taskmgr.exe

include uni.inc .686p .mmx .model flat ; Format : Portable executable for AMD64 (PE) ; Imagebase : 100000000 ; Section 1. (virtual address 00001000) ; Virtual size : 0002A28A ( 172682.) ; Section size in file : 0002A400 ( 173056.) ; Offset to raw data for section: 00000400 ; Flags 60000020: Text Executable Readable ; Alignment : default ; ; Imports from ADVAPI32.dll ; ; Segment type: Externs ; _idata ; LONG __stdcall RegCreateKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD Reserved, LPWSTR lpClass, DWORD dwOptions, REGSAM samDesired, LPSECURITY_ATTRIBUTES lpSecurityAttributes, PHKEY phkResult, LPDWORD lpdwDisposition) extrn RegCreateKeyExW:qword ; LONG __stdcall RegSetValueExW(HKEY hKey, LPCWSTR lpValueName, DWORD Reserved, DWORD dwType, const BYTE *lpData, DWORD cbData) extrn RegSetValueExW:qword ; LONG __stdcall RegCloseKey(HKEY hKey) extrn RegCloseKey:qword ; LONG __stdcall RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult) extrn RegOpenKeyExW:qword ; LONG __stdcall RegQueryValueExW(HKEY hKey, LPCWSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData) extrn RegQueryValueExW:qword ; BOOL __stdcall IsValidSid(PSID pSid) extrn IsValidSid:qword ; BOOL __stdcall AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength) extrn AdjustTokenPrivileges:qword ; BOOL __stdcall OpenThreadToken(HANDLE ThreadHandle, DWORD DesiredAccess, BOOL OpenAsSelf, PHANDLE TokenHandle) extrn OpenThreadToken:qword ; BOOL __stdcall LookupPrivilegeValueW(LPCWSTR lpSystemName, LPCWSTR lpName, PLUID lpLuid) extrn LookupPrivilegeValueW:qword ; BOOL __stdcall OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle) extrn OpenProcessToken:qword ; LONG __stdcall RegOpenKeyExA(HKEY hKey, LPCSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult) extrn RegOpenKeyExA:qword ; LONG __stdcall RegQueryValueExA(HKEY hKey, LPCSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData) extrn RegQueryValueExA:qword ; ; Imports from COMCTL32.dll ; ; void __stdcall InitCommonControls() extrn InitCommonControls:qword ; BOOL __stdcall ImageList_Remove(HIMAGELIST himl, int i) extrn ImageList_Remove:qword ; BOOL __stdcall ImageList_SetIconSize(HIMAGELIST himl, int cx, int cy) extrn ImageList_SetIconSize:qword ; HIMAGELIST __stdcall ImageList_Create(int cx, int cy, UINT flags, int cInitial, int cGrow) extrn ImageList_Create:qword ; int __stdcall ImageList_ReplaceIcon(HIMAGELIST himl, int i, HICON hicon) extrn ImageList_ReplaceIcon:qword ; HWND __stdcall CreateStatusWindowW(LONG style, LPCWSTR lpszText, HWND hwndParent, UINT wID) extrn CreateStatusWindowW:qword ; ; Imports from GDI32.dll ; ; HFONT __stdcall CreateFontIndirectW(const LOGFONTW *) extrn CreateFontIndirectW:qword ; BOOL __stdcall GetCharWidth32W(HDC, UINT, UINT, LPINT) extrn GetCharWidth32W:qword ; HBITMAP __stdcall CreateCompatibleBitmap(HDC, int, int) extrn CreateCompatibleBitmap:qword ; BOOL __stdcall DeleteDC(HDC) extrn DeleteDC:qword ; HDC __stdcall CreateCompatibleDC(HDC) extrn CreateCompatibleDC:qword ; COLORREF __stdcall SetTextColor(HDC, COLORREF) extrn SetTextColor:qword ; int __stdcall SetBkMode(HDC, int) extrn SetBkMode:qword ; BOOL __stdcall Rectangle(HDC, int, int, int, int) extrn Rectangle:qword ; int __stdcall GetObjectW(HGDIOBJ, int, LPVOID) extrn GetObjectW:qword ; HGDIOBJ __stdcall GetCurrentObject(HDC, UINT) extrn GetCurrentObject:qword ; BOOL __stdcall BitBlt(HDC, int, int, int, int, HDC, int, int, DWORD) extrn BitBlt:qword ; BOOL __stdcall LineTo(HDC, int, int) extrn LineTo:qword ; BOOL __stdcall MoveToEx(HDC, int, int, LPPOINT) extrn MoveToEx:qword ; HGDIOBJ __stdcall SelectObject(HDC, HGDIOBJ) extrn SelectObject:qword ; BOOL __stdcall DeleteObject(HGDIOBJ) extrn DeleteObject:qword ; HGDIOBJ __stdcall GetStockObject(int) extrn GetStockObject:qword ; HPEN __stdcall CreatePen(int, int, COLORREF) extrn CreatePen:qword ; HBRUSH __stdcall CreateSolidBrush(COLORREF) extrn CreateSolidBrush:qword ; HRGN __stdcall CreateRectRgn(int, int, int, int) extrn CreateRectRgn:qword ; int __stdcall GetDeviceCaps(HDC, int) extrn GetDeviceCaps:qword ; BOOL __stdcall GetTextExtentPoint32W(HDC, LPCWSTR, int, LPSIZE) extrn GetTextExtentPoint32W:qword ; ; Imports from KERNEL32.dll ; ; HANDLE __stdcall OpenProcess(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId) extrn OpenProcess:qword ; BOOL __stdcall IsWow64Process(HANDLE hProcess, PBOOL Wow64Process) extrn IsWow64Process:qword ; DWORD __stdcall GetPriorityClass(HANDLE hProcess) extrn GetPriorityClass:qword ; BOOL __stdcall GetProcessAffinityMask(HANDLE hProcess, PDWORD_PTR lpProcessAffinityMask, PDWORD_PTR lpSystemAffinityMask) extrn GetProcessAffinityMask:qword ; BOOL __stdcall SetProcessAffinityMask(HANDLE hProcess, DWORD_PTR dwProcessAffinityMask) extrn SetProcessAffinityMask:qword ; int __stdcall lstrcmpW(LPCWSTR lpString1, LPCWSTR lpString2) extrn lstrcmpW:qword ; BOOL __stdcall SetEvent(HANDLE hEvent) extrn SetEvent:qword ; HANDLE __stdcall CreateEventW(LPSECURITY_ATTRIBUTES lpEventAttributes, BOOL bManualReset, BOOL bInitialState, LPCWSTR lpName) extrn CreateEventW:qword ; void __stdcall Sleep(DWORD dwMilliseconds) extrn Sleep:qword ; BOOL __stdcall GetComputerNameW(LPWSTR lpBuffer, LPDWORD nSize) extrn GetComputerNameW:qword ; BOOL __stdcall FreeLibrary(HMODULE hLibModule) extrn FreeLibrary:qword ; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName) extrn LoadLibraryA:qword ; BOOL __stdcall QueryPerformanceCounter(LARGE_INTEGER *lpPerformanceCount) extrn QueryPerformanceCounter:qword ; void __stdcall GetSystemTimeAsFileTime(LPFILETIME lpSystemTimeAsFileTime) extrn GetSystemTimeAsFileTime:qword ; LONG __stdcall UnhandledExceptionFilter(struct _EXCEPTION_POINTERS *ExceptionInfo) extrn UnhandledExceptionFilter:qword ; LPTOP_LEVEL_EXCEPTION_FILTER __stdcall SetUnhandledExceptionFilter(LPTOP_LEVEL_EXCEPTION_FILTER lpTopLevelExceptionFilter) extrn SetUnhandledExceptionFilter:qword extrn RtlVirtualUnwind:qword extrn RtlLookupFunctionEntry:qword ; void __stdcall RtlCaptureContext(PCONTEXT ContextRecord) extrn RtlCaptureContext:qword ; BOOL __stdcall GetVersionExA(LPOSVERSIONINFOA lpVersionInformation) extrn GetVersionExA:qword ; void __stdcall GetStartupInfoW(LPSTARTUPINFOW lpStartupInfo) extrn GetStartupInfoW:qword ; void __stdcall ExitProcess(UINT uExitCode) extrn ExitProcess:qword ; HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName) extrn GetModuleHandleA:qword ; BOOL __stdcall WriteFile(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped) extrn WriteFile:qword ; HANDLE __stdcall GetStdHandle(DWORD nStdHandle) extrn GetStdHandle:qword ; DWORD __stdcall GetModuleFileNameA(HMODULE hModule, LPSTR lpFilename, DWORD nSize) extrn GetModuleFileNameA:qword extrn __imp_RtlUnwindEx:qword ; DWORD __stdcall GetModuleFileNameW(HMODULE hModule, LPWSTR lpFilename, DWORD nSize) extrn GetModuleFileNameW:qword ; BOOL __stdcall FreeEnvironmentStringsA(LPSTR) extrn FreeEnvironmentStringsA:qword ; LPSTR __stdcall GetEnvironmentStrings() extrn GetEnvironmentStrings:qword ; BOOL __stdcall FreeEnvironmentStringsW(LPWSTR) extrn FreeEnvironmentStringsW:qword ; LPWSTR __stdcall GetEnvironmentStringsW() extrn GetEnvironmentStringsW:qword ; LPSTR __stdcall GetCommandLineA() extrn GetCommandLineA:qword ; LPWSTR __stdcall GetCommandLineW() extrn GetCommandLineW:qword ; UINT __stdcall SetHandleCount(UINT uNumber) extrn SetHandleCount:qword ; DWORD __stdcall GetFileType(HANDLE hFile) extrn GetFileType:qword ; void __stdcall GetStartupInfoA(LPSTARTUPINFOA lpStartupInfo) extrn GetStartupInfoA:qword ; BOOL __stdcall CloseHandle(HANDLE hObject) extrn CloseHandle:qword ; DWORD __stdcall TlsAlloc() extrn TlsAlloc:qword ; void __stdcall SetLastError(DWORD dwErrCode) extrn __imp_SetLastError:qword ; HANDLE __stdcall GetCurrentThread() extrn GetCurrentThread:qword ; BOOL __stdcall TlsFree(DWORD dwTlsIndex) extrn TlsFree:qword ; BOOL __stdcall TlsSetValue(DWORD dwTlsIndex, LPVOID lpTlsValue) extrn TlsSetValue:qword ; int __stdcall MultiByteToWideChar(UINT CodePage, DWORD dwFlags, LPCSTR lpMultiByteStr, int cbMultiByte, LPWSTR lpWideCharStr, int cchWideChar) extrn MultiByteToWideChar:qword ; BOOL __stdcall HeapSetInformation(HANDLE HeapHandle, HEAP_INFORMATION_CLASS HeapInformationClass, PVOID HeapInformation, SIZE_T HeapInformationLength) extrn HeapSetInformation:qword ; HANDLE __stdcall HeapCreate(DWORD flOptions, SIZE_T dwInitialSize, SIZE_T dwMaximumSize) extrn HeapCreate:qword ; void __stdcall LeaveCriticalSection(LPCRITICAL_SECTION lpCriticalSection) extrn LeaveCriticalSection:qword ; void __stdcall EnterCriticalSection(LPCRITICAL_SECTION lpCriticalSection) extrn EnterCriticalSection:qword ; void __stdcall InitializeCriticalSection(LPCRITICAL_SECTION lpCriticalSection) extrn InitializeCriticalSection:qword ; UINT __stdcall GetACP() extrn GetACP:qword ; UINT __stdcall GetOEMCP() extrn GetOEMCP:qword ; BOOL __stdcall GetCPInfo(UINT CodePage, LPCPINFO lpCPInfo) extrn GetCPInfo:qword ; DWORD __stdcall SetFilePointer(HANDLE hFile, LONG lDistanceToMove, PLONG lpDistanceToMoveHigh, DWORD dwMoveMethod) extrn SetFilePointer:qword ; BOOL __stdcall GetStringTypeA(LCID Locale, DWORD dwInfoType, LPCSTR lpSrcStr, int cchSrc, LPWORD lpCharType) extrn GetStringTypeA:qword ; int __stdcall WideCharToMultiByte(UINT CodePage, DWORD dwFlags, LPCWSTR lpWideCharStr, int cchWideChar, LPSTR lpMultiByteStr, int cbMultiByte, LPCSTR lpDefaultChar, LPBOOL lpUsedDefaultChar) extrn WideCharToMultiByte:qword ; BOOL __stdcall GetStringTypeW(DWORD dwInfoType, LPCWSTR lpSrcStr, int cchSrc, LPWORD lpCharType) extrn GetStringTypeW:qword ; int __stdcall GetLocaleInfoA(LCID Locale, LCTYPE LCType, LPSTR lpLCData, int cchData) extrn GetLocaleInfoA:qword ; int __stdcall LCMapStringA(LCID Locale, DWORD dwMapFlags, LPCSTR lpSrcStr, int cchSrc, LPSTR lpDestStr, int cchDest) extrn LCMapStringA:qword ; int __stdcall LCMapStringW(LCID Locale, DWORD dwMapFlags, LPCWSTR lpSrcStr, int cchSrc, LPWSTR lpDestStr, int cchDest) extrn LCMapStringW:qword ; BOOL __stdcall SetStdHandle(DWORD nStdHandle, HANDLE hHandle) extrn SetStdHandle:qword ; BOOL __stdcall VirtualProtect(LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect) extrn VirtualProtect:qword ; LPVOID __stdcall VirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect) extrn VirtualAlloc:qword ; void __stdcall GetSystemInfo(LPSYSTEM_INFO lpSystemInfo) extrn GetSystemInfo:qword ; SIZE_T __stdcall VirtualQuery(LPCVOID lpAddress, PMEMORY_BASIC_INFORMATION lpBuffer, SIZE_T dwLength) extrn VirtualQuery:qword ; BOOL __stdcall FlushFileBuffers(HANDLE hFile) extrn FlushFileBuffers:qword ; HMODULE __stdcall GetModuleHandleW(LPCWSTR lpModuleName) extrn GetModuleHandleW:qword ; BOOL __stdcall IsBadWritePtr(LPVOID lp, UINT_PTR ucb) extrn IsBadWritePtr:qword ; HANDLE __stdcall CreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId) extrn CreateThread:qword ; FARPROC __stdcall GetProcAddress(HMODULE hModule, LPCSTR lpProcName) extrn GetProcAddress:qword ; HMODULE __stdcall LoadLibraryW(LPCWSTR lpLibFileName) extrn LoadLibraryW:qword ; DWORD __stdcall GetCurrentDirectoryW(DWORD nBufferLength, LPWSTR lpBuffer) extrn GetCurrentDirectoryW:qword ; HANDLE __stdcall GetCurrentProcess() extrn GetCurrentProcess:qword ; BOOL __stdcall TerminateProcess(HANDLE hProcess, UINT uExitCode) extrn TerminateProcess:qword ; int __stdcall lstrcmpiW(LPCWSTR lpString1, LPCWSTR lpString2) extrn lstrcmpiW:qword ; int __stdcall GetNumberFormatW(LCID Locale, DWORD dwFlags, LPCWSTR lpValue, const NUMBERFMTW *lpFormat, LPWSTR lpNumberStr, int cchNumber) extrn GetNumberFormatW:qword ; DWORD __stdcall GetTickCount() extrn GetTickCount:qword ; int __stdcall lstrlenW(LPCWSTR lpString) extrn lstrlenW:qword ; SIZE_T __stdcall HeapSize(HANDLE hHeap, DWORD dwFlags, LPCVOID lpMem) extrn HeapSize:qword ; LPVOID __stdcall HeapReAlloc(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem, SIZE_T dwBytes) extrn HeapReAlloc:qword ; DWORD __stdcall FormatMessageW(DWORD dwFlags, LPCVOID lpSource, DWORD dwMessageId, DWORD dwLanguageId, LPWSTR lpBuffer, DWORD nSize, va_list *Arguments) extrn FormatMessageW:qword ; BOOL __stdcall SetProcessShutdownParameters(DWORD dwLevel, DWORD dwFlags) extrn SetProcessShutdownParameters:qword ; BOOL __stdcall ReleaseMutex(HANDLE hMutex) extrn ReleaseMutex:qword ; DWORD __stdcall GetCurrentProcessId() extrn GetCurrentProcessId:qword ; BOOL __stdcall ProcessIdToSessionId(DWORD dwProcessId, DWORD *pSessionId) extrn ProcessIdToSessionId:qword ; DWORD __stdcall GetLastError() extrn GetLastError:qword ; HANDLE __stdcall CreateMutexW(LPSECURITY_ATTRIBUTES lpMutexAttributes, BOOL bInitialOwner, LPCWSTR lpName) extrn CreateMutexW:qword ; BOOL __stdcall SetPriorityClass(HANDLE hProcess, DWORD dwPriorityClass) extrn SetPriorityClass:qword ; BOOL __stdcall GetVersionExW(LPOSVERSIONINFOW lpVersionInformation) extrn GetVersionExW:qword ; DWORD __stdcall WaitForSingleObject(HANDLE hHandle, DWORD dwMilliseconds) extrn WaitForSingleObject:qword ; int __stdcall GetLocaleInfoW(LCID Locale, LCTYPE LCType, LPWSTR lpLCData, int cchData) extrn GetLocaleInfoW:qword ; BOOL __stdcall CreateProcessW(LPCWSTR lpApplicationName, LPWSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation) extrn CreateProcessW:qword ; LPVOID __stdcall TlsGetValue(DWORD dwTlsIndex) extrn TlsGetValue:qword ; DWORD __stdcall ExpandEnvironmentStringsW(LPCWSTR lpSrc, LPWSTR lpDst, DWORD nSize) extrn ExpandEnvironmentStringsW:qword extrn __imp_DelayLoadFailureHook:qword ; DWORD __stdcall GetCurrentThreadId() extrn GetCurrentThreadId:qword ; BOOL __stdcall HeapFree(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem) extrn HeapFree:qword ; HANDLE __stdcall GetProcessHeap() extrn GetProcessHeap:qword ; LPVOID __stdcall HeapAlloc(HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes) extrn HeapAlloc:qword ; HLOCAL __stdcall LocalFree(HLOCAL hMem) extrn LocalFree:qword ; HLOCAL __stdcall LocalAlloc(UINT uFlags, SIZE_T uBytes) extrn LocalAlloc:qword ; void __stdcall DeleteCriticalSection(LPCRITICAL_SECTION lpCriticalSection) extrn DeleteCriticalSection:qword ; BOOL __stdcall DeviceIoControl(HANDLE hDevice, DWORD dwIoControlCode, LPVOID lpInBuffer, DWORD nInBufferSize, LPVOID lpOutBuffer, DWORD nOutBufferSize, LPDWORD lpBytesReturned, LPOVERLAPPED lpOverlapped) extrn DeviceIoControl:qword ; ; Imports from SHELL32.dll ; ; BOOL __stdcall Shell_NotifyIconW(DWORD dwMessage, PNOTIFYICONDATAW lpData) extrn Shell_NotifyIconW:qword ; BOOL __stdcall SHTestTokenMembership(HANDLE hToken, ULONG ulRID) extrn __imp_SHTestTokenMembership:qword ; INT __stdcall ShellAboutW(HWND hWnd, LPCWSTR szApp, LPCWSTR szOtherStuff, HICON hIcon) extrn ShellAboutW:qword extrn SHELL32_61:qword ; DWORD __stdcall SHRestricted(RESTRICTIONS rest) extrn SHRestricted:qword extrn __imp_SHELL32_236:qword extrn __imp_SHELL32_241:qword ; ; Imports from SHLWAPI.dll ; ; LPWSTR __stdcall StrStrIW(LPCWSTR lpFirst, LPCWSTR lpSrch) extrn StrStrIW:qword extrn SHLWAPI_437:qword extrn SHLWAPI_413:qword ; LPWSTR __stdcall StrFormatByteSizeW(LONGLONG qdw, LPWSTR szBuf, UINT uiBufSize) extrn StrFormatByteSizeW:qword ; ; Imports from Secur32.dll ; extrn __imp_GetUserNameExW:qword ; ; Imports from USER32.dll ; ; BOOL __stdcall PostThreadMessageW(DWORD idThread, UINT Msg, WPARAM wParam, LPARAM lParam) extrn PostThreadMessageW:qword ; BOOL __stdcall GetWindowRect(HWND hWnd, LPRECT lpRect) extrn GetWindowRect:qword ; __int32 __stdcall GetDialogBaseUnits() extrn GetDialogBaseUnits:qword ; HDESK __stdcall GetThreadDesktop(DWORD dwThreadId) extrn GetThreadDesktop:qword ; int __stdcall GetSystemMetrics(int nIndex) extrn GetSystemMetrics:qword ; DWORD __stdcall GetSysColor(int nIndex) extrn GetSysColor:qword ; HICON __stdcall LoadIconW(HINSTANCE hInstance, LPCWSTR lpIconName) extrn LoadIconW:qword ; UINT_PTR __stdcall SetTimer(HWND hWnd, UINT_PTR nIDEvent, UINT uElapse, TIMERPROC lpTimerFunc) extrn SetTimer:qword ; BOOL __stdcall EnableMenuItem(HMENU hMenu, UINT uIDEnableItem, UINT uEnable) extrn EnableMenuItem:qword ; BOOL __stdcall DrawEdge(HDC hdc, LPRECT qrc, UINT edge, UINT grfFlags) extrn DrawEdge:qword ; BOOL __stdcall IsIconic(HWND hWnd) extrn IsIconic:qword ; HDC __stdcall BeginPaint(HWND hWnd, LPPAINTSTRUCT lpPaint) extrn BeginPaint:qword ; BOOL __stdcall EndPaint(HWND hWnd, const PAINTSTRUCT *lpPaint) extrn EndPaint:qword ; BOOL __stdcall GetMenuItemInfoW(HMENU, UINT, BOOL, LPMENUITEMINFOW) extrn GetMenuItemInfoW:qword ; HWND __stdcall GetShellWindow() extrn GetShellWindow:qword ; BOOL __stdcall ShowWindow(HWND hWnd, int nCmdShow) extrn ShowWindow:qword ; HDWP __stdcall BeginDeferWindowPos(int nNumWindows) extrn BeginDeferWindowPos:qword ; HDWP __stdcall DeferWindowPos(HDWP hWinPosInfo, HWND hWnd, HWND hWndInsertAfter, int x, int y, int cx, int cy, UINT uFlags) extrn DeferWindowPos:qword ; BOOL __stdcall EndDeferWindowPos(HDWP hWinPosInfo) extrn EndDeferWindowPos:qword ; HANDLE __stdcall LoadImageW(HINSTANCE, LPCWSTR, UINT, int, int, UINT) extrn LoadImageW:qword ; BOOL __stdcall DestroyIcon(HICON hIcon) extrn DestroyIcon:qword ; int __stdcall GetMenuItemCount(HMENU hMenu) extrn GetMenuItemCount:qword ; BOOL __stdcall RemoveMenu(HMENU hMenu, UINT uPosition, UINT uFlags) extrn RemoveMenu:qword ; BOOL __stdcall DestroyMenu(HMENU hMenu) extrn DestroyMenu:qword ; HMENU __stdcall LoadMenuW(HINSTANCE hInstance, LPCWSTR lpMenuName) extrn LoadMenuW:qword ; BOOL __stdcall SetMenuItemInfoW(HMENU, UINT, BOOL, LPCMENUITEMINFOW) extrn SetMenuItemInfoW:qword ; BOOL __stdcall ExitWindowsEx(UINT uFlags, DWORD dwReserved) extrn ExitWindowsEx:qword ; SHORT __stdcall GetAsyncKeyState(int vKey) extrn GetAsyncKeyState:qword ; BOOL __stdcall LockWorkStation() extrn LockWorkStation:qword ; HWND __stdcall GetDesktopWindow() extrn GetDesktopWindow:qword ; BOOL __stdcall DestroyWindow(HWND hWnd) extrn DestroyWindow:qword ; BOOL __stdcall KillTimer(HWND hWnd, UINT_PTR uIDEvent) extrn KillTimer:qword ; BOOL __stdcall OpenIcon(HWND hWnd) extrn OpenIcon:qword ; BOOL __stdcall SetForegroundWindow(HWND hWnd) extrn SetForegroundWindow:qword ; BOOL __stdcall IsZoomed(HWND hWnd) extrn IsZoomed:qword ; HMENU __stdcall GetSubMenu(HMENU hMenu, int nPos) extrn GetSubMenu:qword ; LONG_PTR __stdcall SetWindowLongPtrW(HWND hWnd, int nIndex, LONG_PTR dwNewLong) extrn SetWindowLongPtrW:qword ; BOOL __stdcall MoveWindow(HWND hWnd, int X, int Y, int nWidth, int nHeight, BOOL bRepaint) extrn MoveWindow:qword ; BOOL __stdcall MessageBeep(UINT uType) extrn MessageBeep:qword ; void __stdcall PostQuitMessage(int nExitCode) extrn PostQuitMessage:qword ; HACCEL __stdcall LoadAcceleratorsW(HINSTANCE hInstance, LPCWSTR lpTableName) extrn LoadAcceleratorsW:qword ; UINT __stdcall RegisterWindowMessageW(LPCWSTR lpString) extrn RegisterWindowMessageW:qword ; HWND __stdcall FindWindowW(LPCWSTR lpClassName, LPCWSTR lpWindowName) extrn FindWindowW:qword ; DWORD __stdcall GetWindowThreadProcessId(HWND hWnd, LPDWORD lpdwProcessId) extrn GetWindowThreadProcessId:qword ; BOOL __stdcall AllowSetForegroundWindow(DWORD dwProcessId) extrn AllowSetForegroundWindow:qword ; LRESULT __stdcall SendMessageTimeoutW(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam, UINT fuFlags, UINT uTimeout, PDWORD_PTR lpdwResult) extrn SendMessageTimeoutW:qword ; int __stdcall MessageBoxW(HWND hWnd, LPCWSTR lpText, LPCWSTR lpCaption, UINT uType) extrn MessageBoxW:qword ; HWND __stdcall CreateDialogParamW(HINSTANCE hInstance, LPCWSTR lpTemplateName, HWND hWndParent, DLGPROC lpDialogFunc, LPARAM dwInitParam) extrn CreateDialogParamW:qword ; BOOL __stdcall GetMessageW(LPMSG lpMsg, HWND hWnd, UINT wMsgFilterMin, UINT wMsgFilterMax) extrn GetMessageW:qword ; int __stdcall TranslateAcceleratorW(HWND hWnd, HACCEL hAccTable, LPMSG lpMsg) extrn TranslateAcceleratorW:qword ; BOOL __stdcall IsDialogMessageW(HWND hDlg, LPMSG lpMsg) extrn IsDialogMessageW:qword ; BOOL __stdcall TranslateMessage(const MSG *lpMsg) extrn TranslateMessage:qword ; LRESULT __stdcall DispatchMessageW(const MSG *lpMsg) extrn DispatchMessageW:qword ; int __stdcall FillRect(HDC hDC, const RECT *lprc, HBRUSH hbr) extrn FillRect:qword ; HWND __stdcall CreateWindowExW(DWORD dwExStyle, LPCWSTR lpClassName, LPCWSTR lpWindowName, DWORD dwStyle, int X, int Y, int nWidth, int nHeight, HWND hWndParent, HMENU hMenu, HINSTANCE hInstance, LPVOID lpParam) extrn CreateWindowExW:qword ; int __stdcall DrawTextW(HDC hDC, LPCWSTR lpString, int nCount, LPRECT lpRect, UINT uFormat) extrn DrawTextW:qword ; BOOL __stdcall InvalidateRect(HWND hWnd, const RECT *lpRect, BOOL bErase) extrn InvalidateRect:qword ; BOOL __stdcall UpdateWindow(HWND hWnd) extrn UpdateWindow:qword ; LONG_PTR __stdcall GetWindowLongPtrW(HWND hWnd, int nIndex) extrn GetWindowLongPtrW:qword ; int __stdcall GetDlgCtrlID(HWND hWnd) extrn GetDlgCtrlID:qword ; HWND __stdcall SetFocus(HWND hWnd) extrn SetFocus:qword ; BOOL __stdcall CheckDlgButton(HWND hDlg, int nIDButton, UINT uCheck) extrn CheckDlgButton:qword ; UINT __stdcall IsDlgButtonChecked(HWND hDlg, int nIDButton) extrn IsDlgButtonChecked:qword ; BOOL __stdcall EndDialog(HWND hDlg, INT_PTR nResult) extrn EndDialog:qword ; INT_PTR __stdcall DialogBoxParamW(HINSTANCE hInstance, LPCWSTR lpTemplateName, HWND hWndParent, DLGPROC lpDialogFunc, LPARAM dwInitParam) extrn DialogBoxParamW:qword ; int __stdcall SetScrollInfo(HWND, int, LPCSCROLLINFO, BOOL) extrn SetScrollInfo:qword ; BOOL __stdcall GetScrollInfo(HWND, int, LPSCROLLINFO) extrn GetScrollInfo:qword ; int __stdcall SetScrollPos(HWND hWnd, int nBar, int nPos, BOOL bRedraw) extrn SetScrollPos:qword ; DWORD __stdcall GetGuiResources(HANDLE hProcess, DWORD uiFlags) extrn GetGuiResources:qword ; BOOL __stdcall IsWindow(HWND hWnd) extrn IsWindow:qword ; BOOL __stdcall EnableWindow(HWND hWnd, BOOL bEnable) extrn EnableWindow:qword ; BOOL __stdcall TrackPopupMenuEx(HMENU, UINT, int, int, HWND, LPTPMPARAMS) extrn TrackPopupMenuEx:qword ; int __stdcall GetWindowTextW(HWND hWnd, LPWSTR lpString, int nMaxCount) extrn GetWindowTextW:qword ; HWND __stdcall GetFocus() extrn GetFocus:qword ; BOOL __stdcall SetMenuDefaultItem(HMENU hMenu, UINT uItem, UINT fByPos) extrn SetMenuDefaultItem:qword ; BOOL __stdcall EnumWindowStationsW(WINSTAENUMPROCW lpEnumFunc, LPARAM lParam) extrn EnumWindowStationsW:qword ; BOOL __stdcall IsHungAppWindow(HWND hwnd) extrn IsHungAppWindow:qword ; ULONG_PTR __stdcall GetClassLongPtrW(HWND hWnd, int nIndex) extrn GetClassLongPtrW:qword ; HWINSTA __stdcall OpenWindowStationW(LPCWSTR lpszWinSta, BOOL fInherit, ACCESS_MASK dwDesiredAccess) extrn OpenWindowStationW:qword ; HWINSTA __stdcall GetProcessWindowStation() extrn GetProcessWindowStation:qword ; BOOL __stdcall SetProcessWindowStation(HWINSTA hWinSta) extrn SetProcessWindowStation:qword ; BOOL __stdcall CloseWindowStation(HWINSTA hWinSta) extrn CloseWindowStation:qword ; BOOL __stdcall EnumDesktopsW(HWINSTA hwinsta, DESKTOPENUMPROCW lpEnumFunc, LPARAM lParam) extrn EnumDesktopsW:qword ; HDESK __stdcall OpenDesktopW(LPCWSTR lpszDesktop, DWORD dwFlags, BOOL fInherit, ACCESS_MASK dwDesiredAccess) extrn OpenDesktopW:qword ; BOOL __stdcall SetThreadDesktop(HDESK hDesktop) extrn SetThreadDesktop:qword ; BOOL __stdcall CloseDesktop(HDESK hDesktop) extrn CloseDesktop:qword ; BOOL __stdcall EnumWindows(WNDENUMPROC lpEnumFunc, LPARAM lParam) extrn EnumWindows:qword ; HWND __stdcall GetWindow(HWND hWnd, UINT uCmd) extrn GetWindow:qword ; BOOL __stdcall IsWindowVisible(HWND hWnd) extrn IsWindowVisible:qword ; int __stdcall InternalGetWindowText(HWND hWnd, LPWSTR lpString, int nMaxCount) extrn InternalGetWindowText:qword ; BOOL __stdcall PostMessageW(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam) extrn PostMessageW:qword ; HWND __stdcall GetLastActivePopup(HWND hWnd) extrn GetLastActivePopup:qword ; void __stdcall SwitchToThisWindow(HWND hwnd, BOOL fUnknown) extrn SwitchToThisWindow:qword ; WORD __stdcall TileWindows(HWND hwndParent, UINT wHow, const RECT *lpRect, UINT cKids, const HWND *lpKids) extrn TileWindows:qword ; WORD __stdcall CascadeWindows(HWND hwndParent, UINT wHow, const RECT *lpRect, UINT cKids, const HWND *lpKids) extrn CascadeWindows:qword ; BOOL __stdcall ShowWindowAsync(HWND hWnd, int nCmdShow) extrn ShowWindowAsync:qword extrn EndTask:qword ; BOOL __stdcall GetCursorPos(LPPOINT lpPoint) extrn GetCursorPos:qword ; HWND __stdcall GetParent(HWND hWnd) extrn GetParent:qword ; BOOL __stdcall SetDlgItemTextW(HWND hDlg, int nIDDlgItem, LPCWSTR lpString) extrn SetDlgItemTextW:qword ; int __stdcall GetWindowTextLengthW(HWND hWnd) extrn GetWindowTextLengthW:qword ; HCURSOR __stdcall SetCursor(HCURSOR hCursor) extrn SetCursor:qword ; HCURSOR __stdcall LoadCursorW(HINSTANCE hInstance, LPCWSTR lpCursorName) extrn LoadCursorW:qword ; BOOL __stdcall SetRect(LPRECT lprc, int xLeft, int yTop, int xRight, int yBottom) extrn SetRect:qword ; HWND __stdcall GetForegroundWindow() extrn GetForegroundWindow:qword ; LRESULT __stdcall SendMessageW(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam) extrn SendMessageW:qword ; int __stdcall MapWindowPoints(HWND hWndFrom, HWND hWndTo, LPPOINT lpPoints, UINT cPoints) extrn MapWindowPoints:qword ; HWND __stdcall GetDlgItem(HWND hDlg, int nIDDlgItem) extrn GetDlgItem:qword ; BOOL __stdcall SetMenu(HWND hWnd, HMENU hMenu) extrn SetMenu:qword ; BOOL __stdcall SetWindowPos(HWND hWnd, HWND hWndInsertAfter, int X, int Y, int cx, int cy, UINT uFlags) extrn SetWindowPos:qword ; BOOL __stdcall GetClientRect(HWND hWnd, LPRECT lpRect) extrn GetClientRect:qword ; BOOL __stdcall DeleteMenu(HMENU hMenu, UINT uPosition, UINT uFlags) extrn DeleteMenu:qword ; DWORD __stdcall CheckMenuItem(HMENU hMenu, UINT uIDCheckItem, UINT uCheck) extrn CheckMenuItem:qword ; BOOL __stdcall CheckMenuRadioItem(HMENU, UINT, UINT, UINT, UINT) extrn CheckMenuRadioItem:qword ; HMENU __stdcall GetMenu(HWND hWnd) extrn GetMenu:qword ; BOOL __stdcall SetWindowTextW(HWND hWnd, LPCWSTR lpString) extrn SetWindowTextW:qword ; int __stdcall LoadStringW(HINSTANCE hInstance, UINT uID, LPWSTR lpBuffer, int nBufferMax) extrn LoadStringW:qword ; ATOM __stdcall RegisterClassW(const WNDCLASSW *lpWndClass) extrn RegisterClassW:qword ; BOOL __stdcall GetClassInfoW(HINSTANCE hInstance, LPCWSTR lpClassName, LPWNDCLASSW lpWndClass) extrn GetClassInfoW:qword ; int __stdcall ReleaseDC(HWND hWnd, HDC hDC) extrn ReleaseDC:qword ; HDC __stdcall GetDC(HWND hWnd) extrn GetDC:qword ; BOOL __stdcall SystemParametersInfoW(UINT uiAction, UINT uiParam, PVOID pvParam, UINT fWinIni) extrn SystemParametersInfoW:qword ; HMONITOR __stdcall MonitorFromRect(LPCRECT lprc, DWORD dwFlags) extrn MonitorFromRect:qword ; SHORT __stdcall GetKeyState(int nVirtKey) extrn GetKeyState:qword ; LRESULT __stdcall CallWindowProcW(WNDPROC lpPrevWndFunc, HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam) extrn CallWindowProcW:qword ; LONG __stdcall SetWindowLongW(HWND hWnd, int nIndex, LONG dwNewLong) extrn SetWindowLongW:qword ; LONG __stdcall GetWindowLongW(HWND hWnd, int nIndex) extrn GetWindowLongW:qword ; LRESULT __stdcall DefWindowProcW(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam) extrn DefWindowProcW:qword ; LONG __stdcall GetWindowLongA(HWND hWnd, int nIndex) extrn GetWindowLongA:qword ; ; Imports from iphlpapi.dll ; extrn __imp_GetNumberOfInterfaces:qword extrn __imp_GetIfEntry:qword extrn __imp_NhGetInterfaceNameFromDeviceGuid:qword extrn __imp_GetInterfaceInfo:qword ; ; Imports from ntdll.dll ; extrn RtlTimeToElapsedTimeFields:qword extrn NtQuerySystemInformation:qword extrn NtShutdownSystem:qword extrn RtlNtStatusToDosError:qword extrn NtOpenFile:qword extrn NtInitiatePowerAction:qword extrn NtPowerInformation:qword extrn RtlInitUnicodeString:qword ; Segment type: Pure code ; Segment permissions: Read/Execute _text segment para public 'CODE' use64 assume cs:_text ;org 100001980h assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing dq 45D6923C00000000h, 200000000h, 3E6000000024h dq 3260h ; struct _EXCEPTION_POINTERS ExceptionInfo ExceptionInfo _EXCEPTION_POINTERS <10002D9A0h, \ 10002DA40h> ; char aCorexitprocess[] aCorexitprocess db 'CorExitProcess',0 align 20h ; char ModuleName[] ModuleName db 'mscoree.dll',0 align 10h aRuntimeError db 'runtime error ',0 align 20h db 0Dh,0Ah,0 align 8 aTlossError db 'TLOSS error',0Dh,0Ah,0 align 8 aSingError db 'SING error',0Dh,0Ah,0 align 8 aDomainError db 'DOMAIN error',0Dh,0Ah,0 align 8 aR6030CrtNotIni db 'R6030',0Dh,0Ah db '- CRT not initialized',0Dh,0Ah,0 align 8 aR6028UnableToI db 'R6028',0Dh,0Ah db '- unable to initialize heap',0Dh,0Ah,0 align 20h aR6027NotEnough db 'R6027',0Dh,0Ah db '- not enough space for lowio initia' db 'lization',0Dh,0Ah,0 align 8 aR6026NotEnough db 'R6026',0Dh,0Ah db '- not enough space for stdio initia' db 'lization',0Dh,0Ah,0 align 10h aR6025PureVirtu db 'R6025',0Dh,0Ah db '- pure virtual function call',0Dh,0Ah,0 align 8 aR6024NotEnough db 'R6024',0Dh,0Ah db '- not enough space for _onexit/atex' db 'it table',0Dh,0Ah,0 align 10h aR6019UnableToO db 'R6019',0Dh,0Ah db '- unable to open console device',0Dh,0Ah,0 align 20h aR6018Unexpecte db 'R6018',0Dh,0Ah db '- unexpected heap error',0Dh,0Ah,0 align 8 aR6017Unexpecte db 'R6017',0Dh,0Ah db '- unexpected multithread lock error' db 0Dh,0Ah,0 align 8 aR6016NotEnough db 'R6016',0Dh,0Ah db '- not enough space for thread data',0Dh db 0Ah,0 align 10h aThisApplicatio db 0Dh,0Ah db 'This application has requested the ' db 'Runtime to terminate it in an unusu' db 'al way.',0Ah db 'Please contact the application',27h,'s' db ' support team for more information.' db 0Dh,0Ah,0 align 8 aR6009NotEnough db 'R6009',0Dh,0Ah db '- not enough space for environment',0Dh db 0Ah,0 align 8 aR6008NotEnough db 'R6008',0Dh,0Ah db '- not enough space for arguments',0Dh,0Ah db 0 align 8 aR6002FloatingP db 'R6002',0Dh,0Ah db '- floating point not loaded',0Dh,0Ah,0 align 10h aMicrosoftVisua db 'Microsoft Visual C++ Runtime Librar' db 'y',0 align 8 word_100001D38 dw 0A0Ah byte_100001D3A db 0 align 4 ; char a___[4] a___ db '...',0 aProgramNameUnk db '<program name unknown>',0 align 8 aRuntimeErrorPr db 'Runtime Error!',0Ah db 0Ah db 'Program: ',0 align 8 ; char aFlsfree[] aFlsfree db 'FlsFree',0 ; char aFlssetvalue[] aFlssetvalue db 'FlsSetValue',0 align 10h ; char aFlsgetvalue[] aFlsgetvalue db 'FlsGetValue',0 align 20h ; char aFlsalloc[] aFlsalloc db 'FlsAlloc',0 align 10h ; char aKernel32_dll_0[] aKernel32_dll_0 db 'kernel32.dll',0 align 20h aHH: unicode 0, < h(((( > unicode 0, < H> dq 3 dup(10001000100010h), 84001000100010h dq 2 dup(84008400840084h), 10001000100084h dq 10001000100010h, 181018101810181h, 101010101810181h dq 4 dup(101010101010101h), 10001001010101h dq 10001000100010h, 182018201820182h, 102010201820182h dq 4 dup(102010201020102h), 10001001020102h dq 2000100010h, 807060504030201h, 100F0E0D0C0B0A09h dq 1817161514131211h, 201F1E1D1C1B1A19h dq 2827262524232221h, 302F2E2D2C2B2A29h dq 3837363534333231h, 403F3E3D3C3B3A39h dq 4847464544434241h, 504F4E4D4C4B4A49h dq 5857565554535251h, 605F5E5D5C5B5A59h dq 6867666564636261h, 706F6E6D6C6B6A69h dq 7877767574737271h, 7F7E7D7C7B7A79h ; char aGetprocesswind[] aGetprocesswind db 'GetProcessWindowStation',0 ; char aGetuserobjecti[] aGetuserobjecti db 'GetUserObjectInformationA',0 align 8 ; char aGetlastactivep[] aGetlastactivep db 'GetLastActivePopup',0 align 10h ; char aGetactivewindo[] aGetactivewindo db 'GetActiveWindow',0 ; char aMessageboxa[] aMessageboxa db 'MessageBoxA',0 align 10h ; char aUser32_dll_0[] aUser32_dll_0 db 'user32.dll',0 align 20h ; char aInitializecrit[] aInitializecrit db 'InitializeCriticalSectionAndSpinCou' db 'nt',0 align 10h dq 10006000006h, 1002060006030010h, 505050545454504h dq 5000303505h, 807585038282000h, 7505730303700h dq 8202000h, 60606060686008h, 878787878707000h dq 808000700000807h, 700080008000008h, 8 aNull: unicode 0, <(null)>,0 align 20h aNull_0 db '(null)',0 align 8 dq 21h dup(0) asc_100002170: unicode 0, < ((((( > unicode 0, < H> dw 3 dup(10h) dq 3 dup(10001000100010h), 2 dup(84008400840084h) dq 10001000840084h, 10001000100010h, 81008100810010h dq 1008100810081h, 4 dup(1000100010001h) dq 10000100010001h, 10001000100010h, 82008200820010h dq 2008200820082h, 4 dup(2000200020002h) dq 10000200020002h, 20001000100010h, 20h dup(0) db 2 dup(0) word_100002372 dw 3 dup(20h) aHH_0: unicode 0, < h(((( > unicode 0, < H> dd 100010h dq 3 dup(10001000100010h), 84008400840010h dq 84008400840084h, 10008400840084h, 10001000100010h dq 181018100100010h, 181018101810181h, 5 dup(101010101010101h) dq 10001000100010h, 182018200100010h, 182018201820182h dq 5 dup(102010201020102h), 10001000100010h dq 8 dup(20002000200020h), 10001000480020h dq 3 dup(10001000100010h), 14001000100010h dq 10001000100014h, 10001400100010h, 10001000100010h dq 101010101010010h, 5 dup(101010101010101h) dq 101010101010010h, 101010101010101h, 6 dup(102010201020102h) dq 102010201020010h, 102010201020102h db 2, 3 dup(1) ; const WCHAR SrcStr SrcStr dw 0 align 8 dq 73733A6D6D3A4848h, 0 aDdddMmmmDdYyyy db 'dddd, MMMM dd, yyyy',0 align 20h aMmDdYy db 'MM/dd/yy',0 align 4 aPm db 'PM',0 align 10h aAm db 'AM',0 align 8 aDecember db 'December',0 align 8 aNovember db 'November',0 align 8 aOctober db 'October',0 aSeptember db 'September',0 align 4 aAugust db 'August',0 align 4 aJuly db 'July',0 align 4 aJune db 'June',0 align 4 aApril db 'April',0 align 4 aMarch db 'March',0 align 8 aFebruary db 'February',0 align 8 aJanuary db 'January',0 aDec db 'Dec',0 aNov db 'Nov',0 aOct db 'Oct',0 aSep db 'Sep',0 aAug db 'Aug',0 aJul db 'Jul',0 aJun db 'Jun',0 aMay db 'May',0 aApr db 'Apr',0 aMar db 'Mar',0 aFeb db 'Feb',0 aJan db 'Jan',0 aSaturday db 'Saturday',0 align 4 aFriday db 'Friday',0 align 8 aThursday db 'Thursday',0 align 8 aWednesday db 'Wednesday',0 align 8 aTuesday db 'Tuesday',0 aMonday db 'Monday',0 align 8 aSunday db 'Sunday',0 align 10h aSat db 'Sat',0 aFri db 'Fri',0 aThu db 'Thu',0 aWed db 'Wed',0 aTue db 'Tue',0 aMon db 'Mon',0 aSun db 'Sun',0 align 10h dq 20h dup(0) unicode 0, < ((((( > unicode 0, < H> dw 3 dup(10h) dq 3 dup(10001000100010h), 2 dup(84008400840084h) dq 10001000840084h, 10001000100010h, 81008100810010h dq 1008100810081h, 4 dup(1000100010001h) dq 10000100010001h, 10001000100010h, 82008200820010h dq 2008200820082h, 4 dup(2000200020002h) dq 10000200020002h, 20001000100010h, 20h dup(0) ; char aSetthreadstack[] aSetthreadstack db 'SetThreadStackGuarantee',0 aSunmontuewedth db 'SunMonTueWedThuFriSat',0 align 20h aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDe' db 'c',0 align 8 ; char aHhctrl_ocx[11] aHhctrl_ocx db 'hhctrl.ocx',0 align 8 ; char aClsidAdb880a6D[] aClsidAdb880a6D db 'CLSID\{ADB880A6-D8FF-11CF-9377-00AA' db '003B7A11}\InprocServer32',0 ; char byte_100002A74[12] byte_100002A74 db 0Ch dup(0) aWtsapi32_dll db 'WTSAPI32.dll',0 align 10h aWinsta_dll db 'WINSTA.dll',0 align 20h aMsgina_dll db 'MSGINA.dll',0 db 4 dup(0), 80h qword_100002AB0 dq 10000000400000h, 8 ; char aNetgetjoininfo[] aNetgetjoininfo db 'NetGetJoinInformation',0 align 8 ; const WCHAR aNetapi32 aNetapi32: unicode 0, <netapi32>,0 align 10h ; char aNetapibufferfr[] aNetapibufferfr db 'NetApiBufferFree',0 align 8 ; char aNtqueryinforma[] aNtqueryinforma db 'NtQueryInformationProcess',0 align 8 ; const WCHAR aNtdll_dll_0 aNtdll_dll_0: unicode 0, <ntdll.dll>,0 align 20h ; const WCHAR aServeradminui aServeradminui: unicode 0, <ServerAdminUI>,0 align 20h ; const WCHAR aSoftwareMicr_4 aSoftwareMicr_4: unicode 0, <Software\Microsoft\Windows\> unicode 0, <CurrentVersion\Explorer\Adv> unicode 0, <anced>,0 ; char aInstalled[] aInstalled db 'Installed',0 align 8 ; char aSystemWpaAppli[] aSystemWpaAppli db 'System\WPA\ApplianceServer',0 align 8 ; __int64 aLogontype aLogontype db 'LogonType',0 align 8 aGinadll db 'GinaDLL',0 ; __int64 aSoftwareMicr_6 aSoftwareMicr_6 db 'SOFTWARE\Microsoft\Windows NT\Curre' db 'ntVersion\Winlogon',0 align 8 ; __int64 aSoftwareMicr_5 aSoftwareMicr_5 db 'SOFTWARE\Microsoft\Windows\CurrentV' db 'ersion\policies\system',0 align 8 ; __int64 aAllowmultipl_0 aAllowmultipl_0 db 'AllowMultipleTSSessions',0 aUtildll_dll db 'UTILDLL.dll',0 align 20h aOle32_dll db 'ole32.dll',0 align 4 asc_100002CCC: unicode 0, <\>,0 off_100002CD0 dq offset sub_10001B1D0, offset sub_10001AF50 dq offset sub_100017A30, offset sub_10001B620 dq offset loc_10001AF30, offset loc_100008210 dq offset sub_100019AE0, offset sub_1000080B0 off_100002D10 dq offset sub_100017660, offset sub_1000173F0 dq offset sub_100017A30, offset sub_100017990 dq offset loc_1000173D0, offset loc_100008210 dq offset sub_100015BE0, offset sub_100008220 off_100002D50 dq offset sub_100013C10, offset sub_100013B20 dq offset sub_1000140B0, offset sub_100013EF0 dq offset loc_100013B00, offset loc_100008210 dq offset sub_1000122E0, offset sub_1000081C0 off_100002D90 dq offset sub_10000A660, offset sub_10000A530 dq offset sub_100017A30, offset sub_10000A7A0 dq offset loc_10000A510, offset loc_100008210 dq offset sub_10000A080, offset sub_100008190 ; const WCHAR aDisabletaskmgr aDisabletaskmgr: unicode 0, <DisableTaskMgr>,0 align 10h ; const WCHAR aSoftwareMicr_3 aSoftwareMicr_3: unicode 0, <Software\Microsoft\Windows\> unicode 0, <CurrentVersion\Policies\Sys> unicode 0, <tem>,0 align 8 ; const WCHAR String String: unicode 0, <TaskbarCreated>,0 align 8 ; const WCHAR aAllowmultiplet aAllowmultiplet: unicode 0, <AllowMultipleTSSessions>,0 align 20h ; const WCHAR aSoftwareMicr_2 aSoftwareMicr_2: unicode 0, <SOFTWARE\Microsoft\Windows > unicode 0, <NT\CurrentVersion\Winlogon>,0 align 10h dq 300000000h, 200000003h, 300000001h, 2 dup(300000003h) qword_100002F58 dq 0C8F00000C8Ch, 0C8Ah, 0C8F00000C8Ch, 0C8Ah dq 43007200730055h, 6D0075006C006Fh, 7400650053006Eh dq 67006E00690074h, 73h qword_100002FA0 dq 4180000041Ah dq 41A00000418h, 9C41h, 0 byte_100002FC0 db 25h, 4, 2 dup(0) dd 426h dq 43F00000440h, 42800000427h, 43300000429h dq 42B0000042Ah, 42D0000042Ch, 42F0000042Eh dq 43100000430h, 43C00000432h, 7F00000043Dh dq 7F2000007F1h, 7F4000007F3h db 0F5h, 7, 2 dup(0) dword_100003024 dd 0 align 10h dq 4E2200004E21h, 4E3100004E32h, 4E2400004E23h dq 520C00004E25h, 4E2700004E26h, 4E2900004E28h dq 4E2B00004E2Ah, 4E2D00004E2Ch, 4E2F00004E2Eh dq 520D00004E30h, 520F0000520Eh, 521100005210h dq 5212h, 0 dq 526D0000526Ch, 526F0000526Eh, 527100005270h dq 527300005272h, 527500005274h, 527700005276h dq 527900005278h, 527B0000527Ah, 527D0000527Ch dq 527F0000527Eh, 528100005280h, 528300005282h dq 528500005284h, 0 qword_100003110 dq 0C3B50000C3B4h, 0C3B70000C3B6h, 0C3B90000C3B8h dq 0C3BB0000C3BAh, 0C3BD0000C3BCh, 0C3BF0000C3BEh dq 0C3C10000C3C0h, 0C3C30000C3C2h, 0C3C50000C3C4h dq 0C3C70000C3C6h, 0C3C90000C3C8h, 0C3CB0000C3CAh dq 0C3CD0000C3CCh, 0FFFF000000FFh, 0FF00h dq 0 qword_100003190 dq 3FD000003FCh, 3FF000003FEh, 40100000400h dq 40400000403h, 40600000405h, 40800000407h dq 40B00000409h, 40F0000040Dh, 3F5000003F4h dq 3F6000003F7h, 3FA000003F9h, 402000003FBh dq 40A00000410h, 40E0000040Ch qword_100003200 dq 0FF0000FF00h, 0FF000000FF00FFh, 80FF00FFFF00h dq 0FF800000FF00FFh, 0FFFFh qword_100003228 dq 800000007Fh, 8200000081h, 8400000083h dq 8600000085h, 8800000087h, 8A00000089h ; const WCHAR Name Name: unicode 0, <NTShell Taskman Startup Mut> unicode 0, <ex>,0 align 20h ; const WCHAR SubKey SubKey: unicode 0, <Software\Microsoft\Windows > unicode 0, <NT\CurrentVersion\TaskManag> unicode 0, <er>,0 align 8 ; const WCHAR ValueName ValueName: unicode 0, <Preferences>,0 qword_100003330 dq 200000000h, 600000004h, 0FFFFFFFFh qword_100003348 dq 200000000h, 400000003h, 0FFFFFFFF00000006h qword_100003360 dq 200000000h, 400000003h, 0FFFFFFFFh, 0 qword_100003380 dq 10002EA28h, 52130000000Ah, 10002EA10h dq 52140000000Ah, 10002E9F8h, 27160000000Ah dq 10002ED80h, 521700000020h, 10002ED00h dq 521900000020h, 10002F280h, 271D00000020h dq 10002F240h, 271E00000020h, 10002F1C0h dq 271B00000020h, 10002F200h, 271C00000020h dq 10002F180h, 271F00000020h, 10002F140h dq 272B00000020h, 10002F100h, 272C00000020h dq 10002F080h, 272700000020h, 10002F0C0h dq 272600000020h, 10002F040h, 755600000020h dq 10002F000h, 755700000020h, 10002EFC0h dq 755900000020h, 10002EF80h, 755800000020h dq 10002EF40h, 755C00000020h, 10002EF00h dq 9C7B00000020h, 10002EEC0h, 9C7C00000020h dq 10002EE80h, 9C7D00000020h, 10002EE40h dq 9C7E00000020h, 10002ECC0h, 521500000020h dq 10002ED40h, 521800000020h, 10002EC80h dq 521A00000020h, 10002EC40h, 521B00000020h dq 10002EC00h, 521C00000020h, 10002EBC0h dq 521D00000020h, 10002EB80h, 521E00000020h dq 10002EB40h, 521F00000020h, 10002EB00h dq 522000000020h, 7D0000001F4h, 0FA0h, 0FFFFFFFFh aCmd_exe: unicode 0, <"cmd.exe">,0 align 10h ; const WCHAR aWindirSystem32 aWindirSystem32: unicode 0, <"%windir%\system32\cmd.exe"> ; const WCHAR Src Src: unicode 0, <"%ComSpec%">,0 aTaskmgr_chm db 'taskmgr.chm',0 align 10h aSeundockprivil: unicode 0, <SeUndockPrivilege>,0 align 8 ; const WCHAR Srch Srch: unicode 0, <%s >,0 ; const WCHAR aNodisconnect aNodisconnect: unicode 0, <NoDisconnect>,0 align 20h ; const WCHAR aNoclose aNoclose: unicode 0, <NoClose>,0 ; const WCHAR aNologoff aNologoff: unicode 0, <NoLogoff>,0 align 10h ; const WCHAR aSoftwareMicr_1 aSoftwareMicr_1: unicode 0, <Software\Microsoft\Windows\> unicode 0, <CurrentVersion\Policies\Exp> unicode 0, <lorer>,0 ; const WCHAR aDisablelockwor aDisablelockwor: unicode 0, <DisableLockWorkstation>,0 align 20h ; const WCHAR aSoftwareMicr_0 aSoftwareMicr_0: unicode 0, <SOFTWARE\Microsoft\Windows\> unicode 0, <CurrentVersion\Policies\sys> unicode 0, <tem>,0 align 8 ; char ProcName[] ProcName db 'CM_Request_Eject_PC',0 align 10h ; const WCHAR LibFileName LibFileName: unicode 0, <cfgmgr32>,0 align 8 aSeshutdownpriv: unicode 0, <SeShutdownPrivilege>,0 ; const WCHAR ClassName ClassName: unicode 0, <Button>,0 align 20h ; WCHAR Class Class: unicode 0, <REG_BINARY>,0 align 8 ; const WCHAR WindowName WindowName dw 0 align 20h qword_100003840 dq 3ED000003EEh, 3ECh aD: unicode 0, <%d %%>,0 align 20h ; const WCHAR aButton_0 aButton_0: unicode 0, <BUTTON>,0 align 10h off_100003870 dq offset sub_10000D710, offset sub_10000D890 ; std::ios_base::width(void) dq offset sub_10000DA50, offset sub_10000DB60 dq offset loc_10000DBD0, offset ?width@ios_base@std@@QEBA_JXZ dq offset sub_10000F3E0 ; int a22_5 a22_5: unicode 0, < 22.5 %>,0 ; const WCHAR aDavesframeclas aDavesframeclas: unicode 0, <DavesFrameClass>,0 asc_1000038D8: unicode 0, < >,0 align 20h aDevice: unicode 0, <\Device\>,0 align 8 ; const WCHAR aDrwtsn32_exe aDrwtsn32_exe: unicode 0, <drwtsn32.exe>,0 align 8 ; const WCHAR String2 String2: unicode 0, <drwtsn32>,0 align 10h ; const WCHAR aDebugger aDebugger: unicode 0, <Debugger>,0 align 10h ; const WCHAR aSoftwareMicros aSoftwareMicros: unicode 0, <SOFTWARE\Microsoft\Windows > unicode 0, <NT\CurrentVersion\AeDebug>,0 align 20h aSPLd: unicode 0, <%s -p %ld>,0 align 8 aSedebugprivile: unicode 0, <SeDebugPrivilege>,0 align 20h aS_0 db 'Ø:',0 align 4 dd 1 dq 100003A78h, 100003A60h, 100003A40h, 100003A28h dq 7300610073006Ch, 780065002E0073h, 65h dq 76007200650073h, 73006500630069h, 6500780065002Eh dq 0 aSmss_exe: unicode 0, <smss.exe>,0 align 8 aWinlogon_exe: unicode 0, <winlogon.exe>,0 align 8 aCsrss_exe: unicode 0, <csrss.exe>,0 align 10h a2dS02dS02d: unicode 0, <%2d%s%02d%s%02d>,0 a02d: unicode 0, <%02d %>,0 db 0 db 0 aD_0: unicode 0, <%d>,0 align 8 aU: unicode 0, <%u>,0 align 10h qword_100003AF0 dq 54005300590053h dword_100003AF8 dd 4D0045h word_100003AFC dw 0 align 20h a32: unicode 0, < *32>,0 align 10h qword_100003B10 dq 1000146B0h, 67006F00720050h, 20006D00610072h dq 61006E0061004Dh, 7200650067h, 1000181E0h dq 1000183C0h, 100017F30h, 64006100680053h dq 6F00480077006Fh, 790065006B0074h, 66006900680053h dq 74h, 64006100680053h, 6F00480077006Fh dq 790065006B0074h, 790065004Bh, 7D00700075007Bh dq 0 aTab: unicode 0, <{tab}>,0 align 8 unicode 0, <{*}>,0 aSpacebar: unicode 0, <{spacebar}>,0 align 8 aRight: unicode 0, <{right}>,0 aPrtscrn: unicode 0, <{prtscrn}>,0 align 20h unicode 0, <{+}>,0 aPageup: unicode 0, <{pageup}>,0 align 20h aPagedown: unicode 0, <{pagedown}>,0 align 8 unicode 0, <{-}>,0 aLeft: unicode 0, <{left}>,0 align 10h aInsert: unicode 0, <{insert}>,0 align 8 aHome: unicode 0, <{home}>,0 align 8 aF12: unicode 0, <{F12}>,0 align 8 aF11: unicode 0, <{F11}>,0 align 8 aF10: unicode 0, <{F10}>,0 align 8 aF9: unicode 0, <{F9}>,0 align 8 aF8: unicode 0, <{F8}>,0 align 8 aF7: unicode 0, <{F7}>,0 align 8 aF6: unicode 0, <{F6}>,0 align 8 aF5: unicode 0, <{F5}>,0 align 8 aF4: unicode 0, <{F4}>,0 align 8 aF3: unicode 0, <{F3}>,0 align 8 aF2: unicode 0, <{F2}>,0 align 8 aEnter: unicode 0, <{enter}>,0 aEnd: unicode 0, <{end}>,0 align 8 aDown: unicode 0, <{down}>,0 align 8 aDelete: unicode 0, <{delete}>,0 align 10h aBackspace: unicode 0, <{backspace}>,0 aZ: unicode 0, <Z>,0 aY: unicode 0, <Y>,0 unicode 0, <X>,0 aW: unicode 0, <W>,0 aV: unicode 0, <V>,0 aU_0: unicode 0, <U>,0 aT: unicode 0, <T>,0 aS: unicode 0, <S>,0 aR: unicode 0, <R>,0 aQ: unicode 0, <Q>,0 aP: unicode 0, <P>,0 aO: unicode 0, <O>,0 aN: unicode 0, <N>,0 aM: unicode 0, <M>,0 unicode 0, <L>,0 aK: unicode 0, <K>,0 aJ: unicode 0, <J>,0 aI: unicode 0, <I>,0 unicode 0, <H>,0 aG: unicode 0, <G>,0 unicode 0, <F>,0 aE: unicode 0, <E>,0 aD_1: unicode 0, <D>,0 aC: unicode 0, <C>,0 aB: unicode 0, <B>,0 aA: unicode 0, <A>,0 a9: unicode 0, <9>,0 a8: unicode 0, <8>,0 a7: unicode 0, <7>,0 a6: unicode 0, <6>,0 a5: unicode 0, <5>,0 a4: unicode 0, <4>,0 a3: unicode 0, <3>,0 a2: unicode 0, <2>,0 a1: unicode 0, <1>,0 a0: unicode 0, <0>,0 qword_100003E18 dq 100018830h, 1000188C0h, 100017F30h, 100018550h dq 100018740h, 1000187C0h, 100018480h, 1000184F0h dq 100017F30h, 25A6C62F53445352h, 0B7F7A98F4D19C687h dq 1A9503E2Ch, 2E72676D6B736174h, 626470h dq 3 dup(0) ; int __fastcall sub_100003EA0(HWND hWnd, UINT Msg, WPARAM wParam, __int64, __int64, __int64, __int64) sub_100003EA0 proc near var_18= qword ptr -18h arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 38h cmp edx, 1 mov [rsp+38h+arg_0], rbx mov [rsp+38h+arg_8], rbp mov [rsp+38h+arg_10], rsi mov [rsp+38h+arg_18], rdi mov rbp, r8 mov rdi, rcx mov rsi, r9 mov ebx, edx jnz short loc_100003F18 lea edx, [rbx-11h] ; nIndex call cs:GetWindowLongW lea edx, [rbx-11h] ; nIndex mov rcx, rdi ; hWnd bts eax, 1Ah mov r8d, eax ; dwNewLong call cs:SetWindowLongW loc_100003EE4: ; lpPrevWndFunc mov rcx, cs:lpPrevWndFunc mov r9, rbp ; wParam mov r8d, ebx ; Msg mov rdx, rdi ; hWnd mov [rsp+38h+var_18], rsi call cs:CallWindowProcW loc_100003EFF: mov rdi, [rsp+38h+arg_18] mov rsi, [rsp+38h+arg_10] mov rbp, [rsp+38h+arg_8] mov rbx, [rsp+38h+arg_0] add rsp, 38h retn loc_100003F18: cmp edx, 14h jnz short loc_100003EE4 call cs:DefWindowProcW jmp short loc_100003EFF sub_100003EA0 endp algn_100003F25: align 10h ; int __cdecl sub_100003F30(int, int, char, int, HKEY hKey) sub_100003F30 proc near var_38= qword ptr -38h var_30= dword ptr -30h var_28= qword ptr -28h var_20= qword ptr -20h var_18= qword ptr -18h arg_8= byte ptr 10h hKey= qword ptr 18h push rbx sub rsp, 50h lea rax, [rsp+58h+arg_8] mov rbx, rcx lea r9, Class ; "REG_BINARY" mov [rsp+58h+var_18], rax lea rax, [rsp+58h+hKey] lea rdx, SubKey ; "Software\\Microsoft\\Windows NT\\CurrentVe"... mov [rsp+58h+var_20], rax xor eax, eax xor r8d, r8d ; Reserved mov [rsp+58h+var_28], rax mov rcx, 0FFFFFFFF80000001h ; hKey mov [rsp+58h+var_30], 20006h mov dword ptr [rsp+58h+var_38], eax call cs:RegCreateKeyExW test eax, eax jnz short loc_100003FB7 mov rcx, [rsp+58h+hKey] ; hKey lea r9d, [rax+3] ; dwType lea rdx, ValueName ; "Preferences" xor r8d, r8d ; Reserved mov [rsp+58h+var_30], 29Ch mov [rsp+58h+var_38], rbx call cs:RegSetValueExW mov rcx, [rsp+58h+hKey] ; hKey test eax, eax jz short loc_100003FE1 call cs:RegCloseKey loc_100003FB7: call cs:GetLastError test eax, eax jg short loc_100003FCD call cs:GetLastError add rsp, 50h pop rbx retn loc_100003FCD: call cs:GetLastError movzx eax, ax or eax, 80070000h add rsp, 50h pop rbx retn loc_100003FE1: call cs:RegCloseKey xor eax, eax add rsp, 50h pop rbx retn sub_100003F30 endp algn_100003FEF: align 20h ; int __fastcall sub_100004000(int pvParam, int, int, int, int, DWORD Type, int, HKEY hKey) sub_100004000 proc near var_18= qword ptr -18h var_10= qword ptr -10h arg_8= dword ptr 10h Type= dword ptr 18h hKey= qword ptr 20h push rbx sub rsp, 30h mov rbx, rcx mov ecx, 10h ; nVirtKey call cs:GetKeyState test ax, ax jns short loc_10000404C mov ecx, 12h ; nVirtKey call cs:GetKeyState test ax, ax jns short loc_10000404C mov ecx, 11h ; nVirtKey call cs:GetKeyState test ax, ax jns short loc_10000404C mov rcx, rbx ; pvParam call sub_100004120 mov eax, 1 add rsp, 30h pop rbx retn loc_10000404C: lea rax, [rsp+38h+hKey] lea rdx, SubKey ; "Software\\Microsoft\\Windows NT\\CurrentVe"... mov r9d, 20019h ; samDesired xor r8d, r8d ; ulOptions mov rcx, 0FFFFFFFF80000001h ; hKey mov [rsp+38h+var_18], rax call cs:RegOpenKeyExW test eax, eax jnz loc_100004105 mov rcx, [rsp+38h+hKey] ; hKey lea rax, [rsp+38h+arg_8] lea r9, [rsp+38h+Type] ; lpType mov [rsp+38h+var_10], rax lea rdx, ValueName ; "Preferences" xor r8d, r8d ; lpReserved mov [rsp+38h+var_18], rbx mov [rsp+38h+arg_8], 29Ch call cs:RegQueryValueExW test eax, eax jnz short loc_1000040F2 cmp [rsp+38h+Type], 3 jnz short loc_1000040F2 cmp [rsp+38h+arg_8], 29Ch jnz short loc_1000040F2 lea rcx, [rbx+14h] ; lprc xor edx, edx ; dwFlags call cs:MonitorFromRect test rax, rax jz short loc_1000040F2 mov eax, cs:dword_10002F440 dec eax cmp [rbx+24h], eax jg short loc_1000040F2 mov rcx, [rsp+38h+hKey] ; hKey call cs:RegCloseKey xor eax, eax add rsp, 30h pop rbx retn loc_1000040F2: ; pvParam mov rcx, rbx call sub_100004120 mov rcx, [rsp+38h+hKey] ; hKey call cs:RegCloseKey loc_100004105: mov eax, 1 add rsp, 30h pop rbx retn sub_100004000 endp algn_100004110: align 20h ; int __cdecl sub_100004120(int pvParam, int, int, int, __int64, __int64) sub_100004120 proc near pvParam= dword ptr 8 arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov [rsp+28h+arg_10], rbx xor edx, edx ; int mov r8d, 29Ch ; size_t mov [rsp+28h+arg_18], rdi mov rbx, rcx call memset xor edi, edi lea r8, [rsp+28h+pvParam] ; pvParam xor r9d, r9d ; fWinIni lea ecx, [rdi+46h] ; uiAction xor edx, edx ; uiParam mov dword ptr [rbx], 29Ch mov [rsp+28h+pvParam], edi call cs:SystemParametersInfoW test eax, eax jz short loc_10000416C cmp [rsp+28h+pvParam], edi jz short loc_10000416C mov [rbx+4], edi jmp short loc_100004173 loc_10000416C: mov dword ptr [rbx+4], 3E8h loc_100004173: mov eax, cs:dword_10002F3FC or dword ptr [rbx+28Ch], 47h mov dword ptr [rbx+8], 2 add eax, 0Ah mov dword ptr [rbx+0Ch], 1 mov dword ptr [rbx+10h], 1 mov [rbx+20h], eax mov eax, cs:dword_10002F3F8 mov dword ptr [rbx+24h], 0FFFFFFFFh add eax, 0Ah mov dword ptr [rbx+18h], 0Ah mov dword ptr [rbx+14h], 0Ah mov [rbx+1Ch], eax cmp cs:dword_10002F478, edi jz short loc_100004204 cmp cs:dword_10002F47C, edi jnz short loc_100004204 mov eax, cs:dword_1000301A4 test al, 1 jnz short loc_1000041F3 or eax, 1 mov edx, 220h ; ulRID xor ecx, ecx ; hToken mov cs:dword_1000301A4, eax call SHTestTokenMembership mov cs:dword_1000301A0, eax jmp short loc_1000041F9 loc_1000041F3: mov eax, cs:dword_1000301A0 loc_1000041F9: test eax, eax jz short loc_100004204 mov eax, 1 jmp short loc_100004206 loc_100004204: mov eax, edi loc_100004206: mov [rbx+298h], eax cmp cs:dword_10002F478, edi jz short loc_100004225 cmp cs:dword_10002F47C, edi jnz short loc_100004225 lea rcx, qword_100003348 jmp short loc_10000422C loc_100004225: lea rcx, qword_100003330 loc_10000422C: mov rdx, rdi lea r8, [rbx+154h] loc_100004236: mov eax, [rcx] mov [r8], eax cmp dword ptr [rcx], 0FFFFFFFFh jz short loc_100004251 inc rdx add r8, 4 add rcx, 4 cmp rdx, 1Ah jl short loc_100004236 loc_100004251: ; void * lea rcx, [rbx+1BCh] mov edx, 0FFh ; int mov r8d, 68h ; size_t call memset lea rcx, [rbx+224h] ; void * mov edx, 0FFh ; int mov r8d, 68h ; size_t call memset lea r11, qword_100003360 mov rdx, rdi lea rcx, [rbx+28h] db 66h, 66h nop loc_100004290: mov eax, [r11] mov [rcx], eax cmp dword ptr [r11], 0FFFFFFFFh jz short loc_1000042AC inc rdx add rcx, 4 add r11, 4 cmp rdx, 1Bh jl short loc_100004290 loc_1000042AC: mov qword ptr [rbx+94h], 0FFFFFFFFFFFFFFFFh mov qword ptr [rbx+9Ch], 0FFFFFFFFFFFFFFFFh mov qword ptr [rbx+0A4h], 0FFFFFFFFFFFFFFFFh mov qword ptr [rbx+0ACh], 0FFFFFFFFFFFFFFFFh mov qword ptr [rbx+0B4h], 0FFFFFFFFFFFFFFFFh mov qword ptr [rbx+0BCh], 0FFFFFFFFFFFFFFFFh mov dword ptr [rbx+0C4h], 0FFFFFFFFh lea rcx, [rbx+0CCh] ; void * mov edx, 0FFh ; int mov r8d, 6Ch ; size_t mov word ptr [rbx+0C8h], 0FFFFh call memset mov [rbx+13Ch], edi mov [rbx+140h], edi mov [rbx+148h], edi mov [rbx+150h], edi mov rdi, [rsp+28h+arg_18] mov dword ptr [rbx+138h], 1 mov dword ptr [rbx+144h], 1 mov dword ptr [rbx+14Ch], 1 mov rbx, [rsp+28h+arg_10] add rsp, 28h retn sub_100004120 endp byte_10000435D db 13h dup(0CCh) sub_100004370 proc near var_18= dword ptr -18h push rbx sub rsp, 30h mov rcx, cs:hWnd ; hWnd call cs:GetMenu test rax, rax mov rbx, rax jz loc_1000045A3 mov r9d, cs:wParam mov edx, 9C4Fh ; UINT mov rcx, rax ; HMENU lea r8d, [rdx+2] ; UINT add r9d, 9C4Fh ; UINT mov [rsp+38h+var_18], 0 call cs:CheckMenuRadioItem mov r9d, cs:dword_10002FEDC mov edx, 9C52h ; UINT lea r8d, [rdx+1] ; UINT mov rcx, rbx ; HMENU add r9d, 9C52h ; UINT mov [rsp+38h+var_18], 0 call cs:CheckMenuRadioItem mov r9d, cs:dword_10002FEE0 mov edx, 9C56h ; UINT add r9d, 9C56h ; UINT mov rcx, rbx ; HMENU lea r8d, [rdx+3] ; UINT mov [rsp+38h+var_18], 0 call cs:CheckMenuRadioItem mov r8d, cs:dword_10003015C mov edx, 9C46h ; uIDCheckItem and r8d, 4 mov rcx, rbx ; hMenu add r8d, r8d ; uCheck call cs:CheckMenuItem mov r8d, cs:dword_10003015C mov edx, 9C47h ; uIDCheckItem and r8d, 1 mov rcx, rbx ; hMenu shl r8d, 3 ; uCheck call cs:CheckMenuItem mov r8d, cs:dword_10003015C mov edx, 9C78h ; uIDCheckItem and r8d, 8 ; uCheck mov rcx, rbx ; hMenu call cs:CheckMenuItem mov r8d, cs:dword_10003015C mov edx, 9CA3h ; uIDCheckItem and r8d, 10h mov rcx, rbx ; hMenu shr r8d, 1 ; uCheck call cs:CheckMenuItem mov r8d, cs:dword_10003015C mov edx, 9C81h ; uIDCheckItem and r8d, 20h mov rcx, rbx ; hMenu shr r8d, 2 ; uCheck call cs:CheckMenuItem mov r8d, cs:dword_10003015C mov edx, 0C94h ; uIDCheckItem and r8d, 80h mov rcx, rbx ; hMenu shr r8d, 4 ; uCheck call cs:CheckMenuItem cmp cs:byte_10002F3D0, 2 jnb short loc_1000044CC xor r8d, r8d ; uFlags mov edx, 9C52h ; uPosition mov rcx, rbx ; hMenu call cs:DeleteMenu loc_1000044CC: mov eax, cs:dword_10003001C mov edx, 968h ; uIDCheckItem mov rcx, rbx ; hMenu neg eax sbb r8d, r8d and r8d, 8 ; uCheck call cs:CheckMenuItem mov r11d, cs:dword_100030008 mov edx, 967h ; uIDCheckItem neg r11d mov rcx, rbx ; hMenu sbb r8d, r8d and r8d, 8 ; uCheck call cs:CheckMenuItem mov r11d, cs:dword_10003000C mov edx, 961h ; uIDCheckItem neg r11d mov rcx, rbx ; hMenu sbb r8d, r8d and r8d, 8 ; uCheck call cs:CheckMenuItem mov r11d, cs:dword_100030010 mov edx, 962h ; uIDCheckItem neg r11d mov rcx, rbx ; hMenu sbb r8d, r8d and r8d, 8 ; uCheck call cs:CheckMenuItem mov r11d, cs:dword_100030014 mov edx, 963h ; uIDCheckItem neg r11d mov rcx, rbx ; hMenu sbb r8d, r8d and r8d, 8 ; uCheck call cs:CheckMenuItem mov r11d, cs:dword_100030018 mov edx, 965h ; uIDCheckItem neg r11d mov rcx, rbx ; hMenu sbb r8d, r8d and r8d, 8 ; uCheck call cs:CheckMenuItem mov r11d, cs:dword_100030020 mov edx, 96Ah ; uIDCheckItem neg r11d mov rcx, rbx ; hMenu sbb r8d, r8d and r8d, 8 ; uCheck call cs:CheckMenuItem loc_1000045A3: add rsp, 30h pop rbx retn sub_100004370 endp algn_1000045A9: align 10h ; int __fastcall sub_1000045B0(HWND hWndTo, int, int, __int64, __int64, __int64) sub_1000045B0 proc near var_258= dword ptr -258h var_250= dword ptr -250h var_248= dword ptr -248h Rect= tagRECT ptr -238h String= word ptr -228h var_18= qword ptr -18h arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov r11, rsp sub rsp, 278h mov rax, cs:qword_10002C178 mov [rsp+278h+var_18], rax movsxd rax, cs:dword_10002FEF4 mov [r11+18h], rsi mov rsi, rcx test eax, eax js loc_1000047B1 cmp eax, cs:dword_10002F440 jge loc_1000047B1 loc_1000045EB: mov [r11+10h], rbx lea rcx, qword_10002F448 mov [r11+20h], rdi mov rcx, [rcx+rax*8] mov rax, [rcx] call qword ptr [rax+28h] mov rcx, cs:hWnd ; hWnd mov edx, 0FFFFFFF0h ; nIndex mov rdi, rax call cs:GetWindowLongW test byte ptr cs:dword_10003015C, 10h mov ebx, eax jz short loc_10000469A mov rcx, cs:hWnd ; hWnd lea rdx, [rsp+278h+Rect] ; lpRect call cs:GetClientRect mov ecx, [rsp+278h+Rect.right] mov r11d, [rsp+278h+Rect.bottom] mov r9d, [rsp+278h+Rect.top] ; Y mov r8d, [rsp+278h+Rect.left] ; X mov [rsp+278h+var_248], 14h sub ecx, r8d sub r11d, r9d xor edx, edx ; hWndInsertAfter mov [rsp+278h+var_250], r11d mov [rsp+278h+var_258], ecx mov rcx, rdi ; hWnd call cs:SetWindowPos mov rcx, cs:hWnd ; hWnd and ebx, 0FFB4FFFFh mov r8d, ebx ; dwNewLong mov edx, 0FFFFFFF0h ; nIndex call cs:SetWindowLongW mov rcx, cs:hWnd ; hWnd xor edx, edx ; hMenu call cs:SetMenu jmp loc_10000478C loc_10000469A: ; hWnd mov rcx, cs:hWnd or ebx, 0CF0000h mov edx, 0FFFFFFF0h ; nIndex mov r8d, ebx ; dwNewLong call cs:SetWindowLongW mov rdx, cs:hMenu ; hMenu test rdx, rdx jz short loc_1000046D3 mov rcx, cs:hWnd ; hWnd call cs:SetMenu call sub_100004370 loc_1000046D3: ; hInstance mov rcx, cs:hInstance lea r8, [rsp+278h+String] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, 2713h ; uID call cs:LoadStringW mov rcx, cs:hWnd ; hWnd lea rdx, [rsp+278h+String] ; lpString call cs:SetWindowTextW test rdi, rdi jz loc_10000478C mov edx, 3E8h ; nIDDlgItem mov rcx, rsi ; hDlg call cs:GetDlgItem lea rdx, [rsp+278h+Rect] ; lpRect mov rcx, rax ; hWnd mov rbx, rax call cs:GetClientRect lea r8, [rsp+278h+Rect] ; lpPoints mov r9d, 2 ; cPoints mov rdx, rsi ; hWndTo mov rcx, rbx ; hWndFrom call cs:MapWindowPoints lea r9, [rsp+278h+Rect] ; lParam xor r8d, r8d ; wParam mov edx, 1328h ; Msg mov rcx, rbx ; hWnd call cs:SendMessageW mov r11d, [rsp+278h+Rect.bottom] mov r9d, [rsp+278h+Rect.top] ; Y mov eax, [rsp+278h+Rect.right] mov r8d, [rsp+278h+Rect.left] ; X sub r11d, r9d sub eax, r8d mov [rsp+278h+var_248], 14h mov [rsp+278h+var_250], r11d xor edx, edx ; hWndInsertAfter mov rcx, rdi ; hWnd mov [rsp+278h+var_258], eax call cs:SetWindowPos loc_10000478C: cmp cs:dword_10002FEF4, 3 mov rdi, [rsp+278h+arg_18] mov rbx, [rsp+278h+arg_8] jnz short loc_1000047B1 loc_1000047A5: mov rcx, cs:hMem call sub_10000DD10 loc_1000047B1: mov rsi, [rsp+278h+arg_10] mov rcx, [rsp+278h+var_18] call sub_1000258D0 add rsp, 278h retn sub_1000045B0 endp algn_1000047CE: align 20h sub_1000047E0 proc near var_238= qword ptr -238h lParam= qword ptr -228h var_18= qword ptr -18h sub rsp, 258h mov rax, cs:qword_10002C178 mov [rsp+258h+var_18], rax cmp cs:dword_10002F3A0, 0 jnz loc_1000048FC mov r9d, cs:dword_10002FEB8 lea r8, unk_10002F000 lea rcx, [rsp+258h+lParam] mov edx, 104h call sub_100008380 mov rcx, cs:qword_10002F3B8 ; hWnd lea r9, [rsp+258h+lParam] ; lParam xor r8d, r8d ; wParam mov edx, 40Bh ; Msg call cs:SendMessageW movzx r9d, cs:byte_10002FE98 lea r8, unk_10002EFC0 lea rcx, [rsp+258h+lParam] mov edx, 104h call sub_100008380 mov rcx, cs:qword_10002F3B8 ; hWnd lea r9, [rsp+258h+lParam] ; lParam mov edx, 40Bh ; Msg mov r8d, 1 ; wParam call cs:SendMessageW mov r11, cs:qword_10002FEA8 cmp r11, 0E1000h jle short loc_1000048BD mov rax, r11 lea r8, unk_10002EF40 cqo and edx, 3FFh lea rcx, [rdx+rax] mov rax, cs:qword_10002FEA0 cqo sar rcx, 0Ah and edx, 3FFh mov [rsp+258h+var_238], rcx lea r9, [rdx+rax] sar r9, 0Ah jmp short loc_1000048D0 loc_1000048BD: mov r9, cs:qword_10002FEA0 mov [rsp+258h+var_238], r11 lea r8, unk_10002EF80 loc_1000048D0: lea rcx, [rsp+258h+lParam] mov edx, 104h call sub_100008380 mov rcx, cs:qword_10002F3B8 ; hWnd lea r9, [rsp+258h+lParam] ; lParam mov edx, 40Bh ; Msg mov r8d, 2 ; wParam call cs:SendMessageW loc_1000048FC: mov rcx, [rsp+258h+var_18] call sub_1000258D0 add rsp, 258h retn sub_1000047E0 endp algn_100004911: align 20h sub_100004920 proc near var_238= qword ptr -238h lParam= qword ptr -228h var_18= qword ptr -18h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 258h mov rax, cs:qword_10002C178 mov [rsp+258h+var_18], rax mov [rsp+258h+arg_10], rbx mov rbx, rcx call cs:GetForegroundWindow cmp rax, rbx jnz short loc_100004960 mov ecx, 11h ; nVirtKey call cs:GetKeyState test ax, ax js loc_100004B5F loc_100004960: xor ebx, ebx loc_100004962: mov [rsp+258h+arg_18], rdi cmp cs:dword_10002F440, ebx jle short loc_100004997 lea rdi, qword_10002F448 db 66h, 66h nop db 66h, 66h, 66h nop loc_100004980: mov rcx, [rdi] mov rax, [rcx] call qword ptr [rax+30h] inc ebx add rdi, 8 cmp ebx, cs:dword_10002F440 jl short loc_100004980 loc_100004997: cmp cs:dword_10002F410, 0 jz loc_100004A34 movzx eax, cs:byte_10002FE98 lea ecx, [rax+rax*2] mov eax, 51EB851Fh shl ecx, 2 mul ecx mov eax, 0Bh mov edi, edx shr edi, 5 cmp edi, 0Ch cmovnb edi, eax call cs:GetProcessHeap xor edx, edx ; dwFlags mov rcx, rax ; hHeap mov r8d, 80h ; dwBytes call cs:HeapAlloc test rax, rax mov rbx, rax jz short loc_100004A03 movzx r9d, cs:byte_10002FE98 lea r8, unk_10002EFC0 mov edx, 40h mov rcx, rax call sub_100008380 loc_100004A03: ; idThread mov ecx, cs:idThread mov r8d, edi ; wParam mov r9, rbx ; lParam mov edx, 402h ; Msg call cs:PostThreadMessageW test eax, eax jnz short loc_100004A51 call cs:GetProcessHeap mov r8, rbx ; lpMem xor edx, edx ; dwFlags mov rcx, rax ; hHeap call cs:HeapFree jmp short loc_100004A51 loc_100004A34: ; idThread mov ecx, cs:idThread xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov edx, 404h ; Msg call cs:PostThreadMessageW mov cs:dword_10002F410, eax loc_100004A51: cmp cs:dword_10002F3A0, 0 mov rdi, [rsp+258h+arg_18] jnz loc_100004B5F loc_100004A66: mov r9d, cs:dword_10002FEB8 lea r8, unk_10002F000 lea rcx, [rsp+258h+lParam] mov edx, 104h call sub_100008380 mov rcx, cs:qword_10002F3B8 ; hWnd lea r9, [rsp+258h+lParam] ; lParam xor r8d, r8d ; wParam mov edx, 40Bh ; Msg call cs:SendMessageW movzx r9d, cs:byte_10002FE98 lea r8, unk_10002EFC0 lea rcx, [rsp+258h+lParam] mov edx, 104h call sub_100008380 mov rcx, cs:qword_10002F3B8 ; hWnd lea r9, [rsp+258h+lParam] ; lParam mov edx, 40Bh ; Msg mov r8d, 1 ; wParam call cs:SendMessageW mov r11, cs:qword_10002FEA8 cmp r11, 0E1000h jle short loc_100004B20 mov rax, r11 lea r8, unk_10002EF40 cqo and edx, 3FFh lea rcx, [rdx+rax] mov rax, cs:qword_10002FEA0 cqo sar rcx, 0Ah and edx, 3FFh mov [rsp+258h+var_238], rcx lea r9, [rdx+rax] sar r9, 0Ah jmp short loc_100004B33 loc_100004B20: mov r9, cs:qword_10002FEA0 mov [rsp+258h+var_238], r11 lea r8, unk_10002EF80 loc_100004B33: lea rcx, [rsp+258h+lParam] mov edx, 104h call sub_100008380 mov rcx, cs:qword_10002F3B8 ; hWnd lea r9, [rsp+258h+lParam] ; lParam mov edx, 40Bh ; Msg mov r8d, 2 ; wParam call cs:SendMessageW loc_100004B5F: mov rbx, [rsp+258h+arg_10] mov rcx, [rsp+258h+var_18] call sub_1000258D0 add rsp, 258h retn sub_100004920 endp byte_100004B7C db 14h dup(0CCh) ; int __fastcall sub_100004B90(HWND hWnd, int, int, __int64, __int64, __int64) sub_100004B90 proc near var_2D8= dword ptr -2D8h var_2D0= dword ptr -2D0h var_2C8= dword ptr -2C8h var_2C0= dword ptr -2C0h lParam= qword ptr -2B8h var_2B0= dword ptr -2B0h var_2AC= dword ptr -2ACh Rect= tagRECT ptr -2A8h var_298= dword ptr -298h var_294= dword ptr -294h var_290= dword ptr -290h var_28C= dword ptr -28Ch var_288= dword ptr -288h var_284= dword ptr -284h var_278= dword ptr -278h var_274= dword ptr -274h var_270= dword ptr -270h var_268= qword ptr -268h var_260= dword ptr -260h var_25C= dword ptr -25Ch var_258= qword ptr -258h Points= tagPOINT ptr -250h var_238= byte ptr -238h var_28= qword ptr -28h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov r11, rsp sub rsp, 2F8h mov rax, cs:qword_10002C178 mov [rsp+2F8h+var_28], rax mov [r11+18h], rbp lea rdx, [rsp+2F8h+Rect] ; lpRect mov [r11-18h], r13 mov rbp, rcx call cs:GetWindowRect mov r11d, [rsp+2F8h+Rect.right] mov eax, [rsp+2F8h+Rect.bottom] sub r11d, [rsp+2F8h+Rect.left] sub eax, [rsp+2F8h+Rect.top] mov cs:dword_10002F3F8, r11d mov cs:dword_10002F3FC, eax call cs:GetDialogBaseUnits movzx ecx, ax lea eax, [rcx+rcx*2] cdq and edx, 3 add eax, edx sar eax, 2 mov cs:dword_10002F400, eax call cs:GetDialogBaseUnits movzx eax, ax add eax, eax cdq and edx, 3 add eax, edx sar eax, 2 mov cs:dword_10002F404, eax call cs:GetDialogBaseUnits mov r11d, eax shr r11, 10h movzx eax, r11w lea eax, [rax+rax*4] add eax, eax cdq and edx, 7 add eax, edx sar eax, 3 mov cs:dword_10002F408, eax call cs:GetDialogBaseUnits movzx eax, ax imul eax, 0Dh cdq and edx, 3 add eax, edx sar eax, 2 mov cs:dword_10002F414, eax call cs:GetDialogBaseUnits lea rcx, dword_10002FED0 ; pvParam mov r11d, eax shr r11, 10h movzx eax, r11w add eax, eax cdq and edx, 7 ; int add eax, edx sar eax, 3 mov cs:dword_10002F418, eax call sub_100004000 mov cs:hWnd, rbp call cs:GetCurrentThreadId mov ecx, eax ; dwThreadId call cs:GetThreadDesktop mov ecx, 2Dh ; nIndex mov cs:qword_10002F3B0, rax call cs:GetSystemMetrics xor r9d, r9d ; int xor r8d, r8d ; int xor edx, edx ; int xor ecx, ecx ; int mov cs:dword_10002F40C, eax call cs:CreateRectRgn xor r9d, r9d ; int xor r8d, r8d ; int xor edx, edx ; int xor ecx, ecx ; int mov cs:qword_10002F420, rax call cs:CreateRectRgn mov ecx, 5 ; nIndex mov cs:qword_10002F428, rax call cs:GetSysColor mov ecx, eax ; COLORREF call cs:CreateSolidBrush xor r13d, r13d test byte ptr cs:dword_10003015C, 4 mov cs:qword_10002F430, rax jz short loc_100004D27 mov [rsp+2F8h+var_2C8], 3 lea rdx, [r13-1] ; hWndInsertAfter xor r9d, r9d ; Y xor r8d, r8d ; X mov rcx, rbp ; hWnd mov [rsp+2F8h+var_2D0], r13d mov [rsp+2F8h+var_2D8], r13d call cs:SetWindowPos loc_100004D27: ; wID mov r9d, 64h mov r8, rbp ; hwndParent xor edx, edx ; lpszText mov ecx, 54000100h ; style call cs:CreateStatusWindowW test rax, rax mov cs:qword_10002F3B8, rax jz loc_10000512F xor ecx, ecx ; hWnd loc_100004D4F: mov [rsp+2F8h+arg_8], rbx mov [rsp+2F8h+var_8], rdi call cs:GetDC mov edx, 58h ; int mov rcx, rax ; HDC mov rbx, rax call cs:GetDeviceCaps mov rdx, rbx ; hDC xor ecx, ecx ; hWnd mov edi, eax call cs:ReleaseDC lea r8d, [rdi+rdi*4] mov eax, r8d mov dword ptr [rsp+2F8h+lParam], edi mov [rsp+2F8h+var_2AC], 0FFFFFFFFh cdq and edx, 3 add eax, edx sar eax, 2 lea ecx, [rdi+rax] mov eax, r8d cdq mov dword ptr [rsp+2F8h+lParam+4], ecx sub eax, edx sar eax, 1 add eax, ecx mov rcx, cs:qword_10002F3B8 ; hWnd test rcx, rcx mov [rsp+2F8h+var_2B0], eax jz short loc_100004DD6 lea r9, [rsp+2F8h+lParam] ; lParam mov edx, 404h ; Msg mov r8d, 4 ; wParam call cs:SendMessageW loc_100004DD6: ; hInstance mov rcx, cs:hInstance mov edx, 6Bh ; lpIconName call cs:LoadIconW test rax, rax jz short loc_100004E02 mov edx, 80h ; Msg mov r9, rax ; lParam mov rcx, rbp ; hWnd lea r8d, [rdx-7Fh] ; wParam call cs:SendMessageW loc_100004E02: ; idThread mov ecx, cs:idThread xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov edx, 404h ; Msg mov [rsp+2F8h+arg_18], rsi mov [rsp+2F8h+var_10], r12 call cs:PostThreadMessageW mov rcx, cs:qword_10002F3B8 ; hWnd xor r9d, r9d ; Y mov [rsp+2F8h+var_2C8], 1Bh lea rdx, [r9-1] ; hWndInsertAfter xor r8d, r8d ; X mov [rsp+2F8h+var_2D0], r13d mov cs:dword_10002F410, eax mov [rsp+2F8h+var_2D8], r13d call cs:SetWindowPos mov edx, 3E8h ; nIDDlgItem mov rcx, rbp ; hDlg call cs:GetDlgItem cmp cs:dword_10002F440, r13d mov ebx, r13d mov rsi, rax lea r12, qword_10002F448 jle loc_100004F2E mov rdi, r12 loc_100004E83: mov rcx, [rdi] mov rdx, rsi mov r8, [rcx] call qword ptr [r8] test eax, eax js short loc_100004F0B mov rcx, [rdi] lea rdx, [rsp+2F8h+var_238] mov r8d, 104h mov rax, [rcx] call qword ptr [rax+20h] lea rax, [rsp+2F8h+var_238] lea r9, [rsp+2F8h+var_278] ; lParam movsxd r8, ebx ; wParam mov edx, 133Eh ; Msg mov rcx, rsi ; hWnd mov [rsp+2F8h+var_268], rax mov [rsp+2F8h+var_278], 1 mov [rsp+2F8h+var_274], r13d mov [rsp+2F8h+var_270], r13d mov [rsp+2F8h+var_260], 104h mov [rsp+2F8h+var_25C], r13d mov [rsp+2F8h+var_258], r13 call cs:SendMessageW jmp short loc_100004F1C loc_100004F0B: call cs:GetCurrentProcess xor edx, edx ; uExitCode mov rcx, rax ; hProcess call cs:TerminateProcess loc_100004F1C: inc ebx add rdi, 8 cmp ebx, cs:dword_10002F440 jl loc_100004E83 loc_100004F2E: call sub_100004370 mov r11d, cs:dword_10002FEF4 test r11d, r11d js short loc_100004F48 cmp r11d, cs:dword_10002F440 jl short loc_100004F52 loc_100004F48: mov r11d, r13d mov cs:dword_10002FEF4, r13d loc_100004F52: ; hDlg mov rcx, cs:hWnd mov edx, 3E8h ; nIDDlgItem movsxd rbx, r11d call cs:GetDlgItem xor r9d, r9d ; lParam mov r8, rbx ; wParam mov rcx, rax ; hWnd mov edx, 130Ch ; Msg call cs:SendMessageW movsxd r11, cs:dword_10002FEF4 mov rcx, [r12+r11*8] mov rax, [rcx] call qword ptr [rax+8] lea rdx, [rsp+2F8h+var_298] ; lpRect mov rcx, rbp ; hWnd call cs:GetClientRect mov edi, [rsp+2F8h+var_290] mov esi, [rsp+2F8h+var_28C] sub edi, [rsp+2F8h+var_298] sub esi, [rsp+2F8h+var_294] mov rbp, cs:hWnd mov ecx, 14h ; nNumWindows call cs:BeginDeferWindowPos movzx r9d, si movzx ecx, di shl r9d, 10h xor r8d, r8d ; wParam mov r12, rax or r9, rcx ; lParam mov rcx, cs:qword_10002F3B8 ; hWnd lea edx, [r8+5] ; Msg call cs:SendMessageW test r12, r12 jz loc_1000050A6 mov rcx, cs:qword_10002F3B8 ; hWnd lea rdx, [rsp+2F8h+Points] ; lpRect call cs:GetClientRect mov rdx, cs:hWnd ; hWndTo mov rcx, cs:qword_10002F3B8 ; hWndFrom lea r8, [rsp+2F8h+Points] ; lpPoints mov r9d, 2 ; cPoints call cs:MapWindowPoints mov edx, 3E8h ; nIDDlgItem mov rcx, rbp ; hDlg call cs:GetDlgItem lea rdx, [rsp+2F8h+var_288] ; lpRect mov rcx, rax ; hWnd mov rbx, rax call cs:GetWindowRect mov rdx, cs:hWnd ; hWndTo lea r8, [rsp+2F8h+var_288] ; lpPoints mov r9d, 2 ; cPoints xor ecx, ecx ; hWndFrom call cs:MapWindowPoints mov ecx, [rsp+2F8h+var_288] mov edx, [rsp+2F8h+Points.y] mov r11d, [rsp+2F8h+var_284] add ecx, ecx mov [rsp+2F8h+var_2C0], 16h add r11d, r11d mov eax, edi xor r9d, r9d ; x sub edx, r11d sub eax, ecx xor r8d, r8d ; hWndInsertAfter mov [rsp+2F8h+var_2C8], edx mov [rsp+2F8h+var_2D0], eax mov rdx, rbx ; hWnd mov rcx, r12 ; hWinPosInfo mov [rsp+2F8h+var_2D8], r13d call cs:DeferWindowPos mov rcx, r12 ; hWinPosInfo call cs:EndDeferWindowPos loc_1000050A6: mov r12, [rsp+2F8h+var_10] mov rbx, [rsp+2F8h+arg_8] test edi, edi mov rdi, [rsp+2F8h+var_8] jnz short loc_1000050C6 loc_1000050C2: test esi, esi jz short loc_1000050CE loc_1000050C6: ; hWndTo mov rcx, rbp call sub_1000045B0 loc_1000050CE: ; uElapse mov r8d, cs:uElapse mov rsi, [rsp+2F8h+arg_18] test r8d, r8d jz short loc_1000050F4 loc_1000050E2: ; hWnd mov rcx, cs:hWnd xor r9d, r9d ; lpTimerFunc xor edx, edx ; nIDEvent call cs:SetTimer loc_1000050F4: mov rcx, cs:hWnd call sub_100004920 cmp cs:byte_10002F3D0, 1 ja short loc_10000512A mov rcx, cs:hWnd ; hWnd call cs:GetMenu mov edx, 9C53h ; uIDEnableItem mov r8d, 1 ; uEnable mov rcx, rax ; hMenu call cs:EnableMenuItem loc_10000512A: mov eax, 1 loc_10000512F: mov r13, [rsp+2F8h+var_18] mov rbp, [rsp+2F8h+arg_10] mov rcx, [rsp+2F8h+var_28] call sub_1000258D0 add rsp, 2F8h retn sub_100004B90 endp algn_100005154: align 20h ; int __fastcall sub_100005160(HWND hWnd, int, int, int, int, __int64, __int64) sub_100005160 proc near Rect= tagRECT ptr -78h Paint= tagPAINTSTRUCT ptr -68h var_18= qword ptr -18h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 98h mov rax, cs:qword_10002C178 mov [rsp+98h+var_18], rax mov [rsp+98h+arg_18], rdi mov rdi, rcx call cs:IsIconic test eax, eax jnz short loc_1000051E4 lea rdx, [rsp+98h+Paint] ; lpPaint mov rcx, rdi ; hWnd loc_100005193: mov [rsp+98h+arg_10], rbx call cs:BeginPaint mov rbx, [rsp+98h+Paint.hdc] lea rdx, [rsp+98h+Rect] ; lpRect mov rcx, rdi ; hWnd call cs:GetClientRect mov r9d, 2 ; grfFlags lea rdx, [rsp+98h+Rect] ; qrc lea r8d, [r9+4] ; edge mov rcx, rbx ; hdc call cs:DrawEdge lea rdx, [rsp+98h+Paint] ; lpPaint mov rcx, rdi ; hWnd call cs:EndPaint mov rbx, [rsp+98h+arg_10] jmp short loc_1000051F7 loc_1000051E4: ; lParam xor r9d, r9d xor r8d, r8d ; wParam mov rcx, rdi ; hWnd lea edx, [r9+0Fh] ; Msg call cs:DefWindowProcW loc_1000051F7: mov rdi, [rsp+98h+arg_18] mov rcx, [rsp+98h+var_18] call sub_1000258D0 add rsp, 98h retn sub_100005160 endp algn_100005214: align 20h sub_100005220 proc near var_278= tagMENUITEMINFOW ptr -278h lParam= word ptr -228h var_18= qword ptr -18h arg_20= dword ptr 28h push rbx sub rsp, 290h mov rax, cs:qword_10002C178 mov [rsp+298h+var_18], rax mov eax, [rsp+298h+arg_20] mov r10d, r8d mov rbx, rdx cmp ax, 0FFFFh jnz short loc_100005250 test rdx, rdx jz short loc_100005257 loc_100005250: test eax, 2800h jz short loc_10000529B loc_100005257: ; hWnd mov rcx, cs:qword_10002F3B8 xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov edx, 409h ; Msg call cs:SendMessageW xor r11d, r11d mov cs:dword_10002F3A0, r11d mov cs:dword_10002F3E0, r11d call sub_1000047E0 mov rcx, [rsp+298h+var_18] call sub_1000258D0 add rsp, 290h pop rbx retn loc_10000529B: test al, 10h jz short loc_1000052D5 xor r11d, r11d lea r9, [rsp+298h+var_278] ; LPMENUITEMINFOW mov edx, r10d ; UINT lea r8d, [r11+1] ; BOOL mov rcx, rbx ; HMENU mov [rsp+298h+var_278.cbSize], 50h mov [rsp+298h+var_278.fMask], 2 mov [rsp+298h+var_278.cch], r11d call cs:GetMenuItemInfoW test eax, eax jz short loc_10000534D mov r10d, [rsp+298h+var_278.wID] loc_1000052D5: ; hInstance mov rcx, cs:hInstance lea r8, [rsp+298h+lParam] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, r10d ; uID call cs:LoadStringW mov rcx, cs:qword_10002F3B8 ; hWnd lea r9, [rsp+298h+lParam] ; lParam mov edx, 40Bh ; Msg mov r8d, 1FFh ; wParam mov cs:dword_10002F3A0, 1 call cs:SendMessageW mov rcx, cs:qword_10002F3B8 ; hWnd xor r9d, r9d ; lParam lea r8d, [r9+1] ; wParam mov edx, 409h ; Msg call cs:SendMessageW mov rcx, cs:qword_10002F3B8 ; hWnd lea r9, [rsp+298h+lParam] ; lParam mov edx, 40Bh ; Msg mov r8d, 100h ; wParam call cs:SendMessageW loc_10000534D: mov rcx, [rsp+298h+var_18] call sub_1000258D0 add rsp, 290h pop rbx retn sub_100005220 endp algn_100005363: align 10h sub_100005370 proc near arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov [rsp+28h+arg_8], rbx xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov edx, 130Bh ; Msg mov [rsp+28h+arg_10], rsi mov [rsp+28h+arg_18], rdi call cs:SendMessageW cmp eax, 0FFFFFFFFh mov rbx, rax jz short loc_1000053E9 movsxd rcx, cs:dword_10002FEF4 lea rsi, qword_10002F448 cmp ecx, 0FFFFFFFFh jz short loc_1000053B9 mov rcx, [rsi+rcx*8] mov rdx, [rcx] call qword ptr [rdx+10h] loc_1000053B9: movsxd rdi, ebx mov rcx, [rsi+rdi*8] mov rax, [rcx] call qword ptr [rax+8] test eax, eax jns short loc_1000053FF cmp cs:dword_10002FEF4, 0FFFFFFFFh jz short loc_1000053E9 mov rcx, [rsi+rdi*8] mov rax, [rcx] call qword ptr [rax+8] mov rcx, cs:hWnd ; hWndTo call sub_1000045B0 loc_1000053E9: xor eax, eax mov rdi, [rsp+28h+arg_18] mov rsi, [rsp+28h+arg_10] mov rbx, [rsp+28h+arg_8] add rsp, 28h retn loc_1000053FF: ; hWndTo mov rcx, cs:hWnd mov cs:dword_10002FEF4, ebx call sub_1000045B0 mov rdi, [rsp+28h+arg_18] mov rsi, [rsp+28h+arg_10] mov rbx, [rsp+28h+arg_8] mov eax, 1 add rsp, 28h retn sub_100005370 endp algn_10000542A: align 10h ; int __fastcall sub_100005430(HWND hWndTo, WPARAM wParam, __int64, __int64, __int64, __int64) sub_100005430 proc near var_48= dword ptr -48h var_40= dword ptr -40h var_38= dword ptr -38h var_30= dword ptr -30h Points= tagPOINT ptr -28h Rect= tagRECT ptr -18h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 68h cmp edx, 1 loc_10000543A: mov [rax+8], rbx mov [rax+10h], rbp mov [rax+18h], rsi mov [rax+20h], rdi mov ebp, r9d mov rdi, rcx mov esi, r8d mov ebx, edx jnz short loc_100005476 call cs:GetShellWindow test rax, rax jz short loc_100005476 test byte ptr cs:dword_10003015C, 20h jz short loc_100005476 xor edx, edx ; nCmdShow mov rcx, rdi ; hWnd call cs:ShowWindow loc_100005476: ; nNumWindows mov ecx, 14h mov [rsp+68h+var_8], r12 call cs:BeginDeferWindowPos movzx r9d, bp movzx ecx, si shl r9d, 10h mov r8, rbx ; wParam mov edx, 5 ; Msg or r9, rcx ; lParam mov rcx, cs:qword_10002F3B8 ; hWnd mov r12, rax call cs:SendMessageW test r12, r12 jz loc_10000556B mov rcx, cs:qword_10002F3B8 ; hWnd lea rdx, [rsp+68h+Rect] ; lpRect call cs:GetClientRect mov rdx, cs:hWnd ; hWndTo mov rcx, cs:qword_10002F3B8 ; hWndFrom lea r8, [rsp+68h+Rect] ; lpPoints mov r9d, 2 ; cPoints call cs:MapWindowPoints mov edx, 3E8h ; nIDDlgItem mov rcx, rdi ; hDlg call cs:GetDlgItem lea rdx, [rsp+68h+Points] ; lpRect mov rcx, rax ; hWnd mov rbx, rax call cs:GetWindowRect mov rdx, cs:hWnd ; hWndTo lea r8, [rsp+68h+Points] ; lpPoints mov r9d, 2 ; cPoints xor ecx, ecx ; hWndFrom call cs:MapWindowPoints mov ecx, [rsp+68h+Points.x] mov edx, [rsp+68h+Rect.top] mov r11d, [rsp+68h+Points.y] add ecx, ecx mov [rsp+68h+var_30], 16h add r11d, r11d mov eax, esi xor r9d, r9d ; x sub edx, r11d sub eax, ecx xor r8d, r8d ; hWndInsertAfter mov [rsp+68h+var_38], edx mov [rsp+68h+var_40], eax mov rdx, rbx ; hWnd mov rcx, r12 ; hWinPosInfo mov [rsp+68h+var_48], 0 call cs:DeferWindowPos mov rcx, r12 ; hWinPosInfo call cs:EndDeferWindowPos loc_10000556B: mov r12, [rsp+68h+var_8] mov rbx, [rsp+68h+arg_0] test esi, esi mov rsi, [rsp+68h+arg_10] jnz short loc_100005585 loc_100005581: test ebp, ebp jz short loc_10000558D loc_100005585: ; hWndTo mov rcx, rdi call sub_1000045B0 loc_10000558D: mov rdi, [rsp+68h+arg_18] mov rbp, [rsp+68h+arg_8] add rsp, 68h retn sub_100005430 endp byte_10000559F db 11h dup(0CCh) sub_1000055B0 proc near var_658= qword ptr -658h var_650= dword ptr -650h Buffer= word ptr -648h var_438= byte ptr -438h var_228= byte ptr -228h var_18= qword ptr -18h push rbx sub rsp, 670h mov rax, cs:qword_10002C178 mov [rsp+678h+var_18], rax mov rcx, cs:hInstance ; HINSTANCE xor r9d, r9d ; int mov [rsp+678h+var_650], 40h lea edx, [r9+6Bh] ; LPCWSTR lea r8d, [r9+1] ; UINT mov dword ptr [rsp+678h+var_658], 0 call cs:LoadImageW test rax, rax mov rbx, rax jz loc_100005687 mov rcx, cs:hInstance ; hInstance lea r8, [rsp+678h+Buffer] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, 2711h ; uID call cs:LoadStringW mov rcx, cs:hInstance ; hInstance lea r8, [rsp+678h+var_438] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, 2712h ; uID call cs:LoadStringW lea rdx, [rsp+678h+var_228] ; lpBuffer mov ecx, 104h ; nBufferLength call cs:GetCurrentDirectoryW mov rcx, cs:hWnd lea rax, [rsp+678h+var_438] lea r9, [rsp+678h+Buffer] lea r8, [rsp+678h+var_228] mov rdx, rbx mov [rsp+678h+var_650], 14h mov [rsp+678h+var_658], rax call cs:SHELL32_61 mov rcx, rbx ; hIcon call cs:DestroyIcon loc_100005687: mov rcx, [rsp+678h+var_18] call sub_1000258D0 add rsp, 670h pop rbx retn sub_1000055B0 endp byte_10000569D db 13h dup(0CCh) sub_1000056B0 proc near var_A8= dword ptr -0A8h var_98= byte ptr -98h var_78= byte ptr -78h var_75= byte ptr -75h var_74= byte ptr -74h var_73= byte ptr -73h var_72= byte ptr -72h var_71= byte ptr -71h var_70= byte ptr -70h var_28= qword ptr -28h var_10= qword ptr -10h var_8= qword ptr -8 arg_18= qword ptr 20h mov r11, rsp sub rsp, 0C8h mov rax, cs:qword_10002C178 mov [rsp+0C8h+var_28], rax mov [r11+20h], rbx mov [r11-8], rsi mov [r11-10h], rdi mov rdi, rdx mov rsi, rcx lea rdx, aSeshutdownpriv ; "SeShutdownPrivilege" lea rcx, [rsp+0C8h+var_98] mov rbx, r8 call sub_1000244D0 xor edx, edx lea r9, [rsp+0C8h+var_78] lea ecx, [rdx+4] xor r8d, r8d mov [rsp+0C8h+var_A8], 4Ch call cs:NtPowerInformation test eax, eax jnz short loc_100005752 test rsi, rsi jz short loc_100005728 cmp [rsp+0C8h+var_72], al jz short loc_100005724 cmp [rsp+0C8h+var_70], al jz short loc_100005724 lea ecx, [rax+1] jmp short loc_100005726 loc_100005724: mov ecx, eax loc_100005726: mov [rsi], ecx loc_100005728: test rdi, rdi jz short loc_100005746 cmp [rsp+0C8h+var_75], al jnz short loc_10000573F cmp [rsp+0C8h+var_74], al jnz short loc_10000573F cmp [rsp+0C8h+var_73], al jz short loc_100005744 loc_10000573F: mov eax, 1 loc_100005744: mov [rdi], eax loc_100005746: test rbx, rbx jz short loc_100005752 movzx eax, [rsp+0C8h+var_71] mov [rbx], eax loc_100005752: lea rcx, [rsp+0C8h+var_98] call sub_1000245E0 mov rdi, [rsp+0C8h+var_10] mov rsi, [rsp+0C8h+var_8] mov rbx, [rsp+0C8h+arg_18] mov rcx, [rsp+0C8h+var_28] call sub_1000258D0 add rsp, 0C8h retn sub_1000056B0 endp algn_100005789: align 10h ; int __fastcall sub_100005790(HMENU hMenu, int, int, __int64, __int64, __int64) sub_100005790 proc near var_58= tagMENUITEMINFOW ptr -58h arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 78h test rcx, rcx mov [rsp+78h+arg_18], rdi mov rdi, rcx jz short loc_1000057C4 mov ecx, 1 ; rest call cs:SHRestricted test eax, eax jz short loc_1000057C4 xor r8d, r8d ; uFlags mov edx, 9C41h ; uPosition mov rcx, rdi ; hMenu call cs:DeleteMenu loc_1000057C4: mov ecx, 1Bh call cs:SHLWAPI_437 test eax, eax jnz loc_10000586D lea r8d, [rax+50h] ; size_t lea rcx, [rsp+78h+var_58] ; void * xor edx, edx ; int loc_1000057E2: mov [rsp+78h+arg_8], rbx mov [rsp+78h+arg_10], rsi call memset mov rcx, rdi ; hMenu mov [rsp+78h+var_58.cbSize], 50h mov [rsp+78h+var_58.fMask], 2 call cs:GetMenuItemCount xor ebx, ebx test eax, eax mov esi, eax jle short loc_10000585D db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_100005820: ; LPMENUITEMINFOW lea r9, [rsp+78h+var_58] mov r8d, 1 ; BOOL mov edx, ebx ; UINT mov rcx, rdi ; HMENU call cs:GetMenuItemInfoW test eax, eax jz short loc_100005844 cmp [rsp+78h+var_58.wID], 0FA0h jz short loc_10000584C loc_100005844: inc ebx cmp ebx, esi jl short loc_100005820 jmp short loc_10000585D loc_10000584C: ; uFlags mov r8d, 400h mov edx, ebx ; uPosition mov rcx, rdi ; hMenu call cs:RemoveMenu loc_10000585D: mov rbx, [rsp+78h+arg_8] mov rsi, [rsp+78h+arg_10] loc_10000586D: mov rdi, [rsp+78h+arg_18] add rsp, 78h retn sub_100005790 endp algn_10000587A: align 20h ; int __fastcall sub_100005880(HMENU hMenu, int, int, __int64, __int64, __int64) sub_100005880 proc near var_948= qword ptr -948h var_940= qword ptr -940h var_938= dword ptr -938h var_934= dword ptr -934h hKey= qword ptr -930h var_928= dword ptr -928h var_924= dword ptr -924h hMenu= tagMENUITEMINFOW ptr -918h var_8C8= byte ptr -8C8h var_8A8= byte ptr -8A8h var_8A5= byte ptr -8A5h var_8A4= byte ptr -8A4h var_8A3= byte ptr -8A3h var_8A2= byte ptr -8A2h var_8A0= byte ptr -8A0h First= word ptr -858h var_658= word ptr -658h var_448= byte ptr -448h var_38= qword ptr -38h var_28= qword ptr -28h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov r11, rsp sub rsp, 968h mov rax, cs:qword_10002C178 mov [rsp+968h+var_38], rax mov [r11+10h], rbx mov [r11+18h], rbp mov [r11+20h], rsi mov [r11-8], rdi xor edx, edx ; int mov rdi, rcx lea rcx, [rsp+968h+hMenu] ; void * lea r8d, [rdx+50h] ; size_t mov [r11-10h], r12 call memset mov rcx, rdi ; hMenu mov [rsp+968h+hMenu.cbSize], 50h call cs:GetMenuItemCount xor ebp, ebp mov r12d, eax mov esi, ebp mov ebx, ebp db 66h, 66h nop db 66h, 66h nop loc_1000058E0: cmp ebx, r12d jge loc_100005993 lea r9, [rsp+968h+hMenu] ; LPMENUITEMINFOW mov r8d, 1 ; BOOL mov edx, ebx ; UINT mov rcx, rdi ; HMENU mov [rsp+968h+hMenu.fMask], 2 call cs:GetMenuItemInfoW test eax, eax jz short loc_100005987 cmp [rsp+968h+hMenu.wID], 0FA0h jnz short loc_100005987 mov esi, 1 lea r9, [rsp+968h+hMenu] ; LPMENUITEMINFOW mov edx, ebx ; UINT mov rcx, rdi ; HMENU mov r8d, esi ; BOOL mov [rsp+968h+hMenu.fMask], 4 call cs:GetMenuItemInfoW test eax, eax jz short loc_100005987 mov rcx, [rsp+968h+hMenu.hSubMenu] ; hMenu test rcx, rcx jz short loc_100005949 call cs:DestroyMenu loc_100005949: ; hInstance mov rcx, cs:hInstance mov edx, 0FA1h ; lpMenuName call cs:LoadMenuW test rax, rax mov [rsp+968h+hMenu.hSubMenu], rax jz short loc_100005987 lea r9, [rsp+968h+hMenu] ; LPCMENUITEMINFOW mov r8d, esi ; BOOL mov edx, ebx ; UINT mov rcx, rdi ; HMENU call cs:SetMenuItemInfoW test eax, eax jnz short loc_100005987 mov rcx, [rsp+968h+hMenu.hSubMenu] ; hMenu call cs:DestroyMenu loc_100005987: inc ebx test esi, esi jz loc_1000058E0 jmp short loc_10000599B loc_100005993: test esi, esi jz loc_100005FC3 loc_10000599B: ; "SeShutdownPrivilege" lea rdx, aSeshutdownpriv lea rcx, [rsp+968h+var_8C8] mov r12d, ebp mov esi, ebp call sub_1000244D0 xor edx, edx lea r9, [rsp+968h+var_8A8] lea ecx, [rdx+4] xor r8d, r8d mov dword ptr [rsp+968h+var_948], 4Ch call cs:NtPowerInformation test eax, eax jnz short loc_100005A11 cmp [rsp+968h+var_8A2], sil jz short loc_1000059EE cmp [rsp+968h+var_8A0], sil jz short loc_1000059EE lea r12d, [rax+1] loc_1000059EE: cmp [rsp+968h+var_8A5], sil jnz short loc_100005A0C cmp [rsp+968h+var_8A4], sil jnz short loc_100005A0C cmp [rsp+968h+var_8A3], sil jz short loc_100005A11 loc_100005A0C: mov esi, 1 loc_100005A11: lea rcx, [rsp+968h+var_8C8] call sub_1000245E0 cmp cs:qword_10002F470, rbp jnz short loc_100005A62 cmp cs:dword_10003016C, ebp jnz short loc_100005A62 lea rcx, LibFileName ; "cfgmgr32" mov cs:dword_10003016C, 1 call cs:LoadLibraryW test rax, rax jz short loc_100005A62 lea rdx, ProcName ; "CM_Request_Eject_PC" mov rcx, rax ; hModule call cs:GetProcAddress mov cs:qword_10002F470, rax loc_100005A62: mov [rsp+968h+var_18], r13 lea rdx, aSeshutdownpriv ; "SeShutdownPrivilege" xor ecx, ecx mov [rsp+968h+var_20], r14 mov [rsp+968h+var_28], r15 call SHELL32_236 test eax, eax mov ecx, 1000h ; nIndex mov ebx, ebp setnz bl call cs:GetSystemMetrics xor ecx, ecx mov r15d, eax call cs:SHLWAPI_413 mov ecx, ebp cmp rax, 2 lea rax, [rsp+968h+hKey] lea rdx, aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"... setz cl mov r9d, 1 ; samDesired xor r8d, r8d ; ulOptions mov [rsp+968h+var_924], ecx mov rcx, 0FFFFFFFF80000002h ; hKey mov r13d, ebp mov [rsp+968h+var_928], ebp mov r14d, ebp mov [rsp+968h+var_948], rax call cs:RegOpenKeyExW test eax, eax jnz short loc_100005B32 mov rcx, [rsp+968h+hKey] ; hKey lea rax, [rsp+968h+var_934] lea rdx, aDisablelockwor ; "DisableLockWorkstation" mov [rsp+968h+var_940], rax lea rax, [rsp+968h+var_938] xor r9d, r9d ; lpType xor r8d, r8d ; lpReserved mov [rsp+968h+var_934], 4 mov [rsp+968h+var_948], rax call cs:RegQueryValueExW test eax, eax jnz short loc_100005B27 cmp [rsp+968h+var_938], ebp setnz r14b loc_100005B27: ; hKey mov rcx, [rsp+968h+hKey] call cs:RegCloseKey loc_100005B32: lea rax, [rsp+968h+hKey] lea rdx, aSoftwareMicr_1 ; "Software\\Microsoft\\Windows\\CurrentVersi"... mov r9d, 1 ; samDesired xor r8d, r8d ; ulOptions mov rcx, 0FFFFFFFF80000001h ; hKey mov [rsp+968h+var_948], rax call cs:RegOpenKeyExW test eax, eax jnz loc_100005C7F mov rcx, [rsp+968h+hKey] ; hKey lea rax, [rsp+968h+var_934] lea rdx, aDisablelockwor ; "DisableLockWorkstation" mov [rsp+968h+var_940], rax lea rax, [rsp+968h+var_938] xor r9d, r9d ; lpType xor r8d, r8d ; lpReserved mov [rsp+968h+var_934], 4 mov [rsp+968h+var_948], rax call cs:RegQueryValueExW test eax, eax jnz short loc_100005BAF test r14d, r14d jnz short loc_100005BA9 cmp [rsp+968h+var_938], ebp jnz short loc_100005BA9 mov r14d, ebp jmp short loc_100005BAF loc_100005BA9: mov r14d, 1 loc_100005BAF: ; hKey mov rcx, [rsp+968h+hKey] lea rax, [rsp+968h+var_934] lea rdx, aNologoff ; "NoLogoff" mov [rsp+968h+var_940], rax lea rax, [rsp+968h+var_938] xor r9d, r9d ; lpType xor r8d, r8d ; lpReserved mov [rsp+968h+var_934], 4 mov [rsp+968h+var_948], rax call cs:RegQueryValueExW test eax, eax jnz short loc_100005BF4 cmp [rsp+968h+var_938], ebp mov eax, ebp setnz al mov [rsp+968h+var_928], eax loc_100005BF4: ; hKey mov rcx, [rsp+968h+hKey] lea rax, [rsp+968h+var_934] lea rdx, aNoclose ; "NoClose" mov [rsp+968h+var_940], rax lea rax, [rsp+968h+var_938] xor r9d, r9d ; lpType xor r8d, r8d ; lpReserved mov [rsp+968h+var_934], 4 mov [rsp+968h+var_948], rax call cs:RegQueryValueExW test eax, eax jnz short loc_100005C34 cmp [rsp+968h+var_938], ebp setnz r13b loc_100005C34: ; hKey mov rcx, [rsp+968h+hKey] lea rax, [rsp+968h+var_934] lea rdx, aNodisconnect ; "NoDisconnect" mov [rsp+968h+var_940], rax lea rax, [rsp+968h+var_938] xor r9d, r9d ; lpType xor r8d, r8d ; lpReserved mov [rsp+968h+var_934], 4 mov [rsp+968h+var_948], rax call cs:RegQueryValueExW test eax, eax jnz short loc_100005C74 cmp [rsp+968h+var_938], ebp setnz bpl loc_100005C74: ; hKey mov rcx, [rsp+968h+hKey] call cs:RegCloseKey loc_100005C7F: test ebx, ebx jz short loc_100005C91 test esi, esi jz short loc_100005C91 test r15d, r15d jnz short loc_100005C91 test r13d, r13d jz short loc_100005CA5 loc_100005C91: ; uIDEnableItem mov edx, 0FA4h mov r8d, 3 ; uEnable mov rcx, rdi ; hMenu call cs:EnableMenuItem loc_100005CA5: test ebx, ebx jz short loc_100005CB8 test r12d, r12d jz short loc_100005CB8 test r15d, r15d jnz short loc_100005CB8 test r13d, r13d jz short loc_100005CCC loc_100005CB8: ; uIDEnableItem mov edx, 0FA2h mov r8d, 3 ; uEnable mov rcx, rdi ; hMenu call cs:EnableMenuItem loc_100005CCC: test ebx, ebx jz short loc_100005CD5 test r13d, r13d jz short loc_100005CE9 loc_100005CD5: ; uIDEnableItem mov edx, 0FA3h mov r8d, 3 ; uEnable mov rcx, rdi ; hMenu call cs:EnableMenuItem loc_100005CE9: test ebx, ebx jz short loc_100005CF2 test r13d, r13d jz short loc_100005D06 loc_100005CF2: ; uIDEnableItem mov edx, 0FA5h mov r8d, 3 ; uEnable mov rcx, rdi ; hMenu call cs:EnableMenuItem loc_100005D06: lea rax, [rsp+968h+First] lea r9, [rsp+968h+hMenu] ; LPMENUITEMINFOW mov esi, 100h xor r8d, r8d ; BOOL mov edx, 0FA6h ; UINT mov rcx, rdi ; HMENU mov [rsp+968h+hMenu.dwTypeData], rax mov [rsp+968h+hMenu.fMask], 10h mov [rsp+968h+hMenu.cch], esi call cs:GetMenuItemInfoW test eax, eax jz loc_100005ECC lea rdx, [rsp+968h+var_938] lea rcx, [rsp+968h+var_658] mov [rsp+968h+var_658], 0 mov [rsp+968h+var_938], 101h call SHELL32_241 mov ebx, 201h lea r9, [rsp+968h+var_658] lea r8, [rsp+968h+First] lea rcx, [rsp+968h+var_448] mov rdx, rbx call sub_100008380 test eax, eax js short loc_100005DE4 lea rdx, [rsp+968h+var_448] lea rcx, [rsp+968h+First] lea rax, [rsp+968h+First] sub rdx, rcx loc_100005DB0: movzx ecx, word ptr [rdx+rax] test cx, cx jz short loc_100005DD1 mov [rax], cx add rax, 2 dec rsi jnz short loc_100005DB0 sub rax, 2 mov [rax], si jmp loc_100005EB6 loc_100005DD1: test rsi, rsi jnz short loc_100005DDA sub rax, 2 loc_100005DDA: mov word ptr [rax], 0 jmp loc_100005EB6 loc_100005DE4: ; "%s " lea rdx, Srch lea rcx, [rsp+968h+First] ; lpFirst call cs:StrStrIW test rax, rax mov r11, rax jz loc_100005EB6 mov word ptr [rax], 0 lea r9, [rsp+968h+First] lea rax, [rsp+968h+var_448] lea rcx, [rsp+968h+var_448] mov r8, rbx sub r9, rax db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_100005E30: movzx edx, word ptr [r9+rcx] test dx, dx jz short loc_100005E48 mov [rcx], dx add rcx, 2 dec r8 jnz short loc_100005E30 jmp short loc_100005E4D loc_100005E48: test r8, r8 jnz short loc_100005E51 loc_100005E4D: sub rcx, 2 loc_100005E51: mov word ptr [rcx], 0 lea rax, [rsp+968h+var_448] mov rcx, rbx loc_100005E61: cmp word ptr [rax], 0 jz short loc_100005E72 add rax, 2 dec rcx jnz short loc_100005E61 jmp short loc_100005EB6 loc_100005E72: test rcx, rcx jz short loc_100005EB6 mov rax, rbx lea rdx, [r11+6] sub rax, rcx sub rbx, rax lea rcx, [rsp+rax*2+968h+var_448] jz short loc_100005EB6 sub rdx, rcx loc_100005E91: movzx eax, word ptr [rdx+rcx] test ax, ax jz short loc_100005EA8 mov [rcx], ax add rcx, 2 dec rbx jnz short loc_100005E91 jmp short loc_100005EAD loc_100005EA8: test rbx, rbx jnz short loc_100005EB1 loc_100005EAD: sub rcx, 2 loc_100005EB1: mov word ptr [rcx], 0 loc_100005EB6: ; LPCMENUITEMINFOW lea r9, [rsp+968h+hMenu] xor r8d, r8d ; BOOL mov edx, 0FA6h ; UINT mov rcx, rdi ; HMENU call cs:SetMenuItemInfoW loc_100005ECC: ; rest mov ecx, 10000000h call cs:SHRestricted cmp eax, 1 jz short loc_100005EE8 test r13d, r13d jnz short loc_100005EE8 cmp [rsp+968h+var_928], r13d jz short loc_100005EFC loc_100005EE8: ; uIDEnableItem mov edx, 0FA6h mov r8d, 3 ; uEnable mov rcx, rdi ; hMenu call cs:EnableMenuItem loc_100005EFC: test r15d, r15d mov r13, [rsp+968h+var_18] jnz short loc_100005F1B loc_100005F09: lea ecx, [r15+1Ah] call cs:SHLWAPI_437 test eax, eax jz short loc_100005F1B test ebp, ebp jz short loc_100005F44 loc_100005F1B: ; uFlags xor r8d, r8d mov edx, 0FA7h ; uPosition mov rcx, rdi ; hMenu call cs:DeleteMenu test r15d, r15d jz short loc_100005F44 mov ecx, 1Ah call cs:SHLWAPI_437 test eax, eax jz short loc_100005F44 test ebp, ebp jz short loc_100005F55 loc_100005F44: ; uFlags xor r8d, r8d mov edx, 0FA8h ; uPosition mov rcx, rdi ; hMenu call cs:DeleteMenu loc_100005F55: cmp [rsp+968h+var_924], 0 jz short loc_100005F78 lea rdx, aSeundockprivil ; "SeUndockPrivilege" xor ecx, ecx call SHELL32_236 test eax, eax jz short loc_100005F78 cmp cs:qword_10002F470, 0 jnz short loc_100005F89 loc_100005F78: ; uFlags xor r8d, r8d mov edx, 0FA9h ; uPosition mov rcx, rdi ; hMenu call cs:DeleteMenu loc_100005F89: test r15d, r15d mov r15, [rsp+968h+var_28] jnz short loc_100005FAA loc_100005F96: mov ecx, 1Ah call cs:SHLWAPI_437 test eax, eax jnz short loc_100005FAA test r14d, r14d jz short loc_100005FBB loc_100005FAA: ; uFlags xor r8d, r8d mov edx, 0FAAh ; uPosition mov rcx, rdi ; hMenu call cs:DeleteMenu loc_100005FBB: mov r14, [rsp+968h+var_20] loc_100005FC3: mov r12, [rsp+968h+var_10] mov rdi, [rsp+968h+var_8] mov rsi, [rsp+968h+arg_18] mov rbp, [rsp+968h+arg_10] mov rbx, [rsp+968h+arg_8] mov rcx, [rsp+968h+var_38] call sub_1000258D0 add rsp, 968h retn sub_100005880 endp byte_100006000 db 10h dup(0CCh) ; DWORD __stdcall StartAddress(LPVOID) StartAddress proc near var_28= byte ptr -28h push rbx sub rsp, 40h mov rbx, rcx lea rdx, aSeshutdownpriv ; "SeShutdownPrivilege" lea rcx, [rsp+48h+var_28] call sub_1000244D0 xor r9d, r9d mov ecx, ebx lea edx, [r9+2] lea r8d, [r9+3] call cs:NtInitiatePowerAction xor ebx, ebx lea rcx, [rsp+48h+var_28] test eax, eax setns bl call sub_1000245E0 mov eax, ebx add rsp, 40h pop rbx retn StartAddress endp algn_100006056: align 20h sub_100006060 proc near var_38= dword ptr -38h var_30= qword ptr -30h var_28= byte ptr -28h arg_0= byte ptr 8 push rbx sub rsp, 50h movsxd rbx, ecx lea rax, [rsp+58h+arg_0] lea r8, StartAddress ; lpStartAddress mov [rsp+58h+var_30], rax xor edx, edx ; dwStackSize xor ecx, ecx ; lpThreadAttributes mov r9, rbx ; lpParameter mov [rsp+58h+var_38], 0 call cs:CreateThread test rax, rax jz short loc_1000060A3 mov rcx, rax ; hObject call cs:CloseHandle add rsp, 50h pop rbx retn loc_1000060A3: ; "SeShutdownPrivilege" lea rdx, aSeshutdownpriv lea rcx, [rsp+58h+var_28] call sub_1000244D0 xor r9d, r9d mov ecx, ebx lea edx, [r9+2] lea r8d, [r9+3] call cs:NtInitiatePowerAction lea rcx, [rsp+58h+var_28] call sub_1000245E0 add rsp, 50h pop rbx retn sub_100006060 endp algn_1000060D7: align 20h ; DWORD __stdcall sub_1000060E0(LPVOID) sub_1000060E0 proc near var_28= byte ptr -28h push rbx sub rsp, 40h mov rbx, rcx lea rdx, aSeshutdownpriv ; "SeShutdownPrivilege" lea rcx, [rsp+48h+var_28] call sub_1000244D0 xor edx, edx ; dwReserved mov ecx, ebx ; uFlags call cs:ExitWindowsEx lea rcx, [rsp+48h+var_28] mov ebx, eax call sub_1000245E0 mov eax, ebx add rsp, 40h pop rbx retn sub_1000060E0 endp algn_100006118: align 20h ; int __fastcall sub_100006120(UINT uFlags, char) sub_100006120 proc near var_38= dword ptr -38h var_30= qword ptr -30h var_28= byte ptr -28h arg_0= byte ptr 8 push rbx sub rsp, 50h lea rax, [rsp+58h+arg_0] mov ebx, ecx mov r9d, ecx ; lpParameter mov [rsp+58h+var_30], rax lea r8, sub_1000060E0 ; lpStartAddress xor edx, edx ; dwStackSize xor ecx, ecx ; lpThreadAttributes mov [rsp+58h+var_38], 0 call cs:CreateThread test rax, rax jz short loc_100006162 mov rcx, rax ; hObject call cs:CloseHandle add rsp, 50h pop rbx retn loc_100006162: ; "SeShutdownPrivilege" lea rdx, aSeshutdownpriv lea rcx, [rsp+58h+var_28] call sub_1000244D0 xor edx, edx ; dwReserved mov ecx, ebx ; uFlags call cs:ExitWindowsEx lea rcx, [rsp+58h+var_28] call sub_1000245E0 add rsp, 50h pop rbx retn sub_100006120 endp algn_10000618D: align 20h sub_1000061A0 proc near var_28= byte ptr -28h arg_0= dword ptr 8 sub rsp, 48h add ecx, 0FFFFF05Eh cmp ecx, 8 ; switch 9 cases ja loc_1000062C7 ; default lea rdx, __ImageBase movsxd rax, ecx mov ecx, ds:(off_1000062CC - 100000000h)[rdx+rax*4] add rcx, rdx jmp rcx ; switch jump loc_1000061C9: ; jumptable 1000061C7 case 2 mov ecx, 2 add rsp, 48h jmp sub_100006060 loc_1000061D7: ; jumptable 1000061C7 case 0 mov ecx, 3 add rsp, 48h jmp sub_100006060 loc_1000061E5: ; jumptable 1000061C7 case 1 mov ecx, 11h call cs:GetAsyncKeyState test ax, ax jns short loc_100006220 lea rdx, aSeshutdownpriv ; "SeShutdownPrivilege" lea rcx, [rsp+48h+var_28] call sub_1000244D0 mov ecx, 2 call cs:NtShutdownSystem lea rcx, [rsp+48h+var_28] call sub_1000245E0 add rsp, 48h retn loc_100006220: lea r8, [rsp+48h+arg_0] xor edx, edx xor ecx, ecx mov [rsp+48h+arg_0], 0 call sub_1000056B0 cmp [rsp+48h+arg_0], 0 mov ecx, 1 mov eax, 8 cmovnz ecx, eax add rsp, 48h jmp sub_100006120 loc_100006251: ; jumptable 1000061C7 case 3 mov ecx, 11h call cs:GetAsyncKeyState test ax, ax jns short loc_10000628C lea rdx, aSeshutdownpriv ; "SeShutdownPrivilege" lea rcx, [rsp+48h+var_28] call sub_1000244D0 mov ecx, 1 call cs:NtShutdownSystem lea rcx, [rsp+48h+var_28] call sub_1000245E0 add rsp, 48h retn loc_10000628C: mov ecx, 2 add rsp, 48h jmp sub_100006120 loc_10000629A: ; jumptable 1000061C7 case 4 xor edx, edx xor ecx, ecx add rsp, 48h jmp cs:ExitWindowsEx loc_1000062A9: ; jumptable 1000061C7 cases 5,6 xor ecx, ecx add rsp, 48h jmp cs:MSGINA_20 loc_1000062B6: ; jumptable 1000061C7 case 7 add rsp, 48h jmp cs:qword_10002F470 loc_1000062C1: ; jumptable 1000061C7 case 8 call cs:LockWorkStation loc_1000062C7: ; default add rsp, 48h retn sub_1000061A0 endp off_1000062CC dd offset loc_1000061D7 - offset __ImageBase ; jump table for switch statement dd offset loc_1000061E5 - offset __ImageBase dd offset loc_1000061C9 - offset __ImageBase dd offset loc_100006251 - offset __ImageBase dd offset loc_10000629A - offset __ImageBase dd offset loc_1000062A9 - offset __ImageBase dd offset loc_1000062A9 - offset __ImageBase dd offset loc_1000062B6 - offset __ImageBase dd offset loc_1000062C1 - offset __ImageBase algn_1000062F0: align 20h ; int __fastcall sub_100006300(HWND hWndTo, int, int, int, int, __int64, __int64) sub_100006300 proc near var_2E8= qword ptr -2E8h var_2E0= dword ptr -2E0h var_2D8= qword ptr -2D8h var_2D0= qword ptr -2D0h var_2C8= qword ptr -2C8h var_2C0= qword ptr -2C0h var_2B8= qword ptr -2B8h hObject= qword ptr -2B0h var_2A8= qword ptr -2A8h var_298= dword ptr -298h var_290= byte ptr -290h var_25C= dword ptr -25Ch var_258= word ptr -258h szApp= word ptr -228h var_18= qword ptr -18h var_8= qword ptr -8 arg_10= qword ptr 18h arg_18= qword ptr 20h mov r11, rsp sub rsp, 308h mov rax, cs:qword_10002C178 mov [rsp+308h+var_18], rax cmp edx, 9C41h mov [r11+18h], rbx mov [r11+20h], rsi mov [r11-8], rdi mov rsi, rcx jg loc_100006706 cmp edx, 9C41h jz loc_1000065C9 cmp edx, 961h jg loc_1000063CF cmp edx, 961h jz short loc_1000063AC cmp edx, 2 jz loc_100006767 ; jumptable 100006732 case 0 cmp edx, 417h jle loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 cmp edx, 41Ah jg loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 mov ecx, cs:dword_10002FEF4 test ecx, ecx jz short loc_10000639B dec ecx jnz loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 mov rcx, cs:qword_10002F450 xor r8d, r8d call sub_1000133C0 jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_10000639B: mov rcx, cs:qword_10002F448 call sub_100016A30 jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_1000063AC: xor ebx, ebx cmp cs:dword_10003000C, ebx setz bl mov cs:dword_10003000C, ebx call sub_100004370 mov rcx, rsi call sub_100004920 jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_1000063CF: cmp edx, 0C94h jg loc_100006574 cmp edx, 0C94h jz loc_10000652F add edx, 0FFFFF69Eh cmp edx, 8 ; switch 9 cases ja loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 lea r8, __ImageBase movsxd rax, edx mov eax, ds:(off_100006AF0 - 100000000h)[r8+rax*4] add rax, r8 jmp rax ; switch jump loc_10000640D: ; jumptable 10000640B case 2 cmp cs:dword_10002F440, 3 jle loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 mov rax, cs:hMem mov r8, cs:hWnd ; hWndParent mov rcx, cs:hInstance ; hInstance lea r9, DialogFunc ; lpDialogFunc mov edx, 969h ; lpTemplateName mov [rsp+308h+var_2E8], rax call cs:DialogBoxParamW jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_10000644B: ; jumptable 10000640B case 3 xor ebx, ebx cmp cs:dword_100030018, ebx setz bl mov cs:dword_100030018, ebx call sub_100004370 jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_100006466: ; jumptable 10000640B case 8 xor ebx, ebx cmp cs:dword_100030020, ebx setz bl mov cs:dword_100030020, ebx call sub_100004370 jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_100006481: ; jumptable 10000640B case 4 cmp cs:dword_10002F440, 3 jle loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 mov rax, cs:hMem mov ecx, 1 mov [rax+78h], ecx mov rcx, rsi call sub_100004920 jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_1000064AA: ; jumptable 10000640B case 6 xor ebx, ebx cmp cs:dword_10003001C, ebx setz bl mov cs:dword_10003001C, ebx call sub_100004370 cmp cs:dword_10002F440, 3 jle loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 mov rcx, cs:hMem call sub_10000DD10 jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_1000064DE: ; jumptable 10000640B case 5 xor ebx, ebx cmp cs:dword_100030008, ebx setz bl mov cs:dword_100030008, ebx call sub_100004370 jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_1000064F9: ; jumptable 10000640B case 0 xor ebx, ebx cmp cs:dword_100030010, ebx setz bl mov cs:dword_100030010, ebx call sub_100004370 jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_100006514: ; jumptable 10000640B case 1 xor ebx, ebx cmp cs:dword_100030014, ebx setz bl mov cs:dword_100030014, ebx call sub_100004370 jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_10000652F: mov ecx, cs:dword_10003015C mov eax, ecx not eax and eax, 80h and eax, 0FFFFFF80h xor eax, ecx and eax, 80h xor ecx, eax mov cs:dword_10003015C, ecx call sub_100004370 cmp cs:dword_10002F440, 4 jle loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 mov rcx, cs:qword_10002F468 mov rax, [rcx] call qword ptr [rax+30h] jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_100006574: cmp edx, 0FA2h jl loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 cmp edx, 0FAAh jle short loc_1000065BD cmp edx, 755Bh jnz loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_100006594: ; jumptable 100006732 cases 37-40,43 mov rcx, cs:qword_10002F448 movsxd rbx, edx mov rax, [rcx] call qword ptr [rax+28h] xor r9d, r9d ; lParam mov r8, rbx ; wParam mov rcx, rax ; hWnd mov edx, 111h ; Msg call cs:SendMessageW jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_1000065BD: mov ecx, edx call sub_1000061A0 jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_1000065C9: ; nVirtKey mov ecx, 11h call cs:GetKeyState test ax, ax js short loc_1000065E3 call sub_1000055B0 jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_1000065E3: ; int xor edx, edx lea rcx, [rsp+308h+var_290] ; void * lea r8d, [rdx+60h] ; size_t call memset mov ecx, 1 xor eax, eax mov [rsp+308h+var_25C], ecx mov [rsp+308h+var_258], cx mov edi, 104h lea rcx, Src ; "\"%ComSpec%\"" lea rdx, [rsp+308h+szApp] ; lpDst xor ebx, ebx mov r8d, edi ; nSize mov [rsp+308h+hObject], rax mov [rsp+308h+var_2A8], rax mov [rsp+308h+var_2B8], rbx mov [rsp+308h+var_298], 68h call cs:ExpandEnvironmentStringsW test eax, eax jnz short loc_1000066A3 lea rdx, [rsp+308h+szApp] ; lpDst lea rcx, aWindirSystem32 ; "\"%windir%\\system32\\cmd.exe\"" mov r8d, edi ; nSize call cs:ExpandEnvironmentStringsW test eax, eax jnz short loc_1000066A3 lea rdx, aCmd_exe ; "\"cmd.exe\"" lea rcx, [rsp+308h+szApp] lea rax, [rsp+308h+szApp] sub rdx, rcx db 66h, 66h nop db 66h, 66h, 66h nop loc_100006680: movzx ecx, word ptr [rdx+rax] test cx, cx jz short loc_100006697 mov [rax], cx add rax, 2 dec rdi jnz short loc_100006680 jmp short loc_10000669C loc_100006697: test rdi, rdi jnz short loc_1000066A0 loc_10000669C: sub rax, 2 loc_1000066A0: mov [rax], bx loc_1000066A3: lea rax, [rsp+308h+var_2B8] lea rdx, [rsp+308h+szApp] ; lpCommandLine xor r9d, r9d ; lpThreadAttributes mov [rsp+308h+var_2C0], rax lea rax, [rsp+308h+var_298] xor r8d, r8d ; lpProcessAttributes mov [rsp+308h+var_2C8], rax mov [rsp+308h+var_2D0], rbx mov [rsp+308h+var_2D8], rbx xor ecx, ecx ; lpApplicationName mov [rsp+308h+var_2E0], 4000200h mov dword ptr [rsp+308h+var_2E8], ebx call cs:CreateProcessW test eax, eax jz loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 mov rcx, [rsp+308h+hObject] ; hObject call cs:CloseHandle mov rcx, [rsp+308h+var_2B8] ; hObject call cs:CloseHandle jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_100006706: lea eax, [rdx-9C42h] cmp eax, 6Bh ; switch 108 cases ja loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 lea r8, __ImageBase cdqe movzx eax, ds:(byte_100006B60 - 100000000h)[r8+rax] mov ecx, ds:(off_100006B14 - 100000000h)[r8+rax*4] add rcx, r8 jmp rcx ; switch jump loc_100006734: ; jumptable 100006732 case 61 mov edx, 6 mov rcx, rsi ; hWnd call cs:ShowWindow jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_100006747: ; jumptable 100006732 case 47 call cs:GetDesktopWindow lea rdx, aTaskmgr_chm ; "taskmgr.chm" xor r9d, r9d mov rcx, rax xor r8d, r8d call sub_100024090 jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_100006767: ; jumptable 100006732 case 0 mov rcx, rsi call cs:DestroyWindow jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_100006775: ; jumptable 100006732 case 62 call sub_100006BE0 jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_10000677F: ; jumptable 100006732 cases 98,99 mov eax, cs:dword_10002F440 cmp edx, 9CA4h mov edi, 0FFFFFFFFh mov ecx, 1 cmovz edi, ecx add edi, cs:dword_10002FEF4 jns short loc_1000067A3 lea edi, [rax-1] loc_1000067A3: ; hDlg mov rcx, cs:hWnd xor ebx, ebx cmp edi, eax cmovge edi, ebx mov edx, 3E8h ; nIDDlgItem movsxd rbx, edi call cs:GetDlgItem xor r9d, r9d ; lParam mov r8, rbx ; wParam mov edx, 130Ch ; Msg mov rcx, rax ; hWnd call cs:SendMessageW mov rcx, cs:hWnd ; hDlg mov edx, 3E8h ; nIDDlgItem call cs:GetDlgItem mov rcx, rax call sub_100005370 test eax, eax jz loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 mov cs:dword_10002FEF4, edi jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_100006800: ; jumptable 100006732 case 4 mov ecx, cs:dword_10003015C xor ebx, ebx mov dword ptr [rsp+308h+var_2D8], 3 mov eax, ecx xor r9d, r9d ; Y xor r8d, r8d ; X not eax mov [rsp+308h+var_2E0], ebx mov dword ptr [rsp+308h+var_2E8], ebx and eax, 4 and eax, 0FFFFFFFCh xor eax, ecx and eax, 4 xor ecx, eax mov edx, ecx mov cs:dword_10003015C, ecx mov rcx, rsi ; hWnd and edx, 4 shr rdx, 2 or rdx, 0FFFFFFFFFFFFFFFEh ; hWndInsertAfter call cs:SetWindowPos call sub_100004370 jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_100006855: ; jumptable 100006732 case 63 mov ecx, cs:dword_10003015C mov eax, ecx not eax and eax, 20h and eax, 0FFFFFFE0h xor eax, ecx and eax, 20h xor ecx, eax mov cs:dword_10003015C, ecx call sub_100004370 jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_10000687C: ; jumptable 100006732 case 5 mov ecx, cs:dword_10003015C mov eax, ecx not eax xor eax, ecx and eax, 1 xor ecx, eax mov cs:dword_10003015C, ecx call sub_100004370 jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_10000689D: ; jumptable 100006732 case 97 mov ecx, cs:dword_10003015C mov eax, ecx not eax and eax, 10h and eax, 0FFFFFFF0h xor eax, ecx and eax, 10h xor ecx, eax mov cs:dword_10003015C, ecx call sub_100004370 mov rcx, rsi ; hWndTo call sub_1000045B0 jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_1000068CC: ; jumptable 100006732 case 54 mov ecx, cs:dword_10003015C mov eax, ecx not eax and eax, 8 and eax, 0FFFFFFF8h xor eax, ecx and eax, 8 xor ecx, eax mov cs:dword_10003015C, ecx call sub_100004370 cmp cs:dword_10002F440, 2 jle loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 mov rcx, cs:qword_10002F458 mov rax, [rcx] call qword ptr [rax+30h] jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_10000690D: ; jumptable 100006732 cases 13-15 lea eax, [rdx-9C4Fh] mov cs:wParam, eax call sub_100004370 cmp cs:dword_10002F440, 0 jle loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 mov rcx, cs:qword_10002F448 mov rax, [rcx] call qword ptr [rax+30h] jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_10000693D: ; jumptable 100006732 case 50 cmp cs:dword_10002F440, 1 jle loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 mov rax, cs:qword_10002F450 mov r8, cs:hWnd ; hWndParent mov rcx, cs:hInstance ; hInstance lea r9, sub_10000F820 ; lpDialogFunc mov edx, 79h ; lpTemplateName mov [rsp+308h+var_2E8], rax call cs:DialogBoxParamW jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_10000697B: ; jumptable 100006732 case 107 cmp cs:dword_10002F440, 4 jle loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 mov rcx, cs:qword_10002F468 movsxd rbx, edx mov rax, [rcx] call qword ptr [rax+28h] xor r9d, r9d ; lParam mov r8, rbx ; wParam mov rcx, rax ; hWnd mov edx, 111h ; Msg call cs:SendMessageW jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_1000069B1: ; jumptable 100006732 cases 16,17 lea eax, [rdx-9C52h] mov cs:dword_10002FEDC, eax call sub_100004370 cmp cs:dword_10002F440, 2 jle loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 mov rcx, cs:qword_10002F458 call sub_100009630 mov rcx, cs:qword_10002F458 mov rax, [rcx] call qword ptr [rax+30h] jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_1000069ED: ; jumptable 100006732 case 51 cmp cs:dword_10002F440, 3 jle short loc_100006A0B cmp cs:dword_10002FEF4, 3 jnz short loc_100006A0B mov rcx, cs:hMem call sub_10000F3A0 loc_100006A0B: mov rcx, rsi call sub_100004920 jmp loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_100006A18: ; jumptable 100006732 cases 20-23 lea eax, [rdx-9C56h] xor edx, edx ; uIDEvent movsxd rcx, eax mov cs:dword_10002FEE0, eax mov ebx, [r8+rcx*4+3580h] mov rcx, cs:hWnd ; hWnd mov cs:uElapse, ebx call cs:KillTimer test ebx, ebx jz short loc_100006A61 mov r8d, cs:uElapse ; uElapse mov rcx, cs:hWnd ; hWnd xor r9d, r9d ; lpTimerFunc xor edx, edx ; nIDEvent call cs:SetTimer loc_100006A61: call sub_100004370 jmp short loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 loc_100006A68: ; jumptable 100006732 case 19 mov rcx, cs:hInstance mov edx, 6Bh ; lpIconName call cs:LoadIconW test rax, rax mov rbx, rax jz short loc_100006AC2 ; default ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 mov rcx, cs:hInstance ; hInstance lea r8, [rsp+308h+szApp] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, 2713h ; uID call cs:LoadStringW lea rdx, [rsp+308h+szApp] ; szApp mov r9, rbx ; hIcon xor r8d, r8d ; szOtherStuff mov rcx, rsi ; hWnd call cs:ShellAboutW mov rcx, rbx ; hIcon call cs:DestroyIcon loc_100006AC2: ; default mov rdi, [rsp+308h+var_8] ; jumptable 10000640B case 7 ; jumptable 100006732 cases 1-3,6-12,18,24-36,41,42,44-46,48,49,52,53,55-60,64-96,100-106 mov rsi, [rsp+308h+arg_18] mov rbx, [rsp+308h+arg_10] mov rcx, [rsp+308h+var_18] call sub_1000258D0 add rsp, 308h retn sub_100006300 endp align 10h off_100006AF0 dd offset loc_1000064F9 - offset __ImageBase ; jump table for switch statement dd offset loc_100006514 - offset __ImageBase dd offset loc_10000640D - offset __ImageBase dd offset loc_10000644B - offset __ImageBase dd offset loc_100006481 - offset __ImageBase dd offset loc_1000064DE - offset __ImageBase dd offset loc_1000064AA - offset __ImageBase dd offset loc_100006AC2 - offset __ImageBase dd offset loc_100006466 - offset __ImageBase off_100006B14 dd offset loc_100006767 - offset __ImageBase ; jump table for switch statement dd offset loc_100006800 - offset __ImageBase dd offset loc_10000687C - offset __ImageBase dd offset loc_10000690D - offset __ImageBase dd offset loc_1000069B1 - offset __ImageBase dd offset loc_100006A68 - offset __ImageBase dd offset loc_100006A18 - offset __ImageBase dd offset loc_100006594 - offset __ImageBase dd offset loc_100006747 - offset __ImageBase dd offset loc_10000693D - offset __ImageBase dd offset loc_1000069ED - offset __ImageBase dd offset loc_1000068CC - offset __ImageBase dd offset loc_100006734 - offset __ImageBase dd offset loc_100006775 - offset __ImageBase dd offset loc_100006855 - offset __ImageBase dd offset loc_10000689D - offset __ImageBase dd offset loc_10000677F - offset __ImageBase dd offset loc_10000697B - offset __ImageBase dd offset loc_100006AC2 - offset __ImageBase byte_100006B60 db 0, 12h, 12h, 12h ; indirect table for switch statement db 1, 2, 12h, 12h db 12h, 12h, 12h, 12h db 12h, 3, 3, 3 db 4, 4, 12h, 5 db 6, 6, 6, 6 db 12h, 12h, 12h, 12h db 12h, 12h, 12h, 12h db 12h, 12h, 12h, 12h db 12h, 7, 7, 7 db 7, 12h, 12h, 7 db 12h, 12h, 12h, 8 db 12h, 12h, 9, 0Ah db 12h, 12h, 0Bh, 12h db 12h, 12h, 12h, 12h db 12h, 0Ch, 0Dh, 0Eh db 12h, 12h, 12h, 12h db 12h, 12h, 12h, 12h db 12h, 12h, 12h, 12h db 12h, 12h, 12h, 12h db 12h, 12h, 12h, 12h db 12h, 12h, 12h, 12h db 12h, 12h, 12h, 12h db 12h, 12h, 12h, 12h db 12h, 0Fh, 10h, 10h db 12h, 12h, 12h, 12h db 12h, 12h, 12h, 11h algn_100006BCC: align 20h sub_100006BE0 proc near var_28= dword ptr -28h var_20= dword ptr -20h var_18= dword ptr -18h sub rsp, 48h mov rcx, cs:hWnd ; hWnd call cs:OpenIcon mov rcx, cs:hWnd ; hWnd call cs:SetForegroundWindow mov r11d, cs:dword_10003015C mov rcx, cs:hWnd ; hWnd and r11b, 4 mov [rsp+48h+var_18], 3 neg r11b sbb rdx, rdx ; hWndInsertAfter xor eax, eax xor r9d, r9d ; Y mov [rsp+48h+var_20], eax xor r8d, r8d ; X mov [rsp+48h+var_28], eax call cs:SetWindowPos add rsp, 48h retn sub_100006BE0 endp algn_100006C39: align 20h sub_100006C40 proc near LCData= word ptr -28h var_18= qword ptr -18h sub rsp, 48h mov rax, cs:qword_10002C178 mov [rsp+48h+var_18], rax mov r9d, 20h ; cchData lea r8, LCData ; lpLCData mov ecx, 400h ; Locale lea edx, [r9-2] ; LCType call cs:GetLocaleInfoW mov r9d, 20h ; cchData lea r8, word_10002EA80 ; lpLCData lea edx, [r9-11h] ; LCType mov ecx, 400h ; Locale call cs:GetLocaleInfoW mov r9d, 20h ; cchData lea r8, word_10002EA40 ; lpLCData lea edx, [r9-12h] ; LCType mov ecx, 400h ; Locale call cs:GetLocaleInfoW mov r9d, 8 ; cchData lea r8, [rsp+48h+LCData] ; lpLCData lea edx, [r9+8] ; LCType mov ecx, 400h ; Locale call cs:GetLocaleInfoW xor edx, edx ; wchar_t ** lea rcx, [rsp+48h+LCData] ; wchar_t * lea r8d, [rdx+0Ah] ; int call wcstol mov cs:dword_10002EA3C, eax mov rcx, [rsp+48h+var_18] call sub_1000258D0 add rsp, 48h retn sub_100006C40 endp algn_100006CE3: align 10h ; INT_PTR __stdcall sub_100006CF0(HWND, UINT, WPARAM, LPARAM) sub_100006CF0 proc near var_38= dword ptr -38h var_30= dword ptr -30h Rect= tagRECT ptr -28h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 58h cmp edx, 5 mov [rsp+58h+arg_0], rbx mov [rsp+58h+arg_8], rbp mov [rsp+58h+arg_10], rsi mov [rsp+58h+var_8], r12 mov rbp, r8 mov r12, r9 mov ebx, edx mov rsi, rcx jz short loc_100006D1D cmp edx, 3 jnz short loc_100006D4D loc_100006D1D: cmp cs:dword_10002F438, 0 jz short loc_100006D4D call cs:IsIconic test eax, eax jnz short loc_100006D4D mov rcx, rsi ; hWnd call cs:IsZoomed test eax, eax jnz short loc_100006D4D lea rdx, Rect ; lpRect mov rcx, rsi ; hWnd call cs:GetWindowRect loc_100006D4D: cmp ebx, cs:dword_10002F390 jnz short loc_100006D77 mov ecx, cs:idThread ; idThread xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov edx, 404h ; Msg call cs:PostThreadMessageW mov r11d, eax mov cs:dword_10002F410, eax jmp short loc_100006D7E loc_100006D77: mov r11d, cs:dword_10002F410 loc_100006D7E: cmp ebx, 110h mov edx, cs:dword_10003015C ; int mov [rsp+58h+arg_18], rdi ja loc_1000070EF cmp ebx, 110h jz loc_1000070E0 lea eax, [rbx-2] cmp eax, 0A1h ; switch 162 cases ja loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 lea r8, __ImageBase ; int movzx eax, ds:(byte_1000072F8 - 100000000h)[r8+rax] mov ecx, ds:(off_1000072C8 - 100000000h)[r8+rax*4] add rcx, r8 jmp rcx ; switch jump loc_100006DCC: ; jumptable 100006DCA case 13 mov rcx, rsi call sub_100005160 mov rax, 1 jmp loc_1000072A7 loc_100006DE3: ; jumptable 100006DCA case 3 mov rax, r12 movsx r8d, r12w ; __int64 mov edx, ebp ; wParam shr rax, 10h mov rcx, rsi ; hWndTo movsx r9d, ax ; __int64 call sub_100005430 jmp loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 loc_100006E01: ; jumptable 100006DCA case 34 mov eax, cs:dword_10003015C and eax, 10h test al, al jnz loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 mov eax, cs:dword_10002F3F8 mov [r12+18h], eax mov eax, cs:dword_10002F3FC mov [r12+1Ch], eax jmp loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 loc_100006E2D: ; jumptable 100006DCA case 130 mov r9, r12 mov r8, rbp ; wParam mov edx, ebx ; Msg mov rcx, rsi ; hWnd call cs:DefWindowProcW test byte ptr cs:dword_10003015C, 10h jz loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 cmp rax, 1 jnz loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 mov rcx, cs:hWnd ; hWnd call cs:IsZoomed test eax, eax jnz loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 xor edx, edx ; nIndex lea r8d, [rax+2] ; dwNewLong loc_100006E70: ; hWnd mov rcx, rsi call cs:SetWindowLongPtrW mov rax, 1 jmp loc_1000072A7 loc_100006E88: ; jumptable 100006DCA case 161 mov eax, edx and eax, 10h test al, al jz loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 loc_100006E95: ; hWnd mov rcx, cs:hWnd mov eax, edx shl eax, 1Bh sar eax, 1Fh not eax shl eax, 4 xor eax, edx and eax, 10h xor edx, eax mov cs:dword_10003015C, edx lea rdx, [rsp+58h+Rect] ; lpRect call cs:GetWindowRect mov r11d, cs:dword_10002F440 cmp r11d, 2 jle short loc_100006EEE mov rcx, cs:qword_10002F458 call sub_100009630 mov rcx, cs:qword_10002F458 mov rax, [rcx] call qword ptr [rax+30h] mov r11d, cs:dword_10002F440 loc_100006EEE: cmp r11d, 3 jle short loc_100006F0D mov rcx, cs:hMem call sub_10000E420 mov rcx, cs:hMem mov rax, [rcx] call qword ptr [rax+30h] loc_100006F0D: mov eax, [rsp+58h+Rect.bottom] mov r8d, [rsp+58h+Rect.top] ; Y mov r9d, [rsp+58h+Rect.right] mov edx, [rsp+58h+Rect.left] ; X mov rcx, cs:hWnd ; hWnd sub eax, r8d sub r9d, edx ; nWidth mov [rsp+58h+var_30], 1 mov [rsp+58h+var_38], eax call cs:MoveWindow mov rcx, rsi ; hWndTo call sub_1000045B0 jmp loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 loc_100006F4B: ; jumptable 100006DCA case 76 cmp rbp, 3E8h jnz loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 cmp dword ptr [r12+10h], 0FFFFFDD9h jnz short loc_100006F75 mov rcx, [r12] call sub_100005370 mov edi, eax cdqe jmp loc_1000072A7 loc_100006F75: xor edi, edi movsxd rax, edi jmp loc_1000072A7 loc_100006F7F: ; jumptable 100006DCA case 20 test rbp, rbp jz loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 loc_100006F88: ; jumptable 100006DCA case 14 mov rcx, cs:hWnd call cs:DestroyWindow jmp loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 loc_100006F9A: ; jumptable 100006DCA case 128 mov ecx, cs:idThread test ecx, ecx jz short loc_100006FBA test r11d, r11d jz short loc_100006FBA xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov edx, 403h ; Msg call cs:PostThreadMessageW loc_100006FBA: ; hHandle mov rcx, cs:hHandle test rcx, rcx jz loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 mov edx, 0BB8h ; dwMilliseconds call cs:WaitForSingleObject mov rcx, cs:hHandle ; hObject call cs:CloseHandle jmp loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 loc_100006FE7: ; jumptable 100006DCA cases 19,24 call sub_100006C40 mov rcx, cs:qword_10002F3B8 ; hWnd mov r9, r12 ; lParam mov r8, rbp ; wParam mov edx, ebx ; Msg call cs:SendMessageW xor edi, edi cmp cs:dword_10002F440, edi jle short loc_10000703A lea rsi, qword_10002F448 loc_100007012: mov rcx, [rsi] mov rax, [rcx] call qword ptr [rax+28h] mov r9, r12 ; lParam mov r8, rbp ; wParam mov rcx, rax ; hWnd mov edx, ebx ; Msg call cs:SendMessageW inc edi add rsi, 8 cmp edi, cs:dword_10002F440 jl short loc_100007012 loc_10000703A: cmp ebx, 1Ah jnz loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 mov rcx, cs:hWnd ; hWnd lea rdx, [rsp+58h+Rect] ; lpRect call cs:GetClientRect mov r9d, [rsp+58h+Rect.bottom] mov r8d, [rsp+58h+Rect.right] sub r9d, [rsp+58h+Rect.top] ; __int64 sub r8d, [rsp+58h+Rect.left] ; __int64 mov rcx, cs:hWnd ; hWndTo xor edx, edx ; wParam call sub_100005430 jmp loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 loc_10000707C: ; jumptable 100006DCA case 0 movsxd rax, cs:dword_10002FEF4 lea rsi, qword_10002F448 test eax, eax js short loc_1000070A0 cmp eax, cs:dword_10002F440 jge short loc_1000070A0 mov rcx, [rsi+rax*8] mov rax, [rcx] call qword ptr [rax+10h] loc_1000070A0: xor edi, edi cmp cs:dword_10002F440, edi jle short loc_1000070C7 db 66h, 66h nop db 66h, 66h nop loc_1000070B0: mov rcx, [rsi] mov rax, [rcx] call qword ptr [rax+18h] inc edi add rsi, 8 cmp edi, cs:dword_10002F440 jl short loc_1000070B0 loc_1000070C7: ; int lea rcx, dword_10002FED0 call sub_100003F30 xor ecx, ecx ; nExitCode call cs:PostQuitMessage jmp loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 loc_1000070E0: ; hWnd mov rcx, rsi call sub_100004B90 cdqe jmp loc_1000072A7 loc_1000070EF: cmp ebx, 203h ja loc_1000071BD cmp ebx, 203h jz loc_100006E95 sub ebx, 111h jz loc_1000071AD sub ebx, 2 jz loc_1000071A0 sub ebx, 3 jz short loc_100007189 cmp ebx, 9 jnz loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 mov rbx, rbp loc_10000712D: mov [rsp+58h+var_10], r13 shr rbx, 10h cmp bx, 0FFFFh jnz short loc_100007144 mov r13d, 0FFFFFFFFh jmp short loc_100007148 loc_100007144: movzx r13d, bx loc_100007148: xor edi, edi and bx, 10h jz short loc_10000715E movzx edx, bp ; nPos mov rcx, r12 ; hMenu call cs:GetSubMenu jmp short loc_100007161 loc_10000715E: mov rax, rdi loc_100007161: test bx, bx jnz short loc_100007169 movzx edi, bp loc_100007169: mov r9, rax mov r8d, edi mov rdx, r12 mov rcx, rsi mov [rsp+58h+var_38], r13d call sub_100005220 mov r13, [rsp+58h+var_10] jmp loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 loc_100007189: ; hMenu mov rcx, rbp call sub_100005880 mov cs:dword_10002F3E0, 1 jmp loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 loc_1000071A0: mov rcx, rsi call sub_100004920 jmp loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 loc_1000071AD: ; int movzx edx, bp mov rcx, rsi ; hWndTo call sub_100006300 jmp loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 loc_1000071BD: sub ebx, 318h jz loc_10000727F sub ebx, 0E9h jz short loc_100007200 sub ebx, 9 jz short loc_1000071F0 dec ebx jnz loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 call sub_100006BE0 xor edx, edx mov r8d, 40Bh ; int jmp loc_100006E70 loc_1000071F0: ; int mov rdx, r12 mov rcx, rsi ; hWnd call sub_100017D90 jmp loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 loc_100007200: ; nIDDlgItem mov edx, 3E8h mov rcx, rsi ; hDlg call cs:GetDlgItem xor r9d, r9d ; lParam mov edx, 130Ch ; Msg lea r8d, [r9+1] ; wParam mov rcx, rax ; hWnd call cs:SendMessageW cmp eax, 0FFFFFFFFh jz short loc_100007275 mov edx, 3E8h ; nIDDlgItem mov rcx, rsi ; hDlg call cs:GetDlgItem mov rcx, rax call sub_100005370 test eax, eax jz short loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 movsxd rax, cs:dword_10002FEF4 cmp eax, 0FFFFFFFFh jz short loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 lea rsi, qword_10002F448 mov rcx, [rsi+rax*8] mov rax, [rcx] call qword ptr [rax+28h] mov r9, r12 ; lParam mov r8, rbp ; wParam mov rcx, rax ; hWnd mov edx, 401h ; Msg call cs:SendMessageW jmp short loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 loc_100007275: ; uType xor ecx, ecx call cs:MessageBeep jmp short loc_1000072A5 ; default ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 loc_10000727F: ; lpRect lea rdx, [rsp+58h+Rect] mov rcx, rsi ; hWnd call cs:GetClientRect mov r9d, 2 ; grfFlags lea rdx, [rsp+58h+Rect] ; qrc lea r8d, [r9+4] ; edge mov rcx, rbp ; hdc call cs:DrawEdge loc_1000072A5: ; default xor eax, eax ; jumptable 100006DCA cases 1,2,4-12,15-18,21-23,25-33,35-75,77-127,129,131-160 loc_1000072A7: mov r12, [rsp+58h+var_8] mov rdi, [rsp+58h+arg_18] mov rsi, [rsp+58h+arg_10] mov rbp, [rsp+58h+arg_8] mov rbx, [rsp+58h+arg_0] add rsp, 58h retn sub_100006CF0 endp align 8 off_1000072C8 dd offset loc_10000707C - offset __ImageBase ; jump table for switch statement dd offset loc_100006DE3 - offset __ImageBase dd offset loc_100006DCC - offset __ImageBase dd offset loc_100006F88 - offset __ImageBase dd offset loc_100006FE7 - offset __ImageBase dd offset loc_100006F7F - offset __ImageBase dd offset loc_100006E01 - offset __ImageBase dd offset loc_100006F4B - offset __ImageBase dd offset loc_100006F9A - offset __ImageBase dd offset loc_100006E2D - offset __ImageBase dd offset loc_100006E88 - offset __ImageBase dd offset loc_1000072A5 - offset __ImageBase byte_1000072F8 db 0, 0Bh, 0Bh, 1 ; indirect table for switch statement db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 2, 3, 0Bh db 0Bh, 0Bh, 0Bh, 4 db 5, 0Bh, 0Bh, 0Bh db 4, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 6, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 7, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 8, 0Bh, 9, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Bh, 0Bh, 0Bh db 0Bh, 0Ah algn_10000739A: align 20h sub_1000073A0 proc near var_18= dword ptr -18h var_10= dword ptr -10h arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 38h mov rcx, cs:hInstance ; hInstance mov [rsp+38h+arg_0], rbx loc_1000073B0: mov [rsp+38h+arg_8], rbp mov edx, 78h ; lpTableName mov [rsp+38h+arg_10], rsi mov [rsp+38h+arg_18], rdi call cs:LoadAcceleratorsW lea rbx, qword_10002F2C0 lea rdi, qword_100003228 mov esi, 0Ch xor ebp, ebp mov cs:hAccTable, rax db 66h, 66h, 66h nop db 66h, 66h nop db 66h, 66h nop loc_1000073F0: ; LPCWSTR movzx edx, word ptr [rdi] mov rcx, cs:hInstance ; HINSTANCE xor r9d, r9d ; int lea r8d, [r9+1] ; UINT mov [rsp+38h+var_10], ebp mov [rsp+38h+var_18], ebp call cs:LoadImageW add rbx, 8 add rdi, 4 dec rsi mov [rbx-8], rax jnz short loc_1000073F0 mov rbp, [rsp+38h+arg_8] lea edi, [rsi+20h] mov rsi, [rsp+38h+arg_10] lea rbx, qword_100003380 loc_100007434: ; nBufferMax mov r9d, [rbx+8] mov r8, [rbx] ; lpBuffer mov edx, [rbx+0Ch] ; uID mov rcx, cs:hInstance ; hInstance call cs:LoadStringW add rbx, 10h dec rdi jnz short loc_100007434 mov rdi, [rsp+38h+arg_18] mov rbx, [rsp+38h+arg_0] add rsp, 38h retn sub_1000073A0 endp algn_100007463: align 10h sub_100007470 proc near var_168= qword ptr -168h var_160= qword ptr -160h var_158= dword ptr -158h var_154= dword ptr -154h Type= dword ptr -150h hKey= qword ptr -148h VersionInformation= _OSVERSIONINFOW ptr -138h var_20= word ptr -20h var_1E= byte ptr -1Eh var_18= qword ptr -18h push rbx sub rsp, 180h mov rax, cs:qword_10002C178 mov [rsp+188h+var_18], rax xor ebx, ebx lea rcx, [rsp+188h+VersionInformation] ; void * xor edx, edx ; int mov r8d, 11Ch ; size_t mov cs:dword_10002F478, ebx mov cs:dword_10002F47C, ebx mov cs:dword_10002F480, ebx call memset lea rcx, [rsp+188h+VersionInformation] ; lpVersionInformation mov [rsp+188h+VersionInformation.dwOSVersionInfoSize], 11Ch call cs:GetVersionExW test eax, eax jz loc_1000075C3 movzx ecx, [rsp+188h+var_20] test cx, 110h jz loc_1000075C3 movzx eax, [rsp+188h+var_1E] mov cs:dword_10002F478, 1 cmp al, 3 jz loc_1000075B9 cmp al, 2 jz loc_1000075B9 cmp al, 1 jnz loc_1000075C3 cmp cx, 100h jnz loc_1000075C3 lea rax, [rsp+188h+hKey] lea r9d, [rbx+1] ; samDesired lea rdx, aSoftwareMicr_2 ; "SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"... xor r8d, r8d ; ulOptions mov rcx, 0FFFFFFFF80000002h ; hKey mov cs:dword_10002F47C, 1 mov [rsp+188h+var_168], rax call cs:RegOpenKeyExW test eax, eax jnz short loc_1000075C3 mov rcx, [rsp+188h+hKey] ; hKey lea rax, [rsp+188h+var_154] lea r9, [rsp+188h+Type] ; lpType mov [rsp+188h+var_160], rax lea rax, [rsp+188h+var_158] lea rdx, aAllowmultiplet ; "AllowMultipleTSSessions" xor r8d, r8d ; lpReserved mov [rsp+188h+var_154], 4 mov [rsp+188h+var_168], rax call cs:RegQueryValueExW test eax, eax jnz short loc_100007598 cmp [rsp+188h+Type], 4 jnz short loc_100007598 mov eax, cs:dword_10002F47C cmp [rsp+188h+var_158], ebx cmovnz eax, ebx mov cs:dword_10002F47C, eax loc_100007598: ; hKey mov rcx, [rsp+188h+hKey] call cs:RegCloseKey mov rcx, [rsp+188h+var_18] call sub_1000258D0 add rsp, 180h pop rbx retn loc_1000075B9: mov cs:dword_10002F480, 1 loc_1000075C3: mov rcx, [rsp+188h+var_18] call sub_1000258D0 add rsp, 180h pop rbx retn sub_100007470 endp algn_1000075D9: align 20h sub_1000075E0 proc near var_188= byte ptr -188h var_180= dword ptr -180h var_148= byte ptr -148h var_118= dword ptr -118h var_114= dword ptr -114h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 1A8h xor r9d, r9d lea rdx, [rsp+1A8h+var_188] xor ecx, ecx lea r8d, [r9+40h] mov [rsp+1A8h+arg_18], rdi mov dil, 1 call cs:NtQuerySystemInformation test eax, eax js short loc_100007678 xor edx, edx mov eax, 100000h xor r9d, r9d div [rsp+1A8h+var_180] lea rdx, [rsp+1A8h+var_148] lea ecx, [r9+2] mov r8d, 138h loc_100007627: mov [rsp+1A8h+arg_10], rbx mov ebx, eax call cs:NtQuerySystemInformation test eax, eax js short loc_100007673 mov eax, [rsp+1A8h+var_114] xor edx, edx movzx ecx, dil sub eax, [rsp+1A8h+var_118] div ebx xor edx, edx cmp eax, 8 cmova ecx, edx mov al, cl loc_10000765B: mov rbx, [rsp+1A8h+arg_10] mov rdi, [rsp+1A8h+arg_18] add rsp, 1A8h retn loc_100007673: mov al, dil jmp short loc_10000765B loc_100007678: mov al, dil mov rdi, [rsp+1A8h+arg_18] add rsp, 1A8h retn sub_1000075E0 endp algn_10000768B: align 20h ; int __fastcall wWinMain(HINSTANCE hInstance) wWinMain proc near var_4A8= qword ptr -4A8h var_4A0= qword ptr -4A0h var_498= qword ptr -498h var_488= dword ptr -488h dwProcessId= dword ptr -484h var_480= dword ptr -480h hKey= qword ptr -478h Type= dword ptr -470h var_468= qword ptr -468h Msg= tagMSG ptr -460h Caption= word ptr -428h var_420= qword ptr -420h var_410= qword ptr -410h var_3F8= qword ptr -3F8h var_3E8= qword ptr -3E8h Text= word ptr -3D8h WindowName= word ptr -248h var_38= qword ptr -38h var_28= qword ptr -28h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 mov r11, rsp sub rsp, 4C8h mov rax, cs:qword_10002C178 mov [rsp+4C8h+var_38], rax loc_1000076B9: mov [r11-10h], rbp mov [r11-18h], rsi mov [r11-20h], rdi mov [r11-28h], r12 xor r12d, r12d mov ebp, r9d mov rdi, rcx mov esi, 1 mov [rsp+4C8h+var_488], r12d call cs:GetCurrentProcess lea edx, [rsi+7Fh] ; dwPriorityClass mov rcx, rax ; hProcess call cs:SetPriorityClass mov cs:hInstance, rdi call sub_100024640 lea rcx, String ; "TaskbarCreated" mov cs:dword_10002F43C, eax call cs:RegisterWindowMessageW lea r8, Name ; "NTShell Taskman Startup Mutex" mov edx, esi ; bInitialOwner xor ecx, ecx ; lpMutexAttributes mov cs:dword_10002F390, eax call cs:CreateMutexW test rax, rax mov cs:qword_10002F398, rax jz short loc_10000774F call cs:GetLastError cmp eax, 0B7h jnz short loc_10000774F mov rcx, cs:qword_10002F398 ; hHandle mov edx, 2710h ; dwMilliseconds call cs:WaitForSingleObject loc_10000774F: lea r8, dword_10002F480 lea rdx, dword_10002F47C lea rcx, dword_10002F478 call sub_100007470 cmp cs:dword_10002F478, r12d jz short loc_100007787 call cs:GetCurrentProcessId lea rdx, pSessionId ; pSessionId mov ecx, eax ; dwProcessId call cs:ProcessIdToSessionId loc_100007787: ; lpBuffer lea r8, [rsp+4C8h+WindowName] mov r9d, 104h ; nBufferMax mov edx, 2713h ; uID mov rcx, rdi ; hInstance mov [rsp+4C8h+var_8], rbx call cs:LoadStringW test eax, eax jz short loc_100007829 lea rdx, [rsp+4C8h+WindowName] ; lpWindowName mov ecx, 8002h ; lpClassName call cs:FindWindowW test rax, rax mov rbx, rax jz short loc_100007829 lea rdx, [rsp+4C8h+dwProcessId] ; lpdwProcessId mov rcx, rax ; hWnd mov [rsp+4C8h+dwProcessId], r12d call cs:GetWindowThreadProcessId mov ecx, [rsp+4C8h+dwProcessId] ; dwProcessId call cs:AllowSetForegroundWindow lea r11, [rsp+4C8h+var_468] xor r9d, r9d ; lParam mov [rsp+4C8h+var_498], r11 xor r8d, r8d ; wParam mov edx, 40Bh ; Msg mov rcx, rbx ; hWnd mov dword ptr [rsp+4C8h+var_4A0], 2710h mov dword ptr [rsp+4C8h+var_4A8], 2 call cs:SendMessageTimeoutW test rax, rax jz short loc_100007829 cmp [rsp+4C8h+var_468], 40Bh jz loc_100007DB0 loc_100007829: lea rax, [rsp+4C8h+hKey] lea rdx, aSoftwareMicr_3 ; "Software\\Microsoft\\Windows\\CurrentVersi"... mov r9d, 20019h ; samDesired xor r8d, r8d ; ulOptions mov rcx, 0FFFFFFFF80000001h ; hKey mov [rsp+4C8h+var_4A8], rax call cs:RegOpenKeyExW test eax, eax jnz loc_1000078FE mov rcx, [rsp+4C8h+hKey] ; hKey lea rax, [rsp+4C8h+var_480] lea r9, [rsp+4C8h+Type] ; lpType mov [rsp+4C8h+var_4A0], rax lea rax, [rsp+4C8h+var_488] lea rdx, aDisabletaskmgr ; "DisableTaskMgr" xor r8d, r8d ; lpReserved mov [rsp+4C8h+var_480], 4 mov [rsp+4C8h+var_4A8], rax call cs:RegQueryValueExW mov rcx, [rsp+4C8h+hKey] ; hKey call cs:RegCloseKey cmp [rsp+4C8h+var_488], r12d jz short loc_1000078FE lea r8, [rsp+4C8h+Caption] ; lpBuffer mov r9d, 19h ; nBufferMax mov edx, 2729h ; uID mov rcx, rdi ; hInstance call cs:LoadStringW lea r8, [rsp+4C8h+Text] ; lpBuffer mov r9d, 0C8h ; nBufferMax mov edx, 272Ah ; uID mov rcx, rdi ; hInstance call cs:LoadStringW lea r8, [rsp+4C8h+Caption] ; lpCaption lea rdx, [rsp+4C8h+Text] ; lpText mov r9d, 10h ; uType xor ecx, ecx ; hWnd call cs:MessageBoxW mov esi, r12d jmp loc_100007DB0 loc_1000078FE: call cs:InitCommonControls mov rcx, cs:hInstance ; hInstance lea r8, [rsp+4C8h+Caption] ; lpWndClass lea rdx, ClassName ; "Button" call cs:GetClassInfoW test eax, eax jz short loc_10000797A mov rax, [rsp+4C8h+var_420] lea rcx, [rsp+4C8h+Caption] ; lpWndClass mov [rsp+4C8h+var_3F8], 10h mov cs:lpPrevWndFunc, rax mov rax, cs:hInstance mov [rsp+4C8h+var_410], rax lea rax, sub_100003EA0 mov [rsp+4C8h+var_420], rax lea rax, aDavesframeclas ; "DavesFrameClass" mov [rsp+4C8h+var_3E8], rax call cs:RegisterClassW loc_10000797A: lea rax, idThread lea r8, sub_100017A50 ; lpStartAddress xor r9d, r9d ; lpParameter mov [rsp+4C8h+var_4A0], rax xor edx, edx ; dwStackSize xor ecx, ecx ; lpThreadAttributes mov dword ptr [rsp+4C8h+var_4A8], r12d call cs:CreateThread mov edx, 88h ; uBytes lea ecx, [rdx-48h] ; uFlags mov cs:hHandle, rax mov cs:dword_10002F440, 5 call cs:LocalAlloc test rax, rax mov r11, rax jz loc_100007C08 lea rax, off_100002D10 mov edx, 70h ; uBytes mov [r11], rax xor eax, eax lea ecx, [rdx-30h] ; uFlags mov [r11+40h], rax mov [r11+48h], rax mov [r11+50h], rax mov [r11+58h], rax mov [r11+60h], rax mov [r11+8], r12 mov [r11+10h], r12 mov [r11+20h], r12d mov [r11+18h], r12 mov [r11+28h], r12 mov [r11+30h], r12 mov [r11+68h], r12 mov [r11+70h], r12 mov [r11+78h], r12 mov eax, cs:wParam mov [r11+3Ch], r12d mov [r11+80h], r12 mov [r11+38h], eax mov cs:qword_10002F448, r11 call cs:LocalAlloc test rax, rax mov rbx, rax jz loc_100007C17 xor edx, edx ; int lea rax, off_100002D50 lea rcx, [rbx+30h] ; void * lea r8d, [rdx+30h] ; size_t mov [rbx], rax call memset mov [rbx+8], r12 mov [rbx+10h], r12 mov [rbx+18h], r12 mov [rbx+20h], r12 mov [rbx+28h], r12 mov [rbx+60h], r12d mov [rbx+68h], r12 mov cs:qword_10002F450, rbx call sub_1000075E0 test al, al jnz loc_100007C5B mov edx, 0A0h ; uBytes lea ecx, [rdx-60h] ; uFlags call cs:LocalAlloc test rax, rax jz loc_100007C26 lea rcx, off_100002D90 mov edx, 0C0h ; uBytes mov [rax], rcx xor ecx, ecx mov [rax+48h], rcx mov [rax+50h], rcx mov [rax+58h], rcx mov [rax+60h], rcx mov [rax+68h], rcx mov [rax+70h], rcx mov [rax+78h], rcx mov [rax+80h], rcx mov [rax+88h], rcx lea ecx, [rdx-80h] ; uFlags mov cs:qword_10002F458, rax call cs:LocalAlloc test rax, rax jz loc_100007C35 lea rcx, off_100003870 mov [rax], rcx mov [rax+18h], r12d mov [rax+10h], r12 mov [rax+8], r12 mov [rax+1Ch], r12b mov [rax+20h], r12d xor ecx, ecx mov [rax+50h], rcx mov [rax+58h], rcx mov [rax+60h], rcx mov [rax+78h], esi mov [rax+28h], r12 mov [rax+30h], r12 mov [rax+38h], r12 mov [rax+40h], r12 mov [rax+7Ch], r12d mov [rax+80h], r12 mov [rax+8Ch], r12d mov [rax+88h], r12d mov [rax+90h], r12 mov [rax+98h], r12d mov [rax+9Ch], r12d mov [rax+0A0h], r12d cmp cs:dword_10002F478, ecx mov cs:hMem, rax jz loc_100007C53 cmp cs:dword_10002F47C, ecx jnz loc_100007C53 mov ecx, 26h call cs:SHLWAPI_437 test eax, eax jnz loc_100007C53 lea edx, [rax+78h] ; uBytes lea ecx, [rax+40h] ; uFlags call cs:LocalAlloc test rax, rax jz loc_100007C44 lea rcx, off_100002CD0 mov [rax], rcx xor ecx, ecx mov [rax+38h], rcx mov [rax+40h], rcx mov [rax+48h], rcx mov [rax+50h], rcx mov [rax+58h], rcx mov [rax+8], r12 mov [rax+10h], r12 mov [rax+20h], r12d mov [rax+18h], r12 mov [rax+60h], r12 mov [rax+68h], r12 mov [rax+70h], r12 mov [rax+24h], r12d mov [rax+28h], r12 mov [rax+30h], r12d mov [rax+34h], r12d mov cs:qword_10002F468, rax jmp short loc_100007C65 loc_100007C08: mov cs:qword_10002F448, r12 mov esi, r12d jmp loc_100007DB0 loc_100007C17: mov cs:qword_10002F450, r12 mov esi, r12d jmp loc_100007DB0 loc_100007C26: mov cs:qword_10002F458, r12 mov esi, r12d jmp loc_100007DB0 loc_100007C35: mov cs:hMem, r12 mov esi, r12d jmp loc_100007DB0 loc_100007C44: mov cs:qword_10002F468, r12 mov esi, r12d jmp loc_100007DB0 loc_100007C53: dec cs:dword_10002F440 jmp short loc_100007C65 loc_100007C5B: mov cs:dword_10002F440, 2 loc_100007C65: call sub_1000073A0 call sub_10000A880 test al, al jnz short loc_100007C7B mov esi, r12d jmp loc_100007DB0 loc_100007C7B: ; hWndParent xor r8d, r8d lea r9, sub_100006CF0 ; lpDialogFunc mov rcx, rdi ; hInstance lea edx, [r8+69h] ; lpTemplateName mov [rsp+4C8h+var_4A8], r12 call cs:CreateDialogParamW test rax, rax mov cs:hWnd, rax jnz short loc_100007CAB mov esi, r12d jmp loc_100007DB0 loc_100007CAB: call sub_100006C40 mov ecx, cs:Rect.bottom mov r9d, cs:Rect.top ; Y mov eax, cs:Rect.right mov r8d, cs:Rect.left ; X sub ecx, r9d mov dword ptr [rsp+4C8h+var_498], 4 mov dword ptr [rsp+4C8h+var_4A0], ecx mov rcx, cs:hWnd ; hWnd sub eax, r8d xor edx, edx ; hWndInsertAfter mov cs:dword_10002F438, esi mov dword ptr [rsp+4C8h+var_4A8], eax call cs:SetWindowPos mov rcx, cs:hWnd ; hWnd mov edx, ebp ; nCmdShow call cs:ShowWindow mov rcx, cs:qword_10002F398 ; hMutex test rcx, rcx jz short loc_100007D2A call cs:ReleaseMutex mov rcx, cs:qword_10002F398 ; hObject call cs:CloseHandle mov cs:qword_10002F398, r12 loc_100007D2A: ; dwFlags mov edx, esi mov ecx, esi ; dwLevel call cs:SetProcessShutdownParameters lea rcx, [rsp+4C8h+Msg] ; lpMsg xor r9d, r9d ; wMsgFilterMax xor r8d, r8d ; wMsgFilterMin xor edx, edx ; hWnd call cs:GetMessageW test eax, eax jz short loc_100007DB0 db 66h nop db 66h, 66h nop loc_100007D50: ; hAccTable mov rdx, cs:hAccTable mov rcx, cs:hWnd ; hWnd lea r8, [rsp+4C8h+Msg] ; lpMsg call cs:TranslateAcceleratorW test eax, eax jnz short loc_100007D99 mov rcx, cs:hWnd ; hDlg lea rdx, [rsp+4C8h+Msg] ; lpMsg call cs:IsDialogMessageW test eax, eax jnz short loc_100007D99 lea rcx, [rsp+4C8h+Msg] ; lpMsg call cs:TranslateMessage lea rcx, [rsp+4C8h+Msg] ; lpMsg call cs:DispatchMessageW loc_100007D99: ; lpMsg lea rcx, [rsp+4C8h+Msg] xor r9d, r9d ; wMsgFilterMax xor r8d, r8d ; wMsgFilterMin xor edx, edx ; hWnd call cs:GetMessageW test eax, eax jnz short loc_100007D50 loc_100007DB0: ; hMutex mov rcx, cs:qword_10002F398 test rcx, rcx jz short loc_100007DD6 call cs:ReleaseMutex mov rcx, cs:qword_10002F398 ; hObject call cs:CloseHandle mov cs:qword_10002F398, r12 loc_100007DD6: mov rcx, cs:qword_10002F448 test rcx, rcx jz short loc_100007DED mov rax, [rcx] mov edx, 1 call qword ptr [rax+38h] loc_100007DED: mov rcx, cs:qword_10002F450 test rcx, rcx jz short loc_100007E04 mov rax, [rcx] mov edx, 1 call qword ptr [rax+38h] loc_100007E04: mov rcx, cs:qword_10002F458 test rcx, rcx jz short loc_100007E1B mov rax, [rcx] mov edx, 1 call qword ptr [rax+38h] loc_100007E1B: mov rbx, cs:hMem test rbx, rbx jz short loc_100007E38 mov rcx, rbx call sub_10000C420 mov rcx, rbx ; hMem call cs:LocalFree loc_100007E38: mov rcx, cs:qword_10002F468 test rcx, rcx jz short loc_100007E4F mov rax, [rcx] mov edx, 1 call qword ptr [rax+38h] loc_100007E4F: mov edi, r12d cmp cs:byte_10002F3D0, dil jbe short loc_100007EB7 mov rbx, r12 lea rbp, __ImageBase db 66h, 66h, 66h nop db 66h, 66h nop db 66h, 66h, 66h nop loc_100007E70: ; hMem mov rcx, [rbx+rbp+2FA90h] test rcx, rcx jz short loc_100007E8B call cs:LocalFree mov [rbx+rbp+2FA90h], r12 loc_100007E8B: ; hMem mov rcx, [rbx+rbp+2FC90h] test rcx, rcx jz short loc_100007EA6 call cs:LocalFree mov [rbx+rbp+2FC90h], r12 loc_100007EA6: movzx ecx, cs:byte_10002F3D0 inc edi add rbx, 8 cmp edi, ecx jl short loc_100007E70 loc_100007EB7: ; hMem mov rcx, cs:qword_10002FE90 mov r12, [rsp+4C8h+var_28] mov rdi, [rsp+4C8h+var_20] test rcx, rcx mov rbp, [rsp+4C8h+var_10] mov rbx, [rsp+4C8h+var_8] jz short loc_100007EE9 loc_100007EE3: call cs:LocalFree loc_100007EE9: mov eax, esi mov rsi, [rsp+4C8h+var_18] mov rcx, [rsp+4C8h+var_38] call sub_1000258D0 add rsp, 4C8h retn wWinMain endp algn_100007F08: align 10h ; int __fastcall sub_100007F10(HWND hWnd, int, int, int, int, int, int, __int64) sub_100007F10 proc near var_878= qword ptr -878h var_870= dword ptr -870h var_868= qword ptr -868h var_858= byte ptr -858h Caption= word ptr -648h Text= word ptr -438h var_28= qword ptr -28h var_10= qword ptr -10h var_8= qword ptr -8 arg_18= qword ptr 20h mov r11, rsp sub rsp, 898h mov rax, cs:qword_10002C178 mov [rsp+898h+var_28], rax mov [r11-8], rsi mov [r11-10h], rdi mov rsi, rcx mov rcx, cs:hInstance ; hInstance mov edi, r8d lea r8, [r11-648h] ; lpBuffer mov r9d, 104h ; nBufferMax call cs:LoadStringW test eax, eax jz loc_10000807D mov rcx, cs:hInstance ; hInstance loc_100007F60: mov [rsp+898h+arg_18], rbx mov ebx, 208h lea r8, [rsp+898h+Text] ; lpBuffer mov r9d, ebx ; nBufferMax mov edx, 2720h ; uID call cs:LoadStringW test eax, eax jz loc_100008075 cmp edi, 57h jnz short loc_100007FB7 mov rcx, cs:hInstance ; hInstance lea r8, [rsp+898h+var_858] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, 2724h ; uID call cs:LoadStringW test eax, eax jz loc_100008075 jmp short loc_100007FF0 loc_100007FB7: lea rax, [rsp+898h+var_858] mov [rsp+898h+var_868], 0 mov r9d, 400h ; dwLanguageId mov r8d, edi ; dwMessageId xor edx, edx ; lpSource mov ecx, 1000h ; dwFlags mov [rsp+898h+var_870], 104h mov [rsp+898h+var_878], rax call cs:FormatMessageW test eax, eax jz loc_100008075 loc_100007FF0: lea rax, [rsp+898h+Text] mov rcx, rbx db 66h nop db 66h, 66h nop loc_100008000: cmp word ptr [rax], 0 jz short loc_100008011 add rax, 2 dec rcx jnz short loc_100008000 jmp short loc_100008056 loc_100008011: test rcx, rcx jz short loc_100008056 mov rax, rbx sub rax, rcx sub rbx, rax lea rcx, [rsp+rax*2+898h+Text] jz short loc_100008056 lea rdx, [rsp+898h+var_858] sub rdx, rcx loc_100008031: movzx eax, word ptr [rdx+rcx] test ax, ax jz short loc_100008048 mov [rcx], ax add rcx, 2 dec rbx jnz short loc_100008031 jmp short loc_10000804D loc_100008048: test rbx, rbx jnz short loc_100008051 loc_10000804D: sub rcx, 2 loc_100008051: mov word ptr [rcx], 0 loc_100008056: ; lpCaption lea r8, [rsp+898h+Caption] lea rdx, [rsp+898h+Text] ; lpText mov r9d, 10h ; uType mov rcx, rsi ; hWnd call cs:MessageBoxW loc_100008075: mov rbx, [rsp+898h+arg_18] loc_10000807D: mov rdi, [rsp+898h+var_10] mov rsi, [rsp+898h+var_8] mov rcx, [rsp+898h+var_28] call sub_1000258D0 add rsp, 898h retn sub_100007F10 endp algn_1000080A2: align 10h ; int __fastcall sub_1000080B0(HLOCAL hMem, __int64, __int64, __int64, __int64) sub_1000080B0 proc near var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h lea rax, off_100002CD0 loc_1000080BB: mov [rsp+28h+arg_8], rbp mov [rsp+28h+arg_10], rsi mov [rcx], rax mov rax, [rcx+18h] mov ebp, edx test rax, rax mov rsi, rcx jz short loc_100008148 movsxd rax, dword ptr [rax+10h] loc_1000080DA: mov [rsp+28h+arg_18], rdi test eax, eax mov rdi, rax jz short loc_100008143 loc_1000080E6: mov [rsp+28h+var_8], r12 xor r12d, r12d mov [rsp+28h+arg_0], rbx nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_100008100: mov rax, [rsi+18h] mov rcx, [rax+8] mov rbx, [rcx+rdi*8-8] test rbx, rbx jz short loc_100008134 mov rcx, [rbx+80h] ; hMem test rcx, rcx jz short loc_10000812B call cs:LocalFree mov [rbx+80h], r12 loc_10000812B: ; hMem mov rcx, rbx call cs:LocalFree loc_100008134: dec rdi jnz short loc_100008100 mov r12, [rsp+28h+var_8] mov rbx, [rsp+28h+arg_0] loc_100008143: mov rdi, [rsp+28h+arg_18] loc_100008148: mov rcx, [rsi+18h] test rcx, rcx jz short loc_10000815B mov rax, [rcx] mov edx, 1 call qword ptr [rax] loc_10000815B: test bpl, 1 mov rbp, [rsp+28h+arg_8] jz short loc_10000816F loc_100008166: ; hMem mov rcx, rsi call cs:LocalFree loc_10000816F: mov rax, rsi mov rsi, [rsp+28h+arg_10] add rsp, 28h retn sub_1000080B0 endp byte_10000817C db 14h dup(0CCh) sub_100008190 proc near push rbx sub rsp, 20h test dl, 1 lea rax, off_100002D90 mov rbx, rcx mov [rcx], rax jz short loc_1000081AE call cs:LocalFree loc_1000081AE: mov rax, rbx add rsp, 20h pop rbx retn sub_100008190 endp algn_1000081B7: align 20h ; int __fastcall sub_1000081C0(HLOCAL hMem, int, int, int, int, __int64, __int64) sub_1000081C0 proc near arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h lea rax, off_100002D50 loc_1000081CB: mov [rsp+28h+arg_10], rbx mov [rsp+28h+arg_18], rdi mov ebx, edx mov rdi, rcx mov [rcx], rax call sub_100013EF0 test bl, 1 mov rbx, [rsp+28h+arg_10] jz short loc_1000081F5 loc_1000081EC: ; hMem mov rcx, rdi call cs:LocalFree loc_1000081F5: mov rax, rdi mov rdi, [rsp+28h+arg_18] add rsp, 28h retn sub_1000081C0 endp algn_100008202: align 10h loc_100008210: mov rax, [rcx+8] retn align 20h ; int __fastcall sub_100008220(HLOCAL hMem, int, int, int, int, __int64, __int64) sub_100008220 proc near arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h loc_100008224: mov [rsp+28h+arg_10], rbx mov [rsp+28h+arg_18], rdi mov rdi, rcx mov ebx, edx call sub_100014BE0 test bl, 1 mov rbx, [rsp+28h+arg_10] jz short loc_10000824B loc_100008242: ; hMem mov rcx, rdi call cs:LocalFree loc_10000824B: mov rax, rdi mov rdi, [rsp+28h+arg_18] add rsp, 28h retn sub_100008220 endp algn_100008258: align 20h sub_100008260 proc near push rbx xor r10d, r10d test rdx, rdx mov rbx, rcx mov rax, rcx mov r9, rdx mov r11d, r10d jz short loc_10000828C loc_100008276: cmp [rax], r10w jz short loc_100008287 add rax, 2 dec r9 jnz short loc_100008276 jmp short loc_10000828C loc_100008287: test r9, r9 jnz short loc_1000082AE loc_10000828C: mov r11d, 80070057h mov rcx, r10 loc_100008295: test r11d, r11d js short loc_1000082F1 sub rdx, rcx lea rax, [rbx+rcx*2] jnz short loc_1000082B6 mov r10d, 80070057h mov eax, r10d pop rbx retn loc_1000082AE: mov rcx, rdx sub rcx, r9 jmp short loc_100008295 loc_1000082B6: sub r8, rax db 66h, 66h nop db 66h, 66h, 66h nop loc_1000082C0: movzx ecx, word ptr [r8+rax] test cx, cx jz short loc_1000082D8 mov [rax], cx add rax, 2 dec rdx jnz short loc_1000082C0 jmp short loc_1000082DD loc_1000082D8: test rdx, rdx jnz short loc_1000082E7 loc_1000082DD: sub rax, 2 mov r10d, 8007007Ah loc_1000082E7: mov word ptr [rax], 0 mov eax, r10d pop rbx retn loc_1000082F1: mov eax, r11d pop rbx retn sub_100008260 endp algn_1000082F6: align 20h sub_100008300 proc near cmp rdx, 7FFFFFFFh mov r9, r8 jbe short loc_100008312 mov eax, 80070057h retn loc_100008312: xor r8d, r8d test rdx, rdx jnz short loc_100008324 mov r8d, 80070057h mov eax, r8d retn loc_100008324: sub r9, rcx db 66h, 66h nop db 66h, 66h nop db 66h, 66h nop loc_100008330: movzx eax, word ptr [r9+rcx] test ax, ax jz short loc_100008357 mov [rcx], ax add rcx, 2 dec rdx jnz short loc_100008330 sub rcx, 2 mov r8d, 8007007Ah mov [rcx], dx mov eax, r8d retn loc_100008357: test rdx, rdx jnz short loc_100008366 sub rcx, 2 mov r8d, 8007007Ah loc_100008366: mov word ptr [rcx], 0 mov eax, r8d retn sub_100008300 endp align 20h sub_100008380 proc near var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_10= qword ptr 18h arg_18= qword ptr 20h mov [rsp+arg_10], r8 mov [rsp+arg_18], r9 sub rsp, 38h cmp rdx, 7FFFFFFFh mov [rsp+38h+var_8], rbx mov [rsp+38h+var_10], rsi mov rsi, rcx jbe short loc_1000083B8 mov eax, 80070057h mov rsi, [rsp+38h+var_10] mov rbx, [rsp+38h+var_8] add rsp, 38h retn loc_1000083B8: xor ebx, ebx test rdx, rdx lea r9, [rsp+38h+arg_18] jnz short loc_1000083DA mov ebx, 80070057h mov eax, ebx mov rsi, [rsp+38h+var_10] mov rbx, [rsp+38h+var_8] add rsp, 38h retn loc_1000083DA: mov [rsp+38h+var_18], rdi lea rdi, [rdx-1] mov rdx, rdi call unknown_libname_1 ; Microsoft VisualC v7/9 64bit runtime test eax, eax js short loc_100008401 cdqe cmp rax, rdi ja short loc_100008401 cmp rax, rdi jnz short loc_10000840A mov [rsi+rdi*2], bx jmp short loc_10000840A loc_100008401: mov [rsi+rdi*2], bx mov ebx, 8007007Ah loc_10000840A: mov rdi, [rsp+38h+var_18] mov rsi, [rsp+38h+var_10] mov eax, ebx mov rbx, [rsp+38h+var_8] add rsp, 38h retn sub_100008380 endp byte_100008420 db 10h dup(0CCh) sub_100008430 proc near var_F8= dword ptr -0F8h var_F0= dword ptr -0F0h var_E8= dword ptr -0E8h var_E0= dword ptr -0E0h Rect= tagRECT ptr -0D8h var_C8= dword ptr -0C8h var_C4= dword ptr -0C4h var_B8= dword ptr -0B8h var_B4= dword ptr -0B4h var_B0= dword ptr -0B0h var_AC= dword ptr -0ACh var_A8= dword ptr -0A8h var_A4= dword ptr -0A4h var_A0= dword ptr -0A0h var_98= dword ptr -98h var_90= dword ptr -90h var_88= dword ptr -88h var_80= dword ptr -80h var_78= dword ptr -78h var_70= dword ptr -70h x= dword ptr -68h var_64= dword ptr -64h Points= tagPOINT ptr -58h var_4C= dword ptr -4Ch var_48= byte ptr -48h var_44= dword ptr -44h var_38= dword ptr -38h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 118h test byte ptr cs:dword_10003015C, 10h mov [rsp+118h+arg_18], rdi mov rdi, rcx jz short loc_10000845F mov rcx, cs:hWnd ; hWnd lea rdx, [rsp+118h+Rect] ; lpRect call cs:GetClientRect jmp short loc_10000849E loc_10000845F: ; hWnd mov rcx, [rcx+10h] lea rdx, [rsp+118h+Rect] ; lpRect call cs:GetClientRect mov rdx, [rdi+8] ; hWndTo mov rcx, [rdi+10h] ; hWndFrom lea r8, [rsp+118h+Rect] ; lpPoints mov r9d, 2 ; cPoints call cs:MapWindowPoints mov rcx, [rdi+10h] ; hWnd lea r9, [rsp+118h+Rect] ; lParam xor r8d, r8d ; wParam mov edx, 1328h ; Msg call cs:SendMessageW loc_10000849E: cmp cs:dword_10002FEDC, 1 mov [rsp+118h+var_18], r14 jnz short loc_1000084B9 movzx r14d, cs:byte_10002F3D0 jmp short loc_1000084BF loc_1000084B9: mov r14d, 1 loc_1000084BF: ; nNumWindows lea ecx, [r14+23h] mov [rsp+118h+arg_8], rbp call cs:BeginDeferWindowPos test rax, rax mov rbp, rax jz loc_100008C45 mov rcx, [rdi+8] ; hDlg loc_1000084E1: mov [rsp+118h+arg_10], rsi loc_1000084E9: mov [rsp+118h+var_8], r12 mov edx, 400h ; nIDDlgItem mov [rsp+118h+var_10], r13 mov [rsp+118h+var_20], r15 call cs:GetDlgItem lea rdx, [rsp+118h+Points] ; lpRect mov rcx, rax ; hWnd call cs:GetWindowRect mov rdx, [rdi+8] ; hWndTo lea r8, [rsp+118h+Points] ; lpPoints mov r9d, 2 ; cPoints xor ecx, ecx ; hWndFrom call cs:MapWindowPoints mov r11d, cs:dword_10002F400 mov r12d, [rsp+118h+Rect.bottom] add r11d, r11d lea rsi, qword_100003190 mov r13d, 1Ch sub r12d, r11d mov [rsp+118h+arg_0], rbx sub r12d, [rsp+118h+var_4C] xor r15d, r15d db 66h, 66h nop db 66h, 66h, 66h nop loc_100008570: ; nIDDlgItem mov edx, [rsi] mov rcx, [rdi+8] ; hDlg call cs:GetDlgItem lea rdx, [rsp+118h+x] ; lpRect mov rcx, rax ; hWnd mov rbx, rax call cs:GetWindowRect mov rdx, [rdi+8] ; hWndTo lea r8, [rsp+118h+x] ; lpPoints mov r9d, 2 ; cPoints xor ecx, ecx ; hWndFrom call cs:MapWindowPoints mov ecx, [rsp+118h+var_64] mov r9d, [rsp+118h+x] ; x add ecx, r12d mov [rsp+118h+var_E0], 15h mov [rsp+118h+var_E8], r15d mov [rsp+118h+var_F0], r15d mov [rsp+118h+var_F8], ecx xor r8d, r8d ; hWndInsertAfter mov rcx, rbp ; hWinPosInfo mov rdx, rbx ; hWnd call cs:DeferWindowPos add rsi, 4 dec r13 jnz short loc_100008570 mov rcx, [rdi+8] ; hDlg mov edx, 408h ; nIDDlgItem call cs:GetDlgItem lea rdx, [rsp+118h+var_48] ; lpRect mov rcx, rax ; hWnd call cs:GetWindowRect mov rdx, [rdi+8] ; hWndTo lea r9d, [r13+2] ; cPoints lea r8, [rsp+118h+var_48] ; lpPoints xor ecx, ecx ; hWndFrom call cs:MapWindowPoints test byte ptr cs:dword_10003015C, 10h jz short loc_100008642 mov eax, cs:dword_10002F400 mov r12d, [rsp+118h+Rect.bottom] add eax, eax sub r12d, eax sub r12d, [rsp+118h+Rect.top] jmp short loc_10000865F loc_100008642: mov eax, cs:dword_10002F400 lea ecx, [rax+rax*2] mov eax, [rsp+118h+var_44] sub eax, ecx add eax, r12d cdq sub eax, edx sar eax, 1 mov r12d, eax loc_10000865F: ; hDlg mov rcx, [rdi+8] mov edx, 3E9h ; nIDDlgItem call cs:GetDlgItem lea rdx, [rsp+118h+var_C8] ; lpRect mov rcx, rax ; hWnd mov rbx, rax call cs:GetWindowRect mov rdx, [rdi+8] ; hWndTo lea r8, [rsp+118h+var_C8] ; lpPoints mov r9d, 2 ; cPoints xor ecx, ecx ; hWndFrom call cs:MapWindowPoints mov ecx, [rsp+118h+Rect.right] mov r11d, cs:dword_10002F400 mov [rsp+118h+var_E0], 16h add r11d, r11d mov [rsp+118h+var_E8], r12d sub ecx, r11d xor r9d, r9d ; x xor r8d, r8d ; hWndInsertAfter sub ecx, [rsp+118h+var_C8] mov rdx, rbx ; hWnd mov [rsp+118h+var_F0], ecx mov rcx, rbp ; hWinPosInfo mov [rsp+118h+var_F8], r15d call cs:DeferWindowPos mov rcx, [rdi+8] ; hDlg mov edx, 0FFFFFFFFh ; nIDDlgItem call cs:GetDlgItem lea rdx, [rsp+118h+var_A8] ; lpRect mov rcx, rax ; hWnd mov rbx, rax call cs:GetWindowRect mov rdx, [rdi+8] ; hWndTo lea r8, [rsp+118h+var_A8] ; lpPoints mov r9d, 2 ; cPoints xor ecx, ecx ; hWndFrom call cs:MapWindowPoints mov r11d, [rsp+118h+var_A0] mov [rsp+118h+var_E0], 16h sub r11d, [rsp+118h+var_A8] mov [rsp+118h+var_E8], r12d xor r9d, r9d ; x mov [rsp+118h+var_F0], r11d xor r8d, r8d ; hWndInsertAfter mov rdx, rbx ; hWnd mov rcx, rbp ; hWinPosInfo mov [rsp+118h+var_F8], r15d call cs:DeferWindowPos mov rcx, [rdi+8] ; hDlg mov edx, 3ECh ; nIDDlgItem call cs:GetDlgItem lea rdx, [rsp+118h+var_98] ; lpRect mov rcx, rax ; hWnd mov rbx, rax call cs:GetWindowRect mov rdx, [rdi+8] ; hWndTo lea r8, [rsp+118h+var_98] ; lpPoints mov r9d, 2 ; cPoints xor ecx, ecx ; hWndFrom call cs:MapWindowPoints mov ecx, cs:dword_10002F408 mov edx, [rsp+118h+var_A4] mov r11d, cs:dword_10002F404 mov r8d, [rsp+118h+var_90] mov eax, [rsp+118h+var_A8] sub r8d, [rsp+118h+var_98] add edx, ecx add r11d, r11d mov [rsp+118h+var_E0], 14h mov r10d, r12d lea r9d, [r11+rax] ; x sub r10d, r11d sub r10d, ecx mov rcx, rbp ; hWinPosInfo mov [rsp+118h+var_E8], r10d mov [rsp+118h+var_F0], r8d mov [rsp+118h+var_F8], edx mov rdx, rbx ; hWnd xor r8d, r8d ; hWndInsertAfter call cs:DeferWindowPos mov rcx, [rdi+8] ; hDlg mov edx, 428h ; nIDDlgItem call cs:GetDlgItem lea rdx, [rsp+118h+var_78] ; lpRect mov rcx, rax ; hWnd mov rbx, rax call cs:GetWindowRect mov rdx, [rdi+8] ; hWndTo lea r8, [rsp+118h+var_78] ; lpPoints mov r9d, 2 ; cPoints xor ecx, ecx ; hWndFrom call cs:MapWindowPoints mov ecx, cs:dword_10002F400 mov r11d, [rsp+118h+var_70] mov r9d, [rsp+118h+var_78] ; x lea edx, [r12+rcx*2] mov [rsp+118h+var_E0], 14h sub r11d, r9d mov [rsp+118h+var_E8], r12d xor r8d, r8d ; hWndInsertAfter mov [rsp+118h+var_F0], r11d mov [rsp+118h+var_F8], edx mov rdx, rbx ; hWnd mov rcx, rbp ; hWinPosInfo call cs:DeferWindowPos mov rcx, [rdi+8] ; hDlg mov edx, 3EDh ; nIDDlgItem call cs:GetDlgItem lea rdx, [rsp+118h+var_88] ; lpRect mov rcx, rax ; hWnd mov rbx, rax call cs:GetWindowRect mov rdx, [rdi+8] ; hWndTo lea r8, [rsp+118h+var_88] ; lpPoints mov r9d, 2 ; cPoints xor ecx, ecx ; hWndFrom call cs:MapWindowPoints mov ecx, cs:dword_10002F408 mov edx, [rsp+118h+var_80] mov r11d, cs:dword_10002F404 mov eax, cs:dword_10002F400 mov r9d, [rsp+118h+var_88] ; x sub edx, r9d mov [rsp+118h+var_E0], 14h add r11d, r11d mov r8d, r12d sub r8d, r11d sub r8d, ecx lea ecx, [rcx+rax*2] mov [rsp+118h+var_E8], r8d add ecx, r12d mov [rsp+118h+var_F0], edx mov [rsp+118h+var_F8], ecx xor r8d, r8d ; hWndInsertAfter mov rdx, rbx ; hWnd mov rcx, rbp ; hWinPosInfo call cs:DeferWindowPos mov rcx, [rdi+8] ; hDlg mov edx, 3EAh ; nIDDlgItem call cs:GetDlgItem lea rdx, [rsp+118h+var_38] ; lpRect mov rcx, rax ; hWnd mov rbx, rax call cs:GetWindowRect mov rdx, [rdi+8] ; hWndTo lea r8, [rsp+118h+var_38] ; lpPoints mov r9d, 2 ; cPoints xor ecx, ecx ; hWndFrom call cs:MapWindowPoints mov r11d, cs:dword_10002F400 mov ecx, [rsp+118h+Rect.right] mov r9d, [rsp+118h+var_38] ; x add r11d, r11d mov [rsp+118h+var_E0], 14h sub ecx, r11d mov [rsp+118h+var_E8], r12d lea eax, [r11+r12] sub ecx, r9d xor r8d, r8d ; hWndInsertAfter mov [rsp+118h+var_F0], ecx mov [rsp+118h+var_F8], eax mov rdx, rbx ; hWnd mov rcx, rbp ; hWinPosInfo call cs:DeferWindowPos mov r11d, cs:dword_10002F404 mov ebx, cs:dword_10002F400 mov rcx, [rdi+8] ; hDlg neg ebx lea eax, [r11+r11*2] add ebx, ebx mov edx, 3EEh ; nIDDlgItem sub ebx, eax sub ebx, [rsp+118h+var_C8] add ebx, [rsp+118h+Rect.right] call cs:GetDlgItem lea rdx, [rsp+118h+var_B8] ; lpRect mov rcx, rax ; hWnd mov r13, rax call cs:GetWindowRect mov rdx, [rdi+8] ; hWndTo lea r8, [rsp+118h+var_B8] ; lpPoints mov r9d, 2 ; cPoints xor ecx, ecx ; hWndFrom call cs:MapWindowPoints mov ecx, cs:dword_10002F408 mov r11d, cs:dword_10002F404 mov eax, cs:dword_10002F400 lea r9d, [r11+r11] mov [rsp+118h+var_E0], 14h lea edx, [rcx+rax*2] mov eax, [rsp+118h+var_C8] mov r10d, r12d sub r10d, r9d add edx, r12d mov r8d, ebx sub r10d, ecx sub r8d, r11d add r9d, eax ; x mov [rsp+118h+var_E8], r10d mov [rsp+118h+var_F0], r8d mov [rsp+118h+var_F8], edx mov rdx, r13 ; hWnd xor r8d, r8d ; hWndInsertAfter mov rcx, rbp ; hWinPosInfo call cs:DeferWindowPos mov r9d, cs:dword_10002F404 mov r11d, 10h cmp r14d, r11d mov esi, r15d cmovl r11d, r14d mov ecx, r11d imul ecx, r9d sub ebx, ecx lea ecx, [r9+r9] mov eax, ebx mov ebx, r15d cdq idiv r11d test eax, eax cmovns esi, eax sub r12d, ecx mov ecx, r15d sub r12d, cs:dword_10002F408 mov eax, r14d cdq mov r8d, eax and edx, 0Fh add eax, edx sar r8d, 4 and eax, 0Fh cmp eax, edx mov eax, r12d setnz cl cdq add ecx, r8d idiv ecx test r14d, r14d mov r12d, eax jle short loc_100008B02 db 66h, 66h, 66h nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_100008A90: ; hDlg mov rcx, [rdi+8] lea edx, [rbx+1388h] ; nIDDlgItem call cs:GetDlgItem test rax, rax mov r11, rax jz short loc_100008AFB mov eax, [rsp+118h+var_C8] mov [rsp+118h+var_E0], r15d mov r9d, ebx and r9d, 0Fh mov edx, ebx mov [rsp+118h+var_E8], r12d shr edx, 4 lea ecx, [r9+2] mov [rsp+118h+var_F0], esi imul r9d, esi imul ecx, cs:dword_10002F404 imul edx, r12d add edx, [rsp+118h+var_C4] add edx, cs:dword_10002F408 add ecx, eax xor r8d, r8d ; hWndInsertAfter add r9d, ecx ; x mov [rsp+118h+var_F8], edx mov rdx, r11 ; hWnd mov rcx, rbp ; hWinPosInfo call cs:DeferWindowPos loc_100008AFB: inc ebx cmp ebx, r14d jl short loc_100008A90 loc_100008B02: ; hWinPosInfo mov rcx, rbp call cs:EndDeferWindowPos lea rdx, [rsp+118h+var_B8] ; lpRect mov rcx, r13 ; hWnd call cs:GetClientRect mov rcx, [rdi+30h] ; HDC mov r13, [rsp+118h+var_10] test rcx, rcx mov r12, [rsp+118h+var_8] jz short loc_100008B4B loc_100008B32: ; HGDIOBJ mov rdx, [rdi+40h] test rdx, rdx jz short loc_100008B41 call cs:SelectObject loc_100008B41: ; HDC mov rcx, [rdi+30h] call cs:DeleteDC loc_100008B4B: ; HGDIOBJ mov rcx, [rdi+38h] test rcx, rcx jz short loc_100008B5A call cs:DeleteObject loc_100008B5A: mov esi, [rsp+118h+var_B0] mov ebp, [rsp+118h+var_AC] mov rcx, [rdi+8] ; hWnd sub esi, [rsp+118h+var_B8] sub ebp, [rsp+118h+var_B4] call cs:GetDC mov rcx, rax ; HDC mov rbx, rax call cs:CreateCompatibleDC test rax, rax mov [rdi+30h], rax jnz short loc_100008BA7 mov rcx, [rdi+8] ; hWnd mov rdx, rbx ; hDC call cs:ReleaseDC call cs:GetLastError call cs:GetLastError jmp loc_100008C2D loc_100008BA7: ; int mov r8d, ebp mov edx, esi ; int mov rcx, rbx ; HDC mov [rdi+90h], r15d mov [rdi+94h], r15d mov [rdi+98h], esi mov [rdi+9Ch], ebp call cs:CreateCompatibleBitmap mov rcx, [rdi+8] ; hWnd mov rdx, rbx ; hDC mov [rdi+38h], rax call cs:ReleaseDC mov rdx, [rdi+38h] test rdx, rdx jnz short loc_100008C1F call cs:GetLastError test eax, eax jg short loc_100008C09 call cs:GetLastError mov rcx, [rdi+30h] ; HDC call cs:DeleteDC mov [rdi+30h], r15 jmp short loc_100008C2D loc_100008C09: call cs:GetLastError mov rcx, [rdi+30h] ; HDC call cs:DeleteDC mov [rdi+30h], r15 jmp short loc_100008C2D loc_100008C1F: ; HDC mov rcx, [rdi+30h] call cs:SelectObject mov [rdi+40h], rax loc_100008C2D: mov rbx, [rsp+118h+arg_0] mov rsi, [rsp+118h+arg_10] mov r15, [rsp+118h+var_20] loc_100008C45: mov r14, [rsp+118h+var_18] mov rdi, [rsp+118h+arg_18] mov rbp, [rsp+118h+arg_8] add rsp, 118h retn sub_100008430 endp algn_100008C65: align 10h ; int __fastcall sub_100008C70(HDC, __int64, __int64, __int64, __int64) sub_100008C70 proc near var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 38h loc_100008C74: mov [rsp+38h+arg_0], rbx mov [rsp+38h+arg_8], rbp mov ebp, [rdx+8] mov [rsp+38h+arg_10], rsi mov [rsp+38h+arg_18], rdi sub ebp, r8d mov rdi, rdx mov rsi, rcx mov r8d, 408000h ; COLORREF mov edx, 1 ; int xor ecx, ecx ; int mov [rsp+38h+var_8], r12 mov [rsp+38h+var_10], r13 call cs:CreatePen mov rcx, rsi ; HDC mov rdx, rax ; HGDIOBJ mov r13, rax call cs:SelectObject mov edx, [rdi+4] mov ecx, [rdi+0Ch] sub ecx, edx mov ebx, 0Bh mov r12, rax cmp ecx, ebx jle short loc_100008D09 loc_100008CD4: ; int lea r8d, [rdx+rbx] xor r9d, r9d ; LPPOINT mov rcx, rsi ; HDC mov edx, ebp ; int call cs:MoveToEx mov r11d, [rdi+4] mov edx, [rdi+8] ; int lea r8d, [rbx+r11] ; int mov rcx, rsi ; HDC call cs:LineTo mov edx, [rdi+4] mov eax, [rdi+0Ch] sub eax, edx add ebx, 0Ch cmp ebx, eax jl short loc_100008CD4 loc_100008D09: mov ebx, [rdi+8] sub ebx, cs:dword_10002FEB0 cmp ebx, ebp jle short loc_100008D48 db 66h, 66h, 66h nop db 66h, 66h nop db 66h, 66h nop loc_100008D20: ; int mov r8d, [rdi+4] xor r9d, r9d ; LPPOINT mov edx, ebx ; int mov rcx, rsi ; HDC call cs:MoveToEx mov r8d, [rdi+0Ch] ; int mov edx, ebx ; int mov rcx, rsi ; HDC call cs:LineTo sub ebx, 0Ch cmp ebx, ebp jg short loc_100008D20 loc_100008D48: test r12, r12 mov rdi, [rsp+38h+arg_18] mov rbp, [rsp+38h+arg_8] mov rbx, [rsp+38h+arg_0] jz short loc_100008D68 loc_100008D5C: ; HGDIOBJ mov rdx, r12 mov rcx, rsi ; HDC call cs:SelectObject loc_100008D68: mov rcx, r13 mov r13, [rsp+38h+var_10] mov r12, [rsp+38h+var_8] mov rsi, [rsp+38h+arg_10] add rsp, 38h jmp cs:DeleteObject sub_100008C70 endp algn_100008D85: align 10h sub_100008D90 proc near var_78= dword ptr -78h var_70= qword ptr -70h var_68= dword ptr -68h var_60= dword ptr -60h var_58= dword ptr -58h var_48= dword ptr -48h var_44= dword ptr -44h var_40= qword ptr -40h var_38= qword ptr -38h var_30= qword ptr -30h var_28= qword ptr -28h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= dword ptr 8 arg_8= qword ptr 10h arg_10= dword ptr 18h arg_18= qword ptr 20h mov [rsp+arg_10], r8d mov [rsp+arg_8], rdx mov rax, rsp sub rsp, 98h cmp qword ptr [rcx+30h], 0 mov [rax+20h], rbx mov [rax-10h], rsi mov [rax-38h], r15 mov rbx, rdx mov rsi, rcx mov r15d, r8d jz loc_10000940C loc_100008DC4: mov [rax-18h], rdi mov ecx, 4 ; int mov [rax-20h], r12 call cs:GetStockObject mov rcx, [rsi+30h] ; hDC lea rdx, [rsi+90h] ; lprc mov r8, rax ; hbr call cs:FillRect mov r12d, [rbx+30h] mov eax, 10624DD3h sub r12d, [rbx+28h] mov r8d, r12d ; __int64 mov [rsp+98h+var_44], r12d lea ecx, [r12-1] imul ecx mov ecx, edx lea rdx, [rsi+90h] ; __int64 sar ecx, 7 mov eax, ecx shr eax, 1Fh add ecx, eax mov eax, 2 cmovz ecx, eax mov [rsp+98h+var_48], ecx mov rcx, [rsi+30h] ; HDC call sub_100008C70 mov r11d, cs:dword_10002FEDC cmp r11d, 1 jnz short loc_100008E45 movzx eax, cs:byte_10002F3D0 jmp short loc_100008E4A loc_100008E45: mov eax, 1 loc_100008E4A: cdq xor ecx, ecx mov [rsp+98h+var_8], rbp and edx, 0Fh mov r8d, eax mov [rsp+98h+var_28], r13 add eax, edx sar r8d, 4 mov [rsp+98h+var_30], r14 and eax, 0Fh sub eax, edx mov edx, [rsi+9Ch] sub edx, [rsi+94h] test eax, eax setnz cl lea eax, [rdx-1] add ecx, r8d cdq idiv ecx cmp r11d, 1 mov r13d, eax mov [rsp+98h+arg_0], eax jnz loc_100009048 test byte ptr cs:dword_10003015C, 8 lea rbx, __ImageBase jz loc_100008F7F mov rdx, [rsi+50h] ; HGDIOBJ mov rcx, [rsi+30h] ; HDC call cs:SelectObject mov rcx, [rbx+r15*8+2FC90h] mov r8d, r13d movzx edx, byte ptr [rcx] mov [rsp+98h+var_40], rax mov eax, 51EB851Fh xor r9d, r9d ; LPPOINT mov r14, r15 imul edx, r13d imul edx sar edx, 5 mov ecx, edx shr ecx, 1Fh add edx, ecx mov rcx, [rsi+30h] ; HDC sub r8d, edx ; int mov edx, [rsi+98h] ; int call cs:MoveToEx mov r15d, [rsp+98h+var_44] xor ebp, ebp xor r12d, r12d xor edi, edi db 66h, 66h nop loc_100008F10: cmp edi, r15d jge short loc_100008F60 mov rax, [rbx+r14*8+2FC90h] mov r8d, r13d movzx ecx, byte ptr [rax+r12] mov eax, 51EB851Fh imul ecx, r13d imul ecx mov rcx, [rsi+30h] ; HDC sar edx, 5 mov eax, edx shr eax, 1Fh add edx, eax sub r8d, edx ; int mov edx, [rsi+98h] sub edx, edi ; int call cs:LineTo add edi, [rsp+98h+var_48] inc ebp inc r12 cmp ebp, 7D0h jl short loc_100008F10 loc_100008F60: mov r13, [rsp+98h+var_40] mov r15d, [rsp+98h+arg_10] test r13, r13 jz short loc_100008F7F mov rcx, [rsi+30h] ; HDC mov rdx, r13 ; HGDIOBJ call cs:SelectObject loc_100008F7F: ; HGDIOBJ mov rdx, [rsi+48h] mov rcx, [rsi+30h] ; HDC call cs:SelectObject mov r14d, r15d mov r15d, [rsp+98h+arg_0] mov rcx, [rbx+r14*8+2FA90h] mov [rsp+98h+var_40], rax mov eax, 51EB851Fh movzx edx, byte ptr [rcx] mov r8d, r15d xor r9d, r9d ; LPPOINT imul edx, r15d imul edx sar edx, 5 mov ecx, edx shr ecx, 1Fh add edx, ecx mov rcx, [rsi+30h] ; HDC sub r8d, edx ; int mov edx, [rsi+98h] ; int call cs:MoveToEx mov r13d, [rsp+98h+var_44] xor ebp, ebp xor r12d, r12d xor edi, edi loc_100008FE2: cmp edi, r13d jge short loc_100009032 mov rax, [rbx+r14*8+2FA90h] mov r8d, r15d movzx ecx, byte ptr [rax+r12] mov eax, 51EB851Fh imul ecx, r15d imul ecx mov rcx, [rsi+30h] ; HDC sar edx, 5 mov eax, edx shr eax, 1Fh add edx, eax sub r8d, edx ; int mov edx, [rsi+98h] sub edx, edi ; int call cs:LineTo add edi, [rsp+98h+var_48] inc ebp inc r12 cmp ebp, 7D0h jl short loc_100008FE2 loc_100009032: mov r13, [rsp+98h+var_40] test r13, r13 jz loc_100009393 mov rdx, r13 jmp loc_100009389 loc_100009048: test byte ptr cs:dword_10003015C, 8 lea rbx, __ImageBase jz loc_100009205 mov rdx, [rsi+50h] ; HGDIOBJ mov rcx, [rsi+30h] ; HDC xor edi, edi xor ebp, ebp call cs:SelectObject movzx r9d, cs:byte_10002F3D0 xor r11d, r11d xor r10d, r10d xor edx, edx cmp r9d, 2 mov r15, rax jl short loc_1000090C3 lea ecx, [r9-2] shr ecx, 1 inc ecx mov r8d, ecx lea r10d, [rcx+rcx] db 66h, 66h, 66h nop db 66h, 66h nop db 66h, 66h nop loc_1000090A0: mov rax, [rbx+rdx*8+2FC90h] add rdx, 2 movzx ecx, byte ptr [rax] mov rax, [rbx+rdx*8+2FC88h] add edi, ecx movzx ecx, byte ptr [rax] add ebp, ecx dec r8 jnz short loc_1000090A0 loc_1000090C3: cmp r10d, r9d jge short loc_1000090D4 mov rax, [rbx+rdx*8+2FC90h] movzx r11d, byte ptr [rax] loc_1000090D4: xor edx, edx lea eax, [rbp+rdi+0] mov r8d, r13d add eax, r11d div r9d xor r9d, r9d ; LPPOINT mov ecx, eax mov eax, 51EB851Fh imul ecx, r13d mul ecx mov rcx, [rsi+30h] ; HDC shr edx, 5 sub r8d, edx ; int mov edx, [rsi+98h] ; int call cs:MoveToEx xor r14d, r14d xor edi, edi xor r13d, r13d loc_100009111: cmp r13d, r12d jge loc_1000091E1 movzx r11d, cs:byte_10002F3D0 xor r9d, r9d xor r10d, r10d xor r12d, r12d xor ebp, ebp xor edx, edx cmp r11d, 2 jl short loc_100009177 lea eax, [r11-2] shr eax, 1 inc eax mov r8d, eax lea ebp, [rax+rax] nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_100009150: mov rax, [rbx+rdx*8+2FC90h] add rdx, 2 movzx ecx, byte ptr [rax+rdi] mov rax, [rbx+rdx*8+2FC88h] add r9d, ecx movzx ecx, byte ptr [rax+rdi] add r10d, ecx dec r8 jnz short loc_100009150 loc_100009177: cmp ebp, r11d jge short loc_100009189 mov rax, [rbx+rdx*8+2FC90h] movzx r12d, byte ptr [rax+rdi] loc_100009189: mov ebp, [rsp+98h+arg_0] xor edx, edx lea eax, [r10+r9] add eax, r12d mov r8d, ebp div r11d mov ecx, eax mov eax, 51EB851Fh imul ecx, ebp mul ecx mov rcx, [rsi+30h] ; HDC shr edx, 5 sub r8d, edx ; int mov edx, [rsi+98h] sub edx, r13d ; int call cs:LineTo add r13d, [rsp+98h+var_48] mov r12d, [rsp+98h+var_44] inc r14d inc rdi cmp r14d, 7D0h jl loc_100009111 loc_1000091E1: test r15, r15 jz short loc_1000091FD mov rcx, [rsi+30h] ; HDC mov rdx, r15 ; HGDIOBJ call cs:SelectObject mov r13d, [rsp+98h+arg_0] jmp short loc_100009205 loc_1000091FD: mov r13d, [rsp+98h+arg_0] loc_100009205: ; HGDIOBJ mov rdx, [rsi+48h] mov rcx, [rsi+30h] ; HDC xor edi, edi xor ebp, ebp call cs:SelectObject movzx r9d, cs:byte_10002F3D0 xor r11d, r11d xor r10d, r10d xor edx, edx cmp r9d, 2 mov r15, rax jl short loc_100009263 lea ecx, [r9-2] shr ecx, 1 inc ecx mov r8d, ecx lea r10d, [rcx+rcx] nop loc_100009240: mov rax, [rbx+rdx*8+2FA90h] add rdx, 2 movzx ecx, byte ptr [rax] mov rax, [rbx+rdx*8+2FA88h] add edi, ecx movzx ecx, byte ptr [rax] add ebp, ecx dec r8 jnz short loc_100009240 loc_100009263: cmp r10d, r9d jge short loc_100009274 mov rax, [rbx+rdx*8+2FA90h] movzx r11d, byte ptr [rax] loc_100009274: xor edx, edx lea eax, [rbp+rdi+0] mov r8d, r13d add eax, r11d div r9d xor r9d, r9d ; LPPOINT mov ecx, eax mov eax, 51EB851Fh imul ecx, r13d mul ecx mov rcx, [rsi+30h] ; HDC shr edx, 5 sub r8d, edx ; int mov edx, [rsi+98h] ; int call cs:MoveToEx xor r14d, r14d xor edi, edi xor r13d, r13d loc_1000092B1: cmp r13d, r12d jge loc_100009381 movzx r11d, cs:byte_10002F3D0 xor r9d, r9d xor r10d, r10d xor r12d, r12d xor ebp, ebp xor edx, edx cmp r11d, 2 jl short loc_100009317 lea eax, [r11-2] shr eax, 1 inc eax mov r8d, eax lea ebp, [rax+rax] nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_1000092F0: mov rax, [rbx+rdx*8+2FA90h] add rdx, 2 movzx ecx, byte ptr [rax+rdi] mov rax, [rbx+rdx*8+2FA88h] add r9d, ecx movzx ecx, byte ptr [rax+rdi] add r10d, ecx dec r8 jnz short loc_1000092F0 loc_100009317: cmp ebp, r11d jge short loc_100009329 mov rax, [rbx+rdx*8+2FA90h] movzx r12d, byte ptr [rax+rdi] loc_100009329: mov ebp, [rsp+98h+arg_0] xor edx, edx lea eax, [r10+r9] add eax, r12d mov r8d, ebp div r11d mov ecx, eax mov eax, 51EB851Fh imul ecx, ebp mul ecx mov rcx, [rsi+30h] ; HDC shr edx, 5 sub r8d, edx ; int mov edx, [rsi+98h] sub edx, r13d ; int call cs:LineTo add r13d, [rsp+98h+var_48] mov r12d, [rsp+98h+var_44] inc r14d inc rdi cmp r14d, 7D0h jl loc_1000092B1 loc_100009381: test r15, r15 jz short loc_100009393 mov rdx, r15 ; HGDIOBJ loc_100009389: ; HDC mov rcx, [rsi+30h] call cs:SelectObject loc_100009393: mov r10, [rsp+98h+arg_8] mov [rsp+98h+var_58], 0CC0020h mov [rsp+98h+var_60], 0 mov edx, [r10+28h] ; int mov r9d, [r10+30h] mov ecx, [r10+34h] mov r8d, [r10+2Ch] ; int mov eax, edx sub eax, r9d sub ecx, r8d sub r9d, edx ; int sub eax, [rsi+90h] add eax, [rsi+98h] mov [rsp+98h+var_68], eax mov rax, [rsi+30h] mov [rsp+98h+var_70], rax mov [rsp+98h+var_78], ecx mov rcx, [r10+20h] ; HDC call cs:BitBlt mov r14, [rsp+98h+var_30] mov r13, [rsp+98h+var_28] mov r12, [rsp+98h+var_20] mov rdi, [rsp+98h+var_18] mov rbp, [rsp+98h+var_8] loc_10000940C: mov r15, [rsp+98h+var_38] mov rsi, [rsp+98h+var_10] mov rbx, [rsp+98h+arg_18] add rsp, 98h retn sub_100008D90 endp algn_100009429: align 10h sub_100009430 proc near var_68= dword ptr -68h var_60= qword ptr -60h var_58= dword ptr -58h var_50= dword ptr -50h var_48= dword ptr -48h var_38= qword ptr -38h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 88h cmp qword ptr [rcx+30h], 0 mov [rax+18h], rsi mov [rax-8], r12 mov r12, rdx mov rsi, rcx jz loc_10000960F loc_100009453: mov [rax+8], rbx mov [rax+10h], rbp mov [rax+20h], rdi mov [rax-10h], r13 mov [rax-18h], r14 mov ecx, 4 ; int mov [rax-20h], r15 call cs:GetStockObject mov rcx, [rsi+30h] ; hDC lea rdx, [rsi+90h] ; lprc mov r8, rax ; hbr call cs:FillRect mov ebx, [r12+30h] mov rcx, [rsi+30h] ; HDC sub ebx, [r12+28h] lea rdx, [rsi+90h] ; __int64 mov r8d, ebx ; __int64 call sub_100008C70 mov r15d, [rsi+9Ch] mov rcx, [rsi+30h] ; HDC mov eax, 10624DD3h lea r13d, [rbx-1] imul r13d mov r14d, edx mov rdx, [rsi+88h] ; HGDIOBJ sar r14d, 7 mov eax, r14d shr eax, 1Fh add r14d, eax mov eax, 2 cmovz r14d, eax sub r15d, [rsi+94h] dec r15d call cs:SelectObject mov rcx, cs:qword_10002FE90 movzx edx, byte ptr [rcx] mov r8d, [rsi+9Ch] mov [rsp+88h+var_38], rax imul edx, r15d mov eax, 51EB851Fh xor r9d, r9d ; LPPOINT imul edx sar edx, 5 mov ecx, edx shr ecx, 1Fh add edx, ecx mov rcx, [rsi+30h] ; HDC sub r8d, edx ; int mov edx, [rsi+98h] ; int call cs:MoveToEx xor ebp, ebp xor edi, edi xor ebx, ebx loc_100009535: cmp ebx, r13d jge short loc_10000958D mov rax, cs:qword_10002FE90 movzx ecx, byte ptr [rdi+rax] test cl, cl jz short loc_10000958D mov r8d, [rsi+9Ch] movzx ecx, cl mov eax, 51EB851Fh imul ecx, r15d imul ecx mov rcx, [rsi+30h] ; HDC sar edx, 5 mov eax, edx shr eax, 1Fh add edx, eax sub r8d, edx ; int mov edx, [rsi+98h] sub edx, ebx ; int call cs:LineTo inc ebp add ebx, r14d inc rdi cmp ebp, 7D0h jl short loc_100009535 loc_10000958D: mov ecx, [r12+34h] mov r8d, [r12+2Ch] ; int mov edx, [r12+28h] ; int mov r9d, [r12+30h] xor eax, eax mov [rsp+88h+var_48], 0CC0020h mov [rsp+88h+var_50], eax mov [rsp+88h+var_58], eax mov rax, [rsi+30h] sub ecx, r8d mov [rsp+88h+var_60], rax sub r9d, edx ; int mov [rsp+88h+var_68], ecx mov rcx, [r12+20h] ; HDC call cs:BitBlt mov rax, [rsp+88h+var_38] mov r15, [rsp+88h+var_20] test rax, rax mov r14, [rsp+88h+var_18] mov r13, [rsp+88h+var_10] mov rdi, [rsp+88h+arg_18] mov rbp, [rsp+88h+arg_8] mov rbx, [rsp+88h+arg_0] jz short loc_10000960F loc_100009602: ; HDC mov rcx, [rsi+30h] mov rdx, rax ; HGDIOBJ call cs:SelectObject loc_10000960F: mov r12, [rsp+88h+var_8] mov rsi, [rsp+88h+arg_10] add rsp, 88h retn sub_100009430 endp algn_100009627: align 10h sub_100009630 proc near var_58= dword ptr -58h var_50= dword ptr -50h var_48= dword ptr -48h var_40= dword ptr -40h var_38= qword ptr -38h var_30= qword ptr -30h var_28= qword ptr -28h var_20= qword ptr -20h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 78h mov [rax+8], rbx mov [rax+18h], rsi mov [rax-8], r12 mov [rax-10h], r13 xor r13d, r13d mov rsi, rcx mov ebx, r13d lea r12d, [r13+5] cmp cs:byte_10002F3D0, bl jbe loc_1000096FF loc_100009660: ; hDlg mov rcx, [rsi+8] lea edx, [rbx+1388h] ; nIDDlgItem call cs:GetDlgItem test rax, rax jnz short loc_1000096D3 mov [rsp+78h+var_20], r13 mov [rsp+78h+var_28], r13 mov eax, ebx add rax, 1388h lea r8, WindowName ; lpWindowName lea rdx, aButton_0 ; "BUTTON" mov [rsp+78h+var_30], rax mov rax, [rsi+8] mov r9d, 4800000Bh ; dwStyle mov [rsp+78h+var_38], rax mov [rsp+78h+var_40], 1 mov [rsp+78h+var_48], 1 mov ecx, 200h ; dwExStyle mov [rsp+78h+var_50], r13d mov [rsp+78h+var_58], r13d call cs:CreateWindowExW test rax, rax jz short loc_1000096EE loc_1000096D3: test ebx, ebx jz short loc_1000096EE cmp cs:dword_10002FEDC, 1 mov edx, r13d mov rcx, rax ; hWnd cmovz edx, r12d ; nCmdShow call cs:ShowWindow loc_1000096EE: movzx eax, cs:byte_10002F3D0 inc ebx cmp ebx, eax jb loc_100009660 loc_1000096FF: mov [rsp+78h+arg_8], rbp mov [rsp+78h+arg_18], rdi lea rdi, qword_100003190 mov ebp, 1Ch db 66h nop db 66h, 66h nop loc_100009720: test byte ptr cs:dword_10003015C, 10h mov edx, [rdi] ; nIDDlgItem mov rcx, [rsi+8] ; hDlg mov ebx, r12d cmovnz ebx, r13d call cs:GetDlgItem mov edx, ebx ; nCmdShow mov rcx, rax ; hWnd call cs:ShowWindow add rdi, 4 dec rbp jnz short loc_100009720 test byte ptr cs:dword_10003015C, 10h mov rcx, [rsi+8] ; hDlg mov ebx, r12d mov edx, 3EEh ; nIDDlgItem cmovnz ebx, r13d call cs:GetDlgItem mov edx, ebx ; nCmdShow mov rcx, rax ; hWnd call cs:ShowWindow test byte ptr cs:dword_10003015C, 10h mov rcx, [rsi+8] ; hDlg mov ebx, r12d mov edx, 3EAh ; nIDDlgItem cmovnz ebx, r13d call cs:GetDlgItem mov edx, ebx ; nCmdShow mov rcx, rax ; hWnd call cs:ShowWindow test byte ptr cs:dword_10003015C, 10h mov rcx, [rsi+8] ; hDlg mov ebx, r12d mov edx, 428h ; nIDDlgItem cmovnz ebx, r13d call cs:GetDlgItem mov edx, ebx ; nCmdShow mov rcx, rax ; hWnd call cs:ShowWindow test byte ptr cs:dword_10003015C, 10h mov rcx, [rsi+8] ; hDlg mov edx, 3EDh ; nIDDlgItem cmovnz r12d, r13d call cs:GetDlgItem mov edx, r12d ; nCmdShow mov rcx, rax ; hWnd call cs:ShowWindow mov rcx, rsi mov r13, [rsp+78h+var_10] mov r12, [rsp+78h+var_8] mov rdi, [rsp+78h+arg_18] mov rsi, [rsp+78h+arg_10] mov rbp, [rsp+78h+arg_8] mov rbx, [rsp+78h+arg_0] add rsp, 78h jmp sub_100008430 sub_100009630 endp algn_100009822: align 10h sub_100009830 proc near var_138= dword ptr -138h var_130= qword ptr -130h var_128= dword ptr -128h var_120= dword ptr -120h var_118= dword ptr -118h var_108= qword ptr -108h var_100= dword ptr -100h var_FC= dword ptr -0FCh var_F8= qword ptr -0F8h var_F0= dword ptr -0F0h var_E8= qword ptr -0E8h var_E0= byte ptr -0E0h var_D8= qword ptr -0D8h Rect= tagRECT ptr -0D0h var_B8= dword ptr -0B8h String= word ptr -58h var_48= qword ptr -48h var_30= qword ptr -30h var_28= qword ptr -28h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_10= qword ptr 18h arg_18= qword ptr 20h mov r11, rsp sub rsp, 158h mov rax, cs:qword_10002C178 mov [rsp+158h+var_48], rax mov [r11+18h], rbx mov [r11-10h], rdi mov [r11-20h], r13 mov rdi, rcx mov [rsp+158h+var_F8], rcx mov ecx, 4 ; int mov [r11-30h], r15 mov r13, rdx call cs:GetStockObject mov rcx, [r13+20h] ; HDC mov rdx, rax ; HGDIOBJ call cs:SelectObject mov ecx, [r13+34h] mov r9d, [r13+30h] ; int mov r8d, [r13+2Ch] ; int mov edx, [r13+28h] ; int mov [rsp+158h+var_138], ecx mov rcx, [r13+20h] ; HDC mov [rsp+158h+var_E8], rax call cs:Rectangle mov eax, [r13+30h] mov rcx, [rdi+8] ; hDlg sub eax, [r13+28h] sub eax, 21h cdq sub eax, edx mov edx, 3EDh ; nIDDlgItem sar eax, 1 mov r15d, eax call cs:GetDlgItem lea rdx, [rsp+158h+Rect] ; lpRect mov rcx, rax ; hWnd call cs:GetWindowRect mov rcx, [r13+20h] ; HDC xor ebx, ebx lea edx, [rbx+6] ; UINT call cs:GetCurrentObject test rax, rax jz short loc_10000990B lea r8, [rsp+158h+var_B8] ; LPVOID lea edx, [rbx+5Ch] ; int mov rcx, rax ; HGDIOBJ call cs:GetObjectW test eax, eax jz short loc_10000990B mov ebx, [rsp+158h+var_B8] test ebx, ebx jns short loc_10000990B neg ebx loc_10000990B: mov eax, cs:dword_10002F400 mov [rsp+158h+var_8], rsi mov esi, [r13+34h] lea ecx, [rax+rax*2] sub esi, ecx sub esi, [r13+2Ch] sub esi, ebx test esi, esi mov [rsp+158h+var_F0], esi jle loc_100009CAA movzx ecx, cs:byte_10002FE98 mov eax, 51EB851Fh loc_100009940: mov [rsp+158h+var_18], r12 imul ecx, esi imul ecx mov r8d, edx sar r8d, 5 mov ecx, r8d shr ecx, 1Fh add r8d, ecx test byte ptr cs:dword_10003015C, 8 jz short loc_10000998E movzx ecx, cs:byte_10002FE99 mov eax, 51EB851Fh imul ecx, esi imul ecx mov r12d, edx sar r12d, 5 mov eax, r12d shr eax, 1Fh add r12d, eax mov [rsp+158h+var_100], r12d jmp short loc_100009996 loc_10000998E: xor r12d, r12d mov [rsp+158h+var_100], r12d loc_100009996: mov ecx, esi mov eax, 55555556h mov [rsp+158h+arg_18], rbp sub ecx, r8d mov [rsp+158h+var_28], r14 mov r14d, esi imul ecx mov rcx, [r13+20h] ; HDC mov eax, edx shr eax, 1Fh add edx, eax lea eax, [rdx+rdx*2] mov edx, 1 ; int sub r14d, eax mov [rsp+158h+var_FC], r14d call cs:SetBkMode mov rcx, [r13+20h] ; HDC mov edx, 0FF00h ; COLORREF call cs:SetTextColor movzx r9d, cs:byte_10002FE98 lea r8, aD ; "%d %%" lea rcx, [rsp+158h+String] mov edx, 8 call sub_100008380 mov eax, [r13+28h] mov rcx, [r13+20h] ; hDC lea r11, [rsp+158h+var_E0] lea r9, [rsp+158h+var_E0] ; lpRect lea rdx, [rsp+158h+String] ; lpString mov [r11], eax mov eax, [r13+2Ch] mov r8d, 0FFFFFFFFh ; nCount mov [r11+4], eax mov eax, [r13+30h] mov [rsp+158h+var_138], 29h mov [r11+8], eax mov eax, [r13+34h] mov [r11+0Ch], eax mov rax, [rsp+158h+var_D8] shr rax, 20h sub eax, 4 mov dword ptr [rsp+158h+var_D8+4], eax call cs:DrawTextW mov rcx, [r13+20h] ; HDC call cs:CreateCompatibleDC test rax, rax mov rbp, rax jz loc_100009C83 cmp esi, r14d jz loc_100009B26 mov rdx, [rsp+158h+var_F8] mov edi, esi mov rcx, rax ; HDC mov rdx, [rdx+18h] ; HGDIOBJ sub edi, r14d xor r14d, r14d call cs:SelectObject test edi, edi mov [rsp+158h+var_108], rax jle short loc_100009AFF mov esi, 4Bh db 66h, 66h, 66h nop loc_100009AB0: mov r8d, cs:dword_10002F400 mov rcx, [r13+20h] ; HDC mov [rsp+158h+var_118], 0CC0020h mov ebx, esi cmp edi, esi mov edx, r15d ; int cmovl ebx, edi xor eax, eax add r8d, r14d ; int mov [rsp+158h+var_120], eax mov [rsp+158h+var_128], eax lea r9d, [rax+21h] ; int mov [rsp+158h+var_130], rbp mov [rsp+158h+var_138], ebx call cs:BitBlt sub edi, ebx add r14d, ebx test edi, edi jg short loc_100009AB0 mov esi, [rsp+158h+var_F0] mov rax, [rsp+158h+var_108] loc_100009AFF: test rax, rax jz short loc_100009B1C mov rdx, rax ; HGDIOBJ mov rcx, rbp ; HDC call cs:SelectObject mov r14d, [rsp+158h+var_FC] mov rdi, [rsp+158h+var_F8] jmp short loc_100009B26 loc_100009B1C: mov r14d, [rsp+158h+var_FC] mov rdi, [rsp+158h+var_F8] loc_100009B26: test r14d, r14d jz loc_100009BD9 mov rdx, [rdi+28h] ; HGDIOBJ mov rcx, rbp ; HDC call cs:SelectObject xor edx, edx mov ebx, r14d sub ebx, r12d mov [rsp+158h+var_108], rax mov edi, edx test ebx, ebx jle short loc_100009BC8 mov r12d, 4Bh db 66h, 66h, 66h nop db 66h, 66h nop db 66h, 66h, 66h nop loc_100009B60: mov r8d, cs:dword_10002F400 mov [rsp+158h+var_118], 0CC0020h mov [rsp+158h+var_120], edx mov [rsp+158h+var_128], edx mov ecx, ebx cmp ebx, r12d cmovg ecx, r12d sub r8d, r14d mov [rsp+158h+var_130], rbp mov [rsp+158h+var_138], ecx mov rcx, [r13+20h] ; HDC add r8d, edi add r8d, esi ; int mov r9d, 21h ; int mov edx, r15d ; int call cs:BitBlt cmp ebx, r12d mov r11d, r12d cmovl r11d, ebx mov edx, 0 sub ebx, r11d add edi, r11d test ebx, ebx jg short loc_100009B60 mov r12d, [rsp+158h+var_100] mov rax, [rsp+158h+var_108] loc_100009BC8: test rax, rax jz short loc_100009BD9 mov rdx, rax ; HGDIOBJ mov rcx, rbp ; HDC call cs:SelectObject loc_100009BD9: test r12d, r12d jz loc_100009C7A mov rdx, [rsp+158h+var_F8] mov rcx, rbp ; HDC mov rdx, [rdx+20h] ; HGDIOBJ call cs:SelectObject xor ecx, ecx test r12d, r12d mov [rsp+158h+var_108], rax mov r14d, ecx mov edi, r12d jle short loc_100009C69 db 66h, 66h, 66h nop db 66h, 66h nop db 66h, 66h nop loc_100009C10: mov r8d, cs:dword_10002F400 mov [rsp+158h+var_118], 0CC0020h mov [rsp+158h+var_120], ecx mov [rsp+158h+var_128], ecx mov rcx, [r13+20h] ; HDC mov ebx, 4Bh cmp edi, ebx mov r9d, 21h ; int mov edx, r15d ; int cmovl ebx, edi sub r8d, r12d mov [rsp+158h+var_130], rbp add r8d, r14d mov [rsp+158h+var_138], ebx add r8d, esi ; int call cs:BitBlt sub edi, ebx add r14d, ebx test edi, edi mov ecx, 0 jg short loc_100009C10 mov rax, [rsp+158h+var_108] loc_100009C69: test rax, rax jz short loc_100009C7A mov rdx, rax ; HGDIOBJ mov rcx, rbp ; HDC call cs:SelectObject loc_100009C7A: ; HDC mov rcx, rbp call cs:DeleteDC loc_100009C83: ; HGDIOBJ mov rdx, [rsp+158h+var_E8] mov rcx, [r13+20h] ; HDC call cs:SelectObject mov r14, [rsp+158h+var_28] mov r12, [rsp+158h+var_18] mov rbp, [rsp+158h+arg_18] loc_100009CAA: mov r15, [rsp+158h+var_30] mov r13, [rsp+158h+var_20] mov rdi, [rsp+158h+var_10] mov rsi, [rsp+158h+var_8] mov rbx, [rsp+158h+arg_10] mov rcx, [rsp+158h+var_48] call sub_1000258D0 add rsp, 158h retn sub_100009830 endp algn_100009CE7: align 10h sub_100009CF0 proc near var_148= dword ptr -148h var_140= qword ptr -140h var_138= dword ptr -138h var_130= dword ptr -130h var_128= dword ptr -128h var_118= qword ptr -118h var_110= dword ptr -110h var_108= qword ptr -108h var_100= qword ptr -100h Rect= tagRECT ptr -0F8h var_E8= dword ptr -0E8h String= word ptr -88h var_48= qword ptr -48h var_30= qword ptr -30h var_28= qword ptr -28h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_10= qword ptr 18h arg_18= qword ptr 20h mov r11, rsp sub rsp, 168h mov rax, cs:qword_10002C178 mov [rsp+168h+var_48], rax mov [r11+20h], rbp mov [r11-10h], rdi mov [r11-20h], r13 mov rdi, rcx mov [rsp+168h+var_100], rcx mov [r11-28h], r14 mov ecx, 4 ; int mov [r11-30h], r15 mov r13, rdx call cs:GetStockObject mov rcx, [r13+20h] ; HDC mov rdx, rax ; HGDIOBJ call cs:SelectObject mov ecx, [r13+34h] mov r9d, [r13+30h] ; int mov r8d, [r13+2Ch] ; int mov edx, [r13+28h] ; int mov [rsp+168h+var_148], ecx mov rcx, [r13+20h] ; HDC mov r14, rax mov [rsp+168h+var_108], rax call cs:Rectangle mov eax, [r13+30h] mov rcx, [r13+20h] ; HDC sub eax, [r13+28h] sub eax, 21h cdq sub eax, edx mov edx, 1 ; int sar eax, 1 mov r15d, eax call cs:SetBkMode mov rcx, [r13+20h] ; HDC mov edx, 0FF00h ; COLORREF call cs:SetTextColor mov rcx, cs:qword_10002FEA0 lea rdx, [rsp+168h+String] ; szBuf shl rcx, 0Ah ; qdw mov r8d, 20h ; uiBufSize call cs:StrFormatByteSizeW mov eax, [r13+28h] mov rcx, [r13+20h] ; hDC lea r11, [rsp+168h+Rect] lea r9, [rsp+168h+Rect] ; lpRect lea rdx, [rsp+168h+String] ; lpString mov [r11], eax mov eax, [r13+2Ch] mov r8d, 0FFFFFFFFh ; nCount mov [r11+4], eax mov eax, [r13+30h] mov [rsp+168h+var_148], 29h mov [r11+8], eax mov eax, [r13+34h] mov [r11+0Ch], eax mov rax, qword ptr [rsp+168h+Rect.right] shr rax, 20h sub eax, 4 mov [rsp+168h+Rect.bottom], eax call cs:DrawTextW mov rcx, [r13+20h] ; HDC call cs:CreateCompatibleDC test rax, rax mov rbp, rax jz loc_10000A02B mov rcx, [r13+20h] ; HDC loc_100009E29: mov [rsp+168h+arg_10], rbx xor ebx, ebx lea edx, [rbx+6] ; UINT call cs:GetCurrentObject test rax, rax jz short loc_100009E66 lea r8, [rsp+168h+var_E8] ; LPVOID lea edx, [rbx+5Ch] ; int mov rcx, rax ; HGDIOBJ call cs:GetObjectW test eax, eax jz short loc_100009E66 mov ebx, [rsp+168h+var_E8] test ebx, ebx jns short loc_100009E66 neg ebx loc_100009E66: mov eax, cs:dword_10002F400 mov [rsp+168h+var_8], rsi mov esi, [r13+34h] lea ecx, [rax+rax*2] sub esi, ecx sub esi, [r13+2Ch] sub esi, ebx test esi, esi mov [rsp+168h+var_110], esi jle loc_10000A012 movsxd rax, esi loc_100009E92: mov [rsp+168h+var_18], r12 imul rax, cs:qword_10002FEA0 cqo idiv cs:qword_10002FEA8 mov rcx, rax mov eax, 55555556h imul ecx mov eax, edx shr eax, 1Fh add edx, eax lea r14d, [rdx+rdx*2] cmp esi, r14d jz loc_100009F61 mov rdx, [rdi+18h] ; HGDIOBJ mov rcx, rbp ; HDC call cs:SelectObject xor ecx, ecx mov edi, esi sub edi, r14d mov [rsp+168h+var_118], rax mov r12d, ecx test edi, edi jle short loc_100009F44 mov esi, 4Bh db 66h nop loc_100009EF0: mov r8d, cs:dword_10002F400 mov [rsp+168h+var_128], 0CC0020h mov [rsp+168h+var_130], ecx mov [rsp+168h+var_138], ecx mov rcx, [r13+20h] ; HDC mov ebx, esi cmp edi, esi mov r9d, 21h ; int mov edx, r15d ; int cmovl ebx, edi add r8d, r12d ; int mov [rsp+168h+var_140], rbp mov [rsp+168h+var_148], ebx call cs:BitBlt sub edi, ebx add r12d, ebx test edi, edi mov ecx, 0 jg short loc_100009EF0 mov esi, [rsp+168h+var_110] mov rax, [rsp+168h+var_118] loc_100009F44: test rax, rax jz short loc_100009F5C mov rdx, rax ; HGDIOBJ mov rcx, rbp ; HDC call cs:SelectObject mov rdi, [rsp+168h+var_100] jmp short loc_100009F61 loc_100009F5C: mov rdi, [rsp+168h+var_100] loc_100009F61: test r14d, r14d jz loc_10000A005 mov rdx, [rdi+28h] ; HGDIOBJ mov rcx, rbp ; HDC call cs:SelectObject mov ebx, r14d mov r12, rax mov [rsp+168h+var_118], rax xor eax, eax test r14d, r14d mov edi, eax jle short loc_100009FF4 mov r12d, 4Bh loc_100009F91: mov r8d, cs:dword_10002F400 mov [rsp+168h+var_128], 0CC0020h mov [rsp+168h+var_130], eax mov [rsp+168h+var_138], eax mov ecx, ebx cmp ebx, r12d cmovg ecx, r12d sub r8d, r14d mov [rsp+168h+var_140], rbp mov [rsp+168h+var_148], ecx mov rcx, [r13+20h] ; HDC add r8d, edi add r8d, esi ; int mov r9d, 21h ; int mov edx, r15d ; int call cs:BitBlt cmp ebx, r12d mov r11d, r12d cmovl r11d, ebx mov eax, 0 sub ebx, r11d add edi, r11d test ebx, ebx jg short loc_100009F91 mov r12, [rsp+168h+var_118] loc_100009FF4: test r12, r12 jz short loc_10000A005 mov rdx, r12 ; HGDIOBJ mov rcx, rbp ; HDC call cs:SelectObject loc_10000A005: mov r14, [rsp+168h+var_108] mov r12, [rsp+168h+var_18] loc_10000A012: ; HDC mov rcx, rbp call cs:DeleteDC mov rsi, [rsp+168h+var_8] mov rbx, [rsp+168h+arg_10] loc_10000A02B: ; HDC mov rcx, [r13+20h] mov rdx, r14 ; HGDIOBJ call cs:SelectObject mov r15, [rsp+168h+var_30] mov r14, [rsp+168h+var_28] mov r13, [rsp+168h+var_20] mov rdi, [rsp+168h+var_10] mov rbp, [rsp+168h+arg_18] mov rcx, [rsp+168h+var_48] call sub_1000258D0 add rsp, 168h retn sub_100009CF0 endp algn_10000A075: align 20h sub_10000A080 proc near arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov [rsp+28h+arg_8], rbp mov rbp, rcx mov [rsp+28h+arg_10], rsi mov esi, 1 mov ecx, esi call sub_10000AA70 mov r11d, cs:dword_10002FEB0 mov eax, 0D5555555h add r11d, 2 imul r11d sar edx, 1 mov eax, edx shr eax, 1Fh add edx, eax lea eax, [rdx+rdx*2] lea ecx, [r11+rax*4] mov cs:dword_10002FEB0, ecx mov rcx, cs:hWnd ; hWnd call cs:IsIconic test eax, eax jnz loc_10000A1E4 mov rcx, [rbp+8] ; hDlg mov edx, 3ECh ; nIDDlgItem call cs:GetDlgItem xor r8d, r8d ; bErase xor edx, edx ; lpRect mov rcx, rax ; hWnd call cs:InvalidateRect mov rcx, [rbp+8] ; hDlg mov edx, 3ECh ; nIDDlgItem call cs:GetDlgItem mov rcx, rax ; hWnd call cs:UpdateWindow mov rcx, [rbp+8] ; hDlg mov edx, 3EDh ; nIDDlgItem call cs:GetDlgItem xor r8d, r8d ; bErase xor edx, edx ; lpRect mov rcx, rax ; hWnd call cs:InvalidateRect mov rcx, [rbp+8] ; hDlg mov edx, 3EDh ; nIDDlgItem call cs:GetDlgItem mov rcx, rax ; hWnd call cs:UpdateWindow cmp cs:dword_10002FEDC, esi jnz short loc_10000A154 movzx esi, cs:byte_10002F3D0 loc_10000A154: mov [rsp+28h+arg_0], rbx xor ebx, ebx test esi, esi jz short loc_10000A1AA loc_10000A15F: mov [rsp+28h+arg_18], rdi db 66h, 66h, 66h nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_10000A170: ; hDlg mov rcx, [rbp+8] lea edx, [rbx+1388h] ; nIDDlgItem call cs:GetDlgItem test rax, rax mov rdi, rax jz short loc_10000A19F xor r8d, r8d ; bErase xor edx, edx ; lpRect mov rcx, rax ; hWnd call cs:InvalidateRect mov rcx, rdi ; hWnd call cs:UpdateWindow loc_10000A19F: inc ebx cmp ebx, esi jb short loc_10000A170 mov rdi, [rsp+28h+arg_18] loc_10000A1AA: ; hDlg mov rcx, [rbp+8] mov edx, 3EEh ; nIDDlgItem call cs:GetDlgItem xor r8d, r8d ; bErase xor edx, edx ; lpRect mov rcx, rax ; hWnd call cs:InvalidateRect mov rcx, [rbp+8] ; hDlg mov edx, 3EEh ; nIDDlgItem call cs:GetDlgItem mov rcx, rax ; hWnd call cs:UpdateWindow mov rbx, [rsp+28h+arg_0] loc_10000A1E4: mov rsi, [rsp+28h+arg_10] mov rbp, [rsp+28h+arg_8] add rsp, 28h retn sub_10000A080 endp algn_10000A1F3: align 20h ; INT_PTR __stdcall sub_10000A200(HWND, UINT, WPARAM, LPARAM) sub_10000A200 proc near arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov [rsp+28h+arg_0], rbx mov [rsp+28h+arg_8], rbp mov ebx, edx mov [rsp+28h+arg_10], rsi mov edx, 0FFFFFFEBh ; nIndex mov [rsp+28h+arg_18], rdi mov rdi, r9 mov rsi, r8 mov rbp, rcx call cs:GetWindowLongPtrW cmp ebx, 0A3h mov rcx, rax jb short loc_10000A272 cmp ebx, 0A5h jbe short loc_10000A251 cmp ebx, 202h jbe short loc_10000A272 cmp ebx, 205h ja short loc_10000A272 loc_10000A251: ; hWnd mov rcx, cs:hWnd mov r9, rdi ; lParam mov r8, rsi ; wParam mov edx, ebx ; Msg call cs:SendMessageW mov rax, 1 jmp short loc_10000A2A5 loc_10000A272: cmp ebx, 110h ja loc_10000A438 cmp ebx, 110h jz loc_10000A360 mov eax, ebx sub eax, 5 jz loc_10000A356 sub eax, 26h jz short loc_10000A2BE cmp eax, 78h jz loc_10000A460 loc_10000A2A3: xor eax, eax loc_10000A2A5: mov rdi, [rsp+28h+arg_18] mov rsi, [rsp+28h+arg_10] mov rbp, [rsp+28h+arg_8] mov rbx, [rsp+28h+arg_0] add rsp, 28h retn loc_10000A2BE: cmp rsi, 1388h jb short loc_10000A2F5 movzx eax, cs:byte_10002F3D0 add eax, 1388h cdqe cmp rsi, rax ja short loc_10000A2F5 lea r8d, [rsi-1388h] mov rdx, rdi call sub_100008D90 mov rax, 1 jmp short loc_10000A2A5 loc_10000A2F5: cmp rsi, 3ECh jnz short loc_10000A312 mov rdx, rdi call sub_100009830 mov rax, 1 jmp short loc_10000A2A5 loc_10000A312: cmp rsi, 3EDh jnz short loc_10000A332 mov rdx, rdi call sub_100009CF0 mov rax, 1 jmp loc_10000A2A5 loc_10000A332: cmp rsi, 3EEh jnz loc_10000A2A3 mov rdx, rdi call sub_100009430 mov rax, 1 jmp loc_10000A2A5 loc_10000A356: call sub_100008430 jmp loc_10000A2A3 loc_10000A360: ; dwNewLong mov r8, rdi mov edx, 0FFFFFFEBh ; nIndex mov rcx, rbp ; hWnd call cs:SetWindowLongPtrW mov edx, 0FFFFFFF0h ; nIndex mov rcx, rbp ; hWnd call cs:GetWindowLongW mov edx, 0FFFFFFF0h ; nIndex mov rcx, rbp ; hWnd bts eax, 19h mov r8d, eax ; dwNewLong call cs:SetWindowLongW cmp cs:dword_10002F43C, 0 jz loc_10000A2A3 mov rcx, rbp call sub_100024690 test eax, eax jz loc_10000A2A3 mov edx, 3ECh ; nIDDlgItem mov rcx, rbp ; hDlg call cs:GetDlgItem mov edx, 0FFFFFFECh ; nIndex mov rcx, rax ; hWnd mov rbx, rax call cs:GetWindowLongW mov r8d, dword ptr cs:qword_100002AB0+4 mov edx, 0FFFFFFECh ; nIndex or r8d, dword ptr cs:qword_100002AB0 mov rcx, rbx ; hWnd not r8d and r8d, eax ; dwNewLong call cs:SetWindowLongW mov edx, 3EDh ; nIDDlgItem mov rcx, rbp ; hDlg call cs:GetDlgItem mov edx, 0FFFFFFECh ; nIndex mov rcx, rax ; hWnd mov rbx, rax call cs:GetWindowLongW mov r8d, dword ptr cs:qword_100002AB0+4 mov edx, 0FFFFFFECh ; nIndex or r8d, dword ptr cs:qword_100002AB0 mov rcx, rbx ; hWnd not r8d and r8d, eax ; dwNewLong call cs:SetWindowLongW jmp loc_10000A2A3 loc_10000A438: cmp ebx, 135h jz short loc_10000A4B3 cmp ebx, 200h jbe loc_10000A2A3 cmp ebx, 202h jbe short loc_10000A47A cmp ebx, 203h jnz loc_10000A2A3 loc_10000A460: ; hWnd mov rcx, cs:hWnd mov r9, rdi ; lParam mov r8, rsi ; wParam mov edx, ebx ; Msg call cs:SendMessageW jmp loc_10000A2A3 loc_10000A47A: test byte ptr cs:dword_10003015C, 10h jz loc_10000A2A3 mov rcx, cs:hWnd ; hWnd xor eax, eax cmp ebx, 202h setz al mov r9, rdi ; lParam mov r8d, 2 ; wParam lea edx, [rax+0A1h] ; Msg call cs:SendMessageW jmp loc_10000A2A3 loc_10000A4B3: ; hWnd mov rcx, rdi call cs:GetDlgCtrlID lea rcx, qword_100003840 mov r11d, eax xor eax, eax loc_10000A4C8: cmp r11d, [rcx] jz short loc_10000A4FA inc eax add rcx, 4 cmp eax, 3 jb short loc_10000A4C8 cmp r11d, 1388h jl loc_10000A2A3 movzx eax, cs:byte_10002F3D0 add eax, 1388h cmp r11d, eax jg loc_10000A2A3 loc_10000A4FA: ; int mov ecx, 4 call cs:GetStockObject jmp loc_10000A2A5 sub_10000A200 endp algn_10000A50A: align 10h loc_10000A510: mov rcx, cs:hInstance mov r9d, r8d mov r8, rdx mov edx, 2710h jmp cs:LoadStringW align 10h sub_10000A530 proc near var_38= dword ptr -38h var_30= dword ptr -30h var_28= dword ptr -28h Rect= tagRECT ptr -18h arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 58h mov [rsp+58h+arg_8], rbx loc_10000A539: mov [rsp+58h+arg_10], rsi mov [rsp+58h+arg_18], rdi mov rdi, rcx mov rcx, [rcx+10h] ; hWnd lea rdx, [rsp+58h+Rect] ; lpRect call cs:GetClientRect mov rdx, cs:hWnd ; hWndTo mov rcx, [rdi+10h] ; hWndFrom lea r8, [rsp+58h+Rect] ; lpPoints mov r9d, 2 ; cPoints call cs:MapWindowPoints mov rcx, [rdi+10h] ; hWnd lea r9, [rsp+58h+Rect] ; lParam xor r8d, r8d ; wParam mov edx, 1328h ; Msg call cs:SendMessageW mov ecx, [rsp+58h+Rect.bottom] mov r9d, [rsp+58h+Rect.top] ; Y mov eax, [rsp+58h+Rect.right] mov r8d, [rsp+58h+Rect.left] ; X sub ecx, r9d mov [rsp+58h+var_28], 0 mov [rsp+58h+var_30], ecx mov rcx, [rdi+8] ; hWnd sub eax, r8d xor edx, edx ; hWndInsertAfter mov [rsp+58h+var_38], eax call cs:SetWindowPos mov rcx, [rdi+8] ; hWnd mov edx, 5 ; nCmdShow call cs:ShowWindow mov rcx, rdi call sub_100009630 mov rcx, cs:hWnd ; hWnd call cs:GetMenu mov rcx, cs:hInstance ; hInstance mov edx, 78h ; lpMenuName mov rbx, rax call cs:LoadMenuW mov rcx, rax ; hMenu mov rsi, rax call sub_100005790 test byte ptr cs:dword_10003015C, 10h mov cs:hMenu, rsi jnz short loc_10000A620 mov rcx, cs:hWnd ; hWnd mov rdx, rsi ; hMenu call cs:SetMenu loc_10000A620: test rbx, rbx mov rsi, [rsp+58h+arg_10] jz short loc_10000A633 loc_10000A62A: ; hMenu mov rcx, rbx call cs:DestroyMenu loc_10000A633: ; hWnd mov rcx, [rdi+10h] call cs:SetFocus mov rdi, [rsp+58h+arg_18] mov rbx, [rsp+58h+arg_8] xor eax, eax add rsp, 58h retn sub_10000A530 endp algn_10000A64E: align 20h sub_10000A660 proc near var_18= qword ptr -18h var_10= dword ptr -10h arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 38h loc_10000A664: mov [rsp+38h+arg_0], rbx mov [rsp+38h+arg_8], rbp mov [rsp+38h+arg_10], rsi mov [rsp+38h+arg_18], rdi mov rbp, rcx mov [rcx+10h], rdx lea rdi, qword_100003200 lea rbx, [rcx+48h] mov esi, 9 nop loc_10000A690: ; COLORREF mov r8d, [rdi] mov edx, 1 ; int xor ecx, ecx ; int call cs:CreatePen test rax, rax mov [rbx], rax jnz short loc_10000A6B4 lea ecx, [rax+6] ; int call cs:GetStockObject mov [rbx], rax loc_10000A6B4: add rbx, 8 add rdi, 4 dec rsi jnz short loc_10000A690 mov rcx, cs:hInstance ; HINSTANCE xor ebx, ebx lea edx, [rsi+67h] ; LPCWSTR xor r9d, r9d ; int xor r8d, r8d ; UINT mov [rsp+38h+var_10], ebx mov dword ptr [rsp+38h+var_18], ebx call cs:LoadImageW mov rcx, cs:hInstance ; HINSTANCE lea edx, [rsi+7Dh] ; LPCWSTR xor r9d, r9d ; int xor r8d, r8d ; UINT mov [rsp+38h+var_10], ebx mov [rbp+28h], rax mov dword ptr [rsp+38h+var_18], ebx call cs:LoadImageW mov rcx, cs:hInstance ; HINSTANCE lea edx, [rsi+68h] ; LPCWSTR xor r9d, r9d ; int xor r8d, r8d ; UINT mov [rsp+38h+var_10], ebx mov [rbp+20h], rax mov dword ptr [rsp+38h+var_18], ebx call cs:LoadImageW mov r8, cs:hWnd ; hWndParent mov rcx, cs:hInstance ; hInstance lea r9, sub_10000A200 ; lpDialogFunc lea edx, [rsi+6Ch] ; lpTemplateName mov [rbp+18h], rax mov [rsp+38h+var_18], rbp call cs:CreateDialogParamW mov rdi, [rsp+38h+arg_18] mov rsi, [rsp+38h+arg_10] test rax, rax mov rbx, [rsp+38h+arg_0] mov [rbp+8], rax mov rbp, [rsp+38h+arg_8] jnz short loc_10000A791 loc_10000A769: call cs:GetLastError test eax, eax jg short loc_10000A77E add rsp, 38h jmp cs:GetLastError loc_10000A77E: call cs:GetLastError movzx eax, ax or eax, 80070000h add rsp, 38h retn loc_10000A791: xor eax, eax add rsp, 38h retn sub_10000A660 endp algn_10000A798: align 20h sub_10000A7A0 proc near arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h loc_10000A7A4: mov [rsp+28h+arg_8], rbx loc_10000A7A9: mov [rsp+28h+arg_10], rsi mov [rsp+28h+arg_18], rdi mov rdi, rcx lea rbx, [rcx+48h] mov esi, 9 nop loc_10000A7C0: ; HGDIOBJ mov rcx, [rbx] test rcx, rcx jz short loc_10000A7CE call cs:DeleteObject loc_10000A7CE: add rbx, 8 dec rsi jnz short loc_10000A7C0 mov rcx, [rdi+8] ; hWnd mov rsi, [rsp+28h+arg_10] xor ebx, ebx test rcx, rcx jz short loc_10000A7F1 loc_10000A7E7: call cs:DestroyWindow mov [rdi+8], rbx loc_10000A7F1: ; HGDIOBJ mov rcx, [rdi+28h] test rcx, rcx jz short loc_10000A804 call cs:DeleteObject mov [rdi+28h], rbx loc_10000A804: ; HGDIOBJ mov rcx, [rdi+18h] test rcx, rcx jz short loc_10000A817 call cs:DeleteObject mov [rdi+18h], rbx loc_10000A817: ; HGDIOBJ mov rcx, [rdi+20h] test rcx, rcx jz short loc_10000A82A call cs:DeleteObject mov [rdi+20h], rbx loc_10000A82A: ; HDC mov rcx, [rdi+30h] mov rbx, [rsp+28h+arg_8] test rcx, rcx jz short loc_10000A851 loc_10000A838: ; HGDIOBJ mov rdx, [rdi+40h] test rdx, rdx jz short loc_10000A847 call cs:SelectObject loc_10000A847: ; HDC mov rcx, [rdi+30h] call cs:DeleteDC loc_10000A851: ; HGDIOBJ mov rcx, [rdi+38h] mov rdi, [rsp+28h+arg_18] test rcx, rcx jz short loc_10000A865 loc_10000A85F: call cs:DeleteObject loc_10000A865: xor eax, eax add rsp, 28h retn sub_10000A7A0 endp algn_10000A86C: align 20h sub_10000A880 proc near var_D88= byte ptr -0D88h var_D80= dword ptr -0D80h var_D50= byte ptr -0D50h var_D48= byte ptr -0D48h var_D14= dword ptr -0D14h var_C08= byte ptr -0C08h var_C00= byte ptr -0C00h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 0DA8h mov [rsp+0DA8h+arg_8], rbp mov ebp, 40h lea rdx, [rsp+0DA8h+var_D88] xor r9d, r9d xor ecx, ecx mov r8d, ebp call cs:NtQuerySystemInformation test eax, eax jns short loc_10000A8BD xor al, al mov rbp, [rsp+0DA8h+arg_8] add rsp, 0DA8h retn loc_10000A8BD: mov eax, [rsp+0DA8h+var_D80] loc_10000A8C1: mov [rsp+0DA8h+arg_0], rbx mov [rsp+0DA8h+arg_10], rsi mov [rsp+0DA8h+arg_18], rdi mov cs:dword_10002F320, eax movzx eax, [rsp+0DA8h+var_D50] cmp al, bpl mov ecx, eax mov [rsp+0DA8h+var_8], r12 cmova ecx, ebp xor esi, esi lea r12, __ImageBase test cl, cl mov edi, esi mov cs:byte_10002F3D0, cl jz short loc_10000A95D mov rbx, rsi db 66h, 66h, 66h nop loc_10000A910: ; uBytes mov edx, 3E80h mov ecx, ebp ; uFlags call cs:LocalAlloc test rax, rax mov [rbx+r12+2FA90h], rax jz loc_10000AA62 mov edx, 3E80h ; uBytes mov ecx, ebp ; uFlags call cs:LocalAlloc test rax, rax mov [rbx+r12+2FC90h], rax jz loc_10000AA62 movzx eax, cs:byte_10002F3D0 inc edi add rbx, 8 cmp edi, eax jl short loc_10000A910 loc_10000A95D: ; uBytes mov edx, 3E80h mov ecx, ebp ; uFlags call cs:LocalAlloc test rax, rax mov cs:qword_10002FE90, rax jz loc_10000AA62 xor r9d, r9d lea rdx, [rsp+0DA8h+var_C08] mov r8d, 0C00h lea ecx, [r9+8] call cs:NtQuerySystemInformation test eax, eax js loc_10000AA62 movzx eax, cs:byte_10002F3D0 test eax, eax jle short loc_10000A9F8 lea r9, [rsp+0DA8h+var_C00] mov r10, rax nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_10000A9C0: mov rdx, [r9] mov rax, [r9+8] mov r8, [r9-8] lea rcx, [rdx+rax] lea rax, [r8+rdx] mov [rsi+r12+2F490h], r8 mov [rsi+r12+2F890h], rax mov [rsi+r12+2F690h], rcx add rsi, 8 add r9, 30h dec r10 jnz short loc_10000A9C0 loc_10000A9F8: xor r9d, r9d lea rdx, [rsp+0DA8h+var_D48] mov r8d, 138h lea ecx, [r9+2] call cs:NtQuerySystemInformation test eax, eax js short loc_10000AA62 mov eax, cs:dword_10002F320 shr eax, 0Ah imul eax, [rsp+0DA8h+var_D14] mov cs:qword_10002FEA8, rax mov al, cs:byte_10002F3D0 loc_10000AA32: mov rdi, [rsp+0DA8h+arg_18] mov rsi, [rsp+0DA8h+arg_10] mov rbx, [rsp+0DA8h+arg_0] mov r12, [rsp+0DA8h+var_8] mov rbp, [rsp+0DA8h+arg_8] add rsp, 0DA8h retn loc_10000AA62: xor al, al jmp short loc_10000AA32 sub_10000A880 endp algn_10000AA66: align 10h sub_10000AA70 proc near var_1248= qword ptr -1248h var_1240= qword ptr -1240h var_1238= qword ptr -1238h var_1230= qword ptr -1230h var_1228= qword ptr -1228h var_11F8= dword ptr -11F8h var_1028= qword ptr -1028h var_E28= qword ptr -0E28h var_C28= byte ptr -0C28h var_28= qword ptr -28h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov eax, 1268h call __chkstk sub rsp, rax mov [rsp+1268h+var_28], r15 xor r15d, r15d lea rdx, [rsp+1268h+var_C28] lea ecx, [r15+8] xor r9d, r9d mov r8d, 0C00h mov dword ptr [rsp+1268h+var_1248], r15d mov dword ptr [rsp+1268h+var_1248+4], r15d mov dword ptr [rsp+1268h+var_1240], r15d mov dword ptr [rsp+1268h+var_1240+4], r15d mov dword ptr [rsp+1268h+var_1238], r15d mov dword ptr [rsp+1268h+var_1238+4], r15d call cs:NtQuerySystemInformation test eax, eax js loc_10000AD4A cmp cs:byte_10002F3D0, r15b loc_10000AAD0: mov [rsp+1268h+arg_10], rbp mov [rsp+1268h+arg_18], rsi mov [rsp+1268h+var_10], r12 lea r8d, [r15+64h] jbe loc_10000AC82 mov r12, [rsp+1268h+var_1248] mov rsi, [rsp+1268h+var_1240] mov rbp, [rsp+1268h+var_1238] loc_10000AB01: mov [rsp+1268h+var_18], r13 mov [rsp+1268h+var_20], r14 lea rcx, [rsp+1268h+var_C28] mov [rsp+1268h+arg_8], rbx mov r14, r15 lea r13, __ImageBase mov [rsp+1268h+var_1230], rcx mov [rsp+1268h+var_8], rdi db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_10000AB40: mov rax, [rcx] mov rdx, [rcx+8] mov rbx, [rcx+10h] add rbx, rdx mov rdi, rdx mov [rsp+r14+1268h+var_1028], rax sub rdi, rax sub rax, [r14+r13+2F490h] mov [rsp+r14+1268h+var_1228], rbx sub rbx, [r14+r13+2F690h] mov [rsp+r14+1268h+var_E28], rdi sub rdi, [r14+r13+2F890h] add rbp, rdi add r12, rax add rsi, rbx test rbx, rbx jz short loc_10000ABA3 imul rax, 64h mov ecx, r8d cqo idiv rbx sub cl, al mov dword ptr [rsp+1268h+var_1248], ecx jmp short loc_10000ABA8 loc_10000ABA3: mov byte ptr [rsp+1268h+var_1248], 0 loc_10000ABA8: mov r13, [r14+r13+2FA90h] mov r8d, 7CFh ; size_t lea rcx, [r13+1] ; void * mov rdx, r13 ; void * call memmove test rbx, rbx mov r11d, dword ptr [rsp+1268h+var_1248] mov [r13+0], r11b jz short loc_10000ABE1 imul rdi, 64h mov rax, rdi cqo idiv rbx mov rdi, rax jmp short loc_10000ABE4 loc_10000ABE1: xor dil, dil loc_10000ABE4: lea r13, __ImageBase mov r8d, 7CFh ; size_t mov rbx, [r14+r13+2FC90h] mov rdx, rbx ; void * lea rcx, [rbx+1] ; void * call memmove mov rax, [rsp+r14+1268h+var_1228] mov rcx, [rsp+1268h+var_1230] mov [rbx], dil mov [r14+r13+2F690h], rax mov rax, [rsp+r14+1268h+var_1028] mov [r14+r13+2F490h], rax mov rax, [rsp+r14+1268h+var_E28] add rcx, 30h mov [r14+r13+2F890h], rax movzx eax, cs:byte_10002F3D0 inc r15d add r14, 8 cmp r15d, eax mov [rsp+1268h+var_1230], rcx mov r8d, 64h jl loc_10000AB40 mov r14, [rsp+1268h+var_20] mov r13, [rsp+1268h+var_18] mov rdi, [rsp+1268h+var_8] mov rbx, [rsp+1268h+arg_8] jmp short loc_10000AC91 loc_10000AC82: mov r12, [rsp+1268h+var_1248] mov rsi, [rsp+1268h+var_1240] mov rbp, [rsp+1268h+var_1238] loc_10000AC91: test rsi, rsi jz short loc_10000ACC0 imul r12, 64h imul rbp, 64h mov rax, r12 cqo idiv rsi sub r8b, al mov rax, rbp cqo mov cs:byte_10002FE98, r8b idiv rsi mov cs:byte_10002FE99, al jmp short loc_10000ACCE loc_10000ACC0: mov cs:byte_10002FE98, 0 mov cs:byte_10002FE99, 0 loc_10000ACCE: xor r9d, r9d lea rdx, [rsp+1268h+var_1228] mov r8d, 138h lea ecx, [r9+2] call cs:NtQuerySystemInformation mov r12, [rsp+1268h+var_10] mov rsi, [rsp+1268h+arg_18] test eax, eax mov rbp, [rsp+1268h+arg_10] js short loc_10000AD4A loc_10000AD02: mov eax, cs:dword_10002F320 mov rdx, cs:qword_10002FE90 ; void * mov r8d, 7CFh ; size_t shr eax, 0Ah lea rcx, [rdx+1] ; void * imul eax, [rsp+1268h+var_11F8] mov cs:qword_10002FEA0, rax call memmove mov rax, cs:qword_10002FEA0 mov rcx, cs:qword_10002FE90 imul rax, 64h cqo idiv cs:qword_10002FEA8 mov [rcx], al loc_10000AD4A: mov r15, [rsp+1268h+var_28] add rsp, 1268h retn sub_10000AA70 endp algn_10000AD5A: align 20h sub_10000AD60 proc near dwBytes= qword ptr -18h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 38h mov [rsp+38h+arg_18], rdi mov [rsp+38h+var_8], r12 mov [rsp+38h+arg_0], rbx mov [rsp+38h+arg_10], rsi mov rdi, rcx xor r12d, r12d db 66h nop loc_10000AD80: mov rbx, [rdi] test rbx, rbx jz short loc_10000ADA2 call cs:GetProcessHeap mov r8, rbx ; lpMem xor edx, edx ; dwFlags mov rcx, rax ; hHeap call cs:HeapSize mov dword ptr [rsp+38h+dwBytes], eax jmp short loc_10000ADA7 loc_10000ADA2: mov dword ptr [rsp+38h+dwBytes], r12d loc_10000ADA7: mov rcx, [rdi] lea rdx, [rsp+38h+dwBytes] call GetInterfaceInfo test eax, eax jz loc_10000AE40 sub eax, 7Ah jnz short loc_10000AE1F mov rsi, [rdi] test rsi, rsi jnz short loc_10000ADF4 mov ebx, dword ptr [rsp+38h+dwBytes] call cs:GetProcessHeap lea edx, [rsi+8] ; dwFlags mov rcx, rax ; hHeap mov r8, rbx ; dwBytes call cs:HeapAlloc test rax, rax mov [rdi], rax jnz short loc_10000AD80 loc_10000ADEA: mov eax, 8007000Eh jmp loc_10000AFD9 loc_10000ADF4: mov ebx, dword ptr [rsp+38h+dwBytes] call cs:GetProcessHeap mov r9, rbx ; dwBytes mov r8, rsi ; lpMem mov edx, 8 ; dwFlags mov rcx, rax ; hHeap call cs:HeapReAlloc test rax, rax jz short loc_10000ADEA mov [rdi], rax jmp loc_10000AD80 loc_10000AE1F: cmp eax, 70h jz short loc_10000AE32 mov [rdi+10h], r12d mov eax, 80004005h jmp loc_10000AFD9 loc_10000AE32: mov [rdi+10h], r12d mov eax, 1 jmp loc_10000AFD9 loc_10000AE40: cmp [rdi+10h], r12d loc_10000AE44: mov [rsp+38h+arg_8], rbp mov ebp, r12d jle loc_10000AEF7 mov ebx, 1 mov rsi, r12 db 66h, 66h nop db 66h, 66h nop loc_10000AE60: mov r9d, r12d xor r10b, r10b mov rdx, r12 db 66h, 66h nop db 66h, 66h, 66h nop loc_10000AE70: mov r8, [rdi] cmp r9d, [r8] jge short loc_10000AEAA mov rax, [rdi+8] mov rcx, [rax+rsi] mov eax, [rdx+r8+4] cmp [rcx+200h], eax jnz short loc_10000AE99 mov dword ptr [rdx+r8+4], 0FFFFFFFFh mov r10b, 1 loc_10000AE99: inc r9d add rdx, 104h test r10b, r10b jz short loc_10000AE70 jmp short loc_10000AEE6 loc_10000AEAA: test r10b, r10b jnz short loc_10000AEE6 mov eax, [rdi+10h] cmp eax, ebx jbe short loc_10000AEDA mov rcx, [rdi+8] sub eax, ebp lea r8d, [rax-1] movsxd rax, ebx lea rdx, [rcx+rax*8] ; void * movsxd rax, ebp lea rcx, [rcx+rax*8] ; void * imul r8, 4F10h ; size_t call memmove loc_10000AEDA: add dword ptr [rdi+10h], 0FFFFFFFFh dec ebp dec ebx sub rsi, 8 loc_10000AEE6: inc ebp inc ebx add rsi, 8 cmp ebp, [rdi+10h] jl loc_10000AE60 loc_10000AEF7: mov rax, [rdi] lea rbp, [rdi+8] mov ecx, [rax] mov eax, 20h cmp ecx, eax cmovl eax, ecx imul eax, 4F10h test rbp, rbp jnz short loc_10000AF1C mov eax, 80070057h jmp short loc_10000AF7B loc_10000AF1C: mov rsi, [rbp+0] test rsi, rsi jnz short loc_10000AF4C mov ebx, eax call cs:GetProcessHeap lea edx, [rsi+8] ; dwFlags mov rcx, rax ; hHeap mov r8, rbx ; dwBytes call cs:HeapAlloc test rax, rax mov [rbp+0], rax jnz short loc_10000AF71 mov eax, 8007000Eh jmp short loc_10000AF7B loc_10000AF4C: mov ebx, eax call cs:GetProcessHeap mov r9, rbx ; dwBytes mov r8, rsi ; lpMem mov edx, 8 ; dwFlags mov rcx, rax ; hHeap call cs:HeapReAlloc test rax, rax jz short loc_10000AF76 mov [rbp+0], rax loc_10000AF71: mov eax, r12d jmp short loc_10000AF7B loc_10000AF76: mov eax, 8007000Eh loc_10000AF7B: test eax, eax mov ebx, r12d js short loc_10000AFD0 mov rsi, r12 loc_10000AF85: mov r8, [rdi] cmp ebx, [r8] jge short loc_10000AFCC cmp dword ptr [rsi+r8+4], 0FFFFFFFFh jz short loc_10000AFBD mov ecx, [rdi+10h] mov rax, [rbp+0] lea rdx, [rax+rcx*8] lea eax, [rcx+1] mov rcx, rdi mov [rdi+10h], eax movsxd rax, ebx imul rax, 104h lea r8, [rax+r8+4] call sub_10000B210 loc_10000AFBD: inc ebx add rsi, 104h test eax, eax jns short loc_10000AF85 jmp short loc_10000AFD0 loc_10000AFCC: test eax, eax jns short loc_10000AFD4 loc_10000AFD0: mov [rdi+10h], r12d loc_10000AFD4: mov rbp, [rsp+38h+arg_8] loc_10000AFD9: mov r12, [rsp+38h+var_8] mov rdi, [rsp+38h+arg_18] mov rsi, [rsp+38h+arg_10] mov rbx, [rsp+38h+arg_0] add rsp, 38h retn sub_10000AD60 endp algn_10000AFF2: align 20h sub_10000B000 proc near var_258= dword ptr -258h var_248= dword ptr -248h pclsid= CLSID ptr -240h var_228= byte ptr -228h var_28= word ptr -28h var_18= qword ptr -18h var_8= qword ptr -8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov r11, rsp sub rsp, 278h mov rax, cs:qword_10002C178 mov [rsp+278h+var_18], rax mov [r11+18h], rbp mov [r11-8], rdi xor edi, edi cmp [rcx+10h], edi mov rbp, rcx jbe loc_10000B0EB loc_10000B02F: mov [r11+20h], rsi mov rsi, rdi mov [r11+10h], rbx db 66h, 66h nop db 66h, 66h nop loc_10000B040: mov rax, [rbp+8] mov [rsp+278h+var_248], 200h mov [rsp+278h+var_28], 0 mov rdx, [rsi+rax] lea rcx, [rdx+4CA2h] ; lpsz lea rbx, [rdx+4AA2h] lea rdx, [rsp+278h+pclsid] ; pclsid call cs:CLSIDFromString test eax, eax js short loc_10000B0CC lea r8, [rsp+278h+var_248] lea rdx, [rsp+278h+var_228] lea rcx, [rsp+278h+pclsid] xor r9d, r9d mov [rsp+278h+var_258], 1 call NhGetInterfaceNameFromDeviceGuid test eax, eax jnz short loc_10000B0CC lea rdx, [rsp+278h+var_228] mov ecx, 100h sub rdx, rbx loc_10000B0A7: movzx eax, word ptr [rdx+rbx] test ax, ax jz short loc_10000B0BE mov [rbx], ax add rbx, 2 dec rcx jnz short loc_10000B0A7 jmp short loc_10000B0C3 loc_10000B0BE: test rcx, rcx jnz short loc_10000B0C7 loc_10000B0C3: sub rbx, 2 loc_10000B0C7: mov word ptr [rbx], 0 loc_10000B0CC: inc edi add rsi, 8 cmp edi, [rbp+10h] jb loc_10000B040 mov rsi, [rsp+278h+arg_18] mov rbx, [rsp+278h+arg_8] loc_10000B0EB: mov rdi, [rsp+278h+var_8] mov rbp, [rsp+278h+arg_10] mov rcx, [rsp+278h+var_18] call sub_1000258D0 add rsp, 278h retn sub_10000B000 endp algn_10000B110: align 20h sub_10000B120 proc near var_258= dword ptr -258h var_248= dword ptr -248h pclsid= CLSID ptr -240h var_228= byte ptr -228h var_28= word ptr -28h var_18= qword ptr -18h push rbx sub rsp, 270h mov rax, cs:qword_10002C178 mov [rsp+278h+var_18], rax mov rcx, rdx ; lpsz lea rdx, [rsp+278h+pclsid] ; pclsid mov rbx, r8 mov [rsp+278h+var_248], 200h mov [rsp+278h+var_28], 0 call cs:CLSIDFromString test eax, eax js loc_10000B1ED lea r8, [rsp+278h+var_248] lea rdx, [rsp+278h+var_228] lea rcx, [rsp+278h+pclsid] xor r9d, r9d mov [rsp+278h+var_258], 1 call NhGetInterfaceNameFromDeviceGuid test eax, eax jnz short loc_10000B1ED lea rdx, [rsp+278h+var_228] mov ecx, 100h sub rdx, rbx loc_10000B193: movzx eax, word ptr [rdx+rbx] test ax, ax jz short loc_10000B1C7 mov [rbx], ax add rbx, 2 dec rcx jnz short loc_10000B193 sub rbx, 2 xor eax, eax mov [rbx], cx mov rcx, [rsp+278h+var_18] call sub_1000258D0 add rsp, 270h pop rbx retn loc_10000B1C7: test rcx, rcx jnz short loc_10000B1D0 sub rbx, 2 loc_10000B1D0: mov word ptr [rbx], 0 xor eax, eax mov rcx, [rsp+278h+var_18] call sub_1000258D0 add rsp, 270h pop rbx retn loc_10000B1ED: mov eax, 80004005h mov rcx, [rsp+278h+var_18] call sub_1000258D0 add rsp, 270h pop rbx retn sub_10000B120 endp algn_10000B208: align 10h sub_10000B210 proc near var_88= byte ptr -88h var_78= dword ptr -78h var_74= byte ptr -74h var_64= dword ptr -64h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 0A8h test rdx, rdx mov [rax+8], rbx mov [rax+18h], rsi mov [rax-8], r12 mov rsi, r8 mov rbx, rdx mov r12, rcx jz loc_10000B533 test r8, r8 jz loc_10000B533 cmp qword ptr [rdx], 0 jnz short loc_10000B26D call cs:GetProcessHeap mov edx, 8 ; dwFlags mov r8d, 4F10h ; dwBytes mov rcx, rax ; hHeap call cs:HeapAlloc test rax, rax mov [rbx], rax jz loc_10000B52C loc_10000B26D: mov rcx, [rbx] mov eax, [rsi] mov [rcx+200h], eax mov rcx, [rbx] call GetIfEntry test eax, eax jnz loc_10000B52C lea rcx, [rsi+4] ; lpString loc_10000B28C: mov [rsp+0A8h+arg_8], rbp mov [rsp+0A8h+arg_18], rdi call cs:lstrlenW mov rdi, [rbx] mov ecx, [rdi+204h] mov ebp, eax cmp ecx, 17h jz loc_10000B3EF cmp ecx, 1Ch jz loc_10000B3EF xor edx, edx ; int lea rcx, [rsp+0A8h+var_74] ; void * mov [rsp+0A8h+var_78], 0 lea r8d, [rdx+64h] ; size_t call memset mov edx, 104h lea r11, [rdi+4D04h] mov r8, rdx lea rax, aDevice ; "\\Device\\" db 66h, 66h nop loc_10000B2F0: movzx ecx, word ptr [rax] test cx, cx jz short loc_10000B30B mov [r11], cx add r11, 2 add rax, 2 dec r8 jnz short loc_10000B2F0 jmp short loc_10000B310 loc_10000B30B: test r8, r8 jnz short loc_10000B314 loc_10000B310: sub r11, 2 loc_10000B314: mov word ptr [r11], 0 mov r8, [rbx] mov rcx, rdx lea rax, [r8+4D04h] loc_10000B327: cmp word ptr [rax], 0 jz short loc_10000B338 add rax, 2 dec rcx jnz short loc_10000B327 jmp short loc_10000B387 loc_10000B338: test rcx, rcx jz short loc_10000B387 mov rax, rdx sub rax, rcx sub rdx, rax lea rcx, [r8+rax*2+4D04h] lea eax, [rbp-26h] cdqe jz short loc_10000B387 lea rax, [rax+rax+4] sub rax, rcx lea r8, [rax+rsi] loc_10000B361: movzx eax, word ptr [r8+rcx] test ax, ax jz short loc_10000B379 mov [rcx], ax add rcx, 2 dec rdx jnz short loc_10000B361 jmp short loc_10000B37E loc_10000B379: test rdx, rdx jnz short loc_10000B382 loc_10000B37E: sub rcx, 2 loc_10000B382: mov word ptr [rcx], 0 loc_10000B387: mov rdx, [rbx] lea rcx, [rsp+0A8h+var_88] add rdx, 4D04h call cs:RtlInitUnicodeString lea rdx, [rsp+0A8h+var_78] lea rcx, [rsp+0A8h+var_88] mov [rsp+0A8h+var_78], 68h call sub_100025530 test eax, eax jz short loc_10000B3D5 mov ecx, [rsp+0A8h+var_64] mov rax, [rbx] imul rcx, 64h mov [rax+4898h], rcx mov rax, [rbx] mov byte ptr [rax+48A0h], 0 jmp short loc_10000B3F6 loc_10000B3D5: mov rax, [rbx] mov qword ptr [rax+4898h], 0 mov rax, [rbx] mov byte ptr [rax+48A0h], 0 jmp short loc_10000B3F6 loc_10000B3EF: mov byte ptr [rdi+48A0h], 1 loc_10000B3F6: ; void * mov rdx, [rbx] mov r8d, 35Ch ; size_t lea rcx, [rdx+35Ch] ; void * call memmove mov rdx, [rbx] ; void * mov r8d, 35Ch ; size_t lea rcx, [rdx+6B8h] ; void * call memmove mov rcx, [rbx] mov edx, 0FFFFFFFFh ; int add rcx, 0A14h ; void * mov r8d, 1F40h ; size_t call memset mov rcx, [rbx] mov edx, 0FFFFFFFFh ; int add rcx, 2954h ; void * mov r8d, 1F40h ; size_t call memset mov rcx, [rbx] mov edi, 100h lea rdx, [rcx+25Ch] add rcx, 48A2h mov r8, rdi call sub_10001CAB0 cmp ebp, 26h jl short loc_10000B4DA mov rdx, [rbx] lea eax, [rbp-26h] mov r8d, 27h movsxd rcx, eax add rdx, 4CA2h lea rax, [rsi+rcx*2+4] loc_10000B492: movzx ecx, word ptr [rax] test cx, cx jz short loc_10000B4AC mov [rdx], cx add rdx, 2 add rax, 2 dec r8 jnz short loc_10000B492 jmp short loc_10000B4B1 loc_10000B4AC: test r8, r8 jnz short loc_10000B4B5 loc_10000B4B1: sub rdx, 2 loc_10000B4B5: mov word ptr [rdx], 0 mov rdx, [rbx] mov r9d, edi lea r8, [rdx+4AA2h] add rdx, 4CA2h mov rcx, r12 call sub_10000B120 test eax, eax jns short loc_10000B518 loc_10000B4DA: mov rax, [rbx] lea rcx, [rax+4AA2h] add rax, 48A2h db 66h, 66h nop db 66h, 66h nop loc_10000B4F0: movzx edx, word ptr [rax] test dx, dx jz short loc_10000B50A mov [rcx], dx add rcx, 2 add rax, 2 dec rdi jnz short loc_10000B4F0 jmp short loc_10000B50F loc_10000B50A: test rdi, rdi jnz short loc_10000B513 loc_10000B50F: sub rcx, 2 loc_10000B513: mov word ptr [rcx], 0 loc_10000B518: mov rdi, [rsp+0A8h+arg_18] mov rbp, [rsp+0A8h+arg_8] xor eax, eax jmp short loc_10000B538 loc_10000B52C: mov eax, 8007000Eh jmp short loc_10000B538 loc_10000B533: mov eax, 80070057h loc_10000B538: mov r12, [rsp+0A8h+var_8] mov rsi, [rsp+0A8h+arg_10] mov rbx, [rsp+0A8h+arg_0] add rsp, 0A8h retn sub_10000B210 endp algn_10000B558: align 20h sub_10000B560 proc near push rbx test rdx, rdx mov r11, rdx mov rbx, rcx jz loc_10000B6DF cmp qword ptr [rdx+4CF8h], 0 jz loc_10000B6DF movzx r8d, byte ptr [rcx+14h] movzx r10d, byte ptr [rcx+14h] xor edx, edx mov rax, rdx mov r9, r8 imul r9, 35Ch test r8b, r8b mov r8, r10 setz al mov ecx, [r9+r11+59Ch] imul rax, 35Ch sub ecx, [rax+r11+584h] test r10b, r10b setz dl imul rdx, 35Ch sub ecx, [rdx+r11+59Ch] xor edx, edx add ecx, [r9+r11+584h] mov eax, ecx imul rax, 1F40h div qword ptr [r11+4CF8h] mov rdx, [r11+4898h] cmp rax, rdx mov rcx, rdx cmova rcx, rax imul r8, 35Ch mov r9d, [r8+r11+568h] cmp rcx, r9 jbe short loc_10000B615 cmp rax, rdx cmova rdx, rax jmp short loc_10000B618 loc_10000B615: mov rdx, r9 loc_10000B618: mov [r8+r11+568h], edx movzx eax, byte ptr [rbx+14h] mov rcx, [r11+4898h] imul rax, 35Ch test rcx, rcx mov eax, [rax+r11+568h] jz loc_10000B6D8 cmp rcx, rax jz loc_10000B6DF lea r8, [r11+2954h] mov r9d, 7D0h db 66h, 66h nop db 66h, 66h, 66h nop loc_10000B660: mov edx, [r8] cmp edx, 0FFFFFFFFh jz short loc_10000B6BC movzx eax, byte ptr [rbx+14h] imul rax, 35Ch mov ecx, [rax+r11+568h] mov rax, rdx xor edx, edx imul rax, [r11+4898h] div rcx xor edx, edx mov [r8], eax movzx eax, byte ptr [rbx+14h] imul rax, 35Ch mov ecx, [rax+r11+568h] mov eax, [r8-1F40h] imul rax, [r11+4898h] div rcx mov [r8-1F40h], eax loc_10000B6BC: add r8, 4 dec r9 jnz short loc_10000B660 movzx eax, byte ptr [rbx+14h] imul rax, 35Ch mov eax, [rax+r11+568h] loc_10000B6D8: mov [r11+4898h], rax loc_10000B6DF: pop rbx retn sub_10000B560 endp algn_10000B6E1: align 10h sub_10000B6F0 proc near var_A8= dword ptr -0A8h var_A0= byte ptr -0A0h var_88= dword ptr -88h var_84= byte ptr -84h var_74= dword ptr -74h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 0C8h mov [rax+8], rbx mov [rax+10h], rbp mov [rax-8], r12 mov [rax-18h], r14 xor r14d, r14d cmp dword ptr [rcx+10h], 20h mov ebp, r14d mov r12, rdx mov rbx, rcx mov [rdx], bpl mov [rsp+0C8h+var_A8], r14d jnb short loc_10000B75D lea rcx, [rsp+0C8h+var_A8] call GetNumberOfInterfaces test eax, eax jnz loc_10000B837 mov eax, [rsp+0C8h+var_A8] cmp [rbx+18h], eax jz short loc_10000B75D mov rcx, rbx call sub_10000AD60 mov ecx, [rsp+0C8h+var_A8] mov byte ptr [r12], 1 test eax, eax mov [rbx+18h], ecx mov ebp, eax js loc_10000B8E9 loc_10000B75D: cmp [rbx+14h], r14b loc_10000B761: mov [rsp+0C8h+arg_10], rsi mov esi, r14d setz al cmp [rbx+10h], r14d mov [rbx+14h], al jbe loc_10000B8DB mov [rsp+0C8h+arg_18], rdi mov rdi, r14 mov [rsp+0C8h+var_10], r13 nop loc_10000B790: movzx ecx, byte ptr [rbx+14h] mov rax, [rbx+8] inc rcx imul rcx, 35Ch add rcx, [rax+rdi] call GetIfEntry test eax, eax jnz loc_10000B8AB call cs:GetTickCount mov r11d, eax mov rax, [rbx+8] mov rdx, [rdi+rax] mov rcx, r11 mov rax, [rdx+4CF0h] test rax, rax cmovnz rcx, rax mov rax, r11 sub rax, rcx mov [rdx+4CF8h], rax mov rax, [rbx+8] mov rcx, [rax+rdi] mov [rcx+4CF0h], r11 mov rax, [rbx+8] mov rcx, [rdi+rax] movzx eax, byte ptr [rbx+14h] imul rax, 35Ch mov eax, [rax+rcx+568h] mov [rcx+20Ch], eax mov r13, [rbx+8] mov rdx, [r13+rdi+0] cmp [rdx+48A0h], r14b jz short loc_10000B841 mov rcx, rbx call sub_10000B560 mov edx, esi mov rcx, rbx call sub_10000BD80 jmp short loc_10000B8B5 loc_10000B837: mov ebp, 80004005h jmp loc_10000B8E3 loc_10000B841: ; int xor edx, edx lea rcx, [rsp+0C8h+var_84] ; void * mov [rsp+0C8h+var_88], r14d lea r8d, [rdx+64h] ; size_t call memset mov rdx, [r13+rdi+0] lea rcx, [rsp+0C8h+var_A0] add rdx, 4D04h call cs:RtlInitUnicodeString lea rdx, [rsp+0C8h+var_88] lea rcx, [rsp+0C8h+var_A0] mov [rsp+0C8h+var_88], 68h call sub_100025530 test eax, eax jz short loc_10000B89F mov rax, [rbx+8] mov edx, [rsp+0C8h+var_74] mov rcx, [rax+rdi] imul rdx, 64h mov [rcx+4898h], rdx loc_10000B89F: mov edx, esi mov rcx, rbx call sub_10000BD80 jmp short loc_10000B8B5 loc_10000B8AB: cmp eax, 0Dh jnz short loc_10000B8C6 mov byte ptr [r12], 1 loc_10000B8B5: inc esi add rdi, 8 cmp esi, [rbx+10h] jb loc_10000B790 jmp short loc_10000B8CB loc_10000B8C6: mov ebp, 80004005h loc_10000B8CB: mov r13, [rsp+0C8h+var_10] mov rdi, [rsp+0C8h+arg_18] loc_10000B8DB: mov rsi, [rsp+0C8h+arg_10] loc_10000B8E3: cmp [r12], r14b jz short loc_10000B8F3 loc_10000B8E9: mov rcx, rbx call sub_10000AD60 jmp short loc_10000B8F5 loc_10000B8F3: mov eax, ebp loc_10000B8F5: mov r14, [rsp+0C8h+var_18] mov r12, [rsp+0C8h+var_8] mov rbp, [rsp+0C8h+arg_8] mov rbx, [rsp+0C8h+arg_0] add rsp, 0C8h retn sub_10000B6F0 endp byte_10000B91D db 13h dup(0CCh) sub_10000B930 proc near var_208= qword ptr -208h var_200= dword ptr -200h Format= NUMBERFMTW ptr -1F8h Value= word ptr -1C8h var_F8= byte ptr -0F8h var_28= qword ptr -28h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 mov r11, rsp sub rsp, 228h mov rax, cs:qword_10002C178 mov [rsp+228h+var_28], rax cmp rdx, 3B9ACA00h mov [r11-10h], rsi mov [r11-18h], rdi mov rsi, r8 lea rdi, WindowName mov ecx, 1 mov r8, rdx jb short loc_10000B97A mov ecx, 3B9ACA00h lea rdi, unk_10002EA28 jmp short loc_10000B9A6 loc_10000B97A: cmp rdx, 0F4240h jb short loc_10000B991 mov ecx, 0F4240h lea rdi, unk_10002EA10 jmp short loc_10000B9A6 loc_10000B991: cmp rdx, 3E8h jb short loc_10000B9A6 mov ecx, 3E8h lea rdi, unk_10002E9F8 loc_10000B9A6: mov eax, cs:dword_10002EA3C xor edx, edx mov [rsp+228h+var_8], rbx mov [rsp+228h+Format.Grouping], eax mov [rsp+228h+Format.NumDigits], edx mov [rsp+228h+Format.LeadingZero], edx mov [rsp+228h+Format.NegativeOrder], edx lea rax, word_10002EA40 mov [rsp+228h+Format.lpDecimalSep], rax lea rax, word_10002EA80 mov [rsp+228h+Format.lpThousandSep], rax mov rax, r8 mov r8d, 0Ah ; int div rcx lea rdx, [rsp+228h+Value] ; wchar_t * mov rcx, rax ; unsigned __int64 call _ui64tow lea rax, [rsp+228h+var_F8] mov ebx, 64h lea r9, [rsp+228h+Format] ; lpFormat lea r8, [rsp+228h+Value] ; lpValue xor edx, edx ; dwFlags mov ecx, 400h ; Locale mov [rsp+228h+var_200], ebx mov [rsp+228h+var_208], rax call cs:GetNumberFormatW lea rdx, [rsp+228h+var_F8] mov r11, rsi sub rdx, rsi mov rcx, rbx loc_10000BA35: movzx eax, word ptr [rdx+r11] test ax, ax jz short loc_10000BA4E mov [r11], ax add r11, 2 dec rcx jnz short loc_10000BA35 jmp short loc_10000BA53 loc_10000BA4E: test rcx, rcx jnz short loc_10000BA57 loc_10000BA53: sub r11, 2 loc_10000BA57: mov word ptr [r11], 0 mov rax, rsi mov rcx, rbx loc_10000BA63: cmp word ptr [rax], 0 jz short loc_10000BA74 add rax, 2 dec rcx jnz short loc_10000BA63 jmp short loc_10000BABB loc_10000BA74: test rcx, rcx jz short loc_10000BABB mov rax, rbx mov rdx, rbx sub rax, rcx sub rdx, rax lea rcx, [rsi+rax*2] jz short loc_10000BABB lea r8, asc_1000038D8 ; " " sub r8, rcx loc_10000BA95: movzx eax, word ptr [r8+rcx] test ax, ax jz short loc_10000BAAD mov [rcx], ax add rcx, 2 dec rdx jnz short loc_10000BA95 jmp short loc_10000BAB2 loc_10000BAAD: test rdx, rdx jnz short loc_10000BAB6 loc_10000BAB2: sub rcx, 2 loc_10000BAB6: mov word ptr [rcx], 0 loc_10000BABB: mov rcx, rsi mov rdx, rbx loc_10000BAC1: cmp word ptr [rcx], 0 jz short loc_10000BAD2 add rcx, 2 dec rdx jnz short loc_10000BAC1 jmp short loc_10000BB15 loc_10000BAD2: test rdx, rdx jz short loc_10000BB15 mov rax, rbx sub rax, rdx sub rbx, rax lea rcx, [rsi+rax*2] jz short loc_10000BB15 sub rdi, rcx db 66h, 66h nop db 66h, 66h, 66h nop loc_10000BAF0: movzx eax, word ptr [rdi+rcx] test ax, ax jz short loc_10000BB07 mov [rcx], ax add rcx, 2 dec rbx jnz short loc_10000BAF0 jmp short loc_10000BB0C loc_10000BB07: test rbx, rbx jnz short loc_10000BB10 loc_10000BB0C: sub rcx, 2 loc_10000BB10: mov word ptr [rcx], 0 loc_10000BB15: mov rdi, [rsp+228h+var_18] mov rbx, [rsp+228h+var_8] mov rax, rsi mov rsi, [rsp+228h+var_10] mov rcx, [rsp+228h+var_28] call sub_1000258D0 add rsp, 228h retn sub_10000B930 endp algn_10000BB45: align 10h sub_10000BB50 proc near var_108= word ptr -108h var_106= word ptr -106h var_38= qword ptr -38h var_28= qword ptr -28h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_20= byte ptr 28h mov r11, rsp sub rsp, 128h mov rax, cs:qword_10002C178 mov [rsp+128h+var_38], rax mov [r11-10h], rbp mov [r11-18h], rsi mov [r11-20h], rdi mov rsi, rdx mov [r11-28h], r12 mov rdi, r8 mov r12, 0D6BF94D5E57A42BDh mov r8d, 0Ah ; int mov rax, r12 mul rdx mov rbp, rdx lea rdx, [rsp+128h+var_108] ; wchar_t * shr rbp, 17h mov rcx, rbp ; unsigned __int64 call _ui64tow test rax, rax jz loc_10000BD3D lea rdx, [rsp+128h+var_108] loc_10000BBB7: mov [rsp+128h+var_8], rbx mov ebx, 64h sub rdx, rdi mov rax, rdi mov r8, rbx db 66h, 66h nop loc_10000BBD0: movzx ecx, word ptr [rdx+rax] test cx, cx jz short loc_10000BBE7 mov [rax], cx add rax, 2 dec r8 jnz short loc_10000BBD0 jmp short loc_10000BBEC loc_10000BBE7: test r8, r8 jnz short loc_10000BBF0 loc_10000BBEC: sub rax, 2 loc_10000BBF0: test rbp, rbp mov word ptr [rax], 0 jz short loc_10000BC12 imul rbp, 989680h sub rsi, rbp cmp [rsp+128h+arg_20], 0 jz loc_10000BD35 loc_10000BC12: imul rsi, 64h mov rax, r12 mul rsi mov rsi, rdx shr rsi, 17h jz loc_10000BD35 lea rdx, [rsp+128h+var_108] ; wchar_t * mov r8d, 0Ah ; int mov rcx, rsi ; unsigned __int64 call _ui64tow test rax, rax jz loc_10000BD35 mov rax, rdi mov rcx, rbx db 66h nop db 66h, 66h nop loc_10000BC50: cmp word ptr [rax], 0 jz short loc_10000BC61 add rax, 2 dec rcx jnz short loc_10000BC50 jmp short loc_10000BCA8 loc_10000BC61: test rcx, rcx jz short loc_10000BCA8 mov rax, rbx mov rdx, rbx sub rax, rcx sub rdx, rax lea rcx, [rdi+rax*2] jz short loc_10000BCA8 lea r8, word_10002EA40 sub r8, rcx loc_10000BC82: movzx eax, word ptr [r8+rcx] test ax, ax jz short loc_10000BC9A mov [rcx], ax add rcx, 2 dec rdx jnz short loc_10000BC82 jmp short loc_10000BC9F loc_10000BC9A: test rdx, rdx jnz short loc_10000BCA3 loc_10000BC9F: sub rcx, 2 loc_10000BCA3: mov word ptr [rcx], 0 loc_10000BCA8: cmp rsi, 0Ah jnb short loc_10000BCC0 lea r8, unk_10002ECC0 mov rdx, rbx mov rcx, rdi call sub_100008260 loc_10000BCC0: movzx ecx, [rsp+128h+var_106] xor edx, edx cmp cx, 30h cmovz cx, dx mov rdx, rbx mov [rsp+128h+var_106], cx mov rcx, rdi db 66h, 66h nop db 66h, 66h nop loc_10000BCE0: cmp word ptr [rcx], 0 jz short loc_10000BCF1 add rcx, 2 dec rdx jnz short loc_10000BCE0 jmp short loc_10000BD35 loc_10000BCF1: test rdx, rdx jz short loc_10000BD35 mov rax, rbx sub rax, rdx sub rbx, rax lea rcx, [rdi+rax*2] jz short loc_10000BD35 lea rdx, [rsp+128h+var_108] sub rdx, rcx db 66h, 66h nop loc_10000BD10: movzx eax, word ptr [rdx+rcx] test ax, ax jz short loc_10000BD27 mov [rcx], ax add rcx, 2 dec rbx jnz short loc_10000BD10 jmp short loc_10000BD2C loc_10000BD27: test rbx, rbx jnz short loc_10000BD30 loc_10000BD2C: sub rcx, 2 loc_10000BD30: mov word ptr [rcx], 0 loc_10000BD35: mov rbx, [rsp+128h+var_8] loc_10000BD3D: mov r12, [rsp+128h+var_28] mov rsi, [rsp+128h+var_18] mov rbp, [rsp+128h+var_10] mov rax, rdi mov rdi, [rsp+128h+var_20] mov rcx, [rsp+128h+var_38] call sub_1000258D0 add rsp, 128h retn sub_10000BB50 endp algn_10000BD75: align 20h sub_10000BD80 proc near var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 38h cmp edx, [rcx+10h] mov [rax+10h], rbp mov [rax+20h], rdi mov rdi, rcx mov ebp, edx jnb loc_10000BF6D loc_10000BD9D: mov [rax+8], rbx mov [rax+18h], rsi mov [rax-8], r12 mov [rax-10h], r13 mov [rax-18h], r14 mov rax, [rcx+8] mov rsi, [rax+rbp*8] mov r8d, 1F3Ch ; size_t lea rcx, [rsi+2958h] ; void * lea rdx, [rsi+2954h] ; void * call memmove cmp ebp, [rdi+10h] mov r14d, 3B023380h mov r13, 624DD2F1A9FBE77h jnb loc_10000BE7C movzx r9d, byte ptr [rdi+14h] mov rax, [rdi+8] xor ebx, ebx mov rcx, [rax+rbp*8] test r9b, r9b mov r10, rbx mov r8, [rcx+4898h] setz r10b inc r9 inc r10 imul r9, 35Ch imul r10, 35Ch add r10, [rax+rbp*8] cmp [rcx+48A0h], bl jz short loc_10000BE33 mov r8d, [r9+rcx+20Ch] loc_10000BE33: imul r8, [rcx+4CF8h] mov rax, r13 mul r8 sub r8, rdx shr r8, 1 add r8, rdx shr r8, 0Ch jnz short loc_10000BE55 mov rax, rbx jmp short loc_10000BE81 loc_10000BE55: mov eax, [r9+rcx+228h] xor edx, edx sub eax, [r10+228h] imul rax, 3B9ACA00h div r8 cmp rax, 3B9ACA00h cmova rax, r14 jmp short loc_10000BE81 loc_10000BE7C: xor ebx, ebx mov rax, rbx loc_10000BE81: mov [rsi+2954h], eax mov rax, [rdi+8] mov r8d, 1F3Ch ; size_t mov rsi, [rax+rbp*8] lea rcx, [rsi+0A18h] ; void * lea rdx, [rsi+0A14h] ; void * call memmove cmp ebp, [rdi+10h] jnb loc_10000BF3D movzx r9d, byte ptr [rdi+14h] mov rax, [rdi+8] mov r10, rbx mov rcx, [rax+rbp*8] test r9b, r9b mov r8, [rcx+4898h] setz r10b inc r9 inc r10 imul r9, 35Ch imul r10, 35Ch add r10, [rax+rbp*8] cmp byte ptr [rcx+48A0h], 0 jz short loc_10000BEF8 mov r8d, [r9+rcx+20Ch] loc_10000BEF8: imul r8, [rcx+4CF8h] mov rax, r13 mul r8 sub r8, rdx shr r8, 1 add r8, rdx shr r8, 0Ch jz short loc_10000BF3D mov eax, [r9+rcx+240h] xor edx, edx sub eax, [r10+240h] imul rax, 3B9ACA00h div r8 mov rbx, rax cmp rax, 3B9ACA00h cmova rbx, r14 loc_10000BF3D: mov r14, [rsp+38h+var_18] mov r13, [rsp+38h+var_10] mov r12, [rsp+38h+var_8] mov [rsi+0A14h], ebx mov rsi, [rsp+38h+arg_10] mov rbx, [rsp+38h+arg_0] mov al, 1 mov rdi, [rsp+38h+arg_18] mov rbp, [rsp+38h+arg_8] add rsp, 38h retn loc_10000BF6D: mov rdi, [rsp+38h+arg_18] mov rbp, [rsp+38h+arg_8] xor al, al add rsp, 38h retn sub_10000BD80 endp byte_10000BF7E db 12h dup(0CCh) sub_10000BF90 proc near arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h cmp edx, [rcx+10h] mov [rsp+arg_0], rbx mov [rsp+arg_10], rsi mov [rsp+arg_18], rdi mov ebx, r9d mov r11d, r8d mov rdi, rcx jnb loc_10000C397 movzx r10d, byte ptr [rdi+14h] mov rax, [rdi+8] xor r9d, r9d test r10b, r10b mov r8, r9 mov ecx, edx mov rdx, [rax+rcx*8] setz r8b inc r10 mov rsi, [rdx+4CF8h] mov rdi, [rdx+4898h] inc r8 imul r10, 35Ch imul r8, 35Ch add r8, rdx add r10, rdx cmp [rdx+48A0h], r9b jz short loc_10000C005 mov edi, [r10+20Ch] loc_10000C005: lea eax, [r11-2] cmp eax, 17h ja loc_10000C397 loc_10000C012: mov [rsp+arg_8], rbp lea rbp, __ImageBase cdqe mov ecx, [rbp+rax*4+0C3ACh] add rcx, rbp mov rbp, [rsp+arg_8] jmp rcx loc_10000C031: imul rdi, rsi mov rax, 624DD2F1A9FBE77h mul rdi sub rdi, rdx shr rdi, 1 add rdi, rdx shr rdi, 0Ch jz loc_10000C397 sub r11d, 2 jz short loc_10000C06B sub r11d, 3 jz short loc_10000C0C5 dec r11d jz short loc_10000C0B5 dec r11d jnz short loc_10000C087 loc_10000C06B: mov r9d, [r10+240h] sub r9d, [r8+240h] sub r9d, [r8+228h] add r9d, [r10+228h] loc_10000C087: imul r9, 3B9ACA00h xor edx, edx mov ecx, 3B023380h mov rax, r9 div rdi cmp rax, 3B9ACA00h cmova rax, rcx mov rdi, [rsp+arg_18] mov rsi, [rsp+arg_10] mov rbx, [rsp+arg_0] retn loc_10000C0B5: mov r9d, [r10+228h] sub r9d, [r8+228h] jmp short loc_10000C087 loc_10000C0C5: mov r9d, [r10+240h] sub r9d, [r8+240h] jmp short loc_10000C087 mov rax, rdi mov rdi, [rsp+arg_18] mov rsi, [rsp+arg_10] mov rbx, [rsp+arg_0] retn test ebx, ebx jz short loc_10000C0F3 mov r9d, [rdx+240h] loc_10000C0F3: mov eax, [r10+240h] sub eax, r9d mov rdi, [rsp+arg_18] mov rsi, [rsp+arg_10] mov rbx, [rsp+arg_0] retn test ebx, ebx jz short loc_10000C118 mov r9d, [rdx+228h] loc_10000C118: mov eax, [r10+228h] sub eax, r9d mov rdi, [rsp+arg_18] mov rsi, [rsp+arg_10] mov rbx, [rsp+arg_0] retn test ebx, ebx jz short loc_10000C144 mov r9d, [rdx+240h] add r9d, [rdx+228h] loc_10000C144: mov eax, [r10+240h] add eax, [r10+228h] sub eax, r9d mov rdi, [rsp+arg_18] mov rsi, [rsp+arg_10] mov rbx, [rsp+arg_0] retn mov eax, [r10+240h] sub eax, [r8+240h] mov rdi, [rsp+arg_18] mov rsi, [rsp+arg_10] mov rbx, [rsp+arg_0] retn mov eax, [r10+228h] sub eax, [r8+228h] mov rdi, [rsp+arg_18] mov rsi, [rsp+arg_10] mov rbx, [rsp+arg_0] retn mov eax, [r10+240h] sub eax, [r8+240h] sub eax, [r8+228h] add eax, [r10+228h] mov rdi, [rsp+arg_18] mov rsi, [rsp+arg_10] mov rbx, [rsp+arg_0] retn test ebx, ebx jz short loc_10000C1D8 mov r9d, [rdx+22Ch] loc_10000C1D8: mov eax, [r10+22Ch] sub eax, r9d mov rdi, [rsp+arg_18] mov rsi, [rsp+arg_10] mov rbx, [rsp+arg_0] retn test ebx, ebx jz short loc_10000C1FD mov r9d, [rdx+244h] loc_10000C1FD: mov eax, [r10+244h] sub eax, r9d mov rdi, [rsp+arg_18] mov rsi, [rsp+arg_10] mov rbx, [rsp+arg_0] retn test ebx, ebx jz short loc_10000C229 mov r9d, [rdx+244h] add r9d, [rdx+22Ch] loc_10000C229: mov eax, [r10+244h] add eax, [r10+22Ch] sub eax, r9d mov rdi, [rsp+arg_18] mov rsi, [rsp+arg_10] mov rbx, [rsp+arg_0] retn mov eax, [r10+244h] sub eax, [r8+244h] mov rdi, [rsp+arg_18] mov rsi, [rsp+arg_10] mov rbx, [rsp+arg_0] retn mov eax, [r10+22Ch] sub eax, [r8+22Ch] mov rdi, [rsp+arg_18] mov rsi, [rsp+arg_10] mov rbx, [rsp+arg_0] retn mov eax, [r10+244h] sub eax, [r8+244h] sub eax, [r8+22Ch] add eax, [r10+22Ch] mov rdi, [rsp+arg_18] mov rsi, [rsp+arg_10] mov rbx, [rsp+arg_0] retn test ebx, ebx jz short loc_10000C2BD mov r9d, [rdx+230h] loc_10000C2BD: mov eax, [r10+230h] sub eax, r9d mov rdi, [rsp+arg_18] mov rsi, [rsp+arg_10] mov rbx, [rsp+arg_0] retn test ebx, ebx jz short loc_10000C2E2 mov r9d, [rdx+248h] loc_10000C2E2: mov eax, [r10+248h] sub eax, r9d mov rdi, [rsp+arg_18] mov rsi, [rsp+arg_10] mov rbx, [rsp+arg_0] retn test ebx, ebx jz short loc_10000C30E mov r9d, [rdx+248h] add r9d, [rdx+230h] loc_10000C30E: mov eax, [r10+248h] add eax, [r10+230h] sub eax, r9d mov rdi, [rsp+arg_18] mov rsi, [rsp+arg_10] mov rbx, [rsp+arg_0] retn mov eax, [r10+248h] sub eax, [r8+248h] mov rdi, [rsp+arg_18] mov rsi, [rsp+arg_10] mov rbx, [rsp+arg_0] retn mov eax, [r10+230h] sub eax, [r8+230h] mov rdi, [rsp+arg_18] mov rsi, [rsp+arg_10] mov rbx, [rsp+arg_0] retn mov eax, [r10+248h] sub eax, [r8+248h] sub eax, [r8+230h] add eax, [r10+230h] mov rdi, [rsp+arg_18] mov rsi, [rsp+arg_10] mov rbx, [rsp+arg_0] retn loc_10000C397: mov rdi, [rsp+arg_18] mov rsi, [rsp+arg_10] mov rbx, [rsp+arg_0] xor eax, eax retn sub_10000BF90 endp align 4 dd 0C031h qword_10000C3B0 dq 0C3970000C0D5h, 0C0310000C031h, 0C0E80000C031h dq 0C1320000C10Dh, 0C1830000C165h, 0C1CD0000C1A1h dq 0C2170000C1F2h, 0C2680000C24Ah, 0C2B20000C286h dq 0C2FC0000C2D7h, 0C34D0000C32Fh, 0CCCCCCCC0000C36Bh dq 2 dup(0CCCCCCCCCCCCCCCCh) sub_10000C420 proc near arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov [rsp+28h+arg_0], rbx mov [rsp+28h+arg_8], rbp xor ebx, ebx cmp [rcx+98h], ebx lea rax, off_100003870 mov [rsp+28h+arg_10], rsi mov [rsp+28h+arg_18], rdi mov [rcx], rax mov ebp, ebx mov rdi, rcx jbe short loc_10000C485 mov rsi, rbx loc_10000C454: mov rcx, [rdi+90h] mov rcx, [rcx+rsi+8] ; hWnd call cs:DestroyWindow mov rcx, [rdi+90h] mov rcx, [rcx+rsi] ; hWnd call cs:DestroyWindow inc ebp add rsi, 10h cmp ebp, [rdi+98h] jb short loc_10000C454 loc_10000C485: mov rsi, [rdi+90h] test rsi, rsi jz short loc_10000C4AC call cs:GetProcessHeap mov r8, rsi ; lpMem xor edx, edx ; dwFlags mov rcx, rax ; hHeap call cs:HeapFree mov [rdi+90h], rbx loc_10000C4AC: mov [rdi+98h], ebx lea rsi, [rdi+50h] mov ebp, 3 db 66h nop db 66h, 66h nop loc_10000C4C0: ; HGDIOBJ mov rcx, [rsi] test rcx, rcx jz short loc_10000C4CE call cs:DeleteObject loc_10000C4CE: add rsi, 8 dec rbp jnz short loc_10000C4C0 mov rcx, [rdi+80h] ; HGDIOBJ test rcx, rcx jz short loc_10000C4F0 call cs:DeleteObject mov [rdi+80h], rbx loc_10000C4F0: mov rsi, [rdi+8] test rsi, rsi jz short loc_10000C50D call cs:GetProcessHeap mov r8, rsi ; lpMem xor edx, edx ; dwFlags mov rcx, rax ; hHeap call cs:HeapFree loc_10000C50D: cmp [rdi+18h], ebx jz short loc_10000C57E mov rsi, [rdi+10h] test rsi, rsi jnz short loc_10000C51F mov eax, ebx jmp short loc_10000C533 loc_10000C51F: call cs:GetProcessHeap mov r8, rsi ; lpMem xor edx, edx ; dwFlags mov rcx, rax ; hHeap call cs:HeapSize loc_10000C533: shr eax, 3 jz short loc_10000C569 mov esi, eax db 66h, 66h nop db 66h, 66h nop loc_10000C540: mov rbp, [rdi+10h] cmp qword ptr [rbx+rbp], 0 jz short loc_10000C560 call cs:GetProcessHeap mov r8, [rbx+rbp] ; lpMem xor edx, edx ; dwFlags mov rcx, rax ; hHeap call cs:HeapFree loc_10000C560: add rbx, 8 dec rsi jnz short loc_10000C540 loc_10000C569: call cs:GetProcessHeap mov r8, [rdi+10h] ; lpMem xor edx, edx ; dwFlags mov rcx, rax ; hHeap call cs:HeapFree loc_10000C57E: mov rdi, [rsp+28h+arg_18] mov rsi, [rsp+28h+arg_10] mov rbp, [rsp+28h+arg_8] mov rbx, [rsp+28h+arg_0] add rsp, 28h retn sub_10000C420 endp algn_10000C597: align 20h sub_10000C5A0 proc near var_58= dword ptr -58h var_50= dword ptr -50h var_48= dword ptr -48h var_40= dword ptr -40h var_38= qword ptr -38h var_30= qword ptr -30h var_28= qword ptr -28h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 78h mov [rax+8], rbx mov [rax+10h], rbp mov [rax+18h], rsi mov [rax+20h], rdi mov [rax-8], r12 mov [rax-10h], r13 mov [rax-18h], r14 xor r14d, r14d cmp edx, [rcx+98h] mov ebx, r14d mov r12d, edx mov rdi, rcx jbe short loc_10000C5ED lea rsi, [rcx+90h] mov eax, edx shl eax, 4 test rsi, rsi jnz short loc_10000C623 mov ebx, 80070057h loc_10000C5ED: mov eax, ebx loc_10000C5EF: mov r14, [rsp+78h+var_18] mov r13, [rsp+78h+var_10] mov r12, [rsp+78h+var_8] mov rdi, [rsp+78h+arg_18] mov rsi, [rsp+78h+arg_10] mov rbp, [rsp+78h+arg_8] mov rbx, [rsp+78h+arg_0] add rsp, 78h retn loc_10000C623: mov rbp, [rsi] test rbp, rbp jnz short loc_10000C651 mov ebx, eax call cs:GetProcessHeap lea edx, [rbp+8] ; dwFlags mov rcx, rax ; hHeap mov r8, rbx ; dwBytes call cs:HeapAlloc test rax, rax mov [rsi], rax jnz short loc_10000C675 loc_10000C64A: mov ebx, 8007000Eh jmp short loc_10000C5ED loc_10000C651: mov ebx, eax call cs:GetProcessHeap mov r9, rbx ; dwBytes mov r8, rbp ; lpMem mov edx, 8 ; dwFlags mov rcx, rax ; hHeap call cs:HeapReAlloc test rax, rax jz short loc_10000C64A mov [rsi], rax loc_10000C675: ; hWnd mov rcx, [rdi+28h] xor r9d, r9d ; lParam xor r8d, r8d ; wParam lea edx, [r9+31h] ; Msg mov ebx, r14d call cs:SendMessageW cmp [rdi+98h], r12d mov r13, rax jnb loc_10000C5ED db 66h, 66h, 66h nop loc_10000C6A0: mov ecx, [rdi+98h] mov rax, [rdi+28h] mov [rsp+78h+var_20], r14 mov [rsp+78h+var_28], r14 add ecx, 9C4h lea r8, WindowName ; lpWindowName mov [rsp+78h+var_30], rcx mov [rsp+78h+var_38], rax mov [rsp+78h+var_40], r14d mov [rsp+78h+var_48], r14d lea rdx, aButton_0 ; "BUTTON" mov r9d, 4800000Bh ; dwStyle mov ecx, 200h ; dwExStyle mov [rsp+78h+var_50], r14d mov [rsp+78h+var_58], r14d call cs:CreateWindowExW mov ecx, [rdi+98h] add rcx, rcx mov r11, rax mov rax, [rsi] mov [rax+rcx*8+8], r11 mov edx, [rdi+98h] mov rax, [rsi] mov rcx, rdx add rcx, rcx mov rcx, [rax+rcx*8+8] ; hWnd test rcx, rcx jz loc_10000C812 test edx, edx jnz short loc_10000C760 call cs:GetDC test rax, rax mov rbp, rax jz short loc_10000C760 mov rdx, rax mov rcx, rdi call sub_10000CC40 mov r11d, [rdi+98h] mov rcx, [rsi] add r11, r11 mov rdx, rbp ; hDC mov rcx, [rcx+r11*8+8] ; hWnd call cs:ReleaseDC loc_10000C760: mov rax, [rdi+28h] mov [rsp+78h+var_20], r14 mov [rsp+78h+var_28], r14 mov [rsp+78h+var_30], r14 mov [rsp+78h+var_38], rax mov [rsp+78h+var_40], r14d mov [rsp+78h+var_48], r14d lea r8, WindowName ; lpWindowName lea rdx, aDavesframeclas ; "DavesFrameClass" mov r9d, 40000007h ; dwStyle mov ecx, 4 ; dwExStyle mov [rsp+78h+var_50], r14d mov [rsp+78h+var_58], r14d call cs:CreateWindowExW mov ecx, [rdi+98h] add rcx, rcx mov r11, rax mov rax, [rsi] mov [rax+rcx*8], r11 mov ecx, [rdi+98h] mov rax, [rsi] add rcx, rcx mov rcx, [rax+rcx*8] ; hWnd test rcx, rcx jz short loc_10000C7FB xor r9d, r9d ; lParam mov r8, r13 ; wParam lea edx, [r9+30h] ; Msg call cs:SendMessageW inc dword ptr [rdi+98h] cmp [rdi+98h], r12d jb loc_10000C6A0 jmp loc_10000C5ED loc_10000C7FB: mov eax, [rdi+98h] mov rcx, [rsi] add rax, rax mov rcx, [rcx+rax*8+8] ; hWnd call cs:DestroyWindow loc_10000C812: mov eax, 8007000Eh jmp loc_10000C5EF sub_10000C5A0 endp byte_10000C81C db 14h dup(0CCh) sub_10000C830 proc near lParam= qword ptr -78h push rbx sub rsp, 90h xor r8d, r8d mov r10, rdx lea rdx, unk_10002FF9C mov ecx, r8d mov rax, r8 db 66h, 66h, 66h nop loc_10000C850: mov r9d, [rax+rdx] cmp r9d, 0FFFFFFFFh jz short loc_10000C86D inc ecx mov dword ptr [rsp+rax+98h+lParam], r9d inc r8d add rax, 4 cmp ecx, 1Ah jb short loc_10000C850 loc_10000C86D: test r8d, r8d jle short loc_10000C8B3 xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov edx, 101Fh ; Msg mov rcx, r10 ; hWnd call cs:SendMessageW xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov rcx, rax ; hWnd mov edx, 1200h ; Msg mov rbx, rax call cs:SendMessageW lea r9, [rsp+98h+lParam] ; lParam mov edx, 1212h ; Msg movsxd r8, eax ; wParam mov rcx, rbx ; hWnd call cs:SendMessageW loc_10000C8B3: add rsp, 90h pop rbx retn sub_10000C830 endp byte_10000C8BC db 14h dup(0CCh) sub_10000C8D0 proc near push rbx sub rsp, 20h mov rcx, rdx ; hWnd xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov edx, 101Fh ; Msg call cs:SendMessageW xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov rcx, rax ; hWnd mov edx, 1200h ; Msg mov rbx, rax call cs:SendMessageW lea rcx, unk_10002FF9C ; void * mov edx, 0FFh ; int mov r8d, 6Ch ; size_t call memset xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov edx, 1200h ; Msg mov rcx, rbx ; hWnd call cs:SendMessageW lea r9, unk_10002FF9C mov edx, 1211h movsxd r8, eax mov rcx, rbx add rsp, 20h pop rbx jmp cs:SendMessageW sub_10000C8D0 endp algn_10000C94A: align 10h ; INT_PTR __stdcall DialogFunc(HWND, UINT, WPARAM, LPARAM) DialogFunc proc near var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 48h sub edx, 110h mov [rax+8], rbx mov [rax+20h], rdi mov [rax-8], r12 mov [rax-20h], r15 mov r12, rcx jz loc_10000CB2B dec edx jnz loc_10000CB27 cmp r8w, 1 jnz loc_10000CB15 mov rcx, cs:qword_100030170 loc_10000C990: mov [rax+10h], rbp mov [rax+18h], rsi mov [rax-18h], r14 call sub_10000D650 xor edi, edi mov esi, edi mov rbp, rdi lea rbx, dword_10002FEF8 lea r14, unk_10002FF64 lea r15, qword_100003110 lea r8, __ImageBase mov [rsp+48h+var_10], r13 db 66h, 66h nop db 66h, 66h, 66h nop loc_10000C9D0: ; nIDButton mov edx, [r15+rbp] test edx, edx js loc_10000CAD1 mov rcx, r12 ; hDlg call cs:IsDlgButtonChecked cmp eax, 1 jnz short loc_10000CA62 cmp [rbx], esi jz short loc_10000CA4F lea rax, __ImageBase lea rdx, [rax+rdi*2+2FF64h] ; void * lea rax, unk_10002FF98 sub eax, edx jz short loc_10000CA14 lea rcx, [rdx+2] ; void * mov r8d, eax ; size_t call memmove loc_10000CA14: lea rax, __ImageBase lea rdx, [rax+rdi*4+2FEF8h] ; void * lea rax, unk_10002FF60 sub eax, edx jz short loc_10000CA3A lea rcx, [rdx+4] ; void * mov r8d, eax ; size_t call memmove loc_10000CA3A: lea rax, __ImageBase movzx eax, word ptr [rax+rbp+2D872h] mov [r14], ax mov [rbx], esi loc_10000CA4F: inc edi add r14, 2 lea r8, __ImageBase add rbx, 4 jmp short loc_10000CAC2 loc_10000CA62: cmp [rbx], esi jnz short loc_10000CABB lea r8, __ImageBase lea rax, unk_10002FF98 lea rcx, [r8+rdi*2+2FF64h] ; void * sub eax, ecx jz short loc_10000CA93 lea rdx, [rcx+2] ; void * mov r8d, eax ; size_t call memmove lea r8, __ImageBase loc_10000CA93: ; void * lea rcx, [r8+rdi*4+2FEF8h] lea rax, unk_10002FF60 sub eax, ecx jz short loc_10000CAC2 lea rdx, [rcx+4] ; void * mov r8d, eax ; size_t call memmove lea r8, __ImageBase jmp short loc_10000CAC2 loc_10000CABB: lea r8, __ImageBase loc_10000CAC2: inc esi add rbp, 4 cmp esi, 1Ah jl loc_10000C9D0 loc_10000CAD1: mov rcx, cs:qword_100030170 movsxd rax, edi mov dword ptr [r8+rax*4+2FEF8h], 0FFFFFFFFh call sub_10000D470 mov edx, 1 ; nResult mov rcx, r12 ; hDlg call cs:EndDialog mov r14, [rsp+48h+var_18] mov r13, [rsp+48h+var_10] mov rsi, [rsp+48h+arg_10] mov rbp, [rsp+48h+arg_8] xor eax, eax jmp loc_10000CB90 loc_10000CB15: cmp r8w, 2 jnz short loc_10000CB27 mov edx, 2 ; nResult call cs:EndDialog loc_10000CB27: xor eax, eax jmp short loc_10000CB90 loc_10000CB2B: lea r15, qword_100003110 mov cs:qword_100030170, r9 mov edi, 1Ah mov rbx, r15 loc_10000CB41: ; nIDButton mov edx, [rbx] xor r8d, r8d ; uCheck mov rcx, r12 ; hDlg call cs:CheckDlgButton add rbx, 4 dec rdi jnz short loc_10000CB41 lea rbx, dword_10002FEF8 nop loc_10000CB60: movsxd rax, dword ptr [rbx] cmp eax, 0FFFFFFFFh jz short loc_10000CB86 mov edx, [r15+rax*4] ; nIDButton mov r8d, 1 ; uCheck mov rcx, r12 ; hDlg call cs:CheckDlgButton inc edi add rbx, 4 cmp edi, 1Ah jb short loc_10000CB60 loc_10000CB86: mov rax, 1 loc_10000CB90: mov r15, [rsp+48h+var_20] mov r12, [rsp+48h+var_8] mov rdi, [rsp+48h+arg_18] mov rbx, [rsp+48h+arg_0] add rsp, 48h retn DialogFunc endp algn_10000CBA9: align 10h ; int __fastcall sub_10000CBB0(HDC, int, int, int, int, __int64, __int64) sub_10000CBB0 proc near var_8= qword ptr -8 arg_8= dword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov qword ptr [rsp+arg_8], rdx sub rsp, 28h mov [rsp+28h+arg_10], rbx mov [rsp+28h+arg_18], rsi lea rax, a22_5 ; " 22.5 %" mov [rsp+28h+var_8], rdi mov rsi, rcx mov rbx, rax xor edi, edi db 66h, 66h nop db 66h, 66h nop db 66h, 66h nop loc_10000CBE0: ; UINT movzx edx, word ptr [rax] lea r9, [rsp+28h+arg_8] ; LPINT mov rcx, rsi ; HDC mov r8d, edx ; UINT call cs:GetCharWidth32W test eax, eax jz short loc_10000CC1F add edi, [rsp+28h+arg_8] add rbx, 2 cmp word ptr [rbx], 0 mov rax, rbx jnz short loc_10000CBE0 mov eax, edi mov rdi, [rsp+28h+var_8] mov rsi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_10000CC1F: mov rdi, [rsp+28h+var_8] mov rsi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] mov eax, 0FFFFFFFFh add rsp, 28h retn sub_10000CBB0 endp algn_10000CC38: align 20h sub_10000CC40 proc near var_278= LOGFONTW ptr -278h pvParam= dword ptr -218h var_80= byte ptr -80h var_18= qword ptr -18h var_8= qword ptr -8 arg_10= qword ptr 18h arg_18= qword ptr 20h mov r11, rsp sub rsp, 298h mov rax, cs:qword_10002C178 mov [rsp+298h+var_18], rax cmp qword ptr [rcx+80h], 0 mov [r11+18h], rbx mov [r11-8], rdi mov rdi, rcx mov rbx, rdx jnz loc_10000CDA6 test rdx, rdx jz loc_10000CDA6 lea rcx, [r11-214h] ; void * xor edx, edx ; int mov r8d, 1F0h ; size_t loc_10000CC8D: mov [r11+20h], rsi call memset xor esi, esi lea r8, [rsp+298h+pvParam] ; pvParam lea ecx, [rsi+29h] ; uiAction xor r9d, r9d ; fWinIni xor edx, edx ; uiParam mov [rsp+298h+pvParam], 1F4h call cs:SystemParametersInfoW test eax, eax jz loc_10000CD9E lea rcx, [rsp+298h+var_278] ; void * lea rdx, [rsp+298h+var_80] ; void * lea r8d, [rsi+5Ch] ; size_t call memmove lea r8, unk_10002ED40 lea rcx, [rsp+298h+var_278.lfFaceName] sub r8, rcx mov [rsp+298h+var_278.lfWeight], 64h lea rax, [rsp+298h+var_278.lfFaceName] lea edx, [rsi+20h] loc_10000CCF6: movzx ecx, word ptr [r8+rax] test cx, cx jz short loc_10000CD0E mov [rax], cx add rax, 2 dec rdx jnz short loc_10000CCF6 jmp short loc_10000CD13 loc_10000CD0E: test rdx, rdx jnz short loc_10000CD17 loc_10000CD13: sub rax, 2 loc_10000CD17: ; int mov edx, 5Ah mov rcx, rbx ; HDC mov [rax], si call cs:GetDeviceCaps lea rcx, [rsp+298h+var_278] ; LOGFONTW * mov r11d, eax mov eax, 0C71C71C7h shl r11d, 3 imul r11d sar edx, 4 mov eax, edx shr eax, 1Fh add edx, eax mov [rsp+298h+var_278.lfHeight], edx call cs:CreateFontIndirectW test rax, rax mov [rdi+80h], rax jz short loc_10000CD6B mov rdx, rax ; HGDIOBJ mov rcx, rbx ; HDC call cs:SelectObject mov rsi, rax loc_10000CD6B: mov edx, [rsp+298h+var_278.lfHeight] mov rcx, rbx ; HDC add edx, 0FFFFFFFEh mov [rdi+88h], edx lea rdx, a22_5 ; " 22.5 %" call sub_10000CBB0 test rsi, rsi mov [rdi+8Ch], eax jz short loc_10000CD9E mov rdx, rsi ; HGDIOBJ mov rcx, rbx ; HDC call cs:SelectObject loc_10000CD9E: mov rsi, [rsp+298h+arg_18] loc_10000CDA6: mov rdi, [rsp+298h+var_8] mov rbx, [rsp+298h+arg_10] mov rcx, [rsp+298h+var_18] call sub_1000258D0 add rsp, 298h retn sub_10000CC40 endp algn_10000CDCB: align 20h sub_10000CDE0 proc near var_158= dword ptr -158h Rect= tagRECT ptr -148h var_138= qword ptr -138h String= word ptr -128h var_58= qword ptr -58h var_40= qword ptr -40h var_38= qword ptr -38h var_30= qword ptr -30h var_28= qword ptr -28h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 mov r11, rsp sub rsp, 178h mov rax, cs:qword_10002C178 mov [rsp+178h+var_58], rax cmp cs:dword_10003001C, 0 mov [r11-8], rbx mov [r11-10h], rbp mov [r11-28h], r12 mov r12d, [r8] mov [r11-38h], r14 mov [r11-40h], r15 mov ebx, r9d mov r14, r8 mov rbp, rdx mov [rsp+178h+var_138], 0 mov r15, rcx jz loc_10000D2B0 mov rdx, [rcx+80h] ; HGDIOBJ test rdx, rdx jz short loc_10000CE4C mov rcx, rbp ; HDC call cs:SelectObject mov [rsp+178h+var_138], rax loc_10000CE4C: ; int mov edx, 1 mov rcx, rbp ; HDC loc_10000CE54: mov [rsp+178h+var_30], r13 call cs:SetBkMode mov edx, 0FFFFh ; COLORREF mov rcx, rbp ; HDC call cs:SetTextColor mov ecx, [r14] mov eax, [r14+4] imul ebx, 989680h add r12d, [r15+8Ch] mov [rsp+178h+Rect.left], ecx mov [rsp+178h+Rect.top], eax sub eax, [r15+88h] lea ecx, [r12-3] mov r13d, ebx mov [rsp+178h+Rect.right], ecx mov ebx, 64h lea r8, [rsp+178h+String] mov rcx, r15 mov rdx, r13 mov r9d, ebx mov [rsp+178h+Rect.bottom], eax mov byte ptr [rsp+178h+var_158], 1 call sub_10000BB50 lea r11, [rsp+178h+String] mov rcx, rbx mov [rsp+178h+var_18], rsi loc_10000CED0: cmp word ptr [r11], 0 lea rsi, asc_1000038D8 ; " " jz short loc_10000CEE9 add r11, 2 dec rcx jnz short loc_10000CED0 jmp short loc_10000CF36 loc_10000CEE9: test rcx, rcx jz short loc_10000CF36 mov rax, rbx mov rdx, rbx sub rax, rcx sub rdx, rax lea rcx, [rsp+rax*2+178h+String] jz short loc_10000CF36 mov r8, rsi sub r8, rcx db 66h, 66h nop db 66h, 66h nop db 66h, 66h nop loc_10000CF10: movzx eax, word ptr [rcx+r8] test ax, ax jz short loc_10000CF28 mov [rcx], ax add rcx, 2 dec rdx jnz short loc_10000CF10 jmp short loc_10000CF2D loc_10000CF28: test rdx, rdx jnz short loc_10000CF31 loc_10000CF2D: sub rcx, 2 loc_10000CF31: mov word ptr [rcx], 0 loc_10000CF36: lea rax, [rsp+178h+String] mov rcx, rbx mov [rsp+178h+var_20], rdi db 66h, 66h, 66h nop db 66h, 66h nop db 66h, 66h nop loc_10000CF50: cmp word ptr [rax], 0 lea rdi, unk_10002ED00 jz short loc_10000CF68 add rax, 2 dec rcx jnz short loc_10000CF50 jmp short loc_10000CFAC loc_10000CF68: test rcx, rcx jz short loc_10000CFAC mov rax, rbx mov rdx, rbx sub rax, rcx sub rdx, rax lea rcx, [rsp+rax*2+178h+String] jz short loc_10000CFAC mov r8, rdi sub r8, rcx loc_10000CF86: movzx eax, word ptr [rcx+r8] test ax, ax jz short loc_10000CF9E mov [rcx], ax add rcx, 2 dec rdx jnz short loc_10000CF86 jmp short loc_10000CFA3 loc_10000CF9E: test rdx, rdx jnz short loc_10000CFA7 loc_10000CFA3: sub rcx, 2 loc_10000CFA7: mov word ptr [rcx], 0 loc_10000CFAC: ; lpString lea rcx, [rsp+178h+String] call cs:lstrlenW lea r9, [rsp+178h+Rect] ; lpRect lea rdx, [rsp+178h+String] ; lpString mov rcx, rbp ; hDC mov r8d, eax ; nCount mov [rsp+178h+var_158], 2 call cs:DrawTextW mov r8d, [r14+4] mov r9d, [r15+88h] mov eax, [r14+0Ch] shr r13, 1 mov byte ptr [rsp+178h+var_158], 1 sub eax, r8d cdq sub eax, edx sar eax, 1 lea ecx, [r8+rax] mov eax, r9d lea r8, [rsp+178h+String] cdq sub eax, edx mov rdx, r13 sar eax, 1 add eax, ecx mov rcx, r15 mov [rsp+178h+Rect.top], eax sub eax, r9d mov r9d, ebx mov [rsp+178h+Rect.bottom], eax call sub_10000BB50 mov r13, [rsp+178h+var_30] lea r11, [rsp+178h+String] mov rcx, rbx loc_10000D030: cmp word ptr [r11], 0 jz short loc_10000D042 add r11, 2 dec rcx jnz short loc_10000D030 jmp short loc_10000D086 loc_10000D042: test rcx, rcx jz short loc_10000D086 mov rax, rbx mov rdx, rbx sub rax, rcx sub rdx, rax lea rcx, [rsp+rax*2+178h+String] jz short loc_10000D086 mov r8, rsi sub r8, rcx loc_10000D060: movzx eax, word ptr [rcx+r8] test ax, ax jz short loc_10000D078 mov [rcx], ax add rcx, 2 dec rdx jnz short loc_10000D060 jmp short loc_10000D07D loc_10000D078: test rdx, rdx jnz short loc_10000D081 loc_10000D07D: sub rcx, 2 loc_10000D081: mov word ptr [rcx], 0 loc_10000D086: lea rax, [rsp+178h+String] mov rcx, rbx db 66h nop loc_10000D090: cmp word ptr [rax], 0 jz short loc_10000D0A1 add rax, 2 dec rcx jnz short loc_10000D090 jmp short loc_10000D0E6 loc_10000D0A1: test rcx, rcx jz short loc_10000D0E6 mov rax, rbx mov rdx, rbx sub rax, rcx sub rdx, rax lea rcx, [rsp+rax*2+178h+String] jz short loc_10000D0E6 mov r8, rdi sub r8, rcx nop loc_10000D0C0: movzx eax, word ptr [rcx+r8] test ax, ax jz short loc_10000D0D8 mov [rcx], ax add rcx, 2 dec rdx jnz short loc_10000D0C0 jmp short loc_10000D0DD loc_10000D0D8: test rdx, rdx jnz short loc_10000D0E1 loc_10000D0DD: sub rcx, 2 loc_10000D0E1: mov word ptr [rcx], 0 loc_10000D0E6: ; lpString lea rcx, [rsp+178h+String] call cs:lstrlenW lea r9, [rsp+178h+Rect] ; lpRect lea rdx, [rsp+178h+String] ; lpString mov rcx, rbp ; hDC mov r8d, eax ; nCount mov [rsp+178h+var_158], 2 call cs:DrawTextW mov r11d, [r15+88h] mov eax, [r14+0Ch] lea ecx, [r11+rax] lea r8, unk_10002ECC0 mov rdx, rbx mov [rsp+178h+Rect.top], ecx sub ecx, r11d lea rax, [rsp+178h+String] mov [rsp+178h+Rect.bottom], ecx lea rcx, [rsp+178h+String] sub r8, rcx loc_10000D140: movzx ecx, word ptr [rax+r8] test cx, cx jz short loc_10000D158 mov [rax], cx add rax, 2 dec rdx jnz short loc_10000D140 jmp short loc_10000D15D loc_10000D158: test rdx, rdx jnz short loc_10000D161 loc_10000D15D: sub rax, 2 loc_10000D161: mov word ptr [rax], 0 mov rcx, rbx lea rax, [rsp+178h+String] db 66h nop loc_10000D170: cmp word ptr [rax], 0 jz short loc_10000D181 add rax, 2 dec rcx jnz short loc_10000D170 jmp short loc_10000D1C5 loc_10000D181: test rcx, rcx jz short loc_10000D1C5 mov rax, rbx mov rdx, rbx sub rax, rcx sub rdx, rax lea rcx, [rsp+rax*2+178h+String] jz short loc_10000D1C5 sub rsi, rcx db 66h, 66h, 66h nop loc_10000D1A0: movzx eax, word ptr [rcx+rsi] test ax, ax jz short loc_10000D1B7 mov [rcx], ax add rcx, 2 dec rdx jnz short loc_10000D1A0 jmp short loc_10000D1BC loc_10000D1B7: test rdx, rdx jnz short loc_10000D1C0 loc_10000D1BC: sub rcx, 2 loc_10000D1C0: mov word ptr [rcx], 0 loc_10000D1C5: mov rsi, [rsp+178h+var_18] lea rax, [rsp+178h+String] mov rcx, rbx loc_10000D1D5: cmp word ptr [rax], 0 jz short loc_10000D1E6 add rax, 2 dec rcx jnz short loc_10000D1D5 jmp short loc_10000D225 loc_10000D1E6: test rcx, rcx jz short loc_10000D225 mov rax, rbx sub rax, rcx sub rbx, rax lea rcx, [rsp+rax*2+178h+String] jz short loc_10000D225 sub rdi, rcx db 66h nop loc_10000D200: movzx eax, word ptr [rdi+rcx] test ax, ax jz short loc_10000D217 mov [rcx], ax add rcx, 2 dec rbx jnz short loc_10000D200 jmp short loc_10000D21C loc_10000D217: test rbx, rbx jnz short loc_10000D220 loc_10000D21C: sub rcx, 2 loc_10000D220: mov word ptr [rcx], 0 loc_10000D225: ; lpString lea rcx, [rsp+178h+String] call cs:lstrlenW lea r9, [rsp+178h+Rect] ; lpRect lea rdx, [rsp+178h+String] ; lpString mov rcx, rbp ; hDC mov r8d, eax ; nCount mov [rsp+178h+var_158], 2 call cs:DrawTextW mov rax, [rsp+178h+var_138] mov rdi, [rsp+178h+var_20] test rax, rax jz short loc_10000D26C loc_10000D260: ; HGDIOBJ mov rdx, rax mov rcx, rbp ; HDC call cs:SelectObject loc_10000D26C: ; HGDIOBJ mov rdx, [r15+58h] mov rcx, rbp ; HDC call cs:SelectObject mov r8d, [r14+4] ; int xor r9d, r9d ; LPPOINT mov edx, r12d ; int mov rcx, rbp ; HDC mov rbx, rax call cs:MoveToEx mov r8d, [r14+0Ch] ; int mov edx, r12d ; int mov rcx, rbp ; HDC call cs:LineTo test rbx, rbx jz short loc_10000D2B0 mov rdx, rbx ; HGDIOBJ mov rcx, rbp ; HDC call cs:SelectObject loc_10000D2B0: mov r15, [rsp+178h+var_40] mov r14, [rsp+178h+var_38] mov rbp, [rsp+178h+var_10] mov rbx, [rsp+178h+var_8] mov eax, r12d mov r12, [rsp+178h+var_28] mov rcx, [rsp+178h+var_58] call sub_1000258D0 add rsp, 178h retn sub_10000CDE0 endp algn_10000D2F0: align 20h sub_10000D300 proc near var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 38h loc_10000D307: mov [rax+8], rbx mov [rax+10h], rbp mov [rax+18h], rsi mov [rax+20h], rdi loc_10000D317: mov [rax-8], r12 mov [rax-10h], r13 mov [rax-18h], r14 mov rsi, rdx xor edx, edx mov r10d, 64h mov rdi, r8 mov eax, r10d div r9d sub r10d, eax mov r11d, eax mov eax, 51EB851Fh lea r9d, [r10+r10*4] shl r9d, 2 mul r9d mov r9d, r11d mov r12d, edx mov rdx, rsi shr r12d, 5 add r12d, 0Ch call sub_10000CDE0 mov edx, 1 ; int xor ecx, ecx ; int mov r8d, 408000h ; COLORREF mov ebp, eax call cs:CreatePen mov rcx, rsi ; HDC mov rdx, rax ; HGDIOBJ mov r13, rax call cs:SelectObject mov edx, [rdi+0Ch] lea ebx, [r12+1] mov ecx, edx mov r14, rax sub ecx, [rdi+4] cmp ebx, ecx jge short loc_10000D3D5 db 66h nop db 66h, 66h nop loc_10000D3A0: sub edx, ebx xor r9d, r9d ; LPPOINT mov rcx, rsi ; HDC mov r8d, edx ; int mov edx, ebp ; int call cs:MoveToEx mov r8d, [rdi+0Ch] mov edx, [rdi+8] ; int sub r8d, ebx ; int mov rcx, rsi ; HDC call cs:LineTo mov edx, [rdi+0Ch] add ebx, r12d mov eax, edx sub eax, [rdi+4] cmp ebx, eax jl short loc_10000D3A0 loc_10000D3D5: mov ebx, [rdi+8] mov r12, [rsp+38h+var_8] sub ebx, cs:dword_10002FEB4 cmp ebx, ebp jle short loc_10000D418 db 66h, 66h nop db 66h, 66h nop db 66h, 66h nop loc_10000D3F0: ; int mov r8d, [rdi+4] xor r9d, r9d ; LPPOINT mov edx, ebx ; int mov rcx, rsi ; HDC call cs:MoveToEx mov r8d, [rdi+0Ch] ; int mov edx, ebx ; int mov rcx, rsi ; HDC call cs:LineTo sub ebx, 0Ch cmp ebx, ebp jg short loc_10000D3F0 loc_10000D418: test r14, r14 mov rbx, [rsp+38h+arg_0] jz short loc_10000D42E loc_10000D422: ; HGDIOBJ mov rdx, r14 mov rcx, rsi ; HDC call cs:SelectObject loc_10000D42E: test r13, r13 mov r14, [rsp+38h+var_18] mov rsi, [rsp+38h+arg_10] jz short loc_10000D446 loc_10000D43D: ; HGDIOBJ mov rcx, r13 call cs:DeleteObject loc_10000D446: sub ebp, [rdi] mov r13, [rsp+38h+var_10] mov rdi, [rsp+38h+arg_18] lea eax, [rbp-3] mov rbp, [rsp+38h+arg_8] add rsp, 38h retn sub_10000D300 endp byte_10000D45F db 11h dup(0CCh) sub_10000D470 proc near lParam= qword ptr -278h var_270= dword ptr -270h var_268= qword ptr -268h var_25C= dword ptr -25Ch Buffer= word ptr -248h var_38= qword ptr -38h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 298h mov rax, cs:qword_10002C178 mov [rsp+298h+var_38], rax mov [rsp+298h+arg_10], rbp mov rbp, rcx mov rcx, [rcx+0B0h] ; hWnd xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov edx, 1009h ; Msg call cs:SendMessageW db 66h, 66h nop db 66h, 66h, 66h nop loc_10000D4B0: ; hWnd mov rcx, [rbp+0B0h] xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov edx, 101Ch ; Msg call cs:SendMessageW test eax, eax jnz short loc_10000D4B0 mov [rsp+298h+arg_8], rbx mov [rsp+298h+arg_18], rsi mov [rsp+298h+var_8], rdi mov [rsp+298h+var_10], r12 xor esi, esi mov [rsp+298h+var_18], r13 cmp cs:dword_10002FEF8, esi mov [rsp+298h+var_20], r14 jl loc_10000D5D8 lea rax, dword_10002FEF8 lea r12, unk_10002FF64 lea r14, __ImageBase mov rdi, rax db 66h nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_10000D530: movsxd rbx, dword ptr [rax] mov rcx, cs:hInstance ; hInstance lea r8, [rsp+298h+Buffer] ; lpBuffer mov edx, [r14+rbx*4+30A0h] ; uID mov r9d, 104h ; nBufferMax call cs:LoadStringW movsx ecx, word ptr [r14+rbx*4+2D870h] xor eax, eax cmp ebx, 1 mov dword ptr [rsp+298h+lParam], 7 setnle al or ecx, eax movzx eax, word ptr [r12] cmp ax, 0FFFFh mov dword ptr [rsp+298h+lParam+4], ecx jnz short loc_10000D58C movsx eax, word ptr [r14+rbx*4+2D872h] mov [rsp+298h+var_270], eax jmp short loc_10000D591 loc_10000D58C: cwde mov [rsp+298h+var_270], eax loc_10000D591: ; hWnd mov rcx, [rbp+0B0h] lea rax, [rsp+298h+Buffer] lea r9, [rsp+298h+lParam] ; lParam movsxd r8, esi ; wParam mov edx, 1061h ; Msg mov [rsp+298h+var_268], rax mov [rsp+298h+var_25C], esi call cs:SendMessageW cmp eax, 0FFFFFFFFh jz loc_10000D642 add rdi, 4 inc esi add r12, 2 cmp dword ptr [rdi], 0 mov rax, rdi jge loc_10000D530 loc_10000D5D8: ; hWnd mov rcx, [rbp+0B0h] mov r9d, 30h ; lParam mov edx, 1036h ; Msg mov r8, r9 ; wParam call cs:SendMessageW xor eax, eax loc_10000D5F5: mov r14, [rsp+298h+var_20] mov r13, [rsp+298h+var_18] mov r12, [rsp+298h+var_10] mov rdi, [rsp+298h+var_8] mov rsi, [rsp+298h+arg_18] mov rbp, [rsp+298h+arg_10] mov rbx, [rsp+298h+arg_8] mov rcx, [rsp+298h+var_38] call sub_1000258D0 add rsp, 298h retn loc_10000D642: mov eax, 80004005h jmp short loc_10000D5F5 sub_10000D470 endp algn_10000D649: align 10h sub_10000D650 proc near lParam= qword ptr -38h var_30= dword ptr -30h var_2C= dword ptr -2Ch var_28= dword ptr -28h var_24= dword ptr -24h var_20= dword ptr -20h var_1C= dword ptr -1Ch var_18= dword ptr -18h var_14= dword ptr -14h arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 58h xor eax, eax mov [rsp+58h+arg_8], rbp mov [rsp+58h+arg_10], rsi xor esi, esi cmp cs:dword_10002FEF8, 0FFFFFFFFh mov rbp, rcx mov dword ptr [rsp+58h+lParam+4], eax mov [rsp+58h+var_30], eax mov [rsp+58h+var_2C], eax mov dword ptr [rsp+58h+lParam], esi mov [rsp+58h+var_28], eax mov [rsp+58h+var_24], eax mov [rsp+58h+var_20], eax mov [rsp+58h+var_1C], eax mov [rsp+58h+var_18], eax mov [rsp+58h+var_14], eax jz short loc_10000D6F7 loc_10000D696: mov [rsp+58h+arg_0], rbx mov [rsp+58h+arg_18], rdi lea rdi, unk_10002FF64 lea rbx, dword_10002FEF8 db 66h nop loc_10000D6B0: ; hWnd mov rcx, [rbp+0B0h] lea r9, [rsp+58h+lParam] ; lParam movsxd r8, esi ; wParam mov edx, 105Fh ; Msg mov dword ptr [rsp+58h+lParam], 2 call cs:SendMessageW test eax, eax jz short loc_10000D6DE movzx eax, word ptr [rsp+58h+var_30] mov [rdi], ax loc_10000D6DE: add rbx, 4 inc esi add rdi, 2 cmp dword ptr [rbx], 0FFFFFFFFh jnz short loc_10000D6B0 mov rdi, [rsp+58h+arg_18] mov rbx, [rsp+58h+arg_0] loc_10000D6F7: mov rsi, [rsp+58h+arg_10] mov rbp, [rsp+58h+arg_8] add rsp, 58h retn sub_10000D650 endp algn_10000D706: align 10h sub_10000D710 proc near var_18= qword ptr -18h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 38h loc_10000D714: mov [rsp+38h+arg_0], rbx mov [rsp+38h+arg_8], rbp mov [rsp+38h+arg_10], rsi mov [rsp+38h+arg_18], rdi mov [rsp+38h+var_8], r12 mov rbp, rdx lea r12, qword_100003110+74h mov rdi, rcx lea rbx, qword_100003110+68h lea rsi, [rcx+50h] db 66h, 66h, 66h nop db 66h, 66h nop db 66h, 66h, 66h nop loc_10000D750: ; COLORREF mov r8d, [rbx] mov edx, 1 ; int xor ecx, ecx ; int call cs:CreatePen test rax, rax mov [rsi], rax jnz short loc_10000D774 lea ecx, [rax+6] ; int call cs:GetStockObject mov [rsi], rax loc_10000D774: add rbx, 4 add rsi, 8 cmp rbx, r12 jl short loc_10000D750 mov r8, cs:hWnd ; hWndParent mov rcx, cs:hInstance ; hInstance lea r9, sub_10000F5E0 ; lpDialogFunc mov edx, 6Dh ; lpTemplateName mov [rdi+30h], rbp mov [rsp+38h+var_18], rdi call cs:CreateDialogParamW mov r12, [rsp+38h+var_8] mov rsi, [rsp+38h+arg_10] test rax, rax mov rbp, [rsp+38h+arg_8] mov rbx, [rsp+38h+arg_0] mov [rdi+28h], rax jnz short loc_10000D7F9 loc_10000D7C7: call cs:GetLastError test eax, eax jg short loc_10000D7E1 mov rdi, [rsp+38h+arg_18] add rsp, 38h jmp cs:GetLastError loc_10000D7E1: call cs:GetLastError movzx eax, ax or eax, 80070000h mov rdi, [rsp+38h+arg_18] add rsp, 38h retn loc_10000D7F9: ; nIDDlgItem mov edx, 0A2Bh mov rcx, rax ; hDlg call cs:GetDlgItem test rax, rax mov [rdi+0B8h], rax jz short loc_10000D849 mov rcx, [rdi+28h] ; hDlg mov edx, 0A2Eh ; nIDDlgItem call cs:GetDlgItem test rax, rax mov [rdi+0A8h], rax jz short loc_10000D849 mov rcx, [rdi+28h] ; hDlg mov edx, 0A28h ; nIDDlgItem call cs:GetDlgItem test rax, rax mov [rdi+0B0h], rax jnz short loc_10000D858 loc_10000D849: mov eax, 80004005h mov rdi, [rsp+38h+arg_18] add rsp, 38h retn loc_10000D858: mov rcx, rdi call sub_10000D470 mov rdx, [rdi+0B0h] mov rcx, rdi call sub_10000C830 mov rdi, [rsp+38h+arg_18] xor eax, eax add rsp, 38h retn sub_10000D710 endp byte_10000D87B db 15h dup(0CCh) sub_10000D890 proc near var_38= dword ptr -38h var_30= dword ptr -30h var_28= dword ptr -28h Rect= tagRECT ptr -18h arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 58h mov [rsp+58h+arg_8], rbx loc_10000D899: mov [rsp+58h+arg_10], rsi mov [rsp+58h+arg_18], rdi mov rdi, rcx mov rcx, [rcx+30h] ; hWnd lea rdx, [rsp+58h+Rect] ; lpRect call cs:GetClientRect mov rdx, cs:hWnd ; hWndTo mov rcx, [rdi+30h] ; hWndFrom lea r8, [rsp+58h+Rect] ; lpPoints mov r9d, 2 ; cPoints call cs:MapWindowPoints mov rcx, [rdi+30h] ; hWnd lea r9, [rsp+58h+Rect] ; lParam xor r8d, r8d ; wParam mov edx, 1328h ; Msg call cs:SendMessageW mov ecx, [rsp+58h+Rect.bottom] mov r9d, [rsp+58h+Rect.top] ; Y mov eax, [rsp+58h+Rect.right] mov r8d, [rsp+58h+Rect.left] ; X sub ecx, r9d mov [rsp+58h+var_28], 0 mov [rsp+58h+var_30], ecx mov rcx, [rdi+28h] ; hWnd sub eax, r8d xor edx, edx ; hWndInsertAfter mov dword ptr [rdi+7Ch], 1 mov [rsp+58h+var_38], eax call cs:SetWindowPos mov rcx, [rdi+28h] ; hWnd mov edx, 5 ; nCmdShow call cs:ShowWindow mov rcx, [rdi+30h] ; hWnd call cs:SetFocus mov r11, [rdi] mov rcx, rdi call qword ptr [r11+30h] mov rcx, cs:hWnd ; hWnd call cs:GetMenu mov rcx, cs:hInstance ; hInstance mov edx, 960h ; lpMenuName mov rbx, rax call cs:LoadMenuW mov rcx, rax ; hMenu mov rsi, rax call sub_100005790 mov r11d, cs:dword_100030008 mov edx, 961h ; uIDCheckItem neg r11d mov rcx, rsi ; hMenu sbb r8d, r8d and r8d, 8 ; uCheck call cs:CheckMenuItem mov r11d, cs:dword_10003000C mov edx, 961h ; uIDCheckItem neg r11d mov rcx, rsi ; hMenu sbb r8d, r8d and r8d, 8 ; uCheck call cs:CheckMenuItem mov r11d, cs:dword_100030010 mov edx, 962h ; uIDCheckItem neg r11d mov rcx, rsi ; hMenu sbb r8d, r8d and r8d, 8 ; uCheck call cs:CheckMenuItem mov r11d, cs:dword_100030014 mov edx, 963h ; uIDCheckItem neg r11d mov rcx, rsi ; hMenu sbb r8d, r8d and r8d, 8 ; uCheck call cs:CheckMenuItem test byte ptr cs:dword_10003015C, 10h mov cs:hMenu, rsi jnz short loc_10000DA0F mov rcx, cs:hWnd ; hWnd mov rdx, rsi ; hMenu call cs:SetMenu loc_10000DA0F: test rbx, rbx mov rsi, [rsp+58h+arg_10] jz short loc_10000DA22 loc_10000DA19: ; hMenu mov rcx, rbx call cs:DestroyMenu loc_10000DA22: mov rcx, rdi call sub_10000DD10 mov rdi, [rsp+58h+arg_18] mov rbx, [rsp+58h+arg_8] xor eax, eax add rsp, 58h retn sub_10000D890 endp byte_10000DA3B db 15h dup(0CCh) sub_10000DA50 proc near lParam= qword ptr -38h var_30= dword ptr -30h var_2C= dword ptr -2Ch var_28= dword ptr -28h var_24= dword ptr -24h var_20= dword ptr -20h var_1C= dword ptr -1Ch var_18= dword ptr -18h var_14= dword ptr -14h arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 58h xor eax, eax loc_10000DA56: mov [rsp+58h+arg_8], rbp xor ebp, ebp cmp cs:dword_10002FEF8, 0FFFFFFFFh mov [rsp+58h+arg_18], rdi mov dword ptr [rsp+58h+lParam], ebp mov rdi, rcx mov dword ptr [rsp+58h+lParam+4], eax mov [rsp+58h+var_30], eax mov [rsp+58h+var_2C], eax mov [rsp+58h+var_28], eax mov [rsp+58h+var_24], eax mov [rsp+58h+var_20], eax mov [rsp+58h+var_1C], eax mov [rsp+58h+var_18], eax mov [rsp+58h+var_14], eax jz short loc_10000DAF7 loc_10000DA96: mov [rsp+58h+arg_0], rbx mov [rsp+58h+arg_10], rsi lea rsi, dword_10002FEF8 lea rbx, unk_10002FF64 db 66h nop loc_10000DAB0: ; hWnd mov rcx, [rdi+0B0h] lea r9, [rsp+58h+lParam] ; lParam movsxd r8, ebp ; wParam mov edx, 105Fh ; Msg mov dword ptr [rsp+58h+lParam], 2 call cs:SendMessageW test eax, eax jz short loc_10000DADE movzx eax, word ptr [rsp+58h+var_30] mov [rbx], ax loc_10000DADE: add rsi, 4 inc ebp add rbx, 2 cmp dword ptr [rsi], 0FFFFFFFFh jnz short loc_10000DAB0 mov rsi, [rsp+58h+arg_10] mov rbx, [rsp+58h+arg_0] loc_10000DAF7: ; hWnd mov rcx, [rdi+28h] mov rbp, [rsp+58h+arg_8] test rcx, rcx jz short loc_10000DB0D loc_10000DB05: ; nCmdShow xor edx, edx call cs:ShowWindow loc_10000DB0D: ; HDC mov rcx, [rdi+38h] test rcx, rcx jz short loc_10000DB37 mov rdx, [rdi+48h] ; HGDIOBJ test rdx, rdx jz short loc_10000DB25 call cs:SelectObject loc_10000DB25: ; HDC mov rcx, [rdi+38h] call cs:DeleteDC mov qword ptr [rdi+38h], 0 loc_10000DB37: ; HGDIOBJ mov rcx, [rdi+40h] test rcx, rcx jz short loc_10000DB4E call cs:DeleteObject mov qword ptr [rdi+40h], 0 loc_10000DB4E: mov rdi, [rsp+58h+arg_18] add rsp, 58h retn sub_10000DA50 endp algn_10000DB58: align 20h sub_10000DB60 proc near push rbx sub rsp, 20h mov rbx, rcx mov rcx, [rcx+28h] ; hWnd test rcx, rcx jz short loc_10000DB80 call cs:DestroyWindow mov qword ptr [rbx+28h], 0 loc_10000DB80: ; HDC mov rcx, [rbx+38h] test rcx, rcx jz short loc_10000DBAA mov rdx, [rbx+48h] ; HGDIOBJ test rdx, rdx jz short loc_10000DB98 call cs:SelectObject loc_10000DB98: ; HDC mov rcx, [rbx+38h] call cs:DeleteDC mov qword ptr [rbx+38h], 0 loc_10000DBAA: ; HGDIOBJ mov rcx, [rbx+40h] test rcx, rcx jz short loc_10000DBC1 call cs:DeleteObject mov qword ptr [rbx+40h], 0 loc_10000DBC1: xor eax, eax add rsp, 20h pop rbx retn sub_10000DB60 endp algn_10000DBC9: align 10h loc_10000DBD0: mov rcx, cs:hInstance mov r9d, r8d mov r8, rdx mov edx, 272Eh jmp cs:LoadStringW align 10h sub_10000DBF0 proc near var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 38h mov [rsp+38h+arg_0], rbx mov rbx, rcx mov [rsp+38h+arg_18], rdi mov edi, [rcx+9Ch] mov edx, [rbx+0A0h] mov ecx, [rcx+18h] lea eax, [rdx+rdi] cmp eax, ecx jbe short loc_10000DC1B mov edi, ecx sub edi, edx loc_10000DC1B: mov [rsp+38h+arg_8], rbp mov [rsp+38h+arg_10], rsi xor esi, esi cmp edi, ecx mov ebp, esi cmovnb edi, esi test edx, edx movsxd rax, edi jz short loc_10000DC99 loc_10000DC35: mov [rsp+38h+var_8], r12 mov [rsp+38h+var_10], r13 mov r13, rsi lea r12, ds:0[rax*8] db 66h, 66h nop db 66h, 66h nop loc_10000DC50: lea eax, [rdi+rbp] cmp eax, [rbx+18h] jnb short loc_10000DC69 mov rax, [rbx+10h] mov rdx, [rax+r12] add rdx, 4AA2h jmp short loc_10000DC6C loc_10000DC69: ; lpString mov rdx, rsi loc_10000DC6C: mov rcx, [rbx+90h] mov rcx, [rcx+r13] ; hWnd call cs:SetWindowTextW inc ebp add r12, 8 add r13, 10h cmp ebp, [rbx+0A0h] jb short loc_10000DC50 mov r13, [rsp+38h+var_10] mov r12, [rsp+38h+var_8] loc_10000DC99: cmp [rbx+0A0h], esi mov rbp, [rsp+38h+arg_8] jbe short loc_10000DCE7 loc_10000DCA6: mov rdi, rsi db 66h, 66h nop db 66h, 66h, 66h nop loc_10000DCB0: mov rcx, [rbx+90h] xor r8d, r8d ; bErase xor edx, edx ; lpRect mov rcx, [rcx+rdi+8] ; hWnd call cs:InvalidateRect mov rcx, [rbx+90h] mov rcx, [rcx+rdi+8] ; hWnd call cs:UpdateWindow inc esi add rdi, 10h cmp esi, [rbx+0A0h] jb short loc_10000DCB0 loc_10000DCE7: mov rdi, [rsp+38h+arg_18] mov rsi, [rsp+38h+arg_10] mov rbx, [rsp+38h+arg_0] add rsp, 38h retn sub_10000DBF0 endp byte_10000DCFB db 15h dup(0CCh) sub_10000DD10 proc near var_A8= dword ptr -0A8h var_A0= dword ptr -0A0h var_98= dword ptr -98h var_90= dword ptr -90h var_88= byte ptr -88h var_84= dword ptr -84h x= dword ptr -80h Rect= tagRECT ptr -78h var_68= dword ptr -68h var_64= dword ptr -64h var_60= qword ptr -60h var_58= xmmword ptr -58h var_48= SCROLLINFO ptr -48h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 0C8h mov [rax+8], rbx mov [rax+18h], rsi mov [rax+20h], rdi mov [rax-8], r12 mov [rax-10h], r13 xor r13d, r13d mov [rax-18h], r14 xor r14d, r14d mov [rax-20h], r15 xor r15d, r15d mov r12, rcx mov [rsp+0C8h+var_60], r13 mov [rcx+0A0h], r15d test byte ptr cs:dword_10003015C, 10h mov [rsp+0C8h+var_64], r13d mov [rsp+0C8h+x], r15d mov [rsp+0C8h+var_84], r13d mov [rax-58h], r15d mov [rax-54h], r14d mov esi, r14d mov [rax-50h], r14d mov edi, r14d mov [rax-4Ch], r14d mov [rsp+0C8h+var_88], r13b jz short loc_10000DDA2 mov rcx, cs:hWnd ; hWnd lea rdx, [rax-78h] ; lpRect call cs:GetClientRect mov ebx, [rsp+0C8h+Rect.bottom] sub ebx, cs:dword_10002F400 sub ebx, [rsp+0C8h+Rect.top] jmp short loc_10000DE03 loc_10000DDA2: ; hWnd mov rcx, [rcx+30h] lea rdx, [rsp+0C8h+Rect] ; lpRect call cs:GetClientRect mov rdx, [r12+28h] ; hWndTo mov rcx, [r12+30h] ; hWndFrom lea r8, [rsp+0C8h+Rect] ; lpPoints mov r9d, 2 ; cPoints call cs:MapWindowPoints mov rcx, [r12+30h] ; hWnd lea r9, [rsp+0C8h+Rect] ; lParam xor r8d, r8d ; wParam mov edx, 1328h ; Msg call cs:SendMessageW mov r11d, [rsp+0C8h+Rect.bottom] sub r11d, cs:dword_10002F400 sub r11d, [rsp+0C8h+Rect.top] lea eax, [r11+r11*2] cdq and edx, 3 lea ebx, [rdx+rax] sar ebx, 2 loc_10000DE03: mov [rsp+0C8h+arg_8], rbp mov ebp, [r12+18h] test ebp, ebp mov [rsp+0C8h+var_68], ebp jz loc_10000DEB9 xor edx, edx mov eax, ebx div ebp mov ecx, eax mov eax, 78h cmp ecx, eax cmovb ecx, eax cmp ebx, ecx jbe short loc_10000DE3A xor edx, edx mov eax, ebx div ecx jmp short loc_10000DE3F loc_10000DE3A: mov eax, 1 loc_10000DE3F: mov edx, eax mov rcx, r12 mov [r12+0A0h], eax call sub_10000C5A0 test eax, eax js loc_10000E3CA mov r8d, [r12+0A0h] mov ecx, cs:dword_10002F400 mov r9d, [rsp+0C8h+Rect.left] cmp ebp, r8d lea eax, [rcx+r9] setnbe r13b mov [rsp+0C8h+x], eax test r13b, r13b mov [rsp+0C8h+var_88], r13b jz short loc_10000DE8A lea edx, [rcx+11h] jmp short loc_10000DE8D loc_10000DE8A: mov edx, r15d loc_10000DE8D: mov ebp, [rsp+0C8h+Rect.right] lea eax, [rcx+rcx] sub ebp, eax mov eax, [rsp+0C8h+Rect.top] add eax, ecx sub ebp, edx xor edx, edx mov [rsp+0C8h+var_60], rax mov eax, ebx sub ebp, r9d div r8d mov [rsp+0C8h+var_64], ebp mov ebx, eax mov [rsp+0C8h+var_84], eax jmp short loc_10000DEBB loc_10000DEB9: mov ebx, esi loc_10000DEBB: mov ecx, [r12+98h] lea ecx, [rcx+rcx+3] ; nNumWindows call cs:BeginDeferWindowPos test rax, rax mov r15, rax jz loc_10000E3CA mov edx, cs:dword_10002F400 mov ecx, [rsp+0C8h+Rect.top] mov r9d, [rsp+0C8h+Rect.right] mov eax, 54h mov r10d, 80h mov r8d, ebx test r13b, r13b cmovnz r10d, eax lea eax, [rdx+rcx] sub r9d, edx mov rdx, [r12+0A8h] ; hWnd mov [rsp+0C8h+var_90], r10d sub r9d, 11h ; x imul r8d, [r12+0A0h] mov [rsp+0C8h+var_98], r8d mov rcx, r15 ; hWinPosInfo xor r8d, r8d ; hWndInsertAfter mov [rsp+0C8h+var_A0], 11h mov [rsp+0C8h+var_A8], eax call cs:DeferWindowPos xor ebp, ebp cmp [r12+98h], esi mov r13d, ebp jbe loc_10000E0BE db 66h, 66h nop loc_10000DF50: cmp r13d, [r12+0A0h] jnb loc_10000E041 mov ecx, cs:dword_10002F400 mov r8d, [rsp+0C8h+x] mov edx, [rsp+0C8h+var_64] sub ebx, cs:dword_10002F408 mov rbp, [r12+90h] mov esi, [rsp+0C8h+var_84] lea eax, [rcx+rcx] sub ebx, ecx lea ecx, [rdx+r8] mov edi, edx mov rdx, [rsp+0C8h+var_60] sub ecx, r8d add esi, edx sub edi, eax mov [rsp+0C8h+var_90], 54h mov eax, esi mov r9d, r8d ; x xor r8d, r8d ; hWndInsertAfter sub eax, edx mov [rsp+0C8h+var_98], eax mov [rsp+0C8h+var_A0], ecx mov [rsp+0C8h+var_A8], edx mov rdx, [r14+rbp] ; hWnd mov rcx, r15 ; hWinPosInfo call cs:DeferWindowPos mov edx, cs:dword_10002F408 mov eax, [rsp+0C8h+x] mov r10, [rsp+0C8h+var_60] mov r9d, cs:dword_10002F400 mov [rsp+0C8h+var_90], 54h add edx, r10d add r9d, eax ; x xor r8d, r8d ; hWndInsertAfter lea eax, [rdx+rbx] lea ecx, [r9+rdi] mov [rsp+0C8h+var_48.fMask], edx mov [rsp+0C8h+var_48.nMin], ecx sub ecx, r9d mov [rsp+0C8h+var_48.nMax], eax sub eax, edx mov [rsp+0C8h+var_48.cbSize], r9d mov [rsp+0C8h+var_98], eax mov [rsp+0C8h+var_A0], ecx mov [rsp+0C8h+var_A8], edx mov rdx, [r14+rbp+8] ; hWnd mov rcx, r15 ; hWinPosInfo call cs:DeferWindowPos mov dword ptr [rsp+0C8h+var_60], esi xor ebp, ebp movaps xmm5, xmmword ptr [rsp+0C8h+var_48.cbSize] movdqa [rsp+0C8h+var_58], xmm5 jmp short loc_10000E098 loc_10000E041: mov rbx, [r12+90h] mov [rsp+0C8h+var_90], 94h mov [rsp+0C8h+var_98], ebp mov rdx, [r14+rbx] ; hWnd xor r9d, r9d ; x xor r8d, r8d ; hWndInsertAfter mov rcx, r15 ; hWinPosInfo mov [rsp+0C8h+var_A0], ebp mov [rsp+0C8h+var_A8], ebp call cs:DeferWindowPos mov rdx, [r14+rbx+8] ; hWnd mov [rsp+0C8h+var_90], 94h mov [rsp+0C8h+var_98], ebp xor r9d, r9d ; x xor r8d, r8d ; hWndInsertAfter mov rcx, r15 ; hWinPosInfo mov [rsp+0C8h+var_A0], ebp mov [rsp+0C8h+var_A8], ebp call cs:DeferWindowPos loc_10000E098: mov ebx, [rsp+0C8h+var_84] inc r13d add r14, 10h cmp r13d, [r12+98h] jb loc_10000DF50 mov edi, dword ptr [rsp+0C8h+var_58+0Ch] mov esi, dword ptr [rsp+0C8h+var_58+8] mov r14d, dword ptr [rsp+0C8h+var_58+4] loc_10000E0BE: mov eax, cs:dword_10002F400 mov ecx, [rsp+0C8h+Rect.right] mov edx, [rsp+0C8h+Rect.bottom] mov r10, [rsp+0C8h+var_60] mov r9d, [rsp+0C8h+x] ; x mov ebp, [rsp+0C8h+var_68] mov r13d, 80h test ebp, ebp mov ebx, 54h mov r8d, r13d cmovnz r8d, ebx sub ecx, eax sub edx, eax sub ecx, [rsp+0C8h+Rect.left] mov [rsp+0C8h+var_90], r8d sub edx, r10d mov [rsp+0C8h+var_98], edx mov rdx, [r12+0B0h] ; hWnd sub ecx, r9d mov [rsp+0C8h+var_A0], ecx add eax, r10d xor r8d, r8d ; hWndInsertAfter mov rcx, r15 ; hWinPosInfo mov [rsp+0C8h+var_A8], eax call cs:DeferWindowPos mov ecx, [rsp+0C8h+Rect.top] mov r11d, [rsp+0C8h+Rect.bottom] mov r8d, [rsp+0C8h+Rect.right] mov r9d, [rsp+0C8h+Rect.left] ; x sub r11d, ecx mov eax, r11d test ebp, ebp cmovnz ebx, r13d cdq sub r8d, r9d sub eax, edx mov rdx, [r12+0B8h] ; hWnd mov [rsp+0C8h+var_90], ebx mov [rsp+0C8h+var_98], r11d mov [rsp+0C8h+var_A0], r8d sar eax, 1 lea ecx, [rax+rcx-28h] xor r8d, r8d ; hWndInsertAfter mov [rsp+0C8h+var_A8], ecx mov rcx, r15 ; hWinPosInfo call cs:DeferWindowPos mov rcx, r15 ; hWinPosInfo call cs:EndDeferWindowPos mov rcx, [r12+38h] ; HDC test rcx, rcx jz short loc_10000E1AD mov rdx, [r12+48h] ; HGDIOBJ test rdx, rdx jz short loc_10000E198 call cs:SelectObject loc_10000E198: ; HDC mov rcx, [r12+38h] call cs:DeleteDC xor r15d, r15d mov [r12+38h], r15 jmp short loc_10000E1B0 loc_10000E1AD: xor r15d, r15d loc_10000E1B0: ; HGDIOBJ mov rcx, [r12+40h] test rcx, rcx jz short loc_10000E1C5 call cs:DeleteObject mov [r12+40h], r15 loc_10000E1C5: ; hWnd mov rcx, [r12+28h] sub esi, dword ptr [rsp+0C8h+var_58] sub edi, r14d sub edi, 4 call cs:GetDC mov rcx, rax ; HDC mov rbx, rax call cs:CreateCompatibleDC test rax, rax mov [r12+38h], rax jnz short loc_10000E21B mov rcx, [r12+28h] ; hWnd mov rdx, rbx ; hDC call cs:ReleaseDC call cs:GetLastError test eax, eax jg short loc_10000E213 call cs:GetLastError jmp loc_10000E294 loc_10000E213: call cs:GetLastError jmp short loc_10000E294 loc_10000E21B: ; int mov r8d, edi mov edx, esi ; int mov rcx, rbx ; HDC mov [r12+68h], r15d mov [r12+6Ch], r15d mov [r12+70h], esi mov [r12+74h], edi call cs:CreateCompatibleBitmap mov rcx, [r12+28h] ; hWnd mov rdx, rbx ; hDC mov [r12+40h], rax call cs:ReleaseDC mov rdx, [r12+40h] test rdx, rdx jnz short loc_10000E284 call cs:GetLastError test eax, eax jg short loc_10000E26C call cs:GetLastError jmp short loc_10000E272 loc_10000E26C: call cs:GetLastError loc_10000E272: ; HDC mov rcx, [r12+38h] call cs:DeleteDC mov [r12+38h], r15 jmp short loc_10000E294 loc_10000E284: ; HDC mov rcx, [r12+38h] call cs:SelectObject mov [r12+48h], rax loc_10000E294: mov edi, [r12+9Ch] mov edx, [r12+0A0h] mov ecx, [r12+18h] lea eax, [rdx+rdi] cmp eax, ecx jbe short loc_10000E2B4 mov edi, ecx sub edi, edx loc_10000E2B4: cmp edi, ecx mov ebx, r15d cmovnb edi, r15d test edx, edx movsxd rsi, edi jz short loc_10000E319 mov rbp, r15 shl rsi, 3 db 66h nop db 66h, 66h nop loc_10000E2D0: lea eax, [rdi+rbx] cmp eax, [r12+18h] jnb short loc_10000E2EC mov rax, [r12+10h] mov rdx, [rax+rsi] add rdx, 4AA2h jmp short loc_10000E2EF loc_10000E2EC: ; lpString mov rdx, r15 loc_10000E2EF: mov rcx, [r12+90h] mov rcx, [rcx+rbp] ; hWnd call cs:SetWindowTextW inc ebx add rsi, 8 add rbp, 10h cmp ebx, [r12+0A0h] jb short loc_10000E2D0 mov ebp, [rsp+0C8h+var_68] loc_10000E319: cmp dword ptr [r12+0A0h], 0 mov edi, r15d jbe short loc_10000E36B mov rbx, r15 db 66h, 66h nop db 66h, 66h nop loc_10000E330: mov rcx, [r12+90h] xor r8d, r8d ; bErase xor edx, edx ; lpRect mov rcx, [rbx+rcx+8] ; hWnd call cs:InvalidateRect mov rcx, [r12+90h] mov rcx, [rbx+rcx+8] ; hWnd call cs:UpdateWindow inc edi add rbx, 10h cmp edi, [r12+0A0h] jb short loc_10000E330 loc_10000E36B: cmp [rsp+0C8h+var_88], 0 jz short loc_10000E3CA sub ebp, [r12+0A0h] mov rcx, [r12+0A8h] ; HWND mov r9d, 1 ; BOOL lea edx, [r9+1] ; int lea r8, [rsp+0C8h+var_48] ; LPCSCROLLINFO mov [rsp+0C8h+var_48.cbSize], 1Ch mov [rsp+0C8h+var_48.fMask], 3 mov [rsp+0C8h+var_48.nPage], 1 mov [rsp+0C8h+var_48.nMin], r15d mov [rsp+0C8h+var_48.nMax], ebp call cs:SetScrollInfo loc_10000E3CA: mov r15, [rsp+0C8h+var_20] mov r14, [rsp+0C8h+var_18] mov r13, [rsp+0C8h+var_10] mov r12, [rsp+0C8h+var_8] mov rdi, [rsp+0C8h+arg_18] mov rsi, [rsp+0C8h+arg_10] mov rbp, [rsp+0C8h+arg_8] mov rbx, [rsp+0C8h+arg_0] add rsp, 0C8h retn sub_10000DD10 endp algn_10000E412: align 20h sub_10000E420 proc near arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov [rsp+28h+arg_8], rbx mov [rsp+28h+arg_18], rdi xor edi, edi cmp [rcx+0A0h], edi mov rbx, rcx jbe short loc_10000E47F loc_10000E43B: mov [rsp+28h+arg_10], rsi mov rsi, rdi loc_10000E443: mov rcx, [rbx+90h] xor r8d, r8d ; bErase xor edx, edx ; lpRect mov rcx, [rcx+rsi+8] ; hWnd call cs:InvalidateRect mov rcx, [rbx+90h] mov rcx, [rcx+rsi+8] ; hWnd call cs:UpdateWindow inc edi add rsi, 10h cmp edi, [rbx+0A0h] jb short loc_10000E443 mov rsi, [rsp+28h+arg_10] loc_10000E47F: mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_8] add rsp, 28h retn sub_10000E420 endp algn_10000E48E: align 20h sub_10000E4A0 proc near var_58= qword ptr -58h var_40= qword ptr -40h var_38= qword ptr -38h var_30= qword ptr -30h var_28= qword ptr -28h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_20= qword ptr 28h arg_28= qword ptr 30h sub rsp, 78h mov [rsp+78h+var_8], rbx mov [rsp+78h+var_10], rbp mov [rsp+78h+var_28], r12 mov [rsp+78h+var_30], r13 mov [rsp+78h+var_38], r14 mov r14d, [rdx+8] sub r14d, [rdx] mov [rsp+78h+var_40], r15 mov eax, 10624DD3h lea edx, [r14-1] mov r12, rcx mov rcx, [rcx+38h] ; HDC mov ebx, r9d imul edx mov r15d, edx mov rdx, r8 ; HGDIOBJ sar r15d, 7 mov eax, r15d shr eax, 1Fh add r15d, eax mov eax, 2 cmovz r15d, eax call cs:SelectObject mov r10d, [r12+74h] mov r13, [rsp+78h+arg_28] mov r9d, r10d mov [rsp+78h+var_58], rax sub r9d, [r12+6Ch] test r13, r13 jz short loc_10000E53E mov rbp, [rsp+78h+arg_20] mov ecx, [rbp+0] cmp ecx, 0FFFFFFFFh jz short loc_10000E54E mov eax, [r13+0] cmp eax, 0FFFFFFFFh jz short loc_10000E54E lea r8d, [rcx+rax] jmp short loc_10000E558 loc_10000E53E: mov rbp, [rsp+78h+arg_20] mov eax, [rbp+0] cmp eax, 0FFFFFFFFh jnz short loc_10000E555 loc_10000E54E: xor eax, eax jmp loc_10000E6F4 loc_10000E555: mov r8, rax loc_10000E558: mov r11, 0D6BF94D5E57A42BDh movsxd rcx, r9d loc_10000E565: mov [rsp+78h+var_18], rsi mov rax, r11 mov [rsp+78h+var_20], rdi mov edi, 0 mul r8 shr rdx, 17h mov rax, 47AE147AE147AE15h cmovnz edi, edx imul rcx, rbx mov [rsp+78h+arg_0], rcx imul rcx, r8 mul rcx mov rax, r11 sub rcx, rdx shr rcx, 1 add rcx, rdx shr rcx, 6 mul rcx mov rcx, [r12+38h] ; HDC mov eax, 1 shr rdx, 17h cmovz edx, eax xor r9d, r9d ; LPPOINT sub r10d, edx mov edx, [r12+70h] ; int mov r8d, r10d ; int call cs:MoveToEx mov rax, r13 mov r10d, 1 sub rax, rbp lea rbx, [rbp+4] mov rbp, [rsp+78h+arg_0] mov [rsp+78h+arg_8], rax mov dword ptr [rsp+78h+arg_28], r10d mov esi, r15d loc_10000E601: cmp esi, r14d jge loc_10000E6D0 test r13, r13 jz short loc_10000E62C mov ecx, [rbx] cmp ecx, 0FFFFFFFFh jz loc_10000E6E8 mov eax, [rax+rbx] cmp eax, 0FFFFFFFFh jz loc_10000E6E8 lea r8d, [rcx+rax] jmp short loc_10000E63A loc_10000E62C: mov eax, [rbx] cmp eax, 0FFFFFFFFh jz loc_10000E6E8 mov r8, rax loc_10000E63A: mov r9, 0D6BF94D5E57A42BDh mov rcx, rbp mov rax, r9 mul r8 mov eax, edi shr rdx, 17h cmp rdx, rax mov rax, 47AE147AE147AE15h cmova edi, edx imul rcx, r8 mov r8d, [r12+74h] mul rcx mov rax, r9 sub rcx, rdx shr rcx, 1 add rcx, rdx shr rcx, 6 mul rcx mov rcx, [r12+38h] ; HDC shr rdx, 17h cmovz edx, r10d sub r8d, edx ; int mov edx, [r12+70h] sub edx, esi ; int call cs:LineTo mov ecx, dword ptr [rsp+78h+arg_28] mov rax, [rsp+78h+arg_8] inc ecx add esi, r15d add rbx, 4 cmp ecx, 7D0h mov dword ptr [rsp+78h+arg_28], ecx mov r10d, 1 jl loc_10000E601 loc_10000E6D0: mov rax, [rsp+78h+var_58] test rax, rax jz short loc_10000E6E8 mov rcx, [r12+38h] ; HDC mov rdx, rax ; HGDIOBJ call cs:SelectObject loc_10000E6E8: mov rsi, [rsp+78h+var_18] mov eax, edi mov rdi, [rsp+78h+var_20] loc_10000E6F4: mov r15, [rsp+78h+var_40] mov r14, [rsp+78h+var_38] mov r13, [rsp+78h+var_30] mov r12, [rsp+78h+var_28] mov rbp, [rsp+78h+var_10] mov rbx, [rsp+78h+var_8] add rsp, 78h retn sub_10000E4A0 endp algn_10000E717: align 20h sub_10000E720 proc near var_58= qword ptr -58h var_50= qword ptr -50h var_48= dword ptr -48h var_40= dword ptr -40h var_38= dword ptr -38h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 78h cmp r8d, [rcx+98h] mov [rax+10h], rbp mov [rax+20h], rdi mov [rax-10h], r13 mov rdi, rcx mov ebp, 1 mov r13, rdx ja loc_10000E98E mov ecx, [rcx+9Ch] mov r10d, [rdi+0A0h] mov r9d, [rdi+18h] lea eax, [r10+rcx] cmp eax, r9d jbe short loc_10000E76B mov ecx, r9d sub ecx, r10d loc_10000E76B: mov [rsp+78h+arg_10], rsi mov [rsp+78h+var_20], r15 xor r15d, r15d cmp ecx, r9d cmovnb ecx, r15d lea esi, [rcx+r8] cmp esi, r9d jnb loc_10000E981 cmp esi, r9d jnb short loc_10000E7A4 mov rax, [rdi+10h] mov rcx, [rax+rsi*8] mov eax, [rcx+4D00h] jmp short loc_10000E7A7 loc_10000E7A4: mov eax, r15d loc_10000E7A7: cmp cs:dword_100030008, r15d jz short loc_10000E7DF cmp eax, ebp jnb short loc_10000E7BB mov ebp, 64h jmp short loc_10000E7DF loc_10000E7BB: cmp eax, 5 jnb short loc_10000E7C7 mov ebp, 14h jmp short loc_10000E7DF loc_10000E7C7: cmp eax, 19h jnb short loc_10000E7D3 mov ebp, 4 jmp short loc_10000E7DF loc_10000E7D3: cmp eax, 32h mov ebp, r15d setb bpl inc ebp loc_10000E7DF: cmp [rdi+38h], r15 jz loc_10000E981 loc_10000E7E9: mov [rsp+78h+arg_0], rbx mov ecx, 4 ; int mov [rsp+78h+var_8], r12 loc_10000E7FB: mov [rsp+78h+var_18], r14 call cs:GetStockObject mov rcx, [rdi+38h] ; hDC lea rdx, [rdi+68h] ; lprc mov r8, rax ; hbr call cs:FillRect mov rdx, [rdi+38h] lea r8, [rdi+68h] mov r9d, ebp mov rcx, rdi call sub_10000D300 mov ebx, r15d add [r13+28h], eax cmp cs:dword_10003000C, r15d mov r14d, eax jz short loc_10000E878 cmp esi, [rdi+18h] jnb short loc_10000E853 mov rcx, [rdi+10h] mov r8, [rcx+rsi*8] add r8, 0A14h jmp short loc_10000E856 loc_10000E853: mov r8, r15 loc_10000E856: mov [rsp+78h+var_50], r15 mov [rsp+78h+var_58], r8 mov r8, [rdi+50h] lea rdx, [r13+28h] mov r9d, ebp mov rcx, rdi call sub_10000E4A0 test eax, eax cmovnz ebx, eax loc_10000E878: cmp cs:dword_100030010, r15d jz short loc_10000E8BC cmp esi, [rdi+18h] jnb short loc_10000E897 mov rax, [rdi+10h] mov rdx, [rax+rsi*8] add rdx, 2954h jmp short loc_10000E89A loc_10000E897: mov rdx, r15 loc_10000E89A: mov r8, [rdi+58h] mov [rsp+78h+var_50], r15 mov [rsp+78h+var_58], rdx lea rdx, [r13+28h] mov r9d, ebp mov rcx, rdi call sub_10000E4A0 cmp eax, ebx cmova ebx, eax loc_10000E8BC: cmp cs:dword_100030014, r15d jz short loc_10000E919 cmp esi, [rdi+18h] jnb short loc_10000E8DB mov rax, [rdi+10h] mov r8, [rax+rsi*8] add r8, 2954h jmp short loc_10000E8DE loc_10000E8DB: mov r8, r15 loc_10000E8DE: cmp esi, [rdi+18h] jnb short loc_10000E8F4 mov rax, [rdi+10h] mov rdx, [rax+rsi*8] add rdx, 0A14h jmp short loc_10000E8F7 loc_10000E8F4: mov rdx, r15 loc_10000E8F7: mov [rsp+78h+var_50], r8 mov r8, [rdi+60h] mov [rsp+78h+var_58], rdx lea rdx, [r13+28h] mov r9d, ebp mov rcx, rdi call sub_10000E4A0 cmp eax, ebx cmova ebx, eax loc_10000E919: sub [r13+28h], r14d cmp esi, [rdi+18h] mov r14, [rsp+78h+var_18] jnb short loc_10000E935 loc_10000E927: mov rax, [rdi+10h] mov rcx, [rax+rsi*8] mov [rcx+4D00h], ebx loc_10000E935: mov ecx, [r13+34h] mov r8d, [r13+2Ch] ; int mov rax, [rdi+38h] mov edx, [r13+28h] ; int mov r9d, [r13+30h] mov [rsp+78h+var_38], 0CC0020h sub ecx, r8d mov [rsp+78h+var_40], r15d mov [rsp+78h+var_48], r15d mov [rsp+78h+var_50], rax mov dword ptr [rsp+78h+var_58], ecx mov rcx, [r13+20h] ; HDC sub r9d, edx ; int call cs:BitBlt mov r12, [rsp+78h+var_8] mov rbx, [rsp+78h+arg_0] loc_10000E981: mov rsi, [rsp+78h+arg_10] mov r15, [rsp+78h+var_20] loc_10000E98E: mov r13, [rsp+78h+var_10] mov rdi, [rsp+78h+arg_18] mov rbp, [rsp+78h+arg_8] add rsp, 78h retn sub_10000E720 endp algn_10000E9A8: align 10h sub_10000E9B0 proc near var_278= qword ptr -278h var_270= dword ptr -270h var_268= dword ptr -268h var_260= qword ptr -260h Format= NUMBERFMTW ptr -258h lParam= qword ptr -228h var_220= dword ptr -220h var_210= qword ptr -210h var_200= qword ptr -200h var_1D8= byte ptr -1D8h Value= word ptr -108h var_106= word ptr -106h var_38= qword ptr -38h var_28= qword ptr -28h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov r11, rsp sub rsp, 298h mov rax, cs:qword_10002C178 mov [rsp+298h+var_38], rax mov [r11+10h], rbx mov [r11+18h], rbp mov [r11+20h], rsi mov [r11-8], rdi mov rsi, rcx mov [r11-10h], r12 mov edi, [rsi+18h] mov [r11-18h], r13 xor ecx, ecx mov r13d, ecx mov rcx, [rsi+0B0h] ; hWnd mov [r11-20h], r14 xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov edx, 1004h ; Msg mov [rsp+298h+var_268], edi mov [r11-28h], r15 call cs:SendMessageW xor edx, edx test edi, edi mov r14, rax mov rbx, rdx mov [rsp+298h+var_260], rdx mov r15d, edx jz loc_10000F1D2 lea rcx, WindowName lea r9, __ImageBase lea r10, word_10002EA40 lea r11, word_10002EA80 loc_10000EA44: cmp cs:dword_10002FEF8, 0 mov ebp, edx mov r12, rdx jl loc_10000F1BB lea rdi, dword_10002FEF8 mov rax, rdi loc_10000EA60: movsxd r8, dword ptr [rax] mov dword ptr [rsp+298h+lParam], 1 mov [rsp+298h+var_220], ebp cmp r8d, 19h ; switch 26 cases mov dword ptr [rsp+298h+lParam+4], r13d mov [rsp+298h+var_210], rcx mov [rsp+298h+var_200], rdx ja loc_10000F11E ; default movzx eax, ds:(byte_10000F244 - 100000000h)[r9+r8] mov ecx, ds:(off_10000F230 - 100000000h)[r9+rax*4] add rcx, r9 jmp rcx ; switch jump loc_10000EAA4: ; jumptable 10000EAA2 cases 0,1,4 cmp r15d, [rsi+18h] jnb loc_10000EBBC test r8d, r8d jz loc_10000EBA1 dec r8d jz loc_10000EB86 cmp r8d, 3 jnz loc_10000EBBC mov rax, [rsi+10h] movzx ecx, byte ptr [rsi+1Ch] mov rax, [rax+rbx*8] imul rcx, 35Ch mov edx, [rax+rcx+57Ch] cmp edx, 5 ; switch 6 cases ja loc_10000EB72 ; default mov ecx, ds:(off_10000F260 - 100000000h)[r9+rdx*4] add rcx, r9 jmp rcx ; switch jump loc_10000EAFA: ; jumptable 10000EAF8 case 0 lea rax, unk_10002EC80 mov [rsp+298h+var_210], rax jmp loc_10000F11E ; default loc_10000EB0E: ; jumptable 10000EAF8 case 1 lea rax, unk_10002EC40 mov [rsp+298h+var_210], rax jmp loc_10000F11E ; default loc_10000EB22: ; jumptable 10000EAF8 case 2 lea rax, unk_10002EC00 mov [rsp+298h+var_210], rax jmp loc_10000F11E ; default loc_10000EB36: ; jumptable 10000EAF8 case 3 lea rax, unk_10002EBC0 mov [rsp+298h+var_210], rax jmp loc_10000F11E ; default loc_10000EB4A: ; jumptable 10000EAF8 case 4 lea rax, unk_10002EB80 mov [rsp+298h+var_210], rax jmp loc_10000F11E ; default loc_10000EB5E: ; jumptable 10000EAF8 case 5 lea rax, unk_10002EB40 mov [rsp+298h+var_210], rax jmp loc_10000F11E ; default loc_10000EB72: ; default lea rax, unk_10002EB00 mov [rsp+298h+var_210], rax jmp loc_10000F11E ; default loc_10000EB86: mov rax, [rsi+10h] mov rax, [rax+rbx*8] add rax, 48A2h mov [rsp+298h+var_210], rax jmp loc_10000F11E ; default loc_10000EBA1: mov rax, [rsi+10h] mov rax, [rax+rbx*8] add rax, 4AA2h mov [rsp+298h+var_210], rax jmp loc_10000F11E ; default loc_10000EBBC: mov rax, rdx mov [rsp+298h+var_210], rdx jmp loc_10000F11E ; default loc_10000EBCC: ; jumptable 10000EAA2 cases 2,5-7 cmp cs:dword_100030018, 0 mov r9d, edx lea rcx, [rsi+8] setz r9b mov edx, r15d call sub_10000BF90 mov r8d, 0Ah ; int mov rbx, rax mov rax, 0D6BF94D5E57A42BDh mul rbx mov rdi, rdx lea rdx, [rsp+298h+Value] ; wchar_t * shr rdi, 17h mov rcx, rdi ; unsigned __int64 call _ui64tow test rax, rax jz loc_10000EE26 lea r9, [rsp+298h+Value] lea rcx, [rsp+298h+var_1D8] lea rax, [rsp+298h+var_1D8] sub r9, rcx mov r8d, 64h db 66h, 66h nop loc_10000EC40: movzx ecx, word ptr [r9+rax] test cx, cx jz short loc_10000EC58 mov [rax], cx add rax, 2 dec r8 jnz short loc_10000EC40 jmp short loc_10000EC5D loc_10000EC58: test r8, r8 jnz short loc_10000EC61 loc_10000EC5D: sub rax, 2 loc_10000EC61: test rdi, rdi mov word ptr [rax], 0 jnz loc_10000EE26 imul rbx, 64h mov rax, 0D6BF94D5E57A42BDh mul rbx mov rbx, rdx shr rbx, 17h jz loc_10000EE26 lea r8d, [rdi+0Ah] ; int lea rdx, [rsp+298h+Value] ; wchar_t * mov rcx, rbx ; unsigned __int64 call _ui64tow test rax, rax jz loc_10000EE26 lea rax, [rsp+298h+var_1D8] lea ecx, [rdi+64h] loc_10000ECB5: cmp word ptr [rax], 0 jz short loc_10000ECC6 add rax, 2 dec rcx jnz short loc_10000ECB5 jmp short loc_10000ED16 loc_10000ECC6: test rcx, rcx jz short loc_10000ED16 mov eax, 64h mov edx, 64h sub rax, rcx sub rdx, rax lea rcx, [rsp+rax*2+298h+var_1D8] jz short loc_10000ED16 lea r8, word_10002EA40 sub r8, rcx nop loc_10000ECF0: movzx eax, word ptr [r8+rcx] test ax, ax jz short loc_10000ED08 mov [rcx], ax add rcx, 2 dec rdx jnz short loc_10000ECF0 jmp short loc_10000ED0D loc_10000ED08: test rdx, rdx jnz short loc_10000ED11 loc_10000ED0D: sub rcx, 2 loc_10000ED11: mov word ptr [rcx], 0 loc_10000ED16: cmp rbx, 0Ah jnb loc_10000ED96 lea rax, [rsp+298h+var_1D8] mov ecx, 64h db 66h, 66h nop loc_10000ED30: cmp word ptr [rax], 0 jz short loc_10000ED41 add rax, 2 dec rcx jnz short loc_10000ED30 jmp short loc_10000ED96 loc_10000ED41: test rcx, rcx jz short loc_10000ED96 mov eax, 64h mov edx, 64h sub rax, rcx sub rdx, rax lea rcx, [rsp+rax*2+298h+var_1D8] jz short loc_10000ED96 lea r8, unk_10002ECC0 sub r8, rcx db 66h, 66h nop db 66h, 66h nop loc_10000ED70: movzx eax, word ptr [r8+rcx] test ax, ax jz short loc_10000ED88 mov [rcx], ax add rcx, 2 dec rdx jnz short loc_10000ED70 jmp short loc_10000ED8D loc_10000ED88: test rdx, rdx jnz short loc_10000ED91 loc_10000ED8D: sub rcx, 2 loc_10000ED91: mov word ptr [rcx], 0 loc_10000ED96: movzx eax, [rsp+298h+var_106] mov ecx, 0 cmp ax, 30h cmovz ax, cx mov ecx, 64h mov [rsp+298h+var_106], ax lea rax, [rsp+298h+var_1D8] loc_10000EDC0: cmp word ptr [rax], 0 jz short loc_10000EDD1 add rax, 2 dec rcx jnz short loc_10000EDC0 jmp short loc_10000EE26 loc_10000EDD1: test rcx, rcx jz short loc_10000EE26 mov eax, 64h mov edx, 64h sub rax, rcx sub rdx, rax lea rcx, [rsp+rax*2+298h+var_1D8] jz short loc_10000EE26 lea r8, [rsp+298h+Value] sub r8, rcx db 66h nop db 66h, 66h nop loc_10000EE00: movzx eax, word ptr [r8+rcx] test ax, ax jz short loc_10000EE18 mov [rcx], ax add rcx, 2 dec rdx jnz short loc_10000EE00 jmp short loc_10000EE1D loc_10000EE18: test rdx, rdx jnz short loc_10000EE21 loc_10000EE1D: sub rcx, 2 loc_10000EE21: mov word ptr [rcx], 0 loc_10000EE26: lea rax, [rsp+298h+var_1D8] mov ecx, 64h loc_10000EE33: cmp word ptr [rax], 0 jz short loc_10000EE44 add rax, 2 dec rcx jnz short loc_10000EE33 jmp short loc_10000EE96 loc_10000EE44: test rcx, rcx jz short loc_10000EE96 mov eax, 64h mov edx, 64h sub rax, rcx sub rdx, rax lea rcx, [rsp+rax*2+298h+var_1D8] jz short loc_10000EE96 lea r8, asc_1000038D8 ; " " sub r8, rcx db 66h, 66h nop loc_10000EE70: movzx eax, word ptr [r8+rcx] test ax, ax jz short loc_10000EE88 mov [rcx], ax add rcx, 2 dec rdx jnz short loc_10000EE70 jmp short loc_10000EE8D loc_10000EE88: test rdx, rdx jnz short loc_10000EE91 loc_10000EE8D: sub rcx, 2 loc_10000EE91: mov word ptr [rcx], 0 loc_10000EE96: lea rax, [rsp+298h+var_1D8] mov ecx, 64h loc_10000EEA3: cmp word ptr [rax], 0 jz short loc_10000EEB4 add rax, 2 dec rcx jnz short loc_10000EEA3 jmp short loc_10000EF06 loc_10000EEB4: test rcx, rcx jz short loc_10000EF06 mov eax, 64h mov edx, 64h sub rax, rcx sub rdx, rax lea rcx, [rsp+rax*2+298h+var_1D8] jz short loc_10000EF06 lea r8, unk_10002ED00 sub r8, rcx db 66h, 66h nop loc_10000EEE0: movzx eax, word ptr [r8+rcx] test ax, ax jz short loc_10000EEF8 mov [rcx], ax add rcx, 2 dec rdx jnz short loc_10000EEE0 jmp short loc_10000EEFD loc_10000EEF8: test rdx, rdx jnz short loc_10000EF01 loc_10000EEFD: sub rcx, 2 loc_10000EF01: mov word ptr [rcx], 0 loc_10000EF06: mov rbx, [rsp+298h+var_260] lea rax, [rsp+298h+var_1D8] lea rdi, dword_10002FEF8 mov [rsp+298h+var_210], rax jmp loc_10000F11E ; default loc_10000EF27: ; jumptable 10000EAA2 case 3 cmp cs:dword_100030018, 0 mov r9d, edx lea rcx, [rsi+8] mov r8d, 3 mov edx, r15d setz r9b call sub_10000BF90 lea r8, [rsp+298h+var_1D8] mov r9d, 64h mov rdx, rax mov rcx, rsi call sub_10000B930 lea r11, [rsp+298h+var_1D8] mov ecx, 64h db 66h, 66h nop loc_10000EF70: cmp word ptr [r11], 0 jz short loc_10000EF95 add r11, 2 dec rcx jnz short loc_10000EF70 lea rax, [rsp+298h+var_1D8] mov [rsp+298h+var_210], rax jmp loc_10000F11E ; default loc_10000EF95: test rcx, rcx jz short loc_10000EFE6 mov eax, 64h mov edx, 64h sub rax, rcx sub rdx, rax lea rcx, [rsp+rax*2+298h+var_1D8] jz short loc_10000EFE6 lea r8, unk_10002ED80 sub r8, rcx db 66h nop loc_10000EFC0: movzx eax, word ptr [r8+rcx] test ax, ax jz short loc_10000EFD8 mov [rcx], ax add rcx, 2 dec rdx jnz short loc_10000EFC0 jmp short loc_10000EFDD loc_10000EFD8: test rdx, rdx jnz short loc_10000EFE1 loc_10000EFDD: sub rcx, 2 loc_10000EFE1: mov word ptr [rcx], 0 loc_10000EFE6: lea rax, [rsp+298h+var_1D8] mov [rsp+298h+var_210], rax jmp loc_10000F11E ; default loc_10000EFFB: ; jumptable 10000EAA2 cases 8-13 mov eax, cs:dword_10002EA3C cmp cs:dword_100030018, 0 mov r9d, edx mov [rsp+298h+Format.NumDigits], edx mov [rsp+298h+Format.LeadingZero], edx mov [rsp+298h+Format.NegativeOrder], edx lea rcx, [rsi+8] setz r9b mov edx, r15d mov [rsp+298h+Format.Grouping], eax mov [rsp+298h+Format.lpDecimalSep], r10 mov [rsp+298h+Format.lpThousandSep], r11 call sub_10000BF90 lea rdx, [rsp+298h+Value] ; wchar_t * mov r8d, 0Ah ; int mov rcx, rax ; unsigned __int64 call _ui64tow lea rax, [rsp+298h+var_1D8] lea r9, [rsp+298h+Format] ; lpFormat lea r8, [rsp+298h+Value] ; lpValue xor edx, edx ; dwFlags mov ecx, 400h ; Locale mov [rsp+298h+var_270], 64h mov [rsp+298h+var_278], rax call cs:GetNumberFormatW lea r11, [rsp+298h+var_1D8] mov [rsp+298h+var_210], r11 jmp loc_10000F11E ; default loc_10000F08F: ; jumptable 10000EAA2 cases 14-25 mov eax, cs:dword_10002EA3C cmp cs:dword_100030018, 0 mov r9d, edx mov [rsp+298h+Format.NumDigits], edx mov [rsp+298h+Format.LeadingZero], edx mov [rsp+298h+Format.NegativeOrder], edx lea rcx, [rsi+8] setz r9b mov edx, r15d mov [rsp+298h+Format.Grouping], eax mov [rsp+298h+Format.lpDecimalSep], r10 mov [rsp+298h+Format.lpThousandSep], r11 call sub_10000BF90 lea rdx, [rsp+298h+Value] ; wchar_t * mov r8d, 0Ah ; int mov rcx, rax ; unsigned __int64 call _ui64tow lea rax, [rsp+298h+var_1D8] lea r9, [rsp+298h+Format] ; lpFormat lea r8, [rsp+298h+Value] ; lpValue xor edx, edx ; dwFlags mov ecx, 400h ; Locale mov [rsp+298h+var_270], 64h mov [rsp+298h+var_278], rax call cs:GetNumberFormatW lea r11, [rsp+298h+var_1D8] mov [rsp+298h+var_210], r11 loc_10000F11E: ; default cmp r13d, r14d jb short loc_10000F168 mov rcx, [rsi+0B0h] ; hWnd or dword ptr [rsp+298h+lParam], 4 lea r9, [rsp+298h+lParam] ; lParam xor r8d, r8d ; wParam mov edx, 104Dh ; Msg call cs:SendMessageW cmp eax, 0FFFFFFFFh jz loc_10000F229 mov rcx, [rsi+0B0h] ; hWnd xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov edx, 1004h ; Msg call cs:SendMessageW mov r14d, eax jmp short loc_10000F182 loc_10000F168: ; hWnd mov rcx, [rsi+0B0h] lea r9, [rsp+298h+lParam] ; lParam xor r8d, r8d ; wParam mov edx, 104Ch ; Msg call cs:SendMessageW loc_10000F182: inc r12 inc ebp cmp dword ptr [rdi+r12*4], 0 lea rax, [rdi+r12*4] mov edx, 0 lea r9, __ImageBase lea rcx, WindowName lea r10, word_10002EA40 lea r11, word_10002EA80 jge loc_10000EA60 mov edi, [rsp+298h+var_268] loc_10000F1BB: inc rbx inc r15d inc r13d cmp r15d, edi mov [rsp+298h+var_260], rbx jb loc_10000EA44 loc_10000F1D2: xor eax, eax loc_10000F1D4: mov r15, [rsp+298h+var_28] mov r14, [rsp+298h+var_20] mov r13, [rsp+298h+var_18] mov r12, [rsp+298h+var_10] mov rdi, [rsp+298h+var_8] mov rsi, [rsp+298h+arg_18] mov rbp, [rsp+298h+arg_10] mov rbx, [rsp+298h+arg_8] mov rcx, [rsp+298h+var_38] call sub_1000258D0 add rsp, 298h retn loc_10000F229: mov eax, 80004005h jmp short loc_10000F1D4 sub_10000E9B0 endp off_10000F230 dd offset loc_10000EAA4 - offset __ImageBase ; jump table for switch statement dd offset loc_10000EBCC - offset __ImageBase dd offset loc_10000EF27 - offset __ImageBase dd offset loc_10000EFFB - offset __ImageBase dd offset loc_10000F08F - offset __ImageBase byte_10000F244 db 0, 0, 1, 2 ; indirect table for switch statement db 0, 1, 1, 1 db 3, 3, 3, 3 db 3, 3, 4, 4 db 4, 4, 4, 4 db 4, 4, 4, 4 db 4, 4 align 20h off_10000F260 dd offset loc_10000EAFA - offset __ImageBase ; jump table for switch statement dd offset loc_10000EB0E - offset __ImageBase dd offset loc_10000EB22 - offset __ImageBase dd offset loc_10000EB36 - offset __ImageBase dd offset loc_10000EB4A - offset __ImageBase dd offset loc_10000EB5E - offset __ImageBase algn_10000F278: align 20h sub_10000F280 proc near var_18= byte ptr -18h arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 38h mov [rsp+38h+arg_0], rbx mov rbx, rcx lea rdx, [rsp+38h+var_18] add rcx, 8 mov [rsp+38h+arg_18], rdi mov [rsp+38h+var_18], 0 call sub_10000B6F0 test eax, eax js loc_10000F384 cmp dword ptr [rbx+78h], 0 jz loc_10000F34C loc_10000F2B6: mov [rsp+38h+arg_8], rbp xor ebp, ebp cmp [rbx+18h], ebp jbe short loc_10000F340 loc_10000F2C2: mov [rsp+38h+arg_10], rsi xor esi, esi db 66h, 66h nop db 66h, 66h, 66h nop loc_10000F2D0: mov rax, [rbx+10h] mov r8d, 35Ch ; size_t mov rdx, [rsi+rax] movzx eax, byte ptr [rbx+1Ch] inc rax mov rcx, rdx ; void * imul rax, 35Ch add rdx, rax ; void * call memmove movzx eax, byte ptr [rbx+1Ch] mov r11, [rbx+10h] mov r8, [rsi+r11] xor ecx, ecx lea rdx, [rax+1] imul rdx, 35Ch test al, al setz cl add rdx, r8 ; void * inc rcx imul rcx, 35Ch add rcx, r8 ; void * mov r8d, 35Ch ; size_t call memmove inc ebp add rsi, 8 cmp ebp, [rbx+18h] jb short loc_10000F2D0 mov rsi, [rsp+38h+arg_10] loc_10000F340: mov rbp, [rsp+38h+arg_8] mov dword ptr [rbx+78h], 0 loc_10000F34C: cmp [rsp+38h+var_18], 0 jz short loc_10000F37C lea rcx, [rbx+8] call sub_10000B000 mov rcx, rbx call sub_10000DD10 mov rcx, [rbx+0B0h] ; hWnd xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov edx, 1009h ; Msg call cs:SendMessageW loc_10000F37C: mov rcx, rbx call sub_10000E9B0 loc_10000F384: mov rdi, [rsp+38h+arg_18] mov rbx, [rsp+38h+arg_0] add rsp, 38h retn sub_10000F280 endp algn_10000F393: align 20h sub_10000F3A0 proc near push rbx sub rsp, 20h mov rbx, rcx add rcx, 8 call sub_10000B000 mov rcx, rbx call sub_10000DD10 mov rcx, [rbx+0B0h] xor r9d, r9d xor r8d, r8d mov edx, 1009h add rsp, 20h pop rbx jmp cs:SendMessageW sub_10000F3A0 endp algn_10000F3D8: align 20h sub_10000F3E0 proc near arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h cmp dword ptr [rcx+7Ch], 0 mov [rsp+28h+arg_8], rbx mov rbx, rcx jnz short loc_10000F3FF cmp cs:dword_100030020, 0 jz loc_10000F4A1 loc_10000F3FF: mov r8d, cs:dword_10002FEB4 mov eax, 0D5555555h add r8d, 2 imul r8d sar edx, 1 mov eax, edx shr eax, 1Fh add edx, eax lea eax, [rdx+rdx*2] lea ecx, [r8+rax*4] mov cs:dword_10002FEB4, ecx mov rcx, rbx call sub_10000F280 mov rcx, cs:hWnd ; hWnd call cs:IsIconic test eax, eax jnz short loc_10000F4A1 loc_10000F441: mov [rsp+28h+arg_10], rsi xor esi, esi cmp [rbx+0A0h], esi jbe short loc_10000F49C loc_10000F450: mov [rsp+28h+arg_18], rdi mov rdi, rsi db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_10000F460: mov rcx, [rbx+90h] xor r8d, r8d ; bErase xor edx, edx ; lpRect mov rcx, [rdi+rcx+8] ; hWnd call cs:InvalidateRect mov rcx, [rbx+90h] mov rcx, [rdi+rcx+8] ; hWnd call cs:UpdateWindow inc esi add rdi, 10h cmp esi, [rbx+0A0h] jb short loc_10000F460 mov rdi, [rsp+28h+arg_18] loc_10000F49C: mov rsi, [rsp+28h+arg_10] loc_10000F4A1: mov rbx, [rsp+28h+arg_8] add rsp, 28h retn sub_10000F3E0 endp algn_10000F4AB: align 20h sub_10000F4C0 proc near nPos= tagSCROLLINFO ptr -28h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 48h mov [rsp+48h+arg_10], rbx mov rbx, rdx mov [rsp+48h+arg_18], rdi mov rdi, rcx mov rcx, [rcx+0A8h] ; HWND lea r8, [rsp+48h+nPos] ; LPSCROLLINFO mov edx, 2 ; int mov [rsp+48h+nPos.cbSize], 1Ch mov [rsp+48h+nPos.fMask], 17h call cs:GetScrollInfo test eax, eax jz loc_10000F59F mov edx, [rsp+48h+nPos.nMax] movzx eax, bx cmp eax, 7 ; switch 8 cases ja short loc_10000F55E ; default lea r8, __ImageBase mov ecx, ds:(off_10000F5B0 - 100000000h)[r8+rax*4] add rcx, r8 jmp rcx ; switch jump loc_10000F523: ; jumptable 10000F521 case 7 mov eax, edx jmp short loc_10000F562 loc_10000F527: ; jumptable 10000F521 case 6 mov eax, [rsp+48h+nPos.nMin] jmp short loc_10000F56C loc_10000F52D: ; jumptable 10000F521 case 1 mov eax, [rsp+48h+nPos.nPos] inc eax jmp short loc_10000F562 loc_10000F535: ; jumptable 10000F521 case 0 mov eax, [rsp+48h+nPos.nPos] dec eax jmp short loc_10000F562 loc_10000F53D: ; jumptable 10000F521 case 2 mov eax, [rsp+48h+nPos.nPos] sub eax, [rdi+0A0h] jmp short loc_10000F562 loc_10000F549: ; jumptable 10000F521 case 3 mov eax, [rsp+48h+nPos.nPos] add eax, [rdi+0A0h] jmp short loc_10000F562 loc_10000F555: ; jumptable 10000F521 cases 4,5 shr rbx, 10h movzx eax, bx jmp short loc_10000F562 loc_10000F55E: ; default mov eax, [rsp+48h+nPos.nPos] loc_10000F562: mov r8d, [rsp+48h+nPos.nMin] cmp eax, r8d jl short loc_10000F575 loc_10000F56C: mov r8d, eax cmp eax, edx cmovg r8d, edx ; nPos loc_10000F575: ; hWnd mov rcx, [rdi+0A8h] mov edx, 2 ; nBar mov [rsp+48h+nPos.nPos], r8d lea r9d, [rdx-1] ; bRedraw mov [rdi+9Ch], r8d call cs:SetScrollPos mov rcx, rdi call sub_10000DBF0 loc_10000F59F: mov rdi, [rsp+48h+arg_18] mov rbx, [rsp+48h+arg_10] add rsp, 48h retn sub_10000F4C0 endp align 10h off_10000F5B0 dd offset loc_10000F535 - offset __ImageBase ; jump table for switch statement dd offset loc_10000F52D - offset __ImageBase dd offset loc_10000F53D - offset __ImageBase dd offset loc_10000F549 - offset __ImageBase dd offset loc_10000F555 - offset __ImageBase dd offset loc_10000F555 - offset __ImageBase dd offset loc_10000F527 - offset __ImageBase dd offset loc_10000F523 - offset __ImageBase algn_10000F5D0: align 20h ; INT_PTR __stdcall sub_10000F5E0(HWND, UINT, WPARAM, LPARAM) sub_10000F5E0 proc near var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov [rsp+28h+arg_0], rbx mov [rsp+28h+arg_8], rbp mov [rsp+28h+arg_10], rsi mov ebx, edx mov [rsp+28h+arg_18], rdi mov edx, 0FFFFFFEBh ; nIndex mov [rsp+28h+var_8], r12 mov rbp, r9 mov rsi, r8 mov r12, rcx call cs:GetWindowLongPtrW cmp ebx, 0A3h mov rdi, rax jb short loc_10000F65A cmp ebx, 0A5h jbe short loc_10000F636 cmp ebx, 202h jbe short loc_10000F65A cmp ebx, 205h ja short loc_10000F65A loc_10000F636: ; hWnd mov rcx, cs:hWnd mov r9, rbp ; lParam mov r8, rsi ; wParam mov edx, ebx ; Msg call cs:SendMessageW mov rax, 1 jmp loc_10000F7A9 loc_10000F65A: cmp ebx, 110h ja loc_10000F73A cmp ebx, 110h jz loc_10000F6FA cmp ebx, 2 jz short loc_10000F6DC cmp ebx, 5 jz short loc_10000F6C5 cmp ebx, 18h jz short loc_10000F6C5 cmp ebx, 2Bh jnz loc_10000F7A7 cmp rsi, 9C4h jb loc_10000F7A7 mov eax, [rax+98h] add eax, 9C4h cmp rsi, rax ja loc_10000F7A7 lea r8d, [rsi-9C4h] mov rdx, rbp mov rcx, rdi call sub_10000E720 lea eax, [rbx-2Ah] jmp loc_10000F7A9 loc_10000F6C5: mov rcx, rax call sub_10000DD10 mov rax, 1 jmp loc_10000F7A9 loc_10000F6DC: ; nIDDlgItem mov edx, 0A28h mov rcx, r12 ; hDlg call cs:GetDlgItem mov rcx, rdi mov rdx, rax call sub_10000C8D0 jmp loc_10000F7A7 loc_10000F6FA: ; dwNewLong mov r8, rbp mov edx, 0FFFFFFEBh ; nIndex mov rcx, r12 ; hWnd call cs:SetWindowLongPtrW mov edx, 0FFFFFFF0h ; nIndex mov rcx, r12 ; hWnd call cs:GetWindowLongW mov edx, 0FFFFFFF0h ; nIndex mov rcx, r12 ; hWnd bts eax, 19h mov r8d, eax ; dwNewLong call cs:SetWindowLongW mov rax, 1 jmp short loc_10000F7A9 loc_10000F73A: cmp ebx, 111h jz short loc_10000F799 cmp ebx, 115h jz short loc_10000F78C cmp ebx, 200h jbe short loc_10000F7A7 cmp ebx, 202h ja short loc_10000F7A7 test byte ptr cs:dword_10003015C, 10h jz short loc_10000F7A7 mov rcx, cs:hWnd ; hWnd xor edx, edx cmp ebx, 202h setz dl mov r9, rbp ; lParam mov r8d, 2 ; wParam add edx, 0A1h ; Msg call cs:SendMessageW jmp short loc_10000F7A7 loc_10000F78C: mov rdx, rsi mov rcx, rax call sub_10000F4C0 jmp short loc_10000F7A7 loc_10000F799: cmp si, 966h jnz short loc_10000F7A7 mov dword ptr [rax+78h], 1 loc_10000F7A7: xor eax, eax loc_10000F7A9: mov r12, [rsp+28h+var_8] mov rdi, [rsp+28h+arg_18] mov rsi, [rsp+28h+arg_10] mov rbp, [rsp+28h+arg_8] mov rbx, [rsp+28h+arg_0] add rsp, 28h retn sub_10000F5E0 endp algn_10000F7C7: align 10h ; [00000005 BYTES: COLLAPSED FUNCTION std::ios_base::width(void). PRESS KEYPAD "+" TO EXPAND] align 20h sub_10000F7E0 proc near sub rsp, 28h mov eax, cs:dword_1000301A4 test al, 1 jnz short loc_10000F80E or eax, 1 mov edx, 220h ; ulRID xor ecx, ecx ; hToken mov cs:dword_1000301A4, eax call SHTestTokenMembership mov cs:dword_1000301A0, eax add rsp, 28h retn loc_10000F80E: mov eax, cs:dword_1000301A0 add rsp, 28h retn sub_10000F7E0 endp algn_10000F819: align 20h ; INT_PTR __stdcall sub_10000F820(HWND, UINT, WPARAM, LPARAM) sub_10000F820 proc near var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 48h sub edx, 110h mov [rax+8], rbx mov [rax+10h], rbp mov [rax+18h], rsi mov [rax+20h], rdi mov rsi, rcx jz loc_10000F9D7 dec edx jnz loc_10000F9D0 cmp r8w, 1 jnz loc_10000F9BE mov rcx, cs:qword_100030188 loc_10000F860: mov [rax-8], r12 mov [rax-10h], r13 mov [rax-18h], r14 mov [rax-20h], r15 call sub_100013FF0 mov r14d, 1 mov cs:dword_100030024, 0 lea rdi, unk_100030028 lea r12, unk_10002D6EC lea r13, dword_100002FC4 lea r15, dword_10002FED0 mov ebx, r14d loc_10000F8A4: ; nIDButton mov edx, [r13+0] test edx, edx js loc_10000F96D mov rcx, rsi ; hDlg call cs:IsDlgButtonChecked cmp eax, 1 jnz short loc_10000F915 cmp [rdi], ebx jz short loc_10000F90C mov ebp, r14d lea rax, unk_1000300F0 lea rdx, [r15+rbp*4+1BCh] ; void * sub eax, edx jz short loc_10000F8E4 lea rcx, [rdx+4] ; void * mov r8d, eax ; size_t call memmove loc_10000F8E4: ; void * lea rdx, [r15+rbp*4+154h] lea rax, unk_100030088 sub eax, edx jz short loc_10000F903 lea rcx, [rdx+4] ; void * mov r8d, eax ; size_t call memmove loc_10000F903: mov eax, [r12] mov [rdi+68h], eax mov [rdi], ebx loc_10000F90C: inc r14d add rdi, 4 jmp short loc_10000F95A loc_10000F915: cmp [rdi], ebx jnz short loc_10000F95A mov ebp, r14d lea rax, unk_1000300F0 lea rcx, [r15+rbp*4+1BCh] ; void * sub eax, ecx jz short loc_10000F93B lea rdx, [rcx+4] ; void * mov r8d, eax ; size_t call memmove loc_10000F93B: ; void * lea rcx, [r15+rbp*4+154h] lea rax, unk_100030088 sub eax, ecx jz short loc_10000F95A lea rdx, [rcx+4] ; void * mov r8d, eax ; size_t call memmove loc_10000F95A: inc ebx add r13, 4 add r12, 8 cmp ebx, 19h jl loc_10000F8A4 loc_10000F96D: mov rcx, cs:qword_100030188 movsxd rax, r14d mov dword ptr [r15+rax*4+154h], 0FFFFFFFFh call sub_10000FBC0 mov rcx, cs:qword_100030188 mov rax, [rcx] call qword ptr [rax+30h] mov edx, 1 ; nResult mov rcx, rsi ; hDlg call cs:EndDialog mov r15, [rsp+48h+var_20] mov r14, [rsp+48h+var_18] mov r13, [rsp+48h+var_10] mov r12, [rsp+48h+var_8] xor eax, eax jmp loc_10000FA7E loc_10000F9BE: cmp r8w, 2 jnz short loc_10000F9D0 mov edx, 2 ; nResult call cs:EndDialog loc_10000F9D0: xor eax, eax jmp loc_10000FA7E loc_10000F9D7: lea rbp, byte_100002FC0 mov cs:qword_100030188, r9 lea rdi, dword_100003024 mov rbx, rbp nop loc_10000F9F0: ; nIDButton mov edx, [rbx] xor r8d, r8d ; uCheck mov rcx, rsi ; hDlg call cs:CheckDlgButton add rbx, 4 cmp rbx, rdi jl short loc_10000F9F0 cmp cs:dword_10002F478, 0 jnz short loc_10000FA42 mov edx, 440h ; nIDDlgItem mov rcx, rsi ; hDlg call cs:GetDlgItem xor edx, edx ; nCmdShow mov rcx, rax ; hWnd call cs:ShowWindow mov edx, 43Fh ; nIDDlgItem mov rcx, rsi ; hDlg call cs:GetDlgItem xor edx, edx ; nCmdShow mov rcx, rax ; hWnd call cs:ShowWindow loc_10000FA42: lea rbx, dword_100030024 lea rdi, unk_10003008C loc_10000FA50: movsxd rax, dword ptr [rbx] cmp eax, 0FFFFFFFFh jz short loc_10000FA74 mov edx, [rbp+rax*4+0] ; nIDButton mov r8d, 1 ; uCheck mov rcx, rsi ; hDlg call cs:CheckDlgButton add rbx, 4 cmp rbx, rdi jl short loc_10000FA50 loc_10000FA74: mov rax, 1 loc_10000FA7E: mov rdi, [rsp+48h+arg_18] mov rsi, [rsp+48h+arg_10] mov rbp, [rsp+48h+arg_8] mov rbx, [rsp+48h+arg_0] add rsp, 48h retn sub_10000F820 endp algn_10000FA97: align 20h sub_10000FAA0 proc near sub ecx, 20h jz short loc_10000FADA sub ecx, 60h jz short loc_10000FAD4 add ecx, 0FFFFFF80h jz short loc_10000FACE sub ecx, 3F00h jz short loc_10000FAC8 cmp ecx, 4000h jz short loc_10000FAC2 xor eax, eax retn loc_10000FAC2: mov eax, 3 retn loc_10000FAC8: mov eax, 1 retn loc_10000FACE: mov eax, 5 retn loc_10000FAD4: mov eax, 4 retn loc_10000FADA: mov eax, 2 retn sub_10000FAA0 endp db 10h dup(0CCh) sub_10000FAF0 proc near Caption= word ptr -438h Text= word ptr -228h var_18= qword ptr -18h var_8= qword ptr -8 arg_18= qword ptr 20h mov r11, rsp sub rsp, 458h mov rax, cs:qword_10002C178 mov [rsp+458h+var_18], rax mov [r11+20h], rbx mov [r11-8], rdi mov rdi, rcx mov rcx, cs:hInstance ; hInstance mov ebx, r8d lea r8, [rsp+458h+Caption] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, 2717h ; uID call cs:LoadStringW test eax, eax jz short loc_10000FB83 mov rcx, cs:hInstance ; hInstance lea r8, [rsp+458h+Text] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, ebx ; uID call cs:LoadStringW test eax, eax jz short loc_10000FB83 mov rcx, [rdi+8] ; hWnd lea r8, [rsp+458h+Caption] ; lpCaption lea rdx, [rsp+458h+Text] ; lpText mov r9d, 34h ; uType call cs:MessageBoxW xor ecx, ecx cmp eax, 6 setnz cl lea eax, [rcx+6] jmp short loc_10000FB88 loc_10000FB83: mov eax, 7 loc_10000FB88: mov rdi, [rsp+458h+var_8] mov rbx, [rsp+458h+arg_18] mov rcx, [rsp+458h+var_18] call sub_1000258D0 add rsp, 458h retn sub_10000FAF0 endp algn_10000FBAD: align 20h sub_10000FBC0 proc near lParam= qword ptr -268h var_260= dword ptr -260h var_258= qword ptr -258h var_24C= dword ptr -24Ch Buffer= word ptr -238h var_28= qword ptr -28h var_10= qword ptr -10h var_8= qword ptr -8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 288h mov rax, cs:qword_10002C178 mov [rsp+288h+var_28], rax mov rcx, [rcx+8] ; hDlg mov edx, 3F1h ; nIDDlgItem mov [rsp+288h+arg_18], rsi call cs:GetDlgItem test rax, rax mov rsi, rax jnz short loc_10000FBFF mov eax, 8000FFFFh jmp loc_10000FD2E loc_10000FBFF: ; lParam xor r9d, r9d xor r8d, r8d ; wParam mov edx, 1009h ; Msg mov rcx, rax ; hWnd call cs:SendMessageW nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_10000FC20: ; lParam xor r9d, r9d xor r8d, r8d ; wParam mov edx, 101Ch ; Msg mov rcx, rsi ; hWnd call cs:SendMessageW test eax, eax jnz short loc_10000FC20 loc_10000FC38: mov [rsp+288h+arg_8], rbx mov [rsp+288h+arg_10], rbp mov [rsp+288h+var_8], rdi xor edi, edi mov [rsp+288h+var_10], r12 cmp cs:dword_100030024, edi jl loc_10000FD0C lea rax, dword_100030024 lea r12, __ImageBase mov rbx, rax db 66h, 66h nop db 66h, 66h nop db 66h, 66h nop loc_10000FC80: movsxd rbp, dword ptr [rax] mov rcx, cs:hInstance ; hInstance lea r8, [rsp+288h+Buffer] ; lpBuffer mov edx, [r12+rbp*4+3030h] ; uID mov r9d, 104h ; nBufferMax call cs:LoadStringW mov eax, [r12+rbp*8+2D6E0h] mov dword ptr [rsp+288h+lParam], 7 mov dword ptr [rsp+288h+lParam+4], eax mov eax, [rbx+68h] cmp eax, 0FFFFFFFFh jnz short loc_10000FCCD mov eax, [r12+rbp*8+2D6E4h] mov [rsp+288h+var_260], eax jmp short loc_10000FCD1 loc_10000FCCD: mov [rsp+288h+var_260], eax loc_10000FCD1: lea rax, [rsp+288h+Buffer] lea r9, [rsp+288h+lParam] ; lParam movsxd r8, edi ; wParam mov edx, 1061h ; Msg mov rcx, rsi ; hWnd mov [rsp+288h+var_24C], edi mov [rsp+288h+var_258], rax call cs:SendMessageW cmp eax, 0FFFFFFFFh jz short loc_10000FD4B add rbx, 4 inc edi cmp dword ptr [rbx], 0 mov rax, rbx jge loc_10000FC80 loc_10000FD0C: xor eax, eax loc_10000FD0E: mov rdi, [rsp+288h+var_8] mov rbp, [rsp+288h+arg_10] mov rbx, [rsp+288h+arg_8] mov r12, [rsp+288h+var_10] loc_10000FD2E: mov rsi, [rsp+288h+arg_18] mov rcx, [rsp+288h+var_28] call sub_1000258D0 add rsp, 288h retn loc_10000FD4B: mov eax, 80004005h jmp short loc_10000FD0E sub_10000FBC0 endp algn_10000FD52: align 20h sub_10000FD60 proc near arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov r8, [rcx+0B0h] mov rax, [rdx+0B0h] mov [rsp+28h+arg_8], rbx mov [rsp+28h+arg_10], rsi test r8, r8 mov [rsp+28h+arg_18], rdi mov rdi, rcx mov rsi, rdx cmovnz rdi, r8 test rax, rax cmovnz rsi, rax cmp rdi, rsi jnz short loc_10000FDC0 test r8, r8 jz short loc_10000FE01 test rax, rax jz short loc_10000FDE8 mov rdx, [rdx+0A8h] ; lpString2 mov rcx, [rcx+0A8h] ; lpString1 call cs:lstrcmpiW test eax, eax jnz loc_10001016F loc_10000FDC0: movsxd rax, cs:dword_10002D6D0 mov ebx, 0FFFFFFFFh cmp eax, 18h ; switch 25 cases ja loc_100010148 ; default lea rdx, __ImageBase mov ecx, ds:(off_100010184 - 100000000h)[rdx+rax*4] add rcx, rdx jmp rcx ; switch jump loc_10000FDE8: mov eax, 1 mov rdi, [rsp+28h+arg_18] mov rsi, [rsp+28h+arg_10] mov rbx, [rsp+28h+arg_8] add rsp, 28h retn loc_10000FE01: mov eax, 0FFFFFFFFh mov rdi, [rsp+28h+arg_18] mov rsi, [rsp+28h+arg_10] mov rbx, [rsp+28h+arg_8] add rsp, 28h retn loc_10000FE1A: ; jumptable 10000FDE6 case 4 movzx ecx, byte ptr [rdi+1Ch] movzx edx, byte ptr [rsi+1Ch] cmp rcx, rdx jnb short loc_10000FE2E mov eax, ebx jmp loc_10001014A loc_10000FE2E: xor eax, eax cmp rcx, rdx setnbe al jmp loc_10001014A loc_10000FE3B: ; jumptable 10000FDE6 case 5 mov rcx, [rdi+20h] mov rdx, [rsi+20h] cmp rcx, rdx jnb short loc_10000FE4F mov eax, ebx jmp loc_10001014A loc_10000FE4F: xor eax, eax cmp rcx, rdx setnbe al jmp loc_10001014A loc_10000FE5C: ; jumptable 10000FDE6 case 6 mov rcx, [rdi+30h] mov rdx, [rsi+30h] cmp rcx, rdx jnb short loc_10000FE70 mov eax, ebx jmp loc_10001014A loc_10000FE70: xor eax, eax cmp rcx, rdx setnbe al jmp loc_10001014A loc_10000FE7D: ; jumptable 10000FDE6 case 8 mov rcx, [rdi+38h] mov rdx, [rsi+38h] cmp rcx, rdx jnb short loc_10000FE91 mov eax, ebx jmp loc_10001014A loc_10000FE91: xor eax, eax cmp rcx, rdx setnbe al jmp loc_10001014A loc_10000FE9E: ; jumptable 10000FDE6 case 7 mov rcx, [rdi+0C0h] mov rdx, [rsi+0C0h] cmp rcx, rdx jnb short loc_10000FEB8 mov eax, ebx jmp loc_10001014A loc_10000FEB8: xor eax, eax cmp rcx, rdx setnbe al jmp loc_10001014A loc_10000FEC5: ; jumptable 10000FDE6 case 9 mov ecx, [rdi+40h] mov edx, [rsi+40h] cmp rcx, rdx jnb short loc_10000FED7 mov eax, ebx jmp loc_10001014A loc_10000FED7: xor eax, eax cmp rcx, rdx setnbe al jmp loc_10001014A loc_10000FEE4: ; jumptable 10000FDE6 case 10 movsxd rcx, dword ptr [rdi+44h] movsxd rdx, dword ptr [rsi+44h] cmp rcx, rdx jnb short loc_10000FEF8 mov eax, ebx jmp loc_10001014A loc_10000FEF8: xor eax, eax cmp rcx, rdx setnbe al jmp loc_10001014A loc_10000FF05: ; jumptable 10000FDE6 case 11 mov rcx, [rdi+48h] mov rdx, [rsi+48h] cmp rcx, rdx jnb short loc_10000FF19 mov eax, ebx jmp loc_10001014A loc_10000FF19: xor eax, eax cmp rcx, rdx setnbe al jmp loc_10001014A loc_10000FF26: ; jumptable 10000FDE6 case 12 mov rcx, [rdi+50h] mov rdx, [rsi+50h] cmp rcx, rdx jnb short loc_10000FF3A mov eax, ebx jmp loc_10001014A loc_10000FF3A: xor eax, eax cmp rcx, rdx setnbe al jmp loc_10001014A loc_10000FF47: ; jumptable 10000FDE6 case 13 mov rcx, [rdi+58h] mov rdx, [rsi+58h] cmp rcx, rdx jnb short loc_10000FF5B mov eax, ebx jmp loc_10001014A loc_10000FF5B: xor eax, eax cmp rcx, rdx setnbe al jmp loc_10001014A loc_10000FF68: ; jumptable 10000FDE6 case 14 mov ecx, [rdi+60h] call sub_10000FAA0 mov ecx, [rsi+60h] mov edx, eax call sub_10000FAA0 mov r8d, eax cmp rdx, r8 jnb short loc_10000FF89 mov eax, ebx jmp loc_10001014A loc_10000FF89: xor eax, eax cmp rdx, r8 setnbe al jmp loc_10001014A loc_10000FF96: ; jumptable 10000FDE6 case 15 mov ecx, [rdi+64h] mov edx, [rsi+64h] cmp rcx, rdx jnb short loc_10000FFA8 mov eax, ebx jmp loc_10001014A loc_10000FFA8: xor eax, eax cmp rcx, rdx setnbe al jmp loc_10001014A loc_10000FFB5: ; jumptable 10000FDE6 case 16 mov ecx, [rdi+68h] mov edx, [rsi+68h] cmp rcx, rdx jnb short loc_10000FFC7 mov eax, ebx jmp loc_10001014A loc_10000FFC7: xor eax, eax cmp rcx, rdx setnbe al jmp loc_10001014A loc_10000FFD4: ; jumptable 10000FDE6 case 1 mov ecx, [rdi+8] mov edx, [rsi+8] cmp rcx, rdx jnb short loc_10000FFE6 mov eax, ebx jmp loc_10001014A loc_10000FFE6: xor eax, eax cmp rcx, rdx setnbe al jmp loc_10001014A loc_10000FFF3: ; jumptable 10000FDE6 case 3 mov ecx, [rdi+18h] mov edx, [rsi+18h] cmp rcx, rdx jnb short loc_100010005 mov eax, ebx jmp loc_10001014A loc_100010005: xor eax, eax cmp rcx, rdx setnbe al jmp loc_10001014A loc_100010012: ; jumptable 10000FDE6 case 2 mov rdx, [rsi+10h] mov rcx, [rdi+10h] ; lpString1 call cs:lstrcmpiW jmp loc_10001014A loc_100010025: ; jumptable 10000FDE6 case 0 mov rdx, [rsi+0A8h] mov rcx, [rdi+0A8h] ; lpString1 call cs:lstrcmpiW jmp loc_10001014A loc_10001003E: ; jumptable 10000FDE6 case 17 mov ecx, [rdi+70h] mov edx, [rsi+70h] cmp rcx, rdx jnb short loc_100010050 mov eax, ebx jmp loc_10001014A loc_100010050: xor eax, eax cmp rcx, rdx setnbe al jmp loc_10001014A loc_10001005D: ; jumptable 10000FDE6 case 18 mov ecx, [rdi+6Ch] mov edx, [rsi+6Ch] cmp rcx, rdx jnb short loc_10001006F mov eax, ebx jmp loc_10001014A loc_10001006F: xor eax, eax cmp rcx, rdx setnbe al jmp loc_10001014A loc_10001007C: ; jumptable 10000FDE6 case 19 mov rcx, [rdi+78h] mov rdx, [rsi+78h] cmp rcx, rdx jnb short loc_100010090 mov eax, ebx jmp loc_10001014A loc_100010090: xor eax, eax cmp rcx, rdx setnbe al jmp loc_10001014A loc_10001009D: ; jumptable 10000FDE6 case 20 mov rcx, [rdi+80h] mov rdx, [rsi+80h] cmp rcx, rdx jnb short loc_1000100B7 mov eax, ebx jmp loc_10001014A loc_1000100B7: xor eax, eax cmp rcx, rdx setnbe al jmp loc_10001014A loc_1000100C4: ; jumptable 10000FDE6 case 21 mov rcx, [rdi+88h] mov rdx, [rsi+88h] cmp rcx, rdx jnb short loc_1000100DB mov eax, ebx jmp short loc_10001014A loc_1000100DB: xor eax, eax cmp rcx, rdx setnbe al jmp short loc_10001014A loc_1000100E5: ; jumptable 10000FDE6 case 22 mov rcx, [rdi+90h] mov rdx, [rsi+90h] cmp rcx, rdx jnb short loc_1000100FC mov eax, ebx jmp short loc_10001014A loc_1000100FC: xor eax, eax cmp rcx, rdx setnbe al jmp short loc_10001014A loc_100010106: ; jumptable 10000FDE6 case 23 mov rcx, [rdi+98h] mov rdx, [rsi+98h] cmp rcx, rdx jnb short loc_10001011D mov eax, ebx jmp short loc_10001014A loc_10001011D: xor eax, eax cmp rcx, rdx setnbe al jmp short loc_10001014A loc_100010127: ; jumptable 10000FDE6 case 24 mov rcx, [rdi+0A0h] mov rdx, [rsi+0A0h] cmp rcx, rdx jnb short loc_10001013E mov eax, ebx jmp short loc_10001014A loc_10001013E: xor eax, eax cmp rcx, rdx setnbe al jmp short loc_10001014A loc_100010148: ; default xor eax, eax loc_10001014A: mov ecx, cs:dword_10002D6D4 imul eax, ecx test eax, eax jnz short loc_10001016F mov eax, [rdi+8] mov edx, [rsi+8] cmp rax, rdx jb short loc_10001016A xor ebx, ebx cmp rax, rdx setnbe bl loc_10001016A: imul ebx, ecx mov eax, ebx loc_10001016F: mov rdi, [rsp+28h+arg_18] mov rsi, [rsp+28h+arg_10] mov rbx, [rsp+28h+arg_8] add rsp, 28h retn sub_10000FD60 endp align 4 off_100010184 dd offset loc_100010025 - offset __ImageBase ; jump table for switch statement dd offset loc_10000FFD4 - offset __ImageBase dd offset loc_100010012 - offset __ImageBase dd offset loc_10000FFF3 - offset __ImageBase dd offset loc_10000FE1A - offset __ImageBase dd offset loc_10000FE3B - offset __ImageBase dd offset loc_10000FE5C - offset __ImageBase dd offset loc_10000FE9E - offset __ImageBase dd offset loc_10000FE7D - offset __ImageBase dd offset loc_10000FEC5 - offset __ImageBase dd offset loc_10000FEE4 - offset __ImageBase dd offset loc_10000FF05 - offset __ImageBase dd offset loc_10000FF26 - offset __ImageBase dd offset loc_10000FF47 - offset __ImageBase dd offset loc_10000FF68 - offset __ImageBase dd offset loc_10000FF96 - offset __ImageBase dd offset loc_10000FFB5 - offset __ImageBase dd offset loc_10001003E - offset __ImageBase dd offset loc_10001005D - offset __ImageBase dd offset loc_10001007C - offset __ImageBase dd offset loc_10001009D - offset __ImageBase dd offset loc_1000100C4 - offset __ImageBase dd offset loc_1000100E5 - offset __ImageBase dd offset loc_100010106 - offset __ImageBase dd offset loc_100010127 - offset __ImageBase algn_1000101E8: align 10h sub_1000101F0 proc near var_18= dword ptr -18h arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 38h mov [rsp+38h+arg_10], rsi mov [rsp+38h+arg_18], rdi mov rdi, rcx mov [rsp+38h+arg_8], rbx xor esi, esi db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_100010210: mov rdx, [rdi+20h] test rdx, rdx jz short loc_100010242 mov r8d, [rdi+28h] lea r9, [rsp+38h+var_18] mov ecx, 5 call cs:NtQuerySystemInformation test eax, eax jns loc_1000102D0 cmp eax, 0C0000004h jnz short loc_1000102B7 mov ecx, [rsp+38h+var_18] jmp short loc_100010248 loc_100010242: mov ecx, esi mov [rsp+38h+var_18], esi loc_100010248: mov rbx, [rdi+20h] test rbx, rbx jz short loc_10001026D call cs:GetProcessHeap mov r8, rbx ; lpMem xor edx, edx ; dwFlags mov rcx, rax ; hHeap call cs:HeapFree mov ecx, [rsp+38h+var_18] mov [rdi+20h], rsi loc_10001026D: mov eax, ecx shr eax, 4 lea ebx, [rax+rcx+1000h] mov [rdi+28h], rbx call cs:GetProcessHeap mov r8, rbx ; dwBytes mov rcx, rax ; hHeap xor edx, edx ; dwFlags call cs:HeapAlloc test rax, rax mov [rdi+20h], rax jnz loc_100010210 mov eax, 8007000Eh mov rdi, [rsp+38h+arg_18] mov rsi, [rsp+38h+arg_10] mov rbx, [rsp+38h+arg_8] add rsp, 38h retn loc_1000102B7: mov eax, 80004005h mov rdi, [rsp+38h+arg_18] mov rsi, [rsp+38h+arg_10] mov rbx, [rsp+38h+arg_8] add rsp, 38h retn loc_1000102D0: mov rdi, [rsp+38h+arg_18] mov rbx, [rsp+38h+arg_8] mov eax, esi mov rsi, [rsp+38h+arg_10] add rsp, 38h retn sub_1000101F0 endp algn_1000102E6: align 10h sub_1000102F0 proc near var_A8= qword ptr -0A8h var_A0= dword ptr -0A0h Format= NUMBERFMTW ptr -98h Value= word ptr -68h var_28= qword ptr -28h var_10= qword ptr -10h var_8= qword ptr -8 mov r11, rsp sub rsp, 0C8h mov rax, cs:qword_10002C178 mov [rsp+0C8h+var_28], rax xor ecx, ecx mov [r11-8], rbx mov rax, rdx mov [r11-10h], rdi mov rdi, r8 lea r8d, [rcx+0Ah] ; int mov [rsp+0C8h+Format.LeadingZero], ecx mov [rsp+0C8h+Format.Grouping], ecx mov dword ptr [rsp+0C8h+Format+0Ch], ecx mov dword ptr [rsp+0C8h+Format.lpDecimalSep], ecx mov dword ptr [rsp+0C8h+Format.lpDecimalSep+4], ecx mov dword ptr [rsp+0C8h+Format.lpThousandSep], ecx mov dword ptr [rsp+0C8h+Format.lpThousandSep+4], ecx mov [rsp+0C8h+Format.NegativeOrder], ecx mov dword ptr [rsp+0C8h+Format._padding], ecx lea rdx, [r11-68h] ; wchar_t * mov rcx, rax ; __int64 mov ebx, r9d mov [rsp+0C8h+Format.NumDigits], 0 call _i64tow mov r11d, cs:dword_10002EA3C lea rax, word_10002EA80 lea r9, [rsp+0C8h+Format] ; lpFormat lea r8, [rsp+0C8h+Value] ; lpValue xor edx, edx ; dwFlags mov ecx, 400h ; Locale mov [rsp+0C8h+var_A0], ebx mov [rsp+0C8h+Format.Grouping], r11d mov [rsp+0C8h+Format.lpThousandSep], rax mov [rsp+0C8h+Format.lpDecimalSep], rax mov [rsp+0C8h+var_A8], rdi call cs:GetNumberFormatW mov rdi, [rsp+0C8h+var_10] mov rbx, [rsp+0C8h+var_8] mov rcx, [rsp+0C8h+var_28] call sub_1000258D0 add rsp, 0C8h retn sub_1000102F0 endp algn_1000103BA: align 20h sub_1000103C0 proc near var_A8= qword ptr -0A8h var_A0= dword ptr -0A0h Format= NUMBERFMTW ptr -98h Value= word ptr -68h var_28= qword ptr -28h var_10= qword ptr -10h var_8= qword ptr -8 mov r11, rsp sub rsp, 0C8h mov rax, cs:qword_10002C178 mov [rsp+0C8h+var_28], rax xor ecx, ecx loc_1000103DB: mov [r11-8], rbx mov rax, rdx mov [r11-10h], rdi mov rdi, r8 lea r8d, [rcx+0Ah] ; int mov [rsp+0C8h+Format.LeadingZero], ecx mov [rsp+0C8h+Format.Grouping], ecx mov dword ptr [rsp+0C8h+Format+0Ch], ecx mov dword ptr [rsp+0C8h+Format.lpDecimalSep], ecx mov dword ptr [rsp+0C8h+Format.lpDecimalSep+4], ecx mov dword ptr [rsp+0C8h+Format.lpThousandSep], ecx mov dword ptr [rsp+0C8h+Format.lpThousandSep+4], ecx mov [rsp+0C8h+Format.NegativeOrder], ecx mov dword ptr [rsp+0C8h+Format._padding], ecx lea rdx, [r11-68h] ; wchar_t * mov rcx, rax ; __int64 movsxd rbx, r9d mov [rsp+0C8h+Format.NumDigits], 0 call _i64tow mov r11d, cs:dword_10002EA3C lea rax, word_10002EA80 lea r9, [rsp+0C8h+Format] ; lpFormat lea r8, [rsp+0C8h+Value] ; lpValue xor edx, edx ; dwFlags mov ecx, 400h ; Locale mov [rsp+0C8h+var_A0], ebx mov [rsp+0C8h+Format.Grouping], r11d mov [rsp+0C8h+Format.lpThousandSep], rax mov [rsp+0C8h+Format.lpDecimalSep], rax mov [rsp+0C8h+var_A8], rdi call cs:GetNumberFormatW mov r11, rbx cmp r11, 7FFFFFFFh mov rbx, [rsp+0C8h+var_8] ja short loc_1000104DC loc_100010479: test r11, r11 mov rax, rdi mov rcx, r11 jz short loc_1000104DC loc_100010484: cmp word ptr [rax], 0 jz short loc_100010495 add rax, 2 dec rcx jnz short loc_100010484 jmp short loc_1000104DC loc_100010495: test rcx, rcx jz short loc_1000104DC mov rax, r11 mov rdx, r11 sub rax, rcx sub rdx, rax lea rcx, [rdi+rax*2] jz short loc_1000104DC lea r8, asc_1000038D8 ; " " sub r8, rcx loc_1000104B6: movzx eax, word ptr [r8+rcx] test ax, ax jz short loc_1000104CE mov [rcx], ax add rcx, 2 dec rdx jnz short loc_1000104B6 jmp short loc_1000104D3 loc_1000104CE: test rdx, rdx jnz short loc_1000104D7 loc_1000104D3: sub rcx, 2 loc_1000104D7: mov word ptr [rcx], 0 loc_1000104DC: cmp r11, 7FFFFFFFh ja short loc_100010545 test r11, r11 mov rax, rdi mov rcx, r11 jz short loc_100010545 loc_1000104F0: cmp word ptr [rax], 0 jz short loc_100010501 add rax, 2 dec rcx jnz short loc_1000104F0 jmp short loc_100010545 loc_100010501: test rcx, rcx jz short loc_100010545 mov rax, r11 sub rax, rcx sub r11, rax lea rcx, [rdi+rax*2] jz short loc_100010545 lea rdx, unk_10002E9F8 sub rdx, rcx nop loc_100010520: movzx eax, word ptr [rdx+rcx] test ax, ax jz short loc_100010537 mov [rcx], ax add rcx, 2 dec r11 jnz short loc_100010520 jmp short loc_10001053C loc_100010537: test r11, r11 jnz short loc_100010540 loc_10001053C: sub rcx, 2 loc_100010540: mov word ptr [rcx], 0 loc_100010545: mov rdi, [rsp+0C8h+var_10] mov rcx, [rsp+0C8h+var_28] call sub_1000258D0 add rsp, 0C8h retn sub_1000103C0 endp algn_100010562: align 10h sub_100010570 proc near lParam= qword ptr -78h push rbx sub rsp, 90h xor r8d, r8d mov r10, rdx lea rdx, unk_1000300F4 mov ecx, r8d mov rax, r8 db 66h, 66h, 66h nop loc_100010590: mov r9d, [rax+rdx] cmp r9d, 0FFFFFFFFh jz short loc_1000105AD inc ecx mov dword ptr [rsp+rax+98h+lParam], r9d inc r8d add rax, 4 cmp ecx, 1Ah jb short loc_100010590 loc_1000105AD: test r8d, r8d jle short loc_1000105F3 xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov edx, 101Fh ; Msg mov rcx, r10 ; hWnd call cs:SendMessageW xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov rcx, rax ; hWnd mov edx, 1200h ; Msg mov rbx, rax call cs:SendMessageW lea r9, [rsp+98h+lParam] ; lParam mov edx, 1212h ; Msg movsxd r8, eax ; wParam mov rcx, rbx ; hWnd call cs:SendMessageW loc_1000105F3: add rsp, 90h pop rbx retn sub_100010570 endp byte_1000105FC db 14h dup(0CCh) sub_100010610 proc near var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 38h mov [rsp+38h+arg_0], rbx mov [rsp+38h+arg_8], rbp mov [rsp+38h+arg_10], rsi mov [rsp+38h+arg_18], rdi xor ebp, ebp mov [rsp+38h+var_8], r12 movsxd r12, dword ptr [rcx+10h] mov [rsp+38h+var_10], r13 mov rdi, rcx test r12, r12 mov r13, rdx mov esi, ebp mov rbx, rbp jle short loc_10001066E db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_100010650: mov rax, [rdi+8] mov rcx, r13 mov rdx, [rax+rbx*8] call sub_10000FD60 test eax, eax jg short loc_10001069F inc rbx inc esi cmp rbx, r12 jl short loc_100010650 loc_10001066E: movsxd rsi, dword ptr [rdi+10h] mov eax, [rdi+18h] lea ebx, [rsi+1] test ebx, ebx jnz loc_10001071B mov r8, [rdi+8] ; lpMem mov rcx, [rdi+20h] ; hHeap xor edx, edx ; dwFlags call cs:HeapFree mov [rdi+8], rbp mov [rdi+14h], ebp mov [rdi+10h], ebp jmp loc_1000107CC loc_10001069F: mov r12d, [rdi+10h] cmp esi, r12d jl short loc_1000106C2 lea edx, [rsi+1] mov r8d, 0FFFFFFFFh mov rcx, rdi call sub_100014710 test eax, eax jnz short loc_10001070B jmp loc_1000107D9 loc_1000106C2: lea edx, [r12+1] mov r8d, 0FFFFFFFFh mov rcx, rdi call sub_100014710 test eax, eax jz loc_1000107D9 mov r9, [rdi+8] lea eax, [rsi+1] movsxd rbx, esi movsxd rcx, eax sub r12d, esi lea rdx, [r9+rbx*8] ; void * movsxd r8, r12d lea rcx, [r9+rcx*8] ; void * shl r8, 3 ; size_t call memmove mov r11, [rdi+8] xor eax, eax mov [r11+rbx*8], rax loc_10001070B: mov rax, [rdi+8] movsxd rcx, esi mov [rax+rcx*8], r13 jmp loc_1000107D4 loc_10001071B: mov r10, [rdi+8] test r10, r10 jnz short loc_100010747 mov rcx, [rdi+20h] ; hHeap movsxd r8, ebx lea edx, [r10+8] ; dwFlags shl r8, 3 ; dwBytes call cs:HeapAlloc test rax, rax jz loc_1000107D9 mov [rdi+14h], ebx jmp short loc_1000107C5 loc_100010747: mov r8d, [rdi+14h] cmp ebx, r8d jg short loc_10001076C cmp ebx, esi jle short loc_1000107C9 mov eax, ebx lea rcx, [r10+rsi*8] ; void * xor edx, edx ; int sub eax, esi movsxd r8, eax shl r8, 3 ; size_t call memset jmp short loc_1000107C9 loc_10001076C: test eax, eax jnz short loc_100010797 mov eax, esi cdq and edx, 7 add eax, edx sar eax, 3 cmp eax, 4 mov ecx, eax jl short loc_10001078B mov eax, 400h cmp ecx, eax jg short loc_100010797 loc_10001078B: mov edx, 4 mov eax, ecx cmp ecx, edx cmovl eax, edx loc_100010797: ; hHeap mov rcx, [rdi+20h] add eax, r8d mov r12d, ebx cmp ebx, eax mov r8, r10 ; lpMem mov edx, 8 ; dwFlags cmovl r12d, eax movsxd r9, r12d shl r9, 3 ; dwBytes call cs:HeapReAlloc test rax, rax jz short loc_1000107D9 mov [rdi+14h], r12d loc_1000107C5: mov [rdi+8], rax loc_1000107C9: mov [rdi+10h], ebx loc_1000107CC: mov rax, [rdi+8] mov [rax+rsi*8], r13 loc_1000107D4: mov ebp, 1 loc_1000107D9: mov r13, [rsp+38h+var_10] mov r12, [rsp+38h+var_8] mov rdi, [rsp+38h+arg_18] mov rsi, [rsp+38h+arg_10] mov rbx, [rsp+38h+arg_0] mov eax, ebp mov rbp, [rsp+38h+arg_8] add rsp, 38h retn sub_100010610 endp byte_1000107FE db 12h dup(0CCh) sub_100010810 proc near arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov edx, 28h ; uBytes mov [rsp+28h+arg_8], rbp mov rbp, rcx lea ecx, [rdx+18h] ; uFlags mov [rsp+28h+arg_18], rdi call cs:LocalAlloc test rax, rax mov rdi, rax jz loc_1000108D5 loc_10001083B: mov [rsp+28h+arg_0], rbx call cs:GetProcessHeap xor ebx, ebx mov [rdi+8], rbx mov [rdi+10h], ebx mov [rdi+14h], ebx mov [rdi+20h], rax mov [rdi+18h], ebx lea rcx, qword_100003B10 mov [rdi], rcx mov rax, [rbp+0] mov [rsp+28h+arg_10], rsi movsxd rsi, dword ptr [rax+10h] test rsi, rsi jle short loc_1000108A0 db 66h, 66h, 66h nop db 66h, 66h nop db 66h, 66h, 66h nop loc_100010880: mov rax, [rbp+0] mov rcx, [rax+8] mov rdx, [rcx+rbx*8] mov rcx, rdi call sub_100010610 test eax, eax jz short loc_1000108E6 inc rbx cmp rbx, rsi jl short loc_100010880 loc_1000108A0: mov rcx, [rbp+0] test rcx, rcx jz short loc_1000108B3 mov rax, [rcx] mov edx, 1 call qword ptr [rax] loc_1000108B3: mov [rbp+0], rdi mov eax, 1 loc_1000108BC: mov rsi, [rsp+28h+arg_10] mov rbx, [rsp+28h+arg_0] mov rdi, [rsp+28h+arg_18] mov rbp, [rsp+28h+arg_8] add rsp, 28h retn loc_1000108D5: mov rdi, [rsp+28h+arg_18] mov rbp, [rsp+28h+arg_8] xor eax, eax add rsp, 28h retn loc_1000108E6: mov rax, [rdi] mov edx, 1 mov rcx, rdi call qword ptr [rax] xor eax, eax jmp short loc_1000108BC sub_100010810 endp algn_1000108F7: align 20h sub_100010900 proc near Wow64Process= dword ptr -258h Buffer= word ptr -248h var_38= qword ptr -38h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_28= dword ptr 30h mov r11, rsp sub rsp, 278h mov rax, cs:qword_10002C178 mov [rsp+278h+var_38], rax mov [rcx], r9 mov rax, [r8+28h] mov [r11-8], rbx add rax, [r8+30h] mov [r11-20h], rdi mov rdi, r8 mov r8, [rcx+20h] mov rbx, rcx cmp rax, r8 jge short loc_10001094C mov dword ptr [rcx+8], 0FFFFFFFFh mov eax, 80004005h jmp loc_100010E6D loc_10001094C: mov rcx, rax sub rcx, r8 jz short loc_100010963 or dword ptr [rbx+0C8h], 2 mov [rbx+28h], rax mov [rbx+20h], rax loc_100010963: mov rax, 20C49BA5E353F7CFh mov r8d, 1 imul rdx sar rdx, 7 mov rax, rdx shr rax, 3Fh add rdx, rax mov rax, rcx cmovnz r8, rdx cqo idiv r8 lea rcx, [rax+5] mov rax, 6666666666666667h imul rcx sar rdx, 2 mov rax, rdx shr rax, 3Fh add rdx, rax mov eax, 63h movzx ecx, dl cmp ecx, eax cmovg ecx, eax movzx eax, byte ptr [rbx+1Dh] cmp eax, ecx jz short loc_1000109D1 or dword ptr [rbx+0C8h], 1 mov [rbx+1Dh], cl mov [rbx+1Ch], cl loc_1000109D1: mov eax, [rdi+50h] cmp [rbx+8], eax jz short loc_1000109E9 or dword ptr [rbx+0C8h], 1000h mov eax, [rdi+50h] mov [rbx+8], eax loc_1000109E9: mov eax, [rdi+64h] cmp [rbx+18h], eax jz short loc_100010A01 or dword ptr [rbx+0C8h], 2000h mov eax, [rdi+64h] mov [rbx+18h], eax loc_100010A01: mov rax, [rdi+90h] mov rcx, [rbx+30h] cqo and edx, 3FFh add rax, rdx sar rax, 0Ah sub rax, rcx cmp [rbx+38h], rax jz short loc_100010A48 or dword ptr [rbx+0C8h], 8 mov rax, [rdi+90h] cqo and edx, 3FFh add rax, rdx sar rax, 0Ah sub rax, rcx mov [rbx+38h], rax loc_100010A48: mov rax, [rdi+88h] shr rax, 0Ah cmp [rbx+0C0h], rax jz short loc_100010A78 or dword ptr [rbx+0C8h], 40000h mov rax, [rdi+88h] shr rax, 0Ah mov [rbx+0C0h], rax loc_100010A78: mov rax, [rdi+90h] shr rax, 0Ah cmp rcx, rax jz short loc_100010A9E or dword ptr [rbx+0C8h], 4 mov rax, [rdi+90h] shr rax, 0Ah mov [rbx+30h], rax loc_100010A9E: mov ecx, [rbx+40h] mov eax, [rdi+80h] sub eax, ecx cmp [rbx+44h], eax jz short loc_100010AC0 or dword ptr [rbx+0C8h], 20h mov eax, [rdi+80h] sub eax, ecx mov [rbx+44h], eax loc_100010AC0: cmp ecx, [rdi+80h] jz short loc_100010AD8 or dword ptr [rbx+0C8h], 10h mov eax, [rdi+80h] mov [rbx+40h], eax loc_100010AD8: mov rax, [rdi+0C8h] shr rax, 0Ah cmp [rbx+48h], rax jz short loc_100010AFF or dword ptr [rbx+0C8h], 40h mov rax, [rdi+0C8h] shr rax, 0Ah mov [rbx+48h], rax loc_100010AFF: mov rax, [rdi+0A0h] shr rax, 0Ah cmp [rbx+50h], rax jz short loc_100010B29 or dword ptr [rbx+0C8h], 80h mov rax, [rdi+0A0h] shr rax, 0Ah mov [rbx+50h], rax loc_100010B29: mov rax, [rdi+0B0h] shr rax, 0Ah cmp [rbx+58h], rax jz short loc_100010B53 or dword ptr [rbx+0C8h], 100h mov rax, [rdi+0B0h] shr rax, 0Ah mov [rbx+58h], rax loc_100010B53: mov eax, [rdi+48h] cmp [rbx+60h], eax jz short loc_100010B6B or dword ptr [rbx+0C8h], 200h mov eax, [rdi+48h] mov [rbx+60h], eax loc_100010B6B: mov eax, [rdi+60h] cmp [rbx+64h], eax jz short loc_100010B83 or dword ptr [rbx+0C8h], 400h mov eax, [rdi+60h] mov [rbx+64h], eax loc_100010B83: mov eax, [rdi+4] cmp [rbx+68h], eax jz short loc_100010B9B or dword ptr [rbx+0C8h], 400h mov eax, [rdi+4] mov [rbx+68h], eax loc_100010B9B: mov rax, [rdi+0D0h] cmp [rbx+78h], rax jz short loc_100010BBD or dword ptr [rbx+0C8h], 80000h mov rax, [rdi+0D0h] mov [rbx+78h], rax loc_100010BBD: mov rax, [rdi+0D8h] cmp [rbx+80h], rax jz short loc_100010BE5 or dword ptr [rbx+0C8h], 100000h mov rax, [rdi+0D8h] mov [rbx+80h], rax loc_100010BE5: mov rax, [rdi+0E0h] cmp [rbx+88h], rax jz short loc_100010C0D or dword ptr [rbx+0C8h], 200000h mov rax, [rdi+0E0h] mov [rbx+88h], rax loc_100010C0D: mov rax, [rdi+0E8h] cmp [rbx+90h], rax jz short loc_100010C35 or dword ptr [rbx+0C8h], 400000h mov rax, [rdi+0E8h] mov [rbx+90h], rax loc_100010C35: mov rax, [rdi+0F0h] cmp [rbx+98h], rax jz short loc_100010C5D or dword ptr [rbx+0C8h], 800000h mov rax, [rdi+0F0h] mov [rbx+98h], rax loc_100010C5D: mov rax, [rdi+0F8h] cmp [rbx+0A0h], rax jz short loc_100010C85 or dword ptr [rbx+0C8h], 1000000h mov rax, [rdi+0F8h] mov [rbx+0A0h], rax loc_100010C85: ; dwProcessId mov r8d, [rbx+8] loc_100010C89: mov [rsp+278h+var_10], rbp xor ebp, ebp xor edx, edx ; bInheritHandle mov ecx, 400h ; dwDesiredAccess mov [rsp+278h+var_18], rsi mov [rsp+278h+Wow64Process], ebp call cs:OpenProcess test rax, rax mov rsi, rax jz short loc_100010D06 lea edx, [rbp+1] ; uiFlags mov rcx, rax ; hProcess call cs:GetGuiResources cmp [rbx+70h], eax jz short loc_100010CD2 or dword ptr [rbx+0C8h], 20000h mov [rbx+70h], eax loc_100010CD2: ; uiFlags xor edx, edx mov rcx, rsi ; hProcess call cs:GetGuiResources cmp [rbx+6Ch], eax jz short loc_100010CEF or dword ptr [rbx+0C8h], 10000h mov [rbx+6Ch], eax loc_100010CEF: ; Wow64Process lea rdx, [rsp+278h+Wow64Process] mov rcx, rsi ; hProcess call cs:IsWow64Process mov rcx, rsi ; hObject call cs:CloseHandle loc_100010D06: cmp [rsp+278h+arg_28], ebp jnz loc_100010E3B or dword ptr [rbx+0C8h], 800h cmp [rdi+40h], rbp jnz loc_100010DBF mov rcx, cs:hInstance ; hInstance lea r8, [rsp+278h+Buffer] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, 2715h ; uID mov [rsp+278h+Buffer], bp call cs:LoadStringW mov ecx, 40h ; uFlags inc eax mov esi, eax lea rdx, [rax+rax] ; uBytes call cs:LocalAlloc test rax, rax mov [rbx+0A8h], rax jnz short loc_100010D72 loc_100010D68: mov eax, 8007000Eh jmp loc_100010E5D loc_100010D72: cmp rsi, 7FFFFFFFh ja loc_100010E26 test rsi, rsi lea rcx, [rsp+278h+Buffer] jz loc_100010E26 db 66h, 66h nop loc_100010D90: movzx edx, word ptr [rcx] test dx, dx jz short loc_100010DB1 mov [rax], dx add rax, 2 add rcx, 2 dec rsi jnz short loc_100010D90 sub rax, 2 mov [rax], bp jmp short loc_100010E26 loc_100010DB1: test rsi, rsi jnz short loc_100010DBA sub rax, 2 loc_100010DBA: mov [rax], bp jmp short loc_100010E26 loc_100010DBF: movzx esi, word ptr [rdi+38h] mov eax, 4 shr esi, 1 lea ecx, [rax+3Ch] ; uFlags inc esi cmp [rsp+278h+Wow64Process], 1 cmovz ebp, eax lea edx, [rbp+rsi+0] add rdx, rdx ; uBytes call cs:LocalAlloc test rax, rax mov [rbx+0A8h], rax jz loc_100010D68 mov r8, [rdi+40h] mov edx, esi mov rcx, rax call sub_100008300 cmp [rsp+278h+Wow64Process], 1 jnz short loc_100010E26 mov rax, [rbx+0A8h] lea ecx, [rsi-1] lea edx, [rbp+1] lea rcx, [rax+rcx*2] lea r8, a32 ; " *32" call sub_100008300 loc_100010E26: cmp cs:dword_10002F478, 0 jz short loc_100010E3B lea rdx, [rdi+20h] mov rcx, rbx call sub_100010EA0 loc_100010E3B: test byte ptr cs:dword_10003015C, 40h jz short loc_100010E5B mov eax, [rbx+0BCh] test al, 1 jnz short loc_100010E52 test al, 2 jnz short loc_100010E5B loc_100010E52: or eax, 2 mov [rbx+0BCh], eax loc_100010E5B: xor eax, eax loc_100010E5D: mov rbp, [rsp+278h+var_10] mov rsi, [rsp+278h+var_18] loc_100010E6D: mov rdi, [rsp+278h+var_20] mov rbx, [rsp+278h+var_8] mov rcx, [rsp+278h+var_38] call sub_1000258D0 add rsp, 278h retn sub_100010900 endp algn_100010E92: align 20h sub_100010EA0 proc near var_268= qword ptr -268h var_258= dword ptr -258h uBytes= qword ptr -254h var_238= byte ptr -238h var_28= qword ptr -28h var_10= qword ptr -10h var_8= qword ptr -8 arg_10= qword ptr 18h arg_18= qword ptr 20h mov r11, rsp sub rsp, 288h mov rax, cs:qword_10002C178 mov [rsp+288h+var_28], rax mov [r11+18h], rbx mov [r11+20h], rbp mov [r11-10h], rdi mov rdi, rcx mov rcx, [rcx+0B0h] xor ebx, ebx test rcx, rcx mov rbp, rdx jz loc_100010F76 mov rcx, [rcx+10h] ; lpString test rcx, rcx jnz short loc_100010EF0 mov eax, 80004005h jmp loc_1000110FD loc_100010EF0: call cs:lstrlenW mov ecx, 40h ; uFlags inc eax mov ebx, eax lea rdx, [rax+rax] ; uBytes call cs:LocalAlloc test rax, rax mov r11, rax mov [rdi+10h], rax jnz short loc_100010F1F mov eax, 8007000Eh jmp loc_1000110FD loc_100010F1F: cmp rbx, 7FFFFFFFh ja short loc_100010F6F test rbx, rbx mov rax, [rdi+0B0h] mov rcx, [rax+10h] jz short loc_100010F6F loc_100010F38: movzx eax, word ptr [rcx] test ax, ax jz short loc_100010F60 mov [r11], ax add r11, 2 add rcx, 2 dec rbx jnz short loc_100010F38 sub r11, 2 xor eax, eax mov [r11], bx jmp loc_1000110FD loc_100010F60: test rbx, rbx jnz short loc_100010F69 sub r11, 2 loc_100010F69: mov word ptr [r11], 0 loc_100010F6F: xor eax, eax jmp loc_1000110FD loc_100010F76: mov edx, [rdi+8] loc_100010F79: mov [rsp+288h+var_8], rsi test edx, edx jnz loc_10001100D mov rax, cs:qword_100003AF0 lea rcx, [rsp+288h+uBytes+4] mov edx, 0Eh ; uBytes mov [rcx], rax mov eax, cs:dword_100003AF8 mov [rcx+8], eax movzx eax, cs:word_100003AFC mov [rcx+0Ch], ax lea ecx, [rdx+32h] ; uFlags call cs:LocalAlloc test rax, rax mov [rdi+10h], rax jnz short loc_100010FCD mov eax, 8007000Eh jmp loc_1000110F5 loc_100010FCD: mov r8d, 7 lea rcx, [rsp+288h+uBytes+4] loc_100010FD8: movzx edx, word ptr [rcx] test dx, dx jz short loc_100010FFC mov [rax], dx add rax, 2 add rcx, 2 dec r8 jnz short loc_100010FD8 sub rax, 2 mov [rax], bx jmp loc_1000110F3 loc_100010FFC: test r8, r8 jnz short loc_100011005 sub rax, 2 loc_100011005: mov [rax], bx jmp loc_1000110F3 loc_10001100D: mov r8, [rbp+0] lea rax, [rsp+288h+uBytes] xor r9d, r9d xor ecx, ecx mov dword ptr [rsp+288h+uBytes], ebx mov [rsp+288h+var_268], rax call WinStationGetProcessSid test al, al jnz loc_1000110F3 mov edx, dword ptr [rsp+288h+uBytes] ; uBytes mov ecx, 40h ; uFlags call cs:LocalAlloc test rax, rax mov rsi, rax jz loc_1000110DE mov rax, [rdi+0B0h] test rax, rax jz short loc_10001105D mov edx, [rax+8] jmp short loc_100011060 loc_10001105D: mov edx, [rdi+8] loc_100011060: mov r8, [rbp+0] lea rax, [rsp+288h+uBytes] mov r9, rsi xor ecx, ecx mov [rsp+288h+var_268], rax call WinStationGetProcessSid test al, al jz short loc_1000110D3 mov rcx, rsi ; pSid call cs:IsValidSid test eax, eax jz short loc_1000110D3 lea r8, [rsp+288h+var_258] lea rdx, [rsp+288h+var_238] mov rcx, rsi mov [rsp+288h+var_258], 104h call CachedGetUserFromSid mov edx, [rsp+288h+var_258] inc edx mov ecx, 40h ; uFlags add rdx, rdx ; uBytes call cs:LocalAlloc test rax, rax mov rcx, rax mov [rdi+10h], rax jz short loc_1000110D3 mov edx, [rsp+288h+var_258] lea r8, [rsp+288h+var_238] inc edx call sub_100008300 loc_1000110D3: ; hMem mov rcx, rsi call cs:LocalFree jmp short loc_1000110F3 loc_1000110DE: call cs:GetLastError test eax, eax mov ebx, eax jle short loc_1000110F3 movzx ebx, ax or ebx, 80070000h loc_1000110F3: mov eax, ebx loc_1000110F5: mov rsi, [rsp+288h+var_8] loc_1000110FD: mov rdi, [rsp+288h+var_10] mov rbp, [rsp+288h+arg_18] mov rbx, [rsp+288h+arg_10] mov rcx, [rsp+288h+var_28] call sub_1000258D0 add rsp, 288h retn sub_100010EA0 endp algn_10001112A: align 10h sub_100011130 proc near var_88= qword ptr -88h lParam= qword ptr -78h var_6C= dword ptr -6Ch var_68= dword ptr -68h var_60= qword ptr -60h var_50= qword ptr -50h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov [rsp+arg_0], rcx mov rax, rsp sub rsp, 0A8h mov [rax+10h], rbx mov [rax+18h], rbp mov [rax+20h], rsi mov rbx, rcx mov rcx, [rcx+8] ; hDlg mov [rax-8], rdi mov edx, 3F1h ; nIDDlgItem mov [rax-18h], r14 call cs:GetDlgItem xor r9d, r9d ; lParam xor r8d, r8d ; wParam lea edx, [r9+0Bh] ; Msg mov rcx, rax ; hWnd mov rbp, rax call cs:SendMessageW xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov edx, 1004h ; Msg mov rcx, rbp ; hWnd call cs:SendMessageW mov rcx, [rbx+18h] mov edx, 3F1h ; nIDDlgItem movsxd rdi, dword ptr [rcx+10h] mov rcx, [rbx+8] ; hDlg mov r14, rax call cs:GetDlgItem mov r9d, 2 ; lParam mov edx, 100Ch ; Msg lea r8, [r9-3] ; wParam mov rcx, rax ; hWnd mov rbx, rax call cs:SendMessageW cmp eax, 0FFFFFFFFh mov rsi, rax jz short loc_10001120F xor edx, edx ; int lea rcx, [rsp+0A8h+lParam+4] ; void * mov dword ptr [rsp+0A8h+lParam], 4 lea r8d, [rdx+44h] ; size_t call memset lea r9, [rsp+0A8h+lParam] ; lParam xor r8d, r8d ; wParam mov edx, 104Bh ; Msg mov rcx, rbx ; hWnd mov dword ptr [rsp+0A8h+lParam+4], esi call cs:SendMessageW xor ecx, ecx test eax, eax cmovnz rcx, [rsp+0A8h+var_50] mov [rsp+0A8h+var_88], rcx jmp short loc_100011218 loc_10001120F: mov [rsp+0A8h+var_88], 0 loc_100011218: mov [rsp+0A8h+var_10], r13 xor ebx, ebx xor esi, esi xor r13d, r13d test r14d, r14d loc_10001122A: mov [rsp+0A8h+var_20], r15 mov r15, rdi jle loc_100011399 db 66h nop db 66h, 66h nop loc_100011240: cmp rsi, r15 jge loc_10001136C cmp cs:dword_10002F478, 0 mov rax, [rsp+0A8h+arg_0] mov rax, [rax+18h] mov rcx, [rax+8] mov rdi, [rcx+rsi*8] jz short loc_10001127E cmp cs:dword_100030168, 0 jnz short loc_10001127E mov eax, [rdi+18h] cmp cs:dword_10002D6CC, eax jnz loc_10001133D loc_10001127E: ; int xor edx, edx lea rcx, [rsp+0A8h+lParam+4] ; void * lea r8d, [rdx+44h] ; size_t call memset lea r9, [rsp+0A8h+lParam] ; lParam xor r8d, r8d ; wParam mov edx, 104Bh ; Msg mov rcx, rbp ; hWnd mov dword ptr [rsp+0A8h+lParam], 0Dh mov dword ptr [rsp+0A8h+lParam+4], ebx call cs:SendMessageW test eax, eax jz loc_10001134E cmp [rsp+0A8h+var_50], rdi jz short loc_100011314 cmp rdi, [rsp+0A8h+var_88] mov rax, [rdi+0A8h] mov [rsp+0A8h+var_50], rdi mov [rsp+0A8h+var_60], rax jnz short loc_1000112DE or [rsp+0A8h+var_6C], 3 jmp short loc_1000112E3 loc_1000112DE: and [rsp+0A8h+var_6C], 0FFFFFFFCh loc_1000112E3: or [rsp+0A8h+var_68], 3 lea r9, [rsp+0A8h+lParam] ; lParam xor r8d, r8d ; wParam mov edx, 104Ch ; Msg mov rcx, rbp ; hWnd call cs:SendMessageW movsxd r8, ebx ; wParam mov edx, 1015h ; Msg mov r9, r8 ; lParam mov rcx, rbp ; hWnd call cs:SendMessageW jmp short loc_10001133B loc_100011314: cmp dword ptr [rdi+0C8h], 0 jz short loc_10001133B movsxd r8, ebx ; wParam mov edx, 1015h ; Msg mov rcx, rbp ; hWnd mov r9, r8 ; lParam call cs:SendMessageW mov dword ptr [rdi+0C8h], 0 loc_10001133B: inc ebx loc_10001133D: inc r13d inc rsi cmp ebx, r14d jl loc_100011240 jmp short loc_100011399 loc_10001134E: ; lParam xor r9d, r9d mov rcx, rbp ; hWnd lea edx, [r9+0Bh] ; Msg lea r8d, [r9+1] ; wParam call cs:SendMessageW mov eax, 80004005h jmp loc_10001145A loc_10001136C: cmp ebx, r14d jge short loc_100011399 sub r14d, ebx movsxd rsi, ebx mov edi, r14d db 66h, 66h nop db 66h, 66h nop loc_100011380: ; lParam xor r9d, r9d mov r8, rsi ; wParam mov edx, 1008h ; Msg mov rcx, rbp ; hWnd call cs:SendMessageW dec rdi jnz short loc_100011380 loc_100011399: movsxd rdi, r13d cmp rdi, r15 jge loc_100011444 loc_1000113A5: mov rax, [rsp+0A8h+arg_0] inc rdi cmp cs:dword_10002F478, 0 mov rax, [rax+18h] mov rcx, [rax+8] mov rsi, [rcx+rdi*8-8] jz short loc_1000113DA cmp cs:dword_100030168, 0 jnz short loc_1000113DA mov eax, [rsi+18h] cmp cs:dword_10002D6CC, eax jnz short loc_10001143B loc_1000113DA: ; int xor edx, edx lea rcx, [rsp+0A8h+lParam+4] ; void * lea r8d, [rdx+44h] ; size_t call memset test ebx, ebx mov dword ptr [rsp+0A8h+lParam], 5 mov dword ptr [rsp+0A8h+lParam+4], ebx mov rax, [rsi+0A8h] mov [rsp+0A8h+var_50], rsi mov [rsp+0A8h+var_60], rax jnz short loc_100011423 mov [rsp+0A8h+var_6C], 3 mov [rsp+0A8h+var_68], 3 mov dword ptr [rsp+0A8h+lParam], 0Dh loc_100011423: ; lParam lea r9, [rsp+0A8h+lParam] xor r8d, r8d ; wParam mov edx, 104Dh ; Msg mov rcx, rbp ; hWnd call cs:SendMessageW inc ebx loc_10001143B: cmp rdi, r15 jl loc_1000113A5 loc_100011444: ; lParam xor r9d, r9d mov rcx, rbp ; hWnd lea edx, [r9+0Bh] ; Msg lea r8d, [r9+1] ; wParam call cs:SendMessageW xor eax, eax loc_10001145A: mov r15, [rsp+0A8h+var_20] mov r14, [rsp+0A8h+var_18] mov r13, [rsp+0A8h+var_10] mov rdi, [rsp+0A8h+var_8] mov rsi, [rsp+0A8h+arg_18] mov rbp, [rsp+0A8h+arg_10] mov rbx, [rsp+0A8h+arg_8] add rsp, 0A8h retn sub_100011130 endp algn_10001149A: align 20h sub_1000114A0 proc near var_298= qword ptr -298h var_290= dword ptr -290h var_288= dword ptr -288h var_280= qword ptr -280h var_278= qword ptr -278h var_270= qword ptr -270h var_268= dword ptr -268h var_264= dword ptr -264h var_260= dword ptr -260h var_25C= dword ptr -25Ch var_258= dword ptr -258h var_254= dword ptr -254h var_250= dword ptr -250h var_24C= dword ptr -24Ch var_248= dword ptr -248h var_244= dword ptr -244h var_240= dword ptr -240h var_23C= dword ptr -23Ch var_238= byte ptr -238h var_230= dword ptr -230h var_22C= dword ptr -22Ch var_1F8= byte ptr -1F8h var_1D0= dword ptr -1D0h var_1B8= byte ptr -1B8h var_18C= dword ptr -18Ch var_188= dword ptr -188h var_184= dword ptr -184h var_180= dword ptr -180h var_148= dword ptr -148h var_144= dword ptr -144h String= word ptr -78h var_38= qword ptr -38h var_28= qword ptr -28h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov r11, rsp sub rsp, 2B8h mov rax, cs:qword_10002C178 mov [rsp+2B8h+var_38], rax mov [r11-10h], r12 xor edx, edx ; int mov [rsp+2B8h+var_280], rcx mov r12, rcx lea r8d, [rdx+30h] ; size_t lea rcx, [rsp+2B8h+var_268] ; void * mov [r11-18h], r13 call memset xor r13d, r13d lea rdx, [rsp+2B8h+var_238] lea r8d, [r13+40h] xor r9d, r9d xor ecx, ecx mov dword ptr [rsp+2B8h+var_278], r13d mov dword ptr [rsp+2B8h+var_278+4], r13d mov dword ptr [rsp+2B8h+var_270], r13d mov dword ptr [rsp+2B8h+var_270+4], r13d call cs:NtQuerySystemInformation test eax, eax js loc_1000115CF mov eax, [rsp+2B8h+var_230] lea rdx, [rsp+2B8h+var_1B8] lea ecx, [r13+2] shr eax, 0Ah xor r9d, r9d mov r8d, 138h imul eax, [rsp+2B8h+var_22C] mov [rsp+2B8h+var_25C], eax call cs:NtQuerySystemInformation test eax, eax js loc_1000115CF mov edx, cs:dword_10002F338 lea r8d, [r13+40h] xor r9d, r9d shr edx, 0Ah mov eax, edx mov ecx, edx imul eax, [rsp+2B8h+var_18C] imul ecx, [rsp+2B8h+var_184] mov [rsp+2B8h+var_258], eax mov eax, edx mov [rsp+2B8h+var_240], ecx imul eax, [rsp+2B8h+var_188] mov [rsp+2B8h+var_244], eax mov eax, edx imul eax, [rsp+2B8h+var_180] mov [rsp+2B8h+var_23C], eax mov eax, edx imul edx, [rsp+2B8h+var_144] imul eax, [rsp+2B8h+var_148] mov [rsp+2B8h+var_24C], edx mov [rsp+2B8h+var_250], eax add eax, edx lea rdx, [rsp+2B8h+var_1F8] mov [rsp+2B8h+var_248], eax mov eax, ecx lea ecx, [r13+15h] mov cs:qword_10002FEA8, rax call cs:NtQuerySystemInformation test eax, eax jns short loc_1000115D9 loc_1000115CF: mov eax, 80004005h jmp loc_100011A9F loc_1000115D9: mov eax, cs:dword_10002F338 mov rcx, r12 loc_1000115E2: mov [rsp+2B8h+arg_10], rbp shr eax, 0Ah imul eax, [rsp+2B8h+var_1D0] mov [rsp+2B8h+var_254], eax call sub_1000101F0 test eax, eax mov ebp, eax mov [rsp+2B8h+var_288], eax js loc_100011A84 mov r12d, [rsp+2B8h+var_260] loc_100011611: mov [rsp+2B8h+arg_8], rbx mov rbx, [rsp+2B8h+var_270] mov [rsp+2B8h+var_8], rdi mov rdi, [rsp+2B8h+var_278] mov [rsp+2B8h+var_20], r14 mov [rsp+2B8h+var_28], r15 mov r15d, [rsp+2B8h+var_264] mov r14d, r13d mov [rsp+2B8h+arg_18], rsi db 66h nop db 66h, 66h nop loc_100011650: mov rax, [rsp+2B8h+var_280] mov ebp, r14d add rbp, [rax+20h] mov r10, [rbp+50h] test r10, r10 jnz short loc_10001166F cmp [rbp+4], r13d jz loc_1000116EF loc_10001166F: mov rax, [rax+18h] mov ecx, r13d mov r8d, [rax+10h] test r8d, r8d jle short loc_1000116D2 mov rax, [rax+8] loc_100011683: mov rdx, [rax] cmp [rdx+8], r10d jz short loc_100011699 inc ecx add rax, 8 cmp ecx, r8d jl short loc_100011683 jmp short loc_1000116D2 loc_100011699: mov rcx, [rbp+30h] mov r8, [rbp+28h] mov r9, [rdx+20h] lea rax, [r8+rcx] cmp r9, rax jle short loc_1000116B7 mov dword ptr [rdx+8], 0FFFFFFFFh jmp short loc_1000116EF loc_1000116B7: test r10, r10 jnz short loc_1000116CF test rcx, rcx jnz short loc_1000116CF test r8, r8 jnz short loc_1000116CF mov dword ptr [rdx+8], 0FFFFFFFFh jmp short loc_1000116EF loc_1000116CF: add rbx, r9 loc_1000116D2: mov rax, [rbp+30h] add r15d, [rbp+4] add rax, [rbp+28h] add rdi, rax mov eax, [rsp+2B8h+var_268] add eax, [rbp+60h] inc r12d mov [rsp+2B8h+var_268], eax loc_1000116EF: add r14d, [rbp+0] cmp cs:dword_10002D6CC, 0FFFFFFFFh jnz short loc_100011712 mov esi, [rbp+50h] call cs:GetCurrentProcessId cmp esi, eax jnz short loc_100011712 mov eax, [rbp+64h] mov cs:dword_10002D6CC, eax loc_100011712: cmp [rbp+0], r13d jnz loc_100011650 sub rdi, rbx cmp cs:qword_10002F458, r13 mov [rsp+2B8h+var_260], r12d mov [rsp+2B8h+var_264], r15d mov cs:dword_10002FEB8, r12d jz short loc_1000117B0 mov r12, [rsp+2B8h+var_280] lea rbx, unk_10002D7B0 mov esi, 0Ch db 66h, 66h nop db 66h, 66h nop loc_100011750: mov rax, [rbx] lea r8, aU ; "%u" lea rcx, [rsp+2B8h+String] mov r9d, [rsp+rax+2B8h+var_268] mov edx, 20h mov [r12+rax+30h], r9d call sub_100008380 mov rcx, cs:qword_10002F458 mov rax, [rcx] call qword ptr [rax+28h] test rax, rax jz short loc_1000117A5 mov edx, [rbx+8] ; nIDDlgItem mov rcx, rax ; hDlg call cs:GetDlgItem lea rdx, [rsp+2B8h+String] ; lpString mov rcx, rax ; hWnd call cs:SetWindowTextW loc_1000117A5: add rbx, 10h dec rsi jnz short loc_100011750 jmp short loc_1000117B5 loc_1000117B0: mov r12, [rsp+2B8h+var_280] loc_1000117B5: mov r14d, r13d mov r15d, 80h db 66h nop loc_1000117C0: mov ebx, r14d add rbx, [r12+20h] mov rax, [rbx+50h] test rax, rax jnz short loc_1000117DB cmp [rbx+4], r13d jz loc_100011960 loc_1000117DB: test rax, rax jz loc_100011865 mov r8d, eax ; dwProcessId xor edx, edx ; bInheritHandle mov ecx, 400h ; dwDesiredAccess call cs:OpenProcess test rax, rax mov rbp, rax jz short loc_10001181B mov rcx, rax ; hProcess call cs:GetPriorityClass test eax, eax mov esi, eax jz short loc_10001180E mov [rbx+48h], eax loc_10001180E: ; hObject mov rcx, rbp call cs:CloseHandle test esi, esi jnz short loc_100011865 loc_10001181B: mov ecx, [rbx+48h] cmp ecx, 4 jg short loc_10001182C mov dword ptr [rbx+48h], 40h jmp short loc_100011865 loc_10001182C: cmp ecx, 6 jg short loc_10001183A mov dword ptr [rbx+48h], 4000h jmp short loc_100011865 loc_10001183A: cmp ecx, 8 jg short loc_100011848 mov dword ptr [rbx+48h], 20h jmp short loc_100011865 loc_100011848: cmp ecx, 0Ah jg short loc_100011856 mov dword ptr [rbx+48h], 8000h jmp short loc_100011865 loc_100011856: mov eax, 100h cmp ecx, 0Dh cmovle eax, r15d mov [rbx+48h], eax loc_100011865: mov rax, [r12+18h] mov r8d, [rbx+50h] mov ecx, r13d mov edx, [rax+10h] test edx, edx jle short loc_100011897 mov rax, [rax+8] db 66h, 66h, 66h nop loc_100011880: mov r10, [rax] cmp [r10+8], r8d jz loc_10001192E inc ecx add rax, 8 cmp ecx, edx jl short loc_100011880 loc_100011897: ; uBytes mov edx, 0D0h mov ecx, 40h ; uFlags call cs:LocalAlloc test rax, rax mov rsi, rax jz loc_100011A0A xor edx, edx ; int mov r8d, 0D0h ; size_t mov rcx, rax ; void * call memset mov r9, cs:qword_100030180 mov r8, rbx mov rdx, rdi mov rcx, rsi mov [rsp+2B8h+var_290], r13d mov dword ptr [rsi+18h], 340h mov [rsp+2B8h+var_298], r12 call sub_100010900 test eax, eax mov ebp, eax mov [rsp+2B8h+var_288], eax js loc_100011A1A mov rbp, [r12+18h] mov r8d, 0FFFFFFFFh movsxd r12, dword ptr [rbp+10h] mov rcx, rbp lea edx, [r12+1] call sub_100014710 test eax, eax jz loc_100011A11 mov rax, [rbp+8] mov ebp, [rsp+2B8h+var_288] mov [rax+r12*8], rsi mov r12, [rsp+2B8h+var_280] jmp short loc_100011964 loc_10001192E: mov r9, cs:qword_100030180 mov r8, rbx mov rdx, rdi mov rcx, r10 mov [rsp+2B8h+var_290], 1 mov [rsp+2B8h+var_298], r12 call sub_100010900 test eax, eax mov ebp, eax mov [rsp+2B8h+var_288], eax js loc_100011A5C jmp short loc_100011964 loc_100011960: mov ebp, [rsp+2B8h+var_288] loc_100011964: mov eax, [rbx] add r14d, eax test eax, eax jnz loc_1000117C0 mov rax, [r12+18h] cmp [rax+10h], r13d jle loc_100011A5C mov rdi, r13 nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_100011990: mov rax, [rax+8] mov rbx, [rdi+rax] mov rax, cs:qword_100030180 cmp [rbx], rax jz loc_100011A46 mov rcx, [rbx+0A8h] ; hMem test rcx, rcx jz short loc_1000119BA call cs:LocalFree loc_1000119BA: ; hMem mov rcx, [rbx+10h] test rcx, rcx jz short loc_1000119C9 call cs:LocalFree loc_1000119C9: ; hMem mov rcx, rbx call cs:LocalFree mov rbx, [r12+18h] mov eax, [rbx+10h] sub eax, r13d dec eax test eax, eax jle short loc_100011A05 mov r9, [rbx+8] movsxd r8, eax lea eax, [r13+1] movsxd rcx, eax movsxd rax, r13d shl r8, 3 ; size_t lea rdx, [r9+rcx*8] ; void * lea rcx, [r9+rax*8] ; void * call memmove loc_100011A05: dec dword ptr [rbx+10h] jmp short loc_100011A4D loc_100011A0A: mov ebp, 8007000Eh jmp short loc_100011A5C loc_100011A11: mov r12, [rsp+2B8h+var_280] mov ebp, [rsp+2B8h+var_288] loc_100011A1A: ; hMem mov rcx, [rsi+0A8h] test rcx, rcx jz short loc_100011A2C call cs:LocalFree loc_100011A2C: ; hMem mov rcx, [rsi+10h] test rcx, rcx jz short loc_100011A3B call cs:LocalFree loc_100011A3B: ; hMem mov rcx, rsi call cs:LocalFree jmp short loc_100011A5C loc_100011A46: inc r13d add rdi, 8 loc_100011A4D: mov rax, [r12+18h] cmp r13d, [rax+10h] jl loc_100011990 loc_100011A5C: mov rsi, [rsp+2B8h+arg_18] mov rdi, [rsp+2B8h+var_8] mov r14, [rsp+2B8h+var_20] mov rbx, [rsp+2B8h+arg_8] mov r15, [rsp+2B8h+var_28] loc_100011A84: lea rcx, [r12+18h] call sub_100010810 inc cs:qword_100030180 mov eax, ebp mov rbp, [rsp+2B8h+arg_10] loc_100011A9F: mov r13, [rsp+2B8h+var_18] mov r12, [rsp+2B8h+var_10] mov rcx, [rsp+2B8h+var_38] call sub_1000258D0 add rsp, 2B8h retn sub_1000114A0 endp algn_100011AC4: align 10h sub_100011AD0 proc near var_78= dword ptr -78h var_70= dword ptr -70h var_68= dword ptr -68h var_60= dword ptr -60h Rect= tagRECT ptr -58h Points= tagPOINT ptr -48h var_38= dword ptr -38h var_34= dword ptr -34h var_20= dword ptr -20h var_1C= dword ptr -1Ch var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 98h mov [rax+18h], rsi mov [rax+20h], rdi mov rdi, rcx mov rcx, [rcx+8] ; hWnd lea rdx, [rax-28h] ; lpRect call cs:GetClientRect mov ecx, 3 ; nNumWindows call cs:BeginDeferWindowPos test rax, rax mov rsi, rax jz loc_100011CE8 mov rcx, [rdi+8] ; hDlg loc_100011B0E: mov [rsp+98h+arg_0], rbx mov [rsp+98h+arg_8], rbp mov edx, 3F2h ; nIDDlgItem mov [rsp+98h+var_8], r12 mov [rsp+98h+var_10], r13 call cs:GetDlgItem lea rdx, [rsp+98h+Rect] ; lpRect mov rcx, rax ; hWnd mov rbx, rax call cs:GetWindowRect mov rdx, [rdi+8] ; hWndTo lea r8, [rsp+98h+Rect] ; lpPoints mov r9d, 2 ; cPoints xor ecx, ecx ; hWndFrom call cs:MapWindowPoints mov ecx, [rsp+98h+Rect.top] mov r11d, cs:dword_10002F400 mov ebp, [rsp+98h+var_1C] mov r12d, [rsp+98h+var_20] mov r9d, [rsp+98h+Rect.left] add r11d, r11d mov [rsp+98h+var_60], 15h xor r13d, r13d sub ebp, r11d sub r12d, r11d mov [rsp+98h+var_68], r13d sub ebp, [rsp+98h+Rect.bottom] sub r12d, [rsp+98h+Rect.right] mov [rsp+98h+var_70], r13d add ecx, ebp add r9d, r12d ; x xor r8d, r8d ; hWndInsertAfter mov [rsp+98h+var_78], ecx mov rcx, rsi ; hWinPosInfo mov rdx, rbx ; hWnd call cs:DeferWindowPos mov rcx, [rdi+8] ; hDlg mov edx, 3F0h ; nIDDlgItem call cs:GetDlgItem mov rcx, rax ; hWnd mov rbx, rax call cs:IsWindow test eax, eax jz short loc_100011C41 cmp cs:dword_10002F478, r13d jz short loc_100011C36 lea rdx, [rsp+98h+Points] ; lpRect mov rcx, rbx ; hWnd call cs:GetWindowRect mov rdx, [rdi+8] ; hWndTo lea r9d, [r13+2] ; cPoints lea r8, [rsp+98h+Points] ; lpPoints xor ecx, ecx ; hWndFrom call cs:MapWindowPoints mov eax, [rsp+98h+Points.y] mov r9d, [rsp+98h+Points.x] ; x mov [rsp+98h+var_60], 15h add eax, ebp mov [rsp+98h+var_68], r13d xor r8d, r8d ; hWndInsertAfter mov rdx, rbx ; hWnd mov rcx, rsi ; hWinPosInfo mov [rsp+98h+var_70], r13d mov [rsp+98h+var_78], eax call cs:DeferWindowPos jmp short loc_100011C41 loc_100011C36: ; nCmdShow xor edx, edx mov rcx, rbx ; hWnd call cs:ShowWindow loc_100011C41: ; hDlg mov rcx, [rdi+8] mov edx, 3F1h ; nIDDlgItem call cs:GetDlgItem lea rdx, [rsp+98h+var_38] ; lpRect mov rcx, rax ; hWnd mov rbx, rax call cs:GetWindowRect mov rdx, [rdi+8] ; hWndTo lea r8, [rsp+98h+var_38] ; lpPoints mov r9d, 2 ; cPoints xor ecx, ecx ; hWndFrom call cs:MapWindowPoints mov r11d, [rsp+98h+Rect.top] mov eax, [rsp+98h+Rect.right] sub r11d, cs:dword_10002F400 sub eax, [rsp+98h+var_38] mov [rsp+98h+var_60], 16h sub r11d, [rsp+98h+var_34] add eax, r12d xor r9d, r9d ; x add r11d, ebp xor r8d, r8d ; hWndInsertAfter mov rdx, rbx ; hWnd mov [rsp+98h+var_68], r11d mov [rsp+98h+var_70], eax mov rcx, rsi ; hWinPosInfo mov [rsp+98h+var_78], r13d call cs:DeferWindowPos mov rcx, rsi ; hWinPosInfo call cs:EndDeferWindowPos mov r13, [rsp+98h+var_10] mov r12, [rsp+98h+var_8] mov rbp, [rsp+98h+arg_8] mov rbx, [rsp+98h+arg_0] loc_100011CE8: mov rdi, [rsp+98h+arg_18] mov rsi, [rsp+98h+arg_10] add rsp, 98h retn sub_100011AD0 endp byte_100011D00 db 10h dup(0CCh) sub_100011D10 proc near var_38= qword ptr -38h var_30= dword ptr -30h var_28= qword ptr -28h var_20= dword ptr -20h var_18= byte ptr -18h var_14= word ptr -14h var_12= word ptr -12h var_10= word ptr -10h var_E= word ptr -0Eh arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 58h mov eax, [rdx+10h] mov [rsp+58h+arg_10], rbx mov [rsp+58h+arg_18], rdi cmp eax, 0FFFFFF4Fh mov rbx, rdx mov rdi, rcx jz loc_100011DFB cmp eax, 0FFFFFF94h jz short loc_100011DA2 cmp eax, 0FFFFFF9Bh jnz loc_100012251 ; default test byte ptr [rdx+28h], 8 jz loc_100012251 ; default mov rcx, [rcx+8] ; hDlg mov edx, 3F1h ; nIDDlgItem call cs:GetDlgItem xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov rcx, rax ; hWnd mov edx, 1032h ; Msg call cs:SendMessageW mov rcx, [rdi+8] ; hDlg xor ebx, ebx test eax, eax mov edx, 3F2h ; nIDDlgItem setnz bl call cs:GetDlgItem mov edx, ebx ; bEnable mov rcx, rax ; hWnd call cs:EnableWindow mov eax, 1 mov rdi, [rsp+58h+arg_18] mov rbx, [rsp+58h+arg_10] add rsp, 58h retn loc_100011DA2: movsxd rax, dword ptr [rdx+1Ch] lea rdx, __ImageBase mov ecx, [rdx+rax*4+30024h] cmp cs:dword_10002D6D0, ecx jnz short loc_100011DC4 neg cs:dword_10002D6D4 jmp short loc_100011DD4 loc_100011DC4: mov cs:dword_10002D6D0, ecx mov cs:dword_10002D6D4, 0FFFFFFFFh loc_100011DD4: lea rcx, [rdi+18h] call sub_100010810 mov r11, [rdi] mov rcx, rdi call qword ptr [r11+30h] mov eax, 1 mov rdi, [rsp+58h+arg_18] mov rbx, [rsp+58h+arg_10] add rsp, 58h retn loc_100011DFB: test byte ptr [rdx+18h], 1 jz loc_100012251 ; default movsxd rax, dword ptr [rdx+20h] mov r10, [rbx+40h] lea rdx, __ImageBase cmp qword ptr [r10+0B0h], 0 movsxd rcx, dword ptr [rdx+rax*4+30024h] jz short loc_100011E65 test ecx, ecx jz short loc_100011E65 cmp ecx, 0Eh jz short loc_100011E65 cmp ecx, 10h jz short loc_100011E65 cmp ecx, 5 jz short loc_100011E65 cmp ecx, 2 jz short loc_100011E65 cmp ecx, 3 jz short loc_100011E65 cmp ecx, 4 jz short loc_100011E65 mov rax, [rbx+30h] mov word ptr [rax], 0 mov eax, 1 mov rdi, [rsp+58h+arg_18] mov rbx, [rsp+58h+arg_10] add rsp, 58h retn loc_100011E65: ; switch 25 cases cmp ecx, 18h ja loc_100012251 ; default mov ecx, ds:(off_100012268 - 100000000h)[rdx+rcx*4] add rcx, rdx jmp rcx ; switch jump loc_100011E7A: ; jumptable 100011E78 case 1 movsxd rdx, dword ptr [rbx+38h] mov r9d, [r10+8] loc_100011E82: ; "%d" lea r8, aD_0 loc_100011E89: mov rcx, [rbx+30h] call sub_100008380 mov eax, 1 mov rdi, [rsp+58h+arg_18] mov rbx, [rsp+58h+arg_10] add rsp, 58h retn loc_100011EA6: ; jumptable 100011E78 case 2 mov r8, [r10+10h] test r8, r8 jz loc_100012251 ; default movsxd rdx, dword ptr [rbx+38h] mov rcx, [rbx+30h] call sub_100008300 mov eax, 1 mov rdi, [rsp+58h+arg_18] mov rbx, [rsp+58h+arg_10] add rsp, 58h retn loc_100011ED4: ; jumptable 100011E78 case 3 movsxd rdx, dword ptr [rbx+38h] mov r9d, [r10+18h] jmp short loc_100011E82 loc_100011EDE: ; jumptable 100011E78 case 4 movzx r9d, byte ptr [r10+1Dh] movsxd rdx, dword ptr [rbx+38h] lea r8, a02d ; "%02d %" jmp short loc_100011E89 loc_100011EF0: ; jumptable 100011E78 case 0 movsxd rdx, dword ptr [rbx+38h] mov r8, [r10+0A8h] mov rcx, [rbx+30h] call sub_100008300 mov eax, 1 mov rdi, [rsp+58h+arg_18] mov rbx, [rsp+58h+arg_10] add rsp, 58h retn loc_100011F18: ; jumptable 100011E78 case 5 lea rcx, [r10+28h] lea rdx, [rsp+58h+var_18] call cs:RtlTimeToElapsedTimeFields movzx ecx, [rsp+58h+var_12] movzx r11d, [rsp+58h+var_14] movsx r8d, [rsp+58h+var_10] movsxd rdx, dword ptr [rbx+38h] movzx eax, r11w add ax, ax add r11w, ax movsx eax, [rsp+58h+var_E] mov [rsp+58h+var_20], eax lea rax, LCData shl r11w, 3 add cx, r11w mov [rsp+58h+var_28], rax mov [rsp+58h+var_30], r8d mov [rsp+58h+var_12], cx movsx r9d, cx mov rcx, [rbx+30h] lea r8, a2dS02dS02d ; "%2d%s%02d%s%02d" mov [rsp+58h+var_38], rax call sub_100008380 mov eax, 1 mov rdi, [rsp+58h+arg_18] mov rbx, [rsp+58h+arg_10] add rsp, 58h retn loc_100011F9C: ; jumptable 100011E78 case 6 mov r9d, [rbx+38h] mov r8, [rbx+30h] mov rdx, [r10+30h] mov rcx, rdi call sub_1000103C0 mov eax, 1 mov rdi, [rsp+58h+arg_18] mov rbx, [rsp+58h+arg_10] add rsp, 58h retn loc_100011FC4: ; jumptable 100011E78 case 8 mov r9d, [rbx+38h] mov r8, [rbx+30h] mov rdx, [r10+38h] mov rcx, rdi call sub_1000103C0 mov eax, 1 mov rdi, [rsp+58h+arg_18] mov rbx, [rsp+58h+arg_10] add rsp, 58h retn loc_100011FEC: ; jumptable 100011E78 case 7 mov r9d, [rbx+38h] mov r8, [rbx+30h] mov rdx, [r10+0C0h] mov rcx, rdi call sub_1000103C0 mov eax, 1 mov rdi, [rsp+58h+arg_18] mov rbx, [rsp+58h+arg_10] add rsp, 58h retn loc_100012017: ; jumptable 100011E78 case 9 mov edx, [r10+40h] jmp loc_100012241 loc_100012020: ; jumptable 100011E78 case 10 movsxd rdx, dword ptr [r10+44h] jmp loc_100012241 loc_100012029: ; jumptable 100011E78 case 11 mov r9d, [rbx+38h] mov r8, [rbx+30h] mov rdx, [r10+48h] mov rcx, rdi call sub_1000103C0 mov eax, 1 mov rdi, [rsp+58h+arg_18] mov rbx, [rsp+58h+arg_10] add rsp, 58h retn loc_100012051: ; jumptable 100011E78 case 12 mov r9d, [rbx+38h] mov r8, [rbx+30h] mov rdx, [r10+50h] mov rcx, rdi call sub_1000103C0 mov eax, 1 mov rdi, [rsp+58h+arg_18] mov rbx, [rsp+58h+arg_10] add rsp, 58h retn loc_100012079: ; jumptable 100011E78 case 13 mov r9d, [rbx+38h] mov r8, [rbx+30h] mov rdx, [r10+58h] mov rcx, rdi call sub_1000103C0 mov eax, 1 mov rdi, [rsp+58h+arg_18] mov rbx, [rsp+58h+arg_10] add rsp, 58h retn loc_1000120A1: ; jumptable 100011E78 case 14 mov ecx, [r10+60h] cmp ecx, 100h jg loc_100012170 cmp ecx, 100h jz loc_100012148 sub ecx, 20h jz short loc_100012120 sub ecx, 20h jz short loc_1000120F8 cmp ecx, 40h jnz loc_100012180 movsxd rdx, dword ptr [rbx+38h] mov rcx, [rbx+30h] lea r8, unk_10002F200 call sub_100008300 mov eax, 1 mov rdi, [rsp+58h+arg_18] mov rbx, [rsp+58h+arg_10] add rsp, 58h retn loc_1000120F8: movsxd rdx, dword ptr [rbx+38h] mov rcx, [rbx+30h] lea r8, unk_10002F1C0 call sub_100008300 mov eax, 1 mov rdi, [rsp+58h+arg_18] mov rbx, [rsp+58h+arg_10] add rsp, 58h retn loc_100012120: movsxd rdx, dword ptr [rbx+38h] mov rcx, [rbx+30h] lea r8, unk_10002F240 call sub_100008300 mov eax, 1 mov rdi, [rsp+58h+arg_18] mov rbx, [rsp+58h+arg_10] add rsp, 58h retn loc_100012148: movsxd rdx, dword ptr [rbx+38h] mov rcx, [rbx+30h] lea r8, unk_10002F280 call sub_100008300 mov eax, 1 mov rdi, [rsp+58h+arg_18] mov rbx, [rsp+58h+arg_10] add rsp, 58h retn loc_100012170: cmp ecx, 4000h jz short loc_1000121D0 cmp ecx, 8000h jz short loc_1000121A8 loc_100012180: movsxd rdx, dword ptr [rbx+38h] mov rcx, [rbx+30h] lea r8, unk_10002F180 call sub_100008300 mov eax, 1 mov rdi, [rsp+58h+arg_18] mov rbx, [rsp+58h+arg_10] add rsp, 58h retn loc_1000121A8: movsxd rdx, dword ptr [rbx+38h] mov rcx, [rbx+30h] lea r8, unk_10002F140 call sub_100008300 mov eax, 1 mov rdi, [rsp+58h+arg_18] mov rbx, [rsp+58h+arg_10] add rsp, 58h retn loc_1000121D0: movsxd rdx, dword ptr [rbx+38h] mov rcx, [rbx+30h] lea r8, unk_10002F100 call sub_100008300 mov eax, 1 mov rdi, [rsp+58h+arg_18] mov rbx, [rsp+58h+arg_10] add rsp, 58h retn loc_1000121F8: ; jumptable 100011E78 case 15 mov edx, [r10+64h] jmp short loc_100012241 loc_1000121FE: ; jumptable 100011E78 case 16 mov edx, [r10+68h] jmp short loc_100012241 loc_100012204: ; jumptable 100011E78 case 17 mov edx, [r10+70h] jmp short loc_100012241 loc_10001220A: ; jumptable 100011E78 case 18 mov edx, [r10+6Ch] jmp short loc_100012241 loc_100012210: ; jumptable 100011E78 case 19 mov rdx, [r10+78h] jmp short loc_100012241 loc_100012216: ; jumptable 100011E78 case 20 mov rdx, [r10+80h] jmp short loc_100012241 loc_10001221F: ; jumptable 100011E78 case 21 mov rdx, [r10+88h] jmp short loc_100012241 loc_100012228: ; jumptable 100011E78 case 22 mov rdx, [r10+90h] jmp short loc_100012241 loc_100012231: ; jumptable 100011E78 case 23 mov rdx, [r10+98h] jmp short loc_100012241 loc_10001223A: ; jumptable 100011E78 case 24 mov rdx, [r10+0A0h] loc_100012241: mov r8, [rbx+30h] mov r9d, [rbx+38h] mov rcx, rdi call sub_1000102F0 loc_100012251: ; default mov rdi, [rsp+58h+arg_18] mov rbx, [rsp+58h+arg_10] mov eax, 1 add rsp, 58h retn sub_100011D10 endp align 8 off_100012268 dd offset loc_100011EF0 - offset __ImageBase ; jump table for switch statement dd offset loc_100011E7A - offset __ImageBase dd offset loc_100011EA6 - offset __ImageBase dd offset loc_100011ED4 - offset __ImageBase dd offset loc_100011EDE - offset __ImageBase dd offset loc_100011F18 - offset __ImageBase dd offset loc_100011F9C - offset __ImageBase dd offset loc_100011FEC - offset __ImageBase dd offset loc_100011FC4 - offset __ImageBase dd offset loc_100012017 - offset __ImageBase dd offset loc_100012020 - offset __ImageBase dd offset loc_100012029 - offset __ImageBase dd offset loc_100012051 - offset __ImageBase dd offset loc_100012079 - offset __ImageBase dd offset loc_1000120A1 - offset __ImageBase dd offset loc_1000121F8 - offset __ImageBase dd offset loc_1000121FE - offset __ImageBase dd offset loc_100012204 - offset __ImageBase dd offset loc_10001220A - offset __ImageBase dd offset loc_100012210 - offset __ImageBase dd offset loc_100012216 - offset __ImageBase dd offset loc_10001221F - offset __ImageBase dd offset loc_100012228 - offset __ImageBase dd offset loc_100012231 - offset __ImageBase dd offset loc_10001223A - offset __ImageBase algn_1000122CC: align 20h sub_1000122E0 proc near push rbx sub rsp, 20h cmp dword ptr [rcx+60h], 0 mov rbx, rcx jnz short loc_1000122FC call sub_1000114A0 mov rcx, rbx call sub_100011130 loc_1000122FC: add rsp, 20h pop rbx retn sub_1000122E0 endp algn_100012302: align 10h sub_100012310 proc near var_88= qword ptr -88h var_80= qword ptr -80h Points= qword ptr -78h var_70= dword ptr -70h var_6C= dword ptr -6Ch lParam= qword ptr -68h var_40= qword ptr -40h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 0A8h mov [rax+8], rbx mov [rax+10h], rbp mov [rax-8], r12 mov rbp, rcx mov rcx, [rcx+8] ; hDlg mov [rax-10h], r13 mov r13d, edx mov edx, 3F1h ; nIDDlgItem mov r12d, r8d call cs:GetDlgItem mov r9d, 2 ; lParam mov edx, 100Ch ; Msg lea r8, [r9-3] ; wParam mov rcx, rax ; hWnd mov rbx, rax call cs:SendMessageW cmp eax, 0FFFFFFFFh jz loc_100012636 cmp r13w, 0FFFFh jnz short loc_1000123B2 cmp r12w, r13w jnz short loc_1000123B2 lea r9, [rsp+0A8h+Points] ; lParam movsxd r8, eax ; wParam mov edx, 100Eh ; Msg mov rcx, rbx ; hWnd mov dword ptr [rsp+0A8h+Points], 1 call cs:SendMessageW lea r8, [rsp+0A8h+Points] ; lpPoints mov r9d, 2 ; cPoints xor edx, edx ; hWndTo mov rcx, rbx ; hWndFrom call cs:MapWindowPoints mov r13d, [rsp+0A8h+var_70] mov r12d, [rsp+0A8h+var_6C] loc_1000123B2: ; hInstance mov rcx, cs:hInstance mov edx, 6Fh ; lpMenuName call cs:LoadMenuW test rax, rax mov rbx, rax jz loc_100012636 xor edx, edx ; nPos mov rcx, rax ; hMenu loc_1000123D5: mov [rsp+0A8h+arg_18], rdi call cs:GetSubMenu test rax, rax mov rdi, rax jz short loc_1000123FC xor edx, edx ; uPosition mov r8d, 400h ; uFlags mov rcx, rbx ; hMenu call cs:RemoveMenu loc_1000123FC: ; hMenu mov rcx, rbx call cs:DestroyMenu test rdi, rdi jz loc_10001262E mov ecx, 1 ; rest call cs:SHRestricted test eax, eax jz short loc_10001242E xor r8d, r8d ; uFlags mov edx, 9C41h ; uPosition mov rcx, rdi ; hMenu call cs:DeleteMenu loc_10001242E: ; hDlg mov rcx, [rbp+8] mov edx, 3F1h ; nIDDlgItem loc_100012437: mov [rsp+0A8h+arg_10], rsi call cs:GetDlgItem mov r9d, 2 ; lParam mov edx, 100Ch ; Msg lea r8, [r9-3] ; wParam mov rcx, rax ; hWnd mov rbx, rax call cs:SendMessageW cmp eax, 0FFFFFFFFh mov rsi, rax jz loc_100012626 xor edx, edx ; int lea rcx, [rsp+0A8h+lParam+4] ; void * mov dword ptr [rsp+0A8h+lParam], 4 lea r8d, [rdx+44h] ; size_t call memset lea r9, [rsp+0A8h+lParam] ; lParam xor r8d, r8d ; wParam mov edx, 104Bh ; Msg mov rcx, rbx ; hWnd mov dword ptr [rsp+0A8h+lParam+4], esi call cs:SendMessageW test eax, eax jz loc_100012626 mov rsi, [rsp+0A8h+var_40] test rsi, rsi jz loc_100012626 cmp qword ptr [rbp+68h], 0 jz short loc_1000124C5 cmp qword ptr [rsi+0B0h], 0 jz short loc_1000124D9 loc_1000124C5: ; uIDEnableItem mov edx, 9C5Bh mov r8d, 3 ; uEnable mov rcx, rdi ; hMenu call cs:EnableMenuItem loc_1000124D9: cmp qword ptr [rsi+0B0h], 0 mov ebx, 9C61h loc_1000124E6: mov [rsp+0A8h+var_18], r14 lea r14d, [rbx-2] jz short loc_10001255F lea edx, [rbx-4] ; uIDEnableItem mov r8d, 3 ; uEnable mov rcx, rdi ; hMenu call cs:EnableMenuItem lea edx, [rbx-3] ; uIDEnableItem mov r8d, 3 ; uEnable mov rcx, rdi ; hMenu call cs:EnableMenuItem lea edx, [rbx-1] ; uIDEnableItem mov r8d, 3 ; uEnable mov rcx, rdi ; hMenu call cs:EnableMenuItem mov r8d, 3 ; uEnable mov edx, ebx ; uIDEnableItem mov rcx, rdi ; hMenu call cs:EnableMenuItem mov r8d, 3 ; uEnable mov edx, r14d ; uIDEnableItem mov rcx, rdi ; hMenu call cs:EnableMenuItem lea edx, [rbx+1] ; uIDEnableItem mov r8d, 3 ; uEnable mov rcx, rdi ; hMenu call cs:EnableMenuItem loc_10001255F: cmp cs:byte_10002F3D0, 1 jz short loc_100012572 cmp qword ptr [rsi+0B0h], 0 jz short loc_100012583 loc_100012572: ; uFlags xor r8d, r8d mov edx, 9C77h ; uPosition mov rcx, rdi ; hMenu call cs:DeleteMenu loc_100012583: mov eax, [rsi+60h] cmp eax, 40h jnz short loc_100012592 mov ebx, 9C62h jmp short loc_1000125C1 loc_100012592: cmp eax, 4000h jz short loc_1000125C1 cmp eax, 20h jnz short loc_1000125A5 mov ebx, 9C60h jmp short loc_1000125C1 loc_1000125A5: cmp eax, 8000h jnz short loc_1000125B3 mov ebx, 9C5Eh jmp short loc_1000125C1 loc_1000125B3: mov ebx, 9C5Dh cmp eax, 80h cmovz ebx, r14d loc_1000125C1: ; UINT mov edx, 9C5Dh xor esi, esi mov r9d, ebx ; UINT lea r8d, [rdx+5] ; UINT mov rcx, rdi ; HMENU mov dword ptr [rsp+0A8h+var_88], esi call cs:CheckMenuRadioItem mov rax, [rbp+8] mov r9d, r12d ; int mov r8d, r13d ; int xor edx, edx ; UINT mov rcx, rdi ; HMENU mov [rsp+0A8h+var_80], rsi mov dword ptr [rbp+60h], 1 mov cs:dword_10002F3E4, 1 mov [rsp+0A8h+var_88], rax call cs:TrackPopupMenuEx mov rcx, rdi ; hMenu mov cs:dword_10002F3E4, esi mov [rbp+60h], esi call cs:DestroyMenu mov r14, [rsp+0A8h+var_18] loc_100012626: mov rsi, [rsp+0A8h+arg_10] loc_10001262E: mov rdi, [rsp+0A8h+arg_18] loc_100012636: mov r13, [rsp+0A8h+var_10] mov r12, [rsp+0A8h+var_8] mov rbp, [rsp+0A8h+arg_8] mov rbx, [rsp+0A8h+arg_0] add rsp, 0A8h retn sub_100012310 endp byte_10001265E db 12h dup(0CCh) ; INT_PTR __stdcall sub_100012670(HWND, UINT, WPARAM, LPARAM) sub_100012670 proc near var_5E8= dword ptr -5E8h var_5E0= dword ptr -5E0h var_5D8= dword ptr -5D8h var_5D0= dword ptr -5D0h var_5C8= qword ptr -5C8h var_5C0= qword ptr -5C0h var_5B8= qword ptr -5B8h var_5B0= qword ptr -5B0h Rect= tagRECT ptr -5A8h Points= tagPOINT ptr -598h var_590= dword ptr -590h var_58C= dword ptr -58Ch hWnd= qword ptr -588h var_580= tagSIZE ptr -580h WindowName= word ptr -578h String= word ptr -4F8h Caption= word ptr -478h Text= word ptr -268h var_58= qword ptr -58h var_40= qword ptr -40h var_38= qword ptr -38h var_30= qword ptr -30h var_28= qword ptr -28h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 mov r11, rsp sub rsp, 608h mov rax, cs:qword_10002C178 mov [rsp+608h+var_58], rax sub edx, 110h mov [r11-18h], rsi mov [r11-20h], rdi mov rsi, rcx jz loc_1000127A1 dec edx jnz loc_100012C34 movzx ecx, r8w dec ecx jz short loc_1000126C9 dec ecx jnz loc_100012C34 lea edx, [rcx+2] ; nResult mov rcx, rsi ; hDlg call cs:EndDialog jmp loc_100012C34 loc_1000126C9: mov rdx, cs:qword_100030178 xor edi, edi cmp cs:byte_10002F3D0, dil mov [rdx], rdi jbe short loc_100012714 db 66h nop loc_1000126E0: ; nIDButton lea edx, [rdi+7D0h] mov rcx, rsi ; hDlg call cs:IsDlgButtonChecked mov rdx, cs:qword_100030178 test eax, eax jz short loc_100012707 mov ecx, edi mov eax, 1 shl rax, cl or [rdx], rax loc_100012707: movzx eax, cs:byte_10002F3D0 inc edi cmp edi, eax jl short loc_1000126E0 loc_100012714: cmp qword ptr [rdx], 0 jnz short loc_10001278E mov rcx, cs:hInstance ; hInstance lea r8, [rsp+608h+Caption] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, 9C7Ah ; uID call cs:LoadStringW test eax, eax jz loc_100012C34 mov rcx, cs:hInstance ; hInstance lea r8, [rsp+608h+Text] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, 9C79h ; uID call cs:LoadStringW test eax, eax jz loc_100012C34 lea r8, [rsp+608h+Caption] ; lpCaption lea rdx, [rsp+608h+Text] ; lpText mov r9d, 10h ; uType mov rcx, rsi ; hWnd call cs:MessageBoxW jmp loc_100012C34 loc_10001278E: ; nResult mov edx, 1 mov rcx, rsi ; hDlg call cs:EndDialog jmp loc_100012C34 loc_1000127A1: mov [rsp+608h+var_8], rbx mov edx, 7D0h ; nIDDlgItem mov [rsp+608h+var_10], rbp mov [rsp+608h+var_40], r15 mov cs:qword_100030178, r9 call cs:GetDlgItem lea rdx, [rsp+608h+Rect] ; lpRect mov rcx, rax ; hWnd mov rbx, rax mov [rsp+608h+hWnd], rax call cs:GetWindowRect lea r8, [rsp+608h+Rect] ; lpPoints mov r9d, 2 ; cPoints mov rdx, rsi ; hWndTo xor ecx, ecx ; hWndFrom call cs:MapWindowPoints lea rdx, [rsp+608h+String] ; lpString mov r8d, 40h ; nMaxCount mov rcx, rbx ; hWnd call cs:GetWindowTextW xor r9d, r9d ; lParam xor r8d, r8d ; wParam lea edx, [r9+31h] ; Msg mov rcx, rbx ; hWnd call cs:SendMessageW xor r9d, r9d lea r8, [rsp+608h+String] lea edx, [r9+40h] lea rcx, [rsp+608h+WindowName] mov r15, rax call sub_100008380 lea rdx, [rsp+608h+WindowName] ; lpString mov rcx, rbx ; hWnd call cs:SetWindowTextW mov r11, cs:qword_100030178 mov edx, 7D0h ; nIDButton mov r8d, [r11] mov rcx, rsi ; hDlg and r8d, 1 ; uCheck call cs:CheckDlgButton mov rcx, rbx ; hWnd call cs:GetDC xor edi, edi test rax, rax mov rbp, rax jz loc_10001292C lea r8, [rsp+608h+String] lea edx, [rdi+40h] lea rcx, [rsp+608h+WindowName] mov r9d, 0FFh call sub_100008380 lea r11, [rsp+608h+WindowName] lea ecx, [rdi+40h] loc_1000128B0: cmp [r11], di jz loc_100012979 add r11, 2 dec rcx jnz short loc_1000128B0 loc_1000128C3: mov rax, rdi loc_1000128C6: ; LPSIZE lea r9, [rsp+608h+var_580] lea rdx, [rsp+608h+WindowName] ; LPCWSTR mov r8d, eax ; int mov rcx, rbp ; HDC call cs:GetTextExtentPoint32W mov r8d, [rsp+608h+Rect.left] ; X mov ecx, [rsp+608h+var_580._cx] mov eax, [rsp+608h+Rect.bottom] mov r9d, [rsp+608h+Rect.top] ; Y add ecx, r8d mov [rsp+608h+Rect.right], ecx sub ecx, r8d sub eax, r9d mov [rsp+608h+var_5D8], 64Eh mov [rsp+608h+var_5E0], eax mov [rsp+608h+var_5E8], ecx mov rcx, rbx ; hWnd mov rdx, rsi ; hWndInsertAfter call cs:SetWindowPos mov rdx, rbp ; hDC mov rcx, rbx ; hWnd call cs:ReleaseDC loc_10001292C: movzx eax, cs:byte_10002F3D0 loc_100012933: mov [rsp+608h+var_28], r12 mov [rsp+608h+var_30], r13 mov r13d, cs:dword_10002F418 mov [rsp+608h+var_38], r14 mov r14d, cs:dword_10002F414 sub r14d, [rsp+608h+Rect.left] sub r13d, [rsp+608h+Rect.top] add r14d, [rsp+608h+Rect.right] add r13d, [rsp+608h+Rect.bottom] cmp al, 40h jbe short loc_10001298F mov r12d, 40h jmp short loc_100012993 loc_100012979: test rcx, rcx jz loc_1000128C3 mov eax, 40h sub rax, rcx jmp loc_1000128C6 loc_10001298F: movzx r12d, al loc_100012993: mov ebx, 1 cmp r12d, ebx jle loc_100012A93 mov rbp, rbx db 66h, 66h, 66h nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_1000129B0: lea r8, [rsp+608h+String] lea rcx, [rsp+608h+WindowName] mov r9d, ebx mov edx, 40h call sub_100008380 mov eax, [rsp+608h+Rect.top] mov ecx, [rsp+608h+Rect.left] mov r8d, [rsp+608h+Rect.right] mov r9d, [rsp+608h+Rect.bottom] mov [rsp+608h+var_5B0], rdi sub r9d, eax mov [rsp+608h+var_5B8], rdi sub r8d, ecx mov edx, ebx lea r11, [rbp+7D0h] mov [rsp+608h+var_5C0], r11 shr edx, 2 mov [rsp+608h+var_5C8], rsi mov [rsp+608h+var_5D0], r9d mov [rsp+608h+var_5D8], r8d lea r8, [rsp+608h+WindowName] ; lpWindowName imul edx, r13d add edx, eax mov eax, ebx mov r9d, 50010003h ; dwStyle and eax, 3 mov [rsp+608h+var_5E0], edx lea rdx, aButton_0 ; "BUTTON" imul eax, r14d add eax, ecx xor ecx, ecx ; dwExStyle mov [rsp+608h+var_5E8], eax call cs:CreateWindowExW test rax, rax jz short loc_100012A85 mov r9d, 1 ; lParam mov r8, r15 ; wParam mov rcx, rax ; hWnd lea edx, [r9+2Fh] ; Msg call cs:SendMessageW mov rax, cs:qword_100030178 mov rcx, [rax] bt rcx, rbp jnb short loc_100012A85 lea edx, [rbx+7D0h] ; nIDButton mov r8d, 1 ; uCheck mov rcx, rsi ; hDlg call cs:CheckDlgButton loc_100012A85: inc ebx inc rbp cmp ebx, r12d jl loc_1000129B0 loc_100012A93: mov eax, r12d mov ebp, edi mov r15d, edi cdq mov ecx, eax and edx, 3 add eax, edx sar ecx, 2 and eax, 3 cmp eax, edx lea rdx, [rsp+608h+Points] ; lpRect setnz bpl add ebp, ecx mov rcx, rsi ; hWnd imul ebp, r13d call cs:GetClientRect mov r8d, [rsp+608h+var_590] mov ecx, [rsp+608h+Points.x] mov r11d, 4 mov eax, r8d cmp r12d, r11d cmovl r11d, r12d mov r12, [rsp+608h+var_28] sub eax, ecx inc eax imul r11d, r14d cmp r11d, eax mov r14, [rsp+608h+var_38] jle short loc_100012B06 loc_100012AF9: sub r11d, r8d lea r15d, [r11+rcx-1] test r15d, r15d jnz short loc_100012B0F loc_100012B06: cmp ebp, r13d jle loc_100012C06 loc_100012B0F: mov ecx, cs:dword_10002F418 mov edx, [rsp+608h+var_58C] lea eax, [r8+r15] add edx, ecx mov [rsp+608h+var_5D8], 16h xor r9d, r9d ; Y add edx, ebp xor r8d, r8d ; X mov rcx, rsi ; hWnd mov [rsp+608h+var_5E0], edx xor edx, edx ; hWndInsertAfter mov [rsp+608h+var_5E8], eax call cs:SetWindowPos mov edx, 1 ; nIDDlgItem mov rcx, rsi ; hDlg call cs:GetDlgItem lea rdx, [rsp+608h+Points] ; lpRect mov rcx, rax ; hWnd mov rbx, rax call cs:GetWindowRect lea r8, [rsp+608h+Points] ; lpPoints mov r9d, 2 ; cPoints mov rdx, rsi ; hWndTo xor ecx, ecx ; hWndFrom call cs:MapWindowPoints mov r11d, [rsp+608h+Rect.top] mov r8d, [rsp+608h+Points.x] mov [rsp+608h+var_5D8], 15h lea r9d, [rbp+r11+0] ; Y add r8d, r15d ; X xor edx, edx ; hWndInsertAfter mov rcx, rbx ; hWnd mov [rsp+608h+var_5E0], edi mov [rsp+608h+var_5E8], edi call cs:SetWindowPos mov edx, 2 ; nIDDlgItem mov rcx, rsi ; hDlg call cs:GetDlgItem lea rdx, [rsp+608h+Points] ; lpRect mov rcx, rax ; hWnd mov rbx, rax call cs:GetWindowRect lea r8, [rsp+608h+Points] ; lpPoints mov r9d, 2 ; cPoints mov rdx, rsi ; hWndTo xor ecx, ecx ; hWndFrom call cs:MapWindowPoints mov r11d, [rsp+608h+Rect.top] mov r8d, [rsp+608h+Points.x] mov [rsp+608h+var_5D8], 15h lea r9d, [rbp+r11+0] ; Y add r8d, r15d ; X xor edx, edx ; hWndInsertAfter mov rcx, rbx ; hWnd mov [rsp+608h+var_5E0], edi mov [rsp+608h+var_5E8], edi call cs:SetWindowPos loc_100012C06: ; hWnd mov rcx, [rsp+608h+hWnd] call cs:SetFocus mov r15, [rsp+608h+var_40] mov r13, [rsp+608h+var_30] mov rbp, [rsp+608h+var_10] mov rbx, [rsp+608h+var_8] loc_100012C34: mov rdi, [rsp+608h+var_20] mov rsi, [rsp+608h+var_18] xor eax, eax mov rcx, [rsp+608h+var_58] call sub_1000258D0 add rsp, 608h retn sub_100012670 endp byte_100012C5B db 15h dup(0CCh) sub_100012C70 proc near var_28= qword ptr -28h dwProcessAffinityMask= qword ptr -18h SystemAffinityMask= qword ptr -10h arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 48h mov [rsp+48h+arg_8], rbx mov [rsp+48h+arg_10], rsi mov r8d, edx ; dwProcessId mov rsi, rcx xor edx, edx ; bInheritHandle mov ecx, 600h ; dwDesiredAccess mov [rsp+48h+arg_18], rdi xor ebx, ebx call cs:OpenProcess test rax, rax mov rdi, rax jz short loc_100012D0D lea r8, [rsp+48h+SystemAffinityMask] ; lpSystemAffinityMask lea rdx, [rsp+48h+dwProcessAffinityMask] ; lpProcessAffinityMask mov rcx, rax ; hProcess call cs:GetProcessAffinityMask test eax, eax jz short loc_100012D00 mov r8, [rsi+8] ; hWndParent mov rcx, cs:hInstance ; hInstance lea rax, [rsp+48h+dwProcessAffinityMask] lea r9, sub_100012670 ; lpDialogFunc lea edx, [rbx+7Ch] ; lpTemplateName mov [rsp+48h+var_28], rax call cs:DialogBoxParamW cmp rax, 1 jnz short loc_100012CFB mov rdx, [rsp+48h+dwProcessAffinityMask] ; dwProcessAffinityMask mov rcx, rdi ; hProcess call cs:SetProcessAffinityMask test eax, eax jz short loc_100012D00 mov ebx, 1 jmp short loc_100012D00 loc_100012CFB: mov ebx, 1 loc_100012D00: ; hObject mov rcx, rdi call cs:CloseHandle test ebx, ebx jnz short loc_100012D24 loc_100012D0D: call cs:GetLastError mov rcx, [rsi+8] ; hWnd mov edx, 7568h ; int mov r8d, eax ; int call sub_100007F10 loc_100012D24: mov rdi, [rsp+48h+arg_18] mov rsi, [rsp+48h+arg_10] mov eax, ebx mov rbx, [rsp+48h+arg_8] add rsp, 48h retn sub_100012C70 endp algn_100012D3A: align 20h sub_100012D40 proc near Caption= word ptr -448h Text= word ptr -238h var_28= qword ptr -28h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_18= qword ptr 20h mov r11, rsp sub rsp, 468h mov rax, cs:qword_10002C178 mov [rsp+468h+var_28], rax mov [r11+20h], rbx mov [r11-8], rbp xor ebx, ebx test r8, r8 mov [r11-10h], rsi mov rbp, rcx mov rsi, r8 jnz short loc_100012D9C mov rcx, [rcx+18h] mov eax, ebx mov r8d, [rcx+10h] test r8d, r8d jle short loc_100012D98 mov rcx, [rcx+8] loc_100012D85: mov rsi, [rcx] cmp [rsi+8], edx jz short loc_100012D9C inc eax add rcx, 8 cmp eax, r8d jl short loc_100012D85 loc_100012D98: xor eax, eax jmp short loc_100012DD9 loc_100012D9C: mov [rsp+468h+var_18], rdi lea rdi, aS_0 ; "Ø:" db 66h nop db 66h, 66h nop loc_100012DB0: ; lpString2 mov rdx, [rdi] mov rcx, [rsi+0A8h] ; lpString1 call cs:lstrcmpiW test eax, eax jz short loc_100012E06 inc ebx add rdi, 8 cmp ebx, 5 jb short loc_100012DB0 xor eax, eax loc_100012DD1: mov rdi, [rsp+468h+var_18] loc_100012DD9: mov rsi, [rsp+468h+var_10] mov rbp, [rsp+468h+var_8] mov rbx, [rsp+468h+arg_18] mov rcx, [rsp+468h+var_28] call sub_1000258D0 add rsp, 468h retn loc_100012E06: ; hInstance mov rcx, cs:hInstance lea r8, [rsp+468h+Caption] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, 2721h ; uID call cs:LoadStringW test eax, eax jz short loc_100012E68 mov rcx, cs:hInstance ; hInstance lea r8, [rsp+468h+Text] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, 272Dh ; uID call cs:LoadStringW test eax, eax jz short loc_100012E68 mov rcx, [rbp+8] ; hWnd lea r8, [rsp+468h+Caption] ; lpCaption lea rdx, [rsp+468h+Text] ; lpText mov r9d, 30h ; uType call cs:MessageBoxW loc_100012E68: mov eax, 1 jmp loc_100012DD1 sub_100012D40 endp algn_100012E72: align 20h sub_100012E80 proc near var_28= byte ptr -28h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 48h mov rax, [rcx+18h] mov [rsp+48h+arg_0], rbx mov [rsp+48h+arg_8], rbp mov r10d, [rax+10h] mov [rsp+48h+arg_10], rsi mov [rsp+48h+arg_18], rdi xor edi, edi test r10d, r10d mov [rsp+48h+var_8], r12 mov esi, edx mov rbp, rcx mov r12d, r8d mov r9d, edi jle short loc_100012ED4 mov rax, [rax+8] db 66h nop db 66h, 66h nop loc_100012EC0: mov rbx, [rax] cmp [rbx+8], edx jz short loc_100012EDB inc r9d add rax, 8 cmp r9d, r10d jl short loc_100012EC0 loc_100012ED4: xor eax, eax jmp loc_100012FB5 loc_100012EDB: mov r8, rbx call sub_100012D40 test eax, eax jnz loc_100012FA2 test r12d, r12d mov rbx, [rbx+0B0h] jnz short loc_100012F11 mov edx, 2717h mov rcx, rbp lea r8d, [rdx+2] call sub_10000FAF0 cmp eax, 6 jnz loc_100012FA2 loc_100012F11: test rbx, rbx jnz loc_100012FA2 lea rdx, aSedebugprivile ; "SeDebugPrivilege" lea rcx, [rsp+48h+var_28] call sub_1000244D0 lea ecx, [rbx+1] ; dwDesiredAccess mov r8d, esi ; dwProcessId xor edx, edx ; bInheritHandle call cs:OpenProcess test rax, rax mov rbx, rax jz short loc_100012F7B mov edx, 1 ; uExitCode mov rcx, rax ; hProcess call cs:TerminateProcess test eax, eax jnz short loc_100012F66 call cs:GetLastError mov rcx, rbx ; hObject mov edi, eax call cs:CloseHandle jmp short loc_100012F83 loc_100012F66: mov rax, [rbp+0] mov rcx, rbp call qword ptr [rax+30h] mov rcx, rbx ; hObject call cs:CloseHandle jmp short loc_100012F83 loc_100012F7B: call cs:GetLastError mov edi, eax loc_100012F83: test edi, edi jz short loc_100012FA6 mov rcx, [rbp+8] ; hWnd mov r8d, edi ; int mov edx, 2721h ; int call sub_100007F10 lea rcx, [rsp+48h+var_28] call sub_1000245E0 loc_100012FA2: xor eax, eax jmp short loc_100012FB5 loc_100012FA6: lea rcx, [rsp+48h+var_28] call sub_1000245E0 mov eax, 1 loc_100012FB5: mov r12, [rsp+48h+var_8] mov rdi, [rsp+48h+arg_18] mov rsi, [rsp+48h+arg_10] mov rbp, [rsp+48h+arg_8] mov rbx, [rsp+48h+arg_0] add rsp, 48h retn sub_100012E80 endp algn_100012FD3: align 20h sub_100012FE0 proc near var_908= dword ptr -908h var_900= dword ptr -900h var_8F8= qword ptr -8F8h var_8F0= qword ptr -8F0h var_8E8= qword ptr -8E8h var_8E0= qword ptr -8E0h var_8D8= qword ptr -8D8h hObject= qword ptr -8D0h var_8B8= dword ptr -8B8h var_8B0= byte ptr -8B0h Caption= word ptr -848h Text= word ptr -638h CommandLine= word ptr -428h var_18= qword ptr -18h arg_10= qword ptr 18h arg_18= qword ptr 20h mov r11, rsp sub rsp, 928h mov rax, cs:qword_10002C178 mov [rsp+928h+var_18], rax mov [r11+18h], rbx mov rbx, rcx mov rcx, cs:hInstance ; hInstance mov [r11+20h], rdi mov edi, edx lea r8, [r11-848h] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, 2717h ; uID call cs:LoadStringW test eax, eax jz loc_100013126 mov rcx, cs:hInstance ; hInstance lea r8, [rsp+928h+Text] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, 271Ah ; uID call cs:LoadStringW test eax, eax jz loc_100013126 mov rcx, [rbx+8] ; hWnd lea r8, [rsp+928h+Caption] ; lpCaption lea rdx, [rsp+928h+Text] ; lpText mov r9d, 34h ; uType call cs:MessageBoxW cmp eax, 6 jnz loc_100013126 mov r9, [rbx+68h] lea r8, aSPLd ; "%s -p %ld" lea rcx, [rsp+928h+CommandLine] mov edx, 208h mov [rsp+928h+var_908], edi call sub_100008380 test eax, eax jnz short loc_100013115 lea r8d, [rax+60h] ; size_t lea rcx, [rsp+928h+var_8B0] ; void * xor edx, edx ; int mov [rsp+928h+var_8B8], 68h call memset lea rax, [rsp+928h+var_8B8] lea r11, [rsp+928h+var_8D8] lea rdx, [rsp+928h+CommandLine] ; lpCommandLine xor r9d, r9d ; lpThreadAttributes mov [rsp+928h+var_8E0], r11 mov [rsp+928h+var_8E8], rax xor eax, eax mov [rsp+928h+var_8F0], rax mov [rsp+928h+var_8F8], rax xor r8d, r8d ; lpProcessAttributes xor ecx, ecx ; lpApplicationName mov [rsp+928h+var_900], 10h mov [rsp+928h+var_908], eax call cs:CreateProcessW test eax, eax jnz short loc_10001313A call cs:GetLastError test eax, eax jg short loc_10001312A call cs:GetLastError loc_100013111: test eax, eax jz short loc_100013150 loc_100013115: ; hWnd mov rcx, [rbx+8] mov r8d, eax ; int mov edx, 2722h ; int call sub_100007F10 loc_100013126: xor eax, eax jmp short loc_100013155 loc_10001312A: call cs:GetLastError movzx eax, ax or eax, 80070000h jmp short loc_100013111 loc_10001313A: ; hObject mov rcx, [rsp+928h+hObject] call cs:CloseHandle mov rcx, [rsp+928h+var_8D8] ; hObject call cs:CloseHandle loc_100013150: mov eax, 1 loc_100013155: mov rdi, [rsp+928h+arg_18] mov rbx, [rsp+928h+arg_10] mov rcx, [rsp+928h+var_18] call sub_1000258D0 add rsp, 928h retn sub_100012FE0 endp algn_10001317A: align 20h sub_100013180 proc near Caption= word ptr -448h Text= word ptr -238h var_28= qword ptr -28h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_18= qword ptr 20h mov r11, rsp sub rsp, 468h mov rax, cs:qword_10002C178 mov [rsp+468h+var_28], rax mov [r11+20h], rbx mov [r11-8], rbp mov [r11-10h], rsi mov [r11-18h], rdi xor edi, edi sub r8d, 9C5Dh mov rsi, rdx mov rbp, rcx jz short loc_1000131F0 dec r8d jz short loc_1000131E9 dec r8d jz short loc_1000131E2 sub r8d, 2 jz short loc_1000131DB dec r8d jz short loc_1000131D4 lea ebx, [rdi+20h] jmp short loc_1000131F5 loc_1000131D4: mov ebx, 40h jmp short loc_1000131F5 loc_1000131DB: mov ebx, 4000h jmp short loc_1000131F5 loc_1000131E2: mov ebx, 80h jmp short loc_1000131F5 loc_1000131E9: mov ebx, 8000h jmp short loc_1000131F5 loc_1000131F0: mov ebx, 100h loc_1000131F5: cmp [rdx+60h], ebx jz loc_1000132DA mov rcx, cs:hInstance ; hInstance lea r8, [rsp+468h+Caption] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, 2717h ; uID call cs:LoadStringW test eax, eax jz loc_1000132DA mov rcx, cs:hInstance ; hInstance lea r8, [rsp+468h+Text] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, 2718h ; uID call cs:LoadStringW test eax, eax jz loc_1000132DA mov rcx, [rbp+8] ; hWnd lea r8, [rsp+468h+Caption] ; lpCaption lea rdx, [rsp+468h+Text] ; lpText mov r9d, 34h ; uType call cs:MessageBoxW cmp eax, 6 jnz short loc_1000132DA mov r8d, [rsi+8] ; dwProcessId xor edx, edx ; bInheritHandle mov ecx, 200h ; dwDesiredAccess call cs:OpenProcess test rax, rax mov rsi, rax jz short loc_1000132BD mov edx, ebx ; dwPriorityClass mov rcx, rax ; hProcess call cs:SetPriorityClass test eax, eax jnz short loc_1000132A8 call cs:GetLastError mov rcx, rsi ; hObject mov edi, eax call cs:CloseHandle jmp short loc_1000132C5 loc_1000132A8: mov rax, [rbp+0] mov rcx, rbp call qword ptr [rax+30h] mov rcx, rsi ; hObject call cs:CloseHandle jmp short loc_1000132C5 loc_1000132BD: call cs:GetLastError mov edi, eax loc_1000132C5: test edi, edi jz short loc_1000132DE mov rcx, [rbp+8] ; hWnd mov r8d, edi ; int mov edx, 2723h ; int call sub_100007F10 loc_1000132DA: xor eax, eax jmp short loc_1000132E3 loc_1000132DE: mov eax, 1 loc_1000132E3: mov rdi, [rsp+468h+var_18] mov rsi, [rsp+468h+var_10] mov rbp, [rsp+468h+var_8] mov rbx, [rsp+468h+arg_18] mov rcx, [rsp+468h+var_28] call sub_1000258D0 add rsp, 468h retn sub_100013180 endp algn_100013318: align 20h sub_100013320 proc near lParam= qword ptr -58h var_30= qword ptr -30h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 78h mov rcx, [rcx+8] ; hDlg mov [rax+18h], rbx mov edx, 3F1h ; nIDDlgItem mov [rax+20h], rdi call cs:GetDlgItem mov r9d, 2 ; lParam lea r8, [r9-3] ; wParam mov edx, 100Ch ; Msg mov rcx, rax ; hWnd mov rbx, rax call cs:SendMessageW cmp eax, 0FFFFFFFFh mov rdi, rax jz short loc_10001339F xor edx, edx ; int lea rcx, [rsp+78h+lParam+4] ; void * mov dword ptr [rsp+78h+lParam], 4 lea r8d, [rdx+44h] ; size_t call memset lea r9, [rsp+78h+lParam] ; lParam xor r8d, r8d ; wParam mov edx, 104Bh ; Msg mov rcx, rbx ; hWnd mov dword ptr [rsp+78h+lParam+4], edi call cs:SendMessageW xor ecx, ecx test eax, eax cmovnz rcx, [rsp+78h+var_30] jmp short loc_1000133A1 loc_10001339F: xor ecx, ecx loc_1000133A1: mov rdi, [rsp+78h+arg_18] mov rbx, [rsp+78h+arg_10] mov rax, rcx add rsp, 78h retn sub_100013320 endp algn_1000133B9: align 20h sub_1000133C0 proc near var_78= byte ptr -78h lParam= qword ptr -58h var_30= qword ptr -30h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 98h mov [rax+8], rbx mov [rax+10h], rbp mov [rax+18h], rsi mov [rax+20h], rdi mov rbx, rcx mov rcx, [rcx+8] ; hDlg movzx edi, dx mov edx, 3F1h ; nIDDlgItem loc_1000133E9: mov [rax-8], r12 mov rbp, r8 call cs:GetDlgItem mov r9d, 2 ; lParam lea r8, [r9-3] ; wParam mov edx, 100Ch ; Msg mov rcx, rax ; hWnd mov rsi, rax call cs:SendMessageW cmp eax, 0FFFFFFFFh mov r12, rax jz short loc_10001345B xor edx, edx ; int lea rcx, [rsp+98h+lParam+4] ; void * mov dword ptr [rsp+98h+lParam], 4 lea r8d, [rdx+44h] ; size_t call memset lea r9, [rsp+98h+lParam] ; lParam xor r8d, r8d ; wParam mov edx, 104Bh ; Msg mov rcx, rsi ; hWnd mov dword ptr [rsp+98h+lParam+4], r12d call cs:SendMessageW xor esi, esi test eax, eax mov rcx, rsi cmovnz rcx, [rsp+98h+var_30] jmp short loc_100013460 loc_10001345B: xor esi, esi mov rcx, rsi loc_100013460: mov r12, [rsp+98h+var_8] movzx r8d, di cmp r8d, 9C5Bh jg loc_100013536 loc_100013479: cmp r8d, 9C5Bh jz loc_100013512 sub r8d, 3F0h jz short loc_1000134EB sub r8d, 2 jz short loc_1000134A4 dec r8d jz short loc_100013512 cmp r8d, 27h jnz loc_100013680 loc_1000134A4: test rcx, rcx jz loc_100013680 mov rax, [rbx+18h] mov ebp, [rcx+8] mov ecx, esi mov edx, [rax+10h] test edx, edx jle loc_100013680 mov rax, [rax+8] db 66h, 66h, 66h nop db 66h, 66h nop db 66h, 66h, 66h nop loc_1000134D0: mov rdi, [rax] cmp [rdi+8], ebp jz loc_1000135BA inc ecx add rax, 8 cmp ecx, edx jl short loc_1000134D0 jmp loc_100013680 loc_1000134EB: ; lParam xor r9d, r9d xor r8d, r8d ; wParam mov edx, 0F0h ; Msg mov rcx, rbp ; hWnd call cs:SendMessageW cmp rax, 1 setz sil mov cs:dword_100030168, esi jmp loc_100013680 loc_100013512: test rcx, rcx jz loc_100013680 cmp qword ptr [rbx+68h], 0 jz loc_100013680 mov edx, [rcx+8] mov rcx, rbx call sub_100012FE0 jmp loc_100013680 loc_100013536: cmp r8d, 9C5Ch jz loc_1000134A4 cmp r8d, 9C5Ch jle loc_100013680 cmp r8d, 9C62h jle short loc_1000135A1 cmp r8d, 9C77h jz short loc_100013588 cmp r8d, 9CA9h jnz loc_100013680 test rcx, rcx jz loc_100013680 mov edx, [rcx+8] mov rcx, rbx call sub_100014270 jmp loc_100013680 loc_100013588: test rcx, rcx jz loc_100013680 mov edx, [rcx+8] mov rcx, rbx call sub_100012C70 jmp loc_100013680 loc_1000135A1: test rcx, rcx jz loc_100013680 mov rdx, rcx mov rcx, rbx call sub_100013180 jmp loc_100013680 loc_1000135BA: mov r8, rdi mov edx, ebp mov rcx, rbx call sub_100012D40 test eax, eax jnz loc_100013680 mov rdi, [rdi+0B0h] mov edx, 2717h mov rcx, rbx lea r8d, [rdx+2] call sub_10000FAF0 cmp eax, 6 jnz loc_100013680 test rdi, rdi jnz loc_100013680 lea rdx, aSedebugprivile ; "SeDebugPrivilege" lea rcx, [rsp+98h+var_78] call sub_1000244D0 lea ecx, [rdi+1] ; dwDesiredAccess mov r8d, ebp ; dwProcessId xor edx, edx ; bInheritHandle call cs:OpenProcess test rax, rax mov rdi, rax jz short loc_100013659 mov edx, 1 ; uExitCode mov rcx, rax ; hProcess call cs:TerminateProcess test eax, eax jnz short loc_100013645 call cs:GetLastError mov rcx, rdi ; hObject mov esi, eax call cs:CloseHandle jmp short loc_100013661 loc_100013645: mov rax, [rbx] mov rcx, rbx call qword ptr [rax+30h] mov rcx, rdi ; hObject call cs:CloseHandle jmp short loc_100013661 loc_100013659: call cs:GetLastError mov esi, eax loc_100013661: test esi, esi jz short loc_100013676 mov rcx, [rbx+8] ; hWnd mov r8d, esi ; int mov edx, 2721h ; int call sub_100007F10 loc_100013676: lea rcx, [rsp+98h+var_78] call sub_1000245E0 loc_100013680: mov rdi, [rsp+98h+arg_18] mov rsi, [rsp+98h+arg_10] mov rbp, [rsp+98h+arg_8] mov rbx, [rsp+98h+arg_0] add rsp, 98h retn sub_1000133C0 endp algn_1000136A8: align 10h ; int __fastcall sub_1000136B0(HWND hDlg, UINT Msg, WPARAM wParam, LPARAM lParam, __int64, __int64, __int64, __int64) sub_1000136B0 proc near lParam= qword ptr -88h var_78= qword ptr -78h var_58= byte ptr -58h var_4C= dword ptr -4Ch var_48= dword ptr -48h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 0A8h mov [rax+8], rbx mov [rax+10h], rbp mov [rax+18h], rsi mov [rax+20h], rdi mov ebx, edx mov [rax-8], r12 mov edx, 0FFFFFFEBh ; nIndex mov r12, rcx mov rdi, r9 mov rsi, r8 call cs:GetWindowLongPtrW cmp ebx, 0A3h mov rbp, rax jb short loc_10001371B cmp ebx, 0A5h jbe short loc_100013707 cmp ebx, 202h jbe short loc_10001371B cmp ebx, 205h ja short loc_10001371B loc_100013707: mov rcx, cs:hWnd mov r9, rdi mov r8, rsi mov edx, ebx jmp loc_1000137D6 loc_10001371B: cmp ebx, 0A3h ja loc_100013869 cmp ebx, 0A3h jz loc_100013AAA cmp ebx, 2 jz loc_100013802 cmp ebx, 5 jz loc_1000137EB cmp ebx, 15h jz short loc_1000137BA cmp ebx, 4Eh jz short loc_1000137A8 cmp ebx, 7Bh jnz loc_100013ABF mov rcx, rax call sub_100013320 test rax, rax jz loc_100013ABF cmp dword ptr [rax+8], 0 jz loc_100013ABF mov edx, 3F1h ; nIDDlgItem mov rcx, r12 ; hDlg call cs:GetDlgItem cmp rsi, rax jnz loc_100013ABF mov rax, rdi movsx edx, di mov rcx, rbp shr rax, 10h movsx r8d, ax call sub_100012310 lea eax, [rbx-7Ah] jmp loc_100013AC1 loc_1000137A8: mov rdx, rdi mov rcx, rax call sub_100011D10 cdqe jmp loc_100013AC1 loc_1000137BA: ; nIDDlgItem mov edx, 3F1h mov rcx, r12 ; hDlg call cs:GetDlgItem mov r9, rdi ; lParam mov r8, rsi ; wParam mov rcx, rax ; hWnd mov edx, 15h ; Msg loc_1000137D6: call cs:SendMessageW mov rax, 1 jmp loc_100013AC1 loc_1000137EB: mov rcx, rax call sub_100011AD0 mov rax, 1 jmp loc_100013AC1 loc_100013802: ; nIDDlgItem mov edx, 3F1h mov rcx, r12 ; hDlg call cs:GetDlgItem xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov rcx, rax ; hWnd mov edx, 101Fh ; Msg call cs:SendMessageW lea rcx, unk_1000300F4 ; void * mov edx, 0FFh ; int mov r8d, 68h ; size_t mov rbx, rax call memset xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov edx, 1200h ; Msg mov rcx, rbx ; hWnd call cs:SendMessageW lea r9, unk_1000300F4 mov edx, 1211h movsxd r8, eax mov rcx, rbx jmp loc_100013AB9 loc_100013869: cmp ebx, 202h ja loc_1000139A6 cmp ebx, 201h jnb loc_10001397C sub ebx, 110h jz short loc_1000138A4 dec ebx jnz loc_100013ABF mov r8, rdi movzx edx, si mov rcx, rax call sub_1000133C0 jmp loc_100013ABF loc_1000138A4: ; dwNewLong mov r8, rdi mov edx, 0FFFFFFEBh ; nIndex mov rcx, r12 ; hWnd call cs:SetWindowLongPtrW mov edx, 3F1h ; nIDDlgItem mov rcx, r12 ; hDlg mov [rdi+8], r12 call cs:GetDlgItem mov edx, 0FFFFFFF0h ; nIndex mov rcx, rax ; hWnd mov rbx, rax call cs:GetWindowLongW mov edx, 0FFFFFFF0h ; nIndex mov rcx, rbx ; hWnd or eax, 8 mov r8d, eax ; dwNewLong call cs:SetWindowLongW mov r9d, 10030h ; lParam xor r8d, r8d ; wParam mov edx, 1036h ; Msg mov rcx, rbx ; hWnd call cs:SendMessageW mov edx, 3F0h ; nIDDlgItem mov rcx, r12 ; hDlg call cs:GetDlgItem test rax, rax mov rbx, rax jz loc_100013ABF cmp cs:dword_10002F478, 0 jz short loc_10001396C mov edx, 1 ; nCmdShow mov rcx, rax ; hWnd call cs:ShowWindow call sub_10000F7E0 test eax, eax jnz short loc_10001394D xor edx, edx ; bEnable mov rcx, rbx ; hWnd call cs:EnableWindow jmp loc_100013ABF loc_10001394D: xor ebp, ebp mov edx, 0F1h mov rcx, rbx cmp cs:dword_100030168, ebp setnz bpl xor r9d, r9d mov r8, rbp jmp loc_100013AB9 loc_10001396C: ; nCmdShow xor edx, edx mov rcx, rax ; hWnd call cs:ShowWindow jmp loc_100013ABF loc_10001397C: test byte ptr cs:dword_10003015C, 10h jz loc_100013ABF xor ebp, ebp cmp ebx, 202h mov r8d, 2 setz bpl lea edx, [rbp+0A1h] jmp loc_100013AAF loc_1000139A6: cmp ebx, 203h jz loc_100013AAA cmp ebx, 401h jnz loc_100013ABF mov r11, [rax+18h] xor ebp, ebp mov r8d, [r11+10h] mov r10d, ebp db 66h nop db 66h, 66h nop loc_1000139D0: test r8d, r8d mov ecx, ebp jz loc_100013A79 mov rdx, [r11+8] nop loc_1000139E0: test r10d, r10d mov rbx, [rdx] mov eax, [rbx+8] jnz short loc_100013A65 cmp rsi, rax jnz short loc_100013A6A loc_1000139F0: ; nIDDlgItem mov edx, 3F1h mov rcx, r12 ; hDlg call cs:GetDlgItem lea r9, [rsp+0A8h+lParam] ; lParam mov edx, 1053h ; Msg mov r8, 0FFFFFFFFFFFFFFFFh ; wParam mov rcx, rax ; hWnd mov dword ptr [rsp+0A8h+lParam], 1 mov rdi, rax mov [rsp+0A8h+var_78], rbx call cs:SendMessageW test eax, eax js short loc_100013A88 movsxd rbx, eax lea r9, [rsp+0A8h+var_58] ; lParam mov edx, 102Bh ; Msg mov rcx, rdi ; hWnd mov r8, rbx ; wParam mov [rsp+0A8h+var_48], 0Fh mov [rsp+0A8h+var_4C], 3 call cs:SendMessageW xor r9d, r9d mov r8, rbx mov edx, 1013h mov rcx, rdi jmp short loc_100013AB9 loc_100013A65: cmp rdi, rax jz short loc_1000139F0 loc_100013A6A: inc ecx add rdx, 8 cmp ecx, r8d jb loc_1000139E0 loc_100013A79: inc r10d cmp r10d, 2 jl loc_1000139D0 jmp short loc_100013ABF loc_100013A88: mov [rsp+0A8h+var_48], 3 mov [rsp+0A8h+var_4C], ebp lea r9, [rsp+0A8h+var_58] mov edx, 102Bh mov r8, 0FFFFFFFFFFFFFFFFh mov rcx, rdi jmp short loc_100013AB9 loc_100013AAA: ; wParam mov r8, rsi mov edx, ebx ; Msg loc_100013AAF: ; hWnd mov rcx, cs:hWnd mov r9, rdi ; lParam loc_100013AB9: call cs:SendMessageW loc_100013ABF: xor eax, eax loc_100013AC1: mov r12, [rsp+0A8h+var_8] mov rdi, [rsp+0A8h+arg_18] mov rsi, [rsp+0A8h+arg_10] mov rbp, [rsp+0A8h+arg_8] mov rbx, [rsp+0A8h+arg_0] add rsp, 0A8h retn sub_1000136B0 endp algn_100013AF1: align 20h loc_100013B00: mov rcx, cs:hInstance mov r9d, r8d mov r8, rdx mov edx, 2714h jmp cs:LoadStringW align 20h sub_100013B20 proc near var_28= dword ptr -28h var_20= dword ptr -20h var_18= dword ptr -18h arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 48h loc_100013B24: mov [rsp+48h+arg_8], rbx loc_100013B29: mov [rsp+48h+arg_10], rsi mov [rsp+48h+arg_18], rdi mov rdi, rcx mov rcx, [rcx+8] ; hWnd mov edx, 5 ; nCmdShow call cs:ShowWindow mov rcx, [rdi+8] ; hWnd xor eax, eax mov [rsp+48h+var_18], 3 mov [rsp+48h+var_20], eax xor r9d, r9d ; Y xor r8d, r8d ; X xor edx, edx ; hWndInsertAfter mov [rsp+48h+var_28], eax call cs:SetWindowPos mov rcx, cs:hWnd ; hWnd call cs:GetMenu mov rcx, cs:hInstance ; hInstance mov edx, 79h ; lpMenuName mov rbx, rax call cs:LoadMenuW mov rcx, rax ; hMenu mov rsi, rax call sub_100005790 test byte ptr cs:dword_10003015C, 10h mov cs:hMenu, rsi jnz short loc_100013BB6 mov rcx, cs:hWnd ; hWnd mov rdx, rsi ; hMenu call cs:SetMenu loc_100013BB6: test rbx, rbx mov rsi, [rsp+48h+arg_10] jz short loc_100013BC9 loc_100013BC0: ; hMenu mov rcx, rbx call cs:DestroyMenu loc_100013BC9: call cs:GetFocus mov rbx, [rsp+48h+arg_8] cmp rax, [rdi+10h] jz short loc_100013BF2 loc_100013BDA: ; hDlg mov rcx, [rdi+8] mov edx, 3F1h ; nIDDlgItem call cs:GetDlgItem mov rcx, rax ; hWnd call cs:SetFocus loc_100013BF2: xor eax, eax mov rdi, [rsp+48h+arg_18] add rsp, 48h retn sub_100013B20 endp byte_100013BFE db 12h dup(0CCh) sub_100013C10 proc near var_458= qword ptr -458h var_450= qword ptr -450h var_448= dword ptr -448h hKey= qword ptr -440h String= word ptr -438h var_2A= word ptr -2Ah var_28= qword ptr -28h mov r11, rsp sub rsp, 478h mov rax, cs:qword_10002C178 mov [rsp+478h+var_28], rax mov [r11+18h], rbx mov [r11+20h], rbp lea rax, [rsp+478h+hKey] mov rbp, rdx mov [r11-8], rsi mov rsi, rcx lea rdx, aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"... mov r9d, 20019h ; samDesired xor r8d, r8d ; ulOptions mov rcx, 0FFFFFFFF80000002h ; hKey mov [rsp+478h+var_458], rax call cs:RegOpenKeyExW test eax, eax jnz loc_100013D93 mov rcx, [rsp+478h+hKey] ; hKey lea rax, [rsp+478h+var_448] lea rdx, aDebugger ; "Debugger" mov [rsp+478h+var_450], rax lea rax, [rsp+478h+String] xor r9d, r9d ; lpType xor r8d, r8d ; lpReserved mov [rsp+478h+var_448], 410h mov [rsp+478h+var_458], rax call cs:RegQueryValueExW mov rcx, [rsp+478h+hKey] ; hKey movsxd rbx, eax call cs:RegCloseKey test rbx, rbx jnz loc_100013D93 movzx ecx, [rsp+478h+String] mov [rsp+478h+var_2A], bx lea rax, [rsp+478h+String] cmp cx, 22h jnz short loc_100013CF5 db 66h, 66h nop loc_100013CD0: movzx ecx, word ptr [rax+2] add rax, 2 test cx, cx jz short loc_100013CE9 cmp cx, 22h jnz short loc_100013CD0 add rax, 2 jmp short loc_100013D0A loc_100013CE9: cmp word ptr [rax], 22h jnz short loc_100013D0A add rax, 2 jmp short loc_100013D0A loc_100013CF5: cmp cx, 20h jbe short loc_100013D0A db 66h nop db 66h, 66h nop loc_100013D00: add rax, 2 cmp word ptr [rax], 20h ja short loc_100013D00 loc_100013D0A: ; lpString lea rcx, [rsp+478h+String] mov word ptr [rax], 0 call cs:lstrlenW test eax, eax jz short loc_100013D93 lea rdx, String2 ; "drwtsn32" lea rcx, [rsp+478h+String] ; lpString1 call cs:lstrcmpiW test eax, eax jz short loc_100013D93 lea rdx, aDrwtsn32_exe ; "drwtsn32.exe" lea rcx, [rsp+478h+String] ; lpString1 call cs:lstrcmpiW test eax, eax jz short loc_100013D93 lea rcx, [rsp+478h+String] ; lpString call cs:lstrlenW mov ecx, 40h ; uFlags inc eax mov ebx, eax lea rdx, [rax+rax] ; uBytes call cs:LocalAlloc test rax, rax mov [rsi+68h], rax jnz short loc_100013D7B mov eax, 8007000Eh jmp sub_100013EB5 loc_100013D7B: lea r8, [rsp+478h+String] mov rdx, rbx mov rcx, rax call sub_100008300 test eax, eax js sub_100013EB5 loc_100013D93: xor r9d, r9d lea rdx, unk_10002F330 xor ecx, ecx lea r8d, [r9+40h] call cs:NtQuerySystemInformation test eax, eax jns short loc_100013DB7 mov eax, 80004005h jmp sub_100013EB5 loc_100013DB7: mov edx, 28h sub_100013C10 endp ; sp-analysis failed sub_100013DBC proc near arg_18= qword ptr 20h arg_460= qword ptr 468h mov [rsp+arg_460], rdi lea ecx, [rdx+18h] ; uFlags call cs:LocalAlloc test rax, rax mov rbx, rax jz short loc_100013DFA call cs:GetProcessHeap xor edi, edi lea rcx, qword_100003B10 mov [rbx+8], rdi mov [rbx+10h], edi mov [rbx+14h], edi mov [rbx], rcx mov [rbx+20h], rax mov [rbx+18h], edi jmp short loc_100013DFF loc_100013DFA: xor edi, edi mov rbx, rdi loc_100013DFF: test rbx, rbx mov [rsi+18h], rbx jnz short loc_100013E12 mov eax, 8007000Eh jmp loc_100013EAD loc_100013E12: ; hWndParent mov r8, cs:hWnd mov rcx, cs:hInstance ; hInstance lea r9, sub_1000136B0 ; lpDialogFunc mov edx, 6Eh ; lpTemplateName mov [rsi+10h], rbp mov [rsp+arg_18], rsi call cs:CreateDialogParamW test rax, rax mov [rsi+8], rax jnz short loc_100013E66 call cs:GetLastError test eax, eax jg short loc_100013E56 call cs:GetLastError jmp short loc_100013EAD loc_100013E56: call cs:GetLastError movzx eax, ax or eax, 80070000h jmp short loc_100013EAD loc_100013E66: mov rcx, rsi call sub_10000FBC0 test eax, eax jns short loc_100013E87 mov rcx, [rsi+8] ; hWnd call cs:DestroyWindow mov [rsi+8], rdi mov eax, 80004005h jmp short loc_100013EAD loc_100013E87: ; hDlg mov rcx, [rsi+8] mov edx, 3F1h ; nIDDlgItem call cs:GetDlgItem mov rcx, rsi mov rdx, rax call sub_100010570 mov r11, [rsi] mov rcx, rsi call qword ptr [r11+30h] xor eax, eax loc_100013EAD: mov rdi, [rsp+arg_460] sub_100013DBC endp ; sp-analysis failed sub_100013EB5 proc near arg_448= qword ptr 450h arg_468= qword ptr 470h arg_488= qword ptr 490h arg_490= qword ptr 498h mov rsi, [rsp+arg_468] mov rbp, [rsp+arg_490] mov rbx, [rsp+arg_488] mov rcx, [rsp+arg_448] call sub_1000258D0 add rsp, 478h retn sub_100013EB5 endp ; sp-analysis failed algn_100013EE2: align 10h sub_100013EF0 proc near arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov rax, [rcx+18h] loc_100013EF8: mov [rsp+28h+arg_0], rbx mov [rsp+28h+arg_8], rbp xor ebp, ebp test rax, rax mov [rsp+28h+arg_10], rsi mov rsi, rcx jz short loc_100013F8D movsxd rax, dword ptr [rax+10h] loc_100013F15: mov [rsp+28h+arg_18], rdi test eax, eax mov rdi, rax jz short loc_100013F71 db 66h, 66h nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_100013F30: mov rax, [rsi+18h] mov rcx, [rax+8] mov rbx, [rcx+rdi*8-8] test rbx, rbx jz short loc_100013F6C mov rcx, [rbx+0A8h] ; hMem test rcx, rcx jz short loc_100013F54 call cs:LocalFree loc_100013F54: ; hMem mov rcx, [rbx+10h] test rcx, rcx jz short loc_100013F63 call cs:LocalFree loc_100013F63: ; hMem mov rcx, rbx call cs:LocalFree loc_100013F6C: dec rdi jnz short loc_100013F30 loc_100013F71: mov rcx, [rsi+18h] mov rdi, [rsp+28h+arg_18] test rcx, rcx jz short loc_100013F89 loc_100013F7F: mov rax, [rcx] mov edx, 1 call qword ptr [rax] loc_100013F89: mov [rsi+18h], rbp loc_100013F8D: mov rbx, [rsi+20h] test rbx, rbx jz short loc_100013FAE call cs:GetProcessHeap mov r8, rbx ; lpMem xor edx, edx ; dwFlags mov rcx, rax ; hHeap call cs:HeapFree mov [rsi+20h], rbp loc_100013FAE: ; hWnd mov rcx, [rsi+8] mov rbx, [rsp+28h+arg_0] test rcx, rcx jz short loc_100013FC6 loc_100013FBC: call cs:DestroyWindow mov [rsi+8], rbp loc_100013FC6: ; hMem mov rcx, [rsi+68h] test rcx, rcx jz short loc_100013FD9 call cs:LocalFree mov [rsi+68h], rbp loc_100013FD9: mov rsi, [rsp+28h+arg_10] mov rbp, [rsp+28h+arg_8] xor eax, eax add rsp, 28h retn sub_100013EF0 endp algn_100013FEA: align 10h sub_100013FF0 proc near lParam= qword ptr -38h var_30= dword ptr -30h var_2C= dword ptr -2Ch var_28= dword ptr -28h var_24= dword ptr -24h var_20= dword ptr -20h var_1C= dword ptr -1Ch var_18= dword ptr -18h var_14= dword ptr -14h arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 58h xor eax, eax mov [rsp+58h+arg_8], rbp mov [rsp+58h+arg_10], rsi xor esi, esi cmp cs:dword_100030024, 0FFFFFFFFh mov rbp, rcx mov dword ptr [rsp+58h+lParam+4], eax mov [rsp+58h+var_30], eax mov [rsp+58h+var_2C], eax mov dword ptr [rsp+58h+lParam], esi mov [rsp+58h+var_28], eax mov [rsp+58h+var_24], eax mov [rsp+58h+var_20], eax mov [rsp+58h+var_1C], eax mov [rsp+58h+var_18], eax mov [rsp+58h+var_14], eax jz short loc_100014097 loc_100014036: mov [rsp+58h+arg_18], rdi lea rdi, dword_100030024 mov [rsp+58h+arg_0], rbx loc_100014047: ; hDlg mov rcx, [rbp+8] mov edx, 3F1h ; nIDDlgItem mov dword ptr [rsp+58h+lParam], 2 movsxd rbx, esi call cs:GetDlgItem lea r9, [rsp+58h+lParam] ; lParam mov r8, rbx ; wParam mov edx, 105Fh ; Msg mov rcx, rax ; hWnd call cs:SendMessageW test eax, eax jz short loc_100014082 mov eax, [rsp+58h+var_30] mov [rdi+68h], eax loc_100014082: add rdi, 4 inc esi cmp dword ptr [rdi], 0FFFFFFFFh jnz short loc_100014047 mov rdi, [rsp+58h+arg_18] mov rbx, [rsp+58h+arg_0] loc_100014097: mov rsi, [rsp+58h+arg_10] mov rbp, [rsp+58h+arg_8] add rsp, 58h retn sub_100013FF0 endp algn_1000140A6: align 10h sub_1000140B0 proc near lParam= qword ptr -38h var_30= dword ptr -30h var_2C= dword ptr -2Ch var_28= dword ptr -28h var_24= dword ptr -24h var_20= dword ptr -20h var_1C= dword ptr -1Ch var_18= dword ptr -18h var_14= dword ptr -14h arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 58h xor eax, eax loc_1000140B6: mov [rsp+58h+arg_8], rbp mov [rsp+58h+arg_10], rsi xor esi, esi cmp cs:dword_100030024, 0FFFFFFFFh mov rbp, rcx mov dword ptr [rsp+58h+lParam+4], eax mov [rsp+58h+var_30], eax mov [rsp+58h+var_2C], eax mov dword ptr [rsp+58h+lParam], esi mov [rsp+58h+var_28], eax mov [rsp+58h+var_24], eax mov [rsp+58h+var_20], eax mov [rsp+58h+var_1C], eax mov [rsp+58h+var_18], eax mov [rsp+58h+var_14], eax jz short loc_100014157 loc_1000140F6: mov [rsp+58h+arg_18], rdi lea rdi, dword_100030024 mov [rsp+58h+arg_0], rbx loc_100014107: ; hDlg mov rcx, [rbp+8] mov edx, 3F1h ; nIDDlgItem mov dword ptr [rsp+58h+lParam], 2 movsxd rbx, esi call cs:GetDlgItem lea r9, [rsp+58h+lParam] ; lParam mov r8, rbx ; wParam mov edx, 105Fh ; Msg mov rcx, rax ; hWnd call cs:SendMessageW test eax, eax jz short loc_100014142 mov eax, [rsp+58h+var_30] mov [rdi+68h], eax loc_100014142: add rdi, 4 inc esi cmp dword ptr [rdi], 0FFFFFFFFh jnz short loc_100014107 mov rdi, [rsp+58h+arg_18] mov rbx, [rsp+58h+arg_0] loc_100014157: ; hWnd mov rcx, [rbp+8] mov rsi, [rsp+58h+arg_10] mov rbp, [rsp+58h+arg_8] test rcx, rcx jz short loc_100014172 loc_10001416A: ; nCmdShow xor edx, edx call cs:ShowWindow loc_100014172: add rsp, 58h retn sub_1000140B0 endp algn_100014177: align 20h sub_100014180 proc near var_48= qword ptr -48h var_38= dword ptr -38h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= dword ptr 10h arg_10= dword ptr 18h arg_18= qword ptr 20h arg_20= qword ptr 28h mov [rsp+arg_18], r9 mov [rsp+arg_10], r8d mov [rsp+arg_8], edx mov [rsp+arg_0], rcx sub rsp, 68h mov [rsp+68h+var_8], rbx mov rbx, [rsp+68h+arg_20] mov [rsp+68h+var_10], rbp mov [rsp+68h+var_20], rdi mov r10, rcx mov eax, r8d mov rdi, r9 mov [rsp+68h+var_18], rsi mov ecx, 1 xor ebp, ebp loc_1000141C3: cmp [rdi+58h], eax jnz short loc_100014233 mov esi, [rdi+50h] cmp esi, eax jz short loc_100014233 cmp rbx, [rdi+20h] jge short loc_100014233 mov rax, [rdi+20h] mov r8d, esi mov rcx, r10 mov [rsp+68h+var_48], rax call sub_100014180 mov edx, [rsp+68h+arg_8] cmp esi, edx mov ecx, eax mov [rsp+68h+var_38], eax jz short loc_100014226 mov rcx, [rsp+68h+arg_0] mov r8d, 1 mov edx, esi call sub_100012E80 mov ecx, [rsp+68h+var_38] mov r9, [rsp+68h+arg_18] mov r10, [rsp+68h+arg_0] mov edx, [rsp+68h+arg_8] cmp ecx, 1 cmovz ecx, eax jmp short loc_100014233 loc_100014226: mov r9, [rsp+68h+arg_18] mov r10, [rsp+68h+arg_0] loc_100014233: mov eax, [rdi] test eax, eax jz short loc_10001424C add ebp, eax mov eax, [rsp+68h+arg_10] mov edi, ebp add rdi, r9 jmp loc_1000141C3 loc_10001424C: mov rdi, [rsp+68h+var_20] mov rsi, [rsp+68h+var_18] mov rbp, [rsp+68h+var_10] mov rbx, [rsp+68h+var_8] mov eax, ecx add rsp, 68h retn sub_100014180 endp algn_100014267: align 10h sub_100014270 proc near var_898= qword ptr -898h Buffer= word ptr -888h Caption= word ptr -678h Text= word ptr -468h var_258= byte ptr -258h var_48= qword ptr -48h var_30= qword ptr -30h var_28= qword ptr -28h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_10= qword ptr 18h arg_18= qword ptr 20h mov r11, rsp sub rsp, 8B8h mov rax, cs:qword_10002C178 mov [rsp+8B8h+var_48], rax mov [r11+18h], rbx mov [r11+20h], rbp mov [r11-8], rsi mov [r11-10h], rdi mov [r11-18h], r12 mov [r11-20h], r13 mov [r11-28h], r14 mov r12d, edx mov r13, rcx mov [r11-30h], r15 mov r14d, 1 call cs:GetCurrentProcessId xor ebp, ebp mov r15d, eax mov rax, [r13+18h] mov r8d, [rax+10h] mov ecx, ebp test r8d, r8d jle short loc_1000142EB mov rax, [rax+8] loc_1000142D3: mov rsi, [rax] cmp [rsi+8], r12d jz loc_10001449E inc ecx add rax, 8 cmp ecx, r8d jl short loc_1000142D3 loc_1000142EB: ; hInstance mov rcx, cs:hInstance lea r8, [rsp+8B8h+Caption] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, 2717h ; uID call cs:LoadStringW test eax, eax jz loc_10001453C mov rcx, cs:hInstance ; hInstance lea r8, [rsp+8B8h+Buffer] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, 9CAAh ; uID call cs:LoadStringW test eax, eax jz loc_10001453C mov rcx, [r13+8] ; hWnd lea r8, [rsp+8B8h+Caption] ; lpCaption lea rdx, [rsp+8B8h+Buffer] ; lpText mov r9d, 34h ; uType call cs:MessageBoxW cmp eax, 6 jnz loc_10001453C mov rcx, r13 call sub_100014560 test rax, rax mov rbx, rax jz loc_100014543 cmp [rax+50h], r12d jz short loc_100014397 db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_100014380: mov ecx, [rax] test ecx, ecx jz loc_100014432 add ebp, ecx mov eax, ebp add rax, rbx cmp [rax+50h], r12d jnz short loc_100014380 loc_100014397: mov rax, [rax+20h] mov r9, rbx mov r8d, r12d mov edx, r15d mov rcx, r13 mov [rsp+8B8h+var_898], rax call sub_100014180 cmp r12d, r15d mov r14d, eax jz short loc_1000143CA mov r8d, 1 mov edx, r12d mov rcx, r13 call sub_100012E80 loc_1000143CA: cmp r14d, 1 jz short loc_100014432 loc_1000143D0: ; hInstance mov rcx, cs:hInstance lea r8, [rsp+8B8h+Buffer] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, 9CABh ; uID call cs:LoadStringW test eax, eax jz short loc_100014432 mov rcx, cs:hInstance ; hInstance lea r8, [rsp+8B8h+Caption] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, 9CACh ; uID call cs:LoadStringW test eax, eax jz short loc_100014432 mov rcx, [r13+8] ; hWnd lea r8, [rsp+8B8h+Buffer] ; lpCaption lea rdx, [rsp+8B8h+Caption] ; lpText mov r9d, 10h ; uType call cs:MessageBoxW loc_100014432: call cs:GetProcessHeap mov r8, rbx ; lpMem xor edx, edx ; dwFlags mov rcx, rax ; hHeap call cs:HeapFree mov eax, r14d loc_100014449: mov r15, [rsp+8B8h+var_30] mov r14, [rsp+8B8h+var_28] mov r13, [rsp+8B8h+var_20] mov r12, [rsp+8B8h+var_18] mov rdi, [rsp+8B8h+var_10] mov rsi, [rsp+8B8h+var_8] mov rbp, [rsp+8B8h+arg_18] mov rbx, [rsp+8B8h+arg_10] mov rcx, [rsp+8B8h+var_48] call sub_1000258D0 add rsp, 8B8h retn loc_10001449E: mov ebx, ebp lea rdi, aS_0 ; "Ø:" db 66h, 66h nop db 66h, 66h nop db 66h, 66h nop loc_1000144B0: ; lpString2 mov rdx, [rdi] mov rcx, [rsi+0A8h] ; lpString1 call cs:lstrcmpiW test eax, eax jz short loc_1000144D4 inc ebx add rdi, 8 cmp ebx, 5 jb short loc_1000144B0 jmp loc_1000142EB loc_1000144D4: ; hInstance mov rcx, cs:hInstance lea r8, [rsp+8B8h+var_258] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, 2721h ; uID call cs:LoadStringW test eax, eax jz short loc_10001453C mov rcx, cs:hInstance ; hInstance lea r8, [rsp+8B8h+Text] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, 272Dh ; uID call cs:LoadStringW test eax, eax jz short loc_10001453C mov rcx, [r13+8] ; hWnd lea r8, [rsp+8B8h+var_258] ; lpCaption lea rdx, [rsp+8B8h+Text] ; lpText mov r9d, 30h ; uType call cs:MessageBoxW loc_10001453C: xor eax, eax jmp loc_100014449 loc_100014543: mov r14d, ebp jmp loc_1000143D0 sub_100014270 endp algn_10001454B: align 20h sub_100014560 proc near var_18= dword ptr -18h arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 38h mov [rsp+38h+arg_8], rbx mov [rsp+38h+arg_10], rsi mov [rsp+38h+arg_18], rdi mov edi, 6400h call cs:GetProcessHeap mov r8, rdi ; dwBytes mov rcx, rax ; hHeap xor edx, edx ; dwFlags call cs:HeapAlloc test rax, rax mov rbx, rax jz short loc_100014607 xor esi, esi db 66h, 66h, 66h nop db 66h, 66h nop db 66h, 66h nop loc_1000145A0: lea r9, [rsp+38h+var_18] mov r8d, edi mov rdx, rbx mov ecx, 5 call cs:NtQuerySystemInformation test eax, eax mov edi, eax jz short loc_1000145D3 call cs:GetProcessHeap mov r8, rbx ; lpMem xor edx, edx ; dwFlags mov rcx, rax ; hHeap call cs:HeapFree mov rbx, rsi loc_1000145D3: cmp edi, 0C0000004h jnz short loc_10001461D mov ecx, [rsp+38h+var_18] mov eax, ecx shr eax, 4 lea edi, [rax+rcx+2000h] call cs:GetProcessHeap mov r8d, edi ; dwBytes mov rcx, rax ; hHeap xor edx, edx ; dwFlags call cs:HeapAlloc test rax, rax mov rbx, rax jnz short loc_1000145A0 loc_100014607: xor eax, eax mov rdi, [rsp+38h+arg_18] mov rsi, [rsp+38h+arg_10] mov rbx, [rsp+38h+arg_8] add rsp, 38h retn loc_10001461D: test edi, edi mov rdi, [rsp+38h+arg_18] cmovs rbx, rsi mov rsi, [rsp+38h+arg_10] mov rax, rbx mov rbx, [rsp+38h+arg_8] add rsp, 38h retn sub_100014560 endp algn_10001463A: align 20h sub_100014640 proc near var_10= qword ptr -10h var_8= qword ptr -8 arg_18= qword ptr 20h sub rsp, 38h mov [rsp+38h+arg_18], rbx mov [rsp+38h+var_8], rsi mov rsi, rdx mov [rsp+38h+var_10], rdi movsxd rdi, dword ptr [rcx+10h] mov r8d, 0FFFFFFFFh lea edx, [rdi+1] mov rbx, rcx call sub_100014710 test eax, eax jnz short loc_100014683 mov rdi, [rsp+38h+var_10] mov rsi, [rsp+38h+var_8] mov rbx, [rsp+38h+arg_18] add rsp, 38h retn loc_100014683: mov rax, [rbx+8] mov rbx, [rsp+38h+arg_18] mov [rax+rdi*8], rsi mov rdi, [rsp+38h+var_10] mov rsi, [rsp+38h+var_8] mov eax, 1 add rsp, 38h retn sub_100014640 endp algn_1000146A4: align 10h sub_1000146B0 proc near sub rsp, 28h mov r8, [rcx+8] lea rax, qword_100003B10 sub_1000146B0 endp ; sp-analysis failed sub_1000146BF proc near arg_38= qword ptr 40h arg_40= qword ptr 48h mov [rsp+arg_38], rbx mov [rcx], rax mov ebx, edx mov [rsp+arg_40], rdi mov rdi, rcx mov rcx, [rcx+20h] ; hHeap xor edx, edx ; dwFlags call cs:HeapFree test bl, 1 mov rbx, [rsp+arg_38] jz short loc_1000146F0 sub_1000146BF endp ; sp-analysis failed sub_1000146E7 proc near arg_40= qword ptr 48h mov rcx, rdi ; hMem call cs:LocalFree loc_1000146F0: mov rax, rdi mov rdi, [rsp+arg_40] add rsp, 28h retn sub_1000146E7 endp ; sp-analysis failed byte_1000146FD db 13h dup(0CCh) sub_100014710 proc near var_10= qword ptr -10h var_8= qword ptr -8 arg_18= qword ptr 20h sub rsp, 38h test edx, edx mov eax, [rcx+18h] mov [rsp+38h+arg_18], rbx mov [rsp+38h+var_8], rsi mov [rsp+38h+var_10], rdi mov rbx, rcx movsxd rdi, edx jnz short loc_100014752 mov r8, [rcx+8] ; lpMem mov rcx, [rcx+20h] ; hHeap call cs:HeapFree xor r11d, r11d mov [rbx+8], r11 mov [rbx+14h], r11d mov [rbx+10h], r11d jmp loc_100014822 loc_100014752: mov r10, [rcx+8] test r10, r10 jnz short loc_100014781 mov rcx, [rcx+20h] ; hHeap mov r8, rdi lea edx, [r10+8] ; dwFlags shl r8, 3 ; dwBytes call cs:HeapAlloc test rax, rax jz loc_100014802 mov [rbx+14h], edi jmp loc_10001481B loc_100014781: mov r8d, [rcx+14h] cmp edi, r8d jg short loc_1000147AE movsxd rcx, dword ptr [rcx+10h] cmp edi, ecx jle loc_10001481F mov eax, edi xor edx, edx ; int sub eax, ecx lea rcx, [r10+rcx*8] ; void * movsxd r8, eax shl r8, 3 ; size_t call memset jmp short loc_10001481F loc_1000147AE: test eax, eax jnz short loc_1000147DA mov eax, [rcx+10h] cdq and edx, 7 add eax, edx sar eax, 3 cmp eax, 4 mov ecx, eax jl short loc_1000147CE mov eax, 400h cmp ecx, eax jg short loc_1000147DA loc_1000147CE: mov edx, 4 mov eax, ecx cmp ecx, edx cmovl eax, edx loc_1000147DA: ; hHeap mov rcx, [rbx+20h] add eax, r8d mov esi, edi cmp edi, eax mov r8, r10 ; lpMem mov edx, 8 ; dwFlags cmovl esi, eax movsxd r9, esi shl r9, 3 ; dwBytes call cs:HeapReAlloc test rax, rax jnz short loc_100014818 loc_100014802: xor eax, eax mov rdi, [rsp+38h+var_10] mov rsi, [rsp+38h+var_8] mov rbx, [rsp+38h+arg_18] add rsp, 38h retn loc_100014818: mov [rbx+14h], esi loc_10001481B: mov [rbx+8], rax loc_10001481F: mov [rbx+10h], edi loc_100014822: mov rdi, [rsp+38h+var_10] mov rsi, [rsp+38h+var_8] mov rbx, [rsp+38h+arg_18] mov eax, 1 add rsp, 38h retn sub_100014710 endp byte_10001483B db 15h dup(0CCh) sub_100014850 proc near var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 38h mov [rax+8], rbx mov [rax+10h], rbp mov [rax+18h], rsi mov [rax+20h], rdi mov [rax-8], r12 xor r12d, r12d mov [rax-10h], r13 mov [rax-18h], r14 movsxd r14, dword ptr [rcx+10h] test r14, r14 mov rsi, rdx mov rdi, rcx mov r13d, r12d mov rbp, r12 jle loc_100014946 nop loc_100014890: mov rax, [rdi+8] mov ecx, cs:dword_10002FEC0 test ecx, ecx mov rbx, [rax+rbp*8] jz short loc_1000148F6 dec ecx jz short loc_1000148D4 dec ecx jz short loc_1000148C1 dec ecx jnz short loc_10001490C mov rdx, [rbx+18h] ; lpString2 mov rcx, [rsi+18h] ; lpString1 call cs:lstrcmpiW mov r11d, eax jmp short loc_100014907 loc_1000148C1: ; lpString2 mov rdx, [rbx+10h] mov rcx, [rsi+10h] ; lpString1 call cs:lstrcmpiW mov r11d, eax jmp short loc_100014907 loc_1000148D4: movsxd rax, dword ptr [rsi+20h] movsxd rcx, dword ptr [rbx+20h] cmp rax, rcx jnb short loc_1000148E9 mov r11d, 0FFFFFFFFh jmp short loc_100014929 loc_1000148E9: cmp rax, rcx jbe short loc_10001490C mov r11d, 1 jmp short loc_100014929 loc_1000148F6: ; lpString2 mov rdx, [rbx+8] mov rcx, [rsi+8] ; lpString1 call cs:lstrcmpiW mov r11d, eax loc_100014907: test r11d, r11d jnz short loc_100014929 loc_10001490C: mov rax, [rsi] mov rcx, [rbx] cmp rax, rcx jnb short loc_10001491F mov r11d, 0FFFFFFFFh jmp short loc_100014929 loc_10001491F: cmp rax, rcx mov r11d, r12d setnbe r11b loc_100014929: mov eax, cs:dword_10002D694 imul eax, r11d test eax, eax js short loc_100014979 inc rbp inc r13d cmp rbp, r14 jl loc_100014890 loc_100014946: movsxd rbp, dword ptr [rdi+10h] mov eax, [rdi+18h] lea ebx, [rbp+1] test ebx, ebx jnz loc_1000149F4 mov r8, [rdi+8] ; lpMem mov rcx, [rdi+20h] ; hHeap xor edx, edx ; dwFlags call cs:HeapFree mov [rdi+8], r12 mov [rdi+14h], r12d mov [rdi+10h], r12d jmp loc_100014AA5 loc_100014979: mov ebp, [rdi+10h] cmp r13d, ebp jl short loc_10001499C lea edx, [r13+1] mov r8d, 0FFFFFFFFh mov rcx, rdi call sub_100014710 test eax, eax jnz short loc_1000149E4 jmp loc_100014AB3 loc_10001499C: lea edx, [rbp+1] mov r8d, 0FFFFFFFFh mov rcx, rdi call sub_100014710 test eax, eax jz loc_100014AB3 mov r9, [rdi+8] lea eax, [r13+1] movsxd rbx, r13d movsxd rcx, eax sub ebp, r13d lea rdx, [r9+rbx*8] ; void * movsxd r8, ebp lea rcx, [r9+rcx*8] ; void * shl r8, 3 ; size_t call memmove mov r11, [rdi+8] xor eax, eax mov [r11+rbx*8], rax loc_1000149E4: mov rax, [rdi+8] movsxd rcx, r13d mov [rax+rcx*8], rsi jmp loc_100014AAD loc_1000149F4: mov r10, [rdi+8] test r10, r10 jnz short loc_100014A20 mov rcx, [rdi+20h] ; hHeap movsxd r8, ebx lea edx, [r10+8] ; dwFlags shl r8, 3 ; dwBytes call cs:HeapAlloc test rax, rax jz loc_100014AB3 mov [rdi+14h], ebx jmp short loc_100014A9E loc_100014A20: mov r8d, [rdi+14h] cmp ebx, r8d jg short loc_100014A45 cmp ebx, ebp jle short loc_100014AA2 mov eax, ebx lea rcx, [r10+rbp*8] ; void * xor edx, edx ; int sub eax, ebp movsxd r8, eax shl r8, 3 ; size_t call memset jmp short loc_100014AA2 loc_100014A45: test eax, eax jnz short loc_100014A70 mov eax, ebp cdq and edx, 7 add eax, edx sar eax, 3 cmp eax, 4 mov ecx, eax jl short loc_100014A64 mov eax, 400h cmp ecx, eax jg short loc_100014A70 loc_100014A64: mov edx, 4 mov eax, ecx cmp ecx, edx cmovl eax, edx loc_100014A70: ; hHeap mov rcx, [rdi+20h] add eax, r8d mov r13d, ebx cmp ebx, eax mov r8, r10 ; lpMem mov edx, 8 ; dwFlags cmovl r13d, eax movsxd r9, r13d shl r9, 3 ; dwBytes call cs:HeapReAlloc test rax, rax jz short loc_100014AB3 mov [rdi+14h], r13d loc_100014A9E: mov [rdi+8], rax loc_100014AA2: mov [rdi+10h], ebx loc_100014AA5: mov rax, [rdi+8] mov [rax+rbp*8], rsi loc_100014AAD: mov r12d, 1 loc_100014AB3: mov r14, [rsp+38h+var_18] mov r13, [rsp+38h+var_10] mov rdi, [rsp+38h+arg_18] mov rsi, [rsp+38h+arg_10] mov rbp, [rsp+38h+arg_8] mov rbx, [rsp+38h+arg_0] mov eax, r12d mov r12, [rsp+38h+var_8] add rsp, 38h retn sub_100014850 endp byte_100014ADE db 12h dup(0CCh) sub_100014AF0 proc near arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov edx, 28h ; uBytes mov [rsp+28h+arg_8], rbp mov rbp, rcx lea ecx, [rdx+18h] ; uFlags mov [rsp+28h+arg_18], rdi call cs:LocalAlloc test rax, rax mov rdi, rax jz loc_100014BB5 loc_100014B1B: mov [rsp+28h+arg_0], rbx call cs:GetProcessHeap xor ebx, ebx mov [rdi+8], rbx mov [rdi+10h], ebx mov [rdi+14h], ebx mov [rdi+20h], rax mov [rdi+18h], ebx lea rcx, qword_100003B10 mov [rdi], rcx mov rax, [rbp+0] mov [rsp+28h+arg_10], rsi movsxd rsi, dword ptr [rax+10h] test rsi, rsi jle short loc_100014B80 db 66h, 66h, 66h nop db 66h, 66h nop db 66h, 66h, 66h nop loc_100014B60: mov rax, [rbp+0] mov rcx, [rax+8] mov rdx, [rcx+rbx*8] mov rcx, rdi call sub_100014850 test eax, eax jz short loc_100014BC6 inc rbx cmp rbx, rsi jl short loc_100014B60 loc_100014B80: mov rcx, [rbp+0] test rcx, rcx jz short loc_100014B93 mov rax, [rcx] mov edx, 1 call qword ptr [rax] loc_100014B93: mov [rbp+0], rdi mov eax, 1 loc_100014B9C: mov rsi, [rsp+28h+arg_10] mov rbx, [rsp+28h+arg_0] mov rdi, [rsp+28h+arg_18] mov rbp, [rsp+28h+arg_8] add rsp, 28h retn loc_100014BB5: mov rdi, [rsp+28h+arg_18] mov rbp, [rsp+28h+arg_8] xor eax, eax add rsp, 28h retn loc_100014BC6: mov rax, [rdi] mov edx, 1 mov rcx, rdi call qword ptr [rax] xor eax, eax jmp short loc_100014B9C sub_100014AF0 endp algn_100014BD7: align 20h sub_100014BE0 proc near arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h loc_100014BE4: mov [rsp+28h+arg_0], rbx mov [rsp+28h+arg_10], rsi mov [rsp+28h+arg_18], rdi mov rdi, [rcx+80h] lea rax, off_100002D10 mov rsi, rcx test rdi, rdi mov [rcx], rax jz short loc_100014C5E loc_100014C0C: mov [rsp+28h+arg_8], rbp xor ebp, ebp nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_100014C20: mov rbx, rdi mov rdi, [rdi+10h] mov rcx, [rbx] ; hMem test rcx, rcx jz short loc_100014C38 call cs:LocalFree mov [rbx], rbp loc_100014C38: ; hMem mov rcx, [rbx+8] test rcx, rcx jz short loc_100014C4B call cs:LocalFree mov [rbx+8], rbp loc_100014C4B: ; hMem mov rcx, rbx call cs:LocalFree test rdi, rdi jnz short loc_100014C20 mov rbp, [rsp+28h+arg_8] loc_100014C5E: mov rax, [rsi+18h] test rax, rax jz short loc_100014CCD movsxd rax, dword ptr [rax+10h] test eax, eax mov rdi, rax jz short loc_100014CCD db 66h nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_100014C80: mov rax, [rsi+18h] mov rcx, [rax+8] mov rbx, [rcx+rdi*8-8] test rbx, rbx jz short loc_100014CC8 mov rcx, [rbx+8] ; hMem test rcx, rcx jz short loc_100014CA1 call cs:LocalFree loc_100014CA1: ; hMem mov rcx, [rbx+10h] test rcx, rcx jz short loc_100014CB0 call cs:LocalFree loc_100014CB0: ; hMem mov rcx, [rbx+18h] test rcx, rcx jz short loc_100014CBF call cs:LocalFree loc_100014CBF: ; hMem mov rcx, rbx call cs:LocalFree loc_100014CC8: dec rdi jnz short loc_100014C80 loc_100014CCD: mov rcx, [rsi+18h] mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_0] test rcx, rcx mov rsi, [rsp+28h+arg_10] jz short loc_100014CEF loc_100014CE5: mov rax, [rcx] mov edx, 1 call qword ptr [rax] loc_100014CEF: add rsp, 28h retn sub_100014BE0 endp algn_100014CF4: align 20h ; int __fastcall sub_100014D00(HLOCAL hMem) sub_100014D00 proc near push rbx sub rsp, 20h mov rbx, rcx mov rcx, [rcx+8] ; hMem test rcx, rcx jz short loc_100014D18 call cs:LocalFree loc_100014D18: ; hMem mov rcx, [rbx+10h] test rcx, rcx jz short loc_100014D27 call cs:LocalFree loc_100014D27: ; hMem mov rcx, [rbx+18h] test rcx, rcx jz short loc_100014D36 call cs:LocalFree loc_100014D36: ; hMem mov rcx, rbx call cs:LocalFree mov rax, rbx add rsp, 20h pop rbx retn sub_100014D00 endp algn_100014D48: align 10h sub_100014D50 proc near lParam= qword ptr -78h var_6C= dword ptr -6Ch var_68= dword ptr -68h var_60= qword ptr -60h var_54= dword ptr -54h var_50= qword ptr -50h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 98h mov [rax+8], rbx mov [rax+10h], rbp mov [rax-8], r12 mov r12, rcx mov rcx, [rcx+8] ; hDlg mov edx, 41Dh ; nIDDlgItem call cs:GetDlgItem xor r9d, r9d ; lParam xor r8d, r8d ; wParam lea edx, [r9+0Bh] ; Msg mov rcx, rax ; hWnd mov rbp, rax call cs:SendMessageW mov eax, cs:wParam cmp [r12+38h], eax jz loc_100014E40 mov edx, 0FFFFFFF0h ; nIndex mov rcx, rbp ; hWnd mov [r12+38h], eax call cs:GetWindowLongW mov ebx, eax mov eax, cs:wParam and ebx, 0FFFFFFFCh cmp eax, 1 jnz short loc_100014DE0 mov r9, [r12+28h] ; lParam mov edx, 1003h ; Msg mov r8d, eax ; wParam mov rcx, rbp ; hWnd call cs:SendMessageW or ebx, 102h jmp short loc_100014E1B loc_100014DE0: cmp eax, 2 jnz short loc_100014E01 mov r9, [r12+28h] ; lParam lea r8d, [rax-1] ; wParam mov edx, 1003h ; Msg mov rcx, rbp ; hWnd call cs:SendMessageW or ebx, 1 jmp short loc_100014E1B loc_100014E01: ; lParam mov r9, [r12+30h] xor r8d, r8d ; wParam mov edx, 1003h ; Msg mov rcx, rbp ; hWnd call cs:SendMessageW bts ebx, 8 loc_100014E1B: ; lParam xor r9d, r9d xor r8d, r8d ; wParam mov edx, 1009h ; Msg mov rcx, rbp ; hWnd call cs:SendMessageW mov r8d, ebx ; dwNewLong mov edx, 0FFFFFFF0h ; nIndex mov rcx, rbp ; hWnd call cs:SetWindowLongW loc_100014E40: mov [rsp+98h+arg_10], rsi loc_100014E48: mov [rsp+98h+arg_18], rdi mov [rsp+98h+var_10], r13 xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov edx, 1004h ; Msg mov rcx, rbp ; hWnd mov [rsp+98h+var_18], r14 mov [rsp+98h+var_20], r15 call cs:SendMessageW mov rcx, [r12+18h] xor edi, edi movsxd r13, dword ptr [rcx+10h] xor esi, esi test eax, eax mov r15, rax movsxd r14, eax jle loc_100014F57 loc_100014E94: cmp rsi, r13 jge loc_100014F57 xor edx, edx ; int lea rcx, [rsp+98h+lParam+4] ; void * lea r8d, [rdx+44h] ; size_t call memset lea r9, [rsp+98h+lParam] ; lParam xor r8d, r8d ; wParam mov edx, 104Bh ; Msg mov rcx, rbp ; hWnd mov dword ptr [rsp+98h+lParam], 7 mov dword ptr [rsp+98h+lParam+4], edi call cs:SendMessageW test eax, eax jz loc_100015080 mov rax, [r12+18h] mov rcx, [rax+8] mov rbx, [rcx+rsi*8] cmp [rsp+98h+var_50], rbx jnz short loc_100014EF1 cmp dword ptr [rbx+50h], 0 jz short loc_100014F49 loc_100014EF1: cmp cs:wParam, 0 mov rax, [rbx+8] mov [rsp+98h+var_50], rbx mov [rsp+98h+var_60], rax jnz short loc_100014F11 mov eax, [rbx+40h] mov [rsp+98h+var_54], eax jmp short loc_100014F18 loc_100014F11: mov eax, [rbx+30h] mov [rsp+98h+var_54], eax loc_100014F18: ; lParam lea r9, [rsp+98h+lParam] xor r8d, r8d ; wParam mov edx, 104Ch ; Msg mov rcx, rbp ; hWnd call cs:SendMessageW movsxd r8, edi ; wParam mov edx, 1015h ; Msg mov r9, r8 ; lParam mov rcx, rbp ; hWnd call cs:SendMessageW mov dword ptr [rbx+50h], 0 loc_100014F49: inc rsi inc edi cmp rsi, r14 jl loc_100014E94 loc_100014F57: cmp edi, r15d jge short loc_100014F89 sub r15d, edi movsxd rsi, edi mov ebx, r15d db 66h, 66h, 66h nop db 66h, 66h nop db 66h, 66h, 66h nop loc_100014F70: ; lParam xor r9d, r9d mov r8, rsi ; wParam mov edx, 1008h ; Msg mov rcx, rbp ; hWnd call cs:SendMessageW dec rbx jnz short loc_100014F70 loc_100014F89: movsxd rbx, edi cmp rbx, r13 jge loc_100015025 db 66h, 66h, 66h nop db 66h, 66h nop db 66h, 66h, 66h nop loc_100014FA0: mov rax, [r12+18h] xor edx, edx ; int mov rcx, [rax+8] lea r8d, [rdx+44h] ; size_t mov rsi, [rcx+rbx*8] lea rcx, [rsp+98h+lParam+4] ; void * call memset test edi, edi mov dword ptr [rsp+98h+lParam], 7 mov dword ptr [rsp+98h+lParam+4], edi mov rax, [rsi+8] mov [rsp+98h+var_50], rsi mov [rsp+98h+var_60], rax mov eax, [rsi+40h] mov [rsp+98h+var_54], eax jnz short loc_100014FFA mov [rsp+98h+var_6C], 3 mov [rsp+98h+var_68], 3 mov dword ptr [rsp+98h+lParam], 0Fh loc_100014FFA: ; lParam lea r9, [rsp+98h+lParam] xor r8d, r8d ; wParam mov edx, 104Dh ; Msg mov rcx, rbp ; hWnd call cs:SendMessageW inc rbx inc edi cmp rbx, r13 mov dword ptr [rsi+50h], 0 jl loc_100014FA0 loc_100015025: ; lParam xor r9d, r9d mov rcx, rbp ; hWnd lea edx, [r9+0Bh] ; Msg lea r8d, [r9+1] ; wParam call cs:SendMessageW xor eax, eax loc_10001503B: mov r15, [rsp+98h+var_20] mov r14, [rsp+98h+var_18] mov r13, [rsp+98h+var_10] mov r12, [rsp+98h+var_8] mov rdi, [rsp+98h+arg_18] mov rsi, [rsp+98h+arg_10] mov rbp, [rsp+98h+arg_8] mov rbx, [rsp+98h+arg_0] add rsp, 98h retn loc_100015080: ; lParam xor r9d, r9d mov rcx, rbp ; hWnd lea edx, [r9+0Bh] ; Msg lea r8d, [r9+1] ; wParam call cs:SendMessageW mov eax, 80004005h jmp short loc_10001503B sub_100014D50 endp byte_10001509B db 15h dup(0CCh) sub_1000150B0 proc near var_8= qword ptr -8 arg_18= qword ptr 20h sub rsp, 28h test r8d, r8d mov [rsp+28h+arg_18], rbx mov rbx, rdx jz short loc_1000150F9 loc_1000150C1: mov [rsp+28h+var_8], rdi mov edi, r8d db 66h, 66h nop db 66h, 66h, 66h nop loc_1000150D0: ; hWnd mov rcx, [rbx] call cs:IsIconic test eax, eax jz short loc_1000150EB mov rcx, [rbx] ; hWnd mov edx, 9 ; nCmdShow call cs:ShowWindow loc_1000150EB: add rbx, 8 dec rdi jnz short loc_1000150D0 mov rdi, [rsp+28h+var_8] loc_1000150F9: mov rbx, [rsp+28h+arg_18] add rsp, 28h retn sub_1000150B0 endp algn_100015103: align 10h sub_100015110 proc near arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov [rsp+28h+arg_0], rbx mov [rsp+28h+arg_8], rbp mov [rsp+28h+arg_10], rsi xor ebx, ebx test edx, edx mov [rsp+28h+arg_18], rdi mov rsi, r8 mov rbp, rcx jz short loc_100015161 call sub_100015260 test rax, rax mov rdi, rax jz loc_1000151DA loc_100015145: mov eax, [rdi+10h] test eax, eax mov [rsi], eax jnz loc_1000151F5 mov rax, [rdi] mov edx, 1 mov rcx, rdi call qword ptr [rax] jmp short loc_1000151DA loc_100015161: ; uBytes mov edx, 28h lea ecx, [rdx+18h] ; uFlags call cs:LocalAlloc test rax, rax mov rdi, rax jz short loc_1000151D8 call cs:GetProcessHeap mov [rdi+8], rbx mov [rdi+10h], ebx mov [rdi+14h], ebx mov [rdi+18h], ebx mov [rdi+20h], rax lea rcx, qword_100003B10 mov r8d, 0FFFFFFFFh mov [rdi], rcx mov rbp, [rbp+18h] mov rcx, rdi mov edx, [rbp+10h] call sub_100014710 test eax, eax jz short loc_1000151CB movsxd r8, dword ptr [rbp+10h] mov rdx, [rbp+8] ; void * mov rcx, [rdi+8] ; void * shl r8, 3 ; size_t call memmove jmp loc_100015145 loc_1000151CB: mov rax, [rdi] mov edx, 1 mov rcx, rdi call qword ptr [rax] loc_1000151D8: mov [rsi], ebx loc_1000151DA: xor eax, eax loc_1000151DC: mov rdi, [rsp+28h+arg_18] mov rsi, [rsp+28h+arg_10] mov rbp, [rsp+28h+arg_8] mov rbx, [rsp+28h+arg_0] add rsp, 28h retn loc_1000151F5: mov rdx, rax xor ecx, ecx ; uFlags shl rdx, 3 ; uBytes call cs:LocalAlloc test rax, rax mov rbp, rax jnz short loc_100015210 mov [rsi], ebx jmp short loc_10001523A loc_100015210: cmp [rsi], ebx jbe short loc_10001523A mov edx, [rsi] db 66h, 66h, 66h nop db 66h, 66h nop db 66h, 66h nop loc_100015220: mov rax, [rdi+8] add rbx, 8 dec rdx mov rcx, [rbx+rax-8] mov rax, [rcx] mov [rbx+rbp-8], rax jnz short loc_100015220 loc_10001523A: mov rax, [rdi] mov edx, 1 mov rcx, rdi call qword ptr [rax] mov rax, rbp jmp short loc_1000151DC sub_100015110 endp algn_10001524C: align 20h sub_100015260 proc near lParam= qword ptr -68h var_40= qword ptr -40h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 88h mov rcx, [rcx+8] ; hDlg mov edx, 41Dh ; nIDDlgItem mov [rsp+88h+var_10], r13 mov [rsp+88h+var_18], r14 call cs:GetDlgItem xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov edx, 1032h ; Msg mov rcx, rax ; hWnd mov r14, rax call cs:SendMessageW test eax, eax mov r13, rax jnz short loc_1000152B0 mov r14, [rsp+88h+var_18] mov r13, [rsp+88h+var_10] add rsp, 88h retn loc_1000152B0: ; uBytes mov edx, 28h loc_1000152B5: mov [rsp+88h+arg_0], rbx lea ecx, [rdx+18h] ; uFlags call cs:LocalAlloc test rax, rax mov rbx, rax jz loc_1000153EA loc_1000152D2: mov [rsp+88h+arg_18], rdi call cs:GetProcessHeap xor edi, edi test r13d, r13d mov [rsp+88h+arg_8], rbp lea rcx, qword_100003B10 mov [rsp+88h+arg_10], rsi mov [rsp+88h+var_8], r12 mov [rbx+20h], rax mov [rbx], rcx mov [rbx+8], rdi mov [rbx+10h], edi mov [rbx+14h], edi mov [rbx+18h], edi lea r12d, [rdi-1] jle loc_1000153AD loc_100015322: ; wParam movsxd r8, r12d mov edx, 100Ch ; Msg mov r9d, 2 ; lParam mov rcx, r14 ; hWnd call cs:SendMessageW cmp eax, 0FFFFFFFFh mov r12, rax jz loc_1000153EE xor edx, edx ; int lea rcx, [rsp+88h+lParam+4] ; void * mov dword ptr [rsp+88h+lParam], 4 lea r8d, [rdx+44h] ; size_t call memset lea r9, [rsp+88h+lParam] ; lParam xor r8d, r8d ; wParam mov edx, 104Bh ; Msg mov rcx, r14 ; hWnd mov dword ptr [rsp+88h+lParam+4], r12d call cs:SendMessageW test eax, eax jz short loc_1000153EE movsxd rsi, dword ptr [rbx+10h] mov rbp, [rsp+88h+var_40] mov r8d, 0FFFFFFFFh lea edx, [rsi+1] mov rcx, rbx call sub_100014710 test eax, eax jz short loc_1000153EE mov rax, [rbx+8] inc edi cmp edi, r13d mov [rax+rsi*8], rbp jl loc_100015322 loc_1000153AD: mov rax, rbx loc_1000153B0: mov rbp, [rsp+88h+arg_8] mov rsi, [rsp+88h+arg_10] mov r12, [rsp+88h+var_8] mov rdi, [rsp+88h+arg_18] loc_1000153D0: mov rbx, [rsp+88h+arg_0] mov r14, [rsp+88h+var_18] mov r13, [rsp+88h+var_10] add rsp, 88h retn loc_1000153EA: xor eax, eax jmp short loc_1000153D0 loc_1000153EE: mov rax, [rbx] mov edx, 1 mov rcx, rbx call qword ptr [rax] xor eax, eax jmp short loc_1000153B0 sub_100015260 endp byte_1000153FF db 11h dup(0CCh) sub_100015410 proc near var_38= qword ptr -38h var_30= qword ptr -30h Points= qword ptr -28h var_20= dword ptr -20h var_1C= dword ptr -1Ch var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 58h mov [rax+8], rbx mov [rax+10h], rbp mov [rax+18h], rsi mov [rax+20h], rdi mov [rax-8], r12 mov [rax-10h], r13 mov r12, rcx mov rcx, [rcx+8] ; hDlg mov [rax-18h], r14 mov r14d, edx mov edx, 41Dh ; nIDDlgItem mov r13d, r8d call cs:GetDlgItem mov rcx, r12 mov rbx, rax call sub_100015260 test rax, rax mov rsi, rax jz loc_1000155D7 cmp r14w, 0FFFFh jnz short loc_1000154C6 cmp r13w, r14w jnz short loc_1000154C6 mov r9d, 2 ; lParam mov edx, 100Ch ; Msg mov rcx, rbx ; hWnd lea r8, [r9-3] ; wParam call cs:SendMessageW lea r9, [rsp+58h+Points] ; lParam mov edx, 100Eh ; Msg mov rcx, rbx ; hWnd movsxd r8, eax ; wParam mov dword ptr [rsp+58h+Points], 1 call cs:SendMessageW lea r8, [rsp+58h+Points] ; lpPoints mov r9d, 2 ; cPoints xor edx, edx ; hWndTo mov rcx, rbx ; hWndFrom call cs:MapWindowPoints mov r14d, [rsp+58h+var_20] mov r13d, [rsp+58h+var_1C] loc_1000154C6: ; hInstance mov rcx, cs:hInstance mov edx, 75h ; lpMenuName call cs:LoadMenuW test rax, rax mov rdi, rax jz loc_1000155C5 xor edx, edx ; nPos mov rcx, rax ; hMenu call cs:GetSubMenu test rax, rax mov rbx, rax jz short loc_100015508 xor edx, edx ; uPosition mov r8d, 400h ; uFlags mov rcx, rdi ; hMenu call cs:RemoveMenu loc_100015508: ; hMenu mov rcx, rdi call cs:DestroyMenu test rbx, rbx jz loc_1000155C5 xor r8d, r8d ; fByPos mov edx, 9C6Ch ; uItem mov rcx, rbx ; hMenu call cs:SetMenuDefaultItem cmp dword ptr [rsi+10h], 2 mov edi, 3 jge short loc_100015569 mov r8d, edi ; uEnable mov edx, 9C69h ; uIDEnableItem mov rcx, rbx ; hMenu call cs:EnableMenuItem mov r8d, edi ; uEnable mov edx, 9C6Ah ; uIDEnableItem mov rcx, rbx ; hMenu call cs:EnableMenuItem mov r8d, edi ; uEnable mov edx, 755Bh ; uIDEnableItem mov rcx, rbx ; hMenu call cs:EnableMenuItem loc_100015569: xor ebp, ebp cmp dword ptr [rsi+10h], 1 mov edx, 9C6Dh ; uIDEnableItem cmovz edi, ebp mov rcx, rbx ; hMenu mov r8d, edi ; uEnable call cs:EnableMenuItem mov rax, [r12+8] mov r9d, r13d ; int mov r8d, r14d ; int xor edx, edx ; UINT mov rcx, rbx ; HMENU mov [rsp+58h+var_30], rbp mov dword ptr [r12+20h], 1 mov cs:dword_10002F3E4, 1 mov [rsp+58h+var_38], rax call cs:TrackPopupMenuEx mov rcx, rbx ; hMenu mov cs:dword_10002F3E4, ebp call cs:DestroyMenu loc_1000155C5: mov rax, [rsi] mov edx, 1 mov rcx, rsi call qword ptr [rax] jmp loc_1000156BC loc_1000155D7: ; hInstance mov rcx, cs:hInstance xor ebp, ebp lea edx, [rbp+77h] ; lpMenuName mov rbx, rbp call cs:LoadMenuW test rax, rax mov rdi, rax jz short loc_100015646 xor edx, edx ; nPos mov rcx, rax ; hMenu call cs:GetSubMenu test rax, rax mov rbx, rax jz short loc_100015618 xor edx, edx ; uPosition mov r8d, 400h ; uFlags mov rcx, rdi ; hMenu call cs:RemoveMenu loc_100015618: ; hMenu mov rcx, rdi call cs:DestroyMenu test rbx, rbx jz short loc_100015646 mov ecx, 1 ; rest call cs:SHRestricted test eax, eax jz short loc_100015646 xor r8d, r8d ; uFlags mov edx, 9C41h ; uPosition mov rcx, rbx ; hMenu call cs:DeleteMenu loc_100015646: mov eax, [r12+38h] test eax, eax jnz short loc_100015657 mov r9d, 9C4Fh jmp short loc_100015668 loc_100015657: cmp eax, 1 mov r9d, ebp setnz r9b add r9d, 9C50h ; UINT loc_100015668: test rbx, rbx jz short loc_1000156BC mov edx, 9C4Fh ; UINT mov rcx, rbx ; HMENU mov dword ptr [rsp+58h+var_38], ebp lea r8d, [rdx+2] ; UINT call cs:CheckMenuRadioItem mov rax, [r12+8] mov r9d, r13d ; int mov r8d, r14d ; int xor edx, edx ; UINT mov rcx, rbx ; HMENU mov [rsp+58h+var_30], rbp mov cs:dword_10002F3E4, 1 mov [rsp+58h+var_38], rax call cs:TrackPopupMenuEx mov rcx, rbx ; hMenu mov cs:dword_10002F3E4, ebp call cs:DestroyMenu loc_1000156BC: mov r14, [rsp+58h+var_18] mov r13, [rsp+58h+var_10] mov r12, [rsp+58h+var_8] mov rdi, [rsp+58h+arg_18] mov rsi, [rsp+58h+arg_10] mov rbp, [rsp+58h+arg_8] mov rbx, [rsp+58h+arg_0] add rsp, 58h retn sub_100015410 endp algn_1000156E4: align 10h sub_1000156F0 proc near var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov [rsp+28h+arg_8], rbp mov [rsp+28h+arg_10], rsi mov [rsp+28h+arg_18], rdi mov [rsp+28h+var_8], r12 mov rsi, rcx lea rdi, qword_100002FA0 xor r12d, r12d mov [rsp+28h+arg_0], rbx mov ebp, 2 nop loc_100015720: cmp [rsi+3Ch], r12d mov edx, [rdi] ; nIDDlgItem mov rcx, [rsi+8] ; hDlg mov ebx, r12d setnbe bl call cs:GetDlgItem mov rcx, rax ; hWnd mov edx, ebx ; bEnable call cs:EnableWindow add rdi, 4 dec rbp jnz short loc_100015720 cmp cs:dword_10002FEF4, r12d jnz loc_1000157E1 mov rcx, rsi call sub_100015260 test rax, rax mov rbp, rax jz short loc_1000157E1 cmp dword ptr [rax+10h], 1 mov rcx, cs:hWnd ; hWnd mov ebx, r12d mov esi, 3 cmovz ebx, esi call cs:GetMenu mov r8d, ebx ; uEnable mov rcx, rax ; hMenu mov edx, 9C69h ; uIDEnableItem mov rdi, rax call cs:EnableMenuItem mov r8d, ebx ; uEnable mov edx, 9C6Ah ; uIDEnableItem mov rcx, rdi ; hMenu call cs:EnableMenuItem mov r8d, ebx ; uEnable mov edx, 755Bh ; uIDEnableItem mov rcx, rdi ; hMenu call cs:EnableMenuItem cmp dword ptr [rbp+10h], 1 mov edx, 9C6Dh ; uIDEnableItem cmovz esi, r12d mov rcx, rdi ; hMenu mov r8d, esi ; uEnable call cs:EnableMenuItem mov r11, [rbp+0] mov edx, 1 mov rcx, rbp call qword ptr [r11] loc_1000157E1: mov r12, [rsp+28h+var_8] mov rdi, [rsp+28h+arg_18] mov rsi, [rsp+28h+arg_10] mov rbp, [rsp+28h+arg_8] mov rbx, [rsp+28h+arg_0] add rsp, 28h retn sub_1000156F0 endp byte_1000157FF db 11h dup(0CCh) sub_100015810 proc near arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov eax, [rdx+10h] mov [rsp+28h+arg_10], rbx mov [rsp+28h+arg_18], rdi cmp eax, 0FFFFFF4Fh mov rbx, rdx mov rdi, rcx jz loc_10001591F cmp eax, 0FFFFFF94h jz loc_1000158CA cmp eax, 0FFFFFF9Bh jz short loc_100015875 cmp eax, 0FFFFFFFDh jnz loc_1000159C6 mov rcx, [rcx+8] ; hWnd xor r9d, r9d ; lParam mov edx, 111h ; Msg mov r8d, 418h ; wParam call cs:SendMessageW mov eax, 1 mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100015875: test byte ptr [rdx+28h], 8 jz loc_1000159C6 mov rcx, [rcx+8] ; hDlg mov edx, 41Dh ; nIDDlgItem call cs:GetDlgItem xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov rcx, rax ; hWnd mov edx, 1032h ; Msg call cs:SendMessageW cmp eax, [rdi+3Ch] jz loc_1000159C6 mov rcx, rdi mov [rdi+3Ch], eax call sub_1000156F0 mov eax, 1 mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_1000158CA: movsxd rax, dword ptr [rdx+1Ch] lea rdx, dword_10002D6B8 mov ecx, [rdx+rax*4] cmp cs:dword_10002FEC0, ecx jnz short loc_1000158E8 neg cs:dword_10002D694 jmp short loc_1000158F8 loc_1000158E8: mov cs:dword_10002FEC0, ecx mov cs:dword_10002D694, 0FFFFFFFFh loc_1000158F8: lea rcx, [rdi+18h] call sub_100014AF0 mov r11, [rdi] mov rcx, rdi call qword ptr [r11+30h] mov eax, 1 mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_10001591F: test byte ptr [rdx+18h], 1 jz loc_1000159C6 mov r8, [rdx+40h] movsxd rcx, dword ptr [rdx+20h] lea rdx, dword_10002D6B8 mov edx, [rdx+rcx*4] test edx, edx jz short loc_1000159AE dec edx jz short loc_100015957 dec edx jz short loc_100015951 dec edx jnz short loc_1000159C6 mov r8, [r8+18h] jmp short loc_1000159B2 loc_100015951: mov r8, [r8+10h] jmp short loc_1000159B2 loc_100015957: cmp dword ptr [r8+20h], 0 jz short loc_100015986 movsxd rdx, dword ptr [rbx+38h] mov rcx, [rbx+30h] lea r8, unk_10002F0C0 call sub_100008300 mov eax, 1 mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100015986: movsxd rdx, dword ptr [rbx+38h] mov rcx, [rbx+30h] lea r8, unk_10002F080 call sub_100008300 mov eax, 1 mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_1000159AE: mov r8, [r8+8] loc_1000159B2: movsxd rdx, dword ptr [rbx+38h] mov rcx, [rbx+30h] call sub_100008300 or dword ptr [rbx+18h], 1000h loc_1000159C6: mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] mov eax, 1 add rsp, 28h retn sub_100015810 endp algn_1000159DA: align 20h sub_1000159E0 proc near var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 48h mov [rax+8], rbx mov [rax+10h], rbp mov [rax+18h], rsi mov [rax+20h], rdi mov [rax-8], r12 mov [rax-10h], r13 mov [rax-18h], r14 mov [rax-20h], r15 mov r15, rcx xor edi, edi mov rcx, rdx ; lpString mov rbp, r8 mov r12, rdx lea r13d, [rdi+1] call cs:lstrlenW mov rcx, rbp ; lpString lea ebx, [rax+1] call cs:lstrlenW movsxd rsi, ebx xor ecx, ecx ; uFlags lea rdx, [rsi+rsi] ; uBytes lea r14d, [rax+1] call cs:LocalAlloc test rax, rax mov rbx, rax cmovz r13d, edi test rbp, rbp jz short loc_100015A67 movsxd rdx, r14d xor ecx, ecx ; uFlags add rdx, rdx ; uBytes call cs:LocalAlloc test rax, rax mov rdi, rax jz loc_100015B19 loc_100015A67: test r13d, r13d jz loc_100015B19 mov edx, 18h ; uBytes xor ecx, ecx ; uFlags call cs:LocalAlloc test rax, rax mov r11, rax jz loc_100015B19 cmp rsi, 7FFFFFFFh mov [rax], rbx mov [rax+8], rdi ja short loc_100015AC7 test rsi, rsi jz short loc_100015AC7 sub r12, rbx loc_100015AA1: movzx eax, word ptr [r12+rbx] test ax, ax jz short loc_100015AB9 mov [rbx], ax add rbx, 2 dec rsi jnz short loc_100015AA1 jmp short loc_100015ABE loc_100015AB9: test rsi, rsi jnz short loc_100015AC2 loc_100015ABE: sub rbx, 2 loc_100015AC2: mov word ptr [rbx], 0 loc_100015AC7: test rdi, rdi jz short loc_100015B05 movsxd rcx, r14d cmp rcx, 7FFFFFFFh ja short loc_100015B05 test r14d, r14d jz short loc_100015B05 sub rbp, rdi loc_100015AE0: movzx eax, word ptr [rdi+rbp] test ax, ax jz short loc_100015AF7 mov [rdi], ax add rdi, 2 dec rcx jnz short loc_100015AE0 jmp short loc_100015AFC loc_100015AF7: test rcx, rcx jnz short loc_100015B00 loc_100015AFC: sub rdi, 2 loc_100015B00: mov word ptr [rdi], 0 loc_100015B05: mov rax, [r15+80h] mov [r11+10h], rax mov [r15+80h], r11 jmp short loc_100015B35 loc_100015B19: test rbx, rbx jz short loc_100015B27 mov rcx, rbx ; hMem call cs:LocalFree loc_100015B27: test rdi, rdi jz short loc_100015B35 mov rcx, rdi ; hMem call cs:LocalFree loc_100015B35: mov r15, [rsp+48h+var_20] mov r14, [rsp+48h+var_18] mov r13, [rsp+48h+var_10] mov r12, [rsp+48h+var_8] mov rdi, [rsp+48h+arg_18] mov rsi, [rsp+48h+arg_10] mov rbp, [rsp+48h+arg_8] mov rbx, [rsp+48h+arg_0] add rsp, 48h retn sub_1000159E0 endp algn_100015B62: align 10h ; DWORD __stdcall sub_100015B70(LPVOID) sub_100015B70 proc near push rbx sub rsp, 20h mov rbx, rcx mov rcx, [rcx+10h] ; hHandle mov edx, 0FFFFFFFFh ; dwMilliseconds call cs:WaitForSingleObject cmp dword ptr [rbx+20h], 0 jnz short loc_100015BBF db 66h nop loc_100015B90: ; lParam mov rdx, [rbx+8] mov rcx, [rbx] ; lpEnumFunc call cs:EnumWindowStationsW mov rcx, [rbx+18h] ; hEvent mov [rbx+24h], eax call cs:SetEvent mov rcx, [rbx+10h] ; hHandle mov edx, 0FFFFFFFFh ; dwMilliseconds call cs:WaitForSingleObject cmp dword ptr [rbx+20h], 0 jz short loc_100015B90 loc_100015BBF: ; hEvent mov rcx, [rbx+18h] call cs:SetEvent xor eax, eax add rsp, 20h pop rbx retn sub_100015B70 endp algn_100015BD1: align 20h sub_100015BE0 proc near mov r11, rsp sub rsp, 78h cmp dword ptr [rcx+20h], 0 mov [r11+8], rbx mov rbx, rcx jnz loc_100015EB7 xor eax, eax sub_100015BE0 endp ; sp-analysis failed sub_100015BFA proc near arg_18= dword ptr 20h arg_20= qword ptr 28h arg_28= byte ptr 30h arg_30= byte ptr 38h mov [r11-18h], r14 xor r14d, r14d cmp [rcx+68h], r14 mov [r11-40h], rax mov [r11-38h], rax mov [r11-30h], rax mov [r11-28h], rax mov [r11-20h], rax mov rax, [rcx+18h] mov [r11-20h], rcx mov [r11-38h], r14 mov [r11-40h], rax mov rax, cs:qword_100030190 mov [r11-30h], r14 mov [r11-28h], rax jnz short loc_100015C57 xor r9d, r9d ; lpName xor r8d, r8d ; bInitialState xor edx, edx ; bManualReset xor ecx, ecx ; lpEventAttributes call cs:CreateEventW test rax, rax mov [rbx+68h], rax jz sub_100015E7E loc_100015C57: cmp [rbx+70h], r14 jnz short loc_100015C7A xor r9d, r9d ; lpName xor r8d, r8d ; bInitialState xor edx, edx ; bManualReset xor ecx, ecx ; lpEventAttributes call cs:CreateEventW test rax, rax mov [rbx+70h], rax jz sub_100015E7E loc_100015C7A: cmp [rbx+78h], r14 lea rax, sub_1000161B0 lea r9, [rbx+40h] ; lpParameter mov [r9], rax lea rax, [rsp+arg_30] mov [rbx+60h], r14d mov [rbx+48h], rax mov rax, [rbx+68h] mov [rbx+50h], rax mov rax, [rbx+70h] mov [rbx+58h], rax jnz short loc_100015CD8 lea rax, [rsp+arg_28] lea r8, sub_100015B70 ; lpStartAddress xor edx, edx ; dwStackSize mov [rsp+arg_20], rax xor ecx, ecx ; lpThreadAttributes mov [rsp+arg_18], r14d call cs:CreateThread test rax, rax mov [rbx+78h], rax jz sub_100015E7E loc_100015CD8: ; hEvent mov rcx, [rbx+68h] call cs:SetEvent mov rcx, [rbx+70h] ; hHandle mov edx, 0FFFFFFFFh ; dwMilliseconds call cs:WaitForSingleObject cmp [rbx+64h], r14d jz sub_100015E7E mov rax, [rbx+18h] sub_100015BFA endp ; sp-analysis failed sub_100015CFF proc near arg_68= qword ptr 70h mov [rsp+arg_68], r12 mov r12d, r14d cmp [rax+10h], r14d jle sub_100015E71 sub_100015CFF endp ; sp-analysis failed sub_100015D11 proc near arg_60= qword ptr 68h arg_80= qword ptr 88h arg_88= qword ptr 90h arg_90= qword ptr 98h mov [rsp+arg_60], r13 mov [rsp+arg_80], rbp mov [rsp+arg_88], rsi mov [rsp+arg_90], rdi mov r13, r14 loc_100015D31: mov rax, [rbx+18h] mov rcx, [rax+8] mov rax, cs:qword_100030190 mov rdi, [r13+rcx+0] cmp [rdi+28h], rax jz loc_100015E3F mov rcx, [rdi+8] ; hMem mov ebp, [rdi+40h] mov esi, [rdi+30h] test rcx, rcx jz short loc_100015D64 call cs:LocalFree loc_100015D64: ; hMem mov rcx, [rdi+10h] test rcx, rcx jz short loc_100015D73 call cs:LocalFree loc_100015D73: ; hMem mov rcx, [rdi+18h] test rcx, rcx jz short loc_100015D82 call cs:LocalFree loc_100015D82: ; hMem mov rcx, rdi call cs:LocalFree mov rdi, [rbx+18h] mov eax, [rdi+10h] sub eax, r12d dec eax test eax, eax jle short loc_100015DBE mov r9, [rdi+8] movsxd r8, eax lea eax, [r12+1] movsxd rcx, eax movsxd rax, r12d shl r8, 3 ; size_t lea rdx, [r9+rcx*8] ; void * lea rcx, [r9+rax*8] ; void * call memmove loc_100015DBE: dec dword ptr [rdi+10h] test esi, esi jle short loc_100015DD1 mov rcx, [rbx+28h] ; himl mov edx, esi ; i call cs:ImageList_Remove loc_100015DD1: test ebp, ebp jle short loc_100015DE1 mov rcx, [rbx+30h] ; himl mov edx, ebp ; i call cs:ImageList_Remove loc_100015DE1: mov rax, [rbx+18h] mov r8d, r14d cmp [rax+10h], r14d jle short loc_100015E46 mov r9, r14 db 66h, 66h nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_100015E00: test ebp, ebp mov rax, [rbx+18h] mov rcx, [rax+8] mov rdx, [r9+rcx] jz short loc_100015E1C mov eax, [rdx+40h] cmp eax, ebp jle short loc_100015E1C dec eax mov [rdx+40h], eax loc_100015E1C: test esi, esi jz short loc_100015E2C mov eax, [rdx+30h] cmp eax, esi jle short loc_100015E2C dec eax mov [rdx+30h], eax loc_100015E2C: mov rax, [rbx+18h] inc r8d add r9, 8 cmp r8d, [rax+10h] jl short loc_100015E00 jmp short loc_100015E46 loc_100015E3F: inc r12d add r13, 8 loc_100015E46: mov rax, [rbx+18h] cmp r12d, [rax+10h] jl loc_100015D31 mov r13, [rsp+arg_60] mov rdi, [rsp+arg_90] mov rsi, [rsp+arg_88] mov rbp, [rsp+arg_80] sub_100015D11 endp ; sp-analysis failed sub_100015E71 proc near arg_68= qword ptr 70h mov rcx, rbx call sub_100014D50 mov r12, [rsp+arg_68] sub_100015E71 endp ; sp-analysis failed sub_100015E7E proc near arg_38= qword ptr 40h arg_58= qword ptr 60h mov rcx, [rsp+arg_38] mov r14, [rsp+arg_58] test rcx, rcx jz short loc_100015E93 sub_100015E7E endp ; sp-analysis failed sub_100015E8D proc near hMem= qword ptr 48h arg_78= qword ptr 80h call cs:LocalFree loc_100015E93: ; hMem mov rcx, [rsp+hMem] test rcx, rcx jz short loc_100015EA3 call cs:LocalFree loc_100015EA3: mov rax, [rbx+18h] inc cs:qword_100030190 mov ecx, [rax+10h] mov cs:dword_10002FEBC, ecx loc_100015EB7: mov rbx, [rsp+arg_78] add rsp, 78h retn sub_100015E8D endp ; sp-analysis failed algn_100015EC4: align 10h sub_100015ED0 proc near var_58= dword ptr -58h var_50= dword ptr -50h var_48= qword ptr -48h var_30= qword ptr -30h var_28= qword ptr -28h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 lpString= qword ptr 28h arg_28= qword ptr 30h arg_30= dword ptr 38h sub rsp, 78h mov rax, [rsp+78h+arg_28] mov [rsp+78h+var_8], rbx mov [rsp+78h+var_10], rbp mov [rsp+78h+var_18], rsi mov [rsp+78h+var_20], rdi mov [rsp+78h+var_28], r12 mov [rsp+78h+var_30], r13 mov r13d, [rsp+78h+arg_30] mov rdi, r9 test r13d, r13d mov rsi, r8 mov r12, rdx mov rbx, rcx mov [rcx+28h], rax jz short loc_100015F28 mov rcx, [rcx+10h] ; lpString1 mov rdx, r9 ; lpString2 call cs:lstrcmpW test eax, eax jz short loc_100015F9C loc_100015F28: ; hMem mov rcx, [rbx+10h] test rcx, rcx jz short loc_100015F37 call cs:LocalFree loc_100015F37: ; lpString mov rcx, rdi call cs:lstrlenW xor ecx, ecx ; uFlags inc eax mov ebp, eax lea rdx, [rax+rax] ; uBytes call cs:LocalAlloc test rax, rax mov [rbx+10h], rax jz loc_100016073 cmp rbp, 7FFFFFFFh ja short loc_100015F98 test rbp, rbp jz short loc_100015F98 db 66h nop db 66h, 66h nop loc_100015F70: movzx ecx, word ptr [rdi] test cx, cx jz short loc_100015F8A mov [rax], cx add rax, 2 add rdi, 2 dec rbp jnz short loc_100015F70 jmp short loc_100015F8F loc_100015F8A: test rbp, rbp jnz short loc_100015F93 loc_100015F8F: sub rax, 2 loc_100015F93: mov word ptr [rax], 0 loc_100015F98: or dword ptr [rbx+50h], 8 loc_100015F9C: test r13d, r13d mov rdi, [rsp+78h+lpString] jz short loc_100015FBA mov rcx, [rbx+18h] ; lpString1 mov rdx, rdi ; lpString2 call cs:lstrcmpW test eax, eax jz short loc_10001602C loc_100015FBA: ; hMem mov rcx, [rbx+18h] test rcx, rcx jz short loc_100015FC9 call cs:LocalFree loc_100015FC9: ; lpString mov rcx, rdi call cs:lstrlenW xor ecx, ecx ; uFlags inc eax mov ebp, eax lea rdx, [rax+rax] ; uBytes call cs:LocalAlloc test rax, rax mov [rbx+18h], rax jz loc_100016073 cmp rbp, 7FFFFFFFh ja short loc_100016028 test rbp, rbp jz short loc_100016028 db 66h, 66h nop loc_100016000: movzx ecx, word ptr [rdi] test cx, cx jz short loc_10001601A mov [rax], cx add rax, 2 add rdi, 2 dec rbp jnz short loc_100016000 jmp short loc_10001601F loc_10001601A: test rbp, rbp jnz short loc_100016023 loc_10001601F: sub rax, 2 loc_100016023: mov word ptr [rax], 0 loc_100016028: or dword ptr [rbx+50h], 10h loc_10001602C: test r13d, r13d jz short loc_100016042 mov rcx, [rbx+8] ; lpString1 mov rdx, rsi ; lpString2 call cs:lstrcmpW test eax, eax jz short loc_1000160BC loc_100016042: ; hMem mov rcx, [rbx+8] test rcx, rcx jz short loc_100016051 call cs:LocalFree loc_100016051: ; lpString mov rcx, rsi call cs:lstrlenW xor ecx, ecx ; uFlags inc eax mov edi, eax lea rdx, [rax+rax] ; uBytes call cs:LocalAlloc test rax, rax mov [rbx+8], rax jnz short loc_10001607D loc_100016073: mov eax, 8007000Eh jmp loc_100016180 loc_10001607D: cmp rdi, 7FFFFFFFh ja short loc_1000160B8 test rdi, rdi jz short loc_1000160B8 db 66h nop db 66h, 66h nop loc_100016090: movzx ecx, word ptr [rsi] test cx, cx jz short loc_1000160AA mov [rax], cx add rax, 2 add rsi, 2 dec rdi jnz short loc_100016090 jmp short loc_1000160AF loc_1000160AA: test rdi, rdi jnz short loc_1000160B3 loc_1000160AF: sub rax, 2 loc_1000160B3: mov word ptr [rax], 0 loc_1000160B8: or dword ptr [rbx+50h], 2 loc_1000160BC: ; hwnd mov rcx, r12 call cs:IsHungAppWindow cmp eax, [rbx+20h] jz short loc_1000160D1 or dword ptr [rbx+50h], 4 mov [rbx+20h], eax loc_1000160D1: cmp [rbx], r12 jz short loc_1000160DD or dword ptr [rbx+50h], 1 mov [rbx], r12 loc_1000160DD: test r13d, r13d jnz loc_10001617E xor eax, eax lea rdi, [rbx+38h] add rbx, 48h mov [rsp+78h+var_48], rdi lea edx, [rax+7Fh] ; Msg xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov rcx, r12 ; hWnd mov [rsp+78h+var_50], 64h mov [rdi], rax mov [rbx], rax mov [rsp+78h+var_58], 3 call cs:SendMessageTimeoutW test rax, rax jz short loc_100016128 cmp qword ptr [rdi], 0 jnz short loc_100016139 loc_100016128: ; nIndex mov edx, 0FFFFFFDEh mov rcx, r12 ; hWnd call cs:GetClassLongPtrW mov [rdi], rax loc_100016139: ; lParam xor r9d, r9d mov [rsp+78h+var_48], rbx mov rcx, r12 ; hWnd lea edx, [r9+7Fh] ; Msg lea r8d, [r9+1] ; wParam mov [rsp+78h+var_50], 64h mov [rsp+78h+var_58], 3 call cs:SendMessageTimeoutW test rax, rax jz short loc_10001616D cmp qword ptr [rbx], 0 jnz short loc_10001617E loc_10001616D: ; nIndex mov edx, 0FFFFFFF2h mov rcx, r12 ; hWnd call cs:GetClassLongPtrW mov [rbx], rax loc_10001617E: xor eax, eax loc_100016180: mov r13, [rsp+78h+var_30] mov r12, [rsp+78h+var_28] mov rdi, [rsp+78h+var_20] mov rsi, [rsp+78h+var_18] mov rbp, [rsp+78h+var_10] mov rbx, [rsp+78h+var_8] add rsp, 78h retn sub_100015ED0 endp algn_1000161A3: align 10h ; int __fastcall sub_1000161B0(LPCWSTR lpString, LPARAM lParam, __int64, __int64, __int64, __int64) sub_1000161B0 proc near var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov rax, [rdx+20h] mov [rsp+28h+arg_0], rbx mov [rsp+28h+arg_8], rbp mov rbx, [rax+80h] mov [rsp+28h+arg_10], rsi mov rbp, rdx test rbx, rbx mov rsi, rcx jz short loc_100016200 db 66h, 66h nop db 66h, 66h, 66h nop loc_1000161E0: cmp qword ptr [rbx+8], 0 jnz short loc_1000161F7 mov rcx, [rbx] ; lpString1 mov rdx, rsi ; lpString2 call cs:lstrcmpW test eax, eax jz short loc_100016233 loc_1000161F7: mov rbx, [rbx+10h] test rbx, rbx jnz short loc_1000161E0 loc_100016200: ; fInherit xor edx, edx mov rcx, rsi ; lpszWinSta loc_100016205: mov [rsp+28h+arg_18], rdi lea r8d, [rdx+1] ; dwDesiredAccess call cs:OpenWindowStationW test rax, rax mov rdi, rax jnz short loc_10001624C mov rcx, [rbp+20h] xor r8d, r8d mov rdx, rsi call sub_1000159E0 lea eax, [rdi+1] jmp loc_10001632F loc_100016233: mov eax, 1 mov rsi, [rsp+28h+arg_10] mov rbp, [rsp+28h+arg_8] mov rbx, [rsp+28h+arg_0] add rsp, 28h retn loc_10001624C: call cs:GetProcessWindowStation mov rcx, rdi ; hWinSta mov rbx, rax call cs:SetProcessWindowStation test eax, eax jnz short loc_100016292 call cs:GetLastError mov rcx, rbx ; hWinSta call cs:SetProcessWindowStation mov rcx, rdi ; hWinSta call cs:CloseWindowStation cmp rdi, rbx jz short loc_100016288 mov rcx, rbx ; hWinSta call cs:CloseWindowStation loc_100016288: mov eax, 1 jmp loc_10001632F loc_100016292: ; hMem mov rcx, [rbp+8] test rcx, rcx jz short loc_1000162A1 call cs:LocalFree loc_1000162A1: ; lpString mov rcx, rsi loc_1000162A4: mov [rsp+28h+var_8], r12 call cs:lstrlenW xor ecx, ecx ; uFlags inc eax mov r12d, eax lea rdx, [rax+rax] ; uBytes call cs:LocalAlloc test rax, rax mov [rbp+8], rax jnz short loc_1000162ED cmp rdi, rbx jz short loc_1000162E0 mov rcx, rbx ; hWinSta call cs:SetProcessWindowStation mov rcx, rdi ; hWinSta call cs:CloseWindowStation loc_1000162E0: ; hWinSta mov rcx, rbx call cs:CloseWindowStation xor eax, eax jmp short loc_10001632A loc_1000162ED: mov r8, rsi mov rdx, r12 mov rcx, rax call sub_100008300 lea rdx, EnumFunc ; lpEnumFunc mov r8, rbp ; lParam mov rcx, rdi ; hwinsta call cs:EnumDesktopsW cmp rdi, rbx jz short loc_100016325 mov rcx, rbx ; hWinSta call cs:SetProcessWindowStation mov rcx, rdi ; hWinSta call cs:CloseWindowStation loc_100016325: mov eax, 1 loc_10001632A: mov r12, [rsp+28h+var_8] loc_10001632F: mov rdi, [rsp+28h+arg_18] mov rsi, [rsp+28h+arg_10] mov rbp, [rsp+28h+arg_8] mov rbx, [rsp+28h+arg_0] add rsp, 28h retn sub_1000161B0 endp algn_100016348: align 10h ; BOOL __stdcall EnumFunc(LPWSTR, LPARAM) EnumFunc proc near var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov rax, [rdx+20h] mov [rsp+28h+arg_0], rbx mov [rsp+28h+arg_8], rbp mov rbx, [rax+80h] mov [rsp+28h+arg_10], rsi mov [rsp+28h+arg_18], rdi test rbx, rbx mov rdi, [rdx+8] mov rbp, rdx mov rsi, rcx jz short loc_1000163D8 loc_100016382: test rsi, rsi jnz short loc_1000163A3 cmp [rbx+8], rsi jnz short loc_1000163CF mov rcx, [rbx] ; lpString1 mov rdx, rdi ; lpString2 call cs:lstrcmpW test eax, eax jz loc_100016463 jmp short loc_1000163CF loc_1000163A3: cmp qword ptr [rbx+8], 0 jz short loc_1000163CF mov rcx, [rbx] ; lpString1 mov rdx, rdi ; lpString2 call cs:lstrcmpW test eax, eax jnz short loc_1000163CF mov rcx, [rbx+8] ; lpString1 mov rdx, rsi ; lpString2 call cs:lstrcmpW test eax, eax jz loc_100016463 loc_1000163CF: mov rbx, [rbx+10h] test rbx, rbx jnz short loc_100016382 loc_1000163D8: ; dwDesiredAccess mov r9d, 1 xor r8d, r8d ; fInherit xor edx, edx ; dwFlags mov rcx, rsi ; lpszDesktop call cs:OpenDesktopW test rax, rax mov rdi, rax jnz short loc_10001640C mov rdx, [rbp+8] mov rcx, [rbp+20h] mov r8, rsi call sub_1000159E0 lea eax, [rdi+1] jmp loc_100016540 loc_10001640C: call cs:GetCurrentThreadId mov ecx, eax ; dwThreadId call cs:GetThreadDesktop mov rcx, rdi ; hDesktop mov rbx, rax call cs:SetThreadDesktop test eax, eax jnz short loc_10001646D call cs:GetLastError mov rcx, rbx ; hDesktop call cs:SetThreadDesktop mov r11, cs:qword_10002F3B0 cmp r11, rdi jz short loc_100016455 mov rcx, rdi ; hDesktop call cs:CloseDesktop mov r11, cs:qword_10002F3B0 loc_100016455: cmp r11, rbx jz short loc_100016463 mov rcx, rbx ; hDesktop call cs:CloseDesktop loc_100016463: mov eax, 1 jmp loc_100016540 loc_10001646D: ; hMem mov rcx, [rbp+10h] test rcx, rcx jz short loc_10001647C call cs:LocalFree loc_10001647C: ; lpString mov rcx, rsi loc_10001647F: mov [rsp+28h+var_8], r12 call cs:lstrlenW xor ecx, ecx ; uFlags inc eax mov r12d, eax lea rdx, [rax+rax] ; uBytes call cs:LocalAlloc test rax, rax mov [rbp+10h], rax jnz short loc_1000164E0 cmp rdi, rbx jz short loc_1000164B2 mov rcx, rbx ; hDesktop call cs:SetThreadDesktop loc_1000164B2: mov rax, cs:qword_10002F3B0 cmp rax, rdi jz short loc_1000164CE mov rcx, rdi ; hDesktop call cs:CloseDesktop mov rax, cs:qword_10002F3B0 loc_1000164CE: cmp rax, rbx jz short loc_1000164DC mov rcx, rbx ; hDesktop call cs:CloseDesktop loc_1000164DC: xor eax, eax jmp short loc_10001653B loc_1000164E0: mov r8, rsi mov rdx, r12 mov rcx, rax call sub_100008300 lea rcx, sub_100016560 ; lpEnumFunc mov rdx, rbp ; lParam call cs:EnumWindows cmp rdi, rbx jz short loc_10001650C mov rcx, rbx ; hDesktop call cs:SetThreadDesktop loc_10001650C: mov rax, cs:qword_10002F3B0 cmp rax, rdi jz short loc_100016528 mov rcx, rdi ; hDesktop call cs:CloseDesktop mov rax, cs:qword_10002F3B0 loc_100016528: cmp rax, rbx jz short loc_100016536 mov rcx, rbx ; hDesktop call cs:CloseDesktop loc_100016536: mov eax, 1 loc_10001653B: mov r12, [rsp+28h+var_8] loc_100016540: mov rdi, [rsp+28h+arg_18] mov rsi, [rsp+28h+arg_10] mov rbp, [rsp+28h+arg_8] mov rbx, [rsp+28h+arg_0] add rsp, 28h retn EnumFunc endp algn_100016559: align 20h ; BOOL __stdcall sub_100016560(HWND, LPARAM) sub_100016560 proc near var_258= qword ptr -258h var_250= qword ptr -250h var_248= dword ptr -248h String1= word ptr -238h var_28= qword ptr -28h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_10= qword ptr 18h arg_18= qword ptr 20h mov r11, rsp sub rsp, 278h mov rax, cs:qword_10002C178 mov [rsp+278h+var_28], rax mov rax, [rdx] mov [r11+20h], rbp mov [r11-8], rsi mov ebp, [rax+10h] mov [r11-18h], r12 mov r12, rdx mov edx, 4 ; uCmd mov rsi, rcx call cs:GetWindow test rax, rax jnz loc_1000167CA mov rcx, rsi ; hWnd call cs:IsWindowVisible test eax, eax jz loc_1000167CA lea rdx, [rsp+278h+String1] ; lpString mov r8d, 104h ; nMaxCount mov rcx, rsi ; hWnd call cs:InternalGetWindowText test eax, eax jz loc_1000167CA cmp [rsp+278h+String1], 0 jz loc_1000167CA cmp rsi, cs:hWnd jz loc_1000167CA lea rdx, qword_100003B10+8 ; lpString2 lea rcx, [rsp+278h+String1] ; lpString1 call cs:lstrcmpiW test eax, eax jz loc_1000167CA loc_100016605: mov [rsp+278h+arg_10], rbx xor ebx, ebx test ebp, ebp mov [rsp+278h+var_10], rdi jz short loc_100016681 mov rax, [r12] mov rcx, [rax+8] loc_100016623: mov rdi, [rcx] cmp [rdi], rsi jz short loc_100016637 inc ebx add rcx, 8 cmp ebx, ebp jb short loc_100016623 jmp short loc_100016681 loc_100016637: mov rax, [r12+18h] mov r9, [r12+8] mov [rsp+278h+var_248], 1 mov [rsp+278h+var_250], rax mov rax, [r12+10h] lea r8, [rsp+278h+String1] mov rdx, rsi mov rcx, rdi mov [rsp+278h+var_258], rax call sub_100015ED0 test eax, eax js loc_1000167C3 cmp ebx, ebp mov rax, [r12+18h] mov [rdi+28h], rax jb loc_100016710 loc_100016681: ; uBytes mov edx, 58h lea ecx, [rdx-18h] ; uFlags call cs:LocalAlloc test rax, rax mov rbx, rax jz loc_1000167C3 xor edx, edx ; int mov rcx, rax ; void * lea r8d, [rdx+58h] ; size_t call memset mov rax, [r12+18h] mov r9, [r12+8] mov [rsp+278h+var_248], 0 mov [rsp+278h+var_250], rax mov rax, [r12+10h] lea r8, [rsp+278h+String1] mov rdx, rsi mov rcx, rbx mov [rsp+278h+var_258], rax call sub_100015ED0 test eax, eax js loc_1000167B6 mov r8, [rbx+48h] test r8, r8 jnz short loc_100016752 cmp [rbx+38h], r8 jnz short loc_100016752 mov [rbx+40h], r8d mov [rbx+30h], r8d loc_1000166F9: mov rcx, [r12] xor r8d, r8d mov rdx, rbx call sub_100014640 test eax, eax jz loc_1000167B6 loc_100016710: mov eax, 1 loc_100016715: mov rbx, [rsp+278h+arg_10] mov rdi, [rsp+278h+var_10] loc_100016725: mov r12, [rsp+278h+var_18] mov rsi, [rsp+278h+var_8] mov rbp, [rsp+278h+arg_18] mov rcx, [rsp+278h+var_28] call sub_1000258D0 add rsp, 278h retn loc_100016752: test r8, r8 jnz short loc_10001675B mov r8, [rbx+38h] ; hicon loc_10001675B: mov rcx, [r12+20h] mov edx, 0FFFFFFFFh ; i mov rcx, [rcx+30h] ; himl call cs:ImageList_ReplaceIcon cmp eax, 0FFFFFFFFh mov [rbx+40h], eax jz short loc_1000167B6 mov r8, [rbx+38h] test r8, r8 jnz short loc_100016784 mov r8, [rbx+48h] ; hicon loc_100016784: mov rcx, [r12+20h] mov edx, 0FFFFFFFFh ; i mov rcx, [rcx+28h] ; himl call cs:ImageList_ReplaceIcon cmp eax, 0FFFFFFFFh mov [rbx+30h], eax jnz loc_1000166F9 mov rcx, [r12+20h] mov edx, [rbx+40h] ; i mov rcx, [rcx+30h] ; himl call cs:ImageList_Remove loc_1000167B6: mov edx, 1 mov rcx, rbx ; hMem call sub_100014D00 loc_1000167C3: xor eax, eax jmp loc_100016715 loc_1000167CA: mov eax, 1 jmp loc_100016725 sub_100016560 endp algn_1000167D4: align 20h sub_1000167E0 proc near var_88= dword ptr -88h var_80= dword ptr -80h var_78= dword ptr -78h var_70= dword ptr -70h Rect= tagRECT ptr -68h Points= tagPOINT ptr -58h var_48= dword ptr -48h var_44= dword ptr -44h var_30= dword ptr -30h var_2C= dword ptr -2Ch var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 0A8h mov [rax+18h], rsi mov rsi, rcx mov rcx, [rcx+8] ; hWnd lea rdx, [rax-38h] ; lpRect mov [rax-8], r12 call cs:GetClientRect mov ecx, 4 ; nNumWindows call cs:BeginDeferWindowPos test rax, rax mov r12, rax jz loc_100016A0A mov rcx, [rsi+8] ; hDlg loc_10001681E: mov [rsp+0A8h+arg_0], rbx mov [rsp+0A8h+arg_18], rdi mov [rsp+0A8h+var_10], r13 mov edx, 9C41h ; nIDDlgItem mov [rsp+0A8h+var_18], r14 mov [rsp+0A8h+var_20], r15 call cs:GetDlgItem lea rdx, [rsp+0A8h+Rect] ; lpRect mov rcx, rax ; hWnd call cs:GetWindowRect mov rdx, [rsi+8] ; hWndTo lea r8, [rsp+0A8h+Rect] ; lpPoints mov r9d, 2 ; cPoints xor ecx, ecx ; hWndFrom call cs:MapWindowPoints mov r11d, cs:dword_10002F400 mov r13d, [rsp+0A8h+var_30] mov r14d, [rsp+0A8h+var_2C] mov rcx, [rsi+8] ; hDlg add r11d, r11d sub r13d, r11d sub r14d, r11d mov edx, 41Dh ; nIDDlgItem sub r13d, [rsp+0A8h+Rect.right] sub r14d, [rsp+0A8h+Rect.bottom] call cs:GetDlgItem lea rdx, [rsp+0A8h+Points] ; lpRect mov rcx, rax ; hWnd mov rdi, rax call cs:GetWindowRect mov rdx, [rsi+8] ; hWndTo lea r8, [rsp+0A8h+Points] ; lpPoints mov r9d, 2 ; cPoints xor ecx, ecx ; hWndFrom call cs:MapWindowPoints mov ecx, [rsp+0A8h+Rect.top] mov ebx, [rsp+0A8h+Rect.right] sub ecx, cs:dword_10002F400 sub ebx, [rsp+0A8h+Points.x] mov [rsp+0A8h+var_70], 16h sub ecx, [rsp+0A8h+Points.y] add ebx, r13d xor r15d, r15d add ecx, r14d xor r9d, r9d ; x xor r8d, r8d ; hWndInsertAfter mov [rsp+0A8h+var_78], ecx mov rcx, r12 ; hWinPosInfo mov rdx, rdi ; hWnd mov [rsp+0A8h+var_80], ebx mov [rsp+0A8h+var_88], r15d call cs:DeferWindowPos lea r8d, [r15+1] ; wParam xor r9d, r9d ; lParam mov edx, 101Dh ; Msg mov rcx, rdi ; hWnd call cs:SendMessageW sub ebx, eax test ebx, ebx jle short loc_100016947 movzx r9d, bx ; lParam xor r8d, r8d ; wParam mov edx, 101Eh ; Msg mov rcx, rdi ; hWnd call cs:SendMessageW loc_100016947: mov [rsp+0A8h+arg_8], rbp lea rdi, qword_100002FA8 mov ebp, 3 db 66h nop db 66h, 66h nop loc_100016960: ; nIDDlgItem mov edx, [rdi] mov rcx, [rsi+8] ; hDlg call cs:GetDlgItem lea rdx, [rsp+0A8h+var_48] ; lpRect mov rcx, rax ; hWnd mov rbx, rax call cs:GetWindowRect mov rdx, [rsi+8] ; hWndTo lea r8, [rsp+0A8h+var_48] ; lpPoints mov r9d, 2 ; cPoints xor ecx, ecx ; hWndFrom call cs:MapWindowPoints mov edx, [rsp+0A8h+var_44] mov r9d, [rsp+0A8h+var_48] add edx, r14d mov [rsp+0A8h+var_70], 15h mov [rsp+0A8h+var_78], r15d mov [rsp+0A8h+var_80], r15d mov [rsp+0A8h+var_88], edx add r9d, r13d ; x mov rdx, rbx ; hWnd xor r8d, r8d ; hWndInsertAfter mov rcx, r12 ; hWinPosInfo call cs:DeferWindowPos add rdi, 4 dec rbp jnz short loc_100016960 mov rcx, r12 ; hWinPosInfo call cs:EndDeferWindowPos mov r15, [rsp+0A8h+var_20] mov r14, [rsp+0A8h+var_18] mov r13, [rsp+0A8h+var_10] mov rdi, [rsp+0A8h+arg_18] mov rbp, [rsp+0A8h+arg_8] mov rbx, [rsp+0A8h+arg_0] loc_100016A0A: mov r12, [rsp+0A8h+var_8] mov rsi, [rsp+0A8h+arg_10] add rsp, 0A8h retn sub_1000167E0 endp algn_100016A22: align 10h sub_100016A30 proc near var_48= qword ptr -48h var_40= dword ptr -40h var_38= dword ptr -38h dwProcessId= dword ptr -28h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 68h loc_100016A37: mov [rax+8], rbx mov [rax+10h], rbp mov [rax+18h], rsi mov [rax+20h], rdi mov [rax-8], r12 mov [rax-10h], r13 xor r13d, r13d cmp edx, 9C68h mov ebx, edx mov r12, rcx jg loc_100016BBD cmp ebx, 9C67h jge loc_100016B60 cmp ebx, 41Ah jg short loc_100016AD2 cmp ebx, 41Ah jz loc_100016ED6 ; jumptable 100016BE0 case 5 sub ebx, 413h jz loc_100016D56 ; jumptable 100016BE0 case 1 sub ebx, 5 jz loc_100016C9B ; jumptable 100016BE0 case 3 dec ebx jnz loc_100016F90 ; default ; jumptable 100016BE0 case 2 loc_100016AA0: ; jumptable 100016BE0 case 4 mov rcx, r12 call sub_100015260 test rax, rax mov rdi, rax jz loc_100016F90 ; default ; jumptable 100016BE0 case 2 mov esi, [rax+10h] test esi, esi jnz loc_100016DFB loc_100016ABF: mov r8, [rax] mov edx, 1 mov rcx, rax call qword ptr [r8] jmp loc_100016F90 ; default ; jumptable 100016BE0 case 2 loc_100016AD2: cmp ebx, 755Bh jz short loc_100016B18 cmp ebx, 9C41h jz short loc_100016AFA cmp ebx, 9C4Eh jle loc_100016F90 ; default ; jumptable 100016BE0 case 2 cmp ebx, 9C51h jg loc_100016F90 ; default ; jumptable 100016BE0 case 2 loc_100016AFA: ; hWnd mov rcx, cs:hWnd movzx r8d, bx ; wParam xor r9d, r9d ; lParam mov edx, 111h ; Msg call cs:SendMessageW jmp loc_100016F90 ; default ; jumptable 100016BE0 case 2 loc_100016B18: mov edx, [rcx+3Ch] lea r8, [rsp+68h+dwProcessId] call sub_100015110 mov edi, [rsp+68h+dwProcessId] test rax, rax mov rbx, rax jz short loc_100016B3F mov r8d, edi mov rdx, rax mov rcx, r12 call sub_1000150B0 loc_100016B3F: call cs:GetDesktopWindow mov r9d, edi ; cKids xor r8d, r8d ; lpRect xor edx, edx ; wHow mov rcx, rax ; hwndParent mov [rsp+68h+var_48], rbx call cs:TileWindows jmp loc_100016DEA loc_100016B60: mov edx, [rcx+3Ch] lea r8, [rsp+68h+dwProcessId] call sub_100015110 test rax, rax mov rdi, rax jz loc_100016F90 ; default ; jumptable 100016BE0 case 2 mov ecx, [rsp+68h+dwProcessId] test ecx, ecx jz short loc_100016BB5 mov rsi, rax mov rbp, rcx loc_100016B87: cmp ebx, 416h jz short loc_100016B9E cmp ebx, 9C67h jz short loc_100016B9E mov edx, 3 jmp short loc_100016BA3 loc_100016B9E: ; nCmdShow mov edx, 6 loc_100016BA3: ; hWnd mov rcx, [rsi] call cs:ShowWindowAsync add rsi, 8 dec rbp jnz short loc_100016B87 loc_100016BB5: mov rcx, rdi jmp loc_100016F8A loc_100016BBD: add ebx, 0FFFF6397h cmp ebx, 6 ; switch 7 cases ja loc_100016F90 ; default ; jumptable 100016BE0 case 2 lea rdx, __ImageBase movsxd rax, ebx mov ecx, dword ptr ds:(loc_100016FC0 - 100000000h)[rdx+rax*4] add rcx, rdx jmp rcx ; switch jump mov rcx, r12 ; jumptable 100016BE0 case 6 call sub_100015260 test rax, rax mov rbx, rax jz loc_100016F90 ; default ; jumptable 100016BE0 case 2 mov ebp, [rax+10h] test ebp, ebp jz loc_100016ABF lea rdx, ds:0[rbp*8] ; uBytes xor ecx, ecx ; uFlags mov rsi, rbp call cs:LocalAlloc test rax, rax mov rdi, rax jz short loc_100016C4A test ebp, ebp jz short loc_100016C4A mov r8, r13 nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_100016C30: mov rcx, [rbx+8] add r8, 8 dec rsi mov rdx, [r8+rcx-8] mov rax, [rdx] mov [rdi+r8-8], rax jnz short loc_100016C30 loc_100016C4A: mov rax, [rbx] mov edx, 1 mov rcx, rbx call qword ptr [rax] test rdi, rdi jz loc_100016F90 ; default ; jumptable 100016BE0 case 2 mov rcx, [rdi] ; hWnd lea rdx, [rsp+68h+dwProcessId] ; lpdwProcessId mov [rsp+68h+dwProcessId], r13d call cs:GetWindowThreadProcessId mov ecx, [rsp+68h+dwProcessId] test ecx, ecx jz short loc_100016C93 mov r9, rcx ; lParam mov rcx, cs:hWnd ; hWnd mov r8d, eax ; wParam mov edx, 401h ; Msg call cs:PostMessageW loc_100016C93: mov rcx, rdi jmp loc_100016F8A loc_100016C9B: ; jumptable 100016BE0 case 3 mov edx, [r12+3Ch] lea r8, [rsp+68h+dwProcessId] mov rcx, r12 call sub_100015110 test rax, rax mov rbx, rax jz loc_100016F90 ; default ; jumptable 100016BE0 case 2 mov rcx, [rax] ; hWnd call cs:IsIconic test eax, eax jz short loc_100016CD4 mov rcx, [rbx] ; hWnd mov edx, 9 ; nCmdShow call cs:ShowWindow loc_100016CD4: ; hWnd mov rcx, [rbx] call cs:GetLastActivePopup mov rcx, rax ; hWnd mov rdi, rax call cs:IsWindow test eax, eax jnz short loc_100016CFD xor ecx, ecx ; uType call cs:MessageBeep mov rcx, rbx jmp loc_100016F8A loc_100016CFD: ; nIndex mov edx, 0FFFFFFF0h mov rcx, rdi ; hWnd call cs:GetWindowLongW bt eax, 1Bh jb short loc_100016D46 mov edx, 1 ; fUnknown mov rcx, rdi ; hwnd call cs:SwitchToThisWindow test byte ptr cs:dword_10003015C, 1 jz loc_100016DF3 mov rcx, cs:hWnd ; hWnd mov edx, 6 ; nCmdShow call cs:ShowWindow mov rcx, rbx jmp loc_100016F8A loc_100016D46: ; uType xor ecx, ecx call cs:MessageBeep mov rcx, rbx jmp loc_100016F8A loc_100016D56: ; jumptable 100016BE0 case 1 mov edx, [r12+3Ch] lea r8, [rsp+68h+dwProcessId] mov rcx, r12 call sub_100015110 mov edi, [rsp+68h+dwProcessId] test rax, rax mov rbx, rax jz short loc_100016D82 mov r8d, edi mov rdx, rax mov rcx, r12 call sub_1000150B0 loc_100016D82: call cs:GetDesktopWindow xor r8d, r8d ; lpRect mov r9d, edi ; cKids lea edx, [r8+1] ; wHow mov rcx, rax ; hwndParent mov [rsp+68h+var_48], rbx call cs:TileWindows jmp short loc_100016DEA loc_100016DA2: ; jumptable 100016BE0 case 0 mov edx, [r12+3Ch] lea r8, [rsp+68h+dwProcessId] mov rcx, r12 call sub_100015110 mov edi, [rsp+68h+dwProcessId] test rax, rax mov rbx, rax jz short loc_100016DCE mov r8d, edi mov rdx, rax mov rcx, r12 call sub_1000150B0 loc_100016DCE: call cs:GetDesktopWindow mov r9d, edi ; cKids xor r8d, r8d ; lpRect xor edx, edx ; wHow mov rcx, rax ; hwndParent mov [rsp+68h+var_48], rbx call cs:CascadeWindows loc_100016DEA: test rbx, rbx jz loc_100016F90 ; default ; jumptable 100016BE0 case 2 loc_100016DF3: mov rcx, rbx jmp loc_100016F8A loc_100016DFB: ; uBytes lea rdx, ds:0[rsi*8] xor ecx, ecx ; uFlags mov rbp, rsi call cs:LocalAlloc test rax, rax mov rbx, rax jnz short loc_100016E1B mov esi, r13d jmp short loc_100016E4A loc_100016E1B: test esi, esi jz short loc_100016E4A mov rdx, r13 db 66h nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_100016E30: mov rax, [rdi+8] add rdx, 8 dec rbp mov rcx, [rdx+rax-8] mov rax, [rcx] mov [rbx+rdx-8], rax jnz short loc_100016E30 loc_100016E4A: mov rax, [rdi] mov edx, 1 mov rcx, rdi call qword ptr [rax] test rbx, rbx jz loc_100016F90 ; default ; jumptable 100016BE0 case 2 mov r8d, esi mov rdx, rbx mov rcx, r12 call sub_1000150B0 lea r11d, [rsi-1] test r11d, r11d movsxd rdi, r11d js short loc_100016EA9 db 66h, 66h nop db 66h, 66h nop loc_100016E80: ; hWnd mov rcx, [rbx+rdi*8] mov [rsp+68h+var_38], 3 xor r9d, r9d ; Y xor r8d, r8d ; X xor edx, edx ; hWndInsertAfter mov [rsp+68h+var_40], r13d mov dword ptr [rsp+68h+var_48], r13d call cs:SetWindowPos dec rdi jns short loc_100016E80 loc_100016EA9: ; hWnd mov rcx, [rbx] lea rdx, [rsp+68h+dwProcessId] ; lpdwProcessId call cs:GetWindowThreadProcessId test eax, eax jz short loc_100016EC5 mov ecx, [rsp+68h+dwProcessId] ; dwProcessId call cs:AllowSetForegroundWindow loc_100016EC5: ; hWnd mov rcx, [rbx] call cs:SetForegroundWindow mov rcx, rbx jmp loc_100016F8A loc_100016ED6: ; jumptable 100016BE0 case 5 mov rcx, r12 call sub_100015260 test rax, rax mov rbx, rax jz loc_100016F90 ; default ; jumptable 100016BE0 case 2 mov edi, [rax+10h] test edi, edi jz loc_100016ABF lea rdx, ds:0[rdi*8] ; uBytes xor ecx, ecx ; uFlags mov rsi, rdi call cs:LocalAlloc test rax, rax mov rbp, rax jnz short loc_100016F15 mov edi, r13d jmp short loc_100016F3A loc_100016F15: test edi, edi jz short loc_100016F3A mov rdx, r13 db 66h, 66h, 66h nop loc_100016F20: mov rax, [rbx+8] add rdx, 8 dec rsi mov rcx, [rdx+rax-8] mov rax, [rcx] mov [rdx+rbp-8], rax jnz short loc_100016F20 loc_100016F3A: mov rax, [rbx] mov edx, 1 mov rcx, rbx call qword ptr [rax] test rbp, rbp jz short loc_100016F90 ; default ; jumptable 100016BE0 case 2 mov ecx, 11h ; nVirtKey call cs:GetKeyState movsx esi, ax shr esi, 10h and esi, 1 test edi, edi jz short loc_100016F87 mov rbx, rbp db 66h, 66h nop db 66h, 66h nop db 66h, 66h nop loc_100016F70: mov rcx, [rbx] mov r8d, esi xor edx, edx call cs:EndTask add rbx, 8 dec rdi jnz short loc_100016F70 loc_100016F87: ; hMem mov rcx, rbp loc_100016F8A: call cs:LocalFree loc_100016F90: ; default mov rdi, [rsp+68h+arg_18] ; jumptable 100016BE0 case 2 mov rsi, [rsp+68h+arg_10] mov rbp, [rsp+68h+arg_8] mov rbx, [rsp+68h+arg_0] mov [r12+20h], r13d mov r13, [rsp+68h+var_10] mov r12, [rsp+68h+var_8] add rsp, 68h retn sub_100016A30 endp align 20h loc_100016FC0: ; jump table for switch statement mov ds:9000016D5600016Dh, al outsd add [rax], eax wait insb add [rax], eax mov al, ds:0E200016ED600016Ah imul eax, [rcx], 0 byte_100016FDC db 14h dup(0CCh) ; INT_PTR __stdcall sub_100016FF0(HWND, UINT, WPARAM, LPARAM) sub_100016FF0 proc near var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov [rsp+28h+arg_0], rbx mov [rsp+28h+arg_8], rbp mov [rsp+28h+arg_10], rsi mov ebx, edx mov [rsp+28h+arg_18], rdi mov edx, 0FFFFFFEBh ; nIndex mov [rsp+28h+var_8], r12 mov r12, rcx mov rbp, r9 mov rdi, r8 call cs:GetWindowLongPtrW cmp ebx, 0A3h mov rsi, rax jb short loc_100017057 cmp ebx, 0A5h jbe short loc_100017046 cmp ebx, 202h jbe short loc_100017057 cmp ebx, 205h ja short loc_100017057 loc_100017046: mov rcx, cs:hWnd mov r9, rbp mov r8, rdi mov edx, ebx jmp short loc_1000170B0 loc_100017057: cmp ebx, 7Bh ja loc_100017118 cmp ebx, 7Bh jz short loc_1000170DC cmp ebx, 5 jz short loc_1000170C5 cmp ebx, 15h jz short loc_100017097 cmp ebx, 1Ah jz short loc_10001708F cmp ebx, 4Eh jnz loc_100017247 mov rdx, rbp mov rcx, rax call sub_100015810 cdqe jmp loc_100017249 loc_10001708F: mov rcx, rax call sub_100017270 loc_100017097: ; nIDDlgItem mov edx, 41Dh mov rcx, r12 ; hDlg call cs:GetDlgItem mov r9, rbp ; lParam mov r8, rdi ; wParam mov rcx, rax ; hWnd mov edx, ebx ; Msg loc_1000170B0: call cs:SendMessageW mov rax, 1 jmp loc_100017249 loc_1000170C5: mov rcx, rax call sub_1000167E0 mov rax, 1 jmp loc_100017249 loc_1000170DC: ; nIDDlgItem mov edx, 41Dh mov rcx, r12 ; hDlg call cs:GetDlgItem cmp rdi, rax jnz loc_100017247 mov rax, rbp movsx edx, bp mov rcx, rsi shr rax, 10h movsx r8d, ax call sub_100015410 mov rax, 1 jmp loc_100017249 loc_100017118: cmp ebx, 110h jz loc_1000171A8 cmp ebx, 111h jz short loc_100017198 cmp ebx, 11Fh jz short loc_10001717F cmp ebx, 200h jbe loc_100017247 cmp ebx, 202h ja loc_100017247 test byte ptr cs:dword_10003015C, 10h jz loc_100017247 mov rcx, cs:hWnd xor eax, eax cmp ebx, 202h setz al mov r9, rbp mov r8d, 2 lea edx, [rax+0A1h] jmp loc_100017241 loc_10001717F: shr rdi, 10h cmp di, 0FFFFh jnz loc_100017247 xor eax, eax mov [rsi+20h], eax jmp loc_100017247 loc_100017198: movzx edx, di mov rcx, rax call sub_100016A30 jmp loc_100017247 loc_1000171A8: ; dwNewLong mov r8, rbp mov edx, 0FFFFFFEBh ; nIndex mov rcx, r12 ; hWnd call cs:SetWindowLongPtrW mov edx, 41Dh ; nIDDlgItem mov rcx, r12 ; hDlg mov [rbp+8], r12 call cs:GetDlgItem mov r9, [rbp+28h] ; lParam mov rcx, rax ; hWnd mov edx, 1003h ; Msg mov r8d, 1 ; wParam mov rbx, rax call cs:SendMessageW mov edx, 0FFFFFFF0h ; nIndex mov rcx, rbx ; hWnd call cs:GetWindowLongW mov edx, 0FFFFFFF0h ; nIndex mov rcx, rbx ; hWnd or eax, 8 mov r8d, eax ; dwNewLong call cs:SetWindowLongW mov ecx, 1 ; rest call cs:SHRestricted test eax, eax jz short loc_100017230 mov edx, 9C41h ; nIDDlgItem mov rcx, r12 ; hDlg call cs:GetDlgItem xor edx, edx ; bEnable mov rcx, rax ; hWnd call cs:EnableWindow loc_100017230: ; lParam mov r9d, 10000h xor r8d, r8d ; wParam mov edx, 1036h ; Msg mov rcx, rbx ; hWnd loc_100017241: call cs:SendMessageW loc_100017247: xor eax, eax loc_100017249: mov r12, [rsp+28h+var_8] mov rdi, [rsp+28h+arg_18] mov rsi, [rsp+28h+arg_10] mov rbp, [rsp+28h+arg_8] mov rbx, [rsp+28h+arg_0] add rsp, 28h retn sub_100016FF0 endp algn_100017267: align 10h sub_100017270 proc near arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov rax, [rcx+18h] mov [rsp+28h+arg_0], rbx mov [rsp+28h+arg_8], rbp test rax, rax mov ebp, [rcx+20h] mov [rsp+28h+arg_10], rsi mov rsi, rcx mov dword ptr [rcx+20h], 1 jz short loc_100017302 movsxd rax, dword ptr [rax+10h] loc_10001729D: mov [rsp+28h+arg_18], rdi test eax, eax mov rdi, rax jz short loc_1000172FD db 66h, 66h nop db 66h, 66h, 66h nop loc_1000172B0: mov rax, [rsi+18h] mov rcx, [rax+8] mov rbx, [rcx+rdi*8-8] test rbx, rbx jz short loc_1000172F8 mov rcx, [rbx+8] ; hMem test rcx, rcx jz short loc_1000172D1 call cs:LocalFree loc_1000172D1: ; hMem mov rcx, [rbx+10h] test rcx, rcx jz short loc_1000172E0 call cs:LocalFree loc_1000172E0: ; hMem mov rcx, [rbx+18h] test rcx, rcx jz short loc_1000172EF call cs:LocalFree loc_1000172EF: ; hMem mov rcx, rbx call cs:LocalFree loc_1000172F8: dec rdi jnz short loc_1000172B0 loc_1000172FD: mov rdi, [rsp+28h+arg_18] loc_100017302: mov rbx, [rsi+18h] xor edx, edx ; dwFlags mov r8, [rbx+8] ; lpMem mov rcx, [rbx+20h] ; hHeap call cs:HeapFree xor r11d, r11d mov [rbx+8], r11 mov [rbx+14h], r11d mov [rbx+10h], r11d mov rcx, [rsi+30h] ; himl lea edx, [r11-1] ; i mov dword ptr [rsi+38h], 3 call cs:ImageList_Remove mov rcx, [rsi+28h] ; himl mov edx, 0FFFFFFFFh ; i call cs:ImageList_Remove mov ecx, 0Ch ; nIndex call cs:GetSystemMetrics mov ecx, 0Bh ; nIndex mov ebx, eax call cs:GetSystemMetrics mov rcx, [rsi+30h] ; himl mov edx, eax ; cx mov r8d, ebx ; cy call cs:ImageList_SetIconSize mov ecx, 32h ; nIndex call cs:GetSystemMetrics mov ecx, 31h ; nIndex mov ebx, eax call cs:GetSystemMetrics mov rcx, [rsi+28h] ; himl mov edx, eax ; cx mov r8d, ebx ; cy call cs:ImageList_SetIconSize mov rcx, rsi call sub_100017820 mov rax, [rsi] mov rcx, rsi mov [rsi+20h], ebp mov rsi, [rsp+28h+arg_10] mov rbp, [rsp+28h+arg_8] mov rbx, [rsp+28h+arg_0] add rsp, 28h jmp qword ptr [rax+30h] sub_100017270 endp byte_1000173BF db 11h dup(0CCh) loc_1000173D0: mov rcx, cs:hInstance mov r9d, r8d mov r8, rdx mov edx, 2725h jmp cs:LoadStringW align 10h sub_1000173F0 proc near var_28= dword ptr -28h var_20= dword ptr -20h var_18= dword ptr -18h arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 48h loc_1000173F4: mov [rsp+48h+arg_8], rbx loc_1000173F9: mov [rsp+48h+arg_10], rsi mov [rsp+48h+arg_18], rdi mov rdi, rcx mov rcx, [rcx+8] ; hWnd mov edx, 5 ; nCmdShow call cs:ShowWindow mov rcx, [rdi+8] ; hWnd xor eax, eax mov [rsp+48h+var_18], 3 mov [rsp+48h+var_20], eax xor r9d, r9d ; Y xor r8d, r8d ; X xor edx, edx ; hWndInsertAfter mov [rsp+48h+var_28], eax call cs:SetWindowPos mov rcx, cs:hWnd ; hWnd call cs:GetMenu mov rcx, cs:hInstance ; hInstance mov edx, 6Ah ; lpMenuName mov rbx, rax call cs:LoadMenuW mov rcx, rax ; hMenu mov rsi, rax call sub_100005790 test byte ptr cs:dword_10003015C, 10h mov cs:hMenu, rsi jnz short loc_100017486 mov rcx, cs:hWnd ; hWnd mov rdx, rsi ; hMenu call cs:SetMenu loc_100017486: test rbx, rbx mov rsi, [rsp+48h+arg_10] jz short loc_100017499 loc_100017490: ; hMenu mov rcx, rbx call cs:DestroyMenu loc_100017499: call cs:GetFocus mov rbx, [rsp+48h+arg_8] cmp rax, [rdi+10h] jz short loc_1000174C2 loc_1000174AA: ; hDlg mov rcx, [rdi+8] mov edx, 41Dh ; nIDDlgItem call cs:GetDlgItem mov rcx, rax ; hWnd call cs:SetFocus loc_1000174C2: xor eax, eax mov rdi, [rsp+48h+arg_18] add rsp, 48h retn sub_1000173F0 endp algn_1000174CE: align 20h sub_1000174E0 proc near lParam= qword ptr -268h var_260= dword ptr -260h var_258= qword ptr -258h var_24C= dword ptr -24Ch Buffer= word ptr -238h var_28= qword ptr -28h var_10= qword ptr -10h var_8= qword ptr -8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 288h mov rax, cs:qword_10002C178 mov [rsp+288h+var_28], rax mov rcx, [rcx+8] ; hDlg mov edx, 41Dh ; nIDDlgItem mov [rsp+288h+arg_10], rbp call cs:GetDlgItem test rax, rax mov rbp, rax jnz short loc_10001751F mov eax, 8000FFFFh jmp loc_100017633 loc_10001751F: ; lParam xor r9d, r9d xor r8d, r8d ; wParam mov edx, 1009h ; Msg mov rcx, rax ; hWnd call cs:SendMessageW nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_100017540: ; lParam xor r9d, r9d xor r8d, r8d ; wParam mov edx, 101Ch ; Msg mov rcx, rbp ; hWnd call cs:SendMessageW test eax, eax jnz short loc_100017540 loc_100017558: mov [rsp+288h+arg_8], rbx mov [rsp+288h+arg_18], rsi xor esi, esi cmp cs:dword_10002D6B8, esi mov [rsp+288h+var_8], rdi mov [rsp+288h+var_10], r12 jl loc_100017611 lea rax, dword_10002D6B8 lea r12, unk_10002D698 mov rdi, rax db 66h, 66h nop db 66h, 66h nop db 66h, 66h nop loc_1000175A0: movsxd rbx, dword ptr [rax] mov rcx, cs:hInstance ; hInstance lea r8, [rsp+288h+Buffer] ; lpBuffer lea edx, [rbx+5208h] ; uID mov r9d, 104h ; nBufferMax call cs:LoadStringW mov eax, [r12+rbx*8] lea r9, [rsp+288h+lParam] ; lParam mov dword ptr [rsp+288h+lParam+4], eax mov eax, [r12+rbx*8+4] movsxd r8, esi ; wParam mov [rsp+288h+var_260], eax lea rax, [rsp+288h+Buffer] mov edx, 1061h ; Msg mov rcx, rbp ; hWnd mov dword ptr [rsp+288h+lParam], 7 mov [rsp+288h+var_24C], esi mov [rsp+288h+var_258], rax call cs:SendMessageW cmp eax, 0FFFFFFFFh jz short loc_100017650 add rdi, 4 inc esi cmp dword ptr [rdi], 0 mov rax, rdi jge short loc_1000175A0 loc_100017611: xor eax, eax loc_100017613: mov rdi, [rsp+288h+var_8] mov rsi, [rsp+288h+arg_18] mov rbx, [rsp+288h+arg_8] mov r12, [rsp+288h+var_10] loc_100017633: mov rbp, [rsp+288h+arg_10] mov rcx, [rsp+288h+var_28] call sub_1000258D0 add rsp, 288h retn loc_100017650: mov eax, 80004005h jmp short loc_100017613 sub_1000174E0 endp algn_100017657: align 20h sub_100017660 proc near var_18= qword ptr -18h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 38h mov [rsp+38h+arg_0], rbx loc_100017669: mov [rsp+38h+arg_8], rbp mov [rsp+38h+arg_10], rsi mov ebp, 21h mov [rsp+38h+arg_18], rdi mov rdi, rcx mov [rsp+38h+var_8], r12 mov r12, rdx lea edx, [rbp+7] ; uBytes lea ecx, [rbp+1Fh] ; uFlags call cs:LocalAlloc test rax, rax mov rbx, rax jz short loc_1000176C1 call cs:GetProcessHeap xor esi, esi lea rcx, qword_100003B10 mov [rbx+8], rsi mov [rbx+10h], esi mov [rbx+14h], esi mov [rbx], rcx mov [rbx+20h], rax mov [rbx+18h], esi jmp short loc_1000176C6 loc_1000176C1: xor esi, esi mov rbx, rsi loc_1000176C6: test rbx, rbx mov [rdi+18h], rbx jz loc_100017765 cmp cs:dword_10002F43C, 0 mov [rdi+10h], r12 jz short loc_1000176F2 mov rcx, r12 call sub_100024690 mov ecx, 2021h test eax, eax cmovnz ebp, ecx loc_1000176F2: ; nIndex mov ecx, 32h call cs:GetSystemMetrics mov ecx, 31h ; nIndex mov ebx, eax call cs:GetSystemMetrics mov r9d, 1 ; cInitial mov r8d, ebp ; flags mov edx, ebx ; cy mov ecx, eax ; cx mov dword ptr [rsp+38h+var_18], 1 call cs:ImageList_Create test rax, rax mov [rdi+28h], rax jz short loc_100017765 mov ecx, 0Ch ; nIndex call cs:GetSystemMetrics mov ecx, 0Bh ; nIndex mov ebx, eax call cs:GetSystemMetrics mov r9d, 1 ; cInitial mov r8d, ebp ; flags mov edx, ebx ; cy mov ecx, eax ; cx mov dword ptr [rsp+38h+var_18], 1 call cs:ImageList_Create mov [rdi+30h], rax loc_100017765: mov rcx, rdi call sub_100017820 mov r12, [rsp+38h+var_8] mov rbp, [rsp+38h+arg_8] test eax, eax mov ebx, eax js short loc_1000177EB loc_10001777D: ; hWndParent mov r8, cs:hWnd mov rcx, cs:hInstance ; hInstance lea r9, sub_100016FF0 ; lpDialogFunc mov edx, 70h ; lpTemplateName mov [rsp+38h+var_18], rdi call cs:CreateDialogParamW test rax, rax mov [rdi+8], rax jnz short loc_1000177CE call cs:GetLastError test eax, eax jg short loc_1000177BF call cs:GetLastError mov ebx, eax jmp short loc_1000177CE loc_1000177BF: call cs:GetLastError movzx ebx, ax or ebx, 80070000h loc_1000177CE: test ebx, ebx js short loc_1000177EB mov rcx, rdi call sub_1000174E0 test eax, eax mov ebx, eax js short loc_1000177EB mov rax, [rdi] mov rcx, rdi call qword ptr [rax+30h] jmp short loc_1000177FE loc_1000177EB: ; hWnd mov rcx, [rdi+8] test rcx, rcx jz short loc_1000177FA call cs:DestroyWindow loc_1000177FA: mov [rdi+10h], rsi loc_1000177FE: mov rdi, [rsp+38h+arg_18] mov rsi, [rsp+38h+arg_10] mov eax, ebx mov rbx, [rsp+38h+arg_0] add rsp, 38h retn sub_100017660 endp algn_100017814: align 20h sub_100017820 proc near var_18= dword ptr -18h var_10= dword ptr -10h arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 38h mov [rsp+38h+arg_0], rbx mov [rsp+38h+arg_8], rsi mov rsi, rcx mov ecx, 32h ; nIndex call cs:GetSystemMetrics mov ecx, 31h ; nIndex mov ebx, eax call cs:GetSystemMetrics mov rcx, cs:hInstance ; HINSTANCE mov edx, 76h ; LPCWSTR mov r9d, eax ; int mov [rsp+38h+var_10], 0 lea r8d, [rdx-75h] ; UINT mov [rsp+38h+var_18], ebx call cs:LoadImageW test rax, rax mov rbx, rax jnz short loc_1000178B2 call cs:GetLastError test eax, eax jg short loc_100017895 mov rsi, [rsp+38h+arg_8] mov rbx, [rsp+38h+arg_0] add rsp, 38h jmp cs:GetLastError loc_100017895: call cs:GetLastError movzx eax, ax or eax, 80070000h mov rsi, [rsp+38h+arg_8] mov rbx, [rsp+38h+arg_0] add rsp, 38h retn loc_1000178B2: ; himl mov rcx, [rsi+28h] mov r8, rax ; hicon mov edx, 0FFFFFFFFh ; i mov [rsp+38h+arg_10], rdi mov [rsp+38h+arg_18], r12 call cs:ImageList_ReplaceIcon xor edi, edi cmp eax, 0FFFFFFFFh mov r12d, 80004005h mov rcx, rbx ; hIcon cmovz edi, r12d call cs:DestroyIcon mov ecx, 0Ch ; nIndex call cs:GetSystemMetrics mov ecx, 0Bh ; nIndex mov ebx, eax call cs:GetSystemMetrics mov rcx, cs:hInstance ; HINSTANCE mov edx, 76h ; LPCWSTR mov r9d, eax ; int mov [rsp+38h+var_10], 0 lea r8d, [rdx-75h] ; UINT mov [rsp+38h+var_18], ebx call cs:LoadImageW test rax, rax mov rbx, rax jnz short loc_10001794D call cs:GetLastError test eax, eax jg short loc_10001793D call cs:GetLastError jmp short loc_100017971 loc_10001793D: call cs:GetLastError movzx eax, ax or eax, 80070000h jmp short loc_100017971 loc_10001794D: ; himl mov rcx, [rsi+30h] mov r8, rax ; hicon mov edx, 0FFFFFFFFh ; i call cs:ImageList_ReplaceIcon mov rcx, rbx ; hIcon cmp eax, 0FFFFFFFFh cmovz edi, r12d call cs:DestroyIcon mov eax, edi loc_100017971: mov rdi, [rsp+38h+arg_10] mov r12, [rsp+38h+arg_18] mov rsi, [rsp+38h+arg_8] mov rbx, [rsp+38h+arg_0] add rsp, 38h retn sub_100017820 endp algn_10001798A: align 10h sub_100017990 proc near arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov [rsp+28h+arg_10], rbx mov rbx, rcx mov rcx, [rcx+8] ; hWnd mov [rsp+28h+arg_18], rdi xor edi, edi test rcx, rcx jz short loc_1000179B6 call cs:DestroyWindow mov [rbx+8], rdi loc_1000179B6: cmp [rbx+78h], rdi jz short loc_1000179EA mov rcx, [rbx+68h] ; hEvent mov dword ptr [rbx+60h], 1 call cs:SetEvent mov rcx, [rbx+70h] ; hHandle mov edx, 0FFFFFFFFh ; dwMilliseconds call cs:WaitForSingleObject mov rcx, [rbx+78h] ; hObject call cs:CloseHandle mov [rbx+78h], rdi loc_1000179EA: ; hObject mov rcx, [rbx+68h] test rcx, rcx jz short loc_1000179FD call cs:CloseHandle mov [rbx+68h], rdi loc_1000179FD: ; hObject mov rcx, [rbx+70h] test rcx, rcx jz short loc_100017A10 call cs:CloseHandle mov [rbx+70h], rdi loc_100017A10: mov [rbx+28h], rdi mov [rbx+30h], rdi mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] xor eax, eax add rsp, 28h retn sub_100017990 endp algn_100017A29: align 10h sub_100017A30 proc near sub rsp, 28h mov rcx, [rcx+8] ; hWnd test rcx, rcx jz short loc_100017A45 xor edx, edx ; nCmdShow call cs:ShowWindow loc_100017A45: add rsp, 28h retn sub_100017A30 endp algn_100017A4A: align 10h ; DWORD __stdcall sub_100017A50(LPVOID) sub_100017A50 proc near Msg= tagMSG ptr -0BB8h Data= _NOTIFYICONDATAW ptr -0B88h var_A60= dword ptr -0A60h var_A5C= dword ptr -0A5Ch var_7B8= dword ptr -7B8h var_7B0= qword ptr -7B0h var_7A8= dword ptr -7A8h var_7A4= dword ptr -7A4h Buffer= word ptr -790h var_3E8= dword ptr -3E8h var_3E0= qword ptr -3E0h var_3D4= dword ptr -3D4h var_3C8= qword ptr -3C8h var_3C0= byte ptr -3C0h var_2C0= dword ptr -2C0h var_2BC= dword ptr -2BCh var_18= qword ptr -18h var_8= qword ptr -8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 0BD8h mov rax, cs:qword_10002C178 mov [rsp+0BD8h+var_18], rax lea rcx, [rsp+0BD8h+Msg] ; lpMsg xor r9d, r9d ; wMsgFilterMax xor r8d, r8d ; wMsgFilterMin xor edx, edx ; hWnd call cs:GetMessageW test eax, eax jz loc_100017D6D loc_100017A81: mov [rsp+0BD8h+arg_10], rbp mov [rsp+0BD8h+arg_18], rsi mov [rsp+0BD8h+arg_8], rbx mov [rsp+0BD8h+var_8], rdi xor esi, esi lea rbp, qword_10002F2C0 db 66h, 66h nop db 66h, 66h nop loc_100017AB0: mov eax, [rsp+0BD8h+Msg.message] sub eax, 402h jz loc_100017C57 dec eax jz loc_100017B8F dec eax jnz loc_100017D32 lea rcx, [rsp+0BD8h+Data] ; void * xor edx, edx ; int mov r8d, 3C8h ; size_t call memset mov rax, cs:hWnd mov [rsp+0BD8h+Data.cbSize], 3C8h mov [rsp+0BD8h+Data.hWnd], rax mov [rsp+0BD8h+Data.uFlags], 0Bh mov [rsp+0BD8h+var_A60], 1 mov [rsp+0BD8h+var_A5C], 1 mov [rsp+0BD8h+Data.uCallbackMessage], 40Ah mov ebx, esi mov rdi, rbp loc_100017B20: mov eax, ebx lea rdx, [rsp+0BD8h+Data] ; lpData xor ecx, ecx ; dwMessage not eax mov [rsp+0BD8h+Data.uID], eax mov rax, [rdi] mov [rsp+0BD8h+Data.hIcon], rax call cs:Shell_NotifyIconW inc ebx add rdi, 8 cmp ebx, 0Ch jb short loc_100017B20 mov rax, cs:qword_10002F2C0 mov rcx, cs:hInstance ; hInstance lea r8, [rsp+0BD8h+Data.szTip] ; lpBuffer mov r9d, 80h ; nBufferMax mov edx, 2713h ; uID mov [rsp+0BD8h+Data.hIcon], rax mov [rsp+0BD8h+Data.uFlags], 7 mov [rsp+0BD8h+Data.uID], esi call cs:LoadStringW lea rdx, [rsp+0BD8h+Data] ; lpData xor ecx, ecx ; dwMessage call cs:Shell_NotifyIconW jmp loc_100017D32 loc_100017B8F: ; void * lea rcx, [rsp+0BD8h+var_7B8] xor edx, edx ; int mov r8d, 3C8h ; size_t call memset mov rax, cs:hWnd mov [rsp+0BD8h+var_7B8], 3C8h mov [rsp+0BD8h+var_7B0], rax mov ebx, esi loc_100017BC0: mov eax, ebx lea rdx, [rsp+0BD8h+var_7B8] ; lpData mov ecx, 2 ; dwMessage not eax mov [rsp+0BD8h+var_7A8], eax call cs:Shell_NotifyIconW inc ebx cmp ebx, 0Ch jb short loc_100017BC0 mov rcx, cs:hInstance ; hInstance lea r8, [rsp+0BD8h+Buffer] ; lpBuffer mov r9d, 80h ; nBufferMax mov edx, 2713h ; uID call cs:LoadStringW lea rdx, [rsp+0BD8h+var_7B8] ; lpData mov ecx, 1 ; dwMessage mov [rsp+0BD8h+var_7A8], esi mov [rsp+0BD8h+var_7A4], 4 call cs:Shell_NotifyIconW lea rdx, [rsp+0BD8h+var_7B8] ; lpData mov ecx, 2 ; dwMessage mov [rsp+0BD8h+var_7A4], esi call cs:Shell_NotifyIconW xor ecx, ecx ; nExitCode mov cs:idThread, esi call cs:PostQuitMessage jmp loc_100017D32 loc_100017C57: ; void * lea rcx, [rsp+0BD8h+var_3E8] xor edx, edx ; int mov r8d, 3C8h ; size_t call memset mov rax, cs:hWnd mov r8, [rsp+0BD8h+Msg.lParam] test r8, r8 mov [rsp+0BD8h+var_3E0], rax mov eax, dword ptr [rsp+0BD8h+Msg.wParam] mov rax, [rbp+rax*8+0] mov [rsp+0BD8h+var_3E8], 3C8h mov [rsp+0BD8h+var_3D4], 0Ah mov [rsp+0BD8h+var_2BC], 2 mov [rsp+0BD8h+var_2C0], 2 mov [rsp+0BD8h+var_3C8], rax jz short loc_100017D1F lea rcx, [rsp+0BD8h+var_3C0] mov [rsp+0BD8h+var_3D4], 0Eh lea rax, [rsp+0BD8h+var_3C0] sub r8, rcx mov edx, 80h loc_100017CE5: movzx ecx, word ptr [r8+rax] test cx, cx jz short loc_100017CFD mov [rax], cx add rax, 2 dec rdx jnz short loc_100017CE5 jmp short loc_100017D02 loc_100017CFD: test rdx, rdx jnz short loc_100017D06 loc_100017D02: sub rax, 2 loc_100017D06: mov [rax], si call cs:GetProcessHeap mov r8, [rsp+0BD8h+Msg.lParam] ; lpMem mov rcx, rax ; hHeap xor edx, edx ; dwFlags call cs:HeapFree loc_100017D1F: ; lpData lea rdx, [rsp+0BD8h+var_3E8] mov ecx, 1 ; dwMessage call cs:Shell_NotifyIconW loc_100017D32: ; lpMsg lea rcx, [rsp+0BD8h+Msg] xor r9d, r9d ; wMsgFilterMax xor r8d, r8d ; wMsgFilterMin xor edx, edx ; hWnd call cs:GetMessageW test eax, eax jnz loc_100017AB0 mov rdi, [rsp+0BD8h+var_8] mov rsi, [rsp+0BD8h+arg_18] mov rbp, [rsp+0BD8h+arg_10] mov rbx, [rsp+0BD8h+arg_8] loc_100017D6D: xor eax, eax mov rcx, [rsp+0BD8h+var_18] call sub_1000258D0 add rsp, 0BD8h retn sub_100017A50 endp algn_100017D84: align 10h ; int __fastcall sub_100017D90(HWND hWnd, int, int, __int64, __int64, __int64) sub_100017D90 proc near var_38= qword ptr -38h var_30= qword ptr -30h var_28= dword ptr -28h Point= tagPOINT ptr -18h arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 58h sub rdx, 203h mov [rsp+58h+arg_8], rbx mov [rsp+58h+arg_10], rsi mov rsi, rcx jz loc_100017EC3 dec rdx jnz loc_100017EB4 mov rcx, cs:hInstance ; hInstance mov edx, 80h ; lpMenuName call cs:LoadMenuW test rax, rax mov rbx, rax jz loc_100017EB4 xor edx, edx ; nPos mov rcx, rax ; hMenu loc_100017DDA: mov [rsp+58h+arg_18], rdi call cs:GetSubMenu test rax, rax mov rdi, rax jz short loc_100017DFE xor edx, edx ; uPosition mov r8d, 400h ; uFlags mov rcx, rbx ; hMenu call cs:RemoveMenu loc_100017DFE: ; hMenu mov rcx, rbx call cs:DestroyMenu test rdi, rdi jz loc_100017EAF lea rcx, [rsp+58h+Point] ; lpPoint call cs:GetCursorPos mov rcx, cs:hWnd ; hWnd call cs:IsWindowVisible test eax, eax jz short loc_100017E3F xor r8d, r8d ; uFlags mov edx, 9C80h ; uPosition mov rcx, rdi ; hMenu call cs:DeleteMenu jmp short loc_100017E50 loc_100017E3F: ; fByPos xor r8d, r8d mov edx, 9C80h ; uItem mov rcx, rdi ; hMenu call cs:SetMenuDefaultItem loc_100017E50: mov r8d, cs:dword_10003015C mov edx, 9C46h ; uIDCheckItem mov rcx, rdi ; hMenu and r8d, 4 add r8d, r8d ; uCheck call cs:CheckMenuItem mov rcx, rsi ; hWnd call cs:SetForegroundWindow mov r9d, [rsp+58h+Point.y] ; int mov r8d, [rsp+58h+Point.x] ; int xor ebx, ebx xor edx, edx ; UINT mov rcx, rdi ; HMENU mov [rsp+58h+var_30], rbx mov cs:dword_10002F3E4, 1 mov [rsp+58h+var_38], rsi call cs:TrackPopupMenuEx mov rcx, rdi ; hMenu mov cs:dword_10002F3E4, ebx call cs:DestroyMenu loc_100017EAF: mov rdi, [rsp+58h+arg_18] loc_100017EB4: mov rsi, [rsp+58h+arg_10] mov rbx, [rsp+58h+arg_8] add rsp, 58h retn loc_100017EC3: ; hWnd mov rcx, cs:hWnd call cs:OpenIcon mov rcx, cs:hWnd ; hWnd call cs:SetForegroundWindow mov r11d, cs:dword_10003015C mov rcx, cs:hWnd ; hWnd and r11b, 4 mov [rsp+58h+var_28], 3 neg r11b sbb rdx, rdx ; hWndInsertAfter xor ebx, ebx xor r9d, r9d ; Y xor r8d, r8d ; X mov dword ptr [rsp+58h+var_30], ebx mov dword ptr [rsp+58h+var_38], ebx call cs:SetWindowPos mov rsi, [rsp+58h+arg_10] mov rbx, [rsp+58h+arg_8] add rsp, 58h retn sub_100017D90 endp algn_100017F22: align 10h retn 0 align 20h ; INT_PTR __stdcall sub_100017F40(HWND, UINT, WPARAM, LPARAM) sub_100017F40 proc near arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov [rsp+28h+arg_0], rbx mov [rsp+28h+arg_8], rbp mov [rsp+28h+arg_10], rsi mov esi, edx mov edx, 0FFFFFFEBh ; nIndex mov [rsp+28h+arg_18], rdi mov rbp, r9 mov rbx, rcx mov rdi, r8 call cs:GetWindowLongPtrW sub esi, 110h mov rcx, rax jz short loc_100017FC9 dec esi jnz short loc_100017FE7 cmp di, 1 jnz short loc_100017F92 mov r8, [rax] mov rdx, rbx call qword ptr [r8+8] lea edx, [rsi+1] jmp short loc_100017F9D loc_100017F92: cmp di, 2 jnz short loc_100017FB2 mov edx, 2 ; nResult loc_100017F9D: ; hDlg mov rcx, rbx call cs:EndDialog mov rax, 1 jmp short loc_100017FE9 loc_100017FB2: mov r10, [rax] mov r8, rdi movzx r9d, di shr r8, 10h mov rdx, rbx call qword ptr [r10+10h] jmp short loc_100017FE7 loc_100017FC9: ; dwNewLong mov r8, rbp mov edx, 0FFFFFFEBh ; nIndex mov rcx, rbx ; hWnd call cs:SetWindowLongPtrW mov r11, [rbp+0] mov rdx, rbx mov rcx, rbp call qword ptr [r11] loc_100017FE7: xor eax, eax loc_100017FE9: mov rdi, [rsp+28h+arg_18] mov rsi, [rsp+28h+arg_10] mov rbp, [rsp+28h+arg_8] mov rbx, [rsp+28h+arg_0] add rsp, 28h retn sub_100017F40 endp algn_100018002: align 10h ; int __cdecl sub_100018010(int, int, DWORD Type, int, int, int, HKEY hKey) sub_100018010 proc near var_18= qword ptr -18h var_10= qword ptr -10h arg_0= dword ptr 8 Type= dword ptr 10h arg_10= dword ptr 18h hKey= qword ptr 20h push rbx sub rsp, 30h lea rax, qword_100003B10+28h mov rbx, rcx mov word ptr [rcx+8], 0F0h mov [rcx], rax lea rax, [rsp+38h+hKey] mov dword ptr [rcx+10h], 6Ah mov dword ptr [rcx+14h], 2 lea rdx, SubKey ; "Software\\Microsoft\\Windows NT\\CurrentVe"... mov r9d, 20019h ; samDesired xor r8d, r8d ; ulOptions mov rcx, 0FFFFFFFF80000001h ; hKey mov [rsp+38h+var_18], rax call cs:RegOpenKeyExW test eax, eax jnz loc_100018101 mov rcx, [rsp+38h+hKey] ; hKey lea rax, [rsp+38h+arg_0] lea r9, [rsp+38h+Type] ; lpType mov [rsp+38h+var_10], rax lea rax, [rsp+38h+arg_10] lea rdx, qword_100003B10+68h ; lpValueName xor r8d, r8d ; lpReserved mov [rsp+38h+arg_0], 4 mov [rsp+38h+var_18], rax call cs:RegQueryValueExW test eax, eax jnz short loc_1000180AE cmp [rsp+38h+Type], 4 jnz short loc_1000180AE mov eax, [rsp+38h+arg_10] mov [rbx+10h], eax loc_1000180AE: ; hKey mov rcx, [rsp+38h+hKey] lea rax, [rsp+38h+arg_0] lea r9, [rsp+38h+Type] ; lpType mov [rsp+38h+var_10], rax lea rax, [rsp+38h+arg_10] lea rdx, qword_100003B10+40h ; lpValueName xor r8d, r8d ; lpReserved mov [rsp+38h+arg_0], 4 mov [rsp+38h+var_18], rax call cs:RegQueryValueExW test eax, eax jnz short loc_1000180F6 cmp [rsp+38h+Type], 4 jnz short loc_1000180F6 mov eax, [rsp+38h+arg_10] mov [rbx+14h], eax loc_1000180F6: ; hKey mov rcx, [rsp+38h+hKey] call cs:RegCloseKey loc_100018101: mov rax, rbx add rsp, 30h pop rbx retn sub_100018010 endp algn_10001810A: align 10h ; int __cdecl sub_100018110(HKEY hKey) sub_100018110 proc near var_38= qword ptr -38h var_30= dword ptr -30h var_28= qword ptr -28h var_20= qword ptr -20h var_18= qword ptr -18h hKey= qword ptr 8 push rbx sub rsp, 50h mov rbx, rcx lea rax, qword_100003B10+28h lea r9, Class ; "REG_BINARY" mov [rcx], rax xor ecx, ecx lea rax, [rsp+58h+hKey] mov [rsp+58h+var_18], rcx mov [rsp+58h+var_20], rax mov [rsp+58h+var_28], rcx mov [rsp+58h+var_30], 20006h mov dword ptr [rsp+58h+var_38], ecx lea rdx, SubKey ; "Software\\Microsoft\\Windows NT\\CurrentVe"... mov rcx, 0FFFFFFFF80000001h ; hKey xor r8d, r8d ; Reserved call cs:RegCreateKeyExW test eax, eax jnz short loc_1000181CA mov rcx, [rsp+58h+hKey] ; hKey lea rax, [rbx+10h] lea rdx, qword_100003B10+68h ; lpValueName mov r9d, 4 ; dwType xor r8d, r8d ; Reserved mov [rsp+58h+var_30], 4 mov [rsp+58h+var_38], rax call cs:RegSetValueExW mov rcx, [rsp+58h+hKey] ; hKey lea r11, [rbx+14h] lea rdx, qword_100003B10+40h ; lpValueName mov r9d, 4 ; dwType xor r8d, r8d ; Reserved mov [rsp+58h+var_30], 4 mov [rsp+58h+var_38], r11 call cs:RegSetValueExW mov rcx, [rsp+58h+hKey] ; hKey call cs:RegCloseKey loc_1000181CA: add rsp, 50h pop rbx retn sub_100018110 endp algn_1000181D0: align 20h sub_1000181E0 proc near var_10= qword ptr -10h var_8= qword ptr -8 arg_8= qword ptr 10h arg_10= qword ptr 18h sub rsp, 38h mov [rsp+38h+arg_8], rbp mov [rsp+38h+arg_10], rsi mov [rsp+38h+var_8], r12 mov r12, rcx mov [rsp+38h+var_10], r13 mov r13, rdx mov rcx, r13 ; hDlg mov edx, 18Ch ; nIDDlgItem call cs:GetDlgItem xor edx, edx ; nCmdShow mov rcx, rax ; hWnd call cs:ShowWindow mov edx, 18Dh ; nIDDlgItem mov rcx, r13 ; hDlg call cs:GetDlgItem mov edx, 5 ; nCmdShow mov rcx, rax ; hWnd call cs:ShowWindow mov edx, 0F1h ; nIDDlgItem mov rcx, r13 ; hDlg mov rbp, 0FFFFFFFFFFFFFFFFh call cs:GetDlgItem cmp cs:off_10002D200, 0 mov rsi, rax jz sub_100018332 sub_1000181E0 endp ; sp-analysis failed sub_100018259 proc near arg_38= qword ptr 40h arg_50= qword ptr 58h mov [rsp+arg_38], rbx lea rcx, off_10002D200 lea rbx, unk_10002D208 mov [rsp+arg_50], rdi loc_100018271: ; lParam mov r9, [rcx] xor r8d, r8d ; wParam mov edx, 143h ; Msg mov rcx, rsi ; hWnd call cs:SendMessageW test rax, rax mov rdi, rax js loc_100018323 mov r9d, [rbx] ; lParam mov r8, rax ; wParam mov edx, 151h ; Msg mov rcx, rsi ; hWnd call cs:SendMessageW test rax, rax js short loc_10001830F mov ecx, [rbx] cmp [r12+10h], ecx jnz short loc_1000182FA cmp ecx, 6Ah mov rbp, rdi jb short loc_1000182FA cmp ecx, 6Bh jbe short loc_1000182C5 cmp ecx, 6Dh jnz short loc_1000182FA loc_1000182C5: ; nIDDlgItem mov edx, 18Dh mov rcx, r13 ; hDlg call cs:GetDlgItem xor edx, edx ; nCmdShow mov rcx, rax ; hWnd call cs:ShowWindow mov edx, 18Ch ; nIDDlgItem mov rcx, r13 ; hDlg call cs:GetDlgItem mov edx, 5 ; nCmdShow mov rcx, rax ; hWnd call cs:ShowWindow loc_1000182FA: add rbx, 10h cmp qword ptr [rbx-8], 0 lea rcx, [rbx-8] jnz loc_100018271 jmp short loc_100018323 loc_10001830F: ; lParam xor r9d, r9d mov r8, rdi ; wParam mov edx, 144h ; Msg mov rcx, rsi ; hWnd call cs:SendMessageW loc_100018323: test rbp, rbp mov rdi, [rsp+arg_50] mov rbx, [rsp+arg_38] jz short loc_100018346 sub_100018259 endp ; sp-analysis failed sub_100018332 proc near arg_20= qword ptr 28h arg_28= qword ptr 30h arg_40= qword ptr 48h arg_48= qword ptr 50h xor r9d, r9d ; lParam mov r8, rbp ; wParam mov edx, 14Eh ; Msg mov rcx, rsi ; hWnd call cs:SendMessageW loc_100018346: mov r8d, [r12+14h] mov edx, 0F2h ; nIDButton mov rcx, r13 ; hDlg and r8d, 1 ; uCheck call cs:CheckDlgButton mov r8d, [r12+14h] mov edx, 0F3h ; nIDButton shr r8d, 1 mov rcx, r13 ; hDlg and r8d, 1 ; uCheck call cs:CheckDlgButton mov r8d, [r12+14h] mov edx, 0F4h shr r8d, 2 mov rcx, r13 and r8d, 1 mov r13, [rsp+arg_20] mov r12, [rsp+arg_28] mov rsi, [rsp+arg_48] mov rbp, [rsp+arg_40] add rsp, 38h jmp cs:CheckDlgButton sub_100018332 endp ; sp-analysis failed algn_1000183AB: align 20h sub_1000183C0 proc near arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov [rsp+28h+arg_8], rbx mov [rsp+28h+arg_10], rsi mov rsi, rcx mov [rsp+28h+arg_18], rdi mov rdi, rdx mov edx, 0F1h ; nIDDlgItem mov rcx, rdi ; hDlg call cs:GetDlgItem xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov rcx, rax ; hWnd mov edx, 147h ; Msg mov rbx, rax call cs:SendMessageW xor r9d, r9d ; lParam mov edx, 150h ; Msg mov r8, rax ; wParam mov rcx, rbx ; hWnd call cs:SendMessageW xor ebx, ebx mov edx, 0F2h ; nIDButton mov rcx, rdi ; hDlg mov [rsi+10h], eax mov [rsi+14h], ebx call cs:IsDlgButtonChecked mov edx, 0F3h ; nIDButton mov rcx, rdi ; hDlg test eax, eax setnz bl or [rsi+14h], ebx call cs:IsDlgButtonChecked mov edx, 0F4h ; nIDButton neg eax sbb ecx, ecx and ecx, 2 or [rsi+14h], ecx mov rcx, rdi ; hDlg call cs:IsDlgButtonChecked mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_8] neg eax sbb ecx, ecx and ecx, 4 or [rsi+14h], ecx mov rsi, [rsp+28h+arg_10] add rsp, 28h retn sub_1000183C0 endp algn_100018474: align 20h sub_100018480 proc near var_8= qword ptr -8 arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov [rsp+28h+arg_10], rbx mov [rsp+28h+arg_18], rsi mov [rsp+28h+var_8], rdi mov rdi, rdx lea rbx, dword_10002D634 lea rsi, unk_10002D698 db 66h, 66h, 66h nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_1000184B0: ; nIDButton mov edx, [rbx] xor r8d, r8d mov rcx, rdi ; hDlg cmp [rbx+0Ch], r8d setnz r8b ; uCheck call cs:CheckDlgButton add rbx, 14h cmp rbx, rsi jl short loc_1000184B0 mov rdi, [rsp+28h+var_8] mov rsi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn sub_100018480 endp algn_1000184E3: align 10h sub_1000184F0 proc near var_8= qword ptr -8 arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov [rsp+28h+arg_10], rbx mov [rsp+28h+arg_18], rsi mov [rsp+28h+var_8], rdi mov rdi, rdx lea rbx, unk_10002D654 lea rsi, unk_10002D6A4 loc_100018514: ; nIDButton mov edx, [rbx-0Ch] mov rcx, rdi ; hDlg call cs:IsDlgButtonChecked xor ecx, ecx cmp eax, 1 setz cl add rbx, 14h cmp rbx, rsi mov [rbx-14h], ecx jl short loc_100018514 mov rdi, [rsp+28h+var_8] mov rsi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn sub_1000184F0 endp algn_100018548: align 10h sub_100018550 proc near var_388= qword ptr -388h var_380= dword ptr -380h var_378= dword ptr -378h var_368= dword ptr -368h Rect= tagRECT ptr -360h var_350= dword ptr -350h var_34C= dword ptr -34Ch var_348= dword ptr -348h var_344= dword ptr -344h var_338= byte ptr -338h Buffer= word ptr -2B8h var_228= word ptr -228h var_18= qword ptr -18h var_8= qword ptr -8 arg_10= qword ptr 18h arg_18= qword ptr 20h mov r11, rsp sub rsp, 3A8h mov rax, cs:qword_10002C178 mov [rsp+3A8h+var_18], rax mov [r11+18h], rbx mov rbx, rcx mov [r11+20h], rsi mov [r11-8], rdi mov rcx, rdx ; hWnd mov rdi, rdx call cs:GetParent lea rdx, [rsp+3A8h+Rect] ; lpRect mov rcx, rax ; hWnd call cs:GetWindowRect lea rdx, [rsp+3A8h+var_350] ; lpRect mov rcx, rdi ; hWnd call cs:GetWindowRect mov eax, [rsp+3A8h+var_34C] xor esi, esi sub eax, [rsp+3A8h+var_344] mov [rsp+3A8h+var_378], 11h mov rcx, rdi ; hWnd add eax, [rsp+3A8h+Rect.top] mov [rsp+3A8h+var_380], esi mov dword ptr [rsp+3A8h+var_388], esi add eax, [rsp+3A8h+Rect.bottom] cdq sub eax, edx sar eax, 1 mov r9d, eax ; Y mov eax, [rsp+3A8h+var_350] sub eax, [rsp+3A8h+var_348] add eax, [rsp+3A8h+Rect.left] add eax, [rsp+3A8h+Rect.right] cdq sub eax, edx xor edx, edx ; hWndInsertAfter sar eax, 1 mov r8d, eax ; X call cs:SetWindowPos mov edx, 0FCh ; nIDDlgItem mov rcx, rdi ; hDlg call cs:GetDlgItem xor r9d, r9d ; lParam mov edx, 0C5h ; Msg mov rcx, rax ; hWnd mov r8d, 208h ; wParam call cs:SendMessageW lea edx, [rsi+1] ; nIDDlgItem mov rcx, rdi ; hDlg call cs:GetDlgItem xor edx, edx ; bEnable mov rcx, rax ; hWnd call cs:EnableWindow mov rcx, cs:hInstance ; hInstance lea r9d, [rsi+41h] ; nBufferMax lea r8, [rsp+3A8h+Buffer] ; lpBuffer mov edx, 9CBAh ; uID call cs:LoadStringW lea rcx, [rsp+3A8h+var_338] call CurrentDateTimeString lea r8, [rsp+3A8h+var_368] lea rdx, [rsp+3A8h+var_228] lea ecx, [rsi+3] mov [rsp+3A8h+var_368], 105h call GetUserNameExW test al, al jnz short loc_1000186A5 lea r8, [rsp+3A8h+var_368] lea rdx, [rsp+3A8h+var_228] lea ecx, [rsi+2] mov [rsp+3A8h+var_368], 105h call GetUserNameExW movzx ecx, [rsp+3A8h+var_228] test al, al cmovz cx, si mov [rsp+3A8h+var_228], cx loc_1000186A5: lea rax, [rsp+3A8h+var_338] lea r9, [rsp+3A8h+var_228] lea r8, [rsp+3A8h+Buffer] lea rcx, [rbx+10h] mov edx, 41h mov [rsp+3A8h+var_388], rax call sub_100008380 lea r8, [rbx+10h] ; lpString mov edx, 0FBh ; nIDDlgItem mov rcx, rdi ; hDlg call cs:SetDlgItemTextW mov edx, 0FBh ; nIDDlgItem mov rcx, rdi ; hDlg call cs:GetDlgItem xor r9d, r9d ; lParam mov edx, 0C5h ; Msg lea r8d, [r9+40h] ; wParam mov rcx, rax ; hWnd call cs:SendMessageW mov rdi, [rsp+3A8h+var_8] mov rsi, [rsp+3A8h+arg_18] mov rbx, [rsp+3A8h+arg_10] mov rcx, [rsp+3A8h+var_18] call sub_1000258D0 add rsp, 3A8h retn sub_100018550 endp algn_10001872F: align 20h sub_100018740 proc near arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov [rsp+28h+arg_8], rbx mov [rsp+28h+arg_10], rsi mov rsi, rdx mov [rsp+28h+arg_18], rdi mov rdi, rcx mov edx, 0FCh ; nIDDlgItem mov rcx, rsi ; hDlg call cs:GetDlgItem lea rdx, [rdi+92h] ; lpString mov r8d, 209h ; nMaxCount mov rcx, rax ; hWnd call cs:GetWindowTextW mov edx, 0FBh ; nIDDlgItem mov rcx, rsi ; hDlg call cs:GetDlgItem lea rdx, [rdi+10h] mov r8d, 41h mov rcx, rax mov rdi, [rsp+28h+arg_18] mov rsi, [rsp+28h+arg_10] mov rbx, [rsp+28h+arg_8] add rsp, 28h jmp cs:GetWindowTextW sub_100018740 endp algn_1000187B2: align 20h sub_1000187C0 proc near var_10= qword ptr -10h sub rsp, 38h cmp r9w, 0FCh mov [rsp+38h+var_10], rdi mov rdi, rdx jnz short sub_10001881D cmp r8w, 300h jnz short sub_10001881D mov edx, 0FCh mov rcx, rdi sub_1000187C0 endp ; sp-analysis failed sub_1000187E4 proc near arg_28= qword ptr 30h mov [rsp+arg_28], rbx call cs:GetDlgItem mov rcx, rax ; hWnd call cs:GetWindowTextLengthW xor ebx, ebx mov edx, 1 ; nIDDlgItem test eax, eax mov rcx, rdi ; hDlg setnz bl call cs:GetDlgItem mov edx, ebx ; bEnable mov rcx, rax ; hWnd call cs:EnableWindow mov rbx, [rsp+arg_28] sub_1000187E4 endp ; sp-analysis failed sub_10001881D proc near arg_20= qword ptr 28h mov rdi, [rsp+arg_20] add rsp, 38h retn sub_10001881D endp ; sp-analysis failed algn_100018827: align 10h sub_100018830 proc near String= word ptr -228h var_18= qword ptr -18h push rbx sub rsp, 240h mov rax, cs:qword_10002C178 mov [rsp+248h+var_18], rax mov rbx, rdx mov edx, [rcx+214h] ; uID mov rcx, cs:hInstance ; hInstance lea r8, [rsp+248h+String] ; lpBuffer mov r9d, 105h ; nBufferMax call cs:LoadStringW lea r8, [rsp+248h+String] ; lpString mov edx, 1B9h ; nIDDlgItem mov rcx, rbx ; hDlg call cs:SetDlgItemTextW mov edx, 1BAh ; nIDDlgItem mov rcx, rbx ; hDlg call cs:GetDlgItem mov edx, 0C5h ; Msg xor r9d, r9d ; lParam lea r8d, [rdx+3Bh] ; wParam mov rcx, rax ; hWnd call cs:SendMessageW mov rcx, [rsp+248h+var_18] call sub_1000258D0 add rsp, 240h pop rbx retn sub_100018830 endp algn_1000188B5: align 20h sub_1000188C0 proc near push rbx sub rsp, 20h mov rax, rdx lea rbx, [rcx+10h] mov edx, 1BAh ; nIDDlgItem mov rcx, rax ; hDlg call cs:GetDlgItem mov r8d, 101h mov rdx, rbx mov rcx, rax add rsp, 20h pop rbx jmp cs:GetWindowTextW sub_1000188C0 endp algn_1000188F3: align 20h sub_100018900 proc near var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 48h mov [rax+8], rbx mov [rax+10h], rbp mov [rax+18h], rsi mov [rax+20h], rdi mov [rax-8], r12 mov [rax-10h], r13 xor ebp, ebp mov [rax-18h], r14 movsxd r14, dword ptr [rcx+10h] test r14, r14 mov [rax-20h], r15 mov rsi, rdx mov rdi, rcx mov r13d, ebp mov r12, rbp jle loc_100018A98 lea r15, __ImageBase db 66h, 66h nop db 66h, 66h, 66h nop loc_100018950: mov rax, [rdi+8] mov ecx, cs:dword_10002FEC4 test ecx, ecx mov rbx, [rax+r12*8] jz loc_100018A4F dec ecx jz loc_100018A35 dec ecx jz loc_1000189FD dec ecx jz short loc_1000189BC dec ecx jz short loc_100018985 mov ecx, ebp jmp loc_100018A7C loc_100018985: mov rax, [rbx+80h] lea rdx, WindowName lea rcx, WindowName test rax, rax cmovnz rdx, rax ; lpString2 mov rax, [rsi+80h] test rax, rax cmovnz rcx, rax ; lpString1 call cs:lstrcmpiW mov ecx, eax jmp loc_100018A7C loc_1000189BC: cmp dword ptr [rbx+88h], 4 jz short loc_1000189CB lea rdx, [rbx+56h] jmp short loc_1000189D2 loc_1000189CB: ; lpString2 lea rdx, WindowName loc_1000189D2: cmp dword ptr [rsi+88h], 4 jz short loc_1000189EC lea rcx, [rsi+56h] ; lpString1 call cs:lstrcmpiW mov ecx, eax jmp loc_100018A7C loc_1000189EC: ; lpString1 lea rcx, WindowName call cs:lstrcmpiW mov ecx, eax jmp short loc_100018A7C loc_1000189FD: movsxd rax, dword ptr [rbx+88h] movsxd rdx, dword ptr [r15+rax*4+2F30h] movsxd rax, dword ptr [rsi+88h] movsxd rcx, dword ptr [r15+rax*4+2F30h] mov rdx, [r15+rdx*8+2F370h] ; lpString2 mov rcx, [r15+rcx*8+2F370h] ; lpString1 call cs:lstrcmpiW mov ecx, eax jmp short loc_100018A7C loc_100018A35: mov eax, [rsi] mov edx, [rbx] cmp rax, rdx jnb short loc_100018A45 mov ecx, 0FFFFFFFFh jmp short loc_100018A7C loc_100018A45: cmp rax, rdx mov ecx, ebp setnbe cl jmp short loc_100018A7C loc_100018A4F: test byte ptr cs:dword_10003015C, 80h jz short loc_100018A6C lea rdx, [rbx+32h] ; lpString2 lea rcx, [rsi+32h] ; lpString1 call cs:lstrcmpiW test eax, eax mov ecx, eax jnz short loc_100018A7C loc_100018A6C: ; lpString2 lea rdx, [rbx+8] lea rcx, [rsi+8] ; lpString1 call cs:lstrcmpiW mov ecx, eax loc_100018A7C: mov eax, cs:dword_10002D1F0 imul eax, ecx test eax, eax js short loc_100018ACB inc r12 inc r13d cmp r12, r14 jl loc_100018950 loc_100018A98: movsxd r12, dword ptr [rdi+10h] mov eax, [rdi+18h] lea ebx, [r12+1] test ebx, ebx jnz loc_100018B49 mov r8, [rdi+8] ; lpMem mov rcx, [rdi+20h] ; hHeap xor edx, edx ; dwFlags call cs:HeapFree mov [rdi+8], rbp mov [rdi+14h], ebp mov [rdi+10h], ebp jmp loc_100018C00 loc_100018ACB: mov r12d, [rdi+10h] cmp r13d, r12d jl short loc_100018AEF lea edx, [r13+1] mov r8d, 0FFFFFFFFh mov rcx, rdi call sub_100014710 test eax, eax jnz short loc_100018B39 jmp loc_100018C0D loc_100018AEF: lea edx, [r12+1] mov r8d, 0FFFFFFFFh mov rcx, rdi call sub_100014710 test eax, eax jz loc_100018C0D mov r9, [rdi+8] lea eax, [r13+1] movsxd rbx, r13d movsxd rcx, eax sub r12d, r13d lea rdx, [r9+rbx*8] ; void * movsxd r8, r12d lea rcx, [r9+rcx*8] ; void * shl r8, 3 ; size_t call memmove mov r11, [rdi+8] xor eax, eax mov [r11+rbx*8], rax loc_100018B39: mov rax, [rdi+8] movsxd rcx, r13d mov [rax+rcx*8], rsi jmp loc_100018C08 loc_100018B49: mov r10, [rdi+8] test r10, r10 jnz short loc_100018B78 mov rcx, [rdi+20h] ; hHeap movsxd r8, ebx lea edx, [r10+8] ; dwFlags shl r8, 3 ; dwBytes call cs:HeapAlloc test rax, rax jz loc_100018C0D mov [rdi+14h], ebx jmp loc_100018BF9 loc_100018B78: mov r8d, [rdi+14h] cmp ebx, r8d jg short loc_100018B9F cmp ebx, r12d jle short loc_100018BFD mov eax, ebx lea rcx, [r10+r12*8] ; void * xor edx, edx ; int sub eax, r12d movsxd r8, eax shl r8, 3 ; size_t call memset jmp short loc_100018BFD loc_100018B9F: test eax, eax jnz short loc_100018BCB mov eax, r12d cdq and edx, 7 add eax, edx sar eax, 3 cmp eax, 4 mov ecx, eax jl short loc_100018BBF mov eax, 400h cmp ecx, eax jg short loc_100018BCB loc_100018BBF: mov edx, 4 mov eax, ecx cmp ecx, edx cmovl eax, edx loc_100018BCB: ; hHeap mov rcx, [rdi+20h] add eax, r8d mov r13d, ebx cmp ebx, eax mov r8, r10 ; lpMem mov edx, 8 ; dwFlags cmovl r13d, eax movsxd r9, r13d shl r9, 3 ; dwBytes call cs:HeapReAlloc test rax, rax jz short loc_100018C0D mov [rdi+14h], r13d loc_100018BF9: mov [rdi+8], rax loc_100018BFD: mov [rdi+10h], ebx loc_100018C00: mov rax, [rdi+8] mov [rax+r12*8], rsi loc_100018C08: mov ebp, 1 loc_100018C0D: mov r15, [rsp+48h+var_20] mov r14, [rsp+48h+var_18] mov r13, [rsp+48h+var_10] mov r12, [rsp+48h+var_8] mov rdi, [rsp+48h+arg_18] mov rsi, [rsp+48h+arg_10] mov rbx, [rsp+48h+arg_0] mov eax, ebp mov rbp, [rsp+48h+arg_8] add rsp, 48h retn sub_100018900 endp byte_100018C3C db 14h dup(0CCh) sub_100018C50 proc near arg_8= qword ptr 10h arg_18= qword ptr 20h sub rsp, 28h mov edx, 28h ; uBytes mov [rsp+28h+arg_8], rbp mov rbp, rcx lea ecx, [rdx+18h] ; uFlags mov [rsp+28h+arg_18], rdi call cs:LocalAlloc test rax, rax mov rdi, rax jz sub_100018D15 sub_100018C50 endp ; sp-analysis failed sub_100018C7B proc near arg_28= qword ptr 30h arg_30= qword ptr 38h arg_38= qword ptr 40h arg_40= qword ptr 48h mov [rsp+arg_28], rbx call cs:GetProcessHeap xor ebx, ebx mov [rdi+8], rbx mov [rdi+10h], ebx mov [rdi+14h], ebx mov [rdi+20h], rax mov [rdi+18h], ebx lea rcx, qword_100003B10 mov [rdi], rcx mov rax, [rbp+0] mov [rsp+arg_38], rsi movsxd rsi, dword ptr [rax+10h] test rsi, rsi jle short loc_100018CE0 db 66h, 66h, 66h nop db 66h, 66h nop db 66h, 66h, 66h nop loc_100018CC0: mov rax, [rbp+0] mov rcx, [rax+8] mov rdx, [rcx+rbx*8] mov rcx, rdi call sub_100018900 test eax, eax jz short sub_100018D26 inc rbx cmp rbx, rsi jl short loc_100018CC0 loc_100018CE0: mov rcx, [rbp+0] test rcx, rcx jz short loc_100018CF3 mov rax, [rcx] mov edx, 1 call qword ptr [rax] loc_100018CF3: mov [rbp+0], rdi mov eax, 1 loc_100018CFC: mov rsi, [rsp+arg_38] mov rbx, [rsp+arg_28] mov rdi, [rsp+arg_40] mov rbp, [rsp+arg_30] add rsp, 28h retn sub_100018C7B endp ; sp-analysis failed sub_100018D15 proc near arg_30= qword ptr 38h arg_40= qword ptr 48h mov rdi, [rsp+arg_40] mov rbp, [rsp+arg_30] xor eax, eax add rsp, 28h retn sub_100018D15 endp ; sp-analysis failed sub_100018D26 proc near mov rax, [rdi] mov edx, 1 mov rcx, rdi call qword ptr [rax] xor eax, eax jmp short loc_100018CFC sub_100018D26 endp byte_100018D37 db 9 dup(0CCh) ; int __fastcall sub_100018D40(HLOCAL hMem) sub_100018D40 proc near push rbx sub rsp, 20h mov rbx, rcx mov rcx, [rcx+80h] ; hMem test rcx, rcx jz short loc_100018D66 call cs:LocalFree mov qword ptr [rbx+80h], 0 loc_100018D66: ; hMem mov rcx, rbx call cs:LocalFree mov rax, rbx add rsp, 20h pop rbx retn sub_100018D40 endp algn_100018D78: align 20h sub_100018D80 proc near lParam= qword ptr -0D8h var_CC= dword ptr -0CCh var_C8= dword ptr -0C8h var_C0= qword ptr -0C0h var_B4= dword ptr -0B4h var_B0= qword ptr -0B0h var_88= word ptr -88h var_38= qword ptr -38h var_28= qword ptr -28h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov r11, rsp sub rsp, 0F8h mov rax, cs:qword_10002C178 mov [rsp+0F8h+var_38], rax mov [r11+10h], rbx mov [r11+18h], rbp mov [r11+20h], rsi mov [r11-8], rdi mov [r11-10h], r12 mov [r11-18h], r13 mov r13, rcx mov rcx, [rcx+8] ; hDlg mov [r11-20h], r14 mov edx, 0BBAh ; nIDDlgItem mov [r11-28h], r15 call cs:GetDlgItem xor r9d, r9d ; lParam xor r8d, r8d ; wParam lea edx, [r9+0Bh] ; Msg mov rcx, rax ; hWnd mov r14, rax call cs:SendMessageW xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov edx, 1004h ; Msg mov rcx, r14 ; hWnd call cs:SendMessageW mov rcx, [r13+18h] xor r12d, r12d movsxd r15, dword ptr [rcx+10h] xor edi, edi test eax, eax mov rbp, rax movsxd rsi, eax jle loc_100019018 loc_100018E10: cmp rdi, r15 jge loc_100019018 xor edx, edx ; int lea rcx, [rsp+0F8h+lParam+4] ; void * lea r8d, [rdx+44h] ; size_t call memset lea r9, [rsp+0F8h+lParam] ; lParam xor r8d, r8d ; wParam mov edx, 104Bh ; Msg mov rcx, r14 ; hWnd mov dword ptr [rsp+0F8h+lParam], 7 mov dword ptr [rsp+0F8h+lParam+4], r12d call cs:SendMessageW test eax, eax jz loc_1000190C9 mov rax, [r13+18h] mov rcx, [rax+8] mov rbx, [rcx+rdi*8] cmp [rsp+0F8h+var_B0], rbx jnz short loc_100018E74 cmp dword ptr [rbx+98h], 0 jz loc_100019009 loc_100018E74: test byte ptr cs:dword_10003015C, 80h jz loc_100018F3F lea rcx, [rsp+0F8h+var_88] mov r8, rbx lea rax, [rsp+0F8h+var_88] sub r8, rcx mov edx, 27h db 66h, 66h, 66h nop db 66h, 66h nop db 66h, 66h nop loc_100018EA0: movzx ecx, word ptr [r8+rax+32h] test cx, cx jz short loc_100018EB9 mov [rax], cx add rax, 2 dec rdx jnz short loc_100018EA0 jmp short loc_100018EBE loc_100018EB9: test rdx, rdx jnz short loc_100018EC2 loc_100018EBE: sub rax, 2 loc_100018EC2: mov word ptr [rax], 0 mov ecx, 27h lea rax, [rsp+0F8h+var_88] loc_100018ED1: cmp word ptr [rax], 0 jz short loc_100018EE2 add rax, 2 dec rcx jnz short loc_100018ED1 jmp short loc_100018F46 loc_100018EE2: test rcx, rcx jz short loc_100018F46 mov eax, 27h mov edx, 27h sub rax, rcx sub rdx, rax lea rcx, [rsp+rax*2+0F8h+var_88] jz short loc_100018F46 lea r8, asc_100002CCC ; "\\" sub r8, rcx db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_100018F10: movzx eax, word ptr [rcx+r8] test ax, ax jz short loc_100018F2F mov [rcx], ax add rcx, 2 dec rdx jnz short loc_100018F10 sub rcx, 2 mov [rcx], dx jmp short loc_100018F46 loc_100018F2F: test rdx, rdx jnz short loc_100018F38 sub rcx, 2 loc_100018F38: mov word ptr [rcx], 0 jmp short loc_100018F46 loc_100018F3F: mov [rsp+0F8h+var_88], 0 loc_100018F46: lea rax, [rsp+0F8h+var_88] mov ecx, 27h loc_100018F50: cmp word ptr [rax], 0 jz short loc_100018F61 add rax, 2 dec rcx jnz short loc_100018F50 jmp short loc_100018FAA loc_100018F61: test rcx, rcx jz short loc_100018FAA mov eax, 27h mov edx, 27h sub rax, rcx sub rdx, rax lea rcx, [rsp+rax*2+0F8h+var_88] jz short loc_100018FAA mov r8, rbx sub r8, rcx loc_100018F83: movzx eax, word ptr [rcx+r8+8] test ax, ax jz short loc_100018F9C mov [rcx], ax add rcx, 2 dec rdx jnz short loc_100018F83 jmp short loc_100018FA1 loc_100018F9C: test rdx, rdx jnz short loc_100018FA5 loc_100018FA1: sub rcx, 2 loc_100018FA5: mov word ptr [rcx], 0 loc_100018FAA: lea rax, [rsp+0F8h+var_88] mov [rsp+0F8h+var_B0], rbx mov [rsp+0F8h+var_C0], rax mov eax, [rbx] cmp cs:pSessionId, eax jnz short loc_100018FCD mov eax, [r13+34h] mov [rsp+0F8h+var_B4], eax jmp short loc_100018FD5 loc_100018FCD: mov eax, [r13+30h] mov [rsp+0F8h+var_B4], eax loc_100018FD5: ; lParam lea r9, [rsp+0F8h+lParam] xor r8d, r8d ; wParam mov edx, 104Ch ; Msg mov rcx, r14 ; hWnd call cs:SendMessageW movsxd r8, r12d ; wParam mov edx, 1015h ; Msg mov r9, r8 ; lParam mov rcx, r14 ; hWnd call cs:SendMessageW mov dword ptr [rbx+98h], 0 loc_100019009: inc rdi inc r12d cmp rdi, rsi jl loc_100018E10 loc_100019018: cmp r12d, ebp jge short loc_100019049 sub ebp, r12d movsxd rdi, r12d mov ebx, ebp db 66h, 66h, 66h nop db 66h, 66h nop db 66h, 66h, 66h nop loc_100019030: ; lParam xor r9d, r9d mov r8, rdi ; wParam mov edx, 1008h ; Msg mov rcx, r14 ; hWnd call cs:SendMessageW dec rbx jnz short loc_100019030 loc_100019049: movsxd rdi, r12d cmp rdi, r15 jge loc_10001924C db 66h, 66h, 66h nop db 66h, 66h nop db 66h, 66h, 66h nop loc_100019060: mov rax, [r13+18h] xor edx, edx ; int mov rcx, [rax+8] lea r8d, [rdx+44h] ; size_t mov rbx, [rcx+rdi*8] lea rcx, [rsp+0F8h+lParam+4] ; void * call memset test byte ptr cs:dword_10003015C, 80h mov dword ptr [rsp+0F8h+lParam], 7 mov dword ptr [rsp+0F8h+lParam+4], r12d mov [rsp+0F8h+var_B0], rbx jz loc_10001916F lea rcx, [rsp+0F8h+var_88] mov r8, rbx lea rax, [rsp+0F8h+var_88] sub r8, rcx mov edx, 27h loc_1000190B0: movzx ecx, word ptr [rax+r8+32h] test cx, cx jz short loc_1000190E7 mov [rax], cx add rax, 2 dec rdx jnz short loc_1000190B0 jmp short loc_1000190EC loc_1000190C9: ; lParam xor r9d, r9d mov rcx, r14 ; hWnd lea edx, [r9+0Bh] ; Msg lea r8d, [r9+1] ; wParam call cs:SendMessageW mov eax, 80004005h jmp loc_100019262 loc_1000190E7: test rdx, rdx jnz short loc_1000190F0 loc_1000190EC: sub rax, 2 loc_1000190F0: mov word ptr [rax], 0 mov ecx, 27h lea rax, [rsp+0F8h+var_88] nop loc_100019100: cmp word ptr [rax], 0 jz short loc_100019111 add rax, 2 dec rcx jnz short loc_100019100 jmp short loc_100019176 loc_100019111: test rcx, rcx jz short loc_100019176 mov eax, 27h mov edx, 27h sub rax, rcx sub rdx, rax lea rcx, [rsp+rax*2+0F8h+var_88] jz short loc_100019176 lea r8, asc_100002CCC ; "\\" sub r8, rcx db 66h, 66h nop db 66h, 66h nop db 66h, 66h nop loc_100019140: movzx eax, word ptr [r8+rcx] test ax, ax jz short loc_10001915F mov [rcx], ax add rcx, 2 dec rdx jnz short loc_100019140 sub rcx, 2 mov [rcx], dx jmp short loc_100019176 loc_10001915F: test rdx, rdx jnz short loc_100019168 sub rcx, 2 loc_100019168: mov word ptr [rcx], 0 jmp short loc_100019176 loc_10001916F: mov [rsp+0F8h+var_88], 0 loc_100019176: lea rax, [rsp+0F8h+var_88] mov ecx, 27h loc_100019180: cmp word ptr [rax], 0 jz short loc_100019191 add rax, 2 dec rcx jnz short loc_100019180 jmp short loc_1000191DA loc_100019191: test rcx, rcx jz short loc_1000191DA mov eax, 27h mov edx, 27h sub rax, rcx sub rdx, rax lea rcx, [rsp+rax*2+0F8h+var_88] jz short loc_1000191DA mov r8, rbx sub r8, rcx loc_1000191B3: movzx eax, word ptr [rcx+r8+8] test ax, ax jz short loc_1000191CC mov [rcx], ax add rcx, 2 dec rdx jnz short loc_1000191B3 jmp short loc_1000191D1 loc_1000191CC: test rdx, rdx jnz short loc_1000191D5 loc_1000191D1: sub rcx, 2 loc_1000191D5: mov word ptr [rcx], 0 loc_1000191DA: lea rax, [rsp+0F8h+var_88] mov [rsp+0F8h+var_C0], rax mov eax, [rbx] cmp cs:pSessionId, eax jnz short loc_1000191F8 mov eax, [r13+34h] mov [rsp+0F8h+var_B4], eax jmp short loc_100019200 loc_1000191F8: mov eax, [r13+30h] mov [rsp+0F8h+var_B4], eax loc_100019200: test r12d, r12d jnz short loc_10001921D mov [rsp+0F8h+var_CC], 3 mov [rsp+0F8h+var_C8], 3 mov dword ptr [rsp+0F8h+lParam], 0Fh loc_10001921D: ; lParam lea r9, [rsp+0F8h+lParam] xor r8d, r8d ; wParam mov edx, 104Dh ; Msg mov rcx, r14 ; hWnd call cs:SendMessageW inc rdi inc r12d cmp rdi, r15 mov dword ptr [rbx+98h], 0 jl loc_100019060 loc_10001924C: ; lParam xor r9d, r9d mov rcx, r14 ; hWnd lea edx, [r9+0Bh] ; Msg lea r8d, [r9+1] ; wParam call cs:SendMessageW xor eax, eax loc_100019262: mov r15, [rsp+0F8h+var_28] mov r14, [rsp+0F8h+var_20] mov r13, [rsp+0F8h+var_18] mov r12, [rsp+0F8h+var_10] mov rdi, [rsp+0F8h+var_8] mov rsi, [rsp+0F8h+arg_18] mov rbp, [rsp+0F8h+arg_10] mov rbx, [rsp+0F8h+arg_8] mov rcx, [rsp+0F8h+var_38] call sub_1000258D0 add rsp, 0F8h retn sub_100018D80 endp algn_1000192B7: align 20h sub_1000192C0 proc near lParam= qword ptr -68h var_40= qword ptr -40h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 88h mov rcx, [rcx+8] ; hDlg mov edx, 0BBAh ; nIDDlgItem mov [rsp+88h+var_10], r13 mov [rsp+88h+var_18], r14 call cs:GetDlgItem xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov edx, 1032h ; Msg mov rcx, rax ; hWnd mov r14, rax call cs:SendMessageW test eax, eax mov r13, rax jnz short loc_100019310 mov r14, [rsp+88h+var_18] mov r13, [rsp+88h+var_10] add rsp, 88h retn loc_100019310: ; uBytes mov edx, 28h loc_100019315: mov [rsp+88h+arg_0], rbx lea ecx, [rdx+18h] ; uFlags call cs:LocalAlloc test rax, rax mov rbx, rax jz loc_10001944A loc_100019332: mov [rsp+88h+arg_18], rdi call cs:GetProcessHeap xor edi, edi test r13d, r13d mov [rsp+88h+arg_8], rbp lea rcx, qword_100003B10 mov [rsp+88h+arg_10], rsi mov [rsp+88h+var_8], r12 mov [rbx+20h], rax mov [rbx], rcx mov [rbx+8], rdi mov [rbx+10h], edi mov [rbx+14h], edi mov [rbx+18h], edi lea r12d, [rdi-1] jle loc_10001940D loc_100019382: ; wParam movsxd r8, r12d mov edx, 100Ch ; Msg mov r9d, 2 ; lParam mov rcx, r14 ; hWnd call cs:SendMessageW cmp eax, 0FFFFFFFFh mov r12, rax jz loc_10001944E xor edx, edx ; int lea rcx, [rsp+88h+lParam+4] ; void * mov dword ptr [rsp+88h+lParam], 4 lea r8d, [rdx+44h] ; size_t call memset lea r9, [rsp+88h+lParam] ; lParam xor r8d, r8d ; wParam mov edx, 104Bh ; Msg mov rcx, r14 ; hWnd mov dword ptr [rsp+88h+lParam+4], r12d call cs:SendMessageW test eax, eax jz short loc_10001944E movsxd rsi, dword ptr [rbx+10h] mov rbp, [rsp+88h+var_40] mov r8d, 0FFFFFFFFh lea edx, [rsi+1] mov rcx, rbx call sub_100014710 test eax, eax jz short loc_10001944E mov rax, [rbx+8] inc edi cmp edi, r13d mov [rax+rsi*8], rbp jl loc_100019382 loc_10001940D: mov rax, rbx loc_100019410: mov rbp, [rsp+88h+arg_8] mov rsi, [rsp+88h+arg_10] mov r12, [rsp+88h+var_8] mov rdi, [rsp+88h+arg_18] loc_100019430: mov rbx, [rsp+88h+arg_0] mov r14, [rsp+88h+var_18] mov r13, [rsp+88h+var_10] add rsp, 88h retn loc_10001944A: xor eax, eax jmp short loc_100019430 loc_10001944E: mov rax, [rbx] mov edx, 1 mov rcx, rbx call qword ptr [rax] xor eax, eax jmp short loc_100019410 sub_1000192C0 endp byte_10001945F db 11h dup(0CCh) sub_100019470 proc near var_48= qword ptr -48h var_40= qword ptr -40h Points= qword ptr -38h var_30= dword ptr -30h var_2C= dword ptr -2Ch var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 68h mov [rax+8], rbx mov [rax+20h], rdi mov [rax-10h], r13 mov [rax-18h], r14 mov r13, rcx mov rcx, [rcx+8] ; hDlg mov [rax-20h], r15 mov r15d, edx mov edx, 0BBAh ; nIDDlgItem mov r14d, r8d call cs:GetDlgItem mov rcx, r13 mov rbx, rax call sub_1000192C0 test rax, rax mov rdi, rax jz loc_10001970E cmp r15w, 0FFFFh jnz short loc_10001951E cmp r14w, r15w jnz short loc_10001951E mov r9d, 2 ; lParam mov edx, 100Ch ; Msg mov rcx, rbx ; hWnd lea r8, [r9-3] ; wParam call cs:SendMessageW lea r9, [rsp+68h+Points] ; lParam mov edx, 100Eh ; Msg mov rcx, rbx ; hWnd movsxd r8, eax ; wParam mov dword ptr [rsp+68h+Points], 1 call cs:SendMessageW lea r8, [rsp+68h+Points] ; lpPoints mov r9d, 2 ; cPoints xor edx, edx ; hWndTo mov rcx, rbx ; hWndFrom call cs:MapWindowPoints mov r15d, [rsp+68h+var_30] mov r14d, [rsp+68h+var_2C] loc_10001951E: ; hInstance mov rcx, cs:hInstance mov edx, 0C81h ; lpMenuName loc_10001952A: mov [rsp+68h+arg_10], rsi call cs:LoadMenuW test rax, rax mov rsi, rax jz loc_1000196F9 xor edx, edx ; nPos mov rcx, rax ; hMenu call cs:GetSubMenu test rax, rax mov rbx, rax jz short loc_100019568 xor edx, edx ; uPosition mov r8d, 400h ; uFlags mov rcx, rsi ; hMenu call cs:RemoveMenu loc_100019568: ; hMenu mov rcx, rsi call cs:DestroyMenu test rbx, rbx jz loc_1000196F9 xor r8d, r8d ; fByPos mov edx, 0C8Ah ; uItem mov rcx, rbx ; hMenu call cs:SetMenuDefaultItem mov r11, gs:30h mov eax, ds:7FFE02D8h mov rcx, [r11+60h] cmp eax, [rcx+2C0h] jnz short loc_1000195BB mov edx, 0C8Dh ; uIDEnableItem mov r8d, 3 ; uEnable mov rcx, rbx ; hMenu call cs:EnableMenuItem loc_1000195BB: cmp dword ptr [rdi+10h], 1 jle short loc_1000195E9 mov edx, 0C8Dh ; uIDEnableItem mov r8d, 3 ; uEnable mov rcx, rbx ; hMenu call cs:EnableMenuItem mov edx, 0C8Bh ; uIDEnableItem mov r8d, 3 ; uEnable mov rcx, rbx ; hMenu call cs:EnableMenuItem loc_1000195E9: xor esi, esi cmp [rdi+10h], esi jle loc_1000196B1 loc_1000195F4: mov [rsp+68h+arg_8], rbp xor ebp, ebp mov [rsp+68h+var_8], r12 loc_100019600: mov rax, [rdi+8] mov r12, [rax+rbp] mov eax, [r12] cmp cs:pSessionId, eax jnz short loc_100019679 mov edx, 0C8Dh ; uIDEnableItem mov r8d, 3 ; uEnable mov rcx, rbx ; hMenu call cs:EnableMenuItem mov edx, 0C8Bh ; uIDEnableItem mov r8d, 3 ; uEnable mov rcx, rbx ; hMenu call cs:EnableMenuItem mov ecx, 41000001h ; rest call cs:SHRestricted test eax, eax jz short loc_10001965F mov edx, 0C8Ch ; uIDEnableItem mov r8d, 3 ; uEnable mov rcx, rbx ; hMenu call cs:EnableMenuItem loc_10001965F: cmp dword ptr [rdi+10h], 1 jnz short loc_100019679 mov edx, 0C8Ah ; uIDEnableItem mov r8d, 3 ; uEnable mov rcx, rbx ; hMenu call cs:EnableMenuItem loc_100019679: cmp dword ptr [r12+88h], 4 jnz short loc_100019698 mov edx, 0C8Ch ; uIDEnableItem mov r8d, 3 ; uEnable mov rcx, rbx ; hMenu call cs:EnableMenuItem loc_100019698: inc esi add rbp, 8 cmp esi, [rdi+10h] jl loc_100019600 mov r12, [rsp+68h+var_8] mov rbp, [rsp+68h+arg_8] loc_1000196B1: mov rax, [r13+8] mov r9d, r14d ; int mov r8d, r15d ; int xor edx, edx ; UINT mov rcx, rbx ; HMENU mov [rsp+68h+var_40], 0 mov dword ptr [r13+20h], 1 mov cs:dword_10002F3E4, 1 mov [rsp+68h+var_48], rax call cs:TrackPopupMenuEx mov rcx, rbx ; hMenu mov cs:dword_10002F3E4, 0 call cs:DestroyMenu loc_1000196F9: mov rax, [rdi] mov edx, 1 mov rcx, rdi call qword ptr [rax] mov rsi, [rsp+68h+arg_10] loc_10001970E: mov r15, [rsp+68h+var_20] mov r14, [rsp+68h+var_18] mov r13, [rsp+68h+var_10] mov rdi, [rsp+68h+arg_18] mov rbx, [rsp+68h+arg_0] add rsp, 68h retn sub_100019470 endp algn_10001972F: align 20h sub_100019740 proc near var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov [rsp+28h+arg_8], rbp mov [rsp+28h+arg_10], rsi mov [rsp+28h+arg_18], rdi mov [rsp+28h+var_8], r12 lea rsi, qword_100002F58 mov ebp, 3 mov r12, rcx mov [rsp+28h+arg_0], rbx xor edi, edi db 66h nop loc_100019770: cmp [r12+24h], edi mov edx, [rsi] ; nIDDlgItem mov rcx, [r12+8] ; hDlg mov ebx, edi setnbe bl call cs:GetDlgItem mov rcx, rax ; hWnd mov edx, ebx ; bEnable call cs:EnableWindow add rsi, 4 dec rbp jnz short loc_100019770 mov rcx, r12 call sub_1000192C0 test rax, rax mov rbx, rax jz loc_10001985E cmp [rax+10h], edi jle loc_100019851 mov rsi, rdi db 66h nop db 66h, 66h nop loc_1000197C0: mov rax, [rbx+8] mov rbp, [rsi+rax] mov eax, [rbp+0] cmp cs:pSessionId, eax jnz short loc_10001981E mov ecx, 41000001h ; rest call cs:SHRestricted test eax, eax jz short loc_1000197FD mov rcx, [r12+8] ; hDlg mov edx, 0C8Ch ; nIDDlgItem call cs:GetDlgItem xor edx, edx ; bEnable mov rcx, rax ; hWnd call cs:EnableWindow loc_1000197FD: cmp dword ptr [rbx+10h], 1 jnz short loc_10001981E mov rcx, [r12+8] ; hDlg mov edx, 0C8Ah ; nIDDlgItem call cs:GetDlgItem xor edx, edx ; bEnable mov rcx, rax ; hWnd call cs:EnableWindow loc_10001981E: cmp dword ptr [rbp+88h], 4 jnz short loc_100019842 mov rcx, [r12+8] ; hDlg mov edx, 0C8Ch ; nIDDlgItem call cs:GetDlgItem xor edx, edx ; bEnable mov rcx, rax ; hWnd call cs:EnableWindow loc_100019842: inc edi add rsi, 8 cmp edi, [rbx+10h] jl loc_1000197C0 loc_100019851: mov rax, [rbx] mov edx, 1 mov rcx, rbx call qword ptr [rax] loc_10001985E: mov r12, [rsp+28h+var_8] mov rdi, [rsp+28h+arg_18] mov rsi, [rsp+28h+arg_10] mov rbp, [rsp+28h+arg_8] mov rbx, [rsp+28h+arg_0] add rsp, 28h retn sub_100019740 endp byte_10001987C db 14h dup(0CCh) sub_100019890 proc near lParam= qword ptr -38h var_1C= dword ptr -1Ch arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 58h mov eax, [rdx+10h] mov [rsp+58h+arg_8], rbx mov [rsp+58h+arg_10], rsi cmp eax, 0FFFFFF4Fh mov [rsp+58h+arg_18], rdi mov rsi, rcx mov rdi, rdx jz loc_100019980 cmp eax, 0FFFFFF94h jz short loc_10001990B cmp eax, 0FFFFFF9Bh jnz loc_100019ABE test byte ptr [rdx+28h], 8 jz loc_100019ABE mov rcx, [rcx+8] ; hDlg mov edx, 0BBAh ; nIDDlgItem call cs:GetDlgItem xor r9d, r9d ; lParam xor r8d, r8d ; wParam mov rcx, rax ; hWnd mov edx, 1032h ; Msg call cs:SendMessageW cmp eax, [rsi+24h] jz loc_100019ABE mov rcx, rsi mov [rsi+24h], eax call sub_100019740 jmp loc_100019ABE loc_10001990B: movsxd rbx, dword ptr [rdx+1Ch] mov rcx, [rcx+8] ; hDlg mov edx, 0BBAh ; nIDDlgItem mov dword ptr [rsp+58h+lParam], 8 call cs:GetDlgItem lea r9, [rsp+58h+lParam] ; lParam mov r8, rbx ; wParam mov edx, 105Fh ; Msg mov rcx, rax ; hWnd call cs:SendMessageW test eax, eax jz loc_100019ABE mov eax, [rsp+58h+var_1C] cmp cs:dword_10002FEC4, eax jnz short loc_100019958 neg cs:dword_10002D1F0 jmp short loc_100019968 loc_100019958: mov cs:dword_10002FEC4, eax mov cs:dword_10002D1F0, 1 loc_100019968: lea rcx, [rsi+18h] call sub_100018C50 mov r11, [rsi] mov rcx, rsi call qword ptr [r11+30h] jmp loc_100019ABE loc_100019980: test byte ptr [rdx+18h], 1 jz loc_100019ABE movsxd rbx, dword ptr [rdx+20h] mov rcx, [rcx+8] ; hDlg mov edx, 0BBAh ; nIDDlgItem mov dword ptr [rsp+58h+lParam], 8 call cs:GetDlgItem lea r9, [rsp+58h+lParam] ; lParam mov r8, rbx ; wParam mov edx, 105Fh ; Msg mov rcx, rax ; hWnd call cs:SendMessageW test eax, eax jz loc_100019ABE mov ecx, [rsp+58h+var_1C] mov rbx, [rdi+40h] test ecx, ecx jz loc_100019A53 dec ecx jz short loc_100019A3A dec ecx jz short loc_100019A15 dec ecx jz short loc_100019A03 dec ecx jnz loc_100019ABE mov r8, [rbx+80h] test r8, r8 jnz loc_100019AB1 loc_1000199F7: lea r8, WindowName jmp loc_100019AB1 loc_100019A03: cmp dword ptr [rbx+88h], 4 jz short loc_1000199F7 lea r8, [rbx+56h] jmp loc_100019AB1 loc_100019A15: movsxd rax, dword ptr [rbx+88h] lea r8, __ImageBase movsxd rax, dword ptr [r8+rax*4+2F30h] mov r8, [r8+rax*8+2F370h] test r8, r8 jz short loc_1000199F7 jmp short loc_100019AB1 loc_100019A3A: movsxd rdx, dword ptr [rdi+38h] mov r9d, [rbx] mov rcx, [rdi+30h] lea r8, aD_0 ; "%d" call sub_100008380 jmp short loc_100019ABE loc_100019A53: or dword ptr [rdi+18h], 1000h test byte ptr cs:dword_10003015C, 80h jz short loc_100019AAD movsxd rdx, dword ptr [rdi+38h] mov rcx, [rdi+30h] lea r8, [rbx+32h] call sub_100008300 movsxd rdx, dword ptr [rdi+38h] cmp rdx, 7FFFFFFFh ja short loc_100019A91 mov rcx, [rdi+30h] lea r8, asc_100002CCC ; "\\" call sub_100008260 loc_100019A91: movsxd rdx, dword ptr [rdi+38h] cmp rdx, 7FFFFFFFh ja short loc_100019ABE mov rcx, [rdi+30h] lea r8, [rbx+8] call sub_100008260 jmp short loc_100019ABE loc_100019AAD: lea r8, [rbx+8] loc_100019AB1: movsxd rdx, dword ptr [rdi+38h] mov rcx, [rdi+30h] call sub_100008300 loc_100019ABE: mov rdi, [rsp+58h+arg_18] mov rsi, [rsp+58h+arg_10] mov rbx, [rsp+58h+arg_8] mov eax, 1 add rsp, 58h retn sub_100019890 endp algn_100019AD7: align 20h sub_100019AE0 proc near mov r11, rsp sub rsp, 98h cmp dword ptr [rcx+20h], 0 mov [r11-10h], r13 mov r13, rcx jnz loc_10001A094 xor edx, edx lea rax, [r11-54h] lea r9, [r11-50h] lea r8d, [rdx+1] xor ecx, ecx mov [r11-78h], rax call WTSEnumerateSessionsW test eax, eax jz sub_10001A085 mov rax, [r13+18h] sub_100019AE0 endp ; sp-analysis failed sub_100019B20 proc near arg_70= qword ptr 78h arg_78= qword ptr 80h arg_98= qword ptr 0A0h arg_A0= qword ptr 0A8h arg_A8= qword ptr 0B0h arg_B0= qword ptr 0B8h mov [rsp+arg_98], rbx mov [rsp+arg_A0], rbp mov [rsp+arg_A8], rsi mov [rsp+arg_B0], rdi mov [rsp+arg_78], r14 xor r14d, r14d mov [rsp+arg_70], r15 lea r15, WindowName cmp [rax+10h], r14d mov esi, r14d jle sub_100019D06 sub_100019B20 endp ; sp-analysis failed sub_100019B64 proc near arg_18= qword ptr 20h arg_20= qword ptr 28h arg_28= dword ptr 30h arg_38= byte ptr 40h arg_3C= dword ptr 44h arg_40= qword ptr 48h lpString2= qword ptr 50h arg_50= qword ptr 58h arg_88= qword ptr 90h mov [rsp+arg_88], r12 mov r12, r14 nop loc_100019B70: mov rax, [rax+8] mov r8d, [rsp+arg_3C] mov ebp, r14d test r8d, r8d mov rdi, [r12+rax] mov eax, r14d mov rdx, r14 jz loc_100019DD4 mov r10, [rsp+arg_40] mov r9d, [rdi] mov rcx, r10 db 66h, 66h nop db 66h, 66h nop loc_100019BA0: cmp r9d, [rcx] jz short loc_100019BB8 inc eax inc rdx add rcx, 18h cmp eax, r8d jb short loc_100019BA0 jmp loc_100019DD4 loc_100019BB8: cmp eax, r8d jnb loc_100019DD4 lea rbx, [rdx+rdx*2] mov eax, [r10+rbx*8+10h] test eax, eax jz short loc_100019BE0 cmp eax, 2 jle loc_100019DD4 cmp eax, 4 jg loc_100019DD4 loc_100019BE0: mov edx, [r10+rbx*8] lea rax, [rsp+arg_38] lea r9, [rsp+lpString2] mov r8d, 5 xor ecx, ecx mov [rsp+arg_18], rax call WTSQuerySessionInformationW test eax, eax jz sub_100019DC7 mov rdx, [rsp+lpString2] ; lpString2 test rdx, rdx jz sub_100019DC7 lea rcx, [rdi+8] ; lpString1 call cs:lstrcmpW test eax, eax jz short loc_100019C41 mov rax, [rsp+lpString2] mov ebp, 1 cmp [rax], r14w jnz short loc_100019C41 mov rax, [rsp+arg_40] mov dword ptr [rax+rbx*8+10h], 5 loc_100019C41: mov rcx, [rsp+lpString2] call WTSFreeMemory test ebp, ebp mov [rsp+lpString2], r14 jnz loc_100019DD4 lea rax, [rsp+arg_38] mov [rsp+arg_50], r14 lea r9, [rsp+arg_50] mov [rsp+arg_18], rax mov rax, [rsp+arg_40] lea r8d, [rbp+0Ah] mov edx, [rax+rbx*8] xor ecx, ecx call WTSQuerySessionInformationW mov r8d, cs:dword_10003015C mov r11, [rsp+arg_40] mov rdx, [rsp+arg_50] mov rax, cs:qword_100030198 mov r9d, [r11+rbx*8+10h] shl r8d, 18h mov [rsp+arg_28], 1 mov [rsp+arg_20], rax sar r8d, 1Fh test rdx, rdx mov rcx, rdi mov dword ptr [rsp+arg_18], r8d mov r8, [r11+rbx*8+8] cmovz rdx, r15 call sub_10001A0B0 mov rcx, [rsp+arg_50] test rcx, rcx jz short loc_100019CDE call WTSFreeMemory mov [rsp+arg_50], r14 loc_100019CDE: mov rax, [rsp+arg_40] inc esi add r12, 8 mov dword ptr [rax+rbx*8+10h], 5 loc_100019CF1: mov rax, [r13+18h] cmp esi, [rax+10h] jl loc_100019B70 mov r12, [rsp+arg_88] sub_100019B64 endp ; sp-analysis failed sub_100019D06 proc near arg_18= qword ptr 20h arg_38= byte ptr 40h arg_3C= dword ptr 44h arg_40= qword ptr 48h arg_50= byte ptr 58h cmp [rsp+arg_3C], r14d mov ebp, r14d jbe loc_10001A049 mov rsi, r14 db 66h, 66h nop db 66h, 66h nop db 66h, 66h nop loc_100019D20: mov rax, [rsp+arg_40] mov ecx, [rsi+rax+10h] test ecx, ecx jz short loc_100019D3F cmp ecx, 2 jle loc_10001A039 cmp ecx, 4 jg loc_10001A039 loc_100019D3F: ; uBytes mov edx, 0A0h lea ecx, [rdx-60h] ; uFlags call cs:LocalAlloc test rax, rax mov rbx, rax jz loc_10001A039 xor edx, edx ; int mov r8d, 0A0h ; size_t mov rcx, rax ; void * call memset mov r11, [rsp+arg_40] lea rax, [rsp+arg_38] mov ecx, [rsi+r11] mov [rsp+arg_18], rax lea r9, [rsp+arg_50] mov [rbx], ecx mov rax, [rsp+arg_40] mov r8d, 0Ah mov edx, [rsi+rax] xor ecx, ecx call WTSQuerySessionInformationW test eax, eax jnz sub_100019E33 mov rcx, [rbx+80h] ; hMem test rcx, rcx jz short loc_100019DB9 call cs:LocalFree mov [rbx+80h], r14 loc_100019DB9: ; hMem mov rcx, rbx call cs:LocalFree jmp loc_10001A039 sub_100019D06 endp sub_100019DC7 proc near arg_40= qword ptr 48h mov rax, [rsp+arg_40] mov dword ptr [rax+rbx*8+10h], 5 loc_100019DD4: test rdi, rdi jz short loc_100019DFB mov rcx, [rdi+80h] ; hMem test rcx, rcx jz short loc_100019DF2 call cs:LocalFree mov [rdi+80h], r14 loc_100019DF2: ; hMem mov rcx, rdi call cs:LocalFree loc_100019DFB: mov rbx, [r13+18h] mov eax, [rbx+10h] sub eax, esi dec eax test eax, eax jle short loc_100019E2B mov r9, [rbx+8] movsxd r8, eax lea eax, [rsi+1] movsxd rcx, eax movsxd rax, esi shl r8, 3 ; size_t lea rdx, [r9+rcx*8] ; void * lea rcx, [r9+rax*8] ; void * call memmove loc_100019E2B: dec dword ptr [rbx+10h] jmp loc_100019CF1 sub_100019DC7 endp sub_100019E33 proc near arg_18= qword ptr 20h arg_20= qword ptr 28h arg_28= dword ptr 30h arg_38= byte ptr 40h arg_3C= dword ptr 44h arg_40= qword ptr 48h arg_48= qword ptr 50h arg_50= qword ptr 58h arg_58= qword ptr 60h arg_70= qword ptr 78h arg_78= qword ptr 80h arg_98= qword ptr 0A0h arg_A0= qword ptr 0A8h arg_A8= qword ptr 0B0h arg_B0= qword ptr 0B8h mov ecx, cs:dword_10003015C mov r8, [rsp+arg_40] mov rdx, [rsp+arg_50] mov rax, cs:qword_100030198 mov r9d, [rsi+r8+10h] mov r8, [rsi+r8+8] shl ecx, 18h mov [rsp+arg_28], r14d mov [rsp+arg_20], rax sar ecx, 1Fh test rdx, rdx mov dword ptr [rsp+arg_18], ecx cmovz rdx, r15 mov rcx, rbx call sub_10001A0B0 mov rcx, [rsp+arg_50] test rcx, rcx mov edi, eax jz short loc_100019E8D call WTSFreeMemory mov [rsp+arg_50], r14 loc_100019E8D: test edi, edi jns short loc_100019EB8 mov rcx, [rbx+80h] ; hMem test rcx, rcx jz short loc_100019EAA call cs:LocalFree mov [rbx+80h], r14 loc_100019EAA: ; hMem mov rcx, rbx call cs:LocalFree jmp loc_10001A039 loc_100019EB8: lea rax, [rsp+arg_38] lea r9, [rsp+arg_48] mov r8d, 5 mov [rsp+arg_18], rax mov rax, [rsp+arg_40] xor ecx, ecx mov edx, [rsi+rax] call WTSQuerySessionInformationW test eax, eax jz loc_10001A017 mov rax, [rsp+arg_48] test rax, rax jz loc_10001A017 cmp [rax], r14w jnz short loc_100019F2C mov rcx, rax call WTSFreeMemory mov [rsp+arg_48], r14 mov rcx, [rbx+80h] ; hMem test rcx, rcx jz short loc_100019F1E call cs:LocalFree mov [rbx+80h], r14 loc_100019F1E: ; hMem mov rcx, rbx call cs:LocalFree jmp loc_10001A039 loc_100019F2C: lea rcx, [rbx+8] mov r8d, 15h loc_100019F36: movzx edx, word ptr [rax] test dx, dx jz short loc_100019F50 mov [rcx], dx add rcx, 2 add rax, 2 dec r8 jnz short loc_100019F36 jmp short loc_100019F55 loc_100019F50: test r8, r8 jnz short loc_100019F59 loc_100019F55: sub rcx, 2 loc_100019F59: mov [rcx], r14w mov rcx, [rsp+arg_48] call WTSFreeMemory lea rax, [rsp+arg_38] mov [rsp+arg_48], r14 mov [rsp+arg_18], rax mov rax, [rsp+arg_40] lea r9, [rsp+arg_58] mov edx, [rsi+rax] mov r8d, 7 xor ecx, ecx call WTSQuerySessionInformationW test eax, eax jz short loc_10001A008 mov rcx, [rsp+arg_58] test rcx, rcx jz short loc_10001A008 lea rax, [rbx+32h] mov r8d, 12h loc_100019FA8: movzx edx, word ptr [rcx] test dx, dx jz short loc_100019FC2 mov [rax], dx add rax, 2 add rcx, 2 dec r8 jnz short loc_100019FA8 jmp short loc_100019FC7 loc_100019FC2: test r8, r8 jnz short loc_100019FCB loc_100019FC7: sub rax, 2 loc_100019FCB: mov [rax], r14w mov rcx, [rsp+arg_58] call WTSFreeMemory mov [rsp+arg_58], r14 mov dword ptr [rbx+98h], 1 mov rcx, [r13+18h] xor r8d, r8d mov rdx, rbx call sub_100014640 test eax, eax jnz short loc_10001A039 lea edx, [rax+1] mov rcx, rbx ; hMem call sub_100018D40 jmp short loc_10001A039 loc_10001A008: mov edx, 1 mov rcx, rbx ; hMem call sub_100018D40 jmp short loc_10001A039 loc_10001A017: ; hMem mov rcx, [rbx+80h] test rcx, rcx jz short loc_10001A030 call cs:LocalFree mov [rbx+80h], r14 loc_10001A030: ; hMem mov rcx, rbx call cs:LocalFree loc_10001A039: inc ebp add rsi, 18h cmp ebp, [rsp+arg_3C] jb loc_100019D20 loc_10001A049: mov rcx, [rsp+arg_40] call WTSFreeMemory mov r15, [rsp+arg_70] mov rdi, [rsp+arg_B0] mov rsi, [rsp+arg_A8] mov rbp, [rsp+arg_A0] mov rbx, [rsp+arg_98] mov [rsp+arg_40], r14 mov r14, [rsp+arg_78] sub_100019E33 endp ; sp-analysis failed sub_10001A085 proc near arg_80= qword ptr 88h mov rcx, r13 call sub_100018D80 inc cs:qword_100030198 loc_10001A094: mov r13, [rsp+arg_80] add rsp, 98h retn sub_10001A085 endp ; sp-analysis failed algn_10001A0A4: align 10h sub_10001A0B0 proc near var_38= qword ptr -38h var_30= qword ptr -30h var_28= qword ptr -28h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_20= dword ptr 28h arg_28= qword ptr 30h arg_30= dword ptr 38h sub rsp, 58h mov rax, [rsp+58h+arg_28] loc_10001A0BC: mov [rsp+58h+var_8], rbx mov [rsp+58h+var_10], rbp mov [rsp+58h+var_20], rdi mov [rsp+58h+var_30], r13 xor r13d, r13d cmp [rsp+58h+arg_30], r13d mov [rsp+58h+var_38], r14 mov rbx, r8 mov r14d, r9d mov rbp, rdx mov rdi, rcx mov [rcx+90h], rax jz short loc_10001A10D mov rcx, [rcx+80h] ; lpString1 mov rdx, r8 ; lpString2 call cs:lstrcmpW test eax, eax jz loc_10001A1A6 loc_10001A10D: mov [rsp+58h+var_18], rsi mov rcx, rbx ; lpString mov [rsp+58h+var_28], r12 mov r12, [rdi+80h] call cs:lstrlenW xor ecx, ecx ; uFlags inc eax mov esi, eax lea rdx, [rax+rax] ; uBytes call cs:LocalAlloc test rax, rax mov [rdi+80h], rax jnz short loc_10001A152 mov [rdi+80h], r12 mov r13d, 8007000Eh jmp short loc_10001A19C loc_10001A152: cmp rsi, 7FFFFFFFh ja short loc_10001A187 test rsi, rsi jz short loc_10001A187 loc_10001A160: movzx ecx, word ptr [rbx] test cx, cx jz short loc_10001A17A mov [rax], cx add rax, 2 add rbx, 2 dec rsi jnz short loc_10001A160 jmp short loc_10001A17F loc_10001A17A: test rsi, rsi jnz short loc_10001A183 loc_10001A17F: sub rax, 2 loc_10001A183: mov [rax], r13w loc_10001A187: or dword ptr [rdi+98h], 10h test r12, r12 jz short loc_10001A19C mov rcx, r12 ; hMem call cs:LocalFree loc_10001A19C: mov rsi, [rsp+58h+var_18] mov r12, [rsp+58h+var_28] loc_10001A1A6: test rbp, rbp jz short loc_10001A1F3 lea rbx, [rdi+56h] mov rdx, rbp ; lpString2 mov rcx, rbx ; lpString1 call cs:lstrcmpW test eax, eax jz short loc_10001A1F3 mov ecx, 15h sub rbp, rbx loc_10001A1C7: movzx eax, word ptr [rbx+rbp] test ax, ax jz short loc_10001A1DE mov [rbx], ax add rbx, 2 dec rcx jnz short loc_10001A1C7 jmp short loc_10001A1E3 loc_10001A1DE: test rcx, rcx jnz short loc_10001A1E7 loc_10001A1E3: sub rbx, 2 loc_10001A1E7: mov word ptr [rbx], 0 or dword ptr [rdi+98h], 8 loc_10001A1F3: cmp r14d, [rdi+88h] mov rbp, [rsp+58h+var_10] mov rbx, [rsp+58h+var_8] jz short loc_10001A214 loc_10001A206: or dword ptr [rdi+98h], 4 mov [rdi+88h], r14d loc_10001A214: mov ecx, [rsp+58h+arg_20] mov r14, [rsp+58h+var_38] cmp ecx, [rdi+4] jz short loc_10001A22F loc_10001A225: or dword ptr [rdi+98h], 1 mov [rdi+4], ecx loc_10001A22F: mov rdi, [rsp+58h+var_20] mov eax, r13d mov r13, [rsp+58h+var_30] add rsp, 58h retn sub_10001A0B0 endp algn_10001A241: align 10h sub_10001A250 proc near var_88= dword ptr -88h var_80= dword ptr -80h var_78= dword ptr -78h var_70= dword ptr -70h Rect= tagRECT ptr -68h Points= tagPOINT ptr -58h var_48= dword ptr -48h var_44= dword ptr -44h var_30= dword ptr -30h var_2C= dword ptr -2Ch var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 0A8h mov [rax+8], rbx mov [rax+10h], rbp mov [rax+18h], rsi mov [rax+20h], rdi mov [rax-8], r12 mov [rax-10h], r13 mov rsi, rcx mov rcx, [rcx+8] ; hWnd mov [rax-18h], r14 lea rdx, [rax-38h] ; lpRect mov [rax-20h], r15 call cs:GetClientRect mov ecx, 4 ; nNumWindows call cs:BeginDeferWindowPos mov rcx, [rsi+8] ; hDlg mov edx, 0C8Ah ; nIDDlgItem mov r12, rax call cs:GetDlgItem lea rdx, [rsp+0A8h+Rect] ; lpRect mov rcx, rax ; hWnd call cs:GetWindowRect mov rdx, [rsi+8] ; hWndTo lea r8, [rsp+0A8h+Rect] ; lpPoints mov r9d, 2 ; cPoints xor ecx, ecx ; hWndFrom call cs:MapWindowPoints mov r11d, cs:dword_10002F400 mov r13d, [rsp+0A8h+var_30] mov r14d, [rsp+0A8h+var_2C] mov rcx, [rsi+8] ; hDlg add r11d, r11d sub r13d, r11d sub r14d, r11d mov edx, 0BBAh ; nIDDlgItem sub r13d, [rsp+0A8h+Rect.right] sub r14d, [rsp+0A8h+Rect.bottom] call cs:GetDlgItem lea rdx, [rsp+0A8h+Points] ; lpRect mov rcx, rax ; hWnd mov rbx, rax call cs:GetWindowRect mov rdx, [rsi+8] ; hWndTo lea r8, [rsp+0A8h+Points] ; lpPoints mov r9d, 2 ; cPoints xor ecx, ecx ; hWndFrom call cs:MapWindowPoints mov r11d, [rsp+0A8h+Rect.top] mov eax, [rsp+0A8h+Rect.right] sub r11d, cs:dword_10002F400 sub eax, [rsp+0A8h+Points.x] mov [rsp+0A8h+var_70], 16h sub r11d, [rsp+0A8h+Points.y] add eax, r13d xor r15d, r15d add r11d, r14d xor r9d, r9d ; x xor r8d, r8d ; hWndInsertAfter mov [rsp+0A8h+var_78], r11d mov [rsp+0A8h+var_80], eax mov rdx, rbx ; hWnd mov rcx, r12 ; hWinPosInfo mov [rsp+0A8h+var_88], r15d call cs:DeferWindowPos lea rdi, qword_100002F58+10h lea ebp, [r15+3] db 66h, 66h nop loc_10001A380: ; nIDDlgItem mov edx, [rdi] mov rcx, [rsi+8] ; hDlg call cs:GetDlgItem lea rdx, [rsp+0A8h+var_48] ; lpRect mov rcx, rax ; hWnd mov rbx, rax call cs:GetWindowRect mov rdx, [rsi+8] ; hWndTo lea r8, [rsp+0A8h+var_48] ; lpPoints mov r9d, 2 ; cPoints xor ecx, ecx ; hWndFrom call cs:MapWindowPoints mov edx, [rsp+0A8h+var_44] mov r9d, [rsp+0A8h+var_48] add edx, r14d mov [rsp+0A8h+var_70], 15h mov [rsp+0A8h+var_78], r15d mov [rsp+0A8h+var_80], r15d mov [rsp+0A8h+var_88], edx add r9d, r13d ; x mov rdx, rbx ; hWnd xor r8d, r8d ; hWndInsertAfter mov rcx, r12 ; hWinPosInfo call cs:DeferWindowPos add rdi, 4 dec rbp jnz short loc_10001A380 mov rcx, r12 ; hWinPosInfo call cs:EndDeferWindowPos mov r15, [rsp+0A8h+var_20] mov r14, [rsp+0A8h+var_18] mov r13, [rsp+0A8h+var_10] mov r12, [rsp+0A8h+var_8] mov rdi, [rsp+0A8h+arg_18] mov rsi, [rsp+0A8h+arg_10] mov rbp, [rsp+0A8h+arg_8] mov rbx, [rsp+0A8h+arg_0] add rsp, 0A8h retn sub_10001A250 endp algn_10001A442: align 10h sub_10001A450 proc near var_13A8= qword ptr -13A8h var_13A0= dword ptr -13A0h var_1398= qword ptr -1398h var_1390= dword ptr -1390h var_1388= qword ptr -1388h var_1380= dword ptr -1380h var_1378= dword ptr -1378h var_1374= dword ptr -1374h var_1370= qword ptr -1370h hMem= qword ptr -1368h var_1360= dword ptr -1360h var_1358= qword ptr -1358h var_1350= word ptr -1350h var_1348= byte ptr -1348h var_1144= dword ptr -1144h var_1138= qword ptr -1138h var_1130= word ptr -1130h var_1128= byte ptr -1128h var_10A6= byte ptr -10A6h Text= word ptr -0C88h var_87A= word ptr -87Ah Buffer= word ptr -878h var_468= word ptr -468h Caption= word ptr -258h var_48= qword ptr -48h var_30= qword ptr -30h var_28= qword ptr -28h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_10= qword ptr 18h arg_18= qword ptr 20h mov eax, 13C8h call __chkstk sub rsp, rax mov rax, cs:qword_10002C178 mov [rsp+13C8h+var_48], rax loc_10001A46C: mov [rsp+13C8h+arg_10], rbx mov [rsp+13C8h+var_8], rsi mov [rsp+13C8h+var_10], rdi mov [rsp+13C8h+var_18], r12 mov [rsp+13C8h+var_20], r13 mov [rsp+13C8h+var_28], r14 mov r14, rcx mov rcx, cs:hInstance ; hInstance mov r12d, edx xor esi, esi lea r8, [rsp+13C8h+Caption] ; lpBuffer mov ebx, 0FFFFFFFFh mov r9d, 104h ; nBufferMax mov edx, 2713h ; uID mov [rsp+13C8h+var_30], r15 mov [rsp+13C8h+var_1374], ebx mov r13d, esi mov r15d, esi call cs:LoadStringW mov rcx, r14 call sub_1000192C0 test rax, rax mov rdi, rax mov [rsp+13C8h+var_1370], rax jz loc_10001AB30 cmp r12d, 0C8Ah jnz loc_10001A5E1 mov r8, [r14+10h] ; hWndParent mov rcx, cs:hInstance ; hInstance lea rax, qword_100003E18+18h mov [rsp+13C8h+var_1138], rax lea rax, [rsp+13C8h+var_1138] lea r9, sub_100017F40 ; lpDialogFunc mov edx, 0FAh ; lpTemplateName mov [rsp+13C8h+var_1130], 0FAh mov [rsp+13C8h+var_13A8], rax call cs:DialogBoxParamW cmp rax, 1 jnz loc_10001AB23 lea r8, [rsp+13C8h+var_1128] lea rcx, [rsp+13C8h+Buffer] lea rax, [rsp+13C8h+Buffer] sub r8, rcx mov edx, 208h db 66h nop loc_10001A570: movzx ecx, word ptr [r8+rax] test cx, cx jz short loc_10001A588 mov [rax], cx add rax, 2 dec rdx jnz short loc_10001A570 jmp short loc_10001A58D loc_10001A588: test rdx, rdx jnz short loc_10001A591 loc_10001A58D: sub rax, 2 loc_10001A591: lea r8, [rsp+13C8h+var_10A6] lea rcx, [rsp+13C8h+Text] mov [rax], si lea rax, [rsp+13C8h+Text] mov edx, 208h sub r8, rcx loc_10001A5B4: movzx ecx, word ptr [r8+rax] test cx, cx jz short loc_10001A5D3 mov [rax], cx add rax, 2 dec rdx jnz short loc_10001A5B4 sub rax, 2 mov [rax], si jmp short loc_10001A649 loc_10001A5D3: test rdx, rdx jnz short loc_10001A5DC sub rax, 2 loc_10001A5DC: mov [rax], si jmp short loc_10001A649 loc_10001A5E1: cmp r12d, 0C8Fh jz short loc_10001A5F3 cmp r12d, 0C8Ch jnz short loc_10001A649 loc_10001A5F3: ; hInstance mov rcx, cs:hInstance mov edx, esi cmp r12d, 0C8Fh setnz dl lea r8, [rsp+13C8h+Buffer] ; lpBuffer mov r9d, 208h ; nBufferMax add edx, 0CEEh ; uID call cs:LoadStringW mov rcx, [r14+10h] ; hWnd lea r8, [rsp+13C8h+Caption] ; lpCaption lea rdx, [rsp+13C8h+Buffer] ; lpText mov r9d, 134h ; uType call cs:MessageBoxW cmp eax, 7 jz loc_10001AB23 loc_10001A649: mov [rsp+13C8h+arg_18], rbp mov r8d, esi mov [rsp+13C8h+var_1378], esi loc_10001A658: cmp r8d, [rdi+10h] jl short loc_10001A67D loc_10001A65E: cmp ebx, 0FFFFFFFFh jz loc_10001AB1B test r15d, r15d jnz loc_10001AB1B mov r15d, 1 mov r8d, ebx mov [rsp+13C8h+var_1378], ebx loc_10001A67D: mov rax, [rdi+8] movsxd rcx, r8d mov rbp, [rax+rcx*8] test rbp, rbp jnz short loc_10001A6A0 test r15d, r15d jnz short loc_10001A65E inc r8d mov [rsp+13C8h+var_1378], r8d jmp short loc_10001A658 align 20h loc_10001A6A0: mov ecx, r12d sub ecx, 0C8Ah jz short loc_10001A723 dec ecx jz loc_10001A8D6 dec ecx jz short loc_10001A6F9 dec ecx jz loc_10001A8C6 cmp ecx, 2 jnz loc_10001A8C2 mov edx, [rbp+0] cmp cs:pSessionId, edx jnz short loc_10001A6DC test r15d, r15d jz loc_10001AAAE loc_10001A6DC: xor r8d, r8d xor ecx, ecx call WTSLogoffSession test eax, eax jz loc_10001A78E mov r13d, 1 jmp loc_10001A786 loc_10001A6F9: mov edx, [rbp+0] cmp cs:pSessionId, edx jnz short loc_10001A70D test r15d, r15d jz loc_10001AACF loc_10001A70D: xor r8d, r8d xor ecx, ecx call WTSDisconnectSession test eax, eax jz short loc_10001A78E mov r13d, 1 jmp short loc_10001A786 loc_10001A723: ; lpString lea rcx, [rsp+13C8h+Text] call cs:lstrlenW lea rcx, [rsp+13C8h+Buffer] ; lpString mov ebx, eax add ebx, ebx call cs:lstrlenW xor edx, edx mov [rsp+13C8h+var_1380], edx lea rcx, [rsp+13C8h+var_1360] lea r8, [rsp+13C8h+Buffer] mov [rsp+13C8h+var_1388], rcx mov [rsp+13C8h+var_1390], edx mov edx, [rbp+0] lea rcx, [rsp+13C8h+Text] mov dword ptr [rsp+13C8h+var_1398], 40040h lea r9d, [rax+rax] mov [rsp+13C8h+var_13A0], ebx mov [rsp+13C8h+var_13A8], rcx xor ecx, ecx call WTSSendMessageW loc_10001A786: test eax, eax jnz loc_10001AAA0 loc_10001A78E: call cs:GetLastError mov edx, r12d sub edx, 0C8Ah mov edi, eax jz short loc_10001A7B9 sub edx, 2 jz short loc_10001A7B2 cmp edx, 3 jnz short loc_10001A800 mov edx, 0CE5h jmp short loc_10001A7BE loc_10001A7B2: mov edx, 0CE6h jmp short loc_10001A7BE loc_10001A7B9: ; uID mov edx, 0CE4h loc_10001A7BE: ; hInstance mov rcx, cs:hInstance lea r8, [rsp+13C8h+Buffer] ; lpBuffer mov r9d, 208h ; nBufferMax call cs:LoadStringW mov eax, [rbp+0] lea r9, [rbp+8] lea r8, [rsp+13C8h+Buffer] lea rcx, [rsp+13C8h+Text] mov edx, 208h mov dword ptr [rsp+13C8h+var_13A8], eax call sub_100008380 jmp short loc_10001A80A loc_10001A800: mov [rsp+13C8h+Buffer], 0 loc_10001A80A: ; lpString lea rcx, [rsp+13C8h+Text] call cs:lstrlenW movsxd rcx, eax lea rbx, [rsp+rcx*2+13C8h+Text] lea rcx, [rsp+13C8h+Text] ; lpString call cs:lstrlenW mov ecx, 207h mov [rsp+13C8h+var_1398], 0 sub ecx, eax mov r9d, 400h ; dwLanguageId mov r8d, edi ; dwMessageId mov [rsp+13C8h+var_13A0], ecx mov [rsp+13C8h+var_1360], ecx mov ecx, 1000h ; dwFlags xor edx, edx ; lpSource mov [rsp+13C8h+var_13A8], rbx call cs:FormatMessageW mov rcx, [r14+10h] ; hWnd lea r8, [rsp+13C8h+Caption] ; lpCaption lea rdx, [rsp+13C8h+Text] ; lpText mov r9d, 12h ; uType mov [rsp+13C8h+var_87A], 0 call cs:MessageBoxW cmp eax, 2 jz loc_10001AB14 cmp eax, 3 jz loc_10001AB0B cmp eax, 4 jz loc_10001A6A0 xor esi, esi loc_10001A8AB: test r15d, r15d jz loc_10001AAF0 mov ebx, [rsp+13C8h+var_1374] mov rdi, [rsp+13C8h+var_1370] jmp loc_10001A65E loc_10001A8C2: xor esi, esi jmp short loc_10001A8AB loc_10001A8C6: mov rcx, [r14+10h] mov rdx, rbp call sub_10001B780 xor esi, esi jmp short loc_10001A8AB loc_10001A8D6: mov edx, [rbp+0] lea r9, [rsp+13C8h+var_468] mov ebx, 1 mov r8d, 0FFFFFFFFh xor ecx, ecx mov [rsp+13C8h+var_468], 0 mov byte ptr [rsp+13C8h+var_13A8], bl call WinStationConnectW test al, al jnz loc_10001AAA7 xor esi, esi db 66h nop db 66h, 66h nop loc_10001A910: call cs:GetLastError cmp eax, 52Eh mov edi, eax jnz loc_10001A9EE mov r8, [r14+10h] ; hWndParent lea rax, qword_100003E18 test ebx, ebx mov [rsp+13C8h+var_1358], rax mov ecx, 9CBCh mov eax, 9CC0h cmovnz eax, ecx mov rcx, cs:hInstance ; hInstance lea r9, sub_100017F40 ; lpDialogFunc mov [rsp+13C8h+var_1144], eax lea rax, [rsp+13C8h+var_1358] mov edx, 1B8h ; lpTemplateName mov [rsp+13C8h+var_1350], 1B8h mov ebx, esi mov [rsp+13C8h+var_13A8], rax call cs:DialogBoxParamW cmp rax, 1 jnz loc_10001A8AB lea r8, [rsp+13C8h+var_1348] lea rcx, [rsp+13C8h+var_468] lea rax, [rsp+13C8h+var_468] sub r8, rcx mov edx, 101h nop loc_10001A9A0: movzx ecx, word ptr [r8+rax] test cx, cx jz short loc_10001A9B8 mov [rax], cx add rax, 2 dec rdx jnz short loc_10001A9A0 jmp short loc_10001A9BD loc_10001A9B8: test rdx, rdx jnz short loc_10001A9C1 loc_10001A9BD: sub rax, 2 loc_10001A9C1: mov edx, [rbp+0] lea r9, [rsp+13C8h+var_468] mov r8d, 0FFFFFFFFh xor ecx, ecx mov [rax], bx mov byte ptr [rsp+13C8h+var_13A8], 1 call WinStationConnectW test al, al jz loc_10001A910 jmp loc_10001A8AB loc_10001A9EE: ; hInstance mov rcx, cs:hInstance lea r8, [rsp+13C8h+Text] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, 9CBBh ; uID call cs:LoadStringW lea rax, [rsp+13C8h+hMem] mov [rsp+13C8h+var_1398], rsi xor r9d, r9d ; dwLanguageId mov r8d, edi ; dwMessageId xor edx, edx ; lpSource mov ecx, 1300h ; dwFlags mov [rsp+13C8h+var_13A0], esi mov [rsp+13C8h+var_13A8], rax call cs:FormatMessageW mov rcx, [rsp+13C8h+hMem] lea r8, [rsp+13C8h+Text] test eax, eax mov r9d, edi mov edx, 208h cmovz rcx, rsi mov ebx, eax mov [rsp+13C8h+hMem], rcx mov [rsp+13C8h+var_13A8], rcx lea rcx, [rsp+13C8h+Buffer] call sub_100008380 mov rcx, [r14+10h] ; hWnd lea r8, [rsp+13C8h+Caption] ; lpCaption lea rdx, [rsp+13C8h+Buffer] ; lpText mov r9d, 30h ; uType call cs:MessageBoxW test ebx, ebx jz loc_10001A8AB mov rcx, [rsp+13C8h+hMem] ; hMem call cs:LocalFree jmp loc_10001A8AB loc_10001AAA0: xor esi, esi jmp loc_10001A8AB loc_10001AAA7: xor esi, esi jmp loc_10001A8AB loc_10001AAAE: mov r8d, [rsp+13C8h+var_1378] mov rdi, [rsp+13C8h+var_1370] xor esi, esi mov ebx, r8d mov [rsp+13C8h+var_1374], r8d inc r8d mov [rsp+13C8h+var_1378], r8d jmp loc_10001A658 loc_10001AACF: mov r8d, [rsp+13C8h+var_1378] mov rdi, [rsp+13C8h+var_1370] xor esi, esi mov ebx, r8d mov [rsp+13C8h+var_1374], r8d inc r8d mov [rsp+13C8h+var_1378], r8d jmp loc_10001A658 loc_10001AAF0: mov r8d, [rsp+13C8h+var_1378] mov ebx, [rsp+13C8h+var_1374] mov rdi, [rsp+13C8h+var_1370] inc r8d mov [rsp+13C8h+var_1378], r8d jmp loc_10001A658 loc_10001AB0B: mov rdi, [rsp+13C8h+var_1370] xor esi, esi jmp short loc_10001AB1B loc_10001AB14: mov rdi, [rsp+13C8h+var_1370] xor esi, esi loc_10001AB1B: mov rbp, [rsp+13C8h+arg_18] loc_10001AB23: mov rax, [rdi] mov edx, 1 mov rcx, rdi call qword ptr [rax] loc_10001AB30: mov r15, [rsp+13C8h+var_30] mov r12, [rsp+13C8h+var_18] mov rdi, [rsp+13C8h+var_10] mov rbx, [rsp+13C8h+arg_10] mov [r14+20h], esi mov rsi, [rsp+13C8h+var_8] test r13d, r13d mov r13, [rsp+13C8h+var_20] jz short loc_10001AB72 loc_10001AB69: mov rax, [r14] mov rcx, r14 call qword ptr [rax+30h] loc_10001AB72: mov r14, [rsp+13C8h+var_28] mov rcx, [rsp+13C8h+var_48] call sub_1000258D0 add rsp, 13C8h retn sub_10001A450 endp algn_10001AB8F: align 20h ; int __fastcall sub_10001ABA0(HWND hDlg, UINT Msg, WPARAM wParam, LONG_PTR dwNewLong, __int64, __int64, __int64, __int64) sub_10001ABA0 proc near var_18= qword ptr -18h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 38h mov [rsp+38h+arg_0], rbx mov [rsp+38h+arg_8], rbp mov [rsp+38h+arg_10], rsi mov ebx, edx mov [rsp+38h+arg_18], rdi mov edx, 0FFFFFFEBh ; nIndex mov [rsp+38h+var_8], r12 mov rbp, r9 mov rsi, r8 mov r12, rcx call cs:GetWindowLongPtrW cmp ebx, 0A3h mov rdi, rax jb short loc_10001AC07 cmp ebx, 0A5h jbe short loc_10001ABF6 cmp ebx, 202h jbe short loc_10001AC07 cmp ebx, 205h ja short loc_10001AC07 loc_10001ABF6: mov rcx, cs:hWnd mov r9, rbp mov r8, rsi mov edx, ebx jmp short loc_10001AC60 loc_10001AC07: cmp ebx, 7Bh ja loc_10001ACC8 cmp ebx, 7Bh jz short loc_10001AC8C cmp ebx, 5 jz short loc_10001AC75 cmp ebx, 15h jz short loc_10001AC47 cmp ebx, 1Ah jz short loc_10001AC3F cmp ebx, 4Eh jnz loc_10001AE25 mov rdx, rbp mov rcx, rax call sub_100019890 cdqe jmp loc_10001AE27 loc_10001AC3F: mov rcx, rax call sub_10001AE50 loc_10001AC47: ; nIDDlgItem mov edx, 0BBAh mov rcx, r12 ; hDlg call cs:GetDlgItem mov r9, rbp ; lParam mov r8, rsi ; wParam mov rcx, rax ; hWnd mov edx, ebx ; Msg loc_10001AC60: call cs:SendMessageW mov rax, 1 jmp loc_10001AE27 loc_10001AC75: mov rcx, rax call sub_10001A250 mov rax, 1 jmp loc_10001AE27 loc_10001AC8C: ; nIDDlgItem mov edx, 0BBAh mov rcx, r12 ; hDlg call cs:GetDlgItem cmp rsi, rax jnz loc_10001AE25 mov rax, rbp movsx edx, bp mov rcx, rdi shr rax, 10h movsx r8d, ax call sub_100019470 mov rax, 1 jmp loc_10001AE27 loc_10001ACC8: cmp ebx, 110h jz loc_10001ADAE cmp ebx, 111h jz short loc_10001AD48 cmp ebx, 11Fh jz short loc_10001AD2F cmp ebx, 200h jbe loc_10001AE25 cmp ebx, 202h ja loc_10001AE25 test byte ptr cs:dword_10003015C, 10h jz loc_10001AE25 mov rcx, cs:hWnd xor eax, eax cmp ebx, 202h setz al mov r9, rbp mov r8d, 2 lea edx, [rax+0A1h] jmp loc_10001AE1F loc_10001AD2F: shr rsi, 10h cmp si, 0FFFFh jnz loc_10001AE25 xor eax, eax mov [rdi+20h], eax jmp loc_10001AE25 loc_10001AD48: cmp si, 9CADh jnz short loc_10001ADA1 movzx edx, cs:word_10002D8E8 ; lpTemplateName mov rcx, cs:hInstance ; hInstance lea rax, unk_10002D8E0 lea r9, sub_100017F40 ; lpDialogFunc mov r8, r12 ; hWndParent mov [rsp+38h+var_18], rax call cs:DialogBoxParamW cmp rax, 1 jnz loc_10001AE25 mov rcx, rdi call sub_10001B040 test eax, eax js loc_10001AE25 mov rax, [rdi] mov rcx, rdi call qword ptr [rax+30h] jmp loc_10001AE25 loc_10001ADA1: movzx edx, si mov rcx, rax call sub_10001A450 jmp short loc_10001AE25 loc_10001ADAE: ; dwNewLong mov r8, rbp mov edx, 0FFFFFFEBh ; nIndex mov rcx, r12 ; hWnd call cs:SetWindowLongPtrW mov edx, 0BBAh ; nIDDlgItem mov rcx, r12 ; hDlg mov [rbp+8], r12 call cs:GetDlgItem mov r9, [rbp+28h] ; lParam mov rcx, rax ; hWnd mov edx, 1003h ; Msg mov r8d, 1 ; wParam mov rbx, rax call cs:SendMessageW mov edx, 0FFFFFFF0h ; nIndex mov rcx, rbx ; hWnd call cs:GetWindowLongW mov edx, 0FFFFFFF0h ; nIndex mov rcx, rbx ; hWnd or eax, 8 mov r8d, eax ; dwNewLong call cs:SetWindowLongW mov r9d, 10000h ; lParam xor r8d, r8d ; wParam mov edx, 1036h ; Msg mov rcx, rbx ; hWnd loc_10001AE1F: call cs:SendMessageW loc_10001AE25: xor eax, eax loc_10001AE27: mov r12, [rsp+38h+var_8] mov rdi, [rsp+38h+arg_18] mov rsi, [rsp+38h+arg_10] mov rbp, [rsp+38h+arg_8] mov rbx, [rsp+38h+arg_0] add rsp, 38h retn sub_10001ABA0 endp algn_10001AE45: align 10h sub_10001AE50 proc near var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov rax, [rcx+18h] mov [rsp+28h+arg_0], rbx mov [rsp+28h+arg_8], rbp mov ebp, [rcx+20h] mov [rsp+28h+arg_10], rsi mov [rsp+28h+var_8], r12 xor r12d, r12d test rax, rax mov rsi, rcx mov dword ptr [rcx+20h], 1 jz short loc_10001AEDE movsxd rax, dword ptr [rax+10h] loc_10001AE85: mov [rsp+28h+arg_18], rdi test eax, eax mov rdi, rax jz short loc_10001AED9 db 66h, 66h nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop db 66h, 66h, 66h nop loc_10001AEA0: mov rax, [rsi+18h] mov rcx, [rax+8] mov rbx, [rcx+rdi*8-8] test rbx, rbx jz short loc_10001AED4 mov rcx, [rbx+80h] ; hMem test rcx, rcx jz short loc_10001AECB call cs:LocalFree mov [rbx+80h], r12 loc_10001AECB: ; hMem mov rcx, rbx call cs:LocalFree loc_10001AED4: dec rdi jnz short loc_10001AEA0 loc_10001AED9: mov rdi, [rsp+28h+arg_18] loc_10001AEDE: mov rbx, [rsi+18h] xor edx, edx ; dwFlags mov r8, [rbx+8] ; lpMem mov rcx, [rbx+20h] ; hHeap call cs:HeapFree mov [rbx+8], r12 mov [rbx+14h], r12d mov [rbx+10h], r12d mov rax, [rsi] mov rcx, rsi mov [rsi+20h], ebp mov r12, [rsp+28h+var_8] mov rsi, [rsp+28h+arg_10] mov rbp, [rsp+28h+arg_8] mov rbx, [rsp+28h+arg_0] add rsp, 28h jmp qword ptr [rax+30h] sub_10001AE50 endp algn_10001AF23: align 10h loc_10001AF30: mov rcx, cs:hInstance mov r9d, r8d mov r8, rdx mov edx, 0BB9h jmp cs:LoadStringW align 10h sub_10001AF50 proc near var_28= dword ptr -28h var_20= dword ptr -20h var_18= dword ptr -18h arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 48h mov [rsp+48h+arg_8], rbx mov rbx, rcx mov rcx, [rcx+8] ; hWnd mov edx, 5 ; nCmdShow loc_10001AF65: mov [rsp+48h+arg_10], rsi mov [rsp+48h+arg_18], rdi call cs:ShowWindow mov rcx, [rbx+8] ; hWnd xor eax, eax mov [rsp+48h+var_18], 3 mov [rsp+48h+var_20], eax xor r9d, r9d ; Y xor r8d, r8d ; X xor edx, edx ; hWndInsertAfter mov [rsp+48h+var_28], eax call cs:SetWindowPos mov rcx, cs:hWnd ; hWnd call cs:GetMenu mov rcx, cs:hInstance ; hInstance mov edx, 0C80h ; lpMenuName mov rdi, rax call cs:LoadMenuW mov rcx, rax ; hMenu mov rsi, rax call sub_100005790 test byte ptr cs:dword_10003015C, 10h mov cs:hMenu, rsi jnz short loc_10001AFE6 mov rcx, cs:hWnd ; hWnd mov rdx, rsi ; hMenu call cs:SetMenu loc_10001AFE6: test rdi, rdi mov rsi, [rsp+48h+arg_10] jz short loc_10001AFF9 loc_10001AFF0: ; hMenu mov rcx, rdi call cs:DestroyMenu loc_10001AFF9: mov rcx, rbx call sub_100019740 call cs:GetFocus mov rdi, [rsp+48h+arg_18] cmp rax, [rbx+10h] jz short loc_10001B02A loc_10001B012: ; hDlg mov rcx, [rbx+8] mov edx, 0BBAh ; nIDDlgItem call cs:GetDlgItem mov rcx, rax ; hWnd call cs:SetFocus loc_10001B02A: xor eax, eax mov rbx, [rsp+48h+arg_8] add rsp, 48h retn sub_10001AF50 endp algn_10001B036: align 20h sub_10001B040 proc near lParam= qword ptr -258h var_250= dword ptr -250h var_248= qword ptr -248h var_23C= dword ptr -23Ch Buffer= word ptr -228h var_18= qword ptr -18h var_8= qword ptr -8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 278h mov rax, cs:qword_10002C178 mov [rsp+278h+var_18], rax mov rcx, [rcx+8] ; hDlg mov edx, 0BBAh ; nIDDlgItem mov [rsp+278h+arg_10], rbp call cs:GetDlgItem test rax, rax mov rbp, rax jnz short loc_10001B07F mov eax, 8000FFFFh jmp loc_10001B198 loc_10001B07F: ; lParam xor r9d, r9d xor r8d, r8d ; wParam mov edx, 1009h ; Msg mov rcx, rax ; hWnd loc_10001B08D: mov [rsp+278h+arg_8], rbx call cs:SendMessageW mov dword ptr [rsp+278h+lParam], 0Ah lea rbx, unk_10002D63C db 66h, 66h nop db 66h, 66h nop loc_10001B0B0: ; lParam lea r9, [rsp+278h+lParam] xor r8d, r8d ; wParam mov edx, 105Fh ; Msg mov rcx, rbp ; hWnd call cs:SendMessageW test eax, eax jz short loc_10001B0DF movsxd rax, [rsp+278h+var_23C] cmp eax, 4 ja short loc_10001B0DF lea rcx, [rax+rax*4] mov eax, [rsp+278h+var_250] mov [rbx+rcx*4], eax loc_10001B0DF: ; lParam xor r9d, r9d xor r8d, r8d ; wParam mov edx, 101Ch ; Msg mov rcx, rbp ; hWnd call cs:SendMessageW test eax, eax jnz short loc_10001B0B0 mov [rsp+278h+arg_18], rsi xor esi, esi mov [rsp+278h+var_8], rdi mov edi, esi lea rbx, unk_10002D638 loc_10001B112: cmp dword ptr [rbx+8], 0 jz short loc_10001B173 mov edx, [rbx-8] ; uID mov rcx, cs:hInstance ; hInstance lea r8, [rsp+278h+Buffer] ; lpBuffer mov r9d, 104h ; nBufferMax call cs:LoadStringW mov eax, [rbx] lea r9, [rsp+278h+lParam] ; lParam mov dword ptr [rsp+278h+lParam+4], eax mov eax, [rbx+4] movsxd r8, esi ; wParam mov [rsp+278h+var_250], eax lea rax, [rsp+278h+Buffer] mov edx, 1061h ; Msg mov rcx, rbp ; hWnd mov dword ptr [rsp+278h+lParam], 0Fh mov [rsp+278h+var_23C], edi mov [rsp+278h+var_248], rax call cs:SendMessageW cmp eax, 0FFFFFFFFh jz short loc_10001B1B5 inc esi loc_10001B173: inc edi add rbx, 14h cmp edi, 5 jl short loc_10001B112 xor eax, eax loc_10001B180: mov rsi, [rsp+278h+arg_18] mov rdi, [rsp+278h+var_8] mov rbx, [rsp+278h+arg_8] loc_10001B198: mov rbp, [rsp+278h+arg_10] mov rcx, [rsp+278h+var_18] call sub_1000258D0 add rsp, 278h retn loc_10001B1B5: mov eax, 80004005h jmp short loc_10001B180 sub_10001B040 endp byte_10001B1BC db 14h dup(0CCh) sub_10001B1D0 proc near var_258= qword ptr -258h String= word ptr -248h var_38= qword ptr -38h var_28= qword ptr -28h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_10= qword ptr 18h arg_18= qword ptr 20h mov r11, rsp sub rsp, 278h mov rax, cs:qword_10002C178 mov [rsp+278h+var_38], rax mov [r11+18h], rbx mov [r11+20h], rbp mov [r11-8], rsi mov rsi, rdx mov edx, 28h ; uBytes mov rbp, rcx lea ecx, [rdx+18h] ; uFlags mov [r11-20h], r13 call cs:LocalAlloc test rax, rax mov rbx, rax jz short loc_10001B23E call cs:GetProcessHeap xor r13d, r13d lea rcx, qword_100003B10 mov [rbx+8], r13 mov [rbx+10h], r13d mov [rbx+14h], r13d mov [rbx], rcx mov [rbx+20h], rax mov [rbx+18h], r13d jmp short loc_10001B244 loc_10001B23E: xor r13d, r13d mov rbx, r13 loc_10001B244: test rbx, rbx mov [rsp+278h+var_10], rdi mov [rsp+278h+var_18], r12 mov [rsp+278h+var_28], r14 mov [rbp+18h], rbx jnz short loc_10001B2CC mov edi, 8007000Eh loc_10001B26A: ; hWnd mov rcx, [rbp+8] test rcx, rcx jz short loc_10001B279 call cs:DestroyWindow loc_10001B279: mov [rbp+10h], r13 loc_10001B27D: mov r14, [rsp+278h+var_28] mov r13, [rsp+278h+var_20] mov r12, [rsp+278h+var_18] mov rsi, [rsp+278h+var_8] mov rbp, [rsp+278h+arg_18] mov rbx, [rsp+278h+arg_10] mov eax, edi mov rdi, [rsp+278h+var_10] mov rcx, [rsp+278h+var_38] call sub_1000258D0 add rsp, 278h retn loc_10001B2CC: cmp cs:dword_10002F43C, 0 mov [rbp+10h], rsi mov edi, 1 jz short loc_10001B2F0 mov rcx, rsi call sub_100024690 mov ecx, 2001h test eax, eax cmovnz edi, ecx loc_10001B2F0: ; nIndex mov ecx, 32h call cs:GetSystemMetrics mov ecx, 31h ; nIndex mov ebx, eax call cs:GetSystemMetrics mov r9d, 2 ; cInitial mov r8d, edi ; flags mov edx, ebx ; cy mov ecx, eax ; cx mov dword ptr [rsp+278h+var_258], 1 call cs:ImageList_Create test rax, rax mov [rbp+28h], rax jnz short loc_10001B336 mov edi, 80004005h jmp loc_10001B26A loc_10001B336: mov rcx, rbp call sub_10001B4A0 test eax, eax mov edi, eax js loc_10001B26A mov r12d, 0BCCh lea rsi, unk_10002F370 lea r14, dword_10002F390 db 66h, 66h, 66h nop loc_10001B360: ; hInstance mov rcx, cs:hInstance lea r8, [rsp+278h+String] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, r12d ; uID call cs:LoadStringW test eax, eax jz loc_10001B450 lea rcx, [rsp+278h+String] ; lpString call cs:lstrlenW xor ecx, ecx ; uFlags inc eax mov ebx, eax lea rdx, [rax+rax] ; uBytes call cs:LocalAlloc test rax, rax mov [rsi], rax jz short loc_10001B3F1 cmp rbx, 7FFFFFFFh ja short loc_10001B3F6 test rbx, rbx lea rcx, [rsp+278h+String] jz short loc_10001B3F6 db 66h, 66h nop db 66h, 66h, 66h nop loc_10001B3C0: movzx edx, word ptr [rcx] test dx, dx jz short loc_10001B3E1 mov [rax], dx add rax, 2 add rcx, 2 dec rbx jnz short loc_10001B3C0 sub rax, 2 mov [rax], bx jmp short loc_10001B3F6 loc_10001B3E1: test rbx, rbx jnz short loc_10001B3EA sub rax, 2 loc_10001B3EA: mov word ptr [rax], 0 jmp short loc_10001B3F6 loc_10001B3F1: mov edi, 8007000Eh loc_10001B3F6: add rsi, 8 inc r12d cmp rsi, r14 jl loc_10001B360 test edi, edi js loc_10001B26A mov r8, cs:hWnd ; hWndParent mov rcx, cs:hInstance ; hInstance lea r9, sub_10001ABA0 ; lpDialogFunc mov edx, 0BB8h ; lpTemplateName mov [rsp+278h+var_258], rbp call cs:CreateDialogParamW test rax, rax mov [rbp+8], rax jnz short loc_10001B469 call cs:GetLastError test eax, eax jg short loc_10001B45A call cs:GetLastError mov edi, eax jmp short loc_10001B469 loc_10001B450: mov edi, 80004005h jmp loc_10001B26A loc_10001B45A: call cs:GetLastError movzx edi, ax or edi, 80070000h loc_10001B469: test edi, edi js loc_10001B26A mov rcx, rbp call sub_10001B040 test eax, eax mov edi, eax js loc_10001B26A mov rax, [rbp+0] mov rcx, rbp call qword ptr [rax+30h] jmp loc_10001B27D sub_10001B1D0 endp algn_10001B492: align 20h sub_10001B4A0 proc near var_18= dword ptr -18h var_10= dword ptr -10h arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 38h mov [rsp+38h+arg_8], rbx mov [rsp+38h+arg_10], rsi mov [rsp+38h+arg_18], rdi mov rdi, rcx mov ecx, 32h ; nIndex call cs:GetSystemMetrics mov ecx, 31h ; nIndex mov ebx, eax call cs:GetSystemMetrics mov rcx, cs:hInstance ; HINSTANCE xor esi, esi mov edx, 0BBCh ; LPCWSTR mov r9d, eax ; int lea r8d, [rsi+1] ; UINT mov [rsp+38h+var_10], esi mov [rsp+38h+var_18], ebx call cs:LoadImageW test rax, rax mov rbx, rax jnz short loc_10001B529 call cs:GetLastError test eax, eax jle loc_10001B5B7 loc_10001B507: call cs:GetLastError movzx eax, ax or eax, 80070000h mov rdi, [rsp+38h+arg_18] mov rsi, [rsp+38h+arg_10] mov rbx, [rsp+38h+arg_8] add rsp, 38h retn loc_10001B529: ; himl mov rcx, [rdi+28h] mov r8, rax ; hicon mov edx, 0FFFFFFFFh ; i call cs:ImageList_ReplaceIcon mov rcx, rbx ; hIcon mov [rdi+30h], eax call cs:DestroyIcon cmp dword ptr [rdi+30h], 0FFFFFFFFh jnz short loc_10001B566 mov eax, 80004005h mov rdi, [rsp+38h+arg_18] mov rsi, [rsp+38h+arg_10] mov rbx, [rsp+38h+arg_8] add rsp, 38h retn loc_10001B566: ; nIndex mov ecx, 32h call cs:GetSystemMetrics mov ecx, 31h ; nIndex mov ebx, eax call cs:GetSystemMetrics mov rcx, cs:hInstance ; HINSTANCE mov edx, 0BBBh ; LPCWSTR mov r8d, 1 ; UINT mov r9d, eax ; int mov [rsp+38h+var_10], esi mov [rsp+38h+var_18], ebx call cs:LoadImageW test rax, rax mov rbx, rax jnz short loc_10001B5D1 call cs:GetLastError test eax, eax jg loc_10001B507 loc_10001B5B7: mov rdi, [rsp+38h+arg_18] mov rsi, [rsp+38h+arg_10] mov rbx, [rsp+38h+arg_8] add rsp, 38h jmp cs:GetLastError loc_10001B5D1: ; himl mov rcx, [rdi+28h] mov r8, rax ; hicon mov edx, 0FFFFFFFFh ; i call cs:ImageList_ReplaceIcon mov rcx, rbx ; hIcon mov [rdi+34h], eax call cs:DestroyIcon cmp dword ptr [rdi+30h], 0FFFFFFFFh mov rdi, [rsp+38h+arg_18] mov rbx, [rsp+38h+arg_8] mov eax, 80004005h cmovz esi, eax mov eax, esi mov rsi, [rsp+38h+arg_10] add rsp, 38h retn sub_10001B4A0 endp algn_10001B611: align 20h sub_10001B620 proc near mov rax, rsp sub rsp, 88h mov [rax+8], rbx mov [rax+10h], rbp mov rbx, rcx mov rcx, [rcx+8] sub_10001B620 endp ; sp-analysis failed sub_10001B639 proc near arg_50= byte ptr 58h mov [rax+20h], rdi mov edx, 0BBAh ; nIDDlgItem mov [rax-8], r12 call cs:GetDlgItem xor ebp, ebp test rax, rax mov rdi, rax lea r12, dword_10002D630 jz short sub_10001B6CB lea r9, [rsp+arg_50] xor r8d, r8d mov edx, 105Fh mov rcx, rax sub_10001B639 endp ; sp-analysis failed sub_10001B66D proc near lParam= qword ptr 58h arg_58= dword ptr 60h arg_6C= dword ptr 74h arg_98= qword ptr 0A0h mov [rsp+arg_98], rsi mov dword ptr [rsp+lParam], 0Ah mov esi, ebp call cs:SendMessageW test eax, eax jz short loc_10001B6C3 db 66h, 66h nop db 66h, 66h, 66h nop loc_10001B690: movsxd rax, [rsp+arg_6C] cmp eax, 4 ja short loc_10001B6A7 lea rcx, [rax+rax*4] mov eax, [rsp+arg_58] mov [r12+rcx*4+0Ch], eax loc_10001B6A7: inc esi lea r9, [rsp+lParam] ; lParam mov edx, 105Fh ; Msg movsxd r8, esi ; wParam mov rcx, rdi ; hWnd call cs:SendMessageW test eax, eax jnz short loc_10001B690 loc_10001B6C3: mov rsi, [rsp+arg_98] sub_10001B66D endp ; sp-analysis failed sub_10001B6CB proc near arg_18= dword ptr 20h arg_20= dword ptr 28h arg_28= qword ptr 30h arg_30= qword ptr 38h arg_38= qword ptr 40h arg_48= byte ptr 50h arg_A0= qword ptr 0A8h mov [rsp+arg_38], rbp lea rax, [rsp+arg_48] lea rdx, SubKey ; "Software\\Microsoft\\Windows NT\\CurrentVe"... mov [rsp+arg_30], rax mov [rsp+arg_28], rbp xor r9d, r9d ; lpClass xor r8d, r8d ; Reserved mov rcx, 0FFFFFFFF80000001h ; hKey mov [rsp+arg_20], 20006h mov [rsp+arg_18], ebp call cs:RegCreateKeyExW mov rdi, [rsp+arg_A0] test eax, eax jnz short loc_10001B742 sub_10001B6CB endp ; sp-analysis failed sub_10001B711 proc near arg_18= qword ptr 20h arg_20= dword ptr 28h hKey= qword ptr 50h arg_78= qword ptr 80h mov rcx, [rsp+hKey] ; hKey lea r9d, [rax+3] ; dwType lea rdx, qword_100002F58+20h ; lpValueName xor r8d, r8d ; Reserved mov [rsp+arg_20], 64h mov [rsp+arg_18], r12 call cs:RegSetValueExW mov rcx, [rsp+hKey] ; hKey call cs:RegCloseKey loc_10001B742: mov rcx, [rbx+8] mov r12, [rsp+arg_78] test rcx, rcx jz short loc_10001B75D sub_10001B711 endp ; sp-analysis failed sub_10001B753 proc near arg_88= qword ptr 90h arg_90= qword ptr 98h call cs:DestroyWindow mov [rbx+8], rbp loc_10001B75D: mov rbp, [rsp+arg_90] mov rbx, [rsp+arg_88] xor eax, eax add rsp, 88h retn sub_10001B753 endp ; sp-analysis failed algn_10001B777: align 20h sub_10001B780 proc near var_1128= qword ptr -1128h var_1120= qword ptr -1120h nSize= dword ptr -1118h hKey= dword ptr -1110h var_1108= word ptr -1108h var_1100= byte ptr -1100h var_10FC= word ptr -10FCh var_10F8= byte ptr -10F8h var_10E8= byte ptr -10E8h var_B88= dword ptr -0B88h var_678= byte ptr -678h Buffer= word ptr -658h Text= word ptr -448h Caption= word ptr -238h var_28= qword ptr -28h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 arg_10= qword ptr 18h arg_18= qword ptr 20h mov eax, 1148h call __chkstk sub rsp, rax mov rax, cs:qword_10002C178 mov [rsp+1148h+var_28], rax mov [rsp+1148h+var_8], rsi mov rsi, rdx mov [rsp+1148h+var_10], rdi mov rdi, rcx mov rcx, cs:hInstance ; hInstance lea r8, [rsp+1148h+Caption] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, 2713h ; uID call cs:LoadStringW mov edx, [rsi] lea r11, [rsp+1148h+var_10F8] mov [rsp+1148h+var_1120], r11 lea r9, [rsp+1148h+var_10E8] mov r8d, 1 xor ecx, ecx mov dword ptr [rsp+1148h+var_1128], 0A68h call WinStationQueryInformationW test al, al jz loc_10001BA80 mov eax, [rsp+1148h+var_B88] test eax, eax jnz short loc_10001B86C mov rcx, cs:hInstance ; hInstance lea r8, [rsp+1148h+Buffer] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, 9CBEh ; uID call cs:LoadStringW mov r9d, [rsi] lea r8, [rsp+1148h+Buffer] lea rcx, [rsp+1148h+Text] mov edx, 105h call sub_100008380 lea r8, [rsp+1148h+Caption] ; lpCaption lea rdx, [rsp+1148h+Text] ; lpText mov r9d, 30h ; uType mov rcx, rdi ; hWnd call cs:MessageBoxW jmp loc_10001BA80 loc_10001B86C: cmp dword ptr [rsi+88h], 4 jnz short loc_10001B8E0 cmp eax, 1 jz short loc_10001B87F cmp eax, 3 jnz short loc_10001B8E0 loc_10001B87F: ; hInstance mov rcx, cs:hInstance lea r8, [rsp+1148h+Buffer] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, 9CBFh ; uID call cs:LoadStringW mov r9d, [rsi] lea r8, [rsp+1148h+Buffer] lea rcx, [rsp+1148h+Text] mov edx, 105h call sub_100008380 lea r8, [rsp+1148h+Caption] ; lpCaption lea rdx, [rsp+1148h+Text] ; lpText mov r9d, 30h ; uType mov rcx, rdi ; hWnd call cs:MessageBoxW jmp loc_10001BA80 loc_10001B8E0: ; int lea rcx, [rsp+1148h+hKey] call sub_100018010 movzx edx, [rsp+1148h+var_1108] ; lpTemplateName mov rcx, cs:hInstance ; hInstance lea rax, [rsp+1148h+hKey] lea r9, sub_100017F40 ; lpDialogFunc mov r8, rdi ; hWndParent mov [rsp+1148h+var_1128], rax call cs:DialogBoxParamW cmp rax, 1 jz short loc_10001B925 lea rcx, [rsp+1148h+hKey] ; hKey call sub_100018110 jmp loc_10001BA80 loc_10001B925: ; hInstance mov rcx, cs:hInstance lea r9, sub_10001BAB0 ; lpDialogFunc mov r8, rdi ; hWndParent mov edx, 0D6h ; lpTemplateName loc_10001B93B: mov [rsp+1148h+arg_10], rbx mov [rsp+1148h+var_1128], 0 call cs:CreateDialogParamW test rax, rax mov rbx, rax jz short loc_10001B971 mov edx, 5 ; nCmdShow mov rcx, rax ; hWnd call cs:ShowWindow mov rcx, rbx ; hWnd call cs:UpdateWindow loc_10001B971: ; lpCursorName mov edx, 7F02h xor ecx, ecx ; hInstance mov [rsp+1148h+arg_18], rbp mov [rsp+1148h+var_18], r12 call cs:LoadCursorW mov rcx, rax ; hCursor call cs:SetCursor mov ecx, 384h ; dwMilliseconds mov r12, rax call cs:Sleep lea rdx, [rsp+1148h+nSize] ; nSize lea rcx, [rsp+1148h+var_678] ; lpBuffer mov [rsp+1148h+nSize], 0Fh call cs:GetComputerNameW movzx r11d, [rsp+1148h+var_10FC] movzx r9d, [rsp+1148h+var_1100] mov r8d, [rsi] lea rdx, [rsp+1148h+var_678] xor ecx, ecx mov word ptr [rsp+1148h+var_1128], r11w call WinStationShadow test rbx, rbx movzx ebp, al jz short loc_10001B9F5 mov rcx, rbx ; hWnd call cs:DestroyWindow loc_10001B9F5: mov rbx, [rsp+1148h+arg_10] test ebp, ebp mov rbp, [rsp+1148h+arg_18] jnz short loc_10001BA65 loc_10001BA09: ; hInstance mov rcx, cs:hInstance lea r8, [rsp+1148h+Buffer] ; lpBuffer mov r9d, 104h ; nBufferMax mov edx, 9CBDh ; uID call cs:LoadStringW mov r9d, [rsi] lea r8, [rsp+1148h+Buffer] lea rcx, [rsp+1148h+Text] mov edx, 105h call sub_100008380 lea r8, [rsp+1148h+Caption] ; lpCaption lea rdx, [rsp+1148h+Text] ; lpText mov r9d, 30h ; uType mov rcx, rdi ; hWnd call cs:MessageBoxW loc_10001BA65: ; hCursor mov rcx, r12 call cs:SetCursor lea rcx, [rsp+1148h+hKey] ; hKey call sub_100018110 mov r12, [rsp+1148h+var_18] loc_10001BA80: mov rdi, [rsp+1148h+var_10] mov rsi, [rsp+1148h+var_8] mov rcx, [rsp+1148h+var_28] call sub_1000258D0 add rsp, 1148h retn sub_10001B780 endp algn_10001BAA5: align 10h ; INT_PTR __stdcall sub_10001BAB0(HWND, UINT, WPARAM, LPARAM) sub_10001BAB0 proc near push rbx sub rsp, 20h cmp edx, 110h mov rbx, rcx jnz short loc_10001BAD2 call cs:GetDesktopWindow mov rdx, rbx ; hWnd mov rcx, rax ; hWnd call sub_10001BAE0 loc_10001BAD2: xor eax, eax add rsp, 20h pop rbx retn sub_10001BAB0 endp algn_10001BADA: align 20h ; int __fastcall sub_10001BAE0(HWND hWnd, HWND hWnd, int, int, __int64, __int64, __int64) sub_10001BAE0 proc near var_58= dword ptr -58h var_50= dword ptr -50h var_48= dword ptr -48h Rect= tagRECT ptr -38h rc= tagRECT ptr -28h pvParam= dword ptr -18h var_14= dword ptr -14h var_10= dword ptr -10h var_C= dword ptr -0Ch arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 78h mov [rax+10h], rbx mov [rax+18h], rsi mov [rax+20h], rdi mov rdi, rcx mov ecx, 1 ; nIndex mov rsi, rdx call cs:GetSystemMetrics xor ecx, ecx ; nIndex mov ebx, eax call cs:GetSystemMetrics lea rcx, [rsp+78h+rc] ; lprc xor r8d, r8d ; yTop xor edx, edx ; xLeft mov r9d, eax ; xRight mov [rsp+78h+var_58], ebx call cs:SetRect test rdi, rdi jz short loc_10001BB38 lea rdx, [rsp+78h+rc] ; lpRect mov rcx, rdi ; hWnd call cs:GetWindowRect loc_10001BB38: ; lpRect lea rdx, [rsp+78h+Rect] mov rcx, rsi ; hWnd call cs:GetWindowRect mov ecx, [rsp+78h+rc.left] mov eax, [rsp+78h+rc.right] mov edi, [rsp+78h+Rect.right] mov ebx, [rsp+78h+Rect.bottom] add eax, ecx sub edi, [rsp+78h+Rect.left] sub ebx, [rsp+78h+Rect.top] cdq sub eax, edx lea r8, [rsp+78h+pvParam] ; pvParam xor r9d, r9d ; fWinIni sar eax, 1 mov ecx, eax mov eax, edi cdq sub eax, edx sar eax, 1 sub ecx, eax mov eax, [rsp+78h+rc.bottom] mov [rsp+78h+Rect.left], ecx mov ecx, [rsp+78h+rc.top] add eax, ecx cdq sub eax, edx sar eax, 1 mov ecx, eax mov eax, ebx cdq sub eax, edx xor edx, edx ; uiParam sar eax, 1 sub ecx, eax mov [rsp+78h+Rect.top], ecx lea ecx, [rdx+30h] ; uiAction call cs:SystemParametersInfoW test eax, eax jz short loc_10001BC01 mov r8d, [rsp+78h+Rect.left] mov edx, [rsp+78h+var_10] mov r10d, [rsp+78h+pvParam] mov ecx, [rsp+78h+var_C] mov r11d, [rsp+78h+var_14] lea eax, [r8+rdi] sub edx, r10d sub ecx, r11d cmp eax, edx jbe short loc_10001BBD4 mov r8d, edx sub r8d, edi loc_10001BBD4: mov r9d, [rsp+78h+Rect.top] lea eax, [r9+rbx] cmp eax, ecx jbe short loc_10001BBE7 mov r9d, ecx sub r9d, ebx loc_10001BBE7: cmp r8d, r10d cmovl r8d, r10d cmp r9d, r11d cmovl r9d, r11d mov [rsp+78h+Rect.left], r8d mov [rsp+78h+Rect.top], r9d jmp short loc_10001BC0B loc_10001BC01: ; Y mov r9d, [rsp+78h+Rect.top] mov r8d, [rsp+78h+Rect.left] ; X loc_10001BC0B: xor eax, eax mov [rsp+78h+var_48], 125h xor edx, edx ; hWndInsertAfter mov [rsp+78h+var_50], eax mov rcx, rsi ; hWnd mov [rsp+78h+var_58], eax call cs:SetWindowPos mov rdi, [rsp+78h+arg_18] mov rsi, [rsp+78h+arg_10] mov rbx, [rsp+78h+arg_8] add rsp, 78h retn sub_10001BAE0 endp algn_10001BC45: align 10h sub_10001BC50 proc near var_58= dword ptr -58h var_50= qword ptr -50h var_48= qword ptr -48h var_40= qword ptr -40h var_38= qword ptr -38h var_30= qword ptr -30h var_28= qword ptr -28h var_20= qword ptr -20h var_18= qword ptr -18h var_8= qword ptr -8 arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 78h mov [rax+8], rbx mov [rax+10h], rbp mov [rax+18h], rsi mov esi, [rcx+4] mov r9, rcx mov [rax+20h], rdi mov [rax-8], r12 mov eax, [rcx+0Ch] mov r12d, [rcx+8] lea r10, __ImageBase mov rcx, rdx mov rbp, rdx sub rcx, rax mov eax, [r9+10h] add r12, r10 mov rbx, [r12] sub rcx, r10 add rsi, r10 sar rcx, 3 mov ecx, ecx lea rdx, [rax+rcx*8] mov rax, 8000000000000000h test [rdx+r10], rax jnz short loc_10001BCC3 mov edi, [rdx+r10] lea rax, loc_100000002 add rdi, rax jmp short loc_10001BCC8 loc_10001BCC3: movzx edi, word ptr [rdx+r10] loc_10001BCC8: test rbx, rbx jnz loc_10001BD5A mov rcx, rsi ; lpLibFileName call cs:LoadLibraryA test rax, rax mov rbx, rax jz loc_10001BD6B xor eax, eax lock cmpxchg [r12], rbx mov r12, rax jnz short loc_10001BD49 xor eax, eax mov [rsp+78h+var_58], 48h mov [rsp+78h+var_40], rax mov [rsp+78h+var_28], rax mov [rsp+78h+var_50], rax mov [rsp+78h+var_48], rax mov [rsp+78h+var_38], rax mov [rsp+78h+var_30], rax mov [rsp+78h+var_20], rax mov [rsp+78h+var_18], rax mov rax, cs:qword_100031670 test rax, rax mov [rsp+78h+var_40], rsi mov [rsp+78h+var_28], rbx jz short loc_10001BD55 lea rdx, [rsp+78h+var_58] mov ecx, 5 call rax ; qword_100031670 jmp short loc_10001BD55 loc_10001BD49: ; hLibModule mov rcx, rbx call cs:FreeLibrary mov rbx, r12 loc_10001BD55: test rbx, rbx jz short loc_10001BD6B loc_10001BD5A: ; lpProcName mov rdx, rdi mov rcx, rbx ; hModule call cs:GetProcAddress test rax, rax jnz short loc_10001BD76 loc_10001BD6B: mov rdx, rdi mov rcx, rsi call DelayLoadFailureHook loc_10001BD76: mov r12, [rsp+78h+var_8] mov rdi, [rsp+78h+arg_18] mov rsi, [rsp+78h+arg_10] mov rbx, [rsp+78h+arg_0] mov [rbp+0], rax mov rbp, [rsp+78h+arg_8] add rsp, 78h retn sub_10001BC50 endp algn_10001BDA4: align 20h sub_10001BDC0 proc near SystemTimeAsFileTime= _FILETIME ptr 8 PerformanceCount= LARGE_INTEGER ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov rax, cs:qword_10002C178 mov [rsp+28h+arg_18], rdi mov rdi, 2B992DDFA232h test rax, rax jz short loc_10001BDF8 cmp rax, rdi jz short loc_10001BDF8 not rax mov cs:qword_10002C170, rax mov rdi, [rsp+28h+arg_18] add rsp, 28h retn loc_10001BDF8: ; lpSystemTimeAsFileTime lea rcx, [rsp+28h+SystemTimeAsFileTime] mov [rsp+28h+arg_10], rbx call cs:GetSystemTimeAsFileTime mov rbx, qword ptr [rsp+28h+SystemTimeAsFileTime.dwLowDateTime] call cs:GetCurrentProcessId mov r11d, eax xor rbx, r11 call cs:GetCurrentThreadId mov r11d, eax xor rbx, r11 call cs:GetTickCount lea rcx, [rsp+28h+PerformanceCount] ; lpPerformanceCount mov r11d, eax xor rbx, r11 call cs:QueryPerformanceCounter mov r11, qword ptr [rsp+28h+PerformanceCount] xor r11, rbx mov rbx, [rsp+28h+arg_10] mov rax, 0FFFFFFFFFFFFh and r11, rax cmovnz rdi, r11 mov cs:qword_10002C178, rdi not rdi mov cs:qword_10002C170, rdi mov rdi, [rsp+28h+arg_18] add rsp, 28h retn sub_10001BDC0 endp algn_10001BE75: align 20h sub_10001BE80 proc near var_48= qword ptr -48h var_40= qword ptr -40h var_38= qword ptr -38h var_30= qword ptr -30h var_28= byte ptr -28h var_20= byte ptr -20h var_18= qword ptr -18h arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov rax, rsp sub rsp, 68h mov [rax+10h], rbx mov [rax+18h], rsi mov [rax+20h], rdi mov rdi, rcx lea rsi, ContextRecord mov rcx, rsi ; ContextRecord call cs:RtlCaptureContext mov rbx, cs:ContextRecord._Rip lea rdx, [rsp+68h+arg_0] mov rcx, rbx xor r8d, r8d call cs:RtlLookupFunctionEntry test rax, rax jz short loc_10001BF01 mov rdx, [rsp+68h+arg_0] mov [rsp+68h+var_30], 0 lea rcx, [rsp+68h+var_28] mov [rsp+68h+var_38], rcx lea rcx, [rsp+68h+var_20] mov r9, rax mov [rsp+68h+var_40], rcx xor ecx, ecx mov r8, rbx mov [rsp+68h+var_48], rsi call cs:RtlVirtualUnwind mov r11, cs:ContextRecord._Rip jmp short loc_10001BF1D loc_10001BF01: mov r11, [rsp+68h] lea rax, [rsp+68h] add rax, 8 mov cs:ContextRecord._Rip, r11 mov cs:ContextRecord._Rsp, rax loc_10001BF1D: mov rax, cs:qword_10002C178 mov cs:qword_10002D9B0, r11 mov cs:ContextRecord._Rcx, rdi mov cs:dword_10002D9A0, 0C0000409h mov cs:dword_10002D9A4, 1 mov [rsp+68h+var_18], rax mov rax, cs:qword_10002C170 xor ecx, ecx ; lpTopLevelExceptionFilter mov [rsp+68h+var_18], rax call cs:SetUnhandledExceptionFilter lea rcx, ExceptionInfo ; ExceptionInfo call cs:UnhandledExceptionFilter call cs:GetCurrentProcess mov edx, 0C0000409h ; uExitCode mov rcx, rax ; hProcess call cs:TerminateProcess mov rdi, [rsp+68h+arg_18] mov rsi, [rsp+68h+arg_10] mov rbx, [rsp+68h+arg_8] add rsp, 68h retn sub_10001BE80 endp algn_10001BF9A: align 20h ; [0000002E BYTES: COLLAPSED FUNCTION _amsg_exit. PRESS KEYPAD "+" TO EXPAND] algn_10001BFCE: align 20h ; [000002B7 BYTES: COLLAPSED FUNCTION start. PRESS KEYPAD "+" TO EXPAND] algn_10001C297: align 20h ; [0000001C BYTES: COLLAPSED FUNCTION wWinMainCRTStartup$filt$0. PRESS KEYPAD "+" TO EXPAND] byte_10001C2BC db 14h dup(0CCh) ; [00000087 BYTES: COLLAPSED FUNCTION unknown_libname_1. PRESS KEYPAD "+" TO EXPAND] algn_10001C357: align 20h ; [00000267 BYTES: COLLAPSED FUNCTION wcstoxl. PRESS KEYPAD "+" TO EXPAND] algn_10001C5C7: align 10h ; [00000008 BYTES: COLLAPSED FUNCTION wcstol. PRESS KEYPAD "+" TO EXPAND] db 0Eh dup(0CCh) align 10h ; [00000334 BYTES: COLLAPSED FUNCTION memmove. PRESS KEYPAD "+" TO EXPAND] align 10h ; [00000179 BYTES: COLLAPSED FUNCTION __mbstowcs_mt. PRESS KEYPAD "+" TO EXPAND] algn_10001CAA9: align 10h sub_10001CAB0 proc near arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h mov [rsp+28h+arg_8], rbx mov [rsp+28h+arg_10], rsi mov [rsp+28h+arg_18], rdi mov rdi, rdx mov rbx, r8 mov rsi, rcx call _getptd mov rax, [rax+0B8h] cmp rax, cs:off_10002C5B0 jz short loc_10001CAE6 call __updatetlocinfo loc_10001CAE6: mov r9, rbx mov r8, rdi mov rdx, rsi mov rcx, rax mov rdi, [rsp+28h+arg_18] mov rsi, [rsp+28h+arg_10] mov rbx, [rsp+28h+arg_8] add rsp, 28h jmp __mbstowcs_mt sub_10001CAB0 endp algn_10001CB0A: align 10h ; [00000082 BYTES: COLLAPSED FUNCTION _i64tow. PRESS KEYPAD "+" TO EXPAND] align 20h ; [00000062 BYTES: COLLAPSED FUNCTION _ui64tow. PRESS KEYPAD "+" TO EXPAND] align 10h ; [0000003B BYTES: COLLAPSED FUNCTION __crtExitProcess. PRESS KEYPAD "+" TO EXPAND] algn_10001CC4B: align 20h ; [00000042 BYTES: COLLAPSED FUNCTION _initterm. PRESS KEYPAD "+" TO EXPAND] algn_10001CCA2: align 10h ; [00000084 BYTES: COLLAPSED FUNCTION _cinit. PRESS KEYPAD "+" TO EXPAND] algn_10001CD34: align 20h ; [000000DA BYTES: COLLAPSED FUNCTION doexit. PRESS KEYPAD "+" TO EXPAND] db 0CCh ; [00000014 BYTES: COLLAPSED CHUNK OF FUNCTION doexit. PRESS KEYPAD "+" TO EXPAND] algn_10001CE2F: align 10h ; [0000001F BYTES: COLLAPSED FUNCTION doexit$fin$0. PRESS KEYPAD "+" TO EXPAND] algn_10001CE4F: align 20h ; [0000000A BYTES: COLLAPSED FUNCTION exit. PRESS KEYPAD "+" TO EXPAND] align 10h ; [0000000C BYTES: COLLAPSED FUNCTION _exit. PRESS KEYPAD "+" TO EXPAND] db 14h dup(0CCh) ; [0000000D BYTES: COLLAPSED FUNCTION _cexit. PRESS KEYPAD "+" TO EXPAND] db 13h dup(0CCh) ; [0000000F BYTES: COLLAPSED FUNCTION _c_exit. PRESS KEYPAD "+" TO EXPAND] db 11h dup(0CCh) ; [00000228 BYTES: COLLAPSED FUNCTION _NMSG_WRITE. PRESS KEYPAD "+" TO EXPAND] algn_10001D0F8: align 20h ; [00000044 BYTES: COLLAPSED FUNCTION _FF_MSGBANNER. PRESS KEYPAD "+" TO EXPAND] algn_10001D144: align 10h ; [0000019F BYTES: COLLAPSED FUNCTION __C_specific_handler. PRESS KEYPAD "+" TO EXPAND] algn_10001D2EF: align 20h ; [00000213 BYTES: COLLAPSED FUNCTION _XcptFilter. PRESS KEYPAD "+" TO EXPAND] algn_10001D513: align 20h ; [0000005D BYTES: COLLAPSED FUNCTION _wwincmdln. PRESS KEYPAD "+" TO EXPAND] db 13h dup(0CCh) ; [00000167 BYTES: COLLAPSED FUNCTION _wsetenvp. PRESS KEYPAD "+" TO EXPAND] algn_10001D6F7: align 20h ; [000001B6 BYTES: COLLAPSED FUNCTION wparse_cmdline. PRESS KEYPAD "+" TO EXPAND] algn_10001D8B6: align 20h ; [0000024B BYTES: COLLAPSED FUNCTION _wsetargv. PRESS KEYPAD "+" TO EXPAND] algn_10001DB0B: align 20h ; [00000218 BYTES: COLLAPSED FUNCTION __crtGetEnvironmentStringsW. PRESS KEYPAD "+" TO EXPAND] algn_10001DD38: align 20h ; [00000116 BYTES: COLLAPSED FUNCTION __crtGetCommandLineW. PRESS KEYPAD "+" TO EXPAND] algn_10001DE56: align 20h ; [000002E7 BYTES: COLLAPSED FUNCTION _ioinit. PRESS KEYPAD "+" TO EXPAND] algn_10001E147: align 10h ; [0000001A BYTES: COLLAPSED FUNCTION _ioinit$filt$0. PRESS KEYPAD "+" TO EXPAND] algn_10001E16A: align 10h loc_10001E170: jmp cs:TlsAlloc align 20h ; [00000091 BYTES: COLLAPSED FUNCTION _getptd_noexit. PRESS KEYPAD "+" TO EXPAND] algn_10001E211: align 20h ; [0000009E BYTES: COLLAPSED FUNCTION _getptd. PRESS KEYPAD "+" TO EXPAND] byte_10001E2BE db 12h dup(0CCh) ; [00000145 BYTES: COLLAPSED FUNCTION _freefls. PRESS KEYPAD "+" TO EXPAND] algn_10001E415: align 20h ; [00000019 BYTES: COLLAPSED FUNCTION _freefls$fin$1. PRESS KEYPAD "+" TO EXPAND] algn_10001E439: align 20h ; [00000019 BYTES: COLLAPSED FUNCTION _freefls$fin$0. PRESS KEYPAD "+" TO EXPAND] algn_10001E459: align 20h ; [0000017B BYTES: COLLAPSED FUNCTION _mtinit. PRESS KEYPAD "+" TO EXPAND] byte_10001E5DB db 15h dup(0CCh) ; [00000051 BYTES: COLLAPSED FUNCTION _heap_init. PRESS KEYPAD "+" TO EXPAND] algn_10001E641: align 10h ; [000001B2 BYTES: COLLAPSED FUNCTION _flsbuf. PRESS KEYPAD "+" TO EXPAND] algn_10001E802: align 10h ; [00000CD0 BYTES: COLLAPSED FUNCTION _woutput. PRESS KEYPAD "+" TO EXPAND] ; Attributes: noreturn sub_10001F4E0 proc near push rbp ; jump table for switch statement jmp short loc_10001F4E4 align 4 loc_10001F4E4: or al, 0E9h add [rax], eax db 3Eh jmp near ptr 0E9B5F4EFh sub_10001F4E0 endp dw 1 dq 1EA100001EA02h, 1EBAE0001EA5Ah off_10001F500 dd offset $LN86 - offset __ImageBase, offset $LN58 - offset __ImageBase ; jump table for switch statement dd offset $LN74 - offset __ImageBase, offset $LN42 - offset __ImageBase dd offset $LN80 - offset __ImageBase, offset $LN276 - offset __ImageBase dd offset $LN45 - offset __ImageBase, offset $LN279 - offset __ImageBase dd offset $LN61 - offset __ImageBase, offset $LN39 - offset __ImageBase dd offset $LN43 - offset __ImageBase, offset $LN275 - offset __ImageBase dd offset $LN44 - offset __ImageBase, offset $LN41 - offset __ImageBase dd offset $LN273 - offset __ImageBase byte_10001F53C db 0, 0Eh, 1, 0Eh ; indirect table for switch statement db 1, 0Eh, 0Eh, 0Eh db 0Eh, 0Eh, 0Eh, 0Eh db 0Eh, 0Eh, 0Eh, 0Eh db 2, 0Eh, 0Eh, 0Eh db 0Eh, 3, 0Eh, 4 db 0Eh, 0Eh, 0Eh, 0Eh db 0Eh, 0Eh, 0Eh, 0Eh db 5, 6, 7, 7 db 7, 0Eh, 6, 0Eh db 0Eh, 0Eh, 0Eh, 8 db 9, 0Ah, 0Eh, 0Eh db 0Bh, 0Eh, 0Ch, 0Eh db 0Eh, 0Dh algn_10001F572: align 20h ; [00000023 BYTES: COLLAPSED FUNCTION _errno. PRESS KEYPAD "+" TO EXPAND] algn_10001F5A3: align 10h ; [00000023 BYTES: COLLAPSED FUNCTION __doserrno. PRESS KEYPAD "+" TO EXPAND] algn_10001F5D3: align 20h ; [00000178 BYTES: COLLAPSED FUNCTION _dosmaperr. PRESS KEYPAD "+" TO EXPAND] algn_10001F758: align 20h ; [000001D4 BYTES: COLLAPSED FUNCTION _wchartodigit. PRESS KEYPAD "+" TO EXPAND] align 20h ; [0000008B BYTES: COLLAPSED FUNCTION __iswctype_mt. PRESS KEYPAD "+" TO EXPAND] algn_10001F9CB: align 20h ; [000000E2 BYTES: COLLAPSED FUNCTION __freetlocinfo. PRESS KEYPAD "+" TO EXPAND] algn_10001FAC2: align 10h ; [0000010B BYTES: COLLAPSED FUNCTION __updatetlocinfo_lk. PRESS KEYPAD "+" TO EXPAND] byte_10001FBDB db 15h dup(0CCh) ; [0000002C BYTES: COLLAPSED FUNCTION __updatetlocinfo. PRESS KEYPAD "+" TO EXPAND] algn_10001FC1C: align 20h ; [00000019 BYTES: COLLAPSED FUNCTION __updatetlocinfo$fin$0. PRESS KEYPAD "+" TO EXPAND] algn_10001FC39: align 20h ; [000000AD BYTES: COLLAPSED FUNCTION _mtinitlocks. PRESS KEYPAD "+" TO EXPAND] algn_10001FCED: align 20h ; [0000009C BYTES: COLLAPSED FUNCTION _mtdeletelocks. PRESS KEYPAD "+" TO EXPAND] byte_10001FD9C db 14h dup(0CCh) ; [00000018 BYTES: COLLAPSED FUNCTION _unlock. PRESS KEYPAD "+" TO EXPAND] align 10h ; [000000FC BYTES: COLLAPSED FUNCTION _mtinitlocknum. PRESS KEYPAD "+" TO EXPAND] algn_10001FECC: align 10h ; [0000001C BYTES: COLLAPSED FUNCTION _mtinitlocknum$fin$0. PRESS KEYPAD "+" TO EXPAND] algn_10001FEEC: align 20h ; [0000004C BYTES: COLLAPSED FUNCTION _lock. PRESS KEYPAD "+" TO EXPAND] algn_10001FF4C: align 20h ; [00000195 BYTES: COLLAPSED FUNCTION __crtMessageBoxA. PRESS KEYPAD "+" TO EXPAND] byte_1000200F5 db 11h dup(0CCh) align 10h ; [00000162 BYTES: COLLAPSED FUNCTION strncpy. PRESS KEYPAD "+" TO EXPAND] db 14h dup(0CCh) align 10h ; [00000021 BYTES: COLLAPSED FUNCTION _NLG_Notify. PRESS KEYPAD "+" TO EXPAND] align 20h ; [00000020 BYTES: COLLAPSED FUNCTION free. PRESS KEYPAD "+" TO EXPAND] byte_1000202E0 db 10h dup(0CCh) ; [0000006E BYTES: COLLAPSED FUNCTION unknown_libname_2. PRESS KEYPAD "+" TO EXPAND] byte_10002035E db 12h dup(0CCh) ; [00000086 BYTES: COLLAPSED FUNCTION unknown_libname_4. PRESS KEYPAD "+" TO EXPAND] algn_1000203F6: align 20h sub_100020400 proc near sub rsp, 28h call cs:InitializeCriticalSection mov eax, 1 add rsp, 28h retn sub_100020400 endp algn_100020414: align 20h ; [000000C0 BYTES: COLLAPSED FUNCTION __crtInitCritSecAndSpinCount. PRESS KEYPAD "+" TO EXPAND] ; [00000025 BYTES: COLLAPSED FUNCTION __crtInitCritSecAndSpinCount$filt$0. PRESS KEYPAD "+" TO EXPAND] algn_100020505: align 10h ; [00000241 BYTES: COLLAPSED FUNCTION setSBUpLow. PRESS KEYPAD "+" TO EXPAND] algn_100020751: align 20h ; [000003C0 BYTES: COLLAPSED FUNCTION _setmbcp_lk. PRESS KEYPAD "+" TO EXPAND] byte_100020B20 db 10h dup(0CCh) ; [000001A8 BYTES: COLLAPSED FUNCTION _setmbcp. PRESS KEYPAD "+" TO EXPAND] algn_100020CD8: align 20h ; [00000019 BYTES: COLLAPSED FUNCTION _setmbcp$fin$0. PRESS KEYPAD "+" TO EXPAND] algn_100020CF9: align 20h ; [00000028 BYTES: COLLAPSED FUNCTION __initmbctable. PRESS KEYPAD "+" TO EXPAND] algn_100020D28: align 10h ; [000000C4 BYTES: COLLAPSED FUNCTION _lseek_lk. PRESS KEYPAD "+" TO EXPAND] algn_100020DF4: align 20h ; [000000E2 BYTES: COLLAPSED FUNCTION _lseek. PRESS KEYPAD "+" TO EXPAND] algn_100020EE2: align 10h ; [00000017 BYTES: COLLAPSED FUNCTION _lseek$fin$0. PRESS KEYPAD "+" TO EXPAND] algn_100020F07: align 10h ; [00000277 BYTES: COLLAPSED FUNCTION _write_lk. PRESS KEYPAD "+" TO EXPAND] algn_100021187: align 10h ; [000000E2 BYTES: COLLAPSED FUNCTION _write. PRESS KEYPAD "+" TO EXPAND] algn_100021272: align 20h ; [00000017 BYTES: COLLAPSED FUNCTION _write$fin$0. PRESS KEYPAD "+" TO EXPAND] algn_100021297: align 20h ; [00000061 BYTES: COLLAPSED FUNCTION _getbuf. PRESS KEYPAD "+" TO EXPAND] algn_100021301: align 10h ; [00000031 BYTES: COLLAPSED FUNCTION _isatty. PRESS KEYPAD "+" TO EXPAND] align 10h ; [000000EE BYTES: COLLAPSED FUNCTION __initstdio. PRESS KEYPAD "+" TO EXPAND] byte_10002143E db 12h dup(0CCh) ; [00000027 BYTES: COLLAPSED FUNCTION __endstdio. PRESS KEYPAD "+" TO EXPAND] algn_100021477: align 20h ; [00000047 BYTES: COLLAPSED FUNCTION _lock_file. PRESS KEYPAD "+" TO EXPAND] align 10h sub_1000214D0 proc near cmp ecx, 14h jge short loc_1000214DD add ecx, 10h jmp _lock loc_1000214DD: lea rcx, [rdx+30h] jmp cs:EnterCriticalSection sub_1000214D0 endp align 10h ; [00000047 BYTES: COLLAPSED FUNCTION _unlock_file. PRESS KEYPAD "+" TO EXPAND] align 20h sub_100021540 proc near cmp ecx, 14h jge short loc_10002154D add ecx, 10h jmp _unlock loc_10002154D: lea rcx, [rdx+30h] jmp cs:LeaveCriticalSection sub_100021540 endp align 20h ; [0000011C BYTES: COLLAPSED FUNCTION _putwc_lk. PRESS KEYPAD "+" TO EXPAND] byte_10002167C db 14h dup(0CCh) sub_100021690 proc near mov rax, cs:off_10002CE40 retn sub_100021690 endp align 20h ; [0000012F BYTES: COLLAPSED FUNCTION __mbtowc_mt. PRESS KEYPAD "+" TO EXPAND] algn_1000217CF: align 20h ; [0000005A BYTES: COLLAPSED FUNCTION mbtowc. PRESS KEYPAD "+" TO EXPAND] algn_10002183A: align 20h ; [00000349 BYTES: COLLAPSED FUNCTION unknown_libname_6. PRESS KEYPAD "+" TO EXPAND] algn_100021B89: align 20h ; [000001EC BYTES: COLLAPSED FUNCTION __free_lc_time. PRESS KEYPAD "+" TO EXPAND] algn_100021D8C: align 20h ; [00000070 BYTES: COLLAPSED FUNCTION __free_lconv_num. PRESS KEYPAD "+" TO EXPAND] algn_100021E10: align 20h ; [000000F2 BYTES: COLLAPSED FUNCTION __free_lconv_mon. PRESS KEYPAD "+" TO EXPAND] byte_100021F12 db 14h dup(0CCh) align 10h ; [000000EA BYTES: COLLAPSED FUNCTION memset. PRESS KEYPAD "+" TO EXPAND] align 20h ; [0000029E BYTES: COLLAPSED FUNCTION __crtGetStringTypeA. PRESS KEYPAD "+" TO EXPAND] byte_1000222BE db 8 dup(0CCh) align 10h ; [000000C7 BYTES: COLLAPSED FUNCTION memcmp. PRESS KEYPAD "+" TO EXPAND] db 0Fh dup(0CCh) align 10h ; [000000B5 BYTES: COLLAPSED FUNCTION strncmp. PRESS KEYPAD "+" TO EXPAND] align 20h sub_100022480 proc near var_4B8= qword ptr -4B8h var_4B0= qword ptr -4B0h sub rsp, 4D8h xor r8, r8 xor r9, r9 mov [rsp+4D8h+var_4B8], rsp mov [rsp+4D8h+var_4B0], r8 call RtlUnwindEx add rsp, 4D8h retn sub_100022480 endp algn_1000224A4: align 10h ; [000000A8 BYTES: COLLAPSED FUNCTION unknown_libname_10. PRESS KEYPAD "+" TO EXPAND] algn_100022558: align 20h ; [0000006D BYTES: COLLAPSED FUNCTION calloc. PRESS KEYPAD "+" TO EXPAND] algn_1000225CD: align 20h ; [000005B2 BYTES: COLLAPSED FUNCTION unknown_libname_12. PRESS KEYPAD "+" TO EXPAND] algn_100022B92: align 20h ; [00000124 BYTES: COLLAPSED FUNCTION _free_osfhnd. PRESS KEYPAD "+" TO EXPAND] algn_100022CC4: align 10h ; [0000005A BYTES: COLLAPSED FUNCTION _get_osfhandle. PRESS KEYPAD "+" TO EXPAND] algn_100022D2A: align 10h ; [000000B7 BYTES: COLLAPSED FUNCTION _lock_fhandle. PRESS KEYPAD "+" TO EXPAND] algn_100022DE7: align 10h ; [00000019 BYTES: COLLAPSED FUNCTION _lock_fhandle$fin$0. PRESS KEYPAD "+" TO EXPAND] algn_100022E09: align 10h ; [0000002A BYTES: COLLAPSED FUNCTION _unlock_fhandle. PRESS KEYPAD "+" TO EXPAND] align 20h ; [000000C0 BYTES: COLLAPSED FUNCTION _lseeki64_lk. PRESS KEYPAD "+" TO EXPAND] byte_100022F00 db 10h dup(0CCh) ; [000000C7 BYTES: COLLAPSED FUNCTION _fcloseall. PRESS KEYPAD "+" TO EXPAND] algn_100022FD7: align 20h ; [00000019 BYTES: COLLAPSED FUNCTION _fcloseall$fin$0. PRESS KEYPAD "+" TO EXPAND] algn_100022FF9: align 20h ; [00000083 BYTES: COLLAPSED FUNCTION _flush. PRESS KEYPAD "+" TO EXPAND] algn_100023083: align 10h ; [000000B3 BYTES: COLLAPSED FUNCTION _fflush_lk. PRESS KEYPAD "+" TO EXPAND] algn_100023143: align 10h ; [00000108 BYTES: COLLAPSED FUNCTION flsall. PRESS KEYPAD "+" TO EXPAND] algn_100023258: align 20h ; [00000026 BYTES: COLLAPSED FUNCTION flsall$fin$0. PRESS KEYPAD "+" TO EXPAND] algn_100023286: align 10h ; [00000019 BYTES: COLLAPSED FUNCTION flsall$fin$1. PRESS KEYPAD "+" TO EXPAND] algn_1000232A9: align 10h sub_1000232B0 proc near mov ecx, 1 jmp flsall sub_1000232B0 endp align 20h ; [000001A6 BYTES: COLLAPSED FUNCTION _flswbuf. PRESS KEYPAD "+" TO EXPAND] algn_100023466: align 10h ; [000000D9 BYTES: COLLAPSED FUNCTION wctomb. PRESS KEYPAD "+" TO EXPAND] algn_100023549: align 10h ; [0000000A BYTES: COLLAPSED FUNCTION _fptrap. PRESS KEYPAD "+" TO EXPAND] align 20h ; [000001A0 BYTES: COLLAPSED FUNCTION _resetstkoflw. PRESS KEYPAD "+" TO EXPAND] byte_100023700 db 10h dup(0CCh) ; [0000005C BYTES: COLLAPSED FUNCTION __ansicp. PRESS KEYPAD "+" TO EXPAND] algn_10002376C: align 20h ; [0000030A BYTES: COLLAPSED FUNCTION __convertcp. PRESS KEYPAD "+" TO EXPAND] algn_100023A8A: align 20h ; [000000C0 BYTES: COLLAPSED FUNCTION atol. PRESS KEYPAD "+" TO EXPAND] byte_100023B60 db 10h dup(0CCh) ; [00000027 BYTES: COLLAPSED FUNCTION _callnewh. PRESS KEYPAD "+" TO EXPAND] algn_100023B97: align 20h ; [0000009D BYTES: COLLAPSED FUNCTION _fclose_lk. PRESS KEYPAD "+" TO EXPAND] byte_100023C3D db 13h dup(0CCh) ; [00000053 BYTES: COLLAPSED FUNCTION fclose. PRESS KEYPAD "+" TO EXPAND] algn_100023CA3: align 10h ; [00000018 BYTES: COLLAPSED FUNCTION fclose$fin$0. PRESS KEYPAD "+" TO EXPAND] algn_100023CC8: align 10h ; [000000CC BYTES: COLLAPSED FUNCTION _commit. PRESS KEYPAD "+" TO EXPAND] algn_100023D9C: align 20h ; [00000017 BYTES: COLLAPSED FUNCTION _commit$fin$0. PRESS KEYPAD "+" TO EXPAND] algn_100023DB7: align 20h ; [000000A9 BYTES: COLLAPSED FUNCTION __isctype_mt. PRESS KEYPAD "+" TO EXPAND] algn_100023E69: align 10h ; [000000B9 BYTES: COLLAPSED FUNCTION _close_lk. PRESS KEYPAD "+" TO EXPAND] algn_100023F29: align 10h ; [000000B7 BYTES: COLLAPSED FUNCTION _close. PRESS KEYPAD "+" TO EXPAND] algn_100023FE7: align 10h ; [00000017 BYTES: COLLAPSED FUNCTION _close$fin$0. PRESS KEYPAD "+" TO EXPAND] algn_100024007: align 10h ; [00000036 BYTES: COLLAPSED FUNCTION _freebuf. PRESS KEYPAD "+" TO EXPAND] byte_100024046 db 6 dup(0CCh) ; [00000006 BYTES: COLLAPSED FUNCTION RtlUnwindEx. PRESS KEYPAD "+" TO EXPAND] align 8 ; [00000006 BYTES: COLLAPSED FUNCTION GetInterfaceInfo. PRESS KEYPAD "+" TO EXPAND] db 6 dup(0CCh) ; [00000006 BYTES: COLLAPSED FUNCTION NhGetInterfaceNameFromDeviceGuid. PRESS KEYPAD "+" TO EXPAND] align 10h ; [00000006 BYTES: COLLAPSED FUNCTION GetIfEntry. PRESS KEYPAD "+" TO EXPAND] db 6 dup(0CCh) ; [00000006 BYTES: COLLAPSED FUNCTION GetNumberOfInterfaces. PRESS KEYPAD "+" TO EXPAND] align 10h sub_100024090 proc near var_178= qword ptr -178h var_170= qword ptr -170h var_168= dword ptr -168h hKey= qword ptr -160h LibFileName= byte ptr -158h var_48= qword ptr -48h var_30= qword ptr -30h var_28= qword ptr -28h var_20= qword ptr -20h var_18= qword ptr -18h var_10= qword ptr -10h var_8= qword ptr -8 mov r11, rsp sub rsp, 198h mov rax, cs:qword_10002C178 mov [rsp+198h+var_48], rax mov rax, cs:hModule mov [r11-10h], rbp mov [r11-18h], rsi test rax, rax mov [r11-20h], rdi mov [r11-28h], r12 mov [r11-30h], r13 mov rdi, r9 mov esi, r8d mov r12, rdx mov rbp, rcx mov r13d, 1 jnz loc_1000241A6 cmp cs:dword_10002E910, eax jnz loc_1000241A6 lea rax, [rsp+198h+hKey] loc_1000240F0: mov [r11-8], rbx lea rdx, aClsidAdb880a6D ; "CLSID\\{ADB880A6-D8FF-11CF-9377-00AA003B"... mov r9d, 20019h ; samDesired xor r8d, r8d ; ulOptions mov rcx, 0FFFFFFFF80000000h ; hKey mov [rsp+198h+var_178], rax xor ebx, ebx call cs:RegOpenKeyExA test eax, eax jnz short loc_100024179 mov rcx, [rsp+198h+hKey] ; hKey lea rax, [rsp+198h+var_168] lea rdx, byte_100002A74 ; lpValueName mov [rsp+198h+var_170], rax lea rax, [rsp+198h+LibFileName] xor r9d, r9d ; lpType xor r8d, r8d ; lpReserved mov [rsp+198h+var_168], 104h mov [rsp+198h+var_178], rax call cs:RegQueryValueExA mov rcx, [rsp+198h+hKey] ; hKey test eax, eax cmovz ebx, r13d call cs:RegCloseKey test ebx, ebx jz short loc_100024179 lea rcx, [rsp+198h+LibFileName] ; lpLibFileName call cs:LoadLibraryA mov cs:hModule, rax jmp short loc_100024180 loc_100024179: mov rax, cs:hModule loc_100024180: test rax, rax mov rbx, [rsp+198h+var_8] jnz short loc_1000241A6 loc_10002418D: ; "hhctrl.ocx" lea rcx, aHhctrl_ocx call cs:LoadLibraryA test rax, rax mov cs:hModule, rax jz short loc_1000241CE loc_1000241A6: mov r10, cs:qword_10002E900 test r10, r10 jnz short loc_1000241D9 lea edx, [r10+0Eh] ; lpProcName mov rcx, rax ; hModule call cs:GetProcAddress test rax, rax mov r10, rax mov cs:qword_10002E900, rax jnz short loc_1000241D9 loc_1000241CE: mov cs:dword_10002E910, r13d xor eax, eax jmp short loc_1000241E8 loc_1000241D9: mov r9, rdi mov r8d, esi mov rdx, r12 mov rcx, rbp call r10 ; qword_10002E900 loc_1000241E8: mov r13, [rsp+198h+var_30] mov r12, [rsp+198h+var_28] mov rdi, [rsp+198h+var_20] mov rsi, [rsp+198h+var_18] mov rbp, [rsp+198h+var_10] mov rcx, [rsp+198h+var_48] call sub_1000258D0 add rsp, 198h retn sub_100024090 endp byte_100024225 db 7 dup(0CCh) ; [00000006 BYTES: COLLAPSED FUNCTION SHELL32_236. PRESS KEYPAD "+" TO EXPAND] align 8 ; [00000006 BYTES: COLLAPSED FUNCTION SHELL32_241. PRESS KEYPAD "+" TO EXPAND] db 6 dup(0CCh) ; [00000006 BYTES: COLLAPSED FUNCTION SHTestTokenMembership. PRESS KEYPAD "+" TO EXPAND] align 10h ; [00000006 BYTES: COLLAPSED FUNCTION GetUserNameExW. PRESS KEYPAD "+" TO EXPAND] lea rax, __imp_WTSEnumerateSessionsW jmp $+5 sub_100024262 proc near var_48= xmmword ptr -48h var_38= xmmword ptr -38h var_28= xmmword ptr -28h var_18= xmmword ptr -18h arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov [rsp+arg_0], rcx mov [rsp+arg_8], rdx mov [rsp+arg_10], r8 mov [rsp+arg_18], r9 sub rsp, 68h movdqa [rsp+68h+var_48], xmm0 movdqa [rsp+68h+var_38], xmm1 movdqa [rsp+68h+var_28], xmm2 movdqa [rsp+68h+var_18], xmm3 mov rdx, rax lea rcx, WTSAPI32_dll_import_table call sub_10001BC50 movdqa xmm0, [rsp+68h+var_48] movdqa xmm1, [rsp+68h+var_38] movdqa xmm2, [rsp+68h+var_28] movdqa xmm3, [rsp+68h+var_18] mov rcx, [rsp+68h+arg_0] mov rdx, [rsp+68h+arg_8] mov r8, [rsp+68h+arg_10] mov r9, [rsp+68h+arg_18] add rsp, 68h jmp short $+2 loc_1000242D9: jmp rax sub_100024262 endp db 6 dup(0CCh) ; [00000006 BYTES: COLLAPSED FUNCTION WTSEnumerateSessionsW. PRESS KEYPAD "+" TO EXPAND] lea rax, __imp_WTSQuerySessionInformationW jmp sub_100024262 db 6 dup(0CCh) ; [00000006 BYTES: COLLAPSED FUNCTION WTSQuerySessionInformationW. PRESS KEYPAD "+" TO EXPAND] lea rax, __imp_WTSFreeMemory jmp sub_100024262 db 6 dup(0CCh) ; [00000006 BYTES: COLLAPSED FUNCTION WTSFreeMemory. PRESS KEYPAD "+" TO EXPAND] lea rax, __imp_WTSSendMessageW jmp sub_100024262 db 6 dup(0CCh) ; [00000006 BYTES: COLLAPSED FUNCTION WTSSendMessageW. PRESS KEYPAD "+" TO EXPAND] lea rax, __imp_WTSDisconnectSession jmp sub_100024262 db 6 dup(0CCh) ; [00000006 BYTES: COLLAPSED FUNCTION WTSDisconnectSession. PRESS KEYPAD "+" TO EXPAND] lea rax, __imp_WTSLogoffSession jmp sub_100024262 db 6 dup(0CCh) ; [00000006 BYTES: COLLAPSED FUNCTION WTSLogoffSession. PRESS KEYPAD "+" TO EXPAND] lea rax, __imp_WinStationGetProcessSid jmp $+5 sub_10002436B proc near var_48= xmmword ptr -48h var_38= xmmword ptr -38h var_28= xmmword ptr -28h var_18= xmmword ptr -18h arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov [rsp+arg_0], rcx mov [rsp+arg_8], rdx mov [rsp+arg_10], r8 mov [rsp+arg_18], r9 sub rsp, 68h movdqa [rsp+68h+var_48], xmm0 movdqa [rsp+68h+var_38], xmm1 movdqa [rsp+68h+var_28], xmm2 movdqa [rsp+68h+var_18], xmm3 mov rdx, rax lea rcx, WINSTA_dll_import_table call sub_10001BC50 movdqa xmm0, [rsp+68h+var_48] movdqa xmm1, [rsp+68h+var_38] movdqa xmm2, [rsp+68h+var_28] movdqa xmm3, [rsp+68h+var_18] mov rcx, [rsp+68h+arg_0] mov rdx, [rsp+68h+arg_8] mov r8, [rsp+68h+arg_10] mov r9, [rsp+68h+arg_18] add rsp, 68h jmp short $+2 loc_1000243E2: jmp rax sub_10002436B endp db 6 dup(0CCh) ; [00000006 BYTES: COLLAPSED FUNCTION WinStationGetProcessSid. PRESS KEYPAD "+" TO EXPAND] lea rax, __imp_WinStationConnectW jmp sub_10002436B db 6 dup(0CCh) ; [00000006 BYTES: COLLAPSED FUNCTION WinStationConnectW. PRESS KEYPAD "+" TO EXPAND] lea rax, __imp_WinStationQueryInformationW jmp sub_10002436B db 6 dup(0CCh) ; [00000006 BYTES: COLLAPSED FUNCTION WinStationQueryInformationW. PRESS KEYPAD "+" TO EXPAND] lea rax, __imp_WinStationShadow jmp sub_10002436B db 6 dup(0CCh) ; [00000006 BYTES: COLLAPSED FUNCTION WinStationShadow. PRESS KEYPAD "+" TO EXPAND] lea rax, MSGINA_20 jmp $+5 sub_100024444 proc near var_48= xmmword ptr -48h var_38= xmmword ptr -38h var_28= xmmword ptr -28h var_18= xmmword ptr -18h arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov [rsp+arg_0], rcx mov [rsp+arg_8], rdx mov [rsp+arg_10], r8 mov [rsp+arg_18], r9 sub rsp, 68h movdqa [rsp+68h+var_48], xmm0 movdqa [rsp+68h+var_38], xmm1 movdqa [rsp+68h+var_28], xmm2 movdqa [rsp+68h+var_18], xmm3 mov rdx, rax lea rcx, MSGINA_dll_import_table call sub_10001BC50 movdqa xmm0, [rsp+68h+var_48] movdqa xmm1, [rsp+68h+var_38] movdqa xmm2, [rsp+68h+var_28] movdqa xmm3, [rsp+68h+var_18] mov rcx, [rsp+68h+arg_0] mov rdx, [rsp+68h+arg_8] mov r8, [rsp+68h+arg_10] mov r9, [rsp+68h+arg_18] add rsp, 68h jmp short $+2 loc_1000244BB: jmp rax sub_100024444 endp db 13h dup(0CCh) sub_1000244D0 proc near var_38= qword ptr -38h var_30= qword ptr -30h var_28= byte ptr -28h NewState= _TOKEN_PRIVILEGES ptr -20h arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 58h mov [rsp+58h+arg_0], rbx mov [rsp+58h+arg_8], rbp mov [rsp+58h+arg_10], rsi mov rbp, rdx mov edx, 8 ; ucb mov rbx, rcx mov byte ptr [rcx], 0 xor esi, esi mov [rsp+58h+arg_18], rdi mov [rcx+8], rsi add rcx, rdx ; lp call cs:IsBadWritePtr test eax, eax jz short loc_100024517 lea ecx, [rsi+57h] ; dwErrCode call cs:__imp_SetLastError jmp loc_1000245B9 loc_100024517: mov [rbx+8], rsi call cs:GetCurrentThread xor r8d, r8d ; OpenAsSelf lea edx, [r8+28h] ; DesiredAccess lea r9, [rbx+8] ; TokenHandle mov rcx, rax ; ThreadHandle call cs:OpenThreadToken test eax, eax mov esi, eax jnz short loc_100024564 call cs:GetLastError cmp eax, 3F0h jnz short loc_100024560 call cs:GetCurrentProcess lea r8, [rbx+8] ; TokenHandle lea edx, [rsi+28h] ; DesiredAccess mov rcx, rax ; ProcessHandle call cs:OpenProcessToken mov esi, eax loc_100024560: test esi, esi jz short loc_1000245B9 loc_100024564: ; lpLuid lea r8, [rsp+58h+NewState.Privileges] mov rdx, rbp ; lpName xor ecx, ecx ; lpSystemName call cs:LookupPrivilegeValueW test eax, eax jz short loc_1000245B9 lea rcx, [rsp+58h+var_28] lea rax, [rbx+10h] lea r8, [rsp+58h+NewState] ; NewState mov [rsp+58h+var_30], rcx mov rcx, [rbx+8] ; TokenHandle mov r9d, 10h ; BufferLength xor edx, edx ; DisableAllPrivileges mov [rsp+58h+NewState.PrivilegeCount], 1 mov [rsp+58h+NewState.Privileges.Attributes], 2 mov [rsp+58h+var_38], rax call cs:AdjustTokenPrivileges test eax, eax setnz al mov [rbx], al loc_1000245B9: mov rdi, [rsp+58h+arg_18] mov rsi, [rsp+58h+arg_10] mov rbp, [rsp+58h+arg_8] mov rax, rbx mov rbx, [rsp+58h+arg_0] add rsp, 58h retn sub_1000244D0 endp algn_1000245D5: align 20h sub_1000245E0 proc near var_18= qword ptr -18h var_10= qword ptr -10h push rbx sub rsp, 30h cmp byte ptr [rcx], 0 mov rbx, rcx jz short loc_100024613 lea r8, [rcx+10h] ; NewState mov rcx, [rcx+8] ; TokenHandle xor r9d, r9d ; BufferLength xor edx, edx ; DisableAllPrivileges mov [rsp+38h+var_10], 0 mov [rsp+38h+var_18], 0 call cs:AdjustTokenPrivileges loc_100024613: ; hObject mov rcx, [rbx+8] test rcx, rcx jz short loc_10002462A call cs:CloseHandle mov qword ptr [rbx+8], 0 loc_10002462A: add rsp, 30h pop rbx retn sub_1000245E0 endp algn_100024630: align 20h sub_100024640 proc near push rbx sub rsp, 20h xor ebx, ebx lea ecx, [rbx+7] call sub_100024BE0 test eax, eax jz short loc_10002465D lea eax, [rbx+1] add rsp, 20h pop rbx retn loc_10002465D: mov ecx, 5 call sub_100024BE0 test eax, eax jz short loc_100024680 mov ecx, 4Ah ; nIndex call cs:GetSystemMetrics mov ecx, 1 test eax, eax cmovnz ebx, ecx loc_100024680: mov eax, ebx add rsp, 20h pop rbx retn sub_100024640 endp algn_100024688: align 10h sub_100024690 proc near sub rsp, 28h mov edx, 0FFFFFFECh ; nIndex call cs:GetWindowLongA and eax, 400000h add rsp, 28h retn sub_100024690 endp algn_1000246A9: align 10h ; int __fastcall sub_1000246B0(HKEY hKey, __int64, __int64, __int64, __int64) sub_1000246B0 proc near var_38= qword ptr -38h var_30= qword ptr -30h var_28= dword ptr -28h var_24= dword ptr -24h Type= dword ptr -20h hKey= qword ptr -18h arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 58h mov [rsp+58h+arg_0], rbx mov [rsp+58h+arg_8], rbp xor ebp, ebp mov rbx, r9 lea rax, [rsp+58h+hKey] loc_1000246C8: mov [rsp+58h+arg_10], rsi mov rsi, r8 lea r9d, [rbp+1] ; samDesired xor r8d, r8d ; ulOptions mov [rsp+58h+arg_18], rdi mov [rsp+58h+var_28], ebp mov [rsp+58h+var_38], rax mov rdi, rcx call cs:RegOpenKeyExA test eax, eax jnz short loc_100024743 mov rcx, [rsp+58h+hKey] ; hKey lea rax, [rsp+58h+var_24] lea r9, [rsp+58h+Type] ; lpType mov [rsp+58h+var_30], rax lea rax, [rsp+58h+var_28] xor r8d, r8d ; lpReserved mov rdx, rbx ; lpValueName mov [rsp+58h+var_24], 4 mov [rsp+58h+var_38], rax call cs:RegQueryValueExA test eax, eax jnz short loc_100024738 mov eax, [rsp+58h+var_28] cmp [rsp+58h+Type], 4 cmovnz eax, ebp mov [rsp+58h+var_28], eax loc_100024738: ; hKey mov rcx, [rsp+58h+hKey] call cs:RegCloseKey loc_100024743: lea rax, [rsp+58h+hKey] mov r9d, 1 ; samDesired xor r8d, r8d ; ulOptions mov rdx, rsi ; lpSubKey mov rcx, rdi ; hKey mov [rsp+58h+var_38], rax call cs:RegOpenKeyExA mov rdi, [rsp+58h+arg_18] mov rsi, [rsp+58h+arg_10] test eax, eax jnz short loc_1000247C1 loc_100024770: ; hKey mov rcx, [rsp+58h+hKey] lea rax, [rsp+58h+var_24] lea r9, [rsp+58h+Type] ; lpType mov [rsp+58h+var_30], rax lea rax, [rsp+58h+var_28] xor r8d, r8d ; lpReserved mov rdx, rbx ; lpValueName mov [rsp+58h+var_24], 4 mov [rsp+58h+var_38], rax call cs:RegQueryValueExA test eax, eax jnz short loc_1000247B6 mov eax, [rsp+58h+var_28] cmp [rsp+58h+Type], 4 cmovnz eax, ebp mov [rsp+58h+var_28], eax loc_1000247B6: ; hKey mov rcx, [rsp+58h+hKey] call cs:RegCloseKey loc_1000247C1: mov eax, [rsp+58h+var_28] mov rbp, [rsp+58h+arg_8] mov rbx, [rsp+58h+arg_0] add rsp, 58h retn sub_1000246B0 endp algn_1000247D4: align 20h sub_1000247E0 proc near var_158= qword ptr -158h var_150= qword ptr -150h var_148= dword ptr -148h hKey= qword ptr -140h Type= dword ptr -138h var_128= byte ptr -128h var_18= qword ptr -18h var_8= qword ptr -8 arg_18= qword ptr 20h mov r11, rsp sub rsp, 178h mov rax, cs:qword_10002C178 mov [rsp+178h+var_18], rax mov [r11+20h], rbx lea rax, [rsp+178h+hKey] mov [r11-8], rdi mov rdi, r8 xor ebx, ebx xor r8d, r8d ; ulOptions lea r9d, [rbx+1] ; samDesired mov [rsp+178h+var_158], rax call cs:RegOpenKeyExA test eax, eax jnz short loc_100024863 mov rcx, [rsp+178h+hKey] ; hKey lea rax, [rsp+178h+var_148] lea r9, [rsp+178h+Type] ; lpType mov [rsp+178h+var_150], rax lea rax, [rsp+178h+var_128] xor r8d, r8d ; lpReserved mov rdx, rdi ; lpValueName mov [rsp+178h+var_148], 104h mov [rsp+178h+var_158], rax call cs:RegQueryValueExA mov rcx, [rsp+178h+hKey] ; hKey test eax, eax setz bl call cs:RegCloseKey loc_100024863: mov rdi, [rsp+178h+var_8] mov eax, ebx mov rbx, [rsp+178h+arg_18] mov rcx, [rsp+178h+var_18] call sub_1000258D0 add rsp, 178h retn sub_1000247E0 endp algn_10002488A: align 10h sub_100024890 proc near push rbx sub rsp, 20h mov rax, cs:qword_10002D198 mov rbx, rcx cmp rax, 0FFFFFFFFFFFFFFFFh jnz short loc_1000248D6 lea ecx, [rax+8] call sub_100024BE0 test eax, eax jz short loc_1000248E6 lea rcx, aNetapi32 ; "netapi32" call cs:GetModuleHandleW lea rdx, aNetapibufferfr ; "NetApiBufferFree" mov rcx, rax ; hModule call cs:GetProcAddress mov cs:qword_10002D198, rax loc_1000248D6: test rax, rax jz short loc_1000248F1 mov rcx, rbx add rsp, 20h pop rbx jmp rax loc_1000248E6: mov cs:qword_10002D198, 0 loc_1000248F1: mov eax, 7Fh add rsp, 20h pop rbx retn sub_100024890 endp byte_1000248FC db 14h dup(0CCh) sub_100024910 proc near arg_0= dword ptr 8 arg_8= qword ptr 10h push rbx sub rsp, 20h mov ecx, 7 call sub_100024BE0 test eax, eax jz loc_1000249B7 cmp cs:dword_10002E93C, 0 jnz loc_1000249B7 mov rax, cs:qword_10002D190 mov ebx, 1 cmp rax, 0FFFFFFFFFFFFFFFFh jnz short loc_100024977 lea ecx, [rbx+6] call sub_100024BE0 test eax, eax jz short loc_1000249C3 lea rcx, aNetapi32 ; "netapi32" call cs:LoadLibraryW lea rdx, aNetgetjoininfo ; "NetGetJoinInformation" mov rcx, rax ; hModule call cs:GetProcAddress mov cs:qword_10002D190, rax loc_100024977: test rax, rax jz short loc_1000249B1 lea r8, [rsp+28h+arg_0] lea rdx, [rsp+28h+arg_8] xor ecx, ecx call rax ; qword_10002D190 test eax, eax jnz short loc_1000249B1 mov rcx, [rsp+28h+arg_8] test rcx, rcx jz short loc_10002499D call sub_100024890 loc_10002499D: mov eax, cs:dword_10002E938 cmp [rsp+28h+arg_0], 3 cmovz eax, ebx mov cs:dword_10002E938, eax loc_1000249B1: mov cs:dword_10002E93C, ebx loc_1000249B7: mov eax, cs:dword_10002E938 add rsp, 20h pop rbx retn loc_1000249C3: mov eax, cs:dword_10002E938 mov cs:qword_10002D190, 0 mov cs:dword_10002E93C, ebx add rsp, 20h pop rbx retn sub_100024910 endp byte_1000249E0 db 10h dup(0CCh) sub_1000249F0 proc near var_18= qword ptr -18h arg_0= qword ptr 8 push rdi sub rsp, 30h mov eax, cs:dword_10002D1A0 cmp eax, 0FFFFFFFFh jnz short loc_100024A72 lea rcx, aNtdll_dll_0 ; "ntdll.dll" call cs:GetModuleHandleW lea rdx, aNtqueryinforma ; "NtQueryInformationProcess" mov rcx, rax ; hModule call cs:GetProcAddress test rax, rax mov rdi, rax jz short loc_100024A6A call cs:GetCurrentProcess mov r9d, 8 lea r8, [rsp+38h+arg_0] lea edx, [r9+12h] mov rcx, rax mov [rsp+38h+var_18], 0 call rdi test eax, eax js short loc_100024A6A cmp [rsp+38h+arg_0], 0 jz short loc_100024A6A mov cs:dword_10002D1A0, 1 mov eax, 1 add rsp, 30h pop rdi retn loc_100024A6A: xor eax, eax mov cs:dword_10002D1A0, eax loc_100024A72: add rsp, 30h pop rdi retn sub_1000249F0 endp algn_100024A78: align 20h ; int __cdecl sub_100024A80(int, int, int, int, HKEY hKey) sub_100024A80 proc near var_18= qword ptr -18h var_10= qword ptr -10h arg_0= dword ptr 8 arg_8= dword ptr 10h hKey= qword ptr 18h sub rsp, 38h lea rax, [rsp+38h+hKey] lea rdx, aSoftwareMicr_4 ; "Software\\Microsoft\\Windows\\CurrentVersi"... mov r9d, 1 ; samDesired xor r8d, r8d ; ulOptions mov rcx, 0FFFFFFFF80000001h ; hKey mov [rsp+38h+arg_0], 0 mov [rsp+38h+var_18], rax call cs:RegOpenKeyExW test eax, eax jnz short loc_100024AF6 mov rcx, [rsp+38h+hKey] ; hKey lea rax, [rsp+38h+arg_8] lea rdx, aServeradminui ; "ServerAdminUI" mov [rsp+38h+var_10], rax lea rax, [rsp+38h+arg_0] xor r9d, r9d ; lpType xor r8d, r8d ; lpReserved mov [rsp+38h+arg_8], 4 mov [rsp+38h+var_18], rax call cs:RegQueryValueExW mov rcx, [rsp+38h+hKey] ; hKey call cs:RegCloseKey loc_100024AF6: mov eax, [rsp+38h+arg_0] add rsp, 38h retn sub_100024A80 endp byte_100024AFF db 11h dup(0CCh) ; int __cdecl sub_100024B10(int, int, DWORD Type, int, int, int, HKEY hKey) sub_100024B10 proc near var_18= qword ptr -18h var_10= qword ptr -10h arg_0= dword ptr 8 Type= dword ptr 10h arg_10= dword ptr 18h hKey= qword ptr 20h push rbx sub rsp, 30h mov eax, cs:dword_10002D1A4 cmp eax, 0FFFFFFFFh jnz loc_100024BC6 lea rax, [rsp+38h+hKey] mov ebx, 1 lea rdx, aSystemWpaAppli ; "System\\WPA\\ApplianceServer" xor r8d, r8d ; ulOptions mov rcx, 0FFFFFFFF80000002h ; hKey mov r9d, ebx ; samDesired mov [rsp+38h+var_18], rax call cs:RegOpenKeyExA test eax, eax jnz short loc_100024BB2 mov rcx, [rsp+38h+hKey] ; hKey lea rax, [rsp+38h+arg_0] lea r9, [rsp+38h+Type] ; lpType mov [rsp+38h+var_10], rax lea rax, [rsp+38h+arg_10] lea rdx, aInstalled ; "Installed" xor r8d, r8d ; lpReserved mov [rsp+38h+arg_0], 4 mov [rsp+38h+var_18], rax call cs:RegQueryValueExA test eax, eax jnz short loc_100024BA7 cmp [rsp+38h+Type], 4 jnz short loc_100024BA7 mov eax, cs:dword_10002D1A4 cmp [rsp+38h+arg_10], 0 cmovnz eax, ebx mov cs:dword_10002D1A4, eax loc_100024BA7: ; hKey mov rcx, [rsp+38h+hKey] call cs:RegCloseKey loc_100024BB2: mov eax, cs:dword_10002D1A4 xor ecx, ecx cmp eax, 0FFFFFFFFh cmovz eax, ecx mov cs:dword_10002D1A4, eax loc_100024BC6: add rsp, 30h pop rbx retn sub_100024B10 endp algn_100024BCC: align 20h sub_100024BE0 proc near arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 28h cmp cs:dword_10002E9DC, 0 mov [rsp+28h+arg_10], rbx mov [rsp+28h+arg_18], rdi mov edi, ecx mov ebx, 1 jnz short loc_100024C36 lea rcx, VersionInformation ; lpVersionInformation mov cs:dword_10002E9DC, ebx mov cs:VersionInformation.dwOSVersionInfoSize, 9Ch call cs:GetVersionExA test eax, eax jnz short loc_100024C36 lea rcx, VersionInformation ; lpVersionInformation mov cs:VersionInformation.dwOSVersionInfoSize, 94h call cs:GetVersionExA loc_100024C36: ; switch 44 cases cmp edi, 2Bh ja short loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 lea rdx, __ImageBase mov rax, rdi mov ecx, ds:(off_100025344 - 100000000h)[rdx+rdi*4] add rcx, rdx jmp rcx ; switch jump loc_100024C51: ; jumptable 100024C4F case 14 mov ecx, 1000h call cs:GetSystemMetrics mov ebx, eax mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100024C6D: ; jumptable 100024C4F case 12 test byte ptr cs:dword_10002E9D8, 10h jz short loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 cmp cs:VersionInformation.dwMajorVersion, 5 jnb short loc_100024C81 loc_100024C7F: ; default xor ebx, ebx ; jumptable 100024C4F cases 37,39 loc_100024C81: mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100024C92: ; jumptable 100024C4F case 24 test byte ptr cs:dword_10002E9D8, 10h jz short loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 bt word ptr cs:dword_10002E9D8, 8 jnb short loc_100024C81 xor ebx, ebx mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100024CB9: ; jumptable 100024C4F case 15 test byte ptr cs:dword_10002E9D8, 10h jz short loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 bt word ptr cs:dword_10002E9D8, 8 jb short loc_100024C81 xor ebx, ebx mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100024CE0: ; jumptable 100024C4F case 25 bt word ptr cs:dword_10002E9D8, 8 jnb short loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 test byte ptr cs:dword_10002E9D8, 10h jz short loc_100024C81 xor ebx, ebx mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100024D07: ; jumptable 100024C4F case 26 test word ptr cs:dword_10002E9D8, 110h jz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 lea r9, aAllowmultipl_0 ; "AllowMultipleTSSessions" lea r8, aSoftwareMicr_5 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"... lea rdx, aSoftwareMicr_6 ; "SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"... mov rcx, 0FFFFFFFF80000002h ; hKey call sub_1000246B0 test eax, eax jmp loc_100025127 loc_100024D3E: ; jumptable 100024C4F case 27 cmp byte ptr cs:dword_10002E9D8+2, bl jnz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 call sub_100024910 test eax, eax jnz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 lea r8, aGinadll ; "GinaDLL" lea rdx, aSoftwareMicr_6 ; "SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"... mov rcx, 0FFFFFFFF80000002h call sub_1000247E0 test eax, eax jnz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 lea r9, aLogontype ; "LogonType" lea r8, aSoftwareMicr_5 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"... lea rdx, aSoftwareMicr_6 ; "SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"... mov rcx, 0FFFFFFFF80000002h ; hKey call sub_1000246B0 test eax, eax jmp loc_100025127 loc_100024DA1: ; jumptable 100024C4F case 28 call sub_100024910 mov ebx, eax mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100024DB7: ; jumptable 100024C4F cases 4,7 cmp cs:VersionInformation.dwPlatformId, 2 jnz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 cmp cs:VersionInformation.dwMajorVersion, 5 jnb loc_100024C81 xor ebx, ebx mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100024DE4: ; jumptable 100024C4F case 8 cmp byte ptr cs:dword_10002E9D8+2, bl jmp loc_100024E7C loc_100024DEF: ; jumptable 100024C4F case 10 movzx eax, byte ptr cs:dword_10002E9D8+2 cmp al, 3 jz short loc_100024E02 cmp al, 2 jnz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 loc_100024E02: cmp cs:VersionInformation.dwMajorVersion, 5 jnz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 movzx eax, byte ptr cs:dword_10002E9D8 test al, 2 jz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 test al, al jns loc_100024C81 xor ebx, ebx mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100024E39: ; jumptable 100024C4F case 11 movzx eax, byte ptr cs:dword_10002E9D8+2 cmp al, 3 jz short loc_100024E4C cmp al, 2 jnz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 loc_100024E4C: cmp cs:VersionInformation.dwMajorVersion, 5 jmp loc_10002511A loc_100024E58: ; jumptable 100024C4F case 9 movzx eax, byte ptr cs:dword_10002E9D8+2 cmp al, 3 jz short loc_100024E6B cmp al, 2 jnz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 loc_100024E6B: movzx eax, byte ptr cs:dword_10002E9D8 test al, al js loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 test al, 2 loc_100024E7C: ; default jnz loc_100024C7F ; jumptable 100024C4F cases 37,39 cmp cs:VersionInformation.dwMajorVersion, 5 jz loc_100024C81 xor ebx, ebx mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100024EA2: ; jumptable 100024C4F case 13 mov ebx, cs:dword_10002E9D8 and ebx, 40h mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100024EBC: ; jumptable 100024C4F case 0 xor ebx, ebx cmp cs:VersionInformation.dwPlatformId, 1 setz bl mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100024ED9: ; jumptable 100024C4F case 1 xor ebx, ebx cmp cs:VersionInformation.dwPlatformId, 2 setz bl mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100024EF6: ; jumptable 100024C4F case 2 cmp cs:VersionInformation.dwPlatformId, ebx jmp loc_10002502F loc_100024F01: ; jumptable 100024C4F case 16 cmp cs:VersionInformation.dwPlatformId, ebx jnz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 cmp cs:VersionInformation.dwMajorVersion, 4 jnz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 cmp cs:VersionInformation.dwMinorVersion, 0 jnz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 cmp word ptr cs:VersionInformation.dwBuildNumber, 3B6h jz loc_100024C81 xor ebx, ebx mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100024F49: ; jumptable 100024C4F case 5 cmp cs:VersionInformation.dwPlatformId, ebx jnz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 mov eax, cs:VersionInformation.dwMajorVersion cmp eax, 4 ja loc_100024C81 cmp eax, 4 jnz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 cmp cs:VersionInformation.dwMinorVersion, 0Ah jnb loc_100024C81 xor ebx, ebx mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100024F8D: ; jumptable 100024C4F case 6 cmp cs:VersionInformation.dwPlatformId, ebx jnz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 cmp cs:VersionInformation.dwMajorVersion, 4 jnz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 cmp cs:VersionInformation.dwMinorVersion, 0Ah jnz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 cmp word ptr cs:VersionInformation.dwBuildNumber, 7CEh jz loc_100024C81 xor ebx, ebx mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100024FD5: ; jumptable 100024C4F case 17 cmp cs:VersionInformation.dwPlatformId, ebx jnz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 mov eax, cs:VersionInformation.dwMajorVersion cmp eax, 4 jnz short loc_10002500C cmp cs:VersionInformation.dwMinorVersion, 5Ah jnb loc_100024C81 xor ebx, ebx mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_10002500C: cmp eax, 4 ja loc_100024C81 xor ebx, ebx mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100025028: ; jumptable 100024C4F case 3 cmp cs:VersionInformation.dwPlatformId, 2 loc_10002502F: ; default jnz loc_100024C7F ; jumptable 100024C4F cases 37,39 cmp cs:VersionInformation.dwMajorVersion, 4 jnb loc_100024C81 xor ebx, ebx mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100025055: ; jumptable 100024C4F case 18 cmp cs:VersionInformation.dwPlatformId, 2 jnz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 mov eax, cs:VersionInformation.dwMajorVersion cmp eax, 5 ja loc_100024C81 cmp eax, 5 jnz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 mov eax, cs:VersionInformation.dwMinorVersion test eax, eax jnz loc_100024C81 test eax, eax jnz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 cmp word ptr cs:VersionInformation.dwBuildNumber, 893h ja loc_100024C81 xor ebx, ebx mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_1000250B2: ; jumptable 100024C4F case 19 cmp cs:VersionInformation.dwPlatformId, 2 jnz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 bt word ptr cs:dword_10002E9D8, 9 jb loc_100024C81 xor ebx, ebx mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_1000250E1: ; jumptable 100024C4F case 20 cmp cs:VersionInformation.dwPlatformId, 2 jnz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 cmp byte ptr cs:dword_10002E9D8+2, bl jz loc_100024C81 xor ebx, ebx mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_10002510D: ; jumptable 100024C4F case 21 movzx eax, byte ptr cs:dword_10002E9D8+2 cmp al, 3 jz short loc_100025120 cmp al, 2 loc_10002511A: ; default jnz loc_100024C7F ; jumptable 100024C4F cases 37,39 loc_100025120: test byte ptr cs:dword_10002E9D8, 80h loc_100025127: jnz loc_100024C81 xor ebx, ebx mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100025140: ; jumptable 100024C4F case 22 movzx eax, byte ptr cs:dword_10002E9D8+2 cmp al, 3 jz short loc_100025153 cmp al, 2 jnz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 loc_100025153: movzx eax, byte ptr cs:dword_10002E9D8 test al, 2 jz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 test al, al jns loc_100024C81 xor ebx, ebx mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_10002517D: ; jumptable 100024C4F case 23 movzx eax, byte ptr cs:dword_10002E9D8+2 cmp al, 3 jz short loc_100025190 cmp al, 2 jnz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 loc_100025190: movzx eax, byte ptr cs:dword_10002E9D8 test al, al js loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 test al, 2 jnz loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 bt word ptr cs:dword_10002E9D8, 0Ah jb loc_100024C7F ; default ; jumptable 100024C4F cases 37,39 test al, 20h jz loc_100024C81 xor ebx, ebx mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_1000251D1: ; jumptable 100024C4F case 31 mov ebx, cs:dword_10002E9D8 and ebx, 400h mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_1000251EE: ; jumptable 100024C4F case 32 mov ebx, cs:dword_10002E9D8 and ebx, 20h mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100025208: ; jumptable 100024C4F case 29 movzx eax, byte ptr cs:dword_10002E9D8+2 cmp al, 3 jz loc_100024C81 cmp al, 2 jz loc_100024C81 xor ebx, ebx mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100025232: ; jumptable 100024C4F case 30 call sub_1000249F0 mov ebx, eax mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100025248: ; jumptable 100024C4F case 33 mov ecx, 56h call cs:GetSystemMetrics mov ebx, eax mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100025264: ; jumptable 100024C4F case 35 mov ecx, 57h call cs:GetSystemMetrics mov ebx, eax mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100025280: ; jumptable 100024C4F case 36 call sub_100024B10 mov ebx, eax mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100025296: ; jumptable 100024C4F case 38 mov ecx, 58h call cs:GetSystemMetrics mov ebx, eax mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_1000252B2: ; jumptable 100024C4F case 34 call sub_100024A80 mov ebx, eax mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_1000252C8: ; jumptable 100024C4F case 40 mov ebx, cs:dword_10002E9D8 and ebx, 2000h mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_1000252E5: ; jumptable 100024C4F case 41 mov ebx, cs:dword_10002E9D8 and ebx, 4000h mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_100025302: ; jumptable 100024C4F case 43 mov ebx, cs:dword_10002E9D8 and ebx, 8000h mov eax, ebx mov rdi, [rsp+28h+arg_18] mov rbx, [rsp+28h+arg_10] add rsp, 28h retn loc_10002531F: ; jumptable 100024C4F case 42 mov ecx, 59h call cs:GetSystemMetrics mov rdi, [rsp+28h+arg_18] xor ebx, ebx test eax, eax setnz bl mov eax, ebx mov rbx, [rsp+28h+arg_10] add rsp, 28h retn sub_100024BE0 endp align 4 off_100025344 dd offset loc_100024EBC - offset __ImageBase ; jump table for switch statement dd offset loc_100024ED9 - offset __ImageBase dd offset loc_100024EF6 - offset __ImageBase dd offset loc_100025028 - offset __ImageBase dd offset loc_100024DB7 - offset __ImageBase dd offset loc_100024F49 - offset __ImageBase dd offset loc_100024F8D - offset __ImageBase dd offset loc_100024DB7 - offset __ImageBase dd offset loc_100024DE4 - offset __ImageBase dd offset loc_100024E58 - offset __ImageBase dd offset loc_100024DEF - offset __ImageBase dd offset loc_100024E39 - offset __ImageBase dd offset loc_100024C6D - offset __ImageBase dd offset loc_100024EA2 - offset __ImageBase dd offset loc_100024C51 - offset __ImageBase dd offset loc_100024CB9 - offset __ImageBase dd offset loc_100024F01 - offset __ImageBase dd offset loc_100024FD5 - offset __ImageBase dd offset loc_100025055 - offset __ImageBase dd offset loc_1000250B2 - offset __ImageBase dd offset loc_1000250E1 - offset __ImageBase dd offset loc_10002510D - offset __ImageBase dd offset loc_100025140 - offset __ImageBase dd offset loc_10002517D - offset __ImageBase dd offset loc_100024C92 - offset __ImageBase dd offset loc_100024CE0 - offset __ImageBase dd offset loc_100024D07 - offset __ImageBase dd offset loc_100024D3E - offset __ImageBase dd offset loc_100024DA1 - offset __ImageBase dd offset loc_100025208 - offset __ImageBase dd offset loc_100025232 - offset __ImageBase dd offset loc_1000251D1 - offset __ImageBase dd offset loc_1000251EE - offset __ImageBase dd offset loc_100025248 - offset __ImageBase dd offset loc_1000252B2 - offset __ImageBase dd offset loc_100025264 - offset __ImageBase dd offset loc_100025280 - offset __ImageBase dd offset loc_100024C7F - offset __ImageBase dd offset loc_100025296 - offset __ImageBase dd offset loc_100024C7F - offset __ImageBase dd offset loc_1000252C8 - offset __ImageBase dd offset loc_1000252E5 - offset __ImageBase dd offset loc_10002531F - offset __ImageBase dd offset loc_100025302 - offset __ImageBase sub_1000253F4 proc near lea rax, __imp_CachedGetUserFromSid jmp $+5 sub_1000253F4 endp ; sp-analysis failed sub_100025400 proc near var_48= xmmword ptr -48h var_38= xmmword ptr -38h var_28= xmmword ptr -28h var_18= xmmword ptr -18h arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov [rsp+arg_0], rcx mov [rsp+arg_8], rdx mov [rsp+arg_10], r8 mov [rsp+arg_18], r9 sub rsp, 68h movdqa [rsp+68h+var_48], xmm0 movdqa [rsp+68h+var_38], xmm1 movdqa [rsp+68h+var_28], xmm2 movdqa [rsp+68h+var_18], xmm3 mov rdx, rax lea rcx, UTILDLL_dll_import_table call sub_10001BC50 movdqa xmm0, [rsp+68h+var_48] movdqa xmm1, [rsp+68h+var_38] movdqa xmm2, [rsp+68h+var_28] movdqa xmm3, [rsp+68h+var_18] mov rcx, [rsp+68h+arg_0] mov rdx, [rsp+68h+arg_8] mov r8, [rsp+68h+arg_10] mov r9, [rsp+68h+arg_18] add rsp, 68h jmp short $+2 loc_100025477: jmp rax sub_100025400 endp db 6 dup(0CCh) ; [00000006 BYTES: COLLAPSED FUNCTION CachedGetUserFromSid. PRESS KEYPAD "+" TO EXPAND] lea rax, __imp_CurrentDateTimeString jmp sub_100025400 db 6 dup(0CCh) ; [00000006 BYTES: COLLAPSED FUNCTION CurrentDateTimeString. PRESS KEYPAD "+" TO EXPAND] lea rax, CLSIDFromString jmp $+5 sub_1000254A9 proc near var_48= xmmword ptr -48h var_38= xmmword ptr -38h var_28= xmmword ptr -28h var_18= xmmword ptr -18h arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h mov [rsp+arg_0], rcx mov [rsp+arg_8], rdx mov [rsp+arg_10], r8 mov [rsp+arg_18], r9 sub rsp, 68h movdqa [rsp+68h+var_48], xmm0 movdqa [rsp+68h+var_38], xmm1 movdqa [rsp+68h+var_28], xmm2 movdqa [rsp+68h+var_18], xmm3 mov rdx, rax lea rcx, ole32_dll_import_table call sub_10001BC50 movdqa xmm0, [rsp+68h+var_48] movdqa xmm1, [rsp+68h+var_38] movdqa xmm2, [rsp+68h+var_28] movdqa xmm3, [rsp+68h+var_18] mov rcx, [rsp+68h+arg_0] mov rdx, [rsp+68h+arg_8] mov r8, [rsp+68h+arg_10] mov r9, [rsp+68h+arg_18] add rsp, 68h jmp short $+2 loc_100025520: jmp rax sub_1000254A9 endp align 10h sub_100025530 proc near var_328= qword ptr -328h var_320= dword ptr -320h var_318= qword ptr -318h var_310= qword ptr -310h var_308= qword ptr -308h var_300= dword ptr -300h var_2F8= byte ptr -2F8h var_28= qword ptr -28h var_10= qword ptr -10h var_8= qword ptr -8 arg_10= qword ptr 18h arg_18= qword ptr 20h mov r11, rsp sub rsp, 348h mov rax, cs:qword_10002C178 mov [rsp+348h+var_28], rax mov [r11+18h], rbx mov [r11+20h], rbp mov [r11-8], rsi xor esi, esi cmp dword ptr [rdx], 68h mov [r11-10h], rdi mov ebp, esi mov rbx, rdx mov rdi, rcx jz short loc_100025578 lea ecx, [rsi+7Ah] ; dwErrCode call cs:__imp_SetLastError xor eax, eax jmp loc_1000257A0 loc_100025578: ; int xor edx, edx mov rcx, rbx ; void * lea r8d, [rdx+68h] ; size_t call memset mov rcx, rdi mov [rbx+4], esi mov dword ptr [rbx+0Ch], 0FFFFFFFFh call sub_100025840 test rax, rax mov rdi, rax jz loc_10002578E mov [rsp+348h+var_310], rsi lea rax, [rsp+348h+var_300] lea r8, unk_10002D1A8 ; lpInBuffer mov [rsp+348h+var_318], rax lea rax, [rsp+348h+var_2F8] mov r9d, 3Ch ; nInBufferSize mov edx, 17003Eh ; dwIoControlCode mov rcx, rdi ; hDevice mov [rsp+348h+var_320], 2D0h mov dword ptr [rbx+0Ch], 1 mov dword ptr [rbx+4], 1 mov [rsp+348h+var_328], rax call cs:DeviceIoControl mov ebp, eax call cs:GetLastError mov rcx, rdi ; hObject call cs:CloseHandle test ebp, ebp jz loc_10002578E mov r11d, [rsp+348h+var_300] mov r10d, esi lea r9, [rsp+348h+var_2F8] test r11d, r11d jz loc_100025796 lea rdi, __ImageBase loc_100025624: cmp dword ptr [r9+4], 8 mov [rsp+348h+var_308], rsi jnz short loc_100025640 mov rax, [r9+8] mov [rsp+348h+var_308], rax mov r8d, dword ptr [rsp+348h+var_308] jmp short loc_10002564E loc_100025640: mov r8d, [r9+8] mov dword ptr [rsp+348h+var_308], r8d mov rax, [rsp+348h+var_308] loc_10002564E: mov edx, [r9] mov ecx, [r9+4] btr edx, 1Fh lea r10d, [r10+rcx+8] lea r9, [r9+rcx+8] cmp edx, 20201h ja loc_100025712 cmp edx, 20201h jz loc_10002570C cmp edx, 20101h ja short loc_1000256DD cmp edx, 20101h jz short loc_1000256D4 sub edx, 10104h jz short loc_1000256CB sub edx, 3 jz short loc_1000256C2 sub edx, 0Dh jz short loc_1000256B2 cmp edx, 0EEh jnz loc_100025783 ; default ; jumptable 100025737 cases 1,3,7,9-15 mov [rbx+10h], r8d jmp loc_100025783 ; default ; jumptable 100025737 cases 1,3,7,9-15 loc_1000256B2: mov eax, esi test r8d, r8d setz al mov [rbx+0Ch], eax jmp loc_100025783 ; default ; jumptable 100025737 cases 1,3,7,9-15 loc_1000256C2: mov [rbx+14h], r8d jmp loc_100025783 ; default ; jumptable 100025737 cases 1,3,7,9-15 loc_1000256CB: mov [rbx+8], r8d jmp loc_100025783 ; default ; jumptable 100025737 cases 1,3,7,9-15 loc_1000256D4: mov [rbx+18h], rax jmp loc_100025783 ; default ; jumptable 100025737 cases 1,3,7,9-15 loc_1000256DD: sub edx, 20102h jz short loc_100025703 dec edx jz short loc_1000256FA dec edx jnz loc_100025783 ; default ; jumptable 100025737 cases 1,3,7,9-15 mov [rbx+50h], r8d jmp loc_100025783 ; default ; jumptable 100025737 cases 1,3,7,9-15 loc_1000256FA: mov [rbx+54h], r8d jmp loc_100025783 ; default ; jumptable 100025737 cases 1,3,7,9-15 loc_100025703: mov [rbx+20h], rax jmp loc_100025783 ; default ; jumptable 100025737 cases 1,3,7,9-15 loc_10002570C: add [rbx+30h], rax jmp short loc_100025783 ; default ; jumptable 100025737 cases 1,3,7,9-15 loc_100025712: cmp edx, 0FFFFFFh ja short loc_100025783 ; default ; jumptable 100025737 cases 1,3,7,9-15 cmp edx, 0FFFFFFh jz short loc_10002577F add edx, 0FFFDFDFDh cmp edx, 12h ; switch 19 cases ja short loc_100025783 ; default ; jumptable 100025737 cases 1,3,7,9-15 mov edx, ds:(off_1000257D8 - 100000000h)[rdi+rdx*4] add rdx, rdi jmp rdx ; switch jump loc_100025739: ; jumptable 100025737 case 0 add [rbx+30h], rax jmp short loc_100025783 ; default ; jumptable 100025737 cases 1,3,7,9-15 loc_10002573F: ; jumptable 100025737 case 2 add [rbx+30h], rax jmp short loc_100025783 ; default ; jumptable 100025737 cases 1,3,7,9-15 loc_100025745: ; jumptable 100025737 case 4 add [rbx+38h], rax mov [rbx+40h], rax jmp short loc_100025783 ; default ; jumptable 100025737 cases 1,3,7,9-15 loc_10002574F: ; jumptable 100025737 case 5 mov [rbx+48h], rax jmp short loc_100025783 ; default ; jumptable 100025737 cases 1,3,7,9-15 loc_100025755: ; jumptable 100025737 case 6 add [rbx+38h], rax jmp short loc_100025783 ; default ; jumptable 100025737 cases 1,3,7,9-15 loc_10002575B: ; jumptable 100025737 case 8 add [rbx+38h], rax jmp short loc_100025783 ; default ; jumptable 100025737 cases 1,3,7,9-15 loc_100025761: ; jumptable 100025737 case 16 mov [rbx+28h], r8d jmp short loc_100025783 ; default ; jumptable 100025737 cases 1,3,7,9-15 loc_100025767: ; jumptable 100025737 case 17 mov [rbx+58h], r8d jmp short loc_100025783 ; default ; jumptable 100025737 cases 1,3,7,9-15 loc_10002576D: ; jumptable 100025737 case 18 mov eax, r8d shr eax, 10h mov [rbx+5Ch], eax movzx eax, r8w mov [rbx+60h], eax jmp short loc_100025783 ; default ; jumptable 100025737 cases 1,3,7,9-15 loc_10002577F: mov [rbx+2Ch], r8d loc_100025783: ; default cmp r10d, r11d ; jumptable 100025737 cases 1,3,7,9-15 jb loc_100025624 jmp short loc_100025796 loc_10002578E: call cs:GetLastError mov esi, eax loc_100025796: ; dwErrCode mov ecx, esi call cs:__imp_SetLastError mov eax, ebp loc_1000257A0: mov rdi, [rsp+348h+var_10] mov rsi, [rsp+348h+var_8] mov rbp, [rsp+348h+arg_18] mov rbx, [rsp+348h+arg_10] mov rcx, [rsp+348h+var_28] call sub_1000258D0 add rsp, 348h retn sub_100025530 endp align 8 off_1000257D8 dd offset loc_100025739 - offset __ImageBase ; jump table for switch statement dd offset loc_100025783 - offset __ImageBase dd offset loc_10002573F - offset __ImageBase dd offset loc_100025783 - offset __ImageBase dd offset loc_100025745 - offset __ImageBase dd offset loc_10002574F - offset __ImageBase dd offset loc_100025755 - offset __ImageBase dd offset loc_100025783 - offset __ImageBase dd offset loc_10002575B - offset __ImageBase dd offset loc_100025783 - offset __ImageBase dd offset loc_100025783 - offset __ImageBase dd offset loc_100025783 - offset __ImageBase dd offset loc_100025783 - offset __ImageBase dd offset loc_100025783 - offset __ImageBase dd offset loc_100025783 - offset __ImageBase dd offset loc_100025783 - offset __ImageBase dd offset loc_100025761 - offset __ImageBase dd offset loc_100025767 - offset __ImageBase dd offset loc_10002576D - offset __ImageBase algn_100025824: align 10h ; [00000007 BYTES: COLLAPSED FUNCTION SetLastError. PRESS KEYPAD "+" TO EXPAND] align 20h sub_100025840 proc near var_58= dword ptr -58h var_50= dword ptr -50h var_38= dword ptr -38h var_20= dword ptr -20h arg_0= qword ptr 8 mov r11, rsp sub rsp, 78h xor eax, eax mov [rsp+78h+var_38], 30h lea r9, [r11-48h] mov [r11-30h], rax mov [rsp+78h+var_20], 40h mov [r11-28h], rcx lea rcx, [r11+8] lea r8, [r11-38h] mov edx, 12019Fh mov [rsp+78h+var_50], 20h mov [r11+8], rax mov [r11-18h], rax mov [r11-10h], rax mov [rsp+78h+var_58], 7 call cs:NtOpenFile test eax, eax jz short loc_1000258A7 mov ecx, eax call cs:RtlNtStatusToDosError mov ecx, eax ; dwErrCode call SetLastError loc_1000258A7: mov rax, [rsp+78h+arg_0] add rsp, 78h retn sub_100025840 endp byte_1000258B4 db 6 dup(0CCh) ; [00000006 BYTES: COLLAPSED FUNCTION DelayLoadFailureHook. PRESS KEYPAD "+" TO EXPAND] db 6 dup(0CCh) align 10h sub_1000258D0 proc near var_48= qword ptr -48h var_40= qword ptr -40h var_38= qword ptr -38h var_30= qword ptr -30h var_28= byte ptr -28h var_20= byte ptr -20h var_18= qword ptr -18h arg_0= qword ptr 8 arg_8= qword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h cmp rcx, cs:qword_10002C178 jnz short loc_1000258E9 rol rcx, 10h test cx, 0FFFFh jnz short loc_1000258E5 retn loc_1000258E5: ror rcx, 10h loc_1000258E9: jmp sub_10001BE80 sub_1000258D0 endp align 20h ; [0000004E BYTES: COLLAPSED FUNCTION __chkstk. PRESS KEYPAD "+" TO EXPAND] algn_10002594E: align 20h lea rcx, dword_10002FED0 jmp sub_100004120 align 20h sub_100025980 proc near var_28= qword ptr -28h var_20= qword ptr -20h hKey= qword ptr -18h arg_0= dword ptr 8 Type= dword ptr 10h arg_10= qword ptr 18h arg_18= qword ptr 20h sub rsp, 48h mov [rsp+48h+arg_10], rbx mov [rsp+48h+arg_18], rdi xor edi, edi lea edx, [rdi+64h] ; uBytes xor ecx, ecx ; uFlags call cs:LocalAlloc test rax, rax mov rbx, rax jz loc_100025A72 lea rax, [rsp+48h+hKey] lea rdx, SubKey ; "Software\\Microsoft\\Windows NT\\CurrentVe"... mov r9d, 20019h ; samDesired xor r8d, r8d ; ulOptions mov rcx, 0FFFFFFFF80000001h ; hKey mov [rsp+48h+var_28], rax call cs:RegOpenKeyExW test eax, eax jnz loc_100025A69 mov rcx, [rsp+48h+hKey] ; hKey lea rax, [rsp+48h+arg_0] lea r9, [rsp+48h+Type] ; lpType mov [rsp+48h+var_20], rax lea rdx, qword_100002F58+20h ; lpValueName xor r8d, r8d ; lpReserved mov [rsp+48h+var_28], rbx mov [rsp+48h+arg_0], 64h call cs:RegQueryValueExW test eax, eax jnz short loc_100025A45 cmp [rsp+48h+Type], 3 jnz short loc_100025A45 cmp [rsp+48h+arg_0], 64h jnz short loc_100025A45 mov ecx, [rbx] mov edx, cs:dword_10002D634 mov r8d, cs:dword_10002D630 lea edi, [rax+1] db 66h nop db 66h, 66h nop loc_100025A30: cmp ecx, r8d jnz short loc_100025A43 cmp [rbx+4], edx jnz short loc_100025A43 inc eax cmp eax, 5 jb short loc_100025A30 jmp short loc_100025A45 loc_100025A43: xor edi, edi loc_100025A45: ; hKey mov rcx, [rsp+48h+hKey] call cs:RegCloseKey test edi, edi jz short loc_100025A69 lea rcx, dword_10002D630 ; void * mov rdx, rbx ; void * mov r8d, 64h ; size_t call memmove loc_100025A69: ; hMem mov rcx, rbx call cs:LocalFree loc_100025A72: mov rdi, [rsp+48h+arg_18] mov rbx, [rsp+48h+arg_10] add rsp, 48h retn sub_100025980 endp algn_100025A81: align 8 stru_100025A88 UNWIND_INFO <1, 42h, 5, 0> UNWIND_CODE <42h, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <10h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100025A98 UNWIND_INFO <1, 13h, 7, 0> UNWIND_CODE <13h, 74h> ; UWOP_SAVE_NONVOL dw 11h UNWIND_CODE <0Fh, 64h> ; UWOP_SAVE_NONVOL dw 10h UNWIND_CODE <0Bh, 34h> ; UWOP_SAVE_NONVOL dw 0Fh UNWIND_CODE <7, 0C2h> ; UWOP_ALLOC_SMALL align 4 stru_100025AAC UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_100025AB4 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 50h> ; UWOP_PUSH_NONVOL stru_100025ABC UNWIND_INFO <9, 12h, 6, 0> UNWIND_CODE <12h, 74h> ; UWOP_SAVE_NONVOL dw 19h UNWIND_CODE <0Eh, 34h> ; UWOP_SAVE_NONVOL dw 18h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 15h dd rva __C_specific_handler dd 1 C_SCOPE_TABLE <rva loc_10001C1C3, \ rva $LN19, \ rva wWinMainCRTStartup$filt$0,\ rva $LN19> stru_100025AE4 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 92h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_100025AEC UNWIND_INFO <1, 69h, 11h, 0> UNWIND_CODE <69h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <59h, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <50h, 34h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <22h, 0F4h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <1Dh, 0E4h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <18h, 0D4h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <13h, 0C4h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <0Eh, 54h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <9, 0C2h> ; UWOP_ALLOC_SMALL align 4 stru_100025B14 UNWIND_INFO <1, 20h, 9, 0> UNWIND_CODE <20h, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <13h, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <0Eh, 54h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_100025B2C UNWIND_INFO <1, 13h, 7, 0> UNWIND_CODE <13h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <0Eh, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100025B40 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_100025B48 UNWIND_INFO <1, 11h, 5, 0> UNWIND_CODE <11h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <0Ch, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100025B58 UNWIND_INFO <1, 1Ch, 5, 0> UNWIND_CODE <1Ch, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <17h, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100025B68 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 50h> ; UWOP_PUSH_NONVOL stru_100025B70 UNWIND_INFO <11h, 18h, 7, 0> UNWIND_CODE <18h, 74h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <13h, 64h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <0Eh, 34h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <9, 62h> ; UWOP_ALLOC_SMALL align 4 dd rva __C_specific_handler dd 1 C_SCOPE_TABLE <rva loc_10001CD6A, \ rva $LN17, \ rva doexit$fin$0, 0> stru_100025B9C UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva _NMSG_WRITE, \ rva loc_10001CF0E, \ rva stru_100025BFC> stru_100025BAC UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 0Dh RUNTIME_FUNCTION <rva _NMSG_WRITE, \ rva loc_10001CF0E, \ rva stru_100025BFC> stru_100025BC0 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_10001CF0E, \ rva loc_10001CF45, \ rva stru_100025BE4> stru_100025BD0 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 64h> ; UWOP_SAVE_NONVOL dw 0Ch RUNTIME_FUNCTION <rva loc_10001CF0E, \ rva loc_10001CF45, \ rva stru_100025BE4> stru_100025BE4 UNWIND_INFO <21h, 30h, 4, 0> UNWIND_CODE <30h, 54h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <5, 74h> ; UWOP_SAVE_NONVOL dw 0Dh RUNTIME_FUNCTION <rva _NMSG_WRITE, \ rva loc_10001CF0E, \ rva stru_100025BFC> stru_100025BFC UNWIND_INFO <1, 0Eh, 5, 0> UNWIND_CODE <0Eh, 0C4h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <4, 82h> ; UWOP_ALLOC_SMALL align 4 stru_100025C0C UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100025C14 UNWIND_INFO <1, 3Ah, 12h, 0> UNWIND_CODE <3Ah, 0F4h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <32h, 0E4h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <2Eh, 0D4h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <26h, 0C4h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <22h, 74h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <1Eh, 64h> ; UWOP_SAVE_NONVOL dw 0Eh UNWIND_CODE <17h, 54h> ; UWOP_SAVE_NONVOL dw 0Fh UNWIND_CODE <13h, 34h> ; UWOP_SAVE_NONVOL dw 10h UNWIND_CODE <0Fh, 1> ; UWOP_ALLOC_LARGE dw 11h stru_100025C3C UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva _XcptFilter, \ rva loc_10001D3C2, \ rva stru_100025C60> stru_100025C4C UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 54h> ; UWOP_SAVE_NONVOL dw 7 RUNTIME_FUNCTION <rva _XcptFilter, \ rva loc_10001D3C2, \ rva stru_100025C60> stru_100025C60 UNWIND_INFO <1, 13h, 7, 0> UNWIND_CODE <13h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <0Eh, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100025C74 UNWIND_INFO <21h, 0, 6, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <0, 34h> ; UWOP_SAVE_NONVOL dw 7 RUNTIME_FUNCTION <rva _wsetenvp, \ rva loc_10001D5AE, \ rva stru_100025CC4> stru_100025C90 UNWIND_INFO <21h, 5, 6, 0> UNWIND_CODE <5, 34h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 8 RUNTIME_FUNCTION <rva _wsetenvp, \ rva loc_10001D5AE, \ rva stru_100025CC4> stru_100025CAC UNWIND_INFO <21h, 39h, 4, 0> UNWIND_CODE <39h, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <5, 74h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva _wsetenvp, \ rva loc_10001D5AE, \ rva stru_100025CC4> stru_100025CC4 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100025CCC UNWIND_INFO <1, 16h, 5, 0> UNWIND_CODE <16h, 74h> ; UWOP_SAVE_NONVOL dw 1 UNWIND_CODE <11h, 34h> ; UWOP_SAVE_NONVOL dw 2 UNWIND_CODE <4, 22h> ; UWOP_ALLOC_SMALL align 4 stru_100025CDC UNWIND_INFO <1, 55h, 7, 0> UNWIND_CODE <55h, 74h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <20h, 64h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <4, 82h> ; UWOP_ALLOC_SMALL align 4 stru_100025CF0 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 0D4h> ; UWOP_SAVE_NONVOL dw 7 RUNTIME_FUNCTION <rva __crtGetEnvironmentStringsW,\ rva loc_10001DC85, \ rva stru_100025D28> stru_100025D04 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva __crtGetEnvironmentStringsW,\ rva loc_10001DC85, \ rva stru_100025D28> stru_100025D14 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 0D4h> ; UWOP_SAVE_NONVOL dw 7 RUNTIME_FUNCTION <rva __crtGetEnvironmentStringsW,\ rva loc_10001DC85, \ rva stru_100025D28> stru_100025D28 UNWIND_INFO <1, 23h, 0Bh, 0> UNWIND_CODE <23h, 0C4h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <1Eh, 74h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <19h, 64h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <14h, 54h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <0Fh, 34h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <4, 82h> ; UWOP_ALLOC_SMALL align 4 stru_100025D44 UNWIND_INFO <21h, 0, 6, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <0, 34h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva __crtGetCommandLineW,\ rva loc_10001DDA1, \ rva stru_100025D94> stru_100025D60 UNWIND_INFO <21h, 8, 6, 0> UNWIND_CODE <8, 34h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 0Ah RUNTIME_FUNCTION <rva __crtGetCommandLineW,\ rva loc_10001DDA1, \ rva stru_100025D94> stru_100025D7C UNWIND_INFO <21h, 0Ah, 4, 0> UNWIND_CODE <0Ah, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <5, 64h> ; UWOP_SAVE_NONVOL dw 0Ah RUNTIME_FUNCTION <rva __crtGetCommandLineW,\ rva loc_10001DDA1, \ rva stru_100025D94> stru_100025D94 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_100025D9C UNWIND_INFO <1, 7, 3, 0> UNWIND_CODE <7, 42h> ; UWOP_ALLOC_SMALL UNWIND_CODE <3, 50h> ; UWOP_PUSH_NONVOL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL align 4 stru_100025DA8 UNWIND_INFO <9, 26h, 10h, 0> UNWIND_CODE <26h, 0F4h> ; UWOP_SAVE_NONVOL dw 12h UNWIND_CODE <22h, 0E4h> ; UWOP_SAVE_NONVOL dw 13h UNWIND_CODE <1Eh, 0D4h> ; UWOP_SAVE_NONVOL dw 14h UNWIND_CODE <1Ah, 0C4h> ; UWOP_SAVE_NONVOL dw 19h UNWIND_CODE <16h, 74h> ; UWOP_SAVE_NONVOL dw 18h UNWIND_CODE <12h, 64h> ; UWOP_SAVE_NONVOL dw 17h UNWIND_CODE <0Eh, 34h> ; UWOP_SAVE_NONVOL dw 16h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 15h dd rva __C_specific_handler dd 1 C_SCOPE_TABLE <rva loc_10001DE86, \ rva loc_10001DE92, \ rva _ioinit$filt$0, \ rva $LN37> stru_100025DE4 UNWIND_INFO <1, 0Eh, 5, 0> UNWIND_CODE <0Eh, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100025DF4 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva _getptd, \ rva loc_10001E229, \ rva stru_100025E18> stru_100025E04 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 74h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva _getptd, \ rva loc_10001E229, \ rva stru_100025E18> stru_100025E18 UNWIND_INFO <1, 9, 3, 0> UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100025E24 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 50h> ; UWOP_PUSH_NONVOL stru_100025E2C UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 50h> ; UWOP_PUSH_NONVOL stru_100025E34 UNWIND_INFO <11h, 0Eh, 2, 0> UNWIND_CODE <0Eh, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <0Ah, 30h> ; UWOP_PUSH_NONVOL dd rva __C_specific_handler dd 2 C_SCOPE_TABLE <rva loc_10001E35B, \ rva $LN24, \ rva _freefls$fin$1, 0> C_SCOPE_TABLE <rva loc_10001E38F, \ rva $LN28, \ rva _freefls$fin$0, 0> stru_100025E64 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_100025E6C UNWIND_INFO <1, 8, 1, 0> UNWIND_CODE <8, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100025E74 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva _flsbuf, \ rva loc_10001E67E, \ rva stru_100025EFC> stru_100025E84 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 5 RUNTIME_FUNCTION <rva _flsbuf, \ rva loc_10001E67E, \ rva stru_100025EFC> stru_100025E98 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 5 RUNTIME_FUNCTION <rva _flsbuf, \ rva loc_10001E67E, \ rva stru_100025EFC> stru_100025EAC UNWIND_INFO <21h, 0, 4, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <0, 54h> ; UWOP_SAVE_NONVOL dw 0Bh RUNTIME_FUNCTION <rva _flsbuf, \ rva loc_10001E67E, \ rva stru_100025EFC> stru_100025EC4 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_10001E67E, \ rva loc_10001E6EB, \ rva stru_100025EE8> stru_100025ED4 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 54h> ; UWOP_SAVE_NONVOL dw 0Bh RUNTIME_FUNCTION <rva loc_10001E67E, \ rva loc_10001E6EB, \ rva stru_100025EE8> stru_100025EE8 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 74h> ; UWOP_SAVE_NONVOL dw 5 RUNTIME_FUNCTION <rva _flsbuf, \ rva loc_10001E67E, \ rva stru_100025EFC> stru_100025EFC UNWIND_INFO <1, 15h, 5, 0> UNWIND_CODE <15h, 64h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <10h, 34h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <8, 62h> ; UWOP_ALLOC_SMALL align 4 stru_100025F0C UNWIND_INFO <21h, 0, 10h, 0> UNWIND_CODE <0, 0F4h> ; UWOP_SAVE_NONVOL dw 92h UNWIND_CODE <0, 0E4h> ; UWOP_SAVE_NONVOL dw 93h UNWIND_CODE <0, 0D4h> ; UWOP_SAVE_NONVOL dw 94h UNWIND_CODE <0, 0C4h> ; UWOP_SAVE_NONVOL dw 95h UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 96h UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 97h UNWIND_CODE <0, 54h> ; UWOP_SAVE_NONVOL dw 98h UNWIND_CODE <0, 34h> ; UWOP_SAVE_NONVOL dw 9Dh RUNTIME_FUNCTION <rva _woutput, \ rva loc_10001E829, \ rva stru_100025FD4> stru_100025F3C UNWIND_INFO <21h, 0, 0Ch, 0> UNWIND_CODE <0, 0F4h> ; UWOP_SAVE_NONVOL dw 92h UNWIND_CODE <0, 0E4h> ; UWOP_SAVE_NONVOL dw 93h UNWIND_CODE <0, 0D4h> ; UWOP_SAVE_NONVOL dw 94h UNWIND_CODE <0, 0C4h> ; UWOP_SAVE_NONVOL dw 95h UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 96h UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 97h RUNTIME_FUNCTION <rva _woutput, \ rva loc_10001E829, \ rva stru_100025FD4> stru_100025F64 UNWIND_INFO <21h, 0, 10h, 0> UNWIND_CODE <0, 0F4h> ; UWOP_SAVE_NONVOL dw 92h UNWIND_CODE <0, 0E4h> ; UWOP_SAVE_NONVOL dw 93h UNWIND_CODE <0, 0D4h> ; UWOP_SAVE_NONVOL dw 94h UNWIND_CODE <0, 0C4h> ; UWOP_SAVE_NONVOL dw 95h UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 96h UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 97h UNWIND_CODE <0, 54h> ; UWOP_SAVE_NONVOL dw 98h UNWIND_CODE <0, 34h> ; UWOP_SAVE_NONVOL dw 9Dh RUNTIME_FUNCTION <rva _woutput, \ rva loc_10001E829, \ rva stru_100025FD4> stru_100025F94 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva _woutput, \ rva loc_10001E829, \ rva stru_100025FD4> stru_100025FA4 UNWIND_INFO <21h, 72h, 10h, 0> UNWIND_CODE <72h, 54h> ; UWOP_SAVE_NONVOL dw 98h UNWIND_CODE <65h, 34h> ; UWOP_SAVE_NONVOL dw 9Dh UNWIND_CODE <18h, 0F4h> ; UWOP_SAVE_NONVOL dw 92h UNWIND_CODE <14h, 0E4h> ; UWOP_SAVE_NONVOL dw 93h UNWIND_CODE <10h, 0D4h> ; UWOP_SAVE_NONVOL dw 94h UNWIND_CODE <0Ch, 0C4h> ; UWOP_SAVE_NONVOL dw 95h UNWIND_CODE <8, 74h> ; UWOP_SAVE_NONVOL dw 96h UNWIND_CODE <4, 64h> ; UWOP_SAVE_NONVOL dw 97h RUNTIME_FUNCTION <rva _woutput, \ rva loc_10001E829, \ rva stru_100025FD4> stru_100025FD4 UNWIND_INFO <1, 19h, 2, 0> UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 99h stru_100025FDC UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100025FE4 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100025FEC UNWIND_INFO <1, 2Ch, 7, 0> UNWIND_CODE <2Ch, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <27h, 34h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <9, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100026000 UNWIND_INFO <1, 0Ah, 2, 0> UNWIND_CODE <0Ah, 52h> ; UWOP_ALLOC_SMALL UNWIND_CODE <6, 30h> ; UWOP_PUSH_NONVOL stru_100026008 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_100026010 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_100026018 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 50h> ; UWOP_PUSH_NONVOL stru_100026020 UNWIND_INFO <11h, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL dd rva __C_specific_handler dd 1 C_SCOPE_TABLE <rva loc_10001FC01, \ rva $LN8, \ rva __updatetlocinfo$fin$0,\ 0> stru_100026040 UNWIND_INFO <1, 29h, 0Dh, 0> UNWIND_CODE <29h, 0D4h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <1Dh, 0C4h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <18h, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <13h, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <0Eh, 54h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_100026060 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva _mtdeletelocks, \ rva loc_10001FD0E, \ rva stru_10002608C> stru_100026070 UNWIND_INFO <21h, 20h, 6, 0> UNWIND_CODE <20h, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <0Ah, 0C4h> ; UWOP_SAVE_NONVOL dw 4 UNWIND_CODE <5, 74h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva _mtdeletelocks, \ rva loc_10001FD0E, \ rva stru_10002608C> stru_10002608C UNWIND_INFO <1, 0Eh, 5, 0> UNWIND_CODE <0Eh, 54h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_10002609C UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 50h> ; UWOP_PUSH_NONVOL stru_1000260A4 UNWIND_INFO <11h, 13h, 7, 0> UNWIND_CODE <13h, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <0Eh, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 dd rva __C_specific_handler dd 2 C_SCOPE_TABLE <rva loc_10001FE55, \ rva loc_10001FE92, \ rva _mtinitlocknum$fin$0,\ 0> C_SCOPE_TABLE <rva loc_10001FE97, \ rva $LN15_0, \ rva _mtinitlocknum$fin$0,\ 0> stru_1000260E0 UNWIND_INFO <1, 0Eh, 5, 0> UNWIND_CODE <0Eh, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_1000260F0 UNWIND_INFO <1, 1Fh, 0Bh, 0> UNWIND_CODE <1Fh, 0C4h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <1Ah, 74h> ; UWOP_SAVE_NONVOL dw 0Fh UNWIND_CODE <13h, 64h> ; UWOP_SAVE_NONVOL dw 0Eh UNWIND_CODE <0Eh, 54h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <4, 0A2h> ; UWOP_ALLOC_SMALL align 4 stru_10002610C UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100026114 UNWIND_INFO <1, 1Ah, 9, 0> UNWIND_CODE <1Ah, 34h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <13h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <0Eh, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <9, 54h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_10002612C UNWIND_INFO <1, 29h, 0Bh, 0> UNWIND_CODE <29h, 34h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <18h, 0C4h> ; UWOP_SAVE_NONVOL dw 4 UNWIND_CODE <13h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <0Eh, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <9, 54h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100026148 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100026150 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 50h> ; UWOP_PUSH_NONVOL stru_100026158 UNWIND_INFO <9, 0Eh, 5, 0> UNWIND_CODE <0Eh, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 dd rva __C_specific_handler dd 1 C_SCOPE_TABLE <rva loc_1000204A4, \ rva $LN13_0, \ rva __crtInitCritSecAndSpinCount$filt$0,\ rva $LN13_0> stru_100026180 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva setSBUpLow, \ rva loc_100020570, \ rva stru_1000261A4> stru_100026190 UNWIND_INFO <21h, 8, 2, 0> UNWIND_CODE <8, 74h> ; UWOP_SAVE_NONVOL dw 0B3h RUNTIME_FUNCTION <rva setSBUpLow, \ rva loc_100020570, \ rva stru_1000261A4> stru_1000261A4 UNWIND_INFO <1, 2Ch, 6, 0> UNWIND_CODE <2Ch, 64h> ; UWOP_SAVE_NONVOL dw 0B2h UNWIND_CODE <23h, 34h> ; UWOP_SAVE_NONVOL dw 0B1h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 0AFh stru_1000261B4 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva _setmbcp_lk, \ rva loc_1000207C6, \ rva stru_100026200> stru_1000261C4 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_1000207C6, \ rva loc_1000208ED, \ rva stru_1000261E8> stru_1000261D4 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 0C4h> ; UWOP_SAVE_NONVOL dw 0Ah RUNTIME_FUNCTION <rva loc_1000207C6, \ rva loc_1000208ED, \ rva stru_1000261E8> stru_1000261E8 UNWIND_INFO <21h, 0Ch, 4, 0> UNWIND_CODE <0Ch, 0D4h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <5, 54h> ; UWOP_SAVE_NONVOL dw 0Dh RUNTIME_FUNCTION <rva _setmbcp_lk, \ rva loc_1000207C6, \ rva stru_100026200> stru_100026200 UNWIND_INFO <1, 21h, 7, 0> UNWIND_CODE <21h, 74h> ; UWOP_SAVE_NONVOL dw 0Fh UNWIND_CODE <1Ch, 64h> ; UWOP_SAVE_NONVOL dw 0Eh UNWIND_CODE <17h, 34h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <4, 0A2h> ; UWOP_ALLOC_SMALL align 4 stru_100026214 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 50h> ; UWOP_PUSH_NONVOL stru_10002621C UNWIND_INFO <11h, 18h, 9, 0> UNWIND_CODE <18h, 0C4h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <13h, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <0Eh, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 dd rva __C_specific_handler dd 1 C_SCOPE_TABLE <rva loc_100020B59, \ rva $LN24_0, \ rva _setmbcp$fin$0, 0> stru_10002624C UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100026254 UNWIND_INFO <1, 18h, 7, 0> UNWIND_CODE <18h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <11h, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100026268 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 50h> ; UWOP_PUSH_NONVOL stru_100026270 UNWIND_INFO <11h, 26h, 0Dh, 0> UNWIND_CODE <26h, 0E4h> ; UWOP_SAVE_NONVOL dw 4 UNWIND_CODE <21h, 0D4h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <1Ch, 0C4h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <17h, 74h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <12h, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <0Dh, 34h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <8, 82h> ; UWOP_ALLOC_SMALL align 4 dd rva __C_specific_handler dd 1 C_SCOPE_TABLE <rva loc_100020E62, \ rva $LN12_1, \ rva _lseek$fin$0, 0> stru_1000262A8 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva _write_lk, \ rva loc_100020F53, \ rva stru_10002631C> stru_1000262B8 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_100020F53, \ rva loc_100020FCB, \ rva stru_100026300> stru_1000262C8 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 34h> ; UWOP_SAVE_NONVOL dw 97h RUNTIME_FUNCTION <rva loc_100020F53, \ rva loc_100020FCB, \ rva stru_100026300> stru_1000262DC UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_100020F53, \ rva loc_100020FCB, \ rva stru_100026300> stru_1000262EC UNWIND_INFO <21h, 8, 2, 0> UNWIND_CODE <8, 34h> ; UWOP_SAVE_NONVOL dw 97h RUNTIME_FUNCTION <rva loc_100020F53, \ rva loc_100020FCB, \ rva stru_100026300> stru_100026300 UNWIND_INFO <21h, 5Dh, 6, 0> UNWIND_CODE <5Dh, 0E4h> ; UWOP_SAVE_NONVOL dw 8Dh UNWIND_CODE <55h, 74h> ; UWOP_SAVE_NONVOL dw 90h UNWIND_CODE <8, 0F4h> ; UWOP_SAVE_NONVOL dw 8Ch RUNTIME_FUNCTION <rva _write_lk, \ rva loc_100020F53, \ rva stru_10002631C> stru_10002631C UNWIND_INFO <1, 29h, 0Ah, 0> UNWIND_CODE <29h, 0D4h> ; UWOP_SAVE_NONVOL dw 8Eh UNWIND_CODE <25h, 0C4h> ; UWOP_SAVE_NONVOL dw 8Fh UNWIND_CODE <21h, 64h> ; UWOP_SAVE_NONVOL dw 91h UNWIND_CODE <1Dh, 54h> ; UWOP_SAVE_NONVOL dw 92h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 93h stru_100026334 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 50h> ; UWOP_PUSH_NONVOL stru_10002633C UNWIND_INFO <11h, 26h, 0Dh, 0> UNWIND_CODE <26h, 0E4h> ; UWOP_SAVE_NONVOL dw 4 UNWIND_CODE <21h, 0D4h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <1Ch, 0C4h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <17h, 74h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <12h, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <0Dh, 34h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <8, 82h> ; UWOP_ALLOC_SMALL align 4 dd rva __C_specific_handler dd 1 C_SCOPE_TABLE <rva loc_1000211F2, \ rva $LN12_2, \ rva _write$fin$0, 0> stru_100026374 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_10002637C UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_100026384 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_10002638C UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva _putwc_lk, \ rva loc_1000215E2, \ rva stru_1000263DC> stru_10002639C UNWIND_INFO <21h, 0, 4, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 8 RUNTIME_FUNCTION <rva _putwc_lk, \ rva loc_1000215E2, \ rva stru_1000263DC> stru_1000263B4 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva _putwc_lk, \ rva loc_1000215E2, \ rva stru_1000263DC> stru_1000263C4 UNWIND_INFO <21h, 0Ah, 4, 0> UNWIND_CODE <0Ah, 74h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <5, 64h> ; UWOP_SAVE_NONVOL dw 8 RUNTIME_FUNCTION <rva _putwc_lk, \ rva loc_1000215E2, \ rva stru_1000263DC> stru_1000263DC UNWIND_INFO <1, 1Eh, 5, 0> UNWIND_CODE <1Eh, 54h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <19h, 34h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <4, 82h> ; UWOP_ALLOC_SMALL align 4 stru_1000263EC UNWIND_INFO <1, 16h, 7, 0> UNWIND_CODE <16h, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <11h, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <0Ch, 34h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_100026400 UNWIND_INFO <1, 13h, 7, 0> UNWIND_CODE <13h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <0Eh, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100026414 UNWIND_INFO <9, 47h, 12h, 45h> UNWIND_CODE <3Ch, 0F4h> ; UWOP_SAVE_NONVOL dw 0Fh UNWIND_CODE <38h, 0E4h> ; UWOP_SAVE_NONVOL dw 10h UNWIND_CODE <34h, 0D4h> ; UWOP_SAVE_NONVOL dw 11h UNWIND_CODE <30h, 0C4h> ; UWOP_SAVE_NONVOL dw 12h UNWIND_CODE <2Ch, 74h> ; UWOP_SAVE_NONVOL dw 13h UNWIND_CODE <28h, 64h> ; UWOP_SAVE_NONVOL dw 14h UNWIND_CODE <24h, 34h> ; UWOP_SAVE_NONVOL dw 15h UNWIND_CODE <20h, 43h> ; UWOP_SET_FPREG UNWIND_CODE <1Bh, 1> ; UWOP_ALLOC_LARGE dw 16h UNWIND_CODE <14h, 50h> ; UWOP_PUSH_NONVOL dd rva __C_specific_handler dd 2 C_SCOPE_TABLE <rva loc_1000219A5, \ ; Microsoft VisualC v7/9 64bit runtime rva unknown_libname_7, \ rva loc_100000001, \ rva unknown_libname_7> C_SCOPE_TABLE <rva loc_100021A5D, \ ; Microsoft VisualC v7/9 64bit runtime rva unknown_libname_8, \ rva loc_100000001, \ rva unknown_libname_8> stru_100026464 UNWIND_INFO <1, 0Eh, 2, 0> UNWIND_CODE <0Eh, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <0Ah, 30h> ; UWOP_PUSH_NONVOL stru_10002646C UNWIND_INFO <1, 0Ah, 2, 0> UNWIND_CODE <0Ah, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <6, 30h> ; UWOP_PUSH_NONVOL stru_100026474 UNWIND_INFO <1, 0Eh, 2, 0> UNWIND_CODE <0Eh, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <0Ah, 30h> ; UWOP_PUSH_NONVOL stru_10002647C UNWIND_INFO <9, 47h, 12h, 35h> UNWIND_CODE <3Ch, 0F4h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <38h, 0E4h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <34h, 0D4h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <30h, 0C4h> ; UWOP_SAVE_NONVOL dw 0Eh UNWIND_CODE <2Ch, 74h> ; UWOP_SAVE_NONVOL dw 0Fh UNWIND_CODE <28h, 64h> ; UWOP_SAVE_NONVOL dw 10h UNWIND_CODE <24h, 34h> ; UWOP_SAVE_NONVOL dw 11h UNWIND_CODE <20h, 33h> ; UWOP_SET_FPREG UNWIND_CODE <1Bh, 1> ; UWOP_ALLOC_LARGE dw 12h UNWIND_CODE <14h, 50h> ; UWOP_PUSH_NONVOL dd rva __C_specific_handler dd 1 C_SCOPE_TABLE <rva loc_100022142, \ rva $LN26_0, \ rva loc_100000001, \ rva $LN26_0> align 20h stru_1000264C0 UNWIND_INFO <1, 7, 2, 0> UNWIND_CODE <7, 1> ; UWOP_ALLOC_LARGE dw 9Bh stru_1000264C8 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva unknown_libname_10,\ ; Microsoft VisualC v7/9 64bit runtime rva loc_1000224B8, \ rva stru_10002652C> stru_1000264D8 UNWIND_INFO <21h, 0, 4, 0> UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <0, 34h> ; UWOP_SAVE_NONVOL dw 7 RUNTIME_FUNCTION <rva loc_1000224B8, \ rva loc_1000224C5, \ rva stru_100026518> stru_1000264F0 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_1000224B8, \ rva loc_1000224C5, \ rva stru_100026518> stru_100026500 UNWIND_INFO <21h, 0Ah, 4, 0> UNWIND_CODE <0Ah, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <5, 34h> ; UWOP_SAVE_NONVOL dw 7 RUNTIME_FUNCTION <rva loc_1000224B8, \ rva loc_1000224C5, \ rva stru_100026518> stru_100026518 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 74h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva unknown_libname_10,\ ; Microsoft VisualC v7/9 64bit runtime rva loc_1000224B8, \ rva stru_10002652C> stru_10002652C UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100026534 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_10002653C UNWIND_INFO <9, 46h, 12h, 45h> UNWIND_CODE <3Bh, 0F4h> ; UWOP_SAVE_NONVOL dw 11h UNWIND_CODE <37h, 0E4h> ; UWOP_SAVE_NONVOL dw 12h UNWIND_CODE <33h, 0D4h> ; UWOP_SAVE_NONVOL dw 13h UNWIND_CODE <2Fh, 0C4h> ; UWOP_SAVE_NONVOL dw 14h UNWIND_CODE <2Bh, 74h> ; UWOP_SAVE_NONVOL dw 15h UNWIND_CODE <27h, 64h> ; UWOP_SAVE_NONVOL dw 16h UNWIND_CODE <23h, 34h> ; UWOP_SAVE_NONVOL dw 17h UNWIND_CODE <1Fh, 43h> ; UWOP_SET_FPREG UNWIND_CODE <1Ah, 1> ; UWOP_ALLOC_LARGE dw 18h UNWIND_CODE <13h, 50h> ; UWOP_PUSH_NONVOL dd rva __C_specific_handler dd 3 C_SCOPE_TABLE <rva loc_10002274E, \ ; Microsoft VisualC v7/9 64bit runtime rva unknown_libname_13, \ rva loc_100000001, \ rva unknown_libname_13> C_SCOPE_TABLE <rva loc_100022867, \ ; Microsoft VisualC v7/9 64bit runtime rva unknown_libname_14, \ rva loc_100000001, \ rva unknown_libname_14> C_SCOPE_TABLE <rva loc_100022A40, \ ; Microsoft VisualC v7/9 64bit runtime rva unknown_libname_16, \ rva loc_100000001, \ rva unknown_libname_16> stru_10002659C UNWIND_INFO <1, 19h, 7, 0> UNWIND_CODE <19h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <14h, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <0Fh, 34h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_1000265B0 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_1000265B8 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 50h> ; UWOP_PUSH_NONVOL stru_1000265C0 UNWIND_INFO <11h, 18h, 9, 0> UNWIND_CODE <18h, 0C4h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <13h, 74h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <0Eh, 64h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 dd rva __C_specific_handler dd 2 C_SCOPE_TABLE <rva loc_100022D7D, \ rva loc_100022DA7, \ rva _lock_fhandle$fin$0, 0> C_SCOPE_TABLE <rva loc_100022DAC, \ rva $LN11_0, \ rva _lock_fhandle$fin$0, 0> stru_100026600 UNWIND_INFO <1, 11h, 5, 0> UNWIND_CODE <11h, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_100026610 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 50h> ; UWOP_PUSH_NONVOL stru_100026618 UNWIND_INFO <11h, 18h, 9, 0> UNWIND_CODE <18h, 0C4h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <13h, 74h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <0Eh, 64h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 dd rva __C_specific_handler dd 1 C_SCOPE_TABLE <rva loc_100022F39, \ rva $LN14_1, \ rva _fcloseall$fin$0, 0> stru_100026648 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva _flush, \ rva loc_100023026, \ rva stru_10002666C> stru_100026658 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 74h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva _flush, \ rva loc_100023026, \ rva stru_10002666C> stru_10002666C UNWIND_INFO <1, 16h, 5, 0> UNWIND_CODE <16h, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_10002667C UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva _fflush_lk, \ rva loc_1000230A1, \ rva stru_1000266C4> stru_10002668C UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_1000230A1, \ rva loc_1000230B6, \ rva stru_1000266B0> stru_10002669C UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 74h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva loc_1000230A1, \ rva loc_1000230B6, \ rva stru_1000266B0> stru_1000266B0 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 64h> ; UWOP_SAVE_NONVOL dw 8 RUNTIME_FUNCTION <rva _fflush_lk, \ rva loc_1000230A1, \ rva stru_1000266C4> stru_1000266C4 UNWIND_INFO <1, 9, 3, 0> UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_1000266D0 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 50h> ; UWOP_PUSH_NONVOL stru_1000266D8 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 50h> ; UWOP_PUSH_NONVOL stru_1000266E0 UNWIND_INFO <11h, 22h, 0Dh, 0> UNWIND_CODE <22h, 0E4h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <1Dh, 0D4h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <18h, 0C4h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <13h, 74h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <0Eh, 64h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <4, 82h> ; UWOP_ALLOC_SMALL align 4 dd rva __C_specific_handler dd 2 C_SCOPE_TABLE <rva loc_1000231BF, \ rva $LN25_0, \ rva flsall$fin$0, 0> C_SCOPE_TABLE <rva loc_100023183, \ rva $LN21_1, \ rva flsall$fin$1, 0> stru_100026728 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva _flswbuf, \ rva loc_1000232F2, \ rva stru_10002679C> stru_100026738 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 0Bh RUNTIME_FUNCTION <rva _flswbuf, \ rva loc_1000232F2, \ rva stru_10002679C> stru_10002674C UNWIND_INFO <21h, 0, 4, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <0, 54h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva _flswbuf, \ rva loc_1000232F2, \ rva stru_10002679C> stru_100026764 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_1000232F2, \ rva loc_10002335F, \ rva stru_100026788> stru_100026774 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 54h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva loc_1000232F2, \ rva loc_10002335F, \ rva stru_100026788> stru_100026788 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 74h> ; UWOP_SAVE_NONVOL dw 0Bh RUNTIME_FUNCTION <rva _flswbuf, \ rva loc_1000232F2, \ rva stru_10002679C> stru_10002679C UNWIND_INFO <1, 1Dh, 7, 0> UNWIND_CODE <1Dh, 0C4h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <0Eh, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_1000267B0 UNWIND_INFO <1, 0Eh, 5, 0> UNWIND_CODE <0Eh, 74h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <4, 82h> ; UWOP_ALLOC_SMALL align 4 stru_1000267C0 UNWIND_INFO <1, 47h, 12h, 25h> UNWIND_CODE <3Ch, 0F4h> ; UWOP_SAVE_NONVOL dw 13h UNWIND_CODE <38h, 0E4h> ; UWOP_SAVE_NONVOL dw 14h UNWIND_CODE <31h, 0D4h> ; UWOP_SAVE_NONVOL dw 15h UNWIND_CODE <2Ah, 0C4h> ; UWOP_SAVE_NONVOL dw 1Bh UNWIND_CODE <23h, 74h> ; UWOP_SAVE_NONVOL dw 1Ah UNWIND_CODE <1Ch, 64h> ; UWOP_SAVE_NONVOL dw 19h UNWIND_CODE <15h, 34h> ; UWOP_SAVE_NONVOL dw 18h UNWIND_CODE <0Eh, 23h> ; UWOP_SET_FPREG UNWIND_CODE <9, 1> ; UWOP_ALLOC_LARGE dw 16h UNWIND_CODE <2, 50h> ; UWOP_PUSH_NONVOL stru_1000267E8 UNWIND_INFO <1, 10h, 1, 0> UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_1000267F0 UNWIND_INFO <9, 4Eh, 12h, 45h> UNWIND_CODE <43h, 0F4h> ; UWOP_SAVE_NONVOL dw 17h UNWIND_CODE <3Fh, 0E4h> ; UWOP_SAVE_NONVOL dw 18h UNWIND_CODE <38h, 0D4h> ; UWOP_SAVE_NONVOL dw 19h UNWIND_CODE <31h, 0C4h> ; UWOP_SAVE_NONVOL dw 1Ah UNWIND_CODE <2Ah, 74h> ; UWOP_SAVE_NONVOL dw 1Bh UNWIND_CODE <23h, 64h> ; UWOP_SAVE_NONVOL dw 1Ch UNWIND_CODE <1Ch, 34h> ; UWOP_SAVE_NONVOL dw 1Dh UNWIND_CODE <15h, 43h> ; UWOP_SET_FPREG UNWIND_CODE <10h, 1> ; UWOP_ALLOC_LARGE dw 1Eh UNWIND_CODE <9, 50h> ; UWOP_PUSH_NONVOL dd rva __C_specific_handler dd 1 C_SCOPE_TABLE <rva loc_1000238B2, \ rva $LN27, \ rva loc_100000001, \ rva $LN27> stru_100026830 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 12h> ; UWOP_ALLOC_SMALL align 4 stru_100026838 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva atol, \ rva loc_100023ABD, \ rva stru_10002685C> stru_100026848 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 74h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva atol, \ rva loc_100023ABD, \ rva stru_10002685C> stru_10002685C UNWIND_INFO <1, 0Ch, 3, 0> UNWIND_CODE <0Ch, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100026868 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100026870 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva _fclose_lk, \ rva loc_100023BB2, \ rva stru_1000268BC> stru_100026880 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva _fclose_lk, \ rva loc_100023BB2, \ rva stru_1000268BC> stru_100026894 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva _fclose_lk, \ rva loc_100023BB2, \ rva stru_1000268BC> stru_1000268A8 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 74h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva _fclose_lk, \ rva loc_100023BB2, \ rva stru_1000268BC> stru_1000268BC UNWIND_INFO <1, 0Dh, 3, 0> UNWIND_CODE <0Dh, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_1000268C8 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 50h> ; UWOP_PUSH_NONVOL stru_1000268D0 UNWIND_INFO <11h, 13h, 5, 0> UNWIND_CODE <13h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <0Eh, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <9, 42h> ; UWOP_ALLOC_SMALL align 4 dd rva __C_specific_handler dd 1 C_SCOPE_TABLE <rva loc_100023C80, \ rva $LN10_1, \ rva fclose$fin$0, 0> stru_1000268F8 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 50h> ; UWOP_PUSH_NONVOL stru_100026900 UNWIND_INFO <11h, 1Ch, 9, 0> UNWIND_CODE <1Ch, 0C4h> ; UWOP_SAVE_NONVOL dw 4 UNWIND_CODE <17h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <12h, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <0Dh, 34h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <8, 42h> ; UWOP_ALLOC_SMALL align 4 dd rva __C_specific_handler dd 1 C_SCOPE_TABLE <rva loc_100023D22, \ rva $LN14_2, \ rva _commit$fin$0, 0> stru_100026930 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 72h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_100026938 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva _close_lk, \ rva loc_100023E79, \ rva stru_10002695C> stru_100026948 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 74h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva _close_lk, \ rva loc_100023E79, \ rva stru_10002695C> stru_10002695C UNWIND_INFO <1, 9, 3, 0> UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100026968 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 50h> ; UWOP_PUSH_NONVOL stru_100026970 UNWIND_INFO <11h, 1Ch, 9, 0> UNWIND_CODE <1Ch, 0C4h> ; UWOP_SAVE_NONVOL dw 4 UNWIND_CODE <17h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <12h, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <0Dh, 34h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <8, 42h> ; UWOP_ALLOC_SMALL align 4 dd rva __C_specific_handler dd 1 C_SCOPE_TABLE <rva loc_100023F82, \ rva $LN12_6, \ rva _close$fin$0, 0> stru_1000269A0 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_1000269A8 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100024090, \ rva loc_1000240F0, \ rva stru_1000269CC> stru_1000269B8 UNWIND_INFO <21h, 4, 2, 0> UNWIND_CODE <4, 34h> ; UWOP_SAVE_NONVOL dw 32h RUNTIME_FUNCTION <rva sub_100024090, \ rva loc_1000240F0, \ rva stru_1000269CC> stru_1000269CC UNWIND_INFO <1, 37h, 0Ch, 0> UNWIND_CODE <37h, 0D4h> ; UWOP_SAVE_NONVOL dw 2Dh UNWIND_CODE <33h, 0C4h> ; UWOP_SAVE_NONVOL dw 2Eh UNWIND_CODE <2Fh, 74h> ; UWOP_SAVE_NONVOL dw 2Fh UNWIND_CODE <28h, 64h> ; UWOP_SAVE_NONVOL dw 30h UNWIND_CODE <24h, 54h> ; UWOP_SAVE_NONVOL dw 31h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 33h stru_1000269E8 UNWIND_INFO <1, 18h, 1, 0> UNWIND_CODE <18h, 0C2h> ; UWOP_ALLOC_SMALL align 4 stru_1000269F0 UNWIND_INFO <1, 18h, 1, 0> UNWIND_CODE <18h, 0C2h> ; UWOP_ALLOC_SMALL align 4 stru_1000269F8 UNWIND_INFO <1, 18h, 1, 0> UNWIND_CODE <18h, 0C2h> ; UWOP_ALLOC_SMALL align 4 stru_100026A00 UNWIND_INFO <1, 28h, 9, 0> UNWIND_CODE <28h, 74h> ; UWOP_SAVE_NONVOL dw 0Fh UNWIND_CODE <13h, 64h> ; UWOP_SAVE_NONVOL dw 0Eh UNWIND_CODE <0Eh, 54h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <4, 0A2h> ; UWOP_ALLOC_SMALL align 4 stru_100026A18 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 52h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_100026A20 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_100026A28 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100026A30 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_1000246B0, \ rva loc_1000246C8, \ rva stru_100026A58> stru_100026A40 UNWIND_INFO <21h, 14h, 4, 0> UNWIND_CODE <14h, 74h> ; UWOP_SAVE_NONVOL dw 0Fh UNWIND_CODE <5, 64h> ; UWOP_SAVE_NONVOL dw 0Eh RUNTIME_FUNCTION <rva sub_1000246B0, \ rva loc_1000246C8, \ rva stru_100026A58> stru_100026A58 UNWIND_INFO <1, 0Eh, 5, 0> UNWIND_CODE <0Eh, 54h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <4, 0A2h> ; UWOP_ALLOC_SMALL align 4 stru_100026A68 UNWIND_INFO <1, 26h, 6, 0> UNWIND_CODE <26h, 74h> ; UWOP_SAVE_NONVOL dw 2Eh UNWIND_CODE <1Dh, 34h> ; UWOP_SAVE_NONVOL dw 33h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 2Fh stru_100026A78 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_100026A80 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_100026A88 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 52h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 70h> ; UWOP_PUSH_NONVOL stru_100026A90 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_100026A98 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 52h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_100026AA0 UNWIND_INFO <1, 15h, 5, 0> UNWIND_CODE <15h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <10h, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100026AB0 UNWIND_INFO <1, 18h, 1, 0> UNWIND_CODE <18h, 0C2h> ; UWOP_ALLOC_SMALL align 4 stru_100026AB8 UNWIND_INFO <1, 18h, 1, 0> UNWIND_CODE <18h, 0C2h> ; UWOP_ALLOC_SMALL align 4 stru_100026AC0 UNWIND_INFO <1, 2Eh, 0Ah, 0> UNWIND_CODE <2Eh, 74h> ; UWOP_SAVE_NONVOL dw 67h UNWIND_CODE <25h, 64h> ; UWOP_SAVE_NONVOL dw 68h UNWIND_CODE <21h, 54h> ; UWOP_SAVE_NONVOL dw 6Dh UNWIND_CODE <1Dh, 34h> ; UWOP_SAVE_NONVOL dw 6Ch UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 69h stru_100026AD8 UNWIND_INFO <1, 7, 1, 0> UNWIND_CODE <7, 0E2h> ; UWOP_ALLOC_SMALL align 4 stru_100026AE0 UNWIND_INFO <1, 13h, 7, 0> UNWIND_CODE <13h, 74h> ; UWOP_SAVE_NONVOL dw 13h UNWIND_CODE <0Fh, 64h> ; UWOP_SAVE_NONVOL dw 12h UNWIND_CODE <0Bh, 34h> ; UWOP_SAVE_NONVOL dw 11h UNWIND_CODE <7, 0E2h> ; UWOP_ALLOC_SMALL align 4 stru_100026AF4 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_100026AFC UNWIND_INFO <1, 35h, 12h, 0> UNWIND_CODE <35h, 0F4h> ; UWOP_SAVE_NONVOL dw 11h UNWIND_CODE <2Dh, 0E4h> ; UWOP_SAVE_NONVOL dw 12h UNWIND_CODE <22h, 0D4h> ; UWOP_SAVE_NONVOL dw 13h UNWIND_CODE <1Eh, 0C4h> ; UWOP_SAVE_NONVOL dw 14h UNWIND_CODE <1Ah, 74h> ; UWOP_SAVE_NONVOL dw 19h UNWIND_CODE <16h, 64h> ; UWOP_SAVE_NONVOL dw 18h UNWIND_CODE <12h, 54h> ; UWOP_SAVE_NONVOL dw 17h UNWIND_CODE <0Eh, 34h> ; UWOP_SAVE_NONVOL dw 16h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 15h stru_100026B24 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_100026B2C UNWIND_INFO <1, 18h, 3, 0> UNWIND_CODE <9, 1> ; UWOP_ALLOC_LARGE dw 48h UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL align 4 stru_100026B38 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_1000187C0, \ rva sub_1000187E4, \ rva stru_100026B5C> stru_100026B48 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 34h> ; UWOP_SAVE_NONVOL dw 6 RUNTIME_FUNCTION <rva sub_1000187C0, \ rva sub_1000187E4, \ rva stru_100026B5C> stru_100026B5C UNWIND_INFO <1, 0Fh, 3, 0> UNWIND_CODE <0Fh, 74h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_100026B68 UNWIND_INFO <1, 16h, 7, 0> UNWIND_CODE <16h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <0Eh, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100026B7C UNWIND_INFO <1, 13h, 7, 0> UNWIND_CODE <13h, 74h> ; UWOP_SAVE_NONVOL dw 4 UNWIND_CODE <0Eh, 64h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100026B90 UNWIND_INFO <1, 13h, 7, 0> UNWIND_CODE <13h, 74h> ; UWOP_SAVE_NONVOL dw 4 UNWIND_CODE <0Eh, 64h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100026BA4 UNWIND_INFO <1, 16h, 7, 0> UNWIND_CODE <16h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <0Eh, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100026BB8 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_1000181E0, \ rva sub_100018259, \ rva stru_100026BE0> stru_100026BC8 UNWIND_INFO <21h, 18h, 4, 0> UNWIND_CODE <18h, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <5, 34h> ; UWOP_SAVE_NONVOL dw 8 RUNTIME_FUNCTION <rva sub_1000181E0, \ rva sub_100018259, \ rva stru_100026BE0> stru_100026BE0 UNWIND_INFO <1, 1Bh, 9, 0> UNWIND_CODE <1Bh, 0D4h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <13h, 0C4h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <0Eh, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <9, 54h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_100026BF8 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 92h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_100026C00 UNWIND_INFO <1, 1Fh, 9, 0> UNWIND_CODE <1Fh, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <13h, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <0Eh, 54h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100026C18 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100026C20 UNWIND_INFO <1, 15h, 5, 0> UNWIND_CODE <15h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100026C30 UNWIND_INFO <21h, 0, 8, 0> UNWIND_CODE <0, 0C4h> ; UWOP_SAVE_NONVOL dw 4Fh UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 50h UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 55h UNWIND_CODE <0, 34h> ; UWOP_SAVE_NONVOL dw 53h RUNTIME_FUNCTION <rva sub_1000174E0, \ rva loc_100017558, \ rva stru_100026C80> stru_100026C50 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_1000174E0, \ rva loc_100017558, \ rva stru_100026C80> stru_100026C60 UNWIND_INFO <21h, 28h, 8, 0> UNWIND_CODE <28h, 0C4h> ; UWOP_SAVE_NONVOL dw 4Fh UNWIND_CODE <20h, 74h> ; UWOP_SAVE_NONVOL dw 50h UNWIND_CODE <10h, 64h> ; UWOP_SAVE_NONVOL dw 55h UNWIND_CODE <8, 34h> ; UWOP_SAVE_NONVOL dw 53h RUNTIME_FUNCTION <rva sub_1000174E0, \ rva loc_100017558, \ rva stru_100026C80> stru_100026C80 UNWIND_INFO <1, 27h, 4, 0> UNWIND_CODE <27h, 54h> ; UWOP_SAVE_NONVOL dw 54h UNWIND_CODE <7, 1> ; UWOP_ALLOC_LARGE dw 51h stru_100026C8C UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_1000167E0, \ rva loc_10001681E, \ rva stru_100026CD4> stru_100026C9C UNWIND_INFO <21h, 8, 2, 0> UNWIND_CODE <8, 54h> ; UWOP_SAVE_NONVOL dw 17h RUNTIME_FUNCTION <rva loc_10001681E, \ rva loc_100016947, \ rva stru_100026CB0> stru_100026CB0 UNWIND_INFO <21h, 2Dh, 0Ah, 0> UNWIND_CODE <2Dh, 0F4h> ; UWOP_SAVE_NONVOL dw 11h UNWIND_CODE <25h, 0E4h> ; UWOP_SAVE_NONVOL dw 12h UNWIND_CODE <18h, 0D4h> ; UWOP_SAVE_NONVOL dw 13h UNWIND_CODE <10h, 74h> ; UWOP_SAVE_NONVOL dw 19h UNWIND_CODE <8, 34h> ; UWOP_SAVE_NONVOL dw 16h RUNTIME_FUNCTION <rva sub_1000167E0, \ rva loc_10001681E, \ rva stru_100026CD4> stru_100026CD4 UNWIND_INFO <1, 1Dh, 6, 0> UNWIND_CODE <1Dh, 0C4h> ; UWOP_SAVE_NONVOL dw 14h UNWIND_CODE <0Eh, 64h> ; UWOP_SAVE_NONVOL dw 18h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 15h stru_100026CE4 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_100026CEC UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_1000150B0, \ rva loc_1000150C1, \ rva stru_100026D10> stru_100026CFC UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 74h> ; UWOP_SAVE_NONVOL dw 4 RUNTIME_FUNCTION <rva sub_1000150B0, \ rva loc_1000150C1, \ rva stru_100026D10> stru_100026D10 UNWIND_INFO <1, 0Ch, 3, 0> UNWIND_CODE <0Ch, 34h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100026D1C UNWIND_INFO <1, 18h, 7, 0> UNWIND_CODE <18h, 74h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <13h, 64h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <0Eh, 34h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_100026D30 UNWIND_INFO <1, 16h, 7, 0> UNWIND_CODE <16h, 74h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <0Eh, 64h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_100026D44 UNWIND_INFO <1, 13h, 7, 0> UNWIND_CODE <13h, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <0Eh, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_100026D58 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100013FF0, \ rva loc_100014036, \ rva stru_100026D80> stru_100026D68 UNWIND_INFO <21h, 11h, 4, 0> UNWIND_CODE <11h, 34h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <5, 74h> ; UWOP_SAVE_NONVOL dw 0Fh RUNTIME_FUNCTION <rva sub_100013FF0, \ rva loc_100014036, \ rva stru_100026D80> stru_100026D80 UNWIND_INFO <1, 10h, 5, 0> UNWIND_CODE <10h, 64h> ; UWOP_SAVE_NONVOL dw 0Eh UNWIND_CODE <0Bh, 54h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <4, 0A2h> ; UWOP_ALLOC_SMALL align 4 stru_100026D90 UNWIND_INFO <1, 18h, 5, 0> UNWIND_CODE <18h, 74h> ; UWOP_SAVE_NONVOL dw 13h UNWIND_CODE <0Fh, 34h> ; UWOP_SAVE_NONVOL dw 12h UNWIND_CODE <7, 0E2h> ; UWOP_ALLOC_SMALL align 4 stru_100026DA0 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100011AD0, \ rva loc_100011B0E, \ rva stru_100026DD0> stru_100026DB0 UNWIND_INFO <21h, 25h, 8, 0> UNWIND_CODE <25h, 0D4h> ; UWOP_SAVE_NONVOL dw 11h UNWIND_CODE <1Dh, 0C4h> ; UWOP_SAVE_NONVOL dw 12h UNWIND_CODE <10h, 54h> ; UWOP_SAVE_NONVOL dw 15h UNWIND_CODE <8, 34h> ; UWOP_SAVE_NONVOL dw 14h RUNTIME_FUNCTION <rva sub_100011AD0, \ rva loc_100011B0E, \ rva stru_100026DD0> stru_100026DD0 UNWIND_INFO <1, 12h, 6, 0> UNWIND_CODE <12h, 74h> ; UWOP_SAVE_NONVOL dw 17h UNWIND_CODE <0Eh, 64h> ; UWOP_SAVE_NONVOL dw 16h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 13h stru_100026DE0 UNWIND_INFO <1, 9, 3, 0> UNWIND_CODE <9, 1> ; UWOP_ALLOC_LARGE dw 12h UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL align 4 stru_100026DEC UNWIND_INFO <1, 26h, 6, 0> UNWIND_CODE <26h, 74h> ; UWOP_SAVE_NONVOL dw 17h UNWIND_CODE <1Fh, 34h> ; UWOP_SAVE_NONVOL dw 18h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 19h stru_100026DFC UNWIND_INFO <1, 16h, 7, 0> UNWIND_CODE <16h, 34h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <0Eh, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <9, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_100026E10 UNWIND_INFO <21h, 0, 8, 0> UNWIND_CODE <0, 0C4h> ; UWOP_SAVE_NONVOL dw 4Fh UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 50h UNWIND_CODE <0, 54h> ; UWOP_SAVE_NONVOL dw 54h UNWIND_CODE <0, 34h> ; UWOP_SAVE_NONVOL dw 53h RUNTIME_FUNCTION <rva sub_10000FBC0, \ rva loc_10000FC38, \ rva stru_100026E60> stru_100026E30 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10000FBC0, \ rva loc_10000FC38, \ rva stru_100026E60> stru_100026E40 UNWIND_INFO <21h, 22h, 8, 0> UNWIND_CODE <22h, 0C4h> ; UWOP_SAVE_NONVOL dw 4Fh UNWIND_CODE <18h, 74h> ; UWOP_SAVE_NONVOL dw 50h UNWIND_CODE <10h, 54h> ; UWOP_SAVE_NONVOL dw 54h UNWIND_CODE <8, 34h> ; UWOP_SAVE_NONVOL dw 53h RUNTIME_FUNCTION <rva sub_10000FBC0, \ rva loc_10000FC38, \ rva stru_100026E60> stru_100026E60 UNWIND_INFO <1, 27h, 4, 0> UNWIND_CODE <27h, 64h> ; UWOP_SAVE_NONVOL dw 55h UNWIND_CODE <7, 1> ; UWOP_ALLOC_LARGE dw 51h stru_100026E6C UNWIND_INFO <1, 21h, 6, 0> UNWIND_CODE <21h, 74h> ; UWOP_SAVE_NONVOL dw 8Ah UNWIND_CODE <1Dh, 34h> ; UWOP_SAVE_NONVOL dw 8Fh UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 8Bh stru_100026E7C UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10000F820, \ rva loc_10000F860, \ rva stru_100026EAC> stru_100026E8C UNWIND_INFO <21h, 10h, 8, 0> UNWIND_CODE <10h, 0F4h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <0Ch, 0E4h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <8, 0D4h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <4, 0C4h> ; UWOP_SAVE_NONVOL dw 8 RUNTIME_FUNCTION <rva sub_10000F820, \ rva loc_10000F860, \ rva stru_100026EAC> stru_100026EAC UNWIND_INFO <1, 1Dh, 9, 0> UNWIND_CODE <1Dh, 74h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <19h, 64h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <15h, 54h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <11h, 34h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <7, 82h> ; UWOP_ALLOC_SMALL align 4 stru_100026EC4 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100026ECC UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10000E4A0, \ rva loc_10000E565, \ rva stru_100026EF4> stru_100026EDC UNWIND_INFO <21h, 0Dh, 4, 0> UNWIND_CODE <0Dh, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <5, 64h> ; UWOP_SAVE_NONVOL dw 0Ch RUNTIME_FUNCTION <rva sub_10000E4A0, \ rva loc_10000E565, \ rva stru_100026EF4> stru_100026EF4 UNWIND_INFO <1, 29h, 0Dh, 0> UNWIND_CODE <29h, 0F4h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <1Dh, 0E4h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <18h, 0D4h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <13h, 0C4h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <0Eh, 54h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 0Eh UNWIND_CODE <4, 0E2h> ; UWOP_ALLOC_SMALL align 4 stru_100026F14 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10000E420, \ rva loc_10000E43B, \ rva stru_100026F38> stru_100026F24 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 64h> ; UWOP_SAVE_NONVOL dw 8 RUNTIME_FUNCTION <rva sub_10000E420, \ rva loc_10000E43B, \ rva stru_100026F38> stru_100026F38 UNWIND_INFO <1, 0Eh, 5, 0> UNWIND_CODE <0Eh, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100026F48 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10000D650, \ rva loc_10000D696, \ rva stru_100026F70> stru_100026F58 UNWIND_INFO <21h, 0Ah, 4, 0> UNWIND_CODE <0Ah, 74h> ; UWOP_SAVE_NONVOL dw 0Fh UNWIND_CODE <5, 34h> ; UWOP_SAVE_NONVOL dw 0Ch RUNTIME_FUNCTION <rva sub_10000D650, \ rva loc_10000D696, \ rva stru_100026F70> stru_100026F70 UNWIND_INFO <1, 10h, 5, 0> UNWIND_CODE <10h, 64h> ; UWOP_SAVE_NONVOL dw 0Eh UNWIND_CODE <0Bh, 54h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <4, 0A2h> ; UWOP_ALLOC_SMALL align 4 stru_100026F80 UNWIND_INFO <1, 94h, 10h, 0> UNWIND_CODE <94h, 0E4h> ; UWOP_SAVE_NONVOL dw 4Fh UNWIND_CODE <86h, 0D4h> ; UWOP_SAVE_NONVOL dw 50h UNWIND_CODE <7Ch, 0C4h> ; UWOP_SAVE_NONVOL dw 51h UNWIND_CODE <74h, 74h> ; UWOP_SAVE_NONVOL dw 52h UNWIND_CODE <6Ch, 64h> ; UWOP_SAVE_NONVOL dw 57h UNWIND_CODE <64h, 34h> ; UWOP_SAVE_NONVOL dw 55h UNWIND_CODE <1Eh, 54h> ; UWOP_SAVE_NONVOL dw 56h UNWIND_CODE <7, 1> ; UWOP_ALLOC_LARGE dw 53h stru_100026FA4 UNWIND_INFO <1, 1Fh, 7, 0> UNWIND_CODE <1Fh, 74h> ; UWOP_SAVE_NONVOL dw 4 UNWIND_CODE <13h, 64h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <0Eh, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <9, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100026FB8 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva DialogFunc, \ rva loc_10000C990, \ rva stru_100026FE8> stru_100026FC8 UNWIND_INFO <21h, 39h, 8, 0> UNWIND_CODE <39h, 0D4h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <0Ch, 0E4h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <8, 64h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <4, 54h> ; UWOP_SAVE_NONVOL dw 0Bh RUNTIME_FUNCTION <rva DialogFunc, \ rva loc_10000C990, \ rva stru_100026FE8> stru_100026FE8 UNWIND_INFO <1, 1Dh, 9, 0> UNWIND_CODE <1Dh, 0F4h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <19h, 0C4h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <15h, 74h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <11h, 34h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <7, 82h> ; UWOP_ALLOC_SMALL align 4 stru_100027000 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_100027008 UNWIND_INFO <1, 9, 3, 0> UNWIND_CODE <9, 1> ; UWOP_ALLOC_LARGE dw 12h UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL align 4 stru_100027014 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10000BF90, \ rva loc_10000C012, \ rva stru_100027038> stru_100027024 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 54h> ; UWOP_SAVE_NONVOL dw 2 RUNTIME_FUNCTION <rva sub_10000BF90, \ rva loc_10000C012, \ rva stru_100027038> stru_100027038 UNWIND_INFO <1, 12h, 6, 0> UNWIND_CODE <12h, 74h> ; UWOP_SAVE_NONVOL dw 4 UNWIND_CODE <0Dh, 64h> ; UWOP_SAVE_NONVOL dw 3 UNWIND_CODE <8, 34h> ; UWOP_SAVE_NONVOL dw 1 stru_100027048 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10000BD80, \ rva loc_10000BD9D, \ rva stru_10002707C> stru_100027058 UNWIND_INFO <21h, 14h, 0Ah, 0> UNWIND_CODE <14h, 0E4h> ; UWOP_SAVE_NONVOL dw 4 UNWIND_CODE <10h, 0D4h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <0Ch, 0C4h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <8, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <4, 34h> ; UWOP_SAVE_NONVOL dw 8 RUNTIME_FUNCTION <rva sub_10000BD80, \ rva loc_10000BD9D, \ rva stru_10002707C> stru_10002707C UNWIND_INFO <1, 12h, 5, 0> UNWIND_CODE <12h, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <0Eh, 54h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <7, 62h> ; UWOP_ALLOC_SMALL align 4 stru_10002708C UNWIND_INFO <1, 2, 1, 0> UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL align 4 stru_100027094 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10000AA70, \ rva loc_10000AAD0, \ rva stru_1000270F0> stru_1000270A4 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_10000AAD0, \ rva loc_10000AB01, \ rva stru_1000270D4> stru_1000270B4 UNWIND_INFO <21h, 37h, 8, 0> UNWIND_CODE <37h, 74h> ; UWOP_SAVE_NONVOL dw 24Ch UNWIND_CODE <20h, 34h> ; UWOP_SAVE_NONVOL dw 24Fh UNWIND_CODE <10h, 0E4h> ; UWOP_SAVE_NONVOL dw 249h UNWIND_CODE <8, 0D4h> ; UWOP_SAVE_NONVOL dw 24Ah RUNTIME_FUNCTION <rva loc_10000AAD0, \ rva loc_10000AB01, \ rva stru_1000270D4> stru_1000270D4 UNWIND_INFO <21h, 18h, 6, 0> UNWIND_CODE <18h, 0C4h> ; UWOP_SAVE_NONVOL dw 24Bh UNWIND_CODE <10h, 64h> ; UWOP_SAVE_NONVOL dw 251h UNWIND_CODE <8, 54h> ; UWOP_SAVE_NONVOL dw 250h RUNTIME_FUNCTION <rva sub_10000AA70, \ rva loc_10000AAD0, \ rva stru_1000270F0> stru_1000270F0 UNWIND_INFO <1, 15h, 4, 0> UNWIND_CODE <15h, 0F4h> ; UWOP_SAVE_NONVOL dw 248h UNWIND_CODE <0Dh, 1> ; UWOP_ALLOC_LARGE dw 24Dh stru_1000270FC UNWIND_INFO <21h, 0, 8, 0> UNWIND_CODE <0, 0C4h> ; UWOP_SAVE_NONVOL dw 1B4h UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 1B9h UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 1B8h UNWIND_CODE <0, 34h> ; UWOP_SAVE_NONVOL dw 1B6h RUNTIME_FUNCTION <rva sub_10000A880, \ rva loc_10000A8C1, \ rva stru_10002713C> stru_10002711C UNWIND_INFO <21h, 30h, 8, 0> UNWIND_CODE <30h, 0C4h> ; UWOP_SAVE_NONVOL dw 1B4h UNWIND_CODE <18h, 74h> ; UWOP_SAVE_NONVOL dw 1B9h UNWIND_CODE <10h, 64h> ; UWOP_SAVE_NONVOL dw 1B8h UNWIND_CODE <8, 34h> ; UWOP_SAVE_NONVOL dw 1B6h RUNTIME_FUNCTION <rva sub_10000A880, \ rva loc_10000A8C1, \ rva stru_10002713C> stru_10002713C UNWIND_INFO <1, 0Fh, 4, 0> UNWIND_CODE <0Fh, 54h> ; UWOP_SAVE_NONVOL dw 1B7h UNWIND_CODE <7, 1> ; UWOP_ALLOC_LARGE dw 1B5h stru_100027148 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10000A080, \ rva loc_10000A154, \ rva stru_100027190> stru_100027158 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_10000A154, \ rva loc_10000A15F, \ rva stru_10002717C> stru_100027168 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 74h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva loc_10000A154, \ rva loc_10000A15F, \ rva stru_10002717C> stru_10002717C UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 34h> ; UWOP_SAVE_NONVOL dw 6 RUNTIME_FUNCTION <rva sub_10000A080, \ rva loc_10000A154, \ rva stru_100027190> stru_100027190 UNWIND_INFO <1, 11h, 5, 0> UNWIND_CODE <11h, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <9, 54h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_1000271A0 UNWIND_INFO <21h, 0, 6, 0> UNWIND_CODE <0, 0D4h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <0, 0C4h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 0Ah RUNTIME_FUNCTION <rva sub_100008C70, \ rva loc_100008C74, \ rva stru_1000271E4> stru_1000271BC UNWIND_INFO <21h, 37h, 0Ch, 0> UNWIND_CODE <37h, 0D4h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <32h, 0C4h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <17h, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <12h, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <0Ah, 54h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <5, 34h> ; UWOP_SAVE_NONVOL dw 8 RUNTIME_FUNCTION <rva sub_100008C70, \ rva loc_100008C74, \ rva stru_1000271E4> stru_1000271E4 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_1000271EC UNWIND_INFO <1, 5Fh, 7, 0> UNWIND_CODE <5Fh, 74h> ; UWOP_SAVE_NONVOL dw 4 UNWIND_CODE <1Fh, 64h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <1Ah, 34h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <0Eh, 62h> ; UWOP_ALLOC_SMALL align 4 stru_100027200 UNWIND_INFO <1, 2, 1, 0> UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL align 4 stru_100027208 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100007F10, \ rva loc_100007F60, \ rva stru_10002722C> stru_100027218 UNWIND_INFO <21h, 8, 2, 0> UNWIND_CODE <8, 34h> ; UWOP_SAVE_NONVOL dw 117h RUNTIME_FUNCTION <rva sub_100007F10, \ rva loc_100007F60, \ rva stru_10002722C> stru_10002722C UNWIND_INFO <1, 21h, 6, 0> UNWIND_CODE <21h, 74h> ; UWOP_SAVE_NONVOL dw 111h UNWIND_CODE <1Dh, 64h> ; UWOP_SAVE_NONVOL dw 112h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 113h stru_10002723C UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_1000075E0, \ rva loc_100007627, \ rva stru_100027274> stru_10002724C UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 34h> ; UWOP_SAVE_NONVOL dw 38h RUNTIME_FUNCTION <rva sub_1000075E0, \ rva loc_100007627, \ rva stru_100027274> stru_100027260 UNWIND_INFO <21h, 8, 2, 0> UNWIND_CODE <8, 34h> ; UWOP_SAVE_NONVOL dw 38h RUNTIME_FUNCTION <rva sub_1000075E0, \ rva loc_100007627, \ rva stru_100027274> stru_100027274 UNWIND_INFO <1, 1Dh, 4, 0> UNWIND_CODE <1Dh, 74h> ; UWOP_SAVE_NONVOL dw 39h UNWIND_CODE <7, 1> ; UWOP_ALLOC_LARGE dw 35h stru_100027280 UNWIND_INFO <1, 18h, 3, 0> UNWIND_CODE <9, 1> ; UWOP_ALLOC_LARGE dw 30h UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL align 4 stru_10002728C UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 0Bh RUNTIME_FUNCTION <rva sub_1000073A0, \ rva loc_1000073B0, \ rva stru_1000272BC> stru_1000272A0 UNWIND_INFO <21h, 14h, 6, 0> UNWIND_CODE <14h, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <0Fh, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <5, 54h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva sub_1000073A0, \ rva loc_1000073B0, \ rva stru_1000272BC> stru_1000272BC UNWIND_INFO <1, 10h, 3, 0> UNWIND_CODE <10h, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_1000272C8 UNWIND_INFO <1, 10h, 1, 0> UNWIND_CODE <4, 82h> ; UWOP_ALLOC_SMALL align 4 stru_1000272D0 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 82h> ; UWOP_ALLOC_SMALL align 4 stru_1000272D8 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 72h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_1000272E0 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 72h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_1000272E8 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100005790, \ rva loc_1000057E2, \ rva stru_100027310> stru_1000272F8 UNWIND_INFO <21h, 10h, 4, 0> UNWIND_CODE <10h, 64h> ; UWOP_SAVE_NONVOL dw 12h UNWIND_CODE <8, 34h> ; UWOP_SAVE_NONVOL dw 11h RUNTIME_FUNCTION <rva sub_100005790, \ rva loc_1000057E2, \ rva stru_100027310> stru_100027310 UNWIND_INFO <1, 0Fh, 3, 0> UNWIND_CODE <0Fh, 74h> ; UWOP_SAVE_NONVOL dw 13h UNWIND_CODE <4, 0E2h> ; UWOP_ALLOC_SMALL align 4 stru_10002731C UNWIND_INFO <1, 25h, 8, 0> UNWIND_CODE <25h, 74h> ; UWOP_SAVE_NONVOL dw 17h UNWIND_CODE <21h, 64h> ; UWOP_SAVE_NONVOL dw 18h UNWIND_CODE <1Dh, 34h> ; UWOP_SAVE_NONVOL dw 1Dh UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 19h stru_100027330 UNWIND_INFO <1, 18h, 3, 0> UNWIND_CODE <9, 1> ; UWOP_ALLOC_LARGE dw 0CEh UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL align 4 stru_10002733C UNWIND_INFO <1, 16h, 2, 0> UNWIND_CODE <7, 1> ; UWOP_ALLOC_LARGE dw 4Bh stru_100027344 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 52h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_10002734C UNWIND_INFO <1, 16h, 5, 0> UNWIND_CODE <16h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_10002735C UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 52h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_100027364 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 92h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_10002736C UNWIND_INFO <1, 1Bh, 9, 0> UNWIND_CODE <1Bh, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <16h, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <11h, 54h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <0Ch, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_100027384 UNWIND_INFO <1, 21h, 0Bh, 0> UNWIND_CODE <21h, 0C4h> ; UWOP_SAVE_NONVOL dw 0Eh UNWIND_CODE <1Dh, 74h> ; UWOP_SAVE_NONVOL dw 13h UNWIND_CODE <13h, 64h> ; UWOP_SAVE_NONVOL dw 12h UNWIND_CODE <0Fh, 54h> ; UWOP_SAVE_NONVOL dw 11h UNWIND_CODE <0Bh, 34h> ; UWOP_SAVE_NONVOL dw 10h UNWIND_CODE <7, 0E2h> ; UWOP_ALLOC_SMALL align 4 stru_1000273A0 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10001B620, \ rva sub_10001B639, \ rva stru_100027400> stru_1000273B0 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 0C4h> ; UWOP_SAVE_NONVOL dw 10h RUNTIME_FUNCTION <rva sub_10001B620, \ rva sub_10001B639, \ rva stru_100027400> stru_1000273C4 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10001B639, \ rva sub_10001B66D, \ rva stru_1000273E8> stru_1000273D4 UNWIND_INFO <21h, 8, 2, 0> UNWIND_CODE <8, 64h> ; UWOP_SAVE_NONVOL dw 14h RUNTIME_FUNCTION <rva sub_10001B639, \ rva sub_10001B66D, \ rva stru_1000273E8> stru_1000273E8 UNWIND_INFO <21h, 0Dh, 4, 0> UNWIND_CODE <0Dh, 0C4h> ; UWOP_SAVE_NONVOL dw 10h UNWIND_CODE <4, 74h> ; UWOP_SAVE_NONVOL dw 15h RUNTIME_FUNCTION <rva sub_10001B620, \ rva sub_10001B639, \ rva stru_100027400> stru_100027400 UNWIND_INFO <1, 12h, 6, 0> UNWIND_CODE <12h, 54h> ; UWOP_SAVE_NONVOL dw 13h UNWIND_CODE <0Eh, 34h> ; UWOP_SAVE_NONVOL dw 12h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 11h stru_100027410 UNWIND_INFO <1, 13h, 7, 0> UNWIND_CODE <13h, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <0Eh, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_100027424 UNWIND_INFO <21h, 0, 6, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 4Eh UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 53h UNWIND_CODE <0, 34h> ; UWOP_SAVE_NONVOL dw 51h RUNTIME_FUNCTION <rva sub_10001B040, \ rva loc_10001B08D, \ rva stru_10002746C> stru_100027440 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10001B040, \ rva loc_10001B08D, \ rva stru_10002746C> stru_100027450 UNWIND_INFO <21h, 7Ch, 6, 0> UNWIND_CODE <7Ch, 74h> ; UWOP_SAVE_NONVOL dw 4Eh UNWIND_CODE <72h, 64h> ; UWOP_SAVE_NONVOL dw 53h UNWIND_CODE <8, 34h> ; UWOP_SAVE_NONVOL dw 51h RUNTIME_FUNCTION <rva sub_10001B040, \ rva loc_10001B08D, \ rva stru_10002746C> stru_10002746C UNWIND_INFO <1, 27h, 4, 0> UNWIND_CODE <27h, 54h> ; UWOP_SAVE_NONVOL dw 52h UNWIND_CODE <7, 1> ; UWOP_ALLOC_LARGE dw 4Fh stru_100027478 UNWIND_INFO <21h, 0, 0Ah, 0> UNWIND_CODE <0, 0C4h> ; UWOP_SAVE_NONVOL dw 10h UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 15h UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 14h UNWIND_CODE <0, 54h> ; UWOP_SAVE_NONVOL dw 13h UNWIND_CODE <0, 34h> ; UWOP_SAVE_NONVOL dw 12h RUNTIME_FUNCTION <rva sub_1000192C0, \ rva loc_100019315, \ rva stru_1000274F4> stru_10002749C UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 34h> ; UWOP_SAVE_NONVOL dw 12h RUNTIME_FUNCTION <rva sub_1000192C0, \ rva loc_100019315, \ rva stru_1000274F4> stru_1000274B0 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_100019315, \ rva loc_100019332, \ rva stru_1000274E0> stru_1000274C0 UNWIND_INFO <21h, 32h, 8, 0> UNWIND_CODE <32h, 0C4h> ; UWOP_SAVE_NONVOL dw 10h UNWIND_CODE <2Ah, 64h> ; UWOP_SAVE_NONVOL dw 14h UNWIND_CODE <1Bh, 54h> ; UWOP_SAVE_NONVOL dw 13h UNWIND_CODE <8, 74h> ; UWOP_SAVE_NONVOL dw 15h RUNTIME_FUNCTION <rva loc_100019315, \ rva loc_100019332, \ rva stru_1000274E0> stru_1000274E0 UNWIND_INFO <21h, 8, 2, 0> UNWIND_CODE <8, 34h> ; UWOP_SAVE_NONVOL dw 12h RUNTIME_FUNCTION <rva sub_1000192C0, \ rva loc_100019315, \ rva stru_1000274F4> stru_1000274F4 UNWIND_INFO <1, 1Ah, 6, 0> UNWIND_CODE <1Ah, 0E4h> ; UWOP_SAVE_NONVOL dw 0Eh UNWIND_CODE <15h, 0D4h> ; UWOP_SAVE_NONVOL dw 0Fh UNWIND_CODE <7, 1> ; UWOP_ALLOC_LARGE dw 11h stru_100027504 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_10002750C UNWIND_INFO <1, 28h, 8, 0> UNWIND_CODE <28h, 74h> ; UWOP_SAVE_NONVOL dw 74h UNWIND_CODE <24h, 64h> ; UWOP_SAVE_NONVOL dw 79h UNWIND_CODE <1Dh, 34h> ; UWOP_SAVE_NONVOL dw 78h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 75h stru_100027520 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 52h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_100027528 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100017D90, \ rva loc_100017DDA, \ rva stru_10002754C> stru_100027538 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 74h> ; UWOP_SAVE_NONVOL dw 0Fh RUNTIME_FUNCTION <rva sub_100017D90, \ rva loc_100017DDA, \ rva stru_10002754C> stru_10002754C UNWIND_INFO <1, 15h, 5, 0> UNWIND_CODE <15h, 64h> ; UWOP_SAVE_NONVOL dw 0Eh UNWIND_CODE <10h, 34h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <4, 0A2h> ; UWOP_ALLOC_SMALL align 4 stru_10002755C UNWIND_INFO <1, 0A8h, 9, 0> UNWIND_CODE <0A8h, 0C4h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <0A3h, 74h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <0Eh, 64h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_100027574 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 0Dh RUNTIME_FUNCTION <rva sub_1000173F0, \ rva loc_1000173F4, \ rva stru_1000275C8> stru_100027588 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 0Dh RUNTIME_FUNCTION <rva loc_1000173F4, \ rva loc_1000173F9, \ rva stru_1000275B4> stru_10002759C UNWIND_INFO <21h, 0Ah, 4, 0> UNWIND_CODE <0Ah, 74h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <5, 64h> ; UWOP_SAVE_NONVOL dw 0Ch RUNTIME_FUNCTION <rva loc_1000173F4, \ rva loc_1000173F9, \ rva stru_1000275B4> stru_1000275B4 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 34h> ; UWOP_SAVE_NONVOL dw 0Bh RUNTIME_FUNCTION <rva sub_1000173F0, \ rva loc_1000173F4, \ rva stru_1000275C8> stru_1000275C8 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 82h> ; UWOP_ALLOC_SMALL align 4 stru_1000275D0 UNWIND_INFO <21h, 0, 0Ah, 0> UNWIND_CODE <0, 0C4h> ; UWOP_SAVE_NONVOL dw 10h UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 15h UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 14h UNWIND_CODE <0, 54h> ; UWOP_SAVE_NONVOL dw 13h UNWIND_CODE <0, 34h> ; UWOP_SAVE_NONVOL dw 12h RUNTIME_FUNCTION <rva sub_100015260, \ rva loc_1000152B5, \ rva stru_10002764C> stru_1000275F4 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 34h> ; UWOP_SAVE_NONVOL dw 12h RUNTIME_FUNCTION <rva sub_100015260, \ rva loc_1000152B5, \ rva stru_10002764C> stru_100027608 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_1000152B5, \ rva loc_1000152D2, \ rva stru_100027638> stru_100027618 UNWIND_INFO <21h, 32h, 8, 0> UNWIND_CODE <32h, 0C4h> ; UWOP_SAVE_NONVOL dw 10h UNWIND_CODE <2Ah, 64h> ; UWOP_SAVE_NONVOL dw 14h UNWIND_CODE <1Bh, 54h> ; UWOP_SAVE_NONVOL dw 13h UNWIND_CODE <8, 74h> ; UWOP_SAVE_NONVOL dw 15h RUNTIME_FUNCTION <rva loc_1000152B5, \ rva loc_1000152D2, \ rva stru_100027638> stru_100027638 UNWIND_INFO <21h, 8, 2, 0> UNWIND_CODE <8, 34h> ; UWOP_SAVE_NONVOL dw 12h RUNTIME_FUNCTION <rva sub_100015260, \ rva loc_1000152B5, \ rva stru_10002764C> stru_10002764C UNWIND_INFO <1, 1Ah, 6, 0> UNWIND_CODE <1Ah, 0E4h> ; UWOP_SAVE_NONVOL dw 0Eh UNWIND_CODE <15h, 0D4h> ; UWOP_SAVE_NONVOL dw 0Fh UNWIND_CODE <7, 1> ; UWOP_ALLOC_LARGE dw 11h stru_10002765C UNWIND_INFO <1, 1Ch, 9, 0> UNWIND_CODE <1Ch, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <13h, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <0Eh, 54h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100027674 UNWIND_INFO <21h, 2Bh, 8, 0> UNWIND_CODE <2Bh, 0F4h> ; UWOP_SAVE_NONVOL dw 0Fh UNWIND_CODE <26h, 0E4h> ; UWOP_SAVE_NONVOL dw 10h UNWIND_CODE <10h, 0D4h> ; UWOP_SAVE_NONVOL dw 11h UNWIND_CODE <8, 74h> ; UWOP_SAVE_NONVOL dw 17h RUNTIME_FUNCTION <rva sub_100014D50, \ rva loc_100014E48, \ rva stru_100027694> stru_100027694 UNWIND_INFO <1, 0F8h, 0Ah, 0> UNWIND_CODE <0F8h, 64h> ; UWOP_SAVE_NONVOL dw 16h UNWIND_CODE <16h, 0C4h> ; UWOP_SAVE_NONVOL dw 12h UNWIND_CODE <12h, 54h> ; UWOP_SAVE_NONVOL dw 15h UNWIND_CODE <0Eh, 34h> ; UWOP_SAVE_NONVOL dw 14h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 13h stru_1000276AC UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_1000276B4 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100014BE0, \ rva loc_100014BE4, \ rva stru_100027704> stru_1000276C4 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_100014BE4, \ rva loc_100014C0C, \ rva stru_1000276E8> stru_1000276D4 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 54h> ; UWOP_SAVE_NONVOL dw 7 RUNTIME_FUNCTION <rva loc_100014BE4, \ rva loc_100014C0C, \ rva stru_1000276E8> stru_1000276E8 UNWIND_INFO <21h, 0Fh, 6, 0> UNWIND_CODE <0Fh, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <0Ah, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <5, 34h> ; UWOP_SAVE_NONVOL dw 6 RUNTIME_FUNCTION <rva sub_100014BE0, \ rva loc_100014BE4, \ rva stru_100027704> stru_100027704 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_10002770C UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva sub_1000146B0, \ rva sub_1000146BF, \ rva stru_100027738> stru_100027720 UNWIND_INFO <21h, 0Fh, 4, 0> UNWIND_CODE <0Fh, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <5, 34h> ; UWOP_SAVE_NONVOL dw 8 RUNTIME_FUNCTION <rva sub_1000146B0, \ rva sub_1000146BF, \ rva stru_100027738> stru_100027738 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100027740 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_1000140B0, \ rva loc_1000140B6, \ rva stru_100027790> stru_100027750 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_1000140B6, \ rva loc_1000140F6, \ rva stru_100027778> stru_100027760 UNWIND_INFO <21h, 11h, 4, 0> UNWIND_CODE <11h, 34h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <5, 74h> ; UWOP_SAVE_NONVOL dw 0Fh RUNTIME_FUNCTION <rva loc_1000140B6, \ rva loc_1000140F6, \ rva stru_100027778> stru_100027778 UNWIND_INFO <21h, 0Ah, 4, 0> UNWIND_CODE <0Ah, 64h> ; UWOP_SAVE_NONVOL dw 0Eh UNWIND_CODE <5, 54h> ; UWOP_SAVE_NONVOL dw 0Dh RUNTIME_FUNCTION <rva sub_1000140B0, \ rva loc_1000140B6, \ rva stru_100027790> stru_100027790 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 0A2h> ; UWOP_ALLOC_SMALL align 4 stru_100027798 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 0Dh RUNTIME_FUNCTION <rva sub_100013B20, \ rva loc_100013B24, \ rva stru_1000277EC> stru_1000277AC UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 0Dh RUNTIME_FUNCTION <rva loc_100013B24, \ rva loc_100013B29, \ rva stru_1000277D8> stru_1000277C0 UNWIND_INFO <21h, 0Ah, 4, 0> UNWIND_CODE <0Ah, 74h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <5, 64h> ; UWOP_SAVE_NONVOL dw 0Ch RUNTIME_FUNCTION <rva loc_100013B24, \ rva loc_100013B29, \ rva stru_1000277D8> stru_1000277D8 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 34h> ; UWOP_SAVE_NONVOL dw 0Bh RUNTIME_FUNCTION <rva sub_100013B20, \ rva loc_100013B24, \ rva stru_1000277EC> stru_1000277EC UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 82h> ; UWOP_ALLOC_SMALL align 4 stru_1000277F4 UNWIND_INFO <1, 29h, 0Ah, 0> UNWIND_CODE <29h, 74h> ; UWOP_SAVE_NONVOL dw 8Ah UNWIND_CODE <25h, 64h> ; UWOP_SAVE_NONVOL dw 8Bh UNWIND_CODE <21h, 54h> ; UWOP_SAVE_NONVOL dw 8Ch UNWIND_CODE <1Dh, 34h> ; UWOP_SAVE_NONVOL dw 91h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 8Dh stru_10002780C UNWIND_INFO <1, 2Bh, 6, 0> UNWIND_CODE <2Bh, 74h> ; UWOP_SAVE_NONVOL dw 129h UNWIND_CODE <1Dh, 34h> ; UWOP_SAVE_NONVOL dw 128h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 125h stru_10002781C UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 8Ah RUNTIME_FUNCTION <rva sub_100012D40, \ rva loc_100012D9C, \ rva stru_100027854> stru_100027830 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100012D40, \ rva loc_100012D9C, \ rva stru_100027854> stru_100027840 UNWIND_INFO <21h, 8, 2, 0> UNWIND_CODE <8, 74h> ; UWOP_SAVE_NONVOL dw 8Ah RUNTIME_FUNCTION <rva sub_100012D40, \ rva loc_100012D9C, \ rva stru_100027854> stru_100027854 UNWIND_INFO <1, 2Ah, 8, 0> UNWIND_CODE <2Ah, 64h> ; UWOP_SAVE_NONVOL dw 8Bh UNWIND_CODE <21h, 54h> ; UWOP_SAVE_NONVOL dw 8Ch UNWIND_CODE <1Dh, 34h> ; UWOP_SAVE_NONVOL dw 91h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 8Dh stru_100027868 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100012670, \ rva loc_1000127A1, \ rva stru_1000278F0> stru_100027878 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 0D4h> ; UWOP_SAVE_NONVOL dw 0BBh RUNTIME_FUNCTION <rva loc_1000127A1, \ rva loc_100012933, \ rva stru_1000278D4> stru_10002788C UNWIND_INFO <21h, 0, 6, 0> UNWIND_CODE <0, 0E4h> ; UWOP_SAVE_NONVOL dw 0BAh UNWIND_CODE <0, 0D4h> ; UWOP_SAVE_NONVOL dw 0BBh UNWIND_CODE <0, 0C4h> ; UWOP_SAVE_NONVOL dw 0BCh RUNTIME_FUNCTION <rva loc_1000127A1, \ rva loc_100012933, \ rva stru_1000278D4> stru_1000278A8 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_1000127A1, \ rva loc_100012933, \ rva stru_1000278D4> stru_1000278B8 UNWIND_INFO <21h, 1Fh, 6, 0> UNWIND_CODE <1Fh, 0E4h> ; UWOP_SAVE_NONVOL dw 0BAh UNWIND_CODE <10h, 0D4h> ; UWOP_SAVE_NONVOL dw 0BBh UNWIND_CODE <8, 0C4h> ; UWOP_SAVE_NONVOL dw 0BCh RUNTIME_FUNCTION <rva loc_1000127A1, \ rva loc_100012933, \ rva stru_1000278D4> stru_1000278D4 UNWIND_INFO <21h, 1Dh, 6, 0> UNWIND_CODE <1Dh, 0F4h> ; UWOP_SAVE_NONVOL dw 0B9h UNWIND_CODE <15h, 54h> ; UWOP_SAVE_NONVOL dw 0BFh UNWIND_CODE <8, 34h> ; UWOP_SAVE_NONVOL dw 0C0h RUNTIME_FUNCTION <rva sub_100012670, \ rva loc_1000127A1, \ rva stru_1000278F0> stru_1000278F0 UNWIND_INFO <1, 27h, 6, 0> UNWIND_CODE <27h, 74h> ; UWOP_SAVE_NONVOL dw 0BDh UNWIND_CODE <23h, 64h> ; UWOP_SAVE_NONVOL dw 0BEh UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 0C1h stru_100027900 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100012310, \ rva loc_1000123D5, \ rva stru_10002796C> stru_100027910 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_1000123D5, \ rva loc_100012437, \ rva stru_100027958> stru_100027920 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_100012437, \ rva loc_1000124E6, \ rva stru_100027944> stru_100027930 UNWIND_INFO <21h, 8, 2, 0> UNWIND_CODE <8, 0E4h> ; UWOP_SAVE_NONVOL dw 12h RUNTIME_FUNCTION <rva loc_100012437, \ rva loc_1000124E6, \ rva stru_100027944> stru_100027944 UNWIND_INFO <21h, 8, 2, 0> UNWIND_CODE <8, 64h> ; UWOP_SAVE_NONVOL dw 18h RUNTIME_FUNCTION <rva loc_1000123D5, \ rva loc_100012437, \ rva stru_100027958> stru_100027958 UNWIND_INFO <21h, 8, 2, 0> UNWIND_CODE <8, 74h> ; UWOP_SAVE_NONVOL dw 19h RUNTIME_FUNCTION <rva sub_100012310, \ rva loc_1000123D5, \ rva stru_10002796C> stru_10002796C UNWIND_INFO <1, 21h, 0Ah, 0> UNWIND_CODE <21h, 0D4h> ; UWOP_SAVE_NONVOL dw 13h UNWIND_CODE <16h, 0C4h> ; UWOP_SAVE_NONVOL dw 14h UNWIND_CODE <12h, 54h> ; UWOP_SAVE_NONVOL dw 17h UNWIND_CODE <0Eh, 34h> ; UWOP_SAVE_NONVOL dw 16h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 15h stru_100027984 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 17h RUNTIME_FUNCTION <rva sub_1000103C0, \ rva loc_1000103DB, \ rva stru_1000279B0> stru_100027998 UNWIND_INFO <21h, 0Bh, 4, 0> UNWIND_CODE <0Bh, 74h> ; UWOP_SAVE_NONVOL dw 17h UNWIND_CODE <4, 34h> ; UWOP_SAVE_NONVOL dw 18h RUNTIME_FUNCTION <rva sub_1000103C0, \ rva loc_1000103DB, \ rva stru_1000279B0> stru_1000279B0 UNWIND_INFO <1, 19h, 2, 0> UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 19h stru_1000279B8 UNWIND_INFO <1, 24h, 7, 0> UNWIND_CODE <24h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <1Ch, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <17h, 34h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_1000279CC UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_1000279D4 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 0Fh RUNTIME_FUNCTION <rva sub_10000DA50, \ rva loc_10000DA56, \ rva stru_100027A28> stru_1000279E8 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_10000DA56, \ rva loc_10000DA96, \ rva stru_100027A10> stru_1000279F8 UNWIND_INFO <21h, 0Ah, 4, 0> UNWIND_CODE <0Ah, 64h> ; UWOP_SAVE_NONVOL dw 0Eh UNWIND_CODE <5, 34h> ; UWOP_SAVE_NONVOL dw 0Ch RUNTIME_FUNCTION <rva loc_10000DA56, \ rva loc_10000DA96, \ rva stru_100027A10> stru_100027A10 UNWIND_INFO <21h, 13h, 4, 0> UNWIND_CODE <13h, 74h> ; UWOP_SAVE_NONVOL dw 0Fh UNWIND_CODE <5, 54h> ; UWOP_SAVE_NONVOL dw 0Dh RUNTIME_FUNCTION <rva sub_10000DA50, \ rva loc_10000DA56, \ rva stru_100027A28> stru_100027A28 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 0A2h> ; UWOP_ALLOC_SMALL align 4 stru_100027A30 UNWIND_INFO <1, 27h, 9, 0> UNWIND_CODE <27h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <22h, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <0Eh, 54h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100027A48 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10000A7A0, \ rva loc_10000A7A4, \ rva stru_100027AAC> stru_100027A58 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva sub_10000A7A0, \ rva loc_10000A7A4, \ rva stru_100027AAC> stru_100027A6C UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva loc_10000A7A4, \ rva loc_10000A7A9, \ rva stru_100027A98> stru_100027A80 UNWIND_INFO <21h, 0Ah, 4, 0> UNWIND_CODE <0Ah, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <5, 64h> ; UWOP_SAVE_NONVOL dw 8 RUNTIME_FUNCTION <rva loc_10000A7A4, \ rva loc_10000A7A9, \ rva stru_100027A98> stru_100027A98 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 34h> ; UWOP_SAVE_NONVOL dw 7 RUNTIME_FUNCTION <rva sub_10000A7A0, \ rva loc_10000A7A4, \ rva stru_100027AAC> stru_100027AAC UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100027AB4 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100009CF0, \ rva loc_100009E29, \ rva stru_100027B00> stru_100027AC4 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_100009E29, \ rva loc_100009E92, \ rva stru_100027AE8> stru_100027AD4 UNWIND_INFO <21h, 8, 2, 0> UNWIND_CODE <8, 0C4h> ; UWOP_SAVE_NONVOL dw 2Ah RUNTIME_FUNCTION <rva loc_100009E29, \ rva loc_100009E92, \ rva stru_100027AE8> stru_100027AE8 UNWIND_INFO <21h, 4Bh, 4, 0> UNWIND_CODE <4Bh, 64h> ; UWOP_SAVE_NONVOL dw 2Ch UNWIND_CODE <8, 34h> ; UWOP_SAVE_NONVOL dw 30h RUNTIME_FUNCTION <rva sub_100009CF0, \ rva loc_100009E29, \ rva stru_100027B00> stru_100027B00 UNWIND_INFO <1, 3Ah, 0Ch, 0> UNWIND_CODE <3Ah, 0F4h> ; UWOP_SAVE_NONVOL dw 27h UNWIND_CODE <31h, 0E4h> ; UWOP_SAVE_NONVOL dw 28h UNWIND_CODE <25h, 0D4h> ; UWOP_SAVE_NONVOL dw 29h UNWIND_CODE <21h, 74h> ; UWOP_SAVE_NONVOL dw 2Bh UNWIND_CODE <1Dh, 54h> ; UWOP_SAVE_NONVOL dw 31h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 2Dh stru_100027B1C UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100009830, \ rva loc_100009940, \ rva stru_100027B48> stru_100027B2C UNWIND_INFO <21h, 70h, 6, 0> UNWIND_CODE <70h, 0E4h> ; UWOP_SAVE_NONVOL dw 26h UNWIND_CODE <65h, 54h> ; UWOP_SAVE_NONVOL dw 2Fh UNWIND_CODE <8, 0C4h> ; UWOP_SAVE_NONVOL dw 28h RUNTIME_FUNCTION <rva sub_100009830, \ rva loc_100009940, \ rva stru_100027B48> stru_100027B48 UNWIND_INFO <1, 0E9h, 0Ch, 0> UNWIND_CODE <0E9h, 64h> ; UWOP_SAVE_NONVOL dw 2Ah UNWIND_CODE <36h, 0F4h> ; UWOP_SAVE_NONVOL dw 25h UNWIND_CODE <25h, 0D4h> ; UWOP_SAVE_NONVOL dw 27h UNWIND_CODE <21h, 74h> ; UWOP_SAVE_NONVOL dw 29h UNWIND_CODE <1Dh, 34h> ; UWOP_SAVE_NONVOL dw 2Eh UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 2Bh stru_100027B64 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100009430, \ rva loc_100009453, \ rva stru_100027B9C> stru_100027B74 UNWIND_INFO <21h, 1Dh, 0Ch, 0> UNWIND_CODE <1Dh, 0F4h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <14h, 0E4h> ; UWOP_SAVE_NONVOL dw 0Eh UNWIND_CODE <10h, 0D4h> ; UWOP_SAVE_NONVOL dw 0Fh UNWIND_CODE <0Ch, 74h> ; UWOP_SAVE_NONVOL dw 15h UNWIND_CODE <8, 54h> ; UWOP_SAVE_NONVOL dw 13h UNWIND_CODE <4, 34h> ; UWOP_SAVE_NONVOL dw 12h RUNTIME_FUNCTION <rva sub_100009430, \ rva loc_100009453, \ rva stru_100027B9C> stru_100027B9C UNWIND_INFO <1, 17h, 6, 0> UNWIND_CODE <17h, 0C4h> ; UWOP_SAVE_NONVOL dw 10h UNWIND_CODE <13h, 64h> ; UWOP_SAVE_NONVOL dw 14h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 11h stru_100027BAC UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100008D90, \ rva loc_100008DC4, \ rva stru_100027BE0> stru_100027BBC UNWIND_INFO <21h, 0A7h, 0Ah, 0> UNWIND_CODE <0A7h, 0E4h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <9Ch, 0D4h> ; UWOP_SAVE_NONVOL dw 0Eh UNWIND_CODE <91h, 54h> ; UWOP_SAVE_NONVOL dw 12h UNWIND_CODE <0Dh, 0C4h> ; UWOP_SAVE_NONVOL dw 0Fh UNWIND_CODE <4, 74h> ; UWOP_SAVE_NONVOL dw 10h RUNTIME_FUNCTION <rva sub_100008D90, \ rva loc_100008DC4, \ rva stru_100027BE0> stru_100027BE0 UNWIND_INFO <1, 25h, 8, 0> UNWIND_CODE <25h, 0F4h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <21h, 64h> ; UWOP_SAVE_NONVOL dw 11h UNWIND_CODE <1Dh, 34h> ; UWOP_SAVE_NONVOL dw 17h UNWIND_CODE <14h, 1> ; UWOP_ALLOC_LARGE dw 13h stru_100027BF4 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100008430, \ rva loc_1000084E1, \ rva stru_100027C50> stru_100027C04 UNWIND_INFO <21h, 0, 4, 0> UNWIND_CODE <0, 0F4h> ; UWOP_SAVE_NONVOL dw 1Fh UNWIND_CODE <0, 34h> ; UWOP_SAVE_NONVOL dw 24h RUNTIME_FUNCTION <rva loc_1000084E1, \ rva loc_1000084E9, \ rva stru_100027C3C> stru_100027C1C UNWIND_INFO <21h, 75h, 8, 0> UNWIND_CODE <75h, 34h> ; UWOP_SAVE_NONVOL dw 24h UNWIND_CODE <1Dh, 0F4h> ; UWOP_SAVE_NONVOL dw 1Fh UNWIND_CODE <15h, 0D4h> ; UWOP_SAVE_NONVOL dw 21h UNWIND_CODE <8, 0C4h> ; UWOP_SAVE_NONVOL dw 22h RUNTIME_FUNCTION <rva loc_1000084E1, \ rva loc_1000084E9, \ rva stru_100027C3C> stru_100027C3C UNWIND_INFO <21h, 8, 2, 0> UNWIND_CODE <8, 64h> ; UWOP_SAVE_NONVOL dw 26h RUNTIME_FUNCTION <rva sub_100008430, \ rva loc_1000084E1, \ rva stru_100027C50> stru_100027C50 UNWIND_INFO <1, 9Bh, 8, 0> UNWIND_CODE <9Bh, 54h> ; UWOP_SAVE_NONVOL dw 25h UNWIND_CODE <7Dh, 0E4h> ; UWOP_SAVE_NONVOL dw 20h UNWIND_CODE <16h, 74h> ; UWOP_SAVE_NONVOL dw 27h UNWIND_CODE <7, 1> ; UWOP_ALLOC_LARGE dw 23h stru_100027C64 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva sub_100008220, \ rva loc_100008224, \ rva stru_100027C90> stru_100027C78 UNWIND_INFO <21h, 0Ah, 4, 0> UNWIND_CODE <0Ah, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <5, 34h> ; UWOP_SAVE_NONVOL dw 8 RUNTIME_FUNCTION <rva sub_100008220, \ rva loc_100008224, \ rva stru_100027C90> stru_100027C90 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100027C98 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_100027CA0 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 8 RUNTIME_FUNCTION <rva sub_1000080B0, \ rva loc_1000080BB, \ rva stru_100027D18> stru_100027CB4 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_1000080BB, \ rva loc_1000080DA, \ rva stru_100027D00> stru_100027CC4 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_1000080DA, \ rva loc_1000080E6, \ rva stru_100027CEC> stru_100027CD4 UNWIND_INFO <21h, 0Dh, 4, 0> UNWIND_CODE <0Dh, 34h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <5, 0C4h> ; UWOP_SAVE_NONVOL dw 4 RUNTIME_FUNCTION <rva loc_1000080DA, \ rva loc_1000080E6, \ rva stru_100027CEC> stru_100027CEC UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 74h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva loc_1000080BB, \ rva loc_1000080DA, \ rva stru_100027D00> stru_100027D00 UNWIND_INFO <21h, 0Ah, 4, 0> UNWIND_CODE <0Ah, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <5, 54h> ; UWOP_SAVE_NONVOL dw 7 RUNTIME_FUNCTION <rva sub_1000080B0, \ rva loc_1000080BB, \ rva stru_100027D18> stru_100027D18 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100027D20 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 92h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_100027D28 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 92h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_100027D30 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100005880, \ rva loc_100005A62, \ rva stru_100027D88> stru_100027D40 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 0E4h> ; UWOP_SAVE_NONVOL dw 129h RUNTIME_FUNCTION <rva sub_100005880, \ rva loc_100005A62, \ rva stru_100027D88> stru_100027D54 UNWIND_INFO <21h, 0, 4, 0> UNWIND_CODE <0, 0F4h> ; UWOP_SAVE_NONVOL dw 128h UNWIND_CODE <0, 0E4h> ; UWOP_SAVE_NONVOL dw 129h RUNTIME_FUNCTION <rva sub_100005880, \ rva loc_100005A62, \ rva stru_100027D88> stru_100027D6C UNWIND_INFO <21h, 21h, 6, 0> UNWIND_CODE <21h, 0F4h> ; UWOP_SAVE_NONVOL dw 128h UNWIND_CODE <19h, 0E4h> ; UWOP_SAVE_NONVOL dw 129h UNWIND_CODE <8, 0D4h> ; UWOP_SAVE_NONVOL dw 12Ah RUNTIME_FUNCTION <rva sub_100005880, \ rva loc_100005A62, \ rva stru_100027D88> stru_100027D88 UNWIND_INFO <1, 3Bh, 0Ch, 0> UNWIND_CODE <3Bh, 0C4h> ; UWOP_SAVE_NONVOL dw 12Bh UNWIND_CODE <29h, 74h> ; UWOP_SAVE_NONVOL dw 12Ch UNWIND_CODE <25h, 64h> ; UWOP_SAVE_NONVOL dw 131h UNWIND_CODE <21h, 54h> ; UWOP_SAVE_NONVOL dw 130h UNWIND_CODE <1Dh, 34h> ; UWOP_SAVE_NONVOL dw 12Fh UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 12Dh stru_100027DA4 UNWIND_INFO <1, 18h, 3, 0> UNWIND_CODE <9, 1> ; UWOP_ALLOC_LARGE dw 52h UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL align 4 stru_100027DB0 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100005160, \ rva loc_100005193, \ rva stru_100027DD4> stru_100027DC0 UNWIND_INFO <21h, 8, 2, 0> UNWIND_CODE <8, 34h> ; UWOP_SAVE_NONVOL dw 16h RUNTIME_FUNCTION <rva sub_100005160, \ rva loc_100005193, \ rva stru_100027DD4> stru_100027DD4 UNWIND_INFO <1, 1Eh, 4, 0> UNWIND_CODE <1Eh, 74h> ; UWOP_SAVE_NONVOL dw 17h UNWIND_CODE <7, 1> ; UWOP_ALLOC_LARGE dw 13h stru_100027DE0 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100004920, \ rva loc_100004962, \ rva stru_100027E04> stru_100027DF0 UNWIND_INFO <21h, 8, 2, 0> UNWIND_CODE <8, 74h> ; UWOP_SAVE_NONVOL dw 4Fh RUNTIME_FUNCTION <rva sub_100004920, \ rva loc_100004962, \ rva stru_100027E04> stru_100027E04 UNWIND_INFO <1, 1Eh, 4, 0> UNWIND_CODE <1Eh, 34h> ; UWOP_SAVE_NONVOL dw 4Eh UNWIND_CODE <7, 1> ; UWOP_ALLOC_LARGE dw 4Bh stru_100027E10 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10001B780, \ rva loc_10001B93B, \ rva stru_100027E50> stru_100027E20 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 0C4h> ; UWOP_SAVE_NONVOL dw 226h RUNTIME_FUNCTION <rva sub_10001B780, \ rva loc_10001B93B, \ rva stru_100027E50> stru_100027E34 UNWIND_INFO <21h, 4Dh, 6, 0> UNWIND_CODE <4Dh, 0C4h> ; UWOP_SAVE_NONVOL dw 226h UNWIND_CODE <45h, 54h> ; UWOP_SAVE_NONVOL dw 22Dh UNWIND_CODE <8, 34h> ; UWOP_SAVE_NONVOL dw 22Ch RUNTIME_FUNCTION <rva sub_10001B780, \ rva loc_10001B93B, \ rva stru_100027E50> stru_100027E50 UNWIND_INFO <1, 2Fh, 6, 0> UNWIND_CODE <2Fh, 74h> ; UWOP_SAVE_NONVOL dw 227h UNWIND_CODE <24h, 64h> ; UWOP_SAVE_NONVOL dw 228h UNWIND_CODE <0Dh, 1> ; UWOP_ALLOC_LARGE dw 229h stru_100027E60 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10001AE50, \ rva loc_10001AE85, \ rva stru_100027E84> stru_100027E70 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 74h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva sub_10001AE50, \ rva loc_10001AE85, \ rva stru_100027E84> stru_100027E84 UNWIND_INFO <1, 1Fh, 9, 0> UNWIND_CODE <1Fh, 0C4h> ; UWOP_SAVE_NONVOL dw 4 UNWIND_CODE <1Ah, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <12h, 54h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <0Dh, 34h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100027E9C UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 0E4h> ; UWOP_SAVE_NONVOL dw 274h RUNTIME_FUNCTION <rva sub_10001A450, \ rva loc_10001A46C, \ rva stru_100027F00> stru_100027EB0 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_10001A46C, \ rva loc_10001A649, \ rva stru_100027ED4> stru_100027EC0 UNWIND_INFO <21h, 8, 2, 0> UNWIND_CODE <8, 54h> ; UWOP_SAVE_NONVOL dw 27Dh RUNTIME_FUNCTION <rva loc_10001A46C, \ rva loc_10001A649, \ rva stru_100027ED4> stru_100027ED4 UNWIND_INFO <21h, 5Fh, 0Eh, 0> UNWIND_CODE <5Fh, 0F4h> ; UWOP_SAVE_NONVOL dw 273h UNWIND_CODE <30h, 0E4h> ; UWOP_SAVE_NONVOL dw 274h UNWIND_CODE <28h, 0D4h> ; UWOP_SAVE_NONVOL dw 275h UNWIND_CODE <20h, 0C4h> ; UWOP_SAVE_NONVOL dw 276h UNWIND_CODE <18h, 74h> ; UWOP_SAVE_NONVOL dw 277h UNWIND_CODE <10h, 64h> ; UWOP_SAVE_NONVOL dw 278h UNWIND_CODE <8, 34h> ; UWOP_SAVE_NONVOL dw 27Ch RUNTIME_FUNCTION <rva sub_10001A450, \ rva loc_10001A46C, \ rva stru_100027F00> stru_100027F00 UNWIND_INFO <1, 1Ch, 2, 0> UNWIND_CODE <0Dh, 1> ; UWOP_ALLOC_LARGE dw 279h stru_100027F08 UNWIND_INFO <21h, 0, 4, 0> UNWIND_CODE <0, 0D4h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 7 RUNTIME_FUNCTION <rva sub_10001A0B0, \ rva loc_10001A0BC, \ rva stru_100027F88> stru_100027F20 UNWIND_INFO <21h, 0, 6, 0> UNWIND_CODE <0, 0E4h> ; UWOP_SAVE_NONVOL dw 4 UNWIND_CODE <0, 0D4h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 7 RUNTIME_FUNCTION <rva sub_10001A0B0, \ rva loc_10001A0BC, \ rva stru_100027F88> stru_100027F3C UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_10001A0BC, \ rva loc_10001A10D, \ rva stru_100027F64> stru_100027F4C UNWIND_INFO <21h, 0Dh, 4, 0> UNWIND_CODE <0Dh, 0C4h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <5, 64h> ; UWOP_SAVE_NONVOL dw 8 RUNTIME_FUNCTION <rva loc_10001A0BC, \ rva loc_10001A10D, \ rva stru_100027F64> stru_100027F64 UNWIND_INFO <21h, 24h, 0Ah, 0> UNWIND_CODE <24h, 0E4h> ; UWOP_SAVE_NONVOL dw 4 UNWIND_CODE <14h, 0D4h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <0Fh, 74h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <0Ah, 54h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <5, 34h> ; UWOP_SAVE_NONVOL dw 0Ah RUNTIME_FUNCTION <rva sub_10001A0B0, \ rva loc_10001A0BC, \ rva stru_100027F88> stru_100027F88 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 0A2h> ; UWOP_ALLOC_SMALL align 4 stru_100027F90 UNWIND_INFO <1, 2Ch, 0Bh, 0> UNWIND_CODE <2Ch, 34h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <18h, 0C4h> ; UWOP_SAVE_NONVOL dw 4 UNWIND_CODE <13h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <0Eh, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <9, 54h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100027FAC UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100019470, \ rva loc_10001952A, \ rva stru_100027FF8> stru_100027FBC UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_10001952A, \ rva loc_1000195F4, \ rva stru_100027FE4> stru_100027FCC UNWIND_INFO <21h, 0Ch, 4, 0> UNWIND_CODE <0Ch, 0C4h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <5, 54h> ; UWOP_SAVE_NONVOL dw 0Fh RUNTIME_FUNCTION <rva loc_10001952A, \ rva loc_1000195F4, \ rva stru_100027FE4> stru_100027FE4 UNWIND_INFO <21h, 8, 2, 0> UNWIND_CODE <8, 64h> ; UWOP_SAVE_NONVOL dw 10h RUNTIME_FUNCTION <rva sub_100019470, \ rva loc_10001952A, \ rva stru_100027FF8> stru_100027FF8 UNWIND_INFO <1, 22h, 0Bh, 0> UNWIND_CODE <22h, 0F4h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <17h, 0E4h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <13h, 0D4h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <0Fh, 74h> ; UWOP_SAVE_NONVOL dw 11h UNWIND_CODE <0Bh, 34h> ; UWOP_SAVE_NONVOL dw 0Eh UNWIND_CODE <7, 0C2h> ; UWOP_ALLOC_SMALL align 4 stru_100028014 UNWIND_INFO <1, 45h, 12h, 0> UNWIND_CODE <45h, 0F4h> ; UWOP_SAVE_NONVOL dw 1Ah UNWIND_CODE <3Ch, 0E4h> ; UWOP_SAVE_NONVOL dw 1Bh UNWIND_CODE <31h, 0D4h> ; UWOP_SAVE_NONVOL dw 1Ch UNWIND_CODE <2Dh, 0C4h> ; UWOP_SAVE_NONVOL dw 1Dh UNWIND_CODE <29h, 74h> ; UWOP_SAVE_NONVOL dw 1Eh UNWIND_CODE <25h, 64h> ; UWOP_SAVE_NONVOL dw 23h UNWIND_CODE <21h, 54h> ; UWOP_SAVE_NONVOL dw 22h UNWIND_CODE <1Dh, 34h> ; UWOP_SAVE_NONVOL dw 21h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 1Fh stru_10002803C UNWIND_INFO <1, 30h, 11h, 0> UNWIND_CODE <30h, 0F4h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <25h, 0E4h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <1Fh, 0D4h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <1Bh, 0C4h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <17h, 74h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <13h, 64h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <0Fh, 54h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <0Bh, 34h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <7, 82h> ; UWOP_ALLOC_SMALL align 4 stru_100028064 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100017A50, \ rva loc_100017A81, \ rva stru_100028094> stru_100028074 UNWIND_INFO <21h, 20h, 8, 0> UNWIND_CODE <20h, 74h> ; UWOP_SAVE_NONVOL dw 17Ah UNWIND_CODE <18h, 34h> ; UWOP_SAVE_NONVOL dw 17Dh UNWIND_CODE <10h, 64h> ; UWOP_SAVE_NONVOL dw 17Fh UNWIND_CODE <8, 54h> ; UWOP_SAVE_NONVOL dw 17Eh RUNTIME_FUNCTION <rva sub_100017A50, \ rva loc_100017A81, \ rva stru_100028094> stru_100028094 UNWIND_INFO <1, 16h, 2, 0> UNWIND_CODE <7, 1> ; UWOP_ALLOC_LARGE dw 17Bh stru_10002809C UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100017270, \ rva loc_10001729D, \ rva stru_1000280C0> stru_1000280AC UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 74h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva sub_100017270, \ rva loc_10001729D, \ rva stru_1000280C0> stru_1000280C0 UNWIND_INFO <1, 1Dh, 7, 0> UNWIND_CODE <1Dh, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <12h, 54h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <0Dh, 34h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_1000280D4 UNWIND_INFO <21h, 0, 0Ch, 0> UNWIND_CODE <0, 0D4h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <0, 0C4h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 11h UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 10h UNWIND_CODE <0, 54h> ; UWOP_SAVE_NONVOL dw 0Fh UNWIND_CODE <0, 34h> ; UWOP_SAVE_NONVOL dw 0Eh RUNTIME_FUNCTION <rva sub_100016A30, \ rva loc_100016A37, \ rva stru_100028124> stru_1000280FC UNWIND_INFO <21h, 18h, 0Ch, 0> UNWIND_CODE <18h, 0D4h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <14h, 0C4h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <10h, 74h> ; UWOP_SAVE_NONVOL dw 11h UNWIND_CODE <0Ch, 64h> ; UWOP_SAVE_NONVOL dw 10h UNWIND_CODE <8, 54h> ; UWOP_SAVE_NONVOL dw 0Fh UNWIND_CODE <4, 34h> ; UWOP_SAVE_NONVOL dw 0Eh RUNTIME_FUNCTION <rva sub_100016A30, \ rva loc_100016A37, \ rva stru_100028124> stru_100028124 UNWIND_INFO <1, 7, 1, 0> UNWIND_CODE <7, 0C2h> ; UWOP_ALLOC_SMALL align 4 stru_10002812C UNWIND_INFO <1, 2Ah, 0Dh, 0> UNWIND_CODE <2Ah, 0D4h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <25h, 0C4h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <20h, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <1Bh, 64h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <16h, 54h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <11h, 34h> ; UWOP_SAVE_NONVOL dw 0Eh UNWIND_CODE <4, 0E2h> ; UWOP_ALLOC_SMALL align 4 stru_10002814C UNWIND_INFO <1, 27h, 11h, 0> UNWIND_CODE <27h, 0F4h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <23h, 0E4h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <1Fh, 0D4h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <1Bh, 0C4h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <17h, 74h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <13h, 64h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <0Fh, 54h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <0Bh, 34h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <7, 82h> ; UWOP_ALLOC_SMALL align 4 stru_100028174 UNWIND_INFO <1, 2Ah, 0Bh, 0> UNWIND_CODE <2Ah, 34h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <18h, 0C4h> ; UWOP_SAVE_NONVOL dw 4 UNWIND_CODE <13h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <0Eh, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <9, 54h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100028190 UNWIND_INFO <1, 2Ah, 0Fh, 0> UNWIND_CODE <2Ah, 0E4h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <1Fh, 0D4h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <1Bh, 0C4h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <17h, 74h> ; UWOP_SAVE_NONVOL dw 0Fh UNWIND_CODE <13h, 64h> ; UWOP_SAVE_NONVOL dw 0Eh UNWIND_CODE <0Fh, 54h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <0Bh, 34h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <7, 0A2h> ; UWOP_ALLOC_SMALL align 4 stru_1000281B4 UNWIND_INFO <1, 26h, 0Fh, 0> UNWIND_CODE <26h, 0E4h> ; UWOP_SAVE_NONVOL dw 4 UNWIND_CODE <22h, 0D4h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <1Bh, 0C4h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <17h, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <13h, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <0Fh, 54h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <0Bh, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <7, 62h> ; UWOP_ALLOC_SMALL align 4 stru_1000281D8 UNWIND_INFO <21h, 0, 4, 0> UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <0, 54h> ; UWOP_SAVE_NONVOL dw 7 RUNTIME_FUNCTION <rva sub_100013EF0, \ rva loc_100013EF8, \ rva stru_100028230> stru_1000281F0 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_100013EF8, \ rva loc_100013F15, \ rva stru_100028214> stru_100028200 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 74h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva loc_100013EF8, \ rva loc_100013F15, \ rva stru_100028214> stru_100028214 UNWIND_INFO <21h, 14h, 6, 0> UNWIND_CODE <14h, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <0Ah, 54h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <5, 34h> ; UWOP_SAVE_NONVOL dw 6 RUNTIME_FUNCTION <rva sub_100013EF0, \ rva loc_100013EF8, \ rva stru_100028230> stru_100028230 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100028238 UNWIND_INFO <1, 2Ah, 0Bh, 0> UNWIND_CODE <2Ah, 0C4h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <20h, 74h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <1Bh, 64h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <12h, 54h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <0Dh, 34h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <4, 82h> ; UWOP_ALLOC_SMALL align 4 stru_100028254 UNWIND_INFO <1, 20h, 7, 0> UNWIND_CODE <20h, 74h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <0Eh, 64h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <4, 82h> ; UWOP_ALLOC_SMALL align 4 stru_100028268 UNWIND_INFO <21h, 8, 2, 0> UNWIND_CODE <8, 0F4h> ; UWOP_SAVE_NONVOL dw 11h RUNTIME_FUNCTION <rva sub_100011130, \ rva loc_10001122A, \ rva stru_10002827C> stru_10002827C UNWIND_INFO <1, 0F0h, 0Eh, 0> UNWIND_CODE <0F0h, 0D4h> ; UWOP_SAVE_NONVOL dw 13h UNWIND_CODE <2Fh, 0E4h> ; UWOP_SAVE_NONVOL dw 12h UNWIND_CODE <26h, 74h> ; UWOP_SAVE_NONVOL dw 14h UNWIND_CODE <1Bh, 64h> ; UWOP_SAVE_NONVOL dw 19h UNWIND_CODE <17h, 54h> ; UWOP_SAVE_NONVOL dw 18h UNWIND_CODE <13h, 34h> ; UWOP_SAVE_NONVOL dw 17h UNWIND_CODE <0Fh, 1> ; UWOP_ALLOC_LARGE dw 15h stru_10002829C UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100010EA0, \ rva loc_100010F79, \ rva stru_1000282C0> stru_1000282AC UNWIND_INFO <21h, 8, 2, 0> UNWIND_CODE <8, 64h> ; UWOP_SAVE_NONVOL dw 50h RUNTIME_FUNCTION <rva sub_100010EA0, \ rva loc_100010F79, \ rva stru_1000282C0> stru_1000282C0 UNWIND_INFO <1, 25h, 8, 0> UNWIND_CODE <25h, 74h> ; UWOP_SAVE_NONVOL dw 4Fh UNWIND_CODE <21h, 54h> ; UWOP_SAVE_NONVOL dw 55h UNWIND_CODE <1Dh, 34h> ; UWOP_SAVE_NONVOL dw 54h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 51h stru_1000282D4 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100010900, \ rva loc_100010C89, \ rva stru_1000282FC> stru_1000282E4 UNWIND_INFO <21h, 19h, 4, 0> UNWIND_CODE <19h, 64h> ; UWOP_SAVE_NONVOL dw 4Ch UNWIND_CODE <8, 54h> ; UWOP_SAVE_NONVOL dw 4Dh RUNTIME_FUNCTION <rva sub_100010900, \ rva loc_100010C89, \ rva stru_1000282FC> stru_1000282FC UNWIND_INFO <1, 2Ch, 6, 0> UNWIND_CODE <2Ch, 74h> ; UWOP_SAVE_NONVOL dw 4Bh UNWIND_CODE <24h, 34h> ; UWOP_SAVE_NONVOL dw 4Eh UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 4Fh stru_10002830C UNWIND_INFO <1, 28h, 0Dh, 0> UNWIND_CODE <28h, 0D4h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <1Fh, 0C4h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <18h, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <13h, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <0Eh, 54h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_10002832C UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 0Ah RUNTIME_FUNCTION <rva sub_10000DBF0, \ rva loc_10000DC1B, \ rva stru_100028380> stru_100028340 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_10000DC1B, \ rva loc_10000DC35, \ rva stru_100028368> stru_100028350 UNWIND_INFO <21h, 0Ah, 4, 0> UNWIND_CODE <0Ah, 0D4h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <5, 0C4h> ; UWOP_SAVE_NONVOL dw 6 RUNTIME_FUNCTION <rva loc_10000DC1B, \ rva loc_10000DC35, \ rva stru_100028368> stru_100028368 UNWIND_INFO <21h, 0Ah, 4, 0> UNWIND_CODE <0Ah, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <5, 54h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva sub_10000DBF0, \ rva loc_10000DC1B, \ rva stru_100028380> stru_100028380 UNWIND_INFO <1, 11h, 5, 0> UNWIND_CODE <11h, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_100028390 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10000CC40, \ rva loc_10000CC8D, \ rva stru_1000283B4> stru_1000283A0 UNWIND_INFO <21h, 4, 2, 0> UNWIND_CODE <4, 64h> ; UWOP_SAVE_NONVOL dw 57h RUNTIME_FUNCTION <rva sub_10000CC40, \ rva loc_10000CC8D, \ rva stru_1000283B4> stru_1000283B4 UNWIND_INFO <1, 29h, 6, 0> UNWIND_CODE <29h, 74h> ; UWOP_SAVE_NONVOL dw 52h UNWIND_CODE <25h, 34h> ; UWOP_SAVE_NONVOL dw 56h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 53h stru_1000283C4 UNWIND_INFO <1, 23h, 0Fh, 0> UNWIND_CODE <23h, 0E4h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <1Fh, 0D4h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <1Bh, 0C4h> ; UWOP_SAVE_NONVOL dw 0Eh UNWIND_CODE <17h, 74h> ; UWOP_SAVE_NONVOL dw 13h UNWIND_CODE <13h, 64h> ; UWOP_SAVE_NONVOL dw 12h UNWIND_CODE <0Fh, 54h> ; UWOP_SAVE_NONVOL dw 11h UNWIND_CODE <0Bh, 34h> ; UWOP_SAVE_NONVOL dw 10h UNWIND_CODE <7, 0E2h> ; UWOP_ALLOC_SMALL align 4 stru_1000283E8 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10000BB50, \ rva loc_10000BBB7, \ rva stru_10002840C> stru_1000283F8 UNWIND_INFO <21h, 8, 2, 0> UNWIND_CODE <8, 34h> ; UWOP_SAVE_NONVOL dw 24h RUNTIME_FUNCTION <rva sub_10000BB50, \ rva loc_10000BBB7, \ rva stru_10002840C> stru_10002840C UNWIND_INFO <1, 2Ch, 0Ah, 0> UNWIND_CODE <2Ch, 0C4h> ; UWOP_SAVE_NONVOL dw 20h UNWIND_CODE <25h, 74h> ; UWOP_SAVE_NONVOL dw 21h UNWIND_CODE <21h, 64h> ; UWOP_SAVE_NONVOL dw 22h UNWIND_CODE <1Dh, 54h> ; UWOP_SAVE_NONVOL dw 23h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 25h stru_100028424 UNWIND_INFO <1, 86h, 8, 0> UNWIND_CODE <86h, 34h> ; UWOP_SAVE_NONVOL dw 44h UNWIND_CODE <28h, 74h> ; UWOP_SAVE_NONVOL dw 42h UNWIND_CODE <24h, 64h> ; UWOP_SAVE_NONVOL dw 43h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 45h stru_100028438 UNWIND_INFO <1, 18h, 3, 0> UNWIND_CODE <9, 1> ; UWOP_ALLOC_LARGE dw 4Eh UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL align 4 stru_100028444 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10000B000, \ rva loc_10000B02F, \ rva stru_10002846C> stru_100028454 UNWIND_INFO <21h, 0Bh, 4, 0> UNWIND_CODE <0Bh, 34h> ; UWOP_SAVE_NONVOL dw 51h UNWIND_CODE <4, 64h> ; UWOP_SAVE_NONVOL dw 53h RUNTIME_FUNCTION <rva sub_10000B000, \ rva loc_10000B02F, \ rva stru_10002846C> stru_10002846C UNWIND_INFO <1, 21h, 6, 0> UNWIND_CODE <21h, 74h> ; UWOP_SAVE_NONVOL dw 4Eh UNWIND_CODE <1Dh, 54h> ; UWOP_SAVE_NONVOL dw 52h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 4Fh stru_10002847C UNWIND_INFO <1, 1Fh, 9, 0> UNWIND_CODE <1Fh, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <15h, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <0Eh, 54h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100028494 UNWIND_INFO <1, 0DFh, 0Dh, 0> UNWIND_CODE <0DFh, 74h> ; UWOP_SAVE_NONVOL dw 13h UNWIND_CODE <0D7h, 54h> ; UWOP_SAVE_NONVOL dw 11h UNWIND_CODE <17h, 0D4h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <13h, 0C4h> ; UWOP_SAVE_NONVOL dw 0Eh UNWIND_CODE <0Fh, 64h> ; UWOP_SAVE_NONVOL dw 12h UNWIND_CODE <0Bh, 34h> ; UWOP_SAVE_NONVOL dw 10h UNWIND_CODE <7, 0E2h> ; UWOP_ALLOC_SMALL align 4 stru_1000284B4 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva sub_1000081C0, \ rva loc_1000081CB, \ rva stru_1000284E0> stru_1000284C8 UNWIND_INFO <21h, 0Ah, 4, 0> UNWIND_CODE <0Ah, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <5, 34h> ; UWOP_SAVE_NONVOL dw 8 RUNTIME_FUNCTION <rva sub_1000081C0, \ rva loc_1000081CB, \ rva stru_1000284E0> stru_1000284E0 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_1000284E8 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 82h> ; UWOP_ALLOC_SMALL align 4 stru_1000284F0 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10001AF50, \ rva loc_10001AF65, \ rva stru_10002852C> stru_100028500 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 0Dh RUNTIME_FUNCTION <rva sub_10001AF50, \ rva loc_10001AF65, \ rva stru_10002852C> stru_100028514 UNWIND_INFO <21h, 0Ah, 4, 0> UNWIND_CODE <0Ah, 74h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <5, 64h> ; UWOP_SAVE_NONVOL dw 0Ch RUNTIME_FUNCTION <rva sub_10001AF50, \ rva loc_10001AF65, \ rva stru_10002852C> stru_10002852C UNWIND_INFO <1, 9, 3, 0> UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <4, 82h> ; UWOP_ALLOC_SMALL align 4 stru_100028538 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100019AE0, \ rva sub_100019B20, \ rva stru_1000285B8> stru_100028548 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100019B20, \ rva sub_100019B64, \ rva stru_100028590> stru_100028558 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 0C4h> ; UWOP_SAVE_NONVOL dw 12h RUNTIME_FUNCTION <rva sub_100019B20, \ rva sub_100019B64, \ rva stru_100028590> stru_10002856C UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100019B20, \ rva sub_100019B64, \ rva stru_100028590> stru_10002857C UNWIND_INFO <21h, 8, 2, 0> UNWIND_CODE <8, 0C4h> ; UWOP_SAVE_NONVOL dw 12h RUNTIME_FUNCTION <rva sub_100019B20, \ rva sub_100019B64, \ rva stru_100028590> stru_100028590 UNWIND_INFO <21h, 30h, 0Ch, 0> UNWIND_CODE <30h, 0F4h> ; UWOP_SAVE_NONVOL dw 0Fh UNWIND_CODE <28h, 0E4h> ; UWOP_SAVE_NONVOL dw 10h UNWIND_CODE <20h, 74h> ; UWOP_SAVE_NONVOL dw 17h UNWIND_CODE <18h, 64h> ; UWOP_SAVE_NONVOL dw 16h UNWIND_CODE <10h, 54h> ; UWOP_SAVE_NONVOL dw 15h UNWIND_CODE <8, 34h> ; UWOP_SAVE_NONVOL dw 14h RUNTIME_FUNCTION <rva sub_100019AE0, \ rva sub_100019B20, \ rva stru_1000285B8> stru_1000285B8 UNWIND_INFO <1, 12h, 4, 0> UNWIND_CODE <12h, 0D4h> ; UWOP_SAVE_NONVOL dw 11h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 13h stru_1000285C4 UNWIND_INFO <21h, 0, 4, 0> UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <0, 34h> ; UWOP_SAVE_NONVOL dw 6 RUNTIME_FUNCTION <rva sub_100018C50, \ rva sub_100018C7B, \ rva stru_100028604> stru_1000285DC UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100018C50, \ rva sub_100018C7B, \ rva stru_100028604> stru_1000285EC UNWIND_INFO <21h, 31h, 4, 0> UNWIND_CODE <31h, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <5, 34h> ; UWOP_SAVE_NONVOL dw 6 RUNTIME_FUNCTION <rva sub_100018C50, \ rva sub_100018C7B, \ rva stru_100028604> stru_100028604 UNWIND_INFO <1, 19h, 5, 0> UNWIND_CODE <19h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <0Eh, 54h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100028614 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100016560, \ rva loc_100016605, \ rva stru_100028664> stru_100028624 UNWIND_INFO <21h, 0, 4, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 4Dh UNWIND_CODE <0, 34h> ; UWOP_SAVE_NONVOL dw 52h RUNTIME_FUNCTION <rva sub_100016560, \ rva loc_100016605, \ rva stru_100028664> stru_10002863C UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100016560, \ rva loc_100016605, \ rva stru_100028664> stru_10002864C UNWIND_INFO <21h, 14h, 4, 0> UNWIND_CODE <14h, 74h> ; UWOP_SAVE_NONVOL dw 4Dh UNWIND_CODE <8, 34h> ; UWOP_SAVE_NONVOL dw 52h RUNTIME_FUNCTION <rva sub_100016560, \ rva loc_100016605, \ rva stru_100028664> stru_100028664 UNWIND_INFO <1, 2Bh, 8, 0> UNWIND_CODE <2Bh, 0C4h> ; UWOP_SAVE_NONVOL dw 4Ch UNWIND_CODE <24h, 64h> ; UWOP_SAVE_NONVOL dw 4Eh UNWIND_CODE <20h, 54h> ; UWOP_SAVE_NONVOL dw 53h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 4Fh stru_100028678 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva EnumFunc, \ rva loc_10001647F, \ rva stru_10002869C> stru_100028688 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 0C4h> ; UWOP_SAVE_NONVOL dw 4 RUNTIME_FUNCTION <rva EnumFunc, \ rva loc_10001647F, \ rva stru_10002869C> stru_10002869C UNWIND_INFO <1, 23h, 9, 0> UNWIND_CODE <23h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <1Eh, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <12h, 54h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <0Dh, 34h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_1000286B4 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_10001624C, \ rva loc_1000162A4, \ rva stru_1000286D8> stru_1000286C4 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 0C4h> ; UWOP_SAVE_NONVOL dw 4 RUNTIME_FUNCTION <rva loc_10001624C, \ rva loc_1000162A4, \ rva stru_1000286D8> stru_1000286D8 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva sub_1000161B0, \ rva loc_100016205, \ rva stru_100028710> stru_1000286EC UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_1000161B0, \ rva loc_100016205, \ rva stru_100028710> stru_1000286FC UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 74h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva sub_1000161B0, \ rva loc_100016205, \ rva stru_100028710> stru_100028710 UNWIND_INFO <1, 1Eh, 7, 0> UNWIND_CODE <1Eh, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <12h, 54h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <0Dh, 34h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100028724 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100015BE0, \ rva sub_100015BFA, \ rva stru_10002879C> stru_100028734 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100015BFA, \ rva sub_100015CFF, \ rva stru_100028788> stru_100028744 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100015CFF, \ rva sub_100015D11, \ rva stru_100028774> stru_100028754 UNWIND_INFO <21h, 1Dh, 8, 0> UNWIND_CODE <1Dh, 74h> ; UWOP_SAVE_NONVOL dw 13h UNWIND_CODE <15h, 64h> ; UWOP_SAVE_NONVOL dw 12h UNWIND_CODE <0Dh, 54h> ; UWOP_SAVE_NONVOL dw 11h UNWIND_CODE <5, 0D4h> ; UWOP_SAVE_NONVOL dw 0Dh RUNTIME_FUNCTION <rva sub_100015CFF, \ rva sub_100015D11, \ rva stru_100028774> stru_100028774 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 0C4h> ; UWOP_SAVE_NONVOL dw 0Eh RUNTIME_FUNCTION <rva sub_100015BFA, \ rva sub_100015CFF, \ rva stru_100028788> stru_100028788 UNWIND_INFO <21h, 4, 2, 0> UNWIND_CODE <4, 0E4h> ; UWOP_SAVE_NONVOL dw 0Ch RUNTIME_FUNCTION <rva sub_100015BE0, \ rva sub_100015BFA, \ rva stru_10002879C> stru_10002879C UNWIND_INFO <1, 0Fh, 3, 0> UNWIND_CODE <0Fh, 34h> ; UWOP_SAVE_NONVOL dw 10h UNWIND_CODE <7, 0E2h> ; UWOP_ALLOC_SMALL align 4 stru_1000287A8 UNWIND_INFO <21h, 0, 4, 0> UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <0, 34h> ; UWOP_SAVE_NONVOL dw 6 RUNTIME_FUNCTION <rva sub_100014AF0, \ rva loc_100014B1B, \ rva stru_1000287E8> stru_1000287C0 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100014AF0, \ rva loc_100014B1B, \ rva stru_1000287E8> stru_1000287D0 UNWIND_INFO <21h, 31h, 4, 0> UNWIND_CODE <31h, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <5, 34h> ; UWOP_SAVE_NONVOL dw 6 RUNTIME_FUNCTION <rva sub_100014AF0, \ rva loc_100014B1B, \ rva stru_1000287E8> stru_1000287E8 UNWIND_INFO <1, 19h, 5, 0> UNWIND_CODE <19h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <0Eh, 54h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_1000287F8 UNWIND_INFO <1, 3Ch, 9, 0> UNWIND_CODE <3Ch, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <2Eh, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <29h, 54h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <1Ch, 34h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <17h, 0C2h> ; UWOP_ALLOC_SMALL align 4 stru_100028810 UNWIND_INFO <21h, 0, 4, 0> UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <0, 34h> ; UWOP_SAVE_NONVOL dw 6 RUNTIME_FUNCTION <rva sub_100010810, \ rva loc_10001083B, \ rva stru_100028850> stru_100028828 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100010810, \ rva loc_10001083B, \ rva stru_100028850> stru_100028838 UNWIND_INFO <21h, 31h, 4, 0> UNWIND_CODE <31h, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <5, 34h> ; UWOP_SAVE_NONVOL dw 6 RUNTIME_FUNCTION <rva sub_100010810, \ rva loc_10001083B, \ rva stru_100028850> stru_100028850 UNWIND_INFO <1, 19h, 5, 0> UNWIND_CODE <19h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <0Eh, 54h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100028860 UNWIND_INFO <1, 11h, 5, 0> UNWIND_CODE <11h, 74h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <4, 82h> ; UWOP_ALLOC_SMALL align 4 stru_100028870 UNWIND_INFO <1, 5Ah, 12h, 0> UNWIND_CODE <5Ah, 0F4h> ; UWOP_SAVE_NONVOL dw 4Eh UNWIND_CODE <47h, 0E4h> ; UWOP_SAVE_NONVOL dw 4Fh UNWIND_CODE <37h, 0D4h> ; UWOP_SAVE_NONVOL dw 50h UNWIND_CODE <30h, 0C4h> ; UWOP_SAVE_NONVOL dw 51h UNWIND_CODE <29h, 74h> ; UWOP_SAVE_NONVOL dw 52h UNWIND_CODE <25h, 64h> ; UWOP_SAVE_NONVOL dw 57h UNWIND_CODE <21h, 54h> ; UWOP_SAVE_NONVOL dw 56h UNWIND_CODE <1Dh, 34h> ; UWOP_SAVE_NONVOL dw 55h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 53h stru_100028898 UNWIND_INFO <1, 0FBh, 12h, 0> UNWIND_CODE <0FBh, 54h> ; UWOP_SAVE_NONVOL dw 1Bh UNWIND_CODE <2Ch, 0F4h> ; UWOP_SAVE_NONVOL dw 15h UNWIND_CODE <25h, 0E4h> ; UWOP_SAVE_NONVOL dw 16h UNWIND_CODE <1Eh, 0D4h> ; UWOP_SAVE_NONVOL dw 17h UNWIND_CODE <1Ah, 0C4h> ; UWOP_SAVE_NONVOL dw 18h UNWIND_CODE <16h, 74h> ; UWOP_SAVE_NONVOL dw 1Dh UNWIND_CODE <12h, 64h> ; UWOP_SAVE_NONVOL dw 1Ch UNWIND_CODE <0Eh, 34h> ; UWOP_SAVE_NONVOL dw 1Ah UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 19h stru_1000288C0 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 0Fh RUNTIME_FUNCTION <rva sub_10000D890, \ rva loc_10000D899, \ rva stru_1000288EC> stru_1000288D4 UNWIND_INFO <21h, 0Ah, 4, 0> UNWIND_CODE <0Ah, 74h> ; UWOP_SAVE_NONVOL dw 0Fh UNWIND_CODE <5, 64h> ; UWOP_SAVE_NONVOL dw 0Eh RUNTIME_FUNCTION <rva sub_10000D890, \ rva loc_10000D899, \ rva stru_1000288EC> stru_1000288EC UNWIND_INFO <1, 9, 3, 0> UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <4, 0A2h> ; UWOP_ALLOC_SMALL align 4 stru_1000288F8 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10000CDE0, \ rva loc_10000CE54, \ rva stru_100028950> stru_100028908 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 2Bh RUNTIME_FUNCTION <rva sub_10000CDE0, \ rva loc_10000CE54, \ rva stru_100028950> stru_10002891C UNWIND_INFO <21h, 0, 4, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 2Bh UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 2Ch RUNTIME_FUNCTION <rva sub_10000CDE0, \ rva loc_10000CE54, \ rva stru_100028950> stru_100028934 UNWIND_INFO <21h, 0F2h, 6, 0> UNWIND_CODE <0F2h, 74h> ; UWOP_SAVE_NONVOL dw 2Bh UNWIND_CODE <7Ch, 64h> ; UWOP_SAVE_NONVOL dw 2Ch UNWIND_CODE <8, 0D4h> ; UWOP_SAVE_NONVOL dw 29h RUNTIME_FUNCTION <rva sub_10000CDE0, \ rva loc_10000CE54, \ rva stru_100028950> stru_100028950 UNWIND_INFO <1, 37h, 0Ch, 0> UNWIND_CODE <37h, 0F4h> ; UWOP_SAVE_NONVOL dw 27h UNWIND_CODE <33h, 0E4h> ; UWOP_SAVE_NONVOL dw 28h UNWIND_CODE <2Ch, 0C4h> ; UWOP_SAVE_NONVOL dw 2Ah UNWIND_CODE <28h, 54h> ; UWOP_SAVE_NONVOL dw 2Dh UNWIND_CODE <24h, 34h> ; UWOP_SAVE_NONVOL dw 2Eh UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 2Fh stru_10002896C UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10000B210, \ rva loc_10000B28C, \ rva stru_100028994> stru_10002897C UNWIND_INFO <21h, 10h, 4, 0> UNWIND_CODE <10h, 74h> ; UWOP_SAVE_NONVOL dw 19h UNWIND_CODE <8, 54h> ; UWOP_SAVE_NONVOL dw 17h RUNTIME_FUNCTION <rva sub_10000B210, \ rva loc_10000B28C, \ rva stru_100028994> stru_100028994 UNWIND_INFO <1, 19h, 8, 0> UNWIND_CODE <19h, 0C4h> ; UWOP_SAVE_NONVOL dw 14h UNWIND_CODE <15h, 64h> ; UWOP_SAVE_NONVOL dw 18h UNWIND_CODE <11h, 34h> ; UWOP_SAVE_NONVOL dw 16h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 15h stru_1000289A8 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10000AD60, \ rva loc_10000AE44, \ rva stru_1000289CC> stru_1000289B8 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 54h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva sub_10000AD60, \ rva loc_10000AE44, \ rva stru_1000289CC> stru_1000289CC UNWIND_INFO <1, 18h, 9, 0> UNWIND_CODE <18h, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <13h, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <0Eh, 0C4h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <9, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_1000289E4 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10000A660, \ rva loc_10000A664, \ rva stru_100028A14> stru_1000289F4 UNWIND_INFO <21h, 14h, 8, 0> UNWIND_CODE <14h, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <0Fh, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <0Ah, 54h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <5, 34h> ; UWOP_SAVE_NONVOL dw 8 RUNTIME_FUNCTION <rva sub_10000A660, \ rva loc_10000A664, \ rva stru_100028A14> stru_100028A14 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_100028A1C UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 0Fh RUNTIME_FUNCTION <rva sub_10000A530, \ rva loc_10000A539, \ rva stru_100028A48> stru_100028A30 UNWIND_INFO <21h, 0Ah, 4, 0> UNWIND_CODE <0Ah, 74h> ; UWOP_SAVE_NONVOL dw 0Fh UNWIND_CODE <5, 64h> ; UWOP_SAVE_NONVOL dw 0Eh RUNTIME_FUNCTION <rva sub_10000A530, \ rva loc_10000A539, \ rva stru_100028A48> stru_100028A48 UNWIND_INFO <1, 9, 3, 0> UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <4, 0A2h> ; UWOP_ALLOC_SMALL align 4 stru_100028A54 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_1000045B0, \ rva loc_1000045EB, \ rva stru_100028A7C> stru_100028A64 UNWIND_INFO <21h, 0Fh, 4, 0> UNWIND_CODE <0Fh, 74h> ; UWOP_SAVE_NONVOL dw 53h UNWIND_CODE <4, 34h> ; UWOP_SAVE_NONVOL dw 51h RUNTIME_FUNCTION <rva sub_1000045B0, \ rva loc_1000045EB, \ rva stru_100028A7C> stru_100028A7C UNWIND_INFO <1, 24h, 4, 0> UNWIND_CODE <24h, 64h> ; UWOP_SAVE_NONVOL dw 52h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 4Fh stru_100028A88 UNWIND_INFO <1, 1Bh, 7, 0> UNWIND_CODE <1Bh, 74h> ; UWOP_SAVE_NONVOL dw 0Fh UNWIND_CODE <11h, 64h> ; UWOP_SAVE_NONVOL dw 0Eh UNWIND_CODE <0Ch, 34h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <4, 0A2h> ; UWOP_ALLOC_SMALL align 4 stru_100028A9C UNWIND_INFO <1, 11h, 5, 0> UNWIND_CODE <11h, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <0Ch, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100028AAC UNWIND_INFO <1, 3Fh, 12h, 0> UNWIND_CODE <3Fh, 0F4h> ; UWOP_SAVE_NONVOL dw 111h UNWIND_CODE <35h, 0E4h> ; UWOP_SAVE_NONVOL dw 112h UNWIND_CODE <31h, 0D4h> ; UWOP_SAVE_NONVOL dw 113h UNWIND_CODE <2Dh, 0C4h> ; UWOP_SAVE_NONVOL dw 114h UNWIND_CODE <29h, 74h> ; UWOP_SAVE_NONVOL dw 115h UNWIND_CODE <25h, 64h> ; UWOP_SAVE_NONVOL dw 116h UNWIND_CODE <21h, 54h> ; UWOP_SAVE_NONVOL dw 11Bh UNWIND_CODE <1Dh, 34h> ; UWOP_SAVE_NONVOL dw 11Ah UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 117h stru_100028AD4 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_1000133C0, \ rva loc_1000133E9, \ rva stru_100028AF8> stru_100028AE4 UNWIND_INFO <21h, 4, 2, 0> UNWIND_CODE <4, 0C4h> ; UWOP_SAVE_NONVOL dw 12h RUNTIME_FUNCTION <rva sub_1000133C0, \ rva loc_1000133E9, \ rva stru_100028AF8> stru_100028AF8 UNWIND_INFO <1, 1Ah, 0Ah, 0> UNWIND_CODE <1Ah, 74h> ; UWOP_SAVE_NONVOL dw 17h UNWIND_CODE <16h, 64h> ; UWOP_SAVE_NONVOL dw 16h UNWIND_CODE <12h, 54h> ; UWOP_SAVE_NONVOL dw 15h UNWIND_CODE <0Eh, 34h> ; UWOP_SAVE_NONVOL dw 14h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 13h stru_100028B10 UNWIND_INFO <1, 11h, 5, 0> UNWIND_CODE <11h, 74h> ; UWOP_SAVE_NONVOL dw 0Fh UNWIND_CODE <0Ch, 34h> ; UWOP_SAVE_NONVOL dw 0Eh UNWIND_CODE <4, 0A2h> ; UWOP_ALLOC_SMALL align 4 stru_100028B20 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_1000114A0, \ rva loc_1000115E2, \ rva stru_100028B78> stru_100028B30 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_1000115E2, \ rva loc_100011611, \ rva stru_100028B64> stru_100028B40 UNWIND_INFO <21h, 3Ah, 0Ah, 0> UNWIND_CODE <3Ah, 64h> ; UWOP_SAVE_NONVOL dw 5Bh UNWIND_CODE <2Ah, 0F4h> ; UWOP_SAVE_NONVOL dw 52h UNWIND_CODE <22h, 0E4h> ; UWOP_SAVE_NONVOL dw 53h UNWIND_CODE <15h, 74h> ; UWOP_SAVE_NONVOL dw 56h UNWIND_CODE <8, 34h> ; UWOP_SAVE_NONVOL dw 59h RUNTIME_FUNCTION <rva loc_1000115E2, \ rva loc_100011611, \ rva stru_100028B64> stru_100028B64 UNWIND_INFO <21h, 8, 2, 0> UNWIND_CODE <8, 54h> ; UWOP_SAVE_NONVOL dw 5Ah RUNTIME_FUNCTION <rva sub_1000114A0, \ rva loc_1000115E2, \ rva stru_100028B78> stru_100028B78 UNWIND_INFO <1, 34h, 6, 0> UNWIND_CODE <34h, 0D4h> ; UWOP_SAVE_NONVOL dw 54h UNWIND_CODE <1Dh, 0C4h> ; UWOP_SAVE_NONVOL dw 55h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 57h stru_100028B88 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_100028B90 UNWIND_INFO <21h, 0, 6, 0> UNWIND_CODE <0, 0D4h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <0, 54h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva sub_10000D300, \ rva loc_10000D307, \ rva stru_100028C24> stru_100028BAC UNWIND_INFO <21h, 0, 0Ah, 0> UNWIND_CODE <0, 0E4h> ; UWOP_SAVE_NONVOL dw 4 UNWIND_CODE <0, 0D4h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <0, 54h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva sub_10000D300, \ rva loc_10000D307, \ rva stru_100028C24> stru_100028BD0 UNWIND_INFO <21h, 0, 4, 0> UNWIND_CODE <0, 0E4h> ; UWOP_SAVE_NONVOL dw 4 UNWIND_CODE <0, 0D4h> ; UWOP_SAVE_NONVOL dw 5 RUNTIME_FUNCTION <rva loc_10000D307, \ rva loc_10000D317, \ rva stru_100028C04> stru_100028BE8 UNWIND_INFO <21h, 0Ch, 6, 0> UNWIND_CODE <0Ch, 0E4h> ; UWOP_SAVE_NONVOL dw 4 UNWIND_CODE <8, 0D4h> ; UWOP_SAVE_NONVOL dw 5 UNWIND_CODE <4, 0C4h> ; UWOP_SAVE_NONVOL dw 6 RUNTIME_FUNCTION <rva loc_10000D307, \ rva loc_10000D317, \ rva stru_100028C04> stru_100028C04 UNWIND_INFO <21h, 10h, 8, 0> UNWIND_CODE <10h, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <0Ch, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <8, 54h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <4, 34h> ; UWOP_SAVE_NONVOL dw 8 RUNTIME_FUNCTION <rva sub_10000D300, \ rva loc_10000D307, \ rva stru_100028C24> stru_100028C24 UNWIND_INFO <1, 7, 1, 0> UNWIND_CODE <7, 62h> ; UWOP_ALLOC_SMALL align 4 stru_100028C2C UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10000B6F0, \ rva loc_10000B761, \ rva stru_100028C98> stru_100028C3C UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 1Ch RUNTIME_FUNCTION <rva sub_10000B6F0, \ rva loc_10000B761, \ rva stru_100028C98> stru_100028C50 UNWIND_INFO <21h, 0, 6, 0> UNWIND_CODE <0, 0D4h> ; UWOP_SAVE_NONVOL dw 17h UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 1Dh UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 1Ch RUNTIME_FUNCTION <rva sub_10000B6F0, \ rva loc_10000B761, \ rva stru_100028C98> stru_100028C6C UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10000B6F0, \ rva loc_10000B761, \ rva stru_100028C98> stru_100028C7C UNWIND_INFO <21h, 2Eh, 6, 0> UNWIND_CODE <2Eh, 0D4h> ; UWOP_SAVE_NONVOL dw 17h UNWIND_CODE <23h, 74h> ; UWOP_SAVE_NONVOL dw 1Dh UNWIND_CODE <8, 64h> ; UWOP_SAVE_NONVOL dw 1Ch RUNTIME_FUNCTION <rva sub_10000B6F0, \ rva loc_10000B761, \ rva stru_100028C98> stru_100028C98 UNWIND_INFO <1, 1Ah, 0Ah, 0> UNWIND_CODE <1Ah, 0E4h> ; UWOP_SAVE_NONVOL dw 16h UNWIND_CODE <16h, 0C4h> ; UWOP_SAVE_NONVOL dw 18h UNWIND_CODE <12h, 54h> ; UWOP_SAVE_NONVOL dw 1Bh UNWIND_CODE <0Eh, 34h> ; UWOP_SAVE_NONVOL dw 1Ah UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 19h stru_100028CB0 UNWIND_INFO <21h, 0, 4, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 11h UNWIND_CODE <0, 54h> ; UWOP_SAVE_NONVOL dw 0Fh RUNTIME_FUNCTION <rva sub_100005430, \ rva loc_10000543A, \ rva stru_100028CEC> stru_100028CC8 UNWIND_INFO <21h, 46h, 0Ah, 0> UNWIND_CODE <46h, 0C4h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <10h, 74h> ; UWOP_SAVE_NONVOL dw 11h UNWIND_CODE <0Ch, 64h> ; UWOP_SAVE_NONVOL dw 10h UNWIND_CODE <8, 54h> ; UWOP_SAVE_NONVOL dw 0Fh UNWIND_CODE <4, 34h> ; UWOP_SAVE_NONVOL dw 0Eh RUNTIME_FUNCTION <rva sub_100005430, \ rva loc_10000543A, \ rva stru_100028CEC> stru_100028CEC UNWIND_INFO <1, 7, 1, 0> UNWIND_CODE <7, 0C2h> ; UWOP_ALLOC_SMALL align 4 stru_100028CF4 UNWIND_INFO <1, 1Eh, 7, 0> UNWIND_CODE <1Eh, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <19h, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100028D08 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100004B90, \ rva loc_100004D4F, \ rva stru_100028D4C> stru_100028D18 UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 63h RUNTIME_FUNCTION <rva sub_100004B90, \ rva loc_100004D4F, \ rva stru_100028D4C> stru_100028D2C UNWIND_INFO <21h, 0D4h, 8, 0> UNWIND_CODE <0D4h, 0C4h> ; UWOP_SAVE_NONVOL dw 5Dh UNWIND_CODE <0CCh, 64h> ; UWOP_SAVE_NONVOL dw 63h UNWIND_CODE <10h, 74h> ; UWOP_SAVE_NONVOL dw 5Eh UNWIND_CODE <8, 34h> ; UWOP_SAVE_NONVOL dw 61h RUNTIME_FUNCTION <rva sub_100004B90, \ rva loc_100004D4F, \ rva stru_100028D4C> stru_100028D4C UNWIND_INFO <1, 26h, 6, 0> UNWIND_CODE <26h, 0D4h> ; UWOP_SAVE_NONVOL dw 5Ch UNWIND_CODE <1Dh, 54h> ; UWOP_SAVE_NONVOL dw 62h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 5Fh stru_100028D5C UNWIND_INFO <1, 24h, 0Bh, 0> UNWIND_CODE <24h, 0C4h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <1Ah, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <13h, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <0Eh, 54h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_100028D78 UNWIND_INFO <1, 24h, 0Bh, 0> UNWIND_CODE <24h, 0C4h> ; UWOP_SAVE_NONVOL dw 4 UNWIND_CODE <1Ah, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <13h, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <0Eh, 54h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100028D94 UNWIND_INFO <1, 20h, 0Ch, 0> UNWIND_CODE <20h, 0C4h> ; UWOP_SAVE_NONVOL dw 14h UNWIND_CODE <1Ah, 74h> ; UWOP_SAVE_NONVOL dw 19h UNWIND_CODE <16h, 64h> ; UWOP_SAVE_NONVOL dw 18h UNWIND_CODE <12h, 54h> ; UWOP_SAVE_NONVOL dw 17h UNWIND_CODE <0Eh, 34h> ; UWOP_SAVE_NONVOL dw 16h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 15h stru_100028DB0 UNWIND_INFO <1, 6, 2, 0> UNWIND_CODE <6, 32h> ; UWOP_ALLOC_SMALL UNWIND_CODE <2, 30h> ; UWOP_PUSH_NONVOL stru_100028DB8 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10000F280, \ rva loc_10000F2B6, \ rva stru_100028E00> stru_100028DC8 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_10000F2B6, \ rva loc_10000F2C2, \ rva stru_100028DEC> stru_100028DD8 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 64h> ; UWOP_SAVE_NONVOL dw 0Ah RUNTIME_FUNCTION <rva loc_10000F2B6, \ rva loc_10000F2C2, \ rva stru_100028DEC> stru_100028DEC UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 54h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva sub_10000F280, \ rva loc_10000F2B6, \ rva stru_100028E00> stru_100028E00 UNWIND_INFO <1, 1Ah, 5, 0> UNWIND_CODE <1Ah, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_100028E10 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10000E720, \ rva loc_10000E76B, \ rva stru_100028E84> stru_100028E20 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_10000E76B, \ rva loc_10000E7E9, \ rva stru_100028E6C> stru_100028E30 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_10000E7E9, \ rva loc_10000E7FB, \ rva stru_100028E54> stru_100028E40 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 0E4h> ; UWOP_SAVE_NONVOL dw 0Ch RUNTIME_FUNCTION <rva loc_10000E7E9, \ rva loc_10000E7FB, \ rva stru_100028E54> stru_100028E54 UNWIND_INFO <21h, 12h, 4, 0> UNWIND_CODE <12h, 0C4h> ; UWOP_SAVE_NONVOL dw 0Eh UNWIND_CODE <8, 34h> ; UWOP_SAVE_NONVOL dw 10h RUNTIME_FUNCTION <rva loc_10000E76B, \ rva loc_10000E7E9, \ rva stru_100028E6C> stru_100028E6C UNWIND_INFO <21h, 0Dh, 4, 0> UNWIND_CODE <0Dh, 0F4h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <8, 64h> ; UWOP_SAVE_NONVOL dw 12h RUNTIME_FUNCTION <rva sub_10000E720, \ rva loc_10000E76B, \ rva stru_100028E84> stru_100028E84 UNWIND_INFO <1, 1Ah, 7, 0> UNWIND_CODE <1Ah, 0D4h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <16h, 74h> ; UWOP_SAVE_NONVOL dw 13h UNWIND_CODE <12h, 54h> ; UWOP_SAVE_NONVOL dw 11h UNWIND_CODE <7, 0E2h> ; UWOP_ALLOC_SMALL align 4 stru_100028E98 UNWIND_INFO <1, 2Bh, 8, 0> UNWIND_CODE <2Bh, 74h> ; UWOP_SAVE_NONVOL dw 60h UNWIND_CODE <27h, 64h> ; UWOP_SAVE_NONVOL dw 65h UNWIND_CODE <23h, 34h> ; UWOP_SAVE_NONVOL dw 64h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 61h stru_100028EAC UNWIND_INFO <1, 8Fh, 10h, 0> UNWIND_CODE <8Fh, 0E4h> ; UWOP_SAVE_NONVOL dw 4Ah UNWIND_CODE <87h, 0C4h> ; UWOP_SAVE_NONVOL dw 4Ch UNWIND_CODE <7Fh, 74h> ; UWOP_SAVE_NONVOL dw 4Dh UNWIND_CODE <37h, 0D4h> ; UWOP_SAVE_NONVOL dw 4Bh UNWIND_CODE <25h, 64h> ; UWOP_SAVE_NONVOL dw 4Eh UNWIND_CODE <21h, 54h> ; UWOP_SAVE_NONVOL dw 53h UNWIND_CODE <1Dh, 34h> ; UWOP_SAVE_NONVOL dw 52h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 4Fh stru_100028ED0 UNWIND_INFO <21h, 0, 4, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 0Ah RUNTIME_FUNCTION <rva sub_100017660, \ rva loc_100017669, \ rva stru_100028F08> stru_100028EE8 UNWIND_INFO <21h, 1Ch, 8, 0> UNWIND_CODE <1Ch, 0C4h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <14h, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <0Ah, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <5, 54h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva sub_100017660, \ rva loc_100017669, \ rva stru_100028F08> stru_100028F08 UNWIND_INFO <1, 9, 3, 0> UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_100028F14 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100013C10, \ rva sub_100013DBC, \ rva stru_100028F38> stru_100028F24 UNWIND_INFO <21h, 8, 2, 0> UNWIND_CODE <8, 74h> ; UWOP_SAVE_NONVOL dw 8Dh RUNTIME_FUNCTION <rva sub_100013C10, \ rva sub_100013DBC, \ rva stru_100028F38> stru_100028F38 UNWIND_INFO <1, 2Dh, 8, 0> UNWIND_CODE <2Dh, 64h> ; UWOP_SAVE_NONVOL dw 8Eh UNWIND_CODE <21h, 54h> ; UWOP_SAVE_NONVOL dw 93h UNWIND_CODE <1Dh, 34h> ; UWOP_SAVE_NONVOL dw 92h UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 8Fh stru_100028F4C UNWIND_INFO <1, 24h, 0Bh, 0> UNWIND_CODE <24h, 0C4h> ; UWOP_SAVE_NONVOL dw 4 UNWIND_CODE <1Ah, 74h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <13h, 64h> ; UWOP_SAVE_NONVOL dw 8 UNWIND_CODE <0Eh, 54h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100028F68 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_10000F3E0, \ rva loc_10000F441, \ rva stru_100028FB0> stru_100028F78 UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva loc_10000F441, \ rva loc_10000F450, \ rva stru_100028F9C> stru_100028F88 UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 74h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva loc_10000F441, \ rva loc_10000F450, \ rva stru_100028F9C> stru_100028F9C UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 64h> ; UWOP_SAVE_NONVOL dw 8 RUNTIME_FUNCTION <rva sub_10000F3E0, \ rva loc_10000F441, \ rva stru_100028FB0> stru_100028FB0 UNWIND_INFO <1, 0Dh, 3, 0> UNWIND_CODE <0Dh, 34h> ; UWOP_SAVE_NONVOL dw 7 UNWIND_CODE <4, 42h> ; UWOP_ALLOC_SMALL align 4 stru_100028FBC UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 74h> ; UWOP_SAVE_NONVOL dw 0Bh RUNTIME_FUNCTION <rva sub_10000D710, \ rva loc_10000D714, \ rva stru_100028FF4> stru_100028FD0 UNWIND_INFO <21h, 19h, 0Ah, 0> UNWIND_CODE <19h, 0C4h> ; UWOP_SAVE_NONVOL dw 6 UNWIND_CODE <14h, 74h> ; UWOP_SAVE_NONVOL dw 0Bh UNWIND_CODE <0Fh, 64h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <0Ah, 54h> ; UWOP_SAVE_NONVOL dw 9 UNWIND_CODE <5, 34h> ; UWOP_SAVE_NONVOL dw 8 RUNTIME_FUNCTION <rva sub_10000D710, \ rva loc_10000D714, \ rva stru_100028FF4> stru_100028FF4 UNWIND_INFO <1, 4, 1, 0> UNWIND_CODE <4, 62h> ; UWOP_ALLOC_SMALL align 4 stru_100028FFC UNWIND_INFO <21h, 0, 0, 0> RUNTIME_FUNCTION <rva sub_100006CF0, \ rva loc_10000712D, \ rva stru_100029020> stru_10002900C UNWIND_INFO <21h, 5, 2, 0> UNWIND_CODE <5, 0D4h> ; UWOP_SAVE_NONVOL dw 9 RUNTIME_FUNCTION <rva sub_100006CF0, \ rva loc_10000712D, \ rva stru_100029020> stru_100029020 UNWIND_INFO <1, 9Fh, 0Bh, 0> UNWIND_CODE <9Fh, 74h> ; UWOP_SAVE_NONVOL dw 0Fh UNWIND_CODE <1Bh, 0C4h> ; UWOP_SAVE_NONVOL dw 0Ah UNWIND_CODE <16h, 64h> ; UWOP_SAVE_NONVOL dw 0Eh UNWIND_CODE <11h, 54h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <0Ch, 34h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <4, 0A2h> ; UWOP_ALLOC_SMALL align 4 stru_10002903C UNWIND_INFO <21h, 0, 2, 0> UNWIND_CODE <0, 64h> ; UWOP_SAVE_NONVOL dw 96h RUNTIME_FUNCTION <rva wWinMain, \ rva loc_1000076B9, \ rva stru_100029074> stru_100029050 UNWIND_INFO <21h, 0ECh, 0Ah, 0> UNWIND_CODE <0ECh, 34h> ; UWOP_SAVE_NONVOL dw 98h UNWIND_CODE <10h, 0C4h> ; UWOP_SAVE_NONVOL dw 94h UNWIND_CODE <0Ch, 74h> ; UWOP_SAVE_NONVOL dw 95h UNWIND_CODE <8, 64h> ; UWOP_SAVE_NONVOL dw 96h UNWIND_CODE <4, 54h> ; UWOP_SAVE_NONVOL dw 97h RUNTIME_FUNCTION <rva wWinMain, \ rva loc_1000076B9, \ rva stru_100029074> stru_100029074 UNWIND_INFO <1, 19h, 2, 0> UNWIND_CODE <0Ah, 1> ; UWOP_ALLOC_LARGE dw 99h stru_10002907C UNWIND_INFO <1, 0Eh, 5, 0> UNWIND_CODE <0Eh, 74h> ; UWOP_SAVE_NONVOL dw 0Dh UNWIND_CODE <9, 34h> ; UWOP_SAVE_NONVOL dw 0Ch UNWIND_CODE <4, 82h> ; UWOP_ALLOC_SMALL align 4 WTSAPI32_dll_import_table dd 1 ; Attributes dd rva aWtsapi32_dll ; "WTSAPI32.dll" dd rva WTSAPI32_dll_handle ; Module handle dd rva __imp_WTSDisconnectSession ; Delayed Import Address Table dd rva WTSAPI32_dll_dint ; Delayed Import Name Table dd rva WTSAPI32_dll_dbiat ; Bound Delayed Import Address Table dd 0 ; Unload Delayed Import Table dd 0 ; Time stamp WINSTA_dll_import_table dd 1 ; Attributes dd rva aWinsta_dll ; "WINSTA.dll" dd rva WINSTA_dll_handle ; Module handle dd rva __imp_WinStationShadow ; Delayed Import Address Table dd rva WINSTA_dll_dint ; Delayed Import Name Table dd rva WINSTA_dll_dbiat ; Bound Delayed Import Address Table dd 0 ; Unload Delayed Import Table dd 0 ; Time stamp MSGINA_dll_import_table dd 1 ; Attributes dd rva aMsgina_dll ; "MSGINA.dll" dd rva MSGINA_dll_handle ; Module handle dd rva MSGINA_20 ; Delayed Import Address Table dd rva MSGINA_dll_dint ; Delayed Import Name Table dd rva MSGINA_dll_dbiat ; Bound Delayed Import Address Table dd 0 ; Unload Delayed Import Table dd 0 ; Time stamp UTILDLL_dll_import_table dd 1 ; Attributes dd rva aUtildll_dll ; "UTILDLL.dll" dd rva UTILDLL_dll_handle ; Module handle dd rva __imp_CachedGetUserFromSid ; Delayed Import Address Table dd rva UTILDLL_dll_dint ; Delayed Import Name Table dd rva UTILDLL_dll_dbiat ; Bound Delayed Import Address Table dd 0 ; Unload Delayed Import Table dd 0 ; Time stamp ole32_dll_import_table dd 1 ; Attributes dd rva aOle32_dll ; "ole32.dll" dd rva ole32_dll_handle ; Module handle dd rva CLSIDFromString ; Delayed Import Address Table dd rva ole32_dll_dint ; Delayed Import Name Table dd rva ole32_dll_dbiat ; Bound Delayed Import Address Table dd 0 ; Unload Delayed Import Table dd 0 ; Time stamp align 10h dq 4 dup(0) MSGINA_dll_dint dq 8000000000000014h ; MSGINA.dll delayed import name table dq 0 UTILDLL_dll_dint dq rva word_1000292CE ; UTILDLL.dll delayed import name table dq rva word_1000292E6 dq 0 WINSTA_dll_dint dq rva word_1000292BA ; WINSTA.dll delayed import name table dq rva word_10002929C dq rva word_10002926C dq rva word_100029286 dq 0 WTSAPI32_dll_dint dq rva word_100029240 ; WTSAPI32.dll delayed import name table dq rva word_10002922E dq rva word_10002921E dq rva word_100029200 dq rva word_100029258 dq rva word_1000291E8 dq 0 ole32_dll_dint dq rva word_1000292FE ; ole32.dll delayed import name table dq 0 word_1000291E8 dw 0 aWtsenumeratese db 'WTSEnumerateSessionsW',0 word_100029200 dw 0 aWtsquerysessio db 'WTSQuerySessionInformationW',0 word_10002921E dw 0 aWtsfreememory db 'WTSFreeMemory',0 word_10002922E dw 0 aWtssendmessage db 'WTSSendMessageW',0 word_100029240 dw 0 aWtsdisconnects db 'WTSDisconnectSession',0 db 41h word_100029258 dw 0 aWtslogoffsessi db 'WTSLogoffSession',0 align 4 word_10002926C dw 0 aWinstationgetp db 'WinStationGetProcessSid',0 word_100029286 dw 0 aWinstationconn db 'WinStationConnectW',0 db 49h word_10002929C dw 0 aWinstationquer db 'WinStationQueryInformationW',0 word_1000292BA dw 0 aWinstationshad db 'WinStationShadow',0 align 2 word_1000292CE dw 0 aCachedgetuserf db 'CachedGetUserFromSid',0 db 4Ch word_1000292E6 dw 0 aCurrentdatetim db 'CurrentDateTimeString',0 word_1000292FE dw 0 aClsidfromstrin db 'CLSIDFromString',0 WTSAPI32_dll_dbiat dq 0 ; WTSAPI32.dll bound delayed import address table dq 6 dup(0) WINSTA_dll_dbiat dq 0 ; WINSTA.dll bound delayed import address table dq 4 dup(0) MSGINA_dll_dbiat dq 0 ; MSGINA.dll bound delayed import address table align 20h UTILDLL_dll_dbiat dq 0 ; UTILDLL.dll bound delayed import address table dq 2 dup(0) ole32_dll_dbiat dq 0 ; ole32.dll bound delayed import address table dq 0 __IMPORT_DESCRIPTOR_ADVAPI32 dd rva off_100029488 ; Import Name Table dd 0 ; Time stamp dd 0 ; Forwarder Chain dd rva aAdvapi32_dll ; DLL Name dd rva RegCreateKeyExW ; Import Address Table __IMPORT_DESCRIPTOR_KERNEL32 dd rva off_1000295D8 ; Import Name Table dd 0 ; Time stamp dd 0 ; Forwarder Chain dd rva aKernel32_dll ; DLL Name dd rva OpenProcess ; Import Address Table __IMPORT_DESCRIPTOR_ntdll dd rva off_100029DC0 ; Import Name Table dd 0 ; Time stamp dd 0 ; Forwarder Chain dd rva aNtdll_dll ; DLL Name dd rva RtlTimeToElapsedTimeFields ; Import Address Table __IMPORT_DESCRIPTOR_GDI32 dd rva off_100029528 ; Import Name Table dd 0 ; Time stamp dd 0 ; Forwarder Chain dd rva aGdi32_dll ; DLL Name dd rva CreateFontIndirectW ; Import Address Table __IMPORT_DESCRIPTOR_USER32 dd rva off_100029988 ; Import Name Table dd 0 ; Time stamp dd 0 ; Forwarder Chain dd rva aUser32_dll ; DLL Name dd rva PostThreadMessageW ; Import Address Table __IMPORT_DESCRIPTOR_iphlpapi dd rva off_100029D98 ; Import Name Table dd 0 ; Time stamp dd 0 ; Forwarder Chain dd rva aIphlpapi_dll ; DLL Name dd rva __imp_GetNumberOfInterfaces ; Import Address Table __IMPORT_DESCRIPTOR_COMCTL32 dd rva qword_1000294F0 ; Import Name Table dd 0 ; Time stamp dd 0 ; Forwarder Chain dd rva aComctl32_dll ; DLL Name dd rva InitCommonControls ; Import Address Table __IMPORT_DESCRIPTOR_SHLWAPI dd rva off_100029950 ; Import Name Table dd 0 ; Time stamp dd 0 ; Forwarder Chain dd rva aShlwapi_dll ; DLL Name dd rva StrStrIW ; Import Address Table __IMPORT_DESCRIPTOR_SHELL32 dd rva off_100029910 ; Import Name Table dd 0 ; Time stamp dd 0 ; Forwarder Chain dd rva aShell32_dll ; DLL Name dd rva Shell_NotifyIconW ; Import Address Table __IMPORT_DESCRIPTOR_Secur32 dd rva off_100029978 ; Import Name Table dd 0 ; Time stamp dd 0 ; Forwarder Chain dd rva aSecur32_dll ; DLL Name dd rva __imp_GetUserNameExW ; Import Address Table dq 3 dup(0) ; ; Import names for ADVAPI32.dll ; off_100029488 dq rva word_100029E08 dq rva word_100029E1A dq rva word_100029E2C dq rva word_100029E3A dq rva word_100029E4A dq rva word_100029E5E dq rva word_10002B222 dq rva word_10002B210 dq rva word_10002B23A dq rva word_10002B1FC dq rva word_10002B1EC dq rva word_10002B1D8 dq 0 ; ; Import names for COMCTL32.dll ; qword_1000294F0 dq 8000000000000011h dq rva word_10002B0AA dq rva word_10002B0D6 dq rva word_10002B0EE dq rva word_10002B0BE dq rva word_10002B094 dq 0 ; ; Import names for GDI32.dll ; off_100029528 dq rva word_10002A754 dq rva word_10002A742 dq rva word_10002A728 dq rva word_10002A71C dq rva word_10002A706 dq rva word_10002A6F6 dq rva word_10002A6EA dq rva word_10002A6DE dq rva word_10002A6D0 dq rva word_10002A6BC dq rva word_10002A6B2 dq rva word_10002A6A8 dq rva word_10002A69C dq rva word_10002A68C dq rva word_10002A67C dq rva word_10002A66A dq rva word_10002A65E dq rva word_10002A64A dq rva word_10002A63A dq rva word_10002A62A dq rva word_10002A76A dq 0 ; ; Import names for KERNEL32.dll ; off_1000295D8 dq rva word_10002A0CA dq rva word_10002A0D8 dq rva word_10002A0EA dq rva word_10002A0FE dq rva word_10002A118 dq rva word_10002A132 dq rva word_10002A13E dq rva word_10002A14A dq rva word_10002A15A dq rva word_10002A162 dq rva word_10002A176 dq rva word_10002A184 dq rva word_10002A194 dq rva word_10002A1AE dq rva word_10002A1C8 dq rva word_10002A1E4 dq rva word_10002A202 dq rva word_10002A216 dq rva word_10002A230 dq rva word_10002A244 dq rva word_10002A254 dq rva word_10002A266 dq rva word_10002A274 dq rva word_10002A288 dq rva word_10002A294 dq rva word_10002A2A4 dq rva word_10002A2BA dq rva word_10002A2C8 dq rva word_10002A2DE dq rva word_10002A2F8 dq rva word_10002A310 dq rva word_10002A32A dq rva word_10002A344 dq rva word_10002A356 dq rva word_10002A368 dq rva word_10002A37A dq rva word_10002A388 dq rva word_100029F46 dq rva word_10002A3B2 dq rva word_10002A3BE dq rva word_10002A3CE dq rva word_10002A3E2 dq rva word_10002A3EC dq rva word_10002A0B4 dq rva word_10002A408 dq rva word_10002A41E dq rva word_10002A42C dq rva word_10002A444 dq rva word_10002A45C dq rva word_10002A478 dq rva word_10002A482 dq rva word_10002A48E dq rva word_10002A49A dq rva word_10002A4AC dq rva word_10002A4BE dq rva word_10002A4D4 dq rva word_10002A4E6 dq rva word_10002A4F8 dq rva word_10002A508 dq rva word_10002A518 dq rva word_10002A528 dq rva word_10002A53A dq rva word_10002A54A dq rva word_10002A55A dq rva word_10002A56A dq rva word_10002B1B2 dq rva word_10002B1A2 dq rva word_100029F36 dq rva word_100029F24 dq rva word_100029F14 dq rva word_100029EFC dq rva word_100029EE8 dq rva word_100029ED4 dq rva word_10002A0A8 dq rva word_10002A094 dq rva word_10002A084 dq rva word_10002A078 dq rva word_10002A06C dq rva word_10002A05E dq rva word_10002A04C dq rva word_10002A02C dq rva word_10002A01C dq rva word_10002A006 dq rva word_100029FEE dq rva word_100029FDE dq rva word_100029FCE dq rva word_100029FBA dq rva word_100029FAA dq rva word_100029F94 dq rva word_100029F82 dq rva word_100029F70 dq rva word_10002A3FA dq rva word_100029F54 dq rva word_10002B18A dq rva word_100029EBE dq rva word_100029EB2 dq rva word_100029EA0 dq rva word_100029E94 dq rva word_100029E88 dq rva word_100029E7A dq rva word_10002A39A dq rva word_10002B1C6 dq 0 ; ; Import names for SHELL32.dll ; off_100029910 dq rva word_10002B14C dq 80000000000000F5h dq rva word_10002B13E dq 800000000000003Dh dq 8000000000000064h dq 80000000000000ECh dq 80000000000000F1h dq 0 ; ; Import names for SHLWAPI.dll ; off_100029950 dq rva word_10002B110 dq 80000000000001B5h dq 800000000000019Dh dq rva word_10002B11C dq 0 ; ; Import names for Secur32.dll ; off_100029978 dq rva word_10002B16C dq 0 ; ; Import names for USER32.dll ; off_100029988 dq rva word_10002A910 dq rva word_10002A926 dq rva word_10002A936 dq rva word_10002A94C dq rva word_10002A960 dq rva word_10002A974 dq rva word_10002A982 dq rva word_10002A98E dq rva word_10002A99A dq rva word_10002A9AC dq rva word_10002A9B8 dq rva word_10002A9C4 dq rva word_10002A9D2 dq rva word_10002A9DE dq rva word_10002A9F2 dq rva word_10002AA04 dq rva word_10002AA12 dq rva word_10002AA28 dq rva word_10002AA3A dq rva word_10002AA4E dq rva word_10002AA5C dq rva word_10002AA6A dq rva word_10002AA7E dq rva word_10002AA8C dq rva word_10002AA9A dq rva word_10002AAA6 dq rva word_10002AABA dq rva word_10002AACA dq rva word_10002AADE dq rva word_10002AAF0 dq rva word_10002AB04 dq rva word_10002AB14 dq rva word_10002AB20 dq rva word_10002AB2C dq rva word_10002AB42 dq rva word_10002AB4E dq rva word_10002AB5C dq rva word_10002AB70 dq rva word_10002AB7E dq rva word_10002AB8C dq rva word_10002AB9E dq rva word_10002ABB2 dq rva word_10002ABCC dq rva word_10002ABDA dq rva word_10002ABF6 dq rva word_10002AC12 dq rva word_10002AC28 dq rva word_10002AC36 dq rva word_10002AC4C dq rva word_10002AC5A dq rva word_10002AC72 dq rva word_10002AC86 dq rva word_10002AC9A dq rva word_10002ACAE dq rva word_10002ACBA dq rva word_10002ACCC dq rva word_10002ACD8 dq rva word_10002ACEA dq rva word_10002ACFA dq rva word_10002AD0E dq rva word_10002AD1E dq rva word_10002AD2A dq rva word_10002AD3C dq rva word_10002AD52 dq rva word_10002AD5E dq rva word_10002AD70 dq rva word_10002AD80 dq rva word_10002AD90 dq rva word_10002ADA0 dq rva word_10002ADB2 dq rva word_10002ADBE dq rva word_10002ADCE dq rva word_10002ADE2 dq rva word_10002ADF4 dq rva word_10002AE00 dq rva word_10002AE16 dq rva word_10002AE2C dq rva word_10002AE3E dq rva word_10002AE52 dq rva word_10002AE68 dq rva word_10002AE82 dq rva word_10002AE9C dq rva word_10002AEB2 dq rva word_10002AEC2 dq rva word_10002AED2 dq rva word_10002AEE6 dq rva word_10002AEF6 dq rva word_10002AF04 dq rva word_10002AF10 dq rva word_10002AF22 dq rva word_10002AF3A dq rva word_10002AF4A dq rva word_10002AF60 dq rva word_10002AF76 dq rva word_10002AF84 dq rva word_10002AF96 dq rva word_10002AFA8 dq rva word_10002AFB2 dq rva word_10002AFC2 dq rva word_10002AFCE dq rva word_10002AFE0 dq rva word_10002AFF8 dq rva word_10002B004 dq rva word_10002B012 dq rva word_10002A8FA dq rva word_10002A8EA dq rva word_10002A8D8 dq rva word_10002A8CA dq rva word_10002A8C0 dq rva word_10002A8B0 dq rva word_10002A8A0 dq rva word_10002A892 dq rva word_10002A882 dq rva word_10002A86C dq rva word_10002A862 dq rva word_10002A850 dq rva word_10002A842 dq rva word_10002A830 dq rva word_10002A820 dq rva word_10002A814 dq rva word_10002A80C dq rva word_10002A7F4 dq rva word_10002A7E2 dq rva word_10002A7D4 dq rva word_10002A7C2 dq rva word_10002A79E dq rva word_10002A78C dq rva word_10002A7B0 dq rva word_10002B278 dq 0 ; ; Import names for iphlpapi.dll ; off_100029D98 dq rva word_10002B06E dq rva word_10002B060 dq rva word_10002B03C dq rva word_10002B028 dq 0 ; ; Import names for ntdll.dll ; off_100029DC0 dq rva word_10002A602 dq rva word_10002A5CE dq rva word_10002A5BA dq rva word_10002B252 dq rva word_10002B26A dq rva word_10002A5A2 dq rva word_10002A58C dq rva word_10002A5EA dq 0 word_100029E08 dw 1D2h db 'RegCreateKeyExW',0 word_100029E1A dw 205h db 'RegSetValueExW',0 align 4 word_100029E2C dw 1CBh db 'RegCloseKey',0 word_100029E3A dw 1EDh db 'RegOpenKeyExW',0 word_100029E4A dw 1F8h db 'RegQueryValueExW',0 align 2 word_100029E5E dw 140h db 'IsValidSid',0 align 4 aAdvapi32_dll db 'ADVAPI32.dll',0 align 2 word_100029E7A dw 254h db 'LocalAlloc',0 align 8 word_100029E88 dw 258h db 'LocalFree',0 word_100029E94 dw 212h db 'HeapAlloc',0 word_100029EA0 dw 1A5h db 'GetProcessHeap',0 align 2 word_100029EB2 dw 218h db 'HeapFree',0 align 2 word_100029EBE dw 149h db 'GetCurrentThreadId',0 align 4 word_100029ED4 dw 365h db 'TerminateProcess',0 align 8 word_100029EE8 dw 145h db 'GetCurrentProcess',0 word_100029EFC dw 144h db 'GetCurrentDirectoryW',0 align 4 word_100029F14 dw 251h db 'LoadLibraryW',0 align 4 word_100029F24 dw 1A2h db 'GetProcAddress',0 align 2 word_100029F36 dw 71h db 'CreateThread',0 align 2 word_100029F46 dw 36h db 'CloseHandle',0 word_100029F54 dw 0C0h db 'ExpandEnvironmentStringsW',0 word_100029F70 dw 6Ch db 'CreateProcessW',0 align 2 word_100029F82 dw 177h db 'GetLocaleInfoW',0 align 4 word_100029F94 dw 397h db 'WaitForSingleObject',0 word_100029FAA dw 1ECh db 'GetVersionExW',0 word_100029FBA dw 338h db 'SetPriorityClass',0 align 2 word_100029FCE dw 64h db 'CreateMutexW',0 align 2 word_100029FDE dw 173h db 'GetLastError',0 align 2 word_100029FEE dw 296h db 'ProcessIdToSessionId',0 align 2 word_10002A006 dw 146h db 'GetCurrentProcessId',0 word_10002A01C dw 2BEh db 'ReleaseMutex',0 align 4 word_10002A02C dw 33Bh db 'SetProcessShutdownParameters',0 align 4 word_10002A04C dw 0F7h db 'FormatMessageW',0 align 2 word_10002A05E dw 21Ch db 'HeapReAlloc',0 word_10002A06C dw 21Eh db 'HeapSize',0 align 8 word_10002A078 dw 3D8h db 'lstrlenW',0 align 4 word_10002A084 dw 1E1h db 'GetTickCount',0 align 4 word_10002A094 dw 191h db 'GetNumberFormatW',0 align 8 word_10002A0A8 dw 3CFh db 'lstrcmpiW',0 word_10002A0B4 dw 271h db 'MultiByteToWideChar',0 word_10002A0CA dw 282h db 'OpenProcess',0 word_10002A0D8 dw 23Fh db 'IsWow64Process',0 align 2 word_10002A0EA dw 197h db 'GetPriorityClass',0 align 2 word_10002A0FE dw 1A3h db 'GetProcessAffinityMask',0 align 8 word_10002A118 dw 339h db 'SetProcessAffinityMask',0 align 2 word_10002A132 dw 3CCh db 'lstrcmpW',0 align 2 word_10002A13E dw 31Dh db 'SetEvent',0 align 2 word_10002A14A dw 53h db 'CreateEventW',0 align 2 word_10002A15A dw 35Dh db 'Sleep',0 word_10002A162 dw 11Ah db 'GetComputerNameW',0 align 2 word_10002A176 dw 0FBh db 'FreeLibrary',0 word_10002A184 dw 24Eh db 'LoadLibraryA',0 align 4 word_10002A194 dw 29Fh db 'QueryPerformanceCounter',0 word_10002A1AE dw 1CCh db 'GetSystemTimeAsFileTime',0 word_10002A1C8 dw 375h db 'UnhandledExceptionFilter',0 align 4 word_10002A1E4 dw 351h db 'SetUnhandledExceptionFilter',0 word_10002A202 dw 2DEh db 'RtlVirtualUnwind',0 align 2 word_10002A216 dw 2D7h db 'RtlLookupFunctionEntry',0 align 10h word_10002A230 dw 2D0h db 'RtlCaptureContext',0 word_10002A244 dw 1EBh db 'GetVersionExA',0 word_10002A254 dw 1BAh db 'GetStartupInfoW',0 word_10002A266 dw 0BCh db 'ExitProcess',0 word_10002A274 dw 181h db 'GetModuleHandleA',0 align 8 word_10002A288 dw 3ABh db 'WriteFile',0 word_10002A294 dw 1BBh db 'GetStdHandle',0 align 4 word_10002A2A4 dw 17Fh db 'GetModuleFileNameA',0 align 2 word_10002A2BA dw 2DDh db 'RtlUnwindEx',0 word_10002A2C8 dw 180h db 'GetModuleFileNameW',0 align 2 word_10002A2DE dw 0F9h db 'FreeEnvironmentStringsA',0 word_10002A2F8 dw 158h db 'GetEnvironmentStrings',0 word_10002A310 dw 0FAh db 'FreeEnvironmentStringsW',0 word_10002A32A dw 15Ah db 'GetEnvironmentStringsW',0 align 4 word_10002A344 dw 113h db 'GetCommandLineA',0 word_10002A356 dw 114h db 'GetCommandLineW',0 word_10002A368 dw 32Bh db 'SetHandleCount',0 align 2 word_10002A37A dw 169h db 'GetFileType',0 word_10002A388 dw 1B9h db 'GetStartupInfoA',0 word_10002A39A dw 84h db 'DeleteCriticalSection',0 word_10002A3B2 dw 36Ah db 'TlsAlloc',0 align 2 word_10002A3BE dw 32Fh db 'SetLastError',0 align 2 word_10002A3CE dw 148h db 'GetCurrentThread',0 align 2 word_10002A3E2 dw 36Bh db 'TlsFree',0 word_10002A3EC dw 36Dh db 'TlsSetValue',0 word_10002A3FA dw 36Ch db 'TlsGetValue',0 word_10002A408 dw 21Dh db 'HeapSetInformation',0 align 2 word_10002A41E dw 214h db 'HeapCreate',0 align 4 word_10002A42C dw 24Dh db 'LeaveCriticalSection',0 align 4 word_10002A444 dw 9Bh db 'EnterCriticalSection',0 align 4 word_10002A45C dw 225h db 'InitializeCriticalSection',0 word_10002A478 dw 100h db 'GetACP',0 align 2 word_10002A482 dw 195h db 'GetOEMCP',0 align 2 word_10002A48E dw 107h db 'GetCPInfo',0 word_10002A49A dw 323h db 'SetFilePointer',0 align 4 word_10002A4AC dw 1BCh db 'GetStringTypeA',0 align 2 word_10002A4BE dw 39Bh db 'WideCharToMultiByte',0 word_10002A4D4 dw 1BFh db 'GetStringTypeW',0 align 2 word_10002A4E6 dw 176h db 'GetLocaleInfoA',0 align 8 word_10002A4F8 dw 240h db 'LCMapStringA',0 align 8 word_10002A508 dw 241h db 'LCMapStringW',0 align 8 word_10002A518 dw 33Eh db 'SetStdHandle',0 align 8 word_10002A528 dw 38Dh db 'VirtualProtect',0 align 2 word_10002A53A dw 388h db 'VirtualAlloc',0 align 2 word_10002A54A dw 1C7h db 'GetSystemInfo',0 word_10002A55A dw 38Fh db 'VirtualQuery',0 align 2 word_10002A56A dw 0F1h db 'FlushFileBuffers',0 align 2 aKernel32_dll db 'KERNEL32.dll',0 align 4 word_10002A58C dw 103h db 'NtPowerInformation',0 align 2 word_10002A5A2 dw 0D8h db 'NtInitiatePowerAction',0 word_10002A5BA dw 17Ch db 'NtShutdownSystem',0 align 2 word_10002A5CE dw 12Eh db 'NtQuerySystemInformation',0 align 2 word_10002A5EA dw 2A9h db 'RtlInitUnicodeString',0 align 2 word_10002A602 dw 36Ch db 'RtlTimeToElapsedTimeFields',0 align 20h aNtdll_dll db 'ntdll.dll',0 word_10002A62A dw 16Ch db 'GetDeviceCaps',0 word_10002A63A dw 4Bh db 'CreateRectRgn',0 word_10002A64A dw 50h db 'CreateSolidBrush',0 align 2 word_10002A65E dw 47h db 'CreatePen',0 word_10002A66A dw 1A6h db 'GetStockObject',0 align 4 word_10002A67C dw 8Fh db 'DeleteObject',0 align 4 word_10002A68C dw 20Fh db 'SelectObject',0 align 4 word_10002A69C dw 1D2h db 'MoveToEx',0 align 8 word_10002A6A8 dw 1CEh db 'LineTo',0 align 2 word_10002A6B2 dw 12h db 'BitBlt',0 align 4 word_10002A6BC dw 165h db 'GetCurrentObject',0 align 10h word_10002A6D0 dw 198h db 'GetObjectW',0 align 2 word_10002A6DE dw 1F7h db 'Rectangle',0 word_10002A6EA dw 217h db 'SetBkMode',0 word_10002A6F6 dw 23Dh db 'SetTextColor',0 align 2 word_10002A706 dw 2Dh db 'CreateCompatibleDC',0 align 4 word_10002A71C dw 8Ch db 'DeleteDC',0 align 8 word_10002A728 dw 2Ch db 'CreateCompatibleBitmap',0 align 2 word_10002A742 dw 158h db 'GetCharWidth32W',0 word_10002A754 dw 3Dh db 'CreateFontIndirectW',0 word_10002A76A dw 1B6h db 'GetTextExtentPoint32W',0 aGdi32_dll db 'GDI32.dll',0 word_10002A78C dw 173h db 'GetWindowLongW',0 align 2 word_10002A79E dw 288h db 'SetWindowLongW',0 align 10h word_10002A7B0 dw 8Fh db 'DefWindowProcW',0 align 2 word_10002A7C2 dw 1Ch db 'CallWindowProcW',0 word_10002A7D4 dw 123h db 'GetKeyState',0 word_10002A7E2 dw 1EDh db 'MonitorFromRect',0 word_10002A7F4 dw 2A1h db 'SystemParametersInfoW',0 word_10002A80C dw 10Eh db 'GetDC',0 word_10002A814 dw 22Dh db 'ReleaseDC',0 word_10002A820 dw 0F9h db 'GetClassInfoW',0 word_10002A830 dw 21Ch db 'RegisterClassW',0 align 2 word_10002A842 dw 1CFh db 'LoadStringW',0 word_10002A850 dw 28Eh db 'SetWindowTextW',0 align 2 word_10002A862 dw 12Eh db 'GetMenu',0 word_10002A86C dw 3Ah db 'CheckMenuRadioItem',0 align 2 word_10002A882 dw 39h db 'CheckMenuItem',0 word_10002A892 dw 91h db 'DeleteMenu',0 align 20h word_10002A8A0 dw 101h db 'GetClientRect',0 word_10002A8B0 dw 28Ah db 'SetWindowPos',0 align 20h word_10002A8C0 dw 262h db 'SetMenu',0 word_10002A8CA dw 113h db 'GetDlgItem',0 align 8 word_10002A8D8 dw 1DDh db 'MapWindowPoints',0 word_10002A8EA dw 243h db 'SendMessageW',0 align 2 word_10002A8FA dw 119h db 'GetForegroundWindow',0 word_10002A910 dw 209h db 'PostThreadMessageW',0 align 2 word_10002A926 dw 178h db 'GetWindowRect',0 word_10002A936 dw 111h db 'GetDialogBaseUnits',0 align 4 word_10002A94C dw 163h db 'GetThreadDesktop',0 align 20h word_10002A960 dw 15Fh db 'GetSystemMetrics',0 align 4 word_10002A974 dw 15Ch db 'GetSysColor',0 word_10002A982 dw 1C2h db 'LoadIconW',0 word_10002A98E dw 27Fh db 'SetTimer',0 align 2 word_10002A99A dw 0C2h db 'EnableMenuItem',0 align 4 word_10002A9AC dw 0B2h db 'DrawEdge',0 align 8 word_10002A9B8 dw 1A9h db 'IsIconic',0 align 4 word_10002A9C4 dw 0Dh db 'BeginPaint',0 align 2 word_10002A9D2 dw 0C8h db 'EndPaint',0 align 2 word_10002A9DE dw 137h db 'GetMenuItemInfoW',0 align 2 word_10002A9F2 dw 15Ah db 'GetShellWindow',0 align 4 word_10002AA04 dw 299h db 'ShowWindow',0 align 2 word_10002AA12 dw 0Ch db 'BeginDeferWindowPos',0 word_10002AA28 dw 90h db 'DeferWindowPos',0 align 2 word_10002AA3A dw 0C5h db 'EndDeferWindowPos',0 word_10002AA4E dw 1C4h db 'LoadImageW',0 align 4 word_10002AA5C dw 96h db 'DestroyIcon',0 word_10002AA6A dw 134h db 'GetMenuItemCount',0 align 2 word_10002AA7E dw 22Eh db 'RemoveMenu',0 align 4 word_10002AA8C dw 97h db 'DestroyMenu',0 word_10002AA9A dw 1CCh db 'LoadMenuW',0 word_10002AAA6 dw 268h db 'SetMenuItemInfoW',0 align 2 word_10002AABA dw 0E1h db 'ExitWindowsEx',0 word_10002AACA dw 0F2h db 'GetAsyncKeyState',0 align 2 word_10002AADE dw 1D3h db 'LockWorkStation',0 word_10002AAF0 dw 110h db 'GetDesktopWindow',0 align 4 word_10002AB04 dw 99h db 'DestroyWindow',0 word_10002AB14 dw 1B8h db 'KillTimer',0 word_10002AB20 dw 1FCh db 'OpenIcon',0 align 4 word_10002AB2C dw 25Ch db 'SetForegroundWindow',0 word_10002AB42 dw 1B6h db 'IsZoomed',0 align 2 word_10002AB4E dw 15Bh db 'GetSubMenu',0 align 4 word_10002AB5C dw 287h db 'SetWindowLongPtrW',0 word_10002AB70 dw 1EFh db 'MoveWindow',0 align 2 word_10002AB7E dw 1E1h db 'MessageBeep',0 word_10002AB8C dw 207h db 'PostQuitMessage',0 word_10002AB9E dw 1BAh db 'LoadAcceleratorsW',0 word_10002ABB2 dw 22Bh db 'RegisterWindowMessageW',0 align 4 word_10002ABCC dw 0E6h db 'FindWindowW',0 word_10002ABDA dw 17Fh db 'GetWindowThreadProcessId',0 align 2 word_10002ABF6 dw 5 db 'AllowSetForegroundWindow',0 align 2 word_10002AC12 dw 242h db 'SendMessageTimeoutW',0 word_10002AC28 dw 1E9h db 'MessageBoxW',0 word_10002AC36 dw 56h db 'CreateDialogParamW',0 align 4 word_10002AC4C dw 140h db 'GetMessageW',0 word_10002AC5A dw 2AFh db 'TranslateAcceleratorW',0 word_10002AC72 dw 1A5h db 'IsDialogMessageW',0 align 2 word_10002AC86 dw 2B1h db 'TranslateMessage',0 align 2 word_10002AC9A dw 0A2h db 'DispatchMessageW',0 align 2 word_10002ACAE dw 0E2h db 'FillRect',0 align 2 word_10002ACBA dw 61h db 'CreateWindowExW',0 word_10002ACCC dw 0BFh db 'DrawTextW',0 word_10002ACD8 dw 196h db 'InvalidateRect',0 align 2 word_10002ACEA dw 2C3h db 'UpdateWindow',0 align 2 word_10002ACFA dw 172h db 'GetWindowLongPtrW',0 word_10002AD0E dw 112h db 'GetDlgCtrlID',0 align 2 word_10002AD1E dw 25Bh db 'SetFocus',0 align 2 word_10002AD2A dw 38h db 'CheckDlgButton',0 align 4 word_10002AD3C dw 1A6h db 'IsDlgButtonChecked',0 align 2 word_10002AD52 dw 0C6h db 'EndDialog',0 word_10002AD5E dw 9Fh db 'DialogBoxParamW',0 word_10002AD70 dw 273h db 'SetScrollInfo',0 word_10002AD80 dw 157h db 'GetScrollInfo',0 word_10002AD90 dw 274h db 'SetScrollPos',0 align 20h word_10002ADA0 dw 11Bh db 'GetGuiResources',0 word_10002ADB2 dw 1B0h db 'IsWindow',0 align 2 word_10002ADBE dw 0C4h db 'EnableWindow',0 align 2 word_10002ADCE dw 2ACh db 'TrackPopupMenuEx',0 align 2 word_10002ADE2 dw 17Eh db 'GetWindowTextW',0 align 4 word_10002ADF4 dw 118h db 'GetFocus',0 align 20h word_10002AE00 dw 264h db 'SetMenuDefaultItem',0 align 2 word_10002AE16 dw 0DDh db 'EnumWindowStationsW',0 word_10002AE2C dw 1A8h db 'IsHungAppWindow',0 word_10002AE3E dw 0FCh db 'GetClassLongPtrW',0 align 2 word_10002AE52 dw 1FFh db 'OpenWindowStationW',0 align 8 word_10002AE68 dw 14Ah db 'GetProcessWindowStation',0 word_10002AE82 dw 26Dh db 'SetProcessWindowStation',0 word_10002AE9C dw 45h db 'CloseWindowStation',0 align 2 word_10002AEB2 dw 0CFh db 'EnumDesktopsW',0 word_10002AEC2 dw 1FBh db 'OpenDesktopW',0 align 2 word_10002AED2 dw 27Eh db 'SetThreadDesktop',0 align 2 word_10002AEE6 dw 43h db 'CloseDesktop',0 align 2 word_10002AEF6 dw 0DEh db 'EnumWindows',0 word_10002AF04 dw 16Ch db 'GetWindow',0 word_10002AF10 dw 1B4h db 'IsWindowVisible',0 word_10002AF22 dw 194h db 'InternalGetWindowText',0 word_10002AF3A dw 206h db 'PostMessageW',0 align 2 word_10002AF4A dw 12Ah db 'GetLastActivePopup',0 align 20h word_10002AF60 dw 29Fh db 'SwitchToThisWindow',0 align 2 word_10002AF76 dw 2A5h db 'TileWindows',0 word_10002AF84 dw 1Eh db 'CascadeWindows',0 align 2 word_10002AF96 dw 29Ah db 'ShowWindowAsync',0 word_10002AFA8 dw 0C9h db 'EndTask',0 word_10002AFB2 dw 10Dh db 'GetCursorPos',0 align 2 word_10002AFC2 dw 147h db 'GetParent',0 word_10002AFCE dw 259h db 'SetDlgItemTextW',0 word_10002AFE0 dw 17Dh db 'GetWindowTextLengthW',0 align 8 word_10002AFF8 dw 252h db 'SetCursor',0 word_10002B004 dw 1C0h db 'LoadCursorW',0 word_10002B012 dw 271h db 'SetRect',0 aUser32_dll db 'USER32.dll',0 align 8 word_10002B028 dw 2Eh db 'GetInterfaceInfo',0 align 4 word_10002B03C dw 6Eh db 'NhGetInterfaceNameFromDeviceGuid',0 align 20h word_10002B060 dw 29h db 'GetIfEntry',0 align 2 word_10002B06E dw 3Bh db 'GetNumberOfInterfaces',0 aIphlpapi_dll db 'iphlpapi.dll',0 align 4 word_10002B094 dw 8 db 'CreateStatusWindowW',0 word_10002B0AA dw 51h db 'ImageList_Remove',0 align 2 word_10002B0BE dw 53h db 'ImageList_ReplaceIcon',0 word_10002B0D6 dw 58h db 'ImageList_SetIconSize',0 word_10002B0EE dw 38h db 'ImageList_Create',0 align 2 aComctl32_dll db 'COMCTL32.dll',0 align 10h word_10002B110 dw 111h db 'StrStrIW',0 align 4 word_10002B11C dw 0F7h db 'StrFormatByteSizeW',0 align 2 aShlwapi_dll db 'SHLWAPI.dll',0 word_10002B13E dw 103h db 'ShellAboutW',0 word_10002B14C dw 114h db 'Shell_NotifyIconW',0 aShell32_dll db 'SHELL32.dll',0 word_10002B16C dw 19h db 'GetUserNameExW',0 align 2 aSecur32_dll db 'Secur32.dll',0 word_10002B18A dw 82h db 'DelayLoadFailureHook',0 align 2 word_10002B1A2 dw 232h db 'IsBadWritePtr',0 word_10002B1B2 dw 184h db 'GetModuleHandleW',0 align 2 word_10002B1C6 dw 8Dh db 'DeviceIoControl',0 word_10002B1D8 dw 1F7h db 'RegQueryValueExA',0 align 4 word_10002B1EC dw 1ECh db 'RegOpenKeyExA',0 word_10002B1FC dw 1ACh db 'OpenProcessToken',0 align 10h word_10002B210 dw 1B1h db 'OpenThreadToken',0 word_10002B222 dw 1Ch db 'AdjustTokenPrivileges',0 word_10002B23A dw 150h db 'LookupPrivilegeValueW',0 word_10002B252 dw 2FFh db 'RtlNtStatusToDosError',0 word_10002B26A dw 0F1h db 'NtOpenFile',0 align 8 word_10002B278 dw 170h db 'GetWindowLongA',0 align 10h dq 2Eh dup(0) dq 180h dup(?) _text ends ; Section 2. (virtual address 0002C000) ; Virtual size : 00005678 ( 22136.) ; Section size in file : 00001A00 ( 6656.) ; Offset to raw data for section: 0002A800 ; Flags C0000040: Data Readable Writable ; Alignment : default ; Segment type: Pure data ; Segment permissions: Read/Write _data segment para public 'DATA' use64 assume cs:_data ;org 10002C000h unk_10002C000 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0C0h ; L db 0BDh ; - db 1 db 0 db 1 db 0 db 0 db 0 db 60h ; ` db 59h ; Y db 2 db 0 db 1 db 0 db 0 db 0 db 80h ; À db 59h ; Y db 2 db 0 db 1 db 0 db 0 db 0 unk_10002C020 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 unk_10002C028 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0Dh db 2 db 0 db 1 db 0 db 0 db 0 db 50h ; P db 13h db 2 db 0 db 1 db 0 db 0 db 0 unk_10002C040 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 unk_10002C048 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 50h ; P db 14h db 2 db 0 db 1 db 0 db 0 db 0 unk_10002C058 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 unk_10002C060 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 unk_10002C068 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 qword_10002C170 dq 0FFFFD466D2205DCDh qword_10002C178 dq 2B992DDFA232h off_10002C180 dq offset _exit dword_10002C188 dd 2 align 10h unk_10002C190 db 2 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0E8h ; ø db 1Ch db 0 db 0 db 1 db 0 db 0 db 0 db 8 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0B8h ; ¬ db 1Ch db 0 db 0 db 1 db 0 db 0 db 0 db 9 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 88h ; È db 1Ch db 0 db 0 db 1 db 0 db 0 db 0 db 0Ah db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0F0h ; ¨ db 1Bh db 0 db 0 db 1 db 0 db 0 db 0 db 10h db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0B8h ; ¬ db 1Bh db 0 db 0 db 1 db 0 db 0 db 0 db 11h db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 88h ; È db 1Bh db 0 db 0 db 1 db 0 db 0 db 0 db 12h db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 60h ; ` db 1Bh db 0 db 0 db 1 db 0 db 0 db 0 db 13h db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 30h ; 0 db 1Bh db 0 db 0 db 1 db 0 db 0 db 0 db 18h db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0F8h ; ° db 1Ah db 0 db 0 db 1 db 0 db 0 db 0 db 19h db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0D0h ; ¦ db 1Ah db 0 db 0 db 1 db 0 db 0 db 0 db 1Ah db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 98h ; Ø db 1Ah db 0 db 0 db 1 db 0 db 0 db 0 db 1Bh db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 60h ; ` db 1Ah db 0 db 0 db 1 db 0 db 0 db 0 db 1Ch db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 38h ; 8 db 1Ah db 0 db 0 db 1 db 0 db 0 db 0 db 1Eh db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 18h db 1Ah db 0 db 0 db 1 db 0 db 0 db 0 db 78h ; x db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 8 db 1Ah db 0 db 0 db 1 db 0 db 0 db 0 db 79h ; y db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0F8h ; ° db 19h db 0 db 0 db 1 db 0 db 0 db 0 db 7Ah ; z db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0E8h ; ø db 19h db 0 db 0 db 1 db 0 db 0 db 0 db 0FCh ; ¹ db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0E0h ; ð db 19h db 0 db 0 db 1 db 0 db 0 db 0 db 0FFh db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0D0h ; ¦ db 19h db 0 db 0 db 1 db 0 db 0 db 0 unk_10002C2C0 db 5 db 0 db 0 db 0C0h ; L db 0Bh db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 1Dh db 0 db 0 db 0C0h ; L db 4 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 96h ; Ö db 0 db 0 db 0C0h ; L db 4 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 8Dh ; Í db 0 db 0 db 0C0h ; L db 8 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 8Eh ; Î db 0 db 0 db 0C0h ; L db 8 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 8Fh ; Ï db 0 db 0 db 0C0h ; L db 8 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 90h ; Ð db 0 db 0 db 0C0h ; L db 8 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 91h ; Ñ db 0 db 0 db 0C0h ; L db 8 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 92h ; Ò db 0 db 0 db 0C0h ; L db 8 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 93h ; Ó db 0 db 0 db 0C0h ; L db 8 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 dword_10002C360 dd 3 dword_10002C364 dd 7 db 0A0h ; à db 0 db 0 db 0 dword_10002C36C dd 0Ah unk_10002C370 db 0FFh db 0FFh db 0FFh db 0FFh db 0FFh db 0FFh db 0FFh db 0FFh db 80h ; À db 0Ah db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 dword_10002C3A8 dd 0FFFFFFFFh db 10h db 0 db 0 db 0 unk_10002C3B0 db 1 db 0 db 0 db 0 db 16h db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 3 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 4 db 0 db 0 db 0 db 18h db 0 db 0 db 0 db 5 db 0 db 0 db 0 db 0Dh db 0 db 0 db 0 db 6 db 0 db 0 db 0 db 9 db 0 db 0 db 0 db 7 db 0 db 0 db 0 db 0Ch db 0 db 0 db 0 db 8 db 0 db 0 db 0 db 0Ch db 0 db 0 db 0 db 9 db 0 db 0 db 0 db 0Ch db 0 db 0 db 0 db 0Ah db 0 db 0 db 0 db 7 db 0 db 0 db 0 db 0Bh db 0 db 0 db 0 db 8 db 0 db 0 db 0 db 0Ch db 0 db 0 db 0 db 16h db 0 db 0 db 0 db 0Dh db 0 db 0 db 0 db 16h db 0 db 0 db 0 db 0Fh db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 10h db 0 db 0 db 0 db 0Dh db 0 db 0 db 0 db 11h db 0 db 0 db 0 db 12h db 0 db 0 db 0 db 12h db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 21h ; ! db 0 db 0 db 0 db 0Dh db 0 db 0 db 0 db 35h ; 5 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 41h ; A db 0 db 0 db 0 db 0Dh db 0 db 0 db 0 db 43h ; C db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 50h ; P db 0 db 0 db 0 db 11h db 0 db 0 db 0 db 52h ; R db 0 db 0 db 0 db 0Dh db 0 db 0 db 0 db 53h ; S db 0 db 0 db 0 db 0Dh db 0 db 0 db 0 db 57h ; W db 0 db 0 db 0 db 16h db 0 db 0 db 0 db 59h ; Y db 0 db 0 db 0 db 0Bh db 0 db 0 db 0 db 6Ch ; l db 0 db 0 db 0 db 0Dh db 0 db 0 db 0 db 6Dh ; m db 0 db 0 db 0 db 20h db 0 db 0 db 0 db 70h ; p db 0 db 0 db 0 db 1Ch db 0 db 0 db 0 db 72h ; r db 0 db 0 db 0 db 9 db 0 db 0 db 0 db 6 db 0 db 0 db 0 db 16h db 0 db 0 db 0 db 80h ; À db 0 db 0 db 0 db 0Ah db 0 db 0 db 0 db 81h ; Á db 0 db 0 db 0 db 0Ah db 0 db 0 db 0 db 82h ; Â db 0 db 0 db 0 db 9 db 0 db 0 db 0 db 83h ; Ã db 0 db 0 db 0 db 16h db 0 db 0 db 0 db 84h ; Ä db 0 db 0 db 0 db 0Dh db 0 db 0 db 0 db 91h ; Ñ db 0 db 0 db 0 db 29h ; ) db 0 db 0 db 0 db 9Eh ; Þ db 0 db 0 db 0 db 0Dh db 0 db 0 db 0 db 0A1h ; á db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 0A4h ; ä db 0 db 0 db 0 db 0Bh db 0 db 0 db 0 db 0A7h ; ç db 0 db 0 db 0 db 0Dh db 0 db 0 db 0 db 0B7h ; ¬ db 0 db 0 db 0 db 11h db 0 db 0 db 0 db 0CEh ; + db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 0D7h ; + db 0 db 0 db 0 db 0Bh db 0 db 0 db 0 db 18h db 7 db 0 db 0 db 0Ch db 0 db 0 db 0 unk_10002C518 db 0Ch db 0 db 0 db 0 unk_10002C51C db 8 db 0 db 0 db 0 db 43h ; C db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 unk_10002C530 db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0F0h ; ¨ db 0CFh ; ¦ db 2 db 0 db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0D0h ; ¦ db 27h ; ' db 0 db 0 db 1 db 0 db 0 db 0 db 70h ; p db 0CEh ; + db 2 db 0 db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 off_10002C5B0 dq offset unk_10002C530 db 0 db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 43h ; C db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 43h ; C db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 unk_10002C700 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 ; LPCRITICAL_SECTION lpCriticalSection lpCriticalSection dq 0 db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 unk_10002C940 db 1 db 2 db 4 db 8 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 unk_10002C950 db 0A4h ; ä db 3 db 0 db 0 db 60h ; ` db 82h ; Â db 79h ; y db 82h ; Â db 21h ; ! db 0 db 0 db 0 db 0 db 0 db 0 db 0 unk_10002C960 db 0A6h ; æ db 0DFh ; - db 0 db 0 db 0 db 0 db 0 db 0 db 0A1h ; á db 0A5h ; å db 0 db 0 db 0 db 0 db 0 db 0 db 81h ; Á db 9Fh ; ß db 0E0h ; ð db 0FCh ; ¹ db 0 db 0 db 0 db 0 db 40h ; @ db 7Eh ; ~ db 80h ; À db 0FCh ; ¹ db 0 db 0 db 0 db 0 db 0A8h ; è db 3 db 0 db 0 db 0C1h ; + db 0A3h ; ã db 0DAh ; - db 0A3h ; ã db 20h db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 81h ; Á db 0FEh ; ¦ db 0 db 0 db 0 db 0 db 0 db 0 db 40h ; @ db 0FEh ; ¦ db 0 db 0 db 0 db 0 db 0 db 0 db 0B5h ; ¦ db 3 db 0 db 0 db 0C1h ; + db 0A3h ; ã db 0DAh ; - db 0A3h ; ã db 20h db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 81h ; Á db 0FEh ; ¦ db 0 db 0 db 0 db 0 db 0 db 0 db 41h ; A db 0FEh ; ¦ db 0 db 0 db 0 db 0 db 0 db 0 db 0B6h ; ¦ db 3 db 0 db 0 db 0CFh ; ¦ db 0A2h ; â db 0E4h ; ô db 0A2h ; â db 1Ah db 0 db 0E5h ; õ db 0A2h ; â db 0E8h ; ø db 0A2h ; â db 5Bh ; [ db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 81h ; Á db 0FEh ; ¦ db 0 db 0 db 0 db 0 db 0 db 0 db 40h ; @ db 7Eh ; ~ db 0A1h ; á db 0FEh ; ¦ db 0 db 0 db 0 db 0 db 51h ; Q db 5 db 0 db 0 db 51h ; Q db 0DAh ; - db 5Eh ; ^ db 0DAh ; - db 20h db 0 db 5Fh ; _ db 0DAh ; - db 6Ah ; j db 0DAh ; - db 32h ; 2 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 81h ; Á db 0D3h ; L db 0D8h ; + db 0DEh ; ¦ db 0E0h ; ð db 0F9h ; • db 0 db 0 db 31h ; 1 db 7Eh ; ~ db 81h ; Á db 0FEh ; ¦ db 0 db 0 db 0 db 0 unk_10002CA40 db 0E0h ; ð db 1 db 3 db 0 db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0E0h ; ð db 1 db 3 db 0 db 1 db 0 db 0 db 0 db 1 db 1 db 0 db 0 unk_10002CA5C db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 10h db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 unk_10002CA70 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 unk_10002CAA0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 unk_10002CDD0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 off_10002CE00 dq offset _fptrap off_10002CE08 dq offset _fptrap db 50h ; P db 35h ; 5 db 2 db 0 db 1 db 0 db 0 db 0 off_10002CE18 dq offset _fptrap db 50h ; P db 35h ; 5 db 2 db 0 db 1 db 0 db 0 db 0 db 50h ; P db 35h ; 5 db 2 db 0 db 1 db 0 db 0 db 0 off_10002CE30 dq offset aNull_0 ; "(null)" off_10002CE38 dq offset aNull ; "(null)" off_10002CE40 dq offset asc_100002170 ; " ((((( H" off_10002CE48 dq offset word_100002372 dword_10002CE50 dd 1 db 2Eh ; . db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 70h ; p db 0CEh ; + db 2 db 0 db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0C8h ; L db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 0C4h ; - db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 0C0h ; L db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 0BCh ; - db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 0B8h ; ¬ db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 0B4h ; + db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 0B0h ; - db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 0A8h ; è db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 0A0h ; à db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 98h ; Ø db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 88h ; È db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 78h ; x db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 6Ch ; l db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 60h ; ` db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 5Ch ; \ db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 58h ; X db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 54h ; T db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 50h ; P db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 4Ch ; L db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 48h ; H db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 44h ; D db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 40h ; @ db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 3Ch ; < db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 38h ; 8 db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 34h ; 4 db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 30h ; 0 db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 28h ; ( db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 18h db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 0Ch db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 4 db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 4Ch ; L db 26h ; & db 0 db 0 db 1 db 0 db 0 db 0 db 0FCh ; ¹ db 25h ; % db 0 db 0 db 1 db 0 db 0 db 0 db 0F4h ; ¯ db 25h ; % db 0 db 0 db 1 db 0 db 0 db 0 db 0ECh ; ü db 25h ; % db 0 db 0 db 1 db 0 db 0 db 0 db 0E0h ; ð db 25h ; % db 0 db 0 db 1 db 0 db 0 db 0 db 0D8h ; + db 25h ; % db 0 db 0 db 1 db 0 db 0 db 0 db 0C8h ; L db 25h ; % db 0 db 0 db 1 db 0 db 0 db 0 db 0B8h ; ¬ db 25h ; % db 0 db 0 db 1 db 0 db 0 db 0 db 0B0h ; - db 25h ; % db 0 db 0 db 1 db 0 db 0 db 0 db 0ACh ; ì db 25h ; % db 0 db 0 db 1 db 0 db 0 db 0 db 0A0h ; à db 25h ; % db 0 db 0 db 1 db 0 db 0 db 0 db 88h ; È db 25h ; % db 0 db 0 db 1 db 0 db 0 db 0 db 78h ; x db 25h ; % db 0 db 0 db 1 db 0 db 0 db 0 db 9 db 4 db 0 db 0 db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 unk_10002CFE0 db 2Eh ; . db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 off_10002CFF0 dq offset unk_10002CFE0 off_10002CFF8 dq offset unk_10002E77C off_10002D000 dq offset unk_10002E77C off_10002D008 dq offset unk_10002E77C off_10002D010 dq offset unk_10002E77C off_10002D018 dq offset unk_10002E77C off_10002D020 dq offset unk_10002E77C off_10002D028 dq offset unk_10002E77C off_10002D030 dq offset unk_10002E77C off_10002D038 dq offset unk_10002E77C db 7Fh ; db 7Fh ; db 7Fh ; db 7Fh ; db 7Fh ; db 7Fh ; db 7Fh ; db 7Fh ; off_10002D048 dq offset off_10002CFF0 db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 80h ; À db 70h ; p db 0 db 0 db 1 db 0 db 0 db 0 db 0F0h ; ¨ db 0F1h ; ¸ db 0FFh db 0FFh db 0 db 0 db 0 db 0 db 50h ; P db 53h ; S db 54h ; T db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 50h ; P db 44h ; D db 54h ; T db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 70h ; p db 0D0h ; ¦ db 2 db 0 db 1 db 0 db 0 db 0 db 0B0h ; - db 0D0h ; ¦ db 2 db 0 db 1 db 0 db 0 db 0 db 0FFh db 0FFh db 0FFh db 0FFh db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0FFh db 0FFh db 0FFh db 0FFh db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0FFh db 0FFh db 0FFh db 0FFh db 1Eh db 0 db 0 db 0 db 3Bh ; ; db 0 db 0 db 0 db 5Ah ; Z db 0 db 0 db 0 db 78h ; x db 0 db 0 db 0 db 97h ; × db 0 db 0 db 0 db 0B5h ; ¦ db 0 db 0 db 0 db 0D4h ; L db 0 db 0 db 0 db 0F3h ; º db 0 db 0 db 0 db 11h db 1 db 0 db 0 db 30h ; 0 db 1 db 0 db 0 db 4Eh ; N db 1 db 0 db 0 db 6Dh ; m db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0FFh db 0FFh db 0FFh db 0FFh db 1Eh db 0 db 0 db 0 db 3Ah ; : db 0 db 0 db 0 db 59h ; Y db 0 db 0 db 0 db 77h ; w db 0 db 0 db 0 db 96h ; Ö db 0 db 0 db 0 db 0B4h ; + db 0 db 0 db 0 db 0D3h ; L db 0 db 0 db 0 db 0F2h ; ª db 0 db 0 db 0 db 10h db 1 db 0 db 0 db 2Fh ; / db 1 db 0 db 0 db 4Dh ; M db 1 db 0 db 0 db 6Ch ; l db 1 db 0 db 0 db 0 db 0 db 0 db 0 qword_10002D190 dq 0FFFFFFFFFFFFFFFFh qword_10002D198 dq 0FFFFFFFFFFFFFFFFh dword_10002D1A0 dd 0FFFFFFFFh dword_10002D1A4 dd 0FFFFFFFFh unk_10002D1A8 db 7 db 1 db 1 db 0 db 4 db 1 db 1 db 80h ; À db 14h db 1 db 1 db 80h ; À db 1 db 1 db 2 db 0 db 2 db 1 db 2 db 0 db 3 db 1 db 2 db 0 db 4 db 1 db 2 db 0 db 8 db 2 db 2 db 80h ; À db 1 db 2 db 2 db 80h ; À db 7 db 2 db 2 db 80h ; À db 0FFh db 0FFh db 0FFh db 80h ; À db 13h db 2 db 2 db 80h ; À db 14h db 2 db 2 db 80h ; À db 15h db 2 db 2 db 80h ; À db 2 db 2 db 1 db 80h ; À db 0Fh db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 dword_10002D1F0 dd 1 align 20h off_10002D200 dq offset a0 ; "0" unk_10002D208 db 30h ; 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 10h db 3Eh ; > db 0 db 0 db 1 db 0 db 0 db 0 db 31h ; 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0Ch db 3Eh ; > db 0 db 0 db 1 db 0 db 0 db 0 db 32h ; 2 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 8 db 3Eh ; > db 0 db 0 db 1 db 0 db 0 db 0 db 33h ; 3 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 4 db 3Eh ; > db 0 db 0 db 1 db 0 db 0 db 0 db 34h ; 4 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 3Eh ; > db 0 db 0 db 1 db 0 db 0 db 0 db 35h ; 5 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0FCh ; ¹ db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 36h ; 6 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0F8h ; ° db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 37h ; 7 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0F4h ; ¯ db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 38h ; 8 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0F0h ; ¨ db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 39h ; 9 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0ECh ; ü db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 41h ; A db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0E8h ; ø db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 42h ; B db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0E4h ; ô db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 43h ; C db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0E0h ; ð db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 44h ; D db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0DCh ; - db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 45h ; E db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0D8h ; + db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 46h ; F db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0D4h ; L db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 47h ; G db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0D0h ; ¦ db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 48h ; H db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0CCh ; ¦ db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 49h ; I db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0C8h ; L db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 4Ah ; J db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0C4h ; - db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 4Bh ; K db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0C0h ; L db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 4Ch ; L db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0BCh ; - db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 4Dh ; M db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0B8h ; ¬ db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 4Eh ; N db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0B4h ; + db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 4Fh ; O db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0B0h ; - db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 50h ; P db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0ACh ; ì db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 51h ; Q db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0A8h ; è db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 52h ; R db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0A4h ; ä db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 53h ; S db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0A0h ; à db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 54h ; T db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 9Ch ; Ü db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 55h ; U db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 98h ; Ø db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 56h ; V db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 94h ; Ô db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 57h ; W db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 90h ; Ð db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 58h ; X db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 8Ch ; Ì db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 59h ; Y db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 88h ; È db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 5Ah ; Z db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 70h ; p db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 8 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 58h ; X db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 2Eh ; . db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 48h ; H db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 28h ; ( db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 38h ; 8 db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 23h ; # db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 28h ; ( db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 0Dh db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 18h db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 71h ; q db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 8 db 3Dh ; = db 0 db 0 db 1 db 0 db 0 db 0 db 72h ; r db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0F8h ; ° db 3Ch ; < db 0 db 0 db 1 db 0 db 0 db 0 db 73h ; s db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0E8h ; ø db 3Ch ; < db 0 db 0 db 1 db 0 db 0 db 0 db 74h ; t db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0D8h ; + db 3Ch ; < db 0 db 0 db 1 db 0 db 0 db 0 db 75h ; u db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0C8h ; L db 3Ch ; < db 0 db 0 db 1 db 0 db 0 db 0 db 76h ; v db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0B8h ; ¬ db 3Ch ; < db 0 db 0 db 1 db 0 db 0 db 0 db 77h ; w db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0A8h ; è db 3Ch ; < db 0 db 0 db 1 db 0 db 0 db 0 db 78h ; x db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 98h ; Ø db 3Ch ; < db 0 db 0 db 1 db 0 db 0 db 0 db 79h ; y db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 88h ; È db 3Ch ; < db 0 db 0 db 1 db 0 db 0 db 0 db 7Ah ; z db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 78h ; x db 3Ch ; < db 0 db 0 db 1 db 0 db 0 db 0 db 7Bh ; { db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 68h ; h db 3Ch ; < db 0 db 0 db 1 db 0 db 0 db 0 db 24h ; $ db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 50h ; P db 3Ch ; < db 0 db 0 db 1 db 0 db 0 db 0 db 2Dh ; - db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 40h ; @ db 3Ch ; < db 0 db 0 db 1 db 0 db 0 db 0 db 25h ; % db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 38h ; 8 db 3Ch ; < db 0 db 0 db 1 db 0 db 0 db 0 db 6Dh ; m db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 20h db 3Ch ; < db 0 db 0 db 1 db 0 db 0 db 0 db 22h ; " db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 8 db 3Ch ; < db 0 db 0 db 1 db 0 db 0 db 0 db 21h ; ! db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 3Ch ; < db 0 db 0 db 1 db 0 db 0 db 0 db 6Bh ; k db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0E8h ; ø db 3Bh ; ; db 0 db 0 db 1 db 0 db 0 db 0 db 2Ch ; , db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0D8h ; + db 3Bh ; ; db 0 db 0 db 1 db 0 db 0 db 0 db 27h ; ' db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0C0h ; L db 3Bh ; ; db 0 db 0 db 1 db 0 db 0 db 0 db 20h db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0B8h ; ¬ db 3Bh ; ; db 0 db 0 db 1 db 0 db 0 db 0 db 6Ah ; j db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0A8h ; è db 3Bh ; ; db 0 db 0 db 1 db 0 db 0 db 0 db 9 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 98h ; Ø db 3Bh ; ; db 0 db 0 db 1 db 0 db 0 db 0 db 26h ; & db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 78h ; x db 3Bh ; ; db 0 db 0 db 1 db 0 db 0 db 0 db 50h ; P db 3Bh ; ; db 0 db 0 db 1 db 0 db 0 db 0 dword_10002D630 dd 0C1Ch dword_10002D634 dd 434h unk_10002D638 db 0 db 0 db 0 db 0 unk_10002D63C db 78h ; x db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 1Dh db 0Ch db 0 db 0 db 35h ; 5 db 4 db 0 db 0 db 1 db 0 db 0 db 0 db 23h ; # db 0 db 0 db 0 unk_10002D654 db 1 db 0 db 0 db 0 db 1Eh db 0Ch db 0 db 0 db 36h ; 6 db 4 db 0 db 0 db 0 db 0 db 0 db 0 db 5Dh ; ] db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 1Fh db 0Ch db 0 db 0 db 39h ; 9 db 4 db 0 db 0 db 0 db 0 db 0 db 0 db 64h ; d db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 20h db 0Ch db 0 db 0 db 37h ; 7 db 4 db 0 db 0 db 0 db 0 db 0 db 0 db 78h ; x db 0 db 0 db 0 db 1 db 0 db 0 db 0 dword_10002D694 dd 1 unk_10002D698 db 0 db 0 db 0 db 0 db 0FAh ; · db 0 db 0 db 0 db 0 db 0 db 0 db 0 unk_10002D6A4 db 61h ; a db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 46h ; F db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 46h ; F db 0 db 0 db 0 dword_10002D6B8 dd 0 db 1 db 0 db 0 db 0 db 0FFh db 0FFh db 0FFh db 0FFh db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 dword_10002D6CC dd 0FFFFFFFFh dword_10002D6D0 dd 1 dword_10002D6D4 dd 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 6Bh ; k db 0 db 0 db 0 db 1 db 0 db 0 db 0 unk_10002D6EC db 32h ; 2 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 6Bh ; k db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 46h ; F db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 23h ; # db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 46h ; F db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 46h ; F db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 64h ; d db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 46h ; F db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 46h ; F db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 46h ; F db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 46h ; F db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 46h ; F db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 46h ; F db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 3Ch ; < db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 3Ch ; < db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 3Ch ; < db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 3Ch ; < db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 3Ch ; < db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 46h ; F db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 46h ; F db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 46h ; F db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 46h ; F db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 46h ; F db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 46h ; F db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 unk_10002D7B0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0Ah db 4 db 0 db 0 db 0 db 0 db 0 db 0 db 4 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0Ch db 4 db 0 db 0 db 0 db 0 db 0 db 0 db 8 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0Eh db 4 db 0 db 0 db 0 db 0 db 0 db 0 db 0Ch db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0F4h ; ¯ db 3 db 0 db 0 db 0 db 0 db 0 db 0 db 10h db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0F5h ; ¿ db 3 db 0 db 0 db 0 db 0 db 0 db 0 db 14h db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0F7h ; ¢ db 3 db 0 db 0 db 0 db 0 db 0 db 0 db 24h ; $ db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0F6h ; ¡ db 3 db 0 db 0 db 0 db 0 db 0 db 0 db 28h ; ( db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0F9h ; • db 3 db 0 db 0 db 0 db 0 db 0 db 0 db 2Ch ; , db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0FAh ; · db 3 db 0 db 0 db 0 db 0 db 0 db 0 db 18h db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 4 db 0 db 0 db 0 db 0 db 0 db 0 db 1Ch db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 10h db 4 db 0 db 0 db 0 db 0 db 0 db 0 db 20h db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0FBh ; v db 3 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 60h ; ` db 0 db 0 db 0 db 60h ; ` db 0 db 1 db 0 db 60h ; ` db 0 db 1 db 0 db 3Ch ; < db 0 db 1 db 0 db 60h ; ` db 0 db 1 db 0 db 46h ; F db 0 db 1 db 0 db 46h ; F db 0 db 1 db 0 db 4Bh ; K db 0 db 1 db 0 db 46h ; F db 0 db 1 db 0 db 46h ; F db 0 db 1 db 0 db 32h ; 2 db 0 db 1 db 0 db 46h ; F db 0 db 1 db 0 db 46h ; F db 0 db 1 db 0 db 46h ; F db 0 db 1 db 0 db 46h ; F db 0 db 1 db 0 db 46h ; F db 0 db 1 db 0 db 32h ; 2 db 0 db 1 db 0 db 46h ; F db 0 db 1 db 0 db 46h ; F db 0 db 1 db 0 db 46h ; F db 0 db 1 db 0 db 46h ; F db 0 db 1 db 0 db 46h ; F db 0 db 1 db 0 db 32h ; 2 db 0 db 1 db 0 db 46h ; F db 0 db 1 db 0 db 46h ; F db 0 db 1 db 0 db 46h ; F db 0 db 0Ch db 0 db 0 db 0 db 0 db 0 db 0 db 0 unk_10002D8E0 db 48h ; H db 3Eh ; > db 0 db 0 db 1 db 0 db 0 db 0 word_10002D8E8 dw 81h align 10h _data ends ; ; Delayed imports from MSGINA.dll ; ; Segment type: Externs ; _idata extrn MSGINA_20:qword ; ; Delayed imports from UTILDLL.dll ; extrn __imp_CachedGetUserFromSid:qword extrn __imp_CurrentDateTimeString:qword ; ; Delayed imports from WINSTA.dll ; extrn __imp_WinStationShadow:qword extrn __imp_WinStationQueryInformationW:qword extrn __imp_WinStationGetProcessSid:qword extrn __imp_WinStationConnectW:qword ; ; Delayed imports from WTSAPI32.dll ; extrn __imp_WTSDisconnectSession:qword extrn __imp_WTSSendMessageW:qword extrn __imp_WTSFreeMemory:qword extrn __imp_WTSQuerySessionInformationW:qword extrn __imp_WTSLogoffSession:qword extrn __imp_WTSEnumerateSessionsW:qword ; ; Delayed imports from ole32.dll ; ; HRESULT __stdcall CLSIDFromString(LPOLESTR lpsz, LPCLSID pclsid) extrn CLSIDFromString:qword ; Segment type: Pure data ; Segment permissions: Read/Write _data segment para public 'DATA' use64 assume cs:_data ;org 10002D980h db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 dword_10002D9A0 dd 0 dword_10002D9A4 dd 0 align 10h qword_10002D9B0 dq 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; ; struct _CONTEXT ContextRecord ContextRecord _CONTEXT <?> db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; ; void *qword_10002DF18 qword_10002DF18 dq ? dword_10002DF20 dd ? db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; dword_10002DF2C dd ? dword_10002DF30 dd ? dword_10002DF34 dd ? dword_10002DF38 dd ? dword_10002DF3C dd ? dword_10002DF40 dd ? align 10h qword_10002DF50 dq ? db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; ; void *qword_10002DF68 qword_10002DF68 dq ? align 20h qword_10002DF80 dq ? byte_10002DF88 db ? align 4 dword_10002DF8C dd ? dword_10002DF90 dd ? align 20h unk_10002DFA0 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; ; char Filename[260] Filename db 104h dup(?) byte_10002E0BE db ? db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; qword_10002E2B8 dq ? ; WCHAR word_10002E2C0 word_10002E2C0 dw ? db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; word_10002E4C8 dw ? align 4 dword_10002E4CC dd ? dword_10002E4D0 dd ? align 8 qword_10002E4D8 dq ? qword_10002E4E0 dq ? qword_10002E4E8 dq ? qword_10002E4F0 dq ? db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002E510 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; qword_10002E740 dq ? qword_10002E748 dq ? qword_10002E750 dq ? qword_10002E758 dq ? qword_10002E760 dq ? qword_10002E768 dq ? dword_10002E770 dd ? dword_10002E774 dd ? dword_10002E778 dd ? unk_10002E77C db ? ; db ? ; db ? ; db ? ; qword_10002E780 dq ? qword_10002E788 dq ? db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; ; LCID Locale Locale dd ? align 20h ; UINT CodePage CodePage dd ? align 8 dword_10002E7E8 dd ? db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; dword_10002E814 dd ? db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; qword_10002E8E8 dq ? dword_10002E8F0 dd ? align 20h qword_10002E900 dq ? align 10h dword_10002E910 dd ? align 8 ; HMODULE hModule hModule dq ? WTSAPI32_dll_handle dq ? WINSTA_dll_handle dq ? MSGINA_dll_handle dq ? dword_10002E938 dd ? dword_10002E93C dd ? ; struct _OSVERSIONINFOA VersionInformation VersionInformation _OSVERSIONINFOA <?> align 8 dword_10002E9D8 dd ? dword_10002E9DC dd ? UTILDLL_dll_handle dq ? ole32_dll_handle dq ? db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002E9F8 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002EA10 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002EA28 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; dword_10002EA3C dd ? ; WCHAR word_10002EA40 word_10002EA40 dw ? db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; ; WCHAR word_10002EA80 word_10002EA80 dw ? db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; ; WCHAR LCData LCData dw ? db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002EB00 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002EB40 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002EB80 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002EBC0 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002EC00 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002EC40 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002EC80 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002ECC0 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002ED00 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002ED40 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002ED80 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002EF40 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002EF80 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002EFC0 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002F000 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002F080 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002F0C0 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002F100 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002F140 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002F180 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002F1C0 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002F200 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002F240 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002F280 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; qword_10002F2C0 dq ? db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; dword_10002F320 dd ? align 10h unk_10002F330 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; dword_10002F338 dd ? db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002F370 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; dword_10002F390 dd ? align 8 ; HANDLE qword_10002F398 qword_10002F398 dq ? dword_10002F3A0 dd ? align 8 ; HWND hWnd hWnd dq ? qword_10002F3B0 dq ? ; HWND qword_10002F3B8 qword_10002F3B8 dq ? ; HINSTANCE hInstance hInstance dq ? ; HACCEL hAccTable hAccTable dq ? byte_10002F3D0 db ? align 8 ; HMENU hMenu hMenu dq ? dword_10002F3E0 dd ? dword_10002F3E4 dd ? ; DWORD idThread idThread dd ? align 10h ; HANDLE hHandle hHandle dq ? dword_10002F3F8 dd ? dword_10002F3FC dd ? dword_10002F400 dd ? dword_10002F404 dd ? dword_10002F408 dd ? dword_10002F40C dd ? dword_10002F410 dd ? dword_10002F414 dd ? dword_10002F418 dd ? align 20h qword_10002F420 dq ? qword_10002F428 dq ? qword_10002F430 dq ? dword_10002F438 dd ? dword_10002F43C dd ? dword_10002F440 dd ? align 8 qword_10002F448 dq ? qword_10002F450 dq ? qword_10002F458 dq ? ; HLOCAL hMem hMem dq ? qword_10002F468 dq ? qword_10002F470 dq ? dword_10002F478 dd ? dword_10002F47C dd ? dword_10002F480 dd ? ; DWORD pSessionId pSessionId dd ? ; WNDPROC lpPrevWndFunc lpPrevWndFunc dq ? db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; ; HLOCAL qword_10002FE90 qword_10002FE90 dq ? byte_10002FE98 db ? byte_10002FE99 db ? align 20h qword_10002FEA0 dq ? qword_10002FEA8 dq ? dword_10002FEB0 dd ? dword_10002FEB4 dd ? dword_10002FEB8 dd ? dword_10002FEBC dd ? dword_10002FEC0 dd ? dword_10002FEC4 dd ? align 10h ; int dword_10002FED0 dword_10002FED0 dd ? ; UINT uElapse uElapse dd ? ; WPARAM wParam wParam dd ? dword_10002FEDC dd ? dword_10002FEE0 dd ? ; struct tagRECT Rect Rect tagRECT <?> dword_10002FEF4 dd ? dword_10002FEF8 dd ? db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002FF60 db ? ; db ? ; db ? ; db ? ; unk_10002FF64 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_10002FF98 db ? ; db ? ; db ? ; db ? ; unk_10002FF9C db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; dword_100030008 dd ? dword_10003000C dd ? dword_100030010 dd ? dword_100030014 dd ? dword_100030018 dd ? dword_10003001C dd ? dword_100030020 dd ? dword_100030024 dd ? unk_100030028 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_100030088 db ? ; db ? ; db ? ; db ? ; unk_10003008C db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; unk_1000300F0 db ? ; db ? ; db ? ; db ? ; unk_1000300F4 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; ; int dword_10003015C dword_10003015C dd ? db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; dword_100030168 dd ? dword_10003016C dd ? qword_100030170 dq ? qword_100030178 dq ? qword_100030180 dq ? qword_100030188 dq ? qword_100030190 dq ? qword_100030198 dq ? dword_1000301A0 dd ? dword_1000301A4 dd ? qword_1000301A8 dq ? qword_1000301B0 dq ? qword_1000301B8 dq ? qword_1000301C0 dq ? db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; dword_1000311E0 dd ? ; LCID dword_1000311E4 dword_1000311E4 dd ? ; void *qword_1000311E8 qword_1000311E8 dq ? dword_1000311F0 dd ? align 20h unk_100031200 db ? ; db ? ; db ? ; unk_100031203 db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; ; UINT dword_100031304 dword_100031304 dd ? align 10h qword_100031310 dq ? dword_100031318 dd ? db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; ; HANDLE hHeap hHeap dq ? ; UINT uNumber uNumber dd ? align 20h qword_100031440 dq ? db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; db ? ; dword_100031640 dd ? align 8 qword_100031648 dq ? qword_100031650 dq ? dword_100031658 dd ? align 20h qword_100031660 dq ? qword_100031668 dq ? qword_100031670 dq ? align 1000h _data ends ; Section 3. (virtual address 00032000) ; Virtual size : 0000204C ( 8268.) ; Section size in file : 00002200 ( 8704.) ; Offset to raw data for section: 0002C200 ; Flags 40000040: Data Readable ; Alignment : default ; Segment type: Pure data ; Segment permissions: Read _pdata segment para public 'DATA' use64 assume cs:_pdata ;org 100032000h ExceptionDir RUNTIME_FUNCTION <rva sub_100003EA0, \ rva algn_100003F25, \ rva stru_10002736C> RUNTIME_FUNCTION <rva sub_100003F30, \ rva algn_100003FEF, \ rva stru_100027364> RUNTIME_FUNCTION <rva sub_100004000, \ rva algn_100004110, \ rva stru_10002735C> RUNTIME_FUNCTION <rva sub_100004120, \ rva byte_10000435D, \ rva stru_10002734C> RUNTIME_FUNCTION <rva sub_100004370, \ rva algn_1000045A9, \ rva stru_100027344> RUNTIME_FUNCTION <rva sub_1000045B0, \ rva loc_1000045EB, \ rva stru_100028A7C> RUNTIME_FUNCTION <rva loc_1000045EB, \ rva loc_1000047A5, \ rva stru_100028A64> RUNTIME_FUNCTION <rva loc_1000047A5, \ rva algn_1000047CE, \ rva stru_100028A54> RUNTIME_FUNCTION <rva sub_1000047E0, \ rva algn_100004911, \ rva stru_10002733C> RUNTIME_FUNCTION <rva sub_100004920, \ rva loc_100004962, \ rva stru_100027E04> RUNTIME_FUNCTION <rva loc_100004962, \ rva loc_100004A66, \ rva stru_100027DF0> RUNTIME_FUNCTION <rva loc_100004A66, \ rva byte_100004B7C, \ rva stru_100027DE0> RUNTIME_FUNCTION <rva sub_100004B90, \ rva loc_100004D4F, \ rva stru_100028D4C> RUNTIME_FUNCTION <rva loc_100004D4F, \ rva loc_1000050C2, \ rva stru_100028D2C> RUNTIME_FUNCTION <rva loc_1000050C2, \ rva loc_1000050E2, \ rva stru_100028D18> RUNTIME_FUNCTION <rva loc_1000050E2, \ rva algn_100005154, \ rva stru_100028D08> RUNTIME_FUNCTION <rva sub_100005160, \ rva loc_100005193, \ rva stru_100027DD4> RUNTIME_FUNCTION <rva loc_100005193, \ rva loc_1000051E4, \ rva stru_100027DC0> RUNTIME_FUNCTION <rva loc_1000051E4, \ rva algn_100005214, \ rva stru_100027DB0> RUNTIME_FUNCTION <rva sub_100005220, \ rva algn_100005363, \ rva stru_100027DA4> RUNTIME_FUNCTION <rva sub_100005370, \ rva algn_10000542A, \ rva stru_100028CF4> RUNTIME_FUNCTION <rva sub_100005430, \ rva loc_10000543A, \ rva stru_100028CEC> RUNTIME_FUNCTION <rva loc_10000543A, \ rva loc_100005581, \ rva stru_100028CC8> RUNTIME_FUNCTION <rva loc_100005581, \ rva byte_10000559F, \ rva stru_100028CB0> RUNTIME_FUNCTION <rva sub_1000055B0, \ rva byte_10000569D, \ rva stru_100027330> RUNTIME_FUNCTION <rva sub_1000056B0, \ rva algn_100005789, \ rva stru_10002731C> RUNTIME_FUNCTION <rva sub_100005790, \ rva loc_1000057E2, \ rva stru_100027310> RUNTIME_FUNCTION <rva loc_1000057E2, \ rva loc_10000586D, \ rva stru_1000272F8> RUNTIME_FUNCTION <rva loc_10000586D, \ rva algn_10000587A, \ rva stru_1000272E8> RUNTIME_FUNCTION <rva sub_100005880, \ rva loc_100005A62, \ rva stru_100027D88> RUNTIME_FUNCTION <rva loc_100005A62, \ rva loc_100005F09, \ rva stru_100027D6C> RUNTIME_FUNCTION <rva loc_100005F09, \ rva loc_100005F96, \ rva stru_100027D54> RUNTIME_FUNCTION <rva loc_100005F96, \ rva loc_100005FC3, \ rva stru_100027D40> RUNTIME_FUNCTION <rva loc_100005FC3, \ rva byte_100006000, \ rva stru_100027D30> RUNTIME_FUNCTION <rva StartAddress, \ rva algn_100006056, \ rva stru_1000272E0> RUNTIME_FUNCTION <rva sub_100006060, \ rva algn_1000060D7, \ rva stru_100027D28> RUNTIME_FUNCTION <rva sub_1000060E0, \ rva algn_100006118, \ rva stru_1000272D8> RUNTIME_FUNCTION <rva sub_100006120, \ rva algn_10000618D, \ rva stru_100027D20> RUNTIME_FUNCTION <rva sub_1000061A0, \ rva algn_1000062F0, \ rva stru_1000284E8> RUNTIME_FUNCTION <rva sub_100006300, \ rva algn_100006BCC, \ rva stru_100028E98> RUNTIME_FUNCTION <rva sub_100006BE0, \ rva algn_100006C39, \ rva stru_1000272D0> RUNTIME_FUNCTION <rva sub_100006C40, \ rva algn_100006CE3, \ rva stru_1000272C8> RUNTIME_FUNCTION <rva sub_100006CF0, \ rva loc_10000712D, \ rva stru_100029020> RUNTIME_FUNCTION <rva loc_10000712D, \ rva loc_100007189, \ rva stru_10002900C> RUNTIME_FUNCTION <rva loc_100007189, \ rva algn_10000739A, \ rva stru_100028FFC> RUNTIME_FUNCTION <rva sub_1000073A0, \ rva loc_1000073B0, \ rva stru_1000272BC> RUNTIME_FUNCTION <rva loc_1000073B0, \ rva loc_100007434, \ rva stru_1000272A0> RUNTIME_FUNCTION <rva loc_100007434, \ rva algn_100007463, \ rva stru_10002728C> RUNTIME_FUNCTION <rva sub_100007470, \ rva algn_1000075D9, \ rva stru_100027280> RUNTIME_FUNCTION <rva sub_1000075E0, \ rva loc_100007627, \ rva stru_100027274> RUNTIME_FUNCTION <rva loc_100007627, \ rva loc_100007673, \ rva stru_100027260> RUNTIME_FUNCTION <rva loc_100007673, \ rva loc_100007678, \ rva stru_10002724C> RUNTIME_FUNCTION <rva loc_100007678, \ rva algn_10000768B, \ rva stru_10002723C> RUNTIME_FUNCTION <rva wWinMain, \ rva loc_1000076B9, \ rva stru_100029074> RUNTIME_FUNCTION <rva loc_1000076B9, \ rva loc_100007EE3, \ rva stru_100029050> RUNTIME_FUNCTION <rva loc_100007EE3, \ rva algn_100007F08, \ rva stru_10002903C> RUNTIME_FUNCTION <rva sub_100007F10, \ rva loc_100007F60, \ rva stru_10002722C> RUNTIME_FUNCTION <rva loc_100007F60, \ rva loc_10000807D, \ rva stru_100027218> RUNTIME_FUNCTION <rva loc_10000807D, \ rva algn_1000080A2, \ rva stru_100027208> RUNTIME_FUNCTION <rva sub_1000080B0, \ rva loc_1000080BB, \ rva stru_100027D18> RUNTIME_FUNCTION <rva loc_1000080BB, \ rva loc_1000080DA, \ rva stru_100027D00> RUNTIME_FUNCTION <rva loc_1000080DA, \ rva loc_1000080E6, \ rva stru_100027CEC> RUNTIME_FUNCTION <rva loc_1000080E6, \ rva loc_100008143, \ rva stru_100027CD4> RUNTIME_FUNCTION <rva loc_100008143, \ rva loc_100008148, \ rva stru_100027CC4> RUNTIME_FUNCTION <rva loc_100008148, \ rva loc_100008166, \ rva stru_100027CB4> RUNTIME_FUNCTION <rva loc_100008166, \ rva byte_10000817C, \ rva stru_100027CA0> RUNTIME_FUNCTION <rva sub_100008190, \ rva algn_1000081B7, \ rva stru_100027C98> RUNTIME_FUNCTION <rva sub_1000081C0, \ rva loc_1000081CB, \ rva stru_1000284E0> RUNTIME_FUNCTION <rva loc_1000081CB, \ rva loc_1000081EC, \ rva stru_1000284C8> RUNTIME_FUNCTION <rva loc_1000081EC, \ rva algn_100008202, \ rva stru_1000284B4> RUNTIME_FUNCTION <rva sub_100008220, \ rva loc_100008224, \ rva stru_100027C90> RUNTIME_FUNCTION <rva loc_100008224, \ rva loc_100008242, \ rva stru_100027C78> RUNTIME_FUNCTION <rva loc_100008242, \ rva algn_100008258, \ rva stru_100027C64> RUNTIME_FUNCTION <rva sub_100008260, \ rva algn_1000082F6, \ rva stru_100027200> RUNTIME_FUNCTION <rva sub_100008380, \ rva byte_100008420, \ rva stru_1000271EC> RUNTIME_FUNCTION <rva sub_100008430, \ rva loc_1000084E1, \ rva stru_100027C50> RUNTIME_FUNCTION <rva loc_1000084E1, \ rva loc_1000084E9, \ rva stru_100027C3C> RUNTIME_FUNCTION <rva loc_1000084E9, \ rva loc_100008B32, \ rva stru_100027C1C> RUNTIME_FUNCTION <rva loc_100008B32, \ rva loc_100008C45, \ rva stru_100027C04> RUNTIME_FUNCTION <rva loc_100008C45, \ rva algn_100008C65, \ rva stru_100027BF4> RUNTIME_FUNCTION <rva sub_100008C70, \ rva loc_100008C74, \ rva stru_1000271E4> RUNTIME_FUNCTION <rva loc_100008C74, \ rva loc_100008D5C, \ rva stru_1000271BC> RUNTIME_FUNCTION <rva loc_100008D5C, \ rva algn_100008D85, \ rva stru_1000271A0> RUNTIME_FUNCTION <rva sub_100008D90, \ rva loc_100008DC4, \ rva stru_100027BE0> RUNTIME_FUNCTION <rva loc_100008DC4, \ rva loc_10000940C, \ rva stru_100027BBC> RUNTIME_FUNCTION <rva loc_10000940C, \ rva algn_100009429, \ rva stru_100027BAC> RUNTIME_FUNCTION <rva sub_100009430, \ rva loc_100009453, \ rva stru_100027B9C> RUNTIME_FUNCTION <rva loc_100009453, \ rva loc_100009602, \ rva stru_100027B74> RUNTIME_FUNCTION <rva loc_100009602, \ rva algn_100009627, \ rva stru_100027B64> RUNTIME_FUNCTION <rva sub_100009630, \ rva algn_100009822, \ rva stru_100028494> RUNTIME_FUNCTION <rva sub_100009830, \ rva loc_100009940, \ rva stru_100027B48> RUNTIME_FUNCTION <rva loc_100009940, \ rva loc_100009CAA, \ rva stru_100027B2C> RUNTIME_FUNCTION <rva loc_100009CAA, \ rva algn_100009CE7, \ rva stru_100027B1C> RUNTIME_FUNCTION <rva sub_100009CF0, \ rva loc_100009E29, \ rva stru_100027B00> RUNTIME_FUNCTION <rva loc_100009E29, \ rva loc_100009E92, \ rva stru_100027AE8> RUNTIME_FUNCTION <rva loc_100009E92, \ rva loc_10000A012, \ rva stru_100027AD4> RUNTIME_FUNCTION <rva loc_10000A012, \ rva loc_10000A02B, \ rva stru_100027AC4> RUNTIME_FUNCTION <rva loc_10000A02B, \ rva algn_10000A075, \ rva stru_100027AB4> RUNTIME_FUNCTION <rva sub_10000A080, \ rva loc_10000A154, \ rva stru_100027190> RUNTIME_FUNCTION <rva loc_10000A154, \ rva loc_10000A15F, \ rva stru_10002717C> RUNTIME_FUNCTION <rva loc_10000A15F, \ rva loc_10000A1AA, \ rva stru_100027168> RUNTIME_FUNCTION <rva loc_10000A1AA, \ rva loc_10000A1E4, \ rva stru_100027158> RUNTIME_FUNCTION <rva loc_10000A1E4, \ rva algn_10000A1F3, \ rva stru_100027148> RUNTIME_FUNCTION <rva sub_10000A200, \ rva algn_10000A50A, \ rva stru_10002847C> RUNTIME_FUNCTION <rva sub_10000A530, \ rva loc_10000A539, \ rva stru_100028A48> RUNTIME_FUNCTION <rva loc_10000A539, \ rva loc_10000A62A, \ rva stru_100028A30> RUNTIME_FUNCTION <rva loc_10000A62A, \ rva algn_10000A64E, \ rva stru_100028A1C> RUNTIME_FUNCTION <rva sub_10000A660, \ rva loc_10000A664, \ rva stru_100028A14> RUNTIME_FUNCTION <rva loc_10000A664, \ rva loc_10000A769, \ rva stru_1000289F4> RUNTIME_FUNCTION <rva loc_10000A769, \ rva algn_10000A798, \ rva stru_1000289E4> RUNTIME_FUNCTION <rva sub_10000A7A0, \ rva loc_10000A7A4, \ rva stru_100027AAC> RUNTIME_FUNCTION <rva loc_10000A7A4, \ rva loc_10000A7A9, \ rva stru_100027A98> RUNTIME_FUNCTION <rva loc_10000A7A9, \ rva loc_10000A7E7, \ rva stru_100027A80> RUNTIME_FUNCTION <rva loc_10000A7E7, \ rva loc_10000A838, \ rva stru_100027A6C> RUNTIME_FUNCTION <rva loc_10000A838, \ rva loc_10000A85F, \ rva stru_100027A58> RUNTIME_FUNCTION <rva loc_10000A85F, \ rva algn_10000A86C, \ rva stru_100027A48> RUNTIME_FUNCTION <rva sub_10000A880, \ rva loc_10000A8C1, \ rva stru_10002713C> RUNTIME_FUNCTION <rva loc_10000A8C1, \ rva loc_10000AA62, \ rva stru_10002711C> RUNTIME_FUNCTION <rva loc_10000AA62, \ rva algn_10000AA66, \ rva stru_1000270FC> RUNTIME_FUNCTION <rva sub_10000AA70, \ rva loc_10000AAD0, \ rva stru_1000270F0> RUNTIME_FUNCTION <rva loc_10000AAD0, \ rva loc_10000AB01, \ rva stru_1000270D4> RUNTIME_FUNCTION <rva loc_10000AB01, \ rva loc_10000AC82, \ rva stru_1000270B4> RUNTIME_FUNCTION <rva loc_10000AC82, \ rva loc_10000AD02, \ rva stru_1000270A4> RUNTIME_FUNCTION <rva loc_10000AD02, \ rva algn_10000AD5A, \ rva stru_100027094> RUNTIME_FUNCTION <rva sub_10000AD60, \ rva loc_10000AE44, \ rva stru_1000289CC> RUNTIME_FUNCTION <rva loc_10000AE44, \ rva loc_10000AFD9, \ rva stru_1000289B8> RUNTIME_FUNCTION <rva loc_10000AFD9, \ rva algn_10000AFF2, \ rva stru_1000289A8> RUNTIME_FUNCTION <rva sub_10000B000, \ rva loc_10000B02F, \ rva stru_10002846C> RUNTIME_FUNCTION <rva loc_10000B02F, \ rva loc_10000B0EB, \ rva stru_100028454> RUNTIME_FUNCTION <rva loc_10000B0EB, \ rva algn_10000B110, \ rva stru_100028444> RUNTIME_FUNCTION <rva sub_10000B120, \ rva algn_10000B208, \ rva stru_100028438> RUNTIME_FUNCTION <rva sub_10000B210, \ rva loc_10000B28C, \ rva stru_100028994> RUNTIME_FUNCTION <rva loc_10000B28C, \ rva loc_10000B52C, \ rva stru_10002897C> RUNTIME_FUNCTION <rva loc_10000B52C, \ rva algn_10000B558, \ rva stru_10002896C> RUNTIME_FUNCTION <rva sub_10000B560, \ rva algn_10000B6E1, \ rva stru_10002708C> RUNTIME_FUNCTION <rva sub_10000B6F0, \ rva loc_10000B761, \ rva stru_100028C98> RUNTIME_FUNCTION <rva loc_10000B761, \ rva loc_10000B837, \ rva stru_100028C7C> RUNTIME_FUNCTION <rva loc_10000B837, \ rva loc_10000B841, \ rva stru_100028C6C> RUNTIME_FUNCTION <rva loc_10000B841, \ rva loc_10000B8DB, \ rva stru_100028C50> RUNTIME_FUNCTION <rva loc_10000B8DB, \ rva loc_10000B8E3, \ rva stru_100028C3C> RUNTIME_FUNCTION <rva loc_10000B8E3, \ rva byte_10000B91D, \ rva stru_100028C2C> RUNTIME_FUNCTION <rva sub_10000B930, \ rva algn_10000BB45, \ rva stru_100028424> RUNTIME_FUNCTION <rva sub_10000BB50, \ rva loc_10000BBB7, \ rva stru_10002840C> RUNTIME_FUNCTION <rva loc_10000BBB7, \ rva loc_10000BD3D, \ rva stru_1000283F8> RUNTIME_FUNCTION <rva loc_10000BD3D, \ rva algn_10000BD75, \ rva stru_1000283E8> RUNTIME_FUNCTION <rva sub_10000BD80, \ rva loc_10000BD9D, \ rva stru_10002707C> RUNTIME_FUNCTION <rva loc_10000BD9D, \ rva loc_10000BF6D, \ rva stru_100027058> RUNTIME_FUNCTION <rva loc_10000BF6D, \ rva byte_10000BF7E, \ rva stru_100027048> RUNTIME_FUNCTION <rva sub_10000BF90, \ rva loc_10000C012, \ rva stru_100027038> RUNTIME_FUNCTION <rva loc_10000C012, \ rva loc_10000C031, \ rva stru_100027024> RUNTIME_FUNCTION <rva loc_10000C031, \ rva qword_10000C3B0+5Ch,\ rva stru_100027014> RUNTIME_FUNCTION <rva sub_10000C420, \ rva algn_10000C597, \ rva stru_100027A30> RUNTIME_FUNCTION <rva sub_10000C5A0, \ rva byte_10000C81C, \ rva stru_1000283C4> RUNTIME_FUNCTION <rva sub_10000C830, \ rva byte_10000C8BC, \ rva stru_100027008> RUNTIME_FUNCTION <rva sub_10000C8D0, \ rva algn_10000C94A, \ rva stru_100027000> RUNTIME_FUNCTION <rva DialogFunc, \ rva loc_10000C990, \ rva stru_100026FE8> RUNTIME_FUNCTION <rva loc_10000C990, \ rva loc_10000CB15, \ rva stru_100026FC8> RUNTIME_FUNCTION <rva loc_10000CB15, \ rva algn_10000CBA9, \ rva stru_100026FB8> RUNTIME_FUNCTION <rva sub_10000CBB0, \ rva algn_10000CC38, \ rva stru_100026FA4> RUNTIME_FUNCTION <rva sub_10000CC40, \ rva loc_10000CC8D, \ rva stru_1000283B4> RUNTIME_FUNCTION <rva loc_10000CC8D, \ rva loc_10000CDA6, \ rva stru_1000283A0> RUNTIME_FUNCTION <rva loc_10000CDA6, \ rva algn_10000CDCB, \ rva stru_100028390> RUNTIME_FUNCTION <rva sub_10000CDE0, \ rva loc_10000CE54, \ rva stru_100028950> RUNTIME_FUNCTION <rva loc_10000CE54, \ rva loc_10000D030, \ rva stru_100028934> RUNTIME_FUNCTION <rva loc_10000D030, \ rva loc_10000D1D5, \ rva stru_10002891C> RUNTIME_FUNCTION <rva loc_10000D1D5, \ rva loc_10000D260, \ rva stru_100028908> RUNTIME_FUNCTION <rva loc_10000D260, \ rva algn_10000D2F0, \ rva stru_1000288F8> RUNTIME_FUNCTION <rva sub_10000D300, \ rva loc_10000D307, \ rva stru_100028C24> RUNTIME_FUNCTION <rva loc_10000D307, \ rva loc_10000D317, \ rva stru_100028C04> RUNTIME_FUNCTION <rva loc_10000D317, \ rva loc_10000D3F0, \ rva stru_100028BE8> RUNTIME_FUNCTION <rva loc_10000D3F0, \ rva loc_10000D422, \ rva stru_100028BD0> RUNTIME_FUNCTION <rva loc_10000D422, \ rva loc_10000D43D, \ rva stru_100028BAC> RUNTIME_FUNCTION <rva loc_10000D43D, \ rva byte_10000D45F, \ rva stru_100028B90> RUNTIME_FUNCTION <rva sub_10000D470, \ rva algn_10000D649, \ rva stru_100026F80> RUNTIME_FUNCTION <rva sub_10000D650, \ rva loc_10000D696, \ rva stru_100026F70> RUNTIME_FUNCTION <rva loc_10000D696, \ rva loc_10000D6F7, \ rva stru_100026F58> RUNTIME_FUNCTION <rva loc_10000D6F7, \ rva algn_10000D706, \ rva stru_100026F48> RUNTIME_FUNCTION <rva sub_10000D710, \ rva loc_10000D714, \ rva stru_100028FF4> RUNTIME_FUNCTION <rva loc_10000D714, \ rva loc_10000D7C7, \ rva stru_100028FD0> RUNTIME_FUNCTION <rva loc_10000D7C7, \ rva byte_10000D87B, \ rva stru_100028FBC> RUNTIME_FUNCTION <rva sub_10000D890, \ rva loc_10000D899, \ rva stru_1000288EC> RUNTIME_FUNCTION <rva loc_10000D899, \ rva loc_10000DA19, \ rva stru_1000288D4> RUNTIME_FUNCTION <rva loc_10000DA19, \ rva byte_10000DA3B, \ rva stru_1000288C0> RUNTIME_FUNCTION <rva sub_10000DA50, \ rva loc_10000DA56, \ rva stru_100027A28> RUNTIME_FUNCTION <rva loc_10000DA56, \ rva loc_10000DA96, \ rva stru_100027A10> RUNTIME_FUNCTION <rva loc_10000DA96, \ rva loc_10000DAF7, \ rva stru_1000279F8> RUNTIME_FUNCTION <rva loc_10000DAF7, \ rva loc_10000DB05, \ rva stru_1000279E8> RUNTIME_FUNCTION <rva loc_10000DB05, \ rva algn_10000DB58, \ rva stru_1000279D4> RUNTIME_FUNCTION <rva sub_10000DB60, \ rva algn_10000DBC9, \ rva stru_1000279CC> RUNTIME_FUNCTION <rva sub_10000DBF0, \ rva loc_10000DC1B, \ rva stru_100028380> RUNTIME_FUNCTION <rva loc_10000DC1B, \ rva loc_10000DC35, \ rva stru_100028368> RUNTIME_FUNCTION <rva loc_10000DC35, \ rva loc_10000DC99, \ rva stru_100028350> RUNTIME_FUNCTION <rva loc_10000DC99, \ rva loc_10000DCA6, \ rva stru_100028340> RUNTIME_FUNCTION <rva loc_10000DCA6, \ rva byte_10000DCFB, \ rva stru_10002832C> RUNTIME_FUNCTION <rva sub_10000DD10, \ rva algn_10000E412, \ rva stru_100028898> RUNTIME_FUNCTION <rva sub_10000E420, \ rva loc_10000E43B, \ rva stru_100026F38> RUNTIME_FUNCTION <rva loc_10000E43B, \ rva loc_10000E47F, \ rva stru_100026F24> RUNTIME_FUNCTION <rva loc_10000E47F, \ rva algn_10000E48E, \ rva stru_100026F14> RUNTIME_FUNCTION <rva sub_10000E4A0, \ rva loc_10000E565, \ rva stru_100026EF4> RUNTIME_FUNCTION <rva loc_10000E565, \ rva loc_10000E6F4, \ rva stru_100026EDC> RUNTIME_FUNCTION <rva loc_10000E6F4, \ rva algn_10000E717, \ rva stru_100026ECC> RUNTIME_FUNCTION <rva sub_10000E720, \ rva loc_10000E76B, \ rva stru_100028E84> RUNTIME_FUNCTION <rva loc_10000E76B, \ rva loc_10000E7E9, \ rva stru_100028E6C> RUNTIME_FUNCTION <rva loc_10000E7E9, \ rva loc_10000E7FB, \ rva stru_100028E54> RUNTIME_FUNCTION <rva loc_10000E7FB, \ rva loc_10000E927, \ rva stru_100028E40> RUNTIME_FUNCTION <rva loc_10000E927, \ rva loc_10000E981, \ rva stru_100028E30> RUNTIME_FUNCTION <rva loc_10000E981, \ rva loc_10000E98E, \ rva stru_100028E20> RUNTIME_FUNCTION <rva loc_10000E98E, \ rva algn_10000E9A8, \ rva stru_100028E10> RUNTIME_FUNCTION <rva sub_10000E9B0, \ rva algn_10000F278, \ rva stru_100028870> RUNTIME_FUNCTION <rva sub_10000F280, \ rva loc_10000F2B6, \ rva stru_100028E00> RUNTIME_FUNCTION <rva loc_10000F2B6, \ rva loc_10000F2C2, \ rva stru_100028DEC> RUNTIME_FUNCTION <rva loc_10000F2C2, \ rva loc_10000F340, \ rva stru_100028DD8> RUNTIME_FUNCTION <rva loc_10000F340, \ rva loc_10000F34C, \ rva stru_100028DC8> RUNTIME_FUNCTION <rva loc_10000F34C, \ rva algn_10000F393, \ rva stru_100028DB8> RUNTIME_FUNCTION <rva sub_10000F3A0, \ rva algn_10000F3D8, \ rva stru_100028B88> RUNTIME_FUNCTION <rva sub_10000F3E0, \ rva loc_10000F441, \ rva stru_100028FB0> RUNTIME_FUNCTION <rva loc_10000F441, \ rva loc_10000F450, \ rva stru_100028F9C> RUNTIME_FUNCTION <rva loc_10000F450, \ rva loc_10000F49C, \ rva stru_100028F88> RUNTIME_FUNCTION <rva loc_10000F49C, \ rva loc_10000F4A1, \ rva stru_100028F78> RUNTIME_FUNCTION <rva loc_10000F4A1, \ rva algn_10000F4AB, \ rva stru_100028F68> RUNTIME_FUNCTION <rva sub_10000F4C0, \ rva algn_10000F5D0, \ rva stru_100028860> RUNTIME_FUNCTION <rva sub_10000F5E0, \ rva algn_10000F7C7, \ rva stru_100028F4C> RUNTIME_FUNCTION <rva sub_10000F7E0, \ rva algn_10000F819, \ rva stru_100026EC4> RUNTIME_FUNCTION <rva sub_10000F820, \ rva loc_10000F860, \ rva stru_100026EAC> RUNTIME_FUNCTION <rva loc_10000F860, \ rva loc_10000F9BE, \ rva stru_100026E8C> RUNTIME_FUNCTION <rva loc_10000F9BE, \ rva algn_10000FA97, \ rva stru_100026E7C> RUNTIME_FUNCTION <rva sub_10000FAF0, \ rva algn_10000FBAD, \ rva stru_100026E6C> RUNTIME_FUNCTION <rva sub_10000FBC0, \ rva loc_10000FC38, \ rva stru_100026E60> RUNTIME_FUNCTION <rva loc_10000FC38, \ rva loc_10000FD2E, \ rva stru_100026E40> RUNTIME_FUNCTION <rva loc_10000FD2E, \ rva loc_10000FD4B, \ rva stru_100026E30> RUNTIME_FUNCTION <rva loc_10000FD4B, \ rva algn_10000FD52, \ rva stru_100026E10> RUNTIME_FUNCTION <rva sub_10000FD60, \ rva algn_1000101E8, \ rva stru_1000279B8> RUNTIME_FUNCTION <rva sub_1000101F0, \ rva algn_1000102E6, \ rva stru_100026DFC> RUNTIME_FUNCTION <rva sub_1000102F0, \ rva algn_1000103BA, \ rva stru_100026DEC> RUNTIME_FUNCTION <rva sub_1000103C0, \ rva loc_1000103DB, \ rva stru_1000279B0> RUNTIME_FUNCTION <rva loc_1000103DB, \ rva loc_100010479, \ rva stru_100027998> RUNTIME_FUNCTION <rva loc_100010479, \ rva algn_100010562, \ rva stru_100027984> RUNTIME_FUNCTION <rva sub_100010570, \ rva byte_1000105FC, \ rva stru_100026DE0> RUNTIME_FUNCTION <rva sub_100010610, \ rva byte_1000107FE, \ rva stru_10002830C> RUNTIME_FUNCTION <rva sub_100010810, \ rva loc_10001083B, \ rva stru_100028850> RUNTIME_FUNCTION <rva loc_10001083B, \ rva loc_1000108D5, \ rva stru_100028838> RUNTIME_FUNCTION <rva loc_1000108D5, \ rva loc_1000108E6, \ rva stru_100028828> RUNTIME_FUNCTION <rva loc_1000108E6, \ rva algn_1000108F7, \ rva stru_100028810> RUNTIME_FUNCTION <rva sub_100010900, \ rva loc_100010C89, \ rva stru_1000282FC> RUNTIME_FUNCTION <rva loc_100010C89, \ rva loc_100010E6D, \ rva stru_1000282E4> RUNTIME_FUNCTION <rva loc_100010E6D, \ rva algn_100010E92, \ rva stru_1000282D4> RUNTIME_FUNCTION <rva sub_100010EA0, \ rva loc_100010F79, \ rva stru_1000282C0> RUNTIME_FUNCTION <rva loc_100010F79, \ rva loc_1000110FD, \ rva stru_1000282AC> RUNTIME_FUNCTION <rva loc_1000110FD, \ rva algn_10001112A, \ rva stru_10002829C> RUNTIME_FUNCTION <rva sub_100011130, \ rva loc_10001122A, \ rva stru_10002827C> RUNTIME_FUNCTION <rva loc_10001122A, \ rva algn_10001149A, \ rva stru_100028268> RUNTIME_FUNCTION <rva sub_1000114A0, \ rva loc_1000115E2, \ rva stru_100028B78> RUNTIME_FUNCTION <rva loc_1000115E2, \ rva loc_100011611, \ rva stru_100028B64> RUNTIME_FUNCTION <rva loc_100011611, \ rva loc_100011A84, \ rva stru_100028B40> RUNTIME_FUNCTION <rva loc_100011A84, \ rva loc_100011A9F, \ rva stru_100028B30> RUNTIME_FUNCTION <rva loc_100011A9F, \ rva algn_100011AC4, \ rva stru_100028B20> RUNTIME_FUNCTION <rva sub_100011AD0, \ rva loc_100011B0E, \ rva stru_100026DD0> RUNTIME_FUNCTION <rva loc_100011B0E, \ rva loc_100011CE8, \ rva stru_100026DB0> RUNTIME_FUNCTION <rva loc_100011CE8, \ rva byte_100011D00, \ rva stru_100026DA0> RUNTIME_FUNCTION <rva sub_100011D10, \ rva algn_1000122CC, \ rva stru_100028B10> RUNTIME_FUNCTION <rva sub_1000122E0, \ rva algn_100012302, \ rva stru_100028DB0> RUNTIME_FUNCTION <rva sub_100012310, \ rva loc_1000123D5, \ rva stru_10002796C> RUNTIME_FUNCTION <rva loc_1000123D5, \ rva loc_100012437, \ rva stru_100027958> RUNTIME_FUNCTION <rva loc_100012437, \ rva loc_1000124E6, \ rva stru_100027944> RUNTIME_FUNCTION <rva loc_1000124E6, \ rva loc_100012626, \ rva stru_100027930> RUNTIME_FUNCTION <rva loc_100012626, \ rva loc_10001262E, \ rva stru_100027920> RUNTIME_FUNCTION <rva loc_10001262E, \ rva loc_100012636, \ rva stru_100027910> RUNTIME_FUNCTION <rva loc_100012636, \ rva byte_10001265E, \ rva stru_100027900> RUNTIME_FUNCTION <rva sub_100012670, \ rva loc_1000127A1, \ rva stru_1000278F0> RUNTIME_FUNCTION <rva loc_1000127A1, \ rva loc_100012933, \ rva stru_1000278D4> RUNTIME_FUNCTION <rva loc_100012933, \ rva loc_100012979, \ rva stru_1000278B8> RUNTIME_FUNCTION <rva loc_100012979, \ rva loc_10001298F, \ rva stru_1000278A8> RUNTIME_FUNCTION <rva loc_10001298F, \ rva loc_100012AF9, \ rva stru_10002788C> RUNTIME_FUNCTION <rva loc_100012AF9, \ rva loc_100012C34, \ rva stru_100027878> RUNTIME_FUNCTION <rva loc_100012C34, \ rva byte_100012C5B, \ rva stru_100027868> RUNTIME_FUNCTION <rva sub_100012C70, \ rva algn_100012D3A, \ rva stru_100028254> RUNTIME_FUNCTION <rva sub_100012D40, \ rva loc_100012D9C, \ rva stru_100027854> RUNTIME_FUNCTION <rva loc_100012D9C, \ rva loc_100012DD9, \ rva stru_100027840> RUNTIME_FUNCTION <rva loc_100012DD9, \ rva loc_100012E06, \ rva stru_100027830> RUNTIME_FUNCTION <rva loc_100012E06, \ rva algn_100012E72, \ rva stru_10002781C> RUNTIME_FUNCTION <rva sub_100012E80, \ rva algn_100012FD3, \ rva stru_100028238> RUNTIME_FUNCTION <rva sub_100012FE0, \ rva algn_10001317A, \ rva stru_10002780C> RUNTIME_FUNCTION <rva sub_100013180, \ rva algn_100013318, \ rva stru_1000277F4> RUNTIME_FUNCTION <rva sub_100013320, \ rva algn_1000133B9, \ rva stru_100026D90> RUNTIME_FUNCTION <rva sub_1000133C0, \ rva loc_1000133E9, \ rva stru_100028AF8> RUNTIME_FUNCTION <rva loc_1000133E9, \ rva loc_100013479, \ rva stru_100028AE4> RUNTIME_FUNCTION <rva loc_100013479, \ rva algn_1000136A8, \ rva stru_100028AD4> RUNTIME_FUNCTION <rva sub_1000136B0, \ rva algn_100013AF1, \ rva stru_100028D94> RUNTIME_FUNCTION <rva sub_100013B20, \ rva loc_100013B24, \ rva stru_1000277EC> RUNTIME_FUNCTION <rva loc_100013B24, \ rva loc_100013B29, \ rva stru_1000277D8> RUNTIME_FUNCTION <rva loc_100013B29, \ rva loc_100013BC0, \ rva stru_1000277C0> RUNTIME_FUNCTION <rva loc_100013BC0, \ rva loc_100013BDA, \ rva stru_1000277AC> RUNTIME_FUNCTION <rva loc_100013BDA, \ rva byte_100013BFE, \ rva stru_100027798> RUNTIME_FUNCTION <rva sub_100013C10, \ rva sub_100013DBC, \ rva stru_100028F38> RUNTIME_FUNCTION <rva sub_100013DBC, \ rva sub_100013EB5, \ rva stru_100028F24> RUNTIME_FUNCTION <rva sub_100013EB5, \ rva algn_100013EE2, \ rva stru_100028F14> RUNTIME_FUNCTION <rva sub_100013EF0, \ rva loc_100013EF8, \ rva stru_100028230> RUNTIME_FUNCTION <rva loc_100013EF8, \ rva loc_100013F15, \ rva stru_100028214> RUNTIME_FUNCTION <rva loc_100013F15, \ rva loc_100013F7F, \ rva stru_100028200> RUNTIME_FUNCTION <rva loc_100013F7F, \ rva loc_100013FBC, \ rva stru_1000281F0> RUNTIME_FUNCTION <rva loc_100013FBC, \ rva algn_100013FEA, \ rva stru_1000281D8> RUNTIME_FUNCTION <rva sub_100013FF0, \ rva loc_100014036, \ rva stru_100026D80> RUNTIME_FUNCTION <rva loc_100014036, \ rva loc_100014097, \ rva stru_100026D68> RUNTIME_FUNCTION <rva loc_100014097, \ rva algn_1000140A6, \ rva stru_100026D58> RUNTIME_FUNCTION <rva sub_1000140B0, \ rva loc_1000140B6, \ rva stru_100027790> RUNTIME_FUNCTION <rva loc_1000140B6, \ rva loc_1000140F6, \ rva stru_100027778> RUNTIME_FUNCTION <rva loc_1000140F6, \ rva loc_100014157, \ rva stru_100027760> RUNTIME_FUNCTION <rva loc_100014157, \ rva loc_10001416A, \ rva stru_100027750> RUNTIME_FUNCTION <rva loc_10001416A, \ rva algn_100014177, \ rva stru_100027740> RUNTIME_FUNCTION <rva sub_100014180, \ rva algn_100014267, \ rva stru_1000287F8> RUNTIME_FUNCTION <rva sub_100014270, \ rva algn_10001454B, \ rva stru_100028AAC> RUNTIME_FUNCTION <rva sub_100014560, \ rva algn_10001463A, \ rva stru_100026D44> RUNTIME_FUNCTION <rva sub_100014640, \ rva algn_1000146A4, \ rva stru_100026D30> RUNTIME_FUNCTION <rva sub_1000146B0, \ rva sub_1000146BF, \ rva stru_100027738> RUNTIME_FUNCTION <rva sub_1000146BF, \ rva sub_1000146E7, \ rva stru_100027720> RUNTIME_FUNCTION <rva sub_1000146E7, \ rva byte_1000146FD, \ rva stru_10002770C> RUNTIME_FUNCTION <rva sub_100014710, \ rva byte_10001483B, \ rva stru_100026D1C> RUNTIME_FUNCTION <rva sub_100014850, \ rva byte_100014ADE, \ rva stru_1000281B4> RUNTIME_FUNCTION <rva sub_100014AF0, \ rva loc_100014B1B, \ rva stru_1000287E8> RUNTIME_FUNCTION <rva loc_100014B1B, \ rva loc_100014BB5, \ rva stru_1000287D0> RUNTIME_FUNCTION <rva loc_100014BB5, \ rva loc_100014BC6, \ rva stru_1000287C0> RUNTIME_FUNCTION <rva loc_100014BC6, \ rva algn_100014BD7, \ rva stru_1000287A8> RUNTIME_FUNCTION <rva sub_100014BE0, \ rva loc_100014BE4, \ rva stru_100027704> RUNTIME_FUNCTION <rva loc_100014BE4, \ rva loc_100014C0C, \ rva stru_1000276E8> RUNTIME_FUNCTION <rva loc_100014C0C, \ rva loc_100014C5E, \ rva stru_1000276D4> RUNTIME_FUNCTION <rva loc_100014C5E, \ rva loc_100014CE5, \ rva stru_1000276C4> RUNTIME_FUNCTION <rva loc_100014CE5, \ rva algn_100014CF4, \ rva stru_1000276B4> RUNTIME_FUNCTION <rva sub_100014D00, \ rva algn_100014D48, \ rva stru_1000276AC> RUNTIME_FUNCTION <rva sub_100014D50, \ rva loc_100014E48, \ rva stru_100027694> RUNTIME_FUNCTION <rva loc_100014E48, \ rva byte_10001509B, \ rva stru_100027674> RUNTIME_FUNCTION <rva sub_1000150B0, \ rva loc_1000150C1, \ rva stru_100026D10> RUNTIME_FUNCTION <rva loc_1000150C1, \ rva loc_1000150F9, \ rva stru_100026CFC> RUNTIME_FUNCTION <rva loc_1000150F9, \ rva algn_100015103, \ rva stru_100026CEC> RUNTIME_FUNCTION <rva sub_100015110, \ rva algn_10001524C, \ rva stru_10002765C> RUNTIME_FUNCTION <rva sub_100015260, \ rva loc_1000152B5, \ rva stru_10002764C> RUNTIME_FUNCTION <rva loc_1000152B5, \ rva loc_1000152D2, \ rva stru_100027638> RUNTIME_FUNCTION <rva loc_1000152D2, \ rva loc_1000153D0, \ rva stru_100027618> RUNTIME_FUNCTION <rva loc_1000153D0, \ rva loc_1000153EA, \ rva stru_100027608> RUNTIME_FUNCTION <rva loc_1000153EA, \ rva loc_1000153EE, \ rva stru_1000275F4> RUNTIME_FUNCTION <rva loc_1000153EE, \ rva byte_1000153FF, \ rva stru_1000275D0> RUNTIME_FUNCTION <rva sub_100015410, \ rva algn_1000156E4, \ rva stru_100028190> RUNTIME_FUNCTION <rva sub_1000156F0, \ rva byte_1000157FF, \ rva stru_100028174> RUNTIME_FUNCTION <rva sub_100015810, \ rva algn_1000159DA, \ rva stru_100028A9C> RUNTIME_FUNCTION <rva sub_1000159E0, \ rva algn_100015B62, \ rva stru_10002814C> RUNTIME_FUNCTION <rva sub_100015B70, \ rva algn_100015BD1, \ rva stru_100026CE4> RUNTIME_FUNCTION <rva sub_100015BE0, \ rva sub_100015BFA, \ rva stru_10002879C> RUNTIME_FUNCTION <rva sub_100015BFA, \ rva sub_100015CFF, \ rva stru_100028788> RUNTIME_FUNCTION <rva sub_100015CFF, \ rva sub_100015D11, \ rva stru_100028774> RUNTIME_FUNCTION <rva sub_100015D11, \ rva sub_100015E71, \ rva stru_100028754> RUNTIME_FUNCTION <rva sub_100015E71, \ rva sub_100015E7E, \ rva stru_100028744> RUNTIME_FUNCTION <rva sub_100015E7E, \ rva sub_100015E8D, \ rva stru_100028734> RUNTIME_FUNCTION <rva sub_100015E8D, \ rva algn_100015EC4, \ rva stru_100028724> RUNTIME_FUNCTION <rva sub_100015ED0, \ rva algn_1000161A3, \ rva stru_10002812C> RUNTIME_FUNCTION <rva sub_1000161B0, \ rva loc_100016205, \ rva stru_100028710> RUNTIME_FUNCTION <rva loc_100016205, \ rva loc_100016233, \ rva stru_1000286FC> RUNTIME_FUNCTION <rva loc_100016233, \ rva loc_10001624C, \ rva stru_1000286EC> RUNTIME_FUNCTION <rva loc_10001624C, \ rva loc_1000162A4, \ rva stru_1000286D8> RUNTIME_FUNCTION <rva loc_1000162A4, \ rva loc_10001632F, \ rva stru_1000286C4> RUNTIME_FUNCTION <rva loc_10001632F, \ rva algn_100016348, \ rva stru_1000286B4> RUNTIME_FUNCTION <rva EnumFunc, \ rva loc_10001647F, \ rva stru_10002869C> RUNTIME_FUNCTION <rva loc_10001647F, \ rva loc_100016540, \ rva stru_100028688> RUNTIME_FUNCTION <rva loc_100016540, \ rva algn_100016559, \ rva stru_100028678> RUNTIME_FUNCTION <rva sub_100016560, \ rva loc_100016605, \ rva stru_100028664> RUNTIME_FUNCTION <rva loc_100016605, \ rva loc_100016725, \ rva stru_10002864C> RUNTIME_FUNCTION <rva loc_100016725, \ rva loc_100016752, \ rva stru_10002863C> RUNTIME_FUNCTION <rva loc_100016752, \ rva loc_1000167CA, \ rva stru_100028624> RUNTIME_FUNCTION <rva loc_1000167CA, \ rva algn_1000167D4, \ rva stru_100028614> RUNTIME_FUNCTION <rva sub_1000167E0, \ rva loc_10001681E, \ rva stru_100026CD4> RUNTIME_FUNCTION <rva loc_10001681E, \ rva loc_100016947, \ rva stru_100026CB0> RUNTIME_FUNCTION <rva loc_100016947, \ rva loc_100016A0A, \ rva stru_100026C9C> RUNTIME_FUNCTION <rva loc_100016A0A, \ rva algn_100016A22, \ rva stru_100026C8C> RUNTIME_FUNCTION <rva sub_100016A30, \ rva loc_100016A37, \ rva stru_100028124> RUNTIME_FUNCTION <rva loc_100016A37, \ rva loc_100016FC0, \ rva stru_1000280FC> RUNTIME_FUNCTION <rva loc_100016FC0, \ rva byte_100016FDC, \ rva stru_1000280D4> RUNTIME_FUNCTION <rva sub_100016FF0, \ rva algn_100017267, \ rva stru_100028D78> RUNTIME_FUNCTION <rva sub_100017270, \ rva loc_10001729D, \ rva stru_1000280C0> RUNTIME_FUNCTION <rva loc_10001729D, \ rva loc_100017302, \ rva stru_1000280AC> RUNTIME_FUNCTION <rva loc_100017302, \ rva byte_1000173BF, \ rva stru_10002809C> RUNTIME_FUNCTION <rva sub_1000173F0, \ rva loc_1000173F4, \ rva stru_1000275C8> RUNTIME_FUNCTION <rva loc_1000173F4, \ rva loc_1000173F9, \ rva stru_1000275B4> RUNTIME_FUNCTION <rva loc_1000173F9, \ rva loc_100017490, \ rva stru_10002759C> RUNTIME_FUNCTION <rva loc_100017490, \ rva loc_1000174AA, \ rva stru_100027588> RUNTIME_FUNCTION <rva loc_1000174AA, \ rva algn_1000174CE, \ rva stru_100027574> RUNTIME_FUNCTION <rva sub_1000174E0, \ rva loc_100017558, \ rva stru_100026C80> RUNTIME_FUNCTION <rva loc_100017558, \ rva loc_100017633, \ rva stru_100026C60> RUNTIME_FUNCTION <rva loc_100017633, \ rva loc_100017650, \ rva stru_100026C50> RUNTIME_FUNCTION <rva loc_100017650, \ rva algn_100017657, \ rva stru_100026C30> RUNTIME_FUNCTION <rva sub_100017660, \ rva loc_100017669, \ rva stru_100028F08> RUNTIME_FUNCTION <rva loc_100017669, \ rva loc_10001777D, \ rva stru_100028EE8> RUNTIME_FUNCTION <rva loc_10001777D, \ rva algn_100017814, \ rva stru_100028ED0> RUNTIME_FUNCTION <rva sub_100017820, \ rva algn_10001798A, \ rva stru_10002755C> RUNTIME_FUNCTION <rva sub_100017990, \ rva algn_100017A29, \ rva stru_100026C20> RUNTIME_FUNCTION <rva sub_100017A30, \ rva algn_100017A4A, \ rva stru_100026C18> RUNTIME_FUNCTION <rva sub_100017A50, \ rva loc_100017A81, \ rva stru_100028094> RUNTIME_FUNCTION <rva loc_100017A81, \ rva loc_100017D6D, \ rva stru_100028074> RUNTIME_FUNCTION <rva loc_100017D6D, \ rva algn_100017D84, \ rva stru_100028064> RUNTIME_FUNCTION <rva sub_100017D90, \ rva loc_100017DDA, \ rva stru_10002754C> RUNTIME_FUNCTION <rva loc_100017DDA, \ rva loc_100017EB4, \ rva stru_100027538> RUNTIME_FUNCTION <rva loc_100017EB4, \ rva algn_100017F22, \ rva stru_100027528> RUNTIME_FUNCTION <rva sub_100017F40, \ rva algn_100018002, \ rva stru_100026C00> RUNTIME_FUNCTION <rva sub_100018010, \ rva algn_10001810A, \ rva stru_100027520> RUNTIME_FUNCTION <rva sub_100018110, \ rva algn_1000181D0, \ rva stru_100026BF8> RUNTIME_FUNCTION <rva sub_1000181E0, \ rva sub_100018259, \ rva stru_100026BE0> RUNTIME_FUNCTION <rva sub_100018259, \ rva sub_100018332, \ rva stru_100026BC8> RUNTIME_FUNCTION <rva sub_100018332, \ rva algn_1000183AB, \ rva stru_100026BB8> RUNTIME_FUNCTION <rva sub_1000183C0, \ rva algn_100018474, \ rva stru_100026BA4> RUNTIME_FUNCTION <rva sub_100018480, \ rva algn_1000184E3, \ rva stru_100026B90> RUNTIME_FUNCTION <rva sub_1000184F0, \ rva algn_100018548, \ rva stru_100026B7C> RUNTIME_FUNCTION <rva sub_100018550, \ rva algn_10001872F, \ rva stru_10002750C> RUNTIME_FUNCTION <rva sub_100018740, \ rva algn_1000187B2, \ rva stru_100026B68> RUNTIME_FUNCTION <rva sub_1000187C0, \ rva sub_1000187E4, \ rva stru_100026B5C> RUNTIME_FUNCTION <rva sub_1000187E4, \ rva sub_10001881D, \ rva stru_100026B48> RUNTIME_FUNCTION <rva sub_10001881D, \ rva algn_100018827, \ rva stru_100026B38> RUNTIME_FUNCTION <rva sub_100018830, \ rva algn_1000188B5, \ rva stru_100026B2C> RUNTIME_FUNCTION <rva sub_1000188C0, \ rva algn_1000188F3, \ rva stru_100026B24> RUNTIME_FUNCTION <rva sub_100018900, \ rva byte_100018C3C, \ rva stru_10002803C> RUNTIME_FUNCTION <rva sub_100018C50, \ rva sub_100018C7B, \ rva stru_100028604> RUNTIME_FUNCTION <rva sub_100018C7B, \ rva sub_100018D15, \ rva stru_1000285EC> RUNTIME_FUNCTION <rva sub_100018D15, \ rva sub_100018D26, \ rva stru_1000285DC> RUNTIME_FUNCTION <rva sub_100018D26, \ rva byte_100018D37, \ rva stru_1000285C4> RUNTIME_FUNCTION <rva sub_100018D40, \ rva algn_100018D78, \ rva stru_100027504> RUNTIME_FUNCTION <rva sub_100018D80, \ rva algn_1000192B7, \ rva stru_100028014> RUNTIME_FUNCTION <rva sub_1000192C0, \ rva loc_100019315, \ rva stru_1000274F4> RUNTIME_FUNCTION <rva loc_100019315, \ rva loc_100019332, \ rva stru_1000274E0> RUNTIME_FUNCTION <rva loc_100019332, \ rva loc_100019430, \ rva stru_1000274C0> RUNTIME_FUNCTION <rva loc_100019430, \ rva loc_10001944A, \ rva stru_1000274B0> RUNTIME_FUNCTION <rva loc_10001944A, \ rva loc_10001944E, \ rva stru_10002749C> RUNTIME_FUNCTION <rva loc_10001944E, \ rva byte_10001945F, \ rva stru_100027478> RUNTIME_FUNCTION <rva sub_100019470, \ rva loc_10001952A, \ rva stru_100027FF8> RUNTIME_FUNCTION <rva loc_10001952A, \ rva loc_1000195F4, \ rva stru_100027FE4> RUNTIME_FUNCTION <rva loc_1000195F4, \ rva loc_1000196B1, \ rva stru_100027FCC> RUNTIME_FUNCTION <rva loc_1000196B1, \ rva loc_10001970E, \ rva stru_100027FBC> RUNTIME_FUNCTION <rva loc_10001970E, \ rva algn_10001972F, \ rva stru_100027FAC> RUNTIME_FUNCTION <rva sub_100019740, \ rva byte_10001987C, \ rva stru_100027F90> RUNTIME_FUNCTION <rva sub_100019890, \ rva algn_100019AD7, \ rva stru_100028A88> RUNTIME_FUNCTION <rva sub_100019AE0, \ rva sub_100019B20, \ rva stru_1000285B8> RUNTIME_FUNCTION <rva sub_100019B20, \ rva sub_100019B64, \ rva stru_100028590> RUNTIME_FUNCTION <rva sub_100019B64, \ rva sub_100019D06, \ rva stru_10002857C> RUNTIME_FUNCTION <rva sub_100019D06, \ rva sub_100019DC7, \ rva stru_10002856C> RUNTIME_FUNCTION <rva sub_100019DC7, \ rva sub_100019E33, \ rva stru_100028558> RUNTIME_FUNCTION <rva sub_100019E33, \ rva sub_10001A085, \ rva stru_100028548> RUNTIME_FUNCTION <rva sub_10001A085, \ rva algn_10001A0A4, \ rva stru_100028538> RUNTIME_FUNCTION <rva sub_10001A0B0, \ rva loc_10001A0BC, \ rva stru_100027F88> RUNTIME_FUNCTION <rva loc_10001A0BC, \ rva loc_10001A10D, \ rva stru_100027F64> RUNTIME_FUNCTION <rva loc_10001A10D, \ rva loc_10001A1A6, \ rva stru_100027F4C> RUNTIME_FUNCTION <rva loc_10001A1A6, \ rva loc_10001A206, \ rva stru_100027F3C> RUNTIME_FUNCTION <rva loc_10001A206, \ rva loc_10001A225, \ rva stru_100027F20> RUNTIME_FUNCTION <rva loc_10001A225, \ rva algn_10001A241, \ rva stru_100027F08> RUNTIME_FUNCTION <rva sub_10001A250, \ rva algn_10001A442, \ rva stru_100026AFC> RUNTIME_FUNCTION <rva sub_10001A450, \ rva loc_10001A46C, \ rva stru_100027F00> RUNTIME_FUNCTION <rva loc_10001A46C, \ rva loc_10001A649, \ rva stru_100027ED4> RUNTIME_FUNCTION <rva loc_10001A649, \ rva loc_10001AB23, \ rva stru_100027EC0> RUNTIME_FUNCTION <rva loc_10001AB23, \ rva loc_10001AB69, \ rva stru_100027EB0> RUNTIME_FUNCTION <rva loc_10001AB69, \ rva algn_10001AB8F, \ rva stru_100027E9C> RUNTIME_FUNCTION <rva sub_10001ABA0, \ rva algn_10001AE45, \ rva stru_100028D5C> RUNTIME_FUNCTION <rva sub_10001AE50, \ rva loc_10001AE85, \ rva stru_100027E84> RUNTIME_FUNCTION <rva loc_10001AE85, \ rva loc_10001AEDE, \ rva stru_100027E70> RUNTIME_FUNCTION <rva loc_10001AEDE, \ rva algn_10001AF23, \ rva stru_100027E60> RUNTIME_FUNCTION <rva sub_10001AF50, \ rva loc_10001AF65, \ rva stru_10002852C> RUNTIME_FUNCTION <rva loc_10001AF65, \ rva loc_10001AFF0, \ rva stru_100028514> RUNTIME_FUNCTION <rva loc_10001AFF0, \ rva loc_10001B012, \ rva stru_100028500> RUNTIME_FUNCTION <rva loc_10001B012, \ rva algn_10001B036, \ rva stru_1000284F0> RUNTIME_FUNCTION <rva sub_10001B040, \ rva loc_10001B08D, \ rva stru_10002746C> RUNTIME_FUNCTION <rva loc_10001B08D, \ rva loc_10001B198, \ rva stru_100027450> RUNTIME_FUNCTION <rva loc_10001B198, \ rva loc_10001B1B5, \ rva stru_100027440> RUNTIME_FUNCTION <rva loc_10001B1B5, \ rva byte_10001B1BC, \ rva stru_100027424> RUNTIME_FUNCTION <rva sub_10001B1D0, \ rva algn_10001B492, \ rva stru_100028EAC> RUNTIME_FUNCTION <rva sub_10001B4A0, \ rva algn_10001B611, \ rva stru_100027410> RUNTIME_FUNCTION <rva sub_10001B620, \ rva sub_10001B639, \ rva stru_100027400> RUNTIME_FUNCTION <rva sub_10001B639, \ rva sub_10001B66D, \ rva stru_1000273E8> RUNTIME_FUNCTION <rva sub_10001B66D, \ rva sub_10001B6CB, \ rva stru_1000273D4> RUNTIME_FUNCTION <rva sub_10001B6CB, \ rva sub_10001B711, \ rva stru_1000273C4> RUNTIME_FUNCTION <rva sub_10001B711, \ rva sub_10001B753, \ rva stru_1000273B0> RUNTIME_FUNCTION <rva sub_10001B753, \ rva algn_10001B777, \ rva stru_1000273A0> RUNTIME_FUNCTION <rva sub_10001B780, \ rva loc_10001B93B, \ rva stru_100027E50> RUNTIME_FUNCTION <rva loc_10001B93B, \ rva loc_10001BA09, \ rva stru_100027E34> RUNTIME_FUNCTION <rva loc_10001BA09, \ rva loc_10001BA80, \ rva stru_100027E20> RUNTIME_FUNCTION <rva loc_10001BA80, \ rva algn_10001BAA5, \ rva stru_100027E10> RUNTIME_FUNCTION <rva sub_10001BAB0, \ rva algn_10001BADA, \ rva stru_100026AF4> RUNTIME_FUNCTION <rva sub_10001BAE0, \ rva algn_10001BC45, \ rva stru_100026AE0> RUNTIME_FUNCTION <rva sub_10001BC50, \ rva algn_10001BDA4, \ rva stru_100027384> RUNTIME_FUNCTION <rva sub_10001BDC0, \ rva algn_10001BE75, \ rva stru_100025A88> RUNTIME_FUNCTION <rva sub_10001BE80, \ rva algn_10001BF9A, \ rva stru_100025A98> RUNTIME_FUNCTION <rva _amsg_exit, \ rva algn_10001BFCE, \ rva stru_100025AAC> RUNTIME_FUNCTION <rva start, \ rva algn_10001C297, \ rva stru_100025ABC> RUNTIME_FUNCTION <rva wWinMainCRTStartup$filt$0,\ rva byte_10001C2BC, \ rva stru_100025AB4> RUNTIME_FUNCTION <rva unknown_libname_1,\ ; Microsoft VisualC v7/9 64bit runtime rva algn_10001C357, \ rva stru_100025AE4> RUNTIME_FUNCTION <rva wcstoxl, \ rva algn_10001C5C7, \ rva stru_100025AEC> RUNTIME_FUNCTION <rva __mbstowcs_mt, \ rva algn_10001CAA9, \ rva stru_100025B14> RUNTIME_FUNCTION <rva sub_10001CAB0, \ rva algn_10001CB0A, \ rva stru_100025B2C> RUNTIME_FUNCTION <rva __crtExitProcess, \ rva algn_10001CC4B+1, \ rva stru_100025B40> RUNTIME_FUNCTION <rva _initterm, \ rva algn_10001CCA2, \ rva stru_100025B48> RUNTIME_FUNCTION <rva _cinit, \ rva algn_10001CD34, \ rva stru_100025B58> RUNTIME_FUNCTION <rva doexit, \ rva algn_10001CE2F, \ rva stru_100025B70> RUNTIME_FUNCTION <rva doexit$fin$0, \ rva algn_10001CE4F, \ rva stru_100025B68> RUNTIME_FUNCTION <rva _NMSG_WRITE, \ rva loc_10001CF0E, \ rva stru_100025BFC> RUNTIME_FUNCTION <rva loc_10001CF0E, \ rva loc_10001CF45, \ rva stru_100025BE4> RUNTIME_FUNCTION <rva loc_10001CF45, \ rva loc_10001D000, \ rva stru_100025BD0> RUNTIME_FUNCTION <rva loc_10001D000, \ rva loc_10001D09E, \ rva stru_100025BC0> RUNTIME_FUNCTION <rva loc_10001D09E, \ rva loc_10001D0E9, \ rva stru_100025BAC> RUNTIME_FUNCTION <rva loc_10001D0E9, \ rva algn_10001D0F8, \ rva stru_100025B9C> RUNTIME_FUNCTION <rva _FF_MSGBANNER, \ rva algn_10001D144, \ rva stru_100025C0C> RUNTIME_FUNCTION <rva __C_specific_handler,\ rva algn_10001D2EF, \ rva stru_100025C14> RUNTIME_FUNCTION <rva _XcptFilter, \ rva loc_10001D3C2, \ rva stru_100025C60> RUNTIME_FUNCTION <rva loc_10001D3C2, \ rva loc_10001D4F6, \ rva stru_100025C4C> RUNTIME_FUNCTION <rva loc_10001D4F6, \ rva algn_10001D513, \ rva stru_100025C3C> RUNTIME_FUNCTION <rva _wsetenvp, \ rva loc_10001D5AE, \ rva stru_100025CC4> RUNTIME_FUNCTION <rva loc_10001D5AE, \ rva loc_10001D614, \ rva stru_100025CAC> RUNTIME_FUNCTION <rva loc_10001D614, \ rva loc_10001D6C7, \ rva stru_100025C90> RUNTIME_FUNCTION <rva loc_10001D6C7, \ rva algn_10001D6F7, \ rva stru_100025C74> RUNTIME_FUNCTION <rva wparse_cmdline, \ rva algn_10001D8B6, \ rva stru_100025CCC> RUNTIME_FUNCTION <rva _wsetargv, \ rva algn_10001DB0B, \ rva stru_100025CDC> RUNTIME_FUNCTION <rva __crtGetEnvironmentStringsW,\ rva loc_10001DC85, \ rva stru_100025D28> RUNTIME_FUNCTION <rva loc_10001DC85, \ rva loc_10001DD05, \ rva stru_100025D14> RUNTIME_FUNCTION <rva loc_10001DD05, \ rva loc_10001DD23, \ rva stru_100025D04> RUNTIME_FUNCTION <rva loc_10001DD23, \ rva algn_10001DD38, \ rva stru_100025CF0> RUNTIME_FUNCTION <rva __crtGetCommandLineW,\ rva loc_10001DDA1, \ rva stru_100025D94> RUNTIME_FUNCTION <rva loc_10001DDA1, \ rva loc_10001DDE7, \ rva stru_100025D7C> RUNTIME_FUNCTION <rva loc_10001DDE7, \ rva loc_10001DE38, \ rva stru_100025D60> RUNTIME_FUNCTION <rva loc_10001DE38, \ rva algn_10001DE56, \ rva stru_100025D44> RUNTIME_FUNCTION <rva _ioinit, \ rva algn_10001E147, \ rva stru_100025DA8> RUNTIME_FUNCTION <rva _ioinit$filt$0, \ rva algn_10001E16A, \ rva stru_100025D9C> RUNTIME_FUNCTION <rva _getptd_noexit, \ rva algn_10001E211, \ rva stru_100025DE4> RUNTIME_FUNCTION <rva _getptd, \ rva loc_10001E229, \ rva stru_100025E18> RUNTIME_FUNCTION <rva loc_10001E229, \ rva loc_10001E2A9, \ rva stru_100025E04> RUNTIME_FUNCTION <rva loc_10001E2A9, \ rva byte_10001E2BE, \ rva stru_100025DF4> RUNTIME_FUNCTION <rva _freefls, \ rva algn_10001E415, \ rva stru_100025E34> RUNTIME_FUNCTION <rva _freefls$fin$1, \ rva algn_10001E439, \ rva stru_100025E2C> RUNTIME_FUNCTION <rva _freefls$fin$0, \ rva algn_10001E459, \ rva stru_100025E24> RUNTIME_FUNCTION <rva _mtinit, \ rva byte_10001E5DB, \ rva stru_100025E64> RUNTIME_FUNCTION <rva _heap_init, \ rva algn_10001E641, \ rva stru_100025E6C> RUNTIME_FUNCTION <rva _flsbuf, \ rva loc_10001E67E, \ rva stru_100025EFC> RUNTIME_FUNCTION <rva loc_10001E67E, \ rva loc_10001E6EB, \ rva stru_100025EE8> RUNTIME_FUNCTION <rva loc_10001E6EB, \ rva loc_10001E72B, \ rva stru_100025ED4> RUNTIME_FUNCTION <rva loc_10001E72B, \ rva loc_10001E74A, \ rva stru_100025EC4> RUNTIME_FUNCTION <rva loc_10001E74A, \ rva loc_10001E7B2, \ rva stru_100025EAC> RUNTIME_FUNCTION <rva loc_10001E7B2, \ rva loc_10001E7CF, \ rva stru_100025E98> RUNTIME_FUNCTION <rva loc_10001E7CF, \ rva loc_10001E7E8, \ rva stru_100025E84> RUNTIME_FUNCTION <rva loc_10001E7E8, \ rva algn_10001E802, \ rva stru_100025E74> RUNTIME_FUNCTION <rva _woutput, \ rva loc_10001E829, \ rva stru_100025FD4> RUNTIME_FUNCTION <rva loc_10001E829, \ rva loc_10001F460, \ rva stru_100025FA4> RUNTIME_FUNCTION <rva loc_10001F460, \ ; default rva loc_10001F464, \ rva stru_100025F94> RUNTIME_FUNCTION <rva loc_10001F464, \ ; default rva loc_10001F497, \ rva stru_100025F64> RUNTIME_FUNCTION <rva loc_10001F497, \ rva sub_10001F4E0, \ rva stru_100025F3C> RUNTIME_FUNCTION <rva sub_10001F4E0, \ rva algn_10001F572, \ rva stru_100025F0C> RUNTIME_FUNCTION <rva _errno, \ rva algn_10001F5A3, \ rva stru_100025FDC> RUNTIME_FUNCTION <rva __doserrno, \ rva algn_10001F5D3, \ rva stru_100025FE4> RUNTIME_FUNCTION <rva _dosmaperr, \ rva algn_10001F758, \ rva stru_100025FEC> RUNTIME_FUNCTION <rva __iswctype_mt, \ rva algn_10001F9CB, \ rva stru_100026000> RUNTIME_FUNCTION <rva __freetlocinfo, \ rva algn_10001FAC2, \ rva stru_100026008> RUNTIME_FUNCTION <rva __updatetlocinfo_lk,\ rva byte_10001FBDB, \ rva stru_100026010> RUNTIME_FUNCTION <rva __updatetlocinfo, \ rva algn_10001FC1C, \ rva stru_100026020> RUNTIME_FUNCTION <rva __updatetlocinfo$fin$0,\ rva algn_10001FC39, \ rva stru_100026018> RUNTIME_FUNCTION <rva _mtinitlocks, \ rva algn_10001FCED, \ rva stru_100026040> RUNTIME_FUNCTION <rva _mtdeletelocks, \ rva loc_10001FD0E, \ rva stru_10002608C> RUNTIME_FUNCTION <rva loc_10001FD0E, \ rva loc_10001FD70, \ rva stru_100026070> RUNTIME_FUNCTION <rva loc_10001FD70, \ rva byte_10001FD9C, \ rva stru_100026060> RUNTIME_FUNCTION <rva _mtinitlocknum, \ rva algn_10001FECC, \ rva stru_1000260A4> RUNTIME_FUNCTION <rva _mtinitlocknum$fin$0,\ rva algn_10001FEEC, \ rva stru_10002609C> RUNTIME_FUNCTION <rva _lock, \ rva algn_10001FF4C, \ rva stru_1000260E0> RUNTIME_FUNCTION <rva __crtMessageBoxA, \ rva byte_1000200F5, \ rva stru_1000260F0> RUNTIME_FUNCTION <rva free, \ rva byte_1000202E0, \ rva stru_10002610C> RUNTIME_FUNCTION <rva unknown_libname_2,\ ; Microsoft VisualC v7/9 64bit runtime rva byte_10002035E, \ rva stru_100026114> RUNTIME_FUNCTION <rva unknown_libname_4,\ ; Microsoft VisualC v7/9 64bit runtime rva algn_1000203F6, \ rva stru_10002612C> RUNTIME_FUNCTION <rva sub_100020400, \ rva algn_100020414, \ rva stru_100026148> RUNTIME_FUNCTION <rva __crtInitCritSecAndSpinCount,\ rva __crtInitCritSecAndSpinCount$filt$0,\ rva stru_100026158> RUNTIME_FUNCTION <rva __crtInitCritSecAndSpinCount$filt$0,\ rva algn_100020505, \ rva stru_100026150> RUNTIME_FUNCTION <rva setSBUpLow, \ rva loc_100020570, \ rva stru_1000261A4> RUNTIME_FUNCTION <rva loc_100020570, \ rva loc_100020672, \ rva stru_100026190> RUNTIME_FUNCTION <rva loc_100020672, \ rva algn_100020751, \ rva stru_100026180> RUNTIME_FUNCTION <rva _setmbcp_lk, \ rva loc_1000207C6, \ rva stru_100026200> RUNTIME_FUNCTION <rva loc_1000207C6, \ rva loc_1000208ED, \ rva stru_1000261E8> RUNTIME_FUNCTION <rva loc_1000208ED, \ rva loc_100020995, \ rva stru_1000261D4> RUNTIME_FUNCTION <rva loc_100020995, \ rva loc_100020B02, \ rva stru_1000261C4> RUNTIME_FUNCTION <rva loc_100020B02, \ rva byte_100020B20, \ rva stru_1000261B4> RUNTIME_FUNCTION <rva _setmbcp, \ rva algn_100020CD8, \ rva stru_10002621C> RUNTIME_FUNCTION <rva _setmbcp$fin$0, \ rva algn_100020CF9, \ rva stru_100026214> RUNTIME_FUNCTION <rva __initmbctable, \ rva algn_100020D28, \ rva stru_10002624C> RUNTIME_FUNCTION <rva _lseek_lk, \ rva algn_100020DF4, \ rva stru_100026254> RUNTIME_FUNCTION <rva _lseek, \ rva algn_100020EE2, \ rva stru_100026270> RUNTIME_FUNCTION <rva _lseek$fin$0, \ rva algn_100020F07, \ rva stru_100026268> RUNTIME_FUNCTION <rva _write_lk, \ rva loc_100020F53, \ rva stru_10002631C> RUNTIME_FUNCTION <rva loc_100020F53, \ rva loc_100020FCB, \ rva stru_100026300> RUNTIME_FUNCTION <rva loc_100020FCB, \ rva loc_100021078, \ rva stru_1000262EC> RUNTIME_FUNCTION <rva loc_100021078, \ rva loc_1000210A8, \ rva stru_1000262DC> RUNTIME_FUNCTION <rva loc_1000210A8, \ rva loc_1000210B3, \ rva stru_1000262C8> RUNTIME_FUNCTION <rva loc_1000210B3, \ rva loc_100021152, \ rva stru_1000262B8> RUNTIME_FUNCTION <rva loc_100021152, \ rva algn_100021187, \ rva stru_1000262A8> RUNTIME_FUNCTION <rva _write, \ rva algn_100021272, \ rva stru_10002633C> RUNTIME_FUNCTION <rva _write$fin$0, \ rva algn_100021297, \ rva stru_100026334> RUNTIME_FUNCTION <rva _getbuf, \ rva algn_100021301, \ rva stru_100026374> RUNTIME_FUNCTION <rva __initstdio, \ rva byte_10002143E, \ rva stru_10002637C> RUNTIME_FUNCTION <rva __endstdio, \ rva algn_100021477, \ rva stru_100026384> RUNTIME_FUNCTION <rva _putwc_lk, \ rva loc_1000215E2, \ rva stru_1000263DC> RUNTIME_FUNCTION <rva loc_1000215E2, \ rva loc_10002163B, \ rva stru_1000263C4> RUNTIME_FUNCTION <rva loc_10002163B, \ rva loc_100021654, \ rva stru_1000263B4> RUNTIME_FUNCTION <rva loc_100021654, \ rva loc_10002165A, \ rva stru_10002639C> RUNTIME_FUNCTION <rva loc_10002165A, \ rva byte_10002167C, \ rva stru_10002638C> RUNTIME_FUNCTION <rva __mbtowc_mt, \ rva algn_1000217CF, \ rva stru_1000263EC> RUNTIME_FUNCTION <rva mbtowc, \ rva algn_10002183A, \ rva stru_100026400> RUNTIME_FUNCTION <rva unknown_libname_6,\ ; Microsoft VisualC v7/9 64bit runtime rva algn_100021B89, \ rva stru_100026414> RUNTIME_FUNCTION <rva __free_lc_time, \ rva algn_100021D8C, \ rva stru_100026464> RUNTIME_FUNCTION <rva __free_lconv_num, \ rva algn_100021E10, \ rva stru_10002646C> RUNTIME_FUNCTION <rva __free_lconv_mon, \ rva byte_100021F12, \ rva stru_100026474> RUNTIME_FUNCTION <rva __crtGetStringTypeA,\ rva byte_1000222BE, \ rva stru_10002647C> RUNTIME_FUNCTION <rva sub_100022480, \ rva algn_1000224A4, \ rva stru_1000264C0> RUNTIME_FUNCTION <rva unknown_libname_10,\ ; Microsoft VisualC v7/9 64bit runtime rva loc_1000224B8, \ rva stru_10002652C> RUNTIME_FUNCTION <rva loc_1000224B8, \ rva loc_1000224C5, \ rva stru_100026518> RUNTIME_FUNCTION <rva loc_1000224C5, \ rva loc_100022535, \ rva stru_100026500> RUNTIME_FUNCTION <rva loc_100022535, \ rva loc_100022541, \ rva stru_1000264F0> RUNTIME_FUNCTION <rva loc_100022541, \ ; Microsoft VisualC v7/9 64bit runtime rva unknown_libname_11,\ rva stru_1000264D8> RUNTIME_FUNCTION <rva unknown_libname_11,\ ; Microsoft VisualC v7/9 64bit runtime rva algn_100022558, \ rva stru_1000264C8> RUNTIME_FUNCTION <rva calloc, \ rva algn_1000225CD, \ rva stru_100026534> RUNTIME_FUNCTION <rva unknown_libname_12,\ ; Microsoft VisualC v7/9 64bit runtime rva algn_100022B92, \ rva stru_10002653C> RUNTIME_FUNCTION <rva _free_osfhnd, \ rva algn_100022CC4, \ rva stru_10002659C> RUNTIME_FUNCTION <rva _get_osfhandle, \ rva algn_100022D2A, \ rva stru_1000265B0> RUNTIME_FUNCTION <rva _lock_fhandle, \ rva algn_100022DE7, \ rva stru_1000265C0> RUNTIME_FUNCTION <rva _lock_fhandle$fin$0,\ rva algn_100022E09, \ rva stru_1000265B8> RUNTIME_FUNCTION <rva _lseeki64_lk, \ rva byte_100022F00, \ rva stru_100026600> RUNTIME_FUNCTION <rva _fcloseall, \ rva algn_100022FD7, \ rva stru_100026618> RUNTIME_FUNCTION <rva _fcloseall$fin$0, \ rva algn_100022FF9, \ rva stru_100026610> RUNTIME_FUNCTION <rva _flush, \ rva loc_100023026, \ rva stru_10002666C> RUNTIME_FUNCTION <rva loc_100023026, \ rva loc_100023064, \ rva stru_100026658> RUNTIME_FUNCTION <rva loc_100023064, \ rva algn_100023083, \ rva stru_100026648> RUNTIME_FUNCTION <rva _fflush_lk, \ rva loc_1000230A1, \ rva stru_1000266C4> RUNTIME_FUNCTION <rva loc_1000230A1, \ rva loc_1000230B6, \ rva stru_1000266B0> RUNTIME_FUNCTION <rva loc_1000230B6, \ rva loc_1000230F4, \ rva stru_10002669C> RUNTIME_FUNCTION <rva loc_1000230F4, \ rva loc_10002310B, \ rva stru_10002668C> RUNTIME_FUNCTION <rva loc_10002310B, \ rva algn_100023143, \ rva stru_10002667C> RUNTIME_FUNCTION <rva flsall, \ rva algn_100023258, \ rva stru_1000266E0> RUNTIME_FUNCTION <rva flsall$fin$0, \ rva algn_100023286, \ rva stru_1000266D8> RUNTIME_FUNCTION <rva flsall$fin$1, \ rva algn_1000232A9, \ rva stru_1000266D0> RUNTIME_FUNCTION <rva _flswbuf, \ rva loc_1000232F2, \ rva stru_10002679C> RUNTIME_FUNCTION <rva loc_1000232F2, \ rva loc_10002335F, \ rva stru_100026788> RUNTIME_FUNCTION <rva loc_10002335F, \ rva loc_1000233A0, \ rva stru_100026774> RUNTIME_FUNCTION <rva loc_1000233A0, \ rva loc_1000233C4, \ rva stru_100026764> RUNTIME_FUNCTION <rva loc_1000233C4, \ rva loc_100023430, \ rva stru_10002674C> RUNTIME_FUNCTION <rva loc_100023430, \ rva loc_100023447, \ rva stru_100026738> RUNTIME_FUNCTION <rva loc_100023447, \ rva algn_100023466, \ rva stru_100026728> RUNTIME_FUNCTION <rva wctomb, \ rva algn_100023549, \ rva stru_1000267B0> RUNTIME_FUNCTION <rva _resetstkoflw, \ rva byte_100023700, \ rva stru_1000267C0> RUNTIME_FUNCTION <rva __ansicp, \ rva algn_10002376C, \ rva stru_1000267E8> RUNTIME_FUNCTION <rva __convertcp, \ rva algn_100023A8A, \ rva stru_1000267F0> RUNTIME_FUNCTION <rva atol, \ rva loc_100023ABD, \ rva stru_10002685C> RUNTIME_FUNCTION <rva loc_100023ABD, \ rva loc_100023B22, \ rva stru_100026848> RUNTIME_FUNCTION <rva loc_100023B22, \ rva byte_100023B60, \ rva stru_100026838> RUNTIME_FUNCTION <rva _callnewh, \ rva algn_100023B97, \ rva stru_100026868> RUNTIME_FUNCTION <rva _fclose_lk, \ rva loc_100023BB2, \ rva stru_1000268BC> RUNTIME_FUNCTION <rva loc_100023BB2, \ rva loc_100023BEB, \ rva stru_1000268A8> RUNTIME_FUNCTION <rva loc_100023BEB, \ rva loc_100023C13, \ rva stru_100026894> RUNTIME_FUNCTION <rva loc_100023C13, \ rva loc_100023C29, \ rva stru_100026880> RUNTIME_FUNCTION <rva loc_100023C29, \ rva byte_100023C3D, \ rva stru_100026870> RUNTIME_FUNCTION <rva fclose, \ rva algn_100023CA3, \ rva stru_1000268D0> RUNTIME_FUNCTION <rva fclose$fin$0, \ rva algn_100023CC8, \ rva stru_1000268C8> RUNTIME_FUNCTION <rva _commit, \ rva algn_100023D9C, \ rva stru_100026900> RUNTIME_FUNCTION <rva _commit$fin$0, \ rva algn_100023DB7, \ rva stru_1000268F8> RUNTIME_FUNCTION <rva __isctype_mt, \ rva algn_100023E69, \ rva stru_100026930> RUNTIME_FUNCTION <rva _close_lk, \ rva loc_100023E79, \ rva stru_10002695C> RUNTIME_FUNCTION <rva loc_100023E79, \ rva loc_100023F07, \ rva stru_100026948> RUNTIME_FUNCTION <rva loc_100023F07, \ rva algn_100023F29, \ rva stru_100026938> RUNTIME_FUNCTION <rva _close, \ rva algn_100023FE7, \ rva stru_100026970> RUNTIME_FUNCTION <rva _close$fin$0, \ rva algn_100024007, \ rva stru_100026968> RUNTIME_FUNCTION <rva _freebuf, \ rva byte_100024046, \ rva stru_1000269A0> RUNTIME_FUNCTION <rva sub_100024090, \ rva loc_1000240F0, \ rva stru_1000269CC> RUNTIME_FUNCTION <rva loc_1000240F0, \ rva loc_10002418D, \ rva stru_1000269B8> RUNTIME_FUNCTION <rva loc_10002418D, \ rva byte_100024225, \ rva stru_1000269A8> RUNTIME_FUNCTION <rva sub_100024262, \ rva loc_1000242D9, \ rva stru_1000269E8> RUNTIME_FUNCTION <rva sub_10002436B, \ rva loc_1000243E2, \ rva stru_1000269F0> RUNTIME_FUNCTION <rva sub_100024444, \ rva loc_1000244BB, \ rva stru_1000269F8> RUNTIME_FUNCTION <rva sub_1000244D0, \ rva algn_1000245D5, \ rva stru_100026A00> RUNTIME_FUNCTION <rva sub_1000245E0, \ rva algn_100024630, \ rva stru_100026A18> RUNTIME_FUNCTION <rva sub_100024640, \ rva algn_100024688, \ rva stru_100026A20> RUNTIME_FUNCTION <rva sub_100024690, \ rva algn_1000246A9, \ rva stru_100026A28> RUNTIME_FUNCTION <rva sub_1000246B0, \ rva loc_1000246C8, \ rva stru_100026A58> RUNTIME_FUNCTION <rva loc_1000246C8, \ rva loc_100024770, \ rva stru_100026A40> RUNTIME_FUNCTION <rva loc_100024770, \ rva algn_1000247D4, \ rva stru_100026A30> RUNTIME_FUNCTION <rva sub_1000247E0, \ rva algn_10002488A, \ rva stru_100026A68> RUNTIME_FUNCTION <rva sub_100024890, \ rva byte_1000248FC, \ rva stru_100026A78> RUNTIME_FUNCTION <rva sub_100024910, \ rva byte_1000249E0, \ rva stru_100026A80> RUNTIME_FUNCTION <rva sub_1000249F0, \ rva algn_100024A78, \ rva stru_100026A88> RUNTIME_FUNCTION <rva sub_100024A80, \ rva byte_100024AFF, \ rva stru_100026A90> RUNTIME_FUNCTION <rva sub_100024B10, \ rva algn_100024BCC, \ rva stru_100026A98> RUNTIME_FUNCTION <rva sub_100024BE0, \ rva sub_1000253F4, \ rva stru_100026AA0> RUNTIME_FUNCTION <rva sub_100025400, \ rva loc_100025477, \ rva stru_100026AB0> RUNTIME_FUNCTION <rva sub_1000254A9, \ rva loc_100025520, \ rva stru_100026AB8> RUNTIME_FUNCTION <rva sub_100025530, \ rva algn_100025824, \ rva stru_100026AC0> RUNTIME_FUNCTION <rva sub_100025840, \ rva byte_1000258B4, \ rva stru_100026AD8> RUNTIME_FUNCTION <rva __chkstk, \ rva algn_10002594E, \ rva stru_100026830> RUNTIME_FUNCTION <rva sub_100025980, \ rva algn_100025A81, \ rva stru_10002907C> db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 align 1000h _pdata ends end start