Control Flow Integrity with ptrace()

Transcription

1 Control Flow Integrity with ptrace() Sebastian Krahmer May 18, 2006 Abstract Control Flow Integrity (CFI) is a new technology to ensure a certain execution flow of a program. One of its aims is to prevent attacks against programs such as buffer overflow attacks. A sample implementation for Linux using the ptrace() mechanism is explained in this paper. Search-engine-tag: krahmer-bbpaint Introduction The structure of a program can be described in various ways. Statically, the source code describes exactly what it will do for certain input at runtime. Control flow graphs which are generated from the source code are just a different view of the same structure. At runtime, the binary code defines what the program, now layed out in memory, will do. Even at this time, it is possible to generate graphs in different ways to describe certain flows or to make certain structures of the flow visible. One such way has been described in [4]. Another (different) way is to record the execution of so called basic blocks of binary code. These blocks consist of opcodes at contiguous addresses, for example a sequence of instructions at assembler level without a branch or any other disruption of the instruction pointer. Since programs are deterministic, the number, position in memory and order of execution are fixed for the same input 1. This results in a unique structure for every program which allows for the detection of the execution of code which has not been there before, for example code execution due to a buffer overflow exploit or a computer virus. The nodes of the flow-graph are the basic blocks and contain the disassembled code executed within this block. The edges are the branch instructions between these blocks. Loops can easily be detected by self-reference. Multiple edges between the same blocks in the same direction can be collapsed 2 to shrink the size of the output file and to make the drawing significantly faster. 1 Note that signals are also input. 2 With help of the dot2dot.pl script which is part of the implementation available at [5]. 1

2 2 THE BASIC BLOCK STRUCTURE 2 Figure 1: A basic block from the libc vsyscall page. 0xffffe410: pop 0xffffe411: pop 0xffffe412: pop 0xffffe413: ebp edx ecx Figure 2: A basic block from the libc 0x400d7510: cmp dword [0x c], (8)0x x400d7518: j(ne,nz) byte (8)0x x400d751a: 0x400d751b: mov edx, dword [esp + (8)0x ] 0x400d751f: mov ecx, dword [esp + (8)0x c] 0x400d7523: mov ebx, dword [esp + (8)0x ] 0x400d7527: mov eax, (32)0x x400d752c: 2 The basic block structure The basic block graph from a program can be obtained statically in two ways: by analyzing the binary image 3 or by tracing the control flow of the program at runtime. The resulting graphs may differ for the following reasons. The program used for tracing and recording the basic blocks structure [5] detects control flow changes (for example branches) by comparing the address calculated for the next instruction with the current address. This creates separate basic blocks such as in Figure 1, because, when the execution flow urns from a syscall, the address calculated for the next instruction does not match the instruction pointer. With static analysis this block will not appear. On the other hand, conditional branches may be detected which could be used theoically, but are indeed never executed as the condition will never or very seldom be true. An example is given in Figure 2 where a jne is never executed. From [15] it is known that the question of whether a branch will ever be executed is undecidable in general. The difference between the static and the dynamic basic block structures is not really important as the running program is deterministic. Even small changes in the graph, for example additional nodes and edges can be accepted if their number is below a certain threshold. 3 This includes disassembling.

3 3 DETECTING CONTROL FLOW CHANGES 3 3 Detecting control flow changes For the detection of changes to a program a certain threshold is set. The exact value of this threshold is determined empirically. It will influence the sensitivity of the detection. To detect changes which go beyond this threshold, the structure of the running program has to be recorded in a first step. This is as simple as attaching the tracer program [5] to the process which should be protected. Attaching the tracer to the test program from Figure 3 yields an output-file in the dot-format which can be converted to the graph shown in Figure 4. Whenever the test program is run, it will produce exactly this graph, except if someone subverts the behavior, for example using a buffer overflow attack. In this case the graph would look quite different depending on the new code blocks which are executed. Figures 6 and 7 which have been produced by the same program can serve as an instructive example. Once the structure of the program has been saved, it can be loaded in a second step, whenever the tracer is attached again to the test process. It will then compare whether or not new basic blocks appear. Appropriate action, such as shutting down the process, can then be taken. The test process has a very simple structure. It does not contain buffer overflow conditions. Examples for detected attacks are shown below. Real-world programs are of far greater complexity as can be seen in their graphs, such as the one from the top process in Figure 5. For larger programs the probability grows that there are basic blocks which are not executed because a certain functionality is never or only rarely requested, such as particular menu items, configure options or protocol add-ons. If they are not seen during the recording phase, the tracer program will accidently see them as new blocks in the protection phase. This is not a problem if the threshold is set correctly, for example, it may be acceptable that there appear 10% 4 new basic blocks during a run; on the other hand, if new blocks occur in large numbers and with about the same complexity as the program just traced, then it is likely something is wrong. Nevertheless, while recording the structure, as much functionality as possible should be seen so that the resulting graph is as complete as possible. 4 Usage details The program to record and match the basic block graphs can be found at [5]. Graphs are saved in the graphivz [6] dot-file format but can be converted to the VCG format with the dot2vcg.pl perl script [5]. The program is proof of concept. It is slow but has already been improved to use caching mechanisms to avoid multiple analysis of the same blocks. The block-matching in the protection phase is very basic. The addresses of the basic blocks are loaded and whenever a new 4 It is obvious that the number of never executed blocks is small compared to the blocks executed during a run, if all functionality of the program is requested. However to have a strong value for a threshold further statistical research and experiments are necessary.

4 4 USAGE DETAILS 4 Figure 3: The source code of the test program. 1 #include <stdio.h> 2 int f() 3 { 4 write(2, "hello world\n", 13); 5 urn g(); 6 } 7 int g() 8 { 9 usleep(1000); 10 urn 2; 11 } 12 int main() 13 { 14 char buf[1024]; 15 printf("%d\n", getpid()); 16 sleep(10); 17 for (;;) { 18 printf("hello world\n"); 19 sleep(3); 20 g(); 21 f(); 22 g(); 23 } 24 urn 0; 25 }

5 5 BUFFER OVERFLOW EXAMPLE 5 block is entered it is checked whether this block is known. A threshold could be added very easily. Even far more complex scenarios could be added such as sub-graph detection or the weight of nodes. This will, however, slow down the process. The detection of new basic blocks is a reliable and fast way to detect execution of new code. 5 Buffer Overflow example The following program, which contains a buffer overflow condition, will be used as an example of how the basic block structure is recorded during a normal program run and how an attack can be detected. The program is a simple server which accepts connections via the TCP/IP protocol. Once a connection arrived, a new process is spawned to handle this connection. The basic block structure of this program will be recorded while it is handling the connection of a client. The job of the server is to read data from the network and to answer with an OK. While reading the data from the network, a buffer overflow can be triggered. This allows attackers to construct evil clients which execute commands via this server. Since one can record the normal execution flow of the server as shown below, it is possible to detect the attack during a second run by comparing the two execution flows which should be identical if no attack happened, but which are quite different. 1 #include <stdio.h> 2 #include <netinet/in.h> 3 #include <sys/socket.h> 4 #include <sys/types.h> 5 #include <errno.h> 6 #include <unistd.h> 7 #include <arpa/inet.h> 8 #include <stdlib.h> 9 #include <string.h> 10 #include <sys/wait.h> 11 #include <sys/mman.h> 12 void die(const char *s) 13 { 14 perror(s); 15 exit(errno); 16 } 17 int handle_connection(int fd) 18 { 19 char buf[1024]; 20 write(fd, "OF Server 1.0\n", 14); 21 read(fd, buf, 4*sizeof(buf)); 22 write(fd, "OK\n", 3); 23 urn 0; 24 } 25 void sigchld(int x) 26 { 27 while (waitpid(-1, NULL, WNOHANG)!= -1); 28 } 29 int main() 30 { 31 int sock = -1, afd = -1; 32 struct sockaddr_in sin; 33 int one = 1; 34 printf("&sock = %p system=%p mmap=%p\n", &sock, system, mmap);

6 5 BUFFER OVERFLOW EXAMPLE 6 35 if ((sock = socket(pf_inet, SOCK_STREAM, 0)) < 0) 36 die("socket"); 37 memset(&sin, 0, sizeof(sin)); 38 sin.sin_family = AF_INET; 39 sin.sin_port = htons(1234); 40 sin.sin_addr.s_addr = INADDR_ANY; 41 setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)); 42 if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) 43 die("bind"); 44 if (listen(sock, 10) < 0) 45 die("listen"); 46 signal(sigchld, sigchld); 47 for (;;) { 48 if ((afd = accept(sock, NULL, 0)) < 0 && errno!= EINTR) 49 die("accept"); 50 if (afd < 0) 51 continue; 52 if (fork() == 0) { 53 close(sock); 54 handle_connection(afd); 55 exit(0); 56 } 57 close(afd); 58 } 59 urn 0; 60 } Once the server process has been started, the tracer program has to be attached to record the basic block structure: linux:bbpaint #./server &sock = 0xbffff37c system=0x80485e4 mmap=0x80485b4 [1]+ Stopped./server linux:bbpaint # bg [1]+./server & linux:bbpaint# ps aux grep server root pts/8 S 09:20 0:00./server root pts/8 S+ 09:21 0:00 grep server linux:bbpaint #./bbpaint -d server.dot -p 7111 New block: New block: 7111 ffffe403 New block: 7111 ffffe410 New block: e6021 New block: d3 New block: b0 New block: New block: New block: c9e0 New block: cb60 New block: bab New block: cb76 New block: e40 New block: e53 New block: a40 New block: aab New block: e67 New block: af0 New block: b12... New block: e6000 New block: b4c41 New block: b4c48 New block: bed0 New block: bed8 New block: b4c74 New block: b4ca7 New block: bef0 New block: b4cae New block: b4c76 New block: bf10... This shows how the tracing process is learning the addresses and their relations while a legitimate client is connecting to the server. The tracer program

7 6 TRACING CHILD PROCESSES 7 prints out the process ID of the code from which it is currently handling a block and the address of that block. As the server is handling new connections in a different process, a new process ID appears during the run. The output of this run eventually results in the graph of Figure 6. Once one has learned all possible blocks, new clients will not trigger the execution of new or different blocks or execution in a different order, as long as they do not try to exploit the overflow condition. The tracer process can then be attached to the server process again. This time, the recorded basic block structure from the last run is loaded to match it against the executed blocks: linux: bbpaint #./bbpaint -D server.dot -p 7111 Loaded 207 basic blocks. There will be only few or no new basic blocks if new clients connect and the server process is doing its normal job. There can be a few new basic blocks due to signal handling which interrupt the normal code flow. The amount, however, should be less than the threshold. The number of basic blocks for a normal program is very large compared to the number of new blocks during a normal program run. However there is a risk if detection of attacks is only based on the occurrence of new blocks since attackers could potentially re-use existing code blocks. Strong CFI implementations should use additional metrics, such as the execution path of blocks or the weight of the nodes, to fend off attacks which try to stay below the new-blocks threshold by slowly making the tracer learning new blocks. Figure 6 shows the basic blocks of the server process during a normal run while the graph in Figure 7 shows the same process while being successfully attacked with an exploit executing a shell. The difference between the two is obvious. If everything were OK then there would not be a difference. 6 Tracing child processes As seen in the output of the tracer-program above, the tracing program which protects the server process has to take care of spawned child processes too. Otherwise it will not see the basic blocks which actually handle the input nor the different execution flows triggered by attackers. Programs with CFI protection need to be attached to by the tracer. Most of these programs will handle untrusted input such as networking daemons. These daemons usually fork() off a child for each new connection. Newer kernels allow one to set the PTRACE O TRACEFORK and PTRACE O TRACEEXEC options in order to follow fork() and execve() system calls. This is necessary since the child process of the networking daemon also needs the protection as it actually handles the input data. By this requirement the tracing process must distinguish between different registers (the instruction pointer in particular) for the processes. The list of basic blocks already handled and used for caching and also the disassembled code can

8 7 CONTROL FLOW INTEGRITY AND VIRUS PROTECTION 8 be shared by the processes as fork() implements copy on write and the.text segment is not written to. The execve() system call however is much more complicated. On the one hand it is necessary to follow it to detect the creation of new blocks if a shell is executed for example. On the other hand it is not possible to distinguish between normal operations and attacks if the process, which is being traced, executed CGI or shell-scripts and so on all the time. This will overlay the graph and this is significant for the attack. It is not possible to protect processes which execute other complex programs, e.g. interpers reliably yet. 7 Control Flow Integrity and Virus protection CFI can be used to detect attacks against programs such as buffer overflows, computer viruses and other kinds of attack. Viruses usually infect the binary image of programs and add their own code in such a way that it is executed upon start of the infected program. Computer viruses also consist of basic blocks which need to be executed in order for the virus to work. There are two possible ways to use CFI for virus protection: Signature detection This is probably the weaker variant. Viruses are usually small pieces of code but also consist of a particular basic block structure which can be seen as a signature which can be detected upon execution. There are two problems with this approach: viruses might use techniques such as polymorphism which change the structure of the basic blocks and may make detection of signatures impossible. Additionally the addresses of the blocks probably differ on each infection since viruses usually contain position independent code. This can be resolved by using other metrics than addresses of the blocks in the same way as CFI would work for a randomized address space. Self encryption by the virus would not protect it from detection by the CFI engine since the basic block structure appears during execution of the decrypted code. White listing This is basically the same way as the one by which buffer overflows would be detected; one has to keep in mind that the attack is performed locally. For every program a description file can be placed in a special directory which must be protected by the Operating System from modification. The description file contains the basic block graph and has to be complete in order to avoid false positives. A virus which infects the program changes the flow-graph. Upon execution of the program the Operating System has to ensure that code can only be executed as permitted by the original flowgraph. Nodes added by the virus will be detected regardless of whether the virus is self-encrypting or polymorphic or of any other kind. The virus should, of course, not be able to modify the description file. This can be achieved by putting it onto a read-only file system.

9 8 DRAWBACKS AND PROBLEMS 9 8 Drawbacks and Problems This paper developed a way to implement Control Flow Integrity on the Linux operating system. It could be implemented on any Operating System. One only needs to adapt the debugging mechanism to properly attach to the processes which need to be protected. The main drawback of this technique is, of course, the slowdown of the process since it runs in debugging mode. In the future it might be possible to add support by the kernel or even CPU support for debugging traps at branch instructions, to avoid the reliance on single stepping. Newer CPUs support the so-called Branch Trace Flag (BTF) in the debugging register which will cause debugging traps only on branches [11]. It is also possible to perform some binary translation during program loading to obtain the addresses of the branch instructions. Intermediate Language (IL) and Virtual Machine (VM) technology, as used in Java and C#, add another execution layer which can be used to create and match control flow graphs. In principle: for CFI to work properly one needs (better) support from the kernel (speedup, child tracing, traps etc) and possibly even from the CPU. For VM and IL systems this is not needed. The detection of new basic blocks does not work if the address space is randomized 5 since the blocks will have different addresses at each startup, so the structure saved from the previous run is useless as long as the detection is done by comparing the addresses of the basic blocks. However it might be possible to match the graphs or to recognize new blocks nevertheless using metrics, different from that comparing the addresses of the basic blocks,such as their length, crc32 or a hash of the blocks. For a working CFI system based on ptrace() it is necessary that the attached process runs with privileges different from those of the tracing process. Otherwise the attacker could kill the protection process easily during the attack. If the protected process needs to run as root one needs special support from the kernel such as Role Based Access Control to defend against this attack. 9 Related Work There is already work done by others in the field of CFI and program protection [9], [13]. Some also deal with basic blocks, in particular [12] which defines stronger goals in order to prevent attacks and which focuses on buffer overflows. Their implementation is not based on ptrace(). Control Flow Integrity can also be performed on the syscall level as shown in [10]. 5 Certain kernel-patches randomize addresses of the mapped code in order to make exploitation of buffer overflows harder.

10 10 CONCLUSION Conclusion In this paper a method to implement CFI on a ptrace() basis has been described. Using the debugging hook from the kernel, it is possible to record and match the basic block structure of a process. This will work as long as the addresses are fixed, e.g. no address space randomization is used for the.text segments. For a randomized address space, other metrics can be used to detect attacks. The speed of the recording- and detection-phase can be increased dramatically if certain CPU and Operating System support is added such as single stepping on branches. This will allow one to build a very strong mechanism for preventing attacks against programs such as viruses or buffer overflow attacks. Sample graphs of traces are shown in Figures 4 and 5.

11 0x a: add ebx, (32)0x000d8bca 0x : mov dword [ebp + (32)0xfffffb58], esi 0x : mov eax, dword [ebx + (32)0xffffff38] 0x c: mov edi, dword [ebp + (8)0x c] 0x f: mov edx, dword [eax + edx] 0x : mov eax, dword [ebp + (8)0x ] 0x : mov dword [ebp + (32)0xfffffb38], edx 0x b: cmp byte [eax + (8)0x ], (8)0x x f: j(ne,nz) byte (8)0x b 0x : mov ecx, dword [ebx + (32)0xffffffbc] 0x : 0x : j(e,z) dword (32)0x00002a76 0x f: 0x : mov eax, dword [eax + (8)0x c] 0x : 0x : j(ne,nz) byte (8)0x c 0x : 0x : 0x a: j(ne,nz) byte (8)0x f 0x c: mov esi, dword [ebp + (8)0x ] 0x f: 0x : test al, (8)0x x : j(ne,nz) dword (32)0x00002b9a 0x : 0x b: j(e,z) dword (32)0x00002f5c 0x : mov edx, dword [ebp + (8)0x ] 0x : cmp byte [edx + (8)0x ], (8)0x x : j(ne,nz) byte (8)0x e 0x a: mov eax, dword [ebx + (32)0xffffffbc] 0x400674a0: 0x400674a2: j(e,z) dword (32)0x00002b62 0x400674a8: mov eax, dword [edx + (8)0x c] 0x400674ab: 0x400674ad: j(ne,nz) byte (8)0x c 0x400674bb: 0x400674bc: 0x400674c1: j(ne,nz) byte (8)0x x400674c3: mov esi, dword [ebp + (8)0x ] 0x400674c6: 0x400674c8: 0x400674ca: test al, (8)0x j(e,z) byte (8)0x x400674e5: mov eax, (32)0xffffffff 0x400674ea: lea edx, dword [ebp + (32)0xfffffbbc] 0x400674f0: xor esi, esi 0x400674f2: mov dword [ebp + (32)0xfffffb54], eax 0x400674f8: mov eax, dword [ebp + (8)0x ] 0x400674fb: mov dword [ebp + (32)0xfffffb34], edx 0x : mov dword [ebp + (32)0xfffffb40], eax 0x : 0x : mov dword [ebp + (32)0xfffffb3c], eax 0x f: 0x : mov dword [ebp + (32)0xfffffbbc], eax 0x : 0x : mov dword [ebp + (32)0xfffffbc0], eax 0x f: mov dword [esp + (8)0x ], edx 0x : 0x : call dword (32)0x x4007e8c0: 0x4007e8c1: 0x4007e8c3: 0x4007e8c4: 0x4007e8c5: 0x4007e8c6: 0x4007e8c9: mov esi, dword [ebp + (8)0x ] 0x4007e8cc: call dword (32)0xfffc4080 0x400b48f0: 0x400b48f2: j(s) dword (32)0x000000c8 0x400b48f8: cmp dword [ebp + (32)0xfffffe64], (8)0x x400b48ff: j(e,z) dword (32)0x x400b4905: 0x400b4907: mov dword [esp + (8)0x ], ecx 0x400b490b: mov edx, dword [ebp + (32)0xfffffe48] 0x400b4911: mov dword [esp], (32)0x x400b4918: mov dword [esp + (8)0x ], edx 0x400b491c: 0x400b4870: mov dword [esi + eax*4], (32)0x x400b4877: 0x400b4878: j(ns) byte (8)0xfffffff6 0x40054fa0: 0x40054fa1: 0x40054fa3: sub esp, (32)0x x40054fa9: mov dword [ebp + (8)0xfffffffc], edi 0x40054fac: mov edi, dword [ebp + (8)0x c] 0x40054faf: mov edx, dword [ebp + (8)0x ] 0x40054fb2: mov dword [ebp + (8)0xfffffff4], ebx 0x40054fb5: call dword (32)0xfffa067f call dword (32)0xfffed997 0x40054f70: 0x40054f73: 0x40054f74: 0x40054f75: 0x40054ee1: 0x400b4804: add ebx, (32)0x0008b7f0 0x400b480a: 0x400b480c: j(e,z) dword (32)0x e 0x400b4812: xor esi, esi 0x400b4814: lea eax, dword [ebp + (32)0xfffffe5c] 0x400b481a: 0x400b481c: mov dword [ebp + (32)0xfffffe5c], esi 0x400b4822: lea edx, dword [ebp + (32)0xfffffef4] 0x400b4828: lea esi, dword [ebp + (32)0xffffff74] 0x400b482e: mov dword [ebp + (32)0xfffffe4c], eax 0x400b4834: mov dword [ebp + (32)0xfffffe60], ecx 0x400b483a: mov dword [ebp + (32)0xfffffe48], edx 0x400b4840: cmp dword [ebp + (8)0x ], (32)0x x400b4847: mov eax, (32)0x7fffffff 0x400b484c: mov edx, dword [ebp + (32)0xfffffe5c] 0x400b4852: cmov(b,nae) eax, dword [ebp + (8)0x ] 0x400b4856: 0x400b4858: mov dword [ebp + (32)0xfffffe5c], eax 0x400b485e: sub dword [ebp + (8)0x ], eax 0x400b4861: mov eax, (32)0x f 0x400b4866: lea esi, dword [esi + (8)0x ] 0x400b4869: lea edi, dword [edi + (32)0x ] 0x400b4870: mov dword [esi + eax*4], (32)0x x400b4877: 0x400b4878: j(ns) byte (8)0xfffffff6 0x400b48c0: mov dword [esi + eax*4], (32)0x x400b48c7: 0x400b48c8: j(ns) byte (8)0xfffffff6 0x4008a4d0: 0x4008a4d1: 0x4008a4d3: 0x4008a4d4: 0x4008a4d5: 0x4008a4d6: sub esp, (8)0x x4008a4d9: mov edi, dword [ebp + (8)0x ] 0x4008a4dc: call dword (32)0xfffb8470 0x40054f40: 0x40054f41: 0x40054f43: 0x40054f44: 0x40054f47: mov edx, dword [ebp + (8)0x ] 0x40054f4a: call dword (32)0xfffeda02 0x400b489e: 0x400b48a0: 0x400b48a5: j(ne,nz) dword (32)0x000000e5 0x400b48ab: test byte [ebp + (32)0xfffffef6], (8)0x x400b48b2: j(ne,nz) byte (8)0x d 0x400b48b4: mov eax, (32)0x f 0x400b48b9: lea esi, dword [esi + (32)0x ] 0x400b48c0: mov dword [esi + eax*4], (32)0x x400b48c7: 0x400b48c8: j(ns) byte (8)0xfffffff6 0x40054f4f: add ebx, (32)0x000eb0a5 0x40054f55: cmp edx, (8)0x x40054f58: j(e,z) byte (8)0x c 0x40054f5a: mov eax, dword [ebp + (8)0x ] 0x40054f5d: mov dword [esp + (8)0x ], eax 0x40054f61: mov eax, dword [ebp + (8)0x c] 0x40054f64: 0x40054f67: mov dword [esp + (8)0x ], eax 0x40054f6b: call dword (32)0xfffffe80 0x40054df0: 0x40054df1: 0x40054df3: 0x40054df5: 0x40054df6: 0x40054df7: 0x40054df8: sub esp, (32)0x x40054dfe: mov edx, dword [ebp + (8)0x c] 0x40054e01: call dword (32)0xfffedb4b 0x4008a4e1: add ebx, (32)0x000b5b13 0x4008a4e7: mov ecx, dword [edi] 0x4008a4e9: test cl, (8)0x x4008a4ec: j(ne,nz) dword (32)0x x4008a4f2: test ch, (8)0x x4008a4f5: j(e,z) dword (32)0x000000c5 0x4008a4fb: mov eax, dword [edi + (8)0x ] 0x4008a4fe: 0x4008a500: j(ne,nz) byte (8)0x b 0x4008a55d: cmp dword [ebp + (8)0x c], (8)0xffffffff 0x4008a561: j(e,z) dword (32)0x000000e9 0x4008a650: mov edx, dword [edi + (8)0x ] 0x4008a653: mov eax, dword [edi + (8)0x ] 0x4008a656: 0x4008a659: mov dword [esp + (8)0x ], edx 0x4008a65d: sub eax, edx 0x4008a65f: mov dword [esp + (8)0x ], eax 0x4008a663: call dword (32)0xfffff418 0x40089a80: 0x40089a81: 0x40089a83: 0x40089a84: mov esi, dword [ebp + (8)0x ] 0x40089a87: mov eax, dword [ebp + (8)0x ] 0x40089a8a: mov edx, dword [ebp + (8)0x c] 0x40089a8d: 0x40089a8f: 0x40089a98: 0x40089a9a: j(ne,nz) byte (8)0x mov ecx, esi call dword (32)0xfffffcf1 0x : 0x : 0x : sub esp, (8)0x x : mov dword [ebp + (8)0xfffffff4], ebx 0x : mov dword [ebp + (8)0xfffffff8], esi 0x c: 0x e: mov dword [ebp + (8)0xfffffffc], edi 0x400897a1: call dword (32)0xfffb91ab 0x40054e9d: xchg ebx, edi 0x40054e9f: mov dword [ebp + (32)0xfffffecc], eax 0x40054ea5: cmp eax, (32)0xfffff000 0x40054eaa: j(nbe,a) byte (8)0x x40054eac: 0x40054eae: mov eax, dword [ebp + (32)0xfffffecc] 0x40054eb4: cmp dword [ebp + (8)0x ], (8)0x x40054eb8: not eax 0x40054eba: 0x40054ebd: shr eax, (8)0x f 0x40054ec0: test eax, edx 0x40054ec2: j(e,z) byte (8)0x a 0x40054ec4: 0x40054ec5: mov eax, dword [ebp + (32)0xfffffed4] 0x40054ecb: mov ecx, (32)0x x40054ed0: mov edi, dword [ebp + (8)0x ] 0x40054ed3: lea esi, dword [ebp + (32)0xfffffee0] 0x40054ed9: mov dword [edi], eax 0x40054edb: mov edi, dword [ebp + (8)0x ] 0x40054ede: add edi, (8)0x x40054ee1: 0x f: 0x : 0x : push (8)0x x : call dword (32)0xfffffe68 0x : jmp dword [0x ] 0x400b47f0: 0x400b47f1: 0x400b47f3: 0x400b47f4: 0x400b47f5: 0x400b47f6: sub esp, (32)0x000001b8 0x400b47fc: mov edi, dword [ebp + (8)0x ] 0x400b47ff: call dword (32)0xfff8e14d 0x : mov ebx, dword [esp] 0x : 0x4006f796: add ebx, (32)0x000d085e 0x4006f79c: mov dword [esp + (8)0x ], eax 0x4006f7a0: mov eax, dword [ebx + (32)0xfffffe78] 0x4006f7a6: 0x4006f7a8: 0x4006f7ab: call dword (32)0xffff7c60 0x : 0x : 0x : 0x : 0x : xor esi, esi 0x : 0x : sub esp, (32)0x000005e8 0x e: 0x : call dword (32)0xfffdb527 0x4007e8f0: 0x4007e8f1: 0x4007e8f4: 0x4007e8f6: 0x4007e8f9: cmp al, (8)0x x4007e8fb: 0x4007e8fe: 0x4007e900: 0x4007e902: j(e,z) byte (8)0x c 0x4007e904: mov dword [edi], (32)0x x4007e90a: test byte [esi], (8)0x x4007e90d: 0x4007e950: 0x4007e953: 0x4007e955: 0x4007e956: 0x4007e957: 0x4007e958: 0x4007e959: j(e,z) byte (8)0xffffffe1 0x b: mov dword [ebp + (32)0xfffffb4c], eax 0x : mov ecx, dword [ebp + (8)0x ] 0x : mov dword [ebp + (32)0xfffffbb4], eax 0x a: mov dword [ebp + (32)0xfffffb30], esi 0x : movzx edx, dword [ecx] 0x : 0x : 0x a: 0x d: j(ne,nz) byte (8)0x f 0x f: 0x : cmp dword [ebx + (32)0x00003ac4], (8)0x x : 0x b: 0x d: mov dword [ebp + (32)0xfffffb30], eax 0x : j(ne,nz) dword (32)0x x : mov eax, dword [ebx + (32)0xfffffea0] 0x f: mov dword [ebp + (32)0xfffffbf4], eax 0x : mov eax, dword [ebp + (8)0x ] 0x : mov dword [ebp + (32)0xfffffbf8], eax 0x e: 0x : 0x : 0x : j(ne,nz) byte (8)0x a 0x a: mov ecx, dword [ebp + (8)0x ] 0x d: mov esi, dword [0x ] 0x : mov edx, dword [ecx + (8)0x ] 0x : cmp dword [edx + (8)0x ], esi 0x a: j(e,z) byte (8)0x x c: 0x e: mov ecx, (32)0x x400675a3: cmp dword [0x c], (8)0x x400675ab: 0x400675af: cmpxchg dword [edx], ecx 0x400675b2: j(ne,nz) dword (32)0x x400675b8: mov eax, dword [ebp + (8)0x ] 0x400675bb: mov edx, dword [eax + (8)0x ] 0x400675be: mov dword [edx + (8)0x ], esi 0x400675c1: inc dword [edx + (8)0x ] 0x400675c4: mov edx, dword [ebp + (8)0x ] 0x400675c7: mov esi, dword [ebp + (32)0xfffffb4c] 0x400675cd: movsx eax, byte [edx + (8)0x ] 0x400675d1: sub esi, edi 0x400675d3: mov eax, dword [eax + edx + (32)0x ] 0x400675da: 0x400675dd: mov dword [esp + (8)0x ], esi 0x400675e1: mov dword [esp + (8)0x ], edi 0x400675e5: call dword [eax + (8)0x c] 0x400898d0: 0x400898d1: 0x400898d3: sub esp, (8)0x x400898d6: mov dword [ebp + (8)0xfffffff8], esi 0x400898d9: mov eax, dword [ebp + (8)0x ] 0x400898dc: mov esi, dword [ebp + (8)0x ] 0x400898df: mov dword [ebp + (8)0xfffffff4], ebx 0x400898e2: mov dword [ebp + (8)0xfffffff0], eax 0x400898e5: 0x400898e7: call dword (32)0xfffb9065 0x400675e8: 0x400675ed: mov dword [ebp + (32)0xfffffb50], edx 0x400675f3: cmp eax, esi 0x400675f5: j(ne,nz) dword (32)0x x400675fb: mov dword [ebp + (32)0xfffffb50], eax 0x : mov edx, dword [ebp + (32)0xfffffbb4] 0x : cmp byte [edx], (8)0x x a: j(e,z) dword (32)0x x : mov ecx, dword [ebp + (8)0x ] 0x : movzx eax, dword [ecx] 0x : 0x b: 0x e: j(ne,nz) byte (8)0x x : mov edx, dword [ecx + (8)0x ] 0x : mov eax, dword [edx + (8)0x ] 0x : 0x : mov dword [edx + (8)0x ], eax 0x a: 0x c: j(ne,nz) byte (8)0x x e: mov dword [edx + (8)0x ], (32)0x x : cmp dword [0x c], (8)0x x d: 0x : sub dword [edx], (8)0x x : j(ne,nz) dword (32)0x000037da 0x a: lea esi, dword [esi + (32)0x ] 0x : mov eax, dword [ebp + (32)0xfffffb30] 0x : 0x : j(ne,nz) byte (8)0x x a: mov edx, dword [ebp + (32)0xfffffb50] 0x : lea esp, dword [ebp + (8)0xfffffff4] 0x : 0x : 0x : 0x : 0x : 0x : 0x4006f7b0: 0x4006f7b3: 0x4006f7b4: 0x4006f7b5: 0x4007e8d1: add ebx, (32)0x000c1723 0x4007e8d7: mov edi, dword [ebp + (8)0x c] 0x4007e8da: 0x4007e8dd: 0x4007e8df: 0x4007e8e2: cmp al, (8)0x x4007e8e4: 0x4007e8e7: 0x4007e8e9: 0x4007e8eb: j(ne,nz) byte (8)0x x4007e904: mov dword [edi], (32)0x x4007e90a: test byte [esi], (8)0x x4007e90d: 0x4008a668: 0x4008a66a: 0x4008a66d: 0x4008a66f: 0x4008a670: 0x4008a671: 0x4008a672: 0x4008a673: j(e,z) byte (8)0xffffffe1 0x400899fd: 0x400899fe: j(e,z) byte (8)0xffffffc4 0x40089a00: mov eax, dword [ebp + (8)0x ] 0x40089a03: mov edx, dword [eax + (8)0x c] 0x40089a06: mov ecx, dword [eax + (8)0x ] 0x40089a09: sub ecx, edx 0x40089a0b: mov edx, dword [ebp + (8)0xfffffff0] 0x40089a0e: cmp ecx, (8)0x f 0x40089a11: mov dword [ebp + (8)0xffffffe8], edx 0x40089a14: j(be,na) byte (8)0x e 0x40089a16: 0x40089a18: 0x40089a1a: div ecx 0x40089a1c: mov ecx, dword [ebp + (8)0xfffffff0] 0x40089a1f: sub ecx, edx 0x40089a21: mov dword [ebp + (8)0xffffffe8], ecx 0x40089a24: mov esi, dword [ebp + (8)0xffffffe8] 0x40089a27: 0x40089a29: j(ne,nz) byte (8)0x b 0x40089a2b: mov ecx, dword [ebp + (8)0xfffffff0] 0x40089a2e: 0x40089a30: 0x400899c4: mov eax, dword [ebp + (8)0x ] 0x400899c7: mov edx, dword [ebp + (8)0xfffffff0] 0x400899ca: sub eax, edx 0x400899cc: mov ebx, dword [ebp + (8)0xfffffff4] 0x400899cf: mov esi, dword [ebp + (8)0xfffffff8] 0x400899d2: mov edi, dword [ebp + (8)0xfffffffc] 0x400899d5: 0x400899d7: 0x400899d8: j(e,z) byte (8)0xffffff92 0x40089b41: mov eax, dword [ebp + (8)0x ] 0x40089b44: add esp, (8)0x x40089b47: 0x40089b48: 0x40089b49: 0x40089b4a: 0x4006f780: 0x4006f781: 0x4006f783: lea eax, dword [ebp + (8)0x c] 0x4006f786: 0x4006f787: 0x4006f78a: mov dword [esp + (8)0x ], eax 0x4006f78e: mov eax, dword [ebp + (8)0x ] 0x4006f791: 0x400897e5: 0x400897e7: movzx eax, dword [esi + (8)0x ] 0x400897eb: 0x400897ee: j(e,z) byte (8)0x x400897f4: mov edx, dword [esi + (8)0x c] 0x400897f7: mov eax, dword [esi + (8)0x c] 0x400897fa: 0x400897fc: mov dword [esi + (8)0x c], eax 0x400897ff: mov dword [esi + (8)0x ], eax 0x : mov dword [esi + (8)0x ], eax 0x : mov dword [esi + (8)0x ], eax 0x : mov dword [esi + (8)0x ], eax 0x b: j(le,ng) dword (32)0x f 0x400898b0: test dword [esi], (32)0x x400898b6: j(ne,nz) dword (32)0xffffff58 0x : mov dword [esi + (8)0x ], eax 0x : 0x : mov ebx, dword [ebp + (8)0xfffffff4] 0x c: mov esi, dword [ebp + (8)0xfffffff8] 0x f: mov edi, dword [ebp + (8)0xfffffffc] 0x : 0x : 0x : 0x40089a9f: 0x40089aa1: 0x40089aa6: 0x40089a91: 0x40089a93: 0x40089a94: 0x40089a96: 0x40089a97: cmp eax, esi j(e,z) byte (8)0xffffffe9 call dword (32)0xfffd31bb 0x40054fba: add ebx, (32)0x000eb03a 0x40054fc0: mov dword [ebp + (8)0xfffffff8], esi 0x40054fc3: 0x40054fc5: j(e,z) byte (8)0x e 0x40054fc7: mov ecx, dword [ebp + (8)0x c] 0x40054fca: mov eax, (32)0x x40054fcf: mov esi, dword [ecx] 0x40054fd1: 0x40054fd3: j(s) byte (8)0x c 0x40054fd5: mov esi, (32)0x x40054fda: mov edi, dword [ebp + (8)0x ] 0x40054fdd: mov ecx, dword [ebp + (8)0x c] 0x40054fe0: 0x40054fe2: 0x40054fe7: xchg edi, ebx mov eax, (32)0x000000af 0x40054fee: xchg ebx, edi 0x40054ff0: cmp eax, (32)0xfffff000 0x40054ff5: 0x40054ff7: j(nbe,a) byte (8)0x f 0x40054ff9: 0x40054ffb: mov ebx, dword [ebp + (8)0xfffffff4] 0x40054ffe: mov esi, dword [ebp + (8)0xfffffff8] 0x : mov edi, dword [ebp + (8)0xfffffffc] 0x : 0x : 0x : 0x40054e06: 0x40054e0c: 0x40054e0e: 0x400899e0: mov ecx, dword [ebp + (8)0x ] 0x400899e3: mov esi, (32)0xffffffff 0x400899e8: movsx eax, byte [ecx + (8)0x ] 0x400899ec: mov eax, dword [eax + ecx + (32)0x ] 0x400899f3: mov dword [esp + (8)0x ], esi 0x400899f7: 0x400899fa: call dword [eax + (8)0x c] 0x40089b20: sub dword [ebp + (8)0x ], esi 0x40089b23: mov edx, dword [ebp + (8)0x ] 0x40089b26: mov edi, dword [edx + (8)0x ] 0x40089b29: mov esi, dword [edx + (8)0x c] 0x40089b2c: 0x40089b2e: add ebx, (32)0x000eb1ee j(e,z) byte (8)0x j(s) byte (8)0x x e: 0xffffe403: 0xffffe405: 0xffffe410: 0xffffe411: 0xffffe412: 0xffffe413: sysenter pop edx pop ecx 0x400d7533: 0x400d7534: cmp eax, (32)0xfffff001 0x400d7539: j(nb,ae) byte (8)0x x400d753b: 0x40089ae6: 0x40089ae8: j(s) byte (8)0x x40089aea: sub esi, eax 0x40089aec: add edi, eax 0x40089aee: 0x40089af0: j(le,ng) byte (8)0x e jmp byte (8)0xffffffd2 0x : 0x : push (32)0x x a: 0x080483b4: 0x400b4921: mov eax, dword [ebp + (32)0xfffffe4c] 0x400b4927: mov dword [esp + (8)0x ], eax 0x400b492b: 0x400b492e: call dword (32)0x000001dd 0x40054e77: mov esi, dword [ebp + (8)0x ] 0x40054e7a: lea eax, dword [ebp + (32)0xfffffed4] 0x40054e80: 0x40054e82: mov edi, dword [ebp + (8)0x ] 0x40054e85: 0x40054e87: 0x40054e8c: 0x40054e8f: 0x40054e91: 0x40054e96: mov esi, (32)0x cmov(ne,nz) edx, eax xchg edi, ebx mov eax, (32)0x000000ae call dword (32)0xfffffe95 jmp dword [0x ] 0xffffe400: 0xffffe401: 0xffffe402: 0xffffe403: 0xffffe405: 0x080484c0: 0x080484c3: mov eax, (32)0x x080484c8: leave 0x080484c9: sysenter 0x080484ab: 0x080484ac: 0x : call dword (32)0xffffff53 0x c: 0x d: 0x f: sub esp, (8)0x x : sub esp, (8)0x x : push (8)0x d 0x : push (32)0x x c: push (8)0x x e: 0x400897a6: add ebx, (32)0x000b684e 0x400897ac: test byte [eax + (8)0x ], (8)0x x400897b0: mov dword [ebp + (8)0xfffffff0], edx 0x400897b3: mov dword [ebp + (8)0xffffffec], ecx 0x400897b6: j(e,z) byte (8)0x e 0x : mov ecx, dword [eax + (8)0x ] 0x : mov edx, dword [eax + (8)0x ] 0x c: 0x e: 0x400d7510: cmp dword [0x c], (8)0x x400d7518: j(ne,nz) byte (8)0x x400d751a: 0x400d751b: mov edx, dword [esp + (8)0x ] 0x400d751f: mov ecx, dword [esp + (8)0x c] 0x400d7523: mov ebx, dword [esp + (8)0x ] 0x400d7527: mov eax, (32)0x x400d752c: cmp ecx, edx j(e,z) byte (8)0xffffff96 0x400897c6: movsx eax, byte [esi + (8)0x ] 0x400897ca: mov edx, dword [ebp + (8)0xffffffec] 0x400897cd: mov eax, dword [eax + esi + (32)0x ] 0x400897d4: mov dword [esp + (8)0x ], edx 0x400897d8: mov ecx, dword [ebp + (8)0xfffffff0] 0x400897db: 0x400897de: mov dword [esp + (8)0x ], ecx 0x400897e2: call dword [eax + (8)0x c] 0x40089ab0: 0x40089ab1: 0x40089ab3: 0x40089ab4: 0x40089ab5: 0x40089ab8: mov esi, dword [ebp + (8)0x ] 0x40089abb: mov edi, dword [ebp + (8)0x c] 0x40089abe: 0x40089ac0: j(le,ng) byte (8)0x e 0x40089ac2: mov eax, dword [ebp + (8)0x ] 0x40089ac5: test byte [eax + (8)0x c], (8)0x x40089ac9: j(ne,nz) byte (8)0x x40089acb: nop 0x40089acc: lea esi, dword [esi + (8)0x ] 0x40089ad0: mov dword [esp + (8)0x ], esi 0x40089ad4: mov dword [esp + (8)0x ], edi 0x40089ad8: mov edx, dword [ebp + (8)0x ] 0x40089adb: mov eax, dword [edx + (8)0x ] 0x40089ade: 0x40089ae1: call dword (32)0x0004da2a call dword (32)0xfffffee1 0x : jmp dword [0x ] 0x400b4b30: mov ebx, edx 0x400b4b32: cmp eax, (32)0xfffff001 0x400b4b37: j(nb,ae) byte (8)0x x400b4b39: leave 0x400df31a: 0x400df31b: 0x : call dword (32)0xffffff6f 0x080484a3: 0x080484a6: leave 0x080484ad: 0x080484ae: 0x080484b0: 0x080484b3: 0x080484b6: 0x080484bb: sub esp, (8)0x push (32)0x000003e8 call dword (32)0xfffffea4 0x400b4933: mov edx, dword [ebp + (8)0x ] 0x400b4936: 0x400b4938: 0x400b493a: 0x400b493d: 0x400b493f: 0x400b4942: 0x400b4944: 0x400b4946: j(ne,nz) dword (32)0xfffffef4 0x400b494c: 0x400b494e: j(e,z) byte (8)0x x400b4971: mov edx, edi 0x400b4973: add esp, (32)0x000001b8 0x400b4979: 0x400b497b: 0x400b497c: 0x400b497d: 0x400b497e: 0x400b497f: 0x c: 0x f: 0x : jmp dword [0x c] 0x400df2e0: 0x400df2e1: mov edx, (32)0x431bde83 0x400df2e6: 0x400df2e8: sub esp, (8)0x x400df2eb: mov ecx, dword [ebp + (8)0x ] 0x400df2ee: 0x400df2f0: mul edx 0x400df2f2: shr edx, (8)0x x400df2f5: mov dword [ebp + (8)0xfffffff8], edx 0x400df2f8: imul edx, edx, (32)0x000f4240 0x400df2fe: sub ecx, edx 0x400df300: imul eax, ecx, (32)0x000003e8 0x400df306: mov dword [ebp + (8)0xfffffffc], eax 0x400df309: 0x400df30b: mov dword [esp + (8)0x ], eax 0x400df30f: lea eax, dword [ebp + (8)0xfffffff8] 0x400df312: 0x400df315: call dword (32)0xfffd57f6 0x400b4b10: cmp dword [0x c], (8)0x x400b4b18: j(ne,nz) byte (8)0x x400b4b1a: mov edx, ebx 0x400b4b1c: mov ecx, dword [esp + (8)0x ] 0x400b4b20: mov ebx, dword [esp + (8)0x ] 0x400b4b24: 0x400b4b29: 0x400898ec: add ebx, (32)0x000b6708 0x400898f2: mov dword [ebp + (8)0xfffffffc], edi 0x400898f5: call dword (32)0x mov eax, (32)0x000000a2 0x400898f7: mov edi, dword [ebp + (8)0x c] 0x400898fa: mov dword [ebp + (8)0xffffffec], (32)0x x : j(e,z) dword (32)0x000000c5 0x : mov edx, dword [ebp + (8)0x ] 0x a: mov ecx, edx 0x c: mov esi, dword [edx + (8)0x ] 0x f: mov eax, dword [ecx] 0x : mov edx, dword [edx + (8)0x ] 0x : and eax, (32)0x00000a00 0x : sub esi, edx 0x b: cmp eax, (32)0x00000a00 0x : j(e,z) byte (8)0x x : mov esi, dword [ecx + (8)0x ] 0x : sub esi, edx 0x : cmp esi, dword [ebp + (8)0x ] 0x a: j(b,nae) byte (8)0xffffffc6 0x c: mov ecx, dword [ebp + (8)0x ] 0x f: lea eax, dword [ecx + edi] 0x : cmp eax, edi 0x : j(nbe,a) byte (8)0x x d: 0x e: cmp byte [eax], (8)0x a 0x : j(ne,nz) byte (8)0xfffffff5 0x : mov dword [ebp + (8)0xffffffec], (32)0x x a: mov ecx, dword [ebp + (8)0x c] 0x d: sub eax, ecx 0x f: lea esi, dword [eax + (8)0x ] 0x : jmp byte (8)0xffffff9e 0x : 0x : j(e,z) dword (32)0x e 0x a: cmp esi, dword [ebp + (8)0x ] 0x d: cmov(nbe,a) esi, dword [ebp + (8)0x ] 0x : cmp esi, (8)0x x : j(nbe,a) byte (8)0x e 0x : mov ecx, edx 0x : mov edx, esi 0x a: dec edx 0x b: j(s) byte (8)0x d 0x d: lea esi, dword [esi + (8)0x ] 0x : movzx eax, byte [edi] 0x : movzx eax, byte [edi] 0x : 0x : mov byte [ecx], al 0x : inc ecx 0x : dec edx 0x : j(ns) byte (8)0xfffffff6 0x : 0x : mov byte [ecx], al 0x : inc ecx 0x : dec edx 0x : j(ns) byte (8)0xfffffff6 0x400899b0: mov edx, dword [ebp + (8)0x ] 0x400899b3: sub edx, esi 0x400899b5: mov dword [ebp + (8)0xfffffff0], edx 0x400899b8: mov eax, dword [ebp + (8)0xfffffff0] 0x400899bb: mov edx, dword [ebp + (8)0xffffffec] 0x400899be: 0x400899c0: 0x400899c2: j(ne,nz) byte (8)0x c call dword (32)0xffffff79 10 CONCLUSION 11 Figure 4: Basic blocks from the test process.

12 10 CONCLUSION 12 0xffffe403: 0xffffe405: sysenter 0xffffe410: 0xffffe411: pop edx 0xffffe412: pop ecx 0xffffe413: 0x401239fd: 0x401239fe: 0x401239ff: 0x40123a00: cmp eax, (32)0xfffff001 0x40123a05: j(nb,ae) byte (8)0x e 0x40123a07: 0x4011c7dd: xchg ebx, edi 0x4011c7df: cmp eax, (32)0xfffff000 0x4011c7e4: 0x4011c7e6: j(nbe,a) byte (8)0x x4011c7e8: 0x4011c7ea: mov ebx, dword [ebp + (8)0xfffffff4] 0x4011c7ed: mov esi, dword [ebp + (8)0xfffffff8] 0x4011c7f0: mov edi, dword [ebp + (8)0xfffffffc] 0x4011c7f3: 0x4011c7f5: 0x4011c7f6: 0x4011c4b3: 0x4011c4b4: cmp eax, (32)0xfffff001 0x4011c4b9: j(nb,ae) byte (8)0x x401230e9: 0x401230ea: cmp eax, (32)0xfffff001 0x401230ef: j(nb,ae) byte (8)0x x401230f1: 0x400eb346: mov ebx, edx 0x400eb348: cmp eax, (32)0xfffff001 0x400eb34d: j(nb,ae) byte (8)0x x400eb34f: 0x4011c2e3: 0x4011c2e4: cmp eax, (32)0xfffff001 0x4011c2e9: j(nb,ae) byte (8)0x x4011c2eb: 0x4011bba3: xchg ebx, edx 0x4011bba5: cmp eax, (32)0xfffff000 0x4011bbaa: mov ecx, eax 0x4011bbac: j(nbe,a) byte (8)0x x4011bbae: 0x4011bbaf: 0x4011bbb1: 0x4011bbb2: 0x400f5d2a: xchg ebx, edi 0x400f5d2c: mov dword [ebp + (8)0xfffffff0], eax 0x400f5d2f: cmp eax, (32)0xfffff000 0x400f5d34: j(nbe,a) byte (8)0x x400f5d36: cmp dword [ebp + (8)0xfffffff0], (8)0xffffffff 0x400f5d3a: j(e,z) byte (8)0x e 0x400f5d3c: mov eax, dword [ebp + (8)0xfffffff0] 0x400f5d3f: mov edi, esi 0x400f5d41: add eax, esi 0x400f5d43: mov dword [ebp + (8)0xffffffe8], eax 0x400f5d46: cmp esi, eax 0x400f5d48: j(b,nae) byte (8)0x b 0x4011b818: xchg ebx, edx 0x4011b81a: mov dword [ebp + (8)0xffffff90], eax 0x4011b81d: cmp eax, (32)0xfffff000 0x4011b822: j(nbe,a) byte (8)0x f 0x4011b824: mov eax, dword [ebp + (8)0xffffff90] 0x4011b827: 0x4011b829: j(e,z) byte (8)0x x4011c43c: mov ebx, edx 0x4011c43e: cmp eax, (32)0xfffff001 0x4011c443: j(nb,ae) byte (8)0x d 0x4011c445: 0x d: xchg ebx, edi 0x f: mov dword [ebp + (8)0xffffffb4], eax 0x401224a2: cmp eax, (32)0xfffff000 0x401224a7: j(nbe,a) dword (32)0x000000e8 0x401224ad: mov ecx, dword [ebp + (8)0xffffffb4] 0x401224b0: 0x401224b2: 0x401224b5: cmp dword [ebp + (8)0xffffffc0], (32)0x x401224bc: 0x401224bf: 0x401224c1: 0x401224c3: j(e,z) byte (8)0x b 0x4011c533: 0x4011c534: cmp eax, (32)0xfffff001 0x4011c539: j(nb,ae) byte (8)0x x4011c53b: 0x0804fcc0: add esp, (8)0x c 0x0804fcc3: 0x0804fcc4: push (8)0x x0804fcc6: push (8)0x x0804fcc8: call dword (32)0xffff9f3f 0x08049c0c: jmp dword [0x0805a7f8] 0x4011c7a0: 0x4011c7a1: 0x4011c7a3: sub esp, (8)0x x4011c7a6: mov dword [ebp + (8)0xfffffff4], ebx 0x4011c7a9: mov dword [ebp + (8)0xfffffff8], esi 0x4011c7ac: mov esi, dword [ebp + (8)0x ] 0x4011c7af: mov dword [ebp + (8)0xfffffffc], edi 0x4011c7b2: mov edi, dword [ebp + (8)0x ] 0x4011c7b5: call dword (32)0xfff6b197 0x : mov ebx, dword [esp] 0x : 0x4011c7ba: add ebx, (32)0x a 0x4011c7c0: mov eax, dword [(32)0x c] 0x4011c7c6: 0x4011c7c8: j(ne,nz) byte (8)0x d 0x4011c7ca: mov ecx, dword [ebp + (8)0x c] 0x4011c7cd: mov edx, esi 0x4011c7cf: xchg edi, ebx 0x4011c7d1: mov eax, (32)0x000000dd 0x4011c7d6: 0x400c4a24: add ebx, (32)0x000c05d0 0x400c4a2a: mov dword [ebp + (8)0xfffffffc], edi 0x400c4a2d: 0x400c4a2f: j(e,z) dword (32)0x000000ea 0x400c4a35: movzx eax, dword [esi] 0x400c4a38: 0x400c4a3d: 0x400c4a40: j(ne,nz) byte (8)0x x400c4a42: mov edx, dword [esi + (8)0x ] 0x400c4a45: mov edi, dword [0x ] 0x400c4a4c: cmp dword [edx + (8)0x ], edi 0x400c4a4f: j(e,z) byte (8)0x x400c4a51: 0x400c4a53: mov ecx, (32)0x x400c4a58: cmp dword [0x c], (8)0x x400c4a60: 0x400cf3da: add ebx, (32)0x000b5c1a 0x400cf3e0: mov eax, dword [esi + (8)0x ] 0x400cf3e3: 0x400cf3e5: cmp edx, eax 0x400cf3e7: j(be,na) byte (8)0x x f: add ebx, (32)0x000627b5 0x : mov dword [esp + (8)0x ], eax 0x : mov eax, (32)0x b 0x e: mov dword [esp + (8)0x ], eax 0x : mov eax, dword [ebp + (8)0x ] 0x : 0x : call dword (32)0x x4009be27: add ebx, (32)0x000e91cd 0x4009be2d: mov dword [ebp + (8)0xfffffffc], edi 0x4009be30: imul esi, eax 0x4009be33: cmp esi, (32)0x000003ff 0x4009be39: j(be,na) dword (32)0x x4009bc4e: add ebx, (32)0x000e93a6 0x4009bc54: mov dword [ebp + (8)0xfffffff8], esi 0x4009bc57: cmp edx, (8)0x x4009bc5a: 0x4009bc5c: mov dword [ebp + (8)0xfffffffc], edi 0x4009bc5f: mov dword [ebp + (8)0xfffffff0], eax 0x4009bc62: mov dword [ebp + (8)0xffffffec], ecx 0x4009bc65: j(nbe,a) byte (8)0x d 0x400d5bce: add ebx, (32)0x000af426 0x400d5bd4: mov dword [ebp + (8)0xfffffff8], esi 0x400d5bd7: mov eax, dword [ebx + (32)0xfffffe64] 0x400d5bdd: mov dword [ebp + (8)0xfffffffc], edi 0x400d5be0: mov ecx, dword [eax] 0x400d5be2: 0x400d5be4: j(e,z) byte (8)0x c 0x400d41c1: add ebx, (32)0x000b0e33 0x400d41c7: cmp eax, (8)0xffffffdf 0x400d41ca: j(nbe,a) dword (32)0x f 0x400d41d0: mov dword [ebp + (8)0xfffffff0], (32)0x x400d41d7: add eax, (8)0x b 0x400d41da: 0x400d41dc: and edx, (8)0xfffffff8 0x400d41df: cmp eax, (8)0x x400d41e2: mov eax, dword [ebp + (8)0x ] 0x400d41e5: cmov(b,nae) edx, dword [ebp + (8)0xfffffff0] 0x400d41e9: mov ecx, dword [eax + (8)0x ] 0x400d41ec: mov dword [ebp + (8)0xfffffff0], edx 0x400d41ef: cmp edx, ecx 0x400d41f1: j(nbe,a) byte (8)0x x400f5407: add ebx, (32)0x0008fbed 0x400f540d: cmp byte [eax], (8)0x x400f5410: j(e,z) dword (32)0x000000e7 0x400f5416: 0x400f5419: mov ecx, (32)0x x400f541e: mov dword [esp + (8)0x ], ecx 0x400f5422: call dword (32)0x00026ea3 0x4011bb8c: add ebx, (32)0x x4011bb92: mov ecx, dword [ebp + (8)0x ] 0x4011bb95: xchg ebx, edx 0x4011bb97: mov eax, (32)0x000000c5 0x4011bb9c: 0x400f5599: add ebx, (32)0x0008fa5b 0x400f559f: mov edx, dword [ebx + (32)0xffffff38] 0x400f55a5: mov esi, dword [ebp + (8)0x ] 0x400f55a8: mov eax, dword [edx + eax] 0x400f55ab: mov dword [ebp + (8)0xfffffff0], eax 0x400f55ae: 0x400f55b0: cmp dword [0x c], (8)0x x400f55b8: 0x400f5d16: add ebx, (32)0x0008f2de 0x400f5d1c: xchg edi, ebx 0x400f5d1e: mov eax, (32)0x d 0x400f5d23: 0x4009dd83: add ebx, (32)0x000e7271 0x4009dd89: mov eax, dword [ebx + (32)0xffffff88] 0x4009dd8f: mov eax, dword [eax + edx] 0x4009dd92: mov dword [esp + (8)0x ], eax 0x4009dd96: mov eax, dword [ebp + (8)0x ] 0x4009dd99: mov dword [esp + (8)0x c], eax 0x4009dd9d: mov eax, dword [ebp + (8)0x ] 0x4009dda0: mov dword [esp + (8)0x ], eax 0x4009dda4: mov eax, dword [ebp + (8)0x c] 0x4009dda7: mov dword [esp + (8)0x ], eax 0x4009ddab: mov eax, dword [ebp + (8)0x ] 0x4009ddae: 0x4009ddb1: call dword (32)0x a 0x4009e351: add ebx, (32)0x000e6ca3 0x4009e357: mov dword [ebp + (8)0xffffffd4], (32)0x x4009e35e: mov edi, dword [ebp + (8)0x ] 0x4009e361: mov ecx, dword [eax + (8)0x ] 0x4009e364: mov dword [ebp + (8)0xffffffd0], (32)0x x4009e36b: mov eax, dword [ebp + (8)0x ] 0x4009e36e: mov dword [ebp + (8)0xffffffcc], (32)0x x4009e375: 0x4009e377: j(ne,nz) dword (32)0x x4009e37d: 0x4009e37f: 0x4009e381: shr eax, (8)0x f 0x4009e384: cmp edi, (8)0x x4009e387: 0x4009e38a: 0x4009e38c: 0x4009e38e: cmp edi, (8)0x x4009e391: j(le,ng) byte (8)0x e 0x4011b7f7: add ebx, (32)0x000697fd 0x4011b7fd: mov dword [ebp + (8)0xfffffff8], esi 0x4011b800: cmp edi, (8)0x x4011b803: j(e,z) byte (8)0x x4011b805: lea esi, dword [ebp + (8)0xffffff94] 0x4011b808: mov ecx, esi 0x4011b80a: xchg ebx, edx 0x4011b80c: mov eax, (32)0x000000c3 0x4011b811: 0x40121b09: add ebx, (32)0x000634eb 0x40121b0f: cmp eax, (8)0x x40121b12: j(e,z) byte (8)0x x40121b14: cmp eax, (8)0x x40121b17: j(e,z) byte (8)0x x400b4816: add ebx, (32)0x000d07de 0x400b481c: mov dword [esp + (8)0x ], eax 0x400b4820: mov eax, dword [ebp + (8)0x ] 0x400b4823: 0x400b4826: call dword (32)0x x400c70ad: add ebx, (32)0x000bdf47 0x400c70b3: mov dword [esp + (8)0x ], ecx 0x400c70b7: mov dword [esp + (8)0x c], eax 0x400c70bb: 0x400c70be: call dword (32)0x d 0x400d0654: add ebx, (32)0x000b49a0 0x400d065a: 0x400d065d: call dword (32)0xffffff1e 0x400d20d1: add ebx, (32)0x000b2f23 0x400d20d7: mov dword [ebp + (8)0xfffffffc], edi 0x400d20da: 0x400d20dc: mov dword [ebp + (8)0xfffffff8], esi 0x400d20df: mov edi, dword [ebp + (8)0x ] 0x400d20e2: j(e,z) byte (8)0x d 0x400d20e4: mov edx, dword [ebp + (8)0x c] 0x400d20e7: mov esi, (32)0xffffffff 0x400d20ec: 0x400d20ee: cmp eax, dword [ebp + (8)0x c] 0x400d20f1: cmov(nbe,a) esi, eax 0x400d20f4: mov dword [esp + (8)0x ], esi 0x400d20f8: 0x400d20fa: mov dword [esp + (8)0x c], eax 0x400d20fe: mov edx, dword [ebp + (8)0x c] 0x400d2101: 0x400d2104: mov dword [esp + (8)0x ], edx 0x400d2108: call dword (32)0xfffff3f3 0x400d1514: add ebx, (32)0x000b3ae0 0x400d151a: mov ecx, dword [esi + (8)0x c] 0x400d151d: 0x400d151f: j(e,z) byte (8)0x f 0x400ac42a: add ebx, (32)0x000d8bca 0x400ac430: mov dword [ebp + (32)0xfffffb58], esi 0x400ac436: mov eax, dword [ebx + (32)0xffffff38] 0x400ac43c: mov edi, dword [ebp + (8)0x c] 0x400ac43f: mov edx, dword [eax + edx] 0x400ac442: mov eax, dword [ebp + (8)0x ] 0x400ac445: mov dword [ebp + (32)0xfffffb38], edx 0x400ac44b: cmp byte [eax + (8)0x ], (8)0x x400ac44f: j(ne,nz) byte (8)0x b 0x400ac451: mov ecx, dword [ebx + (32)0xffffffbc] 0x400ac457: 0x400ac459: j(e,z) dword (32)0x00002a76 0x400ac45f: 0x400ac461: mov eax, dword [eax + (8)0x c] 0x400ac464: 0x400ac466: j(ne,nz) byte (8)0x c 0x400c38d1: add ebx, (32)0x000c1723 0x400c38d7: mov edi, dword [ebp + (8)0x c] 0x400c38da: 0x400c38dd: 0x400c38df: 0x400c38e2: cmp al, (8)0x x400c38e4: 0x400c38e7: 0x400c38e9: 0x400c38eb: j(ne,nz) byte (8)0x x400c38ed: jmp byte (8)0x x400c2806: add ebx, (32)0x000c27ee 0x400c280c: mov dword [esp + (8)0x ], eax 0x400c2810: mov eax, dword [ebp + (8)0x ] 0x400c2813: 0x400c2816: call dword (32)0x x400c7154: add ebx, (32)0x000bdea0 0x400c715a: mov dword [esp + (8)0x c], eax 0x400c715e: mov eax, (32)0xffffffff 0x400c7163: mov dword [esp + (8)0x ], esi 0x400c7167: lea esi, dword [ebp + (32)0xffffff58] 0x400c716d: mov dword [esp + (8)0x ], eax 0x400c7171: 0x400c7174: call dword (32)0x000094b7 0x400b8bf9: add ebx, (32)0x000cc3fb 0x400b8bff: mov dword [ebp + (32)0xffffff68], eax 0x400b8c05: 0x400b8c07: mov dword [ebp + (32)0xffffff64], eax 0x400b8c0d: mov eax, dword [ebx + (32)0xffffff88] 0x400b8c13: mov dword [ebp + (32)0xffffff4c], ecx 0x400b8c19: mov ecx, dword [ebp + (8)0x ] 0x400b8c1c: mov edx, dword [eax + edx] 0x400b8c1f: mov dword [ebp + (32)0xffffff70], edi 0x400b8c25: mov dword [ebp + (32)0xffffff58], esi 0x400b8c2b: 0x400b8c2d: mov dword [ebp + (32)0xffffff54], edx 0x400b8c33: 0x400b8c35: mov dword [ebp + (32)0xffffff50], eax 0x400b8c3b: 0x400b8c3d: mov dword [ebp + (32)0xffffff14], eax 0x400b8c43: 0x400b8c45: mov dword [ebp + (32)0xffffff10], eax 0x400b8c4b: 0x400b8c4d: mov dword [ebp + (32)0xffffff18], edx 0x400b8c53: mov edx, dword [ebp + (8)0x ] 0x400b8c56: mov dword [ebp + (32)0xffffff0c], eax 0x400b8c5c: 0x400b8c5e: mov dword [ebp + (32)0xffffff08], eax 0x400b8c64: 0x400b8c66: mov dword [ebp + (32)0xffffff00], eax 0x400b8c6c: 0x400b8c6e: mov dword [ebp + (32)0xfffffefc], eax 0x400b8c74: mov dword [ebp + (32)0xffffff74], edx 0x400b8c7a: cmp byte [ecx + (8)0x ], (8)0x x400b8c7e: j(ne,nz) byte (8)0x d 0x400b8c80: mov esi, dword [ebx + (32)0xffffffbc] 0x400b8c86: 0x400b8c88: j(e,z) dword (32)0x00001a68 0x400b8c8e: mov eax, dword [ecx + (8)0x c] 0x400b8c91: 0x400b8c93: j(ne,nz) byte (8)0x c 0x4009dce3: add ebx, (32)0x000e7311 0x4009dce9: mov eax, dword [ebx + (32)0xffffff88] 0x4009dcef: mov eax, dword [eax + edx] 0x4009dcf2: mov dword [esp + (8)0x ], eax 0x4009dcf6: mov eax, dword [ebp + (8)0x ] 0x4009dcf9: mov dword [esp + (8)0x c], eax 0x4009dcfd: mov eax, dword [ebp + (8)0x ] 0x4009dd00: mov dword [esp + (8)0x ], eax 0x4009dd04: mov eax, dword [ebp + (8)0x c] 0x4009dd07: mov dword [esp + (8)0x ], eax 0x4009dd0b: mov eax, dword [ebp + (8)0x ] 0x4009dd0e: 0x4009dd11: call dword (32)0x000001ea 0x4009df11: add ebx, (32)0x000e70e3 0x4009df17: mov dword [ebp + (8)0xffffffd4], (32)0x x4009df1e: mov edi, dword [ebp + (8)0x ] 0x4009df21: mov ecx, dword [eax + (8)0x ] 0x4009df24: mov dword [ebp + (8)0xffffffd0], (32)0x x4009df2b: mov eax, dword [ebp + (8)0x ] 0x4009df2e: mov dword [ebp + (8)0xffffffcc], (32)0x x4009df35: 0x4009df37: j(ne,nz) dword (32)0x x4009df3d: 0x4009df3f: 0x4009df41: shr eax, (8)0x f 0x4009df44: cmp edi, (8)0x x4009df47: 0x4009df4a: 0x4009df4c: 0x4009df4e: cmp edi, (8)0x x4009df51: j(le,ng) byte (8)0x e 0x4009dec3: add ebx, (32)0x000e7131 0x4009dec9: mov eax, dword [ebx + (32)0xffffff88] 0x4009decf: mov eax, dword [eax + edx] 0x4009ded2: mov dword [esp + (8)0x ], eax 0x4009ded6: mov eax, dword [ebp + (8)0x ] 0x4009ded9: mov dword [esp + (8)0x c], eax 0x4009dedd: mov eax, dword [ebp + (8)0x ] 0x4009dee0: mov dword [esp + (8)0x ], eax 0x4009dee4: mov eax, dword [ebp + (8)0x c] 0x4009dee7: mov dword [esp + (8)0x ], eax 0x4009deeb: mov eax, dword [ebp + (8)0x ] 0x4009deee: 0x4009def1: call dword (32)0x00000dfa 0x4009ed01: add ebx, (32)0x000e62f3 0x4009ed07: mov dword [ebp + (8)0xffffffcc], (32)0x x4009ed0e: mov esi, dword [ebp + (8)0x ] 0x4009ed11: mov ecx, dword [eax + (8)0x ] 0x4009ed14: mov dword [ebp + (8)0xffffffc8], (32)0x x4009ed1b: mov eax, dword [ebp + (8)0x ] 0x4009ed1e: mov dword [ebp + (8)0xffffffc4], (32)0x x4009ed25: 0x4009ed27: j(ne,nz) dword (32)0x x4009ed2d: 0x4009ed2f: 0x4009ed31: shr eax, (8)0x f 0x4009ed34: cmp esi, (8)0x x4009ed37: 0x4009ed3a: 0x4009ed3c: 0x4009ed3e: cmp esi, (8)0x x4009ed41: j(le,ng) byte (8)0x x0804d7d0: sub esp, (8)0x x0804d7d3: mov ecx, dword [0x0805ada8] 0x0804d7d9: mov edx, dword [ecx + (8)0x c] 0x0804d7dc: movsx ecx, dword [edx] 0x0804d7df: mov dword [0x0805be88], ecx 0x0804d7e5: movsx ecx, dword [edx + (8)0x ] 0x0804d7e9: lea edx, dword [esp + (8)0x ] 0x0804d7ed: mov dword [0x0805be8c], ecx 0x0804d7f3: 0x0804d7f4: push (32)0x x0804d7f9: push (8)0x x0804d7fb: call dword (32)0xffffc53c 0x4009bfa7: add ebx, (32)0x000e904d 0x4009bfad: 0x4009bfb0: call dword (32)0x0003cf8b 0x400d611e: add ebx, (32)0x000aeed6 0x400d6124: mov dword [ebp + (8)0xfffffffc], edi 0x400d6127: mov eax, dword [ebx + (32)0xfffffea4] 0x400d612d: mov edi, dword [ebp + (8)0x c] 0x400d6130: mov dword [ebp + (8)0xfffffff8], esi 0x400d6133: mov edx, dword [eax] 0x400d6135: 0x400d6137: j(e,z) byte (8)0x x400d5181: add ebx, (32)0x000afe73 0x400d5187: mov dword [ebp + (8)0xfffffff8], esi 0x400d518a: 0x400d518c: mov dword [ebp + (8)0xfffffffc], edi 0x400d518f: j(e,z) dword (32)0x x400d5195: mov edi, dword [ebp + (8)0x c] 0x400d5198: 0x400d519a: j(e,z) dword (32)0x000002d0 0x400d51a0: cmp eax, (8)0xffffffdf 0x400d51a3: j(nbe,a) dword (32)0x000002db 0x400d51a9: mov dword [ebp + (8)0xfffffff0], (32)0x x400d51b0: add eax, (8)0x b 0x400d51b3: mov esi, dword [ebp + (8)0x c] 0x400d51b6: 0x400d51b8: and edx, (8)0xfffffff8 0x400d51bb: cmp eax, (8)0x x400d51be: cmov(b,nae) edx, dword [ebp + (8)0xfffffff0] 0x400d51c2: sub esi, (8)0x x400d51c5: 0x400d51c7: mov dword [ebp + (8)0xffffffec], esi 0x400d51ca: mov esi, dword [esi + (8)0x ] 0x400d51cd: mov dword [ebp + (8)0xfffffff0], edx 0x400d51d0: mov edx, esi 0x400d51d2: and edx, (8)0xfffffff8 0x400d51d5: mov dword [ebp + (8)0xffffffe8], edx 0x400d51d8: test esi, (32)0x x400d51de: j(ne,nz) dword (32)0x000000bc 0x400d51e4: mov ecx, dword [ebp + (8)0xfffffff0] 0x400d51e7: mov edi, edx 0x400d51e9: cmp edx, ecx 0x400d51eb: j(nb,ae) byte (8)0x x400d51ed: 0x400d51ef: mov edx, dword [ebp + (8)0x ] 0x400d51f2: mov dword [ebp + (8)0xffffffe0], eax 0x400d51f5: cmp eax, dword [edx + (8)0x ] 0x400d51f8: j(e,z) dword (32)0x000002d2 0x400d51fe: mov ecx, dword [ebp + (8)0xffffffe0] 0x400d5201: mov eax, dword [ecx + (8)0x ] 0x400d5204: and eax, (8)0xfffffff8 0x400d5207: test byte [eax + ecx + (8)0x ], (8)0x x400d520c: j(ne,nz) dword (32)0x x400d39c1: add ebx, (32)0x000b1633 0x400d39c7: mov dword [ebp + (8)0xfffffff8], esi 0x400d39ca: mov eax, dword [ebp + (8)0x ] 0x400d39cd: mov dword [ebp + (8)0xfffffffc], edi 0x400d39d0: 0x400d39d2: mov dword [ebp + (8)0xfffffff0], eax 0x400d39d5: j(e,z) byte (8)0x x400d39d7: lea esi, dword [ecx + (8)0xfffffff8] 0x400d39da: mov edx, dword [esi + (8)0x ] 0x400d39dd: mov edi, edx 0x400d39df: mov dword [ebp + (8)0xffffffc0], edx 0x400d39e2: and edi, (8)0xfffffff8 0x400d39e5: 0x400d39e7: neg eax 0x400d39e9: cmp esi, eax 0x400d39eb: j(nbe,a) dword (32)0x x400d39f1: mov edx, dword [ebp + (8)0xfffffff0] 0x400d39f4: mov eax, dword [edx + (8)0x ] 0x400d39f7: cmp edi, eax 0x400d39f9: j(nbe,a) byte (8)0x a 0x401223e1: add ebx, (32)0x00062c13 0x401223e7: mov dword [ebp + (8)0xfffffff8], esi 0x401223ea: cmp eax, (8)0x x401223ed: mov dword [ebp + (8)0xfffffffc], edi 0x401223f0: mov esi, dword [ebp + (8)0x ] 0x401223f3: j(e,z) byte (8)0x b 0x401223f5: j(le,ng) dword (32)0x x401223fb: cmp eax, (8)0x x401223fe: j(e,z) dword (32)0x c 0x40093fe2: add ebx, (32)0x000f1012 0x40093fe8: mov eax, dword [ebx + (32)0xffffff6c] 0x40093fee: add edx, eax 0x40093ff0: 0x40093ff2: 0x40093ff4: j(e,z) byte (8)0x x40093ff6: 0x40093ff7: 0x40093ff9: 0x40093ffa: 0x400ab471: add ebx, (32)0x000d9b83 0x400ab477: lea eax, dword [ebx + (32)0xfffede6c] 0x400ab47d: mov ecx, dword [ebp + (8)0x ] 0x400ab480: mov esi, dword [ebp + (8)0x c] 0x400ab483: mov dword [ebp + (8)0xfffffff0], eax 0x400ab486: mov eax, dword [ebp + (8)0x ] 0x400ab489: 0x400ab48b: lea eax, dword [ebx + (32)0xfffede2c] 0x400ab491: cmov(ne,nz) eax, dword [ebp + (8)0xfffffff0] 0x400ab495: cmp edi, (8)0x a 0x400ab498: mov dword [ebp + (8)0xfffffff0], eax 0x400ab49b: j(e,z) byte (8)0x x400ce7a6: add ebx, (32)0x000b684e 0x400ce7ac: test byte [eax + (8)0x ], (8)0x x400ce7b0: mov dword [ebp + (8)0xfffffff0], edx 0x400ce7b3: mov dword [ebp + (8)0xffffffec], ecx 0x400ce7b6: j(e,z) byte (8)0x e 0x4009c7ce: add ebx, (32)0x000e8826 0x4009c7d4: mov edx, dword [ebx + (32)0x00000d58] 0x4009c7da: 0x4009c7dc: j(e,z) byte (8)0x f 0x4009c7de: mov esi, esi 0x4009c7e0: mov eax, dword [edx + (8)0x ] 0x4009c7e3: 0x4009c7e5: j(e,z) byte (8)0x x4009c7e7: mov esi, esi 0x4009c7e9: lea edi, dword [edi + (32)0x ] 0x4009c7f0: 0x4009c7f1: mov dword [edx + (8)0x ], eax 0x4009c7f4: shl eax, (8)0x x4009c7f7: lea eax, dword [eax + edx] 0x4009c7fa: lea ecx, dword [eax + (8)0x ] 0x4009c7fd: mov eax, dword [eax + (8)0x ] 0x4009c800: cmp eax, (8)0x x4009c803: j(nbe,a) byte (8)0x x4009c805: mov eax, dword [ebx + eax*4 + (32)0xfffecac4] 0x4009c80c: add eax, ebx 0x4009c80e: 0x4009c810: mov eax, dword [ebp + (8)0x ] 0x4009c813: mov dword [esp + (8)0x ], eax 0x4009c817: mov eax, dword [ecx + (8)0x ] 0x4009c81a: 0x4009c81d: call dword [ecx + (8)0x ] 0x4009ca2e: add ebx, (32)0x000e85c6 0x4009ca34: mov edi, dword [ebx + (32)0x00000d58] 0x4009ca3a: 0x4009ca3c: j(e,z) byte (8)0x x4009ca3e: mov esi, esi 0x4009ca40: mov eax, dword [edi + (8)0x ] 0x4009ca43: shl eax, (8)0x x4009ca46: lea esi, dword [eax + edi + (8)0xfffffff8] 0x4009ca4a: lea eax, dword [edi + (8)0x ] 0x4009ca4d: cmp esi, eax 0x4009ca4f: mov dword [ebp + (8)0xfffffff0], eax 0x4009ca52: j(nb,ae) byte (8)0x x4009ca54: jmp byte (8)0x a 0x : add ebx, (32)0x0004ebf4 0x : mov edx, dword [ebx + (32)0xffffff5c] 0x c: mov edx, dword [edx] 0x e: 0x : j(e,z) byte (8)0x e 0x : lea esi, dword [esi + (32)0x ] 0x : lea edi, dword [edi + (32)0x ] 0x : mov eax, dword [ebp + (8)0x ] 0x : cmp dword [edx + (8)0x ], eax 0x : j(e,z) byte (8)0x x : mov edi, edx 0x a: mov edx, dword [edx] 0x c: 0x e: j(ne,nz) byte (8)0xfffffff0 0x : lea esp, dword [ebp + (8)0xfffffff4] 0x : 0x : 0x : 0x : 0x : 0x a: add ebx, (32)0x000fd6ca 0x : lea esi, dword [ebx + (32)0xffffe68c] 0x : 0x : 0x a: j(ne,nz) byte (8)0x x c: 0x d: 0x e: 0x f: 0x400d0cde: add ebx, (32)0x000b4316 0x400d0ce4: mov dword [esp], (32)0x x400d0ceb: call dword (32)0xfffffb30 0x400d0830: add ebx, (32)0x000b47c4 0x400d0836: mov dword [ebp + (8)0xffffffe0], (32)0x x400d083d: mov edx, dword [ebx + (32)0x00003ac4] 0x400d0843: 0x400d0845: 0x400d0848: 0x400d084a: mov dword [ebp + (8)0xffffffd8], eax 0x400d084d: j(ne,nz) dword (32)0x000001df 0x400d0853: mov dword [ebp + (8)0xffffffe8], (32)0x x400d085a: lea eax, dword [ebx + (32)0xfff4af8c] 0x400d0860: mov dword [ebp + (8)0xffffffe4], eax 0x400d0863: mov esi, dword [ebp + (8)0x ] 0x400d0866: 0x400d0868: j(e,z) byte (8)0x b 0x400cf6e3: add ebx, (32)0x000b5911 0x400cf6e9: mov dword [esp + (8)0x ], eax 0x400cf6ed: mov eax, dword [ebp + (8)0x c] 0x400cf6f0: 0x400cf6f3: mov dword [esp + (8)0x ], eax 0x400cf6f7: call dword (32)0x00001fc4 0x400d16de: add ebx, (32)0x000b3916 0x400d16e4: mov eax, dword [eax + esi + (32)0x ] 0x400d16eb: 0x400d16ee: call dword [eax + (8)0x ] 0xffffe400: 0xffffe401: 0xffffe402: 0xffffe403: 0xffffe405: sysenter 0x0804fccd: 0x0804fcd0: 0x0804fcd2: mov ecx, (32)0x x0804fcd7: lea edx, dword [ebp + (32)0xfffff633] 0x0804fcdd: call dword (32)0xffffd92e 0x0804fcf1: jmp dword (32)0xfffffc1c 0x400f5468: 0x400f546a: j(s) byte (8)0x x400f546c: mov dword [ebp + (8)0xffffff90], (32)0x x400f5473: mov eax, dword [ebp + (8)0xffffffc8] 0x400f5476: cmp eax, (32)0x x400f547b: cmov(b,nae) eax, dword [ebp + (8)0xffffff90] 0x400f547f: mov dword [ebp + (8)0xffffff90], eax 0x400f5482: add eax, (8)0x c 0x400f5485: 0x400f5488: call dword (32)0xfff923eb 0x0804d610: 0x0804d611: 0x0804d612: 0x0804d613: mov edi, edx 0x0804d615: sub esp, (8)0x x0804d618: mov edx, dword [0x0805a 0x0804d61e: mov ebx, eax 0x0804d620: mov esi, ecx 0x0804d622: 0x0804d623: call dword (32)0xffffc3 0x c: jmp dword [0x0805a740] 0x400c4a10: 0x400c4a11: 0x400c4a13: sub esp, (8)0x x400c4a16: mov dword [ebp + (8)0xfffffff8], esi 0x400c4a19: mov esi, dword [ebp + (8)0x ] 0x400c4a1c: mov dword [ebp + (8)0xfffffff4], ebx 0x400c4a1f: call dword (32)0xfffc2f2d 0x400c4a64: cmpxchg dword [edx], ecx 0x400c4a67: j(ne,nz) dword (32)0x000000b9 0x400c4a6d: mov edx, dword [esi + (8)0x ] 0x400c4a70: mov dword [edx + (8)0x ], edi 0x400c4a73: inc dword [edx + (8)0x ] 0x400c4a76: movsx eax, byte [esi + (8)0x ] 0x400c4a7a: mov eax, dword [eax + esi + (32)0x ] 0x400c4a81: 0x400c4a84: call dword [eax + (8)0x ] 0x400cf3c0: 0x400cf3c1: 0x400cf3c3: sub esp, (8)0x c 0x400cf3c6: mov dword [ebp + (8)0xfffffff8], esi 0x400cf3c9: mov esi, dword [ebp + (8)0x ] 0x400cf3cc: mov dword [ebp + (8)0xfffffff4], ebx 0x400cf3cf: mov dword [ebp + (8)0xfffffffc], edi 0x400cf3d2: mov edx, dword [esi + (8)0x ] 0x400cf3d5: call dword (32)0xfffb8577 0x400cf430: mov eax, dword [esi + (8)0x ] 0x400cf433: 0x400cf435: sub edx, dword [esi + (8)0x ] 0x400cf438: j(ne,nz) byte (8)0x d 0x400cf43a: mov dword [esi + (8)0x c], (32)0xffffffff 0x400cf441: mov dword [esi + (8)0x ], (32)0xffffffff 0x400cf448: 0x400cf44a: mov ebx, dword [ebp + (8)0xfffffff4] 0x400cf44d: mov esi, dword [ebp + (8)0xfffffff8] 0x400cf450: mov edi, dword [ebp + (8)0xfffffffc] 0x400cf453: 0x400cf455: 0x400cf456: 0x400cf4b0: mov dword [esp + (8)0x ], eax 0x400cf4b4: sub edx, eax 0x400cf4b6: mov dword [esp + (8)0x ], edx 0x400cf4ba: 0x400cf4bd: call dword (32)0xfffff5be 0x400c4a87: cmp eax, (8)0x x400c4a8a: sbb ecx, ecx 0x400c4a8c: not ecx 0x400c4a8e: movzx eax, dword [esi] 0x400c4a91: 0x400c4a96: 0x400c4a99: j(ne,nz) byte (8)0x x400c4a9b: mov edx, dword [esi + (8)0x ] 0x400c4a9e: mov eax, dword [edx + (8)0x ] 0x400c4aa1: 0x400c4aa2: mov dword [edx + (8)0x ], eax 0x400c4aa5: 0x400c4aa7: j(ne,nz) byte (8)0x x400c4aa9: mov dword [edx + (8)0x ], (32)0x x400c4ab0: cmp dword [0x c], (8)0x x400c4ab8: 0x400d16f1: 0x400d16f3: 0x400d16f4: j(e,z) byte (8)0x e 0x400d16f6: mov edx, dword [ebp + (8)0x ] 0x400d16f9: 0x400d16fb: 0x400d16fe: 0x400d1700: 0x400d1703: 0x400d1705: 0x400d1707: j(e,z) byte (8)0x a 0x400d1709: or dword [esi], (8)0x x400d170c: lea eax, dword [esi + (8)0x ] 0x400d170f: 0x400d1711: mov dword [esp + (8)0x ], eax 0x400d1715: lea eax, dword [esi + (8)0x ] 0x400d1718: mov dword [esp + (8)0x c], edi 0x400d171c: mov dword [esp + (8)0x ], eax 0x400d1720: 0x400d1723: call dword (32)0xfffffdd8 0x400c4abc: sub dword [edx], (8)0x x400c4abf: j(ne,nz) byte (8)0x x400c4ac1: jmp byte (8)0x d 0x400c4ad0: 0x400c4ad2: mov ebx, dword [ebp + (8)0xfffffff4] 0x400c4ad5: mov esi, dword [ebp + (8)0xfffffff8] 0x400c4ad8: mov edi, dword [ebp + (8)0xfffffffc] 0x400c4adb: 0x400c4add: 0x400c4ade: 0x0804d628: 0x0804d62b: test ebx, ebx 0x0804d62d: j(ne,nz) byte (8)0x x0804d62f: 0x0804d630: 0x0804d631: 0x0804d632: push (8)0x x0804d634: call dword (32)0xffffc7e3 0x0804a5dd: 0x0804a5e0: 0x0804a5e2: j(e,z) byte (8)0x x08049e1c: jmp dword [0x0805a87c] 0x4011c490: cmp dword [0x c], (8)0x x4011c498: j(ne,nz) byte (8)0x x4011c49a: 0x4011c49b: mov edx, dword [esp + (8)0x ] 0x4011c49f: mov ecx, dword [esp + (8)0x c] 0x4011c4a3: mov ebx, dword [esp + (8)0x ] 0x4011c4a7: mov eax, (32)0x x4011c4ac: 0x4011c4ed: call dword (32)0x c 0x08051c62: 0x08051c64: 0x08051c67: call dword (32)0xffff7c70 0x4015fa5e: mov ecx, dword [esp] 0x4015fa61: 0x4011c4f2: add ecx, (32)0x00068b02 0x4011c4f8: mov ecx, dword [ecx + (32)0xffffff38] 0x4011c4fe: 0x4011c500: sub edx, eax 0x4011c502: mov dword [ecx + (8)0x ], edx 0x4011c506: or eax, (8)0xffffffff 0x4011c509: jmp byte (8)0xffffffe1 0x4011c4ec: 0x0804d639: mov ebx, eax 0x0804d63b: pop eax 0x0804d63c: pop edx 0x0804d63d: push (8)0x x0804d63f: push (8)0x x0804d641: call dword (32)0xffffc686 0x08049ccc: jmp dword [0x0805a828] 0x : 0x : 0x : 0x : 0x : mov eax, dword [ebp + (8)0x c] 0x a: call dword (32)0xfff x401230d0: 0x401230d1: mov edx, dword [esp + (8)0x ] 0x401230d5: mov ecx, dword [esp + (8)0x c] 0x401230d9: mov ebx, dword [esp + (8)0x ] 0x401230dd: mov eax, (32)0x x401230e2: 0x d: 0x : 0x : 0x : 0x0804d800: 0x0804d803: 0x0804d804: j(e,z) byte (8)0x b 0x0804d806: mov ax, word [esp + (8)0x ] 0x0804d80b: 0x0804d80e: j(e,z) byte (8)0x x0804d810: mov edx, dword [esp + (8)0x ] 0x0804d814: test dx, dx 0x0804d817: j(e,z) byte (8)0x x0804d819: mov ecx, edx 0x0804d81b: and eax, (32)0x0000ffff 0x0804d820: and ecx, (32)0x0000ffff 0x0804d826: mov dword [(32)0x0805be88], eax 0x0804d82b: mov dword [0x0805be8c], ecx 0x0804d831: mov edx, dword [0x0805adc0] 0x0804d837: 0x0804d839: j(e,z) byte (8)0x a 0x0804d646: mov eax, ebx 0x0804d648: 0x0804d64b: 0x0804d64c: 0x0804d64d: 0x0804d64e: 0x0804fce2: 0x0804fce4: j(nle,g) byte (8)0xffffff9e 0x0804fce6: 0x0804fce7: 0x0804fce8: push (8)0x x0804fcea: push (8)0x x0804fcec: call dword (32)0xffff9f1b 0x0804f912: 0x0804f915: call dword (32)0xffffd196 0x0804cab0: 0x0804cab1: 0x0804cab2: 0x0804cab3: 0x0804cab4: sub esp, (32)0x c 0x0804caba: mov eax, dword [(32)0x0805dc54] 0x0804cabf: 0x0804cac1: j(ne,nz) dword (32)0x x0804cd38: mov ecx, dword [0x0805b834] 0x0804cd3e: mov dword [esp + (8)0x c], (32)0x x0804cd46: mov dword [0x0805be98], (32)0x x0804cd50: mov dword [0x0805c004], (32)0x x0804cd5a: 0x0804cd5c: j(e,z) dword (32)0x d 0x0804cd62: mov edi, dword [0x0805adc0] 0x0804cd68: 0x0804cd6b: mov eax, (32)0x c 0x0804cd70: 0x0804cd72: 0x0804cd74: mov eax, (32)0x0805bf80 0x0804cd79: 0x0804cd7a: call dword (32)0xffffce1d 0x08049b9c: jmp dword [0x0805a7dc] 0x4005ce00: 0x4005ce01: 0x4005ce03: 0x4005ce04: 0x4005ce07: call dword (32)0xfffe06be 0x4003d4ca: mov ebx, dword [esp] 0x4003d4cd: 0x4005ce0c: add ebx, (32)0x00011fe0 0x4005ce12: mov eax, dword [ebx + (32)0xffffffec] 0x4005ce18: mov dword [esp + (8)0x ], eax 0x4005ce1c: mov eax, (32)0x x4005ce21: mov dword [esp + (8)0x ], eax 0x4005ce25: mov eax, dword [ebp + (8)0x ] 0x4005ce28: 0x4005ce2b: call dword (32)0xfffdf944 0x4005cb41: add ebx, (32)0x000122ab 0x4005cb47: cmp esi, (8)0xffffffff 0x4005cb4a: 0x4005cb4d: 0x4005cb4f: 0x4005cb52: 0x4005cb54: 0x4005cb56: 0x4005cb5b: j(ne,nz) dword (32)0x d 0x4005cb61: mov byte [ebp + (8)0xfffffff3], (8)0x x4005cb65: mov edi, dword [ebx + (32)0xffffffa0] 0x4005cb6b: mov byte [ebp + (8)0xfffffff2], (8)0x x4005cb6f: mov eax, dword [edi] 0x4005cb71: 0x4005cb73: j(e,z) dword (32)0x e 0x4005cb79: mov eax, dword [eax + (8)0x ] 0x4005cb7c: 0x4005cb7e: cmp esi, dword [eax + (8)0x ] 0x4005cb81: j(e,z) dword (32)0x f 0x4005cb87: cmp esi, dword [eax + (32)0x000000b4] 0x4005cb8d: j(e,z) dword (32)0x x4005cb93: mov byte [ebp + (8)0xfffffff3], dl 0x4005cb96: mov edx, dword [edi] 0x4005cb98: mov byte [ebp + (8)0xfffffff1], (8)0x x4005cb9c: mov eax, dword [edx + (8)0x ] 0x4005cb9f: cmp byte [eax + (8)0x ], (8)0x x4005cba3: j(ne,nz) byte (8)0x b 0x4005cba5: mov eax, dword [edx + (8)0x c] 0x4005cba8: cmp word [eax + (8)0x a], (8)0x x4005cbad: j(e,z) byte (8)0x x4005cbaf: mov eax, dword [ebx + (32)0xffffff04] 0x4005cbb5: 0x4005cbb7: 0x4005cbb9: j(e,z) byte (8)0x a 0x40058b9c: add ebx, (32)0x x40058ba2: cmp ecx, dword [ebx + (32)0x00003ab4] 0x40058ba8: j(e,z) byte (8)0x c 0x40058baa: 0x40058bac: mov eax, (32)0xffffffff 0x40058bb1: j(s) byte (8)0x a 0x40058bb3: 0x40058bb5: jmp byte (8)0x x4005c99f: add ebx, (32)0x d 0x4005c9a5: mov edx, dword [ebx + (32)0xffffff04] 0x4005c9ab: 0x4005c9ad: 0x4005c9af: j(e,z) byte (8)0x f 0x4005af0f: add ebx, (32)0x00013edd 0x4005af15: mov dword [esp + (8)0x ], eax 0x4005af19: mov eax, dword [ebp + (8)0x ] 0x4005af1c: mov dword [esp + (8)0x ], eax 0x4005af20: mov eax, dword [ebp + (8)0x ] 0x4005af23: 0x4005af26: call dword (32)0xfffe1039 0x4005b507: add ebx, (32)0x000138e5 0x4005b50d: mov eax, dword [ebx + (32)0xfffffefc] 0x4005b513: mov dword [eax], (32)0x x4005b519: mov eax, dword [ebp + (8)0x ] 0x4005b51c: mov dword [ebp + (32)0xffffff7c], eax 0x4005b522: 0x4005b524: 0x4005b526: j(e,z) dword (32)0x000000a4 0x4005b52c: mov edx, dword [ebp + (8)0x ] 0x4005b52f: 0x4005b531: mov dword [ebx + (32)0x00003cc0], ecx 0x4005b537: 0x4005b53a: call dword (32)0xfffe12e5 0x4005b153: add ebx, (32)0x00013c99 0x4005b159: mov dword [ebp + (8)0xffffffec], (32)0xffffffff 0x4005b160: 0x4005b162: mov dword [ebp + (8)0xffffffe8], (32)0x x4005b169: j(e,z) dword (32)0x x4005b16f: 0x4005b172: call dword (32)0xfffe16ad 0x4003c774: jmp dword [ebx + (32)0x c] 0x4005cb30: 0x4005cb31: 0x4005cb33: 0x4005cb34: 0x4005cb35: 0x4005cb36: sub esp, (8)0x c 0x4005cb39: mov esi, dword [ebp + (8)0x ] 0x4005cb3c: call dword (32)0xfffe0989 0x4005cbc5: mov eax, dword [ebx + (32)0xffffff44] 0x4005cbcb: 0x4005cbcd: 0x4005cbd0: call dword (32)0xfffe044f 0x4003d024: jmp dword [ebx + (32)0x ] 0x40058b90: 0x40058b91: 0x40058b93: 0x40058b94: mov ecx, dword [ebp + (8)0x ] 0x40058b97: call dword (32)0xfffe492e 0x40058bbd: cmp dword [ebx + edx*8 + (32)0xffff4a94], ecx 0x40058bc4: j(ne,nz) byte (8)0xfffffff1 0x40058bb7: inc edx 0x40058bb8: cmp edx, (8)0x x40058bbb: j(nbe,a) byte (8)0x x40058bbd: cmp dword [ebx + edx*8 + (32)0xffff4a94], ecx 0x40058bc4: j(ne,nz) byte (8)0xfffffff1 0x4005cbd5: mov edx, dword [edi] 0x4005cbd7: mov edx, dword [edx + (8)0x c] 0x4005cbda: movsx edx, dword [edx + (8)0x a] 0x4005cbde: 0x4005cbe0: j(l,nge) byte (8)0x e 0x4005cbe2: mov byte [ebp + (8)0xfffffff1], (8)0x x4005cbe6: lea esi, dword [esi + (8)0x ] 0x4005cbe9: lea edi, dword [edi + (32)0x ] 0x4005cbf0: movzx eax, byte [ebp + (8)0xfffffff1] 0x4005cbf4: mov byte [ebp + (8)0xfffffff2], al 0x4005cbf7: mov ecx, dword [ebp + (8)0x ] 0x4005cbfa: mov dword [ebx + (32)0x000034e0], ecx 0x4005cc00: 0x4005cc03: 0x4005cc05: mov byte [ebp + (8)0xffffffeb], al 0x4005cc08: j(ne,nz) byte (8)0x x4005cc31: cmp byte [ebp + (8)0xffffffeb], (8)0x x4005cc35: j(ne,nz) byte (8)0xffffffd9 0x4005cca0: mov eax, dword [ebx + (32)0xffffffec] 0x4005cca6: 0x4005cca8: mov dword [ebx + (32)0x000034e0], eax 0x4005ccae: add esp, (8)0x c 0x4005ccb1: 0x4005ccb3: 0x4005ccb4: 0x4005ccb5: 0x4005ccb6: 0x4005ccb7: 0x4005cc10: movsx eax, byte [ebp + (8)0xffffffeb] 0x4005cc14: 0x4005cc17: call dword [ebp + (8)0x ] 0x4005c990: 0x4005c991: 0x4005c993: 0x4005c994: 0x4005c997: mov ecx, dword [ebp + (8)0x ] 0x4005c99a: call dword (32)0xfffe0b2b 0x4005c9f0: 0x4005c9f2: 0x4005c9f4: j(e,z) byte (8)0x a 0x4005ca10: mov eax, dword [ebx + (32)0xffffff6c] 0x4005ca16: 0x4005ca18: jmp byte (8)0xffffffdf 0x4005c9f9: mov dword [esp + (8)0x ], eax 0x4005c9fd: 0x4005ca00: call dword (32)0xfffe043f 0x4003ce44: jmp dword [ebx + (32)0x000003d0] 0x400cc030: 0x400cc031: 0x400cc033: 0x400cc034: 0x400cc035: sub esp, (8)0x x400cc038: mov esi, dword [ebp + (8)0x c] 0x400cc03b: movzx eax, dword [esi] 0x400cc03e: 0x400cc043: 0x400cc046: j(ne,nz) byte (8)0x x400cc048: mov edx, dword [esi + (8)0x ] 0x400cc04b: mov edi, dword [0x ] 0x400cc052: cmp dword [edx + (8)0x ], edi 0x400cc055: j(e,z) byte (8)0x e 0x400cc057: 0x400cc059: mov ecx, (32)0x x400cc05e: cmp dword [0x c], (8)0x x400cc066: 0x400cc06a: cmpxchg dword [edx], ecx 0x400cc06d: j(ne,nz) byte (8)0x e 0x400cc06f: mov edx, dword [esi + (8)0x ] 0x400cc072: mov dword [edx + (8)0x ], edi 0x400cc075: inc dword [edx + (8)0x ] 0x400cc078: mov edx, dword [esi + (8)0x ] 0x400cc07b: cmp edx, dword [esi + (8)0x ] 0x400cc07e: j(nb,ae) byte (8)0x x400cc080: movzx eax, byte [ebp + (8)0x ] 0x400cc084: movzx ecx, al 0x400cc087: mov byte [edx], al 0x400cc089: inc dword [esi + (8)0x ] 0x400cc08c: movzx eax, dword [esi] 0x400cc08f: 0x400cc094: 0x400cc097: j(ne,nz) byte (8)0x x400cc099: mov edx, dword [esi + (8)0x ] 0x400cc09c: mov eax, dword [edx + (8)0x ] 0x400cc09f: 0x400cc0a0: mov dword [edx + (8)0x ], eax 0x400cc0a3: 0x400cc0a5: j(ne,nz) byte (8)0x x400cc0a7: mov dword [edx + (8)0x ], (32)0x x400cc0ae: cmp dword [0x c], (8)0x x400cc0b6: 0x400cc0ba: sub dword [edx], (8)0x x400cc0bd: j(ne,nz) byte (8)0x x400cc0bf: nop 0x400cc0c0: add esp, (8)0x x400cc0c3: 0x400cc0c5: 0x400cc0c6: 0x400cc0c7: 0x400cc0c8: 0x4005ca05: add esp, (8)0x x4005ca08: 0x4005ca0a: 0x4005ca0b: 0x4005ca0c: 0x4005cc1a: movzx ecx, byte [esi] 0x4005cc1d: mov byte [ebp + (8)0xffffffeb], cl 0x4005cc20: cmp byte [ebp + (8)0xffffffeb], (8)0x x4005cc24: j(e,z) byte (8)0x a 0x4005cc26: 0x4005cc27: 0x4005cc2a: 0x4005cc2c: mov byte [ebp + (8)0xffffffeb], al 0x4005cc2f: j(e,z) byte (8)0x f 0x4005cc31: cmp byte [ebp + (8)0xffffffeb], (8)0x x4005cc35: j(ne,nz) byte (8)0xffffffd9 0x4005ce30: add esp, (8)0x x4005ce33: 0x4005ce34: 0x4005ce35: 0x0804cd7f: 0x0804cd82: mov edx, dword [0x0805dc54] 0x0804cd88: mov eax, dword [(32)0x0805b834] 0x0804cd8d: call dword (32)0xffffe8fe 0x0804a5ad: mov dword [esp], (32)0x0805bf40 0x0804a5b4: call dword (32)0xfffff5e3 0x0804a5b9: mov dword [esp], (32)0x0805bf20 0x0804a5c0: call dword (32)0xfffff5d7 0x0804a5c5: mov dword [esp], (32)0x d 0x0804a5cc: call dword (32)0xfffff5cb 0x0804a5d1: pop eax 0x0804a5d2: mov eax, dword [(32)0x0805ada0] 0x0804a5d7: 0x0804a5d8: call dword (32)0xfffff34f 0x0804b690: 0x0804b691: 0x0804b692: 0x0804b693: 0x0804b694: 0x0804b697: 0x0804b699: 0x0804b69b: mov ebx, edx 0x0804b69d: call dword (32)0xfffffd6e 0x0804b410: 0x0804b411: 0x0804b412: 0x0804b413: 0x0804b415: sub esp, (8)0x x0804b418: 0x0804b41a: j(e,z) dword (32)0x000000da 0x0804b4fa: 0x0804b4fb: 0x0804b4fc: lea edi, dword [esp + (8)0x ] 0x0804b500: 0x0804b501: lea esi, dword [esp + (8)0x c] 0x0804b505: 0x0804b506: call dword (32)0xffffe771 0x0804b4d6: mov ebx, dword [0x0805dc60] 0x0804b4dc: inc ebx 0x0804b4dd: mov dword [0x0805dc60], ebx 0x0804b4e3: jmp dword (32)0xffffff58 0x08049c7c: jmp dword [0x0805a814] 0x400eb330: mov edx, ebx 0x400eb332: mov ecx, dword [esp + (8)0x ] 0x400eb336: mov ebx, dword [esp + (8)0x ] 0x400eb33a: mov eax, (32)0x e 0x400eb33f: 0x0804b50b: mov edi, dword [esp + (8)0x ] 0x0804b50f: mov edx, dword [0x0805b828] 0x0804b515: mov ebx, edi 0x0804b517: mov eax, dword [(32)0x0805b82c] 0x0804b51c: sub ebx, edx 0x0804b51e: mov edx, dword [0x080603c0] 0x0804b524: 0x0804b525: mov dword [0x0805b828], edi 0x0804b52b: fild dword [esp] 0x0804b52e: add esp, (8)0x x0804b531: fld qword [0x ] 0x0804b537: mov esi, dword [esp + (8)0x ] 0x0804b53b: mov ecx, esi 0x0804b53d: mov dword [0x0805b82c], esi 0x0804b543: sub ecx, eax 0x0804b545: 0x0804b546: mov ecx, dword [0x080603c4] 0x0804b54c: fild dword [esp] 0x0804b54f: fmulp st1 0x0804b551: add esp, (8)0x x0804b554: faddp st1 0x0804b556: fstp dword [esp + (8)0x c] 0x0804b55a: fld dword [esp + (8)0x c] 0x0804b55e: 0x0804b55f: 0x0804b560: fild qword [esp] 0x0804b563: add esp, (8)0x x0804b566: 0x0804b568: j(s) dword (32)0x000000df 0x0804b56e: fstp dword [esp + (8)0x c] 0x0804b572: mov ecx, dword [0x0805a8c4] 0x0804b578: fld dword [esp + (8)0x c] 0x0804b57c: fmulp st1 0x0804b57e: 0x0804b580: j(ne,nz) byte (8)0x x0804b58a: fld dword [0x08057c20] 0x0804b590: fdivrp st1 0x0804b592: mov edx, dword [0x0805dc58] 0x0804b598: mov ebx, dword [0x0805b81c] 0x0804b59e: mov esi, dword [0x0805b818] 0x0804b5a4: push (32)0x0804a160 0x0804b5a9: mov dword [0x0805b824], edx 0x0804b5af: push (8)0x c 0x0804b5b1: mov dword [0x0805dc68], (32)0x x0804b5bb: 0x0804b5bc: mov dword [0x0805dc64], (32)0x x0804b5c6: 0x0804b5c7: mov dword [0x0805dc60], (32)0x x0804b5d1: mov dword [0x0805dc5c], (32)0x x0804b5db: mov dword [0x0805dc58], (32)0x x0804b5e5: mov dword [0x0805b818], ebx 0x0804b5eb: mov dword [0x0805b81c], esi 0x0804b5f1: fstp dword [0x0805dc6c] 0x0804b5f7: call dword (32)0xffffe540 0x08049b3c: jmp dword [0x0805a7c4] 0x4009be10: 0x4009be11: 0x4009be13: sub esp, (8)0x x4009be16: mov dword [ebp + (8)0xfffffff8], esi 0x4009be19: mov eax, dword [ebp + (8)0x ] 0x4009be1c: mov esi, dword [ebp + (8)0x c] 0x4009be1f: mov dword [ebp + (8)0xfffffff4], ebx 0x4009be22: call dword (32)0xfffebb2a 0x4009bec0: lea eax, dword [esi + (8)0x e] 0x4009bec3: and eax, (8)0xfffffff0 0x4009bec6: sub esp, eax 0x4009bec8: lea eax, dword [esp + (8)0x f] 0x4009becc: and eax, (8)0xfffffff0 0x4009becf: mov dword [esp + (8)0x ], eax 0x4009bed3: mov eax, dword [ebp + (8)0x ] 0x4009bed6: 0x4009bed9: mov ecx, dword [ebp + (8)0x ] 0x4009bedc: mov edx, dword [ebp + (8)0x c] 0x4009bedf: mov eax, dword [ebp + (8)0x ] 0x4009bee2: call dword (32)0xfffffd59 0x4009bc40: 0x4009bc41: 0x4009bc43: sub esp, (8)0x x4009bc46: mov dword [ebp + (8)0xfffffff4], ebx 0x4009bc49: call dword (32)0xfffebd03 0x4009bc74: mov edi, edx 0x4009bc76: 0x4009bc78: shr(1) edi 0x4009bc7a: sub eax, edi 0x4009bc7c: mov edx, dword [ebp + (8)0xfffffff0] 0x4009bc7f: mov dword [ebp + (8)0xffffffdc], eax 0x4009bc82: 0x4009bc84: imul eax, edi 0x4009bc87: mov dword [ebp + (8)0xffffffe4], edx 0x4009bc8a: 0x4009bc8c: mov dword [ebp + (8)0xffffffe0], eax 0x4009bc8f: mov eax, dword [ebp + (8)0x c] 0x4009bc92: mov dword [esp + (8)0x ], eax 0x4009bc96: mov edx, dword [ebp + (8)0x ] 0x4009bc99: 0x4009bc9c: mov eax, dword [ebp + (8)0xfffffff0] 0x4009bc9f: mov edx, edi 0x4009bca1: call dword (32)0xffffff9a 0x4009bca6: mov eax, dword [ebp + (8)0x c] 0x4009bca9: mov dword [esp + (8)0x ], eax 0x4009bcad: mov edx, dword [ebp + (8)0x ] 0x4009bcb0: 0x4009bcb3: mov eax, dword [ebp + (8)0xffffffe0] 0x4009bcb6: mov ecx, dword [ebp + (8)0xffffffec] 0x4009bcb9: mov edx, dword [ebp + (8)0xffffffdc] 0x4009bcbc: call dword (32)0xffffff7f 0x4009bcc1: cmp dword [ebp + (8)0xffffffec], (8)0x x4009bcc5: mov eax, dword [ebp + (8)0x c] 0x4009bcc8: mov dword [ebp + (8)0xffffffe8], eax 0x4009bccb: j(e,z) dword (32)0x000000ac 0x4009bcd1: 0x4009bcd3: j(e,z) byte (8)0x x4009bcd5: mov eax, dword [ebp + (8)0xffffffdc] 0x4009bcd8: 0x4009bcda: j(ne,nz) byte (8)0x x4009bd44: mov eax, dword [ebp + (8)0xffffffe0] 0x4009bd47: mov dword [esp + (8)0x ], eax 0x4009bd4b: mov edx, dword [ebp + (8)0xffffffe4] 0x4009bd4e: 0x4009bd51: call dword [ebp + (8)0x ] 0x0804a160: mov edx, dword [esp + (8)0x ] 0x0804a164: mov eax, dword [edx + (8)0x ] 0x0804a167: mov edx, dword [esp + (8)0x ] 0x0804a16b: mov ecx, dword [edx + (8)0x ] 0x0804a16e: sub eax, ecx 0x0804a170: 0x4009bd54: 0x4009bd56: j(nle,g) byte (8)0xffffffbc 0x4009bd58: mov eax, dword [ebp + (8)0xffffffec] 0x4009bd5b: dec edi 0x4009bd5c: mov dword [esp + (8)0x ], eax 0x4009bd60: mov edx, dword [ebp + (8)0xffffffe4] 0x4009bd63: mov dword [esp + (8)0x ], edx 0x4009bd67: mov eax, dword [ebp + (8)0xffffffe8] 0x4009bd6a: 0x4009bd6d: call dword (32)0x0003e3be 0x4009b6ed: 0x4009b6ef: j(nl,ge) byte (8)0xffffffcf 0x4009b6f1: mov edi, esi 0x4009b6f3: cmp dword [ebp + (8)0xfffffff4], edi 0x4009b6f6: j(b,nae) byte (8)0xffffffd3 0x400da130: mov ecx, dword [esp + (8)0x c] 0x400da134: 0x400da136: mov edi, dword [esp + (8)0x ] 0x400da13a: mov edx, esi 0x400da13c: mov esi, dword [esp + (8)0x ] 0x400da140: 0x400da141: shr(1) ecx 0x400da143: j(nb,ae) byte (8)0x x4009bd14: mov eax, dword [ebp + (8)0xffffffec] 0x4009bd17: mov dword [esp + (8)0x ], eax 0x4009bd1b: mov edx, dword [ebp + (8)0xffffffe0] 0x4009bd1e: mov dword [esp + (8)0x ], edx 0x4009bd22: mov eax, dword [ebp + (8)0xffffffe8] 0x4009bd25: 0x4009bd28: call dword (32)0x0003e403 0x400da146: shr(1) ecx 0x400da148: j(nb,ae) byte (8)0x x400da14c: 0x4009bd72: mov dword [ebp + (8)0xffffffe8], eax 0x4009bd75: mov edx, dword [ebp + (8)0xffffffec] 0x4009bd78: add dword [ebp + (8)0xffffffe4], edx 0x4009bd7b: jmp byte (8)0xffffffbc 0x4009bd2d: dec dword [ebp + (8)0xffffffdc] 0x4009bd30: mov edx, dword [ebp + (8)0xffffffec] 0x4009bd33: add dword [ebp + (8)0xffffffe0], edx 0x4009bd36: mov dword [ebp + (8)0xffffffe8], eax 0x4009bd39: 0x4009bd3b: j(e,z) byte (8)0xffffffa9 0x4009bd3d: mov eax, dword [ebp + (8)0xffffffdc] 0x4009bd40: 0x4009bd42: j(e,z) byte (8)0xffffff98 0x4009bd44: mov eax, dword [ebp + (8)0xffffffe0] 0x4009bd47: mov dword [esp + (8)0x ], eax 0x4009bd4b: mov edx, dword [ebp + (8)0xffffffe4] 0x4009bd4e: 0x4009bd51: call dword [ebp + (8)0x ] 0x4009bd39: 0x4009bd3b: j(e,z) byte (8)0xffffffa9 0x4009bce6: mov edx, dword [ebp + (8)0xffffffdc] 0x4009bce9: mov eax, dword [ebp + (8)0xffffffec] 0x4009bcec: sub esi, edx 0x4009bcee: imul esi, eax 0x4009bcf1: mov dword [esp + (8)0x ], esi 0x4009bcf5: mov eax, dword [ebp + (8)0x c] 0x4009bcf8: mov dword [esp + (8)0x ], eax 0x4009bcfc: mov edx, dword [ebp + (8)0xfffffff0] 0x4009bcff: 0x4009bd02: call dword (32)0x0003e8d9 0x400da5e0: mov ecx, dword [esp + (8)0x c] 0x400da5e4: 0x400da5e6: mov edi, dword [esp + (8)0x ] 0x400da5ea: mov edx, esi 0x400da5ec: mov esi, dword [esp + (8)0x ] 0x400da5f0: 0x400da5f1: shr(1) ecx 0x400da5f3: j(nb,ae) byte (8)0x x400da5f6: shr(1) ecx 0x400da5f8: j(nb,ae) byte (8)0x x400da5fc: 0x08051a85: mov ecx, dword [esp + (8)0x ] 0x08051a89: 0x08051a8c: lea edx, dword [esi + (32)0x000000cc] 0x08051a92: mov byte [esi + edi + (32)0x000001ac], (8)0x x08051a9a: lea ebp, dword [esi + (32)0x000000c8] 0x08051aa0: 0x08051aa1: lea edi, dword [esi + (32)0x ] 0x08051aa7: lea edx, dword [esi + (32)0x000001fc] 0x08051aad: 0x08051aae: lea ebp, dword [esi + (32)0x ] 0x08051ab4: 0x08051ab5: lea edi, dword [esi + (32)0x000000fc] 0x08051abb: 0x08051abc: lea edx, dword [esi + (32)0x000000f8] 0x08051ac2: 0x08051ac3: lea ebp, dword [esi + (32)0x000000f4] 0x08051ac9: 0x08051aca: lea edi, dword [esi + (32)0x000000f0] 0x08051ad0: 0x08051ad1: lea edx, dword [esi + (32)0x000000ec] 0x08051ad7: 0x08051ad8: lea ebp, dword [esi + (32)0x000000d4] 0x08051ade: 0x08051adf: lea edi, dword [esi + (32)0x ] 0x08051ae5: 0x08051ae6: lea edx, dword [esi + (32)0x000000d0] 0x08051aec: 0x08051aed: lea ebp, dword [esi + (8)0x ] 0x08051af0: 0x08051af1: lea edi, dword [esi + (32)0x c] 0x08051af7: 0x08051af8: lea edx, dword [esi + (32)0x000001cc] 0x08051afe: 0x08051aff: lea ebp, dword [esi + (32)0x ] 0x08051b05: 0x08051b06: lea edi, dword [esi + (32)0x ] 0x08051b0c: 0x08051b0d: lea edx, dword [esi + (8)0x ] 0x08051b10: 0x08051b11: lea ebp, dword [esi + (8)0x ] 0x08051b14: 0x08051b15: lea edi, dword [esi + (8)0x ] 0x08051b18: 0x08051b19: lea edx, dword [esi + (8)0x ] 0x08051b1c: 0x08051b1d: lea ebp, dword [esi + (32)0x000000e8] 0x08051b23: 0x08051b24: lea edi, dword [esi + (32)0x000000e0] 0x08051b2a: 0x08051b2b: lea edx, dword [esi + (32)0x000000e4] 0x08051b31: 0x08051b32: lea ebp, dword [esi + (32)0x000000dc] 0x08051b38: 0x08051b39: lea edi, dword [esi + (32)0x000000d8] 0x08051b3f: 0x08051b40: lea edx, dword [esi + (32)0x000001f8] 0x08051b46: 0x08051b47: lea ebp, dword [esi + (32)0x000001d4] 0x08051b4d: 0x08051b4e: lea edi, dword [esi + (32)0x000001c8] 0x08051b54: 0x08051b55: lea edx, dword [esi + (32)0x000001c4] 0x08051b5b: 0x08051b5c: add ecx, (8)0x x08051b5f: 0x08051b60: lea ebp, dword [esi + (8)0x ] 0x08051b63: 0x08051b64: lea edi, dword [esi + (8)0x c] 0x08051b67: lea edx, dword [ebx + (32)0xffffe8d8] 0x08051b6d: 0x08051b6e: 0x08051b6f: 0x08051b70: 0x08051b71: call dword (32)0xffff81a6 0x4009bd07: mov ebx, dword [ebp + (8)0xfffffff4] 0x4009bd0a: mov esi, dword [ebp + (8)0xfffffff8] 0x4009bd0d: mov edi, dword [ebp + (8)0xfffffffc] 0x4009bd10: 0x4009bd12: 0x4009bd13: 0x4009bee7: mov ebx, dword [ebp + (8)0xfffffff4] 0x4009beea: mov esi, dword [ebp + (8)0xfffffff8] 0x4009beed: mov edi, dword [ebp + (8)0xfffffffc] 0x4009bef0: 0x4009bef2: 0x4009bef3: 0x0804b5fc: 0x0804b5ff: jmp dword (32)0xfffffeb9 0x0804b4bd: add esp, (8)0x x0804b4c0: 0x0804b4c1: 0x0804b4c2: 0x0804b4c3: 0x0804b6a2: mov edx, dword [0x0805ae30] 0x0804b6a8: 0x0804b6aa: 0x0804b6ac: j(e,z) dword (32)0x b 0x0804b7cd: 0x0804b7d0: jmp dword (32)0xfffffee4 0x0804b6b9: 0x0804b6ba: call dword (32)0x x08052a50: 0x08052a51: 0x08052a52: 0x08052a53: 0x08052a58: 0x08052a59: add ebx, (32)0x00007ca0 0x08052a5f: sub esp, (8)0x c 0x08052a62: mov edi, dword [esp + (8)0x c] 0x08052a66: push (32)0x x08052a6b: call dword (32)0x00002e10 0x : 0x : 0x : 0x : mov esi, dword [esp + (8)0x ] 0x : 0x c: 0x d: add ebx, (32)0x00004e6c 0x : 0x : 0x c: 0x f: 0x080558a0: call dword (32)0xffff4177 0x08049a1c: jmp dword [0x0805a77c] 0x400d5bc0: 0x400d5bc1: 0x400d5bc3: 0x400d5bc6: mov dword [ebp + (8)0xfffffff4], ebx 0x400d5bc9: call dword (32)0xfffb1d83 0x400d5c02: 0x400d5c09: mov eax, dword [ebx + (32)0xfffffe50] 0x400d5c0f: mov esi, dword [eax + edx] 0x400d5c12: 0x400d5c14: j(e,z) byte (8)0x d 0x400d5c16: mov edx, (32)0x x400d5c1b: 0x400d5c1d: cmp dword [0x c], (8)0x x400d5c25: 0x400d5c29: cmpxchg dword [esi], edx 0x400d5c2c: 0x400d5c2f: 0x400d5c31: j(e,z) byte (8)0x c 0x400d5c3f: 0x400d5c41: 0x400d5c43: j(e,z) byte (8)0xffffffb0 0x400d5c45: mov eax, dword [ebp + (8)0x ] 0x400d5c48: 0x400d5c4b: mov dword [esp + (8)0x ], eax 0x400d5c4f: call dword (32)0xffffe55c 0x400d41b0: 0x400d41b1: 0x400d41b3: 0x400d41b4: 0x400d41b5: 0x400d41b6: sub esp, (8)0x x400d41b9: mov eax, dword [ebp + (8)0x c] 0x400d41bc: call dword (32)0xfffb3790 0x400d4219: cmp dword [ebp + (8)0xfffffff0], (32)0x000001ff 0x400d4220: j(nbe,a) byte (8)0x f 0x400d4222: mov eax, dword [ebp + (8)0xfffffff0] 0x400d4225: mov edx, dword [ebp + (8)0x ] 0x400d4228: shr eax, (8)0x x400d422b: mov dword [ebp + (8)0xffffffec], eax 0x400d422e: lea esi, dword [edx + eax*8 + (8)0x ] 0x400d4232: mov ecx, dword [esi + (8)0x c] 0x400d4235: mov dword [ebp + (8)0xffffffe8], ecx 0x400d4238: cmp ecx, esi 0x400d423a: j(e,z) byte (8)0x x400d428f: mov esi, dword [ebp + (8)0x ] 0x400d4292: add esi, (8)0x x400d4295: mov dword [ebp + (8)0xffffffa4], esi 0x400d4298: mov eax, dword [ebp + (8)0x ] 0x400d429b: mov edx, dword [ebp + (8)0xffffffa4] 0x400d429e: mov eax, dword [eax + (8)0x ] 0x400d42a1: mov dword [ebp + (8)0xffffffe8], eax 0x400d42a4: 0x400d42a6: j(e,z) dword (32)0x000001c4 0x400d42ac: lea ecx, dword [ebx + (32)0x c] 0x400d42b2: mov dword [ebp + (8)0xffffffdc], ecx 0x400d42b5: jmp byte (8)0x x400d4271: mov eax, dword [ebp + (8)0xfffffff0] 0x400d4274: shr eax, (8)0x x400d4277: cmp eax, (8)0x x400d427a: j(nbe,a) dword (32)0x x400d4280: add eax, (8)0x x400d4283: mov dword [ebp + (8)0xffffffec], eax 0x400d4286: test cl, (8)0x x400d4289: j(e,z) dword (32)0x x400d428f: mov esi, dword [ebp + (8)0x ] 0x400d4292: add esi, (8)0x x400d4295: mov dword [ebp + (8)0xffffffa4], esi 0x400d4298: mov eax, dword [ebp + (8)0x ] 0x400d429b: mov edx, dword [ebp + (8)0xffffffa4] 0x400d429e: mov eax, dword [eax + (8)0x ] 0x400d42a1: mov dword [ebp + (8)0xffffffe8], eax 0x400d42a4: 0x400d42a6: j(e,z) dword (32)0x000001c4 0x400d4308: mov eax, dword [ebp + (8)0xffffffe8] 0x400d430b: mov esi, dword [ebp + (8)0xffffffe8] 0x400d430e: mov edx, dword [eax + (8)0x ] 0x400d4311: mov esi, dword [esi + (8)0x c] 0x400d4314: and edx, (8)0xfffffff8 0x400d4317: cmp dword [ebp + (8)0xfffffff0], (32)0x000001ff 0x400d431e: mov dword [ebp + (8)0xffffff9c], esi 0x400d4321: mov dword [ebp + (8)0xffffffe4], edx 0x400d4324: j(nbe,a) byte (8)0x b 0x400d4326: mov ecx, dword [ebp + (8)0xffffffa4] 0x400d4329: cmp esi, ecx 0x400d432b: j(e,z) dword (32)0x d 0x400d457e: mov esi, dword [ebp + (8)0x ] 0x400d4581: cmp eax, dword [esi + (8)0x ] 0x400d4584: j(ne,nz) dword (32)0xfffffda7 0x400d4331: mov esi, dword [ebp + (8)0xfffffff0] 0x400d4334: mov edx, dword [ebp + (8)0xffffff9c] 0x400d4337: mov eax, dword [ebp + (8)0x ] 0x400d433a: cmp dword [ebp + (8)0xffffffe4], esi 0x400d433d: mov ecx, dword [ebp + (8)0xffffffa4] 0x400d4340: mov dword [eax + (8)0x ], edx 0x400d4343: mov dword [edx + (8)0x ], ecx 0x400d4346: j(e,z) dword (32)0x x400d45e2: mov eax, dword [ebp + (8)0xffffffe8] 0x400d45e5: mov edx, dword [ebp + (8)0xffffffdc] 0x400d45e8: or dword [esi + eax + (8)0x ], (8)0x x400d45ed: cmp dword [ebp + (8)0x ], edx 0x400d45f0: j(e,z) dword (32)0xfffffc76 0x400d426c: mov eax, dword [ebp + (8)0xffffffe8] 0x400d426f: jmp byte (8)0xffffff9d 0x400d420e: add eax, (8)0x x400d4211: add esp, (8)0x x400d4214: 0x400d4215: 0x400d4216: 0x400d4217: 0x400d4218: 0x400d5c54: 0x400d5c56: 0x400d5c58: j(e,z) byte (8)0x x400d5c5a: cmp dword [0x c], (8)0x x400d5c62: 0x400d53a9: 0x400d53ab: 0x400d53ad: 0x400d53af: j(e,z) dword (32)0xfffffed7 0x400d53b5: lea eax, dword [esi + (8)0xfffffff8] 0x400d53b8: mov edx, dword [ebp + (8)0xffffffe0] 0x400d53bb: mov edi, dword [eax + (8)0x ] 0x400d53be: mov dword [ebp + (8)0xffffffe4], eax 0x400d53c1: and edi, (8)0xfffffff8 0x400d53c4: 0x400d53c6: j(e,z) dword (32)0x b 0x400d53cc: mov eax, dword [ebp + (8)0xffffffe8] 0x400d53cf: sub eax, (8)0x x400d53d2: 0x400d53d4: shr edx, (8)0x x400d53d7: cmp edx, (8)0x x400d53da: j(be,na) byte (8)0x x400d53dc: cmp eax, (8)0x x400d53df: mov edi, esi 0x400d53e1: mov edx, dword [ebp + (8)0x c] 0x400d53e4: j(be,na) byte (8)0x b 0x400d53e6: test esi, (32)0x x400d53ec: j(e,z) byte (8)0x x400d5c66: sub dword [esi], (8)0x x400d5c69: j(ne,nz) dword (32)0x000012db 0x400d5c6f: 0x400d5c71: mov ebx, dword [ebp + (8)0xfffffff4] 0x400d5c74: mov esi, dword [ebp + (8)0xfffffff8] 0x400d5c77: mov edi, dword [ebp + (8)0xfffffffc] 0x400d5c7a: 0x400d5c7c: 0x400d5c7d: 0x080558a5: 0x080558a8: 0x080558aa: j(e,z) byte (8)0x x080558ac: pop edx 0x080558ad: 0x080558ae: 0x080558af: 0x400f548d: 0x400f548f: 0x400f5491: j(e,z) byte (8)0x x400f5493: 0x400f5494: 0x400f5496: mov ecx, (32)0x x400f549b: mov edi, edx 0x400f549d: stos(d) 0x08052a70: 0x08052a73: 0x08052a75: mov eax, dword [ebx + (32)0x ] 0x08052a7b: 0x08052a7d: j(e,z) dword (32)0x d 0x08052a83: lea edx, dword [ebx + (32)0xffff85f8] 0x08052a89: lea ecx, dword [ebx + (32)0xffff8b28] 0x08052a8f: mov dword [esi + (8)0x ], edx 0x08052a92: lea edx, dword [ebx + (32)0xffff8718] 0x08052a98: mov dword [esi + (8)0x ], (32)0x x08052a9f: mov dword [esi + (8)0x ], (32)0xffffffff 0x08052aa6: mov dword [esi + (8)0x c], ecx 0x08052aa9: mov dword [esi + (8)0x ], edx 0x08052aac: test edi, (32)0x x08052ab2: j(e,z) byte (8)0x x08052af8: 0x08052afb: lea ecx, dword [ebx + (32)0xffffe9dd] 0x08052b01: 0x08052b02: call dword (32)0xffff7185 0x08049c8c: jmp dword [0x0805a818] 0x400f53f0: 0x400f53f1: 0x400f53f3: add esp, (8)0xffffff80 0x400f53f6: mov dword [ebp + (8)0xfffffff4], ebx 0x400f53f9: mov eax, dword [ebp + (8)0x ] 0x400f53fc: mov dword [ebp + (8)0xfffffff8], esi 0x400f53ff: mov dword [ebp + (8)0xfffffffc], edi 0x400f5402: call dword (32)0xfff9254a 0x4011c2ca: 0x4011c2cb: mov edx, dword [esp + (8)0x ] 0x4011c2cf: mov ecx, dword [esp + (8)0x c] 0x4011c2d3: mov ebx, dword [esp + (8)0x ] 0x4011c2d7: mov eax, (32)0x x4011c2dc: 0x400f5427: 0x400f5429: 0x400f542b: 0x400f542d: j(s) dword (32)0x x400f5433: mov dword [esp + (8)0x ], esi 0x400f5437: lea eax, dword [ebp + (8)0xffffff94] 0x400f543a: mov dword [esp + (8)0x ], eax 0x400f543e: mov dword [esp], (32)0x x400f5445: call dword (32)0x x08051c47: 0x08051c49: 0x08051c4c: or eax, (8)0xffffffff 0x08051c4f: cmp edi, (8)0xffffffff 0x08051c52: j(e,z) byte (8)0x x08051c54: 0x08051c55: mov ecx, dword [esp + (8)0x ] 0x08051c59: dec ecx 0x08051c5a: 0x08051c5b: 0x08051c5c: 0x08051c5d: call dword (32)0xffff81ba 0x4011bb80: 0x4011bb81: 0x4011bb83: 0x4011bb84: mov edx, dword [ebp + (8)0x c] 0x4011bb87: call dword (32)0xfff6bdc5 0x400f544a: 0x400f544c: j(s) byte (8)0x x400f544e: 0x400f5451: mov edx, (32)0x x400f5456: mov eax, (32)0x x400f545b: mov dword [esp + (8)0x ], edx 0x400f545f: mov dword [esp + (8)0x ], eax 0x400f5463: call dword (32)0x x : jmp dword [ebx + (32)0x ] 0x400d4470: cmp dword [ebp + (8)0xfffffff0], (32)0x000001ff 0x400d4477: j(be,na) byte (8)0x x400d4479: mov eax, dword [ebp + (8)0xffffffec] 0x400d447c: mov edx, dword [ebp + (8)0x ] 0x400d447f: lea esi, dword [edx + eax*8 + (8)0x ] 0x400d4483: mov ecx, dword [esi + (8)0x c] 0x400d4486: cmp ecx, esi 0x400d4488: mov dword [ebp + (8)0xffffffe8], ecx 0x400d448b: 0x400d4403: mov eax, dword [ebp + (8)0xfffffff0] 0x400d4406: shr eax, (8)0x x400d4409: cmp eax, (8)0x x400d440c: j(nbe,a) byte (8)0x x400d440e: add eax, (8)0x b 0x400d4411: jmp dword (32)0xfffffe6d 0x400d449c: inc dword [ebp + (8)0xffffffec] 0x400d449f: mov eax, dword [ebp + (8)0x ] 0x400d44a2: mov dword [ebp + (8)0xffffffe0], (32)0x x400d44a9: mov ecx, dword [ebp + (8)0xffffffec] 0x400d44ac: lea esi, dword [eax + ecx*8 + (8)0x ] 0x400d44b0: mov edi, ecx 0x400d44b2: and ecx, (8)0x f 0x400d44b5: shr edi, (8)0x x400d44b8: shl(cl) dword [ebp + (8)0xffffffe0] 0x400d44bb: lea ecx, dword [ebx + (32)0x c] 0x400d44c1: mov edx, dword [eax + edi*4 + (32)0x ] 0x400d44c8: mov dword [ebp + (8)0xffffffd8], ecx 0x400d44cb: mov ecx, dword [ebp + (8)0x ] 0x400d44ce: 0x400d44d0: mov dword [ebp + (8)0xffffff9c], edx 0x400d44d3: shl eax, (8)0x x400d44d6: add eax, ecx 0x400d44d8: mov dword [ebp + (8)0xffffffa0], eax 0x400d44db: nop 0x400d44dc: lea esi, dword [esi + (8)0x ] 0x400d44e0: mov eax, dword [ebp + (8)0xffffff9c] 0x400d44e3: mov edx, dword [ebp + (8)0xffffffe0] 0x400d44e6: cmp dword [ebp + (8)0xffffffe0], eax 0x400d44e9: set(nbe,a) al 0x400d44ec: 0x400d44ee: 0x400d44f1: 0x400d44f3: 0x400d44f5: j(e,z) byte (8)0x x400d44f7: mov esi, esi 0x400d44f9: lea edi, dword [edi + (32)0x ] 0x400d4500: add dword [ebp + (8)0xffffffa0], (32)0x x400d4507: 0x400d4508: cmp edi, (8)0x x400d450b: j(nbe,a) dword (32)0x c 0x400d4511: mov edx, dword [ebp + (8)0x ] 0x400d4514: mov edx, dword [edx + edi*4 + (32)0x ] 0x400d451b: 0x400d451d: mov dword [ebp + (8)0xffffff9c], edx 0x400d4520: j(e,z) byte (8)0xffffffde 0x400d4500: add dword [ebp + (8)0xffffffa0], (32)0x x400d4507: 0x400d4508: cmp edi, (8)0x x400d450b: j(nbe,a) dword (32)0x c 0x400d461d: mov ecx, dword [ebp + (8)0x ] 0x400d4620: mov edx, dword [ebp + (8)0xfffffff0] 0x400d4623: mov esi, dword [ecx + (8)0x ] 0x400d4626: add edx, (8)0x x400d4629: mov dword [ebp + (8)0xffffffd4], edx 0x400d462c: mov eax, dword [esi + (8)0x ] 0x400d462f: mov dword [ebp + (8)0xffffffe8], esi 0x400d4632: and eax, (8)0xfffffff8 0x400d4635: 0x400d4637: mov dword [ebp + (8)0xffffffe4], eax 0x400d463a: j(nb,ae) dword (32)0x x400d4794: mov ecx, dword [ebp + (8)0xfffffff0] 0x400d4797: sub eax, ecx 0x400d4799: add esi, ecx 0x400d479b: mov dword [ebp + (8)0xffffffe4], eax 0x400d479e: mov eax, dword [ebp + (8)0x ] 0x400d47a1: mov edx, ecx 0x400d47a3: or edx, (8)0x x400d47a6: or ecx, (8)0x x400d47a9: mov dword [eax + (8)0x ], esi 0x400d47ac: lea eax, dword [ebx + (32)0x c] 0x400d47b2: cmp dword [ebp + (8)0x ], eax 0x400d47b5: cmov(ne,nz) edx, ecx 0x400d47b8: mov ecx, dword [ebp + (8)0xffffffe8] 0x400d47bb: or dword [ebp + (8)0xffffffe4], (8)0x x400d47bf: mov dword [ecx + (8)0x ], edx 0x400d47c2: mov eax, dword [ebp + (8)0xffffffe4] 0x400d47c5: mov dword [esi + (8)0x ], eax 0x400d47c8: 0x400d47ca: jmp dword (32)0xfffffa3f 0x400f549d: stos(d) 0x08052b07: 0x08052b0a: 0x08052b0c: mov dword [esi], eax 0x08052b0e: 0x08052b10: j(e,z) byte (8)0xffffffc5 0x08052b12: lea eax, dword [ebx + (32)0xffff84f8] 0x08052b18: jmp byte (8)0xffffffa6 0x08052ac0: mov dword [esi + (8)0x ], eax 0x08052ac3: mov dword [esi + (8)0x ], edi 0x08052ac6: test edi, (32)0x x08052acc: j(e,z) byte (8)0x x08052ae0: and edi, (32)0x x08052ae6: j(e,z) byte (8)0xffffffed 0x08052ad5: mov edx, esi 0x08052ad7: add esp, (8)0x x08052ada: 0x08052adc: 0x08052add: 0x08052ade: 0x08052adf: 0x0804b6bf: 0x0804b6c2: mov ebp, eax 0x0804b6c4: cmp edi, dword [0x0805b830] 0x0804b6ca: j(b,nae) byte (8)0x x0804b6f2: mov edx, dword [esi + edi*4] 0x0804b6f5: mov eax, dword [edx + (32)0x ] 0x0804b6fb: 0x0804b6fd: j(e,z) byte (8)0xffffffd2 0x0804b6d1: 0x0804b6d2: 0x0804b6d3: mov eax, dword [esi + edi*4] 0x0804b6d6: 0x0804b6d7: 0x0804b6d8: call dword (32)0x00007fb3 0x : 0x : 0x : 0x : 0x : 0x : 0x c: 0x d: add ebx, (32)0x c 0x080536a3: mov edi, dword [esp + (8)0x ] 0x080536a7: mov esi, dword [esp + (8)0x ] 0x080536ab: mov eax, dword [edi + (8)0x c] 0x080536ae: 0x080536b0: j(e,z) byte (8)0x x080536b2: mov dword [edi + (8)0x c], (32)0x x080536b9: mov ebp, esi 0x080536bb: 0x080536bd: j(ne,nz) byte (8)0x x080536cf: 0x080536d0: 0x080536d1: 0x080536d2: 0x080536d3: call dword [edi + (8)0x ] 0x080536b9: mov ebp, esi 0x080536bb: 0x080536bd: j(ne,nz) byte (8)0x x08052bf0: 0x08052bf1: 0x08052bf2: 0x08052bf3: 0x08052bf4: 0x08052bf7: 0x08052bfc: 0x08052bfd: add ebx, (32)0x00007afc 0x08052c03: mov edi, dword [esp + (8)0x ] 0x08052c07: mov ebp, dword [esp + (8)0x ] 0x08052c0b: lea esi, dword [edi + (8)0x c] 0x08052c0e: 0x08052c11: mov eax, dword [edi] 0x08052c13: 0x08052c14: call dword (32)0xffff71c3 0x08049ddc: jmp dword [0x0805a86c] 0x400f5580: 0x400f5581: mov ecx, (32)0x x400f5586: 0x400f5588: 0x400f5589: 0x400f558a: 0x400f558b: sub esp, (8)0x x400f558e: mov eax, dword [(32)0x ] 0x400f5594: call dword (32)0xfff923b8 0x400f55bc: cmpxchg dword [esi + (8)0x ], ecx 0x400f55c0: j(ne,nz) dword (32)0x d 0x400f55c6: mov dword [ebp + (8)0xffffffec], edx 0x400f55c9: mov edi, dword [esi + (8)0x ] 0x400f55cc: jmp byte (8)0x b 0x400f55e9: mov edx, dword [esi + (8)0x ] 0x400f55ec: cmp edx, dword [esi + (8)0x c] 0x400f55ef: j(b,nae) byte (8)0xffffffdf 0x400f55f1: mov ecx, dword [esi + (8)0x ] 0x400f55f4: mov edx, edi 0x400f55f6: 0x400f55f8: call dword (32)0x x400f5d00: 0x400f5d01: 0x400f5d03: 0x400f5d04: 0x400f5d06: 0x400f5d07: 0x400f5d09: mov edx, ecx 0x400f5d0b: 0x400f5d0c: mov ecx, esi 0x400f5d0e: sub esp, (8)0x c 0x400f5d11: call dword (32)0xfff91c3b 0x400f55d0: lea ecx, dword [edx + edi] 0x400f55d3: movzx eax, dword [ecx + (8)0x ] 0x400f55d7: lea eax, dword [eax + edx] 0x400f55da: mov dword [esi + (8)0x ], eax 0x400f55dd: mov eax, dword [ecx + (8)0x ] 0x400f55e0: mov dword [esi + (8)0x ], eax 0x400f55e3: mov eax, dword [ecx] 0x400f55e5: 0x400f55e7: j(ne,nz) byte (8)0x x400f5d55: movzx eax, dword [edi + (8)0x ] 0x400f5d59: lea esi, dword [edi + (8)0x a] 0x400f5d5c: movzx eax, byte [eax + edi + (8)0xffffffff] 0x400f5d61: mov byte [ebp + (8)0xffffffef], al 0x400f5d64: 0x400f5d67: call dword (32)0xfffe31d4 0x400d8f40: mov ecx, dword [esp + (8)0x ] 0x400d8f44: 0x400d8f46: and ecx, (8)0x x400d8f49: j(e,z) byte (8)0x x400d8f4b: cmp byte [eax], ch 0x400d8f4d: j(e,z) dword (32)0x x400d8f53: 0x400d8f54: xor ecx, (8)0x x400d8f57: j(e,z) byte (8)0x a 0x400d8f59: cmp byte [eax], ch 0x400d8f5b: j(e,z) dword (32)0x x400d8fea: sub eax, dword [esp + (8)0x ] 0x400d8fee: 0x400d8f73: mov ecx, dword [eax] 0x400d8f75: mov edx, (32)0xfefefeff 0x400d8f7a: add edx, ecx 0x400d8f7c: j(nb,ae) byte (8)0x x400d8f7e: 0x400d8f80: or edx, (32)0xfefefeff 0x400d8f86: inc edx 0x400d8f87: j(ne,nz) byte (8)0x e 0x400d8fd7: 0x400d8fd9: 0x400d8fce: 0x400d8fd1: 0x400d8fd4: 0x400d8fd7: 0x400d8fd9: 0x400d8fdb: 0x400d8fdc: test ch, ch 0x400d8fde: j(e,z) byte (8)0x a 0x400f5d6c: mov dword [esp + (8)0x ], esi 0x400f5d70: 0x400f5d71: mov dword [esp + (8)0x ], eax 0x400f5d75: lea eax, dword [edi + (8)0x b] 0x400f5d78: 0x400f5d7b: call dword (32)0xfffe4300 0x400af992: jmp dword (32)0xffffe166 0x4009bfb5: mov dword [ebp + (8)0xfffffff0], eax 0x4009bfb8: mov eax, dword [ebx + (32)0xfffffedc] 0x4009bfbe: 0x4009bfc0: 0x4009bfc2: j(e,z) byte (8)0x c 0x4009bfc4: movzx edx, byte [edi] 0x4009bfc7: test dl, dl 0x4009bfc9: j(e,z) byte (8)0x x4009bfcb: cmp byte [edi + (8)0x ], (8)0x x4009bfcf: j(ne,nz) byte (8)0x x4005b53f: mov dword [ebp + (32)0xffffff78], eax 0x4005b545: lea eax, dword [ebp + (8)0xffffff84] 0x4005b548: mov dword [esp + (8)0x ], eax 0x4005b54c: lea eax, dword [ebp + (8)0xffffffb8] 0x4005b54f: mov dword [esp + (8)0x ], eax 0x4005b553: mov ecx, dword [ebp + (8)0x ] 0x4005b556: 0x4005b559: call dword (32)0xfffe0b16 0x4005b177: mov dword [ebp + (8)0xffffffe4], eax 0x4005b17a: mov eax, dword [ebx + (32)0x00003cc8] 0x4005b180: cmp dword [ebp + (8)0xffffffe4], eax 0x4005b183: j(nbe,a) dword (32)0x f 0x4005b189: 0x4005b18a: mov edi, dword [ebp + (8)0x c] 0x4005b18d: 0x4005b18f: mov ecx, (32)0x x4005b194: stos(d) 0x4005bba1: add esi, eax 0x4005bba3: mov dword [ebx + (32)0x00003cc0], esi 0x4005bba9: movzx eax, byte [edi] 0x4005bbac: jmp dword (32)0xfffffabc 0x400da080: 0x400da081: mov ecx, dword [esp + (8)0x ] 0x400da085: mov edi, dword [esp + (8)0x ] 0x400da089: mov edx, esi 0x400da08b: mov esi, dword [esp + (8)0x c] 0x400da08f: 0x400da091: sub eax, esi 0x400da093: cmp edi, eax 0x400da095: j(nb,ae) byte (8)0x x400da0ad: std 0x400da0ae: lea edi, dword [edi + ecx + (8)0xffffffff] 0x400da0b2: lea esi, dword [esi + ecx + (8)0xffffffff] 0x400da0b6: shr(1) ecx 0x400da0b8: j(nb,ae) byte (8)0x x400da0bb: sub edi, (8)0x x400da0be: sub esi, (8)0x x400da0c1: shr(1) ecx 0x400da0c3: j(nb,ae) byte (8)0x x400da0c5: 0x400da0c7: sub edi, (8)0x x400da0ca: sub esi, (8)0x x400da0cd: 0x400da0cf: 0x400da0d1: mov eax, dword [esp + (8)0x ] 0x400da0d5: 0x400da0d6: 0x400da0d7: 0x400f5d80: movzx ecx, byte [ebp + (8)0xffffffef] 0x400f5d84: movzx eax, dword [edi + (8)0x ] 0x400f5d88: mov byte [edi + (8)0x a], cl 0x400f5d8b: add edi, eax 0x400f5d8d: cmp edi, dword [ebp + (8)0xffffffe8] 0x400f5d90: j(b,nae) byte (8)0xffffffc3 0x400da0c7: sub edi, (8)0x x400da0ca: sub esi, (8)0x x400da0cd: 0x400da0cf: 0x400da0d1: mov eax, dword [esp + (8)0x ] 0x400da0d5: 0x400da0d6: 0x400da0d7: 0x400da0cd: 0x400da0cf: 0x400da0d1: mov eax, dword [esp + (8)0x ] 0x400da0d5: 0x400da0d6: 0x400da0d7: 0x400da0b2: lea esi, dword [esi + ecx + (8)0xffffffff] 0x400f55fd: 0x400f55ff: 0x400f5601: j(le,ng) byte (8)0x x400f5603: mov dword [esi + (8)0x c], eax 0x400f5606: mov edi, dword [esi + (8)0x ] 0x400f5609: 0x400f560b: mov dword [esi + (8)0x ], (32)0x x400f5612: jmp byte (8)0xffffffbc 0x400d8fd4: 0x400d8fd7: 0x400d8fd9: 0x400d8fd1: 0x400d8fd4: 0x400d8fd7: 0x400d8fd9: 0x400d8fdb: 0x400d8fdc: test ch, ch 0x400d8fde: j(e,z) byte (8)0x a 0x400d8fe0: 0x400d8fe1: test ecx, (32)0x00ff0000 0x400d8fe7: 0x400d8fe9: 0x400d8fea: sub eax, dword [esp + (8)0x ] 0x400d8fee: 0x400d8f7c: j(nb,ae) byte (8)0x x400f5630: cmp dword [0x c], (8)0x x400f5638: 0x400f563c: sub dword [esi + (8)0x ], (8)0x x400f5640: j(ne,nz) byte (8)0x e 0x400f5642: add esp, (8)0x x400f5645: 0x400f5647: 0x400f5648: 0x400f5649: 0x400f564a: 0x400f564b: 0x08052c19: 0x08052c1c: 0x08052c1e: mov dword [ebx + (32)0x c], eax 0x08052c24: j(e,z) byte (8)0x b 0x08052c26: cmp eax, (8)0xfffffff5 0x08052c29: j(e,z) byte (8)0x x08052c2b: mov dl, byte [eax + (8)0x b] 0x08052c2e: cmp dl, (8)0x x08052c31: j(le,ng) byte (8)0xffffffdb 0x08052c0e: 0x08052c11: mov eax, dword [edi] 0x08052c13: 0x08052c14: call dword (32)0xffff71c3 0x08049d9c: jmp dword [0x0805a85c] 0x4009dd70: 0x4009dd71: 0x4009dd73: 0x4009dd74: 0x4009dd77: 0x4009dd7e: call dword (32)0xfffe9bce 0x4009e340: 0x4009e341: 0x4009e343: 0x4009e344: 0x4009e345: 0x4009e346: sub esp, (8)0x x4009e349: mov eax, dword [ebp + (8)0x ] 0x4009e34c: call dword (32)0xfffe9600 0x4009e3b1: mov esi, dword [ebp + (8)0x ] 0x4009e3b4: mov edx, dword [ebp + (8)0x ] 0x4009e3b7: mov dword [ebp + (8)0xffffffe0], esi 0x4009e3ba: mov ecx, dword [edx + (8)0x ] 0x4009e3bd: movsx eax, byte [esi] 0x4009e3c0: test byte [ecx + eax*2 + (8)0x ], (8)0x x4009e3c5: j(e,z) byte (8)0x x4009e3e0: mov ecx, dword [ebp + (8)0x ] 0x4009e3e3: movzx edx, byte [ecx] 0x4009e3e6: test dl, dl 0x4009e3e8: j(e,z) dword (32)0x000001ff 0x4009e3ee: mov dword [ebp + (8)0xfffffff0], (32)0x x4009e3f5: cmp dl, (8)0x d 0x4009e3f8: j(e,z) dword (32)0x x4009e3fe: cmp dl, (8)0x b 0x4009e401: j(e,z) dword (32)0x x4009e407: cmp dl, (8)0x x4009e40a: j(e,z) dword (32)0x x4009e410: 0x4009e412: mov eax, (32)0x a 0x4009e417: cmov(e,z) edi, eax 0x4009e41a: mov dword [ebp + (8)0xffffffe0], esi 0x4009e41d: cmp edi, (8)0x a 0x4009e420: mov eax, (32)0x x4009e425: cmov(e,z) eax, dword [ebp + (8)0xffffffcc] 0x4009e429: mov dword [ebp + (8)0xffffffdc], (32)0x x4009e430: 0x4009e432: mov dword [ebp + (8)0xffffffcc], eax 0x4009e435: j(ne,nz) dword (32)0x000001ec 0x4009e43b: movzx ecx, byte [edi + ebx + (32)0xffff736a] 0x4009e443: mov dword [ebp + (8)0xffffffd8], (32)0x x4009e44a: mov edx, dword [ebx + edi*4 + (32)0xffff73a4] 0x4009e451: mov dword [ebp + (8)0xffffffe4], (32)0x x4009e458: mov dword [ebp + (8)0xffffffec], edx 0x4009e45b: mov dword [ebp + (8)0xffffffe8], ecx 0x4009e45e: 0x4009e461: mov byte [ebp + (8)0xffffffc7], al 0x4009e464: 0x4009e466: j(e,z) dword (32)0x c 0x4009e46c: lea esi, dword [esi + (8)0x ] 0x4009e470: cmp esi, dword [ebp + (8)0xffffffdc] 0x4009e473: j(e,z) dword (32)0x f 0x4009e479: movzx eax, byte [ebp + (8)0xffffffc7] 0x4009e47d: 0x4009e47f: 0x4009e481: 0x4009e4d5: mov byte [ebp + (8)0xffffffc7], al 0x4009e4d8: movzx eax, byte [ebp + (8)0xffffffc7] 0x4009e4dc: cmp eax, edi 0x4009e4de: j(nl,ge) byte (8)0x x4009e4e0: mov edx, dword [ebp + (8)0xffffffec] 0x4009e4e3: cmp dword [ebp + (8)0xffffffe4], edx 0x4009e4e6: j(nbe,a) byte (8)0x x4009e4e8: j(e,z) byte (8)0x x4009e4ea: movzx eax, byte [ebp + (8)0xffffffc7] 0x4009e4ee: mov ecx, dword [ebp + (8)0xffffffe4] 0x4009e4f1: imul ecx, edi 0x4009e4f4: add ecx, eax 0x4009e4f6: mov dword [ebp + (8)0xffffffe4], ecx 0x4009e4f9: 0x4009e4fa: 0x4009e4fd: 0x4009e4ff: mov byte [ebp + (8)0xffffffc7], al 0x4009e502: j(ne,nz) dword (32)0xffffff68 0x4009e508: cmp esi, dword [ebp + (8)0xffffffe0] 0x4009e50b: j(e,z) dword (32)0x000000dc 0x4009e511: mov eax, dword [ebp + (8)0x c] 0x4009e514: 0x4009e516: j(e,z) byte (8)0x x4009e562: 0x4009e564: 0x4009e567: cmp edi, (8)0x x4009e56a: 0x4009e56d: 0x4009e56f: 0x4009e571: j(e,z) byte (8)0x x4009e51d: mov edi, dword [ebp + (8)0xffffffd8] 0x4009e520: 0x4009e522: j(ne,nz) dword (32)0x000001bc 0x4009e528: mov eax, dword [ebp + (8)0xffffffe4] 0x4009e52b: mov esi, dword [ebp + (8)0xfffffff0] 0x4009e52e: neg eax 0x4009e530: 0x4009e532: cmov(e,z) eax, dword [ebp + (8)0xffffffe4] 0x4009e536: add esp, (8)0x x4009e539: 0x4009e53a: 0x4009e53b: 0x4009e53c: 0x4009e53d: 0x4009ddb6: add esp, (8)0x x4009ddb9: 0x4009ddba: 0x4009ddbb: 0x4009e470: cmp esi, dword [ebp + (8)0xffffffdc] 0x4009e473: j(e,z) dword (32)0x f 0x4009e479: movzx eax, byte [ebp + (8)0xffffffc7] 0x4009e47d: 0x4009e47f: 0x4009e481: 0x4009e53e: cmp eax, dword [ebp + (8)0xffffffe8] 0x4009e541: j(be,na) byte (8)0xffffffa7 0x08052c47: 0x08052c48: pop edx 0x08052c49: mov dword [ebp + (32)0x000001d0], eax 0x08052c4f: mov dword [ebp + (8)0x ], eax 0x08052c52: mov dword [esi], (32)0x6f72702f 0x08052c58: mov word [esi + (8)0x ], (16)0x00002f63 0x08052c5e: mov ecx, dword [ebx + (32)0x c] 0x08052c64: lea edx, dword [esi + (8)0x ] 0x08052c67: add ecx, (8)0x b 0x08052c6a: 0x08052c6b: 0x08052c6c: call dword (32)0xffff71bb 0x400bd529: jmp dword (32)0xfffffeee 0x08049e2c: jmp dword [0x0805a880] 0x400d8a20: 0x400d8a21: 0x400d8a23: 0x400d8a24: mov esi, dword [ebp + (8)0x ] 0x400d8a27: mov edx, dword [ebp + (8)0x c] 0x400d8a2a: 0x400d8a2c: sub eax, edx 0x400d8a2e: lea ecx, dword [eax + (8)0xffffffff] 0x400d8a31: jmp byte (8)0x d 0x400d8a40: movzx eax, byte [edx] 0x400d8a43: inc edx 0x400d8a44: 0x400d8a46: mov byte [ecx + edx], al 0x400d8a49: j(ne,nz) byte (8)0xfffffff5 0x08052c71: mov eax, (32)0x x08052c76: 0x08052c79: 0x08052c7c: 0x08052c7d: 0x08052c7e: 0x08052c7f: 0x08052c80: 0x080536d6: 0x080536d9: 0x080536db: j(ne,nz) byte (8)0xffffffe4 0x080536c1: 0x080536c2: 0x080536c3: 0x080536c4: 0x080536c5: call dword [edi + (8)0x ] 0x08052e10: 0x08052e11: 0x08052e12: 0x08052e13: 0x08052e14: sub esp, (8)0x x08052e17: 0x08052e1c: 0x08052e1d: add ebx, (32)0x000078dc 0x08052e23: lea edx, dword [ebx + (32)0x ] 0x08052e29: mov edi, dword [esp + (8)0x ] 0x08052e2d: mov ebp, dword [esp + (8)0x ] 0x08052e31: mov eax, dword [edi + (8)0x ] 0x08052e34: lea ecx, dword [edi + (8)0x c] 0x08052e37: mov dword [esp + (8)0x c], ecx 0x08052e3b: mov dword [esp + (8)0x ], eax 0x08052e3f: 0x08052e40: mov edx, dword [esp + (8)0x ] 0x08052e44: 0x08052e45: push (8)0x x08052e47: call dword (32)0xffff6c10 0x08049a5c: jmp dword [0x0805a78c] 0x4011b7e0: 0x4011b7e1: 0x4011b7e3: sub esp, (8)0x c 0x4011b7e6: mov dword [ebp + (8)0xfffffffc], edi 0x4011b7e9: mov edi, dword [ebp + (8)0x ] 0x4011b7ec: mov edx, dword [ebp + (8)0x c] 0x4011b7ef: mov dword [ebp + (8)0xfffffff4], ebx 0x4011b7f2: call dword (32)0xfff6c15a 0x4011b863: mov eax, dword [ebp + (8)0x ] 0x4011b866: mov dword [esp + (8)0x ], esi 0x4011b86a: 0x4011b86d: mov dword [esp + (8)0x ], eax 0x4011b871: call dword (32)0x a 0x40121af0: 0x40121af1: 0x40121af3: 0x40121af6: mov dword [esp], ebx 0x40121af9: mov dword [esp + (8)0x ], esi 0x40121afd: mov dword [esp + (8)0x ], edi 0x40121b01: mov eax, dword [ebp + (8)0x ] 0x40121b04: call dword (32)0xfff65e48 0x40121b41: mov ecx, dword [ebp + (8)0x c] 0x40121b44: mov eax, dword [ecx] 0x40121b46: mov edx, dword [ecx + (8)0x ] 0x40121b49: mov ecx, dword [ebp + (8)0x ] 0x40121b4c: mov dword [ecx], eax 0x40121b4e: mov eax, dword [ebp + (8)0x c] 0x40121b51: mov dword [ecx + (8)0x ], edx 0x40121b54: mov word [ecx + (8)0x ], (16)0x x40121b5a: mov edi, dword [eax + (8)0x c] 0x40121b5d: mov esi, dword [eax + (8)0x ] 0x40121b60: mov edx, edi 0x40121b62: or edx, esi 0x40121b64: j(ne,nz) dword (32)0x000000d6 0x40121c40: mov ecx, dword [ebp + (8)0x c] 0x40121c43: mov edx, dword [ebp + (8)0x ] 0x40121c46: mov eax, dword [ecx + (8)0x ] 0x40121c49: mov dword [edx + (8)0x c], eax 0x40121c4c: mov eax, dword [edx + (8)0x c] 0x40121c4f: 0x40121c51: mov ecx, edx 0x40121c53: xor ecx, edi 0x40121c55: xor eax, esi 0x40121c57: or ecx, eax 0x40121c59: j(e,z) dword (32)0xffffff14 0x40121b73: mov edx, dword [ebp + (8)0x c] 0x40121b76: mov ecx, dword [ebp + (8)0x ] 0x40121b79: mov eax, dword [edx + (8)0x ] 0x40121b7c: mov dword [ecx + (8)0x ], eax 0x40121b7f: mov eax, dword [edx + (8)0x ] 0x40121b82: mov dword [ecx + (8)0x ], eax 0x40121b85: mov eax, dword [edx + (8)0x ] 0x40121b88: mov dword [ecx + (8)0x ], eax 0x40121b8b: mov eax, dword [edx + (8)0x c] 0x40121b8e: mov dword [ecx + (8)0x c], eax 0x40121b91: mov ecx, dword [ebp + (8)0x ] 0x40121b94: mov eax, dword [edx + (8)0x ] 0x40121b97: mov edx, dword [edx + (8)0x ] 0x40121b9a: mov word [ecx + (8)0x ], (16)0x x40121ba0: mov dword [ecx + (8)0x ], eax 0x40121ba3: mov dword [ecx + (8)0x ], edx 0x40121ba6: mov edx, dword [ebp + (8)0x c] 0x40121ba9: mov eax, dword [edx + (8)0x c] 0x40121bac: mov dword [ecx + (8)0x c], eax 0x40121baf: 0x40121bb1: 0x40121bb3: mov eax, dword [edx + (8)0x c] 0x40121bb6: sar edi, (8)0x f 0x40121bb9: mov edx, dword [edx + (8)0x ] 0x40121bbc: mov ecx, edi 0x40121bbe: xor eax, esi 0x40121bc0: 0x40121bc2: or ecx, eax 0x40121bc4: j(ne,nz) dword (32)0x x40121bca: mov edx, dword [ebp + (8)0x c] 0x40121bcd: mov ecx, dword [ebp + (8)0x ] 0x40121bd0: mov eax, dword [edx + (8)0x ] 0x40121bd3: mov dword [ecx + (8)0x ], eax 0x40121bd6: mov eax, dword [edx + (8)0x ] 0x40121bd9: 0x40121bdb: mov dword [ecx + (8)0x ], eax 0x40121bde: 0x40121be0: mov eax, dword [edx + (8)0x ] 0x40121be3: mov edx, dword [edx + (8)0x c] 0x40121be6: sar edi, (8)0x f 0x40121be9: mov ecx, edi 0x40121beb: xor eax, esi 0x40121bed: 0x40121bef: or ecx, eax 0x40121bf1: j(ne,nz) byte (8)0x c 0x40121bf3: mov edx, dword [ebp + (8)0x c] 0x40121bf6: mov ecx, dword [ebp + (8)0x ] 0x40121bf9: mov eax, dword [edx + (8)0x ] 0x40121bfc: mov dword [ecx + (8)0x ], eax 0x40121bff: mov eax, dword [edx + (8)0x ] 0x40121c02: mov dword [ecx + (8)0x c], eax 0x40121c05: mov eax, dword [edx + (8)0x ] 0x40121c08: mov dword [ecx + (8)0x ], eax 0x40121c0b: mov eax, dword [edx + (8)0x c] 0x40121c0e: mov dword [ecx + (8)0x ], eax 0x40121c11: mov eax, dword [edx + (8)0x ] 0x40121c14: mov dword [ecx + (8)0x ], eax 0x40121c17: mov eax, dword [edx + (8)0x ] 0x40121c1a: mov dword [ecx + (8)0x ], (32)0x x40121c21: mov dword [ecx + (8)0x ], (32)0x x40121c28: mov dword [ecx + (8)0x c], eax 0x40121c2b: 0x40121c2d: mov ebx, dword [esp] 0x40121c30: mov esi, dword [esp + (8)0x ] 0x40121c34: mov edi, dword [esp + (8)0x ] 0x40121c38: 0x40121c3a: 0x40121c3b: 0x4011b876: mov ebx, dword [ebp + (8)0xfffffff4] 0x4011b879: mov esi, dword [ebp + (8)0xfffffff8] 0x4011b87c: mov edi, dword [ebp + (8)0xfffffffc] 0x4011b87f: 0x4011b881: 0x4011b882: 0x08052e4c: 0x08052e4f: 0x08052e50: j(e,z) byte (8)0x e 0x08052e52: test dword [esp + (8)0x ], (32)0x x08052e5a: j(e,z) byte (8)0x x08052ea0: mov esi, dword [ebx + (32)0x000053a0] 0x08052ea6: mov dword [ebp + (32)0x000001d8], esi 0x08052eac: mov esi, dword [ebx + (32)0x000053a4] 0x08052eb2: mov dword [ebp + (32)0x000001dc], esi 0x08052eb8: test byte [esp + (8)0x ], (8)0x x08052ebd: j(ne,nz) byte (8)0x x08052f35: 0x08052f38: lea ecx, dword [ebx + (32)0x000053e8] 0x08052f3e: lea edx, dword [ebx + (32)0xffffd227] 0x08052f44: push (32)0x x08052f49: mov eax, dword [esp + (8)0x ] 0x08052f4d: call dword (32)0xffffecbe 0x08051c10: 0x08051c11: 0x08051c12: 0x08051c13: 0x08051c14: 0x08051c17: 0x08051c1c: 0x08051c1d: add ebx, (32)0x00008adc 0x08051c23: lea edi, dword [ebx + (32)0x00003f08] 0x08051c29: mov ebp, ecx 0x08051c2b: 0x08051c2c: lea edx, dword [ebx + (32)0xffffe9b6] 0x08051c32: 0x08051c33: 0x08051c34: 0x08051c35: call dword (32)0xffff8182 0x08049dbc: jmp dword [0x0805a864] 0x400b4800: 0x400b4801: 0x400b4803: lea eax, dword [ebp + (8)0x ] 0x400b4806: 0x400b4807: 0x400b480a: mov dword [esp + (8)0x ], eax 0x400b480e: mov eax, dword [ebp + (8)0x c] 0x400b4811: call dword (32)0xfffd313b 0x400c7070: 0x400c7071: 0x400c7073: 0x400c7075: sub esp, (32)0x000000c0 0x400c707b: mov dword [ebp + (8)0xfffffffc], edi 0x400c707e: mov edi, (32)0xffffffff 0x400c7083: mov dword [ebp + (8)0xfffffff4], ebx 0x400c7086: mov ecx, (32)0x x400c708b: mov dword [ebp + (8)0xfffffff8], esi 0x400c708e: mov esi, dword [ebp + (8)0x ] 0x400c7091: mov dword [ebp + (8)0xffffff9c], (32)0x x400c7098: mov dword [esp + (8)0x ], eax 0x400c709c: 0x400c709e: mov dword [esp + (8)0x ], edi 0x400c70a2: lea edi, dword [ebp + (32)0xffffff54] 0x400c70a8: call dword (32)0xfffc08a4 0x400d0630: 0x400d0631: 0x400d0633: 0x400d0636: mov dword [ebp + (8)0xfffffff4], ebx 0x400d0639: mov eax, dword [ebp + (8)0x c] 0x400d063c: mov dword [ebp + (8)0xfffffff8], esi 0x400d063f: mov esi, dword [ebp + (8)0x ] 0x400d0642: mov dword [ebp + (8)0xfffffffc], edi 0x400d0645: mov edi, dword [ebp + (8)0x ] 0x400d0648: mov dword [esp + (8)0x ], eax 0x400d064c: mov eax, dword [ebp + (8)0x ] 0x400d064f: call dword (32)0xfffb72fd 0x400d0580: 0x400d0581: 0x400d0583: 0x400d0584: sub esp, (8)0x x400d0587: mov edx, dword [ebp + (8)0x c] 0x400d058a: mov eax, dword [ebp + (8)0x ] 0x400d058d: or edx, (32)0xfbad0000 0x400d0593: mov dword [eax], edx 0x400d0595: mov edx, dword [eax + (8)0x ] 0x400d0598: mov dword [eax + (8)0x c], (32)0x x400d059f: mov dword [eax + (8)0x c], (32)0x x400d05a6: 0x400d05a8: mov dword [eax + (8)0x ], (32)0x x400d05af: mov dword [eax + (8)0x c], (32)0x x400d05b6: mov dword [eax + (8)0x ], (32)0x x400d05bd: mov dword [eax + (8)0x ], (32)0x x400d05c4: mov dword [eax + (8)0x ], (32)0x x400d05cb: mov dword [eax + (8)0x ], (32)0x x400d05d2: mov dword [eax + (8)0x ], (32)0x x400d05d9: mov dword [eax + (8)0x ], (32)0x x400d05e0: mov dword [eax + (8)0x ], (32)0x x400d05e7: mov dword [eax + (8)0x ], (32)0x x400d05ee: mov dword [eax + (8)0x c], (32)0x x400d05f5: mov dword [eax + (8)0x ], (32)0x x400d05fc: mov word [eax + (8)0x ], (16)0x x400d0602: mov byte [eax + (8)0x ], (8)0x x400d0606: j(e,z) byte (8)0x e 0x400d0626: 0x400d0629: 0x400d062a: 0x400d062b: 0x400d0662: mov eax, dword [ebp + (8)0x ] 0x400d0665: 0x400d0667: mov dword [eax + (8)0x c], esi 0x400d066a: j(s) byte (8)0x x400d06c4: mov ebx, dword [ebp + (8)0xfffffff4] 0x400d06c7: mov esi, dword [ebp + (8)0xfffffff8] 0x400d06ca: mov edi, dword [ebp + (8)0xfffffffc] 0x400d06cd: 0x400d06cf: 0x400d06d0: 0x400c70c3: lea eax, dword [ebx + (32)0xfffffc8c] 0x400c70c9: 0x400c70ce: mov dword [ebp + (8)0xffffffe8], eax 0x400c70d1: mov dword [esp + (8)0x c], esi 0x400c70d5: mov dword [esp + (8)0x ], edx 0x400c70d9: mov dword [esp + (8)0x ], esi 0x400c70dd: 0x400c70e0: call dword (32)0x0000afdb 0x400c7179: lea eax, dword [ebx + (32)0xfffffc8c] 0x400c717f: 0x400c7181: 0x400c7183: mov dword [ebp + (8)0xffffffec], eax 0x400c7186: mov dword [esp + (8)0x c], ecx 0x400c718a: mov dword [esp + (8)0x ], edx 0x400c718e: mov eax, dword [ebp + (8)0x ] 0x400c7191: 0x400c7194: mov dword [esp + (8)0x ], eax 0x400c7198: call dword (32)0x0000af23 0x400d20c0: 0x400d20c1: 0x400d20c3: sub esp, (8)0x c 0x400d20c6: mov dword [ebp + (8)0xfffffff4], ebx 0x400d20c9: mov eax, dword [ebp + (8)0x ] 0x400d20cc: call dword (32)0xfffb5880 0x400d1500: 0x400d1501: 0x400d1503: sub esp, (8)0x x400d1506: mov dword [ebp + (8)0xfffffffc], esi 0x400d1509: mov esi, dword [ebp + (8)0x ] 0x400d150c: mov dword [ebp + (8)0xfffffff8], ebx 0x400d150f: call dword (32)0xfffb643d 0x400d2141: 0x400d2143: mov dword [esp + (8)0x ], ecx 0x400d2147: mov eax, dword [ebp + (8)0x c] 0x400d214a: 0x400d214d: call dword (32)0x00008d1e 0x400d1580: mov edx, dword [esi] 0x400d1582: jmp byte (8)0xffffffa4 0x400d1550: or edx, (8)0x x400d1553: mov dword [esi], edx 0x400d1555: mov ebx, dword [ebp + (8)0xfffffff8] 0x400d1558: mov esi, dword [ebp + (8)0xfffffffc] 0x400d155b: 0x400d155d: 0x400d155e: 0x400d1528: mov eax, dword [ebp + (8)0x c] 0x400d152b: mov dword [esi + (8)0x c], eax 0x400d152e: mov eax, dword [ebp + (8)0x ] 0x400d1531: mov dword [esi + (8)0x ], eax 0x400d1534: mov eax, dword [ebp + (8)0x ] 0x400d1537: 0x400d1539: j(e,z) byte (8)0x x400d210d: mov eax, dword [ebp + (8)0x c] 0x400d2110: mov dword [edi + (8)0x ], eax 0x400d2113: mov dword [edi + (8)0x c], eax 0x400d2116: mov dword [edi + (8)0x ], eax 0x400d2119: mov eax, dword [ebp + (8)0x ] 0x400d211c: 0x400d211e: j(e,z) byte (8)0x x400d2120: mov edx, dword [ebp + (8)0x ] 0x400d2123: mov dword [edi + (8)0x ], esi 0x400d2126: mov dword [edi + (8)0x ], edx 0x400d2129: mov dword [edi + (8)0x ], edx 0x400d212c: 0x400d212e: mov dword [edi + (32)0x ], eax 0x400d2134: mov ebx, dword [ebp + (8)0xfffffff4] 0x400d2137: mov esi, dword [ebp + (8)0xfffffff8] 0x400d213a: mov edi, dword [ebp + (8)0xfffffffc] 0x400d213d: 0x400d213f: 0x400d2140: 0x400d1728: mov dword [esi + (8)0x ], (32)0x x400d172f: mov edx, esi 0x400d1731: mov dword [esi + (8)0x ], (32)0x x400d1738: mov dword [esi + (8)0x ], (32)0x x400d173f: mov dword [esi + (8)0x ], (32)0x x400d1746: mov dword [esi + (8)0x ], (32)0x x400d174d: mov dword [esi + (8)0x c], (32)0x x400d1754: mov ebx, dword [ebp + (8)0xfffffff4] 0x400d1757: 0x400d1759: mov esi, dword [ebp + (8)0xfffffff8] 0x400d175c: mov edi, dword [ebp + (8)0xfffffffc] 0x400d175f: 0x400d1761: 0x400d1762: 0x400c70e5: mov eax, dword [ebp + (8)0x ] 0x400c70e8: mov dword [esp + (8)0x ], eax 0x400c70ec: mov eax, dword [ebp + (8)0x c] 0x400c70ef: 0x400c70f2: mov dword [esp + (8)0x ], eax 0x400c70f6: call dword (32)0xfffe5315 0x400d2156: mov eax, dword [ebp + (8)0x c] 0x400d2159: mov dword [edi + (8)0x ], esi 0x400d215c: mov dword [edi + (8)0x ], eax 0x400d215f: mov dword [edi + (8)0x ], eax 0x400d2162: 0x400d2164: mov dword [edi + (32)0x ], eax 0x400d216a: mov ebx, dword [ebp + (8)0xfffffff4] 0x400d216d: mov esi, dword [ebp + (8)0xfffffff8] 0x400d2170: mov edi, dword [ebp + (8)0xfffffffc] 0x400d2173: 0x400d2175: 0x400d2176: 0x400ac410: 0x400ac411: 0x400ac413: 0x400ac414: 0x400ac415: xor esi, esi 0x400ac417: 0x400ac418: sub esp, (32)0x000005e8 0x400ac41e: 0x400ac425: call dword (32)0xfffdb527 0x400ac474: 0x400ac475: 0x400ac47a: j(ne,nz) byte (8)0x f 0x400ac47c: mov esi, dword [ebp + (8)0x ] 0x400ac47f: 0x400ac481: test al, (8)0x x400ac483: j(ne,nz) dword (32)0x00002b9a 0x400ac489: 0x400ac48b: j(e,z) dword (32)0x00002f5c 0x400ac491: mov edx, dword [ebp + (8)0x ] 0x400ac494: cmp byte [edx + (8)0x ], (8)0x x400ac498: j(ne,nz) byte (8)0x e 0x400ac49a: mov eax, dword [ebx + (32)0xffffffbc] 0x400ac4a0: 0x400ac4a2: j(e,z) dword (32)0x00002b62 0x400ac4a8: mov eax, dword [edx + (8)0x c] 0x400ac4ab: 0x400ac4ad: j(ne,nz) byte (8)0x c 0x400ac4bb: 0x400ac4bc: 0x400ac4c1: j(ne,nz) byte (8)0x x400ac4c3: mov esi, dword [ebp + (8)0x ] 0x400ac4c6: 0x400ac4c8: test al, (8)0x x400ac4ca: j(e,z) byte (8)0x x400ac4e5: mov eax, (32)0xffffffff 0x400ac4ea: lea edx, dword [ebp + (32)0xfffffbbc] 0x400ac4f0: xor esi, esi 0x400ac4f2: mov dword [ebp + (32)0xfffffb54], eax 0x400ac4f8: mov eax, dword [ebp + (8)0x ] 0x400ac4fb: mov dword [ebp + (32)0xfffffb34], edx 0x400ac501: mov dword [ebp + (32)0xfffffb40], eax 0x400ac507: 0x400ac509: mov dword [ebp + (32)0xfffffb3c], eax 0x400ac50f: 0x400ac511: mov dword [ebp + (32)0xfffffbbc], eax 0x400ac517: 0x400ac519: mov dword [ebp + (32)0xfffffbc0], eax 0x400ac51f: mov dword [esp + (8)0x ], edx 0x400ac523: 0x400ac526: call dword (32)0x x400c38c0: 0x400c38c1: 0x400c38c3: 0x400c38c4: 0x400c38c5: 0x400c38c6: 0x400c38c9: mov esi, dword [ebp + (8)0x ] 0x400c38cc: call dword (32)0xfffc4080 0x400c3950: 0x400c3953: 0x400c3955: 0x400c3956: 0x400c3957: 0x400c3958: 0x400c3959: 0x400c3904: mov dword [edi], (32)0x x400c390a: test byte [esi], (8)0x x400c390d: j(e,z) byte (8)0xffffffe1 0x400ac52b: mov dword [ebp + (32)0xfffffb4c], eax 0x400ac531: mov ecx, dword [ebp + (8)0x ] 0x400ac534: mov dword [ebp + (32)0xfffffbb4], eax 0x400ac53a: mov dword [ebp + (32)0xfffffb30], esi 0x400ac540: movzx edx, dword [ecx] 0x400ac543: 0x400ac545: 0x400ac54a: 0x400ac54d: j(ne,nz) byte (8)0x f 0x400ad899: mov dword [ebp + (32)0xfffffbb4], eax 0x400ad89f: mov ecx, dword [ebp + (8)0x ] 0x400ad8a2: 0x400ad8a4: sub edx, esi 0x400ad8a6: movsx eax, byte [ecx + (8)0x ] 0x400ad8aa: mov eax, dword [eax + ecx + (32)0x ] 0x400ad8b1: mov dword [esp + (8)0x ], edx 0x400ad8b5: 0x400ad8b8: mov dword [esp + (8)0x ], esi 0x400ad8bc: call dword [eax + (8)0x c] 0x400c3957: 0x400ac57e: 0x400ac580: 0x400ac585: 0x400ac588: j(ne,nz) byte (8)0x a 0x400ac5c4: mov edx, dword [ebp + (8)0x ] 0x400ac5c7: mov esi, dword [ebp + (32)0xfffffb4c] 0x400ac5cd: movsx eax, byte [edx + (8)0x ] 0x400ac5d1: sub esi, edi 0x400ac5d3: mov eax, dword [eax + edx + (32)0x ] 0x400ac5da: 0x400ac5dd: mov dword [esp + (8)0x ], esi 0x400ac5e1: mov dword [esp + (8)0x ], edi 0x400ac5e5: call dword [eax + (8)0x c] 0x400d1060: 0x400d1061: 0x400d1063: 0x400d1064: 0x400d1065: sub esp, (8)0x x400d1068: mov eax, dword [ebp + (8)0x ] 0x400d106b: mov esi, dword [ebp + (8)0x ] 0x400d106e: mov edi, dword [ebp + (8)0x c] 0x400d1071: mov dword [ebp + (8)0xfffffff4], eax 0x400d1074: 0x400d1076: 0x400d1078: j(e,z) dword (32)0x d 0x400d111b: 0x400d111e: 0x400d111f: 0x400d1120: 0x400d1121: 0x400d10b0: movzx eax, byte [edi] 0x400d10b3: 0x400d10b4: mov byte [ecx], al 0x400d10b6: inc ecx 0x400d10b7: dec edx 0x400d10b8: j(ns) byte (8)0xfffffff6 0x400d10e0: sub dword [ebp + (8)0xfffffff4], esi 0x400d10e3: mov ecx, dword [ebp + (8)0xfffffff4] 0x400d10e6: 0x400d10e8: j(e,z) byte (8)0x x400ac5e8: 0x400ac5ed: mov dword [ebp + (32)0xfffffb50], edx 0x400ac5f3: cmp eax, esi 0x400ac5f5: j(ne,nz) dword (32)0x x400ac5fb: mov dword [ebp + (32)0xfffffb50], eax 0x400ac601: mov edx, dword [ebp + (32)0xfffffbb4] 0x400ac607: cmp byte [edx], (8)0x x400ac60a: j(e,z) dword (32)0x x400ac610: lea ecx, dword [ebp + (8)0xffffffec] 0x400ac613: lea esi, dword [ebx + (32)0xfff27b4f] 0x400ac619: mov dword [ebp + (32)0xfffffa38], ecx 0x400ac61f: mov dword [ebp + (32)0xfffffa34], esi 0x400ac625: lea esi, dword [esi + (8)0x ] 0x400ac629: lea edi, dword [edi + (32)0x ] 0x400ac630: mov byte [ebp + (32)0xfffffaf3], (8)0x x400ac637: 0x400ac639: 0x400ac63b: mov dword [ebp + (32)0xfffffb20], eax 0x400ac641: 0x400ac643: xor esi, esi 0x400ac645: mov dword [ebp + (32)0xfffffb1c], eax 0x400ac64b: 0x400ac64d: 0x400ac64f: mov dword [ebp + (32)0xfffffb18], eax 0x400ac655: 0x400ac657: mov dword [ebp + (32)0xfffffb08], eax 0x400ac65d: 0x400ac65f: mov dword [ebp + (32)0xfffffb04], eax 0x400ac665: 0x400ac667: mov dword [ebp + (32)0xfffffb14], edi 0x400ac66d: 0x400ac66f: mov dword [ebp + (32)0xfffffb00], eax 0x400ac675: 0x400ac677: mov dword [ebp + (32)0xfffffafc], eax 0x400ac67d: mov eax, (32)0xffffffff 0x400ac682: mov dword [ebp + (32)0xfffffb48], edi 0x400ac688: mov edi, dword [ebp + (32)0xfffffa38] 0x400ac68e: mov dword [ebp + (32)0xfffffaf8], eax 0x400ac694: 0x400ac696: mov dword [ebp + (32)0xfffffaf4], eax 0x400ac69c: 0x400ac69e: inc edx 0x400ac69f: mov dword [ebp + (32)0xfffffbb4], edx 0x400ac6a5: 0x400ac6a7: mov dword [ebp + (32)0xfffffb10], esi 0x400ac6ad: mov dword [ebp + (32)0xfffffb0c], ecx 0x400ac6b3: mov dword [ebp + (32)0xfffffb44], edi 0x400ac6b9: movzx eax, byte [eax + (8)0x ] 0x400ac6bd: mov byte [ebp + (32)0xfffffaf2], al 0x400ac6c3: sub al, (8)0x x400ac6c5: cmp al, (8)0x a 0x400ac6c7: j(nbe,a) byte (8)0x x400ac6c9: movsx eax, byte [ebp + (32)0xfffffaf2] 0x400ac6d0: mov eax, dword [ebx + eax*4 + (32)0xfffedf8c] 0x400ac6d7: mov edx, dword [ebx + eax*4 + (32)0xfffee18c] 0x400ac6de: mov ecx, dword [ebp + (32)0xfffffa34] 0x400ac6e4: lea eax, dword [ecx + edx] 0x400ac6e7: 0x400ad8bf: mov edx, dword [ebp + (32)0xfffffbb4] 0x400ad8c5: mov ecx, eax 0x400ad8c7: 0x400ad8c9: sub eax, esi 0x400ad8cb: cmp ecx, eax 0x400ad8cd: j(ne,nz) dword (32)0xffffee3e 0x400ad8d3: add dword [ebp + (32)0xfffffb50], ecx 0x400ad8d9: cmp byte [edx], (8)0x x400ad8dc: j(ne,nz) dword (32)0xffffed4e 0x400ade80: mov eax, dword [ebp + (8)0x ] 0x400ade83: add dword [ebp + (8)0x ], (8)0x x400ade87: mov edi, dword [eax] 0x400ade89: jmp dword (32)0xfffffc05 0x400ae288: mov eax, dword [ebp + (32)0xfffffb0c] 0x400ae28e: mov edx, (32)0x a 0x400ae293: mov dword [ebp + (32)0xfffffb24], edx 0x400ae299: 0x400ae29b: j(e,z) dword (32)0x00000d3b 0x400ada93: 0x400ada95: 0x400ada97: mov dword [ebp + (32)0xfffffae8], edx 0x400ada9d: j(e,z) dword (32)0x00001d15 0x400adaa3: mov eax, dword [ebp + (32)0xfffffb04] 0x400adaa9: 0x400adaab: 0x400adaae: cmp byte [ebp + (32)0xfffffaf2], (8)0x x400adab5: 0x400adab8: 0x400adaba: 0x400adabc: j(e,z) dword (32)0x000010f9 0x400adac2: cmp dword [ebp + (32)0xfffffaf8], (8)0xffffffff 0x400adac9: j(e,z) dword (32)0x00001ebb 0x400af98a: 0x400af98d: call dword (32)0x000295ae 0x400adafd: 0x400adaff: sub dword [ebp + (32)0xfffffafc], esi 0x400adb05: j(s) dword (32)0x00001d95 0x400af8a0: mov edx, dword [ebp + (8)0x ] 0x400af8a3: movsx eax, byte [edx + (8)0x ] 0x400af8a7: mov eax, dword [eax + edx + (32)0x ] 0x400af8ae: mov dword [esp + (8)0x ], esi 0x400af8b2: mov dword [esp + (8)0x ], edi 0x400af8b6: 0x400af8b9: call dword [eax + (8)0x c] 0x400d1113: mov eax, dword [ebp + (8)0x ] 0x400d1116: mov edx, dword [ebp + (8)0xfffffff4] 0x400d1119: sub eax, edx 0x400d111b: 0x400d111e: 0x400d111f: 0x400d1120: 0x400d1121: 0x400af8bc: cmp eax, esi 0x400af8be: j(ne,nz) dword (32)0xffffd95d 0x400af8c4: add dword [ebp + (32)0xfffffb50], esi 0x400af8ca: jmp dword (32)0xffffdf97 0x400ade6d: cmp eax, esi 0x400ade6f: j(e,z) dword (32)0xfffff9eb 0x400ad866: inc dword [ebp + (32)0xfffffb3c] 0x400ad86c: mov ecx, dword [ebp + (32)0xfffffb48] 0x400ad872: 0x400ad874: j(ne,nz) dword (32)0x000007ee 0x400ad87a: mov eax, dword [ebp + (32)0xfffffb34] 0x400ad880: mov dword [esp + (8)0x ], eax 0x400ad884: mov esi, dword [ebp + (32)0xfffffbb4] 0x400ad88a: 0x400ad88b: mov dword [ebp + (32)0xfffffbb4], esi 0x400ad891: 0x400ad894: call dword (32)0x x400c38f0: 0x400c38f1: 0x400c38f4: 0x400c38f6: 0x400c38f9: cmp al, (8)0x x400c38fb: 0x400c38fe: 0x400c3900: 0x400c3902: j(e,z) byte (8)0x c 0x400ac630: mov byte [ebp + (32)0xfffffaf3], (8)0x x400ac637: 0x400ac639: 0x400ac63b: mov dword [ebp + (32)0xfffffb20], eax 0x400ac641: 0x400ac643: xor esi, esi 0x400ac645: mov dword [ebp + (32)0xfffffb1c], eax 0x400ac64b: 0x400ac64d: 0x400ac64f: mov dword [ebp + (32)0xfffffb18], eax 0x400ac655: 0x400ac657: mov dword [ebp + (32)0xfffffb08], eax 0x400ac65d: 0x400ac65f: mov dword [ebp + (32)0xfffffb04], eax 0x400ac665: 0x400ac667: mov dword [ebp + (32)0xfffffb14], edi 0x400ac66d: 0x400ac66f: mov dword [ebp + (32)0xfffffb00], eax 0x400ac675: 0x400ac677: mov dword [ebp + (32)0xfffffafc], eax 0x400ac67d: mov eax, (32)0xffffffff 0x400ac682: mov dword [ebp + (32)0xfffffb48], edi 0x400ac688: mov edi, dword [ebp + (32)0xfffffa38] 0x400ac68e: mov dword [ebp + (32)0xfffffaf8], eax 0x400ac694: 0x400ac696: mov dword [ebp + (32)0xfffffaf4], eax 0x400ac69c: 0x400ac69e: inc edx 0x400ac69f: mov dword [ebp + (32)0xfffffbb4], edx 0x400ac6a5: 0x400ac6a7: mov dword [ebp + (32)0xfffffb10], esi 0x400ac6ad: mov dword [ebp + (32)0xfffffb0c], ecx 0x400ac6b3: mov dword [ebp + (32)0xfffffb44], edi 0x400ac6b9: movzx eax, byte [eax + (8)0x ] 0x400ac6bd: mov byte [ebp + (32)0xfffffaf2], al 0x400ac6c3: sub al, (8)0x x400ac6c5: cmp al, (8)0x a 0x400ac6c7: j(nbe,a) byte (8)0x x400ac6c9: movsx eax, byte [ebp + (32)0xfffffaf2] 0x400ac6d0: mov eax, dword [ebx + eax*4 + (32)0xfffedf8c] 0x400ac6d7: mov edx, dword [ebx + eax*4 + (32)0xfffee18c] 0x400ac6de: mov ecx, dword [ebp + (32)0xfffffa34] 0x400ac6e4: lea eax, dword [ecx + edx] 0x400ac6e7: 0x400ac720: mov ecx, dword [ebp + (8)0x ] 0x400ac723: movzx eax, dword [ecx] 0x400ac726: 0x400ac72b: 0x400ac72e: j(ne,nz) byte (8)0x x400ac760: mov eax, dword [ebp + (32)0xfffffb30] 0x400ac766: 0x400ac768: j(ne,nz) byte (8)0x x400ac76a: mov edx, dword [ebp + (32)0xfffffb50] 0x400ac770: lea esp, dword [ebp + (8)0xfffffff4] 0x400ac773: 0x400ac775: 0x400ac776: 0x400ac777: 0x400ac778: 0x400ac779: 0x400c70fb: 0x400c70fd: mov eax, dword [ebp + (32)0xffffff68] 0x400c7103: cmp eax, dword [ebp + (32)0xffffff6c] 0x400c7109: j(nb,ae) byte (8)0x x400c710b: mov byte [eax], (8)0x x400c710e: 0x400c7110: mov ebx, dword [ebp + (8)0xfffffff4] 0x400c7113: mov esi, dword [ebp + (8)0xfffffff8] 0x400c7116: mov edi, dword [ebp + (8)0xfffffffc] 0x400c7119: 0x400c711b: 0x400c711c: 0x400b482b: 0x400b482e: 0x400b482f: 0x400b4830: 0x08051c3a: 0x08051c3d: push (8)0x x08051c3f: push (8)0x x08051c41: 0x08051c42: call dword (32)0xffff8065 0x4005bb8b: mov esi, dword [ebx + (32)0x00003cc0] 0x4005bb91: mov eax, dword [ebx + (32)0x00003cb8] 0x4005bb97: add eax, esi 0x4005bb99: 0x4005bb9c: call dword (32)0xfffe0c83 0x08049cac: jmp dword [0x0805a820] 0x4011c2c0: cmp dword [0x c], (8)0x x4011c2c8: j(ne,nz) byte (8)0x x4011c2ca: 0x4011c2cb: mov edx, dword [esp + (8)0x ] 0x4011c2cf: mov ecx, dword [esp + (8)0x c] 0x4011c2d3: mov ebx, dword [esp + (8)0x ] 0x4011c2d7: mov eax, (32)0x x4011c2dc: 0x080498dc: jmp dword [0x0805a72c] 0x4011c420: cmp dword [0x c], (8)0x x4011c428: j(ne,nz) byte (8)0x c 0x4011c42a: mov edx, ebx 0x4011c42c: mov ebx, dword [esp + (8)0x ] 0x4011c430: mov eax, (32)0x x4011c435: 0x08051c6c: 0x08051c6f: or eax, (8)0xffffffff 0x08051c72: 0x08051c74: j(le,ng) byte (8)0x x08051c76: mov byte [esi + ebp], (8)0x x08051c7a: 0x08051c7c: 0x08051c7f: 0x08051c80: 0x08051c81: 0x08051c82: 0x08051c83: 0x08052f52: 0x08052f55: 0x08052f56: j(e,z) dword (32)0xffffff34 0x08052f5c: mov edx, ebp 0x08052f5e: lea eax, dword [ebx + (32)0x000053e8] 0x08052f64: call dword (32)0xffffeaa7 0x080531f9: 0x080531fc: 0x080531fd: j(e,z) dword (32)0xfffffcc7 0x : mov edx, ebp 0x : lea eax, dword [ebx + (32)0x000053e8] 0x b: call dword (32)0xffffe9a0 0x08051a10: 0x08051a11: 0x08051a12: 0x08051a13: 0x08051a14: 0x08051a17: mov dword [edx + (32)0x ], (32)0x x08051a21: mov dword [edx + (32)0x000000c8], (32)0xffffffff 0x08051a2b: mov dword [edx + (32)0x000000cc], (32)0xffffffff 0x08051a35: mov dword [edx + (32)0x000001cc], (32)0x x08051a3f: 0x08051a44: 0x08051a45: add ebx, (32)0x00008cb4 0x08051a4b: push (8)0x x08051a4d: 0x08051a4f: 0x08051a50: call dword (32)0xffff7e17 0x c: jmp dword [0x0805a710] 0x400d8840: 0x400d8841: mov eax, dword [esp + (8)0x ] 0x400d8845: mov edx, dword [esp + (8)0x c] 0x400d8849: mov dh, dl 0x400d884b: mov ecx, edx 0x400d884d: shl edx, (8)0x x400d8850: mov dx, cx 0x400d8853: test al, (8)0x x400d8855: j(e,z) byte (8)0x c 0x400d88a3: mov ecx, dword [eax] 0x400d88a5: 0x400d88a7: 0x400d88ac: 0x400d88ae: j(nb,ae) dword (32)0x000000d3 0x400d88b4: 0x400d88b6: 0x400d88bc: 0x400d88bd: j(ne,nz) dword (32)0x000000c4 0x400d8987: 0x400d8989: j(e,z) byte (8)0x a 0x400d898b: cmp cl, dl 0x400d898d: j(e,z) byte (8)0xffffffeb 0x400d898f: 0x400d8990: test ch, ch 0x400d8992: j(e,z) byte (8)0x x400d8994: cmp ch, dl 0x400d8996: j(e,z) byte (8)0xffffffe2 0x400d8998: 0x400d8999: shr ecx, (8)0x x400d899c: 0x400d899e: j(e,z) byte (8)0x x400d8984: 0x400d8987: 0x400d8989: j(e,z) byte (8)0x a 0x400d89a5: 0x400d89a6: 0x08051a55: pop ecx 0x08051a56: 0x08051a57: lea ebp, dword [eax + (8)0x ] 0x08051a5a: push (8)0x x08051a5c: 0x08051a5d: call dword (32)0xffff81ea 0x08049c4c: jmp dword [0x0805a808] 0x400d9300: 0x400d9301: 0x400d9302: 0x400d9304: mov esi, dword [esp + (8)0x c] 0x400d9308: mov ecx, dword [esp + (8)0x ] 0x400d930c: mov ch, cl 0x400d930e: mov edx, ecx 0x400d9310: shl ecx, (8)0x x400d9313: mov cx, dx 0x400d9316: test esi, (32)0x x400d931c: j(e,z) dword (32)0x x400d9322: mov dl, byte [esi] 0x400d9324: cmp cl, dl 0x400d9326: j(ne,nz) byte (8)0x x400d932a: or dl, dl 0x400d932c: j(e,z) dword (32)0x x400d9332: 0x400d9333: test esi, (32)0x x400d9339: j(e,z) byte (8)0x x400d93a3: mov edx, dword [esi] 0x400d93a5: 0x400d93aa: 0x400d93ac: j(nb,ae) dword (32)0x000000da 0x400d93b2: 0x400d93b4: 0x400d93ba: 0x400d93bb: j(ne,nz) dword (32)0x000000cb 0x400d93c1: 0x400d93c3: 0x400d93c8: 0x400d93ca: j(nb,ae) byte (8)0xffffff9e 0x400d9343: or dl, dl 0x400d9345: j(e,z) dword (32)0x b 0x400d934b: 0x400d934c: test esi, (32)0x x400d9352: j(e,z) byte (8)0x f 0x400d9354: mov dl, byte [esi] 0x400d9356: cmp cl, dl 0x400d9358: j(ne,nz) byte (8)0x x400d936a: 0x400d936d: 0x400d9370: 0x400d9373: test edx, (32)0xff x400d9379: j(ne,nz) byte (8)0x e 0x400d937b: lea eax, dword [esi + (8)0x f] 0x400d937e: jmp byte (8)0x x400d9386: 0x400d9389: test edx, (32)0x00ff0000 0x400d938f: 0x400d9391: lea eax, dword [esi + (8)0x e] 0x400d9394: jmp byte (8)0x a 0x400d936d: 0x400d9370: 0x400d9373: test edx, (32)0xff x400d9379: j(ne,nz) byte (8)0x e 0x400d937b: lea eax, dword [esi + (8)0x f] 0x400d937e: jmp byte (8)0x x400d9383: 0x400d9386: 0x400d9389: test edx, (32)0x00ff0000 0x400d938f: 0x400d9391: lea eax, dword [esi + (8)0x e] 0x400d9394: jmp byte (8)0x a 0x400d9380: 0x400d9383: 0x400d9386: 0x400d9389: test edx, (32)0x00ff0000 0x400d938f: 0x400d9391: lea eax, dword [esi + (8)0x e] 0x400d9394: jmp byte (8)0x a 0x400d93a0: add esi, (8)0x x400d93a3: mov edx, dword [esi] 0x400d93a5: 0x400d93aa: 0x400d93ac: j(nb,ae) dword (32)0x000000da 0x400d93b2: 0x400d93b4: 0x400d93ba: 0x400d93bb: j(ne,nz) dword (32)0x000000cb 0x400d93c1: 0x400d93c3: 0x400d93c8: 0x400d93ca: j(nb,ae) byte (8)0xffffff9e 0x400d93cc: 0x400d93ce: 0x400d93d4: 0x400d93d5: j(ne,nz) byte (8)0xffffffa9 0x400d93d7: mov edx, dword [esi + (8)0x ] 0x400d93da: 0x400d93df: 0x400d93e1: j(nb,ae) dword (32)0x000000a2 0x400d93e7: 0x400d93e9: 0x400d93ef: 0x400d93f0: j(ne,nz) dword (32)0x x400d93f6: 0x400d93f8: 0x400d93fd: 0x400d93ff: j(nb,ae) dword (32)0xffffff68 0x400d9405: 0x400d9407: 0x400d940d: 0x400d940e: j(ne,nz) dword (32)0xffffff6f 0x400d9414: mov edx, dword [esi + (8)0x ] 0x400d9417: 0x400d941c: 0x400d941e: j(nb,ae) byte (8)0x x400d9420: 0x400d9422: 0x400d9428: 0x400d9429: j(ne,nz) byte (8)0x b 0x400d942b: 0x400d942d: 0x400d9432: 0x400d9434: j(nb,ae) dword (32)0xffffff36 0x400d943a: 0x400d943c: 0x400d9442: 0x400d9443: j(ne,nz) dword (32)0xffffff3d 0x400d9449: mov edx, dword [esi + (8)0x c] 0x400d944c: 0x400d9451: 0x400d9453: j(nb,ae) byte (8)0x e 0x400d9455: 0x400d9457: 0x400d945d: 0x400d945e: j(ne,nz) byte (8)0x x400d9460: 0x400d9462: 0x400d9467: 0x400d9469: j(nb,ae) dword (32)0xffffff04 0x400d946f: 0x400d9471: 0x400d9477: 0x400d9478: j(e,z) dword (32)0xffffff22 0x400d9486: add esi, (8)0x x400d9489: add esi, (8)0x x400d948c: cmp dl, cl 0x400d948e: j(ne,nz) byte (8)0x x400d9489: add esi, (8)0x x400d948c: cmp dl, cl 0x400d948e: j(ne,nz) byte (8)0x x400d948c: cmp dl, cl 0x400d948e: j(ne,nz) byte (8)0x x400d9483: add esi, (8)0x x400d9486: add esi, (8)0x x400d9489: add esi, (8)0x x400d948c: cmp dl, cl 0x400d948e: j(ne,nz) byte (8)0x x400d9492: test dl, dl 0x400d9494: j(e,z) byte (8)0x x400d9496: cmp dh, cl 0x400d9498: j(ne,nz) byte (8)0x x400d949d: test dh, dh 0x400d949f: j(e,z) byte (8)0x x400d94a1: shr edx, (8)0x x400d94a4: cmp dl, cl 0x400d94a6: j(ne,nz) byte (8)0x x400d94b6: 0x400d94b7: 0x400d94b8: 0x400d94ab: test dl, dl 0x400d94ad: j(e,z) byte (8)0x x08051a62: 0x08051a65: 0x08051a67: sub edi, ebp 0x08051a69: mov dword [esp + (8)0x ], eax 0x08051a6d: cmp edi, (8)0x f 0x08051a70: j(nbe,a) dword (32)0x x08051a76: lea ecx, dword [esi + (32)0x000001ac] 0x08051a7c: 0x08051a7d: 0x08051a7e: 0x08051a7f: 0x08051a80: call dword (32)0xffff8197 0x08049c1c: jmp dword [0x0805a7fc] 0x08049d1c: jmp dword [0x0805a83c] 0x400c27f0: 0x400c27f1: 0x400c27f3: lea eax, dword [ebp + (8)0x ] 0x400c27f6: 0x400c27f7: 0x400c27fa: mov dword [esp + (8)0x ], eax 0x400c27fe: mov eax, dword [ebp + (8)0x c] 0x400c2801: call dword (32)0xfffc514b 0x400c7130: 0x400c7131: 0x400c7133: 0x400c7135: 0x400c7136: mov esi, (32)0x x400c713b: 0x400c713c: sub esp, (32)0x000000b4 0x400c7142: mov dword [ebp + (8)0xffffffa0], (32)0x x400c7149: mov dword [esp + (8)0x ], eax 0x400c714d: 0x400c714f: call dword (32)0xfffc07fd 0x400dae70: 0x400dae71: mov eax, dword [esp + (8)0x ] 0x400dae75: mov edx, dword [esp + (8)0x c] 0x400dae79: mov dh, dl 0x400dae7b: mov ecx, edx 0x400dae7d: shl edx, (8)0x x400dae80: mov dx, cx 0x400dae83: test al, (8)0x x400dae85: j(e,z) byte (8)0x x400dae87: cmp byte [eax], dl 0x400dae89: j(e,z) dword (32)0x000000a5 0x400dae8f: 0x400dae90: test al, (8)0x x400dae92: j(e,z) byte (8)0x c 0x400dae94: cmp byte [eax], dl 0x400dae96: j(e,z) dword (32)0x x400dae9c: 0x400dae9d: test al, (8)0x x400dae9f: 0x400daea1: cmp byte [eax], dl 0x400daea3: j(e,z) dword (32)0x b 0x400daea9: 0x400daeaa: lea esi, dword [esi + (32)0x ] 0x400daeb0: mov ecx, dword [eax] 0x400daeb2: 0x400daeb7: 0x400daeb9: 0x400daebb: j(nb,ae) byte (8)0x x400daebd: 0x400daebf: 0x400daec5: 0x400daec6: j(ne,nz) byte (8)0x x400daec8: mov ecx, dword [eax + (8)0x ] 0x400daecb: 0x400daed0: 0x400daed2: 0x400daed4: j(nb,ae) byte (8)0x x400daed6: 0x400daed8: 0x400daede: 0x400daedf: j(ne,nz) byte (8)0x d 0x400daee1: mov ecx, dword [eax + (8)0x ] 0x400daee4: 0x400daee9: 0x400daeeb: 0x400daeed: j(nb,ae) byte (8)0x c 0x400daeef: 0x400daef1: 0x400daef7: 0x400daef8: j(ne,nz) byte (8)0x x400daefa: mov ecx, dword [eax + (8)0x c] 0x400daefd: 0x400daf02: 0x400daf04: 0x400daf06: j(nb,ae) byte (8)0x x400daf08: 0x400daf0a: 0x400daf10: 0x400daf11: 0x400daf13: add eax, (8)0x x400daf16: jmp byte (8)0xffffff98 0x400daeb0: mov ecx, dword [eax] 0x400daeb2: 0x400daeb7: 0x400daeb9: 0x400daebb: j(nb,ae) byte (8)0x x400daebd: 0x400daebf: 0x400daec5: 0x400daec6: j(ne,nz) byte (8)0x x400daec8: mov ecx, dword [eax + (8)0x ] 0x400daecb: 0x400daed0: 0x400daed2: 0x400daed4: j(nb,ae) byte (8)0x x400daed6: 0x400daed8: 0x400daede: 0x400daedf: j(ne,nz) byte (8)0x d 0x400daee1: mov ecx, dword [eax + (8)0x ] 0x400daee4: 0x400daee9: 0x400daeeb: 0x400daeed: j(nb,ae) byte (8)0x c 0x400daeef: 0x400daef1: 0x400daef7: 0x400daef8: j(ne,nz) byte (8)0x x400daefa: mov ecx, dword [eax + (8)0x c] 0x400daefd: 0x400daf02: 0x400daf04: 0x400daf06: j(nb,ae) byte (8)0x x400daf08: 0x400daf0a: 0x400daf10: 0x400daf11: 0x400daf13: add eax, (8)0x x400daf16: jmp byte (8)0xffffff98 0x400daf1e: 0x400daf21: 0x400daf23: 0x400daf25: 0x400daf26: test ch, ch 0x400daf28: j(e,z) byte (8)0x a 0x400daf2a: 0x400daf2b: test ecx, (32)0x00ff0000 0x400daf31: 0x400daf18: 0x400daf1b: 0x400daf1e: 0x400daf21: 0x400daf23: 0x400daf25: 0x400daf26: test ch, ch 0x400daf28: j(e,z) byte (8)0x a 0x400daf2a: 0x400daf2b: test ecx, (32)0x00ff0000 0x400daf31: 0x400daf21: 0x400daf23: 0x400daf25: 0x400daf26: test ch, ch 0x400daf28: j(e,z) byte (8)0x a 0x400daf2a: 0x400daf2b: test ecx, (32)0x00ff0000 0x400daf31: 0x400daf33: 0x400daf34: 0x400daf35: 0x400daf1b: 0x400daf1e: 0x400daf21: 0x400daf23: 0x400daf34: 0x400daf35: 0x400d2152: 0x400d2154: jmp byte (8)0xffffff9e 0x400d20f4: mov dword [esp + (8)0x ], esi 0x400d20f8: 0x400d20fa: mov dword [esp + (8)0x c], eax 0x400d20fe: mov edx, dword [ebp + (8)0x c] 0x400d2101: 0x400d2104: mov dword [esp + (8)0x ], edx 0x400d2108: call dword (32)0xfffff3f3 0x400c719d: 0x400c719f: mov dword [esp + (8)0x c], eax 0x400c71a3: mov eax, dword [ebp + (8)0x ] 0x400c71a6: mov dword [esp + (8)0x ], eax 0x400c71aa: mov eax, dword [ebp + (8)0x c] 0x400c71ad: 0x400c71b0: mov dword [esp + (8)0x ], eax 0x400c71b4: call dword (32)0xffff1a17 0x400b8bd0: 0x400b8bd1: 0x400b8bd3: 0x400b8bd5: 0x400b8bd6: 0x400b8bd8: 0x400b8bd9: xor esi, esi 0x400b8bdb: 0x400b8bdc: sub esp, (32)0x x400b8be2: 0x400b8be9: mov dword [ebp + (32)0xffffff6c], eax 0x400b8bef: 0x400b8bf1: mov edi, dword [ebp + (8)0x c] 0x400b8bf4: call dword (32)0xfffced58 0x400b8ca1: 0x400b8ca2: 0x400b8ca7: j(ne,nz) dword (32)0x000005e5 0x400b8cad: mov ecx, dword [ebp + (8)0x ] 0x400b8cb0: mov edx, dword [ecx] 0x400b8cb2: and edx, (8)0x x400b8cb5: j(ne,nz) dword (32)0x00001c1a 0x400b8cbb: 0x400b8cbd: j(e,z) dword (32)0x x400b8cc3: mov ecx, dword [ebp + (32)0xffffff54] 0x400b8cc9: mov eax, dword [ecx + (8)0x ] 0x400b8ccc: mov ecx, dword [eax + (8)0x ] 0x400b8ccf: mov dword [ebp + (32)0xffffff28], ecx 0x400b8cd5: mov eax, dword [eax + (8)0x ] 0x400b8cd8: cmp byte [eax], (8)0x x400b8cdb: cmov(ne,nz) edx, eax 0x400b8cde: 0x400b8ce0: mov dword [ebp + (32)0xffffff24], edx 0x400b8ce6: mov edx, dword [ebx + (32)0x00003ac4] 0x400b8cec: 0x400b8cee: 0x400b8cf1: 0x400b8cf3: mov dword [ebp + (32)0xfffffef4], eax 0x400b8cf9: j(ne,nz) dword (32)0x000004c2 0x400b8cff: mov eax, dword [ebx + (32)0xfffffea0] 0x400b8d05: mov edx, dword [ebp + (8)0x ] 0x400b8d08: mov dword [ebp + (8)0xffffffe4], eax 0x400b8d0b: mov dword [ebp + (8)0xffffffe8], edx 0x400b8d0e: mov ecx, dword [ebp + (8)0x ] 0x400b8d11: movzx eax, dword [ecx] 0x400b8d14: 0x400b8d19: 0x400b8d1c: j(ne,nz) byte (8)0x x400b8d55: mov dword [ebp + (8)0xffffff9c], (32)0x x400b8d5c: lea edx, dword [ebp + (8)0xffffff9c] 0x400b8d5f: mov dword [ebp + (32)0xfffffef0], edx 0x400b8d65: mov dword [ebp + (8)0xffffffa0], (32)0x x400b8d6c: movzx eax, byte [edi] 0x400b8d6f: 0x400b8d71: j(e,z) dword (32)0x000004b9 0x400b8d77: mov byte [ebp + (32)0xfffffec3], al 0x400b8d7d: test byte [ebp + (32)0xfffffec3], (8)0x x400b8d84: j(ne,nz) dword (32)0x000000d6 0x400b8d8a: inc dword [ebp + (32)0xffffff70] 0x400b8d90: cmp byte [ebp + (32)0xfffffec3], (8)0x x400b8d97: j(e,z) dword (32)0x x400b9033: 0x400b9035: 0x400b9037: mov dword [ebp + (32)0xffffff5c], eax 0x400b903d: 0x400b903f: mov dword [ebp + (32)0xffffff04], eax 0x400b9045: 0x400b9047: mov dword [ebp + (32)0xfffffeec], eax 0x400b904d: mov eax, dword [ebp + (32)0xffffff70] 0x400b9053: mov dword [ebp + (32)0xfffffef8], edi 0x400b9059: movzx eax, byte [eax] 0x400b905c: mov byte [ebp + (32)0xfffffec3], al 0x400b9062: movzx eax, al 0x400b9065: sub eax, (8)0x x400b9068: cmp eax, (8)0x x400b906b: j(nbe,a) dword (32)0x x400b90fa: cmp byte [ebp + (32)0xfffffec3], (8)0x a 0x400b9101: 0x400b9104: cmp byte [ebp + (32)0xfffffec3], (8)0x x400b910b: 0x400b910e: 0x400b9110: 0x400b9112: j(e,z) dword (32)0x000001b8 0x400b92d0: cmp byte [ebp + (32)0xfffffec3], (8)0x x400b92d7: j(e,z) dword (32)0xfffffe43 0x400b92dd: movzx eax, byte [ebp + (32)0xfffffec3] 0x400b92e4: mov ecx, dword [ebp + (32)0xffffff5c] 0x400b92ea: sub eax, (8)0x x400b92ed: cmp eax, (8)0x x400b92f0: set(be,na) dl 0x400b92f3: or ecx, (8)0x x400b92f6: test dl, (8)0x x400b92f9: cmov(e,z) ecx, dword [ebp + (32)0xffffff5c] 0x400b9300: 0x400b9302: cmp eax, (8)0x x400b9305: mov dword [ebp + (32)0xffffff60], edx 0x400b930b: mov dword [ebp + (32)0xffffff5c], ecx 0x400b9311: j(nbe,a) byte (8)0x x400b9180: or dword [ebp + (32)0xffffff5c], (8)0x x400b9187: jmp byte (8)0xffffffb7 0x400b9385: mov esi, (32)0xffffffff 0x400b938a: mov dword [ebp + (32)0xffffff60], esi 0x400b9390: movsx eax, byte [ebp + (32)0xfffffec3] 0x400b9397: inc dword [ebp + (32)0xffffff70] 0x400b939d: sub eax, (8)0x c 0x400b93a0: cmp eax, (8)0x e 0x400b93a3: j(nbe,a) byte (8)0x b 0x400b93a5: mov eax, dword [ebx + eax*4 + (32)0xfffeea44] 0x400b93ac: add eax, ebx 0x400b93ae: 0x400b93b0: dec dword [ebp + (32)0xffffff70] 0x400b93b6: mov eax, dword [ebp + (32)0xffffff70] 0x400b93bc: movzx eax, byte [eax] 0x400b93bf: mov byte [ebp + (32)0xfffffec3], al 0x400b93c5: cmp byte [ebp + (32)0xfffffec3], (8)0x x400b93cc: j(e,z) dword (32)0xfffffe47 0x400b93d2: inc dword [ebp + (32)0xffffff70] 0x400b93d8: mov ecx, dword [ebp + (32)0xffffff08] 0x400b93de: 0x400b93e0: j(ne,nz) byte (8)0x x400b93e2: cmp byte [ebp + (32)0xfffffec3], (8)0x b 0x400b93e9: 0x400b93ec: cmp byte [ebp + (32)0xfffffec3], (8)0x x400b93f3: 0x400b93f6: 0x400b93f8: 0x400b93fa: j(e,z) dword (32)0x x400b930b: mov dword [ebp + (32)0xffffff5c], ecx 0x400b9504: movzx eax, byte [ebp + (32)0xfffffec3] 0x400b950b: sub eax, (8)0x x400b950e: cmp eax, (8)0x x400b9511: j(nbe,a) dword (32)0xfffffd02 0x400b9517: mov eax, dword [ebx + eax*4 + (32)0xfffeeb00] 0x400b951e: add eax, ebx 0x400b9520: 0x400b941a: 0x400b9421: mov eax, dword [ebx + (32)0xffffff38] 0x400b9427: mov esi, dword [eax + edx] 0x400b942a: mov dword [eax + edx], (32)0x x400b9431: jmp byte (8)0x x400b9585: mov eax, dword [ebp + (32)0xffffff70] 0x400b958b: movzx eax, byte [eax] 0x400b958e: cmp al, (8)0x c 0x400b9590: mov byte [ebp + (32)0xfffffec3], al 0x400b9596: j(e,z) dword (32)0x00001ae2 0x400b959c: or dword [ebp + (32)0xffffff5c], (8)0x x400b95a3: jmp dword (32)0xfffffe1d 0x400b956a: or dword [ebp + (32)0xffffff5c], (8)0x x400b9571: mov ecx, dword [ebp + (32)0xffffff70] 0x400b9577: movzx ecx, byte [ecx] 0x400b957a: mov byte [ebp + (32)0xfffffec3], cl 0x400b9580: jmp dword (32)0xfffffe40 0x400b93ae: 0x400b9dfe: test byte [ebp + (32)0xffffff5c], (8)0x x400b9e05: j(ne,nz) dword (32)0x x400b9e0b: test byte [ebp + (32)0xffffff5c], (8)0x x400b9e12: j(ne,nz) byte (8)0x x400b9e14: mov eax, dword [ebp + (32)0xfffffeec] 0x400b9e1a: 0x400b9e1c: j(ne,nz) dword (32)0x00001fd1 0x400b9e22: mov eax, dword [ebp + (32)0xffffff74] 0x400b9e28: add dword [ebp + (32)0xffffff74], (8)0x x400b9e2f: 0x400b9e31: mov dword [ebp + (32)0xffffff18], eax 0x400b9e37: mov eax, dword [ebp + (32)0xffffff18] 0x400b9e3d: 0x400b9e3f: j(e,z) dword (32)0xfffff3d4 0x400b9e45: cmp dword [ebp + (32)0xffffff64], (8)0xffffffff 0x400b9e4c: j(e,z) dword (32)0x00001f0c 0x400b9e52: mov edx, dword [ebp + (8)0x ] 0x400b9e55: mov eax, dword [edx + (8)0x ] 0x400b9e58: cmp eax, dword [edx + (8)0x ] 0x400b9e5b: j(nb,ae) dword (32)0x00003db7 0x400b9e61: 0x400b9e64: 0x400b9e65: mov edx, dword [ebp + (8)0x ] 0x400b9e68: mov dword [ebp + (32)0xffffff64], ecx 0x400b9e6e: mov dword [edx + (8)0x ], eax 0x400b9e71: cmp dword [ebp + (32)0xffffff64], (8)0xffffffff 0x400b9e78: j(e,z) dword (32)0x00001fef 0x400b9e7e: inc dword [ebp + (32)0xffffff68] 0x400b9e84: mov eax, dword [ebp + (32)0xffffff64] 0x400b9e8a: mov dword [ebp + (32)0xffffff64], eax 0x400b9e90: 0x400b9e91: j(e,z) dword (32)0x00000b43 0x400b9e97: cmp dword [ebp + (32)0xffffff60], (8)0xffffffff 0x400b9e9e: mov eax, (32)0x x400b9ea3: cmov(ne,nz) eax, dword [ebp + (32)0xffffff60] 0x400b9eaa: test byte [ebp + (32)0xffffff5c], (8)0x x400b9eb1: mov dword [ebp + (32)0xffffff60], eax 0x400b9eb7: j(ne,nz) dword (32)0x00000a7f 0x400b9ebd: jmp byte (8)0x x400b9ed2: movzx eax, byte [ebp + (32)0xffffff64] 0x400b9ed9: mov edx, dword [ebp + (32)0xffffff18] 0x400b9edf: mov byte [edx], al 0x400b9ee1: inc edx 0x400b9ee2: dec dword [ebp + (32)0xffffff60] 0x400b9ee8: mov dword [ebp + (32)0xffffff18], edx 0x400b9eee: mov edi, dword [ebp + (32)0xffffff60] 0x400b9ef4: 0x400b9ef6: j(le,ng) dword (32)0x b 0x400bb377: test byte [ebp + (32)0xffffff5c], (8)0x x400bb37e: j(ne,nz) dword (32)0xffffda3f 0x400bb384: inc dword [ebp + (32)0xffffff6c] 0x400bb38a: jmp dword (32)0xffffda34 0x400b8dc3: mov edx, dword [ebp + (32)0xffffff70] 0x400b8dc9: movzx eax, byte [edx] 0x400b8dcc: 0x400b8dce: mov byte [ebp + (32)0xfffffec3], al 0x400b8dd4: j(ne,nz) byte (8)0xffffffa7 0x400b8d7d: test byte [ebp + (32)0xfffffec3], (8)0x x400b8d84: j(ne,nz) dword (32)0x000000d6 0x400b8d8a: inc dword [ebp + (32)0xffffff70] 0x400b8d90: cmp byte [ebp + (32)0xfffffec3], (8)0x x400b8d97: j(e,z) dword (32)0x x400b8d9d: movzx edx, byte [ebp + (32)0xfffffec3] 0x400b8da4: mov ecx, dword [ebp + (32)0xffffff54] 0x400b8daa: mov eax, dword [ecx + (8)0x ] 0x400b8dad: test byte [eax + edx*2 + (8)0x ], (8)0x x400b8db2: j(e,z) dword (32)0x f 0x400b8db8: mov eax, (32)0x x400b8dbd: mov dword [ebp + (32)0xffffff08], eax 0x400b8dc3: mov edx, dword [ebp + (32)0xffffff70] 0x400b8dc9: movzx eax, byte [edx] 0x400b8dcc: 0x400b8dce: mov byte [ebp + (32)0xfffffec3], al 0x400b8dd4: j(ne,nz) byte (8)0xffffffa7 0x400b9230: mov ecx, dword [ebp + (8)0x ] 0x400b9233: movzx eax, dword [ecx] 0x400b9236: 0x400b923b: 0x400b923e: j(ne,nz) byte (8)0x x400b8d90: cmp byte [ebp + (32)0xfffffec3], (8)0x x400b9488: cmp dword [ebp + (32)0xffffff64], (8)0xffffffff 0x400b948f: j(ne,nz) byte (8)0xffffffa2 0x400b9433: mov edx, dword [ebp + (8)0x ] 0x400b9436: mov eax, dword [edx + (8)0x ] 0x400b9439: cmp eax, dword [edx + (8)0x ] 0x400b943c: j(nb,ae) dword (32)0x000010df 0x400b9442: 0x400b9445: 0x400b9446: mov edx, dword [ebp + (8)0x ] 0x400b9449: mov dword [ebp + (32)0xffffff64], ecx 0x400b944f: mov dword [edx + (8)0x ], eax 0x400b9452: cmp dword [ebp + (32)0xffffff64], (8)0xffffffff 0x400b9459: j(e,z) dword (32)0x000000d5 0x400b945f: inc dword [ebp + (32)0xffffff68] 0x400b9465: cmp dword [ebp + (32)0xffffff64], (8)0xffffffff 0x400b946c: j(e,z) dword (32)0x000000b0 0x400b9472: mov ecx, dword [ebp + (32)0xffffff54] 0x400b9478: mov edx, dword [ebp + (32)0xffffff64] 0x400b947e: mov eax, dword [ecx + (8)0x ] 0x400b9481: test byte [eax + edx*2 + (8)0x ], (8)0x x400b9486: j(e,z) byte (8)0x f 0x400b9488: cmp dword [ebp + (32)0xffffff64], (8)0xffffffff 0x400b948f: j(ne,nz) byte (8)0xffffffa2 0x400b94c7: cmp dword [ebp + (32)0xffffff64], (8)0xffffffff 0x400b94ce: 0x400b94d5: mov eax, dword [ebx + (32)0xffffff38] 0x400b94db: mov dword [eax + edx], esi 0x400b94de: j(e,z) byte (8)0x c 0x400b94e0: movzx eax, byte [ebp + (32)0xffffff64] 0x400b94e7: dec dword [ebp + (32)0xffffff68] 0x400b94ed: mov dword [esp + (8)0x ], eax 0x400b94f1: mov ecx, dword [ebp + (8)0x ] 0x400b94f4: 0x400b94f7: call dword (32)0x x400b946c: j(e,z) dword (32)0x000000b0 0x400d0740: 0x400d0741: 0x400d0743: 0x400d0744: sub esp, (8)0x x400d0747: mov esi, dword [ebp + (8)0x ] 0x400d074a: mov edx, dword [ebp + (8)0x c] 0x400d074d: mov eax, dword [esi + (8)0x ] 0x400d0750: cmp eax, dword [esi + (8)0x c] 0x400d0753: j(be,na) byte (8)0x x400d0755: cmp byte [eax + (8)0xffffffff], dl 0x400d0758: j(e,z) byte (8)0x x400b94e7: dec dword [ebp + (32)0xffffff68] 0x400d0780: 0x400d0781: mov dword [esi + (8)0x ], eax 0x400d0784: movzx eax, dl 0x400d0787: jmp byte (8)0xffffffe6 0x400d076f: cmp eax, (8)0xffffffff 0x400d0772: j(e,z) byte (8)0x x400d0774: and dword [esi], (8)0xffffffef 0x400d0777: add esp, (8)0x x400d077a: 0x400d077b: 0x400d077c: 0x400b94fc: 0x400b94fe: mov dword [ebp + (32)0xffffff08], edx 0x400b9504: movzx eax, byte [ebp + (32)0xfffffec3] 0x400b950b: sub eax, (8)0x x400b950e: cmp eax, (8)0x x400b9511: j(nbe,a) dword (32)0xfffffd02 0x400b9517: mov eax, dword [ebx + eax*4 + (32)0xfffeeb00] 0x400b951e: add eax, ebx 0x400b9520: 0x400bd30b: mov edx, dword [ebp + (32)0xfffffefc] 0x400bd311: cmp dword [ebp + (32)0xfffffef8], edx 0x400bd317: j(e,z) dword (32)0x a 0x400bd31d: mov edx, dword [ebp + (32)0xffffff00] 0x400bd323: mov ecx, dword [ebp + (32)0xfffffef8] 0x400bd329: mov byte [ecx + edx], (8)0x x400bd32d: test byte [ebp + (32)0xffffff5c], (8)0x x400bd334: j(e,z) dword (32)0x000000a6 0x400bda8e: test byte [ebp + (32)0xffffff5c], (8)0x x400bda95: j(ne,nz) dword (32)0xffffb328 0x400d077a: 0x400b9df4: mov eax, (32)0x a 0x400b9df9: jmp dword (32)0xfffff828 0x400b99fa: mov eax, (32)0x a 0x400b99ff: mov dword [ebp + (32)0xffffff30], eax 0x400b9a05: jmp byte (8)0xffffffec 0x400b9a07: test byte [ebp + (32)0xffffff5c], (8)0x x400b9a0e: j(ne,nz) dword (32)0x000001af 0x400b9a14: test byte [ebp + (32)0xffffff5c], (8)0x x400b9a1b: j(ne,nz) byte (8)0x x400b9626: mov dword [ebp + (32)0xffffff30], eax 0x400b962c: mov eax, (32)0x x400b9631: mov dword [ebp + (32)0xffffff2c], eax 0x400b9637: cmp dword [ebp + (32)0xffffff64], (8)0xffffffff 0x400b963e: j(e,z) dword (32)0x x400b9644: mov edx, dword [ebp + (8)0x ] 0x400b9647: mov eax, dword [edx + (8)0x ] 0x400b964a: cmp eax, dword [edx + (8)0x ] 0x400b964d: j(nb,ae) dword (32)0x x400b9653: 0x400b9656: 0x400b9657: mov edx, dword [ebp + (8)0x ] 0x400b965a: mov dword [ebp + (32)0xffffff64], ecx 0x400b9660: mov dword [edx + (8)0x ], eax 0x400b9663: cmp dword [ebp + (32)0xffffff64], (8)0xffffffff 0x400b966a: j(e,z) dword (32)0x x400b9670: inc dword [ebp + (32)0xffffff68] 0x400b9676: mov esi, dword [ebp + (32)0xffffff64] 0x400b967c: mov dword [ebp + (32)0xffffff64], esi 0x400b9682: cmp esi, (8)0xffffffff 0x400b9685: j(e,z) dword (32)0x f 0x400b968b: cmp dword [ebp + (32)0xffffff64], (8)0x d 0x400b9692: 0x400b9695: cmp dword [ebp + (32)0xffffff64], (8)0x b 0x400b969c: 0x400b969f: 0x400b96a1: 0x400b96a3: j(e,z) byte (8)0x e 0x400b9723: mov eax, dword [ebp + (32)0xffffff60] 0x400b9729: 0x400b972b: 0x400b972e: cmp dword [ebp + (32)0xffffff64], (8)0x x400b9735: 0x400b9738: 0x400b973a: 0x400b973c: j(e,z) dword (32)0x000000c5 0x400b9742: 0x400b9744: cmp dword [ebp + (32)0xffffff60], (8)0x x400b974b: mov ecx, dword [ebp + (32)0xfffffefc] 0x400b9751: set(nle,g) al 0x400b9754: sub dword [ebp + (32)0xffffff60], eax 0x400b975a: cmp dword [ebp + (32)0xfffffef8], ecx 0x400b9760: j(e,z) dword (32)0x000012bd 0x400b9807: mov esi, dword [ebp + (32)0xffffff30] 0x400b980d: mov eax, (32)0x a 0x400b9812: 0x400b9814: cmov(ne,nz) eax, dword [ebp + (32)0xffffff30] 0x400b981b: mov dword [ebp + (32)0xffffff30], eax 0x400b9821: cmp dword [ebp + (32)0xffffff30], (8)0x a 0x400b9828: j(e,z) dword (32)0x00000ef3 0x400b9663: cmp dword [ebp + (32)0xffffff64], (8)0xffffffff 0x400baa23: add ecx, ecx 0x400baa25: mov eax, (32)0x x400baa2a: mov edx, dword [ebp + (32)0xffffff00] 0x400baa30: cmp ecx, (32)0x000000ff 0x400baa36: cmov(nbe,a) eax, ecx 0x400baa39: mov dword [ebp + (32)0xfffffefc], eax 0x400baa3f: lea eax, dword [eax*4 + (32)0x ] 0x400baa46: sub esp, eax 0x400baa48: lea eax, dword [esp + (8)0x f] 0x400baa4c: and eax, (8)0xfffffff0 0x400baa4f: 0x400baa51: mov dword [ebp + (32)0xffffff00], eax 0x400baa57: j(e,z) dword (32)0xffffed09 0x400b9821: cmp dword [ebp + (32)0xffffff30], (8)0x a 0x400b9828: j(e,z) dword (32)0x00000ef3 0x400b9766: movzx eax, byte [ebp + (32)0xffffff64] 0x400b976d: mov ecx, dword [ebp + (32)0xfffffef8] 0x400b9773: mov edx, dword [ebp + (32)0xffffff00] 0x400b9779: mov byte [ecx + edx], al 0x400b977c: inc ecx 0x400b977d: cmp dword [ebp + (32)0xffffff64], (8)0xffffffff 0x400b9784: mov dword [ebp + (32)0xfffffef8], ecx 0x400b978a: j(e,z) dword (32)0x x400b9790: mov edx, dword [ebp + (8)0x ] 0x400b9793: mov eax, dword [edx + (8)0x ] 0x400b9796: cmp eax, dword [edx + (8)0x ] 0x400b9799: j(nb,ae) dword (32)0x x400b979f: 0x400b97a2: 0x400b97a3: mov edx, dword [ebp + (8)0x ] 0x400b97a6: mov dword [ebp + (32)0xffffff64], ecx 0x400b97ac: mov dword [edx + (8)0x ], eax 0x400b97af: cmp dword [ebp + (32)0xffffff64], (8)0xffffffff 0x400b97b6: j(e,z) dword (32)0x x400b97bc: inc dword [ebp + (32)0xffffff68] 0x400b97c2: mov eax, dword [ebp + (32)0xffffff64] 0x400b97c8: mov dword [ebp + (32)0xffffff64], eax 0x400b97ce: mov eax, dword [ebp + (32)0xffffff60] 0x400b97d4: 0x400b97d6: j(e,z) byte (8)0x a 0x400b97d8: movzx edx, byte [ebp + (32)0xffffff64] 0x400b97df: mov ecx, dword [ebp + (32)0xffffff54] 0x400b97e5: mov eax, dword [ecx + (8)0x ] 0x400b97e8: cmp dword [eax + edx*4], (8)0x x400b97ec: j(e,z) dword (32)0x c 0x400b97f2: mov eax, dword [ebp + (32)0xffffff30] 0x400b97f8: 0x400b97fa: j(ne,nz) byte (8)0x x400ba721: test dword [ebp + (32)0xffffff5c], (32)0x x400ba72b: j(e,z) dword (32)0xfffff0fd 0x400b982e: cmp dword [ebp + (32)0xffffff64], (8)0xffffffff 0x400b9835: j(e,z) dword (32)0x00003a90 0x400b983b: mov edi, dword [ebp + (32)0xffffff60] 0x400b9841: 0x400b9843: j(e,z) dword (32)0x00003a82 0x400b9849: mov ecx, dword [ebx + (32)0xffffff38] 0x400b984f: mov dword [ebp + (32)0xfffffed0], ecx 0x400b9855: cmp dword [ebp + (32)0xffffff30], (8)0x x400b985c: j(e,z) dword (32)0x00000cd2 0x400b9862: mov eax, dword [ebp + (32)0xffffff64] 0x400b9868: sub eax, (8)0x x400b986b: cmp eax, (8)0x x400b986e: j(nbe,a) byte (8)0x c 0x400b987c: cmp dword [ebp + (32)0xffffff30], (8)0x a 0x400b9883: j(ne,nz) dword (32)0x00003a42 0x400b9889: test byte [ebp + (32)0xffffff5c], (8)0x x400b9890: j(e,z) dword (32)0x00003a35 0x400ba54e: mov eax, dword [ebp + (32)0xfffffefc] 0x400ba554: cmp dword [ebp + (32)0xfffffef8], eax 0x400ba55a: j(e,z) dword (32)0x x400ba560: movzx edx, byte [ebp + (32)0xffffff64] 0x400ba567: mov eax, dword [ebp + (32)0xfffffef8] 0x400ba56d: mov ecx, dword [ebp + (32)0xffffff00] 0x400ba573: mov byte [eax + ecx], dl 0x400ba576: 0x400ba577: mov dword [ebp + (32)0xfffffef8], eax 0x400ba57d: 0x400ba57f: cmp dword [ebp + (32)0xffffff60], (8)0x x400ba586: set(nle,g) al 0x400ba589: sub dword [ebp + (32)0xffffff60], eax 0x400ba58f: cmp dword [ebp + (32)0xffffff64], (8)0xffffffff 0x400ba596: j(e,z) dword (32)0x000000b6 0x400ba59c: mov edx, dword [ebp + (8)0x ] 0x400ba59f: mov eax, dword [edx + (8)0x ] 0x400ba5a2: cmp eax, dword [edx + (8)0x ] 0x400ba5a5: j(nb,ae) dword (32)0x000025a7 0x400ba5ab: 0x400ba5ae: 0x400ba5af: mov edx, dword [ebp + (8)0x ] 0x400ba5b2: mov dword [ebp + (32)0xffffff64], ecx 0x400ba5b8: mov dword [edx + (8)0x ], eax 0x400ba5bb: cmp dword [ebp + (32)0xffffff64], (8)0xffffffff 0x400ba5c2: j(e,z) dword (32)0x000000d0 0x400ba5c8: inc dword [ebp + (32)0xffffff68] 0x400ba5ce: mov eax, dword [ebp + (32)0xffffff64] 0x400ba5d4: mov dword [ebp + (32)0xffffff64], eax 0x400ba5da: 0x400ba5db: j(e,z) dword (32)0x00002cea 0x400ba5e1: mov edi, dword [ebp + (32)0xffffff60] 0x400ba5e7: 0x400ba5e9: j(ne,nz) dword (32)0xfffff266 0x400b986e: j(nbe,a) byte (8)0x c 0x400bd2cb: mov esi, dword [ebp + (32)0xfffffef8] 0x400bd2d1: 0x400bd2d3: j(e,z) dword (32)0x x400bd2d9: cmp dword [ebp + (32)0xfffffef8], (8)0x x400bd2e0: j(e,z) dword (32)0x x400bd52e: mov edx, dword [ebp + (32)0xffffff00] 0x400bd534: movzx eax, byte [edx] 0x400bd537: cmp al, (8)0x b 0x400bd539: 0x400bd53c: cmp al, (8)0x d 0x400bd53e: 0x400bd541: 0x400bd543: 0x400bd545: j(e,z) dword (32)0xfffffd9b 0x400bd2e6: cmp dword [ebp + (32)0xffffff64], (8)0xffffffff 0x400bd2ed: j(e,z) byte (8)0x c 0x400bd2ef: movzx eax, byte [ebp + (32)0xffffff64] 0x400bd2f6: dec dword [ebp + (32)0xffffff68] 0x400bd2fc: mov dword [esp + (8)0x ], eax 0x400bd300: mov eax, dword [ebp + (8)0x ] 0x400bd303: 0x400bd306: call dword (32)0x x400bd3e0: mov eax, dword [ebp + (32)0xffffff2c] 0x400bd3e6: 0x400bd3e8: j(e,z) dword (32)0x d 0x400bd3ee: mov eax, dword [ebp + (32)0xffffff5c] 0x400bd3f4: and eax, (32)0x x400bd3f9: mov dword [esp + (8)0x c], eax 0x400bd3fd: mov eax, dword [ebp + (32)0xffffff30] 0x400bd403: mov dword [esp + (8)0x ], eax 0x400bd407: lea eax, dword [ebp + (8)0xffffff80] 0x400bd40a: mov dword [esp + (8)0x ], eax 0x400bd40e: mov edx, dword [ebp + (32)0xffffff00] 0x400bd414: 0x400bd417: call dword (32)0xfffe08b4 0x400bd4c8: mov eax, dword [ebp + (32)0xffffff5c] 0x400bd4ce: and eax, (32)0x x400bd4d3: mov dword [esp + (8)0x c], eax 0x400bd4d7: mov edx, dword [ebp + (32)0xffffff30] 0x400bd4dd: lea eax, dword [ebp + (8)0xffffff80] 0x400bd4e0: mov dword [esp + (8)0x ], eax 0x400bd4e4: mov dword [esp + (8)0x ], edx 0x400bd4e8: mov ecx, dword [ebp + (32)0xffffff00] 0x400bd4ee: 0x400bd4f1: call dword (32)0xfffe09ba 0x4009dcd0: 0x4009dcd1: 0x4009dcd3: 0x4009dcd4: 0x4009dcd7: 0x4009dcde: call dword (32)0xfffe9c6e 0x400bd4fb: mov eax, dword [ebp + (32)0xffffff5c] 0x400bd501: and eax, (32)0x x400bd506: mov dword [esp + (8)0x c], eax 0x400bd50a: mov ecx, dword [ebp + (32)0xffffff30] 0x400bd510: lea eax, dword [ebp + (8)0xffffff80] 0x400bd513: mov dword [esp + (8)0x ], eax 0x400bd517: mov dword [esp + (8)0x ], ecx 0x400bd51b: mov eax, dword [ebp + (32)0xffffff00] 0x400bd521: 0x400bd524: call dword (32)0xfffe0847 0x4009df00: 0x4009df01: 0x4009df03: 0x4009df04: 0x4009df05: 0x4009df06: sub esp, (8)0x x4009df09: mov eax, dword [ebp + (8)0x ] 0x4009df0c: call dword (32)0xfffe9a40 0x4009df71: mov esi, dword [ebp + (8)0x ] 0x4009df74: mov edx, dword [ebp + (8)0x ] 0x4009df77: mov dword [ebp + (8)0xffffffe0], esi 0x4009df7a: mov ecx, dword [edx + (8)0x ] 0x4009df7d: movsx eax, byte [esi] 0x4009df80: test byte [ecx + eax*2 + (8)0x ], (8)0x x4009df85: j(e,z) byte (8)0x x4009dfa0: mov ecx, dword [ebp + (8)0x ] 0x4009dfa3: movzx edx, byte [ecx] 0x4009dfa6: test dl, dl 0x4009dfa8: j(e,z) dword (32)0x f 0x4009dfae: mov dword [ebp + (8)0xfffffff0], (32)0x x4009dfb5: cmp dl, (8)0x d 0x4009dfb8: j(e,z) dword (32)0x000001d0 0x4009dfbe: cmp dl, (8)0x b 0x4009dfc1: j(e,z) dword (32)0x000001ce 0x4009dfc7: cmp dl, (8)0x x4009dfca: j(e,z) dword (32)0x b 0x4009e15b: 0x4009e15d: 0x4009e160: cmp edi, (8)0x x4009e163: 0x4009e166: 0x4009e168: 0x4009e16a: j(e,z) byte (8)0x x4009e095: mov byte [ebp + (8)0xffffffc7], al 0x4009e098: movzx eax, byte [ebp + (8)0xffffffc7] 0x4009e09c: cmp eax, edi 0x4009e09e: j(nl,ge) byte (8)0x x4009e0a0: mov edx, dword [ebp + (8)0xffffffec] 0x4009e0a3: cmp dword [ebp + (8)0xffffffe4], edx 0x4009e0a6: j(nbe,a) byte (8)0x x4009e0a8: j(e,z) byte (8)0x c 0x4009e0aa: movzx eax, byte [ebp + (8)0xffffffc7] 0x4009e0ae: mov ecx, dword [ebp + (8)0xffffffe4] 0x4009e0b1: imul ecx, edi 0x4009e0b4: add ecx, eax 0x4009e0b6: mov dword [ebp + (8)0xffffffe4], ecx 0x4009e0b9: 0x4009e0ba: 0x4009e0bd: 0x4009e0bf: mov byte [ebp + (8)0xffffffc7], al 0x4009e0c2: j(ne,nz) dword (32)0xffffff68 0x4009e0c8: cmp esi, dword [ebp + (8)0xffffffe0] 0x4009e0cb: j(e,z) dword (32)0x c 0x4009e0d1: mov eax, dword [ebp + (8)0x c] 0x4009e0d4: 0x4009e0d6: j(e,z) byte (8)0x x4009e0d8: mov edx, dword [ebp + (8)0x c] 0x4009e0db: mov dword [edx], esi 0x4009e0dd: mov eax, dword [ebp + (8)0xffffffd8] 0x4009e0e0: 0x4009e0e2: j(ne,nz) byte (8)0x x4009e0e4: mov eax, dword [ebp + (8)0xfffffff0] 0x4009e0e7: 0x4009e0e9: j(e,z) dword (32)0x000000af 0x4009e18e: mov dword [ebp + (8)0xfffffff0], (32)0x x4009e195: 0x4009e196: movzx edx, byte [esi] 0x4009e199: jmp dword (32)0xfffffe29 0x4009e17c: 0x4009e17e: j(ne,nz) dword (32)0xfffffe56 0x4009dfda: mov dword [ebp + (8)0xffffffe0], esi 0x4009dfdd: cmp edi, (8)0x a 0x4009dfe0: mov eax, (32)0x x4009dfe5: cmov(e,z) eax, dword [ebp + (8)0xffffffcc] 0x4009dfe9: mov dword [ebp + (8)0xffffffdc], (32)0x x4009dff0: 0x4009dff2: mov dword [ebp + (8)0xffffffcc], eax 0x4009dff5: j(ne,nz) dword (32)0x c 0x4009dffb: movzx ecx, byte [edi + ebx + (32)0xffff736a] 0x4009e003: mov dword [ebp + (8)0xffffffd8], (32)0x x4009e00a: mov edx, dword [ebx + edi*4 + (32)0xffff73a4] 0x4009e011: mov dword [ebp + (8)0xffffffe4], (32)0x x4009e018: mov dword [ebp + (8)0xffffffec], edx 0x4009e01b: mov dword [ebp + (8)0xffffffe8], ecx 0x4009e01e: 0x4009e021: mov byte [ebp + (8)0xffffffc7], al 0x4009e024: 0x4009e026: j(e,z) dword (32)0x c 0x4009e02c: lea esi, dword [esi + (8)0x ] 0x4009e030: cmp esi, dword [ebp + (8)0xffffffdc] 0x4009e033: j(e,z) dword (32)0x f 0x4009e039: movzx eax, byte [ebp + (8)0xffffffc7] 0x4009e03d: 0x4009e03f: 0x4009e041: 0x4009dfe9: mov dword [ebp + (8)0xffffffdc], (32)0x x4009e19e: mov eax, dword [ebp + (8)0xffffffe4] 0x4009e1a1: 0x4009e1a3: j(ns) dword (32)0xffffff53 0x4009df69: add esp, (8)0x x4009df6c: 0x4009df6d: 0x4009df6e: 0x4009df6f: 0x4009df70: 0x4009e030: cmp esi, dword [ebp + (8)0xffffffdc] 0x4009e033: j(e,z) dword (32)0x f 0x4009e039: movzx eax, byte [ebp + (8)0xffffffc7] 0x4009e03d: 0x4009e03f: 0x4009e041: 0x4009e0fc: mov edi, dword [ebp + (8)0xffffffd8] 0x4009e0ff: 0x4009e101: j(ne,nz) byte (8)0x x4009e103: mov eax, dword [ebp + (8)0xffffffe4] 0x4009e106: mov esi, dword [ebp + (8)0xfffffff0] 0x4009e109: neg eax 0x4009e10b: 0x4009e10d: cmov(e,z) eax, dword [ebp + (8)0xffffffe4] 0x4009e111: jmp dword (32)0xfffffe53 0x4009dd16: add esp, (8)0x x4009dd19: 0x4009dd1a: 0x4009dd1b: 0x400bd41c: mov dword [ebp + (32)0xffffff1c], eax 0x400bd422: jmp dword (32)0xffffff55 0x400bd37c: mov edx, dword [ebp + (32)0xffffff00] 0x400bd382: cmp edx, dword [ebp + (8)0xffffff80] 0x400bd385: j(e,z) dword (32)0xffffbe8e 0x400bd38b: test byte [ebp + (32)0xffffff5c], (8)0x x400bd392: j(ne,nz) dword (32)0xffffba2b 0x400bd398: mov eax, dword [ebp + (32)0xffffff2c] 0x400bd39e: 0x400bd3a0: j(ne,nz) dword (32)0x000000e2 0x400bd488: test byte [ebp + (32)0xffffff5c], (8)0x x400bd48f: j(e,z) dword (32)0x f 0x400bd7b9: test byte [ebp + (32)0xffffff5c], (8)0x x400bd7c0: j(e,z) dword (32)0x000000a7 0x400bd7e4: test byte [ebp + (32)0xffffff5c], (8)0x x400bd7eb: j(e,z) dword (32)0x000000aa 0x400bd89b: test dword [ebp + (32)0xffffff5c], (32)0x x400bd8a5: j(ne,nz) dword (32)0x x400bd8ab: mov eax, dword [ebp + (32)0xfffffeec] 0x400bd8b1: 0x400bd8b3: j(ne,nz) dword (32)0x000000d1 0x400bd8b9: mov eax, dword [ebp + (32)0xffffff74] 0x400bd8bf: add dword [ebp + (32)0xffffff74], (8)0x x400bd8c6: 0x400bd8c8: mov edx, dword [ebp + (32)0xffffff1c] 0x400bd8ce: mov dword [eax], edx 0x400bd8d0: jmp dword (32)0xffffdaaf 0x400bb384: inc dword [ebp + (32)0xffffff6c] 0x400bb38a: jmp dword (32)0xffffda34 0x400b9855: cmp dword [ebp + (32)0xffffff30], (8)0x x400b985c: j(e,z) dword (32)0x00000cd2 0x400b9862: mov eax, dword [ebp + (32)0xffffff64] 0x400b9868: sub eax, (8)0x x400b986b: cmp eax, (8)0x x400b986e: j(nbe,a) byte (8)0x c 0x400ba5f4: add eax, eax 0x400ba5f6: mov edx, dword [ebp + (32)0xffffff00] 0x400ba5fc: cmp eax, (32)0x000000ff 0x400ba601: mov dword [ebp + (32)0xfffffefc], eax 0x400ba607: mov eax, (32)0x x400ba60c: cmov(nbe,a) eax, dword [ebp + (32)0xfffffefc] 0x400ba613: mov dword [ebp + (32)0xfffffefc], eax 0x400ba619: lea eax, dword [eax*4 + (32)0x ] 0x400ba620: sub esp, eax 0x400ba622: lea ecx, dword [esp + (8)0x f] 0x400ba626: and ecx, (8)0xfffffff0 0x400ba629: 0x400ba62b: mov dword [ebp + (32)0xffffff00], ecx 0x400ba631: j(e,z) dword (32)0xffffff29 0x4009dfc7: cmp dl, (8)0x x4009dfca: j(e,z) dword (32)0x b 0x4009dfd0: 0x4009dfd2: mov eax, (32)0x a 0x4009dfd7: cmov(e,z) edi, eax 0x4009dfda: mov dword [ebp + (8)0xffffffe0], esi 0x4009dfdd: cmp edi, (8)0x a 0x4009dfe0: mov eax, (32)0x x4009dfe5: cmov(e,z) eax, dword [ebp + (8)0xffffffcc] 0x4009dfe9: mov dword [ebp + (8)0xffffffdc], (32)0x x4009dff0: 0x4009dff2: mov dword [ebp + (8)0xffffffcc], eax 0x4009dff5: j(ne,nz) dword (32)0x c 0x4009dffb: movzx ecx, byte [edi + ebx + (32)0xffff736a] 0x4009e003: mov dword [ebp + (8)0xffffffd8], (32)0x x4009e00a: mov edx, dword [ebx + edi*4 + (32)0xffff73a4] 0x4009e011: mov dword [ebp + (8)0xffffffe4], (32)0x x4009e018: mov dword [ebp + (8)0xffffffec], edx 0x4009e01b: mov dword [ebp + (8)0xffffffe8], ecx 0x4009e01e: 0x4009e021: mov byte [ebp + (8)0xffffffc7], al 0x4009e024: 0x4009e026: j(e,z) dword (32)0x c 0x4009e02c: lea esi, dword [esi + (8)0x ] 0x4009e030: cmp esi, dword [ebp + (8)0xffffffdc] 0x4009e033: j(e,z) dword (32)0x f 0x4009e039: movzx eax, byte [ebp + (8)0xffffffc7] 0x4009e03d: 0x4009e03f: 0x4009e041: 0x400b93c5: cmp byte [ebp + (32)0xfffffec3], (8)0x x400b93cc: j(e,z) dword (32)0xfffffe47 0x400b93d2: inc dword [ebp + (32)0xffffff70] 0x400b93d8: mov ecx, dword [ebp + (32)0xffffff08] 0x400b93de: 0x400b93e0: j(ne,nz) byte (8)0x x400b9596: j(e,z) dword (32)0x00001ae2 0x400b99f3: 0x400b99f5: jmp dword (32)0xfffffc37 0x400b9631: mov dword [ebp + (32)0xffffff2c], eax 0x400b9637: cmp dword [ebp + (32)0xffffff64], (8)0xffffffff 0x400b963e: j(e,z) dword (32)0x x400b9644: mov edx, dword [ebp + (8)0x ] 0x400b9647: mov eax, dword [edx + (8)0x ] 0x400b964a: cmp eax, dword [edx + (8)0x ] 0x400b964d: j(nb,ae) dword (32)0x x400b9653: 0x400b9656: 0x400b9657: mov edx, dword [ebp + (8)0x ] 0x400b965a: mov dword [ebp + (32)0xffffff64], ecx 0x400b9660: mov dword [edx + (8)0x ], eax 0x400b9663: cmp dword [ebp + (32)0xffffff64], (8)0xffffffff 0x400b966a: j(e,z) dword (32)0x x400b9670: inc dword [ebp + (32)0xffffff68] 0x400b9676: mov esi, dword [ebp + (32)0xffffff64] 0x400b967c: mov dword [ebp + (32)0xffffff64], esi 0x400b9682: cmp esi, (8)0xffffffff 0x400b9685: j(e,z) dword (32)0x f 0x400b968b: cmp dword [ebp + (32)0xffffff64], (8)0x d 0x400b9692: 0x400b9695: cmp dword [ebp + (32)0xffffff64], (8)0x b 0x400b969c: 0x400b969f: 0x400b96a1: 0x400b96a3: j(e,z) byte (8)0x e 0x400b965a: mov dword [ebp + (32)0xffffff64], ecx 0x400bd86d: test dword [ebp + (32)0xffffff5c], (32)0x x400bd877: j(ne,nz) dword (32)0x x400bd87d: mov edi, dword [ebp + (32)0xfffffeec] 0x400bd883: 0x400bd885: j(e,z) byte (8)0x x400bd8b9: mov eax, dword [ebp + (32)0xffffff74] 0x400bd8bf: add dword [ebp + (32)0xffffff74], (8)0x x400bd8c6: 0x400bd8c8: mov edx, dword [ebp + (32)0xffffff1c] 0x400bd8ce: mov dword [eax], edx 0x400bd8d0: jmp dword (32)0xffffdaaf 0x4009deb0: 0x4009deb1: 0x4009deb3: 0x4009deb4: 0x4009deb7: 0x4009debe: call dword (32)0xfffe9a8e 0x4009ecf0: 0x4009ecf1: 0x4009ecf3: 0x4009ecf4: 0x4009ecf5: 0x4009ecf6: sub esp, (8)0x c 0x4009ecf9: mov eax, dword [ebp + (8)0x ] 0x4009ecfc: call dword (32)0xfffe8c50 0x4009ed63: mov edi, dword [ebp + (8)0x ] 0x4009ed66: mov edx, dword [ebp + (8)0x ] 0x4009ed69: mov dword [ebp + (8)0xffffffd8], edi 0x4009ed6c: mov ecx, dword [edx + (8)0x ] 0x4009ed6f: movsx eax, byte [edi] 0x4009ed72: test byte [ecx + eax*2 + (8)0x ], (8)0x x4009ed77: j(e,z) byte (8)0x x4009ed90: mov ecx, dword [ebp + (8)0x ] 0x4009ed93: movzx edx, byte [ecx] 0x4009ed96: test dl, dl 0x4009ed98: j(e,z) dword (32)0x d 0x4009ed9e: mov dword [ebp + (8)0xfffffff0], (32)0x x4009eda5: cmp dl, (8)0x d 0x4009eda8: j(e,z) dword (32)0x e 0x4009edae: cmp dl, (8)0x b 0x4009edb1: j(e,z) dword (32)0x c 0x4009edb7: cmp dl, (8)0x x4009edba: j(e,z) dword (32)0x x4009edc0: 0x4009edc2: mov eax, (32)0x a 0x4009edc7: cmov(e,z) esi, eax 0x4009edca: mov dword [ebp + (8)0xffffffd8], edi 0x4009edcd: cmp esi, (8)0x a 0x4009edd0: mov eax, (32)0x x4009edd5: cmov(e,z) eax, dword [ebp + (8)0xffffffc4] 0x4009edd9: mov dword [ebp + (8)0xffffffd4], (32)0x x4009ede0: 0x4009ede2: mov dword [ebp + (8)0xffffffc4], eax 0x4009ede5: j(ne,nz) dword (32)0x000001fa 0x4009edeb: mov dword [ebp + (8)0xffffffd0], (32)0x x4009edf2: mov ecx, dword [ebx + esi*8 + (32)0xffff7480] 0x4009edf9: mov edx, dword [ebx + esi*8 + (32)0xffff747c] 0x4009ee00: mov dword [ebp + (8)0xffffffec], ecx 0x4009ee03: movzx ecx, byte [esi + ebx + (32)0xffff744a] 0x4009ee0b: mov dword [ebp + (8)0xffffffe8], edx 0x4009ee0e: mov edx, dword [ebx + esi*4 + (32)0xffff73a4] 0x4009ee15: mov dword [ebp + (8)0xffffffe4], ecx 0x4009ee18: movzx eax, byte [edi] 0x4009ee1b: mov dword [ebp + (8)0xffffffc0], (32)0x x4009ee22: mov dword [ebp + (8)0xffffffbc], edx 0x4009ee25: 0x4009ee27: mov byte [ebp + (8)0xffffff9b], al 0x4009ee2a: j(e,z) dword (32)0x x4009ee30: cmp edi, dword [ebp + (8)0xffffffd4] 0x4009ee33: j(e,z) dword (32)0x d 0x4009ee39: movzx eax, byte [ebp + (8)0xffffff9b] 0x4009ee3d: 0x4009ee3f: 0x4009ee41: 0x4009ee95: mov byte [ebp + (8)0xffffff9b], al 0x4009ee98: movzx edx, byte [ebp + (8)0xffffff9b] 0x4009ee9c: cmp edx, esi 0x4009ee9e: j(nl,ge) byte (8)0x x4009eea0: mov eax, dword [ebp + (8)0xffffffbc] 0x4009eea3: cmp dword [ebp + (8)0xffffffc0], eax 0x4009eea6: j(nb,ae) dword (32)0x x4009eeac: mov eax, dword [ebp + (8)0xffffffc0] 0x4009eeaf: imul eax, esi 0x4009eeb2: 0x4009eeb4: mov dword [ebp + (8)0xffffffc0], eax 0x4009eeb7: 0x4009eeb8: movzx edx, byte [edi] 0x4009eebb: test dl, dl 0x4009eebd: mov byte [ebp + (8)0xffffff9b], dl 0x4009eec0: j(ne,nz) dword (32)0xffffff6a 0x4009ef19: 0x4009ef1b: 0x4009ef1e: cmp esi, (8)0x x4009ef21: 0x4009ef24: 0x4009ef26: 0x4009ef28: j(e,z) byte (8)0x x4009ee30: cmp edi, dword [ebp + (8)0xffffffd4] 0x4009ee33: j(e,z) dword (32)0x d 0x4009ee39: movzx eax, byte [ebp + (8)0xffffff9b] 0x4009ee3d: 0x4009ee3f: 0x4009ee41: 0x4009ed5b: add esp, (8)0x c 0x4009ed5e: 0x4009ed5f: 0x4009ed60: 0x4009ed61: 0x4009ed62: 0x4009def6: add esp, (8)0x x4009def9: 0x4009defa: 0x4009defb: 0x400bd4f6: jmp dword (32)0xfffffe75 0x400bd370: mov dword [ebp + (32)0xffffff1c], eax 0x400bd376: mov dword [ebp + (32)0xffffff20], edx 0x400bd37c: mov edx, dword [ebp + (32)0xffffff00] 0x400bd382: cmp edx, dword [ebp + (8)0xffffff80] 0x400bd385: j(e,z) dword (32)0xffffbe8e 0x400bd38b: test byte [ebp + (32)0xffffff5c], (8)0x x400bd392: j(ne,nz) dword (32)0xffffba2b 0x400bd398: mov eax, dword [ebp + (32)0xffffff2c] 0x400bd39e: 0x400bd3a0: j(ne,nz) dword (32)0x000000e2 0x400bd3a6: test byte [ebp + (32)0xffffff5c], (8)0x x400bd3ad: j(e,z) dword (32)0x x400bd3b3: mov eax, dword [ebp + (32)0xfffffeec] 0x400bd3b9: 0x400bd3bb: j(e,z) dword (32)0x000000e2 0x400bd4a3: mov eax, dword [ebp + (32)0xffffff74] 0x400bd4a9: add dword [ebp + (32)0xffffff74], (8)0x x400bd4b0: 0x400bd4b2: mov edx, dword [ebp + (32)0xffffff1c] 0x400bd4b8: mov ecx, dword [ebp + (32)0xffffff20] 0x400bd4be: mov dword [eax], edx 0x400bd4c0: mov dword [eax + (8)0x ], ecx 0x400bd4c3: jmp dword (32)0xffffdebc 0x4009e4ea: movzx eax, byte [ebp + (8)0xffffffc7] 0x4009e4ee: mov ecx, dword [ebp + (8)0xffffffe4] 0x4009e4f1: imul ecx, edi 0x4009e4f4: add ecx, eax 0x4009e4f6: mov dword [ebp + (8)0xffffffe4], ecx 0x4009e4f9: 0x4009e4fa: 0x4009e4fd: 0x4009e4ff: mov byte [ebp + (8)0xffffffc7], al 0x4009e502: j(ne,nz) dword (32)0xffffff68 0x4009e508: cmp esi, dword [ebp + (8)0xffffffe0] 0x4009e50b: j(e,z) dword (32)0x000000dc 0x4009e511: mov eax, dword [ebp + (8)0x c] 0x4009e514: 0x4009e516: j(e,z) byte (8)0x x4009e518: mov edx, dword [ebp + (8)0x c] 0x4009e51b: mov dword [edx], esi 0x4009e51d: mov edi, dword [ebp + (8)0xffffffd8] 0x4009e520: 0x4009e522: j(ne,nz) dword (32)0x000001bc 0x4009e528: mov eax, dword [ebp + (8)0xffffffe4] 0x4009e52b: mov esi, dword [ebp + (8)0xfffffff0] 0x4009e52e: neg eax 0x4009e530: 0x4009e532: cmov(e,z) eax, dword [ebp + (8)0xffffffe4] 0x4009e536: add esp, (8)0x x4009e539: 0x4009e53a: 0x4009e53b: 0x4009e53c: 0x4009e53d: 0x400b9140: mov edx, dword [ebp + (32)0xffffff70] 0x400b9146: movzx edx, byte [edx] 0x400b9149: cmp dl, (8)0x a 0x400b914c: 0x400b914f: mov byte [ebp + (32)0xfffffec3], dl 0x400b9155: cmp dl, (8)0x x400b9158: 0x400b915b: 0x400b915d: 0x400b915f: j(ne,nz) byte (8)0xffffffbf 0x400b9161: cmp byte [ebp + (32)0xfffffec3], (8)0x x400b9168: j(ne,nz) dword (32)0x f 0x400b92dd: movzx eax, byte [ebp + (32)0xfffffec3] 0x400b92e4: mov ecx, dword [ebp + (32)0xffffff5c] 0x400b92ea: sub eax, (8)0x x400b92ed: cmp eax, (8)0x x400b92f0: set(be,na) dl 0x400b92f3: or ecx, (8)0x x400b92f6: test dl, (8)0x x400b92f9: cmov(e,z) ecx, dword [ebp + (32)0xffffff5c] 0x400b9300: 0x400b9302: cmp eax, (8)0x x400b9305: mov dword [ebp + (32)0xffffff60], edx 0x400b930b: mov dword [ebp + (32)0xffffff5c], ecx 0x400b9311: j(nbe,a) byte (8)0x x400b9a91: cmp dword [ebp + (32)0xffffff64], (8)0xffffffff 0x400b9a98: j(e,z) dword (32)0x x400b9a9e: mov edx, dword [ebp + (8)0x ] 0x400b9aa1: mov eax, dword [edx + (8)0x ] 0x400b9aa4: cmp eax, dword [edx + (8)0x ] 0x400b9aa7: j(nb,ae) dword (32)0x x400b9aad: 0x400b9ab0: 0x400b9ab1: mov edx, dword [ebp + (8)0x ] 0x400b9ab4: mov dword [ebp + (32)0xffffff64], ecx 0x400b9aba: mov dword [edx + (8)0x ], eax 0x400b9abd: cmp dword [ebp + (32)0xffffff64], (8)0xffffffff 0x400b9ac4: j(e,z) dword (32)0x x400b9aca: inc dword [ebp + (32)0xffffff68] 0x400b9ad0: mov eax, dword [ebp + (32)0xffffff64] 0x400b9ad6: mov dword [ebp + (32)0xffffff64], eax 0x400b9adc: 0x400b9add: j(ne,nz) byte (8)0x x400b9af7: mov edx, dword [ebp + (32)0xffffff54] 0x400b9afd: mov ecx, dword [ebp + (32)0xffffff64] 0x400b9b03: mov eax, dword [edx + (8)0x ] 0x400b9b06: test byte [eax + ecx*2 + (8)0x ], (8)0x x400b9b0b: j(ne,nz) dword (32)0x00003f61 0x400b9b11: test byte [ebp + (32)0xffffff5c], (8)0x x400b9b18: j(ne,nz) byte (8)0x x400b9b51: mov ecx, dword [ebp + (32)0xffffff60] 0x400b9b57: 0x400b9b59: j(le,ng) byte (8)0x x400b9b6f: cmp dword [ebp + (32)0xffffff64], (8)0xffffffff 0x400b9b76: j(e,z) dword (32)0x00003f95 0x400b9b7c: mov edx, dword [ebp + (8)0x ] 0x400b9b7f: mov eax, dword [edx + (8)0x ] 0x400b9b82: cmp eax, dword [edx + (8)0x ] 0x400b9b85: j(nb,ae) dword (32)0x a 0x400b9b8b: 0x400b9b8e: 0x400b9b8f: mov edx, dword [ebp + (8)0x ] 0x400b9b92: mov dword [ebp + (32)0xffffff64], ecx 0x400b9b98: mov dword [edx + (8)0x ], eax 0x400b9b9b: cmp dword [ebp + (32)0xffffff64], (8)0xffffffff 0x400b9ba2: j(ne,nz) dword (32)0xffffff3c 0x400b9ae4: inc dword [ebp + (32)0xffffff68] 0x400b9aea: cmp dword [ebp + (32)0xffffff64], (8)0xffffffff 0x400b9af1: j(e,z) dword (32)0x00003f97 0x400b9af7: mov edx, dword [ebp + (32)0xffffff54] 0x400b9afd: mov ecx, dword [ebp + (32)0xffffff64] 0x400b9b03: mov eax, dword [edx + (8)0x ] 0x400b9b06: test byte [eax + ecx*2 + (8)0x ], (8)0x x400b9b0b: j(ne,nz) dword (32)0x00003f61 0x400bda72: movzx eax, byte [ebp + (32)0xffffff64] 0x400bda79: dec dword [ebp + (32)0xffffff68] 0x400bda7f: mov dword [esp + (8)0x ], eax 0x400bda83: mov ecx, dword [ebp + (8)0x ] 0x400bda86: 0x400bda89: call dword (32)0x00012cb2 0x4009e583: 0x4009e585: j(ne,nz) dword (32)0xfffffe8f 0x4009e41a: mov dword [ebp + (8)0xffffffe0], esi 0x4009e41d: cmp edi, (8)0x a 0x4009e420: mov eax, (32)0x x4009e425: cmov(e,z) eax, dword [ebp + (8)0xffffffcc] 0x4009e429: mov dword [ebp + (8)0xffffffdc], (32)0x x4009e430: 0x4009e432: mov dword [ebp + (8)0xffffffcc], eax 0x4009e435: j(ne,nz) dword (32)0x000001ec 0x4009e43b: movzx ecx, byte [edi + ebx + (32)0xffff736a] 0x4009e443: mov dword [ebp + (8)0xffffffd8], (32)0x x4009e44a: mov edx, dword [ebx + edi*4 + (32)0xffff73a4] 0x4009e451: mov dword [ebp + (8)0xffffffe4], (32)0x x4009e458: mov dword [ebp + (8)0xffffffec], edx 0x4009e45b: mov dword [ebp + (8)0xffffffe8], ecx 0x4009e45e: 0x4009e461: mov byte [ebp + (8)0xffffffc7], al 0x4009e464: 0x4009e466: j(e,z) dword (32)0x c 0x4009e46c: lea esi, dword [esi + (8)0x ] 0x4009e470: cmp esi, dword [ebp + (8)0xffffffdc] 0x4009e473: j(e,z) dword (32)0x f 0x4009e479: movzx eax, byte [ebp + (8)0xffffffc7] 0x4009e47d: 0x4009e47f: 0x4009e481: 0x400b9270: mov esi, dword [ebp + (32)0xfffffef4] 0x400b9276: 0x400b9278: j(ne,nz) byte (8)0x x400b927a: mov edx, dword [ebp + (8)0x ] 0x400b927d: 0x400b927f: j(e,z) byte (8)0x b 0x400b928c: mov edx, dword [ebp + (32)0xffffff6c] 0x400b9292: lea esp, dword [ebp + (8)0xfffffff4] 0x400b9295: 0x400b9297: 0x400b9298: 0x400b9299: 0x400b929a: 0x400b929b: 0x400c71b9: add esp, (32)0x000000b4 0x400c71bf: 0x400c71c0: 0x400c71c1: 0x400c71c2: 0x400c281b: 0x400c281e: 0x400c281f: 0x400c2820: 0x08051b76: mov edx, dword [esi + (32)0x000001cc] 0x08051b7c: add esp, (32)0x x08051b82: 0x08051b84: j(ne,nz) byte (8)0x a 0x08051bfe: add esp, (8)0x x08051c01: 0x08051c02: 0x08051b90: 0x08051b93: 0x08051b94: 0x08051b95: 0x08051b96: 0x08051b97: 0x08052f69: jmp dword (32)0xffffff51 0x08052ebf: test byte [esp + (8)0x ], (8)0x x08052ec4: j(ne,nz) dword (32)0x x080531dc: 0x080531df: lea ecx, dword [ebx + (32)0x000053e8] 0x080531e5: lea edx, dword [ebx + (32)0xffffe9c5] 0x080531eb: push (32)0x x080531f0: mov eax, dword [esp + (8)0x ] 0x080531f4: call dword (32)0xffffea17 0x08051bb0: 0x08051bb1: lea ecx, dword [edx + (32)0x000000a8] 0x08051bb7: 0x08051bba: 0x08051bbf: 0x08051bc0: add ebx, (32)0x00008b39 0x08051bc6: 0x08051bc7: lea ecx, dword [edx + (32)0x000000a4] 0x08051bcd: 0x08051bce: lea ecx, dword [edx + (32)0x000000a0] 0x08051bd4: 0x08051bd5: lea ecx, dword [edx + (32)0x c] 0x08051bdb: 0x08051bdc: lea ecx, dword [edx + (32)0x ] 0x08051be2: 0x08051be3: lea ecx, dword [edx + (32)0x ] 0x08051be9: 0x08051bea: add edx, (32)0x x08051bf0: lea ecx, dword [ebx + (32)0xffffe99a] 0x08051bf6: 0x08051bf7: 0x08051bf8: 0x08051bf9: call dword (32)0xffff811e 0x400ba560: movzx edx, byte [ebp + (32)0xffffff64] 0x400ba567: mov eax, dword [ebp + (32)0xfffffef8] 0x400ba56d: mov ecx, dword [ebp + (32)0xffffff00] 0x400ba573: mov byte [eax + ecx], dl 0x400ba576: 0x400ba577: mov dword [ebp + (32)0xfffffef8], eax 0x400ba57d: 0x400ba57f: cmp dword [ebp + (32)0xffffff60], (8)0x x400ba586: set(nle,g) al 0x400ba589: sub dword [ebp + (32)0xffffff60], eax 0x400ba58f: cmp dword [ebp + (32)0xffffff64], (8)0xffffffff 0x400ba596: j(e,z) dword (32)0x000000b6 0x400ba59c: mov edx, dword [ebp + (8)0x ] 0x400ba59f: mov eax, dword [edx + (8)0x ] 0x400ba5a2: cmp eax, dword [edx + (8)0x ] 0x400ba5a5: j(nb,ae) dword (32)0x000025a7 0x400ba5ab: 0x400ba5ae: 0x400ba5af: mov edx, dword [ebp + (8)0x ] 0x400ba5b2: mov dword [ebp + (32)0xffffff64], ecx 0x400ba5b8: mov dword [edx + (8)0x ], eax 0x400ba5bb: cmp dword [ebp + (32)0xffffff64], (8)0xffffffff 0x400ba5c2: j(e,z) dword (32)0x000000d0 0x400ba5c8: inc dword [ebp + (32)0xffffff68] 0x400ba5ce: mov eax, dword [ebp + (32)0xffffff64] 0x400ba5d4: mov dword [ebp + (32)0xffffff64], eax 0x400ba5da: 0x400ba5db: j(e,z) dword (32)0x00002cea 0x400ba5e1: mov edi, dword [ebp + (32)0xffffff60] 0x400ba5e7: 0x400ba5e9: j(ne,nz) dword (32)0xfffff266 0x : jmp dword (32)0xfffffcb5 0x08052eca: test byte [esp + (8)0x ], (8)0x x08052ecf: j(ne,nz) dword (32)0x x08052ed5: cmp dword [ebp + (32)0x000001cc], (8)0x x08052edc: j(le,ng) byte (8)0x a 0x08052ee8: test byte [esp + (8)0x ], (8)0x x08052eed: j(ne,nz) dword (32)0x000001d1 0x080530c4: 0x080530c7: mov edx, dword [ebp + (32)0x000001d8] 0x080530cd: 0x080530ce: call dword (32)0x d 0x08055a00: 0x08055a01: 0x08055a02: 0x08055a03: 0x08055a04: 0x08055a07: 0x08055a0c: 0x08055a0d: add ebx, (32)0x00004cec 0x08055a13: mov edi, dword [esp + (8)0x ] 0x08055a17: mov edx, edi 0x08055a19: and edx, (8)0x f 0x08055a1c: lea esi, dword [ebx + edx*4 + (32)0x ] 0x08055a23: 0x08055a25: 0x08055a27: j(ne,nz) byte (8)0x f 0x08055a38: cmp dword [eax + (8)0x ], edi 0x08055a3b: j(ne,nz) byte (8)0xfffffff3 0x08055a3d: jmp byte (8)0x x08055a93: 0x08055a96: add eax, (8)0x x08055a99: 0x08055a9a: 0x08055a9b: 0x08055a9c: 0x08055a9d: 0x080530d3: 0x080530d6: mov ecx, dword [eax] 0x080530d8: mov dword [ebp + (32)0x c], ecx 0x080530de: mov esi, dword [eax + (8)0x ] 0x080530e1: mov dword [ebp + (32)0x ], esi 0x080530e7: mov edi, dword [eax + (8)0x ] 0x080530ea: mov dword [ebp + (32)0x ], edi 0x080530f0: mov ecx, dword [eax + (8)0x c] 0x080530f3: mov dword [ebp + (32)0x ], ecx 0x080530f9: mov edx, dword [eax + (8)0x ] 0x080530fc: mov dword [ebp + (32)0x c], edx 0x : test byte [esp + (8)0x ], (8)0x x : j(e,z) dword (32)0xfffffde6 0x08052ef3: test byte [esp + (8)0x ], (8)0x x08052ef8: j(ne,nz) dword (32)0x000000c8 0x08052efe: test dword [esp + (8)0x ], (32)0x x08052f06: j(ne,nz) dword (32)0x000000a0 0x08052f0c: mov dword [ebp + (32)0x ], (32)0x x08052f16: test byte [esp + (8)0x ], (8)0x x08052f1b: j(ne,nz) dword (32)0x000002a1 0x08052f21: mov dword [ebp + (32)0x ], (32)0x x08052f2b: mov eax, ebp 0x08052f2d: 0x08052f30: 0x08052f31: 0x08052f32: 0x08052f33: 0x08052f34: 0x080536c8: 0x080536cb: 0x080536cd: j(ne,nz) byte (8)0x x080536e3: 0x080536e6: 0x080536e7: 0x080536e8: 0x080536e9: 0x080536ea: 0x0804b6dd: 0x0804b6e0: 0x0804b6e2: j(e,z) byte (8)0x x0804b6e4: 0x0804b6e5: call dword (32)0xfffffd26 0x0804b440: mov ebx, dword [0x0805dc58] 0x0804b446: mov edx, dword [0x0805b820] 0x0804b44c: lea ecx, dword [ebx + (8)0x ] 0x0804b44f: cmp ecx, edx 0x0804b451: j(nb,ae) dword (32)0x000001ad 0x0804b457: lea edx, dword [ebx + ebx*2] 0x0804b45a: mov ecx, dword [0x0805b81c] 0x0804b460: shl edx, (8)0x x0804b463: mov ebx, dword [edi] 0x0804b465: mov eax, dword [edi + (8)0x c] 0x0804b468: mov esi, dword [0x0805b824] 0x0804b46e: mov dword [ecx + edx + (8)0x ], ebx 0x0804b472: mov ebx, dword [edi + (8)0x ] 0x0804b475: add ebx, dword [edi + (8)0x ] 0x0804b478: adc eax, dword [edi + (8)0x ] 0x0804b47b: mov dword [ecx + edx], ebx 0x0804b47e: mov dword [ecx + edx + (8)0x ], eax 0x0804b482: mov edx, dword [edi] 0x0804b484: mov dword [esp + (8)0x ], edx 0x0804b488: 0x0804b48b: mov ecx, dword [0x0805b818] 0x0804b491: push (32)0x0804a160 0x0804b496: push (8)0x c 0x0804b498: 0x0804b499: 0x0804b49a: lea edx, dword [esp + (8)0x c] 0x0804b49e: 0x0804b49f: call dword (32)0xffffe958 0x08049dfc: jmp dword [0x0805a874] 0x4009b6a0: 0x4009b6a1: 0x4009b6a3: 0x4009b6a4: 0x4009b6a5: sub esp, (8)0x x4009b6a8: mov edi, dword [ebp + (8)0x ] 0x4009b6ab: mov dword [ebp + (8)0xfffffff4], (32)0x x4009b6b2: cmp dword [ebp + (8)0xfffffff4], edi 0x4009b6b5: j(b,nae) byte (8)0x x4009b6cb: mov esi, dword [ebp + (8)0xfffffff4] 0x4009b6ce: mov eax, dword [ebp + (8)0x ] 0x4009b6d1: mov edx, dword [ebp + (8)0x c] 0x4009b6d4: add esi, edi 0x4009b6d6: shr(1) esi 0x4009b6d8: imul eax, esi 0x4009b6db: 0x4009b6dd: mov dword [ebp + (8)0xfffffff0], eax 0x4009b6e0: mov dword [esp + (8)0x ], eax 0x4009b6e4: mov eax, dword [ebp + (8)0x ] 0x4009b6e7: 0x4009b6ea: call dword [ebp + (8)0x ] 0x4009b6c0: j(le,ng) byte (8)0x x4009b709: mov eax, dword [ebp + (8)0xfffffff0] 0x4009b70c: 0x4009b70f: 0x4009b710: 0x4009b711: 0x4009b712: 0x0804b4a4: add esp, (8)0x x0804b4a7: 0x0804b4a9: j(e,z) byte (8)0x x0804b4ab: sub ebx, dword [eax] 0x0804b4ad: mov dword [edi + (8)0x ], ebx 0x0804b4b0: mov edi, dword [0x0805dc58] 0x0804b4b6: 0x0804b4b7: mov dword [0x0805dc58], edi 0x0804b4bd: add esp, (8)0x x0804b4c0: 0x0804b4c1: 0x0804b4c2: 0x0804b4c3: 0x0804b6ea: cmp edi, dword [0x0805b830] 0x0804b6f0: j(nb,ae) byte (8)0x b 0x0804b6f2: mov edx, dword [esi + edi*4] 0x0804b6f5: mov eax, dword [edx + (32)0x ] 0x0804b6fb: 0x0804b6fd: j(e,z) byte (8)0xffffffd2 0x400d9396: lea eax, dword [esi + (8)0x c] 0x400d9399: test dh, dh 0x400d939b: j(ne,nz) byte (8)0x x400d939d: lea eax, dword [esi + (8)0x d] 0x400d93a0: add esi, (8)0x x400d93a3: mov edx, dword [esi] 0x400d93a5: 0x400d93aa: 0x400d93ac: j(nb,ae) dword (32)0x000000da 0x400d93b2: 0x400d93b4: 0x400d93ba: 0x400d93bb: j(ne,nz) dword (32)0x000000cb 0x400d93c1: 0x400d93c3: 0x400d93c8: 0x400d93ca: j(nb,ae) byte (8)0xffffff9e 0x400d93cc: 0x400d93ce: 0x400d93d4: 0x400d93d5: j(ne,nz) byte (8)0xffffffa9 0x400d93d7: mov edx, dword [esi + (8)0x ] 0x400d93da: 0x400d93df: 0x400d93e1: j(nb,ae) dword (32)0x000000a2 0x400d93e7: 0x400d93e9: 0x400d93ef: 0x400d93f0: j(ne,nz) dword (32)0x x400d93f6: 0x400d93f8: 0x400d93fd: 0x400d93ff: j(nb,ae) dword (32)0xffffff68 0x400d9405: 0x400d9407: 0x400d940d: 0x400d940e: j(ne,nz) dword (32)0xffffff6f 0x400d9414: mov edx, dword [esi + (8)0x ] 0x400d9417: 0x400d941c: 0x400d941e: j(nb,ae) byte (8)0x x400d9420: 0x400d9422: 0x400d9428: 0x400d9429: j(ne,nz) byte (8)0x b 0x400d942b: 0x400d942d: 0x400d9432: 0x400d9434: j(nb,ae) dword (32)0xffffff36 0x400d943a: 0x400d943c: 0x400d9442: 0x400d9443: j(ne,nz) dword (32)0xffffff3d 0x400d9449: mov edx, dword [esi + (8)0x c] 0x400d944c: 0x400d9451: 0x400d9453: j(nb,ae) byte (8)0x e 0x400d9455: 0x400d9457: 0x400d945d: 0x400d945e: j(ne,nz) byte (8)0x x400d9460: 0x400d9462: 0x400d9467: 0x400d9469: j(nb,ae) dword (32)0xffffff04 0x400d946f: 0x400d9471: 0x400d9477: 0x400d9478: j(e,z) dword (32)0xffffff22 0x4009ef3a: 0x4009ef3c: j(ne,nz) dword (32)0xfffffe88 0x4009edca: mov dword [ebp + (8)0xffffffd8], edi 0x4009edcd: cmp esi, (8)0x a 0x4009edd0: mov eax, (32)0x x4009edd5: cmov(e,z) eax, dword [ebp + (8)0xffffffc4] 0x4009edd9: mov dword [ebp + (8)0xffffffd4], (32)0x x4009ede0: 0x4009ede2: mov dword [ebp + (8)0xffffffc4], eax 0x4009ede5: j(ne,nz) dword (32)0x000001fa 0x4009edeb: mov dword [ebp + (8)0xffffffd0], (32)0x x4009edf2: mov ecx, dword [ebx + esi*8 + (32)0xffff7480] 0x4009edf9: mov edx, dword [ebx + esi*8 + (32)0xffff747c] 0x4009ee00: mov dword [ebp + (8)0xffffffec], ecx 0x4009ee03: movzx ecx, byte [esi + ebx + (32)0xffff744a] 0x4009ee0b: mov dword [ebp + (8)0xffffffe8], edx 0x4009ee0e: mov edx, dword [ebx + esi*4 + (32)0xffff73a4] 0x4009ee15: mov dword [ebp + (8)0xffffffe4], ecx 0x4009ee18: movzx eax, byte [edi] 0x4009ee1b: mov dword [ebp + (8)0xffffffc0], (32)0x x4009ee22: mov dword [ebp + (8)0xffffffbc], edx 0x4009ee25: 0x4009ee27: mov byte [ebp + (8)0xffffff9b], al 0x4009ee2a: j(e,z) dword (32)0x x4009ee30: cmp edi, dword [ebp + (8)0xffffffd4] 0x4009ee33: j(e,z) dword (32)0x d 0x4009ee39: movzx eax, byte [ebp + (8)0xffffff9b] 0x4009ee3d: 0x4009ee3f: 0x4009ee41: 0x08049d3c: jmp dword [0x0805a844] 0x0804d845: 0x0804d848: push (32)0x x0804d84d: call dword (32)0xffffc0ba 0x c: jmp dword [0x0805a738] 0x4009bf90: 0x4009bf91: 0x4009bf93: sub esp, (8)0x x4009bf96: mov dword [ebp + (8)0xfffffffc], edi 0x4009bf99: mov edi, dword [ebp + (8)0x ] 0x4009bf9c: mov dword [ebp + (8)0xfffffff4], ebx 0x4009bf9f: mov dword [ebp + (8)0xfffffff8], esi 0x4009bfa2: call dword (32)0xfffeb9aa 0x4009c021: movzx edx, dword [edi] 0x4009c024: 0x4009c026: 0x4009c028: sub dword [ebp + (8)0xfffffff0], (8)0x x4009c02c: add edi, (8)0x x4009c02f: 0x4009c031: mov dword [ebp + (8)0xffffffec], edx 0x4009c034: j(e,z) byte (8)0xffffffda 0x4009c036: 0x4009c038: jmp byte (8)0x x4009c04b: movzx eax, dword [edx] 0x4009c04e: cmp word [ebp + (8)0xffffffec], ax 0x4009c052: j(ne,nz) byte (8)0xffffffec 0x4009c040: add esi, (8)0x x4009c043: 0x4009c045: 0x4009c047: 0x4009c049: j(e,z) byte (8)0xffffffc5 0x4009c04b: movzx eax, dword [edx] 0x4009c04e: cmp word [ebp + (8)0xffffffec], ax 0x4009c052: j(ne,nz) byte (8)0xffffffec 0x400d9140: 0x400d9141: 0x400d9143: 0x400d9144: 0x400d9145: sub esp, (8)0x x400d9148: mov edi, dword [ebp + (8)0x ] 0x400d914b: mov byte [ebp + (8)0xfffffff7], (8)0x x400d914f: mov esi, dword [ebp + (8)0x ] 0x400d9152: mov ecx, dword [ebp + (8)0x c] 0x400d9155: mov byte [ebp + (8)0xfffffff6], (8)0x x400d9159: cmp edi, (8)0x x400d915c: j(be,na) dword (32)0x000000a2 0x400d9162: 0x400d9164: shr eax, (8)0x x400d9167: mov dword [ebp + (8)0xfffffff0], eax 0x400d916a: lea esi, dword [esi + (32)0x ] 0x400d9170: 0x400d9173: 0x400d9174: mov byte [ebp + (8)0xfffffff7], al 0x400d9177: movzx eax, byte [ecx] 0x400d917a: inc ecx 0x400d917b: cmp byte [ebp + (8)0xfffffff7], (8)0x x400d917f: mov byte [ebp + (8)0xfffffff6], al 0x400d9182: 0x400d9185: cmp byte [ebp + (8)0xfffffff7], al 0x400d9188: 0x400d918b: 0x400d918d: 0x400d918f: j(ne,nz) dword (32)0x f 0x400d9195: 0x400d9198: 0x400d9199: mov byte [ebp + (8)0xfffffff7], al 0x400d919c: movzx eax, byte [ecx] 0x400d919f: inc ecx 0x400d91a0: cmp byte [ebp + (8)0xfffffff7], (8)0x x400d91a4: mov byte [ebp + (8)0xfffffff6], al 0x400d91a7: 0x400d91aa: cmp byte [ebp + (8)0xfffffff7], al 0x400d91ad: 0x400d91b0: 0x400d91b2: 0x400d91b4: j(ne,nz) byte (8)0x e 0x4009c010: 0x4009c012: mov ebx, dword [ebp + (8)0xfffffff4] 0x4009c015: 0x4009c017: mov esi, dword [ebp + (8)0xfffffff8] 0x4009c01a: mov edi, dword [ebp + (8)0xfffffffc] 0x4009c01d: 0x4009c01f: 0x4009c020: 0x400d9234: movzx eax, byte [ebp + (8)0xfffffff6] 0x400d9238: movzx edx, byte [ebp + (8)0xfffffff7] 0x400d923c: add esp, (8)0x x400d923f: 0x400d9240: sub edx, eax 0x400d9242: 0x400d9244: 0x400d9245: 0x400d9246: 0x4009c06c: 0x4009c06e: j(ne,nz) byte (8)0xffffffd0 0x0804d852: 0x0804d855: 0x0804d857: j(e,z) byte (8)0x x0804d86f: 0x0804d872: 0x0804d874: j(e,z) byte (8)0x x0804d862: 0x0804d865: push (32)0x c 0x0804d86a: call dword (32)0xffffc09d 0x0804d87f: mov edx, dword [0x0805be94] 0x0804d885: 0x0804d887: j(e,z) byte (8)0x b 0x0804d894: mov eax, dword [(32)0x0805be88] 0x0804d899: cmp eax, (32)0x x0804d89e: j(le,ng) byte (8)0x f 0x0804d8af: add eax, (8)0x x0804d8b2: mov ecx, dword [0x0805adc0] 0x0804d8b8: mov dword [(32)0x0805c008], eax 0x0804d8bd: 0x0804d8bf: j(e,z) byte (8)0x x0804d902: mov edx, dword [0x0805be8c] 0x0804d908: imul eax, edx 0x0804d90b: mov dword [(32)0x0805c00c], eax 0x0804d910: jmp byte (8)0xffffffb9 0x0804d8cb: mov edx, dword [0x0805c00c] 0x0804d8d1: mov eax, dword [(32)0x0805c000] 0x0804d8d6: call dword (32)0xffffdb05 0x0804b3e0: 0x0804b3e3: 0x0804b3e5: 0x0804b3ec: 0x0804b3ed: 0x0804b3ee: 0x0804b3ef: 0x0804b3f0: call dword (32)0xffffe7b7 0x08049bac: jmp dword [0x0805a7e0] 0x400d6110: 0x400d6111: 0x400d6113: sub esp, (8)0x x400d6116: mov dword [ebp + (8)0xfffffff4], ebx 0x400d6119: call dword (32)0xfffb1833 0x400d6160: mov edx, dword [ebp + (8)0x ] 0x400d6163: 0x400d6165: 0x400d6168: 0x400d616a: 0x400d616d: 0x400d616f: 0x400d6171: j(ne,nz) dword (32)0x000000fc 0x400d6177: mov eax, dword [ebp + (8)0x ] 0x400d617a: 0x400d617c: j(e,z) dword (32)0x000000c9 0x400d6182: mov eax, dword [ebp + (8)0x ] 0x400d6185: sub eax, (8)0x x400d6188: mov ecx, dword [eax + (8)0x ] 0x400d618b: mov dword [ebp + (8)0xfffffff0], eax 0x400d618e: 0x400d6190: and eax, (8)0xfffffff8 0x400d6193: mov dword [ebp + (8)0xffffffec], eax 0x400d6196: cmp edi, (8)0xffffffdf 0x400d6199: j(nbe,a) dword (32)0x000000b9 0x400d619f: lea eax, dword [edi + (8)0x b] 0x400d61a2: mov esi, (32)0x x400d61a7: 0x400d61a9: and edx, (8)0xfffffff8 0x400d61ac: cmp eax, (8)0x x400d61af: cmov(nb,ae) esi, edx 0x400d61b2: test cl, (8)0x x400d61b5: j(ne,nz) byte (8)0x c 0x400d61b7: test cl, (8)0x x400d61ba: lea esi, dword [ebx + (32)0x c] 0x400d61c0: j(e,z) byte (8)0x c 0x400d61ce: 0x400d61d0: mov ecx, (32)0x x400d61d5: cmp dword [0x c], (8)0x x400d61dd: 0x400d61e1: cmpxchg dword [esi], ecx 0x400d61e4: j(ne,nz) dword (32)0x00000e0c 0x400d61ea: 0x400d61f1: mov eax, dword [ebx + (32)0xfffffe50] 0x400d61f7: mov dword [eax + edx], esi 0x400d61fa: mov dword [esp + (8)0x ], edi 0x400d61fe: mov eax, dword [ebp + (8)0x ] 0x400d6201: 0x400d6204: mov dword [esp + (8)0x ], eax 0x400d6208: call dword (32)0xffffef63 0x400d5170: 0x400d5171: 0x400d5173: sub esp, (8)0x x400d5176: mov dword [ebp + (8)0xfffffff4], ebx 0x400d5179: mov eax, dword [ebp + (8)0x ] 0x400d517c: call dword (32)0xfffb27d0 0x400d5394: mov eax, dword [ebp + (8)0xfffffff0] 0x400d5397: sub eax, (8)0x x400d539a: mov dword [esp + (8)0x ], eax 0x400d539e: mov ecx, dword [ebp + (8)0x ] 0x400d53a1: 0x400d53a4: call dword (32)0xffffee07 0x400d5250: mov eax, dword [ebp + (8)0xfffffff0] 0x400d5253: mov edx, edi 0x400d5255: sub edx, eax 0x400d5257: mov dword [ebp + (8)0xffffffdc], edx 0x400d525a: cmp edx, (8)0x f 0x400d525d: j(nbe,a) dword (32)0x000000d4 0x400d54d0: mov eax, dword [eax + (8)0x ] 0x400d54d3: and eax, (8)0xfffffff8 0x400d54d6: add edi, eax 0x400d54d8: mov eax, dword [ebp + (8)0xfffffff0] 0x400d54db: add eax, (8)0x x400d54de: cmp edi, eax 0x400d54e0: j(b,nae) dword (32)0xfffffeae 0x400d54e6: 0x400d54e8: mov esi, dword [ebp + (8)0xfffffff0] 0x400d54eb: and eax, (8)0x x400d54ee: lea edx, dword [ebx + (32)0x c] 0x400d54f4: or eax, esi 0x400d54f6: mov ecx, eax 0x400d54f8: or ecx, (8)0x x400d54fb: cmp dword [ebp + (8)0x ], edx 0x400d54fe: mov esi, dword [ebp + (8)0xffffffec] 0x400d5501: mov edx, dword [ebp + (8)0x ] 0x400d5504: cmov(ne,nz) eax, ecx 0x400d5507: mov ecx, dword [ebp + (8)0xfffffff0] 0x400d550a: mov dword [esi + (8)0x ], eax 0x400d550d: 0x400d550f: add eax, ecx 0x400d5511: mov dword [edx + (8)0x ], eax 0x400d5514: mov edx, dword [ebp + (8)0xfffffff0] 0x400d5517: sub edi, edx 0x400d5519: or edi, (8)0x x400d551c: mov dword [eax + (8)0x ], edi 0x400d551f: mov eax, dword [ebp + (8)0x c] 0x400d5522: jmp dword (32)0xfffffd65 0x400d4283: mov dword [ebp + (8)0xffffffec], eax 0x400d4286: test cl, (8)0x x400d4289: j(e,z) dword (32)0x x400d428f: mov esi, dword [ebp + (8)0x ] 0x400d4292: add esi, (8)0x x400d4295: mov dword [ebp + (8)0xffffffa4], esi 0x400d4298: mov eax, dword [ebp + (8)0x ] 0x400d429b: mov edx, dword [ebp + (8)0xffffffa4] 0x400d429e: mov eax, dword [eax + (8)0x ] 0x400d42a1: mov dword [ebp + (8)0xffffffe8], eax 0x400d42a4: 0x400d42a6: j(e,z) dword (32)0x000001c4 0x400d5401: 0x400d5402: mov ecx, eax 0x400d5404: shr ecx, (8)0x x400d5407: 0x400d5409: 0x400d5409: 0x400d39b0: 0x400d39b1: 0x400d39b3: sub esp, (8)0x x400d39b6: mov dword [ebp + (8)0xfffffff4], ebx 0x400d39b9: mov ecx, dword [ebp + (8)0x c] 0x400d39bc: call dword (32)0xfffb3f90 0x400d3a25: test byte [ebp + (8)0xffffffc0], (8)0x x400d3a29: j(ne,nz) dword (32)0x x400d3a2f: lea edx, dword [edi + esi] 0x400d3a32: mov dword [ebp + (8)0xffffffec], edx 0x400d3a35: mov edx, dword [ebp + (8)0xfffffff0] 0x400d3a38: mov edx, dword [edx + (8)0x ] 0x400d3a3b: mov dword [ebp + (8)0xffffffc4], edx 0x400d3a3e: cmp esi, edx 0x400d3a40: j(e,z) dword (32)0x000002f2 0x400d3a46: test al, (8)0x x400d3a48: j(e,z) dword (32)0x000002d9 0x400d3d27: mov eax, dword [edx + (8)0x ] 0x400d3d2a: and eax, (8)0xfffffff8 0x400d3d2d: 0x400d3d2f: cmp dword [ebp + (8)0xffffffec], eax 0x400d3d32: j(b,nae) dword (32)0xfffffd16 0x400d3a4e: mov edx, dword [ebp + (8)0xffffffec] 0x400d3a51: mov eax, dword [edx + (8)0x ] 0x400d3a54: 0x400d3a56: j(e,z) dword (32)0x000002dc 0x400d3a5c: and eax, (8)0xfffffff8 0x400d3a5f: test byte [ebp + (8)0xffffffc0], (8)0x x400d3a63: mov dword [ebp + (8)0xffffffe8], eax 0x400d3a66: j(ne,nz) byte (8)0x e 0x400d3a96: mov edx, dword [ebp + (8)0xffffffc4] 0x400d3a99: cmp dword [ebp + (8)0xffffffec], edx 0x400d3a9c: j(e,z) dword (32)0x d 0x400d3aa2: mov ecx, dword [ebp + (8)0xffffffec] 0x400d3aa5: mov eax, dword [ebp + (8)0xffffffe8] 0x400d3aa8: test byte [eax + ecx + (8)0x ], (8)0x x400d3aad: j(ne,nz) dword (32)0x x400d3be5: mov edx, dword [ebp + (8)0xffffffec] 0x400d3be8: and dword [edx + (8)0x ], (8)0xfffffffe 0x400d3bec: jmp dword (32)0xfffffee5 0x400d3d0f: mov ecx, dword [ebp + (8)0xffffffe8] 0x400d3d12: 0x400d3d14: mov ecx, dword [ebp + (8)0xfffffff0] 0x400d3d17: 0x400d3d19: or eax, (8)0x x400d3d1c: mov dword [esi + (8)0x ], eax 0x400d3d1f: mov dword [ecx + (8)0x ], esi 0x400d3d22: jmp dword (32)0xfffffdcf 0x400d3ad6: mov dword [edi + esi], edi 0x400d3ad9: mov eax, dword [ebp + (8)0xfffffff0] 0x400d3adc: add eax, (8)0x x400d3adf: mov dword [esi + (8)0x c], eax 0x400d3ae2: mov edx, dword [eax + (8)0x ] 0x400d3ae5: mov dword [esi + (8)0x ], edx 0x400d3ae8: mov dword [eax + (8)0x ], esi 0x400d3aeb: 0x400d3aed: or eax, (8)0x x400d3af0: mov dword [edx + (8)0x c], esi 0x400d3af3: mov dword [esi + (8)0x ], eax 0x400d3af6: cmp edi, (32)0x0000ffff 0x400d3afc: j(be,na) dword (32)0xffffff16 0x400d3a18: mov ebx, dword [ebp + (8)0xfffffff4] 0x400d3a1b: mov esi, dword [ebp + (8)0xfffffff8] 0x400d3a1e: mov edi, dword [ebp + (8)0xfffffffc] 0x400d3a21: 0x400d3a23: 0x400d3a24: 0x400d541d: jmp dword (32)0xffffff0d 0x400d538f: jmp dword (32)0xfffffef2 0x400d532f: mov eax, dword [ebp + (8)0xffffffe4] 0x400d5332: jmp dword (32)0xffffff52 0x400d5289: add eax, (8)0x x400d528c: mov ebx, dword [ebp + (8)0xfffffff4] 0x400d528f: mov esi, dword [ebp + (8)0xfffffff8] 0x400d5292: mov edi, dword [ebp + (8)0xfffffffc] 0x400d5295: 0x400d5297: 0x400d5298: 0x400d620d: 0x400d620f: cmp dword [0x c], (8)0x x400d6217: 0x400d621b: sub dword [esi], (8)0x x400d621e: j(ne,nz) dword (32)0x00000dde 0x400d6224: mov ebx, dword [ebp + (8)0xfffffff4] 0x400d6227: 0x400d6229: mov esi, dword [ebp + (8)0xfffffff8] 0x400d622c: mov edi, dword [ebp + (8)0xfffffffc] 0x400d622f: 0x400d6231: 0x400d6232: 0x0804b3f5: 0x0804b3f8: 0x0804b3fa: j(e,z) byte (8)0x x0804b3fc: 0x0804b3ff: 0x0804d8db: mov dword [0x0805be84], (32)0x x0804d8e5: mov dword [(32)0x0805c000], eax 0x0804d8ea: mov dword [0x0805dc54], (32)0x x0804d8f4: mov dword [0x0805be80], (32)0x x0804d8fe: add esp, (8)0x c 0x0804d901: 0xffffe420: pop eax 0xffffe421: mov eax, (32)0x xffffe426: int (8)0x x400d5337: mov edx, dword [ebp + (8)0xfffffff0] 0x400d533a: 0x400d533c: lea esi, dword [ebx + (32)0x c] 0x400d5342: mov ecx, dword [ebp + (8)0xffffffec] 0x400d5345: and eax, (8)0x x400d5348: mov edi, dword [ebp + (8)0xfffffff0] 0x400d534b: 0x400d534d: 0x400d534f: add ecx, edi 0x400d5351: or edx, (8)0x x400d5354: cmp dword [ebp + (8)0x ], esi 0x400d5357: cmov(ne,nz) eax, edx 0x400d535a: mov edx, dword [ebp + (8)0xffffffec] 0x400d535d: mov dword [edx + (8)0x ], eax 0x400d5360: mov eax, dword [ebp + (8)0xffffffdc] 0x400d5363: mov edx, dword [ebp + (8)0xffffffdc] 0x400d5366: or eax, (8)0x x400d5369: or edx, (8)0x x400d536c: cmp dword [ebp + (8)0x ], esi 0x400d536f: mov esi, dword [ebp + (8)0xffffffdc] 0x400d5372: cmov(ne,nz) eax, edx 0x400d5375: mov dword [ecx + (8)0x ], eax 0x400d5378: or dword [esi + ecx + (8)0x ], (8)0x x400d537d: add ecx, (8)0x x400d5380: mov dword [esp + (8)0x ], ecx 0x400d5384: mov eax, dword [ebp + (8)0x ] 0x400d5387: 0x400d538a: call dword (32)0xffffe621 0x400d3af6: cmp edi, (32)0x0000ffff 0x400d3afc: j(be,na) dword (32)0xffffff16 0x400d3b02: mov eax, dword [ebp + (8)0xfffffff0] 0x400d3b05: test byte [eax + (8)0x ], (8)0x x400d3b09: j(e,z) dword (32)0x000000e2 0x400d3b0f: lea eax, dword [ebx + (32)0x c] 0x400d3b15: cmp dword [ebp + (8)0xfffffff0], eax 0x400d3b18: j(e,z) dword (32)0x x400d3d67: mov eax, dword [ebx + (32)0x000017cc] 0x400d3d6d: mov eax, dword [eax + (8)0x ] 0x400d3d70: and eax, (8)0xfffffff8 0x400d3d73: cmp eax, dword [ebx + (32)0x00001c0c] 0x400d3d79: j(b,nae) dword (32)0xfffffc99 0x400d5286: mov eax, dword [ebp + (8)0xffffffec] 0x400d5289: add eax, (8)0x x400d528c: mov ebx, dword [ebp + (8)0xfffffff4] 0x400d528f: mov esi, dword [ebp + (8)0xfffffff8] 0x400d5292: mov edi, dword [ebp + (8)0xfffffffc] 0x400d5295: 0x400d5297: 0x400d5298: 0x400d528c: mov ebx, dword [ebp + (8)0xfffffff4] 0x400d528f: mov esi, dword [ebp + (8)0xfffffff8] 0x400d5292: mov edi, dword [ebp + (8)0xfffffffc] 0x400d5295: 0x400d5297: 0x400d5298: 0x400d935c: or dl, dl 0x400d935e: j(e,z) dword (32)0x x400d9364: 0x400d9365: jmp byte (8)0x c 0x0804a6a0: 0x0804a6a3: 0x0804a6a5: 0x0804a6a7: call dword (32)0xfffffed4 0x0804a580: 0x0804a581: 0x0804a582: 0x0804a583: 0x0804a585: mov edx, dword [0x0805adc0] 0x0804a58b: mov ebx, eax 0x0804a58d: 0x0804a58f: j(e,z) dword (32)0x x0804a616: 0x0804a617: push (32)0x0805b860 0x0804a61c: push (8)0x x0804a61e: push (8)0x x0804a620: call dword (32)0xfffff377 0x c: jmp dword [0x0805a75c] 0x401223d0: 0x401223d1: 0x401223d3: sub esp, (8)0x x401223d6: mov dword [ebp + (8)0xfffffff4], ebx 0x401223d9: mov eax, dword [ebp + (8)0x c] 0x401223dc: call dword (32)0xfff x : mov dword [ebp + (8)0xffffffc0], (32)0x x : jmp dword (32)0xfffffefb 0x : 0x : mov edi, dword [ebp + (8)0x ] 0x c: mov ecx, dword [ebp + (8)0xffffffc0] 0x f: and eax, (32)0x7fffffff 0x : mov dword [ebp + (8)0xffffffc4], eax 0x : mov eax, dword [esi + (8)0x ] 0x a: mov dword [ebp + (8)0xffffffc8], eax 0x d: mov eax, dword [esi + (8)0x ] 0x : mov dword [ebp + (8)0xffffffcc], eax 0x : mov eax, dword [esi + (8)0x c] 0x : mov dword [ebp + (8)0xffffffd0], eax 0x : movzx eax, byte [esi + (8)0x ] 0x d: mov byte [ebp + (8)0xffffffd4], al 0x : mov eax, dword [esi + (8)0x ] 0x : mov dword [ebp + (8)0xffffffd5], eax 0x : mov eax, dword [esi + (8)0x ] 0x : mov dword [ebp + (8)0xffffffd9], eax 0x c: mov eax, dword [esi + (8)0x ] 0x f: mov dword [ebp + (8)0xffffffdd], eax 0x : mov eax, dword [esi + (8)0x d] 0x : mov dword [ebp + (8)0xffffffe1], eax 0x : movzx eax, dword [esi + (8)0x ] 0x c: mov word [ebp + (8)0xffffffe5], ax 0x : movzx eax, byte [esi + (8)0x ] 0x : mov byte [ebp + (8)0xffffffe7], al 0x : lea eax, dword [ebp + (8)0xffffffc4] 0x a: 0x c: mov dword [ebp + (8)0xffffffb0], eax 0x f: xchg edi, ebx 0x : mov eax, (32)0x x : 0x : 0x : mov ebx, dword [ebp + (8)0xfffffff4] 0x : mov esi, dword [ebp + (8)0xfffffff8] 0x : mov edi, dword [ebp + (8)0xfffffffc] 0x b: 0x d: 0x e: 0x0804a625: 0x0804a628: jmp dword (32)0xffffff68 0x0804a595: sub esp, (8)0x x0804a598: mov edx, dword [0x0805be8c] 0x0804a59e: 0x0804a5a0: call dword (32)0xffffff9b 0x0804a540: 0x0804a543: mov ecx, eax 0x0804a545: cmp dword [0x0805ae38], (8)0x x0804a54c: mov eax, (32)0x e 0x0804a551: j(ne,nz) byte (8)0x x0804a557: 0x0804a558: 0x0804a559: mov edx, dword [0x0805ada8] 0x0804a55f: 0x0804a560: mov ecx, dword [edx + (8)0x ] 0x0804a563: mov edx, dword [ecx + (8)0x ] 0x0804a566: 0x0804a567: call dword (32)0xfffff340 0x080498ac: jmp dword [0x0805a720] 0x4005af00: 0x4005af01: 0x4005af03: 0x4005af04: 0x4005af07: mov eax, dword [ebp + (8)0x c] 0x4005af0a: call dword (32)0xfffe25bb 0x4003bf64: jmp dword [ebx + (32)0x ] 0x4005b4f0: 0x4005b4f1: 0x4005b4f3: 0x4005b4f4: lea edi, dword [ebp + (8)0x c] 0x4005b4f7: 0x4005b4f8: 0x4005b4f9: sub esp, (32)0x000000cc 0x4005b4ff: mov esi, dword [ebp + (8)0x ] 0x4005b502: call dword (32)0xfffe1fc3 0x4003c824: jmp dword [ebx + (32)0x ] 0x4003c074: jmp dword [ebx + (32)0x c] 0x4005b140: 0x4005b141: 0x4005b143: 0x4005b145: 0x4005b146: 0x4005b147: 0x4005b148: sub esp, (8)0x c 0x4005b14b: mov esi, dword [ebp + (8)0x ] 0x4005b14e: call dword (32)0xfffe2377 0x4005b194: stos(d) 0x4005b1c9: movzx edx, byte [esi] 0x4005b1cc: cmp dl, (8)0x x4005b1cf: j(ne,nz) byte (8)0xffffffdf 0x4005b1b0: 0x4005b1b2: test dl, dl 0x4005b1b4: 0x4005b1b7: mov edx, dword [ebp + (8)0x ] 0x4005b1ba: add esi, eax 0x4005b1bc: 0x4005b1be: sub eax, edx 0x4005b1c0: cmp eax, dword [ebp + (8)0xffffffe4] 0x4005b1c3: j(nl,ge) dword (32)0x x4005b1c9: movzx edx, byte [esi] 0x4005b1cc: cmp dl, (8)0x x4005b1cf: j(ne,nz) byte (8)0xffffffdf 0x4003d0e4: jmp dword [ebx + (32)0x ] 0x4005b387: movzx eax, byte [ebp + (8)0xffffffcb] 0x4005b38b: mov byte [edi], al 0x4005b38d: 0x4005b38e: mov byte [ebp + (8)0xffffffdf], (8)0x x4005b392: mov edx, dword [ebp + (8)0xffffffe0] 0x4005b395: movzx edx, byte [edx] 0x4005b398: mov byte [ebp + (8)0xffffffcb], dl 0x4005b39b: jmp dword (32)0xfffffeec 0x4005b330: cmp dword [ebp + (8)0xffffffe8], (8)0x x4005b334: j(le,ng) byte (8)0x a 0x40093fd0: 0x40093fd1: mov ecx, dword [0x ] 0x40093fd8: 0x40093fda: 0x40093fdb: mov edx, ecx 0x40093fdd: call dword (32)0xffff396f 0x4005b24c: movzx edx, byte [ebp + (8)0xffffffcb] 0x4005b250: 0x4005b252: test byte [eax + edx*2 + (8)0x ], (8)0x x4005b257: j(e,z) dword (32)0x000000c3 0x4005b755: movzx edx, byte [ebp + (32)0xffffff52] 0x4005b75c: 0x4005b75e: test byte [eax + edx*2 + (8)0x ], (8)0x x4005b763: j(e,z) dword (32)0x000000e7 0x4005b320: mov byte [ebp + (8)0xffffffdf], (8)0x x4005b324: jmp dword (32)0xffffff63 0x4005b28c: cmp byte [ebp + (8)0xffffffcb], (8)0x x4005b290: j(e,z) byte (8)0x x4005b292: cmp byte [ebp + (8)0xffffffdf], (8)0x x4005b296: j(e,z) byte (8)0xffffff98 0x4005b298: cmp byte [ebp + (8)0xffffffdc], (8)0x x4005b29c: j(e,z) byte (8)0x x4005b2c3: cmp byte [ebp + (8)0xffffffdd], (8)0x x4005b2c7: j(e,z) dword (32)0x x4005b350: mov eax, dword [ebp + (8)0xffffffcc] 0x4005b353: mov dword [ebp + (8)0xffffffd4], eax 0x4005b356: mov byte [edi], (8)0x x4005b359: mov eax, dword [ebp + (8)0xffffffd0] 0x4005b35c: cmp eax, dword [ebp + (8)0xffffffd4] 0x4005b35f: j(nl,ge) byte (8)0x x4005b364: mov dword [ebp + (8)0xfffffff0], eax 0x4005b367: mov esi, dword [ebp + (8)0xffffffe0] 0x4005b36a: movzx edx, byte [esi] 0x4005b36d: movsx eax, dl 0x4005b370: sub eax, (8)0x x4005b373: cmp eax, (8)0x d 0x4005b376: j(nbe,a) dword (32)0xfffffe34 0x4005b37c: mov eax, dword [ebx + eax*4 + (32)0xffff53f4] 0x4005b383: add eax, ebx 0x4005b385: 0x4005b455: mov eax, dword [ebp + (8)0xffffffe0] 0x4005b458: movzx edx, byte [eax] 0x4005b45b: jmp dword (32)0xfffffd50 0x4005b3e2: mov ecx, dword [ebp + (8)0xffffffe0] 0x4005b3e5: mov esi, dword [ebp + (8)0xffffffe0] 0x4005b3e8: movzx edx, byte [ecx + (8)0x ] 0x4005b3ec: 0x4005b3ed: movzx eax, dl 0x4005b3f0: sub eax, (8)0x x4005b3f3: cmp eax, (8)0x x4005b3f6: j(nbe,a) dword (32)0xfffffdb4 0x4005b3fc: mov dword [ebp + (8)0xffffffec], eax 0x4005b3ff: mov ecx, dword [ebp + (8)0x ] 0x4005b402: cmp eax, dword [ecx] 0x4005b404: j(le,ng) dword (32)0xfffffda6 0x4005b40a: mov dword [ecx], eax 0x4005b40c: mov eax, dword [ebp + (8)0xffffffe0] 0x4005b40f: movzx edx, byte [eax + (8)0x ] 0x4005b413: jmp dword (32)0xfffffd98 0x4005b498: 0x4005b49a: cmp dword [ebp + (8)0xffffffec], (8)0x x4005b49e: mov dword [ebp + (8)0xffffffec], (32)0xffffffff 0x4005b4a5: set(le,ng) al 0x4005b4a8: add dword [ebp + (8)0xffffffe8], eax 0x4005b4ab: jmp byte (8)0xffffffe0 0x4005b48d: mov ecx, dword [ebp + (8)0xffffffe0] 0x4005b490: movzx edx, byte [ecx] 0x4005b493: jmp dword (32)0xfffffd18 0x4005b340: mov edx, dword [ebp + (8)0xffffffe8] 0x4005b343: add esp, (8)0x c 0x4005b346: 0x4005b348: 0x4005b349: 0x4005b34a: 0x4005b34b: 0x4005b34c: 0x4005b55e: mov edx, dword [ebx + (32)0x00003cc4] 0x4005b564: 0x4005b566: 0x4005b568: 0x4005b56a: j(e,z) byte (8)0x x4005b56c: mov edx, dword [ebp + (8)0xffffff84] 0x4005b56f: 0x4005b571: jmp byte (8)0x c 0x4005b57f: cmp edx, esi 0x4005b581: 0x4005b583: j(nl,ge) byte (8)0x x4005b587: cmp ecx, eax 0x4005b589: j(nl,ge) byte (8)0x x4005b58b: mov eax, dword [ebp + ecx*4 + (8)0xffffffb8] 0x4005b58f: 0x4005b591: j(ne,nz) byte (8)0xffffffe0 0x4005b593: 0x4005b595: 0x4005b597: add edi, (8)0x x4005b59a: mov dword [ebp + ecx*4 + (8)0xffffff88], eax 0x4005b59e: jmp byte (8)0xffffffde 0x4005b57e: inc ecx 0x4005b57f: cmp edx, esi 0x4005b581: 0x4005b583: j(nl,ge) byte (8)0x x4005b5db: 0x4005b5dd: 0x4005b5df: mov dword [ebx + (32)0x00003cb4], eax 0x4005b5e5: j(ne,nz) byte (8)0x c 0x4005b623: mov eax, dword [ebp + (32)0xffffff78] 0x4005b629: 0x4005b62b: j(nle,g) byte (8)0x x4005b69d: mov esi, dword [ebp + (32)0xffffff7c] 0x4005b6a3: 0x4005b6a6: cmp al, (8)0x x4005b6a8: j(ne,nz) byte (8)0xffffff88 0x4005b632: movzx esi, al 0x4005b635: 0x4005b637: 0x4005b63e: mov edx, dword [ebx + (32)0x00003cc0] 0x4005b644: lea eax, dword [edx + (8)0x ] 0x4005b647: cmp eax, dword [ebx + (32)0x00003cbc] 0x4005b64d: j(nbe,a) dword (32)0x000001bd 0x4005b653: mov eax, dword [ebx + (32)0x00003cb8] 0x4005b659: mov ecx, esi 0x4005b65b: mov byte [edx + eax], cl 0x4005b65e: inc dword [ebx + (32)0x00003cc0] 0x4005b664: mov eax, dword [ebp + (32)0xffffff7c] 0x4005b66a: movzx eax, byte [eax] 0x4005b66d: mov byte [ebp + (32)0xffffff53], al 0x4005b673: cmp byte [ebp + (32)0xffffff53], (8)0x x4005b67a: j(e,z) dword (32)0xffffff20 0x4005b680: inc dword [ebp + (32)0xffffff7c] 0x4005b686: mov edx, dword [ebp + (8)0x ] 0x4005b689: mov eax, dword [ebp + (32)0xffffff7c] 0x4005b68f: sub eax, edx 0x4005b691: cmp eax, dword [ebp + (32)0xffffff78] 0x4005b697: j(nl,ge) dword (32)0xffffff03 0x4005b69d: mov esi, dword [ebp + (32)0xffffff7c] 0x4005b6a3: 0x4005b6a6: cmp al, (8)0x x4005b6a8: j(ne,nz) byte (8)0xffffff88 0x4005b750: call dword (32)0xfffe198f 0x4005b5a0: mov edx, dword [ebx + (32)0x00003cc0] 0x4005b5a6: lea eax, dword [edx + (8)0x ] 0x4005b5a9: cmp eax, dword [ebx + (32)0x00003cbc] 0x4005b5af: j(nbe,a) dword (32)0x000002a7 0x4005b5b5: mov eax, dword [ebx + (32)0x00003cb8] 0x4005b5bb: mov byte [edx + eax], (8)0x x4005b5bf: mov eax, dword [ebx + (32)0x00003cb8] 0x4005b5c5: lea esi, dword [esi + (8)0x ] 0x4005b5c9: lea edi, dword [edi + (32)0x ] 0x4005b5d0: add esp, (32)0x000000cc 0x4005b5d6: 0x4005b5d7: 0x4005b5d8: 0x4005b5d9: 0x4005b5da: 0x4005b850: mov byte [ebp + (32)0xffffff77], (8)0x x4005b857: jmp dword (32)0xffffff49 0x4005b7a5: cmp byte [ebp + (32)0xffffff52], (8)0x x4005b7ac: j(e,z) byte (8)0x d 0x4005b7ae: cmp byte [ebp + (32)0xffffff77], (8)0x x4005b7b5: j(e,z) dword (32)0xffffff75 0x4005b7bb: cmp byte [ebp + (32)0xffffff74], (8)0x x4005b7c2: j(e,z) byte (8)0x x4005b7ec: cmp byte [ebp + (32)0xffffff75], (8)0x x4005b7f3: j(e,z) dword (32)0x x4005b88f: mov eax, dword [ebp + (32)0xffffff64] 0x4005b895: mov dword [ebp + (32)0xffffff6c], eax 0x4005b89b: mov byte [esi], (8)0x x4005b89e: mov eax, dword [ebp + (32)0xffffff68] 0x4005b8a4: cmp eax, dword [ebp + (32)0xffffff6c] 0x4005b8aa: j(nl,ge) byte (8)0x x4005b8b2: mov dword [ebp + (8)0xffffff80], eax 0x4005b8b5: mov dword [ebp + (32)0xffffff7c], edi 0x4005b8bb: movsx eax, byte [edi] 0x4005b8be: sub eax, (8)0x x4005b8c1: cmp eax, (8)0x d 0x4005b8c4: j(nbe,a) dword (32)0x e 0x4005b8ca: mov eax, dword [ebx + eax*4 + (32)0xffff56d0] 0x4005b8d1: add eax, ebx 0x4005b8d3: 0x4005bdb3: mov esi, dword [ebp + (8)0xffffffb8] 0x4005bdb6: 0x4005bdb8: j(ne,nz) byte (8)0x x4005bdba: inc dword [ebp + (8)0xffffff88] 0x4005bdbd: mov ecx, dword [ebp + (8)0xffffffbc] 0x4005bdc0: 0x4005bdc2: j(ne,nz) dword (32)0xfffffde1 0x4005bdc8: inc dword [ebp + (8)0xffffff8c] 0x4005bdcb: jmp dword (32)0xfffffb88 0x4005bd56: lea edx, dword [edi + (8)0x ] 0x4005bd59: mov dword [ebp + (32)0xffffff7c], edx 0x4005bd5f: movzx ecx, byte [edi + (8)0x ] 0x4005bd63: movzx eax, cl 0x4005bd66: mov byte [ebp + (32)0xffffff53], cl 0x4005bd6c: lea ecx, dword [eax + (8)0xffffffcf] 0x4005bd6f: cmp ecx, (8)0x x4005bd72: j(nbe,a) dword (32)0xfffff8fb 0x4005bd78: mov edx, dword [ebp + ecx*4 + (8)0xffffffb8] 0x4005bd7c: 0x4005bd7e: j(e,z) dword (32)0x c 0x4005bae6: 0x4005bae8: mov esi, dword [ebx + (32)0x00003cc4] 0x4005baee: mov dword [ebp + (32)0xffffff60], eax 0x4005baf4: mov eax, dword [ebx + (32)0x00003cb4] 0x4005bafa: 0x4005bafc: j(le,ng) dword (32)0x00000ddc 0x4005bb02: 0x4005bb03: cmp byte [ebx + eax*8 + (32)0x00003c18], (8)0x x4005bb0b: mov dword [ebx + (32)0x00003cb4], eax 0x4005bb11: j(e,z) byte (8)0x d 0x4005bb13: mov eax, dword [ebx + eax*8 + (32)0x00003c14] 0x4005bb1a: mov dword [ebp + (32)0xffffff60], eax 0x4005bb20: mov eax, dword [ebp + (8)0xffffff80] 0x4005bb23: cmp eax, (8)0x d 0x4005bb26: j(nle,g) byte (8)0x x4005bb28: mov eax, (32)0x e 0x4005bb2d: mov edx, dword [ebx + (32)0x00003cc0] 0x4005bb33: lea eax, dword [edx + eax + (8)0x ] 0x4005bb37: cmp eax, dword [ebx + (32)0x00003cbc] 0x4005bb3d: j(be,na) byte (8)0x e 0x4005b958: movzx edx, byte [edi] 0x4005b95b: mov byte [ebp + (32)0xffffff53], dl 0x4005b961: jmp dword (32)0xfffffd0d 0x4005b673: cmp byte [ebp + (32)0xffffff53], (8)0x x4005b67a: j(e,z) dword (32)0xffffff20 0x4005b680: inc dword [ebp + (32)0xffffff7c] 0x4005b686: mov edx, dword [ebp + (8)0x ] 0x4005b689: mov eax, dword [ebp + (32)0xffffff7c] 0x4005b68f: sub eax, edx 0x4005b691: cmp eax, dword [ebp + (32)0xffffff78] 0x4005b697: j(nl,ge) dword (32)0xffffff03 0x4005b69d: mov esi, dword [ebp + (32)0xffffff7c] 0x4005b6a3: 0x4005b6a6: cmp al, (8)0x x4005b6a8: j(ne,nz) byte (8)0xffffff88 0x4005b6aa: mov esi, dword [ebx + (32)0x00003cc4] 0x4005b6b0: mov eax, dword [ebp + (32)0xffffff7c] 0x4005b6b6: inc dword [ebp + (32)0xffffff7c] 0x4005b6bc: 0x4005b6be: mov dword [ebx + (32)0x000034dc], eax 0x4005b6c4: mov edi, dword [ebp + (32)0xffffff7c] 0x4005b6ca: j(e,z) dword (32)0x00000ec1 0x4005b6d0: mov dword [ebp + (32)0xffffff70], esi 0x4005b6d6: 0x4005b6d8: 0x4005b6da: mov dword [ebp + (32)0xffffff6c], eax 0x4005b6e0: 0x4005b6e2: mov byte [ebp + (32)0xffffff77], (8)0x x4005b6e9: mov byte [ebp + (32)0xffffff76], (8)0x x4005b6f0: mov byte [ebp + (32)0xffffff75], (8)0x x4005b6f7: mov byte [ebp + (32)0xffffff74], (8)0x x4005b6fe: mov dword [ebp + (32)0xffffff68], eax 0x4005b704: mov dword [ebp + (32)0xffffff64], ecx 0x4005b70a: mov dword [ebp + (8)0xffffff80], (32)0x x4005b711: mov byte [esi], (8)0x x4005b714: mov edx, dword [ebp + (32)0xffffff7c] 0x4005b71a: 0x4005b71b: movzx eax, byte [edx] 0x4005b71e: 0x4005b720: j(e,z) dword (32)0x x4005b726: mov byte [ebp + (32)0xffffff52], al 0x4005b72c: lea esi, dword [esi + (8)0x ] 0x4005b730: movsx eax, byte [ebp + (32)0xffffff52] 0x4005b737: sub eax, (8)0x x4005b73a: cmp eax, (8)0x x4005b73d: j(nbe,a) byte (8)0x x4005b73f: mov eax, dword [ebx + eax*4 + (32)0xffff556c] 0x4005b746: add eax, ebx 0x4005b748: 0x4005b9be: movzx ecx, byte [ebp + (32)0xffffff52] 0x4005b9c5: mov byte [esi], cl 0x4005b9c7: 0x4005b9c8: mov byte [ebp + (32)0xffffff77], (8)0x x4005b9cf: jmp byte (8)0xffffffd2 0x4005c700: mov eax, dword [ebx + (32)0x00003cb4] 0x4005c706: mov edx, dword [ebp + ecx*4 + (8)0xffffff88] 0x4005c70a: cmp eax, (8)0x x4005c70d: j(nle,g) byte (8)0x x4005c70f: mov dword [ebx + eax*8 + (32)0x00003c14], edx 0x4005c716: mov cl, (8)0x x4005c718: mov byte [ebx + eax*8 + (32)0x00003c18], cl 0x4005c71f: 0x4005c720: mov dword [ebx + (32)0x00003cb4], eax 0x4005c726: jmp byte (8)0xffffffc1 0x4005c6e9: movzx ecx, byte [edi + (8)0x ] 0x4005c6ed: jmp dword (32)0xfffff334 0x4005ba26: mov byte [ebp + (32)0xffffff53], cl 0x4005ba2c: jmp dword (32)0xfffffc42 0x4005b9a3: movzx eax, byte [edi] 0x4005b9a6: mov byte [ebp + (32)0xffffff52], al 0x4005b9ac: jmp dword (32)0xfffffdf4 0x4005bb6d: mov eax, dword [ebx + (32)0x00003cb8] 0x4005bb73: mov ecx, dword [ebp + (32)0xffffff60] 0x4005bb79: mov dword [esp + (8)0x ], esi 0x4005bb7d: add edx, eax 0x4005bb7f: mov dword [esp + (8)0x ], ecx 0x4005bb83: 0x4005bb86: call dword (32)0xfffe14e9 0x4003d074: jmp dword [ebx + (32)0x c] 0x400aefdc: mov eax, dword [ebp + (8)0x ] 0x400aefdf: add dword [ebp + (8)0x ], (8)0x x400aefe3: 0x400aefe5: 0x400aefe7: 0x400aefe9: neg edx 0x400aefeb: shr esi, (8)0x f 0x400aefee: cmov(ne,nz) eax, edx 0x400aeff1: jmp dword (32)0xfffffa16 0x400aea0c: mov dword [ebp + (32)0xfffffb28], eax 0x400aea12: jmp dword (32)0xfffff228 0x400adc3f: cmp dword [ebp + (32)0xfffffaf8], (8)0x x400adc46: j(l,nge) dword (32)0x d 0x400af469: mov edi, (32)0x x400af46e: mov dword [ebp + (32)0xfffffaf8], edi 0x400af474: 0x400af476: cmp byte [ebp + (32)0xfffffaf2], (8)0x x400af47d: 0x400af480: mov dword [esp + (8)0x c], eax 0x400af484: mov edx, dword [ebp + (32)0xfffffb24] 0x400af48a: mov dword [esp + (8)0x ], edx 0x400af48e: mov ecx, dword [ebp + (32)0xfffffb44] 0x400af494: mov dword [esp + (8)0x ], ecx 0x400af498: mov edi, dword [ebp + (32)0xfffffb28] 0x400af49e: 0x400af4a1: call dword (32)0xffffbfba 0x400ab460: 0x400ab461: 0x400ab463: 0x400ab464: 0x400ab465: 0x400ab466: sub esp, (8)0x x400ab469: mov edi, dword [ebp + (8)0x ] 0x400ab46c: call dword (32)0xfffdc4e0 0x400ab4d0: mov eax, (32)0xcccccccd 0x400ab4d5: mov edi, dword [ebp + (8)0xfffffff0] 0x400ab4d8: dec esi 0x400ab4d9: mul ecx 0x400ab4db: shr edx, (8)0x x400ab4de: lea eax, dword [edx + edx*4] 0x400ab4e1: add eax, eax 0x400ab4e3: sub ecx, eax 0x400ab4e5: 0x400ab4e7: movzx eax, byte [ecx + edi] 0x400ab4eb: mov ecx, edx 0x400ab4ed: mov byte [esi], al 0x400ab4ef: j(ne,nz) byte (8)0xffffffdf 0x400af4a6: 0x400af4a8: mov eax, dword [ebp + (32)0xfffffb10] 0x400af4ae: 0x400af4b0: j(e,z) byte (8)0x b 0x400af4dd: mov eax, dword [ebp + (32)0xfffffaf4] 0x400af4e3: 0x400af4e5: 0x400af4e8: cmp dword [ebp + (32)0xfffffb24], (8)0x a 0x400af4ef: 0x400af4f2: 0x400af4f4: 0x400af4f6: j(e,z) dword (32)0xffffe7a4 0x400adca0: mov eax, dword [ebp + (32)0xfffffb44] 0x400adca6: sub eax, edi 0x400adca8: cmp dword [ebp + (32)0xfffffaf8], eax 0x400adcae: j(nle,g) byte (8)0x x400adcb0: mov eax, dword [ebp + (32)0xfffffb28] 0x400adcb6: 0x400adcb8: j(e,z) byte (8)0x x400adcba: mov eax, dword [ebp + (32)0xfffffb20] 0x400adcc0: 0x400adcc2: 0x400adcc5: cmp dword [ebp + (32)0xfffffb24], (8)0x x400adccc: 0x400adccf: 0x400adcd1: 0x400adcd3: j(e,z) byte (8)0x b 0x400adce0: mov edx, dword [ebp + (32)0xfffffb44] 0x400adce6: mov eax, (32)0x x400adceb: mov ecx, dword [ebp + (32)0xfffffb18] 0x400adcf1: sub edx, edi 0x400adcf3: sub dword [ebp + (32)0xfffffaf8], edx 0x400adcf9: cmov(ns) eax, dword [ebp + (32)0xfffffaf8] 0x400add00: 0x400add02: mov dword [ebp + (32)0xfffffaf8], eax 0x400add08: j(ne,nz) dword (32)0x00000aa5 0x400add0e: mov ecx, dword [ebp + (32)0xfffffb28] 0x400add14: lea eax, dword [eax + edx] 0x400add17: sub dword [ebp + (32)0xfffffafc], eax 0x400add1d: 0x400add1f: j(e,z) byte (8)0x f 0x400add21: mov edx, dword [ebp + (32)0xfffffb20] 0x400add27: 0x400add29: 0x400add2c: cmp dword [ebp + (32)0xfffffb24], (8)0x x400add33: 0x400add36: 0x400add38: mov edx, dword [ebp + (32)0xfffffafc] 0x400add3e: sub edx, (8)0x x400add41: 0x400add43: cmov(e,z) edx, dword [ebp + (32)0xfffffafc] 0x400add4a: mov dword [ebp + (32)0xfffffafc], edx 0x400add50: mov eax, dword [ebp + (32)0xfffffb14] 0x400add56: or eax, esi 0x400add58: or eax, dword [ebp + (32)0xfffffb1c] 0x400add5e: 0x400add61: movzx eax, al 0x400add64: sub dword [ebp + (32)0xfffffafc], eax 0x400add6a: cmp byte [ebp + (32)0xfffffaf3], (8)0x x400add71: j(e,z) dword (32)0x x400aedb0: mov eax, dword [ebp + (32)0xfffffafc] 0x400aedb6: 0x400aedb8: j(le,ng) byte (8)0x x400aedde: 0x400aede0: mov dword [ebp + (32)0xfffffafc], eax 0x400aede6: jmp dword (32)0xffffef8c 0x400add77: 0x400add79: j(e,z) dword (32)0x00000d2d 0x400aeaac: mov eax, dword [ebp + (32)0xfffffb14] 0x400aeab2: 0x400aeab4: j(e,z) dword (32)0x000003ac 0x400aee66: mov esi, dword [ebp + (32)0xfffffb1c] 0x400aee6c: 0x400aee6e: j(e,z) dword (32)0xffffef29 0x400add9d: mov edx, dword [ebp + (32)0xfffffb28] 0x400adda3: 0x400adda5: j(e,z) byte (8)0x x400adda7: mov eax, dword [ebp + (32)0xfffffb20] 0x400addad: 0x400addaf: 0x400addb2: cmp dword [ebp + (32)0xfffffb24], (8)0x x400addb9: 0x400addbc: 0x400addbe: 0x400addc0: j(e,z) byte (8)0x d 0x400ade0f: mov esi, dword [ebp + (32)0xfffffaf8] 0x400ade15: add dword [ebp + (32)0xfffffafc], esi 0x400ade1b: mov eax, dword [ebp + (32)0xfffffafc] 0x400ade21: 0x400ade23: j(le,ng) byte (8)0x x400ade49: mov ecx, dword [ebp + (8)0x ] 0x400ade4c: mov esi, dword [ebp + (32)0xfffffb44] 0x400ade52: movsx eax, byte [ecx + (8)0x ] 0x400ade56: sub esi, edi 0x400ade58: mov eax, dword [eax + ecx + (32)0x ] 0x400ade5f: mov dword [esp + (8)0x ], esi 0x400ade63: mov dword [esp + (8)0x ], edi 0x400ade67: 0x400ade6a: call dword [eax + (8)0x c] 0x400ad860: add dword [ebp + (32)0xfffffb50], eax 0x400ad866: inc dword [ebp + (32)0xfffffb3c] 0x400ad86c: mov ecx, dword [ebp + (32)0xfffffb48] 0x400ad872: 0x400ad874: j(ne,nz) dword (32)0x000007ee 0x400ad87a: mov eax, dword [ebp + (32)0xfffffb34] 0x400ad880: mov dword [esp + (8)0x ], eax 0x400ad884: mov esi, dword [ebp + (32)0xfffffbb4] 0x400ad88a: 0x400ad88b: mov dword [ebp + (32)0xfffffbb4], esi 0x400ad891: 0x400ad894: call dword (32)0x x4005b66d: mov byte [ebp + (32)0xffffff53], al 0x4005b673: cmp byte [ebp + (32)0xffffff53], (8)0x x4005b67a: j(e,z) dword (32)0xffffff20 0x4005b680: inc dword [ebp + (32)0xffffff7c] 0x4005b686: mov edx, dword [ebp + (8)0x ] 0x4005b689: mov eax, dword [ebp + (32)0xffffff7c] 0x4005b68f: sub eax, edx 0x4005b691: cmp eax, dword [ebp + (32)0xffffff78] 0x4005b697: j(nl,ge) dword (32)0xffffff03 0x4005b69d: mov esi, dword [ebp + (32)0xffffff7c] 0x4005b6a3: 0x4005b6a6: cmp al, (8)0x x4005b6a8: j(ne,nz) byte (8)0xffffff88 0x4005af2b: add esp, (8)0x x4005af2e: 0x4005af2f: 0x4005af30: 0x0804a56c: 0x0804a56f: 0x0804a572: 0x0804a5a5: 0x0804a5a8: call dword (32)0xfffff5ef 0x400cea80: 0x400cea81: 0x400cea83: 0x400cea84: mov esi, dword [ebp + (8)0x ] 0x400cea87: mov eax, dword [ebp + (8)0x ] 0x400cea8a: mov edx, dword [ebp + (8)0x c] 0x400cea8d: 0x400cea8f: j(ne,nz) byte (8)0x x400cea98: mov ecx, esi 0x400cea9a: call dword (32)0xfffffcf1 0x400ce790: 0x400ce791: 0x400ce793: sub esp, (8)0x x400ce796: mov dword [ebp + (8)0xfffffff4], ebx 0x400ce799: mov dword [ebp + (8)0xfffffff8], esi 0x400ce79c: 0x400ce79e: mov dword [ebp + (8)0xfffffffc], edi 0x400ce7a1: call dword (32)0xfffb91ab 0x400ce826: mov ecx, dword [eax + (8)0x ] 0x400ce829: mov edx, dword [eax + (8)0x ] 0x400ce82c: cmp ecx, edx 0x400ce82e: j(e,z) byte (8)0xffffff96 0x400ce7c6: movsx eax, byte [esi + (8)0x ] 0x400ce7ca: mov edx, dword [ebp + (8)0xffffffec] 0x400ce7cd: mov eax, dword [eax + esi + (32)0x ] 0x400ce7d4: mov dword [esp + (8)0x ], edx 0x400ce7d8: mov ecx, dword [ebp + (8)0xfffffff0] 0x400ce7db: 0x400ce7de: mov dword [esp + (8)0x ], ecx 0x400ce7e2: call dword [eax + (8)0x c] 0x400ceab0: 0x400ceab1: 0x400ceab3: 0x400ceab4: 0x400ceab5: 0x400ceab8: mov esi, dword [ebp + (8)0x ] 0x400ceabb: mov edi, dword [ebp + (8)0x c] 0x400ceabe: 0x400ceac0: j(le,ng) byte (8)0x e 0x400ceac2: mov eax, dword [ebp + (8)0x ] 0x400ceac5: test byte [eax + (8)0x c], (8)0x x400ceac9: j(ne,nz) byte (8)0x x400ceacb: nop 0x400ceacc: lea esi, dword [esi + (8)0x ] 0x400cead0: mov dword [esp + (8)0x ], esi 0x400cead4: mov dword [esp + (8)0x ], edi 0x400cead8: mov edx, dword [ebp + (8)0x ] 0x400ceadb: mov eax, dword [edx + (8)0x ] 0x400ceade: 0x400ceae1: call dword (32)0x0004da2a 0x4011c510: cmp dword [0x c], (8)0x x4011c518: j(ne,nz) byte (8)0x x4011c51a: 0x4011c51b: mov edx, dword [esp + (8)0x ] 0x4011c51f: mov ecx, dword [esp + (8)0x c] 0x4011c523: mov ebx, dword [esp + (8)0x ] 0x4011c527: mov eax, (32)0x x4011c52c: 0x400ceae6: 0x400ceae8: j(s) byte (8)0x x400ceaea: sub esi, eax 0x400ceaec: add edi, eax 0x400ceaee: 0x400ceaf0: j(le,ng) byte (8)0x e 0x400ceb20: sub dword [ebp + (8)0x ], esi 0x400ceb23: mov edx, dword [ebp + (8)0x ] 0x400ceb26: mov edi, dword [edx + (8)0x ] 0x400ceb29: mov esi, dword [edx + (8)0x c] 0x400ceb2c: 0x400ceb2e: j(s) byte (8)0x x400ceb41: mov eax, dword [ebp + (8)0x ] 0x400ceb44: add esp, (8)0x x400ceb47: 0x400ceb48: 0x400ceb49: 0x400ceb4a: 0x400ce7e5: 0x400ce7e7: movzx eax, dword [esi + (8)0x ] 0x400ce7eb: 0x400ce7ee: j(e,z) byte (8)0x x400ce7f4: mov edx, dword [esi + (8)0x c] 0x400ce7f7: mov eax, dword [esi + (8)0x c] 0x400ce7fa: 0x400ce7fc: mov dword [esi + (8)0x c], eax 0x400ce7ff: mov dword [esi + (8)0x ], eax 0x400ce802: mov dword [esi + (8)0x ], eax 0x400ce805: mov dword [esi + (8)0x ], eax 0x400ce808: mov dword [esi + (8)0x ], eax 0x400ce80b: j(le,ng) dword (32)0x f 0x400ce8b0: test dword [esi], (32)0x x400ce8b6: j(ne,nz) dword (32)0xffffff58 0x400ce8bc: jmp dword (32)0xffffff50 0x400ce811: mov eax, dword [esi + (8)0x ] 0x400ce814: mov dword [esi + (8)0x ], eax 0x400ce817: 0x400ce819: mov ebx, dword [ebp + (8)0xfffffff4] 0x400ce81c: mov esi, dword [ebp + (8)0xfffffff8] 0x400ce81f: mov edi, dword [ebp + (8)0xfffffffc] 0x400ce822: 0x400ce824: 0x400ce825: 0x400cea9f: cmp eax, esi 0x400ceaa1: 0x400ceaa6: j(e,z) byte (8)0xffffffe9 0x400cea91: 0x400cea93: 0x400cea94: 0x400cea96: 0x400cea97: 0x400cf4c2: jmp dword (32)0xffffff4e 0x400cf415: 0x400cf417: j(e,z) byte (8)0x x0804a5f4: 0x0804a5f7: 0x0804a5f8: call dword (32)0xfffff6ff 0x08049cfc: jmp dword [0x0805a834] 0x08049d02: push (32)0x x08049d07: jmp dword (32)0xfffffb20 0x c: push dword [0x0805a6fc] 0x : jmp dword [0x0805a700] 0x4000c9e0: 0x4000c9e1: 0x4000c9e2: 0x4000c9e3: mov edx, dword [esp + (8)0x ] 0x4000c9e7: mov eax, dword [esp + (8)0x c] 0x4000c9eb: call dword (32)0x x4000cb60: 0x4000cb61: 0x4000cb63: 0x4000cb64: 0x4000cb66: 0x4000cb67: 0x4000cb68: sub esp, (8)0x c 0x4000cb6b: mov ecx, dword [eax + (8)0x ] 0x4000cb6e: mov eax, dword [eax + (8)0x c] 0x4000cb71: call dword (32)0x x40012bab: mov ebx, dword [esp] 0x40012bae: 0x4000cb76: add ebx, (32)0x0000a476 0x4000cb7c: mov eax, dword [eax + (8)0x ] 0x4000cb7f: mov dword [ebp + (8)0xffffffec], eax 0x4000cb82: mov eax, dword [edi + (8)0x ] 0x4000cb85: mov esi, dword [eax + (8)0x ] 0x4000cb88: add edx, esi 0x4000cb8a: mov eax, dword [edx + (8)0x ] 0x4000cb8d: mov edx, dword [edx] 0x4000cb8f: shr eax, (8)0x x4000cb92: 0x4000cb94: shl esi, (8)0x x4000cb97: mov dword [ebp + (8)0xffffffe8], eax 0x4000cb9a: mov eax, dword [ecx + (8)0x ] 0x4000cb9d: mov ecx, dword [edi] 0x4000cb9f: add esi, eax 0x4000cba1: add edx, ecx 0x4000cba3: mov dword [ebp + (8)0xffffffe4], edx 0x4000cba6: mov dword [ebp + (8)0xffffffe0], esi 0x4000cba9: movzx eax, byte [esi + (8)0x d] 0x4000cbad: mov dword [ebp + (8)0xfffffff0], esi 0x4000cbb0: and eax, (8)0x x4000cbb3: mov dword [ebp + (8)0xffffffdc], eax 0x4000cbb6: j(ne,nz) dword (32)0x a 0x4000cbbc: mov eax, dword [edi + (32)0x000000dc] 0x4000cbc2: 0x4000cbc4: 0x4000cbc6: j(e,z) byte (8)0x x4000cbc8: mov eax, dword [eax + (8)0x ] 0x4000cbcb: mov ecx, dword [ebp + (8)0xffffffe8] 0x4000cbce: movzx edx, dword [eax + ecx*2] 0x4000cbd2: mov eax, dword [edi + (32)0x c] 0x4000cbd8: and edx, (32)0x00007fff 0x4000cbde: shl edx, (8)0x x4000cbe1: add edx, eax 0x4000cbe3: mov eax, dword [edx + (8)0x ] 0x4000cbe6: 0x4000cbe8: cmov(e,z) edx, dword [ebp + (8)0xffffffdc] 0x4000cbec: mov eax, dword [ebp + (8)0xffffffe0] 0x4000cbef: mov ecx, (32)0x x4000cbf4: mov esi, (32)0x x4000cbf9: 0x4000cbfb: add dword [ebp + (8)0xffffffec], eax 0x4000cbfe: 0x4000cc00: mov dword [esp + (8)0x ], ecx 0x4000cc04: lea ecx, dword [ebp + (8)0xfffffff0] 0x4000cc07: mov dword [esp + (8)0x ], edx 0x4000cc0b: mov edx, edi 0x4000cc0d: mov dword [esp + (8)0x ], eax 0x4000cc11: mov dword [esp + (8)0x c], esi 0x4000cc15: mov eax, dword [edi + (32)0x000001b4] 0x4000cc1b: 0x4000cc1e: mov eax, dword [ebp + (8)0xffffffec] 0x4000cc21: call dword (32)0xffffb21a 0x40007e53: add ebx, (32)0x0000f199 0x40007e59: mov dword [ebp + (8)0xffffffa8], eax 0x40007e5c: mov dword [ebp + (8)0xffffffa4], edx 0x40007e5f: mov dword [ebp + (8)0xffffffa0], ecx 0x40007e62: call dword (32)0xfffffbd9 0x40007b12: add ebx, (32)0x0000f4da 0x40007b18: mov dword [ebp + (8)0xffffffe4], edx 0x40007b1b: mov dword [ebp + (8)0xffffffe0], ecx 0x40007b1e: mov dword [ebp + (8)0xffffffdc], eax 0x40007b21: jmp byte (8)0x f 0x4000d675: add ebx, (32)0x x4000d67b: 0x4000d67e: mov dword [esp + (8)0x ], eax 0x4000d682: call dword (32)0x x4000d2de: add ebx, (32)0x00009d0e 0x4000d2e4: lea eax, dword [ebx + (32)0x c] 0x4000d2ea: mov dword [ebp + (8)0xffffffc8], eax 0x4000d2ed: 0x4000d2f0: call dword [ebx + (32)0x000002c0] 0x40007e40: 0x40007e41: 0x40007e43: 0x40007e44: 0x40007e46: 0x40007e47: 0x40007e48: sub esp, (32)0x000000a0 0x40007e4e: call dword (32)0x0000ad58 0x40007a40: 0x40007a41: 0x40007a43: 0x40007a45: sub esp, (8)0x x40007a48: 0x40007a4b: mov dword [esp + (8)0x ], edi 0x40007a4f: 0x40007a52: 0x40007a54: j(e,z) byte (8)0x x40007a56: mov edx, ecx 0x40007a58: movzx ecx, byte [eax + (8)0x ] 0x40007a5c: jcxz byte (8)0x d 0x40007a5e: shl edx, (8)0x x40007a61: add edx, ecx 0x40007a63: movzx ecx, byte [eax + (8)0x ] 0x40007a67: jcxz byte (8)0x x40007a69: shl edx, (8)0x x40007a6c: add edx, ecx 0x40007a6e: movzx ecx, byte [eax + (8)0x ] 0x40007a72: jcxz byte (8)0x x40007a74: shl edx, (8)0x x40007a77: add edx, ecx 0x40007a79: movzx ecx, byte [eax + (8)0x ] 0x40007a7d: jcxz byte (8)0x c 0x40007aab: mov esi, dword [esp] 0x40007aae: 0x40007ab0: mov edi, dword [esp + (8)0x ] 0x40007ab4: 0x40007ab6: 0x40007ab7: 0x40007a8c: shl edx, (8)0x x40007a8f: mov edi, (32)0xf x40007a94: 0x40007a95: add edx, ecx 0x40007a97: and edi, edx 0x40007a99: and edx, (32)0x0fffffff 0x40007a9f: shr edi, (8)0x x40007aa2: 0x40007aa5: xor edx, edi 0x40007aa7: 0x40007aa9: j(ne,nz) byte (8)0xffffffe1 0x40007e67: mov dword [ebp + (8)0xffffff9c], eax 0x40007e6a: mov eax, dword [ebp + (8)0x ] 0x40007e6d: mov esi, dword [ebp + (8)0x ] 0x40007e70: inc dword [ebx + (32)0x c] 0x40007e76: 0x40007e78: mov dword [ebp + (8)0xffffffbc], (32)0x x40007e7f: mov dword [ebp + (8)0xffffffc0], (32)0x x40007e86: j(ne,nz) dword (32)0x a 0x40007e8c: mov eax, dword [ebp + (8)0x ] 0x40007e8f: mov edx, dword [eax] 0x40007e91: 0x40007e93: 0x40007e95: j(e,z) byte (8)0x c 0x40007e97: lea edx, dword [ebp + (8)0xffffffbc] 0x40007e9a: mov dword [ebp + (8)0xffffff80], edx 0x40007e9d: lea esi, dword [esi + (8)0x ] 0x40007ea0: mov ecx, dword [ebp + (8)0x ] 0x40007ea3: mov dword [esp + (8)0x ], ecx 0x40007ea7: mov edx, dword [ebp + (8)0x ] 0x40007eaa: mov dword [esp + (8)0x ], edx 0x40007eae: mov ecx, dword [ebp + (8)0x ] 0x40007eb1: mov dword [esp + (8)0x ], ecx 0x40007eb5: mov edx, dword [ebp + (8)0x c] 0x40007eb8: mov dword [esp + (8)0x ], eax 0x40007ebc: mov dword [esp + (8)0x c], edx 0x40007ec0: 0x40007ec2: mov dword [esp + (8)0x ], eax 0x40007ec6: mov ecx, dword [ebp + (8)0xffffff80] 0x40007ec9: 0x40007ecc: mov eax, dword [ebp + (8)0xffffffa0] 0x40007ecf: mov edx, dword [ebp + (8)0xffffff9c] 0x40007ed2: mov ecx, dword [eax] 0x40007ed4: mov eax, dword [ebp + (8)0xffffffa8] 0x40007ed7: call dword (32)0xfffffc14 0x40007af0: 0x40007af1: 0x40007af3: 0x40007af4: 0x40007af5: 0x40007af6: sub esp, (8)0x x40007af9: mov dword [ebp + (8)0xfffffff0], eax 0x40007afc: mov eax, dword [ebp + (8)0x c] 0x40007aff: mov dword [ebp + (8)0xffffffec], edx 0x40007b02: mov edx, dword [ebp + (8)0x ] 0x40007b05: mov dword [ebp + (8)0xffffffe8], ecx 0x40007b08: mov ecx, dword [eax] 0x40007b0a: mov eax, dword [eax + (8)0x ] 0x40007b0d: call dword (32)0x0000b099 0x40007b32: mov dword [ebp + (8)0xffffffc8], (32)0x x40007b39: mov edx, dword [ebp + (8)0xffffffe0] 0x40007b3c: mov eax, dword [ebp + (8)0x ] 0x40007b3f: mov dword [ebp + (8)0xffffffc4], (32)0x x40007b46: mov eax, dword [edx + eax*4] 0x40007b49: mov edx, dword [ebp + (8)0x c] 0x40007b4c: mov dword [ebp + (8)0xffffffd8], eax 0x40007b4f: mov eax, dword [ebp + (8)0x c] 0x40007b52: 0x40007b54: 0x40007b57: cmp dword [ebp + (8)0xffffffd8], edx 0x40007b5a: 0x40007b5d: 0x40007b5f: 0x40007b61: j(ne,nz) byte (8)0xffffffc0 0x40007b63: test byte [ebp + (8)0x ], (8)0x x40007b67: j(e,z) byte (8)0x x40007b80: test byte [ebx + (32)0xfffffcd4], (8)0x x40007b87: j(ne,nz) dword (32)0x d 0x40007b8d: mov edx, dword [ebp + (8)0xffffffd8] 0x40007b90: mov eax, dword [edx + (8)0x ] 0x40007b93: mov ecx, dword [edx + (32)0x c] 0x40007b99: mov eax, dword [eax + (8)0x ] 0x40007b9c: mov dword [ebp + (8)0xffffffd4], eax 0x40007b9f: mov eax, dword [edx + (8)0x c] 0x40007ba2: mov eax, dword [eax + (8)0x ] 0x40007ba5: mov dword [ebp + (8)0xffffffcc], ecx 0x40007ba8: mov ecx, edx 0x40007baa: 0x40007bac: mov dword [ebp + (8)0xffffffd0], eax 0x40007baf: mov eax, dword [ebp + (8)0xffffffec] 0x40007bb2: div dword [ecx + (32)0x ] 0x40007bb8: mov eax, dword [ecx + (32)0x ] 0x40007bbe: mov edi, dword [eax + edx*4] 0x40007bc1: 0x40007bc3: j(ne,nz) byte (8)0x b 0x40007bf0: mov esi, dword [ebp + (8)0xffffffd4] 0x40007bf3: 0x40007bf5: shl eax, (8)0x x40007bf8: add esi, eax 0x40007bfa: mov eax, dword [esi + (8)0x ] 0x40007bfd: 0x40007bff: j(e,z) byte (8)0xffffffcf 0x40007bd0: movzx eax, byte [esi + (8)0x c] 0x40007bd4: and eax, (8)0x f 0x40007bd7: cmp eax, (8)0x x40007bda: j(e,z) byte (8)0x x40007bdc: mov edx, dword [ebp + (8)0xffffffd8] 0x40007bdf: mov eax, dword [edx + (32)0x c] 0x40007be5: mov edi, dword [eax + edi*4] 0x40007be8: 0x40007bea: j(e,z) dword (32)0x000000e0 0x40007c0e: movzx eax, byte [esi + (8)0x c] 0x40007c12: and eax, (8)0x f 0x40007c15: cmp eax, (8)0x x40007c18: set(nle,g) dl 0x40007c1b: cmp eax, (8)0x x40007c1e: 0x40007c21: 0x40007c23: 0x40007c25: j(ne,nz) byte (8)0xffffffb5 0x40007c27: cmp esi, dword [ebp + (8)0xffffffe8] 0x40007c2a: j(e,z) byte (8)0x a 0x40007c2c: mov ecx, dword [esi] 0x40007c2e: mov eax, dword [ebp + (8)0xffffffd0] 0x40007c31: mov edx, dword [ebp + (8)0xfffffff0] 0x40007c34: add eax, ecx 0x40007c36: mov dword [esp + (8)0x ], edx 0x40007c3a: 0x40007c3d: call dword (32)0x0000aaae 0x40007cd0: cmp dword [ebp + (8)0xffffffc8], (8)0x x40007cd4: mov esi, dword [ebp + (8)0xffffffc4] 0x40007cd7: j(e,z) byte (8)0x x40007cd9: xor esi, esi 0x40007cdb: 0x40007cdd: j(e,z) byte (8)0x x40007cf7: mov edx, dword [ebp + (8)0xffffffe4] 0x40007cfa: 0x40007cfc: 0x40007cff: 0x40007d01: 0x40007d04: 0x40007d06: 0x40007d08: j(e,z) dword (32)0xfffffe15 0x40007d0e: mov edx, dword [ebp + (8)0xffffffe4] 0x40007d11: mov eax, dword [edx + (8)0x c] 0x40007d14: 0x40007d16: j(e,z) dword (32)0xfffffe07 0x40007d1c: mov edx, dword [ebp + (8)0xffffffd8] 0x40007d1f: call dword (32)0x c 0x4000d660: 0x4000d661: 0x4000d663: 0x4000d664: 0x4000d666: 0x4000d667: 0x4000d669: 0x4000d66a: sub esp, (8)0x x4000d66d: mov eax, dword [edx + (8)0x ] 0x4000d670: call dword (32)0x x400126f0: mov ecx, dword [esp + (8)0x ] 0x400126f4: mov edx, dword [esp + (8)0x ] 0x400126f8: mov al, byte [ecx] 0x400126fa: cmp al, byte [edx] 0x400126fc: j(ne,nz) byte (8)0x x : mov eax, (32)0x x c: mov ecx, (32)0xffffffff 0x : cmov(b,nae) eax, ecx 0x : 0x400126f8: mov al, byte [ecx] 0x400126fa: cmp al, byte [edx] 0x400126fc: j(ne,nz) byte (8)0x x400126fe: inc ecx 0x400126ff: inc edx 0x : 0x : j(ne,nz) byte (8)0xfffffff4 0x4000d687: 0x4000d689: mov edx, (32)0x x4000d68e: j(e,z) byte (8)0x x4000d690: mov esi, dword [esi + (8)0x ] 0x4000d693: 0x4000d695: j(e,z) byte (8)0x x4000d697: mov esi, esi 0x4000d699: lea edi, dword [edi + (32)0x ] 0x4000d6a0: 0x4000d6a2: 0x4000d6a5: mov dword [esp + (8)0x ], eax 0x4000d6a9: call dword (32)0x x4000d6ae: 0x4000d6b0: mov edx, (32)0x x4000d6b5: j(e,z) byte (8)0x x4000d6b7: mov esi, dword [esi + (8)0x ] 0x4000d6ba: 0x4000d6bc: j(ne,nz) byte (8)0xffffffe2 0x4000d6be: 0x4000d6c0: add esp, (8)0x x4000d6c3: 0x4000d6c5: 0x4000d6c6: 0x4000d6c7: 0x4000d6c8: 0x4000d6c9: 0x40007c42: 0x40007c44: j(ne,nz) byte (8)0xffffff96 0x40007d24: 0x40007d26: 0x40007d2b: j(ne,nz) byte (8)0x x40007d2d: inc dword [ebp + (8)0x ] 0x40007d30: mov ecx, dword [ebp + (8)0xffffffdc] 0x40007d33: cmp dword [ebp + (8)0x ], ecx 0x40007d36: j(b,nae) dword (32)0xfffffdf6 0x40007bdc: mov edx, dword [ebp + (8)0xffffffd8] 0x40007bdf: mov eax, dword [edx + (32)0x c] 0x40007be5: mov edi, dword [eax + edi*4] 0x40007be8: 0x40007bea: j(e,z) dword (32)0x000000e0 0x40007bf0: mov esi, dword [ebp + (8)0xffffffd4] 0x40007bf3: 0x40007bf5: shl eax, (8)0x x40007bf8: add esi, eax 0x40007bfa: mov eax, dword [esi + (8)0x ] 0x40007bfd: 0x40007bff: j(e,z) byte (8)0xffffffcf 0x40007c01: cmp word [esi + (8)0x e], (8)0x x40007c06: j(ne,nz) byte (8)0x x40007d48: mov ecx, dword [ebp + (8)0xffffffe4] 0x40007d4b: mov eax, dword [ecx] 0x40007d4d: mov dword [esp + (8)0x ], eax 0x40007d51: mov ecx, dword [ebp + (8)0xffffffc0] 0x40007d54: mov eax, dword [edx + ecx] 0x40007d57: 0x40007d5a: call dword (32)0x0000a991 0x40007d5f: 0x40007d61: j(ne,nz) dword (32)0xffffff24 0x40007d67: jmp dword (32)0xffffff73 0x40007cdf: movzx eax, byte [esi + (8)0x c] 0x40007ce3: shr al, (8)0x x40007ce6: movzx eax, al 0x40007ce9: cmp eax, (8)0x x40007cec: j(e,z) dword (32)0x c 0x40007d7e: mov edx, dword [ebp + (8)0x ] 0x40007d81: mov ecx, dword [ebp + (8)0xffffffd8] 0x40007d84: mov dword [edx], esi 0x40007d86: mov dword [edx + (8)0x ], ecx 0x40007d89: mov edx, (32)0x x40007d8e: add esp, (8)0x x40007d91: 0x40007d93: 0x40007d94: 0x40007d95: 0x40007d96: 0x40007d97: 0x40007edc: 0x40007ede: 0x40007ee0: j(nle,g) byte (8)0x x40007ef3: mov ecx, dword [ebp + (8)0xffffffbc] 0x40007ef6: 0x40007ef8: j(e,z) dword (32)0x x40007efe: mov dword [ebp + (8)0xffffff90], (32)0x x40007f05: mov ecx, dword [ebp + (8)0xffffffa0] 0x40007f08: mov edx, dword [ecx] 0x40007f0a: 0x40007f0c: j(e,z) byte (8)0x c 0x40007f0e: movzx eax, byte [edx + (8)0x d] 0x40007f12: and eax, (8)0x x40007f15: cmp eax, (8)0x x40007f18: j(e,z) byte (8)0x x40007f1a: lea edx, dword [ebp + (8)0xffffffbc] 0x40007f1d: mov dword [ebp + (8)0xffffff80], edx 0x40007f20: mov ecx, dword [ebp + (8)0xffffff80] 0x40007f23: mov esi, dword [ecx + (8)0x ] 0x40007f26: movzx eax, byte [esi + (32)0x ] 0x40007f2d: and al, (8)0x x40007f2f: cmp al, (8)0x x40007f31: j(e,z) dword (32)0x c 0x40007f37: mov eax, dword [ebx + (32)0xfffffcd4] 0x40007f3d: test eax, (32)0x x40007f42: j(ne,nz) dword (32)0x a 0x40007f48: mov eax, dword [ebp + (8)0xffffffbc] 0x40007f4b: mov edx, dword [ebp + (8)0xffffffa0] 0x40007f4e: mov ecx, dword [ebp + (8)0xffffff80] 0x40007f51: mov dword [edx], eax 0x40007f53: mov eax, dword [ecx + (8)0x ] 0x40007f56: lea esp, dword [ebp + (8)0xfffffff4] 0x40007f59: 0x40007f5a: 0x40007f5b: 0x40007f5c: 0x40007f5d: word (16)0x x4000cc26: mov edx, dword [ebp + (8)0xfffffff0] 0x4000cc29: 0x4000cc2c: mov ecx, eax 0x4000cc2e: 0x4000cc30: 0x4000cc32: j(e,z) byte (8)0x b 0x4000cc34: 0x4000cc36: j(e,z) byte (8)0x x4000cc38: mov eax, dword [edx + (8)0x ] 0x4000cc3b: mov edx, dword [ecx] 0x4000cc3d: 0x4000cc3f: mov esi, dword [ebx + (32)0xfffffd04] 0x4000cc45: 0x4000cc47: 0x4000cc49: mov edx, dword [ebp + (8)0xffffffe4] 0x4000cc4c: mov dword [edx], eax 0x4000cc4e: lea esp, dword [ebp + (8)0xfffffff4] 0x4000cc51: 0x4000cc52: 0x4000cc53: 0x4000cc54: 0x4000cc55: 0x4000c9f0: pop edx 0x4000c9f1: pop ecx 0x4000c9f2: xchg dword [esp], eax 0x4000c9f5: word (16)0x x4009c7c0: 0x4009c7c1: 0x4009c7c3: 0x4009c7c4: 0x4009c7c5: 0x4009c7c6: 0x4009c7c9: call dword (32)0xfffeb183 0x4009ca20: 0x4009ca21: 0x4009ca23: 0x4009ca24: 0x4009ca25: 0x4009ca26: 0x4009ca29: call dword (32)0xfffeaf23 0x08055c00: 0x08055c01: 0x08055c03: sub esp, (8)0x x08055c06: mov dword [ebp + (8)0xfffffff4], ebx 0x08055c09: call dword (32)0x000000ba 0x08055cc8: mov ebx, dword [esp] 0x08055ccb: 0x08055c0e: add ebx, (32)0x00004aea 0x08055c14: mov dword [ebp + (8)0xfffffffc], edi 0x08055c17: lea eax, dword [ebx + (32)0xfffff908] 0x08055c1d: lea edi, dword [ebx + (32)0xfffff908] 0x08055c23: mov dword [ebp + (8)0xfffffff8], esi 0x08055c26: sub eax, edi 0x08055c28: sar eax, (8)0x x08055c2b: 0x08055c2d: lea esi, dword [eax + (8)0xffffffff] 0x08055c30: j(ne,nz) byte (8)0x x08055c32: call dword (32)0x000000bd 0x08055cf4: 0x08055cf5: 0x08055cf7: 0x08055cf8: 0x08055cfd: 0x08055cfe: add ebx, (32)0x000049fb 0x08055d04: 0x08055d05: call dword (32)0xffff4186 0x08049e90: 0x08049e91: 0x08049e93: 0x08049e94: 0x08049e95: cmp byte [0x0805adac], (8)0x x08049e9c: j(ne,nz) byte (8)0x e 0x08049e9e: mov eax, dword [(32)0x0805a8a8] 0x08049ea3: mov edx, dword [eax] 0x08049ea5: 0x08049ea7: j(e,z) byte (8)0x c 0x08049ec5: mov byte [0x0805adac], (8)0x x08049ecc: leave 0x08049ecd: 0x08055d0a: pop ecx 0x08055d0b: 0x08055d0c: leave 0x08055d0d: 0x08055c37: mov ebx, dword [ebp + (8)0xfffffff4] 0x08055c3a: mov esi, dword [ebp + (8)0xfffffff8] 0x08055c3d: mov edi, dword [ebp + (8)0xfffffffc] 0x08055c40: 0x08055c42: 0x08055c43: 0x4009c820: mov edx, dword [ebx + (32)0x00000d58] 0x4009c826: mov eax, dword [edx + (8)0x ] 0x4009c829: 0x4009c82b: j(ne,nz) byte (8)0xffffffc3 0x4009c7f0: 0x4009c7f1: mov dword [edx + (8)0x ], eax 0x4009c7f4: shl eax, (8)0x x4009c7f7: lea eax, dword [eax + edx] 0x4009c7fa: lea ecx, dword [eax + (8)0x ] 0x4009c7fd: mov eax, dword [eax + (8)0x ] 0x4009c800: cmp eax, (8)0x x4009c803: j(nbe,a) byte (8)0x x4009c805: mov eax, dword [ebx + eax*4 + (32)0xfffecac4] 0x4009c80c: add eax, ebx 0x4009c80e: 0x4009c810: mov eax, dword [ebp + (8)0x ] 0x4009c813: mov dword [esp + (8)0x ], eax 0x4009c817: mov eax, dword [ecx + (8)0x ] 0x4009c81a: 0x4009c81d: call dword [ecx + (8)0x ] 0x4009c84d: lea esi, dword [ebx + (32)0xffffe6ec] 0x4009c853: lea edi, dword [ebx + (32)0xffffe6f0] 0x4009c859: cmp esi, edi 0x4009c85b: j(b,nae) byte (8)0x b 0x4000d2d0: 0x4000d2d1: 0x4000d2d3: 0x4000d2d4: 0x4000d2d5: 0x4000d2d6: sub esp, (8)0x c 0x4000d2d9: call dword (32)0x000058cd 0x : 0x : 0x : mov eax, dword [ebp + (8)0x ] 0x : inc dword [eax + (8)0x ] 0x : 0x a: 0x4000d2f6: mov dword [ebp + (8)0xfffffff0], (32)0x x4000d2fd: mov edx, dword [ebx + (32)0x ] 0x4000d303: mov edi, dword [ebx + (32)0x ] 0x4000d309: mov dword [ebp + (8)0xffffffec], edx 0x4000d30c: lea eax, dword [edx*4 + (32)0x e] 0x4000d313: and eax, (8)0xfffffff0 0x4000d316: sub esp, eax 0x4000d318: lea ecx, dword [esp + (8)0x b] 0x4000d31c: 0x4000d31e: and ecx, (8)0xfffffff0 0x4000d321: 0x4000d323: mov dword [ebp + (8)0xffffffe8], ecx 0x4000d326: j(e,z) byte (8)0x x4000d328: inc dword [edi + (32)0x ] 0x4000d32e: mov esi, dword [ebp + (8)0xfffffff0] 0x4000d331: mov eax, dword [ebp + (8)0xffffffe8] 0x4000d334: mov dword [eax + esi*4], edi 0x4000d337: mov edi, dword [edi + (8)0x c] 0x4000d33a: 0x4000d33b: mov dword [ebp + (8)0xfffffff0], esi 0x4000d33e: 0x4000d340: j(ne,nz) byte (8)0xffffffe6 0x4000d328: inc dword [edi + (32)0x ] 0x4000d32e: mov esi, dword [ebp + (8)0xfffffff0] 0x4000d331: mov eax, dword [ebp + (8)0xffffffe8] 0x4000d334: mov dword [eax + esi*4], edi 0x4000d337: mov edi, dword [edi + (8)0x c] 0x4000d33a: 0x4000d33b: mov dword [ebp + (8)0xfffffff0], esi 0x4000d33e: 0x4000d340: j(ne,nz) byte (8)0xffffffe6 0x4000d37e: mov eax, dword [ebp + (8)0xffffffe4] 0x4000d381: mov edx, dword [ebp + (8)0xffffffec] 0x4000d384: 0x4000d385: mov dword [ebp + (8)0xffffffb8], eax 0x4000d388: 0x4000d38a: j(nb,ae) dword (32)0x000000d0 0x4000d390: mov eax, dword [ebp + (8)0xffffffe4] 0x4000d393: mov ecx, dword [ebp + (8)0xffffffe8] 0x4000d396: shl eax, (8)0x x4000d399: mov dword [ebp + (8)0xffffffbc], eax 0x4000d39c: add ecx, eax 0x4000d39e: neg dword [ebp + (8)0xffffffbc] 0x4000d3a1: mov dword [ebp + (8)0xffffffc0], ecx 0x4000d3a4: lea esi, dword [esi + (32)0x ] 0x4000d3aa: lea edi, dword [edi + (32)0x ] 0x4000d3b0: mov esi, dword [ebp + (8)0xffffffb8] 0x4000d3b3: mov eax, dword [ebp + (8)0xffffffe8] 0x4000d3b6: mov esi, dword [eax + esi*4] 0x4000d3b9: mov dword [ebp + (8)0xffffffcc], esi 0x4000d3bc: mov edx, dword [esi + (32)0x000001d8] 0x4000d3c2: mov dword [ebp + (8)0xffffffe0], esi 0x4000d3c5: 0x4000d3c7: j(e,z) byte (8)0x x4000d3c9: 0x4000d3cb: 0x4000d3cd: j(e,z) byte (8)0x x4000d3cf: mov esi, dword [ebp + (8)0xffffffe8] 0x4000d3d2: mov ecx, dword [ebp + (8)0xffffffe4] 0x4000d3d5: lea ecx, dword [esi + ecx*4] 0x4000d3d8: mov dword [ebp + (8)0xffffffc4], ecx 0x4000d3db: mov esi, dword [ebp + (8)0xffffffb8] 0x4000d3de: mov ecx, dword [ebp + (8)0xffffffbc] 0x4000d3e1: lea esi, dword [ecx + esi*4] 0x4000d3e4: mov dword [ebp + (8)0xffffffb4], esi 0x4000d3e7: cmp eax, edi 0x4000d3e9: j(e,z) byte (8)0x x4000d3eb: nop 0x4000d3ec: lea esi, dword [esi + (8)0x ] 0x4000d3f0: add edx, (8)0x x4000d3f3: 0x4000d3f5: 0x4000d3f7: j(e,z) byte (8)0x x4000d3f9: cmp eax, edi 0x4000d3fb: j(ne,nz) byte (8)0xfffffff3 0x4000d3f0: add edx, (8)0x x4000d3f3: 0x4000d3f5: 0x4000d3f7: j(e,z) byte (8)0x x4000d440: mov edx, dword [ebp + (8)0xffffffcc] 0x4000d443: mov ecx, dword [edx + (32)0x000001e4] 0x4000d449: 0x4000d44b: j(ne,nz) dword (32)0x x4000d451: inc dword [ebp + (8)0xffffffb8] 0x4000d454: mov edx, dword [ebp + (8)0xffffffec] 0x4000d457: cmp dword [ebp + (8)0xffffffb8], edx 0x4000d45a: j(b,nae) dword (32)0xffffff50 0x4000d3b0: mov esi, dword [ebp + (8)0xffffffb8] 0x4000d3b3: mov eax, dword [ebp + (8)0xffffffe8] 0x4000d3b6: mov esi, dword [eax + esi*4] 0x4000d3b9: mov dword [ebp + (8)0xffffffcc], esi 0x4000d3bc: mov edx, dword [esi + (32)0x000001d8] 0x4000d3c2: mov dword [ebp + (8)0xffffffe0], esi 0x4000d3c5: 0x4000d3c7: j(e,z) byte (8)0x x4000d3c9: 0x4000d3cb: 0x4000d3cd: j(e,z) byte (8)0x x4000d3cf: mov esi, dword [ebp + (8)0xffffffe8] 0x4000d3d2: mov ecx, dword [ebp + (8)0xffffffe4] 0x4000d3d5: lea ecx, dword [esi + ecx*4] 0x4000d3d8: mov dword [ebp + (8)0xffffffc4], ecx 0x4000d3db: mov esi, dword [ebp + (8)0xffffffb8] 0x4000d3de: mov ecx, dword [ebp + (8)0xffffffbc] 0x4000d3e1: lea esi, dword [ecx + esi*4] 0x4000d3e4: mov dword [ebp + (8)0xffffffb4], esi 0x4000d3e7: cmp eax, edi 0x4000d3e9: j(e,z) byte (8)0x x4000d3eb: nop 0x4000d3ec: lea esi, dword [esi + (8)0x ] 0x4000d3f0: add edx, (8)0x x4000d3f3: 0x4000d3f5: 0x4000d3f7: j(e,z) byte (8)0x x4000d3f9: cmp eax, edi 0x4000d3fb: j(ne,nz) byte (8)0xfffffff3 0x4000d353: mov dword [ebp + (8)0xffffffe4], (32)0x x4000d35a: mov edx, dword [ebp + (8)0xffffffe8] 0x4000d35d: cmp dword [edx + (8)0x ], edi 0x4000d360: j(e,z) byte (8)0x c 0x4000d362: lea esi, dword [esi + (32)0x ] 0x4000d369: lea edi, dword [edi + (32)0x ] 0x4000d370: inc dword [ebp + (8)0xffffffe4] 0x4000d373: mov esi, dword [ebp + (8)0xffffffe8] 0x4000d376: mov ecx, dword [ebp + (8)0xffffffe4] 0x4000d379: cmp dword [esi + ecx*4], edi 0x4000d37c: j(ne,nz) byte (8)0xfffffff2 0x4000d37e: mov eax, dword [ebp + (8)0xffffffe4] 0x4000d381: mov edx, dword [ebp + (8)0xffffffec] 0x4000d384: 0x4000d385: mov dword [ebp + (8)0xffffffb8], eax 0x4000d388: 0x4000d38a: j(nb,ae) dword (32)0x000000d0 0x4000d390: mov eax, dword [ebp + (8)0xffffffe4] 0x4000d393: mov ecx, dword [ebp + (8)0xffffffe8] 0x4000d396: shl eax, (8)0x x4000d399: mov dword [ebp + (8)0xffffffbc], eax 0x4000d39c: add ecx, eax 0x4000d39e: neg dword [ebp + (8)0xffffffbc] 0x4000d3a1: mov dword [ebp + (8)0xffffffc0], ecx 0x4000d3a4: lea esi, dword [esi + (32)0x ] 0x4000d3aa: lea edi, dword [edi + (32)0x ] 0x4000d3b0: mov esi, dword [ebp + (8)0xffffffb8] 0x4000d3b3: mov eax, dword [ebp + (8)0xffffffe8] 0x4000d3b6: mov esi, dword [eax + esi*4] 0x4000d3b9: mov dword [ebp + (8)0xffffffcc], esi 0x4000d3bc: mov edx, dword [esi + (32)0x000001d8] 0x4000d3c2: mov dword [ebp + (8)0xffffffe0], esi 0x4000d3c5: 0x4000d3c7: j(e,z) byte (8)0x x4000d3c9: 0x4000d3cb: 0x4000d3cd: j(e,z) byte (8)0x x4000d3cf: mov esi, dword [ebp + (8)0xffffffe8] 0x4000d3d2: mov ecx, dword [ebp + (8)0xffffffe4] 0x4000d3d5: lea ecx, dword [esi + ecx*4] 0x4000d3d8: mov dword [ebp + (8)0xffffffc4], ecx 0x4000d3db: mov esi, dword [ebp + (8)0xffffffb8] 0x4000d3de: mov ecx, dword [ebp + (8)0xffffffbc] 0x4000d3e1: lea esi, dword [ecx + esi*4] 0x4000d3e4: mov dword [ebp + (8)0xffffffb4], esi 0x4000d3e7: cmp eax, edi 0x4000d3e9: j(e,z) byte (8)0x x4000d3eb: nop 0x4000d3ec: lea esi, dword [esi + (8)0x ] 0x4000d3f0: add edx, (8)0x x4000d3f3: 0x4000d3f5: 0x4000d3f7: j(e,z) byte (8)0x x4000d3f9: cmp eax, edi 0x4000d3fb: j(ne,nz) byte (8)0xfffffff3 0x4000d370: inc dword [ebp + (8)0xffffffe4] 0x4000d373: mov esi, dword [ebp + (8)0xffffffe8] 0x4000d376: mov ecx, dword [ebp + (8)0xffffffe4] 0x4000d379: cmp dword [esi + ecx*4], edi 0x4000d37c: j(ne,nz) byte (8)0xfffffff2 0x4000d37e: mov eax, dword [ebp + (8)0xffffffe4] 0x4000d381: mov edx, dword [ebp + (8)0xffffffec] 0x4000d384: 0x4000d385: mov dword [ebp + (8)0xffffffb8], eax 0x4000d388: 0x4000d38a: j(nb,ae) dword (32)0x000000d0 0x4000d390: mov eax, dword [ebp + (8)0xffffffe4] 0x4000d393: mov ecx, dword [ebp + (8)0xffffffe8] 0x4000d396: shl eax, (8)0x x4000d399: mov dword [ebp + (8)0xffffffbc], eax 0x4000d39c: add ecx, eax 0x4000d39e: neg dword [ebp + (8)0xffffffbc] 0x4000d3a1: mov dword [ebp + (8)0xffffffc0], ecx 0x4000d3a4: lea esi, dword [esi + (32)0x ] 0x4000d3aa: lea edi, dword [edi + (32)0x ] 0x4000d3b0: mov esi, dword [ebp + (8)0xffffffb8] 0x4000d3b3: mov eax, dword [ebp + (8)0xffffffe8] 0x4000d3b6: mov esi, dword [eax + esi*4] 0x4000d3b9: mov dword [ebp + (8)0xffffffcc], esi 0x4000d3bc: mov edx, dword [esi + (32)0x000001d8] 0x4000d3c2: mov dword [ebp + (8)0xffffffe0], esi 0x4000d3c5: 0x4000d3c7: j(e,z) byte (8)0x x4000d460: mov edi, dword [edi + (8)0x c] 0x4000d463: 0x4000d465: j(ne,nz) dword (32)0xfffffee8 0x4000d46b: mov ecx, dword [ebp + (8)0xffffffc8] 0x4000d46e: 0x4000d471: call dword [ebx + (32)0x000002c4] 0x : 0x : 0x : mov eax, dword [ebp + (8)0x ] 0x : dec dword [eax + (8)0x ] 0x : 0x a: 0x4000d477: mov dword [ebp + (8)0xfffffff0], (32)0x x4000d47e: mov esi, dword [ebp + (8)0xffffffec] 0x4000d481: cmp dword [ebp + (8)0xfffffff0], esi 0x4000d484: j(b,nae) byte (8)0x x4000d4af: mov edx, dword [ebp + (8)0xffffffe8] 0x4000d4b2: mov eax, dword [ebp + (8)0xfffffff0] 0x4000d4b5: mov edi, dword [edx + eax*4] 0x4000d4b8: movzx edx, byte [edi + (32)0x ] 0x4000d4bf: test dl, (8)0x x4000d4c2: j(e,z) byte (8)0x x4000d4c4: jmp byte (8)0xffffffc5 0x4000d48b: mov al, dl 0x4000d48d: and al, (8)0x000000f7 0x4000d48f: mov byte [edi + (32)0x ], al 0x4000d495: mov eax, dword [edi + (8)0x ] 0x4000d498: 0x4000d49b: 0x4000d49d: j(ne,nz) byte (8)0x x4000d49f: test dl, (8)0x x4000d4a2: j(ne,nz) byte (8)0x x4000d4a4: inc dword [ebp + (8)0xfffffff0] 0x4000d4a7: mov edx, dword [ebp + (8)0xffffffec] 0x4000d4aa: cmp dword [ebp + (8)0xfffffff0], edx 0x4000d4ad: j(nb,ae) byte (8)0x e 0x4000d4af: mov edx, dword [ebp + (8)0xffffffe8] 0x4000d4b2: mov eax, dword [ebp + (8)0xfffffff0] 0x4000d4b5: mov edi, dword [edx + eax*4] 0x4000d4b8: movzx edx, byte [edi + (32)0x ] 0x4000d4bf: test dl, (8)0x x4000d4c2: j(e,z) byte (8)0x x4000d50c: dec dword [edi + (32)0x ] 0x4000d512: inc dword [ebp + (8)0xfffffff0] 0x4000d515: mov edx, dword [ebp + (8)0xffffffec] 0x4000d518: cmp dword [ebp + (8)0xfffffff0], edx 0x4000d51b: j(b,nae) byte (8)0xffffff92 0x4000d4c6: mov edx, dword [edi + (32)0x ] 0x4000d4cc: 0x4000d4ce: j(ne,nz) byte (8)0x x4000d4d0: mov esi, dword [edi + (8)0x c] 0x4000d4d3: 0x4000d4d5: j(e,z) byte (8)0xffffffcd 0x4000d4d7: test byte [ebx + (32)0xfffffcd4], (8)0x x4000d4de: j(ne,nz) dword (32)0x000000d2 0x4000d4e4: 0x4000d4e6: j(e,z) byte (8)0x d 0x4000d505: mov eax, dword [edi + (8)0x c] 0x4000d508: 0x4000d50a: j(ne,nz) byte (8)0x a 0x4000d4d7: test byte [ebx + (32)0xfffffcd4], (8)0x x4000d4de: j(ne,nz) dword (32)0x000000d2 0x4000d4e4: 0x4000d4e6: j(e,z) byte (8)0x d 0x4000d4e8: mov edx, dword [edx + (8)0x ] 0x4000d4eb: mov ecx, dword [edi] 0x4000d4ed: mov eax, dword [edi + (32)0x ] 0x4000d4f3: add edx, ecx 0x4000d4f5: mov dword [ebp + (8)0xffffffd0], edx 0x4000d4f8: mov esi, dword [eax + (8)0x ] 0x4000d4fb: shr esi, (8)0x x4000d4fe: 0x4000d500: dec esi 0x4000d501: 0x4000d503: j(ne,nz) byte (8)0x d 0x4000d4a4: inc dword [ebp + (8)0xfffffff0] 0x4000d4a7: mov edx, dword [ebp + (8)0xffffffec] 0x4000d4aa: cmp dword [ebp + (8)0xfffffff0], edx 0x4000d4ad: j(nb,ae) byte (8)0x e 0x4000d546: mov eax, dword [eax + (8)0x ] 0x4000d549: mov edx, dword [edi] 0x4000d54b: 0x4000d54d: call eax 0x : 0x : 0x : 0x : 0x d: 0x e: add ebx, (32)0x0000d48f 0x : 0x : call dword (32)0xfffdb886 0x4003d1f0: 0x4003d1f1: 0x4003d1f3: 0x4003d1f4: 0x4003d1f9: 0x4003d1fa: add ebx, (32)0x00031bf3 0x4003d200: 0x4003d201: cmp byte [ebx + (32)0x000034f4], (8)0x x4003d208: j(ne,nz) byte (8)0x x4003d20a: mov edx, dword [ebx + (32)0xffffffb4] 0x4003d210: 0x4003d212: j(ne,nz) byte (8)0x f 0x4003d243: 0x4003d246: mov eax, dword [ebx + (32)0x000004b4] 0x4003d24c: 0x4003d24d: call dword (32)0xfffffa32 0x4003cc84: jmp dword [ebx + (32)0x ] 0x4003cc8a: push (32)0x000006a8 0x4003cc8f: jmp dword (32)0xfffff290 0x4003bf24: push dword [ebx + (32)0x ] 0x4003bf2a: jmp dword [ebx + (32)0x ] 0x4009caa0: mov edi, dword [edi] 0x4009caa2: 0x4009caa4: j(ne,nz) byte (8)0xffffff9a 0x4009caa6: mov eax, dword [ebp + (8)0x ] 0x4009caa9: 0x4009caab: j(e,z) byte (8)0x b 0x4009caad: mov eax, dword [ebp + (8)0x ] 0x4009cab0: 0x4009cab3: call dword (32)0x x401363f0: 0x401363f1: 0x401363f3: 0x401363f4: 0x401363f6: 0x401363f7: 0x401363f8: 0x401363fb: call dword (32)0xfff x4009cab8: 0x4009cabb: 0x4009cabc: 0x4009cabd: 0x4009cabe: 0x4009cabf: 0x4003d252: 0x4003d255: jmp byte (8)0xffffffbd 0x4003d214: mov eax, dword [ebx + (32)0x000004b8] 0x4003d21a: mov edx, dword [eax] 0x4003d21c: 0x4003d21e: j(e,z) byte (8)0x x4003d237: mov byte [ebx + (32)0x000034f4], (8)0x x4003d23e: mov ebx, dword [ebp + (8)0xfffffffc] 0x4003d241: leave 0x4003d242: 0x a: pop ecx 0x b: 0x c: leave 0x d: 0x4000d54f: jmp byte (8)0xffffffbb 0x4000d532: mov eax, dword [ebp + (8)0xffffffd0] 0x4000d535: call dword [eax + esi*4] 0x : 0x : 0x : 0x : 0x : call dword (32)0x x4000d538: 0x4000d53a: dec esi 0x4000d53b: 0x4000d53d: j(ne,nz) byte (8)0xfffffff3 0x4000d53f: mov eax, dword [edi + (8)0x c] 0x4000d542: 0x4000d544: j(e,z) byte (8)0xffffffc6 0x4000d51d: cmp byte [ebx + (32)0xfffffcd4], (8)0x x4000d524: j(s) dword (32)0x000000b5 0x4000d52a: lea esp, dword [ebp + (8)0xfffffff4] 0x4000d52d: 0x4000d52e: 0x4000d52f: 0x4000d530: 0x4000d531: 0x4009c868: call dword [esi] 0x400d0cd0: 0x400d0cd1: 0x400d0cd3: 0x400d0cd4: 0x400d0cd5: 0x400d0cd6: 0x400d0cd9: call dword (32)0xfffb6c73 0x400d0820: 0x400d0821: 0x400d0823: 0x400d0825: 0x400d0826: 0x400d0827: 0x400d0828: sub esp, (8)0x x400d082b: call dword (32)0xfffb7121 0x400d08a5: mov esi, dword [ebx + (32)0x c] 0x400d08ab: mov eax, dword [ebx + (32)0x ] 0x400d08b1: 0x400d08b3: mov dword [ebp + (8)0xffffffdc], eax 0x400d08b6: j(ne,nz) byte (8)0x x400d08d1: mov dword [ebx + (32)0x c], esi 0x400d08d7: mov ecx, dword [ebp + (8)0x ] 0x400d08da: 0x400d08dc: j(e,z) byte (8)0x x400d0920: mov edx, dword [esi + (8)0x c] 0x400d0923: 0x400d0925: j(le,ng) dword (32)0x x400d0a50: mov eax, dword [esi + (8)0x ] 0x400d0a53: cmp dword [esi + (8)0x ], eax 0x400d0a56: j(be,na) dword (32)0xfffffecf 0x400d092b: movzx ecx, byte [esi + (8)0x ] 0x400d092f: 0x400d0931: j(ne,nz) byte (8)0x d 0x400d0933: 0x400d0935: j(le,ng) byte (8)0x x400d0970: mov eax, dword [ebp + (8)0x ] 0x400d0973: 0x400d0975: j(e,z) byte (8)0x x400d09b0: 0x400d09b2: mov dword [ebx + (32)0x c], eax 0x400d09b8: mov eax, dword [ebx + (32)0x ] 0x400d09be: cmp dword [ebp + (8)0xffffffdc], eax 0x400d09c1: j(ne,nz) dword (32)0xfffffef9 0x400d09c7: mov esi, dword [esi + (8)0x ] 0x400d09ca: 0x400d09cc: j(ne,nz) dword (32)0xfffffeff 0x400d0a20: mov esi, dword [ebp + (8)0xffffffd8] 0x400d0a23: 0x400d0a25: j(ne,nz) byte (8)0x e 0x400d0a27: mov eax, dword [ebp + (8)0xffffffe0] 0x400d0a2a: add esp, (8)0x x400d0a2d: 0x400d0a2e: 0x400d0a2f: 0x400d0a30: 0x400d0a31: 0x400d0cf0: mov esi, dword [ebx + (32)0x c] 0x400d0cf6: 0x400d0cf8: 0x400d0cfa: j(e,z) byte (8)0x x400d0cfc: lea esi, dword [esi + (8)0x ] 0x400d0d00: 0x400d0d02: test al, (8)0x x400d0d04: j(ne,nz) byte (8)0x a 0x400d0d06: and eax, (32)0x x400d0d0b: cmp eax, (8)0x x400d0d0e: j(e,z) byte (8)0x x400d0d20: mov dword [esi + (8)0x c], (32)0xffffffff 0x400d0d27: mov esi, dword [esi + (8)0x ] 0x400d0d2a: 0x400d0d2c: j(ne,nz) byte (8)0xffffffd2 0x400d0d00: 0x400d0d02: test al, (8)0x x400d0d04: j(ne,nz) byte (8)0x a 0x4009c86a: add esi, (8)0x x4009c86d: cmp esi, edi 0x4009c86f: j(b,nae) byte (8)0xfffffff7 0x4009c871: jmp byte (8)0xffffffea 0x400d0d38: movsx eax, byte [esi + (8)0x ] 0x400d0d3c: 0x400d0d3e: 0x400d0d40: mov eax, dword [eax + esi + (32)0x ] 0x400d0d47: mov dword [esp + (8)0x ], ecx 0x400d0d4b: mov dword [esp + (8)0x ], edx 0x400d0d4f: 0x400d0d52: call dword [eax + (8)0x c] 0x400cf6d0: 0x400cf6d1: 0x400cf6d3: 0x400cf6d4: 0x400cf6d5: 0x400cf6d8: mov eax, dword [ebp + (8)0x ] 0x400cf6db: mov esi, dword [ebp + (8)0x ] 0x400cf6de: call dword (32)0xfffb826e 0x400d16c0: 0x400d16c1: 0x400d16c3: sub esp, (8)0x c 0x400d16c6: mov dword [ebp + (8)0xfffffff8], esi 0x400d16c9: mov esi, dword [ebp + (8)0x ] 0x400d16cc: mov dword [ebp + (8)0xfffffff4], ebx 0x400d16cf: mov dword [ebp + (8)0xfffffffc], edi 0x400d16d2: mov edi, dword [ebp + (8)0x c] 0x400d16d5: movsx eax, byte [esi + (8)0x ] 0x400d16d9: call dword (32)0xfffb6273 0x400cf6fc: 0x400cf6fe: 0x400cf700: j(e,z) byte (8)0x x400cf702: mov eax, dword [esi + (8)0x c] 0x400cf705: mov edx, esi 0x400cf707: mov dword [esi + (8)0x ], eax 0x400cf70a: mov dword [esi + (8)0x ], eax 0x400cf70d: mov dword [esi + (8)0x ], eax 0x400cf710: mov dword [esi + (8)0x c], eax 0x400cf713: mov dword [esi + (8)0x ], eax 0x400cf716: mov dword [esi + (8)0x ], eax 0x400cf719: 0x400cf71c: 0x400cf71e: 0x400cf71f: 0x400cf720: 0x400cf721: 0x400d0d55: jmp byte (8)0xffffffc9 0x4009c85d: mov eax, dword [ebp + (8)0x ] 0x4009c860: 0x4009c863: call dword (32)0x0005d61c 0x400f9e84: mov ebx, dword [esp + (8)0x ] 0x400f9e88: mov eax, (32)0x000000fc 0x400f9e8d: Figure 5: Basic blocks from the top process.