov edi, dword [esp + 0x98] mov ecx, 0x64 mov ebp, dword [esp + 0x90] xor ah, ah xor edx, edx mov byte [esp + 0x70], ah mov word [esp + 0x1e], dx mov word [esp + 0x1c], cx mov eax, dword [esp + 0x8c] xor edx, edx mov dword [esp], eax mov dword [esp + 0x10], edx jmp short loc_0045af29 ; jmp 0x45af29 loc_0045aebc: mov eax, dword [ebx] mov dword [esp + 0x60], eax mov eax, esp push eax lea eax, [esp + 0x64] push eax push esi call fcn_0045b1af ; call 0x45b1af add esp, 0xc mov ebp, eax mov eax, dword [esp + 0x60] mov dword [ebx], eax mov al, byte [ebp] mov byte [esp + 0x15], al inc ebp test al, al je near loc_0045b1a2 ; je 0x45b1a2 cmp al, 0x6e jne near loc_0045afd4 ; jne 0x45afd4 mov dl, byte [esp + 0x1e] test dl, 0x20 je short loc_0045af5b ; je 0x45af5b test dl, 0x80 je short loc_0045af14 ; je 0x45af14 mov ecx, dword [ebx] add ecx, 8 mov dword [ebx], ecx les esi, [ecx - 8] loc_0045af0b: mov eax, dword [esp + 0x10] mov dword [es:esi], eax jmp short loc_0045af29 ; jmp 0x45af29 loc_0045af14: test dl, 0x40 je short loc_0045af4f ; je 0x45af4f mov edx, dword [ebx] add edx, 4 mov dword [ebx], edx mov esi, dword [edx - 4] loc_0045af23: mov eax, dword [esp + 0x10] mov dword [esi], eax loc_0045af29: mov dl, byte [ebp] test dl, dl je near loc_0045b1a2 ; je 0x45b1a2 lea esi, [ebp + 1] cmp dl, 0x25 je short loc_0045aebc ; je 0x45aebc xor eax, eax mov al, dl push eax lea eax, [esp + 4] push eax mov ebp, esi call edi add esp, 8 jmp short loc_0045af29 ; jmp 0x45af29 loc_0045af4f: mov eax, dword [ebx] add eax, 4 mov dword [ebx], eax mov esi, dword [eax - 4] jmp short loc_0045af23 ; jmp 0x45af23 loc_0045af5b: test dl, 0x10 je short loc_0045af9d ; je 0x45af9d test dl, 0x80 je short loc_0045af79 ; je 0x45af79 mov esi, dword [ebx] add esi, 8 mov dword [ebx], esi les esi, [esi - 8] mov eax, dword [esp + 0x10] mov word [es:esi], ax jmp short loc_0045af29 ; jmp 0x45af29 loc_0045af79: test dl, 0x40 je short loc_0045af91 ; je 0x45af91 mov ecx, dword [ebx] add ecx, 4 mov dword [ebx], ecx mov esi, dword [ecx - 4] loc_0045af88: mov eax, dword [esp + 0x10] mov word [esi], ax jmp short loc_0045af29 ; jmp 0x45af29 loc_0045af91: mov edx, dword [ebx] add edx, 4 mov dword [ebx], edx mov esi, dword [edx - 4] jmp short loc_0045af88 ; jmp 0x45af88 loc_0045af9d: test dl, 0x80 je short loc_0045afb1 ; je 0x45afb1 mov eax, dword [ebx] add eax, 8 mov dword [ebx], eax les esi, [eax - 8] jmp near loc_0045af0b ; jmp 0x45af0b loc_0045afb1: test dl, 0x40 je short loc_0045afc5 ; je 0x45afc5 mov esi, dword [ebx] add esi, 4 mov dword [ebx], esi mov esi, dword [esi - 4] jmp near loc_0045af23 ; jmp 0x45af23 loc_0045afc5: mov ecx, dword [ebx] add ecx, 4 mov dword [ebx], ecx mov esi, dword [ecx - 4] jmp near loc_0045af23 ; jmp 0x45af23 loc_0045afd4: mov eax, dword [ebx] mov dword [esp + 0x64], eax lea eax, [esp + 0x70] push eax lea eax, [esp + 4] push eax lea eax, [esp + 0x6c] push eax lea eax, [esp + 0x44] push eax call fcn_0045b61e ; call 0x45b61e add esp, 0x10 mov esi, eax mov eax, dword [esp + 0x64] mov dword [ebx], eax mov dword [esp + 0x6c], edx mov eax, dword [esp + 0x20] mov ecx, dword [esp + 0x24] mov edx, dword [esp + 0x28] add eax, ecx mov ecx, dword [esp + 0x2c] add eax, edx mov edx, dword [esp + 0x30] add eax, ecx mov ecx, dword [esp + 0x34] add eax, edx mov edx, dword [esp + 4] add eax, ecx sub edx, eax mov al, byte [esp + 0x1e] mov dword [esp + 4], edx test al, 8 jne short loc_0045b056 ; jne 0x45b056 cmp byte [esp + 0x16], 0x20 jne short loc_0045b056 ; jne 0x45b056 loc_0045b03d: cmp dword [esp + 4], 0 jle short loc_0045b056 ; jle 0x45b056 push 0x20 lea eax, [esp + 4] push eax call edi add esp, 8 dec dword [esp + 4] jmp short loc_0045b03d ; jmp 0x45b03d loc_0045b056: lea eax, [esp + 0x38] mov dword [esp + 0x68], eax loc_0045b05e: cmp dword [esp + 0x20], 0 jle short loc_0045b08c ; jle 0x45b08c mov edx, dword [esp + 0x68] xor eax, eax mov al, byte [edx] push eax lea eax, [esp + 4] push eax call edi add esp, 8 mov eax, dword [esp + 0x68] mov edx, dword [esp + 0x20] inc eax dec edx mov dword [esp + 0x68], eax mov dword [esp + 0x20], edx jmp short loc_0045b05e ; jmp 0x45b05e loc_0045b08c: cmp dword [esp + 0x24], 0 jle short loc_0045b0a5 ; jle 0x45b0a5 push 0x30 lea eax, [esp + 4] push eax call edi add esp, 8 dec dword [esp + 0x24] jmp short loc_0045b08c ; jmp 0x45b08c loc_0045b0a5: mov cl, byte [esp + 0x15] cmp cl, 0x73 jne short loc_0045b0f5 ; jne 0x45b0f5 test byte [esp + 0x1e], 0x20 je short loc_0045b0ce ; je 0x45b0ce loc_0045b0b5: push edi lea eax, [esp + 4] push eax xor eax, eax mov ax, word [esp + 0x74] push eax push esi call fcn_0045b5b2 ; call 0x45b5b2 add esp, 0x10 jmp short loc_0045b121 ; jmp 0x45b121 loc_0045b0ce: mov es, word [esp + 0x6c] loc_0045b0d2: cmp dword [esp + 0x28], 0 jle short loc_0045b121 ; jle 0x45b121 xor eax, eax mov al, byte [es:esi] push eax lea eax, [esp + 4] push eax call edi add esp, 8 mov edx, dword [esp + 0x28] dec edx inc esi mov dword [esp + 0x28], edx jmp short loc_0045b0d2 ; jmp 0x45b0d2 loc_0045b0f5: cmp cl, 0x53 je short loc_0045b0b5 ; je 0x45b0b5 mov es, word [esp + 0x6c] loc_0045b0fe: cmp dword [esp + 0x28], 0 jle short loc_0045b121 ; jle 0x45b121 xor eax, eax mov al, byte [es:esi] push eax lea eax, [esp + 4] push eax call edi add esp, 8 mov ecx, dword [esp + 0x28] dec ecx inc esi mov dword [esp + 0x28], ecx jmp short loc_0045b0fe ; jmp 0x45b0fe loc_0045b121: cmp dword [esp + 0x2c], 0 jle short loc_0045b13a ; jle 0x45b13a push 0x30 lea eax, [esp + 4] push eax call edi add esp, 8 dec dword [esp + 0x2c] jmp short loc_0045b121 ; jmp 0x45b121 loc_0045b13a: mov es, word [esp + 0x6c] loc_0045b13e: cmp dword [esp + 0x30], 0 jle short loc_0045b161 ; jle 0x45b161 xor eax, eax mov al, byte [es:esi] push eax lea eax, [esp + 4] push eax call edi add esp, 8 mov ecx, dword [esp + 0x30] dec ecx inc esi mov dword [esp + 0x30], ecx jmp short loc_0045b13e ; jmp 0x45b13e loc_0045b161: cmp dword [esp + 0x34], 0 jle short loc_0045b17a ; jle 0x45b17a push 0x30 lea eax, [esp + 4] push eax call edi add esp, 8 dec dword [esp + 0x34] jmp short loc_0045b161 ; jmp 0x45b161 loc_0045b17a: test byte [esp + 0x1e], 8 je near loc_0045af29 ; je 0x45af29 loc_0045b185: cmp dword [esp + 4], 0 jle near loc_0045af29 ; jle 0x45af29 push 0x20 lea eax, [esp + 4] push eax call edi add esp, 8 dec dword [esp + 4] jmp short loc_0045b185 ; jmp 0x45b185 loc_0045b1a2: mov eax, dword [esp + 0x10] add esp, 0x74 loc_0045b1a9: pop ebp pop es pop edi pop esi pop ebx ret fcn_0045b1af: push ebx push esi push edi mov eax, dword [esp + 0x10] mov esi, dword [esp + 0x14] mov ebx, dword [esp + 0x18] push ebx push eax mov byte [ebx + 0x16], 0x20 call fcn_0045b30b ; call 0x45b30b mov dword [ebx + 4], 0 mov cl, byte [eax] add esp, 8 cmp cl, 0x2a jne short loc_0045b1fe ; jne 0x45b1fe mov edx, dword [esi] add edx, 4 mov dword [esi], edx mov edx, dword [edx - 4] mov dword [ebx + 4], edx test edx, edx jge short loc_0045b1fb ; jge 0x45b1fb mov edi, edx mov ch, byte [ebx + 0x1e] neg edi or ch, 8 mov dword [ebx + 4], edi mov byte [ebx + 0x1e], ch loc_0045b1fb: inc eax jmp short loc_0045b21d ; jmp 0x45b21d loc_0045b1fe: mov dl, byte [eax] cmp dl, 0x30 jb short loc_0045b21d ; jb 0x45b21d cmp dl, 0x39 ja short loc_0045b21d ; ja 0x45b21d imul ecx, dword [ebx + 4], 0xa xor edx, edx mov dl, byte [eax] sub edx, 0x30 add ecx, edx inc eax mov dword [ebx + 4], ecx jmp short loc_0045b1fe ; jmp 0x45b1fe loc_0045b21d: mov dword [ebx + 8], 0xffffffff cmp byte [eax], 0x2e jne short loc_0045b27a ; jne 0x45b27a inc eax mov dword [ebx + 8], 0 cmp byte [eax], 0x2a jne short loc_0045b251 ; jne 0x45b251 mov edx, dword [esi] add edx, 4 mov dword [esi], edx mov edx, dword [edx - 4] mov dword [ebx + 8], edx test edx, edx jge short loc_0045b24e ; jge 0x45b24e mov dword [ebx + 8], 0xffffffff loc_0045b24e: inc eax jmp short loc_0045b270 ; jmp 0x45b270 loc_0045b251: mov dl, byte [eax] cmp dl, 0x30 jb short loc_0045b270 ; jb 0x45b270 cmp dl, 0x39 ja short loc_0045b270 ; ja 0x45b270 imul ecx, dword [ebx + 8], 0xa xor edx, edx mov dl, byte [eax] sub edx, 0x30 add ecx, edx inc eax mov dword [ebx + 8], ecx jmp short loc_0045b251 ; jmp 0x45b251 loc_0045b270: cmp dword [ebx + 8], 0xffffffff je short loc_0045b27a ; je 0x45b27a mov byte [ebx + 0x16], 0x20 loc_0045b27a: mov dl, byte [eax] lea ecx, [eax + 1] cmp dl, 0x4e jb short loc_0045b2a3 ; jb 0x45b2a3 jbe near loc_0045b301 ; jbe 0x45b301 cmp dl, 0x6c jb short loc_0045b29a ; jb 0x45b29a jbe short loc_0045b2bc ; jbe 0x45b2bc cmp dl, 0x77 je short loc_0045b2bc ; je 0x45b2bc pop edi pop esi pop ebx ret loc_0045b29a: cmp dl, 0x68 je short loc_0045b2ca ; je 0x45b2ca pop edi pop esi pop ebx ret loc_0045b2a3: cmp dl, 0x49 jb short loc_0045b2b3 ; jb 0x45b2b3 jbe short loc_0045b2d0 ; jbe 0x45b2d0 cmp dl, 0x4c je short loc_0045b2ec ; je 0x45b2ec pop edi pop esi pop ebx ret loc_0045b2b3: cmp dl, 0x46 je short loc_0045b2fb ; je 0x45b2fb pop edi pop esi pop ebx ret loc_0045b2bc: mov cl, byte [ebx + 0x1e] or cl, 0x20 inc eax mov byte [ebx + 0x1e], cl pop edi pop esi pop ebx ret loc_0045b2ca: or byte [ebx + 0x1e], 0x10 jmp short loc_0045b305 ; jmp 0x45b305 loc_0045b2d0: cmp byte [eax + 1], 0x36 jne short loc_0045b307 ; jne 0x45b307 cmp byte [eax + 2], 0x34 jne short loc_0045b307 ; jne 0x45b307 mov ch, byte [ebx + 0x1f] or ch, 1 add eax, 3 mov byte [ebx + 0x1f], ch pop edi pop esi pop ebx ret loc_0045b2ec: mov dl, byte [ebx + 0x1f] or dl, 1 mov eax, ecx mov byte [ebx + 0x1f], dl pop edi pop esi pop ebx ret loc_0045b2fb: or byte [ebx + 0x1e], 0x80 jmp short loc_0045b305 ; jmp 0x45b305 loc_0045b301: or byte [ebx + 0x1e], 0x40 loc_0045b305: mov eax, ecx loc_0045b307: pop edi pop esi pop ebx ret fcn_0045b30b: push ebx mov edx, dword [esp + 8] mov eax, dword [esp + 0xc] mov word [eax + 0x1e], 0 loc_0045b31a: mov bl, byte [edx] cmp bl, 0x2d jne short loc_0045b327 ; jne 0x45b327 or byte [eax + 0x1e], 8 jmp short loc_0045b369 ; jmp 0x45b369 loc_0045b327: cmp bl, 0x23 jne short loc_0045b332 ; jne 0x45b332 or byte [eax + 0x1e], 1 jmp short loc_0045b369 ; jmp 0x45b369 loc_0045b332: cmp bl, 0x2b jne short loc_0045b34a ; jne 0x45b34a mov ch, byte [eax + 0x1e] or ch, 4 mov bl, ch mov byte [eax + 0x1e], ch and bl, 0xfd mov byte [eax + 0x1e], bl jmp short loc_0045b369 ; jmp 0x45b369 loc_0045b34a: cmp bl, 0x20 jne short loc_0045b361 ; jne 0x45b361 mov bh, byte [eax + 0x1e] test bh, 4 jne short loc_0045b369 ; jne 0x45b369 mov cl, bh or cl, 2 mov byte [eax + 0x1e], cl jmp short loc_0045b369 ; jmp 0x45b369 loc_0045b361: cmp bl, 0x30 jne short loc_0045b36c ; jne 0x45b36c mov byte [eax + 0x16], bl loc_0045b369: inc edx jmp short loc_0045b31a ; jmp 0x45b31a loc_0045b36c: mov eax, edx pop ebx ret fcn_0045b370: push ebx push esi push es mov ebx, dword [esp + 0x10] mov esi, dword [esp + 0x18] mov es, word [esp + 0x14] xor eax, eax loc_0045b381: mov edx, ebx mov cl, byte [es:edx] inc ebx test cl, cl je short loc_0045b392 ; je 0x45b392 cmp eax, esi je short loc_0045b392 ; je 0x45b392 inc eax jmp short loc_0045b381 ; jmp 0x45b381 loc_0045b392: pop es pop esi pop ebx ret fcn_0045b396: push ebx push esi push edi push es sub esp, 4 mov edi, dword [esp + 0x20] les ebx, [esp + 0x18] xor esi, esi cmp edi, 0xffffffff jne short loc_0045b3d8 ; jne 0x45b3d8 loc_0045b3ac: mov cx, word [es:ebx] test cx, cx je short loc_0045b3d4 ; je 0x45b3d4 xor eax, eax mov ax, cx push eax lea eax, [esp + 4] push eax add ebx, 2 call fcn_0045ce30 ; call 0x45ce30 add esp, 8 cmp eax, 0xffffffff je short loc_0045b3ac ; je 0x45b3ac add esi, eax jmp short loc_0045b3ac ; jmp 0x45b3ac loc_0045b3d4: mov eax, esi jmp short loc_0045b40a ; jmp 0x45b40a loc_0045b3d8: mov dx, word [es:ebx] test dx, dx je short loc_0045b404 ; je 0x45b404 cmp esi, edi jg short loc_0045b404 ; jg 0x45b404 xor eax, eax mov ax, dx push eax lea eax, [esp + 4] push eax add ebx, 2 call fcn_0045ce30 ; call 0x45ce30 add esp, 8 cmp eax, 0xffffffff je short loc_0045b3d8 ; je 0x45b3d8 add esi, eax jmp short loc_0045b3d8 ; jmp 0x45b3d8 loc_0045b404: cmp esi, edi jle short loc_0045b3d4 ; jle 0x45b3d4 mov eax, edi loc_0045b40a: add esp, 4 pop es pop edi pop esi pop ebx ret fcn_0045b412: push ebx push esi push edi push ebp mov ebp, dword [esp + 0x18] push 0x10 push ebp mov edx, dword [esp + 0x1c] push edx call fcn_00457d61 ; call 0x457d61 add esp, 0xc mov edi, ebp push es mov eax, ds mov es, eax sub ecx, ecx dec ecx xor eax, eax repne scasb ; repne scasb al, byte es:[edi] not ecx dec ecx pop es mov eax, dword [esp + 0x1c] mov esi, ebp dec eax lea edx, [ecx + ebp] lea ebx, [eax + ebp] jmp short loc_0045b452 ; jmp 0x45b452 loc_0045b44b: dec edx mov cl, byte [edx] dec eax mov byte [ebx], cl dec ebx loc_0045b452: cmp edx, esi jne short loc_0045b44b ; jne 0x45b44b lea edx, [eax + ebp] loc_0045b459: test eax, eax jl short loc_0045b464 ; jl 0x45b464 dec eax mov byte [edx], 0x30 dec edx jmp short loc_0045b459 ; jmp 0x45b459 loc_0045b464: add ebp, dword [esp + 0x1c] mov byte [ebp], 0 pop ebp pop edi pop esi pop ebx ret fcn_0045b471: push ebx push esi push edi sub esp, 4 mov ebx, dword [esp + 0x14] mov eax, dword [esp + 0x18] mov esi, dword [esp + 0x1c] mov dword [esp], eax test eax, eax jge short loc_0045b495 ; jge 0x45b495 mov edx, eax mov byte [ebx], 0x2d neg edx inc ebx mov dword [esp], edx loc_0045b495: cmp dword [esi + 8], 0xffffffff jne short loc_0045b4a2 ; jne 0x45b4a2 mov dword [esi + 8], 4 loc_0045b4a2: push 0xa xor eax, eax push ebx mov ax, word [esp + 0xa] push eax call fcn_00457d61 ; call 0x457d61 add esp, 0xc mov ecx, ebx loc_0045b4b7: mov ah, byte [ebx] lea edx, [ebx + 1] test ah, ah je short loc_0045b4c4 ; je 0x45b4c4 mov ebx, edx jmp short loc_0045b4b7 ; jmp 0x45b4b7 loc_0045b4c4: cmp dword [esi + 8], 0 je short loc_0045b4f6 ; je 0x45b4f6 mov byte [ebx], 0x2e xor eax, eax mov ebx, edx jmp short loc_0045b4ee ; jmp 0x45b4ee loc_0045b4d3: xor edx, edx mov word [esp + 2], dx mov edi, dword [esp] imul edx, edi, 0xa mov dword [esp], edx mov dl, byte [esp + 2] add dl, 0x30 inc eax mov byte [ebx], dl inc ebx loc_0045b4ee: cmp eax, dword [esi + 8] jl short loc_0045b4d3 ; jl 0x45b4d3 mov byte [ebx], 0 loc_0045b4f6: test byte [esp + 1], 0x80 je short loc_0045b54d ; je 0x45b54d loc_0045b4fd: cmp ebx, ecx jne short loc_0045b533 ; jne 0x45b533 lea ebx, [ecx + 1] mov byte [ecx], 0x31 loc_0045b507: mov dl, byte [ebx] lea eax, [ebx + 1] cmp dl, 0x30 jne short loc_0045b515 ; jne 0x45b515 mov ebx, eax jmp short loc_0045b507 ; jmp 0x45b507 loc_0045b515: cmp dl, 0x2e jne short loc_0045b52a ; jne 0x45b52a mov byte [ebx], 0x30 lea ebx, [eax + 1] mov byte [eax], dl loc_0045b522: cmp byte [ebx], 0x30 jne short loc_0045b52a ; jne 0x45b52a inc ebx jmp short loc_0045b522 ; jmp 0x45b522 loc_0045b52a: mov byte [ebx], 0x30 inc ebx mov byte [ebx], 0 jmp short loc_0045b54d ; jmp 0x45b54d loc_0045b533: dec ebx cmp byte [ebx], 0x2e jne short loc_0045b53a ; jne 0x45b53a dec ebx loc_0045b53a: mov al, byte [ebx] cmp al, 0x39 je short loc_0045b548 ; je 0x45b548 mov ah, al inc ah mov byte [ebx], ah jmp short loc_0045b54d ; jmp 0x45b54d loc_0045b548: mov byte [ebx], 0x30 jmp short loc_0045b4fd ; jmp 0x45b4fd loc_0045b54d: add esp, 4 pop edi pop esi pop ebx ret fcn_0045b554: push ebx mov edx, dword [esp + 0x10] push edx mov ebx, dword [esp + 0x10] push ebx mov ecx, dword [esp + 0x10] push ecx call dword [ref_004895a8] ; ucall: call dword [0x4895a8] add esp, 0xc pop ebx ret fcn_0045b56f: push ebx push esi push edi push ebp mov eax, dword [esp + 0x14] test byte [eax + 0x1e], 8 jne short loc_0045b5ad ; jne 0x45b5ad cmp byte [eax + 0x16], 0x30 jne short loc_0045b5ad ; jne 0x45b5ad mov edx, dword [eax + 4] mov ebx, dword [eax + 0x20] mov ecx, dword [eax + 0x24] sub edx, ebx mov esi, dword [eax + 0x28] sub edx, ecx mov edi, dword [eax + 0x2c] sub edx, esi mov ebp, dword [eax + 0x30] sub edx, edi mov ebx, dword [eax + 0x34] sub edx, ebp sub edx, ebx test edx, edx jle short loc_0045b5ad ; jle 0x45b5ad add ecx, edx mov dword [eax + 0x24], ecx loc_0045b5ad: pop ebp pop edi pop esi loc_0045b5b0: pop ebx ret fcn_0045b5b2: push ebx push esi push edi push es push ebp sub esp, 4 mov ebp, dword [esp + 0x1c] mov ebx, dword [esp + 0x24] mov es, word [esp + 0x20] loc_0045b5c6: cmp dword [ebx + 0x28], 0 jle short loc_0045b616 ; jle 0x45b616 xor eax, eax mov ax, word [es:ebp] push eax lea eax, [esp + 4] push eax add ebp, 2 call fcn_0045ce30 ; call 0x45ce30 add esp, 8 mov edi, eax cmp eax, 0xffffffff je short loc_0045b5c6 ; je 0x45b5c6 cmp eax, dword [ebx + 0x28] jg short loc_0045b60f ; jg 0x45b60f mov esi, esp loc_0045b5f2: dec edi cmp edi, 0xffffffff je short loc_0045b5c6 ; je 0x45b5c6 xor eax, eax mov al, byte [esi] push eax push ebx call dword [esp + 0x30] ; ucall mov eax, dword [ebx + 0x28] inc esi dec eax add esp, 8 mov dword [ebx + 0x28], eax jmp short loc_0045b5f2 ; jmp 0x45b5f2 loc_0045b60f: mov dword [ebx + 0x28], 0 loc_0045b616: add esp, 4 jmp near loc_0045b1a9 ; jmp 0x45b1a9 fcn_0045b61e: push ebx push esi push edi push es push ebp sub esp, 0x10 mov esi, dword [esp + 0x28] mov edx, dword [esp + 0x2c] mov ebx, dword [esp + 0x30] mov dword [ebx + 0x20], 0 mov dword [ebx + 0x24], 0 mov dword [ebx + 0x28], 0 mov dword [ebx + 0x2c], 0 mov word [esp + 0xc], ds mov dword [ebx + 0x30], 0 mov edi, esi mov al, byte [ebx + 0x15] mov dword [ebx + 0x34], 0 cmp al, 0x69 jb short loc_0045b682 ; jb 0x45b682 jbe near loc_0045b6ef ; jbe 0x45b6ef cmp al, 0x75 jb short loc_0045b67e ; jb 0x45b67e jbe short loc_0045b695 ; jbe 0x45b695 cmp al, 0x78 loc_0045b677: je short loc_0045b695 ; je 0x45b695 jmp near loc_0045b7b8 ; jmp 0x45b7b8 loc_0045b67e: cmp al, 0x6f jmp short loc_0045b677 ; jmp 0x45b677 loc_0045b682: cmp al, 0x58 jb near loc_0045b7b8 ; jb 0x45b7b8 jbe short loc_0045b695 ; jbe 0x45b695 cmp al, 0x64 je short loc_0045b6ef ; je 0x45b6ef jmp near loc_0045b7b8 ; jmp 0x45b7b8 loc_0045b695: test byte [ebx + 0x1f], 1 je short loc_0045b6bb ; je 0x45b6bb mov ebp, dword [edx] add ebp, 4 mov dword [edx], ebp mov eax, dword [ebp - 4] mov dword [esp], eax mov eax, dword [edx] add eax, 4 mov dword [edx], eax mov eax, dword [eax - 4] loc_0045b6b2: mov dword [esp + 4], eax jmp near loc_0045b7b8 ; jmp 0x45b7b8 loc_0045b6bb: test byte [ebx + 0x1e], 0x20 je short loc_0045b6d0 ; je 0x45b6d0 mov ecx, dword [edx] add ecx, 4 mov dword [edx], ecx mov ecx, dword [ecx - 4] jmp near loc_0045b7b8 ; jmp 0x45b7b8 loc_0045b6d0: mov eax, dword [edx] add eax, 4 mov dword [edx], eax mov ecx, dword [eax - 4] test byte [ebx + 0x1e], 0x10 je near loc_0045b7b8 ; je 0x45b7b8 and ecx, 0xffff jmp near loc_0045b7b8 ; jmp 0x45b7b8 loc_0045b6ef: test byte [ebx + 0x1f], 1 je short loc_0045b712 ; je 0x45b712 mov eax, dword [edx] add eax, 4 mov dword [edx], eax mov eax, dword [eax - 4] mov dword [esp], eax mov ebp, dword [edx] add ebp, 4 mov dword [edx], ebp mov eax, dword [ebp - 4] mov dword [esp + 4], eax jmp short loc_0045b738 ; jmp 0x45b738 loc_0045b712: test byte [ebx + 0x1e], 0x20 je short loc_0045b724 ; je 0x45b724 mov ebp, dword [edx] add ebp, 4 mov dword [edx], ebp mov ecx, dword [ebp - 4] jmp short loc_0045b738 ; jmp 0x45b738 loc_0045b724: mov ecx, dword [edx] add ecx, 4 mov dword [edx], ecx mov al, byte [ebx + 0x1e] mov ecx, dword [ecx - 4] test al, 0x10 je short loc_0045b738 ; je 0x45b738 movsx ecx, cx loc_0045b738: xor eax, eax test byte [ebx + 0x1f], 1 je short loc_0045b749 ; je 0x45b749 test byte [esp + 7], 0x80 je short loc_0045b74d ; je 0x45b74d jmp short loc_0045b751 ; jmp 0x45b751 loc_0045b749: test ecx, ecx jl short loc_0045b751 ; jl 0x45b751 loc_0045b74d: test eax, eax je short loc_0045b78f ; je 0x45b78f loc_0045b751: mov eax, dword [ebx + 0x20] lea ebp, [eax + 1] mov dword [ebx + 0x20], ebp mov byte [esi + eax], 0x2d test byte [ebx + 0x1f], 1 je short loc_0045b78b ; je 0x45b78b mov eax, dword [esp] mov ebp, dword [esp + 4] not eax not ebp mov dword [esp], eax mov dword [esp + 4], ebp inc eax mov dword [esp], eax jne short loc_0045b784 ; jne 0x45b784 lea eax, [ebp + 1] jmp near loc_0045b6b2 ; jmp 0x45b6b2 loc_0045b784: mov eax, ebp jmp near loc_0045b6b2 ; jmp 0x45b6b2 loc_0045b78b: neg ecx jmp short loc_0045b7b8 ; jmp 0x45b7b8 loc_0045b78f: mov ah, byte [ebx + 0x1e] test ah, 4 je short loc_0045b7a6 ; je 0x45b7a6 mov eax, dword [ebx + 0x20] lea ebp, [eax + 1] mov dword [ebx + 0x20], ebp mov byte [esi + eax], 0x2b jmp short loc_0045b7b8 ; jmp 0x45b7b8 loc_0045b7a6: test ah, 2 je short loc_0045b7b8 ; je 0x45b7b8 mov eax, dword [ebx + 0x20] lea ebp, [eax + 1] mov dword [ebx + 0x20], ebp mov byte [esi + eax], 0x20 loc_0045b7b8: mov al, byte [ebx + 0x15] mov ebp, 0xa cmp al, 0x64 jb short loc_0045b825 ; jb 0x45b825 jbe near loc_0045b9ed ; jbe 0x45b9ed cmp al, 0x6f jb short loc_0045b806 ; jb 0x45b806 jbe near loc_0045b9cd ; jbe 0x45b9cd cmp al, 0x73 jb short loc_0045b7f9 ; jb 0x45b7f9 jbe near loc_0045b8c3 ; jbe 0x45b8c3 cmp al, 0x75 jb near loc_0045bbe0 ; jb 0x45bbe0 jbe near loc_0045b9ed ; jbe 0x45b9ed cmp al, 0x78 je near loc_0045b98d ; je 0x45b98d jmp near loc_0045bbe0 ; jmp 0x45bbe0 loc_0045b7f9: cmp al, 0x70 loc_0045b7fb: je near loc_0045baaf ; je 0x45baaf jmp near loc_0045bbe0 ; jmp 0x45bbe0 loc_0045b806: cmp al, 0x66 jb near loc_0045b8a3 ; jb 0x45b8a3 jbe short loc_0045b86d ; jbe 0x45b86d cmp al, 0x67 jbe near loc_0045b8a3 ; jbe 0x45b8a3 cmp al, 0x69 je near loc_0045b9ed ; je 0x45b9ed jmp near loc_0045bbe0 ; jmp 0x45bbe0 loc_0045b825: cmp al, 0x47 jb short loc_0045b858 ; jb 0x45b858 jbe near loc_0045b8a3 ; jbe 0x45b8a3 cmp al, 0x53 jb short loc_0045b854 ; jb 0x45b854 jbe near loc_0045b8c3 ; jbe 0x45b8c3 cmp al, 0x58 jb near loc_0045bbe0 ; jb 0x45bbe0 jbe near loc_0045b98d ; jbe 0x45b98d cmp al, 0x63 je near loc_0045bb3d ; je 0x45bb3d jmp near loc_0045bbe0 ; jmp 0x45bbe0 loc_0045b854: cmp al, 0x50 jmp short loc_0045b7fb ; jmp 0x45b7fb loc_0045b858: cmp al, 0x45 jb short loc_0045b860 ; jb 0x45b860 jbe short loc_0045b8a3 ; jbe 0x45b8a3 jmp short loc_0045b86d ; jmp 0x45b86d loc_0045b860: cmp al, 0x43 je near loc_0045bbb2 ; je 0x45bbb2 jmp near loc_0045bbe0 ; jmp 0x45bbe0 loc_0045b86d: test byte [ebx + 0x1e], 0x10 je short loc_0045b8a3 ; je 0x45b8a3 mov ebp, dword [edx] add ebp, 4 mov dword [edx], ebp push ebx mov ecx, dword [ebp - 4] push ecx push esi call fcn_0045b471 ; call 0x45b471 add esp, 0xc mov eax, ds push 0xffffffffffffffff and eax, 0xffff push eax push esi call fcn_0045b370 ; call 0x45b370 add esp, 0xc mov dword [ebx + 0x28], eax jmp near loc_0045bbf3 ; jmp 0x45bbf3 loc_0045b8a3: push ebx push edx push esi call fcn_0045b554 ; call 0x45b554 add esp, 0xc push ebx call fcn_0045b56f ; call 0x45b56f add esp, 4 lea edi, [esi + 1] mov word [esp + 0xc], ds jmp near loc_0045bbf3 ; jmp 0x45bbf3 loc_0045b8c3: mov byte [esi], 0 mov ch, byte [ebx + 0x1e] test ch, 0x80 je short loc_0045b8eb ; je 0x45b8eb mov esi, dword [edx] add esi, 8 mov dword [edx], esi mov eax, dword [esi - 8] mov dx, word [esi - 4] test eax, eax jne short loc_0045b8e5 ; jne 0x45b8e5 test dx, dx je short loc_0045b918 ; je 0x45b918 loc_0045b8e5: mov dword [esp + 0xc], edx jmp short loc_0045b916 ; jmp 0x45b916 loc_0045b8eb: test ch, 0x40 je short loc_0045b904 ; je 0x45b904 mov ecx, dword [edx] add ecx, 4 mov dword [edx], ecx mov eax, dword [ecx - 4] test eax, eax je short loc_0045b918 ; je 0x45b918 mov word [esp + 0xc], ds jmp short loc_0045b916 ; jmp 0x45b916 loc_0045b904: mov eax, dword [edx] add eax, 4 mov dword [edx], eax mov eax, dword [eax - 4] test eax, eax je short loc_0045b918 ; je 0x45b918 mov word [esp + 0xc], ds loc_0045b916: mov edi, eax loc_0045b918: cmp byte [ebx + 0x15], 0x53 jne short loc_0045b94c ; jne 0x45b94c test byte [ebx + 0x1e], 0x10 je short loc_0045b938 ; je 0x45b938 mov ecx, dword [ebx + 8] xor eax, eax push ecx mov ax, word [esp + 0x10] push eax push edi call fcn_0045b370 ; call 0x45b370 jmp short loc_0045b96c ; jmp 0x45b96c loc_0045b938: mov edx, dword [ebx + 8] xor eax, eax push edx loc_0045b93e: mov ax, word [esp + 0x10] push eax push edi call fcn_0045b396 ; call 0x45b396 jmp short loc_0045b96c ; jmp 0x45b96c loc_0045b94c: test byte [ebx + 0x1e], 0x20 je short loc_0045b95a ; je 0x45b95a mov eax, dword [ebx + 8] push eax xor eax, eax jmp short loc_0045b93e ; jmp 0x45b93e loc_0045b95a: mov ebp, dword [ebx + 8] xor eax, eax push ebp mov ax, word [esp + 0x10] push eax push edi call fcn_0045b370 ; call 0x45b370 loc_0045b96c: add esp, 0xc mov esi, dword [ebx + 8] mov dword [ebx + 0x28], eax test esi, esi jl near loc_0045bbf3 ; jl 0x45bbf3 cmp eax, esi jle near loc_0045bbf3 ; jle 0x45bbf3 mov dword [ebx + 0x28], esi jmp near loc_0045bbf3 ; jmp 0x45bbf3 loc_0045b98d: test byte [ebx + 0x1e], 1 je short loc_0045b9c8 ; je 0x45b9c8 test byte [ebx + 0x1f], 1 je short loc_0045b9a8 ; je 0x45b9a8 cmp dword [esp], 0 jne short loc_0045b9ac ; jne 0x45b9ac cmp dword [esp + 4], 0 je short loc_0045b9c8 ; je 0x45b9c8 jmp short loc_0045b9ac ; jmp 0x45b9ac loc_0045b9a8: test ecx, ecx je short loc_0045b9c8 ; je 0x45b9c8 loc_0045b9ac: mov eax, dword [ebx + 0x20] lea edx, [eax + 1] mov dword [ebx + 0x20], edx mov byte [esi + eax], 0x30 mov eax, dword [ebx + 0x20] lea edx, [eax + 1] mov dword [ebx + 0x20], edx mov dl, byte [ebx + 0x15] mov byte [esi + eax], dl loc_0045b9c8: mov ebp, 0x10 loc_0045b9cd: cmp byte [ebx + 0x15], 0x6f jne short loc_0045b9ed ; jne 0x45b9ed mov ah, byte [ebx + 0x1e] mov ebp, 8 test ah, 1 je short loc_0045b9ed ; je 0x45b9ed mov eax, dword [ebx + 0x20] lea edx, [eax + 1] mov dword [ebx + 0x20], edx mov byte [esi + eax], 0x30 loc_0045b9ed: mov eax, dword [ebx + 0x20] mov word [esp + 0xc], ds add eax, esi mov dl, byte [ebx + 0x1f] mov edi, eax test dl, 1 je short loc_0045ba46 ; je 0x45ba46 cmp dword [ebx + 8], 0 jne short loc_0045ba1f ; jne 0x45ba1f cmp dword [esp], 0 jne short loc_0045ba1f ; jne 0x45ba1f cmp dword [esp + 4], 0 jne short loc_0045ba1f ; jne 0x45ba1f loc_0045ba13: mov es, word [esp + 0xc] mov byte [es:eax], 0 xor eax, eax jmp short loc_0045ba84 ; jmp 0x45ba84 loc_0045ba1f: mov eax, dword [ebx + 0x20] push ebp add eax, esi push eax lea eax, [esp + 8] push eax call fcn_0045ce67 ; call 0x45ce67 mov cl, byte [ebx + 0x15] add esp, 0xc cmp cl, 0x58 jne short loc_0045ba71 ; jne 0x45ba71 push esi call fcn_0045bc01 ; call 0x45bc01 add esp, 4 jmp short loc_0045ba71 ; jmp 0x45ba71 loc_0045ba46: cmp dword [ebx + 8], 0 jne short loc_0045ba50 ; jne 0x45ba50 test ecx, ecx je short loc_0045ba13 ; je 0x45ba13 loc_0045ba50: mov eax, dword [ebx + 0x20] push ebp add eax, esi push eax push ecx call fcn_0045cf75 ; call 0x45cf75 mov dh, byte [ebx + 0x15] add esp, 0xc cmp dh, 0x58 jne short loc_0045ba71 ; jne 0x45ba71 push esi call fcn_0045bc01 ; call 0x45bc01 add esp, 4 loc_0045ba71: xor eax, eax push 0xffffffffffffffff mov ax, word [esp + 0x10] push eax push edi call fcn_0045b370 ; call 0x45b370 add esp, 0xc loc_0045ba84: mov edx, eax mov esi, dword [ebx + 8] mov dword [ebx + 0x28], eax cmp eax, esi jge short loc_0045ba97 ; jge 0x45ba97 mov eax, esi sub eax, edx mov dword [ebx + 0x24], eax loc_0045ba97: cmp dword [ebx + 8], 0xffffffff jne near loc_0045bbf3 ; jne 0x45bbf3 push ebx call fcn_0045b56f ; call 0x45b56f add esp, 4 jmp near loc_0045bbf3 ; jmp 0x45bbf3 loc_0045baaf: cmp dword [ebx + 4], 0 jne short loc_0045bacb ; jne 0x45bacb test byte [ebx + 0x1e], 0x80 je short loc_0045bac4 ; je 0x45bac4 mov dword [ebx + 4], 0xd jmp short loc_0045bacb ; jmp 0x45bacb loc_0045bac4: mov dword [ebx + 4], 8 loc_0045bacb: and byte [ebx + 0x1e], 0xf9 mov ecx, dword [edx] add ecx, 4 mov dword [edx], ecx mov eax, ecx mov ebp, dword [ecx - 4] test byte [ebx + 0x1e], 0x80 je short loc_0045bb07 ; je 0x45bb07 add eax, 4 mov dword [edx], eax push 4 mov eax, dword [eax - 4] push esi and eax, 0xffff push eax call fcn_0045b412 ; call 0x45b412 add esp, 0xc push 8 lea eax, [esi + 5] push eax push ebp mov byte [esi + 4], 0x3a jmp short loc_0045bb0b ; jmp 0x45bb0b loc_0045bb07: push 8 push esi push ebp loc_0045bb0b: call fcn_0045b412 ; call 0x45b412 add esp, 0xc cmp byte [ebx + 0x15], 0x50 jne short loc_0045bb22 ; jne 0x45bb22 push esi call fcn_0045bc01 ; call 0x45bc01 add esp, 4 loc_0045bb22: xor eax, eax push 0xffffffffffffffff mov ax, word [esp + 0x10] push eax push edi call fcn_0045b370 ; call 0x45b370 add esp, 0xc loc_0045bb35: mov dword [ebx + 0x20], eax jmp near loc_0045bbf3 ; jmp 0x45bbf3 loc_0045bb3d: mov ah, byte [ebx + 0x1e] mov dword [ebx + 0x20], 1 test ah, 0x20 je short loc_0045bba4 ; je 0x45bba4 mov ecx, dword [edx] add ecx, 4 mov dword [edx], ecx mov ax, word [ecx - 4] and eax, 0xffff push eax lea eax, [esp + 0xc] push eax call fcn_0045ce30 ; call 0x45ce30 add esp, 8 cmp eax, 0xffffffff je near loc_0045bbf3 ; je 0x45bbf3 mov al, byte [esp + 8] mov ebp, dword [ref_00499958] ; mov ebp, dword [0x499958] mov byte [esi], al test ebp, ebp je short loc_0045bbf3 ; je 0x45bbf3 xor eax, eax mov al, byte [esp + 8] mov al, byte [eax + ref_0049995d] ; mov al, byte [eax + 0x49995d] and al, 1 and eax, 0xff je short loc_0045bbf3 ; je 0x45bbf3 mov al, byte [esp + 9] mov byte [esi + 1], al inc dword [ebx + 0x20] jmp short loc_0045bbf3 ; jmp 0x45bbf3 loc_0045bba4: mov ebx, dword [edx] add ebx, 4 mov dword [edx], ebx mov al, byte [ebx - 4] mov byte [esi], al jmp short loc_0045bbf3 ; jmp 0x45bbf3 loc_0045bbb2: mov eax, dword [edx] add eax, 4 mov dword [edx], eax mov ax, word [eax - 4] and eax, 0xffff push eax push esi call fcn_0045ce30 ; call 0x45ce30 add esp, 8 mov edx, eax cmp eax, 0xffffffff jne near loc_0045bb35 ; jne 0x45bb35 mov dword [ebx + 0x20], 0 jmp short loc_0045bbf3 ; jmp 0x45bbf3 loc_0045bbe0: mov dword [ebx + 4], 0 mov al, byte [ebx + 0x15] mov byte [esi], al mov dword [ebx + 0x20], 1 loc_0045bbf3: mov edx, dword [esp + 0xc] mov eax, edi add esp, 0x10 jmp near loc_0045b1a9 ; jmp 0x45b1a9 fcn_0045bc01: push ebx mov ebx, dword [esp + 8] loc_0045bc06: cmp byte [ebx], 0 je near loc_0045b5b0 ; je 0x45b5b0 xor eax, eax mov al, byte [ebx] push eax call fcn_0045d016 ; call 0x45d016 add esp, 4 mov byte [ebx], al inc ebx jmp short loc_0045bc06 ; jmp 0x45bc06 fcn_0045bc21: push ebx push esi mov ah, byte [ref_00488fdd] ; mov ah, byte [0x488fdd] and ah, 0xf8 mov dl, ah mov byte [ref_00488fdd], ah ; mov byte [0x488fdd], ah or dl, 4 mov ebx, ref_00488f9c ; mov ebx, 0x488f9c mov byte [ref_00488fdd], dl ; mov byte [0x488fdd], dl jmp short loc_0045bca1 ; jmp 0x45bca1 loc_0045bc44: push 0x1d call fcn_00456f8e ; call 0x456f8e mov esi, eax add esp, 4 test eax, eax jne short loc_0045bc73 ; jne 0x45bc73 push 0x1d call fcn_00456f80 ; call 0x456f80 add esp, 4 mov esi, eax test eax, eax jne short loc_0045bc73 ; jne 0x45bc73 push 1 push ref_0046c8b8 ; push 0x46c8b8 call __fatal_runtime_error ; call 0x45c690 add esp, 8 loc_0045bc73: mov eax, dword [ref_004991d4] ; mov eax, dword [0x4991d4] mov dword [esi + 4], ebx mov dword [esi], eax mov dword [ebx + 8], esi mov dword [esi + 8], 0 mov eax, dword [ebx + 8] mov byte [eax + 0x14], 0 mov eax, dword [ebx + 8] mov dword [ref_004991d4], esi ; mov dword [0x4991d4], esi add ebx, 0x1a mov dword [eax + 0xc], 0 loc_0045bca1: mov edx, dword [ebx + 0xc] test edx, edx jne short loc_0045bc44 ; jne 0x45bc44 mov dword [ref_004991d8], edx ; mov dword [0x4991d8], edx pop esi pop ebx ret fcn_0045bcb1: push 0 call fcn_0045bccb ; call 0x45bccb add esp, 4 jmp near loc_004591a8 ; jmp 0x4591a8 endloc_0045bcc0: dd 0x04e8036a dd 0x83000000 db 0xc4 db 0x04 db 0xc3 fcn_0045bccb: push ebx push esi push edi mov edx, dword [esp + 0x10] mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 add eax, edx mov edi, ref_00488f9c ; mov edi, 0x488f9c add eax, eax xor ebx, ebx add edi, eax mov eax, dword [ref_004991d4] ; mov eax, dword [0x4991d4] jmp short loc_0045bd21 ; jmp 0x45bd21 loc_0045bcf0: mov esi, dword [eax] mov eax, dword [eax + 4] mov cl, byte [eax + 0xd] mov edx, 1 test cl, 0x40 jne short loc_0045bd14 ; jne 0x45bd14 test cl, 8 jne short loc_0045bd14 ; jne 0x45bd14 cmp eax, edi jb short loc_0045bd1f ; jb 0x45bd1f cmp eax, ref_00488fea ; cmp eax, 0x488fea jae short loc_0045bd14 ; jae 0x45bd14 xor edx, edx loc_0045bd14: push edx push eax inc ebx call fcn_00457902 ; call 0x457902 add esp, 8 loc_0045bd1f: mov eax, esi loc_0045bd21: test eax, eax jne short loc_0045bcf0 ; jne 0x45bcf0 mov eax, ebx pop edi pop esi pop ebx ret endloc_0045bd2b: db 0x8b dd 0x8b082454 dd 0xf60c2444 dd 0x01042444 dd 0x02c70e74 dd 0x80000000 dd 0x000100c7 dd 0x0ceb0000 dd 0x000002c7 dd 0x00c7c000 dd 0x00000080 dd 0x042444f6 dd 0x80037402 dd 0x44f60208 dd 0x74040424 dd 0x04088003 db 0xc3 fcn_0045bd69: push ebx mov edx, dword [esp + 0xc] mov eax, dword [esp + 0x10] mov ebx, dword [esp + 8] cmp ebx, 2 jne short loc_0045bd89 ; jne 0x45bd89 mov dword [edx], 0xc0000000 loc_0045bd81: mov dword [eax], 0x80 pop ebx ret loc_0045bd89: cmp ebx, 1 jne short loc_0045bd96 ; jne 0x45bd96 mov dword [edx], 0x40000000 jmp short loc_0045bd81 ; jmp 0x45bd81 loc_0045bd96: mov dword [edx], 0x80000000 mov dword [eax], 1 pop ebx ret fcn_0045bda4: push ebx mov eax, dword [esp + 0xc] mov edx, dword [esp + 8] mov ebx, dword [esp + 8] and edx, 0x70 and ebx, 7 cmp edx, 0x20 jb short loc_0045bdcc ; jb 0x45bdcc jbe short loc_0045bdf6 ; jbe 0x45bdf6 cmp edx, 0x30 jb short loc_0045be04 ; jb 0x45be04 jbe short loc_0045bdee ; jbe 0x45bdee cmp edx, 0x40 je short loc_0045bdfe ; je 0x45bdfe pop ebx ret loc_0045bdcc: test edx, edx jbe short loc_0045bdd7 ; jbe 0x45bdd7 cmp edx, 0x10 je short loc_0045bde6 ; je 0x45bde6 pop ebx ret loc_0045bdd7: mov dword [eax], 1 test ebx, ebx jne short loc_0045be04 ; jne 0x45be04 or byte [eax], 2 pop ebx ret loc_0045bde6: mov dword [eax], 0 pop ebx ret loc_0045bdee: mov dword [eax], 2 pop ebx ret loc_0045bdf6: mov dword [eax], 1 pop ebx ret loc_0045bdfe: mov dword [eax], 3 loc_0045be04: pop ebx ret endloc_0045be06: db 0x8b db 0x54 dd 0xd2850824 dd 0xc0310375 dd 0x4c8b52c3 dd 0xe8510824 dd 0x00000004 dd 0xc308c483 fcn_0045be20: push ebx cmp dword [esp + 0xc], 0 je short loc_0045be37 ; je 0x45be37 mov ebx, dword [esp + 8] push ebx call fcn_0045be3d ; call 0x45be3d add esp, 4 pop ebx ret loc_0045be37: mov eax, dword [esp + 8] pop ebx ret fcn_0045be3d: push ebx mov ebx, dword [esp + 8] push ebx call fcn_00458e14 ; call 0x458e14 add esp, 4 cmp ebx, 0x7b jne short loc_0045be54 ; jne 0x45be54 push 1 jmp short loc_0045be80 ; jmp 0x45be80 loc_0045be54: cmp ebx, 0xce jne short loc_0045be60 ; jne 0x45be60 push 9 jmp short loc_0045be80 ; jmp 0x45be80 loc_0045be60: cmp ebx, 0xb7 jne short loc_0045be6c ; jne 0x45be6c push 7 jmp short loc_0045be80 ; jmp 0x45be80 loc_0045be6c: cmp ebx, 0x13 jbe short loc_0045be76 ; jbe 0x45be76 mov ebx, 0x13 loc_0045be76: mov ebx, dword [ebx + ref_004894d1] ; mov ebx, dword [ebx + 0x4894d1] sar ebx, 0x18 push ebx loc_0045be80: call fcn_00458de7 ; call 0x458de7 add esp, 4 mov eax, 0xffffffff pop ebx ret fcn_0045be8f: call dword [cs:__imp__GetLastError@0] ; ucall: call dword cs:[0x4623ac] push eax call fcn_0045be3d ; call 0x45be3d add esp, 4 ret fcn_0045bea0: push ebx push esi mov ebx, dword [esp + 0xc] cmp ebx, dword [ref_004894e8] ; cmp ebx, dword [0x4894e8] jb short loc_0045beb3 ; jb 0x45beb3 xor eax, eax pop esi pop ebx ret loc_0045beb3: cmp ebx, 3 jge short loc_0045beeb ; jge 0x45beeb mov esi, ebx mov eax, dword [ref_0048953c] ; mov eax, dword [0x48953c] shl esi, 2 add eax, esi mov dl, byte [eax + 1] test dl, 0x40 jne short loc_0045beeb ; jne 0x45beeb mov dh, dl or dh, 0x40 push ebx mov byte [eax + 1], dh call fcn_0045bf21 ; call 0x45bf21 add esp, 4 test eax, eax je short loc_0045beeb ; je 0x45beeb mov eax, dword [ref_0048953c] ; mov eax, dword [0x48953c] or byte [esi + eax + 1], 0x20 loc_0045beeb: mov eax, dword [ref_0048953c] ; mov eax, dword [0x48953c] mov eax, dword [eax + ebx*4] pop esi pop ebx ret fcn_0045bef6: push ebx mov ebx, dword [esp + 0xc] mov eax, dword [esp + 8] shl eax, 2 test ebx, ebx je short loc_0045bf16 ; je 0x45bf16 or bh, 0x40 mov edx, ebx mov ebx, dword [ref_0048953c] ; mov ebx, dword [0x48953c] mov dword [ebx + eax], edx pop ebx ret loc_0045bf16: mov edx, dword [ref_0048953c] ; mov edx, dword [0x48953c] mov dword [edx + eax], ebx pop ebx ret fcn_0045bf21: push ebx mov ebx, dword [esp + 8] push ebx call dword [ref_00488f50] ; ucall: call dword [0x488f50] mov edx, dword [ref_004891ac] ; mov edx, dword [0x4891ac] add esp, 4 test edx, edx je short loc_0045bf59 ; je 0x45bf59 push ebx call dword [ref_004891ac] ; ucall: call dword [0x4891ac] add esp, 4 test eax, eax je short loc_0045bf59 ; je 0x45bf59 loc_0045bf48: push ebx call dword [ref_00488f54] ; ucall: call dword [0x488f54] mov eax, 1 add esp, 4 pop ebx ret loc_0045bf59: mov eax, dword [ref_00489474] ; mov eax, dword [0x489474] mov edx, ebx mov eax, dword [eax + edx*4] push eax call dword [cs:__imp__GetFileType@4] ; ucall: call dword cs:[0x4623a4] cmp eax, 2 je short loc_0045bf48 ; je 0x45bf48 push ebx call dword [ref_00488f54] ; ucall: call dword [0x488f54] add esp, 4 xor eax, eax pop ebx ret fcn_0045bf7e: push ebx push esi mov esi, dword [esp + 0xc] xor ebx, ebx test esi, esi jl short loc_0045bf92 ; jl 0x45bf92 cmp esi, dword [ref_004894e8] ; cmp esi, dword [0x4894e8] jbe short loc_0045bfa4 ; jbe 0x45bfa4 loc_0045bf92: push 4 call fcn_00458de7 ; call 0x458de7 mov eax, 0xffffffff add esp, 4 pop esi pop ebx ret loc_0045bfa4: push esi call dword [ref_00488f50] ; ucall: call dword [0x488f50] mov eax, dword [ref_00489474] ; mov eax, dword [0x489474] mov edx, esi add esp, 4 mov eax, dword [eax + edx*4] push eax call dword [cs:__imp__FlushFileBuffers@4] ; ucall: call dword cs:[0x46236c] test eax, eax jne short loc_0045bfce ; jne 0x45bfce call fcn_0045be8f ; call 0x45be8f mov ebx, 0xffffffff loc_0045bfce: push esi call dword [ref_00488f54] ; ucall: call dword [0x488f54] add esp, 4 mov eax, ebx pop esi pop ebx ret fcn_0045bfdd: push 0xffffffffffffffff call fcn_0045bfe8 ; call 0x45bfe8 add esp, 4 ret fcn_0045bfe8: push ebx push esi push edi mov edi, dword [esp + 0x10] call dword [ref_00488f60] ; ucall: call dword [0x488f60] mov ebx, dword [ref_004991d4] ; mov ebx, dword [0x4991d4] xor esi, esi jmp short loc_0045c01b ; jmp 0x45c01b loc_0045bfff: mov eax, dword [ebx + 4] test dword [eax + 0xc], edi je short loc_0045c019 ; je 0x45c019 mov dl, byte [eax + 0xd] inc esi test dl, 0x10 je short loc_0045c019 ; je 0x45c019 push eax call fcn_004591f9 ; call 0x4591f9 add esp, 4 loc_0045c019: mov ebx, dword [ebx] loc_0045c01b: test ebx, ebx jne short loc_0045bfff ; jne 0x45bfff call dword [ref_00488f64] ; ucall: call dword [0x488f64] mov eax, esi pop edi pop esi pop ebx ret fcn_0045c02b: push ebx push esi mov esi, dword [ref_0048933c] ; mov esi, dword [0x48933c] call fcn_0045d137 ; call 0x45d137 mov ebx, eax cmp eax, 0xffffffff je short loc_0045c04c ; je 0x45c04c test esi, esi jne short loc_0045c04c ; jne 0x45c04c push eax call fcn_0045d1c0 ; call 0x45d1c0 add esp, 4 loc_0045c04c: mov eax, ebx pop esi pop ebx ret fcn_0045c051: mov edx, dword [esp + 4] push edx call dword [cs:__imp__GetFileAttributesA@4] ; ucall: call dword cs:[0x46239c] cmp eax, 0xffffffff je near fcn_0045be8f ; je 0x45be8f test byte [esp + 8], 2 je short loc_0045c07c ; je 0x45c07c test al, 1 je short loc_0045c07c ; je 0x45c07c push 5 call fcn_0045be3d ; call 0x45be3d add esp, 4 ret loc_0045c07c: xor eax, eax ret fcn_0045c07f: call dword [_GetThreadPtr] ; ucall: call dword [0x488f4c] add eax, 4 ret endloc_0045c089: db 0xff db 0x15 dd _GetThreadPtr db 0x83 db 0xc0 db 0x08 db 0xc3 fcn_0045c093: push ebx mov edx, dword [esp + 0xc] push edx mov ebx, dword [esp + 0xc] push ebx call dword [cs:__imp__MoveFileA@8] ; ucall: call dword cs:[0x4623e0] test eax, eax jne short loc_0045c0b0 ; jne 0x45c0b0 call fcn_0045be8f ; call 0x45be8f pop ebx ret loc_0045c0b0: xor eax, eax pop ebx ret fcn_0045c0b4: push ebx push esi push edi push ebp mov ebp, dword [esp + 0x14] mov ebx, dword [ref_00499944] ; mov ebx, dword [0x499944] test ebx, ebx je short loc_0045c108 ; je 0x45c108 test ebp, ebp je short loc_0045c108 ; je 0x45c108 mov edi, ebp push es mov eax, ds mov es, eax sub ecx, ecx dec ecx xor eax, eax repne scasb ; repne scasb al, byte es:[edi] not ecx dec ecx pop es mov edi, ecx jmp short loc_0045c102 ; jmp 0x45c102 loc_0045c0e0: push edi push ebp push esi call fcn_0045d226 ; call 0x45d226 add esp, 0xc test eax, eax jne short loc_0045c0ff ; jne 0x45c0ff cmp byte [edi + esi], 0x3d jne short loc_0045c0ff ; jne 0x45c0ff lea eax, [edi + 1] add eax, esi pop ebp pop edi pop esi pop ebx ret loc_0045c0ff: add ebx, 4 loc_0045c102: mov esi, dword [ebx] test esi, esi jne short loc_0045c0e0 ; jne 0x45c0e0 loc_0045c108: xor eax, eax pop ebp pop edi pop esi pop ebx ret fcn_0045c10f: push ebx push esi push edi push ebp sub esp, 4 mov ebx, dword [esp + 0x18] mov esi, dword [esp + 0x1c] mov edi, dword [esp + 0x20] test ebx, ebx jne short loc_0045c14d ; jne 0x45c14d mov edi, 0x104 push edi call fcn_00456f80 ; call 0x456f80 add esp, 4 mov ebp, eax test eax, eax jne short loc_0045c14b ; jne 0x45c14b push 5 loc_0045c13c: call fcn_00458de7 ; call 0x458de7 add esp, 4 loc_0045c144: xor eax, eax jmp near loc_0045c1a9 ; jmp 0x45c1a9 loc_0045c14b: mov ebx, eax loc_0045c14d: test esi, esi je short loc_0045c156 ; je 0x45c156 cmp byte [esi], 0 jne short loc_0045c162 ; jne 0x45c162 loc_0045c156: push edi push ebx call fcn_0045c1b1 ; call 0x45c1b1 add esp, 8 jmp short loc_0045c1a9 ; jmp 0x45c1a9 loc_0045c162: push ref_0046c8e8 ; push 0x46c8e8 push esi call fcn_00459dc7 ; call 0x459dc7 add esp, 8 test eax, eax jne short loc_0045c18f ; jne 0x45c18f cmp edi, 4 jae short loc_0045c186 ; jae 0x45c186 push ebp call clib_free ; call 0x456e11 add esp, 4 push 0xe jmp short loc_0045c13c ; jmp 0x45c13c loc_0045c186: mov eax, dword [ref_0046c8e8] ; mov eax, dword [0x46c8e8] mov dword [ebx], eax jmp short loc_0045c1a7 ; jmp 0x45c1a7 loc_0045c18f: mov eax, esp push eax push ebx push edi push esi call dword [cs:__imp__GetFullPathNameA@16] ; ucall: call dword cs:[0x4623a8] test eax, eax jne short loc_0045c1a7 ; jne 0x45c1a7 call fcn_0045be8f ; call 0x45be8f jmp short loc_0045c144 ; jmp 0x45c144 loc_0045c1a7: mov eax, ebx loc_0045c1a9: add esp, 4 pop ebp pop edi pop esi pop ebx ret fcn_0045c1b1: push ebx push esi push edi sub esp, 0x104 mov ebx, dword [esp + 0x114] mov eax, esp push eax push 0x104 call dword [cs:__imp__GetCurrentDirectoryA@8] ; ucall: call dword cs:[0x462384] mov esi, eax test eax, eax jne short loc_0045c1dd ; jne 0x45c1dd call fcn_0045be8f ; call 0x45be8f jmp short loc_0045c208 ; jmp 0x45c208 loc_0045c1dd: test ebx, ebx jne short loc_0045c20c ; jne 0x45c20c mov ebx, dword [esp + 0x118] inc eax cmp eax, ebx jae short loc_0045c1ef ; jae 0x45c1ef mov eax, ebx loc_0045c1ef: push eax call fcn_00456f80 ; call 0x456f80 add esp, 4 mov ebx, eax test eax, eax jne short loc_0045c219 ; jne 0x45c219 push 5 loc_0045c200: call fcn_00458de7 ; call 0x458de7 add esp, 4 loc_0045c208: xor eax, eax jmp short loc_0045c238 ; jmp 0x45c238 loc_0045c20c: cmp eax, dword [esp + 0x118] jbe short loc_0045c219 ; jbe 0x45c219 push 0xe jmp short loc_0045c200 ; jmp 0x45c200 loc_0045c219: lea ecx, [esi + 1] mov edi, ebx mov esi, esp push es mov eax, ds mov es, eax push edi mov eax, ecx shr ecx, 2 repne movsd mov cl, al and cl, 3 repne movsb ; repne movsb byte es:[edi], byte ptr [esi] pop edi pop es mov eax, ebx loc_0045c238: add esp, 0x104 pop edi pop esi pop ebx ret fcn_0045c242: mov edx, dword [esp + 4] push edx call dword [cs:__imp__DeleteFileA@4] ; ucall: call dword cs:[0x46235c] test eax, eax je near fcn_0045be8f ; je 0x45be8f xor eax, eax ret ref_0045c259: db 0xc3 fcn_0045c25a: push ax wait fninit fld1 fldz fdivp st1 ; fdivp st(1) fld st0 ; fld st(0) fchs fcompp fnstsw ax mov al, 2 sahf je short loc_0045c274 ; je 0x45c274 mov al, 3 loc_0045c274: wait fninit fldcw word [esp] xchg word [esp], ax pop ax ret fcn_0045c281: push ebp mov ebp, esp sub esp, 0x10 mov edx, dword [ebp + 0xc] push edx push edx mov ecx, dword [ebp + 8] push ecx call fcn_0045c2b4 ; call 0x45c2b4 mov dword [ebp - 0x10], eax mov dword [ebp - 0xc], edx add esp, 0xc mov eax, dword [ebp - 0x10] mov dword [ebp - 8], eax mov eax, dword [ebp - 0xc] mov dword [ebp - 4], eax mov eax, dword [ebp - 8] mov edx, dword [ebp - 4] mov esp, ebp pop ebp ret fcn_0045c2b4: push ebp mov ebp, esp push ebx push esi sub esp, 0x30 mov edx, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov ecx, dword [ebp + 0x10] mov eax, dword [esi] mov dword [ebp - 0x30], eax mov eax, dword [esi + 4] mov dword [ebp - 0x2c], eax mov eax, dword [ecx] mov dword [ebp - 0x28], eax mov eax, dword [ecx + 4] mov dword [ebp - 0x24], eax test dl, 0x40 je short loc_0045c2e7 ; je 0x45c2e7 mov ebx, 1 jmp short loc_0045c321 ; jmp 0x45c321 loc_0045c2e7: test dl, 0x80 je short loc_0045c2f3 ; je 0x45c2f3 mov ebx, 2 jmp short loc_0045c321 ; jmp 0x45c321 loc_0045c2f3: test dh, 1 je short loc_0045c2ff ; je 0x45c2ff mov ebx, 3 jmp short loc_0045c321 ; jmp 0x45c321 loc_0045c2ff: test dh, 8 je short loc_0045c30b ; je 0x45c30b mov ebx, 4 jmp short loc_0045c321 ; jmp 0x45c321 loc_0045c30b: test dh, 2 je short loc_0045c317 ; je 0x45c317 mov ebx, 6 jmp short loc_0045c321 ; jmp 0x45c321 loc_0045c317: test dh, 4 je short loc_0045c321 ; je 0x45c321 mov ebx, 5 loc_0045c321: mov eax, edx and eax, 0x1f mov eax, dword [eax*4 + ref_00489548] ; mov eax, dword [eax*4 + 0x489548] mov dword [ebp - 0x38], ebx mov dword [ebp - 0x34], eax test dh, 0x10 je short loc_0045c345 ; je 0x45c345 fld qword [ref_0046cad0] ; fld qword [0x46cad0] fchs fstp qword [ebp - 0x20] jmp short loc_0045c387 ; jmp 0x45c387 loc_0045c345: test dh, 0x20 je short loc_0045c354 ; je 0x45c354 xor ecx, ecx mov dword [ebp - 0x20], ecx mov dword [ebp - 0x1c], ecx jmp short loc_0045c387 ; jmp 0x45c387 loc_0045c354: test dh, 0x40 je short loc_0045c368 ; je 0x45c368 xor edx, edx mov ebx, 0x3ff00000 mov dword [ebp - 0x20], edx mov dword [ebp - 0x1c], ebx jmp short loc_0045c387 ; jmp 0x45c387 loc_0045c368: test dh, 0x80 je short loc_0045c37c ; je 0x45c37c mov eax, dword [ref_0046cad0] ; mov eax, dword [0x46cad0] mov dword [ebp - 0x20], eax mov eax, dword [ref_0046cad4] ; mov eax, dword [0x46cad4] jmp short loc_0045c384 ; jmp 0x45c384 loc_0045c37c: mov eax, dword [ecx] mov dword [ebp - 0x20], eax mov eax, dword [ecx + 4] loc_0045c384: mov dword [ebp - 0x1c], eax loc_0045c387: lea eax, [ebp - 0x38] push eax call fcn_0045d30e ; call 0x45d30e mov dword [ebp - 0x18], eax mov dword [ebp - 0x14], edx add esp, 4 mov eax, dword [ebp - 0x18] mov dword [ebp - 0x10], eax mov eax, dword [ebp - 0x14] mov dword [ebp - 0xc], eax mov eax, dword [ebp - 0x10] mov edx, dword [ebp - 0xc] lea esp, [ebp - 8] pop esi pop ebx pop ebp ret fcn_0045c3b2: push ebp mov ebp, esp push ebx push esi push edi sub esp, 0x40 mov edi, dword [ebp + 8] mov edx, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] xor eax, eax mov al, byte [ebx + 0x15] mov dword [ebp - 0x40], eax and al, 0x5f mov esi, dword [ebx + 8] and eax, 0xff cmp eax, 0x47 jne short loc_0045c3fe ; jne 0x45c3fe test esi, esi jne short loc_0045c3e4 ; jne 0x45c3e4 mov esi, 1 loc_0045c3e4: mov dword [ebp - 0x44], 4 mov ecx, dword [ebp - 0x40] mov eax, 1 sub ecx, 2 mov dword [ebp - 0x48], eax mov dword [ebp - 0x40], ecx jmp short loc_0045c41d ; jmp 0x45c41d loc_0045c3fe: cmp eax, 0x45 jne short loc_0045c410 ; jne 0x45c410 mov ecx, 1 mov dword [ebp - 0x44], ecx mov dword [ebp - 0x48], ecx jmp short loc_0045c41d ; jmp 0x45c41d loc_0045c410: mov ecx, 2 xor eax, eax mov dword [ebp - 0x44], ecx mov dword [ebp - 0x48], eax loc_0045c41d: test byte [ebx + 0x1e], 1 je short loc_0045c427 ; je 0x45c427 or byte [ebp - 0x44], 0x10 loc_0045c427: mov eax, dword [edx] add eax, 8 mov dword [edx], eax mov edx, eax mov eax, dword [eax - 8] mov dword [ebp - 0x14], eax mov eax, dword [edx - 4] lea edx, [ebp - 0x20] mov dword [ebp - 0x10], eax lea eax, [ebp - 0x14] fld qword [eax] fstp tword [edx] ; fstp xword [edx] cmp esi, 0xffffffff jne short loc_0045c450 ; jne 0x45c450 mov esi, 6 loc_0045c450: lea eax, [edi + 1] push eax lea eax, [ebp - 0x4c] push eax lea eax, [ebp - 0x20] xor edx, edx push eax mov dword [ebp - 0x4c], esi mov dword [ebp - 0x3c], edx call fcn_0045d4b6 ; call 0x45d4b6 mov eax, dword [ebp - 0x30] mov dword [ebx + 0x28], eax mov eax, dword [ebp - 0x2c] mov dword [ebx + 0x2c], eax mov eax, dword [ebp - 0x28] mov dword [ebx + 0x30], eax mov eax, dword [ebp - 0x24] mov dword [ebx + 0x34], eax mov ecx, dword [ebp - 0x38] add esp, 0xc test ecx, ecx jge short loc_0045c49a ; jge 0x45c49a mov eax, dword [ebx + 0x20] lea edx, [eax + 1] mov dword [ebx + 0x20], edx mov byte [edi + eax], 0x2d jmp short loc_0045c4c3 ; jmp 0x45c4c3 loc_0045c49a: mov ch, byte [ebx + 0x1e] test ch, 4 je short loc_0045c4b1 ; je 0x45c4b1 mov eax, dword [ebx + 0x20] lea edx, [eax + 1] mov dword [ebx + 0x20], edx mov byte [edi + eax], 0x2b jmp short loc_0045c4c3 ; jmp 0x45c4c3 loc_0045c4b1: test ch, 2 je short loc_0045c4c3 ; je 0x45c4c3 mov eax, dword [ebx + 0x20] lea edx, [eax + 1] mov dword [ebx + 0x20], edx mov byte [edi + eax], 0x20 loc_0045c4c3: mov edx, ds mov eax, edi lea esp, [ebp - 0xc] pop edi pop esi pop ebx pop ebp ret fcn_0045c4cf: push ebp mov ebp, esp sub esp, 8 push 0 mov edx, dword [ebp + 8] push edx call fcn_0045e029 ; call 0x45e029 mov dword [ebp - 8], eax mov dword [ebp - 4], edx add esp, 8 mov eax, dword [ebp + 0xc] mov edx, dword [ebp - 8] mov dword [eax], edx mov edx, dword [ebp - 4] mov dword [eax + 4], edx mov esp, ebp pop ebp ret fcn_0045c4fb: push 1 push ref_0046c958 ; push 0x46c958 call __fatal_runtime_error ; call 0x45c690 add esp, 8 ret fcn_0045c50b: push ebx sub esp, 0x10 mov dword [esp + 8], 0xc0000000 mov dword [esp + 0xc], 0x4150017e mov dword [esp], 0x80000000 mov dword [esp + 4], 0x4147ffff cmp byte [ref_00488f35], 3 ; cmp byte [0x488f35], 3 jb short loc_0045c580 ; jb 0x45c580 mov eax, dword [esp + 8] mov edx, dword [esp + 0xc] mov ebx, dword [esp] mov ecx, dword [esp + 4] call fcn_0045e0b6 ; call 0x45e0b6 mov ebx, dword [esp] mov ecx, dword [esp + 4] call fcn_0045e479 ; call 0x45e479 mov ebx, eax mov ecx, edx mov eax, dword [esp + 8] mov edx, dword [esp + 0xc] call fcn_0045e2bc ; call 0x45e2bc mov ebx, 0xe2308c3a mov ecx, 0x3e45798e call fcn_0045e616 ; call 0x45e616 jle short loc_0045c580 ; jle 0x45c580 or byte [ref_0048936c], 1 ; or byte [0x48936c], 1 loc_0045c580: add esp, 0x10 pop ebx ret fcn_0045c585: push ebx mov edx, dword [esp + 0xc] push edx mov ebx, dword [esp + 0xc] push ebx call fcn_0045c59a ; call 0x45c59a add esp, 8 pop ebx ret fcn_0045c59a: push ebx push esi push edi push ebp mov ebx, dword [esp + 0x14] mov edi, dword [esp + 0x18] test ebx, ebx jne short loc_0045c5b8 ; jne 0x45c5b8 push edi call fcn_00456f8e ; call 0x456f8e add esp, 4 pop ebp pop edi pop esi pop ebx ret loc_0045c5b8: test edi, edi jne short loc_0045c5cc ; jne 0x45c5cc push ebx call lib_free ; call 0x456e1f add esp, 4 xor eax, eax pop ebp pop edi pop esi pop ebx ret loc_0045c5cc: push ebx call fcn_0045e64e ; call 0x45e64e add esp, 4 push edi push ebx mov esi, eax call fcn_0045e829 ; call 0x45e829 add esp, 8 mov ebp, eax test eax, eax jne short loc_0045c627 ; jne 0x45c627 push edi call fcn_00456f8e ; call 0x456f8e add esp, 4 mov ebp, eax test eax, eax je short loc_0045c61d ; je 0x45c61d mov ecx, esi mov edi, eax mov esi, ebx push es mov eax, ds mov es, eax push edi mov eax, ecx shr ecx, 2 repne movsd mov cl, al and cl, 3 repne movsb ; repne movsb byte es:[edi], byte ptr [esi] pop edi pop es push ebx call lib_free ; call 0x456e1f add esp, 4 jmp short loc_0045c627 ; jmp 0x45c627 loc_0045c61d: push esi push ebx call fcn_0045e829 ; call 0x45e829 add esp, 8 loc_0045c627: mov eax, ebp pop ebp pop edi pop esi pop ebx ret lib_calloc: push ebx mov ebx, dword [esp + 8] imul ebx, dword [esp + 0xc] push ebx call fcn_00456f80 ; call 0x456f80 add esp, 4 test eax, eax je short loc_0045c651 ; je 0x45c651 push ebx push 0 push eax call memset ; call 0x456f60 add esp, 0xc loc_0045c651: pop ebx ret fcn_0045c653: push ebx sub esp, 4 mov eax, dword [esp + 0xc] xor ebx, ebx jmp short loc_0045c660 ; jmp 0x45c660 loc_0045c65f: inc ebx loc_0045c660: mov edx, eax mov cl, byte [edx] inc eax test cl, cl jne short loc_0045c65f ; jne 0x45c65f push 0 lea eax, [esp + 4] push eax push ebx mov edx, dword [esp + 0x18] mov eax, dword [ref_00489474] ; mov eax, dword [0x489474] push edx mov ebx, dword [eax + 8] push ebx call dword [cs:__imp__WriteFile@20] ; ucall: call dword cs:[0x462440] mov ecx, dword [esp + 0x10] push ecx jmp near loc_004588b0 ; jmp 0x4588b0 __fatal_runtime_error: push ebx mov eax, ds and eax, 0xffff push eax mov edx, dword [esp + 0xc] push edx call fcn_0045e873 ; call 0x45e873 add esp, 8 test eax, eax jne short loc_0045c6bc ; jne 0x45c6bc mov ebx, dword [esp + 0xc] push ebx mov ecx, dword [esp + 0xc] push ecx call fcn_0045c653 ; call 0x45c653 add esp, 8 loc_0045c6bc: pop ebx ret fcn_0045c836: push ebx push esi push edi mov edi, dword [esp + 0x10] call dword [ref_00488f78] ; ucall: call dword [0x488f78] mov esi, ref_00499954 ; mov esi, 0x499954 mov ebx, dword [ref_00499954] ; mov ebx, dword [0x499954] jmp short loc_0045c87a ; jmp 0x45c87a loc_0045c850: cmp edi, dword [ebx + 4] jne short loc_0045c876 ; jne 0x45c876 cmp dword [ebx + 0xc], 0 je short loc_0045c867 ; je 0x45c867 mov edi, dword [ebx + 8] push edi call clib_free ; call 0x456e11 add esp, 4 loc_0045c867: mov edi, dword [ebx] push ebx mov dword [esi], edi call clib_free ; call 0x456e11 add esp, 4 jmp short loc_0045c87e ; jmp 0x45c87e loc_0045c876: mov esi, ebx mov ebx, dword [ebx] loc_0045c87a: test ebx, ebx jne short loc_0045c850 ; jne 0x45c850 loc_0045c87e: call dword [ref_00488f7c] ; ucall: call dword [0x488f7c] pop edi loc_0045c885: pop esi pop ebx ret fcn_0045c888: call dword [ref_00488f78] ; ucall: call dword [0x488f78] mov eax, dword [ref_00499954] ; mov eax, dword [0x499954] loc_0045c893: test eax, eax je short loc_0045c8a2 ; je 0x45c8a2 mov edx, dword [eax + 8] mov byte [edx + 0x53], 1 mov eax, dword [eax] jmp short loc_0045c893 ; jmp 0x45c893 loc_0045c8a2: call dword [ref_00488f7c] ; ucall: call dword [0x488f7c] ret loc_0045c8a9: push ebx push esi mov ebx, dword [ref_00499954] ; mov ebx, dword [0x499954] loc_0045c8b1: test ebx, ebx je short loc_0045c885 ; je 0x45c885 mov edx, dword [ebx + 0xc] mov esi, dword [ebx] test edx, edx je short loc_0045c8ca ; je 0x45c8ca mov ecx, dword [ebx + 8] push ecx call clib_free ; call 0x456e11 add esp, 4 loc_0045c8ca: push ebx call clib_free ; call 0x456e11 add esp, 4 mov ebx, esi jmp short loc_0045c8b1 ; jmp 0x45c8b1 fcn_0045c901: jmp near loc_0045c8a9 ; jmp 0x45c8a9 fcn_0045c906: mov edx, dword [esp + 4] push edx call fcn_00456f80 ; call 0x456f80 add esp, 4 ret fcn_0045c914: push ebx push esi push edi push ebp cmp dword [ref_00499944], 0 ; cmp dword [0x499944], 0 jne near loc_0045c9d9 ; jne 0x45c9d9 mov ebp, dword [_RWD_EnvPtr] ; mov ebp, dword [0x48934d] xor esi, esi xor dl, dl mov eax, ebp loc_0045c931: cmp dl, byte [eax] je short loc_0045c947 ; je 0x45c947 loc_0045c935: mov cl, byte [eax] lea ebx, [eax + 1] cmp dl, cl je short loc_0045c942 ; je 0x45c942 mov eax, ebx jmp short loc_0045c935 ; jmp 0x45c935 loc_0045c942: inc esi mov eax, ebx jmp short loc_0045c931 ; jmp 0x45c931 loc_0045c947: sub eax, ebp jne short loc_0045c950 ; jne 0x45c950 mov eax, 1 loc_0045c950: push eax call fcn_0045c906 ; call 0x45c906 mov edi, eax add esp, 4 mov ebx, eax test eax, eax je near loc_0045c9d4 ; je 0x45c9d4 mov eax, esi shl eax, 2 add eax, 4 add esi, eax push esi call fcn_0045c906 ; call 0x45c906 add esp, 4 test eax, eax je short loc_0045c9cb ; je 0x45c9cb mov dword [ref_00499944], eax ; mov dword [0x499944], eax xor esi, esi xor ecx, ecx mov eax, ebp loc_0045c987: cmp byte [eax], 0 je short loc_0045c9a5 ; je 0x45c9a5 mov edx, dword [ref_00499944] ; mov edx, dword [0x499944] mov dword [ecx + edx], ebx loc_0045c995: mov dl, byte [eax] inc eax mov byte [ebx], dl inc ebx test dl, dl jne short loc_0045c995 ; jne 0x45c995 add ecx, 4 inc esi jmp short loc_0045c987 ; jmp 0x45c987 loc_0045c9a5: mov edx, dword [ref_00499944] ; mov edx, dword [0x499944] push esi mov dword [ecx + edx], 0 add ecx, 4 push 0 add edx, ecx push edx mov dword [ref_00499940], edx ; mov dword [0x499940], edx call memset ; call 0x456f60 add esp, 0xc jmp short loc_0045c9d4 ; jmp 0x45c9d4 loc_0045c9cb: push edi call clib_free ; call 0x456e11 add esp, 4 loc_0045c9d4: call fcn_0045e924 ; call 0x45e924 loc_0045c9d9: pop ebp pop edi pop esi pop ebx ret fcn_0045c9de: push ebp mov ebp, esp mov eax, dword [ebp + 8] loc_0045c9e4: cmp word [eax], 0 je short loc_0045c9ee ; je 0x45c9ee inc eax inc eax jmp short loc_0045c9e4 ; jmp 0x45c9e4 loc_0045c9ee: sub eax, dword [ebp + 8] sar eax, 1 pop ebp ret fcn_0045c9f5: mov eax, dword [esp + 4] cmp word [eax], 1 jne short loc_0045ca1b ; jne 0x45ca1b cmp dword [eax + 4], 0 je short loc_0045ca1b ; je 0x45ca1b mov ax, word [eax + 0xa] cmp ax, 0x10 jb short loc_0045ca15 ; jb 0x45ca15 cmp ax, 0x12 jbe short loc_0045ca1b ; jbe 0x45ca1b loc_0045ca15: mov eax, 1 ret loc_0045ca1b: xor eax, eax ret fcn_0045ca1e: push 0 call dword [ref_00488f50] ; ucall: call dword [0x488f50] mov edx, dword [ref_004895b0] ; mov edx, dword [0x4895b0] add esp, 4 cmp edx, 0xffffffff jne short loc_0045ca57 ; jne 0x45ca57 push 0 push 0x80 push 3 push 0 push 1 push 0x80000000 push ref_0046c9f4 ; push 0x46c9f4 call dword [cs:__imp__CreateFileA@28] ; ucall: call dword cs:[0x462350] mov dword [ref_004895b0], eax ; mov dword [0x4895b0], eax loc_0045ca57: cmp dword [ref_004895b4], 0xffffffff ; cmp dword [0x4895b4], 0xffffffff jne short loc_0045ca83 ; jne 0x45ca83 push 0 push 0x80 push 3 push 0 push 2 push 0x40000000 push ref_0046c9fb ; push 0x46c9fb call dword [cs:__imp__CreateFileA@28] ; ucall: call dword cs:[0x462350] mov dword [ref_004895b4], eax ; mov dword [0x4895b4], eax loc_0045ca83: push 0 call dword [ref_00488f54] ; ucall: call dword [0x488f54] add esp, 4 ret fcn_0045ca8f: call fcn_0045ca1e ; call 0x45ca1e mov eax, dword [ref_004895b0] ; mov eax, dword [0x4895b0] ret fcn_0045ca9a: call fcn_0045ca1e ; call 0x45ca1e mov eax, dword [ref_004895b4] ; mov eax, dword [0x4895b4] ret fcn_0045caa5: fnclex ret fcn_0045caa8: push ebx push esi mov ebx, dword [esp + 0xc] cmp ebx, 7 je short loc_0045cab8 ; je 0x45cab8 cmp ebx, 4 jne short loc_0045cad1 ; jne 0x45cad1 loc_0045cab8: mov eax, ebx mov esi, dword [esp + 0x10] mov ebx, dword [ebx*8 + ref_004895b8] ; mov ebx, dword [ebx*8 + 0x4895b8] mov dword [eax*8 + ref_004895b8], esi ; mov dword [eax*8 + 0x4895b8], esi mov eax, ebx pop esi pop ebx ret loc_0045cad1: mov esi, ebx shl esi, 3 call dword [_GetThreadPtr] ; ucall: call dword [0x488f4c] mov ebx, dword [esi + eax + 0x58] call dword [_GetThreadPtr] ; ucall: call dword [0x488f4c] add esi, eax mov eax, dword [esp + 0x10] mov dword [esi + 0x58], eax mov eax, ebx pop esi pop ebx ret fcn_0045caf4: push ebx mov ebx, dword [esp + 8] cmp ebx, 7 je short loc_0045cb03 ; je 0x45cb03 cmp ebx, 4 jne short loc_0045cb0c ; jne 0x45cb0c loc_0045cb03: mov eax, dword [ebx*8 + ref_004895b8] ; mov eax, dword [ebx*8 + 0x4895b8] pop ebx ret loc_0045cb0c: call dword [_GetThreadPtr] ; ucall: call dword [0x488f4c] mov eax, dword [eax + ebx*8 + 0x58] pop ebx ret fcn_0045cb18: push ebx mov ebx, dword [esp + 8] cmp ebx, 7 je short loc_0045cb27 ; je 0x45cb27 cmp ebx, 4 jne short loc_0045cb30 ; jne 0x45cb30 loc_0045cb27: mov eax, dword [ebx*8 + ref_004895bc] ; mov eax, dword [ebx*8 + 0x4895bc] pop ebx ret loc_0045cb30: call dword [_GetThreadPtr] ; ucall: call dword [0x488f4c] mov eax, dword [eax + ebx*8 + 0x5c] pop ebx ret fcn_0045cb3c: mov edx, dword [esp + 4] push edx call fcn_0045cb18 ; call 0x45cb18 add esp, 4 cmp eax, dword [esp + 8] jne short loc_0045cb5d ; jne 0x45cb5d mov ecx, dword [esp + 4] push ecx call fcn_0045caf4 ; call 0x45caf4 add esp, 4 ret loc_0045cb5d: xor eax, eax ret fcn_0045cb60: push ebx mov eax, dword [esp + 8] test eax, eax jbe short loc_0045cb70 ; jbe 0x45cb70 cmp eax, 1 je short loc_0045cb8c ; je 0x45cb8c jmp short loc_0045cba0 ; jmp 0x45cba0 loc_0045cb70: push 4 call fcn_0045caf4 ; call 0x45caf4 add esp, 4 mov ebx, eax test eax, eax je short loc_0045cbb5 ; je 0x45cbb5 push 4 loc_0045cb82: call fcn_0045cd2a ; call 0x45cd2a add esp, 4 jmp short loc_0045cba6 ; jmp 0x45cba6 loc_0045cb8c: push 7 call fcn_0045caf4 ; call 0x45caf4 add esp, 4 mov ebx, eax test eax, eax je short loc_0045cbb5 ; je 0x45cbb5 push 7 jmp short loc_0045cb82 ; jmp 0x45cb82 loc_0045cba0: xor eax, eax pop ebx ret 4 loc_0045cba6: cmp ebx, 2 je short loc_0045cba0 ; je 0x45cba0 cmp ebx, 3 je short loc_0045cba0 ; je 0x45cba0 mov eax, 1 loc_0045cbb5: pop ebx ret 4 fcn_0045cbb9: push ebx push 4 call fcn_0045caf4 ; call 0x45caf4 add esp, 4 push 7 mov ebx, eax call fcn_0045caf4 ; call 0x45caf4 add esp, 4 cmp ebx, 2 je short loc_0045cbda ; je 0x45cbda cmp ebx, 3 jne short loc_0045cbe4 ; jne 0x45cbe4 loc_0045cbda: cmp eax, 2 je short loc_0045cbeb ; je 0x45cbeb cmp eax, 3 je short loc_0045cbeb ; je 0x45cbeb loc_0045cbe4: mov eax, 1 pop ebx ret loc_0045cbeb: xor eax, eax pop ebx ret fcn_0045cbef: cmp byte [ref_00489620], 0 ; cmp byte [0x489620], 0 jne short loc_0045cc11 ; jne 0x45cc11 push 1 push fcn_0045cb60 ; push 0x45cb60 call dword [cs:__imp__SetConsoleCtrlHandler@8] ; ucall: call dword cs:[0x4623f0] test eax, eax je short loc_0045cc11 ; je 0x45cc11 mov byte [ref_00489620], 1 ; mov byte [0x489620], 1 loc_0045cc11: xor eax, eax mov al, byte [ref_00489620] ; mov al, byte [0x489620] ret fcn_0045cc19: cmp byte [ref_00489620], 0 ; cmp byte [0x489620], 0 je short loc_0045cc3c ; je 0x45cc3c push 0 push fcn_0045cb60 ; push 0x45cb60 call dword [cs:__imp__SetConsoleCtrlHandler@8] ; ucall: call dword cs:[0x4623f0] test eax, eax je short loc_0045cc3c ; je 0x45cc3c xor dl, dl mov byte [ref_00489620], dl ; mov byte [0x489620], dl loc_0045cc3c: xor eax, eax mov al, byte [ref_00489620] ; mov al, byte [0x489620] test eax, eax sete al and eax, 0xff ret ref_0045cc4e: db 0x6a db 0x01 dd 0x0000d5e8 dd 0x04c48300 db 0xc3 fcn_0045cc59: push ebx push 2 call fcn_0045caf4 ; call 0x45caf4 add esp, 4 mov ebx, eax cmp eax, 1 je short loc_0045cc91 ; je 0x45cc91 cmp eax, 2 je short loc_0045cc91 ; je 0x45cc91 cmp eax, 3 je short loc_0045cc91 ; je 0x45cc91 push 2 push 2 call fcn_0045caa8 ; call 0x45caa8 add esp, 8 mov edx, dword [esp + 8] push edx push 2 call ebx add esp, 8 xor eax, eax pop ebx ret loc_0045cc91: mov eax, 0xffffffff pop ebx ret endloc_0045cc98: dd 0x8b575653 dd 0x8310245c dd 0x057c01fb dd 0x7e0cfb83 dd 0xe8096a13 dd 0xffffc137 dd 0x000003b8 dd 0x04c48300 dd 0xc35b5e5f db 0xba dd ref_0045cc4e db 0x8b db 0x4c db 0x24 db 0x14 db 0x89 db 0x15 dd ref_00489734 db 0x83 dd 0x267402f9 dd 0x7403f983 dd 0x3de85321 dd 0x83fffffe dd 0xc08504c4 dd 0xfb831474 dd 0x680f7502 dd 0x0000009f dd 0x88e8006a dd 0x8300001d dd 0xe85308c4 dd 0xfffffdf8 dd 0x8b04c483 dd 0x5714247c dd 0xe8c68953 dd 0xfffffd9c dd 0xe808c483 dd 0xfffffea5 dd 0x0774c085 dd 0xfffed2e8 dd 0xe805ebff dd 0xfffffef5 dd 0x5e5ff089 db 0x5b db 0xc3 fcn_0045cd2a: push ebx push esi mov ebx, dword [esp + 0xc] push ebx call fcn_0045caf4 ; call 0x45caf4 add esp, 4 mov esi, eax cmp ebx, 2 jb short loc_0045cd49 ; jb 0x45cd49 jbe short loc_0045cd50 ; jbe 0x45cd50 cmp ebx, 0xc jbe short loc_0045cd6c ; jbe 0x45cd6c jmp short loc_0045cd9f ; jmp 0x45cd9f loc_0045cd49: cmp ebx, 1 je short loc_0045cd62 ; je 0x45cd62 jmp short loc_0045cd9f ; jmp 0x45cd9f loc_0045cd50: push 0x8c call fcn_0045cc59 ; call 0x45cc59 add esp, 4 xor eax, eax pop esi pop ebx ret loc_0045cd62: cmp eax, 2 jne short loc_0045cd6c ; jne 0x45cd6c call fcn_0045ea68 ; call 0x45ea68 loc_0045cd6c: cmp esi, 1 je short loc_0045cd8c ; je 0x45cd8c cmp esi, 2 je short loc_0045cd8c ; je 0x45cd8c cmp esi, 3 je short loc_0045cd8c ; je 0x45cd8c push 2 push ebx call fcn_0045caa8 ; call 0x45caa8 add esp, 8 push ebx call esi add esp, 4 loc_0045cd8c: call fcn_0045cbb9 ; call 0x45cbb9 test eax, eax jne short loc_0045cda7 ; jne 0x45cda7 call fcn_0045cc19 ; call 0x45cc19 xor eax, eax pop esi pop ebx ret loc_0045cd9f: mov eax, 0xffffffff pop esi pop ebx ret loc_0045cda7: xor eax, eax pop esi pop ebx ret fcn_0045cdac: push ebx push esi push edi push es mov ebx, 8 loc_0045cdb5: call dword [_GetThreadPtr] ; ucall: call dword [0x488f4c] lea esi, [eax + ebx] mov eax, ds mov es, eax lea edi, [esi + 0x58] lea esi, [ebx + ref_004895b8] ; lea esi, [ebx + 0x4895b8] add ebx, 8 movsd ; movsd dword es:[edi], dword ptr [esi] movsd ; movsd dword es:[edi], dword ptr [esi] cmp ebx, 0x68 jne short loc_0045cdb5 ; jne 0x45cdb5 mov edx, fcn_0045cb3c ; mov edx, 0x45cb3c mov ebx, fcn_0045cd2a ; mov ebx, 0x45cd2a mov dword [ref_0048948c], edx ; mov dword [0x48948c], edx mov dword [ref_00489490], ebx ; mov dword [0x489490], ebx pop es pop edi pop esi pop ebx ret fcn_0045cdf0: call fcn_0045cbb9 ; call 0x45cbb9 test eax, eax je short loc_0045ce16 ; je 0x45ce16 call fcn_0045cc19 ; call 0x45cc19 push 2 push 4 call fcn_0045caa8 ; call 0x45caa8 add esp, 8 push 2 push 7 call fcn_0045caa8 ; call 0x45caa8 add esp, 8 loc_0045ce16: ret fcn_0045ce17: push ebx mov edx, fcn_0045cdac ; mov edx, 0x45cdac mov ebx, fcn_0045cdf0 ; mov ebx, 0x45cdf0 mov dword [ref_00488f8c], edx ; mov dword [0x488f8c], edx mov dword [ref_00488f90], ebx ; mov dword [0x488f90], ebx pop ebx ret fcn_0045ce30: mov edx, dword [esp + 4] test edx, edx jne short loc_0045ce3b ; jne 0x45ce3b xor eax, eax ret loc_0045ce3b: push 0 push 0 push 2 push edx push 1 lea eax, [esp + 0x1c] push eax push 0x200 mov ecx, dword [ref_00489738] ; mov ecx, dword [0x489738] push ecx call dword [cs:__imp__WideCharToMultiByte@32] ; ucall: call dword cs:[0x462438] test eax, eax je short loc_0045ce61 ; je 0x45ce61 ret loc_0045ce61: mov eax, 0xffffffff ret fcn_0045ce67: push ebx push esi push edi push es push ebp sub esp, 0x40 mov eax, dword [esp + 0x5c] lea edi, [esp + 0x34] mov esi, dword [esp + 0x58] mov dword [esp + 0x3c], eax mov eax, ds lea ebp, [esp + 1] mov es, eax xor edx, edx mov eax, dword [esp + 0x60] movsd ; movsd dword es:[edi], dword ptr [esi] movsd ; movsd dword es:[edi], dword ptr [esi] mov dword [esp + 0x2c], eax xor ah, ah mov dword [esp + 0x30], edx mov byte [esp], ah loc_0045ce9c: lea edi, [esp + 0x24] lea esi, [esp + 0x34] lea ebx, [esp + 0x2c] lea eax, [esp + 0x34] mov edx, dword [eax + 4] mov eax, dword [eax] mov ecx, dword [ebx + 4] mov ebx, dword [ebx] call fcn_0045ec77 ; call 0x45ec77 mov dword [esi + 4], edx mov dword [esi], eax mov dword [edi + 4], ecx mov dword [edi], ebx mov ebx, dword [esp + 0x24] mov al, byte [ebx + ref_00489624] ; mov al, byte [ebx + 0x489624] mov byte [ebp], al mov ebx, dword [esp + 0x34] inc ebp test ebx, ebx jne short loc_0045ce9c ; jne 0x45ce9c cmp dword [esp + 0x38], 0 jne short loc_0045ce9c ; jne 0x45ce9c loc_0045cee2: mov ebx, dword [esp + 0x3c] dec ebp lea esi, [ebx + 1] mov al, byte [ebp] mov dword [esp + 0x3c], esi mov byte [ebx], al test al, al jne short loc_0045cee2 ; jne 0x45cee2 mov eax, dword [esp + 0x5c] add esp, 0x40 pop ebp pop es pop edi pop esi pop ebx ret endloc_0045cf04: dd 0x06575653 dd 0x08ec8355 dd 0x24245c8b dd 0xd88ce789 dd 0x2024748b dd 0x4c8bc08e dd 0xda892824 dd 0xf983a5a5 dd 0xf634750a dd 0x80072444 dd 0x03c62d74 dd 0x01538d2d dd 0x8b24348b dd 0xf704247c dd 0x89d7f7d6 dd 0x6e8d2434 dd 0x247c8901 dd 0x242c8904 dd 0x0575ed85 dd 0xeb01478d dd 0x89f88902 dd 0x8b042444 dd 0x5128244c dd 0x24448d52 dd 0xfce85008 dd 0x83fffffe dd 0xd8890cc4 dd 0xeb08c483 db 0x89 fcn_0045cf75: push ebx push esi push edi sub esp, 0x28 mov eax, dword [esp + 0x38] mov edi, dword [esp + 0x40] mov esi, dword [esp + 0x3c] xor dl, dl lea ecx, [esp + 1] mov byte [esp], dl loc_0045cf90: lea ebx, [esp + 0x24] mov dword [esp + 0x24], edi xor edx, edx div dword [ebx] mov dword [ebx], edx mov edx, dword [esp + 0x24] mov dl, byte [edx + ref_0048964c] ; mov dl, byte [edx + 0x48964c] mov byte [ecx], dl inc ecx test eax, eax jne short loc_0045cf90 ; jne 0x45cf90 loc_0045cfaf: dec ecx mov al, byte [ecx] mov byte [esi], al inc esi test al, al jne short loc_0045cfaf ; jne 0x45cfaf mov eax, dword [esp + 0x3c] add esp, 0x28 pop edi pop esi pop ebx ret endloc_0045cfc4: dd 0x548b5653 dd 0x5c8b0c24 dd 0x4c8b1024 dd 0xd8891424 dd 0x750af983 dd 0x7dd2850c dd 0x8ddaf708 dd 0x03c60143 dd 0x24748b2d dd 0x52505614 dd 0xffff84e8 dd 0x0cc483ff dd 0x5b5ed889 dd 0x24448bc3 db 0x04 db 0x8a db 0x80 dd ref_0049995d db 0x24 dd 0x00ff2501 db 0x00 db 0x00 db 0xc3 fcn_0045d00b: push 0 call fcn_0045eace ; call 0x45eace add esp, 4 ret fcn_0045d016: mov eax, dword [esp + 4] cmp eax, 0x61 jl short loc_0045d027 ; jl 0x45d027 cmp eax, 0x7a jg short loc_0045d027 ; jg 0x45d027 sub eax, 0x20 loc_0045d027: ret fcn_0045d028: push ebx push esi sub esp, 0x18 mov ebx, dword [esp + 0x24] mov eax, dword [ref_00489674] ; mov eax, dword [0x489674] cmp eax, 1 jb short loc_0045d099 ; jb 0x45d099 jbe short loc_0045d044 ; jbe 0x45d044 cmp eax, 2 je short loc_0045d07b ; je 0x45d07b jmp short loc_0045d099 ; jmp 0x45d099 loc_0045d044: mov ebx, dword [ref_00499a68] ; mov ebx, dword [0x499a68] dec ebx mov ecx, dword [ref_00499a64] ; mov ecx, dword [0x499a64] mov dword [ref_00499a68], ebx ; mov dword [0x499a68], ebx test ecx, ecx je short loc_0045d067 ; je 0x45d067 test ebx, ebx jne short loc_0045d071 ; jne 0x45d071 mov dword [ref_00489674], ebx ; mov dword [0x489674], ebx jmp short loc_0045d071 ; jmp 0x45d071 loc_0045d067: mov dword [ref_00489674], 2 ; mov dword [0x489674], 2 loc_0045d071: mov eax, dword [ref_00499a64] ; mov eax, dword [0x499a64] jmp near loc_0045d131 ; jmp 0x45d131 loc_0045d07b: cmp dword [ref_00499a68], 0 ; cmp dword [0x499a68], 0 setne al and eax, 0xff mov dword [ref_00489674], eax ; mov dword [0x489674], eax mov eax, dword [ref_00499a60] ; mov eax, dword [0x499a60] jmp near loc_0045d131 ; jmp 0x45d131 loc_0045d099: lea eax, [esp + 0x14] push eax push 1 lea eax, [esp + 8] push eax push ebx call dword [cs:__imp__ReadConsoleInputA@16] ; ucall: call dword cs:[0x4623e8] test eax, eax je near loc_0045d12c ; je 0x45d12c mov eax, esp push eax call fcn_0045c9f5 ; call 0x45c9f5 add esp, 4 test eax, eax je short loc_0045d099 ; je 0x45d099 xor eax, eax mov ax, word [esp + 8] dec eax mov dword [ref_00499a68], eax ; mov dword [0x499a68], eax xor eax, eax mov al, byte [esp + 0xe] mov dword [ref_00499a64], eax ; mov dword [0x499a64], eax test byte [esp + 0x11], 1 jne short loc_0045d0ec ; jne 0x45d0ec cmp dword [ref_00499a64], 0 ; cmp dword [0x499a64], 0 jne short loc_0045d110 ; jne 0x45d110 loc_0045d0ec: mov esi, 2 xor eax, eax xor ecx, ecx mov ax, word [esp + 0xc] mov dword [ref_00499a64], ecx ; mov dword [0x499a64], ecx mov dword [ref_00489674], esi ; mov dword [0x489674], esi mov dword [ref_00499a60], eax ; mov dword [0x499a60], eax jmp near loc_0045d071 ; jmp 0x45d071 loc_0045d110: cmp dword [ref_00499a68], 0 ; cmp dword [0x499a68], 0 je near loc_0045d071 ; je 0x45d071 mov dword [ref_00489674], 1 ; mov dword [0x489674], 1 jmp near loc_0045d071 ; jmp 0x45d071 loc_0045d12c: mov eax, 0xffffffff loc_0045d131: add esp, 0x18 pop esi pop ebx ret fcn_0045d137: push ebx push esi sub esp, 4 mov eax, dword [ref_0048933c] ; mov eax, dword [0x48933c] test eax, eax je short loc_0045d14f ; je 0x45d14f xor esi, esi mov dword [ref_0048933c], esi ; mov dword [0x48933c], esi jmp short loc_0045d1ba ; jmp 0x45d1ba loc_0045d14f: cmp dword [ref_004891e0], 0 ; cmp dword [0x4891e0], 0 je short loc_0045d170 ; je 0x45d170 push eax call dword [ref_004891ac] ; ucall: call dword [0x4891ac] add esp, 4 push eax call dword [ref_004891e0] ; ucall: call dword [0x4891e0] add esp, 4 mov esi, eax jmp short loc_0045d1b8 ; jmp 0x45d1b8 loc_0045d170: push eax call dword [ref_00488f50] ; ucall: call dword [0x488f50] add esp, 4 call fcn_0045ca8f ; call 0x45ca8f mov ebx, eax mov eax, esp push eax push ebx call dword [cs:__imp__GetConsoleMode@8] ; ucall: call dword cs:[0x462380] push 0 push ebx call dword [cs:__imp__SetConsoleMode@8] ; ucall: call dword cs:[0x4623f4] push ebx call fcn_0045d028 ; call 0x45d028 add esp, 4 mov ecx, dword [esp] push ecx push ebx mov esi, eax call dword [cs:__imp__SetConsoleMode@8] ; ucall: call dword cs:[0x4623f4] push 0 call dword [ref_00488f54] ; ucall: call dword [0x488f54] add esp, 4 loc_0045d1b8: mov eax, esi loc_0045d1ba: add esp, 4 pop esi pop ebx ret fcn_0045d1c0: push ebx sub esp, 8 mov ebx, dword [esp + 0x10] mov edx, dword [ref_004891e8] ; mov edx, dword [0x4891e8] mov byte [esp + 4], bl test edx, edx je short loc_0045d1ee ; je 0x45d1ee push 1 call dword [ref_004891ac] ; ucall: call dword [0x4891ac] add esp, 4 push ebx push eax call dword [ref_004891e8] ; ucall: call dword [0x4891e8] add esp, 8 jmp short loc_0045d21f ; jmp 0x45d21f loc_0045d1ee: push 1 call dword [ref_00488f50] ; ucall: call dword [0x488f50] add esp, 4 call fcn_0045ca9a ; call 0x45ca9a push 0 lea edx, [esp + 4] push edx push 1 lea edx, [esp + 0x10] push edx push eax call dword [cs:__imp__WriteConsoleA@20] ; ucall: call dword cs:[0x46243c] push 1 call dword [ref_00488f54] ; ucall: call dword [0x488f54] add esp, 4 loc_0045d21f: mov eax, ebx add esp, 8 pop ebx ret fcn_0045d226: push ebx push esi push edi push ebp mov esi, dword [esp + 0x14] mov ebx, dword [esp + 0x18] mov edi, dword [esp + 0x1c] xor ebp, ebp loc_0045d238: test edi, edi jbe short loc_0045d27f ; jbe 0x45d27f push esi call fcn_0045ed05 ; call 0x45ed05 add esp, 4 test eax, eax jne short loc_0045d27f ; jne 0x45d27f push ebx call fcn_0045ed05 ; call 0x45ed05 add esp, 4 test eax, eax jne short loc_0045d27f ; jne 0x45d27f push ebx push esi call fcn_0045ed41 ; call 0x45ed41 add esp, 8 mov ebp, eax test eax, eax jne short loc_0045d2b2 ; jne 0x45d2b2 push esi call fcn_0045edbd ; call 0x45edbd add esp, 4 push ebx dec edi mov esi, eax call fcn_0045edbd ; call 0x45edbd add esp, 4 mov ebx, eax jmp short loc_0045d238 ; jmp 0x45d238 loc_0045d27f: test edi, edi jbe short loc_0045d2b0 ; jbe 0x45d2b0 push esi call fcn_0045ed05 ; call 0x45ed05 add esp, 4 test eax, eax jne short loc_0045d29d ; jne 0x45d29d push ebx call fcn_0045ed05 ; call 0x45ed05 add esp, 4 test eax, eax je short loc_0045d2b0 ; je 0x45d2b0 loc_0045d29d: xor eax, eax mov bl, byte [ebx] mov al, byte [esi] and ebx, 0xff sub eax, ebx pop ebp pop edi pop esi pop ebx ret loc_0045d2b0: mov eax, ebp loc_0045d2b2: pop ebp pop edi pop esi pop ebx ret endloc_0045d2b7: db 0x8b dd 0xa3042444 dd ref_00489694 db 0xc3 fcn_0045d2c1: push ebp mov ebp, esp push ebx push 2 call fcn_0045edf1 ; call 0x45edf1 add esp, 4 mov ebx, eax push eax mov eax, dword [ebp + 8] mov edx, dword [eax*4 + ref_00489678] ; mov edx, dword [eax*4 + 0x489678] push edx call fcn_0045ee11 ; call 0x45ee11 add esp, 8 push ebx push ref_0046ca89 ; push 0x46ca89 call fcn_0045ee11 ; call 0x45ee11 add esp, 8 push ebx mov ecx, dword [ebp + 0xc] push ecx call fcn_0045ee11 ; call 0x45ee11 add esp, 8 push ebx push 0xa call fcn_00459aab ; call 0x459aab add esp, 8 pop ebx pop ebp ret fcn_0045d30e: push ebp mov ebp, esp push ebx push esi sub esp, 8 mov ebx, dword [ebp + 8] push ebx call dword [ref_00489694] ; ucall: call dword [0x489694] add esp, 4 test eax, eax jne short loc_0045d349 ; jne 0x45d349 mov edx, dword [ebx + 4] push edx mov ecx, dword [ebx] push ecx call fcn_0045d2c1 ; call 0x45d2c1 mov esi, dword [ebx] add esp, 8 cmp esi, 1 jne short loc_0045d344 ; jne 0x45d344 call fcn_00458df5 ; call 0x458df5 jmp short loc_0045d349 ; jmp 0x45d349 loc_0045d344: call fcn_00458e00 ; call 0x458e00 loc_0045d349: mov eax, dword [ebx + 0x18] mov dword [ebp - 0x10], eax mov eax, dword [ebx + 0x1c] mov dword [ebp - 0xc], eax mov eax, dword [ebp - 0x10] mov edx, dword [ebp - 0xc] lea esp, [ebp - 8] pop esi pop ebx pop ebp ret fcn_0045d362: push ebp mov ebp, esp push ebx push esi push edi sub esp, 0xc mov edi, dword [ebp + 0xc] cmp edi, 0x2000 jl short loc_0045d37b ; jl 0x45d37b mov edi, 0x2000 loc_0045d37b: mov esi, ref_00489698 ; mov esi, 0x489698 jmp short loc_0045d3b1 ; jmp 0x45d3b1 loc_0045d382: test di, 1 je short loc_0045d3ac ; je 0x45d3ac mov ax, word [esi + 8] mov word [ebp - 0x10], ax mov eax, dword [esi + 4] mov dword [ebp - 0x14], eax mov ebx, dword [ebp + 8] mov eax, dword [esi] lea edx, [ebp - 0x18] mov dword [ebp - 0x18], eax mov eax, ebx fld tword [eax] ; fld xword [eax] fld tword [edx] ; fld xword [edx] fmulp st1 ; fmulp st(1) fstp tword [ebx] ; fstp xword [ebx] loc_0045d3ac: sar edi, 1 add esi, 0xa loc_0045d3b1: test edi, edi jg short loc_0045d382 ; jg 0x45d382 jmp near loc_0045db4c ; jmp 0x45db4c fcn_0045d3ba: push ebp mov ebp, esp push ebx push esi push edi sub esp, 0xc mov esi, dword [ebp + 8] mov ebx, dword [ebp + 0xc] test ebx, ebx je near loc_0045db4c ; je 0x45db4c push 0 wait fnstcw word [esp] pop eax mov edi, eax or ah, 3 and eax, 0xffff push eax fldcw word [esp] pop eax mov edx, 0x3fff xor ecx, ecx mov word [ebp - 0x10], dx mov edx, 0x80000000 mov dword [ebp - 0x18], ecx mov dword [ebp - 0x14], edx test ebx, ebx jge short loc_0045d423 ; jge 0x45d423 mov eax, ebx neg eax push eax lea eax, [ebp - 0x18] push eax mov ebx, esi call fcn_0045d362 ; call 0x45d362 add esp, 8 lea edx, [ebp - 0x18] mov eax, esi fld tword [eax] ; fld xword [eax] fld tword [edx] ; fld xword [edx] fdivp st1 ; fdivp st(1) fstp tword [ebx] ; fstp xword [ebx] jmp short loc_0045d43f ; jmp 0x45d43f loc_0045d423: push ebx lea eax, [ebp - 0x18] push eax call fcn_0045d362 ; call 0x45d362 mov ebx, esi add esp, 8 lea edx, [ebp - 0x18] mov eax, esi fld tword [eax] ; fld xword [eax] fld tword [edx] ; fld xword [edx] fmulp st1 ; fmulp st(1) fstp tword [ebx] ; fstp xword [ebx] loc_0045d43f: xor eax, eax mov ax, di loc_0045d444: push eax fldcw word [esp] pop eax jmp near loc_0045db4c ; jmp 0x45db4c fcn_0045d44e: push ebp mov ebp, esp push ebx push esi mov ebx, dword [ebp + 0xc] cmp ebx, 0x1000 jle short loc_0045d46f ; jle 0x45d46f push 0x1000 mov ecx, dword [ebp + 8] push ecx sub ebx, 0x1000 jmp short loc_0045d486 ; jmp 0x45d486 loc_0045d46f: cmp ebx, 0xfffff000 jge short loc_0045d48e ; jge 0x45d48e push 0xfffff000 mov edx, dword [ebp + 8] push edx add ebx, 0x1000 loc_0045d486: call fcn_0045d3ba ; call 0x45d3ba add esp, 8 loc_0045d48e: push ebx mov esi, dword [ebp + 8] push esi call fcn_0045d3ba ; call 0x45d3ba add esp, 8 pop esi pop ebx pop ebp ret endloc_0045d49f: db 0x8d db 0x40 db 0x00 ref_0045d4a2: ; may contain a jump table dd loc_0045d54c dd loc_0045d58b dd loc_0045d55d dd loc_0045d57b dd loc_0045d54c fcn_0045d4b6: push ebp mov ebp, esp push ebx push esi push edi sub esp, 0x88 mov ebx, dword [ebp + 8] mov esi, dword [ebp + 0xc] push 0 wait fnstcw word [esp] pop eax mov dword [ebp - 0x14], eax or ah, 3 and eax, 0xffff push eax fldcw word [esp] pop eax mov dword [esi + 0x14], 0 mov ax, word [ebx + 8] mov word [ebp - 0x40], ax mov eax, dword [ebx + 4] mov dword [ebp - 0x44], eax mov eax, dword [ebx] mov dword [ebp - 0x48], eax test byte [ebp - 0x3f], 0x80 je short loc_0045d506 ; je 0x45d506 mov dword [esi + 0x14], 0xffffffff loc_0045d506: and byte [ebp - 0x3f], 0x7f mov dword [esi + 0x1c], 0 mov dword [esi + 0x20], 0 lea eax, [ebp - 0x48] mov dword [esi + 0x24], 0 push eax mov dword [esi + 0x28], 0 xor edi, edi mov dword [esi + 0x18], 0 call fcn_0045eec4 ; call 0x45eec4 add esp, 4 cmp eax, 4 ja near loc_0045d6be ; ja 0x45d6be jmp dword [cs:eax*4 + ref_0045d4a2] ; ujmp: jmp dword cs:[eax*4 + 0x45d4a2] loc_0045d54c: xor ecx, ecx mov dword [esi + 0x14], 0 mov dword [ebp - 0x20], ecx jmp near loc_0045d6be ; jmp 0x45d6be loc_0045d55d: mov eax, dword [ebp + 0x10] mov byte [eax], 0x6e mov byte [eax + 1], 0x61 mov byte [eax + 2], 0x6e loc_0045d56b: mov byte [eax + 3], 0 mov dword [esi + 0x1c], 3 jmp near loc_0045d94a ; jmp 0x45d94a loc_0045d57b: mov eax, dword [ebp + 0x10] mov byte [eax], 0x69 mov byte [eax + 1], 0x6e mov byte [eax + 2], 0x66 jmp short loc_0045d56b ; jmp 0x45d56b loc_0045d58b: xor eax, eax mov ax, word [ebp - 0x40] sub eax, 0x3ffe mov dword [ebp - 0x20], eax imul edx, eax, 0x7597 mov ebx, 0x186a0 mov eax, edx sar edx, 0x1f idiv ebx mov dword [ebp - 0x20], eax lea ecx, [eax - 4] mov dword [ebp - 0x20], ecx test ecx, ecx je near loc_0045d6be ; je 0x45d6be jge short loc_0045d5df ; jge 0x45d5df mov eax, ecx neg eax add eax, 3 and al, 0xfc mov ebx, eax neg ebx mov dword [ebp - 0x20], eax mov eax, ebx neg eax push eax lea eax, [ebp - 0x48] push eax mov dword [ebp - 0x20], ebx jmp near loc_0045d6b6 ; jmp 0x45d6b6 loc_0045d5df: mov edx, dword [ebp - 0x40] cmp dx, 0x4019 jb short loc_0045d5f4 ; jb 0x45d5f4 jne short loc_0045d5fe ; jne 0x45d5fe cmp dword [ebp - 0x44], 0xbebc2000 jae short loc_0045d5fe ; jae 0x45d5fe loc_0045d5f4: xor edx, edx mov dword [ebp - 0x20], edx jmp near loc_0045d6be ; jmp 0x45d6be loc_0045d5fe: mov ecx, dword [ebp - 0x40] cmp cx, 0x4034 jb short loc_0045d62c ; jb 0x45d62c jne near loc_0045d6a8 ; jne 0x45d6a8 mov ecx, dword [ebp - 0x44] cmp ecx, 0x8e1bc9bf jb short loc_0045d62c ; jb 0x45d62c jne near loc_0045d6a8 ; jne 0x45d6a8 cmp dword [ebp - 0x48], 0x4000000 jae near loc_0045d6a8 ; jae 0x45d6a8 loc_0045d62c: mov edx, 0x4019 mov ebx, 0xbebc2000 lea eax, [ebp - 0x48] xor ecx, ecx mov word [ebp - 0x34], dx mov dword [ebp - 0x38], ebx lea ebx, [ebp - 0x30] lea edx, [ebp - 0x3c] mov dword [ebp - 0x3c], ecx fld tword [eax] ; fld xword [eax] fld tword [edx] ; fld xword [edx] fdivp st1 ; fdivp st(1) fstp tword [ebx] ; fstp xword [ebx] lea eax, [ebp - 0x30] lea ebx, [ebp - 0x3c] fld tword [eax] ; fld xword [eax] push eax push eax wait fnstcw word [esp] pop eax push eax or ah, 0xc push eax fldcw word [esp] pop eax fistp dword [esp + 4] fldcw word [esp] pop eax pop eax lea edx, [ebp - 0x30] mov edi, eax push eax fild dword [esp] pop eax fstp tword [edx] ; fstp xword [edx] lea edx, [ebp - 0x3c] lea eax, [ebp - 0x30] fld tword [eax] ; fld xword [eax] fld tword [edx] ; fld xword [edx] fmulp st1 ; fmulp st(1) fstp tword [ebx] ; fstp xword [ebx] lea ebx, [ebp - 0x48] lea edx, [ebp - 0x3c] lea eax, [ebp - 0x48] fld tword [eax] ; fld xword [eax] fld tword [edx] ; fld xword [edx] fsubp st1 ; fsubp st(1) fstp tword [ebx] ; fstp xword [ebx] mov dword [ebp - 0x20], 8 jmp short loc_0045d6be ; jmp 0x45d6be loc_0045d6a8: and byte [ebp - 0x20], 0xfc mov eax, dword [ebp - 0x20] neg eax push eax lea eax, [ebp - 0x48] push eax loc_0045d6b6: call fcn_0045d44e ; call 0x45d44e add esp, 8 loc_0045d6be: test byte [esi + 8], 2 je short loc_0045d6e0 ; je 0x45d6e0 mov edx, dword [ebp - 0x20] mov eax, dword [esi] add eax, edx add eax, 0xa mov ebx, dword [esi + 4] mov dword [ebp - 0x18], eax test ebx, ebx jle short loc_0045d6e8 ; jle 0x45d6e8 lea ecx, [eax + ebx] mov dword [ebp - 0x18], ecx jmp short loc_0045d6e8 ; jmp 0x45d6e8 loc_0045d6e0: mov eax, dword [esi] add eax, 7 mov dword [ebp - 0x18], eax loc_0045d6e8: mov bh, byte [esi + 8] mov eax, 0xf test bh, 0x20 je short loc_0045d6fa ; je 0x45d6fa mov eax, 0x14 loc_0045d6fa: test byte [esi + 8], 0x40 je short loc_0045d702 ; je 0x45d702 add eax, eax loc_0045d702: mov edx, dword [ebp - 0x18] add eax, 4 cmp eax, edx jge short loc_0045d70f ; jge 0x45d70f mov dword [ebp - 0x18], eax loc_0045d70f: mov ch, 0x30 xor al, al xor ebx, ebx mov byte [ebp - 0x94], ch mov byte [ebp - 0x93], al lea eax, [ebp - 0x93] mov dword [ebp - 0x24], ebx mov dword [ebp - 0x1c], eax loc_0045d72d: mov ecx, dword [ebp - 0x18] test ecx, ecx jle near loc_0045d823 ; jle 0x45d823 lea eax, [ecx - 8] mov dword [ebp - 0x18], eax test edi, edi jne short loc_0045d7b7 ; jne 0x45d7b7 test word [ebp - 0x40], 0x7fff je near loc_0045d823 ; je 0x45d823 lea eax, [ebp - 0x48] fld tword [eax] ; fld xword [eax] push eax push eax wait fnstcw word [esp] pop eax push eax or ah, 0xc push eax fldcw word [esp] pop eax fistp dword [esp + 4] fldcw word [esp] pop eax pop eax mov edx, dword [ebp - 0x18] mov edi, eax test edx, edx jle short loc_0045d7b7 ; jle 0x45d7b7 lea edx, [ebp - 0x54] lea ebx, [ebp - 0x48] push eax fild dword [esp] pop eax fstp tword [edx] ; fstp xword [edx] lea edx, [ebp - 0x54] lea eax, [ebp - 0x48] fld tword [eax] ; fld xword [eax] fld tword [edx] ; fld xword [edx] fsubp st1 ; fsubp st(1) fstp tword [ebx] ; fstp xword [ebx] mov ecx, 0x4019 mov ebx, 0xbebc2000 lea edx, [ebp - 0x54] lea eax, [ebp - 0x48] mov word [ebp - 0x4c], cx mov dword [ebp - 0x50], ebx xor ecx, ecx lea ebx, [ebp - 0x48] mov dword [ebp - 0x54], ecx fld tword [eax] ; fld xword [eax] fld tword [edx] ; fld xword [edx] fmulp st1 ; fmulp st(1) fstp tword [ebx] ; fstp xword [ebx] loc_0045d7b7: mov ebx, dword [ebp - 0x1c] mov eax, edi push ecx push edx call fcn_0045d7c5 ; call 0x45d7c5 jmp short loc_0045d80a ; jmp 0x45d80a fcn_0045d7c5: mov ecx, 0x2710 sub edx, edx cmp eax, ecx xchg eax, edx jb short loc_0045d7d4 ; jb 0x45d7d4 xchg eax, edx div ecx loc_0045d7d4: push edx call fcn_0045d7db ; call 0x45d7db pop eax fcn_0045d7db: mov ecx, 0x64 sub edx, edx cmp eax, ecx xchg eax, edx jb short loc_0045d7eb ; jb 0x45d7eb xchg eax, edx div cx loc_0045d7eb: push edx call fcn_0045d7f2 ; call 0x45d7f2 pop eax fcn_0045d7f2: mov cl, 0xa cmp al, cl xchg ah, al jb short loc_0045d7fe ; jb 0x45d7fe xchg ah, al div cl loc_0045d7fe: add ah, 0x30 add al, 0x30 mov byte [ebx], al inc ebx mov byte [ebx], ah inc ebx ret loc_0045d80a: pop edx pop ecx mov al, 0 mov byte [ebx], al mov eax, dword [ebp - 0x24] mov dword [ebp - 0x1c], ebx add eax, 8 xor edi, edi mov dword [ebp - 0x24], eax jmp near loc_0045d72d ; jmp 0x45d72d loc_0045d823: mov edx, dword [ebp - 0x20] mov edi, dword [ebp - 0x24] add edx, 7 lea eax, [ebp - 0x93] loc_0045d832: mov dword [ebp - 0x20], edx cmp byte [eax], 0x30 jne short loc_0045d842 ; jne 0x45d842 mov edx, dword [ebp - 0x20] dec edi dec edx inc eax jmp short loc_0045d832 ; jmp 0x45d832 loc_0045d842: mov bl, byte [esi + 8] mov edx, dword [esi] test bl, 2 je short loc_0045d85e ; je 0x45d85e mov ecx, dword [ebp - 0x20] mov ebx, dword [esi + 4] add ecx, ebx mov dword [ebp - 0x20], ecx lea ebx, [ecx + 1] add edx, ebx jmp short loc_0045d87b ; jmp 0x45d87b loc_0045d85e: test bl, 1 je short loc_0045d87b ; je 0x45d87b mov ebx, dword [esi + 4] test ebx, ebx jle short loc_0045d86d ; jle 0x45d86d inc edx jmp short loc_0045d86f ; jmp 0x45d86f loc_0045d86d: add edx, ebx loc_0045d86f: mov ebx, dword [ebp - 0x20] mov ecx, dword [esi + 4] inc ebx sub ebx, ecx mov dword [ebp - 0x20], ebx loc_0045d87b: test edx, edx jl near loc_0045d8e7 ; jl 0x45d8e7 cmp edx, edi jle short loc_0045d889 ; jle 0x45d889 mov edx, edi loc_0045d889: mov cl, byte [esi + 8] mov ebx, 0xf test cl, 0x20 je short loc_0045d89b ; je 0x45d89b mov ebx, 0x14 loc_0045d89b: test byte [esi + 8], 0x40 je short loc_0045d8a3 ; je 0x45d8a3 add ebx, ebx loc_0045d8a3: cmp edx, ebx jle short loc_0045d8aa ; jle 0x45d8aa lea edx, [ebx + 1] loc_0045d8aa: mov byte [ebp - 0x10], 0x30 cmp edi, edx jle short loc_0045d8bc ; jle 0x45d8bc cmp byte [edx + eax], 0x35 jb short loc_0045d8bc ; jb 0x45d8bc mov byte [ebp - 0x10], 0x39 loc_0045d8bc: mov ch, byte [ebp - 0x10] mov ebx, edx lea edi, [edx + eax] loc_0045d8c4: dec edi mov cl, byte [edi] dec ebx cmp cl, ch jne short loc_0045d8cf ; jne 0x45d8cf dec edx jmp short loc_0045d8c4 ; jmp 0x45d8c4 loc_0045d8cf: cmp ch, 0x39 jne short loc_0045d8da ; jne 0x45d8da mov ch, cl inc ch mov byte [edi], ch loc_0045d8da: test ebx, ebx jge short loc_0045d8e7 ; jge 0x45d8e7 mov ebx, dword [ebp - 0x20] dec eax inc ebx inc edx mov dword [ebp - 0x20], ebx loc_0045d8e7: test edx, edx jg short loc_0045d906 ; jg 0x45d906 mov edx, 1 xor ecx, ecx mov al, 0x30 mov dword [ebp - 0x20], ecx mov byte [ebp - 0x94], al lea eax, [ebp - 0x94] mov dword [esi + 0x14], ecx loc_0045d906: mov bl, byte [esi + 8] test bl, 2 jne short loc_0045d925 ; jne 0x45d925 test bl, 4 je short loc_0045d937 ; je 0x45d937 mov edi, dword [ebp - 0x20] cmp edi, 0xfffffffc jl short loc_0045d91f ; jl 0x45d91f cmp edi, dword [esi] jl short loc_0045d925 ; jl 0x45d925 loc_0045d91f: test byte [esi + 8], 8 je short loc_0045d937 ; je 0x45d937 loc_0045d925: mov ecx, dword [ebp + 0x10] push ecx mov edi, dword [ebp - 0x20] push edi push edx push eax push esi call fcn_0045d955 ; call 0x45d955 jmp short loc_0045d947 ; jmp 0x45d947 loc_0045d937: mov edi, dword [ebp + 0x10] push edi mov ebx, dword [ebp - 0x20] push ebx push edx push eax push esi call fcn_0045db66 ; call 0x45db66 loc_0045d947: add esp, 0x14 loc_0045d94a: xor eax, eax mov ax, word [ebp - 0x14] jmp near loc_0045d444 ; jmp 0x45d444 fcn_0045d955: push ebp mov ebp, esp push ebx push esi push edi sub esp, 4 mov edx, dword [ebp + 8] mov ecx, dword [ebp + 0x14] mov ebx, dword [edx] mov ah, byte [edx + 8] inc ecx mov dword [ebp - 0x10], ebx mov dword [ebp + 0x14], ecx xor ebx, ebx test ah, 4 je short loc_0045d99b ; je 0x45d99b mov esi, dword [ebp + 0x10] cmp esi, dword [ebp - 0x10] jge short loc_0045d987 ; jge 0x45d987 test ah, 0x10 jne short loc_0045d987 ; jne 0x45d987 mov dword [ebp - 0x10], esi loc_0045d987: mov esi, dword [ebp + 0x14] mov eax, dword [ebp - 0x10] sub eax, esi mov dword [ebp - 0x10], eax test eax, eax jge short loc_0045d99b ; jge 0x45d99b xor esi, esi mov dword [ebp - 0x10], esi loc_0045d99b: mov edi, dword [ebp + 0x14] test edi, edi jg near loc_0045da43 ; jg 0x45da43 test byte [edx + 8], 8 jne short loc_0045d9cf ; jne 0x45d9cf mov ecx, dword [ebp + 0x18] mov esi, ebx add esi, ecx mov byte [esi], 0x30 mov esi, dword [ebp - 0x10] inc ebx test esi, esi jg short loc_0045d9c4 ; jg 0x45d9c4 test byte [edx + 8], 0x10 je short loc_0045d9cf ; je 0x45d9cf loc_0045d9c4: mov eax, dword [ebp + 0x18] mov edi, ebx add edi, eax inc ebx mov byte [edi], 0x2e loc_0045d9cf: mov esi, dword [ebp + 0x14] mov ecx, dword [ebp - 0x10] neg esi mov dword [edx + 0x1c], ebx cmp esi, ecx jle short loc_0045d9e8 ; jle 0x45d9e8 mov esi, ecx mov dword [ebp + 0x14], ecx neg esi mov dword [ebp + 0x14], esi loc_0045d9e8: mov esi, dword [ebp + 0x14] mov eax, dword [ebp - 0x10] mov ecx, dword [ebp + 0x10] mov edi, esi mov dword [edx + 0x18], esi add eax, esi mov dword [edx + 0x20], esi neg edi mov dword [ebp - 0x10], eax mov dword [edx + 0x20], edi cmp eax, ecx jge short loc_0045da0a ; jge 0x45da0a mov dword [ebp + 0x10], eax loc_0045da0a: mov edi, dword [ebp + 0x18] mov ecx, dword [ebp + 0x10] mov esi, dword [ebp + 0xc] add edi, ebx push es mov eax, ds mov es, eax push edi mov eax, ecx shr ecx, 2 repne movsd mov cl, al and cl, 3 repne movsb ; repne movsb byte es:[edi], byte ptr [esi] pop edi pop es mov esi, dword [ebp + 0x10] mov edi, dword [ebp + 0x10] add ebx, esi mov dword [edx + 0x24], esi mov esi, dword [ebp - 0x10] sub esi, edi loc_0045da3b: mov dword [edx + 0x28], esi jmp near loc_0045db46 ; jmp 0x45db46 loc_0045da43: mov esi, dword [ebp + 0x10] cmp esi, edi jge short loc_0045daa8 ; jge 0x45daa8 mov edi, dword [ebp + 0x18] mov ecx, esi mov esi, dword [ebp + 0xc] push es mov eax, ds mov es, eax push edi mov eax, ecx shr ecx, 2 repne movsd mov cl, al and cl, 3 repne movsb ; repne movsb byte es:[edi], byte ptr [esi] pop edi pop es mov eax, dword [ebp + 0x10] mov esi, dword [ebp + 0x14] mov dword [edx + 0x1c], eax sub esi, eax mov cl, byte [edx + 8] mov dword [edx + 0x20], esi mov esi, dword [ebp + 0x14] add ebx, eax mov dword [edx + 0x18], esi test cl, 8 jne short loc_0045daa3 ; jne 0x45daa3 cmp dword [ebp - 0x10], 0 jg short loc_0045da91 ; jg 0x45da91 test cl, 0x10 je short loc_0045daa3 ; je 0x45daa3 loc_0045da91: mov eax, dword [ebp + 0x18] mov edi, ebx add edi, eax mov byte [edi], 0x2e inc ebx mov dword [edx + 0x24], 1 loc_0045daa3: mov esi, dword [ebp - 0x10] jmp short loc_0045da3b ; jmp 0x45da3b loc_0045daa8: mov esi, dword [ebp + 0xc] mov ecx, edi mov edi, dword [ebp + 0x18] push es mov eax, ds mov es, eax push edi mov eax, ecx shr ecx, 2 repne movsd mov cl, al and cl, 3 repne movsb ; repne movsb byte es:[edi], byte ptr [esi] pop edi pop es mov esi, dword [ebp + 0x14] mov edi, dword [ebp + 0x10] mov ch, byte [edx + 8] add ebx, esi sub edi, esi mov dword [edx + 0x18], esi mov dword [ebp + 0x10], edi test ch, 8 jne short loc_0045daf6 ; jne 0x45daf6 cmp dword [ebp - 0x10], 0 jg short loc_0045dae9 ; jg 0x45dae9 test ch, 0x10 je short loc_0045db05 ; je 0x45db05 loc_0045dae9: mov ecx, dword [ebp + 0x18] mov edi, ebx add edi, ecx inc ebx mov byte [edi], 0x2e jmp short loc_0045db05 ; jmp 0x45db05 loc_0045daf6: mov esi, dword [ebp + 0x18] cmp byte [esi], 0x30 jne short loc_0045db05 ; jne 0x45db05 mov dword [edx + 0x18], 0 loc_0045db05: mov esi, dword [ebp - 0x10] cmp esi, dword [ebp + 0x10] jge short loc_0045db10 ; jge 0x45db10 mov dword [ebp + 0x10], esi loc_0045db10: mov esi, dword [ebp + 0xc] mov eax, dword [ebp + 0x14] mov edi, dword [ebp + 0x18] mov ecx, dword [ebp + 0x10] add esi, eax add edi, ebx push es mov eax, ds mov es, eax push edi mov eax, ecx shr ecx, 2 repne movsd mov cl, al and cl, 3 repne movsb ; repne movsb byte es:[edi], byte ptr [esi] pop edi pop es mov ecx, dword [ebp + 0x10] mov esi, dword [ebp - 0x10] add ebx, ecx sub esi, ecx mov dword [edx + 0x1c], ebx mov dword [edx + 0x20], esi loc_0045db46: add ebx, dword [ebp + 0x18] loc_0045db49: mov byte [ebx], 0 loc_0045db4c: lea esp, [ebp - 0xc] pop edi pop esi pop ebx pop ebp ret endloc_0045db54: db 0x8b db 0xc0 ref_0045db56: ; may contain a jump table dd loc_0045dd31 dd loc_0045dd41 dd loc_0045dd4c dd loc_0045dd57 fcn_0045db66: push ebp mov ebp, esp push ebx push esi push edi sub esp, 8 mov eax, dword [ebp + 8] mov eax, dword [eax] mov dword [ebp - 0x14], eax mov eax, dword [ebp + 8] mov edx, dword [eax + 4] test edx, edx jg short loc_0045db86 ; jg 0x45db86 add dword [ebp - 0x14], edx jmp short loc_0045db94 ; jmp 0x45db94 loc_0045db86: mov ebx, dword [ebp - 0x14] sub ebx, edx mov dword [ebp - 0x14], ebx lea ecx, [ebx + 1] mov dword [ebp - 0x14], ecx loc_0045db94: mov eax, dword [ebp + 8] mov dl, byte [eax + 8] xor ebx, ebx test dl, 4 je short loc_0045dbbc ; je 0x45dbbc mov eax, dword [ebp + 0x10] cmp eax, dword [ebp - 0x14] jge short loc_0045dbac ; jge 0x45dbac mov dword [ebp - 0x14], eax loc_0045dbac: mov eax, dword [ebp - 0x14] dec eax mov dword [ebp - 0x14], eax test eax, eax jge short loc_0045dbbc ; jge 0x45dbbc xor ecx, ecx mov dword [ebp - 0x14], ecx loc_0045dbbc: mov eax, dword [ebp + 8] mov esi, dword [eax + 4] test esi, esi jg short loc_0045dbd3 ; jg 0x45dbd3 mov ecx, dword [ebp + 0x18] mov eax, ebx add eax, ecx inc ebx mov byte [eax], 0x30 jmp short loc_0045dc40 ; jmp 0x45dc40 loc_0045dbd3: mov edi, dword [ebp + 0x10] mov dword [ebp - 0x10], esi cmp esi, edi jle short loc_0045dbe0 ; jle 0x45dbe0 mov dword [ebp - 0x10], edi loc_0045dbe0: mov edi, dword [ebp + 0x18] mov ecx, dword [ebp - 0x10] mov esi, dword [ebp + 0xc] add edi, ebx mov edx, dword [ebp + 0xc] push es mov eax, ds mov es, eax push edi mov eax, ecx shr ecx, 2 repne movsd mov cl, al and cl, 3 repne movsb ; repne movsb byte es:[edi], byte ptr [esi] pop edi pop es mov eax, dword [ebp - 0x10] add edx, eax mov ecx, dword [ebp + 0x10] mov dword [ebp + 0xc], edx mov edx, dword [ebp + 8] add ebx, eax sub ecx, eax mov esi, dword [edx + 4] mov dword [ebp + 0x10], ecx cmp eax, esi jge short loc_0045dc40 ; jge 0x45dc40 mov edi, dword [ebp - 0x10] mov eax, esi sub eax, edi push eax mov dword [ebp - 0x10], eax mov eax, dword [ebp + 0x18] push 0x30 add eax, ebx push eax call memset ; call 0x456f60 mov edx, dword [ebp - 0x10] add esp, 0xc add ebx, edx loc_0045dc40: mov eax, dword [ebp + 8] mov dh, byte [eax + 8] mov dword [eax + 0x18], ebx test dh, 8 jne short loc_0045dc64 ; jne 0x45dc64 cmp dword [ebp - 0x14], 0 jg short loc_0045dc59 ; jg 0x45dc59 test dh, 0x10 je short loc_0045dc64 ; je 0x45dc64 loc_0045dc59: mov edi, dword [ebp + 0x18] mov eax, ebx add eax, edi inc ebx mov byte [eax], 0x2e loc_0045dc64: mov eax, dword [ebp + 8] mov edx, dword [eax + 4] test edx, edx jge short loc_0045dc8f ; jge 0x45dc8f mov ecx, edx neg ecx push ecx mov eax, dword [ebp + 0x18] mov dword [ebp - 0x10], edx push 0x30 add eax, ebx mov esi, ecx push eax mov dword [ebp - 0x10], ecx mov edi, esi call memset ; call 0x456f60 add ebx, edi add esp, 0xc loc_0045dc8f: mov eax, dword [ebp - 0x14] test eax, eax jle short loc_0045dcda ; jle 0x45dcda cmp eax, dword [ebp + 0x10] jge short loc_0045dc9e ; jge 0x45dc9e mov dword [ebp + 0x10], eax loc_0045dc9e: mov ecx, dword [ebp + 0x10] test ecx, ecx je short loc_0045dcc6 ; je 0x45dcc6 mov edi, dword [ebp + 0x18] mov esi, dword [ebp + 0xc] add edi, ebx push es mov eax, ds mov es, eax push edi mov eax, ecx shr ecx, 2 repne movsd mov cl, al and cl, 3 repne movsb ; repne movsb byte es:[edi], byte ptr [esi] pop edi pop es add ebx, dword [ebp + 0x10] loc_0045dcc6: mov eax, dword [ebp + 8] mov edi, dword [ebp + 0x10] mov dword [eax + 0x1c], ebx mov eax, dword [ebp - 0x14] mov edx, dword [ebp + 8] sub eax, edi mov dword [edx + 0x20], eax loc_0045dcda: mov eax, dword [ebp + 8] cmp dword [eax + 0xc], 0 je short loc_0045dcf3 ; je 0x45dcf3 mov ecx, dword [ebp + 0x18] mov eax, ebx mov edx, dword [ebp + 8] add eax, ecx mov dl, byte [edx + 0xc] inc ebx mov byte [eax], dl loc_0045dcf3: mov esi, dword [ebp + 0x14] lea eax, [ebx + 1] test esi, esi jl short loc_0045dd0a ; jl 0x45dd0a mov edx, ebx mov ebx, eax mov eax, dword [ebp + 0x18] mov byte [edx + eax], 0x2b jmp short loc_0045dd1c ; jmp 0x45dd1c loc_0045dd0a: mov edx, ebx mov edi, esi mov ebx, eax neg edi mov eax, dword [ebp + 0x18] mov dword [ebp + 0x14], edi mov byte [edx + eax], 0x2d loc_0045dd1c: mov ecx, dword [ebp + 8] mov ecx, dword [ecx + 0x10] cmp ecx, 3 ja short loc_0045dd65 ; ja 0x45dd65 mov eax, ecx jmp dword [cs:eax*4 + ref_0045db56] ; ujmp: jmp dword cs:[eax*4 + 0x45db56] loc_0045dd31: cmp dword [ebp + 0x14], 0x3e8 jge short loc_0045dd60 ; jge 0x45dd60 mov ecx, 3 jmp short loc_0045dd65 ; jmp 0x45dd65 loc_0045dd41: cmp dword [ebp + 0x14], 0xa jl short loc_0045dd4c ; jl 0x45dd4c mov ecx, 2 loc_0045dd4c: cmp dword [ebp + 0x14], 0x64 jl short loc_0045dd57 ; jl 0x45dd57 mov ecx, 3 loc_0045dd57: cmp dword [ebp + 0x14], 0x3e8 jl short loc_0045dd65 ; jl 0x45dd65 loc_0045dd60: mov ecx, 4 loc_0045dd65: mov eax, dword [ebp + 8] mov dword [eax + 0x10], ecx cmp ecx, 4 jl short loc_0045ddb6 ; jl 0x45ddb6 xor eax, eax mov edx, dword [ebp + 0x14] mov dword [ebp - 0x10], eax cmp edx, 0x3e8 jl short loc_0045dda6 ; jl 0x45dda6 mov edi, 0x3e8 mov eax, edx sar edx, 0x1f idiv edi mov dword [ebp - 0x10], eax mov edx, eax shl eax, 5 sub eax, edx shl eax, 2 add eax, edx mov esi, dword [ebp + 0x14] shl eax, 3 sub esi, eax mov dword [ebp + 0x14], esi loc_0045dda6: mov edi, dword [ebp + 0x18] mov eax, ebx mov dl, byte [ebp - 0x10] add eax, edi add dl, 0x30 inc ebx mov byte [eax], dl loc_0045ddb6: cmp ecx, 3 jl short loc_0045ddfe ; jl 0x45ddfe xor eax, eax mov edx, dword [ebp + 0x14] mov dword [ebp - 0x10], eax cmp edx, 0x64 jl short loc_0045ddee ; jl 0x45ddee mov edi, 0x64 mov eax, edx sar edx, 0x1f idiv edi mov dword [ebp - 0x10], eax mov edx, eax shl eax, 2 sub eax, edx shl eax, 3 add eax, edx mov esi, dword [ebp + 0x14] shl eax, 2 sub esi, eax mov dword [ebp + 0x14], esi loc_0045ddee: mov edi, dword [ebp + 0x18] mov eax, ebx mov dl, byte [ebp - 0x10] add eax, edi add dl, 0x30 inc ebx mov byte [eax], dl loc_0045ddfe: cmp ecx, 2 jl short loc_0045de40 ; jl 0x45de40 xor eax, eax mov edx, dword [ebp + 0x14] mov dword [ebp - 0x10], eax cmp edx, 0xa jl short loc_0045de30 ; jl 0x45de30 mov ecx, 0xa mov eax, edx sar edx, 0x1f idiv ecx mov dword [ebp - 0x10], eax mov edx, eax shl eax, 2 add eax, edx mov ecx, dword [ebp + 0x14] add eax, eax sub ecx, eax mov dword [ebp + 0x14], ecx loc_0045de30: mov esi, dword [ebp + 0x18] mov eax, ebx mov dl, byte [ebp - 0x10] add eax, esi add dl, 0x30 inc ebx mov byte [eax], dl loc_0045de40: mov edi, dword [ebp + 0x18] mov eax, ebx mov dl, byte [ebp + 0x14] add eax, edi add dl, 0x30 inc ebx mov byte [eax], dl mov eax, dword [ebp + 8] mov edx, ebx mov eax, dword [eax + 0x1c] sub edx, eax mov eax, dword [ebp + 8] add ebx, edi mov dword [eax + 0x24], edx jmp near loc_0045db49 ; jmp 0x45db49 fcn_0045de67: push ebp mov ebp, esp push ebx push esi push edi sub esp, 0x30 mov eax, dword [ebp + 8] mov dword [ebp - 0x1c], eax loc_0045de76: mov dl, byte [eax] cmp dl, 0x20 je short loc_0045de87 ; je 0x45de87 cmp dl, 9 jb short loc_0045de8a ; jb 0x45de8a cmp dl, 0xd ja short loc_0045de8a ; ja 0x45de8a loc_0045de87: inc eax jmp short loc_0045de76 ; jmp 0x45de76 loc_0045de8a: xor dh, dh lea ebx, [eax + 1] mov byte [ebp - 0x10], dh cmp dl, 0x2b jne short loc_0045de9b ; jne 0x45de9b mov eax, ebx jmp short loc_0045dea7 ; jmp 0x45dea7 loc_0045de9b: cmp dl, 0x2d jne short loc_0045dea7 ; jne 0x45dea7 mov cl, 1 mov eax, ebx mov byte [ebp - 0x10], cl loc_0045dea7: mov dh, 0x30 xor ebx, ebx xor edi, edi loc_0045dead: mov dl, byte [eax] inc eax cmp dl, 0x2e jne short loc_0045dec7 ; jne 0x45dec7 mov cl, byte [ebp - 0x10] test cl, 8 jne short loc_0045deef ; jne 0x45deef mov ch, cl or ch, 8 mov byte [ebp - 0x10], ch jmp short loc_0045dead ; jmp 0x45dead loc_0045dec7: cmp dl, 0x30 jb short loc_0045deef ; jb 0x45deef cmp dl, 0x39 ja short loc_0045deef ; ja 0x45deef test byte [ebp - 0x10], 8 je short loc_0045ded8 ; je 0x45ded8 inc edi loc_0045ded8: or dh, dl cmp dh, 0x30 je short loc_0045dee9 ; je 0x45dee9 cmp ebx, 0x13 jge short loc_0045dee8 ; jge 0x45dee8 mov byte [ebx + ebp - 0x3c], dl loc_0045dee8: inc ebx loc_0045dee9: or byte [ebp - 0x10], 4 jmp short loc_0045dead ; jmp 0x45dead loc_0045deef: mov dh, byte [ebp - 0x10] xor esi, esi test dh, 4 je near loc_0045df79 ; je 0x45df79 cmp dl, 0x65 je short loc_0045df0b ; je 0x45df0b cmp dl, 0x45 jne near loc_0045df75 ; jne 0x45df75 loc_0045df0b: lea edx, [eax - 1] mov cl, byte [eax] mov dword [ebp - 0x18], edx lea edx, [eax + 1] cmp cl, 0x2b jne short loc_0045df1f ; jne 0x45df1f mov eax, edx jmp short loc_0045df2f ; jmp 0x45df2f loc_0045df1f: cmp cl, 0x2d jne short loc_0045df2f ; jne 0x45df2f mov cl, byte [ebp - 0x10] or cl, 2 mov eax, edx mov byte [ebp - 0x10], cl loc_0045df2f: and byte [ebp - 0x10], 0xfb loc_0045df33: mov dl, byte [eax] cmp dl, 0x30 jb short loc_0045df62 ; jb 0x45df62 cmp dl, 0x39 ja short loc_0045df62 ; ja 0x45df62 cmp esi, 0x3e8 jge short loc_0045df56 ; jge 0x45df56 imul esi, esi, 0xa mov dword [ebp - 0x14], esi movzx esi, dl add esi, dword [ebp - 0x14] sub esi, 0x30 loc_0045df56: mov dl, byte [ebp - 0x10] or dl, 4 inc eax mov byte [ebp - 0x10], dl jmp short loc_0045df33 ; jmp 0x45df33 loc_0045df62: test byte [ebp - 0x10], 2 je short loc_0045df6a ; je 0x45df6a neg esi loc_0045df6a: test byte [ebp - 0x10], 4 jne short loc_0045df76 ; jne 0x45df76 mov eax, dword [ebp - 0x18] jmp short loc_0045df76 ; jmp 0x45df76 loc_0045df75: dec eax loc_0045df76: mov dword [ebp - 0x1c], eax loc_0045df79: mov ecx, dword [ebp + 0x10] test ecx, ecx je short loc_0045df85 ; je 0x45df85 mov eax, dword [ebp - 0x1c] mov dword [ecx], eax loc_0045df85: sub esi, edi cmp ebx, 0x13 jle short loc_0045df96 ; jle 0x45df96 sub ebx, 0x13 add esi, ebx mov ebx, 0x13 loc_0045df96: test ebx, ebx jle short loc_0045dfa5 ; jle 0x45dfa5 cmp byte [ebx + ebp - 0x3d], 0x30 jne short loc_0045dfa5 ; jne 0x45dfa5 inc esi dec ebx jmp short loc_0045df96 ; jmp 0x45df96 loc_0045dfa5: test ebx, ebx jne short loc_0045dfbb ; jne 0x45dfbb mov eax, dword [ebp + 0xc] mov word [eax + 8], 0 mov dword [eax + 4], ebx mov dword [eax], ebx xor eax, eax jmp short loc_0045e021 ; jmp 0x45e021 loc_0045dfbb: xor al, al lea edx, [ebp - 0x28] mov byte [ebx + ebp - 0x3c], al lea eax, [ebp - 0x3c] call fcn_0045ef12 ; call 0x45ef12 test esi, esi je short loc_0045dfdd ; je 0x45dfdd push esi lea eax, [ebp - 0x28] push eax call fcn_0045d44e ; call 0x45d44e add esp, 8 loc_0045dfdd: test byte [ebp - 0x10], 1 je short loc_0045dfe7 ; je 0x45dfe7 or byte [ebp - 0x1f], 0x80 loc_0045dfe7: mov edx, dword [ebp + 0xc] mov eax, dword [ebp - 0x20] mov word [edx + 8], ax mov eax, dword [ebp - 0x24] mov dword [edx + 4], eax mov eax, dword [ebp - 0x28] mov dword [edx], eax lea eax, [esi + ebx - 1] cmp eax, 0x134 jle short loc_0045e00e ; jle 0x45e00e mov eax, 3 jmp short loc_0045e021 ; jmp 0x45e021 loc_0045e00e: cmp eax, 0xfffffecc jge short loc_0045e01c ; jge 0x45e01c mov eax, 2 jmp short loc_0045e021 ; jmp 0x45e021 loc_0045e01c: mov eax, 1 loc_0045e021: lea esp, [ebp - 0xc] pop edi pop esi pop ebx pop ebp ret fcn_0045e029: push ebp mov ebp, esp push ebx sub esp, 0x14 mov edx, dword [ebp + 0xc] push edx lea eax, [ebp - 0x18] push eax mov ebx, dword [ebp + 8] push ebx call fcn_0045de67 ; call 0x45de67 add esp, 0xc test eax, eax jne short loc_0045e050 ; jne 0x45e050 mov dword [ebp - 0xc], eax loc_0045e04b: mov dword [ebp - 8], eax jmp short loc_0045e0a9 ; jmp 0x45e0a9 loc_0045e050: mov eax, dword [ebp - 0x10] and ah, 0x7f and eax, 0xffff cmp eax, 0x43ff jl short loc_0045e089 ; jl 0x45e089 call fcn_00458e00 ; call 0x458e00 test byte [ebp - 0xf], 0x80 je short loc_0045e07a ; je 0x45e07a fld qword [ref_0046cad0] ; fld qword [0x46cad0] fchs fstp qword [ebp - 0xc] jmp short loc_0045e0a9 ; jmp 0x45e0a9 loc_0045e07a: mov eax, dword [ref_0046cad0] ; mov eax, dword [0x46cad0] mov dword [ebp - 0xc], eax mov eax, dword [ref_0046cad4] ; mov eax, dword [0x46cad4] jmp short loc_0045e04b ; jmp 0x45e04b loc_0045e089: cmp eax, 0x3bcd jge short loc_0045e09f ; jge 0x45e09f call fcn_00458e00 ; call 0x458e00 xor ecx, ecx mov dword [ebp - 0xc], ecx mov dword [ebp - 8], ecx jmp short loc_0045e0a9 ; jmp 0x45e0a9 loc_0045e09f: lea edx, [ebp - 0xc] lea eax, [ebp - 0x18] fld tword [eax] ; fld xword [eax] fstp qword [edx] loc_0045e0a9: mov eax, dword [ebp - 0xc] mov edx, dword [ebp - 8] lea esp, [ebp - 4] pop ebx pop ebp ret endloc_0045e0b5: db 0x00 fcn_0045e0b6: or ebx, ebx jne short loc_0045e0c5 ; jne 0x45e0c5 add ecx, ecx jne short loc_0045e0c3 ; jne 0x45e0c3 jmp near loc_0045efc7 ; jmp 0x45efc7 loc_0045e0c3: rcr ecx, 1 loc_0045e0c5: or eax, eax jne short loc_0045e0d0 ; jne 0x45e0d0 add edx, edx jne short loc_0045e0ce ; jne 0x45e0ce ret loc_0045e0ce: rcr edx, 1 loc_0045e0d0: cmp byte [ref_00488f35], 0 ; cmp byte [0x488f35], 0 je short fcn_0045e109 ; je 0x45e109 push edx push eax fld qword [esp] push ecx push ebx test byte [ref_0048936c], 1 ; test byte [0x48936c], 1 je short loc_0045e0f0 ; je 0x45e0f0 call fcn_0045f654 ; call 0x45f654 jmp short loc_0045e0f6 ; jmp 0x45e0f6 loc_0045e0f0: fdiv qword [esp] add esp, 8 loc_0045e0f6: fstp qword [esp] wait pop eax pop edx cmp edx, 0x80000000 jne short loc_0045e108 ; jne 0x45e108 sub edx, edx mov eax, edx loc_0045e108: ret fcn_0045e109: push ebp mov ebp, esp push edi push esi mov edi, edx mov esi, ecx sar edi, 0x14 sar ecx, 0x14 and edi, 0x800007ff and ecx, 0x800007ff rol edi, 0x10 rol ecx, 0x10 add di, cx rol edi, 0x10 rol ecx, 0x10 and edx, 0xfffff and esi, 0xfffff or di, di je short loc_0045e14c ; je 0x45e14c or edx, 0x100000 jmp short loc_0045e15a ; jmp 0x45e15a loc_0045e14c: add eax, eax adc edx, edx dec di test edx, 0x100000 je short loc_0045e14c ; je 0x45e14c loc_0045e15a: or cx, cx je short loc_0045e167 ; je 0x45e167 or esi, 0x100000 jmp short loc_0045e175 ; jmp 0x45e175 loc_0045e167: add ebx, ebx adc esi, esi dec cx test esi, 0x100000 je short loc_0045e167 ; je 0x45e167 loc_0045e175: sub di, cx add di, 0x3ff js short loc_0045e190 ; js 0x45e190 cmp di, 0x7ff jb short loc_0045e190 ; jb 0x45e190 mov eax, ecx pop esi pop edi pop ebp jmp near fcn_0045efd3 ; jmp 0x45efd3 loc_0045e190: cmp di, 0xffcc jge short loc_0045e19e ; jge 0x45e19e pop esi pop edi pop ebp jmp near fcn_0045efb6 ; jmp 0x45efb6 loc_0045e19e: push edi mov cl, 0xb shld edx, eax, cl shld eax, ebp, cl and eax, 0xfffff800 shld esi, ebx, cl shld ebx, ebp, cl and ebx, 0xfffff800 push esi push ebx mov ecx, esi mov edi, edx mov esi, eax sub eax, eax cmp ecx, edx ja short loc_0045e1c9 ; ja 0x45e1c9 sub edx, ecx inc eax loc_0045e1c9: push eax mov eax, esi div ecx push eax xchg eax, ebx mul ebx xchg eax, ecx xchg ebx, edx mul edx add eax, ebx adc edx, 0 mov ebx, dword [ebp - 0x14] test byte [ebp - 0x18], 1 je short loc_0045e1ea ; je 0x45e1ea add eax, ebx adc edx, dword [ebp - 0x10] loc_0045e1ea: neg ecx sbb esi, eax sbb edi, edx je short loc_0045e204 ; je 0x45e204 loc_0045e1f2: sub dword [ebp - 0x1c], 1 sbb dword [ebp - 0x18], 0 add ecx, ebx adc esi, dword [ebp - 0x10] adc edi, 0 jne short loc_0045e1f2 ; jne 0x45e1f2 loc_0045e204: mov edi, esi mov esi, ecx mov ecx, dword [ebp - 0x10] cmp ecx, edi ja short loc_0045e219 ; ja 0x45e219 sub edi, ecx add dword [ebp - 0x1c], 1 adc dword [ebp - 0x18], 0 loc_0045e219: mov edx, edi mov eax, esi div ecx push eax or eax, eax je short loc_0045e250 ; je 0x45e250 xchg eax, ebx mul ebx xchg eax, ecx xchg ebx, edx mul edx add eax, ebx adc edx, 0 neg ecx sbb esi, eax sbb edi, edx je short loc_0045e250 ; je 0x45e250 loc_0045e239: sub dword [ebp - 0x20], 1 sbb dword [ebp - 0x1c], 0 sbb dword [ebp - 0x18], 0 add ecx, dword [ebp - 0x14] adc esi, dword [ebp - 0x10] adc edi, 0 jne short loc_0045e239 ; jne 0x45e239 loc_0045e250: pop eax pop edx pop ebx add esp, 8 pop edi dec di shr ebx, 1 jae short loc_0045e262 ; jae 0x45e262 rcr edx, 1 rcr eax, 1 inc edi loc_0045e262: sub esi, esi mov cl, 0xb shrd eax, edx, cl rcr esi, 1 shrd edx, esi, cl or edx, 0xfff00000 add esi, esi adc eax, 0 adc edx, 0 adc edi, 0 or di, di jg short loc_0045e2a1 ; jg 0x45e2a1 jne short loc_0045e28a ; jne 0x45e28a mov cl, 1 jmp short loc_0045e290 ; jmp 0x45e290 loc_0045e28a: neg di mov cx, di loc_0045e290: and edx, 0x1fffff sub ebx, ebx shrd eax, edx, cl shrd edx, ebx, cl sub di, di loc_0045e2a1: and edx, 0xfffff mov esi, edi ror edi, 0xb add esi, esi rcr edi, 1 and edi, 0xfff00000 or edx, edi pop esi pop edi pop ebp ret fcn_0045e2bc: xor ecx, 0x80000000 or ebx, ebx jne short loc_0045e2cc ; jne 0x45e2cc add ecx, ecx je short loc_0045e2d8 ; je 0x45e2d8 rcr ecx, 1 loc_0045e2cc: or eax, eax jne short loc_0045e2db ; jne 0x45e2db add edx, edx jne short loc_0045e2d9 ; jne 0x45e2d9 mov edx, ecx mov eax, ebx loc_0045e2d8: ret loc_0045e2d9: rcr edx, 1 loc_0045e2db: cmp byte [ref_00488f35], 0 ; cmp byte [0x488f35], 0 je short loc_0045e305 ; je 0x45e305 push edx push eax fld qword [esp] push ecx push ebx fadd qword [esp] loc_0045e2ee: fstp qword [esp + 8] add esp, 8 wait pop eax pop edx cmp edx, 0x80000000 jne short loc_0045e304 ; jne 0x45e304 sub edx, edx mov eax, edx loc_0045e304: ret loc_0045e305: push ebp push edi push esi mov edi, edx mov esi, ecx sar edi, 0x14 sar ecx, 0x14 and edi, 0x800007ff and ecx, 0x800007ff mov ebp, ecx rol edi, 0x10 rol ecx, 0x10 add cx, di rol edi, 0x10 rol ecx, 0x10 and edx, 0xfffff and esi, 0xfffff or di, di je short loc_0045e346 ; je 0x45e346 or edx, 0x100000 loc_0045e346: or cx, cx je short loc_0045e351 ; je 0x45e351 or esi, 0x100000 loc_0045e351: add eax, eax adc edx, edx add ebx, ebx adc esi, esi sub cx, di je short loc_0045e38d ; je 0x45e38d jae short loc_0045e368 ; jae 0x45e368 mov ebp, edi neg cx xchg eax, ebx xchg edx, esi loc_0045e368: cmp cx, 0x36 jbe short loc_0045e38d ; jbe 0x45e38d mov edx, esi mov eax, ebx add ebp, ebp rcr edx, 1 rcr eax, 1 and edx, 0x800fffff ror ebp, 0xd and ebp, 0x7ff00000 or edx, ebp pop esi pop edi pop ebp ret loc_0045e38d: or ecx, ecx jns short loc_0045e39e ; jns 0x45e39e neg esi neg ebx sbb esi, 0 xor ebp, 0x80000000 loc_0045e39e: sub edi, edi cmp cl, 0 je short loc_0045e3c8 ; je 0x45e3c8 push ebx sub ebx, ebx cmp cl, 0x20 jb short loc_0045e3ba ; jb 0x45e3ba or eax, eax setne bl mov edi, ebx sub ebx, ebx mov eax, edx sub edx, edx loc_0045e3ba: shrd ebx, eax, cl or edi, ebx sub ebx, ebx shrd eax, edx, cl shrd edx, ebx, cl pop ebx loc_0045e3c8: add eax, ebx adc edx, esi jns short loc_0045e3f1 ; jns 0x45e3f1 cmp cl, 0x35 jb short loc_0045e3e4 ; jb 0x45e3e4 test edi, 0x7fffffff setne bl shr ebx, 1 adc eax, 0 adc edx, 0 loc_0045e3e4: neg edx neg eax sbb edx, 0 xor ebp, 0x80000000 loc_0045e3f1: mov ebx, eax or ebx, edx je short loc_0045e461 ; je 0x45e461 or bp, bp je short loc_0045e465 ; je 0x45e465 loc_0045e3fc: test edx, 0x7fe00000 jne short loc_0045e40e ; jne 0x45e40e dec bp je short loc_0045e465 ; je 0x45e465 add eax, eax adc edx, edx jmp short loc_0045e3fc ; jmp 0x45e3fc loc_0045e40e: test edx, 0x400000 je short loc_0045e426 ; je 0x45e426 shr edx, 1 rcr eax, 1 adc edi, 0 inc bp cmp bp, 0x7ff je short loc_0045e46f ; je 0x45e46f loc_0045e426: shr edx, 1 rcr eax, 1 jae short loc_0045e450 ; jae 0x45e450 or edi, edi setne bl or ebx, eax shr ebx, 1 adc eax, 0 adc edx, 0 test edx, 0x200000 je short loc_0045e450 ; je 0x45e450 shr edx, 1 rcr eax, 1 inc bp cmp bp, 0x7ff je short loc_0045e46f ; je 0x45e46f loc_0045e450: and edx, 0xfffff mov ecx, ebp shl ebp, 0x15 add ecx, ecx rcr ebp, 1 or edx, ebp loc_0045e461: pop esi pop edi pop ebp ret loc_0045e465: add ebp, ebp rcr edx, 1 rcr eax, 1 pop esi pop edi pop ebp ret loc_0045e46f: mov eax, ebp pop esi pop edi pop ebp jmp near fcn_0045efd3 ; jmp 0x45efd3 fcn_0045e479: or eax, eax jne short loc_0045e484 ; jne 0x45e484 add edx, edx jne short loc_0045e482 ; jne 0x45e482 ret loc_0045e482: rcr edx, 1 loc_0045e484: or ebx, ebx jne short loc_0045e493 ; jne 0x45e493 add ecx, ecx jne short loc_0045e491 ; jne 0x45e491 sub eax, eax sub edx, edx ret loc_0045e491: rcr ecx, 1 loc_0045e493: cmp byte [ref_00488f35], 0 ; cmp byte [0x488f35], 0 je short loc_0045e4ab ; je 0x45e4ab push edx push eax fld qword [esp] push ecx push ebx fmul qword [esp] jmp near loc_0045e2ee ; jmp 0x45e2ee loc_0045e4ab: push ebp push edi push esi mov edi, edx mov esi, ecx sar edi, 0x14 sar ecx, 0x14 and edi, 0x800007ff and ecx, 0x800007ff rol edi, 0x10 rol ecx, 0x10 add cx, di rol edi, 0x10 rol ecx, 0x10 and edx, 0xfffff and esi, 0xfffff or di, di jne short loc_0045e4f4 ; jne 0x45e4f4 inc di loc_0045e4e6: dec di add eax, eax adc edx, edx test edx, 0x100000 je short loc_0045e4e6 ; je 0x45e4e6 loc_0045e4f4: or edx, 0x100000 or cx, cx jne short loc_0045e50f ; jne 0x45e50f inc cx loc_0045e501: dec cx add ebx, ebx adc esi, esi test esi, 0x100000 je short loc_0045e501 ; je 0x45e501 loc_0045e50f: or esi, 0x100000 add cx, di sub cx, 0x3ff js short loc_0045e530 ; js 0x45e530 cmp cx, 0x7ff jb short loc_0045e530 ; jb 0x45e530 mov eax, ecx pop esi pop edi pop ebp jmp near fcn_0045efd3 ; jmp 0x45efd3 loc_0045e530: cmp cx, 0xffcb jge short loc_0045e53e ; jge 0x45e53e pop esi pop edi pop ebp jmp near fcn_0045efb6 ; jmp 0x45efb6 loc_0045e53e: push ecx mov cl, 0xb shld edx, eax, cl shld eax, ebp, cl and eax, 0xfffff800 shld esi, ebx, cl shld ebx, ebp, cl and ebx, 0xfffff800 sub ebp, ebp push esi push edx push eax mul ebx xchg eax, esi mov ecx, edx pop edx mul edx mov edi, edx add ecx, eax adc edi, ebp adc ebp, ebp pop eax xchg eax, ebx mul ebx add ecx, eax adc edi, edx adc ebp, 0 mov eax, ebx pop edx mul edx add eax, edi adc edx, ebp sub ebx, ebx mov cl, 0xa shrd ebx, eax, cl shrd eax, edx, cl shrd edx, ebx, cl pop ecx loc_0045e58f: test edx, 0x200000 je short loc_0045e5a8 ; je 0x45e5a8 shr edx, 1 rcr eax, 1 rcr ebx, 1 inc cx cmp cx, 0x7ff je short loc_0045e60c ; je 0x45e60c jmp short loc_0045e58f ; jmp 0x45e58f loc_0045e5a8: add ebx, ebx jae short loc_0045e5d6 ; jae 0x45e5d6 jne short loc_0045e5bb ; jne 0x45e5bb or esi, esi setne bl shr ebx, 1 jb short loc_0045e5bb ; jb 0x45e5bb mov esi, eax shr esi, 1 loc_0045e5bb: adc eax, 0 adc edx, 0 test edx, 0x200000 je short loc_0045e5d6 ; je 0x45e5d6 shr edx, 1 rcr eax, 1 inc cx cmp cx, 0x7ff je short loc_0045e60c ; je 0x45e60c loc_0045e5d6: or cx, cx jg short loc_0045e5f1 ; jg 0x45e5f1 jne short loc_0045e5e1 ; jne 0x45e5e1 mov cl, 1 jmp short loc_0045e5e6 ; jmp 0x45e5e6 loc_0045e5e1: neg cx dec cx loc_0045e5e6: sub ebx, ebx shrd eax, edx, cl shrd edx, ebx, cl sub cx, cx loc_0045e5f1: and edx, 0xfffff mov esi, ecx ror ecx, 0xb add esi, esi rcr ecx, 1 and ecx, 0xfff00000 or edx, ecx pop esi pop edi pop ebp ret loc_0045e60c: mov eax, ecx pop esi pop edi pop ebp jmp near fcn_0045efd3 ; jmp 0x45efd3 fcn_0045e616: push ebp test edx, 0x7ff00000 jne short loc_0045e621 ; jne 0x45e621 sub edx, edx loc_0045e621: test ecx, 0x7ff00000 jne short loc_0045e62b ; jne 0x45e62b sub ecx, ecx loc_0045e62b: mov ebp, ecx xor ebp, edx mov ebp, 0 js short loc_0045e642 ; js 0x45e642 cmp edx, ecx jne short loc_0045e63c ; jne 0x45e63c cmp eax, ebx loc_0045e63c: je short loc_0045e64a ; je 0x45e64a rcr ecx, 1 xor edx, ecx loc_0045e642: add edx, edx sbb ebp, 0 add ebp, ebp inc ebp loc_0045e64a: mov eax, ebp pop ebp ret fcn_0045e64e: mov eax, dword [esp + 4] sub eax, 4 mov eax, dword [eax] and al, 0xfe sub eax, 4 ret endloc_0045e65d: db 0x53 db 0x8b db 0x54 dd 0x8b520c24 dd 0x530c245c dd 0x0001bce8 dd 0x08c48300 db 0x5b db 0xc3 fcn_0045e672: push ebx push esi push edi push ebp sub esp, 0x10 mov esi, dword [esp + 0x28] mov ebp, dword [esp + 0x30] mov eax, dword [esp + 0x2c] add eax, 0xb mov edx, dword [esp + 0x2c] and al, 0xf8 cmp eax, edx jae short loc_0045e699 ; jae 0x45e699 mov eax, 0xffffffff jmp short loc_0045e6a3 ; jmp 0x45e6a3 loc_0045e699: cmp eax, 0x10 jae short loc_0045e6a3 ; jae 0x45e6a3 mov eax, 0x10 loc_0045e6a3: lea edx, [esi - 4] mov dword [esp], edx mov edx, dword [edx] and dl, 0xfe cmp eax, edx jbe near loc_0045e7c0 ; jbe 0x45e7c0 mov edi, dword [esp] sub eax, edx add edi, edx mov dword [ebp], eax loc_0045e6c0: mov eax, dword [edi] mov dword [esp + 0xc], eax cmp eax, 0xffffffff jne short loc_0045e6d5 ; jne 0x45e6d5 mov eax, 2 jmp near loc_0045e821 ; jmp 0x45e821 loc_0045e6d5: test byte [esp + 0xc], 1 jne near loc_0045e7b9 ; jne 0x45e7b9 mov eax, dword [edi + 8] mov dword [esp + 4], eax mov eax, dword [edi + 4] mov edx, ds mov dword [esp + 8], eax mov eax, ref_00488f00 ; mov eax, 0x488f00 cmp dx, word [esp + 0x24] jne short loc_0045e719 ; jne 0x45e719 mov ebx, dword [ref_00488f00] ; mov ebx, dword [0x488f00] jmp short loc_0045e713 ; jmp 0x45e713 loc_0045e704: cmp ebx, esi ja short loc_0045e710 ; ja 0x45e710 mov eax, dword [ebx] add eax, ebx cmp eax, esi ja short loc_0045e719 ; ja 0x45e719 loc_0045e710: mov ebx, dword [ebx + 8] loc_0045e713: cmp dword [ebx + 8], 0 jne short loc_0045e704 ; jne 0x45e704 loc_0045e719: mov ecx, dword [ebx + 0xc] cmp edi, ecx jne short loc_0045e726 ; jne 0x45e726 mov eax, dword [ecx + 4] mov dword [ebx + 0xc], eax loc_0045e726: mov eax, dword [esp + 0xc] mov edx, dword [ebp] cmp eax, edx jb short loc_0045e738 ; jb 0x45e738 sub eax, edx cmp eax, 0x10 jae short loc_0045e774 ; jae 0x45e774 loc_0045e738: mov eax, dword [esp + 8] mov edx, dword [esp + 4] mov dword [eax + 8], edx mov eax, edx mov edx, dword [esp + 8] mov dword [eax + 4], edx mov edx, dword [esp] mov eax, dword [esp + 0xc] add dword [edx], eax mov eax, dword [ebx + 0x1c] xor dh, dh dec eax mov byte [ref_004991d1], dh ; mov byte [0x4991d1], dh mov dword [ebx + 0x1c], eax mov eax, dword [esp + 0xc] mov edx, dword [ebp] cmp eax, edx jb short loc_0045e7ab ; jb 0x45e7ab jmp near loc_0045e81f ; jmp 0x45e81f loc_0045e774: add edi, edx mov dword [edi], eax mov eax, dword [esp + 8] mov dword [edi + 4], eax mov eax, dword [esp + 4] mov dword [edi + 8], eax mov eax, dword [esp + 8] mov dword [eax + 8], edi mov eax, dword [esp + 4] mov dword [eax + 4], edi mov edx, dword [esp] mov eax, dword [ebp] add dword [edx], eax xor dl, dl xor eax, eax mov byte [ref_004991d1], dl ; mov byte [0x4991d1], dl jmp near loc_0045e821 ; jmp 0x45e821 loc_0045e7ab: mov ecx, edx sub ecx, eax add edi, eax mov dword [ebp], ecx jmp near loc_0045e6c0 ; jmp 0x45e6c0 loc_0045e7b9: mov eax, 1 jmp short loc_0045e821 ; jmp 0x45e821 loc_0045e7c0: sub edx, eax cmp edx, 0x10 jb short loc_0045e81f ; jb 0x45e81f mov ebp, dword [esp] mov edi, eax or dl, 1 or di, 1 lea ecx, [eax + ebp] mov dword [ebp], edi mov eax, ref_00488f00 ; mov eax, 0x488f00 mov dword [ecx], edx mov edx, ds mov dword [esp], ecx cmp dx, word [esp + 0x24] jne short loc_0045e809 ; jne 0x45e809 mov ebx, dword [ref_00488f00] ; mov ebx, dword [0x488f00] jmp short loc_0045e803 ; jmp 0x45e803 loc_0045e7f4: cmp ebx, esi ja short loc_0045e800 ; ja 0x45e800 mov eax, dword [ebx] add eax, ebx cmp eax, esi ja short loc_0045e809 ; ja 0x45e809 loc_0045e800: mov ebx, dword [ebx + 8] loc_0045e803: cmp dword [ebx + 8], 0 jne short loc_0045e7f4 ; jne 0x45e7f4 loc_0045e809: mov eax, dword [esp] mov ebp, dword [ebx + 0x18] add eax, 4 inc ebp push eax mov dword [ebx + 0x18], ebp call lib_free ; call 0x456e1f add esp, 4 loc_0045e81f: xor eax, eax loc_0045e821: add esp, 0x10 pop ebp pop edi pop esi pop ebx ret fcn_0045e829: push ebx sub esp, 4 call dword [ref_00488f68] ; ucall: call dword [0x488f68] mov eax, esp push eax mov edx, dword [esp + 0x14] push edx mov ebx, dword [esp + 0x14] push ebx mov eax, ref_00488f00 ; mov eax, 0x488f00 mov edx, ds xor eax, eax mov ax, dx push eax call fcn_0045e672 ; call 0x45e672 add esp, 0x10 test eax, eax jne short loc_0045e866 ; jne 0x45e866 call dword [ref_00488f70] ; ucall: call dword [0x488f70] mov eax, ebx add esp, 4 pop ebx ret loc_0045e866: call dword [ref_00488f70] ; ucall: call dword [0x488f70] xor eax, eax add esp, 4 pop ebx ret fcn_0045e873: cmp byte [ref_00489724], 0 ; cmp byte [0x489724], 0 je short loc_0045e89b ; je 0x45e89b xor eax, eax mov ax, word [esp + 8] push eax mov edx, dword [esp + 8] push edx int3 jmp short loc_0045e892 ; jmp 0x45e892 endloc_0045e88c: dd 0x44495657 db 0x45 db 0x4f loc_0045e892: mov eax, 1 add esp, 8 ret loc_0045e89b: xor eax, eax ret fcn_0045e89e: xor eax, eax ret fcn_0045e8c3: call dword [ref_0048972c] ; ucall: call dword [0x48972c] ret fcn_0045e8ca: mov edx, dword [esp + 4] push edx call dword [ref_00489730] ; ucall: call dword [0x489730] add esp, 4 ret fcn_0045e924: push ebx push esi push edi push ebp sub esp, 0x10 push ref_0046ca90 ; push 0x46ca90 call fcn_0045c0b4 ; call 0x45c0b4 add esp, 4 mov ebx, eax test eax, eax je near loc_0045ea5a ; je 0x45ea5a loc_0045e942: cmp byte [ebx], 0 je near loc_0045ea4d ; je 0x45ea4d mov dl, 0x3a mov esi, ebx loc_0045e94f: mov al, byte [esi] cmp al, dl je short loc_0045e967 ; je 0x45e967 cmp al, 0 je short loc_0045e965 ; je 0x45e965 inc esi mov al, byte [esi] cmp al, dl je short loc_0045e967 ; je 0x45e967 inc esi cmp al, 0 jne short loc_0045e94f ; jne 0x45e94f loc_0045e965: sub esi, esi loc_0045e967: mov edi, esi sub esi, ebx push esi push ebx lea ebx, [esp + 8] push ebx call fcn_0045f8f7 ; call 0x45f8f7 add esp, 0xc push 0x10 push 0 lea ebx, [esp + 8] xor dl, dl push ebx mov byte [esp + esi + 0xc], dl lea esi, [edi + 1] call fcn_0045fa9e ; call 0x45fa9e mov dl, 0x3a add esp, 0xc mov ebp, eax mov ebx, esi loc_0045e99a: mov al, byte [esi] cmp al, dl je short loc_0045e9b2 ; je 0x45e9b2 cmp al, 0 je short loc_0045e9b0 ; je 0x45e9b0 inc esi mov al, byte [esi] cmp al, dl je short loc_0045e9b2 ; je 0x45e9b2 inc esi cmp al, 0 jne short loc_0045e99a ; jne 0x45e99a loc_0045e9b0: sub esi, esi loc_0045e9b2: mov edi, esi sub esi, ebx push esi push ebx lea ebx, [esp + 8] push ebx call fcn_0045f8f7 ; call 0x45f8f7 add esp, 0xc push 0x10 push 0 lea ebx, [esp + 8] xor dh, dh push ebx mov byte [esp + esi + 0xc], dh lea esi, [edi + 1] call fcn_0045fa9e ; call 0x45fa9e mov dword [esp + 0x18], eax add esp, 0xc mov dl, 0x2a mov ebx, esi loc_0045e9e7: mov al, byte [esi] cmp al, dl je short loc_0045e9ff ; je 0x45e9ff cmp al, 0 je short loc_0045e9fd ; je 0x45e9fd inc esi mov al, byte [esi] cmp al, dl je short loc_0045e9ff ; je 0x45e9ff inc esi cmp al, 0 jne short loc_0045e9e7 ; jne 0x45e9e7 loc_0045e9fd: sub esi, esi loc_0045e9ff: mov edi, esi sub esi, ebx push esi push ebx lea ebx, [esp + 8] push ebx call fcn_0045f8f7 ; call 0x45f8f7 add esp, 0xc push 0x10 xor bl, bl push 0 mov byte [esp + esi + 8], bl lea ebx, [esp + 8] push ebx call fcn_0045fa9e ; call 0x45fa9e add esp, 0xc push ebp mov edx, dword [esp + 0x10] push edx mov ebx, eax call fcn_00459ece ; call 0x459ece add esp, 8 push ebx push ebp lea esi, [edi + 1] call fcn_0045bef6 ; call 0x45bef6 mov ebx, esi add esp, 8 jmp near loc_0045e942 ; jmp 0x45e942 loc_0045ea4d: push ref_0046ca9c ; push 0x46ca9c call fcn_0045faf7 ; call 0x45faf7 add esp, 4 loc_0045ea5a: add esp, 0x10 pop ebp pop edi pop esi pop ebx ret endloc_0045ea62: db 0xff db 0x15 dd ref_00489734 fcn_0045ea68: push 0xff push ref_0046caac ; push 0x46caac call __fatal_runtime_error ; call 0x45c690 add esp, 8 ret fcn_0045ea7b: push ebx push edi sub esp, 4 xor edx, edx mov ah, byte [ref_00488f34] ; mov ah, byte [0x488f34] mov dword [esp], edx test ah, ah je short loc_0045eac2 ; je 0x45eac2 mov edi, esp fnstcw word [ss:edi] wait cmp dword [esp + 0x14], 0 je short loc_0045eac2 ; je 0x45eac2 mov eax, dword [esp + 0x14] mov ebx, dword [esp] mov edi, dword [esp + 0x10] mov ecx, dword [esp + 0x14] not eax and edi, ecx and eax, ebx or eax, edi mov edi, esp mov dword [esp], eax fldcw word [ss:edi] wait mov edi, esp fnstcw word [ss:edi] wait loc_0045eac2: xor eax, eax mov ax, word [esp] add esp, 4 pop edi pop ebx ret fcn_0045eace: push ebx push esi push ebp sub esp, 0x14 mov esi, dword [esp + 0x24] cmp esi, 0xffffffff jne short loc_0045eaeb ; jne 0x45eaeb call dword [cs:__imp__GetACP@0] ; ucall: call dword cs:[0x462370] loc_0045eae4: mov esi, eax jmp near loc_0045eb7f ; jmp 0x45eb7f loc_0045eaeb: cmp esi, 0xfffffffe jne short loc_0045eaf9 ; jne 0x45eaf9 call dword [cs:__imp__GetOEMCP@0] ; ucall: call dword cs:[0x4623c0] jmp short loc_0045eae4 ; jmp 0x45eae4 loc_0045eaf9: cmp esi, 0xfffffffd jne short loc_0045eb27 ; jne 0x45eb27 push 0x101 push 0 push ref_0049995c ; push 0x49995c call memset ; call 0x456f60 add esp, 0xc xor edx, edx xor eax, eax mov dword [ref_00499958], edx ; mov dword [0x499958], edx mov dword [ref_00489738], edx ; mov dword [0x489738], edx jmp near loc_0045ec1a ; jmp 0x45ec1a loc_0045eb27: cmp esi, 0xfffffffc jne short loc_0045eb7f ; jne 0x45eb7f push 0x101 push 0 push ref_0049995c ; push 0x49995c call memset ; call 0x456f60 mov eax, 0x81 mov dl, 1 add esp, 0xc loc_0045eb47: inc eax mov byte [eax + ref_0049995c], dl ; mov byte [eax + 0x49995c], dl cmp eax, 0x9f jle short loc_0045eb47 ; jle 0x45eb47 mov eax, 0xe0 mov dh, 1 loc_0045eb5c: inc eax mov byte [eax + ref_0049995c], dh ; mov byte [eax + 0x49995c], dh cmp eax, 0xfc jle short loc_0045eb5c ; jle 0x45eb5c mov ebp, 1 mov eax, 0x3a4 mov dword [ref_00499958], ebp ; mov dword [0x499958], ebp jmp near loc_0045ec0b ; jmp 0x45ec0b loc_0045eb7f: test esi, esi jne short loc_0045eb88 ; jne 0x45eb88 mov esi, 1 loc_0045eb88: mov eax, esp push eax push esi call dword [cs:__imp__GetCPInfo@8] ; ucall: call dword cs:[0x462374] test eax, eax jne short loc_0045eba1 ; jne 0x45eba1 mov eax, 1 jmp near loc_0045ec1a ; jmp 0x45ec1a loc_0045eba1: push 0x101 push 0 push ref_0049995c ; push 0x49995c call memset ; call 0x456f60 add esp, 0xc xor ecx, ecx mov ah, byte [esp + 6] mov dword [ref_00499958], ecx ; mov dword [0x499958], ecx test ah, ah je short loc_0045ebcf ; je 0x45ebcf mov dword [ref_00499958], 1 ; mov dword [0x499958], 1 loc_0045ebcf: xor edx, edx mov cl, 1 jmp short loc_0045ebf1 ; jmp 0x45ebf1 loc_0045ebd5: xor eax, eax mov al, byte [esp + edx + 6] jmp short loc_0045ebe4 ; jmp 0x45ebe4 loc_0045ebdd: inc eax mov byte [eax + ref_0049995c], cl ; mov byte [eax + 0x49995c], cl loc_0045ebe4: xor ebx, ebx mov bl, byte [esp + edx + 7] cmp eax, ebx jle short loc_0045ebdd ; jle 0x45ebdd add edx, 2 loc_0045ebf1: cmp byte [esp + edx + 6], 0 jne short loc_0045ebd5 ; jne 0x45ebd5 cmp byte [esp + edx + 7], 0 jne short loc_0045ebd5 ; jne 0x45ebd5 cmp esi, 1 jne short loc_0045ec12 ; jne 0x45ec12 call dword [cs:__imp__GetOEMCP@0] ; ucall: call dword cs:[0x4623c0] loc_0045ec0b: mov dword [ref_00489738], eax ; mov dword [0x489738], eax jmp short loc_0045ec18 ; jmp 0x45ec18 loc_0045ec12: mov dword [ref_00489738], esi ; mov dword [0x489738], esi loc_0045ec18: xor eax, eax loc_0045ec1a: add esp, 0x14 pop ebp pop esi pop ebx ret endloc_0045ec21: db 0x00 db 0x09 db 0xd2 dd 0xc9091e78 dd 0x48e80678 dd 0xc3000000 dd 0xdbf7d9f7 dd 0xe800d983 dd 0x0000003b dd 0xd8f7daf7 dd 0xc300da83 dd 0xd8f7daf7 dd 0x0900da83 dd 0xf71479c9 dd 0x83dbf7d9 dd 0x1ce800d9 dd 0xf7000000 dd 0x83dbf7d9 dd 0xe8c300d9 dd 0x0000000f dd 0xdbf7d9f7 dd 0xf700d983 dd 0x83d8f7da db 0xda db 0x00 db 0xc3 fcn_0045ec77: or ecx, ecx jne short loc_0045ec95 ; jne 0x45ec95 dec ebx je short loc_0045ec94 ; je 0x45ec94 inc ebx cmp ebx, edx ja short loc_0045ec8c ; ja 0x45ec8c mov ecx, eax mov eax, edx sub edx, edx div ebx xchg eax, ecx loc_0045ec8c: div ebx mov ebx, edx mov edx, ecx sub ecx, ecx loc_0045ec94: ret loc_0045ec95: cmp ecx, edx jb short loc_0045ecb5 ; jb 0x45ecb5 jne short loc_0045ecad ; jne 0x45ecad cmp ebx, eax ja short loc_0045ecad ; ja 0x45ecad sub eax, ebx mov ebx, eax sub ecx, ecx sub edx, edx mov eax, 1 ret loc_0045ecad: sub ecx, ecx sub ebx, ebx xchg eax, ebx xchg edx, ecx ret loc_0045ecb5: push ebp push esi push edi sub esi, esi mov edi, esi mov ebp, esi loc_0045ecbe: add ebx, ebx adc ecx, ecx jb short loc_0045ecd7 ; jb 0x45ecd7 inc ebp cmp ecx, edx jb short loc_0045ecbe ; jb 0x45ecbe ja short loc_0045eccf ; ja 0x45eccf cmp ebx, eax jbe short loc_0045ecbe ; jbe 0x45ecbe loc_0045eccf: clc loc_0045ecd0: adc esi, esi adc edi, edi dec ebp js short loc_0045ecf9 ; js 0x45ecf9 loc_0045ecd7: rcr ecx, 1 rcr ebx, 1 sub eax, ebx sbb edx, ecx cmc jb short loc_0045ecd0 ; jb 0x45ecd0 loc_0045ece2: add esi, esi adc edi, edi dec ebp js short loc_0045ecf5 ; js 0x45ecf5 shr ecx, 1 rcr ebx, 1 add eax, ebx adc edx, ecx jae short loc_0045ece2 ; jae 0x45ece2 jmp short loc_0045ecd0 ; jmp 0x45ecd0 loc_0045ecf5: add eax, ebx adc edx, ecx loc_0045ecf9: mov ebx, eax mov ecx, edx mov eax, esi mov edx, edi pop edi pop esi pop ebp ret fcn_0045ed05: mov eax, dword [esp + 4] cmp byte [eax], 0 jne short loc_0045ed14 ; jne 0x45ed14 mov eax, 1 ret loc_0045ed14: cmp dword [ref_00499958], 0 ; cmp dword [0x499958], 0 je short loc_0045ed3e ; je 0x45ed3e xor edx, edx mov dl, byte [eax] mov dl, byte [edx + ref_0049995d] ; mov dl, byte [edx + 0x49995d] and dl, 1 and edx, 0xff je short loc_0045ed3e ; je 0x45ed3e cmp byte [eax + 1], 0 jne short loc_0045ed3e ; jne 0x45ed3e mov eax, 2 ret loc_0045ed3e: xor eax, eax ret fcn_0045ed41: push ebx push esi sub esp, 8 mov edx, dword [esp + 0x14] push edx lea eax, [esp + 8] push eax call fcn_0045fee1 ; call 0x45fee1 add esp, 8 mov ebx, dword [esp + 0x14] push ebx call fcn_0045ff1a ; call 0x45ff1a add esp, 4 mov ecx, dword [esp + 0x18] xor dl, dl push ecx mov byte [esp + eax + 8], dl lea eax, [esp + 4] push eax call fcn_0045fee1 ; call 0x45fee1 add esp, 8 mov esi, dword [esp + 0x18] push esi call fcn_0045ff1a ; call 0x45ff1a add esp, 4 xor dh, dh mov byte [esp + eax], dh lea eax, [esp + 4] push eax call fcn_0045ff46 ; call 0x45ff46 add esp, 4 mov eax, esp push eax call fcn_0045ff46 ; call 0x45ff46 add esp, 4 mov eax, esp push eax lea eax, [esp + 8] push eax call fcn_0045ffab ; call 0x45ffab add esp, 8 add esp, 8 pop esi pop ebx ret fcn_0045edbd: mov eax, dword [esp + 4] cmp dword [ref_00499958], 0 ; cmp dword [0x499958], 0 je short loc_0045ede9 ; je 0x45ede9 xor edx, edx mov dl, byte [eax] mov dl, byte [edx + ref_0049995d] ; mov dl, byte [edx + 0x49995d] and dl, 1 and edx, 0xff je short loc_0045ede9 ; je 0x45ede9 cmp byte [eax + 1], 0 je short loc_0045ede9 ; je 0x45ede9 add eax, 2 ret loc_0045ede9: inc eax ret endloc_0045edeb: db 0x00 fcn_0045edec: jmp near loc_00460007 ; jmp 0x460007 fcn_0045edf1: mov edx, dword [esp + 4] cmp edx, 3 jbe short loc_0045edfd ; jbe 0x45edfd xor eax, eax ret loc_0045edfd: mov eax, edx shl eax, 2 sub eax, edx shl eax, 2 add eax, edx add eax, eax add eax, ref_00488f9c ; add eax, 0x488f9c ret fcn_0045ee11: push ebx push esi push edi push ebp sub esp, 4 mov ebx, dword [esp + 0x18] mov esi, dword [esp + 0x1c] mov edx, dword [esi + 0x10] push edx call dword [ref_00488f50] ; ucall: call dword [0x488f50] mov eax, dword [esi + 8] mov ecx, dword [eax + 8] add esp, 4 test ecx, ecx jne short loc_0045ee40 ; jne 0x45ee40 push esi call fcn_0045940b ; call 0x45940b add esp, 4 loc_0045ee40: mov ah, byte [esi + 0xd] xor ebp, ebp test ah, 4 je short loc_0045ee5f ; je 0x45ee5f mov dl, ah and dl, 0xf9 mov byte [esi + 0xd], dl mov dh, dl or dh, 2 mov ebp, 1 mov byte [esi + 0xd], dh loc_0045ee5f: mov dword [esp], ebx xor edi, edi loc_0045ee64: xor eax, eax mov al, byte [ebx] test eax, eax je short loc_0045ee7e ; je 0x45ee7e push esi push eax inc ebx call fcn_00459aab ; call 0x459aab add esp, 8 cmp eax, 0xffffffff jne short loc_0045ee64 ; jne 0x45ee64 mov edi, eax loc_0045ee7e: test ebp, ebp je short loc_0045eea2 ; je 0x45eea2 mov cl, byte [esi + 0xd] and cl, 0xf9 mov byte [esi + 0xd], cl mov ch, cl or ch, 4 mov byte [esi + 0xd], ch test edi, edi jne short loc_0045eea2 ; jne 0x45eea2 push esi call fcn_004591f9 ; call 0x4591f9 add esp, 4 mov edi, eax loc_0045eea2: test edi, edi jne short loc_0045eead ; jne 0x45eead mov edi, dword [esp] sub ebx, edi mov edi, ebx loc_0045eead: mov ebp, dword [esi + 0x10] push ebp call dword [ref_00488f54] ; ucall: call dword [0x488f54] add esp, 4 mov eax, edi add esp, 4 pop ebp pop edi pop esi pop ebx ret fcn_0045eec4: mov eax, dword [esp + 4] mov dx, word [eax + 8] and dh, 0x7f cmp dx, 0x7fff jne short loc_0045eef0 ; jne 0x45eef0 cmp dword [eax + 4], 0x80000000 jne short loc_0045eeea ; jne 0x45eeea cmp dword [eax], 0 jne short loc_0045eeea ; jne 0x45eeea mov eax, 3 ret loc_0045eeea: mov eax, 2 ret loc_0045eef0: test word [eax + 8], 0x7fff jne short loc_0045ef0c ; jne 0x45ef0c cmp dword [eax + 4], 0 jne short loc_0045ef06 ; jne 0x45ef06 cmp dword [eax], 0 jne short loc_0045ef06 ; jne 0x45ef06 xor eax, eax ret loc_0045ef06: mov eax, 4 ret loc_0045ef0c: mov eax, 1 ret fcn_0045ef12: push ebp push esi push edi push ecx push ebx push edx mov esi, eax sub edx, edx sub ecx, ecx sub ebp, ebp sub eax, eax loc_0045ef22: mov al, byte [esi] cmp al, 0 je short loc_0045ef57 ; je 0x45ef57 mov edi, edx mov ebx, ecx mov eax, ebp add ebp, ebp adc ecx, ecx adc edx, edx add ebp, ebp adc ecx, ecx adc edx, edx add ebp, eax adc ecx, ebx adc edx, edi add ebp, ebp adc ecx, ecx adc edx, edx sub eax, eax mov al, byte [esi] and al, 0xf add ebp, eax adc ecx, 0 adc edx, 0 inc esi jmp short loc_0045ef22 ; jmp 0x45ef22 loc_0045ef57: mov eax, ecx mov edi, 0x405e call fcn_0045ef74 ; call 0x45ef74 pop ebp mov dword [ebp + 4], edx mov dword [ebp], eax mov word [ebp + 8], si pop ebx pop ecx pop edi pop esi pop ebp ret fcn_0045ef74: sub esi, esi or esi, eax or esi, edx or esi, ebp je short loc_0045efb4 ; je 0x45efb4 or edx, edx jne short loc_0045ef8b ; jne 0x45ef8b mov edx, eax mov eax, ebp sub ebp, ebp sub edi, 0x20 loc_0045ef8b: or edx, edx jne short loc_0045ef98 ; jne 0x45ef98 mov edx, eax mov eax, ebp sub ebp, ebp sub edi, 0x20 loc_0045ef98: or edx, edx js short loc_0045efa5 ; js 0x45efa5 dec edi add ebp, ebp adc eax, eax adc edx, edx jmp short loc_0045ef98 ; jmp 0x45ef98 loc_0045efa5: add ebp, ebp adc eax, 0 adc edx, 0 jae short loc_0045efb2 ; jae 0x45efb2 rcr edx, 1 inc edi loc_0045efb2: mov esi, edi loc_0045efb4: ret endloc_0045efb5: db 0x00 fcn_0045efb6: sub edx, edx sub eax, eax ret endloc_0045efbb: db 0xb8 dd 0x00000083 dd 0x001045e8 db 0x00 db 0xeb db 0x1d loc_0045efc7: mov eax, 0x83 call fcn_0046000a ; call 0x46000a jmp short loc_0045efe4 ; jmp 0x45efe4 fcn_0045efd3: push eax call fcn_00458e00 ; call 0x458e00 mov eax, 0x84 call fcn_0046000a ; call 0x46000a pop eax loc_0045efe4: and eax, 0x80000000 or eax, 0x7ff00000 mov edx, eax sub eax, eax ret endloc_0045eff3: db 0xb8 dd 0x00000083 dd 0x00100de8 dd 0x5011eb00 dd 0xff9dfbe8 dd 0x0084b8ff dd 0xfbe80000 dd 0x5800000f dd 0x00000025 dd 0x00000d80 dd 0x00c37f80 fcn_0045f01c: fld tword [esp + 0x10] ; fld xword [esp + 0x10] fld tword [esp + 4] ; fld xword [esp + 4] loc_0045f024: mov eax, dword [esp + 8] add eax, eax jae near loc_0045f0b6 ; jae 0x45f0b6 xor eax, 0xe000000 test eax, 0xe000000 je short loc_0045f03f ; je 0x45f03f fdivp st1 ; fdivp st(1) ret loc_0045f03f: shr eax, 0x1c cmp byte [eax + ref_00489970], 0 ; cmp byte [eax + 0x489970], 0 jne short loc_0045f04e ; jne 0x45f04e fdivp st1 ; fdivp st(1) ret loc_0045f04e: mov eax, dword [esp + 0xc] and eax, 0x7fff je short loc_0045f0c0 ; je 0x45f0c0 cmp eax, 0x7fff je short loc_0045f0c0 ; je 0x45f0c0 fnstcw word [esp + 0x1c] mov eax, dword [esp + 0x1c] or eax, 0x33f and eax, 0xf3ff mov dword [esp + 0x20], eax fldcw word [esp + 0x20] mov eax, dword [esp + 0x18] and eax, 0x7fff cmp eax, 1 je short loc_0045f09f ; je 0x45f09f fmul dword [ref_00489980] ; fmul dword [0x489980] fxch st1 ; fxch st(1) fmul dword [ref_00489980] ; fmul dword [0x489980] fxch st1 ; fxch st(1) fldcw word [esp + 0x1c] fdivp st1 ; fdivp st(1) ret loc_0045f09f: fmul dword [ref_00489984] ; fmul dword [0x489984] fxch st1 ; fxch st(1) fmul dword [ref_00489984] ; fmul dword [0x489984] fxch st1 ; fxch st(1) fldcw word [esp + 0x1c] fdivp st1 ; fdivp st(1) ret loc_0045f0b6: mov eax, dword [esp + 4] or eax, dword [esp + 8] jne short loc_0045f0c3 ; jne 0x45f0c3 loc_0045f0c0: fdivp st1 ; fdivp st(1) ret loc_0045f0c3: mov eax, dword [esp + 0xc] and eax, 0x7fff jne short loc_0045f0c0 ; jne 0x45f0c0 fnstcw word [esp + 0x1c] mov eax, dword [esp + 0x1c] or eax, 0x33f and eax, 0xf3ff mov dword [esp + 0x20], eax fldcw word [esp + 0x20] mov eax, dword [esp + 0x18] and eax, 0x7fff je short loc_0045f104 ; je 0x45f104 cmp eax, 0x7fff je short loc_0045f12c ; je 0x45f12c mov eax, dword [esp + 0x14] add eax, eax jae short loc_0045f12c ; jae 0x45f12c jmp short loc_0045f10c ; jmp 0x45f10c loc_0045f104: mov eax, dword [esp + 0x14] add eax, eax jb short loc_0045f12c ; jb 0x45f12c loc_0045f10c: fxch st1 ; fxch st(1) fstp st0 ; fstp st(0) fld st0 ; fld st(0) fmul dword [ref_00489988] ; fmul dword [0x489988] fstp tword [esp + 4] ; fstp xword [esp + 4] fld tword [esp + 0x10] ; fld xword [esp + 0x10] fxch st1 ; fxch st(1) wait fldcw word [esp + 0x1c] jmp near loc_0045f024 ; jmp 0x45f024 loc_0045f12c: fldcw word [esp + 0x1c] fdivp st1 ; fdivp st(1) ret fcn_0045f133: sub esp, 0x2c jmp dword [eax*4 + ref_0048998c] ; ujmp: jmp dword [eax*4 + 0x48998c] loc_0045f13d: fdiv st0 ; fdiv st(0) add esp, 0x2c ret loc_0045f143: add esp, 0x2c int 6 loc_0045f148: fdivr st0 ; fdivr st(0) add esp, 0x2c ret loc_0045f14e: add esp, 0x2c int 6 loc_0045f153: fdiv st0 ; fdiv st(0) add esp, 0x2c ret loc_0045f159: fdivp st0 ; fdivp st(0) add esp, 0x2c ret loc_0045f15f: fdivr st0 ; fdivr st(0) add esp, 0x2c ret loc_0045f165: fdivrp st0 ; fdivrp st(0) add esp, 0x2c ret loc_0045f16b: fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fld st0 ; fld st(0) fstp tword [esp] ; fstp xword [esp] fstp tword [esp + 0x20] ; fstp xword [esp + 0x20] call fcn_0045f01c ; call 0x45f01c fld tword [esp + 0x20] ; fld xword [esp + 0x20] fxch st1 ; fxch st(1) add esp, 0x2c ret loc_0045f187: add esp, 0x2c int 6 loc_0045f18c: fstp tword [esp] ; fstp xword [esp] fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] call fcn_0045f01c ; call 0x45f01c fld tword [esp + 0xc] ; fld xword [esp + 0xc] fxch st1 ; fxch st(1) add esp, 0x2c ret loc_0045f1a2: add esp, 0x2c int 6 loc_0045f1a7: fxch st1 ; fxch st(1) fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fld st0 ; fld st(0) fstp tword [esp] ; fstp xword [esp] fstp tword [esp + 0x20] ; fstp xword [esp + 0x20] call fcn_0045f01c ; call 0x45f01c fld tword [esp + 0x20] ; fld xword [esp + 0x20] add esp, 0x2c ret loc_0045f1c3: fstp tword [esp] ; fstp xword [esp] fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] call fcn_0045f01c ; call 0x45f01c add esp, 0x2c ret loc_0045f1d3: fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fstp tword [esp] ; fstp xword [esp] call fcn_0045f01c ; call 0x45f01c fld tword [esp + 0xc] ; fld xword [esp + 0xc] add esp, 0x2c ret loc_0045f1e7: fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fstp tword [esp] ; fstp xword [esp] call fcn_0045f01c ; call 0x45f01c add esp, 0x2c ret loc_0045f1f7: fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fxch st1 ; fxch st(1) fld st0 ; fld st(0) fstp tword [esp] ; fstp xword [esp] fstp tword [esp + 0x20] ; fstp xword [esp + 0x20] call fcn_0045f01c ; call 0x45f01c fxch st1 ; fxch st(1) fld tword [esp + 0x20] ; fld xword [esp + 0x20] fxch st2 ; fxch st(2) add esp, 0x2c ret loc_0045f217: add esp, 0x2c int 6 loc_0045f21c: fstp tword [esp] ; fstp xword [esp] fxch st1 ; fxch st(1) fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] call fcn_0045f01c ; call 0x45f01c fxch st1 ; fxch st(1) fld tword [esp + 0xc] ; fld xword [esp + 0xc] fxch st2 ; fxch st(2) add esp, 0x2c ret loc_0045f236: add esp, 0x2c int 6 loc_0045f23b: fxch st2 ; fxch st(2) fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fxch st1 ; fxch st(1) fld st0 ; fld st(0) fstp tword [esp] ; fstp xword [esp] fstp tword [esp + 0x20] ; fstp xword [esp + 0x20] call fcn_0045f01c ; call 0x45f01c fxch st1 ; fxch st(1) fld tword [esp + 0x20] ; fld xword [esp + 0x20] add esp, 0x2c ret loc_0045f25b: fstp tword [esp] ; fstp xword [esp] fxch st1 ; fxch st(1) fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] call fcn_0045f01c ; call 0x45f01c fxch st1 ; fxch st(1) add esp, 0x2c ret loc_0045f26f: fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fxch st1 ; fxch st(1) fstp tword [esp] ; fstp xword [esp] call fcn_0045f01c ; call 0x45f01c fxch st1 ; fxch st(1) fld tword [esp + 0xc] ; fld xword [esp + 0xc] add esp, 0x2c ret loc_0045f287: fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fxch st1 ; fxch st(1) fstp tword [esp] ; fstp xword [esp] call fcn_0045f01c ; call 0x45f01c fxch st1 ; fxch st(1) add esp, 0x2c ret loc_0045f29b: fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fxch st2 ; fxch st(2) fld st0 ; fld st(0) fstp tword [esp] ; fstp xword [esp] fstp tword [esp + 0x20] ; fstp xword [esp + 0x20] call fcn_0045f01c ; call 0x45f01c fxch st2 ; fxch st(2) fld tword [esp + 0x20] ; fld xword [esp + 0x20] fxch st3 ; fxch st(3) add esp, 0x2c ret loc_0045f2bb: add esp, 0x2c int 6 loc_0045f2c0: fstp tword [esp] ; fstp xword [esp] fxch st2 ; fxch st(2) fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] call fcn_0045f01c ; call 0x45f01c fxch st2 ; fxch st(2) fld tword [esp + 0xc] ; fld xword [esp + 0xc] fxch st3 ; fxch st(3) add esp, 0x2c ret loc_0045f2da: add esp, 0x2c int 6 loc_0045f2df: fxch st3 ; fxch st(3) fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fxch st2 ; fxch st(2) fld st0 ; fld st(0) fstp tword [esp] ; fstp xword [esp] fstp tword [esp + 0x20] ; fstp xword [esp + 0x20] call fcn_0045f01c ; call 0x45f01c fxch st2 ; fxch st(2) fld tword [esp + 0x20] ; fld xword [esp + 0x20] add esp, 0x2c ret loc_0045f2ff: fstp tword [esp] ; fstp xword [esp] fxch st2 ; fxch st(2) fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] call fcn_0045f01c ; call 0x45f01c fxch st2 ; fxch st(2) add esp, 0x2c ret loc_0045f313: fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fxch st2 ; fxch st(2) fstp tword [esp] ; fstp xword [esp] call fcn_0045f01c ; call 0x45f01c fxch st2 ; fxch st(2) fld tword [esp + 0xc] ; fld xword [esp + 0xc] add esp, 0x2c ret loc_0045f32b: fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fxch st2 ; fxch st(2) fstp tword [esp] ; fstp xword [esp] call fcn_0045f01c ; call 0x45f01c fxch st2 ; fxch st(2) add esp, 0x2c ret loc_0045f33f: fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fxch st3 ; fxch st(3) fld st0 ; fld st(0) fstp tword [esp] ; fstp xword [esp] fstp tword [esp + 0x20] ; fstp xword [esp + 0x20] call fcn_0045f01c ; call 0x45f01c fxch st3 ; fxch st(3) fld tword [esp + 0x20] ; fld xword [esp + 0x20] fxch st4 ; fxch st(4) add esp, 0x2c ret loc_0045f35f: add esp, 0x2c int 6 loc_0045f364: fstp tword [esp] ; fstp xword [esp] fxch st3 ; fxch st(3) fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] call fcn_0045f01c ; call 0x45f01c fxch st3 ; fxch st(3) fld tword [esp + 0xc] ; fld xword [esp + 0xc] fxch st4 ; fxch st(4) add esp, 0x2c ret loc_0045f37e: add esp, 0x2c int 6 loc_0045f383: fxch st4 ; fxch st(4) fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fxch st3 ; fxch st(3) fld st0 ; fld st(0) fstp tword [esp] ; fstp xword [esp] fstp tword [esp + 0x20] ; fstp xword [esp + 0x20] call fcn_0045f01c ; call 0x45f01c fxch st3 ; fxch st(3) fld tword [esp + 0x20] ; fld xword [esp + 0x20] add esp, 0x2c ret loc_0045f3a3: fstp tword [esp] ; fstp xword [esp] fxch st3 ; fxch st(3) fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] call fcn_0045f01c ; call 0x45f01c fxch st3 ; fxch st(3) add esp, 0x2c ret loc_0045f3b7: fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fxch st3 ; fxch st(3) fstp tword [esp] ; fstp xword [esp] call fcn_0045f01c ; call 0x45f01c fxch st3 ; fxch st(3) fld tword [esp + 0xc] ; fld xword [esp + 0xc] add esp, 0x2c ret loc_0045f3cf: fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fxch st3 ; fxch st(3) fstp tword [esp] ; fstp xword [esp] call fcn_0045f01c ; call 0x45f01c fxch st3 ; fxch st(3) add esp, 0x2c ret loc_0045f3e3: fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fxch st4 ; fxch st(4) fld st0 ; fld st(0) fstp tword [esp] ; fstp xword [esp] fstp tword [esp + 0x20] ; fstp xword [esp + 0x20] call fcn_0045f01c ; call 0x45f01c fxch st4 ; fxch st(4) fld tword [esp + 0x20] ; fld xword [esp + 0x20] fxch st5 ; fxch st(5) add esp, 0x2c ret loc_0045f403: add esp, 0x2c int 6 loc_0045f408: fstp tword [esp] ; fstp xword [esp] fxch st4 ; fxch st(4) fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] call fcn_0045f01c ; call 0x45f01c fxch st4 ; fxch st(4) fld tword [esp + 0xc] ; fld xword [esp + 0xc] fxch st5 ; fxch st(5) add esp, 0x2c ret loc_0045f422: add esp, 0x2c int 6 loc_0045f427: fxch st5 ; fxch st(5) fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fxch st4 ; fxch st(4) fld st0 ; fld st(0) fstp tword [esp] ; fstp xword [esp] fstp tword [esp + 0x20] ; fstp xword [esp + 0x20] call fcn_0045f01c ; call 0x45f01c fxch st4 ; fxch st(4) fld tword [esp + 0x20] ; fld xword [esp + 0x20] add esp, 0x2c ret loc_0045f447: fstp tword [esp] ; fstp xword [esp] fxch st4 ; fxch st(4) fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] call fcn_0045f01c ; call 0x45f01c fxch st4 ; fxch st(4) add esp, 0x2c ret loc_0045f45b: fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fxch st4 ; fxch st(4) fstp tword [esp] ; fstp xword [esp] call fcn_0045f01c ; call 0x45f01c fxch st4 ; fxch st(4) fld tword [esp + 0xc] ; fld xword [esp + 0xc] add esp, 0x2c ret loc_0045f473: fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fxch st4 ; fxch st(4) fstp tword [esp] ; fstp xword [esp] call fcn_0045f01c ; call 0x45f01c fxch st4 ; fxch st(4) add esp, 0x2c ret loc_0045f487: fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fxch st5 ; fxch st(5) fld st0 ; fld st(0) fstp tword [esp] ; fstp xword [esp] fstp tword [esp + 0x20] ; fstp xword [esp + 0x20] call fcn_0045f01c ; call 0x45f01c fxch st5 ; fxch st(5) fld tword [esp + 0x20] ; fld xword [esp + 0x20] fxch st6 ; fxch st(6) add esp, 0x2c ret loc_0045f4a7: add esp, 0x2c int 6 loc_0045f4ac: fstp tword [esp] ; fstp xword [esp] fxch st5 ; fxch st(5) fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] call fcn_0045f01c ; call 0x45f01c fxch st5 ; fxch st(5) fld tword [esp + 0xc] ; fld xword [esp + 0xc] fxch st6 ; fxch st(6) add esp, 0x2c ret loc_0045f4c6: add esp, 0x2c int 6 loc_0045f4cb: fxch st6 ; fxch st(6) fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fxch st5 ; fxch st(5) fld st0 ; fld st(0) fstp tword [esp] ; fstp xword [esp] fstp tword [esp + 0x20] ; fstp xword [esp + 0x20] call fcn_0045f01c ; call 0x45f01c fxch st5 ; fxch st(5) fld tword [esp + 0x20] ; fld xword [esp + 0x20] add esp, 0x2c ret loc_0045f4eb: fstp tword [esp] ; fstp xword [esp] fxch st5 ; fxch st(5) fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] call fcn_0045f01c ; call 0x45f01c fxch st5 ; fxch st(5) add esp, 0x2c ret loc_0045f4ff: fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fxch st5 ; fxch st(5) fstp tword [esp] ; fstp xword [esp] call fcn_0045f01c ; call 0x45f01c fxch st5 ; fxch st(5) fld tword [esp + 0xc] ; fld xword [esp + 0xc] add esp, 0x2c ret loc_0045f517: fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fxch st5 ; fxch st(5) fstp tword [esp] ; fstp xword [esp] call fcn_0045f01c ; call 0x45f01c fxch st5 ; fxch st(5) add esp, 0x2c ret loc_0045f52b: fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fxch st6 ; fxch st(6) fld st0 ; fld st(0) fstp tword [esp] ; fstp xword [esp] fstp tword [esp + 0x20] ; fstp xword [esp + 0x20] call fcn_0045f01c ; call 0x45f01c fxch st6 ; fxch st(6) fld tword [esp + 0x20] ; fld xword [esp + 0x20] fxch st7 ; fxch st(7) add esp, 0x2c ret loc_0045f54b: add esp, 0x2c int 6 loc_0045f550: fstp tword [esp] ; fstp xword [esp] fxch st6 ; fxch st(6) fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] call fcn_0045f01c ; call 0x45f01c fxch st6 ; fxch st(6) fld tword [esp + 0xc] ; fld xword [esp + 0xc] fxch st7 ; fxch st(7) add esp, 0x2c ret loc_0045f56a: add esp, 0x2c int 6 loc_0045f56f: fxch st7 ; fxch st(7) fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fxch st6 ; fxch st(6) fld st0 ; fld st(0) fstp tword [esp] ; fstp xword [esp] fstp tword [esp + 0x20] ; fstp xword [esp + 0x20] call fcn_0045f01c ; call 0x45f01c fxch st6 ; fxch st(6) fld tword [esp + 0x20] ; fld xword [esp + 0x20] add esp, 0x2c ret loc_0045f58f: fstp tword [esp] ; fstp xword [esp] fxch st6 ; fxch st(6) fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] call fcn_0045f01c ; call 0x45f01c fxch st6 ; fxch st(6) add esp, 0x2c ret loc_0045f5a3: fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fxch st6 ; fxch st(6) fstp tword [esp] ; fstp xword [esp] call fcn_0045f01c ; call 0x45f01c fxch st6 ; fxch st(6) fld tword [esp + 0xc] ; fld xword [esp + 0xc] add esp, 0x2c ret loc_0045f5bb: fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fxch st6 ; fxch st(6) fstp tword [esp] ; fstp xword [esp] call fcn_0045f01c ; call 0x45f01c fxch st6 ; fxch st(6) add esp, 0x2c ret fcn_0045f5cf: sub esp, 0x2c fstp tword [esp] ; fstp xword [esp] fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] call fcn_0045f01c ; call 0x45f01c add esp, 0x2c ret fcn_0045f5e2: sub esp, 0x2c fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fstp tword [esp] ; fstp xword [esp] call fcn_0045f01c ; call 0x45f01c add esp, 0x2c ret endloc_0045f5f5: db 0x83 db 0xec db 0x2c dd 0x0c247cdb dd 0xe8243cdb dd 0xfffffa18 dd 0xc32cc483 dd 0x24448b50 dd 0x00002508 dd 0x003d7f80 dd 0x747f8000 dd 0x25e0df33 dd 0x00003800 dd 0x44d90d74 dd 0xa4e80824 dd 0x58ffffff dd 0xd90004c2 dd 0x0cec83c9 dd 0xd9243cdb dd 0xe8142444 dd 0xffffff8f dd 0xd9242cdb dd 0x0cc483c9 dd 0x0004c258 dd 0x082474d8 dd 0x0004c258 fcn_0045f654: push eax mov eax, dword [esp + 0xc] and eax, 0x7ff00000 cmp eax, 0x7ff00000 je short loc_0045f698 ; je 0x45f698 fnstsw ax and eax, 0x3800 je short loc_0045f67b ; je 0x45f67b fld qword [esp + 8] call fcn_0045f5cf ; call 0x45f5cf pop eax ret 8 loc_0045f67b: fxch st1 ; fxch st(1) sub esp, 0xc fstp tword [esp] ; fstp xword [esp] fld qword [esp + 0x14] call fcn_0045f5cf ; call 0x45f5cf fld tword [esp] ; fld xword [esp] fxch st1 ; fxch st(1) add esp, 0xc pop eax ret 8 loc_0045f698: fdiv qword [esp + 8] pop eax ret 8 fcn_0045f8cf: call dword [ref_00488f90] ; ucall: call dword [0x488f90] call fcn_0045aba4 ; call 0x45aba4 cmp dword [ref_004991c0], 0 ; cmp dword [0x4991c0], 0 jne short loc_0045f8ed ; jne 0x45f8ed push 1 call __NTRemoveThread ; call 0x45a324 add esp, 4 loc_0045f8ed: push 0 call dword [cs:__imp__ExitThread@4] ; ucall: call dword cs:[0x462368] ret fcn_0045f8f7: push ebx push esi mov eax, dword [esp + 0xc] mov edx, dword [esp + 0x10] mov ebx, dword [esp + 0x14] mov esi, eax jmp short loc_0045f914 ; jmp 0x45f914 loc_0045f909: mov cl, byte [edx] test cl, cl je short loc_0045f918 ; je 0x45f918 inc edx dec ebx mov byte [eax], cl inc eax loc_0045f914: test ebx, ebx jne short loc_0045f909 ; jne 0x45f909 loc_0045f918: test ebx, ebx je short loc_0045f923 ; je 0x45f923 dec ebx mov byte [eax], 0 inc eax jmp short loc_0045f918 ; jmp 0x45f918 loc_0045f923: mov eax, esi pop esi pop ebx ret fcn_0045f928: push ebx push esi push edi push ebp sub esp, 0xc mov edi, dword [esp + 0x28] mov edx, dword [esp + 0x24] test edx, edx je short loc_0045f941 ; je 0x45f941 mov eax, dword [esp + 0x20] mov dword [edx], eax loc_0045f941: mov ebx, dword [esp + 0x20] loc_0045f945: mov al, byte [ebx] inc al and eax, 0xff test byte [eax + ref_00489370], 2 ; test byte [eax + 0x489370], 2 je short loc_0045f95a ; je 0x45f95a inc ebx jmp short loc_0045f945 ; jmp 0x45f945 loc_0045f95a: mov al, byte [ebx] mov byte [esp + 4], al cmp al, 0x2b je short loc_0045f968 ; je 0x45f968 cmp al, 0x2d jne short loc_0045f969 ; jne 0x45f969 loc_0045f968: inc ebx loc_0045f969: test edi, edi jne short loc_0045f997 ; jne 0x45f997 cmp byte [ebx], 0x30 jne short loc_0045f984 ; jne 0x45f984 mov al, byte [ebx + 1] cmp al, 0x78 je short loc_0045f97d ; je 0x45f97d cmp al, 0x58 jne short loc_0045f984 ; jne 0x45f984 loc_0045f97d: mov edi, 0x10 jmp short loc_0045f9b7 ; jmp 0x45f9b7 loc_0045f984: cmp byte [ebx], 0x30 jne short loc_0045f990 ; jne 0x45f990 mov edi, 8 jmp short loc_0045f9cc ; jmp 0x45f9cc loc_0045f990: mov edi, 0xa jmp short loc_0045f9cc ; jmp 0x45f9cc loc_0045f997: cmp edi, 2 jl short loc_0045f9a1 ; jl 0x45f9a1 cmp edi, 0x24 jle short loc_0045f9b2 ; jle 0x45f9b2 loc_0045f9a1: push 0xd call fcn_00458de7 ; call 0x458de7 add esp, 4 xor eax, eax jmp near loc_0045fa7a ; jmp 0x45fa7a loc_0045f9b2: cmp edi, 0x10 jne short loc_0045f9cc ; jne 0x45f9cc loc_0045f9b7: cmp byte [ebx], 0x30 jne short loc_0045f9cc ; jne 0x45f9cc mov cl, byte [ebx + 1] cmp cl, 0x78 je short loc_0045f9c9 ; je 0x45f9c9 cmp cl, 0x58 jne short loc_0045f9cc ; jne 0x45f9cc loc_0045f9c9: add ebx, 2 loc_0045f9cc: mov dword [esp], ebx mov ebp, edi xor al, al xor esi, esi mov byte [esp + 8], al shl ebp, 2 loc_0045f9dc: xor eax, eax mov al, byte [ebx] push eax call fcn_0045faa3 ; call 0x45faa3 add esp, 4 mov edx, eax cmp eax, edi jge short loc_0045fa0f ; jge 0x45fa0f cmp esi, dword [ebp + ref_00489734] ; cmp esi, dword [ebp + 0x489734] jbe short loc_0045f9fc ; jbe 0x45f9fc mov byte [esp + 8], 1 loc_0045f9fc: mov eax, esi imul esi, edi add esi, edx cmp esi, eax jae short loc_0045fa0c ; jae 0x45fa0c mov byte [esp + 8], 1 loc_0045fa0c: inc ebx jmp short loc_0045f9dc ; jmp 0x45f9dc loc_0045fa0f: cmp ebx, dword [esp] jne short loc_0045fa18 ; jne 0x45fa18 mov ebx, dword [esp + 0x20] loc_0045fa18: mov ebp, dword [esp + 0x24] test ebp, ebp je short loc_0045fa23 ; je 0x45fa23 mov dword [ebp], ebx loc_0045fa23: cmp dword [esp + 0x2c], 1 jne short loc_0045fa3b ; jne 0x45fa3b cmp esi, 0x80000000 jb short loc_0045fa3b ; jb 0x45fa3b jne short loc_0045fa42 ; jne 0x45fa42 cmp byte [esp + 4], 0x2d jne short loc_0045fa42 ; jne 0x45fa42 loc_0045fa3b: cmp byte [esp + 8], 0 je short loc_0045fa6f ; je 0x45fa6f loc_0045fa42: push 0xe call fcn_00458de7 ; call 0x458de7 add esp, 4 cmp dword [esp + 0x2c], 0 jne short loc_0045fa5a ; jne 0x45fa5a mov eax, 0xffffffff jmp short loc_0045fa7a ; jmp 0x45fa7a loc_0045fa5a: cmp byte [esp + 4], 0x2d jne short loc_0045fa68 ; jne 0x45fa68 mov eax, 0x80000000 jmp short loc_0045fa7a ; jmp 0x45fa7a loc_0045fa68: mov eax, 0x7fffffff jmp short loc_0045fa7a ; jmp 0x45fa7a loc_0045fa6f: cmp byte [esp + 4], 0x2d jne short loc_0045fa78 ; jne 0x45fa78 neg esi loc_0045fa78: mov eax, esi loc_0045fa7a: add esp, 0xc pop ebp pop edi pop esi pop ebx ret endloc_0045fa82: db 0x53 db 0x6a db 0x00 loc_0045fa85: mov edx, dword [esp + 0x14] push edx mov ebx, dword [esp + 0x14] push ebx mov ecx, dword [esp + 0x14] push ecx call fcn_0045f928 ; call 0x45f928 add esp, 0x10 pop ebx ret fcn_0045fa9e: push ebx push 1 jmp short loc_0045fa85 ; jmp 0x45fa85 fcn_0045faa3: mov al, byte [esp + 4] cmp al, 0x30 jb short loc_0045fab8 ; jb 0x45fab8 cmp al, 0x39 ja short loc_0045fab8 ; ja 0x45fab8 and eax, 0xff sub eax, 0x30 ret loc_0045fab8: and eax, 0xff push eax call fcn_00458e22 ; call 0x458e22 mov edx, eax add esp, 4 cmp al, 0x61 jb short loc_0045fad8 ; jb 0x45fad8 cmp al, 0x69 ja short loc_0045fad8 ; ja 0x45fad8 xor eax, eax mov al, dl sub eax, 0x57 ret loc_0045fad8: cmp al, 0x6a jb short loc_0045fae9 ; jb 0x45fae9 cmp al, 0x72 ja short loc_0045fae9 ; ja 0x45fae9 loc_0045fae0: and eax, 0xff sub eax, 0x57 ret loc_0045fae9: cmp al, 0x73 jb short loc_0045faf1 ; jb 0x45faf1 cmp al, 0x7a jbe short loc_0045fae0 ; jbe 0x45fae0 loc_0045faf1: mov eax, 0x25 ret fcn_0045faf7: push ebx push esi push edi push ebp sub esp, 0x14 mov edx, 2 push 0x3d mov ecx, dword [esp + 0x2c] mov ebx, 1 push ecx mov dword [esp + 0xc], edx mov dword [esp + 8], ebx call fcn_00460015 ; call 0x460015 mov ebp, eax add esp, 8 test eax, eax jne short loc_0045fb2f ; jne 0x45fb2f loc_0045fb25: mov eax, 0xffffffff jmp near loc_0045fc72 ; jmp 0x45fc72 loc_0045fb2f: mov esi, dword [esp + 0x28] cmp eax, esi je short loc_0045fb25 ; je 0x45fb25 sub eax, esi mov dword [esp + 0x10], eax add eax, ebx push eax call fcn_00456f80 ; call 0x456f80 add esp, 4 mov ebx, eax mov dword [esp + 8], eax test eax, eax je short loc_0045fb25 ; je 0x45fb25 mov ecx, dword [esp + 0x10] mov edi, eax push es mov eax, ds mov es, eax push edi mov eax, ecx shr ecx, 2 repne movsd mov cl, al and cl, 3 repne movsb ; repne movsb byte es:[edi], byte ptr [esi] pop edi pop es lea esi, [ebp + 1] mov eax, dword [esp + 0x10] push esi mov byte [ebx + eax], 0 call fcn_00460084 ; call 0x460084 mov ebp, eax add esp, 4 test eax, eax je short loc_0045fbcc ; je 0x45fbcc inc eax push eax call fcn_00456f80 ; call 0x456f80 add esp, 4 mov edx, eax mov dword [esp + 0xc], eax test eax, eax jne short loc_0045fbac ; jne 0x45fbac loc_0045fb9c: push ebx call clib_free ; call 0x456e11 loc_0045fba2: mov eax, 0xffffffff jmp near loc_0045fc6f ; jmp 0x45fc6f loc_0045fbac: mov ecx, ebp mov edi, eax push es mov eax, ds mov es, eax push edi mov eax, ecx shr ecx, 2 repne movsd mov cl, al and cl, 3 repne movsb ; repne movsb byte es:[edi], byte ptr [esi] pop edi pop es mov byte [edx + ebp], 0 jmp short loc_0045fbd0 ; jmp 0x45fbd0 loc_0045fbcc: mov dword [esp + 0xc], eax loc_0045fbd0: mov eax, dword [esp + 0xc] push eax mov edx, dword [esp + 0xc] push edx call dword [cs:__imp__SetEnvironmentVariableA@8] ; ucall: call dword cs:[0x4623f8] mov ecx, dword [esp + 8] push ecx mov ebx, eax call clib_free ; call 0x456e11 add esp, 4 mov esi, dword [esp + 0xc] push esi call clib_free ; call 0x456e11 add esp, 4 test ebx, ebx je near loc_0045fb25 ; je 0x45fb25 mov edi, dword [esp + 0x28] push edi call fcn_0045fc7a ; call 0x45fc7a add esp, 4 test eax, eax jne near loc_0045fb25 ; jne 0x45fb25 cmp dword [ref_00499948], 0 ; cmp dword [0x499948], 0 je short loc_0045fc72 ; je 0x45fc72 push edi call fcn_00460084 ; call 0x460084 add esp, 4 lea esi, [eax + 1] mov eax, dword [esp + 4] imul eax, esi push eax call fcn_00456f80 ; call 0x456f80 mov ebx, eax add esp, 4 test eax, eax jne short loc_0045fc51 ; jne 0x45fc51 push 5 call fcn_0045be3d ; call 0x45be3d jmp near loc_0045fba2 ; jmp 0x45fba2 loc_0045fc51: imul esi, dword [esp] push esi push edi push eax call fcn_004600ac ; call 0x4600ac add esp, 0xc cmp eax, 0xffffffff je near loc_0045fb9c ; je 0x45fb9c push ebx call fcn_0046028e ; call 0x46028e loc_0045fc6f: add esp, 4 loc_0045fc72: add esp, 0x14 pop ebp pop edi pop esi pop ebx ret fcn_0045fc7a: push ebx push esi push edi push ebp sub esp, 8 mov edx, dword [esp + 0x1c] test edx, edx jne short loc_0045fc93 ; jne 0x45fc93 loc_0045fc89: mov eax, 0xffffffff jmp near loc_0045fde2 ; jmp 0x45fde2 loc_0045fc93: cmp byte [edx], 0 je short loc_0045fca9 ; je 0x45fca9 lea eax, [edx + 1] jmp short loc_0045fca3 ; jmp 0x45fca3 loc_0045fc9d: cmp bh, 0x3d je short loc_0045fca9 ; je 0x45fca9 inc eax loc_0045fca3: mov bh, byte [eax] test bh, bh jne short loc_0045fc9d ; jne 0x45fc9d loc_0045fca9: cmp byte [eax], 0 je short loc_0045fc89 ; je 0x45fc89 cmp byte [eax + 1], 0 sete al mov ebx, dword [ref_00499944] ; mov ebx, dword [0x499944] movzx ebp, al test ebx, ebx jne short loc_0045fcf1 ; jne 0x45fcf1 test ebp, ebp jne near loc_0045fde0 ; jne 0x45fde0 push 9 call fcn_00456f80 ; call 0x456f80 add esp, 4 mov ebx, eax test eax, eax je short loc_0045fc89 ; je 0x45fc89 mov dword [ref_00499944], eax ; mov dword [0x499944], eax mov dword [eax], ebp add eax, 8 mov dword [eax - 4], ebp mov dword [ref_00499940], eax ; mov dword [0x499940], eax jmp near loc_0045fdca ; jmp 0x45fdca loc_0045fcf1: push ebp mov ecx, dword [esp + 0x20] push ecx call fcn_0045fdea ; call 0x45fdea add esp, 8 test ebp, ebp jne near loc_0045fde0 ; jne 0x45fde0 test eax, eax jg near loc_0045fdc7 ; jg 0x45fdc7 neg eax mov ebp, eax mov edx, dword [ref_00499940] ; mov edx, dword [0x499940] mov esi, ebp inc eax shl esi, 2 mov dword [esp], eax lea eax, [esi + 8] mov edi, dword [esp] mov dword [esp + 4], eax add eax, edi test edx, edx jne short loc_0045fd84 ; jne 0x45fd84 push eax call fcn_00456f80 ; call 0x456f80 mov edx, eax add esp, 4 mov ebx, eax test eax, eax je near loc_0045fc89 ; je 0x45fc89 mov eax, dword [ref_00499944] ; mov eax, dword [0x499944] mov ecx, esi mov edi, edx mov esi, eax push es mov eax, ds mov es, eax push edi mov eax, ecx shr ecx, 2 repne movsd mov cl, al and cl, 3 repne movsb ; repne movsb byte es:[edi], byte ptr [esi] pop edi pop es mov esi, dword [esp] push esi mov eax, dword [esp + 8] push 0 add eax, edx push eax mov dword [ref_00499940], eax ; mov dword [0x499940], eax call memset ; call 0x456f60 add esp, 0xc jmp short loc_0045fdb5 ; jmp 0x45fdb5 loc_0045fd84: push eax push ebx call fcn_0045c585 ; call 0x45c585 add esp, 8 mov ebx, eax test eax, eax je near loc_0045fc89 ; je 0x45fc89 push ebp mov ecx, dword [ref_00499940] ; mov ecx, dword [0x499940] mov esi, dword [esp + 8] push ecx add esi, eax push esi call fcn_004604f4 ; call 0x4604f4 add esp, 0xc mov dword [ref_00499940], esi ; mov dword [0x499940], esi loc_0045fdb5: mov eax, ebp mov dword [ref_00499944], ebx ; mov dword [0x499944], ebx mov dword [ebx + eax*4 + 4], 0 jmp short loc_0045fdca ; jmp 0x45fdca loc_0045fdc7: lea ebp, [eax - 1] loc_0045fdca: mov eax, ebp shl eax, 2 add ebx, eax mov eax, dword [esp + 0x1c] mov dword [ebx], eax mov eax, dword [ref_00499940] ; mov eax, dword [0x499940] mov byte [eax + ebp], 0 loc_0045fde0: xor eax, eax loc_0045fde2: add esp, 8 pop ebp pop edi pop esi pop ebx ret fcn_0045fdea: push ebx push esi push edi push ebp mov ebp, dword [ref_00499944] ; mov ebp, dword [0x499944] jmp near loc_0045fec7 ; jmp 0x45fec7 loc_0045fdf9: mov esi, dword [esp + 0x14] jmp near loc_0045febb ; jmp 0x45febb loc_0045fe02: xor eax, eax mov al, byte [ebx] push eax call fcn_0045d016 ; call 0x45d016 mov edi, eax xor eax, eax add esp, 4 mov al, byte [esi] push eax call fcn_0045d016 ; call 0x45d016 add esp, 4 cmp edi, eax jne near loc_0045fec4 ; jne 0x45fec4 cmp byte [ebx], 0x3d jne near loc_0045feb9 ; jne 0x45feb9 mov edx, dword [ref_00499944] ; mov edx, dword [0x499944] mov esi, ebp sub esi, edx mov ebx, dword [esp + 0x18] sar esi, 2 test ebx, ebx je near loc_0045feb1 ; je 0x45feb1 mov ebx, ebp mov edi, dword [ebp] jmp short loc_0045fe57 ; jmp 0x45fe57 loc_0045fe4f: mov eax, dword [ebx + 4] mov dword [ebx], eax add ebx, 4 loc_0045fe57: cmp dword [ebx], 0 jne short loc_0045fe4f ; jne 0x45fe4f mov ebp, dword [ref_00499940] ; mov ebp, dword [0x499940] test ebp, ebp je short loc_0045feaa ; je 0x45feaa mov eax, ebp cmp byte [esi + eax], 0 je short loc_0045fe77 ; je 0x45fe77 push edi call clib_free ; call 0x456e11 add esp, 4 loc_0045fe77: mov eax, dword [ref_00499944] ; mov eax, dword [0x499944] mov edi, ebx sub edi, eax sar edi, 2 push edi mov edx, dword [ref_00499940] ; mov edx, dword [0x499940] push edx push ebx call fcn_004604f4 ; call 0x4604f4 add esp, 0xc mov dword [ref_00499940], ebx ; mov dword [0x499940], ebx lea eax, [esi + ebx] jmp short loc_0045fea6 ; jmp 0x45fea6 loc_0045fe9f: mov bl, byte [eax + 1] inc esi mov byte [eax], bl inc eax loc_0045fea6: cmp esi, edi jl short loc_0045fe9f ; jl 0x45fe9f loc_0045feaa: xor eax, eax pop ebp pop edi pop esi pop ebx ret loc_0045feb1: lea eax, [esi + 1] pop ebp pop edi pop esi pop ebx ret loc_0045feb9: inc ebx inc esi loc_0045febb: cmp byte [esi], 0 jne near loc_0045fe02 ; jne 0x45fe02 loc_0045fec4: add ebp, 4 loc_0045fec7: mov ebx, dword [ebp] test ebx, ebx jne near loc_0045fdf9 ; jne 0x45fdf9 mov eax, dword [ref_00499944] ; mov eax, dword [0x499944] sub eax, ebp sar eax, 2 pop ebp pop edi pop esi pop ebx ret fcn_0045fee1: push ebx mov edx, dword [esp + 8] mov eax, dword [esp + 0xc] cmp dword [ref_00499958], 0 ; cmp dword [0x499958], 0 je short loc_0045ff14 ; je 0x45ff14 xor ebx, ebx mov bl, byte [eax] mov bl, byte [ebx + ref_0049995d] ; mov bl, byte [ebx + 0x49995d] and bl, 1 and ebx, 0xff je short loc_0045ff14 ; je 0x45ff14 mov bl, byte [eax] mov byte [edx], bl mov al, byte [eax + 1] mov byte [edx + 1], al pop ebx ret loc_0045ff14: mov al, byte [eax] mov byte [edx], al pop ebx ret fcn_0045ff1a: cmp dword [ref_00499958], 0 ; cmp dword [0x499958], 0 je short loc_0045ff40 ; je 0x45ff40 mov edx, dword [esp + 4] xor eax, eax mov al, byte [edx] mov al, byte [eax + ref_0049995d] ; mov al, byte [eax + 0x49995d] and al, 1 and eax, 0xff je short loc_0045ff40 ; je 0x45ff40 mov eax, 2 ret loc_0045ff40: mov eax, 1 ret fcn_0045ff46: push ebx sub esp, 4 mov ebx, dword [esp + 0xc] loc_0045ff4e: push ebx call fcn_0045ed05 ; call 0x45ed05 add esp, 4 test eax, eax jne short loc_0045ffa2 ; jne 0x45ffa2 push ebx call fcn_00460546 ; call 0x460546 add esp, 4 push eax call fcn_00460582 ; call 0x460582 add esp, 4 mov edx, esp push edx push eax call fcn_004605fd ; call 0x4605fd add esp, 8 mov eax, esp push eax call fcn_0045ff1a ; call 0x45ff1a add esp, 4 xor dl, dl mov byte [esp + eax], dl mov eax, esp push eax push ebx call fcn_0045fee1 ; call 0x45fee1 add esp, 8 push ebx call fcn_0045edbd ; call 0x45edbd add esp, 4 mov ebx, eax jmp short loc_0045ff4e ; jmp 0x45ff4e loc_0045ffa2: mov eax, dword [esp + 0xc] add esp, 4 pop ebx ret fcn_0045ffab: push ebx mov eax, dword [esp + 8] mov edx, dword [esp + 0xc] mov bl, byte [eax] cmp bl, byte [edx] jne short loc_0045fff9 ; jne 0x45fff9 cmp dword [ref_00499958], 0 ; cmp dword [0x499958], 0 je short loc_0045ffe2 ; je 0x45ffe2 xor ebx, ebx mov bl, byte [eax] mov bl, byte [ebx + ref_0049995d] ; mov bl, byte [ebx + 0x49995d] and bl, 1 and ebx, 0xff je short loc_0045ffe2 ; je 0x45ffe2 mov bl, byte [eax + 1] mov cl, byte [edx + 1] cmp bl, cl jne short loc_0045ffe6 ; jne 0x45ffe6 loc_0045ffe2: xor eax, eax pop ebx ret loc_0045ffe6: mov al, bl and eax, 0xff mov dl, cl and edx, 0xff sub eax, edx pop ebx ret loc_0045fff9: xor ebx, ebx mov bl, byte [eax] xor eax, eax mov al, byte [edx] sub ebx, eax mov eax, ebx pop ebx ret loc_00460007: xor eax, eax ret fcn_0046000a: push eax call dword [ref_00489367] ; ucall: call dword [0x489367] add esp, 4 ret fcn_00460015: push ebx sub esp, 4 mov ebx, dword [esp + 0xc] mov eax, esp push eax mov edx, dword [esp + 0x14] push edx call fcn_004605fd ; call 0x4605fd add esp, 8 mov eax, esp push eax call fcn_0045ff1a ; call 0x45ff1a add esp, 4 xor dl, dl mov byte [esp + eax], dl loc_0046003d: push ebx call fcn_0045ed05 ; call 0x45ed05 add esp, 4 test eax, eax jne short loc_00460067 ; jne 0x460067 mov eax, esp push eax push ebx call fcn_0045ffab ; call 0x45ffab add esp, 8 test eax, eax je short loc_00460067 ; je 0x460067 push ebx call fcn_0045edbd ; call 0x45edbd mov ebx, eax add esp, 4 jmp short loc_0046003d ; jmp 0x46003d loc_00460067: push ebx call fcn_0045ed05 ; call 0x45ed05 add esp, 4 test eax, eax je short loc_0046007d ; je 0x46007d cmp dword [esp + 0x10], 0 je short loc_0046007d ; je 0x46007d xor ebx, ebx loc_0046007d: mov eax, ebx add esp, 4 pop ebx ret fcn_00460084: push ebx push esi mov ebx, dword [esp + 0xc] xor esi, esi loc_0046008c: push ebx call fcn_0045ed05 ; call 0x45ed05 add esp, 4 test eax, eax jne short loc_004600a7 ; jne 0x4600a7 push ebx call fcn_0045edbd ; call 0x45edbd inc esi add esp, 4 mov ebx, eax jmp short loc_0046008c ; jmp 0x46008c loc_004600a7: mov eax, esi pop esi pop ebx ret fcn_004600ac: push ebx push esi push edi push ebp mov edi, dword [esp + 0x14] mov ebx, dword [esp + 0x18] mov ebp, dword [esp + 0x1c] xor esi, esi test edi, edi je short loc_004600fa ; je 0x4600fa loc_004600c2: test ebp, ebp jbe short loc_0046011f ; jbe 0x46011f cmp byte [ebx], 0 je short loc_004600e1 ; je 0x4600e1 push 2 push ebx push edi call fcn_0046061b ; call 0x46061b add esp, 0xc cmp eax, 0xffffffff jne short loc_004600e8 ; jne 0x4600e8 pop ebp pop edi pop esi pop ebx ret loc_004600e1: mov word [edi], 0 jmp short loc_0046011f ; jmp 0x46011f loc_004600e8: push ebx dec ebp call fcn_0045edbd ; call 0x45edbd add edi, 2 inc esi add esp, 4 mov ebx, eax jmp short loc_004600c2 ; jmp 0x4600c2 loc_004600fa: cmp byte [ebx], 0 je short loc_0046011f ; je 0x46011f push 2 push ebx push 0 call fcn_0046061b ; call 0x46061b add esp, 0xc cmp eax, 0xffffffff je short loc_00460121 ; je 0x460121 push ebx call fcn_0045edbd ; call 0x45edbd inc esi add esp, 4 mov ebx, eax jmp short loc_004600fa ; jmp 0x4600fa loc_0046011f: mov eax, esi loc_00460121: pop ebp pop edi pop esi pop ebx ret endloc_00460126: db 0x53 db 0x56 dd 0xec835557 dd 0x247c8b14 dd 0xba3d6a28 dd 0x00000002 dd 0x24548957 dd 0x24548908 dd 0x0575e80c dd 0xc6890000 dd 0x8508c483 dd 0xb80a75c0 dd 0xffffffff dd 0x00012de9 dd 0x74f83900 dd 0x29c589f2 dd 0x01fdd1fd dd 0x02458ded dd 0x6e12e850 dd 0xc483ffff dd 0x89c38904 dd 0x85082444 dd 0x55d474c0 dd 0x65e85057 dd 0x83ffff6c dd 0xc6830cc4 dd 0xc7665602 dd 0x00002b04 dd 0x10247489 dd 0xffc845e8 dd 0x04c483ff dd 0x4874c085 dd 0x4489c001 dd 0xc0831024 dd 0xd1e85002 dd 0x89ffff6d dd 0x04c483c6 dd 0xc085c589 dd 0xe8531075 dd 0xffff6c51 dd 0xffffffb8 dd 0x00b9e9ff dd 0x448b0000 dd 0x8b501024 dd 0x52102454 dd 0x6c0ee856 dd 0xc483ffff dd 0x2474030c dd 0x06c76610 dd 0x02eb0000 dd 0x8b55ed31 dd 0x510c244c dd 0x0004e9e8 dd 0x08c48300 dd 0x0824748b dd 0xe8c38956 dd 0xffff6c0d dd 0x5504c483 dd 0xff6c04e8 dd 0x04c483ff dd 0x840fdb85 dd 0xffffff37 db 0x83 db 0x3d dd ref_00499948 db 0x00 db 0x75 dd 0x059de805 dd 0xe8570000 dd 0x00000062 dd 0x8504c483 dd 0x18850fc0 dd 0x57ffffff dd 0xffc7a1e8 dd 0x04c483ff dd 0x8b01708d dd 0xaf0f2404 dd 0x31e850c6 dd 0x89ffff6d dd 0x04c483c3 dd 0x0c75c085 dd 0xdee8056a dd 0xe9ffffbb dd 0xffffff5c dd 0x2474af0f dd 0x53575604 dd 0x0005b0e8 dd 0x0cc48300 dd 0x0ffff883 dd 0xffff3d84 dd 0xf7e853ff dd 0x83fffff9 dd 0xc48304c4 dd 0x5e5f5d14 db 0x5b db 0xc3 fcn_0046028e: push ebx push esi push edi push ebp sub esp, 8 mov edx, dword [esp + 0x1c] test edx, edx jne short loc_004602a7 ; jne 0x4602a7 loc_0046029d: mov eax, 0xffffffff jmp near loc_004603ec ; jmp 0x4603ec loc_004602a7: cmp word [edx], 0 je short loc_004602c4 ; je 0x4602c4 mov eax, dword [esp + 0x1c] jmp short loc_004602b9 ; jmp 0x4602b9 loc_004602b3: cmp bx, 0x3d je short loc_004602c4 ; je 0x4602c4 loc_004602b9: add eax, 2 mov bx, word [eax] test bx, bx jne short loc_004602b3 ; jne 0x4602b3 loc_004602c4: cmp word [eax], 0 je short loc_0046029d ; je 0x46029d cmp word [eax + 2], 0 sete al mov ebx, dword [ref_00499948] ; mov ebx, dword [0x499948] movzx esi, al test ebx, ebx jne short loc_0046030e ; jne 0x46030e test esi, esi jne near loc_004603ea ; jne 0x4603ea push 9 call fcn_00456f80 ; call 0x456f80 add esp, 4 mov ebx, eax test eax, eax je short loc_0046029d ; je 0x46029d mov dword [ref_00499948], eax ; mov dword [0x499948], eax mov dword [eax], esi add eax, 8 mov dword [eax - 4], esi mov dword [ref_00499940], eax ; mov dword [0x499940], eax jmp near loc_004603d4 ; jmp 0x4603d4 loc_0046030e: push esi mov ecx, dword [esp + 0x20] push ecx call fcn_004603f4 ; call 0x4603f4 add esp, 8 test esi, esi jne near loc_004603ea ; jne 0x4603ea test eax, eax jg near loc_004603d1 ; jg 0x4603d1 neg eax mov esi, eax inc eax mov dword [esp + 4], eax mov eax, esi shl eax, 2 mov dword [esp], eax lea ebp, [eax + 8] mov eax, dword [esp + 4] mov edi, dword [ref_00499940] ; mov edi, dword [0x499940] add eax, ebp test edi, edi jne short loc_00460392 ; jne 0x460392 push eax call fcn_00456f80 ; call 0x456f80 mov edi, eax add esp, 4 mov ebx, eax test eax, eax je near loc_0046029d ; je 0x46029d mov ecx, dword [esp] push ecx mov eax, dword [ref_00499948] ; mov eax, dword [0x499948] push eax push edi call _memcpy ; call 0x456de8 add esp, 0xc mov edx, dword [esp + 4] push edx push 0 add edi, ebp push edi mov dword [ref_00499940], edi ; mov dword [0x499940], edi call memset ; call 0x456f60 add esp, 0xc jmp short loc_004603bf ; jmp 0x4603bf loc_00460392: push eax push ebx call fcn_0045c585 ; call 0x45c585 add esp, 8 mov ebx, eax test eax, eax je near loc_0046029d ; je 0x46029d push esi mov edx, dword [ref_00499940] ; mov edx, dword [0x499940] push edx add ebp, eax push ebp call fcn_004604f4 ; call 0x4604f4 add esp, 0xc mov dword [ref_00499940], ebp ; mov dword [0x499940], ebp loc_004603bf: mov eax, esi mov dword [ref_00499948], ebx ; mov dword [0x499948], ebx mov dword [ebx + eax*4 + 4], 0 jmp short loc_004603d4 ; jmp 0x4603d4 loc_004603d1: lea esi, [eax - 1] loc_004603d4: mov eax, esi shl eax, 2 add ebx, eax mov eax, dword [esp + 0x1c] mov dword [ebx], eax mov eax, dword [ref_00499940] ; mov eax, dword [0x499940] mov byte [esi + eax], 0 loc_004603ea: xor eax, eax loc_004603ec: add esp, 8 pop ebp pop edi pop esi pop ebx ret fcn_004603f4: push ebx push esi push edi push ebp mov ebp, dword [ref_00499948] ; mov ebp, dword [0x499948] jmp near loc_004604da ; jmp 0x4604da loc_00460403: mov esi, dword [esp + 0x14] jmp near loc_004604cd ; jmp 0x4604cd loc_0046040c: xor eax, eax mov ax, word [ebx] push eax call fcn_004608e2 ; call 0x4608e2 mov edi, eax xor eax, eax add esp, 4 mov ax, word [esi] push eax call fcn_004608e2 ; call 0x4608e2 add esp, 4 cmp di, ax jne near loc_004604d7 ; jne 0x4604d7 cmp word [ebx], 0x3d jne near loc_004604c7 ; jne 0x4604c7 mov edx, dword [ref_00499948] ; mov edx, dword [0x499948] mov esi, ebp sub esi, edx mov ebx, dword [esp + 0x18] sar esi, 2 test ebx, ebx je near loc_004604bf ; je 0x4604bf mov ebx, ebp mov edx, dword [ebp] jmp short loc_00460465 ; jmp 0x460465 loc_0046045d: mov eax, dword [ebx + 4] mov dword [ebx], eax add ebx, 4 loc_00460465: cmp dword [ebx], 0 jne short loc_0046045d ; jne 0x46045d mov edi, dword [ref_00499940] ; mov edi, dword [0x499940] test edi, edi je short loc_004604b8 ; je 0x4604b8 mov eax, edi cmp byte [esi + eax], 0 je short loc_00460485 ; je 0x460485 push edx call clib_free ; call 0x456e11 add esp, 4 loc_00460485: mov eax, dword [ref_00499948] ; mov eax, dword [0x499948] mov ebp, ebx sub ebp, eax sar ebp, 2 push ebp mov edx, dword [ref_00499940] ; mov edx, dword [0x499940] push edx push ebx call fcn_004604f4 ; call 0x4604f4 add esp, 0xc mov dword [ref_00499940], ebx ; mov dword [0x499940], ebx lea eax, [esi + ebx] jmp short loc_004604b4 ; jmp 0x4604b4 loc_004604ad: mov bl, byte [eax + 1] inc esi mov byte [eax], bl inc eax loc_004604b4: cmp esi, ebp jl short loc_004604ad ; jl 0x4604ad loc_004604b8: xor eax, eax pop ebp pop edi pop esi pop ebx ret loc_004604bf: lea eax, [esi + 1] pop ebp pop edi pop esi pop ebx ret loc_004604c7: add ebx, 2 add esi, 2 loc_004604cd: cmp word [esi], 0 jne near loc_0046040c ; jne 0x46040c loc_004604d7: add ebp, 4 loc_004604da: mov ebx, dword [ebp] test ebx, ebx jne near loc_00460403 ; jne 0x460403 mov eax, dword [ref_00499948] ; mov eax, dword [0x499948] sub eax, ebp sar eax, 2 pop ebp pop edi pop esi pop ebx ret fcn_004604f4: push esi push edi mov eax, dword [esp + 0xc] mov esi, dword [esp + 0x10] mov ecx, dword [esp + 0x14] cmp esi, eax je short loc_00460543 ; je 0x460543 jae short loc_0046052f ; jae 0x46052f lea edx, [esi + ecx] cmp edx, eax jbe short loc_0046052f ; jbe 0x46052f lea edi, [eax + ecx] lea esi, [edx - 1] dec edi mov edx, ds push es mov es, edx std dec esi dec edi shr ecx, 1 db 0x66, 0xf3, 0xa5 ; rep movsd dword es:[edi], dword ptr [esi] adc ecx, ecx inc esi inc edi db 0x66, 0xf3, 0xa4 ; rep movsb byte es:[edi], byte ptr [esi] pop es cld pop edi pop esi ret loc_0046052f: mov edx, ds mov edi, eax push es mov es, edx push ecx shr ecx, 2 rep movsd ; rep movsd dword es:[edi], dword ptr [esi] pop ecx and ecx, 3 rep movsb ; rep movsb byte es:[edi], byte ptr [esi] pop es loc_00460543: pop edi pop esi ret fcn_00460546: mov eax, dword [esp + 4] cmp dword [ref_00499958], 0 ; cmp dword [0x499958], 0 je short loc_0046057a ; je 0x46057a xor edx, edx mov dl, byte [eax] mov dl, byte [edx + ref_0049995d] ; mov dl, byte [edx + 0x49995d] and dl, 1 and edx, 0xff je short loc_0046057a ; je 0x46057a xor edx, edx mov dl, byte [eax] shl edx, 8 mov al, byte [eax + 1] and eax, 0xff or eax, edx ret loc_0046057a: mov al, byte [eax] and eax, 0xff ret fcn_00460582: push ebx push esi sub esp, 4 mov eax, esp push eax mov edx, dword [esp + 0x14] push edx call fcn_004605fd ; call 0x4605fd add esp, 8 mov eax, esp push eax call fcn_0045ff1a ; call 0x45ff1a add esp, 4 xor dl, dl mov ebx, dword [ref_00489738] ; mov ebx, dword [0x489738] mov byte [esp + eax], dl cmp ebx, 0x3a4 jne short loc_004605de ; jne 0x4605de cmp dword [ref_00499958], 0 ; cmp dword [0x499958], 0 je short loc_004605de ; je 0x4605de xor eax, eax mov al, byte [esp] mov al, byte [eax + ref_0049995d] ; mov al, byte [eax + 0x49995d] and al, 1 and eax, 0xff je short loc_004605de ; je 0x4605de mov esi, dword [esp + 0x10] push esi call fcn_004608f9 ; call 0x4608f9 jmp short loc_004605f4 ; jmp 0x4605f4 loc_004605de: push 1 lea eax, [esp + 4] push eax call dword [cs:__imp__CharUpperBuffA@8] ; ucall: call dword cs:[0x4622d0] mov eax, esp push eax call fcn_00460546 ; call 0x460546 loc_004605f4: add esp, 4 add esp, 4 pop esi pop ebx ret fcn_004605fd: push ebx mov ebx, dword [esp + 8] mov eax, dword [esp + 0xc] test bh, 0xff je short loc_00460617 ; je 0x460617 mov edx, ebx mov byte [eax + 1], bl shr edx, 8 mov byte [eax], dl pop ebx ret loc_00460617: mov byte [eax], bl pop ebx ret fcn_0046061b: push ebx push esi push edi push ebp mov ebp, esp sub esp, 4 mov esi, dword [ebp + 0x14] mov ebx, dword [ebp + 0x18] test ebx, ebx jne short loc_00460635 ; jne 0x460635 loc_0046062e: xor eax, eax jmp near loc_004606b4 ; jmp 0x4606b4 loc_00460635: cmp dword [ebp + 0x1c], 0 jbe near loc_004606af ; jbe 0x4606af cmp byte [ebx], 0 jne short loc_0046064f ; jne 0x46064f test esi, esi je short loc_0046062e ; je 0x46062e mov word [esi], 0 jmp short loc_0046062e ; jmp 0x46062e loc_0046064f: cmp dword [ref_00499958], 0 ; cmp dword [0x499958], 0 je short loc_00460671 ; je 0x460671 xor eax, eax mov al, byte [ebx] mov al, byte [eax + ref_0049995d] ; mov al, byte [eax + 0x49995d] and al, 1 and eax, 0xff je short loc_00460671 ; je 0x460671 cmp byte [ebx + 1], 0 je short loc_004606af ; je 0x4606af loc_00460671: push ebx call fcn_0045ff1a ; call 0x45ff1a add esp, 4 push 1 lea edx, [ebp - 4] push edx mov edx, dword [ebp + 0x1c] mov edi, eax cmp eax, edx jbe short loc_0046068b ; jbe 0x46068b mov eax, edx loc_0046068b: push eax push ebx push 8 mov ebx, dword [ref_00489738] ; mov ebx, dword [0x489738] push ebx call dword [cs:__imp__MultiByteToWideChar@24] ; ucall: call dword cs:[0x4623e4] test eax, eax je short loc_004606af ; je 0x4606af test esi, esi je short loc_004606ab ; je 0x4606ab mov eax, dword [ebp - 4] mov word [esi], ax loc_004606ab: mov eax, edi jmp short loc_004606b4 ; jmp 0x4606b4 loc_004606af: mov eax, 0xffffffff loc_004606b4: mov esp, ebp pop ebp pop edi pop esi pop ebx ret fcn_004606bb: push ebx fcn_004606bc: ; not directly referenced push ebp mov ebp, esp mov edx, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] loc_004606c5: cmp bx, word [edx] jne short loc_004606cf ; jne 0x4606cf mov eax, edx pop ebp pop ebx ret loc_004606cf: mov eax, edx inc edx inc edx cmp word [eax], 0 jne short loc_004606c5 ; jne 0x4606c5 xor eax, eax pop ebp pop ebx ret fcn_004606de: push ebx push esi push edi push ebp cmp word [_RWD_osbuild], 0x8000 ; cmp word [0x489355], 0x8000 jae short loc_00460703 ; jae 0x460703 mov edx, dword [esp + 0x18] push edx mov ebx, dword [esp + 0x18] push ebx call dword [cs:__imp__SetEnvironmentVariableW@8] ; ucall: call dword cs:[0x4623fc] pop ebp pop edi pop esi pop ebx ret loc_00460703: mov edx, dword [esp + 0x14] push edx call fcn_0045c9de ; call 0x45c9de add eax, eax add esp, 4 lea esi, [eax + 1] push esi call fcn_00456f80 ; call 0x456f80 mov edi, eax add esp, 4 mov ebp, eax test eax, eax je near loc_004607be ; je 0x4607be mov ebx, dword [esp + 0x18] test ebx, ebx je short loc_00460752 ; je 0x460752 push ebx call fcn_0045c9de ; call 0x45c9de add eax, eax add esp, 4 lea esi, [eax + 1] push esi call fcn_00456f80 ; call 0x456f80 add esp, 4 mov ebx, eax test eax, eax jne short loc_00460752 ; jne 0x460752 push edi jmp short loc_00460774 ; jmp 0x460774 loc_00460752: push esi mov edi, dword [esp + 0x18] push edi push ebp call fcn_00460821 ; call 0x460821 add esp, 0xc cmp eax, 0xffffffff jne short loc_00460783 ; jne 0x460783 push ebp call clib_free ; call 0x456e11 add esp, 4 test ebx, ebx je short loc_0046077c ; je 0x46077c loc_00460773: push ebx loc_00460774: call clib_free ; call 0x456e11 add esp, 4 loc_0046077c: xor eax, eax pop ebp pop edi pop esi pop ebx ret loc_00460783: test ebx, ebx je short loc_0046079b ; je 0x46079b push esi mov eax, dword [esp + 0x1c] push eax push ebx call fcn_00460821 ; call 0x460821 add esp, 0xc cmp eax, 0xffffffff je short loc_00460773 ; je 0x460773 loc_0046079b: push ebx push ebp call dword [cs:__imp__SetEnvironmentVariableA@8] ; ucall: call dword cs:[0x4623f8] push ebp mov esi, eax call clib_free ; call 0x456e11 add esp, 4 test ebx, ebx je short loc_004607bc ; je 0x4607bc push ebx call clib_free ; call 0x456e11 add esp, 4 loc_004607bc: mov eax, esi loc_004607be: pop ebp pop edi pop esi pop ebx ret fcn_004607c3: push ebx push esi push edi push ebp mov esi, dword [ref_00499944] ; mov esi, dword [0x499944] test esi, esi je short loc_0046081c ; je 0x46081c loc_004607d1: mov edi, dword [esi] add esi, 4 test edi, edi je short loc_0046081c ; je 0x46081c push edi call fcn_00460084 ; call 0x460084 lea ebp, [eax + 1] add esp, 4 lea eax, [ebp + ebp] push eax call fcn_00456f80 ; call 0x456f80 mov ebx, eax add esp, 4 test eax, eax je short loc_004607d1 ; je 0x4607d1 push ebp push edi push eax call fcn_004600ac ; call 0x4600ac add esp, 0xc cmp eax, 0xffffffff je short loc_00460814 ; je 0x460814 push ebx call fcn_0046028e ; call 0x46028e loc_0046080f: add esp, 4 jmp short loc_004607d1 ; jmp 0x4607d1 loc_00460814: push ebx call clib_free ; call 0x456e11 jmp short loc_0046080f ; jmp 0x46080f loc_0046081c: pop ebp pop edi pop esi pop ebx ret fcn_00460821: push ebx push esi push edi push ebp sub esp, 4 mov ebx, dword [esp + 0x1c] mov edx, dword [esp + 0x18] xor ebp, ebp test edx, edx je near loc_004608b1 ; je 0x4608b1 loc_0046083a: cmp dword [esp + 0x20], 0 jbe near loc_004608d8 ; jbe 0x4608d8 mov cx, word [ebx] test cx, cx je short loc_00460873 ; je 0x460873 xor eax, eax mov ax, cx push eax lea eax, [esp + 4] push eax call fcn_0045ce30 ; call 0x45ce30 mov edx, eax add esp, 8 cmp eax, 0xffffffff je near loc_004608da ; je 0x4608da cmp eax, dword [esp + 0x20] ja short loc_004608d8 ; ja 0x4608d8 jmp short loc_0046087c ; jmp 0x46087c loc_00460873: mov eax, dword [esp + 0x18] mov byte [eax], 0 jmp short loc_004608d8 ; jmp 0x4608d8 loc_0046087c: mov esi, esp mov edi, dword [esp + 0x18] mov ecx, eax push es mov eax, ds mov es, eax push edi mov eax, ecx shr ecx, 2 repne movsd mov cl, al and cl, 3 repne movsb ; repne movsb byte es:[edi], byte ptr [esi] pop edi pop es add ebx, 2 add ebp, edx mov eax, dword [esp + 0x20] add edi, edx sub eax, edx mov dword [esp + 0x18], edi mov dword [esp + 0x20], eax jmp short loc_0046083a ; jmp 0x46083a loc_004608b1: mov dx, word [ebx] test dx, dx je short loc_004608d8 ; je 0x4608d8 xor eax, eax mov ax, dx push eax lea eax, [esp + 4] push eax call fcn_0045ce30 ; call 0x45ce30 add esp, 8 cmp eax, 0xffffffff je short loc_004608da ; je 0x4608da add ebx, 2 add ebp, eax jmp short loc_004608b1 ; jmp 0x4608b1 loc_004608d8: mov eax, ebp loc_004608da: add esp, 4 pop ebp pop edi pop esi pop ebx ret fcn_004608e2: push ebp mov ebp, esp mov eax, dword [ebp + 8] cmp ax, 0x61 jb short loc_004608f7 ; jb 0x4608f7 cmp ax, 0x7a ja short loc_004608f7 ; ja 0x4608f7 sub eax, 0x20 loc_004608f7: pop ebp ret fcn_004608f9: mov edx, dword [esp + 4] push edx call fcn_00460917 ; call 0x460917 add esp, 4 test eax, eax je short loc_00460912 ; je 0x460912 mov eax, dword [esp + 4] sub eax, 0x21 ret loc_00460912: mov eax, dword [esp + 4] ret fcn_00460917: push ebx mov ebx, dword [esp + 8] push ebx call fcn_0046095c ; call 0x46095c add esp, 4 test eax, eax je short loc_00460944 ; je 0x460944 cmp ebx, 0x8281 jb short loc_00460940 ; jb 0x460940 cmp ebx, 0x829a ja short loc_00460940 ; ja 0x460940 mov eax, 1 pop ebx ret loc_00460940: xor eax, eax pop ebx ret loc_00460944: mov al, bl inc al and eax, 0xff mov al, byte [eax + ref_00489370] ; mov al, byte [eax + 0x489370] and al, 0x80 and eax, 0xff pop ebx ret fcn_0046095c: cmp dword [ref_00499958], 0 ; cmp dword [0x499958], 0 je short loc_0046099c ; je 0x46099c mov eax, dword [esp + 4] shr eax, 8 and eax, 0xff mov al, byte [eax + ref_0049995d] ; mov al, byte [eax + 0x49995d] and al, 1 and eax, 0xff je short loc_0046099c ; je 0x46099c mov eax, dword [esp + 4] and eax, 0xff push eax call fcn_0046099f ; call 0x46099f add esp, 4 test eax, eax je short loc_0046099c ; je 0x46099c mov eax, 1 ret loc_0046099c: xor eax, eax ret fcn_0046099f: cmp dword [ref_00499958], 0 ; cmp dword [0x499958], 0 je short loc_004609d5 ; je 0x4609d5 cmp dword [ref_00489738], 0x3a4 ; cmp dword [0x489738], 0x3a4 je short loc_004609c1 ; je 0x4609c1 cmp dword [esp + 4], 0 je short loc_004609d5 ; je 0x4609d5 mov eax, 1 ret loc_004609c1: xor eax, eax mov al, byte [esp + 4] mov al, byte [eax + ref_004897c9] ; mov al, byte [eax + 0x4897c9] and al, 8 and eax, 0xff ret loc_004609d5: xor eax, eax ret fcn_004609d8: push eax push ebx push ecx mov eax, dword [esp + 0x16] xor eax, 0x700 test eax, 0x700 jne near loc_00460b72 ; jne 0x460b72 shr eax, 0xb and eax, 0xf cmp byte [eax + ref_00489914], 0 ; cmp byte [eax + 0x489914], 0 je near loc_00460b72 ; je 0x460b72 mov eax, dword [esp + 0x16] and eax, 0x7fff0000 cmp eax, 0x7fff0000 je near loc_00460b72 ; je 0x460b72 mov eax, dword [esp + 0x2e] and eax, 0x7fff0000 je near loc_00460b72 ; je 0x460b72 cmp eax, 0x7fff0000 je near loc_00460b72 ; je 0x460b72 mov eax, dword [esp + 0x2c] add eax, eax jne near loc_00460b72 ; jne 0x460b72 mov eax, dword [esp + 0x14] add eax, eax jne near loc_00460b72 ; jne 0x460b72 mov eax, dword [esp + 0x18] and eax, 0x7fff add eax, 0x3f mov ebx, dword [esp + 0x30] and ebx, 0x7fff sub ebx, eax ja short loc_00460ac0 ; ja 0x460ac0 loc_00460a62: mov eax, dword [esp + 0x18] and eax, 0x7fff add eax, 0xa mov ebx, dword [esp + 0x30] and ebx, 0x7fff sub ebx, eax js near loc_00460b72 ; js 0x460b72 fld tword [esp + 0x28] ; fld xword [esp + 0x28] mov eax, dword [esp + 0x18] mov ebx, dword [esp + 0x30] and ebx, 0x7fff mov ecx, ebx sub ebx, eax and ebx, 7 or ebx, 4 sub ecx, ebx mov ebx, eax and ebx, 0x8000 or ecx, ebx mov dword [esp + 0x18], ecx fld tword [esp + 0x10] ; fld xword [esp + 0x10] mov dword [esp + 0x18], eax fxch st1 ; fxch st(1) fprem fstp tword [esp + 0x28] ; fstp xword [esp + 0x28] fstp st0 ; fstp st(0) jmp short loc_00460a62 ; jmp 0x460a62 loc_00460ac0: test edx, 2 jne short loc_00460ad0 ; jne 0x460ad0 fld tword [esp + 0x10] ; fld xword [esp + 0x10] fstp tword [esp + 0x1c] ; fstp xword [esp + 0x1c] loc_00460ad0: fnstcw word [esp + 0x34] mov eax, dword [esp + 0x34] or eax, 0x33f mov dword [esp + 0x38], eax fldcw word [esp + 0x38] mov eax, dword [esp + 0x18] and eax, 0x7fff mov ebx, dword [esp + 0x30] and ebx, 0x7fff sub ebx, eax and ebx, 0x3f or ebx, 0x20 add ebx, 1 mov ecx, ebx mov eax, dword [esp + 0x18] mov ebx, dword [esp + 0x30] and ebx, 0x7fff and eax, 0x8000 or ebx, eax mov dword [esp + 0x18], ebx fld tword [esp + 0x10] ; fld xword [esp + 0x10] fabs fld tword [esp + 0x28] ; fld xword [esp + 0x28] fabs loc_00460b2a: fcom st1 ; fcom st(1) fnstsw ax and eax, 0x100 jne short loc_00460b37 ; jne 0x460b37 fsub st1 ; fsub st(1) loc_00460b37: fxch st1 ; fxch st(1) fmul qword [ref_00489944] ; fmul qword [0x489944] fxch st1 ; fxch st(1) sub ecx, 1 jne short loc_00460b2a ; jne 0x460b2a mov ebx, dword [esp + 0x30] fstp tword [esp + 0x28] ; fstp xword [esp + 0x28] fstp st0 ; fstp st(0) fld tword [esp + 0x1c] ; fld xword [esp + 0x1c] fld tword [ref_0048994c] ; fld xword [0x48994c] fprem fstp st0 ; fstp st(0) fld tword [esp + 0x28] ; fld xword [esp + 0x28] fldcw word [esp + 0x34] and ebx, 0x8000 je short loc_00460b7c ; je 0x460b7c fchs jmp short loc_00460b7c ; jmp 0x460b7c loc_00460b72: fld tword [esp + 0x10] ; fld xword [esp + 0x10] fld tword [esp + 0x28] ; fld xword [esp + 0x28] fprem loc_00460b7c: test edx, 3 je short loc_00460bda ; je 0x460bda fnstsw [esp + 0x3c] test edx, 1 je short loc_00460baf ; je 0x460baf fnstcw word [esp + 0x34] mov eax, dword [esp + 0x34] or eax, 0x300 mov dword [esp + 0x38], eax fldcw word [esp + 0x38] fmul qword [ref_00489934] ; fmul qword [0x489934] fldcw word [esp + 0x34] loc_00460baf: mov eax, dword [esp + 0x3c] fxch st1 ; fxch st(1) fstp st0 ; fstp st(0) fld tword [esp + 0x1c] ; fld xword [esp + 0x1c] fxch st1 ; fxch st(1) and eax, 0x4300 sub esp, 0x1c fnstenv [esp] and dword [esp + 4], 0xbcff or dword [esp + 4], eax fldenv [esp] add esp, 0x1c loc_00460bda: pop ecx pop ebx pop eax ret fcn_00460bde: push edx sub esp, 0x30 fstp tword [esp + 0x18] ; fstp xword [esp + 0x18] fstp tword [esp] ; fstp xword [esp] xor edx, edx mov eax, dword [esp + 6] test eax, 0x7fff0000 je short loc_00460c00 ; je 0x460c00 call fcn_004609d8 ; call 0x4609d8 add esp, 0x30 pop edx ret loc_00460c00: fld tword [esp] ; fld xword [esp] fld tword [esp + 0x18] ; fld xword [esp + 0x18] mov eax, dword [esp] or eax, dword [esp + 4] je short loc_00460c89 ; je 0x460c89 fxch st1 ; fxch st(1) fstp tword [esp + 0xc] ; fstp xword [esp + 0xc] fld tword [esp] ; fld xword [esp] fxch st1 ; fxch st(1) or edx, 2 fnstcw word [esp + 0x24] mov eax, dword [esp + 0x24] or eax, 0x33f mov dword [esp + 0x28], eax fldcw word [esp + 0x28] mov eax, dword [esp + 0x20] and eax, 0x7fff cmp eax, 0x7fbe ja short loc_00460c5b ; ja 0x460c5b or edx, 1 fmul qword [ref_0048992c] ; fmul qword [0x48992c] fstp tword [esp + 0x18] ; fstp xword [esp + 0x18] fmul qword [ref_0048992c] ; fmul qword [0x48992c] fstp tword [esp] ; fstp xword [esp] jmp short loc_00460c7b ; jmp 0x460c7b loc_00460c5b: fnstcw word [esp + 0x24] mov eax, dword [esp + 0x24] or eax, 0x300 mov dword [esp + 0x28], eax fldcw word [esp + 0x28] fstp st0 ; fstp st(0) fmul qword [ref_0048992c] ; fmul qword [0x48992c] fstp tword [esp] ; fstp xword [esp] loc_00460c7b: fldcw word [esp + 0x24] call fcn_004609d8 ; call 0x4609d8 add esp, 0x30 pop edx ret loc_00460c89: fprem add esp, 0x30 pop edx ret fcn_00460c90: push eax push ebx push ecx mov eax, dword [esp + 0x16] xor eax, 0x700 test eax, 0x700 jne near loc_00460e2a ; jne 0x460e2a shr eax, 0xb and eax, 0xf cmp byte [eax + ref_00489914], 0 ; cmp byte [eax + 0x489914], 0 je near loc_00460e2a ; je 0x460e2a mov eax, dword [esp + 0x16] and eax, 0x7fff0000 cmp eax, 0x7fff0000 je near loc_00460e2a ; je 0x460e2a mov eax, dword [esp + 0x2e] and eax, 0x7fff0000 je near loc_00460e2a ; je 0x460e2a cmp eax, 0x7fff0000 je near loc_00460e2a ; je 0x460e2a mov eax, dword [esp + 0x2c] add eax, eax jne near loc_00460e2a ; jne 0x460e2a mov eax, dword [esp + 0x14] add eax, eax jne near loc_00460e2a ; jne 0x460e2a mov eax, dword [esp + 0x18] and eax, 0x7fff add eax, 0x3f mov ebx, dword [esp + 0x30] and ebx, 0x7fff sub ebx, eax ja short loc_00460d78 ; ja 0x460d78 loc_00460d1a: mov eax, dword [esp + 0x18] and eax, 0x7fff add eax, 0xa mov ebx, dword [esp + 0x30] and ebx, 0x7fff sub ebx, eax js near loc_00460e2a ; js 0x460e2a fld tword [esp + 0x28] ; fld xword [esp + 0x28] mov eax, dword [esp + 0x18] mov ebx, dword [esp + 0x30] and ebx, 0x7fff mov ecx, ebx sub ebx, eax and ebx, 7 or ebx, 4 sub ecx, ebx mov ebx, eax and ebx, 0x8000 or ecx, ebx mov dword [esp + 0x18], ecx fld tword [esp + 0x10] ; fld xword [esp + 0x10] mov dword [esp + 0x18], eax fxch st1 ; fxch st(1) fprem fstp tword [esp + 0x28] ; fstp xword [esp + 0x28] fstp st0 ; fstp st(0) jmp short loc_00460d1a ; jmp 0x460d1a loc_00460d78: test ebx, 2 jne short loc_00460d88 ; jne 0x460d88 fld tword [esp + 0x10] ; fld xword [esp + 0x10] fstp tword [esp + 0x1c] ; fstp xword [esp + 0x1c] loc_00460d88: fnstcw word [esp + 0x34] mov eax, dword [esp + 0x34] or eax, 0x33f mov dword [esp + 0x38], eax fldcw word [esp + 0x38] mov eax, dword [esp + 0x18] and eax, 0x7fff mov ebx, dword [esp + 0x30] and ebx, 0x7fff sub ebx, eax and ebx, 0x3f or ebx, 0x20 add ebx, 1 mov ecx, ebx mov eax, dword [esp + 0x18] mov ebx, dword [esp + 0x30] and ebx, 0x7fff and eax, 0x8000 or ebx, eax mov dword [esp + 0x18], ebx fld tword [esp + 0x10] ; fld xword [esp + 0x10] fabs fld tword [esp + 0x28] ; fld xword [esp + 0x28] fabs loc_00460de2: fcom st1 ; fcom st(1) fnstsw ax and eax, 0x100 jne short loc_00460def ; jne 0x460def fsub st1 ; fsub st(1) loc_00460def: fxch st1 ; fxch st(1) fmul qword [ref_00489944] ; fmul qword [0x489944] fxch st1 ; fxch st(1) sub ecx, 1 jne short loc_00460de2 ; jne 0x460de2 mov ebx, dword [esp + 0x30] fstp tword [esp + 0x28] ; fstp xword [esp + 0x28] fstp st0 ; fstp st(0) fld tword [esp + 0x1c] ; fld xword [esp + 0x1c] fld tword [ref_0048994c] ; fld xword [0x48994c] fprem1 fstp st0 ; fstp st(0) fld tword [esp + 0x28] ; fld xword [esp + 0x28] fldcw word [esp + 0x34] and ebx, 0x8000 je short loc_00460e34 ; je 0x460e34 fchs jmp short loc_00460e34 ; jmp 0x460e34 loc_00460e2a: fld tword [esp + 0x10] ; fld xword [esp + 0x10] fld tword [esp + 0x28] ; fld xword [esp + 0x28] fprem1 loc_00460e34: test edx, 3 je short loc_00460e92 ; je 0x460e92 fnstsw [esp + 0x3c] test edx, 1 je short loc_00460e67 ; je 0x460e67 fnstcw word [esp + 0x34] mov eax, dword [esp + 0x34] or eax, 0x300 mov dword [esp + 0x38], eax fldcw word [esp + 0x38] fmul qword [ref_00489934] ; fmul qword [0x489934] fldcw word [esp + 0x34] loc_00460e67: mov eax, dword [esp + 0x3c] fxch st1 ; fxch st(1) fstp st0 ; fstp st(0) fld tword [esp + 0x1c] ; fld xword [esp + 0x1c] fxch st1 ; fxch st(1) and eax, 0x4300 sub esp, 0x1c fnstenv [esp] and dword [esp + 4], 0xbcff or dword [esp + 4], eax fldenv [esp] add esp, 0x1c loc_00460e92: pop ecx pop ebx pop eax ret endloc_00460e96: db 0x52 db 0x83 dd 0x7cdb30ec dd 0x3cdb1824 dd 0x0000ba24 dd 0x448b0000 dd 0x00a90624 dd 0x747fff00 dd 0xfddae80a dd 0xc483ffff dd 0xdbc35a30 dd 0x6cdb242c dd 0x048b1824 dd 0x24440b24 dd 0xd9797404 dd 0x247cdbc9 dd 0x242cdb0c dd 0xca83c9d9 dd 0x247cd902 dd 0x24448b24 dd 0x033f0d24 dd 0x44890000 dd 0x6cd92824 dd 0x448b2824 dd 0xff252024 dd 0x3d00007f dd 0x00007fbe dd 0xca831877 db 0x01 db 0xdc db 0x0d dd ref_0048992c db 0xdb dd 0xdc18247c db 0x0d dd ref_0048992c db 0xdb db 0x3c db 0x24 dd 0x7cd920eb dd 0x448b2424 dd 0x000d2424 dd 0x89000003 dd 0xd9282444 dd 0xdd28246c db 0xd8 db 0xdc db 0x0d dd ref_0048992c db 0xdb dd 0x6cd9243c dd 0x51e82424 dd 0x83fffffd dd 0xc35a30c4 dd 0xc483f8d9 dd 0x00c35a30 db 0xff db 0x25 db 0x28 db 0x24 dd 0x25ff0046 dd 0x004623bc db 0xff db 0x25 db 0x7c db 0x23 dd 0x25ff0046 dd 0x00462378 db 0xff db 0x25 db 0xb4 db 0x23 dd 0x25ff0046 dd 0x004623d0 db 0xff db 0x25 db 0x98 db 0x23 dd 0x25ff0046 dd 0x00462364 db 0xff db 0x25 db 0xb0 db 0x23 dd 0x25ff0046 dd 0x00462348 db 0xff db 0x25 db 0x04 db 0x24 dd 0x25ff0046 dd 0x004623a0 db 0xff db 0x25 db 0xec db 0x23 dd 0x25ff0046 dd 0x00462350 db 0xff db 0x25 db 0x94 db 0x23 dd 0x25ff0046 dd 0x004622c0 db 0xff db 0x25 db 0xe4 db 0x22 dd 0x25ff0046 dd 0x004622bc db 0xff db 0x25 db 0xb8 db 0x22 dd 0x25ff0046 dd 0x0046228c db 0xff db 0x25 db 0x98 db 0x22 dd 0x25ff0046 dd 0x004622c4 db 0xff db 0x25 db 0xa0 db 0x22 dd 0x25ff0046 dd 0x004622b0 db 0xff db 0x25 db 0x9c db 0x22 dd 0x25ff0046 dd 0x00462294 db 0xff db 0x25 db 0xa8 db 0x22 dd 0x25ff0046 dd 0x004622ac db 0xff db 0x25 db 0xb4 db 0x22 dd 0x25ff0046 dd 0x00462290 db 0xff db 0x25 db 0xf4 db 0x22 dd 0x25ff0046 dd 0x00462340 db 0xff db 0x25 db 0xfc db 0x22 dd 0x25ff0046 dd 0x00462324 db 0xff db 0x25 db 0xe8 db 0x22 dd 0x25ff0046 dd 0x004622cc db 0xff db 0x25 db 0xf8 db 0x22 dd 0x25ff0046 dd 0x0046232c db 0xff db 0x25 db 0xdc db 0x22 dd 0x25ff0046 dd 0x0046233c db 0xff db 0x25 db 0x30 db 0x23 dd 0x25ff0046 dd 0x004622d4 db 0xff db 0x25 db 0xf0 db 0x22 dd 0x25ff0046 dd 0x00462318 db 0xff db 0x25 db 0xa4 db 0x22 dd 0x25ff0046 dd 0x00462300 db 0xff db 0x25 db 0x04 db 0x23 dd 0x25ff0046 dd 0x004622d8 db 0xff db 0x25 db 0x14 db 0x23 dd 0x25ff0046 dd 0x00462320 db 0xff db 0x25 db 0xe0 db 0x22 dd 0x25ff0046 dd 0x00462334 db 0xff db 0x25 db 0x0c db 0x23 dd 0x25ff0046 dd 0x00462338 db 0xff db 0x25 db 0x28 db 0x23 dd 0x25ff0046 dd 0x004623cc db 0xff db 0x25 db 0x08 db 0x23 dd 0x25ff0046 dd 0x00462310 db 0xff db 0x25 db 0x1c db 0x23 dd 0x25ff0046 dd 0x004622ec db 0xff db 0x25 db 0xfc db 0x23 dd 0x25ff0046 dd 0x004622d0 db 0xff db 0x25 db 0xf8 db 0x23 dd 0x25ff0046 dd 0x00462368 db 0xff db 0x25 db 0x34 db 0x24 dd 0x25ff0046 dd 0x00462354 db 0xff db 0x25 db 0x90 db 0x23 dd 0x25ff0046 dd 0x00462400 db 0xff db 0x25 db 0x74 db 0x23 dd 0x25ff0046 dd 0x004623c0 db 0xff db 0x25 db 0x70 db 0x23 dd 0x25ff0046 dd 0x0046243c db 0xff db 0x25 db 0xf4 db 0x23 dd 0x25ff0046 dd 0x00462380 db 0xff db 0x25 db 0xe8 db 0x23 dd 0x25ff0046 dd 0x00462438 db 0xff db 0x25 db 0xf0 db 0x23 dd 0x25ff0046 dd 0x0046235c db 0xff db 0x25 db 0x84 db 0x23 dd 0x25ff0046 dd 0x004623a8 db 0xff db 0x25 db 0xe0 db 0x23 dd 0x25ff0046 dd 0x0046239c db 0xff db 0x25 db 0x6c db 0x23 dd 0x25ff0046 dd 0x004623a4 db 0xff db 0x25 db 0x2c db 0x24 dd 0x25ff0046 dd 0x00462410 db 0xff db 0x25 db 0x24 db 0x24 dd 0x25ff0046 dd 0x004623c4 db 0xff db 0x25 db 0xdc db 0x23 dd 0x25ff0046 dd 0x00462430 db 0xff db 0x25 db 0xe4 db 0x23 dd 0x25ff0046 dd 0x004623b8 db 0xff db 0x25 db 0x18 db 0x24 dd 0x25ff0046 dd 0x00462420 db 0xff db 0x25 db 0x14 db 0x24 dd 0x25ff0046 dd 0x00462408 db 0xff db 0x25 db 0x1c db 0x24 dd 0x25ff0046 dd 0x004623ac db 0xff db 0x25 db 0xd8 db 0x23 dd 0x25ff0046 dd 0x00462360 db 0xff db 0x25 db 0xd4 db 0x23 dd 0x25ff0046 dd 0x0046238c db 0xff db 0x25 db 0x58 db 0x23 dd 0x25ff0046 dd 0x0046234c db 0xff db 0x25 db 0xc8 db 0x23 dd 0x25ff0046 dd 0x0046240c db 0xff db 0x25 db 0x40 db 0x24 dd 0x25ff0046 dd 0x00462388 db 0xff db 0x25 db 0x54 db 0x24 dd 0x25ff0046 dd 0x00462468 db 0xff db 0x25 db 0x64 db 0x24 dd 0x25ff0046 dd 0x00462460 db 0xff db 0x25 db 0x58 db 0x24 dd 0x25ff0046 dd 0x00462450 db 0xff db 0x25 db 0x48 db 0x24 dd 0x25ff0046 dd 0x0046244c db 0xff db 0x25 db 0x6c db 0x24 dd 0x25ff0046 dd 0x00462470 db 0xff db 0x25 db 0x74 db 0x24 dd 0x25ff0046 dd 0x0046245c fcn_0046121c: jmp dword [__imp__DirectSoundCreate@12] ; jmp dword [0x46247c] fcn_00461222: jmp dword [__imp__DirectDrawCreate@12] ; jmp dword [0x462484] add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al add byte [eax], al section .data dd 0x00010101 ref_00463004: db 'ERROR',0x00 ref_0046300a: db 'DirectDraw Initial Error!',0x00 ref_00463024: db 'DirectDraw SetMode Error!',0x00 ref_0046303e: db 'data.mkf',0x00 ref_00463047: db 'speaking.mkf',0x00 ref_00463054: db 'panel.mkf',0x00 ref_0046305e: db 'effect.mkf',0x00 ref_00463069: db 'resume vfw',0x00 ref_00463074: db 'resume mid',0x00 ref_0046307f: db 'play cdtrack notify',0x00 ref_00463093: db 'pause vfw',0x00 ref_0046309d: db 'pause mid',0x00 ref_004630a7: db 'stop cdtrack',0x00 ref_004630b4: db 'RICH4_ICON',0x00 ref_004630bf: db 'Rich4',0x00 ref_004630c5: db 'START.AVI',0x00,0x00 ref_004630d0: db 'V3.11',0x00,0x00,0x00 ref_004630d8: db 'SAVE%d.DAT',0x00 ref_004630e3: db 0x72 db 0x62 db 0x00 ref_004630e6: db 0x77 db 0x62 db 0x00 ref_004630e9: db 'AUTO',0x00 ref_004630ee: db '%d/%d',0x00 ref_004630f4: dd 0x48a447a4 db 0x00 ref_004630f9: db 0xa4 db 0x54 db 0xa4 db 0x48 db 0x00 ref_004630fe: db 0xa5 db 0x7c db 0xa4 db 0x48 db 0x00 ref_00463103: db 0xa8 dd 0x00e6a642 ref_00463108: dd 0xaea8f7be db 0x00 ref_0046310d: db 0xa8 db 0x54 db 0xa8 db 0xae db 0x00 ref_00463112: db 0xb5 db 0x4c dd 0xc1b4adad db 0x00 ref_00463119: db 0xa4 db 0x47 db 0xa6 db 0x7e db 0x00 ref_0046311e: db 0xa4 db 0x40 db 0xa6 db 0x7e db 0x00 ref_00463123: db 0xa4 dd 0xa4d3adbb db 0xeb db 0x00 ref_0046312a: db 0xa4 db 0x54 dd 0xeba4d3ad db 0x00 ref_00463131: db 0xa4 db 0x40 db 0xad dd 0x00eba4d3 ref_00463138: dd 0xb8c043b9 dd 0xc6bc48a4 db 0x00 ref_00463141: db 0xc1 db 0x60 db 0x20 dd 0xaa20eab8 db 0xf7 db 0x00 ref_0046314a: db 0xa6 db 0xe6 dd 0xe8a469b6 db 0xa6 db 0xa1 db 0x00 ref_00463153: db 0xa4 dd 0xc561a667 dd 0x00adad76 ref_0046315c: dd 0xb8c043b9 dd 0xa1b6c9ae db 0x00 ref_00463165: db 0xb3 db 0xd3 db 0xa7 dd 0xa5f8b151 db 0xf3 db 0x00 ref_0046316e: db 0x25 db 0x64 db 0x00 ref_00463171: db 0xb5 db 0x4c db 0xad db 0xad db 0x00 ref_00463176: db 0xae db 0xa5 dd 0xd3b3dfb3 dd 0x4cb951a7 dd 0x49a1f6c3 db 0xa1 db 0x49 db 0x00 ref_00463187: db 'JUMP.MKF',0x00 ref_00463190: dd 0x42c80000 ref_00463194: dd 0x41200000 ref_00463198: db 'END%02d.AVI',0x00 ref_004631a4: db 'THANKS.AVI',0x00 ref_004631af: db 'END.AVI',0x00 ref_004631b7: db 'OVER.AVI',0x00 ref_004631c0: db 'MAP.MKF',0x00 ref_004631c8: db 'MAPDAT.MKF',0x00 ref_004631d3: db '%d',0x00,0x00,0x00 ref_004631d8: dd 0x3d800000 ref_004631dc: dd 0x3e000000 ref_004631e0: dd 0xeda67325 dd 0xa4a44ab1 dd 0xd9c10a0a dd 0x6425d1b3 dd 0x49a1d1a4 db 0x00 ref_004631f5: db 0x25 db 0x73 db 0xae dd 0xa4a2a5f8 dd 0xc10a0aa4 dd 0x25d1b3d9 dd 0xa1d1a464 db 0x49 db 0x00 ref_0046320a: db 0x25 db 0x73 dd 0x63a8a4a7 dd 0x0a0aa4a4 dd 0xd1b3d9c1 dd 0xd1a46425 db 0xa1 db 0x49 db 0x00 ref_0046321f: db 0x25 dd 0xb0eda673 dd 0x0aa4a47c dd 0xb3d9c10a dd 0xa46425d1 dd 0x0049a1d1 ref_00463234: dd 0x56a57325 dd 0xa4a476af dd 0xd9c10a0a dd 0x6425d1b3 dd 0x49a1d1a4 dd 0x00000000 ref_0046324c: dd 0x3e000000 ref_00463250: dd 0xdcb3e7cb dd 0xe3a149a1 dd 0x5db06fb5 dd 0x5db06fb5 dd 0x0a0a49a1 dd 0xf6c1daa7 dd 0xd9c14db5 dd 0x41a170a4 dd 0xb0a453a8 dd 0xabaff2bb dd 0x0a0a4fa4 dd 0x4facfda6 dd 0x69a5daa7 dd 0xfdc548a5 dd 0x6cb741a7 dd 0xeeb4a2a5 dd 0x43a162a5 db 0x00 ref_00463295: db 0xa8 db 0xfe db 0xa8 dd 0xaee3a1fe dd 0xb5dfb3a5 dd 0xa15db06f dd 0xa70a0a43 dd 0xa64fabda dd 0xb041a7f6 dd 0xbabdb75d dd 0x0a75ba75 dd 0xa4d6bd0a dd 0xafa3a45d dd 0xa740bbe0 dd 0xbfbaaa41 dd 0x0043a1fa ref_004632cc: dd 0xeda2e7a2 dd 0xf0a2e9a2 dd 0xa3a42121 dd 0xddac6ead dd 0x70a4daa7 dd 0x0a0ae1b3 dd 0x69a5daa7 dd 0xfdc548a5 dd 0xeba741a7 dd 0xc6a8eab8 dd 0x5ca562a5 dd 0x49a1bfad db 0x00 ref_004632fd: db 0x25 db 0x73 db 0xaa dd 0x0aada8fe dd 0xa86fb10a dd 0xa17325ec db 0x49 db 0x00 ref_0046330e: db 0xa8 db 0xfe dd 0xfea8fea8 dd 0xd1a4e3a1 dd 0xe7bd78a9 dd 0x6ea6d6ba dd 0xeca842b9 dd 0xdaa70a0a dd 0xf6a64fab dd 0xd6ba41a7 dd 0xaab050ac dd 0x0a0ad3b7 dd 0xeab8eba7 dd 0xbfad5ba5 dd 0x51a7b6b6 dd 0x52b642a1 dd 0xa3a461a6 dd 0xfabfcea5 db 0xa1 db 0x43 db 0x00 ref_00463353: db 0xa4 dd 0xafd6ba6a dd 0xa8feaaab dd 0xb10a0aad dd 0x25eca86f dd 0x25cea473 dd 0x0049a173 ref_0046336c: dd 0x4fbc4fbc dd 0xe3a14fbc dd 0xfabfdfbd dd 0xdfbd49a1 dd 0x49a1fabf db 0x00 ref_00463381: db 0xb3 db 0xe1 db 0xa1 dd 0xb1fabfe3 dd 0xa146a4bc db 0x43 db 0x00 ref_0046338e: db 0xa6 db 0xb3 dd 0x70a4daa7 dd 0x49b070a4 dd 0x41a1abaf dd 0x41a760ae dd 0xc6a840a4 dd 0xa8a64cb5 db 0xa1 db 0x43 db 0x00 ref_004633ab: db 0xa4 dd 0xaf49b070 dd 0xa8feaaab dd 0xbf0a0aad dd 0x25a2a5f2 dd 0x0049a173 ref_004633c0: dd 0xa2aba2ab dd 0x49a1a2ab dd 0x4fac75af dd 0x49b06ea6 dd 0x49a1dab0 db 0x00 ref_004633d5: db 0xa4 db 0x6a db 0xb0 dd 0xaaabaf49 dd 0x0aada8fe dd 0xa5f2bf0a dd 0xa540a4a2 dd 0xa464a562 dd 0x0049a1f9 ref_004633f0: dd 0x70b9a2ab dd 0xc8a8f4b8 dd 0x0a0ae3a1 dd 0x4eb1daa7 dd 0x7ab1cfa8 dd 0x7db8a8b8 dd 0x67a4baaa dd 0xf3a761a6 dd 0x63c15ba5 dd 0x43a161ba db 0x00 ref_00463419: db 0xab db 0xa2 db 0xa1 dd 0xa1a2abe3 dd 0xa750bbe3 dd 0xa550a6da dd 0xa640a6cd dd 0x0a43a1ba dd 0xaddaa70a dd 0xb875aa6e dd 0xc37daff4 dd 0xa941a761 dd 0xb967b8d2 dd 0xa4baaa4c dd 0xa161a667 db 0x43 db 0x00 ref_0046344e: db 0xa8 db 0xfe dd 0xfea8e3a1 dd 0xb3a641a1 dd 0xb5b467a4 dd 0x5db0b3a6 dd 0xdaa70a0a dd 0x4fac4eb4 dd 0x61a667a4 dd 0xbda4bda4 dd 0x0a0a43a1 dd 0xdaa7b3a6 dd 0x41a162a6 dd 0x51b741a7 dd 0x68a66ead dd 0x67a4d6a4 dd 0x4eb461a6 dd 0x68a6b3a6 dd 0x43a1d6a4 db 0x00 ref_00463495: db 0xbc db 0x4b db 0xbc dd 0xbc4bbc4b dd 0xa14fa14b dd 0xba41a74f dd 0xa146a447 dd 0xb30a0a49 dd 0xa8daa751 dd 0xa157a46e dd 0xa741a741 dd 0xa44ab3b9 dd 0x0043a146 ref_004634c0: dd 0xe3c57325 dd 0x0a0a46c6 dd 0x5cbb5ba5 dd 0x68bc40a4 dd 0xceabd0a9 db 0xa1 db 0x49 db 0x00 ref_004634d7: db 0xa4 dd 0xc563b470 dd 0xc6e3c55d dd 0xa90a0a46 dd 0xa4b4b7ee dd 0xa968bc40 dd 0xa1ceabd0 db 0x49 db 0x00 ref_004634f2: db 0xa4 db 0x67 dd 0xbda461a6 dd 0x46c6e3c5 dd 0x6ab10a0a dd 0x67a4fba6 dd 0x49a161a6 dd 0x00000000 ref_0046350c: dd 0x40000000 ref_00463510: dd 0x40a00000 ref_00463514: dd 0xe3c57325 dd 0x0a0a46c6 dd 0xeab8eba7 dd 0xd1b1a2a5 dd 0x000049a1 dd 0x00000000 ref_0046352c: dd 0x00000000 dd 0x3fe00000 ref_00463534: dd 0xb8c043b9 dd 0xd7ab74b3 db 0x00 ref_0046353d: db 0xb0 db 0xca db 0xb5 dd 0xb54cb965 db 0x7b db 0x00 ref_00463546: db 0xad db 0xb5 dd 0x00d6bc20 ref_0046354c: dd 0xae20b5ad db 0xc4 db 0x00 ref_00463552: db 0xa6 db 0xdb dd 0x73a6cab0 db 0xc0 db 0xc9 db 0x00 ref_0046355b: db 0xbc dd 0xa62020d6 db 0xb1 db 0x00 ref_00463562: db 0xb5 db 0xf8 dd 0xa1b52020 db 0x00 ref_00463569: db 0xa4 db 0xe9 db 0xa1 dd 0xbeeba442 db 0xe4 db 0x00 ref_00463572: db 0xc1 db 0x59 dd 0x61a670a4 db 0xb9 db 0xcf db 0x00 ref_0046357b: db 0xb2 dd 0xb558a6d5 dd 0x00b1ad65 ref_00463584: dd 0xae20faa8 db 0xf8 db 0x00 ref_0046358a: db 0xbd db 0x54 dd 0x0077a920 ref_00463590: dd 0xc1b4e9a4 dd 0xefa7f3a7 db 0x00 ref_00463599: db 0xbc db 0xf6 db 0xc1 dd 0xa95db3e4 db 0x77 db 0x00 ref_004635a2: db 0xb9 db 0x43 dd 0xa1bbb8c0 db 0xa9 db 0xfa db 0x00 ref_004635ab: db 0xad dd 0xb973b7ab dd 0x00b8c043 ref_004635b4: dd 0xe9bf7bbb dd 0xb0adeba7 db 0x00 ref_004635bd: db 0xb5 db 0xb2 db 0xa7 dd 0xc043b9f4 db 0xb8 db 0x00 ref_004635c6: db 0x31 db 0x2e dd 0xdabb50ac dd 0xcab060c1 db 0xad db 0xfb db 0x00 ref_004635d3: db 0x32 dd 0xa6abad2e dd 0xc4dca85e dd 0x00f6acd8 ref_004635e0: dd 0xdab92e33 dd 0xeca5dba4 dd 0xe9b66ca8 db 0x00 ref_004635ed: db 0x34 db 0x2e db 0xa5 dd 0xacf7abb4 dd 0xa84eb1b0 db 0xd3 db 0x00 ref_004635fa: db 0x35 db 0x2e dd 0x4caaa6b7 dd 0xa1b1b7ad db 0xb5 db 0x65 db 0x00 ref_00463607: db 0x36 dd 0xbaf6ae2e dd 0xa5eba4a9 dd 0x00c9ac40 ref_00463614: dd 0xf6bc2e37 dd 0xbaaaa1b1 dd 0x5da94cae db 0x00 ref_00463621: db 0x38 db 0x2e db 0xba dd 0xac42a8a9 dd 0xa4c5aa50 db 0x55 db 0x00 ref_0046362e: db 0xb4 db 0xe5 dd 0x57a4d0bc db 0xb2 db 0xbe db 0x00 ref_00463637: db 0xb4 dd 0xa5d0bce5 dd 0x00beb26b ref_00463640: dd 0xd0bce5b4 dd 0xbeb255a4 db 0x00 ref_00463649: db 0xb4 db 0xe5 db 0xbc dd 0xb2aaa5d0 db 0xbe db 0x00 ref_00463652: db 0xbd db 0x54 dd 0xf5b077a9 db 0xa6 db 0xe6 db 0x00 ref_0046365b: db 0xa8 dd 0xabf8aefa dd 0x004fa5fc ref_00463664: dd 0xabb4c1a4 dd 0xb5b6efbf db 0x00 ref_0046366d: db 0xa4 db 0xc1 db 0xb4 dd 0xb5f8b5ab dd 0x00d5b2a1 ref_00463678: dd 0x593c4fac dd 0x003e5345 ref_00463680: dd 0x4e3c5fa7 db 0x4f db 0x3e db 0x00 ref_00463687: db 0xab dd 0xab69b665 dd 0x004fa5fc ref_00463690: dd 0xdcbeefbf dd 0x6ca4ebbb db 0xbc db 0xc6 db 0x00 ref_0046369b: db 0xaa dd 0x00aba5d1 ref_004636a0: dd 0xf6a9e6a5 db 0x00 ref_004636a5: db 0xa5 db 0x64 db 0xa4 db 0xf9 db 0x00 ref_004636aa: db 0xb9 db 0x44 db 0xa8 db 0xe3 db 0x00 ref_004636af: db 0xac dd 0x00dfb864 ref_004636b4: dd 0xcfb961a6 db 0x00 ref_004636b9: db 0xa6 db 0x61 db 0xb9 dd 0xa556a6cf dd 0xc2dbb1aa db 0xe0 db 0x00 ref_004636c6: db 0xa6 db 0x61 dd 0x56a6cfb9 dd 0xdbb16ba5 db 0xc2 db 0xe0 db 0x00 ref_004636d3: db 0xb0 dd 0x00deba55 ref_004636d8: dd 0xceb274a8 db 0x00 ref_004636dd: db 'SAVE GAME',0x00 ref_004636e7: db 'LOAD GAME',0x00 ref_004636f1: db 0xbb db 0xb2 db 0xa7 dd 0xa9a1bb55 db 0xfa db 0x00 ref_004636fa: db 0xa6 db 0x56 dd 0xabb457a4 db 0xad db 0xb6 db 0x00 ref_00463703: db 0xa6 dd 0xb455a456 dd 0x00b6adab ref_0046370c: dd 0xf4a7b2b5 dd 0xa1a67bb5 db 0x00 ref_00463715: db 0xad db 0xec db 0xa9 dd 0xa95db36c db 0x77 db 0x00 ref_0046371e: db 0xa4 db 0x40 db 0xa4 db 0xeb db 0x00 ref_00463723: db 0xa4 dd 0x00eba447 ref_00463728: dd 0xeba454a4 db 0x00 ref_0046372d: db 0xa5 db 0x7c db 0xa4 db 0xeb db 0x00 ref_00463732: db 0xa4 db 0xad db 0xa4 db 0xeb db 0x00 ref_00463737: db 0xa4 dd 0x00eba4bb ref_0046373c: dd 0xeba443a4 db 0x00 ref_00463741: db 0xa4 db 0x4b db 0xa4 db 0xeb db 0x00 ref_00463746: db 0xa4 db 0x45 db 0xa4 db 0xeb db 0x00 ref_0046374b: db 0xa4 dd 0x00eba451 ref_00463750: dd 0x40a451a4 db 0xa4 db 0xeb db 0x00 ref_00463757: db 0xa4 dd 0xa447a451 db 0xeb db 0x00 ref_0046375e: db 0xa8 db 0x74 dd 0x00ceb220 ref_00463764: db 0x72 db 0x62 db 0x00 ref_00463767: db 'RICH4.CFG',0x00 ref_00463771: db 0x77 db 0x62 db 0x00 ref_00463774: dd 0x43520000 ref_00463778: dd 0x43820000 ref_0046377c: db '%d',0x00,0x00 ref_00463780: dd 0x437a0000 ref_00463784: dd 0x47000000 ref_00463788: db '%03d',0x00 ref_0046378d: db '%02d',0x00 ref_00463792: db '%04d',0x00 ref_00463797: db 0xb1 dd 0xa849c26f dd 0xc26425e9 dd 0x00000049 ref_004637a4: db 'FLYTW.AVI',0x00 ref_004637ae: db 'FLYCHINA.AVI',0x00 ref_004637bb: db 'FLYJP.AVI',0x00 ref_004637c5: db 'FLYUS.AVI',0x00 ref_004637cf: db 'JUMP.MKF',0x00 ref_004637d8: db 'AIRPLANE.AVI',0x00,0x00,0x00,0x00 ref_004637e8: dd 0xc1b450ac db 0xa4 db 0xe9 db 0x00 ref_004637ef: db 0xac dd 0xa4c1b450 db 0x40 db 0x00 ref_004637f6: db 0xac db 0x50 dd 0x47a4c1b4 db 0x00 ref_004637fd: db 0xac db 0x50 db 0xb4 dd 0x0054a4c1 ref_00463804: dd 0xc1b450ac db 0xa5 db 0x7c db 0x00 ref_0046380b: db 0xac dd 0xa4c1b450 db 0xad db 0x00 ref_00463812: db 0xac db 0x50 dd 0xbba4c1b4 db 0x00 ref_00463819: db 0xaa db 0xc5 db 0x20 dd 0x0061a620 ref_00463820: dd 0x2020ada5 db 0xa9 db 0xd0 db 0x00 ref_00463827: db 0xa9 dd 0xe72020b1 db 0x45 db 0x00 ref_0046382e: db 0xb0 db 0xd3 dd 0xf5b32020 db 0x00 ref_00463835: db 0xb0 db 0xd3 db 0xb7 dd 0xbc6aa47e db 0xd3 db 0x00 ref_0046383e: db 0xbc db 0xaf dd 0x6aa4d1a4 db 0xbc db 0xd3 db 0x00 ref_00463847: db 0xa4 dd 0xb62020bd db 0xe9 db 0x00 ref_0046384e: db 0xae db 0xc8 dd 0x5dc02020 db 0x00 ref_00463855: db 0xc1 db 0xca db 0xaa dd 0xa4a4a4ab db 0xdf db 0x00 ref_0046385e: db 0xa5 db 0x5b dd 0xb8af6faa db 0x00 ref_00463865: db 0xac db 0xe3 db 0xa8 dd 0x00d2a973 ref_0046386c: dd 0xc5afafa2 db 0x00 ref_00463871: db 0xa4 db 0x40 db 0xaf db 0xc5 db 0x00 ref_00463876: db 0xa4 db 0x47 db 0xaf db 0xc5 db 0x00 ref_0046387b: db 0xa4 dd 0x00c5af54 ref_00463880: dd 0xc5af7ca5 db 0x00 ref_00463885: db 0xa4 db 0xad db 0xaf db 0xc5 db 0x00 ref_0046388a: db 0xb9 db 0x4c dd 0x4fb6f4b8 db 0x00 ref_00463891: db 0xa9 db 0xd0 db 0xaf dd 0x004fb6b2 ref_00463898: dd 0x6faa5ba5 db 0xb6 db 0x4f db 0x00 ref_0046389f: db 0xad dd 0xb6aea8d7 db 0x4f db 0x00 ref_004638a6: db 0xa9 db 0xb1 dd 0x4fb6b2af db 0x00 ref_004638ad: db 0xa6 db 0xed db 0xb1 dd 0x004fb64a ref_004638b4: dd 0x43b9c8ae db 0xb6 db 0x4f db 0x00 ref_004638bb: db 0xab dd 0xb649c04f db 0x4f db 0x00 ref_004638c2: db 0xb9 db 0x71 dd 0x4fb6a3b8 db 0x00 ref_004638c9: db 0xa4 db 0x75 db 0xb5 dd 0x004fb67b ref_004638d0: dd 0x4fb6f4a4 db 0x00 ref_004638d5: db 0xb9 db 0x71 db 0xb6 db 0x4f db 0x00 ref_004638da: db 0xc1 db 0xca dd 0x4fb6abaa db 0x00 ref_004638e1: db 0xb8 db 0xea db 0xaa db 0xf7 db 0x00 ref_004638e6: db 0xa6 db 0x61 db 0xb2 db 0xa3 db 0x00 ref_004638eb: db 0xaa dd 0x00bcb2d1 ref_004638f0: dd 0x4ca5e4a8 db 0x00 ref_004638f5: db 0xaa db 0xab db 0xbb dd 0xbcfcabf9 dd 0x252020c6 db 0x64 db 0x00 ref_00463902: db 0x25 db 0x64 db 0xa4 db 0xd1 db 0x00 ref_00463907: db 0x25 dd 0x00eba464 ref_0046390c: dd 0xeac273b3 db 0xa9 db 0xb1 db 0x00 ref_00463913: db 0xa1 dd 0x006425d1 ref_00463918: dd 0xd1aa6cbe dd 0x0064253a ref_00463920: dd 0x20207bb2 db 0xaa db 0xf7 db 0x00 ref_00463927: db 0xa6 dd 0xb4202073 db 0xda db 0x00 ref_0046392e: db 0xc1 db 0x60 dd 0xa3b2eab8 db 0x00 ref_00463935: db 0xa4 db 0x67 db 0x20 dd 0x0061a620 ref_0046393c: dd 0x20205db3 db 0xac db 0x49 db 0x00 ref_00463943: db 0xc1 dd 0xadaba560 db 0xc8 db 0x00 ref_0046394a: db 0xa6 db 0xa8 dd 0xbba52020 db 0x00 ref_00463951: db 0xb8 db 0x67 db 0xc0 dd 0x0076c5e7 ref_00463958: dd 0x202049c2 db 0xa8 db 0xf7 db 0x00 ref_0046395f: db 0xb6 dd 0xb4202055 db 0xda db 0x00 ref_00463966: db 0xab db 0x4f dd 0xc1b449c0 db 0x00 ref_0046396d: db 0x25 db 0x73 db 0x0a dd 0xafc9a40a dd 0xa54fb6c5 dd 0x64253ace dd 0x0a0ab8a4 dd 0x5fa74fac dd 0xc5afc9a4 db 0xa1 db 0x48 db 0x00 ref_0046398b: db 0xb1 dd 0xb2baaa7a dd 0xa4f7aa7b dd 0xa1aca8a3 db 0x49 db 0x00 ref_0046399a: db 0x25 db 0x73 dd 0xddc40a0a dd 0x50bb7325 dd 0x0a0a7325 dd 0x49a5d0bd dd 0xb8a46425 db 0x25 db 0x73 db 0x00 ref_004639b3: db 0x25 dd 0xa60a0a73 dd 0xc461a6b9 dd 0x0a7325dd dd 0xa5d0bd0a dd 0xa4642549 dd 0x007325b8 ref_004639cc: dd 0xabafbaa6 dd 0x46c6e3c5 dd 0xd1a50a0a dd 0xdfbd7325 dd 0x732576c0 db 0x00 ref_004639e1: db 0x25 db 0x73 db 0x0a dd 0xa54fb60a dd 0x64253ace dd 0x0a0ab8a4 dd 0x5fa74fac dd 0x55a452b6 dd 0x61a6b9a6 db 0xa1 db 0x48 db 0x00 ref_004639ff: db 0xa5 dd 0x25a7aef0 dd 0x0ad1a464 dd 0xa54fb60a dd 0xa46425ce dd 0x0049a1b8 ref_00463a14: dd 0xbaaa7ab1 dd 0x4fb6f8ae dd 0x42c3f7aa dd 0x0a0ab0ac dd 0x25786425 dd 0x3dbfad64 dd 0xb8a46425 db 0x00 ref_00463a31: db 0x25 db 0x73 db 0x0a dd 0xa8b3b80a dd 0x25f8aac6 dd 0xbd0a0a73 dd 0x2549a5d0 dd 0x25b8a464 db 0x73 db 0x00 ref_00463a4a: db 0x25 db 0x73 dd 0xd0bd0a0a dd 0xdcbeefbf dd 0x5ba5fdb1 dd 0x61a65cbb db 0xc2 db 0x49 db 0x00 ref_00463a5f: db 0xa4 dd 0xa5cea5a3 dd 0xa1eab058 db 0x49 db 0x00 ref_00463a6a: db 0x25 db 0x73 dd 0xb0c00a0a dd 0x732544a5 dd 0xd0bd0a0a dd 0x642549a5 dd 0x7325b8a4 db 0x00 ref_00463a81: db 0xb1 db 0x6f db 0xc2 dd 0xa2e9a849 dd 0xc2afa2b4 db 0x49 db 0x00 ref_00463a8e: db 0xb1 db 0x6f dd 0xe9a849c2 dd 0xafa2b2a2 db 0xc2 db 0x49 db 0x00 ref_00463a9b: db 0xb1 dd 0xa849c26f dd 0xa2b0a2e9 dd 0x0049c2af ref_00463aa8: dd 0xeca86fb1 dd 0x49a17325 db 0x00 ref_00463ab1: db 0xac db 0x49 db 0xb1 dd 0xa4b9b5cb dd 0x25a2a45e dd 0x00b8a464 ref_00463ac0: dd 0xbdb070a4 dd 0x6fb1bdb0 dd 0x0a0a7325 dd 0x7325b9b5 db 0xa1 db 0x49 db 0x00 ref_00463ad3: db 0xb1 dd 0xa2eca86f dd 0xa2afa2b4 dd 0xa849c2af dd 0x0049a1e9 ref_00463ae4: dd 0xfaa8bdb0 dd 0x0a0a7325 dd 0x49c26425 dd 0xe9a849c2 db 0xa1 db 0x49 db 0x00 ref_00463af7: db 0xb9 dd 0x25faa8dc dd 0xa1732573 db 0x49 db 0x00 ref_00463b02: db 0xb1 db 0x6a dd 0x6db773b5 dd 0xc8bbdcb9 dd 0x0a0ae6a6 dd 0xdab46fb1 dd 0xb8a46425 dd 0xb9b50a0a dd 0x49a17325 db 0x00 ref_00463b21: db 0xb0 db 0xc7 db 0xaf dd 0x0a7325c1 dd 0xa464250a dd 0xc54fabb8 dd 0xa14fb640 db 0x49 db 0x00 ref_00463b36: db 0xa8 db 0xfa dd 0x4cb9aba8 dd 0x4fb6f4b8 dd 0x64250a0a dd 0x49a1b8a4 db 0x00 ref_00463b49: db 0xa8 db 0xfa db 0xa8 dd 0xbed5acab dd 0x250a0a6c dd 0xa1b8a464 dd 0x00000049 dd 0x00000000 ref_00463b60: dd 0x9999999a dd 0x3fc99999 ref_00463b68: dd 0x7db67325 dd 0xb9a76fb5 dd 0x49a1a8a6 db 0x00 ref_00463b75: db 0x25 db 0x73 db 0x0a dd 0xaa43a80a dd 0xbbe2b0d1 dd 0x0a6425f9 dd 0xa74fac0a dd 0xc17bbb5f dd 0xa5d1aaca dd 0x0048a1f7 ref_00463b94: dd 0xdfb3a5ae dd 0xa8a67ab1 dd 0xb0c0b0ac dd 0x49a144a5 db 0x00 ref_00463ba5: db 0xae db 0xa5 db 0xb3 dd 0xc07ab1df dd 0xb86fb1f2 dd 0xc5e7c067 dd 0x0049a176 ref_00463bb8: dd 0xceabd0a9 dd 0xcaab64ac dd 0x0a0aa4a4 dd 0xaca64ba7 dd 0x49a17325 db 0x00 ref_00463bcd: db 0xbb db 0x50 db 0x25 dd 0xb750a673 dd 0x0aa4a4f9 dd 0xa64ba70a dd 0xa17325ac db 0x49 db 0x00 ref_00463be2: db 0xa6 db 0xba dd 0xe3c5abaf dd 0x0a0a46c6 dd 0xaca64ba7 dd 0x49a17325 db 0x00 ref_00463bf5: db 0x25 db 0x73 db 0xa6 dd 0xa44ab1ed dd 0xa70a0aa4 dd 0x25aca64b dd 0x0049a173 ref_00463c08: dd 0xf8ae7325 dd 0xa4a4a2a5 dd 0x4ba70a0a dd 0x7325aca6 db 0xa1 db 0x49 db 0x00 ref_00463c1b: db 0x25 dd 0xa8a4a773 dd 0x0aa4a463 dd 0xa64ba70a dd 0xa17325ac db 0x49 db 0x00 ref_00463c2e: db 0x25 db 0x73 dd 0x7cb0eda6 dd 0x0a0aa4a4 dd 0xaca64ba7 dd 0x49a17325 db 0x00 ref_00463c41: db 0x25 db 0x73 db 0xa5 dd 0xa476af56 dd 0xa70a0aa4 dd 0x25aca64b dd 0x0049a173 ref_00463c54: dd 0xdab97325 dd 0xa4a443b9 dd 0x4ba70a0a dd 0x7325aca6 db 0xa1 db 0x49 db 0x00 ref_00463c67: db 0xa4 dd 0xaf5db070 dd 0xc6e3c5ab dd 0x250a0a46 dd 0xa7eeb473 dd 0xa540a44b dd 0x0049a162 ref_00463c80: dd 0x5db06aa4 dd 0xe3c5abaf dd 0x0a0a46c6 dd 0x49a54ba7 dd 0x49a17325 db 0x00 ref_00463c95: db 0xa4 db 0x70 db 0xbd dd 0xc5abaf61 dd 0x0a46c6e3 dd 0xa573250a dd 0x3549a55b dd 0xa148a230 db 0x49 db 0x00 ref_00463cae: db 0xa4 db 0x6a dd 0xabaf61bd dd 0x46c6e3c5 dd 0x5ba50a0a dd 0x49a5bfad dd 0x49a17325 dd 0x00000000 ref_00463cc8: dd 0x9999999a dd 0x3fa99999 ref_00463cd0: dd 0x33333333 dd 0x3fd33333 ref_00463cd8: dd 0xdeba55b0 db 0x41 db 0x49 db 0x00 ref_00463cdf: db 0xad dd 0xa92020d3 db 0xca db 0x00 ref_00463ce6: db 0xb8 db 0xea dd 0x42b9f7aa dd 0xf1a4cea5 db 0xa8 db 0xd2 db 0x00 ref_00463cf3: db 0xa8 dd 0xa5cea5cf dd 0x00f9a464 ref_00463cfc: dd 0xcea5cfa8 dd 0xe3a844b9 db 0x00 ref_00463d05: db 0xa8 db 0xc4 db 0xc4 dd 0x005fc45f ref_00463d0c: dd 0x71b3b6b4 db 0xa4 db 0x48 db 0x00 ref_00463d13: db 0xa4 dd 0xa6d1a66a db 0x6c db 0x00 ref_00463d1a: db 0xb2 db 0x7b db 0xaa db 0xf7 db 0x00 ref_00463d1f: db 0xa6 dd 0x00dab473 ref_00463d24: dd 0xbcb2d1aa db 0x00 ref_00463d29: db 0xb8 db 0xea db 0xaa db 0xf7 db 0x00 ref_00463d2e: db 0xbd db 0x54 db 0xa9 db 0x77 db 0x00 ref_00463d33: db 0xa8 dd 0x00f8aefa ref_00463d38: dd 0x51eb851f dd 0x3fe51eb8 ref_00463d40: dd 0x00000000 dd 0x3ff80000 ref_00463d48: dd 0x00000000 dd 0x40040000 ref_00463d50: dd 0x2020fea5 db 0xb3 db 0xa1 db 0x00 ref_00463d57: db 0xa6 dd 0xb076a6ed db 0xcf db 0x00 ref_00463d5e: db 0xb0 db 0xd3 dd 0xcfb07eb7 db 0x00 ref_00463d65: db 0xa9 db 0xd0 db 0x20 dd 0x00ceab20 ref_00463d6c: dd 0xeac273b3 db 0xa9 db 0xb1 db 0x00 ref_00463d73: db 0xa6 dd 0xc2202061 db 0x49 db 0x00 ref_00463d7a: db 0xb6 db 0x7d dd 0xacaa6fb5 db 0xaa db 0x70 db 0x00 ref_00463d83: db 0xbb dd 0xae2020f9 db 0xe6 db 0x00 ref_00463d8a: db 0xa6 db 0xac dd 0x4fb62020 db 0x00 ref_00463d91: db 0xaf db 0xb2 db 0x20 dd 0x00c1b420 ref_00463d98: dd 0xa3b2eab8 dd 0xe6b34db2 db 0x00 ref_00463da1: db 0xa6 db 0x61 db 0xb2 dd 0xb34db2a3 db 0xe6 db 0x00 ref_00463daa: db 0xaa db 0xd1 dd 0x4db2bcb2 db 0xb3 db 0xe6 db 0x00 ref_00463db3: db 0xb2 dd 0xaa20207b db 0xf7 db 0x00 ref_00463dba: db 0xa6 db 0x73 dd 0xdab42020 db 0x00 ref_00463dc1: db 0xb6 db 0x55 db 0x20 dd 0x00dab420 ref_00463dc8: dd 0xeab860c1 db 0xb2 db 0xa3 db 0x00 ref_00463dcf: db 0xaa dd 0xb22020d1 db 0xbc db 0x00 ref_00463dd6: db 0xc2 db 0x49 dd 0xf7a82020 db 0x00 ref_00463ddd: db 0xab db 0x4f db 0xc0 dd 0x00c1b449 ref_00463de4: dd 0x2020f8a5 db 0xb7 db 0x7e db 0x00 ref_00463deb: db 0xa4 dd 0xa6202067 db 0x61 db 0x00 ref_00463df2: db 0xb3 db 0x5d dd 0x49ac2020 db 0x00 ref_00463df9: db 0xaa db 0xd1 db 0xb2 dd 0xba57a6bc db 0xd9 db 0x00 ref_00463e02: db 0xab db 0xf9 dd 0x69b1b3a6 db 0xbc db 0xc6 db 0x00 ref_00463e0b: db 0xc1 dd 0xaba52060 dd 0x00f9bb20 ref_00463e14: db '%02d/%d/%d',0x00 ref_00463e1f: db 0xb5 dd 0xb4adad4c db 0xc1 db 0x00 ref_00463e26: db 0x25 db 0x64 db 0xa4 db 0xd1 db 0x00 ref_00463e2b: db 0xa1 dd 0x006425d1 ref_00463e30: dd 0xeac273b3 db 0xa9 db 0xb1 db 0x00 ref_00463e37: db '%02d/%d/%d',0x00 ref_00463e42: db 0xb5 db 0x4c dd 0xc1b4adad db 0x00 ref_00463e49: db 0xaa db 0xc5 db 0x20 dd 0x0061a620 ref_00463e50: dd 0xbaaa7ab1 dd 0xf7aa7bb2 dd 0xaca8a3a4 db 0xa1 db 0x49 db 0x00 ref_00463e5f: db 0xae dd 0xb1dfb3a5 dd 0xb1f2c07a dd 0xc067b86f dd 0xa176c5e7 db 0x49 db 0x00 ref_00463e72: db 0xb9 db 0x44 dd 0xe6c4e3a8 dd 0xa1ba77a4 dd 0x4cb50a0a dd 0xcac16baa dd 0x49a152b6 db 0x00 ref_00463e89: db 0xa5 db 0x64 db 0xa4 dd 0xa4e6c4f9 dd 0x0aa1ba77 dd 0xaa4cb50a dd 0xb6cac16b dd 0x0049a152 ref_00463ea0: dd 0xe9bfd0bd dd 0xfdb14aa4 dd 0x58a5e6bd dd 0x69b1baaa db 0xbc db 0xc6 db 0x00 ref_00463eb3: db 0xbd dd 0xa4e9bfd0 dd 0xa9fdb14a dd 0xaae6bde7 dd 0xaef9bbba dd 0xa10a0ae6 dd 0xbbaba55d dd 0x2547a1f9 dd 0xa1b8a464 db 0x5e db 0x00 ref_00463ed6: db 0xa1 db 0xd1 db 0x25 db 0x64 db 0x00 ref_00463edb: db 0x25 dd 0x0069b164 ref_00463ee0: dd 0xb8a47325 db 0x00 ref_00463ee5: db 0xa6 db 0xed db 0xa6 dd 0xa6cea576 db 0x61 db 0x00 ref_00463eee: db 0xb0 db 0xd3 dd 0xcea57eb7 db 0xa6 db 0x61 db 0x00 ref_00463ef7: db 0xba dd 0xf3a5204d db 0x00 ref_00463efd: db 0xc1 db 0xca db 0x20 db 0xb6 db 0x52 db 0x00 ref_00463f03: db 0xa4 dd 0xc447a7bd dd 0xba77a4e6 dd 0xbd0a0aa1 dd 0xbafda5d0 dd 0xa1f3a54d db 0x49 db 0x00 ref_00463f1a: db 0xaa db 0xd1 dd 0x57a6bcb2 db 0xba db 0xd9 db 0x00 ref_00463f23: db 0xab dd 0xb1b3a6f9 dd 0x00c6bc69 ref_00463f2c: dd 0xa52060c1 dd 0xf9bb20ab db 0x00 ref_00463f35: db 0xc3 db 0xfe db 0xab dd 0x0047a1ac ref_00463f3c: dd 0xf9bbaba5 db 0xa1 db 0x47 db 0x00 ref_00463f43: db 0xbd dd 0xa1f9bbe6 db 0x47 db 0x00 ref_00463f4a: db 0xb1 db 0x69 dd 0x47a1c6bc db 0x00 ref_00463f51: db 0xa6 db 0x61 db 0xc2 dd 0x0047a149 ref_00463f58: dd 0xc5afa5b5 db 0xa1 db 0x47 db 0x00 ref_00463f5f: db 'EXIT',0x00 ref_00463f64: db '%.2f',0x00 ref_00463f69: db '%.1f',0x00 ref_00463f6e: db '%.0f',0x00 ref_00463f73: db '%+.2f',0x00 ref_00463f79: db '%+.1f',0x00 ref_00463f7f: db '%+.0f',0x00,0x00,0x00,0x00 ref_00463f88: dd 0x42c80000 ref_00463f8c: dd 0x40a00000 ref_00463f90: dd 0x41700000 ref_00463f94: dd 0x42480000 ref_00463f98: dd 0x43160000 ref_00463f9c: dd 0x00000000 dd 0x3fe00000 ref_00463fa4: dd 0x9999999a dd 0x3fb99999 ref_00463fac: dd 0x9999999a dd 0x3fa99999 ref_00463fb4: dd 0x47ae147b dd 0x3f847ae1 ref_00463fbc: dd 0x461c3c00 ref_00463fc0: dd 0x461c4000 ref_00463fc4: dd 0x45800800 ref_00463fc8: dd 0x44926000 ref_00463fcc: dd 0x3f000000 ref_00463fd0: dd 0x40000000 ref_00463fd4: dd 0x41000000 ref_00463fd8: dd 0x461c4000 ref_00463fdc: dd 0x33333333 dd 0x3feb3333 ref_00463fe4: dd 0x40400000 ref_00463fe8: dd 0xc1200000 ref_00463fec: dd 0x41200000 ref_00463ff0: dd 0x41700000 ref_00463ff4: dd 0x43160000 ref_00463ff8: dd 0x69b652b6 db 0x00 ref_00463ffd: db 0xbd db 0xe6 db 0xa5 db 0x58 db 0x00 ref_00464002: db 0xa4 db 0x57 dd 0xbda4aba5 dd 0xeab871a5 db 0xb0 db 0x54 db 0x00 ref_0046400f: db 0xbc dd 0xa5b1b0c8 dd 0x00f6a9e6 ref_00464018: db '%d',0x00,0x00 ref_0046401c: dd 0x42c80000 ref_00464020: dd 0x461c4000 ref_00464024: dd 0x4d12d84a dd 0x401921fb ref_0046402c: dd 0x4d12d84a dd 0x3ff921fb ref_00464034: dd 0x00000000 dd 0x40560000 ref_0046403c: dd 0x00000000 dd 0x407f6000 ref_00464044: dd 0x00000000 dd 0x403d0000 ref_0046404c: dd 0x00000000 dd 0x4076d000 ref_00464054: dd 0x00000000 dd 0x3fd00000 ref_0046405c: dd 0x3f000000 dd 0x00000000 ref_00464064: dd 0x33333333 dd 0x3fd33333 ref_0046406c: dd 0x33333333 dd 0x3fe33333 ref_00464074: dd 0x00000000 dd 0x405b4000 ref_0046407c: dd 0x42da0000 ref_00464080: dd 0x43a20000 ref_00464084: dd 0x40000000 ref_00464088: dd 0xb1b0a6ba dd 0x6baa4cb5 dd 0x69b652b6 db 0xa1 db 0x49 db 0x00 ref_00464097: db 0xb6 dd 0xb5b1b05e dd 0xbd6baa4c dd 0xa158a5e6 db 0x49 db 0x00 ref_004640a6: db 0xab db 0xf9 dd 0xd1aab3a6 dd 0xedaac6bc db 0x00 ref_004640b1: db 0xaa db 0xd1 db 0x20 dd 0xaa20f9bb db 0xed db 0x00 ref_004640ba: db 0xaa db 0xd1 dd 0x57a6bcb2 db 0xba db 0xd9 db 0x00 ref_004640c3: db 0xa6 dd 0xbbe6a5a8 db 0xf9 db 0x00 ref_004640ca: db 0xba db 0xa6 db 0xb6 db 0x5e db 0x00 ref_004640cf: db 0xa5 dd 0xb6f6a9e6 db 0x71 db 0x00 ref_004640d6: db 0xab db 0xf9 dd 0xd1aab3a6 db 0xbc db 0xc6 db 0x00 ref_004640df: db 0xa5 dd 0xa6a1a7ad dd 0x00bba5a8 ref_004640e8: dd 0xe9a4bba5 dd 0xaba5f0a5 db 0x00 ref_004640f1: db 0xab db 0x4f db 0xaf dd 0xa5d1aa64 db 0xf7 db 0x00 ref_004640fa: db 0xb2 db 0xd6 dd 0xd5ac6ebf db 0xbe db 0x6c db 0x00 ref_00464103: db 0xa5 dd 0xaceba4bb dd 0x006cbed5 ref_0046410c: dd 0xa1a7ada5 dd 0x6cbed5ac db 0x00 ref_00464115: db 0xb8 db 0x67 db 0x20 dd 0xaa20e7c0 db 0xcc db 0x00 ref_0046411e: db 0xba db 0xa6 dd 0x5eb62020 db 0x00 ref_00464125: db 0xb6 db 0x67 db 0xa7 dd 0x00f9bba1 ref_0046412c: dd 0x5eb6a6ba db 0xb4 db 0x54 db 0x00 ref_00464133: db 0xa4 dd 0xbba1a7eb db 0xf9 db 0x00 ref_0046413a: db 0xbe db 0xfa dd 0xaab076a5 db 0xbb db 0xf9 db 0x00 ref_00464143: db 0xbe dd 0xa776a5fa dd 0x00f9bb43 ref_0046414c: dd 0x7ea662a5 dd 0xd1aabaa4 dd 0xaba8f9bb dd 0x75bdd5b6 db 0xb9 db 0xcf db 0x00 ref_0046415f: db 0xab dd 0xa4d1aaf9 dd 0x00d2a8f1 ref_00464168: dd 0xaba557a4 dd 0x71a5bda4 dd 0xf5acc0a4 db 0x00 ref_00464175: db 0xa4 db 0x48 db 0xa6 db 0x57 db 0x00 ref_0046417a: db 0xa4 db 0xbd db 0xa5 db 0x71 db 0x00 ref_0046417f: db 0xac dd 0xa72020f5 db 0x51 db 0x00 ref_00464186: db 0x25 db 0x73 dd 0x52b60a0a dd 0x732569b6 dd 0x69b16425 dd 0x00000000 dd 0x00000000 ref_0046419c: dd 0x33333333 dd 0x3ff33333 ref_004641a4: dd 0x33333333 dd 0x3feb3333 ref_004641ac: dd 0x66666666 dd 0x3fe66666 ref_004641b4: dd 0x00000000 dd 0x40040000 ref_004641bc: dd 0x33333333 dd 0x3fe33333 ref_004641c4: dd 0x00000000 dd 0x3fe00000 ref_004641cc: dd 0x0a0a7325 dd 0x58a5e6bd dd 0x64257325 dd 0x000069b1 ref_004641dc: dd 0x9999999a dd 0x3ff99999 ref_004641e4: dd 0x41000000 dd 0x00000000 ref_004641ec: dd 0x00000000 dd 0x3ff40000 ref_004641f4: dd 0x40000000 ref_004641f8: dd 0xc0000000 ref_004641fc: dd 0x00000000 dd 0x3fe00000 ref_00464204: dd 0x33333333 dd 0x3fe33333 ref_0046420c: dd 0x33333333 dd 0x3ff33333 ref_00464214: dd 0xcccccccd dd 0x3ff4cccc ref_0046421c: dd 0x9999999a dd 0x3fd99999 ref_00464224: dd 0x00000000 dd 0x3ff80000 ref_0046422c: dd 0x40400000 dd 0x00000000 ref_00464234: dd 0x9999999a dd 0x3ff19999 ref_0046423c: dd 0x30303023 dd 0xa4b3a630 dd 0xa7f2bbb0 dd 0x0ae0afda dd 0x41a7b0ac dd 0xc8b041aa dd 0xdcb6baaa db 0xa1 db 0x48 db 0x00 ref_0046425b: db 0x23 dd 0x31303030 dd 0x44acd0bd dd 0x41a7efbf dd 0x6ead51b7 dd 0xb449a70a dd 0xa5baaaab dd 0xa1f9a464 db 0x43 db 0x00 ref_0046427a: db 0x23 db 0x30 dd 0xa9323030 dd 0xa170baea dd 0x41a70a49 dd 0x49c2baaa dd 0xa3a4c6bc dd 0x49a1aca8 db 0x00 ref_00464295: db 0x23 db 0x30 db 0x30 dd 0xefb93330 dd 0x5fb0a3a4 dd 0xb10a49a1 dd 0xa5baaa7a dd 0xc4f9a464 dd 0xba77a4e6 dd 0x0049a1a1 ref_004642b4: dd 0x30303023 dd 0xaa77c534 dd 0xa655a4ef dd 0xa841a6b8 dd 0x0049a1d3 ref_004642c8: dd 0x30303023 dd 0xaa77c535 dd 0xc1faa5ef dd 0x44b90a7b dd 0xb1a9e3a8 db 0xa1 db 0x49 db 0x00 ref_004642df: db 0x23 dd 0x36303030 dd 0x6ead7ab1 dd 0xabb449a7 dd 0xbbb0a40a dd 0xa844b9f2 dd 0x0048a1e3 ref_004642f8: dd 0x30303023 dd 0xa4efb937 dd 0xa15fb0a3 dd 0x7ab10a41 dd 0x49c2baaa dd 0xa3a4e9a8 dd 0x49a1f7b0 db 0x00 ref_00464315: db 0x23 db 0x30 db 0x30 dd 0xdcab3830 dd 0x70baeaa9 dd 0x7ab149a1 dd 0xb90abaaa dd 0xc4e3a844 dd 0xba77a4e6 dd 0x0049a1a1 ref_00464334: dd 0x31303023 dd 0xc1c2c130 dd 0xc566b4c2 dd 0x0049a155 ref_00464344: dd 0x30303023 dd 0xad6fb339 dd 0xa844b9d3 dd 0xad7cb7e3 dd 0x7ea40afb dd 0x49a7e0af dd 0x49a1abb4 dd 0x00000000 ref_00464364: dd 0xcccccccd dd 0x3feccccc ref_0046436c: dd 0xcccccccd dd 0x3feccccc ref_00464374: db '$%d',0x00 ref_00464378: dd 0xefaa77c5 dd 0xc6a8b3b8 dd 0xfaa5f8aa dd 0x0a0a7bc1 dd 0x7ab165b0 dd 0x49a17325 dd 0x00000000 ref_00464394: dd 0x31303023 dd 0xc5a2ab31 dd 0x0a49a16f dd 0xe9a840a4 dd 0xe2a462a6 dd 0xa70a41a1 dd 0xb5e6b1c6 dd 0xa161bd4c db 0x49 db 0x00 ref_004643b6: db 0x23 db 0x30 dd 0xa5323130 dd 0xa46ead75 dd 0xa464a440 dd 0x0a41a1b8 dd 0xb3a64eb4 dd 0x6fb1f2c0 dd 0xfabc6aa4 dd 0xbebaaa0a dd 0xa17cb7f7 db 0x49 db 0x00 ref_004643de: db 0x23 db 0x30 dd 0xbd333130 dd 0xbfe9b0d0 dd 0xaa7ab1ef dd 0xafa90aba dd 0xb9b842b9 dd 0xe3a158bd db 0x00 ref_004643f9: db 0x23 db 0x30 db 0x30 dd 0xf4ab3431 dd 0x49a1f4ab dd 0x7ab1acaf dd 0xfabca4a4 db 0xa1 db 0x49 db 0x00 ref_0046440f: db 0x23 dd 0x35313030 dd 0x69a5d3a4 dd 0x46a4a4b1 dd 0xb10a49a1 dd 0xb2baaa7a dd 0xa4f7aa7b dd 0xa1aca8a3 db 0xe3 db 0x00 ref_0046442e: db 0x23 db 0x30 dd 0xa4363130 dd 0xa6b8a655 dd 0xa7d3a841 dd 0x0049a161 ref_00464440: dd 0x31303023 dd 0xa1d9b637 dd 0x53a40a49 dd 0x46a4eca8 dd 0xeba443a8 dd 0xa451a40a dd 0xbcb9b8ad dd 0x0a7ab3d6 dd 0xfabc7db6 dd 0xa1b6c9ae db 0xa1 db 0xe3 db 0x00 ref_0046446b: db 0x23 dd 0x38313030 dd 0x62a67bb2 dd 0x57a4a8b0 dd 0x7ab1b0ac dd 0xa57db60a dd 0xa46fb358 dd 0xaac1b440 dd 0xb9b80aba dd 0x44a158bd dd 0x43a144a1 db 0x00 ref_00464495: db 0x23 db 0x30 db 0x30 dd 0xbba53931 dd 0xf7a5eba4 dd 0x6fb1baaa dd 0xac0a44a5 dd 0xa144a14f dd 0xa144a144 db 0x43 db 0x00 ref_004644b2: db 0x23 db 0x30 dd 0xae323330 dd 0xb1dfb3a5 dd 0xb157bf7a dd 0xd2a90a6f dd 0xfabcb3a6 dd 0x49a1f7aa db 0x00 ref_004644cd: db 0x23 db 0x30 db 0x30 dd 0x4f533333 dd 0xa1595252 dd 0xbba50a49 dd 0xf7a5eba4 dd 0xb3a653a8 dd 0xb10a48a4 dd 0xa1fabc6f db 0xe3 db 0x00 ref_004644ee: db 0x23 db 0x30 dd 0xbc343330 dd 0xb1f7aafa dd 0xbfd6b24e dd 0xeca80a6e dd 0xd3ad55a4 dd 0x44a1eba4 dd 0xa144a10a dd 0xa144a144 db 0x43 db 0x00 ref_00464512: db 0x23 db 0x30 dd 0xa7353330 dd 0xa4e6b1c6 dd 0x0ab8a655 dd 0xfabc6fb1 dd 0x4eb4ccaa dd 0xb14fac0a dd 0x0049a17a ref_00464530: dd 0x33303023 dd 0xb0e6a636 dd 0xa76eadca dd 0xa1e1b3d6 db 0x49 db 0x00 ref_00464542: db 0x23 db 0x30 dd 0xac303230 dd 0xb3abbff9 db 0xec db 0x00 ref_0046454e: db 0x23 db 0x30 dd 0xa8313230 dd 0xa4a9b646 dd 0x00b5b4da ref_0046455c: dd 0x32303023 dd 0xa4d4a732 dd 0x00a6add3 ref_00464568: dd 0x32303023 dd 0xa4fabf33 dd 0x0048a4d2 ref_00464574: dd 0x32303023 dd 0xa4fcaa34 dd 0x0042a767 ref_00464580: dd 0x32303023 dd 0xa9efb235 dd 0xa5bda4d4 db 0x44 db 0x00 ref_0046458e: db 0x23 db 0x30 dd 0xae363230 dd 0xc4bba563 dd 0x00c3c25f ref_0046459c: dd 0x32303023 dd 0xbf7dbf37 db 0x7d db 0x00 ref_004645a6: db 0x23 db 0x30 dd 0xaf383230 dd 0x007dab51 ref_004645b0: dd 0x32303023 dd 0xa45dae39 dd 0x00fcac70 ref_004645bc: dd 0x33303023 dd 0xa470a430 dd 0x00a7a5a6 ref_004645c8: dd 0x33303023 dd 0xa8f7aa31 dd 0x00a9a8a9 ref_004645d4: db '%02d',0x00 ref_004645d9: db 0xb2 db 0xd6 db 0xbf dd 0xaafabc6e dd 0x000000f7 ref_004645e4: dd 0x33303023 dd 0xa869b637 dd 0xaa5dc5d3 dd 0xa1ceab6b dd 0xb14eb441 dd 0xb9a70a6f dd 0xd3b7fea5 dd 0xbaaadaa7 dd 0xdca5fcab db 0xa1 db 0x49 db 0x00 ref_0046460b: db 0x23 dd 0x38333030 dd 0xefbfdaa7 dd 0xc5b258a5 dd 0xf8b158a6 dd 0xbaaaf3a5 dd 0x43a148a4 db 0x00 ref_00464625: db 0x23 db 0x30 db 0x30 dd 0x41a73933 dd 0x4da8d3a8 dd 0x4ca577a9 dd 0xbaaaccad dd 0x42b952a9 db 0xa1 db 0xe3 db 0x00 ref_0046463f: db 0x23 dd 0x30343030 dd 0xe3a14bbc dd 0xeca8fcbd dd 0x46a441a7 db 0xa1 db 0x49 db 0x00 ref_00464653: db 0x23 dd 0x31343030 dd 0x46c6d1a4 dd 0x61a646c6 dd 0x46c646c6 db 0xa1 db 0xe3 db 0x00 ref_00464667: db 0x23 dd 0x32343030 dd 0x51b741a7 dd 0xeab36ca5 dd 0xabafbaa6 dd 0xac0a41a1 dd 0xb441a7b0 dd 0xb6b3a45f dd 0x0048a1dc ref_00464688: dd 0x34303023 dd 0xad41a733 dd 0xafbaa66e dd 0xa8feaaab dd 0xbd62a6ad dd 0xa4ada8d6 dd 0x0048a157 ref_004646a4: dd 0x34303023 dd 0xc6d1a434 dd 0xa646c646 dd 0xc646c661 dd 0x00e3a146 ref_004646b8: dd 0x34303023 dd 0xa14bbc35 dd 0xaf41a749 dd 0xb7afa475 dd 0x00e3a14f ref_004646cc: dd 0x34303023 dd 0xb25db036 dd 0xa6ccb3a3 dd 0xa4baaa68 db 0x48 db 0x00 ref_004646de: db 0x23 db 0x30 dd 0xa4373430 dd 0xb361a667 dd 0xaa68a6cc dd 0x0048a4ba ref_004646f0: dd 0x34303023 dd 0xabd0a938 dd 0xa6ccb3ce dd 0xa4baaa68 db 0x48 db 0x00 ref_00464702: db 0x23 db 0x30 dd 0xb2393430 dd 0xb3f7aa7b dd 0xaa68a6cc dd 0x0048a4ba ref_00464714: dd 0x35303023 dd 0xb473a630 dd 0xa6ccb3da dd 0xa4baaa68 db 0x48 db 0x00 ref_00464726: db 0x23 db 0x30 dd 0xc2313530 dd 0xb3e9a849 dd 0xaa68a6cc dd 0x0048a4ba ref_00464738: dd 0x35303023 dd 0xb8aba832 dd 0xa4baaaf4 db 0x48 db 0x00 ref_00464746: db 0x23 db 0x30 dd 0xc3333530 dd 0xa8f7be4d dd 0xa4baaaae db 0x48 db 0x00 ref_00464756: db 0x23 db 0x30 dd 0xb6343530 dd 0xa854a87d dd 0xa4baaaae db 0x48 db 0x00 ref_00464766: db 0x23 db 0x30 dd 0xaf353530 dd 0xaafaa9ab dd 0xaaada8fe dd 0x0048a4ba ref_00464778: dd 0x35303023 dd 0xa6d2a936 dd 0xa56ba8b3 db 0xcd db 0x00 ref_00464786: db 0x23 db 0x30 dd 0xa9373530 dd 0xa4b3a6d2 dd 0x00cda56b ref_00464794: dd 0xe6bddcc5 dd 0xb3a6d2a9 dd 0xf9a464a5 db 0x00 ref_004647a1: db 0xa9 db 0xe2 db 0xa8 dd 0xb952a9fa dd 0xb154a442 db 0x69 db 0x00 ref_004647ae: db 0xa5 db 0xdf dd 0xa4a7e8a8 dd 0x54a463a8 db 0xa4 db 0xd1 db 0x00 ref_004647bb: db 0xad dd 0xb061a6ec dd 0xa464afb1 dd 0xa65ea640 db 0x58 db 0x00 ref_004647ca: db 0xa6 db 0x73 dd 0xd2a94aa4 dd 0x7bb2b3a6 db 0xaa db 0xf7 db 0x00 ref_004647d7: db 0xb4 dd 0xa561a64e dd 0xa95cbb5b dd 0x00ceabd0 ref_004647e4: dd 0x40a46fb1 dd 0x64a569b1 db 0xa4 db 0xf9 db 0x00 ref_004647ef: db 0xa6 dd 0xc2e1ab56 db 0xe0 db 0x00 ref_004647f6: db 0xc5 db 0xdc dd 0xd2a9e6bd dd 0x44b9b3a6 db 0xa8 db 0xe3 db 0x00 ref_00464803: db 0xb4 dd 0xa961a64e dd 0xa9a3b0ee dd 0x00ceabd0 ref_00464810: dd 0x7cb0eda6 dd 0x64accbc0 dd 0xd1a454a4 db 0x00 ref_0046481d: db 0xa9 db 0xe7 db 0xbd dd 0xaeedb7e6 dd 0xa667a4e6 db 0x61 db 0x00 ref_0046482a: db '%s',0x0a,0x0a,0x00 ref_0046482f: db 0xa1 dd 0xa148a148 dd 0x2e2e2e48 db 0x00 ref_00464839: db 0xb1 db 0x6f db 0xa8 dd 0xa17325ec db 0x49 db 0x00 ref_00464842: db '%s',0x0a,0x0a,'%s',0x00,0x00,0x00,0x00 ref_0046484c: dd 0x37303023 dd 0xaa77c535 dd 0xc1faa5ef dd 0x6aa40a7b dd 0xceaf49b4 dd 0xe6a6c8bb db 0xa1 db 0x49 db 0x00 ref_00464867: db 0x23 dd 0x36373030 dd 0x6eadddbb dd 0xb0acdaa7 dd 0xaa0a7ab1 dd 0xb6c8b041 dd 0x0048a1dc ref_00464880: dd 0x37303023 dd 0xaa7ab137 dd 0xb455b6ba dd 0xab42c3da dd 0xb0ac0ad7 dd 0xcaa640a4 dd 0xb8a455b8 db 0xa1 db 0x43 db 0x00 ref_0046489f: db 0x23 dd 0x38373030 dd 0xe9bfd0bd dd 0x7ab14aa4 dd 0x55b66ead dd 0xaa0adab4 dd 0xc3f7aaba dd 0x0049a142 ref_004648bc: dd 0x37303023 dd 0xaa7ab139 dd 0xb455b6ba dd 0xc4e2a4da dd 0x77a40af2 dd 0xb9a767b8 dd 0x43a1a8a6 db 0x00 ref_004648d9: db 0x23 db 0x30 db 0x30 dd 0xd0bd3038 dd 0x54a4f3a9 dd 0xeba4d3ad dd 0xc10abaa4 dd 0xb64db2d9 dd 0xa1dab455 db 0x43 db 0x00 ref_004648f6: db 0x23 db 0x30 dd 0xab313830 dd 0xbaeaa9dc dd 0x0a49a170 dd 0x42c3f7aa dd 0x57b677a4 dd 0xb30a4cb9 dd 0xc369a55c dd 0xa1d7ab42 db 0x43 db 0x00 ref_0046491a: db 0x23 db 0x30 dd 0xbd323830 dd 0xa4e9bfd0 dd 0xb97ab14a dd 0x0ac6b377 dd 0xdab4d9c1 dd 0xf7aabaaa dd 0x49a142c3 db 0x00 ref_00464939: db 0x23 db 0x30 db 0x30 dd 0xdcab3338 dd 0x70baeaa9 dd 0xb10a49a1 dd 0xb2baaa7a dd 0xa4f7aa7b dd 0xa1aca8a3 db 0x43 db 0x00 ref_00464956: db 0x23 db 0x30 dd 0xb1343830 dd 0xc1baaa7a dd 0xa4dab4d9 dd 0x0af2c4e2 dd 0xb9a777a4 dd 0x43a1a8a6 db 0x00 ref_00464971: db 0x23 db 0x30 db 0x30 dd 0xc2c13538 dd 0x7ab1c2c1 dd 0x66b4baaa dd 0x49a155c5 db 0x00 ref_00464985: db 0x23 db 0x30 db 0x30 dd 0xb3b83638 dd 0xf8aac6a8 dd 0xdba6cbbf dd 0x7bc159bb dd 0xaaa3a40a dd 0xa6b3a6be dd 0xb1fcabf3 dd 0x0048a1d0 ref_004649a8: dd 0x38303023 dd 0xbfd0bd37 dd 0xb14aa4e9 dd 0x0a6ead7a dd 0xe0c267b6 dd 0xf7aabaaa dd 0xe3a142c3 db 0x00 ref_004649c5: db 0x23 db 0x30 db 0x30 dd 0xe6a63838 dd 0x7bb2ccb8 dd 0x53a862a6 dd 0xb30ab3a6 dd 0xa6f2bb6f dd 0xaa7bb268 dd 0x0043a1f7 ref_004649e4: dd 0x38303023 dd 0xbfd0bd39 dd 0xb14aa4e9 dd 0x0a6ead7a dd 0xdab4d9c1 dd 0xf7aabaaa dd 0xe3a142c3 db 0x00 ref_00464a01: db 0x23 db 0x30 db 0x30 dd 0xb3b83039 dd 0xf8aac6a8 dd 0x4fa77ab1 dd 0xb1aa7db6 dd 0x46a4baaf db 0xa1 db 0xe3 db 0x00 ref_00464a1b: db 0x23 dd 0x31393030 dd 0xc6a8b3b8 dd 0x43baf8aa dd 0x49a1aba8 db 0x00 ref_00464a2d: db 0xb1 db 0x7a db 0xa6 dd 0xa6c8bb56 dd 0xb6c9ade6 dd 0x0abaaa55 dd 0xdab455b6 dd 0x4eb159a7 dd 0xc1b4eca8 db 0xa1 db 0x43 db 0x00 ref_00464a4b: db 0xbd dd 0xada3a4d0 dd 0xb0d1a76e dd 0xa1e1b34f db 0x49 db 0x00 ref_00464a5a: db 0xb2 db 0x7b dd 0xf7aa2020 db 0x00 ref_00464a61: db 0xa6 db 0x73 db 0x20 dd 0x00dab420 ref_00464a68: dd 0x202055b6 db 0xb4 db 0xda db 0x00 ref_00464a6f: db 0x25 dd 0x00eba464 ref_00464a74: dd 0xd9c15ab6 dd 0xe9a4dab4 dd 0xd1a46425 db 0x00 ref_00464a81: db 0xa5 db 0xd3 db 0xbd dd 0xb455b6d0 db 0xda db 0x00 ref_00464a8a: db 0xc0 db 0x76 dd 0x55b6d9c1 db 0xb4 db 0xda db 0x00 ref_00464a93: db 0xaf dd 0xbf4fa753 dd 0x00eab8c4 ref_00464a9c: dd 0xe0c267b6 dd 0xf7aa7bb2 db 0x00 ref_00464aa5: db 0xc2 db 0x6b db 0xc1 dd 0xb6dab4d9 db 0xb5 db 0x00 ref_00464aae: db 0xab db 0xc8 dd 0x73a6e1a4 dd 0x60c1dab4 db 0xc3 db 0x42 db 0x00 ref_00464abb: db 0xa5 dd 0xbf65abd8 dd 0xaaeab8c4 dd 0x0042c3f7 ref_00464ac8: dd 0x69a57ca9 dd 0xeab8c4bf dd 0x42c3f7aa db 0x00 ref_00464ad5: db 0xbb db 0xc8 db 0xa6 dd 0xb0c8bce6 dd 0xb4f1a9b1 dd 0xc10a0ada dd 0x25d1b3d9 dd 0xa1d1a464 db 0x49 db 0x00 ref_00464aee: db 0x25 db 0x73 dd 0x6ea67ab1 db 0x00 ref_00464af5: db 0x25 db 0x73 db 0x0a dd 0xc176c00a dd 0xa6c8bbd9 dd 0xb455b6e6 dd 0x250a0ada dd 0x00b8a464 ref_00464b0c: dd 0x0a0a7325 dd 0xc8bb56a6 dd 0x55b6e6a6 dd 0x0a0adab4 dd 0xb8a46425 dd 0x00000000 ref_00464b24: dd 0x9999999a dd 0x3ff19999 ref_00464b2c: dd 0xdab455b6 dd 0xc1b4eca8 dd 0x0a0ae9a4 dd 0xeea86ab1 dd 0xe6a6f5b0 db 0xa1 db 0x49 db 0x00 ref_00464b43: db 0xb6 dd 0xb455b65a dd 0xb4eca8da dd 0x0ae9a4c1 dd 0xb3d9c10a dd 0xa4b0a2d1 dd 0x0049a1d1 ref_00464b5c: dd 0x55b65ab6 dd 0xeca8dab4 dd 0xe9a4c1b4 dd 0xd9c10a0a dd 0xb1a2d1b3 dd 0x49a1d1a4 db 0x00 ref_00464b75: db 0xbb db 0xc8 db 0xa6 dd 0xaaeab8e6 dd 0xb3c7b7f7 dd 0xa40a0ac6 dd 0x25aca8a3 dd 0x0ab8a464 dd 0xb8d1a50a dd 0xaae7c067 dd 0xb97325cc dd 0xa149a5d4 db 0x49 db 0x00 ref_00464b9e: db 0xbb db 0xc8 dd 0x67b8e6a6 dd 0x76c5e7c0 dd 0x44a5f6a9 db 0xa1 db 0x49 db 0x00 ref_00464baf: db 0x25 dd 0xb10a0a73 dd 0xc0eea86a dd 0x25d9c176 dd 0x0ab8a464 dd 0xa6c8bb0a dd 0xa753afe6 dd 0xb8c4bf4f dd 0x0049a1ea ref_00464bd0: dd 0x42080000 ref_00464bd4: dd 0xe6a6c8bb dd 0xb1b0c8bc dd 0xdab4f1a9 dd 0xd9c10a0a dd 0x6425d1b3 dd 0x49a1d1a4 db 0x00 ref_00464bed: db 0xbb db 0xc8 db 0xa6 dd 0xb5daa9e6 dd 0xa8b9a9b4 dd 0xc10a0ad3 dd 0x25d1b3d9 dd 0xa1d1a464 dd 0x00000049 ref_00464c08: dd 0x42c80000 dd 0x00000000 ref_00464c10: dd 0x00000000 dd 0x3ff80000 ref_00464c18: dd 0x00000000 dd 0x3fe00000 ref_00464c20: dd 0x00000000 dd 0x3fd00000 ref_00464c28: dd 0x00000000 dd 0xbfd00000 ref_00464c30: dd 0x39303023 dd 0xbff9ac36 dd 0x00ecb3ab ref_00464c3c: dd 0x39303023 dd 0xb646a837 dd 0xb4daa4a9 db 0xb5 db 0x00 ref_00464c4a: db 0x23 db 0x30 dd 0xa7383930 dd 0xadd3a4d4 db 0xa6 db 0x00 ref_00464c56: db 0x23 db 0x30 dd 0xbf393930 dd 0xa4d2a4fa db 0x48 db 0x00 ref_00464c62: db 0x23 db 0x30 dd 0xaa303031 dd 0xa767a4fc db 0x42 db 0x00 ref_00464c6e: db 0x23 db 0x30 dd 0xb2313031 dd 0xa4d4a9ef dd 0x0044a5bd ref_00464c7c: dd 0x30313023 dd 0xa563ae32 dd 0xc25fc4bb db 0xc3 db 0x00 ref_00464c8a: db 0x23 db 0x30 dd 0xbf333031 dd 0x007dbf7d ref_00464c94: dd 0x30313023 dd 0xab51af34 db 0x7d db 0x00 ref_00464c9e: db 0x23 db 0x30 dd 0xae353031 dd 0xac70a45d db 0xfc db 0x00 ref_00464caa: db 0x23 db 0x30 dd 0xa4363031 dd 0xa5a6a470 db 0xa7 db 0x00 ref_00464cb6: db 0x23 db 0x30 dd 0xaa373031 dd 0xa8a9a8f7 db 0xa9 db 0x00 ref_00464cc2: db 0x23 db 0x30 dd 0xac303131 dd 0xb3abbff9 db 0xec db 0x00 ref_00464cce: db 0x23 db 0x30 dd 0xa8313131 dd 0xa4a9b646 dd 0x00b5b4da ref_00464cdc: dd 0x31313023 dd 0xa4d4a732 dd 0x00a6add3 ref_00464ce8: dd 0x31313023 dd 0xa4fabf33 dd 0x0048a4d2 ref_00464cf4: dd 0x31313023 dd 0xa4fcaa34 dd 0x0042a767 ref_00464d00: dd 0x31313023 dd 0xa9efb235 dd 0xa5bda4d4 db 0x44 db 0x00 ref_00464d0e: db 0x23 db 0x30 dd 0xae363131 dd 0xc4bba563 dd 0x00c3c25f ref_00464d1c: dd 0x31313023 dd 0xbf7dbf37 db 0x7d db 0x00 ref_00464d26: db 0x23 db 0x30 dd 0xaf383131 dd 0x007dab51 ref_00464d30: dd 0x31313023 dd 0xa45dae39 dd 0x00fcac70 ref_00464d3c: dd 0x32313023 dd 0xa470a430 dd 0x00a7a5a6 ref_00464d48: dd 0x32313023 dd 0xa8f7aa31 dd 0x00a9a8a9 dd 0x00000000 ref_00464d58: dd 0x9999999a dd 0x3fd99999 ref_00464d60: dd 0x39303023 dd 0xa655a632 dd 0xa4c8abec dd 0xadafa8e1 dd 0xa146a457 dd 0x53a40a49 dd 0x46a4eca8 dd 0xeba443a8 dd 0xe6a6c8bb dd 0xbab2b50a dd 0xa4baaae2 dd 0xa16ca4e9 db 0x43 db 0x00 ref_00464d92: db 0x23 db 0x30 dd 0xa4333930 dd 0xaf49b46a dd 0xa6c8bbce dd 0x0a4eb1e6 dd 0xdabedaae dd 0xbaaa7ab1 dd 0xdab473a6 dd 0xa50a41a1 dd 0xa26fb55b dd 0xa2afa2b0 dd 0xc0baaa48 dd 0xa7f7aa78 dd 0xa1a7ae51 db 0x43 db 0x00 ref_00464dca: db 0x23 db 0x30 dd 0xa5353930 dd 0xb4eba4bb dd 0xa4a1b164 dd 0xacabaa48 dd 0xa144a14f dd 0x0043a144 ref_00464de4: dd 0xfabcf2c0 dd 0x5da6ecad db 0xa1 db 0x47 db 0x00 ref_00464def: db 0xa5 dd 0xb7eba4bb dd 0xb77ea54e dd 0xa1a2a56c db 0x47 db 0x00 ref_00464dfe: db 0xa5 db 0xbb dd 0x4eb7eba4 dd 0xa7a47ea5 dd 0x47a15db0 db 0x00 ref_00464e0d: db 0xa5 db 0xbb db 0xa4 dd 0xb7cbadeb dd 0xbcd1a4b0 dd 0x0047a1c6 ref_00464e1c: dd 0xd1a46425 db 0x00 ref_00464e21: db 0x23 db 0x30 db 0x31 dd 0x4fa73830 dd 0xdfa4c7a6 dd 0x41a641a1 dd 0x6faa5ba5 dd 0x49a1e1b3 db 0x00 ref_00464e39: db 0x23 db 0x30 db 0x31 dd 0xbba53930 dd 0x61abeba4 dd 0x4fac78ad dd 0x44a144a1 db 0xa1 db 0x43 db 0x00 ref_00464e4f: db 0xb2 dd 0xa1f7aa7b db 0x47 db 0x00 ref_00464e56: db 0xa6 db 0x73 dd 0x47a1dab4 db 0x00 ref_00464e5d: db 0xc1 db 0x60 db 0xb8 dd 0xa1a3b2ea db 0x47 db 0x00 ref_00464e66: db 0x23 db 0x30 dd 0xa8323231 dd 0xa44ca5e4 dd 0xadd9c148 dd 0xf3a70a6e dd 0x4fa456a7 dd 0x49a1e1b3 dd 0x00000000 dd 0x00000000 ref_00464e88: dd 0x9999999a dd 0x3ff19999 ref_00464e90: dd 0xa7ae51a7 db 0xa1 db 0x47 db 0x00 ref_00464e97: db 0xb6 dd 0xa4dab455 dd 0x000000a4 ref_00464ea0: dd 0x9999999a dd 0x3fb99999 ref_00464ea8: dd 0x4ab1eda6 db 0xa4 db 0xa4 db 0x00 ref_00464eaf: db 0xae dd 0xa4a2a5f8 db 0xa4 db 0x00 ref_00464eb6: db 0xa7 db 0xa4 dd 0xa4a463a8 db 0x00 ref_00464ebd: db 0xa6 db 0xed db 0xb0 dd 0x00a4a47c ref_00464ec4: dd 0x76af56a5 db 0xa4 db 0xa4 db 0x00 ref_00464ecb: db 0xb9 dd 0xa443b9da db 0xa4 db 0x00 ref_00464ed2: db 0xbd db 0xe6 db 0xa4 db 0xe8 db 0x00 ref_00464ed7: db 0x23 dd 0x36333130 dd 0xdfb3a5ae dd 0xabbff9ac dd 0xcac1ecb3 dd 0xb9a66fb1 dd 0x49a161a6 db 0x00 ref_00464ef1: db 0x23 db 0x30 db 0x31 dd 0xa5ae3733 dd 0x46a8dfb3 dd 0xdaa4a9b6 dd 0xcac1b5b4 dd 0xb9a66fb1 dd 0x49a161a6 db 0x00 ref_00464f0d: db 0x23 db 0x30 db 0x31 dd 0xa5ae3833 dd 0xd4a7dfb3 dd 0xa6add3a4 dd 0x6fb1cac1 dd 0x61a6b9a6 db 0xa1 db 0x49 db 0x00 ref_00464f27: db 0x23 dd 0x39333130 dd 0xdfb3a5ae dd 0xd2a4fabf dd 0xcac148a4 dd 0xb9a66fb1 dd 0x49a161a6 db 0x00 ref_00464f41: db 0x23 db 0x30 db 0x31 dd 0xa5ae3034 dd 0xfcaadfb3 dd 0x42a767a4 dd 0x6fb1cac1 dd 0x61a6b9a6 db 0xa1 db 0x49 db 0x00 ref_00464f5b: db 0x23 dd 0x31343130 dd 0xdfb3a5ae dd 0xd4a9efb2 dd 0x44a5bda4 dd 0x6fb1cac1 dd 0x61a6b9a6 db 0xa1 db 0x49 db 0x00 ref_00464f77: db 0x23 dd 0x32343130 dd 0xdfb3a5ae dd 0xbba563ae dd 0xc3c25fc4 dd 0x6fb1cac1 dd 0x61a6b9a6 db 0xa1 db 0x49 db 0x00 ref_00464f93: db 0x23 dd 0x33343130 dd 0xdfb3a5ae dd 0x7dbf7dbf dd 0x6fb1cac1 dd 0x61a6b9a6 db 0xa1 db 0x49 db 0x00 ref_00464fab: db 0x23 dd 0x34343130 dd 0xdfb3a5ae dd 0x7dab51af dd 0x6fb1cac1 dd 0x61a6b9a6 db 0xa1 db 0x49 db 0x00 ref_00464fc3: db 0x23 dd 0x35343130 dd 0xdfb3a5ae dd 0x70a45dae dd 0xcac1fcac dd 0xb9a66fb1 dd 0x49a161a6 db 0x00 ref_00464fdd: db 0x23 db 0x30 db 0x31 dd 0xa5ae3634 dd 0x70a4dfb3 dd 0xa7a5a6a4 dd 0x6fb1cac1 dd 0x61a6b9a6 db 0xa1 db 0x49 db 0x00 ref_00464ff7: db 0x23 dd 0x37343130 dd 0xdfb3a5ae dd 0xa9a8f7aa dd 0xcac1a9a8 dd 0xb9a66fb1 dd 0x49a161a6 dd 0x00000000 ref_00465014: dd 0x46fffe00 ref_00465018: dd 0x33333333 dd 0x3fd33333 ref_00465020: dd 0x00000000 dd 0x3fe00000 ref_00465028: dd 0x40800000 ref_0046502c: dd 0x40c00000 ref_00465030: dd 0x37800000 ref_00465034: dd 0x40400000 ref_00465038: dd 0x33313023 dd 0xb6bda431 dd 0xbde7a97d dd 0xa667a4e6 dd 0xb340a461 dd 0x0043a142 ref_00465050: dd 0xb8a46425 db 0x00 ref_00465055: db 0xa2 db 0xde db 0xa2 dd 0xa2e1a2cf db 0xe1 db 0x00 ref_0046505e: db 0xa9 db 0xf1 db 0xb1 db 0xf3 db 0x00 ref_00465063: db 0x23 dd 0x38343130 dd 0x48a44cb5 dd 0xf9bb58a5 dd 0xc5ab41a1 dd 0x79ac47a7 dd 0x43a1d0bc db 0x00 ref_0046507d: db 0x23 db 0x30 db 0x31 dd 0xb3a93233 dd 0x6425f9bb dd 0xbd0ab8a4 dd 0xaa4eb7d0 dd 0xbb58a5cc dd 0x0043a1f9 ref_00465098: dd 0x33313023 dd 0xa4642535 dd 0xa5a8a6b8 db 0xe6 db 0x00 ref_004650a6: db 0xbc db 0xd0 dd 0x47a1f9bb dd 0x00000000 ref_004650b0: dd 0x3f000000 ref_004650b4: dd 0x32313023 dd 0xc1c2c134 dd 0xa141a7c2 dd 0xaf41a749 dd 0x0a4fac75 dd 0xbaaadaa7 dd 0xcda541a6 dd 0xc0a5f7a4 db 0xa1 db 0x49 db 0x00 ref_004650d7: db 0x23 dd 0x35323130 dd 0xfda5daa7 dd 0x46a4aba8 dd 0x6aa449a1 dd 0xa40aa6ae dd 0xa877bc6a dd 0xa6e9a4d3 dd 0xa1f8b341 db 0x49 db 0x00 ref_004650fa: db 0x23 db 0x30 dd 0xa4333231 dd 0xbf50b7d3 dd 0xa146a445 dd 0xa4daa749 dd 0x77a90a40 dd 0xf8b37cb7 dd 0x41a7aab5 dd 0x49a1baaa db 0x00 ref_0046511d: db 0x23 db 0x30 db 0x31 dd 0xfca83632 dd 0x49c248a4 dd 0xa7a4f4a4 dd 0x41a1a6ae dd 0xb7b2a50a dd 0xace9b4ed dd 0xb377a475 dd 0x0049a1f8 ref_00465140: dd 0xc0c44fab dd 0xc6bc49c2 db 0x00 ref_00465149: db 0x25 db 0x64 db 0xc2 db 0x49 db 0x00 ref_0046514e: db 0x23 db 0x30 dd 0xa9323030 dd 0xa170baea dd 0x41a70a49 dd 0x49c2baaa dd 0xa3a4c6bc dd 0x49a1aca8 db 0x00 ref_00465169: db 0xab db 0x4f db 0xc4 dd 0x007325c0 ref_00465170: dd 0x32313023 dd 0xa67ab137 dd 0xbd49a16e dd 0xb1ddb0d0 dd 0xb46ead7a dd 0x0ad6bdc0 dd 0x7ab2ecbf dd 0x7cb058a5 dd 0xf2c4e2a4 db 0xa1 db 0x48 db 0x00 ref_00465197: db 0x23 dd 0x38323130 dd 0x79b5d0bd dd 0x49a1e1ab db 0x00 ref_004651a5: db 0x23 db 0x30 db 0x31 dd 0xdda23932 dd 0x49a1d9a2 dd 0xbaaa7ab1 dd 0xcda442aa dd 0x67b877a4 dd 0xa569a50a dd 0xb058a548 dd 0xa146a47c db 0x49 db 0x00 ref_004651ca: db 0x23 db 0x30 dd 0xad303331 dd 0xad4fab6e dd 0xc5ada8ab dd 0xa1e1b3e9 db 0x49 db 0x00 ref_004651de: db 0x23 db 0x30 dd 0xa9323030 dd 0xa170baea dd 0x41a70a49 dd 0x49c2baaa dd 0xa3a4c6bc dd 0x49a1aca8 db 0x00 ref_004651f9: db 0xab db 0x4f db 0xc4 dd 0xbc49c2c0 db 0xc6 db 0x00 ref_00465202: db 0x25 db 0x64 db 0xc2 db 0x49 db 0x00 ref_00465207: db 0xab dd 0x25c0c44f dd 0x00000073 ref_00465210: dd 0x0a0a7325 dd 0x7ab165b0 dd 0xeab058a5 dd 0x43b9c8ae dd 0x002e2e2e ref_00465224: dd 0xbaaa7325 dd 0x5dc0c8ae dd 0xd0bd0a0a dd 0xd3a869b6 dd 0xa7aef0a5 dd 0x002e2e2e ref_0046523c: dd 0xbaaa7325 dd 0xabaacac1 dd 0xdfa4a4a4 dd 0x7ab10a0a dd 0xf8aebaaa dd 0xbfad4fb6 dd 0xb0acc6bc dd 0x002e2e2e ref_0046525c: dd 0x0a0a7325 dd 0xbaaa7ab1 dd 0x4fabeba7 dd 0xc6bcd1a4 dd 0x2e2eb0ac db 0x2e db 0x00 ref_00465272: db 0x25 db 0x73 dd 0xd0bd0a0a dd 0xd3a869b6 dd 0xa7aef0a5 dd 0x002e2e2e ref_00465284: dd 0xb8a46425 db 0x00 ref_00465289: db 0xbd db 0xd0 db 0xbf dd 0xb3dcbeef dd 0xc349ac5d dd 0x004fa7fe ref_00465298: dd 0xefbfd0bd dd 0xfdb1dcbe dd 0x6fb57db6 dd 0xe3a844b9 db 0x00 ref_004652a9: db 0x25 db 0x73 db 0xaa dd 0x0aada8fe dd 0xa956a60a dd 0xb9b3a6d2 dd 0xa6e2a4ef dd 0x2e2e2eac db 0x00 ref_004652c1: db 0x25 db 0x73 db 0xaa dd 0x0aada8fe dd 0xb165b00a dd 0x2e2e2e7a db 0x00 ref_004652d1: db 0x25 db 0x73 db 0xaa dd 0x0aada8fe dd 0xb549a50a dd 0xad43a8b9 dd 0x2e48a4d3 db 0x2e db 0x2e db 0x00 ref_004652e7: db 0x25 dd 0xa8feaa73 dd 0xb70a0aad dd 0x2ea2a56c dd 0x00002e2e ref_004652f8: dd 0x6fb16db7 dd 0xbaaa7325 dd 0x73250a0a db 0x00 ref_00465305: db 0xa8 db 0xcf db 0xa5 dd 0x007325ce ref_0046530c: dd 0xbaaa7ab1 dd 0xf7aa7bb2 dd 0xaca8a3a4 dd 0x000049a1 ref_0046531c: dd 0x40000000 ref_00465320: dd 0x40a00000 ref_00465324: dd 0x40000000 ref_00465328: dd 0x40a00000 ref_0046532c: dd 0x0a0a7325 dd 0xb3a45fb4 dd 0xcda564a5 dd 0x49a1c4ae db 0x00 ref_0046533d: db 0x25 db 0x73 db 0x0a dd 0xbaf9b60a dd 0xa564a5d7 dd 0xa1c4aecd db 0x49 db 0x00 ref_0046534e: db 0xac db 0x4f dd 0xf9b65fa7 dd 0xb9b5d7ba dd 0x48a17325 db 0x00 ref_0046535d: db 0xbd db 0xd0 db 0xbf dd 0xb6dcbeef dd 0xb9d7baf9 dd 0x2e48b6ef db 0x2e db 0x2e db 0x00 ref_0046536f: db 0xb6 dd 0xb5d7baf9 dd 0xa17325b9 dd 0x00000049 dd 0x00000000 ref_00465380: dd 0x9999999a dd 0x3fc99999 ref_00465388: dd 0x0a0a7325 dd 0x5fa74fac dd 0xcea5cfa8 dd 0x4fb64ba7 dd 0x48a164a5 db 0x00 ref_0046539d: db 0x25 db 0x73 db 0x0a dd 0xb84ba70a dd 0xa564a56f dd 0xa1c4aecd db 0x49 db 0x00 ref_004653ae: db 0xb9 db 0xef dd 0xcfa87325 dd 0x7325cea5 dd 0x000049a1 ref_004653bc: dd 0x43480000 ref_004653c0: dd 0xfaa8e2a9 dd 0x0a0a7325 dd 0xb8a46425 dd 0xf7aa7cb5 dd 0x000049a1 dd 0x00000000 ref_004653d8: dd 0x9999999a dd 0x3fc99999 ref_004653e0: dd 0x6425d1a1 db 0x00 ref_004653e5: db 0xa8 db 0xcf db 0xa5 dd 0x007325ce ref_004653ec: dd 0x64b34cb5 dd 0x73b7f4a5 db 0xbb db 0x44 db 0x00 ref_004653f7: db 0xac dd 0xa4b2a946 dd 0x0069a7bd ref_00465400: dd 0x7cb7c0aa dd 0x44bb73b7 db 0x00 ref_00465409: db 0xb8 db 0xf4 db 0xaa dd 0xbef8b370 db 0xc9 db 0x00 ref_00465412: db 0xae db 0xf0 dd 0xf8b348b6 db 0xbe db 0xc9 db 0x00 ref_0046541b: db 0xb0 dd 0xb767b85d dd 0x0044bb73 ref_00465424: dd 0x34313023 dd 0xa4bbba39 dd 0xa57da5a4 dd 0xb84cb5c7 dd 0xc47db66f db 0xc0 db 0x00 ref_0046543a: db 0x23 db 0x30 dd 0xba303531 dd 0xa5a4a4bb dd 0xa9c7a57d dd 0xa6f8aab5 dd 0x25c1b444 dd 0x00d1a464 ref_00465454: dd 0x35313023 dd 0xb0eda631 dd 0xafa4a47c dd 0xb477b166 dd 0xa565aba3 dd 0x007cb058 ref_0046546c: dd 0x35313023 dd 0xb0eda632 dd 0xafa4a47c dd 0xa977b166 dd 0xa6f8aab5 dd 0x257cb0ed dd 0x00d1a464 ref_00465488: dd 0x35313023 dd 0xac7ea533 dd 0xa748a450 dd 0xa6b4a5f0 dd 0x0079b261 ref_0046549c: dd 0x35313023 dd 0xac7ea534 dd 0xc3c7a950 dd 0xc0a7c57e dd 0x0a7325bb dd 0xb4b752ba dd 0x76bfd8ab dd 0xc9b440a4 db 0x00 ref_004654bd: db 0x23 db 0x30 db 0x31 dd 0x73253535 dd 0x69a7bda4 dd 0xf9bb61a6 dd 0xa6bad5bd dd 0xafa2b2a2 dd 0x000048a2 dd 0x00000000 ref_004654dc: dd 0xcccccccd dd 0x3ff4cccc ref_004654e4: dd 0x35313023 dd 0xb6bda436 dd 0xbde7a97d dd 0x0a7325e6 dd 0xb3a6bda4 dd 0x61a667a4 dd 0x42b340a4 db 0x00 ref_00465501: db 0x23 db 0x30 db 0x31 dd 0xbda43735 dd 0xedaa7db6 dd 0xc4b2adb4 dd 0x6aa440a4 dd 0x44a561a6 dd 0xc073250a dd 0x256fb1f2 dd 0xbcb8a464 dd 0x0079c0fa ref_00465528: dd 0x35313023 dd 0xb6bda438 dd 0xa7c9b87d dd 0xa667a455 dd 0xa4ccb361 dd 0x0accaad6 dd 0xf2c07325 dd 0x64256fb1 dd 0xc9b8b8a4 db 0xa7 db 0x55 db 0x00 ref_0046554f: db 0x23 dd 0x39353130 dd 0x7db6bda4 dd 0xadb4edaa dd 0xaba5d1aa dd 0x40a4c4b2 dd 0xe1a46aa4 dd 0xc073250a dd 0x256fb1f2 dd 0xbcb8a464 dd 0x0079c0fa ref_00465578: dd 0x36313023 dd 0xa6d2a930 dd 0xc348a4b3 dd 0xa9e6a5ba dd 0xb56fb1d2 dd 0xa2b4a27c db 0x48 db 0x00 ref_00465592: db 0x25 db 0x73 dd 0xe6a5bac3 dd 0xb8a46425 dd 0x00000000 dd 0x00000000 ref_004655a4: dd 0x9999999a dd 0x3fa99999 ref_004655ac: dd 0x36313023 dd 0xa6d2a931 dd 0xc348a4b3 dd 0xa6e6a5ba dd 0xb5f9bb61 dd 0xa2b4a27c dd 0x00000048 dd 0x00000000 ref_004655cc: dd 0x9999999a dd 0x3fa99999 ref_004655d4: dd 0x36313023 dd 0xa6d2a932 dd 0xc348a4b3 dd 0xc3e6a5ba dd 0xb5e6a5d2 dd 0xa2b4a27c dd 0x00000048 dd 0x00000000 ref_004655f4: dd 0x9999999a dd 0x3fa99999 ref_004655fc: dd 0x36313023 dd 0xa9732533 dd 0xbeceabd0 dd 0x0aadb078 dd 0xf9bb61a6 dd 0x5eb655a4 dd 0xafa2b2a2 dd 0x000048a2 ref_0046561c: dd 0x66666666 dd 0x3fe66666 ref_00465624: dd 0x36313023 dd 0xa4732534 dd 0xa542b340 dd 0xa576a6c1 dd 0xc3b5b4cb dd 0x0ab5ac7a dd 0xceabd0a9 dd 0xf5a4a2a5 db 0x00 ref_00465645: db 0x23 db 0x30 db 0x31 dd 0xa8bb3536 dd 0x53af42ab dd 0xa60af8b3 dd 0xa548a4e6 dd 0xa4a7aef0 dd 0xa65ea640 db 0x58 db 0x00 ref_00465662: db 0x23 db 0x30 dd 0xa5363631 dd 0xaa71b3e6 dd 0x0aebb6fd dd 0xaea854a8 dd 0xeea4b1b0 dd 0x5ea640a4 db 0xa6 db 0x58 db 0x00 ref_0046567f: db 0x23 dd 0x37363130 dd 0x6ab17325 dd 0x61a650af dd 0xd0a95fbe dd 0xcbadceab db 0xb6 db 0xf2 db 0x00 ref_00465697: db 0x23 dd 0x38363130 dd 0x73a47325 dd 0x7ac378ac dd 0x67a46fb5 dd 0x79ac61a6 db 0xa5 db 0xa2 db 0x00 ref_004656af: db 0x23 dd 0x39363130 dd 0xc5af57b6 dd 0xb7ade4bb dd 0xa7c549ab dd 0xa60a7325 dd 0xa942b368 dd 0xa8ceabd0 dd 0x006cb7fc ref_004656d0: dd 0x37313023 dd 0xb173c030 dd 0xabb7adb2 dd 0x25a7c549 dd 0x52ba0a73 dd 0xd0a9b4b7 dd 0x40a4ceab db 0xb4 db 0xc9 db 0x00 ref_004656ef: db 0x23 dd 0x31373130 dd 0xe6a6c8bb dd 0x49a7bdc0 dd 0xeea4b1b0 dd 0xdab4f1a9 dd 0xb4a2b0a2 db 0xa4 db 0xd1 db 0x00 ref_0046570b: db 0x23 dd 0x32373130 dd 0xe6a6c8bb dd 0x6fb55ba5 dd 0xafa2b0a2 dd 0x78c048a2 dd 0xf5acf7aa db 0xa7 db 0x51 db 0x00 ref_00465727: db 0x25 dd 0xa86fb173 dd 0xa46425ec dd 0x000000b8 ref_00465734: dd 0x9999999a dd 0x3fb99999 ref_0046573c: dd 0x37313023 dd 0xa5d1aa33 dd 0xb043a7ab dd 0xaea3a467 dd 0xaeabadb6 dd 0xbd59b1c0 db 0x4c db 0x00 ref_00465756: db 0x23 db 0x30 dd 0xaa343731 dd 0xaeaba5d1 dd 0xa6d5b6f0 dd 0xa569ad70 dd 0xa4b1adfe dd 0x00a6ba57 ref_00465770: dd 0x37313023 dd 0xa5d1aa35 dd 0xb0c8bcab dd 0xa9e6a5b1 dd 0xa2b0a2f6 dd 0x00d1a4af ref_00465788: dd 0x37313023 dd 0xaa732536 dd 0xbcbcb2d1 dd 0xa5b1b0c8 dd 0xa2f6a9e6 dd 0xa4afa2b0 db 0xd1 db 0x00 ref_004657a2: db 0x23 db 0x30 dd 0x25373731 dd 0xb2d1aa73 dd 0xb4ecabbc dd 0xa557a45f dd 0xa9e6a5ab db 0xf6 db 0x00 ref_004657ba: db 0x23 db 0x30 dd 0x25383731 dd 0xaa48b973 dd 0xb657b66b dd 0x67b80a55 dd 0xccaae7c0 dd 0xa4a77325 dd 0xb4a263a8 db 0xa4 db 0xd1 db 0x00 ref_004657db: db 0x23 dd 0x39373130 dd 0x75a47325 dd 0xc6b174bc dd 0xc3a6f1a9 dd 0xbb0af4a4 dd 0x31dab440 dd 0x30303030 db 0xa4 db 0xb8 db 0x00 ref_004657fb: db 0x23 dd 0x30383130 dd 0xfcae7325 dd 0xeba77ea5 dd 0xc00aeab8 dd 0x3251a7f2 dd 0x30303030 db 0xa4 db 0xb8 db 0x00 ref_00465817: db 0x23 dd 0x31383130 dd 0xfcae7325 dd 0xeba77ea5 dd 0xc10aeab8 dd 0x326cb7ab dd 0x30303030 db 0xa4 db 0xb8 db 0x00 ref_00465833: db 0x23 dd 0x32383130 dd 0x48b97325 dd 0x7db657b3 dd 0x73a46fb5 dd 0x61a659a9 dd 0xb440bb0a dd 0x303031da dd 0xb8a43030 db 0x00 ref_00465855: db 0x23 db 0x30 db 0x31 dd 0x73253338 dd 0x79b373bb dd 0xb5adb8be dd 0x60aebda4 dd 0xb440bb0a dd 0x303035da dd 0x00b8a430 ref_00465874: dd 0x38313023 dd 0xc0732534 dd 0xbd51a7f2 dd 0xa4aab0d5 dd 0x00bfad40 ref_00465888: dd 0x4fab7325 dd 0x0a0af6a6 dd 0xf7aafabc dd 0xbfad5ba5 db 0xa1 db 0x49 db 0x00 ref_0046589b: db 0x25 dd 0xaf40a773 dd 0xbc0a0aa9 dd 0xa7f7aafa dd 0xa16fbc40 db 0x49 db 0x00 ref_004658ae: db 0x25 db 0x73 dd 0xa9af40a7 dd 0x40bb0a0a dd 0x5ba5f7aa dd 0x49a1bfad db 0x00 ref_004658c1: db 0x25 db 0x73 db 0xab dd 0x0af6a64f dd 0xa54ba70a dd 0xaa40bb49 dd 0x0049a1f7 ref_004658d4: dd 0x40a77325 dd 0x0a0aa9af dd 0x60becbad dd 0xbfad5ba5 db 0xa1 db 0x49 db 0x00 ref_004658e7: db 0x25 dd 0xa64fab73 dd 0xb00a0af6 dd 0xa64cb96b dd 0xa154a7b9 db 0x49 db 0x00 ref_004658fa: db 0xab db 0x4f dd 0xc1b449c0 dd 0x0a0aa1b6 dd 0xeca86fb1 dd 0xdfbd7ab2 dd 0x0a0af7aa dd 0xb8a46425 db 0x00 ref_00465915: db 0x23 db 0x30 db 0x31 dd 0x6ab13538 dd 0xeea9eea8 dd 0xd0a9a3b0 dd 0x40a4ceab db 0xb4 db 0xc9 db 0x00 ref_0046592b: db 0x23 dd 0x36383130 dd 0xeea86ab1 dd 0xaca678bc dd 0x61a667a4 dd 0x42b340a4 db 0x00 ref_00465941: db 0x23 db 0x30 db 0x31 dd 0x48a43738 dd 0x51b359c0 dd 0xcea573b5 dd 0x55b65fab dd 0xb8a46425 db 0x00 ref_00465959: db 0x23 db 0x30 db 0x31 dd 0xe4a43838 dd 0xf5b8bcb2 dd 0xbb0abcb2 dd 0xa9e6a6c8 dd 0xa9b4b5da dd 0xa4d3a8b9 dd 0xa4d3ad40 db 0xeb db 0x00 ref_0046597a: db 0x23 db 0x30 dd 0xab393831 dd 0xbb4aa449 dd 0xb9e6a6c8 dd 0x0aa3b871 dd 0xcea5bfae dd 0x4ca5e4a8 dd 0x73a648a4 dd 0x6425dab4 dd 0x000048a2 ref_004659a0: dd 0x42c80000 ref_004659a4: dd 0x39313023 dd 0xa4b5a430 dd 0xa74facd1 dd 0xa4cda541 dd 0x56a60ae9 dd 0x48a443a8 dd 0xfaa8aca6 dd 0x69b140a4 dd 0xf9a464a5 db 0x00 ref_004659c9: db 0xa6 db 0x56 db 0x25 dd 0xa4aca673 dd 0xa569b140 dd 0x00f9a464 ref_004659d8: dd 0x39313023 dd 0xad6ab131 dd 0xb058a5a2 dd 0xa55bc6ea dd 0xa46425fa db 0xd1 db 0x00 ref_004659ee: db 0x23 db 0x30 dd 0xb3323931 dd 0xac7ea551 dd 0xb848a450 dd 0x255bac6a dd 0x00d1a464 ref_00465a04: dd 0x39313023 dd 0xb2d1aa33 dd 0xac48b9bc dd 0xb3e6a5f9 dd 0xa56cb7ce dd 0xb2d1aaa2 dd 0xa26425bc dd 0x00000048 ref_00465a24: dd 0x42c80000 ref_00465a28: dd 0x39313023 dd 0xbddcc534 dd 0xa6d2a9e6 dd 0xb2d1aab3 dd 0xb244a8bc db 0x7b db 0x00 ref_00465a3e: db 0x23 db 0x30 dd 0xbe353931 dd 0xb3aea8f7 dd 0xbfbdb051 dd 0x00a2a5f2 ref_00465a50: dd 0x39313023 dd 0xa854a836 dd 0xb9b2bcae dd 0xb175bd71 dd 0xb7fea5ec db 0xb4 db 0x00 ref_00465a66: db 0x23 db 0x30 dd 0xb1373931 dd 0xa469b6bc dd 0xb4beb7f4 dd 0x25e5c24e dd 0x00d1a464 ref_00465a7c: dd 0x39313023 dd 0xbe4dc338 dd 0xbaaea8f7 dd 0xa6cbb64c dd 0x257cb0ed dd 0x00d1a464 ref_00465a94: dd 0x39313023 dd 0xa4e6a639 dd 0xb6f4c248 dd 0xb8a8b056 dd 0xb440bbf4 dd 0xa46425da db 0xb8 db 0x00 ref_00465aae: db 0x23 db 0x30 dd 0xc3303032 dd 0xa8f7be4d dd 0xc0bca5ae dd 0xa577a6b9 dd 0x0a55b4fe dd 0xdab440bb dd 0xb8a46425 db 0x00 ref_00465acd: db 0x23 db 0x30 db 0x32 dd 0x54a83130 dd 0x57b6aea8 dd 0x40bb74b3 dd 0x6425dab4 db 0xa4 db 0xb8 db 0x00 ref_00465ae3: db 0x23 dd 0x32303230 dd 0xd2a9d0bd dd 0x48a4b3a6 dd 0x6aa459a6 dd 0xaa0a5cc0 dd 0x254fb6e1 dd 0x00b8a464 ref_00465b00: dd 0x30323023 dd 0xa5c3b633 dd 0xa755a9e1 dd 0xb440bba3 dd 0xa46425da db 0xb8 db 0x00 ref_00465b16: db 0x23 db 0x30 dd 0xa7343032 dd 0xa461ae41 dd 0xb6afaa70 dd 0xa46aa4c3 dd 0x0a4bab70 dd 0xdab440bb dd 0xb8a46425 db 0x00 ref_00465b35: db 0x23 db 0x30 db 0x32 dd 0x62a63530 dd 0xe4c3f4b8 dd 0xeca8dfbe dd 0xb8a46425 db 0x00 ref_00465b49: db 0x23 db 0x30 db 0x32 dd 0x62a63630 dd 0xe4c3f4b8 dd 0xeca8dfbe dd 0xb8a46425 db 0x00 ref_00465b5d: db 0x23 db 0x30 db 0x32 dd 0x62a63730 dd 0xe4c3f4b8 dd 0xeca8dfbe dd 0xb8a46425 db 0x00 ref_00465b71: db 0x23 db 0x30 db 0x32 dd 0xf2bf3830 dd 0xfabfa2a5 dd 0x6cb75da5 dd 0x6425a2a5 db 0xa4 db 0xb8 db 0x00 ref_00465b87: db 0x23 dd 0x39303230 dd 0xa2a5f2bf dd 0x5da5fabf dd 0xa2a56cb7 dd 0xb8a46425 db 0x00 ref_00465b9d: db 0x23 db 0x30 db 0x32 dd 0x4eb73031 dd 0xf2c07ea5 dd 0xf2bf6fb1 dd 0x6425a3b2 db 0xa4 db 0xb8 db 0x00 ref_00465bb3: db 0x23 dd 0x31313230 dd 0xcbad51b3 dd 0x6cb77cb7 dd 0x6425a2a5 db 0xa4 db 0xb8 db 0x00 ref_00465bc7: db 0x23 dd 0x32313230 dd 0xbcb26fb5 dd 0xfabca4a4 dd 0xb8a46425 db 0x00 ref_00465bd9: db 0x23 db 0x30 db 0x32 dd 0x6fb53331 dd 0xa4a4bcb2 dd 0x6425fabc db 0xa4 db 0xb8 db 0x00 ref_00465beb: db 0x23 dd 0x34313230 dd 0xbcb26fb5 dd 0xfabca4a4 dd 0xb8a46425 db 0x00 ref_00465bfd: db 0x23 db 0x30 db 0x32 dd 0x49a53531 dd 0x49c04fab dd 0x6425f7aa db 0xa4 db 0xb8 db 0x00 ref_00465c0f: db 0x23 dd 0x36313230 dd 0xfaa8e2bb dd 0x49c04fab dd 0x6425f7aa db 0xa4 db 0xb8 db 0x00 ref_00465c23: db 0x23 dd 0x37313230 dd 0xe6bddcc5 dd 0xb3a6d2a9 dd 0xf9a464a5 dd 0xe3a844b9 db 0x00 ref_00465c39: db 0x23 db 0x30 db 0x32 dd 0x73b03831 dd 0x6aa44bbe dd 0xb5c478be dd 0xa4a7bda7 dd 0x642563a8 db 0xa4 db 0xd1 db 0x00 ref_00465c53: db 0x23 dd 0x39313230 dd 0xaac3bea8 dd 0xc6a4b7ad dd 0x63a8a4a7 dd 0xd1a46425 db 0x00 ref_00465c69: db 0x23 db 0x30 db 0x32 dd 0xaba83032 dd 0x72ac70a8 dd 0xa4a77eab dd 0x642563a8 db 0xa4 db 0xd1 db 0x00 ref_00465c7f: db 0x23 dd 0x31323230 dd 0xe6bd63b3 dd 0xc9b86aa4 dd 0xa4a7aba9 dd 0x642563a8 db 0xa4 db 0xd1 db 0x00 ref_00465c97: db 0x23 dd 0x32323230 dd 0x4bbe73b0 dd 0x78be6aa4 dd 0xbda7b5c4 dd 0x63a8a4a7 dd 0xd1a46425 db 0x00 ref_00465cb1: db 0x23 db 0x30 db 0x32 dd 0x48b93332 dd 0x45bb6baa dd 0xdca5b3b2 dd 0xa4a7c2ab dd 0x642563a8 db 0xa4 db 0xd1 db 0x00 ref_00465ccb: db 0x23 dd 0x34323230 dd 0xb7ae79c2 dd 0x7ca84fab dd 0xabaacab0 dd 0x63a8a4a7 dd 0xd1a46425 db 0x00 ref_00465ce5: db 0x23 db 0x30 db 0x32 dd 0x73b53532 dd 0xeab0e6bd dd 0xa4a75fc4 dd 0x642563a8 db 0xa4 db 0xd1 db 0x00 ref_00465cfb: db 0x23 dd 0x36323230 dd 0x46c4a4bb dd 0xa8a6bca5 dd 0xd6a47ea6 dd 0xeba96ba4 dd 0x6425d0a7 db 0xa4 db 0xd1 db 0x00 ref_00465d17: db 0x23 dd 0x37323230 dd 0xaac3bea8 dd 0xc6a4b7ad dd 0x63a8a4a7 dd 0xd1a46425 db 0x00 ref_00465d2d: db 0x23 db 0x30 db 0x32 dd 0xaba83832 dd 0x72ac70a8 dd 0xa4a77eab dd 0x642563a8 db 0xa4 db 0xd1 db 0x00 ref_00465d43: db 0x23 dd 0x39323230 dd 0xf1a949ac dd 0xf0ae72ac dd 0x63a8a4a7 dd 0xd1a46425 db 0x00 ref_00465d59: db 0x23 db 0x30 db 0x32 dd 0x44ab3033 dd 0xf9ab6baa dd 0x6abab3a6 dd 0xa4a7f1b1 dd 0x642563a8 db 0xa4 db 0xd1 db 0x00 ref_00465d73: db 0x23 dd 0x31333230 dd 0xb4a5debc dd 0xfbadb5c4 dd 0x63a8a4a7 dd 0xd1a46425 db 0x00 ref_00465d89: db 0x23 db 0x30 db 0x32 dd 0x79c23233 dd 0x4fabb7ae dd 0xcab07ca8 dd 0xa4a7abaa dd 0x642563a8 db 0xa4 db 0xd1 db 0x00 ref_00465da3: db 0x23 dd 0x33333230 dd 0xe6bd73b5 dd 0x61aeeab0 dd 0x4bb1f7be dd 0x63a8a4a7 dd 0xd1a46425 dd 0x00000000 ref_00465dc0: dd 0xb8c043b9 dd 0x40a7debe db 0x00 ref_00465dc9: db 0xa4 db 0xe9 db 0xa1 dd 0xbeeba442 db 0xe4 db 0x00 ref_00465dd2: db 0xa6 db 0x61 dd 0xeab8a3b2 db 0xae db 0xc6 db 0x00 ref_00465ddb: db 0xa8 dd 0xb84ca5e4 dd 0x00c6aeea ref_00465de4: dd 0xf9bbabaa dd 0xc6bcfcab db 0x00 ref_00465ded: db 0xaa db 0xd1 db 0xb2 dd 0xaeeab8bc db 0xc6 db 0x00 ref_00465df6: db 0xb8 db 0xea dd 0xeab8f7aa db 0xae db 0xc6 db 0x00 ref_00465dff: db 'LOAD',0x00 ref_00465e04: db 'SAVE',0x00 ref_00465e09: db 0xa5 db 0x64 db 0xa4 db 0xf9 db 0x00 ref_00465e0e: db 0xa5 db 0xe6 db 0xa9 db 0xf6 db 0x00 ref_00465e13: db 0xa6 dd 0x00cfb961 ref_00465e18: dd 0xceb274a8 db 0x00 ref_00465e1d: db 0xaa db 0xd1 db 0xa5 db 0xab db 0x00 ref_00465e22: db 0xab db 0x65 db 0xb6 db 0x69 db 0x00 ref_00465e27: db 0xac dd 0x00dfb864 ref_00465e2c: dd 0xdeba55b0 db 0x00 ref_00465e31: db 0xb9 db 0x44 db 0xa8 db 0xe3 db 0x00 ref_00465e36: db 0xbb db 0xa1 db 0xa9 db 0xfa db 0x00 ref_00465e3b: db 0xa4 dd 0xa571a5bd dd 0x007eb7f8 ref_00465e44: dd 0x76a6eda6 dd 0x61a6cea5 db 0x00 ref_00465e4d: db 0xb0 db 0xd3 db 0xb7 dd 0xa6cea57e db 0x61 db 0x00 ref_00465e56: db 0xa4 db 0x43 dd 0xf0ae6db1 db 0xb2 db 0x79 db 0x00 ref_00465e5f: db 0xa4 dd 0x00e9b6bd ref_00465e64: dd 0x5ac3f8a5 dd 0x5fc4f5ab db 0x00 ref_00465e6d: db 0xa6 db 0xca db 0xb3 dd 0xa5bda466 db 0x71 db 0x00 ref_00465e76: db 0xa9 db 0x52 db 0xb9 db 0x42 db 0x00 ref_00465e7b: db 0xb1 dd 0xc251a46f db 0x49 db 0x00 ref_00465e82: db 0xb1 db 0x6f dd 0x51a454a4 db 0xc2 db 0x49 db 0x00 ref_00465e8b: db 0xb1 dd 0xa4ada46f dd 0x0049c251 ref_00465e94: dd 0x71b1dfb3 dd 0xb0add1a4 db 0x00 ref_00465e9d: db 0xb7 db 0x73 db 0xbb db 0x44 db 0x00 ref_00465ea2: db 0xba db 0xca db 0xba db 0xbb db 0x00 ref_00465ea7: db 0xbb dd 0x00e6a6c8 ref_00465eac: dd 0x7ab3d6bc db 0x00 ref_00465eb1: db 0xc2 db 0xe5 db 0xb0 db 0x7c db 0x00 ref_00465eb6: db 0xc5 db 0x5d dd 0xceab6baa db 0x00 ref_00465ebd: db 0xa4 db 0x5e db 0xa4 db 0xa2 db 0x00 ref_00465ec2: db 0xa4 db 0x67 dd 0xbda461a6 db 0x00 ref_00465ec9: db 0xa4 db 0x6a db 0xb0 dd 0x00abaf49 ref_00465ed0: dd 0x5db06aa4 db 0xaf db 0xab db 0x00 ref_00465ed7: db 0xa4 dd 0xafd6ba6a db 0xab db 0x00 ref_00465ede: db 0xa4 db 0x6a dd 0xabaf61bd db 0x00 ref_00465ee5: db 0xa4 db 0x70 db 0xb0 dd 0x00abaf49 ref_00465eec: dd 0x5db070a4 db 0xaf db 0xab db 0x00 ref_00465ef3: db 0xa4 dd 0x00bdb070 ref_00465ef8: dd 0xd6ba70a4 db 0xaf db 0xab db 0x00 ref_00465eff: db 0xa4 dd 0xaf61bd70 db 0xab db 0x00 ref_00465f06: db 0xa4 db 0xd1 db 0xa8 db 0xcf db 0x00 ref_00465f0b: db 0xa6 dd 0x00abafba ref_00465f10: dd 0x5daa79ac db 0x00 ref_00465f15: db 0xb1 db 0x6a db 0xb5 db 0x73 db 0x00 ref_00465f1a: db 0xb4 db 0x63 db 0xa4 db 0xfc db 0x00 ref_00465f1f: db 0xb4 dd 0x005dc563 ref_00465f24: dd 0xd2bfa1b6 db 0x00 ref_00465f29: db 0xa4 db 0xd1 db 0xa8 dd 0x0064a5cf ref_00465f30: dd 0x76af56a5 db 0xa5 db 0x64 db 0x00 ref_00465f37: db 0xa6 dd 0xa5f9b750 db 0x64 db 0x00 ref_00465f3e: db 0xa7 db 0x4b dd 0x64a54fb6 db 0x00 ref_00465f45: db 0xa7 db 0x4b db 0xb8 dd 0x0064a56f ref_00465f4c: dd 0x68b3a1a7 db 0xa5 db 0x64 db 0x00 ref_00465f53: db 0xa7 dd 0xa549b4a1 db 0x64 db 0x00 ref_00465f5a: db 0xa7 db 0xef dd 0x64a5d8ab db 0x00 ref_00465f61: db 0xa9 db 0xc7 db 0xc3 dd 0x0064a57e ref_00465f68: dd 0xe6bde7a9 db 0xa5 db 0x64 db 0x00 ref_00465f6f: db 0xa9 dd 0xa5a3b0ee db 0x64 db 0x00 ref_00465f76: db 0xac db 0x64 dd 0x64a5caab db 0x00 ref_00465f7d: db 0xac db 0x64 db 0xb5 dd 0x0064a57c ref_00465f84: dd 0x64a5f5ac db 0x00 ref_00465f89: db 0xaf db 0x51 db 0xc0 dd 0x0064a574 ref_00465f90: dd 0xabaf65b0 db 0xb2 db 0xc5 db 0x00 ref_00465f97: db 0xb0 dd 0xa564afb1 db 0x64 db 0x00 ref_00465f9e: db 0xb3 db 0xb4 dd 0x64a560ae db 0x00 ref_00465fa5: db 0xb4 db 0x5f db 0xa4 dd 0x0064a5b3 ref_00465fac: dd 0x5dc563b4 db 0xa5 db 0x64 db 0x00 ref_00465fb3: db 0xb4 dd 0xa561a6ab db 0x64 db 0x00 ref_00465fba: db 0xb4 db 0xab dd 0x64a5ceab db 0x00 ref_00465fc1: db 0xb6 db 0xc2 db 0xa5 db 0x64 db 0x00 ref_00465fc6: db 0xb6 db 0xf9 dd 0x64a5d7ba db 0x00 ref_00465fcd: db 0xb7 db 0x6d db 0xb9 dd 0x0064a5dc ref_00465fd4: dd 0x43b9dab9 db 0xa5 db 0x64 db 0x00 ref_00465fdb: db 0xba dd 0xa5f9bba6 db 0x64 db 0x00 ref_00465fe2: db 0xbd db 0xd0 dd 0xc5b2abaf db 0x00 ref_00465fe9: db 0xc1 db 0xca db 0xa6 dd 0x0064a561 ref_00465ff0: dd 0x56a6e0c2 db 0xa5 db 0x64 db 0x00 ref_00465ff7: db 0xa4 dd 0xa87bb575 db 0xae db 0x00 ref_00465ffe: db 0xa6 db 0x61 db 0xb9 db 0x70 db 0x00 ref_00466003: db 0xa8 dd 0x00aea854 ref_00466008: dd 0xc9ae77a9 dd 0x75bcb5ac db 0x00 ref_00466011: db 0xad db 0xb8 db 0xbc db 0x75 db 0x00 ref_00466016: db 0xae db 0xc9 dd 0xf7befaa5 db 0x00 ref_0046601d: db 0xae db 0xd6 db 0xa4 dd 0xbcb8ad6c db 0x75 db 0x00 ref_00466026: db 0xb6 db 0xc7 dd 0xf7be65b0 db 0x00 ref_0046602d: db 0xb8 db 0xf4 db 0xbb db 0xd9 db 0x00 ref_00466032: db 0xbb db 0xbb dd 0xebbbb1b1 db 0xa4 db 0x6c db 0x00 ref_0046603b: db 0xbe dd 0x00aea8f7 ref_00466040: dd 0xb9bef7be dd 0x48a475a4 db 0x00 ref_00466049: db 0xbe db 0xf7 db 0xbe dd 0xabbdabb9 db 0xbd db 0x00 ref_00466052: db 0xbe db 0xde dd 0xa1bb40a7 db 0xa9 db 0xfa db 0x00 ref_0046605b: db 0xb9 dd 0xb5b8c043 dd 0x00b1ad65 ref_00466064: dd 0xb8c043b9 dd 0x4fa5fcab db 0x00 ref_0046606d: db 0xa9 db 0xd0 db 0x20 dd 0xb22061a6 db 0xa3 db 0x00 ref_00466076: db 0xaf db 0x53 dd 0x61a6edae db 0xc2 db 0x49 db 0x00 ref_0046607f: db 0xaf dd 0xa4edae53 dd 0x00abaa48 ref_00466088: dd 0x202064a5 db 0xa4 db 0xf9 db 0x00 ref_0046608f: db 0xb9 dd 0xa8202044 db 0xe3 db 0x00 ref_00466096: db 'help.mkf',0x00,0x00 ref_004660a0: dd 0xfaa9d3b2 dd 0x0000e9c5 ref_004660a8: db 'SPR',0x00 ref_004660ac: db 'SMP',0x00 ref_004660b0: dd 0x7ebbf9bf db 0x00 ref_004660b5: db 0xa7 db 0xe4 db 0xa4 dd 0xa5eca8a3 dd 0xbed0bafa dd 0x0049a1f7 ref_004660c4: db 0x72 db 0x62 db 0x00 ref_004660c7: db 'DATA.MKF',0x00 ref_004660d0: db '%c:DATA.MKF',0x00,0x00 ref_004660dd: db 0xbd db 0xd0 db 0xb4 dd 0xa64aa4a1 dd 0xa4cbb877 dd 0xbafaa5f9 dd 0x0049a1d0 ref_004660f0: db '%c:OVER.AVI',0x00,0x00 ref_004660fd: db 0xbd db 0xd0 db 0xb4 dd 0xb94aa4a1 dd 0xa4b8c043 dd 0xbafaa5f9 dd 0x0049a1d0 ref_00466110: db '%s%s',0x00,0x00,0x00,0x00 ref_00466118: db 'window vfw handle %d',0x00 ref_0046612d: db 'put vfw destination at %d %d %d %d',0x00 ref_00466150: db 'play vfw window from 0 notify',0x00 ref_0046616e: db 'open avivideo!%s alias vfw',0x00 ref_00466189: db 'open avivideo!%s%s alias vfw',0x00 ref_004661a6: db 'stop vfw wait',0x00 ref_004661b4: db 'close vfw wait',0x00,0x00 ref_004661c4: dd 0x65aac8bb dd 0x4da974a8 dd 0xe9a4ada5 dd 0x73250a0a dd 0xeca86fb1 dd 0x49a17325 db 0x00 ref_004661dd: db 0xae db 0xa3 db 0xc0 dd 0xb84ab373 dd 0x250a0a60 dd 0xa86fb173 dd 0xa17325ec db 0x49 db 0x00 ref_004661f2: db 0xb0 db 0xa3 dd 0x0a0a69a4 dd 0x6fb17325 dd 0x7325eca8 db 0xa1 db 0x49 db 0x00 ref_00466203: db 0xb8 dd 0xb8cfbd74 dd 0x250a0a60 dd 0xa86fb173 dd 0xa17325ec dd 0x00000049 ref_00466218: dd 0x42040000 ref_0046621c: dd 0x42040000 ref_00466220: db 'WARNING',0x00 ref_00466228: db 'DirectSound Initial Error or SoundCard Not Found!',0x00 ref_0046625a: db 'ERROR',0x00 ref_00466260: db 'DirectSound SetCooperativeLevel Error!',0x00 ref_00466287: db 'DirectSound CreateSoundPrimaryBuffer Error!',0x00 ref_004662b3: db 'DirectSound SetFormat Error!',0x00 ref_004662d0: db 'RICH08.MID',0x00 ref_004662db: db 'RICH16.MID',0x00 ref_004662e6: db 'RICH17.MID',0x00 ref_004662f1: db 'RICH18.MID',0x00 ref_004662fc: db 'RICH19.MID',0x00 ref_00466307: db 'RICH20.MID',0x00 ref_00466312: db 'RICH21.MID',0x00 ref_0046631d: db 'RICH22.MID',0x00 ref_00466328: db 'MIDI01.MID',0x00 ref_00466333: db 'MIDI02.MID',0x00 ref_0046633e: db 'MIDI03.MID',0x00 ref_00466349: db 'MIDI04.MID',0x00 ref_00466354: db 'MIDI05.MID',0x00 ref_0046635f: db 'MIDI06.MID',0x00 ref_0046636a: db 'MIDI07.MID',0x00 ref_00466375: db 'MIDI08.MID',0x00 ref_00466380: db 'MIDI09.MID',0x00 ref_0046638b: db 'MIDI10.MID',0x00 ref_00466396: db 'MIDI11.MID',0x00 ref_004663a1: db 'MIDI12.MID',0x00 ref_004663ac: db 'MIDI13.MID',0x00 ref_004663b7: db 'MIDI14-1.MID',0x00 ref_004663c4: db 'MIDI14-2.MID',0x00 ref_004663d1: db 'MIDI15.MID',0x00 ref_004663dc: db 'MIDI16.MID',0x00 ref_004663e7: db 'open cdaudio!%s alias cdtrack wait',0x00 ref_0046640a: db 'set cdtrack time format tmsf',0x00 ref_00466427: db 'status cdtrack number of tracks',0x00 ref_00466447: db 'sequencer',0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 ref_00466458: dd 0xcccccccd dd 0x3feccccc ref_00466460: dd 0x9999999a dd 0x3fe99999 ref_00466468: dd 0x33333333 dd 0x3fe33333 ref_00466470: db 'close mid wait',0x00 ref_0046647f: db 'stop cdtrack wait',0x00 ref_00466491: db 'close cdtrack wait',0x00 ref_004664a4: db 'open sequencer!%s alias mid',0x00 ref_004664c0: db 'open sequencer!%s%s alias mid',0x00 ref_004664de: db 'play mid from 0 notify',0x00 ref_004664f5: db 'status mid position',0x00 ref_00466509: db 'stop cdtrack',0x00 ref_00466516: db 'play mid from %d notify',0x00 ref_0046652e: db 'play cdtrack notify',0x00 ref_00466542: db 'status cdtrack current track',0x00 ref_0046655f: db 'play cdtrack from 2 notify',0x00 ref_0046657a: db 'play cdtrack from %d notify',0x00 ref_00466596: db 'status mid mode',0x00 ref_004665a6: db 'playing',0x00 ref_004665ae: db 'status cdtrack mode',0x00,0x00,0x00 ref_0046662c: dd 0xbdb070a4 db 0x00 ref_00466631: db 0xb1 db 0x6a db 0xb5 db 0x73 db 0x00 ref_00466636: db 0xac db 0x79 db 0xaa db 0x5d db 0x00 ref_0046663b: db 0xb6 dd 0x00d2bfa1 ref_00466640: dd 0x5db070a4 db 0xaf db 0xab db 0x00 ref_00466647: db 0xa4 dd 0xaf5db06a db 0xab db 0x00 ref_0046664e: db 0xa4 db 0x70 dd 0xabafd6ba db 0x00 ref_00466655: db 0xa4 db 0x6a db 0xba dd 0x00abafd6 ref_0046665c: dd 0x61bd70a4 db 0xaf db 0xab db 0x00 ref_00466663: db 0xa4 dd 0xaf61bd6a db 0xab db 0x00 ref_0046666a: db 0xa4 db 0x70 dd 0xabaf49b0 db 0x00 ref_00466671: db 0xa4 db 0x6a db 0xb0 dd 0x00abaf49 ref_00466678: dd 0xcfa8d1a4 db 0x00 ref_0046667d: db 0xb4 db 0x63 db 0xc5 db 0x5d db 0x00 ref_00466682: db 0xb4 db 0x63 db 0xa4 db 0xfc db 0x00 ref_00466687: db 0xa4 dd 0xa461a667 db 0xbd db 0x00 ref_0046668e: db 0xc2 db 0xa7 db 0xaa db 0xab db 0x00 ref_00466693: db 0xc4 dd 0x0063bd5f ref_00466698: dd 0xabafbaa6 db 0x00 ref_0046669d: db 0xb8 db 0xf4 db 0xbb db 0xd9 db 0x00 ref_004666a2: db 0xa6 db 0x61 db 0xb9 db 0x70 db 0x00 ref_004666a7: db 0xa9 dd 0xacc9ae77 dd 0x0075bcb5 ref_004666b0: db 0x42 db 0x53 db 0x00 ref_004666b3: db 'TAB',0x00 ref_004666b7: db 'ENTER',0x00 ref_004666bd: db 'CTRL-',0x00 ref_004666c3: db 'ESC',0x00 ref_004666c7: db 'SPACE',0x00 ref_004666cd: db 'PG UP',0x00 ref_004666d3: db 'PG DN',0x00 ref_004666d9: db 'END',0x00 ref_004666dd: db 'HOME',0x00 ref_004666e2: db 0xa1 db 0xf6 db 0x00 ref_004666e5: db 0xa1 db 0xf4 db 0x00 ref_004666e8: db 0xa1 db 0xf7 db 0x00 ref_004666eb: db 0xa1 db 0xf5 db 0x00 ref_004666ee: db 'INS',0x00 ref_004666f2: db 0x30 db 0x00 ref_004666f4: db 0x31 db 0x00 ref_004666f6: db 0x32 db 0x00 ref_004666f8: db 0x33 db 0x00 ref_004666fa: db 0x34 db 0x00 ref_004666fc: db 0x35 db 0x00 ref_004666fe: db 0x36 db 0x00 ref_00466700: db 0x37 db 0x00 ref_00466702: db 0x38 db 0x00 ref_00466704: db 0x39 db 0x00 ref_00466706: db 0x41 db 0x00 ref_00466708: db 0x42 db 0x00 ref_0046670a: db 0x43 db 0x00 ref_0046670c: db 0x44 db 0x00 ref_0046670e: db 0x45 db 0x00 ref_00466710: db 0x46 db 0x00 ref_00466712: db 0x47 db 0x00 ref_00466714: db 0x48 db 0x00 ref_00466716: db 0x49 db 0x00 ref_00466718: db 0x4a db 0x00 ref_0046671a: db 0x4b db 0x00 ref_0046671c: db 0x4c db 0x00 ref_0046671e: db 0x4d db 0x00 ref_00466720: db 0x4e db 0x00 ref_00466722: db 0x4f db 0x00 ref_00466724: db 0x50 db 0x00 ref_00466726: db 0x51 db 0x00 ref_00466728: db 0x52 db 0x00 ref_0046672a: db 0x53 db 0x00 ref_0046672c: db 0x54 db 0x00 ref_0046672e: db 0x55 db 0x00 ref_00466730: db 0x56 db 0x00 ref_00466732: db 0x57 db 0x00 ref_00466734: db 0x58 db 0x00 ref_00466736: db 0x59 db 0x00 ref_00466738: db 0x5a db 0x00 ref_0046673a: db 0x2a db 0x00 ref_0046673c: db 0x2b db 0x00 ref_0046673e: db 0x2d db 0x00 ref_00466740: db 0x2f db 0x00 ref_00466742: db 0x46 db 0x31 db 0x00 ref_00466745: db 0x46 db 0x32 db 0x00 ref_00466748: db 0x46 db 0x33 db 0x00 ref_0046674b: db 0x46 db 0x34 db 0x00 ref_0046674e: db 0x46 db 0x35 db 0x00 ref_00466751: db 0x46 db 0x36 db 0x00 ref_00466754: db 0x46 db 0x37 db 0x00 ref_00466757: db 0x46 db 0x38 db 0x00 ref_0046675a: db 0x46 db 0x39 db 0x00 ref_0046675d: db 'F10',0x00 ref_00466761: db 'F11',0x00 ref_00466765: db 'F12',0x00 ref_00466769: db 0x3b db 0x00 ref_0046676b: db 0x3d db 0x00 ref_0046676d: db 0x3c db 0x00 ref_0046676f: db 0x3e db 0x00 ref_00466771: db 0x3f db 0x00 ref_00466773: db 0x7e db 0x00 ref_00466775: db 0x5b db 0x00 ref_00466777: db 0x5c db 0x00 ref_00466779: db 0x5d db 0x00 ref_0046677b: db 0x27 db 0x00 ref_00466ac2: db 0xa7 db 0xa1 dd 0x64a549b4 db 0x00 ref_00466ac9: db 0xa7 db 0xa1 db 0xb3 dd 0x0064a568 ref_00466ad0: dd 0x61a6cac1 db 0xa5 db 0x64 db 0x00 ref_00466ad7: db 0xb4 dd 0xa561a6ab db 0x64 db 0x00 ref_00466ade: db 0xb4 db 0xab dd 0x64a5ceab db 0x00 ref_00466ae5: db 0xc2 db 0xe0 db 0xa6 dd 0x0064a556 ref_00466aec: dd 0xd8abefa7 db 0xa5 db 0x64 db 0x00 ref_00466af3: db 0xa9 dd 0xa5e6bde7 db 0x64 db 0x00 ref_00466afa: db 0xa4 db 0xd1 dd 0x64a5cfa8 db 0x00 ref_00466b01: db 0xb4 db 0x63 db 0xc5 dd 0x0064a55d ref_00466b08: dd 0x7ec3c7a9 db 0xa5 db 0x64 db 0x00 ref_00466b0f: db 0xa9 dd 0xa5a3b0ee db 0x64 db 0x00 ref_00466b16: db 0xb7 db 0x6d dd 0x64a5dcb9 db 0x00 ref_00466b1d: db 0xb0 db 0xb1 db 0xaf dd 0x0064a564 ref_00466b24: dd 0x76af56a5 db 0xa5 db 0x64 db 0x00 ref_00466b2b: db 0xb9 dd 0xa543b9da db 0x64 db 0x00 ref_00466b32: db 0xb3 db 0xb4 dd 0x64a560ae db 0x00 ref_00466b39: db 0xb4 db 0x5f db 0xa4 dd 0x0064a5b3 ref_00466b40: dd 0xd7baf9b6 db 0xa5 db 0x64 db 0x00 ref_00466b47: db 0xa7 dd 0xa54fb64b db 0x64 db 0x00 ref_00466b4e: db 0xa7 db 0x4b dd 0x64a56fb8 db 0x00 ref_00466b55: db 0xb0 db 0x65 db 0xaf dd 0x00c5b2ab ref_00466b5c: dd 0xabafd0bd db 0xb2 db 0xc5 db 0x00 ref_00466b63: db 0xac dd 0x0064a5f5 ref_00466b68: dd 0x64a5c2b6 db 0x00 ref_00466b6d: db 0xac db 0x64 db 0xb5 dd 0x0064a57c ref_00466b74: dd 0xf9bba6ba db 0xa5 db 0x64 db 0x00 ref_00466b7b: db 0xac dd 0xa5caab64 db 0x64 db 0x00 ref_00466b82: db 0xa6 db 0x50 dd 0x64a5f9b7 db 0x00 ref_00466b89: db 0xaf db 0x51 db 0xc0 dd 0x0064a574 ref_00466b90: dd 0xb9bef7be dd 0xbdabbdab db 0x00 ref_00466b99: db 0xbe db 0xf7 db 0xa8 db 0xae db 0x00 ref_00466b9e: db 0xa8 db 0x54 db 0xa8 db 0xae db 0x00 ref_00466ba3: db 0xad dd 0x0075bcb8 ref_00466ba8: dd 0xb1b1bbbb dd 0x6ca4ebbb db 0x00 ref_00466bb1: db 0xbe db 0xf7 db 0xbe dd 0xa475a4b9 db 0x48 db 0x00 ref_00466bba: db 0xae db 0xc9 dd 0xf7befaa5 db 0x00 ref_00466bc1: db 0xb6 db 0xc7 db 0xb0 dd 0x00f7be65 ref_00466bc8: dd 0x7bb575a4 db 0xa8 db 0xae db 0x00 ref_00466bcf: db 0xae dd 0xad6ca4d6 dd 0x0075bcb8 ref_00466bd8: dd 0x35303123 dd 0xa74fa730 dd 0xa7aaa7d2 dd 0x0049a1da ref_00466be8: dd 0x35303123 dd 0xb945c231 dd 0xc0edb742 dd 0x0049a159 ref_00466bf8: dd 0x35303123 dd 0xae42b932 dd 0xaea3a4f0 dd 0x0049a174 ref_00466c08: dd 0x35303123 dd 0xbadaa733 dd 0x0046a447 ref_00466c14: dd 0x35303123 dd 0xcbfcad34 dd 0xa7deb3e7 db 0x72 db 0x00 ref_00466c22: db 0x23 db 0x31 dd 0xa6353530 dd 0xa4a3a4ba dd 0xaa48a446 db 0xba db 0x00 ref_00466c32: db 0x23 db 0x31 dd 0xb3363530 dd 0xa74fac6f dd 0xb1b3c0da dd 0xa1baaa6f db 0x49 db 0x00 ref_00466c46: db 0x23 db 0x31 dd 0xa7373530 dd 0xa54facda dd 0xad79b2fe dd 0x0049b4ba ref_00466c58: dd 0x35303123 dd 0xc0c7c338 dd 0xa770a459 dd 0x00e3a151 ref_00466c68: dd 0x35303123 dd 0xa5d1a639 dd 0xa7a3b3bb dd 0xa453a8d6 dd 0x00e3a146 ref_00466c7c: dd 0x36303123 dd 0xa875af30 dd 0xa47da853 dd 0x0049a1df ref_00466c8c: dd 0x36303123 dd 0xa5b3ae31 dd 0xa1d5b068 dd 0xa3a40a41 dd 0xe4a7cea5 dd 0xe3a146a4 db 0x00 ref_00466ca5: db 0x23 db 0x31 db 0x30 dd 0x57a43236 dd 0x4fabd2ab dd 0xe3a1f6a6 db 0x00 ref_00466cb5: db 0x23 db 0x31 db 0x30 dd 0x43ad3336 dd 0x4fab71bf db 0xa6 db 0xf6 db 0x00 ref_00466cc3: db '#1064letitbe',0x00 ref_00466cd0: dd 0x36303123 dd 0xafdaa735 dd 0xaad8a875 dd 0xa4dba641 db 0x76 db 0x00 ref_00466ce2: db 0x23 db 0x31 dd 0xa7363630 dd 0xad4facda dd 0xa66aa4d3 dd 0x0044a561 ref_00466cf4: dd 0x36303123 dd 0xaddaa737 dd 0xc5d9ba6e dd 0xa440a451 dd 0x0046a4e8 ref_00466d08: dd 0x36303123 dd 0xa753a538 dd 0x0a41a1cc dd 0x4fb0daa7 dd 0x41a7eda6 db 0xa4 db 0x46 db 0x00 ref_00466d1f: db 0x23 dd 0x39363031 dd 0xdaa7f1a9 dd 0x68a558a5 db 0xa1 db 0x49 db 0x00 ref_00466d2f: db 0x23 dd 0x30373031 dd 0xa3a4daa7 dd 0xb4a56ead dd 0x49a177b0 db 0xa1 db 0x49 db 0x00 ref_00466d43: db 0x23 dd 0x31373031 dd 0x6eada3a4 dd 0xe3a16ea7 db 0xa1 db 0xe3 db 0x00 ref_00466d53: db 0x23 dd 0x32373031 dd 0x78be4fa7 dd 0x49a146a4 db 0x00 ref_00466d61: db 0x23 db 0x31 db 0x30 dd 0x40a43337 dd 0x63b4f5b3 dd 0xe3a1dab9 db 0x00 ref_00466d71: db 0x23 db 0x31 db 0x30 dd 0xa2ab3437 dd 0x49a1a2ab dd 0xa7d3b30a dd 0xac60c151 dd 0x0a62a64f dd 0x71b8bfa5 dd 0x40a4baaa dd 0x49a1e8a4 db 0x00 ref_00466d95: db 0x23 db 0x31 db 0x30 dd 0xa3a43537 dd 0x4fac4cb9 dd 0xae42b90a dd 0xa474aef0 dd 0xa149c246 db 0xe3 db 0x00 ref_00466dae: db 0x23 db 0x31 dd 0xa7363730 dd 0xa66eadda dd 0xa6b5b141 dd 0xa179c041 dd 0xc3a50a41 dd 0xbdaab9a9 dd 0x49a165ab db 0x00 ref_00466dcd: db 0x23 db 0x31 db 0x30 dd 0xfcaa3737 dd 0x75afd4a9 dd 0x49a144a5 dd 0xc6daa70a dd 0xa7fcac67 dd 0x0049a141 ref_00466de8: dd 0x37303123 dd 0xc150b738 dd 0xa9fcaac2 dd 0x0049a1d4 ref_00466df8: dd 0x37303123 dd 0xae42b939 dd 0xa66ea6f0 dd 0xb077a4d3 dd 0x00e3a1d5 ref_00466e0c: dd 0x38303123 dd 0xa1484f30 dd 0xa14f4ee3 db 0x49 db 0x00 ref_00466e1a: db 0x23 db 0x31 dd 0xa4313830 dd 0xaaeeb4f1 dd 0xf3a70ace dd 0xdaa7fdc5 dd 0x57ad68b5 dd 0x49a149a1 db 0x00 ref_00466e35: db 0x23 db 0x31 db 0x30 dd 0x48a43238 dd 0xa3a4cda5 dd 0x4eb770a6 dd 0xa651a40a dd 0xa44ba4b3 dd 0x00e3a145 ref_00466e50: dd 0x38303123 dd 0xa1fea833 dd 0x4fa70ae3 dd 0xaaa7d2a7 dd 0xdab0daa7 db 0xa1 db 0x49 db 0x00 ref_00466e67: db 0x23 dd 0x34383031 dd 0x69a5daa7 dd 0xbfa54fac dd 0xedb7bfa5 dd 0xaa0aedb7 dd 0xbfc8c1ba dd 0xa1e1b3fa db 0x49 db 0x00 ref_00466e86: db 0x23 db 0x31 dd 0xb6353830 dd 0x0ae3a1e2 dd 0x46a845bb dd 0xf0b6a8a6 db 0xa1 db 0x49 db 0x00 ref_00466e9b: db 0x23 dd 0x36383031 dd 0xbaaadaa7 dd 0xa6c5dfa4 dd 0xad0a66af dd 0xa76fb56e dd 0xa146a440 db 0xe3 db 0x00 ref_00466eb6: db 0x23 db 0x31 dd 0xa7373830 dd 0xa77cb7da dd 0x0aa6a5e2 dd 0x5ea6c8c1 dd 0xbaaad3a8 dd 0x49a149a1 db 0x00 ref_00466ed1: db 0x23 db 0x31 db 0x30 dd 0x75af3838 dd 0xa3a4cbb1 dd 0x49a16fb1 db 0x00 ref_00466ee1: db 0x23 db 0x31 db 0x30 dd 0xd3b83938 dd 0xbaaa41a7 dd 0xacd9c10a dd 0xb57cb74f dd 0xaa41a7b9 dd 0x0049a1ba ref_00466efc: dd 0x39303123 dd 0xa8c8c130 dd 0xa146a4ec db 0x49 db 0x00 ref_00466f0a: db 0x23 db 0x31 dd 0xaf313930 dd 0xabd9ace0 dd 0xa1d9ac68 db 0x43 db 0x00 ref_00466f1a: db 0x23 db 0x31 dd 0xa4323930 dd 0xa761ae6a dd 0x0ab4a54f dd 0xc9b46fb3 dd 0x6ca4d0a9 dd 0xa5baaa0a dd 0xb34eb744 dd 0x0049a1e1 ref_00466f3c: dd 0x39303123 dd 0xa769a533 dd 0xacb4b24f dd 0xa1feadf5 db 0xe3 db 0x00 ref_00466f4e: db 0x23 db 0x31 dd 0xb8343930 dd 0xa77dbc72 dd 0xa149a161 db 0x49 db 0x00 ref_00466f5e: db 0x23 db 0x31 dd 0xa7353930 dd 0xbbe7abda dd 0x0a7cb7f2 dd 0x62a6e2ae dd 0xe2a441a7 dd 0x48a157a4 db 0x00 ref_00466f79: db 0x23 db 0x31 db 0x30 dd 0xd9c13639 dd 0x58b4d1b3 dd 0x48a1d1a4 db 0x00 ref_00466f89: db 0x23 db 0x31 db 0x30 dd 0xdaa73739 dd 0x53af6ead dd 0xddac4fa7 dd 0x49a140c5 db 0x00 ref_00466f9d: db 0x23 db 0x31 db 0x30 dd 0x49a93839 dd 0x49a950c2 dd 0xe3a150c2 db 0x00 ref_00466fad: db 0x23 db 0x31 db 0x30 dd 0xdaa73939 dd 0xa3a449ad dd 0x41a7cab0 dd 0x49a149a1 db 0x00 ref_00466fc1: db 0x23 db 0x31 db 0x31 dd 0xd6b23030 dd 0xd7b2d8c2 dd 0xaba8f3a9 dd 0xe3a146a4 db 0x00 ref_00466fd5: db 0x23 db 0x31 db 0x31 dd 0xdaa73130 dd 0x49a5baaa dd 0xb20a58a5 dd 0xb1f3a9d7 dd 0xa6eca86f dd 0xa1f8b35e db 0x49 db 0x00 ref_00466ff2: db 0x23 db 0x31 dd 0xb3323031 dd 0xbbe7ab6f dd 0xaf69a5f2 dd 0xa148a1e0 db 0x49 db 0x00 ref_00467006: db 0x23 db 0x31 dd 0xa7333031 dd 0xaa6eadda dd 0xa673a446 dd 0xa15fb041 db 0x49 db 0x00 ref_0046701a: db 0x23 db 0x31 dd 0xa4343031 dd 0xa44ea66a dd 0xa151a76a db 0x49 db 0x00 ref_0046702a: db 0x23 db 0x31 dd 0xa4353031 dd 0xbdd3b85d dd 0xa7eca8fc dd 0xa146a4da db 0x49 db 0x00 ref_0046703e: db 0x23 db 0x31 dd 0xa4363031 dd 0xbf50b7d3 dd 0xa146a445 db 0x49 db 0x00 ref_0046704e: db 0x23 db 0x31 dd 0xa4373031 dd 0xa760a4d1 dd 0xa15da4da db 0xe3 db 0x00 ref_0046705e: db 0x23 db 0x31 dd 0xad383031 dd 0xb2efb9b1 dd 0xa7eab97b dd 0x00e3a161 ref_00467070: dd 0x30313123 dd 0xa4b0ac39 dd 0x0af2bbb0 dd 0x6fb36ead dd 0xefb9cbbc dd 0x48a1daa7 db 0x00 ref_00467089: db 0x23 db 0x31 db 0x31 dd 0xfabf3031 dd 0x68a6daa7 dd 0x4facbaaa db 0xa1 db 0x49 db 0x00 ref_0046709b: db 0x23 dd 0x31313131 dd 0xc2c1c2c1 db 0xa1 db 0xe3 db 0x00 ref_004670a7: db 0x23 dd 0x32313131 dd 0xd3b3e1b2 dd 0x4cb5f3a9 db 0xa1 db 0x49 db 0x00 ref_004670b7: db 0x23 dd 0x33313131 dd 0x49a17aab dd 0xc5aa6ec5 dd 0x7eac70a6 db 0xa1 db 0xe3 db 0x00 ref_004670cb: db 0x23 dd 0x34313131 dd 0x77a4daa7 dd 0xa70a67b8 dd 0xa54cb5d4 dd 0xa4d4a769 dd 0x0049a146 ref_004670e4: dd 0x31313123 dd 0xb84fa735 dd 0x4bc50af2 dd 0xfbc2bda4 dd 0xfabf6ead db 0xa1 db 0x49 db 0x00 ref_004670fb: db 0x23 dd 0x36313131 dd 0x40a4dea9 dd 0x48a5f2a4 dd 0xa40a51a7 dd 0xa455a4d1 dd 0xa4b0aca3 dd 0x0049a15d ref_00467118: dd 0x31313123 dd 0xac75af37 dd 0xa4efb94f dd 0xa15fb0a3 db 0x49 db 0x00 ref_0046712a: db 0x23 db 0x31 dd 0xac383131 dd 0xa85fb0d9 dd 0xedb70ad3 dd 0x43b1d1a6 dd 0x49a1bba5 db 0x00 ref_00467141: db 0x23 db 0x31 db 0x31 dd 0xc8ad3931 dd 0x79bc6fb1 dd 0x49a1acaf db 0x00 ref_00467151: db 0x23 db 0x31 db 0x31 dd 0x67a43032 dd 0xac0a61a6 dd 0xa668a64f dd 0xb571af68 dd 0x0049a1bd ref_00467168: dd 0x32313123 dd 0xa4d0a931 dd 0x53a80a6c dd 0x7cb748a4 dd 0x68a6fbb6 db 0xa1 db 0xe3 db 0x00 ref_0046717f: db 0x23 dd 0x32323131 dd 0x6ca467a7 dd 0xb3a4f8b3 dd 0xa654a40a dd 0xb1a3a47e dd 0x0049a1df ref_00467198: dd 0x32313123 dd 0xa7f1a933 dd 0xa5dba6da dd 0x00e3a1d1 ref_004671a8: dd 0x32313123 dd 0xa86ba834 dd 0xb2b3a6e0 dd 0xa3a40a5c dd 0x75bcb4bb db 0xa1 db 0xe3 db 0x00 ref_004671bf: db 0x23 dd 0x35323131 dd 0x5a5a7a7a dd 0x49a30a5a dd 0x49a349a3 db 0xa3 db 0x49 db 0x00 ref_004671d3: db 0x23 dd 0x36323131 dd 0xe4a768a5 dd 0x48a44fa7 dd 0x49a149a1 db 0x00 ref_004671e5: db 0x23 db 0x31 db 0x31 dd 0xcca43732 dd 0xd7b242b9 dd 0xc20af3a9 dd 0xbbdaa7f7 dd 0xa168a5b7 db 0x49 db 0x00 ref_004671fe: db 0x23 db 0x31 dd 0xa7383231 dd 0xac4fa456 dd 0x0ab3a64f dd 0xf9bb4ea5 dd 0x49a1baaa db 0x00 ref_00467215: db 0x23 db 0x31 db 0x31 dd 0x49b43932 dd 0x70a651b6 dd 0xb3b642af db 0xa1 db 0xe3 db 0x00 ref_00467227: db 0x23 dd 0x30333131 dd 0xe9a7caa6 dd 0xb8bca3a4 dd 0xb00a41a1 dd 0xa5ddbced dd 0xa1d3b3b2 db 0x49 db 0x00 ref_00467242: db 0x23 db 0x31 dd 0xa4313331 dd 0xb05da9b5 dd 0x0adab9b5 dd 0x7cb75da4 dd 0xe3a1baaf db 0x00 ref_00467259: db 0x23 db 0x31 db 0x31 dd 0xdaa73233 dd 0xafa94fac dd 0x6ba442b9 dd 0x49a1abaf db 0x00 ref_0046726d: db 0x23 db 0x31 db 0x31 dd 0xa3a43333 dd 0xc0b9e0bf db 0xa1 db 0xe3 db 0x00 ref_0046727b: db 0x23 dd 0x34333131 dd 0xdab0d1a4 db 0xa1 db 0xe3 db 0x00 ref_00467287: db 0x23 dd 0x35333131 dd 0xdaa7fdc5 dd 0x46a4baa6 dd 0x49a161a7 db 0x00 ref_00467299: db 0x23 db 0x31 db 0x31 dd 0xdaa73633 dd 0xfdb6baaa dd 0x72a7fdb6 db 0xa1 db 0x49 db 0x00 ref_004672ab: db 0x23 dd 0x37333131 dd 0x62a7d3ab dd 0x49a146a4 db 0x00 ref_004672b9: db 0x23 db 0x31 db 0x31 dd 0xbbbe3833 dd 0x46a4fcae db 0xa1 db 0x49 db 0x00 ref_004672c7: db 0x23 dd 0x39333131 dd 0xbdc2c8c1 dd 0x49a146a4 db 0x00 ref_004672d5: db 0x23 db 0x31 db 0x31 dd 0x5ab03034 dd 0xb9a6b3a6 dd 0x49a17ab2 db 0x00 ref_004672e5: db 0x23 db 0x31 db 0x31 dd 0xa3a43134 dd 0xb4a5e0af dd 0xdcb6e9a7 dd 0x49a149a1 db 0x00 ref_004672f9: db 0x23 db 0x31 db 0x31 dd 0xb0ac3234 dd 0xf2bbb0a4 db 0xa1 db 0x48 db 0x00 ref_00467307: db 0x23 dd 0x33343131 dd 0x5ea6dfbe dd 0xf8b140a4 dd 0x49a152a9 db 0x00 ref_00467319: db 0x23 db 0x31 db 0x31 dd 0x75af3434 dd 0x42b9aba8 db 0xa1 db 0x49 db 0x00 ref_00467327: db 0x23 dd 0x35343131 dd 0x49c06ea6 db 0xa1 db 0xe3 db 0x00 ref_00467333: db 0x23 dd 0x36343131 dd 0x41a7e2ba dd 0x79a94bab dd 0x49c240a4 dd 0xa70a41a1 dd 0xa7d3a8d6 dd 0x0049a161 ref_00467350: dd 0x34313123 dd 0xaba2ab37 dd 0xa1a2aba2 dd 0xd3b30a49 dd 0x62a651a7 dd 0x49a1e6b1 db 0x00 ref_00467369: db 0x23 db 0x31 db 0x31 dd 0xa3a43834 dd 0xbaa6c8a9 dd 0xb40abaaa dd 0xa84cb94e dd 0x0049a1d3 ref_00467380: dd 0x34313123 dd 0xaed1a639 dd 0xa7f2b851 dd 0xa753a841 dd 0x0049a1b9 ref_00467394: dd 0x35313123 dd 0xa7f1a930 dd 0xa558a5da dd 0xa149a168 dd 0x0049a149 ref_004673a8: dd 0x35313123 dd 0xa1fcad31 dd 0xad75af49 dd 0x0060becb ref_004673b8: dd 0x35313123 dd 0x5a7a7a32 dd 0x0a5a5a5a dd 0xe8a2e8a2 db 0xa2 db 0xe8 db 0x00 ref_004673cb: db 0x23 dd 0x33353131 dd 0x44b9f8c3 dd 0xa70a4fac dd 0xa6d3a4da dd 0xa479beb3 dd 0x0048a14f ref_004673e4: dd 0x35313123 dd 0xa7f7c234 dd 0xa4b7bbda dd 0xa149c240 db 0x49 db 0x00 ref_004673f6: db 0x23 db 0x31 dd 0xa8353531 dd 0xbdabbbd3 dd 0xc178b4d0 dd 0xc0aab96e dd 0x0049a179 ref_0046740c: dd 0x35313123 dd 0xa17aab36 dd 0xaddaa7e3 dd 0x0a4cb96e dd 0xa4a5d6a4 dd 0xbaaaa4a5 dd 0xa1accda5 db 0xa1 db 0x49 db 0x00 ref_0046742b: db 0x23 dd 0x37353131 dd 0xfabfdaa7 dd 0x48a4d2a4 dd 0x7cb7a3a4 dd 0xb34eb40a dd 0xa9f2bb6f dd 0xaaf3b1f1 dd 0x0049a1ba ref_0046744c: dd 0x35313123 dd 0xaed6ba38 dd 0xa1d5b0f0 db 0x49 db 0x00 ref_0046745a: db 0x23 db 0x31 dd 0xa4393531 dd 0xb0d5b6ef dd 0x0049a1d5 ref_00467468: dd 0x36313123 dd 0xa675af30 dd 0xa142b96e db 0x49 db 0x00 ref_00467476: db 0x23 db 0x31 dd 0xb1313631 dd 0xab7cb7cc dd 0xa14fa9f6 dd 0x0048a148 ref_00467488: dd 0x36313123 dd 0xbcb3a632 dd 0xa146e576 dd 0x0049a148 ref_00467498: dd 0x36313123 dd 0xbd46e533 dd 0xa1cca6bc db 0x49 db 0x00 ref_004674a6: db 0x23 db 0x31 dd 0xb3343631 dd 0xa15db067 dd 0xb067b349 dd 0x0049a15d ref_004674b8: dd 0x36313123 dd 0xb346e535 dd 0xa4bcbdbd dd 0xa16ea65d db 0x49 db 0x00 ref_004674ca: db 0x23 db 0x31 dd 0xa5363631 dd 0xc1eeb45b dd 0x0049a1c8 ref_004674d8: dd 0x36313123 dd 0xaddaa737 dd 0x0049a157 ref_004674e4: dd 0x36313123 dd 0xb075af38 dd 0x00e3a149 ref_004674f0: dd 0x36313123 dd 0xa17aab39 dd 0xa475afe3 dd 0xa152a9ef db 0x49 db 0x00 ref_00467502: db 0x23 db 0x31 dd 0xa4303731 dd 0xa7bda4d1 dd 0xa64fab42 dd 0x0049a1f6 ref_00467514: dd 0x37313123 dd 0xa477e931 dd 0xe9b3a648 dd 0xa1d6ba77 db 0x49 db 0x00 ref_00467526: db 0x23 db 0x31 dd 0xa6323731 dd 0xaef9ad6e dd 0xa162a661 db 0x49 db 0x00 ref_00467536: db 0x23 db 0x31 dd 0xa4333731 dd 0xa661ae6a dd 0x0aa2b6b3 dd 0xa4a7d3a8 dd 0x49a1e1b3 db 0x00 ref_0046754d: db 0x23 db 0x31 db 0x31 dd 0xd3a83437 dd 0xf9af77aa dd 0x49a1d5b0 db 0x00 ref_0046755d: db 0x23 db 0x31 db 0x31 dd 0xd3bc3537 dd 0xedad4aa5 dd 0x6bc25fb0 dd 0x49a1c6b1 db 0x00 ref_00467571: db 0x23 db 0x31 db 0x31 dd 0x41a73637 dd 0x7db661ae dd 0xb1a9c2b6 dd 0x48a1dab0 db 0x00 ref_00467585: db 0x23 db 0x31 db 0x31 dd 0xdead3737 dd 0xdab050aa db 0xa1 db 0x49 db 0x00 ref_00467593: db 0x23 dd 0x38373131 dd 0xe9b3fcad dd 0x72a7deb3 db 0xa1 db 0xe3 db 0x00 ref_004675a3: db 0x23 dd 0x39373131 dd 0x4dc24dc2 db 0xa1 db 0xe3 db 0x00 ref_004675af: db 0x23 dd 0x30383131 dd 0x49a1dab0 dd 0x47ba7eb1 dd 0x7abea8b8 db 0xa1 db 0xe3 db 0x00 ref_004675c3: db 0x23 dd 0x31383131 dd 0x4eb4ada6 dd 0xaba86ea6 dd 0xe3a1dab0 db 0x00 ref_004675d5: db 0x23 db 0x31 db 0x31 dd 0xd1a43238 dd 0x6bafbda4 dd 0x48a477e9 db 0xa1 db 0x49 db 0x00 ref_004675e7: db 0x23 dd 0x33383131 dd 0x4ebff5a4 dd 0x64bccbaf dd 0xb346e50a dd 0xa1f4babd db 0xe3 db 0x00 ref_004675fe: db 0x23 db 0x31 dd 0xb7343831 dd 0xa4f7ab52 dd 0xc47cb77e dd 0x0049a1b9 ref_00467610: dd 0x38313123 dd 0xacd6ba35 dd 0xb7aab050 dd 0x0049a1d3 ref_00467620: dd 0x38313123 dd 0xadd1a436 dd 0xba45c2b0 dd 0xa149a1d6 db 0x49 db 0x00 ref_00467632: db 0x23 db 0x31 dd 0xb1373831 dd 0xaa4eb76f dd 0xa440a4ba dd 0x0049a1d1 ref_00467644: dd 0x38313123 dd 0xa8b8ad38 dd 0xbaeebed3 dd 0x0049a1d7 ref_00467654: dd 0x38313123 dd 0xa64cb539 dd 0xa8a7a46b dd 0x0049a161 ref_00467664: dd 0x39313123 dd 0xac75af30 dd 0xa9a3a44f dd 0x00e3a1af ref_00467674: dd 0x39313123 dd 0xb548a431 dd 0xb0eebe4c dd 0xb4a3a45d dd 0x0049a149 ref_00467688: dd 0x39313123 dd 0xa668a632 dd 0xb571af68 dd 0x0049a1bd ref_00467698: dd 0x39313123 dd 0xa4ebb633 dd 0xb35fc1fa dd 0xb0a3a4a3 dd 0x0049a1f7 ref_004676ac: dd 0x39313123 dd 0xbf6db734 dd 0xa1dab0fa dd 0x0049a148 ref_004676bc: dd 0x39313123 dd 0xa1f3ad35 dd 0xc26fb349 dd 0x0afabf49 dd 0x6ead5da4 dd 0xdaa7f2b8 dd 0xe3a1b3ae db 0x00 ref_004676d9: db 0x23 db 0x31 db 0x31 dd 0xe2ba3639 dd 0xbda4bba5 dd 0xe0bd44a5 dd 0xbaaa41a7 db 0x00 ref_004676ed: db 0x23 db 0x31 db 0x31 dd 0xbba53739 dd 0x44a5bda4 dd 0xac4eb40a dd 0xb7a3a44f dd 0xa149a551 dd 0xe7ab0a41 dd 0x48a1cbbc db 0x00 ref_0046770d: db 0x23 db 0x31 db 0x31 dd 0xa3a43839 dd 0xa40a49a5 dd 0xc04fac5d dd 0xaad3b8b3 dd 0x0043a1ba ref_00467724: dd 0x39313123 dd 0xa7ccbd39 dd 0xa45da441 dd 0x0ab1b4a3 dd 0xbba5f2b8 dd 0x44a5bda4 dd 0xfabfaca6 db 0xa1 db 0x49 db 0x00 ref_00467743: db 0x23 dd 0x30303231 dd 0x49a1a2ab dd 0x6eada3a4 dd 0xbaaa52a9 dd 0xa84eb40a dd 0xa1dab0d3 db 0x49 db 0x00 ref_0046775e: db 0x23 db 0x31 dd 0xa7313032 dd 0xb3d3a8d6 dd 0xaaccb86f dd 0xa1b1aab1 db 0x49 db 0x00 ref_00467772: db 0x23 db 0x31 dd 0xa7323032 dd 0xa6ccad41 dd 0xc16fb1b3 dd 0xa16fc540 db 0x49 db 0x00 ref_00467786: db 0x23 db 0x31 dd 0xa5333032 dd 0xa5bda4bb dd 0xa7f2b844 dd 0x0ab3a641 dd 0xb3a460b2 dd 0xebab6aa4 dd 0x48a1dcb6 db 0x00 ref_004677a5: db 0x23 db 0x31 db 0x32 dd 0xd9c13430 dd 0xf1a9a3a4 dd 0x58a5daa7 dd 0x49a168a5 db 0x00 ref_004677b9: db 0x23 db 0x31 db 0x32 dd 0xdaa73530 dd 0xeda66ead dd 0xb559c00a dd 0xa966afa5 dd 0xa149a1d0 dd 0x0049a149 ref_004677d4: dd 0x30323123 dd 0xa4daa736 dd 0xa174b5a3 db 0xe3 db 0x00 ref_004677e2: db 0x23 db 0x31 dd 0xa7373032 dd 0xc5cba74f dd 0xdaa70abc dd 0xe7a6baaa dd 0x49a141aa db 0xa1 db 0x49 db 0x00 ref_004677fb: db 0x23 dd 0x38303231 dd 0xf3a9d7b2 dd 0xaba8d6aa dd 0x49a146a4 db 0x00 ref_0046780d: db 0x23 db 0x31 db 0x32 dd 0x41a73930 dd 0xa3b3ccad dd 0x4faca3a4 dd 0xa4efb90a dd 0xa149a1e2 db 0x49 db 0x00 ref_00467826: db 0x23 db 0x31 dd 0xa4303132 dd 0xa677a940 dd 0x0ad6bdb3 dd 0xfab940a7 dd 0x49a1d5b0 db 0x00 ref_0046783d: db 0x23 db 0x31 db 0x32 dd 0xbba53131 dd 0x44a5bda4 dd 0xa44da80a dd 0xb1f1a9a3 dd 0x0049a1f3 ref_00467854: dd 0x31323123 dd 0xb755b832 dd 0x0a49a1b3 dd 0x6aa4a4a4 dd 0x46a4fabc db 0xa1 db 0x49 db 0x00 ref_0046786b: db 0x23 dd 0x33313231 dd 0x6b63754c dd 0x0a49a179 dd 0xf0ae42b9 dd 0xf9bfa3a4 db 0xa1 db 0x49 db 0x00 ref_00467883: db 0x23 dd 0x34313231 dd 0xf1aaccb3 dd 0xae42b90a dd 0xbfa3a4f0 dd 0xa1c0b9f9 db 0x49 db 0x00 ref_0046789a: db 0x23 db 0x31 dd 0xa5353132 dd 0xa1ebab69 dd 0xb156b241 dd 0xc051af62 dd 0xfda40a74 dd 0x4ab34ba4 db 0xa1 db 0x49 db 0x00 ref_004678b7: db 0x23 dd 0x36313231 dd 0x4ba1b0ac dd 0xb0a4b0ac dd 0x48a1f2bb db 0x00 ref_004678c9: db 0x23 db 0x31 db 0x32 dd 0xc9b93731 dd 0xb3a641a1 dd 0xcbadf7b0 dd 0x4ba1b0b7 db 0x00 ref_004678dd: db 0x23 db 0x31 db 0x32 dd 0xa2ab3831 dd 0xa2aba2ab dd 0xaf0a41a1 dd 0xa94fac75 dd 0xa142b9af db 0x49 db 0x00 ref_004678f6: db 0x23 db 0x31 dd 0xb3393132 dd 0xb641a1e1 dd 0xa462b169 dd 0x0049a146 ref_00467908: dd 0x32323123 dd 0xbfa3a430 dd 0xbfa3a4f9 dd 0x0a41a1f9 dd 0xf1a460c1 dd 0xb3a653a8 dd 0x4ba16ea6 db 0x00 ref_00467925: db 0x23 db 0x31 db 0x32 dd 0xdab03132 dd 0xdab0dab0 dd 0xa50a4ba1 dd 0xb5c6a840 dd 0xa160b14c db 0x4b db 0x00 ref_0046793e: db 0x23 db 0x31 dd 0xb9323232 dd 0xb341a1c9 dd 0xb6f2bb6f dd 0xa172a751 db 0x49 db 0x00 ref_00467952: db 0x23 db 0x31 dd 0xa4333232 dd 0xab4eb770 dd 0x0a41a1e4 dd 0x4eb770a4 dd 0x49a1e4ab db 0x00 ref_00467969: db 0x23 db 0x31 db 0x32 dd 0xa2ab3432 dd 0xa2aba2ab dd 0xab0a41a1 dd 0xbc72b8dc dd 0xa161a77d db 0x49 db 0x00 ref_00467982: db 0x23 db 0x31 dd 0xab353232 dd 0xa1a2aba2 dd 0xb9afa941 dd 0x0049a142 ref_00467994: dd 0x32323123 dd 0xa1f3ad36 dd 0x6fb30a41 dd 0xe8ade8ad dd 0xd3a66ea6 dd 0x49a177a4 db 0x00 ref_004679ad: db 0x23 db 0x31 db 0x32 dd 0xe1b33732 dd 0x41a1e1b3 dd 0xafdaa70a dd 0xa446a475 dd 0xa15fb0a3 db 0x49 db 0x00 ref_004679c6: db 0x23 db 0x31 dd 0xa8383232 dd 0xa8fea8fe dd 0x0a41a1fe dd 0xd9c1daa7 dd 0xe6a6a1ba dd 0xc0b9baaa db 0xa1 db 0x49 db 0x00 ref_004679e3: db 0x23 dd 0x39323231 dd 0x49a949a9 dd 0x41a149a9 dd 0xb7d6bd0a dd 0xa9d3a87c dd 0x0a41a14f dd 0x4fa575af dd 0xc1b448a4 dd 0x49a1ddab db 0x00 ref_00467a09: db 0x23 db 0x31 db 0x32 dd 0x41a73033 dd 0xb9b544a1 dd 0xdaa744a1 dd 0xb00a44a1 dd 0xb550a14f dd 0x0049a1db ref_00467a24: dd 0x33323123 dd 0xa7f1a931 dd 0xa558a5da dd 0x0a49a168 dd 0x4facdaa7 dd 0x64b64cb5 dd 0x49a1baaa db 0x00 ref_00467a41: db 0x23 db 0x31 db 0x32 dd 0xd9b63233 dd 0x7dba41a1 dd 0xbaaa47ab dd 0x68a440c5 dd 0xa966a90a dd 0xad62a666 dd 0xa1e0a8fe db 0x48 db 0x00 ref_00467a62: db 0x23 db 0x31 dd 0x5a333332 dd 0x4ba15a5a db 0x00 ref_00467a6d: db 0x23 db 0x31 db 0x32 dd 0xb0ac3433 dd 0xf2bbb0a4 dd 0xdaa74fac db 0xa1 db 0x48 db 0x00 ref_00467a7f: db 0x23 dd 0x35333231 dd 0x4ba149a9 dd 0xa9d7b20a dd 0xb1aba8f3 dd 0xa146a4bc db 0x49 db 0x00 ref_00467a96: db 0x23 db 0x31 dd 0xa8363332 dd 0xa8fea8fe dd 0x0a41a1fe dd 0xa8a65ca5 dd 0x4eb457a6 dd 0x49a1d5b0 db 0x00 ref_00467ab1: db 0x23 db 0x31 db 0x32 dd 0x69a53733 dd 0x4ba1ebab dd 0xaaccb30a dd 0xb0b3a6f1 dd 0xa149adf7 db 0x49 db 0x00 ref_00467aca: db 0x23 db 0x31 dd 0xaf383332 dd 0xa1cda562 dd 0xdaa70a41 dd 0xa3a4beb0 dd 0xb8a848ab db 0xa1 db 0x49 db 0x00 ref_00467ae3: db 0x23 dd 0x39333231 dd 0xdfb369a5 dd 0x50b669a5 db 0xa1 db 0x49 db 0x00 ref_00467af3: db 0x23 dd 0x30343231 dd 0xafa96ea6 dd 0xe1b3d6ba db 0xa1 db 0x49 db 0x00 ref_00467b03: db 0x23 dd 0x31343231 dd 0xe3a1e2b6 dd 0xdcabdaa7 dd 0x4eb7a1ba db 0xa1 db 0x49 db 0x00 ref_00467b17: db 0x23 dd 0x32343231 dd 0x59b275af dd 0xe3a147ba db 0x00 ref_00467b25: db 0x23 db 0x31 db 0x32 dd 0xa3a43334 dd 0x41a7f2b8 dd 0x46a46ea6 dd 0x49a149a1 db 0x00 ref_00467b39: db 0x23 db 0x31 db 0x32 dd 0x6ea63434 dd 0xb0b7cbad dd 0xe3a1e1b3 db 0x00 ref_00467b49: db 0x23 db 0x31 db 0x32 dd 0xdaa73534 dd 0x70a44fac dd 0x43b149b4 db 0xa1 db 0xe3 db 0x00 ref_00467b5b: db 0x23 dd 0x36343231 dd 0x49a17aab dd 0xeca8c8c1 db 0xa4 db 0x46 db 0x00 ref_00467b6b: db 0x23 dd 0x37343231 dd 0xf2bbe7ab dd 0xa6a3a40a dd 0xa4b9b568 dd 0xa149c240 db 0x48 db 0x00 ref_00467b82: db 0x23 db 0x31 dd 0xa4383432 dd 0xb1d8b8d3 dd 0xa146a469 db 0x49 db 0x00 ref_00467b92: db 0x23 db 0x31 dd 0xc1393432 dd 0xb3baaac8 dd 0xb0a3a4a3 dd 0xa1dfbdf7 db 0x49 db 0x00 ref_00467ba6: db 0x23 db 0x31 dd 0xad303532 dd 0x0a49a1fc dd 0x44a4fabf dd 0x7ea5ada8 dd 0xabaaa7a4 db 0xa1 db 0xe3 db 0x00 ref_00467bbf: db 0x23 dd 0x31353231 dd 0x51b74fa7 dd 0x7cb7daa7 dd 0xfabf49a5 db 0xa1 db 0x49 db 0x00 ref_00467bd3: db 0x23 dd 0x32353231 dd 0xb8a655a4 dd 0xb9b541a6 dd 0xe3a141a7 db 0x00 ref_00467be5: db 0x23 db 0x31 db 0x32 dd 0xd9ac3335 dd 0xd3a85fb0 db 0xa1 db 0x49 db 0x00 ref_00467bf3: db 0x23 dd 0x34353231 dd 0x56a455b8 dd 0xd3bcaab0 dd 0xa6ada50a dd 0xa15fb061 dd 0x0049a149 ref_00467c0c: dd 0x35323123 dd 0xba60c135 dd 0xa852b6e2 dd 0xa146a4ec db 0x49 db 0x00 ref_00467c1e: db 0x23 db 0x31 dd 0xa6363532 dd 0xb3ceb46e dd 0x0049a1e1 ref_00467c2c: dd 0x35323123 dd 0xa4b0ac37 dd 0x0af2bbb0 dd 0xdbb46ead dd 0xdaa774ad db 0xa1 db 0x48 db 0x00 ref_00467c43: db 0x23 dd 0x38353231 dd 0xdaa7f1a9 dd 0x68a558a5 db 0xa1 db 0x49 db 0x00 ref_00467c53: db 0x23 dd 0x39353231 dd 0x6eaddaa7 dd 0x61ae5ea6 db 0xa1 db 0xe3 db 0x00 ref_00467c63: db 0x23 dd 0x30363231 dd 0x49a349a3 dd 0x49a349a3 db 0xa3 db 0x49 db 0x00 ref_00467c73: db 0x23 dd 0x31363231 dd 0xadb05dc5 dd 0x49a149a1 db 0x00 ref_00467c81: db 0x23 db 0x31 db 0x32 dd 0xccb33236 dd 0xc20a6ea6 dd 0xbbdaa7f7 dd 0xaab7bbb7 dd 0x00e3a1ba ref_00467c98: dd 0x36323123 dd 0xae5ea633 dd 0xa1d5b061 db 0xe3 db 0x00 ref_00467ca6: db 0x23 db 0x31 dd 0xb6343632 dd 0x0ae3a1e3 dd 0xf2a440a4 dd 0xa3a4a3b3 dd 0xe3a1d1b3 db 0x00 ref_00467cbd: db 0x23 db 0x31 db 0x32 dd 0xfdc53536 dd 0xa60adaa7 dd 0xa4b1aa41 dd 0xa7b8a640 dd 0x0049a161 ref_00467cd4: dd 0x36323123 dd 0xab7dba36 dd 0x0049a147 ref_00467ce0: dd 0x36323123 dd 0xc0c5bb37 dd 0xa146a4c5 db 0x49 db 0x00 ref_00467cee: db 0x23 db 0x31 dd 0xab383632 dd 0xa1a2aba2 dd 0xb5a40a49 dd 0x75afd1a4 dd 0xb3bfaab0 db 0xa1 db 0x49 db 0x00 ref_00467d07: db 0x23 dd 0x39363231 dd 0x69a5a3a4 dd 0x49a1e0af db 0xa1 db 0x49 db 0x00 ref_00467d17: db 0x23 dd 0x30373231 dd 0x60beaba8 dd 0x49a142b9 db 0x00 ref_00467d25: db 0x23 db 0x31 db 0x32 dd 0xd3a43137 dd 0xd1b1a2a5 dd 0x49a146a4 db 0x00 ref_00467d35: db 0x23 db 0x31 db 0x32 dd 0x6aa43237 dd 0xaca6d7c2 dd 0x49a149a1 db 0x00 ref_00467d45: db 0x23 db 0x31 db 0x32 dd 0xa2ab3337 dd 0x4eb749a1 dd 0xa7a47ea5 db 0xb0 db 0x5d db 0x00 ref_00467d57: db 0x23 dd 0x34373231 dd 0x6fb37ea4 dd 0xfabf49c2 dd 0x48a1dab0 db 0x00 ref_00467d69: db 0x23 db 0x31 db 0x32 dd 0xb0ac3537 dd 0xf2bbb0a4 dd 0x4fac7cb7 dd 0x48a1daa7 db 0x00 ref_00467d7d: db 0x23 db 0x31 db 0x32 dd 0xb3a63637 dd 0xb3a653a8 dd 0xf9bf64b7 dd 0x48a1dab0 db 0x00 ref_00467d91: db 0x23 db 0x31 db 0x32 dd 0xa3a43737 dd 0xf2ba6ead db 0xa1 db 0xe3 db 0x00 ref_00467d9f: db 0x23 dd 0x38373231 dd 0x46a4baae dd 0xe2a740a4 dd 0xbda64ea7 db 0xa1 db 0xe3 db 0x00 ref_00467db3: db 0x23 dd 0x39373231 dd 0x68b5d3a4 dd 0x46a4d6a7 db 0xa1 db 0x49 db 0x00 ref_00467dc3: db 0x23 dd 0x30383231 dd 0x4faca3a4 dd 0xa40adaa7 dd 0xa7b9b5a3 dd 0xa1e1b341 db 0x49 db 0x00 ref_00467dda: db 0x23 db 0x31 dd 0xaf313832 dd 0xa6b3a675 dd 0xb74eb4a8 dd 0xa149a150 db 0x49 db 0x00 ref_00467dee: db 0x23 db 0x31 dd 0xa7323832 dd 0xa85da441 dd 0xb8d5b8d3 dd 0xb9ddacd5 db 0xc0 db 0x00 ref_00467e02: db 0x23 db 0x31 dd 0xc5333832 dd 0xa4efaa77 dd 0xa861ae6a dd 0xa1b1aad3 db 0x49 db 0x00 ref_00467e16: db 0x23 db 0x31 dd 0xac343832 dd 0xbbb0a4b0 dd 0x6ead0af2 dd 0x51aff2b8 dd 0x40a77dab dd 0x48a1efb9 db 0x00 ref_00467e31: db 0x23 db 0x31 db 0x32 dd 0x51af3538 dd 0x53a87dab dd 0xc7a5b3a6 dd 0x49a16fb8 db 0x00 ref_00467e45: db 0x23 db 0x31 db 0x32 dd 0xe5c23638 dd 0x62a6cda5 dd 0xccb8fead db 0xa1 db 0x48 db 0x00 ref_00467e57: db '#1287zzzzzz',0x0a,'ZZZZZZ',0x00 ref_00467e6a: db 0x23 db 0x31 dd 0xb4383832 dd 0xa4dfa4a3 dd 0xa178c1dd dd 0x00e3a1e3 ref_00467e7c: dd 0x38323123 dd 0xa9d7b239 dd 0xa569a5f3 dd 0x50c30a48 dd 0x66a440a4 dd 0x46a4f0ae db 0xa1 db 0xe3 db 0x00 ref_00467e97: db 0x23 dd 0x30393231 dd 0xccad41a7 dd 0xa3a4a3b3 dd 0xaf0a4fac dd 0xaa7dab51 dd 0xa4efb9ba dd 0xa1d5b0e2 db 0x49 db 0x00 ref_00467eb6: db 0x23 db 0x31 dd 0xa7313932 dd 0xaaccad41 dd 0xc2f0aea7 dd 0xe6a60a49 dd 0xe6a6a3a4 db 0xa1 db 0x48 db 0x00 ref_00467ecf: db 0x23 dd 0x32393231 dd 0xb5b141a6 dd 0x79c041a6 db 0xa1 db 0x49 db 0x00 ref_00467edf: db 0x23 dd 0x33393231 dd 0x4facdaa7 dd 0x4faca3a4 dd 0xa762a60a dd 0xb0dab940 dd 0x0048a1da ref_00467ef8: dd 0x39323123 dd 0xb0d3a434 dd 0xa4b3bfaa dd 0x0049a146 ref_00467f08: dd 0x39323123 dd 0xaa6ea635 dd 0xa97db6ba dd 0x4fac0a6c dd 0x5ca5a8a6 dd 0x40a4baaa dd 0x49a162a5 db 0x00 ref_00467f25: db 0x23 db 0x31 db 0x32 dd 0xb9a73639 dd 0x46a44ab3 db 0xa1 db 0x49 db 0x00 ref_00467f33: db 0x23 dd 0x37393231 dd 0x46a447ba db 0xa1 db 0xe3 db 0x00 ref_00467f3f: db 0x23 dd 0x38393231 dd 0x61ae48a4 dd 0xdebaa3a4 dd 0x49a1d5b0 db 0x00 ref_00467f51: db 0x23 db 0x31 db 0x32 dd 0xa2ab3939 dd 0x5db049a1 dd 0x75babdb7 dd 0x43a175ba db 0x00 ref_00467f65: db 0x23 db 0x31 db 0x33 dd 0x6ea63030 dd 0xbaaacbbc db 0xa1 db 0x49 db 0x00 ref_00467f73: db 0x23 dd 0x31303331 dd 0xe3a148bc dd 0xd6a46ebf dd 0x68a6a8a6 db 0xa1 db 0x49 db 0x00 ref_00467f87: db 0x23 dd 0x32303331 dd 0x61ae48a4 dd 0xa3a449a5 dd 0xd5b05fb0 db 0xa1 db 0x49 db 0x00 ref_00467f9b: db 0x23 dd 0x33303331 dd 0xe3a1fcad dd 0xfabfe1aa dd 0x61a8f8ae db 0xa1 db 0x49 db 0x00 ref_00467faf: db 0x23 dd 0x34303331 dd 0x4eb770a4 dd 0xe3a1e4ab db 0x00 ref_00467fbd: db 0x23 db 0x31 db 0x33 dd 0x7ec03530 dd 0x61ae48a4 dd 0xf5b840a4 dd 0x49a149a1 db 0x00 ref_00467fd1: db 0x23 db 0x31 db 0x33 dd 0x75af3630 dd 0x55b84fac dd 0x49a1afa9 db 0x00 ref_00467fe1: db 0x23 db 0x31 db 0x33 dd 0xd9c13730 dd 0x53a86ea6 dd 0xe3a1c6a8 db 0x00 ref_00467ff1: db 0x23 db 0x31 db 0x33 dd 0x48a43830 dd 0x75af61ae dd 0x46b7e0af db 0xa1 db 0x49 db 0x00 ref_00468003: db 0x23 dd 0x39303331 dd 0xc5aab3a6 dd 0xa4a7d3a8 dd 0x61a7a4a7 db 0xa1 db 0x49 db 0x00 ref_00468017: db 0x23 dd 0x30313331 dd 0xceb4d3a4 dd 0x49a146a4 db 0x00 ref_00468025: db 0x23 db 0x31 db 0x33 dd 0xfabf3131 dd 0x51b3a3b3 dd 0xae0a41a7 dd 0xa4faa5b3 dd 0x0049a146 ref_0046803c: dd 0x31333123 dd 0xae48a432 dd 0xb54fac61 dd 0xaa64b64c dd 0x00e3a1ba ref_00468050: dd 0x31333123 dd 0xb6e3b633 dd 0xa1e3b6e3 dd 0xa1e3a1e3 db 0xe3 db 0x00 ref_00468062: db 0x23 db 0x31 dd 0xb6343133 dd 0x00e3a1e2 ref_0046806c: dd 0x31333123 dd 0xada3a435 dd 0xa7e4a76e dd 0x00e3a1da ref_0046807c: dd 0x31333123 dd 0xa149a936 dd 0xba60c1e3 dd 0xa4aba8e2 dd 0x0049a146 ref_00468090: dd 0x31333123 dd 0xa8fea837 dd 0xa1fea8fe dd 0xd3a90ae3 dd 0x46a4fdc5 db 0xa1 db 0x49 db 0x00 ref_004680a7: db 0x23 dd 0x38313331 dd 0xe3a1e3b6 dd 0x61ae48a4 dd 0xf2a440a4 dd 0xa45da40a dd 0xa4d1b3a3 dd 0x0043a146 ref_004680c4: dd 0x31333123 dd 0xa4daa739 dd 0xa4cca5a3 dd 0x0a49a1df dd 0x6eaddaa7 dd 0x67a4b2b1 dd 0xd3a8abad db 0xa1 db 0x49 db 0x00 ref_004680e3: db 0x23 dd 0x30323331 dd 0x62a7d3ab dd 0x49a146a4 db 0x00 ref_004680f1: db 0x23 db 0x31 db 0x33 dd 0xd3a43132 dd 0x46a4aea7 db 0xa1 db 0x49 db 0x00 ref_004680ff: db 0x23 dd 0x32323331 dd 0x49a1e1b3 dd 0x49a143ad db 0x00 ref_0046810d: db 0x23 db 0x31 db 0x33 dd 0xfdb63332 dd 0x7dabfdb6 dd 0x49a172a7 db 0x00 ref_0046811d: db 0x23 db 0x31 db 0x33 dd 0xe1b33432 dd 0xdaa749a1 dd 0xd1a4baaa dd 0x49a1dab0 db 0x00 ref_00468131: db 0x23 db 0x31 db 0x33 dd 0xdaa73532 dd 0xdbaca3a4 dd 0x49a148ab db 0x00 ref_00468141: db 0x23 db 0x31 db 0x33 dd 0xdaa73632 dd 0xb3a64fac dd 0x48a4fabf db 0xa1 db 0x49 db 0x00 ref_00468153: db 0x23 dd 0x37323331 dd 0xc8c1daa7 dd 0xfabf6aa4 dd 0x49a146a4 db 0x00 ref_00468165: db 0x23 db 0x31 db 0x33 dd 0xa3a43832 dd 0xc0b9f9bf db 0xa1 db 0x49 db 0x00 ref_00468173: db 0x23 dd 0x39323331 dd 0x51b6d3a4 dd 0x49a146a4 db 0x00 ref_00468181: db 0x23 db 0x31 db 0x33 dd 0xdaa73033 dd 0xa3b27daf dd 0x49a146a4 db 0x00 ref_00468191: db 0x23 db 0x31 db 0x33 dd 0x53a83133 dd 0xf2bbb0a4 dd 0xa3a46aa4 dd 0x49a146a4 db 0x00 ref_004681a5: db 0x23 db 0x31 db 0x33 dd 0xafa93233 dd 0x49a142b9 db 0x00 ref_004681b1: db 0x23 db 0x31 db 0x33 dd 0x50b73333 dd 0x57a4c2c1 dd 0x49a1d2ab db 0x00 ref_004681c1: db 0x23 db 0x31 db 0x33 dd 0xd3a43433 dd 0x46a4fcac db 0xa1 db 0x49 db 0x00 ref_004681cf: db 0x23 dd 0x35333331 dd 0xa5b76ea6 dd 0x49a146a4 db 0x00 ref_004681dd: db 0x23 db 0x31 db 0x33 dd 0xd3a43633 dd 0x46a4ceb4 db 0xa1 db 0x49 db 0x00 ref_004681eb: db 0x23 dd 0x37333331 dd 0xb3b755b8 db 0xa1 db 0x49 db 0x00 ref_004681f7: db 0x23 dd 0x38333331 dd 0xa3a441a7 dd 0xb30ae0af dd 0xb9cbbc6f dd 0xa1daa7ef db 0x49 db 0x00 ref_0046820e: db 0x23 db 0x31 dd 0xc5393333 dd 0xa5daa7fd dd 0xa168a558 db 0x49 db 0x00 ref_0046821e: db 0x23 db 0x31 dd 0xa7303433 dd 0xa653a8da dd 0xafcda5b3 dd 0x0049a166 ref_00468230: dd 0x34333123 dd 0xa4daa731 dd 0xa1d6b2a3 db 0xe3 db 0x00 ref_0046823e: db 0x23 db 0x31 dd 0xb3323433 dd 0xa449a1e1 dd 0x0049a1a3 ref_0046824c: dd 0x34333123 dd 0xc150b733 dd 0xa4d1a6c2 dd 0x0049a1d1 ref_0046825c: dd 0x34333123 dd 0xacdaa734 dd 0xaeb9c44f dd 0x0049a161 ref_0046826c: dd 0x34333123 dd 0xa4a3a435 dd 0xa1ada5bd db 0x49 db 0x00 ref_0046827a: db 0x23 db 0x31 dd 0xc5363433 dd 0xa6daa7fd dd 0xa4b1aa41 dd 0xa1b8a640 db 0x49 db 0x00 ref_0046828e: db '#1347@04',0x00 ref_00468297: db '#1348@16',0x00 ref_004682a0: db '#1349@01',0x00 ref_004682a9: db '#1350@03',0x00 ref_004682b2: db '#1351@10',0x00 ref_004682bb: db '#1352@13',0x00 ref_004682c4: db '#1353@17',0x00 ref_004682cd: db '#1354@21',0x00 ref_004682d6: db '#1355@15',0x00 ref_004682df: db '#1356@03',0x00 ref_004682e8: db '#1357@10',0x00 ref_004682f1: db '#1358@13',0x00 ref_004682fa: db '#1359@05',0x00 ref_00468303: db '#1360@02',0x00 ref_0046830c: db '#1361@07',0x00 ref_00468315: db '#1362@04',0x00 ref_0046831e: db '#1363@16',0x00 ref_00468327: db '#1364@01',0x00 ref_00468330: db '#1365@08',0x00 ref_00468339: db '#1366@10',0x00 ref_00468342: db '#1367@17',0x00 ref_0046834b: db '#1368@18',0x00 ref_00468354: db '#1369@03',0x00 ref_0046835d: db '#1370@04',0x00 ref_00468366: db '#1371@16',0x00 ref_0046836f: db '#1372@03',0x00 ref_00468378: db '#1373@20',0x00 ref_0046c410: dd 0x00000000 ref_0046c414: db 'con',0x00 ref_0046c418: db 'TMP',0x00 ref_0046c41c: db 'TEMP',0x00 ref_0046c421: db 'TMPDIR',0x00 ref_0046c428: db 'TEMPDIR',0x00 ref_0046c430: db 0x00 ref_0046c431: db 'wb+',0x00,0x00,0x00,0x00 ref_0046c438: db 'Unable to allocate semaphore data',0x0d,0x0a,0x00 ref_0046c45c: db 'USER32.DLL',0x00 ref_0046c467: db 'GetActiveWindow',0x00 ref_0046c477: db 'The instruction at 0x00000000 caused a stack overflow floating point',0x0a,'exception.',0x0a,0x00 ref_0046c4c8: db 'The instruction at 0x00000000 caused a stack underflow floating point',0x0a,'exception.',0x0a,0x00 ref_0046c51a: db 'The instruction at 0x00000000 caused a denormal operand floating point',0x0a,'exception.',0x0a,0x00 ref_0046c56d: db 'The instruction at 0x00000000 caused a division by zero floating point',0x0a,'exception.',0x0a,0x00 ref_0046c5c0: db 'The instruction at 0x00000000 caused an inexact value floating point',0x0a,'exception.',0x0a,0x00 ref_0046c611: db 'The instruction at 0x00000000 caused an overflow floating point exception.',0x0a,0x00 ref_0046c65d: db 'The instruction at 0x00000000 caused an underflow floating point exception.',0x0a,0x00 ref_0046c6aa: db 'The instruction at 0x00000000 caused an invalid operation floating point',0x0a,'exception.',0x0a,0x00 ref_0046c6ff: db 'The instruction at 0x00000000 referenced memory ',0x00 ref_0046c730: db 'at 0x00000000.',0x0a,'The memory could not be ',0x00 ref_0046c758: db 'read.',0x0a,0x00 ref_0046c75f: db 'written.',0x0a,0x00 ref_0046c769: db 'A privileged instruction was executed at address 0x00000000.',0x0a,0x00 ref_0046c7a7: db 'An illegal instruction was executed at address 0x00000000.',0x0a,0x00 ref_0046c7e3: db 'An integer divide by zero was encountered at address 0x00000000.',0x0a,0x00 ref_0046c825: db 'A stack overflow was encountered at address 0x00000000.',0x0a,0x00 ref_0046c85e: db 'The program encountered exception 0x00000000 at ',0x00 ref_0046c88f: db 'address 0x00000000 and',0x0a,'cannot continue.',0x0a,0x00 ref_0046c8b8: db 'Not enough memory to allocate file structures',0x0d,0x0a,0x00 ref_0046c8e8: db 'con',0x00 ref_0046c8ec: db 'acos',0x00 ref_0046c8f1: db 'asin',0x00 ref_0046c8f6: db 'sqrt',0x00 ref_0046c8fb: db 'exp',0x00 ref_0046c8ff: db 'cosh',0x00 ref_0046c904: db 'sinh',0x00 ref_0046c909: db 'pow',0x00 ref_0046c90d: db 'acosh',0x00 ref_0046c913: db 'log2',0x00 ref_0046c918: db 'log',0x00 ref_0046c91c: db 'log10',0x00 ref_0046c922: db 'atanh',0x00 ref_0046c928: db 'atan2',0x00 ref_0046c92e: db 'ipow',0x00 ref_0046c933: db 'dpowi',0x00 ref_0046c939: db 'cos',0x00 ref_0046c93d: db 'sin',0x00 ref_0046c941: db 'tan',0x00 ref_0046c945: db 0x79 db 0x30 db 0x00 ref_0046c948: db 0x79 db 0x31 db 0x00 ref_0046c94b: db 0x79 db 0x6e db 0x00 ref_0046c94e: db 'mod',0x00 ref_0046c952: db 'cotan',0x00 ref_0046c958: db 'Floating-point support not loaded',0x0d,0x0a,0x00 ref_0046c97c: db 'Thread has no thread-specific data',0x0d,0x0a,0x00 ref_0046c9a1: db 'Unable to resize thread-specific data',0x0d,0x0a,0x00 ref_0046c9c9: db 'Unable to resize thread-specific data',0x0d,0x0a,0x00,0x00,0x00,0x00 ref_0046c9f4: db 'conin$',0x00 ref_0046c9fb: db 'conout$',0x00,0x00 ref_0046ca04: db 'Domain error',0x00 ref_0046ca11: db 'Argument singularity',0x00 ref_0046ca26: db 'Overflow range error',0x00 ref_0046ca3b: db 'Underflow range error',0x00 ref_0046ca51: db 'Total loss of significance',0x00 ref_0046ca6c: db 'Partial loss of significance',0x00 ref_0046ca89: db ' in ',0x00,0x00,0x00 ref_0046ca90: db 'C_FILE_INFO',0x00 ref_0046ca9c: db 'C_FILE_INFO=',0x00,0x00,0x00,0x00 ref_0046caac: db 'ABNORMAL TERMINATION',0x0d,0x0a,0x00,0x00 ref_0046cac4: db '__bgnthd',0x00,0x00,0x00,0x00 ref_0046cad0: dd 0x00000000 ref_0046cad4: dd 0x7ff00000 ref_0046cadc: dd 0x00000000 ref_0046cae0: dd 0x00000000 dd 0x00000280 dd 0x000001e0 ref_0046caec: dd 0x01e00280 dd 0x00000000 ref_0046caf4: dd 0x00000000 ref_0046caf8: db 0x00 ref_0046caf9: db 0x00 ref_0046cafa: db 0x00 ref_0046cafb: db 0x00 ref_0046cafc: db 0x00 ref_0046cafd: db 0x00 ref_0046cafe: db 0x00 ref_0046caff: db 0x00 ref_0046cb00: db 0x00 ref_0046cb01: db 0x00 ref_0046cb02: db 0x00 ref_0046cb03: db 0x00 ref_0046cb04: db 0x00 ref_0046cb05: db 0x00 ref_0046cb06: db 0x00 ref_0046cb07: db 0x00 db 0x00 ref_0046cb09: db 0x00 db 0x00 ref_0046cb0b: db 0x00 dd 0x00000000 ref_0046cb10: dd 0x00000000 ref_0046cb14: dd 0x01e00280 dd 0x00000000 ref_0046cb1c: dd 0x00000000 ref_0046cb20: db 0x06 db 0x04 db 0x02 ref_0046cb23: db 0x00 dd 0x00000000 ref_0046cb28: db 0xbe db 0x00 ref_0046cb2a: db 0x7c db 0x01 dd 0x017c0148 dd 0x017a01d4 dd 0x01c20148 dd 0x017c003e ref_0046cb3c: dd 0x00000002 ref_0046cb40: dd 0x00000001 ref_0046cb44: dd 0x00000000 ref_0046cb48: dd 0x00000000 ref_0046cb4c: dd 0x00000000 ref_0046cb50: dd 0x00000000 ref_0046cb54: dd 0x00000000 ref_0046cb58: db 'J',0x01,0x00,0x00 ref_0046cb5c: dd 0x0000006e ref_0046cb60: dd 0x00000000 ref_0046cb64: dd 0x00000000 dd 0x0000016e dd 0x000000dc dd 0x0000004a dd 0x00000000 dd 0x00000181 dd 0x00000113 dd 0x000000a5 dd 0x00000037 ref_0046cb88: dd ref_004630f4 dd ref_004630f9 dd ref_004630fe ref_0046cb94: dd 0x000493e0 dd 0x00030d40 dd 0x000186a0 dd 0x0000c350 dd 0x00007530 dd 0x00002710 ref_0046cbac: dd ref_00463103 dd ref_00463108 dd ref_0046310d ref_0046cbb8: dd ref_00463112 dd ref_00463119 dd ref_0046311e dd ref_00463123 dd ref_0046312a dd ref_00463131 ref_0046cbd0: dd ref_00463112 dd ref_00463119 dd ref_0046311e dd ref_00463123 dd ref_0046312a dd ref_00463131 ref_0046cbe8: dd 0x00000000 dd 0x000002da dd 0x0000016d dd 0x000000b6 dd 0x0000005b dd 0x0000001e ref_0046cc00: dd 0x00000000 dd 0x00000064 dd 0x00000032 dd 0x0000000a dd 0x00000005 dd 0x00000003 ref_0046cc18: db 0x08 db 0x00 ref_0046cc1a: db 0x0f db 0x00 ref_0046cc1c: db 0xb8 db 0x01 ref_0046cc1e: db 0x9f db 0x00 dd 0x00b001c8 dd 0x00d70217 dd 0x00b00220 dd 0x00d7026f dd 0x00e2025a dd 0x00fa0271 dd 0x0106025a dd 0x011e0271 dd 0x012a025a dd 0x01420271 dd 0x014e025a dd 0x01660271 dd 0x0172025a dd 0x018a0271 dd 0x0196025a dd 0x01ae0271 dd 0x001f01c9 dd 0x003e0271 dd 0x003f01c9 dd 0x005e0271 dd 0x005f01c9 dd 0x007e0271 dd 0x007f01c9 dd 0x009e0271 ref_0046cc80: dd 0x00340014 dd 0x00740054 ref_0046cc88: db 0x31 db 0x02 ref_0046cc8a: db 0xfb db 0x00 ref_0046cc8c: db 0x5a db 0x02 ref_0046cc8e: db 0x40 db 0x01 dd 0x011f0218 dd 0x01a9025a dd 0x01430231 dd 0x0188025a dd 0x00c30218 dd 0x014d025a dd 0x00e70218 dd 0x0171025a dd 0x010b0204 dd 0x0195025a ref_0046ccb8: dd 0x00060005 dd 0x00060005 dd 0x00070006 ref_0046ccc4: dd 0x03020100 dd 0x0d0c0605 dd 0x12110f0e ref_0046ccd0: dd 0x00000005 dd 0x00000000 dd 0xffffffff dd 0x00000000 dd 0x00000008 dd 0x00000000 dd 0xffffffff dd 0x00000000 ref_0046ccf0: db 0x2d db 0xff ref_0046ccf2: db 0x36 db 0xfd ref_0046ccf4: db 0x23 db 0xff ref_0046ccf6: db 0x5a db 0xfd dd 0xfd7fff18 dd 0xfda2ff0d dd 0xfdc7ff03 dd 0xfdeafef8 dd 0xfe0ffeef dd 0xfe32fee4 dd 0xfe57fed9 dd 0xfe7bfecf dd 0xfe9ffec4 dd 0xfec3feb9 dd 0xfee6feaf dd 0xff0bfea4 dd 0xff30fe9a dd 0xff53fe8f dd 0xff78fe84 dd 0xff9bfe7a dd 0xffbffe70 dd 0xffe3fe65 dd 0x0006fe5b dd 0x002bfe50 dd 0x004efe46 dd 0x0073fe3b dd 0x0096fe30 dd 0x00bbfe26 dd 0x00defe1b dd 0x0103fe10 dd 0x0127fe06 dd 0xfd44ff46 dd 0xfd69ff3c dd 0xfd8dff31 dd 0xfdb1ff26 dd 0xfdd5ff1d dd 0xfdf9ff12 dd 0xfe1dff08 dd 0xfe41fefd dd 0xfe65fef2 dd 0xfe8afee8 dd 0xfeadfedd dd 0xfed2fed2 dd 0xfef5fec8 dd 0xff1afebd dd 0xff3efeb3 dd 0xff62fea8 dd 0xff86fe9e dd 0xffaafe94 dd 0xffcefe89 dd 0xfff1fe7e dd 0x0015fe74 dd 0x003afe69 dd 0x005dfe5f dd 0x0082fe54 dd 0x00a5fe49 dd 0x00c9fe3f dd 0x00edfe34 dd 0x0111fe29 dd 0x0136fe20 dd 0xfd53ff5f dd 0xfd78ff56 dd 0xfd9cff4b dd 0xfdbfff40 dd 0xfde4ff36 dd 0xfe07ff2b dd 0xfe2cff21 dd 0xfe4fff16 dd 0xfe74ff0b dd 0xfe98ff01 dd 0xfebcfef6 dd 0xfee0feeb dd 0xff04fee1 dd 0xff28fed6 dd 0xff4dfecd dd 0xff70fec2 dd 0xff95feb7 dd 0xffb8fead dd 0xffddfea2 dd 0x0000fe97 dd 0x0024fe8d dd 0x0048fe82 dd 0x006cfe78 dd 0x0090fe6d dd 0x00b3fe62 dd 0x00d8fe59 dd 0x00fbfe4e dd 0x0120fe43 dd 0x0145fe39 dd 0xfd62ff7a dd 0xfd86ff70 dd 0xfdabff65 dd 0xfdceff5a dd 0xfdf3ff50 dd 0xfe16ff45 dd 0xfe3bff3b dd 0xfe5eff30 dd 0xfe82ff25 dd 0xfea7ff1b dd 0xfecaff11 dd 0xfeefff06 dd 0xff12fefc dd 0xff37fef1 dd 0xff5bfee7 dd 0xff7ffedc dd 0xffa3fed1 dd 0xffc7fec7 dd 0xffebfebc dd 0x000efeb1 dd 0x0032fea7 dd 0x0057fe9c dd 0x007afe93 dd 0x009ffe88 dd 0x00c2fe7d dd 0x00e7fe73 dd 0x010afe68 dd 0x012ffe5d dd 0x0153fe53 dd 0xfd70ff93 dd 0xfd95ff89 dd 0xfdb9ff7e dd 0xfdddff73 dd 0xfe01ff69 dd 0xfe25ff5e dd 0xfe49ff54 dd 0xfe6dff49 dd 0xfe91ff3f dd 0xfeb6ff35 dd 0xfed9ff2a dd 0xfefeff1f dd 0xff21ff15 dd 0xff46ff0a dd 0xff6aff00 dd 0xff8dfef5 dd 0xffb2feea dd 0xffd5fee0 dd 0xfffafed5 dd 0x001cfeca dd 0x0041fec1 dd 0x0065feb6 dd 0x0089feac dd 0x00adfea1 dd 0x00d1fe96 dd 0x00f5fe8c dd 0x0119fe81 dd 0x013dfe76 dd 0x0162fe6c dd 0xfd80ffac dd 0xfda5ffa2 dd 0xfdc9ff97 dd 0xfdedff8c dd 0xfe11ff82 dd 0xfe34ff77 dd 0xfe59ff6e dd 0xfe7cff63 dd 0xfea1ff58 dd 0xfec6ff4e dd 0xfee9ff43 dd 0xff0dff38 dd 0xff31ff2e dd 0xff55ff23 dd 0xff7aff19 dd 0xff9dff0e dd 0xffc2ff03 dd 0xffe5fefa dd 0x0009feef dd 0x002cfee4 dd 0x0051feda dd 0x0075fecf dd 0x0099fec5 dd 0x00bdfeba dd 0x00e1feaf dd 0x0105fea5 dd 0x0129fe9a dd 0x014dfe8f dd 0x0172fe85 dd 0xfd8fffc6 dd 0xfdb3ffbc dd 0xfdd8ffb2 dd 0xfdfbffa7 dd 0xfe20ff9d dd 0xfe43ff92 dd 0xfe68ff88 dd 0xfe8bff7d dd 0xfeb0ff72 dd 0xfed4ff68 dd 0xfef8ff5d dd 0xff1cff52 dd 0xff3fff48 dd 0xff64ff3d dd 0xff89ff34 dd 0xffacff29 dd 0xffd1ff1e dd 0xfff4ff14 dd 0x0017ff09 dd 0x003bfefe dd 0x005ffef4 dd 0x0084fee9 dd 0x00a7fedf dd 0x00ccfed4 dd 0x00effec9 dd 0x0114febf dd 0x0137feb5 dd 0x015cfeaa dd 0x0180fea0 dd 0xfd9dffe0 dd 0xfdc2ffd6 dd 0xfde6ffcb dd 0xfe0affc0 dd 0xfe2effb6 dd 0xfe52ffab dd 0xfe76ffa1 dd 0xfe9aff96 dd 0xfebeff8b dd 0xfee3ff81 dd 0xff06ff76 dd 0xff2bff6b dd 0xff4eff62 dd 0xff73ff57 dd 0xff97ff4d dd 0xffbbff42 dd 0xffdfff37 dd 0x0002ff2d dd 0x0026ff22 dd 0x0049ff17 dd 0x006eff0d dd 0x0093ff02 dd 0x00b6fef8 dd 0x00dafeed dd 0x00fefee3 dd 0x0122fed9 dd 0x0146fece dd 0x016afec3 dd 0x018ffeb9 dd 0xfdacfff9 dd 0xfdd1ffef dd 0xfdf5ffe4 dd 0xfe18ffd9 dd 0xfe3dffcf dd 0xfe60ffc4 dd 0xfe85ffba dd 0xfea8ffaf dd 0xfecdffa4 dd 0xfef1ff9b dd 0xff15ff90 dd 0xff39ff85 dd 0xff5dff7b dd 0xff81ff70 dd 0xffa6ff66 dd 0xffc9ff5b dd 0xffeeff50 dd 0x0010ff46 dd 0x0035ff3b dd 0x0058ff30 dd 0x007dff26 dd 0x00a1ff1b dd 0x00c5ff12 dd 0x00e9ff07 dd 0x010cfefc dd 0x0131fef2 dd 0x0154fee7 dd 0x0179fedc dd 0x019efed2 dd 0xfdbb0012 dd 0xfddf0008 dd 0xfe04fffe dd 0xfe27fff3 dd 0xfe4cffe9 dd 0xfe6fffde dd 0xfe94ffd5 dd 0xfeb7ffca dd 0xfedbffbf dd 0xff00ffb5 dd 0xff23ffaa dd 0xff48ff9f dd 0xff6bff95 dd 0xff90ff8a dd 0xffb4ff80 dd 0xffd8ff75 dd 0xfffcff6a dd 0x001fff60 dd 0x0043ff56 dd 0x0067ff4b dd 0x008bff41 dd 0x00b0ff36 dd 0x00d3ff2c dd 0x00f8ff21 dd 0x011bff16 dd 0x0140ff0c dd 0x0163ff01 dd 0x0188fef6 dd 0x01acfeec dd 0xfdca002b dd 0xfdef0021 dd 0xfe140016 dd 0xfe37000b dd 0xfe5b0002 dd 0xfe7ffff8 dd 0xfea3ffee dd 0xfec7ffe3 dd 0xfeebffd8 dd 0xff10ffce dd 0xff33ffc3 dd 0xff58ffb8 dd 0xff7bffae dd 0xffa0ffa3 dd 0xffc4ff99 dd 0xffe8ff8e dd 0x000bff84 dd 0x002fff7a dd 0x0053ff6f dd 0x0077ff64 dd 0x009bff5a dd 0x00c0ff4f dd 0x00e3ff45 dd 0x0108ff3a dd 0x012bff2f dd 0x0150ff25 dd 0x0173ff1a dd 0x0197ff0f dd 0x01bcff06 dd 0xfdd90044 dd 0xfdfe003b dd 0xfe220030 dd 0xfe460025 dd 0xfe6a001b dd 0xfe8d0010 dd 0xfeb20006 dd 0xfed5fffc dd 0xfefafff1 dd 0xff1fffe7 dd 0xff42ffdc dd 0xff66ffd1 dd 0xff8affc7 dd 0xffaeffbc dd 0xffd3ffb3 dd 0xfff6ffa8 dd 0x001aff9d dd 0x003dff93 dd 0x0062ff88 dd 0x0085ff7d dd 0x00aaff73 dd 0x00ceff68 dd 0x00f2ff5e dd 0x0116ff53 dd 0x013aff48 dd 0x015eff3f dd 0x0182ff34 dd 0x01a6ff29 dd 0x01cbff1f dd 0xfde8005f dd 0xfe0c0055 dd 0xfe31004a dd 0xfe54003f dd 0xfe790035 dd 0xfe9c002a dd 0xfec10020 dd 0xfee40015 dd 0xff09000a dd 0xff2d0001 dd 0xff51fff7 dd 0xff75ffec dd 0xff98ffe2 dd 0xffbdffd7 dd 0xffe2ffcd dd 0x0004ffc2 dd 0x0029ffb7 dd 0x004cffad dd 0x0070ffa2 dd 0x0094ff97 dd 0x00b8ff8d dd 0x00ddff82 dd 0x0100ff79 dd 0x0125ff6e dd 0x0148ff63 dd 0x016dff59 dd 0x0190ff4e dd 0x01b5ff43 dd 0x01d9ff39 dd 0xfdf60078 dd 0xfe1b006e dd 0xfe3f0063 dd 0xfe630058 dd 0xfe87004e dd 0xfeab0043 dd 0xfecf0039 dd 0xfef3002f dd 0xff170024 dd 0xff3c001a dd 0xff5f000f dd 0xff840004 dd 0xffa7fffb dd 0xffccfff0 dd 0xfff0ffe6 dd 0x0013ffdb dd 0x0037ffd0 dd 0x005affc6 dd 0x007fffbb dd 0x00a2ffb0 dd 0x00c7ffa7 dd 0x00ecff9c dd 0x010fff92 dd 0x0133ff87 dd 0x0157ff7c dd 0x017bff72 dd 0x019fff67 dd 0x01c3ff5c dd 0x01e8ff52 dd 0xfe060092 dd 0xfe2b0088 dd 0xfe4f007d dd 0xfe730072 dd 0xfe970069 dd 0xfebb005e dd 0xfedf0054 dd 0xff020049 dd 0xff27003e dd 0xff4c0034 dd 0xff6f0029 dd 0xff94001e dd 0xffb70014 dd 0xffdb0009 dd 0x00000000 dd 0x0022fff5 dd 0x0047ffea dd 0x006affe1 dd 0x008fffd6 dd 0x00b2ffcb dd 0x00d7ffc1 dd 0x00fbffb6 dd 0x011fffac dd 0x0143ffa1 dd 0x0167ff96 dd 0x018bff8c dd 0x01afff81 dd 0x01d3ff76 dd 0x01f8ff6d dd 0xfe1500ab dd 0xfe3900a2 dd 0xfe5e0097 dd 0xfe81008c dd 0xfea60082 dd 0xfec90077 dd 0xfeee006d dd 0xff110062 dd 0xff360057 dd 0xff5a004d dd 0xff7e0042 dd 0xffa20037 dd 0xffc6002d dd 0xffea0022 dd 0x000e0019 dd 0x0031000e dd 0x00560003 dd 0x0079fffa dd 0x009effef dd 0x00c1ffe4 dd 0x00e5ffda dd 0x010affcf dd 0x012dffc5 dd 0x0152ffba dd 0x0175ffaf dd 0x019affa5 dd 0x01bdff9b dd 0x01e2ff90 dd 0x0206ff86 dd 0xfe2300c5 dd 0xfe4800bb dd 0xfe6d00b0 dd 0xfe9000a5 dd 0xfeb4009b dd 0xfed80090 dd 0xfefc0086 dd 0xff20007b dd 0xff440070 dd 0xff690066 dd 0xff8c005b dd 0xffb10050 dd 0xffd40047 dd 0xfff9003c dd 0x001c0032 dd 0x00400027 dd 0x0064001c dd 0x00880012 dd 0x00ac0007 dd 0x00d0fffd dd 0x00f4fff3 dd 0x0119ffe8 dd 0x013cffde dd 0x0161ffd3 dd 0x0184ffc9 dd 0x01a9ffbf dd 0x01ccffb4 dd 0x01f0ffa9 dd 0x0215ff9f dd 0xfe3200df dd 0xfe5700d5 dd 0xfe7b00ca dd 0xfe9f00bf dd 0xfec300b5 dd 0xfee600aa dd 0xff0b00a0 dd 0xff2e0095 dd 0xff53008b dd 0xff780081 dd 0xff9b0076 dd 0xffbf006b dd 0xffe30061 dd 0x00060056 dd 0x002b004c dd 0x004e0041 dd 0x00730036 dd 0x0096002c dd 0x00bb0021 dd 0x00de0016 dd 0x0103000d dd 0x01270002 dd 0x014bfff9 dd 0x016fffee dd 0x0193ffe3 dd 0x01b7ffd9 dd 0x01daffce dd 0x01ffffc3 dd 0x0224ffb9 dd 0xfe4100f8 dd 0xfe6500ee dd 0xfe8a00e3 dd 0xfead00d8 dd 0xfed200ce dd 0xfef500c3 dd 0xff1a00ba dd 0xff3d00af dd 0xff6200a4 dd 0xff86009a dd 0xffaa008f dd 0xffce0084 dd 0xfff1007a dd 0x0015006f dd 0x003a0065 dd 0x005d005a dd 0x0082004f dd 0x00a50046 dd 0x00c9003b dd 0x00ed0030 dd 0x01110026 dd 0x0136001b dd 0x01590011 dd 0x017e0006 dd 0x01a1fffc dd 0x01c6fff2 dd 0x01e9ffe7 dd 0x020effdc dd 0x0232ffd2 dd 0xfe510111 dd 0xfe750107 dd 0xfe9a00fc dd 0xfebd00f1 dd 0xfee200e8 dd 0xff0500dd dd 0xff2a00d3 dd 0xff4d00c8 dd 0xff7100bd dd 0xff9600b3 dd 0xffb900a8 dd 0xffde009d dd 0x00010093 dd 0x00250088 dd 0x0049007e dd 0x006d0074 dd 0x00910069 dd 0x00b5005f dd 0x00d90054 dd 0x00fd0049 dd 0x0121003f dd 0x01460034 dd 0x0169002a dd 0x018e001f dd 0x01b10014 dd 0x01d6000a dd 0x01f90000 dd 0x021efff5 dd 0x0242ffec dd 0xfe5f012c dd 0xfe840122 dd 0xfea80117 dd 0xfecc010c dd 0xfef00102 dd 0xff1400f7 dd 0xff3800ed dd 0xff5b00e2 dd 0xff8000d7 dd 0xffa500cd dd 0xffc800c2 dd 0xffed00b7 dd 0x000f00ae dd 0x003300a3 dd 0x00580099 dd 0x007b008e dd 0x00a00083 dd 0x00c30079 dd 0x00e8006e dd 0x010b0063 dd 0x01300059 dd 0x0154004e dd 0x01780044 dd 0x019c0039 dd 0x01c0002f dd 0x01e40025 dd 0x0208001a dd 0x022c000f dd 0x02510005 dd 0xfe6e0145 dd 0xfe92013b dd 0xfeb70130 dd 0xfeda0125 dd 0xfeff011b dd 0xff220110 dd 0xff470106 dd 0xff6a00fb dd 0xff8f00f0 dd 0xffb300e7 dd 0xffd700dc dd 0xfffb00d1 dd 0x001e00c7 dd 0x004200bc dd 0x006700b2 dd 0x008a00a7 dd 0x00af009c dd 0x00d20092 dd 0x00f70087 dd 0x011a007c dd 0x013e0072 dd 0x01630067 dd 0x0186005e dd 0x01ab0053 dd 0x01ce0048 dd 0x01f3003e dd 0x02160033 dd 0x023b0028 dd 0x025f001e dd 0xfe7c015e dd 0xfea10154 dd 0xfec60149 dd 0xfee9013e dd 0xff0d0134 dd 0xff310129 dd 0xff55011f dd 0xff790115 dd 0xff9d010a dd 0xffc20100 dd 0xffe500f5 dd 0x000900ea dd 0x002c00e0 dd 0x005100d5 dd 0x007500cb dd 0x009900c0 dd 0x00bd00b5 dd 0x00e100ab dd 0x010500a0 dd 0x01290095 dd 0x014d008c dd 0x01720081 dd 0x01950077 dd 0x01ba006c dd 0x01dd0061 dd 0x02020057 dd 0x0225004c dd 0x02490041 dd 0x026e0037 dd 0xfe8b0178 dd 0xfeb0016e dd 0xfed40163 dd 0xfef80158 dd 0xff1c014f dd 0xff3f0144 dd 0xff64013a dd 0xff87012f dd 0xffac0124 dd 0xffd1011a dd 0xfff4010f dd 0x00170104 dd 0x003b00fa dd 0x005f00ef dd 0x008400e5 dd 0x00a700da dd 0x00cc00d0 dd 0x00ef00c6 dd 0x011400bb dd 0x013700b0 dd 0x015c00a6 dd 0x0180009b dd 0x01a40091 dd 0x01c80086 dd 0x01ec007b dd 0x02100071 dd 0x02330066 dd 0x0258005b dd 0x027d0052 dd 0xfe9b0191 dd 0xfebf0188 dd 0xfee4017d dd 0xff070172 dd 0xff2c0168 dd 0xff4f015d dd 0xff740153 dd 0xff970148 dd 0xffbc013d dd 0xffe00133 dd 0x00030128 dd 0x0027011d dd 0x004b0113 dd 0x006f0108 dd 0x009400ff dd 0x00b700f4 dd 0x00dc00e9 dd 0x00ff00df dd 0x012400d4 dd 0x014700c9 dd 0x016c00bf dd 0x019000b4 dd 0x01b300aa dd 0x01d8009f dd 0x01fb0094 dd 0x0220008b dd 0x02430080 dd 0x02680075 dd 0x028c006b dd 0xfeaa01ab dd 0xfece01a1 dd 0xfef30196 dd 0xff16018b dd 0xff3b0181 dd 0xff5e0176 dd 0xff82016c dd 0xffa60161 dd 0xffca0156 dd 0xffef014c dd 0x00110141 dd 0x00360136 dd 0x0059012d dd 0x007e0122 dd 0x00a20118 dd 0x00c6010d dd 0x00ea0102 dd 0x010e00f8 dd 0x013200ed dd 0x015600e2 dd 0x017a00d8 dd 0x019f00cd dd 0x01c200c3 dd 0x01e700b9 dd 0x020a00ae dd 0x022f00a4 dd 0x02520099 dd 0x0277008e dd 0x029b0084 dd 0xfeb801c5 dd 0xfedd01bb dd 0xff0101b0 dd 0xff2501a5 dd 0xff49019b dd 0xff6d0190 dd 0xff910186 dd 0xffb4017b dd 0xffd90171 dd 0xfffe0167 dd 0x0020015c dd 0x00450151 dd 0x00680147 dd 0x008c013c dd 0x00b10132 dd 0x00d40127 dd 0x00f9011c dd 0x011c0112 dd 0x01410107 dd 0x016400fc dd 0x018900f3 dd 0x01ad00e8 dd 0x01d100de dd 0x01f500d3 dd 0x021900c8 dd 0x023d00be dd 0x026100b3 dd 0x028500a8 dd 0x02aa009e dd 0xfec701de dd 0xfeeb01d4 dd 0xff1001c9 dd 0xff3301be dd 0xff5801b4 dd 0xff7b01a9 dd 0xffa001a0 dd 0xffc30195 dd 0xffe8018a dd 0x000b0180 dd 0x002f0175 dd 0x0053016a dd 0x00770160 dd 0x009b0155 dd 0x00c0014b dd 0x00e30140 dd 0x01080135 dd 0x012b012c dd 0x01500121 dd 0x01730116 dd 0x0197010c dd 0x01bc0101 dd 0x01df00f7 dd 0x020400ec dd 0x022700e1 dd 0x024c00d7 dd 0x026f00cc dd 0x029400c1 dd 0x02b800b7 dd 0xfed501f7 dd 0xfefa01ed dd 0xff1f01e2 dd 0xff4201d7 dd 0xff6601ce dd 0xff8a01c3 dd 0xffae01b9 dd 0xffd201ae dd 0xfff601a3 dd 0x001a0199 dd 0x003d018e dd 0x00620183 dd 0x00850179 dd 0x00aa016e dd 0x00ce0164 dd 0x00f2015a dd 0x0116014f dd 0x013a0145 dd 0x015e013a dd 0x0182012f dd 0x01a60125 dd 0x01cb011a dd 0x01ee0110 dd 0x02130105 dd 0x023600fa dd 0x025a00f0 dd 0x027e00e5 dd 0x02a200da dd 0x02c700d1 dd 0xfed8fe05 dd 0xfefbfe10 dd 0xff20fe1b dd 0xff43fe25 dd 0xff67fe30 dd 0xff8bfe3b dd 0xffaffe45 dd 0xffd4fe50 dd 0xfff7fe5b dd 0x001bfe65 dd 0x003efe70 dd 0x0063fe7a dd 0x0086fe84 dd 0x00abfe8f dd 0x00cffe9a dd 0x00f3fea4 dd 0x0117feaf dd 0x013bfeb9 dd 0x015ffec4 dd 0x0183fecf dd 0x01a7fed9 dd 0x01cafee4 dd 0x01effeef dd 0x0214fef8 dd 0x0237ff03 dd 0x025bff0e dd 0x027fff18 dd 0x02a3ff23 dd 0x02c7ff2e dd 0xfec8fe1e dd 0xfeebfe29 dd 0xff10fe34 dd 0xff33fe3e dd 0xff58fe49 dd 0xff7bfe54 dd 0xffa0fe5e dd 0xffc4fe69 dd 0xffe7fe74 dd 0x000bfe7e dd 0x002efe89 dd 0x0053fe94 dd 0x0076fe9e dd 0x009bfea8 dd 0x00bffeb3 dd 0x00e3febd dd 0x0107fec8 dd 0x012bfed2 dd 0x014ffedd dd 0x0173fee8 dd 0x0197fef2 dd 0x01bbfefd dd 0x01dfff08 dd 0x0204ff12 dd 0x0227ff1d dd 0x024cff28 dd 0x026fff31 dd 0x0294ff3c dd 0x02b7ff47 dd 0xfeb9fe39 dd 0xfedcfe44 dd 0xff01fe4f dd 0xff24fe59 dd 0xff49fe63 dd 0xff6cfe6e dd 0xff91fe78 dd 0xffb5fe83 dd 0xffd9fe8e dd 0xfffdfe98 dd 0x0020fea3 dd 0x0044feae dd 0x0068feb8 dd 0x008cfec3 dd 0x00b1fece dd 0x00d4fed8 dd 0x00f9fee3 dd 0x011cfeec dd 0x0141fef7 dd 0x0164ff02 dd 0x0189ff0c dd 0x01acff17 dd 0x01d1ff22 dd 0x01f5ff2c dd 0x0218ff37 dd 0x023dff42 dd 0x0260ff4c dd 0x0285ff57 dd 0x02a8ff62 dd 0xfeabfe52 dd 0xfecefe5d dd 0xfef2fe68 dd 0xff16fe72 dd 0xff3afe7d dd 0xff5efe88 dd 0xff82fe91 dd 0xffa7fe9c dd 0xffcafea7 dd 0xffeffeb1 dd 0x0011febc dd 0x0036fec7 dd 0x0059fed1 dd 0x007efedc dd 0x00a2fee7 dd 0x00c6fef1 dd 0x00eafefc dd 0x010dff06 dd 0x0132ff11 dd 0x0155ff1b dd 0x017aff25 dd 0x019dff30 dd 0x01c2ff3b dd 0x01e6ff45 dd 0x020aff50 dd 0x022eff5b dd 0x0252ff65 dd 0x0276ff70 dd 0x029aff7b dd 0xfe9cfe6b dd 0xfebffe76 dd 0xfee4fe81 dd 0xff07fe8b dd 0xff2cfe96 dd 0xff4ffea1 dd 0xff74feab dd 0xff98feb6 dd 0xffbcfec1 dd 0xffe0feca dd 0x0003fed5 dd 0x0027fee0 dd 0x004afeea dd 0x006ffef5 dd 0x0094ff00 dd 0x00b7ff0a dd 0x00dbff15 dd 0x00ffff1f dd 0x0123ff2a dd 0x0147ff35 dd 0x016bff3f dd 0x018fff49 dd 0x01b3ff54 dd 0x01d8ff5e dd 0x01fbff69 dd 0x0220ff74 dd 0x0243ff7e dd 0x0268ff89 dd 0x028bff94 dd 0xfe8dfe85 dd 0xfeb1fe90 dd 0xfed5fe9b dd 0xfef9fea5 dd 0xff1dfeb0 dd 0xff40febb dd 0xff65fec5 dd 0xff8afed0 dd 0xffadfedb dd 0xffd2fee5 dd 0xfff5fef0 dd 0x0018fefb dd 0x003cff04 dd 0x0060ff0f dd 0x0085ff1a dd 0x00a8ff24 dd 0x00cdff2f dd 0x00f0ff39 dd 0x0115ff44 dd 0x0138ff4f dd 0x015dff59 dd 0x0180ff64 dd 0x01a5ff6f dd 0x01c9ff79 dd 0x01edff84 dd 0x0211ff8e dd 0x0234ff98 dd 0x0259ffa3 dd 0x027cffae dd 0xfe7dfe9f dd 0xfea1feaa dd 0xfec5feb5 dd 0xfee9febe dd 0xff0dfec9 dd 0xff31fed4 dd 0xff55fede dd 0xff7afee9 dd 0xff9dfef4 dd 0xffc2fefe dd 0xffe5ff09 dd 0x0009ff14 dd 0x002cff1e dd 0x0051ff29 dd 0x0075ff34 dd 0x0098ff3d dd 0x00bdff48 dd 0x00e0ff52 dd 0x0105ff5d dd 0x0128ff68 dd 0x014dff72 dd 0x0170ff7d dd 0x0195ff88 dd 0x01b9ff92 dd 0x01ddff9d dd 0x0201ffa8 dd 0x0225ffb2 dd 0x0249ffbc dd 0x026dffc7 dd 0xfe6ffeb8 dd 0xfe92fec3 dd 0xfeb7fece dd 0xfedafed8 dd 0xfefffee3 dd 0xff22feed dd 0xff47fef7 dd 0xff6bff02 dd 0xff8eff0d dd 0xffb3ff17 dd 0xffd6ff22 dd 0xfffbff2d dd 0x001dff37 dd 0x0042ff42 dd 0x0066ff4d dd 0x008aff57 dd 0x00aeff62 dd 0x00d2ff6b dd 0x00f6ff76 dd 0x011aff81 dd 0x013eff8b dd 0x0162ff96 dd 0x0186ffa1 dd 0x01abffab dd 0x01ceffb6 dd 0x01f3ffc1 dd 0x0216ffcb dd 0x023bffd6 dd 0x025effe1 dd 0xfe60fed2 dd 0xfe83fedd dd 0xfea8fee8 dd 0xfecbfef2 dd 0xfef0fefd dd 0xff13ff08 dd 0xff38ff12 dd 0xff5cff1d dd 0xff80ff28 dd 0xffa4ff31 dd 0xffc8ff3c dd 0xffecff47 dd 0x000fff51 dd 0x0033ff5c dd 0x0058ff67 dd 0x007bff71 dd 0x00a0ff7c dd 0x00c3ff86 dd 0x00e8ff91 dd 0x010bff9c dd 0x0130ffa5 dd 0x0153ffb0 dd 0x0178ffbb dd 0x019cffc5 dd 0x01bfffd0 dd 0x01e4ffdb dd 0x0207ffe5 dd 0x022cfff0 dd 0x024ffffb dd 0xfe52feeb dd 0xfe75fef6 dd 0xfe99ff01 dd 0xfebdff0b dd 0xfee1ff16 dd 0xff05ff21 dd 0xff29ff2b dd 0xff4eff36 dd 0xff71ff41 dd 0xff96ff4b dd 0xffb9ff56 dd 0xffdeff60 dd 0x0001ff6a dd 0x0025ff75 dd 0x0049ff80 dd 0x006dff8a dd 0x0091ff95 dd 0x00b4ff9f dd 0x00d9ffaa dd 0x00fcffb5 dd 0x0121ffbf dd 0x0144ffca dd 0x0169ffd5 dd 0x018dffde dd 0x01b1ffe9 dd 0x01d5fff4 dd 0x01f9fffe dd 0x021d0008 dd 0x02410013 dd 0xfe42ff04 dd 0xfe65ff0f dd 0xfe8aff1a dd 0xfeadff24 dd 0xfed2ff2f dd 0xfef5ff3a dd 0xff19ff44 dd 0xff3eff4f dd 0xff61ff5a dd 0xff86ff64 dd 0xffa9ff6f dd 0xffceff7a dd 0xfff1ff84 dd 0x0015ff8e dd 0x0039ff99 dd 0x005dffa3 dd 0x0081ffae dd 0x00a5ffb8 dd 0x00c9ffc3 dd 0x00edffce dd 0x0111ffd8 dd 0x0134ffe3 dd 0x0159ffee dd 0x017efff8 dd 0x01a10002 dd 0x01c6000d dd 0x01e90016 dd 0x020d0021 dd 0x0231002c dd 0xfe33ff1f dd 0xfe56ff2a dd 0xfe7bff35 dd 0xfe9eff3f dd 0xfec3ff49 dd 0xfee6ff54 dd 0xff0bff5e dd 0xff2fff69 dd 0xff53ff74 dd 0xff77ff7e dd 0xff9bff89 dd 0xffbfff94 dd 0xffe3ff9e dd 0x0006ffa9 dd 0x002bffb4 dd 0x004effbe dd 0x0073ffc9 dd 0x0096ffd2 dd 0x00bbffdd dd 0x00deffe8 dd 0x0103fff2 dd 0x0126fffd dd 0x014a0007 dd 0x016f0011 dd 0x0192001c dd 0x01b70027 dd 0x01da0031 dd 0x01ff003c dd 0x02220047 dd 0xfe24ff38 dd 0xfe48ff43 dd 0xfe6cff4e dd 0xfe90ff58 dd 0xfeb4ff63 dd 0xfed8ff6e dd 0xfefcff77 dd 0xff21ff82 dd 0xff44ff8d dd 0xff69ff97 dd 0xff8cffa2 dd 0xffb1ffad dd 0xffd4ffb7 dd 0xfff9ffc2 dd 0x001cffcd dd 0x003fffd7 dd 0x0064ffe2 dd 0x0087ffec dd 0x00acfff7 dd 0x00cf0001 dd 0x00f4000a dd 0x01170015 dd 0x013c0020 dd 0x0160002a dd 0x01840035 dd 0x01a80040 dd 0x01cc004a dd 0x01f00055 dd 0x02140060 dd 0xfe16ff51 dd 0xfe39ff5c dd 0xfe5eff67 dd 0xfe81ff71 dd 0xfea6ff7c dd 0xfec9ff87 dd 0xfeeeff91 dd 0xff12ff9c dd 0xff35ffa7 dd 0xff5affb0 dd 0xff7dffbb dd 0xffa2ffc6 dd 0xffc5ffd0 dd 0xffeaffdb dd 0x000dffe6 dd 0x0031fff0 dd 0x0055fffb dd 0x00790004 dd 0x009d000f dd 0x00c1001a dd 0x00e50024 dd 0x0109002f dd 0x012d0039 dd 0x01520043 dd 0x0175004e dd 0x019a0059 dd 0x01bd0063 dd 0x01e2006e dd 0x02050079 dd 0xfe07ff6b dd 0xfe2bff76 dd 0xfe4fff81 dd 0xfe72ff8b dd 0xfe97ff96 dd 0xfebaffa1 dd 0xfedfffab dd 0xff03ffb6 dd 0xff27ffc1 dd 0xff4bffcb dd 0xff6fffd6 dd 0xff93ffe1 dd 0xffb7ffea dd 0xffdbfff5 dd 0x00000000 dd 0x00220009 dd 0x00470014 dd 0x006a001e dd 0x008f0029 dd 0x00b20034 dd 0x00d7003e dd 0x00fa0049 dd 0x011f0054 dd 0x0143005e dd 0x01660069 dd 0x018b0074 dd 0x01ae007d dd 0x01d30088 dd 0x01f60093 dd 0xfdf7ff85 dd 0xfe1bff90 dd 0xfe3fff9b dd 0xfe63ffa4 dd 0xfe87ffaf dd 0xfeabffba dd 0xfecfffc4 dd 0xfef4ffcf dd 0xff17ffda dd 0xff3cffe4 dd 0xff5fffef dd 0xff83fffa dd 0xffa70003 dd 0xffcb000e dd 0xfff00019 dd 0x00120022 dd 0x0037002d dd 0x005a0037 dd 0x007f0042 dd 0x00a2004d dd 0x00c70057 dd 0x00ea0062 dd 0x010f006d dd 0x01330077 dd 0x01570082 dd 0x017b008d dd 0x019f0097 dd 0x01c300a2 dd 0x01e600ac dd 0xfde9ff9e dd 0xfe0cffa9 dd 0xfe31ffb4 dd 0xfe54ffbe dd 0xfe79ffc9 dd 0xfe9cffd3 dd 0xfec0ffdd dd 0xfee5ffe8 dd 0xff08fff3 dd 0xff2dfffd dd 0xff500007 dd 0xff750012 dd 0xff98001c dd 0xffbd0027 dd 0xffe10032 dd 0x0004003c dd 0x00280047 dd 0x004c0050 dd 0x0070005b dd 0x00940066 dd 0x00b80070 dd 0x00db007b dd 0x01000086 dd 0x01250090 dd 0x0148009b dd 0x016d00a6 dd 0x019000b0 dd 0x01b400bb dd 0x01d800c6 dd 0xfddaffb7 dd 0xfdfdffc2 dd 0xfe22ffcd dd 0xfe45ffd7 dd 0xfe6affe2 dd 0xfe8dffed dd 0xfeb2fff7 dd 0xfed60001 dd 0xfefa000b dd 0xff1e0015 dd 0xff420020 dd 0xff66002b dd 0xff8a0035 dd 0xffae0040 dd 0xffd3004b dd 0xfff60055 dd 0x001a0060 dd 0x003d006a dd 0x00620075 dd 0x00850080 dd 0x00aa0089 dd 0x00cd0094 dd 0x00f1009f dd 0x011600a9 dd 0x013900b4 dd 0x015e00bf dd 0x018100c9 dd 0x01a600d4 dd 0x01c900df dd 0xfdcbffd1 dd 0xfdefffdc dd 0xfe13ffe7 dd 0xfe37fff1 dd 0xfe5bfffc dd 0xfe7f0006 dd 0xfea30010 dd 0xfec8001b dd 0xfeeb0026 dd 0xff100030 dd 0xff33003b dd 0xff580046 dd 0xff7b004f dd 0xffa0005a dd 0xffc40065 dd 0xffe7006f dd 0x000b007a dd 0x002e0084 dd 0x0053008f dd 0x0076009a dd 0x009b00a4 dd 0x00be00af dd 0x00e300ba dd 0x010700c3 dd 0x012b00ce dd 0x014f00d9 dd 0x017300e3 dd 0x019700ee dd 0x01bb00f9 dd 0xfdbcffea dd 0xfddffff5 dd 0xfe030000 dd 0xfe270009 dd 0xfe4b0014 dd 0xfe6f001f dd 0xfe930029 dd 0xfeb80034 dd 0xfedb003f dd 0xff000049 dd 0xff230054 dd 0xff48005f dd 0xff6b0069 dd 0xff900074 dd 0xffb4007e dd 0xffd80088 dd 0xfffc0093 dd 0x001f009d dd 0x004300a8 dd 0x006600b3 dd 0x008b00bd dd 0x00ae00c8 dd 0x00d300d3 dd 0x00f800dd dd 0x011b00e8 dd 0x013f00f3 dd 0x016300fc dd 0x01870107 dd 0x01ab0112 dd 0xfdad0003 dd 0xfdd0000e dd 0xfdf50019 dd 0xfe180022 dd 0xfe3d002d dd 0xfe600038 dd 0xfe850042 dd 0xfea9004d dd 0xfecd0058 dd 0xfef10062 dd 0xff15006d dd 0xff390078 dd 0xff5c0082 dd 0xff81008d dd 0xffa60098 dd 0xffc900a2 dd 0xffee00ac dd 0x001000b6 dd 0x003400c1 dd 0x005800cc dd 0x007c00d6 dd 0x00a000e1 dd 0x00c400ec dd 0x00e900f6 dd 0x010c0101 dd 0x0131010c dd 0x01540116 dd 0x01790121 dd 0x019c012c dd 0xfd9e001d dd 0xfdc20028 dd 0xfde60033 dd 0xfe0a003d dd 0xfe2e0048 dd 0xfe520053 dd 0xfe76005d dd 0xfe9b0067 dd 0xfebe0072 dd 0xfee3007c dd 0xff060087 dd 0xff2b0092 dd 0xff4e009c dd 0xff7200a7 dd 0xff9700b2 dd 0xffba00bc dd 0xffdf00c7 dd 0x000200d1 dd 0x002600dc dd 0x004900e7 dd 0x006e00f0 dd 0x009100fb dd 0x00b60106 dd 0x00da0110 dd 0x00fe011b dd 0x01220126 dd 0x01460130 dd 0x016a013b dd 0x018d0146 dd 0xfd900036 dd 0xfdb30041 dd 0xfdd8004c dd 0xfdfb0056 dd 0xfe200061 dd 0xfe43006c dd 0xfe670076 dd 0xfe8c0081 dd 0xfeaf008c dd 0xfed40095 dd 0xfef700a0 dd 0xff1c00ab dd 0xff3f00b5 dd 0xff6400c0 dd 0xff8800cb dd 0xffac00d5 dd 0xffd000e0 dd 0xfff400ea dd 0x001700f5 dd 0x003b0100 dd 0x005f010a dd 0x00830115 dd 0x00a7011f dd 0x00cc0129 dd 0x00ef0134 dd 0x0114013f dd 0x01370149 dd 0x015b0154 dd 0x017f015f dd 0xfd80004f dd 0xfda3005a dd 0xfdc80065 dd 0xfdeb006f dd 0xfe10007a dd 0xfe330085 dd 0xfe58008f dd 0xfe7c009a dd 0xfea000a5 dd 0xfec400af dd 0xfee700ba dd 0xff0c00c5 dd 0xff2f00ce dd 0xff5400d9 dd 0xff7900e4 dd 0xff9c00ee dd 0xffc000f9 dd 0xffe40103 dd 0x0007010e dd 0x002b0119 dd 0x004f0123 dd 0x0073012e dd 0x00970139 dd 0x00bc0143 dd 0x00df014d dd 0x01040158 dd 0x01270162 dd 0x014c016d dd 0x016f0178 dd 0xfd71006a dd 0xfd950075 dd 0xfdb90080 dd 0xfddc0089 dd 0xfe010094 dd 0xfe24009f dd 0xfe4900a9 dd 0xfe6e00b4 dd 0xfe9100bf dd 0xfeb500c9 dd 0xfed900d4 dd 0xfefd00df dd 0xff2100e9 dd 0xff4500f4 dd 0xff6a00ff dd 0xff8d0108 dd 0xffb20113 dd 0xffd5011d dd 0xfffa0128 dd 0x001c0133 dd 0x0041013d dd 0x00640148 dd 0x00890153 dd 0x00ad015d dd 0x00d10168 dd 0x00f50173 dd 0x0118017d dd 0x013d0188 dd 0x01600192 dd 0xfd630083 dd 0xfd86008e dd 0xfdab0099 dd 0xfdce00a3 dd 0xfdf200ae dd 0xfe1600b9 dd 0xfe3a00c2 dd 0xfe5f00cd dd 0xfe8200d8 dd 0xfea700e2 dd 0xfeca00ed dd 0xfeef00f8 dd 0xff120102 dd 0xff37010d dd 0xff5b0118 dd 0xff7f0122 dd 0xffa3012d dd 0xffc70136 dd 0xffeb0141 dd 0x000d014c dd 0x00320156 dd 0x00550161 dd 0x007a016c dd 0x009f0176 dd 0x00c20181 dd 0x00e6018c dd 0x010a0196 dd 0x012e01a1 dd 0x015201ac dd 0xfd54009c dd 0xfd7700a7 dd 0xfd9c00b2 dd 0xfdbf00bc dd 0xfde400c7 dd 0xfe0700d2 dd 0xfe2c00dc dd 0xfe5000e7 dd 0xfe7400f1 dd 0xfe9800fb dd 0xfebc0106 dd 0xfee00111 dd 0xff03011b dd 0xff280126 dd 0xff4d0131 dd 0xff70013b dd 0xff950146 dd 0xffb80150 dd 0xffdc015b dd 0x00000166 dd 0x0023016f dd 0x0047017a dd 0x006b0185 dd 0x0090018f dd 0x00b3019a dd 0x00d801a5 dd 0x00fb01af dd 0x012001ba dd 0x014301c5 dd 0xfd4500b6 dd 0xfd6900c1 dd 0xfd8d00cc dd 0xfdb100d6 dd 0xfdd500e1 dd 0xfdf900ec dd 0xfe1d00f6 dd 0xfe420101 dd 0xfe65010c dd 0xfe8a0116 dd 0xfead0121 dd 0xfed2012c dd 0xfef50135 dd 0xff190140 dd 0xff3e014b dd 0xff610155 dd 0xff860160 dd 0xffa9016a dd 0xffce0175 dd 0xfff10180 dd 0x0015018a dd 0x00380195 dd 0x005d01a0 dd 0x008101a9 dd 0x00a501b4 dd 0x00c901bf dd 0x00ed01c9 dd 0x011101d4 dd 0x013401df dd 0xfd3500d0 dd 0xfd5900da dd 0xfd7d00e5 dd 0xfda100ef dd 0xfdc500fa dd 0xfde90105 dd 0xfe0d010f dd 0xfe32011a dd 0xfe550125 dd 0xfe7a012f dd 0xfe9d013a dd 0xfec20145 dd 0xfee5014f dd 0xff0a015a dd 0xff2e0164 dd 0xff52016e dd 0xff760179 dd 0xff990183 dd 0xffbe018e dd 0xffe10199 dd 0x000501a3 dd 0x002801ae dd 0x004d01b9 dd 0x007101c3 dd 0x009501ce dd 0x00b901d9 dd 0x00dd01e2 dd 0x010101ed dd 0x012501f8 dd 0x0126fe06 dd 0x0134fe1f dd 0x0143fe3a dd 0x0152fe53 dd 0x0160fe6c dd 0x0170fe86 dd 0x017ffea0 dd 0x018dfeb9 dd 0x019cfed3 dd 0x01abfeec dd 0x01bbff05 dd 0x01c9ff20 dd 0x01d8ff39 dd 0x01e6ff52 dd 0x01f6ff6c dd 0x0205ff86 dd 0x0214ff9f dd 0x0222ffb8 dd 0x0231ffd2 dd 0x0241ffeb dd 0x024f0004 dd 0x025e001e dd 0x026d0037 dd 0x027b0050 dd 0x028b006b dd 0x029a0084 dd 0x02a8009d dd 0x02b700b7 dd 0x02c600d1 dd 0x0103fe10 dd 0x0111fe29 dd 0x0120fe44 dd 0x012efe5d dd 0x013dfe76 dd 0x014dfe90 dd 0x015bfea9 dd 0x016afec3 dd 0x0179fedd dd 0x0187fef6 dd 0x0197ff0f dd 0x01a6ff2a dd 0x01b4ff43 dd 0x01c3ff5c dd 0x01d3ff76 dd 0x01e2ff8f dd 0x01f0ffa9 dd 0x01ffffc2 dd 0x020dffdc dd 0x021dfff5 dd 0x022c000e dd 0x023b0028 dd 0x02490041 dd 0x0258005a dd 0x02680075 dd 0x0276008e dd 0x028500a7 dd 0x029400c1 dd 0x02a200da dd 0x00defe1b dd 0x00edfe34 dd 0x00fbfe4f dd 0x010afe68 dd 0x0118fe81 dd 0x0128fe9b dd 0x0137feb4 dd 0x0146fece dd 0x0154fee8 dd 0x0163ff01 dd 0x0173ff1a dd 0x0181ff35 dd 0x0190ff4e dd 0x019fff67 dd 0x01aeff81 dd 0x01bdff9a dd 0x01ccffb4 dd 0x01daffcd dd 0x01e9ffe7 dd 0x01f90000 dd 0x02070019 dd 0x02160033 dd 0x0225004c dd 0x02330065 dd 0x0243007f dd 0x02520099 dd 0x026000b2 dd 0x026f00cc dd 0x027e00e5 dd 0x00bbfe26 dd 0x00c9fe3f dd 0x00d8fe5a dd 0x00e6fe73 dd 0x00f5fe8c dd 0x0105fea6 dd 0x0114febf dd 0x0122fed9 dd 0x0131fef3 dd 0x013fff0c dd 0x014fff25 dd 0x015eff40 dd 0x016dff59 dd 0x017bff72 dd 0x018bff8c dd 0x019affa5 dd 0x01a8ffbf dd 0x01b7ffd8 dd 0x01c6fff2 dd 0x01d5000a dd 0x01e40023 dd 0x01f3003e dd 0x02010057 dd 0x02100070 dd 0x0220008a dd 0x022e00a4 dd 0x023d00bd dd 0x024c00d7 dd 0x025a00f0 dd 0x0096fe30 dd 0x00a5fe49 dd 0x00b3fe63 dd 0x00c2fe7d dd 0x00d1fe96 dd 0x00e0feb0 dd 0x00effec9 dd 0x00fefee2 dd 0x010cfefd dd 0x011bff16 dd 0x012bff2f dd 0x0139ff49 dd 0x0148ff63 dd 0x0157ff7c dd 0x0166ff96 dd 0x0175ffaf dd 0x0184ffc8 dd 0x0192ffe2 dd 0x01a1fffc dd 0x01b10014 dd 0x01bf002d dd 0x01ce0048 dd 0x01dd0061 dd 0x01eb007a dd 0x01fb0094 dd 0x020a00ad dd 0x021800c7 dd 0x022700e1 dd 0x023600fa dd 0x0073fe3b dd 0x0081fe54 dd 0x0090fe6e dd 0x009ffe88 dd 0x00adfea1 dd 0x00bdfebb dd 0x00ccfed4 dd 0x00dafeed dd 0x00e9ff08 dd 0x00f8ff21 dd 0x0107ff3a dd 0x0116ff54 dd 0x0125ff6e dd 0x0133ff87 dd 0x0143ffa1 dd 0x0152ffba dd 0x0160ffd3 dd 0x016fffed dd 0x017e0006 dd 0x018d001f dd 0x019c0038 dd 0x01ab0053 dd 0x01b9006c dd 0x01c80085 dd 0x01d8009f dd 0x01e600b8 dd 0x01f500d2 dd 0x020400ec dd 0x02120105 dd 0x004efe45 dd 0x005dfe5e dd 0x006bfe78 dd 0x007afe91 dd 0x0089feab dd 0x0098fec5 dd 0x00a7fede dd 0x00b6fef7 dd 0x00c4ff12 dd 0x00d3ff2b dd 0x00e3ff44 dd 0x00f1ff5e dd 0x0100ff77 dd 0x010fff91 dd 0x011fffab dd 0x012dffc4 dd 0x013cffdd dd 0x014afff6 dd 0x01590010 dd 0x01690029 dd 0x01780042 dd 0x0186005c dd 0x01950076 dd 0x01a3008f dd 0x01b300a9 dd 0x01c200c2 dd 0x01d100db dd 0x01df00f6 dd 0x01ee010f dd 0x002afe50 dd 0x0038fe69 dd 0x0047fe83 dd 0x0055fe9c dd 0x0064feb6 dd 0x0074fed0 dd 0x0083fee9 dd 0x0091ff02 dd 0x00a0ff1c dd 0x00aeff36 dd 0x00beff4f dd 0x00cdff69 dd 0x00dbff82 dd 0x00eaff9c dd 0x00faffb6 dd 0x0109ffcf dd 0x0117ffe8 dd 0x01260001 dd 0x0134001b dd 0x01440034 dd 0x0153004d dd 0x01620067 dd 0x01700081 dd 0x017f009a dd 0x018f00b4 dd 0x019d00cd dd 0x01ac00e6 dd 0x01bb0101 dd 0x01c9011a dd 0x0006fe5b dd 0x0015fe74 dd 0x0023fe8e dd 0x0032fea7 dd 0x0041fec0 dd 0x0051fedb dd 0x005ffef4 dd 0x006eff0d dd 0x007cff27 dd 0x008bff41 dd 0x009bff5a dd 0x00aaff74 dd 0x00b8ff8d dd 0x00c7ffa6 dd 0x00d7ffc1 dd 0x00e5ffda dd 0x00f4fff3 dd 0x0103000b dd 0x01110026 dd 0x0121003f dd 0x01300058 dd 0x013e0072 dd 0x014d008c dd 0x015b00a5 dd 0x016b00bf dd 0x017a00d8 dd 0x018900f1 dd 0x0197010c dd 0x01a60125 dd 0xffe3fe64 dd 0xfff1fe7e dd 0x0000fe98 dd 0x000dfeb1 dd 0x001cfeca dd 0x002cfee5 dd 0x003bfefe dd 0x0049ff17 dd 0x0058ff31 dd 0x0066ff4a dd 0x0076ff64 dd 0x0085ff7e dd 0x0094ff97 dd 0x00a2ffb0 dd 0x00b2ffcb dd 0x00c1ffe4 dd 0x00cffffd dd 0x00de0015 dd 0x00ed0030 dd 0x00fc0049 dd 0x010b0062 dd 0x011a007c dd 0x01280095 dd 0x013700af dd 0x014700c9 dd 0x015500e2 dd 0x016400fb dd 0x01730116 dd 0x0181012f dd 0xffbffe6f dd 0xffcefe89 dd 0xffdcfea3 dd 0xffebfebc dd 0xfffafed5 dd 0x0009fef0 dd 0x0017ff09 dd 0x0026ff22 dd 0x0034ff3c dd 0x0043ff55 dd 0x0053ff6f dd 0x0062ff89 dd 0x0070ffa2 dd 0x007fffbb dd 0x008fffd6 dd 0x009dffef dd 0x00ac0007 dd 0x00bb0020 dd 0x00c9003a dd 0x00d90054 dd 0x00e8006d dd 0x00f60087 dd 0x010500a0 dd 0x011400ba dd 0x012300d4 dd 0x013200ed dd 0x01410106 dd 0x014f0120 dd 0x015e013a dd 0xff9bfe7a dd 0xffa9fe94 dd 0xffb8feae dd 0xffc7fec7 dd 0xffd5fee0 dd 0xffe5fefb dd 0xfff4ff14 dd 0x0002ff2d dd 0x0010ff47 dd 0x001fff60 dd 0x002eff7a dd 0x003dff94 dd 0x004cffad dd 0x005affc6 dd 0x006affe1 dd 0x0079fffa dd 0x00870012 dd 0x0096002b dd 0x00a50045 dd 0x00b4005f dd 0x00c30078 dd 0x00d20092 dd 0x00e000ab dd 0x00ef00c4 dd 0x00ff00df dd 0x010d00f8 dd 0x011c0111 dd 0x012b012b dd 0x01390145 dd 0xff77fe84 dd 0xff86fe9d dd 0xff95feb8 dd 0xffa3fed1 dd 0xffb2feea dd 0xffc2ff04 dd 0xffd0ff1e dd 0xffdfff37 dd 0xffeeff51 dd 0xfffcff6a dd 0x000bff83 dd 0x001aff9e dd 0x0028ffb7 dd 0x0037ffd0 dd 0x0047ffea dd 0x00550003 dd 0x0064001c dd 0x00730035 dd 0x0081004f dd 0x00910068 dd 0x00a00082 dd 0x00ae009c dd 0x00bd00b5 dd 0x00cc00ce dd 0x00db00e9 dd 0x00ea0102 dd 0x00f9011b dd 0x01070135 dd 0x0116014e dd 0xff53fe8f dd 0xff61fea8 dd 0xff70fec3 dd 0xff7ffedc dd 0xff8dfef5 dd 0xff9dff0f dd 0xffacff29 dd 0xffbaff42 dd 0xffc9ff5c dd 0xffd8ff75 dd 0xffe7ff8e dd 0xfff6ffa9 dd 0x0004ffc2 dd 0x0012ffdb dd 0x0022fff5 dd 0x0031000e dd 0x003f0027 dd 0x004e0040 dd 0x005d005a dd 0x006d0073 dd 0x007b008d dd 0x008a00a7 dd 0x009800c0 dd 0x00a700d9 dd 0x00b700f4 dd 0x00c6010d dd 0x00d40126 dd 0x00e30140 dd 0x00f10159 dd 0xff2ffe9a dd 0xff3efeb3 dd 0xff4dfece dd 0xff5bfee7 dd 0xff6aff00 dd 0xff7aff1a dd 0xff88ff33 dd 0xff97ff4d dd 0xffa6ff67 dd 0xffb4ff80 dd 0xffc4ff99 dd 0xffd3ffb4 dd 0xffe1ffcd dd 0xfff0ffe6 dd 0x00000000 dd 0x000d0019 dd 0x001c0032 dd 0x002b004b dd 0x00390065 dd 0x0049007e dd 0x00580098 dd 0x006600b2 dd 0x007500cb dd 0x008400e4 dd 0x009400ff dd 0x00a20118 dd 0x00b10131 dd 0x00bf014b dd 0x00ce0164 dd 0xff0bfea4 dd 0xff19febd dd 0xff28fed7 dd 0xff37fef1 dd 0xff45ff0a dd 0xff55ff24 dd 0xff64ff3d dd 0xff72ff57 dd 0xff81ff71 dd 0xff90ff8a dd 0xffa0ffa3 dd 0xffaeffbd dd 0xffbdffd7 dd 0xffcbfff0 dd 0xffdb0009 dd 0xffea0022 dd 0xfff9003c dd 0x00060055 dd 0x0015006f dd 0x00250088 dd 0x003300a1 dd 0x004200bc dd 0x005100d5 dd 0x005f00ee dd 0x006f0108 dd 0x007e0122 dd 0x008c013b dd 0x009b0155 dd 0x00aa016e dd 0xfee6feaf dd 0xfef5fec8 dd 0xff03fee2 dd 0xff12fefc dd 0xff21ff15 dd 0xff31ff2f dd 0xff3fff48 dd 0xff4eff61 dd 0xff5cff7c dd 0xff6bff95 dd 0xff7bffae dd 0xff8affc8 dd 0xff98ffe2 dd 0xffa7fffb dd 0xffb70014 dd 0xffc5002d dd 0xffd40047 dd 0xffe30060 dd 0xfff1007a dd 0x00010093 dd 0x000f00ac dd 0x001d00c7 dd 0x002c00e0 dd 0x003b00f9 dd 0x004a0113 dd 0x0059012d dd 0x00680146 dd 0x00760160 dd 0x00850179 dd 0xfec3feb9 dd 0xfed2fed2 dd 0xfee0feec dd 0xfeefff05 dd 0xfefdff1f dd 0xff0dff39 dd 0xff1cff52 dd 0xff2bff6b dd 0xff39ff86 dd 0xff48ff9f dd 0xff58ffb8 dd 0xff66ffd2 dd 0xff75ffeb dd 0xff830004 dd 0xff93001e dd 0xffa20037 dd 0xffb10050 dd 0xffbf006a dd 0xffce0084 dd 0xffde009d dd 0xffec00b6 dd 0xfffb00d1 dd 0x000900ea dd 0x00170103 dd 0x0027011d dd 0x00360136 dd 0x00440150 dd 0x0053016a dd 0x00620183 dd 0xfe9efec4 dd 0xfeadfedd dd 0xfebcfef7 dd 0xfecaff10 dd 0xfed9ff2a dd 0xfee9ff44 dd 0xfef7ff5d dd 0xff06ff76 dd 0xff15ff91 dd 0xff23ffaa dd 0xff33ffc3 dd 0xff42ffdd dd 0xff50fff6 dd 0xff5f000f dd 0xff6f0029 dd 0xff7d0042 dd 0xff8c005b dd 0xff9b0075 dd 0xffa9008f dd 0xffb900a8 dd 0xffc800c1 dd 0xffd600db dd 0xffe500f5 dd 0xfff4010e dd 0x00030128 dd 0x00110141 dd 0x0020015b dd 0x002e0175 dd 0x003d018e dd 0xfe7bfecf dd 0xfe8afee8 dd 0xfe98ff02 dd 0xfea7ff1b dd 0xfeb5ff35 dd 0xfec5ff4f dd 0xfed4ff68 dd 0xfee3ff81 dd 0xfef1ff9c dd 0xff00ffb5 dd 0xff10ffce dd 0xff1effe8 dd 0xff2d0001 dd 0xff3c001a dd 0xff4b0034 dd 0xff5a004d dd 0xff690066 dd 0xff77007f dd 0xff86009a dd 0xff9600b3 dd 0xffa400cc dd 0xffb300e6 dd 0xffc20100 dd 0xffd00119 dd 0xffe00133 dd 0xffef014c dd 0xfffd0165 dd 0x000b0180 dd 0x001a0199 dd 0xfe56fed9 dd 0xfe65fef2 dd 0xfe74ff0c dd 0xfe82ff25 dd 0xfe91ff3e dd 0xfea1ff59 dd 0xfeafff72 dd 0xfebeff8b dd 0xfecdffa5 dd 0xfedbffbf dd 0xfeebffd8 dd 0xfefafff2 dd 0xff08000a dd 0xff170023 dd 0xff27003e dd 0xff350057 dd 0xff440070 dd 0xff530089 dd 0xff6100a4 dd 0xff7100bd dd 0xff8000d6 dd 0xff8e00f0 dd 0xff9d0109 dd 0xffac0123 dd 0xffbc013d dd 0xffca0156 dd 0xffd9016f dd 0xffe7018a dd 0xfff601a3 dd 0xfe33fee4 dd 0xfe42fefd dd 0xfe50ff17 dd 0xfe5fff30 dd 0xfe6eff49 dd 0xfe7dff64 dd 0xfe8cff7d dd 0xfe9bff96 dd 0xfea9ffb0 dd 0xfeb8ffca dd 0xfec8ffe3 dd 0xfed6fffd dd 0xfee50015 dd 0xfef4002e dd 0xff030049 dd 0xff120062 dd 0xff21007b dd 0xff2f0094 dd 0xff3e00af dd 0xff4e00c8 dd 0xff5c00e1 dd 0xff6b00fb dd 0xff7a0114 dd 0xff88012e dd 0xff980148 dd 0xffa70161 dd 0xffb5017a dd 0xffc40195 dd 0xffd301ae dd 0xfe0efeee dd 0xfe1dff08 dd 0xfe2cff22 dd 0xfe3aff3b dd 0xfe49ff54 dd 0xfe59ff6f dd 0xfe67ff88 dd 0xfe76ffa1 dd 0xfe85ffbb dd 0xfe93ffd4 dd 0xfea3ffee dd 0xfeb20007 dd 0xfec00020 dd 0xfecf0039 dd 0xfedf0054 dd 0xfeee006d dd 0xfefc0086 dd 0xff0b009f dd 0xff1900ba dd 0xff2900d3 dd 0xff3800ec dd 0xff470106 dd 0xff55011f dd 0xff640139 dd 0xff740153 dd 0xff82016c dd 0xff910185 dd 0xffa001a0 dd 0xffae01b9 dd 0xfdeafef8 dd 0xfdf9ff12 dd 0xfe07ff2c dd 0xfe16ff45 dd 0xfe24ff5e dd 0xfe34ff78 dd 0xfe43ff92 dd 0xfe52ffab dd 0xfe60ffc5 dd 0xfe6fffde dd 0xfe7ffff8 dd 0xfe8d0011 dd 0xfe9c002a dd 0xfeab0043 dd 0xfeba005e dd 0xfec90077 dd 0xfed80090 dd 0xfee600a9 dd 0xfef500c3 dd 0xff0500dd dd 0xff1300f6 dd 0xff220110 dd 0xff310129 dd 0xff3f0142 dd 0xff4f015d dd 0xff5e0176 dd 0xff6c018f dd 0xff7b01a9 dd 0xff8a01c3 dd 0xfdc7ff03 dd 0xfdd5ff1c dd 0xfde4ff37 dd 0xfdf2ff50 dd 0xfe01ff69 dd 0xfe11ff83 dd 0xfe20ff9d dd 0xfe2effb6 dd 0xfe3dffd0 dd 0xfe4bffe9 dd 0xfe5b0002 dd 0xfe6a001c dd 0xfe790035 dd 0xfe87004e dd 0xfe970068 dd 0xfea60082 dd 0xfeb4009b dd 0xfec300b4 dd 0xfed200ce dd 0xfee100e8 dd 0xfef00101 dd 0xfeff011b dd 0xff0d0134 dd 0xff1c014d dd 0xff2c0168 dd 0xff3a0181 dd 0xff49019a dd 0xff5801b4 dd 0xff6601ce dd 0xfda2ff0d dd 0xfdb1ff26 dd 0xfdbfff41 dd 0xfdceff5a dd 0xfddcff73 dd 0xfdecff8d dd 0xfdfbffa6 dd 0xfe0affc0 dd 0xfe18ffda dd 0xfe27fff3 dd 0xfe37000b dd 0xfe450026 dd 0xfe54003f dd 0xfe630058 dd 0xfe720072 dd 0xfe81008c dd 0xfe9000a5 dd 0xfe9e00be dd 0xfead00d8 dd 0xfebd00f1 dd 0xfecb010b dd 0xfeda0125 dd 0xfee9013e dd 0xfef70157 dd 0xff070172 dd 0xff16018b dd 0xff2401a4 dd 0xff3301be dd 0xff4201d7 dd 0xfd7fff18 dd 0xfd8dff31 dd 0xfd9cff4c dd 0xfdabff65 dd 0xfdb9ff7e dd 0xfdc9ff98 dd 0xfdd8ffb1 dd 0xfde6ffcb dd 0xfdf5ffe5 dd 0xfe03fffe dd 0xfe130016 dd 0xfe220031 dd 0xfe31004a dd 0xfe3f0063 dd 0xfe4f007d dd 0xfe5e0096 dd 0xfe6c00b0 dd 0xfe7b00c9 dd 0xfe8a00e3 dd 0xfe9900fc dd 0xfea80116 dd 0xfeb70130 dd 0xfec50149 dd 0xfed40162 dd 0xfee4017c dd 0xfef20196 dd 0xff0101af dd 0xff1001c9 dd 0xff1e01e2 dd 0xfd5aff23 dd 0xfd69ff3c dd 0xfd77ff57 dd 0xfd86ff70 dd 0xfd95ff89 dd 0xfda4ffa3 dd 0xfdb3ffbc dd 0xfdc2ffd6 dd 0xfdd0fff0 dd 0xfddf0008 dd 0xfdef0021 dd 0xfdfd003c dd 0xfe0c0055 dd 0xfe1b006e dd 0xfe2b0088 dd 0xfe3900a1 dd 0xfe4800bb dd 0xfe5600d4 dd 0xfe6500ee dd 0xfe750107 dd 0xfe830120 dd 0xfe92013b dd 0xfea10154 dd 0xfeaf016d dd 0xfebf0187 dd 0xfece01a1 dd 0xfedc01ba dd 0xfeeb01d4 dd 0xfefa01ed dd 0xfd37ff2d dd 0xfd45ff46 dd 0xfd54ff60 dd 0xfd63ff7a dd 0xfd71ff93 dd 0xfd81ffad dd 0xfd90ffc6 dd 0xfd9effdf dd 0xfdadfffa dd 0xfdbc0012 dd 0xfdcb002b dd 0xfdda0045 dd 0xfde9005f dd 0xfdf70078 dd 0xfe070092 dd 0xfe1600ab dd 0xfe2400c4 dd 0xfe3300de dd 0xfe4200f8 dd 0xfe520111 dd 0xfe60012a dd 0xfe6f0145 dd 0xfe7d015e dd 0xfe8c0177 dd 0xfe9c0191 dd 0xfeab01aa dd 0xfeb901c4 dd 0xfec801de dd 0xfed601f7 dd 0x02c7ff2d dd 0x02b9ff46 dd 0x02aaff5f dd 0x029bff7a dd 0x028dff93 dd 0x027dffac dd 0x026effc6 dd 0x0260ffdf dd 0x0251fff9 dd 0x02420012 dd 0x0232002b dd 0x02240044 dd 0x0215005f dd 0x02070078 dd 0x01f80092 dd 0x01e800ab dd 0x01d900c4 dd 0x01cb00df dd 0x01bc00f8 dd 0x01ac0111 dd 0x019e012b dd 0x018f0145 dd 0x0181015e dd 0x01720178 dd 0x01620191 dd 0x015301aa dd 0x014501c5 dd 0x013601de dd 0x012801f7 dd 0x02a3ff23 dd 0x0294ff3c dd 0x0285ff55 dd 0x0277ff70 dd 0x0268ff89 dd 0x0258ffa2 dd 0x024affbc dd 0x023bffd6 dd 0x022cffef dd 0x021e0008 dd 0x020e0021 dd 0x01ff003a dd 0x01f10055 dd 0x01e2006e dd 0x01d30088 dd 0x01c400a1 dd 0x01b500bb dd 0x01a600d5 dd 0x019800ee dd 0x01880107 dd 0x01790122 dd 0x016b013b dd 0x015c0154 dd 0x014d016e dd 0x013d0187 dd 0x012f01a1 dd 0x012001bb dd 0x011201d4 dd 0x010301ed dd 0x027eff18 dd 0x026fff31 dd 0x0261ff4a dd 0x0252ff65 dd 0x0244ff7e dd 0x0234ff97 dd 0x0225ffb1 dd 0x0216ffcb dd 0x0208ffe4 dd 0x01f9fffe dd 0x01e90016 dd 0x01db0030 dd 0x01cc004a dd 0x01bd0063 dd 0x01af007d dd 0x019f0096 dd 0x019000b0 dd 0x018200ca dd 0x017300e3 dd 0x016300fc dd 0x01550117 dd 0x01460130 dd 0x01370149 dd 0x01290163 dd 0x0119017c dd 0x010a0196 dd 0x00fc01b0 dd 0x00ed01c9 dd 0x00de01e2 dd 0x025bff0d dd 0x024cff26 dd 0x023dff40 dd 0x022fff5a dd 0x0220ff73 dd 0x0210ff8c dd 0x0202ffa6 dd 0x01f3ffc0 dd 0x01e4ffd9 dd 0x01d6fff3 dd 0x01c6000b dd 0x01b70025 dd 0x01a9003f dd 0x019a0058 dd 0x018b0072 dd 0x017c008c dd 0x016d00a5 dd 0x015e00bf dd 0x015000d8 dd 0x014000f1 dd 0x0131010c dd 0x01230125 dd 0x0114013e dd 0x01050158 dd 0x00f60172 dd 0x00e7018b dd 0x00d801a5 dd 0x00ca01be dd 0x00bb01d7 dd 0x0236ff03 dd 0x0228ff1c dd 0x0219ff36 dd 0x020aff50 dd 0x01fcff69 dd 0x01ecff82 dd 0x01ddff9d dd 0x01cfffb6 dd 0x01c0ffcf dd 0x01b1ffe9 dd 0x01a10002 dd 0x0193001b dd 0x01840035 dd 0x0176004e dd 0x01670068 dd 0x01570082 dd 0x0148009b dd 0x013a00b5 dd 0x012b00ce dd 0x011b00e8 dd 0x010d0102 dd 0x00fe011b dd 0x00ef0134 dd 0x00e1014e dd 0x00d10168 dd 0x00c20181 dd 0x00b4019b dd 0x00a501b4 dd 0x009601ce dd 0x0213fef8 dd 0x0204ff12 dd 0x01f6ff2b dd 0x01e7ff45 dd 0x01d8ff5e dd 0x01c8ff77 dd 0x01baff92 dd 0x01abffab dd 0x019dffc4 dd 0x018effde dd 0x017efff8 dd 0x016f0010 dd 0x0161002a dd 0x01520043 dd 0x0144005e dd 0x01340077 dd 0x01250090 dd 0x011600aa dd 0x010800c3 dd 0x00f800dd dd 0x00e900f7 dd 0x00db0110 dd 0x00cc0129 dd 0x00bd0144 dd 0x00ae015d dd 0x009f0176 dd 0x00900190 dd 0x008201a9 dd 0x007301c3 dd 0x01eefeed dd 0x01e0ff07 dd 0x01d1ff20 dd 0x01c2ff3a dd 0x01b4ff53 dd 0x01a4ff6c dd 0x0195ff87 dd 0x0187ffa0 dd 0x0178ffb9 dd 0x0169ffd3 dd 0x0159ffed dd 0x014b0005 dd 0x013c001f dd 0x012e0038 dd 0x011f0053 dd 0x010f006c dd 0x01010085 dd 0x00f2009f dd 0x00e300b8 dd 0x00d300d2 dd 0x00c500ec dd 0x00b60105 dd 0x00a8011e dd 0x00990139 dd 0x00890152 dd 0x007a016b dd 0x006c0185 dd 0x005d019e dd 0x004f01b8 dd 0x01cbfee4 dd 0x01bcfefd dd 0x01aeff16 dd 0x019fff30 dd 0x0190ff49 dd 0x0181ff63 dd 0x0172ff7d dd 0x0163ff96 dd 0x0155ffaf dd 0x0146ffca dd 0x0136ffe3 dd 0x0128fffc dd 0x01190015 dd 0x010a002e dd 0x00fc0049 dd 0x00ec0062 dd 0x00dd007b dd 0x00cf0095 dd 0x00c000af dd 0x00b000c8 dd 0x00a100e2 dd 0x009300fb dd 0x00840114 dd 0x0076012f dd 0x00660148 dd 0x00570161 dd 0x0048017b dd 0x003a0195 dd 0x002b01ae dd 0x01a6fed9 dd 0x0198fef2 dd 0x0189ff0b dd 0x017aff25 dd 0x016cff3e dd 0x015cff58 dd 0x014dff72 dd 0x013fff8b dd 0x0130ffa4 dd 0x0121ffbf dd 0x0112ffd8 dd 0x0103fff1 dd 0x00f4000a dd 0x00e60023 dd 0x00d7003e dd 0x00c70057 dd 0x00b90070 dd 0x00aa008a dd 0x009b00a4 dd 0x008b00bd dd 0x007d00d7 dd 0x006e00f0 dd 0x00600109 dd 0x00510124 dd 0x0041013d dd 0x00320156 dd 0x00240170 dd 0x0015018a dd 0x000701a3 dd 0x0182fecf dd 0x0173fee8 dd 0x0164ff01 dd 0x0156ff1b dd 0x0147ff35 dd 0x0137ff4e dd 0x0129ff68 dd 0x011aff81 dd 0x010bff9a dd 0x00fdffb5 dd 0x00edffce dd 0x00deffe7 dd 0x00d00001 dd 0x00c1001a dd 0x00b20034 dd 0x00a3004d dd 0x00940066 dd 0x00850081 dd 0x0077009a dd 0x006700b3 dd 0x005800cd dd 0x004a00e6 dd 0x003b0100 dd 0x002c011a dd 0x001d0133 dd 0x000e014c dd 0x00000167 dd 0xfff20180 dd 0xffe30199 dd 0x015efec4 dd 0x0150fedd dd 0x0141fef6 dd 0x0132ff10 dd 0x0124ff2a dd 0x0114ff43 dd 0x0105ff5d dd 0x00f7ff76 dd 0x00e8ff8f dd 0x00d9ffaa dd 0x00caffc3 dd 0x00bbffdc dd 0x00acfff6 dd 0x009e000f dd 0x008f0029 dd 0x007f0042 dd 0x0071005b dd 0x00620076 dd 0x0053008f dd 0x004400a8 dd 0x003500c2 dd 0x002600db dd 0x001800f5 dd 0x0009010f dd 0xfffa0128 dd 0xffec0141 dd 0xffdd015c dd 0xffce0175 dd 0xffc0018e dd 0x013afeb9 dd 0x012bfed2 dd 0x011dfeeb dd 0x010eff05 dd 0x00ffff1f dd 0x00efff38 dd 0x00e1ff52 dd 0x00d2ff6b dd 0x00c4ff85 dd 0x00b5ff9f dd 0x00a5ffb8 dd 0x0096ffd1 dd 0x0088ffeb dd 0x00790004 dd 0x006b001e dd 0x005b0037 dd 0x004c0050 dd 0x003d006b dd 0x002f0084 dd 0x001f009d dd 0x001000b7 dd 0x000200d1 dd 0xfff400ea dd 0xffe50104 dd 0xffd6011d dd 0xffc70136 dd 0xffb80151 dd 0xffaa016a dd 0xff9b0183 dd 0x0116feaf dd 0x0108fec8 dd 0x00f9fee1 dd 0x00ebfefc dd 0x00dcff15 dd 0x00ccff2e dd 0x00bdff48 dd 0x00afff61 dd 0x00a0ff7b dd 0x0092ff95 dd 0x0082ffae dd 0x0073ffc7 dd 0x0064ffe2 dd 0x0056fffb dd 0x00470014 dd 0x0037002d dd 0x00290047 dd 0x001a0061 dd 0x000b007a dd 0xfffd0093 dd 0xffee00ad dd 0xffdf00c7 dd 0xffd100e0 dd 0xffc200fa dd 0xffb20113 dd 0xffa4012d dd 0xff950147 dd 0xff860160 dd 0xff780179 dd 0x00f2fea4 dd 0x00e3febd dd 0x00d5fed6 dd 0x00c6fef1 dd 0x00b7ff0a dd 0x00a8ff23 dd 0x0099ff3d dd 0x008aff57 dd 0x007cff70 dd 0x006dff8a dd 0x005dffa3 dd 0x004fffbc dd 0x0040ffd7 dd 0x0031fff0 dd 0x00230009 dd 0x00130022 dd 0x0004003c dd 0xfff70056 dd 0xffe8006f dd 0xffd80088 dd 0xffc900a3 dd 0xffbb00bc dd 0xffac00d5 dd 0xff9e00ef dd 0xff8e0108 dd 0xff7f0122 dd 0xff70013c dd 0xff620155 dd 0xff53016e dd 0x00cffe9a dd 0x00c0feb3 dd 0x00b1fecd dd 0x00a3fee7 dd 0x0094ff00 dd 0x0084ff19 dd 0x0076ff33 dd 0x0067ff4d dd 0x0058ff66 dd 0x004aff80 dd 0x003aff99 dd 0x002bffb3 dd 0x001dffcd dd 0x000effe6 dd 0x00000000 dd 0xfff00019 dd 0xffe20032 dd 0xffd3004c dd 0xffc50065 dd 0xffb5007e dd 0xffa60099 dd 0xff9700b2 dd 0xff8900cb dd 0xff7a00e5 dd 0xff6a00ff dd 0xff5c0118 dd 0xff4d0132 dd 0xff3e014b dd 0xff300164 dd 0x00aafe8f dd 0x009bfea8 dd 0x008dfec2 dd 0x007efedc dd 0x006ffef5 dd 0x0060ff0e dd 0x0051ff29 dd 0x0042ff42 dd 0x0034ff5b dd 0x0025ff75 dd 0x0015ff8e dd 0x0007ffa8 dd 0xfff9ffc2 dd 0xffeaffdb dd 0xffdcfff5 dd 0xffcc000e dd 0xffbd0027 dd 0xffaf0041 dd 0xffa0005a dd 0xff900073 dd 0xff81008e dd 0xff7300a7 dd 0xff6400c0 dd 0xff5600da dd 0xff4600f4 dd 0xff37010d dd 0xff290127 dd 0xff1a0140 dd 0xff0b0159 dd 0x0085fe84 dd 0x0077fe9d dd 0x0068feb7 dd 0x0059fed1 dd 0x004bfeea dd 0x003bff03 dd 0x002cff1e dd 0x001eff37 dd 0x000fff50 dd 0x0001ff6a dd 0xfff2ff83 dd 0xffe3ff9d dd 0xffd4ffb7 dd 0xffc6ffd0 dd 0xffb7ffea dd 0xffa70003 dd 0xff99001c dd 0xff8a0036 dd 0xff7b004f dd 0xff6c0068 dd 0xff5d0083 dd 0xff4e009c dd 0xff4000b5 dd 0xff3100cf dd 0xff2100e9 dd 0xff130102 dd 0xff04011c dd 0xfef50135 dd 0xfee7014e dd 0x0062fe7a dd 0x0053fe94 dd 0x0045fead dd 0x0036fec7 dd 0x0028fee0 dd 0x0018fef9 dd 0x0009ff14 dd 0xfffbff2d dd 0xffedff46 dd 0xffdeff60 dd 0xffceff7a dd 0xffc0ff93 dd 0xffb1ffad dd 0xffa2ffc6 dd 0xff94ffe1 dd 0xff84fffa dd 0xff750012 dd 0xff67002c dd 0xff580045 dd 0xff48005f dd 0xff3a0079 dd 0xff2b0092 dd 0xff1c00ab dd 0xff0e00c6 dd 0xfefe00df dd 0xfeef00f8 dd 0xfee10112 dd 0xfed2012b dd 0xfec30145 dd 0x003dfe6f dd 0x002ffe89 dd 0x0020fea2 dd 0x0012febc dd 0x0003fed5 dd 0xfff4feee dd 0xffe5ff09 dd 0xffd7ff22 dd 0xffc8ff3b dd 0xffbaff55 dd 0xffaaff6f dd 0xff9bff88 dd 0xff8cffa2 dd 0xff7effbb dd 0xff6fffd6 dd 0xff5fffef dd 0xff510007 dd 0xff420021 dd 0xff33003a dd 0xff240054 dd 0xff15006e dd 0xff060087 dd 0xfef800a0 dd 0xfee900bb dd 0xfed900d4 dd 0xfecb00ed dd 0xfebc0107 dd 0xfead0120 dd 0xfe9f013a dd 0x001afe64 dd 0x000bfe7e dd 0xfffefe97 dd 0xffeffeb1 dd 0xffe1feca dd 0xffd1fee4 dd 0xffc2fefe dd 0xffb3ff17 dd 0xffa5ff30 dd 0xff96ff4a dd 0xff86ff64 dd 0xff78ff7d dd 0xff69ff97 dd 0xff5affb0 dd 0xff4cffcb dd 0xff3cffe4 dd 0xff2dfffd dd 0xff1f0016 dd 0xff100030 dd 0xff000049 dd 0xfef20063 dd 0xfee3007c dd 0xfed40095 dd 0xfec600b0 dd 0xfeb600c9 dd 0xfea700e2 dd 0xfe9900fc dd 0xfe8a0116 dd 0xfe7b012f dd 0xfff7fe5b dd 0xffe8fe74 dd 0xffd9fe8d dd 0xffcbfea7 dd 0xffbcfec0 dd 0xffacfeda dd 0xff9efef4 dd 0xff8fff0d dd 0xff80ff26 dd 0xff72ff41 dd 0xff62ff5a dd 0xff53ff73 dd 0xff45ff8d dd 0xff36ffa6 dd 0xff27ffc1 dd 0xff17ffda dd 0xff09fff3 dd 0xfefa000c dd 0xfeec0026 dd 0xfedc003f dd 0xfecd0059 dd 0xfebe0072 dd 0xfeb0008c dd 0xfea100a6 dd 0xfe9100bf dd 0xfe8300d8 dd 0xfe7400f2 dd 0xfe65010c dd 0xfe570125 dd 0xffd2fe50 dd 0xffc3fe69 dd 0xffb5fe82 dd 0xffa6fe9c dd 0xff97feb6 dd 0xff88fecf dd 0xff79fee9 dd 0xff6aff02 dd 0xff5cff1b dd 0xff4dff36 dd 0xff3dff4f dd 0xff2fff68 dd 0xff20ff82 dd 0xff11ff9c dd 0xff03ffb6 dd 0xfef3ffcf dd 0xfee4ffe8 dd 0xfed60002 dd 0xfec7001b dd 0xfeb70034 dd 0xfea9004e dd 0xfe9a0067 dd 0xfe8b0081 dd 0xfe7d009b dd 0xfe6d00b4 dd 0xfe5e00cd dd 0xfe5000e8 dd 0xfe410101 dd 0xfe32011a dd 0xffaffe46 dd 0xffa0fe5f dd 0xff91fe78 dd 0xff83fe92 dd 0xff74feac dd 0xff64fec5 dd 0xff56fedf dd 0xff47fef8 dd 0xff38ff12 dd 0xff2aff2c dd 0xff1aff45 dd 0xff0bff5e dd 0xfefdff78 dd 0xfeeeff92 dd 0xfedfffac dd 0xfed0ffc5 dd 0xfec1ffde dd 0xfeb2fff9 dd 0xfea40011 dd 0xfe94002a dd 0xfe850044 dd 0xfe77005e dd 0xfe680077 dd 0xfe590091 dd 0xfe4900aa dd 0xfe3b00c3 dd 0xfe2c00de dd 0xfe1e00f7 dd 0xfe0f0110 dd 0xff8afe3b dd 0xff7bfe54 dd 0xff6dfe6d dd 0xff5efe88 dd 0xff50fea1 dd 0xff40feba dd 0xff31fed4 dd 0xff22feed dd 0xff14ff07 dd 0xff05ff21 dd 0xfef5ff3a dd 0xfee7ff53 dd 0xfed8ff6e dd 0xfec9ff87 dd 0xfebbffa1 dd 0xfeabffba dd 0xfe9cffd3 dd 0xfe8effee dd 0xfe7f0006 dd 0xfe6f001f dd 0xfe610039 dd 0xfe520053 dd 0xfe43006c dd 0xfe350086 dd 0xfe25009f dd 0xfe1600b8 dd 0xfe0800d3 dd 0xfdf900ec dd 0xfdea0105 dd 0xff67fe30 dd 0xff58fe49 dd 0xff49fe62 dd 0xff3bfe7d dd 0xff2cfe96 dd 0xff1cfeaf dd 0xff0efec9 dd 0xfefffee2 dd 0xfef0fefc dd 0xfee2ff16 dd 0xfed2ff2f dd 0xfec3ff48 dd 0xfeb5ff63 dd 0xfea6ff7c dd 0xfe97ff96 dd 0xfe88ffaf dd 0xfe79ffc8 dd 0xfe6affe3 dd 0xfe5cfffc dd 0xfe4c0014 dd 0xfe3d002e dd 0xfe2f0048 dd 0xfe200061 dd 0xfe11007b dd 0xfe010094 dd 0xfdf300ad dd 0xfde400c8 dd 0xfdd600e1 dd 0xfdc700fa dd 0xff42fe26 dd 0xff33fe3f dd 0xff25fe58 dd 0xff16fe73 dd 0xff08fe8c dd 0xfef8fea5 dd 0xfee9febf dd 0xfedafed9 dd 0xfeccfef2 dd 0xfebdff0c dd 0xfeadff25 dd 0xfe9fff3e dd 0xfe90ff59 dd 0xfe81ff72 dd 0xfe73ff8c dd 0xfe63ffa5 dd 0xfe54ffbf dd 0xfe46ffd9 dd 0xfe37fff2 dd 0xfe27000a dd 0xfe190025 dd 0xfe0a003e dd 0xfdfb0057 dd 0xfded0071 dd 0xfddd008a dd 0xfdce00a4 dd 0xfdc000be dd 0xfdb100d7 dd 0xfda200f0 dd 0xff1ffe1b dd 0xff10fe34 dd 0xff01fe4d dd 0xfef3fe68 dd 0xfee4fe81 dd 0xfed4fe9a dd 0xfec6feb4 dd 0xfeb7fece dd 0xfea9fee7 dd 0xfe9aff01 dd 0xfe8aff1a dd 0xfe7bff33 dd 0xfe6dff4e dd 0xfe5eff67 dd 0xfe50ff81 dd 0xfe40ff9a dd 0xfe31ffb4 dd 0xfe22ffce dd 0xfe14ffe7 dd 0xfe040000 dd 0xfdf5001a dd 0xfde70033 dd 0xfdd8004c dd 0xfdc90066 dd 0xfdba007f dd 0xfdab0099 dd 0xfd9c00b3 dd 0xfd8e00cc dd 0xfd7f00e5 dd 0xfefafe10 dd 0xfeecfe29 dd 0xfeddfe43 dd 0xfecefe5d dd 0xfec0fe76 dd 0xfeb0fe8f dd 0xfea1fea9 dd 0xfe93fec3 dd 0xfe84fedc dd 0xfe75fef6 dd 0xfe65ff0f dd 0xfe57ff29 dd 0xfe48ff43 dd 0xfe3aff5c dd 0xfe2bff76 dd 0xfe1bff8f dd 0xfe0cffa9 dd 0xfdfeffc3 dd 0xfdefffdc dd 0xfddffff5 dd 0xfdd1000f dd 0xfdc20028 dd 0xfdb30041 dd 0xfda5005b dd 0xfd950075 dd 0xfd86008e dd 0xfd7800a8 dd 0xfd6900c1 dd 0xfd5a00da dd 0xfed6fe06 dd 0xfec7fe1f dd 0xfeb8fe39 dd 0xfeaafe53 dd 0xfe9bfe6c dd 0xfe8bfe85 dd 0xfe7dfea0 dd 0xfe6efeb9 dd 0xfe5ffed2 dd 0xfe51feec dd 0xfe41ff05 dd 0xfe32ff1f dd 0xfe24ff39 dd 0xfe15ff52 dd 0xfe06ff6c dd 0xfdf7ff86 dd 0xfde8ff9f dd 0xfdd9ffb9 dd 0xfdcbffd2 dd 0xfdbbffeb dd 0xfdac0005 dd 0xfd9e001e dd 0xfd8f0037 dd 0xfd800051 dd 0xfd70006b dd 0xfd620084 dd 0xfd53009e dd 0xfd4500b7 dd 0xfd3600d1 dd 0x02c700d1 dd 0x02a400da dd 0x027f00e5 dd 0x025c00ef dd 0x023700fa dd 0x02140105 dd 0x01ef010f dd 0x01cb011a dd 0x01a70125 dd 0x0183012f dd 0x015f013a dd 0x013b0145 dd 0x0117014e dd 0x00f30159 dd 0x00d00164 dd 0x00ab016e dd 0x00860179 dd 0x00630183 dd 0x003e018e dd 0x001b0199 dd 0xfff801a3 dd 0xffd401ae dd 0xffb001b9 dd 0xff8b01c3 dd 0xff6801ce dd 0xff4301d8 dd 0xff2001e2 dd 0xfefb01ed dd 0xfed801f7 dd 0x02b700b7 dd 0x029400c1 dd 0x026f00cc dd 0x024c00d6 dd 0x022700e1 dd 0x020400ec dd 0x01df00f6 dd 0x01bb0101 dd 0x0197010c dd 0x01730116 dd 0x01500120 dd 0x012b012b dd 0x01080135 dd 0x00e30140 dd 0x00c0014b dd 0x009b0155 dd 0x00770160 dd 0x0053016a dd 0x002f0175 dd 0x000b0180 dd 0xffe8018a dd 0xffc40195 dd 0xffa001a0 dd 0xff7b01a9 dd 0xff5801b4 dd 0xff3301bf dd 0xff1001c9 dd 0xfeeb01d4 dd 0xfec801de dd 0x02a9009d dd 0x028500a7 dd 0x026100b2 dd 0x023d00bc dd 0x021900c7 dd 0x01f500d2 dd 0x01d100db dd 0x01ac00e6 dd 0x018900f1 dd 0x016400fb dd 0x01410106 dd 0x011c0111 dd 0x00f9011b dd 0x00d40126 dd 0x00b10131 dd 0x008c013b dd 0x00680146 dd 0x00450150 dd 0x0020015b dd 0xfffe0165 dd 0xffd9016f dd 0xffb6017a dd 0xff910185 dd 0xff6d018f dd 0xff49019a dd 0xff2501a5 dd 0xff0101af dd 0xfedd01ba dd 0xfeb901c4 dd 0x029a0084 dd 0x0277008e dd 0x02520099 dd 0x022f00a3 dd 0x020a00ad dd 0x01e700b8 dd 0x01c200c2 dd 0x019e00cd dd 0x017a00d8 dd 0x015600e2 dd 0x013200ed dd 0x010e00f8 dd 0x00ea0102 dd 0x00c6010d dd 0x00a20118 dd 0x007e0122 dd 0x0059012d dd 0x00360136 dd 0x00110141 dd 0xffef014c dd 0xffca0156 dd 0xffa70161 dd 0xff82016c dd 0xff5e0176 dd 0xff3b0181 dd 0xff16018c dd 0xfef30196 dd 0xfece01a1 dd 0xfeab01aa dd 0x028b006b dd 0x02680075 dd 0x0243007f dd 0x02200089 dd 0x01fb0094 dd 0x01d8009f dd 0x01b300a9 dd 0x018f00b4 dd 0x016c00bf dd 0x014700c9 dd 0x012400d4 dd 0x00ff00df dd 0x00dc00e9 dd 0x00b700f4 dd 0x009400ff dd 0x006f0108 dd 0x004b0113 dd 0x0027011d dd 0x00030128 dd 0xffe00133 dd 0xffbc013d dd 0xff980148 dd 0xff740153 dd 0xff4f015d dd 0xff2c0168 dd 0xff070173 dd 0xfee4017c dd 0xfebf0187 dd 0xfe9c0191 dd 0x027b0050 dd 0x0258005a dd 0x02330065 dd 0x0210006f dd 0x01ec007a dd 0x01c80085 dd 0x01a4008f dd 0x017f009a dd 0x015c00a5 dd 0x013700af dd 0x011400ba dd 0x00ef00c4 dd 0x00cc00ce dd 0x00a700d9 dd 0x008400e4 dd 0x005f00ee dd 0x003b00f9 dd 0x00170103 dd 0xfff4010e dd 0xffd10119 dd 0xffac0123 dd 0xff89012e dd 0xff640139 dd 0xff3f0142 dd 0xff1c014d dd 0xfef80158 dd 0xfed40162 dd 0xfeb0016d dd 0xfe8c0177 dd 0x026d0037 dd 0x02490041 dd 0x0225004c dd 0x02020056 dd 0x01dd0061 dd 0x01ba006c dd 0x01950076 dd 0x01700081 dd 0x014d008c dd 0x01290095 dd 0x010500a0 dd 0x00e100ab dd 0x00bd00b5 dd 0x009900c0 dd 0x007500cb dd 0x005100d5 dd 0x002c00e0 dd 0x000900ea dd 0xffe500f5 dd 0xffc20100 dd 0xff9d0109 dd 0xff7a0114 dd 0xff55011f dd 0xff310129 dd 0xff0d0134 dd 0xfee9013f dd 0xfec60149 dd 0xfea10154 dd 0xfe7e015e dd 0x025e001e dd 0x023b0028 dd 0x02160033 dd 0x01f3003d dd 0x01ce0048 dd 0x01ab0053 dd 0x0186005c dd 0x01620067 dd 0x013e0072 dd 0x011a007c dd 0x00f70087 dd 0x00d20092 dd 0x00af009c dd 0x008a00a7 dd 0x006700b2 dd 0x004200bc dd 0x001e00c7 dd 0xfffb00d1 dd 0xffd700db dd 0xffb300e6 dd 0xff8f00f0 dd 0xff6b00fb dd 0xff470106 dd 0xff220110 dd 0xfeff011b dd 0xfeda0126 dd 0xfeb70130 dd 0xfe92013b dd 0xfe6f0145 dd 0x02500004 dd 0x022c000e dd 0x02080019 dd 0x01e40022 dd 0x01c0002d dd 0x019c0038 dd 0x01780042 dd 0x0153004d dd 0x01300058 dd 0x010b0062 dd 0x00e8006d dd 0x00c30078 dd 0x00a00082 dd 0x007b008d dd 0x00580098 dd 0x003300a1 dd 0x000f00ac dd 0xffed00b6 dd 0xffc800c1 dd 0xffa500cc dd 0xff8000d6 dd 0xff5d00e1 dd 0xff3800ec dd 0xff1400f6 dd 0xfef00101 dd 0xfecc010c dd 0xfea80116 dd 0xfe840120 dd 0xfe60012a dd 0x0241ffeb dd 0x021efff5 dd 0x01f90000 dd 0x01d60009 dd 0x01b10014 dd 0x018e001f dd 0x01690029 dd 0x01450034 dd 0x0121003f dd 0x00fd0049 dd 0x00d90054 dd 0x00b5005f dd 0x00910068 dd 0x006d0073 dd 0x0049007e dd 0x00250088 dd 0x00010093 dd 0xffde009d dd 0xffb900a8 dd 0xff9600b3 dd 0xff7100bd dd 0xff4e00c8 dd 0xff2a00d3 dd 0xff0500dd dd 0xfee200e8 dd 0xfebd00f2 dd 0xfe9a00fc dd 0xfe750107 dd 0xfe520111 dd 0x0231ffd2 dd 0x020effdc dd 0x01e9ffe7 dd 0x01c6fff1 dd 0x01a1fffc dd 0x017e0006 dd 0x01590010 dd 0x0135001b dd 0x01110026 dd 0x00ed0030 dd 0x00c9003a dd 0x00a50045 dd 0x0082004f dd 0x005d005a dd 0x003a0065 dd 0x0015006f dd 0xfff1007a dd 0xffce0084 dd 0xffaa008f dd 0xff86009a dd 0xff6200a4 dd 0xff3e00af dd 0xff1a00ba dd 0xfef500c3 dd 0xfed200ce dd 0xfead00d9 dd 0xfe8a00e3 dd 0xfe6500ee dd 0xfe4200f8 dd 0x0222ffb8 dd 0x01ffffc2 dd 0x01daffcd dd 0x01b7ffd7 dd 0x0193ffe2 dd 0x016fffed dd 0x014bfff6 dd 0x01260001 dd 0x0103000b dd 0x00de0015 dd 0x00bb0020 dd 0x0096002b dd 0x00730035 dd 0x004e0040 dd 0x002b004b dd 0x00060055 dd 0xffe30060 dd 0xffbf006a dd 0xff9b0075 dd 0xff78007f dd 0xff530089 dd 0xff300094 dd 0xff0b009f dd 0xfee600a9 dd 0xfec300b4 dd 0xfe9f00bf dd 0xfe7b00c9 dd 0xfe5700d4 dd 0xfe3300de dd 0x0214ff9f dd 0x01f0ffa9 dd 0x01ccffb4 dd 0x01a9ffbd dd 0x0184ffc8 dd 0x0161ffd3 dd 0x013cffdd dd 0x0117ffe8 dd 0x00f4fff3 dd 0x00d0fffd dd 0x00ac0007 dd 0x00880012 dd 0x0064001c dd 0x00400027 dd 0x001c0032 dd 0xfff9003c dd 0xffd40047 dd 0xffb10050 dd 0xff8c005b dd 0xff690066 dd 0xff440070 dd 0xff21007b dd 0xfefc0086 dd 0xfed80090 dd 0xfeb4009b dd 0xfe9000a6 dd 0xfe6d00b0 dd 0xfe4800bb dd 0xfe2500c4 dd 0x0205ff86 dd 0x01e2ff8f dd 0x01bdff9a dd 0x019affa4 dd 0x0175ffaf dd 0x0152ffba dd 0x012dffc4 dd 0x0109ffcf dd 0x00e5ffda dd 0x00c1ffe4 dd 0x009effef dd 0x0079fffa dd 0x00560003 dd 0x0031000e dd 0x000e0019 dd 0xffea0022 dd 0xffc6002d dd 0xffa20037 dd 0xff7e0042 dd 0xff5a004d dd 0xff360057 dd 0xff120062 dd 0xfeee006d dd 0xfec90077 dd 0xfea60082 dd 0xfe81008d dd 0xfe5e0096 dd 0xfe3900a1 dd 0xfe1600ab dd 0x01f7ff6c dd 0x01d3ff76 dd 0x01afff81 dd 0x018bff8b dd 0x0167ff96 dd 0x0143ffa1 dd 0x011fffab dd 0x00faffb6 dd 0x00d7ffc1 dd 0x00b2ffcb dd 0x008fffd6 dd 0x006affe1 dd 0x0047ffea dd 0x0022fff5 dd 0x00000000 dd 0xffdb0009 dd 0xffb70014 dd 0xff94001e dd 0xff6f0029 dd 0xff4c0034 dd 0xff27003e dd 0xff040049 dd 0xfedf0054 dd 0xfebb005e dd 0xfe970068 dd 0xfe730073 dd 0xfe4f007d dd 0xfe2b0088 dd 0xfe070092 dd 0x01e7ff52 dd 0x01c3ff5c dd 0x019fff67 dd 0x017bff71 dd 0x0157ff7c dd 0x0133ff87 dd 0x010fff91 dd 0x00eaff9c dd 0x00c7ffa6 dd 0x00a2ffb0 dd 0x007fffbb dd 0x005affc6 dd 0x0037ffd0 dd 0x0013ffdb dd 0xfff0ffe6 dd 0xffccfff0 dd 0xffa7fffb dd 0xff840004 dd 0xff5f000f dd 0xff3c001a dd 0xff170023 dd 0xfef4002e dd 0xfecf0039 dd 0xfeab0043 dd 0xfe87004e dd 0xfe630059 dd 0xfe3f0063 dd 0xfe1b006e dd 0xfdf80078 dd 0x01d8ff39 dd 0x01b5ff43 dd 0x0190ff4e dd 0x016dff58 dd 0x0148ff63 dd 0x0125ff6e dd 0x0100ff77 dd 0x00dcff82 dd 0x00b8ff8d dd 0x0094ff97 dd 0x0070ffa2 dd 0x004cffad dd 0x0029ffb7 dd 0x0004ffc2 dd 0xffe2ffcd dd 0xffbdffd7 dd 0xff98ffe2 dd 0xff75ffeb dd 0xff51fff6 dd 0xff2d0001 dd 0xff09000a dd 0xfee50015 dd 0xfec10020 dd 0xfe9c002a dd 0xfe790035 dd 0xfe540040 dd 0xfe31004a dd 0xfe0c0055 dd 0xfde9005f dd 0x01c9ff20 dd 0x01a6ff2a dd 0x0182ff35 dd 0x015eff3e dd 0x013aff49 dd 0x0116ff54 dd 0x00f2ff5e dd 0x00cdff69 dd 0x00aaff74 dd 0x0085ff7e dd 0x0062ff89 dd 0x003dff94 dd 0x001aff9e dd 0xfff6ffa9 dd 0xffd3ffb4 dd 0xffaeffbd dd 0xff8affc8 dd 0xff66ffd2 dd 0xff42ffdd dd 0xff1fffe8 dd 0xfefafff2 dd 0xfed7fffd dd 0xfeb20007 dd 0xfe8d0011 dd 0xfe6a001c dd 0xfe460027 dd 0xfe220031 dd 0xfdfe003c dd 0xfdda0045 dd 0x01bbff05 dd 0x0197ff0f dd 0x0173ff1a dd 0x0150ff24 dd 0x012bff2f dd 0x0108ff3a dd 0x00e3ff44 dd 0x00beff4f dd 0x009bff5a dd 0x0077ff64 dd 0x0053ff6f dd 0x002fff7a dd 0x000bff83 dd 0xffe8ff8e dd 0xffc4ff99 dd 0xffa0ffa3 dd 0xff7bffae dd 0xff58ffb8 dd 0xff33ffc3 dd 0xff10ffce dd 0xfeebffd8 dd 0xfec8ffe3 dd 0xfea3ffee dd 0xfe7ffff8 dd 0xfe5b0002 dd 0xfe37000c dd 0xfe140016 dd 0xfdef0021 dd 0xfdcc002b dd 0x01abfeec dd 0x0188fef6 dd 0x0163ff01 dd 0x0140ff0b dd 0x011bff16 dd 0x00f8ff21 dd 0x00d3ff2b dd 0x00afff36 dd 0x008bff41 dd 0x0067ff4a dd 0x0043ff55 dd 0x001fff60 dd 0xfffcff6a dd 0xffd8ff75 dd 0xffb4ff80 dd 0xff90ff8a dd 0xff6bff95 dd 0xff48ff9f dd 0xff23ffaa dd 0xff00ffb5 dd 0xfedbffbf dd 0xfeb8ffca dd 0xfe94ffd4 dd 0xfe6fffde dd 0xfe4cffe9 dd 0xfe27fff4 dd 0xfe04fffe dd 0xfddf0008 dd 0xfdbc0012 dd 0x019cfed3 dd 0x0179fedd dd 0x0154fee8 dd 0x0131fef2 dd 0x010cfefd dd 0x00e9ff08 dd 0x00c5ff12 dd 0x00a0ff1c dd 0x007dff27 dd 0x0058ff31 dd 0x0035ff3c dd 0x0010ff47 dd 0xffeeff51 dd 0xffc9ff5c dd 0xffa6ff67 dd 0xff81ff71 dd 0xff5dff7c dd 0xff39ff86 dd 0xff15ff91 dd 0xfef1ff9c dd 0xfecdffa5 dd 0xfeaaffb0 dd 0xfe85ffbb dd 0xfe60ffc5 dd 0xfe3dffd0 dd 0xfe18ffdb dd 0xfdf5ffe5 dd 0xfdd1fff0 dd 0xfdadfffa dd 0x018efeb9 dd 0x016afec3 dd 0x0146fece dd 0x0122fed7 dd 0x00fefee2 dd 0x00dafeed dd 0x00b6fef7 dd 0x0091ff02 dd 0x006eff0d dd 0x0049ff17 dd 0x0026ff22 dd 0x0002ff2d dd 0xffdfff37 dd 0xffbbff42 dd 0xff97ff4d dd 0xff73ff57 dd 0xff4eff61 dd 0xff2bff6b dd 0xff06ff76 dd 0xfee3ff81 dd 0xfebeff8b dd 0xfe9bff96 dd 0xfe76ffa1 dd 0xfe52ffab dd 0xfe2effb6 dd 0xfe0affc1 dd 0xfde6ffcb dd 0xfdc2ffd6 dd 0xfd9fffdf dd 0x017ffea0 dd 0x015cfea9 dd 0x0137feb4 dd 0x0114febe dd 0x00effec9 dd 0x00ccfed4 dd 0x00a7fede dd 0x0083fee9 dd 0x005ffef4 dd 0x003bfefe dd 0x0017ff09 dd 0xfff4ff14 dd 0xffd1ff1e dd 0xffacff29 dd 0xff89ff33 dd 0xff64ff3d dd 0xff3fff48 dd 0xff1cff52 dd 0xfef8ff5d dd 0xfed4ff68 dd 0xfeb0ff72 dd 0xfe8cff7d dd 0xfe68ff88 dd 0xfe43ff92 dd 0xfe20ff9d dd 0xfdfbffa8 dd 0xfdd8ffb1 dd 0xfdb3ffbc dd 0xfd90ffc6 dd 0x0170fe86 dd 0x014dfe90 dd 0x0129fe9b dd 0x0105fea5 dd 0x00e1feb0 dd 0x00bdfebb dd 0x0099fec5 dd 0x0074fed0 dd 0x0051fedb dd 0x002cfee5 dd 0x0009fef0 dd 0xffe5fefb dd 0xffc2ff04 dd 0xff9dff0f dd 0xff7aff1a dd 0xff55ff24 dd 0xff31ff2f dd 0xff0dff39 dd 0xfee9ff44 dd 0xfec6ff4f dd 0xfea1ff59 dd 0xfe7eff64 dd 0xfe59ff6f dd 0xfe34ff78 dd 0xfe11ff83 dd 0xfdedff8e dd 0xfdc9ff98 dd 0xfda5ffa3 dd 0xfd81ffad dd 0x0161fe6c dd 0x013dfe76 dd 0x0119fe81 dd 0x00f5fe8b dd 0x00d1fe96 dd 0x00adfea1 dd 0x0089feab dd 0x0064feb6 dd 0x0041fec0 dd 0x001cfeca dd 0xfffafed5 dd 0xffd5fee0 dd 0xffb2feea dd 0xff8dfef5 dd 0xff6aff00 dd 0xff46ff0a dd 0xff21ff15 dd 0xfefeff1f dd 0xfed9ff2a dd 0xfeb6ff35 dd 0xfe91ff3e dd 0xfe6eff49 dd 0xfe49ff54 dd 0xfe25ff5e dd 0xfe01ff69 dd 0xfdddff74 dd 0xfdb9ff7e dd 0xfd95ff89 dd 0xfd71ff93 dd 0x0152fe53 dd 0x012ffe5d dd 0x010afe68 dd 0x00e7fe72 dd 0x00c2fe7d dd 0x009ffe88 dd 0x007afe91 dd 0x0056fe9c dd 0x0032fea7 dd 0x000efeb1 dd 0xffebfebc dd 0xffc7fec7 dd 0xffa3fed1 dd 0xff7ffedc dd 0xff5bfee7 dd 0xff37fef1 dd 0xff12fefc dd 0xfeefff05 dd 0xfecaff10 dd 0xfea7ff1b dd 0xfe82ff25 dd 0xfe5fff30 dd 0xfe3bff3b dd 0xfe16ff45 dd 0xfdf3ff50 dd 0xfdceff5b dd 0xfdabff65 dd 0xfd86ff70 dd 0xfd63ff7a dd 0x0143fe3a dd 0x0120fe44 dd 0x00fbfe4f dd 0x00d8fe58 dd 0x00b3fe63 dd 0x0090fe6e dd 0x006cfe78 dd 0x0047fe83 dd 0x0024fe8e dd 0x0000fe98 dd 0xffddfea3 dd 0xffb8feae dd 0xff95feb8 dd 0xff70fec3 dd 0xff4dfece dd 0xff28fed7 dd 0xff04fee2 dd 0xfee0feec dd 0xfebcfef7 dd 0xfe98ff02 dd 0xfe74ff0c dd 0xfe51ff17 dd 0xfe2cff22 dd 0xfe07ff2c dd 0xfde4ff37 dd 0xfdbfff42 dd 0xfd9cff4c dd 0xfd78ff57 dd 0xfd54ff60 dd 0x0135fe1f dd 0x0111fe29 dd 0x00edfe34 dd 0x00c9fe3e dd 0x00a5fe49 dd 0x0082fe54 dd 0x005dfe5e dd 0x0038fe69 dd 0x0015fe74 dd 0xfff1fe7e dd 0xffcefe89 dd 0xffaafe94 dd 0xff86fe9d dd 0xff62fea8 dd 0xff3efeb3 dd 0xff1afebd dd 0xfef5fec8 dd 0xfed2fed2 dd 0xfeadfedd dd 0xfe8afee8 dd 0xfe65fef2 dd 0xfe42fefd dd 0xfe1dff08 dd 0xfdf9ff12 dd 0xfdd5ff1c dd 0xfdb1ff27 dd 0xfd8dff31 dd 0xfd69ff3c dd 0xfd46ff46 dd 0x0125fe06 dd 0x0102fe10 dd 0x00ddfe1b dd 0x00bafe25 dd 0x0095fe30 dd 0x0072fe3b dd 0x004dfe45 dd 0x0029fe50 dd 0x0005fe5b dd 0xffe2fe64 dd 0xffbefe6f dd 0xff9afe7a dd 0xff76fe84 dd 0xff52fe8f dd 0xff2efe9a dd 0xff0afea4 dd 0xfee5feaf dd 0xfec2feb9 dd 0xfe9dfec4 dd 0xfe7afecf dd 0xfe55fed9 dd 0xfe32fee4 dd 0xfe0dfeee dd 0xfde9fef8 dd 0xfdc6ff03 dd 0xfda1ff0e dd 0xfd7eff18 dd 0xfd59ff23 dd 0xfd36ff2d dd 0x012501f8 dd 0x010201ed dd 0x00dd01e2 dd 0x00ba01d8 dd 0x009501ce dd 0x007201c3 dd 0x004d01b9 dd 0x002901ae dd 0x000501a3 dd 0xffe20199 dd 0xffbe018e dd 0xff9a0183 dd 0xff770179 dd 0xff52016e dd 0xff2f0164 dd 0xff0a0159 dd 0xfee5014e dd 0xfec20145 dd 0xfe9e013a dd 0xfe7a012f dd 0xfe560125 dd 0xfe32011a dd 0xfe0e010f dd 0xfde90105 dd 0xfdc600fa dd 0xfda100ef dd 0xfd7e00e5 dd 0xfd5900da dd 0xfd3600cf dd 0x013401df dd 0x011001d4 dd 0x00ec01c9 dd 0x00c801bf dd 0x00a401b4 dd 0x008101a9 dd 0x005c01a0 dd 0x00370195 dd 0x0014018a dd 0xfff00180 dd 0xffcd0175 dd 0xffa9016a dd 0xff850160 dd 0xff610155 dd 0xff3d014b dd 0xff190140 dd 0xfef40135 dd 0xfed1012b dd 0xfeac0120 dd 0xfe890116 dd 0xfe64010c dd 0xfe410101 dd 0xfe1c00f6 dd 0xfdf800ec dd 0xfdd400e1 dd 0xfdb000d6 dd 0xfd8c00cc dd 0xfd6800c1 dd 0xfd4500b6 dd 0x014401c5 dd 0x012001ba dd 0x00fc01af dd 0x00d801a5 dd 0x00b4019a dd 0x0090018f dd 0x006c0185 dd 0x0047017a dd 0x0024016f dd 0x00000165 dd 0xffdd015b dd 0xffb80150 dd 0xff950146 dd 0xff70013b dd 0xff4d0131 dd 0xff290126 dd 0xff04011b dd 0xfee10111 dd 0xfebc0106 dd 0xfe9900fb dd 0xfe7400f1 dd 0xfe5100e6 dd 0xfe2c00db dd 0xfe0800d2 dd 0xfde400c7 dd 0xfdc000bc dd 0xfd9c00b2 dd 0xfd7800a7 dd 0xfd54009c dd 0x015201ac dd 0x012f01a1 dd 0x010a0196 dd 0x00e7018c dd 0x00c20181 dd 0x009f0176 dd 0x007a016c dd 0x00560161 dd 0x00320156 dd 0x000e014c dd 0xffec0141 dd 0xffc70136 dd 0xffa4012d dd 0xff7f0122 dd 0xff5c0118 dd 0xff37010d dd 0xff130102 dd 0xfeef00f8 dd 0xfecb00ed dd 0xfea700e2 dd 0xfe8300d8 dd 0xfe5f00cd dd 0xfe3b00c2 dd 0xfe1600b8 dd 0xfdf300ad dd 0xfdce00a3 dd 0xfdab0099 dd 0xfd86008e dd 0xfd630083 dd 0x01610192 dd 0x013d0187 dd 0x0119017c dd 0x00f60173 dd 0x00d10168 dd 0x00ae015d dd 0x00890153 dd 0x00640148 dd 0x0041013d dd 0x001d0133 dd 0xfffa0128 dd 0xffd6011d dd 0xffb20113 dd 0xff8e0108 dd 0xff6a00ff dd 0xff4600f4 dd 0xff2100e9 dd 0xfefe00df dd 0xfed900d4 dd 0xfeb600c9 dd 0xfe9100bf dd 0xfe6e00b4 dd 0xfe4900a9 dd 0xfe25009f dd 0xfe010094 dd 0xfddd0089 dd 0xfdba007f dd 0xfd950075 dd 0xfd72006a dd 0x016f0178 dd 0x014c016d dd 0x01280162 dd 0x01040158 dd 0x00e0014d dd 0x00bc0142 dd 0x00980139 dd 0x0073012e dd 0x00500123 dd 0x002b0119 dd 0x0008010e dd 0xffe40103 dd 0xffc100f9 dd 0xff9c00ee dd 0xff7900e4 dd 0xff5400d9 dd 0xff3000ce dd 0xff0c00c4 dd 0xfee800ba dd 0xfec500af dd 0xfea000a5 dd 0xfe7d009a dd 0xfe58008f dd 0xfe330085 dd 0xfe10007a dd 0xfdec006f dd 0xfdc80065 dd 0xfda4005a dd 0xfd80004f dd 0x017f015f dd 0x015c0154 dd 0x01370149 dd 0x0114013f dd 0x00ef0134 dd 0x00cc0129 dd 0x00a8011f dd 0x00830114 dd 0x00600109 dd 0x003b0100 dd 0x001800f5 dd 0xfff400ea dd 0xffd100e0 dd 0xffac00d5 dd 0xff8900cb dd 0xff6400c0 dd 0xff4000b5 dd 0xff1c00ab dd 0xfef800a0 dd 0xfed40095 dd 0xfeb0008c dd 0xfe8c0081 dd 0xfe680076 dd 0xfe43006c dd 0xfe200061 dd 0xfdfb0056 dd 0xfdd8004c dd 0xfdb30041 dd 0xfd900036 dd 0x018e0146 dd 0x016b013b dd 0x01460130 dd 0x01230126 dd 0x00fe011b dd 0x00db0110 dd 0x00b60106 dd 0x009200fb dd 0x006e00f0 dd 0x004a00e6 dd 0x002600db dd 0x000200d1 dd 0xffdf00c7 dd 0xffbb00bc dd 0xff9700b2 dd 0xff7300a7 dd 0xff4e009c dd 0xff2b0092 dd 0xff060087 dd 0xfee3007c dd 0xfebe0072 dd 0xfe9b0067 dd 0xfe77005c dd 0xfe520053 dd 0xfe2f0048 dd 0xfe0a003d dd 0xfde70033 dd 0xfdc20028 dd 0xfd9f001d dd 0x019d012b dd 0x01790120 dd 0x01550116 dd 0x0131010c dd 0x010d0101 dd 0x00e900f6 dd 0x00c500ec dd 0x00a000e1 dd 0x007d00d6 dd 0x005800cc dd 0x003500c1 dd 0x001000b6 dd 0xffee00ac dd 0xffc900a1 dd 0xffa60098 dd 0xff81008d dd 0xff5d0082 dd 0xff3a0078 dd 0xff15006d dd 0xfef20062 dd 0xfecd0058 dd 0xfeaa004d dd 0xfe850042 dd 0xfe610038 dd 0xfe3d002d dd 0xfe190022 dd 0xfdf50019 dd 0xfdd1000e dd 0xfdad0003 dd 0x01ab0112 dd 0x01880107 dd 0x016300fc dd 0x014000f2 dd 0x011b00e8 dd 0x00f800dd dd 0x00d300d3 dd 0x00af00c8 dd 0x008b00bd dd 0x006700b3 dd 0x004400a8 dd 0x001f009d dd 0xfffd0093 dd 0xffd80088 dd 0xffb5007e dd 0xff900073 dd 0xff6c0068 dd 0xff48005f dd 0xff240054 dd 0xff000049 dd 0xfedc003f dd 0xfeb80034 dd 0xfe940029 dd 0xfe6f001f dd 0xfe4c0014 dd 0xfe270009 dd 0xfe040000 dd 0xfddffff5 dd 0xfdbcffea dd 0x01bb00f9 dd 0x019800ee dd 0x017300e3 dd 0x015000d9 dd 0x012b00ce dd 0x010800c3 dd 0x00e300ba dd 0x00bf00af dd 0x009b00a4 dd 0x0077009a dd 0x0053008f dd 0x002f0084 dd 0x000b007a dd 0xffe8006f dd 0xffc50065 dd 0xffa0005a dd 0xff7b004f dd 0xff580045 dd 0xff33003a dd 0xff100030 dd 0xfeec0026 dd 0xfec8001b dd 0xfea40010 dd 0xfe7f0006 dd 0xfe5cfffc dd 0xfe37fff1 dd 0xfe14ffe7 dd 0xfdefffdc dd 0xfdccffd1 dd 0x01ca00df dd 0x01a600d4 dd 0x018200c9 dd 0x015e00bf dd 0x013a00b4 dd 0x011600a9 dd 0x00f2009f dd 0x00cd0094 dd 0x00aa0089 dd 0x0085007f dd 0x00620075 dd 0x003d006a dd 0x001a0060 dd 0xfff70055 dd 0xffd3004b dd 0xffaf0040 dd 0xff8a0035 dd 0xff67002b dd 0xff420020 dd 0xff1f0015 dd 0xfefa000b dd 0xfed70001 dd 0xfeb2fff6 dd 0xfe8effed dd 0xfe6affe2 dd 0xfe46ffd7 dd 0xfe22ffcd dd 0xfdfeffc2 dd 0xfddaffb7 dd 0x01d800c6 dd 0x01b500bb dd 0x019000b0 dd 0x016d00a6 dd 0x0148009b dd 0x01250090 dd 0x01010086 dd 0x00dc007b dd 0x00b90070 dd 0x00940066 dd 0x0071005b dd 0x004c0050 dd 0x00290047 dd 0x0004003c dd 0xffe20032 dd 0xffbd0027 dd 0xff99001c dd 0xff750012 dd 0xff510007 dd 0xff2dfffd dd 0xff09fff3 dd 0xfee5ffe8 dd 0xfec1ffdd dd 0xfe9cffd3 dd 0xfe79ffc8 dd 0xfe54ffbd dd 0xfe31ffb4 dd 0xfe0cffa9 dd 0xfde9ff9e dd 0x01e700ac dd 0x01c400a1 dd 0x019f0096 dd 0x017c008d dd 0x01570082 dd 0x01340077 dd 0x010f006d dd 0x00eb0062 dd 0x00c70057 dd 0x00a3004d dd 0x007f0042 dd 0x005b0037 dd 0x0037002d dd 0x00130022 dd 0xfff00019 dd 0xffcc000e dd 0xffa70003 dd 0xff84fffa dd 0xff5fffef dd 0xff3cffe4 dd 0xff17ffda dd 0xfef4ffcf dd 0xfed0ffc4 dd 0xfeabffba dd 0xfe88ffaf dd 0xfe63ffa4 dd 0xfe40ff9a dd 0xfe1bff8f dd 0xfdf8ff85 dd 0x01f70093 dd 0x01d30088 dd 0x01af007d dd 0x018b0073 dd 0x01670068 dd 0x0144005e dd 0x011f0054 dd 0x00fa0049 dd 0x00d7003e dd 0x00b20034 dd 0x008f0029 dd 0x006b001e dd 0x00470014 dd 0x00230009 dd 0x00000000 dd 0xffdcfff5 dd 0xffb7ffea dd 0xff94ffe1 dd 0xff6fffd6 dd 0xff4cffcb dd 0xff27ffc1 dd 0xff04ffb6 dd 0xfedfffab dd 0xfebbffa1 dd 0xfe97ff96 dd 0xfe73ff8b dd 0xfe50ff81 dd 0xfe2bff76 dd 0xfe08ff6b dd 0x02050079 dd 0x01e2006e dd 0x01bd0063 dd 0x019a0059 dd 0x0176004e dd 0x01520043 dd 0x012e0039 dd 0x0109002e dd 0x00e60023 dd 0x00c1001a dd 0x009e000f dd 0x00790004 dd 0x0056fffb dd 0x0031fff0 dd 0x000effe6 dd 0xffeaffdb dd 0xffc6ffd0 dd 0xffa2ffc6 dd 0xff7effbb dd 0xff5affb0 dd 0xff36ffa6 dd 0xff13ff9c dd 0xfeeeff91 dd 0xfec9ff87 dd 0xfea6ff7c dd 0xfe81ff71 dd 0xfe5eff67 dd 0xfe3aff5c dd 0xfe16ff51 dd 0x02140060 dd 0x01f10055 dd 0x01cc004a dd 0x01a90040 dd 0x01840035 dd 0x0161002a dd 0x013c0020 dd 0x01180015 dd 0x00f4000a dd 0x00d00001 dd 0x00acfff6 dd 0x0088ffeb dd 0x0064ffe2 dd 0x0040ffd7 dd 0x001dffcd dd 0xfff9ffc2 dd 0xffd4ffb7 dd 0xffb1ffad dd 0xff8cffa2 dd 0xff69ff97 dd 0xff45ff8d dd 0xff21ff82 dd 0xfefdff77 dd 0xfed8ff6e dd 0xfeb5ff63 dd 0xfe90ff58 dd 0xfe6dff4e dd 0xfe48ff43 dd 0xfe25ff38 dd 0x02230047 dd 0x01ff003c dd 0x01db0031 dd 0x01b70027 dd 0x0193001c dd 0x016f0011 dd 0x014b0007 dd 0x0126fffd dd 0x0103fff2 dd 0x00deffe8 dd 0x00bbffdd dd 0x0096ffd2 dd 0x0073ffc8 dd 0x004fffbd dd 0x002bffb4 dd 0x0007ffa9 dd 0xffe3ff9e dd 0xffc0ff94 dd 0xff9bff89 dd 0xff78ff7e dd 0xff53ff74 dd 0xff30ff69 dd 0xff0bff5e dd 0xfee7ff54 dd 0xfec3ff49 dd 0xfe9fff3e dd 0xfe7bff35 dd 0xfe57ff2a dd 0xfe33ff1f dd 0x0231002c dd 0x020e0021 dd 0x01e90016 dd 0x01c6000c dd 0x01a10002 dd 0x017efff8 dd 0x0159ffee dd 0x0135ffe3 dd 0x0112ffd8 dd 0x00edffce dd 0x00caffc3 dd 0x00a5ffb8 dd 0x0082ffae dd 0x005dffa3 dd 0x003aff99 dd 0x0015ff8e dd 0xfff2ff83 dd 0xffceff7a dd 0xffaaff6f dd 0xff86ff64 dd 0xff62ff5a dd 0xff3eff4f dd 0xff1aff44 dd 0xfef5ff3a dd 0xfed2ff2f dd 0xfeadff24 dd 0xfe8aff1a dd 0xfe65ff0f dd 0xfe42ff04 dd 0x02410013 dd 0x021e0008 dd 0x01f9fffe dd 0x01d6fff4 dd 0x01b1ffe9 dd 0x018effde dd 0x0169ffd4 dd 0x0145ffca dd 0x0121ffbf dd 0x00fdffb5 dd 0x00d9ffaa dd 0x00b5ff9f dd 0x0092ff95 dd 0x006dff8a dd 0x004aff80 dd 0x0025ff75 dd 0x0001ff6a dd 0xffdeff60 dd 0xffbaff55 dd 0xff96ff4a dd 0xff72ff41 dd 0xff4eff36 dd 0xff2aff2b dd 0xff05ff21 dd 0xfee2ff16 dd 0xfebdff0b dd 0xfe9aff01 dd 0xfe75fef6 dd 0xfe52feeb dd 0x0250fffb dd 0x022cfff0 dd 0x0208ffe5 dd 0x01e4ffdb dd 0x01c0ffd0 dd 0x019dffc5 dd 0x0178ffbb dd 0x0153ffb0 dd 0x0130ffa5 dd 0x010bff9c dd 0x00e8ff91 dd 0x00c4ff86 dd 0x00a0ff7c dd 0x007cff71 dd 0x0058ff67 dd 0x0034ff5c dd 0x000fff51 dd 0xffedff47 dd 0xffc8ff3c dd 0xffa5ff31 dd 0xff80ff27 dd 0xff5dff1c dd 0xff38ff12 dd 0xff14ff08 dd 0xfef0fefd dd 0xfeccfef2 dd 0xfea9fee8 dd 0xfe84fedd dd 0xfe61fed2 dd 0x025effe1 dd 0x023bffd6 dd 0x0216ffcb dd 0x01f3ffc1 dd 0x01cfffb6 dd 0x01abffab dd 0x0187ffa1 dd 0x0162ff96 dd 0x013fff8b dd 0x011aff81 dd 0x00f7ff76 dd 0x00d2ff6b dd 0x00afff61 dd 0x008aff57 dd 0x0067ff4d dd 0x0042ff42 dd 0x001eff37 dd 0xfffbff2d dd 0xffd7ff22 dd 0xffb3ff17 dd 0xff8fff0d dd 0xff6cff02 dd 0xff47fef7 dd 0xff22feed dd 0xfefffee2 dd 0xfedafed7 dd 0xfeb7fece dd 0xfe93fec3 dd 0xfe6ffeb8 dd 0x026dffc7 dd 0x024affbc dd 0x0225ffb1 dd 0x0202ffa8 dd 0x01ddff9d dd 0x01baff92 dd 0x0195ff88 dd 0x0171ff7d dd 0x014dff72 dd 0x0129ff68 dd 0x0105ff5d dd 0x00e1ff52 dd 0x00bdff48 dd 0x0099ff3d dd 0x0076ff33 dd 0x0051ff29 dd 0x002cff1e dd 0x0009ff14 dd 0xffe5ff09 dd 0xffc2fefe dd 0xff9efef4 dd 0xff7afee9 dd 0xff56fede dd 0xff31fed4 dd 0xff0efec9 dd 0xfee9febe dd 0xfec6feb4 dd 0xfea1fea9 dd 0xfe7efe9f dd 0x027dffae dd 0x0259ffa3 dd 0x0235ff98 dd 0x0212ff8e dd 0x01edff83 dd 0x01caff78 dd 0x01a5ff6f dd 0x0181ff64 dd 0x015dff59 dd 0x0139ff4f dd 0x0115ff44 dd 0x00f1ff39 dd 0x00cdff2f dd 0x00a9ff24 dd 0x0085ff1a dd 0x0061ff0f dd 0x003cff04 dd 0x0019fefb dd 0xfff5fef0 dd 0xffd2fee5 dd 0xffadfedb dd 0xff8afed0 dd 0xff65fec5 dd 0xff41febb dd 0xff1efeb0 dd 0xfef9fea5 dd 0xfed6fe9b dd 0xfeb1fe90 dd 0xfe8efe85 dd 0x028bff94 dd 0x0268ff89 dd 0x0244ff7e dd 0x0220ff74 dd 0x01fcff69 dd 0x01d8ff5e dd 0x01b4ff54 dd 0x018fff49 dd 0x016cff3e dd 0x0147ff35 dd 0x0124ff2a dd 0x00ffff1f dd 0x00dcff15 dd 0x00b7ff0a dd 0x0094ff00 dd 0x006ffef5 dd 0x004bfeea dd 0x0028fee0 dd 0x0003fed5 dd 0xffe1feca dd 0xffbcfec0 dd 0xff99feb6 dd 0xff74feab dd 0xff50fea1 dd 0xff2cfe96 dd 0xff08fe8b dd 0xfee4fe81 dd 0xfec0fe76 dd 0xfe9cfe6b dd 0x029aff7b dd 0x0277ff70 dd 0x0252ff65 dd 0x022fff5b dd 0x020aff50 dd 0x01e7ff45 dd 0x01c2ff3b dd 0x019eff30 dd 0x017aff25 dd 0x0156ff1b dd 0x0132ff10 dd 0x010eff05 dd 0x00ebfefc dd 0x00c6fef1 dd 0x00a3fee7 dd 0x007efedc dd 0x0059fed1 dd 0x0036fec7 dd 0x0012febc dd 0xffeffeb1 dd 0xffcbfea7 dd 0xffa7fe9c dd 0xff83fe91 dd 0xff5efe88 dd 0xff3bfe7d dd 0xff16fe72 dd 0xfef3fe68 dd 0xfecefe5d dd 0xfeabfe52 dd 0x02a9ff61 dd 0x0285ff57 dd 0x0261ff4c dd 0x023dff42 dd 0x0219ff37 dd 0x01f6ff2c dd 0x01d1ff22 dd 0x01acff17 dd 0x0189ff0c dd 0x0164ff02 dd 0x0141fef7 dd 0x011dfeec dd 0x00f9fee2 dd 0x00d5fed7 dd 0x00b1fece dd 0x008dfec3 dd 0x0068feb8 dd 0x0045feae dd 0x0020fea3 dd 0xfffefe98 dd 0xffd9fe8e dd 0xffb6fe83 dd 0xff91fe78 dd 0xff6dfe6e dd 0xff49fe63 dd 0xff25fe58 dd 0xff01fe4f dd 0xfeddfe44 dd 0xfebafe39 dd 0x02b9ff47 dd 0x0295ff3c dd 0x0271ff31 dd 0x024dff27 dd 0x0229ff1c dd 0x0205ff12 dd 0x01e1ff08 dd 0x01bcfefd dd 0x0199fef2 dd 0x0174fee8 dd 0x0151fedd dd 0x012cfed2 dd 0x0109fec8 dd 0x00e4febd dd 0x00c1feb3 dd 0x009dfea8 dd 0x0078fe9d dd 0x0055fe94 dd 0x0030fe89 dd 0x000dfe7e dd 0xffe9fe74 dd 0xffc6fe69 dd 0xffa1fe5e dd 0xff7dfe54 dd 0xff59fe49 dd 0xff35fe3e dd 0xff11fe34 dd 0xfeedfe29 dd 0xfec9fe1e dd 0x02c7ff2e dd 0x02a4ff23 dd 0x027fff18 dd 0x025cff0e dd 0x0237ff03 dd 0x0214fef8 dd 0x01effeee dd 0x01cbfee4 dd 0x01a8fed9 dd 0x0183fecf dd 0x0160fec4 dd 0x013bfeb9 dd 0x0118feaf dd 0x00f3fea4 dd 0x00d0fe9a dd 0x00abfe8f dd 0x0087fe84 dd 0x0063fe7a dd 0x003ffe6f dd 0x001bfe64 dd 0xfff8fe5b dd 0xffd4fe50 dd 0xffb0fe45 dd 0xff8bfe3b dd 0xff68fe30 dd 0xff43fe25 dd 0xff20fe1b dd 0xfefbfe10 dd 0xfed8fe05 dd 0xfed601f7 dd 0xfec701de dd 0xfeb801c5 dd 0xfeaa01ab dd 0xfe9a0191 dd 0xfe8b0178 dd 0xfe7d015e dd 0xfe6e0145 dd 0xfe5f012c dd 0xfe500111 dd 0xfe4100f8 dd 0xfe3200df dd 0xfe2400c5 dd 0xfe1500ab dd 0xfe060092 dd 0xfdf70078 dd 0xfde8005f dd 0xfdd90044 dd 0xfdcb002b dd 0xfdbc0012 dd 0xfdacfff9 dd 0xfd9effe0 dd 0xfd8fffc6 dd 0xfd80ffac dd 0xfd72ff93 dd 0xfd62ff7a dd 0xfd53ff5f dd 0xfd45ff46 dd 0xfd36ff2d dd 0xfefa01ec dd 0xfeec01d3 dd 0xfedd01ba dd 0xfece01a0 dd 0xfebe0186 dd 0xfeb0016d dd 0xfea10153 dd 0xfe93013a dd 0xfe840121 dd 0xfe740106 dd 0xfe6500ed dd 0xfe5700d4 dd 0xfe4800ba dd 0xfe3a00a0 dd 0xfe2b0087 dd 0xfe1b006d dd 0xfe0c0054 dd 0xfdfe0039 dd 0xfdef0020 dd 0xfde10007 dd 0xfdd1ffee dd 0xfdc2ffd5 dd 0xfdb3ffbb dd 0xfda5ffa1 dd 0xfd96ff88 dd 0xfd86ff6f dd 0xfd78ff54 dd 0xfd69ff3b dd 0xfd5aff22 dd 0xff1f01e2 dd 0xff1001c9 dd 0xff0101b0 dd 0xfef30196 dd 0xfee3017d dd 0xfed40163 dd 0xfec60149 dd 0xfeb70130 dd 0xfea90117 dd 0xfe9900fc dd 0xfe8a00e3 dd 0xfe7b00ca dd 0xfe6d00b0 dd 0xfe5e0097 dd 0xfe50007d dd 0xfe400063 dd 0xfe31004a dd 0xfe220030 dd 0xfe140016 dd 0xfe05fffe dd 0xfdf5ffe4 dd 0xfde7ffcb dd 0xfdd8ffb2 dd 0xfdc9ff97 dd 0xfdbbff7e dd 0xfdabff65 dd 0xfd9cff4b dd 0xfd8eff31 dd 0xfd7fff18 dd 0xff4201d7 dd 0xff3301be dd 0xff2501a5 dd 0xff16018b dd 0xff060172 dd 0xfef80158 dd 0xfee9013e dd 0xfeda0125 dd 0xfecc010c dd 0xfebc00f1 dd 0xfead00d8 dd 0xfe9f00bf dd 0xfe9000a5 dd 0xfe81008c dd 0xfe730072 dd 0xfe630058 dd 0xfe54003f dd 0xfe460025 dd 0xfe37000b dd 0xfe29fff3 dd 0xfe19ffd9 dd 0xfe0affc0 dd 0xfdfbffa7 dd 0xfdedff8c dd 0xfddeff73 dd 0xfdceff5a dd 0xfdc0ff40 dd 0xfdb1ff26 dd 0xfda2ff0d dd 0xff6701ce dd 0xff5801b4 dd 0xff49019b dd 0xff3b0181 dd 0xff2b0168 dd 0xff1c014f dd 0xff0e0134 dd 0xfeff011b dd 0xfef00102 dd 0xfee100e8 dd 0xfed200ce dd 0xfec300b5 dd 0xfeb5009b dd 0xfea60082 dd 0xfe970069 dd 0xfe88004e dd 0xfe790035 dd 0xfe6a001b dd 0xfe5c0002 dd 0xfe4dffe9 dd 0xfe3dffcf dd 0xfe2fffb6 dd 0xfe20ff9d dd 0xfe11ff82 dd 0xfe03ff69 dd 0xfdf3ff50 dd 0xfde4ff36 dd 0xfdd6ff1d dd 0xfdc7ff03 dd 0xff8a01c3 dd 0xff7b01a9 dd 0xff6d0190 dd 0xff5e0176 dd 0xff4e015d dd 0xff400144 dd 0xff310129 dd 0xff220110 dd 0xff1400f7 dd 0xff0400dd dd 0xfef500c3 dd 0xfee700aa dd 0xfed80090 dd 0xfec90077 dd 0xfebb005e dd 0xfeab0043 dd 0xfe9c002a dd 0xfe8e0010 dd 0xfe7ffff8 dd 0xfe70ffde dd 0xfe61ffc4 dd 0xfe52ffab dd 0xfe43ff92 dd 0xfe35ff77 dd 0xfe26ff5e dd 0xfe16ff45 dd 0xfe08ff2b dd 0xfdf9ff12 dd 0xfdeafef8 dd 0xffaf01b8 dd 0xffa0019f dd 0xff910185 dd 0xff83016b dd 0xff730152 dd 0xff640139 dd 0xff56011e dd 0xff470105 dd 0xff3800ec dd 0xff2900d2 dd 0xff1a00b9 dd 0xff0b009f dd 0xfefd0085 dd 0xfeee006c dd 0xfedf0053 dd 0xfed00038 dd 0xfec1001f dd 0xfeb20005 dd 0xfea4ffed dd 0xfe95ffd3 dd 0xfe85ffb9 dd 0xfe77ffa0 dd 0xfe68ff87 dd 0xfe59ff6d dd 0xfe4bff53 dd 0xfe3bff3a dd 0xfe2cff20 dd 0xfe1eff07 dd 0xfe0ffeed dd 0xffd201ae dd 0xffc30195 dd 0xffb5017b dd 0xffa60161 dd 0xff960148 dd 0xff88012f dd 0xff790115 dd 0xff6a00fb dd 0xff5c00e2 dd 0xff4c00c8 dd 0xff3d00af dd 0xff2f0095 dd 0xff20007b dd 0xff110062 dd 0xff030049 dd 0xfef3002f dd 0xfee40015 dd 0xfed6fffc dd 0xfec7ffe3 dd 0xfeb8ffca dd 0xfea9ffaf dd 0xfe9aff96 dd 0xfe8bff7d dd 0xfe7dff63 dd 0xfe6eff49 dd 0xfe5eff30 dd 0xfe50ff16 dd 0xfe41fefd dd 0xfe32fee4 dd 0xfff701a3 dd 0xffe8018a dd 0xffd90171 dd 0xffcb0156 dd 0xffbb013d dd 0xffac0124 dd 0xff9e010a dd 0xff8f00f0 dd 0xff8000d7 dd 0xff7000bd dd 0xff6200a4 dd 0xff53008b dd 0xff450070 dd 0xff360057 dd 0xff27003e dd 0xff170024 dd 0xff09000a dd 0xfefafff1 dd 0xfeecffd8 dd 0xfeddffbf dd 0xfecdffa4 dd 0xfebeff8b dd 0xfeb0ff72 dd 0xfea1ff58 dd 0xfe93ff3f dd 0xfe83ff25 dd 0xfe74ff0b dd 0xfe65fef2 dd 0xfe57fed9 dd 0x001a0199 dd 0x000b0180 dd 0xfffe0167 dd 0xffef014c dd 0xffdf0133 dd 0xffd1011a dd 0xffc20100 dd 0xffb300e7 dd 0xffa500cd dd 0xff9500b3 dd 0xff86009a dd 0xff780081 dd 0xff690066 dd 0xff5a004d dd 0xff4c0034 dd 0xff3c001a dd 0xff2d0001 dd 0xff1fffe7 dd 0xff10ffce dd 0xff01ffb5 dd 0xfef2ff9b dd 0xfee3ff81 dd 0xfed4ff68 dd 0xfec6ff4e dd 0xfeb7ff35 dd 0xfea7ff1b dd 0xfe99ff01 dd 0xfe8afee8 dd 0xfe7bfecf dd 0x003d018e dd 0x002f0175 dd 0x0020015c dd 0x00120141 dd 0x00020128 dd 0xfff4010f dd 0xffe500f5 dd 0xffd700dc dd 0xffc800c2 dd 0xffb800a8 dd 0xffaa008f dd 0xff9b0076 dd 0xff8c005b dd 0xff7e0042 dd 0xff6f0029 dd 0xff5f000f dd 0xff51fff7 dd 0xff42ffdc dd 0xff33ffc3 dd 0xff25ffaa dd 0xff15ff90 dd 0xff06ff76 dd 0xfef8ff5d dd 0xfee9ff43 dd 0xfedaff2a dd 0xfecbff11 dd 0xfebcfef6 dd 0xfeadfedd dd 0xfe9ffec4 dd 0x00620183 dd 0x0053016a dd 0x00450151 dd 0x00360136 dd 0x0026011d dd 0x00180104 dd 0x000900ea dd 0xfffb00d1 dd 0xffed00b7 dd 0xffdd009d dd 0xffce0084 dd 0xffc0006b dd 0xffb10050 dd 0xffa20037 dd 0xff94001e dd 0xff840004 dd 0xff75ffec dd 0xff67ffd1 dd 0xff58ffb8 dd 0xff49ff9f dd 0xff3aff85 dd 0xff2bff6b dd 0xff1cff52 dd 0xff0eff38 dd 0xfeffff1f dd 0xfeefff06 dd 0xfee1feeb dd 0xfed2fed2 dd 0xfec3feb9 dd 0x00850179 dd 0x00770160 dd 0x00680147 dd 0x0059012d dd 0x004a0113 dd 0x003b00fa dd 0x002c00e0 dd 0x001e00c7 dd 0x000f00ae dd 0x00000093 dd 0xfff2007a dd 0xffe30061 dd 0xffd40047 dd 0xffc6002d dd 0xffb70014 dd 0xffa7fffb dd 0xff99ffe2 dd 0xff8affc7 dd 0xff7bffae dd 0xff6dff95 dd 0xff5dff7b dd 0xff4eff62 dd 0xff40ff48 dd 0xff31ff2e dd 0xff22ff15 dd 0xff13fefc dd 0xff04fee1 dd 0xfef5fec8 dd 0xfee7feaf dd 0x00aa016e dd 0x009b0155 dd 0x008d013c dd 0x007e0122 dd 0x006e0108 dd 0x006000ef dd 0x005100d5 dd 0x004200bc dd 0x003400a3 dd 0x00240088 dd 0x0015006f dd 0x00070056 dd 0xfff9003c dd 0xffea0022 dd 0xffdc0009 dd 0xffccfff0 dd 0xffbdffd7 dd 0xffafffbc dd 0xffa0ffa3 dd 0xff91ff8a dd 0xff81ff70 dd 0xff73ff57 dd 0xff64ff3d dd 0xff56ff23 dd 0xff47ff0a dd 0xff37fef1 dd 0xff29fed6 dd 0xff1afebd dd 0xff0bfea4 dd 0x00cf0164 dd 0x00c0014b dd 0x00b10132 dd 0x00a30118 dd 0x009300ff dd 0x008400e5 dd 0x007600cb dd 0x006700b2 dd 0x00580099 dd 0x0048007e dd 0x003a0065 dd 0x002b004c dd 0x001d0032 dd 0x000e0019 dd 0x00000000 dd 0xfff0ffe6 dd 0xffe2ffcd dd 0xffd3ffb3 dd 0xffc5ff99 dd 0xffb6ff80 dd 0xffa6ff66 dd 0xff97ff4d dd 0xff89ff34 dd 0xff7aff19 dd 0xff6cff00 dd 0xff5cfee7 dd 0xff4dfecd dd 0xff3efeb3 dd 0xff30fe9a dd 0x00f2015a dd 0x00e30140 dd 0x00d50127 dd 0x00c6010d dd 0x00b600f4 dd 0x00a800da dd 0x009900c0 dd 0x008a00a7 dd 0x007c008e dd 0x006c0074 dd 0x005d005a dd 0x004f0041 dd 0x00400027 dd 0x0031000e dd 0x0023fff5 dd 0x0013ffdb dd 0x0004ffc2 dd 0xfff7ffa8 dd 0xffe8ff8e dd 0xffd9ff75 dd 0xffc9ff5b dd 0xffbbff42 dd 0xffacff29 dd 0xff9eff0e dd 0xff8ffef5 dd 0xff7ffedc dd 0xff70fec2 dd 0xff62fea8 dd 0xff53fe8f dd 0x0116014f dd 0x01080135 dd 0x00f9011c dd 0x00eb0102 dd 0x00db00e9 dd 0x00cc00d0 dd 0x00bd00b5 dd 0x00af009c dd 0x00a00083 dd 0x00900069 dd 0x0082004f dd 0x00730036 dd 0x0064001c dd 0x00560003 dd 0x0047ffea dd 0x0037ffd0 dd 0x0029ffb7 dd 0x001aff9d dd 0x000bff84 dd 0xfffeff6a dd 0xffeeff50 dd 0xffdfff37 dd 0xffd1ff1e dd 0xffc2ff03 dd 0xffb3feea dd 0xffa4fed1 dd 0xff95feb7 dd 0xff86fe9e dd 0xff78fe84 dd 0x013a0145 dd 0x012b012c dd 0x011d0112 dd 0x010e00f8 dd 0x00fe00df dd 0x00ef00c6 dd 0x00e100ab dd 0x00d20092 dd 0x00c40079 dd 0x00b4005f dd 0x00a50046 dd 0x0096002c dd 0x00880012 dd 0x0079fffa dd 0x006bffe1 dd 0x005bffc6 dd 0x004cffad dd 0x003dff93 dd 0x002fff7a dd 0x0020ff60 dd 0x0010ff46 dd 0x0002ff2d dd 0xfff4ff14 dd 0xffe5fefa dd 0xffd7fee0 dd 0xffc7fec7 dd 0xffb8fead dd 0xffaafe94 dd 0xff9bfe7a dd 0x015e013a dd 0x01500121 dd 0x01410107 dd 0x013200ed dd 0x012300d4 dd 0x011400bb dd 0x010500a0 dd 0x00f70087 dd 0x00e8006e dd 0x00d80054 dd 0x00ca003b dd 0x00bb0021 dd 0x00ac0007 dd 0x009effef dd 0x008fffd6 dd 0x007fffbb dd 0x0071ffa2 dd 0x0062ff88 dd 0x0053ff6f dd 0x0045ff56 dd 0x0035ff3b dd 0x0026ff22 dd 0x0018ff09 dd 0x0009feef dd 0xfffbfed5 dd 0xffecfebc dd 0xffddfea2 dd 0xffcefe89 dd 0xffc0fe70 dd 0x0182012f dd 0x01730116 dd 0x016400fc dd 0x015600e2 dd 0x014600c9 dd 0x013700b0 dd 0x01290095 dd 0x011a007c dd 0x010b0063 dd 0x00fc0049 dd 0x00ed0030 dd 0x00de0016 dd 0x00d0fffd dd 0x00c1ffe4 dd 0x00b2ffcb dd 0x00a3ffb0 dd 0x0094ff97 dd 0x0085ff7d dd 0x0077ff64 dd 0x0068ff4b dd 0x0058ff30 dd 0x004aff17 dd 0x003bfefe dd 0x002cfee4 dd 0x001efeca dd 0x000efeb1 dd 0x0000fe97 dd 0xfff2fe7e dd 0xffe3fe65 dd 0x01a60125 dd 0x0198010c dd 0x018900f3 dd 0x017a00d8 dd 0x016b00bf dd 0x015c00a6 dd 0x014d008c dd 0x013f0072 dd 0x01300059 dd 0x0120003f dd 0x01120026 dd 0x0103000d dd 0x00f4fff3 dd 0x00e6ffda dd 0x00d7ffc1 dd 0x00c7ffa7 dd 0x00b9ff8d dd 0x00aaff73 dd 0x009bff5a dd 0x008dff41 dd 0x007dff26 dd 0x006eff0d dd 0x0060fef4 dd 0x0051feda dd 0x0042fec1 dd 0x0032fea7 dd 0x0024fe8d dd 0x0015fe74 dd 0x0007fe5b dd 0x01cb011a dd 0x01bc0101 dd 0x01ae00e8 dd 0x019f00cd dd 0x018f00b4 dd 0x0181009b dd 0x01720081 dd 0x01630067 dd 0x0155004e dd 0x01450034 dd 0x0136001b dd 0x01280002 dd 0x0119ffe8 dd 0x010affcf dd 0x00fcffb6 dd 0x00ecff9c dd 0x00ddff82 dd 0x00cfff68 dd 0x00c0ff4f dd 0x00b1ff36 dd 0x00a1ff1b dd 0x0093ff02 dd 0x0084fee9 dd 0x0076fecf dd 0x0067feb6 dd 0x0057fe9c dd 0x0048fe82 dd 0x003afe69 dd 0x002bfe50 dd 0x01ee0110 dd 0x01e000f7 dd 0x01d100de dd 0x01c200c3 dd 0x01b200aa dd 0x01a40091 dd 0x01950077 dd 0x0187005e dd 0x01780044 dd 0x0168002a dd 0x01590011 dd 0x014bfff9 dd 0x013cffde dd 0x012effc5 dd 0x011fffac dd 0x010fff92 dd 0x0101ff79 dd 0x00f2ff5e dd 0x00e3ff45 dd 0x00d5ff2c dd 0x00c5ff12 dd 0x00b6fef8 dd 0x00a8fedf dd 0x0099fec5 dd 0x008afeac dd 0x007afe93 dd 0x006cfe78 dd 0x005dfe5f dd 0x004ffe46 dd 0x02130105 dd 0x020400ec dd 0x01f600d3 dd 0x01e700b9 dd 0x01d7009f dd 0x01c80086 dd 0x01ba006c dd 0x01ab0053 dd 0x019d0039 dd 0x018d001f dd 0x017e0006 dd 0x016fffee dd 0x0161ffd3 dd 0x0152ffba dd 0x0144ffa1 dd 0x0134ff87 dd 0x0125ff6e dd 0x0116ff53 dd 0x0108ff3a dd 0x00f9ff21 dd 0x00e9ff07 dd 0x00dbfeed dd 0x00ccfed4 dd 0x00bdfeba dd 0x00affea1 dd 0x009ffe88 dd 0x0090fe6d dd 0x0082fe54 dd 0x0073fe3b dd 0x023600fa dd 0x022800e1 dd 0x021900c8 dd 0x020a00ae dd 0x01fa0094 dd 0x01ec007b dd 0x01dd0061 dd 0x01cf0048 dd 0x01c0002f dd 0x01b00014 dd 0x01a1fffc dd 0x0193ffe3 dd 0x0184ffc9 dd 0x0176ffaf dd 0x0167ff96 dd 0x0157ff7c dd 0x0148ff63 dd 0x013aff48 dd 0x012bff2f dd 0x011dff16 dd 0x010dfefc dd 0x00fefee3 dd 0x00effec9 dd 0x00e1feaf dd 0x00d2fe96 dd 0x00c2fe7d dd 0x00b4fe62 dd 0x00a5fe49 dd 0x0096fe30 dd 0x025b00f0 dd 0x024c00d7 dd 0x023d00be dd 0x022f00a4 dd 0x021f008b dd 0x02100071 dd 0x02020057 dd 0x01f3003e dd 0x01e40025 dd 0x01d5000a dd 0x01c6fff2 dd 0x01b7ffd9 dd 0x01a9ffbf dd 0x019affa5 dd 0x018bff8c dd 0x017cff72 dd 0x016dff59 dd 0x015eff3f dd 0x0150ff25 dd 0x0141ff0c dd 0x0131fef2 dd 0x0123fed9 dd 0x0114febf dd 0x0105fea5 dd 0x00f7fe8c dd 0x00e7fe73 dd 0x00d8fe59 dd 0x00cafe3f dd 0x00bbfe26 dd 0x027e00e5 dd 0x026f00cc dd 0x026100b3 dd 0x02520099 dd 0x02420080 dd 0x02340066 dd 0x0225004c dd 0x02160033 dd 0x0208001a dd 0x01f80000 dd 0x01e9ffe7 dd 0x01dbffce dd 0x01ccffb4 dd 0x01bdff9b dd 0x01afff81 dd 0x019fff67 dd 0x0190ff4e dd 0x0182ff34 dd 0x0173ff1a dd 0x0164ff01 dd 0x0155fee7 dd 0x0146fece dd 0x0137feb5 dd 0x0129fe9a dd 0x011afe81 dd 0x010afe68 dd 0x00fcfe4e dd 0x00edfe34 dd 0x00defe1b dd 0x02a300dc dd 0x029400c2 dd 0x028500a9 dd 0x0277008f dd 0x02670076 dd 0x0258005d dd 0x024a0042 dd 0x023b0029 dd 0x022c0010 dd 0x021dfff7 dd 0x020effdd dd 0x01ffffc4 dd 0x01f1ffaa dd 0x01e2ff91 dd 0x01d3ff77 dd 0x01c4ff5d dd 0x01b5ff44 dd 0x01a6ff2a dd 0x0198ff11 dd 0x0189fef7 dd 0x0179fedd dd 0x016bfec4 dd 0x015cfeab dd 0x014dfe90 dd 0x013ffe77 dd 0x012ffe5e dd 0x0120fe44 dd 0x0112fe2b dd 0x0103fe11 dd 0x02c700d1 dd 0x02b900b7 dd 0x02aa009e dd 0x029b0084 dd 0x028b006b dd 0x027d0052 dd 0x026e0037 dd 0x0260001e dd 0x02510005 dd 0x0241ffec dd 0x0232ffd2 dd 0x0224ffb9 dd 0x0215ff9f dd 0x0207ff86 dd 0x01f8ff6d dd 0x01e8ff52 dd 0x01d9ff39 dd 0x01cbff1f dd 0x01bcff06 dd 0x01aefeec dd 0x019efed2 dd 0x018ffeb9 dd 0x0181fea0 dd 0x0172fe85 dd 0x0163fe6c dd 0x0153fe53 dd 0x0145fe39 dd 0x0136fe20 dd 0x0128fe06 dd 0xfd3600d0 dd 0xfd4600b6 dd 0xfd54009d dd 0xfd630083 dd 0xfd72006a dd 0xfd800050 dd 0xfd900036 dd 0xfd9f001d dd 0xfdad0004 dd 0xfdbcffea dd 0xfdccffd1 dd 0xfddaffb8 dd 0xfde9ff9e dd 0xfdf8ff85 dd 0xfe08ff6b dd 0xfe16ff51 dd 0xfe25ff38 dd 0xfe33ff1e dd 0xfe42ff04 dd 0xfe52feeb dd 0xfe61fed1 dd 0xfe6ffeb8 dd 0xfe7efe9f dd 0xfe8efe84 dd 0xfe9cfe6b dd 0xfeabfe52 dd 0xfebafe38 dd 0xfec8fe1e dd 0xfed8fe05 dd 0xfd5900da dd 0xfd6900c1 dd 0xfd7800a8 dd 0xfd86008e dd 0xfd950075 dd 0xfda4005b dd 0xfdb30041 dd 0xfdc20028 dd 0xfdd1000f dd 0xfddffff5 dd 0xfdefffdc dd 0xfdfeffc3 dd 0xfe0cffa9 dd 0xfe1bff90 dd 0xfe2bff76 dd 0xfe3aff5c dd 0xfe48ff43 dd 0xfe57ff29 dd 0xfe65ff0f dd 0xfe75fef6 dd 0xfe84fedc dd 0xfe93fec3 dd 0xfea1feaa dd 0xfeb1fe8f dd 0xfec0fe76 dd 0xfecefe5d dd 0xfeddfe43 dd 0xfeecfe29 dd 0xfefbfe10 dd 0xfd7e00e5 dd 0xfd8e00cc dd 0xfd9c00b3 dd 0xfdab0099 dd 0xfdba0080 dd 0xfdc80066 dd 0xfdd8004c dd 0xfde70033 dd 0xfdf5001a dd 0xfe040000 dd 0xfe14ffe7 dd 0xfe22ffce dd 0xfe31ffb4 dd 0xfe40ff9b dd 0xfe50ff81 dd 0xfe5eff67 dd 0xfe6dff4e dd 0xfe7bff34 dd 0xfe8aff1a dd 0xfe9aff01 dd 0xfea9fee7 dd 0xfeb7fece dd 0xfec6feb5 dd 0xfed6fe9a dd 0xfee4fe81 dd 0xfef3fe68 dd 0xff01fe4e dd 0xff10fe34 dd 0xff20fe1b dd 0xfda100ef dd 0xfdb100d6 dd 0xfdc000bd dd 0xfdce00a3 dd 0xfddd0089 dd 0xfdec0070 dd 0xfdfb0056 dd 0xfe0a003d dd 0xfe190024 dd 0xfe270009 dd 0xfe37fff1 dd 0xfe46ffd8 dd 0xfe54ffbe dd 0xfe63ffa4 dd 0xfe73ff8b dd 0xfe81ff71 dd 0xfe90ff58 dd 0xfe9fff3d dd 0xfeadff24 dd 0xfebdff0b dd 0xfeccfef1 dd 0xfedafed8 dd 0xfee9febe dd 0xfef9fea4 dd 0xff08fe8b dd 0xff16fe72 dd 0xff25fe57 dd 0xff33fe3e dd 0xff43fe25 dd 0xfdc600fa dd 0xfdd600e1 dd 0xfde400c8 dd 0xfdf300ae dd 0xfe010094 dd 0xfe10007b dd 0xfe200061 dd 0xfe2f0048 dd 0xfe3d002f dd 0xfe4c0014 dd 0xfe5cfffc dd 0xfe6affe3 dd 0xfe79ffc9 dd 0xfe88ffaf dd 0xfe97ff96 dd 0xfea6ff7c dd 0xfeb5ff63 dd 0xfec3ff48 dd 0xfed2ff2f dd 0xfee2ff16 dd 0xfef0fefc dd 0xfefffee3 dd 0xff0efec9 dd 0xff1efeaf dd 0xff2cfe96 dd 0xff3bfe7d dd 0xff49fe62 dd 0xff58fe49 dd 0xff68fe30 dd 0xfde90105 dd 0xfdf900ec dd 0xfe0800d3 dd 0xfe1600b9 dd 0xfe25009f dd 0xfe330086 dd 0xfe43006c dd 0xfe520053 dd 0xfe610039 dd 0xfe6f001f dd 0xfe7f0006 dd 0xfe8effee dd 0xfe9cffd3 dd 0xfeabffba dd 0xfebbffa1 dd 0xfec9ff87 dd 0xfed8ff6e dd 0xfee7ff53 dd 0xfef5ff3a dd 0xff05ff21 dd 0xff14ff07 dd 0xff22feed dd 0xff31fed4 dd 0xff41feba dd 0xff50fea1 dd 0xff5efe88 dd 0xff6dfe6d dd 0xff7bfe54 dd 0xff8bfe3b dd 0xfe0e010f dd 0xfe1e00f6 dd 0xfe2c00dd dd 0xfe3b00c2 dd 0xfe4900a9 dd 0xfe580090 dd 0xfe680076 dd 0xfe77005d dd 0xfe850043 dd 0xfe940029 dd 0xfea40010 dd 0xfeb2fff8 dd 0xfec1ffdd dd 0xfed0ffc4 dd 0xfedfffab dd 0xfeeeff91 dd 0xfefdff77 dd 0xff0bff5d dd 0xff1aff44 dd 0xff2aff2b dd 0xff38ff11 dd 0xff47fef7 dd 0xff56fede dd 0xff65fec4 dd 0xff74feab dd 0xff83fe91 dd 0xff91fe77 dd 0xffa0fe5e dd 0xffb0fe45 dd 0xfe32011a dd 0xfe420101 dd 0xfe5100e8 dd 0xfe5f00cd dd 0xfe6e00b4 dd 0xfe7d009b dd 0xfe8c0081 dd 0xfe9b0067 dd 0xfeaa004e dd 0xfeb80034 dd 0xfec8001b dd 0xfed70002 dd 0xfee5ffe8 dd 0xfef4ffcf dd 0xff04ffb6 dd 0xff13ff9c dd 0xff21ff82 dd 0xff30ff68 dd 0xff3eff4f dd 0xff4eff36 dd 0xff5dff1b dd 0xff6cff02 dd 0xff7afee9 dd 0xff8afecf dd 0xff99feb6 dd 0xffa7fe9c dd 0xffb6fe82 dd 0xffc5fe69 dd 0xffd4fe50 dd 0xfe560125 dd 0xfe65010c dd 0xfe7400f3 dd 0xfe8300d8 dd 0xfe9100bf dd 0xfea000a6 dd 0xfeb0008c dd 0xfebe0072 dd 0xfecd0059 dd 0xfedc003f dd 0xfeec0026 dd 0xfefa000d dd 0xff09fff3 dd 0xff17ffda dd 0xff27ffc1 dd 0xff36ffa7 dd 0xff45ff8d dd 0xff53ff73 dd 0xff62ff5a dd 0xff72ff41 dd 0xff80ff26 dd 0xff8fff0d dd 0xff9efef4 dd 0xffadfeda dd 0xffbcfec1 dd 0xffcbfea7 dd 0xffd9fe8d dd 0xffe8fe74 dd 0xfff8fe5b dd 0xfe7a012f dd 0xfe8a0116 dd 0xfe9900fc dd 0xfea700e2 dd 0xfeb600c9 dd 0xfec500b0 dd 0xfed40095 dd 0xfee3007c dd 0xfef20063 dd 0xff000049 dd 0xff100030 dd 0xff1f0016 dd 0xff2dfffd dd 0xff3cffe4 dd 0xff4cffcb dd 0xff5affb0 dd 0xff69ff97 dd 0xff78ff7d dd 0xff86ff64 dd 0xff96ff4b dd 0xffa5ff30 dd 0xffb3ff17 dd 0xffc2fefe dd 0xffd2fee4 dd 0xffe1feca dd 0xffeffeb1 dd 0xfffefe97 dd 0x000bfe7e dd 0x001bfe65 dd 0xfe9e013a dd 0xfead0121 dd 0xfebc0107 dd 0xfecb00ed dd 0xfed900d4 dd 0xfee800bb dd 0xfef800a0 dd 0xff060087 dd 0xff15006e dd 0xff240054 dd 0xff33003b dd 0xff420021 dd 0xff510007 dd 0xff5fffef dd 0xff6fffd6 dd 0xff7effbb dd 0xff8cffa2 dd 0xff9bff88 dd 0xffaaff6f dd 0xffbaff56 dd 0xffc8ff3b dd 0xffd7ff22 dd 0xffe5ff09 dd 0xfff5feef dd 0x0003fed5 dd 0x0012febc dd 0x0020fea2 dd 0x002ffe89 dd 0x003ffe70 dd 0xfec20145 dd 0xfed2012c dd 0xfee10112 dd 0xfeef00f8 dd 0xfefe00df dd 0xff0c00c6 dd 0xff1c00ab dd 0xff2b0092 dd 0xff3a0079 dd 0xff48005f dd 0xff580046 dd 0xff67002c dd 0xff750012 dd 0xff84fffa dd 0xff94ffe1 dd 0xffa2ffc6 dd 0xffb1ffad dd 0xffc0ff93 dd 0xffceff7a dd 0xffdeff60 dd 0xffedff46 dd 0xfffbff2d dd 0x0009ff14 dd 0x0019fefa dd 0x0028fee0 dd 0x0036fec7 dd 0x0045fead dd 0x0053fe94 dd 0x0063fe7a dd 0xfee5014f dd 0xfef50135 dd 0xff04011c dd 0xff130102 dd 0xff2100e9 dd 0xff3000d0 dd 0xff4000b5 dd 0xff4e009c dd 0xff5d0083 dd 0xff6c0069 dd 0xff7b004f dd 0xff8a0036 dd 0xff99001c dd 0xffa70003 dd 0xffb7ffea dd 0xffc6ffd0 dd 0xffd4ffb7 dd 0xffe3ff9d dd 0xfff2ff84 dd 0x0001ff6a dd 0x000fff50 dd 0x001eff37 dd 0x002cff1e dd 0x003cff03 dd 0x004bfeea dd 0x0059fed1 dd 0x0068feb7 dd 0x0077fe9e dd 0x0087fe84 dd 0xff0a015a dd 0xff1a0140 dd 0xff290127 dd 0xff37010d dd 0xff4600f4 dd 0xff5400da dd 0xff6400c0 dd 0xff7300a7 dd 0xff81008e dd 0xff900074 dd 0xffa0005a dd 0xffaf0041 dd 0xffbd0027 dd 0xffcc000e dd 0xffdcfff5 dd 0xffeaffdb dd 0xfff9ffc2 dd 0x0007ffa8 dd 0x0015ff8e dd 0x0025ff75 dd 0x0034ff5b dd 0x0042ff42 dd 0x0051ff29 dd 0x0061ff0e dd 0x006ffef5 dd 0x007efedc dd 0x008dfec2 dd 0x009bfea8 dd 0x00abfe8f dd 0xff2f0164 dd 0xff3e014b dd 0xff4d0132 dd 0xff5c0118 dd 0xff6a00ff dd 0xff7900e5 dd 0xff8900cb dd 0xff9700b2 dd 0xffa60099 dd 0xffb5007e dd 0xffc50065 dd 0xffd3004c dd 0xffe20032 dd 0xfff00019 dd 0x00000000 dd 0x000effe6 dd 0x001dffcd dd 0x002bffb3 dd 0x003aff99 dd 0x004aff80 dd 0x0058ff66 dd 0x0067ff4d dd 0x0076ff34 dd 0x0085ff19 dd 0x0094ff00 dd 0x00a3fee7 dd 0x00b1fecd dd 0x00c0feb3 dd 0x00d0fe9a dd 0xff52016e dd 0xff620155 dd 0xff70013c dd 0xff7f0122 dd 0xff8e0108 dd 0xff9c00ef dd 0xffac00d5 dd 0xffbb00bc dd 0xffc900a3 dd 0xffd80088 dd 0xffe8006f dd 0xfff70056 dd 0x0004003c dd 0x00130022 dd 0x00230009 dd 0x0031fff0 dd 0x0040ffd7 dd 0x004fffbc dd 0x005dffa3 dd 0x006dff8a dd 0x007cff70 dd 0x008aff57 dd 0x0099ff3d dd 0x00a9ff23 dd 0x00b7ff0a dd 0x00c6fef1 dd 0x00d5fed6 dd 0x00e3febd dd 0x00f3fea4 dd 0xff770179 dd 0xff860160 dd 0xff950147 dd 0xffa4012d dd 0xffb20113 dd 0xffc100fa dd 0xffd100e0 dd 0xffdf00c7 dd 0xffee00ae dd 0xfffd0093 dd 0x000b007a dd 0x001a0061 dd 0x00290047 dd 0x0037002d dd 0x00470014 dd 0x0056fffb dd 0x0064ffe2 dd 0x0073ffc7 dd 0x0082ffae dd 0x0092ff95 dd 0x00a0ff7b dd 0x00afff62 dd 0x00bdff48 dd 0x00cdff2e dd 0x00dcff15 dd 0x00ebfefc dd 0x00f9fee1 dd 0x0108fec8 dd 0x0118feaf dd 0xff9a0183 dd 0xffaa016a dd 0xffb80151 dd 0xffc70136 dd 0xffd6011d dd 0xffe40104 dd 0xfff400ea dd 0x000200d1 dd 0x001000b7 dd 0x001f009d dd 0x002f0084 dd 0x003d006b dd 0x004c0050 dd 0x005b0037 dd 0x006b001e dd 0x00790004 dd 0x0088ffec dd 0x0096ffd1 dd 0x00a5ffb8 dd 0x00b5ff9f dd 0x00c4ff85 dd 0x00d2ff6b dd 0x00e1ff52 dd 0x00f1ff38 dd 0x00ffff1f dd 0x010eff06 dd 0x011dfeeb dd 0x012bfed2 dd 0x013bfeb9 dd 0xffbe018e dd 0xffce0175 dd 0xffdd015c dd 0xffec0141 dd 0xfffa0128 dd 0x0008010f dd 0x001800f5 dd 0x002600dc dd 0x003500c2 dd 0x004400a8 dd 0x0053008f dd 0x00620076 dd 0x0071005b dd 0x007f0042 dd 0x008f0029 dd 0x009e000f dd 0x00acfff7 dd 0x00bbffdc dd 0x00caffc3 dd 0x00d9ffaa dd 0x00e8ff90 dd 0x00f7ff76 dd 0x0105ff5d dd 0x0115ff43 dd 0x0124ff2a dd 0x0132ff11 dd 0x0141fef6 dd 0x0150fedd dd 0x0160fec4 dd 0xffe20199 dd 0xfff20180 dd 0x00000167 dd 0x000e014c dd 0x001d0133 dd 0x002b011a dd 0x003b0100 dd 0x004a00e7 dd 0x005800cd dd 0x006700b3 dd 0x0077009a dd 0x00850081 dd 0x00940066 dd 0x00a3004d dd 0x00b20034 dd 0x00c1001a dd 0x00d00001 dd 0x00deffe7 dd 0x00edffce dd 0x00fdffb5 dd 0x010bff9b dd 0x011aff81 dd 0x0129ff68 dd 0x0139ff4e dd 0x0147ff35 dd 0x0156ff1b dd 0x0164ff01 dd 0x0173fee8 dd 0x0183fecf dd 0x000501a3 dd 0x0015018a dd 0x00240171 dd 0x00320156 dd 0x0041013d dd 0x00500124 dd 0x0060010a dd 0x006e00f0 dd 0x007d00d7 dd 0x008b00bd dd 0x009b00a4 dd 0x00aa008b dd 0x00b90070 dd 0x00c70057 dd 0x00d7003e dd 0x00e60024 dd 0x00f4000a dd 0x0103fff1 dd 0x0112ffd8 dd 0x0121ffbf dd 0x0130ffa4 dd 0x013fff8b dd 0x014dff72 dd 0x015dff58 dd 0x016cff3f dd 0x017aff25 dd 0x0189ff0b dd 0x0198fef2 dd 0x01a8fed9 dd 0x002901ae dd 0x00390195 dd 0x0047017b dd 0x00560161 dd 0x00640148 dd 0x0073012f dd 0x00830115 dd 0x009200fb dd 0x00a000e2 dd 0x00af00c8 dd 0x00bf00af dd 0x00cd0095 dd 0x00dc007b dd 0x00eb0062 dd 0x00fa0049 dd 0x0109002f dd 0x01180015 dd 0x0126fffc dd 0x0135ffe3 dd 0x0145ffca dd 0x0153ffaf dd 0x0162ff96 dd 0x0171ff7d dd 0x0181ff63 dd 0x018fff49 dd 0x019eff30 dd 0x01acff16 dd 0x01bbfefd dd 0x01cbfee4 dd 0x004d01b9 dd 0x005d01a0 dd 0x006c0186 dd 0x007a016c dd 0x00890153 dd 0x0098013a dd 0x00a8011f dd 0x00b60106 dd 0x00c500ed dd 0x00d300d3 dd 0x00e300ba dd 0x00f200a0 dd 0x01010086 dd 0x010f006d dd 0x011f0054 dd 0x012e0039 dd 0x013c0020 dd 0x014b0006 dd 0x0159ffee dd 0x0169ffd5 dd 0x0178ffba dd 0x0187ffa1 dd 0x0195ff88 dd 0x01a5ff6e dd 0x01b4ff54 dd 0x01c2ff3b dd 0x01d1ff21 dd 0x01e0ff08 dd 0x01effeef dd 0x007201c3 dd 0x008201a9 dd 0x00900190 dd 0x009f0176 dd 0x00ae015d dd 0x00bc0144 dd 0x00cc0129 dd 0x00db0110 dd 0x00e900f7 dd 0x00f800dd dd 0x010800c3 dd 0x011600aa dd 0x01250090 dd 0x01340077 dd 0x0144005e dd 0x01520043 dd 0x0161002a dd 0x016f0010 dd 0x017efff8 dd 0x018effde dd 0x019dffc4 dd 0x01abffab dd 0x01baff92 dd 0x01caff77 dd 0x01d8ff5e dd 0x01e7ff45 dd 0x01f6ff2b dd 0x0204ff12 dd 0x0214fef8 dd 0x009501ce dd 0x00a501b4 dd 0x00b4019b dd 0x00c20181 dd 0x00d10168 dd 0x00e0014f dd 0x00ef0134 dd 0x00fe011b dd 0x010d0102 dd 0x011b00e8 dd 0x012b00ce dd 0x013a00b5 dd 0x0148009b dd 0x01570082 dd 0x01670069 dd 0x0176004e dd 0x01840035 dd 0x0193001b dd 0x01a10002 dd 0x01b1ffe9 dd 0x01c0ffcf dd 0x01cfffb6 dd 0x01ddff9d dd 0x01edff82 dd 0x01fcff69 dd 0x020aff50 dd 0x0219ff36 dd 0x0228ff1d dd 0x0237ff03 dd 0x00ba01d9 dd 0x00ca01bf dd 0x00d801a6 dd 0x00e7018c dd 0x00f60173 dd 0x0104015a dd 0x0114013f dd 0x01230126 dd 0x0131010d dd 0x014000f3 dd 0x015000d9 dd 0x015e00c0 dd 0x016d00a6 dd 0x017c008d dd 0x018b0074 dd 0x019a0059 dd 0x01a90040 dd 0x01b70026 dd 0x01c6000d dd 0x01d6fff4 dd 0x01e4ffda dd 0x01f3ffc1 dd 0x0202ffa8 dd 0x0212ff8d dd 0x0220ff74 dd 0x022fff5b dd 0x023dff41 dd 0x024cff28 dd 0x025cff0e dd 0x00dd01e2 dd 0x00ed01c9 dd 0x00fc01b0 dd 0x010a0196 dd 0x0119017d dd 0x01280163 dd 0x01370149 dd 0x01460130 dd 0x01550117 dd 0x016300fc dd 0x017300e3 dd 0x018200ca dd 0x019000b0 dd 0x019f0097 dd 0x01af007d dd 0x01bd0063 dd 0x01cc004a dd 0x01db0030 dd 0x01e90016 dd 0x01f9fffe dd 0x0208ffe4 dd 0x0216ffcb dd 0x0225ffb2 dd 0x0235ff97 dd 0x0244ff7e dd 0x0252ff65 dd 0x0261ff4b dd 0x026fff31 dd 0x027fff18 dd 0x010201ed dd 0x011201d4 dd 0x012001bb dd 0x012f01a1 dd 0x013d0188 dd 0x014c016e dd 0x015c0154 dd 0x016b013b dd 0x01790122 dd 0x01880107 dd 0x019800ee dd 0x01a600d5 dd 0x01b500bb dd 0x01c400a2 dd 0x01d30088 dd 0x01e2006e dd 0x01f10055 dd 0x01ff003b dd 0x020e0021 dd 0x021e0008 dd 0x022cffef dd 0x023bffd6 dd 0x024affbc dd 0x0259ffa2 dd 0x0268ff89 dd 0x0277ff70 dd 0x0285ff56 dd 0x0294ff3c dd 0x02a4ff23 dd 0x012501f8 dd 0x013501df dd 0x014401c6 dd 0x015201ac dd 0x01610192 dd 0x016f0179 dd 0x017f015f dd 0x018e0146 dd 0x019d012d dd 0x01ab0112 dd 0x01bb00f9 dd 0x01ca00e0 dd 0x01d800c6 dd 0x01e700ac dd 0x01f70093 dd 0x02050079 dd 0x02140060 dd 0x02230046 dd 0x0231002c dd 0x02410013 dd 0x0250fffa dd 0x025effe1 dd 0x026dffc7 dd 0x027dffad dd 0x028bff94 dd 0x029aff7b dd 0x02a9ff60 dd 0x02b7ff47 dd 0x02c7ff2e ref_00473610: db 0xf4 ref_00473611: db 0xfd db 0xf4 db 0xfe dd 0xfdf5fcf5 dd 0xfff5fef5 dd 0xfcf600f5 dd 0xfef6fdf6 dd 0x00f6fff6 dd 0x02f601f6 dd 0xfdf7fcf7 dd 0xfff7fef7 dd 0x01f700f7 dd 0x03f702f7 dd 0x05f704f7 dd 0xfcf8fbf8 dd 0xfef8fdf8 dd 0x00f8fff8 dd 0x02f801f8 dd 0x04f803f8 dd 0x06f805f8 dd 0xfbf907f8 dd 0xfdf9fcf9 dd 0xfff9fef9 dd 0x01f900f9 dd 0x03f902f9 dd 0x05f904f9 dd 0x07f906f9 dd 0x09f908f9 dd 0xfbfafafa dd 0xfdfafcfa dd 0xfffafefa dd 0x01fa00fa dd 0x03fa02fa dd 0x05fa04fa dd 0x07fa06fa dd 0x09fa08fa dd 0xfbfbfafb dd 0xfdfbfcfb dd 0xfffbfefb dd 0x01fb00fb dd 0x03fb02fb dd 0x05fb04fb dd 0x07fb06fb dd 0x09fb08fb dd 0xfbfcfafc dd 0xfdfcfcfc dd 0xfffcfefc dd 0x01fc00fc dd 0x03fc02fc dd 0x05fc04fc dd 0x07fc06fc dd 0xf9fd08fc dd 0xfbfdfafd dd 0xfdfdfcfd dd 0xfffdfefd dd 0x01fd00fd dd 0x03fd02fd dd 0x05fd04fd dd 0x07fd06fd dd 0xf9fe08fd dd 0xfbfefafe dd 0xfdfefcfe dd 0xfffefefe dd 0x01fe00fe dd 0x03fe02fe dd 0x05fe04fe dd 0x07fe06fe dd 0xf8ff08fe dd 0xfafff9ff dd 0xfcfffbff dd 0xfefffdff dd 0x00ffffff dd 0x02ff01ff dd 0x04ff03ff dd 0x06ff05ff dd 0xf80007ff dd 0xfa00f900 dd 0xfc00fb00 dd 0xfe00fd00 dd 0x0000ff00 dd 0x02000100 dd 0x04000300 dd 0x06000500 dd 0xf7010700 dd 0xf901f801 dd 0xfb01fa01 dd 0xfd01fc01 dd 0xff01fe01 dd 0x01010001 dd 0x03010201 dd 0x05010401 dd 0xf7020601 dd 0xf902f802 dd 0xfb02fa02 dd 0xfd02fc02 dd 0xff02fe02 dd 0x01020002 dd 0x03020202 dd 0x05020402 dd 0xf7030602 dd 0xf903f803 dd 0xfb03fa03 dd 0xfd03fc03 dd 0xff03fe03 dd 0x01030003 dd 0x03030203 dd 0x05030403 dd 0xf6040603 dd 0xf804f704 dd 0xfa04f904 dd 0xfc04fb04 dd 0xfe04fd04 dd 0x0004ff04 dd 0x02040104 dd 0x04040304 dd 0xf6050504 dd 0xf805f705 dd 0xfa05f905 dd 0xfc05fb05 dd 0xfe05fd05 dd 0x0005ff05 dd 0x02050105 dd 0x04050305 dd 0xf6060505 dd 0xf806f706 dd 0xfa06f906 dd 0xfc06fb06 dd 0xfe06fd06 dd 0x0006ff06 dd 0x02060106 dd 0x04060306 dd 0xf907f807 dd 0xfb07fa07 dd 0xfd07fc07 dd 0xff07fe07 dd 0x01070007 dd 0x03070207 dd 0xfa080407 dd 0xfc08fb08 dd 0xfe08fd08 dd 0x0008ff08 dd 0x02080108 dd 0xfc090308 dd 0xfe09fd09 dd 0x0009ff09 dd 0x02090109 dd 0xff0a0309 dd 0x010a000a dd 0x030a020a dd 0x020b010b dd 0x00800080 dd 0x00800080 dd 0x00800080 dd 0x00800080 dd 0x02f401f4 dd 0x00f5fff5 dd 0x02f501f5 dd 0xfdf603f5 dd 0xfff6fef6 dd 0x01f600f6 dd 0x03f602f6 dd 0xfbf7faf7 dd 0xfdf7fcf7 dd 0xfff7fef7 dd 0x01f700f7 dd 0x03f702f7 dd 0xf9f8f8f8 dd 0xfbf8faf8 dd 0xfdf8fcf8 dd 0xfff8fef8 dd 0x01f800f8 dd 0x03f802f8 dd 0xf6f904f8 dd 0xf8f9f7f9 dd 0xfaf9f9f9 dd 0xfcf9fbf9 dd 0xfef9fdf9 dd 0x00f9fff9 dd 0x02f901f9 dd 0x04f903f9 dd 0xf7faf6fa dd 0xf9faf8fa dd 0xfbfafafa dd 0xfdfafcfa dd 0xfffafefa dd 0x01fa00fa dd 0x03fa02fa dd 0x05fa04fa dd 0xf7fbf6fb dd 0xf9fbf8fb dd 0xfbfbfafb dd 0xfdfbfcfb dd 0xfffbfefb dd 0x01fb00fb dd 0x03fb02fb dd 0x05fb04fb dd 0xf8fcf7fc dd 0xfafcf9fc dd 0xfcfcfbfc dd 0xfefcfdfc dd 0x00fcfffc dd 0x02fc01fc dd 0x04fc03fc dd 0x06fc05fc dd 0xf8fdf7fd dd 0xfafdf9fd dd 0xfcfdfbfd dd 0xfefdfdfd dd 0x00fdfffd dd 0x02fd01fd dd 0x04fd03fd dd 0x06fd05fd dd 0xf8fef7fe dd 0xfafef9fe dd 0xfcfefbfe dd 0xfefefdfe dd 0x00fefffe dd 0x02fe01fe dd 0x04fe03fe dd 0x06fe05fe dd 0xf9fff8ff dd 0xfbfffaff dd 0xfdfffcff dd 0xfffffeff dd 0x01ff00ff dd 0x03ff02ff dd 0x05ff04ff dd 0x07ff06ff dd 0xf900f800 dd 0xfb00fa00 dd 0xfd00fc00 dd 0xff00fe00 dd 0x01000000 dd 0x03000200 dd 0x05000400 dd 0x07000600 dd 0xfa01f901 dd 0xfc01fb01 dd 0xfe01fd01 dd 0x0001ff01 dd 0x02010101 dd 0x04010301 dd 0x06010501 dd 0x08010701 dd 0xfa02f902 dd 0xfc02fb02 dd 0xfe02fd02 dd 0x0002ff02 dd 0x02020102 dd 0x04020302 dd 0x06020502 dd 0x08020702 dd 0xfb03fa03 dd 0xfd03fc03 dd 0xff03fe03 dd 0x01030003 dd 0x03030203 dd 0x05030403 dd 0x07030603 dd 0xfa040803 dd 0xfc04fb04 dd 0xfe04fd04 dd 0x0004ff04 dd 0x02040104 dd 0x04040304 dd 0x06040504 dd 0x08040704 dd 0xfa050904 dd 0xfc05fb05 dd 0xfe05fd05 dd 0x0005ff05 dd 0x02050105 dd 0x04050305 dd 0x06050505 dd 0x08050705 dd 0xfb060905 dd 0xfd06fc06 dd 0xff06fe06 dd 0x01060006 dd 0x03060206 dd 0x05060406 dd 0x07060606 dd 0x09060806 dd 0xfc07fb07 dd 0xfe07fd07 dd 0x0007ff07 dd 0x02070107 dd 0x04070307 dd 0x06070507 dd 0xfc080707 dd 0xfe08fd08 dd 0x0008ff08 dd 0x02080108 dd 0x04080308 dd 0xfc090508 dd 0xfe09fd09 dd 0x0009ff09 dd 0x02090109 dd 0xfc0a0309 dd 0xfe0afd0a dd 0x000aff0a dd 0xfe0bfd0b dd 0x00800080 dd 0x00800080 dd 0x00800080 dd 0x00800080 dd 0xfaf6f9f6 dd 0xf9f7fbf6 dd 0xfbf7faf7 dd 0xfdf7fcf7 dd 0xf8f8fef7 dd 0xfaf8f9f8 dd 0xfcf8fbf8 dd 0xfef8fdf8 dd 0x00f8fff8 dd 0xf9f9f8f9 dd 0xfbf9faf9 dd 0xfdf9fcf9 dd 0xfff9fef9 dd 0x01f900f9 dd 0x03f902f9 dd 0xf8faf7fa dd 0xfafaf9fa dd 0xfcfafbfa dd 0xfefafdfa dd 0x00fafffa dd 0x02fa01fa dd 0x04fa03fa dd 0xf7fb05fa dd 0xf9fbf8fb dd 0xfbfbfafb dd 0xfdfbfcfb dd 0xfffbfefb dd 0x01fb00fb dd 0x03fb02fb dd 0x05fb04fb dd 0x07fb06fb dd 0xf8fcf7fc dd 0xfafcf9fc dd 0xfcfcfbfc dd 0xfefcfdfc dd 0x00fcfffc dd 0x02fc01fc dd 0x04fc03fc dd 0x06fc05fc dd 0x08fc07fc dd 0x0afc09fc dd 0xf7fdf6fd dd 0xf9fdf8fd dd 0xfbfdfafd dd 0xfdfdfcfd dd 0xfffdfefd dd 0x01fd00fd dd 0x03fd02fd dd 0x05fd04fd dd 0x07fd06fd dd 0x09fd08fd dd 0x0bfd0afd dd 0xf7fef6fe dd 0xf9fef8fe dd 0xfbfefafe dd 0xfdfefcfe dd 0xfffefefe dd 0x01fe00fe dd 0x03fe02fe dd 0x05fe04fe dd 0x07fe06fe dd 0x09fe08fe dd 0x0bfe0afe dd 0xf6fff5ff dd 0xf8fff7ff dd 0xfafff9ff dd 0xfcfffbff dd 0xfefffdff dd 0x00ffffff dd 0x02ff01ff dd 0x04ff03ff dd 0x06ff05ff dd 0x08ff07ff dd 0x0aff09ff dd 0xf600f500 dd 0xf800f700 dd 0xfa00f900 dd 0xfc00fb00 dd 0xfe00fd00 dd 0x0000ff00 dd 0x02000100 dd 0x04000300 dd 0x06000500 dd 0x08000700 dd 0x0a000900 dd 0xf501f401 dd 0xf701f601 dd 0xf901f801 dd 0xfb01fa01 dd 0xfd01fc01 dd 0xff01fe01 dd 0x01010001 dd 0x03010201 dd 0x05010401 dd 0x07010601 dd 0x09010801 dd 0xf502f402 dd 0xf702f602 dd 0xf902f802 dd 0xfb02fa02 dd 0xfd02fc02 dd 0xff02fe02 dd 0x01020002 dd 0x03020202 dd 0x05020402 dd 0x07020602 dd 0x09020802 dd 0xf603f503 dd 0xf803f703 dd 0xfa03f903 dd 0xfc03fb03 dd 0xfe03fd03 dd 0x0003ff03 dd 0x02030103 dd 0x04030303 dd 0x06030503 dd 0x08030703 dd 0xf8040903 dd 0xfa04f904 dd 0xfc04fb04 dd 0xfe04fd04 dd 0x0004ff04 dd 0x02040104 dd 0x04040304 dd 0x06040504 dd 0x08040704 dd 0xfb05fa05 dd 0xfd05fc05 dd 0xff05fe05 dd 0x01050005 dd 0x03050205 dd 0x05050405 dd 0x07050605 dd 0xfd060805 dd 0xff06fe06 dd 0x01060006 dd 0x03060206 dd 0x05060406 dd 0x07060606 dd 0x0007ff07 dd 0x02070107 dd 0x04070307 dd 0x06070507 dd 0x01080707 dd 0x03080208 dd 0x05080408 dd 0x04090608 dd 0x06090509 dd 0x00800080 dd 0x00800080 dd 0x00800080 dd 0x00800080 dd 0x05f604f6 dd 0x01f706f6 dd 0x03f702f7 dd 0x05f704f7 dd 0xfff806f7 dd 0x01f800f8 dd 0x03f802f8 dd 0x05f804f8 dd 0x07f806f8 dd 0xfdf9fcf9 dd 0xfff9fef9 dd 0x01f900f9 dd 0x03f902f9 dd 0x05f904f9 dd 0x07f906f9 dd 0xfbfafafa dd 0xfdfafcfa dd 0xfffafefa dd 0x01fa00fa dd 0x03fa02fa dd 0x05fa04fa dd 0x07fa06fa dd 0xf8fb08fa dd 0xfafbf9fb dd 0xfcfbfbfb dd 0xfefbfdfb dd 0x00fbfffb dd 0x02fb01fb dd 0x04fb03fb dd 0x06fb05fb dd 0x08fb07fb dd 0xf6fcf5fc dd 0xf8fcf7fc dd 0xfafcf9fc dd 0xfcfcfbfc dd 0xfefcfdfc dd 0x00fcfffc dd 0x02fc01fc dd 0x04fc03fc dd 0x06fc05fc dd 0x08fc07fc dd 0xf4fd09fc dd 0xf6fdf5fd dd 0xf8fdf7fd dd 0xfafdf9fd dd 0xfcfdfbfd dd 0xfefdfdfd dd 0x00fdfffd dd 0x02fd01fd dd 0x04fd03fd dd 0x06fd05fd dd 0x08fd07fd dd 0xf4fe09fd dd 0xf6fef5fe dd 0xf8fef7fe dd 0xfafef9fe dd 0xfcfefbfe dd 0xfefefdfe dd 0x00fefffe dd 0x02fe01fe dd 0x04fe03fe dd 0x06fe05fe dd 0x08fe07fe dd 0xf5ff09fe dd 0xf7fff6ff dd 0xf9fff8ff dd 0xfbfffaff dd 0xfdfffcff dd 0xfffffeff dd 0x01ff00ff dd 0x03ff02ff dd 0x05ff04ff dd 0x07ff06ff dd 0x09ff08ff dd 0xf5000aff dd 0xf700f600 dd 0xf900f800 dd 0xfb00fa00 dd 0xfd00fc00 dd 0xff00fe00 dd 0x01000000 dd 0x03000200 dd 0x05000400 dd 0x07000600 dd 0x09000800 dd 0xf6010a00 dd 0xf801f701 dd 0xfa01f901 dd 0xfc01fb01 dd 0xfe01fd01 dd 0x0001ff01 dd 0x02010101 dd 0x04010301 dd 0x06010501 dd 0x08010701 dd 0x0a010901 dd 0xf6020b01 dd 0xf802f702 dd 0xfa02f902 dd 0xfc02fb02 dd 0xfe02fd02 dd 0x0002ff02 dd 0x02020102 dd 0x04020302 dd 0x06020502 dd 0x08020702 dd 0x0a020902 dd 0xf7030b02 dd 0xf903f803 dd 0xfb03fa03 dd 0xfd03fc03 dd 0xff03fe03 dd 0x01030003 dd 0x03030203 dd 0x05030403 dd 0x07030603 dd 0x09030803 dd 0xf7040a03 dd 0xf904f804 dd 0xfb04fa04 dd 0xfd04fc04 dd 0xff04fe04 dd 0x01040004 dd 0x03040204 dd 0x05040404 dd 0x07040604 dd 0xf805f705 dd 0xfa05f905 dd 0xfc05fb05 dd 0xfe05fd05 dd 0x0005ff05 dd 0x02050105 dd 0x04050305 dd 0xf8060505 dd 0xfa06f906 dd 0xfc06fb06 dd 0xfe06fd06 dd 0x0006ff06 dd 0x02060106 dd 0xf907f807 dd 0xfb07fa07 dd 0xfd07fc07 dd 0xff07fe07 dd 0xf9080007 dd 0xfb08fa08 dd 0xfd08fc08 dd 0xf909fe08 dd 0xfb09fa09 dd 0x00800080 dd 0x00800080 dd 0x00800080 dd 0x00800080 dd 0xfef4fdf4 dd 0xfdf5fcf5 dd 0xfff5fef5 dd 0xfcf600f5 dd 0xfef6fdf6 dd 0x00f6fff6 dd 0x02f601f6 dd 0xfcf703f6 dd 0xfef7fdf7 dd 0x00f7fff7 dd 0x02f701f7 dd 0x04f703f7 dd 0xfbf805f7 dd 0xfdf8fcf8 dd 0xfff8fef8 dd 0x01f800f8 dd 0x03f802f8 dd 0x05f804f8 dd 0x07f806f8 dd 0xfcf9fbf9 dd 0xfef9fdf9 dd 0x00f9fff9 dd 0x02f901f9 dd 0x04f903f9 dd 0x06f905f9 dd 0x08f907f9 dd 0xfafa09f9 dd 0xfcfafbfa dd 0xfefafdfa dd 0x00fafffa dd 0x02fa01fa dd 0x04fa03fa dd 0x06fa05fa dd 0x08fa07fa dd 0xfafb09fa dd 0xfcfbfbfb dd 0xfefbfdfb dd 0x00fbfffb dd 0x02fb01fb dd 0x04fb03fb dd 0x06fb05fb dd 0x08fb07fb dd 0xf9fc09fb dd 0xfbfcfafc dd 0xfdfcfcfc dd 0xfffcfefc dd 0x01fc00fc dd 0x03fc02fc dd 0x05fc04fc dd 0x07fc06fc dd 0xf9fd08fc dd 0xfbfdfafd dd 0xfdfdfcfd dd 0xfffdfefd dd 0x01fd00fd dd 0x03fd02fd dd 0x05fd04fd dd 0x07fd06fd dd 0xf9fe08fd dd 0xfbfefafe dd 0xfdfefcfe dd 0xfffefefe dd 0x01fe00fe dd 0x03fe02fe dd 0x05fe04fe dd 0x07fe06fe dd 0xf8ff08fe dd 0xfafff9ff dd 0xfcfffbff dd 0xfefffdff dd 0x00ffffff dd 0x02ff01ff dd 0x04ff03ff dd 0x06ff05ff dd 0xf80007ff dd 0xfa00f900 dd 0xfc00fb00 dd 0xfe00fd00 dd 0x0000ff00 dd 0x02000100 dd 0x04000300 dd 0x06000500 dd 0xf7010700 dd 0xf901f801 dd 0xfb01fa01 dd 0xfd01fc01 dd 0xff01fe01 dd 0x01010001 dd 0x03010201 dd 0x05010401 dd 0xf7020601 dd 0xf902f802 dd 0xfb02fa02 dd 0xfd02fc02 dd 0xff02fe02 dd 0x01020002 dd 0x03020202 dd 0x05020402 dd 0xf7030602 dd 0xf903f803 dd 0xfb03fa03 dd 0xfd03fc03 dd 0xff03fe03 dd 0x01030003 dd 0x03030203 dd 0x05030403 dd 0xf704f604 dd 0xf904f804 dd 0xfb04fa04 dd 0xfd04fc04 dd 0xff04fe04 dd 0x01040004 dd 0x03040204 dd 0x05040404 dd 0xf705f605 dd 0xf905f805 dd 0xfb05fa05 dd 0xfd05fc05 dd 0xff05fe05 dd 0x01050005 dd 0x03050205 dd 0x05050405 dd 0xf706f606 dd 0xf906f806 dd 0xfb06fa06 dd 0xfd06fc06 dd 0xff06fe06 dd 0x01060006 dd 0x03060206 dd 0xf8070406 dd 0xfa07f907 dd 0xfc07fb07 dd 0xfe07fd07 dd 0x0007ff07 dd 0x02070107 dd 0x04070307 dd 0xfb08fa08 dd 0xfd08fc08 dd 0xff08fe08 dd 0x01080008 dd 0x03080208 dd 0xfe09fd09 dd 0x0009ff09 dd 0x02090109 dd 0xff0a0309 dd 0x010a000a dd 0x030a020a dd 0x020b010b dd 0x00800080 dd 0x00800080 dd 0x00800080 dd 0x00800080 dd 0x02f401f4 dd 0x00f5fff5 dd 0x02f501f5 dd 0xfcf603f5 dd 0xfef6fdf6 dd 0x00f6fff6 dd 0x02f601f6 dd 0xfaf703f6 dd 0xfcf7fbf7 dd 0xfef7fdf7 dd 0x00f7fff7 dd 0x02f701f7 dd 0xf8f803f7 dd 0xfaf8f9f8 dd 0xfcf8fbf8 dd 0xfef8fdf8 dd 0x00f8fff8 dd 0x02f801f8 dd 0x04f803f8 dd 0xf7f9f6f9 dd 0xf9f9f8f9 dd 0xfbf9faf9 dd 0xfdf9fcf9 dd 0xfff9fef9 dd 0x01f900f9 dd 0x03f902f9 dd 0xf6fa04f9 dd 0xf8faf7fa dd 0xfafaf9fa dd 0xfcfafbfa dd 0xfefafdfa dd 0x00fafffa dd 0x02fa01fa dd 0x04fa03fa dd 0xf6fb05fa dd 0xf8fbf7fb dd 0xfafbf9fb dd 0xfcfbfbfb dd 0xfefbfdfb dd 0x00fbfffb dd 0x02fb01fb dd 0x04fb03fb dd 0xf7fc05fb dd 0xf9fcf8fc dd 0xfbfcfafc dd 0xfdfcfcfc dd 0xfffcfefc dd 0x01fc00fc dd 0x03fc02fc dd 0x05fc04fc dd 0xf8fdf7fd dd 0xfafdf9fd dd 0xfcfdfbfd dd 0xfefdfdfd dd 0x00fdfffd dd 0x02fd01fd dd 0x04fd03fd dd 0x06fd05fd dd 0xf8fef7fe dd 0xfafef9fe dd 0xfcfefbfe dd 0xfefefdfe dd 0x00fefffe dd 0x02fe01fe dd 0x04fe03fe dd 0x06fe05fe dd 0xf9fff8ff dd 0xfbfffaff dd 0xfdfffcff dd 0xfffffeff dd 0x01ff00ff dd 0x03ff02ff dd 0x05ff04ff dd 0x07ff06ff dd 0xf900f800 dd 0xfb00fa00 dd 0xfd00fc00 dd 0xff00fe00 dd 0x01000000 dd 0x03000200 dd 0x05000400 dd 0x07000600 dd 0xfa01f901 dd 0xfc01fb01 dd 0xfe01fd01 dd 0x0001ff01 dd 0x02010101 dd 0x04010301 dd 0x06010501 dd 0x08010701 dd 0xfa02f902 dd 0xfc02fb02 dd 0xfe02fd02 dd 0x0002ff02 dd 0x02020102 dd 0x04020302 dd 0x06020502 dd 0x08020702 dd 0xfa03f903 dd 0xfc03fb03 dd 0xfe03fd03 dd 0x0003ff03 dd 0x02030103 dd 0x04030303 dd 0x06030503 dd 0x08030703 dd 0xfb04fa04 dd 0xfd04fc04 dd 0xff04fe04 dd 0x01040004 dd 0x03040204 dd 0x05040404 dd 0x07040604 dd 0x09040804 dd 0xfb05fa05 dd 0xfd05fc05 dd 0xff05fe05 dd 0x01050005 dd 0x03050205 dd 0x05050405 dd 0x07050605 dd 0x09050805 dd 0xfc06fb06 dd 0xfe06fd06 dd 0x0006ff06 dd 0x02060106 dd 0x04060306 dd 0x06060506 dd 0x08060706 dd 0xfb070906 dd 0xfd07fc07 dd 0xff07fe07 dd 0x01070007 dd 0x03070207 dd 0x05070407 dd 0x07070607 dd 0xfd08fc08 dd 0xff08fe08 dd 0x01080008 dd 0x03080208 dd 0x05080408 dd 0xfd09fc09 dd 0xff09fe09 dd 0x01090009 dd 0xfc0a0209 dd 0xfe0afd0a dd 0x000aff0a dd 0xfe0bfd0b dd 0x00800080 dd 0x00800080 dd 0x00800080 dd 0x00800080 dd 0xfaf6f9f6 dd 0xf9f7fbf6 dd 0xfbf7faf7 dd 0xfdf7fcf7 dd 0xf8f8fef7 dd 0xfaf8f9f8 dd 0xfcf8fbf8 dd 0xfef8fdf8 dd 0x00f8fff8 dd 0xf9f9f8f9 dd 0xfbf9faf9 dd 0xfdf9fcf9 dd 0xfff9fef9 dd 0x01f900f9 dd 0xf7fa02f9 dd 0xf9faf8fa dd 0xfbfafafa dd 0xfdfafcfa dd 0xfffafefa dd 0x01fa00fa dd 0x03fa02fa dd 0x05fa04fa dd 0xf8fbf7fb dd 0xfafbf9fb dd 0xfcfbfbfb dd 0xfefbfdfb dd 0x00fbfffb dd 0x02fb01fb dd 0x04fb03fb dd 0x06fb05fb dd 0xf6fc07fb dd 0xf8fcf7fc dd 0xfafcf9fc dd 0xfcfcfbfc dd 0xfefcfdfc dd 0x00fcfffc dd 0x02fc01fc dd 0x04fc03fc dd 0x06fc05fc dd 0x08fc07fc dd 0x0afc09fc dd 0xf7fdf6fd dd 0xf9fdf8fd dd 0xfbfdfafd dd 0xfdfdfcfd dd 0xfffdfefd dd 0x01fd00fd dd 0x03fd02fd dd 0x05fd04fd dd 0x07fd06fd dd 0x09fd08fd dd 0x0bfd0afd dd 0xf7fef6fe dd 0xf9fef8fe dd 0xfbfefafe dd 0xfdfefcfe dd 0xfffefefe dd 0x01fe00fe dd 0x03fe02fe dd 0x05fe04fe dd 0x07fe06fe dd 0x09fe08fe dd 0x0bfe0afe dd 0xf6fff5ff dd 0xf8fff7ff dd 0xfafff9ff dd 0xfcfffbff dd 0xfefffdff dd 0x00ffffff dd 0x02ff01ff dd 0x04ff03ff dd 0x06ff05ff dd 0x08ff07ff dd 0x0aff09ff dd 0xf600f500 dd 0xf800f700 dd 0xfa00f900 dd 0xfc00fb00 dd 0xfe00fd00 dd 0x0000ff00 dd 0x02000100 dd 0x04000300 dd 0x06000500 dd 0x08000700 dd 0x0a000900 dd 0xf501f401 dd 0xf701f601 dd 0xf901f801 dd 0xfb01fa01 dd 0xfd01fc01 dd 0xff01fe01 dd 0x01010001 dd 0x03010201 dd 0x05010401 dd 0x07010601 dd 0x09010801 dd 0xf502f402 dd 0xf702f602 dd 0xf902f802 dd 0xfb02fa02 dd 0xfd02fc02 dd 0xff02fe02 dd 0x01020002 dd 0x03020202 dd 0x05020402 dd 0x07020602 dd 0x09020802 dd 0xf603f503 dd 0xf803f703 dd 0xfa03f903 dd 0xfc03fb03 dd 0xfe03fd03 dd 0x0003ff03 dd 0x02030103 dd 0x04030303 dd 0x06030503 dd 0x08030703 dd 0xf904f804 dd 0xfb04fa04 dd 0xfd04fc04 dd 0xff04fe04 dd 0x01040004 dd 0x03040204 dd 0x05040404 dd 0x07040604 dd 0xfa050804 dd 0xfc05fb05 dd 0xfe05fd05 dd 0x0005ff05 dd 0x02050105 dd 0x04050305 dd 0x06050505 dd 0x08050705 dd 0xfd06fc06 dd 0xff06fe06 dd 0x01060006 dd 0x03060206 dd 0x05060406 dd 0x07060606 dd 0x0007ff07 dd 0x02070107 dd 0x04070307 dd 0x06070507 dd 0x01080707 dd 0x03080208 dd 0x05080408 dd 0x04090608 dd 0x06090509 dd 0x00800080 dd 0x00800080 dd 0x00800080 dd 0x00800080 dd 0x05f604f6 dd 0x01f706f6 dd 0x03f702f7 dd 0x05f704f7 dd 0xfff806f7 dd 0x01f800f8 dd 0x03f802f8 dd 0x05f804f8 dd 0x07f806f8 dd 0xfef9fdf9 dd 0x00f9fff9 dd 0x02f901f9 dd 0x04f903f9 dd 0x06f905f9 dd 0xfafa07f9 dd 0xfcfafbfa dd 0xfefafdfa dd 0x00fafffa dd 0x02fa01fa dd 0x04fa03fa dd 0x06fa05fa dd 0x08fa07fa dd 0xf9fbf8fb dd 0xfbfbfafb dd 0xfdfbfcfb dd 0xfffbfefb dd 0x01fb00fb dd 0x03fb02fb dd 0x05fb04fb dd 0x07fb06fb dd 0xf5fc08fb dd 0xf7fcf6fc dd 0xf9fcf8fc dd 0xfbfcfafc dd 0xfdfcfcfc dd 0xfffcfefc dd 0x01fc00fc dd 0x03fc02fc dd 0x05fc04fc dd 0x07fc06fc dd 0xf4fd08fc dd 0xf6fdf5fd dd 0xf8fdf7fd dd 0xfafdf9fd dd 0xfcfdfbfd dd 0xfefdfdfd dd 0x00fdfffd dd 0x02fd01fd dd 0x04fd03fd dd 0x06fd05fd dd 0x08fd07fd dd 0xf4fe09fd dd 0xf6fef5fe dd 0xf8fef7fe dd 0xfafef9fe dd 0xfcfefbfe dd 0xfefefdfe dd 0x00fefffe dd 0x02fe01fe dd 0x04fe03fe dd 0x06fe05fe dd 0x08fe07fe dd 0xf5ff09fe dd 0xf7fff6ff dd 0xf9fff8ff dd 0xfbfffaff dd 0xfdfffcff dd 0xfffffeff dd 0x01ff00ff dd 0x03ff02ff dd 0x05ff04ff dd 0x07ff06ff dd 0x09ff08ff dd 0xf5000aff dd 0xf700f600 dd 0xf900f800 dd 0xfb00fa00 dd 0xfd00fc00 dd 0xff00fe00 dd 0x01000000 dd 0x03000200 dd 0x05000400 dd 0x07000600 dd 0x09000800 dd 0xf6010a00 dd 0xf801f701 dd 0xfa01f901 dd 0xfc01fb01 dd 0xfe01fd01 dd 0x0001ff01 dd 0x02010101 dd 0x04010301 dd 0x06010501 dd 0x08010701 dd 0x0a010901 dd 0xf6020b01 dd 0xf802f702 dd 0xfa02f902 dd 0xfc02fb02 dd 0xfe02fd02 dd 0x0002ff02 dd 0x02020102 dd 0x04020302 dd 0x06020502 dd 0x08020702 dd 0x0a020902 dd 0xf6030b02 dd 0xf803f703 dd 0xfa03f903 dd 0xfc03fb03 dd 0xfe03fd03 dd 0x0003ff03 dd 0x02030103 dd 0x04030303 dd 0x06030503 dd 0x08030703 dd 0x0a030903 dd 0xf804f704 dd 0xfa04f904 dd 0xfc04fb04 dd 0xfe04fd04 dd 0x0004ff04 dd 0x02040104 dd 0x04040304 dd 0x06040504 dd 0xf7050704 dd 0xf905f805 dd 0xfb05fa05 dd 0xfd05fc05 dd 0xff05fe05 dd 0x01050005 dd 0x03050205 dd 0x05050405 dd 0xf906f806 dd 0xfb06fa06 dd 0xfd06fc06 dd 0xff06fe06 dd 0x01060006 dd 0x03060206 dd 0xf907f807 dd 0xfb07fa07 dd 0xfd07fc07 dd 0xff07fe07 dd 0xf9080007 dd 0xfb08fa08 dd 0xfd08fc08 dd 0xf909fe08 dd 0xfb09fa09 dd 0x00800080 dd 0x00800080 dd 0x00800080 dd 0x00800080 ref_00474910: db 0xde ref_00474911: db 0x0b ref_00474912: db 0xf2 ref_00474913: db 0xe7 dd 0xe710f7de dd 0xf725e7f3 dd 0x0b24e710 dd 0x1a10f725 dd 0x1af20b24 dd 0x0bdd1a10 dd 0xf7dd1af2 ref_00474930: dd 0x00000000 ref_00474934: dd 0x00000000 ref_00474938: dd 0x00000000 ref_0047493c: dd 0x00000000 ref_00474940: dd 0x01050501 db 0x05 ref_00474945: db 0x00 db 0x00 db 0x00 db 0x00 ref_00474949: db 0x00 db 0x00 db 0x00 db 0x00 ref_0047494d: db 0x00 db 0x00 db 0x00 db 0x00 ref_00474951: db 0xf6 db 0xff db 0xff db 0xff ref_00474955: db 0xea db 0xff db 0xff dd 0xffffeaff dd 0xfffff6ff dd 0xffffeaff dd 0x00000aff dd 0xfffff600 dd 0x000016ff dd 0x00000a00 dd 0x00001600 dd 0x00001600 dd 0x00000a00 dd 0x00001600 dd 0xfffff600 dd 0x00000aff dd 0xffffea00 db 0xff ref_00474991: db 0xee db 0xff db 0xff db 0xff ref_00474995: db 0xd4 db 0xff db 0xff dd 0xffffd4ff dd 0xffffeeff dd 0xffffd4ff dd 0x000012ff dd 0xffffee00 dd 0x00002cff dd 0x00001200 dd 0x00002c00 dd 0x00002c00 dd 0x00001200 dd 0x00002c00 dd 0xffffee00 dd 0x000012ff dd 0xffffd400 dd 0x000000ff ref_004749d4: dd 0x00000000 ref_004749d8: dd 0x08100c08 ref_004749dc: dd 0x00000000 ref_004749e0: db 0x00 db 0x00 ref_004749e2: db 0x00 db 0x00 dd 0xff38ff9c dd 0xff38ff9c dd 0x00c80064 dd 0x00c80064 dd 0x0064ff9c dd 0xfe0c0000 dd 0x00000000 dd 0x000003e8 db 0x00 db 0x00 ref_00474a06: db 0x00 db 0x00 dd 0x00960064 dd 0x00000000 dd 0xff9cffc4 dd 0x00000000 dd 0xffc4003c dd 0x00000000 dd 0x00000000 dd 0x0000ff38 db 0x00 db 0x00 ref_00474a2a: db 0x00 db 0x00 dd 0x00000000 dd 0x00960064 dd 0x00000000 dd 0xff9cffc4 dd 0xffc4003c dd 0x00000000 dd 0x00000000 dd 0x0000ff38 dd 0x00000000 dd 0x00000000 ref_00474a54: dd ref_00463534 dd ref_0046353d dd ref_00463546 dd ref_0046354c dd ref_00463552 dd ref_0046355b dd ref_00463562 dd ref_00463569 dd ref_00463572 dd ref_0046357b ref_00474a7c: dd ref_00463584 ref_00474a80: dd ref_0046358a dd ref_00463590 dd ref_00463599 dd ref_004635a2 dd ref_004635ab dd ref_004635b4 dd ref_004635bd ref_00474a9c: dd ref_004635c6 dd ref_004635d3 dd ref_004635e0 dd ref_004635ed dd ref_004635fa dd ref_00463607 dd ref_00463614 dd ref_00463621 ref_00474abc: dd ref_0046362e dd ref_00463637 dd ref_00463640 dd ref_00463649 dd ref_00463652 dd ref_0046365b dd ref_00463664 dd ref_0046366d dd ref_00463678 dd ref_00463680 dd ref_00463687 dd ref_00463690 dd ref_0046369b dd ref_004636a0 dd ref_004636a5 dd ref_004636aa dd ref_004636af dd ref_004636b4 dd ref_004636b9 dd ref_004636c6 dd ref_004636d3 dd ref_004636d8 dd ref_004636dd dd ref_004636e7 dd ref_004636f1 dd ref_004636fa dd ref_00463703 dd ref_0046370c ref_00474b2c: dd ref_00463715 dd ref_00463584 dd ref_0046358a ref_00474b38: db 0x0e db 0x00 ref_00474b3a: db 0x19 db 0x00 ref_00474b3c: dd 0x000e0005 dd 0x0005003a dd 0x005a000e dd 0x000e0005 dd 0x0005007a dd 0x009b000e dd 0x00310005 dd 0x000200ca dd 0x00ca00d1 dd 0x011e0002 dd 0x000200e2 dd 0x0102011e dd 0x011e0002 dd 0x00020122 ref_00474b74: db 0xe0 db 0x00 ref_00474b76: db 0x48 db 0x01 ref_00474b78: db 0x02 db 0x00 ref_00474b7a: db 0x28 db 0x01 ref_00474b7c: db 0x48 db 0x01 ref_00474b7e: db 0x02 db 0x00 dd 0x001f006c dd 0x006c0002 dd 0x00020055 dd 0x0088006c db 0x02 db 0x00 ref_00474b92: db 0x51 db 0x00 db 0x00 db 0x00 ref_00474b96: db 0x11 db 0x00 db 0x00 db 0x00 ref_00474b9a: db 0x80 db 0x00 db 0x00 db 0x00 ref_00474b9e: db 0x21 db 0x00 db 0x00 db 0x00 ref_00474ba2: db 0x59 db 0x00 db 0x00 db 0x00 ref_00474ba6: db 0x51 db 0x00 dd 0x00980000 dd 0x00610000 db 0x00 db 0x00 ref_00474bb2: db 0x59 db 0x00 db 0x00 db 0x00 ref_00474bb6: db 0x71 db 0x00 dd 0x00980000 dd 0x00810000 dd 0x00e30000 dd 0x000e0000 dd 0x01470000 dd 0x00310000 dd 0x00e30000 dd 0x00440000 dd 0x01470000 dd 0x00670000 dd 0x00e30000 dd 0x00770000 dd 0x01470000 dd 0x009a0000 dd 0x00120000 dd 0x00e20000 dd 0x00b10000 dd 0x01590000 dd 0x00c20000 dd 0x013a0000 dd 0x01000000 dd 0x01580000 dd 0x010a0000 dd 0x013a0000 dd 0x01480000 dd 0x01580000 db 0x00 db 0x00 ref_00474c22: db 0x62 db 0x00 db 0x00 db 0x00 ref_00474c26: db 0x32 db 0x00 dd 0x00710000 dd 0x00410000 db 0x00 db 0x00 ref_00474c32: db 0x42 db 0x00 db 0x00 db 0x00 ref_00474c36: db 0x52 db 0x00 dd 0x00510000 dd 0x00610000 db 0x00 db 0x00 ref_00474c42: db 0x42 db 0x00 db 0x00 db 0x00 ref_00474c46: db 0x72 db 0x00 dd 0x00510000 dd 0x00810000 db 0x00 db 0x00 ref_00474c52: db 0x62 db 0x00 db 0x00 db 0x00 ref_00474c56: db 0x92 db 0x00 dd 0x00710000 dd 0x00a10000 dd 0x00d90000 dd 0x00d60000 dd 0x01440000 dd 0x00ec0000 dd 0x00d90000 dd 0x00f60000 dd 0x01440000 dd 0x010c0000 dd 0x00d90000 dd 0x01160000 dd 0x01440000 dd 0x012c0000 db 0x00 db 0x00 ref_00474c92: db 0xda db 0x00 ref_00474c94: dd 0x011900fa dd ref_0046371e dd ref_00463723 dd ref_00463728 dd ref_0046372d dd ref_00463732 dd ref_00463737 dd ref_0046373c dd ref_00463741 ref_00474cb8: dd ref_00463746 dd ref_0046374b dd ref_00463750 dd ref_00463757 ref_00474cc8: db '^7F',0x00 ref_00474ccc: dd ref_00463584 ref_00474cd0: dd ref_0046358a ref_00474cd4: db 0x30 db 0x00 ref_00474cd6: db 0x20 db 0x00 ref_00474cd8: db 0x85 db 0x00 ref_00474cda: db 0x1e db 0x00 ref_00474cdc: db 0x26 db 0x00 ref_00474cde: db 0xc4 db 0x00 dd 0x00c40065 dd 0x00c400a3 ref_00474ce8: dd 0x0000004a ref_00474cec: dd 0x00000015 ref_00474cf0: dd 0x0000005a ref_00474cf4: dd 0x0000001f dd 0x0000004a dd 0x0000001f dd 0x0000005a dd 0x00000029 dd 0x000000a0 dd 0x00000015 dd 0x000000b0 dd 0x0000001f dd 0x000000a0 dd 0x0000001f dd 0x000000b0 dd 0x00000029 dd 0x00000009 dd 0x000000b4 dd 0x00000040 dd 0x000000d2 dd 0x00000048 dd 0x000000b4 dd 0x0000007f dd 0x000000d2 dd 0x00000086 dd 0x000000b4 dd 0x000000bd dd 0x000000d2 dd 0x0000000f ref_00474d5c: ; may contain a jump table dd 0x00000046 dd 0x000000b5 dd 0x000000b1 dd fcn_004119e3 dd fcn_00411a86 dd fcn_00411a96 ref_00474d74: dd 0xffffffff ref_00474d78: dd 0xffffffff ref_00474d7c: db 0x00 db 0x00 ref_00474d7e: db 0x00 db 0x00 ref_00474d80: dd 0x00000000 dd 0x00000000 dd 0x00000000 dd 0x00000000 dd 0x00000000 dd 0x00990050 dd 0x00000000 dd 0x00810080 dd 0x00000000 dd 0x006900b0 dd 0x00000000 dd 0x005100e0 dd 0x00000000 dd 0x00000000 dd 0x00000000 dd 0x00000000 dd 0x00000000 dd 0x00000000 dd 0x00000000 dd 0x00e10020 dd 0x00000000 dd 0x00c90050 dd 0x00000000 dd 0x00b10080 dd 0x00000000 dd 0x009900b0 dd 0x00000000 dd 0x008100e0 dd 0x00000000 dd 0x00690110 dd 0x00000000 dd 0x00510140 dd 0x00000000 dd 0x00000000 dd 0x00000000 dd 0x00000000 dd 0x00000000 dd 0x00f90050 dd 0x00000000 dd 0x00e10080 dd 0x00000000 dd 0x00c900b0 dd 0x00000000 dd 0x00b100e0 dd 0x00000000 dd 0x00990110 dd 0x00000000 dd 0x00810140 dd 0x00000000 dd 0x00690170 dd 0x00000000 dd 0x005101a0 dd 0x00000000 dd 0x01290050 dd 0x00000000 dd 0x01110080 dd 0x00000000 dd 0x00f900b0 dd 0x00000000 dd 0x00e100e0 dd 0x00000010 dd 0x00c90110 dd 0x00000010 dd 0x00b10140 dd 0x00000010 dd 0x00990170 dd 0x00000000 dd 0x008101a0 dd 0x00000000 dd 0x006901d0 dd 0x00000000 dd 0x01410080 dd 0x00000000 dd 0x012900b0 dd 0x00000000 dd 0x011100e0 dd 0x00000000 dd 0x00f90110 dd 0x00000000 dd 0x00000000 dd 0x00000000 dd 0x00c90170 dd 0x00000010 dd 0x00b101a0 dd 0x00000000 dd 0x009901d0 dd 0x00000000 dd 0x00810200 dd 0x00000000 dd 0x015900b0 dd 0x00000000 dd 0x014100e0 dd 0x00000000 dd 0x01290110 dd 0x00000000 dd 0x01110140 dd 0x00000000 dd 0x00f90170 dd 0x00000000 dd 0x00e101a0 dd 0x00000010 dd 0x00c901d0 dd 0x00000000 dd 0x00b10200 dd 0x00000000 dd 0x00990230 dd 0x00000000 dd 0x017100e0 dd 0x00000000 dd 0x01590110 dd 0x00000000 dd 0x01410140 dd 0x00000000 dd 0x01290170 dd 0x00000000 dd 0x011101a0 dd 0x00000000 dd 0x00f901d0 dd 0x00000000 dd 0x00e10200 dd 0x00000000 dd 0x00c90230 dd 0x00000000 dd 0x00000000 dd 0x00000000 dd 0x00000000 dd 0x00000000 dd 0x01710140 dd 0x00000000 dd 0x01590170 dd 0x00000000 dd 0x014101a0 dd 0x00000000 dd 0x012901d0 dd 0x00000000 dd 0x01110200 dd 0x00000000 dd 0x00f90230 dd 0x00000000 dd 0x00e10260 dd 0x00000000 dd 0x00000000 dd 0x00000000 dd 0x00000000 dd 0x00000000 dd 0x00000000 dd 0x00000000 dd 0x017101a0 dd 0x00000000 dd 0x015901d0 dd 0x00000000 dd 0x01410200 dd 0x00000000 dd 0x01290230 dd 0x00000000 dd 0x00000000 dd 0x00000000 dd 0x00000000 dd 0x00000000 dd 0x00000000 dd 0x00000000 ref_00475004: dd 0x0f0f0f0f dd 0x18121212 dd 0x12181818 ref_00475010: dd 0x0c0f1218 db 0x0f ref_00475015: db 0x00 db 0x01 db 0x02 dd 0x00060503 dd 0x05040201 dd 0x09080706 dd 0x0b000b0a dd 0x0708090a dd 0x0e0d0c00 dd 0x0c12110f dd 0x11100e0d db 0x12 ref_00475039: db 0x09 db 0x09 db 0x0a dd 0x0a0a0a0a db 0x0b db 0x0b db 0x0b ref_00475043: db 0x80 dd 0x0001e002 db 0x00 db 0x00 db 0x00 ref_0047504b: db 0x00 db 0x00 db 0x00 db 0x00 ref_0047504f: db 0x00 db 0x00 ref_00475051: db 0x00 db 0x00 db 0x04 db 0x05 db 0x05 db 0x06 ref_00475057: db 0x0b dd 0x00000000 db 0x00 db 0x00 db 0x00 ref_0047505f: db 0x0c dd 0x00000000 db 0x00 db 0x00 db 0x00 ref_00475067: db 0x0d dd 0x00000000 db 0x00 db 0x00 db 0x00 ref_0047506f: db 0x0e dd 0x00000000 dd 0x10000000 dd 0x00000000 dd 0x11000000 dd 0x00000000 dd 0x12000000 dd 0x00000000 db 0x00 db 0x00 db 0x00 ref_0047508f: db 0x0f dd 0x00000000 dd 0xff000000 dd 0x00ffffff db 0x00 db 0x00 db 0x00 ref_0047509f: db 0x13 dd 0x00000000 db 0x00 db 0x00 db 0x00 ref_004750a7: db 0x14 dd 0x00000000 db 0x00 db 0x00 db 0x00 ref_004750af: db 0x15 dd 0x00000000 dd 0xff000000 dd 0x00ffffff db 0x00 db 0x00 db 0x00 ref_004750bf: db 0x16 dd 0x00000000 dd 0x17000000 dd 0x00000000 db 0x00 db 0x00 db 0x00 ref_004750cf: db 0x18 dd 0x00000000 db 0x00 db 0x00 db 0x00 ref_004750d7: db 0x0f dd 0x00000000 dd 0xff000000 dd 0x00ffffff dd 0x00000000 ref_004750e8: dd ref_004637a4 dd ref_004637ae dd ref_004637bb dd ref_004637c5 ref_004750f8: dd 0x00000019 dd 0x00000000 ref_00475100: dd 0x0000001a dd 0x00000000 dd 0xffffffff dd 0x00000000 ref_00475110: dd 0x00000000 ref_00475114: dd 0x00000000 ref_00475118: dd 0x00000000 ref_0047511c: dd ref_004637e8 dd ref_004637ef dd ref_004637f6 dd ref_004637fd dd ref_00463804 dd ref_0046380b dd ref_00463812 ref_00475138: dd ref_00463819 dd ref_00463820 dd ref_00463827 dd ref_0046382e dd ref_00463835 dd ref_0046383e ref_00475150: dd ref_00463847 dd ref_0046384e dd ref_00463855 dd ref_0046385e dd ref_00463865 ref_00475164: dd ref_0046386c dd ref_00463871 dd ref_00463876 dd ref_0046387b dd ref_00463880 dd ref_00463885 ref_0047517c: dd ref_0046388a dd ref_00463891 ref_00475184: dd ref_00463898 dd ref_0046389f dd ref_004638a6 dd ref_004638ad dd ref_004638b4 dd ref_004638bb dd ref_004638c2 dd ref_004638c9 dd ref_004638d0 dd ref_004638d5 dd ref_004638da ref_004751b0: dd 0x00000000 ref_004751b4: dd 0xffff0000 dd 0xffff4afb dd 0xffff4afb dd 0xffff0000 dd 0x00000000 dd 0xffff4afb dd 0x0000b505 dd 0x00000000 dd 0x00010000 dd 0x0000b505 dd 0x0000b505 dd 0x00010000 dd 0x00000000 dd 0x0000b505 dd 0xffff4afb ref_004751f0: dd 0x00000000 dd 0x00020000 dd 0x00010000 dd 0x00000600 dd 0x00000300 dd 0x00000100 ref_00475208: dd 0x001c0004 dd 0x0043002f dd 0x006c0057 dd 0x0076005f ref_00475218: dd 0x00000003 dd 0x02010101 dd 0x03030202 ref_00475224: dd 0x00000004 ref_00475228: dd 0x0000000c dd 0x0000000c dd 0x0000000c dd 0x00000008 dd 0x00000006 dd 0xfffffffc dd 0xfffffffa dd 0xfffffff4 dd 0xfffffff4 dd 0xffffffe8 dd 0xfffffff4 dd 0xffffffec dd 0xfffffffa dd 0xfffffff4 dd 0x00000006 ref_00475264: dd 0x00000005 dd 0x00000003 dd 0x00000002 ref_00475270: dd 0x00000000 ref_00475274: dd ref_004638e1 dd ref_004638e6 dd ref_004638eb dd ref_004638f0 ref_00475284: dd 0x000000b4 ref_00475288: db 0x78 db 0x00 db 0x00 ref_0047528b: db 0x00 db 0x05 db 0x0c ref_0047528e: db 0x02 db 0x06 dd 0x03070800 dd 0x00000002 db 0x00 ref_00475299: db 0x09 db 0x00 db 0x0a dd 0x0a0a0a0a dd 0x100a0a0a dd 0x0a101010 db 0x0a db 0x0a ref_004752aa: db 0x00 db 0x00 db 0x00 db 0x00 ref_004752ae: db 0x18 db 0x01 ref_004752b0: db 0x00 db 0x00 ref_004752b2: db 0x50 db 0x00 ref_004752b4: dd 0x00000000 ref_004752b8: dd 0x00e300c3 db 0x03 db 0x01 ref_004752be: db 0x1f db 0x01 ref_004752c0: db 0x6a db 0x00 ref_004752c2: db 0x7f db 0x01 ref_004752c4: dd 0x011f007c dd 0x017f0089 dd 0x011f009b dd 0x017f00c2 dd 0x011f00d4 dd 0x017f00e2 dd 0x011f00f4 dd 0x017f0103 dd 0x012a0115 dd 0x01350148 dd 0x0188015e dd 0x01930148 dd 0x012a015e dd 0x01350169 dd 0x0188017f dd 0x01930169 dd 0x01df017f dd 0x0207009f dd 0x01df00d7 dd 0x020700f7 dd 0x0136012f dd 0x01860147 dd 0x0136015f dd 0x01860168 ref_00475324: ; may contain a jump table dd 0x00000180 dd fcn_0041e6fe dd fcn_0041e779 dd fcn_0041e9e2 dd fcn_0041eae2 dd fcn_0041e6e3 dd fcn_0041e6e3 dd fcn_0041ed3e dd fcn_0041ef26 dd fcn_0041f037 dd fcn_0041f1b3 dd fcn_0041f400 dd fcn_0041f6a9 dd fcn_0041f901 dd fcn_0041facc dd fcn_0041fe4e dd fcn_0041fe6f dd fcn_0041fe6f dd fcn_0041e6e3 dd fcn_0041e6e3 dd fcn_0041e6e3 dd fcn_0041e6e3 dd fcn_0041ff77 dd fcn_0041fff8 dd fcn_00420055 dd fcn_004200ea dd fcn_004202d2 dd fcn_0042040e dd fcn_0042062b dd fcn_004207cc ref_0047539c: ; may contain a jump table dd fcn_00420970 dd fcn_00420efa dd fcn_0042107f dd fcn_004213c5 dd fcn_00421574 dd fcn_00421644 dd fcn_00421675 dd fcn_00421717 dd fcn_00421827 dd fcn_00421ba6 dd fcn_00420edf dd fcn_00421cb6 dd fcn_00421e20 dd fcn_00421e62 ref_004753d4: dd ref_00463d50 dd ref_00463d57 dd ref_00463d5e dd ref_00463d65 dd ref_00463d6c ref_004753e8: dd ref_00463d73 dd ref_00463d7a dd ref_00463d83 dd ref_00463d8a dd ref_00463d91 ref_004753fc: dd 0x00000000 ref_00475400: dd 0x00000000 ref_00475404: dd 0x00000000 ref_00475408: dd 0x00000000 ref_0047540c: dd ref_00463d98 dd ref_00463da1 dd ref_00463daa ref_00475418: dd ref_00463db3 dd ref_00463dba dd ref_00463dc1 dd ref_00463dc8 dd ref_00463dcf dd ref_00463dd6 dd ref_00463ddd dd ref_00463de4 dd ref_00463deb dd ref_00463d6c dd ref_00463d65 dd ref_00463df2 ref_00475448: dd ref_00463df9 dd ref_00463e02 dd ref_00463e0b ref_00475454: db 0xa8 db 0x00 ref_00475456: db 0x08 db 0x01 ref_00475458: db 0x64 db 0x01 ref_0047545a: db 0xc0 db 0x01 ref_0047545c: db 0x1c db 0x02 ref_0047545e: db 0xcc db 0x00 ref_00475460: db 0x4c db 0x01 ref_00475462: db 0xdc db 0x01 ref_00475464: dd 0x00000000 dd 0x0000000d dd 0x0000000e dd 0x0000000f dd 0x00000010 dd 0x00000011 dd 0x00000012 dd 0x00000013 dd 0x00000014 dd 0x00000015 dd 0x00000016 dd 0x00000000 dd 0x00000017 dd 0x00000000 dd 0x00000000 dd 0x00000018 dd 0x00000018 ref_004754a8: db 0xff db 0xff db 0xff ref_004754ab: db 0xff dd 0x06060807 ref_004754b0: db 0x93 db 0x00 ref_004754b2: db 0xe7 db 0x00 ref_004754b4: db 0x3f db 0x01 ref_004754b6: db 0x8b db 0x01 ref_004754b8: db 0xd7 db 0x01 ref_004754ba: db 0x00 db 0x00 db 0x00 db 0x00 ref_004754be: db 0x00 db 0x00 db 0x00 db 0x00 ref_004754c2: db 0xff db 0xff dd 0x0000ffff ref_004754c8: dd 0x00000010 ref_004754cc: dd 0x00000009 ref_004754d0: dd 0x0000007c ref_004754d4: dd 0x00000027 dd 0x00000080 dd 0x00000009 dd 0x000000c6 dd 0x00000027 dd 0x000000ca dd 0x00000009 dd 0x00000110 dd 0x00000027 dd 0x00000114 dd 0x00000009 dd 0x0000019a dd 0x00000027 dd 0x00000228 dd 0x00000008 dd 0x0000026f dd 0x00000028 ref_00475518: dd ref_00463f64 dd ref_00463f69 dd ref_00463f6e ref_00475524: dd ref_00463f73 dd ref_00463f79 dd ref_00463f7f ref_00475530: dd 0x0507000b dd 0x00030906 dd 0x000a0400 dd 0x0507000b dd 0x00030906 dd 0x000a0400 dd 0x0508000b dd 0x00030906 dd 0x000a0400 dd 0x0507000b dd 0x00030906 dd 0x000a0400 dd 0x0c07000b dd 0x00030906 dd 0x000a0400 dd 0x0e07170b dd 0x00030906 dd 0x0f0a0400 dd 0x0d07000b dd 0x00030906 dd 0x000a0400 dd 0x0507180b dd 0x00030906 dd 0x000a0400 ref_00475590: dd 0x00000028 dd 0x00000000 ref_00475598: dd 0x00000029 dd 0x00000000 dd 0xffffffff dd 0x00000000 ref_004755a8: dd 0x0000003d dd 0x00000000 dd 0xffffffff dd 0x00000000 ref_004755b8: dd 0x05070807 ref_004755bc: dd 0x17151615 ref_004755c0: db '